* [PATCH 6.11 000/817] 6.11.11-rc1 review
@ 2024-12-03 14:32 Greg Kroah-Hartman
2024-12-03 14:32 ` [PATCH 6.11 001/817] wifi: mac80211: Fix setting txpower with emulate_chanctx Greg Kroah-Hartman
` (826 more replies)
0 siblings, 827 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:32 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, linux-kernel, torvalds, akpm, linux,
shuah, patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow, conor, hargar, broonie
-----------
Note, this is will probably be the last 6.11.y kernel to be released.
Please move to the 6.12.y branch at this time.
-----------
This is the start of the stable review cycle for the 6.11.11 release.
There are 817 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Thu, 05 Dec 2024 14:36:47 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.11.11-rc1.gz
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.11.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Linux 6.11.11-rc1
Ming Lei <ming.lei@redhat.com>
block: don't verify IO lock for freeze/unfreeze in elevator_init_mq()
Ming Lei <ming.lei@redhat.com>
block: always verify unfreeze lock on the owner task
Patryk Wlazlyn <patryk.wlazlyn@linux.intel.com>
tools/power turbostat: Fix child's argument forwarding
Zhang Rui <rui.zhang@intel.com>
tools/power turbostat: Fix trailing '\n' parsing
Dan Carpenter <dan.carpenter@linaro.org>
sh: intc: Fix use-after-free bug in register_intc_controller()
Zhang Xianwei <zhang.xianwei8@zte.com.cn>
brd: decrease the number of allocated pages which discarded
Yu Kuai <yukuai3@huawei.com>
block, bfq: fix bfqq uaf in bfq_limit_depth()
Benjamin Coddington <bcodding@redhat.com>
nfs/blocklayout: Limit repeat device registration on failure
Benjamin Coddington <bcodding@redhat.com>
nfs/blocklayout: Don't attempt unregister for invalid block device
Liu Jian <liujian56@huawei.com>
sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket
Benjamin Coddington <bcodding@redhat.com>
SUNRPC: timeout and cancel TLS handshake with -ETIMEDOUT
Liu Jian <liujian56@huawei.com>
sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport
Li Lingfeng <lilingfeng3@huawei.com>
nfs: ignore SB_RDONLY when mounting nfs
Dan Carpenter <dan.carpenter@linaro.org>
cifs: unlock on error in smb3_reconfigure()
Shyam Prasad N <sprasad@microsoft.com>
cifs: during remount, make sure passwords are in sync
Masahiro Yamada <masahiroy@kernel.org>
modpost: remove incorrect code in do_eisa_entry()
John Garry <john.g.garry@oracle.com>
block: Don't allow an atomic write be truncated in blkdev_write_iter()
Paul Aurich <paul@darkrain42.org>
smb: Initialize cfid->tcon before performing network ops
Matt Fleming <mfleming@cloudflare.com>
kbuild: deb-pkg: Don't fail if modules.order is missing
Masahiro Yamada <masahiroy@kernel.org>
Rename .data.once to .data..once to fix resetting WARN*_ONCE
Masahiro Yamada <masahiroy@kernel.org>
Rename .data.unlikely to .data..unlikely
Maxime Chevallier <maxime.chevallier@bootlin.com>
rtc: ab-eoz9: don't fail temperature reads on undervoltage notification
Pali Rohár <pali@kernel.org>
cifs: Fix parsing reparse point with native symlink in SMB1 non-UNICODE session
Pali Rohár <pali@kernel.org>
cifs: Fix parsing native symlinks relative to the export
Andy Shevchenko <andriy.shevchenko@linux.intel.com>
x86/Documentation: Update algo in init_size description of boot protocol
Henrique Carvalho <henrique.carvalho@suse.com>
smb: client: disable directory caching when dir_cache_timeout is zero
Namhyung Kim <namhyung@kernel.org>
perf/arm-cmn: Ensure port and device id bits are set properly
Chun-Tse Shao <ctshao@google.com>
perf/arm-smmuv3: Fix lockdep assert in ->event_init()
Alex Zenla <alex@edera.dev>
9p/xen: fix release of IRQ
Alex Zenla <alex@edera.dev>
9p/xen: fix init sequence
Nilay Shroff <nilay@linux.ibm.com>
nvme-fabrics: fix kernel crash while shutting down controller
Christoph Hellwig <hch@lst.de>
block: return unsigned int from bdev_io_min
Yu Kuai <yukuai3@huawei.com>
block: fix uaf for flush rq while iterating tags
Ming Lei <ming.lei@redhat.com>
block: model freeze & enter queue as lock for supporting lockdep
Ming Lei <ming.lei@redhat.com>
blk-mq: add non_owner variant of start_freeze/unfreeze queue APIs
Breno Leitao <leitao@debian.org>
nvme/multipath: Fix RCU list traversal to use SRCU primitive
Hannes Reinecke <hare@kernel.org>
nvme-multipath: avoid hang on inaccessible namespaces
Trond Myklebust <trond.myklebust@hammerspace.com>
Revert "nfs: don't reuse partially completed requests in nfs_lock_and_join_requests"
Wolfram Sang <wsa+renesas@sang-engineering.com>
rtc: rzn1: fix BCD to rtc_time conversion errors
Qingfang Deng <qingfang.deng@siflower.com.cn>
jffs2: fix use of uninitialized variable
Waqar Hameed <waqar.hameed@axis.com>
ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit
Zhihao Cheng <chengzhihao1@huawei.com>
ubi: fastmap: Fix duplicate slab cache names while attaching
Zhihao Cheng <chengzhihao1@huawei.com>
ubifs: Correct the total block count by deducting journal reservation
Zhihao Cheng <chengzhihao1@huawei.com>
ubi: fastmap: wl: Schedule fm_work if wear-leveling pool is empty
Yongliang Gao <leonylgao@tencent.com>
rtc: check if __rtc_read_time was successful in rtc_timer_do_work()
Nobuhiro Iwamatsu <iwamatsu@nigauri.org>
rtc: abx80x: Fix WDT bit position of the status register
Jinjie Ruan <ruanjinjie@huawei.com>
rtc: st-lpc: Use IRQF_NO_AUTOEN flag in request_irq()
Trond Myklebust <trond.myklebust@hammerspace.com>
NFSv4.0: Fix a use-after-free problem in the asynchronous open()
Tiwei Bie <tiwei.btw@antgroup.com>
um: Always dump trace for specified task in show_stack
Tiwei Bie <tiwei.btw@antgroup.com>
um: ubd: Initialize ubd's disk pointer in ubd_add
Christoph Hellwig <hch@lst.de>
kfifo: don't include dma-mapping.h in kfifo.h
Tiwei Bie <tiwei.btw@antgroup.com>
um: Fix the return value of elf_core_copy_task_fpregs
Tiwei Bie <tiwei.btw@antgroup.com>
um: Fix potential integer overflow during physmem setup
Yang Erkun <yangerkun@huawei.com>
SUNRPC: make sure cache entry active before cache_show
Chuck Lever <chuck.lever@oracle.com>
NFSD: Prevent a potential integer overflow
Yuan Can <yuancan@huawei.com>
Input: cs40l50 - fix wrong usage of INIT_WORK()
Ma Wupeng <mawupeng1@huawei.com>
ipc: fix memleak if msg_init_ns failed in create_ipc_ns
Chao Yu <chao@kernel.org>
f2fs: fix to do sanity check on node blkaddr in truncate_node()
Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
lib: string_helpers: silence snprintf() output truncation warning
Ming Lei <ming.lei@redhat.com>
ublk: fix error code for unsupported command
Javier Carrasco <javier.carrasco.cruz@gmail.com>
counter: stm32-timer-cnt: fix device_node handling in probe_encoder()
Javier Carrasco <javier.carrasco.cruz@gmail.com>
staging: vchiq_arm: Fix missing refcount decrement in error path for fw_node
Thinh Nguyen <Thinh.Nguyen@synopsys.com>
usb: dwc3: gadget: Fix looping of queued SG entries
Thinh Nguyen <Thinh.Nguyen@synopsys.com>
usb: dwc3: gadget: Fix checking for number of TRBs left
Hubert Wiśniewski <hubert.wisniewski.25632@gmail.com>
usb: musb: Fix hardware lockup on first Rx endpoint request
Thinh Nguyen <Thinh.Nguyen@synopsys.com>
usb: dwc3: ep0: Don't clear ep0 DWC3_EP_TRANSFER_STARTED
Stanislaw Gruszka <stanislaw.gruszka@linux.intel.com>
usb: misc: ljca: move usb_autopm_put_interface() after wait for response
Stanislaw Gruszka <stanislaw.gruszka@linux.intel.com>
usb: misc: ljca: set small runtime autosuspend delay
Paul Aurich <paul@darkrain42.org>
smb: During unmount, ensure all cached dir instances drop their dentry
Paul Aurich <paul@darkrain42.org>
smb: prevent use-after-free due to open_cached_dir error paths
Paul Aurich <paul@darkrain42.org>
smb: Don't leak cfid when reconnect races with open_cached_dir
Paulo Alcantara <pc@manguebit.com>
smb: client: handle max length for SMB symlinks
Steve French <stfrench@microsoft.com>
smb3: request handle caching when caching directories
Takashi Iwai <tiwai@suse.de>
ALSA: hda/realtek: Apply quirk for Medion E15433
Dinesh Kumar <desikumar81@gmail.com>
ALSA: hda/realtek: Fix Internal Speaker and Mic boost of Infinix Y4 Max
Kailang Yang <kailang@realtek.com>
ALSA: hda/realtek: Set PCBeep to default value for ALC274
Kailang Yang <kailang@realtek.com>
ALSA: hda/realtek: Update ALC225 depop procedure
Takashi Iwai <tiwai@suse.de>
ALSA: pcm: Add sanity NULL check for the default mmap fault handler
Takashi Iwai <tiwai@suse.de>
ALSA: ump: Fix evaluation of MIDI 1.0 FB info
Takashi Iwai <tiwai@suse.de>
ALSA: rawmidi: Fix kvfree() call in spinlock
Hans Verkuil <hverkuil@xs4all.nl>
media: v4l2-core: v4l2-dv-timings: check cvt/gtf result
Javier Carrasco <javier.carrasco.cruz@gmail.com>
soc: fsl: rcpm: fix missing of_node_put() in copy_ippdexpcr1_setting()
Joe Damato <jdamato@fastly.com>
netdev-genl: Hold rcu_read_lock in napi_get
Chen-Yu Tsai <wenst@chromium.org>
arm64: dts: mediatek: mt8186-corsola-voltorb: Merge speaker codec nodes
Stanislaw Gruszka <stanislaw.gruszka@linux.intel.com>
media: intel/ipu6: do not handle interrupts when device is disabled
Qiu-ji Chen <chenqiuji666@gmail.com>
media: wl128x: Fix atomicity violation in fmc_send_cmd()
Peter Große <pegro@friiks.de>
i40e: Fix handling changed priv flags
Jason Gerecke <jason.gerecke@wacom.com>
HID: wacom: Interpret tilt data from Intuos Pro BT as signed values
Ziwei Xiao <ziweixiao@google.com>
gve: Flow steering trigger reset only for timeout error
Bart Van Assche <bvanassche@acm.org>
blk-mq: Make blk_mq_quiesce_tagset() hold the tag list mutex less long
Muchun Song <muchun.song@linux.dev>
block: fix ordering between checking BLK_MQ_S_STOPPED request adding
Muchun Song <muchun.song@linux.dev>
block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding
Muchun Song <muchun.song@linux.dev>
block: fix missing dispatching request when queue is started or unquiesced
Will Deacon <will@kernel.org>
arm64: tls: Fix context-switching of tpidrro_el0 when kpti is enabled
Ming Lei <ming.lei@redhat.com>
ublk: fix ublk_ch_mmap() for 64K page size
Zicheng Qu <quzicheng@huawei.com>
iio: gts: Fix uninitialized symbol 'ret'
Huacai Chen <chenhuacai@kernel.org>
sh: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK
Tiwei Bie <tiwei.btw@antgroup.com>
um: vector: Do not use drvdata in release
Damien Le Moal <dlemoal@kernel.org>
block: Prevent potential deadlock in blk_revalidate_disk_zones()
Javier Carrasco <javier.carrasco.cruz@gmail.com>
mtd: ubi: fix unreleased fwnode_handle in find_volume_fwnode()
Arnd Bergmann <arnd@arndb.de>
serial: amba-pl011: fix build regression
Kartik Rajput <kkartik@nvidia.com>
serial: amba-pl011: Fix RX stall when DMA is used
Bin Liu <b-liu@ti.com>
serial: 8250: omap: Move pm_runtime_get_sync
Filip Brozovic <fbrozovic@gmail.com>
serial: 8250_fintek: Add support for F81216E
Michal Simek <michal.simek@amd.com>
dt-bindings: serial: rs485: Fix rs485-rts-delay property
Tiwei Bie <tiwei.btw@antgroup.com>
um: net: Do not use drvdata in release
Tiwei Bie <tiwei.btw@antgroup.com>
um: ubd: Do not use drvdata in release
Zhihao Cheng <chengzhihao1@huawei.com>
ubi: wl: Put source PEB into correct list if trying locking LEB failed
Sebastian Andrzej Siewior <bigeasy@linutronix.de>
x86/CPU/AMD: Terminate the erratum_1386_microcode array
Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
irqchip/irq-mvebu-sei: Move misplaced select() callback to SEI CP domain
Javier Carrasco <javier.carrasco.cruz@gmail.com>
platform/chrome: cros_ec_typec: fix missing fwnode reference decrement
Paulo Alcantara <pc@manguebit.com>
smb: client: fix NULL ptr deref in crypto_aead_setkey()
Yunseong Kim <yskelg@gmail.com>
ksmbd: fix use-after-free in SMB request handling
Jesse Taube <jesse@rivosinc.com>
RISC-V: Check scalar unaligned access on all CPUs
Jesse Taube <jesse@rivosinc.com>
RISC-V: Scalar unaligned access emulated on hotplug CPUs
Josh Poimboeuf <jpoimboe@kernel.org>
parisc/ftrace: Fix function graph tracing disablement
Meetakshi Setiya <msetiya@microsoft.com>
cifs: support mounting with alternate password to allow password rotation
Jinjie Ruan <ruanjinjie@huawei.com>
cpufreq: mediatek-hw: Fix wrong return value in mtk_cpufreq_get_cpu_power()
Cheng Ming Lin <chengminglin@mxic.com.tw>
mtd: spi-nor: core: replace dummy buswidth from addr to data
Stanislaw Gruszka <stanislaw.gruszka@linux.intel.com>
spi: Fix acpi deferred irq probe
Jeongjun Park <aha310510@gmail.com>
netfilter: ipset: add missing range check in bitmap_ip_uadt
Sai Kumar Cholleti <skmr537@gmail.com>
gpio: exar: set value when external pull-up or pull-down is present
Mikulas Patocka <mpatocka@redhat.com>
blk-settings: round down io_opt to physical_block_size
Pavel Begunkov <asml.silence@gmail.com>
io_uring: check for overflows in io_pin_pages
Pavel Begunkov <asml.silence@gmail.com>
io_uring: fix corner case forgetting to vunmap
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Revert "serial: sh-sci: Clean sci_ports[0] after at earlycon exit"
Claudiu Beznea <claudiu.beznea.uj@bp.renesas.com>
serial: sh-sci: Clean sci_ports[0] after at earlycon exit
Michal Vrastil <michal.vrastil@hidglobal.com>
Revert "usb: gadget: composite: fix OS descriptors w_value logic"
Jaegeuk Kim <jaegeuk@kernel.org>
Revert "f2fs: remove unreachable lazytime mount option parsing"
Christian Brauner <brauner@kernel.org>
Revert "fs: don't block i_writecount during exec"
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Revert "exec: don't WARN for racy path_noexec check"
Javier Carrasco <javier.carrasco.cruz@gmail.com>
wifi: brcmfmac: release 'root' node in all execution paths
Jose Ignacio Tornos Martinez <jtornosm@redhat.com>
wifi: ath12k: fix crash when unbinding
Aleksei Vetrov <vvvvvv@google.com>
wifi: nl80211: fix bounds checker error in nl80211_parse_sched_scan
Guilherme G. Piccoli <gpiccoli@igalia.com>
wifi: rtlwifi: Drastically reduce the attempts to read efuse in case of failures
Jose Ignacio Tornos Martinez <jtornosm@redhat.com>
wifi: ath12k: fix warning when unbinding
Andreas Kemnade <andreas@kemnade.info>
ARM: dts: omap36xx: declare 1GHz OPP as turbo again
Michal Pecio <michal.pecio@gmail.com>
usb: xhci: Avoid queuing redundant Stop Endpoint commands
Michal Pecio <michal.pecio@gmail.com>
usb: xhci: Fix TD invalidation under pending Set TR Dequeue
Michal Pecio <michal.pecio@gmail.com>
usb: xhci: Limit Stop Endpoint retries
Andrej Shadura <andrew.shadura@collabora.co.uk>
Bluetooth: Fix type of len in rfcomm_sock_getsockopt{,_old}()
Kuangyi Chiang <ki.chiang65@gmail.com>
xhci: Don't issue Reset Device command to Etron xHCI host
Kuangyi Chiang <ki.chiang65@gmail.com>
xhci: Don't perform Soft Retry for Etron xHCI host
Kuangyi Chiang <ki.chiang65@gmail.com>
xhci: Combine two if statements for Etron xHCI host
Kuangyi Chiang <ki.chiang65@gmail.com>
xhci: Fix control transfer error on Etron xHCI host
Yuezhang Mo <Yuezhang.Mo@sony.com>
exfat: fix out-of-bounds access of directory entries
Namjae Jeon <linkinjeon@kernel.org>
exfat: fix uninit-value in __exfat_get_dentry_set
Angelo Dureghello <adureghello@baylibre.com>
dt-bindings: iio: dac: ad3552r: fix maximum spi speed
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
dt-bindings: pinctrl: samsung: Fix interrupt constraint for variants with fallbacks
Johan Hovold <johan+linaro@kernel.org>
pinctrl: qcom: spmi: fix debugfs drive strength
Thomas Weißschuh <thomas.weissschuh@linutronix.de>
tools/nolibc: s390: include std.h
Ahmed Ehab <bottaawesome633@gmail.com>
locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass()
Nicolas Bouchinet <nicolas.bouchinet@ssi.gouv.fr>
tty: ldsic: fix tty_ldisc_autoload sysctl's proc_handler
Angelo Dureghello <adureghello@baylibre.com>
iio: dac: adi-axi-dac: fix wrong register bitfield
Jinjie Ruan <ruanjinjie@huawei.com>
apparmor: test: Fix memory leak for aa_unpack_strdup()
Jann Horn <jannh@google.com>
comedi: Flush partial mappings in error case
Jann Horn <jannh@google.com>
fsnotify: Fix ordering of iput() and watched_objects decrement
Amir Goldstein <amir73il@gmail.com>
fsnotify: fix sending inotify event with unexpected filename
Gustavo A. R. Silva <gustavoars@kernel.org>
clk: clk-loongson2: Fix potential buffer overflow in flexible-array member access
Gustavo A. R. Silva <gustavoars@kernel.org>
clk: clk-loongson2: Fix memory corruption bug in struct loongson2_clk_provider
Huacai Chen <chenhuacai@kernel.org>
LoongArch: Explicitly specify code model in Makefile
Lukas Wunner <lukas@wunner.de>
PCI: Fix use-after-free of slot->bus on hot remove
Jan Hendrik Farr <kernel@jfarr.cc>
Compiler Attributes: disable __counted_by for clang < 19.1.3
Kunkun Jiang <jiangkunkun@huawei.com>
KVM: arm64: vgic-its: Clear DTE when MAPD unmaps a device
Jing Zhang <jingzhangos@google.com>
KVM: arm64: vgic-its: Add a data length check in vgic_its_save_*
Raghavendra Rao Ananta <rananta@google.com>
KVM: arm64: Get rid of userspace_irqchip_in_use
Kunkun Jiang <jiangkunkun@huawei.com>
KVM: arm64: vgic-its: Clear ITE when DISCARD frees an ITE
Oliver Upton <oliver.upton@linux.dev>
KVM: arm64: Don't retire aborted MMIO instruction
Raghavendra Rao Ananta <rananta@google.com>
KVM: arm64: Ignore PMCNTENSET_EL0 while checking for overflow status
Marc Zyngier <maz@kernel.org>
KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR
Gautam Menghani <gautam@linux.ibm.com>
powerpc/pseries: Fix KVM guest detection for disabling hardlockup detector
Sean Christopherson <seanjc@google.com>
KVM: x86/mmu: Skip the "try unsync" path iff the old SPTE was a leaf SPTE
Paolo Bonzini <pbonzini@redhat.com>
KVM: x86: switch hugepage recovery thread to vhost_task
Eric Biggers <ebiggers@google.com>
crypto: x86/aegis128 - access 32-bit arguments as 32-bit
Adrian Hunter <adrian.hunter@intel.com>
perf/x86/intel/pt: Fix buffer full but size is 0 case
Claudiu Beznea <claudiu.beznea.uj@bp.renesas.com>
ASoC: da7213: Populate max_register to regmap_config
Qiu-ji Chen <chenqiuji666@gmail.com>
ASoC: codecs: Fix atomicity violation in snd_soc_component_get_drvdata()
Ilya Zverev <ilya@zverev.info>
ASoC: amd: yc: Add a quirk for microfone on Lenovo ThinkPad P14s Gen 5 21MES00B00
Artem Sadovnikov <ancowi69@gmail.com>
jfs: xattr: check invalid xattr size more strictly
Theodore Ts'o <tytso@mit.edu>
ext4: fix FS_IOC_GETFSMAP handling
Jeongjun Park <aha310510@gmail.com>
ext4: supress data-race warnings in ext4_free_inodes_{count,set}()
Matti Vaittinen <mazziesaccount@gmail.com>
irqdomain: Always associate interrupts for legacy domains
Manikanta Mylavarapu <quic_mmanikan@quicinc.com>
soc: qcom: socinfo: fix revision check in qcom_socinfo_probe()
Hans de Goede <hdegoede@redhat.com>
ASoC: Intel: sst: Fix used of uninitialized ctx to log an error
Mikulas Patocka <mpatocka@redhat.com>
dm-bufio: fix warnings about duplicate slab caches
Mikulas Patocka <mpatocka@redhat.com>
dm-cache: fix warnings about duplicate slab caches
Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
usb: typec: ucsi: glink: fix off-by-one in connector_status
Vitalii Mordan <mordan@ispras.ru>
usb: ehci-spear: fix call balance of sehci clk handling routines
Takashi Iwai <tiwai@suse.de>
ALSA: usb-audio: Fix out of bounds reads when finding clock sources
Benoît Sevens <bsevens@google.com>
ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices
Qiu-ji Chen <chenqiuji666@gmail.com>
xen: Fix the issue of resource not being properly released in xenbus_dev_probe()
Jakub Kicinski <kuba@kernel.org>
net_sched: sch_fq: don't follow the fast path if Tx is behind now
Niklas Schnelle <schnelle@linux.ibm.com>
s390/pci: Fix potential double remove of hotplug slot
Nícolas F. R. A. Prado <nfraprado@collabora.com>
ASoC: mediatek: Check num_codecs is not zero to avoid panic during probe
Venkata Prasad Potturu <venkataprasad.potturu@amd.com>
ASoC: amd: yc: Fix for enabling DMIC on acp6x via _DSD entry
Zichen Xie <zichenxie0106@gmail.com>
ALSA: core: Fix possible NULL dereference caused by kunit_kzalloc()
chao liu <liuzgyid@outlook.com>
apparmor: fix 'Do simple duplicate message elimination'
Nirmoy Das <nirmoy.das@intel.com>
drm/xe/ufence: Wake up waiters after setting ufence->signalled
Charles Han <hanchunchao@inspur.com>
ASoC: imx-audmix: Add NULL check in imx_audmix_probe
Zicheng Qu <quzicheng@huawei.com>
drm/amd/display: Fix null check for pipe_ctx->plane_state in hwss_setup_dpp
Zicheng Qu <quzicheng@huawei.com>
drm/amd/display: Fix null check for pipe_ctx->plane_state in dcn20_program_pipe
Steven 'Steve' Kendall <skend@chromium.org>
drm/radeon: Fix spurious unplug event on radeon HDMI
Wu Hoi Pok <wuhoipok@gmail.com>
drm/radeon: change rdev->ddev to rdev_to_drm(rdev)
Wu Hoi Pok <wuhoipok@gmail.com>
drm/radeon: add helper rdev_to_drm(rdev)
Kailang Yang <kailang@realtek.com>
ALSA: hda/realtek: Update ALC256 depop procedure
Gaosheng Cui <cuigaosheng1@huawei.com>
firmware_loader: Fix possible resource leak in fw_log_firmware_info()
Dan Carpenter <dan.carpenter@linaro.org>
usb: typec: fix potential array underflow in ucsi_ccg_sync_control()
Carl Vanderlip <quic_carlv@quicinc.com>
bus: mhi: host: Switch trace_mhi_gen_tre fields to native endian
Jiasheng Jiang <jiashengjiangcool@gmail.com>
counter: ti-ecap-capture: Add check for clk_enable()
Jiasheng Jiang <jiashengjiangcool@gmail.com>
counter: stm32-timer-cnt: Add check for clk_enable()
Charles Han <hanchunchao@inspur.com>
phy: realtek: usb: fix NULL deref in rtk_usb3phy_probe
Charles Han <hanchunchao@inspur.com>
phy: realtek: usb: fix NULL deref in rtk_usb2phy_probe
Raviteja Laggyshetty <quic_rlaggysh@quicinc.com>
interconnect: qcom: icc-rpmh: probe defer incase of missing QoS clock dependency
Michael Grzeschik <m.grzeschik@pengutronix.de>
usb: gadget: uvc: wake pump everytime we update the free list
Keita Morisaki <keyz@google.com>
devres: Fix page faults when tracing devres from unloaded modules
Jinjie Ruan <ruanjinjie@huawei.com>
misc: apds990x: Fix missing pm_runtime_disable()
Edward Adam Davis <eadavis@qq.com>
USB: chaoskey: Fix possible deadlock chaoskey_list_lock
Oliver Neukum <oneukum@suse.com>
USB: chaoskey: fail open after removal
Oliver Neukum <oneukum@suse.com>
usb: yurex: make waiting on yurex_write interruptible
Jeongjun Park <aha310510@gmail.com>
usb: using mutex lock and supporting O_NONBLOCK flag in iowarrior_read()
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
iio: light: al3010: Fix an error handling path in al3010_probe()
Paolo Abeni <pabeni@redhat.com>
ipmr: fix tables suspicious RCU usage
Paolo Abeni <pabeni@redhat.com>
ip6mr: fix tables suspicious RCU usage
Kuniyuki Iwashima <kuniyu@amazon.com>
tcp: Fix use-after-free of nreq in reqsk_timer_handler().
Michal Luczaj <mhal@rbox.co>
rxrpc: Improve setsockopt() handling of malformed user input
Michal Luczaj <mhal@rbox.co>
llc: Improve setsockopt() handling of malformed user input
Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Bluetooth: MGMT: Fix possible deadlocks
Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync
Michael Chan <michael.chan@broadcom.com>
bnxt_en: Unregister PTP during PCI shutdown and suspend
Michael Chan <michael.chan@broadcom.com>
bnxt_en: Refactor bnxt_ptp_init()
Shravya KN <shravya.k-n@broadcom.com>
bnxt_en: Fix receive ring space parameters when XDP is active
Shravya KN <shravya.k-n@broadcom.com>
bnxt_en: Set backplane link modes correctly for ethtool
Saravanan Vajravel <saravanan.vajravel@broadcom.com>
bnxt_en: Reserve rings after PCIe AER recovery if NIC interface is down
Eric Dumazet <edumazet@google.com>
net: hsr: fix hsr_init_sk() vs network/transport headers.
Csókás, Bence <csokas.bence@prolan.hu>
spi: atmel-quadspi: Fix register name in verbose logging function
Hariprasad Kelam <hkelam@marvell.com>
octeontx2-af: Quiesce traffic before NIX block reset
Hariprasad Kelam <hkelam@marvell.com>
octeontx2-af: RPM: fix stale FCFEC counters
Hariprasad Kelam <hkelam@marvell.com>
octeontx2-af: RPM: fix stale RSFEC counters
Hariprasad Kelam <hkelam@marvell.com>
octeontx2-af: RPM: Fix low network performance
Hariprasad Kelam <hkelam@marvell.com>
octeontx2-af: RPM: Fix mismatch in lmac type
Maxime Chevallier <maxime.chevallier@bootlin.com>
net: stmmac: dwmac-socfpga: Set RX watchdog interrupt as broken
Vitalii Mordan <mordan@ispras.ru>
marvell: pxa168_eth: fix call balance of pep->clk handling routines
Rosen Penev <rosenp@gmail.com>
net: mdio-ipq4019: add missing error check
Hangbin Liu <liuhangbin@gmail.com>
net/ipv6: delete temporary address if mngtmpaddr is removed or unmanaged
Sidraya Jayagond <sidraya@linux.ibm.com>
s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct()
Yuezhang Mo <Yuezhang.Mo@sony.com>
exfat: fix file being changed by unaligned direct write
Jakub Kicinski <kuba@kernel.org>
netlink: fix false positive warning in extack during dumps
Guenter Roeck <linux@roeck-us.net>
net: microchip: vcap: Add typegroup table terminators in kunit tests
Oleksij Rempel <o.rempel@pengutronix.de>
net: usb: lan78xx: Fix refcounting and autosuspend on invalid WoL configuration
Pavan Chebbi <pavan.chebbi@broadcom.com>
tg3: Set coherent DMA mask bits to 31 for BCM57766 chipsets
Oleksij Rempel <o.rempel@pengutronix.de>
net: usb: lan78xx: Fix memory leak on device unplug by freeing PHY device
Oleksij Rempel <o.rempel@pengutronix.de>
net: usb: lan78xx: Fix double free issue with interrupt buffer allocation
ChiYuan Huang <cy_huang@richtek.com>
power: supply: rt9471: Use IC status regfield to report real charger status
ChiYuan Huang <cy_huang@richtek.com>
power: supply: rt9471: Fix wrong WDT function regfield declaration
Barnabás Czémán <barnabas.czeman@mainlining.org>
power: supply: bq27xxx: Fix registers of bq27426
Bart Van Assche <bvanassche@acm.org>
power: supply: core: Remove might_sleep() from power_supply_put()
Tiezhu Yang <yangtiezhu@loongson.cn>
LoongArch: BPF: Sign-extend return values
Tiezhu Yang <yangtiezhu@loongson.cn>
LoongArch: Fix build failure with GCC 15 (-std=gnu23)
Randy Dunlap <rdunlap@infradead.org>
fs_parser: update mount_api doc to match function signature
Avihai Horon <avihaih@nvidia.com>
vfio/pci: Properly hide first-in-list PCIe extended capability
Andy Shevchenko <andriy.shevchenko@linux.intel.com>
gpio: zevio: Add missed label initialisation
Michael Ellerman <mpe@ellerman.id.au>
selftests/mount_setattr: Fix failures on 64K PAGE_SIZE kernels
Yishai Hadas <yishaih@nvidia.com>
vfio/mlx5: Fix unwind flows in mlx5vf_pci_save/resume_device_data()
Yishai Hadas <yishaih@nvidia.com>
vfio/mlx5: Fix an unwind issue in mlx5vf_add_migration_pages()
Si-Wei Liu <si-wei.liu@oracle.com>
vdpa/mlx5: Fix suboptimal range on iotlb iteration
Lorenzo Bianconi <lorenzo@kernel.org>
phy: airoha: Fix REG_CSR_2L_RX{0,1}_REV0 definitions
Lorenzo Bianconi <lorenzo@kernel.org>
phy: airoha: Fix REG_CSR_2L_JCPLL_SDM_HREN config in airoha_pcie_phy_init_ssc_jcpll()
Lorenzo Bianconi <lorenzo@kernel.org>
phy: airoha: Fix REG_PCIE_PMA_TX_RESET config in airoha_pcie_phy_init_csr_2l()
Lorenzo Bianconi <lorenzo@kernel.org>
phy: airoha: Fix REG_CSR_2L_PLL_CMN_RESERVE0 config in airoha_pcie_phy_init_clk_out()
Aleksa Savic <savicaleksa83@gmail.com>
hwmon: (aquacomputer_d5next) Fix length of speed_input array
Murad Masimov <m.masimov@maxima.ru>
hwmon: (tps23861) Fix reporting of negative temperatures
Chao Yu <chao@kernel.org>
f2fs: fix to do cast in F2FS_{BLK_TO_BYTES, BTYES_TO_BLK} to avoid overflow
Zhiguo Niu <zhiguo.niu@unisoc.com>
f2fs: clean up val{>>,<<}F2FS_BLKSIZE_BITS
Chuck Lever <chuck.lever@oracle.com>
NFSD: Fix nfsd4_shutdown_copy()
Ye Bin <yebin10@huawei.com>
svcrdma: fix miss destroy percpu_counter in svc_rdma_proc_init()
Yang Erkun <yangerkun@huawei.com>
nfsd: release svc_expkey/svc_export with rcu_work
Chuck Lever <chuck.lever@oracle.com>
NFSD: Cap the number of bytes copied by nfs4_reset_recoverydir()
Chuck Lever <chuck.lever@oracle.com>
NFSD: Prevent NULL dereference in nfsd4_process_cb_update()
Zhongqiu Han <quic_zhonhan@quicinc.com>
PCI: endpoint: epf-mhi: Avoid NULL dereference if DT lacks 'mmio'
Sibi Sankar <quic_sibis@quicinc.com>
remoteproc: qcom_q6v5_mss: Re-order writes to the IMEM region
Jonathan Marek <jonathan@marek.ca>
rpmsg: glink: use only lower 16-bits of param2 for CMD_OPEN name length
Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
remoteproc: qcom: pas: add minidump_id to SM8350 resources
Joe Hattori <joe@pf.is.s.u-tokyo.ac.jp>
remoteproc: qcom: adsp: Remove subdevs on the error path of adsp_probe()
Joe Hattori <joe@pf.is.s.u-tokyo.ac.jp>
remoteproc: qcom: pas: Remove subdevs on the error path of adsp_probe()
Benjamin Peterson <benjamin@engflow.com>
perf trace: Avoid garbage when not printing a syscall's arguments
Benjamin Peterson <benjamin@engflow.com>
perf trace: Do not lose last events in a race
Howard Chu <howardchu95@gmail.com>
perf trace: Fix tracing itself, creating feedback loops
Jean-Philippe Romain <jean-philippe.romain@foss.st.com>
perf list: Fix topic and pmu_name argument order
Jeff Layton <jlayton@kernel.org>
nfsd: drop inode parameter from nfsd4_change_attribute()
Chuck Lever <chuck.lever@oracle.com>
svcrdma: Address an integer overflow
Antonio Quartulli <antonio@mandelbit.com>
m68k: coldfire/device.c: only build FEC when HW macros are defined
Jean-Michel Hautbois <jeanmichel.hautbois@yoseli.org>
m68k: mcfgpio: Fix incorrect register offset for CONFIG_M5441x
Benjamin Peterson <benjamin@engflow.com>
perf trace: avoid garbage when not printing a trace event's arguments
Chao Yu <chao@kernel.org>
f2fs: fix to avoid forcing direct write to use buffered IO on inline_data inode
Chao Yu <chao@kernel.org>
f2fs: fix to map blocks correctly for direct write
Long Li <leo.lilong@huawei.com>
f2fs: fix race in concurrent f2fs_stop_gc_thread
Yicong Yang <yangyicong@hisilicon.com>
perf build: Add missing cflags when building with custom libtraceevent
Siddharth Vadapalli <s-vadapalli@ti.com>
PCI: j721e: Deassert PERST# after a delay of PCIE_T_PVPERL_MS milliseconds
Théo Lebrun <theo.lebrun@bootlin.com>
PCI: j721e: Add suspend and resume support
Thomas Richard <thomas.richard@bootlin.com>
PCI: j721e: Use T_PERST_CLK_US macro
Théo Lebrun <theo.lebrun@bootlin.com>
PCI: j721e: Add reset GPIO to struct j721e_pcie
Thomas Richard <thomas.richard@bootlin.com>
PCI: cadence: Set cdns_pcie_host_init() global
Thomas Richard <thomas.richard@bootlin.com>
PCI: cadence: Extract link setup sequence from cdns_pcie_host_setup()
Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
PCI: tegra194: Move controller cleanups to pex_ep_event_pex_rst_deassert()
Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
PCI: qcom-ep: Move controller cleanups to qcom_pcie_perst_deassert()
Zhiguo Niu <zhiguo.niu@unisoc.com>
f2fs: fix to avoid use GC_AT when setting gc_mode as GC_URGENT_LOW or GC_URGENT_MID
Chao Yu <chao@kernel.org>
f2fs: fix to avoid potential deadlock in f2fs_record_stop_reason()
Zeng Heng <zengheng4@huawei.com>
f2fs: Fix not used variable 'index'
Yongpeng Yang <yangyongpeng1@oppo.com>
f2fs: check curseg->inited before write_sum_page in change_curseg
LongPing Wei <weilongping@oppo.com>
f2fs: fix the wrong f2fs_bug_on condition in f2fs_do_replace_block
Frank Li <Frank.Li@nxp.com>
i3c: master: Remove i3c_dev_disable_ibi_locked(olddev) on device hotjoin
Arnaldo Carvalho de Melo <acme@kernel.org>
perf ftrace latency: Fix unit on histogram first entry when using --use-nsec
Hou Tao <houtao1@huawei.com>
virtiofs: use pages instead of pointer for kernel direct IO
Li Huafei <lihuafei1@huawei.com>
perf disasm: Use disasm_line__free() to properly free disasm_line
Francesco Zardi <frazar00@gmail.com>
rust: block: fix formatting of `kernel::block::mq::request` module
Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
PCI: cpqphp: Fix PCIBIOS_* return value confusion
weiyufeng <weiyufeng@kylinos.cn>
PCI: cpqphp: Use PCI_POSSIBLE_ERROR() to check config reads
Paolo Bonzini <pbonzini@redhat.com>
rust: macros: fix documentation of the paste! macro
Yutaro Ohno <yutaro.ono.418@gmail.com>
rust: kernel: fix THIS_MODULE header path in ThisModule doc comment
Leo Yan <leo.yan@arm.com>
perf probe: Correct demangled symbols in C++ program
Ian Rogers <irogers@google.com>
perf probe: Fix libdw memory leak
Veronika Molnarova <vmolnaro@redhat.com>
perf dso: Fix symtab_type for kmod compression
Chao Yu <chao@kernel.org>
f2fs: fix to account dirty data in __get_secs_required()
Ye Bin <yebin10@huawei.com>
f2fs: fix null-ptr-deref in f2fs_submit_page_bio()
Qi Han <hanqi@vivo.com>
f2fs: compress: fix inconsistent update of i_blocks in release_compress_blocks and reserve_compress_blocks
Veronika Molnarova <vmolnaro@redhat.com>
perf test attr: Add back missing topdown events
Michael Petlan <mpetlan@redhat.com>
perf trace: Keep exited threads for summary
Ian Rogers <irogers@google.com>
perf stat: Fix affinity memory leaks on error path
Levi Yun <yeoreum.yun@arm.com>
perf stat: Close cork_fd when create_perf_stat_counter() failed
Todd Kjos <tkjos@google.com>
PCI: Fix reset_method_store() memory leak
Thomas Falcon <thomas.falcon@intel.com>
perf mem: Fix printing PERF_MEM_LVLNUM_{L2_MHB|MSC}
Ian Rogers <irogers@google.com>
perf stat: Uniquify event name improvements
Weilin Wang <weilin.wang@intel.com>
perf test: Add test for Intel TPEBS counting mode
Andreas Gruenbacher <agruenba@redhat.com>
gfs2: Fix unlinked inode cleanup
Andreas Gruenbacher <agruenba@redhat.com>
gfs2: Allow immediate GLF_VERIFY_DELETE work
Andreas Gruenbacher <agruenba@redhat.com>
gfs2: Rename GLF_VERIFY_EVICT to GLF_VERIFY_DELETE
James Clark <james.clark@linaro.org>
perf cs-etm: Don't flush when packet_queue fills up
David Laight <David.Laight@ACULAB.COM>
x86: fix off-by-one in access_ok()
Dan Carpenter <dan.carpenter@linaro.org>
mailbox: arm_mhuv2: clean up loop in get_irq_chan_comb()
Yang Yingliang <yangyingliang@huawei.com>
mailbox: mtk-cmdq: fix wrong use of sizeof in cmdq_get_clocks()
Paul Aurich <paul@darkrain42.org>
smb: cached directories can be more than root file handle
Tomas Glozar <tglozar@redhat.com>
rtla/timerlat: Do not set params->user_workload with -U
zhang jiao <zhangjiao2@cmss.chinamobile.com>
pinctrl: k210: Undef K210_PC_DEFAULT
Konrad Dybcio <konrad.dybcio@oss.qualcomm.com>
arm64: dts: qcom: sc8180x: Add a SoC-specific compatible to cpufreq-hw
Nuno Sa <nuno.sa@analog.com>
clk: clk-axi-clkgen: make sure to enable the AXI bus clock
Nuno Sa <nuno.sa@analog.com>
dt-bindings: clock: axi-clkgen: include AXI clk
Lorenzo Bianconi <lorenzo@kernel.org>
clk: en7523: fix estimation of fixed rate for EN7581
Lorenzo Bianconi <lorenzo@kernel.org>
clk: en7523: introduce chip_scu regmap
Lorenzo Bianconi <lorenzo@kernel.org>
clk: en7523: move clock_register in hw_init callback
Lorenzo Bianconi <lorenzo@kernel.org>
clk: en7523: remove REG_PCIE*_{MEM,MEM_MASK} configuration
Sergio Paracuellos <sergio.paracuellos@gmail.com>
clk: ralink: mtmips: fix clocks probe order in oldest ralink SoCs
Sergio Paracuellos <sergio.paracuellos@gmail.com>
clk: ralink: mtmips: fix clock plan for Ralink SoC RT3883
Charles Han <hanchunchao@inspur.com>
clk: clk-apple-nco: Add NULL check in applnco_probe
Patrisious Haddad <phaddad@nvidia.com>
RDMA/mlx5: Move events notifier registration to be after device registration
Zhen Lei <thunder.leizhen@huawei.com>
fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem()
Zhang Zekun <zhangzekun11@huawei.com>
powerpc/kexec: Fix return of uninitialized variable
Kajol Jain <kjain@linux.ibm.com>
KVM: PPC: Book3S HV: Fix kmv -> kvm typo
Feng Fang <fangfeng4@huawei.com>
RDMA/hns: Fix different dgids mapping to the same dip_idx
Michal Suchanek <msuchanek@suse.de>
powerpc/sstep: make emulate_vsx_load and emulate_vsx_store static
Gautam Menghani <gautam@linux.ibm.com>
KVM: PPC: Book3S HV: Avoid returning to nested hypervisor on pending doorbells
Gautam Menghani <gautam@linux.ibm.com>
KVM: PPC: Book3S HV: Stop using vc->dpdes for nested KVM guests
Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
dax: delete a stale directory pmem
Dmitry Antipov <dmantipov@yandex.ru>
ocfs2: fix uninitialized value in ocfs2_file_read_iter()
Dan Carpenter <dan.carpenter@linaro.org>
kunit: skb: use "gfp" variable instead of hardcoding GFP_KERNEL
Sabyrzhan Tasbolatov <snovitoll@gmail.com>
kasan: move checks to do_strncpy_from_user
Jinjie Ruan <ruanjinjie@huawei.com>
cpufreq: CPPC: Fix wrong return value in cppc_get_cpu_power()
Jinjie Ruan <ruanjinjie@huawei.com>
cpufreq: CPPC: Fix wrong return value in cppc_get_cpu_cost()
Andy Shevchenko <andriy.shevchenko@linux.intel.com>
cpufreq: loongson3: Check for error code from devm_mutex_init() call
Junxian Huang <huangjunxian6@hisilicon.com>
RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg()
Junxian Huang <huangjunxian6@hisilicon.com>
RDMA/hns: Fix out-of-order issue of requester when setting FENCE
Sourabh Jain <sourabhjain@linux.ibm.com>
fadump: reserve param area if below boot_mem_top
Hari Bathini <hbathini@linux.ibm.com>
powerpc/fadump: allocate memory for additional parameters early
Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
x86/tdx: Dynamically disable SEPT violations from causing #VEs
Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
x86/tdx: Rename tdx_parse_tdinfo() to tdx_setup()
Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
x86/tdx: Introduce wrappers to read and write TD metadata
Bart Van Assche <bvanassche@acm.org>
scsi: sg: Enable runtime power management
Zhen Lei <thunder.leizhen@huawei.com>
scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb()
Zhen Lei <thunder.leizhen@huawei.com>
scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb()
Zeng Heng <zengheng4@huawei.com>
scsi: fusion: Remove unused variable 'rc'
Ye Bin <yebin10@huawei.com>
scsi: bfa: Fix use-after-free in bfad_im_module_exit()
Baolin Liu <liubaolin@kylinos.cn>
scsi: target: Fix incorrect function name in pscsi_create_type_disk()
Mirsad Todorovac <mtodorovac69@gmail.com>
fs/proc/kcore.c: fix coccinelle reported ERROR instances
Raymond Hackley <raymondhackley@protonmail.com>
leds: ktd2692: Set missing timing properties
Javier Carrasco <javier.carrasco.cruz@gmail.com>
leds: max5970: Fix unreleased fwnode_handle in probe function
Zhang Changzhong <zhangchangzhong@huawei.com>
mfd: rt5033: Fix missing regmap_del_irq_chip()
Tamir Duberstein <tamird@gmail.com>
checkpatch: always parse orig_commit in fixes tag
Zhenzhong Duan <zhenzhong.duan@intel.com>
iommu/vt-d: Fix checks and print in pgtable_walk()
Zhenzhong Duan <zhenzhong.duan@intel.com>
iommu/vt-d: Fix checks and print in dmar_fault_dump_ptes()
Yang Yingliang <yangyingliang@huawei.com>
clk: imx: imx8-acm: Fix return value check in clk_imx_acm_attach_pm_domains()
Dong Aisheng <aisheng.dong@nxp.com>
clk: imx: clk-scu: fix clk enable state save and restore
Peng Fan <peng.fan@nxp.com>
clk: imx: fracn-gppll: fix pll power up
Peng Fan <peng.fan@nxp.com>
clk: imx: fracn-gppll: correct PLL initialization flow
Peng Fan <peng.fan@nxp.com>
clk: imx: lpcg-scu: SW workaround for errata (e10858)
Björn Töpel <bjorn@rivosinc.com>
riscv: kvm: Fix out-of-bounds array access
Yong-Xuan Wang <yongxuan.wang@sifive.com>
RISC-V: KVM: Fix APLIC in_clrip and clripnum write emulation
Liu Jian <liujian56@huawei.com>
RDMA/rxe: Set queue pair cur_qp_state when being queried
Biju Das <biju.das.jz@bp.renesas.com>
clk: renesas: rzg2l: Fix FOUTPOSTDIV clk
Andre Przywara <andre.przywara@arm.com>
clk: sunxi-ng: d1: Fix PLL_AUDIO0 preset
Kashyap Desai <kashyap.desai@broadcom.com>
RDMA/bnxt_re: Check cqe flags to know imm_data vs inv_irkey
Zhu Yanjun <yanjun.zhu@linux.dev>
RDMA/rxe: Fix the qp flush warnings in req
wenglianfa <wenglianfa@huawei.com>
RDMA/hns: Fix cpu stuck caused by printings during reset
Junxian Huang <huangjunxian6@hisilicon.com>
RDMA/hns: Use dev_* printings in hem code instead of ibdev_*
Yuyu Li <liyuyu6@huawei.com>
RDMA/hns: Modify debugfs name
wenglianfa <wenglianfa@huawei.com>
RDMA/hns: Fix flush cqe error when racing with destroy qp
wenglianfa <wenglianfa@huawei.com>
RDMA/hns: Fix an AEQE overflow error caused by untimely update of eq_db_ci
Vasant Hegde <vasant.hegde@amd.com>
iommu/amd/pgtbl_v2: Take protection domain lock before invalidating TLB
Jason Gunthorpe <jgg@ziepe.ca>
iommu/amd: Narrow the use of struct protection_domain to invalidation
Jason Gunthorpe <jgg@ziepe.ca>
iommu/amd: Store the nid in io_pgtable_cfg instead of the domain
Jason Gunthorpe <jgg@ziepe.ca>
iommu/amd: Rename struct amd_io_pgtable iopt to pgtbl
Jason Gunthorpe <jgg@ziepe.ca>
iommu/amd: Remove the amd_iommu_domain_set_pt_root() and related
Jason Gunthorpe <jgg@ziepe.ca>
iommu/amd: Remove amd_iommu_domain_update() from page table freeing
Jinjie Ruan <ruanjinjie@huawei.com>
cpufreq: CPPC: Fix possible null-ptr-deref for cppc_get_cpu_cost()
Jinjie Ruan <ruanjinjie@huawei.com>
cpufreq: CPPC: Fix possible null-ptr-deref for cpufreq_cpu_get_raw()
Michael Ellerman <mpe@ellerman.id.au>
powerpc/pseries: Fix dtl_access_lock to be a rw_semaphore
Takahiro Kuwano <Takahiro.Kuwano@infineon.com>
mtd: spi-nor: spansion: Use nor->addr_nbytes in octal DTR mode in RD_ANY_REG_OP
Zichen Xie <zichenxie0106@gmail.com>
clk: sophgo: avoid integer overflow in sg2042_pll_recalc_rate()
Ritesh Harjani (IBM) <ritesh.list@gmail.com>
powerpc/mm/fault: Fix kfence page fault reporting
Miquel Raynal <miquel.raynal@bootlin.com>
mtd: rawnand: atmel: Fix possible memory leak
Biju Das <biju.das.jz@bp.renesas.com>
mtd: hyperbus: rpc-if: Add missing MODULE_DEVICE_TABLE
Ritesh Harjani (IBM) <ritesh.list@gmail.com>
powerpc/fadump: Move fadump_cma_init to setup_arch() after initmem_init()
Ritesh Harjani (IBM) <ritesh.list@gmail.com>
powerpc/fadump: Refactor and prepare fadump_cma_init for late init
Yuan Can <yuancan@huawei.com>
cpufreq: loongson2: Unregister platform_driver on failure
Andy Shevchenko <andriy.shevchenko@linux.intel.com>
mfd: intel_soc_pmic_bxtwc: Fix IRQ domain names duplication
Matti Vaittinen <mazziesaccount@gmail.com>
regmap: Allow setting IRQ domain name suffix
Matti Vaittinen <mazziesaccount@gmail.com>
irqdomain: Allow giving name suffix for domain
Thomas Gleixner <tglx@linutronix.de>
irqdomain: Cleanup domain name allocation
Matti Vaittinen <mazziesaccount@gmail.com>
irqdomain: Simplify simple and legacy domain creation
Andy Shevchenko <andriy.shevchenko@linux.intel.com>
mfd: intel_soc_pmic_bxtwc: Use IRQ domain for PMIC devices
Andy Shevchenko <andriy.shevchenko@linux.intel.com>
mfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device
Andy Shevchenko <andriy.shevchenko@linux.intel.com>
mfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device
Marcus Folkesson <marcus.folkesson@gmail.com>
mfd: da9052-spi: Change read-mask to write-mask
Jinjie Ruan <ruanjinjie@huawei.com>
mfd: tps65010: Use IRQF_NO_AUTOEN flag in request_irq() to fix race
Christophe Leroy <christophe.leroy@csgroup.eu>
powerpc/vdso: Flag VDSO64 entry points as functions
Yihang Li <liyihang9@huawei.com>
scsi: hisi_sas: Enable all PHYs that are not disabled by user during controller reset
Matthew Rosato <mjrosato@linux.ibm.com>
iommu/s390: Implement blocking domain
Jonathan Marek <jonathan@marek.ca>
clk: qcom: videocc-sm8550: depend on either gcc-sm8550 or gcc-sm8650
Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>
pinctrl: renesas: Select PINCTRL_RZG2L for RZ/V2H(P) SoC
Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
pinctrl: zynqmp: drop excess struct member description
Levi Yun <yeoreum.yun@arm.com>
trace/trace_event_perf: remove duplicate samples on the first tracepoint event
Lukas Bulwahn <lukas.bulwahn@redhat.com>
clk: mediatek: drop two dead config options
Chengchang Tang <tangchengchang@huawei.com>
RDMA/hns: Disassociate mmap pages for all uctx when HW is being reset
Chengchang Tang <tangchengchang@huawei.com>
RDMA/core: Provide rdma_user_mmap_disassociate() to disassociate mmap pages
Jie Zhan <zhanjie9@hisilicon.com>
cppc_cpufreq: Use desired perf if feedback ctrs are 0 or unchanged
André Almeida <andrealmeid@igalia.com>
unicode: Fix utf8_load() error path
Jiayuan Chen <mrpre@163.com>
bpf: fix recursive lock when verdict program return SK_PASS
Hangbin Liu <liuhangbin@gmail.com>
wireguard: selftests: load nf_conntrack if not present
Breno Leitao <leitao@debian.org>
netpoll: Use rcu_access_pointer() in netpoll_poll_lock
Jiawen Wu <jiawenwu@trustnetic.com>
net: txgbe: fix null pointer to pcs
Jiawen Wu <jiawenwu@trustnetic.com>
net: txgbe: remove GPIO interrupt controller
Jakub Kicinski <kuba@kernel.org>
eth: fbnic: don't disable the PCI device twice
Alexander Aring <aahringo@redhat.com>
dlm: fix dlm_recover_members refcount on error
Gao Xiang <xiang@kernel.org>
erofs: handle NONHEAD !delta[1] lclusters gracefully
Felix Maurer <fmaurer@redhat.com>
xsk: Free skb when TX metadata options are invalid
Dmitry Antipov <dmantipov@yandex.ru>
Bluetooth: fix use-after-free in device_for_each_child()
Iulia Tanasescu <iulia.tanasescu@nxp.com>
Bluetooth: ISO: Send BIG Create Sync via hci_sync
Iulia Tanasescu <iulia.tanasescu@nxp.com>
Bluetooth: ISO: Do not emit LE BIG Create Sync if previous is pending
Iulia Tanasescu <iulia.tanasescu@nxp.com>
Bluetooth: ISO: Do not emit LE PA Create Sync if previous is pending
Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Bluetooth: ISO: Use kref to track lifetime of iso_conn
Javier Carrasco <javier.carrasco.cruz@gmail.com>
Bluetooth: btbcm: fix missing of_node_put() in btbcm_get_board_name()
Chris Lu <chris.lu@mediatek.com>
Bluetooth: btmtk: adjust the position to init iso data anchor
Kiran K <kiran.k@intel.com>
Bluetooth: btintel: Do no pass vendor events to stack
Kiran K <kiran.k@intel.com>
Bluetooth: btintel_pcie: Add handshake between driver and firmware
guanjing <guanjing@cmss.chinamobile.com>
selftests: netfilter: Fix missing return values in conntrack_dump_flush
Igor Pylypiv <ipylypiv@google.com>
i2c: dev: Fix memory leak when underlying adapter does not support I2C
Takashi Iwai <tiwai@suse.de>
ALSA: 6fire: Release resources at card release
Takashi Iwai <tiwai@suse.de>
ALSA: caiaq: Use snd_card_free_when_closed() at disconnection
Takashi Iwai <tiwai@suse.de>
ALSA: us122l: Use snd_card_free_when_closed() at disconnection
Takashi Iwai <tiwai@suse.de>
ALSA: usx2y: Use snd_card_free_when_closed() at disconnection
Xu Kuohai <xukuohai@huawei.com>
bpf: Add kernel symbol for struct_ops trampoline
Xu Kuohai <xukuohai@huawei.com>
bpf: Use function pointers count as struct_ops links count
Kalle Valo <kvalo@kernel.org>
Revert "wifi: iwlegacy: do not skip frames with bad FCS"
Mingwei Zheng <zmw12306@gmail.com>
net: rfkill: gpio: Add check for clk_enable()
Omid Ehtemam-Haghighi <omid.ehtemamhaghighi@menlosecurity.com>
ipv6: Fix soft lockups in fib6_select_path under high next hop churn
Viktor Malik <vmalik@redhat.com>
selftests/bpf: skip the timer_lockup test for single-CPU nodes
Jiri Olsa <jolsa@kernel.org>
bpf: Force uprobe bpf program to always return 0
Jiri Olsa <jolsa@kernel.org>
bpf: Allow return values 0 and 1 for kprobe session
Yuan Can <yuancan@huawei.com>
drm/amdkfd: Fix wrong usage of INIT_WORK()
Lijo Lazar <lijo.lazar@amd.com>
drm/amdgpu: Fix map/unmap queue logic
Yang Wang <kevinyang.wang@amd.com>
drm/amdgpu: fix ACA bank count boundary check error
Emmanuel Grumbach <emmanuel.grumbach@intel.com>
wifi: iwlwifi: mvm: tell iwlmei when we finished suspending
Emmanuel Grumbach <emmanuel.grumbach@intel.com>
wifi: iwlwifi: allow fast resume on ax200
Lingbo Kong <quic_lingbok@quicinc.com>
wifi: cfg80211: Remove the Medium Synchronization Delay validity check
Paolo Abeni <pabeni@redhat.com>
selftests: net: really check for bg process completion
Paolo Abeni <pabeni@redhat.com>
ipv6: release nexthop on device removal
Zijian Zhang <zijianzhang@bytedance.com>
bpf, sockmap: Fix sk_msg_reset_curr
Zijian Zhang <zijianzhang@bytedance.com>
bpf, sockmap: Several fixes to bpf_msg_pop_data
Zijian Zhang <zijianzhang@bytedance.com>
bpf, sockmap: Several fixes to bpf_msg_push_data
Zijian Zhang <zijianzhang@bytedance.com>
selftests/bpf: Add push/pop checking for msg_verify_data in test_sockmap
Zijian Zhang <zijianzhang@bytedance.com>
selftests/bpf: Fix total_bytes in msg_loop_rx in test_sockmap
Zijian Zhang <zijianzhang@bytedance.com>
selftests/bpf: Fix SENDPAGE data logic in test_sockmap
Zijian Zhang <zijianzhang@bytedance.com>
selftests/bpf: Add txmsg_pass to pull/push/pop in test_sockmap
Hao Ge <gehao@kylinos.cn>
isofs: avoid memory leak in iocharset
Adrián Larumbe <adrian.larumbe@collabora.com>
drm/panthor: Fix OPP refcnt leaks in devfreq initialisation
Adrián Larumbe <adrian.larumbe@collabora.com>
drm/panthor: record current and maximum device clock frequencies
Adrián Larumbe <adrian.larumbe@collabora.com>
drm/panthor: introduce job cycle and timestamp accounting
Adrián Larumbe <adrian.larumbe@collabora.com>
drm/panfrost: Add missing OPP table refcnt decremental
Pei Xiao <xiaopei01@kylinos.cn>
wifi: rtw89: coex: check NULL return of kmalloc in btc_fw_set_monreg()
Maurice Lambert <mauricelambert434@gmail.com>
netlink: typographical error in nlmsg_type constants definition
Florian Westphal <fw@strlen.de>
netfilter: nf_tables: must hold rcu read lock while iterating object type list
Florian Westphal <fw@strlen.de>
netfilter: nf_tables: must hold rcu read lock while iterating expression type list
Florian Westphal <fw@strlen.de>
netfilter: nf_tables: avoid false-positive lockdep splat on rule deletion
Jonathan Gray <jsg@jsg.id.au>
drm: use ATOMIC64_INIT() for atomic64_t
Kumar Kartikeya Dwivedi <memxor@gmail.com>
bpf: Mark raw_tp arguments with PTR_MAYBE_NULL
Philo Lu <lulie@linux.alibaba.com>
selftests/bpf: Add test for __nullable suffix in tp_btf
Philo Lu <lulie@linux.alibaba.com>
bpf: Support __nullable argument suffix for tp_btf
Li Huafei <lihuafei1@huawei.com>
drm/amdgpu: Fix the memory allocation issue in amdgpu_discovery_get_nps_info()
José Expósito <jose.exposito89@gmail.com>
drm/vkms: Drop unnecessary call to drm_crtc_cleanup()
Kumar Kartikeya Dwivedi <memxor@gmail.com>
bpf: Tighten tail call checks for lingering locks, RCU, preempt_disable
Leon Hwang <leon.hwang@linux.dev>
bpf, bpftool: Fix incorrect disasm pc
Zichen Xie <zichenxie0106@gmail.com>
drm/msm/dpu: cast crtc_clk calculation to u64 in _dpu_core_perf_calc_clk()
Linus Walleij <linus.walleij@linaro.org>
wifi: cw1200: Fix potential NULL dereference
Yuan Can <yuancan@huawei.com>
wifi: wfx: Fix error handling in wfx_core_init()
Steffen Dirkwinkel <s.dirkwinkel@beckhoff.com>
drm: xlnx: zynqmp_disp: layer may be null while releasing
Sean Anderson <sean.anderson@linux.dev>
drm: zynqmp_kms: Unplug DRM device before removal
Li Huafei <lihuafei1@huawei.com>
drm/nouveau/gr/gf100: Fix missing unlock in gf100_gr_chan_new()
Fangzhi Zuo <Jerry.Zuo@amd.com>
drm/amd/display: Reduce HPD Detection Interval for IPS
Roman Li <Roman.Li@amd.com>
drm/amd/display: Increase idle worker HPD detection time
Lucas Stach <l.stach@pengutronix.de>
drm/etnaviv: hold GPU lock across perfmon sampling
Xiaolei Wang <xiaolei.wang@windriver.com>
drm/etnaviv: Request pages from DMA32 zone on addressing_limited
Suraj Kandpal <suraj.kandpal@intel.com>
drm/xe/hdcp: Fix gsc structure check in fw check status
Lukasz Luba <lukasz.luba@arm.com>
drm/msm/gpu: Check the status of registration to PM QoS
Jinjie Ruan <ruanjinjie@huawei.com>
drm/msm/adreno: Use IRQF_NO_AUTOEN flag in request_irq()
Xu Kuohai <xukuohai@huawei.com>
bpf, arm64: Remove garbage frame for struct_ops trampoline
Steven Price <steven.price@arm.com>
drm/panfrost: Remove unused id_mask from struct panfrost_model
Andrii Nakryiko <andrii@kernel.org>
libbpf: move global data mmap()'ing into bpf_object__load()
Andrii Nakryiko <andrii@kernel.org>
selftests/bpf: fix test_spin_lock_fail.c's global vars usage
Dipendra Khadka <kdipendra88@gmail.com>
octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dcbnl.c
Dipendra Khadka <kdipendra88@gmail.com>
octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dmac_flt.c
Dipendra Khadka <kdipendra88@gmail.com>
octeontx2-pf: handle otx2_mbox_get_rsp errors in cn10k.c
Dipendra Khadka <kdipendra88@gmail.com>
octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_flows.c
Dipendra Khadka <kdipendra88@gmail.com>
octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_ethtool.c
Dipendra Khadka <kdipendra88@gmail.com>
octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_common.c
Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
drm/msm/dpu: drop LM_3 / LM_4 on MSM8998
Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
drm/msm/dpu: drop LM_3 / LM_4 on SDM845
Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
drm/msm/dpu: on SDM845 move DSPP_3 to LM_5 block
Ryan Walklin <ryan@testtoast.com>
drm: panel: nv3052c: correct spi_device_id for RG35XX panel
Matthias Schiffer <matthias.schiffer@tq-group.com>
drm: fsl-dcu: enable PIXCLK on LS1021A
Alper Nebi Yasak <alpernebiyasak@gmail.com>
wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan()
Marek Vasut <marex@denx.de>
wifi: wilc1000: Set MAC after operation mode
Zijian Zhang <zijianzhang@bytedance.com>
selftests/bpf: Fix txmsg_redir of test_txmsg_pull in test_sockmap
Zijian Zhang <zijianzhang@bytedance.com>
selftests/bpf: Fix msg_verify_data in test_sockmap
Tomi Valkeinen <tomi.valkeinen@ideasonboard.com>
drm/bridge: tc358767: Fix link properties discovery
Hangbin Liu <liuhangbin@gmail.com>
netdevsim: copy addresses for both in and out paths
Andrii Nakryiko <andrii@kernel.org>
libbpf: never interpret subprogs in .text as entry programs
Everest K.C <everestkc@everestkc.com.np>
ASoC: rt722-sdca: Remove logically deadcode in rt722-sdca.c
Karol Wachowski <karol.wachowski@intel.com>
accel/ivpu: Prevent recovery invocation during probe and resume
Andrii Nakryiko <andrii@kernel.org>
libbpf: fix sym_is_subprog() logic for weak global subprogs
Dave Stevenson <dave.stevenson@raspberrypi.com>
drm/vc4: Correct generation check in vc4_hvs_lut_load
Dave Stevenson <dave.stevenson@raspberrypi.com>
drm/vc4: Match drm_dev_enter and exit calls in vc4_hvs_atomic_flush
Dave Stevenson <dave.stevenson@raspberrypi.com>
drm/vc4: Match drm_dev_enter and exit calls in vc4_hvs_lut_load
Maxime Ripard <mripard@kernel.org>
drm/vc4: Introduce generation number enum
Dom Cobley <popcornmix@gmail.com>
drm/vc4: hdmi: Increase audio MAI fifo dreq threshold
Jacob Keller <jacob.e.keller@intel.com>
ice: consistently use q_idx in ice_vc_cfg_qs_msg()
Karthikeyan Periyasamy <quic_periyasa@quicinc.com>
wifi: cfg80211: check radio iface combination for multi radio per wiphy
Alexis Lothoré (eBPF Foundation) <alexis.lothore@bootlin.com>
selftests/bpf: add missing header include for htons
Balaji Pothunoori <quic_bpothuno@quicinc.com>
wifi: ath11k: Fix CE offset address calculation for WCN6750 in SSR
Eduard Zingerman <eddyz87@gmail.com>
selftests/bpf: Fix backtrace printing for selftests crashes
Kui-Feng Lee <thinker.li@gmail.com>
selftests/bpf: netns_new() and netns_free() helpers.
Yuan Chen <chenyuan@kylinos.cn>
bpf: Fix the xdp_adjust_tail sample prog issue
Arnd Bergmann <arnd@arndb.de>
wifi: ath12k: fix one more memcpy size error
Rameshkumar Sundaram <quic_ramess@quicinc.com>
wifi: ath12k: fix use-after-free in ath12k_dp_cc_cleanup()
Aurabindo Pillai <aurabindo.pillai@amd.com>
drm/amd/display: fix a memleak issue when driver is removed
Martin Kaistra <martin.kaistra@linutronix.de>
wifi: rtl8xxxu: Perform update_beacon_work when beaconing is enabled
Alexander Aring <aahringo@redhat.com>
dlm: fix swapped args sb_flags vs sb_status
Tony Ambardar <tony.ambardar@gmail.com>
libbpf: Fix output .symtab byte-order during linking
Tao Chen <chen.dylane@gmail.com>
libbpf: Fix expected_attach_type set handling in program load callback
Pin-yen Lin <treapking@chromium.org>
drm/bridge: it6505: Drop EDID cache on bridge power off
Pin-yen Lin <treapking@chromium.org>
drm/bridge: anx7625: Drop EDID cache on bridge power off
Geert Uytterhoeven <geert+renesas@glider.be>
ASoC: fsl-asoc-card: Add missing handling of {hp,mic}-dt-gpios
Macpaul Lin <macpaul.lin@mediatek.com>
ASoC: dt-bindings: mt6359: Update generic node name and dmic-mode
Shengjiu Wang <shengjiu.wang@nxp.com>
ASoC: fsl_micfil: fix regmap_write_bits usage
Igor Prusov <ivprusov@salutedevices.com>
dt-bindings: vendor-prefixes: Add NeoFidelity, Inc
Ramya Gnanasekar <quic_rgnanase@quicinc.com>
wifi: ath12k: Skip Rx TID cleanup for self peer
Baochen Qiang <quic_bqiang@quicinc.com>
wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss2
Baochen Qiang <quic_bqiang@quicinc.com>
wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss1
Lijo Lazar <lijo.lazar@amd.com>
drm/amdgpu: Fix JPEG v4.0.3 register write
Maíra Canal <mcanal@igalia.com>
drm/v3d: Flush the MMU before we supply more memory to the binner
Maíra Canal <mcanal@igalia.com>
drm/v3d: Address race-condition in MMU flush
Linus Walleij <linus.walleij@linaro.org>
drm/panel: nt35510: Make new commands optional
Alexander Stein <alexander.stein@ew.tq-group.com>
drm/imx: Add missing DRM_BRIDGE_CONNECTOR dependency
Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
drm/imx: parallel-display: switch to drm_panel_bridge
Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
drm/imx: ldb: switch to drm_panel_bridge
Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
drm/imx: ldb: drop custom DDC bus support
Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
drm/imx: ldb: drop custom EDID support
Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
drm/imx: parallel-display: drop edid override support
Jani Nikula <jani.nikula@intel.com>
drm/ipuv3/parallel: convert to struct drm_edid
Jinjie Ruan <ruanjinjie@huawei.com>
drm/imx/ipuv3: Use IRQF_NO_AUTOEN flag in request_irq()
Jinjie Ruan <ruanjinjie@huawei.com>
drm/imx/dcss: Use IRQF_NO_AUTOEN flag in request_irq()
Huan Yang <link@vivo.com>
udmabuf: fix vmap_udmabuf error page set
Huan Yang <link@vivo.com>
udmabuf: change folios array from kmalloc to kvmalloc
Jinjie Ruan <ruanjinjie@huawei.com>
wifi: mwifiex: Use IRQF_NO_AUTOEN flag in request_irq()
Jinjie Ruan <ruanjinjie@huawei.com>
wifi: p54: Use IRQF_NO_AUTOEN flag in request_irq()
Tvrtko Ursulin <tvrtko.ursulin@igalia.com>
drm/v3d: Appease lockdep while updating GPU stats
Tomi Valkeinen <tomi.valkeinen@ideasonboard.com>
drm/omap: Fix locking in omap_gem_new_dmabuf()
Tomi Valkeinen <tomi.valkeinen@ideasonboard.com>
drm/omap: Fix possible NULL dereference
Jeongjun Park <aha310510@gmail.com>
wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service()
Dave Stevenson <dave.stevenson@raspberrypi.com>
drm/vc4: hvs: Correct logic on stopping an HVS channel
Dave Stevenson <dave.stevenson@raspberrypi.com>
drm/vc4: hvs: Remove incorrect limit from hvs_dlist debugfs function
Dave Stevenson <dave.stevenson@raspberrypi.com>
drm/vc4: hvs: Fix dlist debug not resetting the next entry pointer
Dom Cobley <popcornmix@gmail.com>
drm/vc4: hdmi: Avoid hang with debug registers when suspended
Dave Stevenson <dave.stevenson@raspberrypi.com>
drm/vc4: hvs: Don't write gamma luts on 2711
Andy Shevchenko <andriy.shevchenko@linux.intel.com>
drm/mm: Mark drm_mm_interval_tree*() functions with __maybe_unused
Matt Coster <Matt.Coster@imgtec.com>
drm/imagination: Use pvr_vm_context_get()
Chen Yufan <chenyufan@vivo.com>
drm/imagination: Convert to use time_before macro
Yao Zi <ziyao@disroot.org>
platform/x86: panasonic-laptop: Return errno correctly in show callback
Vitaly Kuznetsov <vkuznets@redhat.com>
HID: hyperv: streamline driver probe to avoid devres issues
Chris Morgan <macromorgan@hotmail.com>
arm64: dts: rockchip: correct analog audio name on Indiedroid Nova
Li Huafei <lihuafei1@huawei.com>
media: atomisp: Add check for rgby_data memory allocation failure
Uwe Kleine-König <u.kleine-koenig@baylibre.com>
pwm: Assume a disabled PWM to emit a constant inactive output
Sergey Senozhatsky <senozhatsky@chromium.org>
media: venus: sync with threaded IRQ during inst destruction
Sergey Senozhatsky <senozhatsky@chromium.org>
media: venus: fix enc/dec destruction order
Bingbu Cao <bingbu.cao@intel.com>
media: ipu6: not override the dma_ops of device in driver
Sakari Ailus <sakari.ailus@linux.intel.com>
media: ipu6: Fix DMA and physical address debugging messages for 32-bit
Luo Qiu <luoqiu@kylinsec.com.cn>
firmware: arm_scpi: Check the DVFS OPP count returned by the firmware
Reinette Chatre <reinette.chatre@intel.com>
selftests/resctrl: Protect against array overrun during iMC config parsing
Reinette Chatre <reinette.chatre@intel.com>
selftests/resctrl: Fix memory overflow due to unhandled wraparound
Reinette Chatre <reinette.chatre@intel.com>
selftests/resctrl: Print accurate buffer size as part of MBM results
Chen-Yu Tsai <wenst@chromium.org>
arm64: dts: mediatek: mt8183-kukui-jacuzzi: Add supplies for fixed regulators
Chen-Yu Tsai <wenst@chromium.org>
arm64: dts: mediatek: mt8183-kukui-jacuzzi: Fix DP bridge supply names
Macpaul Lin <macpaul.lin@mediatek.com>
arm64: dts: mediatek: mt6358: fix dtbs_check error
AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
arm64: dts: mediatek: Add ADC node on MT6357, MT6358, MT6359 PMICs
Frank Li <Frank.Li@nxp.com>
arm64: dts: imx8mn-tqma8mqnl-mba8mx-usbot: fix coexistence of output-low and output-high in GPIO
Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>
arm64: dts: renesas: hihope: Drop #sound-dai-cells
Andy Shevchenko <andriy.shevchenko@linux.intel.com>
regmap: irq: Set lockdep class for hierarchical IRQ domains
Jinjie Ruan <ruanjinjie@huawei.com>
spi: zynqmp-gqspi: Undo runtime PM changes at driver exit time
Breno Leitao <leitao@debian.org>
spi: tegra210-quad: Avoid shift-out-of-bounds
Zhang Zekun <zhangzekun11@huawei.com>
pmdomain: ti-sci: Add missing of_node_put() for args.np
Usama Arif <usamaarif642@gmail.com>
of/fdt: add dt_phys arg to early_init_dt_scan and early_init_dt_verify
Abel Vesa <abel.vesa@linaro.org>
dt-bindings: cache: qcom,llcc: Fix X1E80100 reg entries
Konrad Dybcio <konradybcio@kernel.org>
arm64: dts: qcom: x1e80100: Update C4/C5 residency/exit numbers
Niklas Schnelle <schnelle@linux.ibm.com>
watchdog: Add HAS_IOPORT dependency for SBC8360 and SBC7240
Anurag Dutta <a-dutta@ti.com>
arm64: dts: ti: k3-j721s2: Fix clock IDs for MCSPI instances
Anurag Dutta <a-dutta@ti.com>
arm64: dts: ti: k3-j721e: Fix clock IDs for MCSPI instances
Anurag Dutta <a-dutta@ti.com>
arm64: dts: ti: k3-j7200: Fix clock ids for MCSPI instances
Jared McArthur <j-mcarthur@ti.com>
arm64: dts: ti: k3-j7200: Fix register map for main domain pmx
Andre Przywara <andre.przywara@arm.com>
ARM: dts: cubieboard4: Fix DCDC5 regulator constraints
Clark Wang <xiaoning.wang@nxp.com>
pwm: imx27: Workaround of the pwm output bug when decrease the duty cycle
Daolong Zhu <jg_daolongzhu@mediatek.corp-partner.google.com>
arm64: dts: mt8183: Damu: add i2c2's i2c-scl-internal-delay-ns
Daolong Zhu <jg_daolongzhu@mediatek.corp-partner.google.com>
arm64: dts: mt8183: cozmo: add i2c2's i2c-scl-internal-delay-ns
Daolong Zhu <jg_daolongzhu@mediatek.corp-partner.google.com>
arm64: dts: mt8183: burnet: add i2c2's i2c-scl-internal-delay-ns
Daolong Zhu <jg_daolongzhu@mediatek.corp-partner.google.com>
arm64: dts: mt8183: fennel: add i2c2's i2c-scl-internal-delay-ns
Heiko Stuebner <heiko@sntech.de>
arm64: dts: rockchip: Remove 'enable-active-low' from two boards
Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
power: sequencing: make the QCom PMU pwrseq driver depend on CONFIG_OF
Dragan Simic <dsimic@manjaro.org>
regulator: rk808: Restrict DVS GPIOs to the RK808 variant only
Chen Ridong <chenridong@huawei.com>
cgroup/bpf: only cgroup v2 can be attached by bpf programs
Chen Ridong <chenridong@huawei.com>
Revert "cgroup: Fix memory leak caused by missing cgroup_bpf_offline"
Fei Shao <fshao@chromium.org>
arm64: dts: mediatek: mt8195-cherry: Use correct audio codec DAI
Fei Shao <fshao@chromium.org>
arm64: dts: mediatek: mt8188: Fix USB3 PHY port default status
Chen-Yu Tsai <wenst@chromium.org>
arm64: dts: mediatek: mt8173-elm-hana: Add vdd-supply to second source trackpad
Nathan Morrisson <nmorrisson@phytec.com>
arm64: dts: ti: k3-am62x-phyboard-lyra: Drop unnecessary McASP AFIFOs
Randy Dunlap <rdunlap@infradead.org>
kernel-doc: allow object-like macros in ReST output
Sibi Sankar <quic_sibis@quicinc.com>
arm64: dts: qcom: x1e80100: Resize GIC Redistributor register region
Hsin-Te Yuan <yuanhsinte@chromium.org>
arm64: dts: mt8183: kukui: Fix the address of eeprom at i2c4
Hsin-Te Yuan <yuanhsinte@chromium.org>
arm64: dts: mt8183: krane: Fix the address of eeprom at i2c4
Colin Ian King <colin.i.king@gmail.com>
media: i2c: ds90ub960: Fix missing return check on ub960_rxport_read call
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
media: i2c: vgxy61: Fix an error handling path in vgxy61_detect()
Gregory Price <gourry@gourry.net>
tpm: fix signed/unsigned bug when checking event logs
Jonathan Marek <jonathan@marek.ca>
efi/libstub: fix efi_parse_options() ignoring the default command line
Stafford Horne <shorne@gmail.com>
openrisc: Implement fixmap to fix earlycon
Abel Vesa <abel.vesa@linaro.org>
arm64: dts: qcom: x1e80100-vivobook-s15: Drop orientation-switch from USB SS[0-1] QMP PHYs
Abel Vesa <abel.vesa@linaro.org>
arm64: dts: qcom: x1e80100-slim7x: Drop orientation-switch from USB SS[0-1] QMP PHYs
Chen-Yu Tsai <wenst@chromium.org>
scripts/kernel-doc: Do not track section counter across processed files
Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
mmc: mmc_spi: drop buggy snprintf()
Andrei Simion <andrei.simion@microchip.com>
ARM: dts: microchip: sam9x60: Add missing property atmel,usart-mode
Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
arm64: dts: qcom: sda660-ifc6560: fix l10a voltage ranges
Luca Weiss <luca.weiss@fairphone.com>
arm64: dts: qcom: sm6350: Fix GPU frequencies missing on some speedbins
Dan Carpenter <dan.carpenter@linaro.org>
soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get()
Jinjie Ruan <ruanjinjie@huawei.com>
soc: ti: smartreflex: Use IRQF_NO_AUTOEN flag in request_irq()
Macpaul Lin <macpaul.lin@mediatek.com>
arm64: dts: mt8195: Fix dtbs_check error for infracfg_ao node
Macpaul Lin <macpaul.lin@mediatek.com>
arm64: dts: mt8195: Fix dtbs_check error for mutex node
Macpaul Lin <macpaul.lin@mediatek.com>
arm64: dts: mediatek: mt8395-genio-1200-evk: Fix dtbs_check error for phy
Pablo Sun <pablo.sun@mediatek.com>
arm64: dts: mediatek: mt8188: Fix wrong clock provider in MFG1 power domain
Michal Simek <michal.simek@amd.com>
microblaze: Export xmb_manager functions
Gaosheng Cui <cuigaosheng1@huawei.com>
drivers: soc: xilinx: add the missing kfree in xlnx_add_cb_for_suspend()
Wolfram Sang <wsa+renesas@sang-engineering.com>
ARM: dts: renesas: genmai: Fix partition size for QSPI NOR Flash
Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
arm64: dts: qcom: qcs6390-rb3gen2: use modem.mbn for modem DSP
Jinjie Ruan <ruanjinjie@huawei.com>
spi: spi-fsl-lpspi: Use IRQF_NO_AUTOEN flag in request_irq()
Min-Hua Chen <minhuadotchen@gmail.com>
regulator: qcom-smd: make smd_vreg_rpm static
Javier Carrasco <javier.carrasco.cruz@gmail.com>
clocksource/drivers/timer-ti-dm: Fix child node refcount handling
Mark Brown <broonie@kernel.org>
clocksource/drivers:sp804: Make user selectable
Marco Elver <elver@google.com>
kcsan, seqlock: Fix incorrect assumption in read_seqbegin()
Marco Elver <elver@google.com>
kcsan, seqlock: Support seqcount_latch_t
Uros Bizjak <ubizjak@gmail.com>
locking/atomic/x86: Use ALT_OUTPUT_SP() for __arch_{,try_}cmpxchg64_emu()
Uros Bizjak <ubizjak@gmail.com>
locking/atomic/x86: Use ALT_OUTPUT_SP() for __alternative_atomic64()
Miguel Ojeda <ojeda@kernel.org>
time: Fix references to _msecs_to_jiffies() handling of values
Miguel Ojeda <ojeda@kernel.org>
time: Partially revert cleanup on msecs_to_jiffies() documentation
Uros Bizjak <ubizjak@gmail.com>
cleanup: Remove address space of returned pointer
Carlos Llamas <cmllamas@google.com>
Revert "scripts/faddr2line: Check only two symbols when calculating symbol size"
Zheng Yejian <zhengyejian@huaweicloud.com>
x86/unwind/orc: Fix unwind for newly forked tasks
Daniel Lezcano <daniel.lezcano@linaro.org>
thermal/lib: Fix memory leak on error in thermal_genl_auto()
Daniel Lezcano <daniel.lezcano@linaro.org>
tools/lib/thermal: Make more generic the command encoding function
Uladzislau Rezki (Sony) <urezki@gmail.com>
rcuscale: Do a proper cleanup if kfree_scale_init() fails
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
crypto: cavium - Fix an error handling path in cpt_ucode_load_fw()
Michal Suchanek <msuchanek@suse.de>
crypto: aes-gcm-p10 - Use the correct bit to test for P10
Chen Ridong <chenridong@huawei.com>
crypto: bcm - add error check in the ahash_hmac_init function
Chen Ridong <chenridong@huawei.com>
crypto: caam - add error check to caam_rsa_set_priv_key_form
Lifeng Zheng <zhenglifeng1@huawei.com>
ACPI: CPPC: Fix _CPC register setting issue
Pei Xiao <xiaopei01@kylinos.cn>
hwmon: (nct6775-core) Fix overflows seen when writing limit attributes
Jerome Brunet <jbrunet@baylibre.com>
hwmon: (pmbus/core) clear faults after setting smbalert mask
Uladzislau Rezki (Sony) <urezki@gmail.com>
rcu/kvfree: Fix data-race in __mod_timer / kvfree_call_rcu
Michal Schmidt <mschmidt@redhat.com>
rcu/srcutiny: don't return before reenabling preemption
Baruch Siach <baruch@tkos.co.il>
doc: rcu: update printed dynticks counter bits
Christian Loehle <christian.loehle@arm.com>
sched/cpufreq: Ensure sd is rebuilt for EAS check
Li Huafei <lihuafei1@huawei.com>
crypto: inside-secure - Fix the return value of safexcel_xcbcmac_cra_init()
Wang Hai <wanghai38@huawei.com>
crypto: qat - Fix missing destroy_workqueue in adf_init_aer()
Orange Kao <orange@aiven.io>
EDAC/igen6: Avoid segmentation fault on module unload
Weili Qian <qianweili@huawei.com>
crypto: hisilicon/qm - disable same error report before resetting
Gautham R. Shenoy <gautham.shenoy@amd.com>
amd-pstate: Set min_perf to nominal_perf for active mode performance gov
Mario Limonciello <mario.limonciello@amd.com>
cpufreq/amd-pstate: Don't update CPPC request in amd_pstate_cpu_boost_update()
Everest K.C <everestkc@everestkc.com.np>
crypto: cavium - Fix the if condition to exit loop after timeout
Yi Yang <yiyang13@huawei.com>
crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY
Qiuxu Zhuo <qiuxu.zhuo@intel.com>
EDAC/{skx_common,i10nm}: Fix incorrect far-memory error source indicator
Qiuxu Zhuo <qiuxu.zhuo@intel.com>
EDAC/skx_common: Differentiate memory error sources
Priyanka Singh <priyanka.singh@nxp.com>
EDAC/fsl_ddr: Fix bad bit shift operations
Rafael J. Wysocki <rafael.j.wysocki@intel.com>
thermal: core: Fix race between zone registration and system suspend
Rafael J. Wysocki <rafael.j.wysocki@intel.com>
thermal: core: Mark thermal zones as initializing to start with
Rafael J. Wysocki <rafael.j.wysocki@intel.com>
thermal: core: Represent suspend-related thermal zone flags as bits
Rafael J. Wysocki <rafael.j.wysocki@intel.com>
thermal: core: Rearrange PM notification code
Rafael J. Wysocki <rafael.j.wysocki@intel.com>
thermal: core: Drop thermal_zone_device_is_enabled()
Rafael J. Wysocki <rafael.j.wysocki@intel.com>
thermal: core: Initialize thermal zones before registering them
Ahsan Atta <ahsan.atta@intel.com>
crypto: qat - remove faulty arbiter config reset
David Thompson <davthompson@nvidia.com>
EDAC/bluefield: Fix potential integer overflow
Yuan Can <yuancan@huawei.com>
firmware: google: Unregister driver_info on failure
Dan Carpenter <dan.carpenter@linaro.org>
crypto: qat/qat_4xxx - fix off by one in uof_get_name()
Dan Carpenter <dan.carpenter@linaro.org>
crypto: qat/qat_420xx - fix off by one in uof_get_name()
Danny Tsen <dtsen@linux.ibm.com>
crypto: powerpc/p10-aes-gcm - Add dependency on CRYPTO_SIMDand re-enable CRYPTO_AES_GCM_P10
Danny Tsen <dtsen@linux.ibm.com>
crypto: powerpc/p10-aes-gcm - Register modules as SIMD
Cabiddu, Giovanni <giovanni.cabiddu@intel.com>
crypto: qat - remove check after debugfs_create_dir()
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
crypto: caam - Fix the pointer passed to caam_qi_shutdown()
Tomas Paukrt <tomaspaukrt@email.cz>
crypto: mxs-dcp - Fix AES-CBC with hardware-bound keys
Christoph Hellwig <hch@lst.de>
virtio_blk: reverse request order in virtio_queue_rqs
Christoph Hellwig <hch@lst.de>
nvme-pci: reverse request order in nvme_queue_rqs
Long Li <leo.lilong@huawei.com>
ext4: fix race in buffer_head read fault injection
Matthew Wilcox (Oracle) <willy@infradead.org>
ext4: remove array of buffer_heads from mext_page_mkuptodate()
Matthew Wilcox (Oracle) <willy@infradead.org>
ext4: pipeline buffer reads in mext_page_mkuptodate()
Thadeu Lima de Souza Cascardo <cascardo@igalia.com>
hfsplus: don't query the device logical block size multiple times
Masahiro Yamada <masahiroy@kernel.org>
s390/syscalls: Avoid creation of arch/arch/ directory
Christoph Hellwig <hch@lst.de>
block: fix bio_split_rw_at to take zone_write_granularity into account
Christoph Hellwig <hch@lst.de>
block: take chunk_sectors into account in bio_split_write_zeroes
Christoph Hellwig <hch@lst.de>
block: properly handle REQ_OP_ZONE_APPEND in __bio_split_to_limits
Christoph Hellwig <hch@lst.de>
block: constify the lim argument to queue_limits_max_zone_append_sectors
Zizhi Wo <wozizhi@huawei.com>
netfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING
Zizhi Wo <wozizhi@huawei.com>
cachefiles: Fix NULL pointer dereference in object->file
Zizhi Wo <wozizhi@huawei.com>
cachefiles: Fix missing pos updates in cachefiles_ondemand_fd_write_iter()
Zizhi Wo <wozizhi@huawei.com>
cachefiles: Fix incorrect length return value in cachefiles_ondemand_fd_write_iter()
Li Wang <liwang@redhat.com>
loop: fix type of block size
Aleksandr Mishin <amishin@t-argos.ru>
acpi/arm64: Adjust error handling procedure in gtdt_parse_timer_block()
Masahiro Yamada <masahiroy@kernel.org>
arm64: fix .data.rel.ro size assertion when CONFIG_LTO_CLANG
Daniel Palmer <daniel@0x0f.com>
m68k: mvme147: Reinstate early console
Daniel Palmer <daniel@0x0f.com>
m68k: mvme147: Fix SCSI controller IRQ numbers
Christoph Hellwig <hch@lst.de>
nvme-pci: fix freeing of the HMB descriptor table
Mark Brown <broonie@kernel.org>
kselftest/arm64: Fix encoding for SVE B16B16 test
Marc Zyngier <maz@kernel.org>
arm64: Expose ID_AA64ISAR1_EL1.XS to sanitised feature consumers
David Disseldorp <ddiss@suse.de>
initramfs: avoid filename buffer overrun
Jonas Gorski <jonas.gorski@gmail.com>
mips: asm: fix warning when disabling MIPS_FP_SUPPORT
Jan Kara <jack@suse.cz>
ext4: avoid remount errors with 'abort' mount option
Yang Erkun <yangerkun@huawei.com>
brd: defer automatic disk creation until module initialization succeeds
Ard Biesheuvel <ardb@kernel.org>
x86/pvh: Call C code via the kernel virtual mapping
Jason Andryuk <jason.andryuk@amd.com>
x86/pvh: Set phys_base when calling xen_prepare_pvh()
Heiko Carstens <hca@linux.ibm.com>
s390/pageattr: Implement missing kernel_page_present()
Vineeth Vijayan <vneethv@linux.ibm.com>
s390/cio: Do not unregister the subchannel based on DNV
John Garry <john.g.garry@oracle.com>
fs/block: Check for IOCB_DIRECT in generic_atomic_write_valid()
John Garry <john.g.garry@oracle.com>
block/fs: Pass an iocb to generic_atomic_write_valid()
Andre Przywara <andre.przywara@arm.com>
kselftest/arm64: mte: fix printf type warnings about longs
Andre Przywara <andre.przywara@arm.com>
kselftest/arm64: mte: fix printf type warnings about __u64
Andre Przywara <andre.przywara@arm.com>
kselftest/arm64: hwcap: fix f8dp2 cpuinfo name
Kristina Martsenko <kristina.martsenko@arm.com>
arm64: probes: Disable kprobes/uprobes on MOPS instructions
Bill O'Donnell <bodonnel@redhat.com>
efs: fix the efs new mount api implementation
Gerd Bayer <gbayer@linux.ibm.com>
s390/facilities: Fix warning about shadow of global variable
Fangzhi Zuo <Jerry.Zuo@amd.com>
drm/amd/display: Fix incorrect DSC recompute trigger
Fangzhi Zuo <Jerry.Zuo@amd.com>
drm/amd/display: Skip Invalid Streams from DSC Policy
Xiuhong Wang <xiuhong.wang@unisoc.com>
f2fs: fix fiemap failure issue when page size is 16KB
Breno Leitao <leitao@debian.org>
ipmr: Fix access to mfc_cache_list without lock held
Linus Walleij <linus.walleij@linaro.org>
ARM: 9434/1: cfi: Fix compilation corner case
Harith G <harith.g@alifsemi.com>
ARM: 9420/1: smp: Fix SMP for xip kernels
Eryk Zagorski <erykzagorski@gmail.com>
ALSA: usb-audio: Fix Yamaha P-125 Quirk Entry
Mark Brown <broonie@kernel.org>
ASoC: max9768: Fix event generation for playback mute
Yuli Wang <wangyuli@uniontech.com>
LoongArch: Define a default value for VM_DATA_DEFAULT_FLAGS
Huacai Chen <chenhuacai@kernel.org>
LoongArch: For all possible CPUs setup logical-physical CPU mapping
John Watts <contact@jookia.org>
ASoC: audio-graph-card2: Purge absent supplies for device tree nodes
Gustavo A. R. Silva <gustavoars@kernel.org>
integrity: Use static_assert() to check struct sizes
David Wang <00107082@163.com>
proc/softirqs: replace seq_printf with seq_put_decimal_ull_width
Hans de Goede <hdegoede@redhat.com>
drm: panel-orientation-quirks: Make Lenovo Yoga Tab 3 X90F DMI match less strict
Luo Yifan <luoyifan@cmss.chinamobile.com>
ASoC: stm: Prevent potential division by zero in stm32_sai_get_clk_div()
Luo Yifan <luoyifan@cmss.chinamobile.com>
ASoC: stm: Prevent potential division by zero in stm32_sai_mclk_round_rate()
Markus Petri <mp@mpetri.org>
ASoC: amd: yc: Support dmic on another model of Lenovo Thinkpad E14 Gen 6
Vishnu Sankar <vishnuocv@gmail.com>
platform/x86: thinkpad_acpi: Fix for ThinkPad's with ECFW showing incorrect fan speed
Alexander Hölzl <alexander.hoelzl@gmx.net>
can: j1939: fix error in J1939 documentation.
zhang jiao <zhangjiao2@cmss.chinamobile.com>
tools/lib/thermal: Remove the thermal.h soft link when doing make clean
Shenghao Ding <shenghao-ding@ti.com>
ASoC: tas2781: Add new driver version for tas2563 & tas2781 qfn chip
Renato Caldas <renato@calgera.com>
platform/x86: ideapad-laptop: add missing Ideapad Pro 5 fn keys
Kurt Borja <kuurtb@gmail.com>
platform/x86: dell-wmi-base: Handle META key Lock/Unlock events
Kurt Borja <kuurtb@gmail.com>
platform/x86: dell-smbios-base: Extends support to Alienware products
Mikhail Rudenko <mike.rudenko@gmail.com>
regulator: rk808: Add apply_bit for BUCK3 on RK809
Cristian Marussi <cristian.marussi@arm.com>
firmware: arm_scmi: Reject clear channel request on A2P
Charles Han <hanchunchao@inspur.com>
soc: qcom: Add check devm_kasprintf() returned value
Benoît Monin <benoit.monin@gmx.fr>
net: usb: qmi_wwan: add Quectel RG650V
Jiayuan Chen <mrpre@163.com>
bpf: fix filed access without lock
Arnd Bergmann <arnd@arndb.de>
x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB
Alexey Klimov <alexey.klimov@linaro.org>
ASoC: codecs: wcd937x: relax the AUX PDM watchdog
Alexey Klimov <alexey.klimov@linaro.org>
ASoC: codecs: wcd937x: add missing LO Switch control
Piyush Raj Chouhan <piyushchouhan1598@gmail.com>
ALSA: hda/realtek: Add subwoofer quirk for Infinix ZERO BOOK 13
Li Zhijian <lizhijian@fujitsu.com>
selftests/watchdog-test: Fix system accidentally reset after watchdog-test
Javier Carrasco <javier.carrasco.cruz@gmail.com>
usb: typec: use cleanup facility for 'altmodes_node'
Benjamin Große <ste3ls@gmail.com>
usb: add support for new USB device ID 0x17EF:0x3098 for the r8152 driver
Ben Greear <greearb@candelatech.com>
mac80211: fix user-power when emulating chanctx
Anjaneyulu <pagadala.yesu.anjaneyulu@intel.com>
wifi: iwlwifi: mvm: SAR table alignment
Daniel Gabay <daniel.gabay@intel.com>
wifi: iwlwifi: mvm: Use the sync timepoint API in suspend
Hans de Goede <hdegoede@redhat.com>
ASoC: Intel: sst: Support LPE0F28 ACPI HID
Hans de Goede <hdegoede@redhat.com>
ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet
Hans de Goede <hdegoede@redhat.com>
ASoC: Intel: bytcr_rt5640: Add support for non ACPI instantiated codec
Hans de Goede <hdegoede@redhat.com>
ASoC: codecs: rt5640: Always disable IRQs from rt5640_cancel_work()
Alain Volmat <alain.volmat@foss.st.com>
spi: stm32: fix missing device mode capability in stm32mp25
Gustavo A. R. Silva <gustavoars@kernel.org>
wifi: radiotap: Avoid -Wflex-array-member-not-at-end warnings
Remi Pommarel <repk@triplefau.lt>
wifi: mac80211: Convert color collision detection to wiphy work
Remi Pommarel <repk@triplefau.lt>
wifi: cfg80211: Add wiphy_delayed_work_pending()
Ben Greear <greearb@candelatech.com>
wifi: mac80211: Fix setting txpower with emulate_chanctx
-------------
Diffstat:
Documentation/ABI/testing/sysfs-fs-f2fs | 7 +-
Documentation/RCU/stallwarn.rst | 2 +-
Documentation/arch/x86/boot.rst | 17 +-
.../devicetree/bindings/cache/qcom,llcc.yaml | 38 ++-
.../devicetree/bindings/clock/adi,axi-clkgen.yaml | 22 +-
.../devicetree/bindings/iio/dac/adi,ad3552r.yaml | 2 +-
.../pinctrl/samsung,pinctrl-wakeup-interrupt.yaml | 19 +-
.../devicetree/bindings/serial/rs485.yaml | 19 +-
.../devicetree/bindings/sound/mt6359.yaml | 10 +-
.../devicetree/bindings/vendor-prefixes.yaml | 2 +
Documentation/filesystems/mount_api.rst | 3 +-
Documentation/locking/seqlock.rst | 2 +-
Documentation/networking/j1939.rst | 2 +-
Makefile | 4 +-
arch/arc/kernel/devtree.c | 2 +-
.../boot/dts/allwinner/sun9i-a80-cubieboard4.dts | 4 +-
arch/arm/boot/dts/microchip/sam9x60.dtsi | 12 +
arch/arm/boot/dts/renesas/r7s72100-genmai.dts | 2 +-
arch/arm/boot/dts/ti/omap/omap36xx.dtsi | 1 +
arch/arm/kernel/devtree.c | 2 +-
arch/arm/kernel/head.S | 4 +
arch/arm/kernel/psci_smp.c | 7 +
arch/arm/mm/idmap.c | 7 +
arch/arm/mm/proc-v7.S | 2 +-
.../freescale/imx8mn-tqma8mqnl-mba8mx-usbotg.dtso | 29 +-
arch/arm64/boot/dts/mediatek/mt6357.dtsi | 5 +
arch/arm64/boot/dts/mediatek/mt6358.dtsi | 9 +-
arch/arm64/boot/dts/mediatek/mt6359.dtsi | 5 +
arch/arm64/boot/dts/mediatek/mt8173-elm-hana.dtsi | 8 +
.../dts/mediatek/mt8183-kukui-jacuzzi-burnet.dts | 3 +
.../dts/mediatek/mt8183-kukui-jacuzzi-cozmo.dts | 2 +
.../dts/mediatek/mt8183-kukui-jacuzzi-damu.dts | 3 +
.../dts/mediatek/mt8183-kukui-jacuzzi-fennel.dtsi | 3 +
.../boot/dts/mediatek/mt8183-kukui-jacuzzi.dtsi | 30 +-
.../boot/dts/mediatek/mt8183-kukui-kakadu.dtsi | 4 +-
.../boot/dts/mediatek/mt8183-kukui-kodama.dtsi | 4 +-
.../boot/dts/mediatek/mt8183-kukui-krane.dtsi | 4 +-
.../boot/dts/mediatek/mt8186-corsola-voltorb.dtsi | 21 +-
arch/arm64/boot/dts/mediatek/mt8186-corsola.dtsi | 8 +-
arch/arm64/boot/dts/mediatek/mt8188.dtsi | 5 +-
arch/arm64/boot/dts/mediatek/mt8195-cherry.dtsi | 6 +-
arch/arm64/boot/dts/mediatek/mt8195.dtsi | 4 +-
.../boot/dts/mediatek/mt8395-genio-1200-evk.dts | 2 +-
arch/arm64/boot/dts/qcom/qcs6490-rb3gen2.dts | 2 +-
arch/arm64/boot/dts/qcom/sc8180x.dtsi | 2 +-
.../arm64/boot/dts/qcom/sda660-inforce-ifc6560.dts | 2 +-
arch/arm64/boot/dts/qcom/sm6350.dtsi | 14 +-
.../boot/dts/qcom/x1e80100-asus-vivobook-s15.dts | 4 -
.../boot/dts/qcom/x1e80100-lenovo-yoga-slim7x.dts | 4 -
arch/arm64/boot/dts/qcom/x1e80100.dtsi | 8 +-
arch/arm64/boot/dts/renesas/hihope-rev2.dtsi | 3 -
arch/arm64/boot/dts/renesas/hihope-rev4.dtsi | 3 -
.../rk3568-wolfvision-pf5-io-expander.dtso | 1 -
.../boot/dts/rockchip/rk3588s-indiedroid-nova.dts | 2 +-
.../arm64/boot/dts/rockchip/rk3588s-orangepi-5.dts | 1 -
arch/arm64/boot/dts/ti/k3-am62x-phyboard-lyra.dtsi | 2 -
.../boot/dts/ti/k3-j7200-common-proc-board.dts | 2 +-
arch/arm64/boot/dts/ti/k3-j7200-main.dtsi | 38 ++-
arch/arm64/boot/dts/ti/k3-j7200-mcu-wakeup.dtsi | 6 +-
arch/arm64/boot/dts/ti/k3-j721e-mcu-wakeup.dtsi | 6 +-
arch/arm64/boot/dts/ti/k3-j721s2-main.dtsi | 16 +-
arch/arm64/boot/dts/ti/k3-j721s2-mcu-wakeup.dtsi | 6 +-
arch/arm64/include/asm/insn.h | 1 +
arch/arm64/include/asm/kvm_host.h | 2 -
arch/arm64/kernel/cpufeature.c | 1 +
arch/arm64/kernel/probes/decode-insn.c | 7 +-
arch/arm64/kernel/process.c | 2 +-
arch/arm64/kernel/setup.c | 6 +-
arch/arm64/kernel/vmlinux.lds.S | 6 +-
arch/arm64/kvm/arch_timer.c | 3 +-
arch/arm64/kvm/arm.c | 18 +-
arch/arm64/kvm/mmio.c | 32 +-
arch/arm64/kvm/pmu-emul.c | 1 -
arch/arm64/kvm/vgic/vgic-its.c | 32 +-
arch/arm64/kvm/vgic/vgic-mmio-v3.c | 7 +-
arch/arm64/kvm/vgic/vgic.h | 23 ++
arch/arm64/net/bpf_jit_comp.c | 47 ++-
arch/csky/kernel/setup.c | 4 +-
arch/loongarch/Makefile | 4 +-
arch/loongarch/include/asm/page.h | 5 +-
arch/loongarch/kernel/acpi.c | 81 +++--
arch/loongarch/kernel/setup.c | 2 +-
arch/loongarch/kernel/smp.c | 3 +-
arch/loongarch/net/bpf_jit.c | 2 +-
arch/loongarch/vdso/Makefile | 2 +-
arch/m68k/coldfire/device.c | 8 +-
arch/m68k/include/asm/mcfgpio.h | 2 +-
arch/m68k/include/asm/mvme147hw.h | 4 +-
arch/m68k/kernel/early_printk.c | 5 +-
arch/m68k/mvme147/config.c | 30 ++
arch/m68k/mvme147/mvme147.h | 6 +
arch/microblaze/kernel/microblaze_ksyms.c | 10 +
arch/microblaze/kernel/prom.c | 2 +-
arch/mips/include/asm/switch_to.h | 2 +-
arch/mips/kernel/prom.c | 2 +-
arch/mips/kernel/relocate.c | 2 +-
arch/nios2/kernel/prom.c | 4 +-
arch/openrisc/Kconfig | 3 +
arch/openrisc/include/asm/fixmap.h | 21 +-
arch/openrisc/kernel/prom.c | 2 +-
arch/openrisc/mm/init.c | 37 +++
arch/parisc/kernel/ftrace.c | 2 +-
arch/powerpc/crypto/Kconfig | 2 +-
arch/powerpc/crypto/aes-gcm-p10-glue.c | 141 +++++++--
arch/powerpc/include/asm/dtl.h | 4 +-
arch/powerpc/include/asm/fadump.h | 9 +
arch/powerpc/include/asm/kvm_book3s_64.h | 4 +-
arch/powerpc/include/asm/sstep.h | 5 -
arch/powerpc/include/asm/vdso.h | 1 +
arch/powerpc/kernel/dt_cpu_ftrs.c | 2 +-
arch/powerpc/kernel/fadump.c | 40 ++-
arch/powerpc/kernel/prom.c | 5 +-
arch/powerpc/kernel/setup-common.c | 6 +-
arch/powerpc/kernel/setup_64.c | 1 +
arch/powerpc/kexec/file_load_64.c | 9 +-
arch/powerpc/kvm/book3s_hv.c | 14 +-
arch/powerpc/kvm/book3s_hv_nested.c | 14 +-
arch/powerpc/kvm/trace_hv.h | 2 +-
arch/powerpc/lib/sstep.c | 12 +-
arch/powerpc/mm/fault.c | 10 +-
arch/powerpc/platforms/pseries/dtl.c | 8 +-
arch/powerpc/platforms/pseries/lpar.c | 8 +-
arch/powerpc/platforms/pseries/plpks.c | 2 +-
arch/riscv/include/asm/cpufeature.h | 2 +
arch/riscv/kernel/setup.c | 2 +-
arch/riscv/kernel/traps_misaligned.c | 14 +-
arch/riscv/kernel/unaligned_access_speed.c | 1 +
arch/riscv/kvm/aia_aplic.c | 3 +-
arch/riscv/kvm/vcpu_sbi.c | 11 +-
arch/s390/include/asm/facility.h | 18 +-
arch/s390/include/asm/pci.h | 4 +-
arch/s390/include/asm/set_memory.h | 1 +
arch/s390/kernel/syscalls/Makefile | 2 +-
arch/s390/mm/pageattr.c | 15 +
arch/s390/pci/pci.c | 37 +--
arch/s390/pci/pci_debug.c | 10 +-
arch/sh/kernel/cpu/proc.c | 2 +-
arch/sh/kernel/setup.c | 2 +-
arch/um/drivers/net_kern.c | 2 +-
arch/um/drivers/ubd_kern.c | 4 +-
arch/um/drivers/vector_kern.c | 3 +-
arch/um/kernel/dtb.c | 2 +-
arch/um/kernel/physmem.c | 6 +-
arch/um/kernel/process.c | 2 +-
arch/um/kernel/sysrq.c | 2 +-
arch/x86/coco/tdx/tdx.c | 111 +++++--
arch/x86/crypto/aegis128-aesni-asm.S | 29 +-
arch/x86/events/intel/pt.c | 11 +-
arch/x86/events/intel/pt.h | 2 +
arch/x86/include/asm/amd_nb.h | 5 +-
arch/x86/include/asm/atomic64_32.h | 3 +-
arch/x86/include/asm/cmpxchg_32.h | 6 +-
arch/x86/include/asm/kvm_host.h | 4 +-
arch/x86/include/asm/shared/tdx.h | 11 +-
arch/x86/kernel/cpu/amd.c | 1 +
arch/x86/kernel/cpu/common.c | 4 +-
arch/x86/kernel/devicetree.c | 2 +-
arch/x86/kernel/unwind_orc.c | 2 +-
arch/x86/kvm/Kconfig | 1 +
arch/x86/kvm/mmu/mmu.c | 68 ++--
arch/x86/kvm/mmu/spte.c | 18 +-
arch/x86/platform/pvh/head.S | 22 +-
arch/xtensa/kernel/setup.c | 2 +-
block/bfq-iosched.c | 37 ++-
block/blk-core.c | 18 +-
block/blk-merge.c | 65 +++-
block/blk-mq.c | 148 ++++++++-
block/blk-mq.h | 13 +
block/blk-settings.c | 7 +
block/blk-sysfs.c | 6 +-
block/blk-zoned.c | 14 +-
block/blk.h | 34 +-
block/elevator.c | 10 +-
block/fops.c | 25 +-
block/genhd.c | 24 +-
crypto/pcrypt.c | 12 +-
drivers/accel/ivpu/ivpu_ipc.c | 35 +-
drivers/accel/ivpu/ivpu_ipc.h | 7 +-
drivers/accel/ivpu/ivpu_jsm_msg.c | 19 +-
drivers/acpi/arm64/gtdt.c | 2 +-
drivers/acpi/cppc_acpi.c | 1 -
drivers/base/firmware_loader/main.c | 5 +-
drivers/base/regmap/regmap-irq.c | 41 ++-
drivers/base/trace.h | 6 +-
drivers/block/brd.c | 70 ++--
drivers/block/loop.c | 6 +-
drivers/block/ublk_drv.c | 17 +-
drivers/block/virtio_blk.c | 46 ++-
drivers/bluetooth/btbcm.c | 4 +-
drivers/bluetooth/btintel.c | 62 +++-
drivers/bluetooth/btintel.h | 7 +
drivers/bluetooth/btintel_pcie.c | 265 +++++++++++++++-
drivers/bluetooth/btintel_pcie.h | 16 +-
drivers/bluetooth/btmtk.c | 1 -
drivers/bluetooth/btusb.c | 1 +
drivers/bus/mhi/host/trace.h | 25 +-
drivers/clk/clk-apple-nco.c | 3 +
drivers/clk/clk-axi-clkgen.c | 22 +-
drivers/clk/clk-en7523.c | 270 ++++++++++++----
drivers/clk/clk-loongson2.c | 6 +-
drivers/clk/imx/clk-fracn-gppll.c | 10 +-
drivers/clk/imx/clk-imx8-acm.c | 4 +-
drivers/clk/imx/clk-lpcg-scu.c | 37 ++-
drivers/clk/imx/clk-scu.c | 2 +-
drivers/clk/mediatek/Kconfig | 15 -
drivers/clk/qcom/Kconfig | 4 +-
drivers/clk/ralink/clk-mtmips.c | 26 +-
drivers/clk/renesas/rzg2l-cpg.c | 11 +-
drivers/clk/sophgo/clk-sg2042-pll.c | 2 +-
drivers/clk/sunxi-ng/ccu-sun20i-d1.c | 2 +-
drivers/clocksource/Kconfig | 3 +-
drivers/clocksource/timer-ti-dm-systimer.c | 4 +-
drivers/comedi/comedi_fops.c | 12 +
drivers/counter/stm32-timer-cnt.c | 17 +-
drivers/counter/ti-ecap-capture.c | 7 +-
drivers/cpufreq/amd-pstate.c | 26 +-
drivers/cpufreq/cppc_cpufreq.c | 63 +++-
drivers/cpufreq/loongson2_cpufreq.c | 4 +-
drivers/cpufreq/loongson3_cpufreq.c | 7 +-
drivers/cpufreq/mediatek-cpufreq-hw.c | 2 +-
drivers/crypto/bcm/cipher.c | 5 +-
drivers/crypto/caam/caampkc.c | 11 +-
drivers/crypto/caam/qi.c | 2 +-
drivers/crypto/cavium/cpt/cptpf_main.c | 6 +-
drivers/crypto/hisilicon/hpre/hpre_main.c | 35 +-
drivers/crypto/hisilicon/qm.c | 47 +--
drivers/crypto/hisilicon/sec2/sec_main.c | 35 +-
drivers/crypto/hisilicon/zip/zip_main.c | 35 +-
drivers/crypto/inside-secure/safexcel_hash.c | 2 +-
.../crypto/intel/qat/qat_420xx/adf_420xx_hw_data.c | 2 +-
.../crypto/intel/qat/qat_4xxx/adf_4xxx_hw_data.c | 2 +-
drivers/crypto/intel/qat/qat_common/adf_aer.c | 5 +-
drivers/crypto/intel/qat/qat_common/adf_dbgfs.c | 13 +-
.../crypto/intel/qat/qat_common/adf_hw_arbiter.c | 4 -
drivers/crypto/mxs-dcp.c | 20 +-
drivers/dax/pmem/Makefile | 7 -
drivers/dax/pmem/pmem.c | 10 -
drivers/dma-buf/Kconfig | 1 +
drivers/dma-buf/udmabuf.c | 44 +--
drivers/edac/bluefield_edac.c | 2 +-
drivers/edac/fsl_ddr_edac.c | 22 +-
drivers/edac/i10nm_base.c | 1 +
drivers/edac/igen6_edac.c | 2 +
drivers/edac/skx_common.c | 57 ++--
drivers/edac/skx_common.h | 8 +
drivers/firmware/arm_scmi/common.h | 2 +
drivers/firmware/arm_scmi/driver.c | 6 +
drivers/firmware/arm_scpi.c | 3 +
drivers/firmware/efi/libstub/efi-stub.c | 2 +-
drivers/firmware/efi/tpm.c | 17 +-
drivers/firmware/google/gsmi.c | 6 +-
drivers/gpio/gpio-exar.c | 10 +-
drivers/gpio/gpio-zevio.c | 6 +
drivers/gpu/drm/amd/amdgpu/amdgpu_aca.c | 2 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.c | 13 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 8 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c | 63 ++--
drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c | 7 +
drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_3.c | 18 +-
drivers/gpu/drm/amd/amdkfd/kfd_process.c | 5 +-
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 32 +-
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.h | 3 +
.../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_crtc.c | 4 +-
.../drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c | 11 +-
.../amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 15 +-
.../gpu/drm/amd/display/dc/core/dc_hw_sequencer.c | 3 +
.../drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c | 6 +-
drivers/gpu/drm/bridge/analogix/anx7625.c | 2 +
drivers/gpu/drm/bridge/ite-it6505.c | 2 +
drivers/gpu/drm/bridge/tc358767.c | 7 +
drivers/gpu/drm/drm_file.c | 2 +-
drivers/gpu/drm/drm_mm.c | 2 +-
drivers/gpu/drm/drm_panel_orientation_quirks.c | 1 -
drivers/gpu/drm/etnaviv/etnaviv_drv.c | 10 +
drivers/gpu/drm/etnaviv/etnaviv_gpu.c | 28 +-
drivers/gpu/drm/fsl-dcu/Kconfig | 1 +
drivers/gpu/drm/fsl-dcu/fsl_dcu_drm_drv.c | 15 +
drivers/gpu/drm/fsl-dcu/fsl_dcu_drm_drv.h | 3 +
drivers/gpu/drm/imagination/pvr_ccb.c | 2 +-
drivers/gpu/drm/imagination/pvr_vm.c | 4 +-
drivers/gpu/drm/imx/dcss/dcss-crtc.c | 6 +-
drivers/gpu/drm/imx/ipuv3/Kconfig | 11 +-
drivers/gpu/drm/imx/ipuv3/imx-ldb.c | 122 ++-----
drivers/gpu/drm/imx/ipuv3/ipuv3-crtc.c | 6 +-
drivers/gpu/drm/imx/ipuv3/parallel-display.c | 47 +--
drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 4 +-
.../drm/msm/disp/dpu1/catalog/dpu_3_0_msm8998.h | 12 -
.../gpu/drm/msm/disp/dpu1/catalog/dpu_4_0_sdm845.h | 14 +-
drivers/gpu/drm/msm/disp/dpu1/dpu_core_perf.c | 2 +-
drivers/gpu/drm/msm/msm_gpu_devfreq.c | 9 +-
drivers/gpu/drm/nouveau/nvkm/engine/gr/gf100.c | 1 +
drivers/gpu/drm/omapdrm/dss/base.c | 25 +-
drivers/gpu/drm/omapdrm/dss/omapdss.h | 3 +-
drivers/gpu/drm/omapdrm/omap_drv.c | 4 +-
drivers/gpu/drm/omapdrm/omap_gem.c | 10 +-
drivers/gpu/drm/panel/panel-newvision-nv3052c.c | 2 +-
drivers/gpu/drm/panel/panel-novatek-nt35510.c | 15 +-
drivers/gpu/drm/panfrost/panfrost_devfreq.c | 3 +-
drivers/gpu/drm/panfrost/panfrost_gpu.c | 1 -
drivers/gpu/drm/panthor/panthor_devfreq.c | 29 +-
drivers/gpu/drm/panthor/panthor_device.h | 28 ++
drivers/gpu/drm/panthor/panthor_sched.c | 351 +++++++++++++++++----
drivers/gpu/drm/radeon/atombios_encoders.c | 2 +-
drivers/gpu/drm/radeon/cik.c | 14 +-
drivers/gpu/drm/radeon/dce6_afmt.c | 2 +-
drivers/gpu/drm/radeon/evergreen.c | 12 +-
drivers/gpu/drm/radeon/ni.c | 2 +-
drivers/gpu/drm/radeon/r100.c | 24 +-
drivers/gpu/drm/radeon/r300.c | 6 +-
drivers/gpu/drm/radeon/r420.c | 6 +-
drivers/gpu/drm/radeon/r520.c | 2 +-
drivers/gpu/drm/radeon/r600.c | 12 +-
drivers/gpu/drm/radeon/r600_cs.c | 2 +-
drivers/gpu/drm/radeon/r600_dpm.c | 4 +-
drivers/gpu/drm/radeon/r600_hdmi.c | 2 +-
drivers/gpu/drm/radeon/radeon.h | 5 +
drivers/gpu/drm/radeon/radeon_acpi.c | 10 +-
drivers/gpu/drm/radeon/radeon_agp.c | 2 +-
drivers/gpu/drm/radeon/radeon_atombios.c | 2 +-
drivers/gpu/drm/radeon/radeon_audio.c | 14 +-
drivers/gpu/drm/radeon/radeon_combios.c | 12 +-
drivers/gpu/drm/radeon/radeon_device.c | 10 +-
drivers/gpu/drm/radeon/radeon_display.c | 74 ++---
drivers/gpu/drm/radeon/radeon_fbdev.c | 26 +-
drivers/gpu/drm/radeon/radeon_fence.c | 8 +-
drivers/gpu/drm/radeon/radeon_gem.c | 2 +-
drivers/gpu/drm/radeon/radeon_i2c.c | 2 +-
drivers/gpu/drm/radeon/radeon_ib.c | 2 +-
drivers/gpu/drm/radeon/radeon_irq_kms.c | 12 +-
drivers/gpu/drm/radeon/radeon_object.c | 2 +-
drivers/gpu/drm/radeon/radeon_pm.c | 20 +-
drivers/gpu/drm/radeon/radeon_ring.c | 2 +-
drivers/gpu/drm/radeon/radeon_ttm.c | 6 +-
drivers/gpu/drm/radeon/rs400.c | 6 +-
drivers/gpu/drm/radeon/rs600.c | 14 +-
drivers/gpu/drm/radeon/rs690.c | 2 +-
drivers/gpu/drm/radeon/rv515.c | 4 +-
drivers/gpu/drm/radeon/rv770.c | 2 +-
drivers/gpu/drm/radeon/si.c | 4 +-
drivers/gpu/drm/v3d/v3d_drv.h | 1 +
drivers/gpu/drm/v3d/v3d_irq.c | 2 +
drivers/gpu/drm/v3d/v3d_mmu.c | 31 +-
drivers/gpu/drm/v3d/v3d_sched.c | 44 ++-
drivers/gpu/drm/vc4/tests/vc4_mock.c | 12 +-
drivers/gpu/drm/vc4/vc4_bo.c | 28 +-
drivers/gpu/drm/vc4/vc4_crtc.c | 13 +-
drivers/gpu/drm/vc4/vc4_drv.c | 22 +-
drivers/gpu/drm/vc4/vc4_drv.h | 8 +-
drivers/gpu/drm/vc4/vc4_gem.c | 24 +-
drivers/gpu/drm/vc4/vc4_hdmi.c | 22 +-
drivers/gpu/drm/vc4/vc4_hvs.c | 64 ++--
drivers/gpu/drm/vc4/vc4_irq.c | 10 +-
drivers/gpu/drm/vc4/vc4_kms.c | 14 +-
drivers/gpu/drm/vc4/vc4_perfmon.c | 20 +-
drivers/gpu/drm/vc4/vc4_plane.c | 12 +-
drivers/gpu/drm/vc4/vc4_render_cl.c | 2 +-
drivers/gpu/drm/vc4/vc4_v3d.c | 10 +-
drivers/gpu/drm/vc4/vc4_validate.c | 8 +-
drivers/gpu/drm/vc4/vc4_validate_shaders.c | 2 +-
drivers/gpu/drm/vkms/vkms_output.c | 5 +-
drivers/gpu/drm/xe/display/xe_hdcp_gsc.c | 2 +-
drivers/gpu/drm/xe/xe_sync.c | 6 +-
drivers/gpu/drm/xlnx/zynqmp_disp.c | 3 +
drivers/gpu/drm/xlnx/zynqmp_kms.c | 2 +-
drivers/hid/hid-hyperv.c | 58 +++-
drivers/hid/wacom_wac.c | 4 +-
drivers/hwmon/aquacomputer_d5next.c | 2 +-
drivers/hwmon/nct6775-core.c | 7 +-
drivers/hwmon/pmbus/pmbus_core.c | 12 +-
drivers/hwmon/tps23861.c | 2 +-
drivers/i2c/i2c-dev.c | 17 +-
drivers/i3c/master.c | 13 +-
drivers/iio/dac/adi-axi-dac.c | 2 +-
drivers/iio/industrialio-gts-helper.c | 2 +-
drivers/iio/light/al3010.c | 11 +-
drivers/infiniband/core/uverbs.h | 2 +
drivers/infiniband/core/uverbs_main.c | 43 ++-
drivers/infiniband/hw/bnxt_re/ib_verbs.c | 7 +-
drivers/infiniband/hw/bnxt_re/qplib_fp.h | 2 +-
drivers/infiniband/hw/hns/hns_roce_cq.c | 4 +-
drivers/infiniband/hw/hns/hns_roce_debugfs.c | 3 +-
drivers/infiniband/hw/hns/hns_roce_device.h | 14 +-
drivers/infiniband/hw/hns/hns_roce_hem.c | 48 +--
drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 257 +++++++++------
drivers/infiniband/hw/hns/hns_roce_hw_v2.h | 8 +-
drivers/infiniband/hw/hns/hns_roce_main.c | 7 +-
drivers/infiniband/hw/hns/hns_roce_mr.c | 11 +-
drivers/infiniband/hw/hns/hns_roce_qp.c | 79 +++--
drivers/infiniband/hw/hns/hns_roce_srq.c | 4 +-
drivers/infiniband/hw/mlx5/main.c | 40 ++-
drivers/infiniband/hw/mlx5/mlx5_ib.h | 2 +-
drivers/infiniband/sw/rxe/rxe_qp.c | 1 +
drivers/infiniband/sw/rxe/rxe_req.c | 6 +-
drivers/input/misc/cs40l50-vibra.c | 6 +-
drivers/interconnect/qcom/icc-rpmh.c | 3 +
drivers/iommu/amd/amd_iommu.h | 15 +-
drivers/iommu/amd/amd_iommu_types.h | 5 +-
drivers/iommu/amd/io_pgtable.c | 76 ++---
drivers/iommu/amd/io_pgtable_v2.c | 29 +-
drivers/iommu/amd/iommu.c | 28 +-
drivers/iommu/amd/pasid.c | 2 +-
drivers/iommu/intel/iommu.c | 40 ++-
drivers/iommu/s390-iommu.c | 75 +++--
drivers/irqchip/irq-mvebu-sei.c | 2 +-
drivers/leds/flash/leds-ktd2692.c | 1 +
drivers/leds/leds-max5970.c | 5 +-
drivers/mailbox/arm_mhuv2.c | 8 +-
drivers/mailbox/mtk-cmdq-mailbox.c | 2 +-
drivers/mailbox/omap-mailbox.c | 1 +
drivers/md/dm-bufio.c | 12 +-
drivers/md/dm-cache-background-tracker.c | 25 +-
drivers/md/dm-cache-background-tracker.h | 8 +
drivers/md/dm-cache-target.c | 25 +-
drivers/media/i2c/adv7604.c | 5 +-
drivers/media/i2c/adv7842.c | 13 +-
drivers/media/i2c/ds90ub960.c | 2 +-
drivers/media/i2c/vgxy61.c | 2 +-
drivers/media/pci/intel/ipu6/ipu6-bus.c | 6 -
drivers/media/pci/intel/ipu6/ipu6-buttress.c | 34 +-
drivers/media/pci/intel/ipu6/ipu6-cpd.c | 18 +-
drivers/media/pci/intel/ipu6/ipu6-dma.c | 202 ++++++------
drivers/media/pci/intel/ipu6/ipu6-dma.h | 34 +-
drivers/media/pci/intel/ipu6/ipu6-fw-com.c | 14 +-
drivers/media/pci/intel/ipu6/ipu6-mmu.c | 28 +-
drivers/media/pci/intel/ipu6/ipu6.c | 3 +
drivers/media/platform/qcom/venus/vdec.c | 19 +-
drivers/media/platform/qcom/venus/venc.c | 18 +-
drivers/media/radio/wl128x/fmdrv_common.c | 3 +-
drivers/media/test-drivers/vivid/vivid-vid-cap.c | 15 +-
drivers/media/v4l2-core/v4l2-dv-timings.c | 132 ++++----
drivers/message/fusion/mptsas.c | 4 +-
drivers/mfd/da9052-spi.c | 2 +-
drivers/mfd/intel_soc_pmic_bxtwc.c | 144 +++++----
drivers/mfd/rt5033.c | 4 +-
drivers/mfd/tps65010.c | 8 +-
drivers/misc/apds990x.c | 12 +-
drivers/misc/lkdtm/bugs.c | 2 +-
drivers/mmc/host/mmc_spi.c | 9 +-
drivers/mtd/hyperbus/rpc-if.c | 7 +
drivers/mtd/nand/raw/atmel/pmecc.c | 8 +-
drivers/mtd/nand/raw/atmel/pmecc.h | 2 -
drivers/mtd/spi-nor/core.c | 2 +-
drivers/mtd/spi-nor/spansion.c | 1 +
drivers/mtd/ubi/attach.c | 12 +-
drivers/mtd/ubi/fastmap-wl.c | 19 +-
drivers/mtd/ubi/vmt.c | 2 +
drivers/mtd/ubi/wl.c | 11 +-
drivers/mtd/ubi/wl.h | 3 +-
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 30 +-
drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c | 9 +-
drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.c | 4 +-
drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.h | 3 +-
drivers/net/ethernet/broadcom/tg3.c | 3 +
drivers/net/ethernet/google/gve/gve_adminq.c | 4 +-
drivers/net/ethernet/intel/i40e/i40e_ethtool.c | 2 +-
drivers/net/ethernet/intel/ice/ice_virtchnl.c | 21 +-
drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 70 +++-
drivers/net/ethernet/marvell/octeontx2/af/cgx.h | 5 +
.../ethernet/marvell/octeontx2/af/lmac_common.h | 7 +-
drivers/net/ethernet/marvell/octeontx2/af/rpm.c | 87 +++--
drivers/net/ethernet/marvell/octeontx2/af/rpm.h | 18 +-
drivers/net/ethernet/marvell/octeontx2/af/rvu.c | 1 +
drivers/net/ethernet/marvell/octeontx2/af/rvu.h | 1 +
.../net/ethernet/marvell/octeontx2/af/rvu_cgx.c | 45 ++-
drivers/net/ethernet/marvell/octeontx2/nic/cn10k.c | 5 +
.../ethernet/marvell/octeontx2/nic/otx2_common.c | 4 +
.../ethernet/marvell/octeontx2/nic/otx2_dcbnl.c | 5 +
.../ethernet/marvell/octeontx2/nic/otx2_dmac_flt.c | 9 +
.../ethernet/marvell/octeontx2/nic/otx2_ethtool.c | 10 +
.../ethernet/marvell/octeontx2/nic/otx2_flows.c | 10 +
drivers/net/ethernet/marvell/pxa168_eth.c | 14 +-
drivers/net/ethernet/meta/fbnic/fbnic_pci.c | 2 -
.../net/ethernet/microchip/vcap/vcap_api_kunit.c | 17 +-
.../net/ethernet/stmicro/stmmac/dwmac-socfpga.c | 2 +
drivers/net/ethernet/wangxun/txgbe/txgbe_irq.c | 24 +-
drivers/net/ethernet/wangxun/txgbe/txgbe_main.c | 1 -
drivers/net/ethernet/wangxun/txgbe/txgbe_phy.c | 168 +---------
drivers/net/ethernet/wangxun/txgbe/txgbe_phy.h | 2 -
drivers/net/ethernet/wangxun/txgbe/txgbe_type.h | 7 +-
drivers/net/mdio/mdio-ipq4019.c | 5 +-
drivers/net/netdevsim/ipsec.c | 11 +-
drivers/net/usb/lan78xx.c | 42 +--
drivers/net/usb/qmi_wwan.c | 1 +
drivers/net/usb/r8152.c | 1 +
drivers/net/wireless/ath/ath10k/mac.c | 4 +-
drivers/net/wireless/ath/ath11k/qmi.c | 3 +
drivers/net/wireless/ath/ath12k/dp.c | 19 +-
drivers/net/wireless/ath/ath12k/mac.c | 5 +-
drivers/net/wireless/ath/ath12k/wow.c | 2 +-
drivers/net/wireless/ath/ath9k/htc_hst.c | 3 +
drivers/net/wireless/ath/wil6210/txrx.c | 2 +-
.../net/wireless/broadcom/brcm80211/brcmfmac/of.c | 3 +-
drivers/net/wireless/intel/ipw2x00/ipw2100.c | 2 +-
drivers/net/wireless/intel/ipw2x00/ipw2200.h | 2 +-
drivers/net/wireless/intel/iwlegacy/3945.c | 2 +-
drivers/net/wireless/intel/iwlegacy/4965-mac.c | 2 +-
drivers/net/wireless/intel/iwlwifi/fw/acpi.c | 96 +++---
drivers/net/wireless/intel/iwlwifi/fw/init.c | 4 +-
drivers/net/wireless/intel/iwlwifi/mvm/d3.c | 2 +
drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 8 +-
drivers/net/wireless/intersil/p54/p54spi.c | 4 +-
drivers/net/wireless/marvell/libertas/radiotap.h | 4 +-
drivers/net/wireless/marvell/mwifiex/fw.h | 2 +-
drivers/net/wireless/marvell/mwifiex/main.c | 4 +-
drivers/net/wireless/microchip/wilc1000/mon.c | 4 +-
drivers/net/wireless/microchip/wilc1000/netdev.c | 6 +-
drivers/net/wireless/realtek/rtl8xxxu/core.c | 6 +-
drivers/net/wireless/realtek/rtlwifi/efuse.c | 11 +-
drivers/net/wireless/realtek/rtw89/coex.c | 4 +
drivers/net/wireless/silabs/wfx/main.c | 17 +-
drivers/net/wireless/st/cw1200/cw1200_spi.c | 2 +-
drivers/net/wireless/virtual/mac80211_hwsim.c | 4 +-
drivers/nvme/host/core.c | 5 +
drivers/nvme/host/multipath.c | 33 +-
drivers/nvme/host/pci.c | 55 ++--
drivers/of/fdt.c | 14 +-
drivers/of/kexec.c | 2 +-
drivers/pci/controller/cadence/pci-j721e.c | 100 +++++-
drivers/pci/controller/cadence/pcie-cadence-host.c | 44 ++-
drivers/pci/controller/cadence/pcie-cadence.h | 12 +
drivers/pci/controller/dwc/pcie-qcom-ep.c | 6 +-
drivers/pci/controller/dwc/pcie-tegra194.c | 7 +-
drivers/pci/endpoint/functions/pci-epf-mhi.c | 6 +
drivers/pci/hotplug/cpqphp_pci.c | 19 +-
drivers/pci/pci.c | 5 +-
drivers/pci/slot.c | 4 +-
drivers/perf/arm-cmn.c | 4 +-
drivers/perf/arm_smmuv3_pmu.c | 19 +-
drivers/phy/phy-airoha-pcie-regs.h | 6 +-
drivers/phy/phy-airoha-pcie.c | 8 +-
drivers/phy/realtek/phy-rtk-usb2.c | 2 +
drivers/phy/realtek/phy-rtk-usb3.c | 2 +
drivers/pinctrl/pinctrl-k210.c | 2 +-
drivers/pinctrl/pinctrl-zynqmp.c | 1 -
drivers/pinctrl/qcom/pinctrl-spmi-gpio.c | 2 +-
drivers/pinctrl/renesas/Kconfig | 1 +
drivers/platform/chrome/cros_ec_typec.c | 1 +
drivers/platform/x86/dell/dell-smbios-base.c | 1 +
drivers/platform/x86/dell/dell-wmi-base.c | 6 +
drivers/platform/x86/ideapad-laptop.c | 3 +
drivers/platform/x86/intel/bxtwc_tmu.c | 22 +-
drivers/platform/x86/panasonic-laptop.c | 10 +-
drivers/platform/x86/thinkpad_acpi.c | 28 +-
drivers/pmdomain/ti/ti_sci_pm_domains.c | 4 +
drivers/power/sequencing/Kconfig | 1 +
drivers/power/supply/bq27xxx_battery.c | 37 ++-
drivers/power/supply/power_supply_core.c | 2 -
drivers/power/supply/rt9471.c | 52 +--
drivers/pwm/core.c | 10 +-
drivers/pwm/pwm-imx27.c | 98 +++++-
drivers/regulator/qcom_smd-regulator.c | 2 +-
drivers/regulator/rk808-regulator.c | 17 +-
drivers/remoteproc/qcom_q6v5_adsp.c | 11 +-
drivers/remoteproc/qcom_q6v5_mss.c | 6 +-
drivers/remoteproc/qcom_q6v5_pas.c | 22 +-
drivers/rpmsg/qcom_glink_native.c | 3 +-
drivers/rtc/interface.c | 7 +-
drivers/rtc/rtc-ab-eoz9.c | 7 -
drivers/rtc/rtc-abx80x.c | 2 +-
drivers/rtc/rtc-rzn1.c | 8 +-
drivers/rtc/rtc-st-lpc.c | 5 +-
drivers/s390/cio/cio.c | 6 +-
drivers/s390/cio/device.c | 18 +-
drivers/scsi/bfa/bfad.c | 3 +-
drivers/scsi/hisi_sas/hisi_sas_main.c | 8 +-
drivers/scsi/qedf/qedf_main.c | 1 +
drivers/scsi/qedi/qedi_main.c | 1 +
drivers/scsi/sg.c | 9 +-
drivers/sh/intc/core.c | 2 +-
drivers/soc/fsl/rcpm.c | 1 +
drivers/soc/qcom/qcom-geni-se.c | 3 +-
drivers/soc/qcom/socinfo.c | 8 +-
drivers/soc/ti/smartreflex.c | 4 +-
drivers/soc/xilinx/xlnx_event_manager.c | 4 +-
drivers/spi/atmel-quadspi.c | 2 +-
drivers/spi/spi-fsl-lpspi.c | 12 +-
drivers/spi/spi-stm32.c | 1 +
drivers/spi/spi-tegra210-quad.c | 2 +-
drivers/spi/spi-zynqmp-gqspi.c | 2 +
drivers/spi/spi.c | 13 +-
drivers/staging/media/atomisp/pci/sh_css_params.c | 2 +
.../vc04_services/interface/vchiq_arm/vchiq_arm.c | 6 +-
drivers/target/target_core_pscsi.c | 2 +-
drivers/thermal/thermal_core.c | 133 ++++----
drivers/thermal/thermal_core.h | 15 +-
drivers/thermal/thermal_sysfs.c | 2 +-
drivers/tty/serial/8250/8250_fintek.c | 14 +-
drivers/tty/serial/8250/8250_omap.c | 4 +-
drivers/tty/serial/amba-pl011.c | 7 +
drivers/tty/tty_io.c | 2 +-
drivers/usb/dwc3/ep0.c | 2 +-
drivers/usb/dwc3/gadget.c | 15 +-
drivers/usb/gadget/composite.c | 18 +-
drivers/usb/gadget/function/uvc_video.c | 4 +
drivers/usb/host/ehci-spear.c | 7 +-
drivers/usb/host/xhci-pci.c | 10 +-
drivers/usb/host/xhci-ring.c | 73 ++++-
drivers/usb/host/xhci.c | 40 ++-
drivers/usb/host/xhci.h | 3 +
drivers/usb/misc/chaoskey.c | 35 +-
drivers/usb/misc/iowarrior.c | 50 ++-
drivers/usb/misc/usb-ljca.c | 20 +-
drivers/usb/misc/yurex.c | 5 +-
drivers/usb/musb/musb_gadget.c | 13 +-
drivers/usb/typec/class.c | 6 +-
drivers/usb/typec/tcpm/wcove.c | 4 -
drivers/usb/typec/ucsi/ucsi_ccg.c | 5 +
drivers/usb/typec/ucsi/ucsi_glink.c | 2 +-
drivers/vdpa/mlx5/core/mr.c | 4 +-
drivers/vfio/pci/mlx5/cmd.c | 6 +-
drivers/vfio/pci/mlx5/main.c | 35 +-
drivers/vfio/pci/vfio_pci_config.c | 16 +-
drivers/video/fbdev/sh7760fb.c | 3 +-
drivers/watchdog/Kconfig | 4 +-
drivers/xen/xenbus/xenbus_probe.c | 8 +-
fs/binfmt_elf.c | 2 +
fs/binfmt_elf_fdpic.c | 5 +-
fs/binfmt_misc.c | 7 +-
fs/cachefiles/interface.c | 14 +-
fs/cachefiles/ondemand.c | 38 ++-
fs/dlm/ast.c | 2 +-
fs/dlm/recoverd.c | 2 +-
fs/efs/super.c | 43 +--
fs/erofs/zmap.c | 17 +-
fs/exec.c | 45 ++-
fs/exfat/file.c | 10 +
fs/exfat/namei.c | 21 +-
fs/ext4/balloc.c | 4 +-
fs/ext4/ext4.h | 12 +-
fs/ext4/extents.c | 2 +-
fs/ext4/fsmap.c | 54 +++-
fs/ext4/ialloc.c | 5 +-
fs/ext4/indirect.c | 2 +-
fs/ext4/inode.c | 4 +-
fs/ext4/mballoc.c | 18 +-
fs/ext4/mballoc.h | 1 +
fs/ext4/mmp.c | 2 +-
fs/ext4/move_extent.c | 43 ++-
fs/ext4/resize.c | 2 +-
fs/ext4/super.c | 42 ++-
fs/f2fs/checkpoint.c | 4 +-
fs/f2fs/data.c | 29 +-
fs/f2fs/debug.c | 2 +-
fs/f2fs/f2fs.h | 3 +-
fs/f2fs/file.c | 23 +-
fs/f2fs/gc.c | 2 +
fs/f2fs/node.c | 14 +-
fs/f2fs/segment.c | 5 +-
fs/f2fs/segment.h | 35 +-
fs/f2fs/super.c | 37 ++-
fs/fuse/file.c | 62 ++--
fs/fuse/fuse_i.h | 6 +
fs/fuse/virtio_fs.c | 1 +
fs/gfs2/glock.c | 19 +-
fs/gfs2/glock.h | 1 +
fs/gfs2/incore.h | 2 +-
fs/gfs2/rgrp.c | 2 +-
fs/gfs2/super.c | 2 +-
fs/hfsplus/hfsplus_fs.h | 3 +-
fs/hfsplus/wrapper.c | 2 +
fs/isofs/inode.c | 8 +-
fs/jffs2/erase.c | 7 +-
fs/jfs/xattr.c | 2 +-
fs/netfs/fscache_volume.c | 3 +-
fs/nfs/blocklayout/blocklayout.c | 15 +-
fs/nfs/blocklayout/dev.c | 6 +-
fs/nfs/internal.h | 2 +-
fs/nfs/nfs4proc.c | 8 +-
fs/nfs/write.c | 49 +--
fs/nfsd/export.c | 31 +-
fs/nfsd/export.h | 4 +-
fs/nfsd/nfs4callback.c | 16 +-
fs/nfsd/nfs4proc.c | 7 +-
fs/nfsd/nfs4recover.c | 3 +-
fs/nfsd/nfs4state.c | 5 +-
fs/nfsd/nfs4xdr.c | 2 +-
fs/nfsd/nfsfh.c | 20 +-
fs/nfsd/nfsfh.h | 3 +-
fs/notify/fsnotify.c | 23 +-
fs/notify/mark.c | 12 +-
fs/ocfs2/aops.h | 2 +
fs/ocfs2/file.c | 4 +
fs/proc/kcore.c | 10 +-
fs/proc/softirqs.c | 2 +-
fs/read_write.c | 15 +-
fs/smb/client/cached_dir.c | 229 +++++++++-----
fs/smb/client/cached_dir.h | 6 +-
fs/smb/client/cifsfs.c | 12 +-
fs/smb/client/cifsglob.h | 4 +-
fs/smb/client/cifsproto.h | 1 +
fs/smb/client/connect.c | 59 +++-
fs/smb/client/fs_context.c | 85 ++++-
fs/smb/client/fs_context.h | 1 +
fs/smb/client/inode.c | 4 +-
fs/smb/client/reparse.c | 95 +++++-
fs/smb/client/reparse.h | 6 +-
fs/smb/client/smb1ops.c | 4 +-
fs/smb/client/smb2file.c | 21 +-
fs/smb/client/smb2inode.c | 6 +-
fs/smb/client/smb2ops.c | 2 +-
fs/smb/client/smb2pdu.c | 4 +-
fs/smb/client/smb2proto.h | 9 +-
fs/smb/client/trace.h | 3 +
fs/smb/server/server.c | 4 +
fs/ubifs/super.c | 6 +-
fs/ubifs/tnc_commit.c | 2 +
fs/unicode/utf8-core.c | 2 +-
include/asm-generic/vmlinux.lds.h | 4 +-
include/kunit/skbuff.h | 2 +-
include/linux/blk-mq.h | 2 +
include/linux/blkdev.h | 15 +-
include/linux/bpf.h | 9 +-
include/linux/cleanup.h | 4 +-
include/linux/compiler_attributes.h | 13 -
include/linux/compiler_types.h | 19 ++
include/linux/f2fs_fs.h | 6 +-
include/linux/fs.h | 2 +-
include/linux/hisi_acc_qm.h | 8 +-
include/linux/io-pgtable.h | 4 +
include/linux/irqdomain.h | 8 +
include/linux/jiffies.h | 2 +-
include/linux/kfifo.h | 1 -
include/linux/kvm_host.h | 6 -
include/linux/lockdep.h | 2 +-
include/linux/mmdebug.h | 6 +-
include/linux/netpoll.h | 2 +-
include/linux/of_fdt.h | 5 +-
include/linux/once.h | 4 +-
include/linux/once_lite.h | 2 +-
include/linux/rcupdate.h | 2 +-
include/linux/regmap.h | 4 +
include/linux/seqlock.h | 98 ++++--
include/media/v4l2-dv-timings.h | 18 +-
include/net/bluetooth/hci.h | 4 +-
include/net/bluetooth/hci_core.h | 63 ++++
include/net/cfg80211.h | 44 +++
include/net/ieee80211_radiotap.h | 37 ++-
include/net/net_debug.h | 2 +-
include/rdma/ib_verbs.h | 8 +
include/uapi/linux/rtnetlink.h | 2 +-
init/Kconfig | 9 +
init/initramfs.c | 15 +
io_uring/memmap.c | 11 +-
ipc/namespace.c | 4 +-
kernel/bpf/bpf_struct_ops.c | 114 ++++++-
kernel/bpf/btf.c | 6 +
kernel/bpf/dispatcher.c | 3 +-
kernel/bpf/trampoline.c | 9 +-
kernel/bpf/verifier.c | 139 +++++++-
kernel/cgroup/cgroup.c | 21 +-
kernel/fork.c | 26 +-
kernel/irq/irqdomain.c | 202 +++++++-----
kernel/rcu/rcuscale.c | 6 +-
kernel/rcu/srcutiny.c | 2 +-
kernel/rcu/tree.c | 14 +-
kernel/sched/cpufreq_schedutil.c | 3 +-
kernel/time/time.c | 4 +-
kernel/trace/bpf_trace.c | 5 +-
kernel/trace/trace_event_perf.c | 6 +
lib/overflow_kunit.c | 2 +-
lib/string_helpers.c | 2 +-
lib/strncpy_from_user.c | 5 +-
mm/internal.h | 2 +-
net/9p/trans_xen.c | 9 +-
net/bluetooth/hci_conn.c | 225 ++++++++++---
net/bluetooth/hci_event.c | 39 ++-
net/bluetooth/hci_sysfs.c | 15 +-
net/bluetooth/iso.c | 101 ++++--
net/bluetooth/mgmt.c | 38 ++-
net/bluetooth/rfcomm/sock.c | 10 +-
net/core/filter.c | 88 +++---
net/core/netdev-genl.c | 2 +
net/core/skmsg.c | 4 +-
net/hsr/hsr_device.c | 4 +-
net/ipv4/inet_connection_sock.c | 2 +-
net/ipv4/ipmr.c | 44 ++-
net/ipv4/ipmr_base.c | 3 +-
net/ipv4/tcp_bpf.c | 7 +-
net/ipv6/addrconf.c | 41 ++-
net/ipv6/ip6_fib.c | 8 +-
net/ipv6/ip6mr.c | 40 ++-
net/ipv6/route.c | 51 +--
net/iucv/af_iucv.c | 26 +-
net/llc/af_llc.c | 2 +-
net/mac80211/cfg.c | 22 +-
net/mac80211/ieee80211_i.h | 5 +-
net/mac80211/link.c | 7 +-
net/mac80211/main.c | 2 +
net/netfilter/ipset/ip_set_bitmap_ip.c | 7 +-
net/netfilter/nf_tables_api.c | 62 ++--
net/netlink/af_netlink.c | 21 +-
net/rfkill/rfkill-gpio.c | 8 +-
net/rxrpc/af_rxrpc.c | 7 +-
net/sched/sch_fq.c | 6 +
net/sunrpc/cache.c | 4 +-
net/sunrpc/svcsock.c | 4 +
net/sunrpc/xprtrdma/svc_rdma.c | 19 +-
net/sunrpc/xprtrdma/svc_rdma_recvfrom.c | 8 +-
net/sunrpc/xprtsock.c | 17 +-
net/wireless/core.c | 71 ++++-
net/wireless/mlme.c | 6 -
net/wireless/nl80211.c | 1 +
net/xdp/xsk.c | 11 +-
rust/kernel/block/mq/request.rs | 67 ++--
rust/kernel/lib.rs | 2 +-
rust/macros/lib.rs | 2 +-
samples/bpf/xdp_adjust_tail_kern.c | 1 +
samples/kfifo/dma-example.c | 1 +
scripts/checkpatch.pl | 37 +--
scripts/faddr2line | 2 +-
scripts/kernel-doc | 47 ++-
scripts/mod/file2alias.c | 5 +-
scripts/package/builddeb | 20 +-
security/apparmor/capability.c | 2 +
security/apparmor/policy_unpack_test.c | 6 +
security/integrity/integrity.h | 4 +
sound/core/pcm_native.c | 6 +-
sound/core/rawmidi.c | 4 +-
sound/core/sound_kunit.c | 11 +
sound/core/ump.c | 5 +-
sound/hda/intel-dsp-config.c | 4 +
sound/pci/hda/patch_realtek.c | 155 ++++-----
sound/soc/amd/yc/acp6x-mach.c | 32 +-
sound/soc/codecs/da7213.c | 1 +
sound/soc/codecs/da7219.c | 9 +-
sound/soc/codecs/max9768.c | 11 +-
sound/soc/codecs/rt5640.c | 27 +-
sound/soc/codecs/rt722-sdca.c | 8 +-
sound/soc/codecs/tas2781-fmwlib.c | 1 +
sound/soc/codecs/wcd937x.c | 12 +-
sound/soc/codecs/wcd937x.h | 4 +
sound/soc/fsl/fsl-asoc-card.c | 8 +-
sound/soc/fsl/fsl_micfil.c | 4 +-
sound/soc/fsl/imx-audmix.c | 3 +
sound/soc/generic/audio-graph-card2.c | 3 +
sound/soc/intel/atom/sst/sst_acpi.c | 64 +++-
sound/soc/intel/boards/bytcr_rt5640.c | 48 ++-
sound/soc/mediatek/mt8188/mt8188-mt6359.c | 9 +-
.../mediatek/mt8192/mt8192-mt6359-rt1015-rt5682.c | 4 +-
sound/soc/mediatek/mt8195/mt8195-mt6359.c | 9 +-
sound/soc/stm/stm32_sai_sub.c | 6 +-
sound/usb/6fire/chip.c | 10 +-
sound/usb/caiaq/audio.c | 10 +-
sound/usb/caiaq/audio.h | 1 +
sound/usb/caiaq/device.c | 19 +-
sound/usb/caiaq/input.c | 12 +-
sound/usb/caiaq/input.h | 1 +
sound/usb/clock.c | 24 +-
sound/usb/quirks-table.h | 14 +-
sound/usb/quirks.c | 27 +-
sound/usb/usx2y/us122l.c | 5 +-
sound/usb/usx2y/usbusx2y.c | 2 +-
tools/bpf/bpftool/jit_disasm.c | 40 ++-
tools/include/nolibc/arch-s390.h | 1 +
tools/lib/bpf/libbpf.c | 99 +++---
tools/lib/bpf/linker.c | 2 +
tools/lib/thermal/Makefile | 4 +-
tools/lib/thermal/commands.c | 52 ++-
tools/perf/Makefile.config | 2 +-
tools/perf/builtin-ftrace.c | 2 +-
tools/perf/builtin-list.c | 4 +-
tools/perf/builtin-stat.c | 52 ++-
tools/perf/builtin-trace.c | 23 +-
tools/perf/tests/attr/test-stat-default | 94 ++++--
tools/perf/tests/attr/test-stat-detailed-1 | 110 +++++--
tools/perf/tests/attr/test-stat-detailed-2 | 134 +++++---
tools/perf/tests/attr/test-stat-detailed-3 | 142 ++++++---
tools/perf/tests/shell/test_stat_intel_tpebs.sh | 22 ++
tools/perf/util/cs-etm.c | 25 +-
tools/perf/util/disasm.c | 2 +-
tools/perf/util/evlist.c | 19 +-
tools/perf/util/evlist.h | 1 +
tools/perf/util/machine.c | 2 +-
tools/perf/util/mem-events.c | 8 +-
tools/perf/util/pfm.c | 4 +-
tools/perf/util/pmus.c | 2 +-
tools/perf/util/probe-finder.c | 21 +-
tools/perf/util/probe-finder.h | 4 +-
tools/perf/util/stat-display.c | 101 ++++--
tools/power/x86/turbostat/turbostat.c | 5 +-
tools/testing/selftests/arm64/abi/hwcap.c | 6 +-
.../selftests/arm64/mte/check_tags_inclusion.c | 4 +-
.../testing/selftests/arm64/mte/mte_common_util.c | 4 +-
.../selftests/bpf/bpf_testmod/bpf_testmod-events.h | 6 +
.../selftests/bpf/bpf_testmod/bpf_testmod.c | 2 +
tools/testing/selftests/bpf/network_helpers.c | 46 +++
tools/testing/selftests/bpf/network_helpers.h | 3 +
.../selftests/bpf/prog_tests/timer_lockup.c | 6 +
.../selftests/bpf/prog_tests/tp_btf_nullable.c | 14 +
.../selftests/bpf/progs/test_spin_lock_fail.c | 4 +-
.../selftests/bpf/progs/test_tp_btf_nullable.c | 28 ++
tools/testing/selftests/bpf/test_progs.c | 97 +++++-
tools/testing/selftests/bpf/test_progs.h | 4 +
tools/testing/selftests/bpf/test_sockmap.c | 165 ++++++++--
.../selftests/mount_setattr/mount_setattr_test.c | 2 +-
tools/testing/selftests/net/Makefile | 1 +
.../selftests/net/ipv6_route_update_soft_lockup.sh | 262 +++++++++++++++
.../selftests/net/netfilter/conntrack_dump_flush.c | 6 +
tools/testing/selftests/net/pmtu.sh | 2 +-
tools/testing/selftests/resctrl/fill_buf.c | 2 +-
tools/testing/selftests/resctrl/mbm_test.c | 16 +-
tools/testing/selftests/resctrl/resctrl_val.c | 3 +-
tools/testing/selftests/vDSO/parse_vdso.c | 3 +-
tools/testing/selftests/watchdog/watchdog-test.c | 6 +
tools/testing/selftests/wireguard/netns.sh | 1 +
tools/tracing/rtla/src/timerlat_hist.c | 2 +-
tools/tracing/rtla/src/timerlat_top.c | 2 +-
virt/kvm/kvm_main.c | 103 ------
908 files changed, 10577 insertions(+), 4981 deletions(-)
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 001/817] wifi: mac80211: Fix setting txpower with emulate_chanctx
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
@ 2024-12-03 14:32 ` Greg Kroah-Hartman
2024-12-03 14:32 ` [PATCH 6.11 002/817] wifi: cfg80211: Add wiphy_delayed_work_pending() Greg Kroah-Hartman
` (825 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:32 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Ben Greear, Johannes Berg,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ben Greear <greearb@candelatech.com>
[ Upstream commit 8dd0498983eef524a8d104eb8abb32ec4c595bec ]
Propagate hw conf into the driver when txpower changes
and driver is emulating channel contexts.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Link: https://patch.msgid.link/20240924011325.1509103-1-greearb@candelatech.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/mac80211/cfg.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
index f2b5c18417ef7..6e35425fbff12 100644
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -3046,6 +3046,7 @@ static int ieee80211_set_tx_power(struct wiphy *wiphy,
enum nl80211_tx_power_setting txp_type = type;
bool update_txp_type = false;
bool has_monitor = false;
+ int old_power = local->user_power_level;
lockdep_assert_wiphy(local->hw.wiphy);
@@ -3128,6 +3129,10 @@ static int ieee80211_set_tx_power(struct wiphy *wiphy,
}
}
+ if (local->emulate_chanctx &&
+ (old_power != local->user_power_level))
+ ieee80211_hw_conf_chan(local);
+
return 0;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 002/817] wifi: cfg80211: Add wiphy_delayed_work_pending()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
2024-12-03 14:32 ` [PATCH 6.11 001/817] wifi: mac80211: Fix setting txpower with emulate_chanctx Greg Kroah-Hartman
@ 2024-12-03 14:32 ` Greg Kroah-Hartman
2024-12-03 14:32 ` [PATCH 6.11 003/817] wifi: mac80211: Convert color collision detection to wiphy work Greg Kroah-Hartman
` (824 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:32 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Remi Pommarel, Johannes Berg,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Remi Pommarel <repk@triplefau.lt>
[ Upstream commit 68d0021fe7231eec0fb84cd110cf62a6e782b72d ]
Add wiphy_delayed_work_pending() to check if any delayed work timer is
pending, that can be used to be sure that wiphy_delayed_work_queue()
won't postpone an already pending delayed work.
Signed-off-by: Remi Pommarel <repk@triplefau.lt>
Link: https://patch.msgid.link/20240924192805.13859-2-repk@triplefau.lt
[fix return value kernel-doc]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/net/cfg80211.h | 44 ++++++++++++++++++++++++++++++++++++++++++
net/wireless/core.c | 7 +++++++
2 files changed, 51 insertions(+)
diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h
index 192d72c8b4654..702653448d2fc 100644
--- a/include/net/cfg80211.h
+++ b/include/net/cfg80211.h
@@ -6129,6 +6129,50 @@ void wiphy_delayed_work_cancel(struct wiphy *wiphy,
void wiphy_delayed_work_flush(struct wiphy *wiphy,
struct wiphy_delayed_work *dwork);
+/**
+ * wiphy_delayed_work_pending - Find out whether a wiphy delayable
+ * work item is currently pending.
+ *
+ * @wiphy: the wiphy, for debug purposes
+ * @dwork: the delayed work in question
+ *
+ * Return: true if timer is pending, false otherwise
+ *
+ * How wiphy_delayed_work_queue() works is by setting a timer which
+ * when it expires calls wiphy_work_queue() to queue the wiphy work.
+ * Because wiphy_delayed_work_queue() uses mod_timer(), if it is
+ * called twice and the second call happens before the first call
+ * deadline, the work will rescheduled for the second deadline and
+ * won't run before that.
+ *
+ * wiphy_delayed_work_pending() can be used to detect if calling
+ * wiphy_work_delayed_work_queue() would start a new work schedule
+ * or delayed a previous one. As seen below it cannot be used to
+ * detect precisely if the work has finished to execute nor if it
+ * is currently executing.
+ *
+ * CPU0 CPU1
+ * wiphy_delayed_work_queue(wk)
+ * mod_timer(wk->timer)
+ * wiphy_delayed_work_pending(wk) -> true
+ *
+ * [...]
+ * expire_timers(wk->timer)
+ * detach_timer(wk->timer)
+ * wiphy_delayed_work_pending(wk) -> false
+ * wk->timer->function() |
+ * wiphy_work_queue(wk) | delayed work pending
+ * list_add_tail() | returns false but
+ * queue_work(cfg80211_wiphy_work) | wk->func() has not
+ * | been run yet
+ * [...] |
+ * cfg80211_wiphy_work() |
+ * wk->func() V
+ *
+ */
+bool wiphy_delayed_work_pending(struct wiphy *wiphy,
+ struct wiphy_delayed_work *dwork);
+
/**
* enum ieee80211_ap_reg_power - regulatory power for an Access Point
*
diff --git a/net/wireless/core.c b/net/wireless/core.c
index c9ebf9449fcc3..b2b512923ecee 100644
--- a/net/wireless/core.c
+++ b/net/wireless/core.c
@@ -1705,6 +1705,13 @@ void wiphy_delayed_work_flush(struct wiphy *wiphy,
}
EXPORT_SYMBOL_GPL(wiphy_delayed_work_flush);
+bool wiphy_delayed_work_pending(struct wiphy *wiphy,
+ struct wiphy_delayed_work *dwork)
+{
+ return timer_pending(&dwork->timer);
+}
+EXPORT_SYMBOL_GPL(wiphy_delayed_work_pending);
+
static int __init cfg80211_init(void)
{
int err;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 003/817] wifi: mac80211: Convert color collision detection to wiphy work
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
2024-12-03 14:32 ` [PATCH 6.11 001/817] wifi: mac80211: Fix setting txpower with emulate_chanctx Greg Kroah-Hartman
2024-12-03 14:32 ` [PATCH 6.11 002/817] wifi: cfg80211: Add wiphy_delayed_work_pending() Greg Kroah-Hartman
@ 2024-12-03 14:32 ` Greg Kroah-Hartman
2024-12-03 14:32 ` [PATCH 6.11 004/817] wifi: radiotap: Avoid -Wflex-array-member-not-at-end warnings Greg Kroah-Hartman
` (823 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:32 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Nicolas Escande, Remi Pommarel,
Johannes Berg, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Remi Pommarel <repk@triplefau.lt>
[ Upstream commit 4cc6f3e5e5765abad9c091989970d67d8c1d2204 ]
Call to ieee80211_color_collision_detection_work() needs wiphy lock to
be held (see lockdep assert in cfg80211_bss_color_notify()). Not locking
wiphy causes the following lockdep error:
WARNING: CPU: 2 PID: 42 at net/wireless/nl80211.c:19505 cfg80211_bss_color_notify+0x1a4/0x25c
Modules linked in:
CPU: 2 PID: 42 Comm: kworker/u8:3 Tainted: G W 6.4.0-02327-g36c6cb260481 #1048
Hardware name:
Workqueue: phy1 ieee80211_color_collision_detection_work
pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : cfg80211_bss_color_notify+0x1a4/0x25c
lr : cfg80211_bss_color_notify+0x1a0/0x25c
sp : ffff000002947d00
x29: ffff000002947d00 x28: ffff800008e1a000 x27: ffff000002bd4705
x26: ffff00000d034000 x25: ffff80000903cf40 x24: 0000000000000000
x23: ffff00000cb70720 x22: 0000000000800000 x21: ffff800008dfb008
x20: 000000000000008d x19: ffff00000d035fa8 x18: 0000000000000010
x17: 0000000000000001 x16: 000003564b1ce96a x15: 000d69696d057970
x14: 000000000000003b x13: 0000000000000001 x12: 0000000000040000
x11: 0000000000000001 x10: ffff80000978f9c0 x9 : ffff0000028d3174
x8 : ffff800008e30000 x7 : 0000000000000000 x6 : 0000000000000028
x5 : 000000000002f498 x4 : ffff00000d034a80 x3 : 0000000000800000
x2 : ffff800016143000 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
cfg80211_bss_color_notify+0x1a4/0x25c
ieee80211_color_collision_detection_work+0x20/0x118
process_one_work+0x294/0x554
worker_thread+0x70/0x440
kthread+0xf4/0xf8
ret_from_fork+0x10/0x20
irq event stamp: 77372
hardirqs last enabled at (77371): [<ffff800008a346fc>] _raw_spin_unlock_irq+0x2c/0x4c
hardirqs last disabled at (77372): [<ffff800008a28754>] el1_dbg+0x20/0x48
softirqs last enabled at (77350): [<ffff8000089e120c>] batadv_send_outstanding_bcast_packet+0xb8/0x120
softirqs last disabled at (77348): [<ffff8000089e11d4>] batadv_send_outstanding_bcast_packet+0x80/0x120
The wiphy lock cannot be taken directly from color collision detection
delayed work (ieee80211_color_collision_detection_work()) because this
work is cancel_delayed_work_sync() under this wiphy lock causing a
potential deadlock( see [0] for details).
To fix that ieee80211_color_collision_detection_work() could be
converted to a wiphy work and cancel_delayed_work_sync() can be simply
replaced by wiphy_delayed_work_cancel() serving the same purpose under
wiphy lock.
This could potentially fix [1].
[0]: https://lore.kernel.org/linux-wireless/D4A40Q44OAY2.W3SIF6UEPBUN@freebox.fr/
[1]: https://lore.kernel.org/lkml/000000000000612f290618eee3e5@google.com/
Reported-by: Nicolas Escande <nescande@freebox.fr>
Signed-off-by: Remi Pommarel <repk@triplefau.lt>
Link: https://patch.msgid.link/20240924192805.13859-3-repk@triplefau.lt
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/mac80211/cfg.c | 17 +++++++++--------
net/mac80211/ieee80211_i.h | 5 +++--
net/mac80211/link.c | 7 ++++---
3 files changed, 16 insertions(+), 13 deletions(-)
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
index 6e35425fbff12..fe11700c3c18a 100644
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -4825,12 +4825,12 @@ void ieee80211_color_change_finalize_work(struct wiphy *wiphy,
ieee80211_color_change_finalize(link);
}
-void ieee80211_color_collision_detection_work(struct work_struct *work)
+void ieee80211_color_collision_detection_work(struct wiphy *wiphy,
+ struct wiphy_work *work)
{
- struct delayed_work *delayed_work = to_delayed_work(work);
struct ieee80211_link_data *link =
- container_of(delayed_work, struct ieee80211_link_data,
- color_collision_detect_work);
+ container_of(work, struct ieee80211_link_data,
+ color_collision_detect_work.work);
struct ieee80211_sub_if_data *sdata = link->sdata;
cfg80211_obss_color_collision_notify(sdata->dev, link->color_bitmap,
@@ -4883,7 +4883,8 @@ ieee80211_obss_color_collision_notify(struct ieee80211_vif *vif,
return;
}
- if (delayed_work_pending(&link->color_collision_detect_work)) {
+ if (wiphy_delayed_work_pending(sdata->local->hw.wiphy,
+ &link->color_collision_detect_work)) {
rcu_read_unlock();
return;
}
@@ -4892,9 +4893,9 @@ ieee80211_obss_color_collision_notify(struct ieee80211_vif *vif,
/* queue the color collision detection event every 500 ms in order to
* avoid sending too much netlink messages to userspace.
*/
- ieee80211_queue_delayed_work(&sdata->local->hw,
- &link->color_collision_detect_work,
- msecs_to_jiffies(500));
+ wiphy_delayed_work_queue(sdata->local->hw.wiphy,
+ &link->color_collision_detect_work,
+ msecs_to_jiffies(500));
rcu_read_unlock();
}
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
index a3485e4c6132f..8650b3e8f1a9f 100644
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -1051,7 +1051,7 @@ struct ieee80211_link_data {
} csa;
struct wiphy_work color_change_finalize_work;
- struct delayed_work color_collision_detect_work;
+ struct wiphy_delayed_work color_collision_detect_work;
u64 color_bitmap;
/* context reservation -- protected with wiphy mutex */
@@ -2004,7 +2004,8 @@ int ieee80211_channel_switch(struct wiphy *wiphy, struct net_device *dev,
/* color change handling */
void ieee80211_color_change_finalize_work(struct wiphy *wiphy,
struct wiphy_work *work);
-void ieee80211_color_collision_detection_work(struct work_struct *work);
+void ieee80211_color_collision_detection_work(struct wiphy *wiphy,
+ struct wiphy_work *work);
/* interface handling */
#define MAC80211_SUPPORTED_FEATURES_TX (NETIF_F_IP_CSUM | NETIF_F_IPV6_CSUM | \
diff --git a/net/mac80211/link.c b/net/mac80211/link.c
index 1a211b8d40573..67f65ff79a711 100644
--- a/net/mac80211/link.c
+++ b/net/mac80211/link.c
@@ -41,8 +41,8 @@ void ieee80211_link_init(struct ieee80211_sub_if_data *sdata,
ieee80211_csa_finalize_work);
wiphy_work_init(&link->color_change_finalize_work,
ieee80211_color_change_finalize_work);
- INIT_DELAYED_WORK(&link->color_collision_detect_work,
- ieee80211_color_collision_detection_work);
+ wiphy_delayed_work_init(&link->color_collision_detect_work,
+ ieee80211_color_collision_detection_work);
INIT_LIST_HEAD(&link->assigned_chanctx_list);
INIT_LIST_HEAD(&link->reserved_chanctx_list);
@@ -70,7 +70,8 @@ void ieee80211_link_stop(struct ieee80211_link_data *link)
if (link->sdata->vif.type == NL80211_IFTYPE_STATION)
ieee80211_mgd_stop_link(link);
- cancel_delayed_work_sync(&link->color_collision_detect_work);
+ wiphy_delayed_work_cancel(link->sdata->local->hw.wiphy,
+ &link->color_collision_detect_work);
wiphy_work_cancel(link->sdata->local->hw.wiphy,
&link->color_change_finalize_work);
wiphy_work_cancel(link->sdata->local->hw.wiphy,
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 004/817] wifi: radiotap: Avoid -Wflex-array-member-not-at-end warnings
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (2 preceding siblings ...)
2024-12-03 14:32 ` [PATCH 6.11 003/817] wifi: mac80211: Convert color collision detection to wiphy work Greg Kroah-Hartman
@ 2024-12-03 14:32 ` Greg Kroah-Hartman
2024-12-03 14:32 ` [PATCH 6.11 005/817] spi: stm32: fix missing device mode capability in stm32mp25 Greg Kroah-Hartman
` (822 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:32 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Gustavo A. R. Silva, Johannes Berg,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Gustavo A. R. Silva <gustavoars@kernel.org>
[ Upstream commit 57be3d3562ca4aa62b8047bc681028cc402af8ce ]
-Wflex-array-member-not-at-end was introduced in GCC-14, and we are
getting ready to enable it, globally.
So, in order to avoid ending up with a flexible-array member in the
middle of multiple other structs, we use the `__struct_group()`
helper to create a new tagged `struct ieee80211_radiotap_header_fixed`.
This structure groups together all the members of the flexible
`struct ieee80211_radiotap_header` except the flexible array.
As a result, the array is effectively separated from the rest of the
members without modifying the memory layout of the flexible structure.
We then change the type of the middle struct members currently causing
trouble from `struct ieee80211_radiotap_header` to `struct
ieee80211_radiotap_header_fixed`.
We also want to ensure that in case new members need to be added to the
flexible structure, they are always included within the newly created
tagged struct. For this, we use `static_assert()`. This ensures that the
memory layout for both the flexible structure and the new tagged struct
is the same after any changes.
This approach avoids having to implement `struct ieee80211_radiotap_header_fixed`
as a completely separate structure, thus preventing having to maintain
two independent but basically identical structures, closing the door
to potential bugs in the future.
So, with these changes, fix the following warnings:
drivers/net/wireless/ath/wil6210/txrx.c:309:50: warning: structure containing a flexible array member is not at the end of another structure [-Wflex-array-member-not-at-end]
drivers/net/wireless/intel/ipw2x00/ipw2100.c:2521:50: warning: structure containing a flexible array member is not at the end of another structure [-Wflex-array-member-not-at-end]
drivers/net/wireless/intel/ipw2x00/ipw2200.h:1146:42: warning: structure containing a flexible array member is not at the end of another structure [-Wflex-array-member-not-at-end]
drivers/net/wireless/intel/ipw2x00/libipw.h:595:36: warning: structure containing a flexible array member is not at the end of another structure [-Wflex-array-member-not-at-end]
drivers/net/wireless/marvell/libertas/radiotap.h:34:42: warning: structure containing a flexible array member is not at the end of another structure [-Wflex-array-member-not-at-end]
drivers/net/wireless/marvell/libertas/radiotap.h:5:42: warning: structure containing a flexible array member is not at the end of another structure [-Wflex-array-member-not-at-end]
drivers/net/wireless/microchip/wilc1000/mon.c:10:42: warning: structure containing a flexible array member is not at the end of another structure [-Wflex-array-member-not-at-end]
drivers/net/wireless/microchip/wilc1000/mon.c:15:42: warning: structure containing a flexible array member is not at the end of another structure [-Wflex-array-member-not-at-end]
drivers/net/wireless/virtual/mac80211_hwsim.c:758:42: warning: structure containing a flexible array member is not at the end of another structure [-Wflex-array-member-not-at-end]
drivers/net/wireless/virtual/mac80211_hwsim.c:767:42: warning: structure containing a flexible array member is not at the end of another structure [-Wflex-array-member-not-at-end]
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Link: https://patch.msgid.link/ZwBMtBZKcrzwU7l4@kspp
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/wil6210/txrx.c | 2 +-
drivers/net/wireless/intel/ipw2x00/ipw2100.c | 2 +-
drivers/net/wireless/intel/ipw2x00/ipw2200.h | 2 +-
.../net/wireless/marvell/libertas/radiotap.h | 4 +-
drivers/net/wireless/microchip/wilc1000/mon.c | 4 +-
drivers/net/wireless/virtual/mac80211_hwsim.c | 4 +-
include/net/ieee80211_radiotap.h | 43 +++++++++++--------
7 files changed, 33 insertions(+), 28 deletions(-)
diff --git a/drivers/net/wireless/ath/wil6210/txrx.c b/drivers/net/wireless/ath/wil6210/txrx.c
index f29ac6de71399..19702b6f09c32 100644
--- a/drivers/net/wireless/ath/wil6210/txrx.c
+++ b/drivers/net/wireless/ath/wil6210/txrx.c
@@ -306,7 +306,7 @@ static void wil_rx_add_radiotap_header(struct wil6210_priv *wil,
struct sk_buff *skb)
{
struct wil6210_rtap {
- struct ieee80211_radiotap_header rthdr;
+ struct ieee80211_radiotap_header_fixed rthdr;
/* fields should be in the order of bits in rthdr.it_present */
/* flags */
u8 flags;
diff --git a/drivers/net/wireless/intel/ipw2x00/ipw2100.c b/drivers/net/wireless/intel/ipw2x00/ipw2100.c
index b6636002c7d22..fe75941c584d1 100644
--- a/drivers/net/wireless/intel/ipw2x00/ipw2100.c
+++ b/drivers/net/wireless/intel/ipw2x00/ipw2100.c
@@ -2518,7 +2518,7 @@ static void isr_rx_monitor(struct ipw2100_priv *priv, int i,
* to build this manually element by element, we can write it much
* more efficiently than we can parse it. ORDER MATTERS HERE */
struct ipw_rt_hdr {
- struct ieee80211_radiotap_header rt_hdr;
+ struct ieee80211_radiotap_header_fixed rt_hdr;
s8 rt_dbmsignal; /* signal in dbM, kluged to signed */
} *ipw_rt;
diff --git a/drivers/net/wireless/intel/ipw2x00/ipw2200.h b/drivers/net/wireless/intel/ipw2x00/ipw2200.h
index 8ebf09121e173..226286cb7eb82 100644
--- a/drivers/net/wireless/intel/ipw2x00/ipw2200.h
+++ b/drivers/net/wireless/intel/ipw2x00/ipw2200.h
@@ -1143,7 +1143,7 @@ struct ipw_prom_priv {
* structure is provided regardless of any bits unset.
*/
struct ipw_rt_hdr {
- struct ieee80211_radiotap_header rt_hdr;
+ struct ieee80211_radiotap_header_fixed rt_hdr;
u64 rt_tsf; /* TSF */ /* XXX */
u8 rt_flags; /* radiotap packet flags */
u8 rt_rate; /* rate in 500kb/s */
diff --git a/drivers/net/wireless/marvell/libertas/radiotap.h b/drivers/net/wireless/marvell/libertas/radiotap.h
index 1ed5608d353ff..d543bfe739dcb 100644
--- a/drivers/net/wireless/marvell/libertas/radiotap.h
+++ b/drivers/net/wireless/marvell/libertas/radiotap.h
@@ -2,7 +2,7 @@
#include <net/ieee80211_radiotap.h>
struct tx_radiotap_hdr {
- struct ieee80211_radiotap_header hdr;
+ struct ieee80211_radiotap_header_fixed hdr;
u8 rate;
u8 txpower;
u8 rts_retries;
@@ -31,7 +31,7 @@ struct tx_radiotap_hdr {
#define IEEE80211_FC_DSTODS 0x0300
struct rx_radiotap_hdr {
- struct ieee80211_radiotap_header hdr;
+ struct ieee80211_radiotap_header_fixed hdr;
u8 flags;
u8 rate;
u8 antsignal;
diff --git a/drivers/net/wireless/microchip/wilc1000/mon.c b/drivers/net/wireless/microchip/wilc1000/mon.c
index 03b7229a0ff5a..c3d27aaec2974 100644
--- a/drivers/net/wireless/microchip/wilc1000/mon.c
+++ b/drivers/net/wireless/microchip/wilc1000/mon.c
@@ -7,12 +7,12 @@
#include "cfg80211.h"
struct wilc_wfi_radiotap_hdr {
- struct ieee80211_radiotap_header hdr;
+ struct ieee80211_radiotap_header_fixed hdr;
u8 rate;
} __packed;
struct wilc_wfi_radiotap_cb_hdr {
- struct ieee80211_radiotap_header hdr;
+ struct ieee80211_radiotap_header_fixed hdr;
u8 rate;
u8 dump;
u16 tx_flags;
diff --git a/drivers/net/wireless/virtual/mac80211_hwsim.c b/drivers/net/wireless/virtual/mac80211_hwsim.c
index 5fe9e4e261429..52468e16c3df6 100644
--- a/drivers/net/wireless/virtual/mac80211_hwsim.c
+++ b/drivers/net/wireless/virtual/mac80211_hwsim.c
@@ -763,7 +763,7 @@ static const struct rhashtable_params hwsim_rht_params = {
};
struct hwsim_radiotap_hdr {
- struct ieee80211_radiotap_header hdr;
+ struct ieee80211_radiotap_header_fixed hdr;
__le64 rt_tsft;
u8 rt_flags;
u8 rt_rate;
@@ -772,7 +772,7 @@ struct hwsim_radiotap_hdr {
} __packed;
struct hwsim_radiotap_ack_hdr {
- struct ieee80211_radiotap_header hdr;
+ struct ieee80211_radiotap_header_fixed hdr;
u8 rt_flags;
u8 pad;
__le16 rt_channel;
diff --git a/include/net/ieee80211_radiotap.h b/include/net/ieee80211_radiotap.h
index 91762faecc13d..1458d3695005a 100644
--- a/include/net/ieee80211_radiotap.h
+++ b/include/net/ieee80211_radiotap.h
@@ -24,25 +24,27 @@
* struct ieee80211_radiotap_header - base radiotap header
*/
struct ieee80211_radiotap_header {
- /**
- * @it_version: radiotap version, always 0
- */
- uint8_t it_version;
-
- /**
- * @it_pad: padding (or alignment)
- */
- uint8_t it_pad;
-
- /**
- * @it_len: overall radiotap header length
- */
- __le16 it_len;
-
- /**
- * @it_present: (first) present word
- */
- __le32 it_present;
+ __struct_group(ieee80211_radiotap_header_fixed, hdr, __packed,
+ /**
+ * @it_version: radiotap version, always 0
+ */
+ uint8_t it_version;
+
+ /**
+ * @it_pad: padding (or alignment)
+ */
+ uint8_t it_pad;
+
+ /**
+ * @it_len: overall radiotap header length
+ */
+ __le16 it_len;
+
+ /**
+ * @it_present: (first) present word
+ */
+ __le32 it_present;
+ );
/**
* @it_optional: all remaining presence bitmaps
@@ -50,6 +52,9 @@ struct ieee80211_radiotap_header {
__le32 it_optional[];
} __packed;
+static_assert(offsetof(struct ieee80211_radiotap_header, it_optional) == sizeof(struct ieee80211_radiotap_header_fixed),
+ "struct member likely outside of __struct_group()");
+
/* version is always 0 */
#define PKTHDR_RADIOTAP_VERSION 0
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 005/817] spi: stm32: fix missing device mode capability in stm32mp25
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (3 preceding siblings ...)
2024-12-03 14:32 ` [PATCH 6.11 004/817] wifi: radiotap: Avoid -Wflex-array-member-not-at-end warnings Greg Kroah-Hartman
@ 2024-12-03 14:32 ` Greg Kroah-Hartman
2024-12-03 14:32 ` [PATCH 6.11 006/817] ASoC: codecs: rt5640: Always disable IRQs from rt5640_cancel_work() Greg Kroah-Hartman
` (821 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:32 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Alain Volmat, Mark Brown,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alain Volmat <alain.volmat@foss.st.com>
[ Upstream commit b5a468199b995bd8ee3c26f169a416a181210c9e ]
The STM32MP25 SOC has capability to behave in device mode however
missing .has_device_mode within its stm32mp25_spi_cfg structure leads
to not being able to enable the device mode.
Signed-off-by: Alain Volmat <alain.volmat@foss.st.com>
Link: https://patch.msgid.link/20241009-spi-mp25-device-fix-v1-1-8e5ca7db7838@foss.st.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-stm32.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/spi/spi-stm32.c b/drivers/spi/spi-stm32.c
index 4c4ff074e3f6f..fc72a89fb3a7b 100644
--- a/drivers/spi/spi-stm32.c
+++ b/drivers/spi/spi-stm32.c
@@ -2044,6 +2044,7 @@ static const struct stm32_spi_cfg stm32mp25_spi_cfg = {
.baud_rate_div_max = STM32H7_SPI_MBR_DIV_MAX,
.has_fifo = true,
.prevent_dma_burst = true,
+ .has_device_mode = true,
};
static const struct of_device_id stm32_spi_of_match[] = {
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 006/817] ASoC: codecs: rt5640: Always disable IRQs from rt5640_cancel_work()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (4 preceding siblings ...)
2024-12-03 14:32 ` [PATCH 6.11 005/817] spi: stm32: fix missing device mode capability in stm32mp25 Greg Kroah-Hartman
@ 2024-12-03 14:32 ` Greg Kroah-Hartman
2024-12-03 14:32 ` [PATCH 6.11 007/817] ASoC: Intel: bytcr_rt5640: Add support for non ACPI instantiated codec Greg Kroah-Hartman
` (820 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:32 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Hans de Goede, Mark Brown,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit 032532f91a1d06d0750f16c49a9698ef5374a68f ]
Disable IRQs from rt5640_cancel_work(), this fixes a crash caused by
the IRQ never getting freed when the driver is unbound from the i2c_client
with jack-detection active:
[ 193.138780] rt5640 i2c-rt5640: ASoC: unknown pin LDO2
[ 193.138830] rt5640 i2c-rt5640: ASoC: unknown pin MICBIAS1
[ 193.671218] BUG: kernel NULL pointer dereference, address: 0000000000000078
[ 193.671239] #PF: supervisor read access in kernel mode
[ 193.671248] #PF: error_code(0x0000) - not-present page
...
[ 193.671531] ? asm_exc_page_fault+0x22/0x30
[ 193.671551] ? rt5640_jack_inserted+0x10/0x80 [snd_soc_rt5640]
[ 193.671574] rt5640_detect_headset+0x93/0x130 [snd_soc_rt5640]
[ 193.671596] rt5640_jack_work+0x93/0x355 [snd_soc_rt5640]
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Link: https://patch.msgid.link/20241024215612.92147-1-hdegoede@redhat.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/rt5640.c | 27 +++++++++++++++------------
1 file changed, 15 insertions(+), 12 deletions(-)
diff --git a/sound/soc/codecs/rt5640.c b/sound/soc/codecs/rt5640.c
index 16f3425a3e35c..855139348edb4 100644
--- a/sound/soc/codecs/rt5640.c
+++ b/sound/soc/codecs/rt5640.c
@@ -2419,10 +2419,20 @@ static irqreturn_t rt5640_jd_gpio_irq(int irq, void *data)
return IRQ_HANDLED;
}
-static void rt5640_cancel_work(void *data)
+static void rt5640_disable_irq_and_cancel_work(void *data)
{
struct rt5640_priv *rt5640 = data;
+ if (rt5640->jd_gpio_irq_requested) {
+ free_irq(rt5640->jd_gpio_irq, rt5640);
+ rt5640->jd_gpio_irq_requested = false;
+ }
+
+ if (rt5640->irq_requested) {
+ free_irq(rt5640->irq, rt5640);
+ rt5640->irq_requested = false;
+ }
+
cancel_delayed_work_sync(&rt5640->jack_work);
cancel_delayed_work_sync(&rt5640->bp_work);
}
@@ -2463,13 +2473,7 @@ static void rt5640_disable_jack_detect(struct snd_soc_component *component)
if (!rt5640->jack)
return;
- if (rt5640->jd_gpio_irq_requested)
- free_irq(rt5640->jd_gpio_irq, rt5640);
-
- if (rt5640->irq_requested)
- free_irq(rt5640->irq, rt5640);
-
- rt5640_cancel_work(rt5640);
+ rt5640_disable_irq_and_cancel_work(rt5640);
if (rt5640->jack->status & SND_JACK_MICROPHONE) {
rt5640_disable_micbias1_ovcd_irq(component);
@@ -2477,8 +2481,6 @@ static void rt5640_disable_jack_detect(struct snd_soc_component *component)
snd_soc_jack_report(rt5640->jack, 0, SND_JACK_BTN_0);
}
- rt5640->jd_gpio_irq_requested = false;
- rt5640->irq_requested = false;
rt5640->jd_gpio = NULL;
rt5640->jack = NULL;
}
@@ -2798,7 +2800,8 @@ static int rt5640_suspend(struct snd_soc_component *component)
if (rt5640->jack) {
/* disable jack interrupts during system suspend */
disable_irq(rt5640->irq);
- rt5640_cancel_work(rt5640);
+ cancel_delayed_work_sync(&rt5640->jack_work);
+ cancel_delayed_work_sync(&rt5640->bp_work);
}
snd_soc_component_force_bias_level(component, SND_SOC_BIAS_OFF);
@@ -3032,7 +3035,7 @@ static int rt5640_i2c_probe(struct i2c_client *i2c)
INIT_DELAYED_WORK(&rt5640->jack_work, rt5640_jack_work);
/* Make sure work is stopped on probe-error / remove */
- ret = devm_add_action_or_reset(&i2c->dev, rt5640_cancel_work, rt5640);
+ ret = devm_add_action_or_reset(&i2c->dev, rt5640_disable_irq_and_cancel_work, rt5640);
if (ret)
return ret;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 007/817] ASoC: Intel: bytcr_rt5640: Add support for non ACPI instantiated codec
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (5 preceding siblings ...)
