* [PATCH 6.3 000/187] 6.3.9-rc1 review
@ 2023-06-19 10:26 Greg Kroah-Hartman
2023-06-19 10:26 ` [PATCH 6.3 001/187] x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed Greg Kroah-Hartman
` (198 more replies)
0 siblings, 199 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, linux-kernel, torvalds, akpm, linux,
shuah, patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow
This is the start of the stable review cycle for the 6.3.9 release.
There are 187 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Wed, 21 Jun 2023 10:21:12 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.3.9-rc1.gz
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.3.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Linux 6.3.9-rc1
Ming Lei <ming.lei@redhat.com>
blk-cgroup: Flush stats before releasing blkcg_gq
Bob Pearson <rpearsonhpe@gmail.com>
scsi: target: core: Fix error path in target_setup_session()
Leon Romanovsky <leon@kernel.org>
neighbour: delete neigh_lookup_nodev as not used
Konrad Dybcio <konrad.dybcio@linaro.org>
arm64: dts: qcom: sm8550: Use the correct LLCC register scheme
Ben Hutchings <benh@debian.org>
parisc: Delete redundant register definitions in <asm/assembly.h>
David Howells <dhowells@redhat.com>
afs: Fix vlserver probe RTT handling
Jiasheng Jiang <jiasheng@iscas.ac.cn>
octeon_ep: Add missing check for ioremap
Alex Maftei <alex.maftei@amd.com>
selftests/ptp: Fix timestamp printf format for PTP_SYS_OFFSET
Lin Ma <linma@zju.edu.cn>
net: tipc: resize nlattr array to correct size
Li Lingfeng <lilingfeng3@huawei.com>
dm: don't lock fs when the map is NULL during suspend or resume
Íñigo Huguet <ihuguet@redhat.com>
sfc: fix XDP queues mode with legacy IRQ
Fedor Pchelkin <pchelkin@ispras.ru>
net: macsec: fix double free of percpu stats
Eric Dumazet <edumazet@google.com>
net: lapbether: only support ethernet devices
Vladimir Oltean <vladimir.oltean@nxp.com>
net: dsa: felix: fix taprio guard band overflow at 10Mbps with jumbo frames
Vlad Buslov <vladbu@nvidia.com>
net/sched: cls_api: Fix lockup on flushing explicitly created chain
Jakub Buchocki <jakubx.buchocki@intel.com>
ice: Fix ice module unload
Fabio M. De Francesco <fmdefrancesco@gmail.com>
ext4: drop the call to ext4_error() from ext4_get_group_info()
Mauro Carvalho Chehab <mchehab@kernel.org>
Revert "media: dvb-core: Fix use-after-free on race condition at dvb_frontend"
Bob Pearson <rpearsonhpe@gmail.com>
RDMA/rxe: Fix rxe_cq_post
Steve French <stfrench@microsoft.com>
cifs: fix lease break oops in xfstest generic/098
Danielle Ratson <danieller@nvidia.com>
selftests: forwarding: hw_stats_l3: Set addrgenmode in a separate step
Peilin Ye <peilin.ye@bytedance.com>
net/sched: qdisc_destroy() old ingress and clsact Qdiscs before grafting
Peilin Ye <peilin.ye@bytedance.com>
net/sched: Refactor qdisc_graft() for ingress and clsact Qdiscs
Paul Blakey <paulb@nvidia.com>
net/sched: act_ct: Fix promotion of offloaded unreplied tuple
Vlad Buslov <vladbu@nvidia.com>
selftests/tc-testing: Fix SFB db test
Vlad Buslov <vladbu@nvidia.com>
selftests/tc-testing: Fix Error: failed to find target LOG
Vlad Buslov <vladbu@nvidia.com>
selftests/tc-testing: Fix Error: Specified qdisc kind is unknown.
Dan Carpenter <dan.carpenter@linaro.org>
net: ethernet: ti: am65-cpsw: Call of_node_put() on error path
Natalia Petrova <n.petrova@fintech.ru>
drm/nouveau: add nv_encoder pointer check for NULL
Natalia Petrova <n.petrova@fintech.ru>
drm/nouveau/dp: check for NULL nv_connector->native_mode
Su Hui <suhui@nfschina.com>
drm/bridge: ti-sn65dsi86: Avoid possible buffer overflow
Ratchanan Srirattanamet <peathot@hotmail.com>
drm/nouveau: don't detect DSM for non-NVIDIA device
Maxime Chevallier <maxime.chevallier@bootlin.com>
net: phylink: use a dedicated helper to parse usgmii control word
Maxime Chevallier <maxime.chevallier@bootlin.com>
net: phylink: report correct max speed for QUSGMII
Aleksandr Loktionov <aleksandr.loktionov@intel.com>
igb: fix nvm.ops.read() error handling
Vinicius Costa Gomes <vinicius.gomes@intel.com>
igc: Fix possible system crash when loading module
Muhammad Husaini Zulkifli <muhammad.husaini.zulkifli@intel.com>
igc: Clean the TX buffer and TX descriptor ring
Dan Carpenter <dan.carpenter@linaro.org>
sctp: fix an error code in sctp_sf_eat_auth()
Hangbin Liu <liuhangbin@gmail.com>
ipvlan: fix bound dev checking for IPv6 l3s mode
Benjamin Berg <benjamin.berg@intel.com>
wifi: mac80211: fragment per STA profile correctly
Jakub Kicinski <kuba@kernel.org>
net: ethtool: correct MAX attribute value for stats
Saravanan Vajravel <saravanan.vajravel@broadcom.com>
IB/isert: Fix incorrect release of isert connection
Saravanan Vajravel <saravanan.vajravel@broadcom.com>
IB/isert: Fix possible list corruption in CMA handler
Saravanan Vajravel <saravanan.vajravel@broadcom.com>
IB/isert: Fix dead lock in ib_isert
Mark Bloch <mbloch@nvidia.com>
RDMA/mlx5: Fix affinity assignment
Yishai Hadas <yishaih@nvidia.com>
IB/uverbs: Fix to consider event queue closing also upon non-blocking mode
Mark Zhang <markzhang@nvidia.com>
RDMA/cma: Always set static rate to 0 for RoCE
Mark Bloch <mbloch@nvidia.com>
RDMA/mlx5: Create an indirect flow table for steering anchor
Maher Sanalla <msanalla@nvidia.com>
RDMA/mlx5: Initiate dropless RQ for RAW Ethernet functions
Nithin Dabilpuram <ndabilpuram@marvell.com>
octeontx2-af: fix lbk link credits on cn10k
Satha Rao <skoteshwar@marvell.com>
octeontx2-af: fixed resource availability check
Ahmed Zaki <ahmed.zaki@intel.com>
iavf: remove mask from iavf_irq_enable_queues()
Zhu Yanjun <yanjun.zhu@linux.dev>
RDMA/rxe: Fix the use-before-initialization error of resp_pkts
Benjamin Berg <benjamin.berg@intel.com>
wifi: mac80211: take lock before setting vif links
Benjamin Berg <benjamin.berg@intel.com>
wifi: cfg80211: fix link del callback to call correct handler
Johannes Berg <johannes.berg@intel.com>
wifi: mac80211: fix link activation settings order
Lee Jones <lee@kernel.org>
net/sched: cls_u32: Fix reference counter leak leading to overflow
Zhengchao Shao <shaozhengchao@huawei.com>
net/sched: taprio: fix slab-out-of-bounds Read in taprio_dequeue_from_txq
Ratheesh Kannoth <rkannoth@marvell.com>
octeontx2-af: Fix promiscuous mode
Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
net: renesas: rswitch: Fix timestamp feature after all descriptors are used
Max Tottenham <mtottenh@akamai.com>
net/sched: act_pedit: Parse L3 Header for L4 offset
Pedro Tammela <pctammela@mojatatu.com>
net/sched: act_pedit: remove extra check for key type
Yuezhen Luan <eggcar.luan@gmail.com>
igb: Fix extts capture value format for 82580/i354/i350
Guillaume Nault <gnault@redhat.com>
ping6: Fix send to link-local addresses with VRF.
Wei Fang <wei.fang@nxp.com>
net: enetc: correct the indexes of highest and 2nd highest TCs
Pablo Neira Ayuso <pablo@netfilter.org>
netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE
Kamil Maziarz <kamil.maziarz@intel.com>
ice: Fix XDP memory leak when NIC is brought up and down
Simon Horman <horms@kernel.org>
ice: Don't dereference NULL in ice_gnss_read error path
Michal Schmidt <mschmidt@redhat.com>
ice: do not busy-wait to read GNSS data
Pablo Neira Ayuso <pablo@netfilter.org>
netfilter: nfnetlink: skip error delivery on batch in case of ENOMEM
Pablo Neira Ayuso <pablo@netfilter.org>
netfilter: nf_tables: integrate pipapo into commit protocol
Abel Vesa <abel.vesa@linaro.org>
regulator: qcom-rpmh: Fix regulators for PM8550
Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
regulator: qcom-rpmh: add support for pmm8654au regulators
Vladimir Oltean <vladimir.oltean@nxp.com>
spi: fsl-dspi: avoid SCK glitches with continuous transfers
Jiasheng Jiang <jiasheng@iscas.ac.cn>
spi: cadence-quadspi: Add missing check for dma_set_mask
Kamal Heib <kheib@redhat.com>
RDMA/bnxt_re: Fix reporting active_{speed,width} attributes
Bob Pearson <rpearsonhpe@gmail.com>
RDMA/rxe: Fix ref count error in check_rkey()
Bob Pearson <rpearsonhpe@gmail.com>
RDMA/rxe: Fix packet length checks
Li Zhijian <lizhijian@fujitsu.com>
RDMA/rtrs: Fix rxe_dealloc_pd warning
Li Zhijian <lizhijian@fujitsu.com>
RDMA/rtrs: Fix the last iu->buf leak in err path
Elson Roy Serrao <quic_eserrao@quicinc.com>
usb: dwc3: gadget: Reset num TRBs before giving back the request
Johan Hovold <johan+linaro@kernel.org>
USB: dwc3: fix use-after-free on core driver unbind
Johan Hovold <johan+linaro@kernel.org>
USB: dwc3: qcom: fix NULL-deref on suspend
Biju Das <biju.das.jz@bp.renesas.com>
usb: gadget: udc: renesas_usb3: Fix RZ/V2M {modprobe,bind} error
Badhri Jagan Sridharan <badhri@google.com>
usb: gadget: udc: core: Prevent soft_connect_store() race
Badhri Jagan Sridharan <badhri@google.com>
usb: gadget: udc: core: Offload usb_udc_vbus_handler processing
Pavan Holla <pholla@chromium.org>
usb: typec: Fix fast_role_swap_current show function
Heikki Krogerus <heikki.krogerus@linux.intel.com>
usb: typec: ucsi: Fix command cancellation
Robert Hodaszi <robert.hodaszi@digi.com>
tty: serial: fsl_lpuart: reduce RX watermark to 0 on LS1028A
Bernhard Seibold <mail@bernhard-seibold.de>
serial: lantiq: add missing interrupt ack
Jerry Meng <jerry-meng@foxmail.com>
USB: serial: option: add Quectel EM061KGL series
Arnd Bergmann <arnd@arndb.de>
clk: pxa: fix NULL pointer dereference in pxa3xx_clk_update_accr
Mika Westerberg <mika.westerberg@linux.intel.com>
thunderbolt: Mask ring interrupt on Intel hardware as well
Mika Westerberg <mika.westerberg@linux.intel.com>
thunderbolt: dma_test: Use correct value for absent rings when creating paths
Mika Westerberg <mika.westerberg@linux.intel.com>
thunderbolt: Do not touch CL state configuration during discovery
Mika Westerberg <mika.westerberg@linux.intel.com>
thunderbolt: Increase DisplayPort Connection Manager handshake timeout
Edson Juliano Drosdeck <edson.drosdeck@gmail.com>
ALSA: hda/realtek: Add a quirk for Compaq N14JP6
Jiadong Zhu <Jiadong.Zhu@amd.com>
drm/amdgpu: Modify indirect buffer packages for resubmission
Jiadong Zhu <Jiadong.Zhu@amd.com>
drm/amdgpu: Implement gfx9 patch functions for resubmission
Jiadong Zhu <Jiadong.Zhu@amd.com>
drm/amdgpu: Program gds backup address as zero if no gds allocated
Jiadong Zhu <Jiadong.Zhu@amd.com>
drm/amdgpu: Reset CP_VMID_PREEMPT after trailing fence signaled
Alex Deucher <alexander.deucher@amd.com>
drm/amdgpu: add missing radeon secondary PCI ID
Kenneth Feng <kenneth.feng@amd.com>
drm/amd/pm: workaround for compute workload type on some skus
Mario Limonciello <mario.limonciello@amd.com>
drm/amd: Tighten permissions on VBIOS flashing attributes
Mario Limonciello <mario.limonciello@amd.com>
drm/amd: Make sure image is written to trigger VBIOS image update flow
Hersen Wu <hersenxs.wu@amd.com>
drm/amd/display: edp do not add non-edid timings
Peichen Huang <peichen.huang@amd.com>
drm/amd/display: limit DPIA link rate to HBR3
Wes Huang <wes.huang@moxa.com>
net: usb: qmi_wwan: add support for Compal RXM-G1
Sonny Jiang <sonjiang@amd.com>
drm/amdgpu: vcn_4_0 set instance 0 init sched score to 1
Edward Srouji <edwards@nvidia.com>
RDMA/uverbs: Restrict usage of privileged QKEYs
Haibo Li <haibo.li@mediatek.com>
mm/gup_test: fix ioctl fail for compat task
Dave Airlie <airlied@redhat.com>
nouveau: fix client work fence deletion race
Christian Marangi <ansuelsmth@gmail.com>
net: ethernet: stmicro: stmmac: fix possible memory leak in __stmmac_open
Mike Snitzer <snitzer@kernel.org>
dm thin: fix issue_discard to pass GFP_NOIO to __blkdev_issue_discard
Li Lingfeng <lilingfeng3@huawei.com>
dm thin metadata: check fail_io before using data_sm
Julian Ruess <julianr@linux.ibm.com>
s390/ism: Fix trying to free already-freed IRQ by repeated ism_dev_exit()
Lukasz Tyl <ltyl@hem-e.com>
ALSA: usb-audio: Add quirk flag for HEM devices to enable native DSD playback
Takashi Iwai <tiwai@suse.de>
ALSA: usb-audio: Fix broken resume due to UAC3 power state
Chris Mason <clm@fb.com>
btrfs: can_nocow_file_extent should pass down args->strict from callers
Christoph Hellwig <hch@lst.de>
btrfs: fix iomap_begin length for nocow writes
Qu Wenruo <wqu@suse.com>
btrfs: do not ASSERT() on duplicated global roots
Chris Mason <clm@fb.com>
btrfs: properly enable async discard when switching from RO->RW
Qu Wenruo <wqu@suse.com>
btrfs: subpage: fix a crash in metadata repair path
Ricardo Ribalda <ribalda@chromium.org>
powerpc/purgatory: remove PGO flags
Ricardo Ribalda <ribalda@chromium.org>
riscv/purgatory: remove PGO flags
Ricardo Ribalda <ribalda@chromium.org>
x86/purgatory: remove PGO flags
Ricardo Ribalda <ribalda@chromium.org>
kexec: support purgatories with .text.hot sections
Arunpravin Paneer Selvam <Arunpravin.PaneerSelvam@amd.com>
Revert "drm/amdgpu: remove TOPDOWN flags when allocating VRAM in large bar system"
Jens Axboe <axboe@kernel.dk>
io_uring/net: save msghdr->msg_control for retries
Huacai Chen <chenhuacai@kernel.org>
LoongArch: Fix perf event id calculation
Immad Mir <mirimmad17@gmail.com>
LoongArch: Fix debugfs_create_dir() error checking
Ryusuke Konishi <konishi.ryusuke@gmail.com>
nilfs2: reject devices with insufficient block count
Ryusuke Konishi <konishi.ryusuke@gmail.com>
nilfs2: fix possible out-of-bounds segment allocation in resize ioctl
Ryusuke Konishi <konishi.ryusuke@gmail.com>
nilfs2: fix incomplete buffer cleanup in nilfs_btnode_abort_change_key()
Peter Xu <peterx@redhat.com>
mm/uffd: fix vma operation where start addr cuts part of vma
Janne Grunau <j@jannau.net>
nios2: dts: Fix tse_mac "max-frame-size" property
Kefeng Wang <wangkefeng.wang@huawei.com>
mm/damon/core: fix divide error in damon_nr_accesses_to_accesses_bp()
Nhat Pham <nphamcs@gmail.com>
zswap: do not shrink if cgroup may not zswap
Luís Henriques <ocfs2-devel@oss.oracle.com>
ocfs2: check new file size on fallocate call
Luís Henriques <ocfs2-devel@oss.oracle.com>
ocfs2: fix use-after-free when unmounting read-only filesystem
Benjamin Segall <bsegall@google.com>
epoll: ep_autoremove_wake_function should use list_del_init_careful
Dan Carpenter <dan.carpenter@linaro.org>
wifi: cfg80211: fix double lock bug in reg_wdev_chan_valid()
Johannes Berg <johannes.berg@intel.com>
wifi: cfg80211: fix locking in regulatory disconnect
Marc Zyngier <maz@kernel.org>
irqchip/gic: Correctly validate OF quirk descriptors
Tatsuki Sugiura <sugi@nemui.org>
NVMe: Add MAXIO 1602 to bogus nid list.
Wenwen Chen <wenwen.chen@samsung.com>
io_uring: unlock sqd->lock before sq thread release CPU
Sukrut Bellary <sukrut.bellary@linux.com>
drm:amd:amdgpu: Fix missing buffer object unlock in failure path
Ross Lagerwall <ross.lagerwall@citrix.com>
xen/blkfront: Only check REQ_FUA for writes
Maxim Kochetkov <fido_max@inbox.ru>
ASoC: dwc: move DMA init to snd_soc_dai_driver probe()
Stefan Binding <sbinding@opensource.cirrus.com>
ASoC: cs35l41: Fix default regmap values for some registers
Liviu Dudau <liviu@dudau.co.uk>
mips: Move initrd_start check after initrd address sanitisation.
Manuel Lauss <manuel.lauss@gmail.com>
MIPS: Alchemy: fix dbdma2
Manuel Lauss <manuel.lauss@gmail.com>
MIPS: Restore Au1300 support
Manuel Lauss <manuel.lauss@gmail.com>
MIPS: unhide PATA_PLATFORM
Gao Xiang <xiang@kernel.org>
erofs: use HIPRI by default if per-cpu kthreads are enabled
Helge Deller <deller@gmx.de>
parisc: Flush gatt writes and adjust gatt mask in parisc_agp_mask_memory()
Helge Deller <deller@gmx.de>
parisc: Improve cache flushing for PCXL in arch_sync_dma_for_cpu()
Amadeusz Sławiński <amadeuszx.slawinski@linux.intel.com>
ASoC: Intel: avs: Add missing checks on FE startup
Amadeusz Sławiński <amadeuszx.slawinski@linux.intel.com>
ASoC: Intel: avs: Fix avs_path_module::instance_id size
Cezary Rojewski <cezary.rojewski@intel.com>
ASoC: Intel: avs: Account for UID of ACPI device
Alejandro Lucero <alejandro.lucero-palau@amd.com>
sfc: fix devlink info error handling
Ranjani Sridharan <ranjani.sridharan@linux.intel.com>
ASoC: soc-pcm: test if a BE can be prepared
Johannes Thumshirn <johannes.thumshirn@wdc.com>
btrfs: handle memory allocation failure in btrfs_csum_one_bio
Qu Wenruo <wqu@suse.com>
btrfs: scrub: try harder to mark RAID56 block groups read-only
Maya Matuszczyk <maccraft123mc@gmail.com>
drm: panel-orientation-quirks: Change Air's quirk to support Air Plus
Mario Limonciello <mario.limonciello@amd.com>
power: supply: Fix logic checking if system is running from battery
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
irqchip/meson-gpio: Mark OF related data as maybe unused
Douglas Anderson <dianders@chromium.org>
irqchip/gic-v3: Disable pseudo NMIs on Mediatek devices w/ firmware issues
Osama Muhammad <osmtendev@gmail.com>
regulator: Fix error checking for debugfs_create_dir
Alexandru Sorodoc <ealex95@gmail.com>
platform/x86: asus-wmi: Ignore WMI events with codes 0x7B, 0xC0
Mika Westerberg <mika.westerberg@linux.intel.com>
PCI/DPC: Quirk PIO log size for Intel Ice Lake Root Ports
Marek Vasut <marex@denx.de>
power: supply: Ratelimit no data debug output
Mirsad Todorovac <mirsad.todorovac@alu.unizg.hr>
selftests: gpio: gpio-sim: Fix BUG: test FAILED due to recent change
Milo Spadacini <milo.spadacini@gmail.com>
tools: gpio: fix debounce_period_us output of lsgpio
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
arm64: dts: arm: add missing cache properties
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
ARM: dts: vexpress: add missing cache properties
Hans de Goede <hdegoede@redhat.com>
power: supply: bq27xxx: Use mod_delayed_work() instead of cancel() + schedule()
Hans de Goede <hdegoede@redhat.com>
power: supply: sc27xx: Fix external_power_changed race
Hans de Goede <hdegoede@redhat.com>
power: supply: ab8500: Fix external_power_changed race
Kunihiko Hayashi <hayashi.kunihiko@socionext.com>
of: overlay: Fix missing of_node_put() in error case of init_overlay_changeset()
Namjae Jeon <linkinjeon@kernel.org>
ksmbd: validate smb request protocol id
Manivannan Sadhasivam <mani@kernel.org>
EDAC/qcom: Get rid of hardcoded register offsets
Manivannan Sadhasivam <mani@kernel.org>
qcom: llcc/edac: Fix the base address used for accessing LLCC banks
Qi Zheng <zhengqi.arch@bytedance.com>
cgroup: fix missing cpus_read_{lock,unlock}() in cgroup_transfer_tasks()
John Sperbeck <jsperbeck@google.com>
cgroup: always put cset in cgroup_css_set_put_fork
Kamalesh Babulal <kamalesh.babulal@oracle.com>
cgroup: bpf: use cgroup_lock()/cgroup_unlock() wrappers
Tom Lendacky <thomas.lendacky@amd.com>
x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed
-------------
Diffstat:
Makefile | 4 +-
arch/arm/boot/dts/vexpress-v2p-ca5s.dts | 1 +
arch/arm64/boot/dts/arm/foundation-v8.dtsi | 1 +
arch/arm64/boot/dts/arm/rtsm_ve-aemv8a.dts | 1 +
.../boot/dts/arm/vexpress-v2f-1xv7-ca53x2.dts | 1 +
arch/arm64/boot/dts/qcom/sm8550.dtsi | 11 +-
arch/loongarch/kernel/perf_event.c | 6 +-
arch/loongarch/kernel/unaligned.c | 2 +-
arch/mips/Kconfig | 1 +
arch/mips/alchemy/common/dbdma.c | 27 +-
arch/mips/kernel/cpu-probe.c | 5 +
arch/mips/kernel/setup.c | 9 +-
arch/nios2/boot/dts/10m50_devboard.dts | 2 +-
arch/nios2/boot/dts/3c120_devboard.dts | 2 +-
arch/parisc/include/asm/assembly.h | 4 -
arch/parisc/kernel/pci-dma.c | 18 +-
arch/powerpc/purgatory/Makefile | 5 +
arch/riscv/purgatory/Makefile | 5 +
arch/x86/kernel/head_64.S | 18 +-
arch/x86/purgatory/Makefile | 5 +
block/blk-cgroup.c | 40 ++-
drivers/block/xen-blkfront.c | 3 +-
drivers/char/agp/parisc-agp.c | 15 +-
drivers/clk/pxa/clk-pxa3xx.c | 2 +-
drivers/edac/qcom_edac.c | 122 +++++----
drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 1 +
drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 2 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 7 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c | 18 ++
drivers/gpu/drm/amd/amdgpu/amdgpu_ring.h | 9 +
drivers/gpu/drm/amd/amdgpu/amdgpu_ring_mux.c | 60 +++++
drivers/gpu/drm/amd/amdgpu/amdgpu_ring_mux.h | 15 ++
drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c | 4 +-
drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 105 +++++++-
drivers/gpu/drm/amd/amdgpu/vcn_v4_0.c | 6 +-
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 8 +-
.../gpu/drm/amd/display/dc/link/link_detection.c | 5 +
.../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c | 33 ++-
drivers/gpu/drm/bridge/ti-sn65dsi86.c | 4 +
drivers/gpu/drm/drm_panel_orientation_quirks.c | 2 +-
drivers/gpu/drm/nouveau/nouveau_acpi.c | 3 +
drivers/gpu/drm/nouveau/nouveau_connector.c | 7 +-
drivers/gpu/drm/nouveau/nouveau_drm.c | 14 +-
drivers/infiniband/core/cma.c | 4 +-
drivers/infiniband/core/uverbs_cmd.c | 7 +-
drivers/infiniband/core/uverbs_main.c | 12 +-
drivers/infiniband/hw/bnxt_re/bnxt_re.h | 2 -
drivers/infiniband/hw/bnxt_re/ib_verbs.c | 7 +-
drivers/infiniband/hw/bnxt_re/main.c | 2 -
drivers/infiniband/hw/mlx5/fs.c | 276 ++++++++++++++++++++-
drivers/infiniband/hw/mlx5/fs.h | 16 ++
drivers/infiniband/hw/mlx5/main.c | 3 +
drivers/infiniband/hw/mlx5/mlx5_ib.h | 14 ++
drivers/infiniband/hw/mlx5/qp.c | 3 +
drivers/infiniband/sw/rxe/rxe_cq.c | 4 +-
drivers/infiniband/sw/rxe/rxe_net.c | 6 +
drivers/infiniband/sw/rxe/rxe_qp.c | 7 +-
drivers/infiniband/sw/rxe/rxe_resp.c | 3 +-
drivers/infiniband/ulp/isert/ib_isert.c | 16 +-
drivers/infiniband/ulp/rtrs/rtrs-clt.c | 55 ++--
drivers/infiniband/ulp/rtrs/rtrs.c | 4 +-
drivers/irqchip/irq-gic-common.c | 10 +-
drivers/irqchip/irq-gic-common.h | 1 +
drivers/irqchip/irq-gic-v3.c | 20 ++
drivers/irqchip/irq-meson-gpio.c | 2 +-
drivers/md/dm-ioctl.c | 5 +-
drivers/md/dm-thin-metadata.c | 20 +-
drivers/md/dm-thin.c | 3 +-
drivers/md/dm.c | 4 +
drivers/media/dvb-core/dvb_frontend.c | 53 +---
drivers/net/dsa/ocelot/felix_vsc9959.c | 2 +-
drivers/net/ethernet/freescale/enetc/enetc_qos.c | 4 +-
drivers/net/ethernet/intel/iavf/iavf.h | 2 +-
drivers/net/ethernet/intel/iavf/iavf_main.c | 15 +-
drivers/net/ethernet/intel/iavf/iavf_register.h | 2 +-
drivers/net/ethernet/intel/ice/ice_gnss.c | 50 ++--
drivers/net/ethernet/intel/ice/ice_gnss.h | 3 +-
drivers/net/ethernet/intel/ice/ice_main.c | 20 +-
drivers/net/ethernet/intel/igb/igb_ethtool.c | 3 +
drivers/net/ethernet/intel/igb/igb_main.c | 8 +-
drivers/net/ethernet/intel/igc/igc_main.c | 12 +-
.../net/ethernet/marvell/octeon_ep/octep_main.c | 7 +-
.../net/ethernet/marvell/octeontx2/af/rvu_nix.c | 7 +-
.../ethernet/marvell/octeontx2/af/rvu_npc_hash.c | 29 +--
.../net/ethernet/mellanox/mlx5/core/mlx5_core.h | 12 -
drivers/net/ethernet/renesas/rswitch.c | 36 +--
drivers/net/ethernet/sfc/efx_channels.c | 2 +
drivers/net/ethernet/sfc/efx_devlink.c | 95 ++++---
drivers/net/ethernet/sfc/siena/efx_channels.c | 2 +
drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 9 +-
drivers/net/ethernet/ti/am65-cpsw-nuss.c | 2 +-
drivers/net/ipvlan/ipvlan_l3s.c | 4 +
drivers/net/macsec.c | 12 +-
drivers/net/phy/phylink.c | 41 ++-
drivers/net/usb/qmi_wwan.c | 2 +
drivers/net/wan/lapbether.c | 3 +
drivers/nvme/host/pci.c | 2 +
drivers/of/overlay.c | 1 +
drivers/pci/quirks.c | 9 +-
drivers/platform/x86/asus-nb-wmi.c | 2 +
drivers/power/supply/ab8500_btemp.c | 6 +-
drivers/power/supply/ab8500_fg.c | 6 +-
drivers/power/supply/bq27xxx_battery.c | 6 +-
drivers/power/supply/power_supply_core.c | 8 +-
drivers/power/supply/power_supply_sysfs.c | 3 +-
drivers/power/supply/sc27xx_fuel_gauge.c | 9 +-
drivers/regulator/core.c | 4 +-
drivers/regulator/qcom-rpmh-regulator.c | 85 +++++--
drivers/s390/net/ism_drv.c | 8 -
drivers/soc/qcom/llcc-qcom.c | 72 +++---
drivers/spi/spi-cadence-quadspi.c | 7 +-
drivers/spi/spi-fsl-dspi.c | 15 ++
drivers/target/target_core_transport.c | 2 +
drivers/thunderbolt/dma_test.c | 8 +-
drivers/thunderbolt/nhi.c | 11 +-
drivers/thunderbolt/tb.c | 17 +-
drivers/thunderbolt/tunnel.c | 2 +-
drivers/tty/serial/fsl_lpuart.c | 2 +-
drivers/tty/serial/lantiq.c | 1 +
drivers/usb/dwc3/core.c | 5 +
drivers/usb/dwc3/dwc3-qcom.c | 11 +-
drivers/usb/dwc3/gadget.c | 1 +
drivers/usb/gadget/udc/core.c | 180 ++++++++++----
drivers/usb/gadget/udc/renesas_usb3.c | 4 +-
drivers/usb/serial/option.c | 16 ++
drivers/usb/typec/pd.c | 2 +-
drivers/usb/typec/ucsi/ucsi.c | 11 +-
fs/afs/vl_probe.c | 4 +-
fs/btrfs/block-group.c | 14 +-
fs/btrfs/disk-io.c | 19 +-
fs/btrfs/file-item.c | 4 +-
fs/btrfs/inode.c | 20 +-
fs/btrfs/scrub.c | 9 +-
fs/btrfs/super.c | 6 +
fs/cifs/file.c | 8 +-
fs/erofs/Kconfig | 1 +
fs/erofs/zdata.c | 2 -
fs/eventpoll.c | 6 +-
fs/ext4/balloc.c | 20 +-
fs/ksmbd/connection.c | 5 +-
fs/ksmbd/smb_common.c | 14 +-
fs/nilfs2/btnode.c | 12 +-
fs/nilfs2/sufile.c | 9 +
fs/nilfs2/the_nilfs.c | 43 +++-
fs/ocfs2/file.c | 8 +-
fs/ocfs2/super.c | 6 +-
fs/userfaultfd.c | 5 +
include/linux/mlx5/driver.h | 12 +
include/linux/soc/qcom/llcc-qcom.h | 12 +-
include/media/dvb_frontend.h | 6 +-
include/net/neighbour.h | 2 -
include/net/netfilter/nf_flow_table.h | 2 +-
include/net/netfilter/nf_tables.h | 4 +-
include/net/sch_generic.h | 8 +
include/rdma/ib_addr.h | 23 --
include/sound/soc-acpi.h | 1 +
include/sound/soc-dpcm.h | 4 +
include/uapi/linux/ethtool_netlink.h | 2 +-
io_uring/net.c | 8 +-
io_uring/sqpoll.c | 6 +-
kernel/bpf/cgroup.c | 38 +--
kernel/bpf/cgroup_iter.c | 4 +-
kernel/bpf/local_storage.c | 4 +-
kernel/cgroup/cgroup-v1.c | 20 +-
kernel/cgroup/cgroup.c | 77 +++---
kernel/kexec_file.c | 14 +-
mm/damon/core.c | 2 +
mm/gup_test.c | 1 +
mm/zswap.c | 11 +-
net/core/neighbour.c | 31 ---
net/ipv6/ping.c | 3 +-
net/mac80211/cfg.c | 9 +-
net/mac80211/ieee80211_i.h | 2 +-
net/mac80211/link.c | 4 +-
net/mac80211/mlme.c | 5 +-
net/mac80211/util.c | 4 +-
net/netfilter/nf_flow_table_core.c | 13 +-
net/netfilter/nf_flow_table_ip.c | 4 +-
net/netfilter/nf_tables_api.c | 59 ++++-
net/netfilter/nfnetlink.c | 3 +-
net/netfilter/nft_set_pipapo.c | 55 ++--
net/sched/act_ct.c | 9 +-
net/sched/act_pedit.c | 45 +++-
net/sched/cls_api.c | 12 +-
net/sched/cls_u32.c | 18 +-
net/sched/sch_api.c | 44 +++-
net/sched/sch_generic.c | 14 +-
net/sched/sch_taprio.c | 3 +
net/sctp/sm_statefuns.c | 2 +-
net/tipc/bearer.c | 4 +-
net/wireless/rdev-ops.h | 6 +-
net/wireless/reg.c | 7 +-
sound/pci/hda/patch_realtek.c | 1 +
sound/soc/codecs/cs35l41-lib.c | 6 +-
sound/soc/dwc/dwc-i2s.c | 41 +--
sound/soc/intel/avs/avs.h | 4 +-
sound/soc/intel/avs/board_selection.c | 2 +-
sound/soc/intel/avs/dsp.c | 4 +-
sound/soc/intel/avs/path.h | 2 +-
sound/soc/intel/avs/pcm.c | 23 +-
sound/soc/intel/avs/probes.c | 2 +-
sound/soc/soc-pcm.c | 20 ++
sound/usb/pcm.c | 4 +
sound/usb/quirks.c | 2 +
tools/gpio/lsgpio.c | 2 +-
tools/testing/selftests/gpio/gpio-sim.sh | 3 +
.../selftests/net/forwarding/hw_stats_l3.sh | 11 +-
tools/testing/selftests/ptp/testptp.c | 6 +-
tools/testing/selftests/tc-testing/config | 1 +
.../selftests/tc-testing/tc-tests/qdiscs/sfb.json | 4 +-
tools/testing/selftests/tc-testing/tdc.sh | 1 +
211 files changed, 2103 insertions(+), 940 deletions(-)
^ permalink raw reply [flat|nested] 200+ messages in thread
* [PATCH 6.3 001/187] x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
@ 2023-06-19 10:26 ` Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 002/187] cgroup: bpf: use cgroup_lock()/cgroup_unlock() wrappers Greg Kroah-Hartman
` (197 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:26 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Tom Lendacky, Dave Hansen,
Joerg Roedel, Sasha Levin
From: Tom Lendacky <thomas.lendacky@amd.com>
[ Upstream commit a37f2699c36a7f6606ba3300f243227856c5ad6b ]
The call to startup_64_setup_env() will install a new GDT but does not
actually switch to using the KERNEL_CS entry until returning from the
function call.
Commit bcce82908333 ("x86/sev: Detect/setup SEV/SME features earlier in
boot") moved the call to sme_enable() earlier in the boot process and in
between the call to startup_64_setup_env() and the switch to KERNEL_CS.
An SEV-ES or an SEV-SNP guest will trigger #VC exceptions during the call
to sme_enable() and if the CS pushed on the stack as part of the exception
and used by IRETQ is not mapped by the new GDT, then problems occur.
Today, the current CS when entering startup_64 is the kernel CS value
because it was set up by the decompressor code, so no issue is seen.
However, a recent patchset that looked to avoid using the legacy
decompressor during an EFI boot exposed this bug. At entry to startup_64,
the CS value is that of EFI and is not mapped in the new kernel GDT. So
when a #VC exception occurs, the CS value used by IRETQ is not valid and
the guest boot crashes.
Fix this issue by moving the block that switches to the KERNEL_CS value to
be done immediately after returning from startup_64_setup_env().
Fixes: bcce82908333 ("x86/sev: Detect/setup SEV/SME features earlier in boot")
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: Joerg Roedel <jroedel@suse.de>
Link: https://lore.kernel.org/all/6ff1f28af2829cc9aea357ebee285825f90a431f.1684340801.git.thomas.lendacky%40amd.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kernel/head_64.S | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S
index 222efd4a09bc8..f047723c6ca5d 100644
--- a/arch/x86/kernel/head_64.S
+++ b/arch/x86/kernel/head_64.S
@@ -85,6 +85,15 @@ SYM_CODE_START_NOALIGN(startup_64)
call startup_64_setup_env
popq %rsi
+ /* Now switch to __KERNEL_CS so IRET works reliably */
+ pushq $__KERNEL_CS
+ leaq .Lon_kernel_cs(%rip), %rax
+ pushq %rax
+ lretq
+
+.Lon_kernel_cs:
+ UNWIND_HINT_EMPTY
+
#ifdef CONFIG_AMD_MEM_ENCRYPT
/*
* Activate SEV/SME memory encryption if supported/enabled. This needs to
@@ -98,15 +107,6 @@ SYM_CODE_START_NOALIGN(startup_64)
popq %rsi
#endif
- /* Now switch to __KERNEL_CS so IRET works reliably */
- pushq $__KERNEL_CS
- leaq .Lon_kernel_cs(%rip), %rax
- pushq %rax
- lretq
-
-.Lon_kernel_cs:
- UNWIND_HINT_EMPTY
-
/* Sanitize CPU configuration */
call verify_cpu
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 002/187] cgroup: bpf: use cgroup_lock()/cgroup_unlock() wrappers
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
2023-06-19 10:26 ` [PATCH 6.3 001/187] x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed Greg Kroah-Hartman
@ 2023-06-19 10:27 ` Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 003/187] cgroup: always put cset in cgroup_css_set_put_fork Greg Kroah-Hartman
` (196 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Kamalesh Babulal, Alexei Starovoitov,
Christian Brauner, Tejun Heo, Sasha Levin
From: Kamalesh Babulal <kamalesh.babulal@oracle.com>
[ Upstream commit 4cdb91b0dea7d7f59fa84a13c7753cd434fdedcf ]
Replace mutex_[un]lock() with cgroup_[un]lock() wrappers to stay
consistent across cgroup core and other subsystem code, while
operating on the cgroup_mutex.
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Reviewed-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Tejun Heo <tj@kernel.org>
Stable-dep-of: 2bd110339288 ("cgroup: always put cset in cgroup_css_set_put_fork")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/bpf/cgroup.c | 38 ++++++++++++------------
kernel/bpf/cgroup_iter.c | 4 +--
kernel/bpf/local_storage.c | 4 +--
kernel/cgroup/cgroup-v1.c | 16 +++++-----
kernel/cgroup/cgroup.c | 60 +++++++++++++++++++-------------------
5 files changed, 61 insertions(+), 61 deletions(-)
diff --git a/kernel/bpf/cgroup.c b/kernel/bpf/cgroup.c
index 819f011f0a9cd..b86b907e566ca 100644
--- a/kernel/bpf/cgroup.c
+++ b/kernel/bpf/cgroup.c
@@ -173,11 +173,11 @@ void bpf_cgroup_atype_put(int cgroup_atype)
{
int i = cgroup_atype - CGROUP_LSM_START;
- mutex_lock(&cgroup_mutex);
+ cgroup_lock();
if (--cgroup_lsm_atype[i].refcnt <= 0)
cgroup_lsm_atype[i].attach_btf_id = 0;
WARN_ON_ONCE(cgroup_lsm_atype[i].refcnt < 0);
- mutex_unlock(&cgroup_mutex);
+ cgroup_unlock();
}
#else
static enum cgroup_bpf_attach_type
@@ -282,7 +282,7 @@ static void cgroup_bpf_release(struct work_struct *work)
unsigned int atype;
- mutex_lock(&cgroup_mutex);
+ cgroup_lock();
for (atype = 0; atype < ARRAY_SIZE(cgrp->bpf.progs); atype++) {
struct hlist_head *progs = &cgrp->bpf.progs[atype];
@@ -315,7 +315,7 @@ static void cgroup_bpf_release(struct work_struct *work)
bpf_cgroup_storage_free(storage);
}
- mutex_unlock(&cgroup_mutex);
+ cgroup_unlock();
for (p = cgroup_parent(cgrp); p; p = cgroup_parent(p))
cgroup_bpf_put(p);
@@ -729,9 +729,9 @@ static int cgroup_bpf_attach(struct cgroup *cgrp,
{
int ret;
- mutex_lock(&cgroup_mutex);
+ cgroup_lock();
ret = __cgroup_bpf_attach(cgrp, prog, replace_prog, link, type, flags);
- mutex_unlock(&cgroup_mutex);
+ cgroup_unlock();
return ret;
}
@@ -831,7 +831,7 @@ static int cgroup_bpf_replace(struct bpf_link *link, struct bpf_prog *new_prog,
cg_link = container_of(link, struct bpf_cgroup_link, link);
- mutex_lock(&cgroup_mutex);
+ cgroup_lock();
/* link might have been auto-released by dying cgroup, so fail */
if (!cg_link->cgroup) {
ret = -ENOLINK;
@@ -843,7 +843,7 @@ static int cgroup_bpf_replace(struct bpf_link *link, struct bpf_prog *new_prog,
}
ret = __cgroup_bpf_replace(cg_link->cgroup, cg_link, new_prog);
out_unlock:
- mutex_unlock(&cgroup_mutex);
+ cgroup_unlock();
return ret;
}
@@ -1009,9 +1009,9 @@ static int cgroup_bpf_detach(struct cgroup *cgrp, struct bpf_prog *prog,
{
int ret;
- mutex_lock(&cgroup_mutex);
+ cgroup_lock();
ret = __cgroup_bpf_detach(cgrp, prog, NULL, type);
- mutex_unlock(&cgroup_mutex);
+ cgroup_unlock();
return ret;
}
@@ -1120,9 +1120,9 @@ static int cgroup_bpf_query(struct cgroup *cgrp, const union bpf_attr *attr,
{
int ret;
- mutex_lock(&cgroup_mutex);
+ cgroup_lock();
ret = __cgroup_bpf_query(cgrp, attr, uattr);
- mutex_unlock(&cgroup_mutex);
+ cgroup_unlock();
return ret;
}
@@ -1189,11 +1189,11 @@ static void bpf_cgroup_link_release(struct bpf_link *link)
if (!cg_link->cgroup)
return;
- mutex_lock(&cgroup_mutex);
+ cgroup_lock();
/* re-check cgroup under lock again */
if (!cg_link->cgroup) {
- mutex_unlock(&cgroup_mutex);
+ cgroup_unlock();
return;
}
@@ -1205,7 +1205,7 @@ static void bpf_cgroup_link_release(struct bpf_link *link)
cg = cg_link->cgroup;
cg_link->cgroup = NULL;
- mutex_unlock(&cgroup_mutex);
+ cgroup_unlock();
cgroup_put(cg);
}
@@ -1232,10 +1232,10 @@ static void bpf_cgroup_link_show_fdinfo(const struct bpf_link *link,
container_of(link, struct bpf_cgroup_link, link);
u64 cg_id = 0;
- mutex_lock(&cgroup_mutex);
+ cgroup_lock();
if (cg_link->cgroup)
cg_id = cgroup_id(cg_link->cgroup);
- mutex_unlock(&cgroup_mutex);
+ cgroup_unlock();
seq_printf(seq,
"cgroup_id:\t%llu\n"
@@ -1251,10 +1251,10 @@ static int bpf_cgroup_link_fill_link_info(const struct bpf_link *link,
container_of(link, struct bpf_cgroup_link, link);
u64 cg_id = 0;
- mutex_lock(&cgroup_mutex);
+ cgroup_lock();
if (cg_link->cgroup)
cg_id = cgroup_id(cg_link->cgroup);
- mutex_unlock(&cgroup_mutex);
+ cgroup_unlock();
info->cgroup.cgroup_id = cg_id;
info->cgroup.attach_type = cg_link->type;
diff --git a/kernel/bpf/cgroup_iter.c b/kernel/bpf/cgroup_iter.c
index 06989d2788465..810378f04fbca 100644
--- a/kernel/bpf/cgroup_iter.c
+++ b/kernel/bpf/cgroup_iter.c
@@ -58,7 +58,7 @@ static void *cgroup_iter_seq_start(struct seq_file *seq, loff_t *pos)
{
struct cgroup_iter_priv *p = seq->private;
- mutex_lock(&cgroup_mutex);
+ cgroup_lock();
/* cgroup_iter doesn't support read across multiple sessions. */
if (*pos > 0) {
@@ -89,7 +89,7 @@ static void cgroup_iter_seq_stop(struct seq_file *seq, void *v)
{
struct cgroup_iter_priv *p = seq->private;
- mutex_unlock(&cgroup_mutex);
+ cgroup_unlock();
/* pass NULL to the prog for post-processing */
if (!v) {
diff --git a/kernel/bpf/local_storage.c b/kernel/bpf/local_storage.c
index 66d8ce2ab5b34..d6f3b7ead2c09 100644
--- a/kernel/bpf/local_storage.c
+++ b/kernel/bpf/local_storage.c
@@ -333,14 +333,14 @@ static void cgroup_storage_map_free(struct bpf_map *_map)
struct list_head *storages = &map->list;
struct bpf_cgroup_storage *storage, *stmp;
- mutex_lock(&cgroup_mutex);
+ cgroup_lock();
list_for_each_entry_safe(storage, stmp, storages, list_map) {
bpf_cgroup_storage_unlink(storage);
bpf_cgroup_storage_free(storage);
}
- mutex_unlock(&cgroup_mutex);
+ cgroup_unlock();
WARN_ON(!RB_EMPTY_ROOT(&map->root));
WARN_ON(!list_empty(&map->list));
diff --git a/kernel/cgroup/cgroup-v1.c b/kernel/cgroup/cgroup-v1.c
index 52bb5a74a23b9..aeef06c465ef1 100644
--- a/kernel/cgroup/cgroup-v1.c
+++ b/kernel/cgroup/cgroup-v1.c
@@ -58,7 +58,7 @@ int cgroup_attach_task_all(struct task_struct *from, struct task_struct *tsk)
struct cgroup_root *root;
int retval = 0;
- mutex_lock(&cgroup_mutex);
+ cgroup_lock();
cgroup_attach_lock(true);
for_each_root(root) {
struct cgroup *from_cgrp;
@@ -72,7 +72,7 @@ int cgroup_attach_task_all(struct task_struct *from, struct task_struct *tsk)
break;
}
cgroup_attach_unlock(true);
- mutex_unlock(&cgroup_mutex);
+ cgroup_unlock();
return retval;
}
@@ -106,7 +106,7 @@ int cgroup_transfer_tasks(struct cgroup *to, struct cgroup *from)
if (ret)
return ret;
- mutex_lock(&cgroup_mutex);
+ cgroup_lock();
percpu_down_write(&cgroup_threadgroup_rwsem);
@@ -145,7 +145,7 @@ int cgroup_transfer_tasks(struct cgroup *to, struct cgroup *from)
out_err:
cgroup_migrate_finish(&mgctx);
percpu_up_write(&cgroup_threadgroup_rwsem);
- mutex_unlock(&cgroup_mutex);
+ cgroup_unlock();
return ret;
}
@@ -847,13 +847,13 @@ static int cgroup1_rename(struct kernfs_node *kn, struct kernfs_node *new_parent
kernfs_break_active_protection(new_parent);
kernfs_break_active_protection(kn);
- mutex_lock(&cgroup_mutex);
+ cgroup_lock();
ret = kernfs_rename(kn, new_parent, new_name_str);
if (!ret)
TRACE_CGROUP_PATH(rename, cgrp);
- mutex_unlock(&cgroup_mutex);
+ cgroup_unlock();
kernfs_unbreak_active_protection(kn);
kernfs_unbreak_active_protection(new_parent);
@@ -1119,7 +1119,7 @@ int cgroup1_reconfigure(struct fs_context *fc)
trace_cgroup_remount(root);
out_unlock:
- mutex_unlock(&cgroup_mutex);
+ cgroup_unlock();
return ret;
}
@@ -1246,7 +1246,7 @@ int cgroup1_get_tree(struct fs_context *fc)
if (!ret && !percpu_ref_tryget_live(&ctx->root->cgrp.self.refcnt))
ret = 1; /* restart */
- mutex_unlock(&cgroup_mutex);
+ cgroup_unlock();
if (!ret)
ret = cgroup_do_get_tree(fc);
diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c
index 935e8121b21e6..83ea13f2ccb1d 100644
--- a/kernel/cgroup/cgroup.c
+++ b/kernel/cgroup/cgroup.c
@@ -1391,7 +1391,7 @@ static void cgroup_destroy_root(struct cgroup_root *root)
cgroup_favor_dynmods(root, false);
cgroup_exit_root_id(root);
- mutex_unlock(&cgroup_mutex);
+ cgroup_unlock();
cgroup_rstat_exit(cgrp);
kernfs_destroy_root(root->kf_root);
@@ -1625,7 +1625,7 @@ void cgroup_kn_unlock(struct kernfs_node *kn)
else
cgrp = kn->parent->priv;
- mutex_unlock(&cgroup_mutex);
+ cgroup_unlock();
kernfs_unbreak_active_protection(kn);
cgroup_put(cgrp);
@@ -1670,7 +1670,7 @@ struct cgroup *cgroup_kn_lock_live(struct kernfs_node *kn, bool drain_offline)
if (drain_offline)
cgroup_lock_and_drain_offline(cgrp);
else
- mutex_lock(&cgroup_mutex);
+ cgroup_lock();
if (!cgroup_is_dead(cgrp))
return cgrp;
@@ -2167,13 +2167,13 @@ int cgroup_do_get_tree(struct fs_context *fc)
struct super_block *sb = fc->root->d_sb;
struct cgroup *cgrp;
- mutex_lock(&cgroup_mutex);
+ cgroup_lock();
spin_lock_irq(&css_set_lock);
cgrp = cset_cgroup_from_root(ctx->ns->root_cset, ctx->root);
spin_unlock_irq(&css_set_lock);
- mutex_unlock(&cgroup_mutex);
+ cgroup_unlock();
nsdentry = kernfs_node_dentry(cgrp->kn, sb);
dput(fc->root);
@@ -2356,13 +2356,13 @@ int cgroup_path_ns(struct cgroup *cgrp, char *buf, size_t buflen,
{
int ret;
- mutex_lock(&cgroup_mutex);
+ cgroup_lock();
spin_lock_irq(&css_set_lock);
ret = cgroup_path_ns_locked(cgrp, buf, buflen, ns);
spin_unlock_irq(&css_set_lock);
- mutex_unlock(&cgroup_mutex);
+ cgroup_unlock();
return ret;
}
@@ -2388,7 +2388,7 @@ int task_cgroup_path(struct task_struct *task, char *buf, size_t buflen)
int hierarchy_id = 1;
int ret;
- mutex_lock(&cgroup_mutex);
+ cgroup_lock();
spin_lock_irq(&css_set_lock);
root = idr_get_next(&cgroup_hierarchy_idr, &hierarchy_id);
@@ -2402,7 +2402,7 @@ int task_cgroup_path(struct task_struct *task, char *buf, size_t buflen)
}
spin_unlock_irq(&css_set_lock);
- mutex_unlock(&cgroup_mutex);
+ cgroup_unlock();
return ret;
}
EXPORT_SYMBOL_GPL(task_cgroup_path);
@@ -3111,7 +3111,7 @@ void cgroup_lock_and_drain_offline(struct cgroup *cgrp)
int ssid;
restart:
- mutex_lock(&cgroup_mutex);
+ cgroup_lock();
cgroup_for_each_live_descendant_post(dsct, d_css, cgrp) {
for_each_subsys(ss, ssid) {
@@ -3125,7 +3125,7 @@ void cgroup_lock_and_drain_offline(struct cgroup *cgrp)
prepare_to_wait(&dsct->offline_waitq, &wait,
TASK_UNINTERRUPTIBLE);
- mutex_unlock(&cgroup_mutex);
+ cgroup_unlock();
schedule();
finish_wait(&dsct->offline_waitq, &wait);
@@ -4374,9 +4374,9 @@ int cgroup_rm_cftypes(struct cftype *cfts)
if (!(cfts[0].flags & __CFTYPE_ADDED))
return -ENOENT;
- mutex_lock(&cgroup_mutex);
+ cgroup_lock();
ret = cgroup_rm_cftypes_locked(cfts);
- mutex_unlock(&cgroup_mutex);
+ cgroup_unlock();
return ret;
}
@@ -4408,14 +4408,14 @@ static int cgroup_add_cftypes(struct cgroup_subsys *ss, struct cftype *cfts)
if (ret)
return ret;
- mutex_lock(&cgroup_mutex);
+ cgroup_lock();
list_add_tail(&cfts->node, &ss->cfts);
ret = cgroup_apply_cftypes(cfts, true);
if (ret)
cgroup_rm_cftypes_locked(cfts);
- mutex_unlock(&cgroup_mutex);
+ cgroup_unlock();
return ret;
}
@@ -5385,7 +5385,7 @@ static void css_release_work_fn(struct work_struct *work)
struct cgroup_subsys *ss = css->ss;
struct cgroup *cgrp = css->cgroup;
- mutex_lock(&cgroup_mutex);
+ cgroup_lock();
css->flags |= CSS_RELEASED;
list_del_rcu(&css->sibling);
@@ -5426,7 +5426,7 @@ static void css_release_work_fn(struct work_struct *work)
NULL);
}
- mutex_unlock(&cgroup_mutex);
+ cgroup_unlock();
INIT_RCU_WORK(&css->destroy_rwork, css_free_rwork_fn);
queue_rcu_work(cgroup_destroy_wq, &css->destroy_rwork);
@@ -5774,7 +5774,7 @@ static void css_killed_work_fn(struct work_struct *work)
struct cgroup_subsys_state *css =
container_of(work, struct cgroup_subsys_state, destroy_work);
- mutex_lock(&cgroup_mutex);
+ cgroup_lock();
do {
offline_css(css);
@@ -5783,7 +5783,7 @@ static void css_killed_work_fn(struct work_struct *work)
css = css->parent;
} while (css && atomic_dec_and_test(&css->online_cnt));
- mutex_unlock(&cgroup_mutex);
+ cgroup_unlock();
}
/* css kill confirmation processing requires process context, bounce */
@@ -5967,7 +5967,7 @@ static void __init cgroup_init_subsys(struct cgroup_subsys *ss, bool early)
pr_debug("Initializing cgroup subsys %s\n", ss->name);
- mutex_lock(&cgroup_mutex);
+ cgroup_lock();
idr_init(&ss->css_idr);
INIT_LIST_HEAD(&ss->cfts);
@@ -6011,7 +6011,7 @@ static void __init cgroup_init_subsys(struct cgroup_subsys *ss, bool early)
BUG_ON(online_css(css));
- mutex_unlock(&cgroup_mutex);
+ cgroup_unlock();
}
/**
@@ -6071,7 +6071,7 @@ int __init cgroup_init(void)
get_user_ns(init_cgroup_ns.user_ns);
- mutex_lock(&cgroup_mutex);
+ cgroup_lock();
/*
* Add init_css_set to the hash table so that dfl_root can link to
@@ -6082,7 +6082,7 @@ int __init cgroup_init(void)
BUG_ON(cgroup_setup_root(&cgrp_dfl_root, 0));
- mutex_unlock(&cgroup_mutex);
+ cgroup_unlock();
for_each_subsys(ss, ssid) {
if (ss->early_init) {
@@ -6134,9 +6134,9 @@ int __init cgroup_init(void)
if (ss->bind)
ss->bind(init_css_set.subsys[ssid]);
- mutex_lock(&cgroup_mutex);
+ cgroup_lock();
css_populate_dir(init_css_set.subsys[ssid]);
- mutex_unlock(&cgroup_mutex);
+ cgroup_unlock();
}
/* init_css_set.subsys[] has been updated, re-hash */
@@ -6241,7 +6241,7 @@ int proc_cgroup_show(struct seq_file *m, struct pid_namespace *ns,
if (!buf)
goto out;
- mutex_lock(&cgroup_mutex);
+ cgroup_lock();
spin_lock_irq(&css_set_lock);
for_each_root(root) {
@@ -6296,7 +6296,7 @@ int proc_cgroup_show(struct seq_file *m, struct pid_namespace *ns,
retval = 0;
out_unlock:
spin_unlock_irq(&css_set_lock);
- mutex_unlock(&cgroup_mutex);
+ cgroup_unlock();
kfree(buf);
out:
return retval;
@@ -6380,7 +6380,7 @@ static int cgroup_css_set_fork(struct kernel_clone_args *kargs)
struct file *f;
if (kargs->flags & CLONE_INTO_CGROUP)
- mutex_lock(&cgroup_mutex);
+ cgroup_lock();
cgroup_threadgroup_change_begin(current);
@@ -6455,7 +6455,7 @@ static int cgroup_css_set_fork(struct kernel_clone_args *kargs)
err:
cgroup_threadgroup_change_end(current);
- mutex_unlock(&cgroup_mutex);
+ cgroup_unlock();
if (f)
fput(f);
if (dst_cgrp)
@@ -6482,7 +6482,7 @@ static void cgroup_css_set_put_fork(struct kernel_clone_args *kargs)
struct cgroup *cgrp = kargs->cgrp;
struct css_set *cset = kargs->cset;
- mutex_unlock(&cgroup_mutex);
+ cgroup_unlock();
if (cset) {
put_css_set(cset);
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 003/187] cgroup: always put cset in cgroup_css_set_put_fork
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
2023-06-19 10:26 ` [PATCH 6.3 001/187] x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 002/187] cgroup: bpf: use cgroup_lock()/cgroup_unlock() wrappers Greg Kroah-Hartman
@ 2023-06-19 10:27 ` Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 004/187] cgroup: fix missing cpus_read_{lock,unlock}() in cgroup_transfer_tasks() Greg Kroah-Hartman
` (195 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:27 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, John Sperbeck, Tejun Heo,
Sasha Levin
From: John Sperbeck <jsperbeck@google.com>
[ Upstream commit 2bd110339288c18823dcace602b63b0d8627e520 ]
A successful call to cgroup_css_set_fork() will always have taken
a ref on kargs->cset (regardless of CLONE_INTO_CGROUP), so always
do a corresponding put in cgroup_css_set_put_fork().
Without this, a cset and its contained css structures will be
leaked for some fork failures. The following script reproduces
the leak for a fork failure due to exceeding pids.max in the
pids controller. A similar thing can happen if we jump to the
bad_fork_cancel_cgroup label in copy_process().
[ -z "$1" ] && echo "Usage $0 pids-root" && exit 1
PID_ROOT=$1
CGROUP=$PID_ROOT/foo
[ -e $CGROUP ] && rmdir -f $CGROUP
mkdir $CGROUP
echo 5 > $CGROUP/pids.max
echo $$ > $CGROUP/cgroup.procs
fork_bomb()
{
set -e
for i in $(seq 10); do
/bin/sleep 3600 &
done
}
(fork_bomb) &
wait
echo $$ > $PID_ROOT/cgroup.procs
kill $(cat $CGROUP/cgroup.procs)
rmdir $CGROUP
Fixes: ef2c41cf38a7 ("clone3: allow spawning processes into cgroups")
Cc: stable@vger.kernel.org # v5.7+
Signed-off-by: John Sperbeck <jsperbeck@google.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/cgroup/cgroup.c | 17 ++++++++---------
1 file changed, 8 insertions(+), 9 deletions(-)
diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c
index 83ea13f2ccb1d..fd57c1dca1ccf 100644
--- a/kernel/cgroup/cgroup.c
+++ b/kernel/cgroup/cgroup.c
@@ -6476,19 +6476,18 @@ static int cgroup_css_set_fork(struct kernel_clone_args *kargs)
static void cgroup_css_set_put_fork(struct kernel_clone_args *kargs)
__releases(&cgroup_threadgroup_rwsem) __releases(&cgroup_mutex)
{
+ struct cgroup *cgrp = kargs->cgrp;
+ struct css_set *cset = kargs->cset;
+
cgroup_threadgroup_change_end(current);
- if (kargs->flags & CLONE_INTO_CGROUP) {
- struct cgroup *cgrp = kargs->cgrp;
- struct css_set *cset = kargs->cset;
+ if (cset) {
+ put_css_set(cset);
+ kargs->cset = NULL;
+ }
+ if (kargs->flags & CLONE_INTO_CGROUP) {
cgroup_unlock();
-
- if (cset) {
- put_css_set(cset);
- kargs->cset = NULL;
- }
-
if (cgrp) {
cgroup_put(cgrp);
kargs->cgrp = NULL;
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 004/187] cgroup: fix missing cpus_read_{lock,unlock}() in cgroup_transfer_tasks()
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (2 preceding siblings ...)
2023-06-19 10:27 ` [PATCH 6.3 003/187] cgroup: always put cset in cgroup_css_set_put_fork Greg Kroah-Hartman
@ 2023-06-19 10:27 ` Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 005/187] qcom: llcc/edac: Fix the base address used for accessing LLCC banks Greg Kroah-Hartman
` (194 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhao Gongyi, Qi Zheng, Muchun Song,
Tejun Heo, Sasha Levin
From: Qi Zheng <zhengqi.arch@bytedance.com>
[ Upstream commit ab1de7ead871ebe6d12a774c3c25de0388cde082 ]
The commit 4f7e7236435c ("cgroup: Fix threadgroup_rwsem <-> cpus_read_lock()
deadlock") fixed the deadlock between cgroup_threadgroup_rwsem and
cpus_read_lock() by introducing cgroup_attach_{lock,unlock}() and removing
cpus_read_{lock,unlock}() from cpuset_attach(). But cgroup_transfer_tasks()
was missed and not handled, which will cause th following warning:
WARNING: CPU: 0 PID: 589 at kernel/cpu.c:526 lockdep_assert_cpus_held+0x32/0x40
CPU: 0 PID: 589 Comm: kworker/1:4 Not tainted 6.4.0-rc2-next-20230517 #50
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014
Workqueue: events cpuset_hotplug_workfn
RIP: 0010:lockdep_assert_cpus_held+0x32/0x40
<...>
Call Trace:
<TASK>
cpuset_attach+0x40/0x240
cgroup_migrate_execute+0x452/0x5e0
? _raw_spin_unlock_irq+0x28/0x40
cgroup_transfer_tasks+0x1f3/0x360
? find_held_lock+0x32/0x90
? cpuset_hotplug_workfn+0xc81/0xed0
cpuset_hotplug_workfn+0xcb1/0xed0
? process_one_work+0x248/0x5b0
process_one_work+0x2b9/0x5b0
worker_thread+0x56/0x3b0
? process_one_work+0x5b0/0x5b0
kthread+0xf1/0x120
? kthread_complete_and_exit+0x20/0x20
ret_from_fork+0x1f/0x30
</TASK>
So just use the cgroup_attach_{lock,unlock}() helper to fix it.
Reported-by: Zhao Gongyi <zhaogongyi@bytedance.com>
Signed-off-by: Qi Zheng <zhengqi.arch@bytedance.com>
Acked-by: Muchun Song <songmuchun@bytedance.com>
Fixes: 05c7b7a92cc8 ("cgroup/cpuset: Fix a race between cpuset_attach() and cpu hotplug")
Cc: stable@vger.kernel.org # v5.17+
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/cgroup/cgroup-v1.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/kernel/cgroup/cgroup-v1.c b/kernel/cgroup/cgroup-v1.c
index aeef06c465ef1..5407241dbb45f 100644
--- a/kernel/cgroup/cgroup-v1.c
+++ b/kernel/cgroup/cgroup-v1.c
@@ -108,7 +108,7 @@ int cgroup_transfer_tasks(struct cgroup *to, struct cgroup *from)
cgroup_lock();
- percpu_down_write(&cgroup_threadgroup_rwsem);
+ cgroup_attach_lock(true);
/* all tasks in @from are being moved, all csets are source */
spin_lock_irq(&css_set_lock);
@@ -144,7 +144,7 @@ int cgroup_transfer_tasks(struct cgroup *to, struct cgroup *from)
} while (task && !ret);
out_err:
cgroup_migrate_finish(&mgctx);
- percpu_up_write(&cgroup_threadgroup_rwsem);
+ cgroup_attach_unlock(true);
cgroup_unlock();
return ret;
}
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 005/187] qcom: llcc/edac: Fix the base address used for accessing LLCC banks
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (3 preceding siblings ...)
2023-06-19 10:27 ` [PATCH 6.3 004/187] cgroup: fix missing cpus_read_{lock,unlock}() in cgroup_transfer_tasks() Greg Kroah-Hartman
@ 2023-06-19 10:27 ` Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 006/187] EDAC/qcom: Get rid of hardcoded register offsets Greg Kroah-Hartman
` (193 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Parikshit Pareek, Luca Weiss,
Borislav Petkov (AMD), Manivannan Sadhasivam, Bjorn Andersson,
Sasha Levin, Steev Klimaszewski, Andrew Halaney
From: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
[ Upstream commit ee13b5008707948d3052c1b5aab485c6cd53658e ]
The Qualcomm LLCC/EDAC drivers were using a fixed register stride for
accessing the (Control and Status Registers) CSRs of each LLCC bank.
This stride only works for some SoCs like SDM845 for which driver
support was initially added.
But the later SoCs use different register stride that vary between the
banks with holes in-between. So it is not possible to use a single register
stride for accessing the CSRs of each bank. By doing so could result in a
crash.
For fixing this issue, let's obtain the base address of each LLCC bank from
devicetree and get rid of the fixed stride. This also means, there is no
need to rely on reg-names property and the base addresses can be obtained
using the index.
First index is LLCC bank 0 and last index is LLCC broadcast. If the SoC
supports more than one bank, then those need to be defined in devicetree
for index from 1..N-1.
Reported-by: Parikshit Pareek <quic_ppareek@quicinc.com>
Tested-by: Luca Weiss <luca.weiss@fairphone.com>
Tested-by: Steev Klimaszewski <steev@kali.org> # Thinkpad X13s
Tested-by: Andrew Halaney <ahalaney@redhat.com> # sa8540p-ride
Reviewed-by: Borislav Petkov (AMD) <bp@alien8.de>
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Link: https://lore.kernel.org/r/20230314080443.64635-13-manivannan.sadhasivam@linaro.org
Stable-dep-of: cbd77119b635 ("EDAC/qcom: Get rid of hardcoded register offsets")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/edac/qcom_edac.c | 14 +++---
drivers/soc/qcom/llcc-qcom.c | 72 +++++++++++++++++-------------
include/linux/soc/qcom/llcc-qcom.h | 6 +--
3 files changed, 48 insertions(+), 44 deletions(-)
diff --git a/drivers/edac/qcom_edac.c b/drivers/edac/qcom_edac.c
index a7158b570ddd0..265e0fb39bc7d 100644
--- a/drivers/edac/qcom_edac.c
+++ b/drivers/edac/qcom_edac.c
@@ -215,7 +215,7 @@ dump_syn_reg_values(struct llcc_drv_data *drv, u32 bank, int err_type)
for (i = 0; i < reg_data.reg_cnt; i++) {
synd_reg = reg_data.synd_reg + (i * 4);
- ret = regmap_read(drv->regmap, drv->offsets[bank] + synd_reg,
+ ret = regmap_read(drv->regmaps[bank], synd_reg,
&synd_val);
if (ret)
goto clear;
@@ -224,8 +224,7 @@ dump_syn_reg_values(struct llcc_drv_data *drv, u32 bank, int err_type)
reg_data.name, i, synd_val);
}
- ret = regmap_read(drv->regmap,
- drv->offsets[bank] + reg_data.count_status_reg,
+ ret = regmap_read(drv->regmaps[bank], reg_data.count_status_reg,
&err_cnt);
if (ret)
goto clear;
@@ -235,8 +234,7 @@ dump_syn_reg_values(struct llcc_drv_data *drv, u32 bank, int err_type)
edac_printk(KERN_CRIT, EDAC_LLCC, "%s: Error count: 0x%4x\n",
reg_data.name, err_cnt);
- ret = regmap_read(drv->regmap,
- drv->offsets[bank] + reg_data.ways_status_reg,
+ ret = regmap_read(drv->regmaps[bank], reg_data.ways_status_reg,
&err_ways);
if (ret)
goto clear;
@@ -297,8 +295,7 @@ static irqreturn_t llcc_ecc_irq_handler(int irq, void *edev_ctl)
/* Iterate over the banks and look for Tag RAM or Data RAM errors */
for (i = 0; i < drv->num_banks; i++) {
- ret = regmap_read(drv->regmap,
- drv->offsets[i] + DRP_INTERRUPT_STATUS,
+ ret = regmap_read(drv->regmaps[i], DRP_INTERRUPT_STATUS,
&drp_error);
if (!ret && (drp_error & SB_ECC_ERROR)) {
@@ -313,8 +310,7 @@ static irqreturn_t llcc_ecc_irq_handler(int irq, void *edev_ctl)
if (!ret)
irq_rc = IRQ_HANDLED;
- ret = regmap_read(drv->regmap,
- drv->offsets[i] + TRP_INTERRUPT_0_STATUS,
+ ret = regmap_read(drv->regmaps[i], TRP_INTERRUPT_0_STATUS,
&trp_error);
if (!ret && (trp_error & SB_ECC_ERROR)) {
diff --git a/drivers/soc/qcom/llcc-qcom.c b/drivers/soc/qcom/llcc-qcom.c
index d4d3eced52f35..8298decc518e3 100644
--- a/drivers/soc/qcom/llcc-qcom.c
+++ b/drivers/soc/qcom/llcc-qcom.c
@@ -62,8 +62,6 @@
#define LLCC_TRP_WRSC_CACHEABLE_EN 0x21f2c
#define LLCC_TRP_ALGO_CFG8 0x21f30
-#define BANK_OFFSET_STRIDE 0x80000
-
#define LLCC_VERSION_2_0_0_0 0x02000000
#define LLCC_VERSION_2_1_0_0 0x02010000
#define LLCC_VERSION_4_1_0_0 0x04010000
@@ -900,8 +898,8 @@ static int qcom_llcc_remove(struct platform_device *pdev)
return 0;
}
-static struct regmap *qcom_llcc_init_mmio(struct platform_device *pdev,
- const char *name)
+static struct regmap *qcom_llcc_init_mmio(struct platform_device *pdev, u8 index,
+ const char *name)
{
void __iomem *base;
struct regmap_config llcc_regmap_config = {
@@ -911,7 +909,7 @@ static struct regmap *qcom_llcc_init_mmio(struct platform_device *pdev,
.fast_io = true,
};
- base = devm_platform_ioremap_resource_byname(pdev, name);
+ base = devm_platform_ioremap_resource(pdev, index);
if (IS_ERR(base))
return ERR_CAST(base);
@@ -929,6 +927,7 @@ static int qcom_llcc_probe(struct platform_device *pdev)
const struct llcc_slice_config *llcc_cfg;
u32 sz;
u32 version;
+ struct regmap *regmap;
drv_data = devm_kzalloc(dev, sizeof(*drv_data), GFP_KERNEL);
if (!drv_data) {
@@ -936,21 +935,51 @@ static int qcom_llcc_probe(struct platform_device *pdev)
goto err;
}
- drv_data->regmap = qcom_llcc_init_mmio(pdev, "llcc_base");
- if (IS_ERR(drv_data->regmap)) {
- ret = PTR_ERR(drv_data->regmap);
+ /* Initialize the first LLCC bank regmap */
+ regmap = qcom_llcc_init_mmio(pdev, 0, "llcc0_base");
+ if (IS_ERR(regmap)) {
+ ret = PTR_ERR(regmap);
goto err;
}
- drv_data->bcast_regmap =
- qcom_llcc_init_mmio(pdev, "llcc_broadcast_base");
+ cfg = of_device_get_match_data(&pdev->dev);
+
+ ret = regmap_read(regmap, cfg->reg_offset[LLCC_COMMON_STATUS0], &num_banks);
+ if (ret)
+ goto err;
+
+ num_banks &= LLCC_LB_CNT_MASK;
+ num_banks >>= LLCC_LB_CNT_SHIFT;
+ drv_data->num_banks = num_banks;
+
+ drv_data->regmaps = devm_kcalloc(dev, num_banks, sizeof(*drv_data->regmaps), GFP_KERNEL);
+ if (!drv_data->regmaps) {
+ ret = -ENOMEM;
+ goto err;
+ }
+
+ drv_data->regmaps[0] = regmap;
+
+ /* Initialize rest of LLCC bank regmaps */
+ for (i = 1; i < num_banks; i++) {
+ char *base = kasprintf(GFP_KERNEL, "llcc%d_base", i);
+
+ drv_data->regmaps[i] = qcom_llcc_init_mmio(pdev, i, base);
+ if (IS_ERR(drv_data->regmaps[i])) {
+ ret = PTR_ERR(drv_data->regmaps[i]);
+ kfree(base);
+ goto err;
+ }
+
+ kfree(base);
+ }
+
+ drv_data->bcast_regmap = qcom_llcc_init_mmio(pdev, i, "llcc_broadcast_base");
if (IS_ERR(drv_data->bcast_regmap)) {
ret = PTR_ERR(drv_data->bcast_regmap);
goto err;
}
- cfg = of_device_get_match_data(&pdev->dev);
-
/* Extract version of the IP */
ret = regmap_read(drv_data->bcast_regmap, cfg->reg_offset[LLCC_COMMON_HW_INFO],
&version);
@@ -959,15 +988,6 @@ static int qcom_llcc_probe(struct platform_device *pdev)
drv_data->version = version;
- ret = regmap_read(drv_data->regmap, cfg->reg_offset[LLCC_COMMON_STATUS0],
- &num_banks);
- if (ret)
- goto err;
-
- num_banks &= LLCC_LB_CNT_MASK;
- num_banks >>= LLCC_LB_CNT_SHIFT;
- drv_data->num_banks = num_banks;
-
llcc_cfg = cfg->sct_data;
sz = cfg->size;
@@ -975,16 +995,6 @@ static int qcom_llcc_probe(struct platform_device *pdev)
if (llcc_cfg[i].slice_id > drv_data->max_slices)
drv_data->max_slices = llcc_cfg[i].slice_id;
- drv_data->offsets = devm_kcalloc(dev, num_banks, sizeof(u32),
- GFP_KERNEL);
- if (!drv_data->offsets) {
- ret = -ENOMEM;
- goto err;
- }
-
- for (i = 0; i < num_banks; i++)
- drv_data->offsets[i] = i * BANK_OFFSET_STRIDE;
-
drv_data->bitmap = devm_bitmap_zalloc(dev, drv_data->max_slices,
GFP_KERNEL);
if (!drv_data->bitmap) {
diff --git a/include/linux/soc/qcom/llcc-qcom.h b/include/linux/soc/qcom/llcc-qcom.h
index ad1fd718169d9..423220e660262 100644
--- a/include/linux/soc/qcom/llcc-qcom.h
+++ b/include/linux/soc/qcom/llcc-qcom.h
@@ -120,7 +120,7 @@ struct llcc_edac_reg_offset {
/**
* struct llcc_drv_data - Data associated with the llcc driver
- * @regmap: regmap associated with the llcc device
+ * @regmaps: regmaps associated with the llcc device
* @bcast_regmap: regmap associated with llcc broadcast offset
* @cfg: pointer to the data structure for slice configuration
* @edac_reg_offset: Offset of the LLCC EDAC registers
@@ -129,12 +129,11 @@ struct llcc_edac_reg_offset {
* @max_slices: max slices as read from device tree
* @num_banks: Number of llcc banks
* @bitmap: Bit map to track the active slice ids
- * @offsets: Pointer to the bank offsets array
* @ecc_irq: interrupt for llcc cache error detection and reporting
* @version: Indicates the LLCC version
*/
struct llcc_drv_data {
- struct regmap *regmap;
+ struct regmap **regmaps;
struct regmap *bcast_regmap;
const struct llcc_slice_config *cfg;
const struct llcc_edac_reg_offset *edac_reg_offset;
@@ -143,7 +142,6 @@ struct llcc_drv_data {
u32 max_slices;
u32 num_banks;
unsigned long *bitmap;
- u32 *offsets;
int ecc_irq;
u32 version;
};
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 006/187] EDAC/qcom: Get rid of hardcoded register offsets
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (4 preceding siblings ...)
2023-06-19 10:27 ` [PATCH 6.3 005/187] qcom: llcc/edac: Fix the base address used for accessing LLCC banks Greg Kroah-Hartman
@ 2023-06-19 10:27 ` Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 007/187] ksmbd: validate smb request protocol id Greg Kroah-Hartman
` (192 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Borislav Petkov (AMD),
Manivannan Sadhasivam, Bjorn Andersson, Sasha Levin
From: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
[ Upstream commit cbd77119b6355872cd308a60e99f9ca678435d15 ]
The LLCC EDAC register offsets varies between each SoC. Hardcoding the
register offsets won't work and will often result in crash due to
accessing the wrong locations.
Hence, get the register offsets from the LLCC driver matching the
individual SoCs.
Cc: <stable@vger.kernel.org> # 6.0: 5365cea199c7 ("soc: qcom: llcc: Rename reg_offset structs to reflect LLCC version")
Cc: <stable@vger.kernel.org> # 6.0: c13d7d261e36 ("soc: qcom: llcc: Pass LLCC version based register offsets to EDAC driver")
Cc: <stable@vger.kernel.org> # 6.0
Fixes: a6e9d7ef252c ("soc: qcom: llcc: Add configuration data for SM8450 SoC")
Acked-by: Borislav Petkov (AMD) <bp@alien8.de>
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Link: https://lore.kernel.org/r/20230517114635.76358-3-manivannan.sadhasivam@linaro.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/edac/qcom_edac.c | 116 ++++++++++++++---------------
include/linux/soc/qcom/llcc-qcom.h | 6 --
2 files changed, 58 insertions(+), 64 deletions(-)
diff --git a/drivers/edac/qcom_edac.c b/drivers/edac/qcom_edac.c
index 265e0fb39bc7d..ae84558481770 100644
--- a/drivers/edac/qcom_edac.c
+++ b/drivers/edac/qcom_edac.c
@@ -21,30 +21,9 @@
#define TRP_SYN_REG_CNT 6
#define DRP_SYN_REG_CNT 8
-#define LLCC_COMMON_STATUS0 0x0003000c
#define LLCC_LB_CNT_MASK GENMASK(31, 28)
#define LLCC_LB_CNT_SHIFT 28
-/* Single & double bit syndrome register offsets */
-#define TRP_ECC_SB_ERR_SYN0 0x0002304c
-#define TRP_ECC_DB_ERR_SYN0 0x00020370
-#define DRP_ECC_SB_ERR_SYN0 0x0004204c
-#define DRP_ECC_DB_ERR_SYN0 0x00042070
-
-/* Error register offsets */
-#define TRP_ECC_ERROR_STATUS1 0x00020348
-#define TRP_ECC_ERROR_STATUS0 0x00020344
-#define DRP_ECC_ERROR_STATUS1 0x00042048
-#define DRP_ECC_ERROR_STATUS0 0x00042044
-
-/* TRP, DRP interrupt register offsets */
-#define DRP_INTERRUPT_STATUS 0x00041000
-#define TRP_INTERRUPT_0_STATUS 0x00020480
-#define DRP_INTERRUPT_CLEAR 0x00041008
-#define DRP_ECC_ERROR_CNTR_CLEAR 0x00040004
-#define TRP_INTERRUPT_0_CLEAR 0x00020484
-#define TRP_ECC_ERROR_CNTR_CLEAR 0x00020440
-
/* Mask and shift macros */
#define ECC_DB_ERR_COUNT_MASK GENMASK(4, 0)
#define ECC_DB_ERR_WAYS_MASK GENMASK(31, 16)
@@ -60,15 +39,6 @@
#define DRP_TRP_INT_CLEAR GENMASK(1, 0)
#define DRP_TRP_CNT_CLEAR GENMASK(1, 0)
-/* Config registers offsets*/
-#define DRP_ECC_ERROR_CFG 0x00040000
-
-/* Tag RAM, Data RAM interrupt register offsets */
-#define CMN_INTERRUPT_0_ENABLE 0x0003001c
-#define CMN_INTERRUPT_2_ENABLE 0x0003003c
-#define TRP_INTERRUPT_0_ENABLE 0x00020488
-#define DRP_INTERRUPT_ENABLE 0x0004100c
-
#define SB_ERROR_THRESHOLD 0x1
#define SB_ERROR_THRESHOLD_SHIFT 24
#define SB_DB_TRP_INTERRUPT_ENABLE 0x3
@@ -88,9 +58,6 @@ enum {
static const struct llcc_edac_reg_data edac_reg_data[] = {
[LLCC_DRAM_CE] = {
.name = "DRAM Single-bit",
- .synd_reg = DRP_ECC_SB_ERR_SYN0,
- .count_status_reg = DRP_ECC_ERROR_STATUS1,
- .ways_status_reg = DRP_ECC_ERROR_STATUS0,
.reg_cnt = DRP_SYN_REG_CNT,
.count_mask = ECC_SB_ERR_COUNT_MASK,
.ways_mask = ECC_SB_ERR_WAYS_MASK,
@@ -98,9 +65,6 @@ static const struct llcc_edac_reg_data edac_reg_data[] = {
},
[LLCC_DRAM_UE] = {
.name = "DRAM Double-bit",
- .synd_reg = DRP_ECC_DB_ERR_SYN0,
- .count_status_reg = DRP_ECC_ERROR_STATUS1,
- .ways_status_reg = DRP_ECC_ERROR_STATUS0,
.reg_cnt = DRP_SYN_REG_CNT,
.count_mask = ECC_DB_ERR_COUNT_MASK,
.ways_mask = ECC_DB_ERR_WAYS_MASK,
@@ -108,9 +72,6 @@ static const struct llcc_edac_reg_data edac_reg_data[] = {
},
[LLCC_TRAM_CE] = {
.name = "TRAM Single-bit",
- .synd_reg = TRP_ECC_SB_ERR_SYN0,
- .count_status_reg = TRP_ECC_ERROR_STATUS1,
- .ways_status_reg = TRP_ECC_ERROR_STATUS0,
.reg_cnt = TRP_SYN_REG_CNT,
.count_mask = ECC_SB_ERR_COUNT_MASK,
.ways_mask = ECC_SB_ERR_WAYS_MASK,
@@ -118,9 +79,6 @@ static const struct llcc_edac_reg_data edac_reg_data[] = {
},
[LLCC_TRAM_UE] = {
.name = "TRAM Double-bit",
- .synd_reg = TRP_ECC_DB_ERR_SYN0,
- .count_status_reg = TRP_ECC_ERROR_STATUS1,
- .ways_status_reg = TRP_ECC_ERROR_STATUS0,
.reg_cnt = TRP_SYN_REG_CNT,
.count_mask = ECC_DB_ERR_COUNT_MASK,
.ways_mask = ECC_DB_ERR_WAYS_MASK,
@@ -128,7 +86,7 @@ static const struct llcc_edac_reg_data edac_reg_data[] = {
},
};
-static int qcom_llcc_core_setup(struct regmap *llcc_bcast_regmap)
+static int qcom_llcc_core_setup(struct llcc_drv_data *drv, struct regmap *llcc_bcast_regmap)
{
u32 sb_err_threshold;
int ret;
@@ -137,31 +95,31 @@ static int qcom_llcc_core_setup(struct regmap *llcc_bcast_regmap)
* Configure interrupt enable registers such that Tag, Data RAM related
* interrupts are propagated to interrupt controller for servicing
*/
- ret = regmap_update_bits(llcc_bcast_regmap, CMN_INTERRUPT_2_ENABLE,
+ ret = regmap_update_bits(llcc_bcast_regmap, drv->edac_reg_offset->cmn_interrupt_2_enable,
TRP0_INTERRUPT_ENABLE,
TRP0_INTERRUPT_ENABLE);
if (ret)
return ret;
- ret = regmap_update_bits(llcc_bcast_regmap, TRP_INTERRUPT_0_ENABLE,
+ ret = regmap_update_bits(llcc_bcast_regmap, drv->edac_reg_offset->trp_interrupt_0_enable,
SB_DB_TRP_INTERRUPT_ENABLE,
SB_DB_TRP_INTERRUPT_ENABLE);
if (ret)
return ret;
sb_err_threshold = (SB_ERROR_THRESHOLD << SB_ERROR_THRESHOLD_SHIFT);
- ret = regmap_write(llcc_bcast_regmap, DRP_ECC_ERROR_CFG,
+ ret = regmap_write(llcc_bcast_regmap, drv->edac_reg_offset->drp_ecc_error_cfg,
sb_err_threshold);
if (ret)
return ret;
- ret = regmap_update_bits(llcc_bcast_regmap, CMN_INTERRUPT_2_ENABLE,
+ ret = regmap_update_bits(llcc_bcast_regmap, drv->edac_reg_offset->cmn_interrupt_2_enable,
DRP0_INTERRUPT_ENABLE,
DRP0_INTERRUPT_ENABLE);
if (ret)
return ret;
- ret = regmap_write(llcc_bcast_regmap, DRP_INTERRUPT_ENABLE,
+ ret = regmap_write(llcc_bcast_regmap, drv->edac_reg_offset->drp_interrupt_enable,
SB_DB_DRP_INTERRUPT_ENABLE);
return ret;
}
@@ -175,24 +133,28 @@ qcom_llcc_clear_error_status(int err_type, struct llcc_drv_data *drv)
switch (err_type) {
case LLCC_DRAM_CE:
case LLCC_DRAM_UE:
- ret = regmap_write(drv->bcast_regmap, DRP_INTERRUPT_CLEAR,
+ ret = regmap_write(drv->bcast_regmap,
+ drv->edac_reg_offset->drp_interrupt_clear,
DRP_TRP_INT_CLEAR);
if (ret)
return ret;
- ret = regmap_write(drv->bcast_regmap, DRP_ECC_ERROR_CNTR_CLEAR,
+ ret = regmap_write(drv->bcast_regmap,
+ drv->edac_reg_offset->drp_ecc_error_cntr_clear,
DRP_TRP_CNT_CLEAR);
if (ret)
return ret;
break;
case LLCC_TRAM_CE:
case LLCC_TRAM_UE:
- ret = regmap_write(drv->bcast_regmap, TRP_INTERRUPT_0_CLEAR,
+ ret = regmap_write(drv->bcast_regmap,
+ drv->edac_reg_offset->trp_interrupt_0_clear,
DRP_TRP_INT_CLEAR);
if (ret)
return ret;
- ret = regmap_write(drv->bcast_regmap, TRP_ECC_ERROR_CNTR_CLEAR,
+ ret = regmap_write(drv->bcast_regmap,
+ drv->edac_reg_offset->trp_ecc_error_cntr_clear,
DRP_TRP_CNT_CLEAR);
if (ret)
return ret;
@@ -205,16 +167,54 @@ qcom_llcc_clear_error_status(int err_type, struct llcc_drv_data *drv)
return ret;
}
+struct qcom_llcc_syn_regs {
+ u32 synd_reg;
+ u32 count_status_reg;
+ u32 ways_status_reg;
+};
+
+static void get_reg_offsets(struct llcc_drv_data *drv, int err_type,
+ struct qcom_llcc_syn_regs *syn_regs)
+{
+ const struct llcc_edac_reg_offset *edac_reg_offset = drv->edac_reg_offset;
+
+ switch (err_type) {
+ case LLCC_DRAM_CE:
+ syn_regs->synd_reg = edac_reg_offset->drp_ecc_sb_err_syn0;
+ syn_regs->count_status_reg = edac_reg_offset->drp_ecc_error_status1;
+ syn_regs->ways_status_reg = edac_reg_offset->drp_ecc_error_status0;
+ break;
+ case LLCC_DRAM_UE:
+ syn_regs->synd_reg = edac_reg_offset->drp_ecc_db_err_syn0;
+ syn_regs->count_status_reg = edac_reg_offset->drp_ecc_error_status1;
+ syn_regs->ways_status_reg = edac_reg_offset->drp_ecc_error_status0;
+ break;
+ case LLCC_TRAM_CE:
+ syn_regs->synd_reg = edac_reg_offset->trp_ecc_sb_err_syn0;
+ syn_regs->count_status_reg = edac_reg_offset->trp_ecc_error_status1;
+ syn_regs->ways_status_reg = edac_reg_offset->trp_ecc_error_status0;
+ break;
+ case LLCC_TRAM_UE:
+ syn_regs->synd_reg = edac_reg_offset->trp_ecc_db_err_syn0;
+ syn_regs->count_status_reg = edac_reg_offset->trp_ecc_error_status1;
+ syn_regs->ways_status_reg = edac_reg_offset->trp_ecc_error_status0;
+ break;
+ }
+}
+
/* Dump Syndrome registers data for Tag RAM, Data RAM bit errors*/
static int
dump_syn_reg_values(struct llcc_drv_data *drv, u32 bank, int err_type)
{
struct llcc_edac_reg_data reg_data = edac_reg_data[err_type];
+ struct qcom_llcc_syn_regs regs = { };
int err_cnt, err_ways, ret, i;
u32 synd_reg, synd_val;
+ get_reg_offsets(drv, err_type, ®s);
+
for (i = 0; i < reg_data.reg_cnt; i++) {
- synd_reg = reg_data.synd_reg + (i * 4);
+ synd_reg = regs.synd_reg + (i * 4);
ret = regmap_read(drv->regmaps[bank], synd_reg,
&synd_val);
if (ret)
@@ -224,7 +224,7 @@ dump_syn_reg_values(struct llcc_drv_data *drv, u32 bank, int err_type)
reg_data.name, i, synd_val);
}
- ret = regmap_read(drv->regmaps[bank], reg_data.count_status_reg,
+ ret = regmap_read(drv->regmaps[bank], regs.count_status_reg,
&err_cnt);
if (ret)
goto clear;
@@ -234,7 +234,7 @@ dump_syn_reg_values(struct llcc_drv_data *drv, u32 bank, int err_type)
edac_printk(KERN_CRIT, EDAC_LLCC, "%s: Error count: 0x%4x\n",
reg_data.name, err_cnt);
- ret = regmap_read(drv->regmaps[bank], reg_data.ways_status_reg,
+ ret = regmap_read(drv->regmaps[bank], regs.ways_status_reg,
&err_ways);
if (ret)
goto clear;
@@ -295,7 +295,7 @@ static irqreturn_t llcc_ecc_irq_handler(int irq, void *edev_ctl)
/* Iterate over the banks and look for Tag RAM or Data RAM errors */
for (i = 0; i < drv->num_banks; i++) {
- ret = regmap_read(drv->regmaps[i], DRP_INTERRUPT_STATUS,
+ ret = regmap_read(drv->regmaps[i], drv->edac_reg_offset->drp_interrupt_status,
&drp_error);
if (!ret && (drp_error & SB_ECC_ERROR)) {
@@ -310,7 +310,7 @@ static irqreturn_t llcc_ecc_irq_handler(int irq, void *edev_ctl)
if (!ret)
irq_rc = IRQ_HANDLED;
- ret = regmap_read(drv->regmaps[i], TRP_INTERRUPT_0_STATUS,
+ ret = regmap_read(drv->regmaps[i], drv->edac_reg_offset->trp_interrupt_0_status,
&trp_error);
if (!ret && (trp_error & SB_ECC_ERROR)) {
@@ -342,7 +342,7 @@ static int qcom_llcc_edac_probe(struct platform_device *pdev)
int ecc_irq;
int rc;
- rc = qcom_llcc_core_setup(llcc_driv_data->bcast_regmap);
+ rc = qcom_llcc_core_setup(llcc_driv_data, llcc_driv_data->bcast_regmap);
if (rc)
return rc;
diff --git a/include/linux/soc/qcom/llcc-qcom.h b/include/linux/soc/qcom/llcc-qcom.h
index 423220e660262..93417ba1ead4a 100644
--- a/include/linux/soc/qcom/llcc-qcom.h
+++ b/include/linux/soc/qcom/llcc-qcom.h
@@ -69,9 +69,6 @@ struct llcc_slice_desc {
/**
* struct llcc_edac_reg_data - llcc edac registers data for each error type
* @name: Name of the error
- * @synd_reg: Syndrome register address
- * @count_status_reg: Status register address to read the error count
- * @ways_status_reg: Status register address to read the error ways
* @reg_cnt: Number of registers
* @count_mask: Mask value to get the error count
* @ways_mask: Mask value to get the error ways
@@ -80,9 +77,6 @@ struct llcc_slice_desc {
*/
struct llcc_edac_reg_data {
char *name;
- u64 synd_reg;
- u64 count_status_reg;
- u64 ways_status_reg;
u32 reg_cnt;
u32 count_mask;
u32 ways_mask;
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 007/187] ksmbd: validate smb request protocol id
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (5 preceding siblings ...)
