* [PATCH 5.15 001/102] iommu/vt-d: Avoid memory allocation in iommu_suspend()
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
@ 2023-10-16 8:40 ` Greg Kroah-Hartman
2023-10-16 8:40 ` [PATCH 5.15 002/102] scsi: core: Use a structure member to track the SCSI command submitter Greg Kroah-Hartman
` (109 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, stable, Zhang Rui, Ooi, Chin Hao,
Lu Baolu, Joerg Roedel, Sasha Levin, Ooi
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zhang Rui <rui.zhang@intel.com>
[ Upstream commit 59df44bfb0ca4c3ee1f1c3c5d0ee8e314844799e ]
The iommu_suspend() syscore suspend callback is invoked with IRQ disabled.
Allocating memory with the GFP_KERNEL flag may re-enable IRQs during
the suspend callback, which can cause intermittent suspend/hibernation
problems with the following kernel traces:
Calling iommu_suspend+0x0/0x1d0
------------[ cut here ]------------
WARNING: CPU: 0 PID: 15 at kernel/time/timekeeping.c:868 ktime_get+0x9b/0xb0
...
CPU: 0 PID: 15 Comm: rcu_preempt Tainted: G U E 6.3-intel #r1
RIP: 0010:ktime_get+0x9b/0xb0
...
Call Trace:
<IRQ>
tick_sched_timer+0x22/0x90
? __pfx_tick_sched_timer+0x10/0x10
__hrtimer_run_queues+0x111/0x2b0
hrtimer_interrupt+0xfa/0x230
__sysvec_apic_timer_interrupt+0x63/0x140
sysvec_apic_timer_interrupt+0x7b/0xa0
</IRQ>
<TASK>
asm_sysvec_apic_timer_interrupt+0x1f/0x30
...
------------[ cut here ]------------
Interrupts enabled after iommu_suspend+0x0/0x1d0
WARNING: CPU: 0 PID: 27420 at drivers/base/syscore.c:68 syscore_suspend+0x147/0x270
CPU: 0 PID: 27420 Comm: rtcwake Tainted: G U W E 6.3-intel #r1
RIP: 0010:syscore_suspend+0x147/0x270
...
Call Trace:
<TASK>
hibernation_snapshot+0x25b/0x670
hibernate+0xcd/0x390
state_store+0xcf/0xe0
kobj_attr_store+0x13/0x30
sysfs_kf_write+0x3f/0x50
kernfs_fop_write_iter+0x128/0x200
vfs_write+0x1fd/0x3c0
ksys_write+0x6f/0xf0
__x64_sys_write+0x1d/0x30
do_syscall_64+0x3b/0x90
entry_SYSCALL_64_after_hwframe+0x72/0xdc
Given that only 4 words memory is needed, avoid the memory allocation in
iommu_suspend().
CC: stable@kernel.org
Fixes: 33e07157105e ("iommu/vt-d: Avoid GFP_ATOMIC where it is not needed")
Signed-off-by: Zhang Rui <rui.zhang@intel.com>
Tested-by: Ooi, Chin Hao <chin.hao.ooi@intel.com>
Link: https://lore.kernel.org/r/20230921093956.234692-1-rui.zhang@intel.com
Signed-off-by: Lu Baolu <baolu.lu@linux.intel.com>
Link: https://lore.kernel.org/r/20230925120417.55977-2-baolu.lu@linux.intel.com
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iommu/intel/iommu.c | 16 ----------------
include/linux/intel-iommu.h | 2 +-
2 files changed, 1 insertion(+), 17 deletions(-)
diff --git a/drivers/iommu/intel/iommu.c b/drivers/iommu/intel/iommu.c
index 29538471c528e..b3aa6ce9d3d7d 100644
--- a/drivers/iommu/intel/iommu.c
+++ b/drivers/iommu/intel/iommu.c
@@ -3564,13 +3564,6 @@ static int iommu_suspend(void)
struct intel_iommu *iommu = NULL;
unsigned long flag;
- for_each_active_iommu(iommu, drhd) {
- iommu->iommu_state = kcalloc(MAX_SR_DMAR_REGS, sizeof(u32),
- GFP_KERNEL);
- if (!iommu->iommu_state)
- goto nomem;
- }
-
iommu_flush_all();
for_each_active_iommu(iommu, drhd) {
@@ -3590,12 +3583,6 @@ static int iommu_suspend(void)
raw_spin_unlock_irqrestore(&iommu->register_lock, flag);
}
return 0;
-
-nomem:
- for_each_active_iommu(iommu, drhd)
- kfree(iommu->iommu_state);
-
- return -ENOMEM;
}
static void iommu_resume(void)
@@ -3627,9 +3614,6 @@ static void iommu_resume(void)
raw_spin_unlock_irqrestore(&iommu->register_lock, flag);
}
-
- for_each_active_iommu(iommu, drhd)
- kfree(iommu->iommu_state);
}
static struct syscore_ops iommu_syscore_ops = {
diff --git a/include/linux/intel-iommu.h b/include/linux/intel-iommu.h
index 0cf00786a164f..e00857c4efc28 100644
--- a/include/linux/intel-iommu.h
+++ b/include/linux/intel-iommu.h
@@ -604,7 +604,7 @@ struct intel_iommu {
struct iopf_queue *iopf_queue;
unsigned char iopfq_name[16];
struct q_inval *qi; /* Queued invalidation info */
- u32 *iommu_state; /* Store iommu states between suspend and resume.*/
+ u32 iommu_state[MAX_SR_DMAR_REGS]; /* Store iommu states between suspend and resume.*/
#ifdef CONFIG_IRQ_REMAP
struct ir_table *ir_table; /* Interrupt remapping info */
--
2.40.1
^ permalink raw reply related [flat|nested] 123+ messages in thread* [PATCH 5.15 002/102] scsi: core: Use a structure member to track the SCSI command submitter
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
2023-10-16 8:40 ` [PATCH 5.15 001/102] iommu/vt-d: Avoid memory allocation in iommu_suspend() Greg Kroah-Hartman
@ 2023-10-16 8:40 ` Greg Kroah-Hartman
2023-10-16 8:40 ` [PATCH 5.15 003/102] scsi: core: Rename scsi_mq_done() into scsi_done() and export it Greg Kroah-Hartman
` (108 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Hannes Reinecke, Ming Lei,
Christoph Hellwig, Benjamin Block, Bean Huo, Bart Van Assche,
Martin K. Petersen, Sasha Levin
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Bart Van Assche <bvanassche@acm.org>
[ Upstream commit bf23e619039d360d503b7282d030daf2277a5d47 ]
Conditional statements are faster than indirect calls. Use a structure
member to track the SCSI command submitter such that later patches can call
scsi_done(scmd) instead of scmd->scsi_done(scmd).
The asymmetric behavior that scsi_send_eh_cmnd() sets the submission
context to the SCSI error handler and that it does not restore the
submission context to the SCSI core is retained.
Link: https://lore.kernel.org/r/20211007202923.2174984-2-bvanassche@acm.org
Cc: Hannes Reinecke <hare@suse.com>
Cc: Ming Lei <ming.lei@redhat.com>
Cc: Christoph Hellwig <hch@lst.de>
Reviewed-by: Benjamin Block <bblock@linux.ibm.com>
Reviewed-by: Bean Huo <beanhuo@micron.com>
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Stable-dep-of: e193b7955dfa ("RDMA/srp: Do not call scsi_done() from srp_abort()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/scsi_error.c | 17 ++++++-----------
drivers/scsi/scsi_lib.c | 10 ++++++++++
drivers/scsi/scsi_priv.h | 1 +
include/scsi/scsi_cmnd.h | 7 +++++++
4 files changed, 24 insertions(+), 11 deletions(-)
diff --git a/drivers/scsi/scsi_error.c b/drivers/scsi/scsi_error.c
index dd9f5778f687d..18b99240a9062 100644
--- a/drivers/scsi/scsi_error.c
+++ b/drivers/scsi/scsi_error.c
@@ -50,8 +50,6 @@
#include <asm/unaligned.h>
-static void scsi_eh_done(struct scsi_cmnd *scmd);
-
/*
* These should *probably* be handled by the host itself.
* Since it is allowed to sleep, it probably should.
@@ -542,7 +540,8 @@ enum scsi_disposition scsi_check_sense(struct scsi_cmnd *scmd)
/* handler does not care. Drop down to default handling */
}
- if (scmd->cmnd[0] == TEST_UNIT_READY && scmd->scsi_done != scsi_eh_done)
+ if (scmd->cmnd[0] == TEST_UNIT_READY &&
+ scmd->submitter != SUBMITTED_BY_SCSI_ERROR_HANDLER)
/*
* nasty: for mid-layer issued TURs, we need to return the
* actual sense data without any recovery attempt. For eh
@@ -804,7 +803,7 @@ static enum scsi_disposition scsi_eh_completed_normally(struct scsi_cmnd *scmd)
* scsi_eh_done - Completion function for error handling.
* @scmd: Cmd that is done.
*/
-static void scsi_eh_done(struct scsi_cmnd *scmd)
+void scsi_eh_done(struct scsi_cmnd *scmd)
{
struct completion *eh_action;
@@ -1104,7 +1103,7 @@ static enum scsi_disposition scsi_send_eh_cmnd(struct scsi_cmnd *scmd,
shost->eh_action = &done;
scsi_log_send(scmd);
- scmd->scsi_done = scsi_eh_done;
+ scmd->submitter = SUBMITTED_BY_SCSI_ERROR_HANDLER;
/*
* Lock sdev->state_mutex to avoid that scsi_device_quiesce() can
@@ -1131,6 +1130,7 @@ static enum scsi_disposition scsi_send_eh_cmnd(struct scsi_cmnd *scmd,
if (rtn) {
if (timeleft > stall_for) {
scsi_eh_restore_cmnd(scmd, &ses);
+
timeleft -= stall_for;
msleep(jiffies_to_msecs(stall_for));
goto retry;
@@ -2360,11 +2360,6 @@ void scsi_report_device_reset(struct Scsi_Host *shost, int channel, int target)
}
EXPORT_SYMBOL(scsi_report_device_reset);
-static void
-scsi_reset_provider_done_command(struct scsi_cmnd *scmd)
-{
-}
-
/**
* scsi_ioctl_reset: explicitly reset a host/bus/target/device
* @dev: scsi_device to operate on
@@ -2401,7 +2396,7 @@ scsi_ioctl_reset(struct scsi_device *dev, int __user *arg)
scsi_init_command(dev, scmd);
scmd->cmnd = scsi_req(rq)->cmd;
- scmd->scsi_done = scsi_reset_provider_done_command;
+ scmd->submitter = SUBMITTED_BY_SCSI_RESET_IOCTL;
memset(&scmd->sdb, 0, sizeof(scmd->sdb));
scmd->cmd_len = 0;
diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c
index 5525e6ffee537..7bdaa6b757cd4 100644
--- a/drivers/scsi/scsi_lib.c
+++ b/drivers/scsi/scsi_lib.c
@@ -1578,6 +1578,15 @@ static blk_status_t scsi_prepare_cmd(struct request *req)
static void scsi_mq_done(struct scsi_cmnd *cmd)
{
+ switch (cmd->submitter) {
+ case SUBMITTED_BY_BLOCK_LAYER:
+ break;
+ case SUBMITTED_BY_SCSI_ERROR_HANDLER:
+ return scsi_eh_done(cmd);
+ case SUBMITTED_BY_SCSI_RESET_IOCTL:
+ return;
+ }
+
if (unlikely(blk_should_fake_timeout(scsi_cmd_to_rq(cmd)->q)))
return;
if (unlikely(test_and_set_bit(SCMD_STATE_COMPLETE, &cmd->state)))
@@ -1684,6 +1693,7 @@ static blk_status_t scsi_queue_rq(struct blk_mq_hw_ctx *hctx,
scsi_set_resid(cmd, 0);
memset(cmd->sense_buffer, 0, SCSI_SENSE_BUFFERSIZE);
+ cmd->submitter = SUBMITTED_BY_BLOCK_LAYER;
cmd->scsi_done = scsi_mq_done;
blk_mq_start_request(req);
diff --git a/drivers/scsi/scsi_priv.h b/drivers/scsi/scsi_priv.h
index 6d9152031a403..b7f9631493522 100644
--- a/drivers/scsi/scsi_priv.h
+++ b/drivers/scsi/scsi_priv.h
@@ -84,6 +84,7 @@ void scsi_eh_ready_devs(struct Scsi_Host *shost,
int scsi_eh_get_sense(struct list_head *work_q,
struct list_head *done_q);
int scsi_noretry_cmd(struct scsi_cmnd *scmd);
+void scsi_eh_done(struct scsi_cmnd *scmd);
/* scsi_lib.c */
extern int scsi_maybe_unblock_host(struct scsi_device *sdev);
diff --git a/include/scsi/scsi_cmnd.h b/include/scsi/scsi_cmnd.h
index 685249233f2fe..0823bad7b0c90 100644
--- a/include/scsi/scsi_cmnd.h
+++ b/include/scsi/scsi_cmnd.h
@@ -65,6 +65,12 @@ struct scsi_pointer {
#define SCMD_STATE_COMPLETE 0
#define SCMD_STATE_INFLIGHT 1
+enum scsi_cmnd_submitter {
+ SUBMITTED_BY_BLOCK_LAYER = 0,
+ SUBMITTED_BY_SCSI_ERROR_HANDLER = 1,
+ SUBMITTED_BY_SCSI_RESET_IOCTL = 2,
+} __packed;
+
struct scsi_cmnd {
struct scsi_request req;
struct scsi_device *device;
@@ -90,6 +96,7 @@ struct scsi_cmnd {
unsigned char prot_op;
unsigned char prot_type;
unsigned char prot_flags;
+ enum scsi_cmnd_submitter submitter;
unsigned short cmd_len;
enum dma_data_direction sc_data_direction;
--
2.40.1
^ permalink raw reply related [flat|nested] 123+ messages in thread* [PATCH 5.15 003/102] scsi: core: Rename scsi_mq_done() into scsi_done() and export it
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
2023-10-16 8:40 ` [PATCH 5.15 001/102] iommu/vt-d: Avoid memory allocation in iommu_suspend() Greg Kroah-Hartman
2023-10-16 8:40 ` [PATCH 5.15 002/102] scsi: core: Use a structure member to track the SCSI command submitter Greg Kroah-Hartman
@ 2023-10-16 8:40 ` Greg Kroah-Hartman
2023-10-16 8:40 ` [PATCH 5.15 004/102] scsi: ib_srp: Call scsi_done() directly Greg Kroah-Hartman
` (107 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Benjamin Block, Bean Huo,
Bart Van Assche, Martin K. Petersen, Sasha Levin
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Bart Van Assche <bvanassche@acm.org>
[ Upstream commit a710eacb9d13cb5d9eb5341ebc6fc8f7b96f8c6f ]
Since the removal of the legacy block layer there is only one completion
function left in the SCSI core, namely scsi_mq_done(). Rename it into
scsi_done(). Export that function to allow SCSI LLDs to call it directly.
Link: https://lore.kernel.org/r/20211007202923.2174984-3-bvanassche@acm.org
Reviewed-by: Benjamin Block <bblock@linux.ibm.com>
Reviewed-by: Bean Huo <beanhuo@micron.com>
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Stable-dep-of: e193b7955dfa ("RDMA/srp: Do not call scsi_done() from srp_abort()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/scsi_lib.c | 5 +++--
include/scsi/scsi_cmnd.h | 2 ++
2 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c
index 7bdaa6b757cd4..3dbfd15e6fe79 100644
--- a/drivers/scsi/scsi_lib.c
+++ b/drivers/scsi/scsi_lib.c
@@ -1576,7 +1576,7 @@ static blk_status_t scsi_prepare_cmd(struct request *req)
return scsi_cmd_to_driver(cmd)->init_command(cmd);
}
-static void scsi_mq_done(struct scsi_cmnd *cmd)
+void scsi_done(struct scsi_cmnd *cmd)
{
switch (cmd->submitter) {
case SUBMITTED_BY_BLOCK_LAYER:
@@ -1594,6 +1594,7 @@ static void scsi_mq_done(struct scsi_cmnd *cmd)
trace_scsi_dispatch_cmd_done(cmd);
blk_mq_complete_request(scsi_cmd_to_rq(cmd));
}
+EXPORT_SYMBOL(scsi_done);
static void scsi_mq_put_budget(struct request_queue *q, int budget_token)
{
@@ -1694,7 +1695,7 @@ static blk_status_t scsi_queue_rq(struct blk_mq_hw_ctx *hctx,
scsi_set_resid(cmd, 0);
memset(cmd->sense_buffer, 0, SCSI_SENSE_BUFFERSIZE);
cmd->submitter = SUBMITTED_BY_BLOCK_LAYER;
- cmd->scsi_done = scsi_mq_done;
+ cmd->scsi_done = scsi_done;
blk_mq_start_request(req);
reason = scsi_dispatch_cmd(cmd);
diff --git a/include/scsi/scsi_cmnd.h b/include/scsi/scsi_cmnd.h
index 0823bad7b0c90..e1180771604d7 100644
--- a/include/scsi/scsi_cmnd.h
+++ b/include/scsi/scsi_cmnd.h
@@ -172,6 +172,8 @@ static inline struct scsi_driver *scsi_cmd_to_driver(struct scsi_cmnd *cmd)
return *(struct scsi_driver **)rq->rq_disk->private_data;
}
+void scsi_done(struct scsi_cmnd *cmd);
+
extern void scsi_finish_command(struct scsi_cmnd *cmd);
extern void *scsi_kmap_atomic_sg(struct scatterlist *sg, int sg_count,
--
2.40.1
^ permalink raw reply related [flat|nested] 123+ messages in thread* [PATCH 5.15 004/102] scsi: ib_srp: Call scsi_done() directly
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (2 preceding siblings ...)
2023-10-16 8:40 ` [PATCH 5.15 003/102] scsi: core: Rename scsi_mq_done() into scsi_done() and export it Greg Kroah-Hartman
@ 2023-10-16 8:40 ` Greg Kroah-Hartman
2023-10-16 8:40 ` [PATCH 5.15 005/102] RDMA/srp: Do not call scsi_done() from srp_abort() Greg Kroah-Hartman
` (106 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Bart Van Assche, Martin K. Petersen,
Sasha Levin
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Bart Van Assche <bvanassche@acm.org>
[ Upstream commit 5f9ae9eecb15ef00d89a5884add1117a8e634e7f ]
Conditional statements are faster than indirect calls. Hence call
scsi_done() directly.
Link: https://lore.kernel.org/r/20211007202923.2174984-6-bvanassche@acm.org
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Stable-dep-of: e193b7955dfa ("RDMA/srp: Do not call scsi_done() from srp_abort()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/ulp/srp/ib_srp.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/infiniband/ulp/srp/ib_srp.c b/drivers/infiniband/ulp/srp/ib_srp.c
index 7701204fe5423..df7c740e26338 100644
--- a/drivers/infiniband/ulp/srp/ib_srp.c
+++ b/drivers/infiniband/ulp/srp/ib_srp.c
@@ -1266,7 +1266,7 @@ static void srp_finish_req(struct srp_rdma_ch *ch, struct srp_request *req,
if (scmnd) {
srp_free_req(ch, req, scmnd, 0);
scmnd->result = result;
- scmnd->scsi_done(scmnd);
+ scsi_done(scmnd);
}
}
@@ -1984,7 +1984,7 @@ static void srp_process_rsp(struct srp_rdma_ch *ch, struct srp_rsp *rsp)
srp_free_req(ch, req, scmnd,
be32_to_cpu(rsp->req_lim_delta));
- scmnd->scsi_done(scmnd);
+ scsi_done(scmnd);
}
}
@@ -2236,7 +2236,7 @@ static int srp_queuecommand(struct Scsi_Host *shost, struct scsi_cmnd *scmnd)
err:
if (scmnd->result) {
- scmnd->scsi_done(scmnd);
+ scsi_done(scmnd);
ret = 0;
} else {
ret = SCSI_MLQUEUE_HOST_BUSY;
@@ -2806,7 +2806,7 @@ static int srp_abort(struct scsi_cmnd *scmnd)
if (ret == SUCCESS) {
srp_free_req(ch, req, scmnd, 0);
scmnd->result = DID_ABORT << 16;
- scmnd->scsi_done(scmnd);
+ scsi_done(scmnd);
}
return ret;
--
2.40.1
^ permalink raw reply related [flat|nested] 123+ messages in thread* [PATCH 5.15 005/102] RDMA/srp: Do not call scsi_done() from srp_abort()
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (3 preceding siblings ...)
2023-10-16 8:40 ` [PATCH 5.15 004/102] scsi: ib_srp: Call scsi_done() directly Greg Kroah-Hartman
@ 2023-10-16 8:40 ` Greg Kroah-Hartman
2023-10-16 8:40 ` [PATCH 5.15 006/102] RDMA/cxgb4: Check skb value for failure to allocate Greg Kroah-Hartman
` (105 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Bob Pearson, Shinichiro Kawasaki,
Bart Van Assche, Leon Romanovsky, Sasha Levin
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Bart Van Assche <bvanassche@acm.org>
[ Upstream commit e193b7955dfad68035b983a0011f4ef3590c85eb ]
After scmd_eh_abort_handler() has called the SCSI LLD eh_abort_handler
callback, it performs one of the following actions:
* Call scsi_queue_insert().
* Call scsi_finish_command().
* Call scsi_eh_scmd_add().
Hence, SCSI abort handlers must not call scsi_done(). Otherwise all
the above actions would trigger a use-after-free. Hence remove the
scsi_done() call from srp_abort(). Keep the srp_free_req() call
before returning SUCCESS because we may not see the command again if
SUCCESS is returned.
Cc: Bob Pearson <rpearsonhpe@gmail.com>
Cc: Shinichiro Kawasaki <shinichiro.kawasaki@wdc.com>
Fixes: d8536670916a ("IB/srp: Avoid having aborted requests hang")
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Link: https://lore.kernel.org/r/20230823205727.505681-1-bvanassche@acm.org
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/ulp/srp/ib_srp.c | 16 +++++-----------
1 file changed, 5 insertions(+), 11 deletions(-)
diff --git a/drivers/infiniband/ulp/srp/ib_srp.c b/drivers/infiniband/ulp/srp/ib_srp.c
index df7c740e26338..2938d7040f907 100644
--- a/drivers/infiniband/ulp/srp/ib_srp.c
+++ b/drivers/infiniband/ulp/srp/ib_srp.c
@@ -2783,7 +2783,6 @@ static int srp_abort(struct scsi_cmnd *scmnd)
u32 tag;
u16 ch_idx;
struct srp_rdma_ch *ch;
- int ret;
shost_printk(KERN_ERR, target->scsi_host, "SRP abort called\n");
@@ -2797,19 +2796,14 @@ static int srp_abort(struct scsi_cmnd *scmnd)
shost_printk(KERN_ERR, target->scsi_host,
"Sending SRP abort for tag %#x\n", tag);
if (srp_send_tsk_mgmt(ch, tag, scmnd->device->lun,
- SRP_TSK_ABORT_TASK, NULL) == 0)
- ret = SUCCESS;
- else if (target->rport->state == SRP_RPORT_LOST)
- ret = FAST_IO_FAIL;
- else
- ret = FAILED;
- if (ret == SUCCESS) {
+ SRP_TSK_ABORT_TASK, NULL) == 0) {
srp_free_req(ch, req, scmnd, 0);
- scmnd->result = DID_ABORT << 16;
- scsi_done(scmnd);
+ return SUCCESS;
}
+ if (target->rport->state == SRP_RPORT_LOST)
+ return FAST_IO_FAIL;
- return ret;
+ return FAILED;
}
static int srp_reset_device(struct scsi_cmnd *scmnd)
--
2.40.1
^ permalink raw reply related [flat|nested] 123+ messages in thread* [PATCH 5.15 006/102] RDMA/cxgb4: Check skb value for failure to allocate
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (4 preceding siblings ...)
2023-10-16 8:40 ` [PATCH 5.15 005/102] RDMA/srp: Do not call scsi_done() from srp_abort() Greg Kroah-Hartman
@ 2023-10-16 8:40 ` Greg Kroah-Hartman
2023-10-16 8:40 ` [PATCH 5.15 007/102] perf/arm-cmn: Fix the unhandled overflow status of counter 4 to 7 Greg Kroah-Hartman
` (104 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Artem Chernyshev, Leon Romanovsky,
Sasha Levin
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Artem Chernyshev <artem.chernyshev@red-soft.ru>
[ Upstream commit 8fb8a82086f5bda6893ea6557c5a458e4549c6d7 ]
get_skb() can fail to allocate skb, so check it.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: 5be78ee924ae ("RDMA/cxgb4: Fix LE hash collision bug for active open connection")
Signed-off-by: Artem Chernyshev <artem.chernyshev@red-soft.ru>
Link: https://lore.kernel.org/r/20230905124048.284165-1-artem.chernyshev@red-soft.ru
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/hw/cxgb4/cm.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/infiniband/hw/cxgb4/cm.c b/drivers/infiniband/hw/cxgb4/cm.c
index a3e4913904b75..f159cbb6bb3ea 100644
--- a/drivers/infiniband/hw/cxgb4/cm.c
+++ b/drivers/infiniband/hw/cxgb4/cm.c
@@ -1965,6 +1965,9 @@ static int send_fw_act_open_req(struct c4iw_ep *ep, unsigned int atid)
int win;
skb = get_skb(NULL, sizeof(*req), GFP_KERNEL);
+ if (!skb)
+ return -ENOMEM;
+
req = __skb_put_zero(skb, sizeof(*req));
req->op_compl = htonl(WR_OP_V(FW_OFLD_CONNECTION_WR));
req->len16_pkd = htonl(FW_WR_LEN16_V(DIV_ROUND_UP(sizeof(*req), 16)));
--
2.40.1
^ permalink raw reply related [flat|nested] 123+ messages in thread* [PATCH 5.15 007/102] perf/arm-cmn: Fix the unhandled overflow status of counter 4 to 7
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (5 preceding siblings ...)
2023-10-16 8:40 ` [PATCH 5.15 006/102] RDMA/cxgb4: Check skb value for failure to allocate Greg Kroah-Hartman
@ 2023-10-16 8:40 ` Greg Kroah-Hartman
2023-10-16 8:40 ` [PATCH 5.15 008/102] of: overlay: Reorder struct fragment fields kerneldoc Greg Kroah-Hartman
` (103 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jing Zhang, Robin Murphy,
Will Deacon, Sasha Levin
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jing Zhang <renyu.zj@linux.alibaba.com>
[ Upstream commit 7f949f6f54ff593123ab95b6247bfa4542a65580 ]
The register por_dt_pmovsr Bits[7:0] indicates overflow from counters 7
to 0. But in arm_cmn_handle_irq(), only handled the overflow status of
Bits[3:0] which results in unhandled overflow status of counters 4 to 7.
So let the overflow status of DTC counters 4 to 7 to be handled.
Fixes: 0ba64770a2f2 ("perf: Add Arm CMN-600 PMU driver")
Signed-off-by: Jing Zhang <renyu.zj@linux.alibaba.com>
Reviewed-by: Robin Murphy <robin.murphy@arm.com>
Link: https://lore.kernel.org/r/1695612152-123633-1-git-send-email-renyu.zj@linux.alibaba.com
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/perf/arm-cmn.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/perf/arm-cmn.c b/drivers/perf/arm-cmn.c
index 40945343c4cc1..e2a055ba0b7a8 100644
--- a/drivers/perf/arm-cmn.c
+++ b/drivers/perf/arm-cmn.c
@@ -1177,7 +1177,7 @@ static irqreturn_t arm_cmn_handle_irq(int irq, void *dev_id)
u64 delta;
int i;
- for (i = 0; i < CMN_DTM_NUM_COUNTERS; i++) {
+ for (i = 0; i < CMN_DT_NUM_COUNTERS; i++) {
if (status & (1U << i)) {
ret = IRQ_HANDLED;
if (WARN_ON(!dtc->counters[i]))
--
2.40.1
^ permalink raw reply related [flat|nested] 123+ messages in thread* [PATCH 5.15 008/102] of: overlay: Reorder struct fragment fields kerneldoc
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (6 preceding siblings ...)
2023-10-16 8:40 ` [PATCH 5.15 007/102] perf/arm-cmn: Fix the unhandled overflow status of counter 4 to 7 Greg Kroah-Hartman
@ 2023-10-16 8:40 ` Greg Kroah-Hartman
2023-10-16 8:40 ` [PATCH 5.15 009/102] platform/x86: think-lmi: Fix reference leak Greg Kroah-Hartman
` (102 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Geert Uytterhoeven, Rob Herring,
Sasha Levin
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Geert Uytterhoeven <geert+renesas@glider.be>
[ Upstream commit 5d007ffdf6025fe83e497c44ed7c8aa8f150c4d1 ]
The fields of the fragment structure were reordered, but the kerneldoc
was not updated.
Fixes: 81225ea682f45629 ("of: overlay: reorder fields in struct fragment")
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Link: https://lore.kernel.org/r/cfa36d2bb95e3c399c415dbf58057302c70ef375.1695893695.git.geert+renesas@glider.be
Signed-off-by: Rob Herring <robh@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/of/overlay.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/of/overlay.c b/drivers/of/overlay.c
index ee7f3659b353c..cea5ad907235e 100644
--- a/drivers/of/overlay.c
+++ b/drivers/of/overlay.c
@@ -45,8 +45,8 @@ struct target {
/**
* struct fragment - info about fragment nodes in overlay expanded device tree
- * @target: target of the overlay operation
* @overlay: pointer to the __overlay__ node
+ * @target: target of the overlay operation
*/
struct fragment {
struct device_node *overlay;
--
2.40.1
^ permalink raw reply related [flat|nested] 123+ messages in thread* [PATCH 5.15 009/102] platform/x86: think-lmi: Fix reference leak
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (7 preceding siblings ...)
2023-10-16 8:40 ` [PATCH 5.15 008/102] of: overlay: Reorder struct fragment fields kerneldoc Greg Kroah-Hartman
@ 2023-10-16 8:40 ` Greg Kroah-Hartman
2023-10-16 8:40 ` [PATCH 5.15 010/102] platform/x86: hp-wmi:: Mark driver struct with __refdata to prevent section mismatch warning Greg Kroah-Hartman
` (101 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mark Pearson, Ilpo Järvinen,
Armin Wolf, Hans de Goede, Sasha Levin
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Armin Wolf <W_Armin@gmx.de>
[ Upstream commit 528ab3e605cabf2f9c9bd5944d3bfe15f6e94f81 ]
If a duplicate attribute is found using kset_find_obj(), a reference
to that attribute is returned which needs to be disposed accordingly
using kobject_put(). Move the setting name validation into a separate
function to allow for this change without having to duplicate the
cleanup code for this setting.
As a side note, a very similar bug was fixed in
commit 7295a996fdab ("platform/x86: dell-sysman: Fix reference leak"),
so it seems that the bug was copied from that driver.
Compile-tested only.
Fixes: 1bcad8e510b2 ("platform/x86: think-lmi: Fix issues with duplicate attributes")
Reviewed-by: Mark Pearson <mpearson-lenovo@squebb.ca>
Reviewed-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Signed-off-by: Armin Wolf <W_Armin@gmx.de>
Link: https://lore.kernel.org/r/20230925142819.74525-2-W_Armin@gmx.de
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/x86/think-lmi.c | 24 ++++++++++++++++++++----
1 file changed, 20 insertions(+), 4 deletions(-)
diff --git a/drivers/platform/x86/think-lmi.c b/drivers/platform/x86/think-lmi.c
index 76f0d04e17f30..154b1b26d03f8 100644
--- a/drivers/platform/x86/think-lmi.c
+++ b/drivers/platform/x86/think-lmi.c
@@ -787,6 +787,24 @@ static void tlmi_release_attr(void)
kset_unregister(tlmi_priv.authentication_kset);
}
+static int tlmi_validate_setting_name(struct kset *attribute_kset, char *name)
+{
+ struct kobject *duplicate;
+
+ if (!strcmp(name, "Reserved"))
+ return -EINVAL;
+
+ duplicate = kset_find_obj(attribute_kset, name);
+ if (duplicate) {
+ pr_debug("Duplicate attribute name found - %s\n", name);
+ /* kset_find_obj() returns a reference */
+ kobject_put(duplicate);
+ return -EBUSY;
+ }
+
+ return 0;
+}
+
static int tlmi_sysfs_init(void)
{
int i, ret;
@@ -815,10 +833,8 @@ static int tlmi_sysfs_init(void)
continue;
/* check for duplicate or reserved values */
- if (kset_find_obj(tlmi_priv.attribute_kset, tlmi_priv.setting[i]->display_name) ||
- !strcmp(tlmi_priv.setting[i]->display_name, "Reserved")) {
- pr_debug("duplicate or reserved attribute name found - %s\n",
- tlmi_priv.setting[i]->display_name);
+ if (tlmi_validate_setting_name(tlmi_priv.attribute_kset,
+ tlmi_priv.setting[i]->display_name) < 0) {
kfree(tlmi_priv.setting[i]->possible_values);
kfree(tlmi_priv.setting[i]);
tlmi_priv.setting[i] = NULL;
--
2.40.1
^ permalink raw reply related [flat|nested] 123+ messages in thread* [PATCH 5.15 010/102] platform/x86: hp-wmi:: Mark driver struct with __refdata to prevent section mismatch warning
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (8 preceding siblings ...)
2023-10-16 8:40 ` [PATCH 5.15 009/102] platform/x86: think-lmi: Fix reference leak Greg Kroah-Hartman
@ 2023-10-16 8:40 ` Greg Kroah-Hartman
2023-10-16 21:36 ` Uwe Kleine-König
2023-10-16 8:40 ` [PATCH 5.15 011/102] lib/test_meminit: fix off-by-one error in test_pages() Greg Kroah-Hartman
` (100 subsequent siblings)
110 siblings, 1 reply; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Uwe Kleine-König, Hans de Goede,
Sasha Levin
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
[ Upstream commit 5b44abbc39ca15df80d0da4756078c98c831090f ]
As described in the added code comment, a reference to .exit.text is ok
for drivers registered via module_platform_driver_probe(). Make this
explicit to prevent a section mismatch warning:
WARNING: modpost: drivers/platform/x86/hp/hp-wmi: section mismatch in reference: hp_wmi_driver+0x8 (section: .data) -> hp_wmi_bios_remove (section: .exit.text)
Fixes: c165b80cfecc ("hp-wmi: fix handling of platform device")
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Link: https://lore.kernel.org/r/20231004111624.2667753-1-u.kleine-koenig@pengutronix.de
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/x86/hp/hp-wmi.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/drivers/platform/x86/hp/hp-wmi.c b/drivers/platform/x86/hp/hp-wmi.c
index 8c845d263429f..be99a78e1bb8d 100644
--- a/drivers/platform/x86/hp/hp-wmi.c
+++ b/drivers/platform/x86/hp/hp-wmi.c
@@ -1076,7 +1076,13 @@ static const struct dev_pm_ops hp_wmi_pm_ops = {
.restore = hp_wmi_resume_handler,
};
-static struct platform_driver hp_wmi_driver = {
+/*
+ * hp_wmi_bios_remove() lives in .exit.text. For drivers registered via
+ * module_platform_driver_probe() this is ok because they cannot get unbound at
+ * runtime. So mark the driver struct with __refdata to prevent modpost
+ * triggering a section mismatch warning.
+ */
+static struct platform_driver hp_wmi_driver __refdata = {
.driver = {
.name = "hp-wmi",
.pm = &hp_wmi_pm_ops,
--
2.40.1
^ permalink raw reply related [flat|nested] 123+ messages in thread* Re: [PATCH 5.15 010/102] platform/x86: hp-wmi:: Mark driver struct with __refdata to prevent section mismatch warning
2023-10-16 8:40 ` [PATCH 5.15 010/102] platform/x86: hp-wmi:: Mark driver struct with __refdata to prevent section mismatch warning Greg Kroah-Hartman
@ 2023-10-16 21:36 ` Uwe Kleine-König
0 siblings, 0 replies; 123+ messages in thread
From: Uwe Kleine-König @ 2023-10-16 21:36 UTC (permalink / raw)
To: Greg Kroah-Hartman; +Cc: stable, patches, Hans de Goede, Sasha Levin
[-- Attachment #1: Type: text/plain, Size: 1510 bytes --]
On Mon, Oct 16, 2023 at 10:40:09AM +0200, Greg Kroah-Hartman wrote:
> 5.15-stable review patch. If anyone has any objections, please let me know.
>
> ------------------
>
> From: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
>
> [ Upstream commit 5b44abbc39ca15df80d0da4756078c98c831090f ]
>
> As described in the added code comment, a reference to .exit.text is ok
> for drivers registered via module_platform_driver_probe(). Make this
> explicit to prevent a section mismatch warning:
>
> WARNING: modpost: drivers/platform/x86/hp/hp-wmi: section mismatch in reference: hp_wmi_driver+0x8 (section: .data) -> hp_wmi_bios_remove (section: .exit.text)
>
> Fixes: c165b80cfecc ("hp-wmi: fix handling of platform device")
> Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
> Link: https://lore.kernel.org/r/20231004111624.2667753-1-u.kleine-koenig@pengutronix.de
> Reviewed-by: Hans de Goede <hdegoede@redhat.com>
> Signed-off-by: Hans de Goede <hdegoede@redhat.com>
> Signed-off-by: Sasha Levin <sashal@kernel.org>
while backporting this patch shouldn't hurt, the warning triggers only
if you also backport commit f177cd0c15fc ("modpost: Don't let "driver"s
reference .exit.*"). As I assume you don't, there is no need to apply
this patch to 5.15.x (or other stable releases).
Best regards
Uwe
--
Pengutronix e.K. | Uwe Kleine-König |
Industrial Linux Solutions | https://www.pengutronix.de/ |
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
^ permalink raw reply [flat|nested] 123+ messages in thread
* [PATCH 5.15 011/102] lib/test_meminit: fix off-by-one error in test_pages()
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (9 preceding siblings ...)
2023-10-16 8:40 ` [PATCH 5.15 010/102] platform/x86: hp-wmi:: Mark driver struct with __refdata to prevent section mismatch warning Greg Kroah-Hartman
@ 2023-10-16 8:40 ` Greg Kroah-Hartman
2023-10-16 8:40 ` [PATCH 5.15 012/102] HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect Greg Kroah-Hartman
` (99 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:40 UTC (permalink / raw)
To: stable, linux-kernel
Cc: Greg Kroah-Hartman, patches, Andrew Donnellan,
Alexander Potapenko, Xiaoke Wang, Andrew Morton
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit efb78fa86e95 ("lib/test_meminit: allocate pages up to order
MAX_ORDER") works great in kernels 6.4 and newer thanks to commit
23baf831a32c ("mm, treewide: redefine MAX_ORDER sanely"), but for older
kernels, the loop is off by one, which causes crashes when the test
runs.
Fix this up by changing "<= MAX_ORDER" "< MAX_ORDER" to allow the test
to work properly for older kernel branches.
Fixes: 7ad44409cd3b ("lib/test_meminit: allocate pages up to order MAX_ORDER")
Cc: Andrew Donnellan <ajd@linux.ibm.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Xiaoke Wang <xkernel.wang@foxmail.com>
Cc: <stable@vger.kernel.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
lib/test_meminit.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/lib/test_meminit.c
+++ b/lib/test_meminit.c
@@ -86,7 +86,7 @@ static int __init test_pages(int *total_
int failures = 0, num_tests = 0;
int i;
- for (i = 0; i <= MAX_ORDER; i++)
+ for (i = 0; i < MAX_ORDER; i++)
num_tests += do_alloc_pages_order(i, &failures);
REPORT_FAILURES_IN_FN();
^ permalink raw reply [flat|nested] 123+ messages in thread* [PATCH 5.15 012/102] HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (10 preceding siblings ...)
2023-10-16 8:40 ` [PATCH 5.15 011/102] lib/test_meminit: fix off-by-one error in test_pages() Greg Kroah-Hartman
@ 2023-10-16 8:40 ` Greg Kroah-Hartman
2023-10-16 8:40 ` [PATCH 5.15 013/102] quota: Fix slow quotaoff Greg Kroah-Hartman
` (98 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:40 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Hans de Goede, Benjamin Tissoires
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hans de Goede <hdegoede@redhat.com>
commit dac501397b9d81e4782232c39f94f4307b137452 upstream.
hidpp_connect_event() has *four* time-of-check vs time-of-use (TOCTOU)
races when it races with itself.
hidpp_connect_event() primarily runs from a workqueue but it also runs
on probe() and if a "device-connected" packet is received by the hw
when the thread running hidpp_connect_event() from probe() is waiting on
the hw, then a second thread running hidpp_connect_event() will be
started from the workqueue.
This opens the following races (note the below code is simplified):
1. Retrieving + printing the protocol (harmless race):
if (!hidpp->protocol_major) {
hidpp_root_get_protocol_version()
hidpp->protocol_major = response.rap.params[0];
}
We can actually see this race hit in the dmesg in the abrt output
attached to rhbz#2227968:
[ 3064.624215] logitech-hidpp-device 0003:046D:4071.0049: HID++ 4.5 device connected.
[ 3064.658184] logitech-hidpp-device 0003:046D:4071.0049: HID++ 4.5 device connected.
Testing with extra logging added has shown that after this the 2 threads
take turn grabbing the hw access mutex (send_mutex) so they ping-pong
through all the other TOCTOU cases managing to hit all of them:
2. Updating the name to the HIDPP name (harmless race):
if (hidpp->name == hdev->name) {
...
hidpp->name = new_name;
}
3. Initializing the power_supply class for the battery (problematic!):
hidpp_initialize_battery()
{
if (hidpp->battery.ps)
return 0;
probe_battery(); /* Blocks, threads take turns executing this */
hidpp->battery.desc.properties =
devm_kmemdup(dev, hidpp_battery_props, cnt, GFP_KERNEL);
hidpp->battery.ps =
devm_power_supply_register(&hidpp->hid_dev->dev,
&hidpp->battery.desc, cfg);
}
4. Creating delayed input_device (potentially problematic):
if (hidpp->delayed_input)
return;
hidpp->delayed_input = hidpp_allocate_input(hdev);
The really big problem here is 3. Hitting the race leads to the following
sequence:
hidpp->battery.desc.properties =
devm_kmemdup(dev, hidpp_battery_props, cnt, GFP_KERNEL);
hidpp->battery.ps =
devm_power_supply_register(&hidpp->hid_dev->dev,
&hidpp->battery.desc, cfg);
...
hidpp->battery.desc.properties =
devm_kmemdup(dev, hidpp_battery_props, cnt, GFP_KERNEL);
hidpp->battery.ps =
devm_power_supply_register(&hidpp->hid_dev->dev,
&hidpp->battery.desc, cfg);
So now we have registered 2 power supplies for the same battery,
which looks a bit weird from userspace's pov but this is not even
the really big problem.
Notice how:
1. This is all devm-maganaged
2. The hidpp->battery.desc struct is shared between the 2 power supplies
3. hidpp->battery.desc.properties points to the result from the second
devm_kmemdup()
This causes a use after free scenario on USB disconnect of the receiver:
1. The last registered power supply class device gets unregistered
2. The memory from the last devm_kmemdup() call gets freed,
hidpp->battery.desc.properties now points to freed memory
3. The first registered power supply class device gets unregistered,
this involves sending a remove uevent to userspace which invokes
power_supply_uevent() to fill the uevent data
4. power_supply_uevent() uses hidpp->battery.desc.properties which
now points to freed memory leading to backtraces like this one:
Sep 22 20:01:35 eric kernel: BUG: unable to handle page fault for address: ffffb2140e017f08
...
Sep 22 20:01:35 eric kernel: Workqueue: usb_hub_wq hub_event
Sep 22 20:01:35 eric kernel: RIP: 0010:power_supply_uevent+0xee/0x1d0
...
Sep 22 20:01:35 eric kernel: ? asm_exc_page_fault+0x26/0x30
Sep 22 20:01:35 eric kernel: ? power_supply_uevent+0xee/0x1d0
Sep 22 20:01:35 eric kernel: ? power_supply_uevent+0x10d/0x1d0
Sep 22 20:01:35 eric kernel: dev_uevent+0x10f/0x2d0
Sep 22 20:01:35 eric kernel: kobject_uevent_env+0x291/0x680
Sep 22 20:01:35 eric kernel: power_supply_unregister+0x8e/0xa0
Sep 22 20:01:35 eric kernel: release_nodes+0x3d/0xb0
Sep 22 20:01:35 eric kernel: devres_release_group+0xfc/0x130
Sep 22 20:01:35 eric kernel: hid_device_remove+0x56/0xa0
Sep 22 20:01:35 eric kernel: device_release_driver_internal+0x19f/0x200
Sep 22 20:01:35 eric kernel: bus_remove_device+0xc6/0x130
Sep 22 20:01:35 eric kernel: device_del+0x15c/0x3f0
Sep 22 20:01:35 eric kernel: ? __queue_work+0x1df/0x440
Sep 22 20:01:35 eric kernel: hid_destroy_device+0x4b/0x60
Sep 22 20:01:35 eric kernel: logi_dj_remove+0x9a/0x100 [hid_logitech_dj 5c91534a0ead2b65e04dd799a0437e3b99b21bc4]
Sep 22 20:01:35 eric kernel: hid_device_remove+0x44/0xa0
Sep 22 20:01:35 eric kernel: device_release_driver_internal+0x19f/0x200
Sep 22 20:01:35 eric kernel: bus_remove_device+0xc6/0x130
Sep 22 20:01:35 eric kernel: device_del+0x15c/0x3f0
Sep 22 20:01:35 eric kernel: ? __queue_work+0x1df/0x440
Sep 22 20:01:35 eric kernel: hid_destroy_device+0x4b/0x60
Sep 22 20:01:35 eric kernel: usbhid_disconnect+0x47/0x60 [usbhid 727dcc1c0b94e6b4418727a468398ac3bca492f3]
Sep 22 20:01:35 eric kernel: usb_unbind_interface+0x90/0x270
Sep 22 20:01:35 eric kernel: device_release_driver_internal+0x19f/0x200
Sep 22 20:01:35 eric kernel: bus_remove_device+0xc6/0x130
Sep 22 20:01:35 eric kernel: device_del+0x15c/0x3f0
Sep 22 20:01:35 eric kernel: ? kobject_put+0xa0/0x1d0
Sep 22 20:01:35 eric kernel: usb_disable_device+0xcd/0x1e0
Sep 22 20:01:35 eric kernel: usb_disconnect+0xde/0x2c0
Sep 22 20:01:35 eric kernel: usb_disconnect+0xc3/0x2c0
Sep 22 20:01:35 eric kernel: hub_event+0xe80/0x1c10
There have been quite a few bug reports (see Link tags) about this crash.
Fix all the TOCTOU issues, including the really bad power-supply related
system crash on USB disconnect, by making probe() use the workqueue for
running hidpp_connect_event() too, so that it can never run more then once.
Link: https://bugzilla.redhat.com/show_bug.cgi?id=2227221
Link: https://bugzilla.redhat.com/show_bug.cgi?id=2227968
Link: https://bugzilla.redhat.com/show_bug.cgi?id=2227968
Link: https://bugzilla.redhat.com/show_bug.cgi?id=2242189
Link: https://bugzilla.kernel.org/show_bug.cgi?id=217412#c58
Cc: stable@vger.kernel.org
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Link: https://lore.kernel.org/r/20231005182638.3776-1-hdegoede@redhat.com
Signed-off-by: Benjamin Tissoires <bentiss@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/hid/hid-logitech-hidpp.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/hid/hid-logitech-hidpp.c
+++ b/drivers/hid/hid-logitech-hidpp.c
@@ -4222,7 +4222,8 @@ static int hidpp_probe(struct hid_device
goto hid_hw_init_fail;
}
- hidpp_connect_event(hidpp);
+ schedule_work(&hidpp->work);
+ flush_work(&hidpp->work);
if (will_restart) {
/* Reset the HID node state */
^ permalink raw reply [flat|nested] 123+ messages in thread* [PATCH 5.15 013/102] quota: Fix slow quotaoff
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (11 preceding siblings ...)
2023-10-16 8:40 ` [PATCH 5.15 012/102] HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect Greg Kroah-Hartman
@ 2023-10-16 8:40 ` Greg Kroah-Hartman
2023-10-16 8:40 ` [PATCH 5.15 014/102] net: prevent address rewrite in kernel_bind() Greg Kroah-Hartman
` (97 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:40 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Eric Whitney, Jan Kara
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jan Kara <jack@suse.cz>
commit 869b6ea1609f655a43251bf41757aa44e5350a8f upstream.
Eric has reported that commit dabc8b207566 ("quota: fix dqput() to
follow the guarantees dquot_srcu should provide") heavily increases
runtime of generic/270 xfstest for ext4 in nojournal mode. The reason
for this is that ext4 in nojournal mode leaves dquots dirty until the last
dqput() and thus the cleanup done in quota_release_workfn() has to write
them all. Due to the way quota_release_workfn() is written this results
in synchronize_srcu() call for each dirty dquot which makes the dquot
cleanup when turning quotas off extremely slow.
To be able to avoid synchronize_srcu() for each dirty dquot we need to
rework how we track dquots to be cleaned up. Instead of keeping the last
dquot reference while it is on releasing_dquots list, we drop it right
away and mark the dquot with new DQ_RELEASING_B bit instead. This way we
can we can remove dquot from releasing_dquots list when new reference to
it is acquired and thus there's no need to call synchronize_srcu() each
time we drop dq_list_lock.
References: https://lore.kernel.org/all/ZRytn6CxFK2oECUt@debian-BULLSEYE-live-builder-AMD64
Reported-by: Eric Whitney <enwlinux@gmail.com>
Fixes: dabc8b207566 ("quota: fix dqput() to follow the guarantees dquot_srcu should provide")
CC: stable@vger.kernel.org
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/quota/dquot.c | 66 +++++++++++++++++++++++++++--------------------
include/linux/quota.h | 4 ++
include/linux/quotaops.h | 2 -
3 files changed, 43 insertions(+), 29 deletions(-)
--- a/fs/quota/dquot.c
+++ b/fs/quota/dquot.c
@@ -233,19 +233,18 @@ static void put_quota_format(struct quot
* All dquots are placed to the end of inuse_list when first created, and this
* list is used for invalidate operation, which must look at every dquot.
*
- * When the last reference of a dquot will be dropped, the dquot will be
- * added to releasing_dquots. We'd then queue work item which would call
+ * When the last reference of a dquot is dropped, the dquot is added to
+ * releasing_dquots. We'll then queue work item which will call
* synchronize_srcu() and after that perform the final cleanup of all the
- * dquots on the list. Both releasing_dquots and free_dquots use the
- * dq_free list_head in the dquot struct. When a dquot is removed from
- * releasing_dquots, a reference count is always subtracted, and if
- * dq_count == 0 at that point, the dquot will be added to the free_dquots.
+ * dquots on the list. Each cleaned up dquot is moved to free_dquots list.
+ * Both releasing_dquots and free_dquots use the dq_free list_head in the dquot
+ * struct.
*
- * Unused dquots (dq_count == 0) are added to the free_dquots list when freed,
- * and this list is searched whenever we need an available dquot. Dquots are
- * removed from the list as soon as they are used again, and
- * dqstats.free_dquots gives the number of dquots on the list. When
- * dquot is invalidated it's completely released from memory.
+ * Unused and cleaned up dquots are in the free_dquots list and this list is
+ * searched whenever we need an available dquot. Dquots are removed from the
+ * list as soon as they are used again and dqstats.free_dquots gives the number
+ * of dquots on the list. When dquot is invalidated it's completely released
+ * from memory.
*
* Dirty dquots are added to the dqi_dirty_list of quota_info when mark
* dirtied, and this list is searched when writing dirty dquots back to
@@ -321,6 +320,7 @@ static inline void put_dquot_last(struct
static inline void put_releasing_dquots(struct dquot *dquot)
{
list_add_tail(&dquot->dq_free, &releasing_dquots);
+ set_bit(DQ_RELEASING_B, &dquot->dq_flags);
}
static inline void remove_free_dquot(struct dquot *dquot)
@@ -328,8 +328,10 @@ static inline void remove_free_dquot(str
if (list_empty(&dquot->dq_free))
return;
list_del_init(&dquot->dq_free);
- if (!atomic_read(&dquot->dq_count))
+ if (!test_bit(DQ_RELEASING_B, &dquot->dq_flags))
dqstats_dec(DQST_FREE_DQUOTS);
+ else
+ clear_bit(DQ_RELEASING_B, &dquot->dq_flags);
}
static inline void put_inuse(struct dquot *dquot)
@@ -581,12 +583,6 @@ restart:
continue;
/* Wait for dquot users */
if (atomic_read(&dquot->dq_count)) {
- /* dquot in releasing_dquots, flush and retry */
- if (!list_empty(&dquot->dq_free)) {
- spin_unlock(&dq_list_lock);
- goto restart;
- }
-
atomic_inc(&dquot->dq_count);
spin_unlock(&dq_list_lock);
/*
@@ -606,6 +602,15 @@ restart:
goto restart;
}
/*
+ * The last user already dropped its reference but dquot didn't
+ * get fully cleaned up yet. Restart the scan which flushes the
+ * work cleaning up released dquots.
+ */
+ if (test_bit(DQ_RELEASING_B, &dquot->dq_flags)) {
+ spin_unlock(&dq_list_lock);
+ goto restart;
+ }
+ /*
* Quota now has no users and it has been written on last
* dqput()
*/
@@ -696,6 +701,13 @@ int dquot_writeback_dquots(struct super_
dq_dirty);
WARN_ON(!dquot_active(dquot));
+ /* If the dquot is releasing we should not touch it */
+ if (test_bit(DQ_RELEASING_B, &dquot->dq_flags)) {
+ spin_unlock(&dq_list_lock);
+ flush_delayed_work("a_release_work);
+ spin_lock(&dq_list_lock);
+ continue;
+ }
/* Now we have active dquot from which someone is
* holding reference so we can safely just increase
@@ -809,18 +821,18 @@ static void quota_release_workfn(struct
/* Exchange the list head to avoid livelock. */
list_replace_init(&releasing_dquots, &rls_head);
spin_unlock(&dq_list_lock);
+ synchronize_srcu(&dquot_srcu);
restart:
- synchronize_srcu(&dquot_srcu);
spin_lock(&dq_list_lock);
while (!list_empty(&rls_head)) {
dquot = list_first_entry(&rls_head, struct dquot, dq_free);
- /* Dquot got used again? */
- if (atomic_read(&dquot->dq_count) > 1) {
- remove_free_dquot(dquot);
- atomic_dec(&dquot->dq_count);
- continue;
- }
+ WARN_ON_ONCE(atomic_read(&dquot->dq_count));
+ /*
+ * Note that DQ_RELEASING_B protects us from racing with
+ * invalidate_dquots() calls so we are safe to work with the
+ * dquot even after we drop dq_list_lock.
+ */
if (dquot_dirty(dquot)) {
spin_unlock(&dq_list_lock);
/* Commit dquot before releasing */
@@ -834,7 +846,6 @@ restart:
}
/* Dquot is inactive and clean, now move it to free list */
remove_free_dquot(dquot);
- atomic_dec(&dquot->dq_count);
put_dquot_last(dquot);
}
spin_unlock(&dq_list_lock);
@@ -875,6 +886,7 @@ void dqput(struct dquot *dquot)
BUG_ON(!list_empty(&dquot->dq_free));
#endif
put_releasing_dquots(dquot);
+ atomic_dec(&dquot->dq_count);
spin_unlock(&dq_list_lock);
queue_delayed_work(system_unbound_wq, "a_release_work, 1);
}
@@ -963,7 +975,7 @@ we_slept:
dqstats_inc(DQST_LOOKUPS);
}
/* Wait for dq_lock - after this we know that either dquot_release() is
- * already finished or it will be canceled due to dq_count > 1 test */
+ * already finished or it will be canceled due to dq_count > 0 test */
wait_on_dquot(dquot);
/* Read the dquot / allocate space in quota file */
if (!dquot_active(dquot)) {
--- a/include/linux/quota.h
+++ b/include/linux/quota.h
@@ -285,7 +285,9 @@ static inline void dqstats_dec(unsigned
#define DQ_FAKE_B 3 /* no limits only usage */
#define DQ_READ_B 4 /* dquot was read into memory */
#define DQ_ACTIVE_B 5 /* dquot is active (dquot_release not called) */
-#define DQ_LASTSET_B 6 /* Following 6 bits (see QIF_) are reserved\
+#define DQ_RELEASING_B 6 /* dquot is in releasing_dquots list waiting
+ * to be cleaned up */
+#define DQ_LASTSET_B 7 /* Following 6 bits (see QIF_) are reserved\
* for the mask of entries set via SETQUOTA\
* quotactl. They are set under dq_data_lock\
* and the quota format handling dquot can\
--- a/include/linux/quotaops.h
+++ b/include/linux/quotaops.h
@@ -56,7 +56,7 @@ static inline bool dquot_is_busy(struct
{
if (test_bit(DQ_MOD_B, &dquot->dq_flags))
return true;
- if (atomic_read(&dquot->dq_count) > 1)
+ if (atomic_read(&dquot->dq_count) > 0)
return true;
return false;
}
^ permalink raw reply [flat|nested] 123+ messages in thread* [PATCH 5.15 014/102] net: prevent address rewrite in kernel_bind()
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (12 preceding siblings ...)
2023-10-16 8:40 ` [PATCH 5.15 013/102] quota: Fix slow quotaoff Greg Kroah-Hartman
@ 2023-10-16 8:40 ` Greg Kroah-Hartman
2023-10-16 8:40 ` [PATCH 5.15 015/102] ALSA: usb-audio: Fix microphone sound on Opencomm2 Headset Greg Kroah-Hartman
` (96 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Willem de Bruijn, Jordan Rife,
Simon Horman, David S. Miller
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jordan Rife <jrife@google.com>
commit c889a99a21bf124c3db08d09df919f0eccc5ea4c upstream.
Similar to the change in commit 0bdf399342c5("net: Avoid address
overwrite in kernel_connect"), BPF hooks run on bind may rewrite the
address passed to kernel_bind(). This change
1) Makes a copy of the bind address in kernel_bind() to insulate
callers.
2) Replaces direct calls to sock->ops->bind() in net with kernel_bind()
Link: https://lore.kernel.org/netdev/20230912013332.2048422-1-jrife@google.com/
Fixes: 4fbac77d2d09 ("bpf: Hooks for sys_bind")
Cc: stable@vger.kernel.org
Reviewed-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: Jordan Rife <jrife@google.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/netfilter/ipvs/ip_vs_sync.c | 4 ++--
net/rds/tcp_connect.c | 2 +-
net/rds/tcp_listen.c | 2 +-
net/socket.c | 6 +++++-
4 files changed, 9 insertions(+), 5 deletions(-)
--- a/net/netfilter/ipvs/ip_vs_sync.c
+++ b/net/netfilter/ipvs/ip_vs_sync.c
@@ -1441,7 +1441,7 @@ static int bind_mcastif_addr(struct sock
sin.sin_addr.s_addr = addr;
sin.sin_port = 0;
- return sock->ops->bind(sock, (struct sockaddr*)&sin, sizeof(sin));
+ return kernel_bind(sock, (struct sockaddr *)&sin, sizeof(sin));
}
static void get_mcast_sockaddr(union ipvs_sockaddr *sa, int *salen,
@@ -1548,7 +1548,7 @@ static int make_receive_sock(struct netn
get_mcast_sockaddr(&mcast_addr, &salen, &ipvs->bcfg, id);
sock->sk->sk_bound_dev_if = dev->ifindex;
- result = sock->ops->bind(sock, (struct sockaddr *)&mcast_addr, salen);
+ result = kernel_bind(sock, (struct sockaddr *)&mcast_addr, salen);
if (result < 0) {
pr_err("Error binding to the multicast addr\n");
goto error;
--- a/net/rds/tcp_connect.c
+++ b/net/rds/tcp_connect.c
@@ -142,7 +142,7 @@ int rds_tcp_conn_path_connect(struct rds
addrlen = sizeof(sin);
}
- ret = sock->ops->bind(sock, addr, addrlen);
+ ret = kernel_bind(sock, addr, addrlen);
if (ret) {
rdsdebug("bind failed with %d at address %pI6c\n",
ret, &conn->c_laddr);
--- a/net/rds/tcp_listen.c
+++ b/net/rds/tcp_listen.c
@@ -301,7 +301,7 @@ struct socket *rds_tcp_listen_init(struc
addr_len = sizeof(*sin);
}
- ret = sock->ops->bind(sock, (struct sockaddr *)&ss, addr_len);
+ ret = kernel_bind(sock, (struct sockaddr *)&ss, addr_len);
if (ret < 0) {
rdsdebug("could not bind %s listener socket: %d\n",
isv6 ? "IPv6" : "IPv4", ret);
--- a/net/socket.c
+++ b/net/socket.c
@@ -3400,7 +3400,11 @@ static long compat_sock_ioctl(struct fil
int kernel_bind(struct socket *sock, struct sockaddr *addr, int addrlen)
{
- return sock->ops->bind(sock, addr, addrlen);
+ struct sockaddr_storage address;
+
+ memcpy(&address, addr, addrlen);
+
+ return sock->ops->bind(sock, (struct sockaddr *)&address, addrlen);
}
EXPORT_SYMBOL(kernel_bind);
^ permalink raw reply [flat|nested] 123+ messages in thread* [PATCH 5.15 015/102] ALSA: usb-audio: Fix microphone sound on Opencomm2 Headset
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (13 preceding siblings ...)
2023-10-16 8:40 ` [PATCH 5.15 014/102] net: prevent address rewrite in kernel_bind() Greg Kroah-Hartman
@ 2023-10-16 8:40 ` Greg Kroah-Hartman
2023-10-16 8:40 ` [PATCH 5.15 016/102] KEYS: trusted: allow use of kernel RNG for key material Greg Kroah-Hartman
` (95 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:40 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, WhaleChang, Takashi Iwai
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: WhaleChang <whalechang@google.com>
commit 6a83d6f3bb3c329a73e3483651fb77b78bac1878 upstream.