2024-12-03 14:32 ` [PATCH 6.11 006/817] ASoC: codecs: rt5640: Always disable IRQs from rt5640_cancel_work() Greg Kroah-Hartman
@ 2024-12-03 14:32 ` Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 008/817] ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet Greg Kroah-Hartman
` (819 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:32 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Hans de Goede, Mark Brown,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit d48696b915527b5bcdd207a299aec03fb037eb17 ]
On some x86 Bay Trail tablets which shipped with Android as factory OS,
the DSDT is so broken that the codec needs to be manually instantatiated
by the special x86-android-tablets.ko "fixup" driver for cases like this.
This means that the codec-dev cannot be retrieved through its ACPI fwnode,
add support to the bytcr_rt5640 machine driver for such manually
instantiated rt5640 i2c_clients.
An example of a tablet which needs this is the Vexia EDU ATLA 10 tablet,
which has been distributed to schools in the Spanish Andalucía region.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Link: https://patch.msgid.link/20241024211615.79518-1-hdegoede@redhat.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/intel/boards/bytcr_rt5640.c | 33 ++++++++++++++++++++++++---
1 file changed, 30 insertions(+), 3 deletions(-)
diff --git a/sound/soc/intel/boards/bytcr_rt5640.c b/sound/soc/intel/boards/bytcr_rt5640.c
index 4479825c08b5e..ba4293ae7c24f 100644
--- a/sound/soc/intel/boards/bytcr_rt5640.c
+++ b/sound/soc/intel/boards/bytcr_rt5640.c
@@ -17,6 +17,7 @@
#include <linux/acpi.h>
#include <linux/clk.h>
#include <linux/device.h>
+#include <linux/device/bus.h>
#include <linux/dmi.h>
#include <linux/gpio/consumer.h>
#include <linux/gpio/machine.h>
@@ -32,6 +33,8 @@
#include "../atom/sst-atom-controls.h"
#include "../common/soc-intel-quirks.h"
+#define BYT_RT5640_FALLBACK_CODEC_DEV_NAME "i2c-rt5640"
+
enum {
BYT_RT5640_DMIC1_MAP,
BYT_RT5640_DMIC2_MAP,
@@ -1698,9 +1701,33 @@ static int snd_byt_rt5640_mc_probe(struct platform_device *pdev)
codec_dev = acpi_get_first_physical_node(adev);
acpi_dev_put(adev);
- if (!codec_dev)
- return -EPROBE_DEFER;
- priv->codec_dev = get_device(codec_dev);
+
+ if (codec_dev) {
+ priv->codec_dev = get_device(codec_dev);
+ } else {
+ /*
+ * Special case for Android tablets where the codec i2c_client
+ * has been manually instantiated by x86_android_tablets.ko due
+ * to a broken DSDT.
+ */
+ codec_dev = bus_find_device_by_name(&i2c_bus_type, NULL,
+ BYT_RT5640_FALLBACK_CODEC_DEV_NAME);
+ if (!codec_dev)
+ return -EPROBE_DEFER;
+
+ if (!i2c_verify_client(codec_dev)) {
+ dev_err(dev, "Error '%s' is not an i2c_client\n",
+ BYT_RT5640_FALLBACK_CODEC_DEV_NAME);
+ put_device(codec_dev);
+ }
+
+ /* fixup codec name */
+ strscpy(byt_rt5640_codec_name, BYT_RT5640_FALLBACK_CODEC_DEV_NAME,
+ sizeof(byt_rt5640_codec_name));
+
+ /* bus_find_device() returns a reference no need to get() */
+ priv->codec_dev = codec_dev;
+ }
/*
* swap SSP0 if bytcr is detected
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 008/817] ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (6 preceding siblings ...)
2024-12-03 14:32 ` [PATCH 6.11 007/817] ASoC: Intel: bytcr_rt5640: Add support for non ACPI instantiated codec Greg Kroah-Hartman
@ 2024-12-03 14:33 ` Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 009/817] ASoC: Intel: sst: Support LPE0F28 ACPI HID Greg Kroah-Hartman
` (818 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:33 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Hans de Goede, Mark Brown,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit 0107f28f135231da22a9ad5756bb16bd5cada4d5 ]
The Vexia Edu Atla 10 tablet mostly uses the BYTCR tablet defaults,
but as happens on more models it is using IN1 instead of IN3 for
its internal mic and JD_SRC_JD2_IN4N instead of JD_SRC_JD1_IN4P
for jack-detection.
Add a DMI quirk for this to fix the internal-mic and jack-detection.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Link: https://patch.msgid.link/20241024211615.79518-2-hdegoede@redhat.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/intel/boards/bytcr_rt5640.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/sound/soc/intel/boards/bytcr_rt5640.c b/sound/soc/intel/boards/bytcr_rt5640.c
index ba4293ae7c24f..2e786836588fb 100644
--- a/sound/soc/intel/boards/bytcr_rt5640.c
+++ b/sound/soc/intel/boards/bytcr_rt5640.c
@@ -1132,6 +1132,21 @@ static const struct dmi_system_id byt_rt5640_quirk_table[] = {
BYT_RT5640_SSP0_AIF2 |
BYT_RT5640_MCLK_EN),
},
+ { /* Vexia Edu Atla 10 tablet */
+ .matches = {
+ DMI_MATCH(DMI_BOARD_VENDOR, "AMI Corporation"),
+ DMI_MATCH(DMI_BOARD_NAME, "Aptio CRB"),
+ /* Above strings are too generic, also match on BIOS date */
+ DMI_MATCH(DMI_BIOS_DATE, "08/25/2014"),
+ },
+ .driver_data = (void *)(BYT_RT5640_IN1_MAP |
+ BYT_RT5640_JD_SRC_JD2_IN4N |
+ BYT_RT5640_OVCD_TH_2000UA |
+ BYT_RT5640_OVCD_SF_0P75 |
+ BYT_RT5640_DIFF_MIC |
+ BYT_RT5640_SSP0_AIF2 |
+ BYT_RT5640_MCLK_EN),
+ },
{ /* Voyo Winpad A15 */
.matches = {
DMI_MATCH(DMI_BOARD_VENDOR, "AMI Corporation"),
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 009/817] ASoC: Intel: sst: Support LPE0F28 ACPI HID
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (7 preceding siblings ...)
2024-12-03 14:33 ` [PATCH 6.11 008/817] ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet Greg Kroah-Hartman
@ 2024-12-03 14:33 ` Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 010/817] wifi: iwlwifi: mvm: Use the sync timepoint API in suspend Greg Kroah-Hartman
` (817 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:33 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Hans de Goede, Mark Brown,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit 6668610b4d8ce9a3ee3ed61a9471f62fb5f05bf9 ]
Some old Bay Trail tablets which shipped with Android as factory OS
have the SST/LPE audio engine described by an ACPI device with a
HID (Hardware-ID) of LPE0F28 instead of 80860F28.
Add support for this. Note this uses a new sst_res_info for just
the LPE0F28 case because it has a different layout for the IO-mem ACPI
resources then the 80860F28.
An example of a tablet which needs this is the Vexia EDU ATLA 10 tablet,
which has been distributed to schools in the Spanish Andalucía region.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Link: https://patch.msgid.link/20241025090221.52198-1-hdegoede@redhat.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/hda/intel-dsp-config.c | 4 ++
sound/soc/intel/atom/sst/sst_acpi.c | 64 +++++++++++++++++++++++++----
2 files changed, 59 insertions(+), 9 deletions(-)
diff --git a/sound/hda/intel-dsp-config.c b/sound/hda/intel-dsp-config.c
index 913880b090657..ee4157992f6bf 100644
--- a/sound/hda/intel-dsp-config.c
+++ b/sound/hda/intel-dsp-config.c
@@ -732,6 +732,10 @@ static const struct config_entry acpi_config_table[] = {
#if IS_ENABLED(CONFIG_SND_SST_ATOM_HIFI2_PLATFORM_ACPI) || \
IS_ENABLED(CONFIG_SND_SOC_SOF_BAYTRAIL)
/* BayTrail */
+ {
+ .flags = FLAG_SST_OR_SOF_BYT,
+ .acpi_hid = "LPE0F28",
+ },
{
.flags = FLAG_SST_OR_SOF_BYT,
.acpi_hid = "80860F28",
diff --git a/sound/soc/intel/atom/sst/sst_acpi.c b/sound/soc/intel/atom/sst/sst_acpi.c
index 29d44c989e5fc..1f9bb1b84949d 100644
--- a/sound/soc/intel/atom/sst/sst_acpi.c
+++ b/sound/soc/intel/atom/sst/sst_acpi.c
@@ -125,6 +125,28 @@ static const struct sst_res_info bytcr_res_info = {
.acpi_ipc_irq_index = 0
};
+/* For "LPE0F28" ACPI device found on some Android factory OS models */
+static const struct sst_res_info lpe8086_res_info = {
+ .shim_offset = 0x140000,
+ .shim_size = 0x000100,
+ .shim_phy_addr = SST_BYT_SHIM_PHY_ADDR,
+ .ssp0_offset = 0xa0000,
+ .ssp0_size = 0x1000,
+ .dma0_offset = 0x98000,
+ .dma0_size = 0x4000,
+ .dma1_offset = 0x9c000,
+ .dma1_size = 0x4000,
+ .iram_offset = 0x0c0000,
+ .iram_size = 0x14000,
+ .dram_offset = 0x100000,
+ .dram_size = 0x28000,
+ .mbox_offset = 0x144000,
+ .mbox_size = 0x1000,
+ .acpi_lpe_res_index = 1,
+ .acpi_ddr_index = 0,
+ .acpi_ipc_irq_index = 0
+};
+
static struct sst_platform_info byt_rvp_platform_data = {
.probe_data = &byt_fwparse_info,
.ipc_info = &byt_ipc_info,
@@ -268,10 +290,38 @@ static int sst_acpi_probe(struct platform_device *pdev)
mach->pdata = &chv_platform_data;
pdata = mach->pdata;
- ret = kstrtouint(id->id, 16, &dev_id);
- if (ret < 0) {
- dev_err(dev, "Unique device id conversion error: %d\n", ret);
- return ret;
+ if (!strcmp(id->id, "LPE0F28")) {
+ struct resource *rsrc;
+
+ /* Use regular BYT SST PCI VID:PID */
+ dev_id = 0x80860F28;
+ byt_rvp_platform_data.res_info = &lpe8086_res_info;
+
+ /*
+ * The "LPE0F28" ACPI device has separate IO-mem resources for:
+ * DDR, SHIM, MBOX, IRAM, DRAM, CFG
+ * None of which covers the entire LPE base address range.
+ * lpe8086_res_info.acpi_lpe_res_index points to the SHIM.
+ * Patch this to cover the entire base address range as expected
+ * by sst_platform_get_resources().
+ */
+ rsrc = platform_get_resource(pdev, IORESOURCE_MEM,
+ pdata->res_info->acpi_lpe_res_index);
+ if (!rsrc) {
+ dev_err(ctx->dev, "Invalid SHIM base\n");
+ return -EIO;
+ }
+ rsrc->start -= pdata->res_info->shim_offset;
+ rsrc->end = rsrc->start + 0x200000 - 1;
+ } else {
+ ret = kstrtouint(id->id, 16, &dev_id);
+ if (ret < 0) {
+ dev_err(dev, "Unique device id conversion error: %d\n", ret);
+ return ret;
+ }
+
+ if (soc_intel_is_byt_cr(pdev))
+ byt_rvp_platform_data.res_info = &bytcr_res_info;
}
dev_dbg(dev, "ACPI device id: %x\n", dev_id);
@@ -280,11 +330,6 @@ static int sst_acpi_probe(struct platform_device *pdev)
if (ret < 0)
return ret;
- if (soc_intel_is_byt_cr(pdev)) {
- /* override resource info */
- byt_rvp_platform_data.res_info = &bytcr_res_info;
- }
-
/* update machine parameters */
mach->mach_params.acpi_ipc_irq_index =
pdata->res_info->acpi_ipc_irq_index;
@@ -344,6 +389,7 @@ static void sst_acpi_remove(struct platform_device *pdev)
}
static const struct acpi_device_id sst_acpi_ids[] = {
+ { "LPE0F28", (unsigned long)&snd_soc_acpi_intel_baytrail_machines},
{ "80860F28", (unsigned long)&snd_soc_acpi_intel_baytrail_machines},
{ "808622A8", (unsigned long)&snd_soc_acpi_intel_cherrytrail_machines},
{ },
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 010/817] wifi: iwlwifi: mvm: Use the sync timepoint API in suspend
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (8 preceding siblings ...)
2024-12-03 14:33 ` [PATCH 6.11 009/817] ASoC: Intel: sst: Support LPE0F28 ACPI HID Greg Kroah-Hartman
@ 2024-12-03 14:33 ` Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 011/817] wifi: iwlwifi: mvm: SAR table alignment Greg Kroah-Hartman
` (816 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:33 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Daniel Gabay, Miri Korenblit,
Johannes Berg, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Daniel Gabay <daniel.gabay@intel.com>
[ Upstream commit 9715246ca0bfc9feaec1b4ff5b3d38de65a7025d ]
When starting the suspend flow, HOST_D3_START triggers an _async_
firmware dump collection for debugging purposes. The async worker
may race with suspend flow and fail to get NIC access, resulting in
the following warning:
"Timeout waiting for hardware access (CSR_GP_CNTRL 0xffffffff)"
Fix this by switching to the sync version to ensure the dump
completes before proceeding with the suspend flow, avoiding
potential race issues.
Signed-off-by: Daniel Gabay <daniel.gabay@intel.com>
Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com>
Link: https://patch.msgid.link/20241010140328.9aae318cd593.I4b322009f39489c0b1d8893495c887870f73ed9c@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/intel/iwlwifi/fw/init.c | 4 +++-
drivers/net/wireless/intel/iwlwifi/mvm/d3.c | 2 ++
2 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/net/wireless/intel/iwlwifi/fw/init.c b/drivers/net/wireless/intel/iwlwifi/fw/init.c
index d8b083be5b6b5..de87e0e3e0725 100644
--- a/drivers/net/wireless/intel/iwlwifi/fw/init.c
+++ b/drivers/net/wireless/intel/iwlwifi/fw/init.c
@@ -39,10 +39,12 @@ void iwl_fw_runtime_init(struct iwl_fw_runtime *fwrt, struct iwl_trans *trans,
}
IWL_EXPORT_SYMBOL(iwl_fw_runtime_init);
+/* Assumes the appropriate lock is held by the caller */
void iwl_fw_runtime_suspend(struct iwl_fw_runtime *fwrt)
{
iwl_fw_suspend_timestamp(fwrt);
- iwl_dbg_tlv_time_point(fwrt, IWL_FW_INI_TIME_POINT_HOST_D3_START, NULL);
+ iwl_dbg_tlv_time_point_sync(fwrt, IWL_FW_INI_TIME_POINT_HOST_D3_START,
+ NULL);
}
IWL_EXPORT_SYMBOL(iwl_fw_runtime_suspend);
diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/d3.c b/drivers/net/wireless/intel/iwlwifi/mvm/d3.c
index 99a541d442bb1..f4f87edb86e5c 100644
--- a/drivers/net/wireless/intel/iwlwifi/mvm/d3.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/d3.c
@@ -1398,7 +1398,9 @@ int iwl_mvm_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan)
iwl_mvm_pause_tcm(mvm, true);
+ mutex_lock(&mvm->mutex);
iwl_fw_runtime_suspend(&mvm->fwrt);
+ mutex_unlock(&mvm->mutex);
return __iwl_mvm_suspend(hw, wowlan, false);
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 011/817] wifi: iwlwifi: mvm: SAR table alignment
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (9 preceding siblings ...)
2024-12-03 14:33 ` [PATCH 6.11 010/817] wifi: iwlwifi: mvm: Use the sync timepoint API in suspend Greg Kroah-Hartman
@ 2024-12-03 14:33 ` Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 012/817] mac80211: fix user-power when emulating chanctx Greg Kroah-Hartman
` (815 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:33 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Anjaneyulu, Miri Korenblit,
Johannes Berg, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Anjaneyulu <pagadala.yesu.anjaneyulu@intel.com>
[ Upstream commit 32d95ab330069f9c551b8e99770bb4e799730b55 ]
SAR table format in ACPI and local data base are different,
So modified code to read data properly.
Signed-off-by: Anjaneyulu <pagadala.yesu.anjaneyulu@intel.com>
Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com>
Link: https://patch.msgid.link/20241010140328.f077aced4dee.I4dc618f12d01f7ad19f9f8881f6e09eea77e9a14@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/intel/iwlwifi/fw/acpi.c | 96 ++++++++++++--------
1 file changed, 58 insertions(+), 38 deletions(-)
diff --git a/drivers/net/wireless/intel/iwlwifi/fw/acpi.c b/drivers/net/wireless/intel/iwlwifi/fw/acpi.c
index a7cea0a55b35a..0bc32291815e1 100644
--- a/drivers/net/wireless/intel/iwlwifi/fw/acpi.c
+++ b/drivers/net/wireless/intel/iwlwifi/fw/acpi.c
@@ -429,38 +429,28 @@ int iwl_acpi_get_eckv(struct iwl_fw_runtime *fwrt, u32 *extl_clk)
return ret;
}
-static int iwl_acpi_sar_set_profile(union acpi_object *table,
- struct iwl_sar_profile *profile,
- bool enabled, u8 num_chains,
- u8 num_sub_bands)
+static int
+iwl_acpi_parse_chains_table(union acpi_object *table,
+ struct iwl_sar_profile_chain *chains,
+ u8 num_chains, u8 num_sub_bands)
{
- int i, j, idx = 0;
-
- /*
- * The table from ACPI is flat, but we store it in a
- * structured array.
- */
- for (i = 0; i < BIOS_SAR_MAX_CHAINS_PER_PROFILE; i++) {
- for (j = 0; j < BIOS_SAR_MAX_SUB_BANDS_NUM; j++) {
+ for (u8 chain = 0; chain < num_chains; chain++) {
+ for (u8 subband = 0; subband < BIOS_SAR_MAX_SUB_BANDS_NUM;
+ subband++) {
/* if we don't have the values, use the default */
- if (i >= num_chains || j >= num_sub_bands) {
- profile->chains[i].subbands[j] = 0;
+ if (subband >= num_sub_bands) {
+ chains[chain].subbands[subband] = 0;
+ } else if (table->type != ACPI_TYPE_INTEGER ||
+ table->integer.value > U8_MAX) {
+ return -EINVAL;
} else {
- if (table[idx].type != ACPI_TYPE_INTEGER ||
- table[idx].integer.value > U8_MAX)
- return -EINVAL;
-
- profile->chains[i].subbands[j] =
- table[idx].integer.value;
-
- idx++;
+ chains[chain].subbands[subband] =
+ table->integer.value;
+ table++;
}
}
}
- /* Only if all values were valid can the profile be enabled */
- profile->enabled = enabled;
-
return 0;
}
@@ -543,9 +533,11 @@ int iwl_acpi_get_wrds_table(struct iwl_fw_runtime *fwrt)
/* The profile from WRDS is officially profile 1, but goes
* into sar_profiles[0] (because we don't have a profile 0).
*/
- ret = iwl_acpi_sar_set_profile(table, &fwrt->sar_profiles[0],
- flags & IWL_SAR_ENABLE_MSK,
- num_chains, num_sub_bands);
+ ret = iwl_acpi_parse_chains_table(table, fwrt->sar_profiles[0].chains,
+ num_chains, num_sub_bands);
+ if (!ret && flags & IWL_SAR_ENABLE_MSK)
+ fwrt->sar_profiles[0].enabled = true;
+
out_free:
kfree(data);
return ret;
@@ -557,7 +549,7 @@ int iwl_acpi_get_ewrd_table(struct iwl_fw_runtime *fwrt)
bool enabled;
int i, n_profiles, tbl_rev, pos;
int ret = 0;
- u8 num_chains, num_sub_bands;
+ u8 num_sub_bands;
data = iwl_acpi_get_object(fwrt->dev, ACPI_EWRD_METHOD);
if (IS_ERR(data))
@@ -573,7 +565,6 @@ int iwl_acpi_get_ewrd_table(struct iwl_fw_runtime *fwrt)
goto out_free;
}
- num_chains = ACPI_SAR_NUM_CHAINS_REV2;
num_sub_bands = ACPI_SAR_NUM_SUB_BANDS_REV2;
goto read_table;
@@ -589,7 +580,6 @@ int iwl_acpi_get_ewrd_table(struct iwl_fw_runtime *fwrt)
goto out_free;
}
- num_chains = ACPI_SAR_NUM_CHAINS_REV1;
num_sub_bands = ACPI_SAR_NUM_SUB_BANDS_REV1;
goto read_table;
@@ -605,7 +595,6 @@ int iwl_acpi_get_ewrd_table(struct iwl_fw_runtime *fwrt)
goto out_free;
}
- num_chains = ACPI_SAR_NUM_CHAINS_REV0;
num_sub_bands = ACPI_SAR_NUM_SUB_BANDS_REV0;
goto read_table;
@@ -637,23 +626,54 @@ int iwl_acpi_get_ewrd_table(struct iwl_fw_runtime *fwrt)
/* the tables start at element 3 */
pos = 3;
+ BUILD_BUG_ON(ACPI_SAR_NUM_CHAINS_REV0 != ACPI_SAR_NUM_CHAINS_REV1);
+ BUILD_BUG_ON(ACPI_SAR_NUM_CHAINS_REV2 != 2 * ACPI_SAR_NUM_CHAINS_REV0);
+
+ /* parse non-cdb chains for all profiles */
for (i = 0; i < n_profiles; i++) {
union acpi_object *table = &wifi_pkg->package.elements[pos];
+
/* The EWRD profiles officially go from 2 to 4, but we
* save them in sar_profiles[1-3] (because we don't
* have profile 0). So in the array we start from 1.
*/
- ret = iwl_acpi_sar_set_profile(table,
- &fwrt->sar_profiles[i + 1],
- enabled, num_chains,
- num_sub_bands);
+ ret = iwl_acpi_parse_chains_table(table,
+ fwrt->sar_profiles[i + 1].chains,
+ ACPI_SAR_NUM_CHAINS_REV0,
+ num_sub_bands);
if (ret < 0)
- break;
+ goto out_free;
/* go to the next table */
- pos += num_chains * num_sub_bands;
+ pos += ACPI_SAR_NUM_CHAINS_REV0 * num_sub_bands;
}
+ /* non-cdb table revisions */
+ if (tbl_rev < 2)
+ goto set_enabled;
+
+ /* parse cdb chains for all profiles */
+ for (i = 0; i < n_profiles; i++) {
+ struct iwl_sar_profile_chain *chains;
+ union acpi_object *table;
+
+ table = &wifi_pkg->package.elements[pos];
+ chains = &fwrt->sar_profiles[i + 1].chains[ACPI_SAR_NUM_CHAINS_REV0];
+ ret = iwl_acpi_parse_chains_table(table,
+ chains,
+ ACPI_SAR_NUM_CHAINS_REV0,
+ num_sub_bands);
+ if (ret < 0)
+ goto out_free;
+
+ /* go to the next table */
+ pos += ACPI_SAR_NUM_CHAINS_REV0 * num_sub_bands;
+ }
+
+set_enabled:
+ for (i = 0; i < n_profiles; i++)
+ fwrt->sar_profiles[i + 1].enabled = enabled;
+
out_free:
kfree(data);
return ret;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 012/817] mac80211: fix user-power when emulating chanctx
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (10 preceding siblings ...)
2024-12-03 14:33 ` [PATCH 6.11 011/817] wifi: iwlwifi: mvm: SAR table alignment Greg Kroah-Hartman
@ 2024-12-03 14:33 ` Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 013/817] usb: add support for new USB device ID 0x17EF:0x3098 for the r8152 driver Greg Kroah-Hartman
` (814 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:33 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Ben Greear, Johannes Berg,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ben Greear <greearb@candelatech.com>
[ Upstream commit 9b15c6cf8d2e82c8427cd06f535d8de93b5b995c ]
ieee80211_calc_hw_conf_chan was ignoring the configured
user_txpower. If it is set, use it to potentially decrease
txpower as requested.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Link: https://patch.msgid.link/20241010203954.1219686-1-greearb@candelatech.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/mac80211/main.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/net/mac80211/main.c b/net/mac80211/main.c
index a3104b6ea6f0b..9ce942f3a4a4e 100644
--- a/net/mac80211/main.c
+++ b/net/mac80211/main.c
@@ -167,6 +167,8 @@ static u32 ieee80211_calc_hw_conf_chan(struct ieee80211_local *local,
}
power = ieee80211_chandef_max_power(&chandef);
+ if (local->user_power_level != IEEE80211_UNSET_POWER_LEVEL)
+ power = min(local->user_power_level, power);
rcu_read_lock();
list_for_each_entry_rcu(sdata, &local->interfaces, list) {
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 013/817] usb: add support for new USB device ID 0x17EF:0x3098 for the r8152 driver
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (11 preceding siblings ...)
2024-12-03 14:33 ` [PATCH 6.11 012/817] mac80211: fix user-power when emulating chanctx Greg Kroah-Hartman
@ 2024-12-03 14:33 ` Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 014/817] usb: typec: use cleanup facility for altmodes_node Greg Kroah-Hartman
` (813 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:33 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Benjamin Große, Simon Horman,
Jakub Kicinski, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Benjamin Große <ste3ls@gmail.com>
[ Upstream commit 94c11e852955b2eef5c4f0b36cfeae7dcf11a759 ]
This patch adds support for another Lenovo Mini dock 0x17EF:0x3098 to the
r8152 driver. The device has been tested on NixOS, hotplugging and sleep
included.
Signed-off-by: Benjamin Große <ste3ls@gmail.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Link: https://patch.msgid.link/20241020174128.160898-1-ste3ls@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/usb/r8152.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/usb/r8152.c b/drivers/net/usb/r8152.c
index a5612c799f5ef..468c739740463 100644
--- a/drivers/net/usb/r8152.c
+++ b/drivers/net/usb/r8152.c
@@ -10069,6 +10069,7 @@ static const struct usb_device_id rtl8152_table[] = {
{ USB_DEVICE(VENDOR_ID_LENOVO, 0x3062) },
{ USB_DEVICE(VENDOR_ID_LENOVO, 0x3069) },
{ USB_DEVICE(VENDOR_ID_LENOVO, 0x3082) },
+ { USB_DEVICE(VENDOR_ID_LENOVO, 0x3098) },
{ USB_DEVICE(VENDOR_ID_LENOVO, 0x7205) },
{ USB_DEVICE(VENDOR_ID_LENOVO, 0x720c) },
{ USB_DEVICE(VENDOR_ID_LENOVO, 0x7214) },
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 014/817] usb: typec: use cleanup facility for altmodes_node
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (12 preceding siblings ...)
2024-12-03 14:33 ` [PATCH 6.11 013/817] usb: add support for new USB device ID 0x17EF:0x3098 for the r8152 driver Greg Kroah-Hartman
@ 2024-12-03 14:33 ` Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 015/817] selftests/watchdog-test: Fix system accidentally reset after watchdog-test Greg Kroah-Hartman
` (812 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:33 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Heikki Krogerus, Javier Carrasco,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Javier Carrasco <javier.carrasco.cruz@gmail.com>
[ Upstream commit 1ab0b9ae587373f9f800b6fda01b8faf02b3530b ]
Use the __free() macro for 'altmodes_node' to automatically release the
node when it goes out of scope, removing the need for explicit calls to
fwnode_handle_put().
Suggested-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Signed-off-by: Javier Carrasco <javier.carrasco.cruz@gmail.com>
Reviewed-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Link: https://lore.kernel.org/r/20241021-typec-class-fwnode_handle_put-v2-2-3281225d3d27@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/typec/class.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/usb/typec/class.c b/drivers/usb/typec/class.c
index 1eb240604cf6f..145e12e13aef9 100644
--- a/drivers/usb/typec/class.c
+++ b/drivers/usb/typec/class.c
@@ -2293,7 +2293,7 @@ void typec_port_register_altmodes(struct typec_port *port,
const struct typec_altmode_ops *ops, void *drvdata,
struct typec_altmode **altmodes, size_t n)
{
- struct fwnode_handle *altmodes_node, *child;
+ struct fwnode_handle *child;
struct typec_altmode_desc desc;
struct typec_altmode *alt;
size_t index = 0;
@@ -2301,7 +2301,9 @@ void typec_port_register_altmodes(struct typec_port *port,
u32 vdo;
int ret;
- altmodes_node = device_get_named_child_node(&port->dev, "altmodes");
+ struct fwnode_handle *altmodes_node __free(fwnode_handle) =
+ device_get_named_child_node(&port->dev, "altmodes");
+
if (!altmodes_node)
return; /* No altmodes specified */
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 015/817] selftests/watchdog-test: Fix system accidentally reset after watchdog-test
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (13 preceding siblings ...)
2024-12-03 14:33 ` [PATCH 6.11 014/817] usb: typec: use cleanup facility for altmodes_node Greg Kroah-Hartman
@ 2024-12-03 14:33 ` Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 016/817] ALSA: hda/realtek: Add subwoofer quirk for Infinix ZERO BOOK 13 Greg Kroah-Hartman
` (811 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:33 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Li Zhijian, Shuah Khan, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Li Zhijian <lizhijian@fujitsu.com>
[ Upstream commit dc1308bee1ed03b4d698d77c8bd670d399dcd04d ]
When running watchdog-test with 'make run_tests', the watchdog-test will
be terminated by a timeout signal(SIGTERM) due to the test timemout.
And then, a system reboot would happen due to watchdog not stop. see
the dmesg as below:
```
[ 1367.185172] watchdog: watchdog0: watchdog did not stop!
```
Fix it by registering more signals(including SIGTERM) in watchdog-test,
where its signal handler will stop the watchdog.
After that
# timeout 1 ./watchdog-test
Watchdog Ticking Away!
.
Stopping watchdog ticks...
Link: https://lore.kernel.org/all/20241029031324.482800-1-lizhijian@fujitsu.com/
Signed-off-by: Li Zhijian <lizhijian@fujitsu.com>
Reviewed-by: Shuah Khan <skhan@linuxfoundation.org>
Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/watchdog/watchdog-test.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/tools/testing/selftests/watchdog/watchdog-test.c b/tools/testing/selftests/watchdog/watchdog-test.c
index bc71cbca0dde7..a1f506ba55786 100644
--- a/tools/testing/selftests/watchdog/watchdog-test.c
+++ b/tools/testing/selftests/watchdog/watchdog-test.c
@@ -334,7 +334,13 @@ int main(int argc, char *argv[])
printf("Watchdog Ticking Away!\n");
+ /*
+ * Register the signals
+ */
signal(SIGINT, term);
+ signal(SIGTERM, term);
+ signal(SIGKILL, term);
+ signal(SIGQUIT, term);
while (1) {
keep_alive();
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 016/817] ALSA: hda/realtek: Add subwoofer quirk for Infinix ZERO BOOK 13
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (14 preceding siblings ...)
2024-12-03 14:33 ` [PATCH 6.11 015/817] selftests/watchdog-test: Fix system accidentally reset after watchdog-test Greg Kroah-Hartman
@ 2024-12-03 14:33 ` Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 017/817] ASoC: codecs: wcd937x: add missing LO Switch control Greg Kroah-Hartman
` (810 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:33 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Piyush Raj Chouhan, Takashi Iwai,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Piyush Raj Chouhan <piyushchouhan1598@gmail.com>
[ Upstream commit ef5fbdf732a158ec27eeba69d8be851351f29f73 ]
Infinix ZERO BOOK 13 has a 2+2 speaker system which isn't probed correctly.
This patch adds a quirk with the proper pin connections.
Also The mic in this laptop suffers too high gain resulting in mostly
fan noise being recorded,
This patch Also limit mic boost.
HW Probe for device; https://linux-hardware.org/?probe=a2e892c47b
Test: All 4 speaker works, Mic has low noise.
Signed-off-by: Piyush Raj Chouhan <piyushchouhan1598@gmail.com>
Link: https://patch.msgid.link/20241028155516.15552-1-piyuschouhan1598@gmail.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/pci/hda/patch_realtek.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
index 833635aaee1d0..149079afa7969 100644
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -7544,6 +7544,7 @@ enum {
ALC290_FIXUP_SUBWOOFER_HSJACK,
ALC269_FIXUP_THINKPAD_ACPI,
ALC269_FIXUP_DMIC_THINKPAD_ACPI,
+ ALC269VB_FIXUP_INFINIX_ZERO_BOOK_13,
ALC269VB_FIXUP_CHUWI_COREBOOK_XPRO,
ALC255_FIXUP_ACER_MIC_NO_PRESENCE,
ALC255_FIXUP_ASUS_MIC_NO_PRESENCE,
@@ -7992,6 +7993,16 @@ static const struct hda_fixup alc269_fixups[] = {
.type = HDA_FIXUP_FUNC,
.v.func = alc269_fixup_pincfg_U7x7_headset_mic,
},
+ [ALC269VB_FIXUP_INFINIX_ZERO_BOOK_13] = {
+ .type = HDA_FIXUP_PINS,
+ .v.pins = (const struct hda_pintbl[]) {
+ { 0x14, 0x90170151 }, /* use as internal speaker (LFE) */
+ { 0x1b, 0x90170152 }, /* use as internal speaker (back) */
+ { }
+ },
+ .chained = true,
+ .chain_id = ALC269_FIXUP_LIMIT_INT_MIC_BOOST
+ },
[ALC269VB_FIXUP_CHUWI_COREBOOK_XPRO] = {
.type = HDA_FIXUP_PINS,
.v.pins = (const struct hda_pintbl[]) {
@@ -11015,6 +11026,7 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = {
SND_PCI_QUIRK(0x1d72, 0x1945, "Redmi G", ALC256_FIXUP_ASUS_HEADSET_MIC),
SND_PCI_QUIRK(0x1d72, 0x1947, "RedmiBook Air", ALC255_FIXUP_XIAOMI_HEADSET_MIC),
SND_PCI_QUIRK(0x2782, 0x0214, "VAIO VJFE-CL", ALC269_FIXUP_LIMIT_INT_MIC_BOOST),
+ SND_PCI_QUIRK(0x2782, 0x0228, "Infinix ZERO BOOK 13", ALC269VB_FIXUP_INFINIX_ZERO_BOOK_13),
SND_PCI_QUIRK(0x2782, 0x0232, "CHUWI CoreBook XPro", ALC269VB_FIXUP_CHUWI_COREBOOK_XPRO),
SND_PCI_QUIRK(0x2782, 0x1707, "Vaio VJFE-ADL", ALC298_FIXUP_SPK_VOLUME),
SND_PCI_QUIRK(0x8086, 0x2074, "Intel NUC 8", ALC233_FIXUP_INTEL_NUC8_DMIC),
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 017/817] ASoC: codecs: wcd937x: add missing LO Switch control
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (15 preceding siblings ...)
2024-12-03 14:33 ` [PATCH 6.11 016/817] ALSA: hda/realtek: Add subwoofer quirk for Infinix ZERO BOOK 13 Greg Kroah-Hartman
@ 2024-12-03 14:33 ` Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 018/817] ASoC: codecs: wcd937x: relax the AUX PDM watchdog Greg Kroah-Hartman
` (809 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:33 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Adam Skladowski, Prasad Kumpatla,
Srinivas Kandagatla, Mohammad Rafi Shaik, Alexey Klimov,
Mark Brown, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alexey Klimov <alexey.klimov@linaro.org>
[ Upstream commit 041db4bbe04e8e0b48350b3bbbd9a799794d5c1e ]
The wcd937x supports also AUX input but the control that sets correct
soundwire port for this is missing. This control is required for audio
playback, for instance, on qrb4210 RB2 board as well as on other
SoCs.
Reported-by: Adam Skladowski <a39.skl@gmail.com>
Reported-by: Prasad Kumpatla <quic_pkumpatl@quicinc.com>
Suggested-by: Adam Skladowski <a39.skl@gmail.com>
Suggested-by: Prasad Kumpatla <quic_pkumpatl@quicinc.com>
Cc: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Cc: Mohammad Rafi Shaik <quic_mohs@quicinc.com>
Signed-off-by: Alexey Klimov <alexey.klimov@linaro.org>
Link: https://patch.msgid.link/20241022033132.787416-2-alexey.klimov@linaro.org
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/wcd937x.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/sound/soc/codecs/wcd937x.c b/sound/soc/codecs/wcd937x.c
index af296b77a723a..63b25c321a03d 100644
--- a/sound/soc/codecs/wcd937x.c
+++ b/sound/soc/codecs/wcd937x.c
@@ -2049,6 +2049,8 @@ static const struct snd_kcontrol_new wcd937x_snd_controls[] = {
wcd937x_get_swr_port, wcd937x_set_swr_port),
SOC_SINGLE_EXT("HPHR Switch", WCD937X_HPH_R, 0, 1, 0,
wcd937x_get_swr_port, wcd937x_set_swr_port),
+ SOC_SINGLE_EXT("LO Switch", WCD937X_LO, 0, 1, 0,
+ wcd937x_get_swr_port, wcd937x_set_swr_port),
SOC_SINGLE_EXT("ADC1 Switch", WCD937X_ADC1, 1, 1, 0,
wcd937x_get_swr_port, wcd937x_set_swr_port),
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 018/817] ASoC: codecs: wcd937x: relax the AUX PDM watchdog
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (16 preceding siblings ...)
2024-12-03 14:33 ` [PATCH 6.11 017/817] ASoC: codecs: wcd937x: add missing LO Switch control Greg Kroah-Hartman
@ 2024-12-03 14:33 ` Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 019/817] x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB Greg Kroah-Hartman
` (808 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:33 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Adam Skladowski, Mohammad Rafi Shaik,
Prasad Kumpatla, Srinivas Kandagatla, Alexey Klimov, Mark Brown,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alexey Klimov <alexey.klimov@linaro.org>
[ Upstream commit 107a5c853eef5336a9846e7dd2f9184b6e3c07c7 ]
On a system with wcd937x, rxmacro and Qualcomm audio DSP, which is pretty
common set of devices on Qualcomm platforms, and due to the order of how
DAPM widgets are powered on (they are sorted), there is a small time window
when wcd937x chip is online and expects the flow of incoming data but
rxmacro is not yet online. When wcd937x is programmed to receive data
via AUX port then its AUX PDM watchdog is enabled in
wcd937x_codec_enable_aux_pa(). If due to some reasons the rxmacro and
soundwire machinery are delayed to start streaming data, then there is
a chance for this AUX PDM watchdog to reset the wcd937x codec. Such event
is not logged as a message and only wcd937x IRQ counter is increased
however there could be a lot of other reasons for that IRQ.
There is a similar opportunity for such delay during DAPM widgets power
down sequence.
If wcd937x codec reset happens on the start of the playback, then there
will be no sound and if such reset happens at the end of a playback then
it may generate additional clicks and pops noises.
On qrb4210 RB2 board without any debugging bits the wcd937x resets are
sometimes observed at the end of a playback though not always.
With some debugging messages or with some tracing enabled the AUX PDM
watchdog resets the wcd937x codec at the start of a playback and there
is no sound output at all.
In this patch:
- TIMEOUT_SEL bit in PDM_WD_CTL2 register is set to increase the watchdog
reset delay to 100ms which eliminates the AUX PDM watchdog IRQs on
qrb4210 RB2 board completely and decreases the number of unwanted clicks
noises;
- HOLD_OFF bit postpones triggering such watchdog IRQ till wcd937x codec
reset which usually happens at the end of a playback. This allows to
actually output some sound in case of debugging.
Cc: Adam Skladowski <a39.skl@gmail.com>
Cc: Mohammad Rafi Shaik <quic_mohs@quicinc.com>
Cc: Prasad Kumpatla <quic_pkumpatl@quicinc.com>
Cc: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Signed-off-by: Alexey Klimov <alexey.klimov@linaro.org>
Link: https://patch.msgid.link/20241022033132.787416-3-alexey.klimov@linaro.org
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/wcd937x.c | 10 ++++++++--
sound/soc/codecs/wcd937x.h | 4 ++++
2 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/sound/soc/codecs/wcd937x.c b/sound/soc/codecs/wcd937x.c
index 63b25c321a03d..3c1224d8f2dff 100644
--- a/sound/soc/codecs/wcd937x.c
+++ b/sound/soc/codecs/wcd937x.c
@@ -715,12 +715,17 @@ static int wcd937x_codec_enable_aux_pa(struct snd_soc_dapm_widget *w,
struct snd_soc_component *component = snd_soc_dapm_to_component(w->dapm);
struct wcd937x_priv *wcd937x = snd_soc_component_get_drvdata(component);
int hph_mode = wcd937x->hph_mode;
+ u8 val;
switch (event) {
case SND_SOC_DAPM_PRE_PMU:
+ val = WCD937X_DIGITAL_PDM_WD_CTL2_EN |
+ WCD937X_DIGITAL_PDM_WD_CTL2_TIMEOUT_SEL |
+ WCD937X_DIGITAL_PDM_WD_CTL2_HOLD_OFF;
snd_soc_component_update_bits(component,
WCD937X_DIGITAL_PDM_WD_CTL2,
- BIT(0), BIT(0));
+ WCD937X_DIGITAL_PDM_WD_CTL2_MASK,
+ val);
break;
case SND_SOC_DAPM_POST_PMU:
usleep_range(1000, 1010);
@@ -741,7 +746,8 @@ static int wcd937x_codec_enable_aux_pa(struct snd_soc_dapm_widget *w,
hph_mode);
snd_soc_component_update_bits(component,
WCD937X_DIGITAL_PDM_WD_CTL2,
- BIT(0), 0x00);
+ WCD937X_DIGITAL_PDM_WD_CTL2_MASK,
+ 0x00);
break;
}
diff --git a/sound/soc/codecs/wcd937x.h b/sound/soc/codecs/wcd937x.h
index 37bff16e88ddd..a2bd47a93e507 100644
--- a/sound/soc/codecs/wcd937x.h
+++ b/sound/soc/codecs/wcd937x.h
@@ -391,6 +391,10 @@
#define WCD937X_DIGITAL_PDM_WD_CTL0 0x3465
#define WCD937X_DIGITAL_PDM_WD_CTL1 0x3466
#define WCD937X_DIGITAL_PDM_WD_CTL2 0x3467
+#define WCD937X_DIGITAL_PDM_WD_CTL2_HOLD_OFF BIT(2)
+#define WCD937X_DIGITAL_PDM_WD_CTL2_TIMEOUT_SEL BIT(1)
+#define WCD937X_DIGITAL_PDM_WD_CTL2_EN BIT(0)
+#define WCD937X_DIGITAL_PDM_WD_CTL2_MASK GENMASK(2, 0)
#define WCD937X_DIGITAL_INTR_MODE 0x346A
#define WCD937X_DIGITAL_INTR_MASK_0 0x346B
#define WCD937X_DIGITAL_INTR_MASK_1 0x346C
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 019/817] x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (17 preceding siblings ...)
2024-12-03 14:33 ` [PATCH 6.11 018/817] ASoC: codecs: wcd937x: relax the AUX PDM watchdog Greg Kroah-Hartman
@ 2024-12-03 14:33 ` Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 020/817] bpf: fix filed access without lock Greg Kroah-Hartman
` (807 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:33 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Arnd Bergmann, Borislav Petkov (AMD),
Ilpo Järvinen, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Arnd Bergmann <arnd@arndb.de>
[ Upstream commit fce9642c765a18abd1db0339a7d832c29b68456a ]
node_to_amd_nb() is defined to NULL in non-AMD configs:
drivers/platform/x86/amd/hsmp/plat.c: In function 'init_platform_device':
drivers/platform/x86/amd/hsmp/plat.c:165:68: error: dereferencing 'void *' pointer [-Werror]
165 | sock->root = node_to_amd_nb(i)->root;
| ^~
drivers/platform/x86/amd/hsmp/plat.c:165:68: error: request for member 'root' in something not a structure or union
Users of the interface who also allow COMPILE_TEST will cause the above build
error so provide an inline stub to fix that.
[ bp: Massage commit message. ]
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Reviewed-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Link: https://lore.kernel.org/r/20241029092329.3857004-1-arnd@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/include/asm/amd_nb.h | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/arch/x86/include/asm/amd_nb.h b/arch/x86/include/asm/amd_nb.h
index 6f3b6aef47ba9..d0caac26533f2 100644
--- a/arch/x86/include/asm/amd_nb.h
+++ b/arch/x86/include/asm/amd_nb.h
@@ -116,7 +116,10 @@ static inline bool amd_gart_present(void)
#define amd_nb_num(x) 0
#define amd_nb_has_feature(x) false
-#define node_to_amd_nb(x) NULL
+static inline struct amd_northbridge *node_to_amd_nb(int node)
+{
+ return NULL;
+}
#define amd_gart_present(x) false
#endif
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 020/817] bpf: fix filed access without lock
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (18 preceding siblings ...)
2024-12-03 14:33 ` [PATCH 6.11 019/817] x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB Greg Kroah-Hartman
@ 2024-12-03 14:33 ` Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 021/817] net: usb: qmi_wwan: add Quectel RG650V Greg Kroah-Hartman
` (806 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:33 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jiayuan Chen, Martin KaFai Lau,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jiayuan Chen <mrpre@163.com>
[ Upstream commit a32aee8f0d987a7cba7fcc28002553361a392048 ]
The tcp_bpf_recvmsg_parser() function, running in user context,
retrieves seq_copied from tcp_sk without holding the socket lock, and
stores it in a local variable seq. However, the softirq context can
modify tcp_sk->seq_copied concurrently, for example, n tcp_read_sock().
As a result, the seq value is stale when it is assigned back to
tcp_sk->copied_seq at the end of tcp_bpf_recvmsg_parser(), leading to
incorrect behavior.
Due to concurrency, the copied_seq field in tcp_bpf_recvmsg_parser()
might be set to an incorrect value (less than the actual copied_seq) at
the end of function: 'WRITE_ONCE(tcp->copied_seq, seq)'. This causes the
'offset' to be negative in tcp_read_sock()->tcp_recv_skb() when
processing new incoming packets (sk->copied_seq - skb->seq becomes less
than 0), and all subsequent packets will be dropped.
Signed-off-by: Jiayuan Chen <mrpre@163.com>
Link: https://lore.kernel.org/r/20241028065226.35568-1-mrpre@163.com
Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv4/tcp_bpf.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/net/ipv4/tcp_bpf.c b/net/ipv4/tcp_bpf.c
index fe6178715ba05..915286c3615a2 100644
--- a/net/ipv4/tcp_bpf.c
+++ b/net/ipv4/tcp_bpf.c
@@ -221,11 +221,11 @@ static int tcp_bpf_recvmsg_parser(struct sock *sk,
int flags,
int *addr_len)
{
- struct tcp_sock *tcp = tcp_sk(sk);
int peek = flags & MSG_PEEK;
- u32 seq = tcp->copied_seq;
struct sk_psock *psock;
+ struct tcp_sock *tcp;
int copied = 0;
+ u32 seq;
if (unlikely(flags & MSG_ERRQUEUE))
return inet_recv_error(sk, msg, len, addr_len);
@@ -238,7 +238,8 @@ static int tcp_bpf_recvmsg_parser(struct sock *sk,
return tcp_recvmsg(sk, msg, len, flags, addr_len);
lock_sock(sk);
-
+ tcp = tcp_sk(sk);
+ seq = tcp->copied_seq;
/* We may have received data on the sk_receive_queue pre-accept and
* then we can not use read_skb in this context because we haven't
* assigned a sk_socket yet so have no link to the ops. The work-around
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 021/817] net: usb: qmi_wwan: add Quectel RG650V
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (19 preceding siblings ...)
2024-12-03 14:33 ` [PATCH 6.11 020/817] bpf: fix filed access without lock Greg Kroah-Hartman
@ 2024-12-03 14:33 ` Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 022/817] soc: qcom: Add check devm_kasprintf() returned value Greg Kroah-Hartman
` (805 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:33 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Benoît Monin, Simon Horman,
Jakub Kicinski, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Benoît Monin <benoit.monin@gmx.fr>
[ Upstream commit 6b3f18a76be6bbd237c7594cf0bf2912b68084fe ]
Add support for Quectel RG650V which is based on Qualcomm SDX65 chip.
The composition is DIAG / NMEA / AT / AT / QMI.
T: Bus=02 Lev=01 Prnt=01 Port=03 Cnt=01 Dev#= 4 Spd=5000 MxCh= 0
D: Ver= 3.20 Cls=00(>ifc ) Sub=00 Prot=00 MxPS= 9 #Cfgs= 1
P: Vendor=2c7c ProdID=0122 Rev=05.15
S: Manufacturer=Quectel
S: Product=RG650V-EU
S: SerialNumber=xxxxxxx
C: #Ifs= 5 Cfg#= 1 Atr=a0 MxPwr=896mA
I: If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=30 Driver=option
E: Ad=01(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms
E: Ad=81(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms
I: If#= 1 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
E: Ad=02(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms
E: Ad=82(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms
I: If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
E: Ad=03(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms
E: Ad=83(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms
E: Ad=84(I) Atr=03(Int.) MxPS= 10 Ivl=9ms
I: If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
E: Ad=04(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms
E: Ad=85(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms
E: Ad=86(I) Atr=03(Int.) MxPS= 10 Ivl=9ms
I: If#= 4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=qmi_wwan
E: Ad=05(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms
E: Ad=87(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms
E: Ad=88(I) Atr=03(Int.) MxPS= 8 Ivl=9ms
Signed-off-by: Benoît Monin <benoit.monin@gmx.fr>
Reviewed-by: Simon Horman <horms@kernel.org>
Link: https://patch.msgid.link/20241024151113.53203-1-benoit.monin@gmx.fr
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/usb/qmi_wwan.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/usb/qmi_wwan.c b/drivers/net/usb/qmi_wwan.c
index f137c82f1c0f7..0c011d8f5d4db 100644
--- a/drivers/net/usb/qmi_wwan.c
+++ b/drivers/net/usb/qmi_wwan.c
@@ -1076,6 +1076,7 @@ static const struct usb_device_id products[] = {
USB_DEVICE_AND_INTERFACE_INFO(0x03f0, 0x581d, USB_CLASS_VENDOR_SPEC, 1, 7),
.driver_info = (unsigned long)&qmi_wwan_info,
},
+ {QMI_MATCH_FF_FF_FF(0x2c7c, 0x0122)}, /* Quectel RG650V */
{QMI_MATCH_FF_FF_FF(0x2c7c, 0x0125)}, /* Quectel EC25, EC20 R2.0 Mini PCIe */
{QMI_MATCH_FF_FF_FF(0x2c7c, 0x0306)}, /* Quectel EP06/EG06/EM06 */
{QMI_MATCH_FF_FF_FF(0x2c7c, 0x0512)}, /* Quectel EG12/EM12 */
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 022/817] soc: qcom: Add check devm_kasprintf() returned value
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (20 preceding siblings ...)
2024-12-03 14:33 ` [PATCH 6.11 021/817] net: usb: qmi_wwan: add Quectel RG650V Greg Kroah-Hartman
@ 2024-12-03 14:33 ` Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 023/817] firmware: arm_scmi: Reject clear channel request on A2P Greg Kroah-Hartman
` (804 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:33 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Charles Han, Bjorn Andersson,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Charles Han <hanchunchao@inspur.com>
[ Upstream commit e694d2b5c58ba2d1e995d068707c8d966e7f5f2a ]
devm_kasprintf() can return a NULL pointer on failure but this
returned value in qcom_socinfo_probe() is not checked.
Signed-off-by: Charles Han <hanchunchao@inspur.com>
Link: https://lore.kernel.org/r/20240929072349.202520-1-hanchunchao@inspur.com
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/soc/qcom/socinfo.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/drivers/soc/qcom/socinfo.c b/drivers/soc/qcom/socinfo.c
index d7359a235e3cf..1d5a69eda26e5 100644
--- a/drivers/soc/qcom/socinfo.c
+++ b/drivers/soc/qcom/socinfo.c
@@ -782,10 +782,16 @@ static int qcom_socinfo_probe(struct platform_device *pdev)
qs->attr.revision = devm_kasprintf(&pdev->dev, GFP_KERNEL, "%u.%u",
SOCINFO_MAJOR(le32_to_cpu(info->ver)),
SOCINFO_MINOR(le32_to_cpu(info->ver)));
- if (offsetof(struct socinfo, serial_num) <= item_size)
+ if (!qs->attr.soc_id || qs->attr.revision)
+ return -ENOMEM;
+
+ if (offsetof(struct socinfo, serial_num) <= item_size) {
qs->attr.serial_number = devm_kasprintf(&pdev->dev, GFP_KERNEL,
"%u",
le32_to_cpu(info->serial_num));
+ if (!qs->attr.serial_number)
+ return -ENOMEM;
+ }
qs->soc_dev = soc_device_register(&qs->attr);
if (IS_ERR(qs->soc_dev))
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 023/817] firmware: arm_scmi: Reject clear channel request on A2P
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (21 preceding siblings ...)
2024-12-03 14:33 ` [PATCH 6.11 022/817] soc: qcom: Add check devm_kasprintf() returned value Greg Kroah-Hartman
@ 2024-12-03 14:33 ` Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 024/817] regulator: rk808: Add apply_bit for BUCK3 on RK809 Greg Kroah-Hartman
` (803 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:33 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Cristian Marussi, Florian Fainelli,
Sudeep Holla, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Cristian Marussi <cristian.marussi@arm.com>
[ Upstream commit a0a18e91eb3a6ef75a6de69dc00f206b913e3848 ]
The clear channel transport operation is supposed to be called exclusively
on the P2A channel from the agent, since it relinquishes the ownership of
the channel to the platform, after this latter has initiated some sort of
P2A communication.
Make sure that, if it is ever called on a A2P, is logged and ignored.
Signed-off-by: Cristian Marussi <cristian.marussi@arm.com>
Reviewed-by: Florian Fainelli <florian.fainelli@broadcom.com>
Message-Id: <20241021171544.2579551-1-cristian.marussi@arm.com>
Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/firmware/arm_scmi/common.h | 2 ++
drivers/firmware/arm_scmi/driver.c | 6 ++++++
2 files changed, 8 insertions(+)
diff --git a/drivers/firmware/arm_scmi/common.h b/drivers/firmware/arm_scmi/common.h
index 4b8c5250cdb57..cd30499b2555f 100644
--- a/drivers/firmware/arm_scmi/common.h
+++ b/drivers/firmware/arm_scmi/common.h
@@ -163,6 +163,7 @@ void scmi_protocol_release(const struct scmi_handle *handle, u8 protocol_id);
* used to initialize this channel
* @dev: Reference to device in the SCMI hierarchy corresponding to this
* channel
+ * @is_p2a: A flag to identify a channel as P2A (RX)
* @rx_timeout_ms: The configured RX timeout in milliseconds.
* @handle: Pointer to SCMI entity handle
* @no_completion_irq: Flag to indicate that this channel has no completion
@@ -174,6 +175,7 @@ void scmi_protocol_release(const struct scmi_handle *handle, u8 protocol_id);
struct scmi_chan_info {
int id;
struct device *dev;
+ bool is_p2a;
unsigned int rx_timeout_ms;
struct scmi_handle *handle;
bool no_completion_irq;
diff --git a/drivers/firmware/arm_scmi/driver.c b/drivers/firmware/arm_scmi/driver.c
index dc09f2d755f41..80b44bd1a3f3e 100644
--- a/drivers/firmware/arm_scmi/driver.c
+++ b/drivers/firmware/arm_scmi/driver.c
@@ -1034,6 +1034,11 @@ static inline void scmi_xfer_command_release(struct scmi_info *info,
static inline void scmi_clear_channel(struct scmi_info *info,
struct scmi_chan_info *cinfo)
{
+ if (!cinfo->is_p2a) {
+ dev_warn(cinfo->dev, "Invalid clear on A2P channel !\n");
+ return;
+ }
+
if (info->desc->ops->clear_channel)
info->desc->ops->clear_channel(cinfo);
}
@@ -2614,6 +2619,7 @@ static int scmi_chan_setup(struct scmi_info *info, struct device_node *of_node,
if (!cinfo)
return -ENOMEM;
+ cinfo->is_p2a = !tx;
cinfo->rx_timeout_ms = info->desc->max_rx_timeout_ms;
/* Create a unique name for this transport device */
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 024/817] regulator: rk808: Add apply_bit for BUCK3 on RK809
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (22 preceding siblings ...)
2024-12-03 14:33 ` [PATCH 6.11 023/817] firmware: arm_scmi: Reject clear channel request on A2P Greg Kroah-Hartman
@ 2024-12-03 14:33 ` Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 025/817] platform/x86: dell-smbios-base: Extends support to Alienware products Greg Kroah-Hartman
` (802 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:33 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mikhail Rudenko, Mark Brown,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mikhail Rudenko <mike.rudenko@gmail.com>
[ Upstream commit 5e53e4a66bc7430dd2d11c18a86410e3a38d2940 ]
Currently, RK809's BUCK3 regulator is modelled in the driver as a
configurable regulator with 0.5-2.4V voltage range. But the voltage
setting is not actually applied, because when bit 6 of
PMIC_POWER_CONFIG register is set to 0 (default), BUCK3 output voltage
is determined by the external feedback resistor. Fix this, by setting
bit 6 when voltage selection is set. Existing users which do not
specify voltage constraints in their device trees will not be affected
by this change, since no voltage setting is applied in those cases,
and bit 6 is not enabled.
Signed-off-by: Mikhail Rudenko <mike.rudenko@gmail.com>
Link: https://patch.msgid.link/20241017-rk809-dcdc3-v1-1-e3c3de92f39c@gmail.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/regulator/rk808-regulator.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/regulator/rk808-regulator.c b/drivers/regulator/rk808-regulator.c
index 14b60abd6afc6..01a8d04879184 100644
--- a/drivers/regulator/rk808-regulator.c
+++ b/drivers/regulator/rk808-regulator.c
@@ -1379,6 +1379,8 @@ static const struct regulator_desc rk809_reg[] = {
.n_linear_ranges = ARRAY_SIZE(rk817_buck1_voltage_ranges),
.vsel_reg = RK817_BUCK3_ON_VSEL_REG,
.vsel_mask = RK817_BUCK_VSEL_MASK,
+ .apply_reg = RK817_POWER_CONFIG,
+ .apply_bit = RK817_BUCK3_FB_RES_INTER,
.enable_reg = RK817_POWER_EN_REG(0),
.enable_mask = ENABLE_MASK(RK817_ID_DCDC3),
.enable_val = ENABLE_MASK(RK817_ID_DCDC3),
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 025/817] platform/x86: dell-smbios-base: Extends support to Alienware products
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (23 preceding siblings ...)
2024-12-03 14:33 ` [PATCH 6.11 024/817] regulator: rk808: Add apply_bit for BUCK3 on RK809 Greg Kroah-Hartman
@ 2024-12-03 14:33 ` Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 026/817] platform/x86: dell-wmi-base: Handle META key Lock/Unlock events Greg Kroah-Hartman
` (801 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:33 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Kurt Borja, Mario Limonciello,
Pali Rohár, Hans de Goede, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kurt Borja <kuurtb@gmail.com>
[ Upstream commit a36b8b84ac4327b90ef5a22bc97cc96a92073330 ]
Fixes the following error:
dell_smbios: Unable to run on non-Dell system
Which is triggered after dell-wmi driver fails to initialize on
Alienware systems, as it depends on dell-smbios.
This effectively extends dell-wmi, dell-smbios and dcdbas support to
Alienware devices, that might share some features of the SMBIOS intereface
calling interface with other Dell products.
Tested on an Alienware X15 R1.
Signed-off-by: Kurt Borja <kuurtb@gmail.com>
Reviewed-by: Mario Limonciello <mario.limonciello@amd.com>
Acked-by: Pali Rohár <pali@kernel.org>
Link: https://lore.kernel.org/r/20241031154023.6149-2-kuurtb@gmail.com
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/x86/dell/dell-smbios-base.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/platform/x86/dell/dell-smbios-base.c b/drivers/platform/x86/dell/dell-smbios-base.c
index 73e41eb69cb57..01c72b91a50d4 100644
--- a/drivers/platform/x86/dell/dell-smbios-base.c
+++ b/drivers/platform/x86/dell/dell-smbios-base.c
@@ -576,6 +576,7 @@ static int __init dell_smbios_init(void)
int ret, wmi, smm;
if (!dmi_find_device(DMI_DEV_TYPE_OEM_STRING, "Dell System", NULL) &&
+ !dmi_find_device(DMI_DEV_TYPE_OEM_STRING, "Alienware", NULL) &&
!dmi_find_device(DMI_DEV_TYPE_OEM_STRING, "www.dell.com", NULL)) {
pr_err("Unable to run on non-Dell system\n");
return -ENODEV;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 026/817] platform/x86: dell-wmi-base: Handle META key Lock/Unlock events
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (24 preceding siblings ...)
2024-12-03 14:33 ` [PATCH 6.11 025/817] platform/x86: dell-smbios-base: Extends support to Alienware products Greg Kroah-Hartman
@ 2024-12-03 14:33 ` Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 027/817] platform/x86: ideapad-laptop: add missing Ideapad Pro 5 fn keys Greg Kroah-Hartman
` (800 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:33 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Kurt Borja, Mario Limonciello,
Pali Rohár, Hans de Goede, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kurt Borja <kuurtb@gmail.com>
[ Upstream commit ec61f0bb4feec3345626a2b93b970b6719743997 ]
Some Alienware devices have a key that locks/unlocks the Meta key. This
key triggers a WMI event that should be ignored by the kernel, as it's
handled by internally the firmware.
There is no known way of changing this default behavior. The firmware
would lock/unlock the Meta key, regardless of how the event is handled.
Tested on an Alienware x15 R1.
Signed-off-by: Kurt Borja <kuurtb@gmail.com>
Reviewed-by: Mario Limonciello <mario.limonciello@amd.com>
Acked-by: Pali Rohár <pali@kernel.org>
Link: https://lore.kernel.org/r/20241031154441.6663-2-kuurtb@gmail.com
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/x86/dell/dell-wmi-base.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/platform/x86/dell/dell-wmi-base.c b/drivers/platform/x86/dell/dell-wmi-base.c
index 24fd7ffadda95..841a5414d28a6 100644
--- a/drivers/platform/x86/dell/dell-wmi-base.c
+++ b/drivers/platform/x86/dell/dell-wmi-base.c
@@ -80,6 +80,12 @@ static const struct dmi_system_id dell_wmi_smbios_list[] __initconst = {
static const struct key_entry dell_wmi_keymap_type_0000[] = {
{ KE_IGNORE, 0x003a, { KEY_CAPSLOCK } },
+ /* Meta key lock */
+ { KE_IGNORE, 0xe000, { KEY_RIGHTMETA } },
+
+ /* Meta key unlock */
+ { KE_IGNORE, 0xe001, { KEY_RIGHTMETA } },
+
/* Key code is followed by brightness level */
{ KE_KEY, 0xe005, { KEY_BRIGHTNESSDOWN } },
{ KE_KEY, 0xe006, { KEY_BRIGHTNESSUP } },
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 027/817] platform/x86: ideapad-laptop: add missing Ideapad Pro 5 fn keys
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (25 preceding siblings ...)
2024-12-03 14:33 ` [PATCH 6.11 026/817] platform/x86: dell-wmi-base: Handle META key Lock/Unlock events Greg Kroah-Hartman
@ 2024-12-03 14:33 ` Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 028/817] ASoC: tas2781: Add new driver version for tas2563 & tas2781 qfn chip Greg Kroah-Hartman
` (799 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:33 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Renato Caldas, Hans de Goede,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Renato Caldas <renato@calgera.com>
[ Upstream commit 36e66be874a7ea9d28fb9757629899a8449b8748 ]
The scancodes for the Mic Mute and Airplane keys on the Ideapad Pro 5
(14AHP9 at least, probably the other variants too) are different and
were not being picked up by the driver. This adds them to the keymap.
Apart from what is already supported, the remaining fn keys are
unfortunately producing windows-specific key-combos.
Signed-off-by: Renato Caldas <renato@calgera.com>
Link: https://lore.kernel.org/r/20241102183116.30142-1-renato@calgera.com
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/x86/ideapad-laptop.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/platform/x86/ideapad-laptop.c b/drivers/platform/x86/ideapad-laptop.c
index b58df617d4fda..2fde38f506508 100644
--- a/drivers/platform/x86/ideapad-laptop.c
+++ b/drivers/platform/x86/ideapad-laptop.c
@@ -1159,6 +1159,9 @@ static const struct key_entry ideapad_keymap[] = {
{ KE_KEY, 0x27 | IDEAPAD_WMI_KEY, { KEY_HELP } },
/* Refresh Rate Toggle */
{ KE_KEY, 0x0a | IDEAPAD_WMI_KEY, { KEY_REFRESH_RATE_TOGGLE } },
+ /* Specific to some newer models */
+ { KE_KEY, 0x3e | IDEAPAD_WMI_KEY, { KEY_MICMUTE } },
+ { KE_KEY, 0x3f | IDEAPAD_WMI_KEY, { KEY_RFKILL } },
{ KE_END },
};
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 028/817] ASoC: tas2781: Add new driver version for tas2563 & tas2781 qfn chip
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (26 preceding siblings ...)
2024-12-03 14:33 ` [PATCH 6.11 027/817] platform/x86: ideapad-laptop: add missing Ideapad Pro 5 fn keys Greg Kroah-Hartman
@ 2024-12-03 14:33 ` Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 029/817] tools/lib/thermal: Remove the thermal.h soft link when doing make clean Greg Kroah-Hartman
` (798 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:33 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Shenghao Ding, Mark Brown,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Shenghao Ding <shenghao-ding@ti.com>
[ Upstream commit fe09de2db2365eed8b44b572cff7d421eaf1754a ]
Add new driver version to support tas2563 & tas2781 qfn chip
Signed-off-by: Shenghao Ding <shenghao-ding@ti.com>
Link: https://patch.msgid.link/20241104100055.48-1-shenghao-ding@ti.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/tas2781-fmwlib.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/sound/soc/codecs/tas2781-fmwlib.c b/sound/soc/codecs/tas2781-fmwlib.c
index f3a7605f07104..6474cc551d551 100644
--- a/sound/soc/codecs/tas2781-fmwlib.c
+++ b/sound/soc/codecs/tas2781-fmwlib.c
@@ -1992,6 +1992,7 @@ static int tasdevice_dspfw_ready(const struct firmware *fmw,
break;
case 0x202:
case 0x400:
+ case 0x401:
tas_priv->fw_parse_variable_header =
fw_parse_variable_header_git;
tas_priv->fw_parse_program_data =
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 029/817] tools/lib/thermal: Remove the thermal.h soft link when doing make clean
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (27 preceding siblings ...)
2024-12-03 14:33 ` [PATCH 6.11 028/817] ASoC: tas2781: Add new driver version for tas2563 & tas2781 qfn chip Greg Kroah-Hartman
@ 2024-12-03 14:33 ` Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 030/817] can: j1939: fix error in J1939 documentation Greg Kroah-Hartman
` (797 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:33 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, zhang jiao, Daniel Lezcano,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: zhang jiao <zhangjiao2@cmss.chinamobile.com>
[ Upstream commit c5426dcc5a3a064bbd2de383e29035a14fe933e0 ]
Run "make -C tools thermal" can create a soft link for thermal.h in
tools/include/uapi/linux. Just rm it when make clean.
Signed-off-by: zhang jiao <zhangjiao2@cmss.chinamobile.com>
Link: https://lore.kernel.org/r/20240912045031.18426-1-zhangjiao2@cmss.chinamobile.com
Signed-off-by: Daniel Lezcano <daniel.lezcano@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/lib/thermal/Makefile | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/tools/lib/thermal/Makefile b/tools/lib/thermal/Makefile
index 2d0d255fd0e1c..8890fd57b110c 100644
--- a/tools/lib/thermal/Makefile
+++ b/tools/lib/thermal/Makefile
@@ -121,7 +121,9 @@ all: fixdep
clean:
$(call QUIET_CLEAN, libthermal) $(RM) $(LIBTHERMAL_A) \
- *.o *~ *.a *.so *.so.$(VERSION) *.so.$(LIBTHERMAL_VERSION) .*.d .*.cmd LIBTHERMAL-CFLAGS $(LIBTHERMAL_PC)
+ *.o *~ *.a *.so *.so.$(VERSION) *.so.$(LIBTHERMAL_VERSION) \
+ .*.d .*.cmd LIBTHERMAL-CFLAGS $(LIBTHERMAL_PC) \
+ $(srctree)/tools/$(THERMAL_UAPI)
$(LIBTHERMAL_PC):
$(QUIET_GEN)sed -e "s|@PREFIX@|$(prefix)|" \
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 030/817] can: j1939: fix error in J1939 documentation.
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (28 preceding siblings ...)
2024-12-03 14:33 ` [PATCH 6.11 029/817] tools/lib/thermal: Remove the thermal.h soft link when doing make clean Greg Kroah-Hartman
@ 2024-12-03 14:33 ` Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 031/817] platform/x86: thinkpad_acpi: Fix for ThinkPads with ECFW showing incorrect fan speed Greg Kroah-Hartman
` (796 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:33 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Alexander Hölzl, Oleksij Rempel,
Vincent Mailhol, Marc Kleine-Budde, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alexander Hölzl <alexander.hoelzl@gmx.net>
[ Upstream commit b6ec62e01aa4229bc9d3861d1073806767ea7838 ]
The description of PDU1 format usage mistakenly referred to PDU2 format.
Signed-off-by: Alexander Hölzl <alexander.hoelzl@gmx.net>
Acked-by: Oleksij Rempel <o.rempel@pengutronix.de>
Acked-by: Vincent Mailhol <mailhol.vincent@wanadoo.fr>
Link: https://patch.msgid.link/20241023145257.82709-1-alexander.hoelzl@gmx.net
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
Documentation/networking/j1939.rst | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Documentation/networking/j1939.rst b/Documentation/networking/j1939.rst
index e4bd7aa1f5aa9..544bad175aae2 100644
--- a/Documentation/networking/j1939.rst
+++ b/Documentation/networking/j1939.rst
@@ -121,7 +121,7 @@ format, the Group Extension is set in the PS-field.
On the other hand, when using PDU1 format, the PS-field contains a so-called
Destination Address, which is _not_ part of the PGN. When communicating a PGN
-from user space to kernel (or vice versa) and PDU2 format is used, the PS-field
+from user space to kernel (or vice versa) and PDU1 format is used, the PS-field
of the PGN shall be set to zero. The Destination Address shall be set
elsewhere.
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 031/817] platform/x86: thinkpad_acpi: Fix for ThinkPads with ECFW showing incorrect fan speed
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (29 preceding siblings ...)
2024-12-03 14:33 ` [PATCH 6.11 030/817] can: j1939: fix error in J1939 documentation Greg Kroah-Hartman
@ 2024-12-03 14:33 ` Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 032/817] ASoC: amd: yc: Support dmic on another model of Lenovo Thinkpad E14 Gen 6 Greg Kroah-Hartman
` (795 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:33 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Vishnu Sankar, Mark Pearson,
Hans de Goede, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Vishnu Sankar <vishnuocv@gmail.com>
[ Upstream commit 1be765b292577c752e0b87bf8c0e92aff6699d8e ]
Fix for Thinkpad's with ECFW showing incorrect fan speed. Some models use
decimal instead of hexadecimal for the speed stored in the EC registers.
For example the rpm register will have 0x4200 instead of 0x1068, here
the actual RPM is "4200" in decimal.
Add a quirk to handle this.
Signed-off-by: Vishnu Sankar <vishnuocv@gmail.com>
Suggested-by: Mark Pearson <mpearson-lenovo@squebb.ca>
Link: https://lore.kernel.org/r/20241105235505.8493-1-vishnuocv@gmail.com
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/x86/thinkpad_acpi.c | 28 +++++++++++++++++++++++++---
1 file changed, 25 insertions(+), 3 deletions(-)
diff --git a/drivers/platform/x86/thinkpad_acpi.c b/drivers/platform/x86/thinkpad_acpi.c
index f269ca1ff7718..10e04424885eb 100644
--- a/drivers/platform/x86/thinkpad_acpi.c
+++ b/drivers/platform/x86/thinkpad_acpi.c
@@ -7912,6 +7912,7 @@ static u8 fan_control_resume_level;
static int fan_watchdog_maxinterval;
static bool fan_with_ns_addr;
+static bool ecfw_with_fan_dec_rpm;
static struct mutex fan_mutex;
@@ -8554,7 +8555,11 @@ static ssize_t fan_fan1_input_show(struct device *dev,
if (res < 0)
return res;
- return sysfs_emit(buf, "%u\n", speed);
+ /* Check for fan speeds displayed in hexadecimal */
+ if (!ecfw_with_fan_dec_rpm)
+ return sysfs_emit(buf, "%u\n", speed);
+ else
+ return sysfs_emit(buf, "%x\n", speed);
}
static DEVICE_ATTR(fan1_input, S_IRUGO, fan_fan1_input_show, NULL);
@@ -8571,7 +8576,11 @@ static ssize_t fan_fan2_input_show(struct device *dev,
if (res < 0)
return res;
- return sysfs_emit(buf, "%u\n", speed);
+ /* Check for fan speeds displayed in hexadecimal */
+ if (!ecfw_with_fan_dec_rpm)
+ return sysfs_emit(buf, "%u\n", speed);
+ else
+ return sysfs_emit(buf, "%x\n", speed);
}
static DEVICE_ATTR(fan2_input, S_IRUGO, fan_fan2_input_show, NULL);
@@ -8647,6 +8656,7 @@ static const struct attribute_group fan_driver_attr_group = {
#define TPACPI_FAN_2CTL 0x0004 /* selects fan2 control */
#define TPACPI_FAN_NOFAN 0x0008 /* no fan available */
#define TPACPI_FAN_NS 0x0010 /* For EC with non-Standard register addresses */
+#define TPACPI_FAN_DECRPM 0x0020 /* For ECFW's with RPM in register as decimal */
static const struct tpacpi_quirk fan_quirk_table[] __initconst = {
TPACPI_QEC_IBM('1', 'Y', TPACPI_FAN_Q1),
@@ -8675,6 +8685,7 @@ static const struct tpacpi_quirk fan_quirk_table[] __initconst = {
TPACPI_Q_LNV3('R', '1', 'D', TPACPI_FAN_NS), /* 11e Gen5 GL-R */
TPACPI_Q_LNV3('R', '0', 'V', TPACPI_FAN_NS), /* 11e Gen5 KL-Y */
TPACPI_Q_LNV3('N', '1', 'O', TPACPI_FAN_NOFAN), /* X1 Tablet (2nd gen) */
+ TPACPI_Q_LNV3('R', '0', 'Q', TPACPI_FAN_DECRPM),/* L480 */
};
static int __init fan_init(struct ibm_init_struct *iibm)
@@ -8715,6 +8726,13 @@ static int __init fan_init(struct ibm_init_struct *iibm)
tp_features.fan_ctrl_status_undef = 1;
}
+ /* Check for the EC/BIOS with RPM reported in decimal*/
+ if (quirks & TPACPI_FAN_DECRPM) {
+ pr_info("ECFW with fan RPM as decimal in EC register\n");
+ ecfw_with_fan_dec_rpm = 1;
+ tp_features.fan_ctrl_status_undef = 1;
+ }
+
if (gfan_handle) {
/* 570, 600e/x, 770e, 770x */
fan_status_access_mode = TPACPI_FAN_RD_ACPI_GFAN;
@@ -8926,7 +8944,11 @@ static int fan_read(struct seq_file *m)
if (rc < 0)
return rc;
- seq_printf(m, "speed:\t\t%d\n", speed);
+ /* Check for fan speeds displayed in hexadecimal */
+ if (!ecfw_with_fan_dec_rpm)
+ seq_printf(m, "speed:\t\t%d\n", speed);
+ else
+ seq_printf(m, "speed:\t\t%x\n", speed);
if (fan_status_access_mode == TPACPI_FAN_RD_TPEC_NS) {
/*
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 032/817] ASoC: amd: yc: Support dmic on another model of Lenovo Thinkpad E14 Gen 6
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (30 preceding siblings ...)
2024-12-03 14:33 ` [PATCH 6.11 031/817] platform/x86: thinkpad_acpi: Fix for ThinkPads with ECFW showing incorrect fan speed Greg Kroah-Hartman
@ 2024-12-03 14:33 ` Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 033/817] ASoC: stm: Prevent potential division by zero in stm32_sai_mclk_round_rate() Greg Kroah-Hartman
` (794 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:33 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Markus Petri, Mark Brown,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Markus Petri <mp@mpetri.org>
[ Upstream commit 8c21e40e1e481f7fef6e570089e317068b972c45 ]
Another model of Thinkpad E14 Gen 6 (21M4)
needs a quirk entry for the dmic to be detected.
Signed-off-by: Markus Petri <mp@mpetri.org>
Link: https://patch.msgid.link/20241107094020.1050935-1-mp@localhost
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/amd/yc/acp6x-mach.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/sound/soc/amd/yc/acp6x-mach.c b/sound/soc/amd/yc/acp6x-mach.c
index dc476bfb6da40..2436e8deb2be4 100644
--- a/sound/soc/amd/yc/acp6x-mach.c
+++ b/sound/soc/amd/yc/acp6x-mach.c
@@ -227,6 +227,13 @@ static const struct dmi_system_id yc_acp_quirk_table[] = {
DMI_MATCH(DMI_PRODUCT_NAME, "21M3"),
}
},
+ {
+ .driver_data = &acp6x_card,
+ .matches = {
+ DMI_MATCH(DMI_BOARD_VENDOR, "LENOVO"),
+ DMI_MATCH(DMI_PRODUCT_NAME, "21M4"),
+ }
+ },
{
.driver_data = &acp6x_card,
.matches = {
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 033/817] ASoC: stm: Prevent potential division by zero in stm32_sai_mclk_round_rate()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (31 preceding siblings ...)
2024-12-03 14:33 ` [PATCH 6.11 032/817] ASoC: amd: yc: Support dmic on another model of Lenovo Thinkpad E14 Gen 6 Greg Kroah-Hartman
@ 2024-12-03 14:33 ` Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 034/817] ASoC: stm: Prevent potential division by zero in stm32_sai_get_clk_div() Greg Kroah-Hartman
` (793 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:33 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Luo Yifan, Mark Brown, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Luo Yifan <luoyifan@cmss.chinamobile.com>
[ Upstream commit 63c1c87993e0e5bb11bced3d8224446a2bc62338 ]
This patch checks if div is less than or equal to zero (div <= 0). If
div is zero or negative, the function returns -EINVAL, ensuring the
division operation (*prate / div) is safe to perform.
Signed-off-by: Luo Yifan <luoyifan@cmss.chinamobile.com>
Link: https://patch.msgid.link/20241106014654.206860-1-luoyifan@cmss.chinamobile.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/stm/stm32_sai_sub.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/sound/soc/stm/stm32_sai_sub.c b/sound/soc/stm/stm32_sai_sub.c
index ad2492efb1cdc..19307812ec765 100644
--- a/sound/soc/stm/stm32_sai_sub.c
+++ b/sound/soc/stm/stm32_sai_sub.c
@@ -378,8 +378,8 @@ static long stm32_sai_mclk_round_rate(struct clk_hw *hw, unsigned long rate,
int div;
div = stm32_sai_get_clk_div(sai, *prate, rate);
- if (div < 0)
- return div;
+ if (div <= 0)
+ return -EINVAL;
mclk->freq = *prate / div;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 034/817] ASoC: stm: Prevent potential division by zero in stm32_sai_get_clk_div()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (32 preceding siblings ...)
2024-12-03 14:33 ` [PATCH 6.11 033/817] ASoC: stm: Prevent potential division by zero in stm32_sai_mclk_round_rate() Greg Kroah-Hartman
@ 2024-12-03 14:33 ` Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 035/817] drm: panel-orientation-quirks: Make Lenovo Yoga Tab 3 X90F DMI match less strict Greg Kroah-Hartman
` (792 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:33 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Luo Yifan, Olivier Moysan,
Mark Brown, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Luo Yifan <luoyifan@cmss.chinamobile.com>
[ Upstream commit 23569c8b314925bdb70dd1a7b63cfe6100868315 ]
This patch checks if div is less than or equal to zero (div <= 0). If
div is zero or negative, the function returns -EINVAL, ensuring the
division operation is safe to perform.
Signed-off-by: Luo Yifan <luoyifan@cmss.chinamobile.com>
Reviewed-by: Olivier Moysan <olivier.moysan@foss.st.com>
Link: https://patch.msgid.link/20241107015936.211902-1-luoyifan@cmss.chinamobile.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/stm/stm32_sai_sub.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sound/soc/stm/stm32_sai_sub.c b/sound/soc/stm/stm32_sai_sub.c
index 19307812ec765..64f52c75e2aa8 100644
--- a/sound/soc/stm/stm32_sai_sub.c
+++ b/sound/soc/stm/stm32_sai_sub.c
@@ -317,7 +317,7 @@ static int stm32_sai_get_clk_div(struct stm32_sai_sub_data *sai,
int div;
div = DIV_ROUND_CLOSEST(input_rate, output_rate);
- if (div > SAI_XCR1_MCKDIV_MAX(version)) {
+ if (div > SAI_XCR1_MCKDIV_MAX(version) || div <= 0) {
dev_err(&sai->pdev->dev, "Divider %d out of range\n", div);
return -EINVAL;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 035/817] drm: panel-orientation-quirks: Make Lenovo Yoga Tab 3 X90F DMI match less strict
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (33 preceding siblings ...)
2024-12-03 14:33 ` [PATCH 6.11 034/817] ASoC: stm: Prevent potential division by zero in stm32_sai_get_clk_div() Greg Kroah-Hartman
@ 2024-12-03 14:33 ` Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 036/817] proc/softirqs: replace seq_printf with seq_put_decimal_ull_width Greg Kroah-Hartman
` (791 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:33 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Hans de Goede, Jani Nikula,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit 052ef642bd6c108a24f375f9ad174b97b425a50b ]
There are 2G and 4G RAM versions of the Lenovo Yoga Tab 3 X90F and it
turns out that the 2G version has a DMI product name of
"CHERRYVIEW D1 PLATFORM" where as the 4G version has
"CHERRYVIEW C0 PLATFORM". The sys-vendor + product-version check are
unique enough that the product-name check is not necessary.
Drop the product-name check so that the existing DMI match for the 4G
RAM version also matches the 2G RAM version.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Acked-by: Jani Nikula <jani.nikula@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20240825132131.6643-1-hdegoede@redhat.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/drm_panel_orientation_quirks.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/gpu/drm/drm_panel_orientation_quirks.c b/drivers/gpu/drm/drm_panel_orientation_quirks.c
index 0830cae9a4d0f..2d84d7ea1ab7a 100644
--- a/drivers/gpu/drm/drm_panel_orientation_quirks.c
+++ b/drivers/gpu/drm/drm_panel_orientation_quirks.c
@@ -403,7 +403,6 @@ static const struct dmi_system_id orientation_data[] = {
}, { /* Lenovo Yoga Tab 3 X90F */
.matches = {
DMI_MATCH(DMI_SYS_VENDOR, "Intel Corporation"),
- DMI_MATCH(DMI_PRODUCT_NAME, "CHERRYVIEW D1 PLATFORM"),
DMI_MATCH(DMI_PRODUCT_VERSION, "Blade3-10A-001"),
},
.driver_data = (void *)&lcd1600x2560_rightside_up,
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 036/817] proc/softirqs: replace seq_printf with seq_put_decimal_ull_width
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (34 preceding siblings ...)
2024-12-03 14:33 ` [PATCH 6.11 035/817] drm: panel-orientation-quirks: Make Lenovo Yoga Tab 3 X90F DMI match less strict Greg Kroah-Hartman
@ 2024-12-03 14:33 ` Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 037/817] integrity: Use static_assert() to check struct sizes Greg Kroah-Hartman
` (790 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:33 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, David Wang, Linus Torvalds,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: David Wang <00107082@163.com>
[ Upstream commit 84b9749a3a704dcc824a88aa8267247c801d51e4 ]
seq_printf is costy, on a system with n CPUs, reading /proc/softirqs
would yield 10*n decimal values, and the extra cost parsing format string
grows linearly with number of cpus. Replace seq_printf with
seq_put_decimal_ull_width have significant performance improvement.
On an 8CPUs system, reading /proc/softirqs show ~40% performance
gain with this patch.
Signed-off-by: David Wang <00107082@163.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/proc/softirqs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/proc/softirqs.c b/fs/proc/softirqs.c
index f4616083faef3..04bb29721419b 100644
--- a/fs/proc/softirqs.c
+++ b/fs/proc/softirqs.c
@@ -20,7 +20,7 @@ static int show_softirqs(struct seq_file *p, void *v)
for (i = 0; i < NR_SOFTIRQS; i++) {
seq_printf(p, "%12s:", softirq_to_name[i]);
for_each_possible_cpu(j)
- seq_printf(p, " %10u", kstat_softirqs_cpu(i, j));
+ seq_put_decimal_ull_width(p, " ", kstat_softirqs_cpu(i, j), 10);
seq_putc(p, '\n');
}
return 0;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 037/817] integrity: Use static_assert() to check struct sizes
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (35 preceding siblings ...)
2024-12-03 14:33 ` [PATCH 6.11 036/817] proc/softirqs: replace seq_printf with seq_put_decimal_ull_width Greg Kroah-Hartman
@ 2024-12-03 14:33 ` Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 038/817] ASoC: audio-graph-card2: Purge absent supplies for device tree nodes Greg Kroah-Hartman
` (789 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:33 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Gustavo A. R. Silva, Roberto Sassu,
Mimi Zohar, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Gustavo A. R. Silva <gustavoars@kernel.org>
[ Upstream commit 08ae3e5f5fc8edb9bd0c7ef9696ff29ef18b26ef ]
Commit 38aa3f5ac6d2 ("integrity: Avoid -Wflex-array-member-not-at-end
warnings") introduced tagged `struct evm_ima_xattr_data_hdr` and
`struct ima_digest_data_hdr`. We want to ensure that when new members
need to be added to the flexible structures, they are always included
within these tagged structs.
So, we use `static_assert()` to ensure that the memory layout for
both the flexible structure and the tagged struct is the same after
any changes.
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Tested-by: Roberto Sassu <roberto.sassu@huawei.com>
Reviewed-by: Roberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
security/integrity/integrity.h | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h
index 660f76cb69d37..c2c2da6911233 100644
--- a/security/integrity/integrity.h
+++ b/security/integrity/integrity.h
@@ -37,6 +37,8 @@ struct evm_ima_xattr_data {
);
u8 data[];
} __packed;
+static_assert(offsetof(struct evm_ima_xattr_data, data) == sizeof(struct evm_ima_xattr_data_hdr),
+ "struct member likely outside of __struct_group()");
/* Only used in the EVM HMAC code. */
struct evm_xattr {
@@ -65,6 +67,8 @@ struct ima_digest_data {
);
u8 digest[];
} __packed;
+static_assert(offsetof(struct ima_digest_data, digest) == sizeof(struct ima_digest_data_hdr),
+ "struct member likely outside of __struct_group()");
/*
* Instead of wrapping the ima_digest_data struct inside a local structure
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 038/817] ASoC: audio-graph-card2: Purge absent supplies for device tree nodes
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (36 preceding siblings ...)
2024-12-03 14:33 ` [PATCH 6.11 037/817] integrity: Use static_assert() to check struct sizes Greg Kroah-Hartman
@ 2024-12-03 14:33 ` Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 039/817] LoongArch: For all possible CPUs setup logical-physical CPU mapping Greg Kroah-Hartman
` (788 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:33 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, John Watts, Kuninori Morimoto,
Mark Brown, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: John Watts <contact@jookia.org>
[ Upstream commit f8da001ae7af0abd9f6250c02c01a1121074ca60 ]
The audio graph card doesn't mark its subnodes such as multi {}, dpcm {}
and c2c {} as not requiring any suppliers. This causes a hang as Linux
waits for these phantom suppliers to show up on boot.
Make it clear these nodes have no suppliers.
Example error message:
[ 15.208558] platform 2034000.i2s: deferred probe pending: platform: wait for supplier /sound/multi
[ 15.208584] platform sound: deferred probe pending: asoc-audio-graph-card2: parse error
Signed-off-by: John Watts <contact@jookia.org>
Acked-by: Kuninori Morimoto <kuninori.morimoto.gx@renesas.com>
Link: https://patch.msgid.link/20241108-graph_dt_fix-v1-1-173e2f9603d6@jookia.org
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/generic/audio-graph-card2.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/sound/soc/generic/audio-graph-card2.c b/sound/soc/generic/audio-graph-card2.c
index 56f7f946882e8..68f1da6931af2 100644
--- a/sound/soc/generic/audio-graph-card2.c
+++ b/sound/soc/generic/audio-graph-card2.c
@@ -270,16 +270,19 @@ static enum graph_type __graph_get_type(struct device_node *lnk)
if (of_node_name_eq(np, GRAPH_NODENAME_MULTI)) {
ret = GRAPH_MULTI;
+ fw_devlink_purge_absent_suppliers(&np->fwnode);
goto out_put;
}
if (of_node_name_eq(np, GRAPH_NODENAME_DPCM)) {
ret = GRAPH_DPCM;
+ fw_devlink_purge_absent_suppliers(&np->fwnode);
goto out_put;
}
if (of_node_name_eq(np, GRAPH_NODENAME_C2C)) {
ret = GRAPH_C2C;
+ fw_devlink_purge_absent_suppliers(&np->fwnode);
goto out_put;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 039/817] LoongArch: For all possible CPUs setup logical-physical CPU mapping
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (37 preceding siblings ...)
2024-12-03 14:33 ` [PATCH 6.11 038/817] ASoC: audio-graph-card2: Purge absent supplies for device tree nodes Greg Kroah-Hartman
@ 2024-12-03 14:33 ` Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 040/817] LoongArch: Define a default value for VM_DATA_DEFAULT_FLAGS Greg Kroah-Hartman
` (787 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:33 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Bibo Mao, Huacai Chen, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Huacai Chen <chenhuacai@loongson.cn>
[ Upstream commit a6654a40a852a4ca18aacced4cf5ca87997818d7 ]
In order to support ACPI-based physical CPU hotplug, we suppose for all
"possible" CPUs cpu_logical_map() can work. Because some drivers want to
use cpu_logical_map() for all "possible" CPUs, while currently we only
setup logical-physical mapping for "present" CPUs. This lack of mapping
also causes cpu_to_node() cannot work for hot-added CPUs.
All "possible" CPUs are listed in MADT, and the "present" subset is
marked as ACPI_MADT_ENABLED. To setup logical-physical CPU mapping for
all possible CPUs and keep present CPUs continuous in cpu_present_mask,
we parse MADT twice. The first pass handles CPUs with ACPI_MADT_ENABLED
and the second pass handles CPUs without ACPI_MADT_ENABLED.
The global flag (cpu_enumerated) is removed because acpi_map_cpu() calls
cpu_number_map() rather than set_processor_mask() now.
Reported-by: Bibo Mao <maobibo@loongson.cn>
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/loongarch/kernel/acpi.c | 81 +++++++++++++++++++++++-------------
arch/loongarch/kernel/smp.c | 3 +-
2 files changed, 55 insertions(+), 29 deletions(-)
diff --git a/arch/loongarch/kernel/acpi.c b/arch/loongarch/kernel/acpi.c
index 929a497c987e8..de9e34414e614 100644
--- a/arch/loongarch/kernel/acpi.c
+++ b/arch/loongarch/kernel/acpi.c
@@ -57,48 +57,48 @@ void __iomem *acpi_os_ioremap(acpi_physical_address phys, acpi_size size)
return ioremap_cache(phys, size);
}
-static int cpu_enumerated = 0;
-
#ifdef CONFIG_SMP
-static int set_processor_mask(u32 id, u32 flags)
+static int set_processor_mask(u32 id, u32 pass)
{
- int nr_cpus;
- int cpu, cpuid = id;
-
- if (!cpu_enumerated)
- nr_cpus = NR_CPUS;
- else
- nr_cpus = nr_cpu_ids;
+ int cpu = -1, cpuid = id;
- if (num_processors >= nr_cpus) {
+ if (num_processors >= NR_CPUS) {
pr_warn(PREFIX "nr_cpus limit of %i reached."
- " processor 0x%x ignored.\n", nr_cpus, cpuid);
+ " processor 0x%x ignored.\n", NR_CPUS, cpuid);
return -ENODEV;
}
+
if (cpuid == loongson_sysconf.boot_cpu_id)
cpu = 0;
- else
- cpu = find_first_zero_bit(cpumask_bits(cpu_present_mask), NR_CPUS);
-
- if (!cpu_enumerated)
- set_cpu_possible(cpu, true);
- if (flags & ACPI_MADT_ENABLED) {
+ switch (pass) {
+ case 1: /* Pass 1 handle enabled processors */
+ if (cpu < 0)
+ cpu = find_first_zero_bit(cpumask_bits(cpu_present_mask), NR_CPUS);
num_processors++;
set_cpu_present(cpu, true);
- __cpu_number_map[cpuid] = cpu;
- __cpu_logical_map[cpu] = cpuid;
- } else
+ break;
+ case 2: /* Pass 2 handle disabled processors */
+ if (cpu < 0)
+ cpu = find_first_zero_bit(cpumask_bits(cpu_possible_mask), NR_CPUS);
disabled_cpus++;
+ break;
+ default:
+ return cpu;
+ }
+
+ set_cpu_possible(cpu, true);
+ __cpu_number_map[cpuid] = cpu;
+ __cpu_logical_map[cpu] = cpuid;
return cpu;
}
#endif
static int __init
-acpi_parse_processor(union acpi_subtable_headers *header, const unsigned long end)
+acpi_parse_p1_processor(union acpi_subtable_headers *header, const unsigned long end)
{
struct acpi_madt_core_pic *processor = NULL;
@@ -109,12 +109,29 @@ acpi_parse_processor(union acpi_subtable_headers *header, const unsigned long en
acpi_table_print_madt_entry(&header->common);
#ifdef CONFIG_SMP
acpi_core_pic[processor->core_id] = *processor;
- set_processor_mask(processor->core_id, processor->flags);
+ if (processor->flags & ACPI_MADT_ENABLED)
+ set_processor_mask(processor->core_id, 1);
#endif
return 0;
}
+static int __init
+acpi_parse_p2_processor(union acpi_subtable_headers *header, const unsigned long end)
+{
+ struct acpi_madt_core_pic *processor = NULL;
+
+ processor = (struct acpi_madt_core_pic *)header;
+ if (BAD_MADT_ENTRY(processor, end))
+ return -EINVAL;
+
+#ifdef CONFIG_SMP
+ if (!(processor->flags & ACPI_MADT_ENABLED))
+ set_processor_mask(processor->core_id, 2);
+#endif
+
+ return 0;
+}
static int __init
acpi_parse_eio_master(union acpi_subtable_headers *header, const unsigned long end)
{
@@ -142,12 +159,14 @@ static void __init acpi_process_madt(void)
}
#endif
acpi_table_parse_madt(ACPI_MADT_TYPE_CORE_PIC,
- acpi_parse_processor, MAX_CORE_PIC);
+ acpi_parse_p1_processor, MAX_CORE_PIC);
+
+ acpi_table_parse_madt(ACPI_MADT_TYPE_CORE_PIC,
+ acpi_parse_p2_processor, MAX_CORE_PIC);
acpi_table_parse_madt(ACPI_MADT_TYPE_EIO_PIC,
acpi_parse_eio_master, MAX_IO_PICS);
- cpu_enumerated = 1;
loongson_sysconf.nr_cpus = num_processors;
}
@@ -306,6 +325,10 @@ static int __ref acpi_map_cpu2node(acpi_handle handle, int cpu, int physid)
int nid;
nid = acpi_get_node(handle);
+
+ if (nid != NUMA_NO_NODE)
+ nid = early_cpu_to_node(cpu);
+
if (nid != NUMA_NO_NODE) {
set_cpuid_to_node(physid, nid);
node_set(nid, numa_nodes_parsed);
@@ -320,12 +343,14 @@ int acpi_map_cpu(acpi_handle handle, phys_cpuid_t physid, u32 acpi_id, int *pcpu
{
int cpu;
- cpu = set_processor_mask(physid, ACPI_MADT_ENABLED);
- if (cpu < 0) {
+ cpu = cpu_number_map(physid);
+ if (cpu < 0 || cpu >= nr_cpu_ids) {
pr_info(PREFIX "Unable to map lapic to logical cpu number\n");
- return cpu;
+ return -ERANGE;
}
+ num_processors++;
+ set_cpu_present(cpu, true);
acpi_map_cpu2node(handle, cpu, physid);
*pcpu = cpu;
diff --git a/arch/loongarch/kernel/smp.c b/arch/loongarch/kernel/smp.c
index b1329fe01fae9..5a8cb31a4e6b7 100644
--- a/arch/loongarch/kernel/smp.c
+++ b/arch/loongarch/kernel/smp.c
@@ -325,11 +325,11 @@ void __init loongson_prepare_cpus(unsigned int max_cpus)
int i = 0;
parse_acpi_topology();
+ cpu_data[0].global_id = cpu_logical_map(0);
for (i = 0; i < loongson_sysconf.nr_cpus; i++) {
set_cpu_present(i, true);
csr_mail_send(0, __cpu_logical_map[i], 0);
- cpu_data[i].global_id = __cpu_logical_map[i];
}
per_cpu(cpu_state, smp_processor_id()) = CPU_ONLINE;
@@ -374,6 +374,7 @@ void loongson_init_secondary(void)
cpu_logical_map(cpu) / loongson_sysconf.cores_per_package;
cpu_data[cpu].core = pptt_enabled ? cpu_data[cpu].core :
cpu_logical_map(cpu) % loongson_sysconf.cores_per_package;
+ cpu_data[cpu].global_id = cpu_logical_map(cpu);
}
void loongson_smp_finish(void)
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 040/817] LoongArch: Define a default value for VM_DATA_DEFAULT_FLAGS
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (38 preceding siblings ...)
2024-12-03 14:33 ` [PATCH 6.11 039/817] LoongArch: For all possible CPUs setup logical-physical CPU mapping Greg Kroah-Hartman
@ 2024-12-03 14:33 ` Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 041/817] ASoC: max9768: Fix event generation for playback mute Greg Kroah-Hartman
` (786 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:33 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Wentao Guan, Yuli Wang, Huacai Chen,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yuli Wang <wangyuli@uniontech.com>
[ Upstream commit c859900a841b0a6cd9a73d16426465e44cdde29c ]
This is a trivial cleanup, commit c62da0c35d58518d ("mm/vma: define a
default value for VM_DATA_DEFAULT_FLAGS") has unified default values of
VM_DATA_DEFAULT_FLAGS across different platforms.
Apply the same consistency to LoongArch.
Suggested-by: Wentao Guan <guanwentao@uniontech.com>
Signed-off-by: Yuli Wang <wangyuli@uniontech.com>
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/loongarch/include/asm/page.h | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/arch/loongarch/include/asm/page.h b/arch/loongarch/include/asm/page.h
index e85df33f11c77..8f21567a3188b 100644
--- a/arch/loongarch/include/asm/page.h
+++ b/arch/loongarch/include/asm/page.h
@@ -113,10 +113,7 @@ struct page *tlb_virt_to_page(unsigned long kaddr);
extern int __virt_addr_valid(volatile void *kaddr);
#define virt_addr_valid(kaddr) __virt_addr_valid((volatile void *)(kaddr))
-#define VM_DATA_DEFAULT_FLAGS \
- (VM_READ | VM_WRITE | \
- ((current->personality & READ_IMPLIES_EXEC) ? VM_EXEC : 0) | \
- VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
+#define VM_DATA_DEFAULT_FLAGS VM_DATA_FLAGS_TSK_EXEC
#include <asm-generic/memory_model.h>
#include <asm-generic/getorder.h>
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 041/817] ASoC: max9768: Fix event generation for playback mute
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (39 preceding siblings ...)
2024-12-03 14:33 ` [PATCH 6.11 040/817] LoongArch: Define a default value for VM_DATA_DEFAULT_FLAGS Greg Kroah-Hartman
@ 2024-12-03 14:33 ` Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 042/817] ALSA: usb-audio: Fix Yamaha P-125 Quirk Entry Greg Kroah-Hartman
` (785 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:33 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Mark Brown, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mark Brown <broonie@kernel.org>
[ Upstream commit 2ae6da569e34e1d26c5275442d17ffd75fd343b3 ]
The max9768 has a custom control for playback mute which unconditionally
returns 0 from the put() operation, rather than returning 1 on change to
ensure notifications are generated to userspace. Check to see if the value
has changed and return appropriately.
Signed-off-by: Mark Brown <broonie@kernel.org>
Link: https://patch.msgid.link/20241112-asoc-max9768-event-v1-1-ba5d50599787@kernel.org
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/max9768.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/sound/soc/codecs/max9768.c b/sound/soc/codecs/max9768.c
index e4793a5d179ef..8af3c7e5317fb 100644
--- a/sound/soc/codecs/max9768.c
+++ b/sound/soc/codecs/max9768.c
@@ -54,10 +54,17 @@ static int max9768_set_gpio(struct snd_kcontrol *kcontrol,
{
struct snd_soc_component *c = snd_soc_kcontrol_component(kcontrol);
struct max9768 *max9768 = snd_soc_component_get_drvdata(c);
+ bool val = !ucontrol->value.integer.value[0];
+ int ret;
- gpiod_set_value_cansleep(max9768->mute, !ucontrol->value.integer.value[0]);
+ if (val != gpiod_get_value_cansleep(max9768->mute))
+ ret = 1;
+ else
+ ret = 0;
- return 0;
+ gpiod_set_value_cansleep(max9768->mute, val);
+
+ return ret;
}
static const DECLARE_TLV_DB_RANGE(volume_tlv,
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 042/817] ALSA: usb-audio: Fix Yamaha P-125 Quirk Entry
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (40 preceding siblings ...)
2024-12-03 14:33 ` [PATCH 6.11 041/817] ASoC: max9768: Fix event generation for playback mute Greg Kroah-Hartman
@ 2024-12-03 14:33 ` Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 043/817] ARM: 9420/1: smp: Fix SMP for xip kernels Greg Kroah-Hartman
` (784 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:33 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Eryk Zagorski, Takashi Iwai,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eryk Zagorski <erykzagorski@gmail.com>
[ Upstream commit 6f891ca15b017707840c9e7f5afd9fc6cfd7d8b1 ]
This patch switches the P-125 quirk entry to use a composite quirk as the
P-125 supplies both MIDI and Audio like many of the other Yamaha
keyboards
Signed-off-by: Eryk Zagorski <erykzagorski@gmail.com>
Link: https://patch.msgid.link/20241111164520.9079-2-erykzagorski@gmail.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/usb/quirks-table.h | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/sound/usb/quirks-table.h b/sound/usb/quirks-table.h
index 24c981c9b2405..199d0603cf8e5 100644
--- a/sound/usb/quirks-table.h
+++ b/sound/usb/quirks-table.h
@@ -324,7 +324,6 @@ YAMAHA_DEVICE(0x105a, NULL),
YAMAHA_DEVICE(0x105b, NULL),
YAMAHA_DEVICE(0x105c, NULL),
YAMAHA_DEVICE(0x105d, NULL),
-YAMAHA_DEVICE(0x1718, "P-125"),
{
USB_DEVICE(0x0499, 0x1503),
QUIRK_DRIVER_INFO {
@@ -391,6 +390,19 @@ YAMAHA_DEVICE(0x1718, "P-125"),
}
}
},
+{
+ USB_DEVICE(0x0499, 0x1718),
+ QUIRK_DRIVER_INFO {
+ /* .vendor_name = "Yamaha", */
+ /* .product_name = "P-125", */
+ QUIRK_DATA_COMPOSITE {
+ { QUIRK_DATA_STANDARD_AUDIO(1) },
+ { QUIRK_DATA_STANDARD_AUDIO(2) },
+ { QUIRK_DATA_MIDI_YAMAHA(3) },
+ QUIRK_COMPOSITE_END
+ }
+ }
+},
YAMAHA_DEVICE(0x2000, "DGP-7"),
YAMAHA_DEVICE(0x2001, "DGP-5"),
YAMAHA_DEVICE(0x2002, NULL),
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 043/817] ARM: 9420/1: smp: Fix SMP for xip kernels
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (41 preceding siblings ...)
2024-12-03 14:33 ` [PATCH 6.11 042/817] ALSA: usb-audio: Fix Yamaha P-125 Quirk Entry Greg Kroah-Hartman
@ 2024-12-03 14:33 ` Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 044/817] ARM: 9434/1: cfi: Fix compilation corner case Greg Kroah-Hartman
` (783 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:33 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Harith George, Linus Walleij,
Russell King (Oracle), Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Harith G <harith.g@alifsemi.com>
[ Upstream commit 9e9b0cf9319b4db143014477b0bc4b39894248f1 ]
Fix the physical address calculation of the following to get smp working
on xip kernels.
- secondary_data needed for secondary cpu bootup.
- secondary_startup address passed through psci.
- identity mapped code region needed for enabling mmu for secondary cpus.
Signed-off-by: Harith George <harith.g@alifsemi.com>
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/kernel/head.S | 4 ++++
arch/arm/kernel/psci_smp.c | 7 +++++++
arch/arm/mm/idmap.c | 7 +++++++
3 files changed, 18 insertions(+)
diff --git a/arch/arm/kernel/head.S b/arch/arm/kernel/head.S
index 28873cda464f5..f22c50d4bd417 100644
--- a/arch/arm/kernel/head.S
+++ b/arch/arm/kernel/head.S
@@ -411,7 +411,11 @@ ENTRY(secondary_startup)
/*
* Use the page tables supplied from __cpu_up.
*/
+#ifdef CONFIG_XIP_KERNEL
+ ldr r3, =(secondary_data + PLAT_PHYS_OFFSET - PAGE_OFFSET)
+#else
adr_l r3, secondary_data
+#endif
mov_l r12, __secondary_switched
ldrd r4, r5, [r3, #0] @ get secondary_data.pgdir
ARM_BE8(eor r4, r4, r5) @ Swap r5 and r4 in BE:
diff --git a/arch/arm/kernel/psci_smp.c b/arch/arm/kernel/psci_smp.c
index d4392e1774848..3bb0c4dcfc5c9 100644
--- a/arch/arm/kernel/psci_smp.c
+++ b/arch/arm/kernel/psci_smp.c
@@ -45,8 +45,15 @@ extern void secondary_startup(void);
static int psci_boot_secondary(unsigned int cpu, struct task_struct *idle)
{
if (psci_ops.cpu_on)
+#ifdef CONFIG_XIP_KERNEL
+ return psci_ops.cpu_on(cpu_logical_map(cpu),
+ ((phys_addr_t)(&secondary_startup)
+ - XIP_VIRT_ADDR(CONFIG_XIP_PHYS_ADDR)
+ + CONFIG_XIP_PHYS_ADDR));
+#else
return psci_ops.cpu_on(cpu_logical_map(cpu),
virt_to_idmap(&secondary_startup));
+#endif
return -ENODEV;
}
diff --git a/arch/arm/mm/idmap.c b/arch/arm/mm/idmap.c
index 448e57c6f6534..4a833e89782aa 100644
--- a/arch/arm/mm/idmap.c
+++ b/arch/arm/mm/idmap.c
@@ -84,8 +84,15 @@ static void identity_mapping_add(pgd_t *pgd, const char *text_start,
unsigned long addr, end;
unsigned long next;
+#ifdef CONFIG_XIP_KERNEL
+ addr = (phys_addr_t)(text_start) - XIP_VIRT_ADDR(CONFIG_XIP_PHYS_ADDR)
+ + CONFIG_XIP_PHYS_ADDR;
+ end = (phys_addr_t)(text_end) - XIP_VIRT_ADDR(CONFIG_XIP_PHYS_ADDR)
+ + CONFIG_XIP_PHYS_ADDR;
+#else
addr = virt_to_idmap(text_start);
end = virt_to_idmap(text_end);
+#endif
pr_info("Setting up static identity map for 0x%lx - 0x%lx\n", addr, end);
prot |= PMD_TYPE_SECT | PMD_SECT_AP_WRITE | PMD_SECT_AF;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 044/817] ARM: 9434/1: cfi: Fix compilation corner case
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (42 preceding siblings ...)
2024-12-03 14:33 ` [PATCH 6.11 043/817] ARM: 9420/1: smp: Fix SMP for xip kernels Greg Kroah-Hartman
@ 2024-12-03 14:33 ` Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 045/817] ipmr: Fix access to mfc_cache_list without lock held Greg Kroah-Hartman
` (782 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:33 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, kernel test robot, Nathan Chancellor,
Linus Walleij, Russell King (Oracle), Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Linus Walleij <linus.walleij@linaro.org>
[ Upstream commit 4aea16b7cfb76bd3361858ceee6893ef5c9b5570 ]
When enabling expert mode CONFIG_EXPERT and using that power
user mode to disable the branch prediction hardening
!CONFIG_HARDEN_BRANCH_PREDICTOR, the assembly linker
in CLANG notices that some assembly in proc-v7.S does
not have corresponding C call sites, i.e. the prototypes
in proc-v7-bugs.c are enclosed in ifdef
CONFIG_HARDEN_BRANCH_PREDICTOR so this assembly:
SYM_TYPED_FUNC_START(cpu_v7_smc_switch_mm)
SYM_TYPED_FUNC_START(cpu_v7_hvc_switch_mm)
Results in:
ld.lld: error: undefined symbol: __kcfi_typeid_cpu_v7_smc_switch_mm
>>> referenced by proc-v7.S:94 (.../arch/arm/mm/proc-v7.S:94)
>>> arch/arm/mm/proc-v7.o:(.text+0x108) in archive vmlinux.a
ld.lld: error: undefined symbol: __kcfi_typeid_cpu_v7_hvc_switch_mm
>>> referenced by proc-v7.S:105 (.../arch/arm/mm/proc-v7.S:105)
>>> arch/arm/mm/proc-v7.o:(.text+0x124) in archive vmlinux.a
Fix this by adding an additional requirement that
CONFIG_HARDEN_BRANCH_PREDICTOR has to be enabled to compile
these assembly calls.
Closes: https://lore.kernel.org/oe-kbuild-all/202411041456.ZsoEiD7T-lkp@intel.com/
Reported-by: kernel test robot <lkp@intel.com>
Reviewed-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/mm/proc-v7.S | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/mm/proc-v7.S b/arch/arm/mm/proc-v7.S
index 5fb9a6aecb001..2cd9333426794 100644
--- a/arch/arm/mm/proc-v7.S
+++ b/arch/arm/mm/proc-v7.S
@@ -94,7 +94,7 @@ SYM_TYPED_FUNC_START(cpu_v7_dcache_clean_area)
ret lr
SYM_FUNC_END(cpu_v7_dcache_clean_area)
-#ifdef CONFIG_ARM_PSCI
+#if defined(CONFIG_ARM_PSCI) && defined(CONFIG_HARDEN_BRANCH_PREDICTOR)
.arch_extension sec
SYM_TYPED_FUNC_START(cpu_v7_smc_switch_mm)
stmfd sp!, {r0 - r3}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 045/817] ipmr: Fix access to mfc_cache_list without lock held
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (43 preceding siblings ...)
2024-12-03 14:33 ` [PATCH 6.11 044/817] ARM: 9434/1: cfi: Fix compilation corner case Greg Kroah-Hartman
@ 2024-12-03 14:33 ` Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 046/817] f2fs: fix fiemap failure issue when page size is 16KB Greg Kroah-Hartman
` (781 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:33 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Breno Leitao, David Ahern,
Jakub Kicinski, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Breno Leitao <leitao@debian.org>
[ Upstream commit e28acc9c1ccfcb24c08e020828f69d0a915b06ae ]
Accessing `mr_table->mfc_cache_list` is protected by an RCU lock. In the
following code flow, the RCU read lock is not held, causing the
following error when `RCU_PROVE` is not held. The same problem might
show up in the IPv6 code path.
6.12.0-rc5-kbuilder-01145-gbac17284bdcb #33 Tainted: G E N
-----------------------------
net/ipv4/ipmr_base.c:313 RCU-list traversed in non-reader section!!
rcu_scheduler_active = 2, debug_locks = 1
2 locks held by RetransmitAggre/3519:
#0: ffff88816188c6c0 (nlk_cb_mutex-ROUTE){+.+.}-{3:3}, at: __netlink_dump_start+0x8a/0x290
#1: ffffffff83fcf7a8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_dumpit+0x6b/0x90
stack backtrace:
lockdep_rcu_suspicious
mr_table_dump
ipmr_rtm_dumproute
rtnl_dump_all
rtnl_dumpit
netlink_dump
__netlink_dump_start
rtnetlink_rcv_msg
netlink_rcv_skb
netlink_unicast
netlink_sendmsg
This is not a problem per see, since the RTNL lock is held here, so, it
is safe to iterate in the list without the RCU read lock, as suggested
by Eric.
To alleviate the concern, modify the code to use
list_for_each_entry_rcu() with the RTNL-held argument.
The annotation will raise an error only if RTNL or RCU read lock are
missing during iteration, signaling a legitimate problem, otherwise it
will avoid this false positive.
This will solve the IPv6 case as well, since ip6mr_rtm_dumproute() calls
this function as well.
Signed-off-by: Breno Leitao <leitao@debian.org>
Reviewed-by: David Ahern <dsahern@kernel.org>
Link: https://patch.msgid.link/20241108-ipmr_rcu-v2-1-c718998e209b@debian.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv4/ipmr_base.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/ipv4/ipmr_base.c b/net/ipv4/ipmr_base.c
index 271dc03fc6dbd..f0af12a2f70bc 100644
--- a/net/ipv4/ipmr_base.c
+++ b/net/ipv4/ipmr_base.c
@@ -310,7 +310,8 @@ int mr_table_dump(struct mr_table *mrt, struct sk_buff *skb,
if (filter->filter_set)
flags |= NLM_F_DUMP_FILTERED;
- list_for_each_entry_rcu(mfc, &mrt->mfc_cache_list, list) {
+ list_for_each_entry_rcu(mfc, &mrt->mfc_cache_list, list,
+ lockdep_rtnl_is_held()) {
if (e < s_e)
goto next_entry;
if (filter->dev &&
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 046/817] f2fs: fix fiemap failure issue when page size is 16KB
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (44 preceding siblings ...)
2024-12-03 14:33 ` [PATCH 6.11 045/817] ipmr: Fix access to mfc_cache_list without lock held Greg Kroah-Hartman
@ 2024-12-03 14:33 ` Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 047/817] drm/amd/display: Skip Invalid Streams from DSC Policy Greg Kroah-Hartman
` (780 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:33 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Xiuhong Wang, Zhiguo Niu, Chao Yu,
Jaegeuk Kim, Daniel Rosenberg
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Xiuhong Wang <xiuhong.wang@unisoc.com>
commit a7a7c1d423a6351a6541e95c797da5358e5ad1ea upstream.
After enable 16K page size, an infinite loop may occur in
fiemap (fm_length=UINT64_MAX) on a file, such as the 16KB
scratch.img during the remount operation in Android.
The condition for whether fiemap continues to map is to check
whether the number of bytes corresponding to the next map.m_lblk
exceeds blks_to_bytes(inode,max_inode_blocks(inode)) if there are HOLE.
The latter does not take into account the maximum size of a file with 16KB
page size, so the loop cannot be jumped out.
The following is the fail trace:
When f2fs_map_blocks reaches map.m_lblk=3936, it needs to go to the
first direct node block, so the map is 3936 + 4090 = 8026,
The next map is the second direct node block, that is,
8026 + 4090 = 12116,
The next map is the first indirect node block, that is,
12116 + 4090 * 4090 = 16740216,
The next map is the second indirect node block, that is,
16740216 + 4090 * 4090 = 33468316,
The next map is the first double indirect node block, that is,
33468316 + 4090 * 4090 * 4090 = 68451397316
Since map.m_lblk represents the address of a block, which is 32
bits, truncation will occur, that is, 68451397316 becomes
4026887876, and the number of bytes corresponding to the block
number does not exceed blks_to_bytes(inode,max_inode_blocks(inode)),
so the loop will not be jumped out.
The next time, it will be considered that it should still be a
double indirect node block, that is,
4026887876 + 4090 * 4090 * 4090 = 72444816876, which will be
truncated to 3725340140, and the loop will not be jumped out.
156.374871: f2fs_map_blocks: dev = (254,57), ino = 7449, file offset = 0, start blkaddr = 0x8e00, len = 0x200, flags = 2,seg_type = 8, may_create = 0, multidevice = 0, flag = 1, err = 0
156.374916: f2fs_map_blocks: dev = (254,57), ino = 7449, file offset = 512, start blkaddr = 0x0, len = 0x0, flags = 0 , seg_type = 8, may_create = 0, multidevice = 0, flag = 1, err = 0
156.374920: f2fs_map_blocks: dev = (254,57), ino = 7449, file offset = 513, start blkaddr = 0x0, len = 0x0, flags = 0, seg_type = 8, may_create = 0, multidevice = 0, flag = 1, err = 0
......
156.385747: f2fs_map_blocks: dev = (254,57), ino = 7449, file offset = 3935, start blkaddr = 0x0, len = 0x0, flags = 0, seg_type = 8, may_create = 0, multidevice = 0, flag = 1, err = 0
156.385752: f2fs_map_blocks: dev = (254,57), ino = 7449, file offset = 3936, start blkaddr = 0x0, len = 0x0, flags = 0, seg_type = 8, may_create = 0, multidevice = 0, flag = 1, err = 0
156.385755: f2fs_map_blocks: dev = (254,57), ino = 7449, file offset = 8026, start blkaddr = 0x0, len = 0x0, flags = 0, seg_type = 8, may_create = 0, multidevice = 0, flag = 1, err = 0
156.385758: f2fs_map_blocks: dev = (254,57), ino = 7449, file offset = 12116, start blkaddr = 0x0, len = 0x0, flags = 0, seg_type = 8, may_create = 0, multidevice = 0, flag = 1, err = 0
156.385761: f2fs_map_blocks: dev = (254,57), ino = 7449, file offset = 16740216, start blkaddr = 0x0, len = 0x0, flags = 0, seg_type = 8, may_create = 0, multidevice = 0, flag = 1, err = 0
156.385764: f2fs_map_blocks: dev = (254,57), ino = 7449, file offset = 33468316, start blkaddr = 0x0, len = 0x0, flags = 0, seg_type = 8, may_create = 0, multidevice = 0, flag = 1, err = 0
156.385767: f2fs_map_blocks: dev = (254,57), ino = 7449, file offset = 4026887876, start blkaddr = 0x0, len = 0x0, flags = 0, seg_type = 8, may_create = 0, multidevice = 0, flag = 1, err = 0
156.385770: f2fs_map_blocks: dev = (254,57), ino = 7449, file offset = 3725340140, start blkaddr = 0x0, len = 0x0, flags = 0, seg_type = 8, may_create = 0, multidevice = 0, flag = 1, err = 0
156.385772: f2fs_map_blocks: dev = (254,57), ino = 7449, file offset = 4026887876, start blkaddr = 0x0, len = 0x0, flags = 0, seg_type = 8, may_create = 0, multidevice = 0, flag = 1, err = 0
156.385775: f2fs_map_blocks: dev = (254,57), ino = 7449, file offset = 3725340140, start blkaddr = 0x0, len = 0x0, flags = 0, seg_type = 8, may_create = 0, multidevice = 0, flag = 1, err = 0
Commit a6a010f5def5 ("f2fs: Restrict max filesize for 16K f2fs")
has set the maximum allowed file size to (U32_MAX + 1) * F2FS_BLKSIZE,
so max_file_blocks should be used here to limit it, that is,
maxbytes defined above. And the max_inode_blocks function is not
called by other functions except here, so cleanup it.
Signed-off-by: Xiuhong Wang <xiuhong.wang@unisoc.com>
Signed-off-by: Zhiguo Niu <zhiguo.niu@unisoc.com>
Reviewed-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Cc: Daniel Rosenberg <drosen@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/f2fs/data.c | 22 +---------------------
1 file changed, 1 insertion(+), 21 deletions(-)
--- a/fs/f2fs/data.c
+++ b/fs/f2fs/data.c
@@ -1894,25 +1894,6 @@ static int f2fs_xattr_fiemap(struct inod
return (err < 0 ? err : 0);
}
-static loff_t max_inode_blocks(struct inode *inode)
-{
- loff_t result = ADDRS_PER_INODE(inode);
- loff_t leaf_count = ADDRS_PER_BLOCK(inode);
-
- /* two direct node blocks */
- result += (leaf_count * 2);
-
- /* two indirect node blocks */
- leaf_count *= NIDS_PER_BLOCK;
- result += (leaf_count * 2);
-
- /* one double indirect node block */
- leaf_count *= NIDS_PER_BLOCK;
- result += leaf_count;
-
- return result;
-}
-
int f2fs_fiemap(struct inode *inode, struct fiemap_extent_info *fieinfo,
u64 start, u64 len)
{
@@ -1985,8 +1966,7 @@ next:
if (!compr_cluster && !(map.m_flags & F2FS_MAP_FLAGS)) {
start_blk = next_pgofs;
- if (blks_to_bytes(inode, start_blk) < blks_to_bytes(inode,
- max_inode_blocks(inode)))
+ if (blks_to_bytes(inode, start_blk) < maxbytes)
goto prep_next;
flags |= FIEMAP_EXTENT_LAST;
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 047/817] drm/amd/display: Skip Invalid Streams from DSC Policy
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (45 preceding siblings ...)
2024-12-03 14:33 ` [PATCH 6.11 046/817] f2fs: fix fiemap failure issue when page size is 16KB Greg Kroah-Hartman
@ 2024-12-03 14:33 ` Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 048/817] drm/amd/display: Fix incorrect DSC recompute trigger Greg Kroah-Hartman
` (779 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:33 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Aurabindo Pillai, Fangzhi Zuo,
Rodrigo Siqueira, Daniel Wheeler, Alex Deucher, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Fangzhi Zuo <Jerry.Zuo@amd.com>
[ Upstream commit 9afeda04964281e9f708b92c2a9c4f8a1387b46e ]
Streams with invalid new connector state should be elimiated from
dsc policy.
Reviewed-by: Aurabindo Pillai <aurabindo.pillai@amd.com>
Signed-off-by: Fangzhi Zuo <Jerry.Zuo@amd.com>
Signed-off-by: Rodrigo Siqueira <rodrigo.siqueira@amd.com>
Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c
index 905c11af01716..0fa922f60ac0a 100644
--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c
+++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c
@@ -1120,6 +1120,7 @@ static int compute_mst_dsc_configs_for_link(struct drm_atomic_state *state,
int i, k, ret;
bool debugfs_overwrite = false;
uint16_t fec_overhead_multiplier_x1000 = get_fec_overhead_multiplier(dc_link);
+ struct drm_connector_state *new_conn_state;
memset(params, 0, sizeof(params));
@@ -1127,7 +1128,7 @@ static int compute_mst_dsc_configs_for_link(struct drm_atomic_state *state,
return PTR_ERR(mst_state);
/* Set up params */
- DRM_DEBUG_DRIVER("%s: MST_DSC Set up params for %d streams\n", __func__, dc_state->stream_count);
+ DRM_DEBUG_DRIVER("%s: MST_DSC Try to set up params from %d streams\n", __func__, dc_state->stream_count);
for (i = 0; i < dc_state->stream_count; i++) {
struct dc_dsc_policy dsc_policy = {0};
@@ -1143,6 +1144,14 @@ static int compute_mst_dsc_configs_for_link(struct drm_atomic_state *state,
if (!aconnector->mst_output_port)
continue;
+ new_conn_state = drm_atomic_get_new_connector_state(state, &aconnector->base);
+
+ if (!new_conn_state) {
+ DRM_DEBUG_DRIVER("%s:%d MST_DSC Skip the stream 0x%p with invalid new_conn_state\n",
+ __func__, __LINE__, stream);
+ continue;
+ }
+
stream->timing.flags.DSC = 0;
params[count].timing = &stream->timing;
@@ -1175,6 +1184,8 @@ static int compute_mst_dsc_configs_for_link(struct drm_atomic_state *state,
count++;
}
+ DRM_DEBUG_DRIVER("%s: MST_DSC Params set up for %d streams\n", __func__, count);
+
if (count == 0) {
ASSERT(0);
return 0;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 048/817] drm/amd/display: Fix incorrect DSC recompute trigger
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (46 preceding siblings ...)
2024-12-03 14:33 ` [PATCH 6.11 047/817] drm/amd/display: Skip Invalid Streams from DSC Policy Greg Kroah-Hartman
@ 2024-12-03 14:33 ` Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 049/817] s390/facilities: Fix warning about shadow of global variable Greg Kroah-Hartman
` (778 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:33 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Rodrigo Siqueira, Fangzhi Zuo,
Aurabindo Pillai, Daniel Wheeler, Alex Deucher, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Fangzhi Zuo <Jerry.Zuo@amd.com>
[ Upstream commit 4641169a8c95d9efc35d2d3c55c3948f3b375ff9 ]
A stream without dsc_aux should not be eliminated from
the dsc determination. Whether it needs a dsc recompute depends on
whether its mode has changed or not. Eliminating such a no-dsc stream
from the dsc determination policy will end up with inconsistencies
in the new dc_state when compared to the current dc_state,
triggering a dsc recompute that should not have happened.
Reviewed-by: Rodrigo Siqueira <rodrigo.siqueira@amd.com>
Signed-off-by: Fangzhi Zuo <Jerry.Zuo@amd.com>
Signed-off-by: Aurabindo Pillai <aurabindo.pillai@amd.com>
Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c
index 0fa922f60ac0a..c6865851e7325 100644
--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c
+++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c
@@ -1313,7 +1313,7 @@ static bool is_dsc_need_re_compute(
continue;
aconnector = (struct amdgpu_dm_connector *) stream->dm_stream_context;
- if (!aconnector || !aconnector->dsc_aux)
+ if (!aconnector)
continue;
stream_on_link[new_stream_on_link_num] = aconnector;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 049/817] s390/facilities: Fix warning about shadow of global variable
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (47 preceding siblings ...)
2024-12-03 14:33 ` [PATCH 6.11 048/817] drm/amd/display: Fix incorrect DSC recompute trigger Greg Kroah-Hartman
@ 2024-12-03 14:33 ` Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 050/817] efs: fix the efs new mount api implementation Greg Kroah-Hartman
` (777 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:33 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Gerd Bayer, Heiko Carstens,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Gerd Bayer <gbayer@linux.ibm.com>
[ Upstream commit 61997c1e947dbf8bc625ef86ceee00fdf2a5dba1 ]
Compiling the kernel with clang W=2 produces a warning that the
parameter declarations in some routines would shadow the definition of
the global variable stfle_fac_list. Address this warning by renaming the
parameters to fac_list.
Fixes: 17e89e1340a3 ("s390/facilities: move stfl information from lowcore to global data")
Signed-off-by: Gerd Bayer <gbayer@linux.ibm.com>
Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/s390/include/asm/facility.h | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/arch/s390/include/asm/facility.h b/arch/s390/include/asm/facility.h
index 65ebf86506cde..48791a02cab1e 100644
--- a/arch/s390/include/asm/facility.h
+++ b/arch/s390/include/asm/facility.h
@@ -67,7 +67,7 @@ static inline int test_facility(unsigned long nr)
return __test_facility(nr, &stfle_fac_list);
}
-static inline unsigned long __stfle_asm(u64 *stfle_fac_list, int size)
+static inline unsigned long __stfle_asm(u64 *fac_list, int size)
{
unsigned long reg0 = size - 1;
@@ -75,7 +75,7 @@ static inline unsigned long __stfle_asm(u64 *stfle_fac_list, int size)
" lgr 0,%[reg0]\n"
" .insn s,0xb2b00000,%[list]\n" /* stfle */
" lgr %[reg0],0\n"
- : [reg0] "+&d" (reg0), [list] "+Q" (*stfle_fac_list)
+ : [reg0] "+&d" (reg0), [list] "+Q" (*fac_list)
:
: "memory", "cc", "0");
return reg0;
@@ -83,10 +83,10 @@ static inline unsigned long __stfle_asm(u64 *stfle_fac_list, int size)
/**
* stfle - Store facility list extended
- * @stfle_fac_list: array where facility list can be stored
+ * @fac_list: array where facility list can be stored
* @size: size of passed in array in double words
*/
-static inline void __stfle(u64 *stfle_fac_list, int size)
+static inline void __stfle(u64 *fac_list, int size)
{
unsigned long nr;
u32 stfl_fac_list;
@@ -95,20 +95,20 @@ static inline void __stfle(u64 *stfle_fac_list, int size)
" stfl 0(0)\n"
: "=m" (get_lowcore()->stfl_fac_list));
stfl_fac_list = get_lowcore()->stfl_fac_list;
- memcpy(stfle_fac_list, &stfl_fac_list, 4);
+ memcpy(fac_list, &stfl_fac_list, 4);
nr = 4; /* bytes stored by stfl */
if (stfl_fac_list & 0x01000000) {
/* More facility bits available with stfle */
- nr = __stfle_asm(stfle_fac_list, size);
+ nr = __stfle_asm(fac_list, size);
nr = min_t(unsigned long, (nr + 1) * 8, size * 8);
}
- memset((char *) stfle_fac_list + nr, 0, size * 8 - nr);
+ memset((char *)fac_list + nr, 0, size * 8 - nr);
}
-static inline void stfle(u64 *stfle_fac_list, int size)
+static inline void stfle(u64 *fac_list, int size)
{
preempt_disable();
- __stfle(stfle_fac_list, size);
+ __stfle(fac_list, size);
preempt_enable();
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 050/817] efs: fix the efs new mount api implementation
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (48 preceding siblings ...)
2024-12-03 14:33 ` [PATCH 6.11 049/817] s390/facilities: Fix warning about shadow of global variable Greg Kroah-Hartman
@ 2024-12-03 14:33 ` Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 051/817] arm64: probes: Disable kprobes/uprobes on MOPS instructions Greg Kroah-Hartman
` (776 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:33 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Bill ODonnell, Christian Brauner,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Bill O'Donnell <bodonnel@redhat.com>
[ Upstream commit 51ceeb1a8142537b9f65aeaac6c301560a948197 ]
Commit 39a6c668e4 (efs: convert efs to use the new mount api)
did not include anything from v2 and v3 that were also submitted.
Fix this by bringing in those changes that were proposed in v2 and
v3.
Fixes: 39a6c668e4 efs: convert efs to use the new mount api.
Signed-off-by: Bill O'Donnell <bodonnel@redhat.com>
Link: https://lore.kernel.org/r/20241014190241.4093825-1-bodonnel@redhat.com
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/efs/super.c | 43 +++----------------------------------------
1 file changed, 3 insertions(+), 40 deletions(-)
diff --git a/fs/efs/super.c b/fs/efs/super.c
index e4421c10caebe..c59086b7eabfe 100644
--- a/fs/efs/super.c
+++ b/fs/efs/super.c
@@ -15,7 +15,6 @@
#include <linux/vfs.h>
#include <linux/blkdev.h>
#include <linux/fs_context.h>
-#include <linux/fs_parser.h>
#include "efs.h"
#include <linux/efs_vh.h>
#include <linux/efs_fs_sb.h>
@@ -49,15 +48,6 @@ static struct pt_types sgi_pt_types[] = {
{0, NULL}
};
-enum {
- Opt_explicit_open,
-};
-
-static const struct fs_parameter_spec efs_param_spec[] = {
- fsparam_flag ("explicit-open", Opt_explicit_open),
- {}
-};
-
/*
* File system definition and registration.
*/
@@ -67,7 +57,6 @@ static struct file_system_type efs_fs_type = {
.kill_sb = efs_kill_sb,
.fs_flags = FS_REQUIRES_DEV,
.init_fs_context = efs_init_fs_context,
- .parameters = efs_param_spec,
};
MODULE_ALIAS_FS("efs");
@@ -265,7 +254,8 @@ static int efs_fill_super(struct super_block *s, struct fs_context *fc)
if (!sb_set_blocksize(s, EFS_BLOCKSIZE)) {
pr_err("device does not support %d byte blocks\n",
EFS_BLOCKSIZE);
- return -EINVAL;
+ return invalf(fc, "device does not support %d byte blocks\n",
+ EFS_BLOCKSIZE);
}
/* read the vh (volume header) block */
@@ -327,43 +317,22 @@ static int efs_fill_super(struct super_block *s, struct fs_context *fc)
return 0;
}
-static void efs_free_fc(struct fs_context *fc)
-{
- kfree(fc->fs_private);
-}
-
static int efs_get_tree(struct fs_context *fc)
{
return get_tree_bdev(fc, efs_fill_super);
}
-static int efs_parse_param(struct fs_context *fc, struct fs_parameter *param)
-{
- int token;
- struct fs_parse_result result;
-
- token = fs_parse(fc, efs_param_spec, param, &result);
- if (token < 0)
- return token;
- return 0;
-}
-
static int efs_reconfigure(struct fs_context *fc)
{
sync_filesystem(fc->root->d_sb);
+ fc->sb_flags |= SB_RDONLY;
return 0;
}
-struct efs_context {
- unsigned long s_mount_opts;
-};
-
static const struct fs_context_operations efs_context_opts = {
- .parse_param = efs_parse_param,
.get_tree = efs_get_tree,
.reconfigure = efs_reconfigure,
- .free = efs_free_fc,
};
/*
@@ -371,12 +340,6 @@ static const struct fs_context_operations efs_context_opts = {
*/
static int efs_init_fs_context(struct fs_context *fc)
{
- struct efs_context *ctx;
-
- ctx = kzalloc(sizeof(struct efs_context), GFP_KERNEL);
- if (!ctx)
- return -ENOMEM;
- fc->fs_private = ctx;
fc->ops = &efs_context_opts;
return 0;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 051/817] arm64: probes: Disable kprobes/uprobes on MOPS instructions
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (49 preceding siblings ...)
2024-12-03 14:33 ` [PATCH 6.11 050/817] efs: fix the efs new mount api implementation Greg Kroah-Hartman
@ 2024-12-03 14:33 ` Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 052/817] kselftest/arm64: hwcap: fix f8dp2 cpuinfo name Greg Kroah-Hartman
` (775 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:33 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Kristina Martsenko, Catalin Marinas,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kristina Martsenko <kristina.martsenko@arm.com>
[ Upstream commit c56c599d9002d44f559be3852b371db46adac87c ]
FEAT_MOPS instructions require that all three instructions (prologue,
main and epilogue) appear consecutively in memory. Placing a
kprobe/uprobe on one of them doesn't work as only a single instruction
gets executed out-of-line or simulated. So don't allow placing a probe
on a MOPS instruction.
Fixes: b7564127ffcb ("arm64: mops: detect and enable FEAT_MOPS")
Signed-off-by: Kristina Martsenko <kristina.martsenko@arm.com>
Link: https://lore.kernel.org/r/20240930161051.3777828-2-kristina.martsenko@arm.com
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/include/asm/insn.h | 1 +
arch/arm64/kernel/probes/decode-insn.c | 7 +++++--
2 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/arch/arm64/include/asm/insn.h b/arch/arm64/include/asm/insn.h
index 8c0a36f72d6fc..bc77869dbd43b 100644
--- a/arch/arm64/include/asm/insn.h
+++ b/arch/arm64/include/asm/insn.h
@@ -353,6 +353,7 @@ __AARCH64_INSN_FUNCS(ldrsw_lit, 0xFF000000, 0x98000000)
__AARCH64_INSN_FUNCS(exclusive, 0x3F800000, 0x08000000)
__AARCH64_INSN_FUNCS(load_ex, 0x3F400000, 0x08400000)
__AARCH64_INSN_FUNCS(store_ex, 0x3F400000, 0x08000000)
+__AARCH64_INSN_FUNCS(mops, 0x3B200C00, 0x19000400)
__AARCH64_INSN_FUNCS(stp, 0x7FC00000, 0x29000000)
__AARCH64_INSN_FUNCS(ldp, 0x7FC00000, 0x29400000)
__AARCH64_INSN_FUNCS(stp_post, 0x7FC00000, 0x28800000)
diff --git a/arch/arm64/kernel/probes/decode-insn.c b/arch/arm64/kernel/probes/decode-insn.c
index 3496d6169e59b..42b69936cee34 100644
--- a/arch/arm64/kernel/probes/decode-insn.c
+++ b/arch/arm64/kernel/probes/decode-insn.c
@@ -58,10 +58,13 @@ static bool __kprobes aarch64_insn_is_steppable(u32 insn)
* Instructions which load PC relative literals are not going to work
* when executed from an XOL slot. Instructions doing an exclusive
* load/store are not going to complete successfully when single-step
- * exception handling happens in the middle of the sequence.
+ * exception handling happens in the middle of the sequence. Memory
+ * copy/set instructions require that all three instructions be placed
+ * consecutively in memory.
*/
if (aarch64_insn_uses_literal(insn) ||
- aarch64_insn_is_exclusive(insn))
+ aarch64_insn_is_exclusive(insn) ||
+ aarch64_insn_is_mops(insn))
return false;
return true;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 052/817] kselftest/arm64: hwcap: fix f8dp2 cpuinfo name
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (50 preceding siblings ...)
2024-12-03 14:33 ` [PATCH 6.11 051/817] arm64: probes: Disable kprobes/uprobes on MOPS instructions Greg Kroah-Hartman
@ 2024-12-03 14:33 ` Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 053/817] kselftest/arm64: mte: fix printf type warnings about __u64 Greg Kroah-Hartman
` (774 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:33 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Andre Przywara, Mark Brown,
Catalin Marinas, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andre Przywara <andre.przywara@arm.com>
[ Upstream commit b0d80dbc378d52155c9ecf9579986edccceed3aa ]
The F8DP2 DPISA extension has a separate cpuinfo field, named
accordingly.
Change the erroneously placed name of "f8dp4" to "f8dp2".
Fixes: 44d10c27bd75 ("kselftest/arm64: Add 2023 DPISA hwcap test coverage")
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Mark Brown <broonie@kernel.org>
Link: https://lore.kernel.org/r/20240816153251.2833702-3-andre.przywara@arm.com
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/arm64/abi/hwcap.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/testing/selftests/arm64/abi/hwcap.c b/tools/testing/selftests/arm64/abi/hwcap.c
index d8909b2b535a0..41c245478e412 100644
--- a/tools/testing/selftests/arm64/abi/hwcap.c
+++ b/tools/testing/selftests/arm64/abi/hwcap.c
@@ -484,7 +484,7 @@ static const struct hwcap_data {
.name = "F8DP2",
.at_hwcap = AT_HWCAP2,
.hwcap_bit = HWCAP2_F8DP2,
- .cpuinfo = "f8dp4",
+ .cpuinfo = "f8dp2",
.sigill_fn = f8dp2_sigill,
},
{
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 053/817] kselftest/arm64: mte: fix printf type warnings about __u64
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (51 preceding siblings ...)
2024-12-03 14:33 ` [PATCH 6.11 052/817] kselftest/arm64: hwcap: fix f8dp2 cpuinfo name Greg Kroah-Hartman
@ 2024-12-03 14:33 ` Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 054/817] kselftest/arm64: mte: fix printf type warnings about longs Greg Kroah-Hartman
` (773 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:33 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Andre Przywara, Mark Brown,
Catalin Marinas, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andre Przywara <andre.przywara@arm.com>
[ Upstream commit 7e893dc81de3e342156389ea0b83ec7d07f25281 ]
When printing the signal context's PC, we use a "%lx" format specifier,
which matches the common userland (glibc's) definition of uint64_t as an
"unsigned long". However the structure in question is defined in a
kernel uapi header, which uses a self defined __u64 type, and the arm64
kernel headers define this using "int-ll64.h", so it becomes an
"unsigned long long". This mismatch leads to the usual compiler warning.
The common fix would be to use "PRIx64", but because this is defined by
the userland's toolchain libc headers, it wouldn't match as well. Since
we know the exact type of __u64, just use "%llx" here instead, to silence
this warning.
This also fixes a more severe typo: "$lx" is not a valid format
specifier.
Fixes: 191e678bdc9b ("kselftest/arm64: Log unexpected asynchronous MTE faults")
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Mark Brown <broonie@kernel.org>
Link: https://lore.kernel.org/r/20240816153251.2833702-7-andre.przywara@arm.com
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/arm64/mte/mte_common_util.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/tools/testing/selftests/arm64/mte/mte_common_util.c b/tools/testing/selftests/arm64/mte/mte_common_util.c
index 00ffd34c66d30..1120f5aa76550 100644
--- a/tools/testing/selftests/arm64/mte/mte_common_util.c
+++ b/tools/testing/selftests/arm64/mte/mte_common_util.c
@@ -38,7 +38,7 @@ void mte_default_handler(int signum, siginfo_t *si, void *uc)
if (cur_mte_cxt.trig_si_code == si->si_code)
cur_mte_cxt.fault_valid = true;
else
- ksft_print_msg("Got unexpected SEGV_MTEAERR at pc=$lx, fault addr=%lx\n",
+ ksft_print_msg("Got unexpected SEGV_MTEAERR at pc=%llx, fault addr=%lx\n",
((ucontext_t *)uc)->uc_mcontext.pc,
addr);
return;
@@ -64,7 +64,7 @@ void mte_default_handler(int signum, siginfo_t *si, void *uc)
exit(1);
}
} else if (signum == SIGBUS) {
- ksft_print_msg("INFO: SIGBUS signal at pc=%lx, fault addr=%lx, si_code=%lx\n",
+ ksft_print_msg("INFO: SIGBUS signal at pc=%llx, fault addr=%lx, si_code=%x\n",
((ucontext_t *)uc)->uc_mcontext.pc, addr, si->si_code);
if ((cur_mte_cxt.trig_range >= 0 &&
addr >= MT_CLEAR_TAG(cur_mte_cxt.trig_addr) &&
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 054/817] kselftest/arm64: mte: fix printf type warnings about longs
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (52 preceding siblings ...)
2024-12-03 14:33 ` [PATCH 6.11 053/817] kselftest/arm64: mte: fix printf type warnings about __u64 Greg Kroah-Hartman
@ 2024-12-03 14:33 ` Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 055/817] block/fs: Pass an iocb to generic_atomic_write_valid() Greg Kroah-Hartman
` (772 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:33 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Andre Przywara, Mark Brown,
Catalin Marinas, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andre Przywara <andre.przywara@arm.com>
[ Upstream commit 96dddb7b9406259baace9a1831e8da155311be6f ]
When checking MTE tags, we print some diagnostic messages when the tests
fail. Some variables uses there are "longs", however we only use "%x"
for the format specifier.
Update the format specifiers to "%lx", to match the variable types they
are supposed to print.
Fixes: f3b2a26ca78d ("kselftest/arm64: Verify mte tag inclusion via prctl")
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Mark Brown <broonie@kernel.org>
Link: https://lore.kernel.org/r/20240816153251.2833702-9-andre.przywara@arm.com
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/arm64/mte/check_tags_inclusion.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/tools/testing/selftests/arm64/mte/check_tags_inclusion.c b/tools/testing/selftests/arm64/mte/check_tags_inclusion.c
index 2b1425b92b699..a3d1e23fe02af 100644
--- a/tools/testing/selftests/arm64/mte/check_tags_inclusion.c
+++ b/tools/testing/selftests/arm64/mte/check_tags_inclusion.c
@@ -65,7 +65,7 @@ static int check_single_included_tags(int mem_type, int mode)
ptr = mte_insert_tags(ptr, BUFFER_SIZE);
/* Check tag value */
if (MT_FETCH_TAG((uintptr_t)ptr) == tag) {
- ksft_print_msg("FAIL: wrong tag = 0x%x with include mask=0x%x\n",
+ ksft_print_msg("FAIL: wrong tag = 0x%lx with include mask=0x%x\n",
MT_FETCH_TAG((uintptr_t)ptr),
MT_INCLUDE_VALID_TAG(tag));
result = KSFT_FAIL;
@@ -97,7 +97,7 @@ static int check_multiple_included_tags(int mem_type, int mode)
ptr = mte_insert_tags(ptr, BUFFER_SIZE);
/* Check tag value */
if (MT_FETCH_TAG((uintptr_t)ptr) < tag) {
- ksft_print_msg("FAIL: wrong tag = 0x%x with include mask=0x%x\n",
+ ksft_print_msg("FAIL: wrong tag = 0x%lx with include mask=0x%lx\n",
MT_FETCH_TAG((uintptr_t)ptr),
MT_INCLUDE_VALID_TAGS(excl_mask));
result = KSFT_FAIL;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 055/817] block/fs: Pass an iocb to generic_atomic_write_valid()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (53 preceding siblings ...)
2024-12-03 14:33 ` [PATCH 6.11 054/817] kselftest/arm64: mte: fix printf type warnings about longs Greg Kroah-Hartman
@ 2024-12-03 14:33 ` Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 056/817] fs/block: Check for IOCB_DIRECT in generic_atomic_write_valid() Greg Kroah-Hartman
` (771 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:33 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Darrick J. Wong, Hannes Reinecke,
Christoph Hellwig, John Garry, Jens Axboe, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: John Garry <john.g.garry@oracle.com>
[ Upstream commit 9a8dbdadae509e5717ff6e5aa572ca0974d2101d ]
Darrick and Hannes both thought it better that generic_atomic_write_valid()
should be passed a struct iocb, and not just the member of that struct
which is referenced; see [0] and [1].
I think that makes a more generic and clean API, so make that change.
[0] https://lore.kernel.org/linux-block/680ce641-729b-4150-b875-531a98657682@suse.de/
[1] https://lore.kernel.org/linux-xfs/20240620212401.GA3058325@frogsfrogsfrogs/
Fixes: c34fc6f26ab8 ("fs: Initial atomic write support")
Suggested-by: Darrick J. Wong <djwong@kernel.org>
Suggested-by: Hannes Reinecke <hare@suse.de>
Reviewed-by: Darrick J. Wong <djwong@kernel.org>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: John Garry <john.g.garry@oracle.com>
Link: https://lore.kernel.org/r/20241019125113.369994-2-john.g.garry@oracle.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
block/fops.c | 8 ++++----
fs/read_write.c | 4 ++--
include/linux/fs.h | 2 +-
3 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/block/fops.c b/block/fops.c
index 9825c1713a49a..1c0f9d3138451 100644
--- a/block/fops.c
+++ b/block/fops.c
@@ -34,13 +34,13 @@ static blk_opf_t dio_bio_write_op(struct kiocb *iocb)
return opf;
}
-static bool blkdev_dio_invalid(struct block_device *bdev, loff_t pos,
+static bool blkdev_dio_invalid(struct block_device *bdev, struct kiocb *iocb,
struct iov_iter *iter, bool is_atomic)
{
- if (is_atomic && !generic_atomic_write_valid(iter, pos))
+ if (is_atomic && !generic_atomic_write_valid(iocb, iter))
return true;
- return pos & (bdev_logical_block_size(bdev) - 1) ||
+ return iocb->ki_pos & (bdev_logical_block_size(bdev) - 1) ||
!bdev_iter_is_aligned(bdev, iter);
}
@@ -373,7 +373,7 @@ static ssize_t blkdev_direct_IO(struct kiocb *iocb, struct iov_iter *iter)
if (!iov_iter_count(iter))
return 0;
- if (blkdev_dio_invalid(bdev, iocb->ki_pos, iter, is_atomic))
+ if (blkdev_dio_invalid(bdev, iocb, iter, is_atomic))
return -EINVAL;
nr_pages = bio_iov_vecs_to_alloc(iter, BIO_MAX_VECS + 1);
diff --git a/fs/read_write.c b/fs/read_write.c
index 90e283b31ca18..d8af6f2f1c9af 100644
--- a/fs/read_write.c
+++ b/fs/read_write.c
@@ -1737,7 +1737,7 @@ int generic_file_rw_checks(struct file *file_in, struct file *file_out)
return 0;
}
-bool generic_atomic_write_valid(struct iov_iter *iter, loff_t pos)
+bool generic_atomic_write_valid(struct kiocb *iocb, struct iov_iter *iter)
{
size_t len = iov_iter_count(iter);
@@ -1747,7 +1747,7 @@ bool generic_atomic_write_valid(struct iov_iter *iter, loff_t pos)
if (!is_power_of_2(len))
return false;
- if (!IS_ALIGNED(pos, len))
+ if (!IS_ALIGNED(iocb->ki_pos, len))
return false;
return true;
diff --git a/include/linux/fs.h b/include/linux/fs.h
index 6ca11e241a249..0a8acd6063896 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -3663,6 +3663,6 @@ static inline bool vfs_empty_path(int dfd, const char __user *path)
return !c;
}
-bool generic_atomic_write_valid(struct iov_iter *iter, loff_t pos);
+bool generic_atomic_write_valid(struct kiocb *iocb, struct iov_iter *iter);
#endif /* _LINUX_FS_H */
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 056/817] fs/block: Check for IOCB_DIRECT in generic_atomic_write_valid()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (54 preceding siblings ...)
2024-12-03 14:33 ` [PATCH 6.11 055/817] block/fs: Pass an iocb to generic_atomic_write_valid() Greg Kroah-Hartman
@ 2024-12-03 14:33 ` Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 057/817] s390/cio: Do not unregister the subchannel based on DNV Greg Kroah-Hartman
` (770 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:33 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christoph Hellwig, Darrick J. Wong,
John Garry, Jens Axboe, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: John Garry <john.g.garry@oracle.com>
[ Upstream commit c3be7ebbbce5201e151f17e28a6c807602f369c9 ]
Currently FMODE_CAN_ATOMIC_WRITE is set if the bdev can atomic write and
the file is open for direct IO. This does not work if the file is not
opened for direct IO, yet fcntl(O_DIRECT) is used on the fd later.
Change to check for direct IO on a per-IO basis in
generic_atomic_write_valid(). Since we want to report -EOPNOTSUPP for
non-direct IO for an atomic write, change to return an error code.
Relocate the block fops atomic write checks to the common write path, as to
catch non-direct IO.
Fixes: c34fc6f26ab8 ("fs: Initial atomic write support")
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: John Garry <john.g.garry@oracle.com>
Link: https://lore.kernel.org/r/20241019125113.369994-3-john.g.garry@oracle.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
block/fops.c | 18 ++++++++++--------
fs/read_write.c | 13 ++++++++-----
include/linux/fs.h | 2 +-
3 files changed, 19 insertions(+), 14 deletions(-)
diff --git a/block/fops.c b/block/fops.c
index 1c0f9d3138451..56db751bba49b 100644
--- a/block/fops.c
+++ b/block/fops.c
@@ -35,11 +35,8 @@ static blk_opf_t dio_bio_write_op(struct kiocb *iocb)
}
static bool blkdev_dio_invalid(struct block_device *bdev, struct kiocb *iocb,
- struct iov_iter *iter, bool is_atomic)
+ struct iov_iter *iter)
{
- if (is_atomic && !generic_atomic_write_valid(iocb, iter))
- return true;
-
return iocb->ki_pos & (bdev_logical_block_size(bdev) - 1) ||
!bdev_iter_is_aligned(bdev, iter);
}
@@ -367,13 +364,12 @@ static ssize_t __blkdev_direct_IO_async(struct kiocb *iocb,
static ssize_t blkdev_direct_IO(struct kiocb *iocb, struct iov_iter *iter)
{
struct block_device *bdev = I_BDEV(iocb->ki_filp->f_mapping->host);
- bool is_atomic = iocb->ki_flags & IOCB_ATOMIC;
unsigned int nr_pages;
if (!iov_iter_count(iter))
return 0;
- if (blkdev_dio_invalid(bdev, iocb, iter, is_atomic))
+ if (blkdev_dio_invalid(bdev, iocb, iter))
return -EINVAL;
nr_pages = bio_iov_vecs_to_alloc(iter, BIO_MAX_VECS + 1);
@@ -382,7 +378,7 @@ static ssize_t blkdev_direct_IO(struct kiocb *iocb, struct iov_iter *iter)
return __blkdev_direct_IO_simple(iocb, iter, bdev,
nr_pages);
return __blkdev_direct_IO_async(iocb, iter, bdev, nr_pages);
- } else if (is_atomic) {
+ } else if (iocb->ki_flags & IOCB_ATOMIC) {
return -EINVAL;
}
return __blkdev_direct_IO(iocb, iter, bdev, bio_max_segs(nr_pages));
@@ -624,7 +620,7 @@ static int blkdev_open(struct inode *inode, struct file *filp)
if (!bdev)
return -ENXIO;
- if (bdev_can_atomic_write(bdev) && filp->f_flags & O_DIRECT)
+ if (bdev_can_atomic_write(bdev))
filp->f_mode |= FMODE_CAN_ATOMIC_WRITE;
ret = bdev_open(bdev, mode, filp->private_data, NULL, filp);
@@ -699,6 +695,12 @@ static ssize_t blkdev_write_iter(struct kiocb *iocb, struct iov_iter *from)
if ((iocb->ki_flags & (IOCB_NOWAIT | IOCB_DIRECT)) == IOCB_NOWAIT)
return -EOPNOTSUPP;
+ if (iocb->ki_flags & IOCB_ATOMIC) {
+ ret = generic_atomic_write_valid(iocb, from);
+ if (ret)
+ return ret;
+ }
+
size -= iocb->ki_pos;
if (iov_iter_count(from) > size) {
shorted = iov_iter_count(from) - size;
diff --git a/fs/read_write.c b/fs/read_write.c
index d8af6f2f1c9af..1b122ec6d8f0d 100644
--- a/fs/read_write.c
+++ b/fs/read_write.c
@@ -1737,18 +1737,21 @@ int generic_file_rw_checks(struct file *file_in, struct file *file_out)
return 0;
}
-bool generic_atomic_write_valid(struct kiocb *iocb, struct iov_iter *iter)
+int generic_atomic_write_valid(struct kiocb *iocb, struct iov_iter *iter)
{
size_t len = iov_iter_count(iter);
if (!iter_is_ubuf(iter))
- return false;
+ return -EINVAL;
if (!is_power_of_2(len))
- return false;
+ return -EINVAL;
if (!IS_ALIGNED(iocb->ki_pos, len))
- return false;
+ return -EINVAL;
- return true;
+ if (!(iocb->ki_flags & IOCB_DIRECT))
+ return -EOPNOTSUPP;
+
+ return 0;
}
diff --git a/include/linux/fs.h b/include/linux/fs.h
index 0a8acd6063896..232b56416ccd9 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -3663,6 +3663,6 @@ static inline bool vfs_empty_path(int dfd, const char __user *path)
return !c;
}
-bool generic_atomic_write_valid(struct kiocb *iocb, struct iov_iter *iter);
+int generic_atomic_write_valid(struct kiocb *iocb, struct iov_iter *iter);
#endif /* _LINUX_FS_H */
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 057/817] s390/cio: Do not unregister the subchannel based on DNV
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (55 preceding siblings ...)
2024-12-03 14:33 ` [PATCH 6.11 056/817] fs/block: Check for IOCB_DIRECT in generic_atomic_write_valid() Greg Kroah-Hartman
@ 2024-12-03 14:33 ` Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 058/817] s390/pageattr: Implement missing kernel_page_present() Greg Kroah-Hartman
` (769 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:33 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Peter Oberparleiter, Vineeth Vijayan,
Heiko Carstens, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Vineeth Vijayan <vneethv@linux.ibm.com>
[ Upstream commit 8c58a229688ce3a097b3b1a2efe1b4f5508c2123 ]
Starting with commit 2297791c92d0 ("s390/cio: dont unregister
subchannel from child-drivers"), CIO does not unregister subchannels
when the attached device is invalid or unavailable. Instead, it
allows subchannels to exist without a connected device. However, if
the DNV value is 0, such as, when all the CHPIDs of a subchannel are
configured in standby state, the subchannel is unregistered, which
contradicts the current subchannel specification.
Update the logic so that subchannels are not unregistered based
on the DNV value. Also update the SCHIB information even if the
DNV bit is zero.
Suggested-by: Peter Oberparleiter <oberpar@linux.ibm.com>
Signed-off-by: Vineeth Vijayan <vneethv@linux.ibm.com>
Fixes: 2297791c92d0 ("s390/cio: dont unregister subchannel from child-drivers")
Reviewed-by: Peter Oberparleiter <oberpar@linux.ibm.com>
Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/s390/cio/cio.c | 6 +++++-
drivers/s390/cio/device.c | 18 +++++++++++++++++-
2 files changed, 22 insertions(+), 2 deletions(-)
diff --git a/drivers/s390/cio/cio.c b/drivers/s390/cio/cio.c
index c32e818f06dba..ad17ab0a93149 100644
--- a/drivers/s390/cio/cio.c
+++ b/drivers/s390/cio/cio.c
@@ -459,10 +459,14 @@ int cio_update_schib(struct subchannel *sch)
{
struct schib schib;
- if (stsch(sch->schid, &schib) || !css_sch_is_valid(&schib))
+ if (stsch(sch->schid, &schib))
return -ENODEV;
memcpy(&sch->schib, &schib, sizeof(schib));
+
+ if (!css_sch_is_valid(&schib))
+ return -EACCES;
+
return 0;
}
EXPORT_SYMBOL_GPL(cio_update_schib);
diff --git a/drivers/s390/cio/device.c b/drivers/s390/cio/device.c
index b0f23242e1714..9498825d9c7a5 100644
--- a/drivers/s390/cio/device.c
+++ b/drivers/s390/cio/device.c
@@ -1387,14 +1387,18 @@ enum io_sch_action {
IO_SCH_VERIFY,
IO_SCH_DISC,
IO_SCH_NOP,
+ IO_SCH_ORPH_CDEV,
};
static enum io_sch_action sch_get_action(struct subchannel *sch)
{
struct ccw_device *cdev;
+ int rc;
cdev = sch_get_cdev(sch);
- if (cio_update_schib(sch)) {
+ rc = cio_update_schib(sch);
+
+ if (rc == -ENODEV) {
/* Not operational. */
if (!cdev)
return IO_SCH_UNREG;
@@ -1402,6 +1406,16 @@ static enum io_sch_action sch_get_action(struct subchannel *sch)
return IO_SCH_UNREG;
return IO_SCH_ORPH_UNREG;
}
+
+ /* Avoid unregistering subchannels without working device. */
+ if (rc == -EACCES) {
+ if (!cdev)
+ return IO_SCH_NOP;
+ if (ccw_device_notify(cdev, CIO_GONE) != NOTIFY_OK)
+ return IO_SCH_UNREG_CDEV;
+ return IO_SCH_ORPH_CDEV;
+ }
+
/* Operational. */
if (!cdev)
return IO_SCH_ATTACH;
@@ -1471,6 +1485,7 @@ static int io_subchannel_sch_event(struct subchannel *sch, int process)
rc = 0;
goto out_unlock;
case IO_SCH_ORPH_UNREG:
+ case IO_SCH_ORPH_CDEV:
case IO_SCH_ORPH_ATTACH:
ccw_device_set_disconnected(cdev);
break;
@@ -1502,6 +1517,7 @@ static int io_subchannel_sch_event(struct subchannel *sch, int process)
/* Handle attached ccw device. */
switch (action) {
case IO_SCH_ORPH_UNREG:
+ case IO_SCH_ORPH_CDEV:
case IO_SCH_ORPH_ATTACH:
/* Move ccw device to orphanage. */
rc = ccw_device_move_to_orph(cdev);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 058/817] s390/pageattr: Implement missing kernel_page_present()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (56 preceding siblings ...)
2024-12-03 14:33 ` [PATCH 6.11 057/817] s390/cio: Do not unregister the subchannel based on DNV Greg Kroah-Hartman
@ 2024-12-03 14:33 ` Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 059/817] x86/pvh: Set phys_base when calling xen_prepare_pvh() Greg Kroah-Hartman
` (768 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:33 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Daniel Borkmann, Alexander Gordeev,
Heiko Carstens, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Heiko Carstens <hca@linux.ibm.com>
[ Upstream commit 2835f8bf5530750c3381166005934f996a83ad05 ]
kernel_page_present() was intentionally not implemented when adding
ARCH_HAS_SET_DIRECT_MAP support, since it was only used for suspend/resume
which is not supported anymore on s390.
A new bpf use case led to a compile error specific to s390. Even though
this specific use case went away implement kernel_page_present(), so that
the API is complete and potential future users won't run into this problem.
Reported-by: Daniel Borkmann <daniel@iogearbox.net>
Closes: https://lore.kernel.org/all/045de961-ac69-40cc-b141-ab70ec9377ec@iogearbox.net
Fixes: 0490d6d7ba0a ("s390/mm: enable ARCH_HAS_SET_DIRECT_MAP")
Reviewed-by: Alexander Gordeev <agordeev@linux.ibm.com>
Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/s390/include/asm/set_memory.h | 1 +
arch/s390/mm/pageattr.c | 15 +++++++++++++++
2 files changed, 16 insertions(+)
diff --git a/arch/s390/include/asm/set_memory.h b/arch/s390/include/asm/set_memory.h
index 06fbabe2f66c9..cb4cc0f59012f 100644
--- a/arch/s390/include/asm/set_memory.h
+++ b/arch/s390/include/asm/set_memory.h
@@ -62,5 +62,6 @@ __SET_MEMORY_FUNC(set_memory_4k, SET_MEMORY_4K)
int set_direct_map_invalid_noflush(struct page *page);
int set_direct_map_default_noflush(struct page *page);
+bool kernel_page_present(struct page *page);
#endif
diff --git a/arch/s390/mm/pageattr.c b/arch/s390/mm/pageattr.c
index 5f805ad42d4c3..aec9eb16b6f7b 100644
--- a/arch/s390/mm/pageattr.c
+++ b/arch/s390/mm/pageattr.c
@@ -406,6 +406,21 @@ int set_direct_map_default_noflush(struct page *page)
return __set_memory((unsigned long)page_to_virt(page), 1, SET_MEMORY_DEF);
}
+bool kernel_page_present(struct page *page)
+{
+ unsigned long addr;
+ unsigned int cc;
+
+ addr = (unsigned long)page_address(page);
+ asm volatile(
+ " lra %[addr],0(%[addr])\n"
+ " ipm %[cc]\n"
+ : [cc] "=d" (cc), [addr] "+a" (addr)
+ :
+ : "cc");
+ return (cc >> 28) == 0;
+}
+
#if defined(CONFIG_DEBUG_PAGEALLOC) || defined(CONFIG_KFENCE)
static void ipte_range(pte_t *pte, unsigned long address, int nr)
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 059/817] x86/pvh: Set phys_base when calling xen_prepare_pvh()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (57 preceding siblings ...)
2024-12-03 14:33 ` [PATCH 6.11 058/817] s390/pageattr: Implement missing kernel_page_present() Greg Kroah-Hartman
@ 2024-12-03 14:33 ` Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 060/817] x86/pvh: Call C code via the kernel virtual mapping Greg Kroah-Hartman
` (767 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:33 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jason Andryuk, Juergen Gross,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jason Andryuk <jason.andryuk@amd.com>
[ Upstream commit b464b461d27d564125db760938643374864c1b1f ]
phys_base needs to be set for __pa() to work in xen_pvh_init() when
finding the hypercall page. Set it before calling into
xen_prepare_pvh(), which calls xen_pvh_init(). Clear it afterward to
avoid __startup_64() adding to it and creating an incorrect value.
Signed-off-by: Jason Andryuk <jason.andryuk@amd.com>
Reviewed-by: Juergen Gross <jgross@suse.com>
Message-ID: <20240823193630.2583107-4-jason.andryuk@amd.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
Stable-dep-of: e8fbc0d9cab6 ("x86/pvh: Call C code via the kernel virtual mapping")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/platform/pvh/head.S | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/arch/x86/platform/pvh/head.S b/arch/x86/platform/pvh/head.S
index f7235ef87bc32..3621293cd1cc2 100644
--- a/arch/x86/platform/pvh/head.S
+++ b/arch/x86/platform/pvh/head.S
@@ -101,7 +101,20 @@ SYM_CODE_START_LOCAL(pvh_start_xen)
xor %edx, %edx
wrmsr
+ /*
+ * Calculate load offset and store in phys_base. __pa() needs
+ * phys_base set to calculate the hypercall page in xen_pvh_init().
+ */
+ movq %rbp, %rbx
+ subq $_pa(pvh_start_xen), %rbx
+ movq %rbx, phys_base(%rip)
call xen_prepare_pvh
+ /*
+ * Clear phys_base. __startup_64 will *add* to its value,
+ * so reset to 0.
+ */
+ xor %rbx, %rbx
+ movq %rbx, phys_base(%rip)
/* startup_64 expects boot_params in %rsi. */
mov $_pa(pvh_bootparams), %rsi
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 060/817] x86/pvh: Call C code via the kernel virtual mapping
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (58 preceding siblings ...)
2024-12-03 14:33 ` [PATCH 6.11 059/817] x86/pvh: Set phys_base when calling xen_prepare_pvh() Greg Kroah-Hartman
@ 2024-12-03 14:33 ` Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 061/817] brd: defer automatic disk creation until module initialization succeeds Greg Kroah-Hartman
` (766 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:33 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jason Andryuk, Ard Biesheuvel,
Juergen Gross, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ard Biesheuvel <ardb@kernel.org>
[ Upstream commit e8fbc0d9cab6c1ee6403f42c0991b0c1d5dbc092 ]
Calling C code via a different mapping than it was linked at is
problematic, because the compiler assumes that RIP-relative and absolute
symbol references are interchangeable. GCC in particular may use
RIP-relative per-CPU variable references even when not using -fpic.
So call xen_prepare_pvh() via its kernel virtual mapping on x86_64, so
that those RIP-relative references produce the correct values. This
matches the pre-existing behavior for i386, which also invokes
xen_prepare_pvh() via the kernel virtual mapping before invoking
startup_32 with paging disabled again.
Fixes: 7243b93345f7 ("xen/pvh: Bootstrap PVH guest")
Tested-by: Jason Andryuk <jason.andryuk@amd.com>
Reviewed-by: Jason Andryuk <jason.andryuk@amd.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Message-ID: <20241009160438.3884381-8-ardb+git@google.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/platform/pvh/head.S | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/arch/x86/platform/pvh/head.S b/arch/x86/platform/pvh/head.S
index 3621293cd1cc2..acb39752e7ca3 100644
--- a/arch/x86/platform/pvh/head.S
+++ b/arch/x86/platform/pvh/head.S
@@ -108,7 +108,14 @@ SYM_CODE_START_LOCAL(pvh_start_xen)
movq %rbp, %rbx
subq $_pa(pvh_start_xen), %rbx
movq %rbx, phys_base(%rip)
- call xen_prepare_pvh
+
+ /* Call xen_prepare_pvh() via the kernel virtual mapping */
+ leaq xen_prepare_pvh(%rip), %rax
+ subq phys_base(%rip), %rax
+ addq $__START_KERNEL_map, %rax
+ ANNOTATE_RETPOLINE_SAFE
+ call *%rax
+
/*
* Clear phys_base. __startup_64 will *add* to its value,
* so reset to 0.
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 061/817] brd: defer automatic disk creation until module initialization succeeds
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (59 preceding siblings ...)
2024-12-03 14:33 ` [PATCH 6.11 060/817] x86/pvh: Call C code via the kernel virtual mapping Greg Kroah-Hartman
@ 2024-12-03 14:33 ` Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 062/817] ext4: avoid remount errors with abort mount option Greg Kroah-Hartman
` (765 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:33 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Wupeng Ma, Yang Erkun,
Christoph Hellwig, Jens Axboe, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yang Erkun <yangerkun@huawei.com>
[ Upstream commit 826cc42adf44930a633d11a5993676d85ddb0842 ]
My colleague Wupeng found the following problems during fault injection:
BUG: unable to handle page fault for address: fffffbfff809d073
PGD 6e648067 P4D 123ec8067 PUD 123ec4067 PMD 100e38067 PTE 0
Oops: Oops: 0000 [#1] PREEMPT SMP KASAN NOPTI
CPU: 5 UID: 0 PID: 755 Comm: modprobe Not tainted 6.12.0-rc3+ #17
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
1.16.1-2.fc37 04/01/2014
RIP: 0010:__asan_load8+0x4c/0xa0
...
Call Trace:
<TASK>
blkdev_put_whole+0x41/0x70
bdev_release+0x1a3/0x250
blkdev_release+0x11/0x20
__fput+0x1d7/0x4a0
task_work_run+0xfc/0x180
syscall_exit_to_user_mode+0x1de/0x1f0
do_syscall_64+0x6b/0x170
entry_SYSCALL_64_after_hwframe+0x76/0x7e
loop_init() is calling loop_add() after __register_blkdev() succeeds and
is ignoring disk_add() failure from loop_add(), for loop_add() failure
is not fatal and successfully created disks are already visible to
bdev_open().
brd_init() is currently calling brd_alloc() before __register_blkdev()
succeeds and is releasing successfully created disks when brd_init()
returns an error. This can cause UAF for the latter two case:
case 1:
T1:
modprobe brd
brd_init
brd_alloc(0) // success
add_disk
disk_scan_partitions
bdev_file_open_by_dev // alloc file
fput // won't free until back to userspace
brd_alloc(1) // failed since mem alloc error inject
// error path for modprobe will release code segment
// back to userspace
__fput
blkdev_release
bdev_release
blkdev_put_whole
bdev->bd_disk->fops->release // fops is freed now, UAF!
case 2:
T1: T2:
modprobe brd
brd_init
brd_alloc(0) // success
open(/dev/ram0)
brd_alloc(1) // fail
// error path for modprobe
close(/dev/ram0)
...
/* UAF! */
bdev->bd_disk->fops->release
Fix this problem by following what loop_init() does. Besides,
reintroduce brd_devices_mutex to help serialize modifications to
brd_list.
Fixes: 7f9b348cb5e9 ("brd: convert to blk_alloc_disk/blk_cleanup_disk")
Reported-by: Wupeng Ma <mawupeng1@huawei.com>
Signed-off-by: Yang Erkun <yangerkun@huawei.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/20241030034914.907829-1-yangerkun@huaweicloud.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/block/brd.c | 66 ++++++++++++++++++++++++++++++---------------
1 file changed, 44 insertions(+), 22 deletions(-)
diff --git a/drivers/block/brd.c b/drivers/block/brd.c
index 2fd1ed1017481..5a95671d81515 100644
--- a/drivers/block/brd.c
+++ b/drivers/block/brd.c
@@ -316,8 +316,40 @@ __setup("ramdisk_size=", ramdisk_size);
* (should share code eventually).
*/
static LIST_HEAD(brd_devices);
+static DEFINE_MUTEX(brd_devices_mutex);
static struct dentry *brd_debugfs_dir;
+static struct brd_device *brd_find_or_alloc_device(int i)
+{
+ struct brd_device *brd;
+
+ mutex_lock(&brd_devices_mutex);
+ list_for_each_entry(brd, &brd_devices, brd_list) {
+ if (brd->brd_number == i) {
+ mutex_unlock(&brd_devices_mutex);
+ return ERR_PTR(-EEXIST);
+ }
+ }
+
+ brd = kzalloc(sizeof(*brd), GFP_KERNEL);
+ if (!brd) {
+ mutex_unlock(&brd_devices_mutex);
+ return ERR_PTR(-ENOMEM);
+ }
+ brd->brd_number = i;
+ list_add_tail(&brd->brd_list, &brd_devices);
+ mutex_unlock(&brd_devices_mutex);
+ return brd;
+}
+
+static void brd_free_device(struct brd_device *brd)
+{
+ mutex_lock(&brd_devices_mutex);
+ list_del(&brd->brd_list);
+ mutex_unlock(&brd_devices_mutex);
+ kfree(brd);
+}
+
static int brd_alloc(int i)
{
struct brd_device *brd;
@@ -340,14 +372,9 @@ static int brd_alloc(int i)
BLK_FEAT_NOWAIT,
};
- list_for_each_entry(brd, &brd_devices, brd_list)
- if (brd->brd_number == i)
- return -EEXIST;
- brd = kzalloc(sizeof(*brd), GFP_KERNEL);
- if (!brd)
- return -ENOMEM;
- brd->brd_number = i;
- list_add_tail(&brd->brd_list, &brd_devices);
+ brd = brd_find_or_alloc_device(i);
+ if (IS_ERR(brd))
+ return PTR_ERR(brd);
xa_init(&brd->brd_pages);
@@ -378,8 +405,7 @@ static int brd_alloc(int i)
out_cleanup_disk:
put_disk(disk);
out_free_dev:
- list_del(&brd->brd_list);
- kfree(brd);
+ brd_free_device(brd);
return err;
}
@@ -398,8 +424,7 @@ static void brd_cleanup(void)
del_gendisk(brd->brd_disk);
put_disk(brd->brd_disk);
brd_free_pages(brd);
- list_del(&brd->brd_list);
- kfree(brd);
+ brd_free_device(brd);
}
}
@@ -426,16 +451,6 @@ static int __init brd_init(void)
{
int err, i;
- brd_check_and_reset_par();
-
- brd_debugfs_dir = debugfs_create_dir("ramdisk_pages", NULL);
-
- for (i = 0; i < rd_nr; i++) {
- err = brd_alloc(i);
- if (err)
- goto out_free;
- }
-
/*
* brd module now has a feature to instantiate underlying device
* structure on-demand, provided that there is an access dev node.
@@ -451,11 +466,18 @@ static int __init brd_init(void)
* dynamically.
*/
+ brd_check_and_reset_par();
+
+ brd_debugfs_dir = debugfs_create_dir("ramdisk_pages", NULL);
+
if (__register_blkdev(RAMDISK_MAJOR, "ramdisk", brd_probe)) {
err = -EIO;
goto out_free;
}
+ for (i = 0; i < rd_nr; i++)
+ brd_alloc(i);
+
pr_info("brd: module loaded\n");
return 0;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 062/817] ext4: avoid remount errors with abort mount option
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (60 preceding siblings ...)
2024-12-03 14:33 ` [PATCH 6.11 061/817] brd: defer automatic disk creation until module initialization succeeds Greg Kroah-Hartman
@ 2024-12-03 14:33 ` Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 063/817] mips: asm: fix warning when disabling MIPS_FP_SUPPORT Greg Kroah-Hartman
` (764 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:33 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jan Stancek, Jan Kara, Theodore Tso,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jan Kara <jack@suse.cz>
[ Upstream commit 76486b104168ae59703190566e372badf433314b ]
When we remount filesystem with 'abort' mount option while changing
other mount options as well (as is LTP test doing), we can return error
from the system call after commit d3476f3dad4a ("ext4: don't set
SB_RDONLY after filesystem errors") because the application of mount
option changes detects shutdown filesystem and refuses to do anything.
The behavior of application of other mount options in presence of
'abort' mount option is currently rather arbitary as some mount option
changes are handled before 'abort' and some after it.
Move aborting of the filesystem to the end of remount handling so all
requested changes are properly applied before the filesystem is shutdown
to have a reasonably consistent behavior.
Fixes: d3476f3dad4a ("ext4: don't set SB_RDONLY after filesystem errors")
Reported-by: Jan Stancek <jstancek@redhat.com>
Link: https://lore.kernel.org/all/Zvp6L+oFnfASaoHl@t14s
Signed-off-by: Jan Kara <jack@suse.cz>
Tested-by: Jan Stancek <jstancek@redhat.com>
Link: https://patch.msgid.link/20241004221556.19222-1-jack@suse.cz
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ext4/super.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index cd3328b031534..42b1acac88e78 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -6518,9 +6518,6 @@ static int __ext4_remount(struct fs_context *fc, struct super_block *sb)
goto restore_opts;
}
- if (test_opt2(sb, ABORT))
- ext4_abort(sb, ESHUTDOWN, "Abort forced by user");
-
sb->s_flags = (sb->s_flags & ~SB_POSIXACL) |
(test_opt(sb, POSIX_ACL) ? SB_POSIXACL : 0);
@@ -6689,6 +6686,14 @@ static int __ext4_remount(struct fs_context *fc, struct super_block *sb)
if (!ext4_has_feature_mmp(sb) || sb_rdonly(sb))
ext4_stop_mmpd(sbi);
+ /*
+ * Handle aborting the filesystem as the last thing during remount to
+ * avoid obsure errors during remount when some option changes fail to
+ * apply due to shutdown filesystem.
+ */
+ if (test_opt2(sb, ABORT))
+ ext4_abort(sb, ESHUTDOWN, "Abort forced by user");
+
return 0;
restore_opts:
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 063/817] mips: asm: fix warning when disabling MIPS_FP_SUPPORT
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (61 preceding siblings ...)
2024-12-03 14:33 ` [PATCH 6.11 062/817] ext4: avoid remount errors with abort mount option Greg Kroah-Hartman
@ 2024-12-03 14:33 ` Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 064/817] initramfs: avoid filename buffer overrun Greg Kroah-Hartman
` (763 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:33 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jonas Gorski, Maciej W. Rozycki,
Thomas Bogendoerfer, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jonas Gorski <jonas.gorski@gmail.com>
[ Upstream commit da09935975c8f8c90d6f57be2422dee5557206cd ]
When MIPS_FP_SUPPORT is disabled, __sanitize_fcr31() is defined as
nothing, which triggers a gcc warning:
In file included from kernel/sched/core.c:79:
kernel/sched/core.c: In function 'context_switch':
./arch/mips/include/asm/switch_to.h:114:39: warning: suggest braces around empty body in an 'if' statement [-Wempty-body]
114 | __sanitize_fcr31(next); \
| ^
kernel/sched/core.c:5316:9: note: in expansion of macro 'switch_to'
5316 | switch_to(prev, next, prev);
| ^~~~~~~~~
Fix this by providing an empty body for __sanitize_fcr31() like one is
defined for __mips_mt_fpaff_switch_to().
Fixes: 36a498035bd2 ("MIPS: Avoid FCSR sanitization when CONFIG_MIPS_FP_SUPPORT=n")
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Reviewed-by: Maciej W. Rozycki <macro@orcam.me.uk>
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/mips/include/asm/switch_to.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/mips/include/asm/switch_to.h b/arch/mips/include/asm/switch_to.h
index a4374b4cb88fd..d6ccd53440213 100644
--- a/arch/mips/include/asm/switch_to.h
+++ b/arch/mips/include/asm/switch_to.h
@@ -97,7 +97,7 @@ do { \
} \
} while (0)
#else
-# define __sanitize_fcr31(next)
+# define __sanitize_fcr31(next) do { (void) (next); } while (0)
#endif
/*
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 064/817] initramfs: avoid filename buffer overrun
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (62 preceding siblings ...)
2024-12-03 14:33 ` [PATCH 6.11 063/817] mips: asm: fix warning when disabling MIPS_FP_SUPPORT Greg Kroah-Hartman
@ 2024-12-03 14:33 ` Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 065/817] arm64: Expose ID_AA64ISAR1_EL1.XS to sanitised feature consumers Greg Kroah-Hartman
` (762 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:33 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, David Disseldorp, Christian Brauner,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: David Disseldorp <ddiss@suse.de>
[ Upstream commit e017671f534dd3f568db9e47b0583e853d2da9b5 ]
The initramfs filename field is defined in
Documentation/driver-api/early-userspace/buffer-format.rst as:
37 cpio_file := ALGN(4) + cpio_header + filename + "\0" + ALGN(4) + data
...
55 ============= ================== =========================
56 Field name Field size Meaning
57 ============= ================== =========================
...
70 c_namesize 8 bytes Length of filename, including final \0
When extracting an initramfs cpio archive, the kernel's do_name() path
handler assumes a zero-terminated path at @collected, passing it
directly to filp_open() / init_mkdir() / init_mknod().
If a specially crafted cpio entry carries a non-zero-terminated filename
and is followed by uninitialized memory, then a file may be created with
trailing characters that represent the uninitialized memory. The ability
to create an initramfs entry would imply already having full control of
the system, so the buffer overrun shouldn't be considered a security
vulnerability.
Append the output of the following bash script to an existing initramfs
and observe any created /initramfs_test_fname_overrunAA* path. E.g.
./reproducer.sh | gzip >> /myinitramfs
It's easiest to observe non-zero uninitialized memory when the output is
gzipped, as it'll overflow the heap allocated @out_buf in __gunzip(),
rather than the initrd_start+initrd_size block.
---- reproducer.sh ----
nilchar="A" # change to "\0" to properly zero terminate / pad
magic="070701"
ino=1
mode=$(( 0100777 ))
uid=0
gid=0
nlink=1
mtime=1
filesize=0
devmajor=0
devminor=1
rdevmajor=0
rdevminor=0
csum=0
fname="initramfs_test_fname_overrun"
namelen=$(( ${#fname} + 1 )) # plus one to account for terminator
printf "%s%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%s" \
$magic $ino $mode $uid $gid $nlink $mtime $filesize \
$devmajor $devminor $rdevmajor $rdevminor $namelen $csum $fname
termpadlen=$(( 1 + ((4 - ((110 + $namelen) & 3)) % 4) ))
printf "%.s${nilchar}" $(seq 1 $termpadlen)
---- reproducer.sh ----
Symlink filename fields handled in do_symlink() won't overrun past the
data segment, due to the explicit zero-termination of the symlink
target.
Fix filename buffer overrun by aborting the initramfs FSM if any cpio
entry doesn't carry a zero-terminator at the expected (name_len - 1)
offset.
Fixes: 1da177e4c3f41 ("Linux-2.6.12-rc2")
Signed-off-by: David Disseldorp <ddiss@suse.de>
Link: https://lore.kernel.org/r/20241030035509.20194-2-ddiss@suse.de
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
init/initramfs.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/init/initramfs.c b/init/initramfs.c
index 814241b648274..04e0990f451cf 100644
--- a/init/initramfs.c
+++ b/init/initramfs.c
@@ -359,6 +359,15 @@ static int __init do_name(void)
{
state = SkipIt;
next_state = Reset;
+
+ /* name_len > 0 && name_len <= PATH_MAX checked in do_header */
+ if (collected[name_len - 1] != '\0') {
+ pr_err("initramfs name without nulterm: %.*s\n",
+ (int)name_len, collected);
+ error("malformed archive");
+ return 1;
+ }
+
if (strcmp(collected, "TRAILER!!!") == 0) {
free_hash();
return 0;
@@ -423,6 +432,12 @@ static int __init do_copy(void)
static int __init do_symlink(void)
{
+ if (collected[name_len - 1] != '\0') {
+ pr_err("initramfs symlink without nulterm: %.*s\n",
+ (int)name_len, collected);
+ error("malformed archive");
+ return 1;
+ }
collected[N_ALIGN(name_len) + body_len] = '\0';
clean_path(collected, 0);
init_symlink(collected + N_ALIGN(name_len), collected);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 065/817] arm64: Expose ID_AA64ISAR1_EL1.XS to sanitised feature consumers
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (63 preceding siblings ...)