2023-06-19 10:27 ` [PATCH 6.3 006/187] EDAC/qcom: Get rid of hardcoded register offsets Greg Kroah-Hartman
@ 2023-06-19 10:27 ` Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 008/187] of: overlay: Fix missing of_node_put() in error case of init_overlay_changeset() Greg Kroah-Hartman
` (191 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Chih-Yen Chang, Namjae Jeon,
Steve French, Sasha Levin
From: Namjae Jeon <linkinjeon@kernel.org>
[ Upstream commit 1c1bcf2d3ea061613119b534f57507c377df20f9 ]
This patch add the validation for smb request protocol id.
If it is not one of the four ids(SMB1_PROTO_NUMBER, SMB2_PROTO_NUMBER,
SMB2_TRANSFORM_PROTO_NUM, SMB2_COMPRESSION_TRANSFORM_ID), don't allow
processing the request. And this will fix the following KASAN warning
also.
[ 13.905265] BUG: KASAN: slab-out-of-bounds in init_smb2_rsp_hdr+0x1b9/0x1f0
[ 13.905900] Read of size 16 at addr ffff888005fd2f34 by task kworker/0:2/44
...
[ 13.908553] Call Trace:
[ 13.908793] <TASK>
[ 13.908995] dump_stack_lvl+0x33/0x50
[ 13.909369] print_report+0xcc/0x620
[ 13.910870] kasan_report+0xae/0xe0
[ 13.911519] kasan_check_range+0x35/0x1b0
[ 13.911796] init_smb2_rsp_hdr+0x1b9/0x1f0
[ 13.912492] handle_ksmbd_work+0xe5/0x820
Cc: stable@vger.kernel.org
Reported-by: Chih-Yen Chang <cc85nod@gmail.com>
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ksmbd/connection.c | 5 +++--
fs/ksmbd/smb_common.c | 14 +++++++++++++-
2 files changed, 16 insertions(+), 3 deletions(-)
diff --git a/fs/ksmbd/connection.c b/fs/ksmbd/connection.c
index e11d4a1e63d73..2a717d158f02e 100644
--- a/fs/ksmbd/connection.c
+++ b/fs/ksmbd/connection.c
@@ -364,8 +364,6 @@ int ksmbd_conn_handler_loop(void *p)
break;
memcpy(conn->request_buf, hdr_buf, sizeof(hdr_buf));
- if (!ksmbd_smb_request(conn))
- break;
/*
* We already read 4 bytes to find out PDU size, now
@@ -383,6 +381,9 @@ int ksmbd_conn_handler_loop(void *p)
continue;
}
+ if (!ksmbd_smb_request(conn))
+ break;
+
if (((struct smb2_hdr *)smb2_get_msg(conn->request_buf))->ProtocolId ==
SMB2_PROTO_NUMBER) {
if (pdu_size < SMB2_MIN_SUPPORTED_HEADER_SIZE)
diff --git a/fs/ksmbd/smb_common.c b/fs/ksmbd/smb_common.c
index af0c2a9b85290..569e5eecdf3db 100644
--- a/fs/ksmbd/smb_common.c
+++ b/fs/ksmbd/smb_common.c
@@ -158,7 +158,19 @@ int ksmbd_verify_smb_message(struct ksmbd_work *work)
*/
bool ksmbd_smb_request(struct ksmbd_conn *conn)
{
- return conn->request_buf[0] == 0;
+ __le32 *proto = (__le32 *)smb2_get_msg(conn->request_buf);
+
+ if (*proto == SMB2_COMPRESSION_TRANSFORM_ID) {
+ pr_err_ratelimited("smb2 compression not support yet");
+ return false;
+ }
+
+ if (*proto != SMB1_PROTO_NUMBER &&
+ *proto != SMB2_PROTO_NUMBER &&
+ *proto != SMB2_TRANSFORM_PROTO_NUM)
+ return false;
+
+ return true;
}
static bool supported_protocol(int idx)
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 008/187] of: overlay: Fix missing of_node_put() in error case of init_overlay_changeset()
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (6 preceding siblings ...)
2023-06-19 10:27 ` [PATCH 6.3 007/187] ksmbd: validate smb request protocol id Greg Kroah-Hartman
@ 2023-06-19 10:27 ` Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 009/187] power: supply: ab8500: Fix external_power_changed race Greg Kroah-Hartman
` (190 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Kunihiko Hayashi, Rob Herring,
Sasha Levin
From: Kunihiko Hayashi <hayashi.kunihiko@socionext.com>
[ Upstream commit 39affd1fdf65983904fafc07cf607cff737eaf30 ]
In init_overlay_changeset(), the variable "node" is from
of_get_child_by_name(), and the "node" should be discarded in error case.
Fixes: d1651b03c2df ("of: overlay: add overlay symbols to live device tree")
Signed-off-by: Kunihiko Hayashi <hayashi.kunihiko@socionext.com>
Link: https://lore.kernel.org/r/20230602020502.11693-1-hayashi.kunihiko@socionext.com
Signed-off-by: Rob Herring <robh@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/of/overlay.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/of/overlay.c b/drivers/of/overlay.c
index 2e01960f1aeb3..7feb643f13707 100644
--- a/drivers/of/overlay.c
+++ b/drivers/of/overlay.c
@@ -811,6 +811,7 @@ static int init_overlay_changeset(struct overlay_changeset *ovcs)
if (!fragment->target) {
pr_err("symbols in overlay, but not in live tree\n");
ret = -EINVAL;
+ of_node_put(node);
goto err_out;
}
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 009/187] power: supply: ab8500: Fix external_power_changed race
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (7 preceding siblings ...)
2023-06-19 10:27 ` [PATCH 6.3 008/187] of: overlay: Fix missing of_node_put() in error case of init_overlay_changeset() Greg Kroah-Hartman
@ 2023-06-19 10:27 ` Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 010/187] power: supply: sc27xx: " Greg Kroah-Hartman
` (189 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Hans de Goede, Linus Walleij,
Sebastian Reichel, Sasha Levin
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit a5299ce4e96f3e8930e9c051b28d8093ada87b08 ]
ab8500_btemp_external_power_changed() dereferences di->btemp_psy,
which gets sets in ab8500_btemp_probe() like this:
di->btemp_psy = devm_power_supply_register(dev, &ab8500_btemp_desc,
&psy_cfg);
As soon as devm_power_supply_register() has called device_add()
the external_power_changed callback can get called. So there is a window
where ab8500_btemp_external_power_changed() may get called while
di->btemp_psy has not been set yet leading to a NULL pointer dereference.
Fixing this is easy. The external_power_changed callback gets passed
the power_supply which will eventually get stored in di->btemp_psy,
so ab8500_btemp_external_power_changed() can simply directly use
the passed in psy argument which is always valid.
And the same applies to ab8500_fg_external_power_changed().
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/power/supply/ab8500_btemp.c | 6 ++----
drivers/power/supply/ab8500_fg.c | 6 ++----
2 files changed, 4 insertions(+), 8 deletions(-)
diff --git a/drivers/power/supply/ab8500_btemp.c b/drivers/power/supply/ab8500_btemp.c
index 307ee6f71042e..6f83e99d2eb72 100644
--- a/drivers/power/supply/ab8500_btemp.c
+++ b/drivers/power/supply/ab8500_btemp.c
@@ -624,10 +624,8 @@ static int ab8500_btemp_get_ext_psy_data(struct device *dev, void *data)
*/
static void ab8500_btemp_external_power_changed(struct power_supply *psy)
{
- struct ab8500_btemp *di = power_supply_get_drvdata(psy);
-
- class_for_each_device(power_supply_class, NULL,
- di->btemp_psy, ab8500_btemp_get_ext_psy_data);
+ class_for_each_device(power_supply_class, NULL, psy,
+ ab8500_btemp_get_ext_psy_data);
}
/* ab8500 btemp driver interrupts and their respective isr */
diff --git a/drivers/power/supply/ab8500_fg.c b/drivers/power/supply/ab8500_fg.c
index 41a7bff9ac376..53560fbb6dcd3 100644
--- a/drivers/power/supply/ab8500_fg.c
+++ b/drivers/power/supply/ab8500_fg.c
@@ -2407,10 +2407,8 @@ static int ab8500_fg_init_hw_registers(struct ab8500_fg *di)
*/
static void ab8500_fg_external_power_changed(struct power_supply *psy)
{
- struct ab8500_fg *di = power_supply_get_drvdata(psy);
-
- class_for_each_device(power_supply_class, NULL,
- di->fg_psy, ab8500_fg_get_ext_psy_data);
+ class_for_each_device(power_supply_class, NULL, psy,
+ ab8500_fg_get_ext_psy_data);
}
/**
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 010/187] power: supply: sc27xx: Fix external_power_changed race
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (8 preceding siblings ...)
2023-06-19 10:27 ` [PATCH 6.3 009/187] power: supply: ab8500: Fix external_power_changed race Greg Kroah-Hartman
@ 2023-06-19 10:27 ` Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 011/187] power: supply: bq27xxx: Use mod_delayed_work() instead of cancel() + schedule() Greg Kroah-Hartman
` (188 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Orson Zhai, Chunyan Zhang,
Hans de Goede, Baolin Wang, Sebastian Reichel, Sasha Levin
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit 4d5c129d6c8993fe96e9ae712141eedcb9ca68c2 ]
sc27xx_fgu_external_power_changed() dereferences data->battery,
which gets sets in ab8500_btemp_probe() like this:
data->battery = devm_power_supply_register(dev, &sc27xx_fgu_desc,
&fgu_cfg);
As soon as devm_power_supply_register() has called device_add()
the external_power_changed callback can get called. So there is a window
where sc27xx_fgu_external_power_changed() may get called while
data->battery has not been set yet leading to a NULL pointer dereference.
Fixing this is easy. The external_power_changed callback gets passed
the power_supply which will eventually get stored in data->battery,
so sc27xx_fgu_external_power_changed() can simply directly use
the passed in psy argument which is always valid.
After this change sc27xx_fgu_external_power_changed() is reduced to just
"power_supply_changed(psy);" and it has the same prototype. While at it
simply replace it with making the external_power_changed callback
directly point to power_supply_changed.
Cc: Orson Zhai <orsonzhai@gmail.com>
Cc: Chunyan Zhang <zhang.lyra@gmail.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Reviewed-by: Baolin Wang <baolin.wang@linux.alibaba.com>
Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/power/supply/sc27xx_fuel_gauge.c | 9 +--------
1 file changed, 1 insertion(+), 8 deletions(-)
diff --git a/drivers/power/supply/sc27xx_fuel_gauge.c b/drivers/power/supply/sc27xx_fuel_gauge.c
index 632977f84b954..bd23c4d9fed43 100644
--- a/drivers/power/supply/sc27xx_fuel_gauge.c
+++ b/drivers/power/supply/sc27xx_fuel_gauge.c
@@ -733,13 +733,6 @@ static int sc27xx_fgu_set_property(struct power_supply *psy,
return ret;
}
-static void sc27xx_fgu_external_power_changed(struct power_supply *psy)
-{
- struct sc27xx_fgu_data *data = power_supply_get_drvdata(psy);
-
- power_supply_changed(data->battery);
-}
-
static int sc27xx_fgu_property_is_writeable(struct power_supply *psy,
enum power_supply_property psp)
{
@@ -774,7 +767,7 @@ static const struct power_supply_desc sc27xx_fgu_desc = {
.num_properties = ARRAY_SIZE(sc27xx_fgu_props),
.get_property = sc27xx_fgu_get_property,
.set_property = sc27xx_fgu_set_property,
- .external_power_changed = sc27xx_fgu_external_power_changed,
+ .external_power_changed = power_supply_changed,
.property_is_writeable = sc27xx_fgu_property_is_writeable,
.no_thermal = true,
};
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 011/187] power: supply: bq27xxx: Use mod_delayed_work() instead of cancel() + schedule()
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (9 preceding siblings ...)
2023-06-19 10:27 ` [PATCH 6.3 010/187] power: supply: sc27xx: " Greg Kroah-Hartman
@ 2023-06-19 10:27 ` Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 012/187] ARM: dts: vexpress: add missing cache properties Greg Kroah-Hartman
` (187 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Hans de Goede, Sebastian Reichel,
Sasha Levin
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit 59dddea9879713423c7b2ade43c423bb71e0d216 ]
Use mod_delayed_work() instead of separate cancel_delayed_work_sync() +
schedule_delayed_work() calls.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/power/supply/bq27xxx_battery.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/drivers/power/supply/bq27xxx_battery.c b/drivers/power/supply/bq27xxx_battery.c
index 929e813b9c443..4296600e8912a 100644
--- a/drivers/power/supply/bq27xxx_battery.c
+++ b/drivers/power/supply/bq27xxx_battery.c
@@ -1083,10 +1083,8 @@ static int poll_interval_param_set(const char *val, const struct kernel_param *k
return ret;
mutex_lock(&bq27xxx_list_lock);
- list_for_each_entry(di, &bq27xxx_battery_devices, list) {
- cancel_delayed_work_sync(&di->work);
- schedule_delayed_work(&di->work, 0);
- }
+ list_for_each_entry(di, &bq27xxx_battery_devices, list)
+ mod_delayed_work(system_wq, &di->work, 0);
mutex_unlock(&bq27xxx_list_lock);
return ret;
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 012/187] ARM: dts: vexpress: add missing cache properties
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (10 preceding siblings ...)
2023-06-19 10:27 ` [PATCH 6.3 011/187] power: supply: bq27xxx: Use mod_delayed_work() instead of cancel() + schedule() Greg Kroah-Hartman
@ 2023-06-19 10:27 ` Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 013/187] arm64: dts: arm: " Greg Kroah-Hartman
` (186 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Krzysztof Kozlowski, Sudeep Holla,
Sasha Levin
From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
[ Upstream commit 328acc5657c6197753238d7ce0a6924ead829347 ]
As all level 2 and level 3 caches are unified, add required
cache-unified property to fix warnings like:
vexpress-v2p-ca5s.dtb: cache-controller@2c0f0000: 'cache-unified' is a required property
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Link: https://lore.kernel.org/r/20230423150837.118466-1-krzysztof.kozlowski@linaro.org
Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/vexpress-v2p-ca5s.dts | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/arm/boot/dts/vexpress-v2p-ca5s.dts b/arch/arm/boot/dts/vexpress-v2p-ca5s.dts
index 3b88209bacea2..ff1f9a1bcfcfc 100644
--- a/arch/arm/boot/dts/vexpress-v2p-ca5s.dts
+++ b/arch/arm/boot/dts/vexpress-v2p-ca5s.dts
@@ -132,6 +132,7 @@ L2: cache-controller@2c0f0000 {
reg = <0x2c0f0000 0x1000>;
interrupts = <0 84 4>;
cache-level = <2>;
+ cache-unified;
};
pmu {
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 013/187] arm64: dts: arm: add missing cache properties
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (11 preceding siblings ...)
2023-06-19 10:27 ` [PATCH 6.3 012/187] ARM: dts: vexpress: add missing cache properties Greg Kroah-Hartman
@ 2023-06-19 10:27 ` Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 014/187] tools: gpio: fix debounce_period_us output of lsgpio Greg Kroah-Hartman
` (185 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Krzysztof Kozlowski, Sudeep Holla,
Sasha Levin
From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
[ Upstream commit 55b37d9c8ba23d28c584aef0801fb1e60e4a817c ]
As all level 2 and level 3 caches are unified, add required
cache-unified properties to fix warnings like:
foundation-v8.dtb: l2-cache0: 'cache-unified' is a required property
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Link: https://lore.kernel.org/r/20230421223213.115639-1-krzysztof.kozlowski@linaro.org
Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/arm/foundation-v8.dtsi | 1 +
arch/arm64/boot/dts/arm/rtsm_ve-aemv8a.dts | 1 +
arch/arm64/boot/dts/arm/vexpress-v2f-1xv7-ca53x2.dts | 1 +
3 files changed, 3 insertions(+)
diff --git a/arch/arm64/boot/dts/arm/foundation-v8.dtsi b/arch/arm64/boot/dts/arm/foundation-v8.dtsi
index 029578072d8fb..7b41537731a6a 100644
--- a/arch/arm64/boot/dts/arm/foundation-v8.dtsi
+++ b/arch/arm64/boot/dts/arm/foundation-v8.dtsi
@@ -59,6 +59,7 @@ cpu3: cpu@3 {
L2_0: l2-cache0 {
compatible = "cache";
cache-level = <2>;
+ cache-unified;
};
};
diff --git a/arch/arm64/boot/dts/arm/rtsm_ve-aemv8a.dts b/arch/arm64/boot/dts/arm/rtsm_ve-aemv8a.dts
index ef68f5aae7ddf..afdf954206f1d 100644
--- a/arch/arm64/boot/dts/arm/rtsm_ve-aemv8a.dts
+++ b/arch/arm64/boot/dts/arm/rtsm_ve-aemv8a.dts
@@ -72,6 +72,7 @@ cpu@3 {
L2_0: l2-cache0 {
compatible = "cache";
cache-level = <2>;
+ cache-unified;
};
};
diff --git a/arch/arm64/boot/dts/arm/vexpress-v2f-1xv7-ca53x2.dts b/arch/arm64/boot/dts/arm/vexpress-v2f-1xv7-ca53x2.dts
index 796cd7d02eb55..7bdeb965f0a96 100644
--- a/arch/arm64/boot/dts/arm/vexpress-v2f-1xv7-ca53x2.dts
+++ b/arch/arm64/boot/dts/arm/vexpress-v2f-1xv7-ca53x2.dts
@@ -58,6 +58,7 @@ cpu@1 {
L2_0: l2-cache0 {
compatible = "cache";
cache-level = <2>;
+ cache-unified;
};
};
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 014/187] tools: gpio: fix debounce_period_us output of lsgpio
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (12 preceding siblings ...)
2023-06-19 10:27 ` [PATCH 6.3 013/187] arm64: dts: arm: " Greg Kroah-Hartman
@ 2023-06-19 10:27 ` Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 015/187] selftests: gpio: gpio-sim: Fix BUG: test FAILED due to recent change Greg Kroah-Hartman
` (184 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Milo Spadacini, Linus Walleij,
Andy Shevchenko, Bartosz Golaszewski, Sasha Levin
From: Milo Spadacini <milo.spadacini@gmail.com>
[ Upstream commit eb4b8eca1bad98f4b8574558a74f041f9acb5a54 ]
Fix incorrect output that could occur when more attributes are used and
GPIO_V2_LINE_ATTR_ID_DEBOUNCE is not the first one.
Signed-off-by: Milo Spadacini <milo.spadacini@gmail.com>
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com>
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/gpio/lsgpio.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/gpio/lsgpio.c b/tools/gpio/lsgpio.c
index c61d061247e17..52a0be45410c9 100644
--- a/tools/gpio/lsgpio.c
+++ b/tools/gpio/lsgpio.c
@@ -94,7 +94,7 @@ static void print_attributes(struct gpio_v2_line_info *info)
for (i = 0; i < info->num_attrs; i++) {
if (info->attrs[i].id == GPIO_V2_LINE_ATTR_ID_DEBOUNCE)
fprintf(stdout, ", debounce_period=%dusec",
- info->attrs[0].debounce_period_us);
+ info->attrs[i].debounce_period_us);
}
}
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 015/187] selftests: gpio: gpio-sim: Fix BUG: test FAILED due to recent change
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (13 preceding siblings ...)
2023-06-19 10:27 ` [PATCH 6.3 014/187] tools: gpio: fix debounce_period_us output of lsgpio Greg Kroah-Hartman
@ 2023-06-19 10:27 ` Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 016/187] power: supply: Ratelimit no data debug output Greg Kroah-Hartman
` (183 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mirsad Todorovac, Andy Shevchenko,
Bartosz Golaszewski, Sasha Levin
From: Mirsad Todorovac <mirsad.todorovac@alu.unizg.hr>
[ Upstream commit 976d3c6778e99390c6d854d140b746d12ea18a51 ]
According to Mirsad the gpio-sim.sh test appears to FAIL in a wrong way
due to missing initialisation of shell variables:
4.2. Bias settings work correctly
cat: /sys/devices/platform/gpio-sim.0/gpiochip18/sim_gpio0/value: No such file or directory
./gpio-sim.sh: line 393: test: =: unary operator expected
bias setting does not work
GPIO gpio-sim test FAIL
After this change the test passed:
4.2. Bias settings work correctly
GPIO gpio-sim test PASS
His testing environment is AlmaLinux 8.7 on Lenovo desktop box with
the latest Linux kernel based on v6.2:
Linux 6.2.0-mglru-kmlk-andy-09238-gd2980d8d8265 x86_64
Suggested-by: Mirsad Todorovac <mirsad.todorovac@alu.unizg.hr>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Tested-by: Mirsad Goran Todorovac <mirsad.todorovac@alu.unizg.hr>
Signed-off-by: Mirsad Goran Todorovac <mirsad.todorovac@alu.unizg.hr>
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/gpio/gpio-sim.sh | 3 +++
1 file changed, 3 insertions(+)
diff --git a/tools/testing/selftests/gpio/gpio-sim.sh b/tools/testing/selftests/gpio/gpio-sim.sh
index 9f539d454ee4d..fa2ce2b9dd5fc 100755
--- a/tools/testing/selftests/gpio/gpio-sim.sh
+++ b/tools/testing/selftests/gpio/gpio-sim.sh
@@ -389,6 +389,9 @@ create_chip chip
create_bank chip bank
set_num_lines chip bank 8
enable_chip chip
+DEVNAME=`configfs_dev_name chip`
+CHIPNAME=`configfs_chip_name chip bank`
+SYSFS_PATH="/sys/devices/platform/$DEVNAME/$CHIPNAME/sim_gpio0/value"
$BASE_DIR/gpio-mockup-cdev -b pull-up /dev/`configfs_chip_name chip bank` 0
test `cat $SYSFS_PATH` = "1" || fail "bias setting does not work"
remove_chip chip
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 016/187] power: supply: Ratelimit no data debug output
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (14 preceding siblings ...)
2023-06-19 10:27 ` [PATCH 6.3 015/187] selftests: gpio: gpio-sim: Fix BUG: test FAILED due to recent change Greg Kroah-Hartman
@ 2023-06-19 10:27 ` Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 017/187] PCI/DPC: Quirk PIO log size for Intel Ice Lake Root Ports Greg Kroah-Hartman
` (182 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Marek Vasut, Hans de Goede,
Sebastian Reichel, Sasha Levin
From: Marek Vasut <marex@denx.de>
[ Upstream commit 155c45a25679f571c2ae57d10db843a9dfc63430 ]
Reduce the amount of output this dev_dbg() statement emits into logs,
otherwise if system software polls the sysfs entry for data and keeps
getting -ENODATA, it could end up filling the logs up.
This does in fact make systemd journald choke, since during boot the
sysfs power supply entries are polled and if journald starts at the
same time, the journal is just being repeatedly filled up, and the
system stops on trying to start journald without booting any further.
Signed-off-by: Marek Vasut <marex@denx.de>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/power/supply/power_supply_sysfs.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/power/supply/power_supply_sysfs.c b/drivers/power/supply/power_supply_sysfs.c
index c228205e09538..4bbb3053eef44 100644
--- a/drivers/power/supply/power_supply_sysfs.c
+++ b/drivers/power/supply/power_supply_sysfs.c
@@ -285,7 +285,8 @@ static ssize_t power_supply_show_property(struct device *dev,
if (ret < 0) {
if (ret == -ENODATA)
- dev_dbg(dev, "driver has no data for `%s' property\n",
+ dev_dbg_ratelimited(dev,
+ "driver has no data for `%s' property\n",
attr->attr.name);
else if (ret != -ENODEV && ret != -EAGAIN)
dev_err_ratelimited(dev,
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 017/187] PCI/DPC: Quirk PIO log size for Intel Ice Lake Root Ports
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (15 preceding siblings ...)
2023-06-19 10:27 ` [PATCH 6.3 016/187] power: supply: Ratelimit no data debug output Greg Kroah-Hartman
@ 2023-06-19 10:27 ` Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 018/187] platform/x86: asus-wmi: Ignore WMI events with codes 0x7B, 0xC0 Greg Kroah-Hartman
` (181 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mark Blakeney, Mika Westerberg,
Bjorn Helgaas, Sasha Levin
From: Mika Westerberg <mika.westerberg@linux.intel.com>
[ Upstream commit 3b8803494a0612acdeee714cb72aa142b1e05ce5 ]
Commit 5459c0b70467 ("PCI/DPC: Quirk PIO log size for certain Intel Root
Ports") added quirks for Tiger and Alder Lake Root Ports but missed that
the same issue exists also in the previous generation, Ice Lake.
Apply the quirk for Ice Lake Root Ports as well. This prevents kernel
complaints like:
DPC: RP PIO log size 0 is invalid
and also enables the DPC driver to dump the RP PIO Log registers when DPC
is triggered.
[bhelgaas: add dmesg warning and RP PIO Log dump info]
Closes: https://bugzilla.kernel.org/show_bug.cgi?id=209943
Link: https://lore.kernel.org/r/20230511121905.73949-1-mika.westerberg@linux.intel.com
Reported-by: Mark Blakeney <mark.blakeney@bullet-systems.net>
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/quirks.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c
index f4e2a88729fd1..c525867760bf8 100644
--- a/drivers/pci/quirks.c
+++ b/drivers/pci/quirks.c
@@ -6003,8 +6003,9 @@ DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x56c1, aspm_l1_acceptable_latency
#ifdef CONFIG_PCIE_DPC
/*
- * Intel Tiger Lake and Alder Lake BIOS has a bug that clears the DPC
- * RP PIO Log Size of the integrated Thunderbolt PCIe Root Ports.
+ * Intel Ice Lake, Tiger Lake and Alder Lake BIOS has a bug that clears
+ * the DPC RP PIO Log Size of the integrated Thunderbolt PCIe Root
+ * Ports.
*/
static void dpc_log_size(struct pci_dev *dev)
{
@@ -6027,6 +6028,10 @@ DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x461f, dpc_log_size);
DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x462f, dpc_log_size);
DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x463f, dpc_log_size);
DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x466e, dpc_log_size);
+DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x8a1d, dpc_log_size);
+DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x8a1f, dpc_log_size);
+DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x8a21, dpc_log_size);
+DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x8a23, dpc_log_size);
DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x9a23, dpc_log_size);
DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x9a25, dpc_log_size);
DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x9a27, dpc_log_size);
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 018/187] platform/x86: asus-wmi: Ignore WMI events with codes 0x7B, 0xC0
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (16 preceding siblings ...)
2023-06-19 10:27 ` [PATCH 6.3 017/187] PCI/DPC: Quirk PIO log size for Intel Ice Lake Root Ports Greg Kroah-Hartman
@ 2023-06-19 10:27 ` Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 019/187] regulator: Fix error checking for debugfs_create_dir Greg Kroah-Hartman
` (180 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Alexandru Sorodoc, Hans de Goede,
Sasha Levin
From: Alexandru Sorodoc <ealex95@gmail.com>
[ Upstream commit 362c1f2ec82cb65940e1c73e15a395a7a891fc6f ]
On ASUS GU604V the key 0x7B is issued when the charger is connected or
disconnected, and key 0xC0 is issued when an external display is
connected or disconnected.
This commit maps them to KE_IGNORE to slience kernel messages about
unknown keys, such as:
kernel: asus_wmi: Unknown key code 0x7b
Signed-off-by: Alexandru Sorodoc <ealex95@gmail.com>
Link: https://lore.kernel.org/r/20230512101517.47416-1-ealex95@gmail.com
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/x86/asus-nb-wmi.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/platform/x86/asus-nb-wmi.c b/drivers/platform/x86/asus-nb-wmi.c
index e2c9a68d12df9..fdf7da06af306 100644
--- a/drivers/platform/x86/asus-nb-wmi.c
+++ b/drivers/platform/x86/asus-nb-wmi.c
@@ -555,6 +555,7 @@ static const struct key_entry asus_nb_wmi_keymap[] = {
{ KE_KEY, 0x71, { KEY_F13 } }, /* General-purpose button */
{ KE_IGNORE, 0x79, }, /* Charger type dectection notification */
{ KE_KEY, 0x7a, { KEY_ALS_TOGGLE } }, /* Ambient Light Sensor Toggle */
+ { KE_IGNORE, 0x7B, }, /* Charger connect/disconnect notification */
{ KE_KEY, 0x7c, { KEY_MICMUTE } },
{ KE_KEY, 0x7D, { KEY_BLUETOOTH } }, /* Bluetooth Enable */
{ KE_KEY, 0x7E, { KEY_BLUETOOTH } }, /* Bluetooth Disable */
@@ -584,6 +585,7 @@ static const struct key_entry asus_nb_wmi_keymap[] = {
{ KE_KEY, 0xAE, { KEY_FN_F5 } }, /* Fn+F5 fan mode on 2020+ */
{ KE_KEY, 0xB3, { KEY_PROG4 } }, /* AURA */
{ KE_KEY, 0xB5, { KEY_CALC } },
+ { KE_IGNORE, 0xC0, }, /* External display connect/disconnect notification */
{ KE_KEY, 0xC4, { KEY_KBDILLUMUP } },
{ KE_KEY, 0xC5, { KEY_KBDILLUMDOWN } },
{ KE_IGNORE, 0xC6, }, /* Ambient Light Sensor notification */
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 019/187] regulator: Fix error checking for debugfs_create_dir
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (17 preceding siblings ...)
2023-06-19 10:27 ` [PATCH 6.3 018/187] platform/x86: asus-wmi: Ignore WMI events with codes 0x7B, 0xC0 Greg Kroah-Hartman
@ 2023-06-19 10:27 ` Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 020/187] irqchip/gic-v3: Disable pseudo NMIs on Mediatek devices w/ firmware issues Greg Kroah-Hartman
` (179 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:27 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Sasha Levin
From: Osama Muhammad <osmtendev@gmail.com>
[ Upstream commit 2bf1c45be3b8f3a3f898d0756c1282f09719debd ]
This patch fixes the error checking in core.c in debugfs_create_dir.
The correct way to check if an error occurred is 'IS_ERR' inline function.
Signed-off-by: Osama Muhammad <osmtendev@gmail.com
Suggested-by: Ivan Orlov <ivan.orlov0322@gmail.com
Link: https://lore.kernel.org/r/20230515172938.13338-1-osmtendev@gmail.com
Signed-off-by: Mark Brown <broonie@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/regulator/core.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/regulator/core.c b/drivers/regulator/core.c
index 08726bc0da9d7..323e8187a98ff 100644
--- a/drivers/regulator/core.c
+++ b/drivers/regulator/core.c
@@ -5263,7 +5263,7 @@ static void rdev_init_debugfs(struct regulator_dev *rdev)
}
rdev->debugfs = debugfs_create_dir(rname, debugfs_root);
- if (!rdev->debugfs) {
+ if (IS_ERR(rdev->debugfs)) {
rdev_warn(rdev, "Failed to create debugfs directory\n");
return;
}
@@ -6185,7 +6185,7 @@ static int __init regulator_init(void)
ret = class_register(®ulator_class);
debugfs_root = debugfs_create_dir("regulator", NULL);
- if (!debugfs_root)
+ if (IS_ERR(debugfs_root))
pr_warn("regulator: Failed to create debugfs directory\n");
#ifdef CONFIG_DEBUG_FS
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 020/187] irqchip/gic-v3: Disable pseudo NMIs on Mediatek devices w/ firmware issues
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (18 preceding siblings ...)
2023-06-19 10:27 ` [PATCH 6.3 019/187] regulator: Fix error checking for debugfs_create_dir Greg Kroah-Hartman
@ 2023-06-19 10:27 ` Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 021/187] irqchip/meson-gpio: Mark OF related data as maybe unused Greg Kroah-Hartman
` (178 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Julius Werner, Douglas Anderson,
Marc Zyngier, Sasha Levin
From: Douglas Anderson <dianders@chromium.org>
[ Upstream commit 44bd78dd2b8897f59b7e3963f088caadb7e4f047 ]
Some Chromebooks with Mediatek SoCs have a problem where the firmware
doesn't properly save/restore certain GICR registers. Newer
Chromebooks should fix this issue and we may be able to do firmware
updates for old Chromebooks. At the moment, the only known issue with
these Chromebooks is that we can't enable "pseudo NMIs" since the
priority register can be lost. Enabling "pseudo NMIs" on Chromebooks
with the problematic firmware causes crashes and freezes.
Let's detect devices with this problem and then disable "pseudo NMIs"
on them. We'll detect the problem by looking for the presence of the
"mediatek,broken-save-restore-fw" property in the GIC device tree
node. Any devices with fixed firmware will not have this property.
Our detection plan works because we never bake a Chromebook's device
tree into firmware. Instead, device trees are always bundled with the
kernel. We'll update the device trees of all affected Chromebooks and
then we'll never enable "pseudo NMI" on a kernel that is bundled with
old device trees. When a firmware update is shipped that fixes this
issue it will know to patch the device tree to remove the property.
In order to make this work, the quick detection mechanism of the GICv3
code is extended to be able to look for properties in addition to
looking at "compatible".
Reviewed-by: Julius Werner <jwerner@chromium.org>
Signed-off-by: Douglas Anderson <dianders@chromium.org>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20230515131353.v2.2.I88dc0a0eb1d9d537de61604cd8994ecc55c0cac1@changeid
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/irqchip/irq-gic-common.c | 8 ++++++--
drivers/irqchip/irq-gic-common.h | 1 +
drivers/irqchip/irq-gic-v3.c | 20 ++++++++++++++++++++
3 files changed, 27 insertions(+), 2 deletions(-)
diff --git a/drivers/irqchip/irq-gic-common.c b/drivers/irqchip/irq-gic-common.c
index a610821c8ff2a..de47b51cdadbe 100644
--- a/drivers/irqchip/irq-gic-common.c
+++ b/drivers/irqchip/irq-gic-common.c
@@ -16,7 +16,11 @@ void gic_enable_of_quirks(const struct device_node *np,
const struct gic_quirk *quirks, void *data)
{
for (; quirks->desc; quirks++) {
- if (!of_device_is_compatible(np, quirks->compatible))
+ if (quirks->compatible &&
+ !of_device_is_compatible(np, quirks->compatible))
+ continue;
+ if (quirks->property &&
+ !of_property_read_bool(np, quirks->property))
continue;
if (quirks->init(data))
pr_info("GIC: enabling workaround for %s\n",
@@ -28,7 +32,7 @@ void gic_enable_quirks(u32 iidr, const struct gic_quirk *quirks,
void *data)
{
for (; quirks->desc; quirks++) {
- if (quirks->compatible)
+ if (quirks->compatible || quirks->property)
continue;
if (quirks->iidr != (quirks->mask & iidr))
continue;
diff --git a/drivers/irqchip/irq-gic-common.h b/drivers/irqchip/irq-gic-common.h
index 27e3d4ed4f328..3db4592cda1c0 100644
--- a/drivers/irqchip/irq-gic-common.h
+++ b/drivers/irqchip/irq-gic-common.h
@@ -13,6 +13,7 @@
struct gic_quirk {
const char *desc;
const char *compatible;
+ const char *property;
bool (*init)(void *data);
u32 iidr;
u32 mask;
diff --git a/drivers/irqchip/irq-gic-v3.c b/drivers/irqchip/irq-gic-v3.c
index 6fcee221f2017..a605aa79435a4 100644
--- a/drivers/irqchip/irq-gic-v3.c
+++ b/drivers/irqchip/irq-gic-v3.c
@@ -39,6 +39,7 @@
#define FLAGS_WORKAROUND_GICR_WAKER_MSM8996 (1ULL << 0)
#define FLAGS_WORKAROUND_CAVIUM_ERRATUM_38539 (1ULL << 1)
+#define FLAGS_WORKAROUND_MTK_GICR_SAVE (1ULL << 2)
#define GIC_IRQ_TYPE_PARTITION (GIC_IRQ_TYPE_LPI + 1)
@@ -1720,6 +1721,15 @@ static bool gic_enable_quirk_msm8996(void *data)
return true;
}
+static bool gic_enable_quirk_mtk_gicr(void *data)
+{
+ struct gic_chip_data *d = data;
+
+ d->flags |= FLAGS_WORKAROUND_MTK_GICR_SAVE;
+
+ return true;
+}
+
static bool gic_enable_quirk_cavium_38539(void *data)
{
struct gic_chip_data *d = data;
@@ -1792,6 +1802,11 @@ static const struct gic_quirk gic_quirks[] = {
.compatible = "qcom,msm8996-gic-v3",
.init = gic_enable_quirk_msm8996,
},
+ {
+ .desc = "GICv3: Mediatek Chromebook GICR save problem",
+ .property = "mediatek,broken-save-restore-fw",
+ .init = gic_enable_quirk_mtk_gicr,
+ },
{
.desc = "GICv3: HIP06 erratum 161010803",
.iidr = 0x0204043b,
@@ -1834,6 +1849,11 @@ static void gic_enable_nmi_support(void)
if (!gic_prio_masking_enabled())
return;
+ if (gic_data.flags & FLAGS_WORKAROUND_MTK_GICR_SAVE) {
+ pr_warn("Skipping NMI enable due to firmware issues\n");
+ return;
+ }
+
ppi_nmi_refs = kcalloc(gic_data.ppi_nr, sizeof(*ppi_nmi_refs), GFP_KERNEL);
if (!ppi_nmi_refs)
return;
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 021/187] irqchip/meson-gpio: Mark OF related data as maybe unused
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (19 preceding siblings ...)
2023-06-19 10:27 ` [PATCH 6.3 020/187] irqchip/gic-v3: Disable pseudo NMIs on Mediatek devices w/ firmware issues Greg Kroah-Hartman
@ 2023-06-19 10:27 ` Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 022/187] power: supply: Fix logic checking if system is running from battery Greg Kroah-Hartman
` (177 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Martin Blumenstingl,
Krzysztof Kozlowski, Marc Zyngier, Sasha Levin
From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
[ Upstream commit 14130211be5366a91ec07c3284c183b75d8fba17 ]
The driver can be compile tested with !CONFIG_OF making certain data
unused:
drivers/irqchip/irq-meson-gpio.c:153:34: error: ‘meson_irq_gpio_matches’ defined but not used [-Werror=unused-const-variable=]
Acked-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20230512164506.212267-1-krzysztof.kozlowski@linaro.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/irqchip/irq-meson-gpio.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/irqchip/irq-meson-gpio.c b/drivers/irqchip/irq-meson-gpio.c
index 2aaa9aad3e87a..7da18ef952119 100644
--- a/drivers/irqchip/irq-meson-gpio.c
+++ b/drivers/irqchip/irq-meson-gpio.c
@@ -150,7 +150,7 @@ static const struct meson_gpio_irq_params s4_params = {
INIT_MESON_S4_COMMON_DATA(82)
};
-static const struct of_device_id meson_irq_gpio_matches[] = {
+static const struct of_device_id meson_irq_gpio_matches[] __maybe_unused = {
{ .compatible = "amlogic,meson8-gpio-intc", .data = &meson8_params },
{ .compatible = "amlogic,meson8b-gpio-intc", .data = &meson8b_params },
{ .compatible = "amlogic,meson-gxbb-gpio-intc", .data = &gxbb_params },
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 022/187] power: supply: Fix logic checking if system is running from battery
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (20 preceding siblings ...)
2023-06-19 10:27 ` [PATCH 6.3 021/187] irqchip/meson-gpio: Mark OF related data as maybe unused Greg Kroah-Hartman
@ 2023-06-19 10:27 ` Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 023/187] drm: panel-orientation-quirks: Change Airs quirk to support Air Plus Greg Kroah-Hartman
` (176 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Evan Quan, Lijo Lazar,
Mario Limonciello, Sebastian Reichel, Sasha Levin
From: Mario Limonciello <mario.limonciello@amd.com>
[ Upstream commit 95339f40a8b652b5b1773def31e63fc53c26378a ]
The logic used for power_supply_is_system_supplied() counts all power
supplies and assumes that the system is running from AC if there is
either a non-battery power-supply reporting to be online or if no
power-supplies exist at all.
The second rule is for desktop systems, that don't have any
battery/charger devices. These systems will incorrectly report to be
powered from battery once a device scope power-supply is registered
(e.g. a HID device), since these power-supplies increase the counter.
Apart from HID devices, recent dGPUs provide UCSI power supplies on a
desktop systems. The dGPU by default doesn't have anything plugged in so
it's 'offline'. This makes power_supply_is_system_supplied() return 0
with a count of 1 meaning all drivers that use this get a wrong judgement.
To fix this case adjust the logic to also examine the scope of the power
supply. If the power supply is deemed a device power supply, then don't
count it.
Cc: Evan Quan <Evan.Quan@amd.com>
Suggested-by: Lijo Lazar <Lijo.Lazar@amd.com>
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/power/supply/power_supply_core.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/power/supply/power_supply_core.c b/drivers/power/supply/power_supply_core.c
index f3d7c1da299fe..d325e6dbc7709 100644
--- a/drivers/power/supply/power_supply_core.c
+++ b/drivers/power/supply/power_supply_core.c
@@ -348,6 +348,10 @@ static int __power_supply_is_system_supplied(struct device *dev, void *data)
struct power_supply *psy = dev_get_drvdata(dev);
unsigned int *count = data;
+ if (!psy->desc->get_property(psy, POWER_SUPPLY_PROP_SCOPE, &ret))
+ if (ret.intval == POWER_SUPPLY_SCOPE_DEVICE)
+ return 0;
+
(*count)++;
if (psy->desc->type != POWER_SUPPLY_TYPE_BATTERY)
if (!psy->desc->get_property(psy, POWER_SUPPLY_PROP_ONLINE,
@@ -366,8 +370,8 @@ int power_supply_is_system_supplied(void)
__power_supply_is_system_supplied);
/*
- * If no power class device was found at all, most probably we are
- * running on a desktop system, so assume we are on mains power.
+ * If no system scope power class device was found at all, most probably we
+ * are running on a desktop system, so assume we are on mains power.
*/
if (count == 0)
return 1;
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 023/187] drm: panel-orientation-quirks: Change Airs quirk to support Air Plus
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (21 preceding siblings ...)
2023-06-19 10:27 ` [PATCH 6.3 022/187] power: supply: Fix logic checking if system is running from battery Greg Kroah-Hartman
@ 2023-06-19 10:27 ` Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 024/187] btrfs: scrub: try harder to mark RAID56 block groups read-only Greg Kroah-Hartman
` (175 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Maya Matuszczyk, Hans de Goede,
Sasha Levin
From: Maya Matuszczyk <maccraft123mc@gmail.com>
[ Upstream commit 1aa7f416175619e0286fddc5fc44e968b06bf2aa ]
It turned out that Aya Neo Air Plus had a different board name than
expected.
This patch changes Aya Neo Air's quirk to account for that, as both
devices share "Air" in DMI product name.
Tested on Air claiming to be an Air Pro, and on Air Plus.
Signed-off-by: Maya Matuszczyk <maccraft123mc@gmail.com>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20230515184843.1552612-1-maccraft123mc@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/drm_panel_orientation_quirks.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/drm_panel_orientation_quirks.c b/drivers/gpu/drm/drm_panel_orientation_quirks.c
index b1a38e6ce2f8f..0cb646cb04ee1 100644
--- a/drivers/gpu/drm/drm_panel_orientation_quirks.c
+++ b/drivers/gpu/drm/drm_panel_orientation_quirks.c
@@ -179,7 +179,7 @@ static const struct dmi_system_id orientation_data[] = {
}, { /* AYA NEO AIR */
.matches = {
DMI_EXACT_MATCH(DMI_SYS_VENDOR, "AYANEO"),
- DMI_MATCH(DMI_BOARD_NAME, "AIR"),
+ DMI_MATCH(DMI_PRODUCT_NAME, "AIR"),
},
.driver_data = (void *)&lcd1080x1920_leftside_up,
}, { /* AYA NEO NEXT */
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 024/187] btrfs: scrub: try harder to mark RAID56 block groups read-only
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (22 preceding siblings ...)
2023-06-19 10:27 ` [PATCH 6.3 023/187] drm: panel-orientation-quirks: Change Airs quirk to support Air Plus Greg Kroah-Hartman
@ 2023-06-19 10:27 ` Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 025/187] btrfs: handle memory allocation failure in btrfs_csum_one_bio Greg Kroah-Hartman
` (174 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:27 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Qu Wenruo, David Sterba, Sasha Levin
From: Qu Wenruo <wqu@suse.com>
[ Upstream commit 7561551e7ba870b9659083b95feb520fb2dacce3 ]
Currently we allow a block group not to be marked read-only for scrub.
But for RAID56 block groups if we require the block group to be
read-only, then we're allowed to use cached content from scrub stripe to
reduce unnecessary RAID56 reads.
So this patch would:
- Make btrfs_inc_block_group_ro() try harder
During my tests, for cases like btrfs/061 and btrfs/064, we can hit
ENOSPC from btrfs_inc_block_group_ro() calls during scrub.
The reason is if we only have one single data chunk, and trying to
scrub it, we won't have any space left for any newer data writes.
But this check should be done by the caller, especially for scrub
cases we only temporarily mark the chunk read-only.
And newer data writes would always try to allocate a new data chunk
when needed.
- Return error for scrub if we failed to mark a RAID56 chunk read-only
Signed-off-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/btrfs/block-group.c | 14 ++++++++++++--
fs/btrfs/scrub.c | 9 ++++++++-
2 files changed, 20 insertions(+), 3 deletions(-)
diff --git a/fs/btrfs/block-group.c b/fs/btrfs/block-group.c
index 5fc670c27f864..58ce5d44ce4d5 100644
--- a/fs/btrfs/block-group.c
+++ b/fs/btrfs/block-group.c
@@ -2832,10 +2832,20 @@ int btrfs_inc_block_group_ro(struct btrfs_block_group *cache,
}
ret = inc_block_group_ro(cache, 0);
- if (!do_chunk_alloc || ret == -ETXTBSY)
- goto unlock_out;
if (!ret)
goto out;
+ if (ret == -ETXTBSY)
+ goto unlock_out;
+
+ /*
+ * Skip chunk alloction if the bg is SYSTEM, this is to avoid system
+ * chunk allocation storm to exhaust the system chunk array. Otherwise
+ * we still want to try our best to mark the block group read-only.
+ */
+ if (!do_chunk_alloc && ret == -ENOSPC &&
+ (cache->flags & BTRFS_BLOCK_GROUP_SYSTEM))
+ goto unlock_out;
+
alloc_flags = btrfs_get_alloc_profile(fs_info, cache->space_info->flags);
ret = btrfs_chunk_alloc(trans, alloc_flags, CHUNK_ALLOC_FORCE);
if (ret < 0)
diff --git a/fs/btrfs/scrub.c b/fs/btrfs/scrub.c
index 69c93ae333f63..3720fd1f593d2 100644
--- a/fs/btrfs/scrub.c
+++ b/fs/btrfs/scrub.c
@@ -4034,13 +4034,20 @@ int scrub_enumerate_chunks(struct scrub_ctx *sctx,
if (ret == 0) {
ro_set = 1;
- } else if (ret == -ENOSPC && !sctx->is_dev_replace) {
+ } else if (ret == -ENOSPC && !sctx->is_dev_replace &&
+ !(cache->flags & BTRFS_BLOCK_GROUP_RAID56_MASK)) {
/*
* btrfs_inc_block_group_ro return -ENOSPC when it
* failed in creating new chunk for metadata.
* It is not a problem for scrub, because
* metadata are always cowed, and our scrub paused
* commit_transactions.
+ *
+ * For RAID56 chunks, we have to mark them read-only
+ * for scrub, as later we would use our own cache
+ * out of RAID56 realm.
+ * Thus we want the RAID56 bg to be marked RO to
+ * prevent RMW from screwing up out cache.
*/
ro_set = 0;
} else if (ret == -ETXTBSY) {
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 025/187] btrfs: handle memory allocation failure in btrfs_csum_one_bio
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (23 preceding siblings ...)
2023-06-19 10:27 ` [PATCH 6.3 024/187] btrfs: scrub: try harder to mark RAID56 block groups read-only Greg Kroah-Hartman
@ 2023-06-19 10:27 ` Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 026/187] ASoC: soc-pcm: test if a BE can be prepared Greg Kroah-Hartman
` (173 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+d8941552e21eac774778,
Christoph Hellwig, Anand Jain, Johannes Thumshirn, David Sterba,
Sasha Levin
From: Johannes Thumshirn <johannes.thumshirn@wdc.com>
[ Upstream commit 806570c0bb7b4847828c22c4934fcf2dc8fc572f ]
Since f8a53bb58ec7 ("btrfs: handle checksum generation in the storage
layer") the failures of btrfs_csum_one_bio() are handled via
bio_end_io().
This means, we can return BLK_STS_RESOURCE from btrfs_csum_one_bio() in
case the allocation of the ordered sums fails.
This also fixes a syzkaller report, where injecting a failure into the
kvzalloc() call results in a BUG_ON().
Reported-by: syzbot+d8941552e21eac774778@syzkaller.appspotmail.com
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Anand Jain <anand.jain@oracle.com>
Signed-off-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/btrfs/file-item.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/fs/btrfs/file-item.c b/fs/btrfs/file-item.c
index a4584c629ba35..9e45b416a9c85 100644
--- a/fs/btrfs/file-item.c
+++ b/fs/btrfs/file-item.c
@@ -847,7 +847,9 @@ blk_status_t btrfs_csum_one_bio(struct btrfs_bio *bbio)
sums = kvzalloc(btrfs_ordered_sum_size(fs_info,
bytes_left), GFP_KERNEL);
memalloc_nofs_restore(nofs_flag);
- BUG_ON(!sums); /* -ENOMEM */
+ if (!sums)
+ return BLK_STS_RESOURCE;
+
sums->len = bytes_left;
ordered = btrfs_lookup_ordered_extent(inode,
offset);
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 026/187] ASoC: soc-pcm: test if a BE can be prepared
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (24 preceding siblings ...)
2023-06-19 10:27 ` [PATCH 6.3 025/187] btrfs: handle memory allocation failure in btrfs_csum_one_bio Greg Kroah-Hartman
@ 2023-06-19 10:27 ` Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 027/187] sfc: fix devlink info error handling Greg Kroah-Hartman
` (172 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:27 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Sasha Levin
From: Ranjani Sridharan <ranjani.sridharan@linux.intel.com>
[ Upstream commit e123036be377ddf628226a7c6d4f9af5efd113d3 ]
In the BE hw_params configuration, the existing code checks if any of the
existing FEs are prepared, running, paused or suspended - and skips the
configuration in those cases. This allows multiple calls of hw_params
which the ALSA state machine supports.
This check is not handled for the prepare stage, which can lead to the
same BE being prepared multiple times. This patch adds a check similar to
that of the hw_params, with the main difference being that the suspended
state is allowed: the ALSA state machine allows a transition from
suspended to prepared with hw_params skipped.
This problem was detected on Intel IPC4/SoundWire devices, where the BE
dailink .prepare stage is used to configure the SoundWire stream with a
bank switch. Multiple .prepare calls lead to conflicts with the .trigger
operation with IPC4 configurations. This problem was not detected earlier
on Intel devices, HDaudio BE dailinks detect that the link is already
prepared and skip the configuration, and for IPC3 devices there is no BE
trigger.
Link: https://github.com/thesofproject/sof/issues/7596
Signed-off-by: Ranjani Sridharan <ranjani.sridharan@linux.intel.com
Signed-off-by: Bard Liao <yung-chuan.liao@linux.intel.com
Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com
Link: https://lore.kernel.org/r/20230517185731.487124-1-pierre-louis.bossart@linux.intel.com
Signed-off-by: Mark Brown <broonie@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/sound/soc-dpcm.h | 4 ++++
sound/soc/soc-pcm.c | 20 ++++++++++++++++++++
2 files changed, 24 insertions(+)
diff --git a/include/sound/soc-dpcm.h b/include/sound/soc-dpcm.h
index 1e7d09556fe3e..b7bc1865b9e4a 100644
--- a/include/sound/soc-dpcm.h
+++ b/include/sound/soc-dpcm.h
@@ -123,6 +123,10 @@ int snd_soc_dpcm_can_be_free_stop(struct snd_soc_pcm_runtime *fe,
int snd_soc_dpcm_can_be_params(struct snd_soc_pcm_runtime *fe,
struct snd_soc_pcm_runtime *be, int stream);
+/* can this BE perform prepare */
+int snd_soc_dpcm_can_be_prepared(struct snd_soc_pcm_runtime *fe,
+ struct snd_soc_pcm_runtime *be, int stream);
+
/* is the current PCM operation for this FE ? */
int snd_soc_dpcm_fe_can_update(struct snd_soc_pcm_runtime *fe, int stream);
diff --git a/sound/soc/soc-pcm.c b/sound/soc/soc-pcm.c
index 7958c9defd492..1db82501fec18 100644
--- a/sound/soc/soc-pcm.c
+++ b/sound/soc/soc-pcm.c
@@ -2417,6 +2417,9 @@ int dpcm_be_dai_prepare(struct snd_soc_pcm_runtime *fe, int stream)
if (!snd_soc_dpcm_be_can_update(fe, be, stream))
continue;
+ if (!snd_soc_dpcm_can_be_prepared(fe, be, stream))
+ continue;
+
if ((be->dpcm[stream].state != SND_SOC_DPCM_STATE_HW_PARAMS) &&
(be->dpcm[stream].state != SND_SOC_DPCM_STATE_STOP) &&
(be->dpcm[stream].state != SND_SOC_DPCM_STATE_SUSPEND) &&
@@ -3057,3 +3060,20 @@ int snd_soc_dpcm_can_be_params(struct snd_soc_pcm_runtime *fe,
return snd_soc_dpcm_check_state(fe, be, stream, state, ARRAY_SIZE(state));
}
EXPORT_SYMBOL_GPL(snd_soc_dpcm_can_be_params);
+
+/*
+ * We can only prepare a BE DAI if any of it's FE are not prepared,
+ * running or paused for the specified stream direction.
+ */
+int snd_soc_dpcm_can_be_prepared(struct snd_soc_pcm_runtime *fe,
+ struct snd_soc_pcm_runtime *be, int stream)
+{
+ const enum snd_soc_dpcm_state state[] = {
+ SND_SOC_DPCM_STATE_START,
+ SND_SOC_DPCM_STATE_PAUSED,
+ SND_SOC_DPCM_STATE_PREPARE,
+ };
+
+ return snd_soc_dpcm_check_state(fe, be, stream, state, ARRAY_SIZE(state));
+}
+EXPORT_SYMBOL_GPL(snd_soc_dpcm_can_be_prepared);
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 027/187] sfc: fix devlink info error handling
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (25 preceding siblings ...)
2023-06-19 10:27 ` [PATCH 6.3 026/187] ASoC: soc-pcm: test if a BE can be prepared Greg Kroah-Hartman
@ 2023-06-19 10:27 ` Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 028/187] ASoC: Intel: avs: Account for UID of ACPI device Greg Kroah-Hartman
` (171 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Alejandro Lucero, Martin Habets,
David S. Miller, Sasha Levin
From: Alejandro Lucero <alejandro.lucero-palau@amd.com>
[ Upstream commit cfcb942863f6fce9266e1957a021e6c7295dee42 ]
Avoid early devlink info return if errors arise with MCDI commands
executed for getting the required info from the device. The rationale
is some commands can fail but later ones could still give useful data.
Moreover, some nvram partitions could not be present which needs to be
handled as a non error.
The specific errors are reported through system messages and if any
error appears, it will be reported generically through extack.
Fixes 14743ddd2495 ("sfc: add devlink info support for ef100")
Signed-off-by: Alejandro Lucero <alejandro.lucero-palau@amd.com>
Acked-by: Martin Habets <habetsm.xilinx@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/sfc/efx_devlink.c | 95 ++++++++++++--------------
1 file changed, 45 insertions(+), 50 deletions(-)
diff --git a/drivers/net/ethernet/sfc/efx_devlink.c b/drivers/net/ethernet/sfc/efx_devlink.c
index 381b805659d39..ef9971cbb695d 100644
--- a/drivers/net/ethernet/sfc/efx_devlink.c
+++ b/drivers/net/ethernet/sfc/efx_devlink.c
@@ -171,9 +171,14 @@ static int efx_devlink_info_nvram_partition(struct efx_nic *efx,
rc = efx_mcdi_nvram_metadata(efx, partition_type, NULL, version, NULL,
0);
+
+ /* If the partition does not exist, that is not an error. */
+ if (rc == -ENOENT)
+ return 0;
+
if (rc) {
- netif_err(efx, drv, efx->net_dev, "mcdi nvram %s: failed\n",
- version_name);
+ netif_err(efx, drv, efx->net_dev, "mcdi nvram %s: failed (rc=%d)\n",
+ version_name, rc);
return rc;
}
@@ -187,36 +192,33 @@ static int efx_devlink_info_nvram_partition(struct efx_nic *efx,
static int efx_devlink_info_stored_versions(struct efx_nic *efx,
struct devlink_info_req *req)
{
- int rc;
-
- rc = efx_devlink_info_nvram_partition(efx, req,
- NVRAM_PARTITION_TYPE_BUNDLE,
- DEVLINK_INFO_VERSION_GENERIC_FW_BUNDLE_ID);
- if (rc)
- return rc;
-
- rc = efx_devlink_info_nvram_partition(efx, req,
- NVRAM_PARTITION_TYPE_MC_FIRMWARE,
- DEVLINK_INFO_VERSION_GENERIC_FW_MGMT);
- if (rc)
- return rc;
-
- rc = efx_devlink_info_nvram_partition(efx, req,
- NVRAM_PARTITION_TYPE_SUC_FIRMWARE,
- EFX_DEVLINK_INFO_VERSION_FW_MGMT_SUC);
- if (rc)
- return rc;
-
- rc = efx_devlink_info_nvram_partition(efx, req,
- NVRAM_PARTITION_TYPE_EXPANSION_ROM,
- EFX_DEVLINK_INFO_VERSION_FW_EXPROM);
- if (rc)
- return rc;
+ int err;
- rc = efx_devlink_info_nvram_partition(efx, req,
- NVRAM_PARTITION_TYPE_EXPANSION_UEFI,
- EFX_DEVLINK_INFO_VERSION_FW_UEFI);
- return rc;
+ /* We do not care here about the specific error but just if an error
+ * happened. The specific error will be reported inside the call
+ * through system messages, and if any error happened in any call
+ * below, we report it through extack.
+ */
+ err = efx_devlink_info_nvram_partition(efx, req,
+ NVRAM_PARTITION_TYPE_BUNDLE,
+ DEVLINK_INFO_VERSION_GENERIC_FW_BUNDLE_ID);
+
+ err |= efx_devlink_info_nvram_partition(efx, req,
+ NVRAM_PARTITION_TYPE_MC_FIRMWARE,
+ DEVLINK_INFO_VERSION_GENERIC_FW_MGMT);
+
+ err |= efx_devlink_info_nvram_partition(efx, req,
+ NVRAM_PARTITION_TYPE_SUC_FIRMWARE,
+ EFX_DEVLINK_INFO_VERSION_FW_MGMT_SUC);
+
+ err |= efx_devlink_info_nvram_partition(efx, req,
+ NVRAM_PARTITION_TYPE_EXPANSION_ROM,
+ EFX_DEVLINK_INFO_VERSION_FW_EXPROM);
+
+ err |= efx_devlink_info_nvram_partition(efx, req,
+ NVRAM_PARTITION_TYPE_EXPANSION_UEFI,
+ EFX_DEVLINK_INFO_VERSION_FW_UEFI);
+ return err;
}
#define EFX_VER_FLAG(_f) \
@@ -587,27 +589,20 @@ static int efx_devlink_info_get(struct devlink *devlink,
{
struct efx_devlink *devlink_private = devlink_priv(devlink);
struct efx_nic *efx = devlink_private->efx;
- int rc;
+ int err;
- /* Several different MCDI commands are used. We report first error
- * through extack returning at that point. Specific error
- * information via system messages.
+ /* Several different MCDI commands are used. We report if errors
+ * happened through extack. Specific error information via system
+ * messages inside the calls.
*/
- rc = efx_devlink_info_board_cfg(efx, req);
- if (rc) {
- NL_SET_ERR_MSG_MOD(extack, "Getting board info failed");
- return rc;
- }
- rc = efx_devlink_info_stored_versions(efx, req);
- if (rc) {
- NL_SET_ERR_MSG_MOD(extack, "Getting stored versions failed");
- return rc;
- }
- rc = efx_devlink_info_running_versions(efx, req);
- if (rc) {
- NL_SET_ERR_MSG_MOD(extack, "Getting running versions failed");
- return rc;
- }
+ err = efx_devlink_info_board_cfg(efx, req);
+
+ err |= efx_devlink_info_stored_versions(efx, req);
+
+ err |= efx_devlink_info_running_versions(efx, req);
+
+ if (err)
+ NL_SET_ERR_MSG_MOD(extack, "Errors when getting device info. Check system messages");
return 0;
}
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 028/187] ASoC: Intel: avs: Account for UID of ACPI device
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (26 preceding siblings ...)
2023-06-19 10:27 ` [PATCH 6.3 027/187] sfc: fix devlink info error handling Greg Kroah-Hartman
@ 2023-06-19 10:27 ` Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 029/187] ASoC: Intel: avs: Fix avs_path_module::instance_id size Greg Kroah-Hartman
` (170 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Cezary Rojewski,
Amadeusz Sławiński, Mark Brown, Sasha Levin
From: Cezary Rojewski <cezary.rojewski@intel.com>
[ Upstream commit 836855100b87b4dd7a82546131779dc255c18b67 ]
Configurations with multiple codecs attached to the platform are
supported but only if each from the set is different. Add new field
representing the 'Unique ID' so that codecs that share Vendor and Part
IDs can be differentiated and thus enabling support for such
configurations.
Signed-off-by: Cezary Rojewski <cezary.rojewski@intel.com>
Signed-off-by: Amadeusz Sławiński <amadeuszx.slawinski@linux.intel.com>
Link: https://lore.kernel.org/r/20230519201711.4073845-6-amadeuszx.slawinski@linux.intel.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/sound/soc-acpi.h | 1 +
sound/soc/intel/avs/board_selection.c | 2 +-
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/include/sound/soc-acpi.h b/include/sound/soc-acpi.h
index b38fd25c57295..528279056b3ab 100644
--- a/include/sound/soc-acpi.h
+++ b/include/sound/soc-acpi.h
@@ -170,6 +170,7 @@ struct snd_soc_acpi_link_adr {
/* Descriptor for SST ASoC machine driver */
struct snd_soc_acpi_mach {
u8 id[ACPI_ID_LEN];
+ const char *uid;
const struct snd_soc_acpi_codecs *comp_ids;
const u32 link_mask;
const struct snd_soc_acpi_link_adr *links;
diff --git a/sound/soc/intel/avs/board_selection.c b/sound/soc/intel/avs/board_selection.c
index b2823c2107f77..60f8fb0bff95b 100644
--- a/sound/soc/intel/avs/board_selection.c
+++ b/sound/soc/intel/avs/board_selection.c
@@ -443,7 +443,7 @@ static int avs_register_i2s_boards(struct avs_dev *adev)
}
for (mach = boards->machs; mach->id[0]; mach++) {
- if (!acpi_dev_present(mach->id, NULL, -1))
+ if (!acpi_dev_present(mach->id, mach->uid, -1))
continue;
if (mach->machine_quirk)
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 029/187] ASoC: Intel: avs: Fix avs_path_module::instance_id size
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (27 preceding siblings ...)
2023-06-19 10:27 ` [PATCH 6.3 028/187] ASoC: Intel: avs: Account for UID of ACPI device Greg Kroah-Hartman
@ 2023-06-19 10:27 ` Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 030/187] ASoC: Intel: avs: Add missing checks on FE startup Greg Kroah-Hartman
` (169 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Cezary Rojewski,
Amadeusz Sławiński, Mark Brown, Sasha Levin
From: Amadeusz Sławiński <amadeuszx.slawinski@linux.intel.com>
[ Upstream commit 320f4d868b83a804e3a4bd61a5b7d0f1db66380e ]
All IPCs using instance_id use 8 bit value. Original commit used 16 bit
value because FW reports possible max value in 16 bit field, but in
practice FW limits the value to 8 bits.
Reviewed-by: Cezary Rojewski <cezary.rojewski@intel.com>
Signed-off-by: Amadeusz Sławiński <amadeuszx.slawinski@linux.intel.com>
Link: https://lore.kernel.org/r/20230519201711.4073845-7-amadeuszx.slawinski@linux.intel.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/intel/avs/avs.h | 4 ++--
sound/soc/intel/avs/dsp.c | 4 ++--
sound/soc/intel/avs/path.h | 2 +-
sound/soc/intel/avs/probes.c | 2 +-
4 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/sound/soc/intel/avs/avs.h b/sound/soc/intel/avs/avs.h
index d7fccdcb9c167..0cf38c9e768e7 100644
--- a/sound/soc/intel/avs/avs.h
+++ b/sound/soc/intel/avs/avs.h
@@ -283,8 +283,8 @@ void avs_release_firmwares(struct avs_dev *adev);
int avs_dsp_init_module(struct avs_dev *adev, u16 module_id, u8 ppl_instance_id,
u8 core_id, u8 domain, void *param, u32 param_size,
- u16 *instance_id);
-void avs_dsp_delete_module(struct avs_dev *adev, u16 module_id, u16 instance_id,
+ u8 *instance_id);
+void avs_dsp_delete_module(struct avs_dev *adev, u16 module_id, u8 instance_id,
u8 ppl_instance_id, u8 core_id);
int avs_dsp_create_pipeline(struct avs_dev *adev, u16 req_size, u8 priority,
bool lp, u16 attributes, u8 *instance_id);
diff --git a/sound/soc/intel/avs/dsp.c b/sound/soc/intel/avs/dsp.c
index b881100d3e02a..aa03af4473e94 100644
--- a/sound/soc/intel/avs/dsp.c
+++ b/sound/soc/intel/avs/dsp.c
@@ -225,7 +225,7 @@ static int avs_dsp_put_core(struct avs_dev *adev, u32 core_id)
int avs_dsp_init_module(struct avs_dev *adev, u16 module_id, u8 ppl_instance_id,
u8 core_id, u8 domain, void *param, u32 param_size,
- u16 *instance_id)
+ u8 *instance_id)
{
struct avs_module_entry mentry;
bool was_loaded = false;
@@ -272,7 +272,7 @@ int avs_dsp_init_module(struct avs_dev *adev, u16 module_id, u8 ppl_instance_id,
return ret;
}
-void avs_dsp_delete_module(struct avs_dev *adev, u16 module_id, u16 instance_id,
+void avs_dsp_delete_module(struct avs_dev *adev, u16 module_id, u8 instance_id,
u8 ppl_instance_id, u8 core_id)
{
struct avs_module_entry mentry;
diff --git a/sound/soc/intel/avs/path.h b/sound/soc/intel/avs/path.h
index 197222c5e008e..657f7b093e805 100644
--- a/sound/soc/intel/avs/path.h
+++ b/sound/soc/intel/avs/path.h
@@ -37,7 +37,7 @@ struct avs_path_pipeline {
struct avs_path_module {
u16 module_id;
- u16 instance_id;
+ u8 instance_id;
union avs_gtw_attributes gtw_attrs;
struct avs_tplg_module *template;
diff --git a/sound/soc/intel/avs/probes.c b/sound/soc/intel/avs/probes.c
index 70a94201d6a56..275928281c6c6 100644
--- a/sound/soc/intel/avs/probes.c
+++ b/sound/soc/intel/avs/probes.c
@@ -18,7 +18,7 @@ static int avs_dsp_init_probe(struct avs_dev *adev, union avs_connector_node_id
{
struct avs_probe_cfg cfg = {{0}};
struct avs_module_entry mentry;
- u16 dummy;
+ u8 dummy;
avs_get_module_entry(adev, &AVS_PROBE_MOD_UUID, &mentry);
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 030/187] ASoC: Intel: avs: Add missing checks on FE startup
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (28 preceding siblings ...)
2023-06-19 10:27 ` [PATCH 6.3 029/187] ASoC: Intel: avs: Fix avs_path_module::instance_id size Greg Kroah-Hartman
@ 2023-06-19 10:27 ` Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 031/187] parisc: Improve cache flushing for PCXL in arch_sync_dma_for_cpu() Greg Kroah-Hartman
` (168 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Cezary Rojewski,
Amadeusz Sławiński, Mark Brown, Sasha Levin
From: Amadeusz Sławiński <amadeuszx.slawinski@linux.intel.com>
[ Upstream commit 25148f57a2a6d157779bae494852e172952ba980 ]
Constraint functions have return values, they should be checked for
potential errors.
Reviewed-by: Cezary Rojewski <cezary.rojewski@intel.com>
Signed-off-by: Amadeusz Sławiński <amadeuszx.slawinski@linux.intel.com>
Link: https://lore.kernel.org/r/20230519201711.4073845-8-amadeuszx.slawinski@linux.intel.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/intel/avs/pcm.c | 23 ++++++++++++++++++-----
1 file changed, 18 insertions(+), 5 deletions(-)
diff --git a/sound/soc/intel/avs/pcm.c b/sound/soc/intel/avs/pcm.c
index 31c032a0f7e4b..1fbb2c2fadb55 100644
--- a/sound/soc/intel/avs/pcm.c
+++ b/sound/soc/intel/avs/pcm.c
@@ -468,21 +468,34 @@ static int avs_dai_fe_startup(struct snd_pcm_substream *substream, struct snd_so
host_stream = snd_hdac_ext_stream_assign(bus, substream, HDAC_EXT_STREAM_TYPE_HOST);
if (!host_stream) {
- kfree(data);
- return -EBUSY;
+ ret = -EBUSY;
+ goto err;
}
data->host_stream = host_stream;
- snd_pcm_hw_constraint_integer(runtime, SNDRV_PCM_HW_PARAM_PERIODS);
+ ret = snd_pcm_hw_constraint_integer(runtime, SNDRV_PCM_HW_PARAM_PERIODS);
+ if (ret < 0)
+ goto err;
+
/* avoid wrap-around with wall-clock */
- snd_pcm_hw_constraint_minmax(runtime, SNDRV_PCM_HW_PARAM_BUFFER_TIME, 20, 178000000);
- snd_pcm_hw_constraint_list(runtime, 0, SNDRV_PCM_HW_PARAM_RATE, &hw_rates);
+ ret = snd_pcm_hw_constraint_minmax(runtime, SNDRV_PCM_HW_PARAM_BUFFER_TIME, 20, 178000000);
+ if (ret < 0)
+ goto err;
+
+ ret = snd_pcm_hw_constraint_list(runtime, 0, SNDRV_PCM_HW_PARAM_RATE, &hw_rates);
+ if (ret < 0)
+ goto err;
+
snd_pcm_set_sync(substream);
dev_dbg(dai->dev, "%s fe STARTUP tag %d str %p",
__func__, hdac_stream(host_stream)->stream_tag, substream);
return 0;
+
+err:
+ kfree(data);
+ return ret;
}
static void avs_dai_fe_shutdown(struct snd_pcm_substream *substream, struct snd_soc_dai *dai)
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 031/187] parisc: Improve cache flushing for PCXL in arch_sync_dma_for_cpu()
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (29 preceding siblings ...)
2023-06-19 10:27 ` [PATCH 6.3 030/187] ASoC: Intel: avs: Add missing checks on FE startup Greg Kroah-Hartman
@ 2023-06-19 10:27 ` Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 032/187] parisc: Flush gatt writes and adjust gatt mask in parisc_agp_mask_memory() Greg Kroah-Hartman
` (167 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:27 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Helge Deller, Sasha Levin
From: Helge Deller <deller@gmx.de>
[ Upstream commit 59fa12646d9f56c842b4d5b6418ed77af625c588 ]
Add comment in arch_sync_dma_for_device() and handle the direction flag in
arch_sync_dma_for_cpu().
When receiving data from the device (DMA_FROM_DEVICE) unconditionally
purge the data cache in arch_sync_dma_for_cpu().
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/parisc/kernel/pci-dma.c | 18 +++++++++++++++++-
1 file changed, 17 insertions(+), 1 deletion(-)
diff --git a/arch/parisc/kernel/pci-dma.c b/arch/parisc/kernel/pci-dma.c
index ba87f791323be..71ed5391f29d6 100644
--- a/arch/parisc/kernel/pci-dma.c
+++ b/arch/parisc/kernel/pci-dma.c
@@ -446,11 +446,27 @@ void arch_dma_free(struct device *dev, size_t size, void *vaddr,
void arch_sync_dma_for_device(phys_addr_t paddr, size_t size,
enum dma_data_direction dir)
{
+ /*
+ * fdc: The data cache line is written back to memory, if and only if
+ * it is dirty, and then invalidated from the data cache.
+ */
flush_kernel_dcache_range((unsigned long)phys_to_virt(paddr), size);
}
void arch_sync_dma_for_cpu(phys_addr_t paddr, size_t size,
enum dma_data_direction dir)
{
- flush_kernel_dcache_range((unsigned long)phys_to_virt(paddr), size);
+ unsigned long addr = (unsigned long) phys_to_virt(paddr);
+
+ switch (dir) {
+ case DMA_TO_DEVICE:
+ case DMA_BIDIRECTIONAL:
+ flush_kernel_dcache_range(addr, size);
+ return;
+ case DMA_FROM_DEVICE:
+ purge_kernel_dcache_range_asm(addr, addr + size);
+ return;
+ default:
+ BUG();
+ }
}
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 032/187] parisc: Flush gatt writes and adjust gatt mask in parisc_agp_mask_memory()
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (30 preceding siblings ...)
2023-06-19 10:27 ` [PATCH 6.3 031/187] parisc: Improve cache flushing for PCXL in arch_sync_dma_for_cpu() Greg Kroah-Hartman
@ 2023-06-19 10:27 ` Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 033/187] erofs: use HIPRI by default if per-cpu kthreads are enabled Greg Kroah-Hartman
` (166 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:27 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Helge Deller, Sasha Levin
From: Helge Deller <deller@gmx.de>
[ Upstream commit d703797380c540bbeac03f104ebcfc364eaf47cc ]
Flush caches after changing gatt entries and calculate entry according
to SBA requirements.
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/char/agp/parisc-agp.c | 15 ++++++++++++++-
1 file changed, 14 insertions(+), 1 deletion(-)
diff --git a/drivers/char/agp/parisc-agp.c b/drivers/char/agp/parisc-agp.c
index d68d05d5d3838..514f9f287a781 100644
--- a/drivers/char/agp/parisc-agp.c
+++ b/drivers/char/agp/parisc-agp.c
@@ -90,6 +90,9 @@ parisc_agp_tlbflush(struct agp_memory *mem)
{
struct _parisc_agp_info *info = &parisc_agp_info;
+ /* force fdc ops to be visible to IOMMU */
+ asm_io_sync();
+
writeq(info->gart_base | ilog2(info->gart_size), info->ioc_regs+IOC_PCOM);
readq(info->ioc_regs+IOC_PCOM); /* flush */
}
@@ -158,6 +161,7 @@ parisc_agp_insert_memory(struct agp_memory *mem, off_t pg_start, int type)
info->gatt[j] =
parisc_agp_mask_memory(agp_bridge,
paddr, type);
+ asm_io_fdc(&info->gatt[j]);
}
}
@@ -191,7 +195,16 @@ static unsigned long
parisc_agp_mask_memory(struct agp_bridge_data *bridge, dma_addr_t addr,
int type)
{
- return SBA_PDIR_VALID_BIT | addr;
+ unsigned ci; /* coherent index */
+ dma_addr_t pa;
+
+ pa = addr & IOVP_MASK;
+ asm("lci 0(%1), %0" : "=r" (ci) : "r" (phys_to_virt(pa)));
+
+ pa |= (ci >> PAGE_SHIFT) & 0xff;/* move CI (8 bits) into lowest byte */
+ pa |= SBA_PDIR_VALID_BIT; /* set "valid" bit */
+
+ return cpu_to_le64(pa);
}
static void
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 033/187] erofs: use HIPRI by default if per-cpu kthreads are enabled
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (31 preceding siblings ...)
2023-06-19 10:27 ` [PATCH 6.3 032/187] parisc: Flush gatt writes and adjust gatt mask in parisc_agp_mask_memory() Greg Kroah-Hartman
@ 2023-06-19 10:27 ` Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 034/187] MIPS: unhide PATA_PLATFORM Greg Kroah-Hartman
` (165 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yue Hu, Sandeep Dhavale, Chao Yu,
Gao Xiang, Sasha Levin
From: Gao Xiang <hsiangkao@linux.alibaba.com>
[ Upstream commit cf7f2732b4b83026842832e7e4e04bf862108ac2 ]
As Sandeep shown [1], high priority RT per-cpu kthreads are
typically helpful for Android scenarios to minimize the scheduling
latencies.
Switch EROFS_FS_PCPU_KTHREAD_HIPRI on by default if
EROFS_FS_PCPU_KTHREAD is on since it's the typical use cases for
EROFS_FS_PCPU_KTHREAD.
Also clean up unneeded sched_set_normal().
[1] https://lore.kernel.org/r/CAB=BE-SBtO6vcoyLNA9F-9VaN5R0t3o_Zn+FW8GbO6wyUqFneQ@mail.gmail.com
Reviewed-by: Yue Hu <huyue2@coolpad.com>
Reviewed-by: Sandeep Dhavale <dhavale@google.com>
Reviewed-by: Chao Yu <chao@kernel.org>
Signed-off-by: Gao Xiang <hsiangkao@linux.alibaba.com>
Link: https://lore.kernel.org/r/20230522092141.124290-1-hsiangkao@linux.alibaba.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/erofs/Kconfig | 1 +
fs/erofs/zdata.c | 2 --
2 files changed, 1 insertion(+), 2 deletions(-)
diff --git a/fs/erofs/Kconfig b/fs/erofs/Kconfig
index 704fb59577e09..f259d92c97207 100644
--- a/fs/erofs/Kconfig
+++ b/fs/erofs/Kconfig
@@ -121,6 +121,7 @@ config EROFS_FS_PCPU_KTHREAD
config EROFS_FS_PCPU_KTHREAD_HIPRI
bool "EROFS high priority per-CPU kthread workers"
depends on EROFS_FS_ZIP && EROFS_FS_PCPU_KTHREAD
+ default y
help
This permits EROFS to configure per-CPU kthread workers to run
at higher priority.
diff --git a/fs/erofs/zdata.c b/fs/erofs/zdata.c
index f1708c77a9912..d7add72a09437 100644
--- a/fs/erofs/zdata.c
+++ b/fs/erofs/zdata.c
@@ -369,8 +369,6 @@ static struct kthread_worker *erofs_init_percpu_worker(int cpu)
return worker;
if (IS_ENABLED(CONFIG_EROFS_FS_PCPU_KTHREAD_HIPRI))
sched_set_fifo_low(worker->task);
- else
- sched_set_normal(worker->task, 0);
return worker;
}
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 034/187] MIPS: unhide PATA_PLATFORM
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (32 preceding siblings ...)
2023-06-19 10:27 ` [PATCH 6.3 033/187] erofs: use HIPRI by default if per-cpu kthreads are enabled Greg Kroah-Hartman
@ 2023-06-19 10:27 ` Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 035/187] MIPS: Restore Au1300 support Greg Kroah-Hartman
` (164 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Manuel Lauss, Thomas Bogendoerfer,
Sasha Levin
From: Manuel Lauss <manuel.lauss@gmail.com>
[ Upstream commit 75b18aac6fa39a1720677970cfcb52ecea1eb44c ]
Alchemy DB1200/DB1300 boards can use the pata_platform driver.
Unhide the config entry in all of MIPS.
Signed-off-by: Manuel Lauss <manuel.lauss@gmail.com>
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/mips/Kconfig | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/mips/Kconfig b/arch/mips/Kconfig
index e2f3ca73f40d6..5b3f1f1dfd164 100644
--- a/arch/mips/Kconfig
+++ b/arch/mips/Kconfig
@@ -82,6 +82,7 @@ config MIPS
select HAVE_LD_DEAD_CODE_DATA_ELIMINATION
select HAVE_MOD_ARCH_SPECIFIC
select HAVE_NMI
+ select HAVE_PATA_PLATFORM
select HAVE_PERF_EVENTS
select HAVE_PERF_REGS
select HAVE_PERF_USER_STACK_DUMP
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 035/187] MIPS: Restore Au1300 support
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (33 preceding siblings ...)
2023-06-19 10:27 ` [PATCH 6.3 034/187] MIPS: unhide PATA_PLATFORM Greg Kroah-Hartman
@ 2023-06-19 10:27 ` Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 036/187] MIPS: Alchemy: fix dbdma2 Greg Kroah-Hartman
` (163 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Manuel Lauss, Thomas Bogendoerfer,
Sasha Levin
From: Manuel Lauss <manuel.lauss@gmail.com>
[ Upstream commit f2041708dee30a3425f680265c337acd28293782 ]
The Au1300, at least the one I have to test, uses the NetLogic vendor
ID, but commit 95b8a5e0111a ("MIPS: Remove NETLOGIC support") also
dropped Au1300 detection. Restore Au1300 detection.
Tested on DB1300 with Au1380 chip.
Signed-off-by: Manuel Lauss <manuel.lauss@gmail.com>
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/mips/kernel/cpu-probe.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/arch/mips/kernel/cpu-probe.c b/arch/mips/kernel/cpu-probe.c
index 7ddf07f255f32..6f5d825958778 100644
--- a/arch/mips/kernel/cpu-probe.c
+++ b/arch/mips/kernel/cpu-probe.c
@@ -1502,6 +1502,10 @@ static inline void cpu_probe_alchemy(struct cpuinfo_mips *c, unsigned int cpu)
break;
}
break;
+ case PRID_IMP_NETLOGIC_AU13XX:
+ c->cputype = CPU_ALCHEMY;
+ __cpu_name[cpu] = "Au1300";
+ break;
}
}
@@ -1861,6 +1865,7 @@ void cpu_probe(void)
cpu_probe_mips(c, cpu);
break;
case PRID_COMP_ALCHEMY:
+ case PRID_COMP_NETLOGIC:
cpu_probe_alchemy(c, cpu);
break;
case PRID_COMP_SIBYTE:
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 036/187] MIPS: Alchemy: fix dbdma2
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (34 preceding siblings ...)
2023-06-19 10:27 ` [PATCH 6.3 035/187] MIPS: Restore Au1300 support Greg Kroah-Hartman
@ 2023-06-19 10:27 ` Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 037/187] mips: Move initrd_start check after initrd address sanitisation Greg Kroah-Hartman
` (162 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:27 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Thomas Bogendoerfer, Sasha Levin
From: Manuel Lauss <manuel.lauss@gmail.com>
[ Upstream commit 2d645604f69f3a772d58ead702f9a8e84ab2b342 ]
Various fixes for the Au1200/Au1550/Au1300 DBDMA2 code:
- skip cache invalidation if chip has working coherency circuitry.
- invalidate KSEG0-portion of the (physical) data address.
- force the dma channel doorbell write out to bus immediately with
a sync.
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/mips/alchemy/common/dbdma.c | 27 +++++++++++++++------------
1 file changed, 15 insertions(+), 12 deletions(-)
diff --git a/arch/mips/alchemy/common/dbdma.c b/arch/mips/alchemy/common/dbdma.c
index 5ab0430004092..6a3c890f7bbfe 100644
--- a/arch/mips/alchemy/common/dbdma.c
+++ b/arch/mips/alchemy/common/dbdma.c
@@ -30,6 +30,7 @@
*
*/
+#include <linux/dma-map-ops.h> /* for dma_default_coherent */
#include <linux/init.h>
#include <linux/kernel.h>
#include <linux/slab.h>
@@ -623,17 +624,18 @@ u32 au1xxx_dbdma_put_source(u32 chanid, dma_addr_t buf, int nbytes, u32 flags)
dp->dscr_cmd0 &= ~DSCR_CMD0_IE;
/*
- * There is an errata on the Au1200/Au1550 parts that could result
- * in "stale" data being DMA'ed. It has to do with the snoop logic on
- * the cache eviction buffer. DMA_NONCOHERENT is on by default for
- * these parts. If it is fixed in the future, these dma_cache_inv will
- * just be nothing more than empty macros. See io.h.
+ * There is an erratum on certain Au1200/Au1550 revisions that could
+ * result in "stale" data being DMA'ed. It has to do with the snoop
+ * logic on the cache eviction buffer. dma_default_coherent is set
+ * to false on these parts.
*/
- dma_cache_wback_inv((unsigned long)buf, nbytes);
+ if (!dma_default_coherent)
+ dma_cache_wback_inv(KSEG0ADDR(buf), nbytes);
dp->dscr_cmd0 |= DSCR_CMD0_V; /* Let it rip */
wmb(); /* drain writebuffer */
dma_cache_wback_inv((unsigned long)dp, sizeof(*dp));
ctp->chan_ptr->ddma_dbell = 0;
+ wmb(); /* force doorbell write out to dma engine */
/* Get next descriptor pointer. */
ctp->put_ptr = phys_to_virt(DSCR_GET_NXTPTR(dp->dscr_nxtptr));
@@ -685,17 +687,18 @@ u32 au1xxx_dbdma_put_dest(u32 chanid, dma_addr_t buf, int nbytes, u32 flags)
dp->dscr_source1, dp->dscr_dest0, dp->dscr_dest1);
#endif
/*
- * There is an errata on the Au1200/Au1550 parts that could result in
- * "stale" data being DMA'ed. It has to do with the snoop logic on the
- * cache eviction buffer. DMA_NONCOHERENT is on by default for these
- * parts. If it is fixed in the future, these dma_cache_inv will just
- * be nothing more than empty macros. See io.h.
+ * There is an erratum on certain Au1200/Au1550 revisions that could
+ * result in "stale" data being DMA'ed. It has to do with the snoop
+ * logic on the cache eviction buffer. dma_default_coherent is set
+ * to false on these parts.
*/
- dma_cache_inv((unsigned long)buf, nbytes);
+ if (!dma_default_coherent)
+ dma_cache_inv(KSEG0ADDR(buf), nbytes);
dp->dscr_cmd0 |= DSCR_CMD0_V; /* Let it rip */
wmb(); /* drain writebuffer */
dma_cache_wback_inv((unsigned long)dp, sizeof(*dp));
ctp->chan_ptr->ddma_dbell = 0;
+ wmb(); /* force doorbell write out to dma engine */
/* Get next descriptor pointer. */
ctp->put_ptr = phys_to_virt(DSCR_GET_NXTPTR(dp->dscr_nxtptr));
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 037/187] mips: Move initrd_start check after initrd address sanitisation.
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (35 preceding siblings ...)
2023-06-19 10:27 ` [PATCH 6.3 036/187] MIPS: Alchemy: fix dbdma2 Greg Kroah-Hartman
@ 2023-06-19 10:27 ` Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 038/187] ASoC: cs35l41: Fix default regmap values for some registers Greg Kroah-Hartman
` (161 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Liviu Dudau, Thomas Bogendoerfer,
Sasha Levin
From: Liviu Dudau <liviu@dudau.co.uk>
[ Upstream commit 4897a898a216058dec55e5e5902534e6e224fcdf ]
PAGE_OFFSET is technically a virtual address so when checking the value of
initrd_start against it we should make sure that it has been sanitised from
the values passed by the bootloader. Without this change, even with a bootloader
that passes correct addresses for an initrd, we are failing to load it on MT7621
boards, for example.
Signed-off-by: Liviu Dudau <liviu@dudau.co.uk>
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/mips/kernel/setup.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/arch/mips/kernel/setup.c b/arch/mips/kernel/setup.c
index f1c88f8a1dc51..81dbb4ef52317 100644
--- a/arch/mips/kernel/setup.c
+++ b/arch/mips/kernel/setup.c
@@ -158,10 +158,6 @@ static unsigned long __init init_initrd(void)
pr_err("initrd start must be page aligned\n");
goto disable;
}
- if (initrd_start < PAGE_OFFSET) {
- pr_err("initrd start < PAGE_OFFSET\n");
- goto disable;
- }
/*
* Sanitize initrd addresses. For example firmware
@@ -174,6 +170,11 @@ static unsigned long __init init_initrd(void)
initrd_end = (unsigned long)__va(end);
initrd_start = (unsigned long)__va(__pa(initrd_start));
+ if (initrd_start < PAGE_OFFSET) {
+ pr_err("initrd start < PAGE_OFFSET\n");
+ goto disable;
+ }
+
ROOT_DEV = Root_RAM0;
return PFN_UP(end);
disable:
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 038/187] ASoC: cs35l41: Fix default regmap values for some registers
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (36 preceding siblings ...)
2023-06-19 10:27 ` [PATCH 6.3 037/187] mips: Move initrd_start check after initrd address sanitisation Greg Kroah-Hartman
@ 2023-06-19 10:27 ` Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 039/187] ASoC: dwc: move DMA init to snd_soc_dai_driver probe() Greg Kroah-Hartman
` (160 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:27 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Stefan Binding, Mark Brown,
Sasha Levin
From: Stefan Binding <sbinding@opensource.cirrus.com>
[ Upstream commit e2d035f5a7d597bbabc268e236ec6c0408c4af0e ]
Several values do not match the defaults of CS35L41, fix them.
Signed-off-by: Stefan Binding <sbinding@opensource.cirrus.com>
Acked-by: Mark Brown <broonie@kernel.org>
Link: https://lore.kernel.org/r/20230414152552.574502-4-sbinding@opensource.cirrus.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/cs35l41-lib.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/sound/soc/codecs/cs35l41-lib.c b/sound/soc/codecs/cs35l41-lib.c
index 04be71435491e..c2c56e5608094 100644
--- a/sound/soc/codecs/cs35l41-lib.c
+++ b/sound/soc/codecs/cs35l41-lib.c
@@ -46,7 +46,7 @@ static const struct reg_default cs35l41_reg[] = {
{ CS35L41_DSP1_RX5_SRC, 0x00000020 },
{ CS35L41_DSP1_RX6_SRC, 0x00000021 },
{ CS35L41_DSP1_RX7_SRC, 0x0000003A },
- { CS35L41_DSP1_RX8_SRC, 0x00000001 },
+ { CS35L41_DSP1_RX8_SRC, 0x0000003B },
{ CS35L41_NGATE1_SRC, 0x00000008 },
{ CS35L41_NGATE2_SRC, 0x00000009 },
{ CS35L41_AMP_DIG_VOL_CTRL, 0x00008000 },
@@ -58,8 +58,8 @@ static const struct reg_default cs35l41_reg[] = {
{ CS35L41_IRQ1_MASK2, 0xFFFFFFFF },
{ CS35L41_IRQ1_MASK3, 0xFFFF87FF },
{ CS35L41_IRQ1_MASK4, 0xFEFFFFFF },
- { CS35L41_GPIO1_CTRL1, 0xE1000001 },
- { CS35L41_GPIO2_CTRL1, 0xE1000001 },
+ { CS35L41_GPIO1_CTRL1, 0x81000001 },
+ { CS35L41_GPIO2_CTRL1, 0x81000001 },
{ CS35L41_MIXER_NGATE_CFG, 0x00000000 },
{ CS35L41_MIXER_NGATE_CH1_CFG, 0x00000303 },
{ CS35L41_MIXER_NGATE_CH2_CFG, 0x00000303 },
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 039/187] ASoC: dwc: move DMA init to snd_soc_dai_driver probe()
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (37 preceding siblings ...)