When a Opencomm2 Headset is connected to a Bluetooth USB dongle,
the audio playback functions properly, but the microphone does not work.
In the dmesg logs, there are messages indicating that the init_pitch
function fails when the capture process begins.
The microphone only functions when the ep pitch control is not set.
Toggling the pitch control off bypasses the init_piatch function
and allows the microphone to work.
Signed-off-by: WhaleChang <whalechang@google.com>
Link: https://lore.kernel.org/r/20231006044852.4181022-1-whalechang@google.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/usb/quirks.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
--- a/sound/usb/quirks.c
+++ b/sound/usb/quirks.c
@@ -1725,7 +1725,11 @@ void snd_usb_audioformat_attributes_quir
/* mic works only when ep packet size is set to wMaxPacketSize */
fp->attributes |= UAC_EP_CS_ATTR_FILL_MAX;
break;
-
+ case USB_ID(0x3511, 0x2b1e): /* Opencomm2 UC USB Bluetooth dongle */
+ /* mic works only when ep pitch control is not set */
+ if (stream == SNDRV_PCM_STREAM_CAPTURE)
+ fp->attributes &= ~UAC_EP_CS_ATTR_PITCH_CONTROL;
+ break;
}
}
^ permalink raw reply [flat|nested] 123+ messages in thread* [PATCH 5.15 016/102] KEYS: trusted: allow use of kernel RNG for key material
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (14 preceding siblings ...)
2023-10-16 8:40 ` [PATCH 5.15 015/102] ALSA: usb-audio: Fix microphone sound on Opencomm2 Headset Greg Kroah-Hartman
@ 2023-10-16 8:40 ` Greg Kroah-Hartman
2023-10-16 8:40 ` [PATCH 5.15 017/102] KEYS: trusted: Remove redundant static calls usage Greg Kroah-Hartman
` (94 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jarkko Sakkinen, Sumit Garg,
Pankaj Gupta, David Gstir, Ahmad Fatoum, Sasha Levin,
Michael Walle, John Ernberg
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ahmad Fatoum <a.fatoum@pengutronix.de>
[ Upstream commit fcd7c26901c83681532c6daac599e53d4df11738 ]
The two existing trusted key sources don't make use of the kernel RNG,
but instead let the hardware doing the sealing/unsealing also
generate the random key material. However, both users and future
backends may want to place less trust into the quality of the trust
source's random number generator and instead reuse the kernel entropy
pool, which can be seeded from multiple entropy sources.
Make this possible by adding a new trusted.rng parameter,
that will force use of the kernel RNG. In its absence, it's up
to the trust source to decide, which random numbers to use,
maintaining the existing behavior.
Suggested-by: Jarkko Sakkinen <jarkko@kernel.org>
Acked-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Reviewed-by: David Gstir <david@sigma-star.at>
Reviewed-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Tested-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Tested-by: Michael Walle <michael@walle.cc> # on ls1028a (non-E and E)
Tested-by: John Ernberg <john.ernberg@actia.se> # iMX8QXP
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Stable-dep-of: 01bbafc63b65 ("KEYS: trusted: Remove redundant static calls usage")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../admin-guide/kernel-parameters.txt | 10 ++++++
.../security/keys/trusted-encrypted.rst | 20 ++++++-----
include/keys/trusted-type.h | 2 +-
security/keys/trusted-keys/trusted_core.c | 35 ++++++++++++++++++-
4 files changed, 57 insertions(+), 10 deletions(-)
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 2cd4d66ab64c2..34b093e7f8910 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -5920,6 +5920,16 @@
first trust source as a backend which is initialized
successfully during iteration.
+ trusted.rng= [KEYS]
+ Format: <string>
+ The RNG used to generate key material for trusted keys.
+ Can be one of:
+ - "kernel"
+ - the same value as trusted.source: "tpm" or "tee"
+ - "default"
+ If not specified, "default" is used. In this case,
+ the RNG's choice is left to each individual trust source.
+
tsc= Disable clocksource stability checks for TSC.
Format: <string>
[x86] reliable: mark tsc clocksource as reliable, this
diff --git a/Documentation/security/keys/trusted-encrypted.rst b/Documentation/security/keys/trusted-encrypted.rst
index 80d5a5af62a1d..99cf34d7c025b 100644
--- a/Documentation/security/keys/trusted-encrypted.rst
+++ b/Documentation/security/keys/trusted-encrypted.rst
@@ -87,22 +87,26 @@ Key Generation
Trusted Keys
------------
-New keys are created from random numbers generated in the trust source. They
-are encrypted/decrypted using a child key in the storage key hierarchy.
-Encryption and decryption of the child key must be protected by a strong
-access control policy within the trust source.
+New keys are created from random numbers. They are encrypted/decrypted using
+a child key in the storage key hierarchy. Encryption and decryption of the
+child key must be protected by a strong access control policy within the
+trust source. The random number generator in use differs according to the
+selected trust source:
- * TPM (hardware device) based RNG
+ * TPM: hardware device based RNG
- Strength of random numbers may vary from one device manufacturer to
- another.
+ Keys are generated within the TPM. Strength of random numbers may vary
+ from one device manufacturer to another.
- * TEE (OP-TEE based on Arm TrustZone) based RNG
+ * TEE: OP-TEE based on Arm TrustZone based RNG
RNG is customizable as per platform needs. It can either be direct output
from platform specific hardware RNG or a software based Fortuna CSPRNG
which can be seeded via multiple entropy sources.
+Users may override this by specifying ``trusted.rng=kernel`` on the kernel
+command-line to override the used RNG with the kernel's random number pool.
+
Encrypted Keys
--------------
diff --git a/include/keys/trusted-type.h b/include/keys/trusted-type.h
index d89fa2579ac05..4eb64548a74f1 100644
--- a/include/keys/trusted-type.h
+++ b/include/keys/trusted-type.h
@@ -64,7 +64,7 @@ struct trusted_key_ops {
/* Unseal a key. */
int (*unseal)(struct trusted_key_payload *p, char *datablob);
- /* Get a randomized key. */
+ /* Optional: Get a randomized key. */
int (*get_random)(unsigned char *key, size_t key_len);
/* Exit key interface. */
diff --git a/security/keys/trusted-keys/trusted_core.c b/security/keys/trusted-keys/trusted_core.c
index 9b9d3ef79cbe3..79806594384e3 100644
--- a/security/keys/trusted-keys/trusted_core.c
+++ b/security/keys/trusted-keys/trusted_core.c
@@ -16,12 +16,17 @@
#include <linux/key-type.h>
#include <linux/module.h>
#include <linux/parser.h>
+#include <linux/random.h>
#include <linux/rcupdate.h>
#include <linux/slab.h>
#include <linux/static_call.h>
#include <linux/string.h>
#include <linux/uaccess.h>
+static char *trusted_rng = "default";
+module_param_named(rng, trusted_rng, charp, 0);
+MODULE_PARM_DESC(rng, "Select trusted key RNG");
+
static char *trusted_key_source;
module_param_named(source, trusted_key_source, charp, 0);
MODULE_PARM_DESC(source, "Select trusted keys source (tpm or tee)");
@@ -312,8 +317,14 @@ struct key_type key_type_trusted = {
};
EXPORT_SYMBOL_GPL(key_type_trusted);
+static int kernel_get_random(unsigned char *key, size_t key_len)
+{
+ return get_random_bytes_wait(key, key_len) ?: key_len;
+}
+
static int __init init_trusted(void)
{
+ int (*get_random)(unsigned char *key, size_t key_len);
int i, ret = 0;
for (i = 0; i < ARRAY_SIZE(trusted_key_sources); i++) {
@@ -322,6 +333,28 @@ static int __init init_trusted(void)
strlen(trusted_key_sources[i].name)))
continue;
+ /*
+ * We always support trusted.rng="kernel" and "default" as
+ * well as trusted.rng=$trusted.source if the trust source
+ * defines its own get_random callback.
+ */
+ get_random = trusted_key_sources[i].ops->get_random;
+ if (trusted_rng && strcmp(trusted_rng, "default")) {
+ if (!strcmp(trusted_rng, "kernel")) {
+ get_random = kernel_get_random;
+ } else if (strcmp(trusted_rng, trusted_key_sources[i].name) ||
+ !get_random) {
+ pr_warn("Unsupported RNG. Supported: kernel");
+ if (get_random)
+ pr_cont(", %s", trusted_key_sources[i].name);
+ pr_cont(", default\n");
+ return -EINVAL;
+ }
+ }
+
+ if (!get_random)
+ get_random = kernel_get_random;
+
static_call_update(trusted_key_init,
trusted_key_sources[i].ops->init);
static_call_update(trusted_key_seal,
@@ -329,7 +362,7 @@ static int __init init_trusted(void)
static_call_update(trusted_key_unseal,
trusted_key_sources[i].ops->unseal);
static_call_update(trusted_key_get_random,
- trusted_key_sources[i].ops->get_random);
+ get_random);
static_call_update(trusted_key_exit,
trusted_key_sources[i].ops->exit);
migratable = trusted_key_sources[i].ops->migratable;
--
2.40.1
^ permalink raw reply related [flat|nested] 123+ messages in thread* [PATCH 5.15 017/102] KEYS: trusted: Remove redundant static calls usage
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (15 preceding siblings ...)
2023-10-16 8:40 ` [PATCH 5.15 016/102] KEYS: trusted: allow use of kernel RNG for key material Greg Kroah-Hartman
@ 2023-10-16 8:40 ` Greg Kroah-Hartman
2023-10-16 8:40 ` [PATCH 5.15 018/102] drm/msm/dp: do not reinitialize phy unless retry during link training Greg Kroah-Hartman
` (93 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Sumit Garg, Linus Torvalds,
Sasha Levin, Hyeonggon Yoo
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sumit Garg <sumit.garg@linaro.org>
[ Upstream commit 01bbafc63b65689cb179ca537971286bc27f3b74 ]
Static calls invocations aren't well supported from module __init and
__exit functions. Especially the static call from cleanup_trusted() led
to a crash on x86 kernel with CONFIG_DEBUG_VIRTUAL=y.
However, the usage of static call invocations for trusted_key_init()
and trusted_key_exit() don't add any value from either a performance or
security perspective. Hence switch to use indirect function calls instead.
Note here that although it will fix the current crash report, ultimately
the static call infrastructure should be fixed to either support its
future usage from module __init and __exit functions or not.
Reported-and-tested-by: Hyeonggon Yoo <42.hyeyoo@gmail.com>
Link: https://lore.kernel.org/lkml/ZRhKq6e5nF%2F4ZIV1@fedora/#t
Fixes: 5d0682be3189 ("KEYS: trusted: Add generic trusted keys framework")
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
security/keys/trusted-keys/trusted_core.c | 13 +++++--------
1 file changed, 5 insertions(+), 8 deletions(-)
diff --git a/security/keys/trusted-keys/trusted_core.c b/security/keys/trusted-keys/trusted_core.c
index 79806594384e3..386e5f6e368ab 100644
--- a/security/keys/trusted-keys/trusted_core.c
+++ b/security/keys/trusted-keys/trusted_core.c
@@ -40,13 +40,12 @@ static const struct trusted_key_source trusted_key_sources[] = {
#endif
};
-DEFINE_STATIC_CALL_NULL(trusted_key_init, *trusted_key_sources[0].ops->init);
DEFINE_STATIC_CALL_NULL(trusted_key_seal, *trusted_key_sources[0].ops->seal);
DEFINE_STATIC_CALL_NULL(trusted_key_unseal,
*trusted_key_sources[0].ops->unseal);
DEFINE_STATIC_CALL_NULL(trusted_key_get_random,
*trusted_key_sources[0].ops->get_random);
-DEFINE_STATIC_CALL_NULL(trusted_key_exit, *trusted_key_sources[0].ops->exit);
+static void (*trusted_key_exit)(void);
static unsigned char migratable;
enum {
@@ -355,19 +354,16 @@ static int __init init_trusted(void)
if (!get_random)
get_random = kernel_get_random;
- static_call_update(trusted_key_init,
- trusted_key_sources[i].ops->init);
static_call_update(trusted_key_seal,
trusted_key_sources[i].ops->seal);
static_call_update(trusted_key_unseal,
trusted_key_sources[i].ops->unseal);
static_call_update(trusted_key_get_random,
get_random);
- static_call_update(trusted_key_exit,
- trusted_key_sources[i].ops->exit);
+ trusted_key_exit = trusted_key_sources[i].ops->exit;
migratable = trusted_key_sources[i].ops->migratable;
- ret = static_call(trusted_key_init)();
+ ret = trusted_key_sources[i].ops->init();
if (!ret)
break;
}
@@ -384,7 +380,8 @@ static int __init init_trusted(void)
static void __exit cleanup_trusted(void)
{
- static_call_cond(trusted_key_exit)();
+ if (trusted_key_exit)
+ (*trusted_key_exit)();
}
late_initcall(init_trusted);
--
2.40.1
^ permalink raw reply related [flat|nested] 123+ messages in thread* [PATCH 5.15 018/102] drm/msm/dp: do not reinitialize phy unless retry during link training
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (16 preceding siblings ...)
2023-10-16 8:40 ` [PATCH 5.15 017/102] KEYS: trusted: Remove redundant static calls usage Greg Kroah-Hartman
@ 2023-10-16 8:40 ` Greg Kroah-Hartman
2023-10-16 8:40 ` [PATCH 5.15 019/102] drm/msm/dsi: skip the wait for video mode done if not applicable Greg Kroah-Hartman
` (92 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Kuogee Hsieh, Abhinav Kumar,
Stephen Boyd, Dmitry Baryshkov, Sasha Levin
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kuogee Hsieh <quic_khsieh@quicinc.com>
[ Upstream commit 0c1a2e69bcb506f48ebf94bd199bab0b93f66da2 ]
DP PHY re-initialization done using dp_ctrl_reinitialize_mainlink() will
cause PLL unlocked initially and then PLL gets locked at the end of
initialization. PLL_UNLOCKED interrupt will fire during this time if the
interrupt mask is enabled.
However currently DP driver link training implementation incorrectly
re-initializes PHY unconditionally during link training as the PHY was
already configured in dp_ctrl_enable_mainlink_clocks().
Fix this by re-initializing the PHY only if the previous link training
failed.
[drm:dp_aux_isr] *ERROR* Unexpected DP AUX IRQ 0x01000000 when not busy
Fixes: c943b4948b58 ("drm/msm/dp: add displayPort driver support")
Closes: https://gitlab.freedesktop.org/drm/msm/-/issues/30
Signed-off-by: Kuogee Hsieh <quic_khsieh@quicinc.com>
Tested-by: Abhinav Kumar <quic_abhinavk@quicinc.com> # sc7280
Reviewed-by: Abhinav Kumar <quic_abhinavk@quicinc.com>
Reviewed-by: Stephen Boyd <swboyd@chromium.org>
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Tested-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Patchwork: https://patchwork.freedesktop.org/patch/551847/
Link: https://lore.kernel.org/r/1691533190-19335-1-git-send-email-quic_khsieh@quicinc.com
[quic_abhinavk@quicinc.com: added line break in commit text]
Signed-off-by: Abhinav Kumar <quic_abhinavk@quicinc.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/msm/dp/dp_ctrl.c | 13 ++++++-------
1 file changed, 6 insertions(+), 7 deletions(-)
diff --git a/drivers/gpu/drm/msm/dp/dp_ctrl.c b/drivers/gpu/drm/msm/dp/dp_ctrl.c
index 6d9eec98e0d38..854173df67018 100644
--- a/drivers/gpu/drm/msm/dp/dp_ctrl.c
+++ b/drivers/gpu/drm/msm/dp/dp_ctrl.c
@@ -1682,13 +1682,6 @@ int dp_ctrl_on_link(struct dp_ctrl *dp_ctrl)
return rc;
while (--link_train_max_retries) {
- rc = dp_ctrl_reinitialize_mainlink(ctrl);
- if (rc) {
- DRM_ERROR("Failed to reinitialize mainlink. rc=%d\n",
- rc);
- break;
- }
-
training_step = DP_TRAINING_NONE;
rc = dp_ctrl_setup_main_link(ctrl, &training_step);
if (rc == 0) {
@@ -1740,6 +1733,12 @@ int dp_ctrl_on_link(struct dp_ctrl *dp_ctrl)
/* stop link training before start re training */
dp_ctrl_clear_training_pattern(ctrl);
}
+
+ rc = dp_ctrl_reinitialize_mainlink(ctrl);
+ if (rc) {
+ DRM_ERROR("Failed to reinitialize mainlink. rc=%d\n", rc);
+ break;
+ }
}
if (ctrl->link->sink_request & DP_TEST_LINK_PHY_TEST_PATTERN)
--
2.40.1
^ permalink raw reply related [flat|nested] 123+ messages in thread* [PATCH 5.15 019/102] drm/msm/dsi: skip the wait for video mode done if not applicable
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (17 preceding siblings ...)
2023-10-16 8:40 ` [PATCH 5.15 018/102] drm/msm/dp: do not reinitialize phy unless retry during link training Greg Kroah-Hartman
@ 2023-10-16 8:40 ` Greg Kroah-Hartman
2023-10-16 8:40 ` [PATCH 5.15 020/102] drm/msm/dsi: fix irq_of_parse_and_map() error checking Greg Kroah-Hartman
` (91 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Abhinav Kumar, Dmitry Baryshkov,
Sasha Levin
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Abhinav Kumar <quic_abhinavk@quicinc.com>
[ Upstream commit ab483e3adcc178254eb1ce0fbdfbea65f86f1006 ]
dsi_wait4video_done() API waits for the DSI video mode engine to
become idle so that we can transmit the DCS commands in the
beginning of BLLP. However, with the current sequence, the MDP
timing engine is turned on after the panel's pre_enable() callback
which can send out the DCS commands needed to power up the panel.
During those cases, this API will always timeout and print out the
error spam leading to long bootup times and log flooding.
Fix this by checking if the DSI video engine was actually busy before
waiting for it to become idle otherwise this is a redundant wait.
changes in v2:
- move the reg read below the video mode check
- minor fixes in commit text
Closes: https://gitlab.freedesktop.org/drm/msm/-/issues/34
Fixes: a689554ba6ed ("drm/msm: Initial add DSI connector support")
Signed-off-by: Abhinav Kumar <quic_abhinavk@quicinc.com>
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Patchwork: https://patchwork.freedesktop.org/patch/557853/
Link: https://lore.kernel.org/r/20230915204426.19011-1-quic_abhinavk@quicinc.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/msm/dsi/dsi_host.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/drivers/gpu/drm/msm/dsi/dsi_host.c b/drivers/gpu/drm/msm/dsi/dsi_host.c
index d3ec4d67a9a35..b577fed38c6d4 100644
--- a/drivers/gpu/drm/msm/dsi/dsi_host.c
+++ b/drivers/gpu/drm/msm/dsi/dsi_host.c
@@ -1079,9 +1079,21 @@ static void dsi_wait4video_done(struct msm_dsi_host *msm_host)
static void dsi_wait4video_eng_busy(struct msm_dsi_host *msm_host)
{
+ u32 data;
+
if (!(msm_host->mode_flags & MIPI_DSI_MODE_VIDEO))
return;
+ data = dsi_read(msm_host, REG_DSI_STATUS0);
+
+ /* if video mode engine is not busy, its because
+ * either timing engine was not turned on or the
+ * DSI controller has finished transmitting the video
+ * data already, so no need to wait in those cases
+ */
+ if (!(data & DSI_STATUS0_VIDEO_MODE_ENGINE_BUSY))
+ return;
+
if (msm_host->power_on && msm_host->enabled) {
dsi_wait4video_done(msm_host);
/* delay 4 ms to skip BLLP */
--
2.40.1
^ permalink raw reply related [flat|nested] 123+ messages in thread* [PATCH 5.15 020/102] drm/msm/dsi: fix irq_of_parse_and_map() error checking
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (18 preceding siblings ...)
2023-10-16 8:40 ` [PATCH 5.15 019/102] drm/msm/dsi: skip the wait for video mode done if not applicable Greg Kroah-Hartman
@ 2023-10-16 8:40 ` Greg Kroah-Hartman
2023-10-16 8:40 ` [PATCH 5.15 021/102] drm/msm/dpu: change _dpu_plane_calc_bw() to use u64 to avoid overflow Greg Kroah-Hartman
` (90 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dan Carpenter, Konrad Dybcio,
Abhinav Kumar, Sasha Levin
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dan Carpenter <dan.carpenter@linaro.org>
[ Upstream commit 6a1d4c7976dd1ee7c9f80bc8e62801ec7b1f2f58 ]
The irq_of_parse_and_map() function returns zero on error. It
never returns negative error codes. Fix the check.
Fixes: a689554ba6ed ("drm/msm: Initial add DSI connector support")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Reviewed-by: Konrad Dybcio <konrad.dybcio@linaro.org>
Reviewed-by: Abhinav Kumar <quic_abhinavk@quicinc.com>
Patchwork: https://patchwork.freedesktop.org/patch/557715/
Link: https://lore.kernel.org/r/4f3c5c98-04f7-43f7-900f-5d7482c83eef@moroto.mountain
Signed-off-by: Abhinav Kumar <quic_abhinavk@quicinc.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/msm/dsi/dsi_host.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/drivers/gpu/drm/msm/dsi/dsi_host.c b/drivers/gpu/drm/msm/dsi/dsi_host.c
index b577fed38c6d4..85dec6167e0b6 100644
--- a/drivers/gpu/drm/msm/dsi/dsi_host.c
+++ b/drivers/gpu/drm/msm/dsi/dsi_host.c
@@ -1917,10 +1917,9 @@ int msm_dsi_host_init(struct msm_dsi *msm_dsi)
}
msm_host->irq = irq_of_parse_and_map(pdev->dev.of_node, 0);
- if (msm_host->irq < 0) {
- ret = msm_host->irq;
- dev_err(&pdev->dev, "failed to get irq: %d\n", ret);
- return ret;
+ if (!msm_host->irq) {
+ dev_err(&pdev->dev, "failed to get irq\n");
+ return -EINVAL;
}
/* do not autoenable, will be enabled later */
--
2.40.1
^ permalink raw reply related [flat|nested] 123+ messages in thread* [PATCH 5.15 021/102] drm/msm/dpu: change _dpu_plane_calc_bw() to use u64 to avoid overflow
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (19 preceding siblings ...)
2023-10-16 8:40 ` [PATCH 5.15 020/102] drm/msm/dsi: fix irq_of_parse_and_map() error checking Greg Kroah-Hartman
@ 2023-10-16 8:40 ` Greg Kroah-Hartman
2023-10-16 8:40 ` [PATCH 5.15 022/102] ravb: Fix up dma_free_coherent() call in ravb_remove() Greg Kroah-Hartman
` (89 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dmitry Baryshkov, Nia Espera,
Abhinav Kumar, Sasha Levin
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Abhinav Kumar <quic_abhinavk@quicinc.com>
[ Upstream commit 95e681ca3b65e4ce3d2537b47672d787b7d30375 ]
_dpu_plane_calc_bw() uses integer variables to calculate the bandwidth
used during plane bandwidth calculations. However for high resolution
displays this overflows easily and leads to below errors
[dpu error]crtc83 failed performance check -7
Promote the intermediate variables to u64 to avoid overflow.
changes in v2:
- change to u64 where actually needed in the math
Fixes: c33b7c0389e1 ("drm/msm/dpu: add support for clk and bw scaling for display")
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Reported-by: Nia Espera <nespera@igalia.com>
Closes: https://gitlab.freedesktop.org/drm/msm/-/issues/32
Tested-by: Nia Espera <nespera@igalia.com>
Patchwork: https://patchwork.freedesktop.org/patch/556288/
Link: https://lore.kernel.org/r/20230908012616.20654-1-quic_abhinavk@quicinc.com
Signed-off-by: Abhinav Kumar <quic_abhinavk@quicinc.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c b/drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c
index 59390dc3d1b8c..9c30ab106b0a1 100644
--- a/drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c
+++ b/drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c
@@ -158,6 +158,7 @@ static void _dpu_plane_calc_bw(struct drm_plane *plane,
const struct dpu_format *fmt = NULL;
struct dpu_kms *dpu_kms = _dpu_plane_get_kms(plane);
int src_width, src_height, dst_height, fps;
+ u64 plane_pixel_rate, plane_bit_rate;
u64 plane_prefill_bw;
u64 plane_bw;
u32 hw_latency_lines;
@@ -180,13 +181,12 @@ static void _dpu_plane_calc_bw(struct drm_plane *plane,
scale_factor = src_height > dst_height ?
mult_frac(src_height, 1, dst_height) : 1;
- plane_bw =
- src_width * mode->vtotal * fps * fmt->bpp *
- scale_factor;
+ plane_pixel_rate = src_width * mode->vtotal * fps;
+ plane_bit_rate = plane_pixel_rate * fmt->bpp;
- plane_prefill_bw =
- src_width * hw_latency_lines * fps * fmt->bpp *
- scale_factor * mode->vtotal;
+ plane_bw = plane_bit_rate * scale_factor;
+
+ plane_prefill_bw = plane_bw * hw_latency_lines;
if ((vbp+vpw) > hw_latency_lines)
do_div(plane_prefill_bw, (vbp+vpw));
--
2.40.1
^ permalink raw reply related [flat|nested] 123+ messages in thread* [PATCH 5.15 022/102] ravb: Fix up dma_free_coherent() call in ravb_remove()
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (20 preceding siblings ...)
2023-10-16 8:40 ` [PATCH 5.15 021/102] drm/msm/dpu: change _dpu_plane_calc_bw() to use u64 to avoid overflow Greg Kroah-Hartman
@ 2023-10-16 8:40 ` Greg Kroah-Hartman
2023-10-16 8:40 ` [PATCH 5.15 023/102] ravb: Fix use-after-free issue in ravb_tx_timeout_work() Greg Kroah-Hartman
` (88 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yoshihiro Shimoda, Sergey Shtylyov,
Jakub Kicinski, Sasha Levin
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
[ Upstream commit e6864af61493113558c502b5cd0d754c19b93277 ]
In ravb_remove(), dma_free_coherent() should be call after
unregister_netdev(). Otherwise, this controller is possible to use
the freed buffer.
Fixes: c156633f1353 ("Renesas Ethernet AVB driver proper")
Signed-off-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
Reviewed-by: Sergey Shtylyov <s.shtylyov@omp.ru>
Link: https://lore.kernel.org/r/20231005011201.14368-2-yoshihiro.shimoda.uh@renesas.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/renesas/ravb_main.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/renesas/ravb_main.c b/drivers/net/ethernet/renesas/ravb_main.c
index 4ee72d33e9cb7..a866a38ebea55 100644
--- a/drivers/net/ethernet/renesas/ravb_main.c
+++ b/drivers/net/ethernet/renesas/ravb_main.c
@@ -2382,14 +2382,14 @@ static int ravb_remove(struct platform_device *pdev)
clk_disable_unprepare(priv->refclk);
- dma_free_coherent(ndev->dev.parent, priv->desc_bat_size, priv->desc_bat,
- priv->desc_bat_dma);
/* Set reset mode */
ravb_write(ndev, CCC_OPC_RESET, CCC);
unregister_netdev(ndev);
netif_napi_del(&priv->napi[RAVB_NC]);
netif_napi_del(&priv->napi[RAVB_BE]);
ravb_mdio_release(priv);
+ dma_free_coherent(ndev->dev.parent, priv->desc_bat_size, priv->desc_bat,
+ priv->desc_bat_dma);
pm_runtime_put_sync(&pdev->dev);
pm_runtime_disable(&pdev->dev);
reset_control_assert(priv->rstc);
--
2.40.1
^ permalink raw reply related [flat|nested] 123+ messages in thread* [PATCH 5.15 023/102] ravb: Fix use-after-free issue in ravb_tx_timeout_work()
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (21 preceding siblings ...)
2023-10-16 8:40 ` [PATCH 5.15 022/102] ravb: Fix up dma_free_coherent() call in ravb_remove() Greg Kroah-Hartman
@ 2023-10-16 8:40 ` Greg Kroah-Hartman
2023-10-16 8:40 ` [PATCH 5.15 024/102] ieee802154: ca8210: Fix a potential UAF in ca8210_probe Greg Kroah-Hartman
` (87 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zheng Wang, Yoshihiro Shimoda,
Sergey Shtylyov, Jakub Kicinski, Sasha Levin
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
[ Upstream commit 3971442870713de527684398416970cf025b4f89 ]
The ravb_stop() should call cancel_work_sync(). Otherwise,
ravb_tx_timeout_work() is possible to use the freed priv after
ravb_remove() was called like below:
CPU0 CPU1
ravb_tx_timeout()
ravb_remove()
unregister_netdev()
free_netdev(ndev)
// free priv
ravb_tx_timeout_work()
// use priv
unregister_netdev() will call .ndo_stop() so that ravb_stop() is
called. And, after phy_stop() is called, netif_carrier_off()
is also called. So that .ndo_tx_timeout() will not be called
after phy_stop().
Fixes: c156633f1353 ("Renesas Ethernet AVB driver proper")
Reported-by: Zheng Wang <zyytlz.wz@163.com>
Closes: https://lore.kernel.org/netdev/20230725030026.1664873-1-zyytlz.wz@163.com/
Signed-off-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
Reviewed-by: Sergey Shtylyov <s.shtylyov@omp.ru>
Link: https://lore.kernel.org/r/20231005011201.14368-3-yoshihiro.shimoda.uh@renesas.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/renesas/ravb_main.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/net/ethernet/renesas/ravb_main.c b/drivers/net/ethernet/renesas/ravb_main.c
index a866a38ebea55..19733c9a7c25e 100644
--- a/drivers/net/ethernet/renesas/ravb_main.c
+++ b/drivers/net/ethernet/renesas/ravb_main.c
@@ -1774,6 +1774,8 @@ static int ravb_close(struct net_device *ndev)
of_phy_deregister_fixed_link(np);
}
+ cancel_work_sync(&priv->work);
+
if (info->multi_irqs) {
free_irq(priv->tx_irqs[RAVB_NC], ndev);
free_irq(priv->rx_irqs[RAVB_NC], ndev);
--
2.40.1
^ permalink raw reply related [flat|nested] 123+ messages in thread* [PATCH 5.15 024/102] ieee802154: ca8210: Fix a potential UAF in ca8210_probe
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (22 preceding siblings ...)
2023-10-16 8:40 ` [PATCH 5.15 023/102] ravb: Fix use-after-free issue in ravb_tx_timeout_work() Greg Kroah-Hartman
@ 2023-10-16 8:40 ` Greg Kroah-Hartman
2023-10-16 8:40 ` [PATCH 5.15 025/102] mlxsw: fix mlxsw_sp2_nve_vxlan_learning_set() return type Greg Kroah-Hartman
` (86 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dinghao Liu, Stefan Schmidt,
Sasha Levin
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dinghao Liu <dinghao.liu@zju.edu.cn>
[ Upstream commit f990874b1c98fe8e57ee9385669f501822979258 ]
If of_clk_add_provider() fails in ca8210_register_ext_clock(),
it calls clk_unregister() to release priv->clk and returns an
error. However, the caller ca8210_probe() then calls ca8210_remove(),
where priv->clk is freed again in ca8210_unregister_ext_clock(). In
this case, a use-after-free may happen in the second time we call
clk_unregister().
Fix this by removing the first clk_unregister(). Also, priv->clk could
be an error code on failure of clk_register_fixed_rate(). Use
IS_ERR_OR_NULL to catch this case in ca8210_unregister_ext_clock().
Fixes: ded845a781a5 ("ieee802154: Add CA8210 IEEE 802.15.4 device driver")
Signed-off-by: Dinghao Liu <dinghao.liu@zju.edu.cn>
Message-ID: <20231007033049.22353-1-dinghao.liu@zju.edu.cn>
Signed-off-by: Stefan Schmidt <stefan@datenfreihafen.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ieee802154/ca8210.c | 17 +++--------------
1 file changed, 3 insertions(+), 14 deletions(-)
diff --git a/drivers/net/ieee802154/ca8210.c b/drivers/net/ieee802154/ca8210.c
index 5834d3ed6dcf5..dc786c3bbccf8 100644
--- a/drivers/net/ieee802154/ca8210.c
+++ b/drivers/net/ieee802154/ca8210.c
@@ -2783,7 +2783,6 @@ static int ca8210_register_ext_clock(struct spi_device *spi)
struct device_node *np = spi->dev.of_node;
struct ca8210_priv *priv = spi_get_drvdata(spi);
struct ca8210_platform_data *pdata = spi->dev.platform_data;
- int ret = 0;
if (!np)
return -EFAULT;
@@ -2800,18 +2799,8 @@ static int ca8210_register_ext_clock(struct spi_device *spi)
dev_crit(&spi->dev, "Failed to register external clk\n");
return PTR_ERR(priv->clk);
}
- ret = of_clk_add_provider(np, of_clk_src_simple_get, priv->clk);
- if (ret) {
- clk_unregister(priv->clk);
- dev_crit(
- &spi->dev,
- "Failed to register external clock as clock provider\n"
- );
- } else {
- dev_info(&spi->dev, "External clock set as clock provider\n");
- }
- return ret;
+ return of_clk_add_provider(np, of_clk_src_simple_get, priv->clk);
}
/**
@@ -2823,8 +2812,8 @@ static void ca8210_unregister_ext_clock(struct spi_device *spi)
{
struct ca8210_priv *priv = spi_get_drvdata(spi);
- if (!priv->clk)
- return
+ if (IS_ERR_OR_NULL(priv->clk))
+ return;
of_clk_del_provider(spi->dev.of_node);
clk_unregister(priv->clk);
--
2.40.1
^ permalink raw reply related [flat|nested] 123+ messages in thread* [PATCH 5.15 025/102] mlxsw: fix mlxsw_sp2_nve_vxlan_learning_set() return type
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (23 preceding siblings ...)
2023-10-16 8:40 ` [PATCH 5.15 024/102] ieee802154: ca8210: Fix a potential UAF in ca8210_probe Greg Kroah-Hartman
@ 2023-10-16 8:40 ` Greg Kroah-Hartman
2023-10-16 8:40 ` [PATCH 5.15 026/102] eth: remove copies of the NAPI_POLL_WEIGHT define Greg Kroah-Hartman
` (85 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dan Carpenter, Petr Machata,
David S. Miller, Sasha Levin
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dan Carpenter <dan.carpenter@linaro.org>
[ Upstream commit 1e0b72a2a6432c0ef67ee5ce8d9172a7c20bba25 ]
The mlxsw_sp2_nve_vxlan_learning_set() function is supposed to return
zero on success or negative error codes. So it needs to be type int
instead of bool.
Fixes: 4ee70efab68d ("mlxsw: spectrum_nve: Add support for VXLAN on Spectrum-2")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Reviewed-by: Petr Machata <petrm@nvidia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/mellanox/mlxsw/spectrum_nve_vxlan.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlxsw/spectrum_nve_vxlan.c b/drivers/net/ethernet/mellanox/mlxsw/spectrum_nve_vxlan.c
index d018d2da59499..5e020d0addc67 100644
--- a/drivers/net/ethernet/mellanox/mlxsw/spectrum_nve_vxlan.c
+++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum_nve_vxlan.c
@@ -245,8 +245,8 @@ const struct mlxsw_sp_nve_ops mlxsw_sp1_nve_vxlan_ops = {
.fdb_clear_offload = mlxsw_sp_nve_vxlan_clear_offload,
};
-static bool mlxsw_sp2_nve_vxlan_learning_set(struct mlxsw_sp *mlxsw_sp,
- bool learning_en)
+static int mlxsw_sp2_nve_vxlan_learning_set(struct mlxsw_sp *mlxsw_sp,
+ bool learning_en)
{
char tnpc_pl[MLXSW_REG_TNPC_LEN];
--
2.40.1
^ permalink raw reply related [flat|nested] 123+ messages in thread* [PATCH 5.15 026/102] eth: remove copies of the NAPI_POLL_WEIGHT define
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (24 preceding siblings ...)
2023-10-16 8:40 ` [PATCH 5.15 025/102] mlxsw: fix mlxsw_sp2_nve_vxlan_learning_set() return type Greg Kroah-Hartman
@ 2023-10-16 8:40 ` Greg Kroah-Hartman
2023-10-16 8:40 ` [PATCH 5.15 027/102] xen-netback: use default TX queue size for vifs Greg Kroah-Hartman
` (84 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jakub Kicinski, Paul Durrant,
David S. Miller, Sasha Levin
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jakub Kicinski <kuba@kernel.org>
[ Upstream commit 5f012b40ef639343a976553bf3cc26dd0474756e ]
Defining local versions of NAPI_POLL_WEIGHT with the same
values in the drivers just makes refactoring harder.
Drop the special defines in a bunch of drivers where the
removal is relatively simple so grouping into one patch
does not impact reviewability.
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Reviewed-by: Paul Durrant <paul@xen.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Stable-dep-of: 66cf7435a269 ("xen-netback: use default TX queue size for vifs")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/cortina/gemini.c | 4 +---
drivers/net/ethernet/marvell/skge.c | 3 +--
drivers/net/ethernet/marvell/sky2.c | 3 +--
drivers/net/ethernet/mediatek/mtk_star_emac.c | 3 +--
drivers/net/ethernet/ti/davinci_emac.c | 3 +--
drivers/net/ethernet/ti/netcp_core.c | 5 ++---
drivers/net/xen-netback/interface.c | 3 +--
7 files changed, 8 insertions(+), 16 deletions(-)
diff --git a/drivers/net/ethernet/cortina/gemini.c b/drivers/net/ethernet/cortina/gemini.c
index 8361faf03e429..d0ba5ca862cf5 100644
--- a/drivers/net/ethernet/cortina/gemini.c
+++ b/drivers/net/ethernet/cortina/gemini.c
@@ -68,7 +68,6 @@ MODULE_PARM_DESC(debug, "Debug level (0=none,...,16=all)");
#define DEFAULT_GMAC_RXQ_ORDER 9
#define DEFAULT_GMAC_TXQ_ORDER 8
#define DEFAULT_RX_BUF_ORDER 11
-#define DEFAULT_NAPI_WEIGHT 64
#define TX_MAX_FRAGS 16
#define TX_QUEUE_NUM 1 /* max: 6 */
#define RX_MAX_ALLOC_ORDER 2
@@ -2466,8 +2465,7 @@ static int gemini_ethernet_port_probe(struct platform_device *pdev)
netdev->max_mtu = 10236 - VLAN_ETH_HLEN;
port->freeq_refill = 0;
- netif_napi_add(netdev, &port->napi, gmac_napi_poll,
- DEFAULT_NAPI_WEIGHT);
+ netif_napi_add(netdev, &port->napi, gmac_napi_poll, NAPI_POLL_WEIGHT);
if (is_valid_ether_addr((void *)port->mac_addr)) {
memcpy(netdev->dev_addr, port->mac_addr, ETH_ALEN);
diff --git a/drivers/net/ethernet/marvell/skge.c b/drivers/net/ethernet/marvell/skge.c
index 051dd3fb5b038..791a209158cd1 100644
--- a/drivers/net/ethernet/marvell/skge.c
+++ b/drivers/net/ethernet/marvell/skge.c
@@ -50,7 +50,6 @@
#define PHY_RETRIES 1000
#define ETH_JUMBO_MTU 9000
#define TX_WATCHDOG (5 * HZ)
-#define NAPI_WEIGHT 64
#define BLINK_MS 250
#define LINK_HZ HZ
@@ -3828,7 +3827,7 @@ static struct net_device *skge_devinit(struct skge_hw *hw, int port,
dev->features |= NETIF_F_HIGHDMA;
skge = netdev_priv(dev);
- netif_napi_add(dev, &skge->napi, skge_poll, NAPI_WEIGHT);
+ netif_napi_add(dev, &skge->napi, skge_poll, NAPI_POLL_WEIGHT);
skge->netdev = dev;
skge->hw = hw;
skge->msg_enable = netif_msg_init(debug, default_msg);
diff --git a/drivers/net/ethernet/marvell/sky2.c b/drivers/net/ethernet/marvell/sky2.c
index ac0dbf1b97437..a1a182bb47c77 100644
--- a/drivers/net/ethernet/marvell/sky2.c
+++ b/drivers/net/ethernet/marvell/sky2.c
@@ -63,7 +63,6 @@
#define TX_DEF_PENDING 63
#define TX_WATCHDOG (5 * HZ)
-#define NAPI_WEIGHT 64
#define PHY_RETRIES 1000
#define SKY2_EEPROM_MAGIC 0x9955aabb
@@ -5073,7 +5072,7 @@ static int sky2_probe(struct pci_dev *pdev, const struct pci_device_id *ent)
}
}
- netif_napi_add(dev, &hw->napi, sky2_poll, NAPI_WEIGHT);
+ netif_napi_add(dev, &hw->napi, sky2_poll, NAPI_POLL_WEIGHT);
err = register_netdev(dev);
if (err) {
diff --git a/drivers/net/ethernet/mediatek/mtk_star_emac.c b/drivers/net/ethernet/mediatek/mtk_star_emac.c
index 1d5dd2015453f..8f3493e146e50 100644
--- a/drivers/net/ethernet/mediatek/mtk_star_emac.c
+++ b/drivers/net/ethernet/mediatek/mtk_star_emac.c
@@ -30,7 +30,6 @@
#define MTK_STAR_WAIT_TIMEOUT 300
#define MTK_STAR_MAX_FRAME_SIZE 1514
#define MTK_STAR_SKB_ALIGNMENT 16
-#define MTK_STAR_NAPI_WEIGHT 64
#define MTK_STAR_HASHTABLE_MC_LIMIT 256
#define MTK_STAR_HASHTABLE_SIZE_MAX 512
@@ -1551,7 +1550,7 @@ static int mtk_star_probe(struct platform_device *pdev)
ndev->netdev_ops = &mtk_star_netdev_ops;
ndev->ethtool_ops = &mtk_star_ethtool_ops;
- netif_napi_add(ndev, &priv->napi, mtk_star_poll, MTK_STAR_NAPI_WEIGHT);
+ netif_napi_add(ndev, &priv->napi, mtk_star_poll, NAPI_POLL_WEIGHT);
return devm_register_netdev(dev, ndev);
}
diff --git a/drivers/net/ethernet/ti/davinci_emac.c b/drivers/net/ethernet/ti/davinci_emac.c
index fbd6bd80f51f4..305779f9685a7 100644
--- a/drivers/net/ethernet/ti/davinci_emac.c
+++ b/drivers/net/ethernet/ti/davinci_emac.c
@@ -113,7 +113,6 @@ static const char emac_version_string[] = "TI DaVinci EMAC Linux v6.1";
#define EMAC_DEF_RX_NUM_DESC (128)
#define EMAC_DEF_MAX_TX_CH (1) /* Max TX channels configured */
#define EMAC_DEF_MAX_RX_CH (1) /* Max RX channels configured */
-#define EMAC_POLL_WEIGHT (64) /* Default NAPI poll weight */
/* Buffer descriptor parameters */
#define EMAC_DEF_TX_MAX_SERVICE (32) /* TX max service BD's */
@@ -1923,7 +1922,7 @@ static int davinci_emac_probe(struct platform_device *pdev)
ndev->netdev_ops = &emac_netdev_ops;
ndev->ethtool_ops = ðtool_ops;
- netif_napi_add(ndev, &priv->napi, emac_poll, EMAC_POLL_WEIGHT);
+ netif_napi_add(ndev, &priv->napi, emac_poll, NAPI_POLL_WEIGHT);
pm_runtime_enable(&pdev->dev);
rc = pm_runtime_get_sync(&pdev->dev);
diff --git a/drivers/net/ethernet/ti/netcp_core.c b/drivers/net/ethernet/ti/netcp_core.c
index a6450055908db..2f00be789a8a9 100644
--- a/drivers/net/ethernet/ti/netcp_core.c
+++ b/drivers/net/ethernet/ti/netcp_core.c
@@ -24,7 +24,6 @@
#include "netcp.h"
#define NETCP_SOP_OFFSET (NET_IP_ALIGN + NET_SKB_PAD)
-#define NETCP_NAPI_WEIGHT 64
#define NETCP_TX_TIMEOUT (5 * HZ)
#define NETCP_PACKET_SIZE (ETH_FRAME_LEN + ETH_FCS_LEN)
#define NETCP_MIN_PACKET_SIZE ETH_ZLEN
@@ -2096,8 +2095,8 @@ static int netcp_create_interface(struct netcp_device *netcp_device,
}
/* NAPI register */
- netif_napi_add(ndev, &netcp->rx_napi, netcp_rx_poll, NETCP_NAPI_WEIGHT);
- netif_tx_napi_add(ndev, &netcp->tx_napi, netcp_tx_poll, NETCP_NAPI_WEIGHT);
+ netif_napi_add(ndev, &netcp->rx_napi, netcp_rx_poll, NAPI_POLL_WEIGHT);
+ netif_tx_napi_add(ndev, &netcp->tx_napi, netcp_tx_poll, NAPI_POLL_WEIGHT);
/* Register the network device */
ndev->dev_id = 0;
diff --git a/drivers/net/xen-netback/interface.c b/drivers/net/xen-netback/interface.c
index e1a5610b1747e..e321669bc37af 100644
--- a/drivers/net/xen-netback/interface.c
+++ b/drivers/net/xen-netback/interface.c
@@ -42,7 +42,6 @@
#include <xen/balloon.h>
#define XENVIF_QUEUE_LENGTH 32
-#define XENVIF_NAPI_WEIGHT 64
/* Number of bytes allowed on the internal guest Rx queue. */
#define XENVIF_RX_QUEUE_BYTES (XEN_NETIF_RX_RING_SIZE/2 * PAGE_SIZE)
@@ -725,7 +724,7 @@ int xenvif_connect_data(struct xenvif_queue *queue,
atomic_set(&queue->inflight_packets, 0);
netif_napi_add(queue->vif->dev, &queue->napi, xenvif_poll,
- XENVIF_NAPI_WEIGHT);
+ NAPI_POLL_WEIGHT);
queue->stalled = true;
--
2.40.1
^ permalink raw reply related [flat|nested] 123+ messages in thread* [PATCH 5.15 027/102] xen-netback: use default TX queue size for vifs
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (25 preceding siblings ...)
2023-10-16 8:40 ` [PATCH 5.15 026/102] eth: remove copies of the NAPI_POLL_WEIGHT define Greg Kroah-Hartman
@ 2023-10-16 8:40 ` Greg Kroah-Hartman
2023-10-16 8:40 ` [PATCH 5.15 028/102] riscv, bpf: Factor out emit_call for kernel and bpf context Greg Kroah-Hartman
` (83 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Roger Pau Monné, Ross Lagerwall,
Wei Liu, David S. Miller, Sasha Levin
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Roger Pau Monne <roger.pau@citrix.com>
[ Upstream commit 66cf7435a26917c0c4d6245ad9137e7606e84fdf ]
Do not set netback interfaces (vifs) default TX queue size to the ring size.
The TX queue size is not related to the ring size, and using the ring size (32)
as the queue size can lead to packet drops. Note the TX side of the vif
interface in the netback domain is the one receiving packets to be injected
to the guest.
Do not explicitly set the TX queue length to any value when creating the
interface, and instead use the system default. Note that the queue length can
also be adjusted at runtime.
Fixes: f942dc2552b8 ('xen network backend driver')
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
Reviewed-by: Ross Lagerwall <ross.lagerwall@citrix.com>
Acked-by: Wei Liu <wei.liu@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/xen-netback/interface.c | 4 ----
1 file changed, 4 deletions(-)
diff --git a/drivers/net/xen-netback/interface.c b/drivers/net/xen-netback/interface.c
index e321669bc37af..f20ddaaa24518 100644
--- a/drivers/net/xen-netback/interface.c
+++ b/drivers/net/xen-netback/interface.c
@@ -41,8 +41,6 @@
#include <asm/xen/hypercall.h>
#include <xen/balloon.h>
-#define XENVIF_QUEUE_LENGTH 32
-
/* Number of bytes allowed on the internal guest Rx queue. */
#define XENVIF_RX_QUEUE_BYTES (XEN_NETIF_RX_RING_SIZE/2 * PAGE_SIZE)
@@ -527,8 +525,6 @@ struct xenvif *xenvif_alloc(struct device *parent, domid_t domid,
dev->features = dev->hw_features | NETIF_F_RXCSUM;
dev->ethtool_ops = &xenvif_ethtool_ops;
- dev->tx_queue_len = XENVIF_QUEUE_LENGTH;
-
dev->min_mtu = ETH_MIN_MTU;
dev->max_mtu = ETH_MAX_MTU - VLAN_ETH_HLEN;
--
2.40.1
^ permalink raw reply related [flat|nested] 123+ messages in thread* [PATCH 5.15 028/102] riscv, bpf: Factor out emit_call for kernel and bpf context
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (26 preceding siblings ...)
2023-10-16 8:40 ` [PATCH 5.15 027/102] xen-netback: use default TX queue size for vifs Greg Kroah-Hartman
@ 2023-10-16 8:40 ` Greg Kroah-Hartman
2023-10-16 8:40 ` [PATCH 5.15 029/102] riscv, bpf: Sign-extend return values Greg Kroah-Hartman
` (82 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Pu Lehui, Daniel Borkmann,
Björn Töpel, Sasha Levin
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Pu Lehui <pulehui@huawei.com>
[ Upstream commit 0fd1fd0104954380477353aea29c347e85dff16d ]
The current emit_call function is not suitable for kernel function call as
it store return value to bpf R0 register. We can separate it out for common
use. Meanwhile, simplify judgment logic, that is, fixed function address
can use jal or auipc+jalr, while the unfixed can use only auipc+jalr.
Signed-off-by: Pu Lehui <pulehui@huawei.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Tested-by: Björn Töpel <bjorn@rivosinc.com>
Acked-by: Björn Töpel <bjorn@rivosinc.com>
Link: https://lore.kernel.org/bpf/20230215135205.1411105-3-pulehui@huaweicloud.com
Stable-dep-of: 2f1b0d3d7331 ("riscv, bpf: Sign-extend return values")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/riscv/net/bpf_jit_comp64.c | 30 +++++++++++++-----------------
1 file changed, 13 insertions(+), 17 deletions(-)
diff --git a/arch/riscv/net/bpf_jit_comp64.c b/arch/riscv/net/bpf_jit_comp64.c
index 2e3f1a626a3af..5fc1386bf311d 100644
--- a/arch/riscv/net/bpf_jit_comp64.c
+++ b/arch/riscv/net/bpf_jit_comp64.c
@@ -413,12 +413,12 @@ static void emit_sext_32_rd(u8 *rd, struct rv_jit_context *ctx)
*rd = RV_REG_T2;
}
-static int emit_jump_and_link(u8 rd, s64 rvoff, bool force_jalr,
+static int emit_jump_and_link(u8 rd, s64 rvoff, bool fixed_addr,
struct rv_jit_context *ctx)
{
s64 upper, lower;
- if (rvoff && is_21b_int(rvoff) && !force_jalr) {
+ if (rvoff && fixed_addr && is_21b_int(rvoff)) {
emit(rv_jal(rd, rvoff >> 1), ctx);
return 0;
} else if (in_auipc_jalr_range(rvoff)) {
@@ -439,24 +439,17 @@ static bool is_signed_bpf_cond(u8 cond)
cond == BPF_JSGE || cond == BPF_JSLE;
}
-static int emit_call(bool fixed, u64 addr, struct rv_jit_context *ctx)
+static int emit_call(u64 addr, bool fixed_addr, struct rv_jit_context *ctx)
{
s64 off = 0;
u64 ip;
- u8 rd;
- int ret;
if (addr && ctx->insns) {
ip = (u64)(long)(ctx->insns + ctx->ninsns);
off = addr - ip;
}
- ret = emit_jump_and_link(RV_REG_RA, off, !fixed, ctx);
- if (ret)
- return ret;
- rd = bpf_to_rv_reg(BPF_REG_0, ctx);
- emit_mv(rd, RV_REG_A0, ctx);
- return 0;
+ return emit_jump_and_link(RV_REG_RA, off, fixed_addr, ctx);
}
int bpf_jit_emit_insn(const struct bpf_insn *insn, struct rv_jit_context *ctx,
@@ -750,7 +743,7 @@ int bpf_jit_emit_insn(const struct bpf_insn *insn, struct rv_jit_context *ctx,
/* JUMP off */
case BPF_JMP | BPF_JA:
rvoff = rv_offset(i, off, ctx);
- ret = emit_jump_and_link(RV_REG_ZERO, rvoff, false, ctx);
+ ret = emit_jump_and_link(RV_REG_ZERO, rvoff, true, ctx);
if (ret)
return ret;
break;
@@ -869,17 +862,20 @@ int bpf_jit_emit_insn(const struct bpf_insn *insn, struct rv_jit_context *ctx,
/* function call */
case BPF_JMP | BPF_CALL:
{
- bool fixed;
+ bool fixed_addr;
u64 addr;
mark_call(ctx);
- ret = bpf_jit_get_func_addr(ctx->prog, insn, extra_pass, &addr,
- &fixed);
+ ret = bpf_jit_get_func_addr(ctx->prog, insn, extra_pass,
+ &addr, &fixed_addr);
if (ret < 0)
return ret;
- ret = emit_call(fixed, addr, ctx);
+
+ ret = emit_call(addr, fixed_addr, ctx);
if (ret)
return ret;
+
+ emit_mv(bpf_to_rv_reg(BPF_REG_0, ctx), RV_REG_A0, ctx);
break;
}
/* tail call */
@@ -894,7 +890,7 @@ int bpf_jit_emit_insn(const struct bpf_insn *insn, struct rv_jit_context *ctx,
break;
rvoff = epilogue_offset(ctx);
- ret = emit_jump_and_link(RV_REG_ZERO, rvoff, false, ctx);
+ ret = emit_jump_and_link(RV_REG_ZERO, rvoff, true, ctx);
if (ret)
return ret;
break;
--
2.40.1
^ permalink raw reply related [flat|nested] 123+ messages in thread* [PATCH 5.15 029/102] riscv, bpf: Sign-extend return values
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (27 preceding siblings ...)
2023-10-16 8:40 ` [PATCH 5.15 028/102] riscv, bpf: Factor out emit_call for kernel and bpf context Greg Kroah-Hartman
@ 2023-10-16 8:40 ` Greg Kroah-Hartman
2023-10-16 8:40 ` [PATCH 5.15 030/102] drm/vmwgfx: fix typo of sizeof argument Greg Kroah-Hartman
` (81 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Björn Töpel,
Daniel Borkmann, Sasha Levin
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Björn Töpel <bjorn@rivosinc.com>
[ Upstream commit 2f1b0d3d733169eb11680bfa97c266ae5e757148 ]
The RISC-V architecture does not expose sub-registers, and hold all
32-bit values in a sign-extended format [1] [2]:
| The compiler and calling convention maintain an invariant that all
| 32-bit values are held in a sign-extended format in 64-bit
| registers. Even 32-bit unsigned integers extend bit 31 into bits
| 63 through 32. Consequently, conversion between unsigned and
| signed 32-bit integers is a no-op, as is conversion from a signed
| 32-bit integer to a signed 64-bit integer.
While BPF, on the other hand, exposes sub-registers, and use
zero-extension (similar to arm64/x86).
This has led to some subtle bugs, where a BPF JITted program has not
sign-extended the a0 register (return value in RISC-V land), passed
the return value up the kernel, e.g.:
| int from_bpf(void);
|
| long foo(void)
| {
| return from_bpf();
| }
Here, a0 would be 0xffff_ffff, instead of the expected
0xffff_ffff_ffff_ffff.
Internally, the RISC-V JIT uses a5 as a dedicated register for BPF
return values.
Keep a5 zero-extended, but explicitly sign-extend a0 (which is used
outside BPF land). Now that a0 (RISC-V ABI) and a5 (BPF ABI) differs,
a0 is only moved to a5 for non-BPF native calls (BPF_PSEUDO_CALL).
Fixes: 2353ecc6f91f ("bpf, riscv: add BPF JIT for RV64G")
Signed-off-by: Björn Töpel <bjorn@rivosinc.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://github.com/riscv/riscv-isa-manual/releases/download/riscv-isa-release-056b6ff-2023-10-02/unpriv-isa-asciidoc.pdf # [2]
Link: https://github.com/riscv-non-isa/riscv-elf-psabi-doc/releases/download/draft-20230929-e5c800e661a53efe3c2678d71a306323b60eb13b/riscv-abi.pdf # [2]
Link: https://lore.kernel.org/bpf/20231004120706.52848-2-bjorn@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/riscv/net/bpf_jit_comp64.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/arch/riscv/net/bpf_jit_comp64.c b/arch/riscv/net/bpf_jit_comp64.c
index 5fc1386bf311d..3f471884816af 100644
--- a/arch/riscv/net/bpf_jit_comp64.c
+++ b/arch/riscv/net/bpf_jit_comp64.c
@@ -220,7 +220,7 @@ static void __build_epilogue(bool is_tail_call, struct rv_jit_context *ctx)
emit_addi(RV_REG_SP, RV_REG_SP, stack_adjust, ctx);
/* Set return value. */
if (!is_tail_call)
- emit_mv(RV_REG_A0, RV_REG_A5, ctx);
+ emit_addiw(RV_REG_A0, RV_REG_A5, 0, ctx);
emit_jalr(RV_REG_ZERO, is_tail_call ? RV_REG_T3 : RV_REG_RA,
is_tail_call ? 4 : 0, /* skip TCC init */
ctx);
@@ -875,7 +875,8 @@ int bpf_jit_emit_insn(const struct bpf_insn *insn, struct rv_jit_context *ctx,
if (ret)
return ret;
- emit_mv(bpf_to_rv_reg(BPF_REG_0, ctx), RV_REG_A0, ctx);
+ if (insn->src_reg != BPF_PSEUDO_CALL)
+ emit_mv(bpf_to_rv_reg(BPF_REG_0, ctx), RV_REG_A0, ctx);
break;
}
/* tail call */
--
2.40.1
^ permalink raw reply related [flat|nested] 123+ messages in thread* [PATCH 5.15 030/102] drm/vmwgfx: fix typo of sizeof argument
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (28 preceding siblings ...)
2023-10-16 8:40 ` [PATCH 5.15 029/102] riscv, bpf: Sign-extend return values Greg Kroah-Hartman
@ 2023-10-16 8:40 ` Greg Kroah-Hartman
2023-10-16 8:40 ` [PATCH 5.15 031/102] bpf: Fix verifier log for async callback return values Greg Kroah-Hartman
` (80 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Konstantin Meskhidze, Zack Rusin,
Sasha Levin, Ivanov Mikhail
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Konstantin Meskhidze <konstantin.meskhidze@huawei.com>
[ Upstream commit 39465cac283702a7d4a507a558db81898029c6d3 ]
Since size of 'header' pointer and '*header' structure is equal on 64-bit
machines issue probably didn't cause any wrong behavior. But anyway,
fixing typo is required.
Fixes: 7a73ba7469cb ("drm/vmwgfx: Use TTM handles instead of SIDs as user-space surface handles.")
Co-developed-by: Ivanov Mikhail <ivanov.mikhail1@huawei-partners.com>
Signed-off-by: Konstantin Meskhidze <konstantin.meskhidze@huawei.com>
Reviewed-by: Zack Rusin <zackr@vmware.com>
Signed-off-by: Zack Rusin <zackr@vmware.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20230905100203.1716731-1-konstantin.meskhidze@huawei.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c b/drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c
index ed75622bf7082..b91f8d17404d6 100644
--- a/drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c
+++ b/drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c
@@ -1632,7 +1632,7 @@ static int vmw_cmd_tex_state(struct vmw_private *dev_priv,
{
VMW_DECLARE_CMD_VAR(*cmd, SVGA3dCmdSetTextureState);
SVGA3dTextureState *last_state = (SVGA3dTextureState *)
- ((unsigned long) header + header->size + sizeof(header));
+ ((unsigned long) header + header->size + sizeof(*header));
SVGA3dTextureState *cur_state = (SVGA3dTextureState *)
((unsigned long) header + sizeof(*cmd));
struct vmw_resource *ctx;
--
2.40.1
^ permalink raw reply related [flat|nested] 123+ messages in thread* [PATCH 5.15 031/102] bpf: Fix verifier log for async callback return values
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (29 preceding siblings ...)
2023-10-16 8:40 ` [PATCH 5.15 030/102] drm/vmwgfx: fix typo of sizeof argument Greg Kroah-Hartman
@ 2023-10-16 8:40 ` Greg Kroah-Hartman
2023-10-16 8:40 ` [PATCH 5.15 032/102] net: macsec: indicate next pn update when offloading Greg Kroah-Hartman
` (79 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, David Vernet, Daniel Borkmann,
Sasha Levin
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: David Vernet <void@manifault.com>
[ Upstream commit 829955981c557c7fc7416581c4cd68a8a0c28620 ]
The verifier, as part of check_return_code(), verifies that async
callbacks such as from e.g. timers, will return 0. It does this by
correctly checking that R0->var_off is in tnum_const(0), which
effectively checks that it's in a range of 0. If this condition fails,
however, it prints an error message which says that the value should
have been in (0x0; 0x1). This results in possibly confusing output such
as the following in which an async callback returns 1:
At async callback the register R0 has value (0x1; 0x0) should have been in (0x0; 0x1)
The fix is easy -- we should just pass the tnum_const(0) as the correct
range to verbose_invalid_scalar(), which will then print the following:
At async callback the register R0 has value (0x1; 0x0) should have been in (0x0; 0x0)
Fixes: bfc6bb74e4f1 ("bpf: Implement verifier support for validation of async callbacks.")