2024-12-03 14:33 ` [PATCH 6.11 064/817] initramfs: avoid filename buffer overrun Greg Kroah-Hartman
@ 2024-12-03 14:33 ` Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 066/817] kselftest/arm64: Fix encoding for SVE B16B16 test Greg Kroah-Hartman
` (761 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:33 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Marc Zyngier, Catalin Marinas,
Oliver Upton, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Marc Zyngier <maz@kernel.org>
[ Upstream commit 2287a4c1e11822d05a70d22f28b26bd810dd204e ]
Despite KVM now being able to deal with XS-tagged TLBIs, we still don't
expose these feature bits to KVM.
Plumb in the feature in ID_AA64ISAR1_EL1.
Fixes: 0feec7769a63 ("KVM: arm64: nv: Add handling of NXS-flavoured TLBI operations")
Signed-off-by: Marc Zyngier <maz@kernel.org>
Acked-by: Catalin Marinas <catalin.marinas@arm.com>
Reviewed-by: Oliver Upton <oliver.upton@linux.dev>
Link: https://lore.kernel.org/r/20241031083519.364313-1-maz@kernel.org
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/kernel/cpufeature.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
index 646ecd3069fdd..4901daace5a3e 100644
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@ -228,6 +228,7 @@ static const struct arm64_ftr_bits ftr_id_aa64isar0[] = {
};
static const struct arm64_ftr_bits ftr_id_aa64isar1[] = {
+ ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR1_EL1_XS_SHIFT, 4, 0),
ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR1_EL1_I8MM_SHIFT, 4, 0),
ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR1_EL1_DGH_SHIFT, 4, 0),
ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR1_EL1_BF16_SHIFT, 4, 0),
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 066/817] kselftest/arm64: Fix encoding for SVE B16B16 test
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (64 preceding siblings ...)
2024-12-03 14:33 ` [PATCH 6.11 065/817] arm64: Expose ID_AA64ISAR1_EL1.XS to sanitised feature consumers Greg Kroah-Hartman
@ 2024-12-03 14:33 ` Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 067/817] nvme-pci: fix freeing of the HMB descriptor table Greg Kroah-Hartman
` (760 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:33 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mark Brown, Catalin Marinas,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mark Brown <broonie@kernel.org>
[ Upstream commit 69c0d824779843b51ca2339b2163db4d3b40c54c ]
The test for SVE_B16B16 had a cut'n'paste of a SME instruction, fix it with
a relevant SVE instruction.
Fixes: 44d10c27bd75 ("kselftest/arm64: Add 2023 DPISA hwcap test coverage")
Signed-off-by: Mark Brown <broonie@kernel.org>
Link: https://lore.kernel.org/r/20241028-arm64-b16b16-test-v1-1-59a4a7449bdf@kernel.org
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/arm64/abi/hwcap.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/tools/testing/selftests/arm64/abi/hwcap.c b/tools/testing/selftests/arm64/abi/hwcap.c
index 41c245478e412..14e146a23879a 100644
--- a/tools/testing/selftests/arm64/abi/hwcap.c
+++ b/tools/testing/selftests/arm64/abi/hwcap.c
@@ -355,8 +355,8 @@ static void sveaes_sigill(void)
static void sveb16b16_sigill(void)
{
- /* BFADD ZA.H[W0, 0], {Z0.H-Z1.H} */
- asm volatile(".inst 0xC1E41C00" : : : );
+ /* BFADD Z0.H, Z0.H, Z0.H */
+ asm volatile(".inst 0x65000000" : : : );
}
static void svepmull_sigill(void)
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 067/817] nvme-pci: fix freeing of the HMB descriptor table
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (65 preceding siblings ...)
2024-12-03 14:33 ` [PATCH 6.11 066/817] kselftest/arm64: Fix encoding for SVE B16B16 test Greg Kroah-Hartman
@ 2024-12-03 14:33 ` Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 068/817] m68k: mvme147: Fix SCSI controller IRQ numbers Greg Kroah-Hartman
` (759 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:33 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christoph Hellwig, Keith Busch,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Christoph Hellwig <hch@lst.de>
[ Upstream commit 3c2fb1ca8086eb139b2a551358137525ae8e0d7a ]
The HMB descriptor table is sized to the maximum number of descriptors
that could be used for a given device, but __nvme_alloc_host_mem could
break out of the loop earlier on memory allocation failure and end up
using less descriptors than planned for, which leads to an incorrect
size passed to dma_free_coherent.
In practice this was not showing up because the number of descriptors
tends to be low and the dma coherent allocator always allocates and
frees at least a page.
Fixes: 87ad72a59a38 ("nvme-pci: implement host memory buffer support")
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Keith Busch <kbusch@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/nvme/host/pci.c | 16 +++++++++-------
1 file changed, 9 insertions(+), 7 deletions(-)
diff --git a/drivers/nvme/host/pci.c b/drivers/nvme/host/pci.c
index 4b9fda0b1d9a3..34daf6d8db07b 100644
--- a/drivers/nvme/host/pci.c
+++ b/drivers/nvme/host/pci.c
@@ -153,6 +153,7 @@ struct nvme_dev {
/* host memory buffer support: */
u64 host_mem_size;
u32 nr_host_mem_descs;
+ u32 host_mem_descs_size;
dma_addr_t host_mem_descs_dma;
struct nvme_host_mem_buf_desc *host_mem_descs;
void **host_mem_desc_bufs;
@@ -1966,10 +1967,10 @@ static void nvme_free_host_mem(struct nvme_dev *dev)
kfree(dev->host_mem_desc_bufs);
dev->host_mem_desc_bufs = NULL;
- dma_free_coherent(dev->dev,
- dev->nr_host_mem_descs * sizeof(*dev->host_mem_descs),
+ dma_free_coherent(dev->dev, dev->host_mem_descs_size,
dev->host_mem_descs, dev->host_mem_descs_dma);
dev->host_mem_descs = NULL;
+ dev->host_mem_descs_size = 0;
dev->nr_host_mem_descs = 0;
}
@@ -1977,7 +1978,7 @@ static int __nvme_alloc_host_mem(struct nvme_dev *dev, u64 preferred,
u32 chunk_size)
{
struct nvme_host_mem_buf_desc *descs;
- u32 max_entries, len;
+ u32 max_entries, len, descs_size;
dma_addr_t descs_dma;
int i = 0;
void **bufs;
@@ -1990,8 +1991,9 @@ static int __nvme_alloc_host_mem(struct nvme_dev *dev, u64 preferred,
if (dev->ctrl.hmmaxd && dev->ctrl.hmmaxd < max_entries)
max_entries = dev->ctrl.hmmaxd;
- descs = dma_alloc_coherent(dev->dev, max_entries * sizeof(*descs),
- &descs_dma, GFP_KERNEL);
+ descs_size = max_entries * sizeof(*descs);
+ descs = dma_alloc_coherent(dev->dev, descs_size, &descs_dma,
+ GFP_KERNEL);
if (!descs)
goto out;
@@ -2020,6 +2022,7 @@ static int __nvme_alloc_host_mem(struct nvme_dev *dev, u64 preferred,
dev->host_mem_size = size;
dev->host_mem_descs = descs;
dev->host_mem_descs_dma = descs_dma;
+ dev->host_mem_descs_size = descs_size;
dev->host_mem_desc_bufs = bufs;
return 0;
@@ -2034,8 +2037,7 @@ static int __nvme_alloc_host_mem(struct nvme_dev *dev, u64 preferred,
kfree(bufs);
out_free_descs:
- dma_free_coherent(dev->dev, max_entries * sizeof(*descs), descs,
- descs_dma);
+ dma_free_coherent(dev->dev, descs_size, descs, descs_dma);
out:
dev->host_mem_descs = NULL;
return -ENOMEM;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 068/817] m68k: mvme147: Fix SCSI controller IRQ numbers
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (66 preceding siblings ...)
2024-12-03 14:33 ` [PATCH 6.11 067/817] nvme-pci: fix freeing of the HMB descriptor table Greg Kroah-Hartman
@ 2024-12-03 14:34 ` Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 069/817] m68k: mvme147: Reinstate early console Greg Kroah-Hartman
` (758 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:34 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Daniel Palmer, Finn Thain,
Geert Uytterhoeven, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Daniel Palmer <daniel@0x0f.com>
[ Upstream commit 47bc874427382018fa2e3e982480e156271eee70 ]
Sometime long ago the m68k IRQ code was refactored and the interrupt
numbers for SCSI controller on this board ended up wrong, and it hasn't
worked since.
The PCC adds 0x40 to the vector for its interrupts so they end up in
the user interrupt range. Hence, the kernel number should be the kernel
offset for user interrupt range + the PCC interrupt number.
Fixes: 200a3d352cd5 ("[PATCH] m68k: convert VME irq code")
Signed-off-by: Daniel Palmer <daniel@0x0f.com>
Reviewed-by: Finn Thain <fthain@linux-m68k.org>
Reviewed-by: Geert Uytterhoeven <geert@linux-m68k.org>
Link: https://lore.kernel.org/0e7636a21a0274eea35bfd5d874459d5078e97cc.1727926187.git.fthain@linux-m68k.org
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/m68k/include/asm/mvme147hw.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/m68k/include/asm/mvme147hw.h b/arch/m68k/include/asm/mvme147hw.h
index e28eb1c0e0bfb..dbf88059e47a4 100644
--- a/arch/m68k/include/asm/mvme147hw.h
+++ b/arch/m68k/include/asm/mvme147hw.h
@@ -93,8 +93,8 @@ struct pcc_regs {
#define M147_SCC_B_ADDR 0xfffe3000
#define M147_SCC_PCLK 5000000
-#define MVME147_IRQ_SCSI_PORT (IRQ_USER+0x45)
-#define MVME147_IRQ_SCSI_DMA (IRQ_USER+0x46)
+#define MVME147_IRQ_SCSI_PORT (IRQ_USER + 5)
+#define MVME147_IRQ_SCSI_DMA (IRQ_USER + 6)
/* SCC interrupts, for MVME147 */
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 069/817] m68k: mvme147: Reinstate early console
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (67 preceding siblings ...)
2024-12-03 14:34 ` [PATCH 6.11 068/817] m68k: mvme147: Fix SCSI controller IRQ numbers Greg Kroah-Hartman
@ 2024-12-03 14:34 ` Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 070/817] arm64: fix .data.rel.ro size assertion when CONFIG_LTO_CLANG Greg Kroah-Hartman
` (757 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:34 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Daniel Palmer, Finn Thain,
Geert Uytterhoeven, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Daniel Palmer <daniel@0x0f.com>
[ Upstream commit 077b33b9e2833ff25050d986178a2c4c4036cbac ]
Commit a38eaa07a0ce ("m68k/mvme147: config.c - Remove unused
functions"), removed the console functionality for the mvme147 instead
of wiring it up to an early console. Put the console write function
back and wire it up like mvme16x does so it's possible to see Linux boot
on this fine hardware once more.
Fixes: a38eaa07a0ce ("m68k/mvme147: config.c - Remove unused functions")
Signed-off-by: Daniel Palmer <daniel@0x0f.com>
Co-developed-by: Finn Thain <fthain@linux-m68k.org>
Signed-off-by: Finn Thain <fthain@linux-m68k.org>
Reviewed-by: Geert Uytterhoeven <geert@linux-m68k.org>
Link: https://lore.kernel.org/a82e8f0068a8722996a0ccfe666abb5e0a5c120d.1730850684.git.fthain@linux-m68k.org
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/m68k/kernel/early_printk.c | 5 ++++-
arch/m68k/mvme147/config.c | 30 ++++++++++++++++++++++++++++++
arch/m68k/mvme147/mvme147.h | 6 ++++++
3 files changed, 40 insertions(+), 1 deletion(-)
create mode 100644 arch/m68k/mvme147/mvme147.h
diff --git a/arch/m68k/kernel/early_printk.c b/arch/m68k/kernel/early_printk.c
index 3cc944df04f65..f11ef9f1f56fc 100644
--- a/arch/m68k/kernel/early_printk.c
+++ b/arch/m68k/kernel/early_printk.c
@@ -13,6 +13,7 @@
#include <asm/setup.h>
+#include "../mvme147/mvme147.h"
#include "../mvme16x/mvme16x.h"
asmlinkage void __init debug_cons_nputs(const char *s, unsigned n);
@@ -22,7 +23,9 @@ static void __ref debug_cons_write(struct console *c,
{
#if !(defined(CONFIG_SUN3) || defined(CONFIG_M68000) || \
defined(CONFIG_COLDFIRE))
- if (MACH_IS_MVME16x)
+ if (MACH_IS_MVME147)
+ mvme147_scc_write(c, s, n);
+ else if (MACH_IS_MVME16x)
mvme16x_cons_write(c, s, n);
else
debug_cons_nputs(s, n);
diff --git a/arch/m68k/mvme147/config.c b/arch/m68k/mvme147/config.c
index 8b5dc07f0811f..cc2fb0a83cf0b 100644
--- a/arch/m68k/mvme147/config.c
+++ b/arch/m68k/mvme147/config.c
@@ -32,6 +32,7 @@
#include <asm/mvme147hw.h>
#include <asm/config.h>
+#include "mvme147.h"
static void mvme147_get_model(char *model);
extern void mvme147_sched_init(void);
@@ -185,3 +186,32 @@ int mvme147_hwclk(int op, struct rtc_time *t)
}
return 0;
}
+
+static void scc_delay(void)
+{
+ __asm__ __volatile__ ("nop; nop;");
+}
+
+static void scc_write(char ch)
+{
+ do {
+ scc_delay();
+ } while (!(in_8(M147_SCC_A_ADDR) & BIT(2)));
+ scc_delay();
+ out_8(M147_SCC_A_ADDR, 8);
+ scc_delay();
+ out_8(M147_SCC_A_ADDR, ch);
+}
+
+void mvme147_scc_write(struct console *co, const char *str, unsigned int count)
+{
+ unsigned long flags;
+
+ local_irq_save(flags);
+ while (count--) {
+ if (*str == '\n')
+ scc_write('\r');
+ scc_write(*str++);
+ }
+ local_irq_restore(flags);
+}
diff --git a/arch/m68k/mvme147/mvme147.h b/arch/m68k/mvme147/mvme147.h
new file mode 100644
index 0000000000000..140bc98b0102a
--- /dev/null
+++ b/arch/m68k/mvme147/mvme147.h
@@ -0,0 +1,6 @@
+/* SPDX-License-Identifier: GPL-2.0-only */
+
+struct console;
+
+/* config.c */
+void mvme147_scc_write(struct console *co, const char *str, unsigned int count);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 070/817] arm64: fix .data.rel.ro size assertion when CONFIG_LTO_CLANG
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (68 preceding siblings ...)
2024-12-03 14:34 ` [PATCH 6.11 069/817] m68k: mvme147: Reinstate early console Greg Kroah-Hartman
@ 2024-12-03 14:34 ` Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 071/817] acpi/arm64: Adjust error handling procedure in gtdt_parse_timer_block() Greg Kroah-Hartman
` (756 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:34 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Masahiro Yamada, Will Deacon,
Catalin Marinas, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Masahiro Yamada <masahiroy@kernel.org>
[ Upstream commit 340fd66c856651d8c1d29f392dd26ad674d2db0e ]
Commit be2881824ae9 ("arm64/build: Assert for unwanted sections")
introduced an assertion to ensure that the .data.rel.ro section does
not exist.
However, this check does not work when CONFIG_LTO_CLANG is enabled,
because .data.rel.ro matches the .data.[0-9a-zA-Z_]* pattern in the
DATA_MAIN macro.
Move the ASSERT() above the RW_DATA() line.
Fixes: be2881824ae9 ("arm64/build: Assert for unwanted sections")
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Acked-by: Will Deacon <will@kernel.org>
Link: https://lore.kernel.org/r/20241106161843.189927-1-masahiroy@kernel.org
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/kernel/vmlinux.lds.S | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S
index 55a8e310ea12c..d294c1ea8391b 100644
--- a/arch/arm64/kernel/vmlinux.lds.S
+++ b/arch/arm64/kernel/vmlinux.lds.S
@@ -288,6 +288,9 @@ SECTIONS
__initdata_end = .;
__init_end = .;
+ .data.rel.ro : { *(.data.rel.ro) }
+ ASSERT(SIZEOF(.data.rel.ro) == 0, "Unexpected RELRO detected!")
+
_data = .;
_sdata = .;
RW_DATA(L1_CACHE_BYTES, PAGE_SIZE, THREAD_ALIGN)
@@ -344,9 +347,6 @@ SECTIONS
*(.plt) *(.plt.*) *(.iplt) *(.igot .igot.plt)
}
ASSERT(SIZEOF(.plt) == 0, "Unexpected run-time procedure linkages detected!")
-
- .data.rel.ro : { *(.data.rel.ro) }
- ASSERT(SIZEOF(.data.rel.ro) == 0, "Unexpected RELRO detected!")
}
#include "image-vars.h"
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 071/817] acpi/arm64: Adjust error handling procedure in gtdt_parse_timer_block()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (69 preceding siblings ...)
2024-12-03 14:34 ` [PATCH 6.11 070/817] arm64: fix .data.rel.ro size assertion when CONFIG_LTO_CLANG Greg Kroah-Hartman
@ 2024-12-03 14:34 ` Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 072/817] loop: fix type of block size Greg Kroah-Hartman
` (755 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:34 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Aleksandr Mishin, Hanjun Guo,
Sudeep Holla, Catalin Marinas, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Aleksandr Mishin <amishin@t-argos.ru>
[ Upstream commit 1a9de2f6fda69d5f105dd8af776856a66abdaa64 ]
In case of error in gtdt_parse_timer_block() invalid 'gtdt_frame'
will be used in 'do {} while (i-- >= 0 && gtdt_frame--);' statement block
because do{} block will be executed even if 'i == 0'.
Adjust error handling procedure by replacing 'i-- >= 0' with 'i-- > 0'.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: a712c3ed9b8a ("acpi/arm64: Add memory-mapped timer support in GTDT driver")
Signed-off-by: Aleksandr Mishin <amishin@t-argos.ru>
Acked-by: Hanjun Guo <guohanjun@huawei.com>
Acked-by: Sudeep Holla <sudeep.holla@arm.com>
Acked-by: Aleksandr Mishin <amishin@t-argos.ru>
Link: https://lore.kernel.org/r/20240827101239.22020-1-amishin@t-argos.ru
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/acpi/arm64/gtdt.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/acpi/arm64/gtdt.c b/drivers/acpi/arm64/gtdt.c
index c0e77c1c8e09d..eb6c2d3603874 100644
--- a/drivers/acpi/arm64/gtdt.c
+++ b/drivers/acpi/arm64/gtdt.c
@@ -283,7 +283,7 @@ static int __init gtdt_parse_timer_block(struct acpi_gtdt_timer_block *block,
if (frame->virt_irq > 0)
acpi_unregister_gsi(gtdt_frame->virtual_timer_interrupt);
frame->virt_irq = 0;
- } while (i-- >= 0 && gtdt_frame--);
+ } while (i-- > 0 && gtdt_frame--);
return -EINVAL;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 072/817] loop: fix type of block size
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (70 preceding siblings ...)
2024-12-03 14:34 ` [PATCH 6.11 071/817] acpi/arm64: Adjust error handling procedure in gtdt_parse_timer_block() Greg Kroah-Hartman
@ 2024-12-03 14:34 ` Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 073/817] cachefiles: Fix incorrect length return value in cachefiles_ondemand_fd_write_iter() Greg Kroah-Hartman
` (754 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:34 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, John Garry, Stefan Hajnoczi,
Christoph Hellwig, Damien Le Moal, Jan Stancek, Li Wang, Ming Lei,
Jens Axboe, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Li Wang <liwang@redhat.com>
[ Upstream commit 8e604cac499248c75ad3a26695a743ff879ded5c ]
PAGE_SIZE may be 64K, and the max block size can be PAGE_SIZE, so any
variable for holding block size can't be defined as 'unsigned short'.
Unfortunately commit 473516b36193 ("loop: use the atomic queue limits
update API") passes 'bsize' with type of 'unsigned short' to
loop_reconfigure_limits(), and causes LTP/ioctl_loop06 test failure:
12 ioctl_loop06.c:76: TINFO: Using LOOP_SET_BLOCK_SIZE with arg > PAGE_SIZE
13 ioctl_loop06.c:59: TFAIL: Set block size succeed unexpectedly
...
18 ioctl_loop06.c:76: TINFO: Using LOOP_CONFIGURE with block_size > PAGE_SIZE
19 ioctl_loop06.c:59: TFAIL: Set block size succeed unexpectedly
Fixes the issue by defining 'block size' variable with 'unsigned int', which is
aligned with block layer's definition.
(improve commit log & add fixes tag)
Fixes: 473516b36193 ("loop: use the atomic queue limits update API")
Cc: John Garry <john.g.garry@oracle.com>
Cc: Stefan Hajnoczi <stefanha@redhat.com>
Cc: Christoph Hellwig <hch@lst.de>
Reviewed-by: Damien Le Moal <dlemoal@kernel.org>
Reviewed-by: Jan Stancek <jstancek@redhat.com>
Signed-off-by: Li Wang <liwang@redhat.com>
Signed-off-by: Ming Lei <ming.lei@redhat.com>
Reviewed-by: John Garry <john.g.garry@oracle.com>
Link: https://lore.kernel.org/r/20241109022744.1126003-1-ming.lei@redhat.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/block/loop.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/block/loop.c b/drivers/block/loop.c
index 78a7bb28defe4..86cc3b19faae8 100644
--- a/drivers/block/loop.c
+++ b/drivers/block/loop.c
@@ -173,7 +173,7 @@ static loff_t get_loop_size(struct loop_device *lo, struct file *file)
static bool lo_bdev_can_use_dio(struct loop_device *lo,
struct block_device *backing_bdev)
{
- unsigned short sb_bsize = bdev_logical_block_size(backing_bdev);
+ unsigned int sb_bsize = bdev_logical_block_size(backing_bdev);
if (queue_logical_block_size(lo->lo_queue) < sb_bsize)
return false;
@@ -977,7 +977,7 @@ loop_set_status_from_info(struct loop_device *lo,
return 0;
}
-static unsigned short loop_default_blocksize(struct loop_device *lo,
+static unsigned int loop_default_blocksize(struct loop_device *lo,
struct block_device *backing_bdev)
{
/* In case of direct I/O, match underlying block size */
@@ -986,7 +986,7 @@ static unsigned short loop_default_blocksize(struct loop_device *lo,
return SECTOR_SIZE;
}
-static int loop_reconfigure_limits(struct loop_device *lo, unsigned short bsize)
+static int loop_reconfigure_limits(struct loop_device *lo, unsigned int bsize)
{
struct file *file = lo->lo_backing_file;
struct inode *inode = file->f_mapping->host;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 073/817] cachefiles: Fix incorrect length return value in cachefiles_ondemand_fd_write_iter()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (71 preceding siblings ...)
2024-12-03 14:34 ` [PATCH 6.11 072/817] loop: fix type of block size Greg Kroah-Hartman
@ 2024-12-03 14:34 ` Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 074/817] cachefiles: Fix missing pos updates " Greg Kroah-Hartman
` (753 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:34 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zizhi Wo, David Howells,
Christian Brauner, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zizhi Wo <wozizhi@huawei.com>
[ Upstream commit 10c35abd35aa62c9aac56898ae0c63b4d7d115e5 ]
cachefiles_ondemand_fd_write_iter() function first aligns "pos" and "len"
to block boundaries. When calling __cachefiles_write(), the aligned "pos"
is passed in, but "len" is the original unaligned value(iter->count).
Additionally, the returned length of the write operation is the modified
"len" aligned by block size, which is unreasonable.
The alignment of "pos" and "len" is intended only to check whether the
cache has enough space. But the modified len should not be used as the
return value of cachefiles_ondemand_fd_write_iter() because the length we
passed to __cachefiles_write() is the previous "len". Doing so would result
in a mismatch in the data written on-demand. For example, if the length of
the user state passed in is not aligned to the block size (the preread
scene/DIO writes only need 512 alignment/Fault injection), the length of
the write will differ from the actual length of the return.
To solve this issue, since the __cachefiles_prepare_write() modifies the
size of "len", we pass "aligned_len" to __cachefiles_prepare_write() to
calculate the free blocks and use the original "len" as the return value of
cachefiles_ondemand_fd_write_iter().
Fixes: c8383054506c ("cachefiles: notify the user daemon when looking up cookie")
Signed-off-by: Zizhi Wo <wozizhi@huawei.com>
Link: https://lore.kernel.org/r/20241107110649.3980193-2-wozizhi@huawei.com
Reviewed-by: David Howells <dhowells@redhat.com>
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/cachefiles/ondemand.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/cachefiles/ondemand.c b/fs/cachefiles/ondemand.c
index 470c966583850..bdd321017f1c4 100644
--- a/fs/cachefiles/ondemand.c
+++ b/fs/cachefiles/ondemand.c
@@ -61,7 +61,7 @@ static ssize_t cachefiles_ondemand_fd_write_iter(struct kiocb *kiocb,
struct cachefiles_object *object = kiocb->ki_filp->private_data;
struct cachefiles_cache *cache = object->volume->cache;
struct file *file = object->file;
- size_t len = iter->count;
+ size_t len = iter->count, aligned_len = len;
loff_t pos = kiocb->ki_pos;
const struct cred *saved_cred;
int ret;
@@ -70,7 +70,7 @@ static ssize_t cachefiles_ondemand_fd_write_iter(struct kiocb *kiocb,
return -ENOBUFS;
cachefiles_begin_secure(cache, &saved_cred);
- ret = __cachefiles_prepare_write(object, file, &pos, &len, len, true);
+ ret = __cachefiles_prepare_write(object, file, &pos, &aligned_len, len, true);
cachefiles_end_secure(cache, saved_cred);
if (ret < 0)
return ret;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 074/817] cachefiles: Fix missing pos updates in cachefiles_ondemand_fd_write_iter()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (72 preceding siblings ...)
2024-12-03 14:34 ` [PATCH 6.11 073/817] cachefiles: Fix incorrect length return value in cachefiles_ondemand_fd_write_iter() Greg Kroah-Hartman
@ 2024-12-03 14:34 ` Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 075/817] cachefiles: Fix NULL pointer dereference in object->file Greg Kroah-Hartman
` (752 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:34 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zizhi Wo, David Howells,
Christian Brauner, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zizhi Wo <wozizhi@huawei.com>
[ Upstream commit 56f4856b425a30e1d8b3e41e6cde8bfba90ba5f8 ]
In the erofs on-demand loading scenario, read and write operations are
usually delivered through "off" and "len" contained in read req in user
mode. Naturally, pwrite is used to specify a specific offset to complete
write operations.
However, if the write(not pwrite) syscall is called multiple times in the
read-ahead scenario, we need to manually update ki_pos after each write
operation to update file->f_pos.
This step is currently missing from the cachefiles_ondemand_fd_write_iter
function, added to address this issue.
Fixes: c8383054506c ("cachefiles: notify the user daemon when looking up cookie")
Signed-off-by: Zizhi Wo <wozizhi@huawei.com>
Link: https://lore.kernel.org/r/20241107110649.3980193-3-wozizhi@huawei.com
Acked-by: David Howells <dhowells@redhat.com>
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/cachefiles/ondemand.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/fs/cachefiles/ondemand.c b/fs/cachefiles/ondemand.c
index bdd321017f1c4..38ca6dce8ef29 100644
--- a/fs/cachefiles/ondemand.c
+++ b/fs/cachefiles/ondemand.c
@@ -77,8 +77,10 @@ static ssize_t cachefiles_ondemand_fd_write_iter(struct kiocb *kiocb,
trace_cachefiles_ondemand_fd_write(object, file_inode(file), pos, len);
ret = __cachefiles_write(object, file, pos, iter, NULL, NULL);
- if (!ret)
+ if (!ret) {
ret = len;
+ kiocb->ki_pos += ret;
+ }
return ret;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 075/817] cachefiles: Fix NULL pointer dereference in object->file
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (73 preceding siblings ...)
2024-12-03 14:34 ` [PATCH 6.11 074/817] cachefiles: Fix missing pos updates " Greg Kroah-Hartman
@ 2024-12-03 14:34 ` Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 076/817] netfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING Greg Kroah-Hartman
` (751 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:34 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zizhi Wo, David Howells,
Christian Brauner, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zizhi Wo <wozizhi@huawei.com>
[ Upstream commit 31ad74b20227ce6b40910ff78b1c604e42975cf1 ]
At present, the object->file has the NULL pointer dereference problem in
ondemand-mode. The root cause is that the allocated fd and object->file
lifetime are inconsistent, and the user-space invocation to anon_fd uses
object->file. Following is the process that triggers the issue:
[write fd] [umount]
cachefiles_ondemand_fd_write_iter
fscache_cookie_state_machine
cachefiles_withdraw_cookie
if (!file) return -ENOBUFS
cachefiles_clean_up_object
cachefiles_unmark_inode_in_use
fput(object->file)
object->file = NULL
// file NULL pointer dereference!
__cachefiles_write(..., file, ...)
Fix this issue by add an additional reference count to the object->file
before write/llseek, and decrement after it finished.
Fixes: c8383054506c ("cachefiles: notify the user daemon when looking up cookie")
Signed-off-by: Zizhi Wo <wozizhi@huawei.com>
Link: https://lore.kernel.org/r/20241107110649.3980193-5-wozizhi@huawei.com
Reviewed-by: David Howells <dhowells@redhat.com>
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/cachefiles/interface.c | 14 ++++++++++----
fs/cachefiles/ondemand.c | 30 ++++++++++++++++++++++++------
2 files changed, 34 insertions(+), 10 deletions(-)
diff --git a/fs/cachefiles/interface.c b/fs/cachefiles/interface.c
index 35ba2117a6f65..3e63cfe158747 100644
--- a/fs/cachefiles/interface.c
+++ b/fs/cachefiles/interface.c
@@ -327,6 +327,8 @@ static void cachefiles_commit_object(struct cachefiles_object *object,
static void cachefiles_clean_up_object(struct cachefiles_object *object,
struct cachefiles_cache *cache)
{
+ struct file *file;
+
if (test_bit(FSCACHE_COOKIE_RETIRED, &object->cookie->flags)) {
if (!test_bit(CACHEFILES_OBJECT_USING_TMPFILE, &object->flags)) {
cachefiles_see_object(object, cachefiles_obj_see_clean_delete);
@@ -342,10 +344,14 @@ static void cachefiles_clean_up_object(struct cachefiles_object *object,
}
cachefiles_unmark_inode_in_use(object, object->file);
- if (object->file) {
- fput(object->file);
- object->file = NULL;
- }
+
+ spin_lock(&object->lock);
+ file = object->file;
+ object->file = NULL;
+ spin_unlock(&object->lock);
+
+ if (file)
+ fput(file);
}
/*
diff --git a/fs/cachefiles/ondemand.c b/fs/cachefiles/ondemand.c
index 38ca6dce8ef29..fe3de9ad57bf6 100644
--- a/fs/cachefiles/ondemand.c
+++ b/fs/cachefiles/ondemand.c
@@ -60,20 +60,26 @@ static ssize_t cachefiles_ondemand_fd_write_iter(struct kiocb *kiocb,
{
struct cachefiles_object *object = kiocb->ki_filp->private_data;
struct cachefiles_cache *cache = object->volume->cache;
- struct file *file = object->file;
+ struct file *file;
size_t len = iter->count, aligned_len = len;
loff_t pos = kiocb->ki_pos;
const struct cred *saved_cred;
int ret;
- if (!file)
+ spin_lock(&object->lock);
+ file = object->file;
+ if (!file) {
+ spin_unlock(&object->lock);
return -ENOBUFS;
+ }
+ get_file(file);
+ spin_unlock(&object->lock);
cachefiles_begin_secure(cache, &saved_cred);
ret = __cachefiles_prepare_write(object, file, &pos, &aligned_len, len, true);
cachefiles_end_secure(cache, saved_cred);
if (ret < 0)
- return ret;
+ goto out;
trace_cachefiles_ondemand_fd_write(object, file_inode(file), pos, len);
ret = __cachefiles_write(object, file, pos, iter, NULL, NULL);
@@ -82,6 +88,8 @@ static ssize_t cachefiles_ondemand_fd_write_iter(struct kiocb *kiocb,
kiocb->ki_pos += ret;
}
+out:
+ fput(file);
return ret;
}
@@ -89,12 +97,22 @@ static loff_t cachefiles_ondemand_fd_llseek(struct file *filp, loff_t pos,
int whence)
{
struct cachefiles_object *object = filp->private_data;
- struct file *file = object->file;
+ struct file *file;
+ loff_t ret;
- if (!file)
+ spin_lock(&object->lock);
+ file = object->file;
+ if (!file) {
+ spin_unlock(&object->lock);
return -ENOBUFS;
+ }
+ get_file(file);
+ spin_unlock(&object->lock);
- return vfs_llseek(file, pos, whence);
+ ret = vfs_llseek(file, pos, whence);
+ fput(file);
+
+ return ret;
}
static long cachefiles_ondemand_fd_ioctl(struct file *filp, unsigned int ioctl,
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 076/817] netfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (74 preceding siblings ...)
2024-12-03 14:34 ` [PATCH 6.11 075/817] cachefiles: Fix NULL pointer dereference in object->file Greg Kroah-Hartman
@ 2024-12-03 14:34 ` Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 077/817] block: constify the lim argument to queue_limits_max_zone_append_sectors Greg Kroah-Hartman
` (750 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:34 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zizhi Wo, David Howells,
Christian Brauner, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zizhi Wo <wozizhi@huawei.com>
[ Upstream commit 22f9400a6f3560629478e0a64247b8fcc811a24d ]
In fscache_create_volume(), there is a missing memory barrier between the
bit-clearing operation and the wake-up operation. This may cause a
situation where, after a wake-up, the bit-clearing operation hasn't been
detected yet, leading to an indefinite wait. The triggering process is as
follows:
[cookie1] [cookie2] [volume_work]
fscache_perform_lookup
fscache_create_volume
fscache_perform_lookup
fscache_create_volume
fscache_create_volume_work
cachefiles_acquire_volume
clear_and_wake_up_bit
test_and_set_bit
test_and_set_bit
goto maybe_wait
goto no_wait
In the above process, cookie1 and cookie2 has the same volume. When cookie1
enters the -no_wait- process, it will clear the bit and wake up the waiting
process. If a barrier is missing, it may cause cookie2 to remain in the
-wait- process indefinitely.
In commit 3288666c7256 ("fscache: Use clear_and_wake_up_bit() in
fscache_create_volume_work()"), barriers were added to similar operations
in fscache_create_volume_work(), but fscache_create_volume() was missed.
By combining the clear and wake operations into clear_and_wake_up_bit() to
fix this issue.
Fixes: bfa22da3ed65 ("fscache: Provide and use cache methods to lookup/create/free a volume")
Signed-off-by: Zizhi Wo <wozizhi@huawei.com>
Link: https://lore.kernel.org/r/20241107110649.3980193-6-wozizhi@huawei.com
Acked-by: David Howells <dhowells@redhat.com>
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/netfs/fscache_volume.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/fs/netfs/fscache_volume.c b/fs/netfs/fscache_volume.c
index cb75c07b5281a..ced14ac78cc1c 100644
--- a/fs/netfs/fscache_volume.c
+++ b/fs/netfs/fscache_volume.c
@@ -322,8 +322,7 @@ void fscache_create_volume(struct fscache_volume *volume, bool wait)
}
return;
no_wait:
- clear_bit_unlock(FSCACHE_VOLUME_CREATING, &volume->flags);
- wake_up_bit(&volume->flags, FSCACHE_VOLUME_CREATING);
+ clear_and_wake_up_bit(FSCACHE_VOLUME_CREATING, &volume->flags);
}
/*
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 077/817] block: constify the lim argument to queue_limits_max_zone_append_sectors
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (75 preceding siblings ...)
2024-12-03 14:34 ` [PATCH 6.11 076/817] netfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING Greg Kroah-Hartman
@ 2024-12-03 14:34 ` Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 078/817] block: properly handle REQ_OP_ZONE_APPEND in __bio_split_to_limits Greg Kroah-Hartman
` (749 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:34 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christoph Hellwig, Damien Le Moal,
Hans Holmberg, Jens Axboe, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Christoph Hellwig <hch@lst.de>
[ Upstream commit 379b122a3ec8033aa43cb70e8ecb6fb7f98aa68f ]
queue_limits_max_zone_append_sectors doesn't change the lim argument,
so mark it as const.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Damien Le Moal <dlemoal@kernel.org>
Tested-by: Hans Holmberg <hans.holmberg@wdc.com>
Reviewed-by: Hans Holmberg <hans.holmberg@wdc.com>
Link: https://lore.kernel.org/r/20240826173820.1690925-3-hch@lst.de
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/blkdev.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/include/linux/blkdev.h b/include/linux/blkdev.h
index b7664d593486a..643c9020a35a6 100644
--- a/include/linux/blkdev.h
+++ b/include/linux/blkdev.h
@@ -1187,7 +1187,8 @@ static inline unsigned int queue_max_segment_size(const struct request_queue *q)
return q->limits.max_segment_size;
}
-static inline unsigned int queue_limits_max_zone_append_sectors(struct queue_limits *l)
+static inline unsigned int
+queue_limits_max_zone_append_sectors(const struct queue_limits *l)
{
unsigned int max_sectors = min(l->chunk_sectors, l->max_hw_sectors);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 078/817] block: properly handle REQ_OP_ZONE_APPEND in __bio_split_to_limits
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (76 preceding siblings ...)
2024-12-03 14:34 ` [PATCH 6.11 077/817] block: constify the lim argument to queue_limits_max_zone_append_sectors Greg Kroah-Hartman
@ 2024-12-03 14:34 ` Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 079/817] block: take chunk_sectors into account in bio_split_write_zeroes Greg Kroah-Hartman
` (748 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:34 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christoph Hellwig, Damien Le Moal,
Hans Holmberg, Jens Axboe, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Christoph Hellwig <hch@lst.de>
[ Upstream commit 1e8a7f6af926e266cc1d7ac49b56bd064057d625 ]
Currently REQ_OP_ZONE_APPEND is handled by the bio_split_rw case in
__bio_split_to_limits. This is harmful because REQ_OP_ZONE_APPEND
bios do not adhere to the soft max_limits value but instead use their
own capped version of max_hw_sectors, leading to incorrect splits that
later blow up in bio_split.
We still need the bio_split_rw logic to count nr_segs for blk-mq code,
so add a new wrapper that passes in the right limit, and turns any bio
that would need a split into an error as an additional debugging aid.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Damien Le Moal <dlemoal@kernel.org>
Tested-by: Hans Holmberg <hans.holmberg@wdc.com>
Reviewed-by: Hans Holmberg <hans.holmberg@wdc.com>
Link: https://lore.kernel.org/r/20240826173820.1690925-4-hch@lst.de
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Stable-dep-of: 60dc5ea6bcfd ("block: take chunk_sectors into account in bio_split_write_zeroes")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
block/blk-merge.c | 20 ++++++++++++++++++++
block/blk.h | 4 ++++
2 files changed, 24 insertions(+)
diff --git a/block/blk-merge.c b/block/blk-merge.c
index c7222c4685e06..56769c4bcd799 100644
--- a/block/blk-merge.c
+++ b/block/blk-merge.c
@@ -378,6 +378,26 @@ struct bio *bio_split_rw(struct bio *bio, const struct queue_limits *lim,
get_max_io_size(bio, lim) << SECTOR_SHIFT));
}
+/*
+ * REQ_OP_ZONE_APPEND bios must never be split by the block layer.
+ *
+ * But we want the nr_segs calculation provided by bio_split_rw_at, and having
+ * a good sanity check that the submitter built the bio correctly is nice to
+ * have as well.
+ */
+struct bio *bio_split_zone_append(struct bio *bio,
+ const struct queue_limits *lim, unsigned *nr_segs)
+{
+ unsigned int max_sectors = queue_limits_max_zone_append_sectors(lim);
+ int split_sectors;
+
+ split_sectors = bio_split_rw_at(bio, lim, nr_segs,
+ max_sectors << SECTOR_SHIFT);
+ if (WARN_ON_ONCE(split_sectors > 0))
+ split_sectors = -EINVAL;
+ return bio_submit_split(bio, split_sectors);
+}
+
/**
* bio_split_to_limits - split a bio to fit the queue limits
* @bio: bio to be split
diff --git a/block/blk.h b/block/blk.h
index 0d8cd64c12606..61c2afa67daab 100644
--- a/block/blk.h
+++ b/block/blk.h
@@ -337,6 +337,8 @@ struct bio *bio_split_write_zeroes(struct bio *bio,
const struct queue_limits *lim, unsigned *nsegs);
struct bio *bio_split_rw(struct bio *bio, const struct queue_limits *lim,
unsigned *nr_segs);
+struct bio *bio_split_zone_append(struct bio *bio,
+ const struct queue_limits *lim, unsigned *nr_segs);
/*
* All drivers must accept single-segments bios that are smaller than PAGE_SIZE.
@@ -375,6 +377,8 @@ static inline struct bio *__bio_split_to_limits(struct bio *bio,
return bio_split_rw(bio, lim, nr_segs);
*nr_segs = 1;
return bio;
+ case REQ_OP_ZONE_APPEND:
+ return bio_split_zone_append(bio, lim, nr_segs);
case REQ_OP_DISCARD:
case REQ_OP_SECURE_ERASE:
return bio_split_discard(bio, lim, nr_segs);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 079/817] block: take chunk_sectors into account in bio_split_write_zeroes
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (77 preceding siblings ...)
2024-12-03 14:34 ` [PATCH 6.11 078/817] block: properly handle REQ_OP_ZONE_APPEND in __bio_split_to_limits Greg Kroah-Hartman
@ 2024-12-03 14:34 ` Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 080/817] block: fix bio_split_rw_at to take zone_write_granularity into account Greg Kroah-Hartman
` (747 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:34 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christoph Hellwig, Damien Le Moal,
Jens Axboe, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Christoph Hellwig <hch@lst.de>
[ Upstream commit 60dc5ea6bcfd078b71419640d49afa649acf9450 ]
For zoned devices, write zeroes must be split at the zone boundary
which is represented as chunk_sectors. For other uses like the
internally RAIDed NVMe devices it is probably at least useful.
Enhance get_max_io_size to know about write zeroes and use it in
bio_split_write_zeroes. Also add a comment about the seemingly
nonsensical zero max_write_zeroes limit.
Fixes: 885fa13f6559 ("block: implement splitting of REQ_OP_WRITE_ZEROES bios")
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Damien Le Moal <dlemoal@kernel.org>
Link: https://lore.kernel.org/r/20241104062647.91160-2-hch@lst.de
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
block/blk-merge.c | 35 +++++++++++++++++++++++------------
1 file changed, 23 insertions(+), 12 deletions(-)
diff --git a/block/blk-merge.c b/block/blk-merge.c
index 56769c4bcd799..f2b5f63e118bd 100644
--- a/block/blk-merge.c
+++ b/block/blk-merge.c
@@ -166,17 +166,6 @@ struct bio *bio_split_discard(struct bio *bio, const struct queue_limits *lim,
return bio_submit_split(bio, split_sectors);
}
-struct bio *bio_split_write_zeroes(struct bio *bio,
- const struct queue_limits *lim, unsigned *nsegs)
-{
- *nsegs = 0;
- if (!lim->max_write_zeroes_sectors)
- return bio;
- if (bio_sectors(bio) <= lim->max_write_zeroes_sectors)
- return bio;
- return bio_submit_split(bio, lim->max_write_zeroes_sectors);
-}
-
static inline unsigned int blk_boundary_sectors(const struct queue_limits *lim,
bool is_atomic)
{
@@ -211,7 +200,9 @@ static inline unsigned get_max_io_size(struct bio *bio,
* We ignore lim->max_sectors for atomic writes because it may less
* than the actual bio size, which we cannot tolerate.
*/
- if (is_atomic)
+ if (bio_op(bio) == REQ_OP_WRITE_ZEROES)
+ max_sectors = lim->max_write_zeroes_sectors;
+ else if (is_atomic)
max_sectors = lim->atomic_write_max_sectors;
else
max_sectors = lim->max_sectors;
@@ -398,6 +389,26 @@ struct bio *bio_split_zone_append(struct bio *bio,
return bio_submit_split(bio, split_sectors);
}
+struct bio *bio_split_write_zeroes(struct bio *bio,
+ const struct queue_limits *lim, unsigned *nsegs)
+{
+ unsigned int max_sectors = get_max_io_size(bio, lim);
+
+ *nsegs = 0;
+
+ /*
+ * An unset limit should normally not happen, as bio submission is keyed
+ * off having a non-zero limit. But SCSI can clear the limit in the
+ * I/O completion handler, and we can race and see this. Splitting to a
+ * zero limit obviously doesn't make sense, so band-aid it here.
+ */
+ if (!max_sectors)
+ return bio;
+ if (bio_sectors(bio) <= max_sectors)
+ return bio;
+ return bio_submit_split(bio, max_sectors);
+}
+
/**
* bio_split_to_limits - split a bio to fit the queue limits
* @bio: bio to be split
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 080/817] block: fix bio_split_rw_at to take zone_write_granularity into account
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (78 preceding siblings ...)
2024-12-03 14:34 ` [PATCH 6.11 079/817] block: take chunk_sectors into account in bio_split_write_zeroes Greg Kroah-Hartman
@ 2024-12-03 14:34 ` Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 081/817] s390/syscalls: Avoid creation of arch/arch/ directory Greg Kroah-Hartman
` (746 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:34 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christoph Hellwig, Damien Le Moal,
Johannes Thumshirn, Jens Axboe, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Christoph Hellwig <hch@lst.de>
[ Upstream commit 7ecd2cd4fae3e8410c0a6620f3a83dcdbb254f02 ]
Otherwise it can create unaligned writes on zoned devices.
Fixes: a805a4fa4fa3 ("block: introduce zone_write_granularity limit")
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Damien Le Moal <dlemoal@kernel.org>
Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Link: https://lore.kernel.org/r/20241104062647.91160-3-hch@lst.de
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
block/blk-merge.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/block/blk-merge.c b/block/blk-merge.c
index f2b5f63e118bd..32d60294a44af 100644
--- a/block/blk-merge.c
+++ b/block/blk-merge.c
@@ -287,6 +287,14 @@ static bool bvec_split_segs(const struct queue_limits *lim,
return len > 0 || bv->bv_len > max_len;
}
+static unsigned int bio_split_alignment(struct bio *bio,
+ const struct queue_limits *lim)
+{
+ if (op_is_write(bio_op(bio)) && lim->zone_write_granularity)
+ return lim->zone_write_granularity;
+ return lim->logical_block_size;
+}
+
/**
* bio_split_rw_at - check if and where to split a read/write bio
* @bio: [in] bio to be split
@@ -349,7 +357,7 @@ int bio_split_rw_at(struct bio *bio, const struct queue_limits *lim,
* split size so that each bio is properly block size aligned, even if
* we do not use the full hardware limits.
*/
- bytes = ALIGN_DOWN(bytes, lim->logical_block_size);
+ bytes = ALIGN_DOWN(bytes, bio_split_alignment(bio, lim));
/*
* Bio splitting may cause subtle trouble such as hang when doing sync
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 081/817] s390/syscalls: Avoid creation of arch/arch/ directory
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (79 preceding siblings ...)
2024-12-03 14:34 ` [PATCH 6.11 080/817] block: fix bio_split_rw_at to take zone_write_granularity into account Greg Kroah-Hartman
@ 2024-12-03 14:34 ` Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 082/817] hfsplus: dont query the device logical block size multiple times Greg Kroah-Hartman
` (745 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:34 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Masahiro Yamada, Heiko Carstens,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Masahiro Yamada <masahiroy@kernel.org>
[ Upstream commit 0708967e2d56e370231fd07defa0d69f9ad125e8 ]
Building the kernel with ARCH=s390 creates a weird arch/arch/ directory.
$ find arch/arch
arch/arch
arch/arch/s390
arch/arch/s390/include
arch/arch/s390/include/generated
arch/arch/s390/include/generated/asm
arch/arch/s390/include/generated/uapi
arch/arch/s390/include/generated/uapi/asm
The root cause is 'targets' in arch/s390/kernel/syscalls/Makefile,
where the relative path is incorrect.
Strictly speaking, 'targets' was not necessary in the first place
because this Makefile uses 'filechk' instead of 'if_changed'.
However, this commit keeps it, as it will be useful when converting
'filechk' to 'if_changed' later.
Fixes: 5c75824d915e ("s390/syscalls: add Makefile to generate system call header files")
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Link: https://lore.kernel.org/r/20241111134603.2063226-1-masahiroy@kernel.org
Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/s390/kernel/syscalls/Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/s390/kernel/syscalls/Makefile b/arch/s390/kernel/syscalls/Makefile
index 1bb78b9468e8a..e85c14f9058b9 100644
--- a/arch/s390/kernel/syscalls/Makefile
+++ b/arch/s390/kernel/syscalls/Makefile
@@ -12,7 +12,7 @@ kapi-hdrs-y := $(kapi)/unistd_nr.h
uapi-hdrs-y := $(uapi)/unistd_32.h
uapi-hdrs-y += $(uapi)/unistd_64.h
-targets += $(addprefix ../../../,$(gen-y) $(kapi-hdrs-y) $(uapi-hdrs-y))
+targets += $(addprefix ../../../../,$(gen-y) $(kapi-hdrs-y) $(uapi-hdrs-y))
PHONY += kapi uapi
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 082/817] hfsplus: dont query the device logical block size multiple times
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (80 preceding siblings ...)
2024-12-03 14:34 ` [PATCH 6.11 081/817] s390/syscalls: Avoid creation of arch/arch/ directory Greg Kroah-Hartman
@ 2024-12-03 14:34 ` Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 083/817] ext4: pipeline buffer reads in mext_page_mkuptodate() Greg Kroah-Hartman
` (744 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:34 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Thadeu Lima de Souza Cascardo,
Christian Brauner, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thadeu Lima de Souza Cascardo <cascardo@igalia.com>
[ Upstream commit 1c82587cb57687de3f18ab4b98a8850c789bedcf ]
Devices block sizes may change. One of these cases is a loop device by
using ioctl LOOP_SET_BLOCK_SIZE.
While this may cause other issues like IO being rejected, in the case of
hfsplus, it will allocate a block by using that size and potentially write
out-of-bounds when hfsplus_read_wrapper calls hfsplus_submit_bio and the
latter function reads a different io_size.
Using a new min_io_size initally set to sb_min_blocksize works for the
purposes of the original fix, since it will be set to the max between
HFSPLUS_SECTOR_SIZE and the first seen logical block size. We still use the
max between HFSPLUS_SECTOR_SIZE and min_io_size in case the latter is not
initialized.
Tested by mounting an hfsplus filesystem with loop block sizes 512, 1024
and 4096.
The produced KASAN report before the fix looks like this:
[ 419.944641] ==================================================================
[ 419.945655] BUG: KASAN: slab-use-after-free in hfsplus_read_wrapper+0x659/0xa0a
[ 419.946703] Read of size 2 at addr ffff88800721fc00 by task repro/10678
[ 419.947612]
[ 419.947846] CPU: 0 UID: 0 PID: 10678 Comm: repro Not tainted 6.12.0-rc5-00008-gdf56e0f2f3ca #84
[ 419.949007] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014
[ 419.950035] Call Trace:
[ 419.950384] <TASK>
[ 419.950676] dump_stack_lvl+0x57/0x78
[ 419.951212] ? hfsplus_read_wrapper+0x659/0xa0a
[ 419.951830] print_report+0x14c/0x49e
[ 419.952361] ? __virt_addr_valid+0x267/0x278
[ 419.952979] ? kmem_cache_debug_flags+0xc/0x1d
[ 419.953561] ? hfsplus_read_wrapper+0x659/0xa0a
[ 419.954231] kasan_report+0x89/0xb0
[ 419.954748] ? hfsplus_read_wrapper+0x659/0xa0a
[ 419.955367] hfsplus_read_wrapper+0x659/0xa0a
[ 419.955948] ? __pfx_hfsplus_read_wrapper+0x10/0x10
[ 419.956618] ? do_raw_spin_unlock+0x59/0x1a9
[ 419.957214] ? _raw_spin_unlock+0x1a/0x2e
[ 419.957772] hfsplus_fill_super+0x348/0x1590
[ 419.958355] ? hlock_class+0x4c/0x109
[ 419.958867] ? __pfx_hfsplus_fill_super+0x10/0x10
[ 419.959499] ? __pfx_string+0x10/0x10
[ 419.960006] ? lock_acquire+0x3e2/0x454
[ 419.960532] ? bdev_name.constprop.0+0xce/0x243
[ 419.961129] ? __pfx_bdev_name.constprop.0+0x10/0x10
[ 419.961799] ? pointer+0x3f0/0x62f
[ 419.962277] ? __pfx_pointer+0x10/0x10
[ 419.962761] ? vsnprintf+0x6c4/0xfba
[ 419.963178] ? __pfx_vsnprintf+0x10/0x10
[ 419.963621] ? setup_bdev_super+0x376/0x3b3
[ 419.964029] ? snprintf+0x9d/0xd2
[ 419.964344] ? __pfx_snprintf+0x10/0x10
[ 419.964675] ? lock_acquired+0x45c/0x5e9
[ 419.965016] ? set_blocksize+0x139/0x1c1
[ 419.965381] ? sb_set_blocksize+0x6d/0xae
[ 419.965742] ? __pfx_hfsplus_fill_super+0x10/0x10
[ 419.966179] mount_bdev+0x12f/0x1bf
[ 419.966512] ? __pfx_mount_bdev+0x10/0x10
[ 419.966886] ? vfs_parse_fs_string+0xce/0x111
[ 419.967293] ? __pfx_vfs_parse_fs_string+0x10/0x10
[ 419.967702] ? __pfx_hfsplus_mount+0x10/0x10
[ 419.968073] legacy_get_tree+0x104/0x178
[ 419.968414] vfs_get_tree+0x86/0x296
[ 419.968751] path_mount+0xba3/0xd0b
[ 419.969157] ? __pfx_path_mount+0x10/0x10
[ 419.969594] ? kmem_cache_free+0x1e2/0x260
[ 419.970311] do_mount+0x99/0xe0
[ 419.970630] ? __pfx_do_mount+0x10/0x10
[ 419.971008] __do_sys_mount+0x199/0x1c9
[ 419.971397] do_syscall_64+0xd0/0x135
[ 419.971761] entry_SYSCALL_64_after_hwframe+0x76/0x7e
[ 419.972233] RIP: 0033:0x7c3cb812972e
[ 419.972564] Code: 48 8b 0d f5 46 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d c2 46 0d 00 f7 d8 64 89 01 48
[ 419.974371] RSP: 002b:00007ffe30632548 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[ 419.975048] RAX: ffffffffffffffda RBX: 00007ffe306328d8 RCX: 00007c3cb812972e
[ 419.975701] RDX: 0000000020000000 RSI: 0000000020000c80 RDI: 00007ffe306325d0
[ 419.976363] RBP: 00007ffe30632720 R08: 00007ffe30632610 R09: 0000000000000000
[ 419.977034] R10: 0000000000200008 R11: 0000000000000286 R12: 0000000000000000
[ 419.977713] R13: 00007ffe306328e8 R14: 00005a0eb298bc68 R15: 00007c3cb8356000
[ 419.978375] </TASK>
[ 419.978589]
Fixes: 6596528e391a ("hfsplus: ensure bio requests are not smaller than the hardware sectors")
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@igalia.com>
Link: https://lore.kernel.org/r/20241107114109.839253-1-cascardo@igalia.com
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/hfsplus/hfsplus_fs.h | 3 ++-
fs/hfsplus/wrapper.c | 2 ++
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/fs/hfsplus/hfsplus_fs.h b/fs/hfsplus/hfsplus_fs.h
index 9e78f181c24f4..c143304347337 100644
--- a/fs/hfsplus/hfsplus_fs.h
+++ b/fs/hfsplus/hfsplus_fs.h
@@ -156,6 +156,7 @@ struct hfsplus_sb_info {
/* Runtime variables */
u32 blockoffset;
+ u32 min_io_size;
sector_t part_start;
sector_t sect_count;
int fs_shift;
@@ -307,7 +308,7 @@ struct hfsplus_readdir_data {
*/
static inline unsigned short hfsplus_min_io_size(struct super_block *sb)
{
- return max_t(unsigned short, bdev_logical_block_size(sb->s_bdev),
+ return max_t(unsigned short, HFSPLUS_SB(sb)->min_io_size,
HFSPLUS_SECTOR_SIZE);
}
diff --git a/fs/hfsplus/wrapper.c b/fs/hfsplus/wrapper.c
index ce9346099c72d..4b0fdc49d1fe7 100644
--- a/fs/hfsplus/wrapper.c
+++ b/fs/hfsplus/wrapper.c
@@ -172,6 +172,8 @@ int hfsplus_read_wrapper(struct super_block *sb)
if (!blocksize)
goto out;
+ sbi->min_io_size = blocksize;
+
if (hfsplus_get_last_session(sb, &part_start, &part_size))
goto out;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 083/817] ext4: pipeline buffer reads in mext_page_mkuptodate()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (81 preceding siblings ...)
2024-12-03 14:34 ` [PATCH 6.11 082/817] hfsplus: dont query the device logical block size multiple times Greg Kroah-Hartman
@ 2024-12-03 14:34 ` Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 084/817] ext4: remove array of buffer_heads from mext_page_mkuptodate() Greg Kroah-Hartman
` (743 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:34 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Matthew Wilcox (Oracle),
Theodore Tso, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Matthew Wilcox (Oracle) <willy@infradead.org>
[ Upstream commit 368a83cebbb949adbcc20877c35367178497d9cc ]
Instead of synchronously reading one buffer at a time, submit reads
as we walk the buffers in the first loop, then wait for them in the
second loop. This should be significantly more efficient, particularly
on HDDs, but I have not measured.
Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org>
Link: https://patch.msgid.link/20240718223005.568869-2-willy@infradead.org
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Stable-dep-of: 2f3d93e210b9 ("ext4: fix race in buffer_head read fault injection")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ext4/move_extent.c | 23 +++++++++++++++--------
1 file changed, 15 insertions(+), 8 deletions(-)
diff --git a/fs/ext4/move_extent.c b/fs/ext4/move_extent.c
index c95e3e526390d..7a80c32fd7326 100644
--- a/fs/ext4/move_extent.c
+++ b/fs/ext4/move_extent.c
@@ -173,7 +173,9 @@ mext_page_mkuptodate(struct folio *folio, unsigned from, unsigned to)
sector_t block;
struct buffer_head *bh, *head, *arr[MAX_BUF_PER_PAGE];
unsigned int blocksize, block_start, block_end;
- int i, err, nr = 0, partial = 0;
+ int i, nr = 0;
+ bool partial = false;
+
BUG_ON(!folio_test_locked(folio));
BUG_ON(folio_test_writeback(folio));
@@ -191,13 +193,13 @@ mext_page_mkuptodate(struct folio *folio, unsigned from, unsigned to)
block_end = block_start + blocksize;
if (block_end <= from || block_start >= to) {
if (!buffer_uptodate(bh))
- partial = 1;
+ partial = true;
continue;
}
if (buffer_uptodate(bh))
continue;
if (!buffer_mapped(bh)) {
- err = ext4_get_block(inode, block, bh, 0);
+ int err = ext4_get_block(inode, block, bh, 0);
if (err)
return err;
if (!buffer_mapped(bh)) {
@@ -206,6 +208,12 @@ mext_page_mkuptodate(struct folio *folio, unsigned from, unsigned to)
continue;
}
}
+ lock_buffer(bh);
+ if (buffer_uptodate(bh)) {
+ unlock_buffer(bh);
+ continue;
+ }
+ ext4_read_bh_nowait(bh, 0, NULL);
BUG_ON(nr >= MAX_BUF_PER_PAGE);
arr[nr++] = bh;
}
@@ -215,11 +223,10 @@ mext_page_mkuptodate(struct folio *folio, unsigned from, unsigned to)
for (i = 0; i < nr; i++) {
bh = arr[i];
- if (!bh_uptodate_or_lock(bh)) {
- err = ext4_read_bh(bh, 0, NULL);
- if (err)
- return err;
- }
+ wait_on_buffer(bh);
+ if (buffer_uptodate(bh))
+ continue;
+ return -EIO;
}
out:
if (!partial)
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 084/817] ext4: remove array of buffer_heads from mext_page_mkuptodate()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (82 preceding siblings ...)
2024-12-03 14:34 ` [PATCH 6.11 083/817] ext4: pipeline buffer reads in mext_page_mkuptodate() Greg Kroah-Hartman
@ 2024-12-03 14:34 ` Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 085/817] ext4: fix race in buffer_head read fault injection Greg Kroah-Hartman
` (742 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:34 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Matthew Wilcox (Oracle),
Theodore Tso, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Matthew Wilcox (Oracle) <willy@infradead.org>
[ Upstream commit a40759fb16ae839f8c769174fde017564ea564ff ]
Iterate the folio's list of buffer_heads twice instead of keeping
an array of pointers. This solves a too-large-array-for-stack problem
on architectures with a ridiculoously large PAGE_SIZE and prepares
ext4 to support larger folios.
Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org>
Link: https://patch.msgid.link/20240718223005.568869-3-willy@infradead.org
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Stable-dep-of: 2f3d93e210b9 ("ext4: fix race in buffer_head read fault injection")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ext4/move_extent.c | 22 ++++++++++++----------
1 file changed, 12 insertions(+), 10 deletions(-)
diff --git a/fs/ext4/move_extent.c b/fs/ext4/move_extent.c
index 7a80c32fd7326..42b52b6491a03 100644
--- a/fs/ext4/move_extent.c
+++ b/fs/ext4/move_extent.c
@@ -165,15 +165,14 @@ mext_folio_double_lock(struct inode *inode1, struct inode *inode2,
return 0;
}
-/* Force page buffers uptodate w/o dropping page's lock */
-static int
-mext_page_mkuptodate(struct folio *folio, unsigned from, unsigned to)
+/* Force folio buffers uptodate w/o dropping folio's lock */
+static int mext_page_mkuptodate(struct folio *folio, size_t from, size_t to)
{
struct inode *inode = folio->mapping->host;
sector_t block;
- struct buffer_head *bh, *head, *arr[MAX_BUF_PER_PAGE];
+ struct buffer_head *bh, *head;
unsigned int blocksize, block_start, block_end;
- int i, nr = 0;
+ int nr = 0;
bool partial = false;
BUG_ON(!folio_test_locked(folio));
@@ -214,20 +213,23 @@ mext_page_mkuptodate(struct folio *folio, unsigned from, unsigned to)
continue;
}
ext4_read_bh_nowait(bh, 0, NULL);
- BUG_ON(nr >= MAX_BUF_PER_PAGE);
- arr[nr++] = bh;
+ nr++;
}
/* No io required */
if (!nr)
goto out;
- for (i = 0; i < nr; i++) {
- bh = arr[i];
+ bh = head;
+ do {
+ if (bh_offset(bh) + blocksize <= from)
+ continue;
+ if (bh_offset(bh) > to)
+ break;
wait_on_buffer(bh);
if (buffer_uptodate(bh))
continue;
return -EIO;
- }
+ } while ((bh = bh->b_this_page) != head);
out:
if (!partial)
folio_mark_uptodate(folio);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 085/817] ext4: fix race in buffer_head read fault injection
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (83 preceding siblings ...)
2024-12-03 14:34 ` [PATCH 6.11 084/817] ext4: remove array of buffer_heads from mext_page_mkuptodate() Greg Kroah-Hartman
@ 2024-12-03 14:34 ` Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 086/817] nvme-pci: reverse request order in nvme_queue_rqs Greg Kroah-Hartman
` (741 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:34 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Long Li, Theodore Tso, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Long Li <leo.lilong@huawei.com>
[ Upstream commit 2f3d93e210b9c2866c8b3662adae427d5bf511ec ]
When I enabled ext4 debug for fault injection testing, I encountered the
following warning:
EXT4-fs error (device sda): ext4_read_inode_bitmap:201: comm fsstress:
Cannot read inode bitmap - block_group = 8, inode_bitmap = 1051
WARNING: CPU: 0 PID: 511 at fs/buffer.c:1181 mark_buffer_dirty+0x1b3/0x1d0
The root cause of the issue lies in the improper implementation of ext4's
buffer_head read fault injection. The actual completion of buffer_head
read and the buffer_head fault injection are not atomic, which can lead
to the uptodate flag being cleared on normally used buffer_heads in race
conditions.
[CPU0] [CPU1] [CPU2]
ext4_read_inode_bitmap
ext4_read_bh()
<bh read complete>
ext4_read_inode_bitmap
if (buffer_uptodate(bh))
return bh
jbd2_journal_commit_transaction
__jbd2_journal_refile_buffer
__jbd2_journal_unfile_buffer
__jbd2_journal_temp_unlink_buffer
ext4_simulate_fail_bh()
clear_buffer_uptodate
mark_buffer_dirty
<report warning>
WARN_ON_ONCE(!buffer_uptodate(bh))
The best approach would be to perform fault injection in the IO completion
callback function, rather than after IO completion. However, the IO
completion callback function cannot get the fault injection code in sb.
Fix it by passing the result of fault injection into the bh read function,
we simulate faults within the bh read function itself. This requires adding
an extra parameter to the bh read functions that need fault injection.
Fixes: 46f870d690fe ("ext4: simulate various I/O and checksum errors when reading metadata")
Signed-off-by: Long Li <leo.lilong@huawei.com>
Link: https://patch.msgid.link/20240906091746.510163-1-leo.lilong@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ext4/balloc.c | 4 ++--
fs/ext4/ext4.h | 12 ++----------
fs/ext4/extents.c | 2 +-
fs/ext4/ialloc.c | 5 +++--
fs/ext4/indirect.c | 2 +-
fs/ext4/inode.c | 4 ++--
fs/ext4/mmp.c | 2 +-
fs/ext4/move_extent.c | 2 +-
fs/ext4/resize.c | 2 +-
fs/ext4/super.c | 23 +++++++++++++++--------
10 files changed, 29 insertions(+), 29 deletions(-)
diff --git a/fs/ext4/balloc.c b/fs/ext4/balloc.c
index 591fb3f710be7..8042ad8738089 100644
--- a/fs/ext4/balloc.c
+++ b/fs/ext4/balloc.c
@@ -550,7 +550,8 @@ ext4_read_block_bitmap_nowait(struct super_block *sb, ext4_group_t block_group,
trace_ext4_read_block_bitmap_load(sb, block_group, ignore_locked);
ext4_read_bh_nowait(bh, REQ_META | REQ_PRIO |
(ignore_locked ? REQ_RAHEAD : 0),
- ext4_end_bitmap_read);
+ ext4_end_bitmap_read,
+ ext4_simulate_fail(sb, EXT4_SIM_BBITMAP_EIO));
return bh;
verify:
err = ext4_validate_block_bitmap(sb, desc, block_group, bh);
@@ -577,7 +578,6 @@ int ext4_wait_block_bitmap(struct super_block *sb, ext4_group_t block_group,
if (!desc)
return -EFSCORRUPTED;
wait_on_buffer(bh);
- ext4_simulate_fail_bh(sb, bh, EXT4_SIM_BBITMAP_EIO);
if (!buffer_uptodate(bh)) {
ext4_error_err(sb, EIO, "Cannot read block bitmap - "
"block_group = %u, block_bitmap = %llu",
diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h
index 8bd302392d759..b02d6e444cfb6 100644
--- a/fs/ext4/ext4.h
+++ b/fs/ext4/ext4.h
@@ -1865,14 +1865,6 @@ static inline bool ext4_simulate_fail(struct super_block *sb,
return false;
}
-static inline void ext4_simulate_fail_bh(struct super_block *sb,
- struct buffer_head *bh,
- unsigned long code)
-{
- if (!IS_ERR(bh) && ext4_simulate_fail(sb, code))
- clear_buffer_uptodate(bh);
-}
-
/*
* Error number codes for s_{first,last}_error_errno
*
@@ -3098,9 +3090,9 @@ extern struct buffer_head *ext4_sb_bread(struct super_block *sb,
extern struct buffer_head *ext4_sb_bread_unmovable(struct super_block *sb,
sector_t block);
extern void ext4_read_bh_nowait(struct buffer_head *bh, blk_opf_t op_flags,
- bh_end_io_t *end_io);
+ bh_end_io_t *end_io, bool simu_fail);
extern int ext4_read_bh(struct buffer_head *bh, blk_opf_t op_flags,
- bh_end_io_t *end_io);
+ bh_end_io_t *end_io, bool simu_fail);
extern int ext4_read_bh_lock(struct buffer_head *bh, blk_opf_t op_flags, bool wait);
extern void ext4_sb_breadahead_unmovable(struct super_block *sb, sector_t block);
extern int ext4_seq_options_show(struct seq_file *seq, void *offset);
diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c
index c64f7c1b1d908..123a69e62e59b 100644
--- a/fs/ext4/extents.c
+++ b/fs/ext4/extents.c
@@ -564,7 +564,7 @@ __read_extent_tree_block(const char *function, unsigned int line,
if (!bh_uptodate_or_lock(bh)) {
trace_ext4_ext_load_extent(inode, pblk, _RET_IP_);
- err = ext4_read_bh(bh, 0, NULL);
+ err = ext4_read_bh(bh, 0, NULL, false);
if (err < 0)
goto errout;
}
diff --git a/fs/ext4/ialloc.c b/fs/ext4/ialloc.c
index 81641be38c0e8..072084da50d33 100644
--- a/fs/ext4/ialloc.c
+++ b/fs/ext4/ialloc.c
@@ -194,8 +194,9 @@ ext4_read_inode_bitmap(struct super_block *sb, ext4_group_t block_group)
* submit the buffer_head for reading
*/
trace_ext4_load_inode_bitmap(sb, block_group);
- ext4_read_bh(bh, REQ_META | REQ_PRIO, ext4_end_bitmap_read);
- ext4_simulate_fail_bh(sb, bh, EXT4_SIM_IBITMAP_EIO);
+ ext4_read_bh(bh, REQ_META | REQ_PRIO,
+ ext4_end_bitmap_read,
+ ext4_simulate_fail(sb, EXT4_SIM_IBITMAP_EIO));
if (!buffer_uptodate(bh)) {
put_bh(bh);
ext4_error_err(sb, EIO, "Cannot read inode bitmap - "
diff --git a/fs/ext4/indirect.c b/fs/ext4/indirect.c
index d8ca7f64f9523..8480bddde789b 100644
--- a/fs/ext4/indirect.c
+++ b/fs/ext4/indirect.c
@@ -170,7 +170,7 @@ static Indirect *ext4_get_branch(struct inode *inode, int depth,
}
if (!bh_uptodate_or_lock(bh)) {
- if (ext4_read_bh(bh, 0, NULL) < 0) {
+ if (ext4_read_bh(bh, 0, NULL, false) < 0) {
put_bh(bh);
goto failure;
}
diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
index a0fa5192db8ed..235e22790ec62 100644
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -4530,10 +4530,10 @@ static int __ext4_get_inode_loc(struct super_block *sb, unsigned long ino,
* Read the block from disk.
*/
trace_ext4_load_inode(sb, ino);
- ext4_read_bh_nowait(bh, REQ_META | REQ_PRIO, NULL);
+ ext4_read_bh_nowait(bh, REQ_META | REQ_PRIO, NULL,
+ ext4_simulate_fail(sb, EXT4_SIM_INODE_EIO));
blk_finish_plug(&plug);
wait_on_buffer(bh);
- ext4_simulate_fail_bh(sb, bh, EXT4_SIM_INODE_EIO);
if (!buffer_uptodate(bh)) {
if (ret_block)
*ret_block = block;
diff --git a/fs/ext4/mmp.c b/fs/ext4/mmp.c
index bd946d0c71b70..d64c04ed061ae 100644
--- a/fs/ext4/mmp.c
+++ b/fs/ext4/mmp.c
@@ -94,7 +94,7 @@ static int read_mmp_block(struct super_block *sb, struct buffer_head **bh,
}
lock_buffer(*bh);
- ret = ext4_read_bh(*bh, REQ_META | REQ_PRIO, NULL);
+ ret = ext4_read_bh(*bh, REQ_META | REQ_PRIO, NULL, false);
if (ret)
goto warn_exit;
diff --git a/fs/ext4/move_extent.c b/fs/ext4/move_extent.c
index 42b52b6491a03..fd3487df360a5 100644
--- a/fs/ext4/move_extent.c
+++ b/fs/ext4/move_extent.c
@@ -212,7 +212,7 @@ static int mext_page_mkuptodate(struct folio *folio, size_t from, size_t to)
unlock_buffer(bh);
continue;
}
- ext4_read_bh_nowait(bh, 0, NULL);
+ ext4_read_bh_nowait(bh, 0, NULL, false);
nr++;
}
/* No io required */
diff --git a/fs/ext4/resize.c b/fs/ext4/resize.c
index f12ccaabf13d8..e9da8bba0f9d7 100644
--- a/fs/ext4/resize.c
+++ b/fs/ext4/resize.c
@@ -1300,7 +1300,7 @@ static struct buffer_head *ext4_get_bitmap(struct super_block *sb, __u64 block)
if (unlikely(!bh))
return NULL;
if (!bh_uptodate_or_lock(bh)) {
- if (ext4_read_bh(bh, 0, NULL) < 0) {
+ if (ext4_read_bh(bh, 0, NULL, false) < 0) {
brelse(bh);
return NULL;
}
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index 42b1acac88e78..350b083012851 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -161,8 +161,14 @@ MODULE_ALIAS("ext3");
static inline void __ext4_read_bh(struct buffer_head *bh, blk_opf_t op_flags,
- bh_end_io_t *end_io)
+ bh_end_io_t *end_io, bool simu_fail)
{
+ if (simu_fail) {
+ clear_buffer_uptodate(bh);
+ unlock_buffer(bh);
+ return;
+ }
+
/*
* buffer's verified bit is no longer valid after reading from
* disk again due to write out error, clear it to make sure we
@@ -176,7 +182,7 @@ static inline void __ext4_read_bh(struct buffer_head *bh, blk_opf_t op_flags,
}
void ext4_read_bh_nowait(struct buffer_head *bh, blk_opf_t op_flags,
- bh_end_io_t *end_io)
+ bh_end_io_t *end_io, bool simu_fail)
{
BUG_ON(!buffer_locked(bh));
@@ -184,10 +190,11 @@ void ext4_read_bh_nowait(struct buffer_head *bh, blk_opf_t op_flags,
unlock_buffer(bh);
return;
}
- __ext4_read_bh(bh, op_flags, end_io);
+ __ext4_read_bh(bh, op_flags, end_io, simu_fail);
}
-int ext4_read_bh(struct buffer_head *bh, blk_opf_t op_flags, bh_end_io_t *end_io)
+int ext4_read_bh(struct buffer_head *bh, blk_opf_t op_flags,
+ bh_end_io_t *end_io, bool simu_fail)
{
BUG_ON(!buffer_locked(bh));
@@ -196,7 +203,7 @@ int ext4_read_bh(struct buffer_head *bh, blk_opf_t op_flags, bh_end_io_t *end_io
return 0;
}
- __ext4_read_bh(bh, op_flags, end_io);
+ __ext4_read_bh(bh, op_flags, end_io, simu_fail);
wait_on_buffer(bh);
if (buffer_uptodate(bh))
@@ -208,10 +215,10 @@ int ext4_read_bh_lock(struct buffer_head *bh, blk_opf_t op_flags, bool wait)
{
lock_buffer(bh);
if (!wait) {
- ext4_read_bh_nowait(bh, op_flags, NULL);
+ ext4_read_bh_nowait(bh, op_flags, NULL, false);
return 0;
}
- return ext4_read_bh(bh, op_flags, NULL);
+ return ext4_read_bh(bh, op_flags, NULL, false);
}
/*
@@ -266,7 +273,7 @@ void ext4_sb_breadahead_unmovable(struct super_block *sb, sector_t block)
if (likely(bh)) {
if (trylock_buffer(bh))
- ext4_read_bh_nowait(bh, REQ_RAHEAD, NULL);
+ ext4_read_bh_nowait(bh, REQ_RAHEAD, NULL, false);
brelse(bh);
}
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 086/817] nvme-pci: reverse request order in nvme_queue_rqs
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (84 preceding siblings ...)
2024-12-03 14:34 ` [PATCH 6.11 085/817] ext4: fix race in buffer_head read fault injection Greg Kroah-Hartman
@ 2024-12-03 14:34 ` Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 087/817] virtio_blk: reverse request order in virtio_queue_rqs Greg Kroah-Hartman
` (740 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:34 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christoph Hellwig, Jens Axboe,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Christoph Hellwig <hch@lst.de>
[ Upstream commit beadf0088501d9dcf2454b05d90d5d31ea3ba55f ]
blk_mq_flush_plug_list submits requests in the reverse order that they
were submitted, which leads to a rather suboptimal I/O pattern especially
in rotational devices. Fix this by rewriting nvme_queue_rqs so that it
always pops the requests from the passed in request list, and then adds
them to the head of a local submit list. This actually simplifies the
code a bit as it removes the complicated list splicing, at the cost of
extra updates of the rq_next pointer. As that should be cache hot
anyway it should be an easy price to pay.
Fixes: d62cbcf62f2f ("nvme: add support for mq_ops->queue_rqs()")
Signed-off-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/20241113152050.157179-2-hch@lst.de
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/nvme/host/pci.c | 39 +++++++++++++++++----------------------
1 file changed, 17 insertions(+), 22 deletions(-)
diff --git a/drivers/nvme/host/pci.c b/drivers/nvme/host/pci.c
index 34daf6d8db07b..55af3dfbc2607 100644
--- a/drivers/nvme/host/pci.c
+++ b/drivers/nvme/host/pci.c
@@ -905,9 +905,10 @@ static blk_status_t nvme_queue_rq(struct blk_mq_hw_ctx *hctx,
static void nvme_submit_cmds(struct nvme_queue *nvmeq, struct request **rqlist)
{
+ struct request *req;
+
spin_lock(&nvmeq->sq_lock);
- while (!rq_list_empty(*rqlist)) {
- struct request *req = rq_list_pop(rqlist);
+ while ((req = rq_list_pop(rqlist))) {
struct nvme_iod *iod = blk_mq_rq_to_pdu(req);
nvme_sq_copy_cmd(nvmeq, &iod->cmd);
@@ -932,31 +933,25 @@ static bool nvme_prep_rq_batch(struct nvme_queue *nvmeq, struct request *req)
static void nvme_queue_rqs(struct request **rqlist)
{
- struct request *req, *next, *prev = NULL;
+ struct request *submit_list = NULL;
struct request *requeue_list = NULL;
+ struct request **requeue_lastp = &requeue_list;
+ struct nvme_queue *nvmeq = NULL;
+ struct request *req;
- rq_list_for_each_safe(rqlist, req, next) {
- struct nvme_queue *nvmeq = req->mq_hctx->driver_data;
-
- if (!nvme_prep_rq_batch(nvmeq, req)) {
- /* detach 'req' and add to remainder list */
- rq_list_move(rqlist, &requeue_list, req, prev);
-
- req = prev;
- if (!req)
- continue;
- }
+ while ((req = rq_list_pop(rqlist))) {
+ if (nvmeq && nvmeq != req->mq_hctx->driver_data)
+ nvme_submit_cmds(nvmeq, &submit_list);
+ nvmeq = req->mq_hctx->driver_data;
- if (!next || req->mq_hctx != next->mq_hctx) {
- /* detach rest of list, and submit */
- req->rq_next = NULL;
- nvme_submit_cmds(nvmeq, rqlist);
- *rqlist = next;
- prev = NULL;
- } else
- prev = req;
+ if (nvme_prep_rq_batch(nvmeq, req))
+ rq_list_add(&submit_list, req); /* reverse order */
+ else
+ rq_list_add_tail(&requeue_lastp, req);
}
+ if (nvmeq)
+ nvme_submit_cmds(nvmeq, &submit_list);
*rqlist = requeue_list;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 087/817] virtio_blk: reverse request order in virtio_queue_rqs
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (85 preceding siblings ...)
2024-12-03 14:34 ` [PATCH 6.11 086/817] nvme-pci: reverse request order in nvme_queue_rqs Greg Kroah-Hartman
@ 2024-12-03 14:34 ` Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 088/817] crypto: mxs-dcp - Fix AES-CBC with hardware-bound keys Greg Kroah-Hartman
` (739 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:34 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christoph Hellwig, Jens Axboe,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Christoph Hellwig <hch@lst.de>
[ Upstream commit 7f212e997edbb7a2cb85cef2ac14265dfaf88717 ]
blk_mq_flush_plug_list submits requests in the reverse order that they
were submitted, which leads to a rather suboptimal I/O pattern
especially in rotational devices. Fix this by rewriting virtio_queue_rqs
so that it always pops the requests from the passed in request list, and
then adds them to the head of a local submit list. This actually
simplifies the code a bit as it removes the complicated list splicing,
at the cost of extra updates of the rq_next pointer. As that should be
cache hot anyway it should be an easy price to pay.
Fixes: 0e9911fa768f ("virtio-blk: support mq_ops->queue_rqs()")
Signed-off-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/20241113152050.157179-3-hch@lst.de
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/block/virtio_blk.c | 46 +++++++++++++++++---------------------
1 file changed, 21 insertions(+), 25 deletions(-)
diff --git a/drivers/block/virtio_blk.c b/drivers/block/virtio_blk.c
index 194417abc1053..43c96b73a7118 100644
--- a/drivers/block/virtio_blk.c
+++ b/drivers/block/virtio_blk.c
@@ -471,18 +471,18 @@ static bool virtblk_prep_rq_batch(struct request *req)
return virtblk_prep_rq(req->mq_hctx, vblk, req, vbr) == BLK_STS_OK;
}
-static bool virtblk_add_req_batch(struct virtio_blk_vq *vq,
+static void virtblk_add_req_batch(struct virtio_blk_vq *vq,
struct request **rqlist)
{
+ struct request *req;
unsigned long flags;
- int err;
bool kick;
spin_lock_irqsave(&vq->lock, flags);
- while (!rq_list_empty(*rqlist)) {
- struct request *req = rq_list_pop(rqlist);
+ while ((req = rq_list_pop(rqlist))) {
struct virtblk_req *vbr = blk_mq_rq_to_pdu(req);
+ int err;
err = virtblk_add_req(vq->vq, vbr);
if (err) {
@@ -495,37 +495,33 @@ static bool virtblk_add_req_batch(struct virtio_blk_vq *vq,
kick = virtqueue_kick_prepare(vq->vq);
spin_unlock_irqrestore(&vq->lock, flags);
- return kick;
+ if (kick)
+ virtqueue_notify(vq->vq);
}
static void virtio_queue_rqs(struct request **rqlist)
{
- struct request *req, *next, *prev = NULL;
+ struct request *submit_list = NULL;
struct request *requeue_list = NULL;
+ struct request **requeue_lastp = &requeue_list;
+ struct virtio_blk_vq *vq = NULL;
+ struct request *req;
- rq_list_for_each_safe(rqlist, req, next) {
- struct virtio_blk_vq *vq = get_virtio_blk_vq(req->mq_hctx);
- bool kick;
-
- if (!virtblk_prep_rq_batch(req)) {
- rq_list_move(rqlist, &requeue_list, req, prev);
- req = prev;
- if (!req)
- continue;
- }
+ while ((req = rq_list_pop(rqlist))) {
+ struct virtio_blk_vq *this_vq = get_virtio_blk_vq(req->mq_hctx);
- if (!next || req->mq_hctx != next->mq_hctx) {
- req->rq_next = NULL;
- kick = virtblk_add_req_batch(vq, rqlist);
- if (kick)
- virtqueue_notify(vq->vq);
+ if (vq && vq != this_vq)
+ virtblk_add_req_batch(vq, &submit_list);
+ vq = this_vq;
- *rqlist = next;
- prev = NULL;
- } else
- prev = req;
+ if (virtblk_prep_rq_batch(req))
+ rq_list_add(&submit_list, req); /* reverse order */
+ else
+ rq_list_add_tail(&requeue_lastp, req);
}
+ if (vq)
+ virtblk_add_req_batch(vq, &submit_list);
*rqlist = requeue_list;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 088/817] crypto: mxs-dcp - Fix AES-CBC with hardware-bound keys
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (86 preceding siblings ...)
2024-12-03 14:34 ` [PATCH 6.11 087/817] virtio_blk: reverse request order in virtio_queue_rqs Greg Kroah-Hartman
@ 2024-12-03 14:34 ` Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 089/817] crypto: caam - Fix the pointer passed to caam_qi_shutdown() Greg Kroah-Hartman
` (738 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:34 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Tomas Paukrt, Herbert Xu,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tomas Paukrt <tomaspaukrt@email.cz>
[ Upstream commit 0dbb6854ca14933e194e8e46c894ca7bff95d0f3 ]
Fix passing an initialization vector in the payload field which
is necessary for AES in CBC mode even with hardware-bound keys.
Fixes: 3d16af0b4cfa ("crypto: mxs-dcp: Add support for hardware-bound keys")
Signed-off-by: Tomas Paukrt <tomaspaukrt@email.cz>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/mxs-dcp.c | 20 ++++++++++++--------
1 file changed, 12 insertions(+), 8 deletions(-)
diff --git a/drivers/crypto/mxs-dcp.c b/drivers/crypto/mxs-dcp.c
index c82775dbb557a..77a6301f37f0a 100644
--- a/drivers/crypto/mxs-dcp.c
+++ b/drivers/crypto/mxs-dcp.c
@@ -225,21 +225,22 @@ static int mxs_dcp_start_dma(struct dcp_async_ctx *actx)
static int mxs_dcp_run_aes(struct dcp_async_ctx *actx,
struct skcipher_request *req, int init)
{
- dma_addr_t key_phys = 0;
- dma_addr_t src_phys, dst_phys;
+ dma_addr_t key_phys, src_phys, dst_phys;
struct dcp *sdcp = global_sdcp;
struct dcp_dma_desc *desc = &sdcp->coh->desc[actx->chan];
struct dcp_aes_req_ctx *rctx = skcipher_request_ctx(req);
bool key_referenced = actx->key_referenced;
int ret;
- if (!key_referenced) {
+ if (key_referenced)
+ key_phys = dma_map_single(sdcp->dev, sdcp->coh->aes_key + AES_KEYSIZE_128,
+ AES_KEYSIZE_128, DMA_TO_DEVICE);
+ else
key_phys = dma_map_single(sdcp->dev, sdcp->coh->aes_key,
2 * AES_KEYSIZE_128, DMA_TO_DEVICE);
- ret = dma_mapping_error(sdcp->dev, key_phys);
- if (ret)
- return ret;
- }
+ ret = dma_mapping_error(sdcp->dev, key_phys);
+ if (ret)
+ return ret;
src_phys = dma_map_single(sdcp->dev, sdcp->coh->aes_in_buf,
DCP_BUF_SZ, DMA_TO_DEVICE);
@@ -300,7 +301,10 @@ static int mxs_dcp_run_aes(struct dcp_async_ctx *actx,
err_dst:
dma_unmap_single(sdcp->dev, src_phys, DCP_BUF_SZ, DMA_TO_DEVICE);
err_src:
- if (!key_referenced)
+ if (key_referenced)
+ dma_unmap_single(sdcp->dev, key_phys, AES_KEYSIZE_128,
+ DMA_TO_DEVICE);
+ else
dma_unmap_single(sdcp->dev, key_phys, 2 * AES_KEYSIZE_128,
DMA_TO_DEVICE);
return ret;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 089/817] crypto: caam - Fix the pointer passed to caam_qi_shutdown()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (87 preceding siblings ...)
2024-12-03 14:34 ` [PATCH 6.11 088/817] crypto: mxs-dcp - Fix AES-CBC with hardware-bound keys Greg Kroah-Hartman
@ 2024-12-03 14:34 ` Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 090/817] crypto: qat - remove check after debugfs_create_dir() Greg Kroah-Hartman
` (737 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:34 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christophe JAILLET, Herbert Xu,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit ad980b04f51f7fb503530bd1cb328ba5e75a250e ]
The type of the last parameter given to devm_add_action_or_reset() is
"struct caam_drv_private *", but in caam_qi_shutdown(), it is casted to
"struct device *".
Pass the correct parameter to devm_add_action_or_reset() so that the
resources are released as expected.
Fixes: f414de2e2fff ("crypto: caam - use devres to de-initialize QI")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/caam/qi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/crypto/caam/qi.c b/drivers/crypto/caam/qi.c
index ba8fb5d8a7b26..dcb9069a254c7 100644
--- a/drivers/crypto/caam/qi.c
+++ b/drivers/crypto/caam/qi.c
@@ -793,7 +793,7 @@ int caam_qi_init(struct platform_device *caam_pdev)
caam_debugfs_qi_init(ctrlpriv);
- err = devm_add_action_or_reset(qidev, caam_qi_shutdown, ctrlpriv);
+ err = devm_add_action_or_reset(qidev, caam_qi_shutdown, qidev);
if (err)
goto fail2;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 090/817] crypto: qat - remove check after debugfs_create_dir()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (88 preceding siblings ...)
2024-12-03 14:34 ` [PATCH 6.11 089/817] crypto: caam - Fix the pointer passed to caam_qi_shutdown() Greg Kroah-Hartman
@ 2024-12-03 14:34 ` Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 091/817] crypto: powerpc/p10-aes-gcm - Register modules as SIMD Greg Kroah-Hartman
` (736 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:34 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Giovanni Cabiddu, Herbert Xu,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Cabiddu, Giovanni <giovanni.cabiddu@intel.com>
[ Upstream commit 23717055a79981daf7fafa09a4b0d7566f8384aa ]
The debugfs functions are guaranteed to return a valid error code
instead of NULL upon failure. Consequently, the driver can directly
propagate any error returned without additional checks.
Remove the unnecessary `if` statement after debugfs_create_dir(). If
this function fails, the error code is stored in accel_dev->debugfs_dir
and utilized in subsequent debugfs calls.
Additionally, since accel_dev->debugfs_dir is assured to be non-NULL,
remove the superfluous NULL pointer checks within the adf_dbgfs_add()
and adf_dbgfs_rm().
Fixes: 9260db6640a6 ("crypto: qat - move dbgfs init to separate file")
Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/intel/qat/qat_common/adf_dbgfs.c | 13 +------------
1 file changed, 1 insertion(+), 12 deletions(-)
diff --git a/drivers/crypto/intel/qat/qat_common/adf_dbgfs.c b/drivers/crypto/intel/qat/qat_common/adf_dbgfs.c
index c42f5c25aabdf..4c11ad1ebcf0f 100644
--- a/drivers/crypto/intel/qat/qat_common/adf_dbgfs.c
+++ b/drivers/crypto/intel/qat/qat_common/adf_dbgfs.c
@@ -22,18 +22,13 @@
void adf_dbgfs_init(struct adf_accel_dev *accel_dev)
{
char name[ADF_DEVICE_NAME_LENGTH];
- void *ret;
/* Create dev top level debugfs entry */
snprintf(name, sizeof(name), "%s%s_%s", ADF_DEVICE_NAME_PREFIX,
accel_dev->hw_device->dev_class->name,
pci_name(accel_dev->accel_pci_dev.pci_dev));
- ret = debugfs_create_dir(name, NULL);
- if (IS_ERR_OR_NULL(ret))
- return;
-
- accel_dev->debugfs_dir = ret;
+ accel_dev->debugfs_dir = debugfs_create_dir(name, NULL);
adf_cfg_dev_dbgfs_add(accel_dev);
}
@@ -59,9 +54,6 @@ EXPORT_SYMBOL_GPL(adf_dbgfs_exit);
*/
void adf_dbgfs_add(struct adf_accel_dev *accel_dev)
{
- if (!accel_dev->debugfs_dir)
- return;
-
if (!accel_dev->is_vf) {
adf_fw_counters_dbgfs_add(accel_dev);
adf_heartbeat_dbgfs_add(accel_dev);
@@ -77,9 +69,6 @@ void adf_dbgfs_add(struct adf_accel_dev *accel_dev)
*/
void adf_dbgfs_rm(struct adf_accel_dev *accel_dev)
{
- if (!accel_dev->debugfs_dir)
- return;
-
if (!accel_dev->is_vf) {
adf_tl_dbgfs_rm(accel_dev);
adf_cnv_dbgfs_rm(accel_dev);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 091/817] crypto: powerpc/p10-aes-gcm - Register modules as SIMD
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (89 preceding siblings ...)
2024-12-03 14:34 ` [PATCH 6.11 090/817] crypto: qat - remove check after debugfs_create_dir() Greg Kroah-Hartman
@ 2024-12-03 14:34 ` Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 092/817] crypto: powerpc/p10-aes-gcm - Add dependency on CRYPTO_SIMDand re-enable CRYPTO_AES_GCM_P10 Greg Kroah-Hartman
` (735 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:34 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Danny Tsen, Herbert Xu, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Danny Tsen <dtsen@linux.ibm.com>
[ Upstream commit c954b252dee956d33ee59f594710af28fb3037d9 ]
This patch is to fix an issue when simd is not usable that data mismatch
may occur. The fix is to register algs as SIMD modules so that the
algorithm is excecuted when SIMD instructions is usable. Called
gcm_update() to generate the final digest if needed.
A new module rfc4106(gcm(aes)) is also added.
Fixes: cdcecfd9991f ("crypto: p10-aes-gcm - Glue code for AES/GCM stitched implementation")
Signed-off-by: Danny Tsen <dtsen@linux.ibm.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/crypto/aes-gcm-p10-glue.c | 141 +++++++++++++++++++++----
1 file changed, 118 insertions(+), 23 deletions(-)
diff --git a/arch/powerpc/crypto/aes-gcm-p10-glue.c b/arch/powerpc/crypto/aes-gcm-p10-glue.c
index f62ee54076c06..e52629334cf80 100644
--- a/arch/powerpc/crypto/aes-gcm-p10-glue.c
+++ b/arch/powerpc/crypto/aes-gcm-p10-glue.c
@@ -8,6 +8,7 @@
#include <asm/unaligned.h>
#include <asm/simd.h>
#include <asm/switch_to.h>
+#include <crypto/gcm.h>
#include <crypto/aes.h>
#include <crypto/algapi.h>
#include <crypto/b128ops.h>
@@ -24,6 +25,7 @@
#define PPC_ALIGN 16
#define GCM_IV_SIZE 12
+#define RFC4106_NONCE_SIZE 4
MODULE_DESCRIPTION("PPC64le AES-GCM with Stitched implementation");
MODULE_AUTHOR("Danny Tsen <dtsen@linux.ibm.com");
@@ -31,7 +33,7 @@ MODULE_LICENSE("GPL v2");
MODULE_ALIAS_CRYPTO("aes");
asmlinkage int aes_p10_set_encrypt_key(const u8 *userKey, const int bits,
- void *key);
+ void *key);
asmlinkage void aes_p10_encrypt(const u8 *in, u8 *out, const void *key);
asmlinkage void aes_p10_gcm_encrypt(u8 *in, u8 *out, size_t len,
void *rkey, u8 *iv, void *Xi);
@@ -39,7 +41,8 @@ asmlinkage void aes_p10_gcm_decrypt(u8 *in, u8 *out, size_t len,
void *rkey, u8 *iv, void *Xi);
asmlinkage void gcm_init_htable(unsigned char htable[], unsigned char Xi[]);
asmlinkage void gcm_ghash_p10(unsigned char *Xi, unsigned char *Htable,
- unsigned char *aad, unsigned int alen);
+ unsigned char *aad, unsigned int alen);
+asmlinkage void gcm_update(u8 *iv, void *Xi);
struct aes_key {
u8 key[AES_MAX_KEYLENGTH];
@@ -52,6 +55,7 @@ struct gcm_ctx {
u8 aad_hash[16];
u64 aadLen;
u64 Plen; /* offset 56 - used in aes_p10_gcm_{en/de}crypt */
+ u8 pblock[16];
};
struct Hash_ctx {
u8 H[16]; /* subkey */
@@ -60,17 +64,20 @@ struct Hash_ctx {
struct p10_aes_gcm_ctx {
struct aes_key enc_key;
+ u8 nonce[RFC4106_NONCE_SIZE];
};
static void vsx_begin(void)
{
preempt_disable();
+ pagefault_disable();
enable_kernel_vsx();
}
static void vsx_end(void)
{
disable_kernel_vsx();
+ pagefault_enable();
preempt_enable();
}
@@ -185,7 +192,7 @@ static int set_authsize(struct crypto_aead *tfm, unsigned int authsize)
}
static int p10_aes_gcm_setkey(struct crypto_aead *aead, const u8 *key,
- unsigned int keylen)
+ unsigned int keylen)
{
struct crypto_tfm *tfm = crypto_aead_tfm(aead);
struct p10_aes_gcm_ctx *ctx = crypto_tfm_ctx(tfm);
@@ -198,7 +205,8 @@ static int p10_aes_gcm_setkey(struct crypto_aead *aead, const u8 *key,
return ret ? -EINVAL : 0;
}
-static int p10_aes_gcm_crypt(struct aead_request *req, int enc)
+static int p10_aes_gcm_crypt(struct aead_request *req, u8 *riv,
+ int assoclen, int enc)
{
struct crypto_tfm *tfm = req->base.tfm;
struct p10_aes_gcm_ctx *ctx = crypto_tfm_ctx(tfm);
@@ -210,7 +218,6 @@ static int p10_aes_gcm_crypt(struct aead_request *req, int enc)
struct skcipher_walk walk;
u8 *assocmem = NULL;
u8 *assoc;
- unsigned int assoclen = req->assoclen;
unsigned int cryptlen = req->cryptlen;
unsigned char ivbuf[AES_BLOCK_SIZE+PPC_ALIGN];
unsigned char *iv = PTR_ALIGN((void *)ivbuf, PPC_ALIGN);
@@ -218,11 +225,12 @@ static int p10_aes_gcm_crypt(struct aead_request *req, int enc)
unsigned long auth_tag_len = crypto_aead_authsize(__crypto_aead_cast(tfm));
u8 otag[16];
int total_processed = 0;
+ int nbytes;
memset(databuf, 0, sizeof(databuf));
memset(hashbuf, 0, sizeof(hashbuf));
memset(ivbuf, 0, sizeof(ivbuf));
- memcpy(iv, req->iv, GCM_IV_SIZE);
+ memcpy(iv, riv, GCM_IV_SIZE);
/* Linearize assoc, if not already linear */
if (req->src->length >= assoclen && req->src->length) {
@@ -257,19 +265,25 @@ static int p10_aes_gcm_crypt(struct aead_request *req, int enc)
if (ret)
return ret;
- while (walk.nbytes > 0 && ret == 0) {
+ while ((nbytes = walk.nbytes) > 0 && ret == 0) {
+ u8 *src = walk.src.virt.addr;
+ u8 *dst = walk.dst.virt.addr;
+ u8 buf[AES_BLOCK_SIZE];
+
+ if (unlikely(nbytes > 0 && nbytes < AES_BLOCK_SIZE))
+ src = dst = memcpy(buf, src, nbytes);
vsx_begin();
if (enc)
- aes_p10_gcm_encrypt(walk.src.virt.addr,
- walk.dst.virt.addr,
- walk.nbytes,
+ aes_p10_gcm_encrypt(src, dst, nbytes,
&ctx->enc_key, gctx->iv, hash->Htable);
else
- aes_p10_gcm_decrypt(walk.src.virt.addr,
- walk.dst.virt.addr,
- walk.nbytes,
+ aes_p10_gcm_decrypt(src, dst, nbytes,
&ctx->enc_key, gctx->iv, hash->Htable);
+
+ if (unlikely(nbytes > 0 && nbytes < AES_BLOCK_SIZE))
+ memcpy(walk.dst.virt.addr, buf, nbytes);
+
vsx_end();
total_processed += walk.nbytes;
@@ -281,6 +295,7 @@ static int p10_aes_gcm_crypt(struct aead_request *req, int enc)
/* Finalize hash */
vsx_begin();
+ gcm_update(gctx->iv, hash->Htable);
finish_tag(gctx, hash, total_processed);
vsx_end();
@@ -302,17 +317,63 @@ static int p10_aes_gcm_crypt(struct aead_request *req, int enc)
return 0;
}
+static int rfc4106_setkey(struct crypto_aead *tfm, const u8 *inkey,
+ unsigned int keylen)
+{
+ struct p10_aes_gcm_ctx *ctx = crypto_aead_ctx(tfm);
+ int err;
+
+ keylen -= RFC4106_NONCE_SIZE;
+ err = p10_aes_gcm_setkey(tfm, inkey, keylen);
+ if (err)
+ return err;
+
+ memcpy(ctx->nonce, inkey + keylen, RFC4106_NONCE_SIZE);
+ return 0;
+}
+
+static int rfc4106_setauthsize(struct crypto_aead *tfm, unsigned int authsize)
+{
+ return crypto_rfc4106_check_authsize(authsize);
+}
+
+static int rfc4106_encrypt(struct aead_request *req)
+{
+ struct crypto_aead *aead = crypto_aead_reqtfm(req);
+ struct p10_aes_gcm_ctx *ctx = crypto_aead_ctx(aead);
+ u8 iv[AES_BLOCK_SIZE];
+
+ memcpy(iv, ctx->nonce, RFC4106_NONCE_SIZE);
+ memcpy(iv + RFC4106_NONCE_SIZE, req->iv, GCM_RFC4106_IV_SIZE);
+
+ return crypto_ipsec_check_assoclen(req->assoclen) ?:
+ p10_aes_gcm_crypt(req, iv, req->assoclen - GCM_RFC4106_IV_SIZE, 1);
+}
+
+static int rfc4106_decrypt(struct aead_request *req)
+{
+ struct crypto_aead *aead = crypto_aead_reqtfm(req);
+ struct p10_aes_gcm_ctx *ctx = crypto_aead_ctx(aead);
+ u8 iv[AES_BLOCK_SIZE];
+
+ memcpy(iv, ctx->nonce, RFC4106_NONCE_SIZE);
+ memcpy(iv + RFC4106_NONCE_SIZE, req->iv, GCM_RFC4106_IV_SIZE);
+
+ return crypto_ipsec_check_assoclen(req->assoclen) ?:
+ p10_aes_gcm_crypt(req, iv, req->assoclen - GCM_RFC4106_IV_SIZE, 0);
+}
+
static int p10_aes_gcm_encrypt(struct aead_request *req)
{
- return p10_aes_gcm_crypt(req, 1);
+ return p10_aes_gcm_crypt(req, req->iv, req->assoclen, 1);
}
static int p10_aes_gcm_decrypt(struct aead_request *req)
{
- return p10_aes_gcm_crypt(req, 0);
+ return p10_aes_gcm_crypt(req, req->iv, req->assoclen, 0);
}
-static struct aead_alg gcm_aes_alg = {
+static struct aead_alg gcm_aes_algs[] = {{
.ivsize = GCM_IV_SIZE,
.maxauthsize = 16,
@@ -321,23 +382,57 @@ static struct aead_alg gcm_aes_alg = {
.encrypt = p10_aes_gcm_encrypt,
.decrypt = p10_aes_gcm_decrypt,
- .base.cra_name = "gcm(aes)",
- .base.cra_driver_name = "aes_gcm_p10",
+ .base.cra_name = "__gcm(aes)",
+ .base.cra_driver_name = "__aes_gcm_p10",
.base.cra_priority = 2100,
.base.cra_blocksize = 1,
- .base.cra_ctxsize = sizeof(struct p10_aes_gcm_ctx),
+ .base.cra_ctxsize = sizeof(struct p10_aes_gcm_ctx)+
+ 4 * sizeof(u64[2]),
.base.cra_module = THIS_MODULE,
-};
+ .base.cra_flags = CRYPTO_ALG_INTERNAL,
+}, {
+ .ivsize = GCM_RFC4106_IV_SIZE,
+ .maxauthsize = 16,
+ .setkey = rfc4106_setkey,
+ .setauthsize = rfc4106_setauthsize,
+ .encrypt = rfc4106_encrypt,
+ .decrypt = rfc4106_decrypt,
+
+ .base.cra_name = "__rfc4106(gcm(aes))",
+ .base.cra_driver_name = "__rfc4106_aes_gcm_p10",
+ .base.cra_priority = 2100,
+ .base.cra_blocksize = 1,
+ .base.cra_ctxsize = sizeof(struct p10_aes_gcm_ctx) +
+ 4 * sizeof(u64[2]),
+ .base.cra_module = THIS_MODULE,
+ .base.cra_flags = CRYPTO_ALG_INTERNAL,
+}};
+
+static struct simd_aead_alg *p10_simd_aeads[ARRAY_SIZE(gcm_aes_algs)];
static int __init p10_init(void)
{
- return crypto_register_aead(&gcm_aes_alg);
+ int ret;
+
+ if (!cpu_has_feature(PPC_FEATURE2_ARCH_3_1))
+ return 0;
+
+ ret = simd_register_aeads_compat(gcm_aes_algs,
+ ARRAY_SIZE(gcm_aes_algs),
+ p10_simd_aeads);
+ if (ret) {
+ simd_unregister_aeads(gcm_aes_algs, ARRAY_SIZE(gcm_aes_algs),
+ p10_simd_aeads);
+ return ret;
+ }
+ return 0;
}
static void __exit p10_exit(void)
{
- crypto_unregister_aead(&gcm_aes_alg);
+ simd_unregister_aeads(gcm_aes_algs, ARRAY_SIZE(gcm_aes_algs),
+ p10_simd_aeads);
}
-module_cpu_feature_match(PPC_MODULE_FEATURE_P10, p10_init);
+module_init(p10_init);
module_exit(p10_exit);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 092/817] crypto: powerpc/p10-aes-gcm - Add dependency on CRYPTO_SIMDand re-enable CRYPTO_AES_GCM_P10
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (90 preceding siblings ...)
2024-12-03 14:34 ` [PATCH 6.11 091/817] crypto: powerpc/p10-aes-gcm - Register modules as SIMD Greg Kroah-Hartman
@ 2024-12-03 14:34 ` Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 093/817] crypto: qat/qat_420xx - fix off by one in uof_get_name() Greg Kroah-Hartman
` (734 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:34 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Danny Tsen, Herbert Xu, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Danny Tsen <dtsen@linux.ibm.com>
[ Upstream commit 8b6c1e466eecab70c2ed686f636d56eda19f4cd6 ]
Added CRYPTO_SIMD for CRYPTO_AES_GCM_P10.
Fixes: 45a4672b9a6e ("crypto: p10-aes-gcm - Update Kconfig and Makefile")
Signed-off-by: Danny Tsen <dtsen@linux.ibm.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/crypto/Kconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/powerpc/crypto/Kconfig b/arch/powerpc/crypto/Kconfig
index 46a4c85e85e24..951a437264611 100644
--- a/arch/powerpc/crypto/Kconfig
+++ b/arch/powerpc/crypto/Kconfig
@@ -107,12 +107,12 @@ config CRYPTO_AES_PPC_SPE
config CRYPTO_AES_GCM_P10
tristate "Stitched AES/GCM acceleration support on P10 or later CPU (PPC)"
- depends on BROKEN
depends on PPC64 && CPU_LITTLE_ENDIAN && VSX
select CRYPTO_LIB_AES
select CRYPTO_ALGAPI
select CRYPTO_AEAD
select CRYPTO_SKCIPHER
+ select CRYPTO_SIMD
help
AEAD cipher: AES cipher algorithms (FIPS-197)
GCM (Galois/Counter Mode) authenticated encryption mode (NIST SP800-38D)
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 093/817] crypto: qat/qat_420xx - fix off by one in uof_get_name()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (91 preceding siblings ...)
2024-12-03 14:34 ` [PATCH 6.11 092/817] crypto: powerpc/p10-aes-gcm - Add dependency on CRYPTO_SIMDand re-enable CRYPTO_AES_GCM_P10 Greg Kroah-Hartman
@ 2024-12-03 14:34 ` Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 094/817] crypto: qat/qat_4xxx " Greg Kroah-Hartman
` (733 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:34 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dan Carpenter, Giovanni Cabiddu,
Herbert Xu, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dan Carpenter <dan.carpenter@linaro.org>
[ Upstream commit 93a11608fb3720e1bc2b19a2649ac2b49cca1921 ]
This is called from uof_get_name_420xx() where "num_objs" is the
ARRAY_SIZE() of fw_objs[]. The > needs to be >= to prevent an out of
bounds access.
Fixes: fcf60f4bcf54 ("crypto: qat - add support for 420xx devices")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Acked-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/intel/qat/qat_420xx/adf_420xx_hw_data.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/crypto/intel/qat/qat_420xx/adf_420xx_hw_data.c b/drivers/crypto/intel/qat/qat_420xx/adf_420xx_hw_data.c
index 78f0ea49254db..9faef33e54bd3 100644
--- a/drivers/crypto/intel/qat/qat_420xx/adf_420xx_hw_data.c
+++ b/drivers/crypto/intel/qat/qat_420xx/adf_420xx_hw_data.c
@@ -375,7 +375,7 @@ static const char *uof_get_name(struct adf_accel_dev *accel_dev, u32 obj_num,
else
id = -EINVAL;
- if (id < 0 || id > num_objs)
+ if (id < 0 || id >= num_objs)
return NULL;
return fw_objs[id];
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 094/817] crypto: qat/qat_4xxx - fix off by one in uof_get_name()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (92 preceding siblings ...)
2024-12-03 14:34 ` [PATCH 6.11 093/817] crypto: qat/qat_420xx - fix off by one in uof_get_name() Greg Kroah-Hartman
@ 2024-12-03 14:34 ` Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 095/817] firmware: google: Unregister driver_info on failure Greg Kroah-Hartman
` (732 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:34 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dan Carpenter, Giovanni Cabiddu,
Herbert Xu, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dan Carpenter <dan.carpenter@linaro.org>
[ Upstream commit 475b5098043eef6e72751aadeab687992a5b63d1 ]
The fw_objs[] array has "num_objs" elements so the > needs to be >= to
prevent an out of bounds read.
Fixes: 10484c647af6 ("crypto: qat - refactor fw config logic for 4xxx")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Acked-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/intel/qat/qat_4xxx/adf_4xxx_hw_data.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/crypto/intel/qat/qat_4xxx/adf_4xxx_hw_data.c b/drivers/crypto/intel/qat/qat_4xxx/adf_4xxx_hw_data.c
index 9fd7ec53b9f3d..bbd92c017c28e 100644
--- a/drivers/crypto/intel/qat/qat_4xxx/adf_4xxx_hw_data.c
+++ b/drivers/crypto/intel/qat/qat_4xxx/adf_4xxx_hw_data.c
@@ -334,7 +334,7 @@ static const char *uof_get_name(struct adf_accel_dev *accel_dev, u32 obj_num,
else
id = -EINVAL;
- if (id < 0 || id > num_objs)
+ if (id < 0 || id >= num_objs)
return NULL;
return fw_objs[id];
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 095/817] firmware: google: Unregister driver_info on failure
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (93 preceding siblings ...)
2024-12-03 14:34 ` [PATCH 6.11 094/817] crypto: qat/qat_4xxx " Greg Kroah-Hartman
@ 2024-12-03 14:34 ` Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 096/817] EDAC/bluefield: Fix potential integer overflow Greg Kroah-Hartman
` (731 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:34 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yuan Can, Brian Norris,
Tzung-Bi Shih, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yuan Can <yuancan@huawei.com>
[ Upstream commit 32b0901e141f6d4cf49d820b53eb09b88b1f72f7 ]
When platform_device_register_full() returns error, the gsmi_init() returns
without unregister gsmi_driver_info, fix by add missing
platform_driver_unregister() when platform_device_register_full() failed.
Fixes: 8942b2d5094b ("gsmi: Add GSMI commands to log S0ix info")
Signed-off-by: Yuan Can <yuancan@huawei.com>
Acked-by: Brian Norris <briannorris@chromium.org>
Link: https://lore.kernel.org/r/20241015131344.20272-1-yuancan@huawei.com
Signed-off-by: Tzung-Bi Shih <tzungbi@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/firmware/google/gsmi.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/firmware/google/gsmi.c b/drivers/firmware/google/gsmi.c
index d304913314e49..24e666d5c3d1a 100644
--- a/drivers/firmware/google/gsmi.c
+++ b/drivers/firmware/google/gsmi.c
@@ -918,7 +918,8 @@ static __init int gsmi_init(void)
gsmi_dev.pdev = platform_device_register_full(&gsmi_dev_info);
if (IS_ERR(gsmi_dev.pdev)) {
printk(KERN_ERR "gsmi: unable to register platform device\n");
- return PTR_ERR(gsmi_dev.pdev);
+ ret = PTR_ERR(gsmi_dev.pdev);
+ goto out_unregister;
}
/* SMI access needs to be serialized */
@@ -1056,10 +1057,11 @@ static __init int gsmi_init(void)
gsmi_buf_free(gsmi_dev.name_buf);
kmem_cache_destroy(gsmi_dev.mem_pool);
platform_device_unregister(gsmi_dev.pdev);
- pr_info("gsmi: failed to load: %d\n", ret);
+out_unregister:
#ifdef CONFIG_PM
platform_driver_unregister(&gsmi_driver_info);
#endif
+ pr_info("gsmi: failed to load: %d\n", ret);
return ret;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 096/817] EDAC/bluefield: Fix potential integer overflow
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (94 preceding siblings ...)
2024-12-03 14:34 ` [PATCH 6.11 095/817] firmware: google: Unregister driver_info on failure Greg Kroah-Hartman
@ 2024-12-03 14:34 ` Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 097/817] crypto: qat - remove faulty arbiter config reset Greg Kroah-Hartman
` (730 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:34 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, David Thompson,
Borislav Petkov (AMD), Shravan Kumar Ramani, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: David Thompson <davthompson@nvidia.com>
[ Upstream commit 1fe774a93b46bb029b8f6fa9d1f25affa53f06c6 ]
The 64-bit argument for the "get DIMM info" SMC call consists of mem_ctrl_idx
left-shifted 16 bits and OR-ed with DIMM index. With mem_ctrl_idx defined as
32-bits wide the left-shift operation truncates the upper 16 bits of
information during the calculation of the SMC argument.
The mem_ctrl_idx stack variable must be defined as 64-bits wide to prevent any
potential integer overflow, i.e. loss of data from upper 16 bits.
Fixes: 82413e562ea6 ("EDAC, mellanox: Add ECC support for BlueField DDR4")
Signed-off-by: David Thompson <davthompson@nvidia.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Reviewed-by: Shravan Kumar Ramani <shravankr@nvidia.com>
Link: https://lore.kernel.org/r/20240930151056.10158-1-davthompson@nvidia.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/edac/bluefield_edac.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/edac/bluefield_edac.c b/drivers/edac/bluefield_edac.c
index 5b3164560648e..0e539c1073510 100644
--- a/drivers/edac/bluefield_edac.c
+++ b/drivers/edac/bluefield_edac.c
@@ -180,7 +180,7 @@ static void bluefield_edac_check(struct mem_ctl_info *mci)
static void bluefield_edac_init_dimms(struct mem_ctl_info *mci)
{
struct bluefield_edac_priv *priv = mci->pvt_info;
- int mem_ctrl_idx = mci->mc_idx;
+ u64 mem_ctrl_idx = mci->mc_idx;
struct dimm_info *dimm;
u64 smc_info, smc_arg;
int is_empty = 1, i;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 097/817] crypto: qat - remove faulty arbiter config reset
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (95 preceding siblings ...)
2024-12-03 14:34 ` [PATCH 6.11 096/817] EDAC/bluefield: Fix potential integer overflow Greg Kroah-Hartman
@ 2024-12-03 14:34 ` Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 098/817] thermal: core: Initialize thermal zones before registering them Greg Kroah-Hartman
` (729 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:34 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ahsan Atta, Giovanni Cabiddu,
Herbert Xu, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ahsan Atta <ahsan.atta@intel.com>
[ Upstream commit 70199359902f1c7187dcb28a1be679a7081de7cc ]
Resetting the service arbiter config can cause potential issues
related to response ordering and ring flow control check in the
event of AER or device hang. This is because it results in changing
the default response ring size from 32 bytes to 16 bytes. The service
arbiter config reset also disables response ring flow control check.
Thus, by removing this reset we can prevent the service arbiter from
being configured inappropriately, which leads to undesired device
behaviour in the event of errors.
Fixes: 7afa232e76ce ("crypto: qat - Intel(R) QAT DH895xcc accelerator")
Signed-off-by: Ahsan Atta <ahsan.atta@intel.com>
Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/intel/qat/qat_common/adf_hw_arbiter.c | 4 ----
1 file changed, 4 deletions(-)
diff --git a/drivers/crypto/intel/qat/qat_common/adf_hw_arbiter.c b/drivers/crypto/intel/qat/qat_common/adf_hw_arbiter.c
index 65bd26b25abce..f93d9cca70cee 100644
--- a/drivers/crypto/intel/qat/qat_common/adf_hw_arbiter.c
+++ b/drivers/crypto/intel/qat/qat_common/adf_hw_arbiter.c
@@ -90,10 +90,6 @@ void adf_exit_arb(struct adf_accel_dev *accel_dev)
hw_data->get_arb_info(&info);
- /* Reset arbiter configuration */
- for (i = 0; i < ADF_ARB_NUM; i++)
- WRITE_CSR_ARB_SARCONFIG(csr, arb_off, i, 0);
-
/* Unmap worker threads to service arbiters */
for (i = 0; i < hw_data->num_engines; i++)
WRITE_CSR_ARB_WT2SAM(csr, arb_off, wt_off, i, 0);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 098/817] thermal: core: Initialize thermal zones before registering them
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (96 preceding siblings ...)
2024-12-03 14:34 ` [PATCH 6.11 097/817] crypto: qat - remove faulty arbiter config reset Greg Kroah-Hartman
@ 2024-12-03 14:34 ` Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 099/817] thermal: core: Drop thermal_zone_device_is_enabled() Greg Kroah-Hartman
` (728 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:34 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Rafael J. Wysocki, Lukasz Luba,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
[ Upstream commit 662f920f7e390db5d1a6792a2b0ffa59b6c962fc ]
Since user space can start interacting with a new thermal zone as soon
as device_register() called by thermal_zone_device_register_with_trips()
returns, it is better to initialize the thermal zone before calling
device_register() on it.
Fixes: d0df264fbd3c ("thermal/core: Remove pointless thermal_zone_device_reset() function")
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Link: https://patch.msgid.link/3336146.44csPzL39Z@rjwysocki.net
Reviewed-by: Lukasz Luba <lukasz.luba@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/thermal/thermal_core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/thermal/thermal_core.c b/drivers/thermal/thermal_core.c
index 795be67ca878b..2f9128cf55e92 100644
--- a/drivers/thermal/thermal_core.c
+++ b/drivers/thermal/thermal_core.c
@@ -1498,6 +1498,7 @@ thermal_zone_device_register_with_trips(const char *type,
thermal_zone_destroy_device_groups(tz);
goto remove_id;
}
+ thermal_zone_device_init(tz);
result = device_register(&tz->device);
if (result)
goto release_device;
@@ -1543,7 +1544,6 @@ thermal_zone_device_register_with_trips(const char *type,
mutex_unlock(&thermal_list_lock);
- thermal_zone_device_init(tz);
/* Update the new thermal zone and mark it as already updated. */
if (atomic_cmpxchg(&tz->need_update, 1, 0))
thermal_zone_device_update(tz, THERMAL_EVENT_UNSPECIFIED);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 099/817] thermal: core: Drop thermal_zone_device_is_enabled()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (97 preceding siblings ...)
2024-12-03 14:34 ` [PATCH 6.11 098/817] thermal: core: Initialize thermal zones before registering them Greg Kroah-Hartman
@ 2024-12-03 14:34 ` Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 100/817] thermal: core: Rearrange PM notification code Greg Kroah-Hartman
` (727 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:34 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Rafael J. Wysocki, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
[ Upstream commit 54fccad63ec88924db828df6fc0648930bccf345 ]
There are only two callers of thermal_zone_device_is_enabled()
and one of them call is under the zone lock and the other one uses
lockdep_assert_held() on that lock. Thus the lockdep_assert_held()
in thermal_zone_device_is_enabled() is redundant and it could be
dropped, but then the function would merely become a wrapper around
a simple tz->mode check that is more convenient to do directly.
Accordingly, drop thermal_zone_device_is_enabled() altogether and update
its callers to check tz->mode directly as appropriate.
While at it, combine the tz->mode and tz->suspended checks in
__thermal_zone_device_update() because they are of a similar category
and if any of them evaluates to "true", the outcome is the same.
No intentinal functional impact.
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Link: https://patch.msgid.link/9353673.CDJkKcVGEf@rjwysocki.net
Stable-dep-of: 7837fa8115e0 ("thermal: core: Mark thermal zones as initializing to start with")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/thermal/thermal_core.c | 12 +-----------
drivers/thermal/thermal_core.h | 3 ---
drivers/thermal/thermal_sysfs.c | 2 +-
3 files changed, 2 insertions(+), 15 deletions(-)
diff --git a/drivers/thermal/thermal_core.c b/drivers/thermal/thermal_core.c
index 2f9128cf55e92..468a0dae8c497 100644
--- a/drivers/thermal/thermal_core.c
+++ b/drivers/thermal/thermal_core.c
@@ -553,10 +553,7 @@ void __thermal_zone_device_update(struct thermal_zone_device *tz,
LIST_HEAD(way_up_list);
int temp, ret;
- if (tz->suspended)
- return;
-
- if (!thermal_zone_device_is_enabled(tz))
+ if (tz->suspended || tz->mode != THERMAL_DEVICE_ENABLED)
return;
ret = __thermal_zone_get_temp(tz, &temp);
@@ -651,13 +648,6 @@ int thermal_zone_device_disable(struct thermal_zone_device *tz)
}
EXPORT_SYMBOL_GPL(thermal_zone_device_disable);
-int thermal_zone_device_is_enabled(struct thermal_zone_device *tz)
-{
- lockdep_assert_held(&tz->lock);
-
- return tz->mode == THERMAL_DEVICE_ENABLED;
-}
-
static bool thermal_zone_is_present(struct thermal_zone_device *tz)
{
return !list_empty(&tz->node);
diff --git a/drivers/thermal/thermal_core.h b/drivers/thermal/thermal_core.h
index 57fff8bd57611..e93a7641736ed 100644
--- a/drivers/thermal/thermal_core.h
+++ b/drivers/thermal/thermal_core.h
@@ -293,7 +293,4 @@ thermal_cooling_device_stats_update(struct thermal_cooling_device *cdev,
unsigned long new_state) {}
#endif /* CONFIG_THERMAL_STATISTICS */
-/* device tree support */
-int thermal_zone_device_is_enabled(struct thermal_zone_device *tz);
-
#endif /* __THERMAL_CORE_H__ */
diff --git a/drivers/thermal/thermal_sysfs.c b/drivers/thermal/thermal_sysfs.c
index d628dd67be5cc..21f73a230c53e 100644
--- a/drivers/thermal/thermal_sysfs.c
+++ b/drivers/thermal/thermal_sysfs.c
@@ -53,7 +53,7 @@ mode_show(struct device *dev, struct device_attribute *attr, char *buf)
int enabled;
mutex_lock(&tz->lock);
- enabled = thermal_zone_device_is_enabled(tz);
+ enabled = tz->mode == THERMAL_DEVICE_ENABLED;
mutex_unlock(&tz->lock);
return sprintf(buf, "%s\n", enabled ? "enabled" : "disabled");
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 100/817] thermal: core: Rearrange PM notification code
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (98 preceding siblings ...)
2024-12-03 14:34 ` [PATCH 6.11 099/817] thermal: core: Drop thermal_zone_device_is_enabled() Greg Kroah-Hartman
@ 2024-12-03 14:34 ` Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 101/817] thermal: core: Represent suspend-related thermal zone flags as bits Greg Kroah-Hartman
` (726 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:34 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Rafael J. Wysocki, Lukasz Luba,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
[ Upstream commit 7ddca5885718c2683d75689aa065c9a3bb317e5a ]
Move the code run for each thermal zone by the thermal PM notify
handler to separate functions.
This will help to make some subsequent changes look somewhat more
straightforward, among other things.
No intentional functional impact.
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Link: https://patch.msgid.link/2299090.iZASKD2KPV@rjwysocki.net
Reviewed-by: Lukasz Luba <lukasz.luba@arm.com>
Stable-dep-of: 7837fa8115e0 ("thermal: core: Mark thermal zones as initializing to start with")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/thermal/thermal_core.c | 88 ++++++++++++++++++----------------
1 file changed, 46 insertions(+), 42 deletions(-)
diff --git a/drivers/thermal/thermal_core.c b/drivers/thermal/thermal_core.c
index 468a0dae8c497..728eca88a56af 100644
--- a/drivers/thermal/thermal_core.c
+++ b/drivers/thermal/thermal_core.c
@@ -1706,6 +1706,48 @@ static void thermal_zone_device_resume(struct work_struct *work)
mutex_unlock(&tz->lock);
}
+static void thermal_zone_pm_prepare(struct thermal_zone_device *tz)
+{
+ mutex_lock(&tz->lock);
+
+ if (tz->resuming) {
+ /*
+ * thermal_zone_device_resume() queued up for this zone has not
+ * acquired the lock yet, so release it to let the function run
+ * and wait util it has done the work.
+ */
+ mutex_unlock(&tz->lock);
+
+ wait_for_completion(&tz->resume);
+
+ mutex_lock(&tz->lock);
+ }
+
+ tz->suspended = true;
+
+ mutex_unlock(&tz->lock);
+}
+
+static void thermal_zone_pm_complete(struct thermal_zone_device *tz)
+{
+ mutex_lock(&tz->lock);
+
+ cancel_delayed_work(&tz->poll_queue);
+
+ reinit_completion(&tz->resume);
+ tz->resuming = true;
+
+ /*
+ * Replace the work function with the resume one, which will restore the
+ * original work function and schedule the polling work if needed.
+ */
+ INIT_DELAYED_WORK(&tz->poll_queue, thermal_zone_device_resume);
+ /* Queue up the work without a delay. */
+ mod_delayed_work(system_freezable_power_efficient_wq, &tz->poll_queue, 0);
+
+ mutex_unlock(&tz->lock);
+}
+
static int thermal_pm_notify(struct notifier_block *nb,
unsigned long mode, void *_unused)
{
@@ -1717,27 +1759,8 @@ static int thermal_pm_notify(struct notifier_block *nb,
case PM_SUSPEND_PREPARE:
mutex_lock(&thermal_list_lock);
- list_for_each_entry(tz, &thermal_tz_list, node) {
- mutex_lock(&tz->lock);
-
- if (tz->resuming) {
- /*
- * thermal_zone_device_resume() queued up for
- * this zone has not acquired the lock yet, so
- * release it to let the function run and wait
- * util it has done the work.
- */
- mutex_unlock(&tz->lock);
-
- wait_for_completion(&tz->resume);
-
- mutex_lock(&tz->lock);
- }
-
- tz->suspended = true;
-
- mutex_unlock(&tz->lock);
- }
+ list_for_each_entry(tz, &thermal_tz_list, node)
+ thermal_zone_pm_prepare(tz);
mutex_unlock(&thermal_list_lock);
break;
@@ -1746,27 +1769,8 @@ static int thermal_pm_notify(struct notifier_block *nb,
case PM_POST_SUSPEND:
mutex_lock(&thermal_list_lock);
- list_for_each_entry(tz, &thermal_tz_list, node) {
- mutex_lock(&tz->lock);
-
- cancel_delayed_work(&tz->poll_queue);
-
- reinit_completion(&tz->resume);
- tz->resuming = true;
-
- /*
- * Replace the work function with the resume one, which
- * will restore the original work function and schedule
- * the polling work if needed.
- */
- INIT_DELAYED_WORK(&tz->poll_queue,
- thermal_zone_device_resume);
- /* Queue up the work without a delay. */
- mod_delayed_work(system_freezable_power_efficient_wq,
- &tz->poll_queue, 0);
-
- mutex_unlock(&tz->lock);
- }
+ list_for_each_entry(tz, &thermal_tz_list, node)
+ thermal_zone_pm_complete(tz);
mutex_unlock(&thermal_list_lock);
break;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 101/817] thermal: core: Represent suspend-related thermal zone flags as bits
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (99 preceding siblings ...)
2024-12-03 14:34 ` [PATCH 6.11 100/817] thermal: core: Rearrange PM notification code Greg Kroah-Hartman
@ 2024-12-03 14:34 ` Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 102/817] thermal: core: Mark thermal zones as initializing to start with Greg Kroah-Hartman
` (725 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:34 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Rafael J. Wysocki, Lukasz Luba,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
[ Upstream commit 26c9ab8090cda1eb3d42f491cc32d227404897da ]
Instead of using two separate fields in struct thermal_zone_device for
representing flags related to thermal zone suspend, represent them
explicitly as bits in one u8 "state" field.
Subsequently, that field will be used for addressing race conditions
related to thermal zone initialization and exit.
No intentional functional impact.
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Link: https://patch.msgid.link/7733910.EvYhyI6sBW@rjwysocki.net
Reviewed-by: Lukasz Luba <lukasz.luba@arm.com>
Stable-dep-of: 7837fa8115e0 ("thermal: core: Mark thermal zones as initializing to start with")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/thermal/thermal_core.c | 11 +++++------
drivers/thermal/thermal_core.h | 11 +++++++----
2 files changed, 12 insertions(+), 10 deletions(-)
diff --git a/drivers/thermal/thermal_core.c b/drivers/thermal/thermal_core.c
index 728eca88a56af..7218bcbaf656e 100644
--- a/drivers/thermal/thermal_core.c
+++ b/drivers/thermal/thermal_core.c
@@ -553,7 +553,7 @@ void __thermal_zone_device_update(struct thermal_zone_device *tz,
LIST_HEAD(way_up_list);
int temp, ret;
- if (tz->suspended || tz->mode != THERMAL_DEVICE_ENABLED)
+ if (tz->state != TZ_STATE_READY || tz->mode != THERMAL_DEVICE_ENABLED)
return;
ret = __thermal_zone_get_temp(tz, &temp);
@@ -1693,7 +1693,7 @@ static void thermal_zone_device_resume(struct work_struct *work)
mutex_lock(&tz->lock);
- tz->suspended = false;
+ tz->state &= ~(TZ_STATE_FLAG_SUSPENDED | TZ_STATE_FLAG_RESUMING);
thermal_debug_tz_resume(tz);
thermal_zone_device_init(tz);
@@ -1701,7 +1701,6 @@ static void thermal_zone_device_resume(struct work_struct *work)
__thermal_zone_device_update(tz, THERMAL_TZ_RESUME);
complete(&tz->resume);
- tz->resuming = false;
mutex_unlock(&tz->lock);
}
@@ -1710,7 +1709,7 @@ static void thermal_zone_pm_prepare(struct thermal_zone_device *tz)
{
mutex_lock(&tz->lock);
- if (tz->resuming) {
+ if (tz->state & TZ_STATE_FLAG_RESUMING) {
/*
* thermal_zone_device_resume() queued up for this zone has not
* acquired the lock yet, so release it to let the function run
@@ -1723,7 +1722,7 @@ static void thermal_zone_pm_prepare(struct thermal_zone_device *tz)
mutex_lock(&tz->lock);
}
- tz->suspended = true;
+ tz->state |= TZ_STATE_FLAG_SUSPENDED;
mutex_unlock(&tz->lock);
}
@@ -1735,7 +1734,7 @@ static void thermal_zone_pm_complete(struct thermal_zone_device *tz)
cancel_delayed_work(&tz->poll_queue);
reinit_completion(&tz->resume);
- tz->resuming = true;
+ tz->state |= TZ_STATE_FLAG_RESUMING;
/*
* Replace the work function with the resume one, which will restore the
diff --git a/drivers/thermal/thermal_core.h b/drivers/thermal/thermal_core.h
index e93a7641736ed..1cf722ba4b71d 100644
--- a/drivers/thermal/thermal_core.h
+++ b/drivers/thermal/thermal_core.h
@@ -61,6 +61,11 @@ struct thermal_governor {
struct list_head governor_list;
};
+#define TZ_STATE_FLAG_SUSPENDED BIT(0)
+#define TZ_STATE_FLAG_RESUMING BIT(1)
+
+#define TZ_STATE_READY 0
+
/**
* struct thermal_zone_device - structure for a thermal zone
* @id: unique id number for each thermal zone
@@ -100,8 +105,7 @@ struct thermal_governor {
* @node: node in thermal_tz_list (in thermal_core.c)
* @poll_queue: delayed work for polling
* @notify_event: Last notification event
- * @suspended: thermal zone suspend indicator
- * @resuming: indicates whether or not thermal zone resume is in progress
+ * @state: current state of the thermal zone
* @trips: array of struct thermal_trip objects
*/
struct thermal_zone_device {
@@ -134,8 +138,7 @@ struct thermal_zone_device {
struct list_head node;
struct delayed_work poll_queue;
enum thermal_notify_event notify_event;
- bool suspended;
- bool resuming;
+ u8 state;
#ifdef CONFIG_THERMAL_DEBUGFS
struct thermal_debugfs *debugfs;
#endif
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 102/817] thermal: core: Mark thermal zones as initializing to start with
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (100 preceding siblings ...)
2024-12-03 14:34 ` [PATCH 6.11 101/817] thermal: core: Represent suspend-related thermal zone flags as bits Greg Kroah-Hartman
@ 2024-12-03 14:34 ` Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 103/817] thermal: core: Fix race between zone registration and system suspend Greg Kroah-Hartman
` (724 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:34 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Rafael J. Wysocki, Lukasz Luba,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
[ Upstream commit 7837fa8115e0273d3cfbd3d17b3f7b7291ceac08 ]
After thermal_zone_device_register_with_trips() has called
device_register() and it has registered the new thermal zone device
with the driver core, user space may access its sysfs attributes and,
among other things, it may enable the thermal zone before it is ready.
To address this, introduce a new thermal zone state flag for
initialization and set it before calling device_register() in
thermal_zone_device_register_with_trips(). This causes
__thermal_zone_device_update() to return early until the new flag
is cleared.
To clear it when the thermal zone is ready, introduce a new
function called thermal_zone_init_complete() that will also invoke
__thermal_zone_device_update() after clearing that flag (both under the
thernal zone lock) and make thermal_zone_device_register_with_trips()
call the new function instead of checking need_update and calling
thermal_zone_device_update() when it is set.
After this change, if user space enables the thermal zone prematurely,
__thermal_zone_device_update() will return early for it until
thermal_zone_init_complete() is called. In turn, if the thermal zone
is not enabled by user space before thermal_zone_init_complete() is
called, the __thermal_zone_device_update() call in it will return early
because the thermal zone has not been enabled yet, but that function
will be invoked again by thermal_zone_device_set_mode() when the thermal
zone is enabled and it will not return early this time.
The checking of need_update is not necessary any more because the
__thermal_zone_device_update() calls potentially triggered by cooling
device binding take place before calling thermal_zone_init_complete(),
so they all will return early, which means that
thermal_zone_init_complete() must call __thermal_zone_device_update()
in case the thermal zone is enabled prematurely by user space.
Fixes: 203d3d4aa482 ("the generic thermal sysfs driver")
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Link: https://patch.msgid.link/9360231.CDJkKcVGEf@rjwysocki.net
Reviewed-by: Lukasz Luba <lukasz.luba@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/thermal/thermal_core.c | 16 +++++++++++++---
drivers/thermal/thermal_core.h | 1 +
2 files changed, 14 insertions(+), 3 deletions(-)
diff --git a/drivers/thermal/thermal_core.c b/drivers/thermal/thermal_core.c
index 7218bcbaf656e..91512a8cb49d9 100644
--- a/drivers/thermal/thermal_core.c
+++ b/drivers/thermal/thermal_core.c
@@ -1351,6 +1351,16 @@ int thermal_zone_get_crit_temp(struct thermal_zone_device *tz, int *temp)
}
EXPORT_SYMBOL_GPL(thermal_zone_get_crit_temp);
+static void thermal_zone_init_complete(struct thermal_zone_device *tz)
+{
+ mutex_lock(&tz->lock);
+
+ tz->state &= ~TZ_STATE_FLAG_INIT;
+ __thermal_zone_device_update(tz, THERMAL_EVENT_UNSPECIFIED);
+
+ mutex_unlock(&tz->lock);
+}
+
/**
* thermal_zone_device_register_with_trips() - register a new thermal zone device
* @type: the thermal zone device type
@@ -1474,6 +1484,8 @@ thermal_zone_device_register_with_trips(const char *type,
tz->passive_delay_jiffies = msecs_to_jiffies(passive_delay);
tz->recheck_delay_jiffies = THERMAL_RECHECK_DELAY;
+ tz->state = TZ_STATE_FLAG_INIT;
+
/* sys I/F */
/* Add nodes that are always present via .groups */
result = thermal_zone_create_device_groups(tz);
@@ -1534,9 +1546,7 @@ thermal_zone_device_register_with_trips(const char *type,
mutex_unlock(&thermal_list_lock);
- /* Update the new thermal zone and mark it as already updated. */
- if (atomic_cmpxchg(&tz->need_update, 1, 0))
- thermal_zone_device_update(tz, THERMAL_EVENT_UNSPECIFIED);
+ thermal_zone_init_complete(tz);
thermal_notify_tz_create(tz);
diff --git a/drivers/thermal/thermal_core.h b/drivers/thermal/thermal_core.h
index 1cf722ba4b71d..1605a930814a5 100644
--- a/drivers/thermal/thermal_core.h
+++ b/drivers/thermal/thermal_core.h
@@ -63,6 +63,7 @@ struct thermal_governor {
#define TZ_STATE_FLAG_SUSPENDED BIT(0)
#define TZ_STATE_FLAG_RESUMING BIT(1)
+#define TZ_STATE_FLAG_INIT BIT(2)
#define TZ_STATE_READY 0
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 103/817] thermal: core: Fix race between zone registration and system suspend
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (101 preceding siblings ...)
2024-12-03 14:34 ` [PATCH 6.11 102/817] thermal: core: Mark thermal zones as initializing to start with Greg Kroah-Hartman
@ 2024-12-03 14:34 ` Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 104/817] EDAC/fsl_ddr: Fix bad bit shift operations Greg Kroah-Hartman
` (723 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:34 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Rafael J. Wysocki, Lukasz Luba,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
[ Upstream commit cdf771ab476bd9acb0948f3088a277d5c3cacc6b ]
If the registration of a thermal zone takes place at the time when
system suspend is started, thermal_pm_notify() can run before the new
thermal zone is added to thermal_tz_list and its "suspended" flag will
not be set. Consequently, if __thermal_zone_device_update() is called
for that thermal zone, it will not return early as expected which may
cause some destructive interference with the system suspend or resume
flow to occur.
To avoid that, make thermal_zone_init_complete() introduced previously
set the "suspended" flag for new thermal zones if it runs during system
suspend or resume.
Fixes: 4e814173a8c4 ("thermal: core: Fix thermal zone suspend-resume synchronization")
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Link: https://patch.msgid.link/8490245.NyiUUSuA9g@rjwysocki.net
Reviewed-by: Lukasz Luba <lukasz.luba@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/thermal/thermal_core.c | 18 ++++++++++++++++--
1 file changed, 16 insertions(+), 2 deletions(-)
diff --git a/drivers/thermal/thermal_core.c b/drivers/thermal/thermal_core.c
index 91512a8cb49d9..a674469adad19 100644
--- a/drivers/thermal/thermal_core.c
+++ b/drivers/thermal/thermal_core.c
@@ -40,6 +40,8 @@ static DEFINE_MUTEX(thermal_governor_lock);
static struct thermal_governor *def_governor;
+static bool thermal_pm_suspended;
+
/*
* Governor section: set of functions to handle thermal governors
*
@@ -1356,6 +1358,14 @@ static void thermal_zone_init_complete(struct thermal_zone_device *tz)
mutex_lock(&tz->lock);
tz->state &= ~TZ_STATE_FLAG_INIT;
+ /*
+ * If system suspend or resume is in progress at this point, the
+ * new thermal zone needs to be marked as suspended because
+ * thermal_pm_notify() has run already.
+ */
+ if (thermal_pm_suspended)
+ tz->state |= TZ_STATE_FLAG_SUSPENDED;
+
__thermal_zone_device_update(tz, THERMAL_EVENT_UNSPECIFIED);
mutex_unlock(&tz->lock);
@@ -1544,10 +1554,10 @@ thermal_zone_device_register_with_trips(const char *type,
}
}
- mutex_unlock(&thermal_list_lock);
-
thermal_zone_init_complete(tz);
+ mutex_unlock(&thermal_list_lock);
+
thermal_notify_tz_create(tz);
thermal_debug_tz_add(tz);
@@ -1768,6 +1778,8 @@ static int thermal_pm_notify(struct notifier_block *nb,
case PM_SUSPEND_PREPARE:
mutex_lock(&thermal_list_lock);
+ thermal_pm_suspended = true;
+
list_for_each_entry(tz, &thermal_tz_list, node)
thermal_zone_pm_prepare(tz);
@@ -1778,6 +1790,8 @@ static int thermal_pm_notify(struct notifier_block *nb,
case PM_POST_SUSPEND:
mutex_lock(&thermal_list_lock);
+ thermal_pm_suspended = false;
+
list_for_each_entry(tz, &thermal_tz_list, node)
thermal_zone_pm_complete(tz);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 104/817] EDAC/fsl_ddr: Fix bad bit shift operations
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (102 preceding siblings ...)
2024-12-03 14:34 ` [PATCH 6.11 103/817] thermal: core: Fix race between zone registration and system suspend Greg Kroah-Hartman
@ 2024-12-03 14:34 ` Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 105/817] EDAC/skx_common: Differentiate memory error sources Greg Kroah-Hartman
` (722 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:34 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Priyanka Singh, Li Yang, Frank Li,
Borislav Petkov (AMD), Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Priyanka Singh <priyanka.singh@nxp.com>
[ Upstream commit 9ec22ac4fe766c6abba845290d5139a3fbe0153b ]
Fix undefined behavior caused by left-shifting a negative value in the
expression:
cap_high ^ (1 << (bad_data_bit - 32))
The variable bad_data_bit ranges from 0 to 63. When it is less than 32,
bad_data_bit - 32 becomes negative, and left-shifting by a negative
value in C is undefined behavior.
Fix this by combining cap_high and cap_low into a 64-bit variable.
[ bp: Massage commit message, simplify error bits handling. ]
Fixes: ea2eb9a8b620 ("EDAC, fsl-ddr: Separate FSL DDR driver from MPC85xx")
Signed-off-by: Priyanka Singh <priyanka.singh@nxp.com>
Signed-off-by: Li Yang <leoyang.li@nxp.com>
Signed-off-by: Frank Li <Frank.Li@nxp.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Link: https://lore.kernel.org/r/20241016-imx95_edac-v3-3-86ae6fc2756a@nxp.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/edac/fsl_ddr_edac.c | 22 +++++++++++++---------
1 file changed, 13 insertions(+), 9 deletions(-)
diff --git a/drivers/edac/fsl_ddr_edac.c b/drivers/edac/fsl_ddr_edac.c
index d148d262d0d4d..339d94b3d04c7 100644
--- a/drivers/edac/fsl_ddr_edac.c
+++ b/drivers/edac/fsl_ddr_edac.c
@@ -328,21 +328,25 @@ static void fsl_mc_check(struct mem_ctl_info *mci)
* TODO: Add support for 32-bit wide buses
*/
if ((err_detect & DDR_EDE_SBE) && (bus_width == 64)) {
+ u64 cap = (u64)cap_high << 32 | cap_low;
+ u32 s = syndrome;
+
sbe_ecc_decode(cap_high, cap_low, syndrome,
&bad_data_bit, &bad_ecc_bit);
- if (bad_data_bit != -1)
- fsl_mc_printk(mci, KERN_ERR,
- "Faulty Data bit: %d\n", bad_data_bit);
- if (bad_ecc_bit != -1)
- fsl_mc_printk(mci, KERN_ERR,
- "Faulty ECC bit: %d\n", bad_ecc_bit);
+ if (bad_data_bit >= 0) {
+ fsl_mc_printk(mci, KERN_ERR, "Faulty Data bit: %d\n", bad_data_bit);
+ cap ^= 1ULL << bad_data_bit;
+ }
+
+ if (bad_ecc_bit >= 0) {
+ fsl_mc_printk(mci, KERN_ERR, "Faulty ECC bit: %d\n", bad_ecc_bit);
+ s ^= 1 << bad_ecc_bit;
+ }
fsl_mc_printk(mci, KERN_ERR,
"Expected Data / ECC:\t%#8.8x_%08x / %#2.2x\n",
- cap_high ^ (1 << (bad_data_bit - 32)),
- cap_low ^ (1 << bad_data_bit),
- syndrome ^ (1 << bad_ecc_bit));
+ upper_32_bits(cap), lower_32_bits(cap), s);
}
fsl_mc_printk(mci, KERN_ERR,
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 105/817] EDAC/skx_common: Differentiate memory error sources
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (103 preceding siblings ...)
2024-12-03 14:34 ` [PATCH 6.11 104/817] EDAC/fsl_ddr: Fix bad bit shift operations Greg Kroah-Hartman
@ 2024-12-03 14:34 ` Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 106/817] EDAC/{skx_common,i10nm}: Fix incorrect far-memory error source indicator Greg Kroah-Hartman
` (721 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:34 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Qiuxu Zhuo, Tony Luck,
Diego Garcia Rodriguez, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Qiuxu Zhuo <qiuxu.zhuo@intel.com>
[ Upstream commit 2397f795735219caa9c2fe61e7bcdd0652e670d3 ]
The current skx_common determines whether the memory error source is the
near memory of the 2LM system and then retrieves the decoded error results
from the ADXL components (near-memory vs. far-memory) accordingly.
However, some memory controllers may have limitations in correctly
reporting the memory error source, leading to the retrieval of incorrect
decoded parts from the ADXL.
To address these limitations, instead of simply determining whether the
memory error is from the near memory of the 2LM system, it is necessary to
distinguish the memory error source details as follows:
Memory error from the near memory of the 2LM system.
Memory error from the far memory of the 2LM system.
Memory error from the 1LM system.
Not a memory error.
This will enable the i10nm_edac driver to take appropriate actions for
those memory controllers that have limitations in reporting the memory
error source.
Fixes: ba987eaaabf9 ("EDAC/i10nm: Add Intel Granite Rapids server support")
Signed-off-by: Qiuxu Zhuo <qiuxu.zhuo@intel.com>
Signed-off-by: Tony Luck <tony.luck@intel.com>
Tested-by: Diego Garcia Rodriguez <diego.garcia.rodriguez@intel.com>
Link: https://lore.kernel.org/r/20241015072236.24543-2-qiuxu.zhuo@intel.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/edac/skx_common.c | 34 ++++++++++++++++------------------
drivers/edac/skx_common.h | 7 +++++++
2 files changed, 23 insertions(+), 18 deletions(-)
diff --git a/drivers/edac/skx_common.c b/drivers/edac/skx_common.c
index 8d18099fd528c..42266120ef427 100644
--- a/drivers/edac/skx_common.c
+++ b/drivers/edac/skx_common.c
@@ -119,7 +119,7 @@ void skx_adxl_put(void)
}
EXPORT_SYMBOL_GPL(skx_adxl_put);
-static bool skx_adxl_decode(struct decoded_addr *res, bool error_in_1st_level_mem)
+static bool skx_adxl_decode(struct decoded_addr *res, enum error_source err_src)
{
struct skx_dev *d;
int i, len = 0;
@@ -136,7 +136,7 @@ static bool skx_adxl_decode(struct decoded_addr *res, bool error_in_1st_level_me
}
res->socket = (int)adxl_values[component_indices[INDEX_SOCKET]];
- if (error_in_1st_level_mem) {
+ if (err_src == ERR_SRC_2LM_NM) {
res->imc = (adxl_nm_bitmap & BIT_NM_MEMCTRL) ?
(int)adxl_values[component_indices[INDEX_NM_MEMCTRL]] : -1;
res->channel = (adxl_nm_bitmap & BIT_NM_CHANNEL) ?
@@ -620,31 +620,27 @@ static void skx_mce_output_error(struct mem_ctl_info *mci,
optype, skx_msg);
}
-static bool skx_error_in_1st_level_mem(const struct mce *m)
+static enum error_source skx_error_source(const struct mce *m)
{
- u32 errcode;
+ u32 errcode = GET_BITFIELD(m->status, 0, 15) & MCACOD_MEM_ERR_MASK;
- if (!skx_mem_cfg_2lm)
- return false;
-
- errcode = GET_BITFIELD(m->status, 0, 15) & MCACOD_MEM_ERR_MASK;
-
- return errcode == MCACOD_EXT_MEM_ERR;
-}
+ if (errcode != MCACOD_MEM_CTL_ERR && errcode != MCACOD_EXT_MEM_ERR)
+ return ERR_SRC_NOT_MEMORY;
-static bool skx_error_in_mem(const struct mce *m)
-{
- u32 errcode;
+ if (!skx_mem_cfg_2lm)
+ return ERR_SRC_1LM;
- errcode = GET_BITFIELD(m->status, 0, 15) & MCACOD_MEM_ERR_MASK;
+ if (errcode == MCACOD_EXT_MEM_ERR)
+ return ERR_SRC_2LM_NM;
- return (errcode == MCACOD_MEM_CTL_ERR || errcode == MCACOD_EXT_MEM_ERR);
+ return ERR_SRC_2LM_FM;
}
int skx_mce_check_error(struct notifier_block *nb, unsigned long val,
void *data)
{
struct mce *mce = (struct mce *)data;
+ enum error_source err_src;
struct decoded_addr res;
struct mem_ctl_info *mci;
char *type;
@@ -652,8 +648,10 @@ int skx_mce_check_error(struct notifier_block *nb, unsigned long val,
if (mce->kflags & MCE_HANDLED_CEC)
return NOTIFY_DONE;
+ err_src = skx_error_source(mce);
+
/* Ignore unless this is memory related with an address */
- if (!skx_error_in_mem(mce) || !(mce->status & MCI_STATUS_ADDRV))
+ if (err_src == ERR_SRC_NOT_MEMORY || !(mce->status & MCI_STATUS_ADDRV))
return NOTIFY_DONE;
memset(&res, 0, sizeof(res));
@@ -667,7 +665,7 @@ int skx_mce_check_error(struct notifier_block *nb, unsigned long val,
/* Try driver decoder first */
if (!(driver_decode && driver_decode(&res))) {
/* Then try firmware decoder (ACPI DSM methods) */
- if (!(adxl_component_count && skx_adxl_decode(&res, skx_error_in_1st_level_mem(mce))))
+ if (!(adxl_component_count && skx_adxl_decode(&res, err_src)))
return NOTIFY_DONE;
}
diff --git a/drivers/edac/skx_common.h b/drivers/edac/skx_common.h
index 473421ba7a18a..58b8ac62becf5 100644
--- a/drivers/edac/skx_common.h
+++ b/drivers/edac/skx_common.h
@@ -146,6 +146,13 @@ enum {
INDEX_MAX
};
+enum error_source {
+ ERR_SRC_1LM,
+ ERR_SRC_2LM_NM,
+ ERR_SRC_2LM_FM,
+ ERR_SRC_NOT_MEMORY,
+};
+
#define BIT_NM_MEMCTRL BIT_ULL(INDEX_NM_MEMCTRL)
#define BIT_NM_CHANNEL BIT_ULL(INDEX_NM_CHANNEL)
#define BIT_NM_DIMM BIT_ULL(INDEX_NM_DIMM)
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 106/817] EDAC/{skx_common,i10nm}: Fix incorrect far-memory error source indicator
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (104 preceding siblings ...)
2024-12-03 14:34 ` [PATCH 6.11 105/817] EDAC/skx_common: Differentiate memory error sources Greg Kroah-Hartman
@ 2024-12-03 14:34 ` Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 107/817] crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY Greg Kroah-Hartman
` (720 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:34 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Qiuxu Zhuo, Tony Luck,
Diego Garcia Rodriguez, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Qiuxu Zhuo <qiuxu.zhuo@intel.com>
[ Upstream commit a36667037a0c0e36c59407f8ae636295390239a5 ]
The Granite Rapids CPUs with Flat2LM memory configurations may
mistakenly report near-memory errors as far-memory errors, resulting
in the invalid decoded ADXL results:
EDAC skx: Bad imc -1
Fix this incorrect far-memory error source indicator by prefetching the
decoded far-memory controller ID, and adjust the error source indicator
to near-memory if the far-memory controller ID is invalid.
Fixes: ba987eaaabf9 ("EDAC/i10nm: Add Intel Granite Rapids server support")
Signed-off-by: Qiuxu Zhuo <qiuxu.zhuo@intel.com>
Signed-off-by: Tony Luck <tony.luck@intel.com>
Tested-by: Diego Garcia Rodriguez <diego.garcia.rodriguez@intel.com>
Link: https://lore.kernel.org/r/20241015072236.24543-3-qiuxu.zhuo@intel.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/edac/i10nm_base.c | 1 +
drivers/edac/skx_common.c | 23 +++++++++++++++++++++++
drivers/edac/skx_common.h | 1 +
3 files changed, 25 insertions(+)
diff --git a/drivers/edac/i10nm_base.c b/drivers/edac/i10nm_base.c
index 24dd896d9a9d5..4e98fe16f0913 100644
--- a/drivers/edac/i10nm_base.c
+++ b/drivers/edac/i10nm_base.c
@@ -1089,6 +1089,7 @@ static int __init i10nm_init(void)
return -ENODEV;
cfg = (struct res_config *)id->driver_data;
+ skx_set_res_cfg(cfg);
res_cfg = cfg;
rc = skx_get_hi_lo(0x09a2, off, &tolm, &tohm);
diff --git a/drivers/edac/skx_common.c b/drivers/edac/skx_common.c
index 42266120ef427..0b8aaf5f77d9f 100644
--- a/drivers/edac/skx_common.c
+++ b/drivers/edac/skx_common.c
@@ -47,6 +47,7 @@ static skx_show_retry_log_f skx_show_retry_rd_err_log;
static u64 skx_tolm, skx_tohm;
static LIST_HEAD(dev_edac_list);
static bool skx_mem_cfg_2lm;
+static struct res_config *skx_res_cfg;
int skx_adxl_get(void)
{
@@ -135,6 +136,22 @@ static bool skx_adxl_decode(struct decoded_addr *res, enum error_source err_src)
return false;
}
+ /*
+ * GNR with a Flat2LM memory configuration may mistakenly classify
+ * a near-memory error(DDR5) as a far-memory error(CXL), resulting
+ * in the incorrect selection of decoded ADXL components.
+ * To address this, prefetch the decoded far-memory controller ID
+ * and adjust the error source to near-memory if the far-memory
+ * controller ID is invalid.
+ */
+ if (skx_res_cfg && skx_res_cfg->type == GNR && err_src == ERR_SRC_2LM_FM) {
+ res->imc = (int)adxl_values[component_indices[INDEX_MEMCTRL]];
+ if (res->imc == -1) {
+ err_src = ERR_SRC_2LM_NM;
+ edac_dbg(0, "Adjust the error source to near-memory.\n");
+ }
+ }
+
res->socket = (int)adxl_values[component_indices[INDEX_SOCKET]];
if (err_src == ERR_SRC_2LM_NM) {
res->imc = (adxl_nm_bitmap & BIT_NM_MEMCTRL) ?
@@ -191,6 +208,12 @@ void skx_set_mem_cfg(bool mem_cfg_2lm)
}
EXPORT_SYMBOL_GPL(skx_set_mem_cfg);
+void skx_set_res_cfg(struct res_config *cfg)
+{
+ skx_res_cfg = cfg;
+}
+EXPORT_SYMBOL_GPL(skx_set_res_cfg);
+
void skx_set_decode(skx_decode_f decode, skx_show_retry_log_f show_retry_log)
{
driver_decode = decode;
diff --git a/drivers/edac/skx_common.h b/drivers/edac/skx_common.h
index 58b8ac62becf5..5a7111791c109 100644
--- a/drivers/edac/skx_common.h
+++ b/drivers/edac/skx_common.h
@@ -241,6 +241,7 @@ int skx_adxl_get(void);
void skx_adxl_put(void);
void skx_set_decode(skx_decode_f decode, skx_show_retry_log_f show_retry_log);
void skx_set_mem_cfg(bool mem_cfg_2lm);
+void skx_set_res_cfg(struct res_config *cfg);
int skx_get_src_id(struct skx_dev *d, int off, u8 *id);
int skx_get_node_id(struct skx_dev *d, u8 *id);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 107/817] crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (105 preceding siblings ...)
2024-12-03 14:34 ` [PATCH 6.11 106/817] EDAC/{skx_common,i10nm}: Fix incorrect far-memory error source indicator Greg Kroah-Hartman
@ 2024-12-03 14:34 ` Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 108/817] crypto: cavium - Fix the if condition to exit loop after timeout Greg Kroah-Hartman
` (719 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:34 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Yi Yang, Herbert Xu, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yi Yang <yiyang13@huawei.com>
[ Upstream commit 662f2f13e66d3883b9238b0b96b17886179e60e2 ]
Since commit 8f4f68e788c3 ("crypto: pcrypt - Fix hungtask for
PADATA_RESET"), the pcrypt encryption and decryption operations return
-EAGAIN when the CPU goes online or offline. In alg_test(), a WARN is
generated when pcrypt_aead_decrypt() or pcrypt_aead_encrypt() returns
-EAGAIN, the unnecessary panic will occur when panic_on_warn set 1.
Fix this issue by calling crypto layer directly without parallelization
in that case.
Fixes: 8f4f68e788c3 ("crypto: pcrypt - Fix hungtask for PADATA_RESET")
Signed-off-by: Yi Yang <yiyang13@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
crypto/pcrypt.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/crypto/pcrypt.c b/crypto/pcrypt.c
index d0d954fe9d54f..7fc79e7dce44a 100644
--- a/crypto/pcrypt.c
+++ b/crypto/pcrypt.c
@@ -117,8 +117,10 @@ static int pcrypt_aead_encrypt(struct aead_request *req)
err = padata_do_parallel(ictx->psenc, padata, &ctx->cb_cpu);
if (!err)
return -EINPROGRESS;
- if (err == -EBUSY)
- return -EAGAIN;
+ if (err == -EBUSY) {
+ /* try non-parallel mode */
+ return crypto_aead_encrypt(creq);
+ }
return err;
}
@@ -166,8 +168,10 @@ static int pcrypt_aead_decrypt(struct aead_request *req)
err = padata_do_parallel(ictx->psdec, padata, &ctx->cb_cpu);
if (!err)
return -EINPROGRESS;
- if (err == -EBUSY)
- return -EAGAIN;
+ if (err == -EBUSY) {
+ /* try non-parallel mode */
+ return crypto_aead_decrypt(creq);
+ }
return err;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 108/817] crypto: cavium - Fix the if condition to exit loop after timeout
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (106 preceding siblings ...)
2024-12-03 14:34 ` [PATCH 6.11 107/817] crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY Greg Kroah-Hartman
@ 2024-12-03 14:34 ` Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 109/817] cpufreq/amd-pstate: Dont update CPPC request in amd_pstate_cpu_boost_update() Greg Kroah-Hartman
` (718 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:34 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Everest K.C., Herbert Xu,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Everest K.C <everestkc@everestkc.com.np>
[ Upstream commit 53d91ca76b6c426c546542a44c78507b42008c9e ]
The while loop breaks in the first run because of incorrect
if condition. It also causes the statements after the if to
appear dead.
Fix this by changing the condition from if(timeout--) to
if(!timeout--).
This bug was reported by Coverity Scan.
Report:
CID 1600859: (#1 of 1): Logically dead code (DEADCODE)
dead_error_line: Execution cannot reach this statement: udelay(30UL);
Fixes: 9e2c7d99941d ("crypto: cavium - Add Support for Octeon-tx CPT Engine")
Signed-off-by: Everest K.C. <everestkc@everestkc.com.np>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/cavium/cpt/cptpf_main.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/crypto/cavium/cpt/cptpf_main.c b/drivers/crypto/cavium/cpt/cptpf_main.c
index 6872ac3440010..ec17beee24c07 100644
--- a/drivers/crypto/cavium/cpt/cptpf_main.c
+++ b/drivers/crypto/cavium/cpt/cptpf_main.c
@@ -44,7 +44,7 @@ static void cpt_disable_cores(struct cpt_device *cpt, u64 coremask,
dev_err(dev, "Cores still busy %llx", coremask);
grp = cpt_read_csr64(cpt->reg_base,
CPTX_PF_EXEC_BUSY(0));
- if (timeout--)
+ if (!timeout--)
break;
udelay(CSR_DELAY);
@@ -394,7 +394,7 @@ static void cpt_disable_all_cores(struct cpt_device *cpt)
dev_err(dev, "Cores still busy");
grp = cpt_read_csr64(cpt->reg_base,
CPTX_PF_EXEC_BUSY(0));
- if (timeout--)
+ if (!timeout--)
break;
udelay(CSR_DELAY);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 109/817] cpufreq/amd-pstate: Dont update CPPC request in amd_pstate_cpu_boost_update()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (107 preceding siblings ...)
2024-12-03 14:34 ` [PATCH 6.11 108/817] crypto: cavium - Fix the if condition to exit loop after timeout Greg Kroah-Hartman
@ 2024-12-03 14:34 ` Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 110/817] amd-pstate: Set min_perf to nominal_perf for active mode performance gov Greg Kroah-Hartman
` (717 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:34 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Gautham R. Shenoy, Perry Yuan,
Dhananjay Ugwekar, Mario Limonciello, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mario Limonciello <mario.limonciello@amd.com>
[ Upstream commit 67c08d303e0a1a5665b3f198037c9fae2d808090 ]
When boost is changed the CPPC value is changed in amd_pstate_cpu_boost_update()
but then changed again when refresh_frequency_limits() and all it's callbacks
occur. The first is a pointless write, so instead just update the limits for
the policy and let the policy refresh anchor everything properly.
Fixes: c8c68c38b56f ("cpufreq: amd-pstate: initialize core precision boost state")
Reviewed-by: Gautham R. Shenoy <gautham.shenoy@amd.com>
Reviewed-by: Perry Yuan <perry.yuan@amd.com>
Tested-by: Dhananjay Ugwekar <dhananjay.ugwekar@amd.com>
Link: https://lore.kernel.org/r/20241012174519.897-2-mario.limonciello@amd.com
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/cpufreq/amd-pstate.c | 24 +-----------------------
1 file changed, 1 insertion(+), 23 deletions(-)
diff --git a/drivers/cpufreq/amd-pstate.c b/drivers/cpufreq/amd-pstate.c
index 929b9097a6c17..62ae4ff290379 100644
--- a/drivers/cpufreq/amd-pstate.c
+++ b/drivers/cpufreq/amd-pstate.c
@@ -698,34 +698,12 @@ static void amd_pstate_adjust_perf(unsigned int cpu,
static int amd_pstate_cpu_boost_update(struct cpufreq_policy *policy, bool on)
{
struct amd_cpudata *cpudata = policy->driver_data;
- struct cppc_perf_ctrls perf_ctrls;
- u32 highest_perf, nominal_perf, nominal_freq, max_freq;
+ u32 nominal_freq, max_freq;
int ret = 0;
- highest_perf = READ_ONCE(cpudata->highest_perf);
- nominal_perf = READ_ONCE(cpudata->nominal_perf);
nominal_freq = READ_ONCE(cpudata->nominal_freq);
max_freq = READ_ONCE(cpudata->max_freq);
- if (boot_cpu_has(X86_FEATURE_CPPC)) {
- u64 value = READ_ONCE(cpudata->cppc_req_cached);
-
- value &= ~GENMASK_ULL(7, 0);
- value |= on ? highest_perf : nominal_perf;
- WRITE_ONCE(cpudata->cppc_req_cached, value);
-
- wrmsrl_on_cpu(cpudata->cpu, MSR_AMD_CPPC_REQ, value);
- } else {
- perf_ctrls.max_perf = on ? highest_perf : nominal_perf;
- ret = cppc_set_perf(cpudata->cpu, &perf_ctrls);
- if (ret) {
- cpufreq_cpu_release(policy);
- pr_debug("Failed to set max perf on CPU:%d. ret:%d\n",
- cpudata->cpu, ret);
- return ret;
- }
- }
-
if (on)
policy->cpuinfo.max_freq = max_freq;
else if (policy->cpuinfo.max_freq > nominal_freq * 1000)
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 110/817] amd-pstate: Set min_perf to nominal_perf for active mode performance gov
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (108 preceding siblings ...)
2024-12-03 14:34 ` [PATCH 6.11 109/817] cpufreq/amd-pstate: Dont update CPPC request in amd_pstate_cpu_boost_update() Greg Kroah-Hartman
@ 2024-12-03 14:34 ` Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 111/817] crypto: hisilicon/qm - disable same error report before resetting Greg Kroah-Hartman
` (716 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:34 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Gautham R. Shenoy, Mario Limonciello,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Gautham R. Shenoy <gautham.shenoy@amd.com>
[ Upstream commit 0c411b39e4f4ce8861301fa201cb4f817751311e ]
The amd-pstate driver sets CPPC_REQ.min_perf to CPPC_REQ.max_perf when
in active mode with performance governor. Typically CPPC_REQ.max_perf
is set to CPPC.highest_perf. This causes frequency throttling on
power-limited platforms which causes performance regressions on
certain classes of workloads.
Hence, set the CPPC_REQ.min_perf to the CPPC.nominal_perf or
CPPC_REQ.max_perf, whichever is lower of the two.
Fixes: ffa5096a7c33 ("cpufreq: amd-pstate: implement Pstate EPP support for the AMD processors")
Signed-off-by: Gautham R. Shenoy <gautham.shenoy@amd.com>
Reviewed-by: Mario Limonciello <mario.limonciello@amd.com>
Link: https://lore.kernel.org/r/20241021101836.9047-2-gautham.shenoy@amd.com
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/cpufreq/amd-pstate.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/cpufreq/amd-pstate.c b/drivers/cpufreq/amd-pstate.c
index 62ae4ff290379..c2d650ac0a9f1 100644
--- a/drivers/cpufreq/amd-pstate.c
+++ b/drivers/cpufreq/amd-pstate.c
@@ -1584,7 +1584,7 @@ static void amd_pstate_epp_update_limit(struct cpufreq_policy *policy)
value = READ_ONCE(cpudata->cppc_req_cached);
if (cpudata->policy == CPUFREQ_POLICY_PERFORMANCE)
- min_perf = max_perf;
+ min_perf = min(cpudata->nominal_perf, max_perf);
/* Initial min/max values for CPPC Performance Controls Register */
value &= ~AMD_CPPC_MIN_PERF(~0L);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 111/817] crypto: hisilicon/qm - disable same error report before resetting
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (109 preceding siblings ...)
2024-12-03 14:34 ` [PATCH 6.11 110/817] amd-pstate: Set min_perf to nominal_perf for active mode performance gov Greg Kroah-Hartman
@ 2024-12-03 14:34 ` Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 112/817] EDAC/igen6: Avoid segmentation fault on module unload Greg Kroah-Hartman
` (715 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:34 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Weili Qian, Herbert Xu, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Weili Qian <qianweili@huawei.com>
[ Upstream commit c418ba6baca3ae10ffaf47b0803d2a9e6bf1af96 ]
If an error indicating that the device needs to be reset is reported,
disable the error reporting before device reset is complete,
enable the error reporting after the reset is complete to prevent
the same error from being reported repeatedly.
Fixes: eaebf4c3b103 ("crypto: hisilicon - Unify hardware error init/uninit into QM")
Signed-off-by: Weili Qian <qianweili@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/hisilicon/hpre/hpre_main.c | 35 ++++++++++++++---
drivers/crypto/hisilicon/qm.c | 47 +++++++----------------
drivers/crypto/hisilicon/sec2/sec_main.c | 35 ++++++++++++++---
drivers/crypto/hisilicon/zip/zip_main.c | 35 ++++++++++++++---
include/linux/hisi_acc_qm.h | 8 +++-
5 files changed, 110 insertions(+), 50 deletions(-)
diff --git a/drivers/crypto/hisilicon/hpre/hpre_main.c b/drivers/crypto/hisilicon/hpre/hpre_main.c
index 6b536ad2ada52..34d30b7838134 100644
--- a/drivers/crypto/hisilicon/hpre/hpre_main.c
+++ b/drivers/crypto/hisilicon/hpre/hpre_main.c
@@ -1280,11 +1280,15 @@ static u32 hpre_get_hw_err_status(struct hisi_qm *qm)
static void hpre_clear_hw_err_status(struct hisi_qm *qm, u32 err_sts)
{
- u32 nfe;
-
writel(err_sts, qm->io_base + HPRE_HAC_SOURCE_INT);
- nfe = hisi_qm_get_hw_info(qm, hpre_basic_info, HPRE_NFE_MASK_CAP, qm->cap_ver);
- writel(nfe, qm->io_base + HPRE_RAS_NFE_ENB);
+}
+
+static void hpre_disable_error_report(struct hisi_qm *qm, u32 err_type)
+{
+ u32 nfe_mask;
+
+ nfe_mask = hisi_qm_get_hw_info(qm, hpre_basic_info, HPRE_NFE_MASK_CAP, qm->cap_ver);
+ writel(nfe_mask & (~err_type), qm->io_base + HPRE_RAS_NFE_ENB);
}
static void hpre_open_axi_master_ooo(struct hisi_qm *qm)
@@ -1298,6 +1302,27 @@ static void hpre_open_axi_master_ooo(struct hisi_qm *qm)
qm->io_base + HPRE_AM_OOO_SHUTDOWN_ENB);
}
+static enum acc_err_result hpre_get_err_result(struct hisi_qm *qm)
+{
+ u32 err_status;
+
+ err_status = hpre_get_hw_err_status(qm);
+ if (err_status) {
+ if (err_status & qm->err_info.ecc_2bits_mask)
+ qm->err_status.is_dev_ecc_mbit = true;
+ hpre_log_hw_error(qm, err_status);
+
+ if (err_status & qm->err_info.dev_reset_mask) {
+ /* Disable the same error reporting until device is recovered. */
+ hpre_disable_error_report(qm, err_status);
+ return ACC_ERR_NEED_RESET;
+ }
+ hpre_clear_hw_err_status(qm, err_status);
+ }
+
+ return ACC_ERR_RECOVERED;
+}
+
static void hpre_err_info_init(struct hisi_qm *qm)
{
struct hisi_qm_err_info *err_info = &qm->err_info;
@@ -1324,12 +1349,12 @@ static const struct hisi_qm_err_ini hpre_err_ini = {
.hw_err_disable = hpre_hw_error_disable,
.get_dev_hw_err_status = hpre_get_hw_err_status,
.clear_dev_hw_err_status = hpre_clear_hw_err_status,
- .log_dev_hw_err = hpre_log_hw_error,
.open_axi_master_ooo = hpre_open_axi_master_ooo,
.open_sva_prefetch = hpre_open_sva_prefetch,
.close_sva_prefetch = hpre_close_sva_prefetch,
.show_last_dfx_regs = hpre_show_last_dfx_regs,
.err_info_init = hpre_err_info_init,
+ .get_err_result = hpre_get_err_result,
};
static int hpre_pf_probe_init(struct hpre *hpre)
diff --git a/drivers/crypto/hisilicon/qm.c b/drivers/crypto/hisilicon/qm.c
index 07983af9e3e22..b18692ee7fd56 100644
--- a/drivers/crypto/hisilicon/qm.c
+++ b/drivers/crypto/hisilicon/qm.c
@@ -271,12 +271,6 @@ enum vft_type {
SHAPER_VFT,
};
-enum acc_err_result {
- ACC_ERR_NONE,
- ACC_ERR_NEED_RESET,
- ACC_ERR_RECOVERED,
-};
-
enum qm_alg_type {
ALG_TYPE_0,
ALG_TYPE_1,
@@ -1425,22 +1419,25 @@ static void qm_log_hw_error(struct hisi_qm *qm, u32 error_status)
static enum acc_err_result qm_hw_error_handle_v2(struct hisi_qm *qm)
{
- u32 error_status, tmp;
-
- /* read err sts */
- tmp = readl(qm->io_base + QM_ABNORMAL_INT_STATUS);
- error_status = qm->error_mask & tmp;
+ u32 error_status;
- if (error_status) {
+ error_status = qm_get_hw_error_status(qm);
+ if (error_status & qm->error_mask) {
if (error_status & QM_ECC_MBIT)
qm->err_status.is_qm_ecc_mbit = true;
qm_log_hw_error(qm, error_status);
- if (error_status & qm->err_info.qm_reset_mask)
+ if (error_status & qm->err_info.qm_reset_mask) {
+ /* Disable the same error reporting until device is recovered. */
+ writel(qm->err_info.nfe & (~error_status),
+ qm->io_base + QM_RAS_NFE_ENABLE);
return ACC_ERR_NEED_RESET;
+ }
+ /* Clear error source if not need reset. */
writel(error_status, qm->io_base + QM_ABNORMAL_INT_SOURCE);
writel(qm->err_info.nfe, qm->io_base + QM_RAS_NFE_ENABLE);
+ writel(qm->err_info.ce, qm->io_base + QM_RAS_CE_ENABLE);
}
return ACC_ERR_RECOVERED;
@@ -3861,30 +3858,12 @@ EXPORT_SYMBOL_GPL(hisi_qm_sriov_configure);
static enum acc_err_result qm_dev_err_handle(struct hisi_qm *qm)
{
- u32 err_sts;
-
- if (!qm->err_ini->get_dev_hw_err_status) {
- dev_err(&qm->pdev->dev, "Device doesn't support get hw error status!\n");
+ if (!qm->err_ini->get_err_result) {
+ dev_err(&qm->pdev->dev, "Device doesn't support reset!\n");
return ACC_ERR_NONE;
}
- /* get device hardware error status */
- err_sts = qm->err_ini->get_dev_hw_err_status(qm);
- if (err_sts) {
- if (err_sts & qm->err_info.ecc_2bits_mask)
- qm->err_status.is_dev_ecc_mbit = true;
-
- if (qm->err_ini->log_dev_hw_err)
- qm->err_ini->log_dev_hw_err(qm, err_sts);
-
- if (err_sts & qm->err_info.dev_reset_mask)
- return ACC_ERR_NEED_RESET;
-
- if (qm->err_ini->clear_dev_hw_err_status)
- qm->err_ini->clear_dev_hw_err_status(qm, err_sts);
- }
-
- return ACC_ERR_RECOVERED;
+ return qm->err_ini->get_err_result(qm);
}
static enum acc_err_result qm_process_dev_error(struct hisi_qm *qm)
diff --git a/drivers/crypto/hisilicon/sec2/sec_main.c b/drivers/crypto/hisilicon/sec2/sec_main.c
index c35533d8930b2..75c25f0d5f2b8 100644
--- a/drivers/crypto/hisilicon/sec2/sec_main.c
+++ b/drivers/crypto/hisilicon/sec2/sec_main.c
@@ -1010,11 +1010,15 @@ static u32 sec_get_hw_err_status(struct hisi_qm *qm)
static void sec_clear_hw_err_status(struct hisi_qm *qm, u32 err_sts)
{
- u32 nfe;
-
writel(err_sts, qm->io_base + SEC_CORE_INT_SOURCE);
- nfe = hisi_qm_get_hw_info(qm, sec_basic_info, SEC_NFE_MASK_CAP, qm->cap_ver);
- writel(nfe, qm->io_base + SEC_RAS_NFE_REG);
+}
+
+static void sec_disable_error_report(struct hisi_qm *qm, u32 err_type)
+{
+ u32 nfe_mask;
+
+ nfe_mask = hisi_qm_get_hw_info(qm, sec_basic_info, SEC_NFE_MASK_CAP, qm->cap_ver);
+ writel(nfe_mask & (~err_type), qm->io_base + SEC_RAS_NFE_REG);
}
static void sec_open_axi_master_ooo(struct hisi_qm *qm)
@@ -1026,6 +1030,27 @@ static void sec_open_axi_master_ooo(struct hisi_qm *qm)
writel(val | SEC_AXI_SHUTDOWN_ENABLE, qm->io_base + SEC_CONTROL_REG);
}
+static enum acc_err_result sec_get_err_result(struct hisi_qm *qm)
+{
+ u32 err_status;
+
+ err_status = sec_get_hw_err_status(qm);
+ if (err_status) {
+ if (err_status & qm->err_info.ecc_2bits_mask)
+ qm->err_status.is_dev_ecc_mbit = true;
+ sec_log_hw_error(qm, err_status);
+
+ if (err_status & qm->err_info.dev_reset_mask) {
+ /* Disable the same error reporting until device is recovered. */
+ sec_disable_error_report(qm, err_status);
+ return ACC_ERR_NEED_RESET;
+ }
+ sec_clear_hw_err_status(qm, err_status);
+ }
+
+ return ACC_ERR_RECOVERED;
+}
+
static void sec_err_info_init(struct hisi_qm *qm)
{
struct hisi_qm_err_info *err_info = &qm->err_info;
@@ -1052,12 +1077,12 @@ static const struct hisi_qm_err_ini sec_err_ini = {
.hw_err_disable = sec_hw_error_disable,
.get_dev_hw_err_status = sec_get_hw_err_status,
.clear_dev_hw_err_status = sec_clear_hw_err_status,
- .log_dev_hw_err = sec_log_hw_error,
.open_axi_master_ooo = sec_open_axi_master_ooo,
.open_sva_prefetch = sec_open_sva_prefetch,
.close_sva_prefetch = sec_close_sva_prefetch,
.show_last_dfx_regs = sec_show_last_dfx_regs,
.err_info_init = sec_err_info_init,
+ .get_err_result = sec_get_err_result,
};
static int sec_pf_probe_init(struct sec_dev *sec)
diff --git a/drivers/crypto/hisilicon/zip/zip_main.c b/drivers/crypto/hisilicon/zip/zip_main.c
index d07e47b48be06..80c2fcb1d26dc 100644
--- a/drivers/crypto/hisilicon/zip/zip_main.c
+++ b/drivers/crypto/hisilicon/zip/zip_main.c
@@ -1059,11 +1059,15 @@ static u32 hisi_zip_get_hw_err_status(struct hisi_qm *qm)
static void hisi_zip_clear_hw_err_status(struct hisi_qm *qm, u32 err_sts)
{
- u32 nfe;
-
writel(err_sts, qm->io_base + HZIP_CORE_INT_SOURCE);
- nfe = hisi_qm_get_hw_info(qm, zip_basic_cap_info, ZIP_NFE_MASK_CAP, qm->cap_ver);
- writel(nfe, qm->io_base + HZIP_CORE_INT_RAS_NFE_ENB);
+}
+
+static void hisi_zip_disable_error_report(struct hisi_qm *qm, u32 err_type)
+{
+ u32 nfe_mask;
+
+ nfe_mask = hisi_qm_get_hw_info(qm, zip_basic_cap_info, ZIP_NFE_MASK_CAP, qm->cap_ver);
+ writel(nfe_mask & (~err_type), qm->io_base + HZIP_CORE_INT_RAS_NFE_ENB);
}
static void hisi_zip_open_axi_master_ooo(struct hisi_qm *qm)
@@ -1093,6 +1097,27 @@ static void hisi_zip_close_axi_master_ooo(struct hisi_qm *qm)
qm->io_base + HZIP_CORE_INT_SET);
}
+static enum acc_err_result hisi_zip_get_err_result(struct hisi_qm *qm)
+{
+ u32 err_status;
+
+ err_status = hisi_zip_get_hw_err_status(qm);
+ if (err_status) {
+ if (err_status & qm->err_info.ecc_2bits_mask)
+ qm->err_status.is_dev_ecc_mbit = true;
+ hisi_zip_log_hw_error(qm, err_status);
+
+ if (err_status & qm->err_info.dev_reset_mask) {
+ /* Disable the same error reporting until device is recovered. */
+ hisi_zip_disable_error_report(qm, err_status);
+ return ACC_ERR_NEED_RESET;
+ }
+ hisi_zip_clear_hw_err_status(qm, err_status);
+ }
+
+ return ACC_ERR_RECOVERED;
+}
+
static void hisi_zip_err_info_init(struct hisi_qm *qm)
{
struct hisi_qm_err_info *err_info = &qm->err_info;
@@ -1120,13 +1145,13 @@ static const struct hisi_qm_err_ini hisi_zip_err_ini = {
.hw_err_disable = hisi_zip_hw_error_disable,
.get_dev_hw_err_status = hisi_zip_get_hw_err_status,
.clear_dev_hw_err_status = hisi_zip_clear_hw_err_status,
- .log_dev_hw_err = hisi_zip_log_hw_error,
.open_axi_master_ooo = hisi_zip_open_axi_master_ooo,
.close_axi_master_ooo = hisi_zip_close_axi_master_ooo,
.open_sva_prefetch = hisi_zip_open_sva_prefetch,
.close_sva_prefetch = hisi_zip_close_sva_prefetch,
.show_last_dfx_regs = hisi_zip_show_last_dfx_regs,
.err_info_init = hisi_zip_err_info_init,
+ .get_err_result = hisi_zip_get_err_result,
};
static int hisi_zip_pf_probe_init(struct hisi_zip *hisi_zip)
diff --git a/include/linux/hisi_acc_qm.h b/include/linux/hisi_acc_qm.h
index 9d7754ad5e9b0..43ad280935e36 100644
--- a/include/linux/hisi_acc_qm.h
+++ b/include/linux/hisi_acc_qm.h
@@ -229,6 +229,12 @@ struct hisi_qm_status {
struct hisi_qm;
+enum acc_err_result {
+ ACC_ERR_NONE,
+ ACC_ERR_NEED_RESET,
+ ACC_ERR_RECOVERED,
+};
+
struct hisi_qm_err_info {
char *acpi_rst;
u32 msi_wr_port;
@@ -257,9 +263,9 @@ struct hisi_qm_err_ini {
void (*close_axi_master_ooo)(struct hisi_qm *qm);
void (*open_sva_prefetch)(struct hisi_qm *qm);
void (*close_sva_prefetch)(struct hisi_qm *qm);
- void (*log_dev_hw_err)(struct hisi_qm *qm, u32 err_sts);
void (*show_last_dfx_regs)(struct hisi_qm *qm);
void (*err_info_init)(struct hisi_qm *qm);
+ enum acc_err_result (*get_err_result)(struct hisi_qm *qm);
};
struct hisi_qm_cap_info {
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 112/817] EDAC/igen6: Avoid segmentation fault on module unload
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (110 preceding siblings ...)
2024-12-03 14:34 ` [PATCH 6.11 111/817] crypto: hisilicon/qm - disable same error report before resetting Greg Kroah-Hartman
@ 2024-12-03 14:34 ` Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 113/817] crypto: qat - Fix missing destroy_workqueue in adf_init_aer() Greg Kroah-Hartman
` (714 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:34 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Orange Kao, Tony Luck, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Orange Kao <orange@aiven.io>
[ Upstream commit fefaae90398d38a1100ccd73b46ab55ff4610fba ]
The segmentation fault happens because:
During modprobe:
1. In igen6_probe(), igen6_pvt will be allocated with kzalloc()
2. In igen6_register_mci(), mci->pvt_info will point to
&igen6_pvt->imc[mc]
During rmmod:
1. In mci_release() in edac_mc.c, it will kfree(mci->pvt_info)
2. In igen6_remove(), it will kfree(igen6_pvt);
Fix this issue by setting mci->pvt_info to NULL to avoid the double
kfree.