2023-06-19 10:27 ` [PATCH 6.3 038/187] ASoC: cs35l41: Fix default regmap values for some registers Greg Kroah-Hartman
@ 2023-06-19 10:27 ` Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 040/187] xen/blkfront: Only check REQ_FUA for writes Greg Kroah-Hartman
` (159 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Maxim Kochetkov, Mark Brown,
Sasha Levin
From: Maxim Kochetkov <fido_max@inbox.ru>
[ Upstream commit 011a8719d6105dcb48077ea7a6a88ac019d4aa50 ]
When using DMA mode we are facing with Oops:
[ 396.458157] Unable to handle kernel access to user memory without uaccess routines at virtual address 000000000000000c
[ 396.469374] Oops [#1]
[ 396.471839] Modules linked in:
[ 396.475144] CPU: 0 PID: 114 Comm: arecord Not tainted 6.0.0-00164-g9a8eccdaf2be-dirty #68
[ 396.483619] Hardware name: YMP ELCT FPGA (DT)
[ 396.488156] epc : dmaengine_pcm_open+0x1d2/0x342
[ 396.493227] ra : dmaengine_pcm_open+0x1d2/0x342
[ 396.498140] epc : ffffffff807fe346 ra : ffffffff807fe346 sp : ffffffc804e138f0
[ 396.505602] gp : ffffffff817bf730 tp : ffffffd8042c8ac0 t0 : 6500000000000000
[ 396.513045] t1 : 0000000000000064 t2 : 656e69676e65616d s0 : ffffffc804e13990
[ 396.520477] s1 : ffffffd801b86a18 a0 : 0000000000000026 a1 : ffffffff816920f8
[ 396.527897] a2 : 0000000000000010 a3 : fffffffffffffffe a4 : 0000000000000000
[ 396.535319] a5 : 0000000000000000 a6 : ffffffd801b87040 a7 : 0000000000000038
[ 396.542740] s2 : ffffffd801b94a00 s3 : 0000000000000000 s4 : ffffffd80427f5e8
[ 396.550153] s5 : ffffffd80427f5e8 s6 : ffffffd801b44410 s7 : fffffffffffffff5
[ 396.557569] s8 : 0000000000000800 s9 : 0000000000000001 s10: ffffffff8066d254
[ 396.564978] s11: ffffffd8059cf768 t3 : ffffffff817d5577 t4 : ffffffff817d5577
[ 396.572391] t5 : ffffffff817d5578 t6 : ffffffc804e136e8
[ 396.577876] status: 0000000200000120 badaddr: 000000000000000c cause: 000000000000000d
[ 396.586007] [<ffffffff806839f4>] snd_soc_component_open+0x1a/0x68
[ 396.592439] [<ffffffff807fdd62>] __soc_pcm_open+0xf0/0x502
[ 396.598217] [<ffffffff80685d86>] soc_pcm_open+0x2e/0x4e
[ 396.603741] [<ffffffff8066cea4>] snd_pcm_open_substream+0x442/0x68e
[ 396.610313] [<ffffffff8066d1ea>] snd_pcm_open+0xfa/0x212
[ 396.615868] [<ffffffff8066d39c>] snd_pcm_capture_open+0x3a/0x60
[ 396.622048] [<ffffffff8065b35a>] snd_open+0xa8/0x17a
[ 396.627421] [<ffffffff801ae036>] chrdev_open+0xa0/0x218
[ 396.632893] [<ffffffff801a5a28>] do_dentry_open+0x17c/0x2a6
[ 396.638713] [<ffffffff801a6d9a>] vfs_open+0x1e/0x26
[ 396.643850] [<ffffffff801b8544>] path_openat+0x96e/0xc96
[ 396.649518] [<ffffffff801b9390>] do_filp_open+0x7c/0xf6
[ 396.655034] [<ffffffff801a6ff2>] do_sys_openat2+0x8a/0x11e
[ 396.660765] [<ffffffff801a735a>] sys_openat+0x50/0x7c
[ 396.666068] [<ffffffff80003aca>] ret_from_syscall+0x0/0x2
[ 396.674964] ---[ end trace 0000000000000000 ]---
It happens because of play_dma_data/capture_dma_data pointers are NULL.
Current implementation assigns these pointers at snd_soc_dai_driver
startup() callback and reset them back to NULL at shutdown(). But
soc_pcm_open() sequence uses DMA pointers in dmaengine_pcm_open()
before snd_soc_dai_driver startup().
Most generic DMA capable I2S drivers use snd_soc_dai_driver probe()
callback to init DMA pointers only once at probe. So move DMA init
to dw_i2s_dai_probe and drop shutdown() and startup() callbacks.
Signed-off-by: Maxim Kochetkov <fido_max@inbox.ru>
Link: https://lore.kernel.org/r/20230512110343.66664-1-fido_max@inbox.ru
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/dwc/dwc-i2s.c | 41 +++++++++--------------------------------
1 file changed, 9 insertions(+), 32 deletions(-)
diff --git a/sound/soc/dwc/dwc-i2s.c b/sound/soc/dwc/dwc-i2s.c
index 3496301582b22..f966d39c5c907 100644
--- a/sound/soc/dwc/dwc-i2s.c
+++ b/sound/soc/dwc/dwc-i2s.c
@@ -183,30 +183,6 @@ static void i2s_stop(struct dw_i2s_dev *dev,
}
}
-static int dw_i2s_startup(struct snd_pcm_substream *substream,
- struct snd_soc_dai *cpu_dai)
-{
- struct dw_i2s_dev *dev = snd_soc_dai_get_drvdata(cpu_dai);
- union dw_i2s_snd_dma_data *dma_data = NULL;
-
- if (!(dev->capability & DWC_I2S_RECORD) &&
- (substream->stream == SNDRV_PCM_STREAM_CAPTURE))
- return -EINVAL;
-
- if (!(dev->capability & DWC_I2S_PLAY) &&
- (substream->stream == SNDRV_PCM_STREAM_PLAYBACK))
- return -EINVAL;
-
- if (substream->stream == SNDRV_PCM_STREAM_PLAYBACK)
- dma_data = &dev->play_dma_data;
- else if (substream->stream == SNDRV_PCM_STREAM_CAPTURE)
- dma_data = &dev->capture_dma_data;
-
- snd_soc_dai_set_dma_data(cpu_dai, substream, (void *)dma_data);
-
- return 0;
-}
-
static void dw_i2s_config(struct dw_i2s_dev *dev, int stream)
{
u32 ch_reg;
@@ -305,12 +281,6 @@ static int dw_i2s_hw_params(struct snd_pcm_substream *substream,
return 0;
}
-static void dw_i2s_shutdown(struct snd_pcm_substream *substream,
- struct snd_soc_dai *dai)
-{
- snd_soc_dai_set_dma_data(dai, substream, NULL);
-}
-
static int dw_i2s_prepare(struct snd_pcm_substream *substream,
struct snd_soc_dai *dai)
{
@@ -382,8 +352,6 @@ static int dw_i2s_set_fmt(struct snd_soc_dai *cpu_dai, unsigned int fmt)
}
static const struct snd_soc_dai_ops dw_i2s_dai_ops = {
- .startup = dw_i2s_startup,
- .shutdown = dw_i2s_shutdown,
.hw_params = dw_i2s_hw_params,
.prepare = dw_i2s_prepare,
.trigger = dw_i2s_trigger,
@@ -625,6 +593,14 @@ static int dw_configure_dai_by_dt(struct dw_i2s_dev *dev,
}
+static int dw_i2s_dai_probe(struct snd_soc_dai *dai)
+{
+ struct dw_i2s_dev *dev = snd_soc_dai_get_drvdata(dai);
+
+ snd_soc_dai_init_dma_data(dai, &dev->play_dma_data, &dev->capture_dma_data);
+ return 0;
+}
+
static int dw_i2s_probe(struct platform_device *pdev)
{
const struct i2s_platform_data *pdata = pdev->dev.platform_data;
@@ -643,6 +619,7 @@ static int dw_i2s_probe(struct platform_device *pdev)
return -ENOMEM;
dw_i2s_dai->ops = &dw_i2s_dai_ops;
+ dw_i2s_dai->probe = dw_i2s_dai_probe;
dev->i2s_base = devm_platform_get_and_ioremap_resource(pdev, 0, &res);
if (IS_ERR(dev->i2s_base))
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 040/187] xen/blkfront: Only check REQ_FUA for writes
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (38 preceding siblings ...)
2023-06-19 10:27 ` [PATCH 6.3 039/187] ASoC: dwc: move DMA init to snd_soc_dai_driver probe() Greg Kroah-Hartman
@ 2023-06-19 10:27 ` Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 041/187] drm:amd:amdgpu: Fix missing buffer object unlock in failure path Greg Kroah-Hartman
` (158 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ross Lagerwall, Juergen Gross,
Sasha Levin
From: Ross Lagerwall <ross.lagerwall@citrix.com>
[ Upstream commit b6ebaa8100090092aa602530d7e8316816d0c98d ]
The existing code silently converts read operations with the
REQ_FUA bit set into write-barrier operations. This results in data
loss as the backend scribbles zeroes over the data instead of returning
it.
While the REQ_FUA bit doesn't make sense on a read operation, at least
one well-known out-of-tree kernel module does set it and since it
results in data loss, let's be safe here and only look at REQ_FUA for
writes.
Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
Acked-by: Juergen Gross <jgross@suse.com>
Link: https://lore.kernel.org/r/20230426164005.2213139-1-ross.lagerwall@citrix.com
Signed-off-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/block/xen-blkfront.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/block/xen-blkfront.c b/drivers/block/xen-blkfront.c
index 23ed258b57f0e..c1890c8a9f6e7 100644
--- a/drivers/block/xen-blkfront.c
+++ b/drivers/block/xen-blkfront.c
@@ -780,7 +780,8 @@ static int blkif_queue_rw_req(struct request *req, struct blkfront_ring_info *ri
ring_req->u.rw.handle = info->handle;
ring_req->operation = rq_data_dir(req) ?
BLKIF_OP_WRITE : BLKIF_OP_READ;
- if (req_op(req) == REQ_OP_FLUSH || req->cmd_flags & REQ_FUA) {
+ if (req_op(req) == REQ_OP_FLUSH ||
+ (req_op(req) == REQ_OP_WRITE && (req->cmd_flags & REQ_FUA))) {
/*
* Ideally we can do an unordered flush-to-disk.
* In case the backend onlysupports barriers, use that.
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 041/187] drm:amd:amdgpu: Fix missing buffer object unlock in failure path
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (39 preceding siblings ...)
2023-06-19 10:27 ` [PATCH 6.3 040/187] xen/blkfront: Only check REQ_FUA for writes Greg Kroah-Hartman
@ 2023-06-19 10:27 ` Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 042/187] io_uring: unlock sqd->lock before sq thread release CPU Greg Kroah-Hartman
` (157 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Sukrut Bellary, Alex Deucher,
Sasha Levin
From: Sukrut Bellary <sukrut.bellary@linux.com>
[ Upstream commit 60ecaaf54886b0642d5c4744f7fbf1ff0d6b3e42 ]
smatch warning -
1) drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c:3615 gfx_v9_0_kiq_resume()
warn: inconsistent returns 'ring->mqd_obj->tbo.base.resv'.
2) drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c:6901 gfx_v10_0_kiq_resume()
warn: inconsistent returns 'ring->mqd_obj->tbo.base.resv'.
Signed-off-by: Sukrut Bellary <sukrut.bellary@linux.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c | 4 +++-
drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 4 +++-
2 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c b/drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c
index b1428068fef7f..8144d6693541e 100644
--- a/drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c
+++ b/drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c
@@ -6890,8 +6890,10 @@ static int gfx_v10_0_kiq_resume(struct amdgpu_device *adev)
return r;
r = amdgpu_bo_kmap(ring->mqd_obj, (void **)&ring->mqd_ptr);
- if (unlikely(r != 0))
+ if (unlikely(r != 0)) {
+ amdgpu_bo_unreserve(ring->mqd_obj);
return r;
+ }
gfx_v10_0_kiq_init_queue(ring);
amdgpu_bo_kunmap(ring->mqd_obj);
diff --git a/drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c b/drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c
index c54d05bdc2d8c..7b1a359ab0849 100644
--- a/drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c
+++ b/drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c
@@ -3604,8 +3604,10 @@ static int gfx_v9_0_kiq_resume(struct amdgpu_device *adev)
return r;
r = amdgpu_bo_kmap(ring->mqd_obj, (void **)&ring->mqd_ptr);
- if (unlikely(r != 0))
+ if (unlikely(r != 0)) {
+ amdgpu_bo_unreserve(ring->mqd_obj);
return r;
+ }
gfx_v9_0_kiq_init_queue(ring);
amdgpu_bo_kunmap(ring->mqd_obj);
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 042/187] io_uring: unlock sqd->lock before sq thread release CPU
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (40 preceding siblings ...)
2023-06-19 10:27 ` [PATCH 6.3 041/187] drm:amd:amdgpu: Fix missing buffer object unlock in failure path Greg Kroah-Hartman
@ 2023-06-19 10:27 ` Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 043/187] NVMe: Add MAXIO 1602 to bogus nid list Greg Kroah-Hartman
` (156 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Kanchan Joshi, Wenwen Chen,
Jens Axboe, Sasha Levin
From: Wenwen Chen <wenwen.chen@samsung.com>
[ Upstream commit 533ab73f5b5c95dcb4152b52d5482abcc824c690 ]
The sq thread actively releases CPU resources by calling the
cond_resched() and schedule() interfaces when it is idle. Therefore,
more resources are available for other threads to run.
There exists a problem in sq thread: it does not unlock sqd->lock before
releasing CPU resources every time. This makes other threads pending on
sqd->lock for a long time. For example, the following interfaces all
require sqd->lock: io_sq_offload_create(), io_register_iowq_max_workers()
and io_ring_exit_work().
Before the sq thread releases CPU resources, unlocking sqd->lock will
provide the user a better experience because it can respond quickly to
user requests.
Signed-off-by: Kanchan Joshi<joshi.k@samsung.com>
Signed-off-by: Wenwen Chen<wenwen.chen@samsung.com>
Link: https://lore.kernel.org/r/20230525082626.577862-1-wenwen.chen@samsung.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
io_uring/sqpoll.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/io_uring/sqpoll.c b/io_uring/sqpoll.c
index 9db4bc1f521a3..5e329e3cd4706 100644
--- a/io_uring/sqpoll.c
+++ b/io_uring/sqpoll.c
@@ -255,9 +255,13 @@ static int io_sq_thread(void *data)
sqt_spin = true;
if (sqt_spin || !time_after(jiffies, timeout)) {
- cond_resched();
if (sqt_spin)
timeout = jiffies + sqd->sq_thread_idle;
+ if (unlikely(need_resched())) {
+ mutex_unlock(&sqd->lock);
+ cond_resched();
+ mutex_lock(&sqd->lock);
+ }
continue;
}
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 043/187] NVMe: Add MAXIO 1602 to bogus nid list.
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (41 preceding siblings ...)
2023-06-19 10:27 ` [PATCH 6.3 042/187] io_uring: unlock sqd->lock before sq thread release CPU Greg Kroah-Hartman
@ 2023-06-19 10:27 ` Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 044/187] irqchip/gic: Correctly validate OF quirk descriptors Greg Kroah-Hartman
` (155 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Tatsuki Sugiura, Christoph Hellwig,
Keith Busch, Sasha Levin
From: Tatsuki Sugiura <sugi@nemui.org>
[ Upstream commit a3a9d63dcd15535e7fdf4c7c1b32bfaed762973a ]
HIKSEMI FUTURE M.2 SSD uses the same dummy nguid and eui64.
I confirmed it with my two devices.
This patch marks the controller as NVME_QUIRK_BOGUS_NID.
---------------------------------------------------------
sugi@tempest:~% sudo nvme id-ctrl /dev/nvme0
NVME Identify Controller:
vid : 0x1e4b
ssvid : 0x1e4b
sn : 30096022612
mn : HS-SSD-FUTURE 2048G
fr : SN10542
rab : 0
ieee : 000000
cmic : 0
mdts : 7
cntlid : 0
ver : 0x10400
rtd3r : 0x7a120
rtd3e : 0x1e8480
oaes : 0x200
ctratt : 0x2
rrls : 0
cntrltype : 1
fguid : 00000000-0000-0000-0000-000000000000
<snip...>
---------------------------------------------------------
---------------------------------------------------------
sugi@tempest:~% sudo nvme id-ns /dev/nvme0n1
NVME Identify Namespace 1:
<snip...>
nguid : 00000000000000000000000000000000
eui64 : 0000000000000002
lbaf 0 : ms:0 lbads:9 rp:0 (in use)
---------------------------------------------------------
Signed-off-by: Tatsuki Sugiura <sugi@nemui.org>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Keith Busch <kbusch@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/nvme/host/pci.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/nvme/host/pci.c b/drivers/nvme/host/pci.c
index 60f51155a6d20..b682cc6a62f0a 100644
--- a/drivers/nvme/host/pci.c
+++ b/drivers/nvme/host/pci.c
@@ -3428,6 +3428,8 @@ static const struct pci_device_id nvme_id_table[] = {
.driver_data = NVME_QUIRK_BOGUS_NID, },
{ PCI_DEVICE(0x1e4B, 0x1202), /* MAXIO MAP1202 */
.driver_data = NVME_QUIRK_BOGUS_NID, },
+ { PCI_DEVICE(0x1e4B, 0x1602), /* MAXIO MAP1602 */
+ .driver_data = NVME_QUIRK_BOGUS_NID, },
{ PCI_DEVICE(0x1cc1, 0x5350), /* ADATA XPG GAMMIX S50 */
.driver_data = NVME_QUIRK_BOGUS_NID, },
{ PCI_DEVICE(0x1dbe, 0x5236), /* ADATA XPG GAMMIX S70 */
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 044/187] irqchip/gic: Correctly validate OF quirk descriptors
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (42 preceding siblings ...)
2023-06-19 10:27 ` [PATCH 6.3 043/187] NVMe: Add MAXIO 1602 to bogus nid list Greg Kroah-Hartman
@ 2023-06-19 10:27 ` Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 045/187] wifi: cfg80211: fix locking in regulatory disconnect Greg Kroah-Hartman
` (154 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Douglas Anderson, Geert Uytterhoeven,
Marc Zyngier, Sasha Levin
From: Marc Zyngier <maz@kernel.org>
[ Upstream commit 91539341a3b6e9c868024a4292455dae36e6f58c ]
When checking for OF quirks, make sure either 'compatible' or 'property'
is set, and give up otherwise.
This avoids non-OF quirks being randomly applied as they don't have any
of the OF data that need checking.
Cc: Douglas Anderson <dianders@chromium.org>
Reported-by: Geert Uytterhoeven <geert+renesas@glider.be>
Tested-by: Geert Uytterhoeven <geert+renesas@glider.be>
Fixes: 44bd78dd2b88 ("irqchip/gic-v3: Disable pseudo NMIs on Mediatek devices w/ firmware issues")
Signed-off-by: Marc Zyngier <maz@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/irqchip/irq-gic-common.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/irqchip/irq-gic-common.c b/drivers/irqchip/irq-gic-common.c
index de47b51cdadbe..afd6a1841715a 100644
--- a/drivers/irqchip/irq-gic-common.c
+++ b/drivers/irqchip/irq-gic-common.c
@@ -16,6 +16,8 @@ void gic_enable_of_quirks(const struct device_node *np,
const struct gic_quirk *quirks, void *data)
{
for (; quirks->desc; quirks++) {
+ if (!quirks->compatible && !quirks->property)
+ continue;
if (quirks->compatible &&
!of_device_is_compatible(np, quirks->compatible))
continue;
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 045/187] wifi: cfg80211: fix locking in regulatory disconnect
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (43 preceding siblings ...)
2023-06-19 10:27 ` [PATCH 6.3 044/187] irqchip/gic: Correctly validate OF quirk descriptors Greg Kroah-Hartman
@ 2023-06-19 10:27 ` Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 046/187] wifi: cfg80211: fix double lock bug in reg_wdev_chan_valid() Greg Kroah-Hartman
` (153 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:27 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Johannes Berg
From: Johannes Berg <johannes.berg@intel.com>
commit f7e60032c6618dfd643c7210d5cba2789e2de2e2 upstream.
This should use wiphy_lock() now instead of requiring the
RTNL, since __cfg80211_leave() via cfg80211_leave() is now
requiring that lock to be held.
Fixes: a05829a7222e ("cfg80211: avoid holding the RTNL when calling the driver")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/wireless/reg.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/net/wireless/reg.c
+++ b/net/wireless/reg.c
@@ -2440,11 +2440,11 @@ static void reg_leave_invalid_chans(stru
struct wireless_dev *wdev;
struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
- ASSERT_RTNL();
-
+ wiphy_lock(wiphy);
list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list)
if (!reg_wdev_chan_valid(wiphy, wdev))
cfg80211_leave(rdev, wdev);
+ wiphy_unlock(wiphy);
}
static void reg_check_chans_work(struct work_struct *work)
^ permalink raw reply [flat|nested] 200+ messages in thread
* [PATCH 6.3 046/187] wifi: cfg80211: fix double lock bug in reg_wdev_chan_valid()
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (44 preceding siblings ...)
2023-06-19 10:27 ` [PATCH 6.3 045/187] wifi: cfg80211: fix locking in regulatory disconnect Greg Kroah-Hartman
@ 2023-06-19 10:27 ` Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 047/187] epoll: ep_autoremove_wake_function should use list_del_init_careful Greg Kroah-Hartman
` (152 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:27 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Dan Carpenter, Johannes Berg
From: Dan Carpenter <dan.carpenter@linaro.org>
commit 996c3117dae4c02b38a3cb68e5c2aec9d907ec15 upstream.
The locking was changed recently so now the caller holds the wiphy_lock()
lock. Taking the lock inside the reg_wdev_chan_valid() function will
lead to a deadlock.
Fixes: f7e60032c661 ("wifi: cfg80211: fix locking in regulatory disconnect")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Link: https://lore.kernel.org/r/40c4114a-6cb4-4abf-b013-300b598aba65@moroto.mountain
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/wireless/reg.c | 3 ---
1 file changed, 3 deletions(-)
--- a/net/wireless/reg.c
+++ b/net/wireless/reg.c
@@ -2404,11 +2404,8 @@ static bool reg_wdev_chan_valid(struct w
case NL80211_IFTYPE_P2P_GO:
case NL80211_IFTYPE_ADHOC:
case NL80211_IFTYPE_MESH_POINT:
- wiphy_lock(wiphy);
ret = cfg80211_reg_can_beacon_relax(wiphy, &chandef,
iftype);
- wiphy_unlock(wiphy);
-
if (!ret)
return ret;
break;
^ permalink raw reply [flat|nested] 200+ messages in thread
* [PATCH 6.3 047/187] epoll: ep_autoremove_wake_function should use list_del_init_careful
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (45 preceding siblings ...)
2023-06-19 10:27 ` [PATCH 6.3 046/187] wifi: cfg80211: fix double lock bug in reg_wdev_chan_valid() Greg Kroah-Hartman
@ 2023-06-19 10:27 ` Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 048/187] ocfs2: fix use-after-free when unmounting read-only filesystem Greg Kroah-Hartman
` (151 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ben Segall, Al Viro,
Christian Brauner, Andrew Morton
From: Benjamin Segall <bsegall@google.com>
commit 2192bba03d80f829233bfa34506b428f71e531e7 upstream.
autoremove_wake_function uses list_del_init_careful, so should epoll's
more aggressive variant. It only doesn't because it was copied from an
older wait.c rather than the most recent.
[bsegall@google.com: add comment]
Link: https://lkml.kernel.org/r/xm26bki0ulsr.fsf_-_@google.com
Link: https://lkml.kernel.org/r/xm26pm6hvfer.fsf@google.com
Fixes: a16ceb139610 ("epoll: autoremove wakers even more aggressively")
Signed-off-by: Ben Segall <bsegall@google.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Christian Brauner <brauner@kernel.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/eventpoll.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
--- a/fs/eventpoll.c
+++ b/fs/eventpoll.c
@@ -1760,7 +1760,11 @@ static int ep_autoremove_wake_function(s
{
int ret = default_wake_function(wq_entry, mode, sync, key);
- list_del_init(&wq_entry->entry);
+ /*
+ * Pairs with list_empty_careful in ep_poll, and ensures future loop
+ * iterations see the cause of this wakeup.
+ */
+ list_del_init_careful(&wq_entry->entry);
return ret;
}
^ permalink raw reply [flat|nested] 200+ messages in thread
* [PATCH 6.3 048/187] ocfs2: fix use-after-free when unmounting read-only filesystem
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (46 preceding siblings ...)
2023-06-19 10:27 ` [PATCH 6.3 047/187] epoll: ep_autoremove_wake_function should use list_del_init_careful Greg Kroah-Hartman
@ 2023-06-19 10:27 ` Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 049/187] ocfs2: check new file size on fallocate call Greg Kroah-Hartman
` (150 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Luís Henriques, Joseph Qi,
Mark Fasheh, Joel Becker, Junxiao Bi, Changwei Ge, Gang He,
Jun Piao, Andrew Morton
From: Luís Henriques <ocfs2-devel@oss.oracle.com>
commit 50d927880e0f90d5cb25e897e9d03e5edacc79a8 upstream.
It's trivial to trigger a use-after-free bug in the ocfs2 quotas code using
fstest generic/452. After a read-only remount, quotas are suspended and
ocfs2_mem_dqinfo is freed through ->ocfs2_local_free_info(). When unmounting
the filesystem, an UAF access to the oinfo will eventually cause a crash.
BUG: KASAN: slab-use-after-free in timer_delete+0x54/0xc0
Read of size 8 at addr ffff8880389a8208 by task umount/669
...
Call Trace:
<TASK>
...
timer_delete+0x54/0xc0
try_to_grab_pending+0x31/0x230
__cancel_work_timer+0x6c/0x270
ocfs2_disable_quotas.isra.0+0x3e/0xf0 [ocfs2]
ocfs2_dismount_volume+0xdd/0x450 [ocfs2]
generic_shutdown_super+0xaa/0x280
kill_block_super+0x46/0x70
deactivate_locked_super+0x4d/0xb0
cleanup_mnt+0x135/0x1f0
...
</TASK>
Allocated by task 632:
kasan_save_stack+0x1c/0x40
kasan_set_track+0x21/0x30
__kasan_kmalloc+0x8b/0x90
ocfs2_local_read_info+0xe3/0x9a0 [ocfs2]
dquot_load_quota_sb+0x34b/0x680
dquot_load_quota_inode+0xfe/0x1a0
ocfs2_enable_quotas+0x190/0x2f0 [ocfs2]
ocfs2_fill_super+0x14ef/0x2120 [ocfs2]
mount_bdev+0x1be/0x200
legacy_get_tree+0x6c/0xb0
vfs_get_tree+0x3e/0x110
path_mount+0xa90/0xe10
__x64_sys_mount+0x16f/0x1a0
do_syscall_64+0x43/0x90
entry_SYSCALL_64_after_hwframe+0x72/0xdc
Freed by task 650:
kasan_save_stack+0x1c/0x40
kasan_set_track+0x21/0x30
kasan_save_free_info+0x2a/0x50
__kasan_slab_free+0xf9/0x150
__kmem_cache_free+0x89/0x180
ocfs2_local_free_info+0x2ba/0x3f0 [ocfs2]
dquot_disable+0x35f/0xa70
ocfs2_susp_quotas.isra.0+0x159/0x1a0 [ocfs2]
ocfs2_remount+0x150/0x580 [ocfs2]
reconfigure_super+0x1a5/0x3a0
path_mount+0xc8a/0xe10
__x64_sys_mount+0x16f/0x1a0
do_syscall_64+0x43/0x90
entry_SYSCALL_64_after_hwframe+0x72/0xdc
Link: https://lkml.kernel.org/r/20230522102112.9031-1-lhenriques@suse.de
Signed-off-by: Luís Henriques <lhenriques@suse.de>
Reviewed-by: Joseph Qi <joseph.qi@linux.alibaba.com>
Tested-by: Joseph Qi <joseph.qi@linux.alibaba.com>
Cc: Mark Fasheh <mark@fasheh.com>
Cc: Joel Becker <jlbec@evilplan.org>
Cc: Junxiao Bi <junxiao.bi@oracle.com>
Cc: Changwei Ge <gechangwei@live.cn>
Cc: Gang He <ghe@suse.com>
Cc: Jun Piao <piaojun@huawei.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ocfs2/super.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/fs/ocfs2/super.c
+++ b/fs/ocfs2/super.c
@@ -952,8 +952,10 @@ static void ocfs2_disable_quotas(struct
for (type = 0; type < OCFS2_MAXQUOTAS; type++) {
if (!sb_has_quota_loaded(sb, type))
continue;
- oinfo = sb_dqinfo(sb, type)->dqi_priv;
- cancel_delayed_work_sync(&oinfo->dqi_sync_work);
+ if (!sb_has_quota_suspended(sb, type)) {
+ oinfo = sb_dqinfo(sb, type)->dqi_priv;
+ cancel_delayed_work_sync(&oinfo->dqi_sync_work);
+ }
inode = igrab(sb->s_dquot.files[type]);
/* Turn off quotas. This will remove all dquot structures from
* memory and so they will be automatically synced to global
^ permalink raw reply [flat|nested] 200+ messages in thread
* [PATCH 6.3 049/187] ocfs2: check new file size on fallocate call
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (47 preceding siblings ...)
2023-06-19 10:27 ` [PATCH 6.3 048/187] ocfs2: fix use-after-free when unmounting read-only filesystem Greg Kroah-Hartman
@ 2023-06-19 10:27 ` Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 050/187] zswap: do not shrink if cgroup may not zswap Greg Kroah-Hartman
` (149 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Luís Henriques, Mark Fasheh,
Joseph Qi, Joel Becker, Junxiao Bi, Changwei Ge, Gang He,
Jun Piao, Andrew Morton
From: Luís Henriques <ocfs2-devel@oss.oracle.com>
commit 26a6ffff7de5dd369cdb12e38ba11db682f1dec0 upstream.
When changing a file size with fallocate() the new size isn't being
checked. In particular, the FSIZE ulimit isn't being checked, which makes
fstest generic/228 fail. Simply adding a call to inode_newsize_ok() fixes
this issue.
Link: https://lkml.kernel.org/r/20230529152645.32680-1-lhenriques@suse.de
Signed-off-by: Luís Henriques <lhenriques@suse.de>
Reviewed-by: Mark Fasheh <mark@fasheh.com>
Reviewed-by: Joseph Qi <joseph.qi@linux.alibaba.com>
Cc: Joel Becker <jlbec@evilplan.org>
Cc: Junxiao Bi <junxiao.bi@oracle.com>
Cc: Changwei Ge <gechangwei@live.cn>
Cc: Gang He <ghe@suse.com>
Cc: Jun Piao <piaojun@huawei.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ocfs2/file.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
--- a/fs/ocfs2/file.c
+++ b/fs/ocfs2/file.c
@@ -2100,14 +2100,20 @@ static long ocfs2_fallocate(struct file
struct ocfs2_space_resv sr;
int change_size = 1;
int cmd = OCFS2_IOC_RESVSP64;
+ int ret = 0;
if (mode & ~(FALLOC_FL_KEEP_SIZE | FALLOC_FL_PUNCH_HOLE))
return -EOPNOTSUPP;
if (!ocfs2_writes_unwritten_extents(osb))
return -EOPNOTSUPP;
- if (mode & FALLOC_FL_KEEP_SIZE)
+ if (mode & FALLOC_FL_KEEP_SIZE) {
change_size = 0;
+ } else {
+ ret = inode_newsize_ok(inode, offset + len);
+ if (ret)
+ return ret;
+ }
if (mode & FALLOC_FL_PUNCH_HOLE)
cmd = OCFS2_IOC_UNRESVSP64;
^ permalink raw reply [flat|nested] 200+ messages in thread
* [PATCH 6.3 050/187] zswap: do not shrink if cgroup may not zswap
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (48 preceding siblings ...)
2023-06-19 10:27 ` [PATCH 6.3 049/187] ocfs2: check new file size on fallocate call Greg Kroah-Hartman
@ 2023-06-19 10:27 ` Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 051/187] mm/damon/core: fix divide error in damon_nr_accesses_to_accesses_bp() Greg Kroah-Hartman
` (148 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Nhat Pham, Dan Streetman,
Domenico Cerasuolo, Johannes Weiner, Seth Jennings, Vitaly Wool,
Yosry Ahmed, Andrew Morton
From: Nhat Pham <nphamcs@gmail.com>
commit 0bdf0efa180a9cb1361cbded4e2260a49306ac89 upstream.
Before storing a page, zswap first checks if the number of stored pages
exceeds the limit specified by memory.zswap.max, for each cgroup in the
hierarchy. If this limit is reached or exceeded, then zswap shrinking is
triggered and short-circuits the store attempt.
However, since the zswap's LRU is not memcg-aware, this can create the
following pathological behavior: the cgroup whose zswap limit is 0 will
evict pages from other cgroups continually, without lowering its own zswap
usage. This means the shrinking will continue until the need for swap
ceases or the pool becomes empty.
As a result of this, we observe a disproportionate amount of zswap
writeback and a perpetually small zswap pool in our experiments, even
though the pool limit is never hit.
More generally, a cgroup might unnecessarily evict pages from other
cgroups before we drive the memcg back below its limit.
This patch fixes the issue by rejecting zswap store attempt without
shrinking the pool when obj_cgroup_may_zswap() returns false.
[akpm@linux-foundation.org: fix return of unintialized value]
[akpm@linux-foundation.org: s/ENOSPC/ENOMEM/]
Link: https://lkml.kernel.org/r/20230530222440.2777700-1-nphamcs@gmail.com
Link: https://lkml.kernel.org/r/20230530232435.3097106-1-nphamcs@gmail.com
Fixes: f4840ccfca25 ("zswap: memcg accounting")
Signed-off-by: Nhat Pham <nphamcs@gmail.com>
Cc: Dan Streetman <ddstreet@ieee.org>
Cc: Domenico Cerasuolo <cerasuolodomenico@gmail.com>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Seth Jennings <sjenning@redhat.com>
Cc: Vitaly Wool <vitaly.wool@konsulko.com>
Cc: Yosry Ahmed <yosryahmed@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/zswap.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
--- a/mm/zswap.c
+++ b/mm/zswap.c
@@ -1141,9 +1141,16 @@ static int zswap_frontswap_store(unsigne
goto reject;
}
+ /*
+ * XXX: zswap reclaim does not work with cgroups yet. Without a
+ * cgroup-aware entry LRU, we will push out entries system-wide based on
+ * local cgroup limits.
+ */
objcg = get_obj_cgroup_from_page(page);
- if (objcg && !obj_cgroup_may_zswap(objcg))
- goto shrink;
+ if (objcg && !obj_cgroup_may_zswap(objcg)) {
+ ret = -ENOMEM;
+ goto reject;
+ }
/* reclaim space if needed */
if (zswap_is_full()) {
^ permalink raw reply [flat|nested] 200+ messages in thread
* [PATCH 6.3 051/187] mm/damon/core: fix divide error in damon_nr_accesses_to_accesses_bp()
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (49 preceding siblings ...)
2023-06-19 10:27 ` [PATCH 6.3 050/187] zswap: do not shrink if cgroup may not zswap Greg Kroah-Hartman
@ 2023-06-19 10:27 ` Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 052/187] nios2: dts: Fix tse_mac "max-frame-size" property Greg Kroah-Hartman
` (147 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+841a46899768ec7bec67,
SeongJae Park, Kefeng Wang, Andrew Morton
From: Kefeng Wang <wangkefeng.wang@huawei.com>
commit 5ff6e2fff88ef9bf110c5e85a48e7b557bfc64c1 upstream.
If 'aggr_interval' is smaller than 'sample_interval', max_nr_accesses in
damon_nr_accesses_to_accesses_bp() becomes zero which leads to divide
error, let's validate the values of them in damon_set_attrs() to fix it,
which similar to others attrs check.
Link: https://lkml.kernel.org/r/20230527032101.167788-1-wangkefeng.wang@huawei.com
Fixes: 2f5bef5a590b ("mm/damon/core: update monitoring results for new monitoring attributes")
Reported-by: syzbot+841a46899768ec7bec67@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=841a46899768ec7bec67
Link: https://lore.kernel.org/damon/00000000000055fc4e05fc975bc2@google.com/
Reviewed-by: SeongJae Park <sj@kernel.org>
Signed-off-by: Kefeng Wang <wangkefeng.wang@huawei.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/damon/core.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/mm/damon/core.c b/mm/damon/core.c
index d9ef62047bf5..91cff7f2997e 100644
--- a/mm/damon/core.c
+++ b/mm/damon/core.c
@@ -551,6 +551,8 @@ int damon_set_attrs(struct damon_ctx *ctx, struct damon_attrs *attrs)
return -EINVAL;
if (attrs->min_nr_regions > attrs->max_nr_regions)
return -EINVAL;
+ if (attrs->sample_interval > attrs->aggr_interval)
+ return -EINVAL;
damon_update_monitoring_results(ctx, attrs);
ctx->attrs = *attrs;
--
2.41.0
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 052/187] nios2: dts: Fix tse_mac "max-frame-size" property
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (50 preceding siblings ...)
2023-06-19 10:27 ` [PATCH 6.3 051/187] mm/damon/core: fix divide error in damon_nr_accesses_to_accesses_bp() Greg Kroah-Hartman
@ 2023-06-19 10:27 ` Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 053/187] mm/uffd: fix vma operation where start addr cuts part of vma Greg Kroah-Hartman
` (146 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:27 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Janne Grunau, Dinh Nguyen
From: Janne Grunau <j@jannau.net>
commit 85041e12418fd0c08ff972b7729f7971afb361f8 upstream.
The given value of 1518 seems to refer to the layer 2 ethernet frame
size without 802.1Q tag. Actual use of the "max-frame-size" including in
the consumer of the "altr,tse-1.0" compatible is the MTU.
Fixes: 95acd4c7b69c ("nios2: Device tree support")
Fixes: 61c610ec61bb ("nios2: Add Max10 device tree")
Cc: <stable@vger.kernel.org>
Signed-off-by: Janne Grunau <j@jannau.net>
Signed-off-by: Dinh Nguyen <dinguyen@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/nios2/boot/dts/10m50_devboard.dts | 2 +-
arch/nios2/boot/dts/3c120_devboard.dts | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
--- a/arch/nios2/boot/dts/10m50_devboard.dts
+++ b/arch/nios2/boot/dts/10m50_devboard.dts
@@ -97,7 +97,7 @@
rx-fifo-depth = <8192>;
tx-fifo-depth = <8192>;
address-bits = <48>;
- max-frame-size = <1518>;
+ max-frame-size = <1500>;
local-mac-address = [00 00 00 00 00 00];
altr,has-supplementary-unicast;
altr,enable-sup-addr = <1>;
--- a/arch/nios2/boot/dts/3c120_devboard.dts
+++ b/arch/nios2/boot/dts/3c120_devboard.dts
@@ -106,7 +106,7 @@
interrupt-names = "rx_irq", "tx_irq";
rx-fifo-depth = <8192>;
tx-fifo-depth = <8192>;
- max-frame-size = <1518>;
+ max-frame-size = <1500>;
local-mac-address = [ 00 00 00 00 00 00 ];
phy-mode = "rgmii-id";
phy-handle = <&phy0>;
^ permalink raw reply [flat|nested] 200+ messages in thread
* [PATCH 6.3 053/187] mm/uffd: fix vma operation where start addr cuts part of vma
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (51 preceding siblings ...)
2023-06-19 10:27 ` [PATCH 6.3 052/187] nios2: dts: Fix tse_mac "max-frame-size" property Greg Kroah-Hartman
@ 2023-06-19 10:27 ` Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 054/187] nilfs2: fix incomplete buffer cleanup in nilfs_btnode_abort_change_key() Greg Kroah-Hartman
` (145 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Peter Xu, Mark Rutland,
Lorenzo Stoakes, Liam R. Howlett, Mike Rapoport (IBM),
Andrew Morton
From: Peter Xu <peterx@redhat.com>
commit 270aa010620697fb27b8f892cc4e194bc2b7d134 upstream.
Patch series "mm/uffd: Fix vma merge/split", v2.
This series contains two patches that fix vma merge/split for userfaultfd
on two separate issues.
Patch 1 fixes a regression since 6.1+ due to something we overlooked when
converting to maple tree apis. The plan is we use patch 1 to replace the
commit "2f628010799e (mm: userfaultfd: avoid passing an invalid range to
vma_merge())" in mm-hostfixes-unstable tree if possible, so as to bring
uffd vma operations back aligned with the rest code again.
Patch 2 fixes a long standing issue that vma can be left unmerged even if
we can for either uffd register or unregister.
Many thanks to Lorenzo on either noticing this issue from the assert
movement patch, looking at this problem, and also provided a reproducer on
the unmerged vma issue [1].
[1] https://gist.github.com/lorenzo-stoakes/a11a10f5f479e7a977fc456331266e0e
This patch (of 2):
It seems vma merging with uffd paths is broken with either
register/unregister, where right now we can feed wrong parameters to
vma_merge() and it's found by recent patch which moved asserts upwards in
vma_merge() by Lorenzo Stoakes:
https://lore.kernel.org/all/ZFunF7DmMdK05MoF@FVFF77S0Q05N.cambridge.arm.com/
It's possible that "start" is contained within vma but not clamped to its
start. We need to convert this into either "cannot merge" case or "can
merge" case 4 which permits subdivision of prev by assigning vma to prev.
As we loop, each subsequent VMA will be clamped to the start.
This patch will eliminate the report and make sure vma_merge() calls will
become legal again.
One thing to mention is that the "Fixes: 29417d292bd0" below is there only
to help explain where the warning can start to trigger, the real commit to
fix should be 69dbe6daf104. Commit 29417d292bd0 helps us to identify the
issue, but unfortunately we may want to keep it in Fixes too just to ease
kernel backporters for easier tracking.
Link: https://lkml.kernel.org/r/20230517190916.3429499-1-peterx@redhat.com
Link: https://lkml.kernel.org/r/20230517190916.3429499-2-peterx@redhat.com
Fixes: 69dbe6daf104 ("userfaultfd: use maple tree iterator to iterate VMAs")
Signed-off-by: Peter Xu <peterx@redhat.com>
Reported-by: Mark Rutland <mark.rutland@arm.com>
Reviewed-by: Lorenzo Stoakes <lstoakes@gmail.com>
Reviewed-by: Liam R. Howlett <Liam.Howlett@oracle.com>
Closes: https://lore.kernel.org/all/ZFunF7DmMdK05MoF@FVFF77S0Q05N.cambridge.arm.com/
Cc: Lorenzo Stoakes <lstoakes@gmail.com>
Cc: Mike Rapoport (IBM) <rppt@kernel.org>
Cc: Liam R. Howlett <Liam.Howlett@oracle.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/userfaultfd.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/fs/userfaultfd.c
+++ b/fs/userfaultfd.c
@@ -1429,6 +1429,8 @@ static int userfaultfd_register(struct u
vma_iter_set(&vmi, start);
prev = vma_prev(&vmi);
+ if (vma->vm_start < start)
+ prev = vma;
ret = 0;
for_each_vma_range(vmi, vma, end) {
@@ -1595,6 +1597,9 @@ static int userfaultfd_unregister(struct
vma_iter_set(&vmi, start);
prev = vma_prev(&vmi);
+ if (vma->vm_start < start)
+ prev = vma;
+
ret = 0;
for_each_vma_range(vmi, vma, end) {
cond_resched();
^ permalink raw reply [flat|nested] 200+ messages in thread
* [PATCH 6.3 054/187] nilfs2: fix incomplete buffer cleanup in nilfs_btnode_abort_change_key()
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (52 preceding siblings ...)
2023-06-19 10:27 ` [PATCH 6.3 053/187] mm/uffd: fix vma operation where start addr cuts part of vma Greg Kroah-Hartman
@ 2023-06-19 10:27 ` Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 055/187] nilfs2: fix possible out-of-bounds segment allocation in resize ioctl Greg Kroah-Hartman
` (144 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ryusuke Konishi,
syzbot+b0a35a5c1f7e846d3b09, Andrew Morton
From: Ryusuke Konishi <konishi.ryusuke@gmail.com>
commit 2f012f2baca140c488e43d27a374029c1e59098d upstream.
A syzbot fault injection test reported that nilfs_btnode_create_block, a
helper function that allocates a new node block for b-trees, causes a
kernel BUG for disk images where the file system block size is smaller
than the page size.
This was due to unexpected flags on the newly allocated buffer head, and
it turned out to be because the buffer flags were not cleared by
nilfs_btnode_abort_change_key() after an error occurred during a b-tree
update operation and the buffer was later reused in that state.
Fix this issue by using nilfs_btnode_delete() to abandon the unused
preallocated buffer in nilfs_btnode_abort_change_key().
Link: https://lkml.kernel.org/r/20230513102428.10223-1-konishi.ryusuke@gmail.com
Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Reported-by: syzbot+b0a35a5c1f7e846d3b09@syzkaller.appspotmail.com
Closes: https://lkml.kernel.org/r/000000000000d1d6c205ebc4d512@google.com
Tested-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/nilfs2/btnode.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
--- a/fs/nilfs2/btnode.c
+++ b/fs/nilfs2/btnode.c
@@ -285,6 +285,14 @@ void nilfs_btnode_abort_change_key(struc
if (nbh == NULL) { /* blocksize == pagesize */
xa_erase_irq(&btnc->i_pages, newkey);
unlock_page(ctxt->bh->b_page);
- } else
- brelse(nbh);
+ } else {
+ /*
+ * When canceling a buffer that a prepare operation has
+ * allocated to copy a node block to another location, use
+ * nilfs_btnode_delete() to initialize and release the buffer
+ * so that the buffer flags will not be in an inconsistent
+ * state when it is reallocated.
+ */
+ nilfs_btnode_delete(nbh);
+ }
}
^ permalink raw reply [flat|nested] 200+ messages in thread
* [PATCH 6.3 055/187] nilfs2: fix possible out-of-bounds segment allocation in resize ioctl
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (53 preceding siblings ...)
2023-06-19 10:27 ` [PATCH 6.3 054/187] nilfs2: fix incomplete buffer cleanup in nilfs_btnode_abort_change_key() Greg Kroah-Hartman
@ 2023-06-19 10:27 ` Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 056/187] nilfs2: reject devices with insufficient block count Greg Kroah-Hartman
` (143 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ryusuke Konishi,
syzbot+33494cd0df2ec2931851, Andrew Morton
From: Ryusuke Konishi <konishi.ryusuke@gmail.com>
commit fee5eaecca86afa544355569b831c1f90f334b85 upstream.
Syzbot reports that in its stress test for resize ioctl, the log writing
function nilfs_segctor_do_construct hits a WARN_ON in
nilfs_segctor_truncate_segments().
It turned out that there is a problem with the current implementation of
the resize ioctl, which changes the writable range on the device (the
range of allocatable segments) at the end of the resize process.
This order is necessary for file system expansion to avoid corrupting the
superblock at trailing edge. However, in the case of a file system
shrink, if log writes occur after truncating out-of-bounds trailing
segments and before the resize is complete, segments may be allocated from
the truncated space.
The userspace resize tool was fine as it limits the range of allocatable
segments before performing the resize, but it can run into this issue if
the resize ioctl is called alone.
Fix this issue by changing nilfs_sufile_resize() to update the range of
allocatable segments immediately after successful truncation of segment
space in case of file system shrink.
Link: https://lkml.kernel.org/r/20230524094348.3784-1-konishi.ryusuke@gmail.com
Fixes: 4e33f9eab07e ("nilfs2: implement resize ioctl")
Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Reported-by: syzbot+33494cd0df2ec2931851@syzkaller.appspotmail.com
Closes: https://lkml.kernel.org/r/0000000000005434c405fbbafdc5@google.com
Tested-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/nilfs2/sufile.c | 9 +++++++++
1 file changed, 9 insertions(+)
--- a/fs/nilfs2/sufile.c
+++ b/fs/nilfs2/sufile.c
@@ -779,6 +779,15 @@ int nilfs_sufile_resize(struct inode *su
goto out_header;
sui->ncleansegs -= nsegs - newnsegs;
+
+ /*
+ * If the sufile is successfully truncated, immediately adjust
+ * the segment allocation space while locking the semaphore
+ * "mi_sem" so that nilfs_sufile_alloc() never allocates
+ * segments in the truncated space.
+ */
+ sui->allocmax = newnsegs - 1;
+ sui->allocmin = 0;
}
kaddr = kmap_atomic(header_bh->b_page);
^ permalink raw reply [flat|nested] 200+ messages in thread
* [PATCH 6.3 056/187] nilfs2: reject devices with insufficient block count
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (54 preceding siblings ...)
2023-06-19 10:27 ` [PATCH 6.3 055/187] nilfs2: fix possible out-of-bounds segment allocation in resize ioctl Greg Kroah-Hartman
@ 2023-06-19 10:27 ` Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 057/187] LoongArch: Fix debugfs_create_dir() error checking Greg Kroah-Hartman
` (142 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ryusuke Konishi,
syzbot+7d50f1e54a12ba3aeae2, Andrew Morton
From: Ryusuke Konishi <konishi.ryusuke@gmail.com>
commit 92c5d1b860e9581d64baca76779576c0ab0d943d upstream.
The current sanity check for nilfs2 geometry information lacks checks for
the number of segments stored in superblocks, so even for device images
that have been destructively truncated or have an unusually high number of
segments, the mount operation may succeed.
This causes out-of-bounds block I/O on file system block reads or log
writes to the segments, the latter in particular causing
"a_ops->writepages" to repeatedly fail, resulting in sync_inodes_sb() to
hang.
Fix this issue by checking the number of segments stored in the superblock
and avoiding mounting devices that can cause out-of-bounds accesses. To
eliminate the possibility of overflow when calculating the number of
blocks required for the device from the number of segments, this also adds
a helper function to calculate the upper bound on the number of segments
and inserts a check using it.
Link: https://lkml.kernel.org/r/20230526021332.3431-1-konishi.ryusuke@gmail.com
Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Reported-by: syzbot+7d50f1e54a12ba3aeae2@syzkaller.appspotmail.com
Link: https://syzkaller.appspot.com/bug?extid=7d50f1e54a12ba3aeae2
Tested-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/nilfs2/the_nilfs.c | 43 ++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 42 insertions(+), 1 deletion(-)
--- a/fs/nilfs2/the_nilfs.c
+++ b/fs/nilfs2/the_nilfs.c
@@ -405,6 +405,18 @@ unsigned long nilfs_nrsvsegs(struct the_
100));
}
+/**
+ * nilfs_max_segment_count - calculate the maximum number of segments
+ * @nilfs: nilfs object
+ */
+static u64 nilfs_max_segment_count(struct the_nilfs *nilfs)
+{
+ u64 max_count = U64_MAX;
+
+ do_div(max_count, nilfs->ns_blocks_per_segment);
+ return min_t(u64, max_count, ULONG_MAX);
+}
+
void nilfs_set_nsegments(struct the_nilfs *nilfs, unsigned long nsegs)
{
nilfs->ns_nsegments = nsegs;
@@ -414,6 +426,8 @@ void nilfs_set_nsegments(struct the_nilf
static int nilfs_store_disk_layout(struct the_nilfs *nilfs,
struct nilfs_super_block *sbp)
{
+ u64 nsegments, nblocks;
+
if (le32_to_cpu(sbp->s_rev_level) < NILFS_MIN_SUPP_REV) {
nilfs_err(nilfs->ns_sb,
"unsupported revision (superblock rev.=%d.%d, current rev.=%d.%d). Please check the version of mkfs.nilfs(2).",
@@ -457,7 +471,34 @@ static int nilfs_store_disk_layout(struc
return -EINVAL;
}
- nilfs_set_nsegments(nilfs, le64_to_cpu(sbp->s_nsegments));
+ nsegments = le64_to_cpu(sbp->s_nsegments);
+ if (nsegments > nilfs_max_segment_count(nilfs)) {
+ nilfs_err(nilfs->ns_sb,
+ "segment count %llu exceeds upper limit (%llu segments)",
+ (unsigned long long)nsegments,
+ (unsigned long long)nilfs_max_segment_count(nilfs));
+ return -EINVAL;
+ }
+
+ nblocks = sb_bdev_nr_blocks(nilfs->ns_sb);
+ if (nblocks) {
+ u64 min_block_count = nsegments * nilfs->ns_blocks_per_segment;
+ /*
+ * To avoid failing to mount early device images without a
+ * second superblock, exclude that block count from the
+ * "min_block_count" calculation.
+ */
+
+ if (nblocks < min_block_count) {
+ nilfs_err(nilfs->ns_sb,
+ "total number of segment blocks %llu exceeds device size (%llu blocks)",
+ (unsigned long long)min_block_count,
+ (unsigned long long)nblocks);
+ return -EINVAL;
+ }
+ }
+
+ nilfs_set_nsegments(nilfs, nsegments);
nilfs->ns_crc_seed = le32_to_cpu(sbp->s_crc_seed);
return 0;
}
^ permalink raw reply [flat|nested] 200+ messages in thread
* [PATCH 6.3 057/187] LoongArch: Fix debugfs_create_dir() error checking
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (55 preceding siblings ...)
2023-06-19 10:27 ` [PATCH 6.3 056/187] nilfs2: reject devices with insufficient block count Greg Kroah-Hartman
@ 2023-06-19 10:27 ` Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 058/187] LoongArch: Fix perf event id calculation Greg Kroah-Hartman
` (141 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:27 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Ivan Orlov, Immad Mir, Huacai Chen
From: Immad Mir <mirimmad17@gmail.com>
commit 41efbb682de1231c3f6361039f46ad149e3ff5b9 upstream.
The debugfs_create_dir() returns ERR_PTR in case of an error and the
correct way of checking it is using the IS_ERR_OR_NULL inline function
rather than the simple null comparision. This patch fixes the issue.
Cc: stable@vger.kernel.org
Suggested-By: Ivan Orlov <ivan.orlov0322@gmail.com>
Signed-off-by: Immad Mir <mirimmad17@gmail.com>
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/loongarch/kernel/unaligned.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/loongarch/kernel/unaligned.c
+++ b/arch/loongarch/kernel/unaligned.c
@@ -485,7 +485,7 @@ static int __init debugfs_unaligned(void
struct dentry *d;
d = debugfs_create_dir("loongarch", NULL);
- if (!d)
+ if (IS_ERR_OR_NULL(d))
return -ENOMEM;
debugfs_create_u32("unaligned_instructions_user",
^ permalink raw reply [flat|nested] 200+ messages in thread
* [PATCH 6.3 058/187] LoongArch: Fix perf event id calculation
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (56 preceding siblings ...)
2023-06-19 10:27 ` [PATCH 6.3 057/187] LoongArch: Fix debugfs_create_dir() error checking Greg Kroah-Hartman
@ 2023-06-19 10:27 ` Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 059/187] io_uring/net: save msghdr->msg_control for retries Greg Kroah-Hartman
` (140 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:27 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Jun Yi, Huacai Chen
From: Huacai Chen <chenhuacai@loongson.cn>
commit 962369120d750cbc9c4dc492f32b4304669ff6aa upstream.
LoongArch PMCFG has 10bit event id rather than 8 bit, so fix it.
Cc: stable@vger.kernel.org
Signed-off-by: Jun Yi <yijun@loongson.cn>
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/loongarch/kernel/perf_event.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/arch/loongarch/kernel/perf_event.c
+++ b/arch/loongarch/kernel/perf_event.c
@@ -271,7 +271,7 @@ static void loongarch_pmu_enable_event(s
WARN_ON(idx < 0 || idx >= loongarch_pmu.num_counters);
/* Make sure interrupt enabled. */
- cpuc->saved_ctrl[idx] = M_PERFCTL_EVENT(evt->event_base & 0xff) |
+ cpuc->saved_ctrl[idx] = M_PERFCTL_EVENT(evt->event_base) |
(evt->config_base & M_PERFCTL_CONFIG_MASK) | CSR_PERFCTRL_IE;
cpu = (event->cpu >= 0) ? event->cpu : smp_processor_id();
@@ -594,7 +594,7 @@ static struct pmu pmu = {
static unsigned int loongarch_pmu_perf_event_encode(const struct loongarch_perf_event *pev)
{
- return (pev->event_id & 0xff);
+ return M_PERFCTL_EVENT(pev->event_id);
}
static const struct loongarch_perf_event *loongarch_pmu_map_general_event(int idx)
@@ -849,7 +849,7 @@ static void resume_local_counters(void)
static const struct loongarch_perf_event *loongarch_pmu_map_raw_event(u64 config)
{
- raw_event.event_id = config & 0xff;
+ raw_event.event_id = M_PERFCTL_EVENT(config);
return &raw_event;
}
^ permalink raw reply [flat|nested] 200+ messages in thread
* [PATCH 6.3 059/187] io_uring/net: save msghdr->msg_control for retries
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (57 preceding siblings ...)
2023-06-19 10:27 ` [PATCH 6.3 058/187] LoongArch: Fix perf event id calculation Greg Kroah-Hartman
@ 2023-06-19 10:27 ` Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 060/187] Revert "drm/amdgpu: remove TOPDOWN flags when allocating VRAM in large bar system" Greg Kroah-Hartman
` (139 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:27 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Jens Axboe, Marek Majkowski
From: Jens Axboe <axboe@kernel.dk>
commit cac9e4418f4cbd548ccb065b3adcafe073f7f7d2 upstream.
If the application sets ->msg_control and we have to later retry this
command, or if it got queued with IOSQE_ASYNC to begin with, then we
need to retain the original msg_control value. This is due to the net
stack overwriting this field with an in-kernel pointer, to copy it
in. Hitting that path for the second time will now fail the copy from
user, as it's attempting to copy from a non-user address.
Cc: stable@vger.kernel.org # 5.10+
Link: https://github.com/axboe/liburing/issues/880
Reported-and-tested-by: Marek Majkowski <marek@cloudflare.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
io_uring/net.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
--- a/io_uring/net.c
+++ b/io_uring/net.c
@@ -65,6 +65,7 @@ struct io_sr_msg {
u16 addr_len;
u16 buf_group;
void __user *addr;
+ void __user *msg_control;
/* used only for send zerocopy */
struct io_kiocb *notif;
};
@@ -195,11 +196,15 @@ static int io_sendmsg_copy_hdr(struct io
struct io_async_msghdr *iomsg)
{
struct io_sr_msg *sr = io_kiocb_to_cmd(req, struct io_sr_msg);
+ int ret;
iomsg->msg.msg_name = &iomsg->addr;
iomsg->free_iov = iomsg->fast_iov;
- return sendmsg_copy_msghdr(&iomsg->msg, sr->umsg, sr->msg_flags,
+ ret = sendmsg_copy_msghdr(&iomsg->msg, sr->umsg, sr->msg_flags,
&iomsg->free_iov);
+ /* save msg_control as sys_sendmsg() overwrites it */
+ sr->msg_control = iomsg->msg.msg_control;
+ return ret;
}
int io_send_prep_async(struct io_kiocb *req)
@@ -297,6 +302,7 @@ int io_sendmsg(struct io_kiocb *req, uns
if (req_has_async_data(req)) {
kmsg = req->async_data;
+ kmsg->msg.msg_control = sr->msg_control;
} else {
ret = io_sendmsg_copy_hdr(req, &iomsg);
if (ret)
^ permalink raw reply [flat|nested] 200+ messages in thread
* [PATCH 6.3 060/187] Revert "drm/amdgpu: remove TOPDOWN flags when allocating VRAM in large bar system"
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (58 preceding siblings ...)
2023-06-19 10:27 ` [PATCH 6.3 059/187] io_uring/net: save msghdr->msg_control for retries Greg Kroah-Hartman
@ 2023-06-19 10:27 ` Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 061/187] kexec: support purgatories with .text.hot sections Greg Kroah-Hartman
` (138 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Arunpravin Paneer Selvam,
Christian König, Alex Deucher
From: Arunpravin Paneer Selvam <Arunpravin.PaneerSelvam@amd.com>
commit 34e5a54327dce5033582f3609eb54812a8c61b90 upstream.
This reverts commit c105518679b6e87232874ffc989ec403bee59664.
This patch disables the TOPDOWN flag for APU and few dGPU cards
which has the VRAM size equal to the BAR size.
When we enable the TOPDOWN flag, we get the free blocks at
the highest available memory region and we don't split the
lower order blocks. This change is required to keep off
the fragmentation related issues particularly in ASIC
which has VRAM space <= 500MiB
Hence, we are reverting this patch.
Link: https://gitlab.freedesktop.org/drm/amd/-/issues/2270
Signed-off-by: Arunpravin Paneer Selvam <Arunpravin.PaneerSelvam@amd.com>
Reviewed-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_object.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_object.c
index 3b225be89cb7..a70103ac0026 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_object.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_object.c
@@ -140,7 +140,7 @@ void amdgpu_bo_placement_from_domain(struct amdgpu_bo *abo, u32 domain)
if (flags & AMDGPU_GEM_CREATE_CPU_ACCESS_REQUIRED)
places[c].lpfn = visible_pfn;
- else if (adev->gmc.real_vram_size != adev->gmc.visible_vram_size)
+ else
places[c].flags |= TTM_PL_FLAG_TOPDOWN;
if (flags & AMDGPU_GEM_CREATE_VRAM_CONTIGUOUS)
--
2.41.0
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 061/187] kexec: support purgatories with .text.hot sections
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (59 preceding siblings ...)
2023-06-19 10:27 ` [PATCH 6.3 060/187] Revert "drm/amdgpu: remove TOPDOWN flags when allocating VRAM in large bar system" Greg Kroah-Hartman
@ 2023-06-19 10:27 ` Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 062/187] x86/purgatory: remove PGO flags Greg Kroah-Hartman
` (137 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:27 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ricardo Ribalda, Ross Zwisler,
Steven Rostedt (Google), Philipp Rudo, Albert Ou, Baoquan He,
Borislav Petkov (AMD), Christophe Leroy, Dave Hansen, Dave Young,
Eric W. Biederman, H. Peter Anvin, Ingo Molnar, Michael Ellerman,
Nathan Chancellor, Nicholas Piggin, Nick Desaulniers,
Palmer Dabbelt, Palmer Dabbelt, Paul Walmsley, Simon Horman,
Thomas Gleixner, Tom Rix, Andrew Morton
From: Ricardo Ribalda <ribalda@chromium.org>
commit 8652d44f466ad5772e7d1756e9457046189b0dfc upstream.
Patch series "kexec: Fix kexec_file_load for llvm16 with PGO", v7.
When upreving llvm I realised that kexec stopped working on my test
platform.
The reason seems to be that due to PGO there are multiple .text sections
on the purgatory, and kexec does not supports that.
This patch (of 4):
Clang16 links the purgatory text in two sections when PGO is in use:
[ 1] .text PROGBITS 0000000000000000 00000040
00000000000011a1 0000000000000000 AX 0 0 16
[ 2] .rela.text RELA 0000000000000000 00003498
0000000000000648 0000000000000018 I 24 1 8
...
[17] .text.hot. PROGBITS 0000000000000000 00003220
000000000000020b 0000000000000000 AX 0 0 1
[18] .rela.text.hot. RELA 0000000000000000 00004428
0000000000000078 0000000000000018 I 24 17 8
And both of them have their range [sh_addr ... sh_addr+sh_size] on the
area pointed by `e_entry`.
This causes that image->start is calculated twice, once for .text and
another time for .text.hot. The second calculation leaves image->start
in a random location.
Because of this, the system crashes immediately after:
kexec_core: Starting new kernel
Link: https://lkml.kernel.org/r/20230321-kexec_clang16-v7-0-b05c520b7296@chromium.org
Link: https://lkml.kernel.org/r/20230321-kexec_clang16-v7-1-b05c520b7296@chromium.org
Fixes: 930457057abe ("kernel/kexec_file.c: split up __kexec_load_puragory")
Signed-off-by: Ricardo Ribalda <ribalda@chromium.org>
Reviewed-by: Ross Zwisler <zwisler@google.com>
Reviewed-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Reviewed-by: Philipp Rudo <prudo@redhat.com>
Cc: Albert Ou <aou@eecs.berkeley.edu>
Cc: Baoquan He <bhe@redhat.com>
Cc: Borislav Petkov (AMD) <bp@alien8.de>
Cc: Christophe Leroy <christophe.leroy@csgroup.eu>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: Dave Young <dyoung@redhat.com>
Cc: Eric W. Biederman <ebiederm@xmission.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Cc: Nathan Chancellor <nathan@kernel.org>
Cc: Nicholas Piggin <npiggin@gmail.com>
Cc: Nick Desaulniers <ndesaulniers@google.com>
Cc: Palmer Dabbelt <palmer@dabbelt.com>
Cc: Palmer Dabbelt <palmer@rivosinc.com>
Cc: Paul Walmsley <paul.walmsley@sifive.com>
Cc: Simon Horman <horms@kernel.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Tom Rix <trix@redhat.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/kexec_file.c | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
--- a/kernel/kexec_file.c
+++ b/kernel/kexec_file.c
@@ -901,10 +901,22 @@ static int kexec_purgatory_setup_sechdrs
}
offset = ALIGN(offset, align);
+
+ /*
+ * Check if the segment contains the entry point, if so,
+ * calculate the value of image->start based on it.
+ * If the compiler has produced more than one .text section
+ * (Eg: .text.hot), they are generally after the main .text
+ * section, and they shall not be used to calculate
+ * image->start. So do not re-calculate image->start if it
+ * is not set to the initial value, and warn the user so they
+ * have a chance to fix their purgatory's linker script.
+ */
if (sechdrs[i].sh_flags & SHF_EXECINSTR &&
pi->ehdr->e_entry >= sechdrs[i].sh_addr &&
pi->ehdr->e_entry < (sechdrs[i].sh_addr
- + sechdrs[i].sh_size)) {
+ + sechdrs[i].sh_size) &&
+ !WARN_ON(kbuf->image->start != pi->ehdr->e_entry)) {
kbuf->image->start -= sechdrs[i].sh_addr;
kbuf->image->start += kbuf->mem + offset;
}
^ permalink raw reply [flat|nested] 200+ messages in thread
* [PATCH 6.3 062/187] x86/purgatory: remove PGO flags
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (60 preceding siblings ...)
2023-06-19 10:27 ` [PATCH 6.3 061/187] kexec: support purgatories with .text.hot sections Greg Kroah-Hartman
@ 2023-06-19 10:28 ` Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 063/187] riscv/purgatory: " Greg Kroah-Hartman
` (136 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ricardo Ribalda, Albert Ou,
Baoquan He, Borislav Petkov (AMD), Christophe Leroy, Dave Hansen,
Dave Young, Eric W. Biederman, H. Peter Anvin, Ingo Molnar,
Michael Ellerman, Nathan Chancellor, Nicholas Piggin,
Nick Desaulniers, Palmer Dabbelt, Palmer Dabbelt, Paul Walmsley,
Philipp Rudo, Ross Zwisler, Simon Horman, Steven Rostedt (Google),
Thomas Gleixner, Tom Rix, Andrew Morton
From: Ricardo Ribalda <ribalda@chromium.org>
commit 97b6b9cbba40a21c1d9a344d5c1991f8cfbf136e upstream.
If profile-guided optimization is enabled, the purgatory ends up with
multiple .text sections. This is not supported by kexec and crashes the
system.
Link: https://lkml.kernel.org/r/20230321-kexec_clang16-v7-2-b05c520b7296@chromium.org
Fixes: 930457057abe ("kernel/kexec_file.c: split up __kexec_load_puragory")
Signed-off-by: Ricardo Ribalda <ribalda@chromium.org>
Cc: <stable@vger.kernel.org>
Cc: Albert Ou <aou@eecs.berkeley.edu>
Cc: Baoquan He <bhe@redhat.com>
Cc: Borislav Petkov (AMD) <bp@alien8.de>
Cc: Christophe Leroy <christophe.leroy@csgroup.eu>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: Dave Young <dyoung@redhat.com>
Cc: Eric W. Biederman <ebiederm@xmission.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Cc: Nathan Chancellor <nathan@kernel.org>
Cc: Nicholas Piggin <npiggin@gmail.com>
Cc: Nick Desaulniers <ndesaulniers@google.com>
Cc: Palmer Dabbelt <palmer@dabbelt.com>
Cc: Palmer Dabbelt <palmer@rivosinc.com>
Cc: Paul Walmsley <paul.walmsley@sifive.com>
Cc: Philipp Rudo <prudo@redhat.com>
Cc: Ross Zwisler <zwisler@google.com>
Cc: Simon Horman <horms@kernel.org>
Cc: Steven Rostedt (Google) <rostedt@goodmis.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Tom Rix <trix@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/purgatory/Makefile | 5 +++++
1 file changed, 5 insertions(+)
--- a/arch/x86/purgatory/Makefile
+++ b/arch/x86/purgatory/Makefile
@@ -14,6 +14,11 @@ $(obj)/sha256.o: $(srctree)/lib/crypto/s
CFLAGS_sha256.o := -D__DISABLE_EXPORTS
+# When profile-guided optimization is enabled, llvm emits two different
+# overlapping text sections, which is not supported by kexec. Remove profile
+# optimization flags.
+KBUILD_CFLAGS := $(filter-out -fprofile-sample-use=% -fprofile-use=%,$(KBUILD_CFLAGS))
+
# When linking purgatory.ro with -r unresolved symbols are not checked,
# also link a purgatory.chk binary without -r to check for unresolved symbols.
PURGATORY_LDFLAGS := -e purgatory_start -z nodefaultlib
^ permalink raw reply [flat|nested] 200+ messages in thread
* [PATCH 6.3 063/187] riscv/purgatory: remove PGO flags
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (61 preceding siblings ...)
2023-06-19 10:28 ` [PATCH 6.3 062/187] x86/purgatory: remove PGO flags Greg Kroah-Hartman
@ 2023-06-19 10:28 ` Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 064/187] powerpc/purgatory: " Greg Kroah-Hartman
` (135 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ricardo Ribalda, Palmer Dabbelt,
Albert Ou, Baoquan He, Borislav Petkov (AMD), Christophe Leroy,
Dave Hansen, Dave Young, Eric W. Biederman, H. Peter Anvin,
Ingo Molnar, Michael Ellerman, Nathan Chancellor, Nicholas Piggin,
Nick Desaulniers, Palmer Dabbelt, Paul Walmsley, Philipp Rudo,
Ross Zwisler, Simon Horman, Steven Rostedt (Google),
Thomas Gleixner, Tom Rix, Andrew Morton
From: Ricardo Ribalda <ribalda@chromium.org>
commit 88ac3bbcf73853880a9b2a65c67e6854390741cc upstream.
If profile-guided optimization is enabled, the purgatory ends up with
multiple .text sections. This is not supported by kexec and crashes the
system.
Link: https://lkml.kernel.org/r/20230321-kexec_clang16-v7-4-b05c520b7296@chromium.org
Fixes: 930457057abe ("kernel/kexec_file.c: split up __kexec_load_puragory")
Signed-off-by: Ricardo Ribalda <ribalda@chromium.org>
Acked-by: Palmer Dabbelt <palmer@rivosinc.com>
Cc: <stable@vger.kernel.org>
Cc: Albert Ou <aou@eecs.berkeley.edu>
Cc: Baoquan He <bhe@redhat.com>
Cc: Borislav Petkov (AMD) <bp@alien8.de>
Cc: Christophe Leroy <christophe.leroy@csgroup.eu>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: Dave Young <dyoung@redhat.com>
Cc: Eric W. Biederman <ebiederm@xmission.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Cc: Nathan Chancellor <nathan@kernel.org>
Cc: Nicholas Piggin <npiggin@gmail.com>
Cc: Nick Desaulniers <ndesaulniers@google.com>
Cc: Palmer Dabbelt <palmer@dabbelt.com>
Cc: Paul Walmsley <paul.walmsley@sifive.com>
Cc: Philipp Rudo <prudo@redhat.com>
Cc: Ross Zwisler <zwisler@google.com>
Cc: Simon Horman <horms@kernel.org>
Cc: Steven Rostedt (Google) <rostedt@goodmis.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Tom Rix <trix@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/riscv/purgatory/Makefile | 5 +++++
1 file changed, 5 insertions(+)
--- a/arch/riscv/purgatory/Makefile
+++ b/arch/riscv/purgatory/Makefile
@@ -35,6 +35,11 @@ CFLAGS_sha256.o := -D__DISABLE_EXPORTS
CFLAGS_string.o := -D__DISABLE_EXPORTS
CFLAGS_ctype.o := -D__DISABLE_EXPORTS
+# When profile-guided optimization is enabled, llvm emits two different
+# overlapping text sections, which is not supported by kexec. Remove profile
+# optimization flags.
+KBUILD_CFLAGS := $(filter-out -fprofile-sample-use=% -fprofile-use=%,$(KBUILD_CFLAGS))
+
# When linking purgatory.ro with -r unresolved symbols are not checked,
# also link a purgatory.chk binary without -r to check for unresolved symbols.
PURGATORY_LDFLAGS := -e purgatory_start -z nodefaultlib
^ permalink raw reply [flat|nested] 200+ messages in thread
* [PATCH 6.3 064/187] powerpc/purgatory: remove PGO flags
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (62 preceding siblings ...)
2023-06-19 10:28 ` [PATCH 6.3 063/187] riscv/purgatory: " Greg Kroah-Hartman
@ 2023-06-19 10:28 ` Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 065/187] btrfs: subpage: fix a crash in metadata repair path Greg Kroah-Hartman
` (134 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ricardo Ribalda, Michael Ellerman,
Nicholas Piggin, Christophe Leroy, Albert Ou, Baoquan He,
Borislav Petkov (AMD), Dave Hansen, Dave Young, Eric W. Biederman,
H. Peter Anvin, Ingo Molnar, Nathan Chancellor, Nick Desaulniers,
Palmer Dabbelt, Palmer Dabbelt, Paul Walmsley, Philipp Rudo,
Ross Zwisler, Simon Horman, Steven Rostedt (Google),
Thomas Gleixner, Tom Rix, Andrew Morton
From: Ricardo Ribalda <ribalda@chromium.org>
commit 20188baceb7a1463dc0bcb0c8678b69c2f447df6 upstream.
If profile-guided optimization is enabled, the purgatory ends up with
multiple .text sections. This is not supported by kexec and crashes the
system.
Link: https://lkml.kernel.org/r/20230321-kexec_clang16-v7-3-b05c520b7296@chromium.org
Fixes: 930457057abe ("kernel/kexec_file.c: split up __kexec_load_puragory")
Signed-off-by: Ricardo Ribalda <ribalda@chromium.org>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Cc: Nicholas Piggin <npiggin@gmail.com>
Cc: Christophe Leroy <christophe.leroy@csgroup.eu>
Cc: <stable@vger.kernel.org>
Cc: Albert Ou <aou@eecs.berkeley.edu>
Cc: Baoquan He <bhe@redhat.com>
Cc: Borislav Petkov (AMD) <bp@alien8.de>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: Dave Young <dyoung@redhat.com>
Cc: Eric W. Biederman <ebiederm@xmission.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Nathan Chancellor <nathan@kernel.org>
Cc: Nick Desaulniers <ndesaulniers@google.com>
Cc: Palmer Dabbelt <palmer@dabbelt.com>
Cc: Palmer Dabbelt <palmer@rivosinc.com>
Cc: Paul Walmsley <paul.walmsley@sifive.com>
Cc: Philipp Rudo <prudo@redhat.com>
Cc: Ross Zwisler <zwisler@google.com>
Cc: Simon Horman <horms@kernel.org>
Cc: Steven Rostedt (Google) <rostedt@goodmis.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Tom Rix <trix@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/purgatory/Makefile | 5 +++++
1 file changed, 5 insertions(+)
--- a/arch/powerpc/purgatory/Makefile
+++ b/arch/powerpc/purgatory/Makefile
@@ -5,6 +5,11 @@ KCSAN_SANITIZE := n
targets += trampoline_$(BITS).o purgatory.ro
+# When profile-guided optimization is enabled, llvm emits two different
+# overlapping text sections, which is not supported by kexec. Remove profile
+# optimization flags.
+KBUILD_CFLAGS := $(filter-out -fprofile-sample-use=% -fprofile-use=%,$(KBUILD_CFLAGS))
+
LDFLAGS_purgatory.ro := -e purgatory_start -r --no-undefined
$(obj)/purgatory.ro: $(obj)/trampoline_$(BITS).o FORCE
^ permalink raw reply [flat|nested] 200+ messages in thread
* [PATCH 6.3 065/187] btrfs: subpage: fix a crash in metadata repair path
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (63 preceding siblings ...)
2023-06-19 10:28 ` [PATCH 6.3 064/187] powerpc/purgatory: " Greg Kroah-Hartman
@ 2023-06-19 10:28 ` Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 066/187] btrfs: properly enable async discard when switching from RO->RW Greg Kroah-Hartman
` (133 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christoph Hellwig, Qu Wenruo,
David Sterba
From: Qu Wenruo <wqu@suse.com>
commit 917ac77846b907dfdbd878688a9a61236ad6c51e upstream.
[BUG]
Test case btrfs/027 would crash with subpage (64K page size, 4K
sectorsize) with the following dying messages:
debug: map_length=16384 length=65536 type=metadata|raid6(0x104)
assertion failed: map_length >= length, in fs/btrfs/volumes.c:8093
------------[ cut here ]------------
kernel BUG at fs/btrfs/messages.c:259!
Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015
Call trace:
btrfs_assertfail+0x28/0x2c [btrfs]
btrfs_map_repair_block+0x150/0x2b8 [btrfs]
btrfs_repair_io_failure+0xd4/0x31c [btrfs]
btrfs_read_extent_buffer+0x150/0x16c [btrfs]
read_tree_block+0x38/0xbc [btrfs]
read_tree_root_path+0xfc/0x1bc [btrfs]
btrfs_get_root_ref.part.0+0xd4/0x3a8 [btrfs]
open_ctree+0xa30/0x172c [btrfs]
btrfs_mount_root+0x3c4/0x4a4 [btrfs]
legacy_get_tree+0x30/0x60
vfs_get_tree+0x28/0xec
vfs_kern_mount.part.0+0x90/0xd4
vfs_kern_mount+0x14/0x28
btrfs_mount+0x114/0x418 [btrfs]
legacy_get_tree+0x30/0x60
vfs_get_tree+0x28/0xec
path_mount+0x3e0/0xb64
__arm64_sys_mount+0x200/0x2d8
invoke_syscall+0x48/0x114
el0_svc_common.constprop.0+0x60/0x11c
do_el0_svc+0x38/0x98
el0_svc+0x40/0xa8
el0t_64_sync_handler+0xf4/0x120
el0t_64_sync+0x190/0x194
Code: aa0403e2 b0fff060 91010000 959c2024 (d4210000)
[CAUSE]
In btrfs/027 we test RAID6 with missing devices, in this particular
case, we're repairing a metadata at the end of a data stripe.
But at btrfs_repair_io_failure(), we always pass a full PAGE for repair,
and for subpage case this can cross stripe boundary and lead to the
above BUG_ON().
This metadata repair code is always there, since the introduction of
subpage support, but this can trigger BUG_ON() after the bio split
ability at btrfs_map_bio().
[FIX]
Instead of passing the old PAGE_SIZE, we calculate the correct length
based on the eb size and page size for both regular and subpage cases.
CC: stable@vger.kernel.org # 6.3+
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/disk-io.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c
index 2b1b227505f3..88e6d1072a35 100644
--- a/fs/btrfs/disk-io.c
+++ b/fs/btrfs/disk-io.c
@@ -242,7 +242,6 @@ static int btrfs_repair_eb_io_failure(const struct extent_buffer *eb,
int mirror_num)
{
struct btrfs_fs_info *fs_info = eb->fs_info;
- u64 start = eb->start;
int i, num_pages = num_extent_pages(eb);
int ret = 0;
@@ -251,12 +250,14 @@ static int btrfs_repair_eb_io_failure(const struct extent_buffer *eb,
for (i = 0; i < num_pages; i++) {
struct page *p = eb->pages[i];
+ u64 start = max_t(u64, eb->start, page_offset(p));
+ u64 end = min_t(u64, eb->start + eb->len, page_offset(p) + PAGE_SIZE);
+ u32 len = end - start;
- ret = btrfs_repair_io_failure(fs_info, 0, start, PAGE_SIZE,
- start, p, start - page_offset(p), mirror_num);
+ ret = btrfs_repair_io_failure(fs_info, 0, start, len,
+ start, p, offset_in_page(start), mirror_num);
if (ret)
break;
- start += PAGE_SIZE;
}
return ret;
--
2.41.0
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 066/187] btrfs: properly enable async discard when switching from RO->RW
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (64 preceding siblings ...)
2023-06-19 10:28 ` [PATCH 6.3 065/187] btrfs: subpage: fix a crash in metadata repair path Greg Kroah-Hartman
@ 2023-06-19 10:28 ` Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 067/187] btrfs: do not ASSERT() on duplicated global roots Greg Kroah-Hartman
` (132 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:28 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Boris Burkov, Chris Mason,
David Sterba
From: Chris Mason <clm@fb.com>
commit 981a37bab5e5f16137266d3f00cf2bd018af36ef upstream.
The async discard uses the BTRFS_FS_DISCARD_RUNNING bit in the fs_info
to force discards off when the filesystem has aborted or we're generally
not able to run discards. This gets flipped on when we're mounted rw,
and also when we go from ro->rw.
Commit 63a7cb13071842 ("btrfs: auto enable discard=async when possible")
enabled async discard by default, and this meant
"mount -o ro /dev/xxx /yyy" had async discards turned on.
Unfortunately, this meant our check in btrfs_remount_cleanup() would see
that discards are already on:
/* If we toggled discard async */
if (!btrfs_raw_test_opt(old_opts, DISCARD_ASYNC) &&
btrfs_test_opt(fs_info, DISCARD_ASYNC))
btrfs_discard_resume(fs_info);
So, we'd never call btrfs_discard_resume() when remounting the root
filesystem from ro->rw.
drgn shows this really nicely:
import os
import sys
from drgn.helpers.linux.fs import path_lookup
from drgn import NULL, Object, Type, cast
def btrfs_sb(sb):
return cast("struct btrfs_fs_info *", sb.s_fs_info)
if len(sys.argv) == 1:
path = "/"
else:
path = sys.argv[1]
fs_info = cast("struct btrfs_fs_info *", path_lookup(prog, path).mnt.mnt_sb.s_fs_info)
BTRFS_FS_DISCARD_RUNNING = 1 << prog['BTRFS_FS_DISCARD_RUNNING']
if fs_info.flags & BTRFS_FS_DISCARD_RUNNING:
print("discard running flag is on")
else:
print("discard running flag is off")
[root]# mount | grep nvme
/dev/nvme0n1p3 on / type btrfs
(rw,relatime,compress-force=zstd:3,ssd,discard=async,space_cache=v2,subvolid=5,subvol=/)
[root]# ./discard_running.drgn
discard running flag is off
[root]# mount -o remount,discard=sync /
[root]# mount -o remount,discard=async /
[root]# ./discard_running.drgn
discard running flag is on
The fix is to call btrfs_discard_resume() when we're going from ro->rw.
It already checks to make sure the async discard flag is on, so it'll do
the right thing.
Fixes: 63a7cb13071842 ("btrfs: auto enable discard=async when possible")
CC: stable@vger.kernel.org # 6.3+
Reviewed-by: Boris Burkov <boris@bur.io>
Signed-off-by: Chris Mason <clm@fb.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/super.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/fs/btrfs/super.c
+++ b/fs/btrfs/super.c
@@ -1840,6 +1840,12 @@ static int btrfs_remount(struct super_bl
btrfs_clear_sb_rdonly(sb);
set_bit(BTRFS_FS_OPEN, &fs_info->flags);
+
+ /*
+ * If we've gone from readonly -> read/write, we need to get
+ * our sync/async discard lists in the right state.
+ */
+ btrfs_discard_resume(fs_info);
}
out:
/*
^ permalink raw reply [flat|nested] 200+ messages in thread
* [PATCH 6.3 067/187] btrfs: do not ASSERT() on duplicated global roots
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (65 preceding siblings ...)
2023-06-19 10:28 ` [PATCH 6.3 066/187] btrfs: properly enable async discard when switching from RO->RW Greg Kroah-Hartman
@ 2023-06-19 10:28 ` Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 068/187] btrfs: fix iomap_begin length for nocow writes Greg Kroah-Hartman
` (131 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+a694851c6ab28cbcfb9c,
Qu Wenruo, David Sterba
From: Qu Wenruo <wqu@suse.com>
commit 745806fb4554f334e6406fa82b328562aa48f08f upstream.
[BUG]
Syzbot reports a reproducible ASSERT() when using rescue=usebackuproot
mount option on a corrupted fs.
The full report can be found here:
https://syzkaller.appspot.com/bug?extid=c4614eae20a166c25bf0
BTRFS error (device loop0: state C): failed to load root csum
assertion failed: !tmp, in fs/btrfs/disk-io.c:1103
------------[ cut here ]------------
kernel BUG at fs/btrfs/ctree.h:3664!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 3608 Comm: syz-executor356 Not tainted 6.0.0-rc7-syzkaller-00029-g3800a713b607 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022
RIP: 0010:assertfail+0x1a/0x1c fs/btrfs/ctree.h:3663
RSP: 0018:ffffc90003aaf250 EFLAGS: 00010246
RAX: 0000000000000032 RBX: 0000000000000000 RCX: f21c13f886638400
RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
RBP: ffff888021c640a0 R08: ffffffff816bd38d R09: ffffed10173667f1
R10: ffffed10173667f1 R11: 1ffff110173667f0 R12: dffffc0000000000
R13: ffff8880229c21f7 R14: ffff888021c64060 R15: ffff8880226c0000
FS: 0000555556a73300(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055a2637d7a00 CR3: 00000000709c4000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
btrfs_global_root_insert+0x1a7/0x1b0 fs/btrfs/disk-io.c:1103
load_global_roots_objectid+0x482/0x8c0 fs/btrfs/disk-io.c:2467
load_global_roots fs/btrfs/disk-io.c:2501 [inline]
btrfs_read_roots fs/btrfs/disk-io.c:2528 [inline]
init_tree_roots+0xccb/0x203c fs/btrfs/disk-io.c:2939
open_ctree+0x1e53/0x33df fs/btrfs/disk-io.c:3574
btrfs_fill_super+0x1c6/0x2d0 fs/btrfs/super.c:1456
btrfs_mount_root+0x885/0x9a0 fs/btrfs/super.c:1824
legacy_get_tree+0xea/0x180 fs/fs_context.c:610
vfs_get_tree+0x88/0x270 fs/super.c:1530
fc_mount fs/namespace.c:1043 [inline]
vfs_kern_mount+0xc9/0x160 fs/namespace.c:1073
btrfs_mount+0x3d3/0xbb0 fs/btrfs/super.c:1884
[CAUSE]
Since the introduction of global roots, we handle
csum/extent/free-space-tree roots as global roots, even if no
extent-tree-v2 feature is enabled.
So for regular csum/extent/fst roots, we load them into
fs_info::global_root_tree rb tree.
And we should not expect any conflicts in that rb tree, thus we have an
ASSERT() inside btrfs_global_root_insert().
But rescue=usebackuproot can break the assumption, as we will try to
load those trees again and again as long as we have bad roots and have
backup roots slot remaining.
So in that case we can have conflicting roots in the rb tree, and
triggering the ASSERT() crash.
[FIX]
We can safely remove that ASSERT(), as the caller will properly put the
offending root.
To make further debugging easier, also add two explicit error messages:
- Error message for conflicting global roots
- Error message when using backup roots slot
Reported-by: syzbot+a694851c6ab28cbcfb9c@syzkaller.appspotmail.com
Fixes: abed4aaae4f7 ("btrfs: track the csum, extent, and free space trees in a rb tree")
CC: stable@vger.kernel.org # 6.1+
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/disk-io.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
--- a/fs/btrfs/disk-io.c
+++ b/fs/btrfs/disk-io.c
@@ -996,13 +996,18 @@ int btrfs_global_root_insert(struct btrf
{
struct btrfs_fs_info *fs_info = root->fs_info;
struct rb_node *tmp;
+ int ret = 0;
write_lock(&fs_info->global_root_lock);
tmp = rb_find_add(&root->rb_node, &fs_info->global_root_tree, global_root_cmp);
write_unlock(&fs_info->global_root_lock);
- ASSERT(!tmp);
- return tmp ? -EEXIST : 0;
+ if (tmp) {
+ ret = -EEXIST;
+ btrfs_warn(fs_info, "global root %llu %llu already exists",
+ root->root_key.objectid, root->root_key.offset);
+ }
+ return ret;
}
void btrfs_global_root_delete(struct btrfs_root *root)
@@ -2843,6 +2848,7 @@ static int __cold init_tree_roots(struct
/* We can't trust the free space cache either */
btrfs_set_opt(fs_info->mount_opt, CLEAR_CACHE);
+ btrfs_warn(fs_info, "try to load backup roots slot %d", i);
ret = read_backup_root(fs_info, i);
backup_index = ret;
if (ret < 0)
^ permalink raw reply [flat|nested] 200+ messages in thread
* [PATCH 6.3 068/187] btrfs: fix iomap_begin length for nocow writes
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (66 preceding siblings ...)
2023-06-19 10:28 ` [PATCH 6.3 067/187] btrfs: do not ASSERT() on duplicated global roots Greg Kroah-Hartman
@ 2023-06-19 10:28 ` Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 069/187] btrfs: can_nocow_file_extent should pass down args->strict from callers Greg Kroah-Hartman
` (130 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+ee90502d5c8fd1d0dd93,
Filipe Manana, Christoph Hellwig, David Sterba
From: Christoph Hellwig <hch@lst.de>
commit 7833b865953c8e62abc76a3261c04132b2fb69de upstream.
can_nocow_extent can reduce the len passed in, which needs to be
propagated to btrfs_dio_iomap_begin so that iomap does not submit
more data then is mapped.
This problems exists since the btrfs_get_blocks_direct helper was added
in commit c5794e51784a ("btrfs: Factor out write portion of
btrfs_get_blocks_direct"), but the ordered_extent splitting added in
commit b73a6fd1b1ef ("btrfs: split partial dio bios before submit")
added a WARN_ON that made a syzkaller test fail.
Reported-by: syzbot+ee90502d5c8fd1d0dd93@syzkaller.appspotmail.com
Fixes: c5794e51784a ("btrfs: Factor out write portion of btrfs_get_blocks_direct")
CC: stable@vger.kernel.org # 6.1+
Tested-by: syzbot+ee90502d5c8fd1d0dd93@syzkaller.appspotmail.com
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/inode.c | 18 ++++++++++++------
1 file changed, 12 insertions(+), 6 deletions(-)
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -7324,7 +7324,7 @@ static struct extent_map *create_io_em(s
static int btrfs_get_blocks_direct_write(struct extent_map **map,
struct inode *inode,
struct btrfs_dio_data *dio_data,
- u64 start, u64 len,
+ u64 start, u64 *lenp,
unsigned int iomap_flags)
{
const bool nowait = (iomap_flags & IOMAP_NOWAIT);
@@ -7335,6 +7335,7 @@ static int btrfs_get_blocks_direct_write
struct btrfs_block_group *bg;
bool can_nocow = false;
bool space_reserved = false;
+ u64 len = *lenp;
u64 prev_len;
int ret = 0;
@@ -7405,15 +7406,19 @@ static int btrfs_get_blocks_direct_write
free_extent_map(em);
*map = NULL;
- if (nowait)
- return -EAGAIN;
+ if (nowait) {
+ ret = -EAGAIN;
+ goto out;
+ }
/*
* If we could not allocate data space before locking the file
* range and we can't do a NOCOW write, then we have to fail.
*/
- if (!dio_data->data_space_reserved)
- return -ENOSPC;
+ if (!dio_data->data_space_reserved) {
+ ret = -ENOSPC;
+ goto out;
+ }
/*
* We have to COW and we have already reserved data space before,
@@ -7454,6 +7459,7 @@ out:
btrfs_delalloc_release_extents(BTRFS_I(inode), len);
btrfs_delalloc_release_metadata(BTRFS_I(inode), len, true);
}
+ *lenp = len;
return ret;
}
@@ -7630,7 +7636,7 @@ static int btrfs_dio_iomap_begin(struct
if (write) {
ret = btrfs_get_blocks_direct_write(&em, inode, dio_data,
- start, len, flags);
+ start, &len, flags);
if (ret < 0)
goto unlock_err;
unlock_extents = true;
^ permalink raw reply [flat|nested] 200+ messages in thread
* [PATCH 6.3 069/187] btrfs: can_nocow_file_extent should pass down args->strict from callers
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (67 preceding siblings ...)
2023-06-19 10:28 ` [PATCH 6.3 068/187] btrfs: fix iomap_begin length for nocow writes Greg Kroah-Hartman
@ 2023-06-19 10:28 ` Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 070/187] ALSA: usb-audio: Fix broken resume due to UAC3 power state Greg Kroah-Hartman
` (129 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Filipe Manana, Chris Mason,
David Sterba
From: Chris Mason <clm@fb.com>
commit deccae40e4b30f98837e44225194d80c8baf2233 upstream.
Commit 619104ba453ad0 ("btrfs: move common NOCOW checks against a file
extent into a helper") changed our call to btrfs_cross_ref_exist() to
always pass false for the 'strict' parameter. We're passing this down
through the stack so that we can do a full check for cross references
during swapfile activation.
With strict always false, this test fails:
btrfs subvol create swappy
chattr +C swappy
fallocate -l1G swappy/swapfile
chmod 600 swappy/swapfile
mkswap swappy/swapfile
btrfs subvol snap swappy swapsnap
btrfs subvol del -C swapsnap
btrfs fi sync /
sync;sync;sync
swapon swappy/swapfile
The fix is to just use args->strict, and everyone except swapfile
activation is passing false.
Fixes: 619104ba453ad0 ("btrfs: move common NOCOW checks against a file extent into a helper")
CC: stable@vger.kernel.org # 6.1+
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Chris Mason <clm@fb.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/inode.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -1869,7 +1869,7 @@ static int can_nocow_file_extent(struct
ret = btrfs_cross_ref_exist(root, btrfs_ino(inode),
key->offset - args->extent_offset,
- args->disk_bytenr, false, path);
+ args->disk_bytenr, args->strict, path);
WARN_ON_ONCE(ret > 0 && is_freespace_inode);
if (ret != 0)
goto out;
^ permalink raw reply [flat|nested] 200+ messages in thread
* [PATCH 6.3 070/187] ALSA: usb-audio: Fix broken resume due to UAC3 power state
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (68 preceding siblings ...)
2023-06-19 10:28 ` [PATCH 6.3 069/187] btrfs: can_nocow_file_extent should pass down args->strict from callers Greg Kroah-Hartman
@ 2023-06-19 10:28 ` Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 071/187] ALSA: usb-audio: Add quirk flag for HEM devices to enable native DSD playback Greg Kroah-Hartman
` (128 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:28 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Takashi Iwai
From: Takashi Iwai <tiwai@suse.de>
commit 8ba61c9f6c9bdfbf9d197b0282641d24ae909778 upstream.