Signed-off-by: David Vernet <void@manifault.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/bpf/20231009161414.235829-1-void@manifault.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/bpf/verifier.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index ecf4332ff312f..a4be7c1c11aaf 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -9570,7 +9570,7 @@ static int check_return_code(struct bpf_verifier_env *env)
struct tnum enforce_attach_type_range = tnum_unknown;
const struct bpf_prog *prog = env->prog;
struct bpf_reg_state *reg;
- struct tnum range = tnum_range(0, 1);
+ struct tnum range = tnum_range(0, 1), const_0 = tnum_const(0);
enum bpf_prog_type prog_type = resolve_prog_type(env->prog);
int err;
struct bpf_func_state *frame = env->cur_state->frame[0];
@@ -9608,8 +9608,8 @@ static int check_return_code(struct bpf_verifier_env *env)
return -EINVAL;
}
- if (!tnum_in(tnum_const(0), reg->var_off)) {
- verbose_invalid_scalar(env, reg, &range, "async callback", "R0");
+ if (!tnum_in(const_0, reg->var_off)) {
+ verbose_invalid_scalar(env, reg, &const_0, "async callback", "R0");
return -EINVAL;
}
return 0;
--
2.40.1
^ permalink raw reply related [flat|nested] 123+ messages in thread* [PATCH 5.15 032/102] net: macsec: indicate next pn update when offloading
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (30 preceding siblings ...)
2023-10-16 8:40 ` [PATCH 5.15 031/102] bpf: Fix verifier log for async callback return values Greg Kroah-Hartman
@ 2023-10-16 8:40 ` Greg Kroah-Hartman
2023-10-16 8:40 ` [PATCH 5.15 033/102] net: phy: mscc: macsec: reject PN update requests Greg Kroah-Hartman
` (78 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Radu Pirea (NXP OSS),
Sabrina Dubroca, Paolo Abeni, Sasha Levin
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Radu Pirea (NXP OSS) <radu-nicolae.pirea@oss.nxp.com>
[ Upstream commit 0412cc846a1ef38697c3f321f9b174da91ecd3b5 ]
Indicate next PN update using update_pn flag in macsec_context.
Offloaded MACsec implementations does not know whether or not the
MACSEC_SA_ATTR_PN attribute was passed for an SA update and assume
that next PN should always updated, but this is not always true.
The PN can be reset to its initial value using the following command:
$ ip macsec set macsec0 tx sa 0 off #octeontx2-pf case
Or, the update PN command will succeed even if the driver does not support
PN updates.
$ ip macsec set macsec0 tx sa 0 pn 1 on #mscc phy driver case
Comparing the initial PN with the new PN value is not a solution. When
the user updates the PN using its initial value the command will
succeed, even if the driver does not support it. Like this:
$ ip macsec add macsec0 tx sa 0 pn 1 on key 00 \
ead3664f508eb06c40ac7104cdae4ce5
$ ip macsec set macsec0 tx sa 0 pn 1 on #mlx5 case
Signed-off-by: Radu Pirea (NXP OSS) <radu-nicolae.pirea@oss.nxp.com>
Reviewed-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Stable-dep-of: e0a8c918daa5 ("net: phy: mscc: macsec: reject PN update requests")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/macsec.c | 2 ++
include/net/macsec.h | 1 +
2 files changed, 3 insertions(+)
diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c
index 21f41f25a8abe..07c822c301185 100644
--- a/drivers/net/macsec.c
+++ b/drivers/net/macsec.c
@@ -2410,6 +2410,7 @@ static int macsec_upd_txsa(struct sk_buff *skb, struct genl_info *info)
ctx.sa.assoc_num = assoc_num;
ctx.sa.tx_sa = tx_sa;
+ ctx.sa.update_pn = !!prev_pn.full64;
ctx.secy = secy;
ret = macsec_offload(ops->mdo_upd_txsa, &ctx);
@@ -2503,6 +2504,7 @@ static int macsec_upd_rxsa(struct sk_buff *skb, struct genl_info *info)
ctx.sa.assoc_num = assoc_num;
ctx.sa.rx_sa = rx_sa;
+ ctx.sa.update_pn = !!prev_pn.full64;
ctx.secy = secy;
ret = macsec_offload(ops->mdo_upd_rxsa, &ctx);
diff --git a/include/net/macsec.h b/include/net/macsec.h
index d6fa6b97f6efa..0dc4303329391 100644
--- a/include/net/macsec.h
+++ b/include/net/macsec.h
@@ -240,6 +240,7 @@ struct macsec_context {
struct macsec_secy *secy;
struct macsec_rx_sc *rx_sc;
struct {
+ bool update_pn;
unsigned char assoc_num;
u8 key[MACSEC_MAX_KEY_LEN];
union {
--
2.40.1
^ permalink raw reply related [flat|nested] 123+ messages in thread* [PATCH 5.15 033/102] net: phy: mscc: macsec: reject PN update requests
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (31 preceding siblings ...)
2023-10-16 8:40 ` [PATCH 5.15 032/102] net: macsec: indicate next pn update when offloading Greg Kroah-Hartman
@ 2023-10-16 8:40 ` Greg Kroah-Hartman
2023-10-16 8:40 ` [PATCH 5.15 034/102] ixgbe: fix crash with empty VF macvlan list Greg Kroah-Hartman
` (77 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Radu Pirea (NXP OSS),
Sabrina Dubroca, Paolo Abeni, Sasha Levin
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Radu Pirea (NXP OSS) <radu-nicolae.pirea@oss.nxp.com>
[ Upstream commit e0a8c918daa58700609ebd45e3fcd49965be8bbc ]
Updating the PN is not supported.
Return -EINVAL if update_pn is true.
The following command succeeded, but it should fail because the driver
does not update the PN:
ip macsec set macsec0 tx sa 0 pn 232 on
Fixes: 28c5107aa904 ("net: phy: mscc: macsec support")
Signed-off-by: Radu Pirea (NXP OSS) <radu-nicolae.pirea@oss.nxp.com>
Reviewed-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/phy/mscc/mscc_macsec.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/net/phy/mscc/mscc_macsec.c b/drivers/net/phy/mscc/mscc_macsec.c
index c00eef457b850..bec270785c594 100644
--- a/drivers/net/phy/mscc/mscc_macsec.c
+++ b/drivers/net/phy/mscc/mscc_macsec.c
@@ -880,6 +880,9 @@ static int vsc8584_macsec_upd_rxsa(struct macsec_context *ctx)
{
struct macsec_flow *flow;
+ if (ctx->sa.update_pn)
+ return -EINVAL;
+
flow = vsc8584_macsec_find_flow(ctx, MACSEC_INGR);
if (IS_ERR(flow))
return PTR_ERR(flow);
@@ -929,6 +932,9 @@ static int vsc8584_macsec_upd_txsa(struct macsec_context *ctx)
{
struct macsec_flow *flow;
+ if (ctx->sa.update_pn)
+ return -EINVAL;
+
flow = vsc8584_macsec_find_flow(ctx, MACSEC_EGR);
if (IS_ERR(flow))
return PTR_ERR(flow);
--
2.40.1
^ permalink raw reply related [flat|nested] 123+ messages in thread* [PATCH 5.15 034/102] ixgbe: fix crash with empty VF macvlan list
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (32 preceding siblings ...)
2023-10-16 8:40 ` [PATCH 5.15 033/102] net: phy: mscc: macsec: reject PN update requests Greg Kroah-Hartman
@ 2023-10-16 8:40 ` Greg Kroah-Hartman
2023-10-16 8:40 ` [PATCH 5.15 035/102] net/mlx5e: Again mutually exclude RX-FCS and RX-port-timestamp Greg Kroah-Hartman
` (76 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dan Carpenter, Simon Horman,
Jesse Brandeburg, Paolo Abeni, Sasha Levin
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dan Carpenter <dan.carpenter@linaro.org>
[ Upstream commit 7b5add9af567c44e12196107f0fe106e194034fd ]
The adapter->vf_mvs.l list needs to be initialized even if the list is
empty. Otherwise it will lead to crashes.
Fixes: a1cbb15c1397 ("ixgbe: Add macvlan support for VF")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Reviewed-by: Simon Horman <horms@kernel.org>
Reviewed-by: Jesse Brandeburg <jesse.brandeburg@intel.com>
Link: https://lore.kernel.org/r/ZSADNdIw8zFx1xw2@kadam
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
index 0078ae5926164..5eba086690efa 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
@@ -28,6 +28,9 @@ static inline void ixgbe_alloc_vf_macvlans(struct ixgbe_adapter *adapter,
struct vf_macvlans *mv_list;
int num_vf_macvlans, i;
+ /* Initialize list of VF macvlans */
+ INIT_LIST_HEAD(&adapter->vf_mvs.l);
+
num_vf_macvlans = hw->mac.num_rar_entries -
(IXGBE_MAX_PF_MACVLANS + 1 + num_vfs);
if (!num_vf_macvlans)
@@ -36,8 +39,6 @@ static inline void ixgbe_alloc_vf_macvlans(struct ixgbe_adapter *adapter,
mv_list = kcalloc(num_vf_macvlans, sizeof(struct vf_macvlans),
GFP_KERNEL);
if (mv_list) {
- /* Initialize list of VF macvlans */
- INIT_LIST_HEAD(&adapter->vf_mvs.l);
for (i = 0; i < num_vf_macvlans; i++) {
mv_list[i].vf = -1;
mv_list[i].free = true;
--
2.40.1
^ permalink raw reply related [flat|nested] 123+ messages in thread* [PATCH 5.15 035/102] net/mlx5e: Again mutually exclude RX-FCS and RX-port-timestamp
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (33 preceding siblings ...)
2023-10-16 8:40 ` [PATCH 5.15 034/102] ixgbe: fix crash with empty VF macvlan list Greg Kroah-Hartman
@ 2023-10-16 8:40 ` Greg Kroah-Hartman
2023-10-16 8:40 ` [PATCH 5.15 036/102] net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() Greg Kroah-Hartman
` (75 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Charlotte Tan, Adham Faris,
Aya Levin, Tariq Toukan, Moshe Shemesh, Saeed Mahameed,
Will Mortensen, Paolo Abeni, Sasha Levin
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Will Mortensen <will@extrahop.com>
[ Upstream commit da6192ca72d5ad913d109d43dc896290ad05d98f ]
Commit 1e66220948df8 ("net/mlx5e: Update rx ring hw mtu upon each rx-fcs
flag change") seems to have accidentally inverted the logic added in
commit 0bc73ad46a76 ("net/mlx5e: Mutually exclude RX-FCS and
RX-port-timestamp").
The impact of this is a little unclear since it seems the FCS scattered
with RX-FCS is (usually?) correct regardless.
Fixes: 1e66220948df8 ("net/mlx5e: Update rx ring hw mtu upon each rx-fcs flag change")
Tested-by: Charlotte Tan <charlotte@extrahop.com>
Reviewed-by: Charlotte Tan <charlotte@extrahop.com>
Cc: Adham Faris <afaris@nvidia.com>
Cc: Aya Levin <ayal@nvidia.com>
Cc: Tariq Toukan <tariqt@nvidia.com>
Cc: Moshe Shemesh <moshe@nvidia.com>
Cc: Saeed Mahameed <saeedm@nvidia.com>
Signed-off-by: Will Mortensen <will@extrahop.com>
Reviewed-by: Tariq Toukan <tariqt@nvidia.com>
Link: https://lore.kernel.org/r/20231006053706.514618-1-will@extrahop.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_main.c b/drivers/net/ethernet/mellanox/mlx5/core/en_main.c
index fdc4a5a80da41..923be5fb7d216 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_main.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_main.c
@@ -3373,13 +3373,14 @@ static int set_feature_rx_fcs(struct net_device *netdev, bool enable)
struct mlx5e_channels *chs = &priv->channels;
struct mlx5e_params new_params;
int err;
+ bool rx_ts_over_crc = !enable;
mutex_lock(&priv->state_lock);
new_params = chs->params;
new_params.scatter_fcs_en = enable;
err = mlx5e_safe_switch_params(priv, &new_params, mlx5e_set_rx_port_ts_wrap,
- &new_params.scatter_fcs_en, true);
+ &rx_ts_over_crc, true);
mutex_unlock(&priv->state_lock);
return err;
}
--
2.40.1
^ permalink raw reply related [flat|nested] 123+ messages in thread* [PATCH 5.15 036/102] net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn()
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (34 preceding siblings ...)
2023-10-16 8:40 ` [PATCH 5.15 035/102] net/mlx5e: Again mutually exclude RX-FCS and RX-port-timestamp Greg Kroah-Hartman
@ 2023-10-16 8:40 ` Greg Kroah-Hartman
2023-10-16 8:40 ` [PATCH 5.15 037/102] ethtool: Fix mod state of verbose no_mask bitset Greg Kroah-Hartman
` (74 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Sili Luo, Eric Dumazet,
Willy Tarreau, Krzysztof Kozlowski, Jakub Kicinski, Sasha Levin
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 31c07dffafce914c1d1543c135382a11ff058d93 ]
Sili Luo reported a race in nfc_llcp_sock_get(), leading to UAF.
Getting a reference on the socket found in a lookup while
holding a lock should happen before releasing the lock.
nfc_llcp_sock_get_sn() has a similar problem.
Finally nfc_llcp_recv_snl() needs to make sure the socket
found by nfc_llcp_sock_from_sn() does not disappear.
Fixes: 8f50020ed9b8 ("NFC: LLCP late binding")
Reported-by: Sili Luo <rootlab@huawei.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Willy Tarreau <w@1wt.eu>
Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Link: https://lore.kernel.org/r/20231009123110.3735515-1-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/nfc/llcp_core.c | 30 ++++++++++++------------------
1 file changed, 12 insertions(+), 18 deletions(-)
diff --git a/net/nfc/llcp_core.c b/net/nfc/llcp_core.c
index b1107570eaee8..92f70686bee0a 100644
--- a/net/nfc/llcp_core.c
+++ b/net/nfc/llcp_core.c
@@ -205,17 +205,13 @@ static struct nfc_llcp_sock *nfc_llcp_sock_get(struct nfc_llcp_local *local,
if (tmp_sock->ssap == ssap && tmp_sock->dsap == dsap) {
llcp_sock = tmp_sock;
+ sock_hold(&llcp_sock->sk);
break;
}
}
read_unlock(&local->sockets.lock);
- if (llcp_sock == NULL)
- return NULL;
-
- sock_hold(&llcp_sock->sk);
-
return llcp_sock;
}
@@ -348,7 +344,8 @@ static int nfc_llcp_wks_sap(const char *service_name, size_t service_name_len)
static
struct nfc_llcp_sock *nfc_llcp_sock_from_sn(struct nfc_llcp_local *local,
- const u8 *sn, size_t sn_len)
+ const u8 *sn, size_t sn_len,
+ bool needref)
{
struct sock *sk;
struct nfc_llcp_sock *llcp_sock, *tmp_sock;
@@ -384,6 +381,8 @@ struct nfc_llcp_sock *nfc_llcp_sock_from_sn(struct nfc_llcp_local *local,
if (memcmp(sn, tmp_sock->service_name, sn_len) == 0) {
llcp_sock = tmp_sock;
+ if (needref)
+ sock_hold(&llcp_sock->sk);
break;
}
}
@@ -425,7 +424,8 @@ u8 nfc_llcp_get_sdp_ssap(struct nfc_llcp_local *local,
* to this service name.
*/
if (nfc_llcp_sock_from_sn(local, sock->service_name,
- sock->service_name_len) != NULL) {
+ sock->service_name_len,
+ false) != NULL) {
mutex_unlock(&local->sdp_lock);
return LLCP_SAP_MAX;
@@ -833,16 +833,7 @@ static struct nfc_llcp_sock *nfc_llcp_connecting_sock_get(struct nfc_llcp_local
static struct nfc_llcp_sock *nfc_llcp_sock_get_sn(struct nfc_llcp_local *local,
const u8 *sn, size_t sn_len)
{
- struct nfc_llcp_sock *llcp_sock;
-
- llcp_sock = nfc_llcp_sock_from_sn(local, sn, sn_len);
-
- if (llcp_sock == NULL)
- return NULL;
-
- sock_hold(&llcp_sock->sk);
-
- return llcp_sock;
+ return nfc_llcp_sock_from_sn(local, sn, sn_len, true);
}
static const u8 *nfc_llcp_connect_sn(const struct sk_buff *skb, size_t *sn_len)
@@ -1307,7 +1298,8 @@ static void nfc_llcp_recv_snl(struct nfc_llcp_local *local,
}
llcp_sock = nfc_llcp_sock_from_sn(local, service_name,
- service_name_len);
+ service_name_len,
+ true);
if (!llcp_sock) {
sap = 0;
goto add_snl;
@@ -1327,6 +1319,7 @@ static void nfc_llcp_recv_snl(struct nfc_llcp_local *local,
if (sap == LLCP_SAP_MAX) {
sap = 0;
+ nfc_llcp_sock_put(llcp_sock);
goto add_snl;
}
@@ -1344,6 +1337,7 @@ static void nfc_llcp_recv_snl(struct nfc_llcp_local *local,
pr_debug("%p %d\n", llcp_sock, sap);
+ nfc_llcp_sock_put(llcp_sock);
add_snl:
sdp = nfc_llcp_build_sdres_tlv(tid, sap);
if (sdp == NULL)
--
2.40.1
^ permalink raw reply related [flat|nested] 123+ messages in thread* [PATCH 5.15 037/102] ethtool: Fix mod state of verbose no_mask bitset
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (35 preceding siblings ...)
2023-10-16 8:40 ` [PATCH 5.15 036/102] net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() Greg Kroah-Hartman
@ 2023-10-16 8:40 ` Greg Kroah-Hartman
2023-10-16 8:40 ` [PATCH 5.15 038/102] net/smc: Fix pos miscalculation in statistics Greg Kroah-Hartman
` (73 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Kory Maincent, Simon Horman,
Jakub Kicinski, Sasha Levin
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kory Maincent <kory.maincent@bootlin.com>
[ Upstream commit 108a36d07c01edbc5942d27c92494d1c6e4d45a0 ]
A bitset without mask in a _SET request means we want exactly the bits in
the bitset to be set. This works correctly for compact format but when
verbose format is parsed, ethnl_update_bitset32_verbose() only sets the
bits present in the request bitset but does not clear the rest. The commit
6699170376ab fixes this issue by clearing the whole target bitmap before we
start iterating. The solution proposed brought an issue with the behavior
of the mod variable. As the bitset is always cleared the old val will
always differ to the new val.
Fix it by adding a new temporary variable which save the state of the old
bitmap.
Fixes: 6699170376ab ("ethtool: fix application of verbose no_mask bitset")
Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Link: https://lore.kernel.org/r/20231009133645.44503-1-kory.maincent@bootlin.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ethtool/bitset.c | 32 ++++++++++++++++++++++++++------
1 file changed, 26 insertions(+), 6 deletions(-)
diff --git a/net/ethtool/bitset.c b/net/ethtool/bitset.c
index 0515d6604b3b9..883ed9be81f9f 100644
--- a/net/ethtool/bitset.c
+++ b/net/ethtool/bitset.c
@@ -431,8 +431,10 @@ ethnl_update_bitset32_verbose(u32 *bitmap, unsigned int nbits,
ethnl_string_array_t names,
struct netlink_ext_ack *extack, bool *mod)
{
+ u32 *orig_bitmap, *saved_bitmap = NULL;
struct nlattr *bit_attr;
bool no_mask;
+ bool dummy;
int rem;
int ret;
@@ -448,8 +450,22 @@ ethnl_update_bitset32_verbose(u32 *bitmap, unsigned int nbits,
}
no_mask = tb[ETHTOOL_A_BITSET_NOMASK];
- if (no_mask)
- ethnl_bitmap32_clear(bitmap, 0, nbits, mod);
+ if (no_mask) {
+ unsigned int nwords = DIV_ROUND_UP(nbits, 32);
+ unsigned int nbytes = nwords * sizeof(u32);
+
+ /* The bitmap size is only the size of the map part without
+ * its mask part.
+ */
+ saved_bitmap = kcalloc(nwords, sizeof(u32), GFP_KERNEL);
+ if (!saved_bitmap)
+ return -ENOMEM;
+ memcpy(saved_bitmap, bitmap, nbytes);
+ ethnl_bitmap32_clear(bitmap, 0, nbits, &dummy);
+ orig_bitmap = saved_bitmap;
+ } else {
+ orig_bitmap = bitmap;
+ }
nla_for_each_nested(bit_attr, tb[ETHTOOL_A_BITSET_BITS], rem) {
bool old_val, new_val;
@@ -458,13 +474,14 @@ ethnl_update_bitset32_verbose(u32 *bitmap, unsigned int nbits,
if (nla_type(bit_attr) != ETHTOOL_A_BITSET_BITS_BIT) {
NL_SET_ERR_MSG_ATTR(extack, bit_attr,
"only ETHTOOL_A_BITSET_BITS_BIT allowed in ETHTOOL_A_BITSET_BITS");
- return -EINVAL;
+ ret = -EINVAL;
+ goto out;
}
ret = ethnl_parse_bit(&idx, &new_val, nbits, bit_attr, no_mask,
names, extack);
if (ret < 0)
- return ret;
- old_val = bitmap[idx / 32] & ((u32)1 << (idx % 32));
+ goto out;
+ old_val = orig_bitmap[idx / 32] & ((u32)1 << (idx % 32));
if (new_val != old_val) {
if (new_val)
bitmap[idx / 32] |= ((u32)1 << (idx % 32));
@@ -474,7 +491,10 @@ ethnl_update_bitset32_verbose(u32 *bitmap, unsigned int nbits,
}
}
- return 0;
+ ret = 0;
+out:
+ kfree(saved_bitmap);
+ return ret;
}
static int ethnl_compact_sanity_checks(unsigned int nbits,
--
2.40.1
^ permalink raw reply related [flat|nested] 123+ messages in thread* [PATCH 5.15 038/102] net/smc: Fix pos miscalculation in statistics
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (36 preceding siblings ...)
2023-10-16 8:40 ` [PATCH 5.15 037/102] ethtool: Fix mod state of verbose no_mask bitset Greg Kroah-Hartman
@ 2023-10-16 8:40 ` Greg Kroah-Hartman
2023-10-16 8:40 ` [PATCH 5.15 039/102] pinctrl: renesas: rzn1: Enable missing PINMUX Greg Kroah-Hartman
` (72 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Halil Pasic, Nils Hoppmann,
Wenjia Zhang, Dust Li, David S. Miller, Sasha Levin
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nils Hoppmann <niho@linux.ibm.com>
[ Upstream commit a950a5921db450c74212327f69950ff03419483a ]
SMC_STAT_PAYLOAD_SUB(_smc_stats, _tech, key, _len, _rc) will calculate
wrong bucket positions for payloads of exactly 4096 bytes and
(1 << (m + 12)) bytes, with m == SMC_BUF_MAX - 1.
Intended bucket distribution:
Assume l == size of payload, m == SMC_BUF_MAX - 1.
Bucket 0 : 0 < l <= 2^13
Bucket n, 1 <= n <= m-1 : 2^(n+12) < l <= 2^(n+13)
Bucket m : l > 2^(m+12)
Current solution:
_pos = fls64((l) >> 13)
[...]
_pos = (_pos < m) ? ((l == 1 << (_pos + 12)) ? _pos - 1 : _pos) : m
For l == 4096, _pos == -1, but should be _pos == 0.
For l == (1 << (m + 12)), _pos == m, but should be _pos == m - 1.
In order to avoid special treatment of these corner cases, the
calculation is adjusted. The new solution first subtracts the length by
one, and then calculates the correct bucket by shifting accordingly,
i.e. _pos = fls64((l - 1) >> 13), l > 0.
This not only fixes the issues named above, but also makes the whole
bucket assignment easier to follow.
Same is done for SMC_STAT_RMB_SIZE_SUB(_smc_stats, _tech, k, _len),
where the calculation of the bucket position is similar to the one
named above.
Fixes: e0e4b8fa5338 ("net/smc: Add SMC statistics support")
Suggested-by: Halil Pasic <pasic@linux.ibm.com>
Signed-off-by: Nils Hoppmann <niho@linux.ibm.com>
Reviewed-by: Halil Pasic <pasic@linux.ibm.com>
Reviewed-by: Wenjia Zhang <wenjia@linux.ibm.com>
Reviewed-by: Dust Li <dust.li@linux.alibaba.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/smc/smc_stats.h | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)
diff --git a/net/smc/smc_stats.h b/net/smc/smc_stats.h
index 84b7ecd8c05ca..415131a975b11 100644
--- a/net/smc/smc_stats.h
+++ b/net/smc/smc_stats.h
@@ -93,13 +93,14 @@ do { \
typeof(_smc_stats) stats = (_smc_stats); \
typeof(_tech) t = (_tech); \
typeof(_len) l = (_len); \
- int _pos = fls64((l) >> 13); \
+ int _pos; \
typeof(_rc) r = (_rc); \
int m = SMC_BUF_MAX - 1; \
this_cpu_inc((*stats).smc[t].key ## _cnt); \
- if (r <= 0) \
+ if (r <= 0 || l <= 0) \
break; \
- _pos = (_pos < m) ? ((l == 1 << (_pos + 12)) ? _pos - 1 : _pos) : m; \
+ _pos = fls64((l - 1) >> 13); \
+ _pos = (_pos <= m) ? _pos : m; \
this_cpu_inc((*stats).smc[t].key ## _pd.buf[_pos]); \
this_cpu_add((*stats).smc[t].key ## _bytes, r); \
} \
@@ -139,9 +140,12 @@ while (0)
do { \
typeof(_len) _l = (_len); \
typeof(_tech) t = (_tech); \
- int _pos = fls((_l) >> 13); \
+ int _pos; \
int m = SMC_BUF_MAX - 1; \
- _pos = (_pos < m) ? ((_l == 1 << (_pos + 12)) ? _pos - 1 : _pos) : m; \
+ if (_l <= 0) \
+ break; \
+ _pos = fls((_l - 1) >> 13); \
+ _pos = (_pos <= m) ? _pos : m; \
this_cpu_inc((*(_smc_stats)).smc[t].k ## _rmbsize.buf[_pos]); \
} \
while (0)
--
2.40.1
^ permalink raw reply related [flat|nested] 123+ messages in thread* [PATCH 5.15 039/102] pinctrl: renesas: rzn1: Enable missing PINMUX
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (37 preceding siblings ...)
2023-10-16 8:40 ` [PATCH 5.15 038/102] net/smc: Fix pos miscalculation in statistics Greg Kroah-Hartman
@ 2023-10-16 8:40 ` Greg Kroah-Hartman
2023-10-16 8:40 ` [PATCH 5.15 040/102] nfc: nci: assert requested protocol is valid Greg Kroah-Hartman
` (71 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ralph Siemsen, Miquel Raynal,
Geert Uytterhoeven, Linus Walleij, Sasha Levin
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ralph Siemsen <ralph.siemsen@linaro.org>
[ Upstream commit f055ff23c331f28aa4ace4b72dc56f63b9a726c8 ]
Enable pin muxing (eg. programmable function), so that the RZ/N1 GPIO
pins will be configured as specified by the pinmux in the DTS.
This used to be enabled implicitly via CONFIG_GENERIC_PINMUX_FUNCTIONS,
however that was removed, since the RZ/N1 driver does not call any of
the generic pinmux functions.
Fixes: 1308fb4e4eae14e6 ("pinctrl: rzn1: Do not select GENERIC_PIN{CTRL_GROUPS,MUX_FUNCTIONS}")
Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Reviewed-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
Link: https://lore.kernel.org/r/20231004200008.1306798-1-ralph.siemsen@linaro.org
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pinctrl/renesas/Kconfig | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/pinctrl/renesas/Kconfig b/drivers/pinctrl/renesas/Kconfig
index 9a72999084b36..ba7224a4c352d 100644
--- a/drivers/pinctrl/renesas/Kconfig
+++ b/drivers/pinctrl/renesas/Kconfig
@@ -228,6 +228,7 @@ config PINCTRL_RZN1
depends on OF
depends on ARCH_RZN1 || COMPILE_TEST
select GENERIC_PINCONF
+ select PINMUX
help
This selects pinctrl driver for Renesas RZ/N1 devices.
--
2.40.1
^ permalink raw reply related [flat|nested] 123+ messages in thread* [PATCH 5.15 040/102] nfc: nci: assert requested protocol is valid
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (38 preceding siblings ...)
2023-10-16 8:40 ` [PATCH 5.15 039/102] pinctrl: renesas: rzn1: Enable missing PINMUX Greg Kroah-Hartman
@ 2023-10-16 8:40 ` Greg Kroah-Hartman
2023-10-16 8:40 ` [PATCH 5.15 041/102] workqueue: Override implicit ordered attribute in workqueue_apply_unbound_cpumask() Greg Kroah-Hartman
` (70 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jeremy Cline, Simon Horman,
Paolo Abeni, Sasha Levin, syzbot+0839b78e119aae1fec78
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jeremy Cline <jeremy@jcline.org>
[ Upstream commit 354a6e707e29cb0c007176ee5b8db8be7bd2dee0 ]
The protocol is used in a bit mask to determine if the protocol is
supported. Assert the provided protocol is less than the maximum
defined so it doesn't potentially perform a shift-out-of-bounds and
provide a clearer error for undefined protocols vs unsupported ones.
Fixes: 6a2968aaf50c ("NFC: basic NCI protocol implementation")
Reported-and-tested-by: syzbot+0839b78e119aae1fec78@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=0839b78e119aae1fec78
Signed-off-by: Jeremy Cline <jeremy@jcline.org>
Reviewed-by: Simon Horman <horms@kernel.org>
Link: https://lore.kernel.org/r/20231009200054.82557-1-jeremy@jcline.org
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/nfc/nci/core.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/net/nfc/nci/core.c b/net/nfc/nci/core.c
index 7b6cf9a44aea7..643dfc90b0636 100644
--- a/net/nfc/nci/core.c
+++ b/net/nfc/nci/core.c
@@ -908,6 +908,11 @@ static int nci_activate_target(struct nfc_dev *nfc_dev,
return -EINVAL;
}
+ if (protocol >= NFC_PROTO_MAX) {
+ pr_err("the requested nfc protocol is invalid\n");
+ return -EINVAL;
+ }
+
if (!(nci_target->supported_protocols & (1 << protocol))) {
pr_err("target does not support the requested protocol 0x%x\n",
protocol);
--
2.40.1
^ permalink raw reply related [flat|nested] 123+ messages in thread* [PATCH 5.15 041/102] workqueue: Override implicit ordered attribute in workqueue_apply_unbound_cpumask()
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (39 preceding siblings ...)
2023-10-16 8:40 ` [PATCH 5.15 040/102] nfc: nci: assert requested protocol is valid Greg Kroah-Hartman
@ 2023-10-16 8:40 ` Greg Kroah-Hartman
2023-10-16 8:40 ` [PATCH 5.15 042/102] perf inject: Fix GEN_ELF_TEXT_OFFSET for jit Greg Kroah-Hartman
` (69 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:40 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Waiman Long, Tejun Heo, Sasha Levin
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Waiman Long <longman@redhat.com>
[ Upstream commit ca10d851b9ad0338c19e8e3089e24d565ebfffd7 ]
Commit 5c0338c68706 ("workqueue: restore WQ_UNBOUND/max_active==1
to be ordered") enabled implicit ordered attribute to be added to
WQ_UNBOUND workqueues with max_active of 1. This prevented the changing
of attributes to these workqueues leading to fix commit 0a94efb5acbb
("workqueue: implicit ordered attribute should be overridable").
However, workqueue_apply_unbound_cpumask() was not updated at that time.
So sysfs changes to wq_unbound_cpumask has no effect on WQ_UNBOUND
workqueues with implicit ordered attribute. Since not all WQ_UNBOUND
workqueues are visible on sysfs, we are not able to make all the
necessary cpumask changes even if we iterates all the workqueue cpumasks
in sysfs and changing them one by one.
Fix this problem by applying the corresponding change made
to apply_workqueue_attrs_locked() in the fix commit to
workqueue_apply_unbound_cpumask().
Fixes: 5c0338c68706 ("workqueue: restore WQ_UNBOUND/max_active==1 to be ordered")
Signed-off-by: Waiman Long <longman@redhat.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/workqueue.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/kernel/workqueue.c b/kernel/workqueue.c
index 8e108c040cc35..19868cf588779 100644
--- a/kernel/workqueue.c
+++ b/kernel/workqueue.c
@@ -5379,9 +5379,13 @@ static int workqueue_apply_unbound_cpumask(void)
list_for_each_entry(wq, &workqueues, list) {
if (!(wq->flags & WQ_UNBOUND))
continue;
+
/* creating multiple pwqs breaks ordering guarantee */
- if (wq->flags & __WQ_ORDERED)
- continue;
+ if (!list_empty(&wq->pwqs)) {
+ if (wq->flags & __WQ_ORDERED_EXPLICIT)
+ continue;
+ wq->flags &= ~__WQ_ORDERED;
+ }
ctx = apply_wqattrs_prepare(wq, wq->unbound_attrs);
if (!ctx) {
--
2.40.1
^ permalink raw reply related [flat|nested] 123+ messages in thread* [PATCH 5.15 042/102] perf inject: Fix GEN_ELF_TEXT_OFFSET for jit
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (40 preceding siblings ...)
2023-10-16 8:40 ` [PATCH 5.15 041/102] workqueue: Override implicit ordered attribute in workqueue_apply_unbound_cpumask() Greg Kroah-Hartman
@ 2023-10-16 8:40 ` Greg Kroah-Hartman
2023-10-16 8:40 ` [PATCH 5.15 043/102] net: add sysctl accept_ra_min_rtr_lft Greg Kroah-Hartman
` (68 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Adrian Hunter,
Arnaldo Carvalho de Melo, Ian Rogers, Jiri Olsa, Lieven Hey,
Namhyung Kim, Sasha Levin
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Adrian Hunter <adrian.hunter@intel.com>
[ Upstream commit 89b15d00527b7825ff19130ed83478e80e3fae99 ]
When a program header was added, it moved the text section but
GEN_ELF_TEXT_OFFSET was not updated.
Fix by adding the program header size and aligning.
Fixes: babd04386b1df8c3 ("perf jit: Include program header in ELF files")
Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
Tested-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Ian Rogers <irogers@google.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Lieven Hey <lieven.hey@kdab.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Link: https://lore.kernel.org/r/20221014170905.64069-7-adrian.hunter@intel.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/perf/util/genelf.h | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/tools/perf/util/genelf.h b/tools/perf/util/genelf.h
index ac638945b4cb0..159c69bcc33e6 100644
--- a/tools/perf/util/genelf.h
+++ b/tools/perf/util/genelf.h
@@ -2,6 +2,8 @@
#ifndef __GENELF_H__
#define __GENELF_H__
+#include <linux/math.h>
+
/* genelf.c */
int jit_write_elf(int fd, uint64_t code_addr, const char *sym,
const void *code, int csize, void *debug, int nr_debug_entries,
@@ -73,6 +75,6 @@ int jit_add_debug_info(Elf *e, uint64_t code_addr, void *debug, int nr_debug_ent
#endif
/* The .text section is directly after the ELF header */
-#define GEN_ELF_TEXT_OFFSET sizeof(Elf_Ehdr)
+#define GEN_ELF_TEXT_OFFSET round_up(sizeof(Elf_Ehdr) + sizeof(Elf_Phdr), 16)
#endif
--
2.40.1
^ permalink raw reply related [flat|nested] 123+ messages in thread* [PATCH 5.15 043/102] net: add sysctl accept_ra_min_rtr_lft
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (41 preceding siblings ...)
2023-10-16 8:40 ` [PATCH 5.15 042/102] perf inject: Fix GEN_ELF_TEXT_OFFSET for jit Greg Kroah-Hartman
@ 2023-10-16 8:40 ` Greg Kroah-Hartman
2023-10-16 8:40 ` [PATCH 5.15 044/102] net: change accept_ra_min_rtr_lft to affect all RA lifetimes Greg Kroah-Hartman
` (67 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Patrick Rohr,
Maciej Żenczykowski, Lorenzo Colitti, David S. Miller
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Patrick Rohr <prohr@google.com>
commit 1671bcfd76fdc0b9e65153cf759153083755fe4c upstream.
This change adds a new sysctl accept_ra_min_rtr_lft to specify the
minimum acceptable router lifetime in an RA. If the received RA router
lifetime is less than the configured value (and not 0), the RA is
ignored.
This is useful for mobile devices, whose battery life can be impacted
by networks that configure RAs with a short lifetime. On such networks,
the device should never gain IPv6 provisioning and should attempt to
drop RAs via hardware offload, if available.
Signed-off-by: Patrick Rohr <prohr@google.com>
Cc: Maciej Żenczykowski <maze@google.com>
Cc: Lorenzo Colitti <lorenzo@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
Documentation/networking/ip-sysctl.rst | 8 ++++++++
include/linux/ipv6.h | 1 +
include/uapi/linux/ipv6.h | 3 +++
net/ipv6/addrconf.c | 10 ++++++++++
net/ipv6/ndisc.c | 18 ++++++++++++++++--
5 files changed, 38 insertions(+), 2 deletions(-)
--- a/Documentation/networking/ip-sysctl.rst
+++ b/Documentation/networking/ip-sysctl.rst
@@ -2070,6 +2070,14 @@ accept_ra_min_hop_limit - INTEGER
Default: 1
+accept_ra_min_rtr_lft - INTEGER
+ Minimum acceptable router lifetime in Router Advertisement.
+
+ RAs with a router lifetime less than this value shall be
+ ignored. RAs with a router lifetime of 0 are unaffected.
+
+ Default: 0
+
accept_ra_pinfo - BOOLEAN
Learn Prefix Information in Router Advertisement.
--- a/include/linux/ipv6.h
+++ b/include/linux/ipv6.h
@@ -33,6 +33,7 @@ struct ipv6_devconf {
__s32 accept_ra_defrtr;
__u32 ra_defrtr_metric;
__s32 accept_ra_min_hop_limit;
+ __s32 accept_ra_min_rtr_lft;
__s32 accept_ra_pinfo;
__s32 ignore_routes_with_linkdown;
#ifdef CONFIG_IPV6_ROUTER_PREF
--- a/include/uapi/linux/ipv6.h
+++ b/include/uapi/linux/ipv6.h
@@ -196,6 +196,9 @@ enum {
DEVCONF_IOAM6_ENABLED,
DEVCONF_IOAM6_ID,
DEVCONF_IOAM6_ID_WIDE,
+ DEVCONF_NDISC_EVICT_NOCARRIER,
+ DEVCONF_ACCEPT_UNTRACKED_NA,
+ DEVCONF_ACCEPT_RA_MIN_RTR_LFT,
DEVCONF_MAX
};
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -209,6 +209,7 @@ static struct ipv6_devconf ipv6_devconf
.ra_defrtr_metric = IP6_RT_PRIO_USER,
.accept_ra_from_local = 0,
.accept_ra_min_hop_limit= 1,
+ .accept_ra_min_rtr_lft = 0,
.accept_ra_pinfo = 1,
#ifdef CONFIG_IPV6_ROUTER_PREF
.accept_ra_rtr_pref = 1,
@@ -268,6 +269,7 @@ static struct ipv6_devconf ipv6_devconf_
.ra_defrtr_metric = IP6_RT_PRIO_USER,
.accept_ra_from_local = 0,
.accept_ra_min_hop_limit= 1,
+ .accept_ra_min_rtr_lft = 0,
.accept_ra_pinfo = 1,
#ifdef CONFIG_IPV6_ROUTER_PREF
.accept_ra_rtr_pref = 1,
@@ -5589,6 +5591,7 @@ static inline void ipv6_store_devconf(st
array[DEVCONF_IOAM6_ENABLED] = cnf->ioam6_enabled;
array[DEVCONF_IOAM6_ID] = cnf->ioam6_id;
array[DEVCONF_IOAM6_ID_WIDE] = cnf->ioam6_id_wide;
+ array[DEVCONF_ACCEPT_RA_MIN_RTR_LFT] = cnf->accept_ra_min_rtr_lft;
}
static inline size_t inet6_ifla6_size(void)
@@ -6781,6 +6784,13 @@ static const struct ctl_table addrconf_s
.maxlen = sizeof(int),
.mode = 0644,
.proc_handler = proc_dointvec,
+ },
+ {
+ .procname = "accept_ra_min_rtr_lft",
+ .data = &ipv6_devconf.accept_ra_min_rtr_lft,
+ .maxlen = sizeof(int),
+ .mode = 0644,
+ .proc_handler = proc_dointvec,
},
{
.procname = "accept_ra_pinfo",
--- a/net/ipv6/ndisc.c
+++ b/net/ipv6/ndisc.c
@@ -1223,6 +1223,8 @@ static void ndisc_router_discovery(struc
return;
}
+ lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
+
if (!ipv6_accept_ra(in6_dev)) {
ND_PRINTK(2, info,
"RA: %s, did not accept ra for dev: %s\n",
@@ -1230,6 +1232,13 @@ static void ndisc_router_discovery(struc
goto skip_linkparms;
}
+ if (lifetime != 0 && lifetime < in6_dev->cnf.accept_ra_min_rtr_lft) {
+ ND_PRINTK(2, info,
+ "RA: router lifetime (%ds) is too short: %s\n",
+ lifetime, skb->dev->name);
+ goto skip_linkparms;
+ }
+
#ifdef CONFIG_IPV6_NDISC_NODETYPE
/* skip link-specific parameters from interior routers */
if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
@@ -1282,8 +1291,6 @@ static void ndisc_router_discovery(struc
goto skip_defrtr;
}
- lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
-
#ifdef CONFIG_IPV6_ROUTER_PREF
pref = ra_msg->icmph.icmp6_router_pref;
/* 10b is handled as if it were 00b (medium) */
@@ -1430,6 +1437,13 @@ skip_linkparms:
goto out;
}
+ if (lifetime != 0 && lifetime < in6_dev->cnf.accept_ra_min_rtr_lft) {
+ ND_PRINTK(2, info,
+ "RA: router lifetime (%ds) is too short: %s\n",
+ lifetime, skb->dev->name);
+ goto out;
+ }
+
#ifdef CONFIG_IPV6_ROUTE_INFO
if (!in6_dev->cnf.accept_ra_from_local &&
ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
^ permalink raw reply [flat|nested] 123+ messages in thread* [PATCH 5.15 044/102] net: change accept_ra_min_rtr_lft to affect all RA lifetimes
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (42 preceding siblings ...)
2023-10-16 8:40 ` [PATCH 5.15 043/102] net: add sysctl accept_ra_min_rtr_lft Greg Kroah-Hartman
@ 2023-10-16 8:40 ` Greg Kroah-Hartman
2023-10-16 8:40 ` [PATCH 5.15 045/102] net: release reference to inet6_dev pointer Greg Kroah-Hartman
` (66 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Lorenzo Colitti, Patrick Rohr,
Maciej Żenczykowski, David Ahern, Jakub Kicinski
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Patrick Rohr <prohr@google.com>
commit 5027d54a9c30bc7ec808360378e2b4753f053f25 upstream.
accept_ra_min_rtr_lft only considered the lifetime of the default route
and discarded entire RAs accordingly.
This change renames accept_ra_min_rtr_lft to accept_ra_min_lft, and
applies the value to individual RA sections; in particular, router
lifetime, PIO preferred lifetime, and RIO lifetime. If any of those
lifetimes are lower than the configured value, the specific RA section
is ignored.
In order for the sysctl to be useful to Android, it should really apply
to all lifetimes in the RA, since that is what determines the minimum
frequency at which RAs must be processed by the kernel. Android uses
hardware offloads to drop RAs for a fraction of the minimum of all
lifetimes present in the RA (some networks have very frequent RAs (5s)
with high lifetimes (2h)). Despite this, we have encountered networks
that set the router lifetime to 30s which results in very frequent CPU
wakeups. Instead of disabling IPv6 (and dropping IPv6 ethertype in the
WiFi firmware) entirely on such networks, it seems better to ignore the
misconfigured routers while still processing RAs from other IPv6 routers
on the same network (i.e. to support IoT applications).
The previous implementation dropped the entire RA based on router
lifetime. This turned out to be hard to expand to the other lifetimes
present in the RA in a consistent manner; dropping the entire RA based
on RIO/PIO lifetimes would essentially require parsing the whole thing
twice.
Fixes: 1671bcfd76fd ("net: add sysctl accept_ra_min_rtr_lft")
Cc: Lorenzo Colitti <lorenzo@google.com>
Signed-off-by: Patrick Rohr <prohr@google.com>
Reviewed-by: Maciej Żenczykowski <maze@google.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Link: https://lore.kernel.org/r/20230726230701.919212-1-prohr@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
Documentation/networking/ip-sysctl.rst | 8 ++++----
include/linux/ipv6.h | 2 +-
include/uapi/linux/ipv6.h | 2 +-
net/ipv6/addrconf.c | 13 ++++++++-----
net/ipv6/ndisc.c | 27 +++++++++++----------------
5 files changed, 25 insertions(+), 27 deletions(-)
--- a/Documentation/networking/ip-sysctl.rst
+++ b/Documentation/networking/ip-sysctl.rst
@@ -2070,11 +2070,11 @@ accept_ra_min_hop_limit - INTEGER
Default: 1
-accept_ra_min_rtr_lft - INTEGER
- Minimum acceptable router lifetime in Router Advertisement.
+accept_ra_min_lft - INTEGER
+ Minimum acceptable lifetime value in Router Advertisement.
- RAs with a router lifetime less than this value shall be
- ignored. RAs with a router lifetime of 0 are unaffected.
+ RA sections with a lifetime less than this value shall be
+ ignored. Zero lifetimes stay unaffected.
Default: 0
--- a/include/linux/ipv6.h
+++ b/include/linux/ipv6.h
@@ -33,7 +33,7 @@ struct ipv6_devconf {
__s32 accept_ra_defrtr;
__u32 ra_defrtr_metric;
__s32 accept_ra_min_hop_limit;
- __s32 accept_ra_min_rtr_lft;
+ __s32 accept_ra_min_lft;
__s32 accept_ra_pinfo;
__s32 ignore_routes_with_linkdown;
#ifdef CONFIG_IPV6_ROUTER_PREF
--- a/include/uapi/linux/ipv6.h
+++ b/include/uapi/linux/ipv6.h
@@ -198,7 +198,7 @@ enum {
DEVCONF_IOAM6_ID_WIDE,
DEVCONF_NDISC_EVICT_NOCARRIER,
DEVCONF_ACCEPT_UNTRACKED_NA,
- DEVCONF_ACCEPT_RA_MIN_RTR_LFT,
+ DEVCONF_ACCEPT_RA_MIN_LFT,
DEVCONF_MAX
};
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -209,7 +209,7 @@ static struct ipv6_devconf ipv6_devconf
.ra_defrtr_metric = IP6_RT_PRIO_USER,
.accept_ra_from_local = 0,
.accept_ra_min_hop_limit= 1,
- .accept_ra_min_rtr_lft = 0,
+ .accept_ra_min_lft = 0,
.accept_ra_pinfo = 1,
#ifdef CONFIG_IPV6_ROUTER_PREF
.accept_ra_rtr_pref = 1,
@@ -269,7 +269,7 @@ static struct ipv6_devconf ipv6_devconf_
.ra_defrtr_metric = IP6_RT_PRIO_USER,
.accept_ra_from_local = 0,
.accept_ra_min_hop_limit= 1,
- .accept_ra_min_rtr_lft = 0,
+ .accept_ra_min_lft = 0,
.accept_ra_pinfo = 1,
#ifdef CONFIG_IPV6_ROUTER_PREF
.accept_ra_rtr_pref = 1,
@@ -2736,6 +2736,9 @@ void addrconf_prefix_rcv(struct net_devi
return;
}
+ if (valid_lft != 0 && valid_lft < in6_dev->cnf.accept_ra_min_lft)
+ return;
+
/*
* Two things going on here:
* 1) Add routes for on-link prefixes
@@ -5591,7 +5594,7 @@ static inline void ipv6_store_devconf(st
array[DEVCONF_IOAM6_ENABLED] = cnf->ioam6_enabled;
array[DEVCONF_IOAM6_ID] = cnf->ioam6_id;
array[DEVCONF_IOAM6_ID_WIDE] = cnf->ioam6_id_wide;
- array[DEVCONF_ACCEPT_RA_MIN_RTR_LFT] = cnf->accept_ra_min_rtr_lft;
+ array[DEVCONF_ACCEPT_RA_MIN_LFT] = cnf->accept_ra_min_lft;
}
static inline size_t inet6_ifla6_size(void)
@@ -6786,8 +6789,8 @@ static const struct ctl_table addrconf_s
.proc_handler = proc_dointvec,
},
{
- .procname = "accept_ra_min_rtr_lft",
- .data = &ipv6_devconf.accept_ra_min_rtr_lft,
+ .procname = "accept_ra_min_lft",
+ .data = &ipv6_devconf.accept_ra_min_lft,
.maxlen = sizeof(int),
.mode = 0644,
.proc_handler = proc_dointvec,
--- a/net/ipv6/ndisc.c
+++ b/net/ipv6/ndisc.c
@@ -1223,8 +1223,6 @@ static void ndisc_router_discovery(struc
return;
}
- lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
-
if (!ipv6_accept_ra(in6_dev)) {
ND_PRINTK(2, info,
"RA: %s, did not accept ra for dev: %s\n",
@@ -1232,13 +1230,6 @@ static void ndisc_router_discovery(struc
goto skip_linkparms;
}
- if (lifetime != 0 && lifetime < in6_dev->cnf.accept_ra_min_rtr_lft) {
- ND_PRINTK(2, info,
- "RA: router lifetime (%ds) is too short: %s\n",
- lifetime, skb->dev->name);
- goto skip_linkparms;
- }
-
#ifdef CONFIG_IPV6_NDISC_NODETYPE
/* skip link-specific parameters from interior routers */
if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
@@ -1279,6 +1270,14 @@ static void ndisc_router_discovery(struc
goto skip_defrtr;
}
+ lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
+ if (lifetime != 0 && lifetime < in6_dev->cnf.accept_ra_min_lft) {
+ ND_PRINTK(2, info,
+ "RA: router lifetime (%ds) is too short: %s\n",
+ lifetime, skb->dev->name);
+ goto skip_defrtr;
+ }
+
/* Do not accept RA with source-addr found on local machine unless
* accept_ra_from_local is set to true.
*/
@@ -1437,13 +1436,6 @@ skip_linkparms:
goto out;
}
- if (lifetime != 0 && lifetime < in6_dev->cnf.accept_ra_min_rtr_lft) {
- ND_PRINTK(2, info,
- "RA: router lifetime (%ds) is too short: %s\n",
- lifetime, skb->dev->name);
- goto out;
- }
-
#ifdef CONFIG_IPV6_ROUTE_INFO
if (!in6_dev->cnf.accept_ra_from_local &&
ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
@@ -1468,6 +1460,9 @@ skip_linkparms:
if (ri->prefix_len == 0 &&
!in6_dev->cnf.accept_ra_defrtr)
continue;
+ if (ri->lifetime != 0 &&
+ ntohl(ri->lifetime) < in6_dev->cnf.accept_ra_min_lft)
+ continue;
if (ri->prefix_len < in6_dev->cnf.accept_ra_rt_info_min_plen)
continue;
if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
^ permalink raw reply [flat|nested] 123+ messages in thread* [PATCH 5.15 045/102] net: release reference to inet6_dev pointer
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (43 preceding siblings ...)
2023-10-16 8:40 ` [PATCH 5.15 044/102] net: change accept_ra_min_rtr_lft to affect all RA lifetimes Greg Kroah-Hartman
@ 2023-10-16 8:40 ` Greg Kroah-Hartman
2023-10-16 8:40 ` [PATCH 5.15 046/102] media: mtk-jpeg: Fix use after free bug due to uncanceled work Greg Kroah-Hartman
` (65 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Maciej Żenczykowski,
Lorenzo Colitti, David Ahern, Simon Horman, Patrick Rohr,
Leon Romanovsky, David S. Miller
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Patrick Rohr <prohr@google.com>
commit 5cb249686e67dbef3ffe53887fa725eefc5a7144 upstream.
addrconf_prefix_rcv returned early without releasing the inet6_dev
pointer when the PIO lifetime is less than accept_ra_min_lft.
Fixes: 5027d54a9c30 ("net: change accept_ra_min_rtr_lft to affect all RA lifetimes")
Cc: Maciej Żenczykowski <maze@google.com>
Cc: Lorenzo Colitti <lorenzo@google.com>
Cc: David Ahern <dsahern@kernel.org>
Cc: Simon Horman <horms@kernel.org>
Reviewed-by: Simon Horman <horms@kernel.org>
Reviewed-by: Maciej Żenczykowski <maze@google.com>
Signed-off-by: Patrick Rohr <prohr@google.com>
Reviewed-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv6/addrconf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -2737,7 +2737,7 @@ void addrconf_prefix_rcv(struct net_devi
}
if (valid_lft != 0 && valid_lft < in6_dev->cnf.accept_ra_min_lft)
- return;
+ goto put;
/*
* Two things going on here:
^ permalink raw reply [flat|nested] 123+ messages in thread* [PATCH 5.15 046/102] media: mtk-jpeg: Fix use after free bug due to uncanceled work
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (44 preceding siblings ...)
2023-10-16 8:40 ` [PATCH 5.15 045/102] net: release reference to inet6_dev pointer Greg Kroah-Hartman
@ 2023-10-16 8:40 ` Greg Kroah-Hartman
2023-10-16 8:40 ` [PATCH 5.15 047/102] dmaengine: stm32-mdma: abort resume if no ongoing transfer Greg Kroah-Hartman
` (64 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zheng Wang, Alexandre Mergnat,
Chen-Yu Tsai, AngeloGioacchino Del Regno, Hans Verkuil
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zheng Wang <zyytlz.wz@163.com>
commit c677d7ae83141d390d1253abebafa49c962afb52 upstream.
In mtk_jpeg_probe, &jpeg->job_timeout_work is bound with
mtk_jpeg_job_timeout_work. Then mtk_jpeg_dec_device_run
and mtk_jpeg_enc_device_run may be called to start the
work.
If we remove the module which will call mtk_jpeg_remove
to make cleanup, there may be a unfinished work. The
possible sequence is as follows, which will cause a
typical UAF bug.
Fix it by canceling the work before cleanup in the mtk_jpeg_remove
CPU0 CPU1
|mtk_jpeg_job_timeout_work
mtk_jpeg_remove |
v4l2_m2m_release |
kfree(m2m_dev); |
|
| v4l2_m2m_get_curr_priv
| m2m_dev->curr_ctx //use
Fixes: b2f0d2724ba4 ("[media] vcodec: mediatek: Add Mediatek JPEG Decoder Driver")
Signed-off-by: Zheng Wang <zyytlz.wz@163.com>
Reviewed-by: Alexandre Mergnat <amergnat@baylibre.com>
Reviewed-by: Chen-Yu Tsai <wenst@chromium.org>
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/platform/mtk-jpeg/mtk_jpeg_core.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/media/platform/mtk-jpeg/mtk_jpeg_core.c
+++ b/drivers/media/platform/mtk-jpeg/mtk_jpeg_core.c
@@ -1455,6 +1455,7 @@ static int mtk_jpeg_remove(struct platfo
{
struct mtk_jpeg_dev *jpeg = platform_get_drvdata(pdev);
+ cancel_delayed_work_sync(&jpeg->job_timeout_work);
pm_runtime_disable(&pdev->dev);
video_unregister_device(jpeg->vdev);
v4l2_m2m_release(jpeg->m2m_dev);
^ permalink raw reply [flat|nested] 123+ messages in thread* [PATCH 5.15 047/102] dmaengine: stm32-mdma: abort resume if no ongoing transfer
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (45 preceding siblings ...)
2023-10-16 8:40 ` [PATCH 5.15 046/102] media: mtk-jpeg: Fix use after free bug due to uncanceled work Greg Kroah-Hartman
@ 2023-10-16 8:40 ` Greg Kroah-Hartman
2023-10-16 8:40 ` [PATCH 5.15 048/102] xhci: Keep interrupt disabled in initialization until host is running Greg Kroah-Hartman
` (63 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:40 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Amelie Delaunay, Vinod Koul
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Amelie Delaunay <amelie.delaunay@foss.st.com>
commit 81337b9a72dc58a5fa0ae8a042e8cb59f9bdec4a upstream.
chan->desc can be null, if transfer is terminated when resume is called,
leading to a NULL pointer when retrieving the hwdesc.
To avoid this case, check that chan->desc is not null and channel is
disabled (transfer previously paused or terminated).
Fixes: a4ffb13c8946 ("dmaengine: Add STM32 MDMA driver")
Signed-off-by: Amelie Delaunay <amelie.delaunay@foss.st.com>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20231004163531.2864160-1-amelie.delaunay@foss.st.com
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/dma/stm32-mdma.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/drivers/dma/stm32-mdma.c
+++ b/drivers/dma/stm32-mdma.c
@@ -1206,6 +1206,10 @@ static int stm32_mdma_resume(struct dma_
unsigned long flags;
u32 status, reg;
+ /* Transfer can be terminated */
+ if (!chan->desc || (stm32_mdma_read(dmadev, STM32_MDMA_CCR(chan->id)) & STM32_MDMA_CCR_EN))
+ return -EPERM;
+
hwdesc = chan->desc->node[chan->curr_hwdesc].hwdesc;
spin_lock_irqsave(&chan->vchan.lock, flags);
^ permalink raw reply [flat|nested] 123+ messages in thread* [PATCH 5.15 048/102] xhci: Keep interrupt disabled in initialization until host is running.
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (46 preceding siblings ...)
2023-10-16 8:40 ` [PATCH 5.15 047/102] dmaengine: stm32-mdma: abort resume if no ongoing transfer Greg Kroah-Hartman
@ 2023-10-16 8:40 ` Greg Kroah-Hartman
2023-10-16 8:40 ` [PATCH 5.15 049/102] usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer Greg Kroah-Hartman
` (62 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, stable, Hongyu Xie, Mathias Nyman,
Prashanth K
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hongyu Xie <xy521521@gmail.com>
commit a808925075fb750804a60ff0710614466c396db4 upstream.
irq is disabled in xhci_quiesce(called by xhci_halt, with bit:2 cleared
in USBCMD register), but xhci_run(called by usb_add_hcd) re-enable it.
It's possible that you will receive thousands of interrupt requests
after initialization for 2.0 roothub. And you will get a lot of
warning like, "xHCI dying, ignoring interrupt. Shouldn't IRQs be
disabled?". This amount of interrupt requests will cause the entire
system to freeze.
This problem was first found on a device with ASM2142 host controller
on it.
[tidy up old code while moving it, reword header -Mathias]
Cc: stable@kernel.org
Signed-off-by: Hongyu Xie <xiehongyu1@kylinos.cn>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Link: https://lore.kernel.org/r/20220623111945.1557702-2-mathias.nyman@linux.intel.com
Signed-off-by: Prashanth K <quic_prashk@quicinc.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/host/xhci.c | 35 ++++++++++++++++++++++-------------
1 file changed, 22 insertions(+), 13 deletions(-)
--- a/drivers/usb/host/xhci.c
+++ b/drivers/usb/host/xhci.c
@@ -611,8 +611,27 @@ static int xhci_init(struct usb_hcd *hcd
static int xhci_run_finished(struct xhci_hcd *xhci)
{
+ unsigned long flags;
+ u32 temp;
+
+ /*
+ * Enable interrupts before starting the host (xhci 4.2 and 5.5.2).
+ * Protect the short window before host is running with a lock
+ */
+ spin_lock_irqsave(&xhci->lock, flags);
+
+ xhci_dbg_trace(xhci, trace_xhci_dbg_init, "Enable interrupts");
+ temp = readl(&xhci->op_regs->command);
+ temp |= (CMD_EIE);
+ writel(temp, &xhci->op_regs->command);
+
+ xhci_dbg_trace(xhci, trace_xhci_dbg_init, "Enable primary interrupter");
+ temp = readl(&xhci->ir_set->irq_pending);
+ writel(ER_IRQ_ENABLE(temp), &xhci->ir_set->irq_pending);
+
if (xhci_start(xhci)) {
xhci_halt(xhci);
+ spin_unlock_irqrestore(&xhci->lock, flags);
return -ENODEV;
}
xhci->shared_hcd->state = HC_STATE_RUNNING;
@@ -623,6 +642,9 @@ static int xhci_run_finished(struct xhci
xhci_dbg_trace(xhci, trace_xhci_dbg_init,
"Finished xhci_run for USB3 roothub");
+
+ spin_unlock_irqrestore(&xhci->lock, flags);
+
return 0;
}
@@ -671,19 +693,6 @@ int xhci_run(struct usb_hcd *hcd)
temp |= (xhci->imod_interval / 250) & ER_IRQ_INTERVAL_MASK;
writel(temp, &xhci->ir_set->irq_control);
- /* Set the HCD state before we enable the irqs */
- temp = readl(&xhci->op_regs->command);
- temp |= (CMD_EIE);
- xhci_dbg_trace(xhci, trace_xhci_dbg_init,
- "// Enable interrupts, cmd = 0x%x.", temp);
- writel(temp, &xhci->op_regs->command);
-
- temp = readl(&xhci->ir_set->irq_pending);
- xhci_dbg_trace(xhci, trace_xhci_dbg_init,
- "// Enabling event ring interrupter %p by writing 0x%x to irq_pending",
- xhci->ir_set, (unsigned int) ER_IRQ_ENABLE(temp));
- writel(ER_IRQ_ENABLE(temp), &xhci->ir_set->irq_pending);
-
if (xhci->quirks & XHCI_NEC_HOST) {
struct xhci_command *command;
^ permalink raw reply [flat|nested] 123+ messages in thread* [PATCH 5.15 049/102] usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (47 preceding siblings ...)
2023-10-16 8:40 ` [PATCH 5.15 048/102] xhci: Keep interrupt disabled in initialization until host is running Greg Kroah-Hartman
@ 2023-10-16 8:40 ` Greg Kroah-Hartman
2023-10-16 8:40 ` [PATCH 5.15 050/102] net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read Greg Kroah-Hartman
` (61 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:40 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Wesley Cheng, Mathias Nyman
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Wesley Cheng <quic_wcheng@quicinc.com>
commit 41a43013d2366db5b88b42bbcd8e8f040b6ccf21 upstream.
As mentioned in:
commit 474ed23a6257 ("xhci: align the last trb before link if it is
easily splittable.")
A bounce buffer is utilized for ensuring that transfers that span across
ring segments are aligned to the EP's max packet size. However, the device
that is used to map the DMA buffer to is currently using the XHCI HCD,
which does not carry any DMA operations in certain configrations.
Migration to using the sysdev entry was introduced for DWC3 based
implementations where the IOMMU operations are present.