Fixes: 10590a9d4f23 ("EDAC/igen6: Add EDAC driver for Intel client SoCs using IBECC")
Closes: https://bugzilla.kernel.org/show_bug.cgi?id=219360
Signed-off-by: Orange Kao <orange@aiven.io>
Signed-off-by: Tony Luck <tony.luck@intel.com>
Link: https://lore.kernel.org/r/20241104124237.124109-2-orange@aiven.io
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/edac/igen6_edac.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/edac/igen6_edac.c b/drivers/edac/igen6_edac.c
index 189a2fc29e74f..07dacf8c10be3 100644
--- a/drivers/edac/igen6_edac.c
+++ b/drivers/edac/igen6_edac.c
@@ -1245,6 +1245,7 @@ static int igen6_register_mci(int mc, u64 mchbar, struct pci_dev *pdev)
imc->mci = mci;
return 0;
fail3:
+ mci->pvt_info = NULL;
kfree(mci->ctl_name);
fail2:
edac_mc_free(mci);
@@ -1269,6 +1270,7 @@ static void igen6_unregister_mcis(void)
edac_mc_del_mc(mci->pdev);
kfree(mci->ctl_name);
+ mci->pvt_info = NULL;
edac_mc_free(mci);
iounmap(imc->window);
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 113/817] crypto: qat - Fix missing destroy_workqueue in adf_init_aer()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (111 preceding siblings ...)
2024-12-03 14:34 ` [PATCH 6.11 112/817] EDAC/igen6: Avoid segmentation fault on module unload Greg Kroah-Hartman
@ 2024-12-03 14:34 ` Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 114/817] crypto: inside-secure - Fix the return value of safexcel_xcbcmac_cra_init() Greg Kroah-Hartman
` (713 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:34 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Wang Hai, Herbert Xu, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Wang Hai <wanghai38@huawei.com>
[ Upstream commit d8920a722a8cec625267c09ed40af8fd433d7f9a ]
The adf_init_aer() won't destroy device_reset_wq when alloc_workqueue()
for device_sriov_wq failed. Add destroy_workqueue for device_reset_wq to
fix this issue.
Fixes: 4469f9b23468 ("crypto: qat - re-enable sriov after pf reset")
Signed-off-by: Wang Hai <wanghai38@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/intel/qat/qat_common/adf_aer.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/crypto/intel/qat/qat_common/adf_aer.c b/drivers/crypto/intel/qat/qat_common/adf_aer.c
index 04260f61d0429..a6db216f5b761 100644
--- a/drivers/crypto/intel/qat/qat_common/adf_aer.c
+++ b/drivers/crypto/intel/qat/qat_common/adf_aer.c
@@ -281,8 +281,11 @@ int adf_init_aer(void)
return -EFAULT;
device_sriov_wq = alloc_workqueue("qat_device_sriov_wq", 0, 0);
- if (!device_sriov_wq)
+ if (!device_sriov_wq) {
+ destroy_workqueue(device_reset_wq);
+ device_reset_wq = NULL;
return -EFAULT;
+ }
return 0;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 114/817] crypto: inside-secure - Fix the return value of safexcel_xcbcmac_cra_init()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (112 preceding siblings ...)
2024-12-03 14:34 ` [PATCH 6.11 113/817] crypto: qat - Fix missing destroy_workqueue in adf_init_aer() Greg Kroah-Hartman
@ 2024-12-03 14:34 ` Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 115/817] sched/cpufreq: Ensure sd is rebuilt for EAS check Greg Kroah-Hartman
` (712 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:34 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Li Huafei, Antoine Tenart,
Herbert Xu, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Li Huafei <lihuafei1@huawei.com>
[ Upstream commit a10549fcce2913be7dc581562ffd8ea35653853e ]
The commit 320406cb60b6 ("crypto: inside-secure - Replace generic aes
with libaes") replaced crypto_alloc_cipher() with kmalloc(), but did not
modify the handling of the return value. When kmalloc() returns NULL,
PTR_ERR_OR_ZERO(NULL) returns 0, but in fact, the memory allocation has
failed, and -ENOMEM should be returned.
Fixes: 320406cb60b6 ("crypto: inside-secure - Replace generic aes with libaes")
Signed-off-by: Li Huafei <lihuafei1@huawei.com>
Acked-by: Antoine Tenart <atenart@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/inside-secure/safexcel_hash.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/crypto/inside-secure/safexcel_hash.c b/drivers/crypto/inside-secure/safexcel_hash.c
index e17577b785c33..f44c08f5f5ec4 100644
--- a/drivers/crypto/inside-secure/safexcel_hash.c
+++ b/drivers/crypto/inside-secure/safexcel_hash.c
@@ -2093,7 +2093,7 @@ static int safexcel_xcbcmac_cra_init(struct crypto_tfm *tfm)
safexcel_ahash_cra_init(tfm);
ctx->aes = kmalloc(sizeof(*ctx->aes), GFP_KERNEL);
- return PTR_ERR_OR_ZERO(ctx->aes);
+ return ctx->aes == NULL ? -ENOMEM : 0;
}
static void safexcel_xcbcmac_cra_exit(struct crypto_tfm *tfm)
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 115/817] sched/cpufreq: Ensure sd is rebuilt for EAS check
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (113 preceding siblings ...)
2024-12-03 14:34 ` [PATCH 6.11 114/817] crypto: inside-secure - Fix the return value of safexcel_xcbcmac_cra_init() Greg Kroah-Hartman
@ 2024-12-03 14:34 ` Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 116/817] doc: rcu: update printed dynticks counter bits Greg Kroah-Hartman
` (711 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:34 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christian Loehle, Rafael J. Wysocki,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Christian Loehle <christian.loehle@arm.com>
[ Upstream commit 70d8b6485b0bcd135b6699fc4252d2272818d1fb ]
Ensure sugov_eas_rebuild_sd() is always called when sugov_init()
succeeds. The out goto initialized sugov without forcing the rebuild.
Previously the missing call to sugov_eas_rebuild_sd() could lead to EAS
not being enabled on boot when it should have been, because it requires
all policies to be controlled by schedutil while they might not have
been initialized yet.
Fixes: e7a1b32e43b1 ("cpufreq: Rebuild sched-domains when removing cpufreq driver")
Signed-off-by: Christian Loehle <christian.loehle@arm.com>
Link: https://patch.msgid.link/35e572d9-1152-406a-9e34-2525f7548af9@arm.com
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/sched/cpufreq_schedutil.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/kernel/sched/cpufreq_schedutil.c b/kernel/sched/cpufreq_schedutil.c
index eece6244f9d2f..9089ba62a2171 100644
--- a/kernel/sched/cpufreq_schedutil.c
+++ b/kernel/sched/cpufreq_schedutil.c
@@ -775,9 +775,8 @@ static int sugov_init(struct cpufreq_policy *policy)
if (ret)
goto fail;
- sugov_eas_rebuild_sd();
-
out:
+ sugov_eas_rebuild_sd();
mutex_unlock(&global_tunables_lock);
return 0;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 116/817] doc: rcu: update printed dynticks counter bits
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (114 preceding siblings ...)
2024-12-03 14:34 ` [PATCH 6.11 115/817] sched/cpufreq: Ensure sd is rebuilt for EAS check Greg Kroah-Hartman
@ 2024-12-03 14:34 ` Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 117/817] rcu/srcutiny: dont return before reenabling preemption Greg Kroah-Hartman
` (710 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:34 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Baruch Siach, Paul E. McKenney,
Neeraj Upadhyay, Frederic Weisbecker, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Baruch Siach <baruch@tkos.co.il>
[ Upstream commit 4a09e358922381f9b258e863bcd9c910584203b9 ]
The stall warning prints 16 bits since commit 171476775d32
("context_tracking: Convert state to atomic_t").
Fixes: 171476775d32 ("context_tracking: Convert state to atomic_t")
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Reviewed-by: "Paul E. McKenney" <paulmck@kernel.org>
Signed-off-by: Neeraj Upadhyay <neeraj.upadhyay@kernel.org>
Signed-off-by: Frederic Weisbecker <frederic@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
Documentation/RCU/stallwarn.rst | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Documentation/RCU/stallwarn.rst b/Documentation/RCU/stallwarn.rst
index ca7b7cd806a16..30080ff6f4062 100644
--- a/Documentation/RCU/stallwarn.rst
+++ b/Documentation/RCU/stallwarn.rst
@@ -249,7 +249,7 @@ ticks this GP)" indicates that this CPU has not taken any scheduling-clock
interrupts during the current stalled grace period.
The "idle=" portion of the message prints the dyntick-idle state.
-The hex number before the first "/" is the low-order 12 bits of the
+The hex number before the first "/" is the low-order 16 bits of the
dynticks counter, which will have an even-numbered value if the CPU
is in dyntick-idle mode and an odd-numbered value otherwise. The hex
number between the two "/"s is the value of the nesting, which will be
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 117/817] rcu/srcutiny: dont return before reenabling preemption
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (115 preceding siblings ...)
2024-12-03 14:34 ` [PATCH 6.11 116/817] doc: rcu: update printed dynticks counter bits Greg Kroah-Hartman
@ 2024-12-03 14:34 ` Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 118/817] rcu/kvfree: Fix data-race in __mod_timer / kvfree_call_rcu Greg Kroah-Hartman
` (709 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:34 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Paul E. McKenney, Michal Schmidt,
Neeraj Upadhyay, Frederic Weisbecker, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michal Schmidt <mschmidt@redhat.com>
[ Upstream commit 0ea3acbc804c2d5a165442cdf9c0526f4d324888 ]
Code after the return statement is dead. Enable preemption before
returning from srcu_drive_gp().
This will be important when/if PREEMPT_AUTO (lazy resched) gets merged.
Fixes: 65b4a59557f6 ("srcu: Make Tiny SRCU explicitly disable preemption")
Reviewed-by: Paul E. McKenney <paulmck@kernel.org>
Signed-off-by: Michal Schmidt <mschmidt@redhat.com>
Reviewed-by: Neeraj Upadhyay <Neeraj.Upadhyay@amd.com>
Signed-off-by: Frederic Weisbecker <frederic@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/rcu/srcutiny.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/rcu/srcutiny.c b/kernel/rcu/srcutiny.c
index 549c03336ee97..4dcbf8aa80ff7 100644
--- a/kernel/rcu/srcutiny.c
+++ b/kernel/rcu/srcutiny.c
@@ -122,8 +122,8 @@ void srcu_drive_gp(struct work_struct *wp)
ssp = container_of(wp, struct srcu_struct, srcu_work);
preempt_disable(); // Needed for PREEMPT_AUTO
if (ssp->srcu_gp_running || ULONG_CMP_GE(ssp->srcu_idx, READ_ONCE(ssp->srcu_idx_max))) {
- return; /* Already running or nothing to do. */
preempt_enable();
+ return; /* Already running or nothing to do. */
}
/* Remove recently arrived callbacks and wait for readers. */
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 118/817] rcu/kvfree: Fix data-race in __mod_timer / kvfree_call_rcu
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (116 preceding siblings ...)
2024-12-03 14:34 ` [PATCH 6.11 117/817] rcu/srcutiny: dont return before reenabling preemption Greg Kroah-Hartman
@ 2024-12-03 14:34 ` Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 119/817] hwmon: (pmbus/core) clear faults after setting smbalert mask Greg Kroah-Hartman
` (708 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:34 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+061d370693bdd99f9d34,
Uladzislau Rezki (Sony), Neeraj Upadhyay, Frederic Weisbecker,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Uladzislau Rezki (Sony) <urezki@gmail.com>
[ Upstream commit a23da88c6c80e41e0503e0b481a22c9eea63f263 ]
KCSAN reports a data race when access the krcp->monitor_work.timer.expires
variable in the schedule_delayed_monitor_work() function:
<snip>
BUG: KCSAN: data-race in __mod_timer / kvfree_call_rcu
read to 0xffff888237d1cce8 of 8 bytes by task 10149 on cpu 1:
schedule_delayed_monitor_work kernel/rcu/tree.c:3520 [inline]
kvfree_call_rcu+0x3b8/0x510 kernel/rcu/tree.c:3839
trie_update_elem+0x47c/0x620 kernel/bpf/lpm_trie.c:441
bpf_map_update_value+0x324/0x350 kernel/bpf/syscall.c:203
generic_map_update_batch+0x401/0x520 kernel/bpf/syscall.c:1849
bpf_map_do_batch+0x28c/0x3f0 kernel/bpf/syscall.c:5143
__sys_bpf+0x2e5/0x7a0
__do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
__x64_sys_bpf+0x43/0x50 kernel/bpf/syscall.c:5739
x64_sys_call+0x2625/0x2d60 arch/x86/include/generated/asm/syscalls_64.h:322
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xc9/0x1c0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
write to 0xffff888237d1cce8 of 8 bytes by task 56 on cpu 0:
__mod_timer+0x578/0x7f0 kernel/time/timer.c:1173
add_timer_global+0x51/0x70 kernel/time/timer.c:1330
__queue_delayed_work+0x127/0x1a0 kernel/workqueue.c:2523
queue_delayed_work_on+0xdf/0x190 kernel/workqueue.c:2552
queue_delayed_work include/linux/workqueue.h:677 [inline]
schedule_delayed_monitor_work kernel/rcu/tree.c:3525 [inline]
kfree_rcu_monitor+0x5e8/0x660 kernel/rcu/tree.c:3643
process_one_work kernel/workqueue.c:3229 [inline]
process_scheduled_works+0x483/0x9a0 kernel/workqueue.c:3310
worker_thread+0x51d/0x6f0 kernel/workqueue.c:3391
kthread+0x1d1/0x210 kernel/kthread.c:389
ret_from_fork+0x4b/0x60 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 56 Comm: kworker/u8:4 Not tainted 6.12.0-rc2-syzkaller-00050-g5b7c893ed5ed #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Workqueue: events_unbound kfree_rcu_monitor
<snip>
kfree_rcu_monitor() rearms the work if a "krcp" has to be still
offloaded and this is done without holding krcp->lock, whereas
the kvfree_call_rcu() holds it.
Fix it by acquiring the "krcp->lock" for kfree_rcu_monitor() so
both functions do not race anymore.
Reported-by: syzbot+061d370693bdd99f9d34@syzkaller.appspotmail.com
Link: https://lore.kernel.org/lkml/ZxZ68KmHDQYU0yfD@pc636/T/
Fixes: 8fc5494ad5fa ("rcu/kvfree: Move need_offload_krc() out of krcp->lock")
Signed-off-by: Uladzislau Rezki (Sony) <urezki@gmail.com>
Reviewed-by: Neeraj Upadhyay <Neeraj.Upadhyay@amd.com>
Signed-off-by: Frederic Weisbecker <frederic@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/rcu/tree.c | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/kernel/rcu/tree.c b/kernel/rcu/tree.c
index 8af1354b22319..34f47c5b98216 100644
--- a/kernel/rcu/tree.c
+++ b/kernel/rcu/tree.c
@@ -3531,7 +3531,7 @@ static int krc_count(struct kfree_rcu_cpu *krcp)
}
static void
-schedule_delayed_monitor_work(struct kfree_rcu_cpu *krcp)
+__schedule_delayed_monitor_work(struct kfree_rcu_cpu *krcp)
{
long delay, delay_left;
@@ -3545,6 +3545,16 @@ schedule_delayed_monitor_work(struct kfree_rcu_cpu *krcp)
queue_delayed_work(system_wq, &krcp->monitor_work, delay);
}
+static void
+schedule_delayed_monitor_work(struct kfree_rcu_cpu *krcp)
+{
+ unsigned long flags;
+
+ raw_spin_lock_irqsave(&krcp->lock, flags);
+ __schedule_delayed_monitor_work(krcp);
+ raw_spin_unlock_irqrestore(&krcp->lock, flags);
+}
+
static void
kvfree_rcu_drain_ready(struct kfree_rcu_cpu *krcp)
{
@@ -3855,7 +3865,7 @@ void kvfree_call_rcu(struct rcu_head *head, void *ptr)
// Set timer to drain after KFREE_DRAIN_JIFFIES.
if (rcu_scheduler_active == RCU_SCHEDULER_RUNNING)
- schedule_delayed_monitor_work(krcp);
+ __schedule_delayed_monitor_work(krcp);
unlock_return:
krc_this_cpu_unlock(krcp, flags);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 119/817] hwmon: (pmbus/core) clear faults after setting smbalert mask
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (117 preceding siblings ...)
2024-12-03 14:34 ` [PATCH 6.11 118/817] rcu/kvfree: Fix data-race in __mod_timer / kvfree_call_rcu Greg Kroah-Hartman
@ 2024-12-03 14:34 ` Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 120/817] hwmon: (nct6775-core) Fix overflows seen when writing limit attributes Greg Kroah-Hartman
` (707 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:34 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Guenter Roeck, Jerome Brunet,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jerome Brunet <jbrunet@baylibre.com>
[ Upstream commit 509c3a362675bc995771df74d545548f98e37621 ]
pmbus_write_smbalert_mask() ignores the errors if the chip can't set
smbalert mask the standard way. It is not necessarily a problem for the irq
support if the chip is otherwise properly setup but it may leave an
uncleared fault behind.
pmbus_core will pick the fault on the next register_check(). The register
check will fails regardless of the actual register support by the chip.
This leads to missing attributes or debugfs entries for chips that should
provide them.
We cannot rely on register_check() as PMBUS_SMBALERT_MASK may be read-only.
Unconditionally clear the page fault after setting PMBUS_SMBALERT_MASK to
avoid the problem.
Suggested-by: Guenter Roeck <linux@roeck-us.net>
Fixes: 221819ca4c36 ("hwmon: (pmbus/core) Add interrupt support")
Signed-off-by: Jerome Brunet <jbrunet@baylibre.com>
Message-ID: <20241105-tps25990-v4-5-0e312ac70b62@baylibre.com>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hwmon/pmbus/pmbus_core.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/drivers/hwmon/pmbus/pmbus_core.c b/drivers/hwmon/pmbus/pmbus_core.c
index e592446b26653..019c5982ba564 100644
--- a/drivers/hwmon/pmbus/pmbus_core.c
+++ b/drivers/hwmon/pmbus/pmbus_core.c
@@ -3199,7 +3199,17 @@ static int pmbus_regulator_notify(struct pmbus_data *data, int page, int event)
static int pmbus_write_smbalert_mask(struct i2c_client *client, u8 page, u8 reg, u8 val)
{
- return _pmbus_write_word_data(client, page, PMBUS_SMBALERT_MASK, reg | (val << 8));
+ int ret;
+
+ ret = _pmbus_write_word_data(client, page, PMBUS_SMBALERT_MASK, reg | (val << 8));
+
+ /*
+ * Clear fault systematically in case writing PMBUS_SMBALERT_MASK
+ * is not supported by the chip.
+ */
+ pmbus_clear_fault_page(client, page);
+
+ return ret;
}
static irqreturn_t pmbus_fault_handler(int irq, void *pdata)
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 120/817] hwmon: (nct6775-core) Fix overflows seen when writing limit attributes
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (118 preceding siblings ...)
2024-12-03 14:34 ` [PATCH 6.11 119/817] hwmon: (pmbus/core) clear faults after setting smbalert mask Greg Kroah-Hartman
@ 2024-12-03 14:34 ` Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 121/817] ACPI: CPPC: Fix _CPC register setting issue Greg Kroah-Hartman
` (706 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:34 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Pei Xiao, Guenter Roeck, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Pei Xiao <xiaopei01@kylinos.cn>
[ Upstream commit 57ee12b6c514146c19b6a159013b48727a012960 ]
DIV_ROUND_CLOSEST() after kstrtoul() results in an overflow if a large
number such as 18446744073709551615 is provided by the user.
Fix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.
Signed-off-by: Pei Xiao <xiaopei01@kylinos.cn>
Fixes: c3963bc0a0cf ("hwmon: (nct6775) Split core and platform driver")
Message-ID: <7d5084cea33f7c0fd0578c59adfff71f93de94d9.1731375425.git.xiaopei01@kylinos.cn>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hwmon/nct6775-core.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/drivers/hwmon/nct6775-core.c b/drivers/hwmon/nct6775-core.c
index 934fed3dd5866..ee04795b98aab 100644
--- a/drivers/hwmon/nct6775-core.c
+++ b/drivers/hwmon/nct6775-core.c
@@ -2878,8 +2878,7 @@ store_target_temp(struct device *dev, struct device_attribute *attr,
if (err < 0)
return err;
- val = clamp_val(DIV_ROUND_CLOSEST(val, 1000), 0,
- data->target_temp_mask);
+ val = DIV_ROUND_CLOSEST(clamp_val(val, 0, data->target_temp_mask * 1000), 1000);
mutex_lock(&data->update_lock);
data->target_temp[nr] = val;
@@ -2959,7 +2958,7 @@ store_temp_tolerance(struct device *dev, struct device_attribute *attr,
return err;
/* Limit tolerance as needed */
- val = clamp_val(DIV_ROUND_CLOSEST(val, 1000), 0, data->tolerance_mask);
+ val = DIV_ROUND_CLOSEST(clamp_val(val, 0, data->tolerance_mask * 1000), 1000);
mutex_lock(&data->update_lock);
data->temp_tolerance[index][nr] = val;
@@ -3085,7 +3084,7 @@ store_weight_temp(struct device *dev, struct device_attribute *attr,
if (err < 0)
return err;
- val = clamp_val(DIV_ROUND_CLOSEST(val, 1000), 0, 255);
+ val = DIV_ROUND_CLOSEST(clamp_val(val, 0, 255000), 1000);
mutex_lock(&data->update_lock);
data->weight_temp[index][nr] = val;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 121/817] ACPI: CPPC: Fix _CPC register setting issue
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (119 preceding siblings ...)
2024-12-03 14:34 ` [PATCH 6.11 120/817] hwmon: (nct6775-core) Fix overflows seen when writing limit attributes Greg Kroah-Hartman
@ 2024-12-03 14:34 ` Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 122/817] crypto: caam - add error check to caam_rsa_set_priv_key_form Greg Kroah-Hartman
` (705 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:34 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Lifeng Zheng, Rafael J. Wysocki,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Lifeng Zheng <zhenglifeng1@huawei.com>
[ Upstream commit 2388b266c9fcc7c9169ba85c7f9ebe325b7622d7 ]
Since commit 60949b7b8054 ("ACPI: CPPC: Fix MASK_VAL() usage"), _CPC
registers cannot be changed from 1 to 0.
It turns out that there is an extra OR after MASK_VAL_WRITE(), which
has already ORed prev_val with the register mask.
Remove the extra OR to fix the problem.
Fixes: 60949b7b8054 ("ACPI: CPPC: Fix MASK_VAL() usage")
Signed-off-by: Lifeng Zheng <zhenglifeng1@huawei.com>
Link: https://patch.msgid.link/20241113103309.761031-1-zhenglifeng1@huawei.com
[ rjw: Subject and changelog edits ]
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/acpi/cppc_acpi.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/acpi/cppc_acpi.c b/drivers/acpi/cppc_acpi.c
index 544f53ae9cc0c..3a39c0a04163c 100644
--- a/drivers/acpi/cppc_acpi.c
+++ b/drivers/acpi/cppc_acpi.c
@@ -1146,7 +1146,6 @@ static int cpc_write(int cpu, struct cpc_register_resource *reg_res, u64 val)
return -EFAULT;
}
val = MASK_VAL_WRITE(reg, prev_val, val);
- val |= prev_val;
}
switch (size) {
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 122/817] crypto: caam - add error check to caam_rsa_set_priv_key_form
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (120 preceding siblings ...)
2024-12-03 14:34 ` [PATCH 6.11 121/817] ACPI: CPPC: Fix _CPC register setting issue Greg Kroah-Hartman
@ 2024-12-03 14:34 ` Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 123/817] crypto: bcm - add error check in the ahash_hmac_init function Greg Kroah-Hartman
` (704 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:34 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Chen Ridong, Gaurav Jain,
Horia Geantă, Herbert Xu, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chen Ridong <chenridong@huawei.com>
[ Upstream commit b64140c74e954f1db6eae5548ca3a1f41b6fad79 ]
The caam_rsa_set_priv_key_form did not check for memory allocation errors.
Add the checks to the caam_rsa_set_priv_key_form functions.
Fixes: 52e26d77b8b3 ("crypto: caam - add support for RSA key form 2")
Signed-off-by: Chen Ridong <chenridong@huawei.com>
Reviewed-by: Gaurav Jain <gaurav.jain@nxp.com>
Reviewed-by: Horia Geantă <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/caam/caampkc.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/drivers/crypto/caam/caampkc.c b/drivers/crypto/caam/caampkc.c
index 887a5f2fb9279..cb001aa1de661 100644
--- a/drivers/crypto/caam/caampkc.c
+++ b/drivers/crypto/caam/caampkc.c
@@ -984,7 +984,7 @@ static int caam_rsa_set_pub_key(struct crypto_akcipher *tfm, const void *key,
return -ENOMEM;
}
-static void caam_rsa_set_priv_key_form(struct caam_rsa_ctx *ctx,
+static int caam_rsa_set_priv_key_form(struct caam_rsa_ctx *ctx,
struct rsa_key *raw_key)
{
struct caam_rsa_key *rsa_key = &ctx->key;
@@ -994,7 +994,7 @@ static void caam_rsa_set_priv_key_form(struct caam_rsa_ctx *ctx,
rsa_key->p = caam_read_raw_data(raw_key->p, &p_sz);
if (!rsa_key->p)
- return;
+ return -ENOMEM;
rsa_key->p_sz = p_sz;
rsa_key->q = caam_read_raw_data(raw_key->q, &q_sz);
@@ -1029,7 +1029,7 @@ static void caam_rsa_set_priv_key_form(struct caam_rsa_ctx *ctx,
rsa_key->priv_form = FORM3;
- return;
+ return 0;
free_dq:
kfree_sensitive(rsa_key->dq);
@@ -1043,6 +1043,7 @@ static void caam_rsa_set_priv_key_form(struct caam_rsa_ctx *ctx,
kfree_sensitive(rsa_key->q);
free_p:
kfree_sensitive(rsa_key->p);
+ return -ENOMEM;
}
static int caam_rsa_set_priv_key(struct crypto_akcipher *tfm, const void *key,
@@ -1088,7 +1089,9 @@ static int caam_rsa_set_priv_key(struct crypto_akcipher *tfm, const void *key,
rsa_key->e_sz = raw_key.e_sz;
rsa_key->n_sz = raw_key.n_sz;
- caam_rsa_set_priv_key_form(ctx, &raw_key);
+ ret = caam_rsa_set_priv_key_form(ctx, &raw_key);
+ if (ret)
+ goto err;
return 0;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 123/817] crypto: bcm - add error check in the ahash_hmac_init function
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (121 preceding siblings ...)
2024-12-03 14:34 ` [PATCH 6.11 122/817] crypto: caam - add error check to caam_rsa_set_priv_key_form Greg Kroah-Hartman
@ 2024-12-03 14:34 ` Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 124/817] crypto: aes-gcm-p10 - Use the correct bit to test for P10 Greg Kroah-Hartman
` (703 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:34 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Chen Ridong, Herbert Xu, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chen Ridong <chenridong@huawei.com>
[ Upstream commit 19630cf57233e845b6ac57c9c969a4888925467b ]
The ahash_init functions may return fails. The ahash_hmac_init should
not return ok when ahash_init returns error. For an example, ahash_init
will return -ENOMEM when allocation memory is error.
Fixes: 9d12ba86f818 ("crypto: brcm - Add Broadcom SPU driver")
Signed-off-by: Chen Ridong <chenridong@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/bcm/cipher.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/crypto/bcm/cipher.c b/drivers/crypto/bcm/cipher.c
index 1a3ecd44cbaf6..20f6453670aa4 100644
--- a/drivers/crypto/bcm/cipher.c
+++ b/drivers/crypto/bcm/cipher.c
@@ -2415,6 +2415,7 @@ static int ahash_hmac_setkey(struct crypto_ahash *ahash, const u8 *key,
static int ahash_hmac_init(struct ahash_request *req)
{
+ int ret;
struct iproc_reqctx_s *rctx = ahash_request_ctx(req);
struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
struct iproc_ctx_s *ctx = crypto_ahash_ctx(tfm);
@@ -2424,7 +2425,9 @@ static int ahash_hmac_init(struct ahash_request *req)
flow_log("ahash_hmac_init()\n");
/* init the context as a hash */
- ahash_init(req);
+ ret = ahash_init(req);
+ if (ret)
+ return ret;
if (!spu_no_incr_hash(ctx)) {
/* SPU-M can do incr hashing but needs sw for outer HMAC */
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 124/817] crypto: aes-gcm-p10 - Use the correct bit to test for P10
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (122 preceding siblings ...)
2024-12-03 14:34 ` [PATCH 6.11 123/817] crypto: bcm - add error check in the ahash_hmac_init function Greg Kroah-Hartman
@ 2024-12-03 14:34 ` Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 125/817] crypto: cavium - Fix an error handling path in cpt_ucode_load_fw() Greg Kroah-Hartman
` (702 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:34 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Nicolai Stange, Michal Suchanek,
Herbert Xu, Sasha Levin, Michael Ellerman
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michal Suchanek <msuchanek@suse.de>
[ Upstream commit 3574a5168ff3b6bddc4cd235878491f75967c8d4 ]
A hwcap feature bit is passed to cpu_has_feature, resulting in testing
for CPU_FTR_MMCRA instead of the 3.1 platform revision.
Fixes: c954b252dee9 ("crypto: powerpc/p10-aes-gcm - Register modules as SIMD")
Reported-by: Nicolai Stange <nstange@suse.com>
Signed-off-by: Michal Suchanek <msuchanek@suse.de>
Acked-by: Michael Ellerman <mpe@ellerman.id.au> (powerpc)
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/crypto/aes-gcm-p10-glue.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/powerpc/crypto/aes-gcm-p10-glue.c b/arch/powerpc/crypto/aes-gcm-p10-glue.c
index e52629334cf80..1f8b677756582 100644
--- a/arch/powerpc/crypto/aes-gcm-p10-glue.c
+++ b/arch/powerpc/crypto/aes-gcm-p10-glue.c
@@ -414,7 +414,7 @@ static int __init p10_init(void)
{
int ret;
- if (!cpu_has_feature(PPC_FEATURE2_ARCH_3_1))
+ if (!cpu_has_feature(CPU_FTR_ARCH_31))
return 0;
ret = simd_register_aeads_compat(gcm_aes_algs,
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 125/817] crypto: cavium - Fix an error handling path in cpt_ucode_load_fw()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (123 preceding siblings ...)
2024-12-03 14:34 ` [PATCH 6.11 124/817] crypto: aes-gcm-p10 - Use the correct bit to test for P10 Greg Kroah-Hartman
@ 2024-12-03 14:34 ` Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 126/817] rcuscale: Do a proper cleanup if kfree_scale_init() fails Greg Kroah-Hartman
` (701 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:34 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christophe JAILLET, Herbert Xu,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit 572b7cf08403b6c67dfe0dc3e0f2efb42443254f ]
If do_cpt_init() fails, a previous dma_alloc_coherent() call needs to be
undone.
Add the needed dma_free_coherent() before returning.
Fixes: 9e2c7d99941d ("crypto: cavium - Add Support for Octeon-tx CPT Engine")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/cavium/cpt/cptpf_main.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/crypto/cavium/cpt/cptpf_main.c b/drivers/crypto/cavium/cpt/cptpf_main.c
index ec17beee24c07..54de869e5374c 100644
--- a/drivers/crypto/cavium/cpt/cptpf_main.c
+++ b/drivers/crypto/cavium/cpt/cptpf_main.c
@@ -302,6 +302,8 @@ static int cpt_ucode_load_fw(struct cpt_device *cpt, const u8 *fw, bool is_ae)
ret = do_cpt_init(cpt, mcode);
if (ret) {
+ dma_free_coherent(&cpt->pdev->dev, mcode->code_size,
+ mcode->code, mcode->phys_base);
dev_err(dev, "do_cpt_init failed with ret: %d\n", ret);
goto fw_release;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 126/817] rcuscale: Do a proper cleanup if kfree_scale_init() fails
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (124 preceding siblings ...)
2024-12-03 14:34 ` [PATCH 6.11 125/817] crypto: cavium - Fix an error handling path in cpt_ucode_load_fw() Greg Kroah-Hartman
@ 2024-12-03 14:34 ` Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 127/817] tools/lib/thermal: Make more generic the command encoding function Greg Kroah-Hartman
` (700 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:34 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dan Carpenter, Paul E. McKenney,
Neeraj Upadhyay, Uladzislau Rezki (Sony), Frederic Weisbecker,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Uladzislau Rezki (Sony) <urezki@gmail.com>
[ Upstream commit 812a1c3b9f7c36d9255f0d29d0a3d324e2f52321 ]
A static analyzer for C, Smatch, reports and triggers below
warnings:
kernel/rcu/rcuscale.c:1215 rcu_scale_init()
warn: inconsistent returns 'global &fullstop_mutex'.
The checker complains about, we do not unlock the "fullstop_mutex"
mutex, in case of hitting below error path:
<snip>
...
if (WARN_ON_ONCE(jiffies_at_lazy_cb - jif_start < 2 * HZ)) {
pr_alert("ERROR: call_rcu() CBs are not being lazy as expected!\n");
WARN_ON_ONCE(1);
return -1;
^^^^^^^^^^
...
<snip>
it happens because "-1" is returned right away instead of
doing a proper unwinding.
Fix it by jumping to "unwind" label instead of returning -1.
Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Reviewed-by: Paul E. McKenney <paulmck@kernel.org>
Reviewed-by: Neeraj Upadhyay <Neeraj.Upadhyay@amd.com>
Closes: https://lore.kernel.org/rcu/ZxfTrHuEGtgnOYWp@pc636/T/
Fixes: 084e04fff160 ("rcuscale: Add laziness and kfree tests")
Signed-off-by: Uladzislau Rezki (Sony) <urezki@gmail.com>
Signed-off-by: Frederic Weisbecker <frederic@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/rcu/rcuscale.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/kernel/rcu/rcuscale.c b/kernel/rcu/rcuscale.c
index f88c75b3cea3b..31d480b533033 100644
--- a/kernel/rcu/rcuscale.c
+++ b/kernel/rcu/rcuscale.c
@@ -781,13 +781,15 @@ kfree_scale_init(void)
if (WARN_ON_ONCE(jiffies_at_lazy_cb - jif_start < 2 * HZ)) {
pr_alert("ERROR: call_rcu() CBs are not being lazy as expected!\n");
WARN_ON_ONCE(1);
- return -1;
+ firsterr = -1;
+ goto unwind;
}
if (WARN_ON_ONCE(jiffies_at_lazy_cb - jif_start > 3 * HZ)) {
pr_alert("ERROR: call_rcu() CBs are being too lazy!\n");
WARN_ON_ONCE(1);
- return -1;
+ firsterr = -1;
+ goto unwind;
}
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 127/817] tools/lib/thermal: Make more generic the command encoding function
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (125 preceding siblings ...)
2024-12-03 14:34 ` [PATCH 6.11 126/817] rcuscale: Do a proper cleanup if kfree_scale_init() fails Greg Kroah-Hartman
@ 2024-12-03 14:34 ` Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 128/817] thermal/lib: Fix memory leak on error in thermal_genl_auto() Greg Kroah-Hartman
` (699 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:34 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Daniel Lezcano, Lukasz Luba,
Rafael J. Wysocki, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Daniel Lezcano <daniel.lezcano@linaro.org>
[ Upstream commit 24b216b2d13568c703a76137ef54a2a9531a71d8 ]
The thermal netlink has been extended with more commands which require
an encoding with more information. The generic encoding function puts
the thermal zone id with the command name. It is the unique
parameters.
The next changes will provide more parameters to the command. Set the
scene for those new parameters by making the encoding function more
generic.
Signed-off-by: Daniel Lezcano <daniel.lezcano@linaro.org>
Reviewed-by: Lukasz Luba <lukasz.luba@arm.com>
Link: https://patch.msgid.link/20241022155147.463475-4-daniel.lezcano@linaro.org
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Stable-dep-of: 7569406e95f2 ("thermal/lib: Fix memory leak on error in thermal_genl_auto()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/lib/thermal/commands.c | 41 ++++++++++++++++++++++++++++--------
1 file changed, 32 insertions(+), 9 deletions(-)
diff --git a/tools/lib/thermal/commands.c b/tools/lib/thermal/commands.c
index 73d4d4e8d6ec0..a9223df91dcf5 100644
--- a/tools/lib/thermal/commands.c
+++ b/tools/lib/thermal/commands.c
@@ -261,8 +261,23 @@ static struct genl_ops thermal_cmd_ops = {
.o_ncmds = ARRAY_SIZE(thermal_cmds),
};
-static thermal_error_t thermal_genl_auto(struct thermal_handler *th, int id, int cmd,
- int flags, void *arg)
+struct cmd_param {
+ int tz_id;
+};
+
+typedef int (*cmd_cb_t)(struct nl_msg *, struct cmd_param *);
+
+static int thermal_genl_tz_id_encode(struct nl_msg *msg, struct cmd_param *p)
+{
+ if (p->tz_id >= 0 && nla_put_u32(msg, THERMAL_GENL_ATTR_TZ_ID, p->tz_id))
+ return -1;
+
+ return 0;
+}
+
+static thermal_error_t thermal_genl_auto(struct thermal_handler *th, cmd_cb_t cmd_cb,
+ struct cmd_param *param,
+ int cmd, int flags, void *arg)
{
struct nl_msg *msg;
void *hdr;
@@ -276,7 +291,7 @@ static thermal_error_t thermal_genl_auto(struct thermal_handler *th, int id, int
if (!hdr)
return THERMAL_ERROR;
- if (id >= 0 && nla_put_u32(msg, THERMAL_GENL_ATTR_TZ_ID, id))
+ if (cmd_cb && cmd_cb(msg, param))
return THERMAL_ERROR;
if (nl_send_msg(th->sk_cmd, th->cb_cmd, msg, genl_handle_msg, arg))
@@ -289,30 +304,38 @@ static thermal_error_t thermal_genl_auto(struct thermal_handler *th, int id, int
thermal_error_t thermal_cmd_get_tz(struct thermal_handler *th, struct thermal_zone **tz)
{
- return thermal_genl_auto(th, -1, THERMAL_GENL_CMD_TZ_GET_ID,
+ return thermal_genl_auto(th, NULL, NULL, THERMAL_GENL_CMD_TZ_GET_ID,
NLM_F_DUMP | NLM_F_ACK, tz);
}
thermal_error_t thermal_cmd_get_cdev(struct thermal_handler *th, struct thermal_cdev **tc)
{
- return thermal_genl_auto(th, -1, THERMAL_GENL_CMD_CDEV_GET,
+ return thermal_genl_auto(th, NULL, NULL, THERMAL_GENL_CMD_CDEV_GET,
NLM_F_DUMP | NLM_F_ACK, tc);
}
thermal_error_t thermal_cmd_get_trip(struct thermal_handler *th, struct thermal_zone *tz)
{
- return thermal_genl_auto(th, tz->id, THERMAL_GENL_CMD_TZ_GET_TRIP,
- 0, tz);
+ struct cmd_param p = { .tz_id = tz->id };
+
+ return thermal_genl_auto(th, thermal_genl_tz_id_encode, &p,
+ THERMAL_GENL_CMD_TZ_GET_TRIP, 0, tz);
}
thermal_error_t thermal_cmd_get_governor(struct thermal_handler *th, struct thermal_zone *tz)
{
- return thermal_genl_auto(th, tz->id, THERMAL_GENL_CMD_TZ_GET_GOV, 0, tz);
+ struct cmd_param p = { .tz_id = tz->id };
+
+ return thermal_genl_auto(th, thermal_genl_tz_id_encode, &p,
+ THERMAL_GENL_CMD_TZ_GET_GOV, 0, tz);
}
thermal_error_t thermal_cmd_get_temp(struct thermal_handler *th, struct thermal_zone *tz)
{
- return thermal_genl_auto(th, tz->id, THERMAL_GENL_CMD_TZ_GET_TEMP, 0, tz);
+ struct cmd_param p = { .tz_id = tz->id };
+
+ return thermal_genl_auto(th, thermal_genl_tz_id_encode, &p,
+ THERMAL_GENL_CMD_TZ_GET_TEMP, 0, tz);
}
thermal_error_t thermal_cmd_exit(struct thermal_handler *th)
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 128/817] thermal/lib: Fix memory leak on error in thermal_genl_auto()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (126 preceding siblings ...)
2024-12-03 14:34 ` [PATCH 6.11 127/817] tools/lib/thermal: Make more generic the command encoding function Greg Kroah-Hartman
@ 2024-12-03 14:35 ` Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 129/817] x86/unwind/orc: Fix unwind for newly forked tasks Greg Kroah-Hartman
` (698 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:35 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Daniel Lezcano, Lukasz Luba,
Rafael J. Wysocki, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Daniel Lezcano <daniel.lezcano@linaro.org>
[ Upstream commit 7569406e95f2353070d88ebc88e8c13698542317 ]
The function thermal_genl_auto() does not free the allocated message
in the error path. Fix that by putting a out label and jump to it
which will free the message instead of directly returning an error.
Fixes: 47c4b0de080a ("tools/lib/thermal: Add a thermal library")
Reported-by: Lukasz Luba <lukasz.luba@arm.com>\a
Signed-off-by: Daniel Lezcano <daniel.lezcano@linaro.org>
Reviewed-by: Lukasz Luba <lukasz.luba@arm.com>
Link: https://patch.msgid.link/20241024105938.1095358-1-daniel.lezcano@linaro.org
[ rjw: Fixed up the !msg error path, added Fixes tag ]
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/lib/thermal/commands.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/tools/lib/thermal/commands.c b/tools/lib/thermal/commands.c
index a9223df91dcf5..27b4442f0e347 100644
--- a/tools/lib/thermal/commands.c
+++ b/tools/lib/thermal/commands.c
@@ -279,6 +279,7 @@ static thermal_error_t thermal_genl_auto(struct thermal_handler *th, cmd_cb_t cm
struct cmd_param *param,
int cmd, int flags, void *arg)
{
+ thermal_error_t ret = THERMAL_ERROR;
struct nl_msg *msg;
void *hdr;
@@ -289,17 +290,19 @@ static thermal_error_t thermal_genl_auto(struct thermal_handler *th, cmd_cb_t cm
hdr = genlmsg_put(msg, NL_AUTO_PORT, NL_AUTO_SEQ, thermal_cmd_ops.o_id,
0, flags, cmd, THERMAL_GENL_VERSION);
if (!hdr)
- return THERMAL_ERROR;
+ goto out;
if (cmd_cb && cmd_cb(msg, param))
- return THERMAL_ERROR;
+ goto out;
if (nl_send_msg(th->sk_cmd, th->cb_cmd, msg, genl_handle_msg, arg))
- return THERMAL_ERROR;
+ goto out;
+ ret = THERMAL_SUCCESS;
+out:
nlmsg_free(msg);
- return THERMAL_SUCCESS;
+ return ret;
}
thermal_error_t thermal_cmd_get_tz(struct thermal_handler *th, struct thermal_zone **tz)
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 129/817] x86/unwind/orc: Fix unwind for newly forked tasks
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (127 preceding siblings ...)
2024-12-03 14:35 ` [PATCH 6.11 128/817] thermal/lib: Fix memory leak on error in thermal_genl_auto() Greg Kroah-Hartman
@ 2024-12-03 14:35 ` Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 130/817] Revert "scripts/faddr2line: Check only two symbols when calculating symbol size" Greg Kroah-Hartman
` (697 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:35 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zheng Yejian, Josh Poimboeuf,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zheng Yejian <zhengyejian@huaweicloud.com>
[ Upstream commit 3bf19a0fb690022ec22ce87a5afeb1030cbcb56c ]
When arch_stack_walk_reliable() is called to unwind for newly forked
tasks, the return value is negative which means the call stack is
unreliable. This obviously does not meet expectations.
The root cause is that after commit 3aec4ecb3d1f ("x86: Rewrite
ret_from_fork() in C"), the 'ret_addr' of newly forked task is changed
to 'ret_from_fork_asm' (see copy_thread()), then at the start of the
unwind, it is incorrectly interprets not as a "signal" one because
'ret_from_fork' is still used to determine the initial "signal" (see
__unwind_start()). Then the address gets incorrectly decremented in the
call to orc_find() (see unwind_next_frame()) and resulting in the
incorrect ORC data.
To fix it, check 'ret_from_fork_asm' rather than 'ret_from_fork' in
__unwind_start().
Fixes: 3aec4ecb3d1f ("x86: Rewrite ret_from_fork() in C")
Signed-off-by: Zheng Yejian <zhengyejian@huaweicloud.com>
Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kernel/unwind_orc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/kernel/unwind_orc.c b/arch/x86/kernel/unwind_orc.c
index d00c28aaa5be4..d4705a348a804 100644
--- a/arch/x86/kernel/unwind_orc.c
+++ b/arch/x86/kernel/unwind_orc.c
@@ -723,7 +723,7 @@ void __unwind_start(struct unwind_state *state, struct task_struct *task,
state->sp = task->thread.sp + sizeof(*frame);
state->bp = READ_ONCE_NOCHECK(frame->bp);
state->ip = READ_ONCE_NOCHECK(frame->ret_addr);
- state->signal = (void *)state->ip == ret_from_fork;
+ state->signal = (void *)state->ip == ret_from_fork_asm;
}
if (get_stack_info((unsigned long *)state->sp, state->task,
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 130/817] Revert "scripts/faddr2line: Check only two symbols when calculating symbol size"
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (128 preceding siblings ...)
2024-12-03 14:35 ` [PATCH 6.11 129/817] x86/unwind/orc: Fix unwind for newly forked tasks Greg Kroah-Hartman
@ 2024-12-03 14:35 ` Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 131/817] cleanup: Remove address space of returned pointer Greg Kroah-Hartman
` (696 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:35 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Carlos Llamas, Will Deacon,
Brian Johannesmeyer, Josh Poimboeuf, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Carlos Llamas <cmllamas@google.com>
[ Upstream commit 56ac7bd2c58a4e93d19f0ccb181035d075b315d3 ]
This reverts commit c02904f05ff805d6c0631634d5751ebd338f75ec.
Such commit assumed that only two symbols are relevant for the symbol
size calculation. However, this can lead to an incorrect symbol size
calculation when there are mapping symbols emitted by readelf.
For instance, when feeding 'update_irq_load_avg+0x1c/0x1c4', faddr2line
might need to process the following readelf lines:
784284: ffffffc0081cca30 428 FUNC GLOBAL DEFAULT 2 update_irq_load_avg
87319: ffffffc0081ccb0c 0 NOTYPE LOCAL DEFAULT 2 $x.62522
87321: ffffffc0081ccbdc 0 NOTYPE LOCAL DEFAULT 2 $x.62524
87323: ffffffc0081ccbe0 0 NOTYPE LOCAL DEFAULT 2 $x.62526
87325: ffffffc0081ccbe4 0 NOTYPE LOCAL DEFAULT 2 $x.62528
87327: ffffffc0081ccbe8 0 NOTYPE LOCAL DEFAULT 2 $x.62530
87329: ffffffc0081ccbec 0 NOTYPE LOCAL DEFAULT 2 $x.62532
87331: ffffffc0081ccbf0 0 NOTYPE LOCAL DEFAULT 2 $x.62534
87332: ffffffc0081ccbf4 0 NOTYPE LOCAL DEFAULT 2 $x.62535
783403: ffffffc0081ccbf4 424 FUNC GLOBAL DEFAULT 2 sched_pelt_multiplier
The symbol size of 'update_irq_load_avg' should be calculated with the
address of 'sched_pelt_multiplier', after skipping the mapping symbols
seen in between. However, the offending commit cuts the list short and
faddr2line incorrectly assumes 'update_irq_load_avg' is the last symbol
in the section, resulting in:
$ scripts/faddr2line vmlinux update_irq_load_avg+0x1c/0x1c4
skipping update_irq_load_avg address at 0xffffffc0081cca4c due to size mismatch (0x1c4 != 0x3ff9a59988)
no match for update_irq_load_avg+0x1c/0x1c4
After reverting the commit the issue is resolved:
$ scripts/faddr2line vmlinux update_irq_load_avg+0x1c/0x1c4
update_irq_load_avg+0x1c/0x1c4:
cpu_of at kernel/sched/sched.h:1109
(inlined by) update_irq_load_avg at kernel/sched/pelt.c:481
Fixes: c02904f05ff8 ("scripts/faddr2line: Check only two symbols when calculating symbol size")
Signed-off-by: Carlos Llamas <cmllamas@google.com>
Acked-by: Will Deacon <will@kernel.org>
Acked-by: Brian Johannesmeyer <bjohannesmeyer@gmail.com>
Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
scripts/faddr2line | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scripts/faddr2line b/scripts/faddr2line
index fe0cc45f03be1..1fa6beef9f978 100755
--- a/scripts/faddr2line
+++ b/scripts/faddr2line
@@ -252,7 +252,7 @@ __faddr2line() {
found=2
break
fi
- done < <(echo "${ELF_SYMS}" | sed 's/\[.*\]//' | ${AWK} -v sec=$sym_sec '$7 == sec' | sort --key=2 | ${GREP} -A1 --no-group-separator " ${sym_name}$")
+ done < <(echo "${ELF_SYMS}" | sed 's/\[.*\]//' | ${AWK} -v sec=$sym_sec '$7 == sec' | sort --key=2)
if [[ $found = 0 ]]; then
warn "can't find symbol: sym_name: $sym_name sym_sec: $sym_sec sym_addr: $sym_addr sym_elf_size: $sym_elf_size"
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 131/817] cleanup: Remove address space of returned pointer
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (129 preceding siblings ...)
2024-12-03 14:35 ` [PATCH 6.11 130/817] Revert "scripts/faddr2line: Check only two symbols when calculating symbol size" Greg Kroah-Hartman
@ 2024-12-03 14:35 ` Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 132/817] time: Partially revert cleanup on msecs_to_jiffies() documentation Greg Kroah-Hartman
` (695 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:35 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Uros Bizjak, Peter Zijlstra (Intel),
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Uros Bizjak <ubizjak@gmail.com>
[ Upstream commit f730fd535fc51573f982fad629f2fc6b4a0cde2f ]
Guard functions in local_lock.h are defined using DEFINE_GUARD() and
DEFINE_LOCK_GUARD_1() macros having lock type defined as pointer in
the percpu address space. The functions, defined by these macros
return value in generic address space, causing:
cleanup.h:157:18: error: return from pointer to non-enclosed address space
and
cleanup.h:214:18: error: return from pointer to non-enclosed address space
when strict percpu checks are enabled.
Add explicit casts to remove address space of the returned pointer.
Found by GCC's named address space checks.
Fixes: e4ab322fbaaa ("cleanup: Add conditional guard support")
Signed-off-by: Uros Bizjak <ubizjak@gmail.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Link: https://lkml.kernel.org/r/20240819074124.143565-1-ubizjak@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/cleanup.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/linux/cleanup.h b/include/linux/cleanup.h
index d9e613803df15..b3200ccb96186 100644
--- a/include/linux/cleanup.h
+++ b/include/linux/cleanup.h
@@ -154,7 +154,7 @@ static inline class_##_name##_t class_##_name##ext##_constructor(_init_args) \
#define DEFINE_GUARD(_name, _type, _lock, _unlock) \
DEFINE_CLASS(_name, _type, if (_T) { _unlock; }, ({ _lock; _T; }), _type _T); \
static inline void * class_##_name##_lock_ptr(class_##_name##_t *_T) \
- { return *_T; }
+ { return (void *)(__force unsigned long)*_T; }
#define DEFINE_GUARD_COND(_name, _ext, _condlock) \
EXTEND_CLASS(_name, _ext, \
@@ -211,7 +211,7 @@ static inline void class_##_name##_destructor(class_##_name##_t *_T) \
\
static inline void *class_##_name##_lock_ptr(class_##_name##_t *_T) \
{ \
- return _T->lock; \
+ return (void *)(__force unsigned long)_T->lock; \
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 132/817] time: Partially revert cleanup on msecs_to_jiffies() documentation
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (130 preceding siblings ...)
2024-12-03 14:35 ` [PATCH 6.11 131/817] cleanup: Remove address space of returned pointer Greg Kroah-Hartman
@ 2024-12-03 14:35 ` Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 133/817] time: Fix references to _msecs_to_jiffies() handling of values Greg Kroah-Hartman
` (694 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:35 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Miguel Ojeda, Thomas Gleixner,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Miguel Ojeda <ojeda@kernel.org>
[ Upstream commit b05aefc1f5886c8aece650c9c1639c87b976191a ]
The documentation's intention is to compare msecs_to_jiffies() (first
sentence) with __msecs_to_jiffies() (second sentence), which is what the
original documentation did. One of the cleanups in commit f3cb80804b82
("time: Fix various kernel-doc problems") may have thought the paragraph
was talking about the latter since that is what it is being documented.
Thus revert that part of the change.
Fixes: f3cb80804b82 ("time: Fix various kernel-doc problems")
Signed-off-by: Miguel Ojeda <ojeda@kernel.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Link: https://lore.kernel.org/all/20241025110141.157205-1-ojeda@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/time/time.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/time/time.c b/kernel/time/time.c
index 642647f5046be..e1879ca321033 100644
--- a/kernel/time/time.c
+++ b/kernel/time/time.c
@@ -558,7 +558,7 @@ EXPORT_SYMBOL(ns_to_timespec64);
* handling any 32-bit overflows.
* for the details see __msecs_to_jiffies()
*
- * __msecs_to_jiffies() checks for the passed in value being a constant
+ * msecs_to_jiffies() checks for the passed in value being a constant
* via __builtin_constant_p() allowing gcc to eliminate most of the
* code, __msecs_to_jiffies() is called if the value passed does not
* allow constant folding and the actual conversion must be done at
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 133/817] time: Fix references to _msecs_to_jiffies() handling of values
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (131 preceding siblings ...)
2024-12-03 14:35 ` [PATCH 6.11 132/817] time: Partially revert cleanup on msecs_to_jiffies() documentation Greg Kroah-Hartman
@ 2024-12-03 14:35 ` Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 134/817] locking/atomic/x86: Use ALT_OUTPUT_SP() for __alternative_atomic64() Greg Kroah-Hartman
` (693 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:35 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Miguel Ojeda, Thomas Gleixner,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Miguel Ojeda <ojeda@kernel.org>
[ Upstream commit 92b043fd995a63a57aae29ff85a39b6f30cd440c ]
The details about the handling of the "normal" values were moved
to the _msecs_to_jiffies() helpers in commit ca42aaf0c861 ("time:
Refactor msecs_to_jiffies"). However, the same commit still mentioned
__msecs_to_jiffies() in the added documentation.
Thus point to _msecs_to_jiffies() instead.
Fixes: ca42aaf0c861 ("time: Refactor msecs_to_jiffies")
Signed-off-by: Miguel Ojeda <ojeda@kernel.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Link: https://lore.kernel.org/all/20241025110141.157205-2-ojeda@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/jiffies.h | 2 +-
kernel/time/time.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/linux/jiffies.h b/include/linux/jiffies.h
index d9f1435a5a13c..26c7c0a4c7f8c 100644
--- a/include/linux/jiffies.h
+++ b/include/linux/jiffies.h
@@ -502,7 +502,7 @@ static inline unsigned long _msecs_to_jiffies(const unsigned int m)
* - all other values are converted to jiffies by either multiplying
* the input value by a factor or dividing it with a factor and
* handling any 32-bit overflows.
- * for the details see __msecs_to_jiffies()
+ * for the details see _msecs_to_jiffies()
*
* msecs_to_jiffies() checks for the passed in value being a constant
* via __builtin_constant_p() allowing gcc to eliminate most of the
diff --git a/kernel/time/time.c b/kernel/time/time.c
index e1879ca321033..1ad88e97b4ebc 100644
--- a/kernel/time/time.c
+++ b/kernel/time/time.c
@@ -556,7 +556,7 @@ EXPORT_SYMBOL(ns_to_timespec64);
* - all other values are converted to jiffies by either multiplying
* the input value by a factor or dividing it with a factor and
* handling any 32-bit overflows.
- * for the details see __msecs_to_jiffies()
+ * for the details see _msecs_to_jiffies()
*
* msecs_to_jiffies() checks for the passed in value being a constant
* via __builtin_constant_p() allowing gcc to eliminate most of the
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 134/817] locking/atomic/x86: Use ALT_OUTPUT_SP() for __alternative_atomic64()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (132 preceding siblings ...)
2024-12-03 14:35 ` [PATCH 6.11 133/817] time: Fix references to _msecs_to_jiffies() handling of values Greg Kroah-Hartman
@ 2024-12-03 14:35 ` Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 135/817] locking/atomic/x86: Use ALT_OUTPUT_SP() for __arch_{,try_}cmpxchg64_emu() Greg Kroah-Hartman
` (692 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:35 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Uros Bizjak, Peter Zijlstra (Intel),
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Uros Bizjak <ubizjak@gmail.com>
[ Upstream commit 8b64db9733c2e4d30fd068d0b9dcef7b4424b035 ]
CONFIG_X86_CMPXCHG64 variant of x86_32 __alternative_atomic64()
macro uses CALL instruction inside asm statement. Use
ALT_OUTPUT_SP() macro to add required dependence on %esp register.
Fixes: 819165fb34b9 ("x86: Adjust asm constraints in atomic64 wrappers")
Signed-off-by: Uros Bizjak <ubizjak@gmail.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Link: https://lkml.kernel.org/r/20241103160954.3329-1-ubizjak@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/include/asm/atomic64_32.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/x86/include/asm/atomic64_32.h b/arch/x86/include/asm/atomic64_32.h
index 8db2ec4d6cdac..18818f6859f05 100644
--- a/arch/x86/include/asm/atomic64_32.h
+++ b/arch/x86/include/asm/atomic64_32.h
@@ -51,7 +51,8 @@ static __always_inline s64 arch_atomic64_read_nonatomic(const atomic64_t *v)
#ifdef CONFIG_X86_CMPXCHG64
#define __alternative_atomic64(f, g, out, in...) \
asm volatile("call %c[func]" \
- : out : [func] "i" (atomic64_##g##_cx8), ## in)
+ : ALT_OUTPUT_SP(out) \
+ : [func] "i" (atomic64_##g##_cx8), ## in)
#define ATOMIC64_DECL(sym) ATOMIC64_DECL_ONE(sym##_cx8)
#else
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 135/817] locking/atomic/x86: Use ALT_OUTPUT_SP() for __arch_{,try_}cmpxchg64_emu()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (133 preceding siblings ...)
2024-12-03 14:35 ` [PATCH 6.11 134/817] locking/atomic/x86: Use ALT_OUTPUT_SP() for __alternative_atomic64() Greg Kroah-Hartman
@ 2024-12-03 14:35 ` Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 136/817] kcsan, seqlock: Support seqcount_latch_t Greg Kroah-Hartman
` (691 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:35 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Uros Bizjak, Peter Zijlstra (Intel),
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Uros Bizjak <ubizjak@gmail.com>
[ Upstream commit 25cf4fbb596d730476afcc0fb87a9d708db14078 ]
x86_32 __arch_{,try_}cmpxchg64_emu()() macros use CALL instruction
inside asm statement. Use ALT_OUTPUT_SP() macro to add required
dependence on %esp register.
Fixes: 79e1dd05d1a2 ("x86: Provide an alternative() based cmpxchg64()")
Signed-off-by: Uros Bizjak <ubizjak@gmail.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Link: https://lkml.kernel.org/r/20241103160954.3329-2-ubizjak@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/include/asm/cmpxchg_32.h | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/arch/x86/include/asm/cmpxchg_32.h b/arch/x86/include/asm/cmpxchg_32.h
index 62cef2113ca74..fd1282a783ddb 100644
--- a/arch/x86/include/asm/cmpxchg_32.h
+++ b/arch/x86/include/asm/cmpxchg_32.h
@@ -94,7 +94,7 @@ static __always_inline bool __try_cmpxchg64_local(volatile u64 *ptr, u64 *oldp,
asm volatile(ALTERNATIVE(_lock_loc \
"call cmpxchg8b_emu", \
_lock "cmpxchg8b %a[ptr]", X86_FEATURE_CX8) \
- : "+a" (o.low), "+d" (o.high) \
+ : ALT_OUTPUT_SP("+a" (o.low), "+d" (o.high)) \
: "b" (n.low), "c" (n.high), [ptr] "S" (_ptr) \
: "memory"); \
\
@@ -123,8 +123,8 @@ static __always_inline u64 arch_cmpxchg64_local(volatile u64 *ptr, u64 old, u64
"call cmpxchg8b_emu", \
_lock "cmpxchg8b %a[ptr]", X86_FEATURE_CX8) \
CC_SET(e) \
- : CC_OUT(e) (ret), \
- "+a" (o.low), "+d" (o.high) \
+ : ALT_OUTPUT_SP(CC_OUT(e) (ret), \
+ "+a" (o.low), "+d" (o.high)) \
: "b" (n.low), "c" (n.high), [ptr] "S" (_ptr) \
: "memory"); \
\
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 136/817] kcsan, seqlock: Support seqcount_latch_t
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (134 preceding siblings ...)
2024-12-03 14:35 ` [PATCH 6.11 135/817] locking/atomic/x86: Use ALT_OUTPUT_SP() for __arch_{,try_}cmpxchg64_emu() Greg Kroah-Hartman
@ 2024-12-03 14:35 ` Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 137/817] kcsan, seqlock: Fix incorrect assumption in read_seqbegin() Greg Kroah-Hartman
` (690 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:35 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Alexander Potapenko,
Peter Zijlstra (Intel), Marco Elver, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Marco Elver <elver@google.com>
[ Upstream commit 5c1806c41ce0a0110db5dd4c483cf2dc28b3ddf0 ]
While fuzzing an arm64 kernel, Alexander Potapenko reported:
| BUG: KCSAN: data-race in ktime_get_mono_fast_ns / timekeeping_update
|
| write to 0xffffffc082e74248 of 56 bytes by interrupt on cpu 0:
| update_fast_timekeeper kernel/time/timekeeping.c:430 [inline]
| timekeeping_update+0x1d8/0x2d8 kernel/time/timekeeping.c:768
| timekeeping_advance+0x9e8/0xb78 kernel/time/timekeeping.c:2344
| update_wall_time+0x18/0x38 kernel/time/timekeeping.c:2360
| [...]
|
| read to 0xffffffc082e74258 of 8 bytes by task 5260 on cpu 1:
| __ktime_get_fast_ns kernel/time/timekeeping.c:372 [inline]
| ktime_get_mono_fast_ns+0x88/0x174 kernel/time/timekeeping.c:489
| init_srcu_struct_fields+0x40c/0x530 kernel/rcu/srcutree.c:263
| init_srcu_struct+0x14/0x20 kernel/rcu/srcutree.c:311
| [...]
|
| value changed: 0x000002f875d33266 -> 0x000002f877416866
|
| Reported by Kernel Concurrency Sanitizer on:
| CPU: 1 UID: 0 PID: 5260 Comm: syz.2.7483 Not tainted 6.12.0-rc3-dirty #78
This is a false positive data race between a seqcount latch writer and a reader
accessing stale data. Since its introduction, KCSAN has never understood the
seqcount_latch interface (due to being unannotated).
Unlike the regular seqlock interface, the seqcount_latch interface for latch
writers never has had a well-defined critical section, making it difficult to
teach tooling where the critical section starts and ends.
Introduce an instrumentable (non-raw) seqcount_latch interface, with
which we can clearly denote writer critical sections. This both helps
readability and tooling like KCSAN to understand when the writer is done
updating all latch copies.
Fixes: 88ecd153be95 ("seqlock, kcsan: Add annotations for KCSAN")
Reported-by: Alexander Potapenko <glider@google.com>
Co-developed-by: "Peter Zijlstra (Intel)" <peterz@infradead.org>
Signed-off-by: "Peter Zijlstra (Intel)" <peterz@infradead.org>
Signed-off-by: Marco Elver <elver@google.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Link: https://lore.kernel.org/r/20241104161910.780003-4-elver@google.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
Documentation/locking/seqlock.rst | 2 +-
include/linux/seqlock.h | 86 +++++++++++++++++++++++++------
2 files changed, 72 insertions(+), 16 deletions(-)
diff --git a/Documentation/locking/seqlock.rst b/Documentation/locking/seqlock.rst
index bfda1a5fecadc..ec6411d02ac8f 100644
--- a/Documentation/locking/seqlock.rst
+++ b/Documentation/locking/seqlock.rst
@@ -153,7 +153,7 @@ Use seqcount_latch_t when the write side sections cannot be protected
from interruption by readers. This is typically the case when the read
side can be invoked from NMI handlers.
-Check `raw_write_seqcount_latch()` for more information.
+Check `write_seqcount_latch()` for more information.
.. _seqlock_t:
diff --git a/include/linux/seqlock.h b/include/linux/seqlock.h
index d90d8ee29d811..c81164846f4a4 100644
--- a/include/linux/seqlock.h
+++ b/include/linux/seqlock.h
@@ -636,6 +636,23 @@ static __always_inline unsigned raw_read_seqcount_latch(const seqcount_latch_t *
return READ_ONCE(s->seqcount.sequence);
}
+/**
+ * read_seqcount_latch() - pick even/odd latch data copy
+ * @s: Pointer to seqcount_latch_t
+ *
+ * See write_seqcount_latch() for details and a full reader/writer usage
+ * example.
+ *
+ * Return: sequence counter raw value. Use the lowest bit as an index for
+ * picking which data copy to read. The full counter must then be checked
+ * with read_seqcount_latch_retry().
+ */
+static __always_inline unsigned read_seqcount_latch(const seqcount_latch_t *s)
+{
+ kcsan_atomic_next(KCSAN_SEQLOCK_REGION_MAX);
+ return raw_read_seqcount_latch(s);
+}
+
/**
* raw_read_seqcount_latch_retry() - end a seqcount_latch_t read section
* @s: Pointer to seqcount_latch_t
@@ -650,9 +667,34 @@ raw_read_seqcount_latch_retry(const seqcount_latch_t *s, unsigned start)
return unlikely(READ_ONCE(s->seqcount.sequence) != start);
}
+/**
+ * read_seqcount_latch_retry() - end a seqcount_latch_t read section
+ * @s: Pointer to seqcount_latch_t
+ * @start: count, from read_seqcount_latch()
+ *
+ * Return: true if a read section retry is required, else false
+ */
+static __always_inline int
+read_seqcount_latch_retry(const seqcount_latch_t *s, unsigned start)
+{
+ kcsan_atomic_next(0);
+ return raw_read_seqcount_latch_retry(s, start);
+}
+
/**
* raw_write_seqcount_latch() - redirect latch readers to even/odd copy
* @s: Pointer to seqcount_latch_t
+ */
+static __always_inline void raw_write_seqcount_latch(seqcount_latch_t *s)
+{
+ smp_wmb(); /* prior stores before incrementing "sequence" */
+ s->seqcount.sequence++;
+ smp_wmb(); /* increment "sequence" before following stores */
+}
+
+/**
+ * write_seqcount_latch_begin() - redirect latch readers to odd copy
+ * @s: Pointer to seqcount_latch_t
*
* The latch technique is a multiversion concurrency control method that allows
* queries during non-atomic modifications. If you can guarantee queries never
@@ -680,17 +722,11 @@ raw_read_seqcount_latch_retry(const seqcount_latch_t *s, unsigned start)
*
* void latch_modify(struct latch_struct *latch, ...)
* {
- * smp_wmb(); // Ensure that the last data[1] update is visible
- * latch->seq.sequence++;
- * smp_wmb(); // Ensure that the seqcount update is visible
- *
+ * write_seqcount_latch_begin(&latch->seq);
* modify(latch->data[0], ...);
- *
- * smp_wmb(); // Ensure that the data[0] update is visible
- * latch->seq.sequence++;
- * smp_wmb(); // Ensure that the seqcount update is visible
- *
+ * write_seqcount_latch(&latch->seq);
* modify(latch->data[1], ...);
+ * write_seqcount_latch_end(&latch->seq);
* }
*
* The query will have a form like::
@@ -701,13 +737,13 @@ raw_read_seqcount_latch_retry(const seqcount_latch_t *s, unsigned start)
* unsigned seq, idx;
*
* do {
- * seq = raw_read_seqcount_latch(&latch->seq);
+ * seq = read_seqcount_latch(&latch->seq);
*
* idx = seq & 0x01;
* entry = data_query(latch->data[idx], ...);
*
* // This includes needed smp_rmb()
- * } while (raw_read_seqcount_latch_retry(&latch->seq, seq));
+ * } while (read_seqcount_latch_retry(&latch->seq, seq));
*
* return entry;
* }
@@ -731,11 +767,31 @@ raw_read_seqcount_latch_retry(const seqcount_latch_t *s, unsigned start)
* When data is a dynamic data structure; one should use regular RCU
* patterns to manage the lifetimes of the objects within.
*/
-static inline void raw_write_seqcount_latch(seqcount_latch_t *s)
+static __always_inline void write_seqcount_latch_begin(seqcount_latch_t *s)
{
- smp_wmb(); /* prior stores before incrementing "sequence" */
- s->seqcount.sequence++;
- smp_wmb(); /* increment "sequence" before following stores */
+ kcsan_nestable_atomic_begin();
+ raw_write_seqcount_latch(s);
+}
+
+/**
+ * write_seqcount_latch() - redirect latch readers to even copy
+ * @s: Pointer to seqcount_latch_t
+ */
+static __always_inline void write_seqcount_latch(seqcount_latch_t *s)
+{
+ raw_write_seqcount_latch(s);
+}
+
+/**
+ * write_seqcount_latch_end() - end a seqcount_latch_t write section
+ * @s: Pointer to seqcount_latch_t
+ *
+ * Marks the end of a seqcount_latch_t writer section, after all copies of the
+ * latch-protected data have been updated.
+ */
+static __always_inline void write_seqcount_latch_end(seqcount_latch_t *s)
+{
+ kcsan_nestable_atomic_end();
}
#define __SEQLOCK_UNLOCKED(lockname) \
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 137/817] kcsan, seqlock: Fix incorrect assumption in read_seqbegin()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (135 preceding siblings ...)
2024-12-03 14:35 ` [PATCH 6.11 136/817] kcsan, seqlock: Support seqcount_latch_t Greg Kroah-Hartman
@ 2024-12-03 14:35 ` Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 138/817] clocksource/drivers:sp804: Make user selectable Greg Kroah-Hartman
` (689 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:35 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Marco Elver, Peter Zijlstra (Intel),
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Marco Elver <elver@google.com>
[ Upstream commit 183ec5f26b2fc97a4a9871865bfe9b33c41fddb2 ]
During testing of the preceding changes, I noticed that in some cases,
current->kcsan_ctx.in_flat_atomic remained true until task exit. This is
obviously wrong, because _all_ accesses for the given task will be
treated as atomic, resulting in false negatives i.e. missed data races.
Debugging led to fs/dcache.c, where we can see this usage of seqlock:
struct dentry *d_lookup(const struct dentry *parent, const struct qstr *name)
{
struct dentry *dentry;
unsigned seq;
do {
seq = read_seqbegin(&rename_lock);
dentry = __d_lookup(parent, name);
if (dentry)
break;
} while (read_seqretry(&rename_lock, seq));
[...]
As can be seen, read_seqretry() is never called if dentry != NULL;
consequently, current->kcsan_ctx.in_flat_atomic will never be reset to
false by read_seqretry().
Give up on the wrong assumption of "assume closing read_seqretry()", and
rely on the already-present annotations in read_seqcount_begin/retry().
Fixes: 88ecd153be95 ("seqlock, kcsan: Add annotations for KCSAN")
Signed-off-by: Marco Elver <elver@google.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Link: https://lore.kernel.org/r/20241104161910.780003-6-elver@google.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/seqlock.h | 12 +-----------
1 file changed, 1 insertion(+), 11 deletions(-)
diff --git a/include/linux/seqlock.h b/include/linux/seqlock.h
index c81164846f4a4..e1c11db880795 100644
--- a/include/linux/seqlock.h
+++ b/include/linux/seqlock.h
@@ -825,11 +825,7 @@ static __always_inline void write_seqcount_latch_end(seqcount_latch_t *s)
*/
static inline unsigned read_seqbegin(const seqlock_t *sl)
{
- unsigned ret = read_seqcount_begin(&sl->seqcount);
-
- kcsan_atomic_next(0); /* non-raw usage, assume closing read_seqretry() */
- kcsan_flat_atomic_begin();
- return ret;
+ return read_seqcount_begin(&sl->seqcount);
}
/**
@@ -845,12 +841,6 @@ static inline unsigned read_seqbegin(const seqlock_t *sl)
*/
static inline unsigned read_seqretry(const seqlock_t *sl, unsigned start)
{
- /*
- * Assume not nested: read_seqretry() may be called multiple times when
- * completing read critical section.
- */
- kcsan_flat_atomic_end();
-
return read_seqcount_retry(&sl->seqcount, start);
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 138/817] clocksource/drivers:sp804: Make user selectable
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (136 preceding siblings ...)
2024-12-03 14:35 ` [PATCH 6.11 137/817] kcsan, seqlock: Fix incorrect assumption in read_seqbegin() Greg Kroah-Hartman
@ 2024-12-03 14:35 ` Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 139/817] clocksource/drivers/timer-ti-dm: Fix child node refcount handling Greg Kroah-Hartman
` (688 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:35 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ross Burton, Sudeep Holla,
Mark Rutland, Mark Brown, Daniel Lezcano, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mark Brown <broonie@kernel.org>
[ Upstream commit 0309f714a0908e947af1c902cf6a330cb593e75e ]
The sp804 is currently only user selectable if COMPILE_TEST, this was
done by commit dfc82faad725 ("clocksource/drivers/sp804: Add
COMPILE_TEST to CONFIG_ARM_TIMER_SP804") in order to avoid it being
spuriously offered on platforms that won't have the hardware since it's
generally only seen on Arm based platforms. This config is overly
restrictive, while platforms that rely on the SP804 do select it in
their Kconfig there are others such as the Arm fast models which have a
SP804 available but currently unused by Linux. Relax the dependency to
allow it to be user selectable on arm and arm64 to avoid surprises and
in case someone comes up with a use for extra timer hardware.
Fixes: dfc82faad725 ("clocksource/drivers/sp804: Add COMPILE_TEST to CONFIG_ARM_TIMER_SP804")
Reported-by: Ross Burton <ross.burton@arm.com>
Reviewed-by: Sudeep Holla <sudeep.holla@arm.com>
Acked-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Link: https://lore.kernel.org/r/20241001-arm64-vexpress-sp804-v3-1-0a2d3f7883e4@kernel.org
Signed-off-by: Daniel Lezcano <daniel.lezcano@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clocksource/Kconfig | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/clocksource/Kconfig b/drivers/clocksource/Kconfig
index 95dd4660b5b65..d546903dba4f3 100644
--- a/drivers/clocksource/Kconfig
+++ b/drivers/clocksource/Kconfig
@@ -400,7 +400,8 @@ config ARM_GT_INITIAL_PRESCALER_VAL
This affects CPU_FREQ max delta from the initial frequency.
config ARM_TIMER_SP804
- bool "Support for Dual Timer SP804 module" if COMPILE_TEST
+ bool "Support for Dual Timer SP804 module"
+ depends on ARM || ARM64 || COMPILE_TEST
depends on GENERIC_SCHED_CLOCK && HAVE_CLK
select CLKSRC_MMIO
select TIMER_OF if OF
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 139/817] clocksource/drivers/timer-ti-dm: Fix child node refcount handling
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (137 preceding siblings ...)
2024-12-03 14:35 ` [PATCH 6.11 138/817] clocksource/drivers:sp804: Make user selectable Greg Kroah-Hartman
@ 2024-12-03 14:35 ` Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 140/817] regulator: qcom-smd: make smd_vreg_rpm static Greg Kroah-Hartman
` (687 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:35 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Javier Carrasco, Daniel Lezcano,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Javier Carrasco <javier.carrasco.cruz@gmail.com>
[ Upstream commit e5cfc0989d9a2849c51c720a16b90b2c061a1aeb ]
of_find_compatible_node() increments the node's refcount, and it must be
decremented again with a call to of_node_put() when the pointer is no
longer required to avoid leaking the resource.
Instead of adding the missing calls to of_node_put() in all execution
paths, use the cleanup attribute for 'arm_timer' by means of the
__free() macro, which automatically calls of_node_put() when the
variable goes out of scope.
Fixes: 25de4ce5ed02 ("clocksource/drivers/timer-ti-dm: Handle dra7 timer wrap errata i940")
Signed-off-by: Javier Carrasco <javier.carrasco.cruz@gmail.com>
Link: https://lore.kernel.org/r/20241031-timer-ti-dm-systimer-of_node_put-v3-1-063ee822b73a@gmail.com
Signed-off-by: Daniel Lezcano <daniel.lezcano@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clocksource/timer-ti-dm-systimer.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/clocksource/timer-ti-dm-systimer.c b/drivers/clocksource/timer-ti-dm-systimer.c
index c2dcd8d68e458..d1c144d6f328c 100644
--- a/drivers/clocksource/timer-ti-dm-systimer.c
+++ b/drivers/clocksource/timer-ti-dm-systimer.c
@@ -686,9 +686,9 @@ subsys_initcall(dmtimer_percpu_timer_startup);
static int __init dmtimer_percpu_quirk_init(struct device_node *np, u32 pa)
{
- struct device_node *arm_timer;
+ struct device_node *arm_timer __free(device_node) =
+ of_find_compatible_node(NULL, NULL, "arm,armv7-timer");
- arm_timer = of_find_compatible_node(NULL, NULL, "arm,armv7-timer");
if (of_device_is_available(arm_timer)) {
pr_warn_once("ARM architected timer wrap issue i940 detected\n");
return 0;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 140/817] regulator: qcom-smd: make smd_vreg_rpm static
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (138 preceding siblings ...)
2024-12-03 14:35 ` [PATCH 6.11 139/817] clocksource/drivers/timer-ti-dm: Fix child node refcount handling Greg Kroah-Hartman
@ 2024-12-03 14:35 ` Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 141/817] spi: spi-fsl-lpspi: Use IRQF_NO_AUTOEN flag in request_irq() Greg Kroah-Hartman
` (686 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:35 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Min-Hua Chen, Dmitry Baryshkov,
Mark Brown, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Min-Hua Chen <minhuadotchen@gmail.com>
[ Upstream commit 18be43aca2c0ec475037923a8086d0a29fcc9d16 ]
Since smd_vreg_rpm is used only in
drivers/regulator/qcom_smd-regulator.c, make it static and fix the
following sparse warning:
drivers/regulator/qcom_smd-regulator.c:14:21: sparse: warning:
symbol 'smd_vreg_rpm' was not declared. Should it be static?
No functional changes intended.
Fixes: 5df3b41bd6b5 ("regulator: qcom_smd: Keep one rpm handle for all vregs")
Signed-off-by: Min-Hua Chen <minhuadotchen@gmail.com>
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Link: https://patch.msgid.link/20240926231038.31916-1-minhuadotchen@gmail.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/regulator/qcom_smd-regulator.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/regulator/qcom_smd-regulator.c b/drivers/regulator/qcom_smd-regulator.c
index 3b7e06b9f5ce9..678428ab42215 100644
--- a/drivers/regulator/qcom_smd-regulator.c
+++ b/drivers/regulator/qcom_smd-regulator.c
@@ -11,7 +11,7 @@
#include <linux/regulator/of_regulator.h>
#include <linux/soc/qcom/smd-rpm.h>
-struct qcom_smd_rpm *smd_vreg_rpm;
+static struct qcom_smd_rpm *smd_vreg_rpm;
struct qcom_rpm_reg {
struct device *dev;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 141/817] spi: spi-fsl-lpspi: Use IRQF_NO_AUTOEN flag in request_irq()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (139 preceding siblings ...)
2024-12-03 14:35 ` [PATCH 6.11 140/817] regulator: qcom-smd: make smd_vreg_rpm static Greg Kroah-Hartman
@ 2024-12-03 14:35 ` Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 142/817] arm64: dts: qcom: qcs6390-rb3gen2: use modem.mbn for modem DSP Greg Kroah-Hartman
` (685 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:35 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Jinjie Ruan, Mark Brown, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jinjie Ruan <ruanjinjie@huawei.com>
[ Upstream commit 003c7e01916c5e2af95add9b0cbda2e6163873e8 ]
disable_irq() after request_irq() still has a time gap in which
interrupts can come. request_irq() with IRQF_NO_AUTOEN flag will
disable IRQ auto-enable when request IRQ.
Fixes: 9728fb3ce117 ("spi: lpspi: disable lpspi module irq in DMA mode")
Signed-off-by: Jinjie Ruan <ruanjinjie@huawei.com>
Link: https://patch.msgid.link/20240906022828.891812-1-ruanjinjie@huawei.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-fsl-lpspi.c | 12 ++++--------
1 file changed, 4 insertions(+), 8 deletions(-)
diff --git a/drivers/spi/spi-fsl-lpspi.c b/drivers/spi/spi-fsl-lpspi.c
index 977e8b55c82b7..9573b8fa4fbfc 100644
--- a/drivers/spi/spi-fsl-lpspi.c
+++ b/drivers/spi/spi-fsl-lpspi.c
@@ -891,7 +891,7 @@ static int fsl_lpspi_probe(struct platform_device *pdev)
return ret;
}
- ret = devm_request_irq(&pdev->dev, irq, fsl_lpspi_isr, 0,
+ ret = devm_request_irq(&pdev->dev, irq, fsl_lpspi_isr, IRQF_NO_AUTOEN,
dev_name(&pdev->dev), fsl_lpspi);
if (ret) {
dev_err(&pdev->dev, "can't get irq%d: %d\n", irq, ret);
@@ -948,14 +948,10 @@ static int fsl_lpspi_probe(struct platform_device *pdev)
ret = fsl_lpspi_dma_init(&pdev->dev, fsl_lpspi, controller);
if (ret == -EPROBE_DEFER)
goto out_pm_get;
- if (ret < 0)
+ if (ret < 0) {
dev_warn(&pdev->dev, "dma setup error %d, use pio\n", ret);
- else
- /*
- * disable LPSPI module IRQ when enable DMA mode successfully,
- * to prevent the unexpected LPSPI module IRQ events.
- */
- disable_irq(irq);
+ enable_irq(irq);
+ }
ret = devm_spi_register_controller(&pdev->dev, controller);
if (ret < 0) {
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 142/817] arm64: dts: qcom: qcs6390-rb3gen2: use modem.mbn for modem DSP
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (140 preceding siblings ...)
2024-12-03 14:35 ` [PATCH 6.11 141/817] spi: spi-fsl-lpspi: Use IRQF_NO_AUTOEN flag in request_irq() Greg Kroah-Hartman
@ 2024-12-03 14:35 ` Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 143/817] ARM: dts: renesas: genmai: Fix partition size for QSPI NOR Flash Greg Kroah-Hartman
` (684 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:35 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dmitry Baryshkov, Konrad Dybcio,
Bjorn Andersson, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
[ Upstream commit 6317aad0e1525f3e3609d9a0fea762a37799943a ]
Newer boards should always use squashed MBN firmware instead of split
MDT+bNN. Use qcom/qcs6490/modem.mbn as the firmware for the modem on
RB3gen2.
Fixes: ac6d35b9b74c ("arm64: dts: qcom: qcs6490-rb3gen2: Enable various remoteprocs")
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Reviewed-by: Konrad Dybcio <konradybcio@kernel.org>
Link: https://lore.kernel.org/r/20240907-rb3g2-fixes-v1-1-eb9da98e9f80@linaro.org
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/qcs6490-rb3gen2.dts | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm64/boot/dts/qcom/qcs6490-rb3gen2.dts b/arch/arm64/boot/dts/qcom/qcs6490-rb3gen2.dts
index 0d45662b8028b..5d0167fbc7098 100644
--- a/arch/arm64/boot/dts/qcom/qcs6490-rb3gen2.dts
+++ b/arch/arm64/boot/dts/qcom/qcs6490-rb3gen2.dts
@@ -707,7 +707,7 @@ &remoteproc_cdsp {
};
&remoteproc_mpss {
- firmware-name = "qcom/qcs6490/modem.mdt";
+ firmware-name = "qcom/qcs6490/modem.mbn";
status = "okay";
};
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 143/817] ARM: dts: renesas: genmai: Fix partition size for QSPI NOR Flash
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (141 preceding siblings ...)
2024-12-03 14:35 ` [PATCH 6.11 142/817] arm64: dts: qcom: qcs6390-rb3gen2: use modem.mbn for modem DSP Greg Kroah-Hartman
@ 2024-12-03 14:35 ` Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 144/817] drivers: soc: xilinx: add the missing kfree in xlnx_add_cb_for_suspend() Greg Kroah-Hartman
` (683 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:35 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Wolfram Sang, Geert Uytterhoeven,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Wolfram Sang <wsa+renesas@sang-engineering.com>
[ Upstream commit 48e17816c3effa3545e21cd4f7d5a00c55c17a18 ]
Second partition was too large, looks like two digits got mixed up.
Fixes:
mtd: partition "user1" extends beyond the end of device "18000000.flash" -- size truncated to 0x4000000
Fixes: 30e0a8cf886c ("ARM: dts: renesas: genmai: Add FLASH nodes")
Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
Link: https://lore.kernel.org/20240914182948.94031-2-wsa+renesas@sang-engineering.com
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/renesas/r7s72100-genmai.dts | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/boot/dts/renesas/r7s72100-genmai.dts b/arch/arm/boot/dts/renesas/r7s72100-genmai.dts
index 29ba098f5dd5e..28e703e0f152b 100644
--- a/arch/arm/boot/dts/renesas/r7s72100-genmai.dts
+++ b/arch/arm/boot/dts/renesas/r7s72100-genmai.dts
@@ -53,7 +53,7 @@ partition@0 {
partition@4000000 {
label = "user1";
- reg = <0x04000000 0x40000000>;
+ reg = <0x04000000 0x04000000>;
};
};
};
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 144/817] drivers: soc: xilinx: add the missing kfree in xlnx_add_cb_for_suspend()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (142 preceding siblings ...)
2024-12-03 14:35 ` [PATCH 6.11 143/817] ARM: dts: renesas: genmai: Fix partition size for QSPI NOR Flash Greg Kroah-Hartman
@ 2024-12-03 14:35 ` Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 145/817] microblaze: Export xmb_manager functions Greg Kroah-Hartman
` (682 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:35 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Gaosheng Cui, Michal Simek,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Gaosheng Cui <cuigaosheng1@huawei.com>
[ Upstream commit 44ed4f90a97ff6f339e50ac01db71544e0990efc ]
If we fail to allocate memory for cb_data by kmalloc, the memory
allocation for eve_data is never freed, add the missing kfree()
in the error handling path.
Fixes: 05e5ba40ea7a ("driver: soc: xilinx: Add support of multiple callbacks for same event in event management driver")
Signed-off-by: Gaosheng Cui <cuigaosheng1@huawei.com>
Link: https://lore.kernel.org/r/20240706065155.452764-1-cuigaosheng1@huawei.com
Signed-off-by: Michal Simek <michal.simek@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/soc/xilinx/xlnx_event_manager.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/soc/xilinx/xlnx_event_manager.c b/drivers/soc/xilinx/xlnx_event_manager.c
index f529e1346247c..85df6b9c04ee6 100644
--- a/drivers/soc/xilinx/xlnx_event_manager.c
+++ b/drivers/soc/xilinx/xlnx_event_manager.c
@@ -188,8 +188,10 @@ static int xlnx_add_cb_for_suspend(event_cb_func_t cb_fun, void *data)
INIT_LIST_HEAD(&eve_data->cb_list_head);
cb_data = kmalloc(sizeof(*cb_data), GFP_KERNEL);
- if (!cb_data)
+ if (!cb_data) {
+ kfree(eve_data);
return -ENOMEM;
+ }
cb_data->eve_cb = cb_fun;
cb_data->agent_data = data;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 145/817] microblaze: Export xmb_manager functions
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (143 preceding siblings ...)
2024-12-03 14:35 ` [PATCH 6.11 144/817] drivers: soc: xilinx: add the missing kfree in xlnx_add_cb_for_suspend() Greg Kroah-Hartman
@ 2024-12-03 14:35 ` Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 146/817] arm64: dts: mediatek: mt8188: Fix wrong clock provider in MFG1 power domain Greg Kroah-Hartman
` (681 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:35 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Jeff Johnson, Michal Simek,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michal Simek <michal.simek@amd.com>
[ Upstream commit badf752b5e4b17d281f93f409d4718388ff912e6 ]
When TMR_MANAGER is enabled as module there is a need to export functions
which are present in architecture code.
It has been found by running:
make W=1 C=1 allmodconfig
sed -i -e 's/WERROR=y/WERROR=n/g' .config
make C=1 W=1
which errors out like this:
ERROR: modpost: "xmb_manager_register" [drivers/misc/xilinx_tmr_manager.ko] undefined!
ERROR: modpost: "xmb_inject_err" [drivers/misc/xilinx_tmr_inject.ko] undefined!
Fixes: a5e3aaa654c1 ("microblaze: Add xmb_manager_register function")
Reported-by: Jeff Johnson <quic_jjohnson@quicinc.com>
Signed-off-by: Michal Simek <michal.simek@amd.com>
Link: https://lore.kernel.org/r/e322dbbbde0feef83f44304ea13249d365d1dc5f.1718799090.git.michal.simek@amd.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/microblaze/kernel/microblaze_ksyms.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/arch/microblaze/kernel/microblaze_ksyms.c b/arch/microblaze/kernel/microblaze_ksyms.c
index c892e173ec990..a8553f54152b7 100644
--- a/arch/microblaze/kernel/microblaze_ksyms.c
+++ b/arch/microblaze/kernel/microblaze_ksyms.c
@@ -16,6 +16,7 @@
#include <asm/page.h>
#include <linux/ftrace.h>
#include <linux/uaccess.h>
+#include <asm/xilinx_mb_manager.h>
#ifdef CONFIG_FUNCTION_TRACER
extern void _mcount(void);
@@ -46,3 +47,12 @@ extern void __udivsi3(void);
EXPORT_SYMBOL(__udivsi3);
extern void __umodsi3(void);
EXPORT_SYMBOL(__umodsi3);
+
+#ifdef CONFIG_MB_MANAGER
+extern void xmb_manager_register(uintptr_t phys_baseaddr, u32 cr_val,
+ void (*callback)(void *data),
+ void *priv, void (*reset_callback)(void *data));
+EXPORT_SYMBOL(xmb_manager_register);
+extern asmlinkage void xmb_inject_err(void);
+EXPORT_SYMBOL(xmb_inject_err);
+#endif
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 146/817] arm64: dts: mediatek: mt8188: Fix wrong clock provider in MFG1 power domain
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (144 preceding siblings ...)
2024-12-03 14:35 ` [PATCH 6.11 145/817] microblaze: Export xmb_manager functions Greg Kroah-Hartman
@ 2024-12-03 14:35 ` Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 147/817] arm64: dts: mediatek: mt8395-genio-1200-evk: Fix dtbs_check error for phy Greg Kroah-Hartman
` (680 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:35 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Pablo Sun,
AngeloGioacchino Del Regno, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Pablo Sun <pablo.sun@mediatek.com>
[ Upstream commit 4007651c25553b10dbc6e7bff6b7abd2863c1702 ]
The clock index "CLK_APMIXED_MFGPLL" belongs to the "apmixedsys" provider,
so fix the index.
In addition, add a "mfg1" label so following commits could set
domain-supply for MFG1 power domain.
Fixes: eaf73e4224a3 ("arm64: dts: mediatek: mt8188: Add support for SoC power domains")
Signed-off-by: Pablo Sun <pablo.sun@mediatek.com>
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Link: https://lore.kernel.org/r/20241002022138.29241-2-pablo.sun@mediatek.com
Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/mediatek/mt8188.dtsi | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/arm64/boot/dts/mediatek/mt8188.dtsi b/arch/arm64/boot/dts/mediatek/mt8188.dtsi
index 29d012d28edb1..041a85e1d9b55 100644
--- a/arch/arm64/boot/dts/mediatek/mt8188.dtsi
+++ b/arch/arm64/boot/dts/mediatek/mt8188.dtsi
@@ -508,9 +508,9 @@ mfg0: power-domain@MT8188_POWER_DOMAIN_MFG0 {
#size-cells = <0>;
#power-domain-cells = <1>;
- power-domain@MT8188_POWER_DOMAIN_MFG1 {
+ mfg1: power-domain@MT8188_POWER_DOMAIN_MFG1 {
reg = <MT8188_POWER_DOMAIN_MFG1>;
- clocks = <&topckgen CLK_APMIXED_MFGPLL>,
+ clocks = <&apmixedsys CLK_APMIXED_MFGPLL>,
<&topckgen CLK_TOP_MFG_CORE_TMP>;
clock-names = "mfg", "alt";
mediatek,infracfg = <&infracfg_ao>;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 147/817] arm64: dts: mediatek: mt8395-genio-1200-evk: Fix dtbs_check error for phy
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (145 preceding siblings ...)
2024-12-03 14:35 ` [PATCH 6.11 146/817] arm64: dts: mediatek: mt8188: Fix wrong clock provider in MFG1 power domain Greg Kroah-Hartman
@ 2024-12-03 14:35 ` Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 148/817] arm64: dts: mt8195: Fix dtbs_check error for mutex node Greg Kroah-Hartman
` (679 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:35 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Macpaul Lin,
AngeloGioacchino Del Regno, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Macpaul Lin <macpaul.lin@mediatek.com>
[ Upstream commit 752804acea010959bb3a00c65acdf78086a8474c ]
The ethernet-phy node in mt8395-genio-1200-evk.dts was triggering a
dtbs_check error. The error message was:
eth-phy0@1: $nodename:0: 'eth-phy0@1' does not match
'^ethernet-phy(@[a-f0-9]+)?$'
Fix this issue by replacing 'eth-phy' node to generic 'ethernet-phy'.
Fixes: f2b543a191b6 ("arm64: dts: mediatek: add device-tree for Genio 1200 EVK board")
Signed-off-by: Macpaul Lin <macpaul.lin@mediatek.com>
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Link: https://lore.kernel.org/r/20241002051620.2050-3-macpaul.lin@mediatek.com
Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/mediatek/mt8395-genio-1200-evk.dts | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm64/boot/dts/mediatek/mt8395-genio-1200-evk.dts b/arch/arm64/boot/dts/mediatek/mt8395-genio-1200-evk.dts
index a06610fff8ade..33ad8c8205f1b 100644
--- a/arch/arm64/boot/dts/mediatek/mt8395-genio-1200-evk.dts
+++ b/arch/arm64/boot/dts/mediatek/mt8395-genio-1200-evk.dts
@@ -187,7 +187,7 @@ mdio {
compatible = "snps,dwmac-mdio";
#address-cells = <1>;
#size-cells = <0>;
- eth_phy0: eth-phy0@1 {
+ eth_phy0: ethernet-phy@1 {
compatible = "ethernet-phy-id001c.c916";
reg = <0x1>;
};
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 148/817] arm64: dts: mt8195: Fix dtbs_check error for mutex node
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (146 preceding siblings ...)
2024-12-03 14:35 ` [PATCH 6.11 147/817] arm64: dts: mediatek: mt8395-genio-1200-evk: Fix dtbs_check error for phy Greg Kroah-Hartman
@ 2024-12-03 14:35 ` Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 149/817] arm64: dts: mt8195: Fix dtbs_check error for infracfg_ao node Greg Kroah-Hartman
` (678 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:35 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Macpaul Lin,
AngeloGioacchino Del Regno, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Macpaul Lin <macpaul.lin@mediatek.com>
[ Upstream commit 0fc557b539a1e11bdc5053a308b12d84ea754786 ]
The mutex node in mt8195.dtsi was triggering a dtbs_check error:
mutex@1c101000: 'clock-names', 'reg-names' do not match any of the
regexes: 'pinctrl-[0-9]+'
This seems no need by inspecting the DT schemas and other reference boards,
so drop 'clock-names' and 'reg-names' in mt8195.dtsi.
Fixes: 92d2c23dc269 ("arm64: dts: mt8195: add display node for vdosys1")
Signed-off-by: Macpaul Lin <macpaul.lin@mediatek.com>
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Link: https://lore.kernel.org/r/20241002051620.2050-4-macpaul.lin@mediatek.com
Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/mediatek/mt8195.dtsi | 2 --
1 file changed, 2 deletions(-)
diff --git a/arch/arm64/boot/dts/mediatek/mt8195.dtsi b/arch/arm64/boot/dts/mediatek/mt8195.dtsi
index 98c15eb68589a..30903d468e99f 100644
--- a/arch/arm64/boot/dts/mediatek/mt8195.dtsi
+++ b/arch/arm64/boot/dts/mediatek/mt8195.dtsi
@@ -3330,11 +3330,9 @@ &larb19 &larb21 &larb24 &larb25
mutex1: mutex@1c101000 {
compatible = "mediatek,mt8195-disp-mutex";
reg = <0 0x1c101000 0 0x1000>;
- reg-names = "vdo1_mutex";
interrupts = <GIC_SPI 494 IRQ_TYPE_LEVEL_HIGH 0>;
power-domains = <&spm MT8195_POWER_DOMAIN_VDOSYS1>;
clocks = <&vdosys1 CLK_VDO1_DISP_MUTEX>;
- clock-names = "vdo1_mutex";
mediatek,gce-client-reg = <&gce0 SUBSYS_1c10XXXX 0x1000 0x1000>;
mediatek,gce-events = <CMDQ_EVENT_VDO1_STREAM_DONE_ENG_0>;
};
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 149/817] arm64: dts: mt8195: Fix dtbs_check error for infracfg_ao node
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (147 preceding siblings ...)
2024-12-03 14:35 ` [PATCH 6.11 148/817] arm64: dts: mt8195: Fix dtbs_check error for mutex node Greg Kroah-Hartman
@ 2024-12-03 14:35 ` Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 150/817] soc: ti: smartreflex: Use IRQF_NO_AUTOEN flag in request_irq() Greg Kroah-Hartman
` (677 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:35 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Macpaul Lin,
AngeloGioacchino Del Regno, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Macpaul Lin <macpaul.lin@mediatek.com>
[ Upstream commit c14ab45f5d458073248ddc62d31045d5d616806f ]
The infracfg_ao node in mt8195.dtsi was causing a dtbs_check error.
The error message was:
syscon@10001000: compatible: ['mediatek,mt8195-infracfg_ao', 'syscon',
'simple-mfd'] is too long
To resolve this, remove 'simple-mfd' from the 'compatible' property of the
infracfg_ao node.
Fixes: 37f2582883be ("arm64: dts: Add mediatek SoC mt8195 and evaluation board")
Signed-off-by: Macpaul Lin <macpaul.lin@mediatek.com>
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Link: https://lore.kernel.org/r/20241002051620.2050-1-macpaul.lin@mediatek.com
Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/mediatek/mt8195.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm64/boot/dts/mediatek/mt8195.dtsi b/arch/arm64/boot/dts/mediatek/mt8195.dtsi
index 30903d468e99f..e56b23995c7bf 100644
--- a/arch/arm64/boot/dts/mediatek/mt8195.dtsi
+++ b/arch/arm64/boot/dts/mediatek/mt8195.dtsi
@@ -487,7 +487,7 @@ topckgen: syscon@10000000 {
};
infracfg_ao: syscon@10001000 {
- compatible = "mediatek,mt8195-infracfg_ao", "syscon", "simple-mfd";
+ compatible = "mediatek,mt8195-infracfg_ao", "syscon";
reg = <0 0x10001000 0 0x1000>;
#clock-cells = <1>;
#reset-cells = <1>;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 150/817] soc: ti: smartreflex: Use IRQF_NO_AUTOEN flag in request_irq()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (148 preceding siblings ...)
2024-12-03 14:35 ` [PATCH 6.11 149/817] arm64: dts: mt8195: Fix dtbs_check error for infracfg_ao node Greg Kroah-Hartman
@ 2024-12-03 14:35 ` Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 151/817] soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() Greg Kroah-Hartman
` (676 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:35 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Jinjie Ruan, Kevin Hilman,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jinjie Ruan <ruanjinjie@huawei.com>
[ Upstream commit 16a0a69244240cfa32c525c021c40f85e090557a ]
If request_irq() fails in sr_late_init(), there is no need to enable
the irq, and if it succeeds, disable_irq() after request_irq() still has
a time gap in which interrupts can come.
request_irq() with IRQF_NO_AUTOEN flag will disable IRQ auto-enable when
request IRQ.
Fixes: 1279ba5916f6 ("OMAP3+: SR: disable interrupt by default")
Signed-off-by: Jinjie Ruan <ruanjinjie@huawei.com>
Link: https://lore.kernel.org/r/20240912034147.3014213-1-ruanjinjie@huawei.com
Signed-off-by: Kevin Hilman <khilman@baylibre.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/soc/ti/smartreflex.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/soc/ti/smartreflex.c b/drivers/soc/ti/smartreflex.c
index d6219060b616d..38add2ab56137 100644
--- a/drivers/soc/ti/smartreflex.c
+++ b/drivers/soc/ti/smartreflex.c
@@ -202,10 +202,10 @@ static int sr_late_init(struct omap_sr *sr_info)
if (sr_class->notify && sr_class->notify_flags && sr_info->irq) {
ret = devm_request_irq(&sr_info->pdev->dev, sr_info->irq,
- sr_interrupt, 0, sr_info->name, sr_info);
+ sr_interrupt, IRQF_NO_AUTOEN,
+ sr_info->name, sr_info);
if (ret)
goto error;
- disable_irq(sr_info->irq);
}
return ret;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 151/817] soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (149 preceding siblings ...)
2024-12-03 14:35 ` [PATCH 6.11 150/817] soc: ti: smartreflex: Use IRQF_NO_AUTOEN flag in request_irq() Greg Kroah-Hartman
@ 2024-12-03 14:35 ` Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 152/817] arm64: dts: qcom: sm6350: Fix GPU frequencies missing on some speedbins Greg Kroah-Hartman
` (675 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:35 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dan Carpenter, Bjorn Andersson,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dan Carpenter <dan.carpenter@linaro.org>
[ Upstream commit 78261cb08f06c93d362cab5c5034bf5899bc7552 ]
This loop is supposed to break if the frequency returned from
clk_round_rate() is the same as on the previous iteration. However,
that check doesn't make sense on the first iteration through the loop.
It leads to reading before the start of these->clk_perf_tbl[] array.
Fixes: eddac5af0654 ("soc: qcom: Add GENI based QUP Wrapper driver")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Link: https://lore.kernel.org/r/8cd12678-f44a-4b16-a579-c8f11175ee8c@stanley.mountain
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/soc/qcom/qcom-geni-se.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/soc/qcom/qcom-geni-se.c b/drivers/soc/qcom/qcom-geni-se.c
index 2e8f24d5da80b..4cb959106efa9 100644
--- a/drivers/soc/qcom/qcom-geni-se.c
+++ b/drivers/soc/qcom/qcom-geni-se.c
@@ -585,7 +585,8 @@ int geni_se_clk_tbl_get(struct geni_se *se, unsigned long **tbl)
for (i = 0; i < MAX_CLK_PERF_LEVEL; i++) {
freq = clk_round_rate(se->clk, freq + 1);
- if (freq <= 0 || freq == se->clk_perf_tbl[i - 1])
+ if (freq <= 0 ||
+ (i > 0 && freq == se->clk_perf_tbl[i - 1]))
break;
se->clk_perf_tbl[i] = freq;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 152/817] arm64: dts: qcom: sm6350: Fix GPU frequencies missing on some speedbins
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (150 preceding siblings ...)
2024-12-03 14:35 ` [PATCH 6.11 151/817] soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() Greg Kroah-Hartman
@ 2024-12-03 14:35 ` Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 153/817] arm64: dts: qcom: sda660-ifc6560: fix l10a voltage ranges Greg Kroah-Hartman
` (674 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:35 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Luca Weiss, Bjorn Andersson,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Luca Weiss <luca.weiss@fairphone.com>
[ Upstream commit 600c499f8f5297c2c91e8146a8217f299e445ef6 ]
Make sure the GPU frequencies are marked as supported for the respective
speedbins according to downstream msm-4.19 kernel:
* 850 MHz: Speedbins 0 + 180
* 800 MHz: Speedbins 0 + 180 + 169
* 650 MHz: Speedbins 0 + 180 + 169 + 138
* 565 MHz: Speedbins 0 + 180 + 169 + 138 + 120
* 430 MHz: Speedbins 0 + 180 + 169 + 138 + 120
* 355 MHz: Speedbins 0 + 180 + 169 + 138 + 120
* 253 MHz: Speedbins 0 + 180 + 169 + 138 + 120
Fixes: bd9b76750280 ("arm64: dts: qcom: sm6350: Add GPU nodes")
Signed-off-by: Luca Weiss <luca.weiss@fairphone.com>
Link: https://lore.kernel.org/r/20241002-sm6350-gpu-speedbin-fix-v1-1-8a5d90c5097d@fairphone.com
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/sm6350.dtsi | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/arch/arm64/boot/dts/qcom/sm6350.dtsi b/arch/arm64/boot/dts/qcom/sm6350.dtsi
index 7986ddb30f6e8..4f8477de7e1b1 100644
--- a/arch/arm64/boot/dts/qcom/sm6350.dtsi
+++ b/arch/arm64/boot/dts/qcom/sm6350.dtsi
@@ -1376,43 +1376,43 @@ gpu_opp_table: opp-table {
opp-850000000 {
opp-hz = /bits/ 64 <850000000>;
opp-level = <RPMH_REGULATOR_LEVEL_TURBO_L1>;
- opp-supported-hw = <0x02>;
+ opp-supported-hw = <0x03>;
};
opp-800000000 {
opp-hz = /bits/ 64 <800000000>;
opp-level = <RPMH_REGULATOR_LEVEL_TURBO>;
- opp-supported-hw = <0x04>;
+ opp-supported-hw = <0x07>;
};
opp-650000000 {
opp-hz = /bits/ 64 <650000000>;
opp-level = <RPMH_REGULATOR_LEVEL_NOM_L1>;
- opp-supported-hw = <0x08>;
+ opp-supported-hw = <0x0f>;
};
opp-565000000 {
opp-hz = /bits/ 64 <565000000>;
opp-level = <RPMH_REGULATOR_LEVEL_NOM>;
- opp-supported-hw = <0x10>;
+ opp-supported-hw = <0x1f>;
};
opp-430000000 {
opp-hz = /bits/ 64 <430000000>;
opp-level = <RPMH_REGULATOR_LEVEL_SVS_L1>;
- opp-supported-hw = <0xff>;
+ opp-supported-hw = <0x1f>;
};
opp-355000000 {
opp-hz = /bits/ 64 <355000000>;
opp-level = <RPMH_REGULATOR_LEVEL_SVS>;
- opp-supported-hw = <0xff>;
+ opp-supported-hw = <0x1f>;
};
opp-253000000 {
opp-hz = /bits/ 64 <253000000>;
opp-level = <RPMH_REGULATOR_LEVEL_LOW_SVS>;
- opp-supported-hw = <0xff>;
+ opp-supported-hw = <0x1f>;
};
};
};
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 153/817] arm64: dts: qcom: sda660-ifc6560: fix l10a voltage ranges
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (151 preceding siblings ...)
2024-12-03 14:35 ` [PATCH 6.11 152/817] arm64: dts: qcom: sm6350: Fix GPU frequencies missing on some speedbins Greg Kroah-Hartman
@ 2024-12-03 14:35 ` Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 154/817] ARM: dts: microchip: sam9x60: Add missing property atmel,usart-mode Greg Kroah-Hartman
` (673 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:35 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dmitry Baryshkov, Konrad Dybcio,
Bjorn Andersson, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
[ Upstream commit 1dd7d9d41dedf8d42e04c0f2febd4dbe5a062d4a ]
L10A, being a fixed regulator, should have min_voltage = max_voltage,
otherwise fixed rulator fails to probe. Fix the max_voltage range to be
equal to minimum.
Fixes: 4edbcf264fe2 ("arm64: dts: qcom: sda660-ifc6560: document missing USB PHY supplies")
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Reviewed-by: Konrad Dybcio <konradybcio@kernel.org>
Link: https://lore.kernel.org/r/20240907-sdm660-wifi-v1-4-e316055142f8@linaro.org
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/sda660-inforce-ifc6560.dts | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm64/boot/dts/qcom/sda660-inforce-ifc6560.dts b/arch/arm64/boot/dts/qcom/sda660-inforce-ifc6560.dts
index 60412281ab27d..962c8aa400440 100644
--- a/arch/arm64/boot/dts/qcom/sda660-inforce-ifc6560.dts
+++ b/arch/arm64/boot/dts/qcom/sda660-inforce-ifc6560.dts
@@ -104,7 +104,7 @@ vreg_l10a_1p8: vreg-l10a-regulator {
compatible = "regulator-fixed";
regulator-name = "vreg_l10a_1p8";
regulator-min-microvolt = <1804000>;
- regulator-max-microvolt = <1896000>;
+ regulator-max-microvolt = <1804000>;
regulator-always-on;
regulator-boot-on;
};
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 154/817] ARM: dts: microchip: sam9x60: Add missing property atmel,usart-mode
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (152 preceding siblings ...)
2024-12-03 14:35 ` [PATCH 6.11 153/817] arm64: dts: qcom: sda660-ifc6560: fix l10a voltage ranges Greg Kroah-Hartman
@ 2024-12-03 14:35 ` Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 155/817] mmc: mmc_spi: drop buggy snprintf() Greg Kroah-Hartman
` (672 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:35 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Nicolas Ferre, Andrei Simion,
Claudiu Beznea, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andrei Simion <andrei.simion@microchip.com>
[ Upstream commit 2f9d013a0c6f1b9109ada5acb28ee26eefc77c03 ]
Add the atmel,usart-mode property to the UART nodes. This ensures
compliance with the atmel,at91-usart.yaml schema and resolves the errors
below:
serial@200: $nodename:0: 'serial@200' does not match
'^spi(@.*|-([0-9]|[1-9][0-9]+))?$'
serial@200: atmel,use-dma-rx: False schema does not allow True
serial@200: atmel,use-dma-tx: False schema does not allow True
serial@200: atmel,fifo-size: False schema does not allow [[16]]
These errors indicate that the property
atmel,usart-mode = <AT91_USART_MODE_SERIAL> is missing for
UART nodes 0, 1, 2, 3, 4, 6, 7, 8, 9, 10, 11, and 12.
Fixes: 99c808335877 ("ARM: dts: at91: sam9x60: Add missing flexcom definitions")
Acked-by: Nicolas Ferre <nicolas.ferre@microchip.com>
Signed-off-by: Andrei Simion <andrei.simion@microchip.com>
Link: https://lore.kernel.org/r/20240912093307.40488-1-andrei.simion@microchip.com
[claudiu.beznea: move the atmel,usart-mode close to vendor specific
properties to cope with DTS coding style]
Signed-off-by: Claudiu Beznea <claudiu.beznea@tuxon.dev>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/microchip/sam9x60.dtsi | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/arch/arm/boot/dts/microchip/sam9x60.dtsi b/arch/arm/boot/dts/microchip/sam9x60.dtsi
index d077afd5024db..2492cd14c4e78 100644
--- a/arch/arm/boot/dts/microchip/sam9x60.dtsi
+++ b/arch/arm/boot/dts/microchip/sam9x60.dtsi
@@ -186,6 +186,7 @@ AT91_XDMAC_DT_PER_IF(1) |
dma-names = "tx", "rx";
clocks = <&pmc PMC_TYPE_PERIPHERAL 13>;
clock-names = "usart";
+ atmel,usart-mode = <AT91_USART_MODE_SERIAL>;
atmel,use-dma-rx;
atmel,use-dma-tx;
atmel,fifo-size = <16>;
@@ -384,6 +385,7 @@ AT91_XDMAC_DT_PER_IF(1) |
dma-names = "tx", "rx";
clocks = <&pmc PMC_TYPE_PERIPHERAL 32>;
clock-names = "usart";
+ atmel,usart-mode = <AT91_USART_MODE_SERIAL>;
atmel,use-dma-rx;
atmel,use-dma-tx;
atmel,fifo-size = <16>;
@@ -433,6 +435,7 @@ AT91_XDMAC_DT_PER_IF(1) |
dma-names = "tx", "rx";
clocks = <&pmc PMC_TYPE_PERIPHERAL 33>;
clock-names = "usart";
+ atmel,usart-mode = <AT91_USART_MODE_SERIAL>;
atmel,use-dma-rx;
atmel,use-dma-tx;
atmel,fifo-size = <16>;
@@ -590,6 +593,7 @@ AT91_XDMAC_DT_PER_IF(1) |
dma-names = "tx", "rx";
clocks = <&pmc PMC_TYPE_PERIPHERAL 9>;
clock-names = "usart";
+ atmel,usart-mode = <AT91_USART_MODE_SERIAL>;
atmel,use-dma-rx;
atmel,use-dma-tx;
atmel,fifo-size = <16>;
@@ -639,6 +643,7 @@ AT91_XDMAC_DT_PER_IF(1) |
dma-names = "tx", "rx";
clocks = <&pmc PMC_TYPE_PERIPHERAL 10>;
clock-names = "usart";
+ atmel,usart-mode = <AT91_USART_MODE_SERIAL>;
atmel,use-dma-rx;
atmel,use-dma-tx;
atmel,fifo-size = <16>;
@@ -688,6 +693,7 @@ AT91_XDMAC_DT_PER_IF(1) |
dma-names = "tx", "rx";
clocks = <&pmc PMC_TYPE_PERIPHERAL 11>;
clock-names = "usart";
+ atmel,usart-mode = <AT91_USART_MODE_SERIAL>;
atmel,use-dma-rx;
atmel,use-dma-tx;
atmel,fifo-size = <16>;
@@ -737,6 +743,7 @@ AT91_XDMAC_DT_PER_IF(1) |
dma-names = "tx", "rx";
clocks = <&pmc PMC_TYPE_PERIPHERAL 5>;
clock-names = "usart";
+ atmel,usart-mode = <AT91_USART_MODE_SERIAL>;
atmel,use-dma-rx;
atmel,use-dma-tx;
atmel,fifo-size = <16>;
@@ -805,6 +812,7 @@ AT91_XDMAC_DT_PER_IF(1) |
dma-names = "tx", "rx";
clocks = <&pmc PMC_TYPE_PERIPHERAL 6>;
clock-names = "usart";
+ atmel,usart-mode = <AT91_USART_MODE_SERIAL>;
atmel,use-dma-rx;
atmel,use-dma-tx;
atmel,fifo-size = <16>;
@@ -873,6 +881,7 @@ AT91_XDMAC_DT_PER_IF(1) |
dma-names = "tx", "rx";
clocks = <&pmc PMC_TYPE_PERIPHERAL 7>;
clock-names = "usart";
+ atmel,usart-mode = <AT91_USART_MODE_SERIAL>;
atmel,use-dma-rx;
atmel,use-dma-tx;
atmel,fifo-size = <16>;
@@ -941,6 +950,7 @@ AT91_XDMAC_DT_PER_IF(1) |
dma-names = "tx", "rx";
clocks = <&pmc PMC_TYPE_PERIPHERAL 8>;
clock-names = "usart";
+ atmel,usart-mode = <AT91_USART_MODE_SERIAL>;
atmel,use-dma-rx;
atmel,use-dma-tx;
atmel,fifo-size = <16>;
@@ -1064,6 +1074,7 @@ AT91_XDMAC_DT_PER_IF(1) |
dma-names = "tx", "rx";
clocks = <&pmc PMC_TYPE_PERIPHERAL 15>;
clock-names = "usart";
+ atmel,usart-mode = <AT91_USART_MODE_SERIAL>;
atmel,use-dma-rx;
atmel,use-dma-tx;
atmel,fifo-size = <16>;
@@ -1113,6 +1124,7 @@ AT91_XDMAC_DT_PER_IF(1) |
dma-names = "tx", "rx";
clocks = <&pmc PMC_TYPE_PERIPHERAL 16>;
clock-names = "usart";
+ atmel,usart-mode = <AT91_USART_MODE_SERIAL>;
atmel,use-dma-rx;
atmel,use-dma-tx;
atmel,fifo-size = <16>;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 155/817] mmc: mmc_spi: drop buggy snprintf()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (153 preceding siblings ...)
2024-12-03 14:35 ` [PATCH 6.11 154/817] ARM: dts: microchip: sam9x60: Add missing property atmel,usart-mode Greg Kroah-Hartman
@ 2024-12-03 14:35 ` Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 156/817] scripts/kernel-doc: Do not track section counter across processed files Greg Kroah-Hartman
` (671 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:35 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christophe JAILLET,
Bartosz Golaszewski, Ulf Hansson, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
[ Upstream commit 328bda09cc91b3d93bc64f4a4dadc44313dd8140 ]
GCC 13 complains about the truncated output of snprintf():
drivers/mmc/host/mmc_spi.c: In function ‘mmc_spi_response_get’:
drivers/mmc/host/mmc_spi.c:227:64: error: ‘snprintf’ output may be truncated before the last format character [-Werror=format-truncation=]
227 | snprintf(tag, sizeof(tag), " ... CMD%d response SPI_%s",
| ^
drivers/mmc/host/mmc_spi.c:227:9: note: ‘snprintf’ output between 26 and 43 bytes into a destination of size 32
227 | snprintf(tag, sizeof(tag), " ... CMD%d response SPI_%s",
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
228 | cmd->opcode, maptype(cmd));
Drop it and fold the string it generates into the only place where it's
emitted - the dev_dbg() call at the end of the function.
Fixes: 15a0580ced08 ("mmc_spi host driver")
Suggested-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
Link: https://lore.kernel.org/r/20241008160134.69934-1-brgl@bgdev.pl
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mmc/host/mmc_spi.c | 9 +++------
1 file changed, 3 insertions(+), 6 deletions(-)
diff --git a/drivers/mmc/host/mmc_spi.c b/drivers/mmc/host/mmc_spi.c
index c9caa1ece7ef9..5a19d3e949134 100644
--- a/drivers/mmc/host/mmc_spi.c
+++ b/drivers/mmc/host/mmc_spi.c
@@ -222,10 +222,6 @@ static int mmc_spi_response_get(struct mmc_spi_host *host,
u8 leftover = 0;
unsigned short rotator;
int i;
- char tag[32];
-
- snprintf(tag, sizeof(tag), " ... CMD%d response SPI_%s",
- cmd->opcode, maptype(cmd));
/* Except for data block reads, the whole response will already
* be stored in the scratch buffer. It's somewhere after the
@@ -378,8 +374,9 @@ static int mmc_spi_response_get(struct mmc_spi_host *host,
}
if (value < 0)
- dev_dbg(&host->spi->dev, "%s: resp %04x %08x\n",
- tag, cmd->resp[0], cmd->resp[1]);
+ dev_dbg(&host->spi->dev,
+ " ... CMD%d response SPI_%s: resp %04x %08x\n",
+ cmd->opcode, maptype(cmd), cmd->resp[0], cmd->resp[1]);
/* disable chipselect on errors and some success cases */
if (value >= 0 && cs_on)
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 156/817] scripts/kernel-doc: Do not track section counter across processed files
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (154 preceding siblings ...)
2024-12-03 14:35 ` [PATCH 6.11 155/817] mmc: mmc_spi: drop buggy snprintf() Greg Kroah-Hartman
@ 2024-12-03 14:35 ` Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 157/817] arm64: dts: qcom: x1e80100-slim7x: Drop orientation-switch from USB SS[0-1] QMP PHYs Greg Kroah-Hartman
` (670 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:35 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Chen-Yu Tsai, Jonathan Corbet,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chen-Yu Tsai <wenst@chromium.org>
[ Upstream commit be9264110e4e874622d588a75daf930539fdf6ea ]
The section counter tracks how many sections of kernel-doc were added.
The only real use of the counter value is to check if anything was
actually supposed to be output and give a warning is nothing is
available.
The current logic of remembering the initial value and then resetting
the value then when processing each file means that if a file has the
same number of sections as the previously processed one, a warning is
incorrectly given.
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Chen-Yu Tsai <wenst@chromium.org>
Signed-off-by: Jonathan Corbet <corbet@lwn.net>
Link: https://lore.kernel.org/r/20241008082905.4005524-1-wenst@chromium.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
scripts/kernel-doc | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/scripts/kernel-doc b/scripts/kernel-doc
index 2791f81952038..c608820f0bf51 100755
--- a/scripts/kernel-doc
+++ b/scripts/kernel-doc
@@ -2322,7 +2322,6 @@ sub process_inline($$) {
sub process_file($) {
my $file;
- my $initial_section_counter = $section_counter;
my ($orig_file) = @_;
$file = map_filename($orig_file);
@@ -2360,8 +2359,7 @@ sub process_file($) {
}
# Make sure we got something interesting.
- if ($initial_section_counter == $section_counter && $
- output_mode ne "none") {
+ if (!$section_counter && $output_mode ne "none") {
if ($output_selection == OUTPUT_INCLUDE) {
emit_warning("${file}:1", "'$_' not found\n")
for keys %function_table;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 157/817] arm64: dts: qcom: x1e80100-slim7x: Drop orientation-switch from USB SS[0-1] QMP PHYs
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (155 preceding siblings ...)
2024-12-03 14:35 ` [PATCH 6.11 156/817] scripts/kernel-doc: Do not track section counter across processed files Greg Kroah-Hartman
@ 2024-12-03 14:35 ` Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 158/817] arm64: dts: qcom: x1e80100-vivobook-s15: " Greg Kroah-Hartman
` (669 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:35 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Abel Vesa, Bjorn Andersson,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Abel Vesa <abel.vesa@linaro.org>
[ Upstream commit eb2dd93d03b16ed0e8b09311f8d35cc5a691a9b7 ]
The orientation-switch is already set in the x1e80100 SoC dtsi,
so drop from Slim 7X dts.
Fixes: 45247fe17db2 ("arm64: dts: qcom: x1e80100: add Lenovo Thinkpad Yoga slim 7x devicetree")
Signed-off-by: Abel Vesa <abel.vesa@linaro.org>
Link: https://lore.kernel.org/r/20241014-x1e80100-dts-drop-orientation-switch-v1-1-26afa6d4afd9@linaro.org
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/x1e80100-lenovo-yoga-slim7x.dts | 4 ----
1 file changed, 4 deletions(-)
diff --git a/arch/arm64/boot/dts/qcom/x1e80100-lenovo-yoga-slim7x.dts b/arch/arm64/boot/dts/qcom/x1e80100-lenovo-yoga-slim7x.dts
index 884595d98e641..769040b50b04d 100644
--- a/arch/arm64/boot/dts/qcom/x1e80100-lenovo-yoga-slim7x.dts
+++ b/arch/arm64/boot/dts/qcom/x1e80100-lenovo-yoga-slim7x.dts
@@ -881,8 +881,6 @@ &usb_1_ss0_qmpphy {
vdda-phy-supply = <&vreg_l3e_1p2>;
vdda-pll-supply = <&vreg_l1j_0p8>;
- orientation-switch;
-
status = "okay";
};
@@ -915,8 +913,6 @@ &usb_1_ss1_qmpphy {
vdda-phy-supply = <&vreg_l3e_1p2>;
vdda-pll-supply = <&vreg_l2d_0p9>;
- orientation-switch;
-
status = "okay";
};
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 158/817] arm64: dts: qcom: x1e80100-vivobook-s15: Drop orientation-switch from USB SS[0-1] QMP PHYs
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (156 preceding siblings ...)
2024-12-03 14:35 ` [PATCH 6.11 157/817] arm64: dts: qcom: x1e80100-slim7x: Drop orientation-switch from USB SS[0-1] QMP PHYs Greg Kroah-Hartman
@ 2024-12-03 14:35 ` Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 159/817] openrisc: Implement fixmap to fix earlycon Greg Kroah-Hartman
` (668 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:35 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Abel Vesa, Bjorn Andersson,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Abel Vesa <abel.vesa@linaro.org>
[ Upstream commit 27344eb70c8fd60fe7c570e2e12f169ff89d2c47 ]
The orientation-switch is already set in the x1e80100 SoC dtsi,
so drop from Vivobook S15 dts.
Fixes: d0e2f8f62dff ("arm64: dts: qcom: Add device tree for ASUS Vivobook S 15")
Signed-off-by: Abel Vesa <abel.vesa@linaro.org>
Link: https://lore.kernel.org/r/20241014-x1e80100-dts-drop-orientation-switch-v1-2-26afa6d4afd9@linaro.org
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/x1e80100-asus-vivobook-s15.dts | 4 ----
1 file changed, 4 deletions(-)
diff --git a/arch/arm64/boot/dts/qcom/x1e80100-asus-vivobook-s15.dts b/arch/arm64/boot/dts/qcom/x1e80100-asus-vivobook-s15.dts
index 530db0913f91d..7d4e039f63cf4 100644
--- a/arch/arm64/boot/dts/qcom/x1e80100-asus-vivobook-s15.dts
+++ b/arch/arm64/boot/dts/qcom/x1e80100-asus-vivobook-s15.dts
@@ -598,8 +598,6 @@ &usb_1_ss0_qmpphy {
vdda-phy-supply = <&vreg_l3e_1p2>;
vdda-pll-supply = <&vreg_l1j_0p8>;
- orientation-switch;
-
status = "okay";
};
@@ -632,8 +630,6 @@ &usb_1_ss1_qmpphy {
vdda-phy-supply = <&vreg_l3e_1p2>;
vdda-pll-supply = <&vreg_l2d_0p9>;
- orientation-switch;
-
status = "okay";
};
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 159/817] openrisc: Implement fixmap to fix earlycon
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (157 preceding siblings ...)
2024-12-03 14:35 ` [PATCH 6.11 158/817] arm64: dts: qcom: x1e80100-vivobook-s15: " Greg Kroah-Hartman
@ 2024-12-03 14:35 ` Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 160/817] efi/libstub: fix efi_parse_options() ignoring the default command line Greg Kroah-Hartman
` (667 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:35 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Stafford Horne, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Stafford Horne <shorne@gmail.com>
[ Upstream commit 1037d186edfc551fa7ba2d4336e74e7575a07a65 ]
With commit 53c98e35dcbc ("openrisc: mm: remove unneeded early ioremap
code") it was commented that early ioremap was not used in OpenRISC. I
acked this but was wrong, earlycon was using it. Earlycon setup now
fails with the below trace:
Kernel command line: earlycon
------------[ cut here ]------------
WARNING: CPU: 0 PID: 0 at mm/ioremap.c:23
generic_ioremap_prot+0x118/0x130
Modules linked in:
CPU: 0 UID: 0 PID: 0 Comm: swapper Not tainted
6.11.0-rc5-00001-gce02fd891c38-dirty #141
Call trace:
[<(ptrval)>] dump_stack_lvl+0x7c/0x9c
[<(ptrval)>] dump_stack+0x1c/0x2c
[<(ptrval)>] __warn+0xb4/0x108
[<(ptrval)>] ? generic_ioremap_prot+0x118/0x130
[<(ptrval)>] warn_slowpath_fmt+0x60/0x98
[<(ptrval)>] generic_ioremap_prot+0x118/0x130
[<(ptrval)>] ioremap_prot+0x20/0x30
[<(ptrval)>] of_setup_earlycon+0xd4/0x2e0
[<(ptrval)>] early_init_dt_scan_chosen_stdout+0x18c/0x1c8
[<(ptrval)>] param_setup_earlycon+0x3c/0x60
[<(ptrval)>] do_early_param+0xb0/0x118
[<(ptrval)>] parse_args+0x184/0x4b8
[<(ptrval)>] ? start_kernel+0x0/0x78c
[<(ptrval)>] parse_early_options+0x40/0x50
[<(ptrval)>] ? do_early_param+0x0/0x118
[<(ptrval)>] parse_early_param+0x48/0x68
[<(ptrval)>] ? start_kernel+0x318/0x78c
[<(ptrval)>] ? start_kernel+0x0/0x78c
---[ end trace 0000000000000000 ]---
To fix this we could either implement early_ioremap again or implement
fixmap. In this patch we choose the later option of implementing basic
fixmap support.
While fixing this we also remove the old FIX_IOREMAP slots that were
used by early ioremap code. That code was also removed by commit
53c98e35dcbc ("openrisc: mm: remove unneeded early ioremap code") but
these definitions were not cleaned up.
Fixes: 53c98e35dcbc ("openrisc: mm: remove unneeded early ioremap code")
Signed-off-by: Stafford Horne <shorne@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/openrisc/Kconfig | 3 +++
arch/openrisc/include/asm/fixmap.h | 21 ++++-------------
arch/openrisc/mm/init.c | 37 ++++++++++++++++++++++++++++++
3 files changed, 45 insertions(+), 16 deletions(-)
diff --git a/arch/openrisc/Kconfig b/arch/openrisc/Kconfig
index 69c0258700b28..3279ef457c573 100644
--- a/arch/openrisc/Kconfig
+++ b/arch/openrisc/Kconfig
@@ -65,6 +65,9 @@ config STACKTRACE_SUPPORT
config LOCKDEP_SUPPORT
def_bool y
+config FIX_EARLYCON_MEM
+ def_bool y
+
menu "Processor type and features"
choice
diff --git a/arch/openrisc/include/asm/fixmap.h b/arch/openrisc/include/asm/fixmap.h
index ecdb98a5839f7..aaa6a26a3e921 100644
--- a/arch/openrisc/include/asm/fixmap.h
+++ b/arch/openrisc/include/asm/fixmap.h
@@ -26,29 +26,18 @@
#include <linux/bug.h>
#include <asm/page.h>
-/*
- * On OpenRISC we use these special fixed_addresses for doing ioremap
- * early in the boot process before memory initialization is complete.
- * This is used, in particular, by the early serial console code.
- *
- * It's not really 'fixmap', per se, but fits loosely into the same
- * paradigm.
- */
enum fixed_addresses {
- /*
- * FIX_IOREMAP entries are useful for mapping physical address
- * space before ioremap() is useable, e.g. really early in boot
- * before kmalloc() is working.
- */
-#define FIX_N_IOREMAPS 32
- FIX_IOREMAP_BEGIN,
- FIX_IOREMAP_END = FIX_IOREMAP_BEGIN + FIX_N_IOREMAPS - 1,
+ FIX_EARLYCON_MEM_BASE,
__end_of_fixed_addresses
};
#define FIXADDR_SIZE (__end_of_fixed_addresses << PAGE_SHIFT)
/* FIXADDR_BOTTOM might be a better name here... */
#define FIXADDR_START (FIXADDR_TOP - FIXADDR_SIZE)
+#define FIXMAP_PAGE_IO PAGE_KERNEL_NOCACHE
+
+extern void __set_fixmap(enum fixed_addresses idx,
+ phys_addr_t phys, pgprot_t flags);
#include <asm-generic/fixmap.h>
diff --git a/arch/openrisc/mm/init.c b/arch/openrisc/mm/init.c
index 1dcd78c8f0e99..d0cb1a0126f95 100644
--- a/arch/openrisc/mm/init.c
+++ b/arch/openrisc/mm/init.c
@@ -207,6 +207,43 @@ void __init mem_init(void)
return;
}
+static int __init map_page(unsigned long va, phys_addr_t pa, pgprot_t prot)
+{
+ p4d_t *p4d;
+ pud_t *pud;
+ pmd_t *pmd;
+ pte_t *pte;
+
+ p4d = p4d_offset(pgd_offset_k(va), va);
+ pud = pud_offset(p4d, va);
+ pmd = pmd_offset(pud, va);
+ pte = pte_alloc_kernel(pmd, va);
+
+ if (pte == NULL)
+ return -ENOMEM;
+
+ if (pgprot_val(prot))
+ set_pte_at(&init_mm, va, pte, pfn_pte(pa >> PAGE_SHIFT, prot));
+ else
+ pte_clear(&init_mm, va, pte);
+
+ local_flush_tlb_page(NULL, va);
+ return 0;
+}
+
+void __init __set_fixmap(enum fixed_addresses idx,
+ phys_addr_t phys, pgprot_t prot)
+{
+ unsigned long address = __fix_to_virt(idx);
+
+ if (idx >= __end_of_fixed_addresses) {
+ BUG();
+ return;
+ }
+
+ map_page(address, phys, prot);
+}
+
static const pgprot_t protection_map[16] = {
[VM_NONE] = PAGE_NONE,
[VM_READ] = PAGE_READONLY_X,
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 160/817] efi/libstub: fix efi_parse_options() ignoring the default command line
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (158 preceding siblings ...)
2024-12-03 14:35 ` [PATCH 6.11 159/817] openrisc: Implement fixmap to fix earlycon Greg Kroah-Hartman
@ 2024-12-03 14:35 ` Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 161/817] tpm: fix signed/unsigned bug when checking event logs Greg Kroah-Hartman
` (666 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:35 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jonathan Marek, Ard Biesheuvel,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jonathan Marek <jonathan@marek.ca>
[ Upstream commit aacfa0ef247b0130b7a98bb52378f8cd727a66ca ]
efi_convert_cmdline() always returns a size of at least 1 because it
counts the NUL terminator, so the "cmdline_size == 0" condition is never
satisfied.
Change it to check if the string starts with a NUL character to get the
intended behavior: to use CONFIG_CMDLINE when load_options_size == 0.
Fixes: 60f38de7a8d4 ("efi/libstub: Unify command line param parsing")
Signed-off-by: Jonathan Marek <jonathan@marek.ca>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/firmware/efi/libstub/efi-stub.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/firmware/efi/libstub/efi-stub.c b/drivers/firmware/efi/libstub/efi-stub.c
index 958a680e0660d..2a1b43f9e0fa2 100644
--- a/drivers/firmware/efi/libstub/efi-stub.c
+++ b/drivers/firmware/efi/libstub/efi-stub.c
@@ -129,7 +129,7 @@ efi_status_t efi_handle_cmdline(efi_loaded_image_t *image, char **cmdline_ptr)
if (IS_ENABLED(CONFIG_CMDLINE_EXTEND) ||
IS_ENABLED(CONFIG_CMDLINE_FORCE) ||
- cmdline_size == 0) {
+ cmdline[0] == 0) {
status = efi_parse_options(CONFIG_CMDLINE);
if (status != EFI_SUCCESS) {
efi_err("Failed to parse options\n");
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 161/817] tpm: fix signed/unsigned bug when checking event logs
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (159 preceding siblings ...)
2024-12-03 14:35 ` [PATCH 6.11 160/817] efi/libstub: fix efi_parse_options() ignoring the default command line Greg Kroah-Hartman
@ 2024-12-03 14:35 ` Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 162/817] media: i2c: vgxy61: Fix an error handling path in vgxy61_detect() Greg Kroah-Hartman
` (665 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:35 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Gregory Price, Ilias Apalodimas,
Ard Biesheuvel, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Gregory Price <gourry@gourry.net>
[ Upstream commit e6d654e9f5a97742cfe794b1c4bb5d3fb2d25e98 ]
A prior bugfix that fixes a signed/unsigned error causes
another signed unsigned error.
A situation where log_tbl->size is invalid can cause the
size passed to memblock_reserve to become negative.
log_size from the main event log is an unsigned int, and
the code reduces to the following
u64 value = (int)unsigned_value;
This results in sign extension, and the value sent to
memblock_reserve becomes effectively negative.
Fixes: be59d57f9806 ("efi/tpm: Fix sanity check of unsigned tbl_size being less than zero")
Signed-off-by: Gregory Price <gourry@gourry.net>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/firmware/efi/tpm.c | 17 +++++++++--------
1 file changed, 9 insertions(+), 8 deletions(-)
diff --git a/drivers/firmware/efi/tpm.c b/drivers/firmware/efi/tpm.c
index e8d69bd548f3f..9c3613e6af158 100644
--- a/drivers/firmware/efi/tpm.c
+++ b/drivers/firmware/efi/tpm.c
@@ -40,7 +40,8 @@ int __init efi_tpm_eventlog_init(void)
{
struct linux_efi_tpm_eventlog *log_tbl;
struct efi_tcg2_final_events_table *final_tbl;
- int tbl_size;
+ unsigned int tbl_size;
+ int final_tbl_size;
int ret = 0;
if (efi.tpm_log == EFI_INVALID_TABLE_ADDR) {
@@ -80,26 +81,26 @@ int __init efi_tpm_eventlog_init(void)
goto out;
}
- tbl_size = 0;
+ final_tbl_size = 0;
if (final_tbl->nr_events != 0) {
void *events = (void *)efi.tpm_final_log
+ sizeof(final_tbl->version)
+ sizeof(final_tbl->nr_events);
- tbl_size = tpm2_calc_event_log_size(events,
- final_tbl->nr_events,
- log_tbl->log);
+ final_tbl_size = tpm2_calc_event_log_size(events,
+ final_tbl->nr_events,
+ log_tbl->log);
}
- if (tbl_size < 0) {
+ if (final_tbl_size < 0) {
pr_err(FW_BUG "Failed to parse event in TPM Final Events Log\n");
ret = -EINVAL;
goto out_calc;
}
memblock_reserve(efi.tpm_final_log,
- tbl_size + sizeof(*final_tbl));
- efi_tpm_final_log_size = tbl_size;
+ final_tbl_size + sizeof(*final_tbl));
+ efi_tpm_final_log_size = final_tbl_size;
out_calc:
early_memunmap(final_tbl, sizeof(*final_tbl));
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 162/817] media: i2c: vgxy61: Fix an error handling path in vgxy61_detect()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (160 preceding siblings ...)
2024-12-03 14:35 ` [PATCH 6.11 161/817] tpm: fix signed/unsigned bug when checking event logs Greg Kroah-Hartman
@ 2024-12-03 14:35 ` Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 163/817] media: i2c: ds90ub960: Fix missing return check on ub960_rxport_read call Greg Kroah-Hartman
` (664 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:35 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christophe JAILLET, Benjamin Mugnier,
Sakari Ailus, Mauro Carvalho Chehab, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit 0d5c92cde4d38825eeadf5b4e1534350f80a9924 ]
If cci_read() fails, 'st' is set to 0 in cci_read(), so we return success,
instead of the expected error code.
Fix it and return the expected error.
Fixes: 9a6d7f2ba2b9 ("media: i2c: st-vgxy61: Convert to CCI register access helpers")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Reviewed-by: Benjamin Mugnier <benjamin.mugnier@foss.st.com>
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/i2c/vgxy61.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/media/i2c/vgxy61.c b/drivers/media/i2c/vgxy61.c
index 30378e9620166..8034e21051bec 100644
--- a/drivers/media/i2c/vgxy61.c
+++ b/drivers/media/i2c/vgxy61.c
@@ -1617,7 +1617,7 @@ static int vgxy61_detect(struct vgxy61_dev *sensor)
ret = cci_read(sensor->regmap, VGXY61_REG_NVM, &st, NULL);
if (ret < 0)
- return st;
+ return ret;
if (st != VGXY61_NVM_OK)
dev_warn(&client->dev, "Bad nvm state got %u\n", (u8)st);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 163/817] media: i2c: ds90ub960: Fix missing return check on ub960_rxport_read call
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (161 preceding siblings ...)
2024-12-03 14:35 ` [PATCH 6.11 162/817] media: i2c: vgxy61: Fix an error handling path in vgxy61_detect() Greg Kroah-Hartman
@ 2024-12-03 14:35 ` Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 164/817] arm64: dts: mt8183: krane: Fix the address of eeprom at i2c4 Greg Kroah-Hartman
` (663 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:35 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Colin Ian King, Tomi Valkeinen,
Sakari Ailus, Mauro Carvalho Chehab, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Colin Ian King <colin.i.king@gmail.com>
[ Upstream commit 24ad2d1f773a11f69eecec3ec37ea3d76f2e9e7d ]
The function ub960_rxport_read is being called and afterwards ret is
being checked for any failures, however ret is not being assigned to
the return of the function call. Fix this by assigning ret to the
return of the call which appears to be missing.
Fixes: afe267f2d368 ("media: i2c: add DS90UB960 driver")
Signed-off-by: Colin Ian King <colin.i.king@gmail.com>
Reviewed-by: Tomi Valkeinen <tomi.valkeinen@ideasonboard.com>
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/i2c/ds90ub960.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/media/i2c/ds90ub960.c b/drivers/media/i2c/ds90ub960.c
index ffe5f25f86476..58424d8f72af0 100644
--- a/drivers/media/i2c/ds90ub960.c
+++ b/drivers/media/i2c/ds90ub960.c
@@ -1286,7 +1286,7 @@ static int ub960_rxport_get_strobe_pos(struct ub960_data *priv,
clk_delay += v & UB960_IR_RX_ANA_STROBE_SET_CLK_DELAY_MASK;
- ub960_rxport_read(priv, nport, UB960_RR_SFILTER_STS_1, &v);
+ ret = ub960_rxport_read(priv, nport, UB960_RR_SFILTER_STS_1, &v);
if (ret)
return ret;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 164/817] arm64: dts: mt8183: krane: Fix the address of eeprom at i2c4
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (162 preceding siblings ...)
2024-12-03 14:35 ` [PATCH 6.11 163/817] media: i2c: ds90ub960: Fix missing return check on ub960_rxport_read call Greg Kroah-Hartman
@ 2024-12-03 14:35 ` Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 165/817] arm64: dts: mt8183: kukui: " Greg Kroah-Hartman
` (662 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:35 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Hsin-Te Yuan,
AngeloGioacchino Del Regno, Matthias Brugger, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hsin-Te Yuan <yuanhsinte@chromium.org>
[ Upstream commit e9c60c34948662b5d47573490ee538439b29e462 ]
The address of eeprom should be 50.
Fixes: cd894e274b74 ("arm64: dts: mt8183: Add krane-sku176 board")
Signed-off-by: Hsin-Te Yuan <yuanhsinte@chromium.org>
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Reviewed-by: Matthias Brugger <matthias.bgg@gmail.com>
Link: https://lore.kernel.org/r/20240909-eeprom-v1-1-1ed2bc5064f4@chromium.org
Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/mediatek/mt8183-kukui-krane.dtsi | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/arm64/boot/dts/mediatek/mt8183-kukui-krane.dtsi b/arch/arm64/boot/dts/mediatek/mt8183-kukui-krane.dtsi
index 0f5fa893a7742..8b56b8564ed7a 100644
--- a/arch/arm64/boot/dts/mediatek/mt8183-kukui-krane.dtsi
+++ b/arch/arm64/boot/dts/mediatek/mt8183-kukui-krane.dtsi
@@ -88,9 +88,9 @@ &i2c4 {
clock-frequency = <400000>;
vbus-supply = <&mt6358_vcn18_reg>;
- eeprom@54 {
+ eeprom@50 {
compatible = "atmel,24c32";
- reg = <0x54>;
+ reg = <0x50>;
pagesize = <32>;
vcc-supply = <&mt6358_vcn18_reg>;
};
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 165/817] arm64: dts: mt8183: kukui: Fix the address of eeprom at i2c4
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (163 preceding siblings ...)
2024-12-03 14:35 ` [PATCH 6.11 164/817] arm64: dts: mt8183: krane: Fix the address of eeprom at i2c4 Greg Kroah-Hartman
@ 2024-12-03 14:35 ` Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 166/817] arm64: dts: qcom: x1e80100: Resize GIC Redistributor register region Greg Kroah-Hartman
` (661 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:35 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Hsin-Te Yuan, Matthias Brugger,
AngeloGioacchino Del Regno, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hsin-Te Yuan <yuanhsinte@chromium.org>
[ Upstream commit edbde4923f208aa83abb48d4b2463299e5fc2586 ]
The address of eeprom should be 50.
Fixes: ff33d889567e ("arm64: dts: mt8183: Add kukui kodama board")
Fixes: d1eaf77f2c66 ("arm64: dts: mt8183: Add kukui kakadu board")
Signed-off-by: Hsin-Te Yuan <yuanhsinte@chromium.org>
Reviewed-by: Matthias Brugger <matthias.bgg@gmail.com>
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Link: https://lore.kernel.org/r/20240909-eeprom-v1-2-1ed2bc5064f4@chromium.org
Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/mediatek/mt8183-kukui-kakadu.dtsi | 4 ++--
arch/arm64/boot/dts/mediatek/mt8183-kukui-kodama.dtsi | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/arch/arm64/boot/dts/mediatek/mt8183-kukui-kakadu.dtsi b/arch/arm64/boot/dts/mediatek/mt8183-kukui-kakadu.dtsi
index bfb9e42c8acaa..ff02f63bac29b 100644
--- a/arch/arm64/boot/dts/mediatek/mt8183-kukui-kakadu.dtsi
+++ b/arch/arm64/boot/dts/mediatek/mt8183-kukui-kakadu.dtsi
@@ -92,9 +92,9 @@ &i2c4 {
clock-frequency = <400000>;
vbus-supply = <&mt6358_vcn18_reg>;
- eeprom@54 {
+ eeprom@50 {
compatible = "atmel,24c32";
- reg = <0x54>;
+ reg = <0x50>;
pagesize = <32>;
vcc-supply = <&mt6358_vcn18_reg>;
};
diff --git a/arch/arm64/boot/dts/mediatek/mt8183-kukui-kodama.dtsi b/arch/arm64/boot/dts/mediatek/mt8183-kukui-kodama.dtsi
index 5c1bf6a1e4758..da6e767b4ceed 100644
--- a/arch/arm64/boot/dts/mediatek/mt8183-kukui-kodama.dtsi
+++ b/arch/arm64/boot/dts/mediatek/mt8183-kukui-kodama.dtsi
@@ -79,9 +79,9 @@ &i2c4 {
clock-frequency = <400000>;
vbus-supply = <&mt6358_vcn18_reg>;
- eeprom@54 {
+ eeprom@50 {
compatible = "atmel,24c64";
- reg = <0x54>;
+ reg = <0x50>;
pagesize = <32>;
vcc-supply = <&mt6358_vcn18_reg>;
};
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 166/817] arm64: dts: qcom: x1e80100: Resize GIC Redistributor register region
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (164 preceding siblings ...)
2024-12-03 14:35 ` [PATCH 6.11 165/817] arm64: dts: mt8183: kukui: " Greg Kroah-Hartman
@ 2024-12-03 14:35 ` Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 167/817] kernel-doc: allow object-like macros in ReST output Greg Kroah-Hartman
` (660 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:35 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dmitry Baryshkov, Konrad Dybcio,
Sibi Sankar, Bjorn Andersson, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sibi Sankar <quic_sibis@quicinc.com>
[ Upstream commit 9ed1a2b8784262e85ec300792a1a37ebd8473be2 ]
Resize the GICR register region as it currently seeps into the CPU Control
Processor mailbox RX region.
Fixes: af16b00578a7 ("arm64: dts: qcom: Add base X1E80100 dtsi and the QCP dts")
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Reviewed-by: Konrad Dybcio <konrad.dybcio@linaro.org>
Signed-off-by: Sibi Sankar <quic_sibis@quicinc.com>
Link: https://lore.kernel.org/r/20240612124056.39230-4-quic_sibis@quicinc.com
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/x1e80100.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm64/boot/dts/qcom/x1e80100.dtsi b/arch/arm64/boot/dts/qcom/x1e80100.dtsi
index bb2de6469972c..2a03581b0ab56 100644
--- a/arch/arm64/boot/dts/qcom/x1e80100.dtsi
+++ b/arch/arm64/boot/dts/qcom/x1e80100.dtsi
@@ -5363,7 +5363,7 @@ apps_smmu: iommu@15000000 {
intc: interrupt-controller@17000000 {
compatible = "arm,gic-v3";
reg = <0 0x17000000 0 0x10000>, /* GICD */
- <0 0x17080000 0 0x480000>; /* GICR * 12 */
+ <0 0x17080000 0 0x300000>; /* GICR * 12 */
interrupts = <GIC_PPI 9 IRQ_TYPE_LEVEL_HIGH>;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 167/817] kernel-doc: allow object-like macros in ReST output
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (165 preceding siblings ...)
2024-12-03 14:35 ` [PATCH 6.11 166/817] arm64: dts: qcom: x1e80100: Resize GIC Redistributor register region Greg Kroah-Hartman
@ 2024-12-03 14:35 ` Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 168/817] arm64: dts: ti: k3-am62x-phyboard-lyra: Drop unnecessary McASP AFIFOs Greg Kroah-Hartman
` (659 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:35 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Randy Dunlap, Horia Geanta,
Vlastimil Babka, Jonathan Corbet, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit bb8fd09e2811e2386bb40b9f0d3c7dd6e7961a1e ]
output_function_rst() does not handle object-like macros. It presents
a trailing "()" while output_function_man() handles these macros
correctly.
Update output_function_rst() to handle object-like macros.
Don't show the "Parameters" heading if there are no parameters.
For output_function_man(), don't show the "ARGUMENTS" heading if there
are no parameters.
I have tested this quite a bit with my ad hoc test files for both ReST
and man format outputs. The generated output looks good.
Fixes: cbb4d3e6510b ("scripts/kernel-doc: handle object-like macros")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Cc: Horia Geanta <horia.geanta@freescale.com>
Tested-by: Vlastimil Babka <vbabka@suse.cz>
Signed-off-by: Jonathan Corbet <corbet@lwn.net>
Link: https://lore.kernel.org/r/20241015181107.536894-1-rdunlap@infradead.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
scripts/kernel-doc | 43 ++++++++++++++++++++++++++++++-------------
1 file changed, 30 insertions(+), 13 deletions(-)
diff --git a/scripts/kernel-doc b/scripts/kernel-doc
index c608820f0bf51..320544321ecba 100755
--- a/scripts/kernel-doc
+++ b/scripts/kernel-doc
@@ -569,6 +569,8 @@ sub output_function_man(%) {
my %args = %{$_[0]};
my ($parameter, $section);
my $count;
+ my $func_macro = $args{'func_macro'};
+ my $paramcount = $#{$args{'parameterlist'}}; # -1 is empty
print ".TH \"$args{'function'}\" 9 \"$args{'function'}\" \"$man_date\" \"Kernel Hacker's Manual\" LINUX\n";
@@ -600,7 +602,10 @@ sub output_function_man(%) {
$parenth = "";
}
- print ".SH ARGUMENTS\n";
+ $paramcount = $#{$args{'parameterlist'}}; # -1 is empty
+ if ($paramcount >= 0) {
+ print ".SH ARGUMENTS\n";
+ }
foreach $parameter (@{$args{'parameterlist'}}) {
my $parameter_name = $parameter;
$parameter_name =~ s/\[.*//;
@@ -822,10 +827,16 @@ sub output_function_rst(%) {
my $oldprefix = $lineprefix;
my $signature = "";
- if ($args{'functiontype'} ne "") {
- $signature = $args{'functiontype'} . " " . $args{'function'} . " (";
- } else {
- $signature = $args{'function'} . " (";
+ my $func_macro = $args{'func_macro'};
+ my $paramcount = $#{$args{'parameterlist'}}; # -1 is empty
+
+ if ($func_macro) {
+ $signature = $args{'function'};
+ } else {
+ if ($args{'functiontype'}) {
+ $signature = $args{'functiontype'} . " ";
+ }
+ $signature .= $args{'function'} . " (";
}
my $count = 0;
@@ -844,7 +855,9 @@ sub output_function_rst(%) {
}
}
- $signature .= ")";
+ if (!$func_macro) {
+ $signature .= ")";
+ }
if ($sphinx_major < 3) {
if ($args{'typedef'}) {
@@ -888,9 +901,11 @@ sub output_function_rst(%) {
# Put our descriptive text into a container (thus an HTML <div>) to help
# set the function prototypes apart.
#
- print ".. container:: kernelindent\n\n";
$lineprefix = " ";
- print $lineprefix . "**Parameters**\n\n";
+ if ($paramcount >= 0) {
+ print ".. container:: kernelindent\n\n";
+ print $lineprefix . "**Parameters**\n\n";
+ }
foreach $parameter (@{$args{'parameterlist'}}) {
my $parameter_name = $parameter;
$parameter_name =~ s/\[.*//;
@@ -1704,7 +1719,7 @@ sub check_return_section {
sub dump_function($$) {
my $prototype = shift;
my $file = shift;
- my $noret = 0;
+ my $func_macro = 0;
print_lineno($new_start_line);
@@ -1769,7 +1784,7 @@ sub dump_function($$) {
# declaration_name and opening parenthesis (notice the \s+).
$return_type = $1;
$declaration_name = $2;
- $noret = 1;
+ $func_macro = 1;
} elsif ($prototype =~ m/^()($name)\s*$prototype_end/ ||
$prototype =~ m/^($type1)\s+($name)\s*$prototype_end/ ||
$prototype =~ m/^($type2+)\s*($name)\s*$prototype_end/) {
@@ -1796,7 +1811,7 @@ sub dump_function($$) {
# of warnings goes sufficiently down, the check is only performed in
# -Wreturn mode.
# TODO: always perform the check.
- if ($Wreturn && !$noret) {
+ if ($Wreturn && !$func_macro) {
check_return_section($file, $declaration_name, $return_type);
}
@@ -1814,7 +1829,8 @@ sub dump_function($$) {
'parametertypes' => \%parametertypes,
'sectionlist' => \@sectionlist,
'sections' => \%sections,
- 'purpose' => $declaration_purpose
+ 'purpose' => $declaration_purpose,
+ 'func_macro' => $func_macro
});
} else {
output_declaration($declaration_name,
@@ -1827,7 +1843,8 @@ sub dump_function($$) {
'parametertypes' => \%parametertypes,
'sectionlist' => \@sectionlist,
'sections' => \%sections,
- 'purpose' => $declaration_purpose
+ 'purpose' => $declaration_purpose,
+ 'func_macro' => $func_macro
});
}
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 168/817] arm64: dts: ti: k3-am62x-phyboard-lyra: Drop unnecessary McASP AFIFOs
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (166 preceding siblings ...)
2024-12-03 14:35 ` [PATCH 6.11 167/817] kernel-doc: allow object-like macros in ReST output Greg Kroah-Hartman
@ 2024-12-03 14:35 ` Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 169/817] arm64: dts: mediatek: mt8173-elm-hana: Add vdd-supply to second source trackpad Greg Kroah-Hartman
` (658 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:35 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Nathan Morrisson, Wadim Egorov,
Vignesh Raghavendra, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nathan Morrisson <nmorrisson@phytec.com>
[ Upstream commit c33a0a02a29bde53a85407f86f332ac4bbc5ab87 ]
Drop the McASP AFIFOs for better audio latency. This adds back a
change that was lost while refactoring the device tree.
Fixes: 554dd562a5f2 ("arm64: dts: ti: k3-am625-phyboard-lyra-rdk: Drop McASP AFIFOs")
Signed-off-by: Nathan Morrisson <nmorrisson@phytec.com>
Reviewed-by: Wadim Egorov <w.egorov@phytec.de>
Link: https://lore.kernel.org/r/20241002224754.2917895-1-nmorrisson@phytec.com
Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/ti/k3-am62x-phyboard-lyra.dtsi | 2 --
1 file changed, 2 deletions(-)
diff --git a/arch/arm64/boot/dts/ti/k3-am62x-phyboard-lyra.dtsi b/arch/arm64/boot/dts/ti/k3-am62x-phyboard-lyra.dtsi
index e4633af87eb9c..d6ce53c6d7481 100644
--- a/arch/arm64/boot/dts/ti/k3-am62x-phyboard-lyra.dtsi
+++ b/arch/arm64/boot/dts/ti/k3-am62x-phyboard-lyra.dtsi
@@ -433,8 +433,6 @@ &mcasp2 {
0 0 0 0
0 0 0 0
>;
- tx-num-evt = <32>;
- rx-num-evt = <32>;
status = "okay";
};
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 169/817] arm64: dts: mediatek: mt8173-elm-hana: Add vdd-supply to second source trackpad
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (167 preceding siblings ...)
2024-12-03 14:35 ` [PATCH 6.11 168/817] arm64: dts: ti: k3-am62x-phyboard-lyra: Drop unnecessary McASP AFIFOs Greg Kroah-Hartman
@ 2024-12-03 14:35 ` Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 170/817] arm64: dts: mediatek: mt8188: Fix USB3 PHY port default status Greg Kroah-Hartman
` (657 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:35 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Chen-Yu Tsai,
AngeloGioacchino Del Regno, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chen-Yu Tsai <wenst@chromium.org>
[ Upstream commit f766fae08f6a2eaeb45d8d2c053724c91526835c ]
The Hana device has a second source option trackpad, but it is missing
its regulator supply. It only works because the regulator is marked as
always-on.
Add the regulator supply, but leave out the post-power-on delay. Instead,
document the post-power-on delay along with the reason for not adding
it in a comment.
Fixes: 689b937bedde ("arm64: dts: mediatek: add mt8173 elm and hana board")
Signed-off-by: Chen-Yu Tsai <wenst@chromium.org>
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Link: https://lore.kernel.org/r/20241018082001.1296963-1-wenst@chromium.org
Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/mediatek/mt8173-elm-hana.dtsi | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/arch/arm64/boot/dts/mediatek/mt8173-elm-hana.dtsi b/arch/arm64/boot/dts/mediatek/mt8173-elm-hana.dtsi
index 8d1cbc92bce32..ae0379fd42a91 100644
--- a/arch/arm64/boot/dts/mediatek/mt8173-elm-hana.dtsi
+++ b/arch/arm64/boot/dts/mediatek/mt8173-elm-hana.dtsi
@@ -49,6 +49,14 @@ trackpad2: trackpad@2c {
interrupts-extended = <&pio 117 IRQ_TYPE_LEVEL_LOW>;
reg = <0x2c>;
hid-descr-addr = <0x0020>;
+ /*
+ * The trackpad needs a post-power-on delay of 100ms,
+ * but at time of writing, the power supply for it on
+ * this board is always on. The delay is therefore not
+ * added to avoid impacting the readiness of the
+ * trackpad.
+ */
+ vdd-supply = <&mt6397_vgp6_reg>;
wakeup-source;
};
};
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 170/817] arm64: dts: mediatek: mt8188: Fix USB3 PHY port default status
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (168 preceding siblings ...)
2024-12-03 14:35 ` [PATCH 6.11 169/817] arm64: dts: mediatek: mt8173-elm-hana: Add vdd-supply to second source trackpad Greg Kroah-Hartman
@ 2024-12-03 14:35 ` Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 171/817] arm64: dts: mediatek: mt8195-cherry: Use correct audio codec DAI Greg Kroah-Hartman
` (656 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:35 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Fei Shao, AngeloGioacchino Del Regno,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Fei Shao <fshao@chromium.org>
[ Upstream commit 6bb64877a41561bc78e0f4e9e04d524a0155d6aa ]
The T-PHY controller at 0x11e40000 controls two underlying USB2 and USB3
PHY ports. The USB3 port works normally just like the others, so there's
no point in disabling it separately. Otherwise, board DTs would have to
enable both the T-PHY controller and one of its sub-nodes in particular,
which is slightly redundant and confusing.
Remove the status line in the u3port1 node, so it's ready to be used
once the T-PHY controller is enabled.
Fixes: 9461e0caac9e ("arm64: dts: Add MediaTek MT8188 dts and evaluation board and Makefile")
Signed-off-by: Fei Shao <fshao@chromium.org>
Link: https://lore.kernel.org/r/20241021081311.543625-1-fshao@chromium.org
Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/mediatek/mt8188.dtsi | 1 -
1 file changed, 1 deletion(-)
diff --git a/arch/arm64/boot/dts/mediatek/mt8188.dtsi b/arch/arm64/boot/dts/mediatek/mt8188.dtsi
index 041a85e1d9b55..b6193d73f688c 100644
--- a/arch/arm64/boot/dts/mediatek/mt8188.dtsi
+++ b/arch/arm64/boot/dts/mediatek/mt8188.dtsi
@@ -1219,7 +1219,6 @@ u3port1: usb-phy@700 {
<&clk26m>;
clock-names = "ref", "da_ref";
#phy-cells = <1>;
- status = "disabled";
};
};
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 171/817] arm64: dts: mediatek: mt8195-cherry: Use correct audio codec DAI
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (169 preceding siblings ...)
2024-12-03 14:35 ` [PATCH 6.11 170/817] arm64: dts: mediatek: mt8188: Fix USB3 PHY port default status Greg Kroah-Hartman
@ 2024-12-03 14:35 ` Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 172/817] Revert "cgroup: Fix memory leak caused by missing cgroup_bpf_offline" Greg Kroah-Hartman
` (655 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:35 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Fei Shao, AngeloGioacchino Del Regno,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Fei Shao <fshao@chromium.org>
[ Upstream commit 7d5794e6d964940e46286fadbe69a3245fa51e44 ]
The RT5682i and RT5682s drivers describe two DAIs: AIF1 supports both
playback and capture, while AIF2 supports capture only.
Cherry doesn't specify which DAI to use. Although this doesn't cause
real issues because AIF1 happens to be the first DAI, it should be
corrected:
codec@1a: #sound-dai-cells: 1 was expected
Update #sound-dai-cells to 1 and adjust DAI link usages accordingly.
Fixes: 87728e3ccf35 ("arm64: dts: mediatek: mt8195-cherry: Specify sound DAI links and routing")
Signed-off-by: Fei Shao <fshao@chromium.org>
Link: https://lore.kernel.org/r/20241021114318.1358681-1-fshao@chromium.org
Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/mediatek/mt8195-cherry.dtsi | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/arch/arm64/boot/dts/mediatek/mt8195-cherry.dtsi b/arch/arm64/boot/dts/mediatek/mt8195-cherry.dtsi
index d3a52acbe48a1..2960772cb9065 100644
--- a/arch/arm64/boot/dts/mediatek/mt8195-cherry.dtsi
+++ b/arch/arm64/boot/dts/mediatek/mt8195-cherry.dtsi
@@ -438,7 +438,7 @@ audio_codec: codec@1a {
/* Realtek RT5682i or RT5682s, sharing the same configuration */
reg = <0x1a>;
interrupts-extended = <&pio 89 IRQ_TYPE_EDGE_BOTH>;
- #sound-dai-cells = <0>;
+ #sound-dai-cells = <1>;
realtek,jd-src = <1>;
AVDD-supply = <&mt6359_vio18_ldo_reg>;
@@ -1181,7 +1181,7 @@ hs-playback-dai-link {
link-name = "ETDM1_OUT_BE";
mediatek,clk-provider = "cpu";
codec {
- sound-dai = <&audio_codec>;
+ sound-dai = <&audio_codec 0>;
};
};
@@ -1189,7 +1189,7 @@ hs-capture-dai-link {
link-name = "ETDM2_IN_BE";
mediatek,clk-provider = "cpu";
codec {
- sound-dai = <&audio_codec>;
+ sound-dai = <&audio_codec 0>;
};
};
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 172/817] Revert "cgroup: Fix memory leak caused by missing cgroup_bpf_offline"
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (170 preceding siblings ...)
2024-12-03 14:35 ` [PATCH 6.11 171/817] arm64: dts: mediatek: mt8195-cherry: Use correct audio codec DAI Greg Kroah-Hartman
@ 2024-12-03 14:35 ` Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 173/817] cgroup/bpf: only cgroup v2 can be attached by bpf programs Greg Kroah-Hartman
` (654 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:35 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Chen Ridong, Tejun Heo, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chen Ridong <chenridong@huawei.com>
[ Upstream commit feb301c60970bd2a1310a53ce2d6e4375397a51b ]
This reverts commit 04f8ef5643bcd8bcde25dfdebef998aea480b2ba.
Only cgroup v2 can be attached by cgroup by BPF programs. Revert this
commit and cgroup_bpf_inherit and cgroup_bpf_offline won't be called in
cgroup v1. The memory leak issue will be fixed with next patch.
Fixes: 04f8ef5643bc ("cgroup: Fix memory leak caused by missing cgroup_bpf_offline")
Link: https://lore.kernel.org/cgroups/aka2hk5jsel5zomucpwlxsej6iwnfw4qu5jkrmjhyfhesjlfdw@46zxhg5bdnr7/
Signed-off-by: Chen Ridong <chenridong@huawei.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/cgroup/cgroup.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c
index 6ba7dd2ab771d..2592cbbc95ae8 100644
--- a/kernel/cgroup/cgroup.c
+++ b/kernel/cgroup/cgroup.c
@@ -2307,10 +2307,8 @@ static void cgroup_kill_sb(struct super_block *sb)
* And don't kill the default root.
*/
if (list_empty(&root->cgrp.self.children) && root != &cgrp_dfl_root &&
- !percpu_ref_is_dying(&root->cgrp.self.refcnt)) {
- cgroup_bpf_offline(&root->cgrp);
+ !percpu_ref_is_dying(&root->cgrp.self.refcnt))
percpu_ref_kill(&root->cgrp.self.refcnt);
- }
cgroup_put(&root->cgrp);
kernfs_kill_sb(sb);
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 173/817] cgroup/bpf: only cgroup v2 can be attached by bpf programs
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (171 preceding siblings ...)
2024-12-03 14:35 ` [PATCH 6.11 172/817] Revert "cgroup: Fix memory leak caused by missing cgroup_bpf_offline" Greg Kroah-Hartman
@ 2024-12-03 14:35 ` Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 174/817] regulator: rk808: Restrict DVS GPIOs to the RK808 variant only Greg Kroah-Hartman
` (653 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:35 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Chen Ridong, Tejun Heo, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chen Ridong <chenridong@huawei.com>
[ Upstream commit 2190df6c91373fdec6db9fc07e427084f232f57e ]
Only cgroup v2 can be attached by bpf programs, so this patch introduces
that cgroup_bpf_inherit and cgroup_bpf_offline can only be called in
cgroup v2, and this can fix the memleak mentioned by commit 04f8ef5643bc
("cgroup: Fix memory leak caused by missing cgroup_bpf_offline"), which
has been reverted.
Fixes: 2b0d3d3e4fcf ("percpu_ref: reduce memory footprint of percpu_ref in fast path")
Fixes: 4bfc0bb2c60e ("bpf: decouple the lifetime of cgroup_bpf from cgroup itself")
Link: https://lore.kernel.org/cgroups/aka2hk5jsel5zomucpwlxsej6iwnfw4qu5jkrmjhyfhesjlfdw@46zxhg5bdnr7/
Signed-off-by: Chen Ridong <chenridong@huawei.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/cgroup/cgroup.c | 17 +++++++++++------
1 file changed, 11 insertions(+), 6 deletions(-)
diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c
index 2592cbbc95ae8..39402a9eb6b04 100644
--- a/kernel/cgroup/cgroup.c
+++ b/kernel/cgroup/cgroup.c
@@ -2133,8 +2133,10 @@ int cgroup_setup_root(struct cgroup_root *root, u16 ss_mask)
if (ret)
goto exit_stats;
- ret = cgroup_bpf_inherit(root_cgrp);
- WARN_ON_ONCE(ret);
+ if (root == &cgrp_dfl_root) {
+ ret = cgroup_bpf_inherit(root_cgrp);
+ WARN_ON_ONCE(ret);
+ }
trace_cgroup_setup_root(root);
@@ -5641,9 +5643,11 @@ static struct cgroup *cgroup_create(struct cgroup *parent, const char *name,
if (ret)
goto out_kernfs_remove;
- ret = cgroup_bpf_inherit(cgrp);
- if (ret)
- goto out_psi_free;
+ if (cgrp->root == &cgrp_dfl_root) {
+ ret = cgroup_bpf_inherit(cgrp);
+ if (ret)
+ goto out_psi_free;
+ }
/*
* New cgroup inherits effective freeze counter, and
@@ -5957,7 +5961,8 @@ static int cgroup_destroy_locked(struct cgroup *cgrp)
cgroup1_check_for_release(parent);
- cgroup_bpf_offline(cgrp);
+ if (cgrp->root == &cgrp_dfl_root)
+ cgroup_bpf_offline(cgrp);
/* put the base reference */
percpu_ref_kill(&cgrp->self.refcnt);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 174/817] regulator: rk808: Restrict DVS GPIOs to the RK808 variant only
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (172 preceding siblings ...)
2024-12-03 14:35 ` [PATCH 6.11 173/817] cgroup/bpf: only cgroup v2 can be attached by bpf programs Greg Kroah-Hartman
@ 2024-12-03 14:35 ` Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 175/817] power: sequencing: make the QCom PMU pwrseq driver depend on CONFIG_OF Greg Kroah-Hartman
` (652 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:35 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Diederik de Haas, Dragan Simic,
Mark Brown, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dragan Simic <dsimic@manjaro.org>
[ Upstream commit 0d214f27c0e3d9694284c95bac1502c2d247355b ]
The rk808-regulator driver supports multiple PMIC variants from the Rockckip
RK80x and RK81x series, but the DVS GPIOs are supported on the RK808 variant
only, according to the DT bindings [1][2][3][4][5][6] and the datasheets for
the supported PMIC variants. [7][8][9][10][11][12]
Thus, change the probe path so the "dvs-gpios" property is checked for and
its value possibly used only when the handled PMIC variant is RK808. There's
no point in doing that on the other PMIC variants, because they don't support
the DVS GPIOs, and it goes against the DT bindings to allow a possible out-
of-place "dvs-gpios" property to actually be handled in the driver.
This eliminates the following messages, emitted when the "dvs-gpios" property
isn't found in the DT, from the kernel log on boards that actually don't use
the RK808 variant, which may have provided a source of confusion:
rk808-regulator rk808-regulator.2.auto: there is no dvs0 gpio
rk808-regulator rk808-regulator.2.auto: there is no dvs1 gpio
Furthermore, demote these kernel messages to debug messages, because they are
useful during the board bringup phase only. Emitting them afterwards, on the
boards that use the RK808 variant, but actually don't use the DVS0/1 GPIOs,
clutters the kernel log a bit, while they provide no value and may actually
cause false impression that some PMIC-related issues are present.
[1] Documentation/devicetree/bindings/mfd/rockchip,rk805.yaml
[2] Documentation/devicetree/bindings/mfd/rockchip,rk806.yaml
[3] Documentation/devicetree/bindings/mfd/rockchip,rk808.yaml
[4] Documentation/devicetree/bindings/mfd/rockchip,rk816.yaml
[5] Documentation/devicetree/bindings/mfd/rockchip,rk817.yaml
[6] Documentation/devicetree/bindings/mfd/rockchip,rk818.yaml
[7] https://rockchip.fr/RK805%20datasheet%20V1.2.pdf
[8] https://wmsc.lcsc.com/wmsc/upload/file/pdf/v2/lcsc/2401261533_Rockchip-RK806-1_C5156483.pdf
[9] https://rockchip.fr/RK808%20datasheet%20V1.4.pdf
[10] https://rockchip.fr/RK816%20datasheet%20V1.3.pdf
[11] https://rockchip.fr/RK817%20datasheet%20V1.01.pdf
[12] https://rockchip.fr/RK818%20datasheet%20V1.0.pdf
Fixes: 11375293530b ("regulator: rk808: Add regulator driver for RK818")
Reported-by: Diederik de Haas <didi.debian@cknow.org>
Signed-off-by: Dragan Simic <dsimic@manjaro.org>
Link: https://patch.msgid.link/9a415c59699e76fc7b88a2552520a4ca2538f44e.1728902488.git.dsimic@manjaro.org
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/regulator/rk808-regulator.c | 15 ++++++++-------
1 file changed, 8 insertions(+), 7 deletions(-)
diff --git a/drivers/regulator/rk808-regulator.c b/drivers/regulator/rk808-regulator.c
index 01a8d04879184..37476d2558fda 100644
--- a/drivers/regulator/rk808-regulator.c
+++ b/drivers/regulator/rk808-regulator.c
@@ -1853,7 +1853,7 @@ static int rk808_regulator_dt_parse_pdata(struct device *dev,
}
if (!pdata->dvs_gpio[i]) {
- dev_info(dev, "there is no dvs%d gpio\n", i);
+ dev_dbg(dev, "there is no dvs%d gpio\n", i);
continue;
}
@@ -1889,12 +1889,6 @@ static int rk808_regulator_probe(struct platform_device *pdev)
if (!pdata)
return -ENOMEM;
- ret = rk808_regulator_dt_parse_pdata(&pdev->dev, regmap, pdata);
- if (ret < 0)
- return ret;
-
- platform_set_drvdata(pdev, pdata);
-
switch (rk808->variant) {
case RK805_ID:
regulators = rk805_reg;
@@ -1905,6 +1899,11 @@ static int rk808_regulator_probe(struct platform_device *pdev)
nregulators = ARRAY_SIZE(rk806_reg);
break;
case RK808_ID:
+ /* DVS0/1 GPIOs are supported on the RK808 only */
+ ret = rk808_regulator_dt_parse_pdata(&pdev->dev, regmap, pdata);
+ if (ret < 0)
+ return ret;
+
regulators = rk808_reg;
nregulators = RK808_NUM_REGULATORS;
break;
@@ -1930,6 +1929,8 @@ static int rk808_regulator_probe(struct platform_device *pdev)
return -EINVAL;
}
+ platform_set_drvdata(pdev, pdata);
+
config.dev = &pdev->dev;
config.driver_data = pdata;
config.regmap = regmap;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 175/817] power: sequencing: make the QCom PMU pwrseq driver depend on CONFIG_OF
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (173 preceding siblings ...)
2024-12-03 14:35 ` [PATCH 6.11 174/817] regulator: rk808: Restrict DVS GPIOs to the RK808 variant only Greg Kroah-Hartman
@ 2024-12-03 14:35 ` Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 176/817] arm64: dts: rockchip: Remove enable-active-low from two boards Greg Kroah-Hartman
` (651 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:35 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Bartosz Golaszewski, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
[ Upstream commit f82bf3c5796e1630d553669fb451e6c9d4070512 ]
This driver uses various OF-specific functions and depends on phandle
parsing. There's no reason to make it available to non-OF systems so add
a relevant dependency switch to its Kconfig entry.
Fixes: 2f1630f437df ("power: pwrseq: add a driver for the PMU module on the QCom WCN chipsets")
Link: https://lore.kernel.org/r/20241004130449.51725-1-brgl@bgdev.pl
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/power/sequencing/Kconfig | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/power/sequencing/Kconfig b/drivers/power/sequencing/Kconfig
index c9f1cdb665248..ddcc42a984921 100644
--- a/drivers/power/sequencing/Kconfig
+++ b/drivers/power/sequencing/Kconfig
@@ -16,6 +16,7 @@ if POWER_SEQUENCING
config POWER_SEQUENCING_QCOM_WCN
tristate "Qualcomm WCN family PMU driver"
default m if ARCH_QCOM
+ depends on OF
help
Say Y here to enable the power sequencing driver for Qualcomm
WCN Bluetooth/WLAN chipsets.
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 176/817] arm64: dts: rockchip: Remove enable-active-low from two boards
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (174 preceding siblings ...)
2024-12-03 14:35 ` [PATCH 6.11 175/817] power: sequencing: make the QCom PMU pwrseq driver depend on CONFIG_OF Greg Kroah-Hartman
@ 2024-12-03 14:35 ` Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 177/817] arm64: dts: mt8183: fennel: add i2c2s i2c-scl-internal-delay-ns Greg Kroah-Hartman
` (650 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:35 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Michael Riesch, Muhammed Efe Cetin,
Dragan Simic, Heiko Stuebner, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Heiko Stuebner <heiko@sntech.de>
[ Upstream commit 4a9d7e6596f90631f21bca9cb46c6de05d8e86d4 ]
The 'enable-active-low' property is not a valid, because it is the
default behaviour of the fixed regulator.
Only 'enable-active-high' is valid, and when this property is absent
the fixed regulator will act as active low by default.
Both the rk3588-orange-pi-5 and the Wolfvision pf5 io expander overlay
smuggled those enable-active-low properties in, so remove them to
make dtbscheck happier.
Fixes: 28799a7734a0 ("arm64: dts: rockchip: add wolfvision pf5 io expander board")
Cc: Michael Riesch <michael.riesch@wolfvision.net>
Fixes: b6bc755d806e ("arm64: dts: rockchip: Add Orange Pi 5")
Cc: Muhammed Efe Cetin <efectn@6tel.net>
Reviewed-by: Michael Riesch <michael.riesch@wolfvision.net>
Reviewed-by: Dragan Simic <dsimic@manjaro.org>
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Link: https://lore.kernel.org/r/20241008203940.2573684-10-heiko@sntech.de
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../boot/dts/rockchip/rk3568-wolfvision-pf5-io-expander.dtso | 1 -
arch/arm64/boot/dts/rockchip/rk3588s-orangepi-5.dts | 1 -
2 files changed, 2 deletions(-)
diff --git a/arch/arm64/boot/dts/rockchip/rk3568-wolfvision-pf5-io-expander.dtso b/arch/arm64/boot/dts/rockchip/rk3568-wolfvision-pf5-io-expander.dtso
index ebcaeafc3800d..fa61633aea152 100644
--- a/arch/arm64/boot/dts/rockchip/rk3568-wolfvision-pf5-io-expander.dtso
+++ b/arch/arm64/boot/dts/rockchip/rk3568-wolfvision-pf5-io-expander.dtso
@@ -49,7 +49,6 @@ vcc1v8_eth: vcc1v8-eth-regulator {
vcc3v3_eth: vcc3v3-eth-regulator {
compatible = "regulator-fixed";
- enable-active-low;
gpio = <&gpio0 RK_PC0 GPIO_ACTIVE_LOW>;
pinctrl-names = "default";
pinctrl-0 = <&vcc3v3_eth_enn>;
diff --git a/arch/arm64/boot/dts/rockchip/rk3588s-orangepi-5.dts b/arch/arm64/boot/dts/rockchip/rk3588s-orangepi-5.dts
index feea6b20a6bf5..6b77be6432495 100644
--- a/arch/arm64/boot/dts/rockchip/rk3588s-orangepi-5.dts
+++ b/arch/arm64/boot/dts/rockchip/rk3588s-orangepi-5.dts
@@ -71,7 +71,6 @@ vcc5v0_sys: vcc5v0-sys-regulator {
vcc_3v3_sd_s0: vcc-3v3-sd-s0-regulator {
compatible = "regulator-fixed";
- enable-active-low;
gpios = <&gpio4 RK_PB5 GPIO_ACTIVE_LOW>;
regulator-name = "vcc_3v3_sd_s0";
regulator-boot-on;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 177/817] arm64: dts: mt8183: fennel: add i2c2s i2c-scl-internal-delay-ns
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (175 preceding siblings ...)
2024-12-03 14:35 ` [PATCH 6.11 176/817] arm64: dts: rockchip: Remove enable-active-low from two boards Greg Kroah-Hartman
@ 2024-12-03 14:35 ` Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 178/817] arm64: dts: mt8183: burnet: " Greg Kroah-Hartman
` (649 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:35 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Matthias Brugger,
AngeloGioacchino Del Regno, Daolong Zhu, Hsin-Te Yuan,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Daolong Zhu <jg_daolongzhu@mediatek.corp-partner.google.com>
[ Upstream commit c802db127dfb9602aaa9338e433c0553d34f1a9c ]
Add i2c2's i2c-scl-internal-delay-ns.
Fixes: 6cd7fdc8c530 ("arm64: dts: mt8183: Add kukui-jacuzzi-fennel board")
Reviewed-by: Matthias Brugger <matthias.bgg@gmail.com>
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Signed-off-by: Daolong Zhu <jg_daolongzhu@mediatek.corp-partner.google.com>
Signed-off-by: Hsin-Te Yuan <yuanhsinte@chromium.org>
Reviewed-by:
Link: https://lore.kernel.org/r/20241025-i2c-delay-v2-1-9be1bcaf35e0@chromium.org
Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-fennel.dtsi | 3 +++
1 file changed, 3 insertions(+)
diff --git a/arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-fennel.dtsi b/arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-fennel.dtsi
index bbe6c338f465e..f9c1ec366b266 100644
--- a/arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-fennel.dtsi
+++ b/arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-fennel.dtsi
@@ -25,3 +25,6 @@ trackpad@2c {
};
};
+&i2c2 {
+ i2c-scl-internal-delay-ns = <21500>;
+};
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 178/817] arm64: dts: mt8183: burnet: add i2c2s i2c-scl-internal-delay-ns
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (176 preceding siblings ...)
2024-12-03 14:35 ` [PATCH 6.11 177/817] arm64: dts: mt8183: fennel: add i2c2s i2c-scl-internal-delay-ns Greg Kroah-Hartman
@ 2024-12-03 14:35 ` Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 179/817] arm64: dts: mt8183: cozmo: " Greg Kroah-Hartman
` (648 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:35 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Matthias Brugger,
AngeloGioacchino Del Regno, Daolong Zhu, Hsin-Te Yuan,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Daolong Zhu <jg_daolongzhu@mediatek.corp-partner.google.com>
[ Upstream commit 85af64983889c621e8868b744c8ca03bd5038c02 ]
Add i2c2's i2c-scl-internal-delay-ns.
Fixes: dd6e3b06214f ("arm64: dts: mt8183: Add kukui-jacuzzi-burnet board")
Reviewed-by: Matthias Brugger <matthias.bgg@gmail.com>
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Signed-off-by: Daolong Zhu <jg_daolongzhu@mediatek.corp-partner.google.com>
Signed-off-by: Hsin-Te Yuan <yuanhsinte@chromium.org>
Link: https://lore.kernel.org/r/20241025-i2c-delay-v2-2-9be1bcaf35e0@chromium.org
Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-burnet.dts | 3 +++
1 file changed, 3 insertions(+)
diff --git a/arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-burnet.dts b/arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-burnet.dts
index 19c1e2bee494c..20b71f2e7159a 100644
--- a/arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-burnet.dts
+++ b/arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-burnet.dts
@@ -30,3 +30,6 @@ touchscreen@2c {
};
};
+&i2c2 {
+ i2c-scl-internal-delay-ns = <4100>;
+};
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 179/817] arm64: dts: mt8183: cozmo: add i2c2s i2c-scl-internal-delay-ns
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (177 preceding siblings ...)
2024-12-03 14:35 ` [PATCH 6.11 178/817] arm64: dts: mt8183: burnet: " Greg Kroah-Hartman
@ 2024-12-03 14:35 ` Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 180/817] arm64: dts: mt8183: Damu: " Greg Kroah-Hartman
` (647 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:35 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Matthias Brugger,
AngeloGioacchino Del Regno, Daolong Zhu, Hsin-Te Yuan,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Daolong Zhu <jg_daolongzhu@mediatek.corp-partner.google.com>
[ Upstream commit bd0eb3b1f7aee698b86513edf10a50e2d0c7cb14 ]
Add i2c2's i2c-scl-internal-delay-ns.
Fixes: 52e84f233459 ("arm64: dts: mt8183: Add kukui-jacuzzi-cozmo board")
Reviewed-by: Matthias Brugger <matthias.bgg@gmail.com>
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Signed-off-by: Daolong Zhu <jg_daolongzhu@mediatek.corp-partner.google.com>
Signed-off-by: Hsin-Te Yuan <yuanhsinte@chromium.org>
Link: https://lore.kernel.org/r/20241025-i2c-delay-v2-3-9be1bcaf35e0@chromium.org
Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-cozmo.dts | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-cozmo.dts b/arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-cozmo.dts
index f34964afe39b5..83bbcfe620835 100644
--- a/arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-cozmo.dts
+++ b/arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-cozmo.dts
@@ -18,6 +18,8 @@ &i2c_tunnel {
};
&i2c2 {
+ i2c-scl-internal-delay-ns = <25000>;
+
trackpad@2c {
compatible = "hid-over-i2c";
reg = <0x2c>;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 180/817] arm64: dts: mt8183: Damu: add i2c2s i2c-scl-internal-delay-ns
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (178 preceding siblings ...)