As reported in the bugzilla below, the PM resume of a UAC3 device may
fail due to the incomplete power state change, stuck at D1. The
reason is that the driver expects the full D0 power state change only
at hw_params, while the normal PCM resume procedure doesn't call
hw_params.
For fixing the bug, we add the same power state update to D0 at the
prepare callback, which is certainly called by the resume procedure.
Note that, with this change, the power state change in the hw_params
becomes almost redundant, since snd_usb_hw_params() doesn't touch the
parameters (at least it tires so). But dropping it is still a bit
risky (e.g. we have the media-driver binding), so I leave the D0 power
state change in snd_usb_hw_params() as is for now.
Fixes: a0a4959eb4e9 ("ALSA: usb-audio: Operate UAC3 Power Domains in PCM callbacks")
Cc: <stable@vger.kernel.org>
Link: https://bugzilla.kernel.org/show_bug.cgi?id=217539
Link: https://lore.kernel.org/r/20230612132818.29486-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/usb/pcm.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/sound/usb/pcm.c
+++ b/sound/usb/pcm.c
@@ -650,6 +650,10 @@ static int snd_usb_pcm_prepare(struct sn
goto unlock;
}
+ ret = snd_usb_pcm_change_state(subs, UAC3_PD_STATE_D0);
+ if (ret < 0)
+ goto unlock;
+
again:
if (subs->sync_endpoint) {
ret = snd_usb_endpoint_prepare(chip, subs->sync_endpoint);
^ permalink raw reply [flat|nested] 200+ messages in thread
* [PATCH 6.3 071/187] ALSA: usb-audio: Add quirk flag for HEM devices to enable native DSD playback
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (69 preceding siblings ...)
2023-06-19 10:28 ` [PATCH 6.3 070/187] ALSA: usb-audio: Fix broken resume due to UAC3 power state Greg Kroah-Hartman
@ 2023-06-19 10:28 ` Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 072/187] s390/ism: Fix trying to free already-freed IRQ by repeated ism_dev_exit() Greg Kroah-Hartman
` (127 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:28 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Lukasz Tyl, Takashi Iwai
From: Lukasz Tyl <ltyl@hem-e.com>
commit 122e2cb7e1a30438cc0e8bf70d4279db245d7d5b upstream.
This commit adds new DEVICE_FLG with QUIRK_FLAG_DSD_RAW and Vendor Id for
HEM devices which supports native DSD. Prior to this change Linux kernel
was not enabling native DSD playback for HEM devices, and as a result,
DSD audio was being converted to PCM "on the fly". HEM devices,
when connected to the system, would only play audio in PCM format,
even if the source material was in DSD format. With the addition of new
VENDOR_FLG in the quircks.c file, the devices are now correctly
recognized, and raw DSD data is transmitted to the device,
allowing for native DSD playback.
Signed-off-by: Lukasz Tyl <ltyl@hem-e.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20230614122524.30271-1-ltyl@hem-e.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/usb/quirks.c | 2 ++
1 file changed, 2 insertions(+)
--- a/sound/usb/quirks.c
+++ b/sound/usb/quirks.c
@@ -2191,6 +2191,8 @@ static const struct usb_audio_quirk_flag
QUIRK_FLAG_DSD_RAW),
VENDOR_FLG(0x2ab6, /* T+A devices */
QUIRK_FLAG_DSD_RAW),
+ VENDOR_FLG(0x3336, /* HEM devices */
+ QUIRK_FLAG_DSD_RAW),
VENDOR_FLG(0x3353, /* Khadas devices */
QUIRK_FLAG_DSD_RAW),
VENDOR_FLG(0x3842, /* EVGA */
^ permalink raw reply [flat|nested] 200+ messages in thread
* [PATCH 6.3 072/187] s390/ism: Fix trying to free already-freed IRQ by repeated ism_dev_exit()
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (70 preceding siblings ...)
2023-06-19 10:28 ` [PATCH 6.3 071/187] ALSA: usb-audio: Add quirk flag for HEM devices to enable native DSD playback Greg Kroah-Hartman
@ 2023-06-19 10:28 ` Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 073/187] dm thin metadata: check fail_io before using data_sm Greg Kroah-Hartman
` (126 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Niklas Schnelle, Julian Ruess,
David S. Miller
From: Julian Ruess <julianr@linux.ibm.com>
commit 78d0f94902afce8ec2c7a60f600cc0e3729d7412 upstream.
This patch prevents the system from crashing when unloading the ISM module.
How to reproduce: Attach an ISM device and execute 'rmmod ism'.
Error-Log:
- Trying to free already-free IRQ 0
- WARNING: CPU: 1 PID: 966 at kernel/irq/manage.c:1890 free_irq+0x140/0x540
After calling ism_dev_exit() for each ISM device in the exit routine,
pci_unregister_driver() will execute ism_remove() for each ISM device.
Because ism_remove() also calls ism_dev_exit(),
free_irq(pci_irq_vector(pdev, 0), ism) is called twice for each ISM
device. This results in a crash with the error
'Trying to free already-free IRQ'.
In the exit routine, it is enough to call pci_unregister_driver()
because it ensures that ism_dev_exit() is called once per
ISM device.
Cc: <stable@vger.kernel.org> # 6.3+
Fixes: 89e7d2ba61b7 ("net/ism: Add new API for client registration")
Reviewed-by: Niklas Schnelle <schnelle@linux.ibm.com>
Signed-off-by: Julian Ruess <julianr@linux.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/s390/net/ism_drv.c | 8 --------
1 file changed, 8 deletions(-)
--- a/drivers/s390/net/ism_drv.c
+++ b/drivers/s390/net/ism_drv.c
@@ -774,14 +774,6 @@ static int __init ism_init(void)
static void __exit ism_exit(void)
{
- struct ism_dev *ism;
-
- mutex_lock(&ism_dev_list.mutex);
- list_for_each_entry(ism, &ism_dev_list.list, list) {
- ism_dev_exit(ism);
- }
- mutex_unlock(&ism_dev_list.mutex);
-
pci_unregister_driver(&ism_driver);
debug_unregister(ism_debug_info);
}
^ permalink raw reply [flat|nested] 200+ messages in thread
* [PATCH 6.3 073/187] dm thin metadata: check fail_io before using data_sm
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (71 preceding siblings ...)
2023-06-19 10:28 ` [PATCH 6.3 072/187] s390/ism: Fix trying to free already-freed IRQ by repeated ism_dev_exit() Greg Kroah-Hartman
@ 2023-06-19 10:28 ` Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 074/187] dm thin: fix issue_discard to pass GFP_NOIO to __blkdev_issue_discard Greg Kroah-Hartman
` (125 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:28 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Li Lingfeng, Mike Snitzer
From: Li Lingfeng <lilingfeng3@huawei.com>
commit cb65b282c9640c27d3129e2e04b711ce1b352838 upstream.
Must check pmd->fail_io before using pmd->data_sm since
pmd->data_sm may be destroyed by other processes.
P1(kworker) P2(message)
do_worker
process_prepared
process_prepared_discard_passdown_pt2
dm_pool_dec_data_range
pool_message
commit
dm_pool_commit_metadata
↓
// commit failed
metadata_operation_failed
abort_transaction
dm_pool_abort_metadata
__open_or_format_metadata
↓
dm_sm_disk_open
↓
// open failed
// pmd->data_sm is NULL
dm_sm_dec_blocks
↓
// try to access pmd->data_sm --> UAF
As shown above, if dm_pool_commit_metadata() and
dm_pool_abort_metadata() fail in pool_message process, kworker may
trigger UAF.
Fixes: be500ed721a6 ("dm space maps: improve performance with inc/dec on ranges of blocks")
Cc: stable@vger.kernel.org
Signed-off-by: Li Lingfeng <lilingfeng3@huawei.com>
Signed-off-by: Mike Snitzer <snitzer@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/dm-thin-metadata.c | 20 ++++++++++++--------
1 file changed, 12 insertions(+), 8 deletions(-)
--- a/drivers/md/dm-thin-metadata.c
+++ b/drivers/md/dm-thin-metadata.c
@@ -1756,13 +1756,15 @@ int dm_thin_remove_range(struct dm_thin_
int dm_pool_block_is_shared(struct dm_pool_metadata *pmd, dm_block_t b, bool *result)
{
- int r;
+ int r = -EINVAL;
uint32_t ref_count;
down_read(&pmd->root_lock);
- r = dm_sm_get_count(pmd->data_sm, b, &ref_count);
- if (!r)
- *result = (ref_count > 1);
+ if (!pmd->fail_io) {
+ r = dm_sm_get_count(pmd->data_sm, b, &ref_count);
+ if (!r)
+ *result = (ref_count > 1);
+ }
up_read(&pmd->root_lock);
return r;
@@ -1770,10 +1772,11 @@ int dm_pool_block_is_shared(struct dm_po
int dm_pool_inc_data_range(struct dm_pool_metadata *pmd, dm_block_t b, dm_block_t e)
{
- int r = 0;
+ int r = -EINVAL;
pmd_write_lock(pmd);
- r = dm_sm_inc_blocks(pmd->data_sm, b, e);
+ if (!pmd->fail_io)
+ r = dm_sm_inc_blocks(pmd->data_sm, b, e);
pmd_write_unlock(pmd);
return r;
@@ -1781,10 +1784,11 @@ int dm_pool_inc_data_range(struct dm_poo
int dm_pool_dec_data_range(struct dm_pool_metadata *pmd, dm_block_t b, dm_block_t e)
{
- int r = 0;
+ int r = -EINVAL;
pmd_write_lock(pmd);
- r = dm_sm_dec_blocks(pmd->data_sm, b, e);
+ if (!pmd->fail_io)
+ r = dm_sm_dec_blocks(pmd->data_sm, b, e);
pmd_write_unlock(pmd);
return r;
^ permalink raw reply [flat|nested] 200+ messages in thread
* [PATCH 6.3 074/187] dm thin: fix issue_discard to pass GFP_NOIO to __blkdev_issue_discard
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (72 preceding siblings ...)
2023-06-19 10:28 ` [PATCH 6.3 073/187] dm thin metadata: check fail_io before using data_sm Greg Kroah-Hartman
@ 2023-06-19 10:28 ` Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 075/187] net: ethernet: stmicro: stmmac: fix possible memory leak in __stmmac_open Greg Kroah-Hartman
` (124 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:28 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Mike Snitzer
From: Mike Snitzer <snitzer@kernel.org>
commit 722d90822321497e2837cfc9000202e256e6b32f upstream.
issue_discard() passes GFP_NOWAIT to __blkdev_issue_discard() despite
its code assuming bio_alloc() always succeeds.
Commit 3dba53a958a75 ("dm thin: use __blkdev_issue_discard for async
discard support") clearly shows where things went bad:
Before commit 3dba53a958a75, dm-thin.c's open-coded
__blkdev_issue_discard_async() properly handled using GFP_NOWAIT.
Unfortunately __blkdev_issue_discard() doesn't and it was missed
during review.
Cc: stable@vger.kernel.org
Signed-off-by: Mike Snitzer <snitzer@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/dm-thin.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--- a/drivers/md/dm-thin.c
+++ b/drivers/md/dm-thin.c
@@ -399,8 +399,7 @@ static int issue_discard(struct discard_
sector_t s = block_to_sectors(tc->pool, data_b);
sector_t len = block_to_sectors(tc->pool, data_e - data_b);
- return __blkdev_issue_discard(tc->pool_dev->bdev, s, len, GFP_NOWAIT,
- &op->bio);
+ return __blkdev_issue_discard(tc->pool_dev->bdev, s, len, GFP_NOIO, &op->bio);
}
static void end_discard(struct discard_op *op, int r)
^ permalink raw reply [flat|nested] 200+ messages in thread
* [PATCH 6.3 075/187] net: ethernet: stmicro: stmmac: fix possible memory leak in __stmmac_open
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (73 preceding siblings ...)
2023-06-19 10:28 ` [PATCH 6.3 074/187] dm thin: fix issue_discard to pass GFP_NOIO to __blkdev_issue_discard Greg Kroah-Hartman
@ 2023-06-19 10:28 ` Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 076/187] nouveau: fix client work fence deletion race Greg Kroah-Hartman
` (123 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jose Abreu, Christian Marangi,
Simon Horman, Jakub Kicinski
From: Christian Marangi <ansuelsmth@gmail.com>
commit 30134b7c47bd28fdb4db4d12aef824e0579cfee4 upstream.
Fix a possible memory leak in __stmmac_open when stmmac_init_phy fails.
It's also needed to free everything allocated by stmmac_setup_dma_desc
and not just the dma_conf struct.
Drop free_dma_desc_resources from __stmmac_open and correctly call
free_dma_desc_resources on each user of __stmmac_open on error.
Reported-by: Jose Abreu <Jose.Abreu@synopsys.com>
Fixes: ba39b344e924 ("net: ethernet: stmicro: stmmac: generate stmmac dma conf before open")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Cc: stable@vger.kernel.org
Reviewed-by: Simon Horman <simon.horman@corigine.com>
Reviewed-by: Jose Abreu <Jose.Abreu@synopsys.com>
Link: https://lore.kernel.org/r/20230614091714.15912-1-ansuelsmth@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
--- a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
+++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
@@ -3867,7 +3867,6 @@ irq_error:
stmmac_hw_teardown(dev);
init_error:
- free_dma_desc_resources(priv, &priv->dma_conf);
phylink_disconnect_phy(priv->phylink);
init_phy_error:
pm_runtime_put(priv->device);
@@ -3885,6 +3884,9 @@ static int stmmac_open(struct net_device
return PTR_ERR(dma_conf);
ret = __stmmac_open(dev, dma_conf);
+ if (ret)
+ free_dma_desc_resources(priv, dma_conf);
+
kfree(dma_conf);
return ret;
}
@@ -5609,12 +5611,15 @@ static int stmmac_change_mtu(struct net_
stmmac_release(dev);
ret = __stmmac_open(dev, dma_conf);
- kfree(dma_conf);
if (ret) {
+ free_dma_desc_resources(priv, dma_conf);
+ kfree(dma_conf);
netdev_err(priv->dev, "failed reopening the interface after MTU change\n");
return ret;
}
+ kfree(dma_conf);
+
stmmac_set_rx_mode(dev);
}
^ permalink raw reply [flat|nested] 200+ messages in thread
* [PATCH 6.3 076/187] nouveau: fix client work fence deletion race
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (74 preceding siblings ...)
2023-06-19 10:28 ` [PATCH 6.3 075/187] net: ethernet: stmicro: stmmac: fix possible memory leak in __stmmac_open Greg Kroah-Hartman
@ 2023-06-19 10:28 ` Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 077/187] mm/gup_test: fix ioctl fail for compat task Greg Kroah-Hartman
` (122 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:28 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Karol Herbst, Dave Airlie
From: Dave Airlie <airlied@redhat.com>
commit c8a5d5ea3ba6a18958f8d76430e4cd68eea33943 upstream.
This seems to have existed for ever but is now more apparant after
commit 9bff18d13473 ("drm/ttm: use per BO cleanup workers")
My analysis: two threads are running, one in the irq signalling the
fence, in dma_fence_signal_timestamp_locked, it has done the
DMA_FENCE_FLAG_SIGNALLED_BIT setting, but hasn't yet reached the
callbacks.
The second thread in nouveau_cli_work_ready, where it sees the fence is
signalled, so then puts the fence, cleanups the object and frees the
work item, which contains the callback.
Thread one goes again and tries to call the callback and causes the
use-after-free.
Proposed fix: lock the fence signalled check in nouveau_cli_work_ready,
so either the callbacks are done or the memory is freed.
Reviewed-by: Karol Herbst <kherbst@redhat.com>
Fixes: 11e451e74050 ("drm/nouveau: remove fence wait code from deferred client work handler")
Cc: stable@vger.kernel.org
Signed-off-by: Dave Airlie <airlied@redhat.com>
Link: https://lore.kernel.org/dri-devel/20230615024008.1600281-1-airlied@gmail.com/
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/nouveau/nouveau_drm.c | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
--- a/drivers/gpu/drm/nouveau/nouveau_drm.c
+++ b/drivers/gpu/drm/nouveau/nouveau_drm.c
@@ -137,10 +137,16 @@ nouveau_name(struct drm_device *dev)
static inline bool
nouveau_cli_work_ready(struct dma_fence *fence)
{
- if (!dma_fence_is_signaled(fence))
- return false;
- dma_fence_put(fence);
- return true;
+ bool ret = true;
+
+ spin_lock_irq(fence->lock);
+ if (!dma_fence_is_signaled_locked(fence))
+ ret = false;
+ spin_unlock_irq(fence->lock);
+
+ if (ret == true)
+ dma_fence_put(fence);
+ return ret;
}
static void
^ permalink raw reply [flat|nested] 200+ messages in thread
* [PATCH 6.3 077/187] mm/gup_test: fix ioctl fail for compat task
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (75 preceding siblings ...)
2023-06-19 10:28 ` [PATCH 6.3 076/187] nouveau: fix client work fence deletion race Greg Kroah-Hartman
@ 2023-06-19 10:28 ` Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 078/187] RDMA/uverbs: Restrict usage of privileged QKEYs Greg Kroah-Hartman
` (121 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Haibo Li, David Hildenbrand,
AngeloGioacchino Del Regno, Matthias Brugger, John Hubbard,
Andrew Morton
From: Haibo Li <haibo.li@mediatek.com>
commit 4f572f0074b8be8a70bd150d96a749aa94c8d85f upstream.
When tools/testing/selftests/mm/gup_test.c is compiled as 32bit, then run
on arm64 kernel, it reports "ioctl: Inappropriate ioctl for device".
Fix it by filling compat_ioctl in gup_test_fops
Link: https://lkml.kernel.org/r/20230526022125.175728-1-haibo.li@mediatek.com
Signed-off-by: Haibo Li <haibo.li@mediatek.com>
Acked-by: David Hildenbrand <david@redhat.com>
Cc: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Cc: Matthias Brugger <matthias.bgg@gmail.com>
Cc: John Hubbard <jhubbard@nvidia.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/gup_test.c | 1 +
1 file changed, 1 insertion(+)
--- a/mm/gup_test.c
+++ b/mm/gup_test.c
@@ -381,6 +381,7 @@ static int gup_test_release(struct inode
static const struct file_operations gup_test_fops = {
.open = nonseekable_open,
.unlocked_ioctl = gup_test_ioctl,
+ .compat_ioctl = compat_ptr_ioctl,
.release = gup_test_release,
};
^ permalink raw reply [flat|nested] 200+ messages in thread
* [PATCH 6.3 078/187] RDMA/uverbs: Restrict usage of privileged QKEYs
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (76 preceding siblings ...)
2023-06-19 10:28 ` [PATCH 6.3 077/187] mm/gup_test: fix ioctl fail for compat task Greg Kroah-Hartman
@ 2023-06-19 10:28 ` Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 079/187] drm/amdgpu: vcn_4_0 set instance 0 init sched score to 1 Greg Kroah-Hartman
` (120 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:28 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Edward Srouji, Leon Romanovsky
From: Edward Srouji <edwards@nvidia.com>
commit 0cadb4db79e1d9eea66711c4031e435c2191907e upstream.
According to the IB specification rel-1.6, section 3.5.3:
"QKEYs with the most significant bit set are considered controlled
QKEYs, and a HCA does not allow a consumer to arbitrarily specify a
controlled QKEY."
Thus, block non-privileged users from setting such a QKEY.
Cc: stable@vger.kernel.org
Fixes: bc38a6abdd5a ("[PATCH] IB uverbs: core implementation")
Signed-off-by: Edward Srouji <edwards@nvidia.com>
Link: https://lore.kernel.org/r/c00c809ddafaaf87d6f6cb827978670989a511b3.1685960567.git.leon@kernel.org
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/core/uverbs_cmd.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
--- a/drivers/infiniband/core/uverbs_cmd.c
+++ b/drivers/infiniband/core/uverbs_cmd.c
@@ -1850,8 +1850,13 @@ static int modify_qp(struct uverbs_attr_
attr->path_mtu = cmd->base.path_mtu;
if (cmd->base.attr_mask & IB_QP_PATH_MIG_STATE)
attr->path_mig_state = cmd->base.path_mig_state;
- if (cmd->base.attr_mask & IB_QP_QKEY)
+ if (cmd->base.attr_mask & IB_QP_QKEY) {
+ if (cmd->base.qkey & IB_QP_SET_QKEY && !capable(CAP_NET_RAW)) {
+ ret = -EPERM;
+ goto release_qp;
+ }
attr->qkey = cmd->base.qkey;
+ }
if (cmd->base.attr_mask & IB_QP_RQ_PSN)
attr->rq_psn = cmd->base.rq_psn;
if (cmd->base.attr_mask & IB_QP_SQ_PSN)
^ permalink raw reply [flat|nested] 200+ messages in thread
* [PATCH 6.3 079/187] drm/amdgpu: vcn_4_0 set instance 0 init sched score to 1
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (77 preceding siblings ...)
2023-06-19 10:28 ` [PATCH 6.3 078/187] RDMA/uverbs: Restrict usage of privileged QKEYs Greg Kroah-Hartman
@ 2023-06-19 10:28 ` Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 080/187] net: usb: qmi_wwan: add support for Compal RXM-G1 Greg Kroah-Hartman
` (119 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:28 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Sonny Jiang, Leo Liu, Alex Deucher
From: Sonny Jiang <sonjiang@amd.com>
commit 9db5ec1ceb5303398ec4f899d691073d531257c3 upstream.
Only vcn0 can process AV1 codecx. In order to use both vcn0 and
vcn1 in h264/265 transcode to AV1 cases, set vcn0 sched score to 1
at initialization time.
Signed-off-by: Sonny Jiang <sonjiang@amd.com>
Reviewed-by: Leo Liu <leo.liu@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org # 6.1.x
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/amdgpu/vcn_v4_0.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
--- a/drivers/gpu/drm/amd/amdgpu/vcn_v4_0.c
+++ b/drivers/gpu/drm/amd/amdgpu/vcn_v4_0.c
@@ -129,7 +129,11 @@ static int vcn_v4_0_sw_init(void *handle
if (adev->vcn.harvest_config & (1 << i))
continue;
- atomic_set(&adev->vcn.inst[i].sched_score, 0);
+ /* Init instance 0 sched_score to 1, so it's scheduled after other instances */
+ if (i == 0)
+ atomic_set(&adev->vcn.inst[i].sched_score, 1);
+ else
+ atomic_set(&adev->vcn.inst[i].sched_score, 0);
/* VCN UNIFIED TRAP */
r = amdgpu_irq_add_id(adev, amdgpu_ih_clientid_vcns[i],
^ permalink raw reply [flat|nested] 200+ messages in thread
* [PATCH 6.3 080/187] net: usb: qmi_wwan: add support for Compal RXM-G1
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (78 preceding siblings ...)
2023-06-19 10:28 ` [PATCH 6.3 079/187] drm/amdgpu: vcn_4_0 set instance 0 init sched score to 1 Greg Kroah-Hartman
@ 2023-06-19 10:28 ` Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 081/187] drm/amd/display: limit DPIA link rate to HBR3 Greg Kroah-Hartman
` (118 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Wes Huang, Bjørn Mork,
Jakub Kicinski
From: Wes Huang <wes.huang@moxa.com>
commit 863199199713908afaa47ba09332b87621c12496 upstream.
Add support for Compal RXM-G1 which is based on Qualcomm SDX55 chip.
This patch adds support for two compositions:
0x9091: DIAG + MODEM + QMI_RMNET + ADB
0x90db: DIAG + DUN + RMNET + DPL + QDSS(Trace) + ADB
T: Bus=03 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 2 Spd=5000 MxCh= 0
D: Ver= 3.20 Cls=00(>ifc ) Sub=00 Prot=00 MxPS= 9 #Cfgs= 1
P: Vendor=05c6 ProdID=9091 Rev= 4.14
S: Manufacturer=QCOM
S: Product=SDXPRAIRIE-MTP _SN:719AB680
S: SerialNumber=719ab680
C:* #Ifs= 4 Cfg#= 1 Atr=80 MxPwr=896mA
I:* If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=30 Driver=(none)
E: Ad=81(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms
E: Ad=01(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms
I:* If#= 1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=(none)
E: Ad=83(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
E: Ad=82(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms
E: Ad=02(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms
I:* If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=qmi_wwan
E: Ad=84(I) Atr=03(Int.) MxPS= 8 Ivl=32ms
E: Ad=8e(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms
E: Ad=0f(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms
I:* If#= 3 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=42 Prot=01 Driver=(none)
E: Ad=03(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms
E: Ad=85(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms
T: Bus=03 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 2 Spd=5000 MxCh= 0
D: Ver= 3.20 Cls=00(>ifc ) Sub=00 Prot=00 MxPS= 9 #Cfgs= 1
P: Vendor=05c6 ProdID=90db Rev= 4.14
S: Manufacturer=QCOM
S: Product=SDXPRAIRIE-MTP _SN:719AB680
S: SerialNumber=719ab680
C:* #Ifs= 6 Cfg#= 1 Atr=80 MxPwr=896mA
I:* If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=30 Driver=(none)
E: Ad=81(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms
E: Ad=01(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms
I:* If#= 1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=(none)
E: Ad=83(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
E: Ad=82(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms
E: Ad=02(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms
I:* If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=qmi_wwan
E: Ad=84(I) Atr=03(Int.) MxPS= 8 Ivl=32ms
E: Ad=8e(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms
E: Ad=0f(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms
I:* If#= 3 Alt= 0 #EPs= 1 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none)
E: Ad=8f(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms
I:* If#= 4 Alt= 0 #EPs= 1 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none)
E: Ad=85(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms
I:* If#= 5 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=42 Prot=01 Driver=(none)
E: Ad=03(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms
E: Ad=86(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms
Cc: stable@vger.kernel.org
Signed-off-by: Wes Huang <wes.huang@moxa.com>
Acked-by: Bjørn Mork <bjorn@mork.no>
Link: https://lore.kernel.org/r/20230608030141.3546-1-wes.huang@moxa.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/usb/qmi_wwan.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/net/usb/qmi_wwan.c
+++ b/drivers/net/usb/qmi_wwan.c
@@ -1220,7 +1220,9 @@ static const struct usb_device_id produc
{QMI_FIXED_INTF(0x05c6, 0x9080, 8)},
{QMI_FIXED_INTF(0x05c6, 0x9083, 3)},
{QMI_FIXED_INTF(0x05c6, 0x9084, 4)},
+ {QMI_QUIRK_SET_DTR(0x05c6, 0x9091, 2)}, /* Compal RXM-G1 */
{QMI_FIXED_INTF(0x05c6, 0x90b2, 3)}, /* ublox R410M */
+ {QMI_QUIRK_SET_DTR(0x05c6, 0x90db, 2)}, /* Compal RXM-G1 */
{QMI_FIXED_INTF(0x05c6, 0x920d, 0)},
{QMI_FIXED_INTF(0x05c6, 0x920d, 5)},
{QMI_QUIRK_SET_DTR(0x05c6, 0x9625, 4)}, /* YUGA CLM920-NC5 */
^ permalink raw reply [flat|nested] 200+ messages in thread
* [PATCH 6.3 081/187] drm/amd/display: limit DPIA link rate to HBR3
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (79 preceding siblings ...)
2023-06-19 10:28 ` [PATCH 6.3 080/187] net: usb: qmi_wwan: add support for Compal RXM-G1 Greg Kroah-Hartman
@ 2023-06-19 10:28 ` Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 082/187] drm/amd/display: edp do not add non-edid timings Greg Kroah-Hartman
` (117 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mario Limonciello, Alex Deucher,
Stylon Wang, Peichen Huang, Mustapha Ghaddar, Daniel Wheeler
From: Peichen Huang <peichen.huang@amd.com>
commit 7c5835bcb9176df94683396f1c0e5df6bf5094b3 upstream.
[Why]
DPIA doesn't support UHBR, driver should not enable UHBR
for dp tunneling
[How]
limit DPIA link rate to HBR3
Cc: Mario Limonciello <mario.limonciello@amd.com>
Cc: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Acked-by: Stylon Wang <stylon.wang@amd.com>
Signed-off-by: Peichen Huang <peichen.huang@amd.com>
Reviewed-by: Mustapha Ghaddar <Mustapha.Ghaddar@amd.com>
Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/display/dc/link/link_detection.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/drivers/gpu/drm/amd/display/dc/link/link_detection.c
+++ b/drivers/gpu/drm/amd/display/dc/link/link_detection.c
@@ -980,6 +980,11 @@ static bool detect_link_and_local_sink(s
(link->dpcd_caps.dongle_type !=
DISPLAY_DONGLE_DP_HDMI_CONVERTER))
converter_disable_audio = true;
+
+ /* limited link rate to HBR3 for DPIA until we implement USB4 V2 */
+ if (link->ep_type == DISPLAY_ENDPOINT_USB4_DPIA &&
+ link->reported_link_cap.link_rate > LINK_RATE_HIGH3)
+ link->reported_link_cap.link_rate = LINK_RATE_HIGH3;
break;
}
^ permalink raw reply [flat|nested] 200+ messages in thread
* [PATCH 6.3 082/187] drm/amd/display: edp do not add non-edid timings
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (80 preceding siblings ...)
2023-06-19 10:28 ` [PATCH 6.3 081/187] drm/amd/display: limit DPIA link rate to HBR3 Greg Kroah-Hartman
@ 2023-06-19 10:28 ` Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 083/187] drm/amd: Make sure image is written to trigger VBIOS image update flow Greg Kroah-Hartman
` (116 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mario Limonciello, Alex Deucher,
Stylon Wang, Hersen Wu, Roman Li, Daniel Wheeler
From: Hersen Wu <hersenxs.wu@amd.com>
commit e749dd10e5f292061ad63d2b030194bf7d7d452c upstream.
[Why] most edp support only timings from edid. applying
non-edid timings, especially those timings out of edp
bandwidth, may damage edp.
[How] do not add non-edid timings for edp.
Cc: Mario Limonciello <mario.limonciello@amd.com>
Cc: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Acked-by: Stylon Wang <stylon.wang@amd.com>
Signed-off-by: Hersen Wu <hersenxs.wu@amd.com>
Reviewed-by: Roman Li <roman.li@amd.com>
Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
+++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
@@ -7170,7 +7170,13 @@ static int amdgpu_dm_connector_get_modes
drm_add_modes_noedid(connector, 640, 480);
} else {
amdgpu_dm_connector_ddc_get_modes(connector, edid);
- amdgpu_dm_connector_add_common_modes(encoder, connector);
+ /* most eDP supports only timings from its edid,
+ * usually only detailed timings are available
+ * from eDP edid. timings which are not from edid
+ * may damage eDP
+ */
+ if (connector->connector_type != DRM_MODE_CONNECTOR_eDP)
+ amdgpu_dm_connector_add_common_modes(encoder, connector);
amdgpu_dm_connector_add_freesync_modes(connector, edid);
}
amdgpu_dm_fbc_init(connector);
^ permalink raw reply [flat|nested] 200+ messages in thread
* [PATCH 6.3 083/187] drm/amd: Make sure image is written to trigger VBIOS image update flow
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (81 preceding siblings ...)
2023-06-19 10:28 ` [PATCH 6.3 082/187] drm/amd/display: edp do not add non-edid timings Greg Kroah-Hartman
@ 2023-06-19 10:28 ` Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 084/187] drm/amd: Tighten permissions on VBIOS flashing attributes Greg Kroah-Hartman
` (115 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:28 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Alex Deucher, Mario Limonciello
From: Mario Limonciello <mario.limonciello@amd.com>
commit 3eb1a3a04056ba3df3205e169b8acc9da0c65a94 upstream.
The VBIOS image update flow requires userspace to:
1) Write the image to `psp_vbflash`
2) Read `psp_vbflash`
3) Poll `psp_vbflash_status` to check for completion
If userspace reads `psp_vbflash` before writing an image, it's
possible that it causes problems that can put the dGPU into an invalid
state.
Explicitly check that an image has been written before letting a read
succeed.
Cc: stable@vger.kernel.org
Fixes: 8424f2ccb3c0 ("drm/amdgpu/psp: Add vbflash sysfs interface support")
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c
@@ -3538,6 +3538,9 @@ static ssize_t amdgpu_psp_vbflash_read(s
void *fw_pri_cpu_addr;
int ret;
+ if (adev->psp.vbflash_image_size == 0)
+ return -EINVAL;
+
dev_info(adev->dev, "VBIOS flash to PSP started");
ret = amdgpu_bo_create_kernel(adev, adev->psp.vbflash_image_size,
^ permalink raw reply [flat|nested] 200+ messages in thread
* [PATCH 6.3 084/187] drm/amd: Tighten permissions on VBIOS flashing attributes
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (82 preceding siblings ...)
2023-06-19 10:28 ` [PATCH 6.3 083/187] drm/amd: Make sure image is written to trigger VBIOS image update flow Greg Kroah-Hartman
@ 2023-06-19 10:28 ` Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 085/187] drm/amd/pm: workaround for compute workload type on some skus Greg Kroah-Hartman
` (114 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:28 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Alex Deucher, Mario Limonciello
From: Mario Limonciello <mario.limonciello@amd.com>
commit 7ab1a4913d0051cf5196ef7987b5fa42c25e13b6 upstream.
Non-root users shouldn't be able to try to trigger a VBIOS flash
or query the flashing status. This should be reserved for users with the
appropriate permissions.
Cc: stable@vger.kernel.org
Fixes: 8424f2ccb3c0 ("drm/amdgpu/psp: Add vbflash sysfs interface support")
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c
@@ -3592,13 +3592,13 @@ static ssize_t amdgpu_psp_vbflash_status
}
static const struct bin_attribute psp_vbflash_bin_attr = {
- .attr = {.name = "psp_vbflash", .mode = 0664},
+ .attr = {.name = "psp_vbflash", .mode = 0660},
.size = 0,
.write = amdgpu_psp_vbflash_write,
.read = amdgpu_psp_vbflash_read,
};
-static DEVICE_ATTR(psp_vbflash_status, 0444, amdgpu_psp_vbflash_status, NULL);
+static DEVICE_ATTR(psp_vbflash_status, 0440, amdgpu_psp_vbflash_status, NULL);
int amdgpu_psp_sysfs_init(struct amdgpu_device *adev)
{
^ permalink raw reply [flat|nested] 200+ messages in thread
* [PATCH 6.3 085/187] drm/amd/pm: workaround for compute workload type on some skus
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (83 preceding siblings ...)
2023-06-19 10:28 ` [PATCH 6.3 084/187] drm/amd: Tighten permissions on VBIOS flashing attributes Greg Kroah-Hartman
@ 2023-06-19 10:28 ` Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 086/187] drm/amdgpu: add missing radeon secondary PCI ID Greg Kroah-Hartman
` (113 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Kenneth Feng, Lijo Lazar, Feifei Xu,
Alex Deucher
From: Kenneth Feng <kenneth.feng@amd.com>
commit 7ca302d488f80cf4529620acc1c545f9022d8bb8 upstream.
On smu 13.0.0, the compute workload type cannot be set on all the skus
due to some other problems. This workaround is to make sure compute workload type
can also run on some specific skus.
v2: keep the variable consistent
Signed-off-by: Kenneth Feng <kenneth.feng@amd.com>
Acked-by: Lijo Lazar <lijo.lazar@amd.com>
Reviewed-by: Feifei Xu <Feifei.Xu@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org # 6.1.x
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c | 33 +++++++++++++++++--
1 file changed, 31 insertions(+), 2 deletions(-)
--- a/drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c
+++ b/drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c
@@ -1694,10 +1694,39 @@ static int smu_v13_0_0_set_power_profile
}
}
- /* conv PP_SMC_POWER_PROFILE* to WORKLOAD_PPLIB_*_BIT */
- workload_type = smu_cmn_to_asic_specific_index(smu,
+ if (smu->power_profile_mode == PP_SMC_POWER_PROFILE_COMPUTE &&
+ (((smu->adev->pdev->device == 0x744C) && (smu->adev->pdev->revision == 0xC8)) ||
+ ((smu->adev->pdev->device == 0x744C) && (smu->adev->pdev->revision == 0xCC)))) {
+ ret = smu_cmn_update_table(smu,
+ SMU_TABLE_ACTIVITY_MONITOR_COEFF,
+ WORKLOAD_PPLIB_COMPUTE_BIT,
+ (void *)(&activity_monitor_external),
+ false);
+ if (ret) {
+ dev_err(smu->adev->dev, "[%s] Failed to get activity monitor!", __func__);
+ return ret;
+ }
+
+ ret = smu_cmn_update_table(smu,
+ SMU_TABLE_ACTIVITY_MONITOR_COEFF,
+ WORKLOAD_PPLIB_CUSTOM_BIT,
+ (void *)(&activity_monitor_external),
+ true);
+ if (ret) {
+ dev_err(smu->adev->dev, "[%s] Failed to set activity monitor!", __func__);
+ return ret;
+ }
+
+ workload_type = smu_cmn_to_asic_specific_index(smu,
+ CMN2ASIC_MAPPING_WORKLOAD,
+ PP_SMC_POWER_PROFILE_CUSTOM);
+ } else {
+ /* conv PP_SMC_POWER_PROFILE* to WORKLOAD_PPLIB_*_BIT */
+ workload_type = smu_cmn_to_asic_specific_index(smu,
CMN2ASIC_MAPPING_WORKLOAD,
smu->power_profile_mode);
+ }
+
if (workload_type < 0)
return -EINVAL;
^ permalink raw reply [flat|nested] 200+ messages in thread
* [PATCH 6.3 086/187] drm/amdgpu: add missing radeon secondary PCI ID
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (84 preceding siblings ...)
2023-06-19 10:28 ` [PATCH 6.3 085/187] drm/amd/pm: workaround for compute workload type on some skus Greg Kroah-Hartman
@ 2023-06-19 10:28 ` Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 087/187] drm/amdgpu: Reset CP_VMID_PREEMPT after trailing fence signaled Greg Kroah-Hartman
` (112 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, michel, Michel Dänzer,
Alex Deucher
From: Alex Deucher <alexander.deucher@amd.com>
commit e61f67749b351c19455ce3085af2ae9af80023bc upstream.
0x5b70 is a missing RV370 secondary id. Add it so
we don't try and probe it with amdgpu.
Cc: michel@daenzer.net
Reviewed-by: Michel Dänzer <mdaenzer@redhat.com>
Tested-by: Michel Dänzer <mdaenzer@redhat.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c
@@ -1623,6 +1623,7 @@ static const u16 amdgpu_unsupported_pcii
0x5874,
0x5940,
0x5941,
+ 0x5b70,
0x5b72,
0x5b73,
0x5b74,
^ permalink raw reply [flat|nested] 200+ messages in thread
* [PATCH 6.3 087/187] drm/amdgpu: Reset CP_VMID_PREEMPT after trailing fence signaled
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (85 preceding siblings ...)
2023-06-19 10:28 ` [PATCH 6.3 086/187] drm/amdgpu: add missing radeon secondary PCI ID Greg Kroah-Hartman
@ 2023-06-19 10:28 ` Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 088/187] drm/amdgpu: Program gds backup address as zero if no gds allocated Greg Kroah-Hartman
` (111 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:28 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Jiadong Zhu, Alex Deucher
From: Jiadong Zhu <Jiadong.Zhu@amd.com>
commit 1dbcf770cc2d15baf8a1e8174d6fd014a68b45ca upstream.
When MEC executes unmap_queue for mid command buffer preemption, it will
kick the write pointer of the gfx ring, set CP_VMID_PREEMPT to trigger the
preemption and wait for CP_VMID_PREEMPT becomes zero after the preemption
done. There is a race condition that PFP may excute the resetting command
before MEC set CP_VMID_PREEMPT. As a result, hang happens as
CP_VMID_PREEMPT is always 0xffff.
To avoid this, we send resetting CP_VMID_PREEMPT command after the trailing
fence is siganled and update gfx write pointer explicitly.
Signed-off-by: Jiadong Zhu <Jiadong.Zhu@amd.com>
Acked-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org # 6.3.x
Link: https://gitlab.freedesktop.org/drm/amd/-/issues/2535
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c
+++ b/drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c
@@ -5366,10 +5366,6 @@ static int gfx_v9_0_ring_preempt_ib(stru
amdgpu_ring_alloc(ring, 13);
gfx_v9_0_ring_emit_fence(ring, ring->trail_fence_gpu_addr,
ring->trail_seq, AMDGPU_FENCE_FLAG_EXEC | AMDGPU_FENCE_FLAG_INT);
- /*reset the CP_VMID_PREEMPT after trailing fence*/
- amdgpu_ring_emit_wreg(ring,
- SOC15_REG_OFFSET(GC, 0, mmCP_VMID_PREEMPT),
- 0x0);
/* assert IB preemption, emit the trailing fence */
kiq->pmf->kiq_unmap_queues(kiq_ring, ring, PREEMPT_QUEUES_NO_UNMAP,
@@ -5392,6 +5388,10 @@ static int gfx_v9_0_ring_preempt_ib(stru
DRM_WARN("ring %d timeout to preempt ib\n", ring->idx);
}
+ /*reset the CP_VMID_PREEMPT after trailing fence*/
+ amdgpu_ring_emit_wreg(ring,
+ SOC15_REG_OFFSET(GC, 0, mmCP_VMID_PREEMPT),
+ 0x0);
amdgpu_ring_commit(ring);
/* deassert preemption condition */
^ permalink raw reply [flat|nested] 200+ messages in thread
* [PATCH 6.3 088/187] drm/amdgpu: Program gds backup address as zero if no gds allocated
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (86 preceding siblings ...)
2023-06-19 10:28 ` [PATCH 6.3 087/187] drm/amdgpu: Reset CP_VMID_PREEMPT after trailing fence signaled Greg Kroah-Hartman
@ 2023-06-19 10:28 ` Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 089/187] drm/amdgpu: Implement gfx9 patch functions for resubmission Greg Kroah-Hartman
` (110 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:28 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Jiadong Zhu, Alex Deucher
From: Jiadong Zhu <Jiadong.Zhu@amd.com>
commit 94034b306ddde4a4a9c1a597ae7f61f04b710dc7 upstream.
It is firmware requirement to set gds_backup_addrlo and gds_backup_addrhi
of DE meta both zero if no gds partition is allocated for the frame.
Signed-off-by: Jiadong Zhu <Jiadong.Zhu@amd.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org # 6.3.x
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
--- a/drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c
+++ b/drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c
@@ -755,7 +755,7 @@ static void gfx_v9_0_set_rlc_funcs(struc
static int gfx_v9_0_get_cu_info(struct amdgpu_device *adev,
struct amdgpu_cu_info *cu_info);
static uint64_t gfx_v9_0_get_gpu_clock_counter(struct amdgpu_device *adev);
-static void gfx_v9_0_ring_emit_de_meta(struct amdgpu_ring *ring, bool resume);
+static void gfx_v9_0_ring_emit_de_meta(struct amdgpu_ring *ring, bool resume, bool usegds);
static u64 gfx_v9_0_ring_get_rptr_compute(struct amdgpu_ring *ring);
static void gfx_v9_0_query_ras_error_count(struct amdgpu_device *adev,
void *ras_error_status);
@@ -5124,7 +5124,8 @@ static void gfx_v9_0_ring_emit_ib_gfx(st
gfx_v9_0_ring_emit_de_meta(ring,
(!amdgpu_sriov_vf(ring->adev) &&
flags & AMDGPU_IB_PREEMPTED) ?
- true : false);
+ true : false,
+ job->gds_size > 0 && job->gds_base != 0);
}
amdgpu_ring_write(ring, header);
@@ -5399,7 +5400,7 @@ static int gfx_v9_0_ring_preempt_ib(stru
return r;
}
-static void gfx_v9_0_ring_emit_de_meta(struct amdgpu_ring *ring, bool resume)
+static void gfx_v9_0_ring_emit_de_meta(struct amdgpu_ring *ring, bool resume, bool usegds)
{
struct amdgpu_device *adev = ring->adev;
struct v9_de_ib_state de_payload = {0};
@@ -5430,8 +5431,10 @@ static void gfx_v9_0_ring_emit_de_meta(s
PAGE_SIZE);
}
- de_payload.gds_backup_addrlo = lower_32_bits(gds_addr);
- de_payload.gds_backup_addrhi = upper_32_bits(gds_addr);
+ if (usegds) {
+ de_payload.gds_backup_addrlo = lower_32_bits(gds_addr);
+ de_payload.gds_backup_addrhi = upper_32_bits(gds_addr);
+ }
cnt = (sizeof(de_payload) >> 2) + 4 - 2;
amdgpu_ring_write(ring, PACKET3(PACKET3_WRITE_DATA, cnt));
^ permalink raw reply [flat|nested] 200+ messages in thread
* [PATCH 6.3 089/187] drm/amdgpu: Implement gfx9 patch functions for resubmission
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (87 preceding siblings ...)
2023-06-19 10:28 ` [PATCH 6.3 088/187] drm/amdgpu: Program gds backup address as zero if no gds allocated Greg Kroah-Hartman
@ 2023-06-19 10:28 ` Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 090/187] drm/amdgpu: Modify indirect buffer packages " Greg Kroah-Hartman
` (109 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:28 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Jiadong Zhu, Alex Deucher
From: Jiadong Zhu <Jiadong.Zhu@amd.com>
commit 5b711e7f9c73e5ff44d6ac865711d9a05c2a0360 upstream.
Patch the packages including CONTEXT_CONTROL and WRITE_DATA for gfx9
during the resubmission scenario.
Signed-off-by: Jiadong Zhu <Jiadong.Zhu@amd.com>
Acked-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org # 6.3.x
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 80 ++++++++++++++++++++++++++++++++++
1 file changed, 80 insertions(+)
--- a/drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c
+++ b/drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c
@@ -5136,9 +5136,83 @@ static void gfx_v9_0_ring_emit_ib_gfx(st
#endif
lower_32_bits(ib->gpu_addr));
amdgpu_ring_write(ring, upper_32_bits(ib->gpu_addr));
+ amdgpu_ring_ib_on_emit_cntl(ring);
amdgpu_ring_write(ring, control);
}
+static void gfx_v9_0_ring_patch_cntl(struct amdgpu_ring *ring,
+ unsigned offset)
+{
+ u32 control = ring->ring[offset];
+
+ control |= INDIRECT_BUFFER_PRE_RESUME(1);
+ ring->ring[offset] = control;
+}
+
+static void gfx_v9_0_ring_patch_ce_meta(struct amdgpu_ring *ring,
+ unsigned offset)
+{
+ struct amdgpu_device *adev = ring->adev;
+ void *ce_payload_cpu_addr;
+ uint64_t payload_offset, payload_size;
+
+ payload_size = sizeof(struct v9_ce_ib_state);
+
+ if (ring->is_mes_queue) {
+ payload_offset = offsetof(struct amdgpu_mes_ctx_meta_data,
+ gfx[0].gfx_meta_data) +
+ offsetof(struct v9_gfx_meta_data, ce_payload);
+ ce_payload_cpu_addr =
+ amdgpu_mes_ctx_get_offs_cpu_addr(ring, payload_offset);
+ } else {
+ payload_offset = offsetof(struct v9_gfx_meta_data, ce_payload);
+ ce_payload_cpu_addr = adev->virt.csa_cpu_addr + payload_offset;
+ }
+
+ if (offset + (payload_size >> 2) <= ring->buf_mask + 1) {
+ memcpy((void *)&ring->ring[offset], ce_payload_cpu_addr, payload_size);
+ } else {
+ memcpy((void *)&ring->ring[offset], ce_payload_cpu_addr,
+ (ring->buf_mask + 1 - offset) << 2);
+ payload_size -= (ring->buf_mask + 1 - offset) << 2;
+ memcpy((void *)&ring->ring[0],
+ ce_payload_cpu_addr + ((ring->buf_mask + 1 - offset) << 2),
+ payload_size);
+ }
+}
+
+static void gfx_v9_0_ring_patch_de_meta(struct amdgpu_ring *ring,
+ unsigned offset)
+{
+ struct amdgpu_device *adev = ring->adev;
+ void *de_payload_cpu_addr;
+ uint64_t payload_offset, payload_size;
+
+ payload_size = sizeof(struct v9_de_ib_state);
+
+ if (ring->is_mes_queue) {
+ payload_offset = offsetof(struct amdgpu_mes_ctx_meta_data,
+ gfx[0].gfx_meta_data) +
+ offsetof(struct v9_gfx_meta_data, de_payload);
+ de_payload_cpu_addr =
+ amdgpu_mes_ctx_get_offs_cpu_addr(ring, payload_offset);
+ } else {
+ payload_offset = offsetof(struct v9_gfx_meta_data, de_payload);
+ de_payload_cpu_addr = adev->virt.csa_cpu_addr + payload_offset;
+ }
+
+ if (offset + (payload_size >> 2) <= ring->buf_mask + 1) {
+ memcpy((void *)&ring->ring[offset], de_payload_cpu_addr, payload_size);
+ } else {
+ memcpy((void *)&ring->ring[offset], de_payload_cpu_addr,
+ (ring->buf_mask + 1 - offset) << 2);
+ payload_size -= (ring->buf_mask + 1 - offset) << 2;
+ memcpy((void *)&ring->ring[0],
+ de_payload_cpu_addr + ((ring->buf_mask + 1 - offset) << 2),
+ payload_size);
+ }
+}
+
static void gfx_v9_0_ring_emit_ib_compute(struct amdgpu_ring *ring,
struct amdgpu_job *job,
struct amdgpu_ib *ib,
@@ -5334,6 +5408,8 @@ static void gfx_v9_0_ring_emit_ce_meta(s
amdgpu_ring_write(ring, lower_32_bits(ce_payload_gpu_addr));
amdgpu_ring_write(ring, upper_32_bits(ce_payload_gpu_addr));
+ amdgpu_ring_ib_on_emit_ce(ring);
+
if (resume)
amdgpu_ring_write_multiple(ring, ce_payload_cpu_addr,
sizeof(ce_payload) >> 2);
@@ -5445,6 +5521,7 @@ static void gfx_v9_0_ring_emit_de_meta(s
amdgpu_ring_write(ring, lower_32_bits(de_payload_gpu_addr));
amdgpu_ring_write(ring, upper_32_bits(de_payload_gpu_addr));
+ amdgpu_ring_ib_on_emit_de(ring);
if (resume)
amdgpu_ring_write_multiple(ring, de_payload_cpu_addr,
sizeof(de_payload) >> 2);
@@ -6857,6 +6934,9 @@ static const struct amdgpu_ring_funcs gf
.emit_reg_write_reg_wait = gfx_v9_0_ring_emit_reg_write_reg_wait,
.soft_recovery = gfx_v9_0_ring_soft_recovery,
.emit_mem_sync = gfx_v9_0_emit_mem_sync,
+ .patch_cntl = gfx_v9_0_ring_patch_cntl,
+ .patch_de = gfx_v9_0_ring_patch_de_meta,
+ .patch_ce = gfx_v9_0_ring_patch_ce_meta,
};
static const struct amdgpu_ring_funcs gfx_v9_0_ring_funcs_compute = {
^ permalink raw reply [flat|nested] 200+ messages in thread
* [PATCH 6.3 090/187] drm/amdgpu: Modify indirect buffer packages for resubmission
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (88 preceding siblings ...)
2023-06-19 10:28 ` [PATCH 6.3 089/187] drm/amdgpu: Implement gfx9 patch functions for resubmission Greg Kroah-Hartman
@ 2023-06-19 10:28 ` Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 091/187] ALSA: hda/realtek: Add a quirk for Compaq N14JP6 Greg Kroah-Hartman
` (108 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:28 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Jiadong Zhu, Alex Deucher
From: Jiadong Zhu <Jiadong.Zhu@amd.com>
commit 87af86ae89963c227a3beb4d914f3dc7959a690e upstream.
When the preempted IB frame resubmitted to cp, we need to modify the frame
data including:
1. set PRE_RESUME 1 in CONTEXT_CONTROL.
2. use meta data(DE and CE) read from CSA in WRITE_DATA.
Add functions to save the location the first time IBs emitted and callback
to patch the package when resubmission happens.
Signed-off-by: Jiadong Zhu <Jiadong.Zhu@amd.com>
Acked-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org # 6.3.x
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c | 18 ++++++++
drivers/gpu/drm/amd/amdgpu/amdgpu_ring.h | 9 ++++
drivers/gpu/drm/amd/amdgpu/amdgpu_ring_mux.c | 60 +++++++++++++++++++++++++++
drivers/gpu/drm/amd/amdgpu/amdgpu_ring_mux.h | 15 ++++++
4 files changed, 102 insertions(+)
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c
@@ -581,3 +581,21 @@ void amdgpu_ring_ib_end(struct amdgpu_ri
if (ring->is_sw_ring)
amdgpu_sw_ring_ib_end(ring);
}
+
+void amdgpu_ring_ib_on_emit_cntl(struct amdgpu_ring *ring)
+{
+ if (ring->is_sw_ring)
+ amdgpu_sw_ring_ib_mark_offset(ring, AMDGPU_MUX_OFFSET_TYPE_CONTROL);
+}
+
+void amdgpu_ring_ib_on_emit_ce(struct amdgpu_ring *ring)
+{
+ if (ring->is_sw_ring)
+ amdgpu_sw_ring_ib_mark_offset(ring, AMDGPU_MUX_OFFSET_TYPE_CE);
+}
+
+void amdgpu_ring_ib_on_emit_de(struct amdgpu_ring *ring)
+{
+ if (ring->is_sw_ring)
+ amdgpu_sw_ring_ib_mark_offset(ring, AMDGPU_MUX_OFFSET_TYPE_DE);
+}
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ring.h
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ring.h
@@ -227,6 +227,9 @@ struct amdgpu_ring_funcs {
int (*preempt_ib)(struct amdgpu_ring *ring);
void (*emit_mem_sync)(struct amdgpu_ring *ring);
void (*emit_wave_limit)(struct amdgpu_ring *ring, bool enable);
+ void (*patch_cntl)(struct amdgpu_ring *ring, unsigned offset);
+ void (*patch_ce)(struct amdgpu_ring *ring, unsigned offset);
+ void (*patch_de)(struct amdgpu_ring *ring, unsigned offset);
};
struct amdgpu_ring {
@@ -316,10 +319,16 @@ struct amdgpu_ring {
#define amdgpu_ring_init_cond_exec(r) (r)->funcs->init_cond_exec((r))
#define amdgpu_ring_patch_cond_exec(r,o) (r)->funcs->patch_cond_exec((r),(o))
#define amdgpu_ring_preempt_ib(r) (r)->funcs->preempt_ib(r)
+#define amdgpu_ring_patch_cntl(r, o) ((r)->funcs->patch_cntl((r), (o)))
+#define amdgpu_ring_patch_ce(r, o) ((r)->funcs->patch_ce((r), (o)))
+#define amdgpu_ring_patch_de(r, o) ((r)->funcs->patch_de((r), (o)))
int amdgpu_ring_alloc(struct amdgpu_ring *ring, unsigned ndw);
void amdgpu_ring_ib_begin(struct amdgpu_ring *ring);
void amdgpu_ring_ib_end(struct amdgpu_ring *ring);
+void amdgpu_ring_ib_on_emit_cntl(struct amdgpu_ring *ring);
+void amdgpu_ring_ib_on_emit_ce(struct amdgpu_ring *ring);
+void amdgpu_ring_ib_on_emit_de(struct amdgpu_ring *ring);
void amdgpu_ring_insert_nop(struct amdgpu_ring *ring, uint32_t count);
void amdgpu_ring_generic_pad_ib(struct amdgpu_ring *ring, struct amdgpu_ib *ib);
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ring_mux.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ring_mux.c
@@ -105,6 +105,16 @@ static void amdgpu_mux_resubmit_chunks(s
amdgpu_fence_update_start_timestamp(e->ring,
chunk->sync_seq,
ktime_get());
+ if (chunk->sync_seq ==
+ le32_to_cpu(*(e->ring->fence_drv.cpu_addr + 2))) {
+ if (chunk->cntl_offset <= e->ring->buf_mask)
+ amdgpu_ring_patch_cntl(e->ring,
+ chunk->cntl_offset);
+ if (chunk->ce_offset <= e->ring->buf_mask)
+ amdgpu_ring_patch_ce(e->ring, chunk->ce_offset);
+ if (chunk->de_offset <= e->ring->buf_mask)
+ amdgpu_ring_patch_de(e->ring, chunk->de_offset);
+ }
amdgpu_ring_mux_copy_pkt_from_sw_ring(mux, e->ring,
chunk->start,
chunk->end);
@@ -407,6 +417,17 @@ void amdgpu_sw_ring_ib_end(struct amdgpu
amdgpu_ring_mux_end_ib(mux, ring);
}
+void amdgpu_sw_ring_ib_mark_offset(struct amdgpu_ring *ring, enum amdgpu_ring_mux_offset_type type)
+{
+ struct amdgpu_device *adev = ring->adev;
+ struct amdgpu_ring_mux *mux = &adev->gfx.muxer;
+ unsigned offset;
+
+ offset = ring->wptr & ring->buf_mask;
+
+ amdgpu_ring_mux_ib_mark_offset(mux, ring, offset, type);
+}
+
void amdgpu_ring_mux_start_ib(struct amdgpu_ring_mux *mux, struct amdgpu_ring *ring)
{
struct amdgpu_mux_entry *e;
@@ -429,6 +450,10 @@ void amdgpu_ring_mux_start_ib(struct amd
}
chunk->start = ring->wptr;
+ /* the initialized value used to check if they are set by the ib submission*/
+ chunk->cntl_offset = ring->buf_mask + 1;
+ chunk->de_offset = ring->buf_mask + 1;
+ chunk->ce_offset = ring->buf_mask + 1;
list_add_tail(&chunk->entry, &e->list);
}
@@ -454,6 +479,41 @@ static void scan_and_remove_signaled_chu
}
}
+void amdgpu_ring_mux_ib_mark_offset(struct amdgpu_ring_mux *mux,
+ struct amdgpu_ring *ring, u64 offset,
+ enum amdgpu_ring_mux_offset_type type)
+{
+ struct amdgpu_mux_entry *e;
+ struct amdgpu_mux_chunk *chunk;
+
+ e = amdgpu_ring_mux_sw_entry(mux, ring);
+ if (!e) {
+ DRM_ERROR("cannot find entry!\n");
+ return;
+ }
+
+ chunk = list_last_entry(&e->list, struct amdgpu_mux_chunk, entry);
+ if (!chunk) {
+ DRM_ERROR("cannot find chunk!\n");
+ return;
+ }
+
+ switch (type) {
+ case AMDGPU_MUX_OFFSET_TYPE_CONTROL:
+ chunk->cntl_offset = offset;
+ break;
+ case AMDGPU_MUX_OFFSET_TYPE_DE:
+ chunk->de_offset = offset;
+ break;
+ case AMDGPU_MUX_OFFSET_TYPE_CE:
+ chunk->ce_offset = offset;
+ break;
+ default:
+ DRM_ERROR("invalid type (%d)\n", type);
+ break;
+ }
+}
+
void amdgpu_ring_mux_end_ib(struct amdgpu_ring_mux *mux, struct amdgpu_ring *ring)
{
struct amdgpu_mux_entry *e;
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ring_mux.h
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ring_mux.h
@@ -50,6 +50,12 @@ struct amdgpu_mux_entry {
struct list_head list;
};
+enum amdgpu_ring_mux_offset_type {
+ AMDGPU_MUX_OFFSET_TYPE_CONTROL,
+ AMDGPU_MUX_OFFSET_TYPE_DE,
+ AMDGPU_MUX_OFFSET_TYPE_CE,
+};
+
struct amdgpu_ring_mux {
struct amdgpu_ring *real_ring;
@@ -72,12 +78,18 @@ struct amdgpu_ring_mux {
* @sync_seq: the fence seqno related with the saved IB.
* @start:- start location on the software ring.
* @end:- end location on the software ring.
+ * @control_offset:- the PRE_RESUME bit position used for resubmission.
+ * @de_offset:- the anchor in write_data for de meta of resubmission.
+ * @ce_offset:- the anchor in write_data for ce meta of resubmission.
*/
struct amdgpu_mux_chunk {
struct list_head entry;
uint32_t sync_seq;
u64 start;
u64 end;
+ u64 cntl_offset;
+ u64 de_offset;
+ u64 ce_offset;
};
int amdgpu_ring_mux_init(struct amdgpu_ring_mux *mux, struct amdgpu_ring *ring,
@@ -89,6 +101,8 @@ u64 amdgpu_ring_mux_get_wptr(struct amdg
u64 amdgpu_ring_mux_get_rptr(struct amdgpu_ring_mux *mux, struct amdgpu_ring *ring);
void amdgpu_ring_mux_start_ib(struct amdgpu_ring_mux *mux, struct amdgpu_ring *ring);
void amdgpu_ring_mux_end_ib(struct amdgpu_ring_mux *mux, struct amdgpu_ring *ring);
+void amdgpu_ring_mux_ib_mark_offset(struct amdgpu_ring_mux *mux, struct amdgpu_ring *ring,
+ u64 offset, enum amdgpu_ring_mux_offset_type type);
bool amdgpu_mcbp_handle_trailing_fence_irq(struct amdgpu_ring_mux *mux);
u64 amdgpu_sw_ring_get_rptr_gfx(struct amdgpu_ring *ring);
@@ -97,6 +111,7 @@ void amdgpu_sw_ring_set_wptr_gfx(struct
void amdgpu_sw_ring_insert_nop(struct amdgpu_ring *ring, uint32_t count);
void amdgpu_sw_ring_ib_begin(struct amdgpu_ring *ring);
void amdgpu_sw_ring_ib_end(struct amdgpu_ring *ring);
+void amdgpu_sw_ring_ib_mark_offset(struct amdgpu_ring *ring, enum amdgpu_ring_mux_offset_type type);
const char *amdgpu_sw_ring_name(int idx);
unsigned int amdgpu_sw_ring_priority(int idx);
^ permalink raw reply [flat|nested] 200+ messages in thread
* [PATCH 6.3 091/187] ALSA: hda/realtek: Add a quirk for Compaq N14JP6
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (89 preceding siblings ...)
2023-06-19 10:28 ` [PATCH 6.3 090/187] drm/amdgpu: Modify indirect buffer packages " Greg Kroah-Hartman
@ 2023-06-19 10:28 ` Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 092/187] thunderbolt: Increase DisplayPort Connection Manager handshake timeout Greg Kroah-Hartman
` (107 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:28 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Edson Juliano Drosdeck, Takashi Iwai
From: Edson Juliano Drosdeck <edson.drosdeck@gmail.com>
commit a2a871483161014f1bcc4e9a04354b01aa77cedb upstream.
Add a quirk for Compaq N14JP6 to fixup ALC897 headset MIC no sound.
Signed-off-by: Edson Juliano Drosdeck <edson.drosdeck@gmail.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20230609201058.523499-1-edson.drosdeck@gmail.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/patch_realtek.c | 1 +
1 file changed, 1 insertion(+)
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -11738,6 +11738,7 @@ static const struct snd_pci_quirk alc662
SND_PCI_QUIRK(0x1b0a, 0x01b8, "ACER Veriton", ALC662_FIXUP_ACER_VERITON),
SND_PCI_QUIRK(0x1b35, 0x1234, "CZC ET26", ALC662_FIXUP_CZC_ET26),
SND_PCI_QUIRK(0x1b35, 0x2206, "CZC P10T", ALC662_FIXUP_CZC_P10T),
+ SND_PCI_QUIRK(0x1c6c, 0x1239, "Compaq N14JP6-V2", ALC897_FIXUP_HP_HSMIC_VERB),
#if 0
/* Below is a quirk table taken from the old code.
^ permalink raw reply [flat|nested] 200+ messages in thread
* [PATCH 6.3 092/187] thunderbolt: Increase DisplayPort Connection Manager handshake timeout
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (90 preceding siblings ...)
2023-06-19 10:28 ` [PATCH 6.3 091/187] ALSA: hda/realtek: Add a quirk for Compaq N14JP6 Greg Kroah-Hartman
@ 2023-06-19 10:28 ` Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 093/187] thunderbolt: Do not touch CL state configuration during discovery Greg Kroah-Hartman
` (106 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Koba Ko, Yehezkel Bernat,
Mika Westerberg
From: Mika Westerberg <mika.westerberg@linux.intel.com>
commit b6d572aeb58a5e0be86bd51ea514c4feba996cc4 upstream.
It turns out that when plugging in VGA cable through USB-C to VGA/DVI
dongle the Connection Manager handshake can take longer time, at least
on Intel Titan Ridge based docks such as Dell WD91TB. This leads to
following error in the dmesg:
thunderbolt 0000:00:0d.3: 3:10: DP tunnel activation failed, aborting
and the display stays blank (because we failed to establish the tunnel).
For this reason increase the timeout to 3s.
Reported-by: Koba Ko <koba.ko@canonical.com>
Cc: stable@vger.kernel.org
Acked-By: Yehezkel Bernat <YehezkelShB@gmail.com>
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/thunderbolt/tunnel.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/thunderbolt/tunnel.c
+++ b/drivers/thunderbolt/tunnel.c
@@ -526,7 +526,7 @@ static int tb_dp_xchg_caps(struct tb_tun
* Perform connection manager handshake between IN and OUT ports
* before capabilities exchange can take place.
*/
- ret = tb_dp_cm_handshake(in, out, 1500);
+ ret = tb_dp_cm_handshake(in, out, 3000);
if (ret)
return ret;
^ permalink raw reply [flat|nested] 200+ messages in thread
* [PATCH 6.3 093/187] thunderbolt: Do not touch CL state configuration during discovery
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (91 preceding siblings ...)
2023-06-19 10:28 ` [PATCH 6.3 092/187] thunderbolt: Increase DisplayPort Connection Manager handshake timeout Greg Kroah-Hartman
@ 2023-06-19 10:28 ` Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 094/187] thunderbolt: dma_test: Use correct value for absent rings when creating paths Greg Kroah-Hartman
` (105 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Koba Ko, Yehezkel Bernat,
Mika Westerberg
From: Mika Westerberg <mika.westerberg@linux.intel.com>
commit 3fe95742af29b8b4eccab2ba94bc521805c6e10c upstream.
If the boot firmware has already established tunnels, especially ones
that have special requirements from the link such as DisplayPort, we
should not blindly enable CL states (nor change the TMU configuration).
Otherwise the existing tunnels may not work as expected.
For this reason, skip the CL state enabling when we go over the existing
topology. This will also keep the TMU settings untouched because we do
not change the TMU configuration when CL states are not enabled.
Reported-by: Koba Ko <koba.ko@canonical.com>
Closes: https://gitlab.freedesktop.org/drm/intel/-/issues/7831
Cc: stable@vger.kernel.org # v6.0+
Acked-By: Yehezkel Bernat <YehezkelShB@gmail.com>
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/thunderbolt/tb.c | 17 ++++++++++++-----
1 file changed, 12 insertions(+), 5 deletions(-)
--- a/drivers/thunderbolt/tb.c
+++ b/drivers/thunderbolt/tb.c
@@ -737,6 +737,7 @@ static void tb_scan_port(struct tb_port
{
struct tb_cm *tcm = tb_priv(port->sw->tb);
struct tb_port *upstream_port;
+ bool discovery = false;
struct tb_switch *sw;
int ret;
@@ -804,8 +805,10 @@ static void tb_scan_port(struct tb_port
* tunnels and know which switches were authorized already by
* the boot firmware.
*/
- if (!tcm->hotplug_active)
+ if (!tcm->hotplug_active) {
dev_set_uevent_suppress(&sw->dev, true);
+ discovery = true;
+ }
/*
* At the moment Thunderbolt 2 and beyond (devices with LC) we
@@ -835,10 +838,14 @@ static void tb_scan_port(struct tb_port
* CL0s and CL1 are enabled and supported together.
* Silently ignore CLx enabling in case CLx is not supported.
*/
- ret = tb_switch_enable_clx(sw, TB_CL1);
- if (ret && ret != -EOPNOTSUPP)
- tb_sw_warn(sw, "failed to enable %s on upstream port\n",
- tb_switch_clx_name(TB_CL1));
+ if (discovery) {
+ tb_sw_dbg(sw, "discovery, not touching CL states\n");
+ } else {
+ ret = tb_switch_enable_clx(sw, TB_CL1);
+ if (ret && ret != -EOPNOTSUPP)
+ tb_sw_warn(sw, "failed to enable %s on upstream port\n",
+ tb_switch_clx_name(TB_CL1));
+ }
if (tb_switch_is_clx_enabled(sw, TB_CL1))
/*
^ permalink raw reply [flat|nested] 200+ messages in thread
* [PATCH 6.3 094/187] thunderbolt: dma_test: Use correct value for absent rings when creating paths
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (92 preceding siblings ...)
2023-06-19 10:28 ` [PATCH 6.3 093/187] thunderbolt: Do not touch CL state configuration during discovery Greg Kroah-Hartman
@ 2023-06-19 10:28 ` Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 095/187] thunderbolt: Mask ring interrupt on Intel hardware as well Greg Kroah-Hartman
` (104 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:28 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Pengfei Xu, Mika Westerberg
From: Mika Westerberg <mika.westerberg@linux.intel.com>
commit 70c2e03e9aaf17496c63f6e42333c012f5ae5307 upstream.
Both tb_xdomain_enable_paths() and tb_xdomain_disable_paths() expect -1,
not 0, if the corresponding ring is not needed. For this reason change
the driver to use correct value for the rings that are not needed.
Fixes: 180b0689425c ("thunderbolt: Allow multiple DMA tunnels over a single XDomain connection")
Cc: stable@vger.kernel.org
Reported-by: Pengfei Xu <pengfei.xu@intel.com>
Tested-by: Pengfei Xu <pengfei.xu@intel.com>
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/thunderbolt/dma_test.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/drivers/thunderbolt/dma_test.c
+++ b/drivers/thunderbolt/dma_test.c
@@ -192,9 +192,9 @@ static int dma_test_start_rings(struct d
}
ret = tb_xdomain_enable_paths(dt->xd, dt->tx_hopid,
- dt->tx_ring ? dt->tx_ring->hop : 0,
+ dt->tx_ring ? dt->tx_ring->hop : -1,
dt->rx_hopid,
- dt->rx_ring ? dt->rx_ring->hop : 0);
+ dt->rx_ring ? dt->rx_ring->hop : -1);
if (ret) {
dma_test_free_rings(dt);
return ret;
@@ -218,9 +218,9 @@ static void dma_test_stop_rings(struct d
tb_ring_stop(dt->tx_ring);
ret = tb_xdomain_disable_paths(dt->xd, dt->tx_hopid,
- dt->tx_ring ? dt->tx_ring->hop : 0,
+ dt->tx_ring ? dt->tx_ring->hop : -1,
dt->rx_hopid,
- dt->rx_ring ? dt->rx_ring->hop : 0);
+ dt->rx_ring ? dt->rx_ring->hop : -1);
if (ret)
dev_warn(&dt->svc->dev, "failed to disable DMA paths\n");
^ permalink raw reply [flat|nested] 200+ messages in thread
* [PATCH 6.3 095/187] thunderbolt: Mask ring interrupt on Intel hardware as well
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (93 preceding siblings ...)
2023-06-19 10:28 ` [PATCH 6.3 094/187] thunderbolt: dma_test: Use correct value for absent rings when creating paths Greg Kroah-Hartman
@ 2023-06-19 10:28 ` Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 096/187] clk: pxa: fix NULL pointer dereference in pxa3xx_clk_update_accr Greg Kroah-Hartman
` (103 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, beld zhang, Mario Limonciello,
Mika Westerberg
From: Mika Westerberg <mika.westerberg@linux.intel.com>
commit 9f9666e65359d5047089aef97ac87c50f624ecb0 upstream.
When resuming from system sleep states the driver issues following
warning on Intel hardware:
thunderbolt 0000:07:00.0: interrupt for TX ring 0 is already enabled
The reason for this is that the commit in question did not mask the ring
interrupt on Intel hardware leaving the interrupt active. Fix this by
masking it also in Intel hardware.
Reported-by: beld zhang <beldzhang@gmail.com>
Tested-by: beld zhang <beldzhang@gmail.com>
Closes: https://lore.kernel.org/linux-usb/ZHKW5NeabmfhgLbY@debian.me/
Fixes: c4af8e3fecd0 ("thunderbolt: Clear registers properly when auto clear isn't in use")
Cc: stable@vger.kernel.org
Reviewed-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/thunderbolt/nhi.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
--- a/drivers/thunderbolt/nhi.c
+++ b/drivers/thunderbolt/nhi.c
@@ -56,9 +56,14 @@ static int ring_interrupt_index(const st
static void nhi_mask_interrupt(struct tb_nhi *nhi, int mask, int ring)
{
- if (nhi->quirks & QUIRK_AUTO_CLEAR_INT)
- return;
- iowrite32(mask, nhi->iobase + REG_RING_INTERRUPT_MASK_CLEAR_BASE + ring);
+ if (nhi->quirks & QUIRK_AUTO_CLEAR_INT) {
+ u32 val;
+
+ val = ioread32(nhi->iobase + REG_RING_INTERRUPT_BASE + ring);
+ iowrite32(val & ~mask, nhi->iobase + REG_RING_INTERRUPT_BASE + ring);
+ } else {
+ iowrite32(mask, nhi->iobase + REG_RING_INTERRUPT_MASK_CLEAR_BASE + ring);
+ }
}
static void nhi_clear_interrupt(struct tb_nhi *nhi, int ring)
^ permalink raw reply [flat|nested] 200+ messages in thread
* [PATCH 6.3 096/187] clk: pxa: fix NULL pointer dereference in pxa3xx_clk_update_accr
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (94 preceding siblings ...)
2023-06-19 10:28 ` [PATCH 6.3 095/187] thunderbolt: Mask ring interrupt on Intel hardware as well Greg Kroah-Hartman
@ 2023-06-19 10:28 ` Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 097/187] USB: serial: option: add Quectel EM061KGL series Greg Kroah-Hartman
` (102 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, kernel test robot, Arnd Bergmann,
Stephen Boyd
From: Arnd Bergmann <arnd@arndb.de>
commit 23200a4c8ac284f8b4263d7cecaefecaa3ad6732 upstream.
sparse points out an embarrasing bug in an older patch of mine,
which uses the register offset instead of an __iomem pointer:
drivers/clk/pxa/clk-pxa3xx.c:167:9: sparse: sparse: Using plain integer as NULL pointer
Unlike sparse, gcc and clang ignore this bug and fail to warn
because a literal '0' is considered a valid representation of
a NULL pointer.
Fixes: 3c816d950a49 ("ARM: pxa: move clk register definitions to driver")
Cc: stable@vger.kernel.org
Reported-by: kernel test robot <lkp@intel.com>
Link: https://lore.kernel.org/oe-kbuild-all/202305111301.RAHohdob-lkp@intel.com/
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Link: https://lore.kernel.org/r/20230511105845.299859-1-arnd@kernel.org
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/clk/pxa/clk-pxa3xx.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/clk/pxa/clk-pxa3xx.c
+++ b/drivers/clk/pxa/clk-pxa3xx.c
@@ -164,7 +164,7 @@ void pxa3xx_clk_update_accr(u32 disable,
accr &= ~disable;
accr |= enable;
- writel(accr, ACCR);
+ writel(accr, clk_regs + ACCR);
if (xclkcfg)
__asm__("mcr p14, 0, %0, c6, c0, 0\n" : : "r"(xclkcfg));
^ permalink raw reply [flat|nested] 200+ messages in thread
* [PATCH 6.3 097/187] USB: serial: option: add Quectel EM061KGL series
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (95 preceding siblings ...)
2023-06-19 10:28 ` [PATCH 6.3 096/187] clk: pxa: fix NULL pointer dereference in pxa3xx_clk_update_accr Greg Kroah-Hartman
@ 2023-06-19 10:28 ` Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 098/187] serial: lantiq: add missing interrupt ack Greg Kroah-Hartman
` (101 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:28 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Jerry Meng, Johan Hovold
From: Jerry Meng <jerry-meng@foxmail.com>
commit f1832e2b5e498e258b090af3b065b85cf8cc5161 upstream.
Add support for Quectel EM061KGL series which are based on Qualcomm
SDX12 chip:
EM061KGL_LTA(0x2c7c / 0x0123): MBIM + GNSS + DIAG + NMEA + AT + QDSS + DPL
EM061KGL_LMS(0x2c7c / 0x0124): MBIM + GNSS + DIAG + NMEA + AT + QDSS + DPL
EM061KGL_LWW(0x2c7c / 0x6008): MBIM + GNSS + DIAG + NMEA + AT + QDSS + DPL
EM061KGL_LCN(0x2c7c / 0x6009): MBIM + GNSS + DIAG + NMEA + AT + QDSS + DPL
Above products use the exact same interface layout and
option driver is for interfaces DIAG, NMEA and AT.
T: Bus=03 Lev=01 Prnt=01 Port=01 Cnt=02 Dev#= 5 Spd=480 MxCh= 0
D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1
P: Vendor=2c7c ProdID=6008 Rev= 5.04
S: Manufacturer=Quectel
S: Product=Quectel EM061K-GL
S: SerialNumber=f6fa08b6
C:* #Ifs= 8 Cfg#= 1 Atr=a0 MxPwr=500mA
A: FirstIf#= 0 IfCount= 2 Cls=02(comm.) Sub=0e Prot=00
I:* If#= 0 Alt= 0 #EPs= 1 Cls=02(comm.) Sub=0e Prot=00 Driver=cdc_mbim
E: Ad=81(I) Atr=03(Int.) MxPS= 64 Ivl=32ms
I: If#= 1 Alt= 0 #EPs= 0 Cls=0a(data ) Sub=00 Prot=02 Driver=cdc_mbim
I:* If#= 1 Alt= 1 #EPs= 2 Cls=0a(data ) Sub=00 Prot=02 Driver=cdc_mbim
E: Ad=8e(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=0f(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 2 Alt= 0 #EPs= 1 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none)
E: Ad=82(I) Atr=03(Int.) MxPS= 64 Ivl=32ms
I:* If#= 3 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=30 Driver=option
E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=83(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=40 Driver=option
E: Ad=85(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
E: Ad=84(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 5 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option
E: Ad=87(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
E: Ad=86(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 6 Alt= 0 #EPs= 1 Cls=ff(vend.) Sub=ff Prot=70 Driver=(none)
E: Ad=88(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 7 Alt= 0 #EPs= 1 Cls=ff(vend.) Sub=ff Prot=80 Driver=(none)
E: Ad=8f(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
Signed-off-by: Jerry Meng <jerry-meng@foxmail.com>
Cc: stable@vger.kernel.org
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/serial/option.c | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
--- a/drivers/usb/serial/option.c
+++ b/drivers/usb/serial/option.c
@@ -248,6 +248,8 @@ static void option_instat_callback(struc
#define QUECTEL_VENDOR_ID 0x2c7c
/* These Quectel products use Quectel's vendor ID */
#define QUECTEL_PRODUCT_EC21 0x0121
+#define QUECTEL_PRODUCT_EM061K_LTA 0x0123
+#define QUECTEL_PRODUCT_EM061K_LMS 0x0124
#define QUECTEL_PRODUCT_EC25 0x0125
#define QUECTEL_PRODUCT_EG91 0x0191
#define QUECTEL_PRODUCT_EG95 0x0195
@@ -266,6 +268,8 @@ static void option_instat_callback(struc
#define QUECTEL_PRODUCT_RM520N 0x0801
#define QUECTEL_PRODUCT_EC200U 0x0901
#define QUECTEL_PRODUCT_EC200S_CN 0x6002
+#define QUECTEL_PRODUCT_EM061K_LWW 0x6008
+#define QUECTEL_PRODUCT_EM061K_LCN 0x6009
#define QUECTEL_PRODUCT_EC200T 0x6026
#define QUECTEL_PRODUCT_RM500K 0x7001
@@ -1189,6 +1193,18 @@ static const struct usb_device_id option
{ USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EM060K, 0xff, 0x00, 0x40) },
{ USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EM060K, 0xff, 0xff, 0x30) },
{ USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EM060K, 0xff, 0xff, 0x40) },
+ { USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EM061K_LCN, 0xff, 0xff, 0x30) },
+ { USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EM061K_LCN, 0xff, 0x00, 0x40) },
+ { USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EM061K_LCN, 0xff, 0xff, 0x40) },
+ { USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EM061K_LMS, 0xff, 0xff, 0x30) },
+ { USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EM061K_LMS, 0xff, 0x00, 0x40) },
+ { USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EM061K_LMS, 0xff, 0xff, 0x40) },
+ { USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EM061K_LTA, 0xff, 0xff, 0x30) },
+ { USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EM061K_LTA, 0xff, 0x00, 0x40) },
+ { USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EM061K_LTA, 0xff, 0xff, 0x40) },
+ { USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EM061K_LWW, 0xff, 0xff, 0x30) },
+ { USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EM061K_LWW, 0xff, 0x00, 0x40) },
+ { USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EM061K_LWW, 0xff, 0xff, 0x40) },
{ USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EM12, 0xff, 0xff, 0xff),
.driver_info = RSVD(1) | RSVD(2) | RSVD(3) | RSVD(4) | NUMEP2 },
{ USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EM12, 0xff, 0, 0) },
^ permalink raw reply [flat|nested] 200+ messages in thread
* [PATCH 6.3 098/187] serial: lantiq: add missing interrupt ack
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (96 preceding siblings ...)
2023-06-19 10:28 ` [PATCH 6.3 097/187] USB: serial: option: add Quectel EM061KGL series Greg Kroah-Hartman
@ 2023-06-19 10:28 ` Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 099/187] tty: serial: fsl_lpuart: reduce RX watermark to 0 on LS1028A Greg Kroah-Hartman
` (100 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:28 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Bernhard Seibold, Ilpo Järvinen
From: Bernhard Seibold <mail@bernhard-seibold.de>
commit 306320034e8fbe7ee1cc4f5269c55658b4612048 upstream.
Currently, the error interrupt is never acknowledged, so once active it
will stay active indefinitely, causing the handler to be called in an
infinite loop.
Fixes: 2f0fc4159a6a ("SERIAL: Lantiq: Add driver for MIPS Lantiq SOCs.")
Cc: <stable@vger.kernel.org>
Signed-off-by: Bernhard Seibold <mail@bernhard-seibold.de>
Reviewed-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Message-ID: <20230602133029.546-1-mail@bernhard-seibold.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/tty/serial/lantiq.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/tty/serial/lantiq.c
+++ b/drivers/tty/serial/lantiq.c
@@ -250,6 +250,7 @@ lqasc_err_int(int irq, void *_port)
struct ltq_uart_port *ltq_port = to_ltq_uart_port(port);
spin_lock_irqsave(<q_port->lock, flags);
+ __raw_writel(ASC_IRNCR_EIR, port->membase + LTQ_ASC_IRNCR);
/* clear any pending interrupts */
asc_update_bits(0, ASCWHBSTATE_CLRPE | ASCWHBSTATE_CLRFE |
ASCWHBSTATE_CLRROE, port->membase + LTQ_ASC_WHBSTATE);
^ permalink raw reply [flat|nested] 200+ messages in thread
* [PATCH 6.3 099/187] tty: serial: fsl_lpuart: reduce RX watermark to 0 on LS1028A
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (97 preceding siblings ...)
2023-06-19 10:28 ` [PATCH 6.3 098/187] serial: lantiq: add missing interrupt ack Greg Kroah-Hartman
@ 2023-06-19 10:28 ` Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 100/187] usb: typec: ucsi: Fix command cancellation Greg Kroah-Hartman
` (99 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:28 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, stable, Robert Hodaszi
From: Robert Hodaszi <robert.hodaszi@digi.com>
commit a82c3df955f8c1c726e4976527aa6ae924a67dd9 upstream.
LS1028A is using DMA with LPUART. Having RX watermark set to 1, means
DMA transactions are started only after receiving the second character.
On other platforms with newer LPUART IP, Receiver Idle Empty function
initiates the DMA request after the receiver is idling for 4 characters.
But this feature is missing on LS1028A, which is causing a 1-character
delay in the RX direction on this platform.
Set RX watermark to 0 to initiate RX DMA after each character.
Link: https://lore.kernel.org/linux-serial/20230607103459.1222426-1-robert.hodaszi@digi.com/
Fixes: 9ad9df844754 ("tty: serial: fsl_lpuart: Fix the wrong RXWATER setting for rx dma case")
Cc: stable <stable@kernel.org>
Signed-off-by: Robert Hodaszi <robert.hodaszi@digi.com>
Message-ID: <20230609121334.1878626-1-robert.hodaszi@digi.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/tty/serial/fsl_lpuart.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/tty/serial/fsl_lpuart.c
+++ b/drivers/tty/serial/fsl_lpuart.c
@@ -310,7 +310,7 @@ static const struct lpuart_soc_data ls10
static const struct lpuart_soc_data ls1028a_data = {
.devtype = LS1028A_LPUART,
.iotype = UPIO_MEM32,
- .rx_watermark = 1,
+ .rx_watermark = 0,
};
static struct lpuart_soc_data imx7ulp_data = {
^ permalink raw reply [flat|nested] 200+ messages in thread
* [PATCH 6.3 100/187] usb: typec: ucsi: Fix command cancellation
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (98 preceding siblings ...)
2023-06-19 10:28 ` [PATCH 6.3 099/187] tty: serial: fsl_lpuart: reduce RX watermark to 0 on LS1028A Greg Kroah-Hartman
@ 2023-06-19 10:28 ` Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 101/187] usb: typec: Fix fast_role_swap_current show function Greg Kroah-Hartman
` (98 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:28 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Stephan Bolten, Heikki Krogerus
From: Heikki Krogerus <heikki.krogerus@linux.intel.com>
commit c4a8bfabefed706bb9150867db528ceefd5cb5fe upstream.
The Cancel command was passed to the write callback as the
offset instead of as the actual command which caused NULL
pointer dereference.
Reported-by: Stephan Bolten <stephan.bolten@gmx.net>
Closes: https://bugzilla.kernel.org/show_bug.cgi?id=217517
Fixes: 094902bc6a3c ("usb: typec: ucsi: Always cancel the command if PPM reports BUSY condition")
Cc: stable@vger.kernel.org
Signed-off-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Message-ID: <20230606115802.79339-1-heikki.krogerus@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/typec/ucsi/ucsi.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
--- a/drivers/usb/typec/ucsi/ucsi.c
+++ b/drivers/usb/typec/ucsi/ucsi.c
@@ -132,10 +132,8 @@ static int ucsi_exec_command(struct ucsi
if (ret)
return ret;
- if (cci & UCSI_CCI_BUSY) {
- ucsi->ops->async_write(ucsi, UCSI_CANCEL, NULL, 0);
- return -EBUSY;
- }
+ if (cmd != UCSI_CANCEL && cci & UCSI_CCI_BUSY)
+ return ucsi_exec_command(ucsi, UCSI_CANCEL);
if (!(cci & UCSI_CCI_COMMAND_COMPLETE))
return -EIO;
@@ -149,6 +147,11 @@ static int ucsi_exec_command(struct ucsi
return ucsi_read_error(ucsi);
}
+ if (cmd == UCSI_CANCEL && cci & UCSI_CCI_CANCEL_COMPLETE) {
+ ret = ucsi_acknowledge_command(ucsi);
+ return ret ? ret : -EBUSY;
+ }
+
return UCSI_CCI_LENGTH(cci);
}
^ permalink raw reply [flat|nested] 200+ messages in thread
* [PATCH 6.3 101/187] usb: typec: Fix fast_role_swap_current show function
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (99 preceding siblings ...)
2023-06-19 10:28 ` [PATCH 6.3 100/187] usb: typec: ucsi: Fix command cancellation Greg Kroah-Hartman
@ 2023-06-19 10:28 ` Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 102/187] usb: gadget: udc: core: Offload usb_udc_vbus_handler processing Greg Kroah-Hartman
` (97 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, stable, Benson Leung, Pavan Holla,
Heikki Krogerus
From: Pavan Holla <pholla@chromium.org>
commit 92c9c3baad6b1fd584fbabeaa4756f9b77926cb5 upstream.
The current implementation mistakenly performs a & operation on
the output of sysfs_emit. This patch performs the & operation before
calling sysfs_emit.
Fixes: 662a60102c12 ("usb: typec: Separate USB Power Delivery from USB Type-C")
Cc: stable <stable@kernel.org>
Reported-by: Benson Leung <bleung@chromium.org>
Signed-off-by: Pavan Holla <pholla@chromium.org>
Reviewed-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Reviewed-by: Benson Leung <bleung@chromium.org>
Message-ID: <20230607193328.3359487-1-pholla@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/typec/pd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/usb/typec/pd.c
+++ b/drivers/usb/typec/pd.c
@@ -96,7 +96,7 @@ peak_current_show(struct device *dev, st
static ssize_t
fast_role_swap_current_show(struct device *dev, struct device_attribute *attr, char *buf)
{
- return sysfs_emit(buf, "%u\n", to_pdo(dev)->pdo >> PDO_FIXED_FRS_CURR_SHIFT) & 3;
+ return sysfs_emit(buf, "%u\n", (to_pdo(dev)->pdo >> PDO_FIXED_FRS_CURR_SHIFT) & 3);
}
static DEVICE_ATTR_RO(fast_role_swap_current);
^ permalink raw reply [flat|nested] 200+ messages in thread
* [PATCH 6.3 102/187] usb: gadget: udc: core: Offload usb_udc_vbus_handler processing
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (100 preceding siblings ...)
2023-06-19 10:28 ` [PATCH 6.3 101/187] usb: typec: Fix fast_role_swap_current show function Greg Kroah-Hartman
@ 2023-06-19 10:28 ` Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 103/187] usb: gadget: udc: core: Prevent soft_connect_store() race Greg Kroah-Hartman
` (96 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:28 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Badhri Jagan Sridharan, Alan Stern
From: Badhri Jagan Sridharan <badhri@google.com>
commit 50966da807c81c5eb3bdfd392990fe0bba94d1ee upstream.
usb_udc_vbus_handler() can be invoked from interrupt context by irq
handlers of the gadget drivers, however, usb_udc_connect_control() has
to run in non-atomic context due to the following:
a. Some of the gadget driver implementations expect the ->pullup
callback to be invoked in non-atomic context.
b. usb_gadget_disconnect() acquires udc_lock which is a mutex.
Hence offload invocation of usb_udc_connect_control()
to workqueue.
UDC should not be pulled up unless gadget driver is bound. The new flag
"allow_connect" is now set by gadget_bind_driver() and cleared by
gadget_unbind_driver(). This prevents work item to pull up the gadget
even if queued when the gadget driver is already unbound.
Cc: stable@vger.kernel.org
Fixes: 1016fc0c096c ("USB: gadget: Fix obscure lockdep violation for udc_mutex")
Signed-off-by: Badhri Jagan Sridharan <badhri@google.com>
Reviewed-by: Alan Stern <stern@rowland.harvard.edu>
Message-ID: <20230609010227.978661-1-badhri@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/gadget/udc/core.c | 29 +++++++++++++++++++++++++++--
1 file changed, 27 insertions(+), 2 deletions(-)
--- a/drivers/usb/gadget/udc/core.c
+++ b/drivers/usb/gadget/udc/core.c
@@ -37,6 +37,9 @@ static struct bus_type gadget_bus_type;
* @vbus: for udcs who care about vbus status, this value is real vbus status;
* for udcs who do not care about vbus status, this value is always true
* @started: the UDC's started state. True if the UDC had started.
+ * @allow_connect: Indicates whether UDC is allowed to be pulled up.
+ * Set/cleared by gadget_(un)bind_driver() after gadget driver is bound or
+ * unbound.
*
* This represents the internal data structure which is used by the UDC-class
* to hold information about udc driver and gadget together.
@@ -48,6 +51,8 @@ struct usb_udc {
struct list_head list;
bool vbus;
bool started;
+ bool allow_connect;
+ struct work_struct vbus_work;
};
static struct class *udc_class;
@@ -679,7 +684,7 @@ int usb_gadget_connect(struct usb_gadget
goto out;
}
- if (gadget->deactivated) {
+ if (gadget->deactivated || !gadget->udc->allow_connect) {
/*
* If gadget is deactivated we only save new state.
* Gadget will be connected automatically after activation.
@@ -1059,6 +1064,13 @@ static void usb_udc_connect_control(stru
usb_gadget_disconnect(udc->gadget);
}
+static void vbus_event_work(struct work_struct *work)
+{
+ struct usb_udc *udc = container_of(work, struct usb_udc, vbus_work);
+
+ usb_udc_connect_control(udc);
+}
+
/**
* usb_udc_vbus_handler - updates the udc core vbus status, and try to
* connect or disconnect gadget
@@ -1067,6 +1079,14 @@ static void usb_udc_connect_control(stru
*
* The udc driver calls it when it wants to connect or disconnect gadget
* according to vbus status.
+ *
+ * This function can be invoked from interrupt context by irq handlers of
+ * the gadget drivers, however, usb_udc_connect_control() has to run in
+ * non-atomic context due to the following:
+ * a. Some of the gadget driver implementations expect the ->pullup
+ * callback to be invoked in non-atomic context.