Replace the reference to the controller device to sysdev instead. This
allows the bounce buffer to be properly mapped to any implementations that
have an IOMMU involved.
cc: stable@vger.kernel.org
Fixes: 4c39d4b949d3 ("usb: xhci: use bus->sysdev for DMA configuration")
Signed-off-by: Wesley Cheng <quic_wcheng@quicinc.com>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Link: https://lore.kernel.org/r/20230915143108.1532163-2-mathias.nyman@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/host/xhci-ring.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/usb/host/xhci-ring.c
+++ b/drivers/usb/host/xhci-ring.c
@@ -772,7 +772,7 @@ static void xhci_giveback_urb_in_irq(str
static void xhci_unmap_td_bounce_buffer(struct xhci_hcd *xhci,
struct xhci_ring *ring, struct xhci_td *td)
{
- struct device *dev = xhci_to_hcd(xhci)->self.controller;
+ struct device *dev = xhci_to_hcd(xhci)->self.sysdev;
struct xhci_segment *seg = td->bounce_seg;
struct urb *urb = td->urb;
size_t len;
@@ -3521,7 +3521,7 @@ static u32 xhci_td_remainder(struct xhci
static int xhci_align_td(struct xhci_hcd *xhci, struct urb *urb, u32 enqd_len,
u32 *trb_buff_len, struct xhci_segment *seg)
{
- struct device *dev = xhci_to_hcd(xhci)->self.controller;
+ struct device *dev = xhci_to_hcd(xhci)->self.sysdev;
unsigned int unalign;
unsigned int max_pkt;
u32 new_buff_len;
^ permalink raw reply [flat|nested] 123+ messages in thread* [PATCH 5.15 050/102] net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (48 preceding siblings ...)
2023-10-16 8:40 ` [PATCH 5.15 049/102] usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer Greg Kroah-Hartman
@ 2023-10-16 8:40 ` Greg Kroah-Hartman
2023-10-16 8:40 ` [PATCH 5.15 051/102] usb: dwc3: Soft reset phy on probe for host Greg Kroah-Hartman
` (60 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Javier Carrasco, Peter Korsgaard,
Jakub Kicinski, syzbot+1f53a30781af65d2c955
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Javier Carrasco <javier.carrasco.cruz@gmail.com>
commit 8f8abb863fa5a4cc18955c6a0e17af0ded3e4a76 upstream.
syzbot has found an uninit-value bug triggered by the dm9601 driver [1].
This error happens because the variable res is not updated if the call
to dm_read_shared_word returns an error. In this particular case -EPROTO
was returned and res stayed uninitialized.
This can be avoided by checking the return value of dm_read_shared_word
and propagating the error if the read operation failed.
[1] https://syzkaller.appspot.com/bug?extid=1f53a30781af65d2c955
Cc: stable@vger.kernel.org
Signed-off-by: Javier Carrasco <javier.carrasco.cruz@gmail.com>
Reported-and-tested-by: syzbot+1f53a30781af65d2c955@syzkaller.appspotmail.com
Acked-by: Peter Korsgaard <peter@korsgaard.com>
Fixes: d0374f4f9c35cdfbee0 ("USB: Davicom DM9601 usbnet driver")
Link: https://lore.kernel.org/r/20231009-topic-dm9601_uninit_mdio_read-v2-1-f2fe39739b6c@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/usb/dm9601.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
--- a/drivers/net/usb/dm9601.c
+++ b/drivers/net/usb/dm9601.c
@@ -221,13 +221,18 @@ static int dm9601_mdio_read(struct net_d
struct usbnet *dev = netdev_priv(netdev);
__le16 res;
+ int err;
if (phy_id) {
netdev_dbg(dev->net, "Only internal phy supported\n");
return 0;
}
- dm_read_shared_word(dev, 1, loc, &res);
+ err = dm_read_shared_word(dev, 1, loc, &res);
+ if (err < 0) {
+ netdev_err(dev->net, "MDIO read error: %d\n", err);
+ return err;
+ }
netdev_dbg(dev->net,
"dm9601_mdio_read() phy_id=0x%02x, loc=0x%02x, returns=0x%04x\n",
^ permalink raw reply [flat|nested] 123+ messages in thread* [PATCH 5.15 051/102] usb: dwc3: Soft reset phy on probe for host
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (49 preceding siblings ...)
2023-10-16 8:40 ` [PATCH 5.15 050/102] net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read Greg Kroah-Hartman
@ 2023-10-16 8:40 ` Greg Kroah-Hartman
2023-10-16 8:40 ` [PATCH 5.15 052/102] usb: cdns3: Modify the return value of cdns_set_active () to void when CONFIG_PM_SLEEP is disabled Greg Kroah-Hartman
` (59 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:40 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Kenta Sato, Thinh Nguyen
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
commit 8bea147dfdf823eaa8d3baeccc7aeb041b41944b upstream.
When there's phy initialization, we need to initiate a soft-reset
sequence. That's done through USBCMD.HCRST in the xHCI driver and its
initialization, However, the dwc3 driver may modify core configs before
the soft-reset. This may result in some connection instability. So,
ensure the phy is ready before the controller updates the GCTL.PRTCAPDIR
or other settings by issuing phy soft-reset.
Note that some host-mode configurations may not expose device registers
to initiate the controller soft-reset (via DCTL.CoreSftRst). So we reset
through GUSB3PIPECTL and GUSB2PHYCFG instead.
Cc: stable@vger.kernel.org
Fixes: e835c0a4e23c ("usb: dwc3: don't reset device side if dwc3 was configured as host-only")
Reported-by: Kenta Sato <tosainu.maple@gmail.com>
Closes: https://lore.kernel.org/linux-usb/ZPUciRLUcjDywMVS@debian.me/
Signed-off-by: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
Tested-by: Kenta Sato <tosainu.maple@gmail.com>
Link: https://lore.kernel.org/r/70aea513215d273669152696cc02b20ddcdb6f1a.1694564261.git.Thinh.Nguyen@synopsys.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/dwc3/core.c | 39 ++++++++++++++++++++++++++++++++++++++-
1 file changed, 38 insertions(+), 1 deletion(-)
--- a/drivers/usb/dwc3/core.c
+++ b/drivers/usb/dwc3/core.c
@@ -277,9 +277,46 @@ int dwc3_core_soft_reset(struct dwc3 *dw
* XHCI driver will reset the host block. If dwc3 was configured for
* host-only mode or current role is host, then we can return early.
*/
- if (dwc->dr_mode == USB_DR_MODE_HOST || dwc->current_dr_role == DWC3_GCTL_PRTCAP_HOST)
+ if (dwc->current_dr_role == DWC3_GCTL_PRTCAP_HOST)
return 0;
+ /*
+ * If the dr_mode is host and the dwc->current_dr_role is not the
+ * corresponding DWC3_GCTL_PRTCAP_HOST, then the dwc3_core_init_mode
+ * isn't executed yet. Ensure the phy is ready before the controller
+ * updates the GCTL.PRTCAPDIR or other settings by soft-resetting
+ * the phy.
+ *
+ * Note: GUSB3PIPECTL[n] and GUSB2PHYCFG[n] are port settings where n
+ * is port index. If this is a multiport host, then we need to reset
+ * all active ports.
+ */
+ if (dwc->dr_mode == USB_DR_MODE_HOST) {
+ u32 usb3_port;
+ u32 usb2_port;
+
+ usb3_port = dwc3_readl(dwc->regs, DWC3_GUSB3PIPECTL(0));
+ usb3_port |= DWC3_GUSB3PIPECTL_PHYSOFTRST;
+ dwc3_writel(dwc->regs, DWC3_GUSB3PIPECTL(0), usb3_port);
+
+ usb2_port = dwc3_readl(dwc->regs, DWC3_GUSB2PHYCFG(0));
+ usb2_port |= DWC3_GUSB2PHYCFG_PHYSOFTRST;
+ dwc3_writel(dwc->regs, DWC3_GUSB2PHYCFG(0), usb2_port);
+
+ /* Small delay for phy reset assertion */
+ usleep_range(1000, 2000);
+
+ usb3_port &= ~DWC3_GUSB3PIPECTL_PHYSOFTRST;
+ dwc3_writel(dwc->regs, DWC3_GUSB3PIPECTL(0), usb3_port);
+
+ usb2_port &= ~DWC3_GUSB2PHYCFG_PHYSOFTRST;
+ dwc3_writel(dwc->regs, DWC3_GUSB2PHYCFG(0), usb2_port);
+
+ /* Wait for clock synchronization */
+ msleep(50);
+ return 0;
+ }
+
reg = dwc3_readl(dwc->regs, DWC3_DCTL);
reg |= DWC3_DCTL_CSFTRST;
reg &= ~DWC3_DCTL_RUN_STOP;
^ permalink raw reply [flat|nested] 123+ messages in thread* [PATCH 5.15 052/102] usb: cdns3: Modify the return value of cdns_set_active () to void when CONFIG_PM_SLEEP is disabled
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (50 preceding siblings ...)
2023-10-16 8:40 ` [PATCH 5.15 051/102] usb: dwc3: Soft reset phy on probe for host Greg Kroah-Hartman
@ 2023-10-16 8:40 ` Greg Kroah-Hartman
2023-10-16 8:40 ` [PATCH 5.15 053/102] usb: musb: Get the musb_qh poniter after musb_giveback Greg Kroah-Hartman
` (58 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Pavel Machek, Xiaolei Wang,
Roger Quadros, Peter Chen
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Xiaolei Wang <xiaolei.wang@windriver.com>
commit 9f35d612da5592f1bf1cae44ec1e023df37bea12 upstream.
The return type of cdns_set_active () is inconsistent
depending on whether CONFIG_PM_SLEEP is enabled, so the
return value is modified to void type.
Reported-by: Pavel Machek <pavel@denx.de>
Closes: https://lore.kernel.org/all/ZP7lIKUzD68XA91j@duo.ucw.cz/
Fixes: 2319b9c87fe2 ("usb: cdns3: Put the cdns set active part outside the spin lock")
Cc: stable@vger.kernel.org
Signed-off-by: Xiaolei Wang <xiaolei.wang@windriver.com>
Reviewed-by: Pavel Machek <pavel@denx.de>
Reviewed-by: Roger Quadros <rogerq@kernel.org>
Acked-by: Peter Chen <peter.chen@kernel.org>
Link: https://lore.kernel.org/r/20230926075333.1791011-1-xiaolei.wang@windriver.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/cdns3/core.h | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--- a/drivers/usb/cdns3/core.h
+++ b/drivers/usb/cdns3/core.h
@@ -131,8 +131,7 @@ void cdns_set_active(struct cdns *cdns,
#else /* CONFIG_PM_SLEEP */
static inline int cdns_resume(struct cdns *cdns)
{ return 0; }
-static inline int cdns_set_active(struct cdns *cdns, u8 set_active)
-{ return 0; }
+static inline void cdns_set_active(struct cdns *cdns, u8 set_active) { }
static inline int cdns_suspend(struct cdns *cdns)
{ return 0; }
#endif /* CONFIG_PM_SLEEP */
^ permalink raw reply [flat|nested] 123+ messages in thread* [PATCH 5.15 053/102] usb: musb: Get the musb_qh poniter after musb_giveback
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (51 preceding siblings ...)
2023-10-16 8:40 ` [PATCH 5.15 052/102] usb: cdns3: Modify the return value of cdns_set_active () to void when CONFIG_PM_SLEEP is disabled Greg Kroah-Hartman
@ 2023-10-16 8:40 ` Greg Kroah-Hartman
2023-10-16 8:40 ` [PATCH 5.15 054/102] usb: musb: Modify the "HWVers" register address Greg Kroah-Hartman
` (57 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:40 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Xingxing Luo
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Xingxing Luo <xingxing.luo@unisoc.com>
commit 33d7e37232155aadebe4145dcc592f00dabd7a2b upstream.
When multiple threads are performing USB transmission, musb->lock will be
unlocked when musb_giveback is executed. At this time, qh may be released
in the dequeue process in other threads, resulting in a wild pointer, so
it needs to be here get qh again, and judge whether qh is NULL, and when
dequeue, you need to set qh to NULL.
Fixes: dbac5d07d13e ("usb: musb: host: don't start next rx urb if current one failed")
Cc: stable@vger.kernel.org
Signed-off-by: Xingxing Luo <xingxing.luo@unisoc.com>
Link: https://lore.kernel.org/r/20230919033055.14085-1-xingxing.luo@unisoc.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/musb/musb_host.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
--- a/drivers/usb/musb/musb_host.c
+++ b/drivers/usb/musb/musb_host.c
@@ -321,10 +321,16 @@ static void musb_advance_schedule(struct
musb_giveback(musb, urb, status);
qh->is_ready = ready;
+ /*
+ * musb->lock had been unlocked in musb_giveback, so qh may
+ * be freed, need to get it again
+ */
+ qh = musb_ep_get_qh(hw_ep, is_in);
+
/* reclaim resources (and bandwidth) ASAP; deschedule it, and
* invalidate qh as soon as list_empty(&hep->urb_list)
*/
- if (list_empty(&qh->hep->urb_list)) {
+ if (qh && list_empty(&qh->hep->urb_list)) {
struct list_head *head;
struct dma_controller *dma = musb->dma_controller;
@@ -2398,6 +2404,7 @@ static int musb_urb_dequeue(struct usb_h
* and its URB list has emptied, recycle this qh.
*/
if (ready && list_empty(&qh->hep->urb_list)) {
+ musb_ep_set_qh(qh->hw_ep, is_in, NULL);
qh->hep->hcpriv = NULL;
list_del(&qh->ring);
kfree(qh);
^ permalink raw reply [flat|nested] 123+ messages in thread* [PATCH 5.15 054/102] usb: musb: Modify the "HWVers" register address
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (52 preceding siblings ...)
2023-10-16 8:40 ` [PATCH 5.15 053/102] usb: musb: Get the musb_qh poniter after musb_giveback Greg Kroah-Hartman
@ 2023-10-16 8:40 ` Greg Kroah-Hartman
2023-10-16 8:40 ` [PATCH 5.15 055/102] iio: pressure: bmp280: Fix NULL pointer exception Greg Kroah-Hartman
` (56 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:40 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Xingxing Luo
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Xingxing Luo <xingxing.luo@unisoc.com>
commit 6658a62e1ddf726483cb2d8bf45ea3f9bd533074 upstream.
musb HWVers rgister address is not 0x69, if we operate the
wrong address 0x69, it will cause a kernel crash, because
there is no register corresponding to this address in the
additional control register of musb. In fact, HWVers has
been defined in musb_register.h, and the name is
"MUSB_HWVERS", so We need to use this macro instead of 0x69.
Fixes: c2365ce5d5a0 ("usb: musb: replace hard coded registers with defines")
Cc: stable@vger.kernel.org
Signed-off-by: Xingxing Luo <xingxing.luo@unisoc.com>
Link: https://lore.kernel.org/r/20230922075929.31074-1-xingxing.luo@unisoc.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/musb/musb_debugfs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/usb/musb/musb_debugfs.c
+++ b/drivers/usb/musb/musb_debugfs.c
@@ -39,7 +39,7 @@ static const struct musb_register_map mu
{ "IntrUsbE", MUSB_INTRUSBE, 8 },
{ "DevCtl", MUSB_DEVCTL, 8 },
{ "VControl", 0x68, 32 },
- { "HWVers", 0x69, 16 },
+ { "HWVers", MUSB_HWVERS, 16 },
{ "LinkInfo", MUSB_LINKINFO, 8 },
{ "VPLen", MUSB_VPLEN, 8 },
{ "HS_EOF1", MUSB_HS_EOF1, 8 },
^ permalink raw reply [flat|nested] 123+ messages in thread* [PATCH 5.15 055/102] iio: pressure: bmp280: Fix NULL pointer exception
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (53 preceding siblings ...)
2023-10-16 8:40 ` [PATCH 5.15 054/102] usb: musb: Modify the "HWVers" register address Greg Kroah-Hartman
@ 2023-10-16 8:40 ` Greg Kroah-Hartman
2023-10-16 8:40 ` [PATCH 5.15 056/102] iio: pressure: dps310: Adjust Timeout Settings Greg Kroah-Hartman
` (55 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Phil Elwell, Linus Walleij,
Jonathan Cameron
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Phil Elwell <phil@raspberrypi.com>
commit 85dfb43bf69281adb1f345dfd9a39faf2e5a718d upstream.
The bmp085 EOC IRQ support is optional, but the driver's common probe
function queries the IRQ properties whether or not it exists, which
can trigger a NULL pointer exception. Avoid any exception by making
the query conditional on the possession of a valid IRQ.
Fixes: aae953949651 ("iio: pressure: bmp280: add support for BMP085 EOC interrupt")
Signed-off-by: Phil Elwell <phil@raspberrypi.com>
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Link: https://lore.kernel.org/r/20230811155829.51208-1-phil@raspberrypi.com
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iio/pressure/bmp280-core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/iio/pressure/bmp280-core.c
+++ b/drivers/iio/pressure/bmp280-core.c
@@ -1112,7 +1112,7 @@ int bmp280_common_probe(struct device *d
* however as it happens, the BMP085 shares the chip ID of BMP180
* so we look for an IRQ if we have that.
*/
- if (irq > 0 || (chip_id == BMP180_CHIP_ID)) {
+ if (irq > 0 && (chip_id == BMP180_CHIP_ID)) {
ret = bmp085_fetch_eoc_irq(dev, name, irq, data);
if (ret)
return ret;
^ permalink raw reply [flat|nested] 123+ messages in thread* [PATCH 5.15 056/102] iio: pressure: dps310: Adjust Timeout Settings
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (54 preceding siblings ...)
2023-10-16 8:40 ` [PATCH 5.15 055/102] iio: pressure: bmp280: Fix NULL pointer exception Greg Kroah-Hartman
@ 2023-10-16 8:40 ` Greg Kroah-Hartman
2023-10-16 8:40 ` [PATCH 5.15 057/102] iio: pressure: ms5611: ms5611_prom_is_valid false negative bug Greg Kroah-Hartman
` (54 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Lakshmi Yadlapati, Stable,
Jonathan Cameron
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Lakshmi Yadlapati <lakshmiy@us.ibm.com>
commit 901a293fd96fb9bab843ba4cc7be3094a5aa7c94 upstream.
The DPS310 sensor chip has been encountering intermittent errors while
reading the sensor device across various system designs. This issue causes
the chip to become "stuck," preventing the indication of "ready" status
for pressure and temperature measurements in the MEAS_CFG register.
To address this issue, this commit fixes the timeout settings to improve
sensor stability:
- After sending a reset command to the chip, the timeout has been extended
from 2.5 ms to 15 ms, aligning with the DPS310 specification.
- The read timeout value of the MEAS_CFG register has been adjusted from
20ms to 30ms to match the specification.
Signed-off-by: Lakshmi Yadlapati <lakshmiy@us.ibm.com>
Fixes: 7b4ab4abcea4 ("iio: pressure: dps310: Reset chip after timeout")
Link: https://lore.kernel.org/r/20230829180222.3431926-2-lakshmiy@us.ibm.com
Cc: <Stable@vger.kernel.org>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iio/pressure/dps310.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/drivers/iio/pressure/dps310.c
+++ b/drivers/iio/pressure/dps310.c
@@ -57,8 +57,8 @@
#define DPS310_RESET_MAGIC 0x09
#define DPS310_COEF_BASE 0x10
-/* Make sure sleep time is <= 20ms for usleep_range */
-#define DPS310_POLL_SLEEP_US(t) min(20000, (t) / 8)
+/* Make sure sleep time is <= 30ms for usleep_range */
+#define DPS310_POLL_SLEEP_US(t) min(30000, (t) / 8)
/* Silently handle error in rate value here */
#define DPS310_POLL_TIMEOUT_US(rc) ((rc) <= 0 ? 1000000 : 1000000 / (rc))
@@ -402,8 +402,8 @@ static int dps310_reset_wait(struct dps3
if (rc)
return rc;
- /* Wait for device chip access: 2.5ms in specification */
- usleep_range(2500, 12000);
+ /* Wait for device chip access: 15ms in specification */
+ usleep_range(15000, 55000);
return 0;
}
^ permalink raw reply [flat|nested] 123+ messages in thread* [PATCH 5.15 057/102] iio: pressure: ms5611: ms5611_prom_is_valid false negative bug
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (55 preceding siblings ...)
2023-10-16 8:40 ` [PATCH 5.15 056/102] iio: pressure: dps310: Adjust Timeout Settings Greg Kroah-Hartman
@ 2023-10-16 8:40 ` Greg Kroah-Hartman
2023-10-16 8:40 ` [PATCH 5.15 058/102] drm/amdgpu: add missing NULL check Greg Kroah-Hartman
` (53 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Alexander Zangerl, Stable,
Jonathan Cameron
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alexander Zangerl <az@breathe-safe.com>
commit fd39d9668f2ce9f4b05ad55e8c8d80c098073e0b upstream.
The ms5611 driver falsely rejects lots of MS5607-02BA03-50 chips
with "PROM integrity check failed" because it doesn't accept a prom crc
value of zero as legitimate.
According to the datasheet for this chip (and the manufacturer's
application note about the PROM CRC), none of the possible values for the
CRC are excluded - but the current code in ms5611_prom_is_valid() ends with
return crc_orig != 0x0000 && crc == crc_orig
Discussed with the driver author (Tomasz Duszynski) and he indicated that
at that time (2015) he was dealing with some faulty chip samples which
returned blank data under some circumstances and/or followed example code
which indicated CRC zero being bad.
As far as I can tell this exception should not be applied anymore; We've
got a few hundred custom boards here with this chip where large numbers
of the prom have a legitimate CRC value 0, and do work fine, but which the
current driver code wrongly rejects.
Signed-off-by: Alexander Zangerl <az@breathe-safe.com>
Fixes: c0644160a8b5 ("iio: pressure: add support for MS5611 pressure and temperature sensor")
Link: https://lore.kernel.org/r/2535-1695168070.831792@Ze3y.dhYT.s3fx
Cc: <Stable@vger.kernel.org>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iio/pressure/ms5611_core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/iio/pressure/ms5611_core.c
+++ b/drivers/iio/pressure/ms5611_core.c
@@ -76,7 +76,7 @@ static bool ms5611_prom_is_valid(u16 *pr
crc = (crc >> 12) & 0x000F;
- return crc_orig != 0x0000 && crc == crc_orig;
+ return crc == crc_orig;
}
static int ms5611_read_prom(struct iio_dev *indio_dev)
^ permalink raw reply [flat|nested] 123+ messages in thread* [PATCH 5.15 058/102] drm/amdgpu: add missing NULL check
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (56 preceding siblings ...)
2023-10-16 8:40 ` [PATCH 5.15 057/102] iio: pressure: ms5611: ms5611_prom_is_valid false negative bug Greg Kroah-Hartman
@ 2023-10-16 8:40 ` Greg Kroah-Hartman
2023-10-16 8:40 ` [PATCH 5.15 059/102] drm/amd/display: Dont set dpms_off for seamless boot Greg Kroah-Hartman
` (52 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:40 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Christian König, Alex Deucher
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Christian König <christian.koenig@amd.com>
commit ff89f064dca38e2203790bf876cc7756b8ab2961 upstream.
bo->tbo.resource can easily be NULL here.
Link: https://gitlab.freedesktop.org/drm/amd/-/issues/2902
Signed-off-by: Christian König <christian.koenig@amd.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
CC: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/amdgpu/amdgpu_object.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_object.h
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_object.h
@@ -221,7 +221,7 @@ static inline bool amdgpu_bo_in_cpu_visi
struct amdgpu_device *adev = amdgpu_ttm_adev(bo->tbo.bdev);
struct amdgpu_res_cursor cursor;
- if (bo->tbo.resource->mem_type != TTM_PL_VRAM)
+ if (!bo->tbo.resource || bo->tbo.resource->mem_type != TTM_PL_VRAM)
return false;
amdgpu_res_first(bo->tbo.resource, 0, amdgpu_bo_size(bo), &cursor);
^ permalink raw reply [flat|nested] 123+ messages in thread* [PATCH 5.15 059/102] drm/amd/display: Dont set dpms_off for seamless boot
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (57 preceding siblings ...)
2023-10-16 8:40 ` [PATCH 5.15 058/102] drm/amdgpu: add missing NULL check Greg Kroah-Hartman
@ 2023-10-16 8:40 ` Greg Kroah-Hartman
2023-10-16 8:40 ` [PATCH 5.15 060/102] ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA Greg Kroah-Hartman
` (51 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Charlene Liu, Mario Limonciello,
Alex Deucher, Tom Chung, Daniel Miess, Daniel Wheeler
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Daniel Miess <daniel.miess@amd.com>
commit 23645bca98304a2772f0de96f97370dd567d0ae6 upstream.
[Why]
eDPs fail to light up with seamless boot enabled
[How]
When seamless boot is enabled don't configure dpms_off
in disable_vbios_mode_if_required.
Reviewed-by: Charlene Liu <charlene.liu@amd.com>
Cc: Mario Limonciello <mario.limonciello@amd.com>
Cc: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Acked-by: Tom Chung <chiahsuan.chung@amd.com>
Signed-off-by: Daniel Miess <daniel.miess@amd.com>
Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/display/dc/core/dc.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/gpu/drm/amd/display/dc/core/dc.c
+++ b/drivers/gpu/drm/amd/display/dc/core/dc.c
@@ -1023,6 +1023,9 @@ static void disable_vbios_mode_if_requir
if (stream == NULL)
continue;
+ if (stream->apply_seamless_boot_optimization)
+ continue;
+
// only looking for first odm pipe
if (pipe->prev_odm_pipe)
continue;
^ permalink raw reply [flat|nested] 123+ messages in thread* [PATCH 5.15 060/102] ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (58 preceding siblings ...)
2023-10-16 8:40 ` [PATCH 5.15 059/102] drm/amd/display: Dont set dpms_off for seamless boot Greg Kroah-Hartman
@ 2023-10-16 8:40 ` Greg Kroah-Hartman
2023-10-16 8:41 ` [PATCH 5.15 061/102] x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs Greg Kroah-Hartman
` (50 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:40 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Hans de Goede, Rafael J. Wysocki
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hans de Goede <hdegoede@redhat.com>
commit c1ed72171ed580fbf159e703b77685aa4b0d0df5 upstream.
Like various other ASUS ExpertBook-s, the ASUS ExpertBook B1402CBA
has an ACPI DSDT table that describes IRQ 1 as ActiveLow while
the kernel overrides it to EdgeHigh.
This prevents the keyboard from working. To fix this issue, add this laptop
to the skip_override_table so that the kernel does not override IRQ 1.
Closes: https://bugzilla.kernel.org/show_bug.cgi?id=217901
Cc: stable@vger.kernel.org
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/acpi/resource.c | 7 +++++++
1 file changed, 7 insertions(+)
--- a/drivers/acpi/resource.c
+++ b/drivers/acpi/resource.c
@@ -433,6 +433,13 @@ static const struct dmi_system_id lenovo
},
},
{
+ .ident = "Asus ExpertBook B1402CBA",
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."),
+ DMI_MATCH(DMI_BOARD_NAME, "B1402CBA"),
+ },
+ },
+ {
.ident = "LENOVO IdeaPad Flex 5 16ALC7",
.matches = {
DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"),
^ permalink raw reply [flat|nested] 123+ messages in thread* [PATCH 5.15 061/102] x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (59 preceding siblings ...)
2023-10-16 8:40 ` [PATCH 5.15 060/102] ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA Greg Kroah-Hartman
@ 2023-10-16 8:41 ` Greg Kroah-Hartman
2023-10-16 8:41 ` [PATCH 5.15 062/102] mcb: remove is_added flag from mcb_device struct Greg Kroah-Hartman
` (49 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, René Rebe,
Borislav Petkov (AMD), stable
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Borislav Petkov (AMD) <bp@alien8.de>
commit f454b18e07f518bcd0c05af17a2239138bff52de upstream.
Fix erratum #1485 on Zen4 parts where running with STIBP disabled can
cause an #UD exception. The performance impact of the fix is negligible.
Reported-by: René Rebe <rene@exactcode.de>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Tested-by: René Rebe <rene@exactcode.de>
Cc: <stable@kernel.org>
Link: https://lore.kernel.org/r/D99589F4-BC5D-430B-87B2-72C20370CF57@exactcode.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/include/asm/msr-index.h | 9 +++++++--
arch/x86/kernel/cpu/amd.c | 8 ++++++++
2 files changed, 15 insertions(+), 2 deletions(-)
--- a/arch/x86/include/asm/msr-index.h
+++ b/arch/x86/include/asm/msr-index.h
@@ -547,12 +547,17 @@
#define MSR_AMD64_VIRT_SPEC_CTRL 0xc001011f
-/* Fam 17h MSRs */
-#define MSR_F17H_IRPERF 0xc00000e9
+/* Zen4 */
+#define MSR_ZEN4_BP_CFG 0xc001102e
+#define MSR_ZEN4_BP_CFG_SHARED_BTB_FIX_BIT 5
+/* Zen 2 */
#define MSR_ZEN2_SPECTRAL_CHICKEN 0xc00110e3
#define MSR_ZEN2_SPECTRAL_CHICKEN_BIT BIT_ULL(1)
+/* Fam 17h MSRs */
+#define MSR_F17H_IRPERF 0xc00000e9
+
/* Fam 16h MSRs */
#define MSR_F16H_L2I_PERF_CTL 0xc0010230
#define MSR_F16H_L2I_PERF_CTR 0xc0010231
--- a/arch/x86/kernel/cpu/amd.c
+++ b/arch/x86/kernel/cpu/amd.c
@@ -80,6 +80,10 @@ static const int amd_div0[] =
AMD_LEGACY_ERRATUM(AMD_MODEL_RANGE(0x17, 0x00, 0x0, 0x2f, 0xf),
AMD_MODEL_RANGE(0x17, 0x50, 0x0, 0x5f, 0xf));
+static const int amd_erratum_1485[] =
+ AMD_LEGACY_ERRATUM(AMD_MODEL_RANGE(0x19, 0x10, 0x0, 0x1f, 0xf),
+ AMD_MODEL_RANGE(0x19, 0x60, 0x0, 0xaf, 0xf));
+
static bool cpu_has_amd_erratum(struct cpuinfo_x86 *cpu, const int *erratum)
{
int osvw_id = *erratum++;
@@ -1150,6 +1154,10 @@ static void init_amd(struct cpuinfo_x86
pr_notice_once("AMD Zen1 DIV0 bug detected. Disable SMT for full protection.\n");
setup_force_cpu_bug(X86_BUG_DIV0);
}
+
+ if (!cpu_has(c, X86_FEATURE_HYPERVISOR) &&
+ cpu_has_amd_erratum(c, amd_erratum_1485))
+ msr_set_bit(MSR_ZEN4_BP_CFG, MSR_ZEN4_BP_CFG_SHARED_BTB_FIX_BIT);
}
#ifdef CONFIG_X86_32
^ permalink raw reply [flat|nested] 123+ messages in thread* [PATCH 5.15 062/102] mcb: remove is_added flag from mcb_device struct
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (60 preceding siblings ...)
2023-10-16 8:41 ` [PATCH 5.15 061/102] x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs Greg Kroah-Hartman
@ 2023-10-16 8:41 ` Greg Kroah-Hartman
2023-10-16 8:41 ` [PATCH 5.15 063/102] thunderbolt: Workaround an IOMMU fault on certain systems with Intel Maple Ridge Greg Kroah-Hartman
` (48 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, stable, Jorge Sanjuan Garcia,
Jose Javier Rodriguez Barbarin
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jorge Sanjuan Garcia <jorge.sanjuangarcia@duagon.com>
commit 0f28ada1fbf0054557cddcdb93ad17f767105208 upstream.
When calling mcb_bus_add_devices(), both mcb devices and the mcb
bus will attempt to attach a device to a driver because they share
the same bus_type. This causes an issue when trying to cast the
container of the device to mcb_device struct using to_mcb_device(),
leading to a wrong cast when the mcb_bus is added. A crash occurs
when freing the ida resources as the bus numbering of mcb_bus gets
confused with the is_added flag on the mcb_device struct.
The only reason for this cast was to keep an is_added flag on the
mcb_device struct that does not seem necessary. The function
device_attach() handles already bound devices and the mcb subsystem
does nothing special with this is_added flag so remove it completely.
Fixes: 18d288198099 ("mcb: Correctly initialize the bus's device")
Cc: stable <stable@kernel.org>
Signed-off-by: Jorge Sanjuan Garcia <jorge.sanjuangarcia@duagon.com>
Co-developed-by: Jose Javier Rodriguez Barbarin <JoseJavier.Rodriguez@duagon.com>
Signed-off-by: Jose Javier Rodriguez Barbarin <JoseJavier.Rodriguez@duagon.com>
Link: https://lore.kernel.org/r/20230906114901.63174-2-JoseJavier.Rodriguez@duagon.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mcb/mcb-core.c | 10 +++-------
drivers/mcb/mcb-parse.c | 2 --
include/linux/mcb.h | 1 -
3 files changed, 3 insertions(+), 10 deletions(-)
--- a/drivers/mcb/mcb-core.c
+++ b/drivers/mcb/mcb-core.c
@@ -387,17 +387,13 @@ EXPORT_SYMBOL_NS_GPL(mcb_free_dev, MCB);
static int __mcb_bus_add_devices(struct device *dev, void *data)
{
- struct mcb_device *mdev = to_mcb_device(dev);
int retval;
- if (mdev->is_added)
- return 0;
-
retval = device_attach(dev);
- if (retval < 0)
+ if (retval < 0) {
dev_err(dev, "Error adding device (%d)\n", retval);
-
- mdev->is_added = true;
+ return retval;
+ }
return 0;
}
--- a/drivers/mcb/mcb-parse.c
+++ b/drivers/mcb/mcb-parse.c
@@ -99,8 +99,6 @@ static int chameleon_parse_gdd(struct mc
mdev->mem.end = mdev->mem.start + size - 1;
mdev->mem.flags = IORESOURCE_MEM;
- mdev->is_added = false;
-
ret = mcb_device_register(bus, mdev);
if (ret < 0)
goto err;
--- a/include/linux/mcb.h
+++ b/include/linux/mcb.h
@@ -63,7 +63,6 @@ static inline struct mcb_bus *to_mcb_bus
struct mcb_device {
struct device dev;
struct mcb_bus *bus;
- bool is_added;
struct mcb_driver *driver;
u16 id;
int inst;
^ permalink raw reply [flat|nested] 123+ messages in thread* [PATCH 5.15 063/102] thunderbolt: Workaround an IOMMU fault on certain systems with Intel Maple Ridge
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (61 preceding siblings ...)
2023-10-16 8:41 ` [PATCH 5.15 062/102] mcb: remove is_added flag from mcb_device struct Greg Kroah-Hartman
@ 2023-10-16 8:41 ` Greg Kroah-Hartman
2023-10-16 8:41 ` [PATCH 5.15 064/102] thunderbolt: Check that lane 1 is in CL0 before enabling lane bonding Greg Kroah-Hartman
` (47 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Werner Sembach, Konrad J Hambrick,
Calvin Walton, Mika Westerberg
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mika Westerberg <mika.westerberg@linux.intel.com>
commit 582620d9f6b352552bc9a3316fe2b1c3acd8742d upstream.
On some systems the IOMMU blocks the first couple of driver ready
messages to the connection manager firmware as can be seen in below
excerpts:
thunderbolt 0000:06:00.0: AMD-Vi: Event logged [IO_PAGE_FAULT domain=0x0010 address=0xbb0e3400 flags=0x0020]
or
DMAR: DRHD: handling fault status reg 2
DMAR: [DMA Write] Request device [04:00.0] PASID ffffffff fault addr 69974000 [fault reason 05] PTE Write access is not set
The reason is unknown and hard to debug because we were not able to
reproduce this locally. This only happens on certain systems with Intel
Maple Ridge Thunderbolt controller. If there is a device connected when
the driver is loaded the issue does not happen either. Only when there
is nothing connected (so typically when the system is booted up).
We can work this around by sending the driver ready several times. After
a couple of retries the message goes through and the controller works
just fine. For this reason make the number of retries a parameter for
icm_request() and then for Maple Ridge (and Titan Ridge as they us the
same function but this should not matter) increase number of retries
while shortening the timeout accordingly.
Reported-by: Werner Sembach <wse@tuxedocomputers.com>
Reported-by: Konrad J Hambrick <kjhambrick@gmail.com>
Reported-by: Calvin Walton <calvin.walton@kepstin.ca>
Closes: https://bugzilla.kernel.org/show_bug.cgi?id=214259
Cc: stable@vger.kernel.org
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/thunderbolt/icm.c | 40 ++++++++++++++++++++--------------------
1 file changed, 20 insertions(+), 20 deletions(-)
--- a/drivers/thunderbolt/icm.c
+++ b/drivers/thunderbolt/icm.c
@@ -41,6 +41,7 @@
#define PHY_PORT_CS1_LINK_STATE_SHIFT 26
#define ICM_TIMEOUT 5000 /* ms */
+#define ICM_RETRIES 3
#define ICM_APPROVE_TIMEOUT 10000 /* ms */
#define ICM_MAX_LINK 4
@@ -296,10 +297,9 @@ static bool icm_copy(struct tb_cfg_reque
static int icm_request(struct tb *tb, const void *request, size_t request_size,
void *response, size_t response_size, size_t npackets,
- unsigned int timeout_msec)
+ int retries, unsigned int timeout_msec)
{
struct icm *icm = tb_priv(tb);
- int retries = 3;
do {
struct tb_cfg_request *req;
@@ -410,7 +410,7 @@ static int icm_fr_get_route(struct tb *t
return -ENOMEM;
ret = icm_request(tb, &request, sizeof(request), switches,
- sizeof(*switches), npackets, ICM_TIMEOUT);
+ sizeof(*switches), npackets, ICM_RETRIES, ICM_TIMEOUT);
if (ret)
goto err_free;
@@ -463,7 +463,7 @@ icm_fr_driver_ready(struct tb *tb, enum
memset(&reply, 0, sizeof(reply));
ret = icm_request(tb, &request, sizeof(request), &reply, sizeof(reply),
- 1, ICM_TIMEOUT);
+ 1, ICM_RETRIES, ICM_TIMEOUT);
if (ret)
return ret;
@@ -488,7 +488,7 @@ static int icm_fr_approve_switch(struct
memset(&reply, 0, sizeof(reply));
/* Use larger timeout as establishing tunnels can take some time */
ret = icm_request(tb, &request, sizeof(request), &reply, sizeof(reply),
- 1, ICM_APPROVE_TIMEOUT);
+ 1, ICM_RETRIES, ICM_APPROVE_TIMEOUT);
if (ret)
return ret;
@@ -515,7 +515,7 @@ static int icm_fr_add_switch_key(struct
memset(&reply, 0, sizeof(reply));
ret = icm_request(tb, &request, sizeof(request), &reply, sizeof(reply),
- 1, ICM_TIMEOUT);
+ 1, ICM_RETRIES, ICM_TIMEOUT);
if (ret)
return ret;
@@ -543,7 +543,7 @@ static int icm_fr_challenge_switch_key(s
memset(&reply, 0, sizeof(reply));
ret = icm_request(tb, &request, sizeof(request), &reply, sizeof(reply),
- 1, ICM_TIMEOUT);
+ 1, ICM_RETRIES, ICM_TIMEOUT);
if (ret)
return ret;
@@ -577,7 +577,7 @@ static int icm_fr_approve_xdomain_paths(
memset(&reply, 0, sizeof(reply));
ret = icm_request(tb, &request, sizeof(request), &reply, sizeof(reply),
- 1, ICM_TIMEOUT);
+ 1, ICM_RETRIES, ICM_TIMEOUT);
if (ret)
return ret;
@@ -1022,7 +1022,7 @@ icm_tr_driver_ready(struct tb *tb, enum
memset(&reply, 0, sizeof(reply));
ret = icm_request(tb, &request, sizeof(request), &reply, sizeof(reply),
- 1, 20000);
+ 1, 10, 2000);
if (ret)
return ret;
@@ -1055,7 +1055,7 @@ static int icm_tr_approve_switch(struct
memset(&reply, 0, sizeof(reply));
ret = icm_request(tb, &request, sizeof(request), &reply, sizeof(reply),
- 1, ICM_APPROVE_TIMEOUT);
+ 1, ICM_RETRIES, ICM_APPROVE_TIMEOUT);
if (ret)
return ret;
@@ -1083,7 +1083,7 @@ static int icm_tr_add_switch_key(struct
memset(&reply, 0, sizeof(reply));
ret = icm_request(tb, &request, sizeof(request), &reply, sizeof(reply),
- 1, ICM_TIMEOUT);
+ 1, ICM_RETRIES, ICM_TIMEOUT);
if (ret)
return ret;
@@ -1112,7 +1112,7 @@ static int icm_tr_challenge_switch_key(s
memset(&reply, 0, sizeof(reply));
ret = icm_request(tb, &request, sizeof(request), &reply, sizeof(reply),
- 1, ICM_TIMEOUT);
+ 1, ICM_RETRIES, ICM_TIMEOUT);
if (ret)
return ret;
@@ -1146,7 +1146,7 @@ static int icm_tr_approve_xdomain_paths(
memset(&reply, 0, sizeof(reply));
ret = icm_request(tb, &request, sizeof(request), &reply, sizeof(reply),
- 1, ICM_TIMEOUT);
+ 1, ICM_RETRIES, ICM_TIMEOUT);
if (ret)
return ret;
@@ -1172,7 +1172,7 @@ static int icm_tr_xdomain_tear_down(stru
memset(&reply, 0, sizeof(reply));
ret = icm_request(tb, &request, sizeof(request), &reply, sizeof(reply),
- 1, ICM_TIMEOUT);
+ 1, ICM_RETRIES, ICM_TIMEOUT);
if (ret)
return ret;
@@ -1498,7 +1498,7 @@ icm_ar_driver_ready(struct tb *tb, enum
memset(&reply, 0, sizeof(reply));
ret = icm_request(tb, &request, sizeof(request), &reply, sizeof(reply),
- 1, ICM_TIMEOUT);
+ 1, ICM_RETRIES, ICM_TIMEOUT);
if (ret)
return ret;
@@ -1524,7 +1524,7 @@ static int icm_ar_get_route(struct tb *t
memset(&reply, 0, sizeof(reply));
ret = icm_request(tb, &request, sizeof(request), &reply, sizeof(reply),
- 1, ICM_TIMEOUT);
+ 1, ICM_RETRIES, ICM_TIMEOUT);
if (ret)
return ret;
@@ -1545,7 +1545,7 @@ static int icm_ar_get_boot_acl(struct tb
memset(&reply, 0, sizeof(reply));
ret = icm_request(tb, &request, sizeof(request), &reply, sizeof(reply),
- 1, ICM_TIMEOUT);
+ 1, ICM_RETRIES, ICM_TIMEOUT);
if (ret)
return ret;
@@ -1606,7 +1606,7 @@ static int icm_ar_set_boot_acl(struct tb
memset(&reply, 0, sizeof(reply));
ret = icm_request(tb, &request, sizeof(request), &reply, sizeof(reply),
- 1, ICM_TIMEOUT);
+ 1, ICM_RETRIES, ICM_TIMEOUT);
if (ret)
return ret;
@@ -1628,7 +1628,7 @@ icm_icl_driver_ready(struct tb *tb, enum
memset(&reply, 0, sizeof(reply));
ret = icm_request(tb, &request, sizeof(request), &reply, sizeof(reply),
- 1, 20000);
+ 1, ICM_RETRIES, 20000);
if (ret)
return ret;
@@ -2295,7 +2295,7 @@ static int icm_usb4_switch_op(struct tb_
memset(&reply, 0, sizeof(reply));
ret = icm_request(tb, &request, sizeof(request), &reply, sizeof(reply),
- 1, ICM_TIMEOUT);
+ 1, ICM_RETRIES, ICM_TIMEOUT);
if (ret)
return ret;
^ permalink raw reply [flat|nested] 123+ messages in thread* [PATCH 5.15 064/102] thunderbolt: Check that lane 1 is in CL0 before enabling lane bonding
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (62 preceding siblings ...)
2023-10-16 8:41 ` [PATCH 5.15 063/102] thunderbolt: Workaround an IOMMU fault on certain systems with Intel Maple Ridge Greg Kroah-Hartman
@ 2023-10-16 8:41 ` Greg Kroah-Hartman
2023-10-16 8:41 ` [PATCH 5.15 065/102] libceph: use kernel_connect() Greg Kroah-Hartman
` (46 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:41 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Marek Šanta, Mika Westerberg
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mika Westerberg <mika.westerberg@linux.intel.com>
commit a9fdf5f933a6f2b358fad0194b1287b67f6704b1 upstream.
Marek reported that when BlackMagic UltraStudio device is connected the
kernel repeatedly tries to enable lane bonding without success making
the device non-functional. It looks like the device does not have lane 1
connected at all so even though it is enabled we should not try to bond
the lanes. For this reason check that lane 1 is in fact CL0 (connected,
active) before attempting to bond the lanes.
Reported-by: Marek Šanta <teslan223@gmail.com>
Closes: https://bugzilla.kernel.org/show_bug.cgi?id=217737
Cc: stable@vger.kernel.org
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/thunderbolt/switch.c | 7 +++++++
1 file changed, 7 insertions(+)
--- a/drivers/thunderbolt/switch.c
+++ b/drivers/thunderbolt/switch.c
@@ -2552,6 +2552,13 @@ int tb_switch_lane_bonding_enable(struct
!tb_port_is_width_supported(down, 2))
return 0;
+ /*
+ * Both lanes need to be in CL0. Here we assume lane 0 already be in
+ * CL0 and check just for lane 1.
+ */
+ if (tb_wait_for_port(down->dual_link_port, false) <= 0)
+ return -ENOTCONN;
+
ret = tb_port_lane_bonding_enable(up);
if (ret) {
tb_port_warn(up, "failed to enable lane bonding\n");
^ permalink raw reply [flat|nested] 123+ messages in thread* [PATCH 5.15 065/102] libceph: use kernel_connect()
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (63 preceding siblings ...)
2023-10-16 8:41 ` [PATCH 5.15 064/102] thunderbolt: Check that lane 1 is in CL0 before enabling lane bonding Greg Kroah-Hartman
@ 2023-10-16 8:41 ` Greg Kroah-Hartman
2023-10-16 8:41 ` [PATCH 5.15 066/102] ceph: fix incorrect revoked caps assert in ceph_fill_file_size() Greg Kroah-Hartman
` (45 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:41 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Jordan Rife, Ilya Dryomov
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jordan Rife <jrife@google.com>
commit 7563cf17dce0a875ba3d872acdc63a78ea344019 upstream.
Direct calls to ops->connect() can overwrite the address parameter when
used in conjunction with BPF SOCK_ADDR hooks. Recent changes to
kernel_connect() ensure that callers are insulated from such side
effects. This patch wraps the direct call to ops->connect() with
kernel_connect() to prevent unexpected changes to the address passed to
ceph_tcp_connect().
This change was originally part of a larger patch targeting the net tree
addressing all instances of unprotected calls to ops->connect()
throughout the kernel, but this change was split up into several patches
targeting various trees.
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/netdev/20230821100007.559638-1-jrife@google.com/
Link: https://lore.kernel.org/netdev/9944248dba1bce861375fcce9de663934d933ba9.camel@redhat.com/
Fixes: d74bad4e74ee ("bpf: Hooks for sys_connect")
Signed-off-by: Jordan Rife <jrife@google.com>
Reviewed-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ceph/messenger.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/net/ceph/messenger.c
+++ b/net/ceph/messenger.c
@@ -454,8 +454,8 @@ int ceph_tcp_connect(struct ceph_connect
set_sock_callbacks(sock, con);
con_sock_state_connecting(con);
- ret = sock->ops->connect(sock, (struct sockaddr *)&ss, sizeof(ss),
- O_NONBLOCK);
+ ret = kernel_connect(sock, (struct sockaddr *)&ss, sizeof(ss),
+ O_NONBLOCK);
if (ret == -EINPROGRESS) {
dout("connect %s EINPROGRESS sk_state = %u\n",
ceph_pr_addr(&con->peer_addr),
^ permalink raw reply [flat|nested] 123+ messages in thread* [PATCH 5.15 066/102] ceph: fix incorrect revoked caps assert in ceph_fill_file_size()
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (64 preceding siblings ...)
2023-10-16 8:41 ` [PATCH 5.15 065/102] libceph: use kernel_connect() Greg Kroah-Hartman
@ 2023-10-16 8:41 ` Greg Kroah-Hartman
2023-10-16 8:41 ` [PATCH 5.15 067/102] ceph: fix type promotion bug on 32bit systems Greg Kroah-Hartman
` (44 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:41 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Xiubo Li, Milind Changire,
Ilya Dryomov
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Xiubo Li <xiubli@redhat.com>
commit 15c0a870dc44ed14e01efbdd319d232234ee639f upstream.
When truncating the inode the MDS will acquire the xlock for the
ifile Locker, which will revoke the 'Frwsxl' caps from the clients.
But when the client just releases and flushes the 'Fw' caps to MDS,
for exmaple, and once the MDS receives the caps flushing msg it
just thought the revocation has finished. Then the MDS will continue
truncating the inode and then issued the truncate notification to
all the clients. While just before the clients receives the cap
flushing ack they receive the truncation notification, the clients
will detecte that the 'issued | dirty' is still holding the 'Fw'
caps.
Cc: stable@vger.kernel.org
Link: https://tracker.ceph.com/issues/56693
Fixes: b0d7c2231015 ("ceph: introduce i_truncate_mutex")
Signed-off-by: Xiubo Li <xiubli@redhat.com>
Reviewed-by: Milind Changire <mchangir@redhat.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ceph/inode.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
--- a/fs/ceph/inode.c
+++ b/fs/ceph/inode.c
@@ -647,9 +647,7 @@ int ceph_fill_file_size(struct inode *in
ci->i_truncate_seq = truncate_seq;
/* the MDS should have revoked these caps */
- WARN_ON_ONCE(issued & (CEPH_CAP_FILE_EXCL |
- CEPH_CAP_FILE_RD |
- CEPH_CAP_FILE_WR |
+ WARN_ON_ONCE(issued & (CEPH_CAP_FILE_RD |
CEPH_CAP_FILE_LAZYIO));
/*
* If we hold relevant caps, or in the case where we're
^ permalink raw reply [flat|nested] 123+ messages in thread* [PATCH 5.15 067/102] ceph: fix type promotion bug on 32bit systems
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (65 preceding siblings ...)
2023-10-16 8:41 ` [PATCH 5.15 066/102] ceph: fix incorrect revoked caps assert in ceph_fill_file_size() Greg Kroah-Hartman
@ 2023-10-16 8:41 ` Greg Kroah-Hartman
2023-10-16 8:41 ` [PATCH 5.15 068/102] Input: powermate - fix use-after-free in powermate_config_complete Greg Kroah-Hartman
` (43 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:41 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Dan Carpenter, Xiubo Li,
Ilya Dryomov
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dan Carpenter <dan.carpenter@linaro.org>
commit 07bb00ef00ace88dd6f695fadbba76565756e55c upstream.
In this code "ret" is type long and "src_objlen" is unsigned int. The
problem is that on 32bit systems, when we do the comparison signed longs
are type promoted to unsigned int. So negative error codes from
do_splice_direct() are treated as success instead of failure.
Cc: stable@vger.kernel.org
Fixes: 1b0c3b9f91f0 ("ceph: re-org copy_file_range and fix some error paths")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Reviewed-by: Xiubo Li <xiubli@redhat.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ceph/file.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/ceph/file.c
+++ b/fs/ceph/file.c
@@ -2436,7 +2436,7 @@ static ssize_t __ceph_copy_file_range(st
ret = do_splice_direct(src_file, &src_off, dst_file,
&dst_off, src_objlen, flags);
/* Abort on short copies or on error */
- if (ret < src_objlen) {
+ if (ret < (long)src_objlen) {
dout("Failed partial copy (%zd)\n", ret);
goto out;
}
^ permalink raw reply [flat|nested] 123+ messages in thread* [PATCH 5.15 068/102] Input: powermate - fix use-after-free in powermate_config_complete
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (66 preceding siblings ...)
2023-10-16 8:41 ` [PATCH 5.15 067/102] ceph: fix type promotion bug on 32bit systems Greg Kroah-Hartman
@ 2023-10-16 8:41 ` Greg Kroah-Hartman
2023-10-16 8:41 ` [PATCH 5.15 069/102] Input: psmouse - fix fast_reconnect function for PS/2 mode Greg Kroah-Hartman
` (42 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Javier Carrasco,
syzbot+0434ac83f907a1dbdd1e, Dmitry Torokhov
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Javier Carrasco <javier.carrasco.cruz@gmail.com>
commit 5c15c60e7be615f05a45cd905093a54b11f461bc upstream.
syzbot has found a use-after-free bug [1] in the powermate driver. This
happens when the device is disconnected, which leads to a memory free from
the powermate_device struct. When an asynchronous control message
completes after the kfree and its callback is invoked, the lock does not
exist anymore and hence the bug.
Use usb_kill_urb() on pm->config to cancel any in-progress requests upon
device disconnection.
[1] https://syzkaller.appspot.com/bug?extid=0434ac83f907a1dbdd1e
Signed-off-by: Javier Carrasco <javier.carrasco.cruz@gmail.com>
Reported-by: syzbot+0434ac83f907a1dbdd1e@syzkaller.appspotmail.com
Link: https://lore.kernel.org/r/20230916-topic-powermate_use_after_free-v3-1-64412b81a7a2@gmail.com
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/input/misc/powermate.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/input/misc/powermate.c
+++ b/drivers/input/misc/powermate.c
@@ -425,6 +425,7 @@ static void powermate_disconnect(struct
pm->requires_update = 0;
usb_kill_urb(pm->irq);
input_unregister_device(pm->input);
+ usb_kill_urb(pm->config);
usb_free_urb(pm->irq);
usb_free_urb(pm->config);
powermate_free_buffers(interface_to_usbdev(intf), pm);
^ permalink raw reply [flat|nested] 123+ messages in thread* [PATCH 5.15 069/102] Input: psmouse - fix fast_reconnect function for PS/2 mode
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (67 preceding siblings ...)
2023-10-16 8:41 ` [PATCH 5.15 068/102] Input: powermate - fix use-after-free in powermate_config_complete Greg Kroah-Hartman
@ 2023-10-16 8:41 ` Greg Kroah-Hartman
2023-10-16 8:41 ` [PATCH 5.15 070/102] Input: xpad - add PXN V900 support Greg Kroah-Hartman
` (41 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Thorsten Leemhuis, Jeffery Miller,
Dmitry Torokhov
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jeffery Miller <jefferymiller@google.com>
commit e2cb5cc822b6c9ee72c56ce1d81671b22c05406a upstream.
When the SMBus connection is attempted psmouse_smbus_init() sets
the fast_reconnect pointer to psmouse_smbus_reconnecti(). If SMBus
initialization fails, elantech_setup_ps2() and synaptics_init_ps2() will
fallback to PS/2 mode, replacing the psmouse private data. This can cause
issues on resume, since psmouse_smbus_reconnect() expects to find an
instance of struct psmouse_smbus_dev in psmouse->private.
The issue was uncovered when in 92e24e0e57f7 ("Input: psmouse - add
delay when deactivating for SMBus mode") psmouse_smbus_reconnect()
started attempting to use more of the data structure. The commit was
since reverted, not because it was at fault, but because there was found
a better way of doing what it was attempting to do.
Fix the problem by resetting the fast_reconnect pointer in psmouse
structure in elantech_setup_ps2() and synaptics_init_ps2() when the PS/2
mode is used.
Reported-by: Thorsten Leemhuis <linux@leemhuis.info>
Tested-by: Thorsten Leemhuis <linux@leemhuis.info>
Signed-off-by: Jeffery Miller <jefferymiller@google.com>
Fixes: bf232e460a35 ("Input: psmouse-smbus - allow to control psmouse_deactivate")
Link: https://lore.kernel.org/r/20231005002249.554877-1-jefferymiller@google.com
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/input/mouse/elantech.c | 1 +
drivers/input/mouse/synaptics.c | 1 +
2 files changed, 2 insertions(+)
--- a/drivers/input/mouse/elantech.c
+++ b/drivers/input/mouse/elantech.c
@@ -2114,6 +2114,7 @@ static int elantech_setup_ps2(struct psm
psmouse->protocol_handler = elantech_process_byte;
psmouse->disconnect = elantech_disconnect;
psmouse->reconnect = elantech_reconnect;
+ psmouse->fast_reconnect = NULL;
psmouse->pktsize = info->hw_version > 1 ? 6 : 4;
return 0;
--- a/drivers/input/mouse/synaptics.c
+++ b/drivers/input/mouse/synaptics.c
@@ -1622,6 +1622,7 @@ static int synaptics_init_ps2(struct psm
psmouse->set_rate = synaptics_set_rate;
psmouse->disconnect = synaptics_disconnect;
psmouse->reconnect = synaptics_reconnect;
+ psmouse->fast_reconnect = NULL;
psmouse->cleanup = synaptics_reset;
/* Synaptics can usually stay in sync without extra help */
psmouse->resync_time = 0;
^ permalink raw reply [flat|nested] 123+ messages in thread* [PATCH 5.15 070/102] Input: xpad - add PXN V900 support
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (68 preceding siblings ...)
2023-10-16 8:41 ` [PATCH 5.15 069/102] Input: psmouse - fix fast_reconnect function for PS/2 mode Greg Kroah-Hartman
@ 2023-10-16 8:41 ` Greg Kroah-Hartman
2023-10-16 8:41 ` [PATCH 5.15 071/102] Input: i8042 - add Fujitsu Lifebook E5411 to i8042 quirk table Greg Kroah-Hartman
` (40 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:41 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Matthias Berndt, Dmitry Torokhov
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Matthias Berndt <matthias_berndt@gmx.de>
commit a65cd7ef5a864bdbbe037267c327786b7759d4c6 upstream.
Add VID and PID to the xpad_device table to allow driver to use the PXN
V900 steering wheel, which is XTYPE_XBOX360 compatible in xinput mode.
Signed-off-by: Matthias Berndt <matthias_berndt@gmx.de>
Link: https://lore.kernel.org/r/4932699.31r3eYUQgx@fedora
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/input/joystick/xpad.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/input/joystick/xpad.c
+++ b/drivers/input/joystick/xpad.c
@@ -254,6 +254,7 @@ static const struct xpad_device {
{ 0x1038, 0x1430, "SteelSeries Stratus Duo", 0, XTYPE_XBOX360 },
{ 0x1038, 0x1431, "SteelSeries Stratus Duo", 0, XTYPE_XBOX360 },
{ 0x11c9, 0x55f0, "Nacon GC-100XF", 0, XTYPE_XBOX360 },
+ { 0x11ff, 0x0511, "PXN V900", 0, XTYPE_XBOX360 },
{ 0x1209, 0x2882, "Ardwiino Controller", 0, XTYPE_XBOX360 },
{ 0x12ab, 0x0004, "Honey Bee Xbox360 dancepad", MAP_DPAD_TO_BUTTONS, XTYPE_XBOX360 },
{ 0x12ab, 0x0301, "PDP AFTERGLOW AX.1", 0, XTYPE_XBOX360 },
@@ -449,6 +450,7 @@ static const struct usb_device_id xpad_t
XPAD_XBOXONE_VENDOR(0x0f0d), /* Hori Controllers */
XPAD_XBOX360_VENDOR(0x1038), /* SteelSeries Controllers */
XPAD_XBOX360_VENDOR(0x11c9), /* Nacon GC100XF */
+ XPAD_XBOX360_VENDOR(0x11ff), /* PXN V900 */
XPAD_XBOX360_VENDOR(0x1209), /* Ardwiino Controllers */
XPAD_XBOX360_VENDOR(0x12ab), /* X-Box 360 dance pads */
XPAD_XBOX360_VENDOR(0x1430), /* RedOctane X-Box 360 controllers */
^ permalink raw reply [flat|nested] 123+ messages in thread* [PATCH 5.15 071/102] Input: i8042 - add Fujitsu Lifebook E5411 to i8042 quirk table
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (69 preceding siblings ...)
2023-10-16 8:41 ` [PATCH 5.15 070/102] Input: xpad - add PXN V900 support Greg Kroah-Hartman
@ 2023-10-16 8:41 ` Greg Kroah-Hartman
2023-10-16 8:41 ` [PATCH 5.15 072/102] Input: goodix - ensure int GPIO is in input for gpio_count == 1 && gpio_int_idx == 0 case Greg Kroah-Hartman
` (39 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:41 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Szilard Fabian, Dmitry Torokhov
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Szilard Fabian <szfabian@bluemarch.art>
commit 80f39e1c27ba9e5a1ea7e68e21c569c9d8e46062 upstream.
In the initial boot stage the integrated keyboard of Fujitsu Lifebook E5411
refuses to work and it's not possible to type for example a dm-crypt
passphrase without the help of an external keyboard.
i8042.nomux kernel parameter resolves this issue but using that a PS/2
mouse is detected. This input device is unused even when the i2c-hid-acpi
kernel module is blacklisted making the integrated ELAN touchpad
(04F3:308A) not working at all.
Since the integrated touchpad is managed by the i2c_designware input
driver in the Linux kernel and you can't find a PS/2 mouse port on the
computer I think it's safe to not use the PS/2 mouse port at all.
Signed-off-by: Szilard Fabian <szfabian@bluemarch.art>
Link: https://lore.kernel.org/r/20231004011749.101789-1-szfabian@bluemarch.art
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/input/serio/i8042-acpipnpio.h | 8 ++++++++
1 file changed, 8 insertions(+)
--- a/drivers/input/serio/i8042-acpipnpio.h
+++ b/drivers/input/serio/i8042-acpipnpio.h
@@ -610,6 +610,14 @@ static const struct dmi_system_id i8042_
.driver_data = (void *)(SERIO_QUIRK_NOMUX)
},
{
+ /* Fujitsu Lifebook E5411 */
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "FUJITSU CLIENT COMPUTING LIMITED"),
+ DMI_MATCH(DMI_PRODUCT_NAME, "LIFEBOOK E5411"),
+ },
+ .driver_data = (void *)(SERIO_QUIRK_NOAUX)
+ },
+ {
/* Gigabyte M912 */
.matches = {
DMI_MATCH(DMI_SYS_VENDOR, "GIGABYTE"),
^ permalink raw reply [flat|nested] 123+ messages in thread* [PATCH 5.15 072/102] Input: goodix - ensure int GPIO is in input for gpio_count == 1 && gpio_int_idx == 0 case
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (70 preceding siblings ...)