2024-12-03 14:35 ` [PATCH 6.11 179/817] arm64: dts: mt8183: cozmo: " Greg Kroah-Hartman
@ 2024-12-03 14:35 ` Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 181/817] pwm: imx27: Workaround of the pwm output bug when decrease the duty cycle Greg Kroah-Hartman
` (646 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:35 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Matthias Brugger,
AngeloGioacchino Del Regno, Daolong Zhu, Hsin-Te Yuan,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Daolong Zhu <jg_daolongzhu@mediatek.corp-partner.google.com>
[ Upstream commit 6ff2d45f2121c698a57c959ae21885a048615908 ]
Add i2c2's i2c-scl-internal-delay-ns.
Fixes: cabc71b08eb5 ("arm64: dts: mt8183: Add kukui-jacuzzi-damu board")
Reviewed-by: Matthias Brugger <matthias.bgg@gmail.com>
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Signed-off-by: Daolong Zhu <jg_daolongzhu@mediatek.corp-partner.google.com>
Signed-off-by: Hsin-Te Yuan <yuanhsinte@chromium.org>
Link: https://lore.kernel.org/r/20241025-i2c-delay-v2-4-9be1bcaf35e0@chromium.org
Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-damu.dts | 3 +++
1 file changed, 3 insertions(+)
diff --git a/arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-damu.dts b/arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-damu.dts
index 0b45aee2e2995..65860b33c01fe 100644
--- a/arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-damu.dts
+++ b/arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-damu.dts
@@ -30,3 +30,6 @@ &qca_wifi {
qcom,ath10k-calibration-variant = "GO_DAMU";
};
+&i2c2 {
+ i2c-scl-internal-delay-ns = <20000>;
+};
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 181/817] pwm: imx27: Workaround of the pwm output bug when decrease the duty cycle
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (179 preceding siblings ...)
2024-12-03 14:35 ` [PATCH 6.11 180/817] arm64: dts: mt8183: Damu: " Greg Kroah-Hartman
@ 2024-12-03 14:35 ` Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 182/817] ARM: dts: cubieboard4: Fix DCDC5 regulator constraints Greg Kroah-Hartman
` (645 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:35 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jun Li, Clark Wang, Frank Li,
Uwe Kleine-König, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Clark Wang <xiaoning.wang@nxp.com>
[ Upstream commit a25351e4c7740eb22561a3ee4ef17611c6f410b0 ]
Implement workaround for ERR051198
(https://www.nxp.com/docs/en/errata/IMX8MN_0N14Y.pdf)
PWM output may not function correctly if the FIFO is empty when a new SAR
value is programmed.
Description:
When the PWM FIFO is empty, a new value programmed to the PWM Sample
register (PWM_PWMSAR) will be directly applied even if the current timer
period has not expired. If the new SAMPLE value programmed in the
PWM_PWMSAR register is less than the previous value, and the PWM counter
register (PWM_PWMCNR) that contains the current COUNT value is greater
than the new programmed SAMPLE value, the current period will not flip
the level. This may result in an output pulse with a duty cycle of 100%.
Workaround:
Program the current SAMPLE value in the PWM_PWMSAR register before
updating the new duty cycle to the SAMPLE value in the PWM_PWMSAR
register. This will ensure that the new SAMPLE value is modified during
a non-empty FIFO, and can be successfully updated after the period
expires.
Write the old SAR value before updating the new duty cycle to SAR. This
avoids writing the new value into an empty FIFO.
This only resolves the issue when the PWM period is longer than 2us
(or <500kHz) because write register is not quick enough when PWM period is
very short.
Reproduce steps:
cd /sys/class/pwm/pwmchip1/pwm0
echo 2000000000 > period # It is easy to observe by using long period
echo 1000000000 > duty_cycle
echo 1 > enable
echo 8000 > duty_cycle # One full high pulse will be seen by scope
Fixes: 166091b1894d ("[ARM] MXC: add pwm driver for i.MX SoCs")
Reviewed-by: Jun Li <jun.li@nxp.com>
Signed-off-by: Clark Wang <xiaoning.wang@nxp.com>
Signed-off-by: Frank Li <Frank.Li@nxp.com>
Link: https://lore.kernel.org/r/20241008194123.1943141-1-Frank.Li@nxp.com
Signed-off-by: Uwe Kleine-König <ukleinek@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pwm/pwm-imx27.c | 98 ++++++++++++++++++++++++++++++++++++++++-
1 file changed, 96 insertions(+), 2 deletions(-)
diff --git a/drivers/pwm/pwm-imx27.c b/drivers/pwm/pwm-imx27.c
index 9e2bbf5b4a8ce..0375987194318 100644
--- a/drivers/pwm/pwm-imx27.c
+++ b/drivers/pwm/pwm-imx27.c
@@ -26,6 +26,7 @@
#define MX3_PWMSR 0x04 /* PWM Status Register */
#define MX3_PWMSAR 0x0C /* PWM Sample Register */
#define MX3_PWMPR 0x10 /* PWM Period Register */
+#define MX3_PWMCNR 0x14 /* PWM Counter Register */
#define MX3_PWMCR_FWM GENMASK(27, 26)
#define MX3_PWMCR_STOPEN BIT(25)
@@ -219,10 +220,12 @@ static void pwm_imx27_wait_fifo_slot(struct pwm_chip *chip,
static int pwm_imx27_apply(struct pwm_chip *chip, struct pwm_device *pwm,
const struct pwm_state *state)
{
- unsigned long period_cycles, duty_cycles, prescale;
+ unsigned long period_cycles, duty_cycles, prescale, period_us, tmp;
struct pwm_imx27_chip *imx = to_pwm_imx27_chip(chip);
unsigned long long c;
unsigned long long clkrate;
+ unsigned long flags;
+ int val;
int ret;
u32 cr;
@@ -263,7 +266,98 @@ static int pwm_imx27_apply(struct pwm_chip *chip, struct pwm_device *pwm,
pwm_imx27_sw_reset(chip);
}
- writel(duty_cycles, imx->mmio_base + MX3_PWMSAR);
+ val = readl(imx->mmio_base + MX3_PWMPR);
+ val = val >= MX3_PWMPR_MAX ? MX3_PWMPR_MAX : val;
+ cr = readl(imx->mmio_base + MX3_PWMCR);
+ tmp = NSEC_PER_SEC * (u64)(val + 2) * MX3_PWMCR_PRESCALER_GET(cr);
+ tmp = DIV_ROUND_UP_ULL(tmp, clkrate);
+ period_us = DIV_ROUND_UP_ULL(tmp, 1000);
+
+ /*
+ * ERR051198:
+ * PWM: PWM output may not function correctly if the FIFO is empty when
+ * a new SAR value is programmed
+ *
+ * Description:
+ * When the PWM FIFO is empty, a new value programmed to the PWM Sample
+ * register (PWM_PWMSAR) will be directly applied even if the current
+ * timer period has not expired.
+ *
+ * If the new SAMPLE value programmed in the PWM_PWMSAR register is
+ * less than the previous value, and the PWM counter register
+ * (PWM_PWMCNR) that contains the current COUNT value is greater than
+ * the new programmed SAMPLE value, the current period will not flip
+ * the level. This may result in an output pulse with a duty cycle of
+ * 100%.
+ *
+ * Consider a change from
+ * ________
+ * / \______/
+ * ^ * ^
+ * to
+ * ____
+ * / \__________/
+ * ^ ^
+ * At the time marked by *, the new write value will be directly applied
+ * to SAR even the current period is not over if FIFO is empty.
+ *
+ * ________ ____________________
+ * / \______/ \__________/
+ * ^ ^ * ^ ^
+ * |<-- old SAR -->| |<-- new SAR -->|
+ *
+ * That is the output is active for a whole period.
+ *
+ * Workaround:
+ * Check new SAR less than old SAR and current counter is in errata
+ * windows, write extra old SAR into FIFO and new SAR will effect at
+ * next period.
+ *
+ * Sometime period is quite long, such as over 1 second. If add old SAR
+ * into FIFO unconditional, new SAR have to wait for next period. It
+ * may be too long.
+ *
+ * Turn off the interrupt to ensure that not IRQ and schedule happen
+ * during above operations. If any irq and schedule happen, counter
+ * in PWM will be out of data and take wrong action.
+ *
+ * Add a safety margin 1.5us because it needs some time to complete
+ * IO write.
+ *
+ * Use writel_relaxed() to minimize the interval between two writes to
+ * the SAR register to increase the fastest PWM frequency supported.
+ *
+ * When the PWM period is longer than 2us(or <500kHz), this workaround
+ * can solve this problem. No software workaround is available if PWM
+ * period is shorter than IO write. Just try best to fill old data
+ * into FIFO.
+ */
+ c = clkrate * 1500;
+ do_div(c, NSEC_PER_SEC);
+
+ local_irq_save(flags);
+ val = FIELD_GET(MX3_PWMSR_FIFOAV, readl_relaxed(imx->mmio_base + MX3_PWMSR));
+
+ if (duty_cycles < imx->duty_cycle && (cr & MX3_PWMCR_EN)) {
+ if (period_us < 2) { /* 2us = 500 kHz */
+ /* Best effort attempt to fix up >500 kHz case */
+ udelay(3 * period_us);
+ writel_relaxed(imx->duty_cycle, imx->mmio_base + MX3_PWMSAR);
+ writel_relaxed(imx->duty_cycle, imx->mmio_base + MX3_PWMSAR);
+ } else if (val < MX3_PWMSR_FIFOAV_2WORDS) {
+ val = readl_relaxed(imx->mmio_base + MX3_PWMCNR);
+ /*
+ * If counter is close to period, controller may roll over when
+ * next IO write.
+ */
+ if ((val + c >= duty_cycles && val < imx->duty_cycle) ||
+ val + c >= period_cycles)
+ writel_relaxed(imx->duty_cycle, imx->mmio_base + MX3_PWMSAR);
+ }
+ }
+ writel_relaxed(duty_cycles, imx->mmio_base + MX3_PWMSAR);
+ local_irq_restore(flags);
+
writel(period_cycles, imx->mmio_base + MX3_PWMPR);
/*
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 182/817] ARM: dts: cubieboard4: Fix DCDC5 regulator constraints
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (180 preceding siblings ...)
2024-12-03 14:35 ` [PATCH 6.11 181/817] pwm: imx27: Workaround of the pwm output bug when decrease the duty cycle Greg Kroah-Hartman
@ 2024-12-03 14:35 ` Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 183/817] arm64: dts: ti: k3-j7200: Fix register map for main domain pmx Greg Kroah-Hartman
` (644 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:35 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Andre Przywara, Chen-Yu Tsai,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andre Przywara <andre.przywara@arm.com>
[ Upstream commit dd36ad71ad65968f97630808bc8d605c929b128e ]
The DCDC5 voltage rail in the X-Powers AXP809 PMIC has a resolution of
50mV, so the currently enforced limits of 1.475 and 1.525 volts cannot
be set, when the existing regulator value is beyond this range.
This will lead to the whole regulator driver to give up and fail
probing, which in turn will hang the system, as essential devices depend
on the PMIC.
In this case a bug in U-Boot set the voltage to 1.75V (meant for DCDC4),
and the AXP driver's attempt to correct this lead to this error:
==================
[ 4.447653] axp20x-rsb sunxi-rsb-3a3: AXP20X driver loaded
[ 4.450066] vcc-dram: Bringing 1750000uV into 1575000-1575000uV
[ 4.460272] vcc-dram: failed to apply 1575000-1575000uV constraint: -EINVAL
[ 4.474788] axp20x-regulator axp20x-regulator.0: Failed to register dcdc5
[ 4.482276] axp20x-regulator axp20x-regulator.0: probe with driver axp20x-regulator failed with error -22
==================
Set the limits to values that can be programmed, so any correction will
be successful.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Fixes: 1e1dea72651b ("ARM: dts: sun9i: cubieboard4: Add AXP809 PMIC device node and regulators")
Link: https://patch.msgid.link/20241007222916.19013-1-andre.przywara@arm.com
Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/allwinner/sun9i-a80-cubieboard4.dts | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/arm/boot/dts/allwinner/sun9i-a80-cubieboard4.dts b/arch/arm/boot/dts/allwinner/sun9i-a80-cubieboard4.dts
index c8ca8cb7f5c94..52ad95a2063aa 100644
--- a/arch/arm/boot/dts/allwinner/sun9i-a80-cubieboard4.dts
+++ b/arch/arm/boot/dts/allwinner/sun9i-a80-cubieboard4.dts
@@ -280,8 +280,8 @@ reg_dcdc4: dcdc4 {
reg_dcdc5: dcdc5 {
regulator-always-on;
- regulator-min-microvolt = <1425000>;
- regulator-max-microvolt = <1575000>;
+ regulator-min-microvolt = <1450000>;
+ regulator-max-microvolt = <1550000>;
regulator-name = "vcc-dram";
};
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 183/817] arm64: dts: ti: k3-j7200: Fix register map for main domain pmx
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (181 preceding siblings ...)
2024-12-03 14:35 ` [PATCH 6.11 182/817] ARM: dts: cubieboard4: Fix DCDC5 regulator constraints Greg Kroah-Hartman
@ 2024-12-03 14:35 ` Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 184/817] arm64: dts: ti: k3-j7200: Fix clock ids for MCSPI instances Greg Kroah-Hartman
` (643 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:35 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Aniket Limaye, Jared McArthur,
Vaishnav Achath, Vignesh Raghavendra, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jared McArthur <j-mcarthur@ti.com>
[ Upstream commit b7af8b4acb3e08c710cd48f098ce8cd07cf43a1e ]
Commit 0d0a0b441346 ("arm64: dts: ti: k3-j7200: fix main pinmux
range") split the main_pmx0 into two nodes: main_pmx0 and main_pmx1
due to a non-addressable region, but incorrectly represented the
ranges. As a result, the memory map for the pinctrl is incorrect. Fix
this by introducing the correct ranges.
The ranges are taken from the J7200 TRM [1] (Table 5-695. CTRL_MMR0
Registers).
Padconfig starting addresses and ranges:
- 0 to 66: 0x11c000, 0x10c
- 68: 0x11c110, 0x004
- 71 to 73: 0x11c11c, 0x00c
- 89 to 90: 0x11c164, 0x008
The datasheet [2] doesn't contain PADCONFIG63 (Table 6-106. Pin
Multiplexing), but the pin is necessary for enabling the MMC1 CLKLP
pad loopback and should be included in the pinmux register map.
Due to the change in pinmux node addresses, change the pinmux node for
the USB0_DRVVBUS pin to main_pmx2. The offset has not changed since the
new main_pmx2 node has the same base address and range as the original
main_pmx1 node. All other pinmuxing done within J7200 dts or dtso files
only uses main_pmx0 which has not changed.
[1] https://www.ti.com/lit/pdf/spruiu1
[2] https://www.ti.com/lit/gpn/dra821u
Fixes: 0d0a0b441346 ("arm64: dts: ti: k3-j7200: fix main pinmux range")
Signed-off-by: Aniket Limaye <a-limaye@ti.com>
Signed-off-by: Jared McArthur <j-mcarthur@ti.com>
Reviewed-by: Vaishnav Achath <vaishnav.a@ti.com>
Link: https://lore.kernel.org/r/20240926102533.398139-1-a-limaye@ti.com
Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../dts/ti/k3-j7200-common-proc-board.dts | 2 +-
arch/arm64/boot/dts/ti/k3-j7200-main.dtsi | 22 +++++++++++++++++--
2 files changed, 21 insertions(+), 3 deletions(-)
diff --git a/arch/arm64/boot/dts/ti/k3-j7200-common-proc-board.dts b/arch/arm64/boot/dts/ti/k3-j7200-common-proc-board.dts
index 6593c5da82c06..df39f2b1ff6ba 100644
--- a/arch/arm64/boot/dts/ti/k3-j7200-common-proc-board.dts
+++ b/arch/arm64/boot/dts/ti/k3-j7200-common-proc-board.dts
@@ -254,7 +254,7 @@ J721E_IOPAD(0x38, PIN_OUTPUT, 0) /* (Y21) MCAN3_TX */
};
};
-&main_pmx1 {
+&main_pmx2 {
main_usbss0_pins_default: main-usbss0-default-pins {
pinctrl-single,pins = <
J721E_IOPAD(0x04, PIN_OUTPUT, 0) /* (T4) USB0_DRVVBUS */
diff --git a/arch/arm64/boot/dts/ti/k3-j7200-main.dtsi b/arch/arm64/boot/dts/ti/k3-j7200-main.dtsi
index 9386bf3ef9f68..41adfa64418d0 100644
--- a/arch/arm64/boot/dts/ti/k3-j7200-main.dtsi
+++ b/arch/arm64/boot/dts/ti/k3-j7200-main.dtsi
@@ -426,10 +426,28 @@ main_pmx0: pinctrl@11c000 {
pinctrl-single,function-mask = <0xffffffff>;
};
- main_pmx1: pinctrl@11c11c {
+ main_pmx1: pinctrl@11c110 {
compatible = "ti,j7200-padconf", "pinctrl-single";
/* Proxy 0 addressing */
- reg = <0x00 0x11c11c 0x00 0xc>;
+ reg = <0x00 0x11c110 0x00 0x004>;
+ #pinctrl-cells = <1>;
+ pinctrl-single,register-width = <32>;
+ pinctrl-single,function-mask = <0xffffffff>;
+ };
+
+ main_pmx2: pinctrl@11c11c {
+ compatible = "ti,j7200-padconf", "pinctrl-single";
+ /* Proxy 0 addressing */
+ reg = <0x00 0x11c11c 0x00 0x00c>;
+ #pinctrl-cells = <1>;
+ pinctrl-single,register-width = <32>;
+ pinctrl-single,function-mask = <0xffffffff>;
+ };
+
+ main_pmx3: pinctrl@11c164 {
+ compatible = "ti,j7200-padconf", "pinctrl-single";
+ /* Proxy 0 addressing */
+ reg = <0x00 0x11c164 0x00 0x008>;
#pinctrl-cells = <1>;
pinctrl-single,register-width = <32>;
pinctrl-single,function-mask = <0xffffffff>;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 184/817] arm64: dts: ti: k3-j7200: Fix clock ids for MCSPI instances
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (182 preceding siblings ...)
2024-12-03 14:35 ` [PATCH 6.11 183/817] arm64: dts: ti: k3-j7200: Fix register map for main domain pmx Greg Kroah-Hartman
@ 2024-12-03 14:35 ` Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 185/817] arm64: dts: ti: k3-j721e: Fix clock IDs " Greg Kroah-Hartman
` (642 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:35 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Anurag Dutta, Aniket Limaye,
Vignesh Raghavendra, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Anurag Dutta <a-dutta@ti.com>
[ Upstream commit 3a47e381670f130870caef6e1155ac531b17b032 ]
The clock IDs for multiple MCSPI instances across wakeup as
well as main domain in J7200 are incorrect when compared with
documentation [1]. This results in kernel crashes when the said
instances are enabled. Fix the clock ids to their appropriate
values.
[1]https://software-dl.ti.com/tisci/esd/latest/5_soc_doc/j7200/clocks.html
Fixes: 8f6c475f4ca7 ("arm64: dts: ti: k3-j7200: Add MCSPI nodes")
Signed-off-by: Anurag Dutta <a-dutta@ti.com>
Reviewed-by: Aniket Limaye <a-limaye@ti.com>
Link: https://lore.kernel.org/r/20241023104532.3438851-2-a-dutta@ti.com
Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/ti/k3-j7200-main.dtsi | 16 ++++++++--------
arch/arm64/boot/dts/ti/k3-j7200-mcu-wakeup.dtsi | 6 +++---
2 files changed, 11 insertions(+), 11 deletions(-)
diff --git a/arch/arm64/boot/dts/ti/k3-j7200-main.dtsi b/arch/arm64/boot/dts/ti/k3-j7200-main.dtsi
index 41adfa64418d0..1d11da926a871 100644
--- a/arch/arm64/boot/dts/ti/k3-j7200-main.dtsi
+++ b/arch/arm64/boot/dts/ti/k3-j7200-main.dtsi
@@ -1163,7 +1163,7 @@ main_spi0: spi@2100000 {
#address-cells = <1>;
#size-cells = <0>;
power-domains = <&k3_pds 266 TI_SCI_PD_EXCLUSIVE>;
- clocks = <&k3_clks 266 1>;
+ clocks = <&k3_clks 266 4>;
status = "disabled";
};
@@ -1174,7 +1174,7 @@ main_spi1: spi@2110000 {
#address-cells = <1>;
#size-cells = <0>;
power-domains = <&k3_pds 267 TI_SCI_PD_EXCLUSIVE>;
- clocks = <&k3_clks 267 1>;
+ clocks = <&k3_clks 267 4>;
status = "disabled";
};
@@ -1185,7 +1185,7 @@ main_spi2: spi@2120000 {
#address-cells = <1>;
#size-cells = <0>;
power-domains = <&k3_pds 268 TI_SCI_PD_EXCLUSIVE>;
- clocks = <&k3_clks 268 1>;
+ clocks = <&k3_clks 268 4>;
status = "disabled";
};
@@ -1196,7 +1196,7 @@ main_spi3: spi@2130000 {
#address-cells = <1>;
#size-cells = <0>;
power-domains = <&k3_pds 269 TI_SCI_PD_EXCLUSIVE>;
- clocks = <&k3_clks 269 1>;
+ clocks = <&k3_clks 269 4>;
status = "disabled";
};
@@ -1207,7 +1207,7 @@ main_spi4: spi@2140000 {
#address-cells = <1>;
#size-cells = <0>;
power-domains = <&k3_pds 270 TI_SCI_PD_EXCLUSIVE>;
- clocks = <&k3_clks 270 1>;
+ clocks = <&k3_clks 270 2>;
status = "disabled";
};
@@ -1218,7 +1218,7 @@ main_spi5: spi@2150000 {
#address-cells = <1>;
#size-cells = <0>;
power-domains = <&k3_pds 271 TI_SCI_PD_EXCLUSIVE>;
- clocks = <&k3_clks 271 1>;
+ clocks = <&k3_clks 271 4>;
status = "disabled";
};
@@ -1229,7 +1229,7 @@ main_spi6: spi@2160000 {
#address-cells = <1>;
#size-cells = <0>;
power-domains = <&k3_pds 272 TI_SCI_PD_EXCLUSIVE>;
- clocks = <&k3_clks 272 1>;
+ clocks = <&k3_clks 272 4>;
status = "disabled";
};
@@ -1240,7 +1240,7 @@ main_spi7: spi@2170000 {
#address-cells = <1>;
#size-cells = <0>;
power-domains = <&k3_pds 273 TI_SCI_PD_EXCLUSIVE>;
- clocks = <&k3_clks 273 1>;
+ clocks = <&k3_clks 273 4>;
status = "disabled";
};
diff --git a/arch/arm64/boot/dts/ti/k3-j7200-mcu-wakeup.dtsi b/arch/arm64/boot/dts/ti/k3-j7200-mcu-wakeup.dtsi
index 5097d192c2b20..b18b2f2deb969 100644
--- a/arch/arm64/boot/dts/ti/k3-j7200-mcu-wakeup.dtsi
+++ b/arch/arm64/boot/dts/ti/k3-j7200-mcu-wakeup.dtsi
@@ -494,7 +494,7 @@ mcu_spi0: spi@40300000 {
#address-cells = <1>;
#size-cells = <0>;
power-domains = <&k3_pds 274 TI_SCI_PD_EXCLUSIVE>;
- clocks = <&k3_clks 274 0>;
+ clocks = <&k3_clks 274 4>;
status = "disabled";
};
@@ -505,7 +505,7 @@ mcu_spi1: spi@40310000 {
#address-cells = <1>;
#size-cells = <0>;
power-domains = <&k3_pds 275 TI_SCI_PD_EXCLUSIVE>;
- clocks = <&k3_clks 275 0>;
+ clocks = <&k3_clks 275 4>;
status = "disabled";
};
@@ -516,7 +516,7 @@ mcu_spi2: spi@40320000 {
#address-cells = <1>;
#size-cells = <0>;
power-domains = <&k3_pds 276 TI_SCI_PD_EXCLUSIVE>;
- clocks = <&k3_clks 276 0>;
+ clocks = <&k3_clks 276 2>;
status = "disabled";
};
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 185/817] arm64: dts: ti: k3-j721e: Fix clock IDs for MCSPI instances
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (183 preceding siblings ...)
2024-12-03 14:35 ` [PATCH 6.11 184/817] arm64: dts: ti: k3-j7200: Fix clock ids for MCSPI instances Greg Kroah-Hartman
@ 2024-12-03 14:35 ` Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 186/817] arm64: dts: ti: k3-j721s2: " Greg Kroah-Hartman
` (641 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:35 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Anurag Dutta, Vignesh Raghavendra,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Anurag Dutta <a-dutta@ti.com>
[ Upstream commit ab09a68f3be04b2f9d1fc7cfc0e2225025cb9421 ]
The clock IDs for multiple MCSPI instances across wakeup domain
in J721e are incorrect when compared with documentation [1]. Fix
the clock ids to their appropriate values.
[1]https://software-dl.ti.com/tisci/esd/latest/5_soc_doc/j721e/clocks.html
Fixes: 76aa309f9fa7 ("arm64: dts: ti: k3-j721e: Add MCSPI nodes")
Signed-off-by: Anurag Dutta <a-dutta@ti.com>
Link: https://lore.kernel.org/r/20241023104532.3438851-3-a-dutta@ti.com
Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/ti/k3-j721e-mcu-wakeup.dtsi | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/arch/arm64/boot/dts/ti/k3-j721e-mcu-wakeup.dtsi b/arch/arm64/boot/dts/ti/k3-j721e-mcu-wakeup.dtsi
index 6b6ef6a306142..e71696a8bb833 100644
--- a/arch/arm64/boot/dts/ti/k3-j721e-mcu-wakeup.dtsi
+++ b/arch/arm64/boot/dts/ti/k3-j721e-mcu-wakeup.dtsi
@@ -654,7 +654,7 @@ mcu_spi0: spi@40300000 {
#address-cells = <1>;
#size-cells = <0>;
power-domains = <&k3_pds 274 TI_SCI_PD_EXCLUSIVE>;
- clocks = <&k3_clks 274 0>;
+ clocks = <&k3_clks 274 1>;
status = "disabled";
};
@@ -665,7 +665,7 @@ mcu_spi1: spi@40310000 {
#address-cells = <1>;
#size-cells = <0>;
power-domains = <&k3_pds 275 TI_SCI_PD_EXCLUSIVE>;
- clocks = <&k3_clks 275 0>;
+ clocks = <&k3_clks 275 1>;
status = "disabled";
};
@@ -676,7 +676,7 @@ mcu_spi2: spi@40320000 {
#address-cells = <1>;
#size-cells = <0>;
power-domains = <&k3_pds 276 TI_SCI_PD_EXCLUSIVE>;
- clocks = <&k3_clks 276 0>;
+ clocks = <&k3_clks 276 1>;
status = "disabled";
};
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 186/817] arm64: dts: ti: k3-j721s2: Fix clock IDs for MCSPI instances
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (184 preceding siblings ...)
2024-12-03 14:35 ` [PATCH 6.11 185/817] arm64: dts: ti: k3-j721e: Fix clock IDs " Greg Kroah-Hartman
@ 2024-12-03 14:35 ` Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 187/817] watchdog: Add HAS_IOPORT dependency for SBC8360 and SBC7240 Greg Kroah-Hartman
` (640 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:35 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Anurag Dutta, Vignesh Raghavendra,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Anurag Dutta <a-dutta@ti.com>
[ Upstream commit 891874f015e98f67ab2fda76f2e859921e136621 ]
The clock IDs for multiple MCSPI instances across wakeup domain
in J721s2 are incorrect when compared with documentation [1]. Fix the
clock IDs to their appropriate values.
[1]https://software-dl.ti.com/tisci/esd/latest/5_soc_doc/j721s2/clocks.html
Fixes: 04d7cb647b85 ("arm64: dts: ti: k3-j721s2: Add MCSPI nodes")
Signed-off-by: Anurag Dutta <a-dutta@ti.com>
Link: https://lore.kernel.org/r/20241023104532.3438851-4-a-dutta@ti.com
Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/ti/k3-j721s2-main.dtsi | 16 ++++++++--------
arch/arm64/boot/dts/ti/k3-j721s2-mcu-wakeup.dtsi | 6 +++---
2 files changed, 11 insertions(+), 11 deletions(-)
diff --git a/arch/arm64/boot/dts/ti/k3-j721s2-main.dtsi b/arch/arm64/boot/dts/ti/k3-j721s2-main.dtsi
index 9ed6949b40e9d..fae534b5c8a43 100644
--- a/arch/arm64/boot/dts/ti/k3-j721s2-main.dtsi
+++ b/arch/arm64/boot/dts/ti/k3-j721s2-main.dtsi
@@ -1708,7 +1708,7 @@ main_spi0: spi@2100000 {
#address-cells = <1>;
#size-cells = <0>;
power-domains = <&k3_pds 339 TI_SCI_PD_EXCLUSIVE>;
- clocks = <&k3_clks 339 1>;
+ clocks = <&k3_clks 339 2>;
status = "disabled";
};
@@ -1719,7 +1719,7 @@ main_spi1: spi@2110000 {
#address-cells = <1>;
#size-cells = <0>;
power-domains = <&k3_pds 340 TI_SCI_PD_EXCLUSIVE>;
- clocks = <&k3_clks 340 1>;
+ clocks = <&k3_clks 340 2>;
status = "disabled";
};
@@ -1730,7 +1730,7 @@ main_spi2: spi@2120000 {
#address-cells = <1>;
#size-cells = <0>;
power-domains = <&k3_pds 341 TI_SCI_PD_EXCLUSIVE>;
- clocks = <&k3_clks 341 1>;
+ clocks = <&k3_clks 341 2>;
status = "disabled";
};
@@ -1741,7 +1741,7 @@ main_spi3: spi@2130000 {
#address-cells = <1>;
#size-cells = <0>;
power-domains = <&k3_pds 342 TI_SCI_PD_EXCLUSIVE>;
- clocks = <&k3_clks 342 1>;
+ clocks = <&k3_clks 342 2>;
status = "disabled";
};
@@ -1752,7 +1752,7 @@ main_spi4: spi@2140000 {
#address-cells = <1>;
#size-cells = <0>;
power-domains = <&k3_pds 343 TI_SCI_PD_EXCLUSIVE>;
- clocks = <&k3_clks 343 1>;
+ clocks = <&k3_clks 343 2>;
status = "disabled";
};
@@ -1763,7 +1763,7 @@ main_spi5: spi@2150000 {
#address-cells = <1>;
#size-cells = <0>;
power-domains = <&k3_pds 344 TI_SCI_PD_EXCLUSIVE>;
- clocks = <&k3_clks 344 1>;
+ clocks = <&k3_clks 344 2>;
status = "disabled";
};
@@ -1774,7 +1774,7 @@ main_spi6: spi@2160000 {
#address-cells = <1>;
#size-cells = <0>;
power-domains = <&k3_pds 345 TI_SCI_PD_EXCLUSIVE>;
- clocks = <&k3_clks 345 1>;
+ clocks = <&k3_clks 345 2>;
status = "disabled";
};
@@ -1785,7 +1785,7 @@ main_spi7: spi@2170000 {
#address-cells = <1>;
#size-cells = <0>;
power-domains = <&k3_pds 346 TI_SCI_PD_EXCLUSIVE>;
- clocks = <&k3_clks 346 1>;
+ clocks = <&k3_clks 346 2>;
status = "disabled";
};
diff --git a/arch/arm64/boot/dts/ti/k3-j721s2-mcu-wakeup.dtsi b/arch/arm64/boot/dts/ti/k3-j721s2-mcu-wakeup.dtsi
index 8feb42c89e476..ddf8fc57fd170 100644
--- a/arch/arm64/boot/dts/ti/k3-j721s2-mcu-wakeup.dtsi
+++ b/arch/arm64/boot/dts/ti/k3-j721s2-mcu-wakeup.dtsi
@@ -425,7 +425,7 @@ mcu_spi0: spi@40300000 {
#address-cells = <1>;
#size-cells = <0>;
power-domains = <&k3_pds 347 TI_SCI_PD_EXCLUSIVE>;
- clocks = <&k3_clks 347 0>;
+ clocks = <&k3_clks 347 2>;
status = "disabled";
};
@@ -436,7 +436,7 @@ mcu_spi1: spi@40310000 {
#address-cells = <1>;
#size-cells = <0>;
power-domains = <&k3_pds 348 TI_SCI_PD_EXCLUSIVE>;
- clocks = <&k3_clks 348 0>;
+ clocks = <&k3_clks 348 2>;
status = "disabled";
};
@@ -447,7 +447,7 @@ mcu_spi2: spi@40320000 {
#address-cells = <1>;
#size-cells = <0>;
power-domains = <&k3_pds 349 TI_SCI_PD_EXCLUSIVE>;
- clocks = <&k3_clks 349 0>;
+ clocks = <&k3_clks 349 2>;
status = "disabled";
};
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 187/817] watchdog: Add HAS_IOPORT dependency for SBC8360 and SBC7240
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (185 preceding siblings ...)
2024-12-03 14:35 ` [PATCH 6.11 186/817] arm64: dts: ti: k3-j721s2: " Greg Kroah-Hartman
@ 2024-12-03 14:35 ` Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 188/817] arm64: dts: qcom: x1e80100: Update C4/C5 residency/exit numbers Greg Kroah-Hartman
` (639 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:35 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Niklas Schnelle, Guenter Roeck,
Arnd Bergmann, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Niklas Schnelle <schnelle@linux.ibm.com>
[ Upstream commit d4d3125a3452a54acca69050be67b87ee2900e77 ]
Both drivers use I/O port accesses without declaring a dependency on
CONFIG_HAS_IOPORT. For sbc8360_wdt this causes a compile error on UML
once inb()/outb() helpers become conditional.
For sbc7240_wdt this causes no such errors with UML because this driver
depends on both x86_32 and !UML. Nevertheless add HAS_IOPORT as
a dependency for both drivers to be explicit and drop the !UML
dependency for sbc7240_wdt as it is now redundant since UML implies no
HAS_IOPORT.
Fixes: 52df67b6b313 ("watchdog: add HAS_IOPORT dependencies")
Signed-off-by: Niklas Schnelle <schnelle@linux.ibm.com>
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/watchdog/Kconfig | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/watchdog/Kconfig b/drivers/watchdog/Kconfig
index bae1d97cce89b..8a48113ec2ace 100644
--- a/drivers/watchdog/Kconfig
+++ b/drivers/watchdog/Kconfig
@@ -1500,7 +1500,7 @@ config 60XX_WDT
config SBC8360_WDT
tristate "SBC8360 Watchdog Timer"
- depends on X86_32
+ depends on X86_32 && HAS_IOPORT
help
This is the driver for the hardware watchdog on the SBC8360 Single
@@ -1513,7 +1513,7 @@ config SBC8360_WDT
config SBC7240_WDT
tristate "SBC Nano 7240 Watchdog Timer"
- depends on X86_32 && !UML
+ depends on X86_32 && HAS_IOPORT
help
This is the driver for the hardware watchdog found on the IEI
single board computers EPIC Nano 7240 (and likely others). This
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 188/817] arm64: dts: qcom: x1e80100: Update C4/C5 residency/exit numbers
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (186 preceding siblings ...)
2024-12-03 14:35 ` [PATCH 6.11 187/817] watchdog: Add HAS_IOPORT dependency for SBC8360 and SBC7240 Greg Kroah-Hartman
@ 2024-12-03 14:36 ` Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 189/817] dt-bindings: cache: qcom,llcc: Fix X1E80100 reg entries Greg Kroah-Hartman
` (638 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:36 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Konrad Dybcio, Bjorn Andersson,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Konrad Dybcio <konrad.dybcio@linaro.org>
[ Upstream commit 2e65616ef07fa4c72c3898b22e5bede7d468cf32 ]
Update the numbers based on the information found in the DSDT.
Fixes: af16b00578a7 ("arm64: dts: qcom: Add base X1E80100 dtsi and the QCP dts")
Signed-off-by: Konrad Dybcio <konrad.dybcio@linaro.org>
Link: https://lore.kernel.org/r/20240716-topic-h_bits-v1-2-f6c5d3ff982c@linaro.org
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/x1e80100.dtsi | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/arch/arm64/boot/dts/qcom/x1e80100.dtsi b/arch/arm64/boot/dts/qcom/x1e80100.dtsi
index 2a03581b0ab56..db0304c564980 100644
--- a/arch/arm64/boot/dts/qcom/x1e80100.dtsi
+++ b/arch/arm64/boot/dts/qcom/x1e80100.dtsi
@@ -278,8 +278,8 @@ CLUSTER_C4: cpu-sleep-0 {
idle-state-name = "ret";
arm,psci-suspend-param = <0x00000004>;
entry-latency-us = <180>;
- exit-latency-us = <320>;
- min-residency-us = <1000>;
+ exit-latency-us = <500>;
+ min-residency-us = <600>;
};
};
@@ -298,7 +298,7 @@ CLUSTER_CL5: cluster-sleep-1 {
idle-state-name = "ret-pll-off";
arm,psci-suspend-param = <0x01000054>;
entry-latency-us = <2200>;
- exit-latency-us = <2500>;
+ exit-latency-us = <4000>;
min-residency-us = <7000>;
};
};
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 189/817] dt-bindings: cache: qcom,llcc: Fix X1E80100 reg entries
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (187 preceding siblings ...)
2024-12-03 14:36 ` [PATCH 6.11 188/817] arm64: dts: qcom: x1e80100: Update C4/C5 residency/exit numbers Greg Kroah-Hartman
@ 2024-12-03 14:36 ` Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 190/817] of/fdt: add dt_phys arg to early_init_dt_scan and early_init_dt_verify Greg Kroah-Hartman
` (637 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:36 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, kernel test robot, Abel Vesa,
Krzysztof Kozlowski, Rob Herring (Arm), Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Abel Vesa <abel.vesa@linaro.org>
[ Upstream commit f9759e2b57049f9c4ea8d7254ba6afcf6eb10cd6 ]
Document the missing Broadcast_AND region for x1e80100.
Fixes: e9ceb595c2d3 ("dt-bindings: cache: qcom,llcc: Add X1E80100 compatible")
Reported-by: kernel test robot <lkp@intel.com>
Closes: https://lore.kernel.org/oe-kbuild-all/202410181235.L7MF7z48-lkp@intel.com/
Signed-off-by: Abel Vesa <abel.vesa@linaro.org>
Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Link: https://lore.kernel.org/r/20241018-qcom-llcc-bindings-reg-ranges-fix-v1-1-88693cb7723b@linaro.org
Signed-off-by: Rob Herring (Arm) <robh@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../devicetree/bindings/cache/qcom,llcc.yaml | 36 +++++++++++++++++--
1 file changed, 34 insertions(+), 2 deletions(-)
diff --git a/Documentation/devicetree/bindings/cache/qcom,llcc.yaml b/Documentation/devicetree/bindings/cache/qcom,llcc.yaml
index 68ea5f70b75f0..ee7edc6f60e2b 100644
--- a/Documentation/devicetree/bindings/cache/qcom,llcc.yaml
+++ b/Documentation/devicetree/bindings/cache/qcom,llcc.yaml
@@ -39,11 +39,11 @@ properties:
reg:
minItems: 2
- maxItems: 9
+ maxItems: 10
reg-names:
minItems: 2
- maxItems: 9
+ maxItems: 10
interrupts:
maxItems: 1
@@ -134,6 +134,36 @@ allOf:
- qcom,qdu1000-llcc
- qcom,sc8180x-llcc
- qcom,sc8280xp-llcc
+ then:
+ properties:
+ reg:
+ items:
+ - description: LLCC0 base register region
+ - description: LLCC1 base register region
+ - description: LLCC2 base register region
+ - description: LLCC3 base register region
+ - description: LLCC4 base register region
+ - description: LLCC5 base register region
+ - description: LLCC6 base register region
+ - description: LLCC7 base register region
+ - description: LLCC broadcast base register region
+ reg-names:
+ items:
+ - const: llcc0_base
+ - const: llcc1_base
+ - const: llcc2_base
+ - const: llcc3_base
+ - const: llcc4_base
+ - const: llcc5_base
+ - const: llcc6_base
+ - const: llcc7_base
+ - const: llcc_broadcast_base
+
+ - if:
+ properties:
+ compatible:
+ contains:
+ enum:
- qcom,x1e80100-llcc
then:
properties:
@@ -148,6 +178,7 @@ allOf:
- description: LLCC6 base register region
- description: LLCC7 base register region
- description: LLCC broadcast base register region
+ - description: LLCC broadcast AND register region
reg-names:
items:
- const: llcc0_base
@@ -159,6 +190,7 @@ allOf:
- const: llcc6_base
- const: llcc7_base
- const: llcc_broadcast_base
+ - const: llcc_broadcast_and_base
- if:
properties:
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 190/817] of/fdt: add dt_phys arg to early_init_dt_scan and early_init_dt_verify
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (188 preceding siblings ...)
2024-12-03 14:36 ` [PATCH 6.11 189/817] dt-bindings: cache: qcom,llcc: Fix X1E80100 reg entries Greg Kroah-Hartman
@ 2024-12-03 14:36 ` Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 191/817] pmdomain: ti-sci: Add missing of_node_put() for args.np Greg Kroah-Hartman
` (636 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:36 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Breno Leitao, Mark Rutland,
Usama Arif, Rob Herring (Arm), Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Usama Arif <usamaarif642@gmail.com>
[ Upstream commit b2473a359763e27567993e7d8f37de82f57a0829 ]
__pa() is only intended to be used for linear map addresses and using
it for initial_boot_params which is in fixmap for arm64 will give an
incorrect value. Hence save the physical address when it is known at
boot time when calling early_init_dt_scan for arm64 and use it at kexec
time instead of converting the virtual address using __pa().
Note that arm64 doesn't need the FDT region reserved in the DT as the
kernel explicitly reserves the passed in FDT. Therefore, only a debug
warning is fixed with this change.
Reported-by: Breno Leitao <leitao@debian.org>
Suggested-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Usama Arif <usamaarif642@gmail.com>
Fixes: ac10be5cdbfa ("arm64: Use common of_kexec_alloc_and_setup_fdt()")
Link: https://lore.kernel.org/r/20241023171426.452688-1-usamaarif642@gmail.com
Signed-off-by: Rob Herring (Arm) <robh@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arc/kernel/devtree.c | 2 +-
arch/arm/kernel/devtree.c | 2 +-
arch/arm64/kernel/setup.c | 6 +++++-
arch/csky/kernel/setup.c | 4 ++--
arch/loongarch/kernel/setup.c | 2 +-
arch/microblaze/kernel/prom.c | 2 +-
arch/mips/kernel/prom.c | 2 +-
arch/mips/kernel/relocate.c | 2 +-
arch/nios2/kernel/prom.c | 4 ++--
arch/openrisc/kernel/prom.c | 2 +-
arch/powerpc/kernel/dt_cpu_ftrs.c | 2 +-
arch/powerpc/kernel/prom.c | 2 +-
arch/powerpc/platforms/pseries/plpks.c | 2 +-
arch/riscv/kernel/setup.c | 2 +-
arch/sh/kernel/setup.c | 2 +-
arch/um/kernel/dtb.c | 2 +-
arch/x86/kernel/devicetree.c | 2 +-
arch/xtensa/kernel/setup.c | 2 +-
drivers/of/fdt.c | 14 ++++++++------
drivers/of/kexec.c | 2 +-
include/linux/of_fdt.h | 5 +++--
21 files changed, 36 insertions(+), 29 deletions(-)
diff --git a/arch/arc/kernel/devtree.c b/arch/arc/kernel/devtree.c
index 4c9e61457b2f6..cc6ac7d128aa1 100644
--- a/arch/arc/kernel/devtree.c
+++ b/arch/arc/kernel/devtree.c
@@ -62,7 +62,7 @@ const struct machine_desc * __init setup_machine_fdt(void *dt)
const struct machine_desc *mdesc;
unsigned long dt_root;
- if (!early_init_dt_scan(dt))
+ if (!early_init_dt_scan(dt, __pa(dt)))
return NULL;
mdesc = of_flat_dt_match_machine(NULL, arch_get_next_mach);
diff --git a/arch/arm/kernel/devtree.c b/arch/arm/kernel/devtree.c
index fdb74e64206a8..3b78966e750a2 100644
--- a/arch/arm/kernel/devtree.c
+++ b/arch/arm/kernel/devtree.c
@@ -200,7 +200,7 @@ const struct machine_desc * __init setup_machine_fdt(void *dt_virt)
mdesc_best = &__mach_desc_GENERIC_DT;
- if (!dt_virt || !early_init_dt_verify(dt_virt))
+ if (!dt_virt || !early_init_dt_verify(dt_virt, __pa(dt_virt)))
return NULL;
mdesc = of_flat_dt_match_machine(mdesc_best, arch_get_next_mach);
diff --git a/arch/arm64/kernel/setup.c b/arch/arm64/kernel/setup.c
index b22d28ec80284..87f61fd6783c2 100644
--- a/arch/arm64/kernel/setup.c
+++ b/arch/arm64/kernel/setup.c
@@ -175,7 +175,11 @@ static void __init setup_machine_fdt(phys_addr_t dt_phys)
if (dt_virt)
memblock_reserve(dt_phys, size);
- if (!dt_virt || !early_init_dt_scan(dt_virt)) {
+ /*
+ * dt_virt is a fixmap address, hence __pa(dt_virt) can't be used.
+ * Pass dt_phys directly.
+ */
+ if (!early_init_dt_scan(dt_virt, dt_phys)) {
pr_crit("\n"
"Error: invalid device tree blob at physical address %pa (virtual address 0x%px)\n"
"The dtb must be 8-byte aligned and must not exceed 2 MB in size\n"
diff --git a/arch/csky/kernel/setup.c b/arch/csky/kernel/setup.c
index 51012e90780d6..fe715b707fd0a 100644
--- a/arch/csky/kernel/setup.c
+++ b/arch/csky/kernel/setup.c
@@ -112,9 +112,9 @@ asmlinkage __visible void __init csky_start(unsigned int unused,
pre_trap_init();
if (dtb_start == NULL)
- early_init_dt_scan(__dtb_start);
+ early_init_dt_scan(__dtb_start, __pa(dtb_start));
else
- early_init_dt_scan(dtb_start);
+ early_init_dt_scan(dtb_start, __pa(dtb_start));
start_kernel();
diff --git a/arch/loongarch/kernel/setup.c b/arch/loongarch/kernel/setup.c
index d2b18ed23b8a4..ec502cb4c61dd 100644
--- a/arch/loongarch/kernel/setup.c
+++ b/arch/loongarch/kernel/setup.c
@@ -291,7 +291,7 @@ static void __init fdt_setup(void)
if (!fdt_pointer || fdt_check_header(fdt_pointer))
return;
- early_init_dt_scan(fdt_pointer);
+ early_init_dt_scan(fdt_pointer, __pa(fdt_pointer));
early_init_fdt_reserve_self();
max_low_pfn = PFN_PHYS(memblock_end_of_DRAM());
diff --git a/arch/microblaze/kernel/prom.c b/arch/microblaze/kernel/prom.c
index e424c796e297c..76ac4cfdfb42c 100644
--- a/arch/microblaze/kernel/prom.c
+++ b/arch/microblaze/kernel/prom.c
@@ -18,7 +18,7 @@ void __init early_init_devtree(void *params)
{
pr_debug(" -> early_init_devtree(%p)\n", params);
- early_init_dt_scan(params);
+ early_init_dt_scan(params, __pa(params));
if (!strlen(boot_command_line))
strscpy(boot_command_line, cmd_line, COMMAND_LINE_SIZE);
diff --git a/arch/mips/kernel/prom.c b/arch/mips/kernel/prom.c
index 6062e6fa589a8..4fd6da0a06c37 100644
--- a/arch/mips/kernel/prom.c
+++ b/arch/mips/kernel/prom.c
@@ -41,7 +41,7 @@ char *mips_get_machine_name(void)
void __init __dt_setup_arch(void *bph)
{
- if (!early_init_dt_scan(bph))
+ if (!early_init_dt_scan(bph, __pa(bph)))
return;
mips_set_machine_name(of_flat_dt_get_machine_name());
diff --git a/arch/mips/kernel/relocate.c b/arch/mips/kernel/relocate.c
index 7eeeaf1ff95d2..cda7983e7c18d 100644
--- a/arch/mips/kernel/relocate.c
+++ b/arch/mips/kernel/relocate.c
@@ -337,7 +337,7 @@ void *__init relocate_kernel(void)
#if defined(CONFIG_USE_OF)
/* Deal with the device tree */
fdt = plat_get_fdt();
- early_init_dt_scan(fdt);
+ early_init_dt_scan(fdt, __pa(fdt));
if (boot_command_line[0]) {
/* Boot command line was passed in device tree */
strscpy(arcs_cmdline, boot_command_line, COMMAND_LINE_SIZE);
diff --git a/arch/nios2/kernel/prom.c b/arch/nios2/kernel/prom.c
index 9a8393e6b4a85..db049249766fc 100644
--- a/arch/nios2/kernel/prom.c
+++ b/arch/nios2/kernel/prom.c
@@ -27,7 +27,7 @@ void __init early_init_devtree(void *params)
if (be32_to_cpup((__be32 *)CONFIG_NIOS2_DTB_PHYS_ADDR) ==
OF_DT_HEADER) {
params = (void *)CONFIG_NIOS2_DTB_PHYS_ADDR;
- early_init_dt_scan(params);
+ early_init_dt_scan(params, __pa(params));
return;
}
#endif
@@ -37,5 +37,5 @@ void __init early_init_devtree(void *params)
params = (void *)__dtb_start;
#endif
- early_init_dt_scan(params);
+ early_init_dt_scan(params, __pa(params));
}
diff --git a/arch/openrisc/kernel/prom.c b/arch/openrisc/kernel/prom.c
index 19e6008bf114c..e424e9bd12a79 100644
--- a/arch/openrisc/kernel/prom.c
+++ b/arch/openrisc/kernel/prom.c
@@ -22,6 +22,6 @@
void __init early_init_devtree(void *params)
{
- early_init_dt_scan(params);
+ early_init_dt_scan(params, __pa(params));
memblock_allow_resize();
}
diff --git a/arch/powerpc/kernel/dt_cpu_ftrs.c b/arch/powerpc/kernel/dt_cpu_ftrs.c
index af4263594eb2c..1bee15c013e75 100644
--- a/arch/powerpc/kernel/dt_cpu_ftrs.c
+++ b/arch/powerpc/kernel/dt_cpu_ftrs.c
@@ -867,7 +867,7 @@ bool __init dt_cpu_ftrs_init(void *fdt)
using_dt_cpu_ftrs = false;
/* Setup and verify the FDT, if it fails we just bail */
- if (!early_init_dt_verify(fdt))
+ if (!early_init_dt_verify(fdt, __pa(fdt)))
return false;
if (!of_scan_flat_dt(fdt_find_cpu_features, NULL))
diff --git a/arch/powerpc/kernel/prom.c b/arch/powerpc/kernel/prom.c
index 0be07ed407c70..88cbe432cad59 100644
--- a/arch/powerpc/kernel/prom.c
+++ b/arch/powerpc/kernel/prom.c
@@ -791,7 +791,7 @@ void __init early_init_devtree(void *params)
DBG(" -> early_init_devtree(%px)\n", params);
/* Too early to BUG_ON(), do it by hand */
- if (!early_init_dt_verify(params))
+ if (!early_init_dt_verify(params, __pa(params)))
panic("BUG: Failed verifying flat device tree, bad version?");
of_scan_flat_dt(early_init_dt_scan_model, NULL);
diff --git a/arch/powerpc/platforms/pseries/plpks.c b/arch/powerpc/platforms/pseries/plpks.c
index 4a595493d28ae..b1667ed05f988 100644
--- a/arch/powerpc/platforms/pseries/plpks.c
+++ b/arch/powerpc/platforms/pseries/plpks.c
@@ -683,7 +683,7 @@ void __init plpks_early_init_devtree(void)
out:
fdt_nop_property(fdt, chosen_node, "ibm,plpks-pw");
// Since we've cleared the password, we must update the FDT checksum
- early_init_dt_verify(fdt);
+ early_init_dt_verify(fdt, __pa(fdt));
}
static __init int pseries_plpks_init(void)
diff --git a/arch/riscv/kernel/setup.c b/arch/riscv/kernel/setup.c
index a2cde65b69e95..26c886db4fb3d 100644
--- a/arch/riscv/kernel/setup.c
+++ b/arch/riscv/kernel/setup.c
@@ -227,7 +227,7 @@ static void __init init_resources(void)
static void __init parse_dtb(void)
{
/* Early scan of device tree from init memory */
- if (early_init_dt_scan(dtb_early_va)) {
+ if (early_init_dt_scan(dtb_early_va, __pa(dtb_early_va))) {
const char *name = of_flat_dt_get_machine_name();
if (name) {
diff --git a/arch/sh/kernel/setup.c b/arch/sh/kernel/setup.c
index 620e5cf8ae1e7..f2b6f16a46b85 100644
--- a/arch/sh/kernel/setup.c
+++ b/arch/sh/kernel/setup.c
@@ -255,7 +255,7 @@ void __ref sh_fdt_init(phys_addr_t dt_phys)
dt_virt = phys_to_virt(dt_phys);
#endif
- if (!dt_virt || !early_init_dt_scan(dt_virt)) {
+ if (!dt_virt || !early_init_dt_scan(dt_virt, __pa(dt_virt))) {
pr_crit("Error: invalid device tree blob"
" at physical address %p\n", (void *)dt_phys);
diff --git a/arch/um/kernel/dtb.c b/arch/um/kernel/dtb.c
index 4954188a6a090..8d78ced9e08f6 100644
--- a/arch/um/kernel/dtb.c
+++ b/arch/um/kernel/dtb.c
@@ -17,7 +17,7 @@ void uml_dtb_init(void)
area = uml_load_file(dtb, &size);
if (area) {
- if (!early_init_dt_scan(area)) {
+ if (!early_init_dt_scan(area, __pa(area))) {
pr_err("invalid DTB %s\n", dtb);
memblock_free(area, size);
return;
diff --git a/arch/x86/kernel/devicetree.c b/arch/x86/kernel/devicetree.c
index 64280879c68c0..59d23cdf4ed0f 100644
--- a/arch/x86/kernel/devicetree.c
+++ b/arch/x86/kernel/devicetree.c
@@ -305,7 +305,7 @@ void __init x86_flattree_get_config(void)
map_len = size;
}
- early_init_dt_verify(dt);
+ early_init_dt_verify(dt, __pa(dt));
}
unflatten_and_copy_device_tree();
diff --git a/arch/xtensa/kernel/setup.c b/arch/xtensa/kernel/setup.c
index bdec4a773af09..e51f2060e8308 100644
--- a/arch/xtensa/kernel/setup.c
+++ b/arch/xtensa/kernel/setup.c
@@ -216,7 +216,7 @@ static int __init xtensa_dt_io_area(unsigned long node, const char *uname,
void __init early_init_devtree(void *params)
{
- early_init_dt_scan(params);
+ early_init_dt_scan(params, __pa(params));
of_scan_flat_dt(xtensa_dt_io_area, NULL);
if (!command_line[0])
diff --git a/drivers/of/fdt.c b/drivers/of/fdt.c
index 68103ad230eeb..a7cfbbfbf1cb9 100644
--- a/drivers/of/fdt.c
+++ b/drivers/of/fdt.c
@@ -457,6 +457,7 @@ int __initdata dt_root_addr_cells;
int __initdata dt_root_size_cells;
void *initial_boot_params __ro_after_init;
+phys_addr_t initial_boot_params_pa __ro_after_init;
#ifdef CONFIG_OF_EARLY_FLATTREE
@@ -1136,17 +1137,18 @@ static void * __init early_init_dt_alloc_memory_arch(u64 size, u64 align)
return ptr;
}
-bool __init early_init_dt_verify(void *params)
+bool __init early_init_dt_verify(void *dt_virt, phys_addr_t dt_phys)
{
- if (!params)
+ if (!dt_virt)
return false;
/* check device tree validity */
- if (fdt_check_header(params))
+ if (fdt_check_header(dt_virt))
return false;
/* Setup flat device-tree pointer */
- initial_boot_params = params;
+ initial_boot_params = dt_virt;
+ initial_boot_params_pa = dt_phys;
of_fdt_crc32 = crc32_be(~0, initial_boot_params,
fdt_totalsize(initial_boot_params));
@@ -1173,11 +1175,11 @@ void __init early_init_dt_scan_nodes(void)
early_init_dt_check_for_usable_mem_range();
}
-bool __init early_init_dt_scan(void *params)
+bool __init early_init_dt_scan(void *dt_virt, phys_addr_t dt_phys)
{
bool status;
- status = early_init_dt_verify(params);
+ status = early_init_dt_verify(dt_virt, dt_phys);
if (!status)
return false;
diff --git a/drivers/of/kexec.c b/drivers/of/kexec.c
index 9ccde2fd77cbf..5b924597a4deb 100644
--- a/drivers/of/kexec.c
+++ b/drivers/of/kexec.c
@@ -301,7 +301,7 @@ void *of_kexec_alloc_and_setup_fdt(const struct kimage *image,
}
/* Remove memory reservation for the current device tree. */
- ret = fdt_find_and_del_mem_rsv(fdt, __pa(initial_boot_params),
+ ret = fdt_find_and_del_mem_rsv(fdt, initial_boot_params_pa,
fdt_totalsize(initial_boot_params));
if (ret == -EINVAL) {
pr_err("Error removing memory reservation.\n");
diff --git a/include/linux/of_fdt.h b/include/linux/of_fdt.h
index d69ad5bb1eb1e..b8d6c0c208760 100644
--- a/include/linux/of_fdt.h
+++ b/include/linux/of_fdt.h
@@ -31,6 +31,7 @@ extern void *of_fdt_unflatten_tree(const unsigned long *blob,
extern int __initdata dt_root_addr_cells;
extern int __initdata dt_root_size_cells;
extern void *initial_boot_params;
+extern phys_addr_t initial_boot_params_pa;
extern char __dtb_start[];
extern char __dtb_end[];
@@ -70,8 +71,8 @@ extern u64 dt_mem_next_cell(int s, const __be32 **cellp);
/* Early flat tree scan hooks */
extern int early_init_dt_scan_root(void);
-extern bool early_init_dt_scan(void *params);
-extern bool early_init_dt_verify(void *params);
+extern bool early_init_dt_scan(void *dt_virt, phys_addr_t dt_phys);
+extern bool early_init_dt_verify(void *dt_virt, phys_addr_t dt_phys);
extern void early_init_dt_scan_nodes(void);
extern const char *of_flat_dt_get_machine_name(void);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 191/817] pmdomain: ti-sci: Add missing of_node_put() for args.np
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (189 preceding siblings ...)
2024-12-03 14:36 ` [PATCH 6.11 190/817] of/fdt: add dt_phys arg to early_init_dt_scan and early_init_dt_verify Greg Kroah-Hartman
@ 2024-12-03 14:36 ` Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 192/817] spi: tegra210-quad: Avoid shift-out-of-bounds Greg Kroah-Hartman
` (635 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:36 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhang Zekun, Dhruva Gole,
Ulf Hansson, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zhang Zekun <zhangzekun11@huawei.com>
[ Upstream commit afc2331ef81657493c074592c409dac7c3cb8ccc ]
of_parse_phandle_with_args() needs to call of_node_put() to decrement
the refcount of args.np. So, Add the missing of_node_put() in the loop.
Fixes: efa5c01cd7ee ("soc: ti: ti_sci_pm_domains: switch to use multiple genpds instead of one")
Signed-off-by: Zhang Zekun <zhangzekun11@huawei.com>
Reviewed-by: Dhruva Gole <d-gole@ti.com>
Message-ID: <20241024030442.119506-2-zhangzekun11@huawei.com>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pmdomain/ti/ti_sci_pm_domains.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/pmdomain/ti/ti_sci_pm_domains.c b/drivers/pmdomain/ti/ti_sci_pm_domains.c
index 1510d5ddae3de..0df3eb7ff09a3 100644
--- a/drivers/pmdomain/ti/ti_sci_pm_domains.c
+++ b/drivers/pmdomain/ti/ti_sci_pm_domains.c
@@ -161,6 +161,7 @@ static int ti_sci_pm_domain_probe(struct platform_device *pdev)
break;
if (args.args_count >= 1 && args.np == dev->of_node) {
+ of_node_put(args.np);
if (args.args[0] > max_id) {
max_id = args.args[0];
} else {
@@ -192,7 +193,10 @@ static int ti_sci_pm_domain_probe(struct platform_device *pdev)
pm_genpd_init(&pd->pd, NULL, true);
list_add(&pd->node, &pd_provider->pd_list);
+ } else {
+ of_node_put(args.np);
}
+
index++;
}
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 192/817] spi: tegra210-quad: Avoid shift-out-of-bounds
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (190 preceding siblings ...)
2024-12-03 14:36 ` [PATCH 6.11 191/817] pmdomain: ti-sci: Add missing of_node_put() for args.np Greg Kroah-Hartman
@ 2024-12-03 14:36 ` Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 193/817] spi: zynqmp-gqspi: Undo runtime PM changes at driver exit time Greg Kroah-Hartman
` (634 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:36 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Breno Leitao, Mark Brown,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Breno Leitao <leitao@debian.org>
[ Upstream commit f399051ec1ff02e74ae5c2517aed2cc486fd005b ]
A shift-out-of-bounds issue was identified by UBSAN in the
tegra_qspi_fill_tx_fifo_from_client_txbuf() function.
UBSAN: shift-out-of-bounds in drivers/spi/spi-tegra210-quad.c:345:27
shift exponent 32 is too large for 32-bit type 'u32' (aka 'unsigned int')
Call trace:
tegra_qspi_start_cpu_based_transfer
The problem arises when shifting the contents of tx_buf left by 8 times
the value of i, which can exceed 4 and result in an exponent larger than
32 bits.
Resolve this by restrict the value of i to be less than 4, preventing
the shift operation from overflowing.
Signed-off-by: Breno Leitao <leitao@debian.org>
Fixes: 921fc1838fb0 ("spi: tegra210-quad: Add support for Tegra210 QSPI controller")
Link: https://patch.msgid.link/20241004125400.1791089-1-leitao@debian.org
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-tegra210-quad.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/spi/spi-tegra210-quad.c b/drivers/spi/spi-tegra210-quad.c
index afbd64a217eb0..43f11b0e9e765 100644
--- a/drivers/spi/spi-tegra210-quad.c
+++ b/drivers/spi/spi-tegra210-quad.c
@@ -341,7 +341,7 @@ tegra_qspi_fill_tx_fifo_from_client_txbuf(struct tegra_qspi *tqspi, struct spi_t
for (count = 0; count < max_n_32bit; count++) {
u32 x = 0;
- for (i = 0; len && (i < bytes_per_word); i++, len--)
+ for (i = 0; len && (i < min(4, bytes_per_word)); i++, len--)
x |= (u32)(*tx_buf++) << (i * 8);
tegra_qspi_writel(tqspi, x, QSPI_TX_FIFO);
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 193/817] spi: zynqmp-gqspi: Undo runtime PM changes at driver exit time
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (191 preceding siblings ...)
2024-12-03 14:36 ` [PATCH 6.11 192/817] spi: tegra210-quad: Avoid shift-out-of-bounds Greg Kroah-Hartman
@ 2024-12-03 14:36 ` Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 194/817] regmap: irq: Set lockdep class for hierarchical IRQ domains Greg Kroah-Hartman
` (633 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:36 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Jinjie Ruan, Mark Brown, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jinjie Ruan <ruanjinjie@huawei.com>
[ Upstream commit 2219576883e709737f3100aa9ded84976be49bd7 ]
It's important to undo pm_runtime_use_autosuspend() with
pm_runtime_dont_use_autosuspend() at driver exit time.
So, call pm_runtime_dont_use_autosuspend() at driver exit time
to fix it.
Fixes: 9e3a000362ae ("spi: zynqmp: Add pm runtime support")
Signed-off-by: Jinjie Ruan <ruanjinjie@huawei.com>
Link: https://patch.msgid.link/20240920091135.2741574-1-ruanjinjie@huawei.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-zynqmp-gqspi.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/spi/spi-zynqmp-gqspi.c b/drivers/spi/spi-zynqmp-gqspi.c
index 558c466135a51..d3e369e0fe5cf 100644
--- a/drivers/spi/spi-zynqmp-gqspi.c
+++ b/drivers/spi/spi-zynqmp-gqspi.c
@@ -1359,6 +1359,7 @@ static int zynqmp_qspi_probe(struct platform_device *pdev)
clk_dis_all:
pm_runtime_disable(&pdev->dev);
+ pm_runtime_dont_use_autosuspend(&pdev->dev);
pm_runtime_put_noidle(&pdev->dev);
pm_runtime_set_suspended(&pdev->dev);
clk_disable_unprepare(xqspi->refclk);
@@ -1389,6 +1390,7 @@ static void zynqmp_qspi_remove(struct platform_device *pdev)
zynqmp_gqspi_write(xqspi, GQSPI_EN_OFST, 0x0);
pm_runtime_disable(&pdev->dev);
+ pm_runtime_dont_use_autosuspend(&pdev->dev);
pm_runtime_put_noidle(&pdev->dev);
pm_runtime_set_suspended(&pdev->dev);
clk_disable_unprepare(xqspi->refclk);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 194/817] regmap: irq: Set lockdep class for hierarchical IRQ domains
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (192 preceding siblings ...)
2024-12-03 14:36 ` [PATCH 6.11 193/817] spi: zynqmp-gqspi: Undo runtime PM changes at driver exit time Greg Kroah-Hartman
@ 2024-12-03 14:36 ` Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 195/817] arm64: dts: renesas: hihope: Drop #sound-dai-cells Greg Kroah-Hartman
` (632 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:36 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Andy Shevchenko, Mark Brown,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
[ Upstream commit 953e549471cabc9d4980f1da2e9fa79f4c23da06 ]
Lockdep gives a false positive splat as it can't distinguish the lock
which is taken by different IRQ descriptors from different IRQ chips
that are organized in a way of a hierarchy:
======================================================
WARNING: possible circular locking dependency detected
6.12.0-rc5-next-20241101-00148-g9fabf8160b53 #562 Tainted: G W
------------------------------------------------------
modprobe/141 is trying to acquire lock:
ffff899446947868 (intel_soc_pmic_bxtwc:502:(&bxtwc_regmap_config)->lock){+.+.}-{4:4}, at: regmap_update_bits_base+0x33/0x90
but task is already holding lock:
ffff899446947c68 (&d->lock){+.+.}-{4:4}, at: __setup_irq+0x682/0x790
which lock already depends on the new lock.
-> #3 (&d->lock){+.+.}-{4:4}:
-> #2 (&desc->request_mutex){+.+.}-{4:4}:
-> #1 (ipclock){+.+.}-{4:4}:
-> #0 (intel_soc_pmic_bxtwc:502:(&bxtwc_regmap_config)->lock){+.+.}-{4:4}:
Chain exists of:
intel_soc_pmic_bxtwc:502:(&bxtwc_regmap_config)->lock --> &desc->request_mutex --> &d->lock
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&d->lock);
lock(&desc->request_mutex);
lock(&d->lock);
lock(intel_soc_pmic_bxtwc:502:(&bxtwc_regmap_config)->lock);
*** DEADLOCK ***
3 locks held by modprobe/141:
#0: ffff8994419368f8 (&dev->mutex){....}-{4:4}, at: __driver_attach+0xf6/0x250
#1: ffff89944690b250 (&desc->request_mutex){+.+.}-{4:4}, at: __setup_irq+0x1a2/0x790
#2: ffff899446947c68 (&d->lock){+.+.}-{4:4}, at: __setup_irq+0x682/0x790
Set a lockdep class when we map the IRQ so that it doesn't warn about
a lockdep bug that doesn't exist.
Fixes: 4af8be67fd99 ("regmap: Convert regmap_irq to use irq_domain")
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Link: https://patch.msgid.link/20241101165553.4055617-1-andriy.shevchenko@linux.intel.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/base/regmap/regmap-irq.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/base/regmap/regmap-irq.c b/drivers/base/regmap/regmap-irq.c
index d3ec1345b5b53..250b2cc1e5d87 100644
--- a/drivers/base/regmap/regmap-irq.c
+++ b/drivers/base/regmap/regmap-irq.c
@@ -514,12 +514,16 @@ static irqreturn_t regmap_irq_thread(int irq, void *d)
return IRQ_NONE;
}
+static struct lock_class_key regmap_irq_lock_class;
+static struct lock_class_key regmap_irq_request_class;
+
static int regmap_irq_map(struct irq_domain *h, unsigned int virq,
irq_hw_number_t hw)
{
struct regmap_irq_chip_data *data = h->host_data;
irq_set_chip_data(virq, data);
+ irq_set_lockdep_class(virq, ®map_irq_lock_class, ®map_irq_request_class);
irq_set_chip(virq, &data->irq_chip);
irq_set_nested_thread(virq, 1);
irq_set_parent(virq, data->irq);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 195/817] arm64: dts: renesas: hihope: Drop #sound-dai-cells
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (193 preceding siblings ...)
2024-12-03 14:36 ` [PATCH 6.11 194/817] regmap: irq: Set lockdep class for hierarchical IRQ domains Greg Kroah-Hartman
@ 2024-12-03 14:36 ` Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 196/817] arm64: dts: imx8mn-tqma8mqnl-mba8mx-usbot: fix coexistence of output-low and output-high in GPIO Greg Kroah-Hartman
` (631 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:36 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Lad Prabhakar, Geert Uytterhoeven,
Kuninori Morimoto, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>
[ Upstream commit 9cc926e3fab42dd292219796cfc94e41f4ab749d ]
"#sound-dai-cells" is required if the board is using "simple-card".
However, the HiHope board uses "audio-graph", thus remove the unneeded
`#sound-dai-cells`.
Commit 9e72606cd2db ("arm64: dts: renesas: #sound-dai-cells is used when
simple-card") updated the comment regarding usage of "#sound-dai-cells"
in the SoC DTSI but missed to remove "#sound-dai-cells" from board DTS
files.
Fixes: 9e72606cd2db ("arm64: dts: renesas: #sound-dai-cells is used when simple-card")
Signed-off-by: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>
Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
Acked-by: Kuninori Morimoto <kuninori.morimoto.gx@renesas.com>
Link: https://lore.kernel.org/20241010135332.710648-1-prabhakar.mahadev-lad.rj@bp.renesas.com
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/renesas/hihope-rev2.dtsi | 3 ---
arch/arm64/boot/dts/renesas/hihope-rev4.dtsi | 3 ---
2 files changed, 6 deletions(-)
diff --git a/arch/arm64/boot/dts/renesas/hihope-rev2.dtsi b/arch/arm64/boot/dts/renesas/hihope-rev2.dtsi
index 8e2db1d6ca81e..25c55b32aafe5 100644
--- a/arch/arm64/boot/dts/renesas/hihope-rev2.dtsi
+++ b/arch/arm64/boot/dts/renesas/hihope-rev2.dtsi
@@ -69,9 +69,6 @@ &rcar_sound {
status = "okay";
- /* Single DAI */
- #sound-dai-cells = <0>;
-
rsnd_port: port {
rsnd_endpoint: endpoint {
remote-endpoint = <&dw_hdmi0_snd_in>;
diff --git a/arch/arm64/boot/dts/renesas/hihope-rev4.dtsi b/arch/arm64/boot/dts/renesas/hihope-rev4.dtsi
index 66f3affe04697..deb69c2727756 100644
--- a/arch/arm64/boot/dts/renesas/hihope-rev4.dtsi
+++ b/arch/arm64/boot/dts/renesas/hihope-rev4.dtsi
@@ -84,9 +84,6 @@ &rcar_sound {
pinctrl-names = "default";
status = "okay";
- /* Single DAI */
- #sound-dai-cells = <0>;
-
/* audio_clkout0/1/2/3 */
#clock-cells = <1>;
clock-frequency = <12288000 11289600>;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 196/817] arm64: dts: imx8mn-tqma8mqnl-mba8mx-usbot: fix coexistence of output-low and output-high in GPIO
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (194 preceding siblings ...)
2024-12-03 14:36 ` [PATCH 6.11 195/817] arm64: dts: renesas: hihope: Drop #sound-dai-cells Greg Kroah-Hartman
@ 2024-12-03 14:36 ` Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 197/817] arm64: dts: mediatek: Add ADC node on MT6357, MT6358, MT6359 PMICs Greg Kroah-Hartman
` (630 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:36 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Frank Li, Alexander Stein, Shawn Guo,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Frank Li <Frank.Li@nxp.com>
[ Upstream commit c771d311b1901cd4679c8fc7f89a882fe07cf4a0 ]
Fix the issue where both 'output-low' and 'output-high' exist under GPIO
hog nodes (rst_usb_hub_hog and sel_usb_hub_hog) when applying device
tree overlays. Since /delete-property/ is not supported in the overlays,
setting 'output-low' results in both properties being present. The
workaround is to disable these hogs and create new ones with 'output-low'
as needed.
Fix below CHECK_DTBS warning:
arch/arm64/boot/dts/freescale/imx8mn-tqma8mqnl-mba8mx-usbotg.dtb: sel-usb-hub-hog:
{'output-low': True, 'gpio-hog': True, 'gpios': [[1, 0]], 'output-high': True, 'phandle': 108, '$nodename': ['sel-usb-hub-hog']}
is valid under each of {'required': ['output-low']}, {'required': ['output-high']
Fixes: 3f6fc30abebc ("arm64: dts: imx8mn: tqma8mqnl-mba8mx: Add USB DR overlay")
Signed-off-by: Frank Li <Frank.Li@nxp.com>
Reviewed-by: Alexander Stein <alexander.stein@ew.tq-group.com>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../imx8mn-tqma8mqnl-mba8mx-usbotg.dtso | 29 +++++++++++++++++--
1 file changed, 27 insertions(+), 2 deletions(-)
diff --git a/arch/arm64/boot/dts/freescale/imx8mn-tqma8mqnl-mba8mx-usbotg.dtso b/arch/arm64/boot/dts/freescale/imx8mn-tqma8mqnl-mba8mx-usbotg.dtso
index 96db07fc9bece..1f2a0fe70a0a2 100644
--- a/arch/arm64/boot/dts/freescale/imx8mn-tqma8mqnl-mba8mx-usbotg.dtso
+++ b/arch/arm64/boot/dts/freescale/imx8mn-tqma8mqnl-mba8mx-usbotg.dtso
@@ -29,12 +29,37 @@ usb_dr_connector: endpoint {
};
};
+/*
+ * rst_usb_hub_hog and sel_usb_hub_hog have property 'output-high',
+ * dt overlay don't support /delete-property/. Both 'output-low' and
+ * 'output-high' will be exist under hog nodes if overlay file set
+ * 'output-low'. Workaround is disable these hog and create new hog with
+ * 'output-low'.
+ */
+
&rst_usb_hub_hog {
- output-low;
+ status = "disabled";
+};
+
+&expander0 {
+ rst-usb-low-hub-hog {
+ gpio-hog;
+ gpios = <13 0>;
+ output-low;
+ line-name = "RST_USB_HUB#";
+ };
};
&sel_usb_hub_hog {
- output-low;
+ status = "disabled";
+};
+
+&gpio2 {
+ sel-usb-low-hub-hog {
+ gpio-hog;
+ gpios = <1 GPIO_ACTIVE_HIGH>;
+ output-low;
+ };
};
&usbotg1 {
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 197/817] arm64: dts: mediatek: Add ADC node on MT6357, MT6358, MT6359 PMICs
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (195 preceding siblings ...)
2024-12-03 14:36 ` [PATCH 6.11 196/817] arm64: dts: imx8mn-tqma8mqnl-mba8mx-usbot: fix coexistence of output-low and output-high in GPIO Greg Kroah-Hartman
@ 2024-12-03 14:36 ` Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 198/817] arm64: dts: mediatek: mt6358: fix dtbs_check error Greg Kroah-Hartman
` (629 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:36 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, AngeloGioacchino Del Regno,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
[ Upstream commit b0a4ce81f327eae06c1088f1a437edc48a94a3e8 ]
Add support for the ADC on MT6357/8/9 and keep it default enabled
as this IP is always present on those PMICs.
Users may use different IIO channels depending on board-specific
routing.
Link: https://lore.kernel.org/r/20240604123008.327424-6-angelogioacchino.delregno@collabora.com
Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Stable-dep-of: 76ab2ae0ab9e ("arm64: dts: mediatek: mt6358: fix dtbs_check error")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/mediatek/mt6357.dtsi | 5 +++++
arch/arm64/boot/dts/mediatek/mt6358.dtsi | 5 +++++
arch/arm64/boot/dts/mediatek/mt6359.dtsi | 5 +++++
3 files changed, 15 insertions(+)
diff --git a/arch/arm64/boot/dts/mediatek/mt6357.dtsi b/arch/arm64/boot/dts/mediatek/mt6357.dtsi
index 3330a03c2f745..5fafa842d312f 100644
--- a/arch/arm64/boot/dts/mediatek/mt6357.dtsi
+++ b/arch/arm64/boot/dts/mediatek/mt6357.dtsi
@@ -10,6 +10,11 @@ &pwrap {
mt6357_pmic: pmic {
compatible = "mediatek,mt6357";
+ pmic_adc: adc {
+ compatible = "mediatek,mt6357-auxadc";
+ #io-channel-cells = <1>;
+ };
+
regulators {
mt6357_vproc_reg: buck-vproc {
regulator-name = "vproc";
diff --git a/arch/arm64/boot/dts/mediatek/mt6358.dtsi b/arch/arm64/boot/dts/mediatek/mt6358.dtsi
index a1b96013f8141..641d452fbc083 100644
--- a/arch/arm64/boot/dts/mediatek/mt6358.dtsi
+++ b/arch/arm64/boot/dts/mediatek/mt6358.dtsi
@@ -10,6 +10,11 @@ pmic: pmic {
interrupt-controller;
#interrupt-cells = <2>;
+ pmic_adc: adc {
+ compatible = "mediatek,mt6358-auxadc";
+ #io-channel-cells = <1>;
+ };
+
mt6358codec: mt6358codec {
compatible = "mediatek,mt6358-sound";
mediatek,dmic-mode = <0>; /* two-wires */
diff --git a/arch/arm64/boot/dts/mediatek/mt6359.dtsi b/arch/arm64/boot/dts/mediatek/mt6359.dtsi
index df3e822232d34..8e1b8c85c6ede 100644
--- a/arch/arm64/boot/dts/mediatek/mt6359.dtsi
+++ b/arch/arm64/boot/dts/mediatek/mt6359.dtsi
@@ -9,6 +9,11 @@ pmic: pmic {
interrupt-controller;
#interrupt-cells = <2>;
+ pmic_adc: adc {
+ compatible = "mediatek,mt6359-auxadc";
+ #io-channel-cells = <1>;
+ };
+
mt6359codec: mt6359codec {
};
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 198/817] arm64: dts: mediatek: mt6358: fix dtbs_check error
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (196 preceding siblings ...)
2024-12-03 14:36 ` [PATCH 6.11 197/817] arm64: dts: mediatek: Add ADC node on MT6357, MT6358, MT6359 PMICs Greg Kroah-Hartman
@ 2024-12-03 14:36 ` Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 199/817] arm64: dts: mediatek: mt8183-kukui-jacuzzi: Fix DP bridge supply names Greg Kroah-Hartman
` (628 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:36 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Macpaul Lin,
AngeloGioacchino Del Regno, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Macpaul Lin <macpaul.lin@mediatek.com>
[ Upstream commit 76ab2ae0ab9ebb2d70e6ee8a9f59911621192c37 ]
Fix DTBS check errors for 'mt6358codec' and 'mt6358regulator':
Error message is:
pmic: 'mt6358codec' and 'mt6358regulator' does not match any of the
regexes: 'pinctrl-[0-9]+'.
Rename these two device node to generic 'audio-codec' and 'regulators'.
Fixes: 9f8872221674 ("arm64: dts: mt6358: add PMIC MT6358 related nodes")
Signed-off-by: Macpaul Lin <macpaul.lin@mediatek.com>
Link: https://lore.kernel.org/r/20241029064647.13370-1-macpaul.lin@mediatek.com
Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/mediatek/mt6358.dtsi | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/arm64/boot/dts/mediatek/mt6358.dtsi b/arch/arm64/boot/dts/mediatek/mt6358.dtsi
index 641d452fbc083..e23672a2eea4a 100644
--- a/arch/arm64/boot/dts/mediatek/mt6358.dtsi
+++ b/arch/arm64/boot/dts/mediatek/mt6358.dtsi
@@ -15,12 +15,12 @@ pmic_adc: adc {
#io-channel-cells = <1>;
};
- mt6358codec: mt6358codec {
+ mt6358codec: audio-codec {
compatible = "mediatek,mt6358-sound";
mediatek,dmic-mode = <0>; /* two-wires */
};
- mt6358regulator: mt6358regulator {
+ mt6358regulator: regulators {
compatible = "mediatek,mt6358-regulator";
mt6358_vdram1_reg: buck_vdram1 {
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 199/817] arm64: dts: mediatek: mt8183-kukui-jacuzzi: Fix DP bridge supply names
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (197 preceding siblings ...)
2024-12-03 14:36 ` [PATCH 6.11 198/817] arm64: dts: mediatek: mt6358: fix dtbs_check error Greg Kroah-Hartman
@ 2024-12-03 14:36 ` Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 200/817] arm64: dts: mediatek: mt8183-kukui-jacuzzi: Add supplies for fixed regulators Greg Kroah-Hartman
` (627 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:36 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Chen-Yu Tsai,
AngeloGioacchino Del Regno, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chen-Yu Tsai <wenst@chromium.org>
[ Upstream commit c4e8cf13f1740037483565d5b802764e2426515b ]
Some of the regulator supplies for the MIPI-DPI-to-DP bridge and their
associated nodes are incorrectly named. In particular, the 1.0V supply
was modeled as a 1.2V supply.
Fix all the incorrect names, and also fix the voltage of the 1.0V
regulator.
Fixes: cabc71b08eb5 ("arm64: dts: mt8183: Add kukui-jacuzzi-damu board")
Signed-off-by: Chen-Yu Tsai <wenst@chromium.org>
Link: https://lore.kernel.org/r/20241030070224.1006331-3-wenst@chromium.org
Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../dts/mediatek/mt8183-kukui-jacuzzi.dtsi | 26 ++++++++++---------
1 file changed, 14 insertions(+), 12 deletions(-)
diff --git a/arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi.dtsi b/arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi.dtsi
index fa4ab4d2899f9..4a11e480ed2b5 100644
--- a/arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi.dtsi
+++ b/arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi.dtsi
@@ -8,11 +8,13 @@
#include <arm/cros-ec-keyboard.dtsi>
/ {
- pp1200_mipibrdg: pp1200-mipibrdg {
+ pp1000_mipibrdg: pp1000-mipibrdg {
compatible = "regulator-fixed";
- regulator-name = "pp1200_mipibrdg";
+ regulator-name = "pp1000_mipibrdg";
+ regulator-min-microvolt = <1000000>;
+ regulator-max-microvolt = <1000000>;
pinctrl-names = "default";
- pinctrl-0 = <&pp1200_mipibrdg_en>;
+ pinctrl-0 = <&pp1000_mipibrdg_en>;
enable-active-high;
regulator-boot-on;
@@ -24,7 +26,7 @@ pp1800_mipibrdg: pp1800-mipibrdg {
compatible = "regulator-fixed";
regulator-name = "pp1800_mipibrdg";
pinctrl-names = "default";
- pinctrl-0 = <&pp1800_lcd_en>;
+ pinctrl-0 = <&pp1800_mipibrdg_en>;
enable-active-high;
regulator-boot-on;
@@ -46,11 +48,11 @@ pp3300_panel: pp3300-panel {
gpio = <&pio 35 GPIO_ACTIVE_HIGH>;
};
- vddio_mipibrdg: vddio-mipibrdg {
+ pp3300_mipibrdg: pp3300-mipibrdg {
compatible = "regulator-fixed";
- regulator-name = "vddio_mipibrdg";
+ regulator-name = "pp3300_mipibrdg";
pinctrl-names = "default";
- pinctrl-0 = <&vddio_mipibrdg_en>;
+ pinctrl-0 = <&pp3300_mipibrdg_en>;
enable-active-high;
regulator-boot-on;
@@ -151,9 +153,9 @@ anx_bridge: anx7625@58 {
pinctrl-0 = <&anx7625_pins>;
enable-gpios = <&pio 45 GPIO_ACTIVE_HIGH>;
reset-gpios = <&pio 73 GPIO_ACTIVE_HIGH>;
- vdd10-supply = <&pp1200_mipibrdg>;
+ vdd10-supply = <&pp1000_mipibrdg>;
vdd18-supply = <&pp1800_mipibrdg>;
- vdd33-supply = <&vddio_mipibrdg>;
+ vdd33-supply = <&pp3300_mipibrdg>;
ports {
#address-cells = <1>;
@@ -396,14 +398,14 @@ &pio {
"",
"";
- pp1200_mipibrdg_en: pp1200-mipibrdg-en {
+ pp1000_mipibrdg_en: pp1000-mipibrdg-en {
pins1 {
pinmux = <PINMUX_GPIO54__FUNC_GPIO54>;
output-low;
};
};
- pp1800_lcd_en: pp1800-lcd-en {
+ pp1800_mipibrdg_en: pp1800-mipibrdg-en {
pins1 {
pinmux = <PINMUX_GPIO36__FUNC_GPIO36>;
output-low;
@@ -465,7 +467,7 @@ trackpad-int {
};
};
- vddio_mipibrdg_en: vddio-mipibrdg-en {
+ pp3300_mipibrdg_en: pp3300-mipibrdg-en {
pins1 {
pinmux = <PINMUX_GPIO37__FUNC_GPIO37>;
output-low;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 200/817] arm64: dts: mediatek: mt8183-kukui-jacuzzi: Add supplies for fixed regulators
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (198 preceding siblings ...)
2024-12-03 14:36 ` [PATCH 6.11 199/817] arm64: dts: mediatek: mt8183-kukui-jacuzzi: Fix DP bridge supply names Greg Kroah-Hartman
@ 2024-12-03 14:36 ` Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 201/817] selftests/resctrl: Print accurate buffer size as part of MBM results Greg Kroah-Hartman
` (626 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:36 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Chen-Yu Tsai,
AngeloGioacchino Del Regno, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chen-Yu Tsai <wenst@chromium.org>
[ Upstream commit aaecb1da58a72bfbd2c35d4aadc43caa02f11862 ]
When the fixed regulators for the LCD panel and DP bridge were added,
their supplies were not modeled in. These, except for the 1.0V supply,
are just load switches, and need and have a supply.
Add the supplies for each of the fixed regulators.
Fixes: cabc71b08eb5 ("arm64: dts: mt8183: Add kukui-jacuzzi-damu board")
Signed-off-by: Chen-Yu Tsai <wenst@chromium.org>
Link: https://lore.kernel.org/r/20241030070224.1006331-4-wenst@chromium.org
Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi.dtsi | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi.dtsi b/arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi.dtsi
index 4a11e480ed2b5..930e2ee83333a 100644
--- a/arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi.dtsi
+++ b/arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi.dtsi
@@ -20,6 +20,7 @@ pp1000_mipibrdg: pp1000-mipibrdg {
regulator-boot-on;
gpio = <&pio 54 GPIO_ACTIVE_HIGH>;
+ vin-supply = <&pp1800_alw>;
};
pp1800_mipibrdg: pp1800-mipibrdg {
@@ -32,6 +33,7 @@ pp1800_mipibrdg: pp1800-mipibrdg {
regulator-boot-on;
gpio = <&pio 36 GPIO_ACTIVE_HIGH>;
+ vin-supply = <&pp1800_alw>;
};
pp3300_panel: pp3300-panel {
@@ -46,6 +48,7 @@ pp3300_panel: pp3300-panel {
regulator-boot-on;
gpio = <&pio 35 GPIO_ACTIVE_HIGH>;
+ vin-supply = <&pp3300_alw>;
};
pp3300_mipibrdg: pp3300-mipibrdg {
@@ -58,6 +61,7 @@ pp3300_mipibrdg: pp3300-mipibrdg {
regulator-boot-on;
gpio = <&pio 37 GPIO_ACTIVE_HIGH>;
+ vin-supply = <&pp3300_alw>;
};
volume_buttons: volume-buttons {
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 201/817] selftests/resctrl: Print accurate buffer size as part of MBM results
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (199 preceding siblings ...)
2024-12-03 14:36 ` [PATCH 6.11 200/817] arm64: dts: mediatek: mt8183-kukui-jacuzzi: Add supplies for fixed regulators Greg Kroah-Hartman
@ 2024-12-03 14:36 ` Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 202/817] selftests/resctrl: Fix memory overflow due to unhandled wraparound Greg Kroah-Hartman
` (625 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:36 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Reinette Chatre, Ilpo Järvinen,
Shuah Khan, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Reinette Chatre <reinette.chatre@intel.com>
[ Upstream commit 1b4840395f08e9723a15fea42c2d31090e8375f3 ]
By default the MBM test uses the "fill_buf" benchmark to keep reading
from a buffer with size DEFAULT_SPAN while measuring memory bandwidth.
User space can provide an alternate benchmark or amend the size of
the buffer "fill_buf" should use.
Analysis of the MBM measurements do not require that a buffer be used
and thus do not require knowing the size of the buffer if it was used
during testing. Even so, the buffer size is printed as informational
as part of the MBM test results. What is printed as buffer size is
hardcoded as DEFAULT_SPAN, even if the test relied on another benchmark
(that may or may not use a buffer) or if user space amended the buffer
size.
Ensure that accurate buffer size is printed when using "fill_buf"
benchmark and omit the buffer size information if another benchmark
is used.
Fixes: ecdbb911f22d ("selftests/resctrl: Add MBM test")
Signed-off-by: Reinette Chatre <reinette.chatre@intel.com>
Reviewed-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/resctrl/mbm_test.c | 16 ++++++++++++++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git a/tools/testing/selftests/resctrl/mbm_test.c b/tools/testing/selftests/resctrl/mbm_test.c
index 6b5a3b52d861b..cf08ba5e314e2 100644
--- a/tools/testing/selftests/resctrl/mbm_test.c
+++ b/tools/testing/selftests/resctrl/mbm_test.c
@@ -40,7 +40,8 @@ show_bw_info(unsigned long *bw_imc, unsigned long *bw_resc, size_t span)
ksft_print_msg("%s Check MBM diff within %d%%\n",
ret ? "Fail:" : "Pass:", MAX_DIFF_PERCENT);
ksft_print_msg("avg_diff_per: %d%%\n", avg_diff_per);
- ksft_print_msg("Span (MB): %zu\n", span / MB);
+ if (span)
+ ksft_print_msg("Span (MB): %zu\n", span / MB);
ksft_print_msg("avg_bw_imc: %lu\n", avg_bw_imc);
ksft_print_msg("avg_bw_resc: %lu\n", avg_bw_resc);
@@ -138,15 +139,26 @@ static int mbm_run_test(const struct resctrl_test *test, const struct user_param
.setup = mbm_setup,
.measure = mbm_measure,
};
+ char *endptr = NULL;
+ size_t span = 0;
int ret;
remove(RESULT_FILE_NAME);
+ if (uparams->benchmark_cmd[0] && strcmp(uparams->benchmark_cmd[0], "fill_buf") == 0) {
+ if (uparams->benchmark_cmd[1] && *uparams->benchmark_cmd[1] != '\0') {
+ errno = 0;
+ span = strtoul(uparams->benchmark_cmd[1], &endptr, 10);
+ if (errno || *endptr != '\0')
+ return -EINVAL;
+ }
+ }
+
ret = resctrl_val(test, uparams, uparams->benchmark_cmd, ¶m);
if (ret)
return ret;
- ret = check_results(DEFAULT_SPAN);
+ ret = check_results(span);
if (ret && (get_vendor() == ARCH_INTEL))
ksft_print_msg("Intel MBM may be inaccurate when Sub-NUMA Clustering is enabled. Check BIOS configuration.\n");
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 202/817] selftests/resctrl: Fix memory overflow due to unhandled wraparound
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (200 preceding siblings ...)
2024-12-03 14:36 ` [PATCH 6.11 201/817] selftests/resctrl: Print accurate buffer size as part of MBM results Greg Kroah-Hartman
@ 2024-12-03 14:36 ` Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 203/817] selftests/resctrl: Protect against array overrun during iMC config parsing Greg Kroah-Hartman
` (624 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:36 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Reinette Chatre, Ilpo Järvinen,
Shuah Khan, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Reinette Chatre <reinette.chatre@intel.com>
[ Upstream commit caf02626b2bf164a02c808240f19dbf97aced664 ]
alloc_buffer() allocates and initializes (with random data) a
buffer of requested size. The initialization starts from the beginning
of the allocated buffer and incrementally assigns sizeof(uint64_t) random
data to each cache line. The initialization uses the size of the
buffer to control the initialization flow, decrementing the amount of
buffer needing to be initialized after each iteration.
The size of the buffer is stored in an unsigned (size_t) variable s64
and the test "s64 > 0" is used to decide if initialization is complete.
The problem is that decrementing the buffer size may wrap around
if the buffer size is not divisible by "CL_SIZE / sizeof(uint64_t)"
resulting in the "s64 > 0" test being true and memory beyond the buffer
"initialized".
Use a signed value for the buffer size to support all buffer sizes.
Fixes: a2561b12fe39 ("selftests/resctrl: Add built in benchmark")
Signed-off-by: Reinette Chatre <reinette.chatre@intel.com>
Reviewed-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/resctrl/fill_buf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/testing/selftests/resctrl/fill_buf.c b/tools/testing/selftests/resctrl/fill_buf.c
index ae120f1735c0b..34e5df721430e 100644
--- a/tools/testing/selftests/resctrl/fill_buf.c
+++ b/tools/testing/selftests/resctrl/fill_buf.c
@@ -127,7 +127,7 @@ unsigned char *alloc_buffer(size_t buf_size, int memflush)
{
void *buf = NULL;
uint64_t *p64;
- size_t s64;
+ ssize_t s64;
int ret;
ret = posix_memalign(&buf, PAGE_SIZE, buf_size);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 203/817] selftests/resctrl: Protect against array overrun during iMC config parsing
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (201 preceding siblings ...)
2024-12-03 14:36 ` [PATCH 6.11 202/817] selftests/resctrl: Fix memory overflow due to unhandled wraparound Greg Kroah-Hartman
@ 2024-12-03 14:36 ` Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 204/817] firmware: arm_scpi: Check the DVFS OPP count returned by the firmware Greg Kroah-Hartman
` (623 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:36 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Reinette Chatre, Ilpo Järvinen,
Shuah Khan, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Reinette Chatre <reinette.chatre@intel.com>
[ Upstream commit 48ed4e799e8fbebae838dca404a8527763d41191 ]
The MBM and MBA tests need to discover the event and umask with which to
configure the performance event used to measure read memory bandwidth.
This is done by parsing the
/sys/bus/event_source/devices/uncore_imc_<imc instance>/events/cas_count_read
file for each iMC instance that contains the formatted
output: "event=<event>,umask=<umask>"
Parsing of cas_count_read contents is done by initializing an array of
MAX_TOKENS elements with tokens (deliminated by "=,") from this file.
Remove the unnecessary append of a delimiter to the string needing to be
parsed. Per the strtok() man page: "delimiter bytes at the start or end of
the string are ignored". This has no impact on the token placement within
the array.
After initialization, the actual event and umask is determined by
parsing the tokens directly following the "event" and "umask" tokens
respectively.
Iterating through the array up to index "i < MAX_TOKENS" but then
accessing index "i + 1" risks array overrun during the final iteration.
Avoid array overrun by ensuring that the index used within for
loop will always be valid.
Fixes: 1d3f08687d76 ("selftests/resctrl: Read memory bandwidth from perf IMC counter and from resctrl file system")
Signed-off-by: Reinette Chatre <reinette.chatre@intel.com>
Reviewed-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/resctrl/resctrl_val.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/tools/testing/selftests/resctrl/resctrl_val.c b/tools/testing/selftests/resctrl/resctrl_val.c
index 8c275f6b4dd77..f118f659e8960 100644
--- a/tools/testing/selftests/resctrl/resctrl_val.c
+++ b/tools/testing/selftests/resctrl/resctrl_val.c
@@ -83,13 +83,12 @@ void get_event_and_umask(char *cas_count_cfg, int count, bool op)
char *token[MAX_TOKENS];
int i = 0;
- strcat(cas_count_cfg, ",");
token[0] = strtok(cas_count_cfg, "=,");
for (i = 1; i < MAX_TOKENS; i++)
token[i] = strtok(NULL, "=,");
- for (i = 0; i < MAX_TOKENS; i++) {
+ for (i = 0; i < MAX_TOKENS - 1; i++) {
if (!token[i])
break;
if (strcmp(token[i], "event") == 0) {
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 204/817] firmware: arm_scpi: Check the DVFS OPP count returned by the firmware
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (202 preceding siblings ...)
2024-12-03 14:36 ` [PATCH 6.11 203/817] selftests/resctrl: Protect against array overrun during iMC config parsing Greg Kroah-Hartman
@ 2024-12-03 14:36 ` Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 205/817] media: ipu6: Fix DMA and physical address debugging messages for 32-bit Greg Kroah-Hartman
` (622 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:36 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Luo Qiu, Sudeep Holla, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Luo Qiu <luoqiu@kylinsec.com.cn>
[ Upstream commit 109aa654f85c5141e813b2cd1bd36d90be678407 ]
Fix a kernel crash with the below call trace when the SCPI firmware
returns OPP count of zero.
dvfs_info.opp_count may be zero on some platforms during the reboot
test, and the kernel will crash after dereferencing the pointer to
kcalloc(info->count, sizeof(*opp), GFP_KERNEL).
| Unable to handle kernel NULL pointer dereference at virtual address 0000000000000028
| Mem abort info:
| ESR = 0x96000004
| Exception class = DABT (current EL), IL = 32 bits
| SET = 0, FnV = 0
| EA = 0, S1PTW = 0
| Data abort info:
| ISV = 0, ISS = 0x00000004
| CM = 0, WnR = 0
| user pgtable: 4k pages, 48-bit VAs, pgdp = 00000000faefa08c
| [0000000000000028] pgd=0000000000000000
| Internal error: Oops: 96000004 [#1] SMP
| scpi-hwmon: probe of PHYT000D:00 failed with error -110
| Process systemd-udevd (pid: 1701, stack limit = 0x00000000aaede86c)
| CPU: 2 PID: 1701 Comm: systemd-udevd Not tainted 4.19.90+ #1
| Hardware name: PHYTIUM LTD Phytium FT2000/4/Phytium FT2000/4, BIOS
| pstate: 60000005 (nZCv daif -PAN -UAO)
| pc : scpi_dvfs_recalc_rate+0x40/0x58 [clk_scpi]
| lr : clk_register+0x438/0x720
| Call trace:
| scpi_dvfs_recalc_rate+0x40/0x58 [clk_scpi]
| devm_clk_hw_register+0x50/0xa0
| scpi_clk_ops_init.isra.2+0xa0/0x138 [clk_scpi]
| scpi_clocks_probe+0x528/0x70c [clk_scpi]
| platform_drv_probe+0x58/0xa8
| really_probe+0x260/0x3d0
| driver_probe_device+0x12c/0x148
| device_driver_attach+0x74/0x98
| __driver_attach+0xb4/0xe8
| bus_for_each_dev+0x88/0xe0
| driver_attach+0x30/0x40
| bus_add_driver+0x178/0x2b0
| driver_register+0x64/0x118
| __platform_driver_register+0x54/0x60
| scpi_clocks_driver_init+0x24/0x1000 [clk_scpi]
| do_one_initcall+0x54/0x220
| do_init_module+0x54/0x1c8
| load_module+0x14a4/0x1668
| __se_sys_finit_module+0xf8/0x110
| __arm64_sys_finit_module+0x24/0x30
| el0_svc_common+0x78/0x170
| el0_svc_handler+0x38/0x78
| el0_svc+0x8/0x340
| Code: 937d7c00 a94153f3 a8c27bfd f9400421 (b8606820)
| ---[ end trace 06feb22469d89fa8 ]---
| Kernel panic - not syncing: Fatal exception
| SMP: stopping secondary CPUs
| Kernel Offset: disabled
| CPU features: 0x10,a0002008
| Memory Limit: none
Fixes: 8cb7cf56c9fe ("firmware: add support for ARM System Control and Power Interface(SCPI) protocol")
Signed-off-by: Luo Qiu <luoqiu@kylinsec.com.cn>
Message-Id: <55A2F7A784391686+20241101032115.275977-1-luoqiu@kylinsec.com.cn>
Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/firmware/arm_scpi.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/firmware/arm_scpi.c b/drivers/firmware/arm_scpi.c
index 94a6b4e667de1..f4d47577f83ee 100644
--- a/drivers/firmware/arm_scpi.c
+++ b/drivers/firmware/arm_scpi.c
@@ -630,6 +630,9 @@ static struct scpi_dvfs_info *scpi_dvfs_get_info(u8 domain)
if (ret)
return ERR_PTR(ret);
+ if (!buf.opp_count)
+ return ERR_PTR(-ENOENT);
+
info = kmalloc(sizeof(*info), GFP_KERNEL);
if (!info)
return ERR_PTR(-ENOMEM);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 205/817] media: ipu6: Fix DMA and physical address debugging messages for 32-bit
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (203 preceding siblings ...)
2024-12-03 14:36 ` [PATCH 6.11 204/817] firmware: arm_scpi: Check the DVFS OPP count returned by the firmware Greg Kroah-Hartman
@ 2024-12-03 14:36 ` Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 206/817] media: ipu6: not override the dma_ops of device in driver Greg Kroah-Hartman
` (621 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:36 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Sakari Ailus, Bingbu Cao,
Hans Verkuil, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sakari Ailus <sakari.ailus@linux.intel.com>
[ Upstream commit 199c204bcc732ec18dbaec2b9d6445addbd376ea ]
Fix printing DMA and physical address printing on 32-bit platforms, by
using correct types. Also cast DMA_BIT_MASK() result to dma_addr_t to make
Clang happy.
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Reviewed-by: Bingbu Cao <bingbu.cao@intel.com>
Signed-off-by: Hans Verkuil <hverkuil@xs4all.nl>
Stable-dep-of: daabc5c64703 ("media: ipu6: not override the dma_ops of device in driver")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/pci/intel/ipu6/ipu6-dma.c | 7 ++++---
drivers/media/pci/intel/ipu6/ipu6-mmu.c | 28 +++++++++++++++----------
2 files changed, 21 insertions(+), 14 deletions(-)
diff --git a/drivers/media/pci/intel/ipu6/ipu6-dma.c b/drivers/media/pci/intel/ipu6/ipu6-dma.c
index 92530a1cc90f5..801f6bd00a891 100644
--- a/drivers/media/pci/intel/ipu6/ipu6-dma.c
+++ b/drivers/media/pci/intel/ipu6/ipu6-dma.c
@@ -428,11 +428,12 @@ static int ipu6_dma_map_sg(struct device *dev, struct scatterlist *sglist,
iova_addr = iova->pfn_lo;
for_each_sg(sglist, sg, count, i) {
+ phys_addr_t iova_pa;
int ret;
- dev_dbg(dev, "mapping entry %d: iova 0x%llx phy %pad size %d\n",
- i, PFN_PHYS(iova_addr), &sg_dma_address(sg),
- sg_dma_len(sg));
+ iova_pa = PFN_PHYS(iova_addr);
+ dev_dbg(dev, "mapping entry %d: iova %pap phy %pap size %d\n",
+ i, &iova_pa, &sg_dma_address(sg), sg_dma_len(sg));
ret = ipu6_mmu_map(mmu->dmap->mmu_info, PFN_PHYS(iova_addr),
sg_dma_address(sg),
diff --git a/drivers/media/pci/intel/ipu6/ipu6-mmu.c b/drivers/media/pci/intel/ipu6/ipu6-mmu.c
index c3a20507d6dbc..57298ac73d072 100644
--- a/drivers/media/pci/intel/ipu6/ipu6-mmu.c
+++ b/drivers/media/pci/intel/ipu6/ipu6-mmu.c
@@ -97,13 +97,15 @@ static void page_table_dump(struct ipu6_mmu_info *mmu_info)
for (l1_idx = 0; l1_idx < ISP_L1PT_PTES; l1_idx++) {
u32 l2_idx;
u32 iova = (phys_addr_t)l1_idx << ISP_L1PT_SHIFT;
+ phys_addr_t l2_phys;
if (mmu_info->l1_pt[l1_idx] == mmu_info->dummy_l2_pteval)
continue;
+
+ l2_phys = TBL_PHYS_ADDR(mmu_info->l1_pt[l1_idx];)
dev_dbg(mmu_info->dev,
- "l1 entry %u; iovas 0x%8.8x-0x%8.8x, at %pa\n",
- l1_idx, iova, iova + ISP_PAGE_SIZE,
- TBL_PHYS_ADDR(mmu_info->l1_pt[l1_idx]));
+ "l1 entry %u; iovas 0x%8.8x-0x%8.8x, at %pap\n",
+ l1_idx, iova, iova + ISP_PAGE_SIZE, &l2_phys);
for (l2_idx = 0; l2_idx < ISP_L2PT_PTES; l2_idx++) {
u32 *l2_pt = mmu_info->l2_pts[l1_idx];
@@ -227,7 +229,7 @@ static u32 *alloc_l1_pt(struct ipu6_mmu_info *mmu_info)
}
mmu_info->l1_pt_dma = dma >> ISP_PADDR_SHIFT;
- dev_dbg(mmu_info->dev, "l1 pt %p mapped at %llx\n", pt, dma);
+ dev_dbg(mmu_info->dev, "l1 pt %p mapped at %pad\n", pt, &dma);
return pt;
@@ -330,8 +332,8 @@ static int __ipu6_mmu_map(struct ipu6_mmu_info *mmu_info, unsigned long iova,
u32 iova_end = ALIGN(iova + size, ISP_PAGE_SIZE);
dev_dbg(mmu_info->dev,
- "mapping iova 0x%8.8x--0x%8.8x, size %zu at paddr 0x%10.10llx\n",
- iova_start, iova_end, size, paddr);
+ "mapping iova 0x%8.8x--0x%8.8x, size %zu at paddr %pap\n",
+ iova_start, iova_end, size, &paddr);
return l2_map(mmu_info, iova_start, paddr, size);
}
@@ -361,10 +363,13 @@ static size_t l2_unmap(struct ipu6_mmu_info *mmu_info, unsigned long iova,
for (l2_idx = (iova_start & ISP_L2PT_MASK) >> ISP_L2PT_SHIFT;
(iova_start & ISP_L1PT_MASK) + (l2_idx << ISP_PAGE_SHIFT)
< iova_start + size && l2_idx < ISP_L2PT_PTES; l2_idx++) {
+ phys_addr_t pteval;
+
l2_pt = mmu_info->l2_pts[l1_idx];
+ pteval = TBL_PHYS_ADDR(l2_pt[l2_idx]);
dev_dbg(mmu_info->dev,
- "unmap l2 index %u with pteval 0x%10.10llx\n",
- l2_idx, TBL_PHYS_ADDR(l2_pt[l2_idx]));
+ "unmap l2 index %u with pteval 0x%p\n",
+ l2_idx, &pteval);
l2_pt[l2_idx] = mmu_info->dummy_page_pteval;
clflush_cache_range((void *)&l2_pt[l2_idx],
@@ -525,9 +530,10 @@ static struct ipu6_mmu_info *ipu6_mmu_alloc(struct ipu6_device *isp)
return NULL;
mmu_info->aperture_start = 0;
- mmu_info->aperture_end = DMA_BIT_MASK(isp->secure_mode ?
- IPU6_MMU_ADDR_BITS :
- IPU6_MMU_ADDR_BITS_NON_SECURE);
+ mmu_info->aperture_end =
+ (dma_addr_t)DMA_BIT_MASK(isp->secure_mode ?
+ IPU6_MMU_ADDR_BITS :
+ IPU6_MMU_ADDR_BITS_NON_SECURE);
mmu_info->pgsize_bitmap = SZ_4K;
mmu_info->dev = &isp->pdev->dev;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 206/817] media: ipu6: not override the dma_ops of device in driver
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (204 preceding siblings ...)
2024-12-03 14:36 ` [PATCH 6.11 205/817] media: ipu6: Fix DMA and physical address debugging messages for 32-bit Greg Kroah-Hartman
@ 2024-12-03 14:36 ` Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 207/817] media: venus: fix enc/dec destruction order Greg Kroah-Hartman
` (620 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:36 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Bingbu Cao, Christoph Hellwig,
Sakari Ailus, Hans Verkuil, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Bingbu Cao <bingbu.cao@intel.com>
[ Upstream commit daabc5c64703432c4a8798421a3588c2c142c51b ]
DMA ops are a helper for architectures and not for drivers to override the
DMA implementation. Driver should not override the DMA implementation.
This patch removes the dma_ops override from auxiliary device and adds
driver-internal helpers that use the actual DMA mapping APIs.
Fixes: 9163d83573e4 ("media: intel/ipu6: add IPU6 DMA mapping API and MMU table")
Signed-off-by: Bingbu Cao <bingbu.cao@intel.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
[Sakari Ailus: Fix the commit message a little.]
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Hans Verkuil <hverkuil@xs4all.nl>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/pci/intel/ipu6/ipu6-bus.c | 6 -
drivers/media/pci/intel/ipu6/ipu6-buttress.c | 21 +-
drivers/media/pci/intel/ipu6/ipu6-cpd.c | 18 +-
drivers/media/pci/intel/ipu6/ipu6-dma.c | 195 +++++++++----------
drivers/media/pci/intel/ipu6/ipu6-dma.h | 34 +++-
drivers/media/pci/intel/ipu6/ipu6-fw-com.c | 14 +-
6 files changed, 156 insertions(+), 132 deletions(-)
diff --git a/drivers/media/pci/intel/ipu6/ipu6-bus.c b/drivers/media/pci/intel/ipu6/ipu6-bus.c
index 149ec098cdbfe..37d88ddb6ee7c 100644
--- a/drivers/media/pci/intel/ipu6/ipu6-bus.c
+++ b/drivers/media/pci/intel/ipu6/ipu6-bus.c
@@ -94,8 +94,6 @@ ipu6_bus_initialize_device(struct pci_dev *pdev, struct device *parent,
if (!adev)
return ERR_PTR(-ENOMEM);
- adev->dma_mask = DMA_BIT_MASK(isp->secure_mode ? IPU6_MMU_ADDR_BITS :
- IPU6_MMU_ADDR_BITS_NON_SECURE);
adev->isp = isp;
adev->ctrl = ctrl;
adev->pdata = pdata;
@@ -106,10 +104,6 @@ ipu6_bus_initialize_device(struct pci_dev *pdev, struct device *parent,
auxdev->dev.parent = parent;
auxdev->dev.release = ipu6_bus_release;
- auxdev->dev.dma_ops = &ipu6_dma_ops;
- auxdev->dev.dma_mask = &adev->dma_mask;
- auxdev->dev.dma_parms = pdev->dev.dma_parms;
- auxdev->dev.coherent_dma_mask = adev->dma_mask;
ret = auxiliary_device_init(auxdev);
if (ret < 0) {
diff --git a/drivers/media/pci/intel/ipu6/ipu6-buttress.c b/drivers/media/pci/intel/ipu6/ipu6-buttress.c
index e47f84c30e10d..d66db537be4a6 100644
--- a/drivers/media/pci/intel/ipu6/ipu6-buttress.c
+++ b/drivers/media/pci/intel/ipu6/ipu6-buttress.c
@@ -24,6 +24,7 @@
#include "ipu6.h"
#include "ipu6-bus.h"
+#include "ipu6-dma.h"
#include "ipu6-buttress.h"
#include "ipu6-platform-buttress-regs.h"
@@ -553,6 +554,7 @@ int ipu6_buttress_map_fw_image(struct ipu6_bus_device *sys,
const struct firmware *fw, struct sg_table *sgt)
{
bool is_vmalloc = is_vmalloc_addr(fw->data);
+ struct pci_dev *pdev = sys->isp->pdev;
struct page **pages;
const void *addr;
unsigned long n_pages;
@@ -588,14 +590,20 @@ int ipu6_buttress_map_fw_image(struct ipu6_bus_device *sys,
goto out;
}
- ret = dma_map_sgtable(&sys->auxdev.dev, sgt, DMA_TO_DEVICE, 0);
- if (ret < 0) {
- ret = -ENOMEM;
+ ret = dma_map_sgtable(&pdev->dev, sgt, DMA_TO_DEVICE, 0);
+ if (ret) {
+ sg_free_table(sgt);
+ goto out;
+ }
+
+ ret = ipu6_dma_map_sgtable(sys, sgt, DMA_TO_DEVICE, 0);
+ if (ret) {
+ dma_unmap_sgtable(&pdev->dev, sgt, DMA_TO_DEVICE, 0);
sg_free_table(sgt);
goto out;
}
- dma_sync_sgtable_for_device(&sys->auxdev.dev, sgt, DMA_TO_DEVICE);
+ ipu6_dma_sync_sgtable(sys, sgt);
out:
kfree(pages);
@@ -607,7 +615,10 @@ EXPORT_SYMBOL_NS_GPL(ipu6_buttress_map_fw_image, INTEL_IPU6);
void ipu6_buttress_unmap_fw_image(struct ipu6_bus_device *sys,
struct sg_table *sgt)
{
- dma_unmap_sgtable(&sys->auxdev.dev, sgt, DMA_TO_DEVICE, 0);
+ struct pci_dev *pdev = sys->isp->pdev;
+
+ ipu6_dma_unmap_sgtable(sys, sgt, DMA_TO_DEVICE, 0);
+ dma_unmap_sgtable(&pdev->dev, sgt, DMA_TO_DEVICE, 0);
sg_free_table(sgt);
}
EXPORT_SYMBOL_NS_GPL(ipu6_buttress_unmap_fw_image, INTEL_IPU6);
diff --git a/drivers/media/pci/intel/ipu6/ipu6-cpd.c b/drivers/media/pci/intel/ipu6/ipu6-cpd.c
index 715b21ab4b8e9..21c1c128a7eaa 100644
--- a/drivers/media/pci/intel/ipu6/ipu6-cpd.c
+++ b/drivers/media/pci/intel/ipu6/ipu6-cpd.c
@@ -15,6 +15,7 @@
#include "ipu6.h"
#include "ipu6-bus.h"
#include "ipu6-cpd.h"
+#include "ipu6-dma.h"
/* 15 entries + header*/
#define MAX_PKG_DIR_ENT_CNT 16
@@ -162,7 +163,6 @@ int ipu6_cpd_create_pkg_dir(struct ipu6_bus_device *adev, const void *src)
{
dma_addr_t dma_addr_src = sg_dma_address(adev->fw_sgt.sgl);
const struct ipu6_cpd_ent *ent, *man_ent, *met_ent;
- struct device *dev = &adev->auxdev.dev;
struct ipu6_device *isp = adev->isp;
unsigned int man_sz, met_sz;
void *pkg_dir_pos;
@@ -175,8 +175,8 @@ int ipu6_cpd_create_pkg_dir(struct ipu6_bus_device *adev, const void *src)
met_sz = met_ent->len;
adev->pkg_dir_size = PKG_DIR_SIZE + man_sz + met_sz;
- adev->pkg_dir = dma_alloc_attrs(dev, adev->pkg_dir_size,
- &adev->pkg_dir_dma_addr, GFP_KERNEL, 0);
+ adev->pkg_dir = ipu6_dma_alloc(adev, adev->pkg_dir_size,
+ &adev->pkg_dir_dma_addr, GFP_KERNEL, 0);
if (!adev->pkg_dir)
return -ENOMEM;
@@ -198,8 +198,8 @@ int ipu6_cpd_create_pkg_dir(struct ipu6_bus_device *adev, const void *src)
met_ent->len);
if (ret) {
dev_err(&isp->pdev->dev, "Failed to parse module data\n");
- dma_free_attrs(dev, adev->pkg_dir_size,
- adev->pkg_dir, adev->pkg_dir_dma_addr, 0);
+ ipu6_dma_free(adev, adev->pkg_dir_size,
+ adev->pkg_dir, adev->pkg_dir_dma_addr, 0);
return ret;
}
@@ -211,8 +211,8 @@ int ipu6_cpd_create_pkg_dir(struct ipu6_bus_device *adev, const void *src)
pkg_dir_pos += man_sz;
memcpy(pkg_dir_pos, src + met_ent->offset, met_sz);
- dma_sync_single_range_for_device(dev, adev->pkg_dir_dma_addr,
- 0, adev->pkg_dir_size, DMA_TO_DEVICE);
+ ipu6_dma_sync_single(adev, adev->pkg_dir_dma_addr,
+ adev->pkg_dir_size);
return 0;
}
@@ -220,8 +220,8 @@ EXPORT_SYMBOL_NS_GPL(ipu6_cpd_create_pkg_dir, INTEL_IPU6);
void ipu6_cpd_free_pkg_dir(struct ipu6_bus_device *adev)
{
- dma_free_attrs(&adev->auxdev.dev, adev->pkg_dir_size, adev->pkg_dir,
- adev->pkg_dir_dma_addr, 0);
+ ipu6_dma_free(adev, adev->pkg_dir_size, adev->pkg_dir,
+ adev->pkg_dir_dma_addr, 0);
}
EXPORT_SYMBOL_NS_GPL(ipu6_cpd_free_pkg_dir, INTEL_IPU6);
diff --git a/drivers/media/pci/intel/ipu6/ipu6-dma.c b/drivers/media/pci/intel/ipu6/ipu6-dma.c
index 801f6bd00a891..b71f66bd8c1fd 100644
--- a/drivers/media/pci/intel/ipu6/ipu6-dma.c
+++ b/drivers/media/pci/intel/ipu6/ipu6-dma.c
@@ -39,8 +39,7 @@ static struct vm_info *get_vm_info(struct ipu6_mmu *mmu, dma_addr_t iova)
return NULL;
}
-static void __dma_clear_buffer(struct page *page, size_t size,
- unsigned long attrs)
+static void __clear_buffer(struct page *page, size_t size, unsigned long attrs)
{
void *ptr;
@@ -56,8 +55,7 @@ static void __dma_clear_buffer(struct page *page, size_t size,
clflush_cache_range(ptr, size);
}
-static struct page **__dma_alloc_buffer(struct device *dev, size_t size,
- gfp_t gfp, unsigned long attrs)
+static struct page **__alloc_buffer(size_t size, gfp_t gfp, unsigned long attrs)
{
int count = PHYS_PFN(size);
int array_size = count * sizeof(struct page *);
@@ -86,7 +84,7 @@ static struct page **__dma_alloc_buffer(struct device *dev, size_t size,
pages[i + j] = pages[i] + j;
}
- __dma_clear_buffer(pages[i], PAGE_SIZE << order, attrs);
+ __clear_buffer(pages[i], PAGE_SIZE << order, attrs);
i += 1 << order;
count -= 1 << order;
}
@@ -100,29 +98,26 @@ static struct page **__dma_alloc_buffer(struct device *dev, size_t size,
return NULL;
}
-static void __dma_free_buffer(struct device *dev, struct page **pages,
- size_t size, unsigned long attrs)
+static void __free_buffer(struct page **pages, size_t size, unsigned long attrs)
{
int count = PHYS_PFN(size);
unsigned int i;
for (i = 0; i < count && pages[i]; i++) {
- __dma_clear_buffer(pages[i], PAGE_SIZE, attrs);
+ __clear_buffer(pages[i], PAGE_SIZE, attrs);
__free_pages(pages[i], 0);
}
kvfree(pages);
}
-static void ipu6_dma_sync_single_for_cpu(struct device *dev,
- dma_addr_t dma_handle,
- size_t size,
- enum dma_data_direction dir)
+void ipu6_dma_sync_single(struct ipu6_bus_device *sys, dma_addr_t dma_handle,
+ size_t size)
{
void *vaddr;
u32 offset;
struct vm_info *info;
- struct ipu6_mmu *mmu = to_ipu6_bus_device(dev)->mmu;
+ struct ipu6_mmu *mmu = sys->mmu;
info = get_vm_info(mmu, dma_handle);
if (WARN_ON(!info))
@@ -135,10 +130,10 @@ static void ipu6_dma_sync_single_for_cpu(struct device *dev,
vaddr = info->vaddr + offset;
clflush_cache_range(vaddr, size);
}
+EXPORT_SYMBOL_NS_GPL(ipu6_dma_sync_single, INTEL_IPU6);
-static void ipu6_dma_sync_sg_for_cpu(struct device *dev,
- struct scatterlist *sglist,
- int nents, enum dma_data_direction dir)
+void ipu6_dma_sync_sg(struct ipu6_bus_device *sys, struct scatterlist *sglist,
+ int nents)
{
struct scatterlist *sg;
int i;
@@ -146,14 +141,22 @@ static void ipu6_dma_sync_sg_for_cpu(struct device *dev,
for_each_sg(sglist, sg, nents, i)
clflush_cache_range(page_to_virt(sg_page(sg)), sg->length);
}
+EXPORT_SYMBOL_NS_GPL(ipu6_dma_sync_sg, INTEL_IPU6);
-static void *ipu6_dma_alloc(struct device *dev, size_t size,
- dma_addr_t *dma_handle, gfp_t gfp,
- unsigned long attrs)
+void ipu6_dma_sync_sgtable(struct ipu6_bus_device *sys, struct sg_table *sgt)
{
- struct ipu6_mmu *mmu = to_ipu6_bus_device(dev)->mmu;
- struct pci_dev *pdev = to_ipu6_bus_device(dev)->isp->pdev;
+ ipu6_dma_sync_sg(sys, sgt->sgl, sgt->orig_nents);
+}
+EXPORT_SYMBOL_NS_GPL(ipu6_dma_sync_sgtable, INTEL_IPU6);
+
+void *ipu6_dma_alloc(struct ipu6_bus_device *sys, size_t size,
+ dma_addr_t *dma_handle, gfp_t gfp,
+ unsigned long attrs)
+{
+ struct device *dev = &sys->auxdev.dev;
+ struct pci_dev *pdev = sys->isp->pdev;
dma_addr_t pci_dma_addr, ipu6_iova;
+ struct ipu6_mmu *mmu = sys->mmu;
struct vm_info *info;
unsigned long count;
struct page **pages;
@@ -173,7 +176,7 @@ static void *ipu6_dma_alloc(struct device *dev, size_t size,
if (!iova)
goto out_kfree;
- pages = __dma_alloc_buffer(dev, size, gfp, attrs);
+ pages = __alloc_buffer(size, gfp, attrs);
if (!pages)
goto out_free_iova;
@@ -227,7 +230,7 @@ static void *ipu6_dma_alloc(struct device *dev, size_t size,
ipu6_mmu_unmap(mmu->dmap->mmu_info, ipu6_iova, PAGE_SIZE);
}
- __dma_free_buffer(dev, pages, size, attrs);
+ __free_buffer(pages, size, attrs);
out_free_iova:
__free_iova(&mmu->dmap->iovad, iova);
@@ -236,13 +239,13 @@ static void *ipu6_dma_alloc(struct device *dev, size_t size,
return NULL;
}
+EXPORT_SYMBOL_NS_GPL(ipu6_dma_alloc, INTEL_IPU6);
-static void ipu6_dma_free(struct device *dev, size_t size, void *vaddr,
- dma_addr_t dma_handle,
- unsigned long attrs)
+void ipu6_dma_free(struct ipu6_bus_device *sys, size_t size, void *vaddr,
+ dma_addr_t dma_handle, unsigned long attrs)
{
- struct ipu6_mmu *mmu = to_ipu6_bus_device(dev)->mmu;
- struct pci_dev *pdev = to_ipu6_bus_device(dev)->isp->pdev;
+ struct ipu6_mmu *mmu = sys->mmu;
+ struct pci_dev *pdev = sys->isp->pdev;
struct iova *iova = find_iova(&mmu->dmap->iovad, PHYS_PFN(dma_handle));
dma_addr_t pci_dma_addr, ipu6_iova;
struct vm_info *info;
@@ -281,7 +284,7 @@ static void ipu6_dma_free(struct device *dev, size_t size, void *vaddr,
ipu6_mmu_unmap(mmu->dmap->mmu_info, PFN_PHYS(iova->pfn_lo),
PFN_PHYS(iova_size(iova)));
- __dma_free_buffer(dev, pages, size, attrs);
+ __free_buffer(pages, size, attrs);
mmu->tlb_invalidate(mmu);
@@ -289,13 +292,14 @@ static void ipu6_dma_free(struct device *dev, size_t size, void *vaddr,
kfree(info);
}
+EXPORT_SYMBOL_NS_GPL(ipu6_dma_free, INTEL_IPU6);
-static int ipu6_dma_mmap(struct device *dev, struct vm_area_struct *vma,
- void *addr, dma_addr_t iova, size_t size,
- unsigned long attrs)
+int ipu6_dma_mmap(struct ipu6_bus_device *sys, struct vm_area_struct *vma,
+ void *addr, dma_addr_t iova, size_t size,
+ unsigned long attrs)
{
- struct ipu6_mmu *mmu = to_ipu6_bus_device(dev)->mmu;
- size_t count = PHYS_PFN(PAGE_ALIGN(size));
+ struct ipu6_mmu *mmu = sys->mmu;
+ size_t count = PFN_UP(size);
struct vm_info *info;
size_t i;
int ret;
@@ -323,18 +327,17 @@ static int ipu6_dma_mmap(struct device *dev, struct vm_area_struct *vma,
return 0;
}
-static void ipu6_dma_unmap_sg(struct device *dev,
- struct scatterlist *sglist,
- int nents, enum dma_data_direction dir,
- unsigned long attrs)
+void ipu6_dma_unmap_sg(struct ipu6_bus_device *sys, struct scatterlist *sglist,
+ int nents, enum dma_data_direction dir,
+ unsigned long attrs)
{
- struct pci_dev *pdev = to_ipu6_bus_device(dev)->isp->pdev;
- struct ipu6_mmu *mmu = to_ipu6_bus_device(dev)->mmu;
+ struct device *dev = &sys->auxdev.dev;
+ struct ipu6_mmu *mmu = sys->mmu;
struct iova *iova = find_iova(&mmu->dmap->iovad,
PHYS_PFN(sg_dma_address(sglist)));
- int i, npages, count;
struct scatterlist *sg;
dma_addr_t pci_dma_addr;
+ unsigned int i;
if (!nents)
return;
@@ -342,31 +345,15 @@ static void ipu6_dma_unmap_sg(struct device *dev,
if (WARN_ON(!iova))
return;
- if ((attrs & DMA_ATTR_SKIP_CPU_SYNC) == 0)
- ipu6_dma_sync_sg_for_cpu(dev, sglist, nents, DMA_BIDIRECTIONAL);
-
- /* get the nents as orig_nents given by caller */
- count = 0;
- npages = iova_size(iova);
- for_each_sg(sglist, sg, nents, i) {
- if (sg_dma_len(sg) == 0 ||
- sg_dma_address(sg) == DMA_MAPPING_ERROR)
- break;
-
- npages -= PHYS_PFN(PAGE_ALIGN(sg_dma_len(sg)));
- count++;
- if (npages <= 0)
- break;
- }
-
/*
* Before IPU6 mmu unmap, return the pci dma address back to sg
* assume the nents is less than orig_nents as the least granule
* is 1 SZ_4K page
*/
- dev_dbg(dev, "trying to unmap concatenated %u ents\n", count);
- for_each_sg(sglist, sg, count, i) {
- dev_dbg(dev, "ipu unmap sg[%d] %pad\n", i, &sg_dma_address(sg));
+ dev_dbg(dev, "trying to unmap concatenated %u ents\n", nents);
+ for_each_sg(sglist, sg, nents, i) {
+ dev_dbg(dev, "unmap sg[%d] %pad size %u\n", i,
+ &sg_dma_address(sg), sg_dma_len(sg));
pci_dma_addr = ipu6_mmu_iova_to_phys(mmu->dmap->mmu_info,
sg_dma_address(sg));
dev_dbg(dev, "return pci_dma_addr %pad back to sg[%d]\n",
@@ -380,23 +367,21 @@ static void ipu6_dma_unmap_sg(struct device *dev,
PFN_PHYS(iova_size(iova)));
mmu->tlb_invalidate(mmu);
-
- dma_unmap_sg_attrs(&pdev->dev, sglist, nents, dir, attrs);
-
__free_iova(&mmu->dmap->iovad, iova);
}
+EXPORT_SYMBOL_NS_GPL(ipu6_dma_unmap_sg, INTEL_IPU6);
-static int ipu6_dma_map_sg(struct device *dev, struct scatterlist *sglist,
- int nents, enum dma_data_direction dir,
- unsigned long attrs)
+int ipu6_dma_map_sg(struct ipu6_bus_device *sys, struct scatterlist *sglist,
+ int nents, enum dma_data_direction dir,
+ unsigned long attrs)
{
- struct ipu6_mmu *mmu = to_ipu6_bus_device(dev)->mmu;
- struct pci_dev *pdev = to_ipu6_bus_device(dev)->isp->pdev;
+ struct device *dev = &sys->auxdev.dev;
+ struct ipu6_mmu *mmu = sys->mmu;
struct scatterlist *sg;
struct iova *iova;
size_t npages = 0;
unsigned long iova_addr;
- int i, count;
+ int i;
for_each_sg(sglist, sg, nents, i) {
if (sg->offset) {
@@ -406,18 +391,12 @@ static int ipu6_dma_map_sg(struct device *dev, struct scatterlist *sglist,
}
}
- dev_dbg(dev, "pci_dma_map_sg trying to map %d ents\n", nents);
- count = dma_map_sg_attrs(&pdev->dev, sglist, nents, dir, attrs);
- if (count <= 0) {
- dev_err(dev, "pci_dma_map_sg %d ents failed\n", nents);
- return 0;
- }
-
- dev_dbg(dev, "pci_dma_map_sg %d ents mapped\n", count);
-
- for_each_sg(sglist, sg, count, i)
+ for_each_sg(sglist, sg, nents, i)
npages += PHYS_PFN(PAGE_ALIGN(sg_dma_len(sg)));
+ dev_dbg(dev, "dmamap trying to map %d ents %zu pages\n",
+ nents, npages);
+
iova = alloc_iova(&mmu->dmap->iovad, npages,
PHYS_PFN(dma_get_mask(dev)), 0);
if (!iova)
@@ -427,7 +406,7 @@ static int ipu6_dma_map_sg(struct device *dev, struct scatterlist *sglist,
iova->pfn_hi);
iova_addr = iova->pfn_lo;
- for_each_sg(sglist, sg, count, i) {
+ for_each_sg(sglist, sg, nents, i) {
phys_addr_t iova_pa;
int ret;
@@ -446,25 +425,48 @@ static int ipu6_dma_map_sg(struct device *dev, struct scatterlist *sglist,
iova_addr += PHYS_PFN(PAGE_ALIGN(sg_dma_len(sg)));
}
- if ((attrs & DMA_ATTR_SKIP_CPU_SYNC) == 0)
- ipu6_dma_sync_sg_for_cpu(dev, sglist, nents, DMA_BIDIRECTIONAL);
+ dev_dbg(dev, "dmamap %d ents %zu pages mapped\n", nents, npages);
- return count;
+ return nents;
out_fail:
- ipu6_dma_unmap_sg(dev, sglist, i, dir, attrs);
+ ipu6_dma_unmap_sg(sys, sglist, i, dir, attrs);
return 0;
}
+EXPORT_SYMBOL_NS_GPL(ipu6_dma_map_sg, INTEL_IPU6);
+
+int ipu6_dma_map_sgtable(struct ipu6_bus_device *sys, struct sg_table *sgt,
+ enum dma_data_direction dir, unsigned long attrs)
+{
+ int nents;
+
+ nents = ipu6_dma_map_sg(sys, sgt->sgl, sgt->nents, dir, attrs);
+ if (nents < 0)
+ return nents;
+
+ sgt->nents = nents;
+
+ return 0;
+}
+EXPORT_SYMBOL_NS_GPL(ipu6_dma_map_sgtable, INTEL_IPU6);
+
+void ipu6_dma_unmap_sgtable(struct ipu6_bus_device *sys, struct sg_table *sgt,
+ enum dma_data_direction dir, unsigned long attrs)
+{
+ ipu6_dma_unmap_sg(sys, sgt->sgl, sgt->nents, dir, attrs);
+}
+EXPORT_SYMBOL_NS_GPL(ipu6_dma_unmap_sgtable, INTEL_IPU6);
/*
* Create scatter-list for the already allocated DMA buffer
*/
-static int ipu6_dma_get_sgtable(struct device *dev, struct sg_table *sgt,
- void *cpu_addr, dma_addr_t handle, size_t size,
- unsigned long attrs)
+int ipu6_dma_get_sgtable(struct ipu6_bus_device *sys, struct sg_table *sgt,
+ void *cpu_addr, dma_addr_t handle, size_t size,
+ unsigned long attrs)
{
- struct ipu6_mmu *mmu = to_ipu6_bus_device(dev)->mmu;
+ struct device *dev = &sys->auxdev.dev;
+ struct ipu6_mmu *mmu = sys->mmu;
struct vm_info *info;
int n_pages;
int ret = 0;
@@ -484,20 +486,7 @@ static int ipu6_dma_get_sgtable(struct device *dev, struct sg_table *sgt,
ret = sg_alloc_table_from_pages(sgt, info->pages, n_pages, 0, size,
GFP_KERNEL);
if (ret)
- dev_warn(dev, "IPU6 get sgt table failed\n");
+ dev_warn(dev, "get sgt table failed\n");
return ret;
}
-
-const struct dma_map_ops ipu6_dma_ops = {
- .alloc = ipu6_dma_alloc,
- .free = ipu6_dma_free,
- .mmap = ipu6_dma_mmap,
- .map_sg = ipu6_dma_map_sg,
- .unmap_sg = ipu6_dma_unmap_sg,
- .sync_single_for_cpu = ipu6_dma_sync_single_for_cpu,
- .sync_single_for_device = ipu6_dma_sync_single_for_cpu,
- .sync_sg_for_cpu = ipu6_dma_sync_sg_for_cpu,
- .sync_sg_for_device = ipu6_dma_sync_sg_for_cpu,
- .get_sgtable = ipu6_dma_get_sgtable,
-};
diff --git a/drivers/media/pci/intel/ipu6/ipu6-dma.h b/drivers/media/pci/intel/ipu6/ipu6-dma.h
index 847ea5b7c925c..b51244add9e61 100644
--- a/drivers/media/pci/intel/ipu6/ipu6-dma.h
+++ b/drivers/media/pci/intel/ipu6/ipu6-dma.h
@@ -5,7 +5,13 @@
#define IPU6_DMA_H
#include <linux/dma-map-ops.h>
+#include <linux/dma-mapping.h>
#include <linux/iova.h>
+#include <linux/iova.h>
+#include <linux/scatterlist.h>
+#include <linux/types.h>
+
+#include "ipu6-bus.h"
struct ipu6_mmu_info;
@@ -14,6 +20,30 @@ struct ipu6_dma_mapping {
struct iova_domain iovad;
};
-extern const struct dma_map_ops ipu6_dma_ops;
-
+void ipu6_dma_sync_single(struct ipu6_bus_device *sys, dma_addr_t dma_handle,
+ size_t size);
+void ipu6_dma_sync_sg(struct ipu6_bus_device *sys, struct scatterlist *sglist,
+ int nents);
+void ipu6_dma_sync_sgtable(struct ipu6_bus_device *sys, struct sg_table *sgt);
+void *ipu6_dma_alloc(struct ipu6_bus_device *sys, size_t size,
+ dma_addr_t *dma_handle, gfp_t gfp,
+ unsigned long attrs);
+void ipu6_dma_free(struct ipu6_bus_device *sys, size_t size, void *vaddr,
+ dma_addr_t dma_handle, unsigned long attrs);
+int ipu6_dma_mmap(struct ipu6_bus_device *sys, struct vm_area_struct *vma,
+ void *addr, dma_addr_t iova, size_t size,
+ unsigned long attrs);
+int ipu6_dma_map_sg(struct ipu6_bus_device *sys, struct scatterlist *sglist,
+ int nents, enum dma_data_direction dir,
+ unsigned long attrs);
+void ipu6_dma_unmap_sg(struct ipu6_bus_device *sys, struct scatterlist *sglist,
+ int nents, enum dma_data_direction dir,
+ unsigned long attrs);
+int ipu6_dma_map_sgtable(struct ipu6_bus_device *sys, struct sg_table *sgt,
+ enum dma_data_direction dir, unsigned long attrs);
+void ipu6_dma_unmap_sgtable(struct ipu6_bus_device *sys, struct sg_table *sgt,
+ enum dma_data_direction dir, unsigned long attrs);
+int ipu6_dma_get_sgtable(struct ipu6_bus_device *sys, struct sg_table *sgt,
+ void *cpu_addr, dma_addr_t handle, size_t size,
+ unsigned long attrs);
#endif /* IPU6_DMA_H */
diff --git a/drivers/media/pci/intel/ipu6/ipu6-fw-com.c b/drivers/media/pci/intel/ipu6/ipu6-fw-com.c
index 0b33fe9e703dc..7d3d9314cb306 100644
--- a/drivers/media/pci/intel/ipu6/ipu6-fw-com.c
+++ b/drivers/media/pci/intel/ipu6/ipu6-fw-com.c
@@ -12,6 +12,7 @@
#include <linux/types.h>
#include "ipu6-bus.h"
+#include "ipu6-dma.h"
#include "ipu6-fw-com.h"
/*
@@ -88,7 +89,6 @@ struct ipu6_fw_com_context {
void *dma_buffer;
dma_addr_t dma_addr;
unsigned int dma_size;
- unsigned long attrs;
struct ipu6_fw_sys_queue *input_queue; /* array of host to SP queues */
struct ipu6_fw_sys_queue *output_queue; /* array of SP to host */
@@ -164,7 +164,6 @@ void *ipu6_fw_com_prepare(struct ipu6_fw_com_cfg *cfg,
struct ipu6_fw_com_context *ctx;
struct device *dev = &adev->auxdev.dev;
size_t sizeall, offset;
- unsigned long attrs = 0;
void *specific_host_addr;
unsigned int i;
@@ -206,9 +205,8 @@ void *ipu6_fw_com_prepare(struct ipu6_fw_com_cfg *cfg,
sizeall += sizeinput + sizeoutput;
- ctx->dma_buffer = dma_alloc_attrs(dev, sizeall, &ctx->dma_addr,
- GFP_KERNEL, attrs);
- ctx->attrs = attrs;
+ ctx->dma_buffer = ipu6_dma_alloc(adev, sizeall, &ctx->dma_addr,
+ GFP_KERNEL, 0);
if (!ctx->dma_buffer) {
dev_err(dev, "failed to allocate dma memory\n");
kfree(ctx);
@@ -239,6 +237,8 @@ void *ipu6_fw_com_prepare(struct ipu6_fw_com_cfg *cfg,
memcpy(specific_host_addr, cfg->specific_addr,
cfg->specific_size);
+ ipu6_dma_sync_single(adev, ctx->config_vied_addr, sizeall);
+
/* initialize input queues */
offset += specific_size;
res.reg = SYSCOM_QPR_BASE_REG;
@@ -315,8 +315,8 @@ int ipu6_fw_com_release(struct ipu6_fw_com_context *ctx, unsigned int force)
if (!force && !ctx->cell_ready(ctx->adev))
return -EBUSY;
- dma_free_attrs(&ctx->adev->auxdev.dev, ctx->dma_size,
- ctx->dma_buffer, ctx->dma_addr, ctx->attrs);
+ ipu6_dma_free(ctx->adev, ctx->dma_size,
+ ctx->dma_buffer, ctx->dma_addr, 0);
kfree(ctx);
return 0;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 207/817] media: venus: fix enc/dec destruction order
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (205 preceding siblings ...)
2024-12-03 14:36 ` [PATCH 6.11 206/817] media: ipu6: not override the dma_ops of device in driver Greg Kroah-Hartman
@ 2024-12-03 14:36 ` Greg Kroah-Hartman
2024-12-04 3:10 ` Sergey Senozhatsky
2024-12-03 14:36 ` [PATCH 6.11 208/817] media: venus: sync with threaded IRQ during inst destruction Greg Kroah-Hartman
` (619 subsequent siblings)
826 siblings, 1 reply; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:36 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Tomasz Figa, Sergey Senozhatsky,
Bryan ODonoghue, Stanimir Varbanov, Hans Verkuil, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sergey Senozhatsky <senozhatsky@chromium.org>
[ Upstream commit 6c9934c5a00ae722a98d1a06ed44b673514407b5 ]
We destroy mutex-es too early as they are still taken in
v4l2_fh_exit()->v4l2_event_unsubscribe()->v4l2_ctrl_find().
We should destroy mutex-es right before kfree(). Also
do not vdec_ctrl_deinit() before v4l2_fh_exit().
Fixes: 7472c1c69138 ("[media] media: venus: vdec: add video decoder files")
Suggested-by: Tomasz Figa <tfiga@google.com>
Signed-off-by: Sergey Senozhatsky <senozhatsky@chromium.org>
Reviewed-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Signed-off-by: Stanimir Varbanov <stanimir.k.varbanov@gmail.com>
Signed-off-by: Hans Verkuil <hverkuil@xs4all.nl>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/qcom/venus/vdec.c | 7 ++++---
drivers/media/platform/qcom/venus/venc.c | 6 +++---
2 files changed, 7 insertions(+), 6 deletions(-)
diff --git a/drivers/media/platform/qcom/venus/vdec.c b/drivers/media/platform/qcom/venus/vdec.c
index d12089370d91e..4af268e756883 100644
--- a/drivers/media/platform/qcom/venus/vdec.c
+++ b/drivers/media/platform/qcom/venus/vdec.c
@@ -1750,13 +1750,14 @@ static int vdec_close(struct file *file)
cancel_work_sync(&inst->delayed_process_work);
v4l2_m2m_ctx_release(inst->m2m_ctx);
v4l2_m2m_release(inst->m2m_dev);
- vdec_ctrl_deinit(inst);
ida_destroy(&inst->dpb_ids);
hfi_session_destroy(inst);
- mutex_destroy(&inst->lock);
- mutex_destroy(&inst->ctx_q_lock);
v4l2_fh_del(&inst->fh);
v4l2_fh_exit(&inst->fh);
+ vdec_ctrl_deinit(inst);
+
+ mutex_destroy(&inst->lock);
+ mutex_destroy(&inst->ctx_q_lock);
vdec_pm_put(inst, false);
diff --git a/drivers/media/platform/qcom/venus/venc.c b/drivers/media/platform/qcom/venus/venc.c
index 3ec2fb8d9fab6..56777d3d630a5 100644
--- a/drivers/media/platform/qcom/venus/venc.c
+++ b/drivers/media/platform/qcom/venus/venc.c
@@ -1517,14 +1517,14 @@ static int venc_close(struct file *file)
v4l2_m2m_ctx_release(inst->m2m_ctx);
v4l2_m2m_release(inst->m2m_dev);
- venc_ctrl_deinit(inst);
hfi_session_destroy(inst);
- mutex_destroy(&inst->lock);
- mutex_destroy(&inst->ctx_q_lock);
v4l2_fh_del(&inst->fh);
v4l2_fh_exit(&inst->fh);
+ venc_ctrl_deinit(inst);
inst->enc_state = VENUS_ENC_STATE_DEINIT;
+ mutex_destroy(&inst->lock);
+ mutex_destroy(&inst->ctx_q_lock);
venc_pm_put(inst, false);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 208/817] media: venus: sync with threaded IRQ during inst destruction
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (206 preceding siblings ...)
2024-12-03 14:36 ` [PATCH 6.11 207/817] media: venus: fix enc/dec destruction order Greg Kroah-Hartman
@ 2024-12-03 14:36 ` Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 209/817] pwm: Assume a disabled PWM to emit a constant inactive output Greg Kroah-Hartman
` (618 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:36 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Sergey Senozhatsky, Bryan ODonoghue,
Stanimir Varbanov, Hans Verkuil, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sergey Senozhatsky <senozhatsky@chromium.org>
[ Upstream commit 45b1a1b348ec178a599323f1ce7d7932aea8c6d4 ]
When destroying an inst we should make sure that we don't race
against threaded IRQ (or pending IRQ), otherwise we can concurrently
kfree() inst context and inst itself.
BUG: KASAN: slab-use-after-free in vb2_queue_error+0x80/0x90
Call trace:
dump_backtrace+0x1c4/0x1f8
show_stack+0x38/0x60
dump_stack_lvl+0x168/0x1f0
print_report+0x170/0x4c8
kasan_report+0x94/0xd0
__asan_report_load2_noabort+0x20/0x30
vb2_queue_error+0x80/0x90
venus_helper_vb2_queue_error+0x54/0x78
venc_event_notify+0xec/0x158
hfi_event_notify+0x878/0xd20
hfi_process_msg_packet+0x27c/0x4e0
venus_isr_thread+0x258/0x6e8
hfi_isr_thread+0x70/0x90
venus_isr_thread+0x34/0x50
irq_thread_fn+0x88/0x130
irq_thread+0x160/0x2c0
kthread+0x294/0x328
ret_from_fork+0x10/0x20
Allocated by task 20291:
kasan_set_track+0x4c/0x80
kasan_save_alloc_info+0x28/0x38
__kasan_kmalloc+0x84/0xa0
kmalloc_trace+0x7c/0x98
v4l2_m2m_ctx_init+0x74/0x280
venc_open+0x444/0x6d0
v4l2_open+0x19c/0x2a0
chrdev_open+0x374/0x3f0
do_dentry_open+0x710/0x10a8
vfs_open+0x88/0xa8
path_openat+0x1e6c/0x2700
do_filp_open+0x1a4/0x2e0
do_sys_openat2+0xe8/0x508
do_sys_open+0x15c/0x1a0
__arm64_sys_openat+0xa8/0xc8
invoke_syscall+0xdc/0x270
el0_svc_common+0x1ec/0x250
do_el0_svc+0x54/0x70
el0_svc+0x50/0xe8
el0t_64_sync_handler+0x48/0x120
el0t_64_sync+0x1a8/0x1b0
Freed by task 20291:
kasan_set_track+0x4c/0x80
kasan_save_free_info+0x3c/0x60
____kasan_slab_free+0x124/0x1a0
__kasan_slab_free+0x18/0x28
__kmem_cache_free+0x134/0x300
kfree+0xc8/0x1a8
v4l2_m2m_ctx_release+0x44/0x60
venc_close+0x78/0x130 [venus_enc]
v4l2_release+0x20c/0x2f8
__fput+0x328/0x7f0
____fput+0x2c/0x48
task_work_run+0x1e0/0x280
get_signal+0xfb8/0x1190
do_notify_resume+0x34c/0x16a8
el0_svc+0x9c/0xe8
el0t_64_sync_handler+0x48/0x120
el0t_64_sync+0x1a8/0x1b0
Rearrange inst destruction. First remove the inst from the
core->instances list, second synchronize IRQ/IRQ-thread to
make sure that nothing else would see the inst while we take
it down.
Fixes: 7472c1c69138 ("[media] media: venus: vdec: add video decoder files")
Signed-off-by: Sergey Senozhatsky <senozhatsky@chromium.org>
Reviewed-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Signed-off-by: Stanimir Varbanov <stanimir.k.varbanov@gmail.com>
Signed-off-by: Hans Verkuil <hverkuil@xs4all.nl>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/qcom/venus/vdec.c | 12 +++++++++++-
drivers/media/platform/qcom/venus/venc.c | 12 +++++++++++-
2 files changed, 22 insertions(+), 2 deletions(-)
diff --git a/drivers/media/platform/qcom/venus/vdec.c b/drivers/media/platform/qcom/venus/vdec.c
index 4af268e756883..b446046546403 100644
--- a/drivers/media/platform/qcom/venus/vdec.c
+++ b/drivers/media/platform/qcom/venus/vdec.c
@@ -1748,10 +1748,20 @@ static int vdec_close(struct file *file)
vdec_pm_get(inst);
cancel_work_sync(&inst->delayed_process_work);
+ /*
+ * First, remove the inst from the ->instances list, so that
+ * to_instance() will return NULL.
+ */
+ hfi_session_destroy(inst);
+ /*
+ * Second, make sure we don't have IRQ/IRQ-thread currently running
+ * or pending execution, which would race with the inst destruction.
+ */
+ synchronize_irq(inst->core->irq);
+
v4l2_m2m_ctx_release(inst->m2m_ctx);
v4l2_m2m_release(inst->m2m_dev);
ida_destroy(&inst->dpb_ids);
- hfi_session_destroy(inst);
v4l2_fh_del(&inst->fh);
v4l2_fh_exit(&inst->fh);
vdec_ctrl_deinit(inst);
diff --git a/drivers/media/platform/qcom/venus/venc.c b/drivers/media/platform/qcom/venus/venc.c
index 56777d3d630a5..b83f03abbf0aa 100644
--- a/drivers/media/platform/qcom/venus/venc.c
+++ b/drivers/media/platform/qcom/venus/venc.c
@@ -1515,9 +1515,19 @@ static int venc_close(struct file *file)
venc_pm_get(inst);
+ /*
+ * First, remove the inst from the ->instances list, so that
+ * to_instance() will return NULL.
+ */
+ hfi_session_destroy(inst);
+ /*
+ * Second, make sure we don't have IRQ/IRQ-thread currently running
+ * or pending execution, which would race with the inst destruction.
+ */
+ synchronize_irq(inst->core->irq);
+
v4l2_m2m_ctx_release(inst->m2m_ctx);
v4l2_m2m_release(inst->m2m_dev);
- hfi_session_destroy(inst);
v4l2_fh_del(&inst->fh);
v4l2_fh_exit(&inst->fh);
venc_ctrl_deinit(inst);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 209/817] pwm: Assume a disabled PWM to emit a constant inactive output
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (207 preceding siblings ...)
2024-12-03 14:36 ` [PATCH 6.11 208/817] media: venus: sync with threaded IRQ during inst destruction Greg Kroah-Hartman
@ 2024-12-03 14:36 ` Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 210/817] media: atomisp: Add check for rgby_data memory allocation failure Greg Kroah-Hartman
` (617 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:36 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dimitri Fedrau,
Uwe Kleine-König, Uwe Kleine-König, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Uwe Kleine-König <u.kleine-koenig@baylibre.com>
[ Upstream commit b2eaa1170e45dc18eb09dcc9abafbe9a7502e960 ]
Some PWM hardwares (e.g. MC33XS2410) cannot implement a zero duty cycle
but can instead disable the hardware which also results in a constant
inactive output.
There are some checks (enabled with CONFIG_PWM_DEBUG) to help
implementing a driver without violating the normal rounding rules. Make
them less strict to let above described hardware pass without warning.
Reported-by: Dimitri Fedrau <dima.fedrau@gmail.com>
Link: https://lore.kernel.org/r/20241103205215.GA509903@debian
Fixes: 3ad1f3a33286 ("pwm: Implement some checks for lowlevel drivers")
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@baylibre.com>
Reviewed-by: Dimitri Fedrau <dima.fedrau@gmail.com>
Tested-by: Dimitri Fedrau <dima.fedrau@gmail.com>
Link: https://lore.kernel.org/r/20241105153521.1001864-2-u.kleine-koenig@baylibre.com
Signed-off-by: Uwe Kleine-König <ukleinek@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pwm/core.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/drivers/pwm/core.c b/drivers/pwm/core.c
index 8acbcf5b66739..53c3a76a185ed 100644
--- a/drivers/pwm/core.c
+++ b/drivers/pwm/core.c
@@ -75,7 +75,7 @@ static void pwm_apply_debug(struct pwm_device *pwm,
state->duty_cycle < state->period)
dev_warn(pwmchip_parent(chip), ".apply ignored .polarity\n");
- if (state->enabled &&
+ if (state->enabled && s2.enabled &&
last->polarity == state->polarity &&
last->period > s2.period &&
last->period <= state->period)
@@ -83,7 +83,11 @@ static void pwm_apply_debug(struct pwm_device *pwm,
".apply didn't pick the best available period (requested: %llu, applied: %llu, possible: %llu)\n",
state->period, s2.period, last->period);
- if (state->enabled && state->period < s2.period)
+ /*
+ * Rounding period up is fine only if duty_cycle is 0 then, because a
+ * flat line doesn't have a characteristic period.
+ */
+ if (state->enabled && s2.enabled && state->period < s2.period && s2.duty_cycle)
dev_warn(pwmchip_parent(chip),
".apply is supposed to round down period (requested: %llu, applied: %llu)\n",
state->period, s2.period);
@@ -99,7 +103,7 @@ static void pwm_apply_debug(struct pwm_device *pwm,
s2.duty_cycle, s2.period,
last->duty_cycle, last->period);
- if (state->enabled && state->duty_cycle < s2.duty_cycle)
+ if (state->enabled && s2.enabled && state->duty_cycle < s2.duty_cycle)
dev_warn(pwmchip_parent(chip),
".apply is supposed to round down duty_cycle (requested: %llu/%llu, applied: %llu/%llu)\n",
state->duty_cycle, state->period,
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 210/817] media: atomisp: Add check for rgby_data memory allocation failure
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (208 preceding siblings ...)
2024-12-03 14:36 ` [PATCH 6.11 209/817] pwm: Assume a disabled PWM to emit a constant inactive output Greg Kroah-Hartman
@ 2024-12-03 14:36 ` Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 211/817] arm64: dts: rockchip: correct analog audio name on Indiedroid Nova Greg Kroah-Hartman
` (616 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:36 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Li Huafei, Andy Shevchenko,
Hans de Goede, Mauro Carvalho Chehab, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Li Huafei <lihuafei1@huawei.com>
[ Upstream commit ed61c59139509f76d3592683c90dc3fdc6e23cd6 ]
In ia_css_3a_statistics_allocate(), there is no check on the allocation
result of the rgby_data memory. If rgby_data is not successfully
allocated, it may trigger the assert(host_stats->rgby_data) assertion in
ia_css_s3a_hmem_decode(). Adding a check to fix this potential issue.
Fixes: a49d25364dfb ("staging/atomisp: Add support for the Intel IPU v2")
Signed-off-by: Li Huafei <lihuafei1@huawei.com>
Reviewed-by: Andy Shevchenko <andy@kernel.org>
Link: https://lore.kernel.org/r/20241104145051.3088231-1-lihuafei1@huawei.com
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/media/atomisp/pci/sh_css_params.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/staging/media/atomisp/pci/sh_css_params.c b/drivers/staging/media/atomisp/pci/sh_css_params.c
index 232744973ab88..b1feb6f6ebe89 100644
--- a/drivers/staging/media/atomisp/pci/sh_css_params.c
+++ b/drivers/staging/media/atomisp/pci/sh_css_params.c
@@ -4181,6 +4181,8 @@ ia_css_3a_statistics_allocate(const struct ia_css_3a_grid_info *grid)
goto err;
/* No weighted histogram, no structure, treat the histogram data as a byte dump in a byte array */
me->rgby_data = kvmalloc(sizeof_hmem(HMEM0_ID), GFP_KERNEL);
+ if (!me->rgby_data)
+ goto err;
IA_CSS_LEAVE("return=%p", me);
return me;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 211/817] arm64: dts: rockchip: correct analog audio name on Indiedroid Nova
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (209 preceding siblings ...)
2024-12-03 14:36 ` [PATCH 6.11 210/817] media: atomisp: Add check for rgby_data memory allocation failure Greg Kroah-Hartman
@ 2024-12-03 14:36 ` Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 212/817] HID: hyperv: streamline driver probe to avoid devres issues Greg Kroah-Hartman
` (615 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:36 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Chris Morgan, Heiko Stuebner,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chris Morgan <macromorgan@hotmail.com>
[ Upstream commit 42d85557527266804579bc5d20c101d93f6be3c6 ]
Correct the audio name for the Indiedroid Nova from
rockchip,es8388-codec to rockchip,es8388. This name change corrects a
kernel log error of "ASoC: driver name too long 'rockchip,es8388-codec'
-> 'rockchip_es8388'".
Fixes: 3900160e164b ("arm64: dts: rockchip: Add Indiedroid Nova board")
Signed-off-by: Chris Morgan <macromorgan@hotmail.com>
Link: https://lore.kernel.org/r/20241031150505.967909-2-macroalpha82@gmail.com
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/rockchip/rk3588s-indiedroid-nova.dts | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm64/boot/dts/rockchip/rk3588s-indiedroid-nova.dts b/arch/arm64/boot/dts/rockchip/rk3588s-indiedroid-nova.dts
index d8c50fdcca3b5..a4b930f6987f4 100644
--- a/arch/arm64/boot/dts/rockchip/rk3588s-indiedroid-nova.dts
+++ b/arch/arm64/boot/dts/rockchip/rk3588s-indiedroid-nova.dts
@@ -62,7 +62,7 @@ sdio_pwrseq: sdio-pwrseq {
sound {
compatible = "audio-graph-card";
- label = "rockchip,es8388-codec";
+ label = "rockchip,es8388";
widgets = "Microphone", "Mic Jack",
"Headphone", "Headphones";
routing = "LINPUT2", "Mic Jack",
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 212/817] HID: hyperv: streamline driver probe to avoid devres issues
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (210 preceding siblings ...)
2024-12-03 14:36 ` [PATCH 6.11 211/817] arm64: dts: rockchip: correct analog audio name on Indiedroid Nova Greg Kroah-Hartman
@ 2024-12-03 14:36 ` Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 213/817] platform/x86: panasonic-laptop: Return errno correctly in show callback Greg Kroah-Hartman
` (614 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:36 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Michael Kelley, Vitaly Kuznetsov,
Saurabh Sengar, Jiri Kosina, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Vitaly Kuznetsov <vkuznets@redhat.com>
[ Upstream commit 66ef47faa90d838cda131fe1f7776456cc3b59f2 ]
It was found that unloading 'hid_hyperv' module results in a devres
complaint:
...
hv_vmbus: unregistering driver hid_hyperv
------------[ cut here ]------------
WARNING: CPU: 2 PID: 3983 at drivers/base/devres.c:691 devres_release_group+0x1f2/0x2c0
...
Call Trace:
<TASK>
? devres_release_group+0x1f2/0x2c0
? __warn+0xd1/0x1c0
? devres_release_group+0x1f2/0x2c0
? report_bug+0x32a/0x3c0
? handle_bug+0x53/0xa0
? exc_invalid_op+0x18/0x50
? asm_exc_invalid_op+0x1a/0x20
? devres_release_group+0x1f2/0x2c0
? devres_release_group+0x90/0x2c0
? rcu_is_watching+0x15/0xb0
? __pfx_devres_release_group+0x10/0x10
hid_device_remove+0xf5/0x220
device_release_driver_internal+0x371/0x540
? klist_put+0xf3/0x170
bus_remove_device+0x1f1/0x3f0
device_del+0x33f/0x8c0
? __pfx_device_del+0x10/0x10
? cleanup_srcu_struct+0x337/0x500
hid_destroy_device+0xc8/0x130
mousevsc_remove+0xd2/0x1d0 [hid_hyperv]
device_release_driver_internal+0x371/0x540
driver_detach+0xc5/0x180
bus_remove_driver+0x11e/0x2a0
? __mutex_unlock_slowpath+0x160/0x5e0
vmbus_driver_unregister+0x62/0x2b0 [hv_vmbus]
...
And the issue seems to be that the corresponding devres group is not
allocated. Normally, devres_open_group() is called from
__hid_device_probe() but Hyper-V HID driver overrides 'hid_dev->driver'
with 'mousevsc_hid_driver' stub and basically re-implements
__hid_device_probe() by calling hid_parse() and hid_hw_start() but not
devres_open_group(). hid_device_probe() does not call __hid_device_probe()
for it. Later, when the driver is removed, hid_device_remove() calls
devres_release_group() as it doesn't check whether hdev->driver was
initially overridden or not.
The issue seems to be related to the commit 62c68e7cee33 ("HID: ensure
timely release of driver-allocated resources") but the commit itself seems
to be correct.
Fix the issue by dropping the 'hid_dev->driver' override and using
hid_register_driver()/hid_unregister_driver() instead. Alternatively, it
would have been possible to rely on the default handling but
HID_CONNECT_DEFAULT implies HID_CONNECT_HIDRAW and it doesn't seem to work
for mousevsc as-is.
Fixes: 62c68e7cee33 ("HID: ensure timely release of driver-allocated resources")
Suggested-by: Michael Kelley <mhklinux@outlook.com>
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Reviewed-by: Michael Kelley <mhklinux@outlook.com>
Tested-by: Saurabh Sengar <ssengar@linux.microsoft.com>
Signed-off-by: Jiri Kosina <jkosina@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hid/hid-hyperv.c | 58 ++++++++++++++++++++++++++++------------
1 file changed, 41 insertions(+), 17 deletions(-)
diff --git a/drivers/hid/hid-hyperv.c b/drivers/hid/hid-hyperv.c
index f33485d83d24f..0fb210e40a412 100644
--- a/drivers/hid/hid-hyperv.c
+++ b/drivers/hid/hid-hyperv.c
@@ -422,6 +422,25 @@ static int mousevsc_hid_raw_request(struct hid_device *hid,
return 0;
}
+static int mousevsc_hid_probe(struct hid_device *hid_dev, const struct hid_device_id *id)
+{
+ int ret;
+
+ ret = hid_parse(hid_dev);
+ if (ret) {
+ hid_err(hid_dev, "parse failed\n");
+ return ret;
+ }
+
+ ret = hid_hw_start(hid_dev, HID_CONNECT_HIDINPUT | HID_CONNECT_HIDDEV);
+ if (ret) {
+ hid_err(hid_dev, "hw start failed\n");
+ return ret;
+ }
+
+ return 0;
+}
+
static const struct hid_ll_driver mousevsc_ll_driver = {
.parse = mousevsc_hid_parse,
.open = mousevsc_hid_open,
@@ -431,7 +450,16 @@ static const struct hid_ll_driver mousevsc_ll_driver = {
.raw_request = mousevsc_hid_raw_request,
};
-static struct hid_driver mousevsc_hid_driver;
+static const struct hid_device_id mousevsc_devices[] = {
+ { HID_DEVICE(BUS_VIRTUAL, HID_GROUP_ANY, 0x045E, 0x0621) },
+ { }
+};
+
+static struct hid_driver mousevsc_hid_driver = {
+ .name = "hid-hyperv",
+ .id_table = mousevsc_devices,
+ .probe = mousevsc_hid_probe,
+};
static int mousevsc_probe(struct hv_device *device,
const struct hv_vmbus_device_id *dev_id)
@@ -473,7 +501,6 @@ static int mousevsc_probe(struct hv_device *device,
}
hid_dev->ll_driver = &mousevsc_ll_driver;
- hid_dev->driver = &mousevsc_hid_driver;
hid_dev->bus = BUS_VIRTUAL;
hid_dev->vendor = input_dev->hid_dev_info.vendor;
hid_dev->product = input_dev->hid_dev_info.product;
@@ -488,20 +515,6 @@ static int mousevsc_probe(struct hv_device *device,
if (ret)
goto probe_err2;
-
- ret = hid_parse(hid_dev);
- if (ret) {
- hid_err(hid_dev, "parse failed\n");
- goto probe_err2;
- }
-
- ret = hid_hw_start(hid_dev, HID_CONNECT_HIDINPUT | HID_CONNECT_HIDDEV);
-
- if (ret) {
- hid_err(hid_dev, "hw start failed\n");
- goto probe_err2;
- }
-
device_init_wakeup(&device->device, true);
input_dev->connected = true;
@@ -579,12 +592,23 @@ static struct hv_driver mousevsc_drv = {
static int __init mousevsc_init(void)
{
- return vmbus_driver_register(&mousevsc_drv);
+ int ret;
+
+ ret = hid_register_driver(&mousevsc_hid_driver);
+ if (ret)
+ return ret;
+
+ ret = vmbus_driver_register(&mousevsc_drv);
+ if (ret)
+ hid_unregister_driver(&mousevsc_hid_driver);
+
+ return ret;
}
static void __exit mousevsc_exit(void)
{
vmbus_driver_unregister(&mousevsc_drv);
+ hid_unregister_driver(&mousevsc_hid_driver);
}
MODULE_LICENSE("GPL");
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 213/817] platform/x86: panasonic-laptop: Return errno correctly in show callback
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (211 preceding siblings ...)
2024-12-03 14:36 ` [PATCH 6.11 212/817] HID: hyperv: streamline driver probe to avoid devres issues Greg Kroah-Hartman
@ 2024-12-03 14:36 ` Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 214/817] drm/imagination: Convert to use time_before macro Greg Kroah-Hartman
` (613 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:36 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yao Zi, Hans de Goede,
Ilpo Järvinen, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yao Zi <ziyao@disroot.org>
[ Upstream commit 5c7bebc1a3f0661db558d60e14dde27fc216d9dc ]
When an error occurs in sysfs show callback, we should return the errno
directly instead of formatting it as the result, which produces
meaningless output and doesn't inform the userspace of the error.
Fixes: 468f96bfa3a0 ("platform/x86: panasonic-laptop: Add support for battery charging threshold (eco mode)")
Fixes: d5a81d8e864b ("platform/x86: panasonic-laptop: Add support for optical driver power in Y and W series")
Signed-off-by: Yao Zi <ziyao@disroot.org>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Link: https://lore.kernel.org/r/20241118064637.61832-3-ziyao@disroot.org
Reviewed-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/x86/panasonic-laptop.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/drivers/platform/x86/panasonic-laptop.c b/drivers/platform/x86/panasonic-laptop.c
index ebd81846e2d56..7365286f6d2dc 100644
--- a/drivers/platform/x86/panasonic-laptop.c
+++ b/drivers/platform/x86/panasonic-laptop.c
@@ -602,8 +602,7 @@ static ssize_t eco_mode_show(struct device *dev, struct device_attribute *attr,
result = 1;
break;
default:
- result = -EIO;
- break;
+ return -EIO;
}
return sysfs_emit(buf, "%u\n", result);
}
@@ -749,7 +748,12 @@ static ssize_t current_brightness_store(struct device *dev, struct device_attrib
static ssize_t cdpower_show(struct device *dev, struct device_attribute *attr,
char *buf)
{
- return sysfs_emit(buf, "%d\n", get_optd_power_state());
+ int state = get_optd_power_state();
+
+ if (state < 0)
+ return state;
+
+ return sysfs_emit(buf, "%d\n", state);
}
static ssize_t cdpower_store(struct device *dev, struct device_attribute *attr,
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 214/817] drm/imagination: Convert to use time_before macro
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (212 preceding siblings ...)
2024-12-03 14:36 ` [PATCH 6.11 213/817] platform/x86: panasonic-laptop: Return errno correctly in show callback Greg Kroah-Hartman
@ 2024-12-03 14:36 ` Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 215/817] drm/imagination: Use pvr_vm_context_get() Greg Kroah-Hartman
` (612 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:36 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Chen Yufan, Matt Coster, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chen Yufan <chenyufan@vivo.com>
[ Upstream commit 7a5115ba1d691bd14db91d2fcc3ce0b056574ce9 ]
Use time_*() macros instead of using jiffies directly to handle overflow
issues.
Fixes: cc1aeedb98ad ("drm/imagination: Implement firmware infrastructure and META FW support")
Signed-off-by: Chen Yufan <chenyufan@vivo.com>
Reviewed-by: Matt Coster <matt.coster@imgtec.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20240823093925.9599-1-chenyufan@vivo.com
Signed-off-by: Matt Coster <matt.coster@imgtec.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/imagination/pvr_ccb.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/imagination/pvr_ccb.c b/drivers/gpu/drm/imagination/pvr_ccb.c
index 4deeac7ed40a4..2bbdc05a3b977 100644
--- a/drivers/gpu/drm/imagination/pvr_ccb.c
+++ b/drivers/gpu/drm/imagination/pvr_ccb.c
@@ -321,7 +321,7 @@ static int pvr_kccb_reserve_slot_sync(struct pvr_device *pvr_dev)
bool reserved = false;
u32 retries = 0;
- while ((jiffies - start_timestamp) < (u32)RESERVE_SLOT_TIMEOUT ||
+ while (time_before(jiffies, start_timestamp + RESERVE_SLOT_TIMEOUT) ||
retries < RESERVE_SLOT_MIN_RETRIES) {
reserved = pvr_kccb_try_reserve_slot(pvr_dev);
if (reserved)
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 215/817] drm/imagination: Use pvr_vm_context_get()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (213 preceding siblings ...)
2024-12-03 14:36 ` [PATCH 6.11 214/817] drm/imagination: Convert to use time_before macro Greg Kroah-Hartman
@ 2024-12-03 14:36 ` Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 216/817] drm/mm: Mark drm_mm_interval_tree*() functions with __maybe_unused Greg Kroah-Hartman
` (611 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:36 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Frank Binns, Matt Coster,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Matt Coster <Matt.Coster@imgtec.com>
[ Upstream commit eb4accc5234525e2cb2b720187ccaf6db99b705f ]
I missed this open-coded kref_get() while trying to debug a refcount
bug, so let's use the helper function here to avoid that waste of time
again in the future.
Fixes: ff5f643de0bf ("drm/imagination: Add GEM and VM related code")
Reviewed-by: Frank Binns <frank.binns@imgtec.com>
Link: https://patchwork.freedesktop.org/patch/msgid/8616641d-6005-4b25-bc0a-0b53985a0e08@imgtec.com
Signed-off-by: Matt Coster <matt.coster@imgtec.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/imagination/pvr_vm.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/imagination/pvr_vm.c b/drivers/gpu/drm/imagination/pvr_vm.c
index 7bd6ba4c6e8ab..363f885a70982 100644
--- a/drivers/gpu/drm/imagination/pvr_vm.c
+++ b/drivers/gpu/drm/imagination/pvr_vm.c
@@ -654,9 +654,7 @@ pvr_vm_context_lookup(struct pvr_file *pvr_file, u32 handle)
xa_lock(&pvr_file->vm_ctx_handles);
vm_ctx = xa_load(&pvr_file->vm_ctx_handles, handle);
- if (vm_ctx)
- kref_get(&vm_ctx->ref_count);
-
+ pvr_vm_context_get(vm_ctx);
xa_unlock(&pvr_file->vm_ctx_handles);
return vm_ctx;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 216/817] drm/mm: Mark drm_mm_interval_tree*() functions with __maybe_unused
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (214 preceding siblings ...)
2024-12-03 14:36 ` [PATCH 6.11 215/817] drm/imagination: Use pvr_vm_context_get() Greg Kroah-Hartman
@ 2024-12-03 14:36 ` Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 217/817] drm/vc4: hvs: Dont write gamma luts on 2711 Greg Kroah-Hartman
` (610 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:36 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Andy Shevchenko, Jani Nikula,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
[ Upstream commit 53bd7c1c0077db533472ae32799157758302ef48 ]
The INTERVAL_TREE_DEFINE() uncoditionally provides a bunch of helper
functions which in some cases may be not used. This, in particular,
prevents kernel builds with clang, `make W=1` and CONFIG_WERROR=y:
.../drm/drm_mm.c:152:1: error: unused function 'drm_mm_interval_tree_insert' [-Werror,-Wunused-function]
152 | INTERVAL_TREE_DEFINE(struct drm_mm_node, rb,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
153 | u64, __subtree_last,
| ~~~~~~~~~~~~~~~~~~~~
154 | START, LAST, static inline, drm_mm_interval_tree)
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Fix this by marking drm_mm_interval_tree*() functions with __maybe_unused.
See also commit 6863f5643dd7 ("kbuild: allow Clang to find unused static
inline functions for W=1 build").
Fixes: 202b52b7fbf7 ("drm: Track drm_mm nodes with an interval tree")
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Reviewed-by: Jani Nikula <jani.nikula@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20240829154640.1120050-1-andriy.shevchenko@linux.intel.com
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/drm_mm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/drm_mm.c b/drivers/gpu/drm/drm_mm.c
index 5ace481c19011..1ed68d3cd80ba 100644
--- a/drivers/gpu/drm/drm_mm.c
+++ b/drivers/gpu/drm/drm_mm.c
@@ -151,7 +151,7 @@ static void show_leaks(struct drm_mm *mm) { }
INTERVAL_TREE_DEFINE(struct drm_mm_node, rb,
u64, __subtree_last,
- START, LAST, static inline, drm_mm_interval_tree)
+ START, LAST, static inline __maybe_unused, drm_mm_interval_tree)
struct drm_mm_node *
__drm_mm_interval_first(const struct drm_mm *mm, u64 start, u64 last)
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 217/817] drm/vc4: hvs: Dont write gamma luts on 2711
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (215 preceding siblings ...)
2024-12-03 14:36 ` [PATCH 6.11 216/817] drm/mm: Mark drm_mm_interval_tree*() functions with __maybe_unused Greg Kroah-Hartman
@ 2024-12-03 14:36 ` Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 218/817] drm/vc4: hdmi: Avoid hang with debug registers when suspended Greg Kroah-Hartman
` (609 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:36 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Maxime Ripard, Dave Stevenson,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dave Stevenson <dave.stevenson@raspberrypi.com>
[ Upstream commit 52efe364d1968ee3e3ed45eb44eb924b63635315 ]
The gamma block has changed in 2711, therefore writing the lut
in vc4_hvs_lut_load is incorrect.
Whilst the gamma property isn't created for 2711, it is called
from vc4_hvs_init_channel, so abort if attempted.
Fixes: c54619b0bfb3 ("drm/vc4: Add support for the BCM2711 HVS5")
Reviewed-by: Maxime Ripard <mripard@kernel.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20240621152055.4180873-15-dave.stevenson@raspberrypi.com
Signed-off-by: Dave Stevenson <dave.stevenson@raspberrypi.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/vc4/vc4_hvs.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/gpu/drm/vc4/vc4_hvs.c b/drivers/gpu/drm/vc4/vc4_hvs.c
index 04af672caacb1..1ac55c19197cb 100644
--- a/drivers/gpu/drm/vc4/vc4_hvs.c
+++ b/drivers/gpu/drm/vc4/vc4_hvs.c
@@ -222,6 +222,9 @@ static void vc4_hvs_lut_load(struct vc4_hvs *hvs,
if (!drm_dev_enter(drm, &idx))
return;
+ if (hvs->vc4->is_vc5)
+ return;
+
/* The LUT memory is laid out with each HVS channel in order,
* each of which takes 256 writes for R, 256 for G, then 256
* for B.
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 218/817] drm/vc4: hdmi: Avoid hang with debug registers when suspended
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (216 preceding siblings ...)
2024-12-03 14:36 ` [PATCH 6.11 217/817] drm/vc4: hvs: Dont write gamma luts on 2711 Greg Kroah-Hartman
@ 2024-12-03 14:36 ` Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 219/817] drm/vc4: hvs: Fix dlist debug not resetting the next entry pointer Greg Kroah-Hartman
` (608 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:36 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dom Cobley, Maxime Ripard,
Dave Stevenson, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dom Cobley <popcornmix@gmail.com>
[ Upstream commit 223ee2567a55e4f80315c768d2969e6a3b9fb23d ]
Trying to read /sys/kernel/debug/dri/1/hdmi1_regs
when the hdmi is disconnected results in a fatal system hang.
This is due to the pm suspend code disabling the dvp clock.
That is just a gate of the 108MHz clock in DVP_HT_RPI_MISC_CONFIG,
which results in accesses hanging AXI bus.
Protect against this.
Fixes: 25eb441d55d4 ("drm/vc4: hdmi: Add all the vc5 HDMI registers into the debugfs dumps")
Signed-off-by: Dom Cobley <popcornmix@gmail.com>
Reviewed-by: Maxime Ripard <mripard@kernel.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20240621152055.4180873-17-dave.stevenson@raspberrypi.com
Signed-off-by: Dave Stevenson <dave.stevenson@raspberrypi.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/vc4/vc4_hdmi.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/gpu/drm/vc4/vc4_hdmi.c b/drivers/gpu/drm/vc4/vc4_hdmi.c
index cb424604484f1..9b2b07104a7ac 100644
--- a/drivers/gpu/drm/vc4/vc4_hdmi.c
+++ b/drivers/gpu/drm/vc4/vc4_hdmi.c
@@ -147,6 +147,8 @@ static int vc4_hdmi_debugfs_regs(struct seq_file *m, void *unused)
if (!drm_dev_enter(drm, &idx))
return -ENODEV;
+ WARN_ON(pm_runtime_resume_and_get(&vc4_hdmi->pdev->dev));
+
drm_print_regset32(&p, &vc4_hdmi->hdmi_regset);
drm_print_regset32(&p, &vc4_hdmi->hd_regset);
drm_print_regset32(&p, &vc4_hdmi->cec_regset);
@@ -156,6 +158,8 @@ static int vc4_hdmi_debugfs_regs(struct seq_file *m, void *unused)
drm_print_regset32(&p, &vc4_hdmi->ram_regset);
drm_print_regset32(&p, &vc4_hdmi->rm_regset);
+ pm_runtime_put(&vc4_hdmi->pdev->dev);
+
drm_dev_exit(idx);
return 0;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 219/817] drm/vc4: hvs: Fix dlist debug not resetting the next entry pointer
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (217 preceding siblings ...)
2024-12-03 14:36 ` [PATCH 6.11 218/817] drm/vc4: hdmi: Avoid hang with debug registers when suspended Greg Kroah-Hartman
@ 2024-12-03 14:36 ` Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 220/817] drm/vc4: hvs: Remove incorrect limit from hvs_dlist debugfs function Greg Kroah-Hartman
` (607 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:36 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Maxime Ripard, Dave Stevenson,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dave Stevenson <dave.stevenson@raspberrypi.com>
[ Upstream commit 6d5f76e0544b04ec5bdd2a09c19d90aeeb2cd479 ]
The debug function to display the dlists didn't reset next_entry_start
when starting each display, so resulting in not stopping the
list at the correct place.
Fixes: c6dac00340fc ("drm/vc4: hvs: Add debugfs node that dumps the current display lists")
Reviewed-by: Maxime Ripard <mripard@kernel.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20240621152055.4180873-18-dave.stevenson@raspberrypi.com
Signed-off-by: Dave Stevenson <dave.stevenson@raspberrypi.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/vc4/vc4_hvs.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/vc4/vc4_hvs.c b/drivers/gpu/drm/vc4/vc4_hvs.c
index 1ac55c19197cb..7137a90e6efa7 100644
--- a/drivers/gpu/drm/vc4/vc4_hvs.c
+++ b/drivers/gpu/drm/vc4/vc4_hvs.c
@@ -110,7 +110,7 @@ static int vc4_hvs_debugfs_dlist(struct seq_file *m, void *data)
struct vc4_dev *vc4 = to_vc4_dev(dev);
struct vc4_hvs *hvs = vc4->hvs;
struct drm_printer p = drm_seq_file_printer(m);
- unsigned int next_entry_start = 0;
+ unsigned int next_entry_start;
unsigned int i, j;
u32 dlist_word, dispstat;
@@ -124,6 +124,7 @@ static int vc4_hvs_debugfs_dlist(struct seq_file *m, void *data)
}
drm_printf(&p, "HVS chan %u:\n", i);
+ next_entry_start = 0;
for (j = HVS_READ(SCALER_DISPLISTX(i)); j < 256; j++) {
dlist_word = readl((u32 __iomem *)vc4->hvs->dlist + j);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 220/817] drm/vc4: hvs: Remove incorrect limit from hvs_dlist debugfs function
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (218 preceding siblings ...)
2024-12-03 14:36 ` [PATCH 6.11 219/817] drm/vc4: hvs: Fix dlist debug not resetting the next entry pointer Greg Kroah-Hartman
@ 2024-12-03 14:36 ` Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 221/817] drm/vc4: hvs: Correct logic on stopping an HVS channel Greg Kroah-Hartman
` (606 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:36 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Maxime Ripard, Dave Stevenson,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dave Stevenson <dave.stevenson@raspberrypi.com>
[ Upstream commit d285bb622ebdfaa84f51df3a1abccb87036157ea ]
The debugfs function to dump dlists aborted at 256 bytes,
when actually the dlist memory is generally significantly
larger but varies based on SoC.
We already have the correct limit in __vc4_hvs_alloc, so
store it for use in the debugfs dlist function.
Fixes: c6dac00340fc ("drm/vc4: hvs: Add debugfs node that dumps the current display lists")
Reviewed-by: Maxime Ripard <mripard@kernel.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20240621152055.4180873-19-dave.stevenson@raspberrypi.com
Signed-off-by: Dave Stevenson <dave.stevenson@raspberrypi.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/vc4/vc4_drv.h | 1 +
drivers/gpu/drm/vc4/vc4_hvs.c | 6 ++++--
2 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/vc4/vc4_drv.h b/drivers/gpu/drm/vc4/vc4_drv.h
index 08e29fa825635..d463fabf5ecce 100644
--- a/drivers/gpu/drm/vc4/vc4_drv.h
+++ b/drivers/gpu/drm/vc4/vc4_drv.h
@@ -315,6 +315,7 @@ struct vc4_hvs {
struct platform_device *pdev;
void __iomem *regs;
u32 __iomem *dlist;
+ unsigned int dlist_mem_size;
struct clk *core_clk;
diff --git a/drivers/gpu/drm/vc4/vc4_hvs.c b/drivers/gpu/drm/vc4/vc4_hvs.c
index 7137a90e6efa7..3e72219a6a75f 100644
--- a/drivers/gpu/drm/vc4/vc4_hvs.c
+++ b/drivers/gpu/drm/vc4/vc4_hvs.c
@@ -110,6 +110,7 @@ static int vc4_hvs_debugfs_dlist(struct seq_file *m, void *data)
struct vc4_dev *vc4 = to_vc4_dev(dev);
struct vc4_hvs *hvs = vc4->hvs;
struct drm_printer p = drm_seq_file_printer(m);
+ unsigned int dlist_mem_size = hvs->dlist_mem_size;
unsigned int next_entry_start;
unsigned int i, j;
u32 dlist_word, dispstat;
@@ -126,7 +127,7 @@ static int vc4_hvs_debugfs_dlist(struct seq_file *m, void *data)
drm_printf(&p, "HVS chan %u:\n", i);
next_entry_start = 0;
- for (j = HVS_READ(SCALER_DISPLISTX(i)); j < 256; j++) {
+ for (j = HVS_READ(SCALER_DISPLISTX(i)); j < dlist_mem_size; j++) {
dlist_word = readl((u32 __iomem *)vc4->hvs->dlist + j);
drm_printf(&p, "dlist: %02d: 0x%08x\n", j,
dlist_word);
@@ -804,9 +805,10 @@ struct vc4_hvs *__vc4_hvs_alloc(struct vc4_dev *vc4, struct platform_device *pde
* our 16K), since we don't want to scramble the screen when
* transitioning from the firmware's boot setup to runtime.
*/
+ hvs->dlist_mem_size = (SCALER_DLIST_SIZE >> 2) - HVS_BOOTLOADER_DLIST_END;
drm_mm_init(&hvs->dlist_mm,
HVS_BOOTLOADER_DLIST_END,
- (SCALER_DLIST_SIZE >> 2) - HVS_BOOTLOADER_DLIST_END);
+ hvs->dlist_mem_size);
/* Set up the HVS LBM memory manager. We could have some more
* complicated data structure that allowed reuse of LBM areas
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 221/817] drm/vc4: hvs: Correct logic on stopping an HVS channel
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (219 preceding siblings ...)