+ * b. usb_gadget_disconnect() acquires udc_lock which is a mutex.
+ * Hence offload invocation of usb_udc_connect_control() to workqueue.
*/
void usb_udc_vbus_handler(struct usb_gadget *gadget, bool status)
{
@@ -1074,7 +1094,7 @@ void usb_udc_vbus_handler(struct usb_gad
if (udc) {
udc->vbus = status;
- usb_udc_connect_control(udc);
+ schedule_work(&udc->vbus_work);
}
}
EXPORT_SYMBOL_GPL(usb_udc_vbus_handler);
@@ -1301,6 +1321,7 @@ int usb_add_gadget(struct usb_gadget *ga
mutex_lock(&udc_lock);
list_add_tail(&udc->list, &udc_list);
mutex_unlock(&udc_lock);
+ INIT_WORK(&udc->vbus_work, vbus_event_work);
ret = device_add(&udc->dev);
if (ret)
@@ -1432,6 +1453,7 @@ void usb_del_gadget(struct usb_gadget *g
flush_work(&gadget->work);
device_del(&gadget->dev);
ida_free(&gadget_id_numbers, gadget->id_number);
+ cancel_work_sync(&udc->vbus_work);
device_unregister(&udc->dev);
}
EXPORT_SYMBOL_GPL(usb_del_gadget);
@@ -1500,6 +1522,7 @@ static int gadget_bind_driver(struct dev
if (ret)
goto err_start;
usb_gadget_enable_async_callbacks(udc);
+ udc->allow_connect = true;
usb_udc_connect_control(udc);
kobject_uevent(&udc->dev.kobj, KOBJ_CHANGE);
@@ -1531,6 +1554,8 @@ static void gadget_unbind_driver(struct
kobject_uevent(&udc->dev.kobj, KOBJ_CHANGE);
+ udc->allow_connect = false;
+ cancel_work_sync(&udc->vbus_work);
usb_gadget_disconnect(gadget);
usb_gadget_disable_async_callbacks(udc);
if (gadget->irq)
^ permalink raw reply [flat|nested] 200+ messages in thread
* [PATCH 6.3 103/187] usb: gadget: udc: core: Prevent soft_connect_store() race
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (101 preceding siblings ...)
2023-06-19 10:28 ` [PATCH 6.3 102/187] usb: gadget: udc: core: Offload usb_udc_vbus_handler processing Greg Kroah-Hartman
@ 2023-06-19 10:28 ` Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 104/187] usb: gadget: udc: renesas_usb3: Fix RZ/V2M {modprobe,bind} error Greg Kroah-Hartman
` (95 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:28 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Badhri Jagan Sridharan, Alan Stern
From: Badhri Jagan Sridharan <badhri@google.com>
commit 286d9975a838d0a54da049765fa1d1fb96b89682 upstream.
usb_udc_connect_control(), soft_connect_store() and
usb_gadget_deactivate() can potentially race against each other to invoke
usb_gadget_connect()/usb_gadget_disconnect(). To prevent this, guard
udc->started, gadget->allow_connect, gadget->deactivate and
gadget->connect with connect_lock so that ->pullup() is only invoked when
the gadget is bound, started and not deactivated. The routines
usb_gadget_connect_locked(), usb_gadget_disconnect_locked(),
usb_udc_connect_control_locked(), usb_gadget_udc_start_locked(),
usb_gadget_udc_stop_locked() are called with this lock held.
An earlier version of this commit was reverted due to the crash reported in
https://lore.kernel.org/all/ZF4BvgsOyoKxdPFF@francesco-nb.int.toradex.com/.
commit 16737e78d190 ("usb: gadget: udc: core: Offload usb_udc_vbus_handler processing")
addresses the crash reported.
Cc: stable@vger.kernel.org
Fixes: 628ef0d273a6 ("usb: udc: add usb_udc_vbus_handler")
Signed-off-by: Badhri Jagan Sridharan <badhri@google.com>
Reviewed-by: Alan Stern <stern@rowland.harvard.edu>
Message-ID: <20230609010227.978661-2-badhri@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/gadget/udc/core.c | 155 ++++++++++++++++++++++++++++--------------
1 file changed, 106 insertions(+), 49 deletions(-)
--- a/drivers/usb/gadget/udc/core.c
+++ b/drivers/usb/gadget/udc/core.c
@@ -40,6 +40,11 @@ static struct bus_type gadget_bus_type;
* @allow_connect: Indicates whether UDC is allowed to be pulled up.
* Set/cleared by gadget_(un)bind_driver() after gadget driver is bound or
* unbound.
+ * @connect_lock: protects udc->started, gadget->connect,
+ * gadget->allow_connect and gadget->deactivate. The routines
+ * usb_gadget_connect_locked(), usb_gadget_disconnect_locked(),
+ * usb_udc_connect_control_locked(), usb_gadget_udc_start_locked() and
+ * usb_gadget_udc_stop_locked() are called with this lock held.
*
* This represents the internal data structure which is used by the UDC-class
* to hold information about udc driver and gadget together.
@@ -53,6 +58,7 @@ struct usb_udc {
bool started;
bool allow_connect;
struct work_struct vbus_work;
+ struct mutex connect_lock;
};
static struct class *udc_class;
@@ -665,17 +671,8 @@ out:
}
EXPORT_SYMBOL_GPL(usb_gadget_vbus_disconnect);
-/**
- * usb_gadget_connect - software-controlled connect to USB host
- * @gadget:the peripheral being connected
- *
- * Enables the D+ (or potentially D-) pullup. The host will start
- * enumerating this gadget when the pullup is active and a VBUS session
- * is active (the link is powered).
- *
- * Returns zero on success, else negative errno.
- */
-int usb_gadget_connect(struct usb_gadget *gadget)
+static int usb_gadget_connect_locked(struct usb_gadget *gadget)
+ __must_hold(&gadget->udc->connect_lock)
{
int ret = 0;
@@ -684,10 +681,12 @@ int usb_gadget_connect(struct usb_gadget
goto out;
}
- if (gadget->deactivated || !gadget->udc->allow_connect) {
+ if (gadget->deactivated || !gadget->udc->allow_connect || !gadget->udc->started) {
/*
- * If gadget is deactivated we only save new state.
- * Gadget will be connected automatically after activation.
+ * If the gadget isn't usable (because it is deactivated,
+ * unbound, or not yet started), we only save the new state.
+ * The gadget will be connected automatically when it is
+ * activated/bound/started.
*/
gadget->connected = true;
goto out;
@@ -702,22 +701,31 @@ out:
return ret;
}
-EXPORT_SYMBOL_GPL(usb_gadget_connect);
/**
- * usb_gadget_disconnect - software-controlled disconnect from USB host
- * @gadget:the peripheral being disconnected
- *
- * Disables the D+ (or potentially D-) pullup, which the host may see
- * as a disconnect (when a VBUS session is active). Not all systems
- * support software pullup controls.
+ * usb_gadget_connect - software-controlled connect to USB host
+ * @gadget:the peripheral being connected
*
- * Following a successful disconnect, invoke the ->disconnect() callback
- * for the current gadget driver so that UDC drivers don't need to.
+ * Enables the D+ (or potentially D-) pullup. The host will start
+ * enumerating this gadget when the pullup is active and a VBUS session
+ * is active (the link is powered).
*
* Returns zero on success, else negative errno.
*/
-int usb_gadget_disconnect(struct usb_gadget *gadget)
+int usb_gadget_connect(struct usb_gadget *gadget)
+{
+ int ret;
+
+ mutex_lock(&gadget->udc->connect_lock);
+ ret = usb_gadget_connect_locked(gadget);
+ mutex_unlock(&gadget->udc->connect_lock);
+
+ return ret;
+}
+EXPORT_SYMBOL_GPL(usb_gadget_connect);
+
+static int usb_gadget_disconnect_locked(struct usb_gadget *gadget)
+ __must_hold(&gadget->udc->connect_lock)
{
int ret = 0;
@@ -729,7 +737,7 @@ int usb_gadget_disconnect(struct usb_gad
if (!gadget->connected)
goto out;
- if (gadget->deactivated) {
+ if (gadget->deactivated || !gadget->udc->started) {
/*
* If gadget is deactivated we only save new state.
* Gadget will stay disconnected after activation.
@@ -752,6 +760,30 @@ out:
return ret;
}
+
+/**
+ * usb_gadget_disconnect - software-controlled disconnect from USB host
+ * @gadget:the peripheral being disconnected
+ *
+ * Disables the D+ (or potentially D-) pullup, which the host may see
+ * as a disconnect (when a VBUS session is active). Not all systems
+ * support software pullup controls.
+ *
+ * Following a successful disconnect, invoke the ->disconnect() callback
+ * for the current gadget driver so that UDC drivers don't need to.
+ *
+ * Returns zero on success, else negative errno.
+ */
+int usb_gadget_disconnect(struct usb_gadget *gadget)
+{
+ int ret;
+
+ mutex_lock(&gadget->udc->connect_lock);
+ ret = usb_gadget_disconnect_locked(gadget);
+ mutex_unlock(&gadget->udc->connect_lock);
+
+ return ret;
+}
EXPORT_SYMBOL_GPL(usb_gadget_disconnect);
/**
@@ -769,13 +801,14 @@ int usb_gadget_deactivate(struct usb_gad
{
int ret = 0;
+ mutex_lock(&gadget->udc->connect_lock);
if (gadget->deactivated)
- goto out;
+ goto unlock;
if (gadget->connected) {
- ret = usb_gadget_disconnect(gadget);
+ ret = usb_gadget_disconnect_locked(gadget);
if (ret)
- goto out;
+ goto unlock;
/*
* If gadget was being connected before deactivation, we want
@@ -785,7 +818,8 @@ int usb_gadget_deactivate(struct usb_gad
}
gadget->deactivated = true;
-out:
+unlock:
+ mutex_unlock(&gadget->udc->connect_lock);
trace_usb_gadget_deactivate(gadget, ret);
return ret;
@@ -805,8 +839,9 @@ int usb_gadget_activate(struct usb_gadge
{
int ret = 0;
+ mutex_lock(&gadget->udc->connect_lock);
if (!gadget->deactivated)
- goto out;
+ goto unlock;
gadget->deactivated = false;
@@ -815,9 +850,11 @@ int usb_gadget_activate(struct usb_gadge
* while it was being deactivated, we call usb_gadget_connect().
*/
if (gadget->connected)
- ret = usb_gadget_connect(gadget);
+ ret = usb_gadget_connect_locked(gadget);
+ mutex_unlock(&gadget->udc->connect_lock);
-out:
+unlock:
+ mutex_unlock(&gadget->udc->connect_lock);
trace_usb_gadget_activate(gadget, ret);
return ret;
@@ -1056,19 +1093,22 @@ EXPORT_SYMBOL_GPL(usb_gadget_set_state);
/* ------------------------------------------------------------------------- */
-static void usb_udc_connect_control(struct usb_udc *udc)
+/* Acquire connect_lock before calling this function. */
+static void usb_udc_connect_control_locked(struct usb_udc *udc) __must_hold(&udc->connect_lock)
{
if (udc->vbus)
- usb_gadget_connect(udc->gadget);
+ usb_gadget_connect_locked(udc->gadget);
else
- usb_gadget_disconnect(udc->gadget);
+ usb_gadget_disconnect_locked(udc->gadget);
}
static void vbus_event_work(struct work_struct *work)
{
struct usb_udc *udc = container_of(work, struct usb_udc, vbus_work);
- usb_udc_connect_control(udc);
+ mutex_lock(&udc->connect_lock);
+ usb_udc_connect_control_locked(udc);
+ mutex_unlock(&udc->connect_lock);
}
/**
@@ -1117,7 +1157,7 @@ void usb_gadget_udc_reset(struct usb_gad
EXPORT_SYMBOL_GPL(usb_gadget_udc_reset);
/**
- * usb_gadget_udc_start - tells usb device controller to start up
+ * usb_gadget_udc_start_locked - tells usb device controller to start up
* @udc: The UDC to be started
*
* This call is issued by the UDC Class driver when it's about
@@ -1128,8 +1168,11 @@ EXPORT_SYMBOL_GPL(usb_gadget_udc_reset);
* necessary to have it powered on.
*
* Returns zero on success, else negative errno.
+ *
+ * Caller should acquire connect_lock before invoking this function.
*/
-static inline int usb_gadget_udc_start(struct usb_udc *udc)
+static inline int usb_gadget_udc_start_locked(struct usb_udc *udc)
+ __must_hold(&udc->connect_lock)
{
int ret;
@@ -1146,7 +1189,7 @@ static inline int usb_gadget_udc_start(s
}
/**
- * usb_gadget_udc_stop - tells usb device controller we don't need it anymore
+ * usb_gadget_udc_stop_locked - tells usb device controller we don't need it anymore
* @udc: The UDC to be stopped
*
* This call is issued by the UDC Class driver after calling
@@ -1155,8 +1198,11 @@ static inline int usb_gadget_udc_start(s
* The details are implementation specific, but it can go as
* far as powering off UDC completely and disable its data
* line pullups.
+ *
+ * Caller should acquire connect lock before invoking this function.
*/
-static inline void usb_gadget_udc_stop(struct usb_udc *udc)
+static inline void usb_gadget_udc_stop_locked(struct usb_udc *udc)
+ __must_hold(&udc->connect_lock)
{
if (!udc->started) {
dev_err(&udc->dev, "UDC had already stopped\n");
@@ -1315,6 +1361,7 @@ int usb_add_gadget(struct usb_gadget *ga
udc->gadget = gadget;
gadget->udc = udc;
+ mutex_init(&udc->connect_lock);
udc->started = false;
@@ -1518,12 +1565,16 @@ static int gadget_bind_driver(struct dev
if (ret)
goto err_bind;
- ret = usb_gadget_udc_start(udc);
- if (ret)
+ mutex_lock(&udc->connect_lock);
+ ret = usb_gadget_udc_start_locked(udc);
+ if (ret) {
+ mutex_unlock(&udc->connect_lock);
goto err_start;
+ }
usb_gadget_enable_async_callbacks(udc);
udc->allow_connect = true;
- usb_udc_connect_control(udc);
+ usb_udc_connect_control_locked(udc);
+ mutex_unlock(&udc->connect_lock);
kobject_uevent(&udc->dev.kobj, KOBJ_CHANGE);
return 0;
@@ -1556,12 +1607,14 @@ static void gadget_unbind_driver(struct
udc->allow_connect = false;
cancel_work_sync(&udc->vbus_work);
- usb_gadget_disconnect(gadget);
+ mutex_lock(&udc->connect_lock);
+ usb_gadget_disconnect_locked(gadget);
usb_gadget_disable_async_callbacks(udc);
if (gadget->irq)
synchronize_irq(gadget->irq);
udc->driver->unbind(gadget);
- usb_gadget_udc_stop(udc);
+ usb_gadget_udc_stop_locked(udc);
+ mutex_unlock(&udc->connect_lock);
mutex_lock(&udc_lock);
driver->is_bound = false;
@@ -1647,11 +1700,15 @@ static ssize_t soft_connect_store(struct
}
if (sysfs_streq(buf, "connect")) {
- usb_gadget_udc_start(udc);
- usb_gadget_connect(udc->gadget);
+ mutex_lock(&udc->connect_lock);
+ usb_gadget_udc_start_locked(udc);
+ usb_gadget_connect_locked(udc->gadget);
+ mutex_unlock(&udc->connect_lock);
} else if (sysfs_streq(buf, "disconnect")) {
- usb_gadget_disconnect(udc->gadget);
- usb_gadget_udc_stop(udc);
+ mutex_lock(&udc->connect_lock);
+ usb_gadget_disconnect_locked(udc->gadget);
+ usb_gadget_udc_stop_locked(udc);
+ mutex_unlock(&udc->connect_lock);
} else {
dev_err(dev, "unsupported command '%s'\n", buf);
ret = -EINVAL;
^ permalink raw reply [flat|nested] 200+ messages in thread
* [PATCH 6.3 104/187] usb: gadget: udc: renesas_usb3: Fix RZ/V2M {modprobe,bind} error
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (102 preceding siblings ...)
2023-06-19 10:28 ` [PATCH 6.3 103/187] usb: gadget: udc: core: Prevent soft_connect_store() race Greg Kroah-Hartman
@ 2023-06-19 10:28 ` Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 105/187] USB: dwc3: qcom: fix NULL-deref on suspend Greg Kroah-Hartman
` (94 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:28 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, stable, Biju Das, Geert Uytterhoeven
From: Biju Das <biju.das.jz@bp.renesas.com>
commit 3e6ac852fbc71a234de24b5455086f6b98d3d958 upstream.
Currently {modprobe, bind} after {rmmod, unbind} results in probe failure.
genirq: Flags mismatch irq 22. 00000004 (85070400.usb3drd) vs. 00000004 (85070400.usb3drd)
renesas_usb3: probe of 85070000.usb3peri failed with error -16
The reason is, it is trying to register an interrupt handler for the same
IRQ twice. The devm_request_irq() was called with the parent device.
So the interrupt handler won't be unregistered when the usb3-peri device
is unbound.
Fix this issue by replacing "parent dev"->"dev" as the irq resource
is managed by this driver.
Fixes: 9cad72dfc556 ("usb: gadget: Add support for RZ/V2M USB3DRD driver")
Cc: stable <stable@kernel.org>
Signed-off-by: Biju Das <biju.das.jz@bp.renesas.com>
Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
Message-ID: <20230530161720.179927-1-biju.das.jz@bp.renesas.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/gadget/udc/renesas_usb3.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/usb/gadget/udc/renesas_usb3.c
+++ b/drivers/usb/gadget/udc/renesas_usb3.c
@@ -2898,9 +2898,9 @@ static int renesas_usb3_probe(struct pla
struct rzv2m_usb3drd *ddata = dev_get_drvdata(pdev->dev.parent);
usb3->drd_reg = ddata->reg;
- ret = devm_request_irq(ddata->dev, ddata->drd_irq,
+ ret = devm_request_irq(&pdev->dev, ddata->drd_irq,
renesas_usb3_otg_irq, 0,
- dev_name(ddata->dev), usb3);
+ dev_name(&pdev->dev), usb3);
if (ret < 0)
return ret;
}
^ permalink raw reply [flat|nested] 200+ messages in thread
* [PATCH 6.3 105/187] USB: dwc3: qcom: fix NULL-deref on suspend
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (103 preceding siblings ...)
2023-06-19 10:28 ` [PATCH 6.3 104/187] usb: gadget: udc: renesas_usb3: Fix RZ/V2M {modprobe,bind} error Greg Kroah-Hartman
@ 2023-06-19 10:28 ` Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 106/187] USB: dwc3: fix use-after-free on core driver unbind Greg Kroah-Hartman
` (93 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Manivannan Sadhasivam,
Sandeep Maheswaram, Krishna Kurapati, Johan Hovold, Thinh Nguyen
From: Johan Hovold <johan+linaro@kernel.org>
commit d2d69354226de0b333d4405981f3d9c41ba8430a upstream.
The Qualcomm dwc3 glue driver is currently accessing the driver data of
the child core device during suspend and on wakeup interrupts. This is
clearly a bad idea as the child may not have probed yet or could have
been unbound from its driver.
The first such layering violation was part of the initial version of the
driver, but this was later made worse when the hack that accesses the
driver data of the grand child xhci device to configure the wakeup
interrupts was added.
Fixing this properly is not that easily done, so add a sanity check to
make sure that the child driver data is non-NULL before dereferencing it
for now.
Note that this relies on subtleties like the fact that driver core is
making sure that the parent is not suspended while the child is probing.
Reported-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Link: https://lore.kernel.org/all/20230325165217.31069-4-manivannan.sadhasivam@linaro.org/
Fixes: d9152161b4bf ("usb: dwc3: Add Qualcomm DWC3 glue layer driver")
Fixes: 6895ea55c385 ("usb: dwc3: qcom: Configure wakeup interrupts during suspend")
Cc: stable@vger.kernel.org # 3.18: a872ab303d5d: "usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup"
Cc: Sandeep Maheswaram <quic_c_sanm@quicinc.com>
Cc: Krishna Kurapati <quic_kriskura@quicinc.com>
Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
Acked-by: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Message-ID: <20230607100540.31045-2-johan+linaro@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/dwc3/dwc3-qcom.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
--- a/drivers/usb/dwc3/dwc3-qcom.c
+++ b/drivers/usb/dwc3/dwc3-qcom.c
@@ -308,7 +308,16 @@ static void dwc3_qcom_interconnect_exit(
/* Only usable in contexts where the role can not change. */
static bool dwc3_qcom_is_host(struct dwc3_qcom *qcom)
{
- struct dwc3 *dwc = platform_get_drvdata(qcom->dwc3);
+ struct dwc3 *dwc;
+
+ /*
+ * FIXME: Fix this layering violation.
+ */
+ dwc = platform_get_drvdata(qcom->dwc3);
+
+ /* Core driver may not have probed yet. */
+ if (!dwc)
+ return false;
return dwc->xhci;
}
^ permalink raw reply [flat|nested] 200+ messages in thread
* [PATCH 6.3 106/187] USB: dwc3: fix use-after-free on core driver unbind
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (104 preceding siblings ...)
2023-06-19 10:28 ` [PATCH 6.3 105/187] USB: dwc3: qcom: fix NULL-deref on suspend Greg Kroah-Hartman
@ 2023-06-19 10:28 ` Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 107/187] usb: dwc3: gadget: Reset num TRBs before giving back the request Greg Kroah-Hartman
` (92 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Li Jun, Sandeep Maheswaram,
Krishna Kurapati, Johan Hovold, Thinh Nguyen,
Manivannan Sadhasivam
From: Johan Hovold <johan+linaro@kernel.org>
commit e3dbb657571509044be15184a13134fa7c1fdca1 upstream.
Some dwc3 glue drivers are currently accessing the driver data of the
child core device directly, which is clearly a bad idea as the child may
not have probed yet or may have been unbound from its driver.
As a workaround until the glue drivers have been fixed, clear the driver
data pointer before allowing the glue parent device to runtime suspend
to prevent its driver from accessing data that has been freed during
unbind.
Fixes: 6dd2565989b4 ("usb: dwc3: add imx8mp dwc3 glue layer driver")
Fixes: 6895ea55c385 ("usb: dwc3: qcom: Configure wakeup interrupts during suspend")
Cc: stable@vger.kernel.org # 5.12
Cc: Li Jun <jun.li@nxp.com>
Cc: Sandeep Maheswaram <quic_c_sanm@quicinc.com>
Cc: Krishna Kurapati <quic_kriskura@quicinc.com>
Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
Acked-by: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Message-ID: <20230607100540.31045-3-johan+linaro@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/dwc3/core.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/drivers/usb/dwc3/core.c
+++ b/drivers/usb/dwc3/core.c
@@ -1982,6 +1982,11 @@ static int dwc3_remove(struct platform_d
pm_runtime_allow(&pdev->dev);
pm_runtime_disable(&pdev->dev);
pm_runtime_put_noidle(&pdev->dev);
+ /*
+ * HACK: Clear the driver data, which is currently accessed by parent
+ * glue drivers, before allowing the parent to suspend.
+ */
+ platform_set_drvdata(pdev, NULL);
pm_runtime_set_suspended(&pdev->dev);
dwc3_free_event_buffers(dwc);
^ permalink raw reply [flat|nested] 200+ messages in thread
* [PATCH 6.3 107/187] usb: dwc3: gadget: Reset num TRBs before giving back the request
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (105 preceding siblings ...)
2023-06-19 10:28 ` [PATCH 6.3 106/187] USB: dwc3: fix use-after-free on core driver unbind Greg Kroah-Hartman
@ 2023-06-19 10:28 ` Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 108/187] RDMA/rtrs: Fix the last iu->buf leak in err path Greg Kroah-Hartman
` (91 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:28 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, stable, Elson Roy Serrao,
Thinh Nguyen
From: Elson Roy Serrao <quic_eserrao@quicinc.com>
commit 00f8205ffcf112dcef14f8151d78075d38d22c08 upstream.
Consider a scenario where cable disconnect happens when there is an active
usb reqest queued to the UDC. As part of the disconnect we would issue an
end transfer with no interrupt-on-completion before giving back this
request. Since we are giving back the request without skipping TRBs the
num_trbs field of dwc3_request still holds the stale value previously used.
Function drivers re-use same request for a given bind-unbind session and
hence their dwc3_request context gets preserved across cable
disconnect/connect. When such a request gets re-queued after cable connect,
we would increase the num_trbs field on top of the previous stale value
thus incorrectly representing the number of TRBs used. Fix this by
resetting num_trbs field before giving back the request.
Fixes: 09fe1f8d7e2f ("usb: dwc3: gadget: track number of TRBs per request")
Cc: stable <stable@kernel.org>
Signed-off-by: Elson Roy Serrao <quic_eserrao@quicinc.com>
Acked-by: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
Message-ID: <1685654850-8468-1-git-send-email-quic_eserrao@quicinc.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/dwc3/gadget.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/usb/dwc3/gadget.c
+++ b/drivers/usb/dwc3/gadget.c
@@ -180,6 +180,7 @@ static void dwc3_gadget_del_and_unmap_re
list_del(&req->list);
req->remaining = 0;
req->needs_extra_trb = false;
+ req->num_trbs = 0;
if (req->request.status == -EINPROGRESS)
req->request.status = status;
^ permalink raw reply [flat|nested] 200+ messages in thread
* [PATCH 6.3 108/187] RDMA/rtrs: Fix the last iu->buf leak in err path
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (106 preceding siblings ...)
2023-06-19 10:28 ` [PATCH 6.3 107/187] usb: dwc3: gadget: Reset num TRBs before giving back the request Greg Kroah-Hartman
@ 2023-06-19 10:28 ` Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 109/187] RDMA/rtrs: Fix rxe_dealloc_pd warning Greg Kroah-Hartman
` (90 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Li Zhijian, Guoqing Jiang, Jack Wang,
Jason Gunthorpe, Sasha Levin
From: Li Zhijian <lizhijian@fujitsu.com>
[ Upstream commit 3bf3a7c6985c625f64e73baefdaa36f1c2045a29 ]
The last iu->buf will leak if ib_dma_mapping_error() fails.
Fixes: c0894b3ea69d ("RDMA/rtrs: core: lib functions shared between client and server modules")
Link: https://lore.kernel.org/r/1682384563-2-3-git-send-email-lizhijian@fujitsu.com
Signed-off-by: Li Zhijian <lizhijian@fujitsu.com>
Acked-by: Guoqing Jiang <guoqing.jiang@linux.dev>
Acked-by: Jack Wang <jinpu.wang@ionos.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/ulp/rtrs/rtrs.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/infiniband/ulp/rtrs/rtrs.c b/drivers/infiniband/ulp/rtrs/rtrs.c
index 4bf9d868cc522..3696f367ff515 100644
--- a/drivers/infiniband/ulp/rtrs/rtrs.c
+++ b/drivers/infiniband/ulp/rtrs/rtrs.c
@@ -37,8 +37,10 @@ struct rtrs_iu *rtrs_iu_alloc(u32 iu_num, size_t size, gfp_t gfp_mask,
goto err;
iu->dma_addr = ib_dma_map_single(dma_dev, iu->buf, size, dir);
- if (ib_dma_mapping_error(dma_dev, iu->dma_addr))
+ if (ib_dma_mapping_error(dma_dev, iu->dma_addr)) {
+ kfree(iu->buf);
goto err;
+ }
iu->cqe.done = done;
iu->size = size;
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 109/187] RDMA/rtrs: Fix rxe_dealloc_pd warning
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (107 preceding siblings ...)
2023-06-19 10:28 ` [PATCH 6.3 108/187] RDMA/rtrs: Fix the last iu->buf leak in err path Greg Kroah-Hartman
@ 2023-06-19 10:28 ` Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 110/187] RDMA/rxe: Fix packet length checks Greg Kroah-Hartman
` (89 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Li Zhijian, Jack Wang,
Jason Gunthorpe, Sasha Levin
From: Li Zhijian <lizhijian@fujitsu.com>
[ Upstream commit 9c29c8c7df0688f358d2df5ddd16c97c2f7292b4 ]
In current design:
1. PD and clt_path->s.dev are shared among connections.
2. every con[n]'s cleanup phase will call destroy_con_cq_qp()
3. clt_path->s.dev will be always decreased in destroy_con_cq_qp(), and
when clt_path->s.dev become zero, it will destroy PD.
4. when con[1] failed to create, con[1] will not take clt_path->s.dev,
but it try to decreased clt_path->s.dev
So, in case create_cm(con[0]) succeeds but create_cm(con[1]) fails,
destroy_con_cq_qp(con[1]) will be called first which will destroy the PD
while this PD is still taken by con[0].
Here, we refactor the error path of create_cm() and init_conns(), so that
we do the cleanup in the order they are created.
The warning occurs when destroying RXE PD whose reference count is not
zero.
rnbd_client L597: Mapping device /dev/nvme0n1 on session client, (access_mode: rw, nr_poll_queues: 0)
------------[ cut here ]------------
WARNING: CPU: 0 PID: 26407 at drivers/infiniband/sw/rxe/rxe_pool.c:256 __rxe_cleanup+0x13a/0x170 [rdma_rxe]
Modules linked in: rpcrdma rdma_ucm ib_iser rnbd_client libiscsi rtrs_client scsi_transport_iscsi rtrs_core rdma_cm iw_cm ib_cm crc32_generic rdma_rxe udp_tunnel ib_uverbs ib_core kmem device_dax nd_pmem dax_pmem nd_vme crc32c_intel fuse nvme_core nfit libnvdimm dm_multipath scsi_dh_rdac scsi_dh_emc scsi_dh_alua dm_mirror dm_region_hash dm_log dm_mod
CPU: 0 PID: 26407 Comm: rnbd-client.sh Kdump: loaded Not tainted 6.2.0-rc6-roce-flush+ #53
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014
RIP: 0010:__rxe_cleanup+0x13a/0x170 [rdma_rxe]
Code: 45 84 e4 0f 84 5a ff ff ff 48 89 ef e8 5f 18 71 f9 84 c0 75 90 be c8 00 00 00 48 89 ef e8 be 89 1f fa 85 c0 0f 85 7b ff ff ff <0f> 0b 41 bc ea ff ff ff e9 71 ff ff ff e8 84 7f 1f fa e9 d0 fe ff
RSP: 0018:ffffb09880b6f5f0 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffff99401f15d6a8 RCX: 0000000000000000
RDX: 0000000000000001 RSI: ffffffffbac8234b RDI: 00000000ffffffff
RBP: ffff99401f15d6d0 R08: 0000000000000001 R09: 0000000000000001
R10: 0000000000002d82 R11: 0000000000000000 R12: 0000000000000001
R13: ffff994101eff208 R14: ffffb09880b6f6a0 R15: 00000000fffffe00
FS: 00007fe113904740(0000) GS:ffff99413bc00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ff6cde656c8 CR3: 000000001f108004 CR4: 00000000001706f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
rxe_dealloc_pd+0x16/0x20 [rdma_rxe]
ib_dealloc_pd_user+0x4b/0x80 [ib_core]
rtrs_ib_dev_put+0x79/0xd0 [rtrs_core]
destroy_con_cq_qp+0x8a/0xa0 [rtrs_client]
init_path+0x1e7/0x9a0 [rtrs_client]
? __pfx_autoremove_wake_function+0x10/0x10
? lock_is_held_type+0xd7/0x130
? rcu_read_lock_sched_held+0x43/0x80
? pcpu_alloc+0x3dd/0x7d0
? rtrs_clt_init_stats+0x18/0x40 [rtrs_client]
rtrs_clt_open+0x24f/0x5a0 [rtrs_client]
? __pfx_rnbd_clt_link_ev+0x10/0x10 [rnbd_client]
rnbd_clt_map_device+0x6a5/0xe10 [rnbd_client]
Fixes: 6a98d71daea1 ("RDMA/rtrs: client: main functionality")
Link: https://lore.kernel.org/r/1682384563-2-4-git-send-email-lizhijian@fujitsu.com
Signed-off-by: Li Zhijian <lizhijian@fujitsu.com>
Acked-by: Jack Wang <jinpu.wang@ionos.com>
Tested-by: Jack Wang <jinpu.wang@ionos.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/ulp/rtrs/rtrs-clt.c | 55 +++++++++++---------------
1 file changed, 23 insertions(+), 32 deletions(-)
diff --git a/drivers/infiniband/ulp/rtrs/rtrs-clt.c b/drivers/infiniband/ulp/rtrs/rtrs-clt.c
index 80abf45a197ac..047bbfb96e2cb 100644
--- a/drivers/infiniband/ulp/rtrs/rtrs-clt.c
+++ b/drivers/infiniband/ulp/rtrs/rtrs-clt.c
@@ -2040,6 +2040,7 @@ static int rtrs_clt_rdma_cm_handler(struct rdma_cm_id *cm_id,
return 0;
}
+/* The caller should do the cleanup in case of error */
static int create_cm(struct rtrs_clt_con *con)
{
struct rtrs_path *s = con->c.path;
@@ -2062,14 +2063,14 @@ static int create_cm(struct rtrs_clt_con *con)
err = rdma_set_reuseaddr(cm_id, 1);
if (err != 0) {
rtrs_err(s, "Set address reuse failed, err: %d\n", err);
- goto destroy_cm;
+ return err;
}
err = rdma_resolve_addr(cm_id, (struct sockaddr *)&clt_path->s.src_addr,
(struct sockaddr *)&clt_path->s.dst_addr,
RTRS_CONNECT_TIMEOUT_MS);
if (err) {
rtrs_err(s, "Failed to resolve address, err: %d\n", err);
- goto destroy_cm;
+ return err;
}
/*
* Combine connection status and session events. This is needed
@@ -2084,29 +2085,15 @@ static int create_cm(struct rtrs_clt_con *con)
if (err == 0)
err = -ETIMEDOUT;
/* Timedout or interrupted */
- goto errr;
- }
- if (con->cm_err < 0) {
- err = con->cm_err;
- goto errr;
+ return err;
}
- if (READ_ONCE(clt_path->state) != RTRS_CLT_CONNECTING) {
+ if (con->cm_err < 0)
+ return con->cm_err;
+ if (READ_ONCE(clt_path->state) != RTRS_CLT_CONNECTING)
/* Device removal */
- err = -ECONNABORTED;
- goto errr;
- }
+ return -ECONNABORTED;
return 0;
-
-errr:
- stop_cm(con);
- mutex_lock(&con->con_mutex);
- destroy_con_cq_qp(con);
- mutex_unlock(&con->con_mutex);
-destroy_cm:
- destroy_cm(con);
-
- return err;
}
static void rtrs_clt_path_up(struct rtrs_clt_path *clt_path)
@@ -2334,7 +2321,7 @@ static void rtrs_clt_close_work(struct work_struct *work)
static int init_conns(struct rtrs_clt_path *clt_path)
{
unsigned int cid;
- int err;
+ int err, i;
/*
* On every new session connections increase reconnect counter
@@ -2350,10 +2337,8 @@ static int init_conns(struct rtrs_clt_path *clt_path)
goto destroy;
err = create_cm(to_clt_con(clt_path->s.con[cid]));
- if (err) {
- destroy_con(to_clt_con(clt_path->s.con[cid]));
+ if (err)
goto destroy;
- }
}
err = alloc_path_reqs(clt_path);
if (err)
@@ -2364,15 +2349,21 @@ static int init_conns(struct rtrs_clt_path *clt_path)
return 0;
destroy:
- while (cid--) {
- struct rtrs_clt_con *con = to_clt_con(clt_path->s.con[cid]);
+ /* Make sure we do the cleanup in the order they are created */
+ for (i = 0; i <= cid; i++) {
+ struct rtrs_clt_con *con;
- stop_cm(con);
+ if (!clt_path->s.con[i])
+ break;
- mutex_lock(&con->con_mutex);
- destroy_con_cq_qp(con);
- mutex_unlock(&con->con_mutex);
- destroy_cm(con);
+ con = to_clt_con(clt_path->s.con[i]);
+ if (con->c.cm_id) {
+ stop_cm(con);
+ mutex_lock(&con->con_mutex);
+ destroy_con_cq_qp(con);
+ mutex_unlock(&con->con_mutex);
+ destroy_cm(con);
+ }
destroy_con(con);
}
/*
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 110/187] RDMA/rxe: Fix packet length checks
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (108 preceding siblings ...)
2023-06-19 10:28 ` [PATCH 6.3 109/187] RDMA/rtrs: Fix rxe_dealloc_pd warning Greg Kroah-Hartman
@ 2023-06-19 10:28 ` Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 111/187] RDMA/rxe: Fix ref count error in check_rkey() Greg Kroah-Hartman
` (88 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Bob Pearson, Jason Gunthorpe,
Sasha Levin
From: Bob Pearson <rpearsonhpe@gmail.com>
[ Upstream commit 9a3763e87379c97a78b7c6c6f40720b1e877174f ]
In rxe_net.c a received packet, from udp or loopback, is passed to
rxe_rcv() in rxe_recv.c as a udp packet. I.e. skb->data is pointing at the
udp header. But rxe_rcv() makes length checks to verify the packet is long
enough to hold the roce headers as if it were a roce
packet. I.e. skb->data pointing at the bth header. A runt packet would
appear to have 8 more bytes than it actually does which may lead to
incorrect behavior.
This patch calls skb_pull() to adjust the skb to point at the bth header
before calling rxe_rcv() which fixes this error.
Fixes: 8700e3e7c485 ("Soft RoCE driver")
Link: https://lore.kernel.org/r/20230517172242.1806340-1-rpearsonhpe@gmail.com
Signed-off-by: Bob Pearson <rpearsonhpe@gmail.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/sw/rxe/rxe_net.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/infiniband/sw/rxe/rxe_net.c b/drivers/infiniband/sw/rxe/rxe_net.c
index a2ace42e95366..e8403a70c6b74 100644
--- a/drivers/infiniband/sw/rxe/rxe_net.c
+++ b/drivers/infiniband/sw/rxe/rxe_net.c
@@ -159,6 +159,9 @@ static int rxe_udp_encap_recv(struct sock *sk, struct sk_buff *skb)
pkt->mask = RXE_GRH_MASK;
pkt->paylen = be16_to_cpu(udph->len) - sizeof(*udph);
+ /* remove udp header */
+ skb_pull(skb, sizeof(struct udphdr));
+
rxe_rcv(skb);
return 0;
@@ -401,6 +404,9 @@ static int rxe_loopback(struct sk_buff *skb, struct rxe_pkt_info *pkt)
return -EIO;
}
+ /* remove udp header */
+ skb_pull(skb, sizeof(struct udphdr));
+
rxe_rcv(skb);
return 0;
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 111/187] RDMA/rxe: Fix ref count error in check_rkey()
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (109 preceding siblings ...)
2023-06-19 10:28 ` [PATCH 6.3 110/187] RDMA/rxe: Fix packet length checks Greg Kroah-Hartman
@ 2023-06-19 10:28 ` Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 112/187] RDMA/bnxt_re: Fix reporting active_{speed,width} attributes Greg Kroah-Hartman
` (87 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Bob Pearson, Jason Gunthorpe,
Sasha Levin
From: Bob Pearson <rpearsonhpe@gmail.com>
[ Upstream commit b00683422fd79dd07c9b75efdce1660e5e19150e ]
There is a reference count error in error path code and a potential race
in check_rkey() in rxe_resp.c. When looking up the rkey for a memory
window the reference to the mw from rxe_lookup_mw() is dropped before a
reference is taken on the mr referenced by the mw. If the mr is destroyed
immediately after the call to rxe_put(mw) the mr pointer is unprotected
and may end up pointing at freed memory. The rxe_get(mr) call should take
place before the rxe_put(mw) call.
All errors in check_rkey() call rxe_put(mw) if mw is not NULL but it was
already called after the above. The mw pointer should be set to NULL after
the rxe_put(mw) call to prevent this from happening.
Fixes: cdd0b85675ae ("RDMA/rxe: Implement memory access through MWs")
Link: https://lore.kernel.org/r/20230517211509.1819998-1-rpearsonhpe@gmail.com
Signed-off-by: Bob Pearson <rpearsonhpe@gmail.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/sw/rxe/rxe_resp.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/infiniband/sw/rxe/rxe_resp.c b/drivers/infiniband/sw/rxe/rxe_resp.c
index 8c68340502769..4e8d8bec0010b 100644
--- a/drivers/infiniband/sw/rxe/rxe_resp.c
+++ b/drivers/infiniband/sw/rxe/rxe_resp.c
@@ -519,8 +519,9 @@ static enum resp_states check_rkey(struct rxe_qp *qp,
if (mw->access & IB_ZERO_BASED)
qp->resp.offset = mw->addr;
- rxe_put(mw);
rxe_get(mr);
+ rxe_put(mw);
+ mw = NULL;
} else {
mr = lookup_mr(qp->pd, access, rkey, RXE_LOOKUP_REMOTE);
if (!mr) {
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 112/187] RDMA/bnxt_re: Fix reporting active_{speed,width} attributes
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (110 preceding siblings ...)
2023-06-19 10:28 ` [PATCH 6.3 111/187] RDMA/rxe: Fix ref count error in check_rkey() Greg Kroah-Hartman
@ 2023-06-19 10:28 ` Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 113/187] spi: cadence-quadspi: Add missing check for dma_set_mask Greg Kroah-Hartman
` (86 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Kamal Heib, Selvin Xavier,
Jason Gunthorpe, Sasha Levin
From: Kamal Heib <kheib@redhat.com>
[ Upstream commit 18e7e3e4217083a682e2c7282011c70c8a1ba070 ]
After commit 6d758147c7b8 ("RDMA/bnxt_re: Use auxiliary driver interface")
the active_{speed, width} attributes are reported incorrectly, This is
happening because ib_get_eth_speed() is called only once from
bnxt_re_ib_init() - Fix this issue by calling ib_get_eth_speed() from
bnxt_re_query_port().
Fixes: 6d758147c7b8 ("RDMA/bnxt_re: Use auxiliary driver interface")
Link: https://lore.kernel.org/r/20230529153525.87254-1-kheib@redhat.com
Signed-off-by: Kamal Heib <kheib@redhat.com>
Acked-by: Selvin Xavier <selvin.xavier@broadcom.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/hw/bnxt_re/bnxt_re.h | 2 --
drivers/infiniband/hw/bnxt_re/ib_verbs.c | 7 ++++---
drivers/infiniband/hw/bnxt_re/main.c | 2 --
3 files changed, 4 insertions(+), 7 deletions(-)
diff --git a/drivers/infiniband/hw/bnxt_re/bnxt_re.h b/drivers/infiniband/hw/bnxt_re/bnxt_re.h
index 5a2baf49ecaa4..2c95e6f3d47ac 100644
--- a/drivers/infiniband/hw/bnxt_re/bnxt_re.h
+++ b/drivers/infiniband/hw/bnxt_re/bnxt_re.h
@@ -135,8 +135,6 @@ struct bnxt_re_dev {
struct delayed_work worker;
u8 cur_prio_map;
- u16 active_speed;
- u8 active_width;
/* FP Notification Queue (CQ & SRQ) */
struct tasklet_struct nq_task;
diff --git a/drivers/infiniband/hw/bnxt_re/ib_verbs.c b/drivers/infiniband/hw/bnxt_re/ib_verbs.c
index 94222de1d3719..584d6e64ca708 100644
--- a/drivers/infiniband/hw/bnxt_re/ib_verbs.c
+++ b/drivers/infiniband/hw/bnxt_re/ib_verbs.c
@@ -199,6 +199,7 @@ int bnxt_re_query_port(struct ib_device *ibdev, u32 port_num,
{
struct bnxt_re_dev *rdev = to_bnxt_re_dev(ibdev, ibdev);
struct bnxt_qplib_dev_attr *dev_attr = &rdev->dev_attr;
+ int rc;
memset(port_attr, 0, sizeof(*port_attr));
@@ -228,10 +229,10 @@ int bnxt_re_query_port(struct ib_device *ibdev, u32 port_num,
port_attr->sm_sl = 0;
port_attr->subnet_timeout = 0;
port_attr->init_type_reply = 0;
- port_attr->active_speed = rdev->active_speed;
- port_attr->active_width = rdev->active_width;
+ rc = ib_get_eth_speed(&rdev->ibdev, port_num, &port_attr->active_speed,
+ &port_attr->active_width);
- return 0;
+ return rc;
}
int bnxt_re_get_port_immutable(struct ib_device *ibdev, u32 port_num,
diff --git a/drivers/infiniband/hw/bnxt_re/main.c b/drivers/infiniband/hw/bnxt_re/main.c
index c5867e78f2319..85e36c9f8e797 100644
--- a/drivers/infiniband/hw/bnxt_re/main.c
+++ b/drivers/infiniband/hw/bnxt_re/main.c
@@ -1152,8 +1152,6 @@ static int bnxt_re_ib_init(struct bnxt_re_dev *rdev)
return rc;
}
dev_info(rdev_to_dev(rdev), "Device registered with IB successfully");
- ib_get_eth_speed(&rdev->ibdev, 1, &rdev->active_speed,
- &rdev->active_width);
set_bit(BNXT_RE_FLAG_ISSUE_ROCE_STATS, &rdev->flags);
event = netif_running(rdev->netdev) && netif_carrier_ok(rdev->netdev) ?
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 113/187] spi: cadence-quadspi: Add missing check for dma_set_mask
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (111 preceding siblings ...)
2023-06-19 10:28 ` [PATCH 6.3 112/187] RDMA/bnxt_re: Fix reporting active_{speed,width} attributes Greg Kroah-Hartman
@ 2023-06-19 10:28 ` Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 114/187] spi: fsl-dspi: avoid SCK glitches with continuous transfers Greg Kroah-Hartman
` (85 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:28 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Jiasheng Jiang, Mark Brown,
Sasha Levin
From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
[ Upstream commit 947c70a213769f60e9d5aca2bc88b50a1cfaf5a6 ]
Add check for dma_set_mask() and return the error if it fails.
Fixes: 1a6f854f7daa ("spi: cadence-quadspi: Add Xilinx Versal external DMA support")
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Link: https://lore.kernel.org/r/20230606093859.27818-1-jiasheng@iscas.ac.cn
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-cadence-quadspi.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/drivers/spi/spi-cadence-quadspi.c b/drivers/spi/spi-cadence-quadspi.c
index 8f36e1306e169..3fb85607fa4fa 100644
--- a/drivers/spi/spi-cadence-quadspi.c
+++ b/drivers/spi/spi-cadence-quadspi.c
@@ -1736,8 +1736,11 @@ static int cqspi_probe(struct platform_device *pdev)
cqspi->slow_sram = true;
if (of_device_is_compatible(pdev->dev.of_node,
- "xlnx,versal-ospi-1.0"))
- dma_set_mask(&pdev->dev, DMA_BIT_MASK(64));
+ "xlnx,versal-ospi-1.0")) {
+ ret = dma_set_mask(&pdev->dev, DMA_BIT_MASK(64));
+ if (ret)
+ goto probe_reset_failed;
+ }
}
ret = devm_request_irq(dev, irq, cqspi_irq_handler, 0,
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 114/187] spi: fsl-dspi: avoid SCK glitches with continuous transfers
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (112 preceding siblings ...)
2023-06-19 10:28 ` [PATCH 6.3 113/187] spi: cadence-quadspi: Add missing check for dma_set_mask Greg Kroah-Hartman
@ 2023-06-19 10:28 ` Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 115/187] regulator: qcom-rpmh: add support for pmm8654au regulators Greg Kroah-Hartman
` (84 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Lisa Chen , Vladimir Oltean,
Mark Brown, Sasha Levin
From: Vladimir Oltean <vladimir.oltean@nxp.com>
[ Upstream commit c5c31fb71f16ba75bad4ade208abbae225305b65 ]
The DSPI controller has configurable timing for
(a) tCSC: the interval between the assertion of the chip select and the
first clock edge
(b) tASC: the interval between the last clock edge and the deassertion
of the chip select
What is a bit surprising, but is documented in the figure "Example of
continuous transfer (CPHA=1, CONT=1)" in the datasheet, is that when the
chip select stays asserted between multiple TX FIFO writes, the tCSC and
tASC times still apply. With CONT=1, chip select remains asserted, but
SCK takes a break and goes to the idle state for tASC + tCSC ns.
In other words, the default values (of 0 and 0 ns) result in SCK
glitches where the SCK transition to the idle state, as well as the SCK
transition from the idle state, will have no delay in between, and it
may appear that a SCK cycle has simply gone missing. The resulting
timing violation might cause data corruption in many peripherals, as
their chip select is asserted.
The driver has device tree bindings for tCSC ("fsl,spi-cs-sck-delay")
and tASC ("fsl,spi-sck-cs-delay"), but these are only specified to apply
when the chip select toggles in the first place, and this timing
characteristic depends on each peripheral. Many peripherals do not have
explicit timing requirements, so many device trees do not have these
properties present at all.
Nonetheless, the lack of SCK glitches is a common sense requirement, and
since the SCK stays in the idle state during transfers for tCSC+tASC ns,
and that in itself should look like half a cycle, then let's ensure that
tCSC and tASC are at least a quarter of a SCK period, such that their
sum is at least half of one.
Fixes: 95bf15f38641 ("spi: fsl-dspi: Add ~50ns delay between cs and sck")
Reported-by: Lisa Chen (陈敏捷) <minjie.chen@geekplus.com>
Debugged-by: Lisa Chen (陈敏捷) <minjie.chen@geekplus.com>
Tested-by: Lisa Chen (陈敏捷) <minjie.chen@geekplus.com>
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Link: https://lore.kernel.org/r/20230529223402.1199503-1-vladimir.oltean@nxp.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-fsl-dspi.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/drivers/spi/spi-fsl-dspi.c b/drivers/spi/spi-fsl-dspi.c
index e419642eb10e5..0da5c6ec46fb1 100644
--- a/drivers/spi/spi-fsl-dspi.c
+++ b/drivers/spi/spi-fsl-dspi.c
@@ -1002,7 +1002,9 @@ static int dspi_transfer_one_message(struct spi_controller *ctlr,
static int dspi_setup(struct spi_device *spi)
{
struct fsl_dspi *dspi = spi_controller_get_devdata(spi->controller);
+ u32 period_ns = DIV_ROUND_UP(NSEC_PER_SEC, spi->max_speed_hz);
unsigned char br = 0, pbr = 0, pcssck = 0, cssck = 0;
+ u32 quarter_period_ns = DIV_ROUND_UP(period_ns, 4);
u32 cs_sck_delay = 0, sck_cs_delay = 0;
struct fsl_dspi_platform_data *pdata;
unsigned char pasc = 0, asc = 0;
@@ -1031,6 +1033,19 @@ static int dspi_setup(struct spi_device *spi)
sck_cs_delay = pdata->sck_cs_delay;
}
+ /* Since tCSC and tASC apply to continuous transfers too, avoid SCK
+ * glitches of half a cycle by never allowing tCSC + tASC to go below
+ * half a SCK period.
+ */
+ if (cs_sck_delay < quarter_period_ns)
+ cs_sck_delay = quarter_period_ns;
+ if (sck_cs_delay < quarter_period_ns)
+ sck_cs_delay = quarter_period_ns;
+
+ dev_dbg(&spi->dev,
+ "DSPI controller timing params: CS-to-SCK delay %u ns, SCK-to-CS delay %u ns\n",
+ cs_sck_delay, sck_cs_delay);
+
clkrate = clk_get_rate(dspi->clk);
hz_to_spi_baud(&pbr, &br, spi->max_speed_hz, clkrate);
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 115/187] regulator: qcom-rpmh: add support for pmm8654au regulators
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (113 preceding siblings ...)
2023-06-19 10:28 ` [PATCH 6.3 114/187] spi: fsl-dspi: avoid SCK glitches with continuous transfers Greg Kroah-Hartman
@ 2023-06-19 10:28 ` Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 116/187] regulator: qcom-rpmh: Fix regulators for PM8550 Greg Kroah-Hartman
` (83 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Bartosz Golaszewski, Konrad Dybcio,
Mark Brown, Sasha Levin
From: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
[ Upstream commit 65f1b1dc0cc90236ed9be3970f4a763e853f3aab ]
Add the RPMH regulators exposed by the PMM8654au PMIC and its variants.
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
Reviewed-by: Konrad Dybcio <konrad.dybcio@linaro.org>
Link: https://lore.kernel.org/r/20230406192811.460888-3-brgl@bgdev.pl
Signed-off-by: Mark Brown <broonie@kernel.org>
Stable-dep-of: b00de0000a69 ("regulator: qcom-rpmh: Fix regulators for PM8550")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/regulator/qcom-rpmh-regulator.c | 55 +++++++++++++++++++++++++
1 file changed, 55 insertions(+)
diff --git a/drivers/regulator/qcom-rpmh-regulator.c b/drivers/regulator/qcom-rpmh-regulator.c
index ae6021390143c..4c07ec15aff20 100644
--- a/drivers/regulator/qcom-rpmh-regulator.c
+++ b/drivers/regulator/qcom-rpmh-regulator.c
@@ -694,6 +694,16 @@ static const struct rpmh_vreg_hw_data pmic5_pldo_lv = {
.of_map_mode = rpmh_regulator_pmic4_ldo_of_map_mode,
};
+static const struct rpmh_vreg_hw_data pmic5_pldo515_mv = {
+ .regulator_type = VRM,
+ .ops = &rpmh_regulator_vrm_drms_ops,
+ .voltage_range = REGULATOR_LINEAR_RANGE(1800000, 0, 187, 8000),
+ .n_voltages = 188,
+ .hpm_min_load_uA = 10000,
+ .pmic_mode_map = pmic_mode_map_pmic5_ldo,
+ .of_map_mode = rpmh_regulator_pmic4_ldo_of_map_mode,
+};
+
static const struct rpmh_vreg_hw_data pmic5_nldo = {
.regulator_type = VRM,
.ops = &rpmh_regulator_vrm_drms_ops,
@@ -704,6 +714,16 @@ static const struct rpmh_vreg_hw_data pmic5_nldo = {
.of_map_mode = rpmh_regulator_pmic4_ldo_of_map_mode,
};
+static const struct rpmh_vreg_hw_data pmic5_nldo515 = {
+ .regulator_type = VRM,
+ .ops = &rpmh_regulator_vrm_drms_ops,
+ .voltage_range = REGULATOR_LINEAR_RANGE(320000, 0, 210, 8000),
+ .n_voltages = 211,
+ .hpm_min_load_uA = 30000,
+ .pmic_mode_map = pmic_mode_map_pmic5_ldo,
+ .of_map_mode = rpmh_regulator_pmic4_ldo_of_map_mode,
+};
+
static const struct rpmh_vreg_hw_data pmic5_hfsmps510 = {
.regulator_type = VRM,
.ops = &rpmh_regulator_vrm_ops,
@@ -749,6 +769,15 @@ static const struct rpmh_vreg_hw_data pmic5_ftsmps525_mv = {
.of_map_mode = rpmh_regulator_pmic4_smps_of_map_mode,
};
+static const struct rpmh_vreg_hw_data pmic5_ftsmps527 = {
+ .regulator_type = VRM,
+ .ops = &rpmh_regulator_vrm_ops,
+ .voltage_range = REGULATOR_LINEAR_RANGE(320000, 0, 215, 8000),
+ .n_voltages = 215,
+ .pmic_mode_map = pmic_mode_map_pmic5_smps,
+ .of_map_mode = rpmh_regulator_pmic4_smps_of_map_mode,
+};
+
static const struct rpmh_vreg_hw_data pmic5_hfsmps515 = {
.regulator_type = VRM,
.ops = &rpmh_regulator_vrm_ops,
@@ -937,6 +966,28 @@ static const struct rpmh_vreg_init_data pmm8155au_vreg_data[] = {
{}
};
+static const struct rpmh_vreg_init_data pmm8654au_vreg_data[] = {
+ RPMH_VREG("smps1", "smp%s1", &pmic5_ftsmps527, "vdd-s1"),
+ RPMH_VREG("smps2", "smp%s2", &pmic5_ftsmps527, "vdd-s2"),
+ RPMH_VREG("smps3", "smp%s3", &pmic5_ftsmps527, "vdd-s3"),
+ RPMH_VREG("smps4", "smp%s4", &pmic5_ftsmps527, "vdd-s4"),
+ RPMH_VREG("smps5", "smp%s5", &pmic5_ftsmps527, "vdd-s5"),
+ RPMH_VREG("smps6", "smp%s6", &pmic5_ftsmps527, "vdd-s6"),
+ RPMH_VREG("smps7", "smp%s7", &pmic5_ftsmps527, "vdd-s7"),
+ RPMH_VREG("smps8", "smp%s8", &pmic5_ftsmps527, "vdd-s8"),
+ RPMH_VREG("smps9", "smp%s9", &pmic5_ftsmps527, "vdd-s9"),
+ RPMH_VREG("ldo1", "ldo%s1", &pmic5_nldo515, "vdd-s9"),
+ RPMH_VREG("ldo2", "ldo%s2", &pmic5_nldo515, "vdd-l2-l3"),
+ RPMH_VREG("ldo3", "ldo%s3", &pmic5_nldo515, "vdd-l2-l3"),
+ RPMH_VREG("ldo4", "ldo%s4", &pmic5_nldo515, "vdd-s9"),
+ RPMH_VREG("ldo5", "ldo%s5", &pmic5_nldo515, "vdd-s9"),
+ RPMH_VREG("ldo6", "ldo%s6", &pmic5_nldo515, "vdd-l6-l7"),
+ RPMH_VREG("ldo7", "ldo%s7", &pmic5_nldo515, "vdd-l6-l7"),
+ RPMH_VREG("ldo8", "ldo%s8", &pmic5_pldo515_mv, "vdd-l8-l9"),
+ RPMH_VREG("ldo9", "ldo%s9", &pmic5_pldo, "vdd-l8-l9"),
+ {}
+};
+
static const struct rpmh_vreg_init_data pm8350_vreg_data[] = {
RPMH_VREG("smps1", "smp%s1", &pmic5_ftsmps510, "vdd-s1"),
RPMH_VREG("smps2", "smp%s2", &pmic5_ftsmps510, "vdd-s2"),
@@ -1431,6 +1482,10 @@ static const struct of_device_id __maybe_unused rpmh_regulator_match_table[] = {
.compatible = "qcom,pmm8155au-rpmh-regulators",
.data = pmm8155au_vreg_data,
},
+ {
+ .compatible = "qcom,pmm8654au-rpmh-regulators",
+ .data = pmm8654au_vreg_data,
+ },
{
.compatible = "qcom,pmx55-rpmh-regulators",
.data = pmx55_vreg_data,
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 116/187] regulator: qcom-rpmh: Fix regulators for PM8550
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (114 preceding siblings ...)
2023-06-19 10:28 ` [PATCH 6.3 115/187] regulator: qcom-rpmh: add support for pmm8654au regulators Greg Kroah-Hartman
@ 2023-06-19 10:28 ` Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 117/187] netfilter: nf_tables: integrate pipapo into commit protocol Greg Kroah-Hartman
` (82 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:28 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Abel Vesa, Mark Brown, Sasha Levin
From: Abel Vesa <abel.vesa@linaro.org>
[ Upstream commit b00de0000a69579f4d730077fe3ea8ca31404255 ]
The PM8550 uses only NLDOs 515 and the LDO 6 through 8 are low voltage
type, so fix accordingly.
Fixes: e6e3776d682d ("regulator: qcom-rpmh: Add support for PM8550 regulators")
Signed-off-by: Abel Vesa <abel.vesa@linaro.org>
Link: https://lore.kernel.org/r/20230605115607.921308-1-abel.vesa@linaro.org
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/regulator/qcom-rpmh-regulator.c | 30 ++++++++++++-------------
1 file changed, 15 insertions(+), 15 deletions(-)
diff --git a/drivers/regulator/qcom-rpmh-regulator.c b/drivers/regulator/qcom-rpmh-regulator.c
index 4c07ec15aff20..1e2455fc1967b 100644
--- a/drivers/regulator/qcom-rpmh-regulator.c
+++ b/drivers/regulator/qcom-rpmh-regulator.c
@@ -1057,21 +1057,21 @@ static const struct rpmh_vreg_init_data pm8450_vreg_data[] = {
};
static const struct rpmh_vreg_init_data pm8550_vreg_data[] = {
- RPMH_VREG("ldo1", "ldo%s1", &pmic5_pldo, "vdd-l1-l4-l10"),
+ RPMH_VREG("ldo1", "ldo%s1", &pmic5_nldo515, "vdd-l1-l4-l10"),
RPMH_VREG("ldo2", "ldo%s2", &pmic5_pldo, "vdd-l2-l13-l14"),
- RPMH_VREG("ldo3", "ldo%s3", &pmic5_nldo, "vdd-l3"),
- RPMH_VREG("ldo4", "ldo%s4", &pmic5_nldo, "vdd-l1-l4-l10"),
+ RPMH_VREG("ldo3", "ldo%s3", &pmic5_nldo515, "vdd-l3"),
+ RPMH_VREG("ldo4", "ldo%s4", &pmic5_nldo515, "vdd-l1-l4-l10"),
RPMH_VREG("ldo5", "ldo%s5", &pmic5_pldo, "vdd-l5-l16"),
- RPMH_VREG("ldo6", "ldo%s6", &pmic5_pldo_lv, "vdd-l6-l7"),
- RPMH_VREG("ldo7", "ldo%s7", &pmic5_pldo_lv, "vdd-l6-l7"),
- RPMH_VREG("ldo8", "ldo%s8", &pmic5_pldo_lv, "vdd-l8-l9"),
+ RPMH_VREG("ldo6", "ldo%s6", &pmic5_pldo, "vdd-l6-l7"),
+ RPMH_VREG("ldo7", "ldo%s7", &pmic5_pldo, "vdd-l6-l7"),
+ RPMH_VREG("ldo8", "ldo%s8", &pmic5_pldo, "vdd-l8-l9"),
RPMH_VREG("ldo9", "ldo%s9", &pmic5_pldo, "vdd-l8-l9"),
- RPMH_VREG("ldo10", "ldo%s10", &pmic5_nldo, "vdd-l1-l4-l10"),
- RPMH_VREG("ldo11", "ldo%s11", &pmic5_nldo, "vdd-l11"),
+ RPMH_VREG("ldo10", "ldo%s10", &pmic5_nldo515, "vdd-l1-l4-l10"),
+ RPMH_VREG("ldo11", "ldo%s11", &pmic5_nldo515, "vdd-l11"),
RPMH_VREG("ldo12", "ldo%s12", &pmic5_pldo, "vdd-l12"),
RPMH_VREG("ldo13", "ldo%s13", &pmic5_pldo, "vdd-l2-l13-l14"),
RPMH_VREG("ldo14", "ldo%s14", &pmic5_pldo, "vdd-l2-l13-l14"),
- RPMH_VREG("ldo15", "ldo%s15", &pmic5_pldo, "vdd-l15"),
+ RPMH_VREG("ldo15", "ldo%s15", &pmic5_nldo515, "vdd-l15"),
RPMH_VREG("ldo16", "ldo%s16", &pmic5_pldo, "vdd-l5-l16"),
RPMH_VREG("ldo17", "ldo%s17", &pmic5_pldo, "vdd-l17"),
RPMH_VREG("bob1", "bob%s1", &pmic5_bob, "vdd-bob1"),
@@ -1086,9 +1086,9 @@ static const struct rpmh_vreg_init_data pm8550vs_vreg_data[] = {
RPMH_VREG("smps4", "smp%s4", &pmic5_ftsmps525_lv, "vdd-s4"),
RPMH_VREG("smps5", "smp%s5", &pmic5_ftsmps525_lv, "vdd-s5"),
RPMH_VREG("smps6", "smp%s6", &pmic5_ftsmps525_mv, "vdd-s6"),
- RPMH_VREG("ldo1", "ldo%s1", &pmic5_nldo, "vdd-l1"),
- RPMH_VREG("ldo2", "ldo%s2", &pmic5_nldo, "vdd-l2"),
- RPMH_VREG("ldo3", "ldo%s3", &pmic5_nldo, "vdd-l3"),
+ RPMH_VREG("ldo1", "ldo%s1", &pmic5_nldo515, "vdd-l1"),
+ RPMH_VREG("ldo2", "ldo%s2", &pmic5_nldo515, "vdd-l2"),
+ RPMH_VREG("ldo3", "ldo%s3", &pmic5_nldo515, "vdd-l3"),
{}
};
@@ -1101,9 +1101,9 @@ static const struct rpmh_vreg_init_data pm8550ve_vreg_data[] = {
RPMH_VREG("smps6", "smp%s6", &pmic5_ftsmps525_lv, "vdd-s6"),
RPMH_VREG("smps7", "smp%s7", &pmic5_ftsmps525_lv, "vdd-s7"),
RPMH_VREG("smps8", "smp%s8", &pmic5_ftsmps525_lv, "vdd-s8"),
- RPMH_VREG("ldo1", "ldo%s1", &pmic5_nldo, "vdd-l1"),
- RPMH_VREG("ldo2", "ldo%s2", &pmic5_nldo, "vdd-l2"),
- RPMH_VREG("ldo3", "ldo%s3", &pmic5_nldo, "vdd-l3"),
+ RPMH_VREG("ldo1", "ldo%s1", &pmic5_nldo515, "vdd-l1"),
+ RPMH_VREG("ldo2", "ldo%s2", &pmic5_nldo515, "vdd-l2"),
+ RPMH_VREG("ldo3", "ldo%s3", &pmic5_nldo515, "vdd-l3"),
{}
};
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 117/187] netfilter: nf_tables: integrate pipapo into commit protocol
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (115 preceding siblings ...)
2023-06-19 10:28 ` [PATCH 6.3 116/187] regulator: qcom-rpmh: Fix regulators for PM8550 Greg Kroah-Hartman
@ 2023-06-19 10:28 ` Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 118/187] netfilter: nfnetlink: skip error delivery on batch in case of ENOMEM Greg Kroah-Hartman
` (81 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:28 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Pablo Neira Ayuso, Sasha Levin
From: Pablo Neira Ayuso <pablo@netfilter.org>
[ Upstream commit 212ed75dc5fb9d1423b3942c8f872a868cda3466 ]
The pipapo set backend follows copy-on-update approach, maintaining one
clone of the existing datastructure that is being updated. The clone
and current datastructures are swapped via rcu from the commit step.
The existing integration with the commit protocol is flawed because
there is no operation to clean up the clone if the transaction is
aborted. Moreover, the datastructure swap happens on set element
activation.
This patch adds two new operations for sets: commit and abort, these new
operations are invoked from the commit and abort steps, after the
transactions have been digested, and it updates the pipapo set backend
to use it.
This patch adds a new ->pending_update field to sets to maintain a list
of sets that require this new commit and abort operations.
Fixes: 3c4287f62044 ("nf_tables: Add set type for arbitrary concatenation of ranges")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/net/netfilter/nf_tables.h | 4 ++-
net/netfilter/nf_tables_api.c | 56 +++++++++++++++++++++++++++++++
net/netfilter/nft_set_pipapo.c | 55 +++++++++++++++++++++---------
3 files changed, 99 insertions(+), 16 deletions(-)
diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h
index 3eb7d20ddfc97..300bce4d67cec 100644
--- a/include/net/netfilter/nf_tables.h
+++ b/include/net/netfilter/nf_tables.h
@@ -462,7 +462,8 @@ struct nft_set_ops {
const struct nft_set *set,
const struct nft_set_elem *elem,
unsigned int flags);
-
+ void (*commit)(const struct nft_set *set);
+ void (*abort)(const struct nft_set *set);
u64 (*privsize)(const struct nlattr * const nla[],
const struct nft_set_desc *desc);
bool (*estimate)(const struct nft_set_desc *desc,
@@ -557,6 +558,7 @@ struct nft_set {
u16 policy;
u16 udlen;
unsigned char *udata;
+ struct list_head pending_update;
/* runtime data below here */
const struct nft_set_ops *ops ____cacheline_aligned;
u16 flags:14,
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 368aeabd8f8f1..f90b1113e5ecc 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -4850,6 +4850,7 @@ static int nf_tables_newset(struct sk_buff *skb, const struct nfnl_info *info,
set->num_exprs = num_exprs;
set->handle = nf_tables_alloc_handle(table);
+ INIT_LIST_HEAD(&set->pending_update);
err = nft_trans_set_add(&ctx, NFT_MSG_NEWSET, set);
if (err < 0)
@@ -9190,10 +9191,25 @@ static void nf_tables_commit_audit_log(struct list_head *adl, u32 generation)
}
}
+static void nft_set_commit_update(struct list_head *set_update_list)
+{
+ struct nft_set *set, *next;
+
+ list_for_each_entry_safe(set, next, set_update_list, pending_update) {
+ list_del_init(&set->pending_update);
+
+ if (!set->ops->commit)
+ continue;
+
+ set->ops->commit(set);
+ }
+}
+
static int nf_tables_commit(struct net *net, struct sk_buff *skb)
{
struct nftables_pernet *nft_net = nft_pernet(net);
struct nft_trans *trans, *next;
+ LIST_HEAD(set_update_list);
struct nft_trans_elem *te;
struct nft_chain *chain;
struct nft_table *table;
@@ -9359,6 +9375,11 @@ static int nf_tables_commit(struct net *net, struct sk_buff *skb)
nf_tables_setelem_notify(&trans->ctx, te->set,
&te->elem,
NFT_MSG_NEWSETELEM);
+ if (te->set->ops->commit &&
+ list_empty(&te->set->pending_update)) {
+ list_add_tail(&te->set->pending_update,
+ &set_update_list);
+ }
nft_trans_destroy(trans);
break;
case NFT_MSG_DELSETELEM:
@@ -9373,6 +9394,11 @@ static int nf_tables_commit(struct net *net, struct sk_buff *skb)
atomic_dec(&te->set->nelems);
te->set->ndeact--;
}
+ if (te->set->ops->commit &&
+ list_empty(&te->set->pending_update)) {
+ list_add_tail(&te->set->pending_update,
+ &set_update_list);
+ }
break;
case NFT_MSG_NEWOBJ:
if (nft_trans_obj_update(trans)) {
@@ -9435,6 +9461,8 @@ static int nf_tables_commit(struct net *net, struct sk_buff *skb)
}
}
+ nft_set_commit_update(&set_update_list);
+
nft_commit_notify(net, NETLINK_CB(skb).portid);
nf_tables_gen_notify(net, skb, NFT_MSG_NEWGEN);
nf_tables_commit_audit_log(&adl, nft_net->base_seq);
@@ -9494,10 +9522,25 @@ static void nf_tables_abort_release(struct nft_trans *trans)
kfree(trans);
}
+static void nft_set_abort_update(struct list_head *set_update_list)
+{
+ struct nft_set *set, *next;
+
+ list_for_each_entry_safe(set, next, set_update_list, pending_update) {
+ list_del_init(&set->pending_update);
+
+ if (!set->ops->abort)
+ continue;
+
+ set->ops->abort(set);
+ }
+}
+
static int __nf_tables_abort(struct net *net, enum nfnl_abort_action action)
{
struct nftables_pernet *nft_net = nft_pernet(net);
struct nft_trans *trans, *next;
+ LIST_HEAD(set_update_list);
struct nft_trans_elem *te;
if (action == NFNL_ABORT_VALIDATE &&
@@ -9602,6 +9645,12 @@ static int __nf_tables_abort(struct net *net, enum nfnl_abort_action action)
nft_setelem_remove(net, te->set, &te->elem);
if (!nft_setelem_is_catchall(te->set, &te->elem))
atomic_dec(&te->set->nelems);
+
+ if (te->set->ops->abort &&
+ list_empty(&te->set->pending_update)) {
+ list_add_tail(&te->set->pending_update,
+ &set_update_list);
+ }
break;
case NFT_MSG_DELSETELEM:
case NFT_MSG_DESTROYSETELEM:
@@ -9612,6 +9661,11 @@ static int __nf_tables_abort(struct net *net, enum nfnl_abort_action action)
if (!nft_setelem_is_catchall(te->set, &te->elem))
te->set->ndeact--;
+ if (te->set->ops->abort &&
+ list_empty(&te->set->pending_update)) {
+ list_add_tail(&te->set->pending_update,
+ &set_update_list);
+ }
nft_trans_destroy(trans);
break;
case NFT_MSG_NEWOBJ:
@@ -9654,6 +9708,8 @@ static int __nf_tables_abort(struct net *net, enum nfnl_abort_action action)
}
}
+ nft_set_abort_update(&set_update_list);
+
synchronize_rcu();
list_for_each_entry_safe_reverse(trans, next,
diff --git a/net/netfilter/nft_set_pipapo.c b/net/netfilter/nft_set_pipapo.c
index 06d46d1826347..15e451dc3fc46 100644
--- a/net/netfilter/nft_set_pipapo.c
+++ b/net/netfilter/nft_set_pipapo.c
@@ -1600,17 +1600,10 @@ static void pipapo_free_fields(struct nft_pipapo_match *m)
}
}
-/**
- * pipapo_reclaim_match - RCU callback to free fields from old matching data
- * @rcu: RCU head
- */
-static void pipapo_reclaim_match(struct rcu_head *rcu)
+static void pipapo_free_match(struct nft_pipapo_match *m)
{
- struct nft_pipapo_match *m;
int i;
- m = container_of(rcu, struct nft_pipapo_match, rcu);
-
for_each_possible_cpu(i)
kfree(*per_cpu_ptr(m->scratch, i));
@@ -1625,7 +1618,19 @@ static void pipapo_reclaim_match(struct rcu_head *rcu)
}
/**
- * pipapo_commit() - Replace lookup data with current working copy
+ * pipapo_reclaim_match - RCU callback to free fields from old matching data
+ * @rcu: RCU head
+ */
+static void pipapo_reclaim_match(struct rcu_head *rcu)
+{
+ struct nft_pipapo_match *m;
+
+ m = container_of(rcu, struct nft_pipapo_match, rcu);
+ pipapo_free_match(m);
+}
+
+/**
+ * nft_pipapo_commit() - Replace lookup data with current working copy
* @set: nftables API set representation
*
* While at it, check if we should perform garbage collection on the working
@@ -1635,7 +1640,7 @@ static void pipapo_reclaim_match(struct rcu_head *rcu)
* We also need to create a new working copy for subsequent insertions and
* deletions.
*/
-static void pipapo_commit(const struct nft_set *set)
+static void nft_pipapo_commit(const struct nft_set *set)
{
struct nft_pipapo *priv = nft_set_priv(set);
struct nft_pipapo_match *new_clone, *old;
@@ -1660,6 +1665,26 @@ static void pipapo_commit(const struct nft_set *set)
priv->clone = new_clone;
}
+static void nft_pipapo_abort(const struct nft_set *set)
+{
+ struct nft_pipapo *priv = nft_set_priv(set);
+ struct nft_pipapo_match *new_clone, *m;
+
+ if (!priv->dirty)
+ return;
+
+ m = rcu_dereference(priv->match);
+
+ new_clone = pipapo_clone(m);
+ if (IS_ERR(new_clone))
+ return;
+
+ priv->dirty = false;
+
+ pipapo_free_match(priv->clone);
+ priv->clone = new_clone;
+}
+
/**
* nft_pipapo_activate() - Mark element reference as active given key, commit
* @net: Network namespace
@@ -1667,8 +1692,7 @@ static void pipapo_commit(const struct nft_set *set)
* @elem: nftables API element representation containing key data
*
* On insertion, elements are added to a copy of the matching data currently
- * in use for lookups, and not directly inserted into current lookup data, so
- * we'll take care of that by calling pipapo_commit() here. Both
+ * in use for lookups, and not directly inserted into current lookup data. Both
* nft_pipapo_insert() and nft_pipapo_activate() are called once for each
* element, hence we can't purpose either one as a real commit operation.
*/
@@ -1684,8 +1708,6 @@ static void nft_pipapo_activate(const struct net *net,
nft_set_elem_change_active(net, set, &e->ext);
nft_set_elem_clear_busy(&e->ext);
-
- pipapo_commit(set);
}
/**
@@ -1931,7 +1953,6 @@ static void nft_pipapo_remove(const struct net *net, const struct nft_set *set,
if (i == m->field_count) {
priv->dirty = true;
pipapo_drop(m, rulemap);
- pipapo_commit(set);
return;
}
@@ -2230,6 +2251,8 @@ const struct nft_set_type nft_set_pipapo_type = {
.init = nft_pipapo_init,
.destroy = nft_pipapo_destroy,
.gc_init = nft_pipapo_gc_init,
+ .commit = nft_pipapo_commit,
+ .abort = nft_pipapo_abort,
.elemsize = offsetof(struct nft_pipapo_elem, ext),
},
};
@@ -2252,6 +2275,8 @@ const struct nft_set_type nft_set_pipapo_avx2_type = {
.init = nft_pipapo_init,
.destroy = nft_pipapo_destroy,
.gc_init = nft_pipapo_gc_init,
+ .commit = nft_pipapo_commit,
+ .abort = nft_pipapo_abort,
.elemsize = offsetof(struct nft_pipapo_elem, ext),
},
};
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 118/187] netfilter: nfnetlink: skip error delivery on batch in case of ENOMEM
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (116 preceding siblings ...)
2023-06-19 10:28 ` [PATCH 6.3 117/187] netfilter: nf_tables: integrate pipapo into commit protocol Greg Kroah-Hartman
@ 2023-06-19 10:28 ` Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 119/187] ice: do not busy-wait to read GNSS data Greg Kroah-Hartman
` (80 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:28 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Pablo Neira Ayuso, Sasha Levin
From: Pablo Neira Ayuso <pablo@netfilter.org>
[ Upstream commit a1a64a151dae8ac3581c1cbde44b672045cb658b ]
If caller reports ENOMEM, then stop iterating over the batch and send a
single netlink message to userspace to report OOM.
Fixes: cbb8125eb40b ("netfilter: nfnetlink: deliver netlink errors on batch completion")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/netfilter/nfnetlink.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/netfilter/nfnetlink.c b/net/netfilter/nfnetlink.c
index ae7146475d17a..c9fbe0f707b5f 100644
--- a/net/netfilter/nfnetlink.c
+++ b/net/netfilter/nfnetlink.c
@@ -533,7 +533,8 @@ static void nfnetlink_rcv_batch(struct sk_buff *skb, struct nlmsghdr *nlh,
* processed, this avoids that the same error is
* reported several times when replaying the batch.
*/
- if (nfnl_err_add(&err_list, nlh, err, &extack) < 0) {
+ if (err == -ENOMEM ||
+ nfnl_err_add(&err_list, nlh, err, &extack) < 0) {
/* We failed to enqueue an error, reset the
* list of errors and send OOM to userspace
* pointing to the batch header.
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 119/187] ice: do not busy-wait to read GNSS data
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (117 preceding siblings ...)
2023-06-19 10:28 ` [PATCH 6.3 118/187] netfilter: nfnetlink: skip error delivery on batch in case of ENOMEM Greg Kroah-Hartman
@ 2023-06-19 10:28 ` Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 120/187] ice: Dont dereference NULL in ice_gnss_read error path Greg Kroah-Hartman
` (79 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Michal Schmidt, Arkadiusz Kubalewski,
Simon Horman, Tony Nguyen, Sasha Levin, Sunitha Mekala
From: Michal Schmidt <mschmidt@redhat.com>
[ Upstream commit 2f8fdcb0a73a1831cc4f205f23493a17c0e5536f ]
The ice-gnss-<dev_name> kernel thread, which reads data from the u-blox
GNSS module, keep a CPU core almost 100% busy. The main reason is that
it busy-waits for data to become available.
A simple improvement would be to replace the "mdelay(10);" in
ice_gnss_read() with sleeping. A better fix is to not do any waiting
directly in the function and just requeue this delayed work as needed.
The advantage is that canceling the work from ice_gnss_exit() becomes
immediate, rather than taking up to ~2.5 seconds (ICE_MAX_UBX_READ_TRIES
* 10 ms).
This lowers the CPU usage of the ice-gnss-<dev_name> thread on my system
from ~90 % to ~8 %.
I am not sure if the larger 0.1 s pause after inserting data into the
gnss subsystem is really necessary, but I'm keeping that as it was.
Of course, ideally the driver would not have to poll at all, but I don't
know if the E810 can watch for GNSS data availability over the i2c bus
by itself and notify the driver.
Signed-off-by: Michal Schmidt <mschmidt@redhat.com>
Reviewed-by: Arkadiusz Kubalewski <arkadiusz.kubalewski@intel.com>
Reviewed-by: Simon Horman <simon.horman@corigine.com>
Tested-by: Sunitha Mekala <sunithax.d.mekala@intel.com> (A Contingent worker at Intel)
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Stable-dep-of: 05a1308a2e08 ("ice: Don't dereference NULL in ice_gnss_read error path")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/intel/ice/ice_gnss.c | 42 ++++++++++-------------
drivers/net/ethernet/intel/ice/ice_gnss.h | 3 +-
2 files changed, 20 insertions(+), 25 deletions(-)
diff --git a/drivers/net/ethernet/intel/ice/ice_gnss.c b/drivers/net/ethernet/intel/ice/ice_gnss.c
index 12086aafb42fb..bd0ed155e11b6 100644
--- a/drivers/net/ethernet/intel/ice/ice_gnss.c
+++ b/drivers/net/ethernet/intel/ice/ice_gnss.c
@@ -85,6 +85,7 @@ static void ice_gnss_read(struct kthread_work *work)
{
struct gnss_serial *gnss = container_of(work, struct gnss_serial,
read_work.work);
+ unsigned long delay = ICE_GNSS_POLL_DATA_DELAY_TIME;
unsigned int i, bytes_read, data_len, count;
struct ice_aqc_link_topo_addr link_topo;
struct ice_pf *pf;
@@ -104,11 +105,6 @@ static void ice_gnss_read(struct kthread_work *work)
return;
hw = &pf->hw;
- buf = (char *)get_zeroed_page(GFP_KERNEL);
- if (!buf) {
- err = -ENOMEM;
- goto exit;
- }
memset(&link_topo, 0, sizeof(struct ice_aqc_link_topo_addr));
link_topo.topo_params.index = ICE_E810T_GNSS_I2C_BUS;
@@ -119,25 +115,24 @@ static void ice_gnss_read(struct kthread_work *work)
i2c_params = ICE_GNSS_UBX_DATA_LEN_WIDTH |
ICE_AQC_I2C_USE_REPEATED_START;
- /* Read data length in a loop, when it's not 0 the data is ready */
- for (i = 0; i < ICE_MAX_UBX_READ_TRIES; i++) {
- err = ice_aq_read_i2c(hw, link_topo, ICE_GNSS_UBX_I2C_BUS_ADDR,
- cpu_to_le16(ICE_GNSS_UBX_DATA_LEN_H),
- i2c_params, (u8 *)&data_len_b, NULL);
- if (err)
- goto exit_buf;
+ err = ice_aq_read_i2c(hw, link_topo, ICE_GNSS_UBX_I2C_BUS_ADDR,
+ cpu_to_le16(ICE_GNSS_UBX_DATA_LEN_H),
+ i2c_params, (u8 *)&data_len_b, NULL);
+ if (err)
+ goto requeue;
- data_len = be16_to_cpu(data_len_b);
- if (data_len != 0 && data_len != U16_MAX)
- break;
+ data_len = be16_to_cpu(data_len_b);
+ if (data_len == 0 || data_len == U16_MAX)
+ goto requeue;
- mdelay(10);
- }
+ /* The u-blox has data_len bytes for us to read */
data_len = min_t(typeof(data_len), data_len, PAGE_SIZE);
- if (!data_len) {
+
+ buf = (char *)get_zeroed_page(GFP_KERNEL);
+ if (!buf) {
err = -ENOMEM;
- goto exit_buf;
+ goto requeue;
}
/* Read received data */
@@ -151,7 +146,7 @@ static void ice_gnss_read(struct kthread_work *work)
cpu_to_le16(ICE_GNSS_UBX_EMPTY_DATA),
bytes_read, &buf[i], NULL);
if (err)
- goto exit_buf;
+ goto free_buf;
}
count = gnss_insert_raw(pf->gnss_dev, buf, i);
@@ -159,10 +154,11 @@ static void ice_gnss_read(struct kthread_work *work)
dev_warn(ice_pf_to_dev(pf),
"gnss_insert_raw ret=%d size=%d\n",
count, i);
-exit_buf:
+ delay = ICE_GNSS_TIMER_DELAY_TIME;
+free_buf:
free_page((unsigned long)buf);
- kthread_queue_delayed_work(gnss->kworker, &gnss->read_work,
- ICE_GNSS_TIMER_DELAY_TIME);
+requeue:
+ kthread_queue_delayed_work(gnss->kworker, &gnss->read_work, delay);
exit:
if (err)
dev_dbg(ice_pf_to_dev(pf), "GNSS failed to read err=%d\n", err);
diff --git a/drivers/net/ethernet/intel/ice/ice_gnss.h b/drivers/net/ethernet/intel/ice/ice_gnss.h
index d95ca3928b2ea..d206afe550a56 100644
--- a/drivers/net/ethernet/intel/ice/ice_gnss.h
+++ b/drivers/net/ethernet/intel/ice/ice_gnss.h
@@ -5,6 +5,7 @@
#define _ICE_GNSS_H_
#define ICE_E810T_GNSS_I2C_BUS 0x2
+#define ICE_GNSS_POLL_DATA_DELAY_TIME (HZ / 100) /* poll every 10 ms */
#define ICE_GNSS_TIMER_DELAY_TIME (HZ / 10) /* 0.1 second per message */
#define ICE_GNSS_TTY_WRITE_BUF 250
#define ICE_MAX_I2C_DATA_SIZE FIELD_MAX(ICE_AQC_I2C_DATA_SIZE_M)
@@ -20,8 +21,6 @@
* passed as I2C addr parameter.
*/
#define ICE_GNSS_UBX_WRITE_BYTES (ICE_MAX_I2C_WRITE_BYTES + 1)
-#define ICE_MAX_UBX_READ_TRIES 255
-#define ICE_MAX_UBX_ACK_READ_TRIES 4095
/**
* struct gnss_serial - data used to initialize GNSS TTY port
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 120/187] ice: Dont dereference NULL in ice_gnss_read error path
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (118 preceding siblings ...)
2023-06-19 10:28 ` [PATCH 6.3 119/187] ice: do not busy-wait to read GNSS data Greg Kroah-Hartman
@ 2023-06-19 10:28 ` Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 121/187] ice: Fix XDP memory leak when NIC is brought up and down Greg Kroah-Hartman
` (78 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Simon Horman, Tariq Toukan,
Tony Nguyen, Sasha Levin, Sunitha Mekala
From: Simon Horman <horms@kernel.org>
[ Upstream commit 05a1308a2e08e4a375bf60eb4c6c057a201d81fc ]
If pf is NULL in ice_gnss_read() then it will be dereferenced
in the error path by a call to dev_dbg(ice_pf_to_dev(pf), ...).
Avoid this by simply returning in this case.
If logging is desired an alternate approach might be to
use pr_err() before returning.
Flagged by Smatch as:
.../ice_gnss.c:196 ice_gnss_read() error: we previously assumed 'pf' could be null (see line 131)
Fixes: 43113ff73453 ("ice: add TTY for GNSS module for E810T device")
Signed-off-by: Simon Horman <horms@kernel.org>
Reviewed-by: Tariq Toukan <tariqt@nvidia.com>
Tested-by: Sunitha Mekala <sunithax.d.mekala@intel.com> (A Contingent worker at Intel)
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/intel/ice/ice_gnss.c | 8 +-------
1 file changed, 1 insertion(+), 7 deletions(-)
diff --git a/drivers/net/ethernet/intel/ice/ice_gnss.c b/drivers/net/ethernet/intel/ice/ice_gnss.c
index bd0ed155e11b6..75c9de675f202 100644
--- a/drivers/net/ethernet/intel/ice/ice_gnss.c
+++ b/drivers/net/ethernet/intel/ice/ice_gnss.c
@@ -96,12 +96,7 @@ static void ice_gnss_read(struct kthread_work *work)
int err = 0;
pf = gnss->back;
- if (!pf) {
- err = -EFAULT;
- goto exit;
- }
-
- if (!test_bit(ICE_FLAG_GNSS, pf->flags))
+ if (!pf || !test_bit(ICE_FLAG_GNSS, pf->flags))
return;
hw = &pf->hw;
@@ -159,7 +154,6 @@ static void ice_gnss_read(struct kthread_work *work)
free_page((unsigned long)buf);
requeue:
kthread_queue_delayed_work(gnss->kworker, &gnss->read_work, delay);
-exit:
if (err)
dev_dbg(ice_pf_to_dev(pf), "GNSS failed to read err=%d\n", err);
}
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 121/187] ice: Fix XDP memory leak when NIC is brought up and down
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (119 preceding siblings ...)
2023-06-19 10:28 ` [PATCH 6.3 120/187] ice: Dont dereference NULL in ice_gnss_read error path Greg Kroah-Hartman
@ 2023-06-19 10:28 ` Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 122/187] netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE Greg Kroah-Hartman
` (77 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:28 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Kamil Maziarz, Maciej Fijalkowski,
Tony Nguyen, Sasha Levin, Chandan Kumar Rout
From: Kamil Maziarz <kamil.maziarz@intel.com>
[ Upstream commit 78c50d6961fc05491ebbc71c35d87324b1a4f49a ]
Fix the buffer leak that occurs while switching
the port up and down with traffic and XDP by
checking for an active XDP program and freeing all empty TX buffers.
Fixes: efc2214b6047 ("ice: Add support for XDP")
Signed-off-by: Kamil Maziarz <kamil.maziarz@intel.com>
Tested-by: Chandan Kumar Rout <chandanx.rout@intel.com> (A Contingent Worker at Intel)
Acked-by: Maciej Fijalkowski <maciej.fijalkowski@intel.com>
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/intel/ice/ice_main.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/net/ethernet/intel/ice/ice_main.c b/drivers/net/ethernet/intel/ice/ice_main.c
index 0d8b8c6f9bd35..0c949ed22a313 100644
--- a/drivers/net/ethernet/intel/ice/ice_main.c
+++ b/drivers/net/ethernet/intel/ice/ice_main.c
@@ -7048,6 +7048,10 @@ int ice_down(struct ice_vsi *vsi)
ice_for_each_txq(vsi, i)
ice_clean_tx_ring(vsi->tx_rings[i]);
+ if (ice_is_xdp_ena_vsi(vsi))
+ ice_for_each_xdp_txq(vsi, i)
+ ice_clean_tx_ring(vsi->xdp_rings[i]);
+
ice_for_each_rxq(vsi, i)
ice_clean_rx_ring(vsi->rx_rings[i]);
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 122/187] netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (120 preceding siblings ...)
2023-06-19 10:28 ` [PATCH 6.3 121/187] ice: Fix XDP memory leak when NIC is brought up and down Greg Kroah-Hartman
@ 2023-06-19 10:29 ` Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 123/187] net: enetc: correct the indexes of highest and 2nd highest TCs Greg Kroah-Hartman
` (76 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:29 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Pablo Neira Ayuso, Sasha Levin
From: Pablo Neira Ayuso <pablo@netfilter.org>
[ Upstream commit 1240eb93f0616b21c675416516ff3d74798fdc97 ]
In case of error when adding a new rule that refers to an anonymous set,
deactivate expressions via NFT_TRANS_PREPARE state, not NFT_TRANS_RELEASE.
Thus, the lookup expression marks anonymous sets as inactive in the next
generation to ensure it is not reachable in this transaction anymore and
decrement the set refcount as introduced by c1592a89942e ("netfilter:
nf_tables: deactivate anonymous set from preparation phase"). The abort
step takes care of undoing the anonymous set.
This is also consistent with rule deletion, where NFT_TRANS_PREPARE is
used. Note that this error path is exercised in the preparation step of
the commit protocol. This patch replaces nf_tables_rule_release() by the
deactivate and destroy calls, this time with NFT_TRANS_PREPARE.
Due to this incorrect error handling, it is possible to access a
dangling pointer to the anonymous set that remains in the transaction
list.