2023-10-16 8:41 ` [PATCH 5.15 071/102] Input: i8042 - add Fujitsu Lifebook E5411 to i8042 quirk table Greg Kroah-Hartman
@ 2023-10-16 8:41 ` Greg Kroah-Hartman
2023-10-16 8:41 ` [PATCH 5.15 073/102] tee: amdtee: fix use-after-free vulnerability in amdtee_close_session Greg Kroah-Hartman
` (38 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Hans de Goede, Dmitry Torokhov,
Michael Smith
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hans de Goede <hdegoede@redhat.com>
commit 423622a90abb243944d1517b9f57db53729e45c4 upstream.
Add a special case for gpio_count == 1 && gpio_int_idx == 0 to
goodix_add_acpi_gpio_mappings().
It seems that on newer x86/ACPI devices the reset and irq GPIOs are no
longer listed as GPIO resources instead there is only 1 GpioInt resource
and _PS0 does the whole reset sequence for us.
This means that we must call acpi_device_fix_up_power() on these devices
to ensure that the chip is reset before we try to use it.
This part was already fixed in commit 3de93e6ed2df ("Input: goodix - call
acpi_device_fix_up_power() in some cases") by adding a call to
acpi_device_fix_up_power() to the generic "Unexpected ACPI resources"
catch all.
But it turns out that this case on some hw needs some more special
handling. Specifically the firmware may bootup with the IRQ pin in
output mode. The reset sequence from ACPI _PS0 (executed by
acpi_device_fix_up_power()) should put the pin in input mode,
but the GPIO subsystem has cached the direction at bootup, causing
request_irq() to fail due to gpiochip_lock_as_irq() failure:
[ 9.119864] Goodix-TS i2c-GDIX1002:00: Unexpected ACPI resources: gpio_count 1, gpio_int_idx 0
[ 9.317443] Goodix-TS i2c-GDIX1002:00: ID 911, version: 1060
[ 9.321902] input: Goodix Capacitive TouchScreen as /devices/pci0000:00/0000:00:17.0/i2c_designware.4/i2c-5/i2c-GDIX1002:00/input/input8
[ 9.327840] gpio gpiochip0: (INT3453:00): gpiochip_lock_as_irq: tried to flag a GPIO set as output for IRQ
[ 9.327856] gpio gpiochip0: (INT3453:00): unable to lock HW IRQ 26 for IRQ
[ 9.327861] genirq: Failed to request resources for GDIX1002:00 (irq 131) on irqchip intel-gpio
[ 9.327912] Goodix-TS i2c-GDIX1002:00: request IRQ failed: -5
Fix this by adding a special case for gpio_count == 1 && gpio_int_idx == 0
which adds an ACPI GPIO lookup table for the int GPIO even though we cannot
use it for reset purposes (as there is no reset GPIO).
Adding the lookup will make the gpiod_int = gpiod_get(..., GPIOD_IN) call
succeed, which will explicitly set the direction to input fixing the issue.
Note this re-uses the acpi_goodix_int_first_gpios[] lookup table, since
there is only 1 GPIO in the ACPI resources the reset entry in that
lookup table will amount to a no-op.
Reported-and-tested-by: Michael Smith <1973.mjsmith@gmail.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Link: https://lore.kernel.org/r/20231003215144.69527-1-hdegoede@redhat.com
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/input/touchscreen/goodix.c | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
--- a/drivers/input/touchscreen/goodix.c
+++ b/drivers/input/touchscreen/goodix.c
@@ -786,6 +786,25 @@ static int goodix_add_acpi_gpio_mappings
dev_info(dev, "No ACPI GpioInt resource, assuming that the GPIO order is reset, int\n");
ts->irq_pin_access_method = IRQ_PIN_ACCESS_ACPI_GPIO;
gpio_mapping = acpi_goodix_int_last_gpios;
+ } else if (ts->gpio_count == 1 && ts->gpio_int_idx == 0) {
+ /*
+ * On newer devices there is only 1 GpioInt resource and _PS0
+ * does the whole reset sequence for us.
+ */
+ acpi_device_fix_up_power(ACPI_COMPANION(dev));
+
+ /*
+ * Before the _PS0 call the int GPIO may have been in output
+ * mode and the call should have put the int GPIO in input mode,
+ * but the GPIO subsys cached state may still think it is
+ * in output mode, causing gpiochip_lock_as_irq() failure.
+ *
+ * Add a mapping for the int GPIO to make the
+ * gpiod_int = gpiod_get(..., GPIOD_IN) call succeed,
+ * which will explicitly set the direction to input.
+ */
+ ts->irq_pin_access_method = IRQ_PIN_ACCESS_NONE;
+ gpio_mapping = acpi_goodix_int_first_gpios;
} else {
dev_warn(dev, "Unexpected ACPI resources: gpio_count %d, gpio_int_idx %d\n",
ts->gpio_count, ts->gpio_int_idx);
^ permalink raw reply [flat|nested] 123+ messages in thread* [PATCH 5.15 073/102] tee: amdtee: fix use-after-free vulnerability in amdtee_close_session
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (71 preceding siblings ...)
2023-10-16 8:41 ` [PATCH 5.15 072/102] Input: goodix - ensure int GPIO is in input for gpio_count == 1 && gpio_int_idx == 0 case Greg Kroah-Hartman
@ 2023-10-16 8:41 ` Greg Kroah-Hartman
2023-10-16 8:41 ` [PATCH 5.15 074/102] cgroup: Remove duplicates in cgroup v1 tasks file Greg Kroah-Hartman
` (37 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:41 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Rijo Thomas, Sumit Garg,
Jens Wiklander
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Rijo Thomas <Rijo-john.Thomas@amd.com>
commit f4384b3e54ea813868bb81a861bf5b2406e15d8f upstream.
There is a potential race condition in amdtee_close_session that may
cause use-after-free in amdtee_open_session. For instance, if a session
has refcount == 1, and one thread tries to free this session via:
kref_put(&sess->refcount, destroy_session);
the reference count will get decremented, and the next step would be to
call destroy_session(). However, if in another thread,
amdtee_open_session() is called before destroy_session() has completed
execution, alloc_session() may return 'sess' that will be freed up
later in destroy_session() leading to use-after-free in
amdtee_open_session.
To fix this issue, treat decrement of sess->refcount and removal of
'sess' from session list in destroy_session() as a critical section, so
that it is executed atomically.
Fixes: 757cc3e9ff1d ("tee: add AMD-TEE driver")
Cc: stable@vger.kernel.org
Signed-off-by: Rijo Thomas <Rijo-john.Thomas@amd.com>
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/tee/amdtee/core.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
--- a/drivers/tee/amdtee/core.c
+++ b/drivers/tee/amdtee/core.c
@@ -217,12 +217,12 @@ unlock:
return rc;
}
+/* mutex must be held by caller */
static void destroy_session(struct kref *ref)
{
struct amdtee_session *sess = container_of(ref, struct amdtee_session,
refcount);
- mutex_lock(&session_list_mutex);
list_del(&sess->list_node);
mutex_unlock(&session_list_mutex);
kfree(sess);
@@ -272,7 +272,8 @@ int amdtee_open_session(struct tee_conte
if (arg->ret != TEEC_SUCCESS) {
pr_err("open_session failed %d\n", arg->ret);
handle_unload_ta(ta_handle);
- kref_put(&sess->refcount, destroy_session);
+ kref_put_mutex(&sess->refcount, destroy_session,
+ &session_list_mutex);
goto out;
}
@@ -290,7 +291,8 @@ int amdtee_open_session(struct tee_conte
pr_err("reached maximum session count %d\n", TEE_NUM_SESSIONS);
handle_close_session(ta_handle, session_info);
handle_unload_ta(ta_handle);
- kref_put(&sess->refcount, destroy_session);
+ kref_put_mutex(&sess->refcount, destroy_session,
+ &session_list_mutex);
rc = -ENOMEM;
goto out;
}
@@ -331,7 +333,7 @@ int amdtee_close_session(struct tee_cont
handle_close_session(ta_handle, session_info);
handle_unload_ta(ta_handle);
- kref_put(&sess->refcount, destroy_session);
+ kref_put_mutex(&sess->refcount, destroy_session, &session_list_mutex);
return 0;
}
^ permalink raw reply [flat|nested] 123+ messages in thread* [PATCH 5.15 074/102] cgroup: Remove duplicates in cgroup v1 tasks file
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (72 preceding siblings ...)
2023-10-16 8:41 ` [PATCH 5.15 073/102] tee: amdtee: fix use-after-free vulnerability in amdtee_close_session Greg Kroah-Hartman
@ 2023-10-16 8:41 ` Greg Kroah-Hartman
2023-10-16 8:41 ` [PATCH 5.15 075/102] pinctrl: avoid unsafe code pattern in find_pinctrl() Greg Kroah-Hartman
` (36 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Firo Yang, Michal Koutný,
Tejun Heo
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michal Koutný <mkoutny@suse.com>
commit 1ca0b605150501b7dc59f3016271da4eb3e96fce upstream.
One PID may appear multiple times in a preloaded pidlist.
(Possibly due to PID recycling but we have reports of the same
task_struct appearing with different PIDs, thus possibly involving
transfer of PID via de_thread().)
Because v1 seq_file iterator uses PIDs as position, it leads to
a message:
> seq_file: buggy .next function kernfs_seq_next did not update position index
Conservative and quick fix consists of removing duplicates from `tasks`
file (as opposed to removing pidlists altogether). It doesn't affect
correctness (it's sufficient to show a PID once), performance impact
would be hidden by unconditional sorting of the pidlist already in place
(asymptotically).
Link: https://lore.kernel.org/r/20230823174804.23632-1-mkoutny@suse.com/
Suggested-by: Firo Yang <firo.yang@suse.com>
Signed-off-by: Michal Koutný <mkoutny@suse.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/cgroup/cgroup-v1.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
--- a/kernel/cgroup/cgroup-v1.c
+++ b/kernel/cgroup/cgroup-v1.c
@@ -365,10 +365,9 @@ static int pidlist_array_load(struct cgr
}
css_task_iter_end(&it);
length = n;
- /* now sort & (if procs) strip out duplicates */
+ /* now sort & strip out duplicates (tgids or recycled thread PIDs) */
sort(array, length, sizeof(pid_t), cmppid, NULL);
- if (type == CGROUP_FILE_PROCS)
- length = pidlist_uniq(array, length);
+ length = pidlist_uniq(array, length);
l = cgroup_pidlist_find_create(cgrp, type);
if (!l) {
^ permalink raw reply [flat|nested] 123+ messages in thread* [PATCH 5.15 075/102] pinctrl: avoid unsafe code pattern in find_pinctrl()
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (73 preceding siblings ...)
2023-10-16 8:41 ` [PATCH 5.15 074/102] cgroup: Remove duplicates in cgroup v1 tasks file Greg Kroah-Hartman
@ 2023-10-16 8:41 ` Greg Kroah-Hartman
2023-10-16 8:41 ` [PATCH 5.15 076/102] counter: microchip-tcb-capture: Fix the use of internal GCLK logic Greg Kroah-Hartman
` (35 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:41 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Dmitry Torokhov, Linus Walleij
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dmitry Torokhov <dmitry.torokhov@gmail.com>
commit c153a4edff6ab01370fcac8e46f9c89cca1060c2 upstream.
The code in find_pinctrl() takes a mutex and traverses a list of pinctrl
structures. Later the caller bumps up reference count on the found
structure. Such pattern is not safe as pinctrl that was found may get
deleted before the caller gets around to increasing the reference count.
Fix this by taking the reference count in find_pinctrl(), while it still
holds the mutex.
Cc: stable@vger.kernel.org
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Link: https://lore.kernel.org/r/ZQs1RgTKg6VJqmPs@google.com
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pinctrl/core.c | 16 +++++++++-------
1 file changed, 9 insertions(+), 7 deletions(-)
--- a/drivers/pinctrl/core.c
+++ b/drivers/pinctrl/core.c
@@ -1007,17 +1007,20 @@ static int add_setting(struct pinctrl *p
static struct pinctrl *find_pinctrl(struct device *dev)
{
- struct pinctrl *p;
+ struct pinctrl *entry, *p = NULL;
mutex_lock(&pinctrl_list_mutex);
- list_for_each_entry(p, &pinctrl_list, node)
- if (p->dev == dev) {
- mutex_unlock(&pinctrl_list_mutex);
- return p;
+
+ list_for_each_entry(entry, &pinctrl_list, node) {
+ if (entry->dev == dev) {
+ p = entry;
+ kref_get(&p->users);
+ break;
}
+ }
mutex_unlock(&pinctrl_list_mutex);
- return NULL;
+ return p;
}
static void pinctrl_free(struct pinctrl *p, bool inlist);
@@ -1126,7 +1129,6 @@ struct pinctrl *pinctrl_get(struct devic
p = find_pinctrl(dev);
if (p) {
dev_dbg(dev, "obtain a copy of previously claimed pinctrl\n");
- kref_get(&p->users);
return p;
}
^ permalink raw reply [flat|nested] 123+ messages in thread* [PATCH 5.15 076/102] counter: microchip-tcb-capture: Fix the use of internal GCLK logic
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (74 preceding siblings ...)
2023-10-16 8:41 ` [PATCH 5.15 075/102] pinctrl: avoid unsafe code pattern in find_pinctrl() Greg Kroah-Hartman
@ 2023-10-16 8:41 ` Greg Kroah-Hartman
2023-10-16 8:41 ` [PATCH 5.15 077/102] usb: gadget: udc-xilinx: replace memcpy with memcpy_toio Greg Kroah-Hartman
` (34 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dharma Balasubiramani,
William Breathitt Gray
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dharma Balasubiramani <dharma.b@microchip.com>
commit df8fdd01c98b99d04915c04f3a5ce73f55456b7c upstream.
As per the datasheet, the clock selection Bits 2:0 – TCCLKS[2:0] should
be set to 0 while using the internal GCLK (TIMER_CLOCK1).
Fixes: 106b104137fd ("counter: Add microchip TCB capture counter")
Signed-off-by: Dharma Balasubiramani <dharma.b@microchip.com>
Link: https://lore.kernel.org/r/20230905100835.315024-1-dharma.b@microchip.com
Signed-off-by: William Breathitt Gray <william.gray@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/counter/microchip-tcb-capture.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/counter/microchip-tcb-capture.c
+++ b/drivers/counter/microchip-tcb-capture.c
@@ -99,7 +99,7 @@ static int mchp_tc_count_function_write(
priv->qdec_mode = 0;
/* Set highest rate based on whether soc has gclk or not */
bmr &= ~(ATMEL_TC_QDEN | ATMEL_TC_POSEN);
- if (priv->tc_cfg->has_gclk)
+ if (!priv->tc_cfg->has_gclk)
cmr |= ATMEL_TC_TIMER_CLOCK2;
else
cmr |= ATMEL_TC_TIMER_CLOCK1;
^ permalink raw reply [flat|nested] 123+ messages in thread* [PATCH 5.15 077/102] usb: gadget: udc-xilinx: replace memcpy with memcpy_toio
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (75 preceding siblings ...)
2023-10-16 8:41 ` [PATCH 5.15 076/102] counter: microchip-tcb-capture: Fix the use of internal GCLK logic Greg Kroah-Hartman
@ 2023-10-16 8:41 ` Greg Kroah-Hartman
2023-10-16 8:41 ` [PATCH 5.15 078/102] usb: gadget: ncm: Handle decoding of multiple NTBs in unwrap call Greg Kroah-Hartman
` (33 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:41 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, kernel test robot, Piyush Mehta
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Piyush Mehta <piyush.mehta@amd.com>
commit 3061b6491f491197a35e14e49f805d661b02acd4 upstream.
For ARM processor, unaligned access to device memory is not allowed.
Method memcpy does not take care of alignment.
USB detection failure with the unalingned address of memory, with
below kernel crash. To fix the unalingned address kernel panic,
replace memcpy with memcpy_toio method.
Kernel crash:
Unable to handle kernel paging request at virtual address ffff80000c05008a
Mem abort info:
ESR = 0x96000061
EC = 0x25: DABT (current EL), IL = 32 bits
SET = 0, FnV = 0
EA = 0, S1PTW = 0
FSC = 0x21: alignment fault
Data abort info:
ISV = 0, ISS = 0x00000061
CM = 0, WnR = 1
swapper pgtable: 4k pages, 48-bit VAs, pgdp=000000000143b000
[ffff80000c05008a] pgd=100000087ffff003, p4d=100000087ffff003,
pud=100000087fffe003, pmd=1000000800bcc003, pte=00680000a0010713
Internal error: Oops: 96000061 [#1] SMP
Modules linked in:
CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.15.19-xilinx-v2022.1 #1
Hardware name: ZynqMP ZCU102 Rev1.0 (DT)
pstate: 200000c5 (nzCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __memcpy+0x30/0x260
lr : __xudc_ep0_queue+0xf0/0x110
sp : ffff800008003d00
x29: ffff800008003d00 x28: ffff800009474e80 x27: 00000000000000a0
x26: 0000000000000100 x25: 0000000000000012 x24: ffff000800bc8080
x23: 0000000000000001 x22: 0000000000000012 x21: ffff000800bc8080
x20: 0000000000000012 x19: ffff000800bc8080 x18: 0000000000000000
x17: ffff800876482000 x16: ffff800008004000 x15: 0000000000004000
x14: 00001f09785d0400 x13: 0103020101005567 x12: 0781400000000200
x11: 00000000c5672a10 x10: 00000000000008d0 x9 : ffff800009463cf0
x8 : ffff8000094757b0 x7 : 0201010055670781 x6 : 4000000002000112
x5 : ffff80000c05009a x4 : ffff000800a15012 x3 : ffff00080362ad80
x2 : 0000000000000012 x1 : ffff000800a15000 x0 : ffff80000c050088
Call trace:
__memcpy+0x30/0x260
xudc_ep0_queue+0x3c/0x60
usb_ep_queue+0x38/0x44
composite_ep0_queue.constprop.0+0x2c/0xc0
composite_setup+0x8d0/0x185c
configfs_composite_setup+0x74/0xb0
xudc_irq+0x570/0xa40
__handle_irq_event_percpu+0x58/0x170
handle_irq_event+0x60/0x120
handle_fasteoi_irq+0xc0/0x220
handle_domain_irq+0x60/0x90
gic_handle_irq+0x74/0xa0
call_on_irq_stack+0x2c/0x60
do_interrupt_handler+0x54/0x60
el1_interrupt+0x30/0x50
el1h_64_irq_handler+0x18/0x24
el1h_64_irq+0x78/0x7c
arch_cpu_idle+0x18/0x2c
do_idle+0xdc/0x15c
cpu_startup_entry+0x28/0x60
rest_init+0xc8/0xe0
arch_call_rest_init+0x10/0x1c
start_kernel+0x694/0x6d4
__primary_switched+0xa4/0xac
Fixes: 1f7c51660034 ("usb: gadget: Add xilinx usb2 device support")
Reported-by: kernel test robot <lkp@intel.com>
Closes: https://lore.kernel.org/all/202209020044.CX2PfZzM-lkp@intel.com/
Cc: stable@vger.kernel.org
Signed-off-by: Piyush Mehta <piyush.mehta@amd.com>
Link: https://lore.kernel.org/r/20230929121514.13475-1-piyush.mehta@amd.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/gadget/udc/udc-xilinx.c | 20 ++++++++++++--------
1 file changed, 12 insertions(+), 8 deletions(-)
--- a/drivers/usb/gadget/udc/udc-xilinx.c
+++ b/drivers/usb/gadget/udc/udc-xilinx.c
@@ -496,11 +496,13 @@ static int xudc_eptxrx(struct xusb_ep *e
/* Get the Buffer address and copy the transmit data.*/
eprambase = (u32 __force *)(udc->addr + ep->rambase);
if (ep->is_in) {
- memcpy(eprambase, bufferptr, bytestosend);
+ memcpy_toio((void __iomem *)eprambase, bufferptr,
+ bytestosend);
udc->write_fn(udc->addr, ep->offset +
XUSB_EP_BUF0COUNT_OFFSET, bufferlen);
} else {
- memcpy(bufferptr, eprambase, bytestosend);
+ memcpy_toio((void __iomem *)bufferptr, eprambase,
+ bytestosend);
}
/*
* Enable the buffer for transmission.
@@ -514,11 +516,13 @@ static int xudc_eptxrx(struct xusb_ep *e
eprambase = (u32 __force *)(udc->addr + ep->rambase +
ep->ep_usb.maxpacket);
if (ep->is_in) {
- memcpy(eprambase, bufferptr, bytestosend);
+ memcpy_toio((void __iomem *)eprambase, bufferptr,
+ bytestosend);
udc->write_fn(udc->addr, ep->offset +
XUSB_EP_BUF1COUNT_OFFSET, bufferlen);
} else {
- memcpy(bufferptr, eprambase, bytestosend);
+ memcpy_toio((void __iomem *)bufferptr, eprambase,
+ bytestosend);
}
/*
* Enable the buffer for transmission.
@@ -1020,7 +1024,7 @@ static int __xudc_ep0_queue(struct xusb_
udc->addr);
length = req->usb_req.actual = min_t(u32, length,
EP0_MAX_PACKET);
- memcpy(corebuf, req->usb_req.buf, length);
+ memcpy_toio((void __iomem *)corebuf, req->usb_req.buf, length);
udc->write_fn(udc->addr, XUSB_EP_BUF0COUNT_OFFSET, length);
udc->write_fn(udc->addr, XUSB_BUFFREADY_OFFSET, 1);
} else {
@@ -1746,7 +1750,7 @@ static void xudc_handle_setup(struct xus
/* Load up the chapter 9 command buffer.*/
ep0rambase = (u32 __force *) (udc->addr + XUSB_SETUP_PKT_ADDR_OFFSET);
- memcpy(&setup, ep0rambase, 8);
+ memcpy_toio((void __iomem *)&setup, ep0rambase, 8);
udc->setup = setup;
udc->setup.wValue = cpu_to_le16(setup.wValue);
@@ -1833,7 +1837,7 @@ static void xudc_ep0_out(struct xusb_udc
(ep0->rambase << 2));
buffer = req->usb_req.buf + req->usb_req.actual;
req->usb_req.actual = req->usb_req.actual + bytes_to_rx;
- memcpy(buffer, ep0rambase, bytes_to_rx);
+ memcpy_toio((void __iomem *)buffer, ep0rambase, bytes_to_rx);
if (req->usb_req.length == req->usb_req.actual) {
/* Data transfer completed get ready for Status stage */
@@ -1909,7 +1913,7 @@ static void xudc_ep0_in(struct xusb_udc
(ep0->rambase << 2));
buffer = req->usb_req.buf + req->usb_req.actual;
req->usb_req.actual = req->usb_req.actual + length;
- memcpy(ep0rambase, buffer, length);
+ memcpy_toio((void __iomem *)ep0rambase, buffer, length);
}
udc->write_fn(udc->addr, XUSB_EP_BUF0COUNT_OFFSET, count);
udc->write_fn(udc->addr, XUSB_BUFFREADY_OFFSET, 1);
^ permalink raw reply [flat|nested] 123+ messages in thread* [PATCH 5.15 078/102] usb: gadget: ncm: Handle decoding of multiple NTBs in unwrap call
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (76 preceding siblings ...)
2023-10-16 8:41 ` [PATCH 5.15 077/102] usb: gadget: udc-xilinx: replace memcpy with memcpy_toio Greg Kroah-Hartman
@ 2023-10-16 8:41 ` Greg Kroah-Hartman
2023-10-16 8:41 ` [PATCH 5.15 079/102] usb: cdnsp: Fixes issue with dequeuing not queued requests Greg Kroah-Hartman
` (32 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Krishna Kurapati,
Maciej Żenczykowski
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Krishna Kurapati <quic_kriskura@quicinc.com>
commit 427694cfaafa565a3db5c5ea71df6bc095dca92f upstream.
When NCM is used with hosts like Windows PC, it is observed that there are
multiple NTB's contained in one usb request giveback. Since the driver
unwraps the obtained request data assuming only one NTB is present, we
loose the subsequent NTB's present resulting in data loss.
Fix this by checking the parsed block length with the obtained data
length in usb request and continue parsing after the last byte of current
NTB.
Cc: stable@vger.kernel.org
Fixes: 9f6ce4240a2b ("usb: gadget: f_ncm.c added")
Signed-off-by: Krishna Kurapati <quic_kriskura@quicinc.com>
Reviewed-by: Maciej Żenczykowski <maze@google.com>
Link: https://lore.kernel.org/r/20230927105858.12950-1-quic_kriskura@quicinc.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/gadget/function/f_ncm.c | 26 +++++++++++++++++++-------
1 file changed, 19 insertions(+), 7 deletions(-)
--- a/drivers/usb/gadget/function/f_ncm.c
+++ b/drivers/usb/gadget/function/f_ncm.c
@@ -1175,7 +1175,8 @@ static int ncm_unwrap_ntb(struct gether
struct sk_buff_head *list)
{
struct f_ncm *ncm = func_to_ncm(&port->func);
- __le16 *tmp = (void *) skb->data;
+ unsigned char *ntb_ptr = skb->data;
+ __le16 *tmp;
unsigned index, index2;
int ndp_index;
unsigned dg_len, dg_len2;
@@ -1188,6 +1189,10 @@ static int ncm_unwrap_ntb(struct gether
const struct ndp_parser_opts *opts = ncm->parser_opts;
unsigned crc_len = ncm->is_crc ? sizeof(uint32_t) : 0;
int dgram_counter;
+ int to_process = skb->len;
+
+parse_ntb:
+ tmp = (__le16 *)ntb_ptr;
/* dwSignature */
if (get_unaligned_le32(tmp) != opts->nth_sign) {
@@ -1234,7 +1239,7 @@ static int ncm_unwrap_ntb(struct gether
* walk through NDP
* dwSignature
*/
- tmp = (void *)(skb->data + ndp_index);
+ tmp = (__le16 *)(ntb_ptr + ndp_index);
if (get_unaligned_le32(tmp) != ncm->ndp_sign) {
INFO(port->func.config->cdev, "Wrong NDP SIGN\n");
goto err;
@@ -1291,11 +1296,11 @@ static int ncm_unwrap_ntb(struct gether
if (ncm->is_crc) {
uint32_t crc, crc2;
- crc = get_unaligned_le32(skb->data +
+ crc = get_unaligned_le32(ntb_ptr +
index + dg_len -
crc_len);
crc2 = ~crc32_le(~0,
- skb->data + index,
+ ntb_ptr + index,
dg_len - crc_len);
if (crc != crc2) {
INFO(port->func.config->cdev,
@@ -1322,7 +1327,7 @@ static int ncm_unwrap_ntb(struct gether
dg_len - crc_len);
if (skb2 == NULL)
goto err;
- skb_put_data(skb2, skb->data + index,
+ skb_put_data(skb2, ntb_ptr + index,
dg_len - crc_len);
skb_queue_tail(list, skb2);
@@ -1335,10 +1340,17 @@ static int ncm_unwrap_ntb(struct gether
} while (ndp_len > 2 * (opts->dgram_item_len * 2));
} while (ndp_index);
- dev_consume_skb_any(skb);
-
VDBG(port->func.config->cdev,
"Parsed NTB with %d frames\n", dgram_counter);
+
+ to_process -= block_len;
+ if (to_process != 0) {
+ ntb_ptr = (unsigned char *)(ntb_ptr + block_len);
+ goto parse_ntb;
+ }
+
+ dev_consume_skb_any(skb);
+
return 0;
err:
skb_queue_purge(list);
^ permalink raw reply [flat|nested] 123+ messages in thread* [PATCH 5.15 079/102] usb: cdnsp: Fixes issue with dequeuing not queued requests
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (77 preceding siblings ...)
2023-10-16 8:41 ` [PATCH 5.15 078/102] usb: gadget: ncm: Handle decoding of multiple NTBs in unwrap call Greg Kroah-Hartman
@ 2023-10-16 8:41 ` Greg Kroah-Hartman
2023-10-16 8:41 ` [PATCH 5.15 080/102] x86/alternatives: Disable KASAN in apply_alternatives() Greg Kroah-Hartman
` (31 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:41 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Pawel Laszczak, Peter Chen
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Pawel Laszczak <pawell@cadence.com>
commit 34f08eb0ba6e4869bbfb682bf3d7d0494ffd2f87 upstream.
Gadget ACM while unloading module try to dequeue not queued usb
request which causes the kernel to crash.
Patch adds extra condition to check whether usb request is processed
by CDNSP driver.
cc: stable@vger.kernel.org
Fixes: 3d82904559f4 ("usb: cdnsp: cdns3 Add main part of Cadence USBSSP DRD Driver")
Signed-off-by: Pawel Laszczak <pawell@cadence.com>
Acked-by: Peter Chen <peter.chen@kernel.org>
Link: https://lore.kernel.org/r/20230713081429.326660-1-pawell@cadence.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/cdns3/cdnsp-gadget.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/usb/cdns3/cdnsp-gadget.c
+++ b/drivers/usb/cdns3/cdnsp-gadget.c
@@ -1125,6 +1125,9 @@ static int cdnsp_gadget_ep_dequeue(struc
unsigned long flags;
int ret;
+ if (request->status != -EINPROGRESS)
+ return 0;
+
if (!pep->endpoint.desc) {
dev_err(pdev->dev,
"%s: can't dequeue to disabled endpoint\n",
^ permalink raw reply [flat|nested] 123+ messages in thread* [PATCH 5.15 080/102] x86/alternatives: Disable KASAN in apply_alternatives()
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (78 preceding siblings ...)
2023-10-16 8:41 ` [PATCH 5.15 079/102] usb: cdnsp: Fixes issue with dequeuing not queued requests Greg Kroah-Hartman
@ 2023-10-16 8:41 ` Greg Kroah-Hartman
2023-10-16 8:41 ` [PATCH 5.15 081/102] dmaengine: idxd: use spin_lock_irqsave before wait_event_lock_irq Greg Kroah-Hartman
` (30 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Fei Yang, Kirill A. Shutemov,
Ingo Molnar, Peter Zijlstra (Intel), Linus Torvalds
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
commit d35652a5fc9944784f6f50a5c979518ff8dacf61 upstream.
Fei has reported that KASAN triggers during apply_alternatives() on
a 5-level paging machine:
BUG: KASAN: out-of-bounds in rcu_is_watching()
Read of size 4 at addr ff110003ee6419a0 by task swapper/0/0
...
__asan_load4()
rcu_is_watching()
trace_hardirqs_on()
text_poke_early()
apply_alternatives()
...
On machines with 5-level paging, cpu_feature_enabled(X86_FEATURE_LA57)
gets patched. It includes KASAN code, where KASAN_SHADOW_START depends on
__VIRTUAL_MASK_SHIFT, which is defined with cpu_feature_enabled().
KASAN gets confused when apply_alternatives() patches the
KASAN_SHADOW_START users. A test patch that makes KASAN_SHADOW_START
static, by replacing __VIRTUAL_MASK_SHIFT with 56, works around the issue.
Fix it for real by disabling KASAN while the kernel is patching alternatives.
[ mingo: updated the changelog ]
Fixes: 6657fca06e3f ("x86/mm: Allow to boot without LA57 if CONFIG_X86_5LEVEL=y")
Reported-by: Fei Yang <fei.yang@intel.com>
Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20231012100424.1456-1-kirill.shutemov@linux.intel.com
Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kernel/alternative.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
--- a/arch/x86/kernel/alternative.c
+++ b/arch/x86/kernel/alternative.c
@@ -269,6 +269,17 @@ void __init_or_module noinline apply_alt
u8 insn_buff[MAX_PATCH_LEN];
DPRINTK("alt table %px, -> %px", start, end);
+
+ /*
+ * In the case CONFIG_X86_5LEVEL=y, KASAN_SHADOW_START is defined using
+ * cpu_feature_enabled(X86_FEATURE_LA57) and is therefore patched here.
+ * During the process, KASAN becomes confused seeing partial LA57
+ * conversion and triggers a false-positive out-of-bound report.
+ *
+ * Disable KASAN until the patching is complete.
+ */
+ kasan_disable_current();
+
/*
* The scan order should be from start to end. A later scanned
* alternative code can overwrite previously scanned alternative code.
@@ -336,6 +347,8 @@ void __init_or_module noinline apply_alt
next:
optimize_nops(instr, a->instrlen);
}
+
+ kasan_enable_current();
}
#if defined(CONFIG_RETPOLINE) && defined(CONFIG_STACK_VALIDATION)
^ permalink raw reply [flat|nested] 123+ messages in thread* [PATCH 5.15 081/102] dmaengine: idxd: use spin_lock_irqsave before wait_event_lock_irq
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (79 preceding siblings ...)
2023-10-16 8:41 ` [PATCH 5.15 080/102] x86/alternatives: Disable KASAN in apply_alternatives() Greg Kroah-Hartman
@ 2023-10-16 8:41 ` Greg Kroah-Hartman
2023-10-16 8:41 ` [PATCH 5.15 082/102] dmaengine: mediatek: Fix deadlock caused by synchronize_irq() Greg Kroah-Hartman
` (29 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Rex Zhang, Lijun Pan, Dave Jiang,
Fenghua Yu, Vinod Koul, Sasha Levin
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Rex Zhang <rex.zhang@intel.com>
[ Upstream commit c0409dd3d151f661e7e57b901a81a02565df163c ]
In idxd_cmd_exec(), wait_event_lock_irq() explicitly calls
spin_unlock_irq()/spin_lock_irq(). If the interrupt is on before entering
wait_event_lock_irq(), it will become off status after
wait_event_lock_irq() is called. Later, wait_for_completion() may go to
sleep but irq is disabled. The scenario is warned in might_sleep().
Fix it by using spin_lock_irqsave() instead of the primitive spin_lock()
to save the irq status before entering wait_event_lock_irq() and using
spin_unlock_irqrestore() instead of the primitive spin_unlock() to restore
the irq status before entering wait_for_completion().
Before the change:
idxd_cmd_exec() {
interrupt is on
spin_lock() // interrupt is on
wait_event_lock_irq()
spin_unlock_irq() // interrupt is enabled
...
spin_lock_irq() // interrupt is disabled
spin_unlock() // interrupt is still disabled
wait_for_completion() // report "BUG: sleeping function
// called from invalid context...
// in_atomic() irqs_disabled()"
}
After applying spin_lock_irqsave():
idxd_cmd_exec() {
interrupt is on
spin_lock_irqsave() // save the on state
// interrupt is disabled
wait_event_lock_irq()
spin_unlock_irq() // interrupt is enabled
...
spin_lock_irq() // interrupt is disabled
spin_unlock_irqrestore() // interrupt is restored to on
wait_for_completion() // No Call trace
}
Fixes: f9f4082dbc56 ("dmaengine: idxd: remove interrupt disable for cmd_lock")
Signed-off-by: Rex Zhang <rex.zhang@intel.com>
Signed-off-by: Lijun Pan <lijun.pan@intel.com>
Reviewed-by: Dave Jiang <dave.jiang@intel.com>
Reviewed-by: Fenghua Yu <fenghua.yu@intel.com>
Link: https://lore.kernel.org/r/20230916060619.3744220-1-rex.zhang@intel.com
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/dma/idxd/device.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/dma/idxd/device.c b/drivers/dma/idxd/device.c
index 535f021911c55..f2cfefc505a8c 100644
--- a/drivers/dma/idxd/device.c
+++ b/drivers/dma/idxd/device.c
@@ -490,6 +490,7 @@ static void idxd_cmd_exec(struct idxd_device *idxd, int cmd_code, u32 operand,
union idxd_command_reg cmd;
DECLARE_COMPLETION_ONSTACK(done);
u32 stat;
+ unsigned long flags;
if (idxd_device_is_halted(idxd)) {
dev_warn(&idxd->pdev->dev, "Device is HALTED!\n");
@@ -503,7 +504,7 @@ static void idxd_cmd_exec(struct idxd_device *idxd, int cmd_code, u32 operand,
cmd.operand = operand;
cmd.int_req = 1;
- spin_lock(&idxd->cmd_lock);
+ spin_lock_irqsave(&idxd->cmd_lock, flags);
wait_event_lock_irq(idxd->cmd_waitq,
!test_bit(IDXD_FLAG_CMD_RUNNING, &idxd->flags),
idxd->cmd_lock);
@@ -520,7 +521,7 @@ static void idxd_cmd_exec(struct idxd_device *idxd, int cmd_code, u32 operand,
* After command submitted, release lock and go to sleep until
* the command completes via interrupt.
*/
- spin_unlock(&idxd->cmd_lock);
+ spin_unlock_irqrestore(&idxd->cmd_lock, flags);
wait_for_completion(&done);
stat = ioread32(idxd->reg_base + IDXD_CMDSTS_OFFSET);
spin_lock(&idxd->cmd_lock);
--
2.40.1
^ permalink raw reply related [flat|nested] 123+ messages in thread* [PATCH 5.15 082/102] dmaengine: mediatek: Fix deadlock caused by synchronize_irq()
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (80 preceding siblings ...)
2023-10-16 8:41 ` [PATCH 5.15 081/102] dmaengine: idxd: use spin_lock_irqsave before wait_event_lock_irq Greg Kroah-Hartman
@ 2023-10-16 8:41 ` Greg Kroah-Hartman
2023-10-16 8:41 ` [PATCH 5.15 083/102] powerpc/8xx: Fix pte_access_permitted() for PAGE_NONE Greg Kroah-Hartman
` (28 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Duoming Zhou, Eugen Hristev,
Vinod Koul, Sasha Levin
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Duoming Zhou <duoming@zju.edu.cn>
[ Upstream commit 01f1ae2733e2bb4de92fefcea5fda847d92aede1 ]
The synchronize_irq(c->irq) will not return until the IRQ handler
mtk_uart_apdma_irq_handler() is completed. If the synchronize_irq()
holds a spin_lock and waits the IRQ handler to complete, but the
IRQ handler also needs the same spin_lock. The deadlock will happen.
The process is shown below:
cpu0 cpu1
mtk_uart_apdma_device_pause() | mtk_uart_apdma_irq_handler()
spin_lock_irqsave() |
| spin_lock_irqsave()
//hold the lock to wait |
synchronize_irq() |
This patch reorders the synchronize_irq(c->irq) outside the spin_lock
in order to mitigate the bug.
Fixes: 9135408c3ace ("dmaengine: mediatek: Add MediaTek UART APDMA support")
Signed-off-by: Duoming Zhou <duoming@zju.edu.cn>
Reviewed-by: Eugen Hristev <eugen.hristev@collabora.com>
Link: https://lore.kernel.org/r/20230806032511.45263-1-duoming@zju.edu.cn
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/dma/mediatek/mtk-uart-apdma.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/dma/mediatek/mtk-uart-apdma.c b/drivers/dma/mediatek/mtk-uart-apdma.c
index a1517ef1f4a01..0acf6a92a4ad3 100644
--- a/drivers/dma/mediatek/mtk-uart-apdma.c
+++ b/drivers/dma/mediatek/mtk-uart-apdma.c
@@ -451,9 +451,8 @@ static int mtk_uart_apdma_device_pause(struct dma_chan *chan)
mtk_uart_apdma_write(c, VFF_EN, VFF_EN_CLR_B);
mtk_uart_apdma_write(c, VFF_INT_EN, VFF_INT_EN_CLR_B);
- synchronize_irq(c->irq);
-
spin_unlock_irqrestore(&c->vc.lock, flags);
+ synchronize_irq(c->irq);
return 0;
}
--
2.40.1
^ permalink raw reply related [flat|nested] 123+ messages in thread* [PATCH 5.15 083/102] powerpc/8xx: Fix pte_access_permitted() for PAGE_NONE
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (81 preceding siblings ...)
2023-10-16 8:41 ` [PATCH 5.15 082/102] dmaengine: mediatek: Fix deadlock caused by synchronize_irq() Greg Kroah-Hartman
@ 2023-10-16 8:41 ` Greg Kroah-Hartman
2023-10-16 8:41 ` [PATCH 5.15 084/102] powerpc/64e: Fix wrong test in __ptep_test_and_clear_young() Greg Kroah-Hartman
` (27 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christophe Leroy, Michael Ellerman,
Sasha Levin
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Christophe Leroy <christophe.leroy@csgroup.eu>
[ Upstream commit 5d9cea8a552ee122e21fbd5a3c5d4eb85f648e06 ]
On 8xx, PAGE_NONE is handled by setting _PAGE_NA instead of clearing
_PAGE_USER.
But then pte_user() returns 1 also for PAGE_NONE.
As _PAGE_NA prevent reads, add a specific version of pte_read()
that returns 0 when _PAGE_NA is set instead of always returning 1.
Fixes: 351750331fc1 ("powerpc/mm: Introduce _PAGE_NA")
Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://msgid.link/57bcfbe578e43123f9ed73e040229b80f1ad56ec.1695659959.git.christophe.leroy@csgroup.eu
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/include/asm/nohash/32/pte-8xx.h | 7 +++++++
arch/powerpc/include/asm/nohash/pgtable.h | 2 ++
2 files changed, 9 insertions(+)
diff --git a/arch/powerpc/include/asm/nohash/32/pte-8xx.h b/arch/powerpc/include/asm/nohash/32/pte-8xx.h
index 1a89ebdc3acc9..0238e6bd0d6c1 100644
--- a/arch/powerpc/include/asm/nohash/32/pte-8xx.h
+++ b/arch/powerpc/include/asm/nohash/32/pte-8xx.h
@@ -94,6 +94,13 @@ static inline pte_t pte_wrprotect(pte_t pte)
#define pte_wrprotect pte_wrprotect
+static inline int pte_read(pte_t pte)
+{
+ return (pte_val(pte) & _PAGE_RO) != _PAGE_NA;
+}
+
+#define pte_read pte_read
+
static inline int pte_write(pte_t pte)
{
return !(pte_val(pte) & _PAGE_RO);
diff --git a/arch/powerpc/include/asm/nohash/pgtable.h b/arch/powerpc/include/asm/nohash/pgtable.h
index ac75f4ab0dba1..7ad1d1b042a60 100644
--- a/arch/powerpc/include/asm/nohash/pgtable.h
+++ b/arch/powerpc/include/asm/nohash/pgtable.h
@@ -45,7 +45,9 @@ static inline int pte_write(pte_t pte)
return pte_val(pte) & _PAGE_RW;
}
#endif
+#ifndef pte_read
static inline int pte_read(pte_t pte) { return 1; }
+#endif
static inline int pte_dirty(pte_t pte) { return pte_val(pte) & _PAGE_DIRTY; }
static inline int pte_special(pte_t pte) { return pte_val(pte) & _PAGE_SPECIAL; }
static inline int pte_none(pte_t pte) { return (pte_val(pte) & ~_PTE_NONE_MASK) == 0; }
--
2.40.1
^ permalink raw reply related [flat|nested] 123+ messages in thread* [PATCH 5.15 084/102] powerpc/64e: Fix wrong test in __ptep_test_and_clear_young()
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (82 preceding siblings ...)
2023-10-16 8:41 ` [PATCH 5.15 083/102] powerpc/8xx: Fix pte_access_permitted() for PAGE_NONE Greg Kroah-Hartman
@ 2023-10-16 8:41 ` Greg Kroah-Hartman
2023-10-16 8:41 ` [PATCH 5.15 085/102] arm64: report EL1 UNDEFs better Greg Kroah-Hartman
` (26 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christophe Leroy, Michael Ellerman,
Sasha Levin
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Christophe Leroy <christophe.leroy@csgroup.eu>
[ Upstream commit 5ea0bbaa32e8f54e9a57cfee4a3b8769b80be0d2 ]
Commit 45201c879469 ("powerpc/nohash: Remove hash related code from
nohash headers.") replaced:
if ((pte_val(*ptep) & (_PAGE_ACCESSED | _PAGE_HASHPTE)) == 0)
return 0;
By:
if (pte_young(*ptep))
return 0;
But it should be:
if (!pte_young(*ptep))
return 0;
Fix it.
Fixes: 45201c879469 ("powerpc/nohash: Remove hash related code from nohash headers.")
Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://msgid.link/8bb7f06494e21adada724ede47a4c3d97e879d40.1695659959.git.christophe.leroy@csgroup.eu
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/include/asm/nohash/64/pgtable.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/powerpc/include/asm/nohash/64/pgtable.h b/arch/powerpc/include/asm/nohash/64/pgtable.h
index 2225991c69b55..6ad4714352c7a 100644
--- a/arch/powerpc/include/asm/nohash/64/pgtable.h
+++ b/arch/powerpc/include/asm/nohash/64/pgtable.h
@@ -209,7 +209,7 @@ static inline int __ptep_test_and_clear_young(struct mm_struct *mm,
{
unsigned long old;
- if (pte_young(*ptep))
+ if (!pte_young(*ptep))
return 0;
old = pte_update(mm, addr, ptep, _PAGE_ACCESSED, 0, 0);
return (old & _PAGE_ACCESSED) != 0;
--
2.40.1
^ permalink raw reply related [flat|nested] 123+ messages in thread* [PATCH 5.15 085/102] arm64: report EL1 UNDEFs better
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (83 preceding siblings ...)
2023-10-16 8:41 ` [PATCH 5.15 084/102] powerpc/64e: Fix wrong test in __ptep_test_and_clear_young() Greg Kroah-Hartman
@ 2023-10-16 8:41 ` Greg Kroah-Hartman
2023-10-16 8:41 ` [PATCH 5.15 086/102] arm64: die(): pass err as long Greg Kroah-Hartman
` (25 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, ruanjinjie, Mark Rutland, Mark Brown,
Alexandru Elisei, Amit Daniel Kachhap, James Morse, Will Deacon,
Anshuman Khandual, Catalin Marinas
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mark Rutland <mark.rutland@arm.com>
commit b502c87d2a26c349acbc231ff2acd6f17147926b upstream.
If an UNDEFINED exception is taken from EL1, and do_undefinstr() doesn't
find any suitable undef_hook, it will call:
BUG_ON(!user_mode(regs))
... and the kernel will report a failure witin do_undefinstr() rather
than reporting the original context that the UNDEFINED exception was
taken from. The pt_regs and ESR value reported within the BUG() handler
will be from within do_undefinstr() and the code dump will be for the
BRK in BUG_ON(), which isn't sufficient to debug the cause of the
original exception.
This patch makes the reporting better by having do_undefinstr() call
die() directly in this case to report the original context from which
the UNDEFINED exception was taken.
Prior to this patch, an undefined instruction is reported as:
| kernel BUG at arch/arm64/kernel/traps.c:497!
| Internal error: Oops - BUG: 0 [#1] PREEMPT SMP
| Modules linked in:
| CPU: 0 PID: 0 Comm: swapper Not tainted 5.19.0-rc3-00127-geff044f1b04e-dirty #3
| Hardware name: linux,dummy-virt (DT)
| pstate: 000000c5 (nzcv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
| pc : do_undefinstr+0x28c/0x2ac
| lr : do_undefinstr+0x298/0x2ac
| sp : ffff800009f63bc0
| x29: ffff800009f63bc0 x28: ffff800009f73c00 x27: ffff800009644a70
| x26: ffff8000096778a8 x25: 0000000000000040 x24: 0000000000000000
| x23: 00000000800000c5 x22: ffff800009894060 x21: ffff800009f63d90
| x20: 0000000000000000 x19: ffff800009f63c40 x18: 0000000000000006
| x17: 0000000000403000 x16: 00000000bfbfd000 x15: ffff800009f63830
| x14: ffffffffffffffff x13: 0000000000000000 x12: 0000000000000019
| x11: 0101010101010101 x10: 0000000000161b98 x9 : 0000000000000000
| x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000
| x5 : ffff800009f761d0 x4 : 0000000000000000 x3 : ffff80000a2b80f8
| x2 : 0000000000000000 x1 : ffff800009f73c00 x0 : 00000000800000c5
| Call trace:
| do_undefinstr+0x28c/0x2ac
| el1_undef+0x2c/0x4c
| el1h_64_sync_handler+0x84/0xd0
| el1h_64_sync+0x64/0x68
| setup_arch+0x550/0x598
| start_kernel+0x88/0x6ac
| __primary_switched+0xb8/0xc0
| Code: 17ffff95 a9425bf5 17ffffb8 a9025bf5 (d4210000)
With this patch applied, an undefined instruction is reported as:
| Internal error: Oops - Undefined instruction: 0 [#1] PREEMPT SMP
| Modules linked in:
| CPU: 0 PID: 0 Comm: swapper Not tainted 5.19.0-rc3-00128-gf27cfcc80e52-dirty #5
| Hardware name: linux,dummy-virt (DT)
| pstate: 800000c5 (Nzcv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
| pc : setup_arch+0x550/0x598
| lr : setup_arch+0x50c/0x598
| sp : ffff800009f63d90
| x29: ffff800009f63d90 x28: 0000000081000200 x27: ffff800009644a70
| x26: ffff8000096778c8 x25: 0000000000000040 x24: 0000000000000000
| x23: 0000000000000100 x22: ffff800009f69a58 x21: ffff80000a2b80b8
| x20: 0000000000000000 x19: 0000000000000000 x18: 0000000000000006
| x17: 0000000000403000 x16: 00000000bfbfd000 x15: ffff800009f63830
| x14: ffffffffffffffff x13: 0000000000000000 x12: 0000000000000019
| x11: 0101010101010101 x10: 0000000000161b98 x9 : 0000000000000000
| x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000
| x5 : 0000000000000008 x4 : 0000000000000010 x3 : 0000000000000000
| x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000
| Call trace:
| setup_arch+0x550/0x598
| start_kernel+0x88/0x6ac
| __primary_switched+0xb8/0xc0
| Code: b4000080 90ffed80 912ac000 97db745f (00000000)
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Reviewed-by: Mark Brown <broonie@kernel.org>
Cc: Alexandru Elisei <alexandru.elisei@arm.com>
Cc: Amit Daniel Kachhap <amit.kachhap@arm.com>
Cc: James Morse <james.morse@arm.com>
Cc: Will Deacon <will@kernel.org>
Reviewed-by: Anshuman Khandual <anshuman.khandual@arm.com>
Link: https://lore.kernel.org/r/20220913101732.3925290-2-mark.rutland@arm.com
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Jinjie Ruan <ruanjinjie@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/kernel/traps.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/arch/arm64/kernel/traps.c
+++ b/arch/arm64/kernel/traps.c
@@ -495,7 +495,9 @@ void do_undefinstr(struct pt_regs *regs)
if (call_undef_hook(regs) == 0)
return;
- BUG_ON(!user_mode(regs));
+ if (!user_mode(regs))
+ die("Oops - Undefined instruction", regs, 0);
+
force_signal_inject(SIGILL, ILL_ILLOPC, regs->pc, 0);
}
NOKPROBE_SYMBOL(do_undefinstr);
^ permalink raw reply [flat|nested] 123+ messages in thread* [PATCH 5.15 086/102] arm64: die(): pass err as long
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (84 preceding siblings ...)
2023-10-16 8:41 ` [PATCH 5.15 085/102] arm64: report EL1 UNDEFs better Greg Kroah-Hartman
@ 2023-10-16 8:41 ` Greg Kroah-Hartman
2023-10-16 8:41 ` [PATCH 5.15 087/102] arm64: consistently pass ESR_ELx to die() Greg Kroah-Hartman
` (24 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, ruanjinjie, Mark Rutland, Mark Brown,
Anshuman Khandual, Alexandru Elisei, Amit Daniel Kachhap,
James Morse, Will Deacon, Catalin Marinas
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mark Rutland <mark.rutland@arm.com>
commit 18906ff9af6517c20763ed63dab602a4150794f7 upstream.
Recently, we reworked a lot of code to consistentlt pass ESR_ELx as a
64-bit quantity. However, we missed that this can be passed into die()
and __die() as the 'err' parameter where it is truncated to a 32-bit
int.
As notify_die() already takes 'err' as a long, this patch changes die()
and __die() to also take 'err' as a long, ensuring that the full value
of ESR_ELx is retained.
At the same time, die() is updated to consistently log 'err' as a
zero-padded 64-bit quantity.
Subsequent patches will pass the ESR_ELx value to die() for a number of
exceptions.
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Reviewed-by: Mark Brown <broonie@kernel.org>
Reviewed-by: Anshuman Khandual <anshuman.khandual@arm.com>
Cc: Alexandru Elisei <alexandru.elisei@arm.com>
Cc: Amit Daniel Kachhap <amit.kachhap@arm.com>
Cc: James Morse <james.morse@arm.com>
Cc: Will Deacon <will@kernel.org>
Link: https://lore.kernel.org/r/20220913101732.3925290-3-mark.rutland@arm.com
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Jinjie Ruan <ruanjinjie@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/include/asm/system_misc.h | 2 +-
arch/arm64/kernel/traps.c | 6 +++---
2 files changed, 4 insertions(+), 4 deletions(-)
--- a/arch/arm64/include/asm/system_misc.h
+++ b/arch/arm64/include/asm/system_misc.h
@@ -18,7 +18,7 @@
struct pt_regs;
-void die(const char *msg, struct pt_regs *regs, int err);
+void die(const char *msg, struct pt_regs *regs, long err);
struct siginfo;
void arm64_notify_die(const char *str, struct pt_regs *regs,
--- a/arch/arm64/kernel/traps.c
+++ b/arch/arm64/kernel/traps.c
@@ -181,12 +181,12 @@ static void dump_kernel_instr(const char
#define S_SMP " SMP"
-static int __die(const char *str, int err, struct pt_regs *regs)
+static int __die(const char *str, long err, struct pt_regs *regs)
{
static int die_counter;
int ret;
- pr_emerg("Internal error: %s: %x [#%d]" S_PREEMPT S_SMP "\n",
+ pr_emerg("Internal error: %s: %016lx [#%d]" S_PREEMPT S_SMP "\n",
str, err, ++die_counter);
/* trap and error numbers are mostly meaningless on ARM */
@@ -207,7 +207,7 @@ static DEFINE_RAW_SPINLOCK(die_lock);
/*
* This function is protected against re-entrancy.
*/
-void die(const char *str, struct pt_regs *regs, int err)
+void die(const char *str, struct pt_regs *regs, long err)
{
int ret;
unsigned long flags;
^ permalink raw reply [flat|nested] 123+ messages in thread* [PATCH 5.15 087/102] arm64: consistently pass ESR_ELx to die()
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (85 preceding siblings ...)
2023-10-16 8:41 ` [PATCH 5.15 086/102] arm64: die(): pass err as long Greg Kroah-Hartman
@ 2023-10-16 8:41 ` Greg Kroah-Hartman
2023-10-16 8:41 ` [PATCH 5.15 088/102] arm64: rework FPAC exception handling Greg Kroah-Hartman
` (23 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, ruanjinjie, Mark Rutland, Mark Brown,
Alexandru Elisei, Amit Daniel Kachhap, James Morse, Will Deacon,
Anshuman Khandual, Catalin Marinas
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mark Rutland <mark.rutland@arm.com>
commit 0f2cb928a1547ae8f89e80a4b8df2c6c02ae5f96 upstream.
Currently, bug_handler() and kasan_handler() call die() with '0' as the
'err' value, whereas die_kernel_fault() passes the ESR_ELx value.
For consistency, this patch ensures we always pass the ESR_ELx value to
die(). As this is only called for exceptions taken from kernel mode,
there should be no user-visible change as a result of this patch.
For UNDEFINED exceptions, I've had to modify do_undefinstr() and its
callers to pass the ESR_ELx value. In all cases the ESR_ELx value had
already been read and was available.
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Cc: Mark Brown <broonie@kernel.org>
Cc: Alexandru Elisei <alexandru.elisei@arm.com>
Cc: Amit Daniel Kachhap <amit.kachhap@arm.com>
Cc: James Morse <james.morse@arm.com>
Cc: Will Deacon <will@kernel.org>
Reviewed-by: Anshuman Khandual <anshuman.khandual@arm.com>
Reviewed-by: Mark Brown <broonie@kernel.org>
Link: https://lore.kernel.org/r/20220913101732.3925290-4-mark.rutland@arm.com
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Jinjie Ruan <ruanjinjie@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/include/asm/exception.h | 2 +-
arch/arm64/kernel/entry-common.c | 14 +++++++-------
arch/arm64/kernel/traps.c | 14 +++++++-------
3 files changed, 15 insertions(+), 15 deletions(-)
--- a/arch/arm64/include/asm/exception.h
+++ b/arch/arm64/include/asm/exception.h
@@ -58,7 +58,7 @@ asmlinkage void call_on_irq_stack(struct
asmlinkage void asm_exit_to_user_mode(struct pt_regs *regs);
void do_mem_abort(unsigned long far, unsigned long esr, struct pt_regs *regs);
-void do_undefinstr(struct pt_regs *regs);
+void do_undefinstr(struct pt_regs *regs, unsigned long esr);
void do_bti(struct pt_regs *regs);
void do_debug_exception(unsigned long addr_if_watchpoint, unsigned long esr,
struct pt_regs *regs);
--- a/arch/arm64/kernel/entry-common.c
+++ b/arch/arm64/kernel/entry-common.c
@@ -371,11 +371,11 @@ static void noinstr el1_pc(struct pt_reg
exit_to_kernel_mode(regs);
}
-static void noinstr el1_undef(struct pt_regs *regs)
+static void noinstr el1_undef(struct pt_regs *regs, unsigned long esr)
{
enter_from_kernel_mode(regs);
local_daif_inherit(regs);
- do_undefinstr(regs);
+ do_undefinstr(regs, esr);
local_daif_mask();
exit_to_kernel_mode(regs);
}
@@ -417,7 +417,7 @@ asmlinkage void noinstr el1h_64_sync_han
break;
case ESR_ELx_EC_SYS64:
case ESR_ELx_EC_UNKNOWN:
- el1_undef(regs);
+ el1_undef(regs, esr);
break;
case ESR_ELx_EC_BREAKPT_CUR:
case ESR_ELx_EC_SOFTSTP_CUR:
@@ -554,11 +554,11 @@ static void noinstr el0_sp(struct pt_reg
exit_to_user_mode(regs);
}
-static void noinstr el0_undef(struct pt_regs *regs)
+static void noinstr el0_undef(struct pt_regs *regs, unsigned long esr)
{
enter_from_user_mode(regs);
local_daif_restore(DAIF_PROCCTX);
- do_undefinstr(regs);
+ do_undefinstr(regs, esr);
exit_to_user_mode(regs);
}
@@ -639,7 +639,7 @@ asmlinkage void noinstr el0t_64_sync_han
el0_pc(regs, esr);
break;
case ESR_ELx_EC_UNKNOWN:
- el0_undef(regs);
+ el0_undef(regs, esr);
break;
case ESR_ELx_EC_BTI:
el0_bti(regs);
@@ -755,7 +755,7 @@ asmlinkage void noinstr el0t_32_sync_han
case ESR_ELx_EC_CP14_MR:
case ESR_ELx_EC_CP14_LS:
case ESR_ELx_EC_CP14_64:
- el0_undef(regs);
+ el0_undef(regs, esr);
break;
case ESR_ELx_EC_CP15_32:
case ESR_ELx_EC_CP15_64:
--- a/arch/arm64/kernel/traps.c
+++ b/arch/arm64/kernel/traps.c
@@ -486,7 +486,7 @@ void arm64_notify_segfault(unsigned long
force_signal_inject(SIGSEGV, code, addr, 0);
}
-void do_undefinstr(struct pt_regs *regs)
+void do_undefinstr(struct pt_regs *regs, unsigned long esr)
{
/* check for AArch32 breakpoint instructions */
if (!aarch32_break_handler(regs))
@@ -496,7 +496,7 @@ void do_undefinstr(struct pt_regs *regs)
return;
if (!user_mode(regs))
- die("Oops - Undefined instruction", regs, 0);
+ die("Oops - Undefined instruction", regs, esr);
force_signal_inject(SIGILL, ILL_ILLOPC, regs->pc, 0);
}
@@ -755,7 +755,7 @@ void do_cp15instr(unsigned long esr, str
hook_base = cp15_64_hooks;
break;
default:
- do_undefinstr(regs);
+ do_undefinstr(regs, esr);
return;
}
@@ -770,7 +770,7 @@ void do_cp15instr(unsigned long esr, str
* EL0. Fall back to our usual undefined instruction handler
* so that we handle these consistently.
*/
- do_undefinstr(regs);
+ do_undefinstr(regs, esr);
}
NOKPROBE_SYMBOL(do_cp15instr);
#endif
@@ -790,7 +790,7 @@ void do_sysinstr(unsigned long esr, stru
* back to our usual undefined instruction handler so that we handle
* these consistently.
*/
- do_undefinstr(regs);
+ do_undefinstr(regs, esr);
}
NOKPROBE_SYMBOL(do_sysinstr);
@@ -966,7 +966,7 @@ static int bug_handler(struct pt_regs *r
{
switch (report_bug(regs->pc, regs)) {
case BUG_TRAP_TYPE_BUG:
- die("Oops - BUG", regs, 0);
+ die("Oops - BUG", regs, esr);
break;
case BUG_TRAP_TYPE_WARN:
@@ -1034,7 +1034,7 @@ static int kasan_handler(struct pt_regs
* This is something that might be fixed at some point in the future.
*/
if (!recover)
- die("Oops - KASAN", regs, 0);
+ die("Oops - KASAN", regs, esr);
/* If thread survives, skip over the brk instruction and continue: */
arm64_skip_faulting_instruction(regs, AARCH64_INSN_SIZE);
^ permalink raw reply [flat|nested] 123+ messages in thread* [PATCH 5.15 088/102] arm64: rework FPAC exception handling
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (86 preceding siblings ...)