2024-12-03 14:36 ` [PATCH 6.11 220/817] drm/vc4: hvs: Remove incorrect limit from hvs_dlist debugfs function Greg Kroah-Hartman
@ 2024-12-03 14:36 ` Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 222/817] wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() Greg Kroah-Hartman
` (605 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:36 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Maxime Ripard, Dave Stevenson,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dave Stevenson <dave.stevenson@raspberrypi.com>
[ Upstream commit 7ab6512e7942889c0962588355cb92424a690be6 ]
When factoring out __vc4_hvs_stop_channel, the logic got inverted from
if (condition)
// stop channel
to
if (condition)
goto out
//stop channel
out:
and also changed the exact register writes used to stop the channel.
Correct the logic so that the channel is actually stopped, and revert
to the original register writes.
Fixes: 6d01a106b4c8 ("drm/vc4: crtc: Move HVS init and close to a function")
Reviewed-by: Maxime Ripard <mripard@kernel.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20240621152055.4180873-32-dave.stevenson@raspberrypi.com
Signed-off-by: Dave Stevenson <dave.stevenson@raspberrypi.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/vc4/vc4_hvs.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/drivers/gpu/drm/vc4/vc4_hvs.c b/drivers/gpu/drm/vc4/vc4_hvs.c
index 3e72219a6a75f..27c8fb9efa854 100644
--- a/drivers/gpu/drm/vc4/vc4_hvs.c
+++ b/drivers/gpu/drm/vc4/vc4_hvs.c
@@ -420,13 +420,11 @@ void vc4_hvs_stop_channel(struct vc4_hvs *hvs, unsigned int chan)
if (!drm_dev_enter(drm, &idx))
return;
- if (HVS_READ(SCALER_DISPCTRLX(chan)) & SCALER_DISPCTRLX_ENABLE)
+ if (!(HVS_READ(SCALER_DISPCTRLX(chan)) & SCALER_DISPCTRLX_ENABLE))
goto out;
- HVS_WRITE(SCALER_DISPCTRLX(chan),
- HVS_READ(SCALER_DISPCTRLX(chan)) | SCALER_DISPCTRLX_RESET);
- HVS_WRITE(SCALER_DISPCTRLX(chan),
- HVS_READ(SCALER_DISPCTRLX(chan)) & ~SCALER_DISPCTRLX_ENABLE);
+ HVS_WRITE(SCALER_DISPCTRLX(chan), SCALER_DISPCTRLX_RESET);
+ HVS_WRITE(SCALER_DISPCTRLX(chan), 0);
/* Once we leave, the scaler should be disabled and its fifo empty. */
WARN_ON_ONCE(HVS_READ(SCALER_DISPCTRLX(chan)) & SCALER_DISPCTRLX_RESET);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 222/817] wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (220 preceding siblings ...)
2024-12-03 14:36 ` [PATCH 6.11 221/817] drm/vc4: hvs: Correct logic on stopping an HVS channel Greg Kroah-Hartman
@ 2024-12-03 14:36 ` Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 223/817] drm/omap: Fix possible NULL dereference Greg Kroah-Hartman
` (604 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:36 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jeongjun Park,
Toke Høiland-Jørgensen, Kalle Valo, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jeongjun Park <aha310510@gmail.com>
[ Upstream commit 8619593634cbdf5abf43f5714df49b04e4ef09ab ]
I found the following bug in my fuzzer:
UBSAN: array-index-out-of-bounds in drivers/net/wireless/ath/ath9k/htc_hst.c:26:51
index 255 is out of range for type 'htc_endpoint [22]'
CPU: 0 UID: 0 PID: 8 Comm: kworker/0:0 Not tainted 6.11.0-rc6-dirty #14
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
Workqueue: events request_firmware_work_func
Call Trace:
<TASK>
dump_stack_lvl+0x180/0x1b0
__ubsan_handle_out_of_bounds+0xd4/0x130
htc_issue_send.constprop.0+0x20c/0x230
? _raw_spin_unlock_irqrestore+0x3c/0x70
ath9k_wmi_cmd+0x41d/0x610
? mark_held_locks+0x9f/0xe0
...
Since this bug has been confirmed to be caused by insufficient verification
of conn_rsp_epid, I think it would be appropriate to add a range check for
conn_rsp_epid to htc_connect_service() to prevent the bug from occurring.
Fixes: fb9987d0f748 ("ath9k_htc: Support for AR9271 chipset.")
Signed-off-by: Jeongjun Park <aha310510@gmail.com>
Acked-by: Toke Høiland-Jørgensen <toke@toke.dk>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://patch.msgid.link/20240909103855.68006-1-aha310510@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath9k/htc_hst.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/net/wireless/ath/ath9k/htc_hst.c b/drivers/net/wireless/ath/ath9k/htc_hst.c
index eb631fd3336d8..b5257b2b4aa52 100644
--- a/drivers/net/wireless/ath/ath9k/htc_hst.c
+++ b/drivers/net/wireless/ath/ath9k/htc_hst.c
@@ -294,6 +294,9 @@ int htc_connect_service(struct htc_target *target,
return -ETIMEDOUT;
}
+ if (target->conn_rsp_epid < 0 || target->conn_rsp_epid >= ENDPOINT_MAX)
+ return -EINVAL;
+
*conn_rsp_epid = target->conn_rsp_epid;
return 0;
err:
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 223/817] drm/omap: Fix possible NULL dereference
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (221 preceding siblings ...)
2024-12-03 14:36 ` [PATCH 6.11 222/817] wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() Greg Kroah-Hartman
@ 2024-12-03 14:36 ` Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 224/817] drm/omap: Fix locking in omap_gem_new_dmabuf() Greg Kroah-Hartman
` (603 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:36 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Sebastian Reichel, Tomi Valkeinen,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tomi Valkeinen <tomi.valkeinen@ideasonboard.com>
[ Upstream commit a88fee2d67d9b78c24630a987a88ccf886b2498b ]
smatch reports:
drivers/gpu/drm/omapdrm/dss/base.c:176 omapdss_device_disconnect() error: we previously assumed 'src' could be null (see line 169)
This code is mostly from a time when omapdrm had its own display device
model. I can't honestly remember the details, and I don't think it's
worth digging in deeply into that for a legacy driver.
However, it looks like we only call omapdss_device_disconnect() and
omapdss_device_connect() with NULL as the src parameter. We can thus
drop the src parameter from both functions, and fix the smatch warning.
I don't think omapdss_device_disconnect() ever gets NULL for the dst
parameter (if it did, we'd crash soon after returning from the
function), but I have kept the !dst check, just in case, but I added a
WARN_ON() there.
Also, if the dst parameter can be NULL, we can't always get the struct
dss_device pointer from dst->dss (which is only used for a debug print).
To make sure we can't hit that issue, do it similarly to the
omapdss_device_connect() function: add 'struct dss_device *dss' as the
first parameter, so that we always have it regardless of the dst.
Fixes: 79107f274b2f ("drm/omap: Add support for drm_bridge")
Reviewed-by: Sebastian Reichel <sebastian.reichel@collabora.com>
Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ideasonboard.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20240806-omapdrm-misc-fixes-v1-1-15d31aea0831@ideasonboard.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/omapdrm/dss/base.c | 25 ++++++-------------------
drivers/gpu/drm/omapdrm/dss/omapdss.h | 3 +--
drivers/gpu/drm/omapdrm/omap_drv.c | 4 ++--
3 files changed, 9 insertions(+), 23 deletions(-)
diff --git a/drivers/gpu/drm/omapdrm/dss/base.c b/drivers/gpu/drm/omapdrm/dss/base.c
index 050ca7eafac58..556e0f9026bed 100644
--- a/drivers/gpu/drm/omapdrm/dss/base.c
+++ b/drivers/gpu/drm/omapdrm/dss/base.c
@@ -139,21 +139,13 @@ static bool omapdss_device_is_connected(struct omap_dss_device *dssdev)
}
int omapdss_device_connect(struct dss_device *dss,
- struct omap_dss_device *src,
struct omap_dss_device *dst)
{
- dev_dbg(&dss->pdev->dev, "connect(%s, %s)\n",
- src ? dev_name(src->dev) : "NULL",
+ dev_dbg(&dss->pdev->dev, "connect(%s)\n",
dst ? dev_name(dst->dev) : "NULL");
- if (!dst) {
- /*
- * The destination is NULL when the source is connected to a
- * bridge instead of a DSS device. Stop here, we will attach
- * the bridge later when we will have a DRM encoder.
- */
- return src && src->bridge ? 0 : -EINVAL;
- }
+ if (!dst)
+ return -EINVAL;
if (omapdss_device_is_connected(dst))
return -EBUSY;
@@ -163,19 +155,14 @@ int omapdss_device_connect(struct dss_device *dss,
return 0;
}
-void omapdss_device_disconnect(struct omap_dss_device *src,
+void omapdss_device_disconnect(struct dss_device *dss,
struct omap_dss_device *dst)
{
- struct dss_device *dss = src ? src->dss : dst->dss;
-
- dev_dbg(&dss->pdev->dev, "disconnect(%s, %s)\n",
- src ? dev_name(src->dev) : "NULL",
+ dev_dbg(&dss->pdev->dev, "disconnect(%s)\n",
dst ? dev_name(dst->dev) : "NULL");
- if (!dst) {
- WARN_ON(!src->bridge);
+ if (WARN_ON(!dst))
return;
- }
if (!dst->id && !omapdss_device_is_connected(dst)) {
WARN_ON(1);
diff --git a/drivers/gpu/drm/omapdrm/dss/omapdss.h b/drivers/gpu/drm/omapdrm/dss/omapdss.h
index 040d5a3e33d68..4c22c09c93d52 100644
--- a/drivers/gpu/drm/omapdrm/dss/omapdss.h
+++ b/drivers/gpu/drm/omapdrm/dss/omapdss.h
@@ -242,9 +242,8 @@ struct omap_dss_device *omapdss_device_get(struct omap_dss_device *dssdev);
void omapdss_device_put(struct omap_dss_device *dssdev);
struct omap_dss_device *omapdss_find_device_by_node(struct device_node *node);
int omapdss_device_connect(struct dss_device *dss,
- struct omap_dss_device *src,
struct omap_dss_device *dst);
-void omapdss_device_disconnect(struct omap_dss_device *src,
+void omapdss_device_disconnect(struct dss_device *dss,
struct omap_dss_device *dst);
int omap_dss_get_num_overlay_managers(void);
diff --git a/drivers/gpu/drm/omapdrm/omap_drv.c b/drivers/gpu/drm/omapdrm/omap_drv.c
index d3eac4817d768..a982378aa1411 100644
--- a/drivers/gpu/drm/omapdrm/omap_drv.c
+++ b/drivers/gpu/drm/omapdrm/omap_drv.c
@@ -307,7 +307,7 @@ static void omap_disconnect_pipelines(struct drm_device *ddev)
for (i = 0; i < priv->num_pipes; i++) {
struct omap_drm_pipeline *pipe = &priv->pipes[i];
- omapdss_device_disconnect(NULL, pipe->output);
+ omapdss_device_disconnect(priv->dss, pipe->output);
omapdss_device_put(pipe->output);
pipe->output = NULL;
@@ -325,7 +325,7 @@ static int omap_connect_pipelines(struct drm_device *ddev)
int r;
for_each_dss_output(output) {
- r = omapdss_device_connect(priv->dss, NULL, output);
+ r = omapdss_device_connect(priv->dss, output);
if (r == -EPROBE_DEFER) {
omapdss_device_put(output);
return r;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 224/817] drm/omap: Fix locking in omap_gem_new_dmabuf()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (222 preceding siblings ...)
2024-12-03 14:36 ` [PATCH 6.11 223/817] drm/omap: Fix possible NULL dereference Greg Kroah-Hartman
@ 2024-12-03 14:36 ` Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 225/817] drm/v3d: Appease lockdep while updating GPU stats Greg Kroah-Hartman
` (602 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:36 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dan Carpenter, Sebastian Reichel,
Tomi Valkeinen, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tomi Valkeinen <tomi.valkeinen@ideasonboard.com>
[ Upstream commit e6a1c4037227539373c8cf484ace83833e2ad6a2 ]
omap_gem_new_dmabuf() creates the new gem object, and then takes and
holds the omap_obj->lock for the rest of the function. This has two
issues:
- omap_gem_free_object(), which is called in the error paths, also takes
the same lock, leading to deadlock
- Even if the above wouldn't happen, in the error cases
omap_gem_new_dmabuf() still unlocks omap_obj->lock, even after the
omap_obj has already been freed.
Furthermore, I don't think there's any reason to take the lock at all,
as the object was just created and not yet shared with anyone else.
To fix all this, drop taking the lock.
Fixes: 3cbd0c587b12 ("drm/omap: gem: Replace struct_mutex usage with omap_obj private lock")
Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Closes: https://lore.kernel.org/all/511b99d7-aade-4f92-bd3e-63163a13d617@stanley.mountain/
Reviewed-by: Sebastian Reichel <sebastian.reichel@collabora.com>
Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ideasonboard.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20240806-omapdrm-misc-fixes-v1-3-15d31aea0831@ideasonboard.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/omapdrm/omap_gem.c | 10 ++--------
1 file changed, 2 insertions(+), 8 deletions(-)
diff --git a/drivers/gpu/drm/omapdrm/omap_gem.c b/drivers/gpu/drm/omapdrm/omap_gem.c
index fdae677558f3e..b9c67e4ca3605 100644
--- a/drivers/gpu/drm/omapdrm/omap_gem.c
+++ b/drivers/gpu/drm/omapdrm/omap_gem.c
@@ -1402,8 +1402,6 @@ struct drm_gem_object *omap_gem_new_dmabuf(struct drm_device *dev, size_t size,
omap_obj = to_omap_bo(obj);
- mutex_lock(&omap_obj->lock);
-
omap_obj->sgt = sgt;
if (omap_gem_sgt_is_contiguous(sgt, size)) {
@@ -1418,21 +1416,17 @@ struct drm_gem_object *omap_gem_new_dmabuf(struct drm_device *dev, size_t size,
pages = kcalloc(npages, sizeof(*pages), GFP_KERNEL);
if (!pages) {
omap_gem_free_object(obj);
- obj = ERR_PTR(-ENOMEM);
- goto done;
+ return ERR_PTR(-ENOMEM);
}
omap_obj->pages = pages;
ret = drm_prime_sg_to_page_array(sgt, pages, npages);
if (ret) {
omap_gem_free_object(obj);
- obj = ERR_PTR(-ENOMEM);
- goto done;
+ return ERR_PTR(-ENOMEM);
}
}
-done:
- mutex_unlock(&omap_obj->lock);
return obj;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 225/817] drm/v3d: Appease lockdep while updating GPU stats
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (223 preceding siblings ...)
2024-12-03 14:36 ` [PATCH 6.11 224/817] drm/omap: Fix locking in omap_gem_new_dmabuf() Greg Kroah-Hartman
@ 2024-12-03 14:36 ` Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 226/817] wifi: p54: Use IRQF_NO_AUTOEN flag in request_irq() Greg Kroah-Hartman
` (601 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:36 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Maíra Canal, Tvrtko Ursulin,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tvrtko Ursulin <tvrtko.ursulin@igalia.com>
[ Upstream commit 06c3c406850e5495bb56ccf624d0c9477e1ba901 ]
Lockdep thinks our seqcount_t usage is unsafe because the update path can
be both from irq and worker context:
[ ] ================================
[ ] WARNING: inconsistent lock state
[ ] 6.10.3-v8-16k-numa #159 Tainted: G WC
[ ] --------------------------------
[ ] inconsistent {HARDIRQ-ON-W} -> {IN-HARDIRQ-W} usage.
[ ] swapper/0/0 [HC1[1]:SC0[0]:HE0:SE1] takes:
[ ] ffff80003d7c08d0 (&v3d_priv->stats[i].lock){?.+.}-{0:0}, at: v3d_irq+0xc8/0x660 [v3d]
[ ] {HARDIRQ-ON-W} state was registered at:
[ ] lock_acquire+0x1f8/0x328
[ ] v3d_job_start_stats.isra.0+0xd8/0x218 [v3d]
[ ] v3d_bin_job_run+0x23c/0x388 [v3d]
[ ] drm_sched_run_job_work+0x520/0x6d0 [gpu_sched]
[ ] process_one_work+0x62c/0xb48
[ ] worker_thread+0x468/0x5b0
[ ] kthread+0x1c4/0x1e0
[ ] ret_from_fork+0x10/0x20
[ ] irq event stamp: 337094
[ ] hardirqs last enabled at (337093): [<ffffc0008144ce7c>] default_idle_call+0x11c/0x140
[ ] hardirqs last disabled at (337094): [<ffffc0008144a354>] el1_interrupt+0x24/0x58
[ ] softirqs last enabled at (337082): [<ffffc00080061d90>] handle_softirqs+0x4e0/0x538
[ ] softirqs last disabled at (337073): [<ffffc00080010364>] __do_softirq+0x1c/0x28
[ ]
other info that might help us debug this:
[ ] Possible unsafe locking scenario:
[ ] CPU0
[ ] ----
[ ] lock(&v3d_priv->stats[i].lock);
[ ] <Interrupt>
[ ] lock(&v3d_priv->stats[i].lock);
[ ]
*** DEADLOCK ***
[ ] no locks held by swapper/0/0.
[ ]
stack backtrace:
[ ] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G WC 6.10.3-v8-16k-numa #159
[ ] Hardware name: Raspberry Pi 5 Model B Rev 1.0 (DT)
[ ] Call trace:
[ ] dump_backtrace+0x170/0x1b8
[ ] show_stack+0x20/0x38
[ ] dump_stack_lvl+0xb4/0xd0
[ ] dump_stack+0x18/0x28
[ ] print_usage_bug+0x3cc/0x3f0
[ ] mark_lock+0x4d0/0x968
[ ] __lock_acquire+0x784/0x18c8
[ ] lock_acquire+0x1f8/0x328
[ ] v3d_job_update_stats+0xec/0x2e0 [v3d]
[ ] v3d_irq+0xc8/0x660 [v3d]
[ ] __handle_irq_event_percpu+0x1f8/0x488
[ ] handle_irq_event+0x88/0x128
[ ] handle_fasteoi_irq+0x298/0x408
[ ] generic_handle_domain_irq+0x50/0x78
But it is a false positive because all the queue-stats pairs have their
own lock and jobs are also one at a time.
Nevertheless we can appease lockdep by disabling local interrupts to make
it see lock usage is consistent.
Cc: Maíra Canal <mcanal@igalia.com>
Fixes: 6abe93b621ab ("drm/v3d: Fix race-condition between sysfs/fdinfo and interrupt handler")
Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin@igalia.com>
Signed-off-by: Maíra Canal <mcanal@igalia.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20240813102505.80512-2-tursulin@igalia.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/v3d/v3d_sched.c | 46 +++++++++++++++++++++++++++++----
1 file changed, 41 insertions(+), 5 deletions(-)
diff --git a/drivers/gpu/drm/v3d/v3d_sched.c b/drivers/gpu/drm/v3d/v3d_sched.c
index ad1e6236ff6ff..255bd9100c78a 100644
--- a/drivers/gpu/drm/v3d/v3d_sched.c
+++ b/drivers/gpu/drm/v3d/v3d_sched.c
@@ -133,8 +133,31 @@ v3d_job_start_stats(struct v3d_job *job, enum v3d_queue queue)
struct v3d_stats *global_stats = &v3d->queue[queue].stats;
struct v3d_stats *local_stats = &file->stats[queue];
u64 now = local_clock();
-
- preempt_disable();
+ unsigned long flags;
+
+ /*
+ * We only need to disable local interrupts to appease lockdep who
+ * otherwise would think v3d_job_start_stats vs v3d_stats_update has an
+ * unsafe in-irq vs no-irq-off usage problem. This is a false positive
+ * because all the locks are per queue and stats type, and all jobs are
+ * completely one at a time serialised. More specifically:
+ *
+ * 1. Locks for GPU queues are updated from interrupt handlers under a
+ * spin lock and started here with preemption disabled.
+ *
+ * 2. Locks for CPU queues are updated from the worker with preemption
+ * disabled and equally started here with preemption disabled.
+ *
+ * Therefore both are consistent.
+ *
+ * 3. Because next job can only be queued after the previous one has
+ * been signaled, and locks are per queue, there is also no scope for
+ * the start part to race with the update part.
+ */
+ if (IS_ENABLED(CONFIG_LOCKDEP))
+ local_irq_save(flags);
+ else
+ preempt_disable();
write_seqcount_begin(&local_stats->lock);
local_stats->start_ns = now;
@@ -144,7 +167,10 @@ v3d_job_start_stats(struct v3d_job *job, enum v3d_queue queue)
global_stats->start_ns = now;
write_seqcount_end(&global_stats->lock);
- preempt_enable();
+ if (IS_ENABLED(CONFIG_LOCKDEP))
+ local_irq_restore(flags);
+ else
+ preempt_enable();
}
static void
@@ -165,11 +191,21 @@ v3d_job_update_stats(struct v3d_job *job, enum v3d_queue queue)
struct v3d_stats *global_stats = &v3d->queue[queue].stats;
struct v3d_stats *local_stats = &file->stats[queue];
u64 now = local_clock();
+ unsigned long flags;
+
+ /* See comment in v3d_job_start_stats() */
+ if (IS_ENABLED(CONFIG_LOCKDEP))
+ local_irq_save(flags);
+ else
+ preempt_disable();
- preempt_disable();
v3d_stats_update(local_stats, now);
v3d_stats_update(global_stats, now);
- preempt_enable();
+
+ if (IS_ENABLED(CONFIG_LOCKDEP))
+ local_irq_restore(flags);
+ else
+ preempt_enable();
}
static struct dma_fence *v3d_bin_job_run(struct drm_sched_job *sched_job)
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 226/817] wifi: p54: Use IRQF_NO_AUTOEN flag in request_irq()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (224 preceding siblings ...)
2024-12-03 14:36 ` [PATCH 6.11 225/817] drm/v3d: Appease lockdep while updating GPU stats Greg Kroah-Hartman
@ 2024-12-03 14:36 ` Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 227/817] wifi: mwifiex: " Greg Kroah-Hartman
` (600 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:36 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Jinjie Ruan, Kalle Valo, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jinjie Ruan <ruanjinjie@huawei.com>
[ Upstream commit bcd1371bd85e560ccc9159b7747f94bfe43b77a6 ]
disable_irq() after request_irq() still has a time gap in which
interrupts can come. request_irq() with IRQF_NO_AUTOEN flag will
disable IRQ auto-enable when request IRQ.
Fixes: cd8d3d321285 ("p54spi: p54spi driver")
Signed-off-by: Jinjie Ruan <ruanjinjie@huawei.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://patch.msgid.link/20240910124314.698896-2-ruanjinjie@huawei.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/intersil/p54/p54spi.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/drivers/net/wireless/intersil/p54/p54spi.c b/drivers/net/wireless/intersil/p54/p54spi.c
index d33a994906a7b..27f44a9f0bc1f 100644
--- a/drivers/net/wireless/intersil/p54/p54spi.c
+++ b/drivers/net/wireless/intersil/p54/p54spi.c
@@ -624,7 +624,7 @@ static int p54spi_probe(struct spi_device *spi)
gpio_direction_input(p54spi_gpio_irq);
ret = request_irq(gpio_to_irq(p54spi_gpio_irq),
- p54spi_interrupt, 0, "p54spi",
+ p54spi_interrupt, IRQF_NO_AUTOEN, "p54spi",
priv->spi);
if (ret < 0) {
dev_err(&priv->spi->dev, "request_irq() failed");
@@ -633,8 +633,6 @@ static int p54spi_probe(struct spi_device *spi)
irq_set_irq_type(gpio_to_irq(p54spi_gpio_irq), IRQ_TYPE_EDGE_RISING);
- disable_irq(gpio_to_irq(p54spi_gpio_irq));
-
INIT_WORK(&priv->work, p54spi_work);
init_completion(&priv->fw_comp);
INIT_LIST_HEAD(&priv->tx_pending);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 227/817] wifi: mwifiex: Use IRQF_NO_AUTOEN flag in request_irq()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (225 preceding siblings ...)
2024-12-03 14:36 ` [PATCH 6.11 226/817] wifi: p54: Use IRQF_NO_AUTOEN flag in request_irq() Greg Kroah-Hartman
@ 2024-12-03 14:36 ` Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 228/817] udmabuf: change folios array from kmalloc to kvmalloc Greg Kroah-Hartman
` (599 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:36 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jinjie Ruan, Brian Norris,
Kalle Valo, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jinjie Ruan <ruanjinjie@huawei.com>
[ Upstream commit 9a98dd48b6d834d7a3fe5e8e7b8c3a1d006f9685 ]
disable_irq() after request_irq() still has a time gap in which
interrupts can come. request_irq() with IRQF_NO_AUTOEN flag will
disable IRQ auto-enable when request IRQ.
Fixes: 853402a00823 ("mwifiex: Enable WoWLAN for both sdio and pcie")
Signed-off-by: Jinjie Ruan <ruanjinjie@huawei.com>
Acked-by: Brian Norris <briannorris@chromium.org>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://patch.msgid.link/20240910124314.698896-3-ruanjinjie@huawei.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/marvell/mwifiex/main.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireless/marvell/mwifiex/main.c b/drivers/net/wireless/marvell/mwifiex/main.c
index d99127dc466ec..6c60a4c21a312 100644
--- a/drivers/net/wireless/marvell/mwifiex/main.c
+++ b/drivers/net/wireless/marvell/mwifiex/main.c
@@ -1633,7 +1633,8 @@ static void mwifiex_probe_of(struct mwifiex_adapter *adapter)
}
ret = devm_request_irq(dev, adapter->irq_wakeup,
- mwifiex_irq_wakeup_handler, IRQF_TRIGGER_LOW,
+ mwifiex_irq_wakeup_handler,
+ IRQF_TRIGGER_LOW | IRQF_NO_AUTOEN,
"wifi_wake", adapter);
if (ret) {
dev_err(dev, "Failed to request irq_wakeup %d (%d)\n",
@@ -1641,7 +1642,6 @@ static void mwifiex_probe_of(struct mwifiex_adapter *adapter)
goto err_exit;
}
- disable_irq(adapter->irq_wakeup);
if (device_init_wakeup(dev, true)) {
dev_err(dev, "fail to init wakeup for mwifiex\n");
goto err_exit;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 228/817] udmabuf: change folios array from kmalloc to kvmalloc
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (226 preceding siblings ...)
2024-12-03 14:36 ` [PATCH 6.11 227/817] wifi: mwifiex: " Greg Kroah-Hartman
@ 2024-12-03 14:36 ` Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 229/817] udmabuf: fix vmap_udmabuf error page set Greg Kroah-Hartman
` (598 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:36 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Huan Yang, Christian König,
Vivek Kasireddy, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Huan Yang <link@vivo.com>
[ Upstream commit 1c0844c6184e658064e14c4335885785ad3bf84b ]
When PAGE_SIZE 4096, MAX_PAGE_ORDER 10, 64bit machine,
page_alloc only support 4MB.
If above this, trigger this warn and return NULL.
udmabuf can change size limit, if change it to 3072(3GB), and then alloc
3GB udmabuf, will fail create.
[ 4080.876581] ------------[ cut here ]------------
[ 4080.876843] WARNING: CPU: 3 PID: 2015 at mm/page_alloc.c:4556 __alloc_pages+0x2c8/0x350
[ 4080.878839] RIP: 0010:__alloc_pages+0x2c8/0x350
[ 4080.879470] Call Trace:
[ 4080.879473] <TASK>
[ 4080.879473] ? __alloc_pages+0x2c8/0x350
[ 4080.879475] ? __warn.cold+0x8e/0xe8
[ 4080.880647] ? __alloc_pages+0x2c8/0x350
[ 4080.880909] ? report_bug+0xff/0x140
[ 4080.881175] ? handle_bug+0x3c/0x80
[ 4080.881556] ? exc_invalid_op+0x17/0x70
[ 4080.881559] ? asm_exc_invalid_op+0x1a/0x20
[ 4080.882077] ? udmabuf_create+0x131/0x400
Because MAX_PAGE_ORDER, kmalloc can max alloc 4096 * (1 << 10), 4MB
memory, each array entry is pointer(8byte), so can save 524288 pages(2GB).
Further more, costly order(order 3) may not be guaranteed that it can be
applied for, due to fragmentation.
This patch change udmabuf array use kvmalloc_array, this can fallback
alloc into vmalloc, which can guarantee allocation for any size and does
not affect the performance of kmalloc allocations.
Signed-off-by: Huan Yang <link@vivo.com>
Acked-by: Christian König <christian.koenig@amd.com>
Acked-by: Vivek Kasireddy <vivek.kasireddy@intel.com>
Signed-off-by: Vivek Kasireddy <vivek.kasireddy@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20240918025238.2957823-3-link@vivo.com
Stable-dep-of: 18d7de823b71 ("udmabuf: fix vmap_udmabuf error page set")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/dma-buf/udmabuf.c | 26 +++++++++++++-------------
1 file changed, 13 insertions(+), 13 deletions(-)
diff --git a/drivers/dma-buf/udmabuf.c b/drivers/dma-buf/udmabuf.c
index 047c3cd2cefff..bc94c194e172d 100644
--- a/drivers/dma-buf/udmabuf.c
+++ b/drivers/dma-buf/udmabuf.c
@@ -80,7 +80,7 @@ static int vmap_udmabuf(struct dma_buf *buf, struct iosys_map *map)
dma_resv_assert_held(buf->resv);
- pages = kmalloc_array(ubuf->pagecount, sizeof(*pages), GFP_KERNEL);
+ pages = kvmalloc_array(ubuf->pagecount, sizeof(*pages), GFP_KERNEL);
if (!pages)
return -ENOMEM;
@@ -88,7 +88,7 @@ static int vmap_udmabuf(struct dma_buf *buf, struct iosys_map *map)
pages[pg] = &ubuf->folios[pg]->page;
vaddr = vm_map_ram(pages, ubuf->pagecount, -1);
- kfree(pages);
+ kvfree(pages);
if (!vaddr)
return -EINVAL;
@@ -196,8 +196,8 @@ static void release_udmabuf(struct dma_buf *buf)
put_sg_table(dev, ubuf->sg, DMA_BIDIRECTIONAL);
unpin_all_folios(&ubuf->unpin_list);
- kfree(ubuf->offsets);
- kfree(ubuf->folios);
+ kvfree(ubuf->offsets);
+ kvfree(ubuf->folios);
kfree(ubuf);
}
@@ -322,14 +322,14 @@ static long udmabuf_create(struct miscdevice *device,
if (!ubuf->pagecount)
goto err;
- ubuf->folios = kmalloc_array(ubuf->pagecount, sizeof(*ubuf->folios),
- GFP_KERNEL);
+ ubuf->folios = kvmalloc_array(ubuf->pagecount, sizeof(*ubuf->folios),
+ GFP_KERNEL);
if (!ubuf->folios) {
ret = -ENOMEM;
goto err;
}
- ubuf->offsets = kcalloc(ubuf->pagecount, sizeof(*ubuf->offsets),
- GFP_KERNEL);
+ ubuf->offsets = kvcalloc(ubuf->pagecount, sizeof(*ubuf->offsets),
+ GFP_KERNEL);
if (!ubuf->offsets) {
ret = -ENOMEM;
goto err;
@@ -343,7 +343,7 @@ static long udmabuf_create(struct miscdevice *device,
goto err;
pgcnt = list[i].size >> PAGE_SHIFT;
- folios = kmalloc_array(pgcnt, sizeof(*folios), GFP_KERNEL);
+ folios = kvmalloc_array(pgcnt, sizeof(*folios), GFP_KERNEL);
if (!folios) {
ret = -ENOMEM;
goto err;
@@ -353,7 +353,7 @@ static long udmabuf_create(struct miscdevice *device,
ret = memfd_pin_folios(memfd, list[i].offset, end,
folios, pgcnt, &pgoff);
if (ret <= 0) {
- kfree(folios);
+ kvfree(folios);
if (!ret)
ret = -EINVAL;
goto err;
@@ -382,7 +382,7 @@ static long udmabuf_create(struct miscdevice *device,
}
}
- kfree(folios);
+ kvfree(folios);
fput(memfd);
memfd = NULL;
}
@@ -398,8 +398,8 @@ static long udmabuf_create(struct miscdevice *device,
if (memfd)
fput(memfd);
unpin_all_folios(&ubuf->unpin_list);
- kfree(ubuf->offsets);
- kfree(ubuf->folios);
+ kvfree(ubuf->offsets);
+ kvfree(ubuf->folios);
kfree(ubuf);
return ret;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 229/817] udmabuf: fix vmap_udmabuf error page set
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (227 preceding siblings ...)
2024-12-03 14:36 ` [PATCH 6.11 228/817] udmabuf: change folios array from kmalloc to kvmalloc Greg Kroah-Hartman
@ 2024-12-03 14:36 ` Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 230/817] drm/imx/dcss: Use IRQF_NO_AUTOEN flag in request_irq() Greg Kroah-Hartman
` (597 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:36 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Vivek Kasireddy, Huan Yang,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Huan Yang <link@vivo.com>
[ Upstream commit 18d7de823b7150344d242c3677e65d68c5271b04 ]
Currently vmap_udmabuf set page's array by each folio.
But, ubuf->folios is only contain's the folio's head page.
That mean we repeatedly mapped the folio head page to the vmalloc area.
Due to udmabuf can use hugetlb, if HVO enabled, tail page may not exist,
so, we can't use page array to map, instead, use pfn array.
By this, we removed page usage in udmabuf totally.
Fixes: 5e72b2b41a21 ("udmabuf: convert udmabuf driver to use folios")
Suggested-by: Vivek Kasireddy <vivek.kasireddy@intel.com>
Signed-off-by: Huan Yang <link@vivo.com>
Acked-by: Vivek Kasireddy <vivek.kasireddy@intel.com>
Signed-off-by: Vivek Kasireddy <vivek.kasireddy@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20240918025238.2957823-4-link@vivo.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/dma-buf/Kconfig | 1 +
drivers/dma-buf/udmabuf.c | 22 +++++++++++++++-------
2 files changed, 16 insertions(+), 7 deletions(-)
diff --git a/drivers/dma-buf/Kconfig b/drivers/dma-buf/Kconfig
index b46eb8a552d7b..fee04fdb08220 100644
--- a/drivers/dma-buf/Kconfig
+++ b/drivers/dma-buf/Kconfig
@@ -36,6 +36,7 @@ config UDMABUF
depends on DMA_SHARED_BUFFER
depends on MEMFD_CREATE || COMPILE_TEST
depends on MMU
+ select VMAP_PFN
help
A driver to let userspace turn memfd regions into dma-bufs.
Qemu can use this to create host dmabufs for guest framebuffers.
diff --git a/drivers/dma-buf/udmabuf.c b/drivers/dma-buf/udmabuf.c
index bc94c194e172d..a3638ccc15f57 100644
--- a/drivers/dma-buf/udmabuf.c
+++ b/drivers/dma-buf/udmabuf.c
@@ -74,21 +74,29 @@ static int mmap_udmabuf(struct dma_buf *buf, struct vm_area_struct *vma)
static int vmap_udmabuf(struct dma_buf *buf, struct iosys_map *map)
{
struct udmabuf *ubuf = buf->priv;
- struct page **pages;
+ unsigned long *pfns;
void *vaddr;
pgoff_t pg;
dma_resv_assert_held(buf->resv);
- pages = kvmalloc_array(ubuf->pagecount, sizeof(*pages), GFP_KERNEL);
- if (!pages)
+ /**
+ * HVO may free tail pages, so just use pfn to map each folio
+ * into vmalloc area.
+ */
+ pfns = kvmalloc_array(ubuf->pagecount, sizeof(*pfns), GFP_KERNEL);
+ if (!pfns)
return -ENOMEM;
- for (pg = 0; pg < ubuf->pagecount; pg++)
- pages[pg] = &ubuf->folios[pg]->page;
+ for (pg = 0; pg < ubuf->pagecount; pg++) {
+ unsigned long pfn = folio_pfn(ubuf->folios[pg]);
- vaddr = vm_map_ram(pages, ubuf->pagecount, -1);
- kvfree(pages);
+ pfn += ubuf->offsets[pg] >> PAGE_SHIFT;
+ pfns[pg] = pfn;
+ }
+
+ vaddr = vmap_pfn(pfns, ubuf->pagecount, PAGE_KERNEL);
+ kvfree(pfns);
if (!vaddr)
return -EINVAL;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 230/817] drm/imx/dcss: Use IRQF_NO_AUTOEN flag in request_irq()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (228 preceding siblings ...)
2024-12-03 14:36 ` [PATCH 6.11 229/817] udmabuf: fix vmap_udmabuf error page set Greg Kroah-Hartman
@ 2024-12-03 14:36 ` Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 231/817] drm/imx/ipuv3: " Greg Kroah-Hartman
` (596 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:36 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jinjie Ruan, Laurentiu Palcu,
Dmitry Baryshkov, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jinjie Ruan <ruanjinjie@huawei.com>
[ Upstream commit 1af01e14db7e0b45ae502d822776a58c86688763 ]
disable_irq() after request_irq() still has a time gap in which
interrupts can come. request_irq() with IRQF_NO_AUTOEN flag will
disable IRQ auto-enable when request IRQ.
Fixes: 9021c317b770 ("drm/imx: Add initial support for DCSS on iMX8MQ")
Signed-off-by: Jinjie Ruan <ruanjinjie@huawei.com>
Reviewed-by: Laurentiu Palcu <laurentiu.palcu@oss.nxp.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20240912083020.3720233-2-ruanjinjie@huawei.com
[DB: fixed the subject]
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/imx/dcss/dcss-crtc.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/drivers/gpu/drm/imx/dcss/dcss-crtc.c b/drivers/gpu/drm/imx/dcss/dcss-crtc.c
index 31267c00782fc..af91e45b5d13b 100644
--- a/drivers/gpu/drm/imx/dcss/dcss-crtc.c
+++ b/drivers/gpu/drm/imx/dcss/dcss-crtc.c
@@ -206,15 +206,13 @@ int dcss_crtc_init(struct dcss_crtc *crtc, struct drm_device *drm)
if (crtc->irq < 0)
return crtc->irq;
- ret = request_irq(crtc->irq, dcss_crtc_irq_handler,
- 0, "dcss_drm", crtc);
+ ret = request_irq(crtc->irq, dcss_crtc_irq_handler, IRQF_NO_AUTOEN,
+ "dcss_drm", crtc);
if (ret) {
dev_err(dcss->dev, "irq request failed with %d.\n", ret);
return ret;
}
- disable_irq(crtc->irq);
-
return 0;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 231/817] drm/imx/ipuv3: Use IRQF_NO_AUTOEN flag in request_irq()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (229 preceding siblings ...)
2024-12-03 14:36 ` [PATCH 6.11 230/817] drm/imx/dcss: Use IRQF_NO_AUTOEN flag in request_irq() Greg Kroah-Hartman
@ 2024-12-03 14:36 ` Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 232/817] drm/ipuv3/parallel: convert to struct drm_edid Greg Kroah-Hartman
` (595 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:36 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dmitry Baryshkov, Jinjie Ruan,
Philipp Zabel, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jinjie Ruan <ruanjinjie@huawei.com>
[ Upstream commit 40004709a3d3b07041a473a163ca911ef04ab8bd ]
disable_irq() after request_irq() still has a time gap in which
interrupts can come. request_irq() with IRQF_NO_AUTOEN flag will
disable IRQ auto-enable when request IRQ.
Fixes: 47b1be5c0f4e ("staging: imx/drm: request irq only after adding the crtc")
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Jinjie Ruan <ruanjinjie@huawei.com>
Reviewed-by: Philipp Zabel <p.zabel@pengutronix.de>
Link: https://patchwork.freedesktop.org/patch/msgid/20240912083020.3720233-4-ruanjinjie@huawei.com
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/imx/ipuv3/ipuv3-crtc.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/drivers/gpu/drm/imx/ipuv3/ipuv3-crtc.c b/drivers/gpu/drm/imx/ipuv3/ipuv3-crtc.c
index ef29c9a61a461..99db53e167bd0 100644
--- a/drivers/gpu/drm/imx/ipuv3/ipuv3-crtc.c
+++ b/drivers/gpu/drm/imx/ipuv3/ipuv3-crtc.c
@@ -410,14 +410,12 @@ static int ipu_drm_bind(struct device *dev, struct device *master, void *data)
}
ipu_crtc->irq = ipu_plane_irq(ipu_crtc->plane[0]);
- ret = devm_request_irq(ipu_crtc->dev, ipu_crtc->irq, ipu_irq_handler, 0,
- "imx_drm", ipu_crtc);
+ ret = devm_request_irq(ipu_crtc->dev, ipu_crtc->irq, ipu_irq_handler,
+ IRQF_NO_AUTOEN, "imx_drm", ipu_crtc);
if (ret < 0) {
dev_err(ipu_crtc->dev, "irq request failed with %d.\n", ret);
return ret;
}
- /* Only enable IRQ when we actually need it to trigger work. */
- disable_irq(ipu_crtc->irq);
return 0;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 232/817] drm/ipuv3/parallel: convert to struct drm_edid
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (230 preceding siblings ...)
2024-12-03 14:36 ` [PATCH 6.11 231/817] drm/imx/ipuv3: " Greg Kroah-Hartman
@ 2024-12-03 14:36 ` Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 233/817] drm/imx: parallel-display: drop edid override support Greg Kroah-Hartman
` (594 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:36 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Daniel Vetter, Jani Nikula,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jani Nikula <jani.nikula@intel.com>
[ Upstream commit 42e08287a3185409a7a1923374a557e04fc36e48 ]
Prefer the struct drm_edid based functions for storing the EDID and
updating the connector.
Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Link: https://patchwork.freedesktop.org/patch/msgid/a1698044d556072e79041d69b8702099fd17bd90.1724348429.git.jani.nikula@intel.com
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
Stable-dep-of: f673055a4678 ("drm/imx: Add missing DRM_BRIDGE_CONNECTOR dependency")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/imx/ipuv3/parallel-display.c | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)
diff --git a/drivers/gpu/drm/imx/ipuv3/parallel-display.c b/drivers/gpu/drm/imx/ipuv3/parallel-display.c
index 55dedd73f528c..91d7808a2d8d3 100644
--- a/drivers/gpu/drm/imx/ipuv3/parallel-display.c
+++ b/drivers/gpu/drm/imx/ipuv3/parallel-display.c
@@ -34,7 +34,7 @@ struct imx_parallel_display_encoder {
struct imx_parallel_display {
struct device *dev;
- void *edid;
+ const struct drm_edid *drm_edid;
u32 bus_format;
u32 bus_flags;
struct drm_display_mode mode;
@@ -62,9 +62,9 @@ static int imx_pd_connector_get_modes(struct drm_connector *connector)
if (num_modes > 0)
return num_modes;
- if (imxpd->edid) {
- drm_connector_update_edid_property(connector, imxpd->edid);
- num_modes = drm_add_edid_modes(connector, imxpd->edid);
+ if (imxpd->drm_edid) {
+ drm_edid_connector_update(connector, imxpd->drm_edid);
+ num_modes = drm_edid_connector_add_modes(connector);
}
if (np) {
@@ -331,7 +331,7 @@ static int imx_pd_probe(struct platform_device *pdev)
edidp = of_get_property(np, "edid", &edid_len);
if (edidp)
- imxpd->edid = devm_kmemdup(dev, edidp, edid_len, GFP_KERNEL);
+ imxpd->drm_edid = drm_edid_alloc(edidp, edid_len);
ret = of_property_read_string(np, "interface-pix-fmt", &fmt);
if (!ret) {
@@ -355,7 +355,11 @@ static int imx_pd_probe(struct platform_device *pdev)
static void imx_pd_remove(struct platform_device *pdev)
{
+ struct imx_parallel_display *imxpd = platform_get_drvdata(pdev);
+
component_del(&pdev->dev, &imx_pd_ops);
+
+ drm_edid_free(imxpd->drm_edid);
}
static const struct of_device_id imx_pd_dt_ids[] = {
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 233/817] drm/imx: parallel-display: drop edid override support
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (231 preceding siblings ...)
2024-12-03 14:36 ` [PATCH 6.11 232/817] drm/ipuv3/parallel: convert to struct drm_edid Greg Kroah-Hartman
@ 2024-12-03 14:36 ` Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 234/817] drm/imx: ldb: drop custom EDID support Greg Kroah-Hartman
` (593 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:36 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Philipp Zabel, Rob Herring,
Chris Healy, Dmitry Baryshkov, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
[ Upstream commit fe30fabf229f7542a10dd249079fdb83844a7dba ]
None of the in-kernel DT files ever used edid override with the
fsl-imx-drm driver. In case the EDID needs to be specified manually, DRM
core allows one to either override it via the debugfs or to load it via
request_firmware by using DRM_LOAD_EDID_FIRMWARE. In all other cases
EDID and/or modes are to be provided as a part of the panel driver.
Drop support for the edid property.
Reviewed-by: Philipp Zabel <p.zabel@pengutronix.de>
Acked-by: Rob Herring <robh@kernel.org>
Tested-by: Chris Healy <cphealy@gmail.com>
Tested-by: Philipp Zabel <p.zabel@pengutronix.de> # on imx6q-nitrogen6x
Link: https://patchwork.freedesktop.org/patch/msgid/20240602-drm-imx-cleanup-v3-4-e549e2a43100@linaro.org
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Stable-dep-of: f673055a4678 ("drm/imx: Add missing DRM_BRIDGE_CONNECTOR dependency")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/imx/ipuv3/parallel-display.c | 17 -----------------
1 file changed, 17 deletions(-)
diff --git a/drivers/gpu/drm/imx/ipuv3/parallel-display.c b/drivers/gpu/drm/imx/ipuv3/parallel-display.c
index 91d7808a2d8d3..4d17fb96e77c5 100644
--- a/drivers/gpu/drm/imx/ipuv3/parallel-display.c
+++ b/drivers/gpu/drm/imx/ipuv3/parallel-display.c
@@ -16,7 +16,6 @@
#include <drm/drm_atomic_helper.h>
#include <drm/drm_bridge.h>
-#include <drm/drm_edid.h>
#include <drm/drm_managed.h>
#include <drm/drm_of.h>
#include <drm/drm_panel.h>
@@ -34,7 +33,6 @@ struct imx_parallel_display_encoder {
struct imx_parallel_display {
struct device *dev;
- const struct drm_edid *drm_edid;
u32 bus_format;
u32 bus_flags;
struct drm_display_mode mode;
@@ -62,11 +60,6 @@ static int imx_pd_connector_get_modes(struct drm_connector *connector)
if (num_modes > 0)
return num_modes;
- if (imxpd->drm_edid) {
- drm_edid_connector_update(connector, imxpd->drm_edid);
- num_modes = drm_edid_connector_add_modes(connector);
- }
-
if (np) {
struct drm_display_mode *mode = drm_mode_create(connector->dev);
int ret;
@@ -312,9 +305,7 @@ static int imx_pd_probe(struct platform_device *pdev)
{
struct device *dev = &pdev->dev;
struct device_node *np = dev->of_node;
- const u8 *edidp;
struct imx_parallel_display *imxpd;
- int edid_len;
int ret;
u32 bus_format = 0;
const char *fmt;
@@ -329,10 +320,6 @@ static int imx_pd_probe(struct platform_device *pdev)
if (ret && ret != -ENODEV)
return ret;
- edidp = of_get_property(np, "edid", &edid_len);
- if (edidp)
- imxpd->drm_edid = drm_edid_alloc(edidp, edid_len);
-
ret = of_property_read_string(np, "interface-pix-fmt", &fmt);
if (!ret) {
if (!strcmp(fmt, "rgb24"))
@@ -355,11 +342,7 @@ static int imx_pd_probe(struct platform_device *pdev)
static void imx_pd_remove(struct platform_device *pdev)
{
- struct imx_parallel_display *imxpd = platform_get_drvdata(pdev);
-
component_del(&pdev->dev, &imx_pd_ops);
-
- drm_edid_free(imxpd->drm_edid);
}
static const struct of_device_id imx_pd_dt_ids[] = {
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 234/817] drm/imx: ldb: drop custom EDID support
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (232 preceding siblings ...)
2024-12-03 14:36 ` [PATCH 6.11 233/817] drm/imx: parallel-display: drop edid override support Greg Kroah-Hartman
@ 2024-12-03 14:36 ` Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 235/817] drm/imx: ldb: drop custom DDC bus support Greg Kroah-Hartman
` (592 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:36 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Philipp Zabel, Chris Healy,
Dmitry Baryshkov, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
[ Upstream commit aed7b500315004a917463d571fa9cd12e0e94370 ]
Bindings for the imx-ldb never allowed specifying the EDID in DT. None
of the existing DT files use it. Drop it now in favour of using debugfs
overrides or the drm.edid_firmware support.
Reviewed-by: Philipp Zabel <p.zabel@pengutronix.de>
Tested-by: Chris Healy <cphealy@gmail.com>
Tested-by: Philipp Zabel <p.zabel@pengutronix.de> # on imx6q-nitrogen6x
Link: https://patchwork.freedesktop.org/patch/msgid/20240602-drm-imx-cleanup-v3-5-e549e2a43100@linaro.org
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Stable-dep-of: f673055a4678 ("drm/imx: Add missing DRM_BRIDGE_CONNECTOR dependency")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/imx/ipuv3/imx-ldb.c | 29 +++++++++++------------------
1 file changed, 11 insertions(+), 18 deletions(-)
diff --git a/drivers/gpu/drm/imx/ipuv3/imx-ldb.c b/drivers/gpu/drm/imx/ipuv3/imx-ldb.c
index 793dfb1a3ed00..1924d8921c620 100644
--- a/drivers/gpu/drm/imx/ipuv3/imx-ldb.c
+++ b/drivers/gpu/drm/imx/ipuv3/imx-ldb.c
@@ -72,7 +72,6 @@ struct imx_ldb_channel {
struct device_node *child;
struct i2c_adapter *ddc;
int chno;
- const struct drm_edid *drm_edid;
struct drm_display_mode mode;
int mode_valid;
u32 bus_format;
@@ -142,14 +141,17 @@ static int imx_ldb_connector_get_modes(struct drm_connector *connector)
if (num_modes > 0)
return num_modes;
- if (!imx_ldb_ch->drm_edid && imx_ldb_ch->ddc) {
- imx_ldb_ch->drm_edid = drm_edid_read_ddc(connector,
- imx_ldb_ch->ddc);
- drm_edid_connector_update(connector, imx_ldb_ch->drm_edid);
- }
+ if (imx_ldb_ch->ddc) {
+ const struct drm_edid *edid = drm_edid_read_ddc(connector,
+ imx_ldb_ch->ddc);
- if (imx_ldb_ch->drm_edid)
- num_modes = drm_edid_connector_add_modes(connector);
+ if (edid) {
+ drm_edid_connector_update(connector, edid);
+ drm_edid_free(edid);
+
+ return drm_edid_connector_add_modes(connector);
+ }
+ }
if (imx_ldb_ch->mode_valid) {
struct drm_display_mode *mode;
@@ -566,18 +568,10 @@ static int imx_ldb_panel_ddc(struct device *dev,
}
if (!channel->ddc) {
- const void *edidp;
- int edid_len;
-
/* if no DDC available, fallback to hardcoded EDID */
dev_dbg(dev, "no ddc available\n");
- edidp = of_get_property(child, "edid", &edid_len);
- if (edidp) {
- channel->drm_edid = drm_edid_alloc(edidp, edid_len);
- if (!channel->drm_edid)
- return -ENOMEM;
- } else if (!channel->panel) {
+ if (!channel->panel) {
/* fallback to display-timings node */
ret = of_get_drm_display_mode(child,
&channel->mode,
@@ -744,7 +738,6 @@ static void imx_ldb_remove(struct platform_device *pdev)
for (i = 0; i < 2; i++) {
struct imx_ldb_channel *channel = &imx_ldb->channel[i];
- drm_edid_free(channel->drm_edid);
i2c_put_adapter(channel->ddc);
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 235/817] drm/imx: ldb: drop custom DDC bus support
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (233 preceding siblings ...)
2024-12-03 14:36 ` [PATCH 6.11 234/817] drm/imx: ldb: drop custom EDID support Greg Kroah-Hartman
@ 2024-12-03 14:36 ` Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 236/817] drm/imx: ldb: switch to drm_panel_bridge Greg Kroah-Hartman
` (591 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:36 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Philipp Zabel, Chris Healy,
Dmitry Baryshkov, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
[ Upstream commit b2f3418b516e3485a14f10bfc09f20211dedc156 ]
None of the boards ever supported by the upstream kernel used the custom
DDC bus support with the LDB connector. If a need arises to do so, one
should use panel-simple and its DDC bus code. Drop ddc-i2c-bus support
from the imx-ldb driver.
Reviewed-by: Philipp Zabel <p.zabel@pengutronix.de>
Tested-by: Chris Healy <cphealy@gmail.com>
Tested-by: Philipp Zabel <p.zabel@pengutronix.de> # on imx6q-nitrogen6x
Link: https://patchwork.freedesktop.org/patch/msgid/20240602-drm-imx-cleanup-v3-6-e549e2a43100@linaro.org
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Stable-dep-of: f673055a4678 ("drm/imx: Add missing DRM_BRIDGE_CONNECTOR dependency")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/imx/ipuv3/imx-ldb.c | 73 ++++-------------------------
1 file changed, 10 insertions(+), 63 deletions(-)
diff --git a/drivers/gpu/drm/imx/ipuv3/imx-ldb.c b/drivers/gpu/drm/imx/ipuv3/imx-ldb.c
index 1924d8921c620..3f669604377e7 100644
--- a/drivers/gpu/drm/imx/ipuv3/imx-ldb.c
+++ b/drivers/gpu/drm/imx/ipuv3/imx-ldb.c
@@ -25,7 +25,6 @@
#include <drm/drm_atomic.h>
#include <drm/drm_atomic_helper.h>
#include <drm/drm_bridge.h>
-#include <drm/drm_edid.h>
#include <drm/drm_managed.h>
#include <drm/drm_of.h>
#include <drm/drm_panel.h>
@@ -70,7 +69,6 @@ struct imx_ldb_channel {
struct drm_bridge *bridge;
struct device_node *child;
- struct i2c_adapter *ddc;
int chno;
struct drm_display_mode mode;
int mode_valid;
@@ -141,18 +139,6 @@ static int imx_ldb_connector_get_modes(struct drm_connector *connector)
if (num_modes > 0)
return num_modes;
- if (imx_ldb_ch->ddc) {
- const struct drm_edid *edid = drm_edid_read_ddc(connector,
- imx_ldb_ch->ddc);
-
- if (edid) {
- drm_edid_connector_update(connector, edid);
- drm_edid_free(edid);
-
- return drm_edid_connector_add_modes(connector);
- }
- }
-
if (imx_ldb_ch->mode_valid) {
struct drm_display_mode *mode;
@@ -481,10 +467,9 @@ static int imx_ldb_register(struct drm_device *drm,
*/
drm_connector_helper_add(connector,
&imx_ldb_connector_helper_funcs);
- drm_connector_init_with_ddc(drm, connector,
- &imx_ldb_connector_funcs,
- DRM_MODE_CONNECTOR_LVDS,
- imx_ldb_ch->ddc);
+ drm_connector_init(drm, connector,
+ &imx_ldb_connector_funcs,
+ DRM_MODE_CONNECTOR_LVDS);
drm_connector_attach_encoder(connector, encoder);
}
@@ -551,39 +536,6 @@ static const struct of_device_id imx_ldb_dt_ids[] = {
};
MODULE_DEVICE_TABLE(of, imx_ldb_dt_ids);
-static int imx_ldb_panel_ddc(struct device *dev,
- struct imx_ldb_channel *channel, struct device_node *child)
-{
- struct device_node *ddc_node;
- int ret;
-
- ddc_node = of_parse_phandle(child, "ddc-i2c-bus", 0);
- if (ddc_node) {
- channel->ddc = of_find_i2c_adapter_by_node(ddc_node);
- of_node_put(ddc_node);
- if (!channel->ddc) {
- dev_warn(dev, "failed to get ddc i2c adapter\n");
- return -EPROBE_DEFER;
- }
- }
-
- if (!channel->ddc) {
- /* if no DDC available, fallback to hardcoded EDID */
- dev_dbg(dev, "no ddc available\n");
-
- if (!channel->panel) {
- /* fallback to display-timings node */
- ret = of_get_drm_display_mode(child,
- &channel->mode,
- &channel->bus_flags,
- OF_USE_NATIVE_MODE);
- if (!ret)
- channel->mode_valid = 1;
- }
- }
- return 0;
-}
-
static int imx_ldb_bind(struct device *dev, struct device *master, void *data)
{
struct drm_device *drm = data;
@@ -694,11 +646,15 @@ static int imx_ldb_probe(struct platform_device *pdev)
if (ret && ret != -ENODEV)
goto free_child;
- /* panel ddc only if there is no bridge */
- if (!channel->bridge) {
- ret = imx_ldb_panel_ddc(dev, channel, child);
+ if (!channel->bridge && !channel->panel) {
+ ret = of_get_drm_display_mode(child,
+ &channel->mode,
+ &channel->bus_flags,
+ OF_USE_NATIVE_MODE);
if (ret)
goto free_child;
+
+ channel->mode_valid = 1;
}
bus_format = of_get_bus_format(dev, child);
@@ -732,15 +688,6 @@ static int imx_ldb_probe(struct platform_device *pdev)
static void imx_ldb_remove(struct platform_device *pdev)
{
- struct imx_ldb *imx_ldb = platform_get_drvdata(pdev);
- int i;
-
- for (i = 0; i < 2; i++) {
- struct imx_ldb_channel *channel = &imx_ldb->channel[i];
-
- i2c_put_adapter(channel->ddc);
- }
-
component_del(&pdev->dev, &imx_ldb_ops);
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 236/817] drm/imx: ldb: switch to drm_panel_bridge
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (234 preceding siblings ...)
2024-12-03 14:36 ` [PATCH 6.11 235/817] drm/imx: ldb: drop custom DDC bus support Greg Kroah-Hartman
@ 2024-12-03 14:36 ` Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 237/817] drm/imx: parallel-display: " Greg Kroah-Hartman
` (590 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:36 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Philipp Zabel, Chris Healy,
Dmitry Baryshkov, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
[ Upstream commit 5c5843b20bbb1e4b4de2359573c20e416b41cb48 ]
Defer panel handling to drm_panel_bridge, unifying codepaths for the
panel and bridge cases. The MFD_SYSCON symbol is moved to select to
prevent Kconfig symbol loops.
Reviewed-by: Philipp Zabel <p.zabel@pengutronix.de>
Tested-by: Chris Healy <cphealy@gmail.com>
Tested-by: Philipp Zabel <p.zabel@pengutronix.de> # on imx6q-nitrogen6x
Link: https://patchwork.freedesktop.org/patch/msgid/20240602-drm-imx-cleanup-v3-7-e549e2a43100@linaro.org
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Stable-dep-of: f673055a4678 ("drm/imx: Add missing DRM_BRIDGE_CONNECTOR dependency")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/imx/ipuv3/Kconfig | 6 ++--
drivers/gpu/drm/imx/ipuv3/imx-ldb.c | 44 +++++++++--------------------
2 files changed, 18 insertions(+), 32 deletions(-)
diff --git a/drivers/gpu/drm/imx/ipuv3/Kconfig b/drivers/gpu/drm/imx/ipuv3/Kconfig
index bacf0655ebaf3..6abcf9c833d44 100644
--- a/drivers/gpu/drm/imx/ipuv3/Kconfig
+++ b/drivers/gpu/drm/imx/ipuv3/Kconfig
@@ -26,9 +26,11 @@ config DRM_IMX_TVE
config DRM_IMX_LDB
tristate "Support for LVDS displays"
- depends on DRM_IMX && MFD_SYSCON
+ depends on DRM_IMX
depends on COMMON_CLK
- select DRM_PANEL
+ select MFD_SYSCON
+ select DRM_BRIDGE
+ select DRM_PANEL_BRIDGE
help
Choose this to enable the internal LVDS Display Bridge (LDB)
found on i.MX53 and i.MX6 processors.
diff --git a/drivers/gpu/drm/imx/ipuv3/imx-ldb.c b/drivers/gpu/drm/imx/ipuv3/imx-ldb.c
index 3f669604377e7..bc7ad96971308 100644
--- a/drivers/gpu/drm/imx/ipuv3/imx-ldb.c
+++ b/drivers/gpu/drm/imx/ipuv3/imx-ldb.c
@@ -27,7 +27,6 @@
#include <drm/drm_bridge.h>
#include <drm/drm_managed.h>
#include <drm/drm_of.h>
-#include <drm/drm_panel.h>
#include <drm/drm_print.h>
#include <drm/drm_probe_helper.h>
#include <drm/drm_simple_kms_helper.h>
@@ -64,8 +63,6 @@ struct imx_ldb;
struct imx_ldb_channel {
struct imx_ldb *ldb;
- /* Defines what is connected to the ldb, only one at a time */
- struct drm_panel *panel;
struct drm_bridge *bridge;
struct device_node *child;
@@ -135,10 +132,6 @@ static int imx_ldb_connector_get_modes(struct drm_connector *connector)
struct imx_ldb_channel *imx_ldb_ch = con_to_imx_ldb_ch(connector);
int num_modes;
- num_modes = drm_panel_get_modes(imx_ldb_ch->panel, connector);
- if (num_modes > 0)
- return num_modes;
-
if (imx_ldb_ch->mode_valid) {
struct drm_display_mode *mode;
@@ -193,8 +186,6 @@ static void imx_ldb_encoder_enable(struct drm_encoder *encoder)
return;
}
- drm_panel_prepare(imx_ldb_ch->panel);
-
if (dual) {
clk_set_parent(ldb->clk_sel[mux], ldb->clk[0]);
clk_set_parent(ldb->clk_sel[mux], ldb->clk[1]);
@@ -233,8 +224,6 @@ static void imx_ldb_encoder_enable(struct drm_encoder *encoder)
}
regmap_write(ldb->regmap, IOMUXC_GPR2, ldb->ldb_ctrl);
-
- drm_panel_enable(imx_ldb_ch->panel);
}
static void
@@ -311,8 +300,6 @@ static void imx_ldb_encoder_disable(struct drm_encoder *encoder)
int dual = ldb->ldb_ctrl & LDB_SPLIT_MODE_EN;
int mux, ret;
- drm_panel_disable(imx_ldb_ch->panel);
-
if (imx_ldb_ch == &ldb->channel[0] || dual)
ldb->ldb_ctrl &= ~LDB_CH0_MODE_EN_MASK;
if (imx_ldb_ch == &ldb->channel[1] || dual)
@@ -346,8 +333,6 @@ static void imx_ldb_encoder_disable(struct drm_encoder *encoder)
dev_err(ldb->dev,
"unable to set di%d parent clock to original parent\n",
mux);
-
- drm_panel_unprepare(imx_ldb_ch->panel);
}
static int imx_ldb_encoder_atomic_check(struct drm_encoder *encoder,
@@ -640,13 +625,15 @@ static int imx_ldb_probe(struct platform_device *pdev)
* The output port is port@4 with an external 4-port mux or
* port@2 with the internal 2-port mux.
*/
- ret = drm_of_find_panel_or_bridge(child,
- imx_ldb->lvds_mux ? 4 : 2, 0,
- &channel->panel, &channel->bridge);
- if (ret && ret != -ENODEV)
- goto free_child;
+ channel->bridge = devm_drm_of_get_bridge(dev, child,
+ imx_ldb->lvds_mux ? 4 : 2, 0);
+ if (IS_ERR(channel->bridge)) {
+ ret = PTR_ERR(channel->bridge);
+ if (ret != -ENODEV)
+ goto free_child;
+
+ channel->bridge = NULL;
- if (!channel->bridge && !channel->panel) {
ret = of_get_drm_display_mode(child,
&channel->mode,
&channel->bus_flags,
@@ -658,15 +645,12 @@ static int imx_ldb_probe(struct platform_device *pdev)
}
bus_format = of_get_bus_format(dev, child);
- if (bus_format == -EINVAL) {
- /*
- * If no bus format was specified in the device tree,
- * we can still get it from the connected panel later.
- */
- if (channel->panel && channel->panel->funcs &&
- channel->panel->funcs->get_modes)
- bus_format = 0;
- }
+ /*
+ * If no bus format was specified in the device tree,
+ * we can still get it from the connected panel later.
+ */
+ if (bus_format == -EINVAL && channel->bridge)
+ bus_format = 0;
if (bus_format < 0) {
dev_err(dev, "could not determine data mapping: %d\n",
bus_format);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 237/817] drm/imx: parallel-display: switch to drm_panel_bridge
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (235 preceding siblings ...)
2024-12-03 14:36 ` [PATCH 6.11 236/817] drm/imx: ldb: switch to drm_panel_bridge Greg Kroah-Hartman
@ 2024-12-03 14:36 ` Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 238/817] drm/imx: Add missing DRM_BRIDGE_CONNECTOR dependency Greg Kroah-Hartman
` (589 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:36 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Philipp Zabel, Chris Healy,
Dmitry Baryshkov, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
[ Upstream commit 5f6e56d3319d2fd20d4c81b4f0212f4d09d7c1f1 ]
Defer panel handling to drm_panel_bridge, unifying codepaths for the
panel and bridge cases.
Reviewed-by: Philipp Zabel <p.zabel@pengutronix.de>
Tested-by: Chris Healy <cphealy@gmail.com>
Tested-by: Philipp Zabel <p.zabel@pengutronix.de> # on imx6q-nitrogen6x
Link: https://patchwork.freedesktop.org/patch/msgid/20240602-drm-imx-cleanup-v3-8-e549e2a43100@linaro.org
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Stable-dep-of: f673055a4678 ("drm/imx: Add missing DRM_BRIDGE_CONNECTOR dependency")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/imx/ipuv3/Kconfig | 3 +-
drivers/gpu/drm/imx/ipuv3/parallel-display.c | 36 +++++---------------
2 files changed, 10 insertions(+), 29 deletions(-)
diff --git a/drivers/gpu/drm/imx/ipuv3/Kconfig b/drivers/gpu/drm/imx/ipuv3/Kconfig
index 6abcf9c833d44..f083d313d1d3a 100644
--- a/drivers/gpu/drm/imx/ipuv3/Kconfig
+++ b/drivers/gpu/drm/imx/ipuv3/Kconfig
@@ -11,8 +11,9 @@ config DRM_IMX
config DRM_IMX_PARALLEL_DISPLAY
tristate "Support for parallel displays"
- select DRM_PANEL
depends on DRM_IMX
+ select DRM_BRIDGE
+ select DRM_PANEL_BRIDGE
select VIDEOMODE_HELPERS
config DRM_IMX_TVE
diff --git a/drivers/gpu/drm/imx/ipuv3/parallel-display.c b/drivers/gpu/drm/imx/ipuv3/parallel-display.c
index 4d17fb96e77c5..9ac2a94fa62be 100644
--- a/drivers/gpu/drm/imx/ipuv3/parallel-display.c
+++ b/drivers/gpu/drm/imx/ipuv3/parallel-display.c
@@ -18,7 +18,6 @@
#include <drm/drm_bridge.h>
#include <drm/drm_managed.h>
#include <drm/drm_of.h>
-#include <drm/drm_panel.h>
#include <drm/drm_probe_helper.h>
#include <drm/drm_simple_kms_helper.h>
@@ -36,7 +35,6 @@ struct imx_parallel_display {
u32 bus_format;
u32 bus_flags;
struct drm_display_mode mode;
- struct drm_panel *panel;
struct drm_bridge *next_bridge;
};
@@ -56,10 +54,6 @@ static int imx_pd_connector_get_modes(struct drm_connector *connector)
struct device_node *np = imxpd->dev->of_node;
int num_modes;
- num_modes = drm_panel_get_modes(imxpd->panel, connector);
- if (num_modes > 0)
- return num_modes;
-
if (np) {
struct drm_display_mode *mode = drm_mode_create(connector->dev);
int ret;
@@ -84,22 +78,6 @@ static int imx_pd_connector_get_modes(struct drm_connector *connector)
return num_modes;
}
-static void imx_pd_bridge_enable(struct drm_bridge *bridge)
-{
- struct imx_parallel_display *imxpd = bridge_to_imxpd(bridge);
-
- drm_panel_prepare(imxpd->panel);
- drm_panel_enable(imxpd->panel);
-}
-
-static void imx_pd_bridge_disable(struct drm_bridge *bridge)
-{
- struct imx_parallel_display *imxpd = bridge_to_imxpd(bridge);
-
- drm_panel_disable(imxpd->panel);
- drm_panel_unprepare(imxpd->panel);
-}
-
static const u32 imx_pd_bus_fmts[] = {
MEDIA_BUS_FMT_RGB888_1X24,
MEDIA_BUS_FMT_BGR888_1X24,
@@ -237,8 +215,6 @@ static const struct drm_connector_helper_funcs imx_pd_connector_helper_funcs = {
};
static const struct drm_bridge_funcs imx_pd_bridge_funcs = {
- .enable = imx_pd_bridge_enable,
- .disable = imx_pd_bridge_disable,
.atomic_reset = drm_atomic_helper_bridge_reset,
.atomic_duplicate_state = drm_atomic_helper_bridge_duplicate_state,
.atomic_destroy_state = drm_atomic_helper_bridge_destroy_state,
@@ -315,10 +291,14 @@ static int imx_pd_probe(struct platform_device *pdev)
return -ENOMEM;
/* port@1 is the output port */
- ret = drm_of_find_panel_or_bridge(np, 1, 0, &imxpd->panel,
- &imxpd->next_bridge);
- if (ret && ret != -ENODEV)
- return ret;
+ imxpd->next_bridge = devm_drm_of_get_bridge(dev, np, 1, 0);
+ if (IS_ERR(imxpd->next_bridge)) {
+ ret = PTR_ERR(imxpd->next_bridge);
+ if (ret != -ENODEV)
+ return ret;
+
+ imxpd->next_bridge = NULL;
+ }
ret = of_property_read_string(np, "interface-pix-fmt", &fmt);
if (!ret) {
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 238/817] drm/imx: Add missing DRM_BRIDGE_CONNECTOR dependency
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (236 preceding siblings ...)
2024-12-03 14:36 ` [PATCH 6.11 237/817] drm/imx: parallel-display: " Greg Kroah-Hartman
@ 2024-12-03 14:36 ` Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 239/817] drm/panel: nt35510: Make new commands optional Greg Kroah-Hartman
` (588 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:36 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Alexander Stein, Dmitry Baryshkov,
Philipp Zabel, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alexander Stein <alexander.stein@ew.tq-group.com>
[ Upstream commit f673055a46784ccea04465b9213e999f7bc5187e ]
When drm/bridge-connector was moved to DRM_DISPLAY_HELPER not all
users were updated. Add missing Kconfig selections.
Fixes: 9da7ec9b19d8 ("drm/bridge-connector: move to DRM_DISPLAY_HELPER module")
Signed-off-by: Alexander Stein <alexander.stein@ew.tq-group.com>
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Acked-by: Philipp Zabel <p.zabel@pengutronix.de>
Link: https://patchwork.freedesktop.org/patch/msgid/20240906063857.2223442-1-alexander.stein@ew.tq-group.com
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/imx/ipuv3/Kconfig | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/gpu/drm/imx/ipuv3/Kconfig b/drivers/gpu/drm/imx/ipuv3/Kconfig
index f083d313d1d3a..7a427551f4341 100644
--- a/drivers/gpu/drm/imx/ipuv3/Kconfig
+++ b/drivers/gpu/drm/imx/ipuv3/Kconfig
@@ -13,6 +13,7 @@ config DRM_IMX_PARALLEL_DISPLAY
tristate "Support for parallel displays"
depends on DRM_IMX
select DRM_BRIDGE
+ select DRM_BRIDGE_CONNECTOR
select DRM_PANEL_BRIDGE
select VIDEOMODE_HELPERS
@@ -31,6 +32,7 @@ config DRM_IMX_LDB
depends on COMMON_CLK
select MFD_SYSCON
select DRM_BRIDGE
+ select DRM_BRIDGE_CONNECTOR
select DRM_PANEL_BRIDGE
help
Choose this to enable the internal LVDS Display Bridge (LDB)
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 239/817] drm/panel: nt35510: Make new commands optional
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (237 preceding siblings ...)
2024-12-03 14:36 ` [PATCH 6.11 238/817] drm/imx: Add missing DRM_BRIDGE_CONNECTOR dependency Greg Kroah-Hartman
@ 2024-12-03 14:36 ` Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 240/817] drm/v3d: Address race-condition in MMU flush Greg Kroah-Hartman
` (587 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:36 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Stefan Hansson, Jessica Zhang,
Linus Walleij, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Linus Walleij <linus.walleij@linaro.org>
[ Upstream commit 2418aa8516b26c5e332a1a8c216d4d620f965a56 ]
The commit introducing the Frida display started to write the
SETVCMOFF registers unconditionally, and some (not all!) Hydis
display seem to be affected by ghosting after the commit.
Make SETVCMOFF optional and only send these commands on the
Frida display for now.
Reported-by: Stefan Hansson <newbyte@postmarketos.org>
Fixes: 219a1f49094f ("drm/panel: nt35510: support FRIDA FRD400B25025-A-CTK")
Acked-by: Jessica Zhang <quic_jesszhan@quicinc.com>
Tested-by: Stefan Hansson <newbyte@postmarketos.org>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20240908-fix-nt35510-v2-1-d4834b9cdb9b@linaro.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/panel/panel-novatek-nt35510.c | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/drivers/gpu/drm/panel/panel-novatek-nt35510.c b/drivers/gpu/drm/panel/panel-novatek-nt35510.c
index d3bfdfc9cff64..f54e0fa429378 100644
--- a/drivers/gpu/drm/panel/panel-novatek-nt35510.c
+++ b/drivers/gpu/drm/panel/panel-novatek-nt35510.c
@@ -38,6 +38,7 @@
#define NT35510_CMD_CORRECT_GAMMA BIT(0)
#define NT35510_CMD_CONTROL_DISPLAY BIT(1)
+#define NT35510_CMD_SETVCMOFF BIT(2)
#define MCS_CMD_MAUCCTR 0xF0 /* Manufacturer command enable */
#define MCS_CMD_READ_ID1 0xDA
@@ -721,11 +722,13 @@ static int nt35510_setup_power(struct nt35510 *nt)
if (ret)
return ret;
- ret = nt35510_send_long(nt, dsi, NT35510_P1_SETVCMOFF,
- NT35510_P1_VCMOFF_LEN,
- nt->conf->vcmoff);
- if (ret)
- return ret;
+ if (nt->conf->cmds & NT35510_CMD_SETVCMOFF) {
+ ret = nt35510_send_long(nt, dsi, NT35510_P1_SETVCMOFF,
+ NT35510_P1_VCMOFF_LEN,
+ nt->conf->vcmoff);
+ if (ret)
+ return ret;
+ }
/* Typically 10 ms */
usleep_range(10000, 20000);
@@ -1319,7 +1322,7 @@ static const struct nt35510_config nt35510_frida_frd400b25025 = {
},
.mode_flags = MIPI_DSI_MODE_VIDEO | MIPI_DSI_MODE_VIDEO_BURST |
MIPI_DSI_MODE_LPM,
- .cmds = NT35510_CMD_CONTROL_DISPLAY,
+ .cmds = NT35510_CMD_CONTROL_DISPLAY | NT35510_CMD_SETVCMOFF,
/* 0x03: AVDD = 6.2V */
.avdd = { 0x03, 0x03, 0x03 },
/* 0x46: PCK = 2 x Hsync, BTP = 2.5 x VDDB */
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 240/817] drm/v3d: Address race-condition in MMU flush
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (238 preceding siblings ...)
2024-12-03 14:36 ` [PATCH 6.11 239/817] drm/panel: nt35510: Make new commands optional Greg Kroah-Hartman
@ 2024-12-03 14:36 ` Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 241/817] drm/v3d: Flush the MMU before we supply more memory to the binner Greg Kroah-Hartman
` (586 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:36 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Maíra Canal, Iago Toral Quiroga,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Maíra Canal <mcanal@igalia.com>
[ Upstream commit cf1becb7f996a0a23ea2c270cf6bb0911ec3ca1a ]
We must first flush the MMU cache and then, flush the TLB, not the other
way around. Currently, we can see a race condition between the MMU cache
and the TLB when running multiple rendering processes at the same time.
This is evidenced by MMU errors triggered by the IRQ.
Fix the MMU flush order by flushing the MMU cache and then the TLB.
Also, in order to address the race condition, wait for the MMU cache flush
to finish before starting the TLB flush.
Fixes: 57692c94dcbe ("drm/v3d: Introduce a new DRM driver for Broadcom V3D V3.x+")
Signed-off-by: Maíra Canal <mcanal@igalia.com>
Reviewed-by: Iago Toral Quiroga <itoral@igalia.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20240923141348.2422499-2-mcanal@igalia.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/v3d/v3d_mmu.c | 29 ++++++++++-------------------
1 file changed, 10 insertions(+), 19 deletions(-)
diff --git a/drivers/gpu/drm/v3d/v3d_mmu.c b/drivers/gpu/drm/v3d/v3d_mmu.c
index 14f3af40d6f6d..e36ec3343b06e 100644
--- a/drivers/gpu/drm/v3d/v3d_mmu.c
+++ b/drivers/gpu/drm/v3d/v3d_mmu.c
@@ -32,32 +32,23 @@ static int v3d_mmu_flush_all(struct v3d_dev *v3d)
{
int ret;
- /* Make sure that another flush isn't already running when we
- * start this one.
- */
- ret = wait_for(!(V3D_READ(V3D_MMU_CTL) &
- V3D_MMU_CTL_TLB_CLEARING), 100);
- if (ret)
- dev_err(v3d->drm.dev, "TLB clear wait idle pre-wait failed\n");
-
- V3D_WRITE(V3D_MMU_CTL, V3D_READ(V3D_MMU_CTL) |
- V3D_MMU_CTL_TLB_CLEAR);
-
- V3D_WRITE(V3D_MMUC_CONTROL,
- V3D_MMUC_CONTROL_FLUSH |
+ V3D_WRITE(V3D_MMUC_CONTROL, V3D_MMUC_CONTROL_FLUSH |
V3D_MMUC_CONTROL_ENABLE);
- ret = wait_for(!(V3D_READ(V3D_MMU_CTL) &
- V3D_MMU_CTL_TLB_CLEARING), 100);
+ ret = wait_for(!(V3D_READ(V3D_MMUC_CONTROL) &
+ V3D_MMUC_CONTROL_FLUSHING), 100);
if (ret) {
- dev_err(v3d->drm.dev, "TLB clear wait idle failed\n");
+ dev_err(v3d->drm.dev, "MMUC flush wait idle failed\n");
return ret;
}
- ret = wait_for(!(V3D_READ(V3D_MMUC_CONTROL) &
- V3D_MMUC_CONTROL_FLUSHING), 100);
+ V3D_WRITE(V3D_MMU_CTL, V3D_READ(V3D_MMU_CTL) |
+ V3D_MMU_CTL_TLB_CLEAR);
+
+ ret = wait_for(!(V3D_READ(V3D_MMU_CTL) &
+ V3D_MMU_CTL_TLB_CLEARING), 100);
if (ret)
- dev_err(v3d->drm.dev, "MMUC flush wait idle failed\n");
+ dev_err(v3d->drm.dev, "MMU TLB clear wait idle failed\n");
return ret;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 241/817] drm/v3d: Flush the MMU before we supply more memory to the binner
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (239 preceding siblings ...)
2024-12-03 14:36 ` [PATCH 6.11 240/817] drm/v3d: Address race-condition in MMU flush Greg Kroah-Hartman
@ 2024-12-03 14:36 ` Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 242/817] drm/amdgpu: Fix JPEG v4.0.3 register write Greg Kroah-Hartman
` (585 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:36 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Maíra Canal, Iago Toral Quiroga,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Maíra Canal <mcanal@igalia.com>
[ Upstream commit d2fb8811108b2c1285c56f4fba4fff8fe3525593 ]
We must ensure that the MMU is flushed before we supply more memory to
the binner, otherwise we might end up with invalid MMU accesses by the
GPU.
Fixes: 57692c94dcbe ("drm/v3d: Introduce a new DRM driver for Broadcom V3D V3.x+")
Signed-off-by: Maíra Canal <mcanal@igalia.com>
Reviewed-by: Iago Toral Quiroga <itoral@igalia.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20240923141348.2422499-3-mcanal@igalia.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/v3d/v3d_drv.h | 1 +
drivers/gpu/drm/v3d/v3d_irq.c | 2 ++
drivers/gpu/drm/v3d/v3d_mmu.c | 2 +-
3 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/v3d/v3d_drv.h b/drivers/gpu/drm/v3d/v3d_drv.h
index a0febdb6f2145..eae37dcaaaeb7 100644
--- a/drivers/gpu/drm/v3d/v3d_drv.h
+++ b/drivers/gpu/drm/v3d/v3d_drv.h
@@ -560,6 +560,7 @@ void v3d_irq_disable(struct v3d_dev *v3d);
void v3d_irq_reset(struct v3d_dev *v3d);
/* v3d_mmu.c */
+int v3d_mmu_flush_all(struct v3d_dev *v3d);
int v3d_mmu_set_page_table(struct v3d_dev *v3d);
void v3d_mmu_insert_ptes(struct v3d_bo *bo);
void v3d_mmu_remove_ptes(struct v3d_bo *bo);
diff --git a/drivers/gpu/drm/v3d/v3d_irq.c b/drivers/gpu/drm/v3d/v3d_irq.c
index d469bda52c1a5..20bf33702c3c4 100644
--- a/drivers/gpu/drm/v3d/v3d_irq.c
+++ b/drivers/gpu/drm/v3d/v3d_irq.c
@@ -70,6 +70,8 @@ v3d_overflow_mem_work(struct work_struct *work)
list_add_tail(&bo->unref_head, &v3d->bin_job->render->unref_list);
spin_unlock_irqrestore(&v3d->job_lock, irqflags);
+ v3d_mmu_flush_all(v3d);
+
V3D_CORE_WRITE(0, V3D_PTB_BPOA, bo->node.start << V3D_MMU_PAGE_SHIFT);
V3D_CORE_WRITE(0, V3D_PTB_BPOS, obj->size);
diff --git a/drivers/gpu/drm/v3d/v3d_mmu.c b/drivers/gpu/drm/v3d/v3d_mmu.c
index e36ec3343b06e..5bb7821c0243c 100644
--- a/drivers/gpu/drm/v3d/v3d_mmu.c
+++ b/drivers/gpu/drm/v3d/v3d_mmu.c
@@ -28,7 +28,7 @@
#define V3D_PTE_WRITEABLE BIT(29)
#define V3D_PTE_VALID BIT(28)
-static int v3d_mmu_flush_all(struct v3d_dev *v3d)
+int v3d_mmu_flush_all(struct v3d_dev *v3d)
{
int ret;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 242/817] drm/amdgpu: Fix JPEG v4.0.3 register write
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (240 preceding siblings ...)
2024-12-03 14:36 ` [PATCH 6.11 241/817] drm/v3d: Flush the MMU before we supply more memory to the binner Greg Kroah-Hartman
@ 2024-12-03 14:36 ` Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 243/817] wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss1 Greg Kroah-Hartman
` (584 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:36 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Lijo Lazar, Leo Liu, Alex Deucher,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Lijo Lazar <lijo.lazar@amd.com>
[ Upstream commit 8c50bf9beb889fd2bdcbf95b27a5d101eede51fc ]
EXTERNAL_REG_INTERNAL_OFFSET/EXTERNAL_REG_WRITE_ADDR should be used in
pairs. If an external register shouldn't be written, both packets
shouldn't be sent.
Fixes: a78b48146972 ("drm/amdgpu: Skip PCTL0_MMHUB_DEEPSLEEP_IB write in jpegv4.0.3 under SRIOV")
Signed-off-by: Lijo Lazar <lijo.lazar@amd.com>
Acked-by: Leo Liu <leo.liu@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_3.c | 18 ++++++++++--------
1 file changed, 10 insertions(+), 8 deletions(-)
diff --git a/drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_3.c b/drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_3.c
index b55041f38cec9..0dbc16ec25c82 100644
--- a/drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_3.c
+++ b/drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_3.c
@@ -668,11 +668,12 @@ void jpeg_v4_0_3_dec_ring_insert_start(struct amdgpu_ring *ring)
amdgpu_ring_write(ring, PACKETJ(regUVD_JRBC_EXTERNAL_REG_INTERNAL_OFFSET,
0, 0, PACKETJ_TYPE0));
amdgpu_ring_write(ring, 0x62a04); /* PCTL0_MMHUB_DEEPSLEEP_IB */
- }
- amdgpu_ring_write(ring, PACKETJ(JRBC_DEC_EXTERNAL_REG_WRITE_ADDR,
- 0, 0, PACKETJ_TYPE0));
- amdgpu_ring_write(ring, 0x80004000);
+ amdgpu_ring_write(ring,
+ PACKETJ(JRBC_DEC_EXTERNAL_REG_WRITE_ADDR, 0,
+ 0, PACKETJ_TYPE0));
+ amdgpu_ring_write(ring, 0x80004000);
+ }
}
/**
@@ -688,11 +689,12 @@ void jpeg_v4_0_3_dec_ring_insert_end(struct amdgpu_ring *ring)
amdgpu_ring_write(ring, PACKETJ(regUVD_JRBC_EXTERNAL_REG_INTERNAL_OFFSET,
0, 0, PACKETJ_TYPE0));
amdgpu_ring_write(ring, 0x62a04);
- }
- amdgpu_ring_write(ring, PACKETJ(JRBC_DEC_EXTERNAL_REG_WRITE_ADDR,
- 0, 0, PACKETJ_TYPE0));
- amdgpu_ring_write(ring, 0x00004000);
+ amdgpu_ring_write(ring,
+ PACKETJ(JRBC_DEC_EXTERNAL_REG_WRITE_ADDR, 0,
+ 0, PACKETJ_TYPE0));
+ amdgpu_ring_write(ring, 0x00004000);
+ }
}
/**
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 243/817] wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss1
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (241 preceding siblings ...)
2024-12-03 14:36 ` [PATCH 6.11 242/817] drm/amdgpu: Fix JPEG v4.0.3 register write Greg Kroah-Hartman
@ 2024-12-03 14:36 ` Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 244/817] wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss2 Greg Kroah-Hartman
` (583 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:36 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Paul Menzel, Baochen Qiang,
Jeff Johnson, Kalle Valo, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Baochen Qiang <quic_bqiang@quicinc.com>
[ Upstream commit d50886b27850447d90c0cd40c725238097909d1e ]
In supported_vht_mcs_rate_nss1, the rate for MCS9 & VHT20 is defined as
{780, 867}, this does not align with firmware's definition and therefore
fails the verification in ath10k_mac_get_rate_flags_vht():
invalid vht params rate 960 100kbps nss 1 mcs 9
Change it to {865, 960} to align with firmware, so this issue could be
fixed.
Since ath10k_hw_params::supports_peer_stats_info is enabled only for
QCA6174, this change does not affect other chips.
Tested-on: QCA6174 hw3.2 PCI WLAN.RM.4.4.1-00309-QCARMSWPZ-1
Fixes: 3344b99d69ab ("ath10k: add bitrate parse for peer stats info")
Reported-by: Paul Menzel <pmenzel@molgen.mpg.de>
Closes: https://lore.kernel.org/lkml/fba24cd3-4a1e-4072-8585-8402272788ff@molgen.mpg.de/
Signed-off-by: Baochen Qiang <quic_bqiang@quicinc.com>
Acked-by: Jeff Johnson <quic_jjohnson@quicinc.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://patch.msgid.link/20240711020344.98040-2-quic_bqiang@quicinc.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath10k/mac.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/ath/ath10k/mac.c b/drivers/net/wireless/ath/ath10k/mac.c
index a5da32e87106c..3c34f3d8e5554 100644
--- a/drivers/net/wireless/ath/ath10k/mac.c
+++ b/drivers/net/wireless/ath/ath10k/mac.c
@@ -9121,7 +9121,7 @@ static const struct ath10k_index_vht_data_rate_type supported_vht_mcs_rate_nss1[
{6, {2633, 2925}, {1215, 1350}, {585, 650} },
{7, {2925, 3250}, {1350, 1500}, {650, 722} },
{8, {3510, 3900}, {1620, 1800}, {780, 867} },
- {9, {3900, 4333}, {1800, 2000}, {780, 867} }
+ {9, {3900, 4333}, {1800, 2000}, {865, 960} }
};
/*MCS parameters with Nss = 2 */
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 244/817] wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss2
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (242 preceding siblings ...)
2024-12-03 14:36 ` [PATCH 6.11 243/817] wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss1 Greg Kroah-Hartman
@ 2024-12-03 14:36 ` Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 245/817] wifi: ath12k: Skip Rx TID cleanup for self peer Greg Kroah-Hartman
` (582 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:36 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Paul Menzel, Baochen Qiang,
Jeff Johnson, Kalle Valo, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Baochen Qiang <quic_bqiang@quicinc.com>
[ Upstream commit 52db16ec5bae7bd027804265b968259d1a6c3970 ]
In supported_vht_mcs_rate_nss2, the rate for MCS9 & VHT20 is defined as
{1560, 1733}, this does not align with firmware's definition and therefore
fails the verification in ath10k_mac_get_rate_flags_vht():
invalid vht params rate 1730 100kbps nss 2 mcs 9
and:
invalid vht params rate 1920 100kbps nss 2 mcs 9
Change it to {1730, 1920} to align with firmware to fix the issue.
Since ath10k_hw_params::supports_peer_stats_info is enabled only for
QCA6174, this change does not affect other chips.
Tested-on: QCA6174 hw3.2 PCI WLAN.RM.4.4.1-00309-QCARMSWPZ-1
Fixes: 3344b99d69ab ("ath10k: add bitrate parse for peer stats info")
Reported-by: Paul Menzel <pmenzel@molgen.mpg.de>
Closes: https://lore.kernel.org/lkml/fba24cd3-4a1e-4072-8585-8402272788ff@molgen.mpg.de/
Signed-off-by: Baochen Qiang <quic_bqiang@quicinc.com>
Acked-by: Jeff Johnson <quic_jjohnson@quicinc.com>
Tested-by: Paul Menzel <pmenzel@molgen.mpg.de> # Dell XPS 13 9360
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://patch.msgid.link/20240711020344.98040-3-quic_bqiang@quicinc.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath10k/mac.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/ath/ath10k/mac.c b/drivers/net/wireless/ath/ath10k/mac.c
index 3c34f3d8e5554..e62b251405fc0 100644
--- a/drivers/net/wireless/ath/ath10k/mac.c
+++ b/drivers/net/wireless/ath/ath10k/mac.c
@@ -9136,7 +9136,7 @@ static const struct ath10k_index_vht_data_rate_type supported_vht_mcs_rate_nss2[
{6, {5265, 5850}, {2430, 2700}, {1170, 1300} },
{7, {5850, 6500}, {2700, 3000}, {1300, 1444} },
{8, {7020, 7800}, {3240, 3600}, {1560, 1733} },
- {9, {7800, 8667}, {3600, 4000}, {1560, 1733} }
+ {9, {7800, 8667}, {3600, 4000}, {1730, 1920} }
};
static void ath10k_mac_get_rate_flags_ht(struct ath10k *ar, u32 rate, u8 nss, u8 mcs,
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 245/817] wifi: ath12k: Skip Rx TID cleanup for self peer
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (243 preceding siblings ...)
2024-12-03 14:36 ` [PATCH 6.11 244/817] wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss2 Greg Kroah-Hartman
@ 2024-12-03 14:36 ` Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 246/817] dt-bindings: vendor-prefixes: Add NeoFidelity, Inc Greg Kroah-Hartman
` (581 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:36 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ramya Gnanasekar, Jeff Johnson,
Kalle Valo, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ramya Gnanasekar <quic_rgnanase@quicinc.com>
[ Upstream commit 1a0c640ce1cdcde3eb131a0c1e70ca1ed7cf27cb ]
During peer create, dp setup for the peer is done where Rx TID is
updated for all the TIDs. Peer object for self peer will not go through
dp setup.
When core halts, dp cleanup is done for all the peers. While cleanup,
rx_tid::ab is accessed which causes below stack trace for self peer.
WARNING: CPU: 6 PID: 12297 at drivers/net/wireless/ath/ath12k/dp_rx.c:851
Call Trace:
__warn+0x7b/0x1a0
ath12k_dp_rx_frags_cleanup+0xd2/0xe0 [ath12k]
report_bug+0x10b/0x200
handle_bug+0x3f/0x70
exc_invalid_op+0x13/0x60
asm_exc_invalid_op+0x16/0x20
ath12k_dp_rx_frags_cleanup+0xd2/0xe0 [ath12k]
ath12k_dp_rx_frags_cleanup+0xca/0xe0 [ath12k]
ath12k_dp_rx_peer_tid_cleanup+0x39/0xa0 [ath12k]
ath12k_mac_peer_cleanup_all+0x61/0x100 [ath12k]
ath12k_core_halt+0x3b/0x100 [ath12k]
ath12k_core_reset+0x494/0x4c0 [ath12k]
sta object in peer will be updated when remote peer is created. Hence
use peer::sta to detect the self peer and skip the cleanup.
Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1
Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3
Fixes: d889913205cf ("wifi: ath12k: driver for Qualcomm Wi-Fi 7 devices")
Signed-off-by: Ramya Gnanasekar <quic_rgnanase@quicinc.com>
Acked-by: Jeff Johnson <quic_jjohnson@quicinc.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://patch.msgid.link/20240905042851.2282306-1-quic_rgnanase@quicinc.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath12k/mac.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/net/wireless/ath/ath12k/mac.c b/drivers/net/wireless/ath/ath12k/mac.c
index a3248d9775329..3608ede55b1eb 100644
--- a/drivers/net/wireless/ath/ath12k/mac.c
+++ b/drivers/net/wireless/ath/ath12k/mac.c
@@ -917,7 +917,10 @@ void ath12k_mac_peer_cleanup_all(struct ath12k *ar)
spin_lock_bh(&ab->base_lock);
list_for_each_entry_safe(peer, tmp, &ab->peers, list) {
- ath12k_dp_rx_peer_tid_cleanup(ar, peer);
+ /* Skip Rx TID cleanup for self peer */
+ if (peer->sta)
+ ath12k_dp_rx_peer_tid_cleanup(ar, peer);
+
list_del(&peer->list);
kfree(peer);
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 246/817] dt-bindings: vendor-prefixes: Add NeoFidelity, Inc
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (244 preceding siblings ...)
2024-12-03 14:36 ` [PATCH 6.11 245/817] wifi: ath12k: Skip Rx TID cleanup for self peer Greg Kroah-Hartman
@ 2024-12-03 14:36 ` Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 247/817] ASoC: fsl_micfil: fix regmap_write_bits usage Greg Kroah-Hartman
` (580 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:36 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Igor Prusov, Krzysztof Kozlowski,
Mark Brown, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Igor Prusov <ivprusov@salutedevices.com>
[ Upstream commit 5d9e6d6fc1b98c8c22d110ee931b3b233d43cd13 ]
Add vendor prefix for NeoFidelity, Inc
Signed-off-by: Igor Prusov <ivprusov@salutedevices.com>
Acked-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Link: https://patch.msgid.link/20240925-ntp-amps-8918-8835-v3-1-e2459a8191a6@salutedevices.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
Documentation/devicetree/bindings/vendor-prefixes.yaml | 2 ++
1 file changed, 2 insertions(+)
diff --git a/Documentation/devicetree/bindings/vendor-prefixes.yaml b/Documentation/devicetree/bindings/vendor-prefixes.yaml
index a70ce43b3dc03..b18f6ee6d6de4 100644
--- a/Documentation/devicetree/bindings/vendor-prefixes.yaml
+++ b/Documentation/devicetree/bindings/vendor-prefixes.yaml
@@ -1009,6 +1009,8 @@ patternProperties:
description: Shanghai Neardi Technology Co., Ltd.
"^nec,.*":
description: NEC LCD Technologies, Ltd.
+ "^neofidelity,.*":
+ description: Neofidelity Inc.
"^neonode,.*":
description: Neonode Inc.
"^netgear,.*":
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 247/817] ASoC: fsl_micfil: fix regmap_write_bits usage
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (245 preceding siblings ...)
2024-12-03 14:36 ` [PATCH 6.11 246/817] dt-bindings: vendor-prefixes: Add NeoFidelity, Inc Greg Kroah-Hartman
@ 2024-12-03 14:36 ` Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 248/817] ASoC: dt-bindings: mt6359: Update generic node name and dmic-mode Greg Kroah-Hartman
` (579 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:36 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Shengjiu Wang, Daniel Baluta,
Mark Brown, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Shengjiu Wang <shengjiu.wang@nxp.com>
[ Upstream commit 06df673d20230afb0e383e39235a4fa8b9a62464 ]
The last parameter 1 means BIT(0), which should be the
correct BIT(X).
Fixes: 47a70e6fc9a8 ("ASoC: Add MICFIL SoC Digital Audio Interface driver.")
Signed-off-by: Shengjiu Wang <shengjiu.wang@nxp.com>
Reviewed-by: Daniel Baluta <daniel.baluta@nxp.com>
Link: https://patch.msgid.link/1727424031-19551-2-git-send-email-shengjiu.wang@nxp.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/fsl/fsl_micfil.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/sound/soc/fsl/fsl_micfil.c b/sound/soc/fsl/fsl_micfil.c
index 1ecfa1184adac..8cda36e0ae4d4 100644
--- a/sound/soc/fsl/fsl_micfil.c
+++ b/sound/soc/fsl/fsl_micfil.c
@@ -1061,7 +1061,7 @@ static irqreturn_t micfil_isr(int irq, void *devid)
regmap_write_bits(micfil->regmap,
REG_MICFIL_STAT,
MICFIL_STAT_CHXF(i),
- 1);
+ MICFIL_STAT_CHXF(i));
}
for (i = 0; i < MICFIL_FIFO_NUM; i++) {
@@ -1096,7 +1096,7 @@ static irqreturn_t micfil_err_isr(int irq, void *devid)
if (stat_reg & MICFIL_STAT_LOWFREQF) {
dev_dbg(&pdev->dev, "isr: ipg_clk_app is too low\n");
regmap_write_bits(micfil->regmap, REG_MICFIL_STAT,
- MICFIL_STAT_LOWFREQF, 1);
+ MICFIL_STAT_LOWFREQF, MICFIL_STAT_LOWFREQF);
}
return IRQ_HANDLED;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 248/817] ASoC: dt-bindings: mt6359: Update generic node name and dmic-mode
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (246 preceding siblings ...)
2024-12-03 14:36 ` [PATCH 6.11 247/817] ASoC: fsl_micfil: fix regmap_write_bits usage Greg Kroah-Hartman
@ 2024-12-03 14:37 ` Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 249/817] ASoC: fsl-asoc-card: Add missing handling of {hp,mic}-dt-gpios Greg Kroah-Hartman
` (578 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jiaxin Yu, Macpaul Lin,
AngeloGioacchino Del Regno, Mark Brown, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Macpaul Lin <macpaul.lin@mediatek.com>
[ Upstream commit 4649cbd97fdae5069e9a71cd7669b62b90e03669 ]
Some fix and updates in the following items:
1. examples:
Update generic node name to 'audio-codec' to comply with the
coming change in 'mt6359.dtsi'. This change is necessary to fix the
dtbs_check error:
pmic: 'mt6359codec' does not match any of the regexes: 'pinctrl-[0-9]+'
2. mediatek,dmic-mode:
After inspecting the .dts and .dtsi files using 'mt6359-codec', it was
discovered that the definitions of 'two wires' and 'one wire' are
inverted compared to the DT schema.
For example, the following boards using MT6359 PMIC:
- mt8192-asurada.dtsi
- mt8195-cherry.dtsi
These boards use the same definitions of 'dmic-mode' as other boards
using MT6358 PMIC. The meaning of '0' or '1' has been noted as comments
in the device trees.
Upon examining the code in [1] and [2], it was confirmed that the
definitions of 'dmic-mode' are consistent between "MT6359 PMIC" and
"MT6358 PMIC". Therefore, the DT Schema should be correct as is.
References:
[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/sound/soc/codecs/mt6358.c#n1875
[2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/sound/soc/codecs/mt6359.c#L1515
Fixes: 539237d1c609 ("dt-bindings: mediatek: mt6359: add codec document")
Signed-off-by: Jiaxin Yu <jiaxin.yu@mediatek.com>
Signed-off-by: Macpaul Lin <macpaul.lin@mediatek.com>
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Link: https://patch.msgid.link/20240930075451.14196-1-macpaul.lin@mediatek.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
Documentation/devicetree/bindings/sound/mt6359.yaml | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/Documentation/devicetree/bindings/sound/mt6359.yaml b/Documentation/devicetree/bindings/sound/mt6359.yaml
index 23d411fc4200e..128698630c865 100644
--- a/Documentation/devicetree/bindings/sound/mt6359.yaml
+++ b/Documentation/devicetree/bindings/sound/mt6359.yaml
@@ -23,8 +23,8 @@ properties:
Indicates how many data pins are used to transmit two channels of PDM
signal. 0 means two wires, 1 means one wire. Default value is 0.
enum:
- - 0 # one wire
- - 1 # two wires
+ - 0 # two wires
+ - 1 # one wire
mediatek,mic-type-0:
$ref: /schemas/types.yaml#/definitions/uint32
@@ -53,9 +53,9 @@ additionalProperties: false
examples:
- |
- mt6359codec: mt6359codec {
- mediatek,dmic-mode = <0>;
- mediatek,mic-type-0 = <2>;
+ mt6359codec: audio-codec {
+ mediatek,dmic-mode = <0>;
+ mediatek,mic-type-0 = <2>;
};
...
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 249/817] ASoC: fsl-asoc-card: Add missing handling of {hp,mic}-dt-gpios
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (247 preceding siblings ...)
2024-12-03 14:37 ` [PATCH 6.11 248/817] ASoC: dt-bindings: mt6359: Update generic node name and dmic-mode Greg Kroah-Hartman
@ 2024-12-03 14:37 ` Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 250/817] drm/bridge: anx7625: Drop EDID cache on bridge power off Greg Kroah-Hartman
` (577 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Geert Uytterhoeven,
Krzysztof Kozlowski, Mark Brown, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Geert Uytterhoeven <geert+renesas@glider.be>
[ Upstream commit cfd1054c65eefec30972416a83eb62920bc1ff8d ]
The DT bindings deprecated the "hp-det-gpio" and "mic-det-gpio"
properties in favor of "hp-det-gpios" and "mic-det-gpios", but the
driver was never updated to support the latter.
Even before, there existed users of "hp-det-gpios" and "mic-det-gpios".
While this may have been handled fine by the ASoC core, this was missed
by the Freescale-specific part.
Fixes: 4189b54220e5af15 ("ASoC: dt-bindings: fsl-asoc-card: convert to YAML")
Fixes: 40ba2eda0a7b727f ("arm64: dts: imx8mm-nitrogen-r2: add audio")
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Reviewed-by: Krzysztof Kozlowski <krzk@kernel.org>
Link: https://patch.msgid.link/dbcb5bfea005a468ec6dc38374fe6d02bc693c22.1727438777.git.geert+renesas@glider.be
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/fsl/fsl-asoc-card.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/sound/soc/fsl/fsl-asoc-card.c b/sound/soc/fsl/fsl-asoc-card.c
index f6c3aeff0d8ea..a0c2ce84c32b1 100644
--- a/sound/soc/fsl/fsl-asoc-card.c
+++ b/sound/soc/fsl/fsl-asoc-card.c
@@ -1033,14 +1033,15 @@ static int fsl_asoc_card_probe(struct platform_device *pdev)
}
/*
- * Properties "hp-det-gpio" and "mic-det-gpio" are optional, and
+ * Properties "hp-det-gpios" and "mic-det-gpios" are optional, and
* simple_util_init_jack() uses these properties for creating
* Headphone Jack and Microphone Jack.
*
* The notifier is initialized in snd_soc_card_jack_new(), then
* snd_soc_jack_notifier_register can be called.
*/
- if (of_property_read_bool(np, "hp-det-gpio")) {
+ if (of_property_read_bool(np, "hp-det-gpios") ||
+ of_property_read_bool(np, "hp-det-gpio") /* deprecated */) {
ret = simple_util_init_jack(&priv->card, &priv->hp_jack,
1, NULL, "Headphone Jack");
if (ret)
@@ -1049,7 +1050,8 @@ static int fsl_asoc_card_probe(struct platform_device *pdev)
snd_soc_jack_notifier_register(&priv->hp_jack.jack, &hp_jack_nb);
}
- if (of_property_read_bool(np, "mic-det-gpio")) {
+ if (of_property_read_bool(np, "mic-det-gpios") ||
+ of_property_read_bool(np, "mic-det-gpio") /* deprecated */) {
ret = simple_util_init_jack(&priv->card, &priv->mic_jack,
0, NULL, "Mic Jack");
if (ret)
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 250/817] drm/bridge: anx7625: Drop EDID cache on bridge power off
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (248 preceding siblings ...)
2024-12-03 14:37 ` [PATCH 6.11 249/817] ASoC: fsl-asoc-card: Add missing handling of {hp,mic}-dt-gpios Greg Kroah-Hartman
@ 2024-12-03 14:37 ` Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 251/817] drm/bridge: it6505: " Greg Kroah-Hartman
` (576 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Pin-yen Lin, Dmitry Baryshkov,
Douglas Anderson, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Pin-yen Lin <treapking@chromium.org>
[ Upstream commit 00ae002116a14c2e6a342c4c9ae080cdbb9b4b21 ]
The bridge might miss the display change events when it's powered off.
This happens when a user changes the external monitor when the system
is suspended and the embedded controller doesn't not wake AP up.
It's also observed that one DP-to-HDMI bridge doesn't work correctly
when there is no EDID read after it is powered on.
Drop the cache to force an EDID read after system resume to fix this.
Fixes: 8bdfc5dae4e3 ("drm/bridge: anx7625: Add anx7625 MIPI DSI/DPI to DP")
Signed-off-by: Pin-yen Lin <treapking@chromium.org>
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Reviewed-by: Douglas Anderson <dianders@chromium.org>
Signed-off-by: Douglas Anderson <dianders@chromium.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20240926092931.3870342-2-treapking@chromium.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/bridge/analogix/anx7625.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/gpu/drm/bridge/analogix/anx7625.c b/drivers/gpu/drm/bridge/analogix/anx7625.c
index 88e4aa5830f3c..5c6bd7be25c0e 100644
--- a/drivers/gpu/drm/bridge/analogix/anx7625.c
+++ b/drivers/gpu/drm/bridge/analogix/anx7625.c
@@ -2561,6 +2561,8 @@ static int __maybe_unused anx7625_runtime_pm_suspend(struct device *dev)
mutex_lock(&ctx->lock);
anx7625_stop_dp_work(ctx);
+ if (!ctx->pdata.panel_bridge)
+ anx7625_remove_edid(ctx);
anx7625_power_standby(ctx);
mutex_unlock(&ctx->lock);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 251/817] drm/bridge: it6505: Drop EDID cache on bridge power off
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (249 preceding siblings ...)
2024-12-03 14:37 ` [PATCH 6.11 250/817] drm/bridge: anx7625: Drop EDID cache on bridge power off Greg Kroah-Hartman
@ 2024-12-03 14:37 ` Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 252/817] libbpf: Fix expected_attach_type set handling in program load callback Greg Kroah-Hartman
` (575 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Pin-yen Lin, Dmitry Baryshkov,
Douglas Anderson, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Pin-yen Lin <treapking@chromium.org>
[ Upstream commit 574c558ddb68591c9a4b7a95e45e935ab22c0fc6 ]
The bridge might miss the display change events when it's powered off.
This happens when a user changes the external monitor when the system
is suspended and the embedded controller doesn't not wake AP up.
It's also observed that one DP-to-HDMI bridge doesn't work correctly
when there is no EDID read after it is powered on.
Drop the cache to force an EDID read after system resume to fix this.
Fixes: 11feaef69d0c ("drm/bridge: it6505: Add caching for EDID")
Signed-off-by: Pin-yen Lin <treapking@chromium.org>
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Reviewed-by: Douglas Anderson <dianders@chromium.org>
Signed-off-by: Douglas Anderson <dianders@chromium.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20240926092931.3870342-3-treapking@chromium.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/bridge/ite-it6505.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/gpu/drm/bridge/ite-it6505.c b/drivers/gpu/drm/bridge/ite-it6505.c
index 1e1c06fdf2064..bb449efac2f4e 100644
--- a/drivers/gpu/drm/bridge/ite-it6505.c
+++ b/drivers/gpu/drm/bridge/ite-it6505.c
@@ -3101,6 +3101,8 @@ static __maybe_unused int it6505_bridge_suspend(struct device *dev)
{
struct it6505 *it6505 = dev_get_drvdata(dev);
+ it6505_remove_edid(it6505);
+
return it6505_poweroff(it6505);
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 252/817] libbpf: Fix expected_attach_type set handling in program load callback
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (250 preceding siblings ...)
2024-12-03 14:37 ` [PATCH 6.11 251/817] drm/bridge: it6505: " Greg Kroah-Hartman
@ 2024-12-03 14:37 ` Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 253/817] libbpf: Fix output .symtab byte-order during linking Greg Kroah-Hartman
` (574 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jiri Olsa, Tao Chen, Andrii Nakryiko,
Alexei Starovoitov, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tao Chen <chen.dylane@gmail.com>
[ Upstream commit a400d08b3014a4f4e939366bb6fd769b9caff4c9 ]
Referenced commit broke the logic of resetting expected_attach_type to
zero for allowed program types if kernel doesn't yet support such field.
We do need to overwrite and preserve expected_attach_type for
multi-uprobe though, but that can be done explicitly in
libbpf_prepare_prog_load().
Fixes: 5902da6d8a52 ("libbpf: Add uprobe multi link support to bpf_program__attach_usdt")
Suggested-by: Jiri Olsa <jolsa@kernel.org>
Signed-off-by: Tao Chen <chen.dylane@gmail.com>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/bpf/20240925153012.212866-1-chen.dylane@gmail.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/lib/bpf/libbpf.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c
index d3a542649e6ba..22b8317b57036 100644
--- a/tools/lib/bpf/libbpf.c
+++ b/tools/lib/bpf/libbpf.c
@@ -7352,8 +7352,14 @@ static int libbpf_prepare_prog_load(struct bpf_program *prog,
opts->prog_flags |= BPF_F_XDP_HAS_FRAGS;
/* special check for usdt to use uprobe_multi link */
- if ((def & SEC_USDT) && kernel_supports(prog->obj, FEAT_UPROBE_MULTI_LINK))
+ if ((def & SEC_USDT) && kernel_supports(prog->obj, FEAT_UPROBE_MULTI_LINK)) {
+ /* for BPF_TRACE_UPROBE_MULTI, user might want to query expected_attach_type
+ * in prog, and expected_attach_type we set in kernel is from opts, so we
+ * update both.
+ */
prog->expected_attach_type = BPF_TRACE_UPROBE_MULTI;
+ opts->expected_attach_type = BPF_TRACE_UPROBE_MULTI;
+ }
if ((def & SEC_ATTACH_BTF) && !prog->attach_btf_id) {
int btf_obj_fd = 0, btf_type_id = 0, err;
@@ -7443,6 +7449,7 @@ static int bpf_object_load_prog(struct bpf_object *obj, struct bpf_program *prog
load_attr.attach_btf_id = prog->attach_btf_id;
load_attr.kern_version = kern_version;
load_attr.prog_ifindex = prog->prog_ifindex;
+ load_attr.expected_attach_type = prog->expected_attach_type;
/* specify func_info/line_info only if kernel supports them */
if (obj->btf && btf__fd(obj->btf) >= 0 && kernel_supports(obj, FEAT_BTF_FUNC)) {
@@ -7474,9 +7481,6 @@ static int bpf_object_load_prog(struct bpf_object *obj, struct bpf_program *prog
insns_cnt = prog->insns_cnt;
}
- /* allow prog_prepare_load_fn to change expected_attach_type */
- load_attr.expected_attach_type = prog->expected_attach_type;
-
if (obj->gen_loader) {
bpf_gen__prog_load(obj->gen_loader, prog->type, prog->name,
license, insns, insns_cnt, &load_attr,
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 253/817] libbpf: Fix output .symtab byte-order during linking
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (251 preceding siblings ...)
2024-12-03 14:37 ` [PATCH 6.11 252/817] libbpf: Fix expected_attach_type set handling in program load callback Greg Kroah-Hartman
@ 2024-12-03 14:37 ` Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 254/817] dlm: fix swapped args sb_flags vs sb_status Greg Kroah-Hartman
` (573 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Tony Ambardar, Andrii Nakryiko,
Alexei Starovoitov, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tony Ambardar <tony.ambardar@gmail.com>
[ Upstream commit f896b4a5399e97af0b451fcf04754ed316935674 ]
Object linking output data uses the default ELF_T_BYTE type for '.symtab'
section data, which disables any libelf-based translation. Explicitly set
the ELF_T_SYM type for output to restore libelf's byte-order conversion,
noting that input '.symtab' data is already correctly translated.
Fixes: faf6ed321cf6 ("libbpf: Add BPF static linker APIs")
Signed-off-by: Tony Ambardar <tony.ambardar@gmail.com>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/bpf/87868bfeccf3f51aec61260073f8778e9077050a.1726475448.git.tony.ambardar@gmail.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/lib/bpf/linker.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/tools/lib/bpf/linker.c b/tools/lib/bpf/linker.c
index 9cd3d4109788c..7489306cd6f7f 100644
--- a/tools/lib/bpf/linker.c
+++ b/tools/lib/bpf/linker.c
@@ -396,6 +396,8 @@ static int init_output_elf(struct bpf_linker *linker, const char *file)
pr_warn_elf("failed to create SYMTAB data");
return -EINVAL;
}
+ /* Ensure libelf translates byte-order of symbol records */
+ sec->data->d_type = ELF_T_SYM;
str_off = strset__add_str(linker->strtab_strs, sec->sec_name);
if (str_off < 0)
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 254/817] dlm: fix swapped args sb_flags vs sb_status
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (252 preceding siblings ...)
2024-12-03 14:37 ` [PATCH 6.11 253/817] libbpf: Fix output .symtab byte-order during linking Greg Kroah-Hartman
@ 2024-12-03 14:37 ` Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 255/817] wifi: rtl8xxxu: Perform update_beacon_work when beaconing is enabled Greg Kroah-Hartman
` (572 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Alexander Aring, David Teigland,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alexander Aring <aahringo@redhat.com>
[ Upstream commit 6d59f2fbfb18965f76ebcff40ab38da717cde798 ]
The arguments got swapped by commit 986ae3c2a8df ("dlm: fix race between
final callback and remove") fixing this now.
Fixes: 986ae3c2a8df ("dlm: fix race between final callback and remove")
Signed-off-by: Alexander Aring <aahringo@redhat.com>
Signed-off-by: David Teigland <teigland@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/dlm/ast.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/dlm/ast.c b/fs/dlm/ast.c
index 742b30b61c196..0fe8d80ce5e8d 100644
--- a/fs/dlm/ast.c
+++ b/fs/dlm/ast.c
@@ -30,7 +30,7 @@ static void dlm_run_callback(uint32_t ls_id, uint32_t lkb_id, int8_t mode,
trace_dlm_bast(ls_id, lkb_id, mode, res_name, res_length);
bastfn(astparam, mode);
} else if (flags & DLM_CB_CAST) {
- trace_dlm_ast(ls_id, lkb_id, sb_status, sb_flags, res_name,
+ trace_dlm_ast(ls_id, lkb_id, sb_flags, sb_status, res_name,
res_length);
lksb->sb_status = sb_status;
lksb->sb_flags = sb_flags;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 255/817] wifi: rtl8xxxu: Perform update_beacon_work when beaconing is enabled
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (253 preceding siblings ...)
2024-12-03 14:37 ` [PATCH 6.11 254/817] dlm: fix swapped args sb_flags vs sb_status Greg Kroah-Hartman
@ 2024-12-03 14:37 ` Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 256/817] drm/amd/display: fix a memleak issue when driver is removed Greg Kroah-Hartman
` (571 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Martin Kaistra, Ping-Ke Shih,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Martin Kaistra <martin.kaistra@linutronix.de>
[ Upstream commit d7063ed6758c62e00a2f56467ded85a021fac67a ]
In STA+AP concurrent mode, performing a scan operation on one vif
temporarily stops beacons on the other. When the scan is completed,
beacons are enabled again with BSS_CHANGED_BEACON_ENABLED.
We can observe that no beacons are being sent when just
rtl8xxxu_start_tx_beacon() is being called.
Thus, also perform update_beacon_work in order to restore beaconing.
Fixes: cde8848cad0b ("wifi: rtl8xxxu: Add beacon functions")
Signed-off-by: Martin Kaistra <martin.kaistra@linutronix.de>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Link: https://patch.msgid.link/20240930084955.455241-1-martin.kaistra@linutronix.de
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/realtek/rtl8xxxu/core.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireless/realtek/rtl8xxxu/core.c b/drivers/net/wireless/realtek/rtl8xxxu/core.c
index 043fa364e7014..a7e74ece2b4d1 100644
--- a/drivers/net/wireless/realtek/rtl8xxxu/core.c
+++ b/drivers/net/wireless/realtek/rtl8xxxu/core.c
@@ -5058,10 +5058,12 @@ rtl8xxxu_bss_info_changed(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
}
if (changed & BSS_CHANGED_BEACON_ENABLED) {
- if (bss_conf->enable_beacon)
+ if (bss_conf->enable_beacon) {
rtl8xxxu_start_tx_beacon(priv);
- else
+ schedule_delayed_work(&priv->update_beacon_work, 0);
+ } else {
rtl8xxxu_stop_tx_beacon(priv);
+ }
}
if (changed & BSS_CHANGED_BEACON)
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 256/817] drm/amd/display: fix a memleak issue when driver is removed
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (254 preceding siblings ...)
2024-12-03 14:37 ` [PATCH 6.11 255/817] wifi: rtl8xxxu: Perform update_beacon_work when beaconing is enabled Greg Kroah-Hartman
@ 2024-12-03 14:37 ` Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 257/817] wifi: ath12k: fix use-after-free in ath12k_dp_cc_cleanup() Greg Kroah-Hartman
` (570 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Rodrigo Siqueira, Aurabindo Pillai,
Daniel Wheeler, Alex Deucher, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Aurabindo Pillai <aurabindo.pillai@amd.com>
[ Upstream commit d4f36e5fd800de7db74c1c4e62baf24a091a5ff6 ]
Running "modprobe amdgpu" the second time (followed by a modprobe -r
amdgpu) causes a call trace like:
[ 845.212163] Memory manager not clean during takedown.
[ 845.212170] WARNING: CPU: 4 PID: 2481 at drivers/gpu/drm/drm_mm.c:999 drm_mm_takedown+0x2b/0x40
[ 845.212177] Modules linked in: amdgpu(OE-) amddrm_ttm_helper(OE) amddrm_buddy(OE) amdxcp(OE) amd_sched(OE) drm_exec drm_suballoc_helper drm_display_helper i2c_algo_bit amdttm(OE) amdkcl(OE) cec rc_core sunrpc qrtr intel_rapl_msr intel_rapl_common snd_hda_codec_hdmi edac_mce_amd snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_usb_audio snd_hda_codec snd_usbmidi_lib kvm_amd snd_hda_core snd_ump mc snd_hwdep kvm snd_pcm snd_seq_midi snd_seq_midi_event irqbypass crct10dif_pclmul snd_rawmidi polyval_clmulni polyval_generic ghash_clmulni_intel sha256_ssse3 sha1_ssse3 snd_seq aesni_intel crypto_simd snd_seq_device cryptd snd_timer mfd_aaeon asus_nb_wmi eeepc_wmi joydev asus_wmi snd ledtrig_audio sparse_keymap ccp wmi_bmof input_leds k10temp i2c_piix4 platform_profile rapl soundcore gpio_amdpt mac_hid binfmt_misc msr parport_pc ppdev lp parport efi_pstore nfnetlink dmi_sysfs ip_tables x_tables autofs4 hid_logitech_hidpp hid_logitech_dj hid_generic usbhid hid ahci xhci_pci igc crc32_pclmul libahci xhci_pci_renesas video
[ 845.212284] wmi [last unloaded: amddrm_ttm_helper(OE)]
[ 845.212290] CPU: 4 PID: 2481 Comm: modprobe Tainted: G W OE 6.8.0-31-generic #31-Ubuntu
[ 845.212296] RIP: 0010:drm_mm_takedown+0x2b/0x40
[ 845.212300] Code: 1f 44 00 00 48 8b 47 38 48 83 c7 38 48 39 f8 75 09 31 c0 31 ff e9 90 2e 86 00 55 48 c7 c7 d0 f6 8e 8a 48 89 e5 e8 f5 db 45 ff <0f> 0b 5d 31 c0 31 ff e9 74 2e 86 00 66 0f 1f 84 00 00 00 00 00 90
[ 845.212302] RSP: 0018:ffffb11302127ae0 EFLAGS: 00010246
[ 845.212305] RAX: 0000000000000000 RBX: ffff92aa5020fc08 RCX: 0000000000000000
[ 845.212307] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 845.212309] RBP: ffffb11302127ae0 R08: 0000000000000000 R09: 0000000000000000
[ 845.212310] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000004
[ 845.212312] R13: ffff92aa50200000 R14: ffff92aa5020fb10 R15: ffff92aa5020faa0
[ 845.212313] FS: 0000707dd7c7c080(0000) GS:ffff92b93de00000(0000) knlGS:0000000000000000
[ 845.212316] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 845.212318] CR2: 00007d48b0aee200 CR3: 0000000115a58000 CR4: 0000000000f50ef0
[ 845.212320] PKRU: 55555554
[ 845.212321] Call Trace:
[ 845.212323] <TASK>
[ 845.212328] ? show_regs+0x6d/0x80
[ 845.212333] ? __warn+0x89/0x160
[ 845.212339] ? drm_mm_takedown+0x2b/0x40
[ 845.212344] ? report_bug+0x17e/0x1b0
[ 845.212350] ? handle_bug+0x51/0xa0
[ 845.212355] ? exc_invalid_op+0x18/0x80
[ 845.212359] ? asm_exc_invalid_op+0x1b/0x20
[ 845.212366] ? drm_mm_takedown+0x2b/0x40
[ 845.212371] amdgpu_gtt_mgr_fini+0xa9/0x130 [amdgpu]
[ 845.212645] amdgpu_ttm_fini+0x264/0x340 [amdgpu]
[ 845.212770] amdgpu_bo_fini+0x2e/0xc0 [amdgpu]
[ 845.212894] gmc_v12_0_sw_fini+0x2a/0x40 [amdgpu]
[ 845.213036] amdgpu_device_fini_sw+0x11a/0x590 [amdgpu]
[ 845.213159] amdgpu_driver_release_kms+0x16/0x40 [amdgpu]
[ 845.213302] devm_drm_dev_init_release+0x5e/0x90
[ 845.213305] devm_action_release+0x12/0x30
[ 845.213308] release_nodes+0x42/0xd0
[ 845.213311] devres_release_all+0x97/0xe0
[ 845.213314] device_unbind_cleanup+0x12/0x80
[ 845.213317] device_release_driver_internal+0x230/0x270
[ 845.213319] ? srso_alias_return_thunk+0x5/0xfbef5
This is caused by lost memory during early init phase. First time driver
is removed, memory is freed but when second time the driver is inserted,
VBIOS dmub is not active, since the PSP policy is to retain the driver
loaded version on subsequent warm boots. Hence, communication with VBIOS
DMUB fails.
Fix this by aborting further communication with vbios dmub and release
the memory immediately.
Fixes: f59549c7e705 ("drm/amd/display: free bo used for dmub bounding box")
Reviewed-by: Rodrigo Siqueira <rodrigo.siqueira@amd.com>
Signed-off-by: Aurabindo Pillai <aurabindo.pillai@amd.com>
Signed-off-by: Rodrigo Siqueira <rodrigo.siqueira@amd.com>
Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 32 ++++++++++++++++---
.../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.h | 3 ++
.../amd/display/amdgpu_dm/amdgpu_dm_helpers.c | 13 ++------
3 files changed, 33 insertions(+), 15 deletions(-)
diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
index 339bdfb7af2f8..9451552184966 100644
--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
+++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
@@ -1681,6 +1681,26 @@ dm_allocate_gpu_mem(
return da->cpu_ptr;
}
+void
+dm_free_gpu_mem(
+ struct amdgpu_device *adev,
+ enum dc_gpu_mem_alloc_type type,
+ void *pvMem)
+{
+ struct dal_allocation *da;
+
+ /* walk the da list in DM */
+ list_for_each_entry(da, &adev->dm.da_list, list) {
+ if (pvMem == da->cpu_ptr) {
+ amdgpu_bo_free_kernel(&da->bo, &da->gpu_addr, &da->cpu_ptr);
+ list_del(&da->list);
+ kfree(da);
+ break;
+ }
+ }
+
+}
+
static enum dmub_status
dm_dmub_send_vbios_gpint_command(struct amdgpu_device *adev,
enum dmub_gpint_command command_code,
@@ -1747,16 +1767,20 @@ static struct dml2_soc_bb *dm_dmub_get_vbios_bounding_box(struct amdgpu_device *
/* Send the chunk */
ret = dm_dmub_send_vbios_gpint_command(adev, send_addrs[i], chunk, 30000);
if (ret != DMUB_STATUS_OK)
- /* No need to free bb here since it shall be done in dm_sw_fini() */
- return NULL;
+ goto free_bb;
}
/* Now ask DMUB to copy the bb */
ret = dm_dmub_send_vbios_gpint_command(adev, DMUB_GPINT__BB_COPY, 1, 200000);
if (ret != DMUB_STATUS_OK)
- return NULL;
+ goto free_bb;
return bb;
+
+free_bb:
+ dm_free_gpu_mem(adev, DC_MEM_ALLOC_TYPE_GART, (void *) bb);
+ return NULL;
+
}
static enum dmub_ips_disable_type dm_get_default_ips_mode(
@@ -2520,11 +2544,11 @@ static int dm_sw_fini(void *handle)
amdgpu_bo_free_kernel(&da->bo, &da->gpu_addr, &da->cpu_ptr);
list_del(&da->list);
kfree(da);
+ adev->dm.bb_from_dmub = NULL;
break;
}
}
- adev->dm.bb_from_dmub = NULL;
kfree(adev->dm.dmub_fb_info);
adev->dm.dmub_fb_info = NULL;
diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.h b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.h
index 87a8d1d4f9a1b..86b10471f2bda 100644
--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.h
+++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.h
@@ -1004,6 +1004,9 @@ void *dm_allocate_gpu_mem(struct amdgpu_device *adev,
enum dc_gpu_mem_alloc_type type,
size_t size,
long long *addr);
+void dm_free_gpu_mem(struct amdgpu_device *adev,
+ enum dc_gpu_mem_alloc_type type,
+ void *addr);
bool amdgpu_dm_is_headless(struct amdgpu_device *adev);
diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c
index 28db4c1a0a2ad..3dfbdf4ed3ee0 100644
--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c
+++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c
@@ -1055,17 +1055,8 @@ void dm_helpers_free_gpu_mem(
void *pvMem)
{
struct amdgpu_device *adev = ctx->driver_context;
- struct dal_allocation *da;
-
- /* walk the da list in DM */
- list_for_each_entry(da, &adev->dm.da_list, list) {
- if (pvMem == da->cpu_ptr) {
- amdgpu_bo_free_kernel(&da->bo, &da->gpu_addr, &da->cpu_ptr);
- list_del(&da->list);
- kfree(da);
- break;
- }
- }
+
+ dm_free_gpu_mem(adev, type, pvMem);
}
bool dm_helpers_dmub_outbox_interrupt_control(struct dc_context *ctx, bool enable)
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 257/817] wifi: ath12k: fix use-after-free in ath12k_dp_cc_cleanup()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (255 preceding siblings ...)
2024-12-03 14:37 ` [PATCH 6.11 256/817] drm/amd/display: fix a memleak issue when driver is removed Greg Kroah-Hartman
@ 2024-12-03 14:37 ` Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 258/817] wifi: ath12k: fix one more memcpy size error Greg Kroah-Hartman
` (569 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Rameshkumar Sundaram, Jeff Johnson,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Rameshkumar Sundaram <quic_ramess@quicinc.com>
[ Upstream commit bdb281103373fd80eb5c91cede1e115ba270b4e9 ]
During ath12k module removal, in ath12k_core_deinit(),
ath12k_mac_destroy() un-registers ah->hw from mac80211 and frees
the ah->hw as well as all the ar's in it. After this
ath12k_core_soc_destroy()-> ath12k_dp_free()-> ath12k_dp_cc_cleanup()
tries to access one of the freed ar's from pending skb.
This is because during mac destroy, driver failed to flush few
data packets, which were accessed later in ath12k_dp_cc_cleanup()
and freed, but using ar from the packet led to this use-after-free.
BUG: KASAN: use-after-free in ath12k_dp_cc_cleanup.part.0+0x5e2/0xd40 [ath12k]
Write of size 4 at addr ffff888150bd3514 by task modprobe/8926
CPU: 0 UID: 0 PID: 8926 Comm: modprobe Not tainted
6.11.0-rc2-wt-ath+ #1746
Hardware name: Intel(R) Client Systems NUC8i7HVK/NUC8i7HVB, BIOS
HNKBLi70.86A.0067.2021.0528.1339 05/28/2021
Call Trace:
<TASK>
dump_stack_lvl+0x7d/0xe0
print_address_description.constprop.0+0x33/0x3a0
print_report+0xb5/0x260
? kasan_addr_to_slab+0x24/0x80
kasan_report+0xd8/0x110
? ath12k_dp_cc_cleanup.part.0+0x5e2/0xd40 [ath12k]
? ath12k_dp_cc_cleanup.part.0+0x5e2/0xd40 [ath12k]
kasan_check_range+0xf3/0x1a0
__kasan_check_write+0x14/0x20
ath12k_dp_cc_cleanup.part.0+0x5e2/0xd40 [ath12k]
ath12k_dp_free+0x178/0x420 [ath12k]
ath12k_core_stop+0x176/0x200 [ath12k]
ath12k_core_deinit+0x13f/0x210 [ath12k]
ath12k_pci_remove+0xad/0x1c0 [ath12k]
pci_device_remove+0x9b/0x1b0
device_remove+0xbf/0x150
device_release_driver_internal+0x3c3/0x580
? __kasan_check_read+0x11/0x20
driver_detach+0xc4/0x190
bus_remove_driver+0x130/0x2a0
driver_unregister+0x68/0x90
pci_unregister_driver+0x24/0x240
? find_module_all+0x13e/0x1e0
ath12k_pci_exit+0x10/0x20 [ath12k]
__do_sys_delete_module+0x32c/0x580
? module_flags+0x2f0/0x2f0
? kmem_cache_free+0xf0/0x410
? __fput+0x56f/0xab0
? __fput+0x56f/0xab0
? debug_smp_processor_id+0x17/0x20
__x64_sys_delete_module+0x4f/0x70
x64_sys_call+0x522/0x9f0
do_syscall_64+0x64/0x130
entry_SYSCALL_64_after_hwframe+0x4b/0x53
RIP: 0033:0x7f8182c6ac8b
Commit 24de1b7b231c ("wifi: ath12k: fix flush failure in recovery
scenarios") added the change to decrement the pending packets count
in case of recovery which make sense as ah->hw as well all
ar's in it are intact during recovery, but during core deinit there
is no use in decrementing packets count or waking up the empty waitq
as the module is going to be removed also ar's from pending skb's
can't be used and the packets should just be released back.
To fix this, avoid accessing ar from skb->cb when driver is being
unregistered.
Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.1.1-00214-QCAHKSWPL_SILICONZ-1
Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3
Fixes: 24de1b7b231c ("wifi: ath12k: fix flush failure in recovery scenarios")
Signed-off-by: Rameshkumar Sundaram <quic_ramess@quicinc.com>
Acked-by: Jeff Johnson <quic_jjohnson@quicinc.com>
Link: https://patch.msgid.link/20241001092652.3134334-1-quic_ramess@quicinc.com
Signed-off-by: Jeff Johnson <quic_jjohnson@quicinc.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath12k/dp.c | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/drivers/net/wireless/ath/ath12k/dp.c b/drivers/net/wireless/ath/ath12k/dp.c
index 61aa78d8bd8c8..abddeafabfa1b 100644
--- a/drivers/net/wireless/ath/ath12k/dp.c
+++ b/drivers/net/wireless/ath/ath12k/dp.c
@@ -1202,10 +1202,16 @@ static void ath12k_dp_cc_cleanup(struct ath12k_base *ab)
if (!skb)
continue;
- skb_cb = ATH12K_SKB_CB(skb);
- ar = skb_cb->ar;
- if (atomic_dec_and_test(&ar->dp.num_tx_pending))
- wake_up(&ar->dp.tx_empty_waitq);
+ /* if we are unregistering, hw would've been destroyed and
+ * ar is no longer valid.
+ */
+ if (!(test_bit(ATH12K_FLAG_UNREGISTERING, &ab->dev_flags))) {
+ skb_cb = ATH12K_SKB_CB(skb);
+ ar = skb_cb->ar;
+
+ if (atomic_dec_and_test(&ar->dp.num_tx_pending))
+ wake_up(&ar->dp.tx_empty_waitq);
+ }
dma_unmap_single(ab->dev, ATH12K_SKB_CB(skb)->paddr,
skb->len, DMA_TO_DEVICE);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 258/817] wifi: ath12k: fix one more memcpy size error
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (256 preceding siblings ...)
2024-12-03 14:37 ` [PATCH 6.11 257/817] wifi: ath12k: fix use-after-free in ath12k_dp_cc_cleanup() Greg Kroah-Hartman
@ 2024-12-03 14:37 ` Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 259/817] bpf: Fix the xdp_adjust_tail sample prog issue Greg Kroah-Hartman
` (568 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Arnd Bergmann, Kalle Valo,
Jeff Johnson, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Arnd Bergmann <arnd@arndb.de>
[ Upstream commit 19c23eb61fa4c802e6e0aaf74d6f7dcbe99f0ba3 ]
A previous patch addressed a fortified-memcpy warning on older compilers,
but there is still a warning on gcc-14 in some configurations:
In file included from include/linux/string.h:390,
from drivers/net/wireless/ath/ath12k/wow.c:7:
drivers/net/wireless/ath/ath12k/wow.c: In function 'ath12k_wow_convert_8023_to_80211.isra':
include/linux/fortify-string.h:114:33: error: '__builtin_memcpy' accessing 18446744073709551610 or more bytes at offsets 0 and 0 overlaps 9223372036854775797 bytes at offset -9223372036854775803 [-Werror=restrict]
include/linux/fortify-string.h:679:26: note: in expansion of macro '__fortify_memcpy_chk'
679 | #define memcpy(p, q, s) __fortify_memcpy_chk(p, q, s, \
| ^~~~~~~~~~~~~~~~~~~~
drivers/net/wireless/ath/ath12k/wow.c:199:25: note: in expansion of macro 'memcpy'
199 | memcpy(pat + a3_ofs - pkt_ofs,
| ^~~~~~
Address this the same way as the other two, using size_add().
Fixes: b49991d83bba ("wifi: ath12k: fix build vs old compiler")
Fixes: 4a3c212eee0e ("wifi: ath12k: add basic WoW functionalities")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Kalle Valo <kvalo@kernel.org>
Link: https://patch.msgid.link/20241004095420.637091-1-arnd@kernel.org
Signed-off-by: Jeff Johnson <quic_jjohnson@quicinc.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath12k/wow.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/ath/ath12k/wow.c b/drivers/net/wireless/ath/ath12k/wow.c
index 9b8684abbe40a..3624180b25b97 100644
--- a/drivers/net/wireless/ath/ath12k/wow.c
+++ b/drivers/net/wireless/ath/ath12k/wow.c
@@ -191,7 +191,7 @@ ath12k_wow_convert_8023_to_80211(struct ath12k *ar,
memcpy(bytemask, eth_bytemask, eth_pat_len);
pat_len = eth_pat_len;
- } else if (eth_pkt_ofs + eth_pat_len < prot_ofs) {
+ } else if (size_add(eth_pkt_ofs, eth_pat_len) < prot_ofs) {
memcpy(pat, eth_pat, ETH_ALEN - eth_pkt_ofs);
memcpy(bytemask, eth_bytemask, ETH_ALEN - eth_pkt_ofs);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 259/817] bpf: Fix the xdp_adjust_tail sample prog issue
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (257 preceding siblings ...)
2024-12-03 14:37 ` [PATCH 6.11 258/817] wifi: ath12k: fix one more memcpy size error Greg Kroah-Hartman
@ 2024-12-03 14:37 ` Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 260/817] selftests/bpf: netns_new() and netns_free() helpers Greg Kroah-Hartman
` (567 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:37 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Yuan Chen, Andrii Nakryiko,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yuan Chen <chenyuan@kylinos.cn>
[ Upstream commit 4236f114a3ffbbfd217436c08852e94cae372f57 ]
During the xdp_adjust_tail test, probabilistic failure occurs and SKB package
is discarded by the kernel. After checking the issues by tracking SKB package,
it is identified that they were caused by checksum errors. Refer to checksum
of the arch/arm64/include/asm/checksum.h for fixing.
v2: Based on Alexei Starovoitov's suggestions, it is necessary to keep the code
implementation consistent.
Fixes: c6ffd1ff7856 (bpf: add bpf_xdp_adjust_tail sample prog)
Signed-off-by: Yuan Chen <chenyuan@kylinos.cn>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/bpf/20240930024115.52841-1-chenyuan_fl@163.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
samples/bpf/xdp_adjust_tail_kern.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/samples/bpf/xdp_adjust_tail_kern.c b/samples/bpf/xdp_adjust_tail_kern.c
index ffdd548627f0a..da67bcad1c638 100644
--- a/samples/bpf/xdp_adjust_tail_kern.c
+++ b/samples/bpf/xdp_adjust_tail_kern.c
@@ -57,6 +57,7 @@ static __always_inline void swap_mac(void *data, struct ethhdr *orig_eth)
static __always_inline __u16 csum_fold_helper(__u32 csum)
{
+ csum = (csum & 0xffff) + (csum >> 16);
return ~((csum & 0xffff) + (csum >> 16));
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 260/817] selftests/bpf: netns_new() and netns_free() helpers.
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (258 preceding siblings ...)
2024-12-03 14:37 ` [PATCH 6.11 259/817] bpf: Fix the xdp_adjust_tail sample prog issue Greg Kroah-Hartman
@ 2024-12-03 14:37 ` Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 261/817] selftests/bpf: Fix backtrace printing for selftests crashes Greg Kroah-Hartman
` (566 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Stanislav Fomichev, Kui-Feng Lee,
Martin KaFai Lau, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kui-Feng Lee <thinker.li@gmail.com>
[ Upstream commit 1e115a58be0ffca63727dc0495dae924a19f8cd4 ]
netns_new()/netns_free() create/delete network namespaces. They support the
option '-m' of test_progs to start/stop traffic monitor for the network
namespace being created for matched tests.
Acked-by: Stanislav Fomichev <sdf@fomichev.me>
Signed-off-by: Kui-Feng Lee <thinker.li@gmail.com>
Link: https://lore.kernel.org/r/20240815053254.470944-4-thinker.li@gmail.com
Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
Stable-dep-of: 5bf1557e3d6a ("selftests/bpf: Fix backtrace printing for selftests crashes")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/bpf/network_helpers.c | 46 ++++++++++
tools/testing/selftests/bpf/network_helpers.h | 2 +
tools/testing/selftests/bpf/test_progs.c | 88 +++++++++++++++++++
tools/testing/selftests/bpf/test_progs.h | 4 +
4 files changed, 140 insertions(+)
diff --git a/tools/testing/selftests/bpf/network_helpers.c b/tools/testing/selftests/bpf/network_helpers.c
index e0cba4178e41d..cff7817964234 100644
--- a/tools/testing/selftests/bpf/network_helpers.c
+++ b/tools/testing/selftests/bpf/network_helpers.c
@@ -448,6 +448,52 @@ char *ping_command(int family)
return "ping";
}
+int remove_netns(const char *name)
+{
+ char *cmd;
+ int r;
+
+ r = asprintf(&cmd, "ip netns del %s >/dev/null 2>&1", name);
+ if (r < 0) {
+ log_err("Failed to malloc cmd");
+ return -1;
+ }
+
+ r = system(cmd);
+ free(cmd);
+ return r;
+}
+
+int make_netns(const char *name)
+{
+ char *cmd;
+ int r;
+
+ r = asprintf(&cmd, "ip netns add %s", name);
+ if (r < 0) {
+ log_err("Failed to malloc cmd");
+ return -1;
+ }
+
+ r = system(cmd);
+ free(cmd);
+
+ if (r)
+ return r;
+
+ r = asprintf(&cmd, "ip -n %s link set lo up", name);
+ if (r < 0) {
+ log_err("Failed to malloc cmd for setting up lo");
+ remove_netns(name);
+ return -1;
+ }
+
+ r = system(cmd);
+ free(cmd);
+
+ return r;
+}
+
struct nstoken {
int orig_netns_fd;
};
diff --git a/tools/testing/selftests/bpf/network_helpers.h b/tools/testing/selftests/bpf/network_helpers.h
index aac5b94d63799..91763fbe58d27 100644
--- a/tools/testing/selftests/bpf/network_helpers.h
+++ b/tools/testing/selftests/bpf/network_helpers.h
@@ -92,6 +92,8 @@ struct nstoken;
struct nstoken *open_netns(const char *name);
void close_netns(struct nstoken *token);
int send_recv_data(int lfd, int fd, uint32_t total_bytes);
+int make_netns(const char *name);
+int remove_netns(const char *name);
static __u16 csum_fold(__u32 csum)
{
diff --git a/tools/testing/selftests/bpf/test_progs.c b/tools/testing/selftests/bpf/test_progs.c
index d5d0cb4eb1975..05bd298b15f4c 100644
--- a/tools/testing/selftests/bpf/test_progs.c
+++ b/tools/testing/selftests/bpf/test_progs.c
@@ -18,6 +18,8 @@
#include <bpf/btf.h>
#include "json_writer.h"
+#include "network_helpers.h"
+
#ifdef __GLIBC__
#include <execinfo.h> /* backtrace */
#endif
@@ -624,6 +626,92 @@ int compare_stack_ips(int smap_fd, int amap_fd, int stack_trace_len)
return err;
}
+struct netns_obj {
+ char *nsname;
+ struct tmonitor_ctx *tmon;
+ struct nstoken *nstoken;
+};
+
+/* Create a new network namespace with the given name.
+ *
+ * Create a new network namespace and set the network namespace of the
+ * current process to the new network namespace if the argument "open" is
+ * true. This function should be paired with netns_free() to release the
+ * resource and delete the network namespace.
+ *
+ * It also implements the functionality of the option "-m" by starting
+ * traffic monitor on the background to capture the packets in this network
+ * namespace if the current test or subtest matching the pattern.
+ *
+ * nsname: the name of the network namespace to create.
+ * open: open the network namespace if true.
+ *
+ * Return: the network namespace object on success, NULL on failure.
+ */
+struct netns_obj *netns_new(const char *nsname, bool open)
+{
+ struct netns_obj *netns_obj = malloc(sizeof(*netns_obj));
+ const char *test_name, *subtest_name;
+ int r;
+
+ if (!netns_obj)
+ return NULL;
+ memset(netns_obj, 0, sizeof(*netns_obj));
+
+ netns_obj->nsname = strdup(nsname);
+ if (!netns_obj->nsname)
+ goto fail;
+
+ /* Create the network namespace */
+ r = make_netns(nsname);
+ if (r)
+ goto fail;
+
+ /* Start traffic monitor */
+ if (env.test->should_tmon ||
+ (env.subtest_state && env.subtest_state->should_tmon)) {
+ test_name = env.test->test_name;
+ subtest_name = env.subtest_state ? env.subtest_state->name : NULL;
+ netns_obj->tmon = traffic_monitor_start(nsname, test_name, subtest_name);
+ if (!netns_obj->tmon) {
+ fprintf(stderr, "Failed to start traffic monitor for %s\n", nsname);
+ goto fail;
+ }
+ } else {
+ netns_obj->tmon = NULL;
+ }
+
+ if (open) {
+ netns_obj->nstoken = open_netns(nsname);
+ if (!netns_obj->nstoken)
+ goto fail;
+ }
+
+ return netns_obj;
+fail:
+ traffic_monitor_stop(netns_obj->tmon);
+ remove_netns(nsname);
+ free(netns_obj->nsname);
+ free(netns_obj);
+ return NULL;
+}
+
+/* Delete the network namespace.
+ *
+ * This function should be paired with netns_new() to delete the namespace
+ * created by netns_new().
+ */
+void netns_free(struct netns_obj *netns_obj)
+{
+ if (!netns_obj)
+ return;
+ traffic_monitor_stop(netns_obj->tmon);
+ close_netns(netns_obj->nstoken);
+ remove_netns(netns_obj->nsname);
+ free(netns_obj->nsname);
+ free(netns_obj);
+}
+
/* extern declarations for test funcs */
#define DEFINE_TEST(name) \
extern void test_##name(void) __weak; \
diff --git a/tools/testing/selftests/bpf/test_progs.h b/tools/testing/selftests/bpf/test_progs.h
index b1e949fb16cf3..dbc4127f9dbd2 100644
--- a/tools/testing/selftests/bpf/test_progs.h
+++ b/tools/testing/selftests/bpf/test_progs.h
@@ -428,6 +428,10 @@ int write_sysctl(const char *sysctl, const char *value);
int get_bpf_max_tramp_links_from(struct btf *btf);
int get_bpf_max_tramp_links(void);
+struct netns_obj;
+struct netns_obj *netns_new(const char *name, bool open);
+void netns_free(struct netns_obj *netns);
+
#ifdef __x86_64__
#define SYS_NANOSLEEP_KPROBE_NAME "__x64_sys_nanosleep"
#elif defined(__s390x__)
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 261/817] selftests/bpf: Fix backtrace printing for selftests crashes
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (259 preceding siblings ...)
2024-12-03 14:37 ` [PATCH 6.11 260/817] selftests/bpf: netns_new() and netns_free() helpers Greg Kroah-Hartman
@ 2024-12-03 14:37 ` Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 262/817] wifi: ath11k: Fix CE offset address calculation for WCN6750 in SSR Greg Kroah-Hartman
` (565 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Eduard Zingerman, Andrii Nakryiko,
Tony Ambardar, Daniel Xu, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eduard Zingerman <eddyz87@gmail.com>
[ Upstream commit 5bf1557e3d6a69113649d831276ea2f97585fc33 ]
test_progs uses glibc specific functions backtrace() and
backtrace_symbols_fd() to print backtrace in case of SIGSEGV.
Recent commit (see fixes) updated test_progs.c to define stub versions
of the same functions with attriubte "weak" in order to allow linking
test_progs against musl libc. Unfortunately this broke the backtrace
handling for glibc builds.
As it turns out, glibc defines backtrace() and backtrace_symbols_fd()
as weak:
$ llvm-readelf --symbols /lib64/libc.so.6 \
| grep -P '( backtrace_symbols_fd| backtrace)$'
4910: 0000000000126b40 161 FUNC WEAK DEFAULT 16 backtrace
6843: 0000000000126f90 852 FUNC WEAK DEFAULT 16 backtrace_symbols_fd
So does test_progs:
$ llvm-readelf --symbols test_progs \
| grep -P '( backtrace_symbols_fd| backtrace)$'
2891: 00000000006ad190 15 FUNC WEAK DEFAULT 13 backtrace
11215: 00000000006ad1a0 41 FUNC WEAK DEFAULT 13 backtrace_symbols_fd
In such situation dynamic linker is not obliged to favour glibc
implementation over the one defined in test_progs.
Compiling with the following simple modification to test_progs.c
demonstrates the issue:
$ git diff
...
\--- a/tools/testing/selftests/bpf/test_progs.c
\+++ b/tools/testing/selftests/bpf/test_progs.c
\@@ -1817,6 +1817,7 @@ int main(int argc, char **argv)
if (err)
return err;
+ *(int *)0xdeadbeef = 42;
err = cd_flavor_subdir(argv[0]);
if (err)
return err;
$ ./test_progs
[0]: Caught signal #11!
Stack trace:
<backtrace not supported>
Segmentation fault (core dumped)
Resolve this by hiding stub definitions behind __GLIBC__ macro check
instead of using "weak" attribute.
Fixes: c9a83e76b5a9 ("selftests/bpf: Fix compile if backtrace support missing in libc")
Signed-off-by: Eduard Zingerman <eddyz87@gmail.com>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Tested-by: Tony Ambardar <tony.ambardar@gmail.com>
Reviewed-by: Tony Ambardar <tony.ambardar@gmail.com>
Acked-by: Daniel Xu <dxu@dxuuu.xyz>
Link: https://lore.kernel.org/bpf/20241003210307.3847907-1-eddyz87@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/bpf/test_progs.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/tools/testing/selftests/bpf/test_progs.c b/tools/testing/selftests/bpf/test_progs.c
index 05bd298b15f4c..080e4fd012d3d 100644
--- a/tools/testing/selftests/bpf/test_progs.c
+++ b/tools/testing/selftests/bpf/test_progs.c
@@ -20,11 +20,13 @@
#include "network_helpers.h"
+/* backtrace() and backtrace_symbols_fd() are glibc specific,
+ * use header file when glibc is available and provide stub
+ * implementations when another libc implementation is used.
+ */
#ifdef __GLIBC__
#include <execinfo.h> /* backtrace */
-#endif
-
-/* Default backtrace funcs if missing at link */
+#else
__weak int backtrace(void **buffer, int size)
{
return 0;
@@ -34,6 +36,7 @@ __weak void backtrace_symbols_fd(void *const *buffer, int size, int fd)
{
dprintf(fd, "<backtrace not supported>\n");
}
+#endif /*__GLIBC__ */
static bool verbose(void)
{
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 262/817] wifi: ath11k: Fix CE offset address calculation for WCN6750 in SSR
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (260 preceding siblings ...)
2024-12-03 14:37 ` [PATCH 6.11 261/817] selftests/bpf: Fix backtrace printing for selftests crashes Greg Kroah-Hartman
@ 2024-12-03 14:37 ` Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 263/817] selftests/bpf: add missing header include for htons Greg Kroah-Hartman
` (564 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Balaji Pothunoori, Jeff Johnson,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Balaji Pothunoori <quic_bpothuno@quicinc.com>
[ Upstream commit 4c57ec6c4bb9979b42ae7fa7273fc2d4a361d576 ]
Currently, mem_ce and mem iomem addresses are used to calculate the
CE offset address. mem_ce is initialized with mem address, and for
targets where ce_remap is needed, mem_ce is remapped to a new address
space during AHB probe.
For targets such as WCN6750 in which CE address space is same as WCSS
address space (i.e. "ce_remap" hw_param is set to false), mem_ce and
mem iomem addresses are same. In the initial SRNG setup for such targets,
the CE offset address and hence CE register base addresses are
calculated correctly in ath11k_hal_srng_init() as both mem and mem_ce
are initialized with same iomem address.
Later, after the firmware download, mem is initialized with BAR address
received in qmi_wlanfw_device_info_resp_msg_v01 QMI message, while mem_ce
is not updated.
After initial setup success, during Subsystem Restart (SSR), as part
of reinitialization, ath11k_hal_srng_init() will be called again,
and CE offset address will be calculated incorrectly this time as mem_ce
address was not updated. Due to the incorrect CE offset address,
APPS accesses an invalid CE register address which leads to improper
behavior in firmware after SSR is triggered.
To fix the above issue, update mem_ce to mem iomem address in
ath11k_qmi_request_device_info() for targets which do not support
ce_remap feature.
Signed-off-by: Balaji Pothunoori <quic_bpothuno@quicinc.com>
Fixes: b42b3678c91f ("wifi: ath11k: remap ce register space for IPQ5018")
Link: https://patch.msgid.link/20240927095825.22317-1-quic_bpothuno@quicinc.com
Signed-off-by: Jeff Johnson <quic_jjohnson@quicinc.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath11k/qmi.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/net/wireless/ath/ath11k/qmi.c b/drivers/net/wireless/ath/ath11k/qmi.c
index f477afd325dea..7a22483b35cd9 100644
--- a/drivers/net/wireless/ath/ath11k/qmi.c
+++ b/drivers/net/wireless/ath/ath11k/qmi.c
@@ -2180,6 +2180,9 @@ static int ath11k_qmi_request_device_info(struct ath11k_base *ab)
ab->mem = bar_addr_va;
ab->mem_len = resp.bar_size;
+ if (!ab->hw_params.ce_remap)
+ ab->mem_ce = ab->mem;
+
return 0;
out:
return ret;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 263/817] selftests/bpf: add missing header include for htons
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (261 preceding siblings ...)
2024-12-03 14:37 ` [PATCH 6.11 262/817] wifi: ath11k: Fix CE offset address calculation for WCN6750 in SSR Greg Kroah-Hartman
@ 2024-12-03 14:37 ` Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 264/817] wifi: cfg80211: check radio iface combination for multi radio per wiphy Greg Kroah-Hartman
` (563 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Alexis Lothoré ,
Martin KaFai Lau, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alexis Lothoré (eBPF Foundation) <alexis.lothore@bootlin.com>
[ Upstream commit bc9b3fb827fceec4e05564d6e668280f4470ab5b ]
Including the network_helpers.h header in tests can lead to the following
build error:
./network_helpers.h: In function ‘csum_tcpudp_magic’:
./network_helpers.h:116:14: error: implicit declaration of function \
‘htons’ [-Werror=implicit-function-declaration]
116 | s += htons(proto + len);
The error is avoided in many cases thanks to some other headers included
earlier and bringing in arpa/inet.h (ie: test_progs.h).
Make sure that test_progs build success does not depend on header ordering
by adding the missing header include in network_helpers.h
Fixes: f6642de0c3e9 ("selftests/bpf: Add csum helpers")
Signed-off-by: Alexis Lothoré (eBPF Foundation) <alexis.lothore@bootlin.com>
Link: https://lore.kernel.org/r/20241008-network_helpers_fix-v1-1-2c2ae03df7ef@bootlin.com
Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/bpf/network_helpers.h | 1 +
1 file changed, 1 insertion(+)
diff --git a/tools/testing/selftests/bpf/network_helpers.h b/tools/testing/selftests/bpf/network_helpers.h
index 91763fbe58d27..7b05fc3fedb06 100644
--- a/tools/testing/selftests/bpf/network_helpers.h
+++ b/tools/testing/selftests/bpf/network_helpers.h
@@ -1,6 +1,7 @@
/* SPDX-License-Identifier: GPL-2.0 */
#ifndef __NETWORK_HELPERS_H
#define __NETWORK_HELPERS_H
+#include <arpa/inet.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <linux/types.h>
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 264/817] wifi: cfg80211: check radio iface combination for multi radio per wiphy
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (262 preceding siblings ...)
2024-12-03 14:37 ` [PATCH 6.11 263/817] selftests/bpf: add missing header include for htons Greg Kroah-Hartman
@ 2024-12-03 14:37 ` Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 265/817] ice: consistently use q_idx in ice_vc_cfg_qs_msg() Greg Kroah-Hartman
` (562 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Karthikeyan Periyasamy,
Johannes Berg, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Karthikeyan Periyasamy <quic_periyasa@quicinc.com>
[ Upstream commit bd9813d13be439851a7ff3e6372e53caa6e387a6 ]
Currently, wiphy_verify_combinations() fails for the multi-radio per wiphy
due to the condition check on new global interface combination that DFS
only works on one channel. In a multi-radio scenario, new global interface
combination encompasses the capabilities of all radio combinations, so it
supports more than one channel with DFS. For multi-radio per wiphy,
interface combination verification needs to be performed for radio specific
interface combinations. This is necessary as the new global interface
combination combines the capabilities of all radio combinations.
Fixes: a01b1e9f9955 ("wifi: mac80211: add support for DFS with multiple radios")
Signed-off-by: Karthikeyan Periyasamy <quic_periyasa@quicinc.com>
Link: https://patch.msgid.link/20240917140239.886083-1-quic_periyasa@quicinc.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/wireless/core.c | 64 ++++++++++++++++++++++++++++++++++++++-------
1 file changed, 54 insertions(+), 10 deletions(-)
diff --git a/net/wireless/core.c b/net/wireless/core.c
index b2b512923ecee..263c91e91fc39 100644
--- a/net/wireless/core.c
+++ b/net/wireless/core.c
@@ -603,16 +603,20 @@ struct wiphy *wiphy_new_nm(const struct cfg80211_ops *ops, int sizeof_priv,
}
EXPORT_SYMBOL(wiphy_new_nm);
-static int wiphy_verify_combinations(struct wiphy *wiphy)
+static
+int wiphy_verify_iface_combinations(struct wiphy *wiphy,
+ const struct ieee80211_iface_combination *iface_comb,
+ int n_iface_comb,
+ bool combined_radio)
{
const struct ieee80211_iface_combination *c;
int i, j;
- for (i = 0; i < wiphy->n_iface_combinations; i++) {
+ for (i = 0; i < n_iface_comb; i++) {
u32 cnt = 0;
u16 all_iftypes = 0;
- c = &wiphy->iface_combinations[i];
+ c = &iface_comb[i];
/*
* Combinations with just one interface aren't real,
@@ -625,9 +629,13 @@ static int wiphy_verify_combinations(struct wiphy *wiphy)
if (WARN_ON(!c->num_different_channels))
return -EINVAL;
- /* DFS only works on one channel. */
- if (WARN_ON(c->radar_detect_widths &&
- (c->num_different_channels > 1)))
+ /* DFS only works on one channel. Avoid this check
+ * for multi-radio global combination, since it hold
+ * the capabilities of all radio combinations.
+ */
+ if (!combined_radio &&
+ WARN_ON(c->radar_detect_widths &&
+ c->num_different_channels > 1))
return -EINVAL;
if (WARN_ON(!c->n_limits))
@@ -648,13 +656,21 @@ static int wiphy_verify_combinations(struct wiphy *wiphy)
if (WARN_ON(wiphy->software_iftypes & types))
return -EINVAL;
- /* Only a single P2P_DEVICE can be allowed */
- if (WARN_ON(types & BIT(NL80211_IFTYPE_P2P_DEVICE) &&
+ /* Only a single P2P_DEVICE can be allowed, avoid this
+ * check for multi-radio global combination, since it
+ * hold the capabilities of all radio combinations.
+ */
+ if (!combined_radio &&
+ WARN_ON(types & BIT(NL80211_IFTYPE_P2P_DEVICE) &&
c->limits[j].max > 1))
return -EINVAL;
- /* Only a single NAN can be allowed */
- if (WARN_ON(types & BIT(NL80211_IFTYPE_NAN) &&
+ /* Only a single NAN can be allowed, avoid this
+ * check for multi-radio global combination, since it
+ * hold the capabilities of all radio combinations.
+ */
+ if (!combined_radio &&
+ WARN_ON(types & BIT(NL80211_IFTYPE_NAN) &&
c->limits[j].max > 1))
return -EINVAL;
@@ -693,6 +709,34 @@ static int wiphy_verify_combinations(struct wiphy *wiphy)
return 0;
}
+static int wiphy_verify_combinations(struct wiphy *wiphy)
+{
+ int i, ret;
+ bool combined_radio = false;
+
+ if (wiphy->n_radio) {
+ for (i = 0; i < wiphy->n_radio; i++) {
+ const struct wiphy_radio *radio = &wiphy->radio[i];
+
+ ret = wiphy_verify_iface_combinations(wiphy,
+ radio->iface_combinations,
+ radio->n_iface_combinations,
+ false);
+ if (ret)
+ return ret;
+ }
+
+ combined_radio = true;
+ }
+
+ ret = wiphy_verify_iface_combinations(wiphy,
+ wiphy->iface_combinations,
+ wiphy->n_iface_combinations,
+ combined_radio);
+
+ return ret;
+}
+
int wiphy_register(struct wiphy *wiphy)
{
struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 265/817] ice: consistently use q_idx in ice_vc_cfg_qs_msg()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (263 preceding siblings ...)
2024-12-03 14:37 ` [PATCH 6.11 264/817] wifi: cfg80211: check radio iface combination for multi radio per wiphy Greg Kroah-Hartman
@ 2024-12-03 14:37 ` Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 266/817] drm/vc4: hdmi: Increase audio MAI fifo dreq threshold Greg Kroah-Hartman
` (561 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jacob Keller, Rafal Romanowski,
Tony Nguyen, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jacob Keller <jacob.e.keller@intel.com>
[ Upstream commit a884c304e18a40e1c7a6525a9274e64c2c061c3f ]
The ice_vc_cfg_qs_msg() function is used to configure VF queues in response
to a VIRTCHNL_OP_CONFIG_VSI_QUEUES command.
The virtchnl command contains an array of queue pair data for configuring
Tx and Rx queues. This data includes a queue ID. When configuring the
queues, the driver generally uses this queue ID to determine which Tx and
Rx ring to program. However, a handful of places use the index into the
queue pair data from the VF. While most VF implementations appear to send
this data in order, it is not mandated by the virtchnl and it is not
verified that the queue pair data comes in order.
Fix the driver to consistently use the q_idx field instead of the 'i'
iterator value when accessing the rings. For the Rx case, introduce a local
ring variable to keep lines short.
Fixes: 7ad15440acf8 ("ice: Refactor VIRTCHNL_OP_CONFIG_VSI_QUEUES handling")
Signed-off-by: Jacob Keller <jacob.e.keller@intel.com>
Tested-by: Rafal Romanowski <rafal.romanowski@intel.com>
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/intel/ice/ice_virtchnl.c | 21 +++++++++----------
1 file changed, 10 insertions(+), 11 deletions(-)
diff --git a/drivers/net/ethernet/intel/ice/ice_virtchnl.c b/drivers/net/ethernet/intel/ice/ice_virtchnl.c
index 1c6ce0c4ed4ee..d7fd4bc18f021 100644
--- a/drivers/net/ethernet/intel/ice/ice_virtchnl.c
+++ b/drivers/net/ethernet/intel/ice/ice_virtchnl.c
@@ -1711,8 +1711,8 @@ static int ice_vc_cfg_qs_msg(struct ice_vf *vf, u8 *msg)
/* copy Tx queue info from VF into VSI */
if (qpi->txq.ring_len > 0) {
- vsi->tx_rings[i]->dma = qpi->txq.dma_ring_addr;
- vsi->tx_rings[i]->count = qpi->txq.ring_len;
+ vsi->tx_rings[q_idx]->dma = qpi->txq.dma_ring_addr;
+ vsi->tx_rings[q_idx]->count = qpi->txq.ring_len;
/* Disable any existing queue first */
if (ice_vf_vsi_dis_single_txq(vf, vsi, q_idx))
@@ -1721,7 +1721,7 @@ static int ice_vc_cfg_qs_msg(struct ice_vf *vf, u8 *msg)
/* Configure a queue with the requested settings */
if (ice_vsi_cfg_single_txq(vsi, vsi->tx_rings, q_idx)) {
dev_warn(ice_pf_to_dev(pf), "VF-%d failed to configure TX queue %d\n",
- vf->vf_id, i);
+ vf->vf_id, q_idx);
goto error_param;
}
}
@@ -1729,24 +1729,23 @@ static int ice_vc_cfg_qs_msg(struct ice_vf *vf, u8 *msg)
/* copy Rx queue info from VF into VSI */
if (qpi->rxq.ring_len > 0) {
u16 max_frame_size = ice_vc_get_max_frame_size(vf);
+ struct ice_rx_ring *ring = vsi->rx_rings[q_idx];
u32 rxdid;
- vsi->rx_rings[i]->dma = qpi->rxq.dma_ring_addr;
- vsi->rx_rings[i]->count = qpi->rxq.ring_len;
+ ring->dma = qpi->rxq.dma_ring_addr;
+ ring->count = qpi->rxq.ring_len;
if (qpi->rxq.crc_disable)
- vsi->rx_rings[q_idx]->flags |=
- ICE_RX_FLAGS_CRC_STRIP_DIS;
+ ring->flags |= ICE_RX_FLAGS_CRC_STRIP_DIS;
else
- vsi->rx_rings[q_idx]->flags &=
- ~ICE_RX_FLAGS_CRC_STRIP_DIS;
+ ring->flags &= ~ICE_RX_FLAGS_CRC_STRIP_DIS;
if (qpi->rxq.databuffer_size != 0 &&
(qpi->rxq.databuffer_size > ((16 * 1024) - 128) ||
qpi->rxq.databuffer_size < 1024))
goto error_param;
vsi->rx_buf_len = qpi->rxq.databuffer_size;
- vsi->rx_rings[i]->rx_buf_len = vsi->rx_buf_len;
+ ring->rx_buf_len = vsi->rx_buf_len;
if (qpi->rxq.max_pkt_size > max_frame_size ||
qpi->rxq.max_pkt_size < 64)
goto error_param;
@@ -1761,7 +1760,7 @@ static int ice_vc_cfg_qs_msg(struct ice_vf *vf, u8 *msg)
if (ice_vsi_cfg_single_rxq(vsi, q_idx)) {
dev_warn(ice_pf_to_dev(pf), "VF-%d failed to configure RX queue %d\n",
- vf->vf_id, i);
+ vf->vf_id, q_idx);
goto error_param;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 266/817] drm/vc4: hdmi: Increase audio MAI fifo dreq threshold
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (264 preceding siblings ...)
2024-12-03 14:37 ` [PATCH 6.11 265/817] ice: consistently use q_idx in ice_vc_cfg_qs_msg() Greg Kroah-Hartman
@ 2024-12-03 14:37 ` Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 267/817] drm/vc4: Introduce generation number enum Greg Kroah-Hartman
` (560 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dom Cobley, Maxime Ripard,
Dave Stevenson, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dom Cobley <popcornmix@gmail.com>
[ Upstream commit 59f8b2b7fb8e460881d21c7d5b32604993973879 ]
Now we wait for write responses and have a burst
size of 4, we can set the fifo threshold much higher.
Set it to 28 (of the 32 entry size) to keep fifo
fuller and reduce chance of underflow.
Signed-off-by: Dom Cobley <popcornmix@gmail.com>
Reviewed-by: Maxime Ripard <mripard@kernel.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20240621152055.4180873-8-dave.stevenson@raspberrypi.com
Signed-off-by: Dave Stevenson <dave.stevenson@raspberrypi.com>
Stable-dep-of: cf1c87d978d4 ("drm/vc4: Match drm_dev_enter and exit calls in vc4_hvs_lut_load")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/vc4/vc4_hdmi.c | 18 +++++++++++++-----
1 file changed, 13 insertions(+), 5 deletions(-)
diff --git a/drivers/gpu/drm/vc4/vc4_hdmi.c b/drivers/gpu/drm/vc4/vc4_hdmi.c
index 9b2b07104a7ac..2b8e1642f9cf4 100644
--- a/drivers/gpu/drm/vc4/vc4_hdmi.c
+++ b/drivers/gpu/drm/vc4/vc4_hdmi.c
@@ -2051,6 +2051,7 @@ static int vc4_hdmi_audio_prepare(struct device *dev, void *data,
struct vc4_hdmi *vc4_hdmi = dev_get_drvdata(dev);
struct drm_device *drm = vc4_hdmi->connector.dev;
struct drm_connector *connector = &vc4_hdmi->connector;
+ struct vc4_dev *vc4 = to_vc4_dev(drm);
unsigned int sample_rate = params->sample_rate;
unsigned int channels = params->channels;
unsigned long flags;
@@ -2108,11 +2109,18 @@ static int vc4_hdmi_audio_prepare(struct device *dev, void *data,
VC4_HDMI_AUDIO_PACKET_CEA_MASK);
/* Set the MAI threshold */
- HDMI_WRITE(HDMI_MAI_THR,
- VC4_SET_FIELD(0x08, VC4_HD_MAI_THR_PANICHIGH) |
- VC4_SET_FIELD(0x08, VC4_HD_MAI_THR_PANICLOW) |
- VC4_SET_FIELD(0x06, VC4_HD_MAI_THR_DREQHIGH) |
- VC4_SET_FIELD(0x08, VC4_HD_MAI_THR_DREQLOW));
+ if (vc4->is_vc5)
+ HDMI_WRITE(HDMI_MAI_THR,
+ VC4_SET_FIELD(0x10, VC4_HD_MAI_THR_PANICHIGH) |
+ VC4_SET_FIELD(0x10, VC4_HD_MAI_THR_PANICLOW) |
+ VC4_SET_FIELD(0x1c, VC4_HD_MAI_THR_DREQHIGH) |
+ VC4_SET_FIELD(0x1c, VC4_HD_MAI_THR_DREQLOW));
+ else
+ HDMI_WRITE(HDMI_MAI_THR,
+ VC4_SET_FIELD(0x8, VC4_HD_MAI_THR_PANICHIGH) |
+ VC4_SET_FIELD(0x8, VC4_HD_MAI_THR_PANICLOW) |
+ VC4_SET_FIELD(0x6, VC4_HD_MAI_THR_DREQHIGH) |
+ VC4_SET_FIELD(0x8, VC4_HD_MAI_THR_DREQLOW));
HDMI_WRITE(HDMI_MAI_CONFIG,
VC4_HDMI_MAI_CONFIG_BIT_REVERSE |
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 267/817] drm/vc4: Introduce generation number enum
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (265 preceding siblings ...)
2024-12-03 14:37 ` [PATCH 6.11 266/817] drm/vc4: hdmi: Increase audio MAI fifo dreq threshold Greg Kroah-Hartman
@ 2024-12-03 14:37 ` Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 268/817] drm/vc4: Match drm_dev_enter and exit calls in vc4_hvs_lut_load Greg Kroah-Hartman
` (559 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Maxime Ripard, Dave Stevenson,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Maxime Ripard <mripard@kernel.org>
[ Upstream commit 24c5ed3ddf27313b248900455b0312bd7a9d3554 ]
With the introduction of the BCM2712 support, we will get yet another
generation of display engine to support.
The binary check of whether it's VC5 or not thus doesn't work anymore,
especially since some parts of the driver will have changed with BCM2711,
and some others with BCM2712.
Let's introduce an enum to store the generation the driver is running
on, which should provide more flexibility.
Signed-off-by: Maxime Ripard <mripard@kernel.org>
Reviewed-by: Maxime Ripard <mripard@kernel.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20240621152055.4180873-21-dave.stevenson@raspberrypi.com
Signed-off-by: Dave Stevenson <dave.stevenson@raspberrypi.com>
Stable-dep-of: cf1c87d978d4 ("drm/vc4: Match drm_dev_enter and exit calls in vc4_hvs_lut_load")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/vc4/tests/vc4_mock.c | 12 +++----
drivers/gpu/drm/vc4/vc4_bo.c | 28 +++++++--------
drivers/gpu/drm/vc4/vc4_crtc.c | 13 ++++---
drivers/gpu/drm/vc4/vc4_drv.c | 22 +++++++-----
drivers/gpu/drm/vc4/vc4_drv.h | 7 +++-
drivers/gpu/drm/vc4/vc4_gem.c | 24 ++++++-------
drivers/gpu/drm/vc4/vc4_hdmi.c | 2 +-
drivers/gpu/drm/vc4/vc4_hvs.c | 42 ++++++++++++----------
drivers/gpu/drm/vc4/vc4_irq.c | 10 +++---
drivers/gpu/drm/vc4/vc4_kms.c | 14 ++++----
drivers/gpu/drm/vc4/vc4_perfmon.c | 20 +++++------
drivers/gpu/drm/vc4/vc4_plane.c | 12 +++----
drivers/gpu/drm/vc4/vc4_render_cl.c | 2 +-
drivers/gpu/drm/vc4/vc4_v3d.c | 10 +++---
drivers/gpu/drm/vc4/vc4_validate.c | 8 ++---
drivers/gpu/drm/vc4/vc4_validate_shaders.c | 2 +-
16 files changed, 121 insertions(+), 107 deletions(-)
diff --git a/drivers/gpu/drm/vc4/tests/vc4_mock.c b/drivers/gpu/drm/vc4/tests/vc4_mock.c
index 0731a7d85d7ab..922849dd4b478 100644
--- a/drivers/gpu/drm/vc4/tests/vc4_mock.c
+++ b/drivers/gpu/drm/vc4/tests/vc4_mock.c
@@ -155,11 +155,11 @@ KUNIT_DEFINE_ACTION_WRAPPER(kunit_action_drm_dev_unregister,
drm_dev_unregister,
struct drm_device *);
-static struct vc4_dev *__mock_device(struct kunit *test, bool is_vc5)
+static struct vc4_dev *__mock_device(struct kunit *test, enum vc4_gen gen)
{
struct drm_device *drm;
- const struct drm_driver *drv = is_vc5 ? &vc5_drm_driver : &vc4_drm_driver;
- const struct vc4_mock_desc *desc = is_vc5 ? &vc5_mock : &vc4_mock;
+ const struct drm_driver *drv = (gen == VC4_GEN_5) ? &vc5_drm_driver : &vc4_drm_driver;
+ const struct vc4_mock_desc *desc = (gen == VC4_GEN_5) ? &vc5_mock : &vc4_mock;
struct vc4_dev *vc4;
struct device *dev;
int ret;
@@ -173,7 +173,7 @@ static struct vc4_dev *__mock_device(struct kunit *test, bool is_vc5)
KUNIT_ASSERT_NOT_ERR_OR_NULL(test, vc4);
vc4->dev = dev;
- vc4->is_vc5 = is_vc5;
+ vc4->gen = gen;
vc4->hvs = __vc4_hvs_alloc(vc4, NULL);
KUNIT_ASSERT_NOT_ERR_OR_NULL(test, vc4->hvs);
@@ -198,10 +198,10 @@ static struct vc4_dev *__mock_device(struct kunit *test, bool is_vc5)
struct vc4_dev *vc4_mock_device(struct kunit *test)
{
- return __mock_device(test, false);
+ return __mock_device(test, VC4_GEN_4);
}
struct vc4_dev *vc5_mock_device(struct kunit *test)
{
- return __mock_device(test, true);
+ return __mock_device(test, VC4_GEN_5);
}
diff --git a/drivers/gpu/drm/vc4/vc4_bo.c b/drivers/gpu/drm/vc4/vc4_bo.c
index 86d629e45307d..89e427c9ed327 100644
--- a/drivers/gpu/drm/vc4/vc4_bo.c
+++ b/drivers/gpu/drm/vc4/vc4_bo.c
@@ -251,7 +251,7 @@ void vc4_bo_add_to_purgeable_pool(struct vc4_bo *bo)
{
struct vc4_dev *vc4 = to_vc4_dev(bo->base.base.dev);
- if (WARN_ON_ONCE(vc4->is_vc5))
+ if (WARN_ON_ONCE(vc4->gen == VC4_GEN_5))
return;
mutex_lock(&vc4->purgeable.lock);
@@ -265,7 +265,7 @@ static void vc4_bo_remove_from_purgeable_pool_locked(struct vc4_bo *bo)
{
struct vc4_dev *vc4 = to_vc4_dev(bo->base.base.dev);
- if (WARN_ON_ONCE(vc4->is_vc5))
+ if (WARN_ON_ONCE(vc4->gen == VC4_GEN_5))
return;
/* list_del_init() is used here because the caller might release
@@ -396,7 +396,7 @@ struct drm_gem_object *vc4_create_object(struct drm_device *dev, size_t size)
struct vc4_dev *vc4 = to_vc4_dev(dev);
struct vc4_bo *bo;
- if (WARN_ON_ONCE(vc4->is_vc5))
+ if (WARN_ON_ONCE(vc4->gen == VC4_GEN_5))
return ERR_PTR(-ENODEV);
bo = kzalloc(sizeof(*bo), GFP_KERNEL);
@@ -427,7 +427,7 @@ struct vc4_bo *vc4_bo_create(struct drm_device *dev, size_t unaligned_size,
struct drm_gem_dma_object *dma_obj;
struct vc4_bo *bo;
- if (WARN_ON_ONCE(vc4->is_vc5))
+ if (WARN_ON_ONCE(vc4->gen == VC4_GEN_5))
return ERR_PTR(-ENODEV);
if (size == 0)
@@ -496,7 +496,7 @@ int vc4_bo_dumb_create(struct drm_file *file_priv,
struct vc4_bo *bo = NULL;
int ret;
- if (WARN_ON_ONCE(vc4->is_vc5))
+ if (WARN_ON_ONCE(vc4->gen == VC4_GEN_5))
return -ENODEV;
ret = vc4_dumb_fixup_args(args);
@@ -622,7 +622,7 @@ int vc4_bo_inc_usecnt(struct vc4_bo *bo)
struct vc4_dev *vc4 = to_vc4_dev(bo->base.base.dev);
int ret;
- if (WARN_ON_ONCE(vc4->is_vc5))
+ if (WARN_ON_ONCE(vc4->gen == VC4_GEN_5))
return -ENODEV;
/* Fast path: if the BO is already retained by someone, no need to
@@ -661,7 +661,7 @@ void vc4_bo_dec_usecnt(struct vc4_bo *bo)
{
struct vc4_dev *vc4 = to_vc4_dev(bo->base.base.dev);
- if (WARN_ON_ONCE(vc4->is_vc5))
+ if (WARN_ON_ONCE(vc4->gen == VC4_GEN_5))
return;
/* Fast path: if the BO is still retained by someone, no need to test
@@ -783,7 +783,7 @@ int vc4_create_bo_ioctl(struct drm_device *dev, void *data,
struct vc4_bo *bo = NULL;
int ret;
- if (WARN_ON_ONCE(vc4->is_vc5))
+ if (WARN_ON_ONCE(vc4->gen == VC4_GEN_5))
return -ENODEV;
ret = vc4_grab_bin_bo(vc4, vc4file);
@@ -813,7 +813,7 @@ int vc4_mmap_bo_ioctl(struct drm_device *dev, void *data,
struct drm_vc4_mmap_bo *args = data;
struct drm_gem_object *gem_obj;
- if (WARN_ON_ONCE(vc4->is_vc5))
+ if (WARN_ON_ONCE(vc4->gen == VC4_GEN_5))
return -ENODEV;
gem_obj = drm_gem_object_lookup(file_priv, args->handle);
@@ -839,7 +839,7 @@ vc4_create_shader_bo_ioctl(struct drm_device *dev, void *data,
struct vc4_bo *bo = NULL;
int ret;
- if (WARN_ON_ONCE(vc4->is_vc5))
+ if (WARN_ON_ONCE(vc4->gen == VC4_GEN_5))
return -ENODEV;
if (args->size == 0)
@@ -918,7 +918,7 @@ int vc4_set_tiling_ioctl(struct drm_device *dev, void *data,
struct vc4_bo *bo;
bool t_format;
- if (WARN_ON_ONCE(vc4->is_vc5))
+ if (WARN_ON_ONCE(vc4->gen == VC4_GEN_5))
return -ENODEV;
if (args->flags != 0)
@@ -964,7 +964,7 @@ int vc4_get_tiling_ioctl(struct drm_device *dev, void *data,
struct drm_gem_object *gem_obj;
struct vc4_bo *bo;
- if (WARN_ON_ONCE(vc4->is_vc5))
+ if (WARN_ON_ONCE(vc4->gen == VC4_GEN_5))
return -ENODEV;
if (args->flags != 0 || args->modifier != 0)
@@ -1007,7 +1007,7 @@ int vc4_bo_cache_init(struct drm_device *dev)
int ret;
int i;
- if (WARN_ON_ONCE(vc4->is_vc5))
+ if (WARN_ON_ONCE(vc4->gen == VC4_GEN_5))
return -ENODEV;
/* Create the initial set of BO labels that the kernel will
@@ -1071,7 +1071,7 @@ int vc4_label_bo_ioctl(struct drm_device *dev, void *data,
struct drm_gem_object *gem_obj;
int ret = 0, label;
- if (WARN_ON_ONCE(vc4->is_vc5))
+ if (WARN_ON_ONCE(vc4->gen == VC4_GEN_5))
return -ENODEV;
if (!args->len)
diff --git a/drivers/gpu/drm/vc4/vc4_crtc.c b/drivers/gpu/drm/vc4/vc4_crtc.c
index 8b5a7e5eb1466..26a7cf7f64651 100644
--- a/drivers/gpu/drm/vc4/vc4_crtc.c
+++ b/drivers/gpu/drm/vc4/vc4_crtc.c
@@ -263,7 +263,7 @@ static u32 vc4_get_fifo_full_level(struct vc4_crtc *vc4_crtc, u32 format)
* Removing 1 from the FIFO full level however
* seems to completely remove that issue.