[1009.379054] BUG: KASAN: use-after-free in nft_set_lookup_global+0x147/0x1a0 [nf_tables]
[1009.379106] Read of size 8 at addr ffff88816c4c8020 by task nft-rule-add/137110
[1009.379116] CPU: 7 PID: 137110 Comm: nft-rule-add Not tainted 6.4.0-rc4+ #256
[1009.379128] Call Trace:
[1009.379132] <TASK>
[1009.379135] dump_stack_lvl+0x33/0x50
[1009.379146] ? nft_set_lookup_global+0x147/0x1a0 [nf_tables]
[1009.379191] print_address_description.constprop.0+0x27/0x300
[1009.379201] kasan_report+0x107/0x120
[1009.379210] ? nft_set_lookup_global+0x147/0x1a0 [nf_tables]
[1009.379255] nft_set_lookup_global+0x147/0x1a0 [nf_tables]
[1009.379302] nft_lookup_init+0xa5/0x270 [nf_tables]
[1009.379350] nf_tables_newrule+0x698/0xe50 [nf_tables]
[1009.379397] ? nf_tables_rule_release+0xe0/0xe0 [nf_tables]
[1009.379441] ? kasan_unpoison+0x23/0x50
[1009.379450] nfnetlink_rcv_batch+0x97c/0xd90 [nfnetlink]
[1009.379470] ? nfnetlink_rcv_msg+0x480/0x480 [nfnetlink]
[1009.379485] ? __alloc_skb+0xb8/0x1e0
[1009.379493] ? __alloc_skb+0xb8/0x1e0
[1009.379502] ? entry_SYSCALL_64_after_hwframe+0x46/0xb0
[1009.379509] ? unwind_get_return_address+0x2a/0x40
[1009.379517] ? write_profile+0xc0/0xc0
[1009.379524] ? avc_lookup+0x8f/0xc0
[1009.379532] ? __rcu_read_unlock+0x43/0x60
Fixes: 958bee14d071 ("netfilter: nf_tables: use new transaction infrastructure to handle sets")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/netfilter/nf_tables_api.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index f90b1113e5ecc..8f63514656a17 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -3781,7 +3781,8 @@ static int nf_tables_newrule(struct sk_buff *skb, const struct nfnl_info *info,
if (flow)
nft_flow_rule_destroy(flow);
err_release_rule:
- nf_tables_rule_release(&ctx, rule);
+ nft_rule_expr_deactivate(&ctx, rule, NFT_TRANS_PREPARE);
+ nf_tables_rule_destroy(&ctx, rule);
err_release_expr:
for (i = 0; i < n; i++) {
if (expr_info[i].ops) {
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 123/187] net: enetc: correct the indexes of highest and 2nd highest TCs
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (121 preceding siblings ...)
2023-06-19 10:29 ` [PATCH 6.3 122/187] netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE Greg Kroah-Hartman
@ 2023-06-19 10:29 ` Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 124/187] ping6: Fix send to link-local addresses with VRF Greg Kroah-Hartman
` (75 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Wei Fang, Vladimir Oltean,
Maciej Fijalkowski, David S. Miller, Sasha Levin
From: Wei Fang <wei.fang@nxp.com>
[ Upstream commit 21225873be1472b7c59ed3650396af0e40578112 ]
For ENETC hardware, the TCs are numbered from 0 to N-1, where N
is the number of TCs. Numerically higher TC has higher priority.
It's obvious that the highest priority TC index should be N-1 and
the 2nd highest priority TC index should be N-2.
However, the previous logic uses netdev_get_prio_tc_map() to get
the indexes of highest priority and 2nd highest priority TCs, it
does not make sense and is incorrect to give a "tc" argument to
netdev_get_prio_tc_map(). So the driver may get the wrong indexes
of the two highest priotiry TCs which would lead to failed to set
the CBS for the two highest priotiry TCs.
e.g.
$ tc qdisc add dev eno0 parent root handle 100: mqprio num_tc 6 \
map 0 0 1 1 2 3 4 5 queues 1@0 1@1 1@2 1@3 2@4 2@6 hw 1
$ tc qdisc replace dev eno0 parent 100:6 cbs idleslope 100000 \
sendslope -900000 hicredit 12 locredit -113 offload 1
$ Error: Specified device failed to setup cbs hardware offload.
^^^^^
In this example, the previous logic deems the indexes of the two
highest priotiry TCs should be 3 and 2. Actually, the indexes are
5 and 4, because the number of TCs is 6. So it would be failed to
configure the CBS for the two highest priority TCs.
Fixes: c431047c4efe ("enetc: add support Credit Based Shaper(CBS) for hardware offload")
Signed-off-by: Wei Fang <wei.fang@nxp.com>
Reviewed-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Reviewed-by: Maciej Fijalkowski <maciej.fijalkowski@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/freescale/enetc/enetc_qos.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/freescale/enetc/enetc_qos.c b/drivers/net/ethernet/freescale/enetc/enetc_qos.c
index 83c27bbbc6edf..126007ab70f61 100644
--- a/drivers/net/ethernet/freescale/enetc/enetc_qos.c
+++ b/drivers/net/ethernet/freescale/enetc/enetc_qos.c
@@ -181,8 +181,8 @@ int enetc_setup_tc_cbs(struct net_device *ndev, void *type_data)
int bw_sum = 0;
u8 bw;
- prio_top = netdev_get_prio_tc_map(ndev, tc_nums - 1);
- prio_next = netdev_get_prio_tc_map(ndev, tc_nums - 2);
+ prio_top = tc_nums - 1;
+ prio_next = tc_nums - 2;
/* Support highest prio and second prio tc in cbs mode */
if (tc != prio_top && tc != prio_next)
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 124/187] ping6: Fix send to link-local addresses with VRF.
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (122 preceding siblings ...)
2023-06-19 10:29 ` [PATCH 6.3 123/187] net: enetc: correct the indexes of highest and 2nd highest TCs Greg Kroah-Hartman
@ 2023-06-19 10:29 ` Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 125/187] igb: Fix extts capture value format for 82580/i354/i350 Greg Kroah-Hartman
` (74 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mirsad Todorovac, Guillaume Nault,
David Ahern, Jakub Kicinski, Sasha Levin
From: Guillaume Nault <gnault@redhat.com>
[ Upstream commit 91ffd1bae1dafbb9e34b46813f5b058581d9144d ]
Ping sockets can't send packets when they're bound to a VRF master
device and the output interface is set to a slave device.
For example, when net.ipv4.ping_group_range is properly set, so that
ping6 can use ping sockets, the following kind of commands fails:
$ ip vrf exec red ping6 fe80::854:e7ff:fe88:4bf1%eth1
What happens is that sk->sk_bound_dev_if is set to the VRF master
device, but 'oif' is set to the real output device. Since both are set
but different, ping_v6_sendmsg() sees their value as inconsistent and
fails.
Fix this by allowing 'oif' to be a slave device of ->sk_bound_dev_if.
This fixes the following kselftest failure:
$ ./fcnal-test.sh -t ipv6_ping
[...]
TEST: ping out, vrf device+address bind - ns-B IPv6 LLA [FAIL]
Reported-by: Mirsad Todorovac <mirsad.todorovac@alu.unizg.hr>
Closes: https://lore.kernel.org/netdev/b6191f90-ffca-dbca-7d06-88a9788def9c@alu.unizg.hr/
Tested-by: Mirsad Todorovac <mirsad.todorovac@alu.unizg.hr>
Fixes: 5e457896986e ("net: ipv6: Fix ping to link-local addresses.")
Signed-off-by: Guillaume Nault <gnault@redhat.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Link: https://lore.kernel.org/r/6c8b53108816a8d0d5705ae37bdc5a8322b5e3d9.1686153846.git.gnault@redhat.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv6/ping.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/ipv6/ping.c b/net/ipv6/ping.c
index 808983bc2ec9f..4651aaf70db4f 100644
--- a/net/ipv6/ping.c
+++ b/net/ipv6/ping.c
@@ -114,7 +114,8 @@ static int ping_v6_sendmsg(struct sock *sk, struct msghdr *msg, size_t len)
addr_type = ipv6_addr_type(daddr);
if ((__ipv6_addr_needs_scope_id(addr_type) && !oif) ||
(addr_type & IPV6_ADDR_MAPPED) ||
- (oif && sk->sk_bound_dev_if && oif != sk->sk_bound_dev_if))
+ (oif && sk->sk_bound_dev_if && oif != sk->sk_bound_dev_if &&
+ l3mdev_master_ifindex_by_index(sock_net(sk), oif) != sk->sk_bound_dev_if))
return -EINVAL;
ipcm6_init_sk(&ipc6, np);
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 125/187] igb: Fix extts capture value format for 82580/i354/i350
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (123 preceding siblings ...)
2023-06-19 10:29 ` [PATCH 6.3 124/187] ping6: Fix send to link-local addresses with VRF Greg Kroah-Hartman
@ 2023-06-19 10:29 ` Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 126/187] net/sched: act_pedit: remove extra check for key type Greg Kroah-Hartman
` (73 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yuezhen Luan, Jacob Keller,
Tony Nguyen, Simon Horman, Jakub Kicinski, Sasha Levin,
Pucha Himasekhar Reddy
From: Yuezhen Luan <eggcar.luan@gmail.com>
[ Upstream commit 6292d7436cf2f0a2ea8800a1d2cbb155d237818a ]
82580/i354/i350 features circle-counter-like timestamp registers
that are different with newer i210. The EXTTS capture value in
AUXTSMPx should be converted from raw circle counter value to
timestamp value in resolution of 1 nanosec by the driver.
This issue can be reproduced on i350 nics, connecting an 1PPS
signal to a SDP pin, and run 'ts2phc' command to read external
1PPS timestamp value. On i210 this works fine, but on i350 the
extts is not correctly converted.
The i350/i354/82580's SYSTIM and other timestamp registers are
40bit counters, presenting time range of 2^40 ns, that means these
registers overflows every about 1099s. This causes all these regs
can't be used directly in contrast to the newer i210/i211s.
The igb driver needs to convert these raw register values to
valid time stamp format by using kernel timecounter apis for i350s
families. Here the igb_extts() just forgot to do the convert.
Fixes: 38970eac41db ("igb: support EXTTS on 82580/i354/i350")
Signed-off-by: Yuezhen Luan <eggcar.luan@gmail.com>
Reviewed-by: Jacob Keller <jacob.e.keller@intel.com>
Tested-by: Pucha Himasekhar Reddy <himasekharx.reddy.pucha@intel.com> (A Contingent worker at Intel)
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Reviewed-by: Simon Horman <simon.horman@corigine.com>
Link: https://lore.kernel.org/r/20230607164116.3768175-1-anthony.l.nguyen@intel.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/intel/igb/igb_main.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/intel/igb/igb_main.c b/drivers/net/ethernet/intel/igb/igb_main.c
index 274c781b55473..f2f9f81c123b8 100644
--- a/drivers/net/ethernet/intel/igb/igb_main.c
+++ b/drivers/net/ethernet/intel/igb/igb_main.c
@@ -6948,6 +6948,7 @@ static void igb_extts(struct igb_adapter *adapter, int tsintr_tt)
struct e1000_hw *hw = &adapter->hw;
struct ptp_clock_event event;
struct timespec64 ts;
+ unsigned long flags;
if (pin < 0 || pin >= IGB_N_SDP)
return;
@@ -6955,9 +6956,12 @@ static void igb_extts(struct igb_adapter *adapter, int tsintr_tt)
if (hw->mac.type == e1000_82580 ||
hw->mac.type == e1000_i354 ||
hw->mac.type == e1000_i350) {
- s64 ns = rd32(auxstmpl);
+ u64 ns = rd32(auxstmpl);
- ns += ((s64)(rd32(auxstmph) & 0xFF)) << 32;
+ ns += ((u64)(rd32(auxstmph) & 0xFF)) << 32;
+ spin_lock_irqsave(&adapter->tmreg_lock, flags);
+ ns = timecounter_cyc2time(&adapter->tc, ns);
+ spin_unlock_irqrestore(&adapter->tmreg_lock, flags);
ts = ns_to_timespec64(ns);
} else {
ts.tv_nsec = rd32(auxstmpl);
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 126/187] net/sched: act_pedit: remove extra check for key type
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (124 preceding siblings ...)
2023-06-19 10:29 ` [PATCH 6.3 125/187] igb: Fix extts capture value format for 82580/i354/i350 Greg Kroah-Hartman
@ 2023-06-19 10:29 ` Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 127/187] net/sched: act_pedit: Parse L3 Header for L4 offset Greg Kroah-Hartman
` (72 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jamal Hadi Salim, Simon Horman,
Pedro Tammela, David S. Miller, Sasha Levin
From: Pedro Tammela <pctammela@mojatatu.com>
[ Upstream commit 577140180ba28d0d37bc898c7bd6702c83aa106f ]
The netlink parsing already validates the key 'htype'.
Remove the datapath check as it's redundant.
Reviewed-by: Jamal Hadi Salim <jhs@mojatatu.com>
Reviewed-by: Simon Horman <simon.horman@corigine.com>
Signed-off-by: Pedro Tammela <pctammela@mojatatu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Stable-dep-of: 6c02568fd1ae ("net/sched: act_pedit: Parse L3 Header for L4 offset")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/sched/act_pedit.c | 29 +++++++----------------------
1 file changed, 7 insertions(+), 22 deletions(-)
diff --git a/net/sched/act_pedit.c b/net/sched/act_pedit.c
index 4559a1507ea5a..1e7e959b90e48 100644
--- a/net/sched/act_pedit.c
+++ b/net/sched/act_pedit.c
@@ -313,37 +313,28 @@ static bool offset_valid(struct sk_buff *skb, int offset)
return true;
}
-static int pedit_skb_hdr_offset(struct sk_buff *skb,
- enum pedit_header_type htype, int *hoffset)
+static void pedit_skb_hdr_offset(struct sk_buff *skb,
+ enum pedit_header_type htype, int *hoffset)
{
- int ret = -EINVAL;
-
+ /* 'htype' is validated in the netlink parsing */
switch (htype) {
case TCA_PEDIT_KEY_EX_HDR_TYPE_ETH:
- if (skb_mac_header_was_set(skb)) {
+ if (skb_mac_header_was_set(skb))
*hoffset = skb_mac_offset(skb);
- ret = 0;
- }
break;
case TCA_PEDIT_KEY_EX_HDR_TYPE_NETWORK:
case TCA_PEDIT_KEY_EX_HDR_TYPE_IP4:
case TCA_PEDIT_KEY_EX_HDR_TYPE_IP6:
*hoffset = skb_network_offset(skb);
- ret = 0;
break;
case TCA_PEDIT_KEY_EX_HDR_TYPE_TCP:
case TCA_PEDIT_KEY_EX_HDR_TYPE_UDP:
- if (skb_transport_header_was_set(skb)) {
+ if (skb_transport_header_was_set(skb))
*hoffset = skb_transport_offset(skb);
- ret = 0;
- }
break;
default:
- ret = -EINVAL;
break;
}
-
- return ret;
}
TC_INDIRECT_SCOPE int tcf_pedit_act(struct sk_buff *skb,
@@ -376,10 +367,9 @@ TC_INDIRECT_SCOPE int tcf_pedit_act(struct sk_buff *skb,
for (i = parms->tcfp_nkeys; i > 0; i--, tkey++) {
int offset = tkey->off;
+ int hoffset = 0;
u32 *ptr, hdata;
- int hoffset;
u32 val;
- int rc;
if (tkey_ex) {
htype = tkey_ex->htype;
@@ -388,12 +378,7 @@ TC_INDIRECT_SCOPE int tcf_pedit_act(struct sk_buff *skb,
tkey_ex++;
}
- rc = pedit_skb_hdr_offset(skb, htype, &hoffset);
- if (rc) {
- pr_info("tc action pedit bad header type specified (0x%x)\n",
- htype);
- goto bad;
- }
+ pedit_skb_hdr_offset(skb, htype, &hoffset);
if (tkey->offmask) {
u8 *d, _d;
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 127/187] net/sched: act_pedit: Parse L3 Header for L4 offset
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (125 preceding siblings ...)
2023-06-19 10:29 ` [PATCH 6.3 126/187] net/sched: act_pedit: remove extra check for key type Greg Kroah-Hartman
@ 2023-06-19 10:29 ` Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 128/187] net: renesas: rswitch: Fix timestamp feature after all descriptors are used Greg Kroah-Hartman
` (71 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Max Tottenham, Josh Hunt,
kernel test robot, Pedro Tammela, David S. Miller, Sasha Levin
From: Max Tottenham <mtottenh@akamai.com>
[ Upstream commit 6c02568fd1ae53099b4ab86365c5be1ff15f586b ]
Instead of relying on skb->transport_header being set correctly, opt
instead to parse the L3 header length out of the L3 headers for both
IPv4/IPv6 when the Extended Layer Op for tcp/udp is used. This fixes a
bug if GRO is disabled, when GRO is disabled skb->transport_header is
set by __netif_receive_skb_core() to point to the L3 header, it's later
fixed by the upper protocol layers, but act_pedit will receive the SKB
before the fixups are completed. The existing behavior causes the
following to edit the L3 header if GRO is disabled instead of the UDP
header:
tc filter add dev eth0 ingress protocol ip flower ip_proto udp \
dst_ip 192.168.1.3 action pedit ex munge udp set dport 18053
Also re-introduce a rate-limited warning if we were unable to extract
the header offset when using the 'ex' interface.
Fixes: 71d0ed7079df ("net/act_pedit: Support using offset relative to
the conventional network headers")
Signed-off-by: Max Tottenham <mtottenh@akamai.com>
Reviewed-by: Josh Hunt <johunt@akamai.com>
Reported-by: kernel test robot <lkp@intel.com>
Closes: https://lore.kernel.org/oe-kbuild-all/202305261541.N165u9TZ-lkp@intel.com/
Reviewed-by: Pedro Tammela <pctammela@mojatatu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/sched/act_pedit.c | 48 ++++++++++++++++++++++++++++++++++++++-----
1 file changed, 43 insertions(+), 5 deletions(-)
diff --git a/net/sched/act_pedit.c b/net/sched/act_pedit.c
index 1e7e959b90e48..300b5ae760dcc 100644
--- a/net/sched/act_pedit.c
+++ b/net/sched/act_pedit.c
@@ -13,7 +13,10 @@
#include <linux/rtnetlink.h>
#include <linux/module.h>
#include <linux/init.h>
+#include <linux/ip.h>
+#include <linux/ipv6.h>
#include <linux/slab.h>
+#include <net/ipv6.h>
#include <net/netlink.h>
#include <net/pkt_sched.h>
#include <linux/tc_act/tc_pedit.h>
@@ -313,28 +316,58 @@ static bool offset_valid(struct sk_buff *skb, int offset)
return true;
}
-static void pedit_skb_hdr_offset(struct sk_buff *skb,
+static int pedit_l4_skb_offset(struct sk_buff *skb, int *hoffset, const int header_type)
+{
+ const int noff = skb_network_offset(skb);
+ int ret = -EINVAL;
+ struct iphdr _iph;
+
+ switch (skb->protocol) {
+ case htons(ETH_P_IP): {
+ const struct iphdr *iph = skb_header_pointer(skb, noff, sizeof(_iph), &_iph);
+
+ if (!iph)
+ goto out;
+ *hoffset = noff + iph->ihl * 4;
+ ret = 0;
+ break;
+ }
+ case htons(ETH_P_IPV6):
+ ret = ipv6_find_hdr(skb, hoffset, header_type, NULL, NULL) == header_type ? 0 : -EINVAL;
+ break;
+ }
+out:
+ return ret;
+}
+
+static int pedit_skb_hdr_offset(struct sk_buff *skb,
enum pedit_header_type htype, int *hoffset)
{
+ int ret = -EINVAL;
/* 'htype' is validated in the netlink parsing */
switch (htype) {
case TCA_PEDIT_KEY_EX_HDR_TYPE_ETH:
- if (skb_mac_header_was_set(skb))
+ if (skb_mac_header_was_set(skb)) {
*hoffset = skb_mac_offset(skb);
+ ret = 0;
+ }
break;
case TCA_PEDIT_KEY_EX_HDR_TYPE_NETWORK:
case TCA_PEDIT_KEY_EX_HDR_TYPE_IP4:
case TCA_PEDIT_KEY_EX_HDR_TYPE_IP6:
*hoffset = skb_network_offset(skb);
+ ret = 0;
break;
case TCA_PEDIT_KEY_EX_HDR_TYPE_TCP:
+ ret = pedit_l4_skb_offset(skb, hoffset, IPPROTO_TCP);
+ break;
case TCA_PEDIT_KEY_EX_HDR_TYPE_UDP:
- if (skb_transport_header_was_set(skb))
- *hoffset = skb_transport_offset(skb);
+ ret = pedit_l4_skb_offset(skb, hoffset, IPPROTO_UDP);
break;
default:
break;
}
+ return ret;
}
TC_INDIRECT_SCOPE int tcf_pedit_act(struct sk_buff *skb,
@@ -370,6 +403,7 @@ TC_INDIRECT_SCOPE int tcf_pedit_act(struct sk_buff *skb,
int hoffset = 0;
u32 *ptr, hdata;
u32 val;
+ int rc;
if (tkey_ex) {
htype = tkey_ex->htype;
@@ -378,7 +412,11 @@ TC_INDIRECT_SCOPE int tcf_pedit_act(struct sk_buff *skb,
tkey_ex++;
}
- pedit_skb_hdr_offset(skb, htype, &hoffset);
+ rc = pedit_skb_hdr_offset(skb, htype, &hoffset);
+ if (rc) {
+ pr_info_ratelimited("tc action pedit unable to extract header offset for header type (0x%x)\n", htype);
+ goto bad;
+ }
if (tkey->offmask) {
u8 *d, _d;
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 128/187] net: renesas: rswitch: Fix timestamp feature after all descriptors are used
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (126 preceding siblings ...)
2023-06-19 10:29 ` [PATCH 6.3 127/187] net/sched: act_pedit: Parse L3 Header for L4 offset Greg Kroah-Hartman
@ 2023-06-19 10:29 ` Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 129/187] octeontx2-af: Fix promiscuous mode Greg Kroah-Hartman
` (70 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Phong Hoang, Yoshihiro Shimoda,
Simon Horman, David S. Miller, Sasha Levin
From: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
[ Upstream commit 0ad4982c520ed87ea7ebfc9381ea1f617ed75364 ]
The timestamp descriptors were intended to act cyclically. Descriptors
from index 0 through gq->ring_size - 1 contain actual information, and
the last index (gq->ring_size) should have LINKFIX to indicate
the first index 0 descriptor. However, the LINKFIX value is missing,
causing the timestamp feature to stop after all descriptors are used.
To resolve this issue, set the LINKFIX to the timestamp descritors.
Reported-by: Phong Hoang <phong.hoang.wz@renesas.com>
Fixes: 33f5d733b589 ("net: renesas: rswitch: Improve TX timestamp accuracy")
Signed-off-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
Reviewed-by: Simon Horman <simon.horman@corigine.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/renesas/rswitch.c | 36 ++++++++++++++++----------
1 file changed, 22 insertions(+), 14 deletions(-)
diff --git a/drivers/net/ethernet/renesas/rswitch.c b/drivers/net/ethernet/renesas/rswitch.c
index 7855d9ef81eb1..66bce799471c1 100644
--- a/drivers/net/ethernet/renesas/rswitch.c
+++ b/drivers/net/ethernet/renesas/rswitch.c
@@ -347,17 +347,6 @@ static int rswitch_gwca_queue_alloc(struct net_device *ndev,
return -ENOMEM;
}
-static int rswitch_gwca_ts_queue_alloc(struct rswitch_private *priv)
-{
- struct rswitch_gwca_queue *gq = &priv->gwca.ts_queue;
-
- gq->ring_size = TS_RING_SIZE;
- gq->ts_ring = dma_alloc_coherent(&priv->pdev->dev,
- sizeof(struct rswitch_ts_desc) *
- (gq->ring_size + 1), &gq->ring_dma, GFP_KERNEL);
- return !gq->ts_ring ? -ENOMEM : 0;
-}
-
static void rswitch_desc_set_dptr(struct rswitch_desc *desc, dma_addr_t addr)
{
desc->dptrl = cpu_to_le32(lower_32_bits(addr));
@@ -533,6 +522,28 @@ static void rswitch_gwca_linkfix_free(struct rswitch_private *priv)
gwca->linkfix_table = NULL;
}
+static int rswitch_gwca_ts_queue_alloc(struct rswitch_private *priv)
+{
+ struct rswitch_gwca_queue *gq = &priv->gwca.ts_queue;
+ struct rswitch_ts_desc *desc;
+
+ gq->ring_size = TS_RING_SIZE;
+ gq->ts_ring = dma_alloc_coherent(&priv->pdev->dev,
+ sizeof(struct rswitch_ts_desc) *
+ (gq->ring_size + 1), &gq->ring_dma, GFP_KERNEL);
+
+ if (!gq->ts_ring)
+ return -ENOMEM;
+
+ rswitch_gwca_ts_queue_fill(priv, 0, TS_RING_SIZE);
+ desc = &gq->ts_ring[gq->ring_size];
+ desc->desc.die_dt = DT_LINKFIX;
+ rswitch_desc_set_dptr(&desc->desc, gq->ring_dma);
+ INIT_LIST_HEAD(&priv->gwca.ts_info_list);
+
+ return 0;
+}
+
static struct rswitch_gwca_queue *rswitch_gwca_get(struct rswitch_private *priv)
{
struct rswitch_gwca_queue *gq;
@@ -1782,9 +1793,6 @@ static int rswitch_init(struct rswitch_private *priv)
if (err < 0)
goto err_ts_queue_alloc;
- rswitch_gwca_ts_queue_fill(priv, 0, TS_RING_SIZE);
- INIT_LIST_HEAD(&priv->gwca.ts_info_list);
-
for (i = 0; i < RSWITCH_NUM_PORTS; i++) {
err = rswitch_device_alloc(priv, i);
if (err < 0) {
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 129/187] octeontx2-af: Fix promiscuous mode
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (127 preceding siblings ...)
2023-06-19 10:29 ` [PATCH 6.3 128/187] net: renesas: rswitch: Fix timestamp feature after all descriptors are used Greg Kroah-Hartman
@ 2023-06-19 10:29 ` Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 130/187] net/sched: taprio: fix slab-out-of-bounds Read in taprio_dequeue_from_txq Greg Kroah-Hartman
` (69 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ratheesh Kannoth, David S. Miller,
Sasha Levin
From: Ratheesh Kannoth <rkannoth@marvell.com>
[ Upstream commit c0e489372a294044feea650b38f38c888eff57a4 ]
CN10KB silicon introduced a new exact match feature,
which is used for DMAC filtering. The state of installed
DMAC filters in this exact match table is getting corrupted
when promiscuous mode is toggled. Fix this by not touching
Exact match related config when promiscuous mode is toggled.
Fixes: 2dba9459d2c9 ("octeontx2-af: Wrapper functions for MAC addr add/del/update/reset")
Signed-off-by: Ratheesh Kannoth <rkannoth@marvell.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../marvell/octeontx2/af/rvu_npc_hash.c | 29 ++-----------------
1 file changed, 2 insertions(+), 27 deletions(-)
diff --git a/drivers/net/ethernet/marvell/octeontx2/af/rvu_npc_hash.c b/drivers/net/ethernet/marvell/octeontx2/af/rvu_npc_hash.c
index 51209119f0f2f..9f11c1e407373 100644
--- a/drivers/net/ethernet/marvell/octeontx2/af/rvu_npc_hash.c
+++ b/drivers/net/ethernet/marvell/octeontx2/af/rvu_npc_hash.c
@@ -1164,10 +1164,8 @@ static u16 __rvu_npc_exact_cmd_rules_cnt_update(struct rvu *rvu, int drop_mcam_i
{
struct npc_exact_table *table;
u16 *cnt, old_cnt;
- bool promisc;
table = rvu->hw->table;
- promisc = table->promisc_mode[drop_mcam_idx];
cnt = &table->cnt_cmd_rules[drop_mcam_idx];
old_cnt = *cnt;
@@ -1179,16 +1177,13 @@ static u16 __rvu_npc_exact_cmd_rules_cnt_update(struct rvu *rvu, int drop_mcam_i
*enable_or_disable_cam = false;
- if (promisc)
- goto done;
-
- /* If all rules are deleted and not already in promisc mode; disable cam */
+ /* If all rules are deleted, disable cam */
if (!*cnt && val < 0) {
*enable_or_disable_cam = true;
goto done;
}
- /* If rule got added and not already in promisc mode; enable cam */
+ /* If rule got added, enable cam */
if (!old_cnt && val > 0) {
*enable_or_disable_cam = true;
goto done;
@@ -1443,7 +1438,6 @@ int rvu_npc_exact_promisc_disable(struct rvu *rvu, u16 pcifunc)
u32 drop_mcam_idx;
bool *promisc;
bool rc;
- u32 cnt;
table = rvu->hw->table;
@@ -1466,17 +1460,8 @@ int rvu_npc_exact_promisc_disable(struct rvu *rvu, u16 pcifunc)
return LMAC_AF_ERR_INVALID_PARAM;
}
*promisc = false;
- cnt = __rvu_npc_exact_cmd_rules_cnt_update(rvu, drop_mcam_idx, 0, NULL);
mutex_unlock(&table->lock);
- /* If no dmac filter entries configured, disable drop rule */
- if (!cnt)
- rvu_npc_enable_mcam_by_entry_index(rvu, drop_mcam_idx, NIX_INTF_RX, false);
- else
- rvu_npc_enable_mcam_by_entry_index(rvu, drop_mcam_idx, NIX_INTF_RX, !*promisc);
-
- dev_dbg(rvu->dev, "%s: disabled promisc mode (cgx=%d lmac=%d, cnt=%d)\n",
- __func__, cgx_id, lmac_id, cnt);
return 0;
}
@@ -1494,7 +1479,6 @@ int rvu_npc_exact_promisc_enable(struct rvu *rvu, u16 pcifunc)
u32 drop_mcam_idx;
bool *promisc;
bool rc;
- u32 cnt;
table = rvu->hw->table;
@@ -1517,17 +1501,8 @@ int rvu_npc_exact_promisc_enable(struct rvu *rvu, u16 pcifunc)
return LMAC_AF_ERR_INVALID_PARAM;
}
*promisc = true;
- cnt = __rvu_npc_exact_cmd_rules_cnt_update(rvu, drop_mcam_idx, 0, NULL);
mutex_unlock(&table->lock);
- /* If no dmac filter entries configured, disable drop rule */
- if (!cnt)
- rvu_npc_enable_mcam_by_entry_index(rvu, drop_mcam_idx, NIX_INTF_RX, false);
- else
- rvu_npc_enable_mcam_by_entry_index(rvu, drop_mcam_idx, NIX_INTF_RX, !*promisc);
-
- dev_dbg(rvu->dev, "%s: Enabled promisc mode (cgx=%d lmac=%d cnt=%d)\n",
- __func__, cgx_id, lmac_id, cnt);
return 0;
}
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 130/187] net/sched: taprio: fix slab-out-of-bounds Read in taprio_dequeue_from_txq
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (128 preceding siblings ...)
2023-06-19 10:29 ` [PATCH 6.3 129/187] octeontx2-af: Fix promiscuous mode Greg Kroah-Hartman
@ 2023-06-19 10:29 ` Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 131/187] net/sched: cls_u32: Fix reference counter leak leading to overflow Greg Kroah-Hartman
` (68 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+04afcb3d2c840447559a,
Zhengchao Shao, Pedro Tammela, David S. Miller, Sasha Levin
From: Zhengchao Shao <shaozhengchao@huawei.com>
[ Upstream commit be3618d9651002cd5ff190dbfc6cf78f03e34e27 ]
As shown in [1], out-of-bounds access occurs in two cases:
1)when the qdisc of the taprio type is used to replace the previously
configured taprio, count and offset in tc_to_txq can be set to 0. In this
case, the value of *txq in taprio_next_tc_txq() will increases
continuously. When the number of accessed queues exceeds the number of
queues on the device, out-of-bounds access occurs.
2)When packets are dequeued, taprio can be deleted. In this case, the tc
rule of dev is cleared. The count and offset values are also set to 0. In
this case, out-of-bounds access is also caused.
Now the restriction on the queue number is added.
[1] https://groups.google.com/g/syzkaller-bugs/c/_lYOKgkBVMg
Fixes: 2f530df76c8c ("net/sched: taprio: give higher priority to higher TCs in software dequeue mode")
Reported-by: syzbot+04afcb3d2c840447559a@syzkaller.appspotmail.com
Signed-off-by: Zhengchao Shao <shaozhengchao@huawei.com>
Tested-by: Pedro Tammela <pctammela@mojatatu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/sched/sch_taprio.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/sched/sch_taprio.c b/net/sched/sch_taprio.c
index a6cf56a969421..7190482b52e05 100644
--- a/net/sched/sch_taprio.c
+++ b/net/sched/sch_taprio.c
@@ -795,6 +795,9 @@ static struct sk_buff *taprio_dequeue_tc_priority(struct Qdisc *sch,
taprio_next_tc_txq(dev, tc, &q->cur_txq[tc]);
+ if (q->cur_txq[tc] >= dev->num_tx_queues)
+ q->cur_txq[tc] = first_txq;
+
if (skb)
return skb;
} while (q->cur_txq[tc] != first_txq);
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 131/187] net/sched: cls_u32: Fix reference counter leak leading to overflow
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (129 preceding siblings ...)
2023-06-19 10:29 ` [PATCH 6.3 130/187] net/sched: taprio: fix slab-out-of-bounds Read in taprio_dequeue_from_txq Greg Kroah-Hartman
@ 2023-06-19 10:29 ` Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 132/187] wifi: mac80211: fix link activation settings order Greg Kroah-Hartman
` (67 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Eric Dumazet, Lee Jones,
Jamal Hadi Salim, David S. Miller, Sasha Levin
From: Lee Jones <lee@kernel.org>
[ Upstream commit 04c55383fa5689357bcdd2c8036725a55ed632bc ]
In the event of a failure in tcf_change_indev(), u32_set_parms() will
immediately return without decrementing the recently incremented
reference counter. If this happens enough times, the counter will
rollover and the reference freed, leading to a double free which can be
used to do 'bad things'.
In order to prevent this, move the point of possible failure above the
point where the reference counter is incremented. Also save any
meaningful return values to be applied to the return data at the
appropriate point in time.
This issue was caught with KASAN.
Fixes: 705c7091262d ("net: sched: cls_u32: no need to call tcf_exts_change for newly allocated struct")
Suggested-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Lee Jones <lee@kernel.org>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Acked-by: Jamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/sched/cls_u32.c | 18 ++++++++++--------
1 file changed, 10 insertions(+), 8 deletions(-)
diff --git a/net/sched/cls_u32.c b/net/sched/cls_u32.c
index 4e2e269f121f8..d15d50de79802 100644
--- a/net/sched/cls_u32.c
+++ b/net/sched/cls_u32.c
@@ -718,13 +718,19 @@ static int u32_set_parms(struct net *net, struct tcf_proto *tp,
struct nlattr *est, u32 flags, u32 fl_flags,
struct netlink_ext_ack *extack)
{
- int err;
+ int err, ifindex = -1;
err = tcf_exts_validate_ex(net, tp, tb, est, &n->exts, flags,
fl_flags, extack);
if (err < 0)
return err;
+ if (tb[TCA_U32_INDEV]) {
+ ifindex = tcf_change_indev(net, tb[TCA_U32_INDEV], extack);
+ if (ifindex < 0)
+ return -EINVAL;
+ }
+
if (tb[TCA_U32_LINK]) {
u32 handle = nla_get_u32(tb[TCA_U32_LINK]);
struct tc_u_hnode *ht_down = NULL, *ht_old;
@@ -759,13 +765,9 @@ static int u32_set_parms(struct net *net, struct tcf_proto *tp,
tcf_bind_filter(tp, &n->res, base);
}
- if (tb[TCA_U32_INDEV]) {
- int ret;
- ret = tcf_change_indev(net, tb[TCA_U32_INDEV], extack);
- if (ret < 0)
- return -EINVAL;
- n->ifindex = ret;
- }
+ if (ifindex >= 0)
+ n->ifindex = ifindex;
+
return 0;
}
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 132/187] wifi: mac80211: fix link activation settings order
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (130 preceding siblings ...)
2023-06-19 10:29 ` [PATCH 6.3 131/187] net/sched: cls_u32: Fix reference counter leak leading to overflow Greg Kroah-Hartman
@ 2023-06-19 10:29 ` Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 133/187] wifi: cfg80211: fix link del callback to call correct handler Greg Kroah-Hartman
` (66 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Johannes Berg, Gregory Greenman,
Sasha Levin
From: Johannes Berg <johannes.berg@intel.com>
[ Upstream commit 01605ad6c3e8608d7e147c9b75d67eb8a3d27d88 ]
In the normal MLME code we always call
ieee80211_mgd_set_link_qos_params() before
ieee80211_link_info_change_notify() and some drivers,
notably iwlwifi, rely on that as they don't do anything
(but store the data) in their conf_tx.
Fix the order here to be the same as in the normal code
paths, so this isn't broken.
Fixes: 3d9011029227 ("wifi: mac80211: implement link switching")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230608163202.a2a86bba2f80.Iac97e04827966d22161e63bb6e201b4061e9651b@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/mac80211/link.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/mac80211/link.c b/net/mac80211/link.c
index 8c8869cc1fb4c..aab4d7b4def24 100644
--- a/net/mac80211/link.c
+++ b/net/mac80211/link.c
@@ -2,7 +2,7 @@
/*
* MLO link handling
*
- * Copyright (C) 2022 Intel Corporation
+ * Copyright (C) 2022-2023 Intel Corporation
*/
#include <linux/slab.h>
#include <linux/kernel.h>
@@ -404,6 +404,7 @@ static int _ieee80211_set_active_links(struct ieee80211_sub_if_data *sdata,
IEEE80211_CHANCTX_SHARED);
WARN_ON_ONCE(ret);
+ ieee80211_mgd_set_link_qos_params(link);
ieee80211_link_info_change_notify(sdata, link,
BSS_CHANGED_ERP_CTS_PROT |
BSS_CHANGED_ERP_PREAMBLE |
@@ -418,7 +419,6 @@ static int _ieee80211_set_active_links(struct ieee80211_sub_if_data *sdata,
BSS_CHANGED_TWT |
BSS_CHANGED_HE_OBSS_PD |
BSS_CHANGED_HE_BSS_COLOR);
- ieee80211_mgd_set_link_qos_params(link);
}
old_active = sdata->vif.active_links;
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 133/187] wifi: cfg80211: fix link del callback to call correct handler
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (131 preceding siblings ...)
2023-06-19 10:29 ` [PATCH 6.3 132/187] wifi: mac80211: fix link activation settings order Greg Kroah-Hartman
@ 2023-06-19 10:29 ` Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 134/187] wifi: mac80211: take lock before setting vif links Greg Kroah-Hartman
` (65 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Benjamin Berg, Gregory Greenman,
Johannes Berg, Sasha Levin
From: Benjamin Berg <benjamin.berg@intel.com>
[ Upstream commit 1ff56684fa8682bdfbbce4e12cf67ab23cb1db05 ]
The wrapper function was incorrectly calling the add handler instead of
the del handler. This had no negative side effect as the default
handlers are essentially identical.
Fixes: f2a0290b2df2 ("wifi: cfg80211: add optional link add/remove callbacks")
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230608163202.ebd00e000459.Iaff7dc8d1cdecf77f53ea47a0e5080caa36ea02a@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/wireless/rdev-ops.h | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/net/wireless/rdev-ops.h b/net/wireless/rdev-ops.h
index 13b209a8db287..ee853a14a02de 100644
--- a/net/wireless/rdev-ops.h
+++ b/net/wireless/rdev-ops.h
@@ -2,7 +2,7 @@
/*
* Portions of this file
* Copyright(c) 2016-2017 Intel Deutschland GmbH
- * Copyright (C) 2018, 2021-2022 Intel Corporation
+ * Copyright (C) 2018, 2021-2023 Intel Corporation
*/
#ifndef __CFG80211_RDEV_OPS
#define __CFG80211_RDEV_OPS
@@ -1441,8 +1441,8 @@ rdev_del_intf_link(struct cfg80211_registered_device *rdev,
unsigned int link_id)
{
trace_rdev_del_intf_link(&rdev->wiphy, wdev, link_id);
- if (rdev->ops->add_intf_link)
- rdev->ops->add_intf_link(&rdev->wiphy, wdev, link_id);
+ if (rdev->ops->del_intf_link)
+ rdev->ops->del_intf_link(&rdev->wiphy, wdev, link_id);
trace_rdev_return_void(&rdev->wiphy);
}
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 134/187] wifi: mac80211: take lock before setting vif links
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (132 preceding siblings ...)
2023-06-19 10:29 ` [PATCH 6.3 133/187] wifi: cfg80211: fix link del callback to call correct handler Greg Kroah-Hartman
@ 2023-06-19 10:29 ` Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 135/187] RDMA/rxe: Fix the use-before-initialization error of resp_pkts Greg Kroah-Hartman
` (64 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Benjamin Berg, Gregory Greenman,
Johannes Berg, Sasha Levin
From: Benjamin Berg <benjamin.berg@intel.com>
[ Upstream commit 15846f95ab01b71fdb1cef8df73680aad41edf70 ]
ieee80211_vif_set_links requires the sdata->local->mtx lock to be held.
Add the appropriate locking around the calls in both the link add and
remove handlers.
This causes a warning when e.g. ieee80211_link_release_channel is called
via ieee80211_link_stop from ieee80211_vif_update_links.
Fixes: 0d8c4a3c8688 ("wifi: mac80211: implement add/del interface link callbacks")
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230608163202.fa0c6597fdad.I83dd70359f6cda30f86df8418d929c2064cf4995@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/mac80211/cfg.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
index 5ddbe0c8cfaa1..2c4689a1bf064 100644
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -4778,11 +4778,16 @@ static int ieee80211_add_intf_link(struct wiphy *wiphy,
unsigned int link_id)
{
struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
+ int res;
if (wdev->use_4addr)
return -EOPNOTSUPP;
- return ieee80211_vif_set_links(sdata, wdev->valid_links);
+ mutex_lock(&sdata->local->mtx);
+ res = ieee80211_vif_set_links(sdata, wdev->valid_links);
+ mutex_unlock(&sdata->local->mtx);
+
+ return res;
}
static void ieee80211_del_intf_link(struct wiphy *wiphy,
@@ -4791,7 +4796,9 @@ static void ieee80211_del_intf_link(struct wiphy *wiphy,
{
struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
+ mutex_lock(&sdata->local->mtx);
ieee80211_vif_set_links(sdata, wdev->valid_links);
+ mutex_unlock(&sdata->local->mtx);
}
static int sta_add_link_station(struct ieee80211_local *local,
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 135/187] RDMA/rxe: Fix the use-before-initialization error of resp_pkts
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (133 preceding siblings ...)
2023-06-19 10:29 ` [PATCH 6.3 134/187] wifi: mac80211: take lock before setting vif links Greg Kroah-Hartman
@ 2023-06-19 10:29 ` Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 136/187] iavf: remove mask from iavf_irq_enable_queues() Greg Kroah-Hartman
` (63 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+eba589d8f49c73d356da,
Zhu Yanjun, Jason Gunthorpe, Sasha Levin
From: Zhu Yanjun <yanjun.zhu@linux.dev>
[ Upstream commit 2a62b6210ce876c596086ab8fd4c8a0c3d10611a ]
In the following:
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xd9/0x150 lib/dump_stack.c:106
assign_lock_key kernel/locking/lockdep.c:982 [inline]
register_lock_class+0xdb6/0x1120 kernel/locking/lockdep.c:1295
__lock_acquire+0x10a/0x5df0 kernel/locking/lockdep.c:4951
lock_acquire kernel/locking/lockdep.c:5691 [inline]
lock_acquire+0x1b1/0x520 kernel/locking/lockdep.c:5656
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x3d/0x60 kernel/locking/spinlock.c:162
skb_dequeue+0x20/0x180 net/core/skbuff.c:3639
drain_resp_pkts drivers/infiniband/sw/rxe/rxe_comp.c:555 [inline]
rxe_completer+0x250d/0x3cc0 drivers/infiniband/sw/rxe/rxe_comp.c:652
rxe_qp_do_cleanup+0x1be/0x820 drivers/infiniband/sw/rxe/rxe_qp.c:761
execute_in_process_context+0x3b/0x150 kernel/workqueue.c:3473
__rxe_cleanup+0x21e/0x370 drivers/infiniband/sw/rxe/rxe_pool.c:233
rxe_create_qp+0x3f6/0x5f0 drivers/infiniband/sw/rxe/rxe_verbs.c:583
This is a use-before-initialization problem.
It happens because rxe_qp_do_cleanup is called during error unwind before
the struct has been fully initialized.
Move the initialization of the skb earlier.
Fixes: 8700e3e7c485 ("Soft RoCE driver")
Link: https://lore.kernel.org/r/20230602035408.741534-1-yanjun.zhu@intel.com
Reported-by: syzbot+eba589d8f49c73d356da@syzkaller.appspotmail.com
Signed-off-by: Zhu Yanjun <yanjun.zhu@linux.dev>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/sw/rxe/rxe_qp.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/drivers/infiniband/sw/rxe/rxe_qp.c b/drivers/infiniband/sw/rxe/rxe_qp.c
index d5de5ba6940f1..94a7f5ebc6292 100644
--- a/drivers/infiniband/sw/rxe/rxe_qp.c
+++ b/drivers/infiniband/sw/rxe/rxe_qp.c
@@ -176,6 +176,9 @@ static void rxe_qp_init_misc(struct rxe_dev *rxe, struct rxe_qp *qp,
spin_lock_init(&qp->rq.producer_lock);
spin_lock_init(&qp->rq.consumer_lock);
+ skb_queue_head_init(&qp->req_pkts);
+ skb_queue_head_init(&qp->resp_pkts);
+
atomic_set(&qp->ssn, 0);
atomic_set(&qp->skb_out, 0);
}
@@ -236,8 +239,6 @@ static int rxe_qp_init_req(struct rxe_dev *rxe, struct rxe_qp *qp,
qp->req.opcode = -1;
qp->comp.opcode = -1;
- skb_queue_head_init(&qp->req_pkts);
-
rxe_init_task(&qp->req.task, qp, rxe_requester);
rxe_init_task(&qp->comp.task, qp, rxe_completer);
@@ -281,8 +282,6 @@ static int rxe_qp_init_resp(struct rxe_dev *rxe, struct rxe_qp *qp,
}
}
- skb_queue_head_init(&qp->resp_pkts);
-
rxe_init_task(&qp->resp.task, qp, rxe_responder);
qp->resp.opcode = OPCODE_NONE;
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 136/187] iavf: remove mask from iavf_irq_enable_queues()
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (134 preceding siblings ...)
2023-06-19 10:29 ` [PATCH 6.3 135/187] RDMA/rxe: Fix the use-before-initialization error of resp_pkts Greg Kroah-Hartman
@ 2023-06-19 10:29 ` Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 137/187] octeontx2-af: fixed resource availability check Greg Kroah-Hartman
` (62 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ahmed Zaki, Rafal Romanowski,
Simon Horman, Maciej Fijalkowski, Tony Nguyen, Jakub Kicinski,
Sasha Levin
From: Ahmed Zaki <ahmed.zaki@intel.com>
[ Upstream commit c37cf54c12cfaa51e7aaf88708167b0d3259e64e ]
Enable more than 32 IRQs by removing the u32 bit mask in
iavf_irq_enable_queues(). There is no need for the mask as there are no
callers that select individual IRQs through the bitmask. Also, if the PF
allocates more than 32 IRQs, this mask will prevent us from using all of
them.
Modify the comment in iavf_register.h to show that the maximum number
allowed for the IRQ index is 63 as per the iAVF standard 1.0 [1].
link: [1] https://www.intel.com/content/dam/www/public/us/en/documents/product-specifications/ethernet-adaptive-virtual-function-hardware-spec.pdf
Fixes: 5eae00c57f5e ("i40evf: main driver core")
Signed-off-by: Ahmed Zaki <ahmed.zaki@intel.com>
Tested-by: Rafal Romanowski <rafal.romanowski@intel.com>
Reviewed-by: Simon Horman <simon.horman@corigine.com>
Reviewed-by: Maciej Fijalkowski <maciej.fijalkowski@intel.com>
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Link: https://lore.kernel.org/r/20230608200226.451861-1-anthony.l.nguyen@intel.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/intel/iavf/iavf.h | 2 +-
drivers/net/ethernet/intel/iavf/iavf_main.c | 15 ++++++---------
drivers/net/ethernet/intel/iavf/iavf_register.h | 2 +-
3 files changed, 8 insertions(+), 11 deletions(-)
diff --git a/drivers/net/ethernet/intel/iavf/iavf.h b/drivers/net/ethernet/intel/iavf/iavf.h
index 746ff76f2fb1e..0615bb2b3c33b 100644
--- a/drivers/net/ethernet/intel/iavf/iavf.h
+++ b/drivers/net/ethernet/intel/iavf/iavf.h
@@ -526,7 +526,7 @@ void iavf_set_ethtool_ops(struct net_device *netdev);
void iavf_update_stats(struct iavf_adapter *adapter);
void iavf_reset_interrupt_capability(struct iavf_adapter *adapter);
int iavf_init_interrupt_scheme(struct iavf_adapter *adapter);
-void iavf_irq_enable_queues(struct iavf_adapter *adapter, u32 mask);
+void iavf_irq_enable_queues(struct iavf_adapter *adapter);
void iavf_free_all_tx_resources(struct iavf_adapter *adapter);
void iavf_free_all_rx_resources(struct iavf_adapter *adapter);
diff --git a/drivers/net/ethernet/intel/iavf/iavf_main.c b/drivers/net/ethernet/intel/iavf/iavf_main.c
index 2de4baff4c205..4a66873882d12 100644
--- a/drivers/net/ethernet/intel/iavf/iavf_main.c
+++ b/drivers/net/ethernet/intel/iavf/iavf_main.c
@@ -359,21 +359,18 @@ static void iavf_irq_disable(struct iavf_adapter *adapter)
}
/**
- * iavf_irq_enable_queues - Enable interrupt for specified queues
+ * iavf_irq_enable_queues - Enable interrupt for all queues
* @adapter: board private structure
- * @mask: bitmap of queues to enable
**/
-void iavf_irq_enable_queues(struct iavf_adapter *adapter, u32 mask)
+void iavf_irq_enable_queues(struct iavf_adapter *adapter)
{
struct iavf_hw *hw = &adapter->hw;
int i;
for (i = 1; i < adapter->num_msix_vectors; i++) {
- if (mask & BIT(i - 1)) {
- wr32(hw, IAVF_VFINT_DYN_CTLN1(i - 1),
- IAVF_VFINT_DYN_CTLN1_INTENA_MASK |
- IAVF_VFINT_DYN_CTLN1_ITR_INDX_MASK);
- }
+ wr32(hw, IAVF_VFINT_DYN_CTLN1(i - 1),
+ IAVF_VFINT_DYN_CTLN1_INTENA_MASK |
+ IAVF_VFINT_DYN_CTLN1_ITR_INDX_MASK);
}
}
@@ -387,7 +384,7 @@ void iavf_irq_enable(struct iavf_adapter *adapter, bool flush)
struct iavf_hw *hw = &adapter->hw;
iavf_misc_irq_enable(adapter);
- iavf_irq_enable_queues(adapter, ~0);
+ iavf_irq_enable_queues(adapter);
if (flush)
iavf_flush(hw);
diff --git a/drivers/net/ethernet/intel/iavf/iavf_register.h b/drivers/net/ethernet/intel/iavf/iavf_register.h
index bf793332fc9d5..a19e88898a0bb 100644
--- a/drivers/net/ethernet/intel/iavf/iavf_register.h
+++ b/drivers/net/ethernet/intel/iavf/iavf_register.h
@@ -40,7 +40,7 @@
#define IAVF_VFINT_DYN_CTL01_INTENA_MASK IAVF_MASK(0x1, IAVF_VFINT_DYN_CTL01_INTENA_SHIFT)
#define IAVF_VFINT_DYN_CTL01_ITR_INDX_SHIFT 3
#define IAVF_VFINT_DYN_CTL01_ITR_INDX_MASK IAVF_MASK(0x3, IAVF_VFINT_DYN_CTL01_ITR_INDX_SHIFT)
-#define IAVF_VFINT_DYN_CTLN1(_INTVF) (0x00003800 + ((_INTVF) * 4)) /* _i=0...15 */ /* Reset: VFR */
+#define IAVF_VFINT_DYN_CTLN1(_INTVF) (0x00003800 + ((_INTVF) * 4)) /* _i=0...63 */ /* Reset: VFR */
#define IAVF_VFINT_DYN_CTLN1_INTENA_SHIFT 0
#define IAVF_VFINT_DYN_CTLN1_INTENA_MASK IAVF_MASK(0x1, IAVF_VFINT_DYN_CTLN1_INTENA_SHIFT)
#define IAVF_VFINT_DYN_CTLN1_SWINT_TRIG_SHIFT 2
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 137/187] octeontx2-af: fixed resource availability check
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (135 preceding siblings ...)
2023-06-19 10:29 ` [PATCH 6.3 136/187] iavf: remove mask from iavf_irq_enable_queues() Greg Kroah-Hartman
@ 2023-06-19 10:29 ` Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 138/187] octeontx2-af: fix lbk link credits on cn10k Greg Kroah-Hartman
` (61 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Satha Rao, Sunil Kovvuri Goutham,
Naveen Mamindlapalli, Sridhar Samudrala, David S. Miller,
Sasha Levin
From: Satha Rao <skoteshwar@marvell.com>
[ Upstream commit 4e635f9d86165e47f5440196f2ebdb258efb8341 ]
txschq_alloc response have two different arrays to store continuous
and non-continuous schedulers of each level. Requested count should
be checked for each array separately.
Fixes: 5d9b976d4480 ("octeontx2-af: Support fixed transmit scheduler topology")
Signed-off-by: Satha Rao <skoteshwar@marvell.com>
Signed-off-by: Sunil Kovvuri Goutham <sgoutham@marvell.com>
Signed-off-by: Naveen Mamindlapalli <naveenm@marvell.com>
Reviewed-by: Sridhar Samudrala <sridhar.samudrala@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/marvell/octeontx2/af/rvu_nix.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/marvell/octeontx2/af/rvu_nix.c b/drivers/net/ethernet/marvell/octeontx2/af/rvu_nix.c
index 4ad707e758b9f..1e058b96cbe27 100644
--- a/drivers/net/ethernet/marvell/octeontx2/af/rvu_nix.c
+++ b/drivers/net/ethernet/marvell/octeontx2/af/rvu_nix.c
@@ -1878,7 +1878,8 @@ static int nix_check_txschq_alloc_req(struct rvu *rvu, int lvl, u16 pcifunc,
free_cnt = rvu_rsrc_free_count(&txsch->schq);
}
- if (free_cnt < req_schq || req_schq > MAX_TXSCHQ_PER_FUNC)
+ if (free_cnt < req_schq || req->schq[lvl] > MAX_TXSCHQ_PER_FUNC ||
+ req->schq_contig[lvl] > MAX_TXSCHQ_PER_FUNC)
return NIX_AF_ERR_TLX_ALLOC_FAIL;
/* If contiguous queues are needed, check for availability */
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 138/187] octeontx2-af: fix lbk link credits on cn10k
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (136 preceding siblings ...)
2023-06-19 10:29 ` [PATCH 6.3 137/187] octeontx2-af: fixed resource availability check Greg Kroah-Hartman
@ 2023-06-19 10:29 ` Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 139/187] RDMA/mlx5: Initiate dropless RQ for RAW Ethernet functions Greg Kroah-Hartman
` (60 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Nithin Dabilpuram,
Naveen Mamindlapalli, Sridhar Samudrala, David S. Miller,
Sasha Levin
From: Nithin Dabilpuram <ndabilpuram@marvell.com>
[ Upstream commit 87e12a17eef476bbf768dc3a74419ad461f36fbc ]
Fix LBK link credits on CN10K to be same as CN9K i.e
16 * MAX_LBK_DATA_RATE instead of current scheme of
calculation based on LBK buf length / FIFO size.
Fixes: 6e54e1c5399a ("octeontx2-af: cn10K: Add MTU configuration")
Signed-off-by: Nithin Dabilpuram <ndabilpuram@marvell.com>
Signed-off-by: Naveen Mamindlapalli <naveenm@marvell.com>
Reviewed-by: Sridhar Samudrala <sridhar.samudrala@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/marvell/octeontx2/af/rvu_nix.c | 4 ----
1 file changed, 4 deletions(-)
diff --git a/drivers/net/ethernet/marvell/octeontx2/af/rvu_nix.c b/drivers/net/ethernet/marvell/octeontx2/af/rvu_nix.c
index 1e058b96cbe27..f01d057ad025a 100644
--- a/drivers/net/ethernet/marvell/octeontx2/af/rvu_nix.c
+++ b/drivers/net/ethernet/marvell/octeontx2/af/rvu_nix.c
@@ -4081,10 +4081,6 @@ int rvu_mbox_handler_nix_set_rx_cfg(struct rvu *rvu, struct nix_rx_cfg *req,
static u64 rvu_get_lbk_link_credits(struct rvu *rvu, u16 lbk_max_frs)
{
- /* CN10k supports 72KB FIFO size and max packet size of 64k */
- if (rvu->hw->lbk_bufsize == 0x12000)
- return (rvu->hw->lbk_bufsize - lbk_max_frs) / 16;
-
return 1600; /* 16 * max LBK datarate = 16 * 100Gbps */
}
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 139/187] RDMA/mlx5: Initiate dropless RQ for RAW Ethernet functions
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (137 preceding siblings ...)
2023-06-19 10:29 ` [PATCH 6.3 138/187] octeontx2-af: fix lbk link credits on cn10k Greg Kroah-Hartman
@ 2023-06-19 10:29 ` Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 140/187] RDMA/mlx5: Create an indirect flow table for steering anchor Greg Kroah-Hartman
` (59 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Maher Sanalla, Maor Gottlieb,
Leon Romanovsky, Sasha Levin
From: Maher Sanalla <msanalla@nvidia.com>
[ Upstream commit ee4d269eccfea6c17b18281bef482700d898e86f ]
Delay drop data is initiated for PFs that have the capability of
rq_delay_drop and are in roce profile.
However, PFs with RAW ethernet profile do not initiate delay drop data
on function load, causing kernel panic if delay drop struct members are
accessed later on in case a dropless RQ is created.
Thus, stage the delay drop initialization as part of RAW ethernet
PF loading process.
Fixes: b5ca15ad7e61 ("IB/mlx5: Add proper representors support")
Signed-off-by: Maher Sanalla <msanalla@nvidia.com>
Reviewed-by: Maor Gottlieb <maorg@nvidia.com>
Link: https://lore.kernel.org/r/2e9d386785043d48c38711826eb910315c1de141.1685960567.git.leon@kernel.org
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/hw/mlx5/main.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/infiniband/hw/mlx5/main.c b/drivers/infiniband/hw/mlx5/main.c
index 5d45de223c43a..f0b394ed7452a 100644
--- a/drivers/infiniband/hw/mlx5/main.c
+++ b/drivers/infiniband/hw/mlx5/main.c
@@ -4275,6 +4275,9 @@ const struct mlx5_ib_profile raw_eth_profile = {
STAGE_CREATE(MLX5_IB_STAGE_POST_IB_REG_UMR,
mlx5_ib_stage_post_ib_reg_umr_init,
NULL),
+ STAGE_CREATE(MLX5_IB_STAGE_DELAY_DROP,
+ mlx5_ib_stage_delay_drop_init,
+ mlx5_ib_stage_delay_drop_cleanup),
STAGE_CREATE(MLX5_IB_STAGE_RESTRACK,
mlx5_ib_restrack_init,
NULL),
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 140/187] RDMA/mlx5: Create an indirect flow table for steering anchor
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (138 preceding siblings ...)
2023-06-19 10:29 ` [PATCH 6.3 139/187] RDMA/mlx5: Initiate dropless RQ for RAW Ethernet functions Greg Kroah-Hartman
@ 2023-06-19 10:29 ` Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 141/187] RDMA/cma: Always set static rate to 0 for RoCE Greg Kroah-Hartman
` (58 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mark Bloch, Maor Gottlieb,
Leon Romanovsky, Sasha Levin
From: Mark Bloch <mbloch@nvidia.com>
[ Upstream commit e1f4a52ac171dd863fe89055e749ef5e0a0bc5ce ]
A misbehaved user can create a steering anchor that points to a kernel
flow table and then destroy the anchor without freeing the associated
STC. This creates a problem as the kernel can't destroy the flow
table since there is still a reference to it. As a result, this can
exhaust all available flow table resources, preventing other users from
using the RDMA device.
To prevent this problem, a solution is implemented where a special flow
table with two steering rules is created when a user creates a steering
anchor for the first time. The rules include one that drops all traffic
and another that points to the kernel flow table. If the steering anchor
is destroyed, only the rule pointing to the kernel's flow table is removed.
Any traffic reaching the special flow table after that is dropped.
Since the special flow table is not destroyed when the steering anchor is
destroyed, any issues are prevented from occurring. The remaining resources
are only destroyed when the RDMA device is destroyed, which happens after
all DEVX objects are freed, including the STCs, thus mitigating the issue.
Fixes: 0c6ab0ca9a66 ("RDMA/mlx5: Expose steering anchor to userspace")
Signed-off-by: Mark Bloch <mbloch@nvidia.com>
Reviewed-by: Maor Gottlieb <maorg@nvidia.com>
Link: https://lore.kernel.org/r/b4a88a871d651fa4e8f98d552553c1cfe9ba2cd6.1685960567.git.leon@kernel.org
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/hw/mlx5/fs.c | 276 ++++++++++++++++++++++++++-
drivers/infiniband/hw/mlx5/fs.h | 16 ++
drivers/infiniband/hw/mlx5/mlx5_ib.h | 11 ++
3 files changed, 296 insertions(+), 7 deletions(-)
diff --git a/drivers/infiniband/hw/mlx5/fs.c b/drivers/infiniband/hw/mlx5/fs.c
index 3008632a6c206..1e419e080b535 100644
--- a/drivers/infiniband/hw/mlx5/fs.c
+++ b/drivers/infiniband/hw/mlx5/fs.c
@@ -695,8 +695,6 @@ static struct mlx5_ib_flow_prio *_get_prio(struct mlx5_ib_dev *dev,
struct mlx5_flow_table_attr ft_attr = {};
struct mlx5_flow_table *ft;
- if (mlx5_ib_shared_ft_allowed(&dev->ib_dev))
- ft_attr.uid = MLX5_SHARED_RESOURCE_UID;
ft_attr.prio = priority;
ft_attr.max_fte = num_entries;
ft_attr.flags = flags;
@@ -2025,6 +2023,237 @@ static int flow_matcher_cleanup(struct ib_uobject *uobject,
return 0;
}
+static int steering_anchor_create_ft(struct mlx5_ib_dev *dev,
+ struct mlx5_ib_flow_prio *ft_prio,
+ enum mlx5_flow_namespace_type ns_type)
+{
+ struct mlx5_flow_table_attr ft_attr = {};
+ struct mlx5_flow_namespace *ns;
+ struct mlx5_flow_table *ft;
+
+ if (ft_prio->anchor.ft)
+ return 0;
+
+ ns = mlx5_get_flow_namespace(dev->mdev, ns_type);
+ if (!ns)
+ return -EOPNOTSUPP;
+
+ ft_attr.flags = MLX5_FLOW_TABLE_UNMANAGED;
+ ft_attr.uid = MLX5_SHARED_RESOURCE_UID;
+ ft_attr.prio = 0;
+ ft_attr.max_fte = 2;
+ ft_attr.level = 1;
+
+ ft = mlx5_create_flow_table(ns, &ft_attr);
+ if (IS_ERR(ft))
+ return PTR_ERR(ft);
+
+ ft_prio->anchor.ft = ft;
+
+ return 0;
+}
+
+static void steering_anchor_destroy_ft(struct mlx5_ib_flow_prio *ft_prio)
+{
+ if (ft_prio->anchor.ft) {
+ mlx5_destroy_flow_table(ft_prio->anchor.ft);
+ ft_prio->anchor.ft = NULL;
+ }
+}
+
+static int
+steering_anchor_create_fg_drop(struct mlx5_ib_flow_prio *ft_prio)
+{
+ int inlen = MLX5_ST_SZ_BYTES(create_flow_group_in);
+ struct mlx5_flow_group *fg;
+ void *flow_group_in;
+ int err = 0;
+
+ if (ft_prio->anchor.fg_drop)
+ return 0;
+
+ flow_group_in = kvzalloc(inlen, GFP_KERNEL);
+ if (!flow_group_in)
+ return -ENOMEM;
+
+ MLX5_SET(create_flow_group_in, flow_group_in, start_flow_index, 1);
+ MLX5_SET(create_flow_group_in, flow_group_in, end_flow_index, 1);
+
+ fg = mlx5_create_flow_group(ft_prio->anchor.ft, flow_group_in);
+ if (IS_ERR(fg)) {
+ err = PTR_ERR(fg);
+ goto out;
+ }
+
+ ft_prio->anchor.fg_drop = fg;
+
+out:
+ kvfree(flow_group_in);
+
+ return err;
+}
+
+static void
+steering_anchor_destroy_fg_drop(struct mlx5_ib_flow_prio *ft_prio)
+{
+ if (ft_prio->anchor.fg_drop) {
+ mlx5_destroy_flow_group(ft_prio->anchor.fg_drop);
+ ft_prio->anchor.fg_drop = NULL;
+ }
+}
+
+static int
+steering_anchor_create_fg_goto_table(struct mlx5_ib_flow_prio *ft_prio)
+{
+ int inlen = MLX5_ST_SZ_BYTES(create_flow_group_in);
+ struct mlx5_flow_group *fg;
+ void *flow_group_in;
+ int err = 0;
+
+ if (ft_prio->anchor.fg_goto_table)
+ return 0;
+
+ flow_group_in = kvzalloc(inlen, GFP_KERNEL);
+ if (!flow_group_in)
+ return -ENOMEM;
+
+ fg = mlx5_create_flow_group(ft_prio->anchor.ft, flow_group_in);
+ if (IS_ERR(fg)) {
+ err = PTR_ERR(fg);
+ goto out;
+ }
+ ft_prio->anchor.fg_goto_table = fg;
+
+out:
+ kvfree(flow_group_in);
+
+ return err;
+}
+
+static void
+steering_anchor_destroy_fg_goto_table(struct mlx5_ib_flow_prio *ft_prio)
+{
+ if (ft_prio->anchor.fg_goto_table) {
+ mlx5_destroy_flow_group(ft_prio->anchor.fg_goto_table);
+ ft_prio->anchor.fg_goto_table = NULL;
+ }
+}
+
+static int
+steering_anchor_create_rule_drop(struct mlx5_ib_flow_prio *ft_prio)
+{
+ struct mlx5_flow_act flow_act = {};
+ struct mlx5_flow_handle *handle;
+
+ if (ft_prio->anchor.rule_drop)
+ return 0;
+
+ flow_act.fg = ft_prio->anchor.fg_drop;
+ flow_act.action = MLX5_FLOW_CONTEXT_ACTION_DROP;
+
+ handle = mlx5_add_flow_rules(ft_prio->anchor.ft, NULL, &flow_act,
+ NULL, 0);
+ if (IS_ERR(handle))
+ return PTR_ERR(handle);
+
+ ft_prio->anchor.rule_drop = handle;
+
+ return 0;
+}
+
+static void steering_anchor_destroy_rule_drop(struct mlx5_ib_flow_prio *ft_prio)
+{
+ if (ft_prio->anchor.rule_drop) {
+ mlx5_del_flow_rules(ft_prio->anchor.rule_drop);
+ ft_prio->anchor.rule_drop = NULL;
+ }
+}
+
+static int
+steering_anchor_create_rule_goto_table(struct mlx5_ib_flow_prio *ft_prio)
+{
+ struct mlx5_flow_destination dest = {};
+ struct mlx5_flow_act flow_act = {};
+ struct mlx5_flow_handle *handle;
+
+ if (ft_prio->anchor.rule_goto_table)
+ return 0;
+
+ flow_act.action = MLX5_FLOW_CONTEXT_ACTION_FWD_DEST;
+ flow_act.flags |= FLOW_ACT_IGNORE_FLOW_LEVEL;
+ flow_act.fg = ft_prio->anchor.fg_goto_table;
+
+ dest.type = MLX5_FLOW_DESTINATION_TYPE_FLOW_TABLE;
+ dest.ft = ft_prio->flow_table;
+
+ handle = mlx5_add_flow_rules(ft_prio->anchor.ft, NULL, &flow_act,
+ &dest, 1);
+ if (IS_ERR(handle))
+ return PTR_ERR(handle);
+
+ ft_prio->anchor.rule_goto_table = handle;
+
+ return 0;
+}
+
+static void
+steering_anchor_destroy_rule_goto_table(struct mlx5_ib_flow_prio *ft_prio)
+{
+ if (ft_prio->anchor.rule_goto_table) {
+ mlx5_del_flow_rules(ft_prio->anchor.rule_goto_table);
+ ft_prio->anchor.rule_goto_table = NULL;
+ }
+}
+
+static int steering_anchor_create_res(struct mlx5_ib_dev *dev,
+ struct mlx5_ib_flow_prio *ft_prio,
+ enum mlx5_flow_namespace_type ns_type)
+{
+ int err;
+
+ err = steering_anchor_create_ft(dev, ft_prio, ns_type);
+ if (err)
+ return err;
+
+ err = steering_anchor_create_fg_drop(ft_prio);
+ if (err)
+ goto destroy_ft;
+
+ err = steering_anchor_create_fg_goto_table(ft_prio);
+ if (err)
+ goto destroy_fg_drop;
+
+ err = steering_anchor_create_rule_drop(ft_prio);
+ if (err)
+ goto destroy_fg_goto_table;
+
+ err = steering_anchor_create_rule_goto_table(ft_prio);
+ if (err)
+ goto destroy_rule_drop;
+
+ return 0;
+
+destroy_rule_drop:
+ steering_anchor_destroy_rule_drop(ft_prio);
+destroy_fg_goto_table:
+ steering_anchor_destroy_fg_goto_table(ft_prio);
+destroy_fg_drop:
+ steering_anchor_destroy_fg_drop(ft_prio);
+destroy_ft:
+ steering_anchor_destroy_ft(ft_prio);
+
+ return err;
+}
+
+static void mlx5_steering_anchor_destroy_res(struct mlx5_ib_flow_prio *ft_prio)
+{
+ steering_anchor_destroy_rule_goto_table(ft_prio);
+ steering_anchor_destroy_rule_drop(ft_prio);
+ steering_anchor_destroy_fg_goto_table(ft_prio);
+ steering_anchor_destroy_fg_drop(ft_prio);
+ steering_anchor_destroy_ft(ft_prio);
+}
+
static int steering_anchor_cleanup(struct ib_uobject *uobject,
enum rdma_remove_reason why,
struct uverbs_attr_bundle *attrs)
@@ -2035,6 +2264,9 @@ static int steering_anchor_cleanup(struct ib_uobject *uobject,
return -EBUSY;
mutex_lock(&obj->dev->flow_db->lock);
+ if (!--obj->ft_prio->anchor.rule_goto_table_ref)
+ steering_anchor_destroy_rule_goto_table(obj->ft_prio);
+
put_flow_table(obj->dev, obj->ft_prio, true);
mutex_unlock(&obj->dev->flow_db->lock);
@@ -2042,6 +2274,24 @@ static int steering_anchor_cleanup(struct ib_uobject *uobject,
return 0;
}
+static void fs_cleanup_anchor(struct mlx5_ib_flow_prio *prio,
+ int count)
+{
+ while (count--)
+ mlx5_steering_anchor_destroy_res(&prio[count]);
+}
+
+void mlx5_ib_fs_cleanup_anchor(struct mlx5_ib_dev *dev)
+{
+ fs_cleanup_anchor(dev->flow_db->prios, MLX5_IB_NUM_FLOW_FT);
+ fs_cleanup_anchor(dev->flow_db->egress_prios, MLX5_IB_NUM_FLOW_FT);
+ fs_cleanup_anchor(dev->flow_db->sniffer, MLX5_IB_NUM_SNIFFER_FTS);
+ fs_cleanup_anchor(dev->flow_db->egress, MLX5_IB_NUM_EGRESS_FTS);
+ fs_cleanup_anchor(dev->flow_db->fdb, MLX5_IB_NUM_FDB_FTS);
+ fs_cleanup_anchor(dev->flow_db->rdma_rx, MLX5_IB_NUM_FLOW_FT);
+ fs_cleanup_anchor(dev->flow_db->rdma_tx, MLX5_IB_NUM_FLOW_FT);
+}
+
static int mlx5_ib_matcher_ns(struct uverbs_attr_bundle *attrs,
struct mlx5_ib_flow_matcher *obj)
{
@@ -2182,21 +2432,31 @@ static int UVERBS_HANDLER(MLX5_IB_METHOD_STEERING_ANCHOR_CREATE)(
return -ENOMEM;
mutex_lock(&dev->flow_db->lock);
+
ft_prio = _get_flow_table(dev, priority, ns_type, 0);
if (IS_ERR(ft_prio)) {
- mutex_unlock(&dev->flow_db->lock);
err = PTR_ERR(ft_prio);
goto free_obj;
}
ft_prio->refcount++;
- ft_id = mlx5_flow_table_id(ft_prio->flow_table);
- mutex_unlock(&dev->flow_db->lock);
+
+ if (!ft_prio->anchor.rule_goto_table_ref) {
+ err = steering_anchor_create_res(dev, ft_prio, ns_type);
+ if (err)
+ goto put_flow_table;
+ }
+
+ ft_prio->anchor.rule_goto_table_ref++;
+
+ ft_id = mlx5_flow_table_id(ft_prio->anchor.ft);
err = uverbs_copy_to(attrs, MLX5_IB_ATTR_STEERING_ANCHOR_FT_ID,
&ft_id, sizeof(ft_id));
if (err)
- goto put_flow_table;
+ goto destroy_res;
+
+ mutex_unlock(&dev->flow_db->lock);
uobj->object = obj;
obj->dev = dev;
@@ -2205,8 +2465,10 @@ static int UVERBS_HANDLER(MLX5_IB_METHOD_STEERING_ANCHOR_CREATE)(
return 0;
+destroy_res:
+ --ft_prio->anchor.rule_goto_table_ref;
+ mlx5_steering_anchor_destroy_res(ft_prio);
put_flow_table:
- mutex_lock(&dev->flow_db->lock);
put_flow_table(dev, ft_prio, true);
mutex_unlock(&dev->flow_db->lock);
free_obj:
diff --git a/drivers/infiniband/hw/mlx5/fs.h b/drivers/infiniband/hw/mlx5/fs.h
index ad320adaf3217..b9734904f5f01 100644
--- a/drivers/infiniband/hw/mlx5/fs.h
+++ b/drivers/infiniband/hw/mlx5/fs.h
@@ -10,6 +10,7 @@
#if IS_ENABLED(CONFIG_INFINIBAND_USER_ACCESS)
int mlx5_ib_fs_init(struct mlx5_ib_dev *dev);
+void mlx5_ib_fs_cleanup_anchor(struct mlx5_ib_dev *dev);
#else
static inline int mlx5_ib_fs_init(struct mlx5_ib_dev *dev)
{
@@ -21,9 +22,24 @@ static inline int mlx5_ib_fs_init(struct mlx5_ib_dev *dev)
mutex_init(&dev->flow_db->lock);
return 0;
}
+
+inline void mlx5_ib_fs_cleanup_anchor(struct mlx5_ib_dev *dev) {}
#endif
+
static inline void mlx5_ib_fs_cleanup(struct mlx5_ib_dev *dev)
{
+ /* When a steering anchor is created, a special flow table is also
+ * created for the user to reference. Since the user can reference it,
+ * the kernel cannot trust that when the user destroys the steering
+ * anchor, they no longer reference the flow table.
+ *
+ * To address this issue, when a user destroys a steering anchor, only
+ * the flow steering rule in the table is destroyed, but the table
+ * itself is kept to deal with the above scenario. The remaining
+ * resources are only removed when the RDMA device is destroyed, which
+ * is a safe assumption that all references are gone.
+ */
+ mlx5_ib_fs_cleanup_anchor(dev);
kfree(dev->flow_db);
}
#endif /* _MLX5_IB_FS_H */
diff --git a/drivers/infiniband/hw/mlx5/mlx5_ib.h b/drivers/infiniband/hw/mlx5/mlx5_ib.h
index efa4dc6e7dee1..91fc0cdf377d1 100644
--- a/drivers/infiniband/hw/mlx5/mlx5_ib.h
+++ b/drivers/infiniband/hw/mlx5/mlx5_ib.h
@@ -237,8 +237,19 @@ enum {
#define MLX5_IB_NUM_SNIFFER_FTS 2
#define MLX5_IB_NUM_EGRESS_FTS 1
#define MLX5_IB_NUM_FDB_FTS MLX5_BY_PASS_NUM_REGULAR_PRIOS
+
+struct mlx5_ib_anchor {
+ struct mlx5_flow_table *ft;
+ struct mlx5_flow_group *fg_goto_table;
+ struct mlx5_flow_group *fg_drop;
+ struct mlx5_flow_handle *rule_goto_table;
+ struct mlx5_flow_handle *rule_drop;
+ unsigned int rule_goto_table_ref;
+};
+
struct mlx5_ib_flow_prio {
struct mlx5_flow_table *flow_table;
+ struct mlx5_ib_anchor anchor;
unsigned int refcount;
};
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 141/187] RDMA/cma: Always set static rate to 0 for RoCE
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (139 preceding siblings ...)
2023-06-19 10:29 ` [PATCH 6.3 140/187] RDMA/mlx5: Create an indirect flow table for steering anchor Greg Kroah-Hartman
@ 2023-06-19 10:29 ` Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 142/187] IB/uverbs: Fix to consider event queue closing also upon non-blocking mode Greg Kroah-Hartman
` (57 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mark Zhang, Leon Romanovsky,
Sasha Levin
From: Mark Zhang <markzhang@nvidia.com>
[ Upstream commit 58030c76cce473b6cfd630bbecb97215def0dff8 ]
Set static rate to 0 as it should be discovered by path query and
has no meaning for RoCE.
This also avoid of using the rtnl lock and ethtool API, which is
a bottleneck when try to setup many rdma-cm connections at the same
time, especially with multiple processes.
Fixes: 3c86aa70bf67 ("RDMA/cm: Add RDMA CM support for IBoE devices")
Signed-off-by: Mark Zhang <markzhang@nvidia.com>
Link: https://lore.kernel.org/r/f72a4f8b667b803aee9fa794069f61afb5839ce4.1685960567.git.leon@kernel.org
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/core/cma.c | 4 ++--
include/rdma/ib_addr.h | 23 -----------------------
2 files changed, 2 insertions(+), 25 deletions(-)
diff --git a/drivers/infiniband/core/cma.c b/drivers/infiniband/core/cma.c
index 6b9563d4f23c9..033df909b92e1 100644
--- a/drivers/infiniband/core/cma.c
+++ b/drivers/infiniband/core/cma.c
@@ -3297,7 +3297,7 @@ static int cma_resolve_iboe_route(struct rdma_id_private *id_priv)
route->path_rec->traffic_class = tos;
route->path_rec->mtu = iboe_get_mtu(ndev->mtu);
route->path_rec->rate_selector = IB_SA_EQ;
- route->path_rec->rate = iboe_get_rate(ndev);
+ route->path_rec->rate = IB_RATE_PORT_CURRENT;
dev_put(ndev);
route->path_rec->packet_life_time_selector = IB_SA_EQ;
/* In case ACK timeout is set, use this value to calculate
@@ -4966,7 +4966,7 @@ static int cma_iboe_join_multicast(struct rdma_id_private *id_priv,
if (!ndev)
return -ENODEV;
- ib.rec.rate = iboe_get_rate(ndev);
+ ib.rec.rate = IB_RATE_PORT_CURRENT;
ib.rec.hop_limit = 1;
ib.rec.mtu = iboe_get_mtu(ndev->mtu);
diff --git a/include/rdma/ib_addr.h b/include/rdma/ib_addr.h
index d808dc3d239e8..811a0f11d0dbe 100644
--- a/include/rdma/ib_addr.h
+++ b/include/rdma/ib_addr.h
@@ -194,29 +194,6 @@ static inline enum ib_mtu iboe_get_mtu(int mtu)
return 0;
}
-static inline int iboe_get_rate(struct net_device *dev)
-{
- struct ethtool_link_ksettings cmd;
- int err;
-
- rtnl_lock();
- err = __ethtool_get_link_ksettings(dev, &cmd);
- rtnl_unlock();
- if (err)
- return IB_RATE_PORT_CURRENT;
-
- if (cmd.base.speed >= 40000)
- return IB_RATE_40_GBPS;
- else if (cmd.base.speed >= 30000)
- return IB_RATE_30_GBPS;
- else if (cmd.base.speed >= 20000)
- return IB_RATE_20_GBPS;
- else if (cmd.base.speed >= 10000)
- return IB_RATE_10_GBPS;
- else
- return IB_RATE_PORT_CURRENT;
-}
-
static inline int rdma_link_local_addr(struct in6_addr *addr)
{
if (addr->s6_addr32[0] == htonl(0xfe800000) &&
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 142/187] IB/uverbs: Fix to consider event queue closing also upon non-blocking mode
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (140 preceding siblings ...)
2023-06-19 10:29 ` [PATCH 6.3 141/187] RDMA/cma: Always set static rate to 0 for RoCE Greg Kroah-Hartman
@ 2023-06-19 10:29 ` Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 143/187] RDMA/mlx5: Fix affinity assignment Greg Kroah-Hartman
` (56 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Maor Gottlieb, Yishai Hadas,
Leon Romanovsky, Sasha Levin
From: Yishai Hadas <yishaih@nvidia.com>
[ Upstream commit 62fab312fa1683e812e605db20d4f22de3e3fb2f ]
Fix ib_uverbs_event_read() to consider event queue closing also upon
non-blocking mode.
Once the queue is closed (e.g. hot-plug flow) all the existing events
are cleaned-up as part of ib_uverbs_free_event_queue().
An application that uses the non-blocking FD mode should get -EIO in
that case to let it knows that the device was removed already.
Otherwise, it can loose the indication that the device was removed and
won't recover.
As part of that, refactor the code to have a single flow with regards to
'is_closed' for both blocking and non-blocking modes.
Fixes: 14e23bd6d221 ("RDMA/core: Fix locking in ib_uverbs_event_read")
Reviewed-by: Maor Gottlieb <maorg@nvidia.com>
Signed-off-by: Yishai Hadas <yishaih@nvidia.com>
Link: https://lore.kernel.org/r/97b00116a1e1e13f8dc4ec38a5ea81cf8c030210.1685960567.git.leon@kernel.org
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/core/uverbs_main.c | 12 +++++-------
1 file changed, 5 insertions(+), 7 deletions(-)
diff --git a/drivers/infiniband/core/uverbs_main.c b/drivers/infiniband/core/uverbs_main.c
index bdb179a09d77c..3cd4b195007b8 100644
--- a/drivers/infiniband/core/uverbs_main.c
+++ b/drivers/infiniband/core/uverbs_main.c
@@ -222,8 +222,12 @@ static ssize_t ib_uverbs_event_read(struct ib_uverbs_event_queue *ev_queue,
spin_lock_irq(&ev_queue->lock);
while (list_empty(&ev_queue->event_list)) {
- spin_unlock_irq(&ev_queue->lock);
+ if (ev_queue->is_closed) {
+ spin_unlock_irq(&ev_queue->lock);
+ return -EIO;
+ }
+ spin_unlock_irq(&ev_queue->lock);
if (filp->f_flags & O_NONBLOCK)
return -EAGAIN;
@@ -233,12 +237,6 @@ static ssize_t ib_uverbs_event_read(struct ib_uverbs_event_queue *ev_queue,
return -ERESTARTSYS;
spin_lock_irq(&ev_queue->lock);
-
- /* If device was disassociated and no event exists set an error */
- if (list_empty(&ev_queue->event_list) && ev_queue->is_closed) {
- spin_unlock_irq(&ev_queue->lock);
- return -EIO;
- }
}
event = list_entry(ev_queue->event_list.next, struct ib_uverbs_event, list);
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 143/187] RDMA/mlx5: Fix affinity assignment
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (141 preceding siblings ...)
2023-06-19 10:29 ` [PATCH 6.3 142/187] IB/uverbs: Fix to consider event queue closing also upon non-blocking mode Greg Kroah-Hartman
@ 2023-06-19 10:29 ` Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 144/187] IB/isert: Fix dead lock in ib_isert Greg Kroah-Hartman
` (55 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Maor Gottlieb, Mark Bloch,
Leon Romanovsky, Sasha Levin
From: Mark Bloch <mbloch@nvidia.com>
[ Upstream commit 617f5db1a626f18d5cbb7c7faf7bf8f9ea12be78 ]
The cited commit aimed to ensure that Virtual Functions (VFs) assign a
queue affinity to a Queue Pair (QP) to distribute traffic when
the LAG master creates a hardware LAG. If the affinity was set while
the hardware was not in LAG, the firmware would ignore the affinity value.
However, this commit unintentionally assigned an affinity to QPs on the LAG
master's VPORT even if the RDMA device was not marked as LAG-enabled.
In most cases, this was not an issue because when the hardware entered
hardware LAG configuration, the RDMA device of the LAG master would be
destroyed and a new one would be created, marked as LAG-enabled.
The problem arises when a user configures Equal-Cost Multipath (ECMP).
In ECMP mode, traffic can be directed to different physical ports based on
the queue affinity, which is intended for use by VPORTS other than the
E-Switch manager. ECMP mode is supported only if both E-Switch managers are
in switchdev mode and the appropriate route is configured via IP. In this
configuration, the RDMA device is not destroyed, and we retain the RDMA
device that is not marked as LAG-enabled.
To ensure correct behavior, Send Queues (SQs) opened by the E-Switch
manager through verbs should be assigned strict affinity. This means they
will only be able to communicate through the native physical port
associated with the E-Switch manager. This will prevent the firmware from
assigning affinity and will not allow the SQs to be remapped in case of
failover.
Fixes: 802dcc7fc5ec ("RDMA/mlx5: Support TX port affinity for VF drivers in LAG mode")
Reviewed-by: Maor Gottlieb <maorg@nvidia.com>
Signed-off-by: Mark Bloch <mbloch@nvidia.com>
Link: https://lore.kernel.org/r/425b05f4da840bc684b0f7e8ebf61aeb5cef09b0.1685960567.git.leon@kernel.org
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/hw/mlx5/mlx5_ib.h | 3 +++
drivers/infiniband/hw/mlx5/qp.c | 3 +++
drivers/net/ethernet/mellanox/mlx5/core/mlx5_core.h | 12 ------------
include/linux/mlx5/driver.h | 12 ++++++++++++
4 files changed, 18 insertions(+), 12 deletions(-)
diff --git a/drivers/infiniband/hw/mlx5/mlx5_ib.h b/drivers/infiniband/hw/mlx5/mlx5_ib.h
index 91fc0cdf377d1..2dfa6f49a6f48 100644
--- a/drivers/infiniband/hw/mlx5/mlx5_ib.h
+++ b/drivers/infiniband/hw/mlx5/mlx5_ib.h
@@ -1598,6 +1598,9 @@ static inline bool mlx5_ib_lag_should_assign_affinity(struct mlx5_ib_dev *dev)
MLX5_CAP_PORT_SELECTION(dev->mdev, port_select_flow_table_bypass))
return 0;
+ if (mlx5_lag_is_lacp_owner(dev->mdev) && !dev->lag_active)
+ return 0;
+
return dev->lag_active ||
(MLX5_CAP_GEN(dev->mdev, num_lag_ports) > 1 &&
MLX5_CAP_GEN(dev->mdev, lag_tx_port_affinity));
diff --git a/drivers/infiniband/hw/mlx5/qp.c b/drivers/infiniband/hw/mlx5/qp.c
index 86284aba3470d..5bc63020b766d 100644
--- a/drivers/infiniband/hw/mlx5/qp.c
+++ b/drivers/infiniband/hw/mlx5/qp.c
@@ -1233,6 +1233,9 @@ static int create_raw_packet_qp_tis(struct mlx5_ib_dev *dev,
MLX5_SET(create_tis_in, in, uid, to_mpd(pd)->uid);
MLX5_SET(tisc, tisc, transport_domain, tdn);
+ if (!mlx5_ib_lag_should_assign_affinity(dev) &&
+ mlx5_lag_is_lacp_owner(dev->mdev))
+ MLX5_SET(tisc, tisc, strict_lag_tx_port_affinity, 1);
if (qp->flags & IB_QP_CREATE_SOURCE_QPN)
MLX5_SET(tisc, tisc, underlay_qpn, qp->underlay_qpn);
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/mlx5_core.h b/drivers/net/ethernet/mellanox/mlx5/core/mlx5_core.h
index a3c5c2dab5fd7..d7ef853702b79 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/mlx5_core.h
+++ b/drivers/net/ethernet/mellanox/mlx5/core/mlx5_core.h
@@ -275,18 +275,6 @@ static inline bool mlx5_sriov_is_enabled(struct mlx5_core_dev *dev)
return pci_num_vf(dev->pdev) ? true : false;
}
-static inline int mlx5_lag_is_lacp_owner(struct mlx5_core_dev *dev)
-{
- /* LACP owner conditions:
- * 1) Function is physical.
- * 2) LAG is supported by FW.
- * 3) LAG is managed by driver (currently the only option).
- */
- return MLX5_CAP_GEN(dev, vport_group_manager) &&
- (MLX5_CAP_GEN(dev, num_lag_ports) > 1) &&
- MLX5_CAP_GEN(dev, lag_master);
-}
-
int mlx5_rescan_drivers_locked(struct mlx5_core_dev *dev);
static inline int mlx5_rescan_drivers(struct mlx5_core_dev *dev)
{
diff --git a/include/linux/mlx5/driver.h b/include/linux/mlx5/driver.h
index 68a3183d5d589..33dbe941d070c 100644
--- a/include/linux/mlx5/driver.h
+++ b/include/linux/mlx5/driver.h
@@ -1233,6 +1233,18 @@ static inline u16 mlx5_core_max_vfs(const struct mlx5_core_dev *dev)
return dev->priv.sriov.max_vfs;
}
+static inline int mlx5_lag_is_lacp_owner(struct mlx5_core_dev *dev)
+{
+ /* LACP owner conditions:
+ * 1) Function is physical.
+ * 2) LAG is supported by FW.
+ * 3) LAG is managed by driver (currently the only option).
+ */
+ return MLX5_CAP_GEN(dev, vport_group_manager) &&
+ (MLX5_CAP_GEN(dev, num_lag_ports) > 1) &&
+ MLX5_CAP_GEN(dev, lag_master);
+}
+
static inline int mlx5_get_gid_table_len(u16 param)
{
if (param > 4) {
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 144/187] IB/isert: Fix dead lock in ib_isert
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (142 preceding siblings ...)
2023-06-19 10:29 ` [PATCH 6.3 143/187] RDMA/mlx5: Fix affinity assignment Greg Kroah-Hartman
@ 2023-06-19 10:29 ` Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 145/187] IB/isert: Fix possible list corruption in CMA handler Greg Kroah-Hartman
` (54 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Sagi Grimberg, Selvin Xavier,
Saravanan Vajravel, Leon Romanovsky, Sasha Levin
From: Saravanan Vajravel <saravanan.vajravel@broadcom.com>
[ Upstream commit 691b0480933f0ce88a81ed1d1a0aff340ff6293a ]
- When a iSER session is released, ib_isert module is taking a mutex
lock and releasing all pending connections. As part of this, ib_isert
is destroying rdma cm_id. To destroy cm_id, rdma_cm module is sending
CM events to CMA handler of ib_isert. This handler is taking same
mutex lock. Hence it leads to deadlock between ib_isert & rdma_cm
modules.
- For fix, created local list of pending connections and release the
connection outside of mutex lock.
Calltrace:
---------
[ 1229.791410] INFO: task kworker/10:1:642 blocked for more than 120 seconds.
[ 1229.791416] Tainted: G OE --------- - - 4.18.0-372.9.1.el8.x86_64 #1
[ 1229.791418] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1229.791419] task:kworker/10:1 state:D stack: 0 pid: 642 ppid: 2 flags:0x80004000
[ 1229.791424] Workqueue: ib_cm cm_work_handler [ib_cm]
[ 1229.791436] Call Trace:
[ 1229.791438] __schedule+0x2d1/0x830
[ 1229.791445] ? select_idle_sibling+0x23/0x6f0
[ 1229.791449] schedule+0x35/0xa0
[ 1229.791451] schedule_preempt_disabled+0xa/0x10
[ 1229.791453] __mutex_lock.isra.7+0x310/0x420
[ 1229.791456] ? select_task_rq_fair+0x351/0x990
[ 1229.791459] isert_cma_handler+0x224/0x330 [ib_isert]
[ 1229.791463] ? ttwu_queue_wakelist+0x159/0x170
[ 1229.791466] cma_cm_event_handler+0x25/0xd0 [rdma_cm]
[ 1229.791474] cma_ib_handler+0xa7/0x2e0 [rdma_cm]
[ 1229.791478] cm_process_work+0x22/0xf0 [ib_cm]
[ 1229.791483] cm_work_handler+0xf4/0xf30 [ib_cm]
[ 1229.791487] ? move_linked_works+0x6e/0xa0
[ 1229.791490] process_one_work+0x1a7/0x360
[ 1229.791491] ? create_worker+0x1a0/0x1a0
[ 1229.791493] worker_thread+0x30/0x390
[ 1229.791494] ? create_worker+0x1a0/0x1a0
[ 1229.791495] kthread+0x10a/0x120
[ 1229.791497] ? set_kthread_struct+0x40/0x40
[ 1229.791499] ret_from_fork+0x1f/0x40
[ 1229.791739] INFO: task targetcli:28666 blocked for more than 120 seconds.