2023-10-16 8:41 ` [PATCH 5.15 087/102] arm64: consistently pass ESR_ELx to die() Greg Kroah-Hartman
@ 2023-10-16 8:41 ` Greg Kroah-Hartman
2023-10-16 8:41 ` [PATCH 5.15 089/102] arm64: rework BTI " Greg Kroah-Hartman
` (22 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, ruanjinjie, Mark Rutland, Mark Brown,
Anshuman Khandual, Alexandru Elisei, Amit Daniel Kachhap,
James Morse, Will Deacon, Catalin Marinas
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mark Rutland <mark.rutland@arm.com>
commit a1fafa3b24a70461bbf3e5c0770893feb0a49292 upstream.
If an FPAC exception is taken from EL1, the entry code will call
do_ptrauth_fault(), where due to:
BUG_ON(!user_mode(regs))
... the kernel will report a problem within do_ptrauth_fault() rather
than reporting the original context the FPAC exception was taken from.
The pt_regs and ESR value reported will be from within
do_ptrauth_fault() and the code dump will be for the BRK in BUG_ON(),
which isn't sufficient to debug the cause of the original exception.
This patch makes the reporting better by having separate EL0 and EL1
FPAC exception handlers, with the latter calling die() directly to
report the original context the FPAC exception was taken from.
Note that we only need to prevent kprobes of the EL1 FPAC handler, since
the EL0 FPAC handler cannot be called recursively.
For consistency with do_el0_svc*(), I've named the split functions
do_el{0,1}_fpac() rather than do_el{0,1}_ptrauth_fault(). I've also
clarified the comment to not imply there are casues other than FPAC
exceptions.
Prior to this patch FPAC exceptions are reported as:
| kernel BUG at arch/arm64/kernel/traps.c:517!
| Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
| Modules linked in:
| CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.19.0-rc3-00130-g9c8a180a1cdf-dirty #12
| Hardware name: FVP Base RevC (DT)
| pstate: 00400009 (nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
| pc : do_ptrauth_fault+0x3c/0x40
| lr : el1_fpac+0x34/0x54
| sp : ffff80000a3bbc80
| x29: ffff80000a3bbc80 x28: ffff0008001d8000 x27: 0000000000000000
| x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000
| x23: 0000000020400009 x22: ffff800008f70fa4 x21: ffff80000a3bbe00
| x20: 0000000072000000 x19: ffff80000a3bbcb0 x18: fffffbfffda37000
| x17: 3120676e696d7573 x16: 7361202c6e6f6974 x15: 0000000081a90000
| x14: 0040000000000041 x13: 0040000000000001 x12: ffff000001a90000
| x11: fffffbfffda37480 x10: 0068000000000703 x9 : 0001000080000000
| x8 : 0000000000090000 x7 : 0068000000000f03 x6 : 0060000000000783
| x5 : ffff80000a3bbcb0 x4 : ffff0008001d8000 x3 : 0000000072000000
| x2 : 0000000000000000 x1 : 0000000020400009 x0 : ffff80000a3bbcb0
| Call trace:
| do_ptrauth_fault+0x3c/0x40
| el1h_64_sync_handler+0xc4/0xd0
| el1h_64_sync+0x64/0x68
| test_pac+0x8/0x10
| smp_init+0x7c/0x8c
| kernel_init_freeable+0x128/0x28c
| kernel_init+0x28/0x13c
| ret_from_fork+0x10/0x20
| Code: 97fffe5e a8c17bfd d50323bf d65f03c0 (d4210000)
With this patch applied FPAC exceptions are reported as:
| Internal error: Oops - FPAC: 0000000072000000 [#1] PREEMPT SMP
| Modules linked in:
| CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.19.0-rc3-00132-g78846e1c4757-dirty #11
| Hardware name: FVP Base RevC (DT)
| pstate: 20400009 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
| pc : test_pac+0x8/0x10
| lr : 0x0
| sp : ffff80000a3bbe00
| x29: ffff80000a3bbe00 x28: 0000000000000000 x27: 0000000000000000
| x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000
| x23: ffff80000a2c8000 x22: 0000000000000000 x21: 0000000000000000
| x20: ffff8000099fa5b0 x19: ffff80000a007000 x18: fffffbfffda37000
| x17: 3120676e696d7573 x16: 7361202c6e6f6974 x15: 0000000081a90000
| x14: 0040000000000041 x13: 0040000000000001 x12: ffff000001a90000
| x11: fffffbfffda37480 x10: 0068000000000703 x9 : 0001000080000000
| x8 : 0000000000090000 x7 : 0068000000000f03 x6 : 0060000000000783
| x5 : ffff80000a2c6000 x4 : ffff0008001d8000 x3 : ffff800009f88378
| x2 : 0000000000000000 x1 : 0000000080210000 x0 : ffff000001a90000
| Call trace:
| test_pac+0x8/0x10
| smp_init+0x7c/0x8c
| kernel_init_freeable+0x128/0x28c
| kernel_init+0x28/0x13c
| ret_from_fork+0x10/0x20
| Code: d50323bf d65f03c0 d503233f aa1f03fe (d50323bf)
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Reviewed-by: Mark Brown <broonie@kernel.org>
Reviewed-by: Anshuman Khandual <anshuman.khandual@arm.com>
Cc: Alexandru Elisei <alexandru.elisei@arm.com>
Cc: Amit Daniel Kachhap <amit.kachhap@arm.com>
Cc: James Morse <james.morse@arm.com>
Cc: Will Deacon <will@kernel.org>
Link: https://lore.kernel.org/r/20220913101732.3925290-5-mark.rutland@arm.com
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Jinjie Ruan <ruanjinjie@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/include/asm/exception.h | 3 ++-
arch/arm64/kernel/entry-common.c | 4 ++--
arch/arm64/kernel/traps.c | 16 ++++++++++------
3 files changed, 14 insertions(+), 9 deletions(-)
--- a/arch/arm64/include/asm/exception.h
+++ b/arch/arm64/include/asm/exception.h
@@ -71,7 +71,8 @@ void bad_el0_sync(struct pt_regs *regs,
void do_cp15instr(unsigned long esr, struct pt_regs *regs);
void do_el0_svc(struct pt_regs *regs);
void do_el0_svc_compat(struct pt_regs *regs);
-void do_ptrauth_fault(struct pt_regs *regs, unsigned long esr);
+void do_el0_fpac(struct pt_regs *regs, unsigned long esr);
+void do_el1_fpac(struct pt_regs *regs, unsigned long esr);
void do_serror(struct pt_regs *regs, unsigned long esr);
void do_notify_resume(struct pt_regs *regs, unsigned long thread_flags);
--- a/arch/arm64/kernel/entry-common.c
+++ b/arch/arm64/kernel/entry-common.c
@@ -394,7 +394,7 @@ static void noinstr el1_fpac(struct pt_r
{
enter_from_kernel_mode(regs);
local_daif_inherit(regs);
- do_ptrauth_fault(regs, esr);
+ do_el1_fpac(regs, esr);
local_daif_mask();
exit_to_kernel_mode(regs);
}
@@ -601,7 +601,7 @@ static void noinstr el0_fpac(struct pt_r
{
enter_from_user_mode(regs);
local_daif_restore(DAIF_PROCCTX);
- do_ptrauth_fault(regs, esr);
+ do_el0_fpac(regs, esr);
exit_to_user_mode(regs);
}
--- a/arch/arm64/kernel/traps.c
+++ b/arch/arm64/kernel/traps.c
@@ -509,16 +509,20 @@ void do_bti(struct pt_regs *regs)
}
NOKPROBE_SYMBOL(do_bti);
-void do_ptrauth_fault(struct pt_regs *regs, unsigned long esr)
+void do_el0_fpac(struct pt_regs *regs, unsigned long esr)
+{
+ force_signal_inject(SIGILL, ILL_ILLOPN, regs->pc, esr);
+}
+
+void do_el1_fpac(struct pt_regs *regs, unsigned long esr)
{
/*
- * Unexpected FPAC exception or pointer authentication failure in
- * the kernel: kill the task before it does any more harm.
+ * Unexpected FPAC exception in the kernel: kill the task before it
+ * does any more harm.
*/
- BUG_ON(!user_mode(regs));
- force_signal_inject(SIGILL, ILL_ILLOPN, regs->pc, esr);
+ die("Oops - FPAC", regs, esr);
}
-NOKPROBE_SYMBOL(do_ptrauth_fault);
+NOKPROBE_SYMBOL(do_el1_fpac);
#define __user_cache_maint(insn, address, res) \
if (address >= user_addr_max()) { \
^ permalink raw reply [flat|nested] 123+ messages in thread* [PATCH 5.15 089/102] arm64: rework BTI exception handling
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (87 preceding siblings ...)
2023-10-16 8:41 ` [PATCH 5.15 088/102] arm64: rework FPAC exception handling Greg Kroah-Hartman
@ 2023-10-16 8:41 ` Greg Kroah-Hartman
2023-10-16 8:41 ` [PATCH 5.15 090/102] arm64: allow kprobes on EL0 handlers Greg Kroah-Hartman
` (21 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, ruanjinjie, Mark Rutland, Mark Brown,
Anshuman Khandual, Alexandru Elisei, Amit Daniel Kachhap,
James Morse, Will Deacon, Catalin Marinas
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mark Rutland <mark.rutland@arm.com>
commit 830a2a4d853f2c4a1e4606aa03341b7f273b0e9b upstream.
If a BTI exception is taken from EL1, the entry code will treat this as
an unhandled exception and will panic() the kernel. This is inconsistent
with the way we handle FPAC exceptions, which have a dedicated handler
and only necessarily kill the thread from which the exception was taken
from, and we don't log all the information that could be relevant to
debug the issue.
The code in do_bti() has:
BUG_ON(!user_mode(regs));
... and it seems like the intent was to call this for EL1 BTI
exceptions, as with FPAC, but this was omitted due to an oversight.
This patch adds separate EL0 and EL1 BTI exception handlers, with the
latter calling die() directly to report the original context the BTI
exception was taken from. This matches our handling of FPAC exceptions.
Prior to this patch, a BTI failure is reported as:
| Unhandled 64-bit el1h sync exception on CPU0, ESR 0x0000000034000002 -- BTI
| CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.19.0-rc3-00131-g7d937ff0221d-dirty #9
| Hardware name: linux,dummy-virt (DT)
| pstate: 20400809 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=-c)
| pc : test_bti_callee+0x4/0x10
| lr : test_bti_caller+0x1c/0x28
| sp : ffff80000800bdf0
| x29: ffff80000800bdf0 x28: 0000000000000000 x27: 0000000000000000
| x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000
| x23: ffff80000a2b8000 x22: 0000000000000000 x21: 0000000000000000
| x20: ffff8000099fa5b0 x19: ffff800009ff7000 x18: fffffbfffda37000
| x17: 3120676e696d7573 x16: 7361202c6e6f6974 x15: 0000000041a90000
| x14: 0040000000000041 x13: 0040000000000001 x12: ffff000001a90000
| x11: fffffbfffda37480 x10: 0068000000000703 x9 : 0001000040000000
| x8 : 0000000000090000 x7 : 0068000000000f03 x6 : 0060000000000f83
| x5 : ffff80000a2b6000 x4 : ffff0000028d0000 x3 : ffff800009f78378
| x2 : 0000000000000000 x1 : 0000000040210000 x0 : ffff8000080257e4
| Kernel panic - not syncing: Unhandled exception
| CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.19.0-rc3-00131-g7d937ff0221d-dirty #9
| Hardware name: linux,dummy-virt (DT)
| Call trace:
| dump_backtrace.part.0+0xcc/0xe0
| show_stack+0x18/0x5c
| dump_stack_lvl+0x64/0x80
| dump_stack+0x18/0x34
| panic+0x170/0x360
| arm64_exit_nmi.isra.0+0x0/0x80
| el1h_64_sync_handler+0x64/0xd0
| el1h_64_sync+0x64/0x68
| test_bti_callee+0x4/0x10
| smp_cpus_done+0xb0/0xbc
| smp_init+0x7c/0x8c
| kernel_init_freeable+0x128/0x28c
| kernel_init+0x28/0x13c
| ret_from_fork+0x10/0x20
With this patch applied, a BTI failure is reported as:
| Internal error: Oops - BTI: 0000000034000002 [#1] PREEMPT SMP
| Modules linked in:
| CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.19.0-rc3-00132-g0ad98265d582-dirty #8
| Hardware name: linux,dummy-virt (DT)
| pstate: 20400809 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=-c)
| pc : test_bti_callee+0x4/0x10
| lr : test_bti_caller+0x1c/0x28
| sp : ffff80000800bdf0
| x29: ffff80000800bdf0 x28: 0000000000000000 x27: 0000000000000000
| x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000
| x23: ffff80000a2b8000 x22: 0000000000000000 x21: 0000000000000000
| x20: ffff8000099fa5b0 x19: ffff800009ff7000 x18: fffffbfffda37000
| x17: 3120676e696d7573 x16: 7361202c6e6f6974 x15: 0000000041a90000
| x14: 0040000000000041 x13: 0040000000000001 x12: ffff000001a90000
| x11: fffffbfffda37480 x10: 0068000000000703 x9 : 0001000040000000
| x8 : 0000000000090000 x7 : 0068000000000f03 x6 : 0060000000000f83
| x5 : ffff80000a2b6000 x4 : ffff0000028d0000 x3 : ffff800009f78378
| x2 : 0000000000000000 x1 : 0000000040210000 x0 : ffff800008025804
| Call trace:
| test_bti_callee+0x4/0x10
| smp_cpus_done+0xb0/0xbc
| smp_init+0x7c/0x8c
| kernel_init_freeable+0x128/0x28c
| kernel_init+0x28/0x13c
| ret_from_fork+0x10/0x20
| Code: d50323bf d53cd040 d65f03c0 d503233f (d50323bf)
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Reviewed-by: Mark Brown <broonie@kernel.org>
Reviewed-by: Anshuman Khandual <anshuman.khandual@arm.com>
Cc: Alexandru Elisei <alexandru.elisei@arm.com>
Cc: Amit Daniel Kachhap <amit.kachhap@arm.com>
Cc: James Morse <james.morse@arm.com>
Cc: Will Deacon <will@kernel.org>
Link: https://lore.kernel.org/r/20220913101732.3925290-6-mark.rutland@arm.com
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Jinjie Ruan <ruanjinjie@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/include/asm/exception.h | 3 ++-
arch/arm64/kernel/entry-common.c | 14 +++++++++++++-
arch/arm64/kernel/traps.c | 10 +++++++---
3 files changed, 22 insertions(+), 5 deletions(-)
--- a/arch/arm64/include/asm/exception.h
+++ b/arch/arm64/include/asm/exception.h
@@ -59,7 +59,8 @@ asmlinkage void asm_exit_to_user_mode(st
void do_mem_abort(unsigned long far, unsigned long esr, struct pt_regs *regs);
void do_undefinstr(struct pt_regs *regs, unsigned long esr);
-void do_bti(struct pt_regs *regs);
+void do_el0_bti(struct pt_regs *regs);
+void do_el1_bti(struct pt_regs *regs, unsigned long esr);
void do_debug_exception(unsigned long addr_if_watchpoint, unsigned long esr,
struct pt_regs *regs);
void do_fpsimd_acc(unsigned long esr, struct pt_regs *regs);
--- a/arch/arm64/kernel/entry-common.c
+++ b/arch/arm64/kernel/entry-common.c
@@ -380,6 +380,15 @@ static void noinstr el1_undef(struct pt_
exit_to_kernel_mode(regs);
}
+static void noinstr el1_bti(struct pt_regs *regs, unsigned long esr)
+{
+ enter_from_kernel_mode(regs);
+ local_daif_inherit(regs);
+ do_el1_bti(regs, esr);
+ local_daif_mask();
+ exit_to_kernel_mode(regs);
+}
+
static void noinstr el1_dbg(struct pt_regs *regs, unsigned long esr)
{
unsigned long far = read_sysreg(far_el1);
@@ -419,6 +428,9 @@ asmlinkage void noinstr el1h_64_sync_han
case ESR_ELx_EC_UNKNOWN:
el1_undef(regs, esr);
break;
+ case ESR_ELx_EC_BTI:
+ el1_bti(regs, esr);
+ break;
case ESR_ELx_EC_BREAKPT_CUR:
case ESR_ELx_EC_SOFTSTP_CUR:
case ESR_ELx_EC_WATCHPT_CUR:
@@ -566,7 +578,7 @@ static void noinstr el0_bti(struct pt_re
{
enter_from_user_mode(regs);
local_daif_restore(DAIF_PROCCTX);
- do_bti(regs);
+ do_el0_bti(regs);
exit_to_user_mode(regs);
}
--- a/arch/arm64/kernel/traps.c
+++ b/arch/arm64/kernel/traps.c
@@ -502,12 +502,16 @@ void do_undefinstr(struct pt_regs *regs,
}
NOKPROBE_SYMBOL(do_undefinstr);
-void do_bti(struct pt_regs *regs)
+void do_el0_bti(struct pt_regs *regs)
{
- BUG_ON(!user_mode(regs));
force_signal_inject(SIGILL, ILL_ILLOPC, regs->pc, 0);
}
-NOKPROBE_SYMBOL(do_bti);
+
+void do_el1_bti(struct pt_regs *regs, unsigned long esr)
+{
+ die("Oops - BTI", regs, esr);
+}
+NOKPROBE_SYMBOL(do_el1_bti);
void do_el0_fpac(struct pt_regs *regs, unsigned long esr)
{
^ permalink raw reply [flat|nested] 123+ messages in thread* [PATCH 5.15 090/102] arm64: allow kprobes on EL0 handlers
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (88 preceding siblings ...)
2023-10-16 8:41 ` [PATCH 5.15 089/102] arm64: rework BTI " Greg Kroah-Hartman
@ 2023-10-16 8:41 ` Greg Kroah-Hartman
2023-10-16 8:41 ` [PATCH 5.15 091/102] arm64: split EL0/EL1 UNDEF handlers Greg Kroah-Hartman
` (20 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, ruanjinjie, Mark Rutland,
Catalin Marinas, James Morse, Joey Gouly, Peter Zijlstra,
Will Deacon
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mark Rutland <mark.rutland@arm.com>
commit b3a0c010e900a9f89dcd99f10bd8f7538d21b0a9 upstream.
Currently do_sysinstr() and do_cp15instr() are marked with
NOKPROBE_SYMBOL(). However, these are only called for exceptions taken
from EL0, and there is no risk of recursion in kprobes, so this is not
necessary.
Remove the NOKPROBE_SYMBOL() annotation, and rename the two functions to
more clearly indicate that these are solely for exceptions taken from
EL0, better matching the names used by the lower level entry points in
entry-common.c.
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: James Morse <james.morse@arm.com>
Cc: Joey Gouly <joey.gouly@arm.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Will Deacon <will@kernel.org>
Link: https://lore.kernel.org/r/20221019144123.612388-2-mark.rutland@arm.com
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Jinjie Ruan <ruanjinjie@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/include/asm/exception.h | 4 ++--
arch/arm64/kernel/entry-common.c | 4 ++--
arch/arm64/kernel/traps.c | 6 ++----
3 files changed, 6 insertions(+), 8 deletions(-)
--- a/arch/arm64/include/asm/exception.h
+++ b/arch/arm64/include/asm/exception.h
@@ -66,10 +66,10 @@ void do_debug_exception(unsigned long ad
void do_fpsimd_acc(unsigned long esr, struct pt_regs *regs);
void do_sve_acc(unsigned long esr, struct pt_regs *regs);
void do_fpsimd_exc(unsigned long esr, struct pt_regs *regs);
-void do_sysinstr(unsigned long esr, struct pt_regs *regs);
+void do_el0_sys(unsigned long esr, struct pt_regs *regs);
void do_sp_pc_abort(unsigned long addr, unsigned long esr, struct pt_regs *regs);
void bad_el0_sync(struct pt_regs *regs, int reason, unsigned long esr);
-void do_cp15instr(unsigned long esr, struct pt_regs *regs);
+void do_el0_cp15(unsigned long esr, struct pt_regs *regs);
void do_el0_svc(struct pt_regs *regs);
void do_el0_svc_compat(struct pt_regs *regs);
void do_el0_fpac(struct pt_regs *regs, unsigned long esr);
--- a/arch/arm64/kernel/entry-common.c
+++ b/arch/arm64/kernel/entry-common.c
@@ -541,7 +541,7 @@ static void noinstr el0_sys(struct pt_re
{
enter_from_user_mode(regs);
local_daif_restore(DAIF_PROCCTX);
- do_sysinstr(esr, regs);
+ do_el0_sys(esr, regs);
exit_to_user_mode(regs);
}
@@ -728,7 +728,7 @@ static void noinstr el0_cp15(struct pt_r
{
enter_from_user_mode(regs);
local_daif_restore(DAIF_PROCCTX);
- do_cp15instr(esr, regs);
+ do_el0_cp15(esr, regs);
exit_to_user_mode(regs);
}
--- a/arch/arm64/kernel/traps.c
+++ b/arch/arm64/kernel/traps.c
@@ -742,7 +742,7 @@ static const struct sys64_hook cp15_64_h
{},
};
-void do_cp15instr(unsigned long esr, struct pt_regs *regs)
+void do_el0_cp15(unsigned long esr, struct pt_regs *regs)
{
const struct sys64_hook *hook, *hook_base;
@@ -780,10 +780,9 @@ void do_cp15instr(unsigned long esr, str
*/
do_undefinstr(regs, esr);
}
-NOKPROBE_SYMBOL(do_cp15instr);
#endif
-void do_sysinstr(unsigned long esr, struct pt_regs *regs)
+void do_el0_sys(unsigned long esr, struct pt_regs *regs)
{
const struct sys64_hook *hook;
@@ -800,7 +799,6 @@ void do_sysinstr(unsigned long esr, stru
*/
do_undefinstr(regs, esr);
}
-NOKPROBE_SYMBOL(do_sysinstr);
static const char *esr_class_str[] = {
[0 ... ESR_ELx_EC_MAX] = "UNRECOGNIZED EC",
^ permalink raw reply [flat|nested] 123+ messages in thread* [PATCH 5.15 091/102] arm64: split EL0/EL1 UNDEF handlers
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (89 preceding siblings ...)
2023-10-16 8:41 ` [PATCH 5.15 090/102] arm64: allow kprobes on EL0 handlers Greg Kroah-Hartman
@ 2023-10-16 8:41 ` Greg Kroah-Hartman
2023-10-16 8:41 ` [PATCH 5.15 092/102] arm64: factor out EL1 SSBS emulation hook Greg Kroah-Hartman
` (19 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, ruanjinjie, Mark Rutland,
Catalin Marinas, James Morse, Joey Gouly, Peter Zijlstra,
Will Deacon
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mark Rutland <mark.rutland@arm.com>
commit 61d64a376ea80f9097e7ea599bcd68671b836dc6 upstream.
In general, exceptions taken from EL1 need to be handled separately from
exceptions taken from EL0, as the logic to handle the two cases can be
significantly divergent, and exceptions taken from EL1 typically have
more stringent requirements on locking and instrumentation.
Subsequent patches will rework the way EL1 UNDEFs are handled in order
to address longstanding soundness issues with instrumentation and RCU.
In preparation for that rework, this patch splits the existing
do_undefinstr() handler into separate do_el0_undef() and do_el1_undef()
handlers.
Prior to this patch, do_undefinstr() was marked with NOKPROBE_SYMBOL(),
preventing instrumentation via kprobes. However, do_undefinstr() invokes
other code which can be instrumented, and:
* For UNDEFINED exceptions taken from EL0, there is no risk of recursion
within kprobes. Therefore it is safe for do_el0_undef to be
instrumented with kprobes, and it does not need to be marked with
NOKPROBE_SYMBOL().
* For UNDEFINED exceptions taken from EL1, either:
(a) The exception is has been taken when manipulating SSBS; these cases
are limited and do not occur within code that can be invoked
recursively via kprobes. Hence, in these cases instrumentation
with kprobes is benign.
(b) The exception has been taken for an unknown reason, as other than
manipulating SSBS we do not expect to take UNDEFINED exceptions
from EL1. Any handling of these exception is best-effort.
... and in either case, marking do_el1_undef() with NOKPROBE_SYMBOL()
isn't sufficient to prevent recursion via kprobes as functions it
calls (including die()) are instrumentable via kprobes.
Hence, it's not worthwhile to mark do_el1_undef() with
NOKPROBE_SYMBOL(). The same applies to do_el1_bti() and do_el1_fpac(),
so their NOKPROBE_SYMBOL() annotations are also removed.
Aside from the new instrumentability, there should be no functional
change as a result of this patch.
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: James Morse <james.morse@arm.com>
Cc: Joey Gouly <joey.gouly@arm.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Will Deacon <will@kernel.org>
Link: https://lore.kernel.org/r/20221019144123.612388-3-mark.rutland@arm.com
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Jinjie Ruan <ruanjinjie@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/include/asm/exception.h | 3 ++-
arch/arm64/kernel/entry-common.c | 4 ++--
arch/arm64/kernel/traps.c | 22 ++++++++++++----------
3 files changed, 16 insertions(+), 13 deletions(-)
--- a/arch/arm64/include/asm/exception.h
+++ b/arch/arm64/include/asm/exception.h
@@ -58,7 +58,8 @@ asmlinkage void call_on_irq_stack(struct
asmlinkage void asm_exit_to_user_mode(struct pt_regs *regs);
void do_mem_abort(unsigned long far, unsigned long esr, struct pt_regs *regs);
-void do_undefinstr(struct pt_regs *regs, unsigned long esr);
+void do_el0_undef(struct pt_regs *regs, unsigned long esr);
+void do_el1_undef(struct pt_regs *regs, unsigned long esr);
void do_el0_bti(struct pt_regs *regs);
void do_el1_bti(struct pt_regs *regs, unsigned long esr);
void do_debug_exception(unsigned long addr_if_watchpoint, unsigned long esr,
--- a/arch/arm64/kernel/entry-common.c
+++ b/arch/arm64/kernel/entry-common.c
@@ -375,7 +375,7 @@ static void noinstr el1_undef(struct pt_
{
enter_from_kernel_mode(regs);
local_daif_inherit(regs);
- do_undefinstr(regs, esr);
+ do_el1_undef(regs, esr);
local_daif_mask();
exit_to_kernel_mode(regs);
}
@@ -570,7 +570,7 @@ static void noinstr el0_undef(struct pt_
{
enter_from_user_mode(regs);
local_daif_restore(DAIF_PROCCTX);
- do_undefinstr(regs, esr);
+ do_el0_undef(regs, esr);
exit_to_user_mode(regs);
}
--- a/arch/arm64/kernel/traps.c
+++ b/arch/arm64/kernel/traps.c
@@ -486,7 +486,7 @@ void arm64_notify_segfault(unsigned long
force_signal_inject(SIGSEGV, code, addr, 0);
}
-void do_undefinstr(struct pt_regs *regs, unsigned long esr)
+void do_el0_undef(struct pt_regs *regs, unsigned long esr)
{
/* check for AArch32 breakpoint instructions */
if (!aarch32_break_handler(regs))
@@ -495,12 +495,16 @@ void do_undefinstr(struct pt_regs *regs,
if (call_undef_hook(regs) == 0)
return;
- if (!user_mode(regs))
- die("Oops - Undefined instruction", regs, esr);
-
force_signal_inject(SIGILL, ILL_ILLOPC, regs->pc, 0);
}
-NOKPROBE_SYMBOL(do_undefinstr);
+
+void do_el1_undef(struct pt_regs *regs, unsigned long esr)
+{
+ if (call_undef_hook(regs) == 0)
+ return;
+
+ die("Oops - Undefined instruction", regs, esr);
+}
void do_el0_bti(struct pt_regs *regs)
{
@@ -511,7 +515,6 @@ void do_el1_bti(struct pt_regs *regs, un
{
die("Oops - BTI", regs, esr);
}
-NOKPROBE_SYMBOL(do_el1_bti);
void do_el0_fpac(struct pt_regs *regs, unsigned long esr)
{
@@ -526,7 +529,6 @@ void do_el1_fpac(struct pt_regs *regs, u
*/
die("Oops - FPAC", regs, esr);
}
-NOKPROBE_SYMBOL(do_el1_fpac);
#define __user_cache_maint(insn, address, res) \
if (address >= user_addr_max()) { \
@@ -763,7 +765,7 @@ void do_el0_cp15(unsigned long esr, stru
hook_base = cp15_64_hooks;
break;
default:
- do_undefinstr(regs, esr);
+ do_el0_undef(regs, esr);
return;
}
@@ -778,7 +780,7 @@ void do_el0_cp15(unsigned long esr, stru
* EL0. Fall back to our usual undefined instruction handler
* so that we handle these consistently.
*/
- do_undefinstr(regs, esr);
+ do_el0_undef(regs, esr);
}
#endif
@@ -797,7 +799,7 @@ void do_el0_sys(unsigned long esr, struc
* back to our usual undefined instruction handler so that we handle
* these consistently.
*/
- do_undefinstr(regs, esr);
+ do_el0_undef(regs, esr);
}
static const char *esr_class_str[] = {
^ permalink raw reply [flat|nested] 123+ messages in thread* [PATCH 5.15 092/102] arm64: factor out EL1 SSBS emulation hook
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (90 preceding siblings ...)
2023-10-16 8:41 ` [PATCH 5.15 091/102] arm64: split EL0/EL1 UNDEF handlers Greg Kroah-Hartman
@ 2023-10-16 8:41 ` Greg Kroah-Hartman
2023-10-16 8:41 ` [PATCH 5.15 093/102] arm64: factor insn read out of call_undef_hook() Greg Kroah-Hartman
` (18 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, ruanjinjie, Mark Rutland,
Catalin Marinas, James Morse, Joey Gouly, Peter Zijlstra,
Will Deacon
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mark Rutland <mark.rutland@arm.com>
commit bff8f413c71ffc3cb679dbd9a5632b33af563f9f upstream.
Currently call_undef_hook() is used to handle UNDEFINED exceptions from
EL0 and EL1. As support for deprecated instructions may be enabled
independently, the handlers for individual instructions are organised as
a linked list of struct undef_hook which can be manipulated dynamically.
As this can be manipulated dynamically, the list is protected with a
raw_spinlock which must be acquired when handling UNDEFINED exceptions
or when manipulating the list of handlers.
This locking is unfortunate as it serialises handling of UNDEFINED
exceptions, and requires RCU to be enabled for lockdep, requiring the
use of RCU_NONIDLE() in resume path of cpu_suspend() since commit:
a2c42bbabbe260b7 ("arm64: spectre: Prevent lockdep splat on v4 mitigation enable path")
The list of UNDEFINED handlers largely consist of handlers for
exceptions taken from EL0, and the only handler for exceptions taken
from EL1 handles `MSR SSBS, #imm` on CPUs which feature PSTATE.SSBS but
lack the corresponding MSR (Immediate) instruction. Other than this we
never expect to take an UNDEFINED exception from EL1 in normal
operation.
This patch reworks do_el0_undef() to invoke the EL1 SSBS handler
directly, relegating call_undef_hook() to only handle EL0 UNDEFs. This
removes redundant work to iterate the list for EL1 UNDEFs, and removes
the need for locking, permitting EL1 UNDEFs to be handled in parallel
without contention.
The RCU_NONIDLE() call in cpu_suspend() will be removed in a subsequent
patch, as there are other potential issues with the use of
instrumentable code and RCU in the CPU suspend code.
I've tested this by forcing the detection of SSBS on a CPU that doesn't
have it, and verifying that the try_emulate_el1_ssbs() callback is
invoked.
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: James Morse <james.morse@arm.com>
Cc: Joey Gouly <joey.gouly@arm.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Will Deacon <will@kernel.org>
Link: https://lore.kernel.org/r/20221019144123.612388-4-mark.rutland@arm.com
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Jinjie Ruan <ruanjinjie@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/include/asm/spectre.h | 2 ++
arch/arm64/kernel/proton-pack.c | 26 +++++++-------------------
arch/arm64/kernel/traps.c | 15 ++++++++-------
3 files changed, 17 insertions(+), 26 deletions(-)
--- a/arch/arm64/include/asm/spectre.h
+++ b/arch/arm64/include/asm/spectre.h
@@ -26,6 +26,7 @@ enum mitigation_state {
SPECTRE_VULNERABLE,
};
+struct pt_regs;
struct task_struct;
/*
@@ -98,5 +99,6 @@ enum mitigation_state arm64_get_spectre_
bool is_spectre_bhb_affected(const struct arm64_cpu_capabilities *entry, int scope);
u8 spectre_bhb_loop_affected(int scope);
void spectre_bhb_enable_mitigation(const struct arm64_cpu_capabilities *__unused);
+bool try_emulate_el1_ssbs(struct pt_regs *regs, u32 instr);
#endif /* __ASSEMBLY__ */
#endif /* __ASM_SPECTRE_H */
--- a/arch/arm64/kernel/proton-pack.c
+++ b/arch/arm64/kernel/proton-pack.c
@@ -521,10 +521,13 @@ bool has_spectre_v4(const struct arm64_c
return state != SPECTRE_UNAFFECTED;
}
-static int ssbs_emulation_handler(struct pt_regs *regs, u32 instr)
+bool try_emulate_el1_ssbs(struct pt_regs *regs, u32 instr)
{
- if (user_mode(regs))
- return 1;
+ const u32 instr_mask = ~(1U << PSTATE_Imm_shift);
+ const u32 instr_val = 0xd500401f | PSTATE_SSBS;
+
+ if ((instr & instr_mask) != instr_val)
+ return false;
if (instr & BIT(PSTATE_Imm_shift))
regs->pstate |= PSR_SSBS_BIT;
@@ -532,19 +535,11 @@ static int ssbs_emulation_handler(struct
regs->pstate &= ~PSR_SSBS_BIT;
arm64_skip_faulting_instruction(regs, 4);
- return 0;
+ return true;
}
-static struct undef_hook ssbs_emulation_hook = {
- .instr_mask = ~(1U << PSTATE_Imm_shift),
- .instr_val = 0xd500401f | PSTATE_SSBS,
- .fn = ssbs_emulation_handler,
-};
-
static enum mitigation_state spectre_v4_enable_hw_mitigation(void)
{
- static bool undef_hook_registered = false;
- static DEFINE_RAW_SPINLOCK(hook_lock);
enum mitigation_state state;
/*
@@ -555,13 +550,6 @@ static enum mitigation_state spectre_v4_
if (state != SPECTRE_MITIGATED || !this_cpu_has_cap(ARM64_SSBS))
return state;
- raw_spin_lock(&hook_lock);
- if (!undef_hook_registered) {
- register_undef_hook(&ssbs_emulation_hook);
- undef_hook_registered = true;
- }
- raw_spin_unlock(&hook_lock);
-
if (spectre_v4_mitigations_off()) {
sysreg_clear_set(sctlr_el1, 0, SCTLR_ELx_DSSBS);
set_pstate_ssbs(1);
--- a/arch/arm64/kernel/traps.c
+++ b/arch/arm64/kernel/traps.c
@@ -402,12 +402,7 @@ static int call_undef_hook(struct pt_reg
int (*fn)(struct pt_regs *regs, u32 instr) = NULL;
void __user *pc = (void __user *)instruction_pointer(regs);
- if (!user_mode(regs)) {
- __le32 instr_le;
- if (get_kernel_nofault(instr_le, (__force __le32 *)pc))
- goto exit;
- instr = le32_to_cpu(instr_le);
- } else if (compat_thumb_mode(regs)) {
+ if (compat_thumb_mode(regs)) {
/* 16-bit Thumb instruction */
__le16 instr_le;
if (get_user(instr_le, (__le16 __user *)pc))
@@ -500,9 +495,15 @@ void do_el0_undef(struct pt_regs *regs,
void do_el1_undef(struct pt_regs *regs, unsigned long esr)
{
- if (call_undef_hook(regs) == 0)
+ u32 insn;
+
+ if (aarch64_insn_read((void *)regs->pc, &insn))
+ goto out_err;
+
+ if (try_emulate_el1_ssbs(regs, insn))
return;
+out_err:
die("Oops - Undefined instruction", regs, esr);
}
^ permalink raw reply [flat|nested] 123+ messages in thread* [PATCH 5.15 093/102] arm64: factor insn read out of call_undef_hook()
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (91 preceding siblings ...)
2023-10-16 8:41 ` [PATCH 5.15 092/102] arm64: factor out EL1 SSBS emulation hook Greg Kroah-Hartman
@ 2023-10-16 8:41 ` Greg Kroah-Hartman
2023-10-16 8:41 ` [PATCH 5.15 094/102] arm64: rework EL0 MRS emulation Greg Kroah-Hartman
` (17 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, ruanjinjie, Mark Rutland,
Catalin Marinas, James Morse, Joey Gouly, Peter Zijlstra,
Will Deacon
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mark Rutland <mark.rutland@arm.com>
commit dbfbd87efa79575491af0ba1a87bf567eaea6cae upstream.
Subsequent patches will rework EL0 UNDEF handling, removing the need for
struct undef_hook and call_undef_hook. In preparation for those changes,
this patch factors the logic for reading user instructions out of
call_undef_hook() and into a new user_insn_read() helper, matching the
style of the existing aarch64_insn_read() helper used for reading kernel
instructions.
There should be no functional change as a result of this patch.
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: James Morse <james.morse@arm.com>
Cc: Joey Gouly <joey.gouly@arm.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Will Deacon <will@kernel.org>
Link: https://lore.kernel.org/r/20221019144123.612388-5-mark.rutland@arm.com
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Jinjie Ruan <ruanjinjie@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/kernel/traps.c | 31 ++++++++++++++++++++++---------
1 file changed, 22 insertions(+), 9 deletions(-)
--- a/arch/arm64/kernel/traps.c
+++ b/arch/arm64/kernel/traps.c
@@ -394,25 +394,22 @@ void unregister_undef_hook(struct undef_
raw_spin_unlock_irqrestore(&undef_lock, flags);
}
-static int call_undef_hook(struct pt_regs *regs)
+static int user_insn_read(struct pt_regs *regs, u32 *insnp)
{
- struct undef_hook *hook;
- unsigned long flags;
u32 instr;
- int (*fn)(struct pt_regs *regs, u32 instr) = NULL;
void __user *pc = (void __user *)instruction_pointer(regs);
if (compat_thumb_mode(regs)) {
/* 16-bit Thumb instruction */
__le16 instr_le;
if (get_user(instr_le, (__le16 __user *)pc))
- goto exit;
+ return -EFAULT;
instr = le16_to_cpu(instr_le);
if (aarch32_insn_is_wide(instr)) {
u32 instr2;
if (get_user(instr_le, (__le16 __user *)(pc + 2)))
- goto exit;
+ return -EFAULT;
instr2 = le16_to_cpu(instr_le);
instr = (instr << 16) | instr2;
}
@@ -420,10 +417,20 @@ static int call_undef_hook(struct pt_reg
/* 32-bit ARM instruction */
__le32 instr_le;
if (get_user(instr_le, (__le32 __user *)pc))
- goto exit;
+ return -EFAULT;
instr = le32_to_cpu(instr_le);
}
+ *insnp = instr;
+ return 0;
+}
+
+static int call_undef_hook(struct pt_regs *regs, u32 instr)
+{
+ struct undef_hook *hook;
+ unsigned long flags;
+ int (*fn)(struct pt_regs *regs, u32 instr) = NULL;
+
raw_spin_lock_irqsave(&undef_lock, flags);
list_for_each_entry(hook, &undef_hook, node)
if ((instr & hook->instr_mask) == hook->instr_val &&
@@ -431,7 +438,7 @@ static int call_undef_hook(struct pt_reg
fn = hook->fn;
raw_spin_unlock_irqrestore(&undef_lock, flags);
-exit:
+
return fn ? fn(regs, instr) : 1;
}
@@ -483,13 +490,19 @@ void arm64_notify_segfault(unsigned long
void do_el0_undef(struct pt_regs *regs, unsigned long esr)
{
+ u32 insn;
+
/* check for AArch32 breakpoint instructions */
if (!aarch32_break_handler(regs))
return;
- if (call_undef_hook(regs) == 0)
+ if (user_insn_read(regs, &insn))
+ goto out_err;
+
+ if (call_undef_hook(regs, insn) == 0)
return;
+out_err:
force_signal_inject(SIGILL, ILL_ILLOPC, regs->pc, 0);
}
^ permalink raw reply [flat|nested] 123+ messages in thread* [PATCH 5.15 094/102] arm64: rework EL0 MRS emulation
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (92 preceding siblings ...)
2023-10-16 8:41 ` [PATCH 5.15 093/102] arm64: factor insn read out of call_undef_hook() Greg Kroah-Hartman
@ 2023-10-16 8:41 ` Greg Kroah-Hartman
2023-10-16 8:41 ` [PATCH 5.15 095/102] arm64: armv8_deprecated: fold ops into insn_emulation Greg Kroah-Hartman
` (16 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, ruanjinjie, Mark Rutland,
Catalin Marinas, James Morse, Joey Gouly, Peter Zijlstra,
Will Deacon
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mark Rutland <mark.rutland@arm.com>
commit f5962add74b61f8ae31c6311f75ca35d7e1d2d8f upstream.
On CPUs without FEAT_IDST, ID register emulation is slower than it needs
to be, as all threads contend for the same lock to perform the
emulation. This patch reworks the emulation to avoid this unnecessary
contention.
On CPUs with FEAT_IDST (which is mandatory from ARMv8.4 onwards), EL0
accesses to ID registers result in a SYS trap, and emulation of these is
handled with a sys64_hook. These hooks are statically allocated, and no
locking is required to iterate through the hooks and perform the
emulation, allowing emulation to occur in parallel with no contention.
On CPUs without FEAT_IDST, EL0 accesses to ID registers result in an
UNDEFINED exception, and emulation of these accesses is handled with an
undef_hook. When an EL0 MRS instruction is trapped to EL1, the kernel
finds the relevant handler by iterating through all of the undef_hooks,
requiring undef_lock to be held during this lookup.
This locking is only required to safely traverse the list of undef_hooks
(as it can be concurrently modified), and the actual emulation of the
MRS does not require any mutual exclusion. This locking is an
unfortunate bottleneck, especially given that MRS emulation is enabled
unconditionally and is never disabled.
This patch reworks the non-FEAT_IDST MRS emulation logic so that it can
be invoked directly from do_el0_undef(). This removes the bottleneck,
allowing MRS traps to be handled entirely in parallel, and is a stepping
stone to making all of the undef_hooks lock-free.
I've tested this in a 64-vCPU VM on a 64-CPU ThunderX2 host, with a
benchmark which spawns a number of threads which each try to read
ID_AA64ISAR0_EL1 1000000 times. This is vastly more contention than will
ever be seen in realistic usage, but clearly demonstrates the removal of
the bottleneck:
| Threads || Time (seconds) |
| || Before || After |
| || Real | System || Real | System |
|---------++--------+---------++--------+---------|
| 1 || 0.29 | 0.20 || 0.24 | 0.12 |
| 2 || 0.35 | 0.51 || 0.23 | 0.27 |
| 4 || 1.08 | 3.87 || 0.24 | 0.56 |
| 8 || 4.31 | 33.60 || 0.24 | 1.11 |
| 16 || 9.47 | 149.39 || 0.23 | 2.15 |
| 32 || 19.07 | 605.27 || 0.24 | 4.38 |
| 64 || 65.40 | 3609.09 || 0.33 | 11.27 |
Aside from the speedup, there should be no functional change as a result
of this patch.
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: James Morse <james.morse@arm.com>
Cc: Joey Gouly <joey.gouly@arm.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Will Deacon <will@kernel.org>
Link: https://lore.kernel.org/r/20221019144123.612388-6-mark.rutland@arm.com
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Jinjie Ruan <ruanjinjie@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/include/asm/cpufeature.h | 3 ++-
arch/arm64/kernel/cpufeature.c | 23 +++++------------------
arch/arm64/kernel/traps.c | 3 +++
3 files changed, 10 insertions(+), 19 deletions(-)
--- a/arch/arm64/include/asm/cpufeature.h
+++ b/arch/arm64/include/asm/cpufeature.h
@@ -808,7 +808,8 @@ static inline bool system_supports_tlb_r
cpus_have_const_cap(ARM64_HAS_TLB_RANGE);
}
-extern int do_emulate_mrs(struct pt_regs *regs, u32 sys_reg, u32 rt);
+int do_emulate_mrs(struct pt_regs *regs, u32 sys_reg, u32 rt);
+bool try_emulate_mrs(struct pt_regs *regs, u32 isn);
static inline u32 id_aa64mmfr0_parange_to_phys_shift(int parange)
{
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@ -3106,35 +3106,22 @@ int do_emulate_mrs(struct pt_regs *regs,
return rc;
}
-static int emulate_mrs(struct pt_regs *regs, u32 insn)
+bool try_emulate_mrs(struct pt_regs *regs, u32 insn)
{
u32 sys_reg, rt;
+ if (compat_user_mode(regs) || !aarch64_insn_is_mrs(insn))
+ return false;
+
/*
* sys_reg values are defined as used in mrs/msr instruction.
* shift the imm value to get the encoding.
*/
sys_reg = (u32)aarch64_insn_decode_immediate(AARCH64_INSN_IMM_16, insn) << 5;
rt = aarch64_insn_decode_register(AARCH64_INSN_REGTYPE_RT, insn);
- return do_emulate_mrs(regs, sys_reg, rt);
-}
-
-static struct undef_hook mrs_hook = {
- .instr_mask = 0xffff0000,
- .instr_val = 0xd5380000,
- .pstate_mask = PSR_AA32_MODE_MASK,
- .pstate_val = PSR_MODE_EL0t,
- .fn = emulate_mrs,
-};
-
-static int __init enable_mrs_emulation(void)
-{
- register_undef_hook(&mrs_hook);
- return 0;
+ return do_emulate_mrs(regs, sys_reg, rt) == 0;
}
-core_initcall(enable_mrs_emulation);
-
enum mitigation_state arm64_get_meltdown_state(void)
{
if (__meltdown_safe)
--- a/arch/arm64/kernel/traps.c
+++ b/arch/arm64/kernel/traps.c
@@ -499,6 +499,9 @@ void do_el0_undef(struct pt_regs *regs,
if (user_insn_read(regs, &insn))
goto out_err;
+ if (try_emulate_mrs(regs, insn))
+ return;
+
if (call_undef_hook(regs, insn) == 0)
return;
^ permalink raw reply [flat|nested] 123+ messages in thread* [PATCH 5.15 095/102] arm64: armv8_deprecated: fold ops into insn_emulation
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (93 preceding siblings ...)
2023-10-16 8:41 ` [PATCH 5.15 094/102] arm64: rework EL0 MRS emulation Greg Kroah-Hartman
@ 2023-10-16 8:41 ` Greg Kroah-Hartman
2023-10-16 8:41 ` [PATCH 5.15 096/102] arm64: armv8_deprecated move emulation functions Greg Kroah-Hartman
` (15 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, ruanjinjie, Mark Rutland,
Catalin Marinas, James Morse, Joey Gouly, Peter Zijlstra,
Will Deacon
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mark Rutland <mark.rutland@arm.com>
commit b4453cc8a7ebbd45436a8cd3ffeaa069ceac146f upstream.
The code for emulating deprecated instructions has two related
structures: struct insn_emulation_ops and struct insn_emulation, where
each struct insn_emulation_ops is associated 1-1 with a struct
insn_emulation.
It would be simpler to combine the two into a single structure, removing
the need for (unconditional) dynamic allocation at boot time, and
simplifying some runtime pointer chasing.
This patch merges the two structures together.
There should be no functional change as a result of this patch.
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: James Morse <james.morse@arm.com>
Cc: Joey Gouly <joey.gouly@arm.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Will Deacon <will@kernel.org>
Link: https://lore.kernel.org/r/20221019144123.612388-7-mark.rutland@arm.com
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Jinjie Ruan <ruanjinjie@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/kernel/armv8_deprecated.c | 76 +++++++++++++++--------------------
1 file changed, 33 insertions(+), 43 deletions(-)
--- a/arch/arm64/kernel/armv8_deprecated.c
+++ b/arch/arm64/kernel/armv8_deprecated.c
@@ -41,16 +41,12 @@ enum legacy_insn_status {
INSN_OBSOLETE,
};
-struct insn_emulation_ops {
- const char *name;
- enum legacy_insn_status status;
- struct undef_hook *hooks;
- int (*set_hw_mode)(bool enable);
-};
-
struct insn_emulation {
- struct list_head node;
- struct insn_emulation_ops *ops;
+ const char *name;
+ struct list_head node;
+ enum legacy_insn_status status;
+ struct undef_hook *hooks;
+ int (*set_hw_mode)(bool enable);
int current_mode;
int min;
int max;
@@ -61,48 +57,48 @@ static int nr_insn_emulated __initdata;
static DEFINE_RAW_SPINLOCK(insn_emulation_lock);
static DEFINE_MUTEX(insn_emulation_mutex);
-static void register_emulation_hooks(struct insn_emulation_ops *ops)
+static void register_emulation_hooks(struct insn_emulation *insn)
{
struct undef_hook *hook;
- BUG_ON(!ops->hooks);
+ BUG_ON(!insn->hooks);
- for (hook = ops->hooks; hook->instr_mask; hook++)
+ for (hook = insn->hooks; hook->instr_mask; hook++)
register_undef_hook(hook);
- pr_notice("Registered %s emulation handler\n", ops->name);
+ pr_notice("Registered %s emulation handler\n", insn->name);
}
-static void remove_emulation_hooks(struct insn_emulation_ops *ops)
+static void remove_emulation_hooks(struct insn_emulation *insn)
{
struct undef_hook *hook;
- BUG_ON(!ops->hooks);
+ BUG_ON(!insn->hooks);
- for (hook = ops->hooks; hook->instr_mask; hook++)
+ for (hook = insn->hooks; hook->instr_mask; hook++)
unregister_undef_hook(hook);
- pr_notice("Removed %s emulation handler\n", ops->name);
+ pr_notice("Removed %s emulation handler\n", insn->name);
}
static void enable_insn_hw_mode(void *data)
{
struct insn_emulation *insn = (struct insn_emulation *)data;
- if (insn->ops->set_hw_mode)
- insn->ops->set_hw_mode(true);
+ if (insn->set_hw_mode)
+ insn->set_hw_mode(true);
}
static void disable_insn_hw_mode(void *data)
{
struct insn_emulation *insn = (struct insn_emulation *)data;
- if (insn->ops->set_hw_mode)
- insn->ops->set_hw_mode(false);
+ if (insn->set_hw_mode)
+ insn->set_hw_mode(false);
}
/* Run set_hw_mode(mode) on all active CPUs */
static int run_all_cpu_set_hw_mode(struct insn_emulation *insn, bool enable)
{
- if (!insn->ops->set_hw_mode)
+ if (!insn->set_hw_mode)
return -EINVAL;
if (enable)
on_each_cpu(enable_insn_hw_mode, (void *)insn, true);
@@ -126,9 +122,9 @@ static int run_all_insn_set_hw_mode(unsi
raw_spin_lock_irqsave(&insn_emulation_lock, flags);
list_for_each_entry(insn, &insn_emulation, node) {
bool enable = (insn->current_mode == INSN_HW);
- if (insn->ops->set_hw_mode && insn->ops->set_hw_mode(enable)) {
+ if (insn->set_hw_mode && insn->set_hw_mode(enable)) {
pr_warn("CPU[%u] cannot support the emulation of %s",
- cpu, insn->ops->name);
+ cpu, insn->name);
rc = -EINVAL;
}
}
@@ -145,11 +141,11 @@ static int update_insn_emulation_mode(st
case INSN_UNDEF: /* Nothing to be done */
break;
case INSN_EMULATE:
- remove_emulation_hooks(insn->ops);
+ remove_emulation_hooks(insn);
break;
case INSN_HW:
if (!run_all_cpu_set_hw_mode(insn, false))
- pr_notice("Disabled %s support\n", insn->ops->name);
+ pr_notice("Disabled %s support\n", insn->name);
break;
}
@@ -157,31 +153,25 @@ static int update_insn_emulation_mode(st
case INSN_UNDEF:
break;
case INSN_EMULATE:
- register_emulation_hooks(insn->ops);
+ register_emulation_hooks(insn);
break;
case INSN_HW:
ret = run_all_cpu_set_hw_mode(insn, true);
if (!ret)
- pr_notice("Enabled %s support\n", insn->ops->name);
+ pr_notice("Enabled %s support\n", insn->name);
break;
}
return ret;
}
-static void __init register_insn_emulation(struct insn_emulation_ops *ops)
+static void __init register_insn_emulation(struct insn_emulation *insn)
{
unsigned long flags;
- struct insn_emulation *insn;
-
- insn = kzalloc(sizeof(*insn), GFP_KERNEL);
- if (!insn)
- return;
- insn->ops = ops;
insn->min = INSN_UNDEF;
- switch (ops->status) {
+ switch (insn->status) {
case INSN_DEPRECATED:
insn->current_mode = INSN_EMULATE;
/* Disable the HW mode if it was turned on at early boot time */
@@ -247,7 +237,7 @@ static void __init register_insn_emulati
sysctl->mode = 0644;
sysctl->maxlen = sizeof(int);
- sysctl->procname = insn->ops->name;
+ sysctl->procname = insn->name;
sysctl->data = &insn->current_mode;
sysctl->extra1 = &insn->min;
sysctl->extra2 = &insn->max;
@@ -451,7 +441,7 @@ static struct undef_hook swp_hooks[] = {
{ }
};
-static struct insn_emulation_ops swp_ops = {
+static struct insn_emulation insn_swp = {
.name = "swp",
.status = INSN_OBSOLETE,
.hooks = swp_hooks,
@@ -538,7 +528,7 @@ static struct undef_hook cp15_barrier_ho
{ }
};
-static struct insn_emulation_ops cp15_barrier_ops = {
+static struct insn_emulation insn_cp15_barrier = {
.name = "cp15_barrier",
.status = INSN_DEPRECATED,
.hooks = cp15_barrier_hooks,
@@ -611,7 +601,7 @@ static struct undef_hook setend_hooks[]
{}
};
-static struct insn_emulation_ops setend_ops = {
+static struct insn_emulation insn_setend = {
.name = "setend",
.status = INSN_DEPRECATED,
.hooks = setend_hooks,
@@ -625,14 +615,14 @@ static struct insn_emulation_ops setend_
static int __init armv8_deprecated_init(void)
{
if (IS_ENABLED(CONFIG_SWP_EMULATION))
- register_insn_emulation(&swp_ops);
+ register_insn_emulation(&insn_swp);
if (IS_ENABLED(CONFIG_CP15_BARRIER_EMULATION))
- register_insn_emulation(&cp15_barrier_ops);
+ register_insn_emulation(&insn_cp15_barrier);
if (IS_ENABLED(CONFIG_SETEND_EMULATION)) {
if (system_supports_mixed_endian_el0())
- register_insn_emulation(&setend_ops);
+ register_insn_emulation(&insn_setend);
else
pr_info("setend instruction emulation is not supported on this system\n");
}
^ permalink raw reply [flat|nested] 123+ messages in thread* [PATCH 5.15 096/102] arm64: armv8_deprecated move emulation functions
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (94 preceding siblings ...)
2023-10-16 8:41 ` [PATCH 5.15 095/102] arm64: armv8_deprecated: fold ops into insn_emulation Greg Kroah-Hartman
@ 2023-10-16 8:41 ` Greg Kroah-Hartman
2023-10-16 8:41 ` [PATCH 5.15 097/102] arm64: armv8_deprecated: move aarch32 helper earlier Greg Kroah-Hartman
` (14 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, ruanjinjie, Mark Rutland,
Catalin Marinas, James Morse, Joey Gouly, Peter Zijlstra,
Will Deacon
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mark Rutland <mark.rutland@arm.com>
commit 25eeac0cfe7c97ade1be07340e11e7143aab57a6 upstream.
Subsequent patches will rework the logic in armv8_deprecated.c.
In preparation for subsequent changes, this patch moves the emulation
logic earlier in the file, and moves the infrastructure later in the
file. This will make subsequent diffs simpler and easier to read.
This is purely a move. There should be no functional change as a result
of this patch.
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: James Morse <james.morse@arm.com>
Cc: Joey Gouly <joey.gouly@arm.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Will Deacon <will@kernel.org>
Link: https://lore.kernel.org/r/20221019144123.612388-8-mark.rutland@arm.com
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Jinjie Ruan <ruanjinjie@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/kernel/armv8_deprecated.c | 394 +++++++++++++++++------------------
1 file changed, 197 insertions(+), 197 deletions(-)
--- a/arch/arm64/kernel/armv8_deprecated.c
+++ b/arch/arm64/kernel/armv8_deprecated.c
@@ -52,203 +52,6 @@ struct insn_emulation {
int max;
};
-static LIST_HEAD(insn_emulation);
-static int nr_insn_emulated __initdata;
-static DEFINE_RAW_SPINLOCK(insn_emulation_lock);
-static DEFINE_MUTEX(insn_emulation_mutex);
-
-static void register_emulation_hooks(struct insn_emulation *insn)
-{
- struct undef_hook *hook;
-
- BUG_ON(!insn->hooks);
-
- for (hook = insn->hooks; hook->instr_mask; hook++)
- register_undef_hook(hook);
-
- pr_notice("Registered %s emulation handler\n", insn->name);
-}
-
-static void remove_emulation_hooks(struct insn_emulation *insn)
-{
- struct undef_hook *hook;
-
- BUG_ON(!insn->hooks);
-
- for (hook = insn->hooks; hook->instr_mask; hook++)
- unregister_undef_hook(hook);
-
- pr_notice("Removed %s emulation handler\n", insn->name);
-}
-
-static void enable_insn_hw_mode(void *data)
-{
- struct insn_emulation *insn = (struct insn_emulation *)data;
- if (insn->set_hw_mode)
- insn->set_hw_mode(true);
-}
-
-static void disable_insn_hw_mode(void *data)
-{
- struct insn_emulation *insn = (struct insn_emulation *)data;
- if (insn->set_hw_mode)
- insn->set_hw_mode(false);
-}
-
-/* Run set_hw_mode(mode) on all active CPUs */
-static int run_all_cpu_set_hw_mode(struct insn_emulation *insn, bool enable)
-{
- if (!insn->set_hw_mode)
- return -EINVAL;
- if (enable)
- on_each_cpu(enable_insn_hw_mode, (void *)insn, true);
- else
- on_each_cpu(disable_insn_hw_mode, (void *)insn, true);
- return 0;
-}
-
-/*
- * Run set_hw_mode for all insns on a starting CPU.
- * Returns:
- * 0 - If all the hooks ran successfully.
- * -EINVAL - At least one hook is not supported by the CPU.
- */
-static int run_all_insn_set_hw_mode(unsigned int cpu)
-{
- int rc = 0;
- unsigned long flags;
- struct insn_emulation *insn;
-
- raw_spin_lock_irqsave(&insn_emulation_lock, flags);
- list_for_each_entry(insn, &insn_emulation, node) {
- bool enable = (insn->current_mode == INSN_HW);
- if (insn->set_hw_mode && insn->set_hw_mode(enable)) {
- pr_warn("CPU[%u] cannot support the emulation of %s",
- cpu, insn->name);
- rc = -EINVAL;
- }
- }
- raw_spin_unlock_irqrestore(&insn_emulation_lock, flags);
- return rc;
-}
-
-static int update_insn_emulation_mode(struct insn_emulation *insn,
- enum insn_emulation_mode prev)
-{
- int ret = 0;
-
- switch (prev) {
- case INSN_UNDEF: /* Nothing to be done */
- break;
- case INSN_EMULATE:
- remove_emulation_hooks(insn);
- break;
- case INSN_HW:
- if (!run_all_cpu_set_hw_mode(insn, false))
- pr_notice("Disabled %s support\n", insn->name);
- break;
- }
-
- switch (insn->current_mode) {
- case INSN_UNDEF:
- break;
- case INSN_EMULATE:
- register_emulation_hooks(insn);
- break;
- case INSN_HW:
- ret = run_all_cpu_set_hw_mode(insn, true);
- if (!ret)
- pr_notice("Enabled %s support\n", insn->name);
- break;
- }
-
- return ret;
-}
-
-static void __init register_insn_emulation(struct insn_emulation *insn)
-{
- unsigned long flags;
-
- insn->min = INSN_UNDEF;
-
- switch (insn->status) {
- case INSN_DEPRECATED:
- insn->current_mode = INSN_EMULATE;
- /* Disable the HW mode if it was turned on at early boot time */
- run_all_cpu_set_hw_mode(insn, false);
- insn->max = INSN_HW;
- break;
- case INSN_OBSOLETE:
- insn->current_mode = INSN_UNDEF;
- insn->max = INSN_EMULATE;
- break;
- }
-
- raw_spin_lock_irqsave(&insn_emulation_lock, flags);
- list_add(&insn->node, &insn_emulation);
- nr_insn_emulated++;
- raw_spin_unlock_irqrestore(&insn_emulation_lock, flags);
-
- /* Register any handlers if required */
- update_insn_emulation_mode(insn, INSN_UNDEF);
-}
-
-static int emulation_proc_handler(struct ctl_table *table, int write,
- void *buffer, size_t *lenp,
- loff_t *ppos)
-{
- int ret = 0;
- struct insn_emulation *insn = container_of(table->data, struct insn_emulation, current_mode);
- enum insn_emulation_mode prev_mode = insn->current_mode;
-
- mutex_lock(&insn_emulation_mutex);
- ret = proc_dointvec_minmax(table, write, buffer, lenp, ppos);
-
- if (ret || !write || prev_mode == insn->current_mode)
- goto ret;
-
- ret = update_insn_emulation_mode(insn, prev_mode);
- if (ret) {
- /* Mode change failed, revert to previous mode. */
- insn->current_mode = prev_mode;
- update_insn_emulation_mode(insn, INSN_UNDEF);
- }
-ret:
- mutex_unlock(&insn_emulation_mutex);
- return ret;
-}
-
-static void __init register_insn_emulation_sysctl(void)
-{
- unsigned long flags;
- int i = 0;
- struct insn_emulation *insn;
- struct ctl_table *insns_sysctl, *sysctl;
-
- insns_sysctl = kcalloc(nr_insn_emulated + 1, sizeof(*sysctl),
- GFP_KERNEL);
- if (!insns_sysctl)
- return;
-
- raw_spin_lock_irqsave(&insn_emulation_lock, flags);
- list_for_each_entry(insn, &insn_emulation, node) {
- sysctl = &insns_sysctl[i];
-
- sysctl->mode = 0644;
- sysctl->maxlen = sizeof(int);
-
- sysctl->procname = insn->name;
- sysctl->data = &insn->current_mode;
- sysctl->extra1 = &insn->min;
- sysctl->extra2 = &insn->max;
- sysctl->proc_handler = emulation_proc_handler;
- i++;
- }
- raw_spin_unlock_irqrestore(&insn_emulation_lock, flags);
-
- register_sysctl("abi", insns_sysctl);
-}
-
/*
* Implement emulation of the SWP/SWPB instructions using load-exclusive and
* store-exclusive.