*/
- if (!vc4->is_vc5)
+ if (vc4->gen == VC4_GEN_4)
return fifo_len_bytes - 3 * HVS_FIFO_LATENCY_PIX - 1;
return fifo_len_bytes - 3 * HVS_FIFO_LATENCY_PIX;
@@ -428,7 +428,7 @@ static void vc4_crtc_config_pv(struct drm_crtc *crtc, struct drm_encoder *encode
if (is_dsi)
CRTC_WRITE(PV_HACT_ACT, mode->hdisplay * pixel_rep);
- if (vc4->is_vc5)
+ if (vc4->gen == VC4_GEN_5)
CRTC_WRITE(PV_MUX_CFG,
VC4_SET_FIELD(PV_MUX_CFG_RGB_PIXEL_MUX_MODE_NO_SWAP,
PV_MUX_CFG_RGB_PIXEL_MUX_MODE));
@@ -913,7 +913,7 @@ static int vc4_async_set_fence_cb(struct drm_device *dev,
struct dma_fence *fence;
int ret;
- if (!vc4->is_vc5) {
+ if (vc4->gen == VC4_GEN_4) {
struct vc4_bo *bo = to_vc4_bo(&dma_bo->base);
return vc4_queue_seqno_cb(dev, &flip_state->cb.seqno, bo->seqno,
@@ -1000,7 +1000,7 @@ static int vc4_async_page_flip(struct drm_crtc *crtc,
struct vc4_bo *bo = to_vc4_bo(&dma_bo->base);
int ret;
- if (WARN_ON_ONCE(vc4->is_vc5))
+ if (WARN_ON_ONCE(vc4->gen == VC4_GEN_5))
return -ENODEV;
/*
@@ -1043,7 +1043,7 @@ int vc4_page_flip(struct drm_crtc *crtc,
struct drm_device *dev = crtc->dev;
struct vc4_dev *vc4 = to_vc4_dev(dev);
- if (vc4->is_vc5)
+ if (vc4->gen == VC4_GEN_5)
return vc5_async_page_flip(crtc, fb, event, flags);
else
return vc4_async_page_flip(crtc, fb, event, flags);
@@ -1338,9 +1338,8 @@ int __vc4_crtc_init(struct drm_device *drm,
drm_crtc_helper_add(crtc, crtc_helper_funcs);
- if (!vc4->is_vc5) {
+ if (vc4->gen == VC4_GEN_4) {
drm_mode_crtc_set_gamma_size(crtc, ARRAY_SIZE(vc4_crtc->lut_r));
-
drm_crtc_enable_color_mgmt(crtc, 0, false, crtc->gamma_size);
/* We support CTM, but only for one CRTC at a time. It's therefore
diff --git a/drivers/gpu/drm/vc4/vc4_drv.c b/drivers/gpu/drm/vc4/vc4_drv.c
index c133e96b8aca2..550324819f37f 100644
--- a/drivers/gpu/drm/vc4/vc4_drv.c
+++ b/drivers/gpu/drm/vc4/vc4_drv.c
@@ -98,7 +98,7 @@ static int vc4_get_param_ioctl(struct drm_device *dev, void *data,
if (args->pad != 0)
return -EINVAL;
- if (WARN_ON_ONCE(vc4->is_vc5))
+ if (WARN_ON_ONCE(vc4->gen == VC4_GEN_5))
return -ENODEV;
if (!vc4->v3d)
@@ -147,7 +147,7 @@ static int vc4_open(struct drm_device *dev, struct drm_file *file)
struct vc4_dev *vc4 = to_vc4_dev(dev);
struct vc4_file *vc4file;
- if (WARN_ON_ONCE(vc4->is_vc5))
+ if (WARN_ON_ONCE(vc4->gen == VC4_GEN_5))
return -ENODEV;
vc4file = kzalloc(sizeof(*vc4file), GFP_KERNEL);
@@ -165,7 +165,7 @@ static void vc4_close(struct drm_device *dev, struct drm_file *file)
struct vc4_dev *vc4 = to_vc4_dev(dev);
struct vc4_file *vc4file = file->driver_priv;
- if (WARN_ON_ONCE(vc4->is_vc5))
+ if (WARN_ON_ONCE(vc4->gen == VC4_GEN_5))
return;
if (vc4file->bin_bo_used)
@@ -291,13 +291,17 @@ static int vc4_drm_bind(struct device *dev)
struct vc4_dev *vc4;
struct device_node *node;
struct drm_crtc *crtc;
- bool is_vc5;
+ enum vc4_gen gen;
int ret = 0;
dev->coherent_dma_mask = DMA_BIT_MASK(32);
- is_vc5 = of_device_is_compatible(dev->of_node, "brcm,bcm2711-vc5");
- if (is_vc5)
+ if (of_device_is_compatible(dev->of_node, "brcm,bcm2711-vc5"))
+ gen = VC4_GEN_5;
+ else
+ gen = VC4_GEN_4;
+
+ if (gen == VC4_GEN_5)
driver = &vc5_drm_driver;
else
driver = &vc4_drm_driver;
@@ -315,13 +319,13 @@ static int vc4_drm_bind(struct device *dev)
vc4 = devm_drm_dev_alloc(dev, driver, struct vc4_dev, base);
if (IS_ERR(vc4))
return PTR_ERR(vc4);
- vc4->is_vc5 = is_vc5;
+ vc4->gen = gen;
vc4->dev = dev;
drm = &vc4->base;
platform_set_drvdata(pdev, drm);
- if (!is_vc5) {
+ if (gen == VC4_GEN_4) {
ret = drmm_mutex_init(drm, &vc4->bin_bo_lock);
if (ret)
goto err;
@@ -335,7 +339,7 @@ static int vc4_drm_bind(struct device *dev)
if (ret)
goto err;
- if (!is_vc5) {
+ if (gen == VC4_GEN_4) {
ret = vc4_gem_init(drm);
if (ret)
goto err;
diff --git a/drivers/gpu/drm/vc4/vc4_drv.h b/drivers/gpu/drm/vc4/vc4_drv.h
index d463fabf5ecce..dd452e6a11430 100644
--- a/drivers/gpu/drm/vc4/vc4_drv.h
+++ b/drivers/gpu/drm/vc4/vc4_drv.h
@@ -80,11 +80,16 @@ struct vc4_perfmon {
u64 counters[] __counted_by(ncounters);
};
+enum vc4_gen {
+ VC4_GEN_4,
+ VC4_GEN_5,
+};
+
struct vc4_dev {
struct drm_device base;
struct device *dev;
- bool is_vc5;
+ enum vc4_gen gen;
unsigned int irq;
diff --git a/drivers/gpu/drm/vc4/vc4_gem.c b/drivers/gpu/drm/vc4/vc4_gem.c
index 03648f954985e..b4f72f2aaf1ba 100644
--- a/drivers/gpu/drm/vc4/vc4_gem.c
+++ b/drivers/gpu/drm/vc4/vc4_gem.c
@@ -76,7 +76,7 @@ vc4_get_hang_state_ioctl(struct drm_device *dev, void *data,
u32 i;
int ret = 0;
- if (WARN_ON_ONCE(vc4->is_vc5))
+ if (WARN_ON_ONCE(vc4->gen == VC4_GEN_5))
return -ENODEV;
if (!vc4->v3d) {
@@ -389,7 +389,7 @@ vc4_wait_for_seqno(struct drm_device *dev, uint64_t seqno, uint64_t timeout_ns,
unsigned long timeout_expire;
DEFINE_WAIT(wait);
- if (WARN_ON_ONCE(vc4->is_vc5))
+ if (WARN_ON_ONCE(vc4->gen == VC4_GEN_5))
return -ENODEV;
if (vc4->finished_seqno >= seqno)
@@ -474,7 +474,7 @@ vc4_submit_next_bin_job(struct drm_device *dev)
struct vc4_dev *vc4 = to_vc4_dev(dev);
struct vc4_exec_info *exec;
- if (WARN_ON_ONCE(vc4->is_vc5))
+ if (WARN_ON_ONCE(vc4->gen == VC4_GEN_5))
return;
again:
@@ -522,7 +522,7 @@ vc4_submit_next_render_job(struct drm_device *dev)
if (!exec)
return;
- if (WARN_ON_ONCE(vc4->is_vc5))
+ if (WARN_ON_ONCE(vc4->gen == VC4_GEN_5))
return;
/* A previous RCL may have written to one of our textures, and
@@ -543,7 +543,7 @@ vc4_move_job_to_render(struct drm_device *dev, struct vc4_exec_info *exec)
struct vc4_dev *vc4 = to_vc4_dev(dev);
bool was_empty = list_empty(&vc4->render_job_list);
- if (WARN_ON_ONCE(vc4->is_vc5))
+ if (WARN_ON_ONCE(vc4->gen == VC4_GEN_5))
return;
list_move_tail(&exec->head, &vc4->render_job_list);
@@ -970,7 +970,7 @@ vc4_job_handle_completed(struct vc4_dev *vc4)
unsigned long irqflags;
struct vc4_seqno_cb *cb, *cb_temp;
- if (WARN_ON_ONCE(vc4->is_vc5))
+ if (WARN_ON_ONCE(vc4->gen == VC4_GEN_5))
return;
spin_lock_irqsave(&vc4->job_lock, irqflags);
@@ -1009,7 +1009,7 @@ int vc4_queue_seqno_cb(struct drm_device *dev,
struct vc4_dev *vc4 = to_vc4_dev(dev);
unsigned long irqflags;
- if (WARN_ON_ONCE(vc4->is_vc5))
+ if (WARN_ON_ONCE(vc4->gen == VC4_GEN_5))
return -ENODEV;
cb->func = func;
@@ -1065,7 +1065,7 @@ vc4_wait_seqno_ioctl(struct drm_device *dev, void *data,
struct vc4_dev *vc4 = to_vc4_dev(dev);
struct drm_vc4_wait_seqno *args = data;
- if (WARN_ON_ONCE(vc4->is_vc5))
+ if (WARN_ON_ONCE(vc4->gen == VC4_GEN_5))
return -ENODEV;
return vc4_wait_for_seqno_ioctl_helper(dev, args->seqno,
@@ -1082,7 +1082,7 @@ vc4_wait_bo_ioctl(struct drm_device *dev, void *data,
struct drm_gem_object *gem_obj;
struct vc4_bo *bo;
- if (WARN_ON_ONCE(vc4->is_vc5))
+ if (WARN_ON_ONCE(vc4->gen == VC4_GEN_5))
return -ENODEV;
if (args->pad != 0)
@@ -1131,7 +1131,7 @@ vc4_submit_cl_ioctl(struct drm_device *dev, void *data,
args->shader_rec_size,
args->bo_handle_count);
- if (WARN_ON_ONCE(vc4->is_vc5))
+ if (WARN_ON_ONCE(vc4->gen == VC4_GEN_5))
return -ENODEV;
if (!vc4->v3d) {
@@ -1268,7 +1268,7 @@ int vc4_gem_init(struct drm_device *dev)
struct vc4_dev *vc4 = to_vc4_dev(dev);
int ret;
- if (WARN_ON_ONCE(vc4->is_vc5))
+ if (WARN_ON_ONCE(vc4->gen == VC4_GEN_5))
return -ENODEV;
vc4->dma_fence_context = dma_fence_context_alloc(1);
@@ -1327,7 +1327,7 @@ int vc4_gem_madvise_ioctl(struct drm_device *dev, void *data,
struct vc4_bo *bo;
int ret;
- if (WARN_ON_ONCE(vc4->is_vc5))
+ if (WARN_ON_ONCE(vc4->gen == VC4_GEN_5))
return -ENODEV;
switch (args->madv) {
diff --git a/drivers/gpu/drm/vc4/vc4_hdmi.c b/drivers/gpu/drm/vc4/vc4_hdmi.c
index 2b8e1642f9cf4..727575fdc2841 100644
--- a/drivers/gpu/drm/vc4/vc4_hdmi.c
+++ b/drivers/gpu/drm/vc4/vc4_hdmi.c
@@ -2109,7 +2109,7 @@ static int vc4_hdmi_audio_prepare(struct device *dev, void *data,
VC4_HDMI_AUDIO_PACKET_CEA_MASK);
/* Set the MAI threshold */
- if (vc4->is_vc5)
+ if (vc4->gen >= VC4_GEN_5)
HDMI_WRITE(HDMI_MAI_THR,
VC4_SET_FIELD(0x10, VC4_HD_MAI_THR_PANICHIGH) |
VC4_SET_FIELD(0x10, VC4_HD_MAI_THR_PANICLOW) |
diff --git a/drivers/gpu/drm/vc4/vc4_hvs.c b/drivers/gpu/drm/vc4/vc4_hvs.c
index 27c8fb9efa854..64d2410b4b860 100644
--- a/drivers/gpu/drm/vc4/vc4_hvs.c
+++ b/drivers/gpu/drm/vc4/vc4_hvs.c
@@ -224,7 +224,7 @@ static void vc4_hvs_lut_load(struct vc4_hvs *hvs,
if (!drm_dev_enter(drm, &idx))
return;
- if (hvs->vc4->is_vc5)
+ if (hvs->vc4->gen == VC4_GEN_4)
return;
/* The LUT memory is laid out with each HVS channel in order,
@@ -296,7 +296,7 @@ int vc4_hvs_get_fifo_from_output(struct vc4_hvs *hvs, unsigned int output)
u32 reg;
int ret;
- if (!vc4->is_vc5)
+ if (vc4->gen == VC4_GEN_4)
return output;
/*
@@ -377,7 +377,7 @@ static int vc4_hvs_init_channel(struct vc4_hvs *hvs, struct drm_crtc *crtc,
dispctrl = SCALER_DISPCTRLX_ENABLE;
dispbkgndx = HVS_READ(SCALER_DISPBKGNDX(chan));
- if (!vc4->is_vc5) {
+ if (vc4->gen == VC4_GEN_4) {
dispctrl |= VC4_SET_FIELD(mode->hdisplay,
SCALER_DISPCTRLX_WIDTH) |
VC4_SET_FIELD(mode->vdisplay,
@@ -399,7 +399,7 @@ static int vc4_hvs_init_channel(struct vc4_hvs *hvs, struct drm_crtc *crtc,
dispbkgndx &= ~SCALER_DISPBKGND_INTERLACE;
HVS_WRITE(SCALER_DISPBKGNDX(chan), dispbkgndx |
- ((!vc4->is_vc5) ? SCALER_DISPBKGND_GAMMA : 0) |
+ ((vc4->gen == VC4_GEN_4) ? SCALER_DISPBKGND_GAMMA : 0) |
(interlace ? SCALER_DISPBKGND_INTERLACE : 0));
/* Reload the LUT, since the SRAMs would have been disabled if
@@ -671,7 +671,8 @@ void vc4_hvs_atomic_flush(struct drm_crtc *crtc,
void vc4_hvs_mask_underrun(struct vc4_hvs *hvs, int channel)
{
- struct drm_device *drm = &hvs->vc4->base;
+ struct vc4_dev *vc4 = hvs->vc4;
+ struct drm_device *drm = &vc4->base;
u32 dispctrl;
int idx;
@@ -679,8 +680,9 @@ void vc4_hvs_mask_underrun(struct vc4_hvs *hvs, int channel)
return;
dispctrl = HVS_READ(SCALER_DISPCTRL);
- dispctrl &= ~(hvs->vc4->is_vc5 ? SCALER5_DISPCTRL_DSPEISLUR(channel) :
- SCALER_DISPCTRL_DSPEISLUR(channel));
+ dispctrl &= ~((vc4->gen == VC4_GEN_5) ?
+ SCALER5_DISPCTRL_DSPEISLUR(channel) :
+ SCALER_DISPCTRL_DSPEISLUR(channel));
HVS_WRITE(SCALER_DISPCTRL, dispctrl);
@@ -689,7 +691,8 @@ void vc4_hvs_mask_underrun(struct vc4_hvs *hvs, int channel)
void vc4_hvs_unmask_underrun(struct vc4_hvs *hvs, int channel)
{
- struct drm_device *drm = &hvs->vc4->base;
+ struct vc4_dev *vc4 = hvs->vc4;
+ struct drm_device *drm = &vc4->base;
u32 dispctrl;
int idx;
@@ -697,8 +700,9 @@ void vc4_hvs_unmask_underrun(struct vc4_hvs *hvs, int channel)
return;
dispctrl = HVS_READ(SCALER_DISPCTRL);
- dispctrl |= (hvs->vc4->is_vc5 ? SCALER5_DISPCTRL_DSPEISLUR(channel) :
- SCALER_DISPCTRL_DSPEISLUR(channel));
+ dispctrl |= ((vc4->gen == VC4_GEN_5) ?
+ SCALER5_DISPCTRL_DSPEISLUR(channel) :
+ SCALER_DISPCTRL_DSPEISLUR(channel));
HVS_WRITE(SCALER_DISPSTAT,
SCALER_DISPSTAT_EUFLOW(channel));
@@ -741,8 +745,10 @@ static irqreturn_t vc4_hvs_irq_handler(int irq, void *data)
control = HVS_READ(SCALER_DISPCTRL);
for (channel = 0; channel < SCALER_CHANNELS_COUNT; channel++) {
- dspeislur = vc4->is_vc5 ? SCALER5_DISPCTRL_DSPEISLUR(channel) :
- SCALER_DISPCTRL_DSPEISLUR(channel);
+ dspeislur = (vc4->gen == VC4_GEN_5) ?
+ SCALER5_DISPCTRL_DSPEISLUR(channel) :
+ SCALER_DISPCTRL_DSPEISLUR(channel);
+
/* Interrupt masking is not always honored, so check it here. */
if (status & SCALER_DISPSTAT_EUFLOW(channel) &&
control & dspeislur) {
@@ -770,7 +776,7 @@ int vc4_hvs_debugfs_init(struct drm_minor *minor)
if (!vc4->hvs)
return -ENODEV;
- if (!vc4->is_vc5)
+ if (vc4->gen == VC4_GEN_4)
debugfs_create_bool("hvs_load_tracker", S_IRUGO | S_IWUSR,
minor->debugfs_root,
&vc4->load_tracker_enabled);
@@ -813,7 +819,7 @@ struct vc4_hvs *__vc4_hvs_alloc(struct vc4_dev *vc4, struct platform_device *pde
* between planes when they don't overlap on the screen, but
* for now we just allocate globally.
*/
- if (!vc4->is_vc5)
+ if (vc4->gen == VC4_GEN_4)
/* 48k words of 2x12-bit pixels */
drm_mm_init(&hvs->lbm_mm, 0, 48 * 1024);
else
@@ -847,7 +853,7 @@ static int vc4_hvs_bind(struct device *dev, struct device *master, void *data)
hvs->regset.regs = hvs_regs;
hvs->regset.nregs = ARRAY_SIZE(hvs_regs);
- if (vc4->is_vc5) {
+ if (vc4->gen == VC4_GEN_5) {
struct rpi_firmware *firmware;
struct device_node *node;
unsigned int max_rate;
@@ -885,7 +891,7 @@ static int vc4_hvs_bind(struct device *dev, struct device *master, void *data)
}
}
- if (!vc4->is_vc5)
+ if (vc4->gen == VC4_GEN_4)
hvs->dlist = hvs->regs + SCALER_DLIST_START;
else
hvs->dlist = hvs->regs + SCALER5_DLIST_START;
@@ -926,7 +932,7 @@ static int vc4_hvs_bind(struct device *dev, struct device *master, void *data)
SCALER_DISPCTRL_DISPEIRQ(1) |
SCALER_DISPCTRL_DISPEIRQ(2);
- if (!vc4->is_vc5)
+ if (vc4->gen == VC4_GEN_4)
dispctrl &= ~(SCALER_DISPCTRL_DMAEIRQ |
SCALER_DISPCTRL_SLVWREIRQ |
SCALER_DISPCTRL_SLVRDEIRQ |
@@ -970,7 +976,7 @@ static int vc4_hvs_bind(struct device *dev, struct device *master, void *data)
/* Recompute Composite Output Buffer (COB) allocations for the displays
*/
- if (!vc4->is_vc5) {
+ if (vc4->gen == VC4_GEN_4) {
/* The COB is 20736 pixels, or just over 10 lines at 2048 wide.
* The bottom 2048 pixels are full 32bpp RGBA (intended for the
* TXP composing RGBA to memory), whilst the remainder are only
diff --git a/drivers/gpu/drm/vc4/vc4_irq.c b/drivers/gpu/drm/vc4/vc4_irq.c
index 563b3dfeb9b90..c006d20b5a78d 100644
--- a/drivers/gpu/drm/vc4/vc4_irq.c
+++ b/drivers/gpu/drm/vc4/vc4_irq.c
@@ -263,7 +263,7 @@ vc4_irq_enable(struct drm_device *dev)
{
struct vc4_dev *vc4 = to_vc4_dev(dev);
- if (WARN_ON_ONCE(vc4->is_vc5))
+ if (WARN_ON_ONCE(vc4->gen == VC4_GEN_5))
return;
if (!vc4->v3d)
@@ -280,7 +280,7 @@ vc4_irq_disable(struct drm_device *dev)
{
struct vc4_dev *vc4 = to_vc4_dev(dev);
- if (WARN_ON_ONCE(vc4->is_vc5))
+ if (WARN_ON_ONCE(vc4->gen == VC4_GEN_5))
return;
if (!vc4->v3d)
@@ -303,7 +303,7 @@ int vc4_irq_install(struct drm_device *dev, int irq)
struct vc4_dev *vc4 = to_vc4_dev(dev);
int ret;
- if (WARN_ON_ONCE(vc4->is_vc5))
+ if (WARN_ON_ONCE(vc4->gen == VC4_GEN_5))
return -ENODEV;
if (irq == IRQ_NOTCONNECTED)
@@ -324,7 +324,7 @@ void vc4_irq_uninstall(struct drm_device *dev)
{
struct vc4_dev *vc4 = to_vc4_dev(dev);
- if (WARN_ON_ONCE(vc4->is_vc5))
+ if (WARN_ON_ONCE(vc4->gen == VC4_GEN_5))
return;
vc4_irq_disable(dev);
@@ -337,7 +337,7 @@ void vc4_irq_reset(struct drm_device *dev)
struct vc4_dev *vc4 = to_vc4_dev(dev);
unsigned long irqflags;
- if (WARN_ON_ONCE(vc4->is_vc5))
+ if (WARN_ON_ONCE(vc4->gen == VC4_GEN_5))
return;
/* Acknowledge any stale IRQs. */
diff --git a/drivers/gpu/drm/vc4/vc4_kms.c b/drivers/gpu/drm/vc4/vc4_kms.c
index 5495f2a94fa92..bddfcad109501 100644
--- a/drivers/gpu/drm/vc4/vc4_kms.c
+++ b/drivers/gpu/drm/vc4/vc4_kms.c
@@ -369,7 +369,7 @@ static void vc4_atomic_commit_tail(struct drm_atomic_state *state)
old_hvs_state->fifo_state[channel].pending_commit = NULL;
}
- if (vc4->is_vc5) {
+ if (vc4->gen == VC4_GEN_5) {
unsigned long state_rate = max(old_hvs_state->core_clock_rate,
new_hvs_state->core_clock_rate);
unsigned long core_rate = clamp_t(unsigned long, state_rate,
@@ -388,7 +388,7 @@ static void vc4_atomic_commit_tail(struct drm_atomic_state *state)
vc4_ctm_commit(vc4, state);
- if (vc4->is_vc5)
+ if (vc4->gen == VC4_GEN_5)
vc5_hvs_pv_muxing_commit(vc4, state);
else
vc4_hvs_pv_muxing_commit(vc4, state);
@@ -406,7 +406,7 @@ static void vc4_atomic_commit_tail(struct drm_atomic_state *state)
drm_atomic_helper_cleanup_planes(dev, state);
- if (vc4->is_vc5) {
+ if (vc4->gen == VC4_GEN_5) {
unsigned long core_rate = min_t(unsigned long,
hvs->max_core_rate,
new_hvs_state->core_clock_rate);
@@ -461,7 +461,7 @@ static struct drm_framebuffer *vc4_fb_create(struct drm_device *dev,
struct vc4_dev *vc4 = to_vc4_dev(dev);
struct drm_mode_fb_cmd2 mode_cmd_local;
- if (WARN_ON_ONCE(vc4->is_vc5))
+ if (WARN_ON_ONCE(vc4->gen == VC4_GEN_5))
return ERR_PTR(-ENODEV);
/* If the user didn't specify a modifier, use the
@@ -1040,7 +1040,7 @@ int vc4_kms_load(struct drm_device *dev)
* the BCM2711, but the load tracker computations are used for
* the core clock rate calculation.
*/
- if (!vc4->is_vc5) {
+ if (vc4->gen == VC4_GEN_4) {
/* Start with the load tracker enabled. Can be
* disabled through the debugfs load_tracker file.
*/
@@ -1056,7 +1056,7 @@ int vc4_kms_load(struct drm_device *dev)
return ret;
}
- if (vc4->is_vc5) {
+ if (vc4->gen == VC4_GEN_5) {
dev->mode_config.max_width = 7680;
dev->mode_config.max_height = 7680;
} else {
@@ -1064,7 +1064,7 @@ int vc4_kms_load(struct drm_device *dev)
dev->mode_config.max_height = 2048;
}
- dev->mode_config.funcs = vc4->is_vc5 ? &vc5_mode_funcs : &vc4_mode_funcs;
+ dev->mode_config.funcs = (vc4->gen > VC4_GEN_4) ? &vc5_mode_funcs : &vc4_mode_funcs;
dev->mode_config.helper_private = &vc4_mode_config_helpers;
dev->mode_config.preferred_depth = 24;
dev->mode_config.async_page_flip = true;
diff --git a/drivers/gpu/drm/vc4/vc4_perfmon.c b/drivers/gpu/drm/vc4/vc4_perfmon.c
index c00a5cc2316d2..e4fda72c19f92 100644
--- a/drivers/gpu/drm/vc4/vc4_perfmon.c
+++ b/drivers/gpu/drm/vc4/vc4_perfmon.c
@@ -23,7 +23,7 @@ void vc4_perfmon_get(struct vc4_perfmon *perfmon)
return;
vc4 = perfmon->dev;
- if (WARN_ON_ONCE(vc4->is_vc5))
+ if (WARN_ON_ONCE(vc4->gen == VC4_GEN_5))
return;
refcount_inc(&perfmon->refcnt);
@@ -37,7 +37,7 @@ void vc4_perfmon_put(struct vc4_perfmon *perfmon)
return;
vc4 = perfmon->dev;
- if (WARN_ON_ONCE(vc4->is_vc5))
+ if (WARN_ON_ONCE(vc4->gen == VC4_GEN_5))
return;
if (refcount_dec_and_test(&perfmon->refcnt))
@@ -49,7 +49,7 @@ void vc4_perfmon_start(struct vc4_dev *vc4, struct vc4_perfmon *perfmon)
unsigned int i;
u32 mask;
- if (WARN_ON_ONCE(vc4->is_vc5))
+ if (WARN_ON_ONCE(vc4->gen == VC4_GEN_5))
return;
if (WARN_ON_ONCE(!perfmon || vc4->active_perfmon))
@@ -69,7 +69,7 @@ void vc4_perfmon_stop(struct vc4_dev *vc4, struct vc4_perfmon *perfmon,
{
unsigned int i;
- if (WARN_ON_ONCE(vc4->is_vc5))
+ if (WARN_ON_ONCE(vc4->gen == VC4_GEN_5))
return;
if (WARN_ON_ONCE(!vc4->active_perfmon ||
@@ -90,7 +90,7 @@ struct vc4_perfmon *vc4_perfmon_find(struct vc4_file *vc4file, int id)
struct vc4_dev *vc4 = vc4file->dev;
struct vc4_perfmon *perfmon;
- if (WARN_ON_ONCE(vc4->is_vc5))
+ if (WARN_ON_ONCE(vc4->gen == VC4_GEN_5))
return NULL;
mutex_lock(&vc4file->perfmon.lock);
@@ -105,7 +105,7 @@ void vc4_perfmon_open_file(struct vc4_file *vc4file)
{
struct vc4_dev *vc4 = vc4file->dev;
- if (WARN_ON_ONCE(vc4->is_vc5))
+ if (WARN_ON_ONCE(vc4->gen == VC4_GEN_5))
return;
mutex_init(&vc4file->perfmon.lock);
@@ -131,7 +131,7 @@ void vc4_perfmon_close_file(struct vc4_file *vc4file)
{
struct vc4_dev *vc4 = vc4file->dev;
- if (WARN_ON_ONCE(vc4->is_vc5))
+ if (WARN_ON_ONCE(vc4->gen == VC4_GEN_5))
return;
mutex_lock(&vc4file->perfmon.lock);
@@ -151,7 +151,7 @@ int vc4_perfmon_create_ioctl(struct drm_device *dev, void *data,
unsigned int i;
int ret;
- if (WARN_ON_ONCE(vc4->is_vc5))
+ if (WARN_ON_ONCE(vc4->gen == VC4_GEN_5))
return -ENODEV;
if (!vc4->v3d) {
@@ -205,7 +205,7 @@ int vc4_perfmon_destroy_ioctl(struct drm_device *dev, void *data,
struct drm_vc4_perfmon_destroy *req = data;
struct vc4_perfmon *perfmon;
- if (WARN_ON_ONCE(vc4->is_vc5))
+ if (WARN_ON_ONCE(vc4->gen == VC4_GEN_5))
return -ENODEV;
if (!vc4->v3d) {
@@ -233,7 +233,7 @@ int vc4_perfmon_get_values_ioctl(struct drm_device *dev, void *data,
struct vc4_perfmon *perfmon;
int ret;
- if (WARN_ON_ONCE(vc4->is_vc5))
+ if (WARN_ON_ONCE(vc4->gen == VC4_GEN_5))
return -ENODEV;
if (!vc4->v3d) {
diff --git a/drivers/gpu/drm/vc4/vc4_plane.c b/drivers/gpu/drm/vc4/vc4_plane.c
index 07caf2a47c6ce..866bc46ee6d53 100644
--- a/drivers/gpu/drm/vc4/vc4_plane.c
+++ b/drivers/gpu/drm/vc4/vc4_plane.c
@@ -587,10 +587,10 @@ static u32 vc4_lbm_size(struct drm_plane_state *state)
}
/* Align it to 64 or 128 (hvs5) bytes */
- lbm = roundup(lbm, vc4->is_vc5 ? 128 : 64);
+ lbm = roundup(lbm, vc4->gen == VC4_GEN_5 ? 128 : 64);
/* Each "word" of the LBM memory contains 2 or 4 (hvs5) pixels */
- lbm /= vc4->is_vc5 ? 4 : 2;
+ lbm /= vc4->gen == VC4_GEN_5 ? 4 : 2;
return lbm;
}
@@ -706,7 +706,7 @@ static int vc4_plane_allocate_lbm(struct drm_plane_state *state)
ret = drm_mm_insert_node_generic(&vc4->hvs->lbm_mm,
&vc4_state->lbm,
lbm_size,
- vc4->is_vc5 ? 64 : 32,
+ vc4->gen == VC4_GEN_5 ? 64 : 32,
0, 0);
spin_unlock_irqrestore(&vc4->hvs->mm_lock, irqflags);
@@ -1057,7 +1057,7 @@ static int vc4_plane_mode_set(struct drm_plane *plane,
mix_plane_alpha = state->alpha != DRM_BLEND_ALPHA_OPAQUE &&
fb->format->has_alpha;
- if (!vc4->is_vc5) {
+ if (vc4->gen == VC4_GEN_4) {
/* Control word */
vc4_dlist_write(vc4_state,
SCALER_CTL0_VALID |
@@ -1632,7 +1632,7 @@ struct drm_plane *vc4_plane_init(struct drm_device *dev,
};
for (i = 0; i < ARRAY_SIZE(hvs_formats); i++) {
- if (!hvs_formats[i].hvs5_only || vc4->is_vc5) {
+ if (!hvs_formats[i].hvs5_only || vc4->gen == VC4_GEN_5) {
formats[num_formats] = hvs_formats[i].drm;
num_formats++;
}
@@ -1647,7 +1647,7 @@ struct drm_plane *vc4_plane_init(struct drm_device *dev,
return ERR_CAST(vc4_plane);
plane = &vc4_plane->base;
- if (vc4->is_vc5)
+ if (vc4->gen == VC4_GEN_5)
drm_plane_helper_add(plane, &vc5_plane_helper_funcs);
else
drm_plane_helper_add(plane, &vc4_plane_helper_funcs);
diff --git a/drivers/gpu/drm/vc4/vc4_render_cl.c b/drivers/gpu/drm/vc4/vc4_render_cl.c
index 1bda5010f15a8..ae4ad956f04ff 100644
--- a/drivers/gpu/drm/vc4/vc4_render_cl.c
+++ b/drivers/gpu/drm/vc4/vc4_render_cl.c
@@ -599,7 +599,7 @@ int vc4_get_rcl(struct drm_device *dev, struct vc4_exec_info *exec)
bool has_bin = args->bin_cl_size != 0;
int ret;
- if (WARN_ON_ONCE(vc4->is_vc5))
+ if (WARN_ON_ONCE(vc4->gen == VC4_GEN_5))
return -ENODEV;
if (args->min_x_tile > args->max_x_tile ||
diff --git a/drivers/gpu/drm/vc4/vc4_v3d.c b/drivers/gpu/drm/vc4/vc4_v3d.c
index 04ac7805e6d5f..f703e6e9ace8a 100644
--- a/drivers/gpu/drm/vc4/vc4_v3d.c
+++ b/drivers/gpu/drm/vc4/vc4_v3d.c
@@ -127,7 +127,7 @@ static int vc4_v3d_debugfs_ident(struct seq_file *m, void *unused)
int
vc4_v3d_pm_get(struct vc4_dev *vc4)
{
- if (WARN_ON_ONCE(vc4->is_vc5))
+ if (WARN_ON_ONCE(vc4->gen == VC4_GEN_5))
return -ENODEV;
mutex_lock(&vc4->power_lock);
@@ -148,7 +148,7 @@ vc4_v3d_pm_get(struct vc4_dev *vc4)
void
vc4_v3d_pm_put(struct vc4_dev *vc4)
{
- if (WARN_ON_ONCE(vc4->is_vc5))
+ if (WARN_ON_ONCE(vc4->gen == VC4_GEN_5))
return;
mutex_lock(&vc4->power_lock);
@@ -178,7 +178,7 @@ int vc4_v3d_get_bin_slot(struct vc4_dev *vc4)
uint64_t seqno = 0;
struct vc4_exec_info *exec;
- if (WARN_ON_ONCE(vc4->is_vc5))
+ if (WARN_ON_ONCE(vc4->gen == VC4_GEN_5))
return -ENODEV;
try_again:
@@ -325,7 +325,7 @@ int vc4_v3d_bin_bo_get(struct vc4_dev *vc4, bool *used)
{
int ret = 0;
- if (WARN_ON_ONCE(vc4->is_vc5))
+ if (WARN_ON_ONCE(vc4->gen == VC4_GEN_5))
return -ENODEV;
mutex_lock(&vc4->bin_bo_lock);
@@ -360,7 +360,7 @@ static void bin_bo_release(struct kref *ref)
void vc4_v3d_bin_bo_put(struct vc4_dev *vc4)
{
- if (WARN_ON_ONCE(vc4->is_vc5))
+ if (WARN_ON_ONCE(vc4->gen == VC4_GEN_5))
return;
mutex_lock(&vc4->bin_bo_lock);
diff --git a/drivers/gpu/drm/vc4/vc4_validate.c b/drivers/gpu/drm/vc4/vc4_validate.c
index 7dff3ca5af6ba..4f14cba6b46fb 100644
--- a/drivers/gpu/drm/vc4/vc4_validate.c
+++ b/drivers/gpu/drm/vc4/vc4_validate.c
@@ -109,7 +109,7 @@ vc4_use_bo(struct vc4_exec_info *exec, uint32_t hindex)
struct drm_gem_dma_object *obj;
struct vc4_bo *bo;
- if (WARN_ON_ONCE(vc4->is_vc5))
+ if (WARN_ON_ONCE(vc4->gen == VC4_GEN_5))
return NULL;
if (hindex >= exec->bo_count) {
@@ -169,7 +169,7 @@ vc4_check_tex_size(struct vc4_exec_info *exec, struct drm_gem_dma_object *fbo,
uint32_t utile_w = utile_width(cpp);
uint32_t utile_h = utile_height(cpp);
- if (WARN_ON_ONCE(vc4->is_vc5))
+ if (WARN_ON_ONCE(vc4->gen == VC4_GEN_5))
return false;
/* The shaded vertex format stores signed 12.4 fixed point
@@ -495,7 +495,7 @@ vc4_validate_bin_cl(struct drm_device *dev,
uint32_t dst_offset = 0;
uint32_t src_offset = 0;
- if (WARN_ON_ONCE(vc4->is_vc5))
+ if (WARN_ON_ONCE(vc4->gen == VC4_GEN_5))
return -ENODEV;
while (src_offset < len) {
@@ -942,7 +942,7 @@ vc4_validate_shader_recs(struct drm_device *dev,
uint32_t i;
int ret = 0;
- if (WARN_ON_ONCE(vc4->is_vc5))
+ if (WARN_ON_ONCE(vc4->gen == VC4_GEN_5))
return -ENODEV;
for (i = 0; i < exec->shader_state_count; i++) {
diff --git a/drivers/gpu/drm/vc4/vc4_validate_shaders.c b/drivers/gpu/drm/vc4/vc4_validate_shaders.c
index 9745f8810eca6..afb1a4d826846 100644
--- a/drivers/gpu/drm/vc4/vc4_validate_shaders.c
+++ b/drivers/gpu/drm/vc4/vc4_validate_shaders.c
@@ -786,7 +786,7 @@ vc4_validate_shader(struct drm_gem_dma_object *shader_obj)
struct vc4_validated_shader_info *validated_shader = NULL;
struct vc4_shader_validation_state validation_state;
- if (WARN_ON_ONCE(vc4->is_vc5))
+ if (WARN_ON_ONCE(vc4->gen == VC4_GEN_5))
return NULL;
memset(&validation_state, 0, sizeof(validation_state));
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 268/817] drm/vc4: Match drm_dev_enter and exit calls in vc4_hvs_lut_load
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (266 preceding siblings ...)
2024-12-03 14:37 ` [PATCH 6.11 267/817] drm/vc4: Introduce generation number enum Greg Kroah-Hartman
@ 2024-12-03 14:37 ` Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 269/817] drm/vc4: Match drm_dev_enter and exit calls in vc4_hvs_atomic_flush Greg Kroah-Hartman
` (558 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Marek Szyprowski, Maíra Canal,
Dave Stevenson, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dave Stevenson <dave.stevenson@raspberrypi.com>
[ Upstream commit cf1c87d978d47339a39bfa7a6133ecd3f8f87525 ]
Commit 52efe364d196 ("drm/vc4: hvs: Don't write gamma luts on 2711")
added a return path to vc4_hvs_lut_load that had called
drm_dev_enter, but not drm_dev_exit.
Ensure we call drm_dev_exit.
Fixes: 52efe364d196 ("drm/vc4: hvs: Don't write gamma luts on 2711")
Reported-by: Marek Szyprowski <m.szyprowski@samsung.com>
Closes: https://lore.kernel.org/dri-devel/37051126-3921-4afe-a936-5f828bff5752@samsung.com/
Tested-by: Marek Szyprowski <m.szyprowski@samsung.com>
Reviewed-by: Maíra Canal <mcanal@igalia.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20241008-drm-vc4-fixes-v1-1-9d0396ca9f42@raspberrypi.com
Signed-off-by: Dave Stevenson <dave.stevenson@raspberrypi.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/vc4/vc4_hvs.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/vc4/vc4_hvs.c b/drivers/gpu/drm/vc4/vc4_hvs.c
index 64d2410b4b860..ad2d8f6f1e9ef 100644
--- a/drivers/gpu/drm/vc4/vc4_hvs.c
+++ b/drivers/gpu/drm/vc4/vc4_hvs.c
@@ -225,7 +225,7 @@ static void vc4_hvs_lut_load(struct vc4_hvs *hvs,
return;
if (hvs->vc4->gen == VC4_GEN_4)
- return;
+ goto exit;
/* The LUT memory is laid out with each HVS channel in order,
* each of which takes 256 writes for R, 256 for G, then 256
@@ -242,6 +242,7 @@ static void vc4_hvs_lut_load(struct vc4_hvs *hvs,
for (i = 0; i < crtc->gamma_size; i++)
HVS_WRITE(SCALER_GAMDATA, vc4_crtc->lut_b[i]);
+exit:
drm_dev_exit(idx);
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 269/817] drm/vc4: Match drm_dev_enter and exit calls in vc4_hvs_atomic_flush
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (267 preceding siblings ...)
2024-12-03 14:37 ` [PATCH 6.11 268/817] drm/vc4: Match drm_dev_enter and exit calls in vc4_hvs_lut_load Greg Kroah-Hartman
@ 2024-12-03 14:37 ` Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 270/817] drm/vc4: Correct generation check in vc4_hvs_lut_load Greg Kroah-Hartman
` (557 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Marek Szyprowski, Maíra Canal,
Dave Stevenson, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dave Stevenson <dave.stevenson@raspberrypi.com>
[ Upstream commit 6b0bd1b02ea24b10522c92b2503981970b26d1a2 ]
Commit 92c17d16476c ("drm/vc4: hvs: Ignore atomic_flush if we're disabled")
added a path which returned early without having called drm_dev_exit.
Ensure all paths call drm_dev_exit.
Fixes: 92c17d16476c ("drm/vc4: hvs: Ignore atomic_flush if we're disabled")
Tested-by: Marek Szyprowski <m.szyprowski@samsung.com>
Reviewed-by: Maíra Canal <mcanal@igalia.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20241008-drm-vc4-fixes-v1-2-9d0396ca9f42@raspberrypi.com
Signed-off-by: Dave Stevenson <dave.stevenson@raspberrypi.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/vc4/vc4_hvs.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/vc4/vc4_hvs.c b/drivers/gpu/drm/vc4/vc4_hvs.c
index ad2d8f6f1e9ef..50bfc514943a1 100644
--- a/drivers/gpu/drm/vc4/vc4_hvs.c
+++ b/drivers/gpu/drm/vc4/vc4_hvs.c
@@ -584,7 +584,7 @@ void vc4_hvs_atomic_flush(struct drm_crtc *crtc,
}
if (vc4_state->assigned_channel == VC4_HVS_CHANNEL_DISABLED)
- return;
+ goto exit;
if (debug_dump_regs) {
DRM_INFO("CRTC %d HVS before:\n", drm_crtc_index(crtc));
@@ -667,6 +667,7 @@ void vc4_hvs_atomic_flush(struct drm_crtc *crtc,
vc4_hvs_dump_state(hvs);
}
+exit:
drm_dev_exit(idx);
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 270/817] drm/vc4: Correct generation check in vc4_hvs_lut_load
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (268 preceding siblings ...)
2024-12-03 14:37 ` [PATCH 6.11 269/817] drm/vc4: Match drm_dev_enter and exit calls in vc4_hvs_atomic_flush Greg Kroah-Hartman
@ 2024-12-03 14:37 ` Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 271/817] libbpf: fix sym_is_subprog() logic for weak global subprogs Greg Kroah-Hartman
` (556 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Marek Szyprowski, Maíra Canal,
Dave Stevenson, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dave Stevenson <dave.stevenson@raspberrypi.com>
[ Upstream commit 42aa18d1c3e7762bcebd89a5857ed7774e669d92 ]
Commit 24c5ed3ddf27 ("drm/vc4: Introduce generation number enum")
incorrectly swapped a check of hvs->vc4->is_vc5 to
hvs->vc4->gen == VC4_GEN_4 in vc4_hvs_lut_load, hence breaking
loading the gamma look up table on Pi0-3.
Correct that conditional.
Fixes: 24c5ed3ddf27 ("drm/vc4: Introduce generation number enum")
Reported-by: Marek Szyprowski <m.szyprowski@samsung.com>
Closes: https://lore.kernel.org/dri-devel/37051126-3921-4afe-a936-5f828bff5752@samsung.com/
Tested-by: Marek Szyprowski <m.szyprowski@samsung.com>
Reviewed-by: Maíra Canal <mcanal@igalia.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20241008-drm-vc4-fixes-v1-3-9d0396ca9f42@raspberrypi.com
Signed-off-by: Dave Stevenson <dave.stevenson@raspberrypi.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/vc4/vc4_hvs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/vc4/vc4_hvs.c b/drivers/gpu/drm/vc4/vc4_hvs.c
index 50bfc514943a1..df71bc68cdd00 100644
--- a/drivers/gpu/drm/vc4/vc4_hvs.c
+++ b/drivers/gpu/drm/vc4/vc4_hvs.c
@@ -224,7 +224,7 @@ static void vc4_hvs_lut_load(struct vc4_hvs *hvs,
if (!drm_dev_enter(drm, &idx))
return;
- if (hvs->vc4->gen == VC4_GEN_4)
+ if (hvs->vc4->gen != VC4_GEN_4)
goto exit;
/* The LUT memory is laid out with each HVS channel in order,
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 271/817] libbpf: fix sym_is_subprog() logic for weak global subprogs
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (269 preceding siblings ...)
2024-12-03 14:37 ` [PATCH 6.11 270/817] drm/vc4: Correct generation check in vc4_hvs_lut_load Greg Kroah-Hartman
@ 2024-12-03 14:37 ` Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 272/817] accel/ivpu: Prevent recovery invocation during probe and resume Greg Kroah-Hartman
` (555 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Andrii Nakryiko, Alexei Starovoitov,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andrii Nakryiko <andrii@kernel.org>
[ Upstream commit 4073213488be542f563eb4b2457ab4cbcfc2b738 ]
sym_is_subprog() is incorrectly rejecting relocations against *weak*
global subprogs. Fix that by realizing that STB_WEAK is also a global
function.
While it seems like verifier doesn't support taking an address of
non-static subprog right now, it's still best to fix support for it on
libbpf side, otherwise users will get a very confusing error during BPF
skeleton generation or static linking due to misinterpreted relocation:
libbpf: prog 'handle_tp': bad map relo against 'foo' in section '.text'
Error: failed to open BPF object file: Relocation failed
It's clearly not a map relocation, but is treated and reported as such
without this fix.
Fixes: 53eddb5e04ac ("libbpf: Support subprog address relocation")
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/r/20241009011554.880168-1-andrii@kernel.org
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/lib/bpf/libbpf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c
index 22b8317b57036..98a6cc304bb21 100644
--- a/tools/lib/bpf/libbpf.c
+++ b/tools/lib/bpf/libbpf.c
@@ -3985,7 +3985,7 @@ static bool sym_is_subprog(const Elf64_Sym *sym, int text_shndx)
return true;
/* global function */
- return bind == STB_GLOBAL && type == STT_FUNC;
+ return (bind == STB_GLOBAL || bind == STB_WEAK) && type == STT_FUNC;
}
static int find_extern_btf_id(const struct btf *btf, const char *ext_name)
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 272/817] accel/ivpu: Prevent recovery invocation during probe and resume
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (270 preceding siblings ...)
2024-12-03 14:37 ` [PATCH 6.11 271/817] libbpf: fix sym_is_subprog() logic for weak global subprogs Greg Kroah-Hartman
@ 2024-12-03 14:37 ` Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 273/817] ASoC: rt722-sdca: Remove logically deadcode in rt722-sdca.c Greg Kroah-Hartman
` (554 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Karol Wachowski, Jacek Lawrynowicz,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Karol Wachowski <karol.wachowski@intel.com>
[ Upstream commit 5eaa497411197c41b0813d61ba3fbd6267049082 ]
Refactor IPC send and receive functions to allow correct
handling of operations that should not trigger a recovery process.
Expose ivpu_send_receive_internal(), which is now utilized by the D0i3
entry, DCT initialization, and HWS initialization functions.
These functions have been modified to return error codes gracefully,
rather than initiating recovery.
The updated functions are invoked within ivpu_probe() and ivpu_resume(),
ensuring that any errors encountered during these stages result in a proper
teardown or shutdown sequence. The previous approach of triggering recovery
within these functions could lead to a race condition, potentially causing
undefined behavior and kernel crashes due to null pointer dereferences.
Fixes: 45e45362e095 ("accel/ivpu: Introduce ivpu_ipc_send_receive_active()")
Signed-off-by: Karol Wachowski <karol.wachowski@intel.com>
Reviewed-by: Jacek Lawrynowicz <jacek.lawrynowicz@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20240930195322.461209-23-jacek.lawrynowicz@linux.intel.com
Signed-off-by: Jacek Lawrynowicz <jacek.lawrynowicz@linux.intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/accel/ivpu/ivpu_ipc.c | 35 +++++++++++--------------------
drivers/accel/ivpu/ivpu_ipc.h | 7 +++----
drivers/accel/ivpu/ivpu_jsm_msg.c | 19 +++++++----------
3 files changed, 23 insertions(+), 38 deletions(-)
diff --git a/drivers/accel/ivpu/ivpu_ipc.c b/drivers/accel/ivpu/ivpu_ipc.c
index 78b32a8232419..29b723039a345 100644
--- a/drivers/accel/ivpu/ivpu_ipc.c
+++ b/drivers/accel/ivpu/ivpu_ipc.c
@@ -291,15 +291,16 @@ int ivpu_ipc_receive(struct ivpu_device *vdev, struct ivpu_ipc_consumer *cons,
return ret;
}
-static int
+int
ivpu_ipc_send_receive_internal(struct ivpu_device *vdev, struct vpu_jsm_msg *req,
enum vpu_ipc_msg_type expected_resp_type,
- struct vpu_jsm_msg *resp, u32 channel,
- unsigned long timeout_ms)
+ struct vpu_jsm_msg *resp, u32 channel, unsigned long timeout_ms)
{
struct ivpu_ipc_consumer cons;
int ret;
+ drm_WARN_ON(&vdev->drm, pm_runtime_status_suspended(vdev->drm.dev));
+
ivpu_ipc_consumer_add(vdev, &cons, channel, NULL);
ret = ivpu_ipc_send(vdev, &cons, req);
@@ -325,19 +326,21 @@ ivpu_ipc_send_receive_internal(struct ivpu_device *vdev, struct vpu_jsm_msg *req
return ret;
}
-int ivpu_ipc_send_receive_active(struct ivpu_device *vdev, struct vpu_jsm_msg *req,
- enum vpu_ipc_msg_type expected_resp, struct vpu_jsm_msg *resp,
- u32 channel, unsigned long timeout_ms)
+int ivpu_ipc_send_receive(struct ivpu_device *vdev, struct vpu_jsm_msg *req,
+ enum vpu_ipc_msg_type expected_resp, struct vpu_jsm_msg *resp,
+ u32 channel, unsigned long timeout_ms)
{
struct vpu_jsm_msg hb_req = { .type = VPU_JSM_MSG_QUERY_ENGINE_HB };
struct vpu_jsm_msg hb_resp;
int ret, hb_ret;
- drm_WARN_ON(&vdev->drm, pm_runtime_status_suspended(vdev->drm.dev));
+ ret = ivpu_rpm_get(vdev);
+ if (ret < 0)
+ return ret;
ret = ivpu_ipc_send_receive_internal(vdev, req, expected_resp, resp, channel, timeout_ms);
if (ret != -ETIMEDOUT)
- return ret;
+ goto rpm_put;
hb_ret = ivpu_ipc_send_receive_internal(vdev, &hb_req, VPU_JSM_MSG_QUERY_ENGINE_HB_DONE,
&hb_resp, VPU_IPC_CHAN_ASYNC_CMD,
@@ -345,21 +348,7 @@ int ivpu_ipc_send_receive_active(struct ivpu_device *vdev, struct vpu_jsm_msg *r
if (hb_ret == -ETIMEDOUT)
ivpu_pm_trigger_recovery(vdev, "IPC timeout");
- return ret;
-}
-
-int ivpu_ipc_send_receive(struct ivpu_device *vdev, struct vpu_jsm_msg *req,
- enum vpu_ipc_msg_type expected_resp, struct vpu_jsm_msg *resp,
- u32 channel, unsigned long timeout_ms)
-{
- int ret;
-
- ret = ivpu_rpm_get(vdev);
- if (ret < 0)
- return ret;
-
- ret = ivpu_ipc_send_receive_active(vdev, req, expected_resp, resp, channel, timeout_ms);
-
+rpm_put:
ivpu_rpm_put(vdev);
return ret;
}
diff --git a/drivers/accel/ivpu/ivpu_ipc.h b/drivers/accel/ivpu/ivpu_ipc.h
index 4fe38141045ea..fb4de7fb8210e 100644
--- a/drivers/accel/ivpu/ivpu_ipc.h
+++ b/drivers/accel/ivpu/ivpu_ipc.h
@@ -101,10 +101,9 @@ int ivpu_ipc_send(struct ivpu_device *vdev, struct ivpu_ipc_consumer *cons,
int ivpu_ipc_receive(struct ivpu_device *vdev, struct ivpu_ipc_consumer *cons,
struct ivpu_ipc_hdr *ipc_buf, struct vpu_jsm_msg *jsm_msg,
unsigned long timeout_ms);
-
-int ivpu_ipc_send_receive_active(struct ivpu_device *vdev, struct vpu_jsm_msg *req,
- enum vpu_ipc_msg_type expected_resp, struct vpu_jsm_msg *resp,
- u32 channel, unsigned long timeout_ms);
+int ivpu_ipc_send_receive_internal(struct ivpu_device *vdev, struct vpu_jsm_msg *req,
+ enum vpu_ipc_msg_type expected_resp_type,
+ struct vpu_jsm_msg *resp, u32 channel, unsigned long timeout_ms);
int ivpu_ipc_send_receive(struct ivpu_device *vdev, struct vpu_jsm_msg *req,
enum vpu_ipc_msg_type expected_resp, struct vpu_jsm_msg *resp,
u32 channel, unsigned long timeout_ms);
diff --git a/drivers/accel/ivpu/ivpu_jsm_msg.c b/drivers/accel/ivpu/ivpu_jsm_msg.c
index 46ef16c3c0691..88105963c1b28 100644
--- a/drivers/accel/ivpu/ivpu_jsm_msg.c
+++ b/drivers/accel/ivpu/ivpu_jsm_msg.c
@@ -270,9 +270,8 @@ int ivpu_jsm_pwr_d0i3_enter(struct ivpu_device *vdev)
req.payload.pwr_d0i3_enter.send_response = 1;
- ret = ivpu_ipc_send_receive_active(vdev, &req, VPU_JSM_MSG_PWR_D0I3_ENTER_DONE,
- &resp, VPU_IPC_CHAN_GEN_CMD,
- vdev->timeout.d0i3_entry_msg);
+ ret = ivpu_ipc_send_receive_internal(vdev, &req, VPU_JSM_MSG_PWR_D0I3_ENTER_DONE, &resp,
+ VPU_IPC_CHAN_GEN_CMD, vdev->timeout.d0i3_entry_msg);
if (ret)
return ret;
@@ -430,8 +429,8 @@ int ivpu_jsm_hws_setup_priority_bands(struct ivpu_device *vdev)
req.payload.hws_priority_band_setup.normal_band_percentage = 10;
- ret = ivpu_ipc_send_receive_active(vdev, &req, VPU_JSM_MSG_SET_PRIORITY_BAND_SETUP_RSP,
- &resp, VPU_IPC_CHAN_ASYNC_CMD, vdev->timeout.jsm);
+ ret = ivpu_ipc_send_receive_internal(vdev, &req, VPU_JSM_MSG_SET_PRIORITY_BAND_SETUP_RSP,
+ &resp, VPU_IPC_CHAN_ASYNC_CMD, vdev->timeout.jsm);
if (ret)
ivpu_warn_ratelimited(vdev, "Failed to set priority bands: %d\n", ret);
@@ -544,9 +543,8 @@ int ivpu_jsm_dct_enable(struct ivpu_device *vdev, u32 active_us, u32 inactive_us
req.payload.pwr_dct_control.dct_active_us = active_us;
req.payload.pwr_dct_control.dct_inactive_us = inactive_us;
- return ivpu_ipc_send_receive_active(vdev, &req, VPU_JSM_MSG_DCT_ENABLE_DONE,
- &resp, VPU_IPC_CHAN_ASYNC_CMD,
- vdev->timeout.jsm);
+ return ivpu_ipc_send_receive_internal(vdev, &req, VPU_JSM_MSG_DCT_ENABLE_DONE, &resp,
+ VPU_IPC_CHAN_ASYNC_CMD, vdev->timeout.jsm);
}
int ivpu_jsm_dct_disable(struct ivpu_device *vdev)
@@ -554,7 +552,6 @@ int ivpu_jsm_dct_disable(struct ivpu_device *vdev)
struct vpu_jsm_msg req = { .type = VPU_JSM_MSG_DCT_DISABLE };
struct vpu_jsm_msg resp;
- return ivpu_ipc_send_receive_active(vdev, &req, VPU_JSM_MSG_DCT_DISABLE_DONE,
- &resp, VPU_IPC_CHAN_ASYNC_CMD,
- vdev->timeout.jsm);
+ return ivpu_ipc_send_receive_internal(vdev, &req, VPU_JSM_MSG_DCT_DISABLE_DONE, &resp,
+ VPU_IPC_CHAN_ASYNC_CMD, vdev->timeout.jsm);
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 273/817] ASoC: rt722-sdca: Remove logically deadcode in rt722-sdca.c
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (271 preceding siblings ...)
2024-12-03 14:37 ` [PATCH 6.11 272/817] accel/ivpu: Prevent recovery invocation during probe and resume Greg Kroah-Hartman
@ 2024-12-03 14:37 ` Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 274/817] libbpf: never interpret subprogs in .text as entry programs Greg Kroah-Hartman
` (553 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Shuah Khan, Everest K.C., Mark Brown,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Everest K.C <everestkc@everestkc.com.np>
[ Upstream commit 22206e569fb54bf9c95db9a0138a7485ba9e13bc ]
As the same condition was checked in inner and outer if statements.
The code never reaches the inner else statement.
Fix this by removing the logically dead inner else statement.
Fixes: 7f5d6036ca00 ("ASoC: rt722-sdca: Add RT722 SDCA driver")
Reported-by: Shuah Khan <skhan@linuxfoundation.org>
Closes: https://lore.kernel.org/all/e44527e8-b7c6-4712-97a6-d54f02ad2dc9@linuxfoundation.org/
Signed-off-by: Everest K.C. <everestkc@everestkc.com.np>
Reviewed-by: Shuah Khan <skhan@linuxfoundation.org>
Link: https://patch.msgid.link/20241010175755.5278-1-everestkc@everestkc.com.np
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/rt722-sdca.c | 8 ++------
1 file changed, 2 insertions(+), 6 deletions(-)
diff --git a/sound/soc/codecs/rt722-sdca.c b/sound/soc/codecs/rt722-sdca.c
index e5bd9ef812de1..f9f7512ca3608 100644
--- a/sound/soc/codecs/rt722-sdca.c
+++ b/sound/soc/codecs/rt722-sdca.c
@@ -607,12 +607,8 @@ static int rt722_sdca_dmic_set_gain_get(struct snd_kcontrol *kcontrol,
if (!adc_vol_flag) /* boost gain */
ctl = regvalue / boost_step;
- else { /* ADC gain */
- if (adc_vol_flag)
- ctl = p->max - (((vol_max - regvalue) & 0xffff) / interval_offset);
- else
- ctl = p->max - (((0 - regvalue) & 0xffff) / interval_offset);
- }
+ else /* ADC gain */
+ ctl = p->max - (((vol_max - regvalue) & 0xffff) / interval_offset);
ucontrol->value.integer.value[i] = ctl;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 274/817] libbpf: never interpret subprogs in .text as entry programs
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (272 preceding siblings ...)
2024-12-03 14:37 ` [PATCH 6.11 273/817] ASoC: rt722-sdca: Remove logically deadcode in rt722-sdca.c Greg Kroah-Hartman
@ 2024-12-03 14:37 ` Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 275/817] netdevsim: copy addresses for both in and out paths Greg Kroah-Hartman
` (552 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Andrii Nakryiko, Alexei Starovoitov,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andrii Nakryiko <andrii@kernel.org>
[ Upstream commit db089c9158c1d535a36dfc010e5db37fccea2561 ]
Libbpf pre-1.0 had a legacy logic of allowing singular non-annotated
(i.e., not having explicit SEC() annotation) function to be treated as
sole entry BPF program (unless there were other explicit entry
programs).
This behavior was dropped during libbpf 1.0 transition period (unless
LIBBPF_STRICT_SEC_NAME flag was unset in libbpf_mode). When 1.0 was
released and all the legacy behavior was removed, the bug slipped
through leaving this legacy behavior around.
Fix this for good, as it actually causes very confusing behavior if BPF
object file only has subprograms, but no entry programs.
Fixes: bd054102a8c7 ("libbpf: enforce strict libbpf 1.0 behaviors")
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/r/20241010211731.4121837-1-andrii@kernel.org
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/lib/bpf/libbpf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c
index 98a6cc304bb21..12d99b9ddb7c1 100644
--- a/tools/lib/bpf/libbpf.c
+++ b/tools/lib/bpf/libbpf.c
@@ -4389,7 +4389,7 @@ static int bpf_object__collect_externs(struct bpf_object *obj)
static bool prog_is_subprog(const struct bpf_object *obj, const struct bpf_program *prog)
{
- return prog->sec_idx == obj->efile.text_shndx && obj->nr_programs > 1;
+ return prog->sec_idx == obj->efile.text_shndx;
}
struct bpf_program *
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 275/817] netdevsim: copy addresses for both in and out paths
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (273 preceding siblings ...)
2024-12-03 14:37 ` [PATCH 6.11 274/817] libbpf: never interpret subprogs in .text as entry programs Greg Kroah-Hartman
@ 2024-12-03 14:37 ` Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 276/817] drm/bridge: tc358767: Fix link properties discovery Greg Kroah-Hartman
` (551 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Simon Horman, Hangbin Liu,
Jakub Kicinski, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hangbin Liu <liuhangbin@gmail.com>
[ Upstream commit 2cf567f421dbfe7e53b7e5ddee9400da10efb75d ]
The current code only copies the address for the in path, leaving the out
path address set to 0. This patch corrects the issue by copying the addresses
for both the in and out paths. Before this patch:
# cat /sys/kernel/debug/netdevsim/netdevsim0/ports/0/ipsec
SA count=2 tx=20
sa[0] tx ipaddr=0.0.0.0
sa[0] spi=0x00000100 proto=0x32 salt=0x0adecc3a crypt=1
sa[0] key=0x3167608a ca4f1397 43565909 941fa627
sa[1] rx ipaddr=192.168.0.1
sa[1] spi=0x00000101 proto=0x32 salt=0x0adecc3a crypt=1
sa[1] key=0x3167608a ca4f1397 43565909 941fa627
After this patch:
= cat /sys/kernel/debug/netdevsim/netdevsim0/ports/0/ipsec
SA count=2 tx=20
sa[0] tx ipaddr=192.168.0.2
sa[0] spi=0x00000100 proto=0x32 salt=0x0adecc3a crypt=1
sa[0] key=0x3167608a ca4f1397 43565909 941fa627
sa[1] rx ipaddr=192.168.0.1
sa[1] spi=0x00000101 proto=0x32 salt=0x0adecc3a crypt=1
sa[1] key=0x3167608a ca4f1397 43565909 941fa627
Fixes: 7699353da875 ("netdevsim: add ipsec offload testing")
Reviewed-by: Simon Horman <horms@kernel.org>
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Link: https://patch.msgid.link/20241010040027.21440-3-liuhangbin@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/netdevsim/ipsec.c | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/drivers/net/netdevsim/ipsec.c b/drivers/net/netdevsim/ipsec.c
index f0d58092e7e96..3612b0633bd17 100644
--- a/drivers/net/netdevsim/ipsec.c
+++ b/drivers/net/netdevsim/ipsec.c
@@ -176,14 +176,13 @@ static int nsim_ipsec_add_sa(struct xfrm_state *xs,
return ret;
}
- if (xs->xso.dir == XFRM_DEV_OFFLOAD_IN) {
+ if (xs->xso.dir == XFRM_DEV_OFFLOAD_IN)
sa.rx = true;
- if (xs->props.family == AF_INET6)
- memcpy(sa.ipaddr, &xs->id.daddr.a6, 16);
- else
- memcpy(&sa.ipaddr[3], &xs->id.daddr.a4, 4);
- }
+ if (xs->props.family == AF_INET6)
+ memcpy(sa.ipaddr, &xs->id.daddr.a6, 16);
+ else
+ memcpy(&sa.ipaddr[3], &xs->id.daddr.a4, 4);
/* the preparations worked, so save the info */
memcpy(&ipsec->sa[sa_idx], &sa, sizeof(sa));
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 276/817] drm/bridge: tc358767: Fix link properties discovery
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (274 preceding siblings ...)
2024-12-03 14:37 ` [PATCH 6.11 275/817] netdevsim: copy addresses for both in and out paths Greg Kroah-Hartman
@ 2024-12-03 14:37 ` Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 277/817] selftests/bpf: Fix msg_verify_data in test_sockmap Greg Kroah-Hartman
` (550 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jan Kiszka, Aradhya Bhatia,
Tomi Valkeinen, Dmitry Baryshkov, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tomi Valkeinen <tomi.valkeinen@ideasonboard.com>
[ Upstream commit 2d343723c7e1f9f6d64f721f07cfdfc2993758d1 ]
When a display controller driver uses DRM_BRIDGE_ATTACH_NO_CONNECTOR,
tc358767 will behave properly and skip the creation of the connector.
However, tc_get_display_props(), which is used to find out about the DP
monitor and link, is only called from two places: .atomic_enable() and
tc_connector_get_modes(). The latter is only used when tc358767 creates
its own connector, i.e. when DRM_BRIDGE_ATTACH_NO_CONNECTOR is _not_
set.
Thus, the driver never finds out the link properties before get_edid()
is called. With num_lanes of 0 and link_rate of 0 there are not many
valid modes...
Fix this by adding tc_get_display_props() call at the beginning of
get_edid(), so that we have up to date information before looking at the
modes.
Reported-by: Jan Kiszka <jan.kiszka@siemens.com>
Closes: https://lore.kernel.org/all/24282420-b4dd-45b3-bb1c-fc37fe4a8205@siemens.com/
Fixes: de5e6c027ae6 ("drm/bridge: tc358767: add drm_panel_bridge support")
Reviewed-by: Aradhya Bhatia <a-bhatia1@ti.com>
Tested-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ideasonboard.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20231108-tc358767-v2-2-25c5f70a2159@ideasonboard.com
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/bridge/tc358767.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/gpu/drm/bridge/tc358767.c b/drivers/gpu/drm/bridge/tc358767.c
index b8b7a227addfb..c4cc7f90d112c 100644
--- a/drivers/gpu/drm/bridge/tc358767.c
+++ b/drivers/gpu/drm/bridge/tc358767.c
@@ -1695,6 +1695,13 @@ static const struct drm_edid *tc_edid_read(struct drm_bridge *bridge,
struct drm_connector *connector)
{
struct tc_data *tc = bridge_to_tc(bridge);
+ int ret;
+
+ ret = tc_get_display_props(tc);
+ if (ret < 0) {
+ dev_err(tc->dev, "failed to read display props: %d\n", ret);
+ return 0;
+ }
return drm_edid_read_ddc(connector, &tc->aux.ddc);
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 277/817] selftests/bpf: Fix msg_verify_data in test_sockmap
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (275 preceding siblings ...)
2024-12-03 14:37 ` [PATCH 6.11 276/817] drm/bridge: tc358767: Fix link properties discovery Greg Kroah-Hartman
@ 2024-12-03 14:37 ` Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 278/817] selftests/bpf: Fix txmsg_redir of test_txmsg_pull " Greg Kroah-Hartman
` (549 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, John Fastabend, Zijian Zhang,
Martin KaFai Lau, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zijian Zhang <zijianzhang@bytedance.com>
[ Upstream commit ee9b352ce4650ffc0d8ca0ac373d7c009c7e561e ]
Function msg_verify_data should have context of bytes_cnt and k instead of
assuming they are zero. Otherwise, test_sockmap with data integrity test
will report some errors. I also fix the logic related to size and index j
1/ 6 sockmap::txmsg test passthrough:FAIL
2/ 6 sockmap::txmsg test redirect:FAIL
7/12 sockmap::txmsg test apply:FAIL
10/11 sockmap::txmsg test push_data:FAIL
11/17 sockmap::txmsg test pull-data:FAIL
12/ 9 sockmap::txmsg test pop-data:FAIL
13/ 1 sockmap::txmsg test push/pop data:FAIL
...
Pass: 24 Fail: 52
After applying this patch, some of the errors are solved, but for push,
pull and pop, we may need more fixes to msg_verify_data, added a TODO
10/11 sockmap::txmsg test push_data:FAIL
11/17 sockmap::txmsg test pull-data:FAIL
12/ 9 sockmap::txmsg test pop-data:FAIL
...
Pass: 37 Fail: 15
Besides, added a custom errno EDATAINTEGRITY for msg_verify_data, we
shall not ignore the error in txmsg_cork case.
Fixes: 753fb2ee0934 ("bpf: sockmap, add msg_peek tests to test_sockmap")
Fixes: 16edddfe3c5d ("selftests/bpf: test_sockmap, check test failure")
Acked-by: John Fastabend <john.fastabend@gmail.com>
Signed-off-by: Zijian Zhang <zijianzhang@bytedance.com>
Link: https://lore.kernel.org/r/20241012203731.1248619-2-zijianzhang@bytedance.com
Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/bpf/test_sockmap.c | 30 ++++++++++++++--------
1 file changed, 20 insertions(+), 10 deletions(-)
diff --git a/tools/testing/selftests/bpf/test_sockmap.c b/tools/testing/selftests/bpf/test_sockmap.c
index 3e02d7267de8b..8249f3c1fbd65 100644
--- a/tools/testing/selftests/bpf/test_sockmap.c
+++ b/tools/testing/selftests/bpf/test_sockmap.c
@@ -56,6 +56,8 @@ static void running_handler(int a);
#define BPF_SOCKHASH_FILENAME "test_sockhash_kern.bpf.o"
#define CG_PATH "/sockmap"
+#define EDATAINTEGRITY 2001
+
/* global sockets */
int s1, s2, c1, c2, p1, p2;
int test_cnt;
@@ -510,23 +512,25 @@ static int msg_alloc_iov(struct msghdr *msg,
return -ENOMEM;
}
-static int msg_verify_data(struct msghdr *msg, int size, int chunk_sz)
+/* TODO: Add verification logic for push, pull and pop data */
+static int msg_verify_data(struct msghdr *msg, int size, int chunk_sz,
+ unsigned char *k_p, int *bytes_cnt_p)
{
- int i, j = 0, bytes_cnt = 0;
- unsigned char k = 0;
+ int i, j, bytes_cnt = *bytes_cnt_p;
+ unsigned char k = *k_p;
- for (i = 0; i < msg->msg_iovlen; i++) {
+ for (i = 0, j = 0; i < msg->msg_iovlen && size; i++, j = 0) {
unsigned char *d = msg->msg_iov[i].iov_base;
/* Special case test for skb ingress + ktls */
if (i == 0 && txmsg_ktls_skb) {
if (msg->msg_iov[i].iov_len < 4)
- return -EIO;
+ return -EDATAINTEGRITY;
if (memcmp(d, "PASS", 4) != 0) {
fprintf(stderr,
"detected skb data error with skb ingress update @iov[%i]:%i \"%02x %02x %02x %02x\" != \"PASS\"\n",
i, 0, d[0], d[1], d[2], d[3]);
- return -EIO;
+ return -EDATAINTEGRITY;
}
j = 4; /* advance index past PASS header */
}
@@ -536,7 +540,7 @@ static int msg_verify_data(struct msghdr *msg, int size, int chunk_sz)
fprintf(stderr,
"detected data corruption @iov[%i]:%i %02x != %02x, %02x ?= %02x\n",
i, j, d[j], k - 1, d[j+1], k);
- return -EIO;
+ return -EDATAINTEGRITY;
}
bytes_cnt++;
if (bytes_cnt == chunk_sz) {
@@ -546,6 +550,8 @@ static int msg_verify_data(struct msghdr *msg, int size, int chunk_sz)
size--;
}
}
+ *k_p = k;
+ *bytes_cnt_p = bytes_cnt;
return 0;
}
@@ -602,6 +608,8 @@ static int msg_loop(int fd, int iov_count, int iov_length, int cnt,
float total_bytes, txmsg_pop_total;
int fd_flags = O_NONBLOCK;
struct timeval timeout;
+ unsigned char k = 0;
+ int bytes_cnt = 0;
fd_set w;
fcntl(fd, fd_flags);
@@ -696,7 +704,7 @@ static int msg_loop(int fd, int iov_count, int iov_length, int cnt,
iov_length * cnt :
iov_length * iov_count;
- errno = msg_verify_data(&msg, recv, chunk_sz);
+ errno = msg_verify_data(&msg, recv, chunk_sz, &k, &bytes_cnt);
if (errno) {
perror("data verify msg failed");
goto out_errno;
@@ -704,7 +712,9 @@ static int msg_loop(int fd, int iov_count, int iov_length, int cnt,
if (recvp) {
errno = msg_verify_data(&msg_peek,
recvp,
- chunk_sz);
+ chunk_sz,
+ &k,
+ &bytes_cnt);
if (errno) {
perror("data verify msg_peek failed");
goto out_errno;
@@ -812,7 +822,7 @@ static int sendmsg_test(struct sockmap_options *opt)
s.bytes_sent, sent_Bps, sent_Bps/giga,
s.bytes_recvd, recvd_Bps, recvd_Bps/giga,
peek_flag ? "(peek_msg)" : "");
- if (err && txmsg_cork)
+ if (err && err != -EDATAINTEGRITY && txmsg_cork)
err = 0;
exit(err ? 1 : 0);
} else if (rxpid == -1) {
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 278/817] selftests/bpf: Fix txmsg_redir of test_txmsg_pull in test_sockmap
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (276 preceding siblings ...)
2024-12-03 14:37 ` [PATCH 6.11 277/817] selftests/bpf: Fix msg_verify_data in test_sockmap Greg Kroah-Hartman
@ 2024-12-03 14:37 ` Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 279/817] wifi: wilc1000: Set MAC after operation mode Greg Kroah-Hartman
` (548 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, John Fastabend, Zijian Zhang,
Martin KaFai Lau, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zijian Zhang <zijianzhang@bytedance.com>
[ Upstream commit b29e231d66303c12b7b8ac3ac2a057df06b161e8 ]
txmsg_redir in "Test pull + redirect" case of test_txmsg_pull should be
1 instead of 0.
Fixes: 328aa08a081b ("bpf: Selftests, break down test_sockmap into subtests")
Acked-by: John Fastabend <john.fastabend@gmail.com>
Signed-off-by: Zijian Zhang <zijianzhang@bytedance.com>
Link: https://lore.kernel.org/r/20241012203731.1248619-3-zijianzhang@bytedance.com
Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/bpf/test_sockmap.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/testing/selftests/bpf/test_sockmap.c b/tools/testing/selftests/bpf/test_sockmap.c
index 8249f3c1fbd65..075c93ed143e6 100644
--- a/tools/testing/selftests/bpf/test_sockmap.c
+++ b/tools/testing/selftests/bpf/test_sockmap.c
@@ -1606,7 +1606,7 @@ static void test_txmsg_pull(int cgrp, struct sockmap_options *opt)
test_send_large(opt, cgrp);
/* Test pull + redirect */
- txmsg_redir = 0;
+ txmsg_redir = 1;
txmsg_start = 1;
txmsg_end = 2;
test_send(opt, cgrp);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 279/817] wifi: wilc1000: Set MAC after operation mode
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (277 preceding siblings ...)
2024-12-03 14:37 ` [PATCH 6.11 278/817] selftests/bpf: Fix txmsg_redir of test_txmsg_pull " Greg Kroah-Hartman
@ 2024-12-03 14:37 ` Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 280/817] wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() Greg Kroah-Hartman
` (547 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Alexis Lothoré, Marek Vasut,
Kalle Valo, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Marek Vasut <marex@denx.de>
[ Upstream commit 29dd3e48b9bd88bf65a1e760126fa18d1def7b30 ]
It seems it is necessary to set WILC MAC address after operation mode,
otherwise the MAC address of the WILC MAC is reset back to what is in
nvmem. This causes a failure to associate with AP after the WILC MAC
address was overridden by userspace.
Test case:
"
ap$ cat << EOF > hostap.conf
interface=wlan0
ssid=ssid
hw_mode=g
channel=6
wpa=2
wpa_passphrase=pass
wpa_key_mgmt=WPA-PSK
EOF
ap$ hostapd -d hostap.conf
ap$ ifconfig wlan0 10.0.0.1
"
"
sta$ ifconfig wlan0 hw ether 00:11:22:33:44:55
sta$ wpa_supplicant -i wlan0 -c <(wpa_passphrase ssid pass)
sta$ ifconfig wlan0 10.0.0.2
sta$ ping 10.0.0.1 # fails without this patch
"
AP still indicates SA with original MAC address from nvmem without this patch:
"
nl80211: RX frame da=ff:ff:ff:ff:ff:ff sa=60:01:23:45:67:89 bssid=ff:ff:ff:ff:ff:ff ...
^^^^^^^^^^^^^^^^^
"
Fixes: 83d9b54ee5d4 ("wifi: wilc1000: read MAC address from fuse at probe")
Tested-by: Alexis Lothoré <alexis.lothore@bootlin.com>
Signed-off-by: Marek Vasut <marex@denx.de>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://patch.msgid.link/20241003132504.52233-1-marex@denx.de
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/microchip/wilc1000/netdev.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/net/wireless/microchip/wilc1000/netdev.c b/drivers/net/wireless/microchip/wilc1000/netdev.c
index 9ecf3fb29b558..8bc127c5a538c 100644
--- a/drivers/net/wireless/microchip/wilc1000/netdev.c
+++ b/drivers/net/wireless/microchip/wilc1000/netdev.c
@@ -608,6 +608,9 @@ static int wilc_mac_open(struct net_device *ndev)
return ret;
}
+ wilc_set_operation_mode(vif, wilc_get_vif_idx(vif), vif->iftype,
+ vif->idx);
+
netdev_dbg(ndev, "Mac address: %pM\n", ndev->dev_addr);
ret = wilc_set_mac_address(vif, ndev->dev_addr);
if (ret) {
@@ -618,9 +621,6 @@ static int wilc_mac_open(struct net_device *ndev)
return ret;
}
- wilc_set_operation_mode(vif, wilc_get_vif_idx(vif), vif->iftype,
- vif->idx);
-
mgmt_regs.interface_stypes = vif->mgmt_reg_stypes;
/* so we detect a change */
vif->mgmt_reg_stypes = 0;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 280/817] wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (278 preceding siblings ...)
2024-12-03 14:37 ` [PATCH 6.11 279/817] wifi: wilc1000: Set MAC after operation mode Greg Kroah-Hartman
@ 2024-12-03 14:37 ` Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 281/817] drm: fsl-dcu: enable PIXCLK on LS1021A Greg Kroah-Hartman
` (546 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Alper Nebi Yasak, Brian Norris,
Kalle Valo, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alper Nebi Yasak <alpernebiyasak@gmail.com>
[ Upstream commit d241a139c2e9f8a479f25c75ebd5391e6a448500 ]
Replace one-element array with a flexible-array member in `struct
mwifiex_ie_types_wildcard_ssid_params` to fix the following warning
on a MT8173 Chromebook (mt8173-elm-hana):
[ 356.775250] ------------[ cut here ]------------
[ 356.784543] memcpy: detected field-spanning write (size 6) of single field "wildcard_ssid_tlv->ssid" at drivers/net/wireless/marvell/mwifiex/scan.c:904 (size 1)
[ 356.813403] WARNING: CPU: 3 PID: 742 at drivers/net/wireless/marvell/mwifiex/scan.c:904 mwifiex_scan_networks+0x4fc/0xf28 [mwifiex]
The "(size 6)" above is exactly the length of the SSID of the network
this device was connected to. The source of the warning looks like:
ssid_len = user_scan_in->ssid_list[i].ssid_len;
[...]
memcpy(wildcard_ssid_tlv->ssid,
user_scan_in->ssid_list[i].ssid, ssid_len);
There is a #define WILDCARD_SSID_TLV_MAX_SIZE that uses sizeof() on this
struct, but it already didn't account for the size of the one-element
array, so it doesn't need to be changed.
Fixes: 5e6e3a92b9a4 ("wireless: mwifiex: initial commit for Marvell mwifiex driver")
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
Acked-by: Brian Norris <briannorris@chromium.org>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://patch.msgid.link/20241007222301.24154-1-alpernebiyasak@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/marvell/mwifiex/fw.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/marvell/mwifiex/fw.h b/drivers/net/wireless/marvell/mwifiex/fw.h
index 5b072120e3f21..324efd55c8e4f 100644
--- a/drivers/net/wireless/marvell/mwifiex/fw.h
+++ b/drivers/net/wireless/marvell/mwifiex/fw.h
@@ -842,7 +842,7 @@ struct mwifiex_ietypes_chanstats {
struct mwifiex_ie_types_wildcard_ssid_params {
struct mwifiex_ie_types_header header;
u8 max_ssid_length;
- u8 ssid[1];
+ u8 ssid[];
} __packed;
#define TSF_DATA_SIZE 8
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 281/817] drm: fsl-dcu: enable PIXCLK on LS1021A
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (279 preceding siblings ...)
2024-12-03 14:37 ` [PATCH 6.11 280/817] wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() Greg Kroah-Hartman
@ 2024-12-03 14:37 ` Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 282/817] drm: panel: nv3052c: correct spi_device_id for RG35XX panel Greg Kroah-Hartman
` (545 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Matthias Schiffer, Alexander Stein,
Dmitry Baryshkov, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Matthias Schiffer <matthias.schiffer@tq-group.com>
[ Upstream commit ffcde9e44d3e18fde3d18bfff8d9318935413bfd ]
The PIXCLK needs to be enabled in SCFG before accessing certain DCU
registers, or the access will hang. For simplicity, the PIXCLK is enabled
unconditionally, resulting in increased power consumption.
Signed-off-by: Matthias Schiffer <matthias.schiffer@tq-group.com>
Signed-off-by: Alexander Stein <alexander.stein@ew.tq-group.com>
Fixes: 109eee2f2a18 ("drm/layerscape: Add Freescale DCU DRM driver")
Acked-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20240926055552.1632448-2-alexander.stein@ew.tq-group.com
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/fsl-dcu/Kconfig | 1 +
drivers/gpu/drm/fsl-dcu/fsl_dcu_drm_drv.c | 15 +++++++++++++++
drivers/gpu/drm/fsl-dcu/fsl_dcu_drm_drv.h | 3 +++
3 files changed, 19 insertions(+)
diff --git a/drivers/gpu/drm/fsl-dcu/Kconfig b/drivers/gpu/drm/fsl-dcu/Kconfig
index 5ca71ef873259..c9ee98693b48a 100644
--- a/drivers/gpu/drm/fsl-dcu/Kconfig
+++ b/drivers/gpu/drm/fsl-dcu/Kconfig
@@ -8,6 +8,7 @@ config DRM_FSL_DCU
select DRM_PANEL
select REGMAP_MMIO
select VIDEOMODE_HELPERS
+ select MFD_SYSCON if SOC_LS1021A
help
Choose this option if you have an Freescale DCU chipset.
If M is selected the module will be called fsl-dcu-drm.
diff --git a/drivers/gpu/drm/fsl-dcu/fsl_dcu_drm_drv.c b/drivers/gpu/drm/fsl-dcu/fsl_dcu_drm_drv.c
index ab6c0c6cd0e2e..c4c3d41ee5309 100644
--- a/drivers/gpu/drm/fsl-dcu/fsl_dcu_drm_drv.c
+++ b/drivers/gpu/drm/fsl-dcu/fsl_dcu_drm_drv.c
@@ -100,6 +100,7 @@ static void fsl_dcu_irq_uninstall(struct drm_device *dev)
static int fsl_dcu_load(struct drm_device *dev, unsigned long flags)
{
struct fsl_dcu_drm_device *fsl_dev = dev->dev_private;
+ struct regmap *scfg;
int ret;
ret = fsl_dcu_drm_modeset_init(fsl_dev);
@@ -108,6 +109,20 @@ static int fsl_dcu_load(struct drm_device *dev, unsigned long flags)
return ret;
}
+ scfg = syscon_regmap_lookup_by_compatible("fsl,ls1021a-scfg");
+ if (PTR_ERR(scfg) != -ENODEV) {
+ /*
+ * For simplicity, enable the PIXCLK unconditionally,
+ * resulting in increased power consumption. Disabling
+ * the clock in PM or on unload could be implemented as
+ * a future improvement.
+ */
+ ret = regmap_update_bits(scfg, SCFG_PIXCLKCR, SCFG_PIXCLKCR_PXCEN,
+ SCFG_PIXCLKCR_PXCEN);
+ if (ret < 0)
+ return dev_err_probe(dev->dev, ret, "failed to enable pixclk\n");
+ }
+
ret = drm_vblank_init(dev, dev->mode_config.num_crtc);
if (ret < 0) {
dev_err(dev->dev, "failed to initialize vblank\n");
diff --git a/drivers/gpu/drm/fsl-dcu/fsl_dcu_drm_drv.h b/drivers/gpu/drm/fsl-dcu/fsl_dcu_drm_drv.h
index e2049a0e8a92a..566396013c04a 100644
--- a/drivers/gpu/drm/fsl-dcu/fsl_dcu_drm_drv.h
+++ b/drivers/gpu/drm/fsl-dcu/fsl_dcu_drm_drv.h
@@ -160,6 +160,9 @@
#define FSL_DCU_ARGB4444 12
#define FSL_DCU_YUV422 14
+#define SCFG_PIXCLKCR 0x28
+#define SCFG_PIXCLKCR_PXCEN BIT(31)
+
#define VF610_LAYER_REG_NUM 9
#define LS1021A_LAYER_REG_NUM 10
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 282/817] drm: panel: nv3052c: correct spi_device_id for RG35XX panel
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (280 preceding siblings ...)
2024-12-03 14:37 ` [PATCH 6.11 281/817] drm: fsl-dcu: enable PIXCLK on LS1021A Greg Kroah-Hartman
@ 2024-12-03 14:37 ` Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 283/817] drm/msm/dpu: on SDM845 move DSPP_3 to LM_5 block Greg Kroah-Hartman
` (544 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ryan Walklin, Neil Armstrong,
Dmitry Baryshkov, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ryan Walklin <ryan@testtoast.com>
[ Upstream commit 45608a3eb4902f32010a8328c0a01ccda4b38c9b ]
The Anbernic RG35XX devices use an SPI LCD panel from an unknown OEM,
with an NV3052C driver chip.
As discussed previously, the integrating vendor and device name are
preferred instead of the OEM serial. A previous patch corrected the
device tree binding and of_device_id in the NV3052C driver, however the
spi_device_id also needs correction.
Correct the spi_device_id for the RG35XX panel.
Signed-off-by: Ryan Walklin <ryan@testtoast.com>
Fixes: 76dce2a96c0f ("drm: panel: nv3052c: Correct WL-355608-A8 panel compatible")
Reviewed-by: Neil Armstrong <neil.armstrong@linaro.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20241020083836.175733-1-ryan@testtoast.com
[DB: corrected the Fixes tag]
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/panel/panel-newvision-nv3052c.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/panel/panel-newvision-nv3052c.c b/drivers/gpu/drm/panel/panel-newvision-nv3052c.c
index d3baccfe6286b..06e16a7c14a75 100644
--- a/drivers/gpu/drm/panel/panel-newvision-nv3052c.c
+++ b/drivers/gpu/drm/panel/panel-newvision-nv3052c.c
@@ -917,7 +917,7 @@ static const struct nv3052c_panel_info wl_355608_a8_panel_info = {
static const struct spi_device_id nv3052c_ids[] = {
{ "ltk035c5444t", },
{ "fs035vg158", },
- { "wl-355608-a8", },
+ { "rg35xx-plus-panel", },
{ /* sentinel */ }
};
MODULE_DEVICE_TABLE(spi, nv3052c_ids);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 283/817] drm/msm/dpu: on SDM845 move DSPP_3 to LM_5 block
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (281 preceding siblings ...)
2024-12-03 14:37 ` [PATCH 6.11 282/817] drm: panel: nv3052c: correct spi_device_id for RG35XX panel Greg Kroah-Hartman
@ 2024-12-03 14:37 ` Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 284/817] drm/msm/dpu: drop LM_3 / LM_4 on SDM845 Greg Kroah-Hartman
` (543 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dmitry Baryshkov, Abhinav Kumar,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
[ Upstream commit 768a272d5357269b17b4b06dd8647e21bdc0ca3c ]
On the SDM845 platform the DSPP_3 is used by the LM_5. Correct
corresponding entries in the sdm845_lm array.
Fixes: c72375172194 ("drm/msm/dpu/catalog: define DSPP blocks found on sdm845")
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Reviewed-by: Abhinav Kumar <quic_abhinavk@quicinc.com>
Patchwork: https://patchwork.freedesktop.org/patch/612584/
Link: https://lore.kernel.org/r/20240905-dpu-fix-sdm845-catalog-v1-1-3363d03998bd@linaro.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_4_0_sdm845.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_4_0_sdm845.h b/drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_4_0_sdm845.h
index 7a23389a57327..59eeea3dd2e9f 100644
--- a/drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_4_0_sdm845.h
+++ b/drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_4_0_sdm845.h
@@ -161,7 +161,6 @@ static const struct dpu_lm_cfg sdm845_lm[] = {
.features = MIXER_SDM845_MASK,
.sblk = &sdm845_lm_sblk,
.pingpong = PINGPONG_NONE,
- .dspp = DSPP_3,
}, {
.name = "lm_4", .id = LM_4,
.base = 0x0, .len = 0x320,
@@ -175,6 +174,7 @@ static const struct dpu_lm_cfg sdm845_lm[] = {
.sblk = &sdm845_lm_sblk,
.lm_pair = LM_2,
.pingpong = PINGPONG_3,
+ .dspp = DSPP_3,
},
};
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 284/817] drm/msm/dpu: drop LM_3 / LM_4 on SDM845
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (282 preceding siblings ...)
2024-12-03 14:37 ` [PATCH 6.11 283/817] drm/msm/dpu: on SDM845 move DSPP_3 to LM_5 block Greg Kroah-Hartman
@ 2024-12-03 14:37 ` Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 285/817] drm/msm/dpu: drop LM_3 / LM_4 on MSM8998 Greg Kroah-Hartman
` (542 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dmitry Baryshkov, Abhinav Kumar,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
[ Upstream commit d39271061d67c6fcbe8f361c532b493069232cf8 ]
On the SDM845 platform ther are no LM_3 and LM_4 blocks. Drop them from
the SDM845 catalog.
Fixes: 25fdd5933e4c ("drm/msm: Add SDM845 DPU support")
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Reviewed-by: Abhinav Kumar <quic_abhinavk@quicinc.com>
Patchwork: https://patchwork.freedesktop.org/patch/612586/
Link: https://lore.kernel.org/r/20240905-dpu-fix-sdm845-catalog-v1-2-3363d03998bd@linaro.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../gpu/drm/msm/disp/dpu1/catalog/dpu_4_0_sdm845.h | 12 ------------
1 file changed, 12 deletions(-)
diff --git a/drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_4_0_sdm845.h b/drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_4_0_sdm845.h
index 59eeea3dd2e9f..72bd4f7e9e504 100644
--- a/drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_4_0_sdm845.h
+++ b/drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_4_0_sdm845.h
@@ -155,18 +155,6 @@ static const struct dpu_lm_cfg sdm845_lm[] = {
.lm_pair = LM_5,
.pingpong = PINGPONG_2,
.dspp = DSPP_2,
- }, {
- .name = "lm_3", .id = LM_3,
- .base = 0x0, .len = 0x320,
- .features = MIXER_SDM845_MASK,
- .sblk = &sdm845_lm_sblk,
- .pingpong = PINGPONG_NONE,
- }, {
- .name = "lm_4", .id = LM_4,
- .base = 0x0, .len = 0x320,
- .features = MIXER_SDM845_MASK,
- .sblk = &sdm845_lm_sblk,
- .pingpong = PINGPONG_NONE,
}, {
.name = "lm_5", .id = LM_5,
.base = 0x49000, .len = 0x320,
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 285/817] drm/msm/dpu: drop LM_3 / LM_4 on MSM8998
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (283 preceding siblings ...)
2024-12-03 14:37 ` [PATCH 6.11 284/817] drm/msm/dpu: drop LM_3 / LM_4 on SDM845 Greg Kroah-Hartman
@ 2024-12-03 14:37 ` Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 286/817] octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_common.c Greg Kroah-Hartman
` (541 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Abhinav Kumar, Dmitry Baryshkov,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
[ Upstream commit c59afe50773d5c972f6684f9bbd9a2ddb2fb92fa ]
On the MSM8998 platform ther are no LM_3 and LM_4 blocks. Drop them from
the MSM8998 catalog.
Fixes: 94391a14fc27 ("drm/msm/dpu1: Add MSM8998 to hw catalog")
Reported-by: Abhinav Kumar <quic_abhinavk@quicinc.com>
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Reviewed-by: Abhinav Kumar <quic_abhinavk@quicinc.com>
Patchwork: https://patchwork.freedesktop.org/patch/612585/
Link: https://lore.kernel.org/r/20240905-dpu-fix-sdm845-catalog-v1-3-3363d03998bd@linaro.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../gpu/drm/msm/disp/dpu1/catalog/dpu_3_0_msm8998.h | 12 ------------
1 file changed, 12 deletions(-)
diff --git a/drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_3_0_msm8998.h b/drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_3_0_msm8998.h
index 1d3e9666c7411..64c94e919a698 100644
--- a/drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_3_0_msm8998.h
+++ b/drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_3_0_msm8998.h
@@ -156,18 +156,6 @@ static const struct dpu_lm_cfg msm8998_lm[] = {
.sblk = &msm8998_lm_sblk,
.lm_pair = LM_5,
.pingpong = PINGPONG_2,
- }, {
- .name = "lm_3", .id = LM_3,
- .base = 0x47000, .len = 0x320,
- .features = MIXER_MSM8998_MASK,
- .sblk = &msm8998_lm_sblk,
- .pingpong = PINGPONG_NONE,
- }, {
- .name = "lm_4", .id = LM_4,
- .base = 0x48000, .len = 0x320,
- .features = MIXER_MSM8998_MASK,
- .sblk = &msm8998_lm_sblk,
- .pingpong = PINGPONG_NONE,
}, {
.name = "lm_5", .id = LM_5,
.base = 0x49000, .len = 0x320,
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 286/817] octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_common.c
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (284 preceding siblings ...)
2024-12-03 14:37 ` [PATCH 6.11 285/817] drm/msm/dpu: drop LM_3 / LM_4 on MSM8998 Greg Kroah-Hartman
@ 2024-12-03 14:37 ` Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 287/817] octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_ethtool.c Greg Kroah-Hartman
` (540 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dipendra Khadka, Simon Horman,
Andrew Lunn, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dipendra Khadka <kdipendra88@gmail.com>
[ Upstream commit 0fbc7a5027c6f7f2c785adae3dcec22b2f2b69b3 ]
Add error pointer check after calling otx2_mbox_get_rsp().
Fixes: ab58a416c93f ("octeontx2-pf: cn10k: Get max mtu supported from admin function")
Signed-off-by: Dipendra Khadka <kdipendra88@gmail.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Signed-off-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/marvell/octeontx2/nic/otx2_common.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/net/ethernet/marvell/octeontx2/nic/otx2_common.c b/drivers/net/ethernet/marvell/octeontx2/nic/otx2_common.c
index 87d5776e3b88e..7510a918d942c 100644
--- a/drivers/net/ethernet/marvell/octeontx2/nic/otx2_common.c
+++ b/drivers/net/ethernet/marvell/octeontx2/nic/otx2_common.c
@@ -1837,6 +1837,10 @@ u16 otx2_get_max_mtu(struct otx2_nic *pfvf)
if (!rc) {
rsp = (struct nix_hw_info *)
otx2_mbox_get_rsp(&pfvf->mbox.mbox, 0, &req->hdr);
+ if (IS_ERR(rsp)) {
+ rc = PTR_ERR(rsp);
+ goto out;
+ }
/* HW counts VLAN insertion bytes (8 for double tag)
* irrespective of whether SQE is requesting to insert VLAN
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 287/817] octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_ethtool.c
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (285 preceding siblings ...)
2024-12-03 14:37 ` [PATCH 6.11 286/817] octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_common.c Greg Kroah-Hartman
@ 2024-12-03 14:37 ` Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 288/817] octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_flows.c Greg Kroah-Hartman
` (539 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dipendra Khadka, Simon Horman,
Andrew Lunn, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dipendra Khadka <kdipendra88@gmail.com>
[ Upstream commit e26f8eac6bb20b20fdb8f7dc695711ebce4c7c5c ]
Add error pointer check after calling otx2_mbox_get_rsp().
Fixes: 75f36270990c ("octeontx2-pf: Support to enable/disable pause frames via ethtool")
Fixes: d0cf9503e908 ("octeontx2-pf: ethtool fec mode support")
Signed-off-by: Dipendra Khadka <kdipendra88@gmail.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Signed-off-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../net/ethernet/marvell/octeontx2/nic/otx2_ethtool.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/drivers/net/ethernet/marvell/octeontx2/nic/otx2_ethtool.c b/drivers/net/ethernet/marvell/octeontx2/nic/otx2_ethtool.c
index 0db62eb0dab3f..09317860e7382 100644
--- a/drivers/net/ethernet/marvell/octeontx2/nic/otx2_ethtool.c
+++ b/drivers/net/ethernet/marvell/octeontx2/nic/otx2_ethtool.c
@@ -343,6 +343,11 @@ static void otx2_get_pauseparam(struct net_device *netdev,
if (!otx2_sync_mbox_msg(&pfvf->mbox)) {
rsp = (struct cgx_pause_frm_cfg *)
otx2_mbox_get_rsp(&pfvf->mbox.mbox, 0, &req->hdr);
+ if (IS_ERR(rsp)) {
+ mutex_unlock(&pfvf->mbox.lock);
+ return;
+ }
+
pause->rx_pause = rsp->rx_pause;
pause->tx_pause = rsp->tx_pause;
}
@@ -1074,6 +1079,11 @@ static int otx2_set_fecparam(struct net_device *netdev,
rsp = (struct fec_mode *)otx2_mbox_get_rsp(&pfvf->mbox.mbox,
0, &req->hdr);
+ if (IS_ERR(rsp)) {
+ err = PTR_ERR(rsp);
+ goto end;
+ }
+
if (rsp->fec >= 0)
pfvf->linfo.fec = rsp->fec;
else
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 288/817] octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_flows.c
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (286 preceding siblings ...)
2024-12-03 14:37 ` [PATCH 6.11 287/817] octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_ethtool.c Greg Kroah-Hartman
@ 2024-12-03 14:37 ` Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 289/817] octeontx2-pf: handle otx2_mbox_get_rsp errors in cn10k.c Greg Kroah-Hartman
` (538 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dipendra Khadka, Simon Horman,
Andrew Lunn, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dipendra Khadka <kdipendra88@gmail.com>
[ Upstream commit bd3110bc102ab6292656b8118be819faa0de8dd0 ]
Adding error pointer check after calling otx2_mbox_get_rsp().
Fixes: 9917060fc30a ("octeontx2-pf: Cleanup flow rule management")
Fixes: f0a1913f8a6f ("octeontx2-pf: Add support for ethtool ntuple filters")
Fixes: 674b3e164238 ("octeontx2-pf: Add additional checks while configuring ucast/bcast/mcast rules")
Signed-off-by: Dipendra Khadka <kdipendra88@gmail.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Signed-off-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../net/ethernet/marvell/octeontx2/nic/otx2_flows.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/drivers/net/ethernet/marvell/octeontx2/nic/otx2_flows.c b/drivers/net/ethernet/marvell/octeontx2/nic/otx2_flows.c
index 98c31a16c70b4..58720a161ee24 100644
--- a/drivers/net/ethernet/marvell/octeontx2/nic/otx2_flows.c
+++ b/drivers/net/ethernet/marvell/octeontx2/nic/otx2_flows.c
@@ -119,6 +119,8 @@ int otx2_alloc_mcam_entries(struct otx2_nic *pfvf, u16 count)
rsp = (struct npc_mcam_alloc_entry_rsp *)otx2_mbox_get_rsp
(&pfvf->mbox.mbox, 0, &req->hdr);
+ if (IS_ERR(rsp))
+ goto exit;
for (ent = 0; ent < rsp->count; ent++)
flow_cfg->flow_ent[ent + allocated] = rsp->entry_list[ent];
@@ -197,6 +199,10 @@ int otx2_mcam_entry_init(struct otx2_nic *pfvf)
rsp = (struct npc_mcam_alloc_entry_rsp *)otx2_mbox_get_rsp
(&pfvf->mbox.mbox, 0, &req->hdr);
+ if (IS_ERR(rsp)) {
+ mutex_unlock(&pfvf->mbox.lock);
+ return PTR_ERR(rsp);
+ }
if (rsp->count != req->count) {
netdev_info(pfvf->netdev,
@@ -232,6 +238,10 @@ int otx2_mcam_entry_init(struct otx2_nic *pfvf)
frsp = (struct npc_get_field_status_rsp *)otx2_mbox_get_rsp
(&pfvf->mbox.mbox, 0, &freq->hdr);
+ if (IS_ERR(frsp)) {
+ mutex_unlock(&pfvf->mbox.lock);
+ return PTR_ERR(frsp);
+ }
if (frsp->enable) {
pfvf->flags |= OTX2_FLAG_RX_VLAN_SUPPORT;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 289/817] octeontx2-pf: handle otx2_mbox_get_rsp errors in cn10k.c
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (287 preceding siblings ...)
2024-12-03 14:37 ` [PATCH 6.11 288/817] octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_flows.c Greg Kroah-Hartman
@ 2024-12-03 14:37 ` Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 290/817] octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dmac_flt.c Greg Kroah-Hartman
` (537 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dipendra Khadka, Simon Horman,
Andrew Lunn, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dipendra Khadka <kdipendra88@gmail.com>
[ Upstream commit ac9183023b6a9c09467516abd8aab04f9a2f9564 ]
Add error pointer check after calling otx2_mbox_get_rsp().
Fixes: 2ca89a2c3752 ("octeontx2-pf: TC_MATCHALL ingress ratelimiting offload")
Signed-off-by: Dipendra Khadka <kdipendra88@gmail.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Signed-off-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/marvell/octeontx2/nic/cn10k.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/net/ethernet/marvell/octeontx2/nic/cn10k.c b/drivers/net/ethernet/marvell/octeontx2/nic/cn10k.c
index c1c99d7054f87..7417087b6db59 100644
--- a/drivers/net/ethernet/marvell/octeontx2/nic/cn10k.c
+++ b/drivers/net/ethernet/marvell/octeontx2/nic/cn10k.c
@@ -203,6 +203,11 @@ int cn10k_alloc_leaf_profile(struct otx2_nic *pfvf, u16 *leaf)
rsp = (struct nix_bandprof_alloc_rsp *)
otx2_mbox_get_rsp(&pfvf->mbox.mbox, 0, &req->hdr);
+ if (IS_ERR(rsp)) {
+ rc = PTR_ERR(rsp);
+ goto out;
+ }
+
if (!rsp->prof_count[BAND_PROF_LEAF_LAYER]) {
rc = -EIO;
goto out;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 290/817] octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dmac_flt.c
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (288 preceding siblings ...)
2024-12-03 14:37 ` [PATCH 6.11 289/817] octeontx2-pf: handle otx2_mbox_get_rsp errors in cn10k.c Greg Kroah-Hartman
@ 2024-12-03 14:37 ` Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 291/817] octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dcbnl.c Greg Kroah-Hartman
` (536 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dipendra Khadka, Simon Horman,
Andrew Lunn, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dipendra Khadka <kdipendra88@gmail.com>
[ Upstream commit f5b942e6c54b13246ee49d42dcfb71b7f29e3c64 ]
Add error pointer checks after calling otx2_mbox_get_rsp().
Fixes: 79d2be385e9e ("octeontx2-pf: offload DMAC filters to CGX/RPM block")
Fixes: fa5e0ccb8f3a ("octeontx2-pf: Add support for exact match table.")
Signed-off-by: Dipendra Khadka <kdipendra88@gmail.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Signed-off-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../net/ethernet/marvell/octeontx2/nic/otx2_dmac_flt.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/drivers/net/ethernet/marvell/octeontx2/nic/otx2_dmac_flt.c b/drivers/net/ethernet/marvell/octeontx2/nic/otx2_dmac_flt.c
index 80d853b343f98..2046dd0da00d8 100644
--- a/drivers/net/ethernet/marvell/octeontx2/nic/otx2_dmac_flt.c
+++ b/drivers/net/ethernet/marvell/octeontx2/nic/otx2_dmac_flt.c
@@ -28,6 +28,11 @@ static int otx2_dmacflt_do_add(struct otx2_nic *pf, const u8 *mac,
if (!err) {
rsp = (struct cgx_mac_addr_add_rsp *)
otx2_mbox_get_rsp(&pf->mbox.mbox, 0, &req->hdr);
+ if (IS_ERR(rsp)) {
+ mutex_unlock(&pf->mbox.lock);
+ return PTR_ERR(rsp);
+ }
+
*dmac_index = rsp->index;
}
@@ -200,6 +205,10 @@ int otx2_dmacflt_update(struct otx2_nic *pf, u8 *mac, u32 bit_pos)
rsp = (struct cgx_mac_addr_update_rsp *)
otx2_mbox_get_rsp(&pf->mbox.mbox, 0, &req->hdr);
+ if (IS_ERR(rsp)) {
+ rc = PTR_ERR(rsp);
+ goto out;
+ }
pf->flow_cfg->bmap_to_dmacindex[bit_pos] = rsp->index;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 291/817] octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dcbnl.c
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (289 preceding siblings ...)
2024-12-03 14:37 ` [PATCH 6.11 290/817] octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dmac_flt.c Greg Kroah-Hartman
@ 2024-12-03 14:37 ` Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 292/817] selftests/bpf: fix test_spin_lock_fail.cs global vars usage Greg Kroah-Hartman
` (535 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dipendra Khadka, Simon Horman,
Andrew Lunn, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dipendra Khadka <kdipendra88@gmail.com>
[ Upstream commit 69297b0d3369488af259e3a7cf53d69157938ea1 ]
Add error pointer check after calling otx2_mbox_get_rsp().
Fixes: 8e67558177f8 ("octeontx2-pf: PFC config support with DCBx")
Signed-off-by: Dipendra Khadka <kdipendra88@gmail.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Signed-off-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/marvell/octeontx2/nic/otx2_dcbnl.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/net/ethernet/marvell/octeontx2/nic/otx2_dcbnl.c b/drivers/net/ethernet/marvell/octeontx2/nic/otx2_dcbnl.c
index aa01110f04a33..294fba58b6709 100644
--- a/drivers/net/ethernet/marvell/octeontx2/nic/otx2_dcbnl.c
+++ b/drivers/net/ethernet/marvell/octeontx2/nic/otx2_dcbnl.c
@@ -315,6 +315,11 @@ int otx2_config_priority_flow_ctrl(struct otx2_nic *pfvf)
if (!otx2_sync_mbox_msg(&pfvf->mbox)) {
rsp = (struct cgx_pfc_rsp *)
otx2_mbox_get_rsp(&pfvf->mbox.mbox, 0, &req->hdr);
+ if (IS_ERR(rsp)) {
+ err = PTR_ERR(rsp);
+ goto unlock;
+ }
+
if (req->rx_pause != rsp->rx_pause || req->tx_pause != rsp->tx_pause) {
dev_warn(pfvf->dev,
"Failed to config PFC\n");
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 292/817] selftests/bpf: fix test_spin_lock_fail.cs global vars usage
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (290 preceding siblings ...)
2024-12-03 14:37 ` [PATCH 6.11 291/817] octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dcbnl.c Greg Kroah-Hartman
@ 2024-12-03 14:37 ` Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 293/817] libbpf: move global data mmap()ing into bpf_object__load() Greg Kroah-Hartman
` (534 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Andrii Nakryiko, Alexei Starovoitov,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andrii Nakryiko <andrii@kernel.org>
[ Upstream commit 1b2bfc29695d273492c3dd8512775261f3272686 ]
Global variables of special types (like `struct bpf_spin_lock`) make
underlying ARRAY maps non-mmapable. To make this work with libbpf's
mmaping logic, application is expected to declare such special variables
as static, so libbpf doesn't even attempt to mmap() such ARRAYs.
test_spin_lock_fail.c didn't follow this rule, but given it relied on
this test to trigger failures, this went unnoticed, as we never got to
the step of mmap()'ing these ARRAY maps.
It is fragile and relies on specific sequence of libbpf steps, which are
an internal implementation details.
Fix the test by marking lockA and lockB as static.
Fixes: c48748aea4f8 ("selftests/bpf: Add failure test cases for spin lock pairing")
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/r/20241023043908.3834423-2-andrii@kernel.org
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/bpf/progs/test_spin_lock_fail.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/tools/testing/selftests/bpf/progs/test_spin_lock_fail.c b/tools/testing/selftests/bpf/progs/test_spin_lock_fail.c
index 43f40c4fe241a..1c8b678e2e9a3 100644
--- a/tools/testing/selftests/bpf/progs/test_spin_lock_fail.c
+++ b/tools/testing/selftests/bpf/progs/test_spin_lock_fail.c
@@ -28,8 +28,8 @@ struct {
},
};
-SEC(".data.A") struct bpf_spin_lock lockA;
-SEC(".data.B") struct bpf_spin_lock lockB;
+static struct bpf_spin_lock lockA SEC(".data.A");
+static struct bpf_spin_lock lockB SEC(".data.B");
SEC("?tc")
int lock_id_kptr_preserve(void *ctx)
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 293/817] libbpf: move global data mmap()ing into bpf_object__load()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (291 preceding siblings ...)
2024-12-03 14:37 ` [PATCH 6.11 292/817] selftests/bpf: fix test_spin_lock_fail.cs global vars usage Greg Kroah-Hartman
@ 2024-12-03 14:37 ` Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 294/817] drm/panfrost: Remove unused id_mask from struct panfrost_model Greg Kroah-Hartman
` (533 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Alastair Robertson, Jonathan Wiepert,
Andrii Nakryiko, Alexei Starovoitov, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andrii Nakryiko <andrii@kernel.org>
[ Upstream commit 137978f422516a128326df55c0ba23605f925e21 ]
Since BPF skeleton inception libbpf has been doing mmap()'ing of global
data ARRAY maps in bpf_object__load_skeleton() API, which is used by
code generated .skel.h files (i.e., by BPF skeletons only).
This is wrong because if BPF object is loaded through generic
bpf_object__load() API, global data maps won't be re-mmap()'ed after
load step, and memory pointers returned from bpf_map__initial_value()
would be wrong and won't reflect the actual memory shared between BPF
program and user space.
bpf_map__initial_value() return result is rarely used after load, so
this went unnoticed for a really long time, until bpftrace project
attempted to load BPF object through generic bpf_object__load() API and
then used BPF subskeleton instantiated from such bpf_object. It turned
out that .data/.rodata/.bss data updates through such subskeleton was
"blackholed", all because libbpf wouldn't re-mmap() those maps during
bpf_object__load() phase.
Long story short, this step should be done by libbpf regardless of BPF
skeleton usage, right after BPF map is created in the kernel. This patch
moves this functionality into bpf_object__populate_internal_map() to
achieve this. And bpf_object__load_skeleton() is now simple and almost
trivial, only propagating these mmap()'ed pointers into user-supplied
skeleton structs.
We also do trivial adjustments to error reporting inside
bpf_object__populate_internal_map() for consistency with the rest of
libbpf's map-handling code.
Reported-by: Alastair Robertson <ajor@meta.com>
Reported-by: Jonathan Wiepert <jwiepert@meta.com>
Fixes: d66562fba1ce ("libbpf: Add BPF object skeleton support")
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/r/20241023043908.3834423-3-andrii@kernel.org
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/lib/bpf/libbpf.c | 83 ++++++++++++++++++++----------------------
1 file changed, 40 insertions(+), 43 deletions(-)
diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c
index 12d99b9ddb7c1..f1da986ab9217 100644
--- a/tools/lib/bpf/libbpf.c
+++ b/tools/lib/bpf/libbpf.c
@@ -5094,6 +5094,7 @@ bpf_object__populate_internal_map(struct bpf_object *obj, struct bpf_map *map)
enum libbpf_map_type map_type = map->libbpf_type;
char *cp, errmsg[STRERR_BUFSIZE];
int err, zero = 0;
+ size_t mmap_sz;
if (obj->gen_loader) {
bpf_gen__map_update_elem(obj->gen_loader, map - obj->maps,
@@ -5107,8 +5108,8 @@ bpf_object__populate_internal_map(struct bpf_object *obj, struct bpf_map *map)
if (err) {
err = -errno;
cp = libbpf_strerror_r(err, errmsg, sizeof(errmsg));
- pr_warn("Error setting initial map(%s) contents: %s\n",
- map->name, cp);
+ pr_warn("map '%s': failed to set initial contents: %s\n",
+ bpf_map__name(map), cp);
return err;
}
@@ -5118,11 +5119,43 @@ bpf_object__populate_internal_map(struct bpf_object *obj, struct bpf_map *map)
if (err) {
err = -errno;
cp = libbpf_strerror_r(err, errmsg, sizeof(errmsg));
- pr_warn("Error freezing map(%s) as read-only: %s\n",
- map->name, cp);
+ pr_warn("map '%s': failed to freeze as read-only: %s\n",
+ bpf_map__name(map), cp);
return err;
}
}
+
+ /* Remap anonymous mmap()-ed "map initialization image" as
+ * a BPF map-backed mmap()-ed memory, but preserving the same
+ * memory address. This will cause kernel to change process'
+ * page table to point to a different piece of kernel memory,
+ * but from userspace point of view memory address (and its
+ * contents, being identical at this point) will stay the
+ * same. This mapping will be released by bpf_object__close()
+ * as per normal clean up procedure.
+ */
+ mmap_sz = bpf_map_mmap_sz(map);
+ if (map->def.map_flags & BPF_F_MMAPABLE) {
+ void *mmaped;
+ int prot;
+
+ if (map->def.map_flags & BPF_F_RDONLY_PROG)
+ prot = PROT_READ;
+ else
+ prot = PROT_READ | PROT_WRITE;
+ mmaped = mmap(map->mmaped, mmap_sz, prot, MAP_SHARED | MAP_FIXED, map->fd, 0);
+ if (mmaped == MAP_FAILED) {
+ err = -errno;
+ pr_warn("map '%s': failed to re-mmap() contents: %d\n",
+ bpf_map__name(map), err);
+ return err;
+ }
+ map->mmaped = mmaped;
+ } else if (map->mmaped) {
+ munmap(map->mmaped, mmap_sz);
+ map->mmaped = NULL;
+ }
+
return 0;
}
@@ -5439,8 +5472,7 @@ bpf_object__create_maps(struct bpf_object *obj)
err = bpf_object__populate_internal_map(obj, map);
if (err < 0)
goto err_out;
- }
- if (map->def.type == BPF_MAP_TYPE_ARENA) {
+ } else if (map->def.type == BPF_MAP_TYPE_ARENA) {
map->mmaped = mmap((void *)(long)map->map_extra,
bpf_map_mmap_sz(map), PROT_READ | PROT_WRITE,
map->map_extra ? MAP_SHARED | MAP_FIXED : MAP_SHARED,
@@ -13876,46 +13908,11 @@ int bpf_object__load_skeleton(struct bpf_object_skeleton *s)
for (i = 0; i < s->map_cnt; i++) {
struct bpf_map_skeleton *map_skel = (void *)s->maps + i * s->map_skel_sz;
struct bpf_map *map = *map_skel->map;
- size_t mmap_sz = bpf_map_mmap_sz(map);
- int prot, map_fd = map->fd;
- void **mmaped = map_skel->mmaped;
-
- if (!mmaped)
- continue;
-
- if (!(map->def.map_flags & BPF_F_MMAPABLE)) {
- *mmaped = NULL;
- continue;
- }
- if (map->def.type == BPF_MAP_TYPE_ARENA) {
- *mmaped = map->mmaped;
+ if (!map_skel->mmaped)
continue;
- }
-
- if (map->def.map_flags & BPF_F_RDONLY_PROG)
- prot = PROT_READ;
- else
- prot = PROT_READ | PROT_WRITE;
- /* Remap anonymous mmap()-ed "map initialization image" as
- * a BPF map-backed mmap()-ed memory, but preserving the same
- * memory address. This will cause kernel to change process'
- * page table to point to a different piece of kernel memory,
- * but from userspace point of view memory address (and its
- * contents, being identical at this point) will stay the
- * same. This mapping will be released by bpf_object__close()
- * as per normal clean up procedure, so we don't need to worry
- * about it from skeleton's clean up perspective.
- */
- *mmaped = mmap(map->mmaped, mmap_sz, prot, MAP_SHARED | MAP_FIXED, map_fd, 0);
- if (*mmaped == MAP_FAILED) {
- err = -errno;
- *mmaped = NULL;
- pr_warn("failed to re-mmap() map '%s': %d\n",
- bpf_map__name(map), err);
- return libbpf_err(err);
- }
+ *map_skel->mmaped = map->mmaped;
}
return 0;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 294/817] drm/panfrost: Remove unused id_mask from struct panfrost_model
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (292 preceding siblings ...)
2024-12-03 14:37 ` [PATCH 6.11 293/817] libbpf: move global data mmap()ing into bpf_object__load() Greg Kroah-Hartman
@ 2024-12-03 14:37 ` Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 295/817] bpf, arm64: Remove garbage frame for struct_ops trampoline Greg Kroah-Hartman
` (532 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Steven Price, Boris Brezillon,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Steven Price <steven.price@arm.com>
[ Upstream commit 581d1f8248550f2b67847e6d84f29fbe3751ea0a ]
The id_mask field of struct panfrost_model has never been used.
Fixes: f3ba91228e8e ("drm/panfrost: Add initial panfrost driver")
Signed-off-by: Steven Price <steven.price@arm.com>
Reviewed-by: Boris Brezillon <boris.brezillon@collabora.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20241025140008.385081-1-steven.price@arm.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/panfrost/panfrost_gpu.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/gpu/drm/panfrost/panfrost_gpu.c b/drivers/gpu/drm/panfrost/panfrost_gpu.c
index fd8e44992184f..b52dd510e0367 100644
--- a/drivers/gpu/drm/panfrost/panfrost_gpu.c
+++ b/drivers/gpu/drm/panfrost/panfrost_gpu.c
@@ -177,7 +177,6 @@ static void panfrost_gpu_init_quirks(struct panfrost_device *pfdev)
struct panfrost_model {
const char *name;
u32 id;
- u32 id_mask;
u64 features;
u64 issues;
struct {
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 295/817] bpf, arm64: Remove garbage frame for struct_ops trampoline
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (293 preceding siblings ...)
2024-12-03 14:37 ` [PATCH 6.11 294/817] drm/panfrost: Remove unused id_mask from struct panfrost_model Greg Kroah-Hartman
@ 2024-12-03 14:37 ` Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 296/817] drm/msm/adreno: Use IRQF_NO_AUTOEN flag in request_irq() Greg Kroah-Hartman
` (531 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Xu Kuohai, Puranjay Mohan,
Alexei Starovoitov, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Xu Kuohai <xukuohai@huawei.com>
[ Upstream commit 87cb58aebdf7005661a07e9fd5a900f924d48c75 ]
The callsite layout for arm64 fentry is:
mov x9, lr
nop
When a bpf prog is attached, the nop instruction is patched to a call
to bpf trampoline:
mov x9, lr
bl <bpf trampoline>
So two return addresses are passed to bpf trampoline: the return address
for the traced function/prog, stored in x9, and the return address for
the bpf trampoline itself, stored in lr. To obtain a full and accurate
call stack, the bpf trampoline constructs two fake function frames using
x9 and lr.
However, struct_ops progs are invoked directly as function callbacks,
meaning that x9 is not set as it is in the fentry callsite. In this case,
the frame constructed using x9 is garbage. The following stack trace for
struct_ops, captured by perf sampling, illustrates this issue, where
tcp_ack+0x404 is a garbage frame:
ffffffc0801a04b4 bpf_prog_50992e55a0f655a9_bpf_cubic_cong_avoid+0x98 (bpf_prog_50992e55a0f655a9_bpf_cubic_cong_avoid)
ffffffc0801a228c [unknown] ([kernel.kallsyms]) // bpf trampoline
ffffffd08d362590 tcp_ack+0x798 ([kernel.kallsyms]) // caller for bpf trampoline
ffffffd08d3621fc tcp_ack+0x404 ([kernel.kallsyms]) // garbage frame
ffffffd08d36452c tcp_rcv_established+0x4ac ([kernel.kallsyms])
ffffffd08d375c58 tcp_v4_do_rcv+0x1f0 ([kernel.kallsyms])
ffffffd08d378630 tcp_v4_rcv+0xeb8 ([kernel.kallsyms])
To fix it, construct only one frame using lr for struct_ops.
The above stack trace also indicates that there is no kernel symbol for
struct_ops bpf trampoline. This will be addressed in a follow-up patch.
Fixes: efc9909fdce0 ("bpf, arm64: Add bpf trampoline for arm64")
Signed-off-by: Xu Kuohai <xukuohai@huawei.com>
Acked-by: Puranjay Mohan <puranjay@kernel.org>
Tested-by: Puranjay Mohan <puranjay@kernel.org>
Link: https://lore.kernel.org/r/20241025085220.533949-1-xukuohai@huaweicloud.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/net/bpf_jit_comp.c | 47 +++++++++++++++++++++++------------
1 file changed, 31 insertions(+), 16 deletions(-)
diff --git a/arch/arm64/net/bpf_jit_comp.c b/arch/arm64/net/bpf_jit_comp.c
index 6e5a934ee2f55..984fc63ed0bd9 100644
--- a/arch/arm64/net/bpf_jit_comp.c
+++ b/arch/arm64/net/bpf_jit_comp.c
@@ -2046,6 +2046,12 @@ static void restore_args(struct jit_ctx *ctx, int args_off, int nregs)
}
}
+static bool is_struct_ops_tramp(const struct bpf_tramp_links *fentry_links)
+{
+ return fentry_links->nr_links == 1 &&
+ fentry_links->links[0]->link.type == BPF_LINK_TYPE_STRUCT_OPS;
+}
+
/* Based on the x86's implementation of arch_prepare_bpf_trampoline().
*
* bpf prog and function entry before bpf trampoline hooked:
@@ -2075,6 +2081,7 @@ static int prepare_trampoline(struct jit_ctx *ctx, struct bpf_tramp_image *im,
struct bpf_tramp_links *fmod_ret = &tlinks[BPF_TRAMP_MODIFY_RETURN];
bool save_ret;
__le32 **branches = NULL;
+ bool is_struct_ops = is_struct_ops_tramp(fentry);
/* trampoline stack layout:
* [ parent ip ]
@@ -2143,11 +2150,14 @@ static int prepare_trampoline(struct jit_ctx *ctx, struct bpf_tramp_image *im,
*/
emit_bti(A64_BTI_JC, ctx);
- /* frame for parent function */
- emit(A64_PUSH(A64_FP, A64_R(9), A64_SP), ctx);
- emit(A64_MOV(1, A64_FP, A64_SP), ctx);
+ /* x9 is not set for struct_ops */
+ if (!is_struct_ops) {
+ /* frame for parent function */
+ emit(A64_PUSH(A64_FP, A64_R(9), A64_SP), ctx);
+ emit(A64_MOV(1, A64_FP, A64_SP), ctx);
+ }
- /* frame for patched function */
+ /* frame for patched function for tracing, or caller for struct_ops */
emit(A64_PUSH(A64_FP, A64_LR, A64_SP), ctx);
emit(A64_MOV(1, A64_FP, A64_SP), ctx);
@@ -2241,19 +2251,24 @@ static int prepare_trampoline(struct jit_ctx *ctx, struct bpf_tramp_image *im,
/* reset SP */
emit(A64_MOV(1, A64_SP, A64_FP), ctx);
- /* pop frames */
- emit(A64_POP(A64_FP, A64_LR, A64_SP), ctx);
- emit(A64_POP(A64_FP, A64_R(9), A64_SP), ctx);
-
- if (flags & BPF_TRAMP_F_SKIP_FRAME) {
- /* skip patched function, return to parent */
- emit(A64_MOV(1, A64_LR, A64_R(9)), ctx);
- emit(A64_RET(A64_R(9)), ctx);
+ if (is_struct_ops) {
+ emit(A64_POP(A64_FP, A64_LR, A64_SP), ctx);
+ emit(A64_RET(A64_LR), ctx);
} else {
- /* return to patched function */
- emit(A64_MOV(1, A64_R(10), A64_LR), ctx);
- emit(A64_MOV(1, A64_LR, A64_R(9)), ctx);
- emit(A64_RET(A64_R(10)), ctx);
+ /* pop frames */
+ emit(A64_POP(A64_FP, A64_LR, A64_SP), ctx);
+ emit(A64_POP(A64_FP, A64_R(9), A64_SP), ctx);
+
+ if (flags & BPF_TRAMP_F_SKIP_FRAME) {
+ /* skip patched function, return to parent */
+ emit(A64_MOV(1, A64_LR, A64_R(9)), ctx);
+ emit(A64_RET(A64_R(9)), ctx);
+ } else {
+ /* return to patched function */
+ emit(A64_MOV(1, A64_R(10), A64_LR), ctx);
+ emit(A64_MOV(1, A64_LR, A64_R(9)), ctx);
+ emit(A64_RET(A64_R(10)), ctx);
+ }
}
kfree(branches);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 296/817] drm/msm/adreno: Use IRQF_NO_AUTOEN flag in request_irq()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (294 preceding siblings ...)
2024-12-03 14:37 ` [PATCH 6.11 295/817] bpf, arm64: Remove garbage frame for struct_ops trampoline Greg Kroah-Hartman
@ 2024-12-03 14:37 ` Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 297/817] drm/msm/gpu: Check the status of registration to PM QoS Greg Kroah-Hartman
` (530 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dmitry Baryshkov, Jinjie Ruan,
Rob Clark, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jinjie Ruan <ruanjinjie@huawei.com>
[ Upstream commit 394679f322649d06fea3c646ba65f5a0887f52c3 ]
disable_irq() after request_irq() still has a time gap in which
interrupts can come. request_irq() with IRQF_NO_AUTOEN flag will
disable IRQ auto-enable when request IRQ.
Fixes: 4b565ca5a2cb ("drm/msm: Add A6XX device support")
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Jinjie Ruan <ruanjinjie@huawei.com>
Patchwork: https://patchwork.freedesktop.org/patch/614075/
Signed-off-by: Rob Clark <robdclark@chromium.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/msm/adreno/a6xx_gmu.c b/drivers/gpu/drm/msm/adreno/a6xx_gmu.c
index cb538a262d1c1..db36c81d0f123 100644
--- a/drivers/gpu/drm/msm/adreno/a6xx_gmu.c
+++ b/drivers/gpu/drm/msm/adreno/a6xx_gmu.c
@@ -1505,15 +1505,13 @@ static int a6xx_gmu_get_irq(struct a6xx_gmu *gmu, struct platform_device *pdev,
irq = platform_get_irq_byname(pdev, name);
- ret = request_irq(irq, handler, IRQF_TRIGGER_HIGH, name, gmu);
+ ret = request_irq(irq, handler, IRQF_TRIGGER_HIGH | IRQF_NO_AUTOEN, name, gmu);
if (ret) {
DRM_DEV_ERROR(&pdev->dev, "Unable to get interrupt %s %d\n",
name, ret);
return ret;
}
- disable_irq(irq);
-
return irq;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 297/817] drm/msm/gpu: Check the status of registration to PM QoS
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (295 preceding siblings ...)
2024-12-03 14:37 ` [PATCH 6.11 296/817] drm/msm/adreno: Use IRQF_NO_AUTOEN flag in request_irq() Greg Kroah-Hartman
@ 2024-12-03 14:37 ` Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 298/817] drm/xe/hdcp: Fix gsc structure check in fw check status Greg Kroah-Hartman
` (529 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:37 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Lukasz Luba, Rob Clark, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Lukasz Luba <lukasz.luba@arm.com>
[ Upstream commit 8f32ddd87e499ba6d2dc74ce30b6932baf1e1fc3 ]
There is a need to check the returned value of the registration function.
In case of returned error, print that and stop the init process.
Fixes: 7c0ffcd40b16 ("drm/msm/gpu: Respect PM QoS constraints")
Signed-off-by: Lukasz Luba <lukasz.luba@arm.com>
Patchwork: https://patchwork.freedesktop.org/patch/620336/
Signed-off-by: Rob Clark <robdclark@chromium.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/msm/msm_gpu_devfreq.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/msm/msm_gpu_devfreq.c b/drivers/gpu/drm/msm/msm_gpu_devfreq.c
index ea70c1c32d940..6970b0f7f457c 100644
--- a/drivers/gpu/drm/msm/msm_gpu_devfreq.c
+++ b/drivers/gpu/drm/msm/msm_gpu_devfreq.c
@@ -140,6 +140,7 @@ void msm_devfreq_init(struct msm_gpu *gpu)
{
struct msm_gpu_devfreq *df = &gpu->devfreq;
struct msm_drm_private *priv = gpu->dev->dev_private;
+ int ret;
/* We need target support to do devfreq */
if (!gpu->funcs->gpu_busy)
@@ -156,8 +157,12 @@ void msm_devfreq_init(struct msm_gpu *gpu)
mutex_init(&df->lock);
- dev_pm_qos_add_request(&gpu->pdev->dev, &df->boost_freq,
- DEV_PM_QOS_MIN_FREQUENCY, 0);
+ ret = dev_pm_qos_add_request(&gpu->pdev->dev, &df->boost_freq,
+ DEV_PM_QOS_MIN_FREQUENCY, 0);
+ if (ret < 0) {
+ DRM_DEV_ERROR(&gpu->pdev->dev, "Couldn't initialize QoS\n");
+ return;
+ }
msm_devfreq_profile.initial_freq = gpu->fast_rate;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 298/817] drm/xe/hdcp: Fix gsc structure check in fw check status
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (296 preceding siblings ...)
2024-12-03 14:37 ` [PATCH 6.11 297/817] drm/msm/gpu: Check the status of registration to PM QoS Greg Kroah-Hartman
@ 2024-12-03 14:37 ` Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 299/817] drm/etnaviv: Request pages from DMA32 zone on addressing_limited Greg Kroah-Hartman
` (528 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:37 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Suraj Kandpal, Matt Roper,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Suraj Kandpal <suraj.kandpal@intel.com>
[ Upstream commit 182a32bcc223203c57761889fac7fa2dbb34684b ]
Fix the condition for gsc structure validity in
gsc_cs_status_check(). It needs to be an OR and not an AND
condition
Fixes: b4224f6bae38 ("drm/xe/hdcp: Check GSC structure validity")
Signed-off-by: Suraj Kandpal <suraj.kandpal@intel.com>
Reviewed-by: Matt Roper <matthew.d.roper@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20241025160834.8785-1-suraj.kandpal@intel.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/xe/display/xe_hdcp_gsc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/xe/display/xe_hdcp_gsc.c b/drivers/gpu/drm/xe/display/xe_hdcp_gsc.c
index 0af667ebebf98..09b87d70e34c6 100644
--- a/drivers/gpu/drm/xe/display/xe_hdcp_gsc.c
+++ b/drivers/gpu/drm/xe/display/xe_hdcp_gsc.c
@@ -43,7 +43,7 @@ bool intel_hdcp_gsc_check_status(struct xe_device *xe)
struct xe_gsc *gsc = >->uc.gsc;
bool ret = true;
- if (!gsc && !xe_uc_fw_is_enabled(&gsc->fw)) {
+ if (!gsc || !xe_uc_fw_is_enabled(&gsc->fw)) {
drm_dbg_kms(&xe->drm,
"GSC Components not ready for HDCP2.x\n");
return false;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 299/817] drm/etnaviv: Request pages from DMA32 zone on addressing_limited
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (297 preceding siblings ...)
2024-12-03 14:37 ` [PATCH 6.11 298/817] drm/xe/hdcp: Fix gsc structure check in fw check status Greg Kroah-Hartman
@ 2024-12-03 14:37 ` Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 300/817] drm/etnaviv: hold GPU lock across perfmon sampling Greg Kroah-Hartman
` (527 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Sui Jingfeng, Xiaolei Wang,
Christian Gmeiner, Lucas Stach, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Xiaolei Wang <xiaolei.wang@windriver.com>
[ Upstream commit 13c96ac9a3f0f1c7ba1ff0656ea508e7fa065e7e ]
Remove __GFP_HIGHMEM when requesting a page from DMA32 zone,
and since all vivante GPUs in the system will share the same
DMA constraints, move the check of whether to get a page from
DMA32 to etnaviv_bind().
Fixes: b72af445cd38 ("drm/etnaviv: request pages from DMA32 zone when needed")
Suggested-by: Sui Jingfeng <sui.jingfeng@linux.dev>
Signed-off-by: Xiaolei Wang <xiaolei.wang@windriver.com>
Reviewed-by: Christian Gmeiner <cgmeiner@igalia.com>
Signed-off-by: Lucas Stach <l.stach@pengutronix.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/etnaviv/etnaviv_drv.c | 10 ++++++++++
drivers/gpu/drm/etnaviv/etnaviv_gpu.c | 8 --------
2 files changed, 10 insertions(+), 8 deletions(-)
diff --git a/drivers/gpu/drm/etnaviv/etnaviv_drv.c b/drivers/gpu/drm/etnaviv/etnaviv_drv.c
index 6500f3999c5fa..19ec67a5a918e 100644
--- a/drivers/gpu/drm/etnaviv/etnaviv_drv.c
+++ b/drivers/gpu/drm/etnaviv/etnaviv_drv.c
@@ -538,6 +538,16 @@ static int etnaviv_bind(struct device *dev)
priv->num_gpus = 0;
priv->shm_gfp_mask = GFP_HIGHUSER | __GFP_RETRY_MAYFAIL | __GFP_NOWARN;
+ /*
+ * If the GPU is part of a system with DMA addressing limitations,
+ * request pages for our SHM backend buffers from the DMA32 zone to
+ * hopefully avoid performance killing SWIOTLB bounce buffering.
+ */
+ if (dma_addressing_limited(dev)) {
+ priv->shm_gfp_mask |= GFP_DMA32;
+ priv->shm_gfp_mask &= ~__GFP_HIGHMEM;
+ }
+
priv->cmdbuf_suballoc = etnaviv_cmdbuf_suballoc_new(drm->dev);
if (IS_ERR(priv->cmdbuf_suballoc)) {
dev_err(drm->dev, "Failed to create cmdbuf suballocator\n");
diff --git a/drivers/gpu/drm/etnaviv/etnaviv_gpu.c b/drivers/gpu/drm/etnaviv/etnaviv_gpu.c
index 7c7f97793ddd0..5e753dd42f721 100644
--- a/drivers/gpu/drm/etnaviv/etnaviv_gpu.c
+++ b/drivers/gpu/drm/etnaviv/etnaviv_gpu.c
@@ -839,14 +839,6 @@ int etnaviv_gpu_init(struct etnaviv_gpu *gpu)
if (ret)
goto fail;
- /*
- * If the GPU is part of a system with DMA addressing limitations,
- * request pages for our SHM backend buffers from the DMA32 zone to
- * hopefully avoid performance killing SWIOTLB bounce buffering.
- */
- if (dma_addressing_limited(gpu->dev))
- priv->shm_gfp_mask |= GFP_DMA32;
-
/* Create buffer: */
ret = etnaviv_cmdbuf_init(priv->cmdbuf_suballoc, &gpu->buffer,
PAGE_SIZE);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 300/817] drm/etnaviv: hold GPU lock across perfmon sampling
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (298 preceding siblings ...)
2024-12-03 14:37 ` [PATCH 6.11 299/817] drm/etnaviv: Request pages from DMA32 zone on addressing_limited Greg Kroah-Hartman
@ 2024-12-03 14:37 ` Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 301/817] drm/amd/display: Increase idle worker HPD detection time Greg Kroah-Hartman
` (526 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christian Gmeiner, Lucas Stach,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Lucas Stach <l.stach@pengutronix.de>
[ Upstream commit 37dc4737447a7667f8e9ec790dac251da057eb27 ]
The perfmon sampling mutates shared GPU state (e.g. VIVS_HI_CLOCK_CONTROL
to select the pipe for the perf counter reads). To avoid clashing with
other functions mutating the same state (e.g. etnaviv_gpu_update_clock)
the perfmon sampling needs to hold the GPU lock.
Fixes: 68dc0b295dcb ("drm/etnaviv: use 'sync points' for performance monitor requests")
Reviewed-by: Christian Gmeiner <cgmeiner@igalia.com>
Signed-off-by: Lucas Stach <l.stach@pengutronix.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/etnaviv/etnaviv_gpu.c | 20 ++++++++++++++------
1 file changed, 14 insertions(+), 6 deletions(-)
diff --git a/drivers/gpu/drm/etnaviv/etnaviv_gpu.c b/drivers/gpu/drm/etnaviv/etnaviv_gpu.c
index 5e753dd42f721..df0bc828a2348 100644
--- a/drivers/gpu/drm/etnaviv/etnaviv_gpu.c
+++ b/drivers/gpu/drm/etnaviv/etnaviv_gpu.c
@@ -1322,6 +1322,8 @@ static void sync_point_perfmon_sample_pre(struct etnaviv_gpu *gpu,
{
u32 val;
+ mutex_lock(&gpu->lock);
+
/* disable clock gating */
val = gpu_read_power(gpu, VIVS_PM_POWER_CONTROLS);
val &= ~VIVS_PM_POWER_CONTROLS_ENABLE_MODULE_CLOCK_GATING;
@@ -1333,6 +1335,8 @@ static void sync_point_perfmon_sample_pre(struct etnaviv_gpu *gpu,
gpu_write(gpu, VIVS_HI_CLOCK_CONTROL, val);
sync_point_perfmon_sample(gpu, event, ETNA_PM_PROCESS_PRE);
+
+ mutex_unlock(&gpu->lock);
}
static void sync_point_perfmon_sample_post(struct etnaviv_gpu *gpu,
@@ -1342,13 +1346,9 @@ static void sync_point_perfmon_sample_post(struct etnaviv_gpu *gpu,
unsigned int i;
u32 val;
- sync_point_perfmon_sample(gpu, event, ETNA_PM_PROCESS_POST);
-
- for (i = 0; i < submit->nr_pmrs; i++) {
- const struct etnaviv_perfmon_request *pmr = submit->pmrs + i;
+ mutex_lock(&gpu->lock);
- *pmr->bo_vma = pmr->sequence;
- }
+ sync_point_perfmon_sample(gpu, event, ETNA_PM_PROCESS_POST);
/* disable debug register */
val = gpu_read(gpu, VIVS_HI_CLOCK_CONTROL);
@@ -1359,6 +1359,14 @@ static void sync_point_perfmon_sample_post(struct etnaviv_gpu *gpu,
val = gpu_read_power(gpu, VIVS_PM_POWER_CONTROLS);
val |= VIVS_PM_POWER_CONTROLS_ENABLE_MODULE_CLOCK_GATING;
gpu_write_power(gpu, VIVS_PM_POWER_CONTROLS, val);
+
+ mutex_unlock(&gpu->lock);
+
+ for (i = 0; i < submit->nr_pmrs; i++) {
+ const struct etnaviv_perfmon_request *pmr = submit->pmrs + i;
+
+ *pmr->bo_vma = pmr->sequence;
+ }
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 301/817] drm/amd/display: Increase idle worker HPD detection time
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (299 preceding siblings ...)
2024-12-03 14:37 ` [PATCH 6.11 300/817] drm/etnaviv: hold GPU lock across perfmon sampling Greg Kroah-Hartman
@ 2024-12-03 14:37 ` Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 302/817] drm/amd/display: Reduce HPD Detection Interval for IPS Greg Kroah-Hartman
` (525 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Sun peng Li, Roman Li,
Daniel Wheeler, Alex Deucher, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Roman Li <Roman.Li@amd.com>
[ Upstream commit 60612f75992d96955fb7154468c58d5d168cf1ab ]
[Why]
Idle worker thread waits HPD_DETECTION_TIME for HPD processing complete.
Some displays require longer time for that.
[How]
Increase HPD_DETECTION_TIME to 100ms.
Reviewed-by: Sun peng Li <sunpeng.li@amd.com>
Signed-off-by: Roman Li <Roman.Li@amd.com>
Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Stable-dep-of: a88b19b13fb4 ("drm/amd/display: Reduce HPD Detection Interval for IPS")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_crtc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_crtc.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_crtc.c
index df3d124c4d7a1..4593c158cc156 100644
--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_crtc.c
+++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_crtc.c
@@ -36,7 +36,7 @@
#include "amdgpu_dm_debugfs.h"
#define HPD_DETECTION_PERIOD_uS 5000000
-#define HPD_DETECTION_TIME_uS 1000
+#define HPD_DETECTION_TIME_uS 100000
void amdgpu_dm_crtc_handle_vblank(struct amdgpu_crtc *acrtc)
{
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 302/817] drm/amd/display: Reduce HPD Detection Interval for IPS
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (300 preceding siblings ...)
2024-12-03 14:37 ` [PATCH 6.11 301/817] drm/amd/display: Increase idle worker HPD detection time Greg Kroah-Hartman
@ 2024-12-03 14:37 ` Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 303/817] drm/nouveau/gr/gf100: Fix missing unlock in gf100_gr_chan_new() Greg Kroah-Hartman
` (524 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Roman Li, Fangzhi Zuo, Tom Chung,
Daniel Wheeler, Alex Deucher, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Fangzhi Zuo <Jerry.Zuo@amd.com>
[ Upstream commit a88b19b13fb41a3fa03ec67b5f57cc267fbfb160 ]
Fix DP Compliance test 4.2.1.3, 4.2.2.8, 4.3.1.12, 4.3.1.13
when IPS enabled.
Original HPD detection interval is set to 5s which violates DP
compliance.
Reduce the interval parameter, such that link training can be
finished within 5 seconds.
Fixes: afca033f10d3 ("drm/amd/display: Add periodic detection for IPS")
Reviewed-by: Roman Li <roman.li@amd.com>
Signed-off-by: Fangzhi Zuo <Jerry.Zuo@amd.com>
Signed-off-by: Tom Chung <chiahsuan.chung@amd.com>
Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_crtc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_crtc.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_crtc.c
index 4593c158cc156..5ca9cdbac3d72 100644
--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_crtc.c
+++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_crtc.c
@@ -35,7 +35,7 @@
#include "amdgpu_dm_trace.h"
#include "amdgpu_dm_debugfs.h"
-#define HPD_DETECTION_PERIOD_uS 5000000
+#define HPD_DETECTION_PERIOD_uS 2000000
#define HPD_DETECTION_TIME_uS 100000
void amdgpu_dm_crtc_handle_vblank(struct amdgpu_crtc *acrtc)
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 303/817] drm/nouveau/gr/gf100: Fix missing unlock in gf100_gr_chan_new()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (301 preceding siblings ...)
2024-12-03 14:37 ` [PATCH 6.11 302/817] drm/amd/display: Reduce HPD Detection Interval for IPS Greg Kroah-Hartman
@ 2024-12-03 14:37 ` Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 304/817] drm: zynqmp_kms: Unplug DRM device before removal Greg Kroah-Hartman
` (523 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:37 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Li Huafei, Lyude Paul, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Li Huafei <lihuafei1@huawei.com>
[ Upstream commit a2f599046c671d6b46d93aed95b37241ce4504cf ]
When the call to gf100_grctx_generate() fails, unlock gr->fecs.mutex
before returning the error.
Fixes smatch warning:
drivers/gpu/drm/nouveau/nvkm/engine/gr/gf100.c:480 gf100_gr_chan_new() warn: inconsistent returns '&gr->fecs.mutex'.
Fixes: ca081fff6ecc ("drm/nouveau/gr/gf100-: generate golden context during first object alloc")
Signed-off-by: Li Huafei <lihuafei1@huawei.com>
Reviewed-by: Lyude Paul <lyude@redhat.com>
Signed-off-by: Lyude Paul <lyude@redhat.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20241026173844.2392679-1-lihuafei1@huawei.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/nouveau/nvkm/engine/gr/gf100.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/gpu/drm/nouveau/nvkm/engine/gr/gf100.c b/drivers/gpu/drm/nouveau/nvkm/engine/gr/gf100.c
index 060c74a80eb14..3ea447f6a45b5 100644
--- a/drivers/gpu/drm/nouveau/nvkm/engine/gr/gf100.c
+++ b/drivers/gpu/drm/nouveau/nvkm/engine/gr/gf100.c
@@ -443,6 +443,7 @@ gf100_gr_chan_new(struct nvkm_gr *base, struct nvkm_chan *fifoch,
ret = gf100_grctx_generate(gr, chan, fifoch->inst);
if (ret) {
nvkm_error(&base->engine.subdev, "failed to construct context\n");
+ mutex_unlock(&gr->fecs.mutex);
return ret;
}
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 304/817] drm: zynqmp_kms: Unplug DRM device before removal
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (302 preceding siblings ...)
2024-12-03 14:37 ` [PATCH 6.11 303/817] drm/nouveau/gr/gf100: Fix missing unlock in gf100_gr_chan_new() Greg Kroah-Hartman
@ 2024-12-03 14:37 ` Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 305/817] drm: xlnx: zynqmp_disp: layer may be null while releasing Greg Kroah-Hartman
` (522 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Sean Anderson, Tomi Valkeinen,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sean Anderson <sean.anderson@linux.dev>
[ Upstream commit 2e07c88914fc5289c21820b1aa94f058feb38197 ]
Prevent userspace accesses to the DRM device from causing
use-after-frees by unplugging the device before we remove it. This
causes any further userspace accesses to result in an error without
further calls into this driver's internals.
Fixes: d76271d22694 ("drm: xlnx: DRM/KMS driver for Xilinx ZynqMP DisplayPort Subsystem")
Closes: https://lore.kernel.org/dri-devel/4d8f4c9b-2efb-4774-9a37-2f257f79b2c9@linux.dev/
Signed-off-by: Sean Anderson <sean.anderson@linux.dev>
Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ideasonboard.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20240809193600.3360015-2-sean.anderson@linux.dev
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/xlnx/zynqmp_kms.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/xlnx/zynqmp_kms.c b/drivers/gpu/drm/xlnx/zynqmp_kms.c
index bd1368df78703..4556af2faa0f1 100644
--- a/drivers/gpu/drm/xlnx/zynqmp_kms.c
+++ b/drivers/gpu/drm/xlnx/zynqmp_kms.c
@@ -536,7 +536,7 @@ void zynqmp_dpsub_drm_cleanup(struct zynqmp_dpsub *dpsub)
{
struct drm_device *drm = &dpsub->drm->dev;
- drm_dev_unregister(drm);
+ drm_dev_unplug(drm);
drm_atomic_helper_shutdown(drm);
drm_encoder_cleanup(&dpsub->drm->encoder);
drm_kms_helper_poll_fini(drm);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 305/817] drm: xlnx: zynqmp_disp: layer may be null while releasing
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (303 preceding siblings ...)
2024-12-03 14:37 ` [PATCH 6.11 304/817] drm: zynqmp_kms: Unplug DRM device before removal Greg Kroah-Hartman
@ 2024-12-03 14:37 ` Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 306/817] wifi: wfx: Fix error handling in wfx_core_init() Greg Kroah-Hartman
` (521 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Steffen Dirkwinkel, Tomi Valkeinen,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Steffen Dirkwinkel <s.dirkwinkel@beckhoff.com>
[ Upstream commit 223842c7702b52846b1c5aef8aca7474ec1fd29b ]
layer->info can be null if we have an error on the first layer in
zynqmp_disp_create_layers
Fixes: 1836fd5ed98d ("drm: xlnx: zynqmp_dpsub: Minimize usage of global flag")
Signed-off-by: Steffen Dirkwinkel <s.dirkwinkel@beckhoff.com>
Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ideasonboard.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20241028133941.54264-1-lists@steffen.cc
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/xlnx/zynqmp_disp.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/gpu/drm/xlnx/zynqmp_disp.c b/drivers/gpu/drm/xlnx/zynqmp_disp.c
index 9368acf56eaf7..e4e0e299e8a7d 100644
--- a/drivers/gpu/drm/xlnx/zynqmp_disp.c
+++ b/drivers/gpu/drm/xlnx/zynqmp_disp.c
@@ -1200,6 +1200,9 @@ static void zynqmp_disp_layer_release_dma(struct zynqmp_disp *disp,
{
unsigned int i;
+ if (!layer->info)
+ return;
+
for (i = 0; i < layer->info->num_channels; i++) {
struct zynqmp_disp_layer_dma *dma = &layer->dmas[i];
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 306/817] wifi: wfx: Fix error handling in wfx_core_init()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (304 preceding siblings ...)
2024-12-03 14:37 ` [PATCH 6.11 305/817] drm: xlnx: zynqmp_disp: layer may be null while releasing Greg Kroah-Hartman
@ 2024-12-03 14:37 ` Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 307/817] wifi: cw1200: Fix potential NULL dereference Greg Kroah-Hartman
` (520 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yuan Can, Jérôme Pouiller,
Kalle Valo, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yuan Can <yuancan@huawei.com>
[ Upstream commit 3b88a9876779b55478a4dde867e73f7a100ffa23 ]
The wfx_core_init() returns without checking the retval from
sdio_register_driver().
If the sdio_register_driver() failed, the module failed to install,
leaving the wfx_spi_driver not unregistered.
Fixes: a7a91ca5a23d ("staging: wfx: add infrastructure for new driver")
Signed-off-by: Yuan Can <yuancan@huawei.com>
Reviewed-by: Jérôme Pouiller <jerome.pouiller@silabs.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://patch.msgid.link/20241022090453.84679-1-yuancan@huawei.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/silabs/wfx/main.c | 17 +++++++++++++++--
1 file changed, 15 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireless/silabs/wfx/main.c b/drivers/net/wireless/silabs/wfx/main.c
index e7198520bdffc..64441c8bc4606 100644
--- a/drivers/net/wireless/silabs/wfx/main.c
+++ b/drivers/net/wireless/silabs/wfx/main.c
@@ -480,10 +480,23 @@ static int __init wfx_core_init(void)
{
int ret = 0;
- if (IS_ENABLED(CONFIG_SPI))
+ if (IS_ENABLED(CONFIG_SPI)) {
ret = spi_register_driver(&wfx_spi_driver);
- if (IS_ENABLED(CONFIG_MMC) && !ret)
+ if (ret)
+ goto out;
+ }
+ if (IS_ENABLED(CONFIG_MMC)) {
ret = sdio_register_driver(&wfx_sdio_driver);
+ if (ret)
+ goto unregister_spi;
+ }
+
+ return 0;
+
+unregister_spi:
+ if (IS_ENABLED(CONFIG_SPI))
+ spi_unregister_driver(&wfx_spi_driver);
+out:
return ret;
}
module_init(wfx_core_init);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 307/817] wifi: cw1200: Fix potential NULL dereference
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (305 preceding siblings ...)
2024-12-03 14:37 ` [PATCH 6.11 306/817] wifi: wfx: Fix error handling in wfx_core_init() Greg Kroah-Hartman
@ 2024-12-03 14:37 ` Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 308/817] drm/msm/dpu: cast crtc_clk calculation to u64 in _dpu_core_perf_calc_clk() Greg Kroah-Hartman
` (519 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, kernel test robot, Dan Carpenter,
Linus Walleij, Kalle Valo, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Linus Walleij <linus.walleij@linaro.org>
[ Upstream commit 2b94751626a6d49bbe42a19cc1503bd391016bd5 ]
A recent refactoring was identified by static analysis to
cause a potential NULL dereference, fix this!
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Closes: https://lore.kernel.org/r/202410121505.nyghqEkK-lkp@intel.com/
Fixes: 2719a9e7156c ("wifi: cw1200: Convert to GPIO descriptors")
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://patch.msgid.link/20241028-cw1200-fix-v1-1-e092b6558d1e@linaro.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/st/cw1200/cw1200_spi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/st/cw1200/cw1200_spi.c b/drivers/net/wireless/st/cw1200/cw1200_spi.c
index 4f346fb977a98..862964a8cc876 100644
--- a/drivers/net/wireless/st/cw1200/cw1200_spi.c
+++ b/drivers/net/wireless/st/cw1200/cw1200_spi.c
@@ -450,7 +450,7 @@ static int __maybe_unused cw1200_spi_suspend(struct device *dev)
{
struct hwbus_priv *self = spi_get_drvdata(to_spi_device(dev));
- if (!cw1200_can_suspend(self->core))
+ if (self && !cw1200_can_suspend(self->core))
return -EAGAIN;
/* XXX notify host that we have to keep CW1200 powered on? */
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 308/817] drm/msm/dpu: cast crtc_clk calculation to u64 in _dpu_core_perf_calc_clk()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (306 preceding siblings ...)
2024-12-03 14:37 ` [PATCH 6.11 307/817] wifi: cw1200: Fix potential NULL dereference Greg Kroah-Hartman
@ 2024-12-03 14:38 ` Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 309/817] bpf, bpftool: Fix incorrect disasm pc Greg Kroah-Hartman
` (518 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zichen Xie, Abhinav Kumar,
Dmitry Baryshkov, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zichen Xie <zichenxie0106@gmail.com>
[ Upstream commit 20c7b42d9dbd048019bfe0af39229e3014007a98 ]
There may be a potential integer overflow issue in
_dpu_core_perf_calc_clk(). crtc_clk is defined as u64, while
mode->vtotal, mode->hdisplay, and drm_mode_vrefresh(mode) are defined as
a smaller data type. The result of the calculation will be limited to
"int" in this case without correct casting. In screen with high
resolution and high refresh rate, integer overflow may happen.
So, we recommend adding an extra cast to prevent potential
integer overflow.
Fixes: c33b7c0389e1 ("drm/msm/dpu: add support for clk and bw scaling for display")
Signed-off-by: Zichen Xie <zichenxie0106@gmail.com>
Reviewed-by: Abhinav Kumar <quic_abhinavk@quicinc.com>
Patchwork: https://patchwork.freedesktop.org/patch/622206/
Link: https://lore.kernel.org/r/20241029194209.23684-1-zichenxie0106@gmail.com
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/msm/disp/dpu1/dpu_core_perf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/msm/disp/dpu1/dpu_core_perf.c b/drivers/gpu/drm/msm/disp/dpu1/dpu_core_perf.c
index 68fae048a9a83..260accc151d4b 100644
--- a/drivers/gpu/drm/msm/disp/dpu1/dpu_core_perf.c
+++ b/drivers/gpu/drm/msm/disp/dpu1/dpu_core_perf.c
@@ -80,7 +80,7 @@ static u64 _dpu_core_perf_calc_clk(const struct dpu_perf_cfg *perf_cfg,
mode = &state->adjusted_mode;
- crtc_clk = mode->vtotal * mode->hdisplay * drm_mode_vrefresh(mode);
+ crtc_clk = (u64)mode->vtotal * mode->hdisplay * drm_mode_vrefresh(mode);
drm_atomic_crtc_for_each_plane(plane, crtc) {
pstate = to_dpu_plane_state(plane->state);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 309/817] bpf, bpftool: Fix incorrect disasm pc
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (307 preceding siblings ...)
2024-12-03 14:38 ` [PATCH 6.11 308/817] drm/msm/dpu: cast crtc_clk calculation to u64 in _dpu_core_perf_calc_clk() Greg Kroah-Hartman
@ 2024-12-03 14:38 ` Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 310/817] bpf: Tighten tail call checks for lingering locks, RCU, preempt_disable Greg Kroah-Hartman
` (517 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Leon Hwang, Andrii Nakryiko,
Quentin Monnet, Yonghong Song, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Leon Hwang <leon.hwang@linux.dev>
[ Upstream commit 4d99e509c161f8610de125202c648fa4acd00541 ]
This patch addresses the bpftool issue "Wrong callq address displayed"[0].
The issue stemmed from an incorrect program counter (PC) value used during
disassembly with LLVM or libbfd.
For LLVM: The PC argument must represent the actual address in the kernel
to compute the correct relative address.
For libbfd: The relative address can be adjusted by adding func_ksym within
the custom info->print_address_func to yield the correct address.
Links:
[0] https://github.com/libbpf/bpftool/issues/109
Changes:
v2 -> v3:
* Address comment from Quentin:
* Remove the typedef.
v1 -> v2:
* Fix the broken libbfd disassembler.
Fixes: e1947c750ffe ("bpftool: Refactor disassembler for JIT-ed programs")
Signed-off-by: Leon Hwang <leon.hwang@linux.dev>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Tested-by: Quentin Monnet <qmo@kernel.org>
Reviewed-by: Quentin Monnet <qmo@kernel.org>
Acked-by: Yonghong Song <yonghong.song@linux.dev>
Link: https://lore.kernel.org/bpf/20241031152844.68817-1-leon.hwang@linux.dev
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/bpf/bpftool/jit_disasm.c | 40 ++++++++++++++++++++++++----------
1 file changed, 29 insertions(+), 11 deletions(-)
diff --git a/tools/bpf/bpftool/jit_disasm.c b/tools/bpf/bpftool/jit_disasm.c
index 7b8d9ec89ebd3..c032d2c6ab6d5 100644
--- a/tools/bpf/bpftool/jit_disasm.c
+++ b/tools/bpf/bpftool/jit_disasm.c
@@ -80,7 +80,8 @@ symbol_lookup_callback(__maybe_unused void *disasm_info,
static int
init_context(disasm_ctx_t *ctx, const char *arch,
__maybe_unused const char *disassembler_options,
- __maybe_unused unsigned char *image, __maybe_unused ssize_t len)
+ __maybe_unused unsigned char *image, __maybe_unused ssize_t len,
+ __maybe_unused __u64 func_ksym)
{
char *triple;
@@ -109,12 +110,13 @@ static void destroy_context(disasm_ctx_t *ctx)
}
static int
-disassemble_insn(disasm_ctx_t *ctx, unsigned char *image, ssize_t len, int pc)
+disassemble_insn(disasm_ctx_t *ctx, unsigned char *image, ssize_t len, int pc,
+ __u64 func_ksym)
{
char buf[256];
int count;
- count = LLVMDisasmInstruction(*ctx, image + pc, len - pc, pc,
+ count = LLVMDisasmInstruction(*ctx, image + pc, len - pc, func_ksym + pc,
buf, sizeof(buf));
if (json_output)
printf_json(buf);
@@ -136,8 +138,21 @@ int disasm_init(void)
#ifdef HAVE_LIBBFD_SUPPORT
#define DISASM_SPACER "\t"
+struct disasm_info {
+ struct disassemble_info info;
+ __u64 func_ksym;
+};
+
+static void disasm_print_addr(bfd_vma addr, struct disassemble_info *info)
+{
+ struct disasm_info *dinfo = container_of(info, struct disasm_info, info);
+
+ addr += dinfo->func_ksym;
+ generic_print_address(addr, info);
+}
+
typedef struct {
- struct disassemble_info *info;
+ struct disasm_info *info;
disassembler_ftype disassemble;
bfd *bfdf;
} disasm_ctx_t;
@@ -215,7 +230,7 @@ static int fprintf_json_styled(void *out,
static int init_context(disasm_ctx_t *ctx, const char *arch,
const char *disassembler_options,
- unsigned char *image, ssize_t len)
+ unsigned char *image, ssize_t len, __u64 func_ksym)
{
struct disassemble_info *info;
char tpath[PATH_MAX];
@@ -238,12 +253,13 @@ static int init_context(disasm_ctx_t *ctx, const char *arch,
}
bfdf = ctx->bfdf;
- ctx->info = malloc(sizeof(struct disassemble_info));
+ ctx->info = malloc(sizeof(struct disasm_info));
if (!ctx->info) {
p_err("mem alloc failed");
goto err_close;
}
- info = ctx->info;
+ ctx->info->func_ksym = func_ksym;
+ info = &ctx->info->info;
if (json_output)
init_disassemble_info_compat(info, stdout,
@@ -272,6 +288,7 @@ static int init_context(disasm_ctx_t *ctx, const char *arch,
info->disassembler_options = disassembler_options;
info->buffer = image;
info->buffer_length = len;
+ info->print_address_func = disasm_print_addr;
disassemble_init_for_target(info);
@@ -304,9 +321,10 @@ static void destroy_context(disasm_ctx_t *ctx)
static int
disassemble_insn(disasm_ctx_t *ctx, __maybe_unused unsigned char *image,
- __maybe_unused ssize_t len, int pc)
+ __maybe_unused ssize_t len, int pc,
+ __maybe_unused __u64 func_ksym)
{
- return ctx->disassemble(pc, ctx->info);
+ return ctx->disassemble(pc, &ctx->info->info);
}
int disasm_init(void)
@@ -331,7 +349,7 @@ int disasm_print_insn(unsigned char *image, ssize_t len, int opcodes,
if (!len)
return -1;
- if (init_context(&ctx, arch, disassembler_options, image, len))
+ if (init_context(&ctx, arch, disassembler_options, image, len, func_ksym))
return -1;
if (json_output)
@@ -360,7 +378,7 @@ int disasm_print_insn(unsigned char *image, ssize_t len, int opcodes,
printf("%4x:" DISASM_SPACER, pc);
}
- count = disassemble_insn(&ctx, image, len, pc);
+ count = disassemble_insn(&ctx, image, len, pc, func_ksym);
if (json_output) {
/* Operand array, was started in fprintf_json. Before
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 310/817] bpf: Tighten tail call checks for lingering locks, RCU, preempt_disable
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (308 preceding siblings ...)
2024-12-03 14:38 ` [PATCH 6.11 309/817] bpf, bpftool: Fix incorrect disasm pc Greg Kroah-Hartman
@ 2024-12-03 14:38 ` Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 311/817] drm/vkms: Drop unnecessary call to drm_crtc_cleanup() Greg Kroah-Hartman
` (516 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Kumar Kartikeya Dwivedi,
Alexei Starovoitov, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kumar Kartikeya Dwivedi <memxor@gmail.com>
[ Upstream commit 46f7ed32f7a873d6675ea72e1d6317df41a55f81 ]
There are three situations when a program logically exits and transfers
control to the kernel or another program: bpf_throw, BPF_EXIT, and tail
calls. The former two check for any lingering locks and references, but
tail calls currently do not. Expand the checks to check for spin locks,
RCU read sections and preempt disabled sections.
Spin locks are indirectly preventing tail calls as function calls are
disallowed, but the checks for preemption and RCU are more relaxed,
hence ensure tail calls are prevented in their presence.
Fixes: 9bb00b2895cb ("bpf: Add kfunc bpf_rcu_read_lock/unlock()")
Fixes: fc7566ad0a82 ("bpf: Introduce bpf_preempt_[disable,enable] kfuncs")
Signed-off-by: Kumar Kartikeya Dwivedi <memxor@gmail.com>
Link: https://lore.kernel.org/r/20241103225940.1408302-2-memxor@gmail.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/bpf/verifier.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index a5a9b4e418a68..3bee91db81f0a 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -10459,11 +10459,26 @@ static int check_helper_call(struct bpf_verifier_env *env, struct bpf_insn *insn
switch (func_id) {
case BPF_FUNC_tail_call:
+ if (env->cur_state->active_lock.ptr) {
+ verbose(env, "tail_call cannot be used inside bpf_spin_lock-ed region\n");
+ return -EINVAL;
+ }
+
err = check_reference_leak(env, false);
if (err) {
verbose(env, "tail_call would lead to reference leak\n");
return err;
}
+
+ if (env->cur_state->active_rcu_lock) {
+ verbose(env, "tail_call cannot be used inside bpf_rcu_read_lock-ed region\n");
+ return -EINVAL;
+ }
+
+ if (env->cur_state->active_preempt_lock) {
+ verbose(env, "tail_call cannot be used inside bpf_preempt_disable-ed region\n");
+ return -EINVAL;
+ }
break;
case BPF_FUNC_get_local_storage:
/* check that flags argument in get_local_storage(map, flags) is 0,
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 311/817] drm/vkms: Drop unnecessary call to drm_crtc_cleanup()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (309 preceding siblings ...)
2024-12-03 14:38 ` [PATCH 6.11 310/817] bpf: Tighten tail call checks for lingering locks, RCU, preempt_disable Greg Kroah-Hartman
@ 2024-12-03 14:38 ` Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 312/817] drm/amdgpu: Fix the memory allocation issue in amdgpu_discovery_get_nps_info() Greg Kroah-Hartman
` (515 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, José Expósito,
Maíra Canal, Louis Chauvet, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: José Expósito <jose.exposito89@gmail.com>
[ Upstream commit 1d43dddd7c38ea1aa93f78f7ee10087afb0a561f ]
CRTC creation uses drmm_crtc_init_with_planes(), which automatically
handles cleanup. However, an unnecessary call to drm_crtc_cleanup() is
still present in the vkms_output_init() error path.
Fixes: 99cc528ebe92 ("drm/vkms: Use drmm_crtc_init_with_planes()")
Signed-off-by: José Expósito <jose.exposito89@gmail.com>
Reviewed-by: Maíra Canal <mcanal@igalia.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20241031183835.3633-1-jose.exposito89@gmail.com
Acked-by: Louis Chauvet <louis.chauvet@bootlin.com>
Signed-off-by: Louis Chauvet <louis.chauvet@bootlin.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/vkms/vkms_output.c | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/drivers/gpu/drm/vkms/vkms_output.c b/drivers/gpu/drm/vkms/vkms_output.c
index 5ce70dd946aa6..24589b947dea3 100644
--- a/drivers/gpu/drm/vkms/vkms_output.c
+++ b/drivers/gpu/drm/vkms/vkms_output.c
@@ -84,7 +84,7 @@ int vkms_output_init(struct vkms_device *vkmsdev, int index)
DRM_MODE_CONNECTOR_VIRTUAL);
if (ret) {
DRM_ERROR("Failed to init connector\n");
- goto err_connector;
+ return ret;
}
drm_connector_helper_add(connector, &vkms_conn_helper_funcs);
@@ -119,8 +119,5 @@ int vkms_output_init(struct vkms_device *vkmsdev, int index)
err_encoder:
drm_connector_cleanup(connector);
-err_connector:
- drm_crtc_cleanup(crtc);
-
return ret;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 312/817] drm/amdgpu: Fix the memory allocation issue in amdgpu_discovery_get_nps_info()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (310 preceding siblings ...)
2024-12-03 14:38 ` [PATCH 6.11 311/817] drm/vkms: Drop unnecessary call to drm_crtc_cleanup() Greg Kroah-Hartman
@ 2024-12-03 14:38 ` Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 313/817] bpf: Support __nullable argument suffix for tp_btf Greg Kroah-Hartman
` (514 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christophe JAILLET, Lijo Lazar,
Li Huafei, Alex Deucher, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Li Huafei <lihuafei1@huawei.com>
[ Upstream commit a1144da794adedb9447437c57d69add56494309d ]
Fix two issues with memory allocation in amdgpu_discovery_get_nps_info()
for mem_ranges:
- Add a check for allocation failure to avoid dereferencing a null
pointer.
- As suggested by Christophe, use kvcalloc() for memory allocation,
which checks for multiplication overflow.
Additionally, assign the output parameters nps_type and range_cnt after
the kvcalloc() call to prevent modifying the output parameters in case
of an error return.
Fixes: b194d21b9bcc ("drm/amdgpu: Use NPS ranges from discovery table")
Suggested-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Reviewed-by: Lijo Lazar <lijo.lazar@amd.com>
Signed-off-by: Li Huafei <lihuafei1@huawei.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c
index 4bd61c169ca8d..ca8091fd3a24f 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c
@@ -1757,11 +1757,13 @@ int amdgpu_discovery_get_nps_info(struct amdgpu_device *adev,
switch (le16_to_cpu(nps_info->v1.header.version_major)) {
case 1:
+ mem_ranges = kvcalloc(nps_info->v1.count,
+ sizeof(*mem_ranges),
+ GFP_KERNEL);
+ if (!mem_ranges)
+ return -ENOMEM;
*nps_type = nps_info->v1.nps_type;
*range_cnt = nps_info->v1.count;
- mem_ranges = kvzalloc(
- *range_cnt * sizeof(struct amdgpu_gmc_memrange),
- GFP_KERNEL);
for (i = 0; i < *range_cnt; i++) {
mem_ranges[i].base_address =
nps_info->v1.instance_info[i].base_address;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 313/817] bpf: Support __nullable argument suffix for tp_btf
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (311 preceding siblings ...)
2024-12-03 14:38 ` [PATCH 6.11 312/817] drm/amdgpu: Fix the memory allocation issue in amdgpu_discovery_get_nps_info() Greg Kroah-Hartman
@ 2024-12-03 14:38 ` Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 314/817] selftests/bpf: Add test for __nullable suffix in tp_btf Greg Kroah-Hartman
` (513 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Alexei Starovoitov, Philo Lu,
Martin KaFai Lau, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Philo Lu <lulie@linux.alibaba.com>
[ Upstream commit 8aeaed21befc90f27f4fca6dd190850d97d2e9e3 ]
Pointers passed to tp_btf were trusted to be valid, but some tracepoints
do take NULL pointer as input, such as trace_tcp_send_reset(). Then the
invalid memory access cannot be detected by verifier.
This patch fix it by add a suffix "__nullable" to the unreliable
argument. The suffix is shown in btf, and PTR_MAYBE_NULL will be added
to nullable arguments. Then users must check the pointer before use it.
A problem here is that we use "btf_trace_##call" to search func_proto.
As it is a typedef, argument names as well as the suffix are not
recorded. To solve this, I use bpf_raw_event_map to find
"__bpf_trace##template" from "btf_trace_##call", and then we can see the
suffix.
Suggested-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Philo Lu <lulie@linux.alibaba.com>
Link: https://lore.kernel.org/r/20240911033719.91468-2-lulie@linux.alibaba.com
Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
Stable-dep-of: cb4158ce8ec8 ("bpf: Mark raw_tp arguments with PTR_MAYBE_NULL")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/bpf/btf.c | 3 +++
kernel/bpf/verifier.c | 36 ++++++++++++++++++++++++++++++++----
2 files changed, 35 insertions(+), 4 deletions(-)
diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c
index 5f4f1d0bc23a4..76afa90814ddb 100644
--- a/kernel/bpf/btf.c
+++ b/kernel/bpf/btf.c
@@ -6534,6 +6534,9 @@ bool btf_ctx_access(int off, int size, enum bpf_access_type type,
if (prog_args_trusted(prog))
info->reg_type |= PTR_TRUSTED;
+ if (btf_param_match_suffix(btf, &args[arg], "__nullable"))
+ info->reg_type |= PTR_MAYBE_NULL;
+
if (tgt_prog) {
enum bpf_prog_type tgt_type;
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 3bee91db81f0a..0481915e63c21 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -28,6 +28,8 @@
#include <linux/cpumask.h>
#include <linux/bpf_mem_alloc.h>
#include <net/xdp.h>
+#include <linux/trace_events.h>
+#include <linux/kallsyms.h>
#include "disasm.h"
@@ -21308,11 +21310,13 @@ int bpf_check_attach_target(struct bpf_verifier_log *log,
{
bool prog_extension = prog->type == BPF_PROG_TYPE_EXT;
bool prog_tracing = prog->type == BPF_PROG_TYPE_TRACING;
+ char trace_symbol[KSYM_SYMBOL_LEN];
const char prefix[] = "btf_trace_";
+ struct bpf_raw_event_map *btp;
int ret = 0, subprog = -1, i;
const struct btf_type *t;
bool conservative = true;
- const char *tname;
+ const char *tname, *fname;
struct btf *btf;
long addr = 0;
struct module *mod = NULL;
@@ -21443,10 +21447,34 @@ int bpf_check_attach_target(struct bpf_verifier_log *log,
return -EINVAL;
}
tname += sizeof(prefix) - 1;
- t = btf_type_by_id(btf, t->type);
- if (!btf_type_is_ptr(t))
- /* should never happen in valid vmlinux build */
+
+ /* The func_proto of "btf_trace_##tname" is generated from typedef without argument
+ * names. Thus using bpf_raw_event_map to get argument names.
+ */
+ btp = bpf_get_raw_tracepoint(tname);
+ if (!btp)
return -EINVAL;
+ fname = kallsyms_lookup((unsigned long)btp->bpf_func, NULL, NULL, NULL,
+ trace_symbol);
+ bpf_put_raw_tracepoint(btp);
+
+ if (fname)
+ ret = btf_find_by_name_kind(btf, fname, BTF_KIND_FUNC);
+
+ if (!fname || ret < 0) {
+ bpf_log(log, "Cannot find btf of tracepoint template, fall back to %s%s.\n",
+ prefix, tname);
+ t = btf_type_by_id(btf, t->type);
+ if (!btf_type_is_ptr(t))
+ /* should never happen in valid vmlinux build */
+ return -EINVAL;
+ } else {
+ t = btf_type_by_id(btf, ret);
+ if (!btf_type_is_func(t))
+ /* should never happen in valid vmlinux build */
+ return -EINVAL;
+ }
+
t = btf_type_by_id(btf, t->type);
if (!btf_type_is_func_proto(t))
/* should never happen in valid vmlinux build */
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 314/817] selftests/bpf: Add test for __nullable suffix in tp_btf
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (312 preceding siblings ...)
2024-12-03 14:38 ` [PATCH 6.11 313/817] bpf: Support __nullable argument suffix for tp_btf Greg Kroah-Hartman
@ 2024-12-03 14:38 ` Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 315/817] bpf: Mark raw_tp arguments with PTR_MAYBE_NULL Greg Kroah-Hartman
` (512 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:38 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Philo Lu, Martin KaFai Lau,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Philo Lu <lulie@linux.alibaba.com>
[ Upstream commit 2060f07f861a237345922023e9347a204c0795af ]
Add a tracepoint with __nullable suffix in bpf_testmod, and add cases
for it:
$ ./test_progs -t "tp_btf_nullable"
#406/1 tp_btf_nullable/handle_tp_btf_nullable_bare1:OK
#406/2 tp_btf_nullable/handle_tp_btf_nullable_bare2:OK
#406 tp_btf_nullable:OK
Summary: 1/2 PASSED, 0 SKIPPED, 0 FAILED
Signed-off-by: Philo Lu <lulie@linux.alibaba.com>
Link: https://lore.kernel.org/r/20240911033719.91468-3-lulie@linux.alibaba.com
Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
Stable-dep-of: cb4158ce8ec8 ("bpf: Mark raw_tp arguments with PTR_MAYBE_NULL")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../bpf/bpf_testmod/bpf_testmod-events.h | 6 +++++
.../selftests/bpf/bpf_testmod/bpf_testmod.c | 2 ++
.../bpf/prog_tests/tp_btf_nullable.c | 14 +++++++++++
.../bpf/progs/test_tp_btf_nullable.c | 24 +++++++++++++++++++
4 files changed, 46 insertions(+)
create mode 100644 tools/testing/selftests/bpf/prog_tests/tp_btf_nullable.c
create mode 100644 tools/testing/selftests/bpf/progs/test_tp_btf_nullable.c
diff --git a/tools/testing/selftests/bpf/bpf_testmod/bpf_testmod-events.h b/tools/testing/selftests/bpf/bpf_testmod/bpf_testmod-events.h
index 11ee801e75e7e..6c3b4d4f173ac 100644
--- a/tools/testing/selftests/bpf/bpf_testmod/bpf_testmod-events.h
+++ b/tools/testing/selftests/bpf/bpf_testmod/bpf_testmod-events.h
@@ -34,6 +34,12 @@ DECLARE_TRACE(bpf_testmod_test_write_bare,
TP_ARGS(task, ctx)
);
+/* Used in bpf_testmod_test_read() to test __nullable suffix */
+DECLARE_TRACE(bpf_testmod_test_nullable_bare,
+ TP_PROTO(struct bpf_testmod_test_read_ctx *ctx__nullable),
+ TP_ARGS(ctx__nullable)
+);
+
#undef BPF_TESTMOD_DECLARE_TRACE
#ifdef DECLARE_TRACE_WRITABLE
#define BPF_TESTMOD_DECLARE_TRACE(call, proto, args, size) \
diff --git a/tools/testing/selftests/bpf/bpf_testmod/bpf_testmod.c b/tools/testing/selftests/bpf/bpf_testmod/bpf_testmod.c
index 72f565af4f829..a89af5b9587cd 100644
--- a/tools/testing/selftests/bpf/bpf_testmod/bpf_testmod.c
+++ b/tools/testing/selftests/bpf/bpf_testmod/bpf_testmod.c
@@ -356,6 +356,8 @@ bpf_testmod_test_read(struct file *file, struct kobject *kobj,
if (bpf_testmod_loop_test(101) > 100)
trace_bpf_testmod_test_read(current, &ctx);
+ trace_bpf_testmod_test_nullable_bare(NULL);
+
/* Magic number to enable writable tp */
if (len == 64) {
struct bpf_testmod_test_writable_ctx writable = {
diff --git a/tools/testing/selftests/bpf/prog_tests/tp_btf_nullable.c b/tools/testing/selftests/bpf/prog_tests/tp_btf_nullable.c
new file mode 100644
index 0000000000000..accc42e01f8a8
--- /dev/null
+++ b/tools/testing/selftests/bpf/prog_tests/tp_btf_nullable.c
@@ -0,0 +1,14 @@
+// SPDX-License-Identifier: GPL-2.0
+
+#include <test_progs.h>
+#include "test_tp_btf_nullable.skel.h"
+
+void test_tp_btf_nullable(void)
+{
+ if (!env.has_testmod) {
+ test__skip();
+ return;
+ }
+
+ RUN_TESTS(test_tp_btf_nullable);
+}
diff --git a/tools/testing/selftests/bpf/progs/test_tp_btf_nullable.c b/tools/testing/selftests/bpf/progs/test_tp_btf_nullable.c
new file mode 100644
index 0000000000000..bba3e37f749b8
--- /dev/null
+++ b/tools/testing/selftests/bpf/progs/test_tp_btf_nullable.c
@@ -0,0 +1,24 @@
+// SPDX-License-Identifier: GPL-2.0
+
+#include "vmlinux.h"
+#include <bpf/bpf_helpers.h>
+#include <bpf/bpf_tracing.h>
+#include "../bpf_testmod/bpf_testmod.h"
+#include "bpf_misc.h"
+
+SEC("tp_btf/bpf_testmod_test_nullable_bare")
+__failure __msg("R1 invalid mem access 'trusted_ptr_or_null_'")
+int BPF_PROG(handle_tp_btf_nullable_bare1, struct bpf_testmod_test_read_ctx *nullable_ctx)
+{
+ return nullable_ctx->len;
+}
+
+SEC("tp_btf/bpf_testmod_test_nullable_bare")
+int BPF_PROG(handle_tp_btf_nullable_bare2, struct bpf_testmod_test_read_ctx *nullable_ctx)
+{
+ if (nullable_ctx)
+ return nullable_ctx->len;
+ return 0;
+}
+
+char _license[] SEC("license") = "GPL";
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 315/817] bpf: Mark raw_tp arguments with PTR_MAYBE_NULL
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (313 preceding siblings ...)
2024-12-03 14:38 ` [PATCH 6.11 314/817] selftests/bpf: Add test for __nullable suffix in tp_btf Greg Kroah-Hartman
@ 2024-12-03 14:38 ` Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 316/817] drm: use ATOMIC64_INIT() for atomic64_t Greg Kroah-Hartman
` (511 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jiri Olsa, Juri Lelli,
Kumar Kartikeya Dwivedi, Alexei Starovoitov, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kumar Kartikeya Dwivedi <memxor@gmail.com>
[ Upstream commit cb4158ce8ec8a5bb528cc1693356a5eb8058094d ]
Arguments to a raw tracepoint are tagged as trusted, which carries the
semantics that the pointer will be non-NULL. However, in certain cases,
a raw tracepoint argument may end up being NULL. More context about this
issue is available in [0].
Thus, there is a discrepancy between the reality, that raw_tp arguments
can actually be NULL, and the verifier's knowledge, that they are never
NULL, causing explicit NULL checks to be deleted, and accesses to such
pointers potentially crashing the kernel.
To fix this, mark raw_tp arguments as PTR_MAYBE_NULL, and then special
case the dereference and pointer arithmetic to permit it, and allow
passing them into helpers/kfuncs; these exceptions are made for raw_tp
programs only. Ensure that we don't do this when ref_obj_id > 0, as in
that case this is an acquired object and doesn't need such adjustment.
The reason we do mask_raw_tp_trusted_reg logic is because other will
recheck in places whether the register is a trusted_reg, and then
consider our register as untrusted when detecting the presence of the
PTR_MAYBE_NULL flag.
To allow safe dereference, we enable PROBE_MEM marking when we see loads
into trusted pointers with PTR_MAYBE_NULL.
While trusted raw_tp arguments can also be passed into helpers or kfuncs
where such broken assumption may cause issues, a future patch set will
tackle their case separately, as PTR_TO_BTF_ID (without PTR_TRUSTED) can
already be passed into helpers and causes similar problems. Thus, they
are left alone for now.
It is possible that these checks also permit passing non-raw_tp args
that are trusted PTR_TO_BTF_ID with null marking. In such a case,
allowing dereference when pointer is NULL expands allowed behavior, so
won't regress existing programs, and the case of passing these into
helpers is the same as above and will be dealt with later.
Also update the failure case in tp_btf_nullable selftest to capture the
new behavior, as the verifier will no longer cause an error when
directly dereference a raw tracepoint argument marked as __nullable.
[0]: https://lore.kernel.org/bpf/ZrCZS6nisraEqehw@jlelli-thinkpadt14gen4.remote.csb
Reviewed-by: Jiri Olsa <jolsa@kernel.org>
Reported-by: Juri Lelli <juri.lelli@redhat.com>
Tested-by: Juri Lelli <juri.lelli@redhat.com>
Fixes: 3f00c5239344 ("bpf: Allow trusted pointers to be passed to KF_TRUSTED_ARGS kfuncs")
Signed-off-by: Kumar Kartikeya Dwivedi <memxor@gmail.com>
Link: https://lore.kernel.org/r/20241104171959.2938862-2-memxor@gmail.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/bpf.h | 6 ++
kernel/bpf/btf.c | 5 +-
kernel/bpf/verifier.c | 79 +++++++++++++++++--
.../bpf/progs/test_tp_btf_nullable.c | 6 +-
4 files changed, 87 insertions(+), 9 deletions(-)
diff --git a/include/linux/bpf.h b/include/linux/bpf.h
index eb1d3a2fe3339..75b4117454b45 100644
--- a/include/linux/bpf.h
+++ b/include/linux/bpf.h
@@ -3436,4 +3436,10 @@ static inline bool bpf_is_subprog(const struct bpf_prog *prog)
return prog->aux->func_idx != 0;
}
+static inline bool bpf_prog_is_raw_tp(const struct bpf_prog *prog)
+{
+ return prog->type == BPF_PROG_TYPE_TRACING &&
+ prog->expected_attach_type == BPF_TRACE_RAW_TP;
+}
+
#endif /* _LINUX_BPF_H */
diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c
index 76afa90814ddb..8608d24369f01 100644
--- a/kernel/bpf/btf.c
+++ b/kernel/bpf/btf.c
@@ -6534,7 +6534,10 @@ bool btf_ctx_access(int off, int size, enum bpf_access_type type,
if (prog_args_trusted(prog))
info->reg_type |= PTR_TRUSTED;
- if (btf_param_match_suffix(btf, &args[arg], "__nullable"))
+ /* Raw tracepoint arguments always get marked as maybe NULL */
+ if (bpf_prog_is_raw_tp(prog))
+ info->reg_type |= PTR_MAYBE_NULL;
+ else if (btf_param_match_suffix(btf, &args[arg], "__nullable"))
info->reg_type |= PTR_MAYBE_NULL;
if (tgt_prog) {
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 0481915e63c21..b34a358c75e0f 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -423,6 +423,25 @@ static struct btf_record *reg_btf_record(const struct bpf_reg_state *reg)
return rec;
}
+static bool mask_raw_tp_reg_cond(const struct bpf_verifier_env *env, struct bpf_reg_state *reg) {
+ return reg->type == (PTR_TO_BTF_ID | PTR_TRUSTED | PTR_MAYBE_NULL) &&
+ bpf_prog_is_raw_tp(env->prog) && !reg->ref_obj_id;
+}
+
+static bool mask_raw_tp_reg(const struct bpf_verifier_env *env, struct bpf_reg_state *reg)
+{
+ if (!mask_raw_tp_reg_cond(env, reg))
+ return false;
+ reg->type &= ~PTR_MAYBE_NULL;
+ return true;
+}
+
+static void unmask_raw_tp_reg(struct bpf_reg_state *reg, bool result)
+{
+ if (result)
+ reg->type |= PTR_MAYBE_NULL;
+}
+
static bool subprog_is_global(const struct bpf_verifier_env *env, int subprog)
{
struct bpf_func_info_aux *aux = env->prog->aux->func_info_aux;
@@ -6513,6 +6532,7 @@ static int check_ptr_to_btf_access(struct bpf_verifier_env *env,
const char *field_name = NULL;
enum bpf_type_flag flag = 0;
u32 btf_id = 0;
+ bool mask;
int ret;
if (!env->allow_ptr_leaks) {
@@ -6584,7 +6604,21 @@ static int check_ptr_to_btf_access(struct bpf_verifier_env *env,
if (ret < 0)
return ret;
-
+ /* For raw_tp progs, we allow dereference of PTR_MAYBE_NULL
+ * trusted PTR_TO_BTF_ID, these are the ones that are possibly
+ * arguments to the raw_tp. Since internal checks in for trusted
+ * reg in check_ptr_to_btf_access would consider PTR_MAYBE_NULL
+ * modifier as problematic, mask it out temporarily for the
+ * check. Don't apply this to pointers with ref_obj_id > 0, as
+ * those won't be raw_tp args.