[ 1229.791740] Tainted: G OE --------- - - 4.18.0-372.9.1.el8.x86_64 #1
[ 1229.791741] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1229.791742] task:targetcli state:D stack: 0 pid:28666 ppid: 5510 flags:0x00004080
[ 1229.791743] Call Trace:
[ 1229.791744] __schedule+0x2d1/0x830
[ 1229.791746] schedule+0x35/0xa0
[ 1229.791748] schedule_preempt_disabled+0xa/0x10
[ 1229.791749] __mutex_lock.isra.7+0x310/0x420
[ 1229.791751] rdma_destroy_id+0x15/0x20 [rdma_cm]
[ 1229.791755] isert_connect_release+0x115/0x130 [ib_isert]
[ 1229.791757] isert_free_np+0x87/0x140 [ib_isert]
[ 1229.791761] iscsit_del_np+0x74/0x120 [iscsi_target_mod]
[ 1229.791776] lio_target_np_driver_store+0xe9/0x140 [iscsi_target_mod]
[ 1229.791784] configfs_write_file+0xb2/0x110
[ 1229.791788] vfs_write+0xa5/0x1a0
[ 1229.791792] ksys_write+0x4f/0xb0
[ 1229.791794] do_syscall_64+0x5b/0x1a0
[ 1229.791798] entry_SYSCALL_64_after_hwframe+0x65/0xca
Fixes: bd3792205aae ("iser-target: Fix pending connections handling in target stack shutdown sequnce")
Reviewed-by: Sagi Grimberg <sagi@grimberg.me>
Signed-off-by: Selvin Xavier <selvin.xavier@broadcom.com>
Signed-off-by: Saravanan Vajravel <saravanan.vajravel@broadcom.com>
Link: https://lore.kernel.org/r/20230606102531.162967-2-saravanan.vajravel@broadcom.com
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/ulp/isert/ib_isert.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/drivers/infiniband/ulp/isert/ib_isert.c b/drivers/infiniband/ulp/isert/ib_isert.c
index f290cd49698ea..b4809d2372506 100644
--- a/drivers/infiniband/ulp/isert/ib_isert.c
+++ b/drivers/infiniband/ulp/isert/ib_isert.c
@@ -2431,6 +2431,7 @@ isert_free_np(struct iscsi_np *np)
{
struct isert_np *isert_np = np->np_context;
struct isert_conn *isert_conn, *n;
+ LIST_HEAD(drop_conn_list);
if (isert_np->cm_id)
rdma_destroy_id(isert_np->cm_id);
@@ -2450,7 +2451,7 @@ isert_free_np(struct iscsi_np *np)
node) {
isert_info("cleaning isert_conn %p state (%d)\n",
isert_conn, isert_conn->state);
- isert_connect_release(isert_conn);
+ list_move_tail(&isert_conn->node, &drop_conn_list);
}
}
@@ -2461,11 +2462,16 @@ isert_free_np(struct iscsi_np *np)
node) {
isert_info("cleaning isert_conn %p state (%d)\n",
isert_conn, isert_conn->state);
- isert_connect_release(isert_conn);
+ list_move_tail(&isert_conn->node, &drop_conn_list);
}
}
mutex_unlock(&isert_np->mutex);
+ list_for_each_entry_safe(isert_conn, n, &drop_conn_list, node) {
+ list_del_init(&isert_conn->node);
+ isert_connect_release(isert_conn);
+ }
+
np->np_context = NULL;
kfree(isert_np);
}
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 145/187] IB/isert: Fix possible list corruption in CMA handler
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (143 preceding siblings ...)
2023-06-19 10:29 ` [PATCH 6.3 144/187] IB/isert: Fix dead lock in ib_isert Greg Kroah-Hartman
@ 2023-06-19 10:29 ` Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 146/187] IB/isert: Fix incorrect release of isert connection Greg Kroah-Hartman
` (53 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Selvin Xavier, Saravanan Vajravel,
Leon Romanovsky, Sasha Levin
From: Saravanan Vajravel <saravanan.vajravel@broadcom.com>
[ Upstream commit 7651e2d6c5b359a28c2d4c904fec6608d1021ca8 ]
When ib_isert module receives connection error event, it is
releasing the isert session and removes corresponding list
node but it doesn't take appropriate mutex lock to remove
the list node. This can lead to linked list corruption
Fixes: bd3792205aae ("iser-target: Fix pending connections handling in target stack shutdown sequnce")
Signed-off-by: Selvin Xavier <selvin.xavier@broadcom.com>
Signed-off-by: Saravanan Vajravel <saravanan.vajravel@broadcom.com>
Link: https://lore.kernel.org/r/20230606102531.162967-3-saravanan.vajravel@broadcom.com
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/ulp/isert/ib_isert.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/infiniband/ulp/isert/ib_isert.c b/drivers/infiniband/ulp/isert/ib_isert.c
index b4809d2372506..00a7303c8cc60 100644
--- a/drivers/infiniband/ulp/isert/ib_isert.c
+++ b/drivers/infiniband/ulp/isert/ib_isert.c
@@ -657,9 +657,13 @@ static int
isert_connect_error(struct rdma_cm_id *cma_id)
{
struct isert_conn *isert_conn = cma_id->qp->qp_context;
+ struct isert_np *isert_np = cma_id->context;
ib_drain_qp(isert_conn->qp);
+
+ mutex_lock(&isert_np->mutex);
list_del_init(&isert_conn->node);
+ mutex_unlock(&isert_np->mutex);
isert_conn->cm_id = NULL;
isert_put_conn(isert_conn);
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 146/187] IB/isert: Fix incorrect release of isert connection
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (144 preceding siblings ...)
2023-06-19 10:29 ` [PATCH 6.3 145/187] IB/isert: Fix possible list corruption in CMA handler Greg Kroah-Hartman
@ 2023-06-19 10:29 ` Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 147/187] net: ethtool: correct MAX attribute value for stats Greg Kroah-Hartman
` (52 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Sagi Grimberg, Saravanan Vajravel,
Selvin Xavier, Leon Romanovsky, Sasha Levin
From: Saravanan Vajravel <saravanan.vajravel@broadcom.com>
[ Upstream commit 699826f4e30ab76a62c238c86fbef7e826639c8d ]
The ib_isert module is releasing the isert connection both in
isert_wait_conn() handler as well as isert_free_conn() handler.
In isert_wait_conn() handler, it is expected to wait for iSCSI
session logout operation to complete. It should free the isert
connection only in isert_free_conn() handler.
When a bunch of iSER target is cleared, this issue can lead to
use-after-free memory issue as isert conn is twice released
Fixes: b02efbfc9a05 ("iser-target: Fix implicit termination of connections")
Reviewed-by: Sagi Grimberg <sagi@grimberg.me>
Signed-off-by: Saravanan Vajravel <saravanan.vajravel@broadcom.com>
Signed-off-by: Selvin Xavier <selvin.xavier@broadcom.com>
Link: https://lore.kernel.org/r/20230606102531.162967-4-saravanan.vajravel@broadcom.com
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/ulp/isert/ib_isert.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/drivers/infiniband/ulp/isert/ib_isert.c b/drivers/infiniband/ulp/isert/ib_isert.c
index 00a7303c8cc60..92e1e7587af8b 100644
--- a/drivers/infiniband/ulp/isert/ib_isert.c
+++ b/drivers/infiniband/ulp/isert/ib_isert.c
@@ -2570,8 +2570,6 @@ static void isert_wait_conn(struct iscsit_conn *conn)
isert_put_unsol_pending_cmds(conn);
isert_wait4cmds(conn);
isert_wait4logout(isert_conn);
-
- queue_work(isert_release_wq, &isert_conn->release_work);
}
static void isert_free_conn(struct iscsit_conn *conn)
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 147/187] net: ethtool: correct MAX attribute value for stats
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (145 preceding siblings ...)
2023-06-19 10:29 ` [PATCH 6.3 146/187] IB/isert: Fix incorrect release of isert connection Greg Kroah-Hartman
@ 2023-06-19 10:29 ` Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 148/187] wifi: mac80211: fragment per STA profile correctly Greg Kroah-Hartman
` (51 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jakub Kicinski, David Ahern,
David S. Miller, Sasha Levin
From: Jakub Kicinski <kuba@kernel.org>
[ Upstream commit 52f79609c0c5b25fddb88e85f25ce08aa7e3fb42 ]
When compiling YNL generated code compiler complains about
array-initializer-out-of-bounds. Turns out the MAX value
for STATS_GRP uses the value for STATS.
This may lead to random corruptions in user space (kernel
itself doesn't use this value as it never parses stats).
Fixes: f09ea6fb1272 ("ethtool: add a new command for reading standard stats")
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Reviewed-by: David Ahern <dsahern@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/uapi/linux/ethtool_netlink.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/uapi/linux/ethtool_netlink.h b/include/uapi/linux/ethtool_netlink.h
index d39ce21381c5b..b8171e1ffd327 100644
--- a/include/uapi/linux/ethtool_netlink.h
+++ b/include/uapi/linux/ethtool_netlink.h
@@ -781,7 +781,7 @@ enum {
/* add new constants above here */
__ETHTOOL_A_STATS_GRP_CNT,
- ETHTOOL_A_STATS_GRP_MAX = (__ETHTOOL_A_STATS_CNT - 1)
+ ETHTOOL_A_STATS_GRP_MAX = (__ETHTOOL_A_STATS_GRP_CNT - 1)
};
enum {
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 148/187] wifi: mac80211: fragment per STA profile correctly
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (146 preceding siblings ...)
2023-06-19 10:29 ` [PATCH 6.3 147/187] net: ethtool: correct MAX attribute value for stats Greg Kroah-Hartman
@ 2023-06-19 10:29 ` Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 149/187] ipvlan: fix bound dev checking for IPv6 l3s mode Greg Kroah-Hartman
` (50 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Benjamin Berg, Gregory Greenman,
Johannes Berg, Sasha Levin
From: Benjamin Berg <benjamin.berg@intel.com>
[ Upstream commit d094482c9974a543851a18a1c587a7d132a81659 ]
When fragmenting the ML per STA profile, the element ID should be
IEEE80211_MLE_SUBELEM_PER_STA_PROFILE rather than WLAN_EID_FRAGMENT.
Change the helper function to take the to be used element ID and pass
the appropriate value for each of the fragmentation levels.
Fixes: 81151ce462e5 ("wifi: mac80211: support MLO authentication/association with one link")
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230611121219.9b5c793d904b.I7dad952bea8e555e2f3139fbd415d0cd2b3a08c3@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/mac80211/ieee80211_i.h | 2 +-
net/mac80211/mlme.c | 5 +++--
net/mac80211/util.c | 4 ++--
3 files changed, 6 insertions(+), 5 deletions(-)
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
index eba7ae63fac45..347030b9bb9e3 100644
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -2272,7 +2272,7 @@ ieee802_11_parse_elems(const u8 *start, size_t len, bool action,
return ieee802_11_parse_elems_crc(start, len, action, 0, 0, bss);
}
-void ieee80211_fragment_element(struct sk_buff *skb, u8 *len_pos);
+void ieee80211_fragment_element(struct sk_buff *skb, u8 *len_pos, u8 frag_id);
extern const int ieee802_1d_to_ac[8];
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index 7a970b6dda640..d28a35c538bac 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -1372,10 +1372,11 @@ static void ieee80211_assoc_add_ml_elem(struct ieee80211_sub_if_data *sdata,
ieee80211_add_non_inheritance_elem(skb, outer_present_elems,
link_present_elems);
- ieee80211_fragment_element(skb, subelem_len);
+ ieee80211_fragment_element(skb, subelem_len,
+ IEEE80211_MLE_SUBELEM_FRAGMENT);
}
- ieee80211_fragment_element(skb, ml_elem_len);
+ ieee80211_fragment_element(skb, ml_elem_len, WLAN_EID_FRAGMENT);
}
static int ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata)
diff --git a/net/mac80211/util.c b/net/mac80211/util.c
index d7b382866b260..1a0d38cd46337 100644
--- a/net/mac80211/util.c
+++ b/net/mac80211/util.c
@@ -4955,7 +4955,7 @@ u8 *ieee80211_ie_build_eht_cap(u8 *pos,
return pos;
}
-void ieee80211_fragment_element(struct sk_buff *skb, u8 *len_pos)
+void ieee80211_fragment_element(struct sk_buff *skb, u8 *len_pos, u8 frag_id)
{
unsigned int elem_len;
@@ -4975,7 +4975,7 @@ void ieee80211_fragment_element(struct sk_buff *skb, u8 *len_pos)
memmove(len_pos + 255 + 3, len_pos + 255 + 1, elem_len);
/* place the fragment ID */
len_pos += 255 + 1;
- *len_pos = WLAN_EID_FRAGMENT;
+ *len_pos = frag_id;
/* and point to fragment length to update later */
len_pos++;
}
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 149/187] ipvlan: fix bound dev checking for IPv6 l3s mode
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (147 preceding siblings ...)
2023-06-19 10:29 ` [PATCH 6.3 148/187] wifi: mac80211: fragment per STA profile correctly Greg Kroah-Hartman
@ 2023-06-19 10:29 ` Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 150/187] sctp: fix an error code in sctp_sf_eat_auth() Greg Kroah-Hartman
` (49 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Hangbin Liu, Larysa Zaremba,
David S. Miller, Sasha Levin
From: Hangbin Liu <liuhangbin@gmail.com>
[ Upstream commit ce57adc222aba32431c42632b396e9213d0eb0b8 ]
The commit 59a0b022aa24 ("ipvlan: Make skb->skb_iif track skb->dev for l3s
mode") fixed ipvlan bonded dev checking by updating skb skb_iif. This fix
works for IPv4, as in raw_v4_input() the dif is from inet_iif(skb), which
is skb->skb_iif when there is no route.
But for IPv6, the fix is not enough, because in ipv6_raw_deliver() ->
raw_v6_match(), the dif is inet6_iif(skb), which is returns IP6CB(skb)->iif
instead of skb->skb_iif if it's not a l3_slave. To fix the IPv6 part
issue. Let's set IP6CB(skb)->iif to correct ifindex.
BTW, ipvlan handles NS/NA specifically. Since it works fine, I will not
reset IP6CB(skb)->iif when addr->atype is IPVL_ICMPV6.
Fixes: c675e06a98a4 ("ipvlan: decouple l3s mode dependencies from other modes")
Link: https://bugzilla.redhat.com/show_bug.cgi?id=2196710
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Reviewed-by: Larysa Zaremba <larysa.zaremba@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ipvlan/ipvlan_l3s.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/net/ipvlan/ipvlan_l3s.c b/drivers/net/ipvlan/ipvlan_l3s.c
index 71712ea25403d..d5b05e8032199 100644
--- a/drivers/net/ipvlan/ipvlan_l3s.c
+++ b/drivers/net/ipvlan/ipvlan_l3s.c
@@ -102,6 +102,10 @@ static unsigned int ipvlan_nf_input(void *priv, struct sk_buff *skb,
skb->dev = addr->master->dev;
skb->skb_iif = skb->dev->ifindex;
+#if IS_ENABLED(CONFIG_IPV6)
+ if (addr->atype == IPVL_IPV6)
+ IP6CB(skb)->iif = skb->dev->ifindex;
+#endif
len = skb->len + ETH_HLEN;
ipvlan_count_rx(addr->master, len, true, false);
out:
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 150/187] sctp: fix an error code in sctp_sf_eat_auth()
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (148 preceding siblings ...)
2023-06-19 10:29 ` [PATCH 6.3 149/187] ipvlan: fix bound dev checking for IPv6 l3s mode Greg Kroah-Hartman
@ 2023-06-19 10:29 ` Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 151/187] igc: Clean the TX buffer and TX descriptor ring Greg Kroah-Hartman
` (48 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dan Carpenter, Xin Long,
David S. Miller, Sasha Levin
From: Dan Carpenter <dan.carpenter@linaro.org>
[ Upstream commit 75e6def3b26736e7ff80639810098c9074229737 ]
The sctp_sf_eat_auth() function is supposed to enum sctp_disposition
values and returning a kernel error code will cause issues in the
caller. Change -ENOMEM to SCTP_DISPOSITION_NOMEM.
Fixes: 65b07e5d0d09 ("[SCTP]: API updates to suport SCTP-AUTH extensions.")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Acked-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/sctp/sm_statefuns.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c
index ce54261712062..07edf56f7b8c6 100644
--- a/net/sctp/sm_statefuns.c
+++ b/net/sctp/sm_statefuns.c
@@ -4484,7 +4484,7 @@ enum sctp_disposition sctp_sf_eat_auth(struct net *net,
SCTP_AUTH_NEW_KEY, GFP_ATOMIC);
if (!ev)
- return -ENOMEM;
+ return SCTP_DISPOSITION_NOMEM;
sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP,
SCTP_ULPEVENT(ev));
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 151/187] igc: Clean the TX buffer and TX descriptor ring
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (149 preceding siblings ...)
2023-06-19 10:29 ` [PATCH 6.3 150/187] sctp: fix an error code in sctp_sf_eat_auth() Greg Kroah-Hartman
@ 2023-06-19 10:29 ` Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 152/187] igc: Fix possible system crash when loading module Greg Kroah-Hartman
` (47 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Muhammad Husaini Zulkifli,
Naama Meir, Maciej Fijalkowski, Tony Nguyen, Sasha Levin
From: Muhammad Husaini Zulkifli <muhammad.husaini.zulkifli@intel.com>
[ Upstream commit e43516f5978d11d36511ce63d31d1da4db916510 ]
There could be a race condition during link down where interrupt
being generated and igc_clean_tx_irq() been called to perform the
TX completion. Properly clear the TX buffer/descriptor ring and
disable the TX Queue ring in igc_free_tx_resources() to avoid that.
Kernel trace:
[ 108.237177] Hardware name: Intel Corporation Tiger Lake Client Platform/TigerLake U DDR4 SODIMM RVP, BIOS TGLIFUI1.R00.4204.A00.2105270302 05/27/2021
[ 108.237178] RIP: 0010:refcount_warn_saturate+0x55/0x110
[ 108.242143] RSP: 0018:ffff9e7980003db0 EFLAGS: 00010286
[ 108.245555] Code: 84 bc 00 00 00 c3 cc cc cc cc 85 f6 74 46 80 3d 20 8c 4d 01 00 75 ee 48 c7 c7 88 f4 03 ab c6 05 10 8c 4d 01 01 e8 0b 10 96 ff <0f> 0b c3 cc cc cc cc 80 3d fc 8b 4d 01 00 75 cb 48 c7 c7 b0 f4 03
[ 108.250434]
[ 108.250434] RSP: 0018:ffff9e798125f910 EFLAGS: 00010286
[ 108.254358] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 108.259325]
[ 108.259325] RAX: 0000000000000000 RBX: ffff8ddb935b8000 RCX: 0000000000000027
[ 108.261868] RDX: ffff8de250a28800 RSI: ffff8de250a1c580 RDI: ffff8de250a1c580
[ 108.265538] RDX: 0000000000000027 RSI: 0000000000000002 RDI: ffff8de250a9c588
[ 108.265539] RBP: ffff8ddb935b8000 R08: ffffffffab2655a0 R09: ffff9e798125f898
[ 108.267914] RBP: ffff8ddb8a5b8d80 R08: 0000005648eba354 R09: 0000000000000000
[ 108.270196] R10: 0000000000000001 R11: 000000002d2d2d2d R12: ffff9e798125f948
[ 108.270197] R13: ffff9e798125fa1c R14: ffff8ddb8a5b8d80 R15: 7fffffffffffffff
[ 108.273001] R10: 000000002d2d2d2d R11: 000000002d2d2d2d R12: ffff8ddb8a5b8ed4
[ 108.276410] FS: 00007f605851b740(0000) GS:ffff8de250a80000(0000) knlGS:0000000000000000
[ 108.280597] R13: 00000000000002ac R14: 00000000ffffff99 R15: ffff8ddb92561b80
[ 108.282966] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 108.282967] CR2: 00007f053c039248 CR3: 0000000185850003 CR4: 0000000000f70ee0
[ 108.286206] FS: 0000000000000000(0000) GS:ffff8de250a00000(0000) knlGS:0000000000000000
[ 108.289701] PKRU: 55555554
[ 108.289702] Call Trace:
[ 108.289704] <TASK>
[ 108.293977] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 108.297562] sock_alloc_send_pskb+0x20c/0x240
[ 108.301494] CR2: 00007f053c03a168 CR3: 0000000184394002 CR4: 0000000000f70ef0
[ 108.301495] PKRU: 55555554
[ 108.306464] __ip_append_data.isra.0+0x96f/0x1040
[ 108.309441] Call Trace:
[ 108.309443] ? __pfx_ip_generic_getfrag+0x10/0x10
[ 108.314927] <IRQ>
[ 108.314928] sock_wfree+0x1c7/0x1d0
[ 108.318078] ? __pfx_ip_generic_getfrag+0x10/0x10
[ 108.320276] skb_release_head_state+0x32/0x90
[ 108.324812] ip_make_skb+0xf6/0x130
[ 108.327188] skb_release_all+0x16/0x40
[ 108.330775] ? udp_sendmsg+0x9f3/0xcb0
[ 108.332626] napi_consume_skb+0x48/0xf0
[ 108.334134] ? xfrm_lookup_route+0x23/0xb0
[ 108.344285] igc_poll+0x787/0x1620 [igc]
[ 108.346659] udp_sendmsg+0x9f3/0xcb0
[ 108.360010] ? ttwu_do_activate+0x40/0x220
[ 108.365237] ? __pfx_ip_generic_getfrag+0x10/0x10
[ 108.366744] ? try_to_wake_up+0x289/0x5e0
[ 108.376987] ? sock_sendmsg+0x81/0x90
[ 108.395698] ? __pfx_process_timeout+0x10/0x10
[ 108.395701] sock_sendmsg+0x81/0x90
[ 108.409052] __napi_poll+0x29/0x1c0
[ 108.414279] ____sys_sendmsg+0x284/0x310
[ 108.419507] net_rx_action+0x257/0x2d0
[ 108.438216] ___sys_sendmsg+0x7c/0xc0
[ 108.439723] __do_softirq+0xc1/0x2a8
[ 108.444950] ? finish_task_switch+0xb4/0x2f0
[ 108.452077] irq_exit_rcu+0xa9/0xd0
[ 108.453584] ? __schedule+0x372/0xd00
[ 108.460713] common_interrupt+0x84/0xa0
[ 108.467840] ? clockevents_program_event+0x95/0x100
[ 108.474968] </IRQ>
[ 108.482096] ? do_nanosleep+0x88/0x130
[ 108.489224] <TASK>
[ 108.489225] asm_common_interrupt+0x26/0x40
[ 108.496353] ? __rseq_handle_notify_resume+0xa9/0x4f0
[ 108.503478] RIP: 0010:cpu_idle_poll+0x2c/0x100
[ 108.510607] __sys_sendmsg+0x5d/0xb0
[ 108.518687] Code: 05 e1 d9 c8 00 65 8b 15 de 64 85 55 85 c0 7f 57 e8 b9 ef ff ff fb 65 48 8b 1c 25 00 cc 02 00 48 8b 03 a8 08 74 0b eb 1c f3 90 <48> 8b 03 a8 08 75 13 8b 05 77 63 cd 00 85 c0 75 ed e8 ce ec ff ff
[ 108.525817] do_syscall_64+0x44/0xa0
[ 108.531563] RSP: 0018:ffffffffab203e70 EFLAGS: 00000202
[ 108.538693] entry_SYSCALL_64_after_hwframe+0x72/0xdc
[ 108.546775]
[ 108.546777] RIP: 0033:0x7f605862b7f7
[ 108.549495] RAX: 0000000000000001 RBX: ffffffffab20c940 RCX: 000000000000003b
[ 108.551955] Code: 0e 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b9 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 89 74 24 10
[ 108.554068] RDX: 4000000000000000 RSI: 000000002da97f6a RDI: 00000000002b8ff4
[ 108.559816] RSP: 002b:00007ffc99264058 EFLAGS: 00000246
[ 108.564178] RBP: 0000000000000000 R08: 00000000002b8ff4 R09: ffff8ddb01554c80
[ 108.571302] ORIG_RAX: 000000000000002e
[ 108.571303] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f605862b7f7
[ 108.574023] R10: 000000000000015b R11: 000000000000000f R12: ffffffffab20c940
[ 108.574024] R13: 0000000000000000 R14: ffff8de26fbeef40 R15: ffffffffab20c940
[ 108.578727] RDX: 0000000000000000 RSI: 00007ffc992640a0 RDI: 0000000000000003
[ 108.578728] RBP: 00007ffc99264110 R08: 0000000000000000 R09: 175f48ad1c3a9c00
[ 108.581187] do_idle+0x62/0x230
[ 108.585890] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc992642d8
[ 108.585891] R13: 00005577814ab2ba R14: 00005577814addf0 R15: 00007f605876d000
[ 108.587920] cpu_startup_entry+0x1d/0x20
[ 108.591422] </TASK>
[ 108.596127] rest_init+0xc5/0xd0
[ 108.600490] ---[ end trace 0000000000000000 ]---
Test Setup:
DUT:
- Change mac address on DUT Side. Ensure NIC not having same MAC Address
- Running udp_tai on DUT side. Let udp_tai running throughout the test
Example:
./udp_tai -i enp170s0 -P 100000 -p 90 -c 1 -t 0 -u 30004
Host:
- Perform link up/down every 5 second.
Result:
Kernel panic will happen on DUT Side.
Fixes: 13b5b7fd6a4a ("igc: Add support for Tx/Rx rings")
Signed-off-by: Muhammad Husaini Zulkifli <muhammad.husaini.zulkifli@intel.com>
Tested-by: Naama Meir <naamax.meir@linux.intel.com>
Reviewed-by: Maciej Fijalkowski <maciej.fijalkowski@intel.com>
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/intel/igc/igc_main.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/intel/igc/igc_main.c b/drivers/net/ethernet/intel/igc/igc_main.c
index a2d823e646095..f44d9b8414567 100644
--- a/drivers/net/ethernet/intel/igc/igc_main.c
+++ b/drivers/net/ethernet/intel/igc/igc_main.c
@@ -255,6 +255,13 @@ static void igc_clean_tx_ring(struct igc_ring *tx_ring)
/* reset BQL for queue */
netdev_tx_reset_queue(txring_txq(tx_ring));
+ /* Zero out the buffer ring */
+ memset(tx_ring->tx_buffer_info, 0,
+ sizeof(*tx_ring->tx_buffer_info) * tx_ring->count);
+
+ /* Zero out the descriptor ring */
+ memset(tx_ring->desc, 0, tx_ring->size);
+
/* reset next_to_use and next_to_clean */
tx_ring->next_to_use = 0;
tx_ring->next_to_clean = 0;
@@ -268,7 +275,7 @@ static void igc_clean_tx_ring(struct igc_ring *tx_ring)
*/
void igc_free_tx_resources(struct igc_ring *tx_ring)
{
- igc_clean_tx_ring(tx_ring);
+ igc_disable_tx_ring(tx_ring);
vfree(tx_ring->tx_buffer_info);
tx_ring->tx_buffer_info = NULL;
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 152/187] igc: Fix possible system crash when loading module
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (150 preceding siblings ...)
2023-06-19 10:29 ` [PATCH 6.3 151/187] igc: Clean the TX buffer and TX descriptor ring Greg Kroah-Hartman
@ 2023-06-19 10:29 ` Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 153/187] igb: fix nvm.ops.read() error handling Greg Kroah-Hartman
` (46 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Vinicius Costa Gomes,
Muhammad Husaini Zulkifli, Naama Meir, Tony Nguyen, Sasha Levin
From: Vinicius Costa Gomes <vinicius.gomes@intel.com>
[ Upstream commit c080fe262f9e73a00934b70c16b1479cf40cd2bd ]
Guarantee that when probe() is run again, PTM and PCI busmaster will be
in the same state as it was if the driver was never loaded.
Avoid an i225/i226 hardware issue that PTM requests can be made even
though PCI bus mastering is not enabled. These unexpected PTM requests
can crash some systems.
So, "force" disable PTM and busmastering before removing the driver,
so they can be re-enabled in the right order during probe(). This is
more like a workaround and should be applicable for i225 and i226, in
any platform.
Fixes: 1b5d73fb8624 ("igc: Enable PCIe PTM")
Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@intel.com>
Reviewed-by: Muhammad Husaini Zulkifli <muhammad.husaini.zulkifli@intel.com>
Tested-by: Naama Meir <naamax.meir@linux.intel.com>
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/intel/igc/igc_main.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/net/ethernet/intel/igc/igc_main.c b/drivers/net/ethernet/intel/igc/igc_main.c
index f44d9b8414567..b35f5ff3536e5 100644
--- a/drivers/net/ethernet/intel/igc/igc_main.c
+++ b/drivers/net/ethernet/intel/igc/igc_main.c
@@ -6722,6 +6722,9 @@ static void igc_remove(struct pci_dev *pdev)
igc_ptp_stop(adapter);
+ pci_disable_ptm(pdev);
+ pci_clear_master(pdev);
+
set_bit(__IGC_DOWN, &adapter->state);
del_timer_sync(&adapter->watchdog_timer);
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 153/187] igb: fix nvm.ops.read() error handling
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (151 preceding siblings ...)
2023-06-19 10:29 ` [PATCH 6.3 152/187] igc: Fix possible system crash when loading module Greg Kroah-Hartman
@ 2023-06-19 10:29 ` Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 154/187] net: phylink: report correct max speed for QUSGMII Greg Kroah-Hartman
` (45 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Aleksandr Loktionov, Tony Nguyen,
Sasha Levin
From: Aleksandr Loktionov <aleksandr.loktionov@intel.com>
[ Upstream commit 48a821fd58837800750ec1b3962f0f799630a844 ]
Add error handling into igb_set_eeprom() function, in case
nvm.ops.read() fails just quit with error code asap.
Fixes: 9d5c824399de ("igb: PCI-Express 82575 Gigabit Ethernet driver")
Signed-off-by: Aleksandr Loktionov <aleksandr.loktionov@intel.com>
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/intel/igb/igb_ethtool.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/net/ethernet/intel/igb/igb_ethtool.c b/drivers/net/ethernet/intel/igb/igb_ethtool.c
index 7d60da1b7bf41..319ed601eaa1e 100644
--- a/drivers/net/ethernet/intel/igb/igb_ethtool.c
+++ b/drivers/net/ethernet/intel/igb/igb_ethtool.c
@@ -822,6 +822,8 @@ static int igb_set_eeprom(struct net_device *netdev,
*/
ret_val = hw->nvm.ops.read(hw, last_word, 1,
&eeprom_buff[last_word - first_word]);
+ if (ret_val)
+ goto out;
}
/* Device's eeprom is always little-endian, word addressable */
@@ -841,6 +843,7 @@ static int igb_set_eeprom(struct net_device *netdev,
hw->nvm.ops.update(hw);
igb_set_fw_version(adapter);
+out:
kfree(eeprom_buff);
return ret_val;
}
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 154/187] net: phylink: report correct max speed for QUSGMII
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (152 preceding siblings ...)
2023-06-19 10:29 ` [PATCH 6.3 153/187] igb: fix nvm.ops.read() error handling Greg Kroah-Hartman
@ 2023-06-19 10:29 ` Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 155/187] net: phylink: use a dedicated helper to parse usgmii control word Greg Kroah-Hartman
` (44 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Maxime Chevallier,
Russell King (Oracle), Jakub Kicinski, Sasha Levin
From: Maxime Chevallier <maxime.chevallier@bootlin.com>
[ Upstream commit b9dc1046edfeb7d9dbc2272c8d9ad5a8c47f3199 ]
Q-USGMII is the quad port version of USGMII, and supports a max speed of
1Gbps on each line. Make so that phylink_interface_max_speed() reports
this information correctly.
Fixes: ae0e4bb2a0e0 ("net: phylink: Adjust link settings based on rate matching")
Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
Reviewed-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/phy/phylink.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/phy/phylink.c b/drivers/net/phy/phylink.c
index 30c166b334686..65ff118f22314 100644
--- a/drivers/net/phy/phylink.c
+++ b/drivers/net/phy/phylink.c
@@ -188,6 +188,7 @@ static int phylink_interface_max_speed(phy_interface_t interface)
case PHY_INTERFACE_MODE_RGMII_ID:
case PHY_INTERFACE_MODE_RGMII:
case PHY_INTERFACE_MODE_QSGMII:
+ case PHY_INTERFACE_MODE_QUSGMII:
case PHY_INTERFACE_MODE_SGMII:
case PHY_INTERFACE_MODE_GMII:
return SPEED_1000;
@@ -204,7 +205,6 @@ static int phylink_interface_max_speed(phy_interface_t interface)
case PHY_INTERFACE_MODE_10GBASER:
case PHY_INTERFACE_MODE_10GKR:
case PHY_INTERFACE_MODE_USXGMII:
- case PHY_INTERFACE_MODE_QUSGMII:
return SPEED_10000;
case PHY_INTERFACE_MODE_25GBASER:
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 155/187] net: phylink: use a dedicated helper to parse usgmii control word
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (153 preceding siblings ...)
2023-06-19 10:29 ` [PATCH 6.3 154/187] net: phylink: report correct max speed for QUSGMII Greg Kroah-Hartman
@ 2023-06-19 10:29 ` Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 156/187] drm/nouveau: dont detect DSM for non-NVIDIA device Greg Kroah-Hartman
` (43 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Maxime Chevallier,
Russell King (Oracle), Jakub Kicinski, Sasha Levin
From: Maxime Chevallier <maxime.chevallier@bootlin.com>
[ Upstream commit 923454c0368b8092e9d05c020f50abca577e7290 ]
Q-USGMII is a derivative of USGMII, that uses a specific formatting for
the control word. The layout is close to the USXGMII control word, but
doesn't support speeds over 1Gbps. Use a dedicated decoding logic for
the USGMII control word, re-using USXGMII definitions but only considering
10/100/1000Mbps speeds
Fixes: 5e61fe157a27 ("net: phy: Introduce QUSGMII PHY mode")
Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
Reviewed-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/phy/phylink.c | 39 ++++++++++++++++++++++++++++++++++++++-
1 file changed, 38 insertions(+), 1 deletion(-)
diff --git a/drivers/net/phy/phylink.c b/drivers/net/phy/phylink.c
index 65ff118f22314..0598debb93dea 100644
--- a/drivers/net/phy/phylink.c
+++ b/drivers/net/phy/phylink.c
@@ -3297,6 +3297,41 @@ void phylink_decode_usxgmii_word(struct phylink_link_state *state,
}
EXPORT_SYMBOL_GPL(phylink_decode_usxgmii_word);
+/**
+ * phylink_decode_usgmii_word() - decode the USGMII word from a MAC PCS
+ * @state: a pointer to a struct phylink_link_state.
+ * @lpa: a 16 bit value which stores the USGMII auto-negotiation word
+ *
+ * Helper for MAC PCS supporting the USGMII protocol and the auto-negotiation
+ * code word. Decode the USGMII code word and populate the corresponding fields
+ * (speed, duplex) into the phylink_link_state structure. The structure for this
+ * word is the same as the USXGMII word, except it only supports speeds up to
+ * 1Gbps.
+ */
+static void phylink_decode_usgmii_word(struct phylink_link_state *state,
+ uint16_t lpa)
+{
+ switch (lpa & MDIO_USXGMII_SPD_MASK) {
+ case MDIO_USXGMII_10:
+ state->speed = SPEED_10;
+ break;
+ case MDIO_USXGMII_100:
+ state->speed = SPEED_100;
+ break;
+ case MDIO_USXGMII_1000:
+ state->speed = SPEED_1000;
+ break;
+ default:
+ state->link = false;
+ return;
+ }
+
+ if (lpa & MDIO_USXGMII_FULL_DUPLEX)
+ state->duplex = DUPLEX_FULL;
+ else
+ state->duplex = DUPLEX_HALF;
+}
+
/**
* phylink_mii_c22_pcs_decode_state() - Decode MAC PCS state from MII registers
* @state: a pointer to a &struct phylink_link_state.
@@ -3333,9 +3368,11 @@ void phylink_mii_c22_pcs_decode_state(struct phylink_link_state *state,
case PHY_INTERFACE_MODE_SGMII:
case PHY_INTERFACE_MODE_QSGMII:
- case PHY_INTERFACE_MODE_QUSGMII:
phylink_decode_sgmii_word(state, lpa);
break;
+ case PHY_INTERFACE_MODE_QUSGMII:
+ phylink_decode_usgmii_word(state, lpa);
+ break;
default:
state->link = false;
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 156/187] drm/nouveau: dont detect DSM for non-NVIDIA device
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (154 preceding siblings ...)
2023-06-19 10:29 ` [PATCH 6.3 155/187] net: phylink: use a dedicated helper to parse usgmii control word Greg Kroah-Hartman
@ 2023-06-19 10:29 ` Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 157/187] drm/bridge: ti-sn65dsi86: Avoid possible buffer overflow Greg Kroah-Hartman
` (42 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ratchanan Srirattanamet,
Karol Herbst, Sasha Levin
From: Ratchanan Srirattanamet <peathot@hotmail.com>
[ Upstream commit 11d24327c2d7ad7f24fcc44fb00e1fa91ebf6525 ]
The call site of nouveau_dsm_pci_probe() uses single set of output
variables for all invocations. So, we must not write anything to them
unless it's an NVIDIA device. Otherwise, if we are called with another
device after the NVIDIA device, we'll clober the result of the NVIDIA
device.
For example, if the other device doesn't have _PR3 resources, the
detection later would miss the presence of power resource support, and
the rest of the code will keep using Optimus DSM, breaking power
management for that machine.
Also, because we're detecting NVIDIA's DSM, it doesn't make sense to run
this detection on a non-NVIDIA device anyway. Thus, check at the
beginning of the detection code if this is an NVIDIA card, and just
return if it isn't.
This, together with commit d22915d22ded ("drm/nouveau/devinit/tu102-:
wait for GFW_BOOT_PROGRESS == COMPLETED") developed independently and
landed earlier, fixes runtime power management of the NVIDIA card in
Lenovo Legion 5-15ARH05. Without this patch, the GPU resumption code
will "timeout", sometimes hanging userspace.
As a bonus, we'll also stop preventing _PR3 usage from the bridge for
unrelated devices, which is always nice, I guess.
Fixes: ccfc2d5cdb02 ("drm/nouveau: Use generic helper to check _PR3 presence")
Signed-off-by: Ratchanan Srirattanamet <peathot@hotmail.com>
Closes: https://gitlab.freedesktop.org/drm/nouveau/-/issues/79
Reviewed-by: Karol Herbst <kherbst@redhat.com>
Signed-off-by: Karol Herbst <kherbst@redhat.com>
Link: https://patchwork.freedesktop.org/patch/msgid/DM6PR19MB2780805D4BE1E3F9B3AC96D0BC409@DM6PR19MB2780.namprd19.prod.outlook.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/nouveau/nouveau_acpi.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/gpu/drm/nouveau/nouveau_acpi.c b/drivers/gpu/drm/nouveau/nouveau_acpi.c
index 8cf096f841a90..a2ae8c21e4dce 100644
--- a/drivers/gpu/drm/nouveau/nouveau_acpi.c
+++ b/drivers/gpu/drm/nouveau/nouveau_acpi.c
@@ -220,6 +220,9 @@ static void nouveau_dsm_pci_probe(struct pci_dev *pdev, acpi_handle *dhandle_out
int optimus_funcs;
struct pci_dev *parent_pdev;
+ if (pdev->vendor != PCI_VENDOR_ID_NVIDIA)
+ return;
+
*has_pr3 = false;
parent_pdev = pci_upstream_bridge(pdev);
if (parent_pdev) {
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 157/187] drm/bridge: ti-sn65dsi86: Avoid possible buffer overflow
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (155 preceding siblings ...)
2023-06-19 10:29 ` [PATCH 6.3 156/187] drm/nouveau: dont detect DSM for non-NVIDIA device Greg Kroah-Hartman
@ 2023-06-19 10:29 ` Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 158/187] drm/nouveau/dp: check for NULL nv_connector->native_mode Greg Kroah-Hartman
` (41 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:29 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Su Hui, Douglas Anderson,
Sasha Levin
From: Su Hui <suhui@nfschina.com>
[ Upstream commit 95011f267c44a4d1f9ca1769e8a29ab2c559e004 ]
Smatch error:buffer overflow 'ti_sn_bridge_refclk_lut' 5 <= 5.
Fixes: cea86c5bb442 ("drm/bridge: ti-sn65dsi86: Implement the pwm_chip")
Signed-off-by: Su Hui <suhui@nfschina.com>
Reviewed-by: Douglas Anderson <dianders@chromium.org>
Signed-off-by: Douglas Anderson <dianders@chromium.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20230608012443.839372-1-suhui@nfschina.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/bridge/ti-sn65dsi86.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/gpu/drm/bridge/ti-sn65dsi86.c b/drivers/gpu/drm/bridge/ti-sn65dsi86.c
index 1e26fa63845a2..0ae8a52acf5e4 100644
--- a/drivers/gpu/drm/bridge/ti-sn65dsi86.c
+++ b/drivers/gpu/drm/bridge/ti-sn65dsi86.c
@@ -298,6 +298,10 @@ static void ti_sn_bridge_set_refclk_freq(struct ti_sn65dsi86 *pdata)
if (refclk_lut[i] == refclk_rate)
break;
+ /* avoid buffer overflow and "1" is the default rate in the datasheet. */
+ if (i >= refclk_lut_size)
+ i = 1;
+
regmap_update_bits(pdata->regmap, SN_DPPLL_SRC_REG, REFCLK_FREQ_MASK,
REFCLK_FREQ(i));
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 158/187] drm/nouveau/dp: check for NULL nv_connector->native_mode
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (156 preceding siblings ...)
2023-06-19 10:29 ` [PATCH 6.3 157/187] drm/bridge: ti-sn65dsi86: Avoid possible buffer overflow Greg Kroah-Hartman
@ 2023-06-19 10:29 ` Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 159/187] drm/nouveau: add nv_encoder pointer check for NULL Greg Kroah-Hartman
` (40 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Natalia Petrova, Lyude Paul,
Sasha Levin
From: Natalia Petrova <n.petrova@fintech.ru>
[ Upstream commit 20a2ce87fbaf81e4c3dcb631d738e423959eb320 ]
Add checking for NULL before calling nouveau_connector_detect_depth() in
nouveau_connector_get_modes() function because nv_connector->native_mode
could be dereferenced there since connector pointer passed to
nouveau_connector_detect_depth() and the same value of
nv_connector->native_mode is used there.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: d4c2c99bdc83 ("drm/nouveau/dp: remove broken display depth function, use the improved one")
Signed-off-by: Natalia Petrova <n.petrova@fintech.ru>
Reviewed-by: Lyude Paul <lyude@redhat.com>
Signed-off-by: Lyude Paul <lyude@redhat.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20230512111526.82408-1-n.petrova@fintech.ru
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/nouveau/nouveau_connector.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/nouveau/nouveau_connector.c b/drivers/gpu/drm/nouveau/nouveau_connector.c
index 086b66b60d918..5dbf025e68737 100644
--- a/drivers/gpu/drm/nouveau/nouveau_connector.c
+++ b/drivers/gpu/drm/nouveau/nouveau_connector.c
@@ -966,7 +966,7 @@ nouveau_connector_get_modes(struct drm_connector *connector)
/* Determine display colour depth for everything except LVDS now,
* DP requires this before mode_valid() is called.
*/
- if (connector->connector_type != DRM_MODE_CONNECTOR_LVDS)
+ if (connector->connector_type != DRM_MODE_CONNECTOR_LVDS && nv_connector->native_mode)
nouveau_connector_detect_depth(connector);
/* Find the native mode if this is a digital panel, if we didn't
@@ -987,7 +987,7 @@ nouveau_connector_get_modes(struct drm_connector *connector)
* "native" mode as some VBIOS tables require us to use the
* pixel clock as part of the lookup...
*/
- if (connector->connector_type == DRM_MODE_CONNECTOR_LVDS)
+ if (connector->connector_type == DRM_MODE_CONNECTOR_LVDS && nv_connector->native_mode)
nouveau_connector_detect_depth(connector);
if (nv_encoder->dcb->type == DCB_OUTPUT_TV)
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 159/187] drm/nouveau: add nv_encoder pointer check for NULL
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (157 preceding siblings ...)
2023-06-19 10:29 ` [PATCH 6.3 158/187] drm/nouveau/dp: check for NULL nv_connector->native_mode Greg Kroah-Hartman
@ 2023-06-19 10:29 ` Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 160/187] net: ethernet: ti: am65-cpsw: Call of_node_put() on error path Greg Kroah-Hartman
` (39 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Natalia Petrova, Lyude Paul,
Sasha Levin
From: Natalia Petrova <n.petrova@fintech.ru>
[ Upstream commit 55b94bb8c42464bad3d2217f6874aa1a85664eac ]
Pointer nv_encoder could be dereferenced at nouveau_connector.c
in case it's equal to NULL by jumping to goto label.
This patch adds a NULL-check to avoid it.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: 3195c5f9784a ("drm/nouveau: set encoder for lvds")
Signed-off-by: Natalia Petrova <n.petrova@fintech.ru>
Reviewed-by: Lyude Paul <lyude@redhat.com>
[Fixed patch title]
Signed-off-by: Lyude Paul <lyude@redhat.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20230512103320.82234-1-n.petrova@fintech.ru
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/nouveau/nouveau_connector.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/nouveau/nouveau_connector.c b/drivers/gpu/drm/nouveau/nouveau_connector.c
index 5dbf025e68737..f75c6f09dd2af 100644
--- a/drivers/gpu/drm/nouveau/nouveau_connector.c
+++ b/drivers/gpu/drm/nouveau/nouveau_connector.c
@@ -730,7 +730,8 @@ nouveau_connector_detect_lvds(struct drm_connector *connector, bool force)
#endif
nouveau_connector_set_edid(nv_connector, edid);
- nouveau_connector_set_encoder(connector, nv_encoder);
+ if (nv_encoder)
+ nouveau_connector_set_encoder(connector, nv_encoder);
return status;
}
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 160/187] net: ethernet: ti: am65-cpsw: Call of_node_put() on error path
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (158 preceding siblings ...)
2023-06-19 10:29 ` [PATCH 6.3 159/187] drm/nouveau: add nv_encoder pointer check for NULL Greg Kroah-Hartman
@ 2023-06-19 10:29 ` Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 161/187] selftests/tc-testing: Fix Error: Specified qdisc kind is unknown Greg Kroah-Hartman
` (38 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dan Carpenter, Roger Quadros,
Jakub Kicinski, Sasha Levin
From: Dan Carpenter <dan.carpenter@linaro.org>
[ Upstream commit 374283a1001277e4d07491387aac1fad5aa08d43 ]
This code returns directly but it should instead call of_node_put()
to drop some reference counts.
Fixes: dab2b265dd23 ("net: ethernet: ti: am65-cpsw: Add support for SERDES configuration")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Reviewed-by: Roger Quadros <rogerq@kernel.org>
Link: https://lore.kernel.org/r/e3012f0c-1621-40e6-bf7d-03c276f6e07f@kili.mountain
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/ti/am65-cpsw-nuss.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/ti/am65-cpsw-nuss.c b/drivers/net/ethernet/ti/am65-cpsw-nuss.c
index bcea87b7151c0..ad69c5d5761b3 100644
--- a/drivers/net/ethernet/ti/am65-cpsw-nuss.c
+++ b/drivers/net/ethernet/ti/am65-cpsw-nuss.c
@@ -2031,7 +2031,7 @@ static int am65_cpsw_nuss_init_slave_ports(struct am65_cpsw_common *common)
/* Initialize the Serdes PHY for the port */
ret = am65_cpsw_init_serdes_phy(dev, port_np, port);
if (ret)
- return ret;
+ goto of_node_put;
port->slave.mac_only =
of_property_read_bool(port_np, "ti,mac-only");
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 161/187] selftests/tc-testing: Fix Error: Specified qdisc kind is unknown.
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (159 preceding siblings ...)
2023-06-19 10:29 ` [PATCH 6.3 160/187] net: ethernet: ti: am65-cpsw: Call of_node_put() on error path Greg Kroah-Hartman
@ 2023-06-19 10:29 ` Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 162/187] selftests/tc-testing: Fix Error: failed to find target LOG Greg Kroah-Hartman
` (37 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Vlad Buslov, Victor Nogueira,
Pedro Tammela, Jakub Kicinski, Sasha Levin
From: Vlad Buslov <vladbu@nvidia.com>
[ Upstream commit aef6e908b54200d04f2d77dab31509fcff2e60ae ]
All TEQL tests assume that sch_teql module is loaded. Load module in tdc.sh
before running qdisc tests.
Fixes following example error when running tests via tdc.sh for all TEQL
tests:
# $ sudo ./tdc.py -d eth2 -e 84a0
# -- ns/SubPlugin.__init__
# Test 84a0: Create TEQL with default setting
# exit: 2
# exit: 0
# Error: Specified qdisc kind is unknown.
#
# -----> teardown stage *** Could not execute: "$TC qdisc del dev $DUMMY handle 1: root"
#
# -----> teardown stage *** Error message: "Error: Invalid handle.
# "
# returncode 2; expected [0]
#
# -----> teardown stage *** Aborting test run.
#
# <_io.BufferedReader name=3> *** stdout ***
#
# <_io.BufferedReader name=5> *** stderr ***
# "-----> teardown stage" did not complete successfully
# Exception <class '__main__.PluginMgrTestFail'> ('teardown', 'Error: Specified qdisc kind is unknown.\n', '"-----> teardown stage" did not complete successfully') (caught in test_runner, running test 2 84a0 Create TEQL with default setting stage teardown)
# ---------------
# traceback
# File "/images/src/linux/tools/testing/selftests/tc-testing/./tdc.py", line 495, in test_runner
# res = run_one_test(pm, args, index, tidx)
# File "/images/src/linux/tools/testing/selftests/tc-testing/./tdc.py", line 434, in run_one_test
# prepare_env(args, pm, 'teardown', '-----> teardown stage', tidx['teardown'], procout)
# File "/images/src/linux/tools/testing/selftests/tc-testing/./tdc.py", line 245, in prepare_env
# raise PluginMgrTestFail(
# ---------------
# accumulated output for this test:
# Error: Specified qdisc kind is unknown.
#
# ---------------
#
# All test results:
#
# 1..1
# ok 1 84a0 - Create TEQL with default setting # skipped - "-----> teardown stage" did not complete successfully
Fixes: cc62fbe114c9 ("selftests/tc-testing: add selftests for teql qdisc")
Signed-off-by: Vlad Buslov <vladbu@nvidia.com>
Reviewed-by: Victor Nogueira <victor@mojatatu.com>
Reviewed-by: Pedro Tammela <pctammela@mojatatu.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/tc-testing/tdc.sh | 1 +
1 file changed, 1 insertion(+)
diff --git a/tools/testing/selftests/tc-testing/tdc.sh b/tools/testing/selftests/tc-testing/tdc.sh
index afb0cd86fa3df..eb357bd7923c0 100755
--- a/tools/testing/selftests/tc-testing/tdc.sh
+++ b/tools/testing/selftests/tc-testing/tdc.sh
@@ -2,5 +2,6 @@
# SPDX-License-Identifier: GPL-2.0
modprobe netdevsim
+modprobe sch_teql
./tdc.py -c actions --nobuildebpf
./tdc.py -c qdisc
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 162/187] selftests/tc-testing: Fix Error: failed to find target LOG
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (160 preceding siblings ...)
2023-06-19 10:29 ` [PATCH 6.3 161/187] selftests/tc-testing: Fix Error: Specified qdisc kind is unknown Greg Kroah-Hartman
@ 2023-06-19 10:29 ` Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 163/187] selftests/tc-testing: Fix SFB db test Greg Kroah-Hartman
` (36 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Vlad Buslov, Pedro Tammela,
Jakub Kicinski, Sasha Levin
From: Vlad Buslov <vladbu@nvidia.com>
[ Upstream commit b849c566ee9c6ed78288a522278dcaf419f8e239 ]
Add missing netfilter config dependency.
Fixes following example error when running tests via tdc.sh for all XT
tests:
# $ sudo ./tdc.py -d eth2 -e 2029
# Test 2029: Add xt action with log-prefix
# exit: 255
# exit: 0
# failed to find target LOG
#
# bad action parsing
# parse_action: bad value (7:xt)!
# Illegal "action"
#
# -----> teardown stage *** Could not execute: "$TC actions flush action xt"
#
# -----> teardown stage *** Error message: "Error: Cannot flush unknown TC action.
# We have an error flushing
# "
# returncode 1; expected [0]
#
# -----> teardown stage *** Aborting test run.
#
# <_io.BufferedReader name=3> *** stdout ***
#
# <_io.BufferedReader name=5> *** stderr ***
# "-----> teardown stage" did not complete successfully
# Exception <class '__main__.PluginMgrTestFail'> ('teardown', ' failed to find target LOG\n\nbad action parsing\nparse_action: bad value (7:xt)!\nIllegal "action"\n', '"-----> teardown stage" did not complete successfully') (caught in test_runner, running test 2 2029 Add xt action with log-prefix stage teardown)
# ---------------
# traceback
# File "/images/src/linux/tools/testing/selftests/tc-testing/./tdc.py", line 495, in test_runner
# res = run_one_test(pm, args, index, tidx)
# File "/images/src/linux/tools/testing/selftests/tc-testing/./tdc.py", line 434, in run_one_test
# prepare_env(args, pm, 'teardown', '-----> teardown stage', tidx['teardown'], procout)
# File "/images/src/linux/tools/testing/selftests/tc-testing/./tdc.py", line 245, in prepare_env
# raise PluginMgrTestFail(
# ---------------
# accumulated output for this test:
# failed to find target LOG
#
# bad action parsing
# parse_action: bad value (7:xt)!
# Illegal "action"
#
# ---------------
#
# All test results:
#
# 1..1
# ok 1 2029 - Add xt action with log-prefix # skipped - "-----> teardown stage" did not complete successfully
Fixes: 910d504bc187 ("selftests/tc-testings: add selftests for xt action")
Signed-off-by: Vlad Buslov <vladbu@nvidia.com>
Reviewed-by: Pedro Tammela <pctammela@mojatatu.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/tc-testing/config | 1 +
1 file changed, 1 insertion(+)
diff --git a/tools/testing/selftests/tc-testing/config b/tools/testing/selftests/tc-testing/config
index 4638c63a339ff..aec4de8bea78b 100644
--- a/tools/testing/selftests/tc-testing/config
+++ b/tools/testing/selftests/tc-testing/config
@@ -6,6 +6,7 @@ CONFIG_NF_CONNTRACK_MARK=y
CONFIG_NF_CONNTRACK_ZONES=y
CONFIG_NF_CONNTRACK_LABELS=y
CONFIG_NF_NAT=m
+CONFIG_NETFILTER_XT_TARGET_LOG=m
CONFIG_NET_SCHED=y
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 163/187] selftests/tc-testing: Fix SFB db test
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (161 preceding siblings ...)
2023-06-19 10:29 ` [PATCH 6.3 162/187] selftests/tc-testing: Fix Error: failed to find target LOG Greg Kroah-Hartman
@ 2023-06-19 10:29 ` Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 164/187] net/sched: act_ct: Fix promotion of offloaded unreplied tuple Greg Kroah-Hartman
` (35 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Vlad Buslov, Pedro Tammela,
Jakub Kicinski, Sasha Levin
From: Vlad Buslov <vladbu@nvidia.com>
[ Upstream commit b39d8c41c7a8336ce85c376b5d4906089524a0ae ]
Setting very small value of db like 10ms introduces rounding errors when
converting to/from jiffies on some kernel configs. For example, on 250hz
the actual value will be set to 12ms which causes the test to fail:
# $ sudo ./tdc.py -d eth2 -e 3410
# -- ns/SubPlugin.__init__
# Test 3410: Create SFB with db setting
#
# All test results:
#
# 1..1
# not ok 1 3410 - Create SFB with db setting
# Could not match regex pattern. Verify command output:
# qdisc sfb 1: root refcnt 2 rehash 600s db 12ms limit 1000p max 25p target 20p increment 0.000503548 decrement 4.57771e-05 penalty_rate 10pps penalty_burst 20p
Set the value to 100ms instead which currently seem to work on 100hz,
250hz, 300hz and 1000hz kernel configs.
Fixes: 6ad92dc56fca ("selftests/tc-testing: add selftests for sfb qdisc")
Signed-off-by: Vlad Buslov <vladbu@nvidia.com>
Reviewed-by: Pedro Tammela <pctammela@mojatatu.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/tc-testing/tc-tests/qdiscs/sfb.json | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/tools/testing/selftests/tc-testing/tc-tests/qdiscs/sfb.json b/tools/testing/selftests/tc-testing/tc-tests/qdiscs/sfb.json
index ba2f5e79cdbfe..e21c7f22c6d4c 100644
--- a/tools/testing/selftests/tc-testing/tc-tests/qdiscs/sfb.json
+++ b/tools/testing/selftests/tc-testing/tc-tests/qdiscs/sfb.json
@@ -58,10 +58,10 @@
"setup": [
"$IP link add dev $DUMMY type dummy || /bin/true"
],
- "cmdUnderTest": "$TC qdisc add dev $DUMMY handle 1: root sfb db 10",
+ "cmdUnderTest": "$TC qdisc add dev $DUMMY handle 1: root sfb db 100",
"expExitCode": "0",
"verifyCmd": "$TC qdisc show dev $DUMMY",
- "matchPattern": "qdisc sfb 1: root refcnt [0-9]+ rehash 600s db 10ms",
+ "matchPattern": "qdisc sfb 1: root refcnt [0-9]+ rehash 600s db 100ms",
"matchCount": "1",
"teardown": [
"$TC qdisc del dev $DUMMY handle 1: root",
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 164/187] net/sched: act_ct: Fix promotion of offloaded unreplied tuple
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (162 preceding siblings ...)
2023-06-19 10:29 ` [PATCH 6.3 163/187] selftests/tc-testing: Fix SFB db test Greg Kroah-Hartman
@ 2023-06-19 10:29 ` Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 165/187] net/sched: Refactor qdisc_graft() for ingress and clsact Qdiscs Greg Kroah-Hartman
` (34 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Vlad Buslov, Paul Blakey,
Florian Westphal, Paolo Abeni, Sasha Levin
From: Paul Blakey <paulb@nvidia.com>
[ Upstream commit 41f2c7c342d3adb1c4dd5f2e3dd831adff16a669 ]
Currently UNREPLIED and UNASSURED connections are added to the nf flow
table. This causes the following connection packets to be processed
by the flow table which then skips conntrack_in(), and thus such the
connections will remain UNREPLIED and UNASSURED even if reply traffic
is then seen. Even still, the unoffloaded reply packets are the ones
triggering hardware update from new to established state, and if
there aren't any to triger an update and/or previous update was
missed, hardware can get out of sync with sw and still mark
packets as new.
Fix the above by:
1) Not skipping conntrack_in() for UNASSURED packets, but still
refresh for hardware, as before the cited patch.
2) Try and force a refresh by reply-direction packets that update
the hardware rules from new to established state.
3) Remove any bidirectional flows that didn't failed to update in
hardware for re-insertion as bidrectional once any new packet
arrives.
Fixes: 6a9bad0069cf ("net/sched: act_ct: offload UDP NEW connections")
Co-developed-by: Vlad Buslov <vladbu@nvidia.com>
Signed-off-by: Vlad Buslov <vladbu@nvidia.com>
Signed-off-by: Paul Blakey <paulb@nvidia.com>
Reviewed-by: Florian Westphal <fw@strlen.de>
Link: https://lore.kernel.org/r/1686313379-117663-1-git-send-email-paulb@nvidia.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/net/netfilter/nf_flow_table.h | 2 +-
net/netfilter/nf_flow_table_core.c | 13 ++++++++++---
net/netfilter/nf_flow_table_ip.c | 4 ++--
net/sched/act_ct.c | 9 ++++++++-
4 files changed, 21 insertions(+), 7 deletions(-)
diff --git a/include/net/netfilter/nf_flow_table.h b/include/net/netfilter/nf_flow_table.h
index ebb28ec5b6faf..f37f9f34430c1 100644
--- a/include/net/netfilter/nf_flow_table.h
+++ b/include/net/netfilter/nf_flow_table.h
@@ -268,7 +268,7 @@ int flow_offload_route_init(struct flow_offload *flow,
int flow_offload_add(struct nf_flowtable *flow_table, struct flow_offload *flow);
void flow_offload_refresh(struct nf_flowtable *flow_table,
- struct flow_offload *flow);
+ struct flow_offload *flow, bool force);
struct flow_offload_tuple_rhash *flow_offload_lookup(struct nf_flowtable *flow_table,
struct flow_offload_tuple *tuple);
diff --git a/net/netfilter/nf_flow_table_core.c b/net/netfilter/nf_flow_table_core.c
index 04bd0ed4d2ae7..b0ef48b21dcb4 100644
--- a/net/netfilter/nf_flow_table_core.c
+++ b/net/netfilter/nf_flow_table_core.c
@@ -317,12 +317,12 @@ int flow_offload_add(struct nf_flowtable *flow_table, struct flow_offload *flow)
EXPORT_SYMBOL_GPL(flow_offload_add);
void flow_offload_refresh(struct nf_flowtable *flow_table,
- struct flow_offload *flow)
+ struct flow_offload *flow, bool force)
{
u32 timeout;
timeout = nf_flowtable_time_stamp + flow_offload_get_timeout(flow);
- if (timeout - READ_ONCE(flow->timeout) > HZ)
+ if (force || timeout - READ_ONCE(flow->timeout) > HZ)
WRITE_ONCE(flow->timeout, timeout);
else
return;
@@ -334,6 +334,12 @@ void flow_offload_refresh(struct nf_flowtable *flow_table,
}
EXPORT_SYMBOL_GPL(flow_offload_refresh);
+static bool nf_flow_is_outdated(const struct flow_offload *flow)
+{
+ return test_bit(IPS_SEEN_REPLY_BIT, &flow->ct->status) &&
+ !test_bit(NF_FLOW_HW_ESTABLISHED, &flow->flags);
+}
+
static inline bool nf_flow_has_expired(const struct flow_offload *flow)
{
return nf_flow_timeout_delta(flow->timeout) <= 0;
@@ -423,7 +429,8 @@ static void nf_flow_offload_gc_step(struct nf_flowtable *flow_table,
struct flow_offload *flow, void *data)
{
if (nf_flow_has_expired(flow) ||
- nf_ct_is_dying(flow->ct))
+ nf_ct_is_dying(flow->ct) ||
+ nf_flow_is_outdated(flow))
flow_offload_teardown(flow);
if (test_bit(NF_FLOW_TEARDOWN, &flow->flags)) {
diff --git a/net/netfilter/nf_flow_table_ip.c b/net/netfilter/nf_flow_table_ip.c
index 19efba1e51ef9..3bbaf9c7ea46a 100644
--- a/net/netfilter/nf_flow_table_ip.c
+++ b/net/netfilter/nf_flow_table_ip.c
@@ -384,7 +384,7 @@ nf_flow_offload_ip_hook(void *priv, struct sk_buff *skb,
if (skb_try_make_writable(skb, thoff + hdrsize))
return NF_DROP;
- flow_offload_refresh(flow_table, flow);
+ flow_offload_refresh(flow_table, flow, false);
nf_flow_encap_pop(skb, tuplehash);
thoff -= offset;
@@ -650,7 +650,7 @@ nf_flow_offload_ipv6_hook(void *priv, struct sk_buff *skb,
if (skb_try_make_writable(skb, thoff + hdrsize))
return NF_DROP;
- flow_offload_refresh(flow_table, flow);
+ flow_offload_refresh(flow_table, flow, false);
nf_flow_encap_pop(skb, tuplehash);
diff --git a/net/sched/act_ct.c b/net/sched/act_ct.c
index 9cc0bc7c71ed7..abc71a06d634a 100644
--- a/net/sched/act_ct.c
+++ b/net/sched/act_ct.c
@@ -610,6 +610,7 @@ static bool tcf_ct_flow_table_lookup(struct tcf_ct_params *p,
struct flow_offload_tuple tuple = {};
enum ip_conntrack_info ctinfo;
struct tcphdr *tcph = NULL;
+ bool force_refresh = false;
struct flow_offload *flow;
struct nf_conn *ct;
u8 dir;
@@ -647,6 +648,7 @@ static bool tcf_ct_flow_table_lookup(struct tcf_ct_params *p,
* established state, then don't refresh.
*/
return false;
+ force_refresh = true;
}
if (tcph && (unlikely(tcph->fin || tcph->rst))) {
@@ -660,7 +662,12 @@ static bool tcf_ct_flow_table_lookup(struct tcf_ct_params *p,
else
ctinfo = IP_CT_ESTABLISHED_REPLY;
- flow_offload_refresh(nf_ft, flow);
+ flow_offload_refresh(nf_ft, flow, force_refresh);
+ if (!test_bit(IPS_ASSURED_BIT, &ct->status)) {
+ /* Process this flow in SW to allow promoting to ASSURED */
+ return false;
+ }
+
nf_conntrack_get(&ct->ct_general);
nf_ct_set(skb, ct, ctinfo);
if (nf_ft->flags & NF_FLOWTABLE_COUNTER)
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 165/187] net/sched: Refactor qdisc_graft() for ingress and clsact Qdiscs
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (163 preceding siblings ...)
2023-06-19 10:29 ` [PATCH 6.3 164/187] net/sched: act_ct: Fix promotion of offloaded unreplied tuple Greg Kroah-Hartman
@ 2023-06-19 10:29 ` Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 166/187] net/sched: qdisc_destroy() old ingress and clsact Qdiscs before grafting Greg Kroah-Hartman
` (33 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Pedro Tammela, Jamal Hadi Salim,
Vlad Buslov, Peilin Ye, Paolo Abeni, Sasha Levin
From: Peilin Ye <peilin.ye@bytedance.com>
[ Upstream commit 2d5f6a8d7aef7852a9ecc555f88c673a1c91754f ]
Grafting ingress and clsact Qdiscs does not need a for-loop in
qdisc_graft(). Refactor it. No functional changes intended.
Tested-by: Pedro Tammela <pctammela@mojatatu.com>
Acked-by: Jamal Hadi Salim <jhs@mojatatu.com>
Reviewed-by: Jamal Hadi Salim <jhs@mojatatu.com>
Reviewed-by: Vlad Buslov <vladbu@nvidia.com>
Signed-off-by: Peilin Ye <peilin.ye@bytedance.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Stable-dep-of: 84ad0af0bccd ("net/sched: qdisc_destroy() old ingress and clsact Qdiscs before grafting")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/sched/sch_api.c | 20 ++++++++++----------
1 file changed, 10 insertions(+), 10 deletions(-)
diff --git a/net/sched/sch_api.c b/net/sched/sch_api.c
index b2a63d697a4aa..5fa9ddd629f95 100644
--- a/net/sched/sch_api.c
+++ b/net/sched/sch_api.c
@@ -1077,12 +1077,12 @@ static int qdisc_graft(struct net_device *dev, struct Qdisc *parent,
if (parent == NULL) {
unsigned int i, num_q, ingress;
+ struct netdev_queue *dev_queue;
ingress = 0;
num_q = dev->num_tx_queues;
if ((q && q->flags & TCQ_F_INGRESS) ||
(new && new->flags & TCQ_F_INGRESS)) {
- num_q = 1;
ingress = 1;
if (!dev_ingress_queue(dev)) {
NL_SET_ERR_MSG(extack, "Device does not have an ingress queue");
@@ -1098,18 +1098,18 @@ static int qdisc_graft(struct net_device *dev, struct Qdisc *parent,
if (new && new->ops->attach && !ingress)
goto skip;
- for (i = 0; i < num_q; i++) {
- struct netdev_queue *dev_queue = dev_ingress_queue(dev);
-
- if (!ingress)
+ if (!ingress) {
+ for (i = 0; i < num_q; i++) {
dev_queue = netdev_get_tx_queue(dev, i);
+ old = dev_graft_qdisc(dev_queue, new);
- old = dev_graft_qdisc(dev_queue, new);
- if (new && i > 0)
- qdisc_refcount_inc(new);
-
- if (!ingress)
+ if (new && i > 0)
+ qdisc_refcount_inc(new);
qdisc_put(old);
+ }
+ } else {
+ dev_queue = dev_ingress_queue(dev);
+ old = dev_graft_qdisc(dev_queue, new);
}
skip:
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 166/187] net/sched: qdisc_destroy() old ingress and clsact Qdiscs before grafting
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (164 preceding siblings ...)
2023-06-19 10:29 ` [PATCH 6.3 165/187] net/sched: Refactor qdisc_graft() for ingress and clsact Qdiscs Greg Kroah-Hartman
@ 2023-06-19 10:29 ` Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 167/187] selftests: forwarding: hw_stats_l3: Set addrgenmode in a separate step Greg Kroah-Hartman
` (32 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+b53a9c0d1ea4ad62da8b,
Hillf Danton, Vlad Buslov, Peilin Ye, Jamal Hadi Salim,
Paolo Abeni, Sasha Levin
From: Peilin Ye <peilin.ye@bytedance.com>
[ Upstream commit 84ad0af0bccd3691cb951c2974c5cb2c10594d4a ]
mini_Qdisc_pair::p_miniq is a double pointer to mini_Qdisc, initialized
in ingress_init() to point to net_device::miniq_ingress. ingress Qdiscs
access this per-net_device pointer in mini_qdisc_pair_swap(). Similar
for clsact Qdiscs and miniq_egress.
Unfortunately, after introducing RTNL-unlocked RTM_{NEW,DEL,GET}TFILTER
requests (thanks Hillf Danton for the hint), when replacing ingress or
clsact Qdiscs, for example, the old Qdisc ("@old") could access the same
miniq_{in,e}gress pointer(s) concurrently with the new Qdisc ("@new"),
causing race conditions [1] including a use-after-free bug in
mini_qdisc_pair_swap() reported by syzbot:
BUG: KASAN: slab-use-after-free in mini_qdisc_pair_swap+0x1c2/0x1f0 net/sched/sch_generic.c:1573
Write of size 8 at addr ffff888045b31308 by task syz-executor690/14901
...
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xd9/0x150 lib/dump_stack.c:106
print_address_description.constprop.0+0x2c/0x3c0 mm/kasan/report.c:319
print_report mm/kasan/report.c:430 [inline]
kasan_report+0x11c/0x130 mm/kasan/report.c:536
mini_qdisc_pair_swap+0x1c2/0x1f0 net/sched/sch_generic.c:1573
tcf_chain_head_change_item net/sched/cls_api.c:495 [inline]
tcf_chain0_head_change.isra.0+0xb9/0x120 net/sched/cls_api.c:509
tcf_chain_tp_insert net/sched/cls_api.c:1826 [inline]
tcf_chain_tp_insert_unique net/sched/cls_api.c:1875 [inline]
tc_new_tfilter+0x1de6/0x2290 net/sched/cls_api.c:2266
...
@old and @new should not affect each other. In other words, @old should
never modify miniq_{in,e}gress after @new, and @new should not update
@old's RCU state.
Fixing without changing sch_api.c turned out to be difficult (please
refer to Closes: for discussions). Instead, make sure @new's first call
always happen after @old's last call (in {ingress,clsact}_destroy()) has
finished:
In qdisc_graft(), return -EBUSY if @old has any ongoing filter requests,
and call qdisc_destroy() for @old before grafting @new.
Introduce qdisc_refcount_dec_if_one() as the counterpart of
qdisc_refcount_inc_nz() used for filter requests. Introduce a
non-static version of qdisc_destroy() that does a TCQ_F_BUILTIN check,
just like qdisc_put() etc.
Depends on patch "net/sched: Refactor qdisc_graft() for ingress and
clsact Qdiscs".
[1] To illustrate, the syzkaller reproducer adds ingress Qdiscs under
TC_H_ROOT (no longer possible after commit c7cfbd115001 ("net/sched:
sch_ingress: Only create under TC_H_INGRESS")) on eth0 that has 8
transmission queues:
Thread 1 creates ingress Qdisc A (containing mini Qdisc a1 and a2),
then adds a flower filter X to A.
Thread 2 creates another ingress Qdisc B (containing mini Qdisc b1 and
b2) to replace A, then adds a flower filter Y to B.
Thread 1 A's refcnt Thread 2
RTM_NEWQDISC (A, RTNL-locked)
qdisc_create(A) 1
qdisc_graft(A) 9
RTM_NEWTFILTER (X, RTNL-unlocked)
__tcf_qdisc_find(A) 10
tcf_chain0_head_change(A)
mini_qdisc_pair_swap(A) (1st)
|
| RTM_NEWQDISC (B, RTNL-locked)
RCU sync 2 qdisc_graft(B)
| 1 notify_and_destroy(A)
|
tcf_block_release(A) 0 RTM_NEWTFILTER (Y, RTNL-unlocked)
qdisc_destroy(A) tcf_chain0_head_change(B)
tcf_chain0_head_change_cb_del(A) mini_qdisc_pair_swap(B) (2nd)
mini_qdisc_pair_swap(A) (3rd) |
... ...
Here, B calls mini_qdisc_pair_swap(), pointing eth0->miniq_ingress to
its mini Qdisc, b1. Then, A calls mini_qdisc_pair_swap() again during
ingress_destroy(), setting eth0->miniq_ingress to NULL, so ingress
packets on eth0 will not find filter Y in sch_handle_ingress().
This is just one of the possible consequences of concurrently accessing
miniq_{in,e}gress pointers.
Fixes: 7a096d579e8e ("net: sched: ingress: set 'unlocked' flag for Qdisc ops")
Fixes: 87f373921c4e ("net: sched: ingress: set 'unlocked' flag for clsact Qdisc ops")
Reported-by: syzbot+b53a9c0d1ea4ad62da8b@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/r/0000000000006cf87705f79acf1a@google.com/
Cc: Hillf Danton <hdanton@sina.com>
Cc: Vlad Buslov <vladbu@mellanox.com>
Signed-off-by: Peilin Ye <peilin.ye@bytedance.com>
Acked-by: Jamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/net/sch_generic.h | 8 ++++++++
net/sched/sch_api.c | 28 +++++++++++++++++++++++-----
net/sched/sch_generic.c | 14 +++++++++++---
3 files changed, 42 insertions(+), 8 deletions(-)
diff --git a/include/net/sch_generic.h b/include/net/sch_generic.h
index 27271f2b37cb3..12eadecf8cd05 100644
--- a/include/net/sch_generic.h
+++ b/include/net/sch_generic.h
@@ -137,6 +137,13 @@ static inline void qdisc_refcount_inc(struct Qdisc *qdisc)
refcount_inc(&qdisc->refcnt);
}
+static inline bool qdisc_refcount_dec_if_one(struct Qdisc *qdisc)
+{
+ if (qdisc->flags & TCQ_F_BUILTIN)
+ return true;
+ return refcount_dec_if_one(&qdisc->refcnt);
+}
+
/* Intended to be used by unlocked users, when concurrent qdisc release is
* possible.
*/
@@ -652,6 +659,7 @@ void dev_deactivate_many(struct list_head *head);
struct Qdisc *dev_graft_qdisc(struct netdev_queue *dev_queue,
struct Qdisc *qdisc);
void qdisc_reset(struct Qdisc *qdisc);
+void qdisc_destroy(struct Qdisc *qdisc);
void qdisc_put(struct Qdisc *qdisc);
void qdisc_put_unlocked(struct Qdisc *qdisc);
void qdisc_tree_reduce_backlog(struct Qdisc *qdisc, int n, int len);
diff --git a/net/sched/sch_api.c b/net/sched/sch_api.c
index 5fa9ddd629f95..3f7311529cc00 100644
--- a/net/sched/sch_api.c
+++ b/net/sched/sch_api.c
@@ -1084,10 +1084,22 @@ static int qdisc_graft(struct net_device *dev, struct Qdisc *parent,
if ((q && q->flags & TCQ_F_INGRESS) ||
(new && new->flags & TCQ_F_INGRESS)) {
ingress = 1;
- if (!dev_ingress_queue(dev)) {
+ dev_queue = dev_ingress_queue(dev);
+ if (!dev_queue) {
NL_SET_ERR_MSG(extack, "Device does not have an ingress queue");
return -ENOENT;
}
+
+ q = rtnl_dereference(dev_queue->qdisc_sleeping);
+
+ /* This is the counterpart of that qdisc_refcount_inc_nz() call in
+ * __tcf_qdisc_find() for filter requests.
+ */
+ if (!qdisc_refcount_dec_if_one(q)) {
+ NL_SET_ERR_MSG(extack,
+ "Current ingress or clsact Qdisc has ongoing filter requests");
+ return -EBUSY;
+ }
}
if (dev->flags & IFF_UP)
@@ -1108,8 +1120,16 @@ static int qdisc_graft(struct net_device *dev, struct Qdisc *parent,
qdisc_put(old);
}
} else {
- dev_queue = dev_ingress_queue(dev);
- old = dev_graft_qdisc(dev_queue, new);
+ old = dev_graft_qdisc(dev_queue, NULL);
+
+ /* {ingress,clsact}_destroy() @old before grafting @new to avoid
+ * unprotected concurrent accesses to net_device::miniq_{in,e}gress
+ * pointer(s) in mini_qdisc_pair_swap().
+ */
+ qdisc_notify(net, skb, n, classid, old, new, extack);
+ qdisc_destroy(old);
+
+ dev_graft_qdisc(dev_queue, new);
}
skip:
@@ -1123,8 +1143,6 @@ static int qdisc_graft(struct net_device *dev, struct Qdisc *parent,
if (new && new->ops->attach)
new->ops->attach(new);
- } else {
- notify_and_destroy(net, skb, n, classid, old, new, extack);
}
if (dev->flags & IFF_UP)
diff --git a/net/sched/sch_generic.c b/net/sched/sch_generic.c
index ee43e8ac039ed..a5693e25b2482 100644
--- a/net/sched/sch_generic.c
+++ b/net/sched/sch_generic.c
@@ -1046,7 +1046,7 @@ static void qdisc_free_cb(struct rcu_head *head)
qdisc_free(q);
}
-static void qdisc_destroy(struct Qdisc *qdisc)
+static void __qdisc_destroy(struct Qdisc *qdisc)
{
const struct Qdisc_ops *ops = qdisc->ops;
@@ -1070,6 +1070,14 @@ static void qdisc_destroy(struct Qdisc *qdisc)
call_rcu(&qdisc->rcu, qdisc_free_cb);
}
+void qdisc_destroy(struct Qdisc *qdisc)
+{
+ if (qdisc->flags & TCQ_F_BUILTIN)
+ return;
+
+ __qdisc_destroy(qdisc);
+}
+
void qdisc_put(struct Qdisc *qdisc)
{
if (!qdisc)
@@ -1079,7 +1087,7 @@ void qdisc_put(struct Qdisc *qdisc)
!refcount_dec_and_test(&qdisc->refcnt))
return;
- qdisc_destroy(qdisc);
+ __qdisc_destroy(qdisc);
}
EXPORT_SYMBOL(qdisc_put);
@@ -1094,7 +1102,7 @@ void qdisc_put_unlocked(struct Qdisc *qdisc)
!refcount_dec_and_rtnl_lock(&qdisc->refcnt))
return;
- qdisc_destroy(qdisc);
+ __qdisc_destroy(qdisc);
rtnl_unlock();
}
EXPORT_SYMBOL(qdisc_put_unlocked);
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 167/187] selftests: forwarding: hw_stats_l3: Set addrgenmode in a separate step
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (165 preceding siblings ...)
2023-06-19 10:29 ` [PATCH 6.3 166/187] net/sched: qdisc_destroy() old ingress and clsact Qdiscs before grafting Greg Kroah-Hartman
@ 2023-06-19 10:29 ` Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 168/187] cifs: fix lease break oops in xfstest generic/098 Greg Kroah-Hartman
` (31 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Danielle Ratson, Ido Schimmel,
Petr Machata, Paolo Abeni, Sasha Levin
From: Danielle Ratson <danieller@nvidia.com>
[ Upstream commit bef68e201e538eaa3a91f97aae8161eb2d0a8ed7 ]
Setting the IPv6 address generation mode of a net device during its
creation never worked, but after commit b0ad3c179059 ("rtnetlink: call
validate_linkmsg in rtnl_create_link") it explicitly fails [1]. The
failure is caused by the fact that validate_linkmsg() is called before
the net device is registered, when it still does not have an 'inet6_dev'.
Likewise, raising the net device before setting the address generation
mode is meaningless, because by the time the mode is set, the address
has already been generated.
Therefore, fix the test to first create the net device, then set its
IPv6 address generation mode and finally bring it up.
[1]
# ip link add name mydev addrgenmode eui64 type dummy
RTNETLINK answers: Address family not supported by protocol
Fixes: ba95e7930957 ("selftests: forwarding: hw_stats_l3: Add a new test")
Signed-off-by: Danielle Ratson <danieller@nvidia.com>
Reviewed-by: Ido Schimmel <idosch@nvidia.com>
Signed-off-by: Petr Machata <petrm@nvidia.com>
Link: https://lore.kernel.org/r/f3b05d85b2bc0c3d6168fe8f7207c6c8365703db.1686580046.git.petrm@nvidia.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/net/forwarding/hw_stats_l3.sh | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/tools/testing/selftests/net/forwarding/hw_stats_l3.sh b/tools/testing/selftests/net/forwarding/hw_stats_l3.sh
index 9c1f76e108af1..1a936ffbacee7 100755
--- a/tools/testing/selftests/net/forwarding/hw_stats_l3.sh
+++ b/tools/testing/selftests/net/forwarding/hw_stats_l3.sh
@@ -84,8 +84,9 @@ h2_destroy()
router_rp1_200_create()
{
- ip link add name $rp1.200 up \
- link $rp1 addrgenmode eui64 type vlan id 200
+ ip link add name $rp1.200 link $rp1 type vlan id 200
+ ip link set dev $rp1.200 addrgenmode eui64
+ ip link set dev $rp1.200 up
ip address add dev $rp1.200 192.0.2.2/28
ip address add dev $rp1.200 2001:db8:1::2/64
ip stats set dev $rp1.200 l3_stats on
@@ -256,9 +257,11 @@ reapply_config()
router_rp1_200_destroy
- ip link add name $rp1.200 link $rp1 addrgenmode none type vlan id 200
+ ip link add name $rp1.200 link $rp1 type vlan id 200
+ ip link set dev $rp1.200 addrgenmode none
ip stats set dev $rp1.200 l3_stats on
- ip link set dev $rp1.200 up addrgenmode eui64
+ ip link set dev $rp1.200 addrgenmode eui64
+ ip link set dev $rp1.200 up
ip address add dev $rp1.200 192.0.2.2/28
ip address add dev $rp1.200 2001:db8:1::2/64
}
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 168/187] cifs: fix lease break oops in xfstest generic/098
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (166 preceding siblings ...)
2023-06-19 10:29 ` [PATCH 6.3 167/187] selftests: forwarding: hw_stats_l3: Set addrgenmode in a separate step Greg Kroah-Hartman
@ 2023-06-19 10:29 ` Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 169/187] RDMA/rxe: Fix rxe_cq_post Greg Kroah-Hartman
` (30 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Bharath SM, Shyam Prasad N,
Steve French, Sasha Levin
From: Steve French <stfrench@microsoft.com>
[ Upstream commit c774e6779f38bf36f0cce65e30793704bab4b0d7 ]
umount can race with lease break so need to check if
tcon->ses->server is still valid to send the lease
break response.
Reviewed-by: Bharath SM <bharathsm@microsoft.com>
Reviewed-by: Shyam Prasad N <sprasad@microsoft.com>
Fixes: 59a556aebc43 ("SMB3: drop reference to cfile before sending oplock break")
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/cifs/file.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/fs/cifs/file.c b/fs/cifs/file.c
index df88b8c04d03d..051283386e229 100644
--- a/fs/cifs/file.c
+++ b/fs/cifs/file.c
@@ -4942,9 +4942,13 @@ void cifs_oplock_break(struct work_struct *work)
* disconnected since oplock already released by the server
*/
if (!oplock_break_cancelled) {
- rc = tcon->ses->server->ops->oplock_response(tcon, persistent_fid,
+ /* check for server null since can race with kill_sb calling tree disconnect */
+ if (tcon->ses && tcon->ses->server) {
+ rc = tcon->ses->server->ops->oplock_response(tcon, persistent_fid,
volatile_fid, net_fid, cinode);
- cifs_dbg(FYI, "Oplock release rc = %d\n", rc);
+ cifs_dbg(FYI, "Oplock release rc = %d\n", rc);
+ } else
+ pr_warn_once("lease break not sent for unmounted share\n");
}
cifs_done_oplock_break(cinode);
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 169/187] RDMA/rxe: Fix rxe_cq_post
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (167 preceding siblings ...)
2023-06-19 10:29 ` [PATCH 6.3 168/187] cifs: fix lease break oops in xfstest generic/098 Greg Kroah-Hartman
@ 2023-06-19 10:29 ` Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 170/187] Revert "media: dvb-core: Fix use-after-free on race condition at dvb_frontend" Greg Kroah-Hartman
` (29 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Bob Pearson, Jason Gunthorpe,
Sasha Levin
From: Bob Pearson <rpearsonhpe@gmail.com>
[ Upstream commit 0c7e314a6352664e12ec465f576cf039e95f8369 ]
A recent patch replaced a tasklet execution of cq->comp_handler by a
direct call. While this made sense it let changes to cq->notify state be
unprotected and assumed that the cq completion machinery and the ulp done
callbacks were reentrant. The result is that in some cases completion
events can be lost. This patch moves the cq->comp_handler call inside of
the spinlock in rxe_cq_post which solves both issues. This is compatible
with the matching code in the request notify verb.
Fixes: 78b26a335310 ("RDMA/rxe: Remove tasklet call from rxe_cq.c")
Link: https://lore.kernel.org/r/20230612155032.17036-1-rpearsonhpe@gmail.com
Signed-off-by: Bob Pearson <rpearsonhpe@gmail.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/sw/rxe/rxe_cq.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/infiniband/sw/rxe/rxe_cq.c b/drivers/infiniband/sw/rxe/rxe_cq.c
index 519ddec29b4ba..d6113329fee61 100644
--- a/drivers/infiniband/sw/rxe/rxe_cq.c
+++ b/drivers/infiniband/sw/rxe/rxe_cq.c
@@ -112,8 +112,6 @@ int rxe_cq_post(struct rxe_cq *cq, struct rxe_cqe *cqe, int solicited)
queue_advance_producer(cq->queue, QUEUE_TYPE_TO_CLIENT);
- spin_unlock_irqrestore(&cq->cq_lock, flags);
-
if ((cq->notify == IB_CQ_NEXT_COMP) ||
(cq->notify == IB_CQ_SOLICITED && solicited)) {
cq->notify = 0;
@@ -121,6 +119,8 @@ int rxe_cq_post(struct rxe_cq *cq, struct rxe_cqe *cqe, int solicited)
cq->ibcq.comp_handler(&cq->ibcq, cq->ibcq.cq_context);
}
+ spin_unlock_irqrestore(&cq->cq_lock, flags);
+
return 0;
}
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 170/187] Revert "media: dvb-core: Fix use-after-free on race condition at dvb_frontend"
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (168 preceding siblings ...)
2023-06-19 10:29 ` [PATCH 6.3 169/187] RDMA/rxe: Fix rxe_cq_post Greg Kroah-Hartman
@ 2023-06-19 10:29 ` Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 171/187] ext4: drop the call to ext4_error() from ext4_get_group_info() Greg Kroah-Hartman
` (28 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:29 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Mauro Carvalho Chehab, Sasha Levin
From: Mauro Carvalho Chehab <mchehab@kernel.org>
[ Upstream commit ec21a38df77a5aefbd2f70c48127003b6f259cf3 ]
As reported by Thomas Voegtle <tv@lio96.de>, sometimes a DVB card does
not initialize properly booting Linux 6.4-rc4. This is not always, maybe
in 3 out of 4 attempts.
After double-checking, the root cause seems to be related to the
UAF fix, which is causing a race issue:
[ 26.332149] tda10071 7-0005: found a 'NXP TDA10071' in cold state, will try to load a firmware
[ 26.340779] tda10071 7-0005: downloading firmware from file 'dvb-fe-tda10071.fw'
[ 989.277402] INFO: task vdr:743 blocked for more than 491 seconds.
[ 989.283504] Not tainted 6.4.0-rc5-i5 #249
[ 989.288036] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 989.295860] task:vdr state:D stack:0 pid:743 ppid:711 flags:0x00004002
[ 989.295865] Call Trace:
[ 989.295867] <TASK>
[ 989.295869] __schedule+0x2ea/0x12d0
[ 989.295877] ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[ 989.295881] schedule+0x57/0xc0
[ 989.295884] schedule_preempt_disabled+0xc/0x20
[ 989.295887] __mutex_lock.isra.16+0x237/0x480
[ 989.295891] ? dvb_get_property.isra.10+0x1bc/0xa50
[ 989.295898] ? dvb_frontend_stop+0x36/0x180
[ 989.338777] dvb_frontend_stop+0x36/0x180
[ 989.338781] dvb_frontend_open+0x2f1/0x470
[ 989.338784] dvb_device_open+0x81/0xf0
[ 989.338804] ? exact_lock+0x20/0x20
[ 989.338808] chrdev_open+0x7f/0x1c0
[ 989.338811] ? generic_permission+0x1a2/0x230
[ 989.338813] ? link_path_walk.part.63+0x340/0x380
[ 989.338815] ? exact_lock+0x20/0x20
[ 989.338817] do_dentry_open+0x18e/0x450
[ 989.374030] path_openat+0xca5/0xe00
[ 989.374031] ? terminate_walk+0xec/0x100
[ 989.374034] ? path_lookupat+0x93/0x140
[ 989.374036] do_filp_open+0xc0/0x140
[ 989.374038] ? __call_rcu_common.constprop.91+0x92/0x240
[ 989.374041] ? __check_object_size+0x147/0x260
[ 989.374043] ? __check_object_size+0x147/0x260
[ 989.374045] ? alloc_fd+0xbb/0x180
[ 989.374048] ? do_sys_openat2+0x243/0x310
[ 989.374050] do_sys_openat2+0x243/0x310
[ 989.374052] do_sys_open+0x52/0x80
[ 989.374055] do_syscall_64+0x5b/0x80
[ 989.421335] ? __task_pid_nr_ns+0x92/0xa0
[ 989.421337] ? syscall_exit_to_user_mode+0x20/0x40
[ 989.421339] ? do_syscall_64+0x67/0x80
[ 989.421341] ? syscall_exit_to_user_mode+0x20/0x40
[ 989.421343] ? do_syscall_64+0x67/0x80
[ 989.421345] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 989.421348] RIP: 0033:0x7fe895d067e3
[ 989.421349] RSP: 002b:00007fff933c2ba0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 989.421351] RAX: ffffffffffffffda RBX: 00007fff933c2c10 RCX: 00007fe895d067e3
[ 989.421352] RDX: 0000000000000802 RSI: 00005594acdce160 RDI: 00000000ffffff9c
[ 989.421353] RBP: 0000000000000802 R08: 0000000000000000 R09: 0000000000000000
[ 989.421353] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[ 989.421354] R13: 00007fff933c2ca0 R14: 00000000ffffffff R15: 00007fff933c2c90
[ 989.421355] </TASK>
This reverts commit 6769a0b7ee0c3b31e1b22c3fadff2bfb642de23f.