@@ -608,6 +411,203 @@ static struct insn_emulation insn_setend
.set_hw_mode = setend_set_hw_mode,
};
+static LIST_HEAD(insn_emulation);
+static int nr_insn_emulated __initdata;
+static DEFINE_RAW_SPINLOCK(insn_emulation_lock);
+static DEFINE_MUTEX(insn_emulation_mutex);
+
+static void register_emulation_hooks(struct insn_emulation *insn)
+{
+ struct undef_hook *hook;
+
+ BUG_ON(!insn->hooks);
+
+ for (hook = insn->hooks; hook->instr_mask; hook++)
+ register_undef_hook(hook);
+
+ pr_notice("Registered %s emulation handler\n", insn->name);
+}
+
+static void remove_emulation_hooks(struct insn_emulation *insn)
+{
+ struct undef_hook *hook;
+
+ BUG_ON(!insn->hooks);
+
+ for (hook = insn->hooks; hook->instr_mask; hook++)
+ unregister_undef_hook(hook);
+
+ pr_notice("Removed %s emulation handler\n", insn->name);
+}
+
+static void enable_insn_hw_mode(void *data)
+{
+ struct insn_emulation *insn = (struct insn_emulation *)data;
+ if (insn->set_hw_mode)
+ insn->set_hw_mode(true);
+}
+
+static void disable_insn_hw_mode(void *data)
+{
+ struct insn_emulation *insn = (struct insn_emulation *)data;
+ if (insn->set_hw_mode)
+ insn->set_hw_mode(false);
+}
+
+/* Run set_hw_mode(mode) on all active CPUs */
+static int run_all_cpu_set_hw_mode(struct insn_emulation *insn, bool enable)
+{
+ if (!insn->set_hw_mode)
+ return -EINVAL;
+ if (enable)
+ on_each_cpu(enable_insn_hw_mode, (void *)insn, true);
+ else
+ on_each_cpu(disable_insn_hw_mode, (void *)insn, true);
+ return 0;
+}
+
+/*
+ * Run set_hw_mode for all insns on a starting CPU.
+ * Returns:
+ * 0 - If all the hooks ran successfully.
+ * -EINVAL - At least one hook is not supported by the CPU.
+ */
+static int run_all_insn_set_hw_mode(unsigned int cpu)
+{
+ int rc = 0;
+ unsigned long flags;
+ struct insn_emulation *insn;
+
+ raw_spin_lock_irqsave(&insn_emulation_lock, flags);
+ list_for_each_entry(insn, &insn_emulation, node) {
+ bool enable = (insn->current_mode == INSN_HW);
+ if (insn->set_hw_mode && insn->set_hw_mode(enable)) {
+ pr_warn("CPU[%u] cannot support the emulation of %s",
+ cpu, insn->name);
+ rc = -EINVAL;
+ }
+ }
+ raw_spin_unlock_irqrestore(&insn_emulation_lock, flags);
+ return rc;
+}
+
+static int update_insn_emulation_mode(struct insn_emulation *insn,
+ enum insn_emulation_mode prev)
+{
+ int ret = 0;
+
+ switch (prev) {
+ case INSN_UNDEF: /* Nothing to be done */
+ break;
+ case INSN_EMULATE:
+ remove_emulation_hooks(insn);
+ break;
+ case INSN_HW:
+ if (!run_all_cpu_set_hw_mode(insn, false))
+ pr_notice("Disabled %s support\n", insn->name);
+ break;
+ }
+
+ switch (insn->current_mode) {
+ case INSN_UNDEF:
+ break;
+ case INSN_EMULATE:
+ register_emulation_hooks(insn);
+ break;
+ case INSN_HW:
+ ret = run_all_cpu_set_hw_mode(insn, true);
+ if (!ret)
+ pr_notice("Enabled %s support\n", insn->name);
+ break;
+ }
+
+ return ret;
+}
+
+static void __init register_insn_emulation(struct insn_emulation *insn)
+{
+ unsigned long flags;
+
+ insn->min = INSN_UNDEF;
+
+ switch (insn->status) {
+ case INSN_DEPRECATED:
+ insn->current_mode = INSN_EMULATE;
+ /* Disable the HW mode if it was turned on at early boot time */
+ run_all_cpu_set_hw_mode(insn, false);
+ insn->max = INSN_HW;
+ break;
+ case INSN_OBSOLETE:
+ insn->current_mode = INSN_UNDEF;
+ insn->max = INSN_EMULATE;
+ break;
+ }
+
+ raw_spin_lock_irqsave(&insn_emulation_lock, flags);
+ list_add(&insn->node, &insn_emulation);
+ nr_insn_emulated++;
+ raw_spin_unlock_irqrestore(&insn_emulation_lock, flags);
+
+ /* Register any handlers if required */
+ update_insn_emulation_mode(insn, INSN_UNDEF);
+}
+
+static int emulation_proc_handler(struct ctl_table *table, int write,
+ void *buffer, size_t *lenp,
+ loff_t *ppos)
+{
+ int ret = 0;
+ struct insn_emulation *insn = container_of(table->data, struct insn_emulation, current_mode);
+ enum insn_emulation_mode prev_mode = insn->current_mode;
+
+ mutex_lock(&insn_emulation_mutex);
+ ret = proc_dointvec_minmax(table, write, buffer, lenp, ppos);
+
+ if (ret || !write || prev_mode == insn->current_mode)
+ goto ret;
+
+ ret = update_insn_emulation_mode(insn, prev_mode);
+ if (ret) {
+ /* Mode change failed, revert to previous mode. */
+ insn->current_mode = prev_mode;
+ update_insn_emulation_mode(insn, INSN_UNDEF);
+ }
+ret:
+ mutex_unlock(&insn_emulation_mutex);
+ return ret;
+}
+
+static void __init register_insn_emulation_sysctl(void)
+{
+ unsigned long flags;
+ int i = 0;
+ struct insn_emulation *insn;
+ struct ctl_table *insns_sysctl, *sysctl;
+
+ insns_sysctl = kcalloc(nr_insn_emulated + 1, sizeof(*sysctl),
+ GFP_KERNEL);
+ if (!insns_sysctl)
+ return;
+
+ raw_spin_lock_irqsave(&insn_emulation_lock, flags);
+ list_for_each_entry(insn, &insn_emulation, node) {
+ sysctl = &insns_sysctl[i];
+
+ sysctl->mode = 0644;
+ sysctl->maxlen = sizeof(int);
+
+ sysctl->procname = insn->name;
+ sysctl->data = &insn->current_mode;
+ sysctl->extra1 = &insn->min;
+ sysctl->extra2 = &insn->max;
+ sysctl->proc_handler = emulation_proc_handler;
+ i++;
+ }
+ raw_spin_unlock_irqrestore(&insn_emulation_lock, flags);
+
+ register_sysctl("abi", insns_sysctl);
+}
+
/*
* Invoked as core_initcall, which guarantees that the instruction
* emulation is ready for userspace.
^ permalink raw reply [flat|nested] 123+ messages in thread* [PATCH 5.15 097/102] arm64: armv8_deprecated: move aarch32 helper earlier
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (95 preceding siblings ...)
2023-10-16 8:41 ` [PATCH 5.15 096/102] arm64: armv8_deprecated move emulation functions Greg Kroah-Hartman
@ 2023-10-16 8:41 ` Greg Kroah-Hartman
2023-10-16 8:41 ` [PATCH 5.15 098/102] arm64: armv8_deprecated: rework deprected instruction handling Greg Kroah-Hartman
` (13 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, ruanjinjie, Mark Rutland,
Catalin Marinas, James Morse, Joey Gouly, Peter Zijlstra,
Will Deacon
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mark Rutland <mark.rutland@arm.com>
commit 0c5f416219da3795dc8b33e5bb7865a6b3c4e55c upstream.
Subsequent patches will rework the logic in armv8_deprecated.c.
In preparation for subsequent changes, this patch moves some shared logic
earlier in the file. This will make subsequent diffs simpler and easier to
read.
At the same time, drop the `__kprobes` annotation from
aarch32_check_condition(), as this is only used for traps from compat
userspace, and has no risk of recursion within kprobes. As this is the
last kprobes annotation in armve8_deprecated.c, we no longer need to
include <asm/kprobes.h>.
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: James Morse <james.morse@arm.com>
Cc: Joey Gouly <joey.gouly@arm.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Will Deacon <will@kernel.org>
Link: https://lore.kernel.org/r/20221019144123.612388-9-mark.rutland@arm.com
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Jinjie Ruan <ruanjinjie@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/kernel/armv8_deprecated.c | 39 +++++++++++++++++------------------
1 file changed, 19 insertions(+), 20 deletions(-)
--- a/arch/arm64/kernel/armv8_deprecated.c
+++ b/arch/arm64/kernel/armv8_deprecated.c
@@ -17,7 +17,6 @@
#include <asm/sysreg.h>
#include <asm/system_misc.h>
#include <asm/traps.h>
-#include <asm/kprobes.h>
#define CREATE_TRACE_POINTS
#include "trace-events-emulation.h"
@@ -52,6 +51,25 @@ struct insn_emulation {
int max;
};
+#define ARM_OPCODE_CONDTEST_FAIL 0
+#define ARM_OPCODE_CONDTEST_PASS 1
+#define ARM_OPCODE_CONDTEST_UNCOND 2
+
+#define ARM_OPCODE_CONDITION_UNCOND 0xf
+
+static unsigned int aarch32_check_condition(u32 opcode, u32 psr)
+{
+ u32 cc_bits = opcode >> 28;
+
+ if (cc_bits != ARM_OPCODE_CONDITION_UNCOND) {
+ if ((*aarch32_opcode_cond_checks[cc_bits])(psr))
+ return ARM_OPCODE_CONDTEST_PASS;
+ else
+ return ARM_OPCODE_CONDTEST_FAIL;
+ }
+ return ARM_OPCODE_CONDTEST_UNCOND;
+}
+
/*
* Implement emulation of the SWP/SWPB instructions using load-exclusive and
* store-exclusive.
@@ -138,25 +156,6 @@ static int emulate_swpX(unsigned int add
return res;
}
-#define ARM_OPCODE_CONDTEST_FAIL 0
-#define ARM_OPCODE_CONDTEST_PASS 1
-#define ARM_OPCODE_CONDTEST_UNCOND 2
-
-#define ARM_OPCODE_CONDITION_UNCOND 0xf
-
-static unsigned int __kprobes aarch32_check_condition(u32 opcode, u32 psr)
-{
- u32 cc_bits = opcode >> 28;
-
- if (cc_bits != ARM_OPCODE_CONDITION_UNCOND) {
- if ((*aarch32_opcode_cond_checks[cc_bits])(psr))
- return ARM_OPCODE_CONDTEST_PASS;
- else
- return ARM_OPCODE_CONDTEST_FAIL;
- }
- return ARM_OPCODE_CONDTEST_UNCOND;
-}
-
/*
* swp_handler logs the id of calling process, dissects the instruction, sanity
* checks the memory location, calls emulate_swpX for the actual operation and
^ permalink raw reply [flat|nested] 123+ messages in thread* [PATCH 5.15 098/102] arm64: armv8_deprecated: rework deprected instruction handling
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (96 preceding siblings ...)
2023-10-16 8:41 ` [PATCH 5.15 097/102] arm64: armv8_deprecated: move aarch32 helper earlier Greg Kroah-Hartman
@ 2023-10-16 8:41 ` Greg Kroah-Hartman
2023-10-16 8:41 ` [PATCH 5.15 099/102] arm64: armv8_deprecated: fix unused-function error Greg Kroah-Hartman
` (12 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, ruanjinjie, Mark Rutland,
Catalin Marinas, James Morse, Joey Gouly, Peter Zijlstra,
Will Deacon
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mark Rutland <mark.rutland@arm.com>
commit 124c49b1b5d947b7180c5d6cbb09ddf76ea45ea2 upstream.
Support for deprecated instructions can be enabled or disabled at
runtime. To handle this, the code in armv8_deprecated.c registers and
unregisters undef_hooks, and makes cross CPU calls to configure HW
support. This is rather complicated, and the synchronization required to
make this safe ends up serializing the handling of instructions which
have been trapped.
This patch simplifies the deprecated instruction handling by removing
the dynamic registration and unregistration, and changing the trap
handling code to determine whether a handler should be invoked. This
removes the need for dynamic list management, and simplifies the locking
requirements, making it possible to handle trapped instructions entirely
in parallel.
Where changing the emulation state requires a cross-call, this is
serialized by locally disabling interrupts, ensuring that the CPU is not
left in an inconsistent state.
To simplify sysctl management, each insn_emulation is given a separate
sysctl table, permitting these to be registered separately. The core
sysctl code will iterate over all of these when walking sysfs.
I've tested this with userspace programs which use each of the
deprecated instructions, and I've concurrently modified the support
level for each of the features back-and-forth between HW and emulated to
check that there are no spurious SIGILLs sent to userspace when the
support level is changed.
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: James Morse <james.morse@arm.com>
Cc: Joey Gouly <joey.gouly@arm.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Will Deacon <will@kernel.org>
Link: https://lore.kernel.org/r/20221019144123.612388-10-mark.rutland@arm.com
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Jinjie Ruan <ruanjinjie@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/include/asm/traps.h | 19 +-
arch/arm64/kernel/armv8_deprecated.c | 291 +++++++++++++++++------------------
arch/arm64/kernel/traps.c | 40 ----
3 files changed, 156 insertions(+), 194 deletions(-)
--- a/arch/arm64/include/asm/traps.h
+++ b/arch/arm64/include/asm/traps.h
@@ -13,17 +13,16 @@
struct pt_regs;
-struct undef_hook {
- struct list_head node;
- u32 instr_mask;
- u32 instr_val;
- u64 pstate_mask;
- u64 pstate_val;
- int (*fn)(struct pt_regs *regs, u32 instr);
-};
+#ifdef CONFIG_ARMV8_DEPRECATED
+bool try_emulate_armv8_deprecated(struct pt_regs *regs, u32 insn);
+#else
+static inline bool
+try_emulate_armv8_deprecated(struct pt_regs *regs, u32 insn)
+{
+ return false;
+}
+#endif /* CONFIG_ARMV8_DEPRECATED */
-void register_undef_hook(struct undef_hook *hook);
-void unregister_undef_hook(struct undef_hook *hook);
void force_signal_inject(int signal, int code, unsigned long address, unsigned long err);
void arm64_notify_segfault(unsigned long addr);
void arm64_force_sig_fault(int signo, int code, unsigned long far, const char *str);
--- a/arch/arm64/kernel/armv8_deprecated.c
+++ b/arch/arm64/kernel/armv8_deprecated.c
@@ -38,17 +38,24 @@ enum insn_emulation_mode {
enum legacy_insn_status {
INSN_DEPRECATED,
INSN_OBSOLETE,
+ INSN_UNAVAILABLE,
};
struct insn_emulation {
const char *name;
- struct list_head node;
enum legacy_insn_status status;
- struct undef_hook *hooks;
+ bool (*try_emulate)(struct pt_regs *regs,
+ u32 insn);
int (*set_hw_mode)(bool enable);
+
int current_mode;
int min;
int max;
+
+ /*
+ * sysctl for this emulation + a sentinal entry.
+ */
+ struct ctl_table sysctl[2];
};
#define ARM_OPCODE_CONDTEST_FAIL 0
@@ -70,6 +77,7 @@ static unsigned int aarch32_check_condit
return ARM_OPCODE_CONDTEST_UNCOND;
}
+#ifdef CONFIG_SWP_EMULATION
/*
* Implement emulation of the SWP/SWPB instructions using load-exclusive and
* store-exclusive.
@@ -228,28 +236,27 @@ fault:
return 0;
}
-/*
- * Only emulate SWP/SWPB executed in ARM state/User mode.
- * The kernel must be SWP free and SWP{B} does not exist in Thumb.
- */
-static struct undef_hook swp_hooks[] = {
- {
- .instr_mask = 0x0fb00ff0,
- .instr_val = 0x01000090,
- .pstate_mask = PSR_AA32_MODE_MASK,
- .pstate_val = PSR_AA32_MODE_USR,
- .fn = swp_handler
- },
- { }
-};
+static bool try_emulate_swp(struct pt_regs *regs, u32 insn)
+{
+ /* SWP{B} only exists in ARM state and does not exist in Thumb */
+ if (!compat_user_mode(regs) || compat_thumb_mode(regs))
+ return false;
+
+ if ((insn & 0x0fb00ff0) != 0x01000090)
+ return false;
+
+ return swp_handler(regs, insn) == 0;
+}
static struct insn_emulation insn_swp = {
.name = "swp",
.status = INSN_OBSOLETE,
- .hooks = swp_hooks,
+ .try_emulate = try_emulate_swp,
.set_hw_mode = NULL,
};
+#endif /* CONFIG_SWP_EMULATION */
+#ifdef CONFIG_CP15_BARRIER_EMULATION
static int cp15barrier_handler(struct pt_regs *regs, u32 instr)
{
perf_sw_event(PERF_COUNT_SW_EMULATION_FAULTS, 1, regs, regs->pc);
@@ -312,31 +319,29 @@ static int cp15_barrier_set_hw_mode(bool
return 0;
}
-static struct undef_hook cp15_barrier_hooks[] = {
- {
- .instr_mask = 0x0fff0fdf,
- .instr_val = 0x0e070f9a,
- .pstate_mask = PSR_AA32_MODE_MASK,
- .pstate_val = PSR_AA32_MODE_USR,
- .fn = cp15barrier_handler,
- },
- {
- .instr_mask = 0x0fff0fff,
- .instr_val = 0x0e070f95,
- .pstate_mask = PSR_AA32_MODE_MASK,
- .pstate_val = PSR_AA32_MODE_USR,
- .fn = cp15barrier_handler,
- },
- { }
-};
+static bool try_emulate_cp15_barrier(struct pt_regs *regs, u32 insn)
+{
+ if (!compat_user_mode(regs) || compat_thumb_mode(regs))
+ return false;
+
+ if ((insn & 0x0fff0fdf) == 0x0e070f9a)
+ return cp15barrier_handler(regs, insn) == 0;
+
+ if ((insn & 0x0fff0fff) == 0x0e070f95)
+ return cp15barrier_handler(regs, insn) == 0;
+
+ return false;
+}
static struct insn_emulation insn_cp15_barrier = {
.name = "cp15_barrier",
.status = INSN_DEPRECATED,
- .hooks = cp15_barrier_hooks,
+ .try_emulate = try_emulate_cp15_barrier,
.set_hw_mode = cp15_barrier_set_hw_mode,
};
+#endif /* CONFIG_CP15_BARRIER_EMULATION */
+#ifdef CONFIG_SETEND_EMULATION
static int setend_set_hw_mode(bool enable)
{
if (!cpu_supports_mixed_endian_el0())
@@ -384,60 +389,40 @@ static int t16_setend_handler(struct pt_
return rc;
}
-static struct undef_hook setend_hooks[] = {
- {
- .instr_mask = 0xfffffdff,
- .instr_val = 0xf1010000,
- .pstate_mask = PSR_AA32_MODE_MASK,
- .pstate_val = PSR_AA32_MODE_USR,
- .fn = a32_setend_handler,
- },
- {
- /* Thumb mode */
- .instr_mask = 0xfffffff7,
- .instr_val = 0x0000b650,
- .pstate_mask = (PSR_AA32_T_BIT | PSR_AA32_MODE_MASK),
- .pstate_val = (PSR_AA32_T_BIT | PSR_AA32_MODE_USR),
- .fn = t16_setend_handler,
- },
- {}
-};
+static bool try_emulate_setend(struct pt_regs *regs, u32 insn)
+{
+ if (compat_thumb_mode(regs) &&
+ (insn & 0xfffffff7) == 0x0000b650)
+ return t16_setend_handler(regs, insn) == 0;
+
+ if (compat_user_mode(regs) &&
+ (insn & 0xfffffdff) == 0xf1010000)
+ return a32_setend_handler(regs, insn) == 0;
+
+ return false;
+}
static struct insn_emulation insn_setend = {
.name = "setend",
.status = INSN_DEPRECATED,
- .hooks = setend_hooks,
+ .try_emulate = try_emulate_setend,
.set_hw_mode = setend_set_hw_mode,
};
+#endif /* CONFIG_SETEND_EMULATION */
-static LIST_HEAD(insn_emulation);
-static int nr_insn_emulated __initdata;
-static DEFINE_RAW_SPINLOCK(insn_emulation_lock);
-static DEFINE_MUTEX(insn_emulation_mutex);
-
-static void register_emulation_hooks(struct insn_emulation *insn)
-{
- struct undef_hook *hook;
-
- BUG_ON(!insn->hooks);
-
- for (hook = insn->hooks; hook->instr_mask; hook++)
- register_undef_hook(hook);
-
- pr_notice("Registered %s emulation handler\n", insn->name);
-}
-
-static void remove_emulation_hooks(struct insn_emulation *insn)
-{
- struct undef_hook *hook;
-
- BUG_ON(!insn->hooks);
-
- for (hook = insn->hooks; hook->instr_mask; hook++)
- unregister_undef_hook(hook);
+static struct insn_emulation *insn_emulations[] = {
+#ifdef CONFIG_SWP_EMULATION
+ &insn_swp,
+#endif
+#ifdef CONFIG_CP15_BARRIER_EMULATION
+ &insn_cp15_barrier,
+#endif
+#ifdef CONFIG_SETEND_EMULATION
+ &insn_setend,
+#endif
+};
- pr_notice("Removed %s emulation handler\n", insn->name);
-}
+static DEFINE_MUTEX(insn_emulation_mutex);
static void enable_insn_hw_mode(void *data)
{
@@ -473,20 +458,27 @@ static int run_all_cpu_set_hw_mode(struc
*/
static int run_all_insn_set_hw_mode(unsigned int cpu)
{
+ int i;
int rc = 0;
unsigned long flags;
- struct insn_emulation *insn;
- raw_spin_lock_irqsave(&insn_emulation_lock, flags);
- list_for_each_entry(insn, &insn_emulation, node) {
- bool enable = (insn->current_mode == INSN_HW);
+ /*
+ * Disable IRQs to serialize against an IPI from
+ * run_all_cpu_set_hw_mode(), ensuring the HW is programmed to the most
+ * recent enablement state if the two race with one another.
+ */
+ local_irq_save(flags);
+ for (i = 0; i < ARRAY_SIZE(insn_emulations); i++) {
+ struct insn_emulation *insn = insn_emulations[i];
+ bool enable = READ_ONCE(insn->current_mode) == INSN_HW;
if (insn->set_hw_mode && insn->set_hw_mode(enable)) {
pr_warn("CPU[%u] cannot support the emulation of %s",
cpu, insn->name);
rc = -EINVAL;
}
}
- raw_spin_unlock_irqrestore(&insn_emulation_lock, flags);
+ local_irq_restore(flags);
+
return rc;
}
@@ -499,7 +491,6 @@ static int update_insn_emulation_mode(st
case INSN_UNDEF: /* Nothing to be done */
break;
case INSN_EMULATE:
- remove_emulation_hooks(insn);
break;
case INSN_HW:
if (!run_all_cpu_set_hw_mode(insn, false))
@@ -511,7 +502,6 @@ static int update_insn_emulation_mode(st
case INSN_UNDEF:
break;
case INSN_EMULATE:
- register_emulation_hooks(insn);
break;
case INSN_HW:
ret = run_all_cpu_set_hw_mode(insn, true);
@@ -523,34 +513,6 @@ static int update_insn_emulation_mode(st
return ret;
}
-static void __init register_insn_emulation(struct insn_emulation *insn)
-{
- unsigned long flags;
-
- insn->min = INSN_UNDEF;
-
- switch (insn->status) {
- case INSN_DEPRECATED:
- insn->current_mode = INSN_EMULATE;
- /* Disable the HW mode if it was turned on at early boot time */
- run_all_cpu_set_hw_mode(insn, false);
- insn->max = INSN_HW;
- break;
- case INSN_OBSOLETE:
- insn->current_mode = INSN_UNDEF;
- insn->max = INSN_EMULATE;
- break;
- }
-
- raw_spin_lock_irqsave(&insn_emulation_lock, flags);
- list_add(&insn->node, &insn_emulation);
- nr_insn_emulated++;
- raw_spin_unlock_irqrestore(&insn_emulation_lock, flags);
-
- /* Register any handlers if required */
- update_insn_emulation_mode(insn, INSN_UNDEF);
-}
-
static int emulation_proc_handler(struct ctl_table *table, int write,
void *buffer, size_t *lenp,
loff_t *ppos)
@@ -568,7 +530,7 @@ static int emulation_proc_handler(struct
ret = update_insn_emulation_mode(insn, prev_mode);
if (ret) {
/* Mode change failed, revert to previous mode. */
- insn->current_mode = prev_mode;
+ WRITE_ONCE(insn->current_mode, prev_mode);
update_insn_emulation_mode(insn, INSN_UNDEF);
}
ret:
@@ -576,21 +538,34 @@ ret:
return ret;
}
-static void __init register_insn_emulation_sysctl(void)
+static void __init register_insn_emulation(struct insn_emulation *insn)
{
- unsigned long flags;
- int i = 0;
- struct insn_emulation *insn;
- struct ctl_table *insns_sysctl, *sysctl;
-
- insns_sysctl = kcalloc(nr_insn_emulated + 1, sizeof(*sysctl),
- GFP_KERNEL);
- if (!insns_sysctl)
- return;
-
- raw_spin_lock_irqsave(&insn_emulation_lock, flags);
- list_for_each_entry(insn, &insn_emulation, node) {
- sysctl = &insns_sysctl[i];
+ struct ctl_table *sysctl;
+
+ insn->min = INSN_UNDEF;
+
+ switch (insn->status) {
+ case INSN_DEPRECATED:
+ insn->current_mode = INSN_EMULATE;
+ /* Disable the HW mode if it was turned on at early boot time */
+ run_all_cpu_set_hw_mode(insn, false);
+ insn->max = INSN_HW;
+ break;
+ case INSN_OBSOLETE:
+ insn->current_mode = INSN_UNDEF;
+ insn->max = INSN_EMULATE;
+ break;
+ case INSN_UNAVAILABLE:
+ insn->current_mode = INSN_UNDEF;
+ insn->max = INSN_UNDEF;
+ break;
+ }
+
+ /* Program the HW if required */
+ update_insn_emulation_mode(insn, INSN_UNDEF);
+
+ if (insn->status != INSN_UNAVAILABLE) {
+ sysctl = &insn->sysctl[0];
sysctl->mode = 0644;
sysctl->maxlen = sizeof(int);
@@ -600,11 +575,34 @@ static void __init register_insn_emulati
sysctl->extra1 = &insn->min;
sysctl->extra2 = &insn->max;
sysctl->proc_handler = emulation_proc_handler;
- i++;
+
+ register_sysctl("abi", sysctl);
+ }
+}
+
+bool try_emulate_armv8_deprecated(struct pt_regs *regs, u32 insn)
+{
+ int i;
+
+ for (i = 0; i < ARRAY_SIZE(insn_emulations); i++) {
+ struct insn_emulation *ie = insn_emulations[i];
+
+ if (ie->status == INSN_UNAVAILABLE)
+ continue;
+
+ /*
+ * A trap may race with the mode being changed
+ * INSN_EMULATE<->INSN_HW. Try to emulate the instruction to
+ * avoid a spurious UNDEF.
+ */
+ if (READ_ONCE(ie->current_mode) == INSN_UNDEF)
+ continue;
+
+ if (ie->try_emulate(regs, insn))
+ return true;
}
- raw_spin_unlock_irqrestore(&insn_emulation_lock, flags);
- register_sysctl("abi", insns_sysctl);
+ return false;
}
/*
@@ -613,24 +611,27 @@ static void __init register_insn_emulati
*/
static int __init armv8_deprecated_init(void)
{
- if (IS_ENABLED(CONFIG_SWP_EMULATION))
- register_insn_emulation(&insn_swp);
+ int i;
- if (IS_ENABLED(CONFIG_CP15_BARRIER_EMULATION))
- register_insn_emulation(&insn_cp15_barrier);
+#ifdef CONFIG_SETEND_EMULATION
+ if (!system_supports_mixed_endian_el0()) {
+ insn_setend.status = INSN_UNAVAILABLE;
+ pr_info("setend instruction emulation is not supported on this system\n");
+ }
- if (IS_ENABLED(CONFIG_SETEND_EMULATION)) {
- if (system_supports_mixed_endian_el0())
- register_insn_emulation(&insn_setend);
- else
- pr_info("setend instruction emulation is not supported on this system\n");
+#endif
+ for (i = 0; i < ARRAY_SIZE(insn_emulations); i++) {
+ struct insn_emulation *ie = insn_emulations[i];
+
+ if (ie->status == INSN_UNAVAILABLE)
+ continue;
+
+ register_insn_emulation(ie);
}
cpuhp_setup_state_nocalls(CPUHP_AP_ARM64_ISNDEP_STARTING,
"arm64/isndep:starting",
run_all_insn_set_hw_mode, NULL);
- register_insn_emulation_sysctl();
-
return 0;
}
--- a/arch/arm64/kernel/traps.c
+++ b/arch/arm64/kernel/traps.c
@@ -373,27 +373,6 @@ void arm64_skip_faulting_instruction(str
regs->pstate &= ~PSR_BTYPE_MASK;
}
-static LIST_HEAD(undef_hook);
-static DEFINE_RAW_SPINLOCK(undef_lock);
-
-void register_undef_hook(struct undef_hook *hook)
-{
- unsigned long flags;
-
- raw_spin_lock_irqsave(&undef_lock, flags);
- list_add(&hook->node, &undef_hook);
- raw_spin_unlock_irqrestore(&undef_lock, flags);
-}
-
-void unregister_undef_hook(struct undef_hook *hook)
-{
- unsigned long flags;
-
- raw_spin_lock_irqsave(&undef_lock, flags);
- list_del(&hook->node);
- raw_spin_unlock_irqrestore(&undef_lock, flags);
-}
-
static int user_insn_read(struct pt_regs *regs, u32 *insnp)
{
u32 instr;
@@ -425,23 +404,6 @@ static int user_insn_read(struct pt_regs
return 0;
}
-static int call_undef_hook(struct pt_regs *regs, u32 instr)
-{
- struct undef_hook *hook;
- unsigned long flags;
- int (*fn)(struct pt_regs *regs, u32 instr) = NULL;
-
- raw_spin_lock_irqsave(&undef_lock, flags);
- list_for_each_entry(hook, &undef_hook, node)
- if ((instr & hook->instr_mask) == hook->instr_val &&
- (regs->pstate & hook->pstate_mask) == hook->pstate_val)
- fn = hook->fn;
-
- raw_spin_unlock_irqrestore(&undef_lock, flags);
-
- return fn ? fn(regs, instr) : 1;
-}
-
void force_signal_inject(int signal, int code, unsigned long address, unsigned long err)
{
const char *desc;
@@ -502,7 +464,7 @@ void do_el0_undef(struct pt_regs *regs,
if (try_emulate_mrs(regs, insn))
return;
- if (call_undef_hook(regs, insn) == 0)
+ if (try_emulate_armv8_deprecated(regs, insn))
return;
out_err:
^ permalink raw reply [flat|nested] 123+ messages in thread* [PATCH 5.15 099/102] arm64: armv8_deprecated: fix unused-function error
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (97 preceding siblings ...)
2023-10-16 8:41 ` [PATCH 5.15 098/102] arm64: armv8_deprecated: rework deprected instruction handling Greg Kroah-Hartman
@ 2023-10-16 8:41 ` Greg Kroah-Hartman
2023-10-16 8:41 ` [PATCH 5.15 100/102] Revert "kernel/sched: Modify initial boot task idle setup" Greg Kroah-Hartman
` (11 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, ruanjinjie, Ren Zhijie, Mark Rutland,
Will Deacon
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ren Zhijie <renzhijie2@huawei.com>
commit 223d3a0d30b6e9f979f5642e430e1753d3e29f89 upstream.
If CONFIG_SWP_EMULATION is not set and
CONFIG_CP15_BARRIER_EMULATION is not set,
aarch64-linux-gnu complained about unused-function :
arch/arm64/kernel/armv8_deprecated.c:67:21: error: ‘aarch32_check_condition’ defined but not used [-Werror=unused-function]
static unsigned int aarch32_check_condition(u32 opcode, u32 psr)
^~~~~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
To fix this warning, modify aarch32_check_condition() with __maybe_unused.
Fixes: 0c5f416219da ("arm64: armv8_deprecated: move aarch32 helper earlier")
Signed-off-by: Ren Zhijie <renzhijie2@huawei.com>
Acked-by: Mark Rutland <mark.rutland@arm.com>
Link: https://lore.kernel.org/r/20221124022429.19024-1-renzhijie2@huawei.com
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Jinjie Ruan <ruanjinjie@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/kernel/armv8_deprecated.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/arm64/kernel/armv8_deprecated.c
+++ b/arch/arm64/kernel/armv8_deprecated.c
@@ -64,7 +64,7 @@ struct insn_emulation {
#define ARM_OPCODE_CONDITION_UNCOND 0xf
-static unsigned int aarch32_check_condition(u32 opcode, u32 psr)
+static unsigned int __maybe_unused aarch32_check_condition(u32 opcode, u32 psr)
{
u32 cc_bits = opcode >> 28;
^ permalink raw reply [flat|nested] 123+ messages in thread* [PATCH 5.15 100/102] Revert "kernel/sched: Modify initial boot task idle setup"
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (98 preceding siblings ...)
2023-10-16 8:41 ` [PATCH 5.15 099/102] arm64: armv8_deprecated: fix unused-function error Greg Kroah-Hartman
@ 2023-10-16 8:41 ` Greg Kroah-Hartman
2023-10-16 8:41 ` [PATCH 5.15 101/102] usb: hub: Guard against accesses to uninitialized BOS descriptors Greg Kroah-Hartman
` (10 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Joel Fernandes, Liam R. Howlett,
Peter Zijlstra (Intel)
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This reverts commit 3569ad59664f9fa3ba1d02a78810773b7f49702b which is
commit cff9b2332ab762b7e0586c793c431a8f2ea4db04 upstream.
Joel writes:
Let us drop this patch because it caused new tasks-RCU warnings (both
normal and rude tasks RCU) in my stable test rig. We are discussing
the "right fix" and at that time a backport can be done.
Reported-by: Joel Fernandes <joel@joelfernandes.org>
Link: https://lore.kernel.org/r/CAEXW_YT6bH70M1TF2TttB-_kP=RUv_1nsy_sHYi6_0oCrX3mVQ@mail.gmail.com
Cc: Liam R. Howlett <Liam.Howlett@oracle.com>
Cc: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/sched/core.c | 2 +-
kernel/sched/idle.c | 1 -
2 files changed, 1 insertion(+), 2 deletions(-)
--- a/kernel/sched/core.c
+++ b/kernel/sched/core.c
@@ -8725,7 +8725,7 @@ void __init init_idle(struct task_struct
* PF_KTHREAD should already be set at this point; regardless, make it
* look like a proper per-CPU kthread.
*/
- idle->flags |= PF_KTHREAD | PF_NO_SETAFFINITY;
+ idle->flags |= PF_IDLE | PF_KTHREAD | PF_NO_SETAFFINITY;
kthread_set_per_cpu(idle, cpu);
#ifdef CONFIG_SMP
--- a/kernel/sched/idle.c
+++ b/kernel/sched/idle.c
@@ -397,7 +397,6 @@ EXPORT_SYMBOL_GPL(play_idle_precise);
void cpu_startup_entry(enum cpuhp_state state)
{
- current->flags |= PF_IDLE;
arch_cpu_idle_prepare();
cpuhp_online_idle(state);
while (1)
^ permalink raw reply [flat|nested] 123+ messages in thread* [PATCH 5.15 101/102] usb: hub: Guard against accesses to uninitialized BOS descriptors
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (99 preceding siblings ...)
2023-10-16 8:41 ` [PATCH 5.15 100/102] Revert "kernel/sched: Modify initial boot task idle setup" Greg Kroah-Hartman
@ 2023-10-16 8:41 ` Greg Kroah-Hartman
2023-10-16 8:41 ` [PATCH 5.15 102/102] eth: remove remaining copies of the NAPI_POLL_WEIGHT define Greg Kroah-Hartman
` (9 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:41 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Ricardo Cañuelo
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ricardo Cañuelo <ricardo.canuelo@collabora.com>
commit f74a7afc224acd5e922c7a2e52244d891bbe44ee upstream.
Many functions in drivers/usb/core/hub.c and drivers/usb/core/hub.h
access fields inside udev->bos without checking if it was allocated and
initialized. If usb_get_bos_descriptor() fails for whatever
reason, udev->bos will be NULL and those accesses will result in a
crash:
BUG: kernel NULL pointer dereference, address: 0000000000000018
PGD 0 P4D 0
Oops: 0000 [#1] PREEMPT SMP NOPTI
CPU: 5 PID: 17818 Comm: kworker/5:1 Tainted: G W 5.15.108-18910-gab0e1cb584e1 #1 <HASH:1f9e 1>
Hardware name: Google Kindred/Kindred, BIOS Google_Kindred.12672.413.0 02/03/2021
Workqueue: usb_hub_wq hub_event
RIP: 0010:hub_port_reset+0x193/0x788
Code: 89 f7 e8 20 f7 15 00 48 8b 43 08 80 b8 96 03 00 00 03 75 36 0f b7 88 92 03 00 00 81 f9 10 03 00 00 72 27 48 8b 80 a8 03 00 00 <48> 83 78 18 00 74 19 48 89 df 48 8b 75 b0 ba 02 00 00 00 4c 89 e9
RSP: 0018:ffffab740c53fcf8 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffffa1bc5f678000 RCX: 0000000000000310
RDX: fffffffffffffdff RSI: 0000000000000286 RDI: ffffa1be9655b840
RBP: ffffab740c53fd70 R08: 00001b7d5edaa20c R09: ffffffffb005e060
R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000
R13: ffffab740c53fd3e R14: 0000000000000032 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffffa1be96540000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000018 CR3: 000000022e80c005 CR4: 00000000003706e0
Call Trace:
hub_event+0x73f/0x156e
? hub_activate+0x5b7/0x68f
process_one_work+0x1a2/0x487
worker_thread+0x11a/0x288
kthread+0x13a/0x152
? process_one_work+0x487/0x487
? kthread_associate_blkcg+0x70/0x70
ret_from_fork+0x1f/0x30
Fall back to a default behavior if the BOS descriptor isn't accessible
and skip all the functionalities that depend on it: LPM support checks,
Super Speed capabilitiy checks, U1/U2 states setup.
Signed-off-by: Ricardo Cañuelo <ricardo.canuelo@collabora.com>
Cc: stable <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20230830100418.1952143-1-ricardo.canuelo@collabora.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/core/hub.c | 25 ++++++++++++++++++++++---
drivers/usb/core/hub.h | 2 +-
2 files changed, 23 insertions(+), 4 deletions(-)
--- a/drivers/usb/core/hub.c
+++ b/drivers/usb/core/hub.c
@@ -150,6 +150,10 @@ int usb_device_supports_lpm(struct usb_d
if (udev->quirks & USB_QUIRK_NO_LPM)
return 0;
+ /* Skip if the device BOS descriptor couldn't be read */
+ if (!udev->bos)
+ return 0;
+
/* USB 2.1 (and greater) devices indicate LPM support through
* their USB 2.0 Extended Capabilities BOS descriptor.
*/
@@ -326,6 +330,10 @@ static void usb_set_lpm_parameters(struc
if (!udev->lpm_capable || udev->speed < USB_SPEED_SUPER)
return;
+ /* Skip if the device BOS descriptor couldn't be read */
+ if (!udev->bos)
+ return;
+
hub = usb_hub_to_struct_hub(udev->parent);
/* It doesn't take time to transition the roothub into U0, since it
* doesn't have an upstream link.
@@ -2698,13 +2706,17 @@ out_authorized:
static enum usb_ssp_rate get_port_ssp_rate(struct usb_device *hdev,
u32 ext_portstatus)
{
- struct usb_ssp_cap_descriptor *ssp_cap = hdev->bos->ssp_cap;
+ struct usb_ssp_cap_descriptor *ssp_cap;
u32 attr;
u8 speed_id;
u8 ssac;
u8 lanes;
int i;
+ if (!hdev->bos)
+ goto out;
+
+ ssp_cap = hdev->bos->ssp_cap;
if (!ssp_cap)
goto out;
@@ -4186,8 +4198,15 @@ static void usb_enable_link_state(struct
enum usb3_link_state state)
{
int timeout, ret;
- __u8 u1_mel = udev->bos->ss_cap->bU1devExitLat;
- __le16 u2_mel = udev->bos->ss_cap->bU2DevExitLat;
+ __u8 u1_mel;
+ __le16 u2_mel;
+
+ /* Skip if the device BOS descriptor couldn't be read */
+ if (!udev->bos)
+ return;
+
+ u1_mel = udev->bos->ss_cap->bU1devExitLat;
+ u2_mel = udev->bos->ss_cap->bU2DevExitLat;
/* If the device says it doesn't have *any* exit latency to come out of
* U1 or U2, it's probably lying. Assume it doesn't implement that link
--- a/drivers/usb/core/hub.h
+++ b/drivers/usb/core/hub.h
@@ -141,7 +141,7 @@ static inline int hub_is_superspeedplus(
{
return (hdev->descriptor.bDeviceProtocol == USB_HUB_PR_SS &&
le16_to_cpu(hdev->descriptor.bcdUSB) >= 0x0310 &&
- hdev->bos->ssp_cap);
+ hdev->bos && hdev->bos->ssp_cap);
}
static inline unsigned hub_power_on_good_delay(struct usb_hub *hub)
^ permalink raw reply [flat|nested] 123+ messages in thread* [PATCH 5.15 102/102] eth: remove remaining copies of the NAPI_POLL_WEIGHT define
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (100 preceding siblings ...)
2023-10-16 8:41 ` [PATCH 5.15 101/102] usb: hub: Guard against accesses to uninitialized BOS descriptors Greg Kroah-Hartman
@ 2023-10-16 8:41 ` Greg Kroah-Hartman
2023-10-16 11:45 ` [PATCH 5.15 000/102] 5.15.136-rc1 review Ricardo B. Marliere
` (8 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 8:41 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Jakub Kicinski, David S. Miller
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jakub Kicinski <kuba@kernel.org>
commit 36ffca1afea9b429d3e49aa0b6a68ecd93f3be11 upstream.
Defining local versions of NAPI_POLL_WEIGHT with the same
values in the drivers just makes refactoring harder.
This patch covers three more drivers which I missed in
commit 5f012b40ef63 ("eth: remove copies of the NAPI_POLL_WEIGHT define").
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/amazon/ena/ena_netdev.c | 4 +---
drivers/net/ethernet/brocade/bna/bnad.c | 3 +--
drivers/net/ethernet/nvidia/forcedeth.c | 6 +++---
3 files changed, 5 insertions(+), 8 deletions(-)
--- a/drivers/net/ethernet/amazon/ena/ena_netdev.c
+++ b/drivers/net/ethernet/amazon/ena/ena_netdev.c
@@ -31,8 +31,6 @@ MODULE_LICENSE("GPL");
#define ENA_MAX_RINGS min_t(unsigned int, ENA_MAX_NUM_IO_QUEUES, num_possible_cpus())
-#define ENA_NAPI_BUDGET 64
-
#define DEFAULT_MSG_ENABLE (NETIF_MSG_DRV | NETIF_MSG_PROBE | NETIF_MSG_IFUP | \
NETIF_MSG_TX_DONE | NETIF_MSG_TX_ERR | NETIF_MSG_RX_ERR)
@@ -2303,7 +2301,7 @@ static void ena_init_napi_in_range(struc
netif_napi_add(adapter->netdev,
&napi->napi,
ENA_IS_XDP_INDEX(adapter, i) ? ena_xdp_io_poll : ena_io_poll,
- ENA_NAPI_BUDGET);
+ NAPI_POLL_WEIGHT);
if (!ENA_IS_XDP_INDEX(adapter, i)) {
napi->rx_ring = &adapter->rx_ring[i];
--- a/drivers/net/ethernet/brocade/bna/bnad.c
+++ b/drivers/net/ethernet/brocade/bna/bnad.c
@@ -1881,7 +1881,6 @@ poll_exit:
return rcvd;
}
-#define BNAD_NAPI_POLL_QUOTA 64
static void
bnad_napi_add(struct bnad *bnad, u32 rx_id)
{
@@ -1892,7 +1891,7 @@ bnad_napi_add(struct bnad *bnad, u32 rx_
for (i = 0; i < bnad->num_rxp_per_rx; i++) {
rx_ctrl = &bnad->rx_info[rx_id].rx_ctrl[i];
netif_napi_add(bnad->netdev, &rx_ctrl->napi,
- bnad_napi_poll_rx, BNAD_NAPI_POLL_QUOTA);
+ bnad_napi_poll_rx, NAPI_POLL_WEIGHT);
}
}
--- a/drivers/net/ethernet/nvidia/forcedeth.c
+++ b/drivers/net/ethernet/nvidia/forcedeth.c
@@ -56,8 +56,8 @@
#include <asm/irq.h>
-#define TX_WORK_PER_LOOP 64
-#define RX_WORK_PER_LOOP 64
+#define TX_WORK_PER_LOOP NAPI_POLL_WEIGHT
+#define RX_WORK_PER_LOOP NAPI_POLL_WEIGHT
/*
* Hardware access:
@@ -5869,7 +5869,7 @@ static int nv_probe(struct pci_dev *pci_
else
dev->netdev_ops = &nv_netdev_ops_optimized;
- netif_napi_add(dev, &np->napi, nv_napi_poll, RX_WORK_PER_LOOP);
+ netif_napi_add(dev, &np->napi, nv_napi_poll, NAPI_POLL_WEIGHT);
dev->ethtool_ops = &ops;
dev->watchdog_timeo = NV_WATCHDOG_TIMEO;
^ permalink raw reply [flat|nested] 123+ messages in thread* Re: [PATCH 5.15 000/102] 5.15.136-rc1 review
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (101 preceding siblings ...)
2023-10-16 8:41 ` [PATCH 5.15 102/102] eth: remove remaining copies of the NAPI_POLL_WEIGHT define Greg Kroah-Hartman
@ 2023-10-16 11:45 ` Ricardo B. Marliere
2023-10-16 12:54 ` Jon Hunter
` (7 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Ricardo B. Marliere @ 2023-10-16 11:45 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: stable, patches, linux-kernel, torvalds, akpm, linux, shuah,
patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow, conor
On 23/10/16 10:39AM, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.15.136 release.
> There are 102 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 18 Oct 2023 08:39:38 +0000.
> Anything received after that time might be too late.
My system runs fine, with some minor warnings:
08:42:25 rbmarliere@debian ~
$ dmesg | head -1
[ 0.000000] Linux version 5.15.136-rc1+ (rbmarliere@debian) (Debian clang version 16.0.6 (15), GNU ld (GNU Binutils for Debian) 2.41) #1 SMP Mon Oct 16 07:33:42 -03 2023
08:42:27 rbmarliere@debian ~
$ dmesg -lerr
[ 3.907484] nouveau 0000:09:00.0: DRM: core notifier timeout
[ 6.457694] nouveau 0000:09:00.0: DRM: core notifier timeout
[ 14.533137] nouveau 0000:09:00.0: DRM: core notifier timeout
[ 17.870791] nouveau 0000:09:00.0: DRM: core notifier timeout
08:42:32 rbmarliere@debian ~
$ grep warning /mnt/md0/linux/5.15.y/err.log
arch/x86/kernel/smp.o: warning: objtool: sysvec_reboot()+0x43: unreachable instruction
net/ipv6/seg6_local.o: warning: objtool: seg6_local_fill_encap() falls through to next function seg6_local_get_encap_size()
net/ipv6/seg6_local.o: warning: objtool: seg6_local_cmp_encap() falls through to next function input_action_end()
Tested-by: Ricardo B. Marliere <ricardo@marliere.net>
Thanks!
^ permalink raw reply [flat|nested] 123+ messages in thread* Re: [PATCH 5.15 000/102] 5.15.136-rc1 review
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (102 preceding siblings ...)
2023-10-16 11:45 ` [PATCH 5.15 000/102] 5.15.136-rc1 review Ricardo B. Marliere
@ 2023-10-16 12:54 ` Jon Hunter
2023-10-16 13:36 ` Harshit Mogalapalli
` (6 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Jon Hunter @ 2023-10-16 12:54 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: Greg Kroah-Hartman, patches, linux-kernel, torvalds, akpm, linux,
shuah, patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow, conor, linux-tegra, stable
On Mon, 16 Oct 2023 10:39:59 +0200, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.15.136 release.
> There are 102 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 18 Oct 2023 08:39:38 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.136-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
All tests passing for Tegra ...
Test results for stable-v5.15:
10 builds: 10 pass, 0 fail
26 boots: 26 pass, 0 fail
102 tests: 102 pass, 0 fail
Linux version: 5.15.136-rc1-gf11fc66f963f
Boards tested: tegra124-jetson-tk1, tegra186-p2771-0000,
tegra194-p2972-0000, tegra194-p3509-0000+p3668-0000,
tegra20-ventana, tegra210-p2371-2180,
tegra210-p3450-0000, tegra30-cardhu-a04
Tested-by: Jon Hunter <jonathanh@nvidia.com>
Jon
^ permalink raw reply [flat|nested] 123+ messages in thread* Re: [PATCH 5.15 000/102] 5.15.136-rc1 review
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (103 preceding siblings ...)
2023-10-16 12:54 ` Jon Hunter
@ 2023-10-16 13:36 ` Harshit Mogalapalli
2023-10-16 15:14 ` Greg Kroah-Hartman
2023-10-16 17:57 ` Florian Fainelli
` (5 subsequent siblings)
110 siblings, 1 reply; 123+ messages in thread
From: Harshit Mogalapalli @ 2023-10-16 13:36 UTC (permalink / raw)
To: Greg Kroah-Hartman, stable, Sasha Levin
Cc: Vegard Nossum, patches, linux-kernel, torvalds, akpm, linux,
shuah, patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow, conor
Hi Greg,
On 16/10/23 2:09 pm, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.15.136 release.
> There are 102 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 18 Oct 2023 08:39:38 +0000.
> Anything received after that time might be too late.
>
I am seeing a build failure while compiling tools/perf/
In file included from tests/genelf.c:14:
tests/../util/genelf.h:5:10: fatal error: linux/math.h: No such file or
directory
5 | #include <linux/math.h>
| ^~~~~~~~~~~~~~
compilation terminated.
Patch 43 in this series is causing this.
Why is this not reproducible upstream ?
Vegard bisected the commit which makes it not reproducible upstream and
this commit is missing in 5.15.y:
Commit: d6e6a27d960f ("tools: Fix math.h breakage")
Backport request for this was made here:
https://lore.kernel.org/all/CAMVNhxS-6qNfxy8jHrY5EtZASTL9gAvZi=BdTkUA5_5CSQ2Cmg@mail.gmail.com/
Thanks,
Harshit
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.136-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
>
> -------------
> Pseudo-Shortlog of commits:
> Adrian Hunter <adrian.hunter@intel.com>
> perf inject: Fix GEN_ELF_TEXT_OFFSET for jit
>
^ permalink raw reply [flat|nested] 123+ messages in thread* Re: [PATCH 5.15 000/102] 5.15.136-rc1 review
2023-10-16 13:36 ` Harshit Mogalapalli
@ 2023-10-16 15:14 ` Greg Kroah-Hartman
2023-10-16 15:53 ` Harshit Mogalapalli
0 siblings, 1 reply; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 15:14 UTC (permalink / raw)
To: Harshit Mogalapalli
Cc: stable, Sasha Levin, Vegard Nossum, patches, linux-kernel,
torvalds, akpm, linux, shuah, patches, lkft-triage, pavel,
jonathanh, f.fainelli, sudipm.mukherjee, srw, rwarsow, conor
On Mon, Oct 16, 2023 at 07:06:20PM +0530, Harshit Mogalapalli wrote:
> Hi Greg,
>
> On 16/10/23 2:09 pm, Greg Kroah-Hartman wrote:
> > This is the start of the stable review cycle for the 5.15.136 release.
> > There are 102 patches in this series, all will be posted as a response
> > to this one. If anyone has any issues with these being applied, please
> > let me know.
> >
> > Responses should be made by Wed, 18 Oct 2023 08:39:38 +0000.
> > Anything received after that time might be too late.
> >
>
> I am seeing a build failure while compiling tools/perf/
>
> In file included from tests/genelf.c:14:
> tests/../util/genelf.h:5:10: fatal error: linux/math.h: No such file or
> directory
> 5 | #include <linux/math.h>
> | ^~~~~~~~~~~~~~
> compilation terminated.
>
> Patch 43 in this series is causing this.
What is patch 43?
> Why is this not reproducible upstream ?
>
> Vegard bisected the commit which makes it not reproducible upstream and this
> commit is missing in 5.15.y:
> Commit: d6e6a27d960f ("tools: Fix math.h breakage")
>
> Backport request for this was made here:
> https://lore.kernel.org/all/CAMVNhxS-6qNfxy8jHrY5EtZASTL9gAvZi=BdTkUA5_5CSQ2Cmg@mail.gmail.com/
And that commit is in this patch series, so are you sure that was
correct?
thanks,
greg k-h
^ permalink raw reply [flat|nested] 123+ messages in thread* Re: [PATCH 5.15 000/102] 5.15.136-rc1 review
2023-10-16 15:14 ` Greg Kroah-Hartman
@ 2023-10-16 15:53 ` Harshit Mogalapalli
2023-10-16 16:58 ` Greg Kroah-Hartman
0 siblings, 1 reply; 123+ messages in thread
From: Harshit Mogalapalli @ 2023-10-16 15:53 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: stable, Sasha Levin, Vegard Nossum, patches, linux-kernel,
torvalds, akpm, linux, shuah, patches, lkft-triage, pavel,
jonathanh, f.fainelli, sudipm.mukherjee, srw, rwarsow, conor
Hi Greg,
On 16/10/23 8:44 pm, Greg Kroah-Hartman wrote:
> On Mon, Oct 16, 2023 at 07:06:20PM +0530, Harshit Mogalapalli wrote:
>> Hi Greg,
>>
>> On 16/10/23 2:09 pm, Greg Kroah-Hartman wrote:
>>> This is the start of the stable review cycle for the 5.15.136 release.
>>> There are 102 patches in this series, all will be posted as a response
>>> to this one. If anyone has any issues with these being applied, please
>>> let me know.
>>>
>>> Responses should be made by Wed, 18 Oct 2023 08:39:38 +0000.
>>> Anything received after that time might be too late.
>>>
>>
>> I am seeing a build failure while compiling tools/perf/
>>
>> In file included from tests/genelf.c:14:
>> tests/../util/genelf.h:5:10: fatal error: linux/math.h: No such file or
>> directory
>> 5 | #include <linux/math.h>
>> | ^~~~~~~~~~~~~~
>> compilation terminated.
>>
>> Patch 43 in this series is causing this.
>
Sorry for the confusion.
> What is patch 43?
It is patch 42/102 in this series
https://lore.kernel.org/stable/2023101641-resource-scalding-3e1d@gregkh/T/#m70a2a03b6204085af187184af911570681e744f5
Commit: e2bf685d7e311 ("perf inject: Fix GEN_ELF_TEXT_OFFSET for jit")
>
>> Why is this not reproducible upstream ?
>>
>> Vegard bisected the commit which makes it not reproducible upstream and this
>> commit is missing in 5.15.y:
>> Commit: d6e6a27d960f ("tools: Fix math.h breakage")
>>
>> Backport request for this was made here:
>> https://lore.kernel.org/all/CAMVNhxS-6qNfxy8jHrY5EtZASTL9gAvZi=BdTkUA5_5CSQ2Cmg@mail.gmail.com/
>
> And that commit is in this patch series, so are you sure that was
> correct?
>
Cause for this build issue:
Commit: e2bf685d7e311 ("perf inject: Fix GEN_ELF_TEXT_OFFSET for jit")
And this issue is not in upstream due to presence of commit d6e6a27d960f
("tools: Fix math.h breakage") in upstream but not in 5.15.y
Thanks,
Harshit
> thanks,
>
> greg k-h
^ permalink raw reply [flat|nested] 123+ messages in thread* Re: [PATCH 5.15 000/102] 5.15.136-rc1 review
2023-10-16 15:53 ` Harshit Mogalapalli
@ 2023-10-16 16:58 ` Greg Kroah-Hartman
2023-10-17 8:58 ` Vegard Nossum
2023-10-19 5:53 ` Harshit Mogalapalli
0 siblings, 2 replies; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-16 16:58 UTC (permalink / raw)
To: Harshit Mogalapalli
Cc: stable, Sasha Levin, Vegard Nossum, patches, linux-kernel,
torvalds, akpm, linux, shuah, patches, lkft-triage, pavel,
jonathanh, f.fainelli, sudipm.mukherjee, srw, rwarsow, conor
On Mon, Oct 16, 2023 at 09:23:36PM +0530, Harshit Mogalapalli wrote:
> Hi Greg,
>
> On 16/10/23 8:44 pm, Greg Kroah-Hartman wrote:
> > On Mon, Oct 16, 2023 at 07:06:20PM +0530, Harshit Mogalapalli wrote:
> > > Hi Greg,
> > >
> > > On 16/10/23 2:09 pm, Greg Kroah-Hartman wrote:
> > > > This is the start of the stable review cycle for the 5.15.136 release.
> > > > There are 102 patches in this series, all will be posted as a response
> > > > to this one. If anyone has any issues with these being applied, please
> > > > let me know.
> > > >
> > > > Responses should be made by Wed, 18 Oct 2023 08:39:38 +0000.
> > > > Anything received after that time might be too late.
> > > >
> > >
> > > I am seeing a build failure while compiling tools/perf/
> > >
> > > In file included from tests/genelf.c:14:
> > > tests/../util/genelf.h:5:10: fatal error: linux/math.h: No such file or
> > > directory
> > > 5 | #include <linux/math.h>
> > > | ^~~~~~~~~~~~~~
> > > compilation terminated.
> > >
> > > Patch 43 in this series is causing this.
> >
>
> Sorry for the confusion.
>
> > What is patch 43?
>
> It is patch 42/102 in this series
>
> https://lore.kernel.org/stable/2023101641-resource-scalding-3e1d@gregkh/T/#m70a2a03b6204085af187184af911570681e744f5
>
> Commit: e2bf685d7e311 ("perf inject: Fix GEN_ELF_TEXT_OFFSET for jit")
>
>
> >
> > > Why is this not reproducible upstream ?
> > >
> > > Vegard bisected the commit which makes it not reproducible upstream and this
> > > commit is missing in 5.15.y:
> > > Commit: d6e6a27d960f ("tools: Fix math.h breakage")
> > >
> > > Backport request for this was made here:
> > > https://lore.kernel.org/all/CAMVNhxS-6qNfxy8jHrY5EtZASTL9gAvZi=BdTkUA5_5CSQ2Cmg@mail.gmail.com/
> >
> > And that commit is in this patch series, so are you sure that was
> > correct?
> >
>
> Cause for this build issue:
> Commit: e2bf685d7e311 ("perf inject: Fix GEN_ELF_TEXT_OFFSET for jit")
>
> And this issue is not in upstream due to presence of commit d6e6a27d960f
> ("tools: Fix math.h breakage") in upstream but not in 5.15.y
Ok, I'll go drop the patch entirely, I can't even get perf to build at
all for me on 5.15, which is why I've given up on it even mattering
anymore :(
thanks,
greg k-h
^ permalink raw reply [flat|nested] 123+ messages in thread* Re: [PATCH 5.15 000/102] 5.15.136-rc1 review
2023-10-16 16:58 ` Greg Kroah-Hartman
@ 2023-10-17 8:58 ` Vegard Nossum
2023-10-17 13:57 ` Greg Kroah-Hartman
2023-10-19 5:53 ` Harshit Mogalapalli
1 sibling, 1 reply; 123+ messages in thread
From: Vegard Nossum @ 2023-10-17 8:58 UTC (permalink / raw)
To: Greg Kroah-Hartman, Harshit Mogalapalli
Cc: stable, Sasha Levin, patches, linux-kernel, torvalds, akpm, linux,
shuah, patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow, conor
On 16/10/2023 18:58, Greg Kroah-Hartman wrote:
> On Mon, Oct 16, 2023 at 09:23:36PM +0530, Harshit Mogalapalli wrote:
>> Cause for this build issue:
>> Commit: e2bf685d7e311 ("perf inject: Fix GEN_ELF_TEXT_OFFSET for jit")
>>
>> And this issue is not in upstream due to presence of commit d6e6a27d960f
>> ("tools: Fix math.h breakage") in upstream but not in 5.15.y
>
> Ok, I'll go drop the patch entirely, I can't even get perf to build at
> all for me on 5.15, which is why I've given up on it even mattering
> anymore :(
Just for maximal clarity, there are several commits involved here:
1. babd04386b1d perf jit: Include program header in ELF files
This commit is already in 5.15.y but introduced a bug...
2. 89b15d00527b perf inject: Fix GEN_ELF_TEXT_OFFSET for jit
This commit is in this -rc1 and fixes the bug above, but introduces a
new perf build failure on 5.15.y. [This is the one I think you've now
dropped.]
3. d6e6a27d960f tools: Fix math.h breakage
This is a prerequisite for #2 and is not in 5.15.y. However, it has some
conflicts on 5.15.y, i.e. it probably has some prerequisites of its own
that I haven't looked into.