+ *
+ * We may end up applying this relaxation to other trusted
+ * PTR_TO_BTF_ID with maybe null flag, since we cannot
+ * distinguish PTR_MAYBE_NULL tagged for arguments vs normal
+ * tagging, but that should expand allowed behavior, and not
+ * cause regression for existing behavior.
+ */
+ mask = mask_raw_tp_reg(env, reg);
if (ret != PTR_TO_BTF_ID) {
/* just mark; */
@@ -6645,8 +6679,13 @@ static int check_ptr_to_btf_access(struct bpf_verifier_env *env,
clear_trusted_flags(&flag);
}
- if (atype == BPF_READ && value_regno >= 0)
+ if (atype == BPF_READ && value_regno >= 0) {
mark_btf_ld_reg(env, regs, value_regno, ret, reg->btf, btf_id, flag);
+ /* We've assigned a new type to regno, so don't undo masking. */
+ if (regno == value_regno)
+ mask = false;
+ }
+ unmask_raw_tp_reg(reg, mask);
return 0;
}
@@ -7021,7 +7060,7 @@ static int check_mem_access(struct bpf_verifier_env *env, int insn_idx, u32 regn
if (!err && t == BPF_READ && value_regno >= 0)
mark_reg_unknown(env, regs, value_regno);
} else if (base_type(reg->type) == PTR_TO_BTF_ID &&
- !type_may_be_null(reg->type)) {
+ (mask_raw_tp_reg_cond(env, reg) || !type_may_be_null(reg->type))) {
err = check_ptr_to_btf_access(env, regs, regno, off, size, t,
value_regno);
} else if (reg->type == CONST_PTR_TO_MAP) {
@@ -8685,6 +8724,7 @@ static int check_func_arg(struct bpf_verifier_env *env, u32 arg,
enum bpf_reg_type type = reg->type;
u32 *arg_btf_id = NULL;
int err = 0;
+ bool mask;
if (arg_type == ARG_DONTCARE)
return 0;
@@ -8725,11 +8765,11 @@ static int check_func_arg(struct bpf_verifier_env *env, u32 arg,
base_type(arg_type) == ARG_PTR_TO_SPIN_LOCK)
arg_btf_id = fn->arg_btf_id[arg];
+ mask = mask_raw_tp_reg(env, reg);
err = check_reg_type(env, regno, arg_type, arg_btf_id, meta);
- if (err)
- return err;
- err = check_func_arg_reg_off(env, reg, regno, arg_type);
+ err = err ?: check_func_arg_reg_off(env, reg, regno, arg_type);
+ unmask_raw_tp_reg(reg, mask);
if (err)
return err;
@@ -9524,14 +9564,17 @@ static int btf_check_func_arg_match(struct bpf_verifier_env *env, int subprog,
return ret;
} else if (base_type(arg->arg_type) == ARG_PTR_TO_BTF_ID) {
struct bpf_call_arg_meta meta;
+ bool mask;
int err;
if (register_is_null(reg) && type_may_be_null(arg->arg_type))
continue;
memset(&meta, 0, sizeof(meta)); /* leave func_id as zero */
+ mask = mask_raw_tp_reg(env, reg);
err = check_reg_type(env, regno, arg->arg_type, &arg->btf_id, &meta);
err = err ?: check_func_arg_reg_off(env, reg, regno, arg->arg_type);
+ unmask_raw_tp_reg(reg, mask);
if (err)
return err;
} else {
@@ -11836,6 +11879,7 @@ static int check_kfunc_args(struct bpf_verifier_env *env, struct bpf_kfunc_call_
enum bpf_arg_type arg_type = ARG_DONTCARE;
u32 regno = i + 1, ref_id, type_size;
bool is_ret_buf_sz = false;
+ bool mask = false;
int kf_arg_type;
t = btf_type_skip_modifiers(btf, args[i].type, NULL);
@@ -11894,12 +11938,15 @@ static int check_kfunc_args(struct bpf_verifier_env *env, struct bpf_kfunc_call_
return -EINVAL;
}
+ mask = mask_raw_tp_reg(env, reg);
if ((is_kfunc_trusted_args(meta) || is_kfunc_rcu(meta)) &&
(register_is_null(reg) || type_may_be_null(reg->type)) &&
!is_kfunc_arg_nullable(meta->btf, &args[i])) {
verbose(env, "Possibly NULL pointer passed to trusted arg%d\n", i);
+ unmask_raw_tp_reg(reg, mask);
return -EACCES;
}
+ unmask_raw_tp_reg(reg, mask);
if (reg->ref_obj_id) {
if (is_kfunc_release(meta) && meta->ref_obj_id) {
@@ -11957,16 +12004,24 @@ static int check_kfunc_args(struct bpf_verifier_env *env, struct bpf_kfunc_call_
if (!is_kfunc_trusted_args(meta) && !is_kfunc_rcu(meta))
break;
+ /* Allow passing maybe NULL raw_tp arguments to
+ * kfuncs for compatibility. Don't apply this to
+ * arguments with ref_obj_id > 0.
+ */
+ mask = mask_raw_tp_reg(env, reg);
if (!is_trusted_reg(reg)) {
if (!is_kfunc_rcu(meta)) {
verbose(env, "R%d must be referenced or trusted\n", regno);
+ unmask_raw_tp_reg(reg, mask);
return -EINVAL;
}
if (!is_rcu_reg(reg)) {
verbose(env, "R%d must be a rcu pointer\n", regno);
+ unmask_raw_tp_reg(reg, mask);
return -EINVAL;
}
}
+ unmask_raw_tp_reg(reg, mask);
fallthrough;
case KF_ARG_PTR_TO_CTX:
case KF_ARG_PTR_TO_DYNPTR:
@@ -11989,7 +12044,9 @@ static int check_kfunc_args(struct bpf_verifier_env *env, struct bpf_kfunc_call_
if (is_kfunc_release(meta) && reg->ref_obj_id)
arg_type |= OBJ_RELEASE;
+ mask = mask_raw_tp_reg(env, reg);
ret = check_func_arg_reg_off(env, reg, regno, arg_type);
+ unmask_raw_tp_reg(reg, mask);
if (ret < 0)
return ret;
@@ -12165,6 +12222,7 @@ static int check_kfunc_args(struct bpf_verifier_env *env, struct bpf_kfunc_call_
ref_tname = btf_name_by_offset(btf, ref_t->name_off);
fallthrough;
case KF_ARG_PTR_TO_BTF_ID:
+ mask = mask_raw_tp_reg(env, reg);
/* Only base_type is checked, further checks are done here */
if ((base_type(reg->type) != PTR_TO_BTF_ID ||
(bpf_type_has_unsafe_modifiers(reg->type) && !is_rcu_reg(reg))) &&
@@ -12173,9 +12231,11 @@ static int check_kfunc_args(struct bpf_verifier_env *env, struct bpf_kfunc_call_
verbose(env, "expected %s or socket\n",
reg_type_str(env, base_type(reg->type) |
(type_flag(reg->type) & BPF_REG_TRUSTED_MODIFIERS)));
+ unmask_raw_tp_reg(reg, mask);
return -EINVAL;
}
ret = process_kf_arg_ptr_to_btf_id(env, reg, ref_t, ref_tname, ref_id, meta, i);
+ unmask_raw_tp_reg(reg, mask);
if (ret < 0)
return ret;
break;
@@ -13145,7 +13205,7 @@ static int sanitize_check_bounds(struct bpf_verifier_env *env,
*/
static int adjust_ptr_min_max_vals(struct bpf_verifier_env *env,
struct bpf_insn *insn,
- const struct bpf_reg_state *ptr_reg,
+ struct bpf_reg_state *ptr_reg,
const struct bpf_reg_state *off_reg)
{
struct bpf_verifier_state *vstate = env->cur_state;
@@ -13159,6 +13219,7 @@ static int adjust_ptr_min_max_vals(struct bpf_verifier_env *env,
struct bpf_sanitize_info info = {};
u8 opcode = BPF_OP(insn->code);
u32 dst = insn->dst_reg;
+ bool mask;
int ret;
dst_reg = ®s[dst];
@@ -13185,11 +13246,14 @@ static int adjust_ptr_min_max_vals(struct bpf_verifier_env *env,
return -EACCES;
}
+ mask = mask_raw_tp_reg(env, ptr_reg);
if (ptr_reg->type & PTR_MAYBE_NULL) {
verbose(env, "R%d pointer arithmetic on %s prohibited, null-check it first\n",
dst, reg_type_str(env, ptr_reg->type));
+ unmask_raw_tp_reg(ptr_reg, mask);
return -EACCES;
}
+ unmask_raw_tp_reg(ptr_reg, mask);
switch (base_type(ptr_reg->type)) {
case PTR_TO_CTX:
@@ -19330,6 +19394,7 @@ static int convert_ctx_accesses(struct bpf_verifier_env *env)
* for this case.
*/
case PTR_TO_BTF_ID | MEM_ALLOC | PTR_UNTRUSTED:
+ case PTR_TO_BTF_ID | PTR_TRUSTED | PTR_MAYBE_NULL:
if (type == BPF_READ) {
if (BPF_MODE(insn->code) == BPF_MEM)
insn->code = BPF_LDX | BPF_PROBE_MEM |
diff --git a/tools/testing/selftests/bpf/progs/test_tp_btf_nullable.c b/tools/testing/selftests/bpf/progs/test_tp_btf_nullable.c
index bba3e37f749b8..5aaf2b065f86c 100644
--- a/tools/testing/selftests/bpf/progs/test_tp_btf_nullable.c
+++ b/tools/testing/selftests/bpf/progs/test_tp_btf_nullable.c
@@ -7,7 +7,11 @@
#include "bpf_misc.h"
SEC("tp_btf/bpf_testmod_test_nullable_bare")
-__failure __msg("R1 invalid mem access 'trusted_ptr_or_null_'")
+/* This used to be a failure test, but raw_tp nullable arguments can now
+ * directly be dereferenced, whether they have nullable annotation or not,
+ * and don't need to be explicitly checked.
+ */
+__success
int BPF_PROG(handle_tp_btf_nullable_bare1, struct bpf_testmod_test_read_ctx *nullable_ctx)
{
return nullable_ctx->len;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 316/817] drm: use ATOMIC64_INIT() for atomic64_t
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (314 preceding siblings ...)
2024-12-03 14:38 ` [PATCH 6.11 315/817] bpf: Mark raw_tp arguments with PTR_MAYBE_NULL Greg Kroah-Hartman
@ 2024-12-03 14:38 ` Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 317/817] netfilter: nf_tables: avoid false-positive lockdep splat on rule deletion Greg Kroah-Hartman
` (510 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:38 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Jonathan Gray, Jani Nikula,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jonathan Gray <jsg@jsg.id.au>
[ Upstream commit 9877bb2775d020fb7000af5ca989331d09d0e372 ]
use ATOMIC64_INIT() not ATOMIC_INIT() for atomic64_t
Fixes: 3f09a0cd4ea3 ("drm: Add common fdinfo helper")
Signed-off-by: Jonathan Gray <jsg@jsg.id.au>
Reviewed-by: Jani Nikula <jani.nikula@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20240111023045.50013-1-jsg@jsg.id.au
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/drm_file.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/drm_file.c b/drivers/gpu/drm/drm_file.c
index f917b259b3342..26fc813d37edf 100644
--- a/drivers/gpu/drm/drm_file.c
+++ b/drivers/gpu/drm/drm_file.c
@@ -138,7 +138,7 @@ bool drm_dev_needs_global_mutex(struct drm_device *dev)
*/
struct drm_file *drm_file_alloc(struct drm_minor *minor)
{
- static atomic64_t ident = ATOMIC_INIT(0);
+ static atomic64_t ident = ATOMIC64_INIT(0);
struct drm_device *dev = minor->dev;
struct drm_file *file;
int ret;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 317/817] netfilter: nf_tables: avoid false-positive lockdep splat on rule deletion
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (315 preceding siblings ...)
2024-12-03 14:38 ` [PATCH 6.11 316/817] drm: use ATOMIC64_INIT() for atomic64_t Greg Kroah-Hartman
@ 2024-12-03 14:38 ` Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 318/817] netfilter: nf_tables: must hold rcu read lock while iterating expression type list Greg Kroah-Hartman
` (509 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Matthieu Baerts, Florian Westphal,
Pablo Neira Ayuso, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Florian Westphal <fw@strlen.de>
[ Upstream commit 9adbb4198bf6cf3634032871118a7052aeaa573f ]
On rule delete we get:
WARNING: suspicious RCU usage
net/netfilter/nf_tables_api.c:3420 RCU-list traversed in non-reader section!!
1 lock held by iptables/134:
#0: ffff888008c4fcc8 (&nft_net->commit_mutex){+.+.}-{3:3}, at: nf_tables_valid_genid (include/linux/jiffies.h:101) nf_tables
Code is fine, no other CPU can change the list because we're holding
transaction mutex.
Pass the needed lockdep annotation to the iterator and fix
two comments for functions that are no longer restricted to rcu-only
context.
This is enough to resolve rule delete, but there are several other
missing annotations, added in followup-patches.
Fixes: 28875945ba98 ("rcu: Add support for consolidated-RCU reader checking")
Reported-by: Matthieu Baerts <matttbe@kernel.org>
Tested-by: Matthieu Baerts <matttbe@kernel.org>
Closes: https://lore.kernel.org/netfilter-devel/da27f17f-3145-47af-ad0f-7fd2a823623e@kernel.org/
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/netfilter/nf_tables_api.c | 23 +++++++++++++----------
1 file changed, 13 insertions(+), 10 deletions(-)
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 58503348ed3a3..18579897e7fe2 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -3410,13 +3410,15 @@ void nft_expr_destroy(const struct nft_ctx *ctx, struct nft_expr *expr)
* Rules
*/
-static struct nft_rule *__nft_rule_lookup(const struct nft_chain *chain,
+static struct nft_rule *__nft_rule_lookup(const struct net *net,
+ const struct nft_chain *chain,
u64 handle)
{
struct nft_rule *rule;
// FIXME: this sucks
- list_for_each_entry_rcu(rule, &chain->rules, list) {
+ list_for_each_entry_rcu(rule, &chain->rules, list,
+ lockdep_commit_lock_is_held(net)) {
if (handle == rule->handle)
return rule;
}
@@ -3424,13 +3426,14 @@ static struct nft_rule *__nft_rule_lookup(const struct nft_chain *chain,
return ERR_PTR(-ENOENT);
}
-static struct nft_rule *nft_rule_lookup(const struct nft_chain *chain,
+static struct nft_rule *nft_rule_lookup(const struct net *net,
+ const struct nft_chain *chain,
const struct nlattr *nla)
{
if (nla == NULL)
return ERR_PTR(-EINVAL);
- return __nft_rule_lookup(chain, be64_to_cpu(nla_get_be64(nla)));
+ return __nft_rule_lookup(net, chain, be64_to_cpu(nla_get_be64(nla)));
}
static const struct nla_policy nft_rule_policy[NFTA_RULE_MAX + 1] = {
@@ -3731,7 +3734,7 @@ static int nf_tables_dump_rules_done(struct netlink_callback *cb)
return 0;
}
-/* called with rcu_read_lock held */
+/* Caller must hold rcu read lock or transaction mutex */
static struct sk_buff *
nf_tables_getrule_single(u32 portid, const struct nfnl_info *info,
const struct nlattr * const nla[], bool reset)
@@ -3758,7 +3761,7 @@ nf_tables_getrule_single(u32 portid, const struct nfnl_info *info,
return ERR_CAST(chain);
}
- rule = nft_rule_lookup(chain, nla[NFTA_RULE_HANDLE]);
+ rule = nft_rule_lookup(net, chain, nla[NFTA_RULE_HANDLE]);
if (IS_ERR(rule)) {
NL_SET_BAD_ATTR(extack, nla[NFTA_RULE_HANDLE]);
return ERR_CAST(rule);
@@ -4057,7 +4060,7 @@ static int nf_tables_newrule(struct sk_buff *skb, const struct nfnl_info *info,
if (nla[NFTA_RULE_HANDLE]) {
handle = be64_to_cpu(nla_get_be64(nla[NFTA_RULE_HANDLE]));
- rule = __nft_rule_lookup(chain, handle);
+ rule = __nft_rule_lookup(net, chain, handle);
if (IS_ERR(rule)) {
NL_SET_BAD_ATTR(extack, nla[NFTA_RULE_HANDLE]);
return PTR_ERR(rule);
@@ -4079,7 +4082,7 @@ static int nf_tables_newrule(struct sk_buff *skb, const struct nfnl_info *info,
if (nla[NFTA_RULE_POSITION]) {
pos_handle = be64_to_cpu(nla_get_be64(nla[NFTA_RULE_POSITION]));
- old_rule = __nft_rule_lookup(chain, pos_handle);
+ old_rule = __nft_rule_lookup(net, chain, pos_handle);
if (IS_ERR(old_rule)) {
NL_SET_BAD_ATTR(extack, nla[NFTA_RULE_POSITION]);
return PTR_ERR(old_rule);
@@ -4296,7 +4299,7 @@ static int nf_tables_delrule(struct sk_buff *skb, const struct nfnl_info *info,
if (chain) {
if (nla[NFTA_RULE_HANDLE]) {
- rule = nft_rule_lookup(chain, nla[NFTA_RULE_HANDLE]);
+ rule = nft_rule_lookup(info->net, chain, nla[NFTA_RULE_HANDLE]);
if (IS_ERR(rule)) {
if (PTR_ERR(rule) == -ENOENT &&
NFNL_MSG_TYPE(info->nlh->nlmsg_type) == NFT_MSG_DESTROYRULE)
@@ -8082,7 +8085,7 @@ static int nf_tables_dump_obj_done(struct netlink_callback *cb)
return 0;
}
-/* called with rcu_read_lock held */
+/* Caller must hold rcu read lock or transaction mutex */
static struct sk_buff *
nf_tables_getobj_single(u32 portid, const struct nfnl_info *info,
const struct nlattr * const nla[], bool reset)
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 318/817] netfilter: nf_tables: must hold rcu read lock while iterating expression type list
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (316 preceding siblings ...)
2024-12-03 14:38 ` [PATCH 6.11 317/817] netfilter: nf_tables: avoid false-positive lockdep splat on rule deletion Greg Kroah-Hartman
@ 2024-12-03 14:38 ` Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 319/817] netfilter: nf_tables: must hold rcu read lock while iterating object " Greg Kroah-Hartman
` (508 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Florian Westphal, Pablo Neira Ayuso,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Florian Westphal <fw@strlen.de>
[ Upstream commit ee666a541ed957937454d50afa4757924508cd74 ]
nft shell tests trigger:
WARNING: suspicious RCU usage
net/netfilter/nf_tables_api.c:3125 RCU-list traversed in non-reader section!!
1 lock held by nft/2068:
#0: ffff888106c6f8c8 (&nft_net->commit_mutex){+.+.}-{4:4}, at: nf_tables_valid_genid+0x3c/0xf0
But the transaction mutex doesn't protect this list, the nfnl subsystem
mutex would, but we can't acquire it here without risk of ABBA
deadlocks.
Acquire the rcu read lock to avoid this issue.
v3: add a comment that explains the ->inner_ops check implies
expression is builtin and lack of a module owner reference is ok.
Fixes: 3a07327d10a0 ("netfilter: nft_inner: support for inner tunnel header matching")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/netfilter/nf_tables_api.c | 24 ++++++++++++++++++------
1 file changed, 18 insertions(+), 6 deletions(-)
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 18579897e7fe2..a7a1913aa2917 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -3293,25 +3293,37 @@ int nft_expr_inner_parse(const struct nft_ctx *ctx, const struct nlattr *nla,
if (!tb[NFTA_EXPR_DATA] || !tb[NFTA_EXPR_NAME])
return -EINVAL;
+ rcu_read_lock();
+
type = __nft_expr_type_get(ctx->family, tb[NFTA_EXPR_NAME]);
- if (!type)
- return -ENOENT;
+ if (!type) {
+ err = -ENOENT;
+ goto out_unlock;
+ }
- if (!type->inner_ops)
- return -EOPNOTSUPP;
+ if (!type->inner_ops) {
+ err = -EOPNOTSUPP;
+ goto out_unlock;
+ }
err = nla_parse_nested_deprecated(info->tb, type->maxattr,
tb[NFTA_EXPR_DATA],
type->policy, NULL);
if (err < 0)
- goto err_nla_parse;
+ goto out_unlock;
info->attr = nla;
info->ops = type->inner_ops;
+ /* No module reference will be taken on type->owner.
+ * Presence of type->inner_ops implies that the expression
+ * is builtin, so it cannot go away.
+ */
+ rcu_read_unlock();
return 0;
-err_nla_parse:
+out_unlock:
+ rcu_read_unlock();
return err;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 319/817] netfilter: nf_tables: must hold rcu read lock while iterating object type list
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (317 preceding siblings ...)
2024-12-03 14:38 ` [PATCH 6.11 318/817] netfilter: nf_tables: must hold rcu read lock while iterating expression type list Greg Kroah-Hartman
@ 2024-12-03 14:38 ` Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 320/817] netlink: typographical error in nlmsg_type constants definition Greg Kroah-Hartman
` (507 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Florian Westphal, Pablo Neira Ayuso,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Florian Westphal <fw@strlen.de>
[ Upstream commit cddc04275f95ca3b18da5c0fb111705ac173af89 ]
Update of stateful object triggers:
WARNING: suspicious RCU usage
net/netfilter/nf_tables_api.c:7759 RCU-list traversed in non-reader section!!
other info that might help us debug this:
rcu_scheduler_active = 2, debug_locks = 1
1 lock held by nft/3060:
#0: ffff88810f0578c8 (&nft_net->commit_mutex){+.+.}-{4:4}, [..]
... but this list is not protected by the transaction mutex but the
nfnl nftables subsystem mutex.
Switch to nft_obj_type_get which will acquire rcu read lock,
bump refcount, and returns the result.
v3: Dan Carpenter points out nft_obj_type_get returns error pointer, not
NULL, on error.
Fixes: dad3bdeef45f ("netfilter: nf_tables: fix memory leak during stateful obj update").
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/netfilter/nf_tables_api.c | 13 ++++++-------
1 file changed, 6 insertions(+), 7 deletions(-)
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index a7a1913aa2917..f69e29917087a 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -7783,9 +7783,7 @@ static int nf_tables_updobj(const struct nft_ctx *ctx,
struct nft_trans *trans;
int err = -ENOMEM;
- if (!try_module_get(type->owner))
- return -ENOENT;
-
+ /* caller must have obtained type->owner reference. */
trans = nft_trans_alloc(ctx, NFT_MSG_NEWOBJ,
sizeof(struct nft_trans_obj));
if (!trans)
@@ -7853,15 +7851,16 @@ static int nf_tables_newobj(struct sk_buff *skb, const struct nfnl_info *info,
if (info->nlh->nlmsg_flags & NLM_F_REPLACE)
return -EOPNOTSUPP;
- type = __nft_obj_type_get(objtype, family);
- if (WARN_ON_ONCE(!type))
- return -ENOENT;
-
if (!obj->ops->update)
return 0;
+ type = nft_obj_type_get(net, objtype, family);
+ if (WARN_ON_ONCE(IS_ERR(type)))
+ return PTR_ERR(type);
+
nft_ctx_init(&ctx, net, skb, info->nlh, family, table, NULL, nla);
+ /* type->owner reference is put when transaction object is released. */
return nf_tables_updobj(&ctx, type, nla[NFTA_OBJ_DATA], obj);
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 320/817] netlink: typographical error in nlmsg_type constants definition
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (318 preceding siblings ...)
2024-12-03 14:38 ` [PATCH 6.11 319/817] netfilter: nf_tables: must hold rcu read lock while iterating object " Greg Kroah-Hartman
@ 2024-12-03 14:38 ` Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 321/817] wifi: rtw89: coex: check NULL return of kmalloc in btc_fw_set_monreg() Greg Kroah-Hartman
` (506 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Maurice Lambert, Jakub Kicinski,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Maurice Lambert <mauricelambert434@gmail.com>
[ Upstream commit 84bfbfbbd32aee136afea4b6bf82581dce79c305 ]
This commit fix a typographical error in netlink nlmsg_type constants definition in the include/uapi/linux/rtnetlink.h at line 177. The definition is RTM_NEWNVLAN RTM_NEWVLAN instead of RTM_NEWVLAN RTM_NEWVLAN.
Signed-off-by: Maurice Lambert <mauricelambert434@gmail.com>
Fixes: 8dcea187088b ("net: bridge: vlan: add rtm definitions and dump support")
Link: https://patch.msgid.link/20241103223950.230300-1-mauricelambert434@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/uapi/linux/rtnetlink.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/uapi/linux/rtnetlink.h b/include/uapi/linux/rtnetlink.h
index 3b687d20c9ed3..db7254d52d935 100644
--- a/include/uapi/linux/rtnetlink.h
+++ b/include/uapi/linux/rtnetlink.h
@@ -174,7 +174,7 @@ enum {
#define RTM_GETLINKPROP RTM_GETLINKPROP
RTM_NEWVLAN = 112,
-#define RTM_NEWNVLAN RTM_NEWVLAN
+#define RTM_NEWVLAN RTM_NEWVLAN
RTM_DELVLAN,
#define RTM_DELVLAN RTM_DELVLAN
RTM_GETVLAN,
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 321/817] wifi: rtw89: coex: check NULL return of kmalloc in btc_fw_set_monreg()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (319 preceding siblings ...)
2024-12-03 14:38 ` [PATCH 6.11 320/817] netlink: typographical error in nlmsg_type constants definition Greg Kroah-Hartman
@ 2024-12-03 14:38 ` Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 322/817] drm/panfrost: Add missing OPP table refcnt decremental Greg Kroah-Hartman
` (505 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:38 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Pei Xiao, Ping-Ke Shih, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Pei Xiao <xiaopei01@kylinos.cn>
[ Upstream commit 81df5ed446b448bdc327b7c7f0b50121fc1f4aa2 ]
kmalloc may fail, return value might be NULL and will cause
NULL pointer dereference. Add check NULL return of kmalloc in
btc_fw_set_monreg().
Signed-off-by: Pei Xiao <xiaopei01@kylinos.cn>
Fixes: b952cb0a6e2d ("wifi: rtw89: coex: Add register monitor report v7 format")
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Link: https://patch.msgid.link/516a91f3997534f708af43c7592cbafdd53dd599.1730253508.git.xiaopei01@kylinos.cn
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/realtek/rtw89/coex.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/net/wireless/realtek/rtw89/coex.c b/drivers/net/wireless/realtek/rtw89/coex.c
index 24929ef534e08..3f4754b7c9d09 100644
--- a/drivers/net/wireless/realtek/rtw89/coex.c
+++ b/drivers/net/wireless/realtek/rtw89/coex.c
@@ -2449,6 +2449,8 @@ static void btc_fw_set_monreg(struct rtw89_dev *rtwdev)
if (ver->fcxmreg == 7) {
sz = struct_size(v7, regs, n);
v7 = kmalloc(sz, GFP_KERNEL);
+ if (!v7)
+ return;
v7->type = RPT_EN_MREG;
v7->fver = ver->fcxmreg;
v7->len = n;
@@ -2463,6 +2465,8 @@ static void btc_fw_set_monreg(struct rtw89_dev *rtwdev)
} else {
sz = struct_size(v1, regs, n);
v1 = kmalloc(sz, GFP_KERNEL);
+ if (!v1)
+ return;
v1->fver = ver->fcxmreg;
v1->reg_num = n;
memcpy(v1->regs, chip->mon_reg, flex_array_size(v1, regs, n));
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 322/817] drm/panfrost: Add missing OPP table refcnt decremental
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (320 preceding siblings ...)
2024-12-03 14:38 ` [PATCH 6.11 321/817] wifi: rtw89: coex: check NULL return of kmalloc in btc_fw_set_monreg() Greg Kroah-Hartman
@ 2024-12-03 14:38 ` Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 323/817] drm/panthor: introduce job cycle and timestamp accounting Greg Kroah-Hartman
` (504 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Adrián Larumbe, Steven Price,
Liviu Dudau, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Adrián Larumbe <adrian.larumbe@collabora.com>
[ Upstream commit 043e8afebf6c19abde9da1ac3d5cbf8b7ac8393f ]
Commit f11b0417eec2 ("drm/panfrost: Add fdinfo support GPU load metrics")
retrieves the OPP for the maximum device clock frequency, but forgets to
keep the reference count balanced by putting the returned OPP object. This
eventually leads to an OPP core warning when removing the device.
Fix it by putting OPP objects as many times as they're retrieved.
Also remove an unnecessary whitespace.
Signed-off-by: Adrián Larumbe <adrian.larumbe@collabora.com>
Fixes: f11b0417eec2 ("drm/panfrost: Add fdinfo support GPU load metrics")
Reviewed-by: Steven Price <steven.price@arm.com>
Reviewed-by: Liviu Dudau <liviu.dudau@arm.com>
Signed-off-by: Steven Price <steven.price@arm.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20241105205458.1318989-1-adrian.larumbe@collabora.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/panfrost/panfrost_devfreq.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/panfrost/panfrost_devfreq.c b/drivers/gpu/drm/panfrost/panfrost_devfreq.c
index 2d30da38c2c3e..3385fd3ef41a4 100644
--- a/drivers/gpu/drm/panfrost/panfrost_devfreq.c
+++ b/drivers/gpu/drm/panfrost/panfrost_devfreq.c
@@ -38,7 +38,7 @@ static int panfrost_devfreq_target(struct device *dev, unsigned long *freq,
return PTR_ERR(opp);
dev_pm_opp_put(opp);
- err = dev_pm_opp_set_rate(dev, *freq);
+ err = dev_pm_opp_set_rate(dev, *freq);
if (!err)
ptdev->pfdevfreq.current_frequency = *freq;
@@ -182,6 +182,7 @@ int panfrost_devfreq_init(struct panfrost_device *pfdev)
* if any and will avoid a switch off by regulator_late_cleanup()
*/
ret = dev_pm_opp_set_opp(dev, opp);
+ dev_pm_opp_put(opp);
if (ret) {
DRM_DEV_ERROR(dev, "Couldn't set recommended OPP\n");
return ret;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 323/817] drm/panthor: introduce job cycle and timestamp accounting
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (321 preceding siblings ...)
2024-12-03 14:38 ` [PATCH 6.11 322/817] drm/panfrost: Add missing OPP table refcnt decremental Greg Kroah-Hartman
@ 2024-12-03 14:38 ` Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 324/817] drm/panthor: record current and maximum device clock frequencies Greg Kroah-Hartman
` (503 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Adrián Larumbe, Boris Brezillon,
Liviu Dudau, Steven Price, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Adrián Larumbe <adrian.larumbe@collabora.com>
[ Upstream commit f8ff51a4708451763e6cfa36cc83dea8513d3318 ]
Enable calculations of job submission times in clock cycles and wall
time. This is done by expanding the boilerplate command stream when running
a job to include instructions that compute said times right before and
after a user CS.
A separate kernel BO is created per queue to store those values. Jobs can
access their sampled data through an index different from that of the
queue's ringbuffer. The reason for this is saving memory on the profiling
information kernel BO, since the amount of simultaneous profiled jobs we
can write into the queue's ringbuffer might be much smaller than for
regular jobs, as the former take more CSF instructions.
This commit is done in preparation for enabling DRM fdinfo support in the
Panthor driver, which depends on the numbers calculated herein.
A profile mode mask has been added that will in a future commit allow UM to
toggle performance metric sampling behaviour, which is disabled by default
to save power. When a ringbuffer CS is constructed, timestamp and cycling
sampling instructions are added depending on the enabled flags in the
profiling mask.
A helper was provided that calculates the number of instructions for a
given set of enablement mask, and these are passed as the number of credits
when initialising a DRM scheduler job.
Signed-off-by: Adrián Larumbe <adrian.larumbe@collabora.com>
Reviewed-by: Boris Brezillon <boris.brezillon@collabora.com>
Reviewed-by: Liviu Dudau <liviu.dudau@arm.com>
Reviewed-by: Steven Price <steven.price@arm.com>
Signed-off-by: Boris Brezillon <boris.brezillon@collabora.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20240923230912.2207320-2-adrian.larumbe@collabora.com
Stable-dep-of: 21c23e4b64e3 ("drm/panthor: Fix OPP refcnt leaks in devfreq initialisation")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/panthor/panthor_device.h | 22 ++
drivers/gpu/drm/panthor/panthor_sched.c | 333 +++++++++++++++++++----
2 files changed, 306 insertions(+), 49 deletions(-)
diff --git a/drivers/gpu/drm/panthor/panthor_device.h b/drivers/gpu/drm/panthor/panthor_device.h
index e388c0472ba78..a48e30d0af309 100644
--- a/drivers/gpu/drm/panthor/panthor_device.h
+++ b/drivers/gpu/drm/panthor/panthor_device.h
@@ -66,6 +66,25 @@ struct panthor_irq {
atomic_t suspended;
};
+/**
+ * enum panthor_device_profiling_mode - Profiling state
+ */
+enum panthor_device_profiling_flags {
+ /** @PANTHOR_DEVICE_PROFILING_DISABLED: Profiling is disabled. */
+ PANTHOR_DEVICE_PROFILING_DISABLED = 0,
+
+ /** @PANTHOR_DEVICE_PROFILING_CYCLES: Sampling job cycles. */
+ PANTHOR_DEVICE_PROFILING_CYCLES = BIT(0),
+
+ /** @PANTHOR_DEVICE_PROFILING_TIMESTAMP: Sampling job timestamp. */
+ PANTHOR_DEVICE_PROFILING_TIMESTAMP = BIT(1),
+
+ /** @PANTHOR_DEVICE_PROFILING_ALL: Sampling everything. */
+ PANTHOR_DEVICE_PROFILING_ALL =
+ PANTHOR_DEVICE_PROFILING_CYCLES |
+ PANTHOR_DEVICE_PROFILING_TIMESTAMP,
+};
+
/**
* struct panthor_device - Panthor device
*/
@@ -162,6 +181,9 @@ struct panthor_device {
*/
struct page *dummy_latest_flush;
} pm;
+
+ /** @profile_mask: User-set profiling flags for job accounting. */
+ u32 profile_mask;
};
/**
diff --git a/drivers/gpu/drm/panthor/panthor_sched.c b/drivers/gpu/drm/panthor/panthor_sched.c
index e9234488dc2b4..db0874c8cce07 100644
--- a/drivers/gpu/drm/panthor/panthor_sched.c
+++ b/drivers/gpu/drm/panthor/panthor_sched.c
@@ -93,6 +93,9 @@
#define MIN_CSGS 3
#define MAX_CSG_PRIO 0xf
+#define NUM_INSTRS_PER_CACHE_LINE (64 / sizeof(u64))
+#define MAX_INSTRS_PER_JOB 24
+
struct panthor_group;
/**
@@ -476,6 +479,18 @@ struct panthor_queue {
*/
struct list_head in_flight_jobs;
} fence_ctx;
+
+ /** @profiling: Job profiling data slots and access information. */
+ struct {
+ /** @slots: Kernel BO holding the slots. */
+ struct panthor_kernel_bo *slots;
+
+ /** @slot_count: Number of jobs ringbuffer can hold at once. */
+ u32 slot_count;
+
+ /** @seqno: Index of the next available profiling information slot. */
+ u32 seqno;
+ } profiling;
};
/**
@@ -662,6 +677,18 @@ struct panthor_group {
struct list_head wait_node;
};
+struct panthor_job_profiling_data {
+ struct {
+ u64 before;
+ u64 after;
+ } cycles;
+
+ struct {
+ u64 before;
+ u64 after;
+ } time;
+};
+
/**
* group_queue_work() - Queue a group work
* @group: Group to queue the work for.
@@ -775,6 +802,15 @@ struct panthor_job {
/** @done_fence: Fence signaled when the job is finished or cancelled. */
struct dma_fence *done_fence;
+
+ /** @profiling: Job profiling information. */
+ struct {
+ /** @mask: Current device job profiling enablement bitmask. */
+ u32 mask;
+
+ /** @slot: Job index in the profiling slots BO. */
+ u32 slot;
+ } profiling;
};
static void
@@ -839,6 +875,7 @@ static void group_free_queue(struct panthor_group *group, struct panthor_queue *
panthor_kernel_bo_destroy(queue->ringbuf);
panthor_kernel_bo_destroy(queue->iface.mem);
+ panthor_kernel_bo_destroy(queue->profiling.slots);
/* Release the last_fence we were holding, if any. */
dma_fence_put(queue->fence_ctx.last_fence);
@@ -1989,8 +2026,6 @@ tick_ctx_init(struct panthor_scheduler *sched,
}
}
-#define NUM_INSTRS_PER_SLOT 16
-
static void
group_term_post_processing(struct panthor_group *group)
{
@@ -2829,65 +2864,198 @@ static void group_sync_upd_work(struct work_struct *work)
group_put(group);
}
-static struct dma_fence *
-queue_run_job(struct drm_sched_job *sched_job)
+struct panthor_job_ringbuf_instrs {
+ u64 buffer[MAX_INSTRS_PER_JOB];
+ u32 count;
+};
+
+struct panthor_job_instr {
+ u32 profile_mask;
+ u64 instr;
+};
+
+#define JOB_INSTR(__prof, __instr) \
+ { \
+ .profile_mask = __prof, \
+ .instr = __instr, \
+ }
+
+static void
+copy_instrs_to_ringbuf(struct panthor_queue *queue,
+ struct panthor_job *job,
+ struct panthor_job_ringbuf_instrs *instrs)
+{
+ u64 ringbuf_size = panthor_kernel_bo_size(queue->ringbuf);
+ u64 start = job->ringbuf.start & (ringbuf_size - 1);
+ u64 size, written;
+
+ /*
+ * We need to write a whole slot, including any trailing zeroes
+ * that may come at the end of it. Also, because instrs.buffer has
+ * been zero-initialised, there's no need to pad it with 0's
+ */
+ instrs->count = ALIGN(instrs->count, NUM_INSTRS_PER_CACHE_LINE);
+ size = instrs->count * sizeof(u64);
+ WARN_ON(size > ringbuf_size);
+ written = min(ringbuf_size - start, size);
+
+ memcpy(queue->ringbuf->kmap + start, instrs->buffer, written);
+
+ if (written < size)
+ memcpy(queue->ringbuf->kmap,
+ &instrs->buffer[written / sizeof(u64)],
+ size - written);
+}
+
+struct panthor_job_cs_params {
+ u32 profile_mask;
+ u64 addr_reg; u64 val_reg;
+ u64 cycle_reg; u64 time_reg;
+ u64 sync_addr; u64 times_addr;
+ u64 cs_start; u64 cs_size;
+ u32 last_flush; u32 waitall_mask;
+};
+
+static void
+get_job_cs_params(struct panthor_job *job, struct panthor_job_cs_params *params)
{
- struct panthor_job *job = container_of(sched_job, struct panthor_job, base);
struct panthor_group *group = job->group;
struct panthor_queue *queue = group->queues[job->queue_idx];
struct panthor_device *ptdev = group->ptdev;
struct panthor_scheduler *sched = ptdev->scheduler;
- u32 ringbuf_size = panthor_kernel_bo_size(queue->ringbuf);
- u32 ringbuf_insert = queue->iface.input->insert & (ringbuf_size - 1);
- u64 addr_reg = ptdev->csif_info.cs_reg_count -
- ptdev->csif_info.unpreserved_cs_reg_count;
- u64 val_reg = addr_reg + 2;
- u64 sync_addr = panthor_kernel_bo_gpuva(group->syncobjs) +
- job->queue_idx * sizeof(struct panthor_syncobj_64b);
- u32 waitall_mask = GENMASK(sched->sb_slot_count - 1, 0);
- struct dma_fence *done_fence;
- int ret;
- u64 call_instrs[NUM_INSTRS_PER_SLOT] = {
- /* MOV32 rX+2, cs.latest_flush */
- (2ull << 56) | (val_reg << 48) | job->call_info.latest_flush,
+ params->addr_reg = ptdev->csif_info.cs_reg_count -
+ ptdev->csif_info.unpreserved_cs_reg_count;
+ params->val_reg = params->addr_reg + 2;
+ params->cycle_reg = params->addr_reg;
+ params->time_reg = params->val_reg;
- /* FLUSH_CACHE2.clean_inv_all.no_wait.signal(0) rX+2 */
- (36ull << 56) | (0ull << 48) | (val_reg << 40) | (0 << 16) | 0x233,
+ params->sync_addr = panthor_kernel_bo_gpuva(group->syncobjs) +
+ job->queue_idx * sizeof(struct panthor_syncobj_64b);
+ params->times_addr = panthor_kernel_bo_gpuva(queue->profiling.slots) +
+ (job->profiling.slot * sizeof(struct panthor_job_profiling_data));
+ params->waitall_mask = GENMASK(sched->sb_slot_count - 1, 0);
- /* MOV48 rX:rX+1, cs.start */
- (1ull << 56) | (addr_reg << 48) | job->call_info.start,
+ params->cs_start = job->call_info.start;
+ params->cs_size = job->call_info.size;
+ params->last_flush = job->call_info.latest_flush;
- /* MOV32 rX+2, cs.size */
- (2ull << 56) | (val_reg << 48) | job->call_info.size,
+ params->profile_mask = job->profiling.mask;
+}
- /* WAIT(0) => waits for FLUSH_CACHE2 instruction */
- (3ull << 56) | (1 << 16),
+#define JOB_INSTR_ALWAYS(instr) \
+ JOB_INSTR(PANTHOR_DEVICE_PROFILING_DISABLED, (instr))
+#define JOB_INSTR_TIMESTAMP(instr) \
+ JOB_INSTR(PANTHOR_DEVICE_PROFILING_TIMESTAMP, (instr))
+#define JOB_INSTR_CYCLES(instr) \
+ JOB_INSTR(PANTHOR_DEVICE_PROFILING_CYCLES, (instr))
+static void
+prepare_job_instrs(const struct panthor_job_cs_params *params,
+ struct panthor_job_ringbuf_instrs *instrs)
+{
+ const struct panthor_job_instr instr_seq[] = {
+ /* MOV32 rX+2, cs.latest_flush */
+ JOB_INSTR_ALWAYS((2ull << 56) | (params->val_reg << 48) | params->last_flush),
+ /* FLUSH_CACHE2.clean_inv_all.no_wait.signal(0) rX+2 */
+ JOB_INSTR_ALWAYS((36ull << 56) | (0ull << 48) | (params->val_reg << 40) |
+ (0 << 16) | 0x233),
+ /* MOV48 rX:rX+1, cycles_offset */
+ JOB_INSTR_CYCLES((1ull << 56) | (params->cycle_reg << 48) |
+ (params->times_addr +
+ offsetof(struct panthor_job_profiling_data, cycles.before))),
+ /* STORE_STATE cycles */
+ JOB_INSTR_CYCLES((40ull << 56) | (params->cycle_reg << 40) | (1ll << 32)),
+ /* MOV48 rX:rX+1, time_offset */
+ JOB_INSTR_TIMESTAMP((1ull << 56) | (params->time_reg << 48) |
+ (params->times_addr +
+ offsetof(struct panthor_job_profiling_data, time.before))),
+ /* STORE_STATE timer */
+ JOB_INSTR_TIMESTAMP((40ull << 56) | (params->time_reg << 40) | (0ll << 32)),
+ /* MOV48 rX:rX+1, cs.start */
+ JOB_INSTR_ALWAYS((1ull << 56) | (params->addr_reg << 48) | params->cs_start),
+ /* MOV32 rX+2, cs.size */
+ JOB_INSTR_ALWAYS((2ull << 56) | (params->val_reg << 48) | params->cs_size),
+ /* WAIT(0) => waits for FLUSH_CACHE2 instruction */
+ JOB_INSTR_ALWAYS((3ull << 56) | (1 << 16)),
/* CALL rX:rX+1, rX+2 */
- (32ull << 56) | (addr_reg << 40) | (val_reg << 32),
-
+ JOB_INSTR_ALWAYS((32ull << 56) | (params->addr_reg << 40) |
+ (params->val_reg << 32)),
+ /* MOV48 rX:rX+1, cycles_offset */
+ JOB_INSTR_CYCLES((1ull << 56) | (params->cycle_reg << 48) |
+ (params->times_addr +
+ offsetof(struct panthor_job_profiling_data, cycles.after))),
+ /* STORE_STATE cycles */
+ JOB_INSTR_CYCLES((40ull << 56) | (params->cycle_reg << 40) | (1ll << 32)),
+ /* MOV48 rX:rX+1, time_offset */
+ JOB_INSTR_TIMESTAMP((1ull << 56) | (params->time_reg << 48) |
+ (params->times_addr +
+ offsetof(struct panthor_job_profiling_data, time.after))),
+ /* STORE_STATE timer */
+ JOB_INSTR_TIMESTAMP((40ull << 56) | (params->time_reg << 40) | (0ll << 32)),
/* MOV48 rX:rX+1, sync_addr */
- (1ull << 56) | (addr_reg << 48) | sync_addr,
-
+ JOB_INSTR_ALWAYS((1ull << 56) | (params->addr_reg << 48) | params->sync_addr),
/* MOV48 rX+2, #1 */
- (1ull << 56) | (val_reg << 48) | 1,
-
+ JOB_INSTR_ALWAYS((1ull << 56) | (params->val_reg << 48) | 1),
/* WAIT(all) */
- (3ull << 56) | (waitall_mask << 16),
-
+ JOB_INSTR_ALWAYS((3ull << 56) | (params->waitall_mask << 16)),
/* SYNC_ADD64.system_scope.propage_err.nowait rX:rX+1, rX+2*/
- (51ull << 56) | (0ull << 48) | (addr_reg << 40) | (val_reg << 32) | (0 << 16) | 1,
+ JOB_INSTR_ALWAYS((51ull << 56) | (0ull << 48) | (params->addr_reg << 40) |
+ (params->val_reg << 32) | (0 << 16) | 1),
+ /* ERROR_BARRIER, so we can recover from faults at job boundaries. */
+ JOB_INSTR_ALWAYS((47ull << 56)),
+ };
+ u32 pad;
- /* ERROR_BARRIER, so we can recover from faults at job
- * boundaries.
- */
- (47ull << 56),
+ instrs->count = 0;
+
+ /* NEED to be cacheline aligned to please the prefetcher. */
+ static_assert(sizeof(instrs->buffer) % 64 == 0,
+ "panthor_job_ringbuf_instrs::buffer is not aligned on a cacheline");
+
+ /* Make sure we have enough storage to store the whole sequence. */
+ static_assert(ALIGN(ARRAY_SIZE(instr_seq), NUM_INSTRS_PER_CACHE_LINE) ==
+ ARRAY_SIZE(instrs->buffer),
+ "instr_seq vs panthor_job_ringbuf_instrs::buffer size mismatch");
+
+ for (u32 i = 0; i < ARRAY_SIZE(instr_seq); i++) {
+ /* If the profile mask of this instruction is not enabled, skip it. */
+ if (instr_seq[i].profile_mask &&
+ !(instr_seq[i].profile_mask & params->profile_mask))
+ continue;
+
+ instrs->buffer[instrs->count++] = instr_seq[i].instr;
+ }
+
+ pad = ALIGN(instrs->count, NUM_INSTRS_PER_CACHE_LINE);
+ memset(&instrs->buffer[instrs->count], 0,
+ (pad - instrs->count) * sizeof(instrs->buffer[0]));
+ instrs->count = pad;
+}
+
+static u32 calc_job_credits(u32 profile_mask)
+{
+ struct panthor_job_ringbuf_instrs instrs;
+ struct panthor_job_cs_params params = {
+ .profile_mask = profile_mask,
};
- /* Need to be cacheline aligned to please the prefetcher. */
- static_assert(sizeof(call_instrs) % 64 == 0,
- "call_instrs is not aligned on a cacheline");
+ prepare_job_instrs(¶ms, &instrs);
+ return instrs.count;
+}
+
+static struct dma_fence *
+queue_run_job(struct drm_sched_job *sched_job)
+{
+ struct panthor_job *job = container_of(sched_job, struct panthor_job, base);
+ struct panthor_group *group = job->group;
+ struct panthor_queue *queue = group->queues[job->queue_idx];
+ struct panthor_device *ptdev = group->ptdev;
+ struct panthor_scheduler *sched = ptdev->scheduler;
+ struct panthor_job_ringbuf_instrs instrs;
+ struct panthor_job_cs_params cs_params;
+ struct dma_fence *done_fence;
+ int ret;
/* Stream size is zero, nothing to do except making sure all previously
* submitted jobs are done before we signal the
@@ -2914,17 +3082,23 @@ queue_run_job(struct drm_sched_job *sched_job)
queue->fence_ctx.id,
atomic64_inc_return(&queue->fence_ctx.seqno));
- memcpy(queue->ringbuf->kmap + ringbuf_insert,
- call_instrs, sizeof(call_instrs));
+ job->profiling.slot = queue->profiling.seqno++;
+ if (queue->profiling.seqno == queue->profiling.slot_count)
+ queue->profiling.seqno = 0;
+
+ job->ringbuf.start = queue->iface.input->insert;
+
+ get_job_cs_params(job, &cs_params);
+ prepare_job_instrs(&cs_params, &instrs);
+ copy_instrs_to_ringbuf(queue, job, &instrs);
+
+ job->ringbuf.end = job->ringbuf.start + (instrs.count * sizeof(u64));
panthor_job_get(&job->base);
spin_lock(&queue->fence_ctx.lock);
list_add_tail(&job->node, &queue->fence_ctx.in_flight_jobs);
spin_unlock(&queue->fence_ctx.lock);
- job->ringbuf.start = queue->iface.input->insert;
- job->ringbuf.end = job->ringbuf.start + sizeof(call_instrs);
-
/* Make sure the ring buffer is updated before the INSERT
* register.
*/
@@ -3017,6 +3191,33 @@ static const struct drm_sched_backend_ops panthor_queue_sched_ops = {
.free_job = queue_free_job,
};
+static u32 calc_profiling_ringbuf_num_slots(struct panthor_device *ptdev,
+ u32 cs_ringbuf_size)
+{
+ u32 min_profiled_job_instrs = U32_MAX;
+ u32 last_flag = fls(PANTHOR_DEVICE_PROFILING_ALL);
+
+ /*
+ * We want to calculate the minimum size of a profiled job's CS,
+ * because since they need additional instructions for the sampling
+ * of performance metrics, they might take up further slots in
+ * the queue's ringbuffer. This means we might not need as many job
+ * slots for keeping track of their profiling information. What we
+ * need is the maximum number of slots we should allocate to this end,
+ * which matches the maximum number of profiled jobs we can place
+ * simultaneously in the queue's ring buffer.
+ * That has to be calculated separately for every single job profiling
+ * flag, but not in the case job profiling is disabled, since unprofiled
+ * jobs don't need to keep track of this at all.
+ */
+ for (u32 i = 0; i < last_flag; i++) {
+ min_profiled_job_instrs =
+ min(min_profiled_job_instrs, calc_job_credits(BIT(i)));
+ }
+
+ return DIV_ROUND_UP(cs_ringbuf_size, min_profiled_job_instrs * sizeof(u64));
+}
+
static struct panthor_queue *
group_create_queue(struct panthor_group *group,
const struct drm_panthor_queue_create *args)
@@ -3070,9 +3271,35 @@ group_create_queue(struct panthor_group *group,
goto err_free_queue;
}
+ queue->profiling.slot_count =
+ calc_profiling_ringbuf_num_slots(group->ptdev, args->ringbuf_size);
+
+ queue->profiling.slots =
+ panthor_kernel_bo_create(group->ptdev, group->vm,
+ queue->profiling.slot_count *
+ sizeof(struct panthor_job_profiling_data),
+ DRM_PANTHOR_BO_NO_MMAP,
+ DRM_PANTHOR_VM_BIND_OP_MAP_NOEXEC |
+ DRM_PANTHOR_VM_BIND_OP_MAP_UNCACHED,
+ PANTHOR_VM_KERNEL_AUTO_VA);
+
+ if (IS_ERR(queue->profiling.slots)) {
+ ret = PTR_ERR(queue->profiling.slots);
+ goto err_free_queue;
+ }
+
+ ret = panthor_kernel_bo_vmap(queue->profiling.slots);
+ if (ret)
+ goto err_free_queue;
+
+ /*
+ * Credit limit argument tells us the total number of instructions
+ * across all CS slots in the ringbuffer, with some jobs requiring
+ * twice as many as others, depending on their profiling status.
+ */
ret = drm_sched_init(&queue->scheduler, &panthor_queue_sched_ops,
group->ptdev->scheduler->wq, 1,
- args->ringbuf_size / (NUM_INSTRS_PER_SLOT * sizeof(u64)),
+ args->ringbuf_size / sizeof(u64),
0, msecs_to_jiffies(JOB_TIMEOUT_MS),
group->ptdev->reset.wq,
NULL, "panthor-queue", group->ptdev->base.dev);
@@ -3380,6 +3607,7 @@ panthor_job_create(struct panthor_file *pfile,
{
struct panthor_group_pool *gpool = pfile->groups;
struct panthor_job *job;
+ u32 credits;
int ret;
if (qsubmit->pad)
@@ -3438,9 +3666,16 @@ panthor_job_create(struct panthor_file *pfile,
}
}
+ job->profiling.mask = pfile->ptdev->profile_mask;
+ credits = calc_job_credits(job->profiling.mask);
+ if (credits == 0) {
+ ret = -EINVAL;
+ goto err_put_job;
+ }
+
ret = drm_sched_job_init(&job->base,
&job->group->queues[job->queue_idx]->entity,
- 1, job->group);
+ credits, job->group);
if (ret)
goto err_put_job;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 324/817] drm/panthor: record current and maximum device clock frequencies
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (322 preceding siblings ...)
2024-12-03 14:38 ` [PATCH 6.11 323/817] drm/panthor: introduce job cycle and timestamp accounting Greg Kroah-Hartman
@ 2024-12-03 14:38 ` Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 325/817] drm/panthor: Fix OPP refcnt leaks in devfreq initialisation Greg Kroah-Hartman
` (502 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Adrián Larumbe, Steven Price,
Boris Brezillon, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Adrián Larumbe <adrian.larumbe@collabora.com>
[ Upstream commit 37591ae11f89cdfc0a647945a589468642a44c17 ]
In order to support UM in calculating rates of GPU utilisation, the current
operating and maximum GPU clock frequencies must be recorded during device
initialisation, and also during OPP state transitions.
Signed-off-by: Adrián Larumbe <adrian.larumbe@collabora.com>
Reviewed-by: Steven Price <steven.price@arm.com>
Reviewed-by: Boris Brezillon <boris.brezillon@collabora.com>
Signed-off-by: Boris Brezillon <boris.brezillon@collabora.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20240923230912.2207320-3-adrian.larumbe@collabora.com
Stable-dep-of: 21c23e4b64e3 ("drm/panthor: Fix OPP refcnt leaks in devfreq initialisation")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/panthor/panthor_devfreq.c | 18 +++++++++++++++++-
drivers/gpu/drm/panthor/panthor_device.h | 6 ++++++
2 files changed, 23 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/panthor/panthor_devfreq.c b/drivers/gpu/drm/panthor/panthor_devfreq.c
index c6d3c327cc24c..9d0f891b9b534 100644
--- a/drivers/gpu/drm/panthor/panthor_devfreq.c
+++ b/drivers/gpu/drm/panthor/panthor_devfreq.c
@@ -62,14 +62,20 @@ static void panthor_devfreq_update_utilization(struct panthor_devfreq *pdevfreq)
static int panthor_devfreq_target(struct device *dev, unsigned long *freq,
u32 flags)
{
+ struct panthor_device *ptdev = dev_get_drvdata(dev);
struct dev_pm_opp *opp;
+ int err;
opp = devfreq_recommended_opp(dev, freq, flags);
if (IS_ERR(opp))
return PTR_ERR(opp);
dev_pm_opp_put(opp);
- return dev_pm_opp_set_rate(dev, *freq);
+ err = dev_pm_opp_set_rate(dev, *freq);
+ if (!err)
+ ptdev->current_frequency = *freq;
+
+ return err;
}
static void panthor_devfreq_reset(struct panthor_devfreq *pdevfreq)
@@ -130,6 +136,7 @@ int panthor_devfreq_init(struct panthor_device *ptdev)
struct panthor_devfreq *pdevfreq;
struct dev_pm_opp *opp;
unsigned long cur_freq;
+ unsigned long freq = ULONG_MAX;
int ret;
pdevfreq = drmm_kzalloc(&ptdev->base, sizeof(*ptdev->devfreq), GFP_KERNEL);
@@ -161,6 +168,7 @@ int panthor_devfreq_init(struct panthor_device *ptdev)
return PTR_ERR(opp);
panthor_devfreq_profile.initial_freq = cur_freq;
+ ptdev->current_frequency = cur_freq;
/* Regulator coupling only takes care of synchronizing/balancing voltage
* updates, but the coupled regulator needs to be enabled manually.
@@ -204,6 +212,14 @@ int panthor_devfreq_init(struct panthor_device *ptdev)
dev_pm_opp_put(opp);
+ /* Find the fastest defined rate */
+ opp = dev_pm_opp_find_freq_floor(dev, &freq);
+ if (IS_ERR(opp))
+ return PTR_ERR(opp);
+ ptdev->fast_rate = freq;
+
+ dev_pm_opp_put(opp);
+
/*
* Setup default thresholds for the simple_ondemand governor.
* The values are chosen based on experiments.
diff --git a/drivers/gpu/drm/panthor/panthor_device.h b/drivers/gpu/drm/panthor/panthor_device.h
index a48e30d0af309..2109905813e8c 100644
--- a/drivers/gpu/drm/panthor/panthor_device.h
+++ b/drivers/gpu/drm/panthor/panthor_device.h
@@ -184,6 +184,12 @@ struct panthor_device {
/** @profile_mask: User-set profiling flags for job accounting. */
u32 profile_mask;
+
+ /** @current_frequency: Device clock frequency at present. Set by DVFS*/
+ unsigned long current_frequency;
+
+ /** @fast_rate: Maximum device clock frequency. Set by DVFS */
+ unsigned long fast_rate;
};
/**
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 325/817] drm/panthor: Fix OPP refcnt leaks in devfreq initialisation
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (323 preceding siblings ...)
2024-12-03 14:38 ` [PATCH 6.11 324/817] drm/panthor: record current and maximum device clock frequencies Greg Kroah-Hartman
@ 2024-12-03 14:38 ` Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 326/817] isofs: avoid memory leak in iocharset Greg Kroah-Hartman
` (501 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Adrián Larumbe, Steven Price,
Liviu Dudau, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Adrián Larumbe <adrian.larumbe@collabora.com>
[ Upstream commit 21c23e4b64e360d74d31b480f0572c2add0e8558 ]
Rearrange lookup of recommended OPP for the Mali GPU device and its refcnt
decremental to make sure no OPP object leaks happen in the error path.
Signed-off-by: Adrián Larumbe <adrian.larumbe@collabora.com>
Fixes: fac9b22df4b1 ("drm/panthor: Add the devfreq logical block")
Reviewed-by: Steven Price <steven.price@arm.com>
Reviewed-by: Liviu Dudau <liviu.dudau@arm.com>
Signed-off-by: Steven Price <steven.price@arm.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20241105205458.1318989-2-adrian.larumbe@collabora.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/panthor/panthor_devfreq.c | 17 ++++++++---------
1 file changed, 8 insertions(+), 9 deletions(-)
diff --git a/drivers/gpu/drm/panthor/panthor_devfreq.c b/drivers/gpu/drm/panthor/panthor_devfreq.c
index 9d0f891b9b534..ecc7a52bd688e 100644
--- a/drivers/gpu/drm/panthor/panthor_devfreq.c
+++ b/drivers/gpu/drm/panthor/panthor_devfreq.c
@@ -163,13 +163,6 @@ int panthor_devfreq_init(struct panthor_device *ptdev)
cur_freq = clk_get_rate(ptdev->clks.core);
- opp = devfreq_recommended_opp(dev, &cur_freq, 0);
- if (IS_ERR(opp))
- return PTR_ERR(opp);
-
- panthor_devfreq_profile.initial_freq = cur_freq;
- ptdev->current_frequency = cur_freq;
-
/* Regulator coupling only takes care of synchronizing/balancing voltage
* updates, but the coupled regulator needs to be enabled manually.
*
@@ -200,18 +193,24 @@ int panthor_devfreq_init(struct panthor_device *ptdev)
return ret;
}
+ opp = devfreq_recommended_opp(dev, &cur_freq, 0);
+ if (IS_ERR(opp))
+ return PTR_ERR(opp);
+
+ panthor_devfreq_profile.initial_freq = cur_freq;
+ ptdev->current_frequency = cur_freq;
+
/*
* Set the recommend OPP this will enable and configure the regulator
* if any and will avoid a switch off by regulator_late_cleanup()
*/
ret = dev_pm_opp_set_opp(dev, opp);
+ dev_pm_opp_put(opp);
if (ret) {
DRM_DEV_ERROR(dev, "Couldn't set recommended OPP\n");
return ret;
}
- dev_pm_opp_put(opp);
-
/* Find the fastest defined rate */
opp = dev_pm_opp_find_freq_floor(dev, &freq);
if (IS_ERR(opp))
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 326/817] isofs: avoid memory leak in iocharset
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (324 preceding siblings ...)
2024-12-03 14:38 ` [PATCH 6.11 325/817] drm/panthor: Fix OPP refcnt leaks in devfreq initialisation Greg Kroah-Hartman
@ 2024-12-03 14:38 ` Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 327/817] selftests/bpf: Add txmsg_pass to pull/push/pop in test_sockmap Greg Kroah-Hartman
` (500 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Hao Ge, Eric Sandeen, Jan Kara,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hao Ge <gehao@kylinos.cn>
[ Upstream commit 0b5bbeee4de616a268db77e2f40f19ab010a367b ]
A memleak was found as below:
unreferenced object 0xffff0000d10164d8 (size 8):
comm "pool-udisksd", pid 108217, jiffies 4295408555
hex dump (first 8 bytes):
75 74 66 38 00 cc cc cc utf8....
backtrace (crc de430d31):
[<ffff800081046e6c>] kmemleak_alloc+0xb8/0xc8
[<ffff8000803e6c3c>] __kmalloc_node_track_caller_noprof+0x380/0x474
[<ffff800080363b74>] kstrdup+0x70/0xfc
[<ffff80007bb3c6a4>] isofs_parse_param+0x228/0x2c0 [isofs]
[<ffff8000804d7f68>] vfs_parse_fs_param+0xf4/0x164
[<ffff8000804d8064>] vfs_parse_fs_string+0x8c/0xd4
[<ffff8000804d815c>] vfs_parse_monolithic_sep+0xb0/0xfc
[<ffff8000804d81d8>] generic_parse_monolithic+0x30/0x3c
[<ffff8000804d8bfc>] parse_monolithic_mount_data+0x40/0x4c
[<ffff8000804b6a64>] path_mount+0x6c4/0x9ec
[<ffff8000804b6e38>] do_mount+0xac/0xc4
[<ffff8000804b7494>] __arm64_sys_mount+0x16c/0x2b0
[<ffff80008002b8dc>] invoke_syscall+0x7c/0x104
[<ffff80008002ba44>] el0_svc_common.constprop.1+0xe0/0x104
[<ffff80008002ba94>] do_el0_svc+0x2c/0x38
[<ffff800081041108>] el0_svc+0x3c/0x1b8
The opt->iocharset is freed inside the isofs_fill_super function,
But there may be situations where it's not possible to
enter this function.
For example, in the get_tree_bdev_flags function,when
encountering the situation where "Can't mount, would change RO state,"
In such a case, isofs_fill_super will not have the opportunity
to be called,which means that opt->iocharset will not have the chance
to be freed,ultimately leading to a memory leak.
Let's move the memory freeing of opt->iocharset into
isofs_free_fc function.
Fixes: 1b17a46c9243 ("isofs: convert isofs to use the new mount API")
Signed-off-by: Hao Ge <gehao@kylinos.cn>
Reviewed-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Link: https://patch.msgid.link/20241106082841.51773-1-hao.ge@linux.dev
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/isofs/inode.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/fs/isofs/inode.c b/fs/isofs/inode.c
index f50311a6b4299..47038e6608123 100644
--- a/fs/isofs/inode.c
+++ b/fs/isofs/inode.c
@@ -948,8 +948,6 @@ static int isofs_fill_super(struct super_block *s, struct fs_context *fc)
goto out_no_inode;
}
- kfree(opt->iocharset);
-
return 0;
/*
@@ -987,7 +985,6 @@ static int isofs_fill_super(struct super_block *s, struct fs_context *fc)
brelse(bh);
brelse(pri_bh);
out_freesbi:
- kfree(opt->iocharset);
kfree(sbi);
s->s_fs_info = NULL;
return error;
@@ -1528,7 +1525,10 @@ static int isofs_get_tree(struct fs_context *fc)
static void isofs_free_fc(struct fs_context *fc)
{
- kfree(fc->fs_private);
+ struct isofs_options *opt = fc->fs_private;
+
+ kfree(opt->iocharset);
+ kfree(opt);
}
static const struct fs_context_operations isofs_context_ops = {
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 327/817] selftests/bpf: Add txmsg_pass to pull/push/pop in test_sockmap
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (325 preceding siblings ...)
2024-12-03 14:38 ` [PATCH 6.11 326/817] isofs: avoid memory leak in iocharset Greg Kroah-Hartman
@ 2024-12-03 14:38 ` Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 328/817] selftests/bpf: Fix SENDPAGE data logic " Greg Kroah-Hartman
` (499 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zijian Zhang, John Fastabend,
Martin KaFai Lau, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zijian Zhang <zijianzhang@bytedance.com>
[ Upstream commit 66c54c20408d994be34be2c070fba08472f69eee ]
Add txmsg_pass to test_txmsg_pull/push/pop. If txmsg_pass is missing,
tx_prog will be NULL, and no program will be attached to the sockmap.
As a result, pull/push/pop are never invoked.
Fixes: 328aa08a081b ("bpf: Selftests, break down test_sockmap into subtests")
Signed-off-by: Zijian Zhang <zijianzhang@bytedance.com>
Reviewed-by: John Fastabend <john.fastabend@gmail.com>
Link: https://lore.kernel.org/r/20241106222520.527076-2-zijianzhang@bytedance.com
Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/bpf/test_sockmap.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/tools/testing/selftests/bpf/test_sockmap.c b/tools/testing/selftests/bpf/test_sockmap.c
index 075c93ed143e6..0f065273fde32 100644
--- a/tools/testing/selftests/bpf/test_sockmap.c
+++ b/tools/testing/selftests/bpf/test_sockmap.c
@@ -1596,11 +1596,13 @@ static void test_txmsg_cork_hangs(int cgrp, struct sockmap_options *opt)
static void test_txmsg_pull(int cgrp, struct sockmap_options *opt)
{
/* Test basic start/end */
+ txmsg_pass = 1;
txmsg_start = 1;
txmsg_end = 2;
test_send(opt, cgrp);
/* Test >4k pull */
+ txmsg_pass = 1;
txmsg_start = 4096;
txmsg_end = 9182;
test_send_large(opt, cgrp);
@@ -1629,11 +1631,13 @@ static void test_txmsg_pull(int cgrp, struct sockmap_options *opt)
static void test_txmsg_pop(int cgrp, struct sockmap_options *opt)
{
/* Test basic pop */
+ txmsg_pass = 1;
txmsg_start_pop = 1;
txmsg_pop = 2;
test_send_many(opt, cgrp);
/* Test pop with >4k */
+ txmsg_pass = 1;
txmsg_start_pop = 4096;
txmsg_pop = 4096;
test_send_large(opt, cgrp);
@@ -1662,11 +1666,13 @@ static void test_txmsg_pop(int cgrp, struct sockmap_options *opt)
static void test_txmsg_push(int cgrp, struct sockmap_options *opt)
{
/* Test basic push */
+ txmsg_pass = 1;
txmsg_start_push = 1;
txmsg_end_push = 1;
test_send(opt, cgrp);
/* Test push 4kB >4k */
+ txmsg_pass = 1;
txmsg_start_push = 4096;
txmsg_end_push = 4096;
test_send_large(opt, cgrp);
@@ -1687,6 +1693,7 @@ static void test_txmsg_push(int cgrp, struct sockmap_options *opt)
static void test_txmsg_push_pop(int cgrp, struct sockmap_options *opt)
{
+ txmsg_pass = 1;
txmsg_start_push = 1;
txmsg_end_push = 10;
txmsg_start_pop = 5;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 328/817] selftests/bpf: Fix SENDPAGE data logic in test_sockmap
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (326 preceding siblings ...)
2024-12-03 14:38 ` [PATCH 6.11 327/817] selftests/bpf: Add txmsg_pass to pull/push/pop in test_sockmap Greg Kroah-Hartman
@ 2024-12-03 14:38 ` Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 329/817] selftests/bpf: Fix total_bytes in msg_loop_rx " Greg Kroah-Hartman
` (498 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zijian Zhang, John Fastabend,
Martin KaFai Lau, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zijian Zhang <zijianzhang@bytedance.com>
[ Upstream commit 4095031463d4e99b534d2cd82035a417295764ae ]
In the SENDPAGE test, "opt->iov_length * cnt" size of data will be sent
cnt times by sendfile.
1. In push/pop tests, they will be invoked cnt times, for the simplicity of
msg_verify_data, change chunk_sz to iov_length
2. Change iov_length in test_send_large from 1024 to 8192. We have pop test
where txmsg_start_pop is 4096. 4096 > 1024, an error will be returned.
Fixes: 328aa08a081b ("bpf: Selftests, break down test_sockmap into subtests")
Signed-off-by: Zijian Zhang <zijianzhang@bytedance.com>
Reviewed-by: John Fastabend <john.fastabend@gmail.com>
Link: https://lore.kernel.org/r/20241106222520.527076-3-zijianzhang@bytedance.com
Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/bpf/test_sockmap.c | 18 +++++++++++-------
1 file changed, 11 insertions(+), 7 deletions(-)
diff --git a/tools/testing/selftests/bpf/test_sockmap.c b/tools/testing/selftests/bpf/test_sockmap.c
index 0f065273fde32..1d59bed90d80b 100644
--- a/tools/testing/selftests/bpf/test_sockmap.c
+++ b/tools/testing/selftests/bpf/test_sockmap.c
@@ -420,16 +420,18 @@ static int msg_loop_sendpage(int fd, int iov_length, int cnt,
{
bool drop = opt->drop_expected;
unsigned char k = 0;
+ int i, j, fp;
FILE *file;
- int i, fp;
file = tmpfile();
if (!file) {
perror("create file for sendpage");
return 1;
}
- for (i = 0; i < iov_length * cnt; i++, k++)
- fwrite(&k, sizeof(char), 1, file);
+ for (i = 0; i < cnt; i++, k = 0) {
+ for (j = 0; j < iov_length; j++, k++)
+ fwrite(&k, sizeof(char), 1, file);
+ }
fflush(file);
fseek(file, 0, SEEK_SET);
@@ -623,7 +625,9 @@ static int msg_loop(int fd, int iov_count, int iov_length, int cnt,
* This is really only useful for testing edge cases in code
* paths.
*/
- total_bytes = (float)iov_count * (float)iov_length * (float)cnt;
+ total_bytes = (float)iov_length * (float)cnt;
+ if (!opt->sendpage)
+ total_bytes *= (float)iov_count;
if (txmsg_apply)
txmsg_pop_total = txmsg_pop * (total_bytes / txmsg_apply);
else
@@ -701,7 +705,7 @@ static int msg_loop(int fd, int iov_count, int iov_length, int cnt,
if (data) {
int chunk_sz = opt->sendpage ?
- iov_length * cnt :
+ iov_length :
iov_length * iov_count;
errno = msg_verify_data(&msg, recv, chunk_sz, &k, &bytes_cnt);
@@ -1466,8 +1470,8 @@ static void test_send_many(struct sockmap_options *opt, int cgrp)
static void test_send_large(struct sockmap_options *opt, int cgrp)
{
- opt->iov_length = 256;
- opt->iov_count = 1024;
+ opt->iov_length = 8192;
+ opt->iov_count = 32;
opt->rate = 2;
test_exec(cgrp, opt);
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 329/817] selftests/bpf: Fix total_bytes in msg_loop_rx in test_sockmap
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (327 preceding siblings ...)
2024-12-03 14:38 ` [PATCH 6.11 328/817] selftests/bpf: Fix SENDPAGE data logic " Greg Kroah-Hartman
@ 2024-12-03 14:38 ` Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 330/817] selftests/bpf: Add push/pop checking for msg_verify_data " Greg Kroah-Hartman
` (497 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zijian Zhang, John Fastabend,
Martin KaFai Lau, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zijian Zhang <zijianzhang@bytedance.com>
[ Upstream commit 523dffccbadea0cfd65f1ff04944b864c558c4a8 ]
total_bytes in msg_loop_rx should also take push into account, otherwise
total_bytes will be a smaller value, which makes the msg_loop_rx end early.
Besides, total_bytes has already taken pop into account, so we don't need
to subtract some bytes from iov_buf in sendmsg_test. The additional
subtraction may make total_bytes a negative number, and msg_loop_rx will
just end without checking anything.
Fixes: 18d4e900a450 ("bpf: Selftests, improve test_sockmap total bytes counter")
Fixes: d69672147faa ("selftests, bpf: Add one test for sockmap with strparser")
Signed-off-by: Zijian Zhang <zijianzhang@bytedance.com>
Reviewed-by: John Fastabend <john.fastabend@gmail.com>
Link: https://lore.kernel.org/r/20241106222520.527076-4-zijianzhang@bytedance.com
Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/bpf/test_sockmap.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/tools/testing/selftests/bpf/test_sockmap.c b/tools/testing/selftests/bpf/test_sockmap.c
index 1d59bed90d80b..5f4558f1f0049 100644
--- a/tools/testing/selftests/bpf/test_sockmap.c
+++ b/tools/testing/selftests/bpf/test_sockmap.c
@@ -606,8 +606,8 @@ static int msg_loop(int fd, int iov_count, int iov_length, int cnt,
}
clock_gettime(CLOCK_MONOTONIC, &s->end);
} else {
+ float total_bytes, txmsg_pop_total, txmsg_push_total;
int slct, recvp = 0, recv, max_fd = fd;
- float total_bytes, txmsg_pop_total;
int fd_flags = O_NONBLOCK;
struct timeval timeout;
unsigned char k = 0;
@@ -628,10 +628,14 @@ static int msg_loop(int fd, int iov_count, int iov_length, int cnt,
total_bytes = (float)iov_length * (float)cnt;
if (!opt->sendpage)
total_bytes *= (float)iov_count;
- if (txmsg_apply)
+ if (txmsg_apply) {
+ txmsg_push_total = txmsg_end_push * (total_bytes / txmsg_apply);
txmsg_pop_total = txmsg_pop * (total_bytes / txmsg_apply);
- else
+ } else {
+ txmsg_push_total = txmsg_end_push * cnt;
txmsg_pop_total = txmsg_pop * cnt;
+ }
+ total_bytes += txmsg_push_total;
total_bytes -= txmsg_pop_total;
err = clock_gettime(CLOCK_MONOTONIC, &s->start);
if (err < 0)
@@ -800,8 +804,6 @@ static int sendmsg_test(struct sockmap_options *opt)
rxpid = fork();
if (rxpid == 0) {
- if (txmsg_pop || txmsg_start_pop)
- iov_buf -= (txmsg_pop - txmsg_start_pop + 1);
if (opt->drop_expected || txmsg_ktls_skb_drop)
_exit(0);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 330/817] selftests/bpf: Add push/pop checking for msg_verify_data in test_sockmap
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (328 preceding siblings ...)
2024-12-03 14:38 ` [PATCH 6.11 329/817] selftests/bpf: Fix total_bytes in msg_loop_rx " Greg Kroah-Hartman
@ 2024-12-03 14:38 ` Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 331/817] bpf, sockmap: Several fixes to bpf_msg_push_data Greg Kroah-Hartman
` (496 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zijian Zhang, John Fastabend,
Martin KaFai Lau, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zijian Zhang <zijianzhang@bytedance.com>
[ Upstream commit 862087c3d36219ed44569666eb263efc97f00c9a ]
Add push/pop checking for msg_verify_data in test_sockmap, except for
pop/push with cork tests, in these tests the logic will be different.
1. With corking, pop/push might not be invoked in each sendmsg, it makes
the layout of the received data difficult
2. It makes it hard to calculate the total_bytes in the recvmsg
Temporarily skip the data integrity test for these cases now, added a TODO
Fixes: ee9b352ce465 ("selftests/bpf: Fix msg_verify_data in test_sockmap")
Signed-off-by: Zijian Zhang <zijianzhang@bytedance.com>
Reviewed-by: John Fastabend <john.fastabend@gmail.com>
Link: https://lore.kernel.org/r/20241106222520.527076-5-zijianzhang@bytedance.com
Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/bpf/test_sockmap.c | 106 ++++++++++++++++++++-
1 file changed, 101 insertions(+), 5 deletions(-)
diff --git a/tools/testing/selftests/bpf/test_sockmap.c b/tools/testing/selftests/bpf/test_sockmap.c
index 5f4558f1f0049..61a747afcd05f 100644
--- a/tools/testing/selftests/bpf/test_sockmap.c
+++ b/tools/testing/selftests/bpf/test_sockmap.c
@@ -88,6 +88,10 @@ int ktls;
int peek_flag;
int skb_use_parser;
int txmsg_omit_skb_parser;
+int verify_push_start;
+int verify_push_len;
+int verify_pop_start;
+int verify_pop_len;
static const struct option long_options[] = {
{"help", no_argument, NULL, 'h' },
@@ -514,12 +518,41 @@ static int msg_alloc_iov(struct msghdr *msg,
return -ENOMEM;
}
-/* TODO: Add verification logic for push, pull and pop data */
+/* In push or pop test, we need to do some calculations for msg_verify_data */
+static void msg_verify_date_prep(void)
+{
+ int push_range_end = txmsg_start_push + txmsg_end_push - 1;
+ int pop_range_end = txmsg_start_pop + txmsg_pop - 1;
+
+ if (txmsg_end_push && txmsg_pop &&
+ txmsg_start_push <= pop_range_end && txmsg_start_pop <= push_range_end) {
+ /* The push range and the pop range overlap */
+ int overlap_len;
+
+ verify_push_start = txmsg_start_push;
+ verify_pop_start = txmsg_start_pop;
+ if (txmsg_start_push < txmsg_start_pop)
+ overlap_len = min(push_range_end - txmsg_start_pop + 1, txmsg_pop);
+ else
+ overlap_len = min(pop_range_end - txmsg_start_push + 1, txmsg_end_push);
+ verify_push_len = max(txmsg_end_push - overlap_len, 0);
+ verify_pop_len = max(txmsg_pop - overlap_len, 0);
+ } else {
+ /* Otherwise */
+ verify_push_start = txmsg_start_push;
+ verify_pop_start = txmsg_start_pop;
+ verify_push_len = txmsg_end_push;
+ verify_pop_len = txmsg_pop;
+ }
+}
+
static int msg_verify_data(struct msghdr *msg, int size, int chunk_sz,
- unsigned char *k_p, int *bytes_cnt_p)
+ unsigned char *k_p, int *bytes_cnt_p,
+ int *check_cnt_p, int *push_p)
{
- int i, j, bytes_cnt = *bytes_cnt_p;
+ int bytes_cnt = *bytes_cnt_p, check_cnt = *check_cnt_p, push = *push_p;
unsigned char k = *k_p;
+ int i, j;
for (i = 0, j = 0; i < msg->msg_iovlen && size; i++, j = 0) {
unsigned char *d = msg->msg_iov[i].iov_base;
@@ -538,6 +571,37 @@ static int msg_verify_data(struct msghdr *msg, int size, int chunk_sz,
}
for (; j < msg->msg_iov[i].iov_len && size; j++) {
+ if (push > 0 &&
+ check_cnt == verify_push_start + verify_push_len - push) {
+ int skipped;
+revisit_push:
+ skipped = push;
+ if (j + push >= msg->msg_iov[i].iov_len)
+ skipped = msg->msg_iov[i].iov_len - j;
+ push -= skipped;
+ size -= skipped;
+ j += skipped - 1;
+ check_cnt += skipped;
+ continue;
+ }
+
+ if (verify_pop_len > 0 && check_cnt == verify_pop_start) {
+ bytes_cnt += verify_pop_len;
+ check_cnt += verify_pop_len;
+ k += verify_pop_len;
+
+ if (bytes_cnt == chunk_sz) {
+ k = 0;
+ bytes_cnt = 0;
+ check_cnt = 0;
+ push = verify_push_len;
+ }
+
+ if (push > 0 &&
+ check_cnt == verify_push_start + verify_push_len - push)
+ goto revisit_push;
+ }
+
if (d[j] != k++) {
fprintf(stderr,
"detected data corruption @iov[%i]:%i %02x != %02x, %02x ?= %02x\n",
@@ -545,15 +609,20 @@ static int msg_verify_data(struct msghdr *msg, int size, int chunk_sz,
return -EDATAINTEGRITY;
}
bytes_cnt++;
+ check_cnt++;
if (bytes_cnt == chunk_sz) {
k = 0;
bytes_cnt = 0;
+ check_cnt = 0;
+ push = verify_push_len;
}
size--;
}
}
*k_p = k;
*bytes_cnt_p = bytes_cnt;
+ *check_cnt_p = check_cnt;
+ *push_p = push;
return 0;
}
@@ -612,6 +681,8 @@ static int msg_loop(int fd, int iov_count, int iov_length, int cnt,
struct timeval timeout;
unsigned char k = 0;
int bytes_cnt = 0;
+ int check_cnt = 0;
+ int push = 0;
fd_set w;
fcntl(fd, fd_flags);
@@ -637,6 +708,10 @@ static int msg_loop(int fd, int iov_count, int iov_length, int cnt,
}
total_bytes += txmsg_push_total;
total_bytes -= txmsg_pop_total;
+ if (data) {
+ msg_verify_date_prep();
+ push = verify_push_len;
+ }
err = clock_gettime(CLOCK_MONOTONIC, &s->start);
if (err < 0)
perror("recv start time");
@@ -712,7 +787,8 @@ static int msg_loop(int fd, int iov_count, int iov_length, int cnt,
iov_length :
iov_length * iov_count;
- errno = msg_verify_data(&msg, recv, chunk_sz, &k, &bytes_cnt);
+ errno = msg_verify_data(&msg, recv, chunk_sz, &k, &bytes_cnt,
+ &check_cnt, &push);
if (errno) {
perror("data verify msg failed");
goto out_errno;
@@ -722,7 +798,9 @@ static int msg_loop(int fd, int iov_count, int iov_length, int cnt,
recvp,
chunk_sz,
&k,
- &bytes_cnt);
+ &bytes_cnt,
+ &check_cnt,
+ &push);
if (errno) {
perror("data verify msg_peek failed");
goto out_errno;
@@ -1636,6 +1714,8 @@ static void test_txmsg_pull(int cgrp, struct sockmap_options *opt)
static void test_txmsg_pop(int cgrp, struct sockmap_options *opt)
{
+ bool data = opt->data_test;
+
/* Test basic pop */
txmsg_pass = 1;
txmsg_start_pop = 1;
@@ -1654,6 +1734,12 @@ static void test_txmsg_pop(int cgrp, struct sockmap_options *opt)
txmsg_pop = 2;
test_send_many(opt, cgrp);
+ /* TODO: Test for pop + cork should be different,
+ * - It makes the layout of the received data difficult
+ * - It makes it hard to calculate the total_bytes in the recvmsg
+ * Temporarily skip the data integrity test for this case now.
+ */
+ opt->data_test = false;
/* Test pop + cork */
txmsg_redir = 0;
txmsg_cork = 512;
@@ -1667,10 +1753,13 @@ static void test_txmsg_pop(int cgrp, struct sockmap_options *opt)
txmsg_start_pop = 1;
txmsg_pop = 2;
test_send_many(opt, cgrp);
+ opt->data_test = data;
}
static void test_txmsg_push(int cgrp, struct sockmap_options *opt)
{
+ bool data = opt->data_test;
+
/* Test basic push */
txmsg_pass = 1;
txmsg_start_push = 1;
@@ -1689,12 +1778,19 @@ static void test_txmsg_push(int cgrp, struct sockmap_options *opt)
txmsg_end_push = 2;
test_send_many(opt, cgrp);
+ /* TODO: Test for push + cork should be different,
+ * - It makes the layout of the received data difficult
+ * - It makes it hard to calculate the total_bytes in the recvmsg
+ * Temporarily skip the data integrity test for this case now.
+ */
+ opt->data_test = false;
/* Test push + cork */
txmsg_redir = 0;
txmsg_cork = 512;
txmsg_start_push = 1;
txmsg_end_push = 2;
test_send_many(opt, cgrp);
+ opt->data_test = data;
}
static void test_txmsg_push_pop(int cgrp, struct sockmap_options *opt)
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 331/817] bpf, sockmap: Several fixes to bpf_msg_push_data
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (329 preceding siblings ...)
2024-12-03 14:38 ` [PATCH 6.11 330/817] selftests/bpf: Add push/pop checking for msg_verify_data " Greg Kroah-Hartman
@ 2024-12-03 14:38 ` Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 332/817] bpf, sockmap: Several fixes to bpf_msg_pop_data Greg Kroah-Hartman
` (495 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zijian Zhang, Martin KaFai Lau,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zijian Zhang <zijianzhang@bytedance.com>
[ Upstream commit 15ab0548e3107665c34579ae523b2b6e7c22082a ]
Several fixes to bpf_msg_push_data,
1. test_sockmap has tests where bpf_msg_push_data is invoked to push some
data at the end of a message, but -EINVAL is returned. In this case, in
bpf_msg_push_data, after the first loop, i will be set to msg->sg.end, add
the logic to handle it.
2. In the code block of "if (start - offset)", it's possible that "i"
points to the last of sk_msg_elem. In this case, "sk_msg_iter_next(msg,
end)" might still be called twice, another invoking is in "if (!copy)"
code block, but actually only one is needed. Add the logic to handle it,
and reconstruct the code to make the logic more clear.
Fixes: 6fff607e2f14 ("bpf: sk_msg program helper bpf_msg_push_data")
Signed-off-by: Zijian Zhang <zijianzhang@bytedance.com>
Link: https://lore.kernel.org/r/20241106222520.527076-7-zijianzhang@bytedance.com
Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/core/filter.c | 53 +++++++++++++++++++++++++++++------------------
1 file changed, 33 insertions(+), 20 deletions(-)
diff --git a/net/core/filter.c b/net/core/filter.c
index fe5ac8da5022f..b7597f8d4159c 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -2794,7 +2794,7 @@ BPF_CALL_4(bpf_msg_push_data, struct sk_msg *, msg, u32, start,
sk_msg_iter_var_next(i);
} while (i != msg->sg.end);
- if (start >= offset + l)
+ if (start > offset + l)
return -EINVAL;
space = MAX_MSG_FRAGS - sk_msg_elem_used(msg);
@@ -2819,6 +2819,8 @@ BPF_CALL_4(bpf_msg_push_data, struct sk_msg *, msg, u32, start,
raw = page_address(page);
+ if (i == msg->sg.end)
+ sk_msg_iter_var_prev(i);
psge = sk_msg_elem(msg, i);
front = start - offset;
back = psge->length - front;
@@ -2835,7 +2837,13 @@ BPF_CALL_4(bpf_msg_push_data, struct sk_msg *, msg, u32, start,
}
put_page(sg_page(psge));
- } else if (start - offset) {
+ new = i;
+ goto place_new;
+ }
+
+ if (start - offset) {
+ if (i == msg->sg.end)
+ sk_msg_iter_var_prev(i);
psge = sk_msg_elem(msg, i);
rsge = sk_msg_elem_cpy(msg, i);
@@ -2846,39 +2854,44 @@ BPF_CALL_4(bpf_msg_push_data, struct sk_msg *, msg, u32, start,
sk_msg_iter_var_next(i);
sg_unmark_end(psge);
sg_unmark_end(&rsge);
- sk_msg_iter_next(msg, end);
}
/* Slot(s) to place newly allocated data */
+ sk_msg_iter_next(msg, end);
new = i;
+ sk_msg_iter_var_next(i);
+
+ if (i == msg->sg.end) {
+ if (!rsge.length)
+ goto place_new;
+ sk_msg_iter_next(msg, end);
+ goto place_new;
+ }
/* Shift one or two slots as needed */
- if (!copy) {
- sge = sk_msg_elem_cpy(msg, i);
+ sge = sk_msg_elem_cpy(msg, new);
+ sg_unmark_end(&sge);
+ nsge = sk_msg_elem_cpy(msg, i);
+ if (rsge.length) {
sk_msg_iter_var_next(i);
- sg_unmark_end(&sge);
+ nnsge = sk_msg_elem_cpy(msg, i);
sk_msg_iter_next(msg, end);
+ }
- nsge = sk_msg_elem_cpy(msg, i);
+ while (i != msg->sg.end) {
+ msg->sg.data[i] = sge;
+ sge = nsge;
+ sk_msg_iter_var_next(i);
if (rsge.length) {
- sk_msg_iter_var_next(i);
+ nsge = nnsge;
nnsge = sk_msg_elem_cpy(msg, i);
- }
-
- while (i != msg->sg.end) {
- msg->sg.data[i] = sge;
- sge = nsge;
- sk_msg_iter_var_next(i);
- if (rsge.length) {
- nsge = nnsge;
- nnsge = sk_msg_elem_cpy(msg, i);
- } else {
- nsge = sk_msg_elem_cpy(msg, i);
- }
+ } else {
+ nsge = sk_msg_elem_cpy(msg, i);
}
}
+place_new:
/* Place newly allocated data buffer */
sk_mem_charge(msg->sk, len);
msg->sg.size += len;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 332/817] bpf, sockmap: Several fixes to bpf_msg_pop_data
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (330 preceding siblings ...)
2024-12-03 14:38 ` [PATCH 6.11 331/817] bpf, sockmap: Several fixes to bpf_msg_push_data Greg Kroah-Hartman
@ 2024-12-03 14:38 ` Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 333/817] bpf, sockmap: Fix sk_msg_reset_curr Greg Kroah-Hartman
` (494 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zijian Zhang, John Fastabend,
Martin KaFai Lau, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zijian Zhang <zijianzhang@bytedance.com>
[ Upstream commit 5d609ba262475db450ba69b8e8a557bd768ac07a ]
Several fixes to bpf_msg_pop_data,
1. In sk_msg_shift_left, we should put_page
2. if (len == 0), return early is better
3. pop the entire sk_msg (last == msg->sg.size) should be supported
4. Fix for the value of variable "a"
5. In sk_msg_shift_left, after shifting, i has already pointed to the next
element. Addtional sk_msg_iter_var_next may result in BUG.
Fixes: 7246d8ed4dcc ("bpf: helper to pop data from messages")
Signed-off-by: Zijian Zhang <zijianzhang@bytedance.com>
Reviewed-by: John Fastabend <john.fastabend@gmail.com>
Link: https://lore.kernel.org/r/20241106222520.527076-8-zijianzhang@bytedance.com
Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/core/filter.c | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/net/core/filter.c b/net/core/filter.c
index b7597f8d4159c..3c136631fda89 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -2920,8 +2920,10 @@ static const struct bpf_func_proto bpf_msg_push_data_proto = {
static void sk_msg_shift_left(struct sk_msg *msg, int i)
{
+ struct scatterlist *sge = sk_msg_elem(msg, i);
int prev;
+ put_page(sg_page(sge));
do {
prev = i;
sk_msg_iter_var_next(i);
@@ -2958,6 +2960,9 @@ BPF_CALL_4(bpf_msg_pop_data, struct sk_msg *, msg, u32, start,
if (unlikely(flags))
return -EINVAL;
+ if (unlikely(len == 0))
+ return 0;
+
/* First find the starting scatterlist element */
i = msg->sg.start;
do {
@@ -2970,7 +2975,7 @@ BPF_CALL_4(bpf_msg_pop_data, struct sk_msg *, msg, u32, start,
} while (i != msg->sg.end);
/* Bounds checks: start and pop must be inside message */
- if (start >= offset + l || last >= msg->sg.size)
+ if (start >= offset + l || last > msg->sg.size)
return -EINVAL;
space = MAX_MSG_FRAGS - sk_msg_elem_used(msg);
@@ -2999,12 +3004,12 @@ BPF_CALL_4(bpf_msg_pop_data, struct sk_msg *, msg, u32, start,
*/
if (start != offset) {
struct scatterlist *nsge, *sge = sk_msg_elem(msg, i);
- int a = start;
+ int a = start - offset;
int b = sge->length - pop - a;
sk_msg_iter_var_next(i);
- if (pop < sge->length - a) {
+ if (b > 0) {
if (space) {
sge->length = a;
sk_msg_shift_right(msg, i);
@@ -3023,7 +3028,6 @@ BPF_CALL_4(bpf_msg_pop_data, struct sk_msg *, msg, u32, start,
if (unlikely(!page))
return -ENOMEM;
- sge->length = a;
orig = sg_page(sge);
from = sg_virt(sge);
to = page_address(page);
@@ -3033,7 +3037,7 @@ BPF_CALL_4(bpf_msg_pop_data, struct sk_msg *, msg, u32, start,
put_page(orig);
}
pop = 0;
- } else if (pop >= sge->length - a) {
+ } else {
pop -= (sge->length - a);
sge->length = a;
}
@@ -3067,7 +3071,6 @@ BPF_CALL_4(bpf_msg_pop_data, struct sk_msg *, msg, u32, start,
pop -= sge->length;
sk_msg_shift_left(msg, i);
}
- sk_msg_iter_var_next(i);
}
sk_mem_uncharge(msg->sk, len - pop);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 333/817] bpf, sockmap: Fix sk_msg_reset_curr
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (331 preceding siblings ...)
2024-12-03 14:38 ` [PATCH 6.11 332/817] bpf, sockmap: Several fixes to bpf_msg_pop_data Greg Kroah-Hartman
@ 2024-12-03 14:38 ` Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 334/817] ipv6: release nexthop on device removal Greg Kroah-Hartman
` (493 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zijian Zhang, Martin KaFai Lau,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zijian Zhang <zijianzhang@bytedance.com>
[ Upstream commit 955afd57dc4bf7e8c620a0a9e3af3c881c2c6dff ]
Found in the test_txmsg_pull in test_sockmap,
```
txmsg_cork = 512; // corking is importrant here
opt->iov_length = 3;
opt->iov_count = 1;
opt->rate = 512; // sendmsg will be invoked 512 times
```
The first sendmsg will send an sk_msg with size 3, and bpf_msg_pull_data
will be invoked the first time. sk_msg_reset_curr will reset the copybreak
from 3 to 0. In the second sendmsg, since we are in the stage of corking,
psock->cork will be reused in func sk_msg_alloc. msg->sg.copybreak is 0
now, the second msg will overwrite the first msg. As a result, we could
not pass the data integrity test.
The same problem happens in push and pop test. Thus, fix sk_msg_reset_curr
to restore the correct copybreak.
Fixes: bb9aefde5bba ("bpf: sockmap, updating the sg structure should also update curr")
Signed-off-by: Zijian Zhang <zijianzhang@bytedance.com>
Link: https://lore.kernel.org/r/20241106222520.527076-9-zijianzhang@bytedance.com
Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/core/filter.c | 20 +++++++++-----------
1 file changed, 9 insertions(+), 11 deletions(-)
diff --git a/net/core/filter.c b/net/core/filter.c
index 3c136631fda89..bab7fa44075b4 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -2620,18 +2620,16 @@ BPF_CALL_2(bpf_msg_cork_bytes, struct sk_msg *, msg, u32, bytes)
static void sk_msg_reset_curr(struct sk_msg *msg)
{
- u32 i = msg->sg.start;
- u32 len = 0;
-
- do {
- len += sk_msg_elem(msg, i)->length;
- sk_msg_iter_var_next(i);
- if (len >= msg->sg.size)
- break;
- } while (i != msg->sg.end);
+ if (!msg->sg.size) {
+ msg->sg.curr = msg->sg.start;
+ msg->sg.copybreak = 0;
+ } else {
+ u32 i = msg->sg.end;
- msg->sg.curr = i;
- msg->sg.copybreak = 0;
+ sk_msg_iter_var_prev(i);
+ msg->sg.curr = i;
+ msg->sg.copybreak = msg->sg.data[i].length;
+ }
}
static const struct bpf_func_proto bpf_msg_cork_bytes_proto = {
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 334/817] ipv6: release nexthop on device removal
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (332 preceding siblings ...)
2024-12-03 14:38 ` [PATCH 6.11 333/817] bpf, sockmap: Fix sk_msg_reset_curr Greg Kroah-Hartman
@ 2024-12-03 14:38 ` Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 335/817] selftests: net: really check for bg process completion Greg Kroah-Hartman
` (492 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Paolo Abeni, Eric Dumazet,
David Ahern, Jakub Kicinski, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Paolo Abeni <pabeni@redhat.com>
[ Upstream commit eb02688c5c45c3e7af7e71f036a7144f5639cbfe ]
The CI is hitting some aperiodic hangup at device removal time in the
pmtu.sh self-test:
unregister_netdevice: waiting for veth_A-R1 to become free. Usage count = 6
ref_tracker: veth_A-R1@ffff888013df15d8 has 1/5 users at
dst_init+0x84/0x4a0
dst_alloc+0x97/0x150
ip6_dst_alloc+0x23/0x90
ip6_rt_pcpu_alloc+0x1e6/0x520
ip6_pol_route+0x56f/0x840
fib6_rule_lookup+0x334/0x630
ip6_route_output_flags+0x259/0x480
ip6_dst_lookup_tail.constprop.0+0x5c2/0x940
ip6_dst_lookup_flow+0x88/0x190
udp_tunnel6_dst_lookup+0x2a7/0x4c0
vxlan_xmit_one+0xbde/0x4a50 [vxlan]
vxlan_xmit+0x9ad/0xf20 [vxlan]
dev_hard_start_xmit+0x10e/0x360
__dev_queue_xmit+0xf95/0x18c0
arp_solicit+0x4a2/0xe00
neigh_probe+0xaa/0xf0
While the first suspect is the dst_cache, explicitly tracking the dst
owing the last device reference via probes proved such dst is held by
the nexthop in the originating fib6_info.
Similar to commit f5b51fe804ec ("ipv6: route: purge exception on
removal"), we need to explicitly release the originating fib info when
disconnecting a to-be-removed device from a live ipv6 dst: move the
fib6_info cleanup into ip6_dst_ifdown().
Tested running:
./pmtu.sh cleanup_ipv6_exception
in a tight loop for more than 400 iterations with no spat, running an
unpatched kernel I observed a splat every ~10 iterations.
Fixes: f88d8ea67fbd ("ipv6: Plumb support for nexthop object in a fib6_info")
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Link: https://patch.msgid.link/604c45c188c609b732286b47ac2a451a40f6cf6d.1730828007.git.pabeni@redhat.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv6/route.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index b4dcd8f3e7bab..606cdd87745a6 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -374,6 +374,7 @@ static void ip6_dst_ifdown(struct dst_entry *dst, struct net_device *dev)
{
struct rt6_info *rt = dst_rt6_info(dst);
struct inet6_dev *idev = rt->rt6i_idev;
+ struct fib6_info *from;
if (idev && idev->dev != blackhole_netdev) {
struct inet6_dev *blackhole_idev = in6_dev_get(blackhole_netdev);
@@ -383,6 +384,8 @@ static void ip6_dst_ifdown(struct dst_entry *dst, struct net_device *dev)
in6_dev_put(idev);
}
}
+ from = unrcu_pointer(xchg(&rt->from, NULL));
+ fib6_info_release(from);
}
static bool __rt6_check_expired(const struct rt6_info *rt)
@@ -1455,7 +1458,6 @@ static DEFINE_SPINLOCK(rt6_exception_lock);
static void rt6_remove_exception(struct rt6_exception_bucket *bucket,
struct rt6_exception *rt6_ex)
{
- struct fib6_info *from;
struct net *net;
if (!bucket || !rt6_ex)
@@ -1467,8 +1469,6 @@ static void rt6_remove_exception(struct rt6_exception_bucket *bucket,
/* purge completely the exception to allow releasing the held resources:
* some [sk] cache may keep the dst around for unlimited time
*/
- from = unrcu_pointer(xchg(&rt6_ex->rt6i->from, NULL));
- fib6_info_release(from);
dst_dev_put(&rt6_ex->rt6i->dst);
hlist_del_rcu(&rt6_ex->hlist);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 335/817] selftests: net: really check for bg process completion
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (333 preceding siblings ...)
2024-12-03 14:38 ` [PATCH 6.11 334/817] ipv6: release nexthop on device removal Greg Kroah-Hartman
@ 2024-12-03 14:38 ` Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 336/817] wifi: cfg80211: Remove the Medium Synchronization Delay validity check Greg Kroah-Hartman
` (491 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Paolo Abeni, David Ahern,
Jakub Kicinski, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Paolo Abeni <pabeni@redhat.com>
[ Upstream commit 52ed077aa6336dbef83a2d6d21c52d1706fb7f16 ]
A recent refactor transformed the check for process completion
in a true statement, due to a typo.
As a result, the relevant test-case is unable to catch the
regression it was supposed to detect.
Restore the correct condition.
Fixes: 691bb4e49c98 ("selftests: net: avoid just another constant wait")
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Link: https://patch.msgid.link/0e6f213811f8e93a235307e683af8225cc6277ae.1730828007.git.pabeni@redhat.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/net/pmtu.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/testing/selftests/net/pmtu.sh b/tools/testing/selftests/net/pmtu.sh
index 5175c0c83a238..d5af6099d6477 100755
--- a/tools/testing/selftests/net/pmtu.sh
+++ b/tools/testing/selftests/net/pmtu.sh
@@ -2062,7 +2062,7 @@ check_running() {
pid=${1}
cmd=${2}
- [ "$(cat /proc/${pid}/cmdline 2>/dev/null | tr -d '\0')" = "{cmd}" ]
+ [ "$(cat /proc/${pid}/cmdline 2>/dev/null | tr -d '\0')" = "${cmd}" ]
}
test_cleanup_vxlanX_exception() {
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 336/817] wifi: cfg80211: Remove the Medium Synchronization Delay validity check
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (334 preceding siblings ...)
2024-12-03 14:38 ` [PATCH 6.11 335/817] selftests: net: really check for bg process completion Greg Kroah-Hartman
@ 2024-12-03 14:38 ` Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 337/817] wifi: iwlwifi: allow fast resume on ax200 Greg Kroah-Hartman
` (490 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:38 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Lingbo Kong, Johannes Berg,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Lingbo Kong <quic_lingbok@quicinc.com>
[ Upstream commit b4ebb58cb9a4b1b5cb5278b09d6afdcd71b2a6b4 ]
Currently, when the driver attempts to connect to an AP MLD with multiple
APs, the cfg80211_mlme_check_mlo_compat() function requires the Medium
Synchronization Delay values from different APs of the same AP MLD to be
equal, which may result in connection failures.
This is because when the driver receives a multi-link probe response from
an AP MLD with multiple APs, cfg80211 updates the Elements for each AP
based on the multi-link probe response. If the Medium Synchronization Delay
is set in the multi-link probe response, the Elements for each AP belonging
to the same AP MLD will have the Medium Synchronization Delay set
simultaneously. If non-multi-link probe responses are received from
different APs of the same MLD AP, cfg80211 will still update the Elements
based on the non-multi-link probe response. Since the non-multi-link probe
response does not set the Medium Synchronization Delay
(IEEE 802.11be-2024-35.3.4.4), if the Elements from a non-multi-link probe
response overwrite those from a multi-link probe response that has set the
Medium Synchronization Delay, the Medium Synchronization Delay values for
APs belonging to the same AP MLD will not be equal. This discrepancy causes
the cfg80211_mlme_check_mlo_compat() function to fail, leading to
connection failures. Commit ccb964b4ab16
("wifi: cfg80211: validate MLO connections better") did not take this into
account.
To address this issue, remove this validity check.
Fixes: ccb964b4ab16 ("wifi: cfg80211: validate MLO connections better")
Signed-off-by: Lingbo Kong <quic_lingbok@quicinc.com>
Link: https://patch.msgid.link/20241031134223.970-1-quic_lingbok@quicinc.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/wireless/mlme.c | 6 ------
1 file changed, 6 deletions(-)
diff --git a/net/wireless/mlme.c b/net/wireless/mlme.c
index 4052041a19ead..98637ded58a68 100644
--- a/net/wireless/mlme.c
+++ b/net/wireless/mlme.c
@@ -340,12 +340,6 @@ cfg80211_mlme_check_mlo_compat(const struct ieee80211_multi_link_elem *mle_a,
return -EINVAL;
}
- if (ieee80211_mle_get_eml_med_sync_delay((const u8 *)mle_a) !=
- ieee80211_mle_get_eml_med_sync_delay((const u8 *)mle_b)) {
- NL_SET_ERR_MSG(extack, "link EML medium sync delay mismatch");
- return -EINVAL;
- }
-
if (ieee80211_mle_get_eml_cap((const u8 *)mle_a) !=
ieee80211_mle_get_eml_cap((const u8 *)mle_b)) {
NL_SET_ERR_MSG(extack, "link EML capabilities mismatch");
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 337/817] wifi: iwlwifi: allow fast resume on ax200
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (335 preceding siblings ...)
2024-12-03 14:38 ` [PATCH 6.11 336/817] wifi: cfg80211: Remove the Medium Synchronization Delay validity check Greg Kroah-Hartman
@ 2024-12-03 14:38 ` Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 338/817] wifi: iwlwifi: mvm: tell iwlmei when we finished suspending Greg Kroah-Hartman
` (489 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Emmanuel Grumbach, Miri Korenblit,
Johannes Berg, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
[ Upstream commit e53ebc72054efca12e0329d69342e3daf7250a5a ]
This feature can be used on ax200 as well. It'll avoid to restart the
firmware upon suspend / resume flow. Doing so also avoids releasing and
re-allocating all the device related memory which makes the memory's
subsystem task easier.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com>
Link: https://patch.msgid.link/20241028135215.514efe0ce4c7.I60061277526302a75cadbba10452e94c54763f13@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Stable-dep-of: d1a54ec21b8e ("wifi: iwlwifi: mvm: tell iwlmei when we finished suspending")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c b/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c
index 63b2c6fe3f8ab..af4c2e7dab083 100644
--- a/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c
@@ -1376,7 +1376,7 @@ void __iwl_mvm_mac_stop(struct iwl_mvm *mvm, bool suspend)
iwl_mvm_rm_aux_sta(mvm);
if (suspend &&
- mvm->trans->trans_cfg->device_family >= IWL_DEVICE_FAMILY_AX210)
+ mvm->trans->trans_cfg->device_family >= IWL_DEVICE_FAMILY_22000)
iwl_mvm_fast_suspend(mvm);
else
iwl_mvm_stop_device(mvm);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 338/817] wifi: iwlwifi: mvm: tell iwlmei when we finished suspending
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (336 preceding siblings ...)
2024-12-03 14:38 ` [PATCH 6.11 337/817] wifi: iwlwifi: allow fast resume on ax200 Greg Kroah-Hartman
@ 2024-12-03 14:38 ` Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 339/817] drm/amdgpu: fix ACA bank count boundary check error Greg Kroah-Hartman
` (488 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Emmanuel Grumbach, Miri Korenblit,
Johannes Berg, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
[ Upstream commit d1a54ec21b8e7bca59141ff1ac6ce73e07d744f2 ]
Since we no longer shut down the device in suspend, we also no longer
call iwl_mvm_mei_device_state() and this is a problem because iwlmei
expects this to be called when it runs its own suspend sequence. It
checks mei->device_down in iwl_mei_remove() which is called upon
suspend.
Fix this by telling iwlmei when we're done accessing the device.
When we'll wake up, the device should be untouched if CSME didn't use it
during the suspend time. If CSME used it, we'll notice it through the
CSR_FUNC_SCRATCH register.
Fixes: e8bb19c1d590 ("wifi: iwlwifi: support fast resume")
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com>
Link: https://patch.msgid.link/20241028135215.525287b90af2.Ibf183824471ea5580d9276d104444e53191e6900@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c b/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c
index af4c2e7dab083..e9979f8a8827e 100644
--- a/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c
@@ -1236,6 +1236,7 @@ int __iwl_mvm_mac_start(struct iwl_mvm *mvm)
fast_resume = mvm->fast_resume;
if (fast_resume) {
+ iwl_mvm_mei_device_state(mvm, true);
ret = iwl_mvm_fast_resume(mvm);
if (ret) {
iwl_mvm_stop_device(mvm);
@@ -1376,10 +1377,13 @@ void __iwl_mvm_mac_stop(struct iwl_mvm *mvm, bool suspend)
iwl_mvm_rm_aux_sta(mvm);
if (suspend &&
- mvm->trans->trans_cfg->device_family >= IWL_DEVICE_FAMILY_22000)
+ mvm->trans->trans_cfg->device_family >= IWL_DEVICE_FAMILY_22000) {
iwl_mvm_fast_suspend(mvm);
- else
+ /* From this point on, we won't touch the device */
+ iwl_mvm_mei_device_state(mvm, false);
+ } else {
iwl_mvm_stop_device(mvm);
+ }
iwl_mvm_async_handlers_purge(mvm);
/* async_handlers_list is empty and will stay empty: HW is stopped */
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 339/817] drm/amdgpu: fix ACA bank count boundary check error
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (337 preceding siblings ...)
2024-12-03 14:38 ` [PATCH 6.11 338/817] wifi: iwlwifi: mvm: tell iwlmei when we finished suspending Greg Kroah-Hartman
@ 2024-12-03 14:38 ` Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 340/817] drm/amdgpu: Fix map/unmap queue logic Greg Kroah-Hartman
` (487 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Wang, Tao Zhou, Alex Deucher,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yang Wang <kevinyang.wang@amd.com>
[ Upstream commit 2bb7dced1c2f8c0e705cc74840f776406db492c3 ]
fix ACA bank count boundary check error.
Fixes: f5e4cc8461c4 ("drm/amdgpu: implement RAS ACA driver framework")
Signed-off-by: Yang Wang <kevinyang.wang@amd.com>
Reviewed-by: Tao Zhou <tao.zhou1@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/amdgpu/amdgpu_aca.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_aca.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_aca.c
index 43f3e72fb247a..aa66c501580b9 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_aca.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_aca.c
@@ -158,7 +158,7 @@ static int aca_smu_get_valid_aca_banks(struct amdgpu_device *adev, enum aca_smu_
return -EINVAL;
}
- if (start + count >= max_count)
+ if (start + count > max_count)
return -EINVAL;
count = min_t(int, count, max_count);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 340/817] drm/amdgpu: Fix map/unmap queue logic
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (338 preceding siblings ...)
2024-12-03 14:38 ` [PATCH 6.11 339/817] drm/amdgpu: fix ACA bank count boundary check error Greg Kroah-Hartman
@ 2024-12-03 14:38 ` Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 341/817] drm/amdkfd: Fix wrong usage of INIT_WORK() Greg Kroah-Hartman
` (486 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Lijo Lazar, Le Ma, Alex Deucher,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Lijo Lazar <lijo.lazar@amd.com>
[ Upstream commit fa31798582882740f2b13d19e1bd43b4ef918e2f ]
In current logic, it calls ring_alloc followed by a ring_test. ring_test
in turn will call another ring_alloc. This is illegal usage as a
ring_alloc is expected to be closed properly with a ring_commit. Change
to commit the map/unmap queue packet first followed by a ring_test. Add a
comment about the usage of ring_test.
Also, reorder the current pre-condition checks of job hang or kiq ring
scheduler not ready. Without them being met, it is not useful to attempt
ring or memory allocations.
Fixes tag refers to the original patch which introduced this issue which
then got carried over into newer code.
Signed-off-by: Lijo Lazar <lijo.lazar@amd.com>
Reviewed-by: Le Ma <le.ma@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Fixes: 6c10b5cc4eaa ("drm/amdgpu: Remove duplicate code in gfx_v8_0.c")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.c | 13 ++++-
drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c | 63 +++++++++++++++-------
drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c | 7 +++
3 files changed, 63 insertions(+), 20 deletions(-)
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.c
index c272461d70a9a..b397c78386739 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.c
@@ -850,6 +850,9 @@ int amdgpu_amdkfd_unmap_hiq(struct amdgpu_device *adev, u32 doorbell_off,
if (!kiq->pmf || !kiq->pmf->kiq_unmap_queues)
return -EINVAL;
+ if (!kiq_ring->sched.ready || adev->job_hang)
+ return 0;
+
ring_funcs = kzalloc(sizeof(*ring_funcs), GFP_KERNEL);
if (!ring_funcs)
return -ENOMEM;
@@ -874,8 +877,14 @@ int amdgpu_amdkfd_unmap_hiq(struct amdgpu_device *adev, u32 doorbell_off,
kiq->pmf->kiq_unmap_queues(kiq_ring, ring, RESET_QUEUES, 0, 0);
- if (kiq_ring->sched.ready && !adev->job_hang)
- r = amdgpu_ring_test_helper(kiq_ring);
+ /* Submit unmap queue packet */
+ amdgpu_ring_commit(kiq_ring);
+ /*
+ * Ring test will do a basic scratch register change check. Just run
+ * this to ensure that unmap queues that is submitted before got
+ * processed successfully before returning.
+ */
+ r = amdgpu_ring_test_helper(kiq_ring);
spin_unlock(&kiq->ring_lock);
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c
index 3ff39d3ec317c..0058f1796c75c 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c
@@ -522,6 +522,17 @@ int amdgpu_gfx_disable_kcq(struct amdgpu_device *adev, int xcc_id)
if (!kiq->pmf || !kiq->pmf->kiq_unmap_queues)
return -EINVAL;
+ if (!kiq_ring->sched.ready || adev->job_hang)
+ return 0;
+ /**
+ * This is workaround: only skip kiq_ring test
+ * during ras recovery in suspend stage for gfx9.4.3
+ */
+ if ((amdgpu_ip_version(adev, GC_HWIP, 0) == IP_VERSION(9, 4, 3) ||
+ amdgpu_ip_version(adev, GC_HWIP, 0) == IP_VERSION(9, 4, 4)) &&
+ amdgpu_ras_in_recovery(adev))
+ return 0;
+
spin_lock(&kiq->ring_lock);
if (amdgpu_ring_alloc(kiq_ring, kiq->pmf->unmap_queues_size *
adev->gfx.num_compute_rings)) {
@@ -535,20 +546,15 @@ int amdgpu_gfx_disable_kcq(struct amdgpu_device *adev, int xcc_id)
&adev->gfx.compute_ring[j],
RESET_QUEUES, 0, 0);
}
-
- /**
- * This is workaround: only skip kiq_ring test
- * during ras recovery in suspend stage for gfx9.4.3
+ /* Submit unmap queue packet */
+ amdgpu_ring_commit(kiq_ring);
+ /*
+ * Ring test will do a basic scratch register change check. Just run
+ * this to ensure that unmap queues that is submitted before got
+ * processed successfully before returning.
*/
- if ((amdgpu_ip_version(adev, GC_HWIP, 0) == IP_VERSION(9, 4, 3) ||
- amdgpu_ip_version(adev, GC_HWIP, 0) == IP_VERSION(9, 4, 4)) &&
- amdgpu_ras_in_recovery(adev)) {
- spin_unlock(&kiq->ring_lock);
- return 0;
- }
+ r = amdgpu_ring_test_helper(kiq_ring);
- if (kiq_ring->sched.ready && !adev->job_hang)
- r = amdgpu_ring_test_helper(kiq_ring);
spin_unlock(&kiq->ring_lock);
return r;
@@ -576,8 +582,11 @@ int amdgpu_gfx_disable_kgq(struct amdgpu_device *adev, int xcc_id)
if (!kiq->pmf || !kiq->pmf->kiq_unmap_queues)
return -EINVAL;
- spin_lock(&kiq->ring_lock);
+ if (!adev->gfx.kiq[0].ring.sched.ready || adev->job_hang)
+ return 0;
+
if (amdgpu_gfx_is_master_xcc(adev, xcc_id)) {
+ spin_lock(&kiq->ring_lock);
if (amdgpu_ring_alloc(kiq_ring, kiq->pmf->unmap_queues_size *
adev->gfx.num_gfx_rings)) {
spin_unlock(&kiq->ring_lock);
@@ -590,11 +599,17 @@ int amdgpu_gfx_disable_kgq(struct amdgpu_device *adev, int xcc_id)
&adev->gfx.gfx_ring[j],
PREEMPT_QUEUES, 0, 0);
}
- }
+ /* Submit unmap queue packet */
+ amdgpu_ring_commit(kiq_ring);
- if (adev->gfx.kiq[0].ring.sched.ready && !adev->job_hang)
+ /*
+ * Ring test will do a basic scratch register change check.
+ * Just run this to ensure that unmap queues that is submitted
+ * before got processed successfully before returning.
+ */
r = amdgpu_ring_test_helper(kiq_ring);
- spin_unlock(&kiq->ring_lock);
+ spin_unlock(&kiq->ring_lock);
+ }
return r;
}
@@ -699,7 +714,13 @@ int amdgpu_gfx_enable_kcq(struct amdgpu_device *adev, int xcc_id)
kiq->pmf->kiq_map_queues(kiq_ring,
&adev->gfx.compute_ring[j]);
}
-
+ /* Submit map queue packet */
+ amdgpu_ring_commit(kiq_ring);
+ /*
+ * Ring test will do a basic scratch register change check. Just run
+ * this to ensure that map queues that is submitted before got
+ * processed successfully before returning.
+ */
r = amdgpu_ring_test_helper(kiq_ring);
spin_unlock(&kiq->ring_lock);
if (r)
@@ -750,7 +771,13 @@ int amdgpu_gfx_enable_kgq(struct amdgpu_device *adev, int xcc_id)
&adev->gfx.gfx_ring[j]);
}
}
-
+ /* Submit map queue packet */
+ amdgpu_ring_commit(kiq_ring);
+ /*
+ * Ring test will do a basic scratch register change check. Just run
+ * this to ensure that map queues that is submitted before got
+ * processed successfully before returning.
+ */
r = amdgpu_ring_test_helper(kiq_ring);
spin_unlock(&kiq->ring_lock);
if (r)
diff --git a/drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c b/drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c
index b4658c7db0e16..618972c43aac5 100644
--- a/drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c
+++ b/drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c
@@ -4823,6 +4823,13 @@ static int gfx_v8_0_kcq_disable(struct amdgpu_device *adev)
amdgpu_ring_write(kiq_ring, 0);
amdgpu_ring_write(kiq_ring, 0);
}
+ /* Submit unmap queue packet */
+ amdgpu_ring_commit(kiq_ring);
+ /*
+ * Ring test will do a basic scratch register change check. Just run
+ * this to ensure that unmap queues that is submitted before got
+ * processed successfully before returning.
+ */
r = amdgpu_ring_test_helper(kiq_ring);
if (r)
DRM_ERROR("KCQ disable failed\n");
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 341/817] drm/amdkfd: Fix wrong usage of INIT_WORK()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (339 preceding siblings ...)
2024-12-03 14:38 ` [PATCH 6.11 340/817] drm/amdgpu: Fix map/unmap queue logic Greg Kroah-Hartman
@ 2024-12-03 14:38 ` Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 342/817] bpf: Allow return values 0 and 1 for kprobe session Greg Kroah-Hartman
` (485 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yuan Can, Felix Kuehling,
Alex Deucher, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yuan Can <yuancan@huawei.com>
[ Upstream commit 21cae8debc6a1d243f64fa82cd1b41cb612b5c61 ]
In kfd_procfs_show(), the sdma_activity_work_handler is a local variable
and the sdma_activity_work_handler.sdma_activity_work should initialize
with INIT_WORK_ONSTACK() instead of INIT_WORK().
Fixes: 32cb59f31362 ("drm/amdkfd: Track SDMA utilization per process")
Signed-off-by: Yuan Can <yuancan@huawei.com>
Signed-off-by: Felix Kuehling <felix.kuehling@amd.com>
Reviewed-by: Felix Kuehling <felix.kuehling@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/amdkfd/kfd_process.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_process.c b/drivers/gpu/drm/amd/amdkfd/kfd_process.c
index 8343b3e4de7b5..378ce360b861b 100644
--- a/drivers/gpu/drm/amd/amdkfd/kfd_process.c
+++ b/drivers/gpu/drm/amd/amdkfd/kfd_process.c
@@ -312,8 +312,8 @@ static ssize_t kfd_procfs_show(struct kobject *kobj, struct attribute *attr,
attr_sdma);
struct kfd_sdma_activity_handler_workarea sdma_activity_work_handler;
- INIT_WORK(&sdma_activity_work_handler.sdma_activity_work,
- kfd_sdma_activity_worker);
+ INIT_WORK_ONSTACK(&sdma_activity_work_handler.sdma_activity_work,
+ kfd_sdma_activity_worker);
sdma_activity_work_handler.pdd = pdd;
sdma_activity_work_handler.sdma_activity_counter = 0;
@@ -321,6 +321,7 @@ static ssize_t kfd_procfs_show(struct kobject *kobj, struct attribute *attr,
schedule_work(&sdma_activity_work_handler.sdma_activity_work);
flush_work(&sdma_activity_work_handler.sdma_activity_work);
+ destroy_work_on_stack(&sdma_activity_work_handler.sdma_activity_work);
return snprintf(buffer, PAGE_SIZE, "%llu\n",
(sdma_activity_work_handler.sdma_activity_counter)/
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 342/817] bpf: Allow return values 0 and 1 for kprobe session
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (340 preceding siblings ...)
2024-12-03 14:38 ` [PATCH 6.11 341/817] drm/amdkfd: Fix wrong usage of INIT_WORK() Greg Kroah-Hartman
@ 2024-12-03 14:38 ` Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 343/817] bpf: Force uprobe bpf program to always return 0 Greg Kroah-Hartman
` (484 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:38 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Jiri Olsa, Andrii Nakryiko,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jiri Olsa <jolsa@kernel.org>
[ Upstream commit 17c4b65a24938c6dd79496cce5df15f70d9c253c ]
The kprobe session program can return only 0 or 1,
instruct verifier to check for that.
Fixes: 535a3692ba72 ("bpf: Add support for kprobe session attach")
Signed-off-by: Jiri Olsa <jolsa@kernel.org>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Acked-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/bpf/20241108134544.480660-2-jolsa@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/bpf/verifier.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index b34a358c75e0f..61c3896087b2c 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -15798,6 +15798,15 @@ static int check_return_code(struct bpf_verifier_env *env, int regno, const char
return -ENOTSUPP;
}
break;
+ case BPF_PROG_TYPE_KPROBE:
+ switch (env->prog->expected_attach_type) {
+ case BPF_TRACE_KPROBE_SESSION:
+ range = retval_range(0, 1);
+ break;
+ default:
+ return 0;
+ }
+ break;
case BPF_PROG_TYPE_SK_LOOKUP:
range = retval_range(SK_DROP, SK_PASS);
break;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 343/817] bpf: Force uprobe bpf program to always return 0
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (341 preceding siblings ...)
2024-12-03 14:38 ` [PATCH 6.11 342/817] bpf: Allow return values 0 and 1 for kprobe session Greg Kroah-Hartman
@ 2024-12-03 14:38 ` Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 344/817] selftests/bpf: skip the timer_lockup test for single-CPU nodes Greg Kroah-Hartman
` (483 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:38 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Andrii Nakryiko, Jiri Olsa,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jiri Olsa <jolsa@kernel.org>
[ Upstream commit f505005bc7426f4309880da94cfbfc37efa225bd ]
As suggested by Andrii make uprobe multi bpf programs to always return 0,
so they can't force uprobe removal.
Keeping the int return type for uprobe_prog_run, because it will be used
in following session changes.
Fixes: 89ae89f53d20 ("bpf: Add multi uprobe link")
Suggested-by: Andrii Nakryiko <andrii@kernel.org>
Signed-off-by: Jiri Olsa <jolsa@kernel.org>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Acked-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/bpf/20241108134544.480660-3-jolsa@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/trace/bpf_trace.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c
index 6dbbb3683ab2e..9cb1c952c3ec4 100644
--- a/kernel/trace/bpf_trace.c
+++ b/kernel/trace/bpf_trace.c
@@ -3294,7 +3294,6 @@ static int uprobe_prog_run(struct bpf_uprobe *uprobe,
struct bpf_prog *prog = link->link.prog;
bool sleepable = prog->sleepable;
struct bpf_run_ctx *old_run_ctx;
- int err = 0;
if (link->task && current->mm != link->task->mm)
return 0;
@@ -3307,7 +3306,7 @@ static int uprobe_prog_run(struct bpf_uprobe *uprobe,
migrate_disable();
old_run_ctx = bpf_set_run_ctx(&run_ctx.run_ctx);
- err = bpf_prog_run(link->link.prog, regs);
+ bpf_prog_run(link->link.prog, regs);
bpf_reset_run_ctx(old_run_ctx);
migrate_enable();
@@ -3316,7 +3315,7 @@ static int uprobe_prog_run(struct bpf_uprobe *uprobe,
rcu_read_unlock_trace();
else
rcu_read_unlock();
- return err;
+ return 0;
}
static bool
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 344/817] selftests/bpf: skip the timer_lockup test for single-CPU nodes
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (342 preceding siblings ...)
2024-12-03 14:38 ` [PATCH 6.11 343/817] bpf: Force uprobe bpf program to always return 0 Greg Kroah-Hartman
@ 2024-12-03 14:38 ` Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 345/817] ipv6: Fix soft lockups in fib6_select_path under high next hop churn Greg Kroah-Hartman
` (482 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Viktor Malik, Philo Lu,
Kumar Kartikeya Dwivedi, Alexei Starovoitov, Andrii Nakryiko,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Viktor Malik <vmalik@redhat.com>
[ Upstream commit 937a1c29a287e8f48c4cea714c76a13e14d989ac ]
The timer_lockup test needs 2 CPUs to work, on single-CPU nodes it fails
to set thread affinity to CPU 1 since it doesn't exist:
# ./test_progs -t timer_lockup
test_timer_lockup:PASS:timer_lockup__open_and_load 0 nsec
test_timer_lockup:PASS:pthread_create thread1 0 nsec
test_timer_lockup:PASS:pthread_create thread2 0 nsec
timer_lockup_thread:PASS:cpu affinity 0 nsec
timer_lockup_thread:FAIL:cpu affinity unexpected error: 22 (errno 0)
test_timer_lockup:PASS: 0 nsec
#406 timer_lockup:FAIL
Skip the test if only 1 CPU is available.
Signed-off-by: Viktor Malik <vmalik@redhat.com>
Fixes: 50bd5a0c658d1 ("selftests/bpf: Add timer lockup selftest")
Tested-by: Philo Lu <lulie@linux.alibaba.com>
Acked-by: Kumar Kartikeya Dwivedi <memxor@gmail.com>
Link: https://lore.kernel.org/r/20241107115231.75200-1-vmalik@redhat.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/bpf/prog_tests/timer_lockup.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/tools/testing/selftests/bpf/prog_tests/timer_lockup.c b/tools/testing/selftests/bpf/prog_tests/timer_lockup.c
index 871d16cb95cfd..1a2f99596916f 100644
--- a/tools/testing/selftests/bpf/prog_tests/timer_lockup.c
+++ b/tools/testing/selftests/bpf/prog_tests/timer_lockup.c
@@ -5,6 +5,7 @@
#include <test_progs.h>
#include <pthread.h>
#include <network_helpers.h>
+#include <sys/sysinfo.h>
#include "timer_lockup.skel.h"
@@ -52,6 +53,11 @@ void test_timer_lockup(void)
pthread_t thrds[2];
void *ret;
+ if (get_nprocs() < 2) {
+ test__skip();
+ return;
+ }
+
skel = timer_lockup__open_and_load();
if (!ASSERT_OK_PTR(skel, "timer_lockup__open_and_load"))
return;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 345/817] ipv6: Fix soft lockups in fib6_select_path under high next hop churn
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (343 preceding siblings ...)
2024-12-03 14:38 ` [PATCH 6.11 344/817] selftests/bpf: skip the timer_lockup test for single-CPU nodes Greg Kroah-Hartman
@ 2024-12-03 14:38 ` Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 346/817] net: rfkill: gpio: Add check for clk_enable() Greg Kroah-Hartman
` (481 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Adrian Oliver, Omid Ehtemam-Haghighi,
Shuah Khan, Ido Schimmel, Kuniyuki Iwashima, Simon Horman,
David Ahern, Jakub Kicinski, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Omid Ehtemam-Haghighi <omid.ehtemamhaghighi@menlosecurity.com>
[ Upstream commit d9ccb18f83ea2bb654289b6ecf014fd267cc988b ]
Soft lockups have been observed on a cluster of Linux-based edge routers
located in a highly dynamic environment. Using the `bird` service, these
routers continuously update BGP-advertised routes due to frequently
changing nexthop destinations, while also managing significant IPv6
traffic. The lockups occur during the traversal of the multipath
circular linked-list in the `fib6_select_path` function, particularly
while iterating through the siblings in the list. The issue typically
arises when the nodes of the linked list are unexpectedly deleted
concurrently on a different core—indicated by their 'next' and
'previous' elements pointing back to the node itself and their reference
count dropping to zero. This results in an infinite loop, leading to a
soft lockup that triggers a system panic via the watchdog timer.
Apply RCU primitives in the problematic code sections to resolve the
issue. Where necessary, update the references to fib6_siblings to
annotate or use the RCU APIs.
Include a test script that reproduces the issue. The script
periodically updates the routing table while generating a heavy load
of outgoing IPv6 traffic through multiple iperf3 clients. It
consistently induces infinite soft lockups within a couple of minutes.
Kernel log:
0 [ffffbd13003e8d30] machine_kexec at ffffffff8ceaf3eb
1 [ffffbd13003e8d90] __crash_kexec at ffffffff8d0120e3
2 [ffffbd13003e8e58] panic at ffffffff8cef65d4
3 [ffffbd13003e8ed8] watchdog_timer_fn at ffffffff8d05cb03
4 [ffffbd13003e8f08] __hrtimer_run_queues at ffffffff8cfec62f
5 [ffffbd13003e8f70] hrtimer_interrupt at ffffffff8cfed756
6 [ffffbd13003e8fd0] __sysvec_apic_timer_interrupt at ffffffff8cea01af
7 [ffffbd13003e8ff0] sysvec_apic_timer_interrupt at ffffffff8df1b83d
-- <IRQ stack> --
8 [ffffbd13003d3708] asm_sysvec_apic_timer_interrupt at ffffffff8e000ecb
[exception RIP: fib6_select_path+299]
RIP: ffffffff8ddafe7b RSP: ffffbd13003d37b8 RFLAGS: 00000287
RAX: ffff975850b43600 RBX: ffff975850b40200 RCX: 0000000000000000
RDX: 000000003fffffff RSI: 0000000051d383e4 RDI: ffff975850b43618
RBP: ffffbd13003d3800 R8: 0000000000000000 R9: ffff975850b40200
R10: 0000000000000000 R11: 0000000000000000 R12: ffffbd13003d3830
R13: ffff975850b436a8 R14: ffff975850b43600 R15: 0000000000000007
ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018
9 [ffffbd13003d3808] ip6_pol_route at ffffffff8ddb030c
10 [ffffbd13003d3888] ip6_pol_route_input at ffffffff8ddb068c
11 [ffffbd13003d3898] fib6_rule_lookup at ffffffff8ddf02b5
12 [ffffbd13003d3928] ip6_route_input at ffffffff8ddb0f47
13 [ffffbd13003d3a18] ip6_rcv_finish_core.constprop.0 at ffffffff8dd950d0
14 [ffffbd13003d3a30] ip6_list_rcv_finish.constprop.0 at ffffffff8dd96274
15 [ffffbd13003d3a98] ip6_sublist_rcv at ffffffff8dd96474
16 [ffffbd13003d3af8] ipv6_list_rcv at ffffffff8dd96615
17 [ffffbd13003d3b60] __netif_receive_skb_list_core at ffffffff8dc16fec
18 [ffffbd13003d3be0] netif_receive_skb_list_internal at ffffffff8dc176b3
19 [ffffbd13003d3c50] napi_gro_receive at ffffffff8dc565b9
20 [ffffbd13003d3c80] ice_receive_skb at ffffffffc087e4f5 [ice]
21 [ffffbd13003d3c90] ice_clean_rx_irq at ffffffffc0881b80 [ice]
22 [ffffbd13003d3d20] ice_napi_poll at ffffffffc088232f [ice]
23 [ffffbd13003d3d80] __napi_poll at ffffffff8dc18000
24 [ffffbd13003d3db8] net_rx_action at ffffffff8dc18581
25 [ffffbd13003d3e40] __do_softirq at ffffffff8df352e9
26 [ffffbd13003d3eb0] run_ksoftirqd at ffffffff8ceffe47
27 [ffffbd13003d3ec0] smpboot_thread_fn at ffffffff8cf36a30
28 [ffffbd13003d3ee8] kthread at ffffffff8cf2b39f
29 [ffffbd13003d3f28] ret_from_fork at ffffffff8ce5fa64
30 [ffffbd13003d3f50] ret_from_fork_asm at ffffffff8ce03cbb
Fixes: 66f5d6ce53e6 ("ipv6: replace rwlock with rcu and spinlock in fib6_table")
Reported-by: Adrian Oliver <kernel@aoliver.ca>
Signed-off-by: Omid Ehtemam-Haghighi <omid.ehtemamhaghighi@menlosecurity.com>
Cc: Shuah Khan <shuah@kernel.org>
Cc: Ido Schimmel <idosch@idosch.org>
Cc: Kuniyuki Iwashima <kuniyu@amazon.com>
Cc: Simon Horman <horms@kernel.org>
Reviewed-by: David Ahern <dsahern@kernel.org>
Link: https://patch.msgid.link/20241106010236.1239299-1-omid.ehtemamhaghighi@menlosecurity.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv6/ip6_fib.c | 8 +-
net/ipv6/route.c | 45 ++-
tools/testing/selftests/net/Makefile | 1 +
.../net/ipv6_route_update_soft_lockup.sh | 262 ++++++++++++++++++
4 files changed, 297 insertions(+), 19 deletions(-)
create mode 100755 tools/testing/selftests/net/ipv6_route_update_soft_lockup.sh
diff --git a/net/ipv6/ip6_fib.c b/net/ipv6/ip6_fib.c
index eb111d20615c6..9a1c59275a109 100644
--- a/net/ipv6/ip6_fib.c
+++ b/net/ipv6/ip6_fib.c
@@ -1190,8 +1190,8 @@ static int fib6_add_rt2node(struct fib6_node *fn, struct fib6_info *rt,
while (sibling) {
if (sibling->fib6_metric == rt->fib6_metric &&
rt6_qualify_for_ecmp(sibling)) {
- list_add_tail(&rt->fib6_siblings,
- &sibling->fib6_siblings);
+ list_add_tail_rcu(&rt->fib6_siblings,
+ &sibling->fib6_siblings);
break;
}
sibling = rcu_dereference_protected(sibling->fib6_next,
@@ -1252,7 +1252,7 @@ static int fib6_add_rt2node(struct fib6_node *fn, struct fib6_info *rt,
fib6_siblings)
sibling->fib6_nsiblings--;
rt->fib6_nsiblings = 0;
- list_del_init(&rt->fib6_siblings);
+ list_del_rcu(&rt->fib6_siblings);
rt6_multipath_rebalance(next_sibling);
return err;
}
@@ -1970,7 +1970,7 @@ static void fib6_del_route(struct fib6_table *table, struct fib6_node *fn,
&rt->fib6_siblings, fib6_siblings)
sibling->fib6_nsiblings--;
rt->fib6_nsiblings = 0;
- list_del_init(&rt->fib6_siblings);
+ list_del_rcu(&rt->fib6_siblings);
rt6_multipath_rebalance(next_sibling);
}
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index 606cdd87745a6..6b58842c5a73d 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -416,8 +416,8 @@ void fib6_select_path(const struct net *net, struct fib6_result *res,
struct flowi6 *fl6, int oif, bool have_oif_match,
const struct sk_buff *skb, int strict)
{
- struct fib6_info *sibling, *next_sibling;
struct fib6_info *match = res->f6i;
+ struct fib6_info *sibling;
if (!match->nh && (!match->fib6_nsiblings || have_oif_match))
goto out;
@@ -443,8 +443,8 @@ void fib6_select_path(const struct net *net, struct fib6_result *res,
if (fl6->mp_hash <= atomic_read(&match->fib6_nh->fib_nh_upper_bound))
goto out;
- list_for_each_entry_safe(sibling, next_sibling, &match->fib6_siblings,
- fib6_siblings) {
+ list_for_each_entry_rcu(sibling, &match->fib6_siblings,
+ fib6_siblings) {
const struct fib6_nh *nh = sibling->fib6_nh;
int nh_upper_bound;
@@ -5195,14 +5195,18 @@ static void ip6_route_mpath_notify(struct fib6_info *rt,
* nexthop. Since sibling routes are always added at the end of
* the list, find the first sibling of the last route appended
*/
+ rcu_read_lock();
+
if ((nlflags & NLM_F_APPEND) && rt_last && rt_last->fib6_nsiblings) {
- rt = list_first_entry(&rt_last->fib6_siblings,
- struct fib6_info,
- fib6_siblings);
+ rt = list_first_or_null_rcu(&rt_last->fib6_siblings,
+ struct fib6_info,
+ fib6_siblings);
}
if (rt)
inet6_rt_notify(RTM_NEWROUTE, rt, info, nlflags);
+
+ rcu_read_unlock();
}
static bool ip6_route_mpath_should_notify(const struct fib6_info *rt)
@@ -5547,17 +5551,21 @@ static size_t rt6_nlmsg_size(struct fib6_info *f6i)
nexthop_for_each_fib6_nh(f6i->nh, rt6_nh_nlmsg_size,
&nexthop_len);
} else {
- struct fib6_info *sibling, *next_sibling;
struct fib6_nh *nh = f6i->fib6_nh;
+ struct fib6_info *sibling;
nexthop_len = 0;
if (f6i->fib6_nsiblings) {
rt6_nh_nlmsg_size(nh, &nexthop_len);
- list_for_each_entry_safe(sibling, next_sibling,
- &f6i->fib6_siblings, fib6_siblings) {
+ rcu_read_lock();
+
+ list_for_each_entry_rcu(sibling, &f6i->fib6_siblings,
+ fib6_siblings) {
rt6_nh_nlmsg_size(sibling->fib6_nh, &nexthop_len);
}
+
+ rcu_read_unlock();
}
nexthop_len += lwtunnel_get_encap_size(nh->fib_nh_lws);
}
@@ -5721,7 +5729,7 @@ static int rt6_fill_node(struct net *net, struct sk_buff *skb,
lwtunnel_fill_encap(skb, dst->lwtstate, RTA_ENCAP, RTA_ENCAP_TYPE) < 0)
goto nla_put_failure;
} else if (rt->fib6_nsiblings) {
- struct fib6_info *sibling, *next_sibling;
+ struct fib6_info *sibling;
struct nlattr *mp;
mp = nla_nest_start_noflag(skb, RTA_MULTIPATH);
@@ -5733,14 +5741,21 @@ static int rt6_fill_node(struct net *net, struct sk_buff *skb,
0) < 0)
goto nla_put_failure;
- list_for_each_entry_safe(sibling, next_sibling,
- &rt->fib6_siblings, fib6_siblings) {
+ rcu_read_lock();
+
+ list_for_each_entry_rcu(sibling, &rt->fib6_siblings,
+ fib6_siblings) {
if (fib_add_nexthop(skb, &sibling->fib6_nh->nh_common,
sibling->fib6_nh->fib_nh_weight,
- AF_INET6, 0) < 0)
+ AF_INET6, 0) < 0) {
+ rcu_read_unlock();
+
goto nla_put_failure;
+ }
}
+ rcu_read_unlock();
+
nla_nest_end(skb, mp);
} else if (rt->nh) {
if (nla_put_u32(skb, RTA_NH_ID, rt->nh->id))
@@ -6177,7 +6192,7 @@ void inet6_rt_notify(int event, struct fib6_info *rt, struct nl_info *info,
err = -ENOBUFS;
seq = info->nlh ? info->nlh->nlmsg_seq : 0;
- skb = nlmsg_new(rt6_nlmsg_size(rt), gfp_any());
+ skb = nlmsg_new(rt6_nlmsg_size(rt), GFP_ATOMIC);
if (!skb)
goto errout;
@@ -6190,7 +6205,7 @@ void inet6_rt_notify(int event, struct fib6_info *rt, struct nl_info *info,
goto errout;
}
rtnl_notify(skb, net, info->portid, RTNLGRP_IPV6_ROUTE,
- info->nlh, gfp_any());
+ info->nlh, GFP_ATOMIC);
return;
errout:
if (err < 0)
diff --git a/tools/testing/selftests/net/Makefile b/tools/testing/selftests/net/Makefile
index 9d5aa817411b6..d79942e6ff76f 100644
--- a/tools/testing/selftests/net/Makefile
+++ b/tools/testing/selftests/net/Makefile
@@ -95,6 +95,7 @@ TEST_PROGS += fdb_flush.sh
TEST_PROGS += fq_band_pktlimit.sh
TEST_PROGS += vlan_hw_filter.sh
TEST_PROGS += bpf_offload.py
+TEST_PROGS += ipv6_route_update_soft_lockup.sh
TEST_FILES := settings
TEST_FILES += in_netns.sh lib.sh net_helper.sh setup_loopback.sh setup_veth.sh
diff --git a/tools/testing/selftests/net/ipv6_route_update_soft_lockup.sh b/tools/testing/selftests/net/ipv6_route_update_soft_lockup.sh
new file mode 100755
index 0000000000000..a6b2b1f9c641c
--- /dev/null
+++ b/tools/testing/selftests/net/ipv6_route_update_soft_lockup.sh
@@ -0,0 +1,262 @@
+#!/bin/bash
+# SPDX-License-Identifier: GPL-2.0
+#
+# Testing for potential kernel soft lockup during IPv6 routing table
+# refresh under heavy outgoing IPv6 traffic. If a kernel soft lockup
+# occurs, a kernel panic will be triggered to prevent associated issues.
+#
+#
+# Test Environment Layout
+#
+# ┌----------------┐ ┌----------------┐
+# | SOURCE_NS | | SINK_NS |
+# | NAMESPACE | | NAMESPACE |
+# |(iperf3 clients)| |(iperf3 servers)|
+# | | | |
+# | | | |
+# | ┌-----------| nexthops |---------┐ |
+# | |veth_source|<--------------------------------------->|veth_sink|<┐ |
+# | └-----------|2001:0DB8:1::0:1/96 2001:0DB8:1::1:1/96 |---------┘ | |
+# | | ^ 2001:0DB8:1::1:2/96 | | |
+# | | . . | fwd | |
+# | ┌---------┐ | . . | | |
+# | | IPv6 | | . . | V |
+# | | routing | | . 2001:0DB8:1::1:80/96| ┌-----┐ |
+# | | table | | . | | lo | |
+# | | nexthop | | . └--------┴-----┴-┘
+# | | update | | ............................> 2001:0DB8:2::1:1/128
+# | └-------- ┘ |
+# └----------------┘
+#
+# The test script sets up two network namespaces, source_ns and sink_ns,
+# connected via a veth link. Within source_ns, it continuously updates the
+# IPv6 routing table by flushing and inserting IPV6_NEXTHOP_ADDR_COUNT nexthop
+# IPs destined for SINK_LOOPBACK_IP_ADDR in sink_ns. This refresh occurs at a
+# rate of 1/ROUTING_TABLE_REFRESH_PERIOD per second for TEST_DURATION seconds.
+#
+# Simultaneously, multiple iperf3 clients within source_ns generate heavy
+# outgoing IPv6 traffic. Each client is assigned a unique port number starting
+# at 5000 and incrementing sequentially. Each client targets a unique iperf3
+# server running in sink_ns, connected to the SINK_LOOPBACK_IFACE interface
+# using the same port number.
+#
+# The number of iperf3 servers and clients is set to half of the total
+# available cores on each machine.
+#
+# NOTE: We have tested this script on machines with various CPU specifications,
+# ranging from lower to higher performance as listed below. The test script
+# effectively triggered a kernel soft lockup on machines running an unpatched
+# kernel in under a minute:
+#
+# - 1x Intel Xeon E-2278G 8-Core Processor @ 3.40GHz
+# - 1x Intel Xeon E-2378G Processor 8-Core @ 2.80GHz
+# - 1x AMD EPYC 7401P 24-Core Processor @ 2.00GHz
+# - 1x AMD EPYC 7402P 24-Core Processor @ 2.80GHz
+# - 2x Intel Xeon Gold 5120 14-Core Processor @ 2.20GHz
+# - 1x Ampere Altra Q80-30 80-Core Processor @ 3.00GHz
+# - 2x Intel Xeon Gold 5120 14-Core Processor @ 2.20GHz
+# - 2x Intel Xeon Silver 4214 24-Core Processor @ 2.20GHz
+# - 1x AMD EPYC 7502P 32-Core @ 2.50GHz
+# - 1x Intel Xeon Gold 6314U 32-Core Processor @ 2.30GHz
+# - 2x Intel Xeon Gold 6338 32-Core Processor @ 2.00GHz
+#
+# On less performant machines, you may need to increase the TEST_DURATION
+# parameter to enhance the likelihood of encountering a race condition leading
+# to a kernel soft lockup and avoid a false negative result.
+#
+# NOTE: The test may not produce the expected result in virtualized
+# environments (e.g., qemu) due to differences in timing and CPU handling,
+# which can affect the conditions needed to trigger a soft lockup.
+
+source lib.sh
+source net_helper.sh
+
+TEST_DURATION=300
+ROUTING_TABLE_REFRESH_PERIOD=0.01
+
+IPERF3_BITRATE="300m"
+
+
+IPV6_NEXTHOP_ADDR_COUNT="128"
+IPV6_NEXTHOP_ADDR_MASK="96"
+IPV6_NEXTHOP_PREFIX="2001:0DB8:1"
+
+
+SOURCE_TEST_IFACE="veth_source"
+SOURCE_TEST_IP_ADDR="2001:0DB8:1::0:1/96"
+
+SINK_TEST_IFACE="veth_sink"
+# ${SINK_TEST_IFACE} is populated with the following range of IPv6 addresses:
+# 2001:0DB8:1::1:1 to 2001:0DB8:1::1:${IPV6_NEXTHOP_ADDR_COUNT}
+SINK_LOOPBACK_IFACE="lo"
+SINK_LOOPBACK_IP_MASK="128"
+SINK_LOOPBACK_IP_ADDR="2001:0DB8:2::1:1"
+
+nexthop_ip_list=""
+termination_signal=""
+kernel_softlokup_panic_prev_val=""
+
+terminate_ns_processes_by_pattern() {
+ local ns=$1
+ local pattern=$2
+
+ for pid in $(ip netns pids ${ns}); do
+ [ -e /proc/$pid/cmdline ] && grep -qe "${pattern}" /proc/$pid/cmdline && kill -9 $pid
+ done
+}
+
+cleanup() {
+ echo "info: cleaning up namespaces and terminating all processes within them..."
+
+
+ # Terminate iperf3 instances running in the source_ns. To avoid race
+ # conditions, first iterate over the PIDs and terminate those
+ # associated with the bash shells running the
+ # `while true; do iperf3 -c ...; done` loops. In a second iteration,
+ # terminate the individual `iperf3 -c ...` instances.
+ terminate_ns_processes_by_pattern ${source_ns} while
+ terminate_ns_processes_by_pattern ${source_ns} iperf3
+
+ # Repeat the same process for sink_ns
+ terminate_ns_processes_by_pattern ${sink_ns} while
+ terminate_ns_processes_by_pattern ${sink_ns} iperf3
+
+ # Check if any iperf3 instances are still running. This could happen
+ # if a core has entered an infinite loop and the timeout for detecting
+ # the soft lockup has not expired, but either the test interval has
+ # already elapsed or the test was terminated manually (e.g., with ^C)
+ for pid in $(ip netns pids ${source_ns}); do
+ if [ -e /proc/$pid/cmdline ] && grep -qe 'iperf3' /proc/$pid/cmdline; then
+ echo "FAIL: unable to terminate some iperf3 instances. Soft lockup is underway. A kernel panic is on the way!"
+ exit ${ksft_fail}
+ fi
+ done
+
+ if [ "$termination_signal" == "SIGINT" ]; then
+ echo "SKIP: Termination due to ^C (SIGINT)"
+ elif [ "$termination_signal" == "SIGALRM" ]; then
+ echo "PASS: No kernel soft lockup occurred during this ${TEST_DURATION} second test"
+ fi
+
+ cleanup_ns ${source_ns} ${sink_ns}
+
+ sysctl -qw kernel.softlockup_panic=${kernel_softlokup_panic_prev_val}
+}
+
+setup_prepare() {
+ setup_ns source_ns sink_ns
+
+ ip -n ${source_ns} link add name ${SOURCE_TEST_IFACE} type veth peer name ${SINK_TEST_IFACE} netns ${sink_ns}
+
+ # Setting up the Source namespace
+ ip -n ${source_ns} addr add ${SOURCE_TEST_IP_ADDR} dev ${SOURCE_TEST_IFACE}
+ ip -n ${source_ns} link set dev ${SOURCE_TEST_IFACE} qlen 10000
+ ip -n ${source_ns} link set dev ${SOURCE_TEST_IFACE} up
+ ip netns exec ${source_ns} sysctl -qw net.ipv6.fib_multipath_hash_policy=1
+
+ # Setting up the Sink namespace
+ ip -n ${sink_ns} addr add ${SINK_LOOPBACK_IP_ADDR}/${SINK_LOOPBACK_IP_MASK} dev ${SINK_LOOPBACK_IFACE}
+ ip -n ${sink_ns} link set dev ${SINK_LOOPBACK_IFACE} up
+ ip netns exec ${sink_ns} sysctl -qw net.ipv6.conf.${SINK_LOOPBACK_IFACE}.forwarding=1
+
+ ip -n ${sink_ns} link set ${SINK_TEST_IFACE} up
+ ip netns exec ${sink_ns} sysctl -qw net.ipv6.conf.${SINK_TEST_IFACE}.forwarding=1
+
+
+ # Populate nexthop IPv6 addresses on the test interface in the sink_ns
+ echo "info: populating ${IPV6_NEXTHOP_ADDR_COUNT} IPv6 addresses on the ${SINK_TEST_IFACE} interface ..."
+ for IP in $(seq 1 ${IPV6_NEXTHOP_ADDR_COUNT}); do
+ ip -n ${sink_ns} addr add ${IPV6_NEXTHOP_PREFIX}::$(printf "1:%x" "${IP}")/${IPV6_NEXTHOP_ADDR_MASK} dev ${SINK_TEST_IFACE};
+ done
+
+ # Preparing list of nexthops
+ for IP in $(seq 1 ${IPV6_NEXTHOP_ADDR_COUNT}); do
+ nexthop_ip_list=$nexthop_ip_list" nexthop via ${IPV6_NEXTHOP_PREFIX}::$(printf "1:%x" $IP) dev ${SOURCE_TEST_IFACE} weight 1"
+ done
+}
+
+
+test_soft_lockup_during_routing_table_refresh() {
+ # Start num_of_iperf_servers iperf3 servers in the sink_ns namespace,
+ # each listening on ports starting at 5001 and incrementing
+ # sequentially. Since iperf3 instances may terminate unexpectedly, a
+ # while loop is used to automatically restart them in such cases.
+ echo "info: starting ${num_of_iperf_servers} iperf3 servers in the sink_ns namespace ..."
+ for i in $(seq 1 ${num_of_iperf_servers}); do
+ cmd="iperf3 --bind ${SINK_LOOPBACK_IP_ADDR} -s -p $(printf '5%03d' ${i}) --rcv-timeout 200 &>/dev/null"
+ ip netns exec ${sink_ns} bash -c "while true; do ${cmd}; done &" &>/dev/null
+ done
+
+ # Wait for the iperf3 servers to be ready
+ for i in $(seq ${num_of_iperf_servers}); do
+ port=$(printf '5%03d' ${i});
+ wait_local_port_listen ${sink_ns} ${port} tcp
+ done
+
+ # Continuously refresh the routing table in the background within
+ # the source_ns namespace
+ ip netns exec ${source_ns} bash -c "
+ while \$(ip netns list | grep -q ${source_ns}); do
+ ip -6 route add ${SINK_LOOPBACK_IP_ADDR}/${SINK_LOOPBACK_IP_MASK} ${nexthop_ip_list};
+ sleep ${ROUTING_TABLE_REFRESH_PERIOD};
+ ip -6 route delete ${SINK_LOOPBACK_IP_ADDR}/${SINK_LOOPBACK_IP_MASK};
+ done &"
+
+ # Start num_of_iperf_servers iperf3 clients in the source_ns namespace,
+ # each sending TCP traffic on sequential ports starting at 5001.
+ # Since iperf3 instances may terminate unexpectedly (e.g., if the route
+ # to the server is deleted in the background during a route refresh), a
+ # while loop is used to automatically restart them in such cases.
+ echo "info: starting ${num_of_iperf_servers} iperf3 clients in the source_ns namespace ..."
+ for i in $(seq 1 ${num_of_iperf_servers}); do
+ cmd="iperf3 -c ${SINK_LOOPBACK_IP_ADDR} -p $(printf '5%03d' ${i}) --length 64 --bitrate ${IPERF3_BITRATE} -t 0 --connect-timeout 150 &>/dev/null"
+ ip netns exec ${source_ns} bash -c "while true; do ${cmd}; done &" &>/dev/null
+ done
+
+ echo "info: IPv6 routing table is being updated at the rate of $(echo "1/${ROUTING_TABLE_REFRESH_PERIOD}" | bc)/s for ${TEST_DURATION} seconds ..."
+ echo "info: A kernel soft lockup, if detected, results in a kernel panic!"
+
+ wait
+}
+
+# Make sure 'iperf3' is installed, skip the test otherwise
+if [ ! -x "$(command -v "iperf3")" ]; then
+ echo "SKIP: 'iperf3' is not installed. Skipping the test."
+ exit ${ksft_skip}
+fi
+
+# Determine the number of cores on the machine
+num_of_iperf_servers=$(( $(nproc)/2 ))
+
+# Check if we are running on a multi-core machine, skip the test otherwise
+if [ "${num_of_iperf_servers}" -eq 0 ]; then
+ echo "SKIP: This test is not valid on a single core machine!"
+ exit ${ksft_skip}
+fi
+
+# Since the kernel soft lockup we're testing causes at least one core to enter
+# an infinite loop, destabilizing the host and likely affecting subsequent
+# tests, we trigger a kernel panic instead of reporting a failure and
+# continuing
+kernel_softlokup_panic_prev_val=$(sysctl -n kernel.softlockup_panic)
+sysctl -qw kernel.softlockup_panic=1
+
+handle_sigint() {
+ termination_signal="SIGINT"
+ cleanup
+ exit ${ksft_skip}
+}
+
+handle_sigalrm() {
+ termination_signal="SIGALRM"
+ cleanup
+ exit ${ksft_pass}
+}
+
+trap handle_sigint SIGINT
+trap handle_sigalrm SIGALRM
+
+(sleep ${TEST_DURATION} && kill -s SIGALRM $$)&
+
+setup_prepare
+test_soft_lockup_during_routing_table_refresh
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 346/817] net: rfkill: gpio: Add check for clk_enable()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (344 preceding siblings ...)
2024-12-03 14:38 ` [PATCH 6.11 345/817] ipv6: Fix soft lockups in fib6_select_path under high next hop churn Greg Kroah-Hartman
@ 2024-12-03 14:38 ` Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 347/817] Revert "wifi: iwlegacy: do not skip frames with bad FCS" Greg Kroah-Hartman
` (480 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mingwei Zheng, Jiasheng Jiang,
Johannes Berg, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mingwei Zheng <zmw12306@gmail.com>
[ Upstream commit 8251e7621b25ccdb689f1dd9553b8789e3745ea1 ]
Add check for the return value of clk_enable() to catch the potential
error.
Fixes: 7176ba23f8b5 ("net: rfkill: add generic gpio rfkill driver")
Signed-off-by: Mingwei Zheng <zmw12306@gmail.com>
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
Link: https://patch.msgid.link/20241108195341.1853080-1-zmw12306@gmail.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/rfkill/rfkill-gpio.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/net/rfkill/rfkill-gpio.c b/net/rfkill/rfkill-gpio.c
index 84529886c2e66..bfd5ff967e903 100644
--- a/net/rfkill/rfkill-gpio.c
+++ b/net/rfkill/rfkill-gpio.c
@@ -31,8 +31,12 @@ static int rfkill_gpio_set_power(void *data, bool blocked)
{
struct rfkill_gpio_data *rfkill = data;
- if (!blocked && !IS_ERR(rfkill->clk) && !rfkill->clk_enabled)
- clk_enable(rfkill->clk);
+ if (!blocked && !IS_ERR(rfkill->clk) && !rfkill->clk_enabled) {
+ int ret = clk_enable(rfkill->clk);
+
+ if (ret)
+ return ret;
+ }
gpiod_set_value_cansleep(rfkill->shutdown_gpio, !blocked);
gpiod_set_value_cansleep(rfkill->reset_gpio, !blocked);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 347/817] Revert "wifi: iwlegacy: do not skip frames with bad FCS"
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (345 preceding siblings ...)
2024-12-03 14:38 ` [PATCH 6.11 346/817] net: rfkill: gpio: Add check for clk_enable() Greg Kroah-Hartman
@ 2024-12-03 14:38 ` Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 348/817] bpf: Use function pointers count as struct_ops links count Greg Kroah-Hartman
` (479 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:38 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Alf Marius, Kalle Valo, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kalle Valo <kvalo@kernel.org>
[ Upstream commit 11597043d74809daf5d14256b96d6781749b3f82 ]
This reverts commit 02b682d54598f61cbb7dbb14d98ec1801112b878.
Alf reports that this commit causes the connection to eventually die on
iwl4965. The reason is that rx_status.flag is zeroed after
RX_FLAG_FAILED_FCS_CRC is set and mac80211 doesn't know the received frame is
corrupted.
Fixes: 02b682d54598 ("wifi: iwlegacy: do not skip frames with bad FCS")
Reported-by: Alf Marius <post@alfmarius.net>
Closes: https://lore.kernel.org/r/60f752e8-787e-44a8-92ae-48bdfc9b43e7@app.fastmail.com/
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://patch.msgid.link/20241112142419.1023743-1-kvalo@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/intel/iwlegacy/3945.c | 2 +-
drivers/net/wireless/intel/iwlegacy/4965-mac.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireless/intel/iwlegacy/3945.c b/drivers/net/wireless/intel/iwlegacy/3945.c
index 1fab7849f56d1..a773939b8c2aa 100644
--- a/drivers/net/wireless/intel/iwlegacy/3945.c
+++ b/drivers/net/wireless/intel/iwlegacy/3945.c
@@ -566,7 +566,7 @@ il3945_hdl_rx(struct il_priv *il, struct il_rx_buf *rxb)
if (!(rx_end->status & RX_RES_STATUS_NO_CRC32_ERROR) ||
!(rx_end->status & RX_RES_STATUS_NO_RXE_OVERFLOW)) {
D_RX("Bad CRC or FIFO: 0x%08X.\n", rx_end->status);
- rx_status.flag |= RX_FLAG_FAILED_FCS_CRC;
+ return;
}
/* Convert 3945's rssi indicator to dBm */
diff --git a/drivers/net/wireless/intel/iwlegacy/4965-mac.c b/drivers/net/wireless/intel/iwlegacy/4965-mac.c
index 1600c344edbb2..11c15e0bc779a 100644
--- a/drivers/net/wireless/intel/iwlegacy/4965-mac.c
+++ b/drivers/net/wireless/intel/iwlegacy/4965-mac.c
@@ -664,7 +664,7 @@ il4965_hdl_rx(struct il_priv *il, struct il_rx_buf *rxb)
if (!(rx_pkt_status & RX_RES_STATUS_NO_CRC32_ERROR) ||
!(rx_pkt_status & RX_RES_STATUS_NO_RXE_OVERFLOW)) {
D_RX("Bad CRC or FIFO: 0x%08X.\n", le32_to_cpu(rx_pkt_status));
- rx_status.flag |= RX_FLAG_FAILED_FCS_CRC;
+ return;
}
/* This will be used in several places later */
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 348/817] bpf: Use function pointers count as struct_ops links count
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (346 preceding siblings ...)
2024-12-03 14:38 ` [PATCH 6.11 347/817] Revert "wifi: iwlegacy: do not skip frames with bad FCS" Greg Kroah-Hartman
@ 2024-12-03 14:38 ` Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 349/817] bpf: Add kernel symbol for struct_ops trampoline Greg Kroah-Hartman
` (478 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Martin KaFai Lau, Xu Kuohai,
Alexei Starovoitov, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Xu Kuohai <xukuohai@huawei.com>
[ Upstream commit 821a3fa32bbe3bc0fa23b3189325d3720a49a24c ]
Only function pointers in a struct_ops structure can be linked to bpf
progs, so set the links count to the function pointers count, instead
of the total members count in the structure.
Suggested-by: Martin KaFai Lau <martin.lau@linux.dev>
Signed-off-by: Xu Kuohai <xukuohai@huawei.com>
Link: https://lore.kernel.org/r/20241112145849.3436772-3-xukuohai@huaweicloud.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Stable-dep-of: 7c8ce4ffb684 ("bpf: Add kernel symbol for struct_ops trampoline")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/bpf/bpf_struct_ops.c | 35 +++++++++++++++++++++++++----------
1 file changed, 25 insertions(+), 10 deletions(-)
diff --git a/kernel/bpf/bpf_struct_ops.c b/kernel/bpf/bpf_struct_ops.c
index 0d515ec57aa55..e085f03ab0991 100644
--- a/kernel/bpf/bpf_struct_ops.c
+++ b/kernel/bpf/bpf_struct_ops.c
@@ -32,7 +32,7 @@ struct bpf_struct_ops_map {
* (in kvalue.data).
*/
struct bpf_link **links;
- u32 links_cnt;
+ u32 funcs_cnt;
u32 image_pages_cnt;
/* image_pages is an array of pages that has all the trampolines
* that stores the func args before calling the bpf_prog.
@@ -481,11 +481,11 @@ static void bpf_struct_ops_map_put_progs(struct bpf_struct_ops_map *st_map)
{
u32 i;
- for (i = 0; i < st_map->links_cnt; i++) {
- if (st_map->links[i]) {
- bpf_link_put(st_map->links[i]);
- st_map->links[i] = NULL;
- }
+ for (i = 0; i < st_map->funcs_cnt; i++) {
+ if (!st_map->links[i])
+ break;
+ bpf_link_put(st_map->links[i]);
+ st_map->links[i] = NULL;
}
}
@@ -601,6 +601,7 @@ static long bpf_struct_ops_map_update_elem(struct bpf_map *map, void *key,
int prog_fd, err;
u32 i, trampoline_start, image_off = 0;
void *cur_image = NULL, *image = NULL;
+ struct bpf_link **plink;
if (flags)
return -EINVAL;
@@ -639,6 +640,7 @@ static long bpf_struct_ops_map_update_elem(struct bpf_map *map, void *key,
udata = &uvalue->data;
kdata = &kvalue->data;
+ plink = st_map->links;
module_type = btf_type_by_id(btf_vmlinux, st_ops_ids[IDX_MODULE_ID]);
for_each_member(i, t, member) {
const struct btf_type *mtype, *ptype;
@@ -714,7 +716,7 @@ static long bpf_struct_ops_map_update_elem(struct bpf_map *map, void *key,
}
bpf_link_init(&link->link, BPF_LINK_TYPE_STRUCT_OPS,
&bpf_struct_ops_link_lops, prog);
- st_map->links[i] = &link->link;
+ *plink++ = &link->link;
trampoline_start = image_off;
err = bpf_struct_ops_prepare_trampoline(tlinks, link,
@@ -895,6 +897,19 @@ static int bpf_struct_ops_map_alloc_check(union bpf_attr *attr)
return 0;
}
+static u32 count_func_ptrs(const struct btf *btf, const struct btf_type *t)
+{
+ int i;
+ u32 count;
+ const struct btf_member *member;
+
+ count = 0;
+ for_each_member(i, t, member)
+ if (btf_type_resolve_func_ptr(btf, member->type, NULL))
+ count++;
+ return count;
+}
+
static struct bpf_map *bpf_struct_ops_map_alloc(union bpf_attr *attr)
{
const struct bpf_struct_ops_desc *st_ops_desc;
@@ -961,9 +976,9 @@ static struct bpf_map *bpf_struct_ops_map_alloc(union bpf_attr *attr)
map = &st_map->map;
st_map->uvalue = bpf_map_area_alloc(vt->size, NUMA_NO_NODE);
- st_map->links_cnt = btf_type_vlen(t);
+ st_map->funcs_cnt = count_func_ptrs(btf, t);
st_map->links =
- bpf_map_area_alloc(st_map->links_cnt * sizeof(struct bpf_links *),
+ bpf_map_area_alloc(st_map->funcs_cnt * sizeof(struct bpf_link *),
NUMA_NO_NODE);
if (!st_map->uvalue || !st_map->links) {
ret = -ENOMEM;
@@ -994,7 +1009,7 @@ static u64 bpf_struct_ops_map_mem_usage(const struct bpf_map *map)
usage = sizeof(*st_map) +
vt->size - sizeof(struct bpf_struct_ops_value);
usage += vt->size;
- usage += btf_type_vlen(vt) * sizeof(struct bpf_links *);
+ usage += st_map->funcs_cnt * sizeof(struct bpf_link *);
usage += PAGE_SIZE;
return usage;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 349/817] bpf: Add kernel symbol for struct_ops trampoline
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (347 preceding siblings ...)
2024-12-03 14:38 ` [PATCH 6.11 348/817] bpf: Use function pointers count as struct_ops links count Greg Kroah-Hartman
@ 2024-12-03 14:38 ` Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 350/817] ALSA: usx2y: Use snd_card_free_when_closed() at disconnection Greg Kroah-Hartman
` (477 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Xu Kuohai, Yonghong Song,
Alexei Starovoitov, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Xu Kuohai <xukuohai@huawei.com>
[ Upstream commit 7c8ce4ffb684676039b1ff9ff81c126794e8d88e ]
Without kernel symbols for struct_ops trampoline, the unwinder may
produce unexpected stacktraces.
For example, the x86 ORC and FP unwinders check if an IP is in kernel
text by verifying the presence of the IP's kernel symbol. When a
struct_ops trampoline address is encountered, the unwinder stops due
to the absence of symbol, resulting in an incomplete stacktrace that
consists only of direct and indirect child functions called from the
trampoline.
The arm64 unwinder is another example. While the arm64 unwinder can
proceed across a struct_ops trampoline address, the corresponding
symbol name is displayed as "unknown", which is confusing.
Thus, add kernel symbol for struct_ops trampoline. The name is
bpf__<struct_ops_name>_<member_name>, where <struct_ops_name> is the
type name of the struct_ops, and <member_name> is the name of
the member that the trampoline is linked to.
Below is a comparison of stacktraces captured on x86 by perf record,
before and after this patch.
Before:
ffffffff8116545d __lock_acquire+0xad ([kernel.kallsyms])
ffffffff81167fcc lock_acquire+0xcc ([kernel.kallsyms])
ffffffff813088f4 __bpf_prog_enter+0x34 ([kernel.kallsyms])
After:
ffffffff811656bd __lock_acquire+0x30d ([kernel.kallsyms])
ffffffff81167fcc lock_acquire+0xcc ([kernel.kallsyms])
ffffffff81309024 __bpf_prog_enter+0x34 ([kernel.kallsyms])
ffffffffc000d7e9 bpf__tcp_congestion_ops_cong_avoid+0x3e ([kernel.kallsyms])
ffffffff81f250a5 tcp_ack+0x10d5 ([kernel.kallsyms])
ffffffff81f27c66 tcp_rcv_established+0x3b6 ([kernel.kallsyms])
ffffffff81f3ad03 tcp_v4_do_rcv+0x193 ([kernel.kallsyms])
ffffffff81d65a18 __release_sock+0xd8 ([kernel.kallsyms])
ffffffff81d65af4 release_sock+0x34 ([kernel.kallsyms])
ffffffff81f15c4b tcp_sendmsg+0x3b ([kernel.kallsyms])
ffffffff81f663d7 inet_sendmsg+0x47 ([kernel.kallsyms])
ffffffff81d5ab40 sock_write_iter+0x160 ([kernel.kallsyms])
ffffffff8149c67b vfs_write+0x3fb ([kernel.kallsyms])
ffffffff8149caf6 ksys_write+0xc6 ([kernel.kallsyms])
ffffffff8149cb5d __x64_sys_write+0x1d ([kernel.kallsyms])
ffffffff81009200 x64_sys_call+0x1d30 ([kernel.kallsyms])
ffffffff82232d28 do_syscall_64+0x68 ([kernel.kallsyms])
ffffffff8240012f entry_SYSCALL_64_after_hwframe+0x76 ([kernel.kallsyms])
Fixes: 85d33df357b6 ("bpf: Introduce BPF_MAP_TYPE_STRUCT_OPS")
Signed-off-by: Xu Kuohai <xukuohai@huawei.com>
Acked-by: Yonghong Song <yonghong.song@linux.dev>
Link: https://lore.kernel.org/r/20241112145849.3436772-4-xukuohai@huaweicloud.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/bpf.h | 3 +-
kernel/bpf/bpf_struct_ops.c | 79 ++++++++++++++++++++++++++++++++++++-
kernel/bpf/dispatcher.c | 3 +-
kernel/bpf/trampoline.c | 9 ++++-
4 files changed, 89 insertions(+), 5 deletions(-)
diff --git a/include/linux/bpf.h b/include/linux/bpf.h
index 75b4117454b45..f37114ad86f93 100644
--- a/include/linux/bpf.h
+++ b/include/linux/bpf.h
@@ -1365,7 +1365,8 @@ int arch_prepare_bpf_dispatcher(void *image, void *buf, s64 *funcs, int num_func
void bpf_dispatcher_change_prog(struct bpf_dispatcher *d, struct bpf_prog *from,
struct bpf_prog *to);
/* Called only from JIT-enabled code, so there's no need for stubs. */
-void bpf_image_ksym_add(void *data, unsigned int size, struct bpf_ksym *ksym);
+void bpf_image_ksym_init(void *data, unsigned int size, struct bpf_ksym *ksym);
+void bpf_image_ksym_add(struct bpf_ksym *ksym);
void bpf_image_ksym_del(struct bpf_ksym *ksym);
void bpf_ksym_add(struct bpf_ksym *ksym);
void bpf_ksym_del(struct bpf_ksym *ksym);
diff --git a/kernel/bpf/bpf_struct_ops.c b/kernel/bpf/bpf_struct_ops.c
index e085f03ab0991..5880e94e4fc70 100644
--- a/kernel/bpf/bpf_struct_ops.c
+++ b/kernel/bpf/bpf_struct_ops.c
@@ -32,6 +32,8 @@ struct bpf_struct_ops_map {
* (in kvalue.data).
*/
struct bpf_link **links;
+ /* ksyms for bpf trampolines */
+ struct bpf_ksym **ksyms;
u32 funcs_cnt;
u32 image_pages_cnt;
/* image_pages is an array of pages that has all the trampolines
@@ -586,6 +588,49 @@ int bpf_struct_ops_prepare_trampoline(struct bpf_tramp_links *tlinks,
return 0;
}
+static void bpf_struct_ops_ksym_init(const char *tname, const char *mname,
+ void *image, unsigned int size,
+ struct bpf_ksym *ksym)
+{
+ snprintf(ksym->name, KSYM_NAME_LEN, "bpf__%s_%s", tname, mname);
+ INIT_LIST_HEAD_RCU(&ksym->lnode);
+ bpf_image_ksym_init(image, size, ksym);
+}
+
+static void bpf_struct_ops_map_add_ksyms(struct bpf_struct_ops_map *st_map)
+{
+ u32 i;
+
+ for (i = 0; i < st_map->funcs_cnt; i++) {
+ if (!st_map->ksyms[i])
+ break;
+ bpf_image_ksym_add(st_map->ksyms[i]);
+ }
+}
+
+static void bpf_struct_ops_map_del_ksyms(struct bpf_struct_ops_map *st_map)
+{
+ u32 i;
+
+ for (i = 0; i < st_map->funcs_cnt; i++) {
+ if (!st_map->ksyms[i])
+ break;
+ bpf_image_ksym_del(st_map->ksyms[i]);
+ }
+}
+
+static void bpf_struct_ops_map_free_ksyms(struct bpf_struct_ops_map *st_map)
+{
+ u32 i;
+
+ for (i = 0; i < st_map->funcs_cnt; i++) {
+ if (!st_map->ksyms[i])
+ break;
+ kfree(st_map->ksyms[i]);
+ st_map->ksyms[i] = NULL;
+ }
+}
+
static long bpf_struct_ops_map_update_elem(struct bpf_map *map, void *key,
void *value, u64 flags)
{
@@ -602,6 +647,8 @@ static long bpf_struct_ops_map_update_elem(struct bpf_map *map, void *key,
u32 i, trampoline_start, image_off = 0;
void *cur_image = NULL, *image = NULL;
struct bpf_link **plink;
+ struct bpf_ksym **pksym;
+ const char *tname, *mname;
if (flags)
return -EINVAL;
@@ -641,14 +688,18 @@ static long bpf_struct_ops_map_update_elem(struct bpf_map *map, void *key,
kdata = &kvalue->data;
plink = st_map->links;
+ pksym = st_map->ksyms;
+ tname = btf_name_by_offset(st_map->btf, t->name_off);
module_type = btf_type_by_id(btf_vmlinux, st_ops_ids[IDX_MODULE_ID]);
for_each_member(i, t, member) {
const struct btf_type *mtype, *ptype;
struct bpf_prog *prog;
struct bpf_tramp_link *link;
+ struct bpf_ksym *ksym;
u32 moff;
moff = __btf_member_bit_offset(t, member) / 8;
+ mname = btf_name_by_offset(st_map->btf, member->name_off);
ptype = btf_type_resolve_ptr(st_map->btf, member->type, NULL);
if (ptype == module_type) {
if (*(void **)(udata + moff))
@@ -718,6 +769,13 @@ static long bpf_struct_ops_map_update_elem(struct bpf_map *map, void *key,
&bpf_struct_ops_link_lops, prog);
*plink++ = &link->link;
+ ksym = kzalloc(sizeof(*ksym), GFP_USER);
+ if (!ksym) {
+ err = -ENOMEM;
+ goto reset_unlock;
+ }
+ *pksym++ = ksym;
+
trampoline_start = image_off;
err = bpf_struct_ops_prepare_trampoline(tlinks, link,
&st_ops->func_models[i],
@@ -737,6 +795,12 @@ static long bpf_struct_ops_map_update_elem(struct bpf_map *map, void *key,
/* put prog_id to udata */
*(unsigned long *)(udata + moff) = prog->aux->id;
+
+ /* init ksym for this trampoline */
+ bpf_struct_ops_ksym_init(tname, mname,
+ image + trampoline_start,
+ image_off - trampoline_start,
+ ksym);
}
if (st_ops->validate) {
@@ -785,6 +849,7 @@ static long bpf_struct_ops_map_update_elem(struct bpf_map *map, void *key,
*/
reset_unlock:
+ bpf_struct_ops_map_free_ksyms(st_map);
bpf_struct_ops_map_free_image(st_map);
bpf_struct_ops_map_put_progs(st_map);
memset(uvalue, 0, map->value_size);
@@ -792,6 +857,8 @@ static long bpf_struct_ops_map_update_elem(struct bpf_map *map, void *key,
unlock:
kfree(tlinks);
mutex_unlock(&st_map->lock);
+ if (!err)
+ bpf_struct_ops_map_add_ksyms(st_map);
return err;
}
@@ -851,7 +918,10 @@ static void __bpf_struct_ops_map_free(struct bpf_map *map)
if (st_map->links)
bpf_struct_ops_map_put_progs(st_map);
+ if (st_map->ksyms)
+ bpf_struct_ops_map_free_ksyms(st_map);
bpf_map_area_free(st_map->links);
+ bpf_map_area_free(st_map->ksyms);
bpf_struct_ops_map_free_image(st_map);
bpf_map_area_free(st_map->uvalue);
bpf_map_area_free(st_map);
@@ -868,6 +938,8 @@ static void bpf_struct_ops_map_free(struct bpf_map *map)
if (btf_is_module(st_map->btf))
module_put(st_map->st_ops_desc->st_ops->owner);
+ bpf_struct_ops_map_del_ksyms(st_map);
+
/* The struct_ops's function may switch to another struct_ops.
*
* For example, bpf_tcp_cc_x->init() may switch to
@@ -980,7 +1052,11 @@ static struct bpf_map *bpf_struct_ops_map_alloc(union bpf_attr *attr)
st_map->links =
bpf_map_area_alloc(st_map->funcs_cnt * sizeof(struct bpf_link *),
NUMA_NO_NODE);
- if (!st_map->uvalue || !st_map->links) {
+
+ st_map->ksyms =
+ bpf_map_area_alloc(st_map->funcs_cnt * sizeof(struct bpf_ksym *),
+ NUMA_NO_NODE);
+ if (!st_map->uvalue || !st_map->links || !st_map->ksyms) {
ret = -ENOMEM;
goto errout_free;
}
@@ -1010,6 +1086,7 @@ static u64 bpf_struct_ops_map_mem_usage(const struct bpf_map *map)
vt->size - sizeof(struct bpf_struct_ops_value);
usage += vt->size;
usage += st_map->funcs_cnt * sizeof(struct bpf_link *);
+ usage += st_map->funcs_cnt * sizeof(struct bpf_ksym *);
usage += PAGE_SIZE;
return usage;
}
diff --git a/kernel/bpf/dispatcher.c b/kernel/bpf/dispatcher.c
index 70fb82bf16370..b77db7413f8c7 100644
--- a/kernel/bpf/dispatcher.c
+++ b/kernel/bpf/dispatcher.c
@@ -154,7 +154,8 @@ void bpf_dispatcher_change_prog(struct bpf_dispatcher *d, struct bpf_prog *from,
d->image = NULL;
goto out;
}
- bpf_image_ksym_add(d->image, PAGE_SIZE, &d->ksym);
+ bpf_image_ksym_init(d->image, PAGE_SIZE, &d->ksym);
+ bpf_image_ksym_add(&d->ksym);
}
prev_num_progs = d->num_progs;
diff --git a/kernel/bpf/trampoline.c b/kernel/bpf/trampoline.c
index f8302a5ca400d..1166d9dd3e8b5 100644
--- a/kernel/bpf/trampoline.c
+++ b/kernel/bpf/trampoline.c
@@ -115,10 +115,14 @@ bool bpf_prog_has_trampoline(const struct bpf_prog *prog)
(ptype == BPF_PROG_TYPE_LSM && eatype == BPF_LSM_MAC);
}
-void bpf_image_ksym_add(void *data, unsigned int size, struct bpf_ksym *ksym)
+void bpf_image_ksym_init(void *data, unsigned int size, struct bpf_ksym *ksym)
{
ksym->start = (unsigned long) data;
ksym->end = ksym->start + size;
+}
+
+void bpf_image_ksym_add(struct bpf_ksym *ksym)
+{
bpf_ksym_add(ksym);
perf_event_ksymbol(PERF_RECORD_KSYMBOL_TYPE_BPF, ksym->start,
PAGE_SIZE, false, ksym->name);
@@ -377,7 +381,8 @@ static struct bpf_tramp_image *bpf_tramp_image_alloc(u64 key, int size)
ksym = &im->ksym;
INIT_LIST_HEAD_RCU(&ksym->lnode);
snprintf(ksym->name, KSYM_NAME_LEN, "bpf_trampoline_%llu", key);
- bpf_image_ksym_add(image, size, ksym);
+ bpf_image_ksym_init(image, size, ksym);
+ bpf_image_ksym_add(ksym);
return im;
out_free_image:
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 350/817] ALSA: usx2y: Use snd_card_free_when_closed() at disconnection
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (348 preceding siblings ...)
2024-12-03 14:38 ` [PATCH 6.11 349/817] bpf: Add kernel symbol for struct_ops trampoline Greg Kroah-Hartman
@ 2024-12-03 14:38 ` Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 351/817] ALSA: us122l: " Greg Kroah-Hartman
` (476 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+73582d08864d8268b6fd,
Takashi Iwai, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Takashi Iwai <tiwai@suse.de>
[ Upstream commit dafb28f02be407e07a6f679e922a626592b481b0 ]
The USB disconnect callback is supposed to be short and not too-long
waiting. OTOH, the current code uses snd_card_free() at
disconnection, but this waits for the close of all used fds, hence it
can take long. It eventually blocks the upper layer USB ioctls, which
may trigger a soft lockup.
An easy workaround is to replace snd_card_free() with
snd_card_free_when_closed(). This variant returns immediately while
the release of resources is done asynchronously by the card device
release at the last close.
Fixes: 230cd5e24853 ("[ALSA] prevent oops & dead keyboard on usb unplugging while the device is be ing used")
Reported-by: syzbot+73582d08864d8268b6fd@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=73582d08864d8268b6fd
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Link: https://patch.msgid.link/20241113111042.15058-2-tiwai@suse.de
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/usb/usx2y/usbusx2y.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sound/usb/usx2y/usbusx2y.c b/sound/usb/usx2y/usbusx2y.c
index 52f4e6652407d..4c4ce0319d624 100644
--- a/sound/usb/usx2y/usbusx2y.c
+++ b/sound/usb/usx2y/usbusx2y.c
@@ -423,7 +423,7 @@ static void snd_usx2y_disconnect(struct usb_interface *intf)
}
if (usx2y->us428ctls_sharedmem)
wake_up(&usx2y->us428ctls_wait_queue_head);
- snd_card_free(card);
+ snd_card_free_when_closed(card);
}
static int snd_usx2y_probe(struct usb_interface *intf,
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 351/817] ALSA: us122l: Use snd_card_free_when_closed() at disconnection
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (349 preceding siblings ...)
2024-12-03 14:38 ` [PATCH 6.11 350/817] ALSA: usx2y: Use snd_card_free_when_closed() at disconnection Greg Kroah-Hartman
@ 2024-12-03 14:38 ` Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 352/817] ALSA: caiaq: " Greg Kroah-Hartman
` (475 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:38 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Takashi Iwai, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Takashi Iwai <tiwai@suse.de>
[ Upstream commit b7df09bb348016943f56b09dcaafe221e3f73947 ]
The USB disconnect callback is supposed to be short and not too-long
waiting. OTOH, the current code uses snd_card_free() at
disconnection, but this waits for the close of all used fds, hence it
can take long. It eventually blocks the upper layer USB ioctls, which
may trigger a soft lockup.
An easy workaround is to replace snd_card_free() with
snd_card_free_when_closed(). This variant returns immediately while
the release of resources is done asynchronously by the card device
release at the last close.
The loop of us122l->mmap_