Fixes: 6769a0b7ee0c ("media: dvb-core: Fix use-after-free on race condition at dvb_frontend")
Link: https://lore.kernel.org/all/da5382ad-09d6-20ac-0d53-611594b30861@lio96.de/
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/dvb-core/dvb_frontend.c | 53 +++++----------------------
include/media/dvb_frontend.h | 6 +--
2 files changed, 10 insertions(+), 49 deletions(-)
diff --git a/drivers/media/dvb-core/dvb_frontend.c b/drivers/media/dvb-core/dvb_frontend.c
index bc6950a5740f6..9293b058ab997 100644
--- a/drivers/media/dvb-core/dvb_frontend.c
+++ b/drivers/media/dvb-core/dvb_frontend.c
@@ -817,26 +817,15 @@ static void dvb_frontend_stop(struct dvb_frontend *fe)
dev_dbg(fe->dvb->device, "%s:\n", __func__);
- mutex_lock(&fe->remove_mutex);
-
if (fe->exit != DVB_FE_DEVICE_REMOVED)
fe->exit = DVB_FE_NORMAL_EXIT;
mb();
- if (!fepriv->thread) {
- mutex_unlock(&fe->remove_mutex);
+ if (!fepriv->thread)
return;
- }
kthread_stop(fepriv->thread);
- mutex_unlock(&fe->remove_mutex);
-
- if (fepriv->dvbdev->users < -1) {
- wait_event(fepriv->dvbdev->wait_queue,
- fepriv->dvbdev->users == -1);
- }
-
sema_init(&fepriv->sem, 1);
fepriv->state = FESTATE_IDLE;
@@ -2780,13 +2769,9 @@ static int dvb_frontend_open(struct inode *inode, struct file *file)
struct dvb_adapter *adapter = fe->dvb;
int ret;
- mutex_lock(&fe->remove_mutex);
-
dev_dbg(fe->dvb->device, "%s:\n", __func__);
- if (fe->exit == DVB_FE_DEVICE_REMOVED) {
- ret = -ENODEV;
- goto err_remove_mutex;
- }
+ if (fe->exit == DVB_FE_DEVICE_REMOVED)
+ return -ENODEV;
if (adapter->mfe_shared == 2) {
mutex_lock(&adapter->mfe_lock);
@@ -2794,8 +2779,7 @@ static int dvb_frontend_open(struct inode *inode, struct file *file)
if (adapter->mfe_dvbdev &&
!adapter->mfe_dvbdev->writers) {
mutex_unlock(&adapter->mfe_lock);
- ret = -EBUSY;
- goto err_remove_mutex;
+ return -EBUSY;
}
adapter->mfe_dvbdev = dvbdev;
}
@@ -2818,10 +2802,8 @@ static int dvb_frontend_open(struct inode *inode, struct file *file)
while (mferetry-- && (mfedev->users != -1 ||
mfepriv->thread)) {
if (msleep_interruptible(500)) {
- if (signal_pending(current)) {
- ret = -EINTR;
- goto err_remove_mutex;
- }
+ if (signal_pending(current))
+ return -EINTR;
}
}
@@ -2833,8 +2815,7 @@ static int dvb_frontend_open(struct inode *inode, struct file *file)
if (mfedev->users != -1 ||
mfepriv->thread) {
mutex_unlock(&adapter->mfe_lock);
- ret = -EBUSY;
- goto err_remove_mutex;
+ return -EBUSY;
}
adapter->mfe_dvbdev = dvbdev;
}
@@ -2893,8 +2874,6 @@ static int dvb_frontend_open(struct inode *inode, struct file *file)
if (adapter->mfe_shared)
mutex_unlock(&adapter->mfe_lock);
-
- mutex_unlock(&fe->remove_mutex);
return ret;
err3:
@@ -2916,9 +2895,6 @@ static int dvb_frontend_open(struct inode *inode, struct file *file)
err0:
if (adapter->mfe_shared)
mutex_unlock(&adapter->mfe_lock);
-
-err_remove_mutex:
- mutex_unlock(&fe->remove_mutex);
return ret;
}
@@ -2929,8 +2905,6 @@ static int dvb_frontend_release(struct inode *inode, struct file *file)
struct dvb_frontend_private *fepriv = fe->frontend_priv;
int ret;
- mutex_lock(&fe->remove_mutex);
-
dev_dbg(fe->dvb->device, "%s:\n", __func__);
if ((file->f_flags & O_ACCMODE) != O_RDONLY) {
@@ -2952,18 +2926,10 @@ static int dvb_frontend_release(struct inode *inode, struct file *file)
}
mutex_unlock(&fe->dvb->mdev_lock);
#endif
+ if (fe->exit != DVB_FE_NO_EXIT)
+ wake_up(&dvbdev->wait_queue);
if (fe->ops.ts_bus_ctrl)
fe->ops.ts_bus_ctrl(fe, 0);
-
- if (fe->exit != DVB_FE_NO_EXIT) {
- mutex_unlock(&fe->remove_mutex);
- wake_up(&dvbdev->wait_queue);
- } else {
- mutex_unlock(&fe->remove_mutex);
- }
-
- } else {
- mutex_unlock(&fe->remove_mutex);
}
dvb_frontend_put(fe);
@@ -3064,7 +3030,6 @@ int dvb_register_frontend(struct dvb_adapter *dvb,
fepriv = fe->frontend_priv;
kref_init(&fe->refcount);
- mutex_init(&fe->remove_mutex);
/*
* After initialization, there need to be two references: one
diff --git a/include/media/dvb_frontend.h b/include/media/dvb_frontend.h
index 367d5381217b5..e7c44870f20de 100644
--- a/include/media/dvb_frontend.h
+++ b/include/media/dvb_frontend.h
@@ -686,10 +686,7 @@ struct dtv_frontend_properties {
* @id: Frontend ID
* @exit: Used to inform the DVB core that the frontend
* thread should exit (usually, means that the hardware
- * got disconnected).
- * @remove_mutex: mutex that avoids a race condition between a callback
- * called when the hardware is disconnected and the
- * file_operations of dvb_frontend.
+ * got disconnected.
*/
struct dvb_frontend {
@@ -707,7 +704,6 @@ struct dvb_frontend {
int (*callback)(void *adapter_priv, int component, int cmd, int arg);
int id;
unsigned int exit;
- struct mutex remove_mutex;
};
/**
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 171/187] ext4: drop the call to ext4_error() from ext4_get_group_info()
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (169 preceding siblings ...)
2023-06-19 10:29 ` [PATCH 6.3 170/187] Revert "media: dvb-core: Fix use-after-free on race condition at dvb_frontend" Greg Kroah-Hartman
@ 2023-06-19 10:29 ` Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 172/187] ice: Fix ice module unload Greg Kroah-Hartman
` (27 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+4acc7d910e617b360859,
Theodore Tso, Fabio M. De Francesco, Sasha Levin
From: Fabio M. De Francesco <fmdefrancesco@gmail.com>
[ Upstream commit f451fd97dd2b78f286379203a47d9d295c467255 ]
A recent patch added a call to ext4_error() which is problematic since
some callers of the ext4_get_group_info() function may be holding a
spinlock, whereas ext4_error() must never be called in atomic context.
This triggered a report from Syzbot: "BUG: sleeping function called from
invalid context in ext4_update_super" (see the link below).
Therefore, drop the call to ext4_error() from ext4_get_group_info(). In
the meantime use eight characters tabs instead of nine characters ones.
Reported-by: syzbot+4acc7d910e617b360859@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/all/00000000000070575805fdc6cdb2@google.com/
Fixes: 5354b2af3406 ("ext4: allow ext4_get_group_info() to fail")
Suggested-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Fabio M. De Francesco <fmdefrancesco@gmail.com>
Link: https://lore.kernel.org/r/20230614100446.14337-1-fmdefrancesco@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ext4/balloc.c | 20 +++++++++-----------
1 file changed, 9 insertions(+), 11 deletions(-)
diff --git a/fs/ext4/balloc.c b/fs/ext4/balloc.c
index a38aa33af08ef..8e83b51e3c68a 100644
--- a/fs/ext4/balloc.c
+++ b/fs/ext4/balloc.c
@@ -322,17 +322,15 @@ static ext4_fsblk_t ext4_valid_block_bitmap_padding(struct super_block *sb,
struct ext4_group_info *ext4_get_group_info(struct super_block *sb,
ext4_group_t group)
{
- struct ext4_group_info **grp_info;
- long indexv, indexh;
-
- if (unlikely(group >= EXT4_SB(sb)->s_groups_count)) {
- ext4_error(sb, "invalid group %u", group);
- return NULL;
- }
- indexv = group >> (EXT4_DESC_PER_BLOCK_BITS(sb));
- indexh = group & ((EXT4_DESC_PER_BLOCK(sb)) - 1);
- grp_info = sbi_array_rcu_deref(EXT4_SB(sb), s_group_info, indexv);
- return grp_info[indexh];
+ struct ext4_group_info **grp_info;
+ long indexv, indexh;
+
+ if (unlikely(group >= EXT4_SB(sb)->s_groups_count))
+ return NULL;
+ indexv = group >> (EXT4_DESC_PER_BLOCK_BITS(sb));
+ indexh = group & ((EXT4_DESC_PER_BLOCK(sb)) - 1);
+ grp_info = sbi_array_rcu_deref(EXT4_SB(sb), s_group_info, indexv);
+ return grp_info[indexh];
}
/*
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 172/187] ice: Fix ice module unload
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (170 preceding siblings ...)
2023-06-19 10:29 ` [PATCH 6.3 171/187] ext4: drop the call to ext4_error() from ext4_get_group_info() Greg Kroah-Hartman
@ 2023-06-19 10:29 ` Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 173/187] net/sched: cls_api: Fix lockup on flushing explicitly created chain Greg Kroah-Hartman
` (26 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jakub Buchocki, Przemek Kitszel,
Tony Nguyen, Simon Horman, Jakub Kicinski, Sasha Levin,
Pucha Himasekhar Reddy
From: Jakub Buchocki <jakubx.buchocki@intel.com>
[ Upstream commit 24b454bc354ab7b1aa918a4fe3d7696516f592d4 ]
Clearing the interrupt scheme before PFR reset,
during the removal routine, could cause the hardware
errors and possibly lead to system reboot, as the PF
reset can cause the interrupt to be generated.
Place the call for PFR reset inside ice_deinit_dev(),
wait until reset and all pending transactions are done,
then call ice_clear_interrupt_scheme().
This introduces a PFR reset to multiple error paths.
Additionally, remove the call for the reset from
ice_load() - it will be a part of ice_unload() now.
Error example:
[ 75.229328] ice 0000:ca:00.1: Failed to read Tx Scheduler Tree - User Selection data from flash
[ 77.571315] {1}[Hardware Error]: Hardware error from APEI Generic Hardware Error Source: 1
[ 77.571418] {1}[Hardware Error]: event severity: recoverable
[ 77.571459] {1}[Hardware Error]: Error 0, type: recoverable
[ 77.571500] {1}[Hardware Error]: section_type: PCIe error
[ 77.571540] {1}[Hardware Error]: port_type: 4, root port
[ 77.571580] {1}[Hardware Error]: version: 3.0
[ 77.571615] {1}[Hardware Error]: command: 0x0547, status: 0x4010
[ 77.571661] {1}[Hardware Error]: device_id: 0000:c9:02.0
[ 77.571703] {1}[Hardware Error]: slot: 25
[ 77.571736] {1}[Hardware Error]: secondary_bus: 0xca
[ 77.571773] {1}[Hardware Error]: vendor_id: 0x8086, device_id: 0x347a
[ 77.571821] {1}[Hardware Error]: class_code: 060400
[ 77.571858] {1}[Hardware Error]: bridge: secondary_status: 0x2800, control: 0x0013
[ 77.572490] pcieport 0000:c9:02.0: AER: aer_status: 0x00200000, aer_mask: 0x00100020
[ 77.572870] pcieport 0000:c9:02.0: [21] ACSViol (First)
[ 77.573222] pcieport 0000:c9:02.0: AER: aer_layer=Transaction Layer, aer_agent=Receiver ID
[ 77.573554] pcieport 0000:c9:02.0: AER: aer_uncor_severity: 0x00463010
[ 77.691273] {2}[Hardware Error]: Hardware error from APEI Generic Hardware Error Source: 1
[ 77.691738] {2}[Hardware Error]: event severity: recoverable
[ 77.691971] {2}[Hardware Error]: Error 0, type: recoverable
[ 77.692192] {2}[Hardware Error]: section_type: PCIe error
[ 77.692403] {2}[Hardware Error]: port_type: 4, root port
[ 77.692616] {2}[Hardware Error]: version: 3.0
[ 77.692825] {2}[Hardware Error]: command: 0x0547, status: 0x4010
[ 77.693032] {2}[Hardware Error]: device_id: 0000:c9:02.0
[ 77.693238] {2}[Hardware Error]: slot: 25
[ 77.693440] {2}[Hardware Error]: secondary_bus: 0xca
[ 77.693641] {2}[Hardware Error]: vendor_id: 0x8086, device_id: 0x347a
[ 77.693853] {2}[Hardware Error]: class_code: 060400
[ 77.694054] {2}[Hardware Error]: bridge: secondary_status: 0x0800, control: 0x0013
[ 77.719115] pci 0000:ca:00.1: AER: can't recover (no error_detected callback)
[ 77.719140] pcieport 0000:c9:02.0: AER: device recovery failed
[ 77.719216] pcieport 0000:c9:02.0: AER: aer_status: 0x00200000, aer_mask: 0x00100020
[ 77.719390] pcieport 0000:c9:02.0: [21] ACSViol (First)
[ 77.719557] pcieport 0000:c9:02.0: AER: aer_layer=Transaction Layer, aer_agent=Receiver ID
[ 77.719723] pcieport 0000:c9:02.0: AER: aer_uncor_severity: 0x00463010
Fixes: 5b246e533d01 ("ice: split probe into smaller functions")
Signed-off-by: Jakub Buchocki <jakubx.buchocki@intel.com>
Reviewed-by: Przemek Kitszel <przemyslaw.kitszel@intel.com>
Tested-by: Pucha Himasekhar Reddy <himasekharx.reddy.pucha@intel.com> (A Contingent worker at Intel)
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Reviewed-by: Simon Horman <simon.horman@corigine.com>
Link: https://lore.kernel.org/r/20230612171421.21570-1-anthony.l.nguyen@intel.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/intel/ice/ice_main.c | 16 +++++-----------
1 file changed, 5 insertions(+), 11 deletions(-)
diff --git a/drivers/net/ethernet/intel/ice/ice_main.c b/drivers/net/ethernet/intel/ice/ice_main.c
index 0c949ed22a313..98e8ce743fb2e 100644
--- a/drivers/net/ethernet/intel/ice/ice_main.c
+++ b/drivers/net/ethernet/intel/ice/ice_main.c
@@ -4794,9 +4794,13 @@ static int ice_init_dev(struct ice_pf *pf)
static void ice_deinit_dev(struct ice_pf *pf)
{
ice_free_irq_msix_misc(pf);
- ice_clear_interrupt_scheme(pf);
ice_deinit_pf(pf);
ice_deinit_hw(&pf->hw);
+
+ /* Service task is already stopped, so call reset directly. */
+ ice_reset(&pf->hw, ICE_RESET_PFR);
+ pci_wait_for_pending_transaction(pf->pdev);
+ ice_clear_interrupt_scheme(pf);
}
static void ice_init_features(struct ice_pf *pf)
@@ -5086,10 +5090,6 @@ int ice_load(struct ice_pf *pf)
struct ice_vsi *vsi;
int err;
- err = ice_reset(&pf->hw, ICE_RESET_PFR);
- if (err)
- return err;
-
err = ice_init_dev(pf);
if (err)
return err;
@@ -5346,12 +5346,6 @@ static void ice_remove(struct pci_dev *pdev)
ice_setup_mc_magic_wake(pf);
ice_set_wake(pf);
- /* Issue a PFR as part of the prescribed driver unload flow. Do not
- * do it via ice_schedule_reset() since there is no need to rebuild
- * and the service task is already stopped.
- */
- ice_reset(&pf->hw, ICE_RESET_PFR);
- pci_wait_for_pending_transaction(pdev);
pci_disable_device(pdev);
}
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 173/187] net/sched: cls_api: Fix lockup on flushing explicitly created chain
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (171 preceding siblings ...)
2023-06-19 10:29 ` [PATCH 6.3 172/187] ice: Fix ice module unload Greg Kroah-Hartman
@ 2023-06-19 10:29 ` Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 174/187] net: dsa: felix: fix taprio guard band overflow at 10Mbps with jumbo frames Greg Kroah-Hartman
` (25 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mingshuai Ren, Vlad Buslov,
Jakub Kicinski, Sasha Levin
From: Vlad Buslov <vladbu@nvidia.com>
[ Upstream commit c9a82bec02c339cdda99b37c5e62b3b71fc4209c ]
Mingshuai Ren reports:
When a new chain is added by using tc, one soft lockup alarm will be
generated after delete the prio 0 filter of the chain. To reproduce
the problem, perform the following steps:
(1) tc qdisc add dev eth0 root handle 1: htb default 1
(2) tc chain add dev eth0
(3) tc filter del dev eth0 chain 0 parent 1: prio 0
(4) tc filter add dev eth0 chain 0 parent 1:
Fix the issue by accounting for additional reference to chains that are
explicitly created by RTM_NEWCHAIN message as opposed to implicitly by
RTM_NEWTFILTER message.
Fixes: 726d061286ce ("net: sched: prevent insertion of new classifiers during chain flush")
Reported-by: Mingshuai Ren <renmingshuai@huawei.com>
Closes: https://lore.kernel.org/lkml/87legswvi3.fsf@nvidia.com/T/
Signed-off-by: Vlad Buslov <vladbu@nvidia.com>
Link: https://lore.kernel.org/r/20230612093426.2867183-1-vladbu@nvidia.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/sched/cls_api.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/net/sched/cls_api.c b/net/sched/cls_api.c
index c877a6343fd47..a193cc7b32418 100644
--- a/net/sched/cls_api.c
+++ b/net/sched/cls_api.c
@@ -657,8 +657,8 @@ static void __tcf_chain_put(struct tcf_chain *chain, bool by_act,
{
struct tcf_block *block = chain->block;
const struct tcf_proto_ops *tmplt_ops;
+ unsigned int refcnt, non_act_refcnt;
bool free_block = false;
- unsigned int refcnt;
void *tmplt_priv;
mutex_lock(&block->lock);
@@ -678,13 +678,15 @@ static void __tcf_chain_put(struct tcf_chain *chain, bool by_act,
* save these to temporary variables.
*/
refcnt = --chain->refcnt;
+ non_act_refcnt = refcnt - chain->action_refcnt;
tmplt_ops = chain->tmplt_ops;
tmplt_priv = chain->tmplt_priv;
- /* The last dropped non-action reference will trigger notification. */
- if (refcnt - chain->action_refcnt == 0 && !by_act) {
- tc_chain_notify_delete(tmplt_ops, tmplt_priv, chain->index,
- block, NULL, 0, 0, false);
+ if (non_act_refcnt == chain->explicitly_created && !by_act) {
+ if (non_act_refcnt == 0)
+ tc_chain_notify_delete(tmplt_ops, tmplt_priv,
+ chain->index, block, NULL, 0, 0,
+ false);
/* Last reference to chain, no need to lock. */
chain->flushing = false;
}
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 174/187] net: dsa: felix: fix taprio guard band overflow at 10Mbps with jumbo frames
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (172 preceding siblings ...)
2023-06-19 10:29 ` [PATCH 6.3 173/187] net/sched: cls_api: Fix lockup on flushing explicitly created chain Greg Kroah-Hartman
@ 2023-06-19 10:29 ` Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 175/187] net: lapbether: only support ethernet devices Greg Kroah-Hartman
` (24 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Vladimir Oltean, Simon Horman,
Jakub Kicinski, Sasha Levin
From: Vladimir Oltean <vladimir.oltean@nxp.com>
[ Upstream commit 6ac7a27a8b07588497ed53dfd885df9c72bc67e0 ]
The DEV_MAC_MAXLEN_CFG register contains a 16-bit value - up to 65535.
Plus 2 * VLAN_HLEN (4), that is up to 65543.
The picos_per_byte variable is the largest when "speed" is lowest -
SPEED_10 = 10. In that case it is (1000000L * 8) / 10 = 800000.
Their product - 52434400000 - exceeds 32 bits, which is a problem,
because apparently, a multiplication between two 32-bit factors is
evaluated as 32-bit before being assigned to a 64-bit variable.
In fact it's a problem for any MTU value larger than 5368.
Cast one of the factors of the multiplication to u64 to force the
multiplication to take place on 64 bits.
Issue found by Coverity.
Fixes: 55a515b1f5a9 ("net: dsa: felix: drop oversized frames with tc-taprio instead of hanging the port")
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Reviewed-by: Simon Horman <simon.horman@corigine.com>
Link: https://lore.kernel.org/r/20230613170907.2413559-1-vladimir.oltean@nxp.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/dsa/ocelot/felix_vsc9959.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/dsa/ocelot/felix_vsc9959.c b/drivers/net/dsa/ocelot/felix_vsc9959.c
index dddb28984bdfc..841c5ebc1afaa 100644
--- a/drivers/net/dsa/ocelot/felix_vsc9959.c
+++ b/drivers/net/dsa/ocelot/felix_vsc9959.c
@@ -1263,7 +1263,7 @@ static void vsc9959_tas_guard_bands_update(struct ocelot *ocelot, int port)
/* Consider the standard Ethernet overhead of 8 octets preamble+SFD,
* 4 octets FCS, 12 octets IFG.
*/
- needed_bit_time_ps = (maxlen + 24) * picos_per_byte;
+ needed_bit_time_ps = (u64)(maxlen + 24) * picos_per_byte;
dev_dbg(ocelot->dev,
"port %d: max frame size %d needs %llu ps at speed %d\n",
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 175/187] net: lapbether: only support ethernet devices
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (173 preceding siblings ...)
2023-06-19 10:29 ` [PATCH 6.3 174/187] net: dsa: felix: fix taprio guard band overflow at 10Mbps with jumbo frames Greg Kroah-Hartman
@ 2023-06-19 10:29 ` Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 176/187] net: macsec: fix double free of percpu stats Greg Kroah-Hartman
` (23 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot, Eric Dumazet,
Martin Schiller, David S. Miller, Sasha Levin
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 9eed321cde22fc1afd76eac563ce19d899e0d6b2 ]
It probbaly makes no sense to support arbitrary network devices
for lapbether.
syzbot reported:
skbuff: skb_under_panic: text:ffff80008934c100 len:44 put:40 head:ffff0000d18dd200 data:ffff0000d18dd1ea tail:0x16 end:0x140 dev:bond1
kernel BUG at net/core/skbuff.c:200 !
Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 5643 Comm: dhcpcd Not tainted 6.4.0-rc5-syzkaller-g4641cff8e810 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : skb_panic net/core/skbuff.c:196 [inline]
pc : skb_under_panic+0x13c/0x140 net/core/skbuff.c:210
lr : skb_panic net/core/skbuff.c:196 [inline]
lr : skb_under_panic+0x13c/0x140 net/core/skbuff.c:210
sp : ffff8000973b7260
x29: ffff8000973b7270 x28: ffff8000973b7360 x27: dfff800000000000
x26: ffff0000d85d8150 x25: 0000000000000016 x24: ffff0000d18dd1ea
x23: ffff0000d18dd200 x22: 000000000000002c x21: 0000000000000140
x20: 0000000000000028 x19: ffff80008934c100 x18: ffff8000973b68a0
x17: 0000000000000000 x16: ffff80008a43bfbc x15: 0000000000000202
x14: 0000000000000000 x13: 0000000000000001 x12: 0000000000000001
x11: 0000000000000201 x10: 0000000000000000 x9 : f22f7eb937cced00
x8 : f22f7eb937cced00 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff8000973b6b78 x4 : ffff80008df9ee80 x3 : ffff8000805974f4
x2 : 0000000000000001 x1 : 0000000100000201 x0 : 0000000000000086
Call trace:
skb_panic net/core/skbuff.c:196 [inline]
skb_under_panic+0x13c/0x140 net/core/skbuff.c:210
skb_push+0xf0/0x108 net/core/skbuff.c:2409
ip6gre_header+0xbc/0x738 net/ipv6/ip6_gre.c:1383
dev_hard_header include/linux/netdevice.h:3137 [inline]
lapbeth_data_transmit+0x1c4/0x298 drivers/net/wan/lapbether.c:257
lapb_data_transmit+0x8c/0xb0 net/lapb/lapb_iface.c:447
lapb_transmit_buffer+0x178/0x204 net/lapb/lapb_out.c:149
lapb_send_control+0x220/0x320 net/lapb/lapb_subr.c:251
lapb_establish_data_link+0x94/0xec
lapb_device_event+0x348/0x4e0
notifier_call_chain+0x1a4/0x510 kernel/notifier.c:93
raw_notifier_call_chain+0x3c/0x50 kernel/notifier.c:461
__dev_notify_flags+0x2bc/0x544
dev_change_flags+0xd0/0x15c net/core/dev.c:8643
devinet_ioctl+0x858/0x17e4 net/ipv4/devinet.c:1150
inet_ioctl+0x2ac/0x4d8 net/ipv4/af_inet.c:979
sock_do_ioctl+0x134/0x2dc net/socket.c:1201
sock_ioctl+0x4ec/0x858 net/socket.c:1318
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:870 [inline]
__se_sys_ioctl fs/ioctl.c:856 [inline]
__arm64_sys_ioctl+0x14c/0x1c8 fs/ioctl.c:856
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x244 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x198 arch/arm64/kernel/syscall.c:191
el0_svc+0x4c/0x160 arch/arm64/kernel/entry-common.c:647
el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:665
el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:591
Code: aa1803e6 aa1903e7 a90023f5 947730f5 (d4210000)
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Martin Schiller <ms@dev.tdt.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wan/lapbether.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/net/wan/lapbether.c b/drivers/net/wan/lapbether.c
index d62a904d2e422..56326f38fe8a3 100644
--- a/drivers/net/wan/lapbether.c
+++ b/drivers/net/wan/lapbether.c
@@ -384,6 +384,9 @@ static int lapbeth_new_device(struct net_device *dev)
ASSERT_RTNL();
+ if (dev->type != ARPHRD_ETHER)
+ return -EINVAL;
+
ndev = alloc_netdev(sizeof(*lapbeth), "lapb%d", NET_NAME_UNKNOWN,
lapbeth_setup);
if (!ndev)
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 176/187] net: macsec: fix double free of percpu stats
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (174 preceding siblings ...)
2023-06-19 10:29 ` [PATCH 6.3 175/187] net: lapbether: only support ethernet devices Greg Kroah-Hartman
@ 2023-06-19 10:29 ` Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 177/187] sfc: fix XDP queues mode with legacy IRQ Greg Kroah-Hartman
` (22 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Fedor Pchelkin, Sabrina Dubroca,
David S. Miller, Sasha Levin
From: Fedor Pchelkin <pchelkin@ispras.ru>
[ Upstream commit 0c0cf3db83f8c7c9bb141c2771a34043bcf952ef ]
Inside macsec_add_dev() we free percpu macsec->secy.tx_sc.stats and
macsec->stats on some of the memory allocation failure paths. However, the
net_device is already registered to that moment: in macsec_newlink(), just
before calling macsec_add_dev(). This means that during unregister process
its priv_destructor - macsec_free_netdev() - will be called and will free
the stats again.
Remove freeing percpu stats inside macsec_add_dev() because
macsec_free_netdev() will correctly free the already allocated ones. The
pointers to unallocated stats stay NULL, and free_percpu() treats that
correctly.
Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
Fixes: 0a28bfd4971f ("net/macsec: Add MACsec skb_metadata_dst Tx Data path support")
Fixes: c09440f7dcb3 ("macsec: introduce IEEE 802.1AE driver")
Signed-off-by: Fedor Pchelkin <pchelkin@ispras.ru>
Reviewed-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/macsec.c | 12 +++++-------
1 file changed, 5 insertions(+), 7 deletions(-)
diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c
index 25616247d7a56..e040c191659b9 100644
--- a/drivers/net/macsec.c
+++ b/drivers/net/macsec.c
@@ -3987,17 +3987,15 @@ static int macsec_add_dev(struct net_device *dev, sci_t sci, u8 icv_len)
return -ENOMEM;
secy->tx_sc.stats = netdev_alloc_pcpu_stats(struct pcpu_tx_sc_stats);
- if (!secy->tx_sc.stats) {
- free_percpu(macsec->stats);
+ if (!secy->tx_sc.stats)
return -ENOMEM;
- }
secy->tx_sc.md_dst = metadata_dst_alloc(0, METADATA_MACSEC, GFP_KERNEL);
- if (!secy->tx_sc.md_dst) {
- free_percpu(secy->tx_sc.stats);
- free_percpu(macsec->stats);
+ if (!secy->tx_sc.md_dst)
+ /* macsec and secy percpu stats will be freed when unregistering
+ * net_device in macsec_free_netdev()
+ */
return -ENOMEM;
- }
if (sci == MACSEC_UNDEF_SCI)
sci = dev_to_sci(dev, MACSEC_PORT_ES);
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 177/187] sfc: fix XDP queues mode with legacy IRQ
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (175 preceding siblings ...)
2023-06-19 10:29 ` [PATCH 6.3 176/187] net: macsec: fix double free of percpu stats Greg Kroah-Hartman
@ 2023-06-19 10:29 ` Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 178/187] dm: dont lock fs when the map is NULL during suspend or resume Greg Kroah-Hartman
` (21 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yanghang Liu, Íñigo Huguet,
Martin Habets, David S. Miller, Sasha Levin
From: Íñigo Huguet <ihuguet@redhat.com>
[ Upstream commit e84a1e1e683f3558e30f437d7c99df35afb8b52c ]
In systems without MSI-X capabilities, xdp_txq_queues_mode is calculated
in efx_allocate_msix_channels, but when enabling MSI-X fails, it was not
changed to a proper default value. This was leading to the driver
thinking that it has dedicated XDP queues, when it didn't.
Fix it by setting xdp_txq_queues_mode to the correct value if the driver
fallbacks to MSI or legacy IRQ mode. The correct value is
EFX_XDP_TX_QUEUES_BORROWED because there are no XDP dedicated queues.
The issue can be easily visible if the kernel is started with pci=nomsi,
then a call trace is shown. It is not shown only with sfc's modparam
interrupt_mode=2. Call trace example:
WARNING: CPU: 2 PID: 663 at drivers/net/ethernet/sfc/efx_channels.c:828 efx_set_xdp_channels+0x124/0x260 [sfc]
[...skip...]
Call Trace:
<TASK>
efx_set_channels+0x5c/0xc0 [sfc]
efx_probe_nic+0x9b/0x15a [sfc]
efx_probe_all+0x10/0x1a2 [sfc]
efx_pci_probe_main+0x12/0x156 [sfc]
efx_pci_probe_post_io+0x18/0x103 [sfc]
efx_pci_probe.cold+0x154/0x257 [sfc]
local_pci_probe+0x42/0x80
Fixes: 6215b608a8c4 ("sfc: last resort fallback for lack of xdp tx queues")
Reported-by: Yanghang Liu <yanghliu@redhat.com>
Signed-off-by: Íñigo Huguet <ihuguet@redhat.com>
Acked-by: Martin Habets <habetsm.xilinx@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/sfc/efx_channels.c | 2 ++
drivers/net/ethernet/sfc/siena/efx_channels.c | 2 ++
2 files changed, 4 insertions(+)
diff --git a/drivers/net/ethernet/sfc/efx_channels.c b/drivers/net/ethernet/sfc/efx_channels.c
index fcea3ea809d77..41b33a75333cd 100644
--- a/drivers/net/ethernet/sfc/efx_channels.c
+++ b/drivers/net/ethernet/sfc/efx_channels.c
@@ -301,6 +301,7 @@ int efx_probe_interrupts(struct efx_nic *efx)
efx->tx_channel_offset = 0;
efx->n_xdp_channels = 0;
efx->xdp_channel_offset = efx->n_channels;
+ efx->xdp_txq_queues_mode = EFX_XDP_TX_QUEUES_BORROWED;
rc = pci_enable_msi(efx->pci_dev);
if (rc == 0) {
efx_get_channel(efx, 0)->irq = efx->pci_dev->irq;
@@ -322,6 +323,7 @@ int efx_probe_interrupts(struct efx_nic *efx)
efx->tx_channel_offset = efx_separate_tx_channels ? 1 : 0;
efx->n_xdp_channels = 0;
efx->xdp_channel_offset = efx->n_channels;
+ efx->xdp_txq_queues_mode = EFX_XDP_TX_QUEUES_BORROWED;
efx->legacy_irq = efx->pci_dev->irq;
}
diff --git a/drivers/net/ethernet/sfc/siena/efx_channels.c b/drivers/net/ethernet/sfc/siena/efx_channels.c
index 06ed74994e366..1776f7f8a7a90 100644
--- a/drivers/net/ethernet/sfc/siena/efx_channels.c
+++ b/drivers/net/ethernet/sfc/siena/efx_channels.c
@@ -302,6 +302,7 @@ int efx_siena_probe_interrupts(struct efx_nic *efx)
efx->tx_channel_offset = 0;
efx->n_xdp_channels = 0;
efx->xdp_channel_offset = efx->n_channels;
+ efx->xdp_txq_queues_mode = EFX_XDP_TX_QUEUES_BORROWED;
rc = pci_enable_msi(efx->pci_dev);
if (rc == 0) {
efx_get_channel(efx, 0)->irq = efx->pci_dev->irq;
@@ -323,6 +324,7 @@ int efx_siena_probe_interrupts(struct efx_nic *efx)
efx->tx_channel_offset = efx_siena_separate_tx_channels ? 1 : 0;
efx->n_xdp_channels = 0;
efx->xdp_channel_offset = efx->n_channels;
+ efx->xdp_txq_queues_mode = EFX_XDP_TX_QUEUES_BORROWED;
efx->legacy_irq = efx->pci_dev->irq;
}
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 178/187] dm: dont lock fs when the map is NULL during suspend or resume
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (176 preceding siblings ...)
2023-06-19 10:29 ` [PATCH 6.3 177/187] sfc: fix XDP queues mode with legacy IRQ Greg Kroah-Hartman
@ 2023-06-19 10:29 ` Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 179/187] net: tipc: resize nlattr array to correct size Greg Kroah-Hartman
` (20 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:29 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Li Lingfeng, Mike Snitzer,
Sasha Levin
From: Li Lingfeng <lilingfeng3@huawei.com>
[ Upstream commit 2760904d895279f87196f0fa9ec570c79fe6a2e4 ]
As described in commit 38d11da522aa ("dm: don't lock fs when the map is
NULL in process of resume"), a deadlock may be triggered between
do_resume() and do_mount().
This commit preserves the fix from commit 38d11da522aa but moves it to
where it also serves to fix a similar deadlock between do_suspend()
and do_mount(). It does so, if the active map is NULL, by clearing
DM_SUSPEND_LOCKFS_FLAG in dm_suspend() which is called by both
do_suspend() and do_resume().
Fixes: 38d11da522aa ("dm: don't lock fs when the map is NULL in process of resume")
Signed-off-by: Li Lingfeng <lilingfeng3@huawei.com>
Signed-off-by: Mike Snitzer <snitzer@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/dm-ioctl.c | 5 +----
drivers/md/dm.c | 4 ++++
2 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c
index cc77cf3d41092..7d5c9c582ed2d 100644
--- a/drivers/md/dm-ioctl.c
+++ b/drivers/md/dm-ioctl.c
@@ -1168,13 +1168,10 @@ static int do_resume(struct dm_ioctl *param)
/* Do we need to load a new map ? */
if (new_map) {
sector_t old_size, new_size;
- int srcu_idx;
/* Suspend if it isn't already suspended */
- old_map = dm_get_live_table(md, &srcu_idx);
- if ((param->flags & DM_SKIP_LOCKFS_FLAG) || !old_map)
+ if (param->flags & DM_SKIP_LOCKFS_FLAG)
suspend_flags &= ~DM_SUSPEND_LOCKFS_FLAG;
- dm_put_live_table(md, srcu_idx);
if (param->flags & DM_NOFLUSH_FLAG)
suspend_flags |= DM_SUSPEND_NOFLUSH_FLAG;
if (!dm_suspended_md(md))
diff --git a/drivers/md/dm.c b/drivers/md/dm.c
index dfde0088147a1..0a10e94a6db17 100644
--- a/drivers/md/dm.c
+++ b/drivers/md/dm.c
@@ -2795,6 +2795,10 @@ int dm_suspend(struct mapped_device *md, unsigned int suspend_flags)
}
map = rcu_dereference_protected(md->map, lockdep_is_held(&md->suspend_lock));
+ if (!map) {
+ /* avoid deadlock with fs/namespace.c:do_mount() */
+ suspend_flags &= ~DM_SUSPEND_LOCKFS_FLAG;
+ }
r = __dm_suspend(md, map, suspend_flags, TASK_INTERRUPTIBLE, DMF_SUSPENDED);
if (r)
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 179/187] net: tipc: resize nlattr array to correct size
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (177 preceding siblings ...)
2023-06-19 10:29 ` [PATCH 6.3 178/187] dm: dont lock fs when the map is NULL during suspend or resume Greg Kroah-Hartman
@ 2023-06-19 10:29 ` Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 180/187] selftests/ptp: Fix timestamp printf format for PTP_SYS_OFFSET Greg Kroah-Hartman
` (19 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Lin Ma, Florian Westphal,
Tung Nguyen, Jakub Kicinski, Sasha Levin
From: Lin Ma <linma@zju.edu.cn>
[ Upstream commit 44194cb1b6045dea33ae9a0d54fb7e7cd93a2e09 ]
According to nla_parse_nested_deprecated(), the tb[] is supposed to the
destination array with maxtype+1 elements. In current
tipc_nl_media_get() and __tipc_nl_media_set(), a larger array is used
which is unnecessary. This patch resize them to a proper size.
Fixes: 1e55417d8fc6 ("tipc: add media set to new netlink api")
Fixes: 46f15c6794fb ("tipc: add media get/dump to new netlink api")
Signed-off-by: Lin Ma <linma@zju.edu.cn>
Reviewed-by: Florian Westphal <fw@strlen.de>
Reviewed-by: Tung Nguyen <tung.q.nguyen@dektech.com.au>
Link: https://lore.kernel.org/r/20230614120604.1196377-1-linma@zju.edu.cn
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/tipc/bearer.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/tipc/bearer.c b/net/tipc/bearer.c
index 53881406e2006..cdcd2731860ba 100644
--- a/net/tipc/bearer.c
+++ b/net/tipc/bearer.c
@@ -1258,7 +1258,7 @@ int tipc_nl_media_get(struct sk_buff *skb, struct genl_info *info)
struct tipc_nl_msg msg;
struct tipc_media *media;
struct sk_buff *rep;
- struct nlattr *attrs[TIPC_NLA_BEARER_MAX + 1];
+ struct nlattr *attrs[TIPC_NLA_MEDIA_MAX + 1];
if (!info->attrs[TIPC_NLA_MEDIA])
return -EINVAL;
@@ -1307,7 +1307,7 @@ int __tipc_nl_media_set(struct sk_buff *skb, struct genl_info *info)
int err;
char *name;
struct tipc_media *m;
- struct nlattr *attrs[TIPC_NLA_BEARER_MAX + 1];
+ struct nlattr *attrs[TIPC_NLA_MEDIA_MAX + 1];
if (!info->attrs[TIPC_NLA_MEDIA])
return -EINVAL;
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 180/187] selftests/ptp: Fix timestamp printf format for PTP_SYS_OFFSET
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (178 preceding siblings ...)
2023-06-19 10:29 ` [PATCH 6.3 179/187] net: tipc: resize nlattr array to correct size Greg Kroah-Hartman
@ 2023-06-19 10:29 ` Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 181/187] octeon_ep: Add missing check for ioremap Greg Kroah-Hartman
` (18 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Alex Maftei, Richard Cochran,
Jakub Kicinski, Sasha Levin
From: Alex Maftei <alex.maftei@amd.com>
[ Upstream commit 76a4c8b82938bc5020b67663db41f451684bf327 ]
Previously, timestamps were printed using "%lld.%u" which is incorrect
for nanosecond values lower than 100,000,000 as they're fractional
digits, therefore leading zeros are meaningful.
This patch changes the format strings to "%lld.%09u" in order to add
leading zeros to the nanosecond value.
Fixes: 568ebc5985f5 ("ptp: add the PTP_SYS_OFFSET ioctl to the testptp program")
Fixes: 4ec54f95736f ("ptp: Fix compiler warnings in the testptp utility")
Fixes: 6ab0e475f1f3 ("Documentation: fix misc. warnings")
Signed-off-by: Alex Maftei <alex.maftei@amd.com>
Acked-by: Richard Cochran <richardcochran@gmail.com>
Link: https://lore.kernel.org/r/20230615083404.57112-1-alex.maftei@amd.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/ptp/testptp.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/tools/testing/selftests/ptp/testptp.c b/tools/testing/selftests/ptp/testptp.c
index 198ad5f321878..cfa9562f3cd83 100644
--- a/tools/testing/selftests/ptp/testptp.c
+++ b/tools/testing/selftests/ptp/testptp.c
@@ -502,11 +502,11 @@ int main(int argc, char *argv[])
interval = t2 - t1;
offset = (t2 + t1) / 2 - tp;
- printf("system time: %lld.%u\n",
+ printf("system time: %lld.%09u\n",
(pct+2*i)->sec, (pct+2*i)->nsec);
- printf("phc time: %lld.%u\n",
+ printf("phc time: %lld.%09u\n",
(pct+2*i+1)->sec, (pct+2*i+1)->nsec);
- printf("system time: %lld.%u\n",
+ printf("system time: %lld.%09u\n",
(pct+2*i+2)->sec, (pct+2*i+2)->nsec);
printf("system/phc clock time offset is %" PRId64 " ns\n"
"system clock time delay is %" PRId64 " ns\n",
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 181/187] octeon_ep: Add missing check for ioremap
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (179 preceding siblings ...)
2023-06-19 10:29 ` [PATCH 6.3 180/187] selftests/ptp: Fix timestamp printf format for PTP_SYS_OFFSET Greg Kroah-Hartman
@ 2023-06-19 10:29 ` Greg Kroah-Hartman
2023-06-19 10:30 ` [PATCH 6.3 182/187] afs: Fix vlserver probe RTT handling Greg Kroah-Hartman
` (17 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:29 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jiasheng Jiang, Kalesh AP,
Jakub Kicinski, Sasha Levin
From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
[ Upstream commit 9a36e2d44d122fe73a2a76ba73f1d50a65cf8210 ]
Add check for ioremap() and return the error if it fails in order to
guarantee the success of ioremap().
Fixes: 862cd659a6fb ("octeon_ep: Add driver framework and device initialization")
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Kalesh AP <kalesh-anakkur.purayil@broadcom.com>
Link: https://lore.kernel.org/r/20230615033400.2971-1-jiasheng@iscas.ac.cn
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/marvell/octeon_ep/octep_main.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/marvell/octeon_ep/octep_main.c b/drivers/net/ethernet/marvell/octeon_ep/octep_main.c
index 5a898fb88e375..c70d2500a3634 100644
--- a/drivers/net/ethernet/marvell/octeon_ep/octep_main.c
+++ b/drivers/net/ethernet/marvell/octeon_ep/octep_main.c
@@ -941,6 +941,9 @@ int octep_device_setup(struct octep_device *oct)
oct->mmio[i].hw_addr =
ioremap(pci_resource_start(oct->pdev, i * 2),
pci_resource_len(oct->pdev, i * 2));
+ if (!oct->mmio[i].hw_addr)
+ goto unmap_prev;
+
oct->mmio[i].mapped = 1;
}
@@ -980,7 +983,9 @@ int octep_device_setup(struct octep_device *oct)
return 0;
unsupported_dev:
- for (i = 0; i < OCTEP_MMIO_REGIONS; i++)
+ i = OCTEP_MMIO_REGIONS;
+unmap_prev:
+ while (i--)
iounmap(oct->mmio[i].hw_addr);
kfree(oct->conf);
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 182/187] afs: Fix vlserver probe RTT handling
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (180 preceding siblings ...)
2023-06-19 10:29 ` [PATCH 6.3 181/187] octeon_ep: Add missing check for ioremap Greg Kroah-Hartman
@ 2023-06-19 10:30 ` Greg Kroah-Hartman
2023-06-19 10:30 ` [PATCH 6.3 183/187] parisc: Delete redundant register definitions in <asm/assembly.h> Greg Kroah-Hartman
` (16 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:30 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Marc Dionne, David Howells,
linux-afs, Linus Torvalds, Sasha Levin
From: David Howells <dhowells@redhat.com>
[ Upstream commit ba00b190670809c1a89326d80de96d714f6004f2 ]
In the same spirit as commit ca57f02295f1 ("afs: Fix fileserver probe
RTT handling"), don't rule out using a vlserver just because there
haven't been enough packets yet to calculate a real rtt. Always set the
server's probe rtt from the estimate provided by rxrpc_kernel_get_srtt,
which is capped at 1 second.
This could lead to EDESTADDRREQ errors when accessing a cell for the
first time, even though the vl servers are known and have responded to a
probe.
Fixes: 1d4adfaf6574 ("rxrpc: Make rxrpc_kernel_get_srtt() indicate validity")
Signed-off-by: Marc Dionne <marc.dionne@auristor.com>
Signed-off-by: David Howells <dhowells@redhat.com>
cc: linux-afs@lists.infradead.org
Link: http://lists.infradead.org/pipermail/linux-afs/2023-June/006746.html
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/afs/vl_probe.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/afs/vl_probe.c b/fs/afs/vl_probe.c
index d1c7068b4346f..58452b86e6727 100644
--- a/fs/afs/vl_probe.c
+++ b/fs/afs/vl_probe.c
@@ -115,8 +115,8 @@ void afs_vlserver_probe_result(struct afs_call *call)
}
}
- if (rxrpc_kernel_get_srtt(call->net->socket, call->rxcall, &rtt_us) &&
- rtt_us < server->probe.rtt) {
+ rxrpc_kernel_get_srtt(call->net->socket, call->rxcall, &rtt_us);
+ if (rtt_us < server->probe.rtt) {
server->probe.rtt = rtt_us;
server->rtt = rtt_us;
alist->preferred = index;
--
2.39.2
^ permalink raw reply related [flat|nested] 200+ messages in thread
* [PATCH 6.3 183/187] parisc: Delete redundant register definitions in <asm/assembly.h>
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (181 preceding siblings ...)
2023-06-19 10:30 ` [PATCH 6.3 182/187] afs: Fix vlserver probe RTT handling Greg Kroah-Hartman
@ 2023-06-19 10:30 ` Greg Kroah-Hartman
2023-06-19 10:30 ` [PATCH 6.3 184/187] arm64: dts: qcom: sm8550: Use the correct LLCC register scheme Greg Kroah-Hartman
` (15 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:30 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Ben Hutchings, Helge Deller
From: Ben Hutchings <benh@debian.org>
commit b5b2a02bcaac7c287694aa0db4837a07bf178626 upstream.
We define sp and ipsw in <asm/asmregs.h> using ".reg", and when using
current binutils (snapshot 2.40.50.20230611) the definitions in
<asm/assembly.h> using "=" conflict with those:
arch/parisc/include/asm/assembly.h: Assembler messages:
arch/parisc/include/asm/assembly.h:93: Error: symbol `sp' is already defined
arch/parisc/include/asm/assembly.h:95: Error: symbol `ipsw' is already defined
Delete the duplicate definitions in <asm/assembly.h>.
Also delete the definition of gp, which isn't used anywhere.
Signed-off-by: Ben Hutchings <benh@debian.org>
Cc: stable@vger.kernel.org # v6.0+
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/parisc/include/asm/assembly.h | 4 ----
1 file changed, 4 deletions(-)
--- a/arch/parisc/include/asm/assembly.h
+++ b/arch/parisc/include/asm/assembly.h
@@ -90,10 +90,6 @@
#include <asm/asmregs.h>
#include <asm/psw.h>
- sp = 30
- gp = 27
- ipsw = 22
-
/*
* We provide two versions of each macro to convert from physical
* to virtual and vice versa. The "_r1" versions take one argument
^ permalink raw reply [flat|nested] 200+ messages in thread
* [PATCH 6.3 184/187] arm64: dts: qcom: sm8550: Use the correct LLCC register scheme
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (182 preceding siblings ...)
2023-06-19 10:30 ` [PATCH 6.3 183/187] parisc: Delete redundant register definitions in <asm/assembly.h> Greg Kroah-Hartman
@ 2023-06-19 10:30 ` Greg Kroah-Hartman
2023-06-19 10:30 ` [PATCH 6.3 185/187] neighbour: delete neigh_lookup_nodev as not used Greg Kroah-Hartman
` (14 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:30 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Konrad Dybcio, Manivannan Sadhasivam,
Bjorn Andersson
From: Konrad Dybcio <konrad.dybcio@linaro.org>
commit 661a4f089317c877aecd598fb70cd46510cc8d29 upstream.
During the ABI-breaking (for good reasons) conversion of the LLCC
register description, SM8550 was not taken into account, resulting
in LLCC being broken on any kernel containing the patch referenced
in the fixes tag.
Fix it by describing the regions properly.
Fixes: ee13b5008707 ("qcom: llcc/edac: Fix the base address used for accessing LLCC banks")
Signed-off-by: Konrad Dybcio <konrad.dybcio@linaro.org>
Acked-by: Manivannan Sadhasivam <mani@kernel.org>
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Link: https://lore.kernel.org/r/20230517-topic-kailua-llcc-v1-2-d57bd860c43e@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/boot/dts/qcom/sm8550.dtsi | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
--- a/arch/arm64/boot/dts/qcom/sm8550.dtsi
+++ b/arch/arm64/boot/dts/qcom/sm8550.dtsi
@@ -3423,9 +3423,16 @@
system-cache-controller@25000000 {
compatible = "qcom,sm8550-llcc";
- reg = <0 0x25000000 0 0x800000>,
+ reg = <0 0x25000000 0 0x200000>,
+ <0 0x25200000 0 0x200000>,
+ <0 0x25400000 0 0x200000>,
+ <0 0x25600000 0 0x200000>,
<0 0x25800000 0 0x200000>;
- reg-names = "llcc_base", "llcc_broadcast_base";
+ reg-names = "llcc0_base",
+ "llcc1_base",
+ "llcc2_base",
+ "llcc3_base",
+ "llcc_broadcast_base";
interrupts = <GIC_SPI 266 IRQ_TYPE_LEVEL_HIGH>;
};
^ permalink raw reply [flat|nested] 200+ messages in thread
* [PATCH 6.3 185/187] neighbour: delete neigh_lookup_nodev as not used
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (183 preceding siblings ...)
2023-06-19 10:30 ` [PATCH 6.3 184/187] arm64: dts: qcom: sm8550: Use the correct LLCC register scheme Greg Kroah-Hartman
@ 2023-06-19 10:30 ` Greg Kroah-Hartman
2023-06-19 10:30 ` [PATCH 6.3 186/187] scsi: target: core: Fix error path in target_setup_session() Greg Kroah-Hartman
` (13 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:30 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Leon Romanovsky, Eric Dumazet,
Nikolay Aleksandrov, Jakub Kicinski
From: Leon Romanovsky <leonro@nvidia.com>
commit 76b9bf965c98c9b53ef7420b3b11438dbd764f92 upstream.
neigh_lookup_nodev isn't used in the kernel after removal
of DECnet. So let's remove it.
Fixes: 1202cdd66531 ("Remove DECnet support from kernel")
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: Nikolay Aleksandrov <razor@blackwall.org>
Link: https://lore.kernel.org/r/eb5656200d7964b2d177a36b77efa3c597d6d72d.1678267343.git.leonro@nvidia.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/net/neighbour.h | 2 --
net/core/neighbour.c | 31 -------------------------------
2 files changed, 33 deletions(-)
--- a/include/net/neighbour.h
+++ b/include/net/neighbour.h
@@ -336,8 +336,6 @@ void neigh_table_init(int index, struct
int neigh_table_clear(int index, struct neigh_table *tbl);
struct neighbour *neigh_lookup(struct neigh_table *tbl, const void *pkey,
struct net_device *dev);
-struct neighbour *neigh_lookup_nodev(struct neigh_table *tbl, struct net *net,
- const void *pkey);
struct neighbour *__neigh_create(struct neigh_table *tbl, const void *pkey,
struct net_device *dev, bool want_ref);
static inline struct neighbour *neigh_create(struct neigh_table *tbl,
--- a/net/core/neighbour.c
+++ b/net/core/neighbour.c
@@ -627,37 +627,6 @@ struct neighbour *neigh_lookup(struct ne
}
EXPORT_SYMBOL(neigh_lookup);
-struct neighbour *neigh_lookup_nodev(struct neigh_table *tbl, struct net *net,
- const void *pkey)
-{
- struct neighbour *n;
- unsigned int key_len = tbl->key_len;
- u32 hash_val;
- struct neigh_hash_table *nht;
-
- NEIGH_CACHE_STAT_INC(tbl, lookups);
-
- rcu_read_lock_bh();
- nht = rcu_dereference_bh(tbl->nht);
- hash_val = tbl->hash(pkey, NULL, nht->hash_rnd) >> (32 - nht->hash_shift);
-
- for (n = rcu_dereference_bh(nht->hash_buckets[hash_val]);
- n != NULL;
- n = rcu_dereference_bh(n->next)) {
- if (!memcmp(n->primary_key, pkey, key_len) &&
- net_eq(dev_net(n->dev), net)) {
- if (!refcount_inc_not_zero(&n->refcnt))
- n = NULL;
- NEIGH_CACHE_STAT_INC(tbl, hits);
- break;
- }
- }
-
- rcu_read_unlock_bh();
- return n;
-}
-EXPORT_SYMBOL(neigh_lookup_nodev);
-
static struct neighbour *
___neigh_create(struct neigh_table *tbl, const void *pkey,
struct net_device *dev, u32 flags,
^ permalink raw reply [flat|nested] 200+ messages in thread
* [PATCH 6.3 186/187] scsi: target: core: Fix error path in target_setup_session()
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (184 preceding siblings ...)
2023-06-19 10:30 ` [PATCH 6.3 185/187] neighbour: delete neigh_lookup_nodev as not used Greg Kroah-Hartman
@ 2023-06-19 10:30 ` Greg Kroah-Hartman
2023-06-19 10:30 ` [PATCH 6.3 187/187] blk-cgroup: Flush stats before releasing blkcg_gq Greg Kroah-Hartman
` (12 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:30 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Bob Pearson, Mike Christie,
Martin K. Petersen
From: Bob Pearson <rpearsonhpe@gmail.com>
commit 91271699228bfc66f1bc8abc0327169dc156d854 upstream.
In the error exits in target_setup_session(), if a branch is taken to
free_sess: transport_free_session() may call to target_free_cmd_counter()
and then fall through to call target_free_cmd_counter() a second time.
This can, and does, sometimes cause seg faults since the data field in
cmd_cnt->refcnt has been freed in the first call.
Fix this problem by simply returning after the call to
transport_free_session(). The second call is redundant for those cases.
Fixes: 4edba7e4a8f3 ("scsi: target: Move cmd counter allocation")
Signed-off-by: Bob Pearson <rpearsonhpe@gmail.com>
Link: https://lore.kernel.org/r/20230613144259.12890-1-rpearsonhpe@gmail.com
Reviewed-by: Mike Christie <michael.christie@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/target/target_core_transport.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/target/target_core_transport.c
+++ b/drivers/target/target_core_transport.c
@@ -504,6 +504,8 @@ target_setup_session(struct se_portal_gr
free_sess:
transport_free_session(sess);
+ return ERR_PTR(rc);
+
free_cnt:
target_free_cmd_counter(cmd_cnt);
return ERR_PTR(rc);
^ permalink raw reply [flat|nested] 200+ messages in thread
* [PATCH 6.3 187/187] blk-cgroup: Flush stats before releasing blkcg_gq
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (185 preceding siblings ...)
2023-06-19 10:30 ` [PATCH 6.3 186/187] scsi: target: core: Fix error path in target_setup_session() Greg Kroah-Hartman
@ 2023-06-19 10:30 ` Greg Kroah-Hartman
2023-06-19 19:01 ` [PATCH 6.3 000/187] 6.3.9-rc1 review Markus Reichelt
` (11 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Greg Kroah-Hartman @ 2023-06-19 10:30 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jay Shin, Tejun Heo, Waiman Long,
mkoutny, Yosry Ahmed, Ming Lei, Jens Axboe
From: Ming Lei <ming.lei@redhat.com>
commit 20cb1c2fb7568a6054c55defe044311397e01ddb upstream.
As noted by Michal, the blkg_iostat_set's in the lockless list hold
reference to blkg's to protect against their removal. Those blkg's
hold reference to blkcg. When a cgroup is being destroyed,
cgroup_rstat_flush() is only called at css_release_work_fn() which
is called when the blkcg reference count reaches 0. This circular
dependency will prevent blkcg and some blkgs from being freed after
they are made offline.
It is less a problem if the cgroup to be destroyed also has other
controllers like memory that will call cgroup_rstat_flush() which will
clean up the reference count. If block is the only controller that uses
rstat, these offline blkcg and blkgs may never be freed leaking more
and more memory over time.
To prevent this potential memory leak:
- flush blkcg per-cpu stats list in __blkg_release(), when no new stat
can be added
- add global blkg_stat_lock for covering concurrent parent blkg stat
update
- don't grab bio->bi_blkg reference when adding the stats into blkcg's
per-cpu stat list since all stats are guaranteed to be consumed before
releasing blkg instance, and grabbing blkg reference for stats was the
most fragile part of original patch
Based on Waiman's patch:
https://lore.kernel.org/linux-block/20221215033132.230023-3-longman@redhat.com/
Fixes: 3b8cc6298724 ("blk-cgroup: Optimize blkcg_rstat_flush()")
Cc: stable@vger.kernel.org
Reported-by: Jay Shin <jaeshin@redhat.com>
Acked-by: Tejun Heo <tj@kernel.org>
Cc: Waiman Long <longman@redhat.com>
Cc: mkoutny@suse.com
Cc: Yosry Ahmed <yosryahmed@google.com>
Signed-off-by: Ming Lei <ming.lei@redhat.com>
Link: https://lore.kernel.org/r/20230609234249.1412858-1-ming.lei@redhat.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
block/blk-cgroup.c | 40 +++++++++++++++++++++++++++++++---------
1 file changed, 31 insertions(+), 9 deletions(-)
--- a/block/blk-cgroup.c
+++ b/block/blk-cgroup.c
@@ -35,6 +35,8 @@
#include "blk-throttle.h"
#include "blk-rq-qos.h"
+static void __blkcg_rstat_flush(struct blkcg *blkcg, int cpu);
+
/*
* blkcg_pol_mutex protects blkcg_policy[] and policy [de]activation.
* blkcg_pol_register_mutex nests outside of it and synchronizes entire
@@ -58,6 +60,8 @@ static LIST_HEAD(all_blkcgs); /* protec
bool blkcg_debug_stats = false;
static struct workqueue_struct *blkcg_punt_bio_wq;
+static DEFINE_RAW_SPINLOCK(blkg_stat_lock);
+
#define BLKG_DESTROY_BATCH_SIZE 64
/*
@@ -165,8 +169,18 @@ static void blkg_free(struct blkcg_gq *b
static void __blkg_release(struct rcu_head *rcu)
{
struct blkcg_gq *blkg = container_of(rcu, struct blkcg_gq, rcu_head);
+ struct blkcg *blkcg = blkg->blkcg;
+ int cpu;
WARN_ON(!bio_list_empty(&blkg->async_bios));
+ /*
+ * Flush all the non-empty percpu lockless lists before releasing
+ * us, given these stat belongs to us.
+ *
+ * blkg_stat_lock is for serializing blkg stat update
+ */
+ for_each_possible_cpu(cpu)
+ __blkcg_rstat_flush(blkcg, cpu);
/* release the blkcg and parent blkg refs this blkg has been holding */
css_put(&blkg->blkcg->css);
@@ -888,17 +902,12 @@ static void blkcg_iostat_update(struct b
u64_stats_update_end_irqrestore(&blkg->iostat.sync, flags);
}
-static void blkcg_rstat_flush(struct cgroup_subsys_state *css, int cpu)
+static void __blkcg_rstat_flush(struct blkcg *blkcg, int cpu)
{
- struct blkcg *blkcg = css_to_blkcg(css);
struct llist_head *lhead = per_cpu_ptr(blkcg->lhead, cpu);
struct llist_node *lnode;
struct blkg_iostat_set *bisc, *next_bisc;
- /* Root-level stats are sourced from system-wide IO stats */
- if (!cgroup_parent(css->cgroup))
- return;
-
rcu_read_lock();
lnode = llist_del_all(lhead);
@@ -906,6 +915,14 @@ static void blkcg_rstat_flush(struct cgr
goto out;
/*
+ * For covering concurrent parent blkg update from blkg_release().
+ *
+ * When flushing from cgroup, cgroup_rstat_lock is always held, so
+ * this lock won't cause contention most of time.
+ */
+ raw_spin_lock(&blkg_stat_lock);
+
+ /*
* Iterate only the iostat_cpu's queued in the lockless list.
*/
llist_for_each_entry_safe(bisc, next_bisc, lnode, lnode) {
@@ -928,13 +945,19 @@ static void blkcg_rstat_flush(struct cgr
if (parent && parent->parent)
blkcg_iostat_update(parent, &blkg->iostat.cur,
&blkg->iostat.last);
- percpu_ref_put(&blkg->refcnt);
}
-
+ raw_spin_unlock(&blkg_stat_lock);
out:
rcu_read_unlock();
}
+static void blkcg_rstat_flush(struct cgroup_subsys_state *css, int cpu)
+{
+ /* Root-level stats are sourced from system-wide IO stats */
+ if (cgroup_parent(css->cgroup))
+ __blkcg_rstat_flush(css_to_blkcg(css), cpu);
+}
+
/*
* We source root cgroup stats from the system-wide stats to avoid
* tracking the same information twice and incurring overhead when no
@@ -2063,7 +2086,6 @@ void blk_cgroup_bio_start(struct bio *bi
llist_add(&bis->lnode, lhead);
WRITE_ONCE(bis->lqueued, true);
- percpu_ref_get(&bis->blkg->refcnt);
}
u64_stats_update_end_irqrestore(&bis->sync, flags);
^ permalink raw reply [flat|nested] 200+ messages in thread
* Re: [PATCH 6.3 000/187] 6.3.9-rc1 review
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (186 preceding siblings ...)
2023-06-19 10:30 ` [PATCH 6.3 187/187] blk-cgroup: Flush stats before releasing blkcg_gq Greg Kroah-Hartman
@ 2023-06-19 19:01 ` Markus Reichelt
2023-06-19 19:42 ` Florian Fainelli
` (10 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Markus Reichelt @ 2023-06-19 19:01 UTC (permalink / raw)
To: stable, linux-kernel
* Greg Kroah-Hartman <gregkh@linuxfoundation.org> wrote:
> This is the start of the stable review cycle for the 6.3.9 release.
> There are 187 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 21 Jun 2023 10:21:12 +0000.
> Anything received after that time might be too late.
Hi Greg
6.3.9-rc1
compiles, boots and runs here on x86_64
(AMD Ryzen 5 PRO 4650G, Slackware64-15.0)
Tested-by: Markus Reichelt <lkt+2023@mareichelt.com>
^ permalink raw reply [flat|nested] 200+ messages in thread
* Re: [PATCH 6.3 000/187] 6.3.9-rc1 review
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (187 preceding siblings ...)
2023-06-19 19:01 ` [PATCH 6.3 000/187] 6.3.9-rc1 review Markus Reichelt
@ 2023-06-19 19:42 ` Florian Fainelli
2023-06-20 0:11 ` Ron Economos
` (9 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Florian Fainelli @ 2023-06-19 19:42 UTC (permalink / raw)
To: Greg Kroah-Hartman, stable
Cc: patches, linux-kernel, torvalds, akpm, linux, shuah, patches,
lkft-triage, pavel, jonathanh, sudipm.mukherjee, srw, rwarsow
On 6/19/2023 11:26 AM, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 6.3.9 release.
> There are 187 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 21 Jun 2023 10:21:12 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.3.9-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.3.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
On ARCH_BRCMSTB using 32-bit and 64-bit ARM kernels, build tested on
BMIPS_GENERIC:
Tested-by: Florian Fainelli <florian.fainelli@broadcom.com>
--
Florian
^ permalink raw reply [flat|nested] 200+ messages in thread
* Re: [PATCH 6.3 000/187] 6.3.9-rc1 review
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (188 preceding siblings ...)
2023-06-19 19:42 ` Florian Fainelli
@ 2023-06-20 0:11 ` Ron Economos
2023-06-20 5:29 ` Naresh Kamboju
` (8 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Ron Economos @ 2023-06-20 0:11 UTC (permalink / raw)
To: Greg Kroah-Hartman, stable
Cc: patches, linux-kernel, torvalds, akpm, linux, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, sudipm.mukherjee, srw,
rwarsow
On 6/19/23 3:26 AM, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 6.3.9 release.
> There are 187 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 21 Jun 2023 10:21:12 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.3.9-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.3.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
Built and booted successfully on RISC-V RV64 (HiFive Unmatched).
Tested-by: Ron Economos <re@w6rz.net>
^ permalink raw reply [flat|nested] 200+ messages in thread
* Re: [PATCH 6.3 000/187] 6.3.9-rc1 review
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (189 preceding siblings ...)
2023-06-20 0:11 ` Ron Economos
@ 2023-06-20 5:29 ` Naresh Kamboju
2023-06-20 9:14 ` Chris Paterson
` (7 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Naresh Kamboju @ 2023-06-20 5:29 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: stable, patches, linux-kernel, torvalds, akpm, linux, shuah,
patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow
On Mon, 19 Jun 2023 at 16:02, Greg Kroah-Hartman
<gregkh@linuxfoundation.org> wrote:
>
> This is the start of the stable review cycle for the 6.3.9 release.
> There are 187 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 21 Jun 2023 10:21:12 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.3.9-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.3.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
Results from Linaro’s test farm.
No regressions on arm64, arm, x86_64, and i386.
Tested-by: Linux Kernel Functional Testing <lkft@linaro.org>
## Build
* kernel: 6.3.9-rc1
* git: https://gitlab.com/Linaro/lkft/mirrors/stable/linux-stable-rc
* git branch: linux-6.3.y
* git commit: c4f2a2d855d4abab5f904b8deec55ff390f954e0
* git describe: v6.3.8-188-gc4f2a2d855d4
* test details:
https://qa-reports.linaro.org/lkft/linux-stable-rc-linux-6.3.y/build/v6.3.8-188-gc4f2a2d855d4
## Test Regressions (compared to v6.3.7)
## Metric Regressions (compared to v6.3.7)
## Test Fixes (compared to v6.3.7)
## Metric Fixes (compared to v6.3.7)
## Test result summary
total: 181373, pass: 152623, fail: 3225, skip: 25380, xfail: 145
## Build Summary
* arc: 5 total, 5 passed, 0 failed
* arm: 145 total, 144 passed, 1 failed
* arm64: 54 total, 53 passed, 1 failed
* i386: 41 total, 40 passed, 1 failed
* mips: 30 total, 28 passed, 2 failed
* parisc: 4 total, 4 passed, 0 failed
* powerpc: 38 total, 36 passed, 2 failed
* riscv: 26 total, 25 passed, 1 failed
* s390: 16 total, 14 passed, 2 failed
* sh: 14 total, 12 passed, 2 failed
* sparc: 8 total, 8 passed, 0 failed
* x86_64: 46 total, 46 passed, 0 failed
## Test suites summary
* boot
* fwts
* igt-gpu-tools
* kselftest-android
* kselftest-arm64
* kselftest-breakpoints
* kselftest-capabilities
* kselftest-cgroup
* kselftest-clone3
* kselftest-core
* kselftest-cpu-hotplug
* kselftest-cpufreq
* kselftest-drivers-dma-buf
* kselftest-efivarfs
* kselftest-exec
* kselftest-filesystems
* kselftest-filesystems-binderfs
* kselftest-firmware
* kselftest-fpu
* kselftest-ftrace
* kselftest-futex
* kselftest-gpio
* kselftest-intel_pstate
* kselftest-ipc
* kselftest-ir
* kselftest-kcmp
* kselftest-kexec
* kselftest-kvm
* kselftest-lib
* kselftest-livepatch
* kselftest-membarrier
* kselftest-mincore
* kselftest-mqueue
* kselftest-net
* kselftest-net-forwarding
* kselftest-net-mptcp
* kselftest-netfilter
* kselftest-nsfs
* kselftest-openat2
* kselftest-pid_namespace
* kselftest-pidfd
* kselftest-proc
* kselftest-pstore
* kselftest-ptrace
* kselftest-rseq
* kselftest-rtc
* kselftest-seccomp
* kselftest-sigaltstack
* kselftest-size
* kselftest-splice
* kselftest-static_keys
* kselftest-sync
* kselftest-sysctl
* kselftest-tc-testing
* kselftest-timens
* kselftest-timers
* kselftest-tmpfs
* kselftest-tpm2
* kselftest-user
* kselftest-user_events
* kselftest-vDSO
* kselftest-watchdog
* kselftest-x86
* kselftest-zram
* kunit
* kvm-unit-tests
* libgpiod
* libhugetlbfs
* log-parser-boot
* log-parser-test
* ltp-cap_bounds
* ltp-commands
* ltp-containers
* ltp-controllers
* ltp-cpuhotplug
* ltp-crypto
* ltp-cve
* ltp-dio
* ltp-fcntl-locktests
* ltp-filecaps
* ltp-fs
* ltp-fs_bind
* ltp-fs_perms_simple
* ltp-fsx
* ltp-hugetlb
* ltp-io
* ltp-ipc
* ltp-math
* ltp-mm
* ltp-nptl
* ltp-pty
* ltp-sched
* ltp-securebits
* ltp-smoke
* ltp-syscalls
* ltp-tracing
* network-basic-tests
* perf
* rcutorture
* v4l2-compliance
* vdso
--
Linaro LKFT
https://lkft.linaro.org
^ permalink raw reply [flat|nested] 200+ messages in thread
* RE: [PATCH 6.3 000/187] 6.3.9-rc1 review
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (190 preceding siblings ...)
2023-06-20 5:29 ` Naresh Kamboju
@ 2023-06-20 9:14 ` Chris Paterson
2023-06-20 10:22 ` Jon Hunter
` (6 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Chris Paterson @ 2023-06-20 9:14 UTC (permalink / raw)
To: Greg Kroah-Hartman, stable@vger.kernel.org
Cc: patches@lists.linux.dev, linux-kernel@vger.kernel.org,
torvalds@linux-foundation.org, akpm@linux-foundation.org,
linux@roeck-us.net, shuah@kernel.org, patches@kernelci.org,
lkft-triage@lists.linaro.org, pavel@denx.de, jonathanh@nvidia.com,
f.fainelli@gmail.com, sudipm.mukherjee@gmail.com,
srw@sladewatkins.net, rwarsow@gmx.de
Hello Greg,
> From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> Sent: Monday, June 19, 2023 11:27 AM
>
> This is the start of the stable review cycle for the 6.3.9 release.
> There are 187 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 21 Jun 2023 10:21:12 +0000.
> Anything received after that time might be too late.
Thank you for the release!
CIP configurations built and booted okay with Linux 6.3.9-rc1 (c4f2a2d855d4):
https://gitlab.com/cip-project/cip-testing/linux-stable-rc-ci/-/pipelines/904358168
https://gitlab.com/cip-project/cip-testing/linux-stable-rc-ci/-/commits/linux-6.3.y
Tested-by: Chris Paterson (CIP) <chris.paterson2@renesas.com>
Kind regards, Chris
^ permalink raw reply [flat|nested] 200+ messages in thread
* Re: [PATCH 6.3 000/187] 6.3.9-rc1 review
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (191 preceding siblings ...)
2023-06-20 9:14 ` Chris Paterson
@ 2023-06-20 10:22 ` Jon Hunter
2023-06-20 10:53 ` Conor Dooley
` (5 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Jon Hunter @ 2023-06-20 10:22 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: Greg Kroah-Hartman, patches, linux-kernel, torvalds, akpm, linux,
shuah, patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow, linux-tegra, stable
On Mon, 19 Jun 2023 12:26:58 +0200, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 6.3.9 release.
> There are 187 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 21 Jun 2023 10:21:12 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.3.9-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.3.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
All tests passing for Tegra ...
Test results for stable-v6.3:
11 builds: 11 pass, 0 fail
28 boots: 28 pass, 0 fail
130 tests: 130 pass, 0 fail
Linux version: 6.3.9-rc1-gc4f2a2d855d4
Boards tested: tegra124-jetson-tk1, tegra186-p2771-0000,
tegra194-p2972-0000, tegra194-p3509-0000+p3668-0000,
tegra20-ventana, tegra210-p2371-2180,
tegra210-p3450-0000, tegra30-cardhu-a04
Tested-by: Jon Hunter <jonathanh@nvidia.com>
Jon
^ permalink raw reply [flat|nested] 200+ messages in thread
* Re: [PATCH 6.3 000/187] 6.3.9-rc1 review
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (192 preceding siblings ...)
2023-06-20 10:22 ` Jon Hunter
@ 2023-06-20 10:53 ` Conor Dooley
2023-06-20 12:20 ` Sudip Mukherjee (Codethink)
` (4 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Conor Dooley @ 2023-06-20 10:53 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: stable, patches, linux-kernel, torvalds, akpm, linux, shuah,
patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow
[-- Attachment #1: Type: text/plain, Size: 370 bytes --]
On Mon, Jun 19, 2023 at 12:26:58PM +0200, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 6.3.9 release.
> There are 187 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
Tested-by: Conor Dooley <conor.dooley@microchip.com>
Cheers,
Conor.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 228 bytes --]
^ permalink raw reply [flat|nested] 200+ messages in thread
* Re: [PATCH 6.3 000/187] 6.3.9-rc1 review
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (193 preceding siblings ...)
2023-06-20 10:53 ` Conor Dooley
@ 2023-06-20 12:20 ` Sudip Mukherjee (Codethink)
2023-06-20 17:09 ` Allen Pais
` (3 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Sudip Mukherjee (Codethink) @ 2023-06-20 12:20 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: stable, patches, linux-kernel, torvalds, akpm, linux, shuah,
patches, lkft-triage, pavel, jonathanh, f.fainelli, srw, rwarsow
Hi Greg,
On Mon, Jun 19, 2023 at 12:26:58PM +0200, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 6.3.9 release.
> There are 187 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
Build test (gcc version 12.2.1 20230511):
mips: 52 configs -> no failure
arm: 71 configs -> no failure
arm64: 3 configs -> no failure
x86_64: 4 configs -> no failure
alpha allmodconfig -> no failure
csky allmodconfig -> no failure
powerpc allmodconfig -> no failure
riscv allmodconfig -> no failure
s390 allmodconfig -> no failure
xtensa allmodconfig -> no failure
Boot test:
x86_64: Booted on my test laptop. No regression.
x86_64: Booted on qemu. No regression. [1]
arm64: Booted on rpi4b (4GB model). No regression. [2]
mips: Booted on ci20 board. No regression. [3]
[1]. https://openqa.qa.codethink.co.uk/tests/4085
[2]. https://openqa.qa.codethink.co.uk/tests/4081
[3]. https://openqa.qa.codethink.co.uk/tests/4079
Tested-by: Sudip Mukherjee <sudip.mukherjee@codethink.co.uk>
--
Regards
Sudip
^ permalink raw reply [flat|nested] 200+ messages in thread
* Re: [PATCH 6.3 000/187] 6.3.9-rc1 review
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (194 preceding siblings ...)
2023-06-20 12:20 ` Sudip Mukherjee (Codethink)
@ 2023-06-20 17:09 ` Allen Pais
2023-06-20 20:17 ` Shuah Khan
` (2 subsequent siblings)
198 siblings, 0 replies; 200+ messages in thread
From: Allen Pais @ 2023-06-20 17:09 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: stable, patches, linux-kernel, torvalds, akpm, linux, shuah,
patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow
> This is the start of the stable review cycle for the 6.3.9 release.
> There are 187 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 21 Jun 2023 10:21:12 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.3.9-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.3.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
>
Compiled and booted on my x86_64 and ARM64 test systems. No errors or
regressions.
Tested-by: Allen Pais <apais@linux.microsoft.com>
Thanks.
^ permalink raw reply [flat|nested] 200+ messages in thread
* Re: [PATCH 6.3 000/187] 6.3.9-rc1 review
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (195 preceding siblings ...)
2023-06-20 17:09 ` Allen Pais
@ 2023-06-20 20:17 ` Shuah Khan
2023-06-21 0:39 ` Guenter Roeck
2023-06-21 1:43 ` Justin Forbes
198 siblings, 0 replies; 200+ messages in thread
From: Shuah Khan @ 2023-06-20 20:17 UTC (permalink / raw)
To: Greg Kroah-Hartman, stable
Cc: patches, linux-kernel, torvalds, akpm, linux, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, sudipm.mukherjee, srw,
rwarsow, Shuah Khan
On 6/19/23 04:26, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 6.3.9 release.
> There are 187 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 21 Jun 2023 10:21:12 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.3.9-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.3.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
>
Compiled and booted on my test system. No dmesg regressions.
Tested-by: Shuah Khan <skhan@linuxfoundation.org>
thanks,
-- Shuah
^ permalink raw reply [flat|nested] 200+ messages in thread
* Re: [PATCH 6.3 000/187] 6.3.9-rc1 review
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (196 preceding siblings ...)
2023-06-20 20:17 ` Shuah Khan
@ 2023-06-21 0:39 ` Guenter Roeck
2023-06-21 1:43 ` Justin Forbes
198 siblings, 0 replies; 200+ messages in thread
From: Guenter Roeck @ 2023-06-21 0:39 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: stable, patches, linux-kernel, torvalds, akpm, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, sudipm.mukherjee, srw,
rwarsow
On Mon, Jun 19, 2023 at 12:26:58PM +0200, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 6.3.9 release.
> There are 187 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 21 Jun 2023 10:21:12 +0000.
> Anything received after that time might be too late.
>
Build results:
total: 153 pass: 153 fail: 0
Qemu test results:
total: 520 pass: 520 fail: 0
Tested-by: Guenter Roeck <linux@roeck-us.net>
Guenter
^ permalink raw reply [flat|nested] 200+ messages in thread
* Re: [PATCH 6.3 000/187] 6.3.9-rc1 review
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
` (197 preceding siblings ...)
2023-06-21 0:39 ` Guenter Roeck
@ 2023-06-21 1:43 ` Justin Forbes
198 siblings, 0 replies; 200+ messages in thread
From: Justin Forbes @ 2023-06-21 1:43 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: stable, patches, linux-kernel, torvalds, akpm, linux, shuah,
patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow
On Mon, Jun 19, 2023 at 12:26:58PM +0200, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 6.3.9 release.
> There are 187 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 21 Jun 2023 10:21:12 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.3.9-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.3.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
Tested rc1 against the Fedora build system (aarch64, ppc64le, s390x,
x86_64), and boot tested x86_64. No regressions noted.
Tested-by: Justin M. Forbes <jforbes@fedoraproject.org>
^ permalink raw reply [flat|nested] 200+ messages in thread
end of thread, other threads:[~2023-06-21 1:43 UTC | newest]
Thread overview: 200+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-06-19 10:26 [PATCH 6.3 000/187] 6.3.9-rc1 review Greg Kroah-Hartman
2023-06-19 10:26 ` [PATCH 6.3 001/187] x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 002/187] cgroup: bpf: use cgroup_lock()/cgroup_unlock() wrappers Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 003/187] cgroup: always put cset in cgroup_css_set_put_fork Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 004/187] cgroup: fix missing cpus_read_{lock,unlock}() in cgroup_transfer_tasks() Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 005/187] qcom: llcc/edac: Fix the base address used for accessing LLCC banks Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 006/187] EDAC/qcom: Get rid of hardcoded register offsets Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 007/187] ksmbd: validate smb request protocol id Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 008/187] of: overlay: Fix missing of_node_put() in error case of init_overlay_changeset() Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 009/187] power: supply: ab8500: Fix external_power_changed race Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 010/187] power: supply: sc27xx: " Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 011/187] power: supply: bq27xxx: Use mod_delayed_work() instead of cancel() + schedule() Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 012/187] ARM: dts: vexpress: add missing cache properties Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 013/187] arm64: dts: arm: " Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 014/187] tools: gpio: fix debounce_period_us output of lsgpio Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 015/187] selftests: gpio: gpio-sim: Fix BUG: test FAILED due to recent change Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 016/187] power: supply: Ratelimit no data debug output Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 017/187] PCI/DPC: Quirk PIO log size for Intel Ice Lake Root Ports Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 018/187] platform/x86: asus-wmi: Ignore WMI events with codes 0x7B, 0xC0 Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 019/187] regulator: Fix error checking for debugfs_create_dir Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 020/187] irqchip/gic-v3: Disable pseudo NMIs on Mediatek devices w/ firmware issues Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 021/187] irqchip/meson-gpio: Mark OF related data as maybe unused Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 022/187] power: supply: Fix logic checking if system is running from battery Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 023/187] drm: panel-orientation-quirks: Change Airs quirk to support Air Plus Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 024/187] btrfs: scrub: try harder to mark RAID56 block groups read-only Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 025/187] btrfs: handle memory allocation failure in btrfs_csum_one_bio Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 026/187] ASoC: soc-pcm: test if a BE can be prepared Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 027/187] sfc: fix devlink info error handling Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 028/187] ASoC: Intel: avs: Account for UID of ACPI device Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 029/187] ASoC: Intel: avs: Fix avs_path_module::instance_id size Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 030/187] ASoC: Intel: avs: Add missing checks on FE startup Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 031/187] parisc: Improve cache flushing for PCXL in arch_sync_dma_for_cpu() Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 032/187] parisc: Flush gatt writes and adjust gatt mask in parisc_agp_mask_memory() Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 033/187] erofs: use HIPRI by default if per-cpu kthreads are enabled Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 034/187] MIPS: unhide PATA_PLATFORM Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 035/187] MIPS: Restore Au1300 support Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 036/187] MIPS: Alchemy: fix dbdma2 Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 037/187] mips: Move initrd_start check after initrd address sanitisation Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 038/187] ASoC: cs35l41: Fix default regmap values for some registers Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 039/187] ASoC: dwc: move DMA init to snd_soc_dai_driver probe() Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 040/187] xen/blkfront: Only check REQ_FUA for writes Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 041/187] drm:amd:amdgpu: Fix missing buffer object unlock in failure path Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 042/187] io_uring: unlock sqd->lock before sq thread release CPU Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 043/187] NVMe: Add MAXIO 1602 to bogus nid list Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 044/187] irqchip/gic: Correctly validate OF quirk descriptors Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 045/187] wifi: cfg80211: fix locking in regulatory disconnect Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 046/187] wifi: cfg80211: fix double lock bug in reg_wdev_chan_valid() Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 047/187] epoll: ep_autoremove_wake_function should use list_del_init_careful Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 048/187] ocfs2: fix use-after-free when unmounting read-only filesystem Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 049/187] ocfs2: check new file size on fallocate call Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 050/187] zswap: do not shrink if cgroup may not zswap Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 051/187] mm/damon/core: fix divide error in damon_nr_accesses_to_accesses_bp() Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 052/187] nios2: dts: Fix tse_mac "max-frame-size" property Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 053/187] mm/uffd: fix vma operation where start addr cuts part of vma Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 054/187] nilfs2: fix incomplete buffer cleanup in nilfs_btnode_abort_change_key() Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 055/187] nilfs2: fix possible out-of-bounds segment allocation in resize ioctl Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 056/187] nilfs2: reject devices with insufficient block count Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 057/187] LoongArch: Fix debugfs_create_dir() error checking Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 058/187] LoongArch: Fix perf event id calculation Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 059/187] io_uring/net: save msghdr->msg_control for retries Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 060/187] Revert "drm/amdgpu: remove TOPDOWN flags when allocating VRAM in large bar system" Greg Kroah-Hartman
2023-06-19 10:27 ` [PATCH 6.3 061/187] kexec: support purgatories with .text.hot sections Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 062/187] x86/purgatory: remove PGO flags Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 063/187] riscv/purgatory: " Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 064/187] powerpc/purgatory: " Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 065/187] btrfs: subpage: fix a crash in metadata repair path Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 066/187] btrfs: properly enable async discard when switching from RO->RW Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 067/187] btrfs: do not ASSERT() on duplicated global roots Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 068/187] btrfs: fix iomap_begin length for nocow writes Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 069/187] btrfs: can_nocow_file_extent should pass down args->strict from callers Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 070/187] ALSA: usb-audio: Fix broken resume due to UAC3 power state Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 071/187] ALSA: usb-audio: Add quirk flag for HEM devices to enable native DSD playback Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 072/187] s390/ism: Fix trying to free already-freed IRQ by repeated ism_dev_exit() Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 073/187] dm thin metadata: check fail_io before using data_sm Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 074/187] dm thin: fix issue_discard to pass GFP_NOIO to __blkdev_issue_discard Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 075/187] net: ethernet: stmicro: stmmac: fix possible memory leak in __stmmac_open Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 076/187] nouveau: fix client work fence deletion race Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 077/187] mm/gup_test: fix ioctl fail for compat task Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 078/187] RDMA/uverbs: Restrict usage of privileged QKEYs Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 079/187] drm/amdgpu: vcn_4_0 set instance 0 init sched score to 1 Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 080/187] net: usb: qmi_wwan: add support for Compal RXM-G1 Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 081/187] drm/amd/display: limit DPIA link rate to HBR3 Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 082/187] drm/amd/display: edp do not add non-edid timings Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 083/187] drm/amd: Make sure image is written to trigger VBIOS image update flow Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 084/187] drm/amd: Tighten permissions on VBIOS flashing attributes Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 085/187] drm/amd/pm: workaround for compute workload type on some skus Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 086/187] drm/amdgpu: add missing radeon secondary PCI ID Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 087/187] drm/amdgpu: Reset CP_VMID_PREEMPT after trailing fence signaled Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 088/187] drm/amdgpu: Program gds backup address as zero if no gds allocated Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 089/187] drm/amdgpu: Implement gfx9 patch functions for resubmission Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 090/187] drm/amdgpu: Modify indirect buffer packages " Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 091/187] ALSA: hda/realtek: Add a quirk for Compaq N14JP6 Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 092/187] thunderbolt: Increase DisplayPort Connection Manager handshake timeout Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 093/187] thunderbolt: Do not touch CL state configuration during discovery Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 094/187] thunderbolt: dma_test: Use correct value for absent rings when creating paths Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 095/187] thunderbolt: Mask ring interrupt on Intel hardware as well Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 096/187] clk: pxa: fix NULL pointer dereference in pxa3xx_clk_update_accr Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 097/187] USB: serial: option: add Quectel EM061KGL series Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 098/187] serial: lantiq: add missing interrupt ack Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 099/187] tty: serial: fsl_lpuart: reduce RX watermark to 0 on LS1028A Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 100/187] usb: typec: ucsi: Fix command cancellation Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 101/187] usb: typec: Fix fast_role_swap_current show function Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 102/187] usb: gadget: udc: core: Offload usb_udc_vbus_handler processing Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 103/187] usb: gadget: udc: core: Prevent soft_connect_store() race Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 104/187] usb: gadget: udc: renesas_usb3: Fix RZ/V2M {modprobe,bind} error Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 105/187] USB: dwc3: qcom: fix NULL-deref on suspend Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 106/187] USB: dwc3: fix use-after-free on core driver unbind Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 107/187] usb: dwc3: gadget: Reset num TRBs before giving back the request Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 108/187] RDMA/rtrs: Fix the last iu->buf leak in err path Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 109/187] RDMA/rtrs: Fix rxe_dealloc_pd warning Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 110/187] RDMA/rxe: Fix packet length checks Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 111/187] RDMA/rxe: Fix ref count error in check_rkey() Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 112/187] RDMA/bnxt_re: Fix reporting active_{speed,width} attributes Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 113/187] spi: cadence-quadspi: Add missing check for dma_set_mask Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 114/187] spi: fsl-dspi: avoid SCK glitches with continuous transfers Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 115/187] regulator: qcom-rpmh: add support for pmm8654au regulators Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 116/187] regulator: qcom-rpmh: Fix regulators for PM8550 Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 117/187] netfilter: nf_tables: integrate pipapo into commit protocol Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 118/187] netfilter: nfnetlink: skip error delivery on batch in case of ENOMEM Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 119/187] ice: do not busy-wait to read GNSS data Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 120/187] ice: Dont dereference NULL in ice_gnss_read error path Greg Kroah-Hartman
2023-06-19 10:28 ` [PATCH 6.3 121/187] ice: Fix XDP memory leak when NIC is brought up and down Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 122/187] netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 123/187] net: enetc: correct the indexes of highest and 2nd highest TCs Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 124/187] ping6: Fix send to link-local addresses with VRF Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 125/187] igb: Fix extts capture value format for 82580/i354/i350 Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 126/187] net/sched: act_pedit: remove extra check for key type Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 127/187] net/sched: act_pedit: Parse L3 Header for L4 offset Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 128/187] net: renesas: rswitch: Fix timestamp feature after all descriptors are used Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 129/187] octeontx2-af: Fix promiscuous mode Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 130/187] net/sched: taprio: fix slab-out-of-bounds Read in taprio_dequeue_from_txq Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 131/187] net/sched: cls_u32: Fix reference counter leak leading to overflow Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 132/187] wifi: mac80211: fix link activation settings order Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 133/187] wifi: cfg80211: fix link del callback to call correct handler Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 134/187] wifi: mac80211: take lock before setting vif links Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 135/187] RDMA/rxe: Fix the use-before-initialization error of resp_pkts Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 136/187] iavf: remove mask from iavf_irq_enable_queues() Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 137/187] octeontx2-af: fixed resource availability check Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 138/187] octeontx2-af: fix lbk link credits on cn10k Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 139/187] RDMA/mlx5: Initiate dropless RQ for RAW Ethernet functions Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 140/187] RDMA/mlx5: Create an indirect flow table for steering anchor Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 141/187] RDMA/cma: Always set static rate to 0 for RoCE Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 142/187] IB/uverbs: Fix to consider event queue closing also upon non-blocking mode Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 143/187] RDMA/mlx5: Fix affinity assignment Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 144/187] IB/isert: Fix dead lock in ib_isert Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 145/187] IB/isert: Fix possible list corruption in CMA handler Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 146/187] IB/isert: Fix incorrect release of isert connection Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 147/187] net: ethtool: correct MAX attribute value for stats Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 148/187] wifi: mac80211: fragment per STA profile correctly Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 149/187] ipvlan: fix bound dev checking for IPv6 l3s mode Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 150/187] sctp: fix an error code in sctp_sf_eat_auth() Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 151/187] igc: Clean the TX buffer and TX descriptor ring Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 152/187] igc: Fix possible system crash when loading module Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 153/187] igb: fix nvm.ops.read() error handling Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 154/187] net: phylink: report correct max speed for QUSGMII Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 155/187] net: phylink: use a dedicated helper to parse usgmii control word Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 156/187] drm/nouveau: dont detect DSM for non-NVIDIA device Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 157/187] drm/bridge: ti-sn65dsi86: Avoid possible buffer overflow Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 158/187] drm/nouveau/dp: check for NULL nv_connector->native_mode Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 159/187] drm/nouveau: add nv_encoder pointer check for NULL Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 160/187] net: ethernet: ti: am65-cpsw: Call of_node_put() on error path Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 161/187] selftests/tc-testing: Fix Error: Specified qdisc kind is unknown Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 162/187] selftests/tc-testing: Fix Error: failed to find target LOG Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 163/187] selftests/tc-testing: Fix SFB db test Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 164/187] net/sched: act_ct: Fix promotion of offloaded unreplied tuple Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 165/187] net/sched: Refactor qdisc_graft() for ingress and clsact Qdiscs Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 166/187] net/sched: qdisc_destroy() old ingress and clsact Qdiscs before grafting Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 167/187] selftests: forwarding: hw_stats_l3: Set addrgenmode in a separate step Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 168/187] cifs: fix lease break oops in xfstest generic/098 Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 169/187] RDMA/rxe: Fix rxe_cq_post Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 170/187] Revert "media: dvb-core: Fix use-after-free on race condition at dvb_frontend" Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 171/187] ext4: drop the call to ext4_error() from ext4_get_group_info() Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 172/187] ice: Fix ice module unload Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 173/187] net/sched: cls_api: Fix lockup on flushing explicitly created chain Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 174/187] net: dsa: felix: fix taprio guard band overflow at 10Mbps with jumbo frames Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 175/187] net: lapbether: only support ethernet devices Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 176/187] net: macsec: fix double free of percpu stats Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 177/187] sfc: fix XDP queues mode with legacy IRQ Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 178/187] dm: dont lock fs when the map is NULL during suspend or resume Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 179/187] net: tipc: resize nlattr array to correct size Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 180/187] selftests/ptp: Fix timestamp printf format for PTP_SYS_OFFSET Greg Kroah-Hartman
2023-06-19 10:29 ` [PATCH 6.3 181/187] octeon_ep: Add missing check for ioremap Greg Kroah-Hartman
2023-06-19 10:30 ` [PATCH 6.3 182/187] afs: Fix vlserver probe RTT handling Greg Kroah-Hartman
2023-06-19 10:30 ` [PATCH 6.3 183/187] parisc: Delete redundant register definitions in <asm/assembly.h> Greg Kroah-Hartman
2023-06-19 10:30 ` [PATCH 6.3 184/187] arm64: dts: qcom: sm8550: Use the correct LLCC register scheme Greg Kroah-Hartman
2023-06-19 10:30 ` [PATCH 6.3 185/187] neighbour: delete neigh_lookup_nodev as not used Greg Kroah-Hartman
2023-06-19 10:30 ` [PATCH 6.3 186/187] scsi: target: core: Fix error path in target_setup_session() Greg Kroah-Hartman
2023-06-19 10:30 ` [PATCH 6.3 187/187] blk-cgroup: Flush stats before releasing blkcg_gq Greg Kroah-Hartman
2023-06-19 19:01 ` [PATCH 6.3 000/187] 6.3.9-rc1 review Markus Reichelt
2023-06-19 19:42 ` Florian Fainelli
2023-06-20 0:11 ` Ron Economos
2023-06-20 5:29 ` Naresh Kamboju
2023-06-20 9:14 ` Chris Paterson
2023-06-20 10:22 ` Jon Hunter
2023-06-20 10:53 ` Conor Dooley
2023-06-20 12:20 ` Sudip Mukherjee (Codethink)
2023-06-20 17:09 ` Allen Pais
2023-06-20 20:17 ` Shuah Khan
2023-06-21 0:39 ` Guenter Roeck
2023-06-21 1:43 ` Justin Forbes
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).