I guess the question is -- if we're dropping #2, should we drop #1 as
well? Or... instead of dropping either of them we could also apply a
minimal fix:
diff --git a/tools/perf/util/genelf.h b/tools/perf/util/genelf.h
index 159c69bcc33e..6e202db6c4d9 100644
--- a/tools/perf/util/genelf.h
+++ b/tools/perf/util/genelf.h
@@ -2,7 +2,7 @@
#ifndef __GENELF_H__
#define __GENELF_H__
-#include <linux/math.h>
+#include <linux/kernel.h>
/* genelf.c */
int jit_write_elf(int fd, uint64_t code_addr, const char *sym,
However, this is not what mainline does so technically it runs afoul of
the stable rules (although arguably I think we could also just make this
change to #2 and call it a backport).
Out of curiosity, Greg: what is your build error with perf? Given that
it builds for us (and we actually package perf so we need it) it sounds
like maybe you're missing a package in your environment or something? If
you pass us your config + the output of
make -C tools/perf/
I'd be happy to look into it. Only if you want though :-)
Vegard
^ permalink raw reply related [flat|nested] 123+ messages in thread* Re: [PATCH 5.15 000/102] 5.15.136-rc1 review
2023-10-17 8:58 ` Vegard Nossum
@ 2023-10-17 13:57 ` Greg Kroah-Hartman
2023-10-17 14:08 ` Greg Kroah-Hartman
0 siblings, 1 reply; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-17 13:57 UTC (permalink / raw)
To: Vegard Nossum
Cc: Harshit Mogalapalli, stable, Sasha Levin, patches, linux-kernel,
torvalds, akpm, linux, shuah, patches, lkft-triage, pavel,
jonathanh, f.fainelli, sudipm.mukherjee, srw, rwarsow, conor
On Tue, Oct 17, 2023 at 10:58:22AM +0200, Vegard Nossum wrote:
>
> On 16/10/2023 18:58, Greg Kroah-Hartman wrote:
> > On Mon, Oct 16, 2023 at 09:23:36PM +0530, Harshit Mogalapalli wrote:
> > > Cause for this build issue:
> > > Commit: e2bf685d7e311 ("perf inject: Fix GEN_ELF_TEXT_OFFSET for jit")
> > >
> > > And this issue is not in upstream due to presence of commit d6e6a27d960f
> > > ("tools: Fix math.h breakage") in upstream but not in 5.15.y
> >
> > Ok, I'll go drop the patch entirely, I can't even get perf to build at
> > all for me on 5.15, which is why I've given up on it even mattering
> > anymore :(
>
> Just for maximal clarity, there are several commits involved here:
>
> 1. babd04386b1d perf jit: Include program header in ELF files
>
> This commit is already in 5.15.y but introduced a bug...
>
> 2. 89b15d00527b perf inject: Fix GEN_ELF_TEXT_OFFSET for jit
>
> This commit is in this -rc1 and fixes the bug above, but introduces a
> new perf build failure on 5.15.y. [This is the one I think you've now
> dropped.]
>
> 3. d6e6a27d960f tools: Fix math.h breakage
>
> This is a prerequisite for #2 and is not in 5.15.y. However, it has some
> conflicts on 5.15.y, i.e. it probably has some prerequisites of its own
> that I haven't looked into.
>
> I guess the question is -- if we're dropping #2, should we drop #1 as
> well? Or... instead of dropping either of them we could also apply a
> minimal fix:
I can't "drop" #1, as it's already merged.
So how about sending a set of patches that you feel should be applied to
get this building for you? As again, it doesn't work at all for me.
> Out of curiosity, Greg: what is your build error with perf? Given that
> it builds for us (and we actually package perf so we need it) it sounds
> like maybe you're missing a package in your environment or something? If
> you pass us your config + the output of
>
> make -C tools/perf/
>
> I'd be happy to look into it. Only if you want though :-)
Sure! Here's the output, good luck!
$ make -C tools/perf
make: Entering directory '/home/gregkh/linux/stable/linux-5.15.y/tools/perf'
BUILD: Doing 'make -j20' parallel build
Warning: Kernel ABI header at 'tools/include/uapi/linux/const.h' differs from latest version at 'include/uapi/linux/const.h'
diff -u tools/include/uapi/linux/const.h include/uapi/linux/const.h
Warning: Kernel ABI header at 'tools/include/uapi/linux/in.h' differs from latest version at 'include/uapi/linux/in.h'
diff -u tools/include/uapi/linux/in.h include/uapi/linux/in.h
Warning: Kernel ABI header at 'tools/arch/x86/include/asm/disabled-features.h' differs from latest version at 'arch/x86/include/asm/disabled-features.h'
diff -u tools/arch/x86/include/asm/disabled-features.h arch/x86/include/asm/disabled-features.h
Warning: Kernel ABI header at 'tools/arch/x86/include/asm/required-features.h' differs from latest version at 'arch/x86/include/asm/required-features.h'
diff -u tools/arch/x86/include/asm/required-features.h arch/x86/include/asm/required-features.h
Warning: Kernel ABI header at 'tools/arch/x86/include/asm/cpufeatures.h' differs from latest version at 'arch/x86/include/asm/cpufeatures.h'
diff -u tools/arch/x86/include/asm/cpufeatures.h arch/x86/include/asm/cpufeatures.h
Warning: Kernel ABI header at 'tools/arch/x86/include/asm/msr-index.h' differs from latest version at 'arch/x86/include/asm/msr-index.h'
diff -u tools/arch/x86/include/asm/msr-index.h arch/x86/include/asm/msr-index.h
Warning: Kernel ABI header at 'tools/arch/arm64/include/uapi/asm/kvm.h' differs from latest version at 'arch/arm64/include/uapi/asm/kvm.h'
diff -u tools/arch/arm64/include/uapi/asm/kvm.h arch/arm64/include/uapi/asm/kvm.h
Makefile.config:1036: No libbabeltrace found, disables 'perf data' CTF format support, please install libbabeltrace-dev[el]/libbabeltrace-ctf-dev
Makefile.config:1062: No alternatives command found, you need to set JDIR= to point to the root of your Java directory
tests/bpf.c: In function ‘epoll_pwait_loop’:
tests/bpf.c:36:17: error: argument 2 null where non-null expected [-Werror=nonnull]
36 | epoll_pwait(-(i + 1), NULL, 0, 0, NULL);
| ^~~~~~~~~~~
In file included from tests/bpf.c:5:
/usr/include/sys/epoll.h:134:12: note: in a call to function ‘epoll_pwait’ declared ‘nonnull’
134 | extern int epoll_pwait (int __epfd, struct epoll_event *__events,
| ^~~~~~~~~~~
CC util/jitdump.o
CC util/genelf.o
CC util/genelf_debug.o
cc1: all warnings being treated as errors
make[4]: *** [/home/gregkh/linux/stable/linux-5.15.y/tools/build/Makefile.build:96: tests/bpf.o] Error 1
make[3]: *** [/home/gregkh/linux/stable/linux-5.15.y/tools/build/Makefile.build:139: tests] Error 2
make[3]: *** Waiting for unfinished jobs....
In file included from /usr/lib/perl5/5.38/core_perl/CORE/perl.h:7811,
from Context.xs:8:
/usr/lib/perl5/5.38/core_perl/CORE/inline.h: In function ‘S_PerlEnv_putenv’:
/usr/lib/perl5/5.38/core_perl/CORE/inline.h:295:5: error: ISO C90 forbids mixed declarations and code [-Werror=declaration-after-statement]
295 | bool retval = putenv(str);
| ^~~~
In file included from /usr/lib/perl5/5.38/core_perl/CORE/perl.h:3327:
/usr/lib/perl5/5.38/core_perl/CORE/inline.h: In function ‘Perl_is_utf8_valid_partial_char_flags’:
/usr/lib/perl5/5.38/core_perl/CORE/handy.h:155:23: error: cast from function call of type ‘STRLEN’ {aka ‘long unsigned int’} to non-matching type ‘_Bool’ [-Werror=bad-function-cast]
155 | #define cBOOL(cbool) ((bool) (cbool))
| ^
/usr/lib/perl5/5.38/core_perl/CORE/inline.h:2334:12: note: in expansion of macro ‘cBOOL’
2334 | return cBOOL(is_utf8_char_helper_(s0, e, flags));
| ^~~~~
/usr/lib/perl5/5.38/core_perl/CORE/inline.h: In function ‘Perl_newPADxVOP’:
/usr/lib/perl5/5.38/core_perl/CORE/inline.h:3135:5: error: ISO C90 forbids mixed declarations and code [-Werror=declaration-after-statement]
3135 | OP *o = newOP(type, flags);
| ^~
/usr/lib/perl5/5.38/core_perl/CORE/inline.h: In function ‘Perl_cop_file_avn’:
/usr/lib/perl5/5.38/core_perl/CORE/inline.h:3500:5: error: ISO C90 forbids mixed declarations and code [-Werror=declaration-after-statement]
3500 | const char *file = CopFILE(cop);
| ^~~~~
In file included from /usr/lib/perl5/5.38/core_perl/CORE/perl.h:7812:
/usr/lib/perl5/5.38/core_perl/CORE/sv_inline.h: In function ‘Perl_newSV_type’:
/usr/lib/perl5/5.38/core_perl/CORE/sv_inline.h:420:9: error: enumeration value ‘SVt_NULL’ not handled in switch [-Werror=switch-enum]
420 | switch(type) {
| ^~~~~~
/usr/lib/perl5/5.38/core_perl/CORE/sv_inline.h:420:9: error: enumeration value ‘SVt_IV’ not handled in switch [-Werror=switch-enum]
/usr/lib/perl5/5.38/core_perl/CORE/sv_inline.h:420:9: error: enumeration value ‘SVt_NV’ not handled in switch [-Werror=switch-enum]
/usr/lib/perl5/5.38/core_perl/CORE/sv_inline.h:420:9: error: enumeration value ‘SVt_PV’ not handled in switch [-Werror=switch-enum]
/usr/lib/perl5/5.38/core_perl/CORE/sv_inline.h:420:9: error: enumeration value ‘SVt_INVLIST’ not handled in switch [-Werror=switch-enum]
/usr/lib/perl5/5.38/core_perl/CORE/sv_inline.h:420:9: error: enumeration value ‘SVt_PVIV’ not handled in switch [-Werror=switch-enum]
/usr/lib/perl5/5.38/core_perl/CORE/sv_inline.h:420:9: error: enumeration value ‘SVt_PVNV’ not handled in switch [-Werror=switch-enum]
/usr/lib/perl5/5.38/core_perl/CORE/sv_inline.h:420:9: error: enumeration value ‘SVt_PVMG’ not handled in switch [-Werror=switch-enum]
/usr/lib/perl5/5.38/core_perl/CORE/sv_inline.h:420:9: error: enumeration value ‘SVt_REGEXP’ not handled in switch [-Werror=switch-enum]
/usr/lib/perl5/5.38/core_perl/CORE/sv_inline.h:420:9: error: enumeration value ‘SVt_PVGV’ not handled in switch [-Werror=switch-enum]
/usr/lib/perl5/5.38/core_perl/CORE/sv_inline.h:420:9: error: enumeration value ‘SVt_PVLV’ not handled in switch [-Werror=switch-enum]
/usr/lib/perl5/5.38/core_perl/CORE/sv_inline.h:420:9: error: enumeration value ‘SVt_PVCV’ not handled in switch [-Werror=switch-enum]
/usr/lib/perl5/5.38/core_perl/CORE/sv_inline.h:420:9: error: enumeration value ‘SVt_PVFM’ not handled in switch [-Werror=switch-enum]
/usr/lib/perl5/5.38/core_perl/CORE/sv_inline.h:420:9: error: enumeration value ‘SVt_PVIO’ not handled in switch [-Werror=switch-enum]
/usr/lib/perl5/5.38/core_perl/CORE/sv_inline.h:420:9: error: enumeration value ‘SVt_LAST’ not handled in switch [-Werror=switch-enum]
/usr/lib/perl5/5.38/core_perl/CORE/sv_inline.h:383:5: error: enumeration value ‘SVt_LAST’ not handled in switch [-Werror=switch-enum]
383 | switch (type) {
| ^~~~~~
/usr/lib/perl5/5.38/core_perl/CORE/sv_inline.h: In function ‘Perl_sv_setpv_freshbuf’:
/usr/lib/perl5/5.38/core_perl/CORE/handy.h:155:23: error: cast from function call of type ‘long int’ to non-matching type ‘_Bool’ [-Werror=bad-function-cast]
155 | #define cBOOL(cbool) ((bool) (cbool))
| ^
/usr/lib/perl5/5.38/core_perl/CORE/perl.h:4231:62: note: in definition of macro ‘EXPECT’
4231 | # define EXPECT(expr,val) __builtin_expect(expr,val)
| ^~~~
/usr/lib/perl5/5.38/core_perl/CORE/perl.h:4252:52: note: in expansion of macro ‘cBOOL’
4252 | #define UNLIKELY(cond) EXPECT(cBOOL(cond),FALSE)
| ^~~~~
/usr/lib/perl5/5.38/core_perl/CORE/sv.h:1724:13: note: in expansion of macro ‘UNLIKELY’
1724 | if (UNLIKELY(TAINT_get)) \
| ^~~~~~~~
/usr/lib/perl5/5.38/core_perl/CORE/perl.h:996:34: note: in expansion of macro ‘cBOOL’
996 | # define TAINT_get (cBOOL(UNLIKELY(PL_tainted))) /* Is something tainted? */
| ^~~~~
/usr/lib/perl5/5.38/core_perl/CORE/sv.h:1724:22: note: in expansion of macro ‘TAINT_get’
1724 | if (UNLIKELY(TAINT_get)) \
| ^~~~~~~~~
/usr/lib/perl5/5.38/core_perl/CORE/sv_inline.h:996:5: note: in expansion of macro ‘SvTAINT’
996 | SvTAINT(sv);
| ^~~~~~~
/usr/lib/perl5/5.38/core_perl/CORE/handy.h:155:23: error: cast from function call of type ‘long int’ to non-matching type ‘_Bool’ [-Werror=bad-function-cast]
155 | #define cBOOL(cbool) ((bool) (cbool))
| ^
/usr/lib/perl5/5.38/core_perl/CORE/perl.h:4231:62: note: in definition of macro ‘EXPECT’
4231 | # define EXPECT(expr,val) __builtin_expect(expr,val)
| ^~~~
/usr/lib/perl5/5.38/core_perl/CORE/perl.h:4252:52: note: in expansion of macro ‘cBOOL’
4252 | #define UNLIKELY(cond) EXPECT(cBOOL(cond),FALSE)
| ^~~~~
/usr/lib/perl5/5.38/core_perl/CORE/sv.h:1718:42: note: in expansion of macro ‘UNLIKELY’
1718 | #define SvTAINTED_on(sv) STMT_START{ if(UNLIKELY(TAINTING_get)){sv_taint(sv);} }STMT_END
| ^~~~~~~~
/usr/lib/perl5/5.38/core_perl/CORE/perl.h:997:34: note: in expansion of macro ‘cBOOL’
997 | # define TAINTING_get (cBOOL(UNLIKELY(PL_tainting)))
| ^~~~~
/usr/lib/perl5/5.38/core_perl/CORE/sv.h:1718:51: note: in expansion of macro ‘TAINTING_get’
1718 | #define SvTAINTED_on(sv) STMT_START{ if(UNLIKELY(TAINTING_get)){sv_taint(sv);} }STMT_END
| ^~~~~~~~~~~~
/usr/lib/perl5/5.38/core_perl/CORE/sv.h:1725:13: note: in expansion of macro ‘SvTAINTED_on’
1725 | SvTAINTED_on(sv); \
| ^~~~~~~~~~~~
/usr/lib/perl5/5.38/core_perl/CORE/sv_inline.h:996:5: note: in expansion of macro ‘SvTAINT’
996 | SvTAINT(sv);
| ^~~~~~~
Context.c: In function ‘XS_Perf__Trace__Context_common_pc’:
/usr/lib/perl5/5.38/core_perl/CORE/perl.h:2494:33: error: cast from function call of type ‘IV’ {aka ‘long int’} to non-matching type ‘struct scripting_context *’ [-Werror=bad-function-cast]
2494 | # define INT2PTR(any,d) (any)(d)
| ^
Context.c:55:39: note: in expansion of macro ‘INT2PTR’
/usr/lib/perl5/5.38/core_perl/CORE/handy.h:155:23: error: cast from function call of type ‘long int’ to non-matching type ‘_Bool’ [-Werror=bad-function-cast]
155 | #define cBOOL(cbool) ((bool) (cbool))
| ^
/usr/lib/perl5/5.38/core_perl/CORE/perl.h:4231:62: note: in definition of macro ‘EXPECT’
4231 | # define EXPECT(expr,val) __builtin_expect(expr,val)
| ^~~~
/usr/lib/perl5/5.38/core_perl/CORE/perl.h:4251:52: note: in expansion of macro ‘cBOOL’
4251 | #define LIKELY(cond) EXPECT(cBOOL(cond),TRUE)
| ^~~~~
/usr/lib/perl5/5.38/core_perl/CORE/pp.h:429:13: note: in expansion of macro ‘LIKELY’
429 | if (LIKELY( \
| ^~~~~~
/usr/lib/perl5/5.38/core_perl/CORE/perl.h:996:34: note: in expansion of macro ‘cBOOL’
996 | # define TAINT_get (cBOOL(UNLIKELY(PL_tainted))) /* Is something tainted? */
| ^~~~~
/usr/lib/perl5/5.38/core_perl/CORE/pp.h:431:28: note: in expansion of macro ‘TAINT_get’
431 | & (do_taint ? !TAINT_get : 1))) \
| ^~~~~~~~~
/usr/lib/perl5/5.38/core_perl/CORE/pp.h:495:38: note: in expansion of macro ‘TARGi’
495 | #define PUSHi(i) STMT_START { TARGi(i,1); PUSHs(TARG); } STMT_END
| ^~~~~
Context.c:60:13: note: in expansion of macro ‘PUSHi’
Context.c: In function ‘XS_Perf__Trace__Context_common_flags’:
/usr/lib/perl5/5.38/core_perl/CORE/perl.h:2494:33: error: cast from function call of type ‘IV’ {aka ‘long int’} to non-matching type ‘struct scripting_context *’ [-Werror=bad-function-cast]
2494 | # define INT2PTR(any,d) (any)(d)
| ^
Context.c:78:39: note: in expansion of macro ‘INT2PTR’
/usr/lib/perl5/5.38/core_perl/CORE/handy.h:155:23: error: cast from function call of type ‘long int’ to non-matching type ‘_Bool’ [-Werror=bad-function-cast]
155 | #define cBOOL(cbool) ((bool) (cbool))
| ^
/usr/lib/perl5/5.38/core_perl/CORE/perl.h:4231:62: note: in definition of macro ‘EXPECT’
4231 | # define EXPECT(expr,val) __builtin_expect(expr,val)
| ^~~~
/usr/lib/perl5/5.38/core_perl/CORE/perl.h:4251:52: note: in expansion of macro ‘cBOOL’
4251 | #define LIKELY(cond) EXPECT(cBOOL(cond),TRUE)
| ^~~~~
/usr/lib/perl5/5.38/core_perl/CORE/pp.h:429:13: note: in expansion of macro ‘LIKELY’
429 | if (LIKELY( \
| ^~~~~~
/usr/lib/perl5/5.38/core_perl/CORE/perl.h:996:34: note: in expansion of macro ‘cBOOL’
996 | # define TAINT_get (cBOOL(UNLIKELY(PL_tainted))) /* Is something tainted? */
| ^~~~~
/usr/lib/perl5/5.38/core_perl/CORE/pp.h:431:28: note: in expansion of macro ‘TAINT_get’
431 | & (do_taint ? !TAINT_get : 1))) \
| ^~~~~~~~~
/usr/lib/perl5/5.38/core_perl/CORE/pp.h:495:38: note: in expansion of macro ‘TARGi’
495 | #define PUSHi(i) STMT_START { TARGi(i,1); PUSHs(TARG); } STMT_END
| ^~~~~
Context.c:83:13: note: in expansion of macro ‘PUSHi’
Context.c: In function ‘XS_Perf__Trace__Context_common_lock_depth’:
/usr/lib/perl5/5.38/core_perl/CORE/perl.h:2494:33: error: cast from function call of type ‘IV’ {aka ‘long int’} to non-matching type ‘struct scripting_context *’ [-Werror=bad-function-cast]
2494 | # define INT2PTR(any,d) (any)(d)
| ^
Context.c:101:39: note: in expansion of macro ‘INT2PTR’
/usr/lib/perl5/5.38/core_perl/CORE/handy.h:155:23: error: cast from function call of type ‘long int’ to non-matching type ‘_Bool’ [-Werror=bad-function-cast]
155 | #define cBOOL(cbool) ((bool) (cbool))
| ^
/usr/lib/perl5/5.38/core_perl/CORE/perl.h:4231:62: note: in definition of macro ‘EXPECT’
4231 | # define EXPECT(expr,val) __builtin_expect(expr,val)
| ^~~~
/usr/lib/perl5/5.38/core_perl/CORE/perl.h:4251:52: note: in expansion of macro ‘cBOOL’
4251 | #define LIKELY(cond) EXPECT(cBOOL(cond),TRUE)
| ^~~~~
/usr/lib/perl5/5.38/core_perl/CORE/pp.h:429:13: note: in expansion of macro ‘LIKELY’
429 | if (LIKELY( \
| ^~~~~~
/usr/lib/perl5/5.38/core_perl/CORE/perl.h:996:34: note: in expansion of macro ‘cBOOL’
996 | # define TAINT_get (cBOOL(UNLIKELY(PL_tainted))) /* Is something tainted? */
| ^~~~~
/usr/lib/perl5/5.38/core_perl/CORE/pp.h:431:28: note: in expansion of macro ‘TAINT_get’
431 | & (do_taint ? !TAINT_get : 1))) \
| ^~~~~~~~~
/usr/lib/perl5/5.38/core_perl/CORE/pp.h:495:38: note: in expansion of macro ‘TARGi’
495 | #define PUSHi(i) STMT_START { TARGi(i,1); PUSHs(TARG); } STMT_END
| ^~~~~
Context.c:106:13: note: in expansion of macro ‘PUSHi’
In file included from /usr/lib/perl5/5.38/core_perl/CORE/perl.h:7811,
from util/scripting-engines/trace-event-perl.c:35:
/usr/lib/perl5/5.38/core_perl/CORE/inline.h: In function ‘S_PerlEnv_putenv’:
/usr/lib/perl5/5.38/core_perl/CORE/inline.h:295:5: error: ISO C90 forbids mixed declarations and code [-Werror=declaration-after-statement]
295 | bool retval = putenv(str);
| ^~~~
In file included from /usr/lib/perl5/5.38/core_perl/CORE/perl.h:3327:
/usr/lib/perl5/5.38/core_perl/CORE/inline.h: In function ‘Perl_is_utf8_valid_partial_char_flags’:
/usr/lib/perl5/5.38/core_perl/CORE/handy.h:155:23: error: cast from function call of type ‘STRLEN’ {aka ‘long unsigned int’} to non-matching type ‘_Bool’ [-Werror=bad-function-cast]
155 | #define cBOOL(cbool) ((bool) (cbool))
| ^
/usr/lib/perl5/5.38/core_perl/CORE/inline.h:2334:12: note: in expansion of macro ‘cBOOL’
2334 | return cBOOL(is_utf8_char_helper_(s0, e, flags));
| ^~~~~
/usr/lib/perl5/5.38/core_perl/CORE/inline.h: In function ‘Perl_newPADxVOP’:
/usr/lib/perl5/5.38/core_perl/CORE/inline.h:3135:5: error: ISO C90 forbids mixed declarations and code [-Werror=declaration-after-statement]
3135 | OP *o = newOP(type, flags);
| ^~
/usr/lib/perl5/5.38/core_perl/CORE/inline.h: In function ‘Perl_cop_file_avn’:
/usr/lib/perl5/5.38/core_perl/CORE/inline.h:3500:5: error: ISO C90 forbids mixed declarations and code [-Werror=declaration-after-statement]
3500 | const char *file = CopFILE(cop);
| ^~~~~
cc1: all warnings being treated as errors
In file included from /usr/lib/perl5/5.38/core_perl/CORE/perl.h:7812:
/usr/lib/perl5/5.38/core_perl/CORE/sv_inline.h: In function ‘Perl_newSV_type’:
/usr/lib/perl5/5.38/core_perl/CORE/sv_inline.h:420:9: error: enumeration value ‘SVt_NULL’ not handled in switch [-Werror=switch-enum]
420 | switch(type) {
| ^~~~~~
/usr/lib/perl5/5.38/core_perl/CORE/sv_inline.h:420:9: error: enumeration value ‘SVt_IV’ not handled in switch [-Werror=switch-enum]
/usr/lib/perl5/5.38/core_perl/CORE/sv_inline.h:420:9: error: enumeration value ‘SVt_NV’ not handled in switch [-Werror=switch-enum]
/usr/lib/perl5/5.38/core_perl/CORE/sv_inline.h:420:9: error: enumeration value ‘SVt_PV’ not handled in switch [-Werror=switch-enum]
/usr/lib/perl5/5.38/core_perl/CORE/sv_inline.h:420:9: error: enumeration value ‘SVt_INVLIST’ not handled in switch [-Werror=switch-enum]
/usr/lib/perl5/5.38/core_perl/CORE/sv_inline.h:420:9: error: enumeration value ‘SVt_PVIV’ not handled in switch [-Werror=switch-enum]
/usr/lib/perl5/5.38/core_perl/CORE/sv_inline.h:420:9: error: enumeration value ‘SVt_PVNV’ not handled in switch [-Werror=switch-enum]
/usr/lib/perl5/5.38/core_perl/CORE/sv_inline.h:420:9: error: enumeration value ‘SVt_PVMG’ not handled in switch [-Werror=switch-enum]
/usr/lib/perl5/5.38/core_perl/CORE/sv_inline.h:420:9: error: enumeration value ‘SVt_REGEXP’ not handled in switch [-Werror=switch-enum]
/usr/lib/perl5/5.38/core_perl/CORE/sv_inline.h:420:9: error: enumeration value ‘SVt_PVGV’ not handled in switch [-Werror=switch-enum]
/usr/lib/perl5/5.38/core_perl/CORE/sv_inline.h:420:9: error: enumeration value ‘SVt_PVLV’ not handled in switch [-Werror=switch-enum]
/usr/lib/perl5/5.38/core_perl/CORE/sv_inline.h:420:9: error: enumeration value ‘SVt_PVCV’ not handled in switch [-Werror=switch-enum]
/usr/lib/perl5/5.38/core_perl/CORE/sv_inline.h:420:9: error: enumeration value ‘SVt_PVFM’ not handled in switch [-Werror=switch-enum]
/usr/lib/perl5/5.38/core_perl/CORE/sv_inline.h:420:9: error: enumeration value ‘SVt_PVIO’ not handled in switch [-Werror=switch-enum]
/usr/lib/perl5/5.38/core_perl/CORE/sv_inline.h:420:9: error: enumeration value ‘SVt_LAST’ not handled in switch [-Werror=switch-enum]
/usr/lib/perl5/5.38/core_perl/CORE/sv_inline.h:383:5: error: enumeration value ‘SVt_LAST’ not handled in switch [-Werror=switch-enum]
383 | switch (type) {
| ^~~~~~
/usr/lib/perl5/5.38/core_perl/CORE/sv_inline.h: In function ‘Perl_sv_setpv_freshbuf’:
/usr/lib/perl5/5.38/core_perl/CORE/handy.h:155:23: error: cast from function call of type ‘long int’ to non-matching type ‘_Bool’ [-Werror=bad-function-cast]
155 | #define cBOOL(cbool) ((bool) (cbool))
| ^
/usr/lib/perl5/5.38/core_perl/CORE/perl.h:4231:62: note: in definition of macro ‘EXPECT’
4231 | # define EXPECT(expr,val) __builtin_expect(expr,val)
| ^~~~
/usr/lib/perl5/5.38/core_perl/CORE/perl.h:4252:52: note: in expansion of macro ‘cBOOL’
4252 | #define UNLIKELY(cond) EXPECT(cBOOL(cond),FALSE)
| ^~~~~
/usr/lib/perl5/5.38/core_perl/CORE/sv.h:1724:13: note: in expansion of macro ‘UNLIKELY’
1724 | if (UNLIKELY(TAINT_get)) \
| ^~~~~~~~
/usr/lib/perl5/5.38/core_perl/CORE/perl.h:996:34: note: in expansion of macro ‘cBOOL’
996 | # define TAINT_get (cBOOL(UNLIKELY(PL_tainted))) /* Is something tainted? */
| ^~~~~
/usr/lib/perl5/5.38/core_perl/CORE/sv.h:1724:22: note: in expansion of macro ‘TAINT_get’
1724 | if (UNLIKELY(TAINT_get)) \
| ^~~~~~~~~
/usr/lib/perl5/5.38/core_perl/CORE/sv_inline.h:996:5: note: in expansion of macro ‘SvTAINT’
996 | SvTAINT(sv);
| ^~~~~~~
/usr/lib/perl5/5.38/core_perl/CORE/handy.h:155:23: error: cast from function call of type ‘long int’ to non-matching type ‘_Bool’ [-Werror=bad-function-cast]
155 | #define cBOOL(cbool) ((bool) (cbool))
| ^
/usr/lib/perl5/5.38/core_perl/CORE/perl.h:4231:62: note: in definition of macro ‘EXPECT’
4231 | # define EXPECT(expr,val) __builtin_expect(expr,val)
| ^~~~
/usr/lib/perl5/5.38/core_perl/CORE/perl.h:4252:52: note: in expansion of macro ‘cBOOL’
4252 | #define UNLIKELY(cond) EXPECT(cBOOL(cond),FALSE)
| ^~~~~
/usr/lib/perl5/5.38/core_perl/CORE/sv.h:1718:42: note: in expansion of macro ‘UNLIKELY’
1718 | #define SvTAINTED_on(sv) STMT_START{ if(UNLIKELY(TAINTING_get)){sv_taint(sv);} }STMT_END
| ^~~~~~~~
/usr/lib/perl5/5.38/core_perl/CORE/perl.h:997:34: note: in expansion of macro ‘cBOOL’
997 | # define TAINTING_get (cBOOL(UNLIKELY(PL_tainting)))
| ^~~~~
/usr/lib/perl5/5.38/core_perl/CORE/sv.h:1718:51: note: in expansion of macro ‘TAINTING_get’
1718 | #define SvTAINTED_on(sv) STMT_START{ if(UNLIKELY(TAINTING_get)){sv_taint(sv);} }STMT_END
| ^~~~~~~~~~~~
/usr/lib/perl5/5.38/core_perl/CORE/sv.h:1725:13: note: in expansion of macro ‘SvTAINTED_on’
1725 | SvTAINTED_on(sv); \
| ^~~~~~~~~~~~
/usr/lib/perl5/5.38/core_perl/CORE/sv_inline.h:996:5: note: in expansion of macro ‘SvTAINT’
996 | SvTAINT(sv);
| ^~~~~~~
make[5]: *** [/home/gregkh/linux/stable/linux-5.15.y/tools/build/Makefile.build:97: scripts/perl/Perf-Trace-Util/Context.o] Error 1
make[4]: *** [/home/gregkh/linux/stable/linux-5.15.y/tools/build/Makefile.build:139: perl/Perf-Trace-Util] Error 2
make[3]: *** [/home/gregkh/linux/stable/linux-5.15.y/tools/build/Makefile.build:139: scripts] Error 2
cc1: all warnings being treated as errors
make[5]: *** [/home/gregkh/linux/stable/linux-5.15.y/tools/build/Makefile.build:96: util/scripting-engines/trace-event-perl.o] Error 1
make[4]: *** [/home/gregkh/linux/stable/linux-5.15.y/tools/build/Makefile.build:139: scripting-engines] Error 2
make[3]: *** [/home/gregkh/linux/stable/linux-5.15.y/tools/build/Makefile.build:139: util] Error 2
make[2]: *** [Makefile.perf:658: perf-in.o] Error 2
make[1]: *** [Makefile.perf:238: sub-make] Error 2
make: *** [Makefile:70: all] Error 2
make: Leaving directory '/home/gregkh/linux/stable/linux-5.15.y/tools/perf'
^ permalink raw reply [flat|nested] 123+ messages in thread* Re: [PATCH 5.15 000/102] 5.15.136-rc1 review
2023-10-17 13:57 ` Greg Kroah-Hartman
@ 2023-10-17 14:08 ` Greg Kroah-Hartman
2023-10-17 15:09 ` Vegard Nossum
0 siblings, 1 reply; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-17 14:08 UTC (permalink / raw)
To: Vegard Nossum
Cc: Harshit Mogalapalli, stable, Sasha Levin, patches, linux-kernel,
torvalds, akpm, linux, shuah, patches, lkft-triage, pavel,
jonathanh, f.fainelli, sudipm.mukherjee, srw, rwarsow, conor
On Tue, Oct 17, 2023 at 03:57:06PM +0200, Greg Kroah-Hartman wrote:
> Sure! Here's the output, good luck!
>
> $ make -C tools/perf
> make: Entering directory '/home/gregkh/linux/stable/linux-5.15.y/tools/perf'
> BUILD: Doing 'make -j20' parallel build
> Warning: Kernel ABI header at 'tools/include/uapi/linux/const.h' differs from latest version at 'include/uapi/linux/const.h'
> diff -u tools/include/uapi/linux/const.h include/uapi/linux/const.h
> Warning: Kernel ABI header at 'tools/include/uapi/linux/in.h' differs from latest version at 'include/uapi/linux/in.h'
> diff -u tools/include/uapi/linux/in.h include/uapi/linux/in.h
> Warning: Kernel ABI header at 'tools/arch/x86/include/asm/disabled-features.h' differs from latest version at 'arch/x86/include/asm/disabled-features.h'
> diff -u tools/arch/x86/include/asm/disabled-features.h arch/x86/include/asm/disabled-features.h
> Warning: Kernel ABI header at 'tools/arch/x86/include/asm/required-features.h' differs from latest version at 'arch/x86/include/asm/required-features.h'
> diff -u tools/arch/x86/include/asm/required-features.h arch/x86/include/asm/required-features.h
> Warning: Kernel ABI header at 'tools/arch/x86/include/asm/cpufeatures.h' differs from latest version at 'arch/x86/include/asm/cpufeatures.h'
> diff -u tools/arch/x86/include/asm/cpufeatures.h arch/x86/include/asm/cpufeatures.h
> Warning: Kernel ABI header at 'tools/arch/x86/include/asm/msr-index.h' differs from latest version at 'arch/x86/include/asm/msr-index.h'
> diff -u tools/arch/x86/include/asm/msr-index.h arch/x86/include/asm/msr-index.h
> Warning: Kernel ABI header at 'tools/arch/arm64/include/uapi/asm/kvm.h' differs from latest version at 'arch/arm64/include/uapi/asm/kvm.h'
> diff -u tools/arch/arm64/include/uapi/asm/kvm.h arch/arm64/include/uapi/asm/kvm.h
> Makefile.config:1036: No libbabeltrace found, disables 'perf data' CTF format support, please install libbabeltrace-dev[el]/libbabeltrace-ctf-dev
> Makefile.config:1062: No alternatives command found, you need to set JDIR= to point to the root of your Java directory
> tests/bpf.c: In function ‘epoll_pwait_loop’:
> tests/bpf.c:36:17: error: argument 2 null where non-null expected [-Werror=nonnull]
> 36 | epoll_pwait(-(i + 1), NULL, 0, 0, NULL);
> | ^~~~~~~~~~~
> In file included from tests/bpf.c:5:
> /usr/include/sys/epoll.h:134:12: note: in a call to function ‘epoll_pwait’ declared ‘nonnull’
> 134 | extern int epoll_pwait (int __epfd, struct epoll_event *__events,
> | ^~~~~~~~~~~
<snip>
Also, in Linus's tree, this works just fine on my system, but I get this
same error above (and only this error), when building perf on 6.1.y, and
on 6.5.y. The perl errors are not present there.
thanks,
greg k-h
^ permalink raw reply [flat|nested] 123+ messages in thread
* Re: [PATCH 5.15 000/102] 5.15.136-rc1 review
2023-10-17 14:08 ` Greg Kroah-Hartman
@ 2023-10-17 15:09 ` Vegard Nossum
2023-10-17 16:29 ` Greg Kroah-Hartman
0 siblings, 1 reply; 123+ messages in thread
From: Vegard Nossum @ 2023-10-17 15:09 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: Harshit Mogalapalli, stable, Sasha Levin, patches, linux-kernel,
torvalds, akpm, linux, shuah, patches, lkft-triage, pavel,
jonathanh, f.fainelli, sudipm.mukherjee, srw, rwarsow, conor
On 17/10/2023 16:08, Greg Kroah-Hartman wrote:
> On Tue, Oct 17, 2023 at 03:57:06PM +0200, Greg Kroah-Hartman wrote:
>> Sure! Here's the output, good luck!
>>
>> $ make -C tools/perf
>> make: Entering directory '/home/gregkh/linux/stable/linux-5.15.y/tools/perf'
>> BUILD: Doing 'make -j20' parallel build
>> Warning: Kernel ABI header at 'tools/include/uapi/linux/const.h' differs from latest version at 'include/uapi/linux/const.h'
>> diff -u tools/include/uapi/linux/const.h include/uapi/linux/const.h
>> Warning: Kernel ABI header at 'tools/include/uapi/linux/in.h' differs from latest version at 'include/uapi/linux/in.h'
>> diff -u tools/include/uapi/linux/in.h include/uapi/linux/in.h
>> Warning: Kernel ABI header at 'tools/arch/x86/include/asm/disabled-features.h' differs from latest version at 'arch/x86/include/asm/disabled-features.h'
>> diff -u tools/arch/x86/include/asm/disabled-features.h arch/x86/include/asm/disabled-features.h
>> Warning: Kernel ABI header at 'tools/arch/x86/include/asm/required-features.h' differs from latest version at 'arch/x86/include/asm/required-features.h'
>> diff -u tools/arch/x86/include/asm/required-features.h arch/x86/include/asm/required-features.h
>> Warning: Kernel ABI header at 'tools/arch/x86/include/asm/cpufeatures.h' differs from latest version at 'arch/x86/include/asm/cpufeatures.h'
>> diff -u tools/arch/x86/include/asm/cpufeatures.h arch/x86/include/asm/cpufeatures.h
>> Warning: Kernel ABI header at 'tools/arch/x86/include/asm/msr-index.h' differs from latest version at 'arch/x86/include/asm/msr-index.h'
>> diff -u tools/arch/x86/include/asm/msr-index.h arch/x86/include/asm/msr-index.h
>> Warning: Kernel ABI header at 'tools/arch/arm64/include/uapi/asm/kvm.h' differs from latest version at 'arch/arm64/include/uapi/asm/kvm.h'
>> diff -u tools/arch/arm64/include/uapi/asm/kvm.h arch/arm64/include/uapi/asm/kvm.h
>> Makefile.config:1036: No libbabeltrace found, disables 'perf data' CTF format support, please install libbabeltrace-dev[el]/libbabeltrace-ctf-dev
>> Makefile.config:1062: No alternatives command found, you need to set JDIR= to point to the root of your Java directory
>> tests/bpf.c: In function ‘epoll_pwait_loop’:
>> tests/bpf.c:36:17: error: argument 2 null where non-null expected [-Werror=nonnull]
>> 36 | epoll_pwait(-(i + 1), NULL, 0, 0, NULL);
>> | ^~~~~~~~~~~
>> In file included from tests/bpf.c:5:
>> /usr/include/sys/epoll.h:134:12: note: in a call to function ‘epoll_pwait’ declared ‘nonnull’
>> 134 | extern int epoll_pwait (int __epfd, struct epoll_event *__events,
>> | ^~~~~~~~~~~
>
> <snip>
>
> Also, in Linus's tree, this works just fine on my system, but I get this
> same error above (and only this error), when building perf on 6.1.y, and
> on 6.5.y. The perl errors are not present there.
So lots of those are -Werror things -- I'm guessing it's a newer
compiler/toolchain/libraries on an older tree. There might be some
commits in mainline fixing those... in the meantime, what happens if you
just disable -Werror for now?
make -C tools/perf/ WERROR=0
If that doesn't work, maybe even:
make -C tools/perf/ WERROR=0 NO_LIBPERL=1
There are a bunch of other options to disable various things, they are
all documented in tools/perf/Makefile.perf.
Vegard
^ permalink raw reply [flat|nested] 123+ messages in thread* Re: [PATCH 5.15 000/102] 5.15.136-rc1 review
2023-10-17 15:09 ` Vegard Nossum
@ 2023-10-17 16:29 ` Greg Kroah-Hartman
2023-10-17 17:01 ` Daniel Díaz
0 siblings, 1 reply; 123+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-17 16:29 UTC (permalink / raw)
To: Vegard Nossum
Cc: Harshit Mogalapalli, stable, Sasha Levin, patches, linux-kernel,
torvalds, akpm, linux, shuah, patches, lkft-triage, pavel,
jonathanh, f.fainelli, sudipm.mukherjee, srw, rwarsow, conor
On Tue, Oct 17, 2023 at 05:09:04PM +0200, Vegard Nossum wrote:
>
> On 17/10/2023 16:08, Greg Kroah-Hartman wrote:
> > On Tue, Oct 17, 2023 at 03:57:06PM +0200, Greg Kroah-Hartman wrote:
> > > Sure! Here's the output, good luck!
> > >
> > > $ make -C tools/perf
> > > make: Entering directory '/home/gregkh/linux/stable/linux-5.15.y/tools/perf'
> > > BUILD: Doing 'make -j20' parallel build
> > > Warning: Kernel ABI header at 'tools/include/uapi/linux/const.h' differs from latest version at 'include/uapi/linux/const.h'
> > > diff -u tools/include/uapi/linux/const.h include/uapi/linux/const.h
> > > Warning: Kernel ABI header at 'tools/include/uapi/linux/in.h' differs from latest version at 'include/uapi/linux/in.h'
> > > diff -u tools/include/uapi/linux/in.h include/uapi/linux/in.h
> > > Warning: Kernel ABI header at 'tools/arch/x86/include/asm/disabled-features.h' differs from latest version at 'arch/x86/include/asm/disabled-features.h'
> > > diff -u tools/arch/x86/include/asm/disabled-features.h arch/x86/include/asm/disabled-features.h
> > > Warning: Kernel ABI header at 'tools/arch/x86/include/asm/required-features.h' differs from latest version at 'arch/x86/include/asm/required-features.h'
> > > diff -u tools/arch/x86/include/asm/required-features.h arch/x86/include/asm/required-features.h
> > > Warning: Kernel ABI header at 'tools/arch/x86/include/asm/cpufeatures.h' differs from latest version at 'arch/x86/include/asm/cpufeatures.h'
> > > diff -u tools/arch/x86/include/asm/cpufeatures.h arch/x86/include/asm/cpufeatures.h
> > > Warning: Kernel ABI header at 'tools/arch/x86/include/asm/msr-index.h' differs from latest version at 'arch/x86/include/asm/msr-index.h'
> > > diff -u tools/arch/x86/include/asm/msr-index.h arch/x86/include/asm/msr-index.h
> > > Warning: Kernel ABI header at 'tools/arch/arm64/include/uapi/asm/kvm.h' differs from latest version at 'arch/arm64/include/uapi/asm/kvm.h'
> > > diff -u tools/arch/arm64/include/uapi/asm/kvm.h arch/arm64/include/uapi/asm/kvm.h
> > > Makefile.config:1036: No libbabeltrace found, disables 'perf data' CTF format support, please install libbabeltrace-dev[el]/libbabeltrace-ctf-dev
> > > Makefile.config:1062: No alternatives command found, you need to set JDIR= to point to the root of your Java directory
> > > tests/bpf.c: In function ‘epoll_pwait_loop’:
> > > tests/bpf.c:36:17: error: argument 2 null where non-null expected [-Werror=nonnull]
> > > 36 | epoll_pwait(-(i + 1), NULL, 0, 0, NULL);
> > > | ^~~~~~~~~~~
> > > In file included from tests/bpf.c:5:
> > > /usr/include/sys/epoll.h:134:12: note: in a call to function ‘epoll_pwait’ declared ‘nonnull’
> > > 134 | extern int epoll_pwait (int __epfd, struct epoll_event *__events,
> > > | ^~~~~~~~~~~
> >
> > <snip>
> >
> > Also, in Linus's tree, this works just fine on my system, but I get this
> > same error above (and only this error), when building perf on 6.1.y, and
> > on 6.5.y. The perl errors are not present there.
>
> So lots of those are -Werror things -- I'm guessing it's a newer
> compiler/toolchain/libraries on an older tree. There might be some
> commits in mainline fixing those... in the meantime, what happens if you
> just disable -Werror for now?
>
> make -C tools/perf/ WERROR=0
That does, for the epoll_pwait() issue I see in 6.1.y and 6.5.y, odds
are there's a fix here in Linus's tree.
Yes, all of that code is now gone, in commit 3d6dfae88917 ("perf
parse-events: Remove BPF event support"), which isn't relevant for
stable.
> If that doesn't work, maybe even:
>
> make -C tools/perf/ WERROR=0 NO_LIBPERL=1
What's wrong with libperl for older kernels? :)
> There are a bunch of other options to disable various things, they are
> all documented in tools/perf/Makefile.perf.
True, but again, my system has libperl, and perf doesn't build, and
neither does the bpf test, so that's why I don't ever test any of this,
because it just doesn't work for me.
And yes, I do run newer compilers and libraries, but the rest of the
kernel builds fine with them (I make sure of that), but given that no
one seems to care about perf breaking for so long, I just apply patches
when they come up and don't have conflicts and see if anyone notices any
difference.
Normally, no one does :)
thanks,
greg k-h
^ permalink raw reply [flat|nested] 123+ messages in thread* Re: [PATCH 5.15 000/102] 5.15.136-rc1 review
2023-10-17 16:29 ` Greg Kroah-Hartman
@ 2023-10-17 17:01 ` Daniel Díaz
0 siblings, 0 replies; 123+ messages in thread
From: Daniel Díaz @ 2023-10-17 17:01 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: Vegard Nossum, Harshit Mogalapalli, stable, Sasha Levin, patches,
linux-kernel, torvalds, akpm, linux, shuah, patches, lkft-triage,
pavel, jonathanh, f.fainelli, sudipm.mukherjee, srw, rwarsow,
conor
Hello!
On Tue, 17 Oct 2023 at 10:29, Greg Kroah-Hartman
<gregkh@linuxfoundation.org> wrote:
[...]
> And yes, I do run newer compilers and libraries, but the rest of the
> kernel builds fine with them (I make sure of that), but given that no
> one seems to care about perf breaking for so long, I just apply patches
> when they come up and don't have conflicts and see if anyone notices any
> difference.
>
> Normally, no one does :)
Just for the record, we stopped building Perf on these older branches
as we agreed with Guenter, for the same reason that you said before:
it fails all the time with a variety of toolchains/architectures. For
now, we're only building/testing Perf on latest stable (6.5) and
latest stable LTS (6.1). We brought that up at the OATS call a couple
of months back.
Greetings!
Daniel Díaz
daniel.diaz@linaro.org
^ permalink raw reply [flat|nested] 123+ messages in thread
* Re: [PATCH 5.15 000/102] 5.15.136-rc1 review
2023-10-16 16:58 ` Greg Kroah-Hartman
2023-10-17 8:58 ` Vegard Nossum
@ 2023-10-19 5:53 ` Harshit Mogalapalli
1 sibling, 0 replies; 123+ messages in thread
From: Harshit Mogalapalli @ 2023-10-19 5:53 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: stable, Sasha Levin, Vegard Nossum, patches, linux-kernel,
torvalds, akpm, linux, shuah, patches, lkft-triage, pavel,
jonathanh, f.fainelli, sudipm.mukherjee, srw, rwarsow, conor
Hi Greg,
On 16/10/23 10:28 pm, Greg Kroah-Hartman wrote:
> On Mon, Oct 16, 2023 at 09:23:36PM +0530, Harshit Mogalapalli wrote:
>> Hi Greg,
>>
>> On 16/10/23 8:44 pm, Greg Kroah-Hartman wrote:
>>> On Mon, Oct 16, 2023 at 07:06:20PM +0530, Harshit Mogalapalli wrote:
>>>> Hi Greg,
>>>>
>>>> On 16/10/23 2:09 pm, Greg Kroah-Hartman wrote:
>>>>> This is the start of the stable review cycle for the 5.15.136 release.
>>>>> There are 102 patches in this series, all will be posted as a response
>>>>> to this one. If anyone has any issues with these being applied, please
>>>>> let me know.
>>>>>
>>>>> Responses should be made by Wed, 18 Oct 2023 08:39:38 +0000.
>>>>> Anything received after that time might be too late.
>>>>>
>>>>
>>>> I am seeing a build failure while compiling tools/perf/
>>>>
>>>> In file included from tests/genelf.c:14:
>>>> tests/../util/genelf.h:5:10: fatal error: linux/math.h: No such file or
>>>> directory
>>>> 5 | #include <linux/math.h>
>>>> | ^~~~~~~~~~~~~~
>>>> compilation terminated.
>>>>
>>>> Patch 43 in this series is causing this.
>>>
>>
>> Sorry for the confusion.
>>
>>> What is patch 43?
>>
>> It is patch 42/102 in this series
>>
>> https://lore.kernel.org/stable/2023101641-resource-scalding-3e1d@gregkh/T/#m70a2a03b6204085af187184af911570681e744f5
>>
>> Commit: e2bf685d7e311 ("perf inject: Fix GEN_ELF_TEXT_OFFSET for jit")
>>
>>
>>>
>>>> Why is this not reproducible upstream ?
>>>>
>>>> Vegard bisected the commit which makes it not reproducible upstream and this
>>>> commit is missing in 5.15.y:
>>>> Commit: d6e6a27d960f ("tools: Fix math.h breakage")
>>>>
>>>> Backport request for this was made here:
>>>> https://lore.kernel.org/all/CAMVNhxS-6qNfxy8jHrY5EtZASTL9gAvZi=BdTkUA5_5CSQ2Cmg@mail.gmail.com/
>>>
>>> And that commit is in this patch series, so are you sure that was
>>> correct?
>>>
>>
>> Cause for this build issue:
>> Commit: e2bf685d7e311 ("perf inject: Fix GEN_ELF_TEXT_OFFSET for jit")
>>
>> And this issue is not in upstream due to presence of commit d6e6a27d960f
>> ("tools: Fix math.h breakage") in upstream but not in 5.15.y
>
> Ok, I'll go drop the patch entirely, I can't even get perf to build at
> all for me on 5.15, which is why I've given up on it even mattering
> anymore :(
Thanks,
After reverting this patch locally, no problems seen on x86_64 and
aarch64 for this rc.
Tested-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
Regards,
Harshit
>
> thanks,
>
> greg k-h
^ permalink raw reply [flat|nested] 123+ messages in thread
* Re: [PATCH 5.15 000/102] 5.15.136-rc1 review
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (104 preceding siblings ...)
2023-10-16 13:36 ` Harshit Mogalapalli
@ 2023-10-16 17:57 ` Florian Fainelli
2023-10-16 18:35 ` SeongJae Park
` (4 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Florian Fainelli @ 2023-10-16 17:57 UTC (permalink / raw)
To: Greg Kroah-Hartman, stable
Cc: patches, linux-kernel, torvalds, akpm, linux, shuah, patches,
lkft-triage, pavel, jonathanh, sudipm.mukherjee, srw, rwarsow,
conor
On 10/16/23 01:39, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.15.136 release.
> There are 102 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 18 Oct 2023 08:39:38 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.136-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
On ARCH_BRCMSTB using 32-bit and 64-bit ARM kernels, build tested on
BMIPS_GENERIC:
Tested-by: Florian Fainelli <florian.fainelli@broadcom.com>
--
Florian
^ permalink raw reply [flat|nested] 123+ messages in thread* Re: [PATCH 5.15 000/102] 5.15.136-rc1 review
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (105 preceding siblings ...)
2023-10-16 17:57 ` Florian Fainelli
@ 2023-10-16 18:35 ` SeongJae Park
2023-10-16 21:33 ` Shuah Khan
` (3 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: SeongJae Park @ 2023-10-16 18:35 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: stable, patches, linux-kernel, torvalds, akpm, linux, shuah,
patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow, conor, damon, SeongJae Park
Hello,
On Mon, 16 Oct 2023 10:39:59 +0200 Greg Kroah-Hartman <gregkh@linuxfoundation.org> wrote:
> This is the start of the stable review cycle for the 5.15.136 release.
> There are 102 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 18 Oct 2023 08:39:38 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.136-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y
> and the diffstat can be found below.
This rc kernel passes DAMON functionality test[1] on my test machine.
Attaching the test results summary below. Please note that I retrieved the
kernel from linux-stable-rc tree[2].
Tested-by: SeongJae Park <sj@kernel.org>
[1] https://github.com/awslabs/damon-tests/tree/next/corr
[2] f11fc66f963f ("Linux 5.15.136-rc1")
Thanks,
SJ
[...]
---
ok 1 selftests: damon: debugfs_attrs.sh
ok 1 selftests: damon-tests: huge_count_read_write.sh
ok 2 selftests: damon-tests: buffer_overflow.sh
ok 3 selftests: damon-tests: rm_contexts.sh
ok 4 selftests: damon-tests: record_null_deref.sh
ok 5 selftests: damon-tests: dbgfs_target_ids_read_before_terminate_race.sh
ok 6 selftests: damon-tests: dbgfs_target_ids_pid_leak.sh
ok 7 selftests: damon-tests: damo_tests.sh
ok 8 selftests: damon-tests: masim-record.sh
ok 9 selftests: damon-tests: build_i386.sh
ok 10 selftests: damon-tests: build_arm64.sh
ok 11 selftests: damon-tests: build_i386_idle_flag.sh
ok 12 selftests: damon-tests: build_i386_highpte.sh
ok 13 selftests: damon-tests: build_nomemcg.sh
PASS
^ permalink raw reply [flat|nested] 123+ messages in thread* Re: [PATCH 5.15 000/102] 5.15.136-rc1 review
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (106 preceding siblings ...)
2023-10-16 18:35 ` SeongJae Park
@ 2023-10-16 21:33 ` Shuah Khan
2023-10-17 7:43 ` Ron Economos
` (2 subsequent siblings)
110 siblings, 0 replies; 123+ messages in thread
From: Shuah Khan @ 2023-10-16 21:33 UTC (permalink / raw)
To: Greg Kroah-Hartman, stable
Cc: patches, linux-kernel, torvalds, akpm, linux, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, sudipm.mukherjee, srw,
rwarsow, conor, Shuah Khan
On 10/16/23 02:39, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.15.136 release.
> There are 102 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 18 Oct 2023 08:39:38 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.136-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
>
Compiled and booted on my test system. No dmesg regressions.
Tested-by: Shuah Khan <skhan@linuxfoundation.org>
thanks,
-- Shuah
^ permalink raw reply [flat|nested] 123+ messages in thread* Re: [PATCH 5.15 000/102] 5.15.136-rc1 review
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (107 preceding siblings ...)
2023-10-16 21:33 ` Shuah Khan
@ 2023-10-17 7:43 ` Ron Economos
2023-10-17 9:37 ` Naresh Kamboju
2023-10-25 19:09 ` Jon Hunter
110 siblings, 0 replies; 123+ messages in thread
From: Ron Economos @ 2023-10-17 7:43 UTC (permalink / raw)
To: Greg Kroah-Hartman, stable
Cc: patches, linux-kernel, torvalds, akpm, linux, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, sudipm.mukherjee, srw,
rwarsow, conor
On 10/16/23 1:39 AM, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.15.136 release.
> There are 102 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 18 Oct 2023 08:39:38 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.136-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
Built and booted successfully on RISC-V RV64 (HiFive Unmatched).
Tested-by: Ron Economos <re@w6rz.net>
^ permalink raw reply [flat|nested] 123+ messages in thread* Re: [PATCH 5.15 000/102] 5.15.136-rc1 review
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (108 preceding siblings ...)
2023-10-17 7:43 ` Ron Economos
@ 2023-10-17 9:37 ` Naresh Kamboju
2023-10-25 19:09 ` Jon Hunter
110 siblings, 0 replies; 123+ messages in thread
From: Naresh Kamboju @ 2023-10-17 9:37 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: stable, patches, linux-kernel, torvalds, akpm, linux, shuah,
patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow, conor
On Mon, 16 Oct 2023 at 14:14, Greg Kroah-Hartman
<gregkh@linuxfoundation.org> wrote:
>
> This is the start of the stable review cycle for the 5.15.136 release.
> There are 102 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 18 Oct 2023 08:39:38 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.136-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
Results from Linaro’s test farm.
No regressions on arm64, arm, x86_64, and i386.
Tested-by: Linux Kernel Functional Testing <lkft@linaro.org>
## Build
* kernel: 5.15.136-rc1
* git: https://gitlab.com/Linaro/lkft/mirrors/stable/linux-stable-rc
* git branch: linux-5.15.y
* git commit: f11fc66f963fdd01d969cd3dbb90f0f775de525e
* git describe: v5.15.135-103-gf11fc66f963f
* test details:
https://qa-reports.linaro.org/lkft/linux-stable-rc-linux-5.15.y/build/v5.15.135-103-gf11fc66f963f
## Test Regressions (compared to v5.15.135)
## Metric Regressions (compared to v5.15.135)
## Test Fixes (compared to v5.15.135)
## Metric Fixes (compared to v5.15.135)
## Test result summary
total: 147886, pass: 122990, fail: 2836, skip: 21902, xfail: 158
## Build Summary
* arc: 10 total, 10 passed, 0 failed
* arm: 227 total, 227 passed, 0 failed
* arm64: 85 total, 85 passed, 0 failed
* i386: 67 total, 66 passed, 1 failed
* mips: 51 total, 50 passed, 1 failed
* parisc: 7 total, 7 passed, 0 failed
* powerpc: 50 total, 49 passed, 1 failed
* riscv: 19 total, 19 passed, 0 failed
* s390: 21 total, 20 passed, 1 failed
* sh: 26 total, 24 passed, 2 failed
* sparc: 14 total, 14 passed, 0 failed
* x86_64: 72 total, 72 passed, 0 failed
## Test suites summary
* boot
* kselftest-android
* kselftest-arm64
* kselftest-breakpoints
* kselftest-capabilities
* kselftest-cgroup
* kselftest-clone3
* kselftest-core
* kselftest-cpu-hotplug
* kselftest-cpufreq
* kselftest-drivers-dma-buf
* kselftest-efivarfs
* kselftest-exec
* kselftest-filesystems
* kselftest-filesystems-binderfs
* kselftest-filesystems-epoll
* kselftest-firmware
* kselftest-fpu
* kselftest-ftrace
* kselftest-futex
* kselftest-gpio
* kselftest-intel_pstate
* kselftest-ipc
* kselftest-ir
* kselftest-kcmp
* kselftest-kexec
* kselftest-kvm
* kselftest-lib
* kselftest-membarrier
* kselftest-memfd
* kselftest-memory-hotplug
* kselftest-mincore
* kselftest-mount
* kselftest-mqueue
* kselftest-net
* kselftest-net-forwarding
* kselftest-net-mptcp
* kselftest-netfilter
* kselftest-nsfs
* kselftest-openat2
* kselftest-pid_namespace
* kselftest-pidfd
* kselftest-proc
* kselftest-pstore
* kselftest-ptrace
* kselftest-rseq
* kselftest-rtc
* kselftest-seccomp
* kselftest-sigaltstack
* kselftest-size
* kselftest-splice
* kselftest-static_keys
* kselftest-sync
* kselftest-sysctl
* kselftest-tc-testing
* kselftest-timens
* kselftest-tmpfs
* kselftest-tpm2
* kselftest-user
* kselftest-user_events
* kselftest-vDSO
* kselftest-vm
* kselftest-watchdog
* kselftest-x86
* kselftest-zram
* kunit
* kvm-unit-tests
* libgpiod
* log-parser-boot
* log-parser-test
* ltp-cap_bounds
* ltp-commands
* ltp-containers
* ltp-controllers
* ltp-cpuhotplug
* ltp-crypto
* ltp-cve
* ltp-dio
* ltp-fcntl-locktests
* ltp-filecaps
* ltp-fs
* ltp-fs_bind
* ltp-fs_perms_simple
* ltp-fsx
* ltp-hugetlb
* ltp-io
* ltp-ipc
* ltp-math
* ltp-mm
* ltp-nptl
* ltp-pty
* ltp-sched
* ltp-securebits
* ltp-smoke
* ltp-syscalls
* ltp-tracing
* perf
* rcutorture
--
Linaro LKFT
https://lkft.linaro.org
^ permalink raw reply [flat|nested] 123+ messages in thread* Re: [PATCH 5.15 000/102] 5.15.136-rc1 review
2023-10-16 8:39 [PATCH 5.15 000/102] 5.15.136-rc1 review Greg Kroah-Hartman
` (109 preceding siblings ...)
2023-10-17 9:37 ` Naresh Kamboju
@ 2023-10-25 19:09 ` Jon Hunter
110 siblings, 0 replies; 123+ messages in thread
From: Jon Hunter @ 2023-10-25 19:09 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: Greg Kroah-Hartman, patches, linux-kernel, torvalds, akpm, linux,
shuah, patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow, conor, linux-tegra, stable
On Mon, 16 Oct 2023 10:39:59 +0200, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.15.136 release.
> There are 102 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 18 Oct 2023 08:39:38 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.136-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
All tests passing for Tegra ...
Test results for stable-v5.15:
10 builds: 10 pass, 0 fail
26 boots: 26 pass, 0 fail
102 tests: 102 pass, 0 fail
Linux version: 5.15.136-rc1-gf11fc66f963f
Boards tested: tegra124-jetson-tk1, tegra186-p2771-0000,
tegra194-p2972-0000, tegra194-p3509-0000+p3668-0000,
tegra20-ventana, tegra210-p2371-2180,
tegra210-p3450-0000, tegra30-cardhu-a04
Tested-by: Jon Hunter <jonathanh@nvidia.com>
Jon
^ permalink raw reply [flat|nested] 123+ messages in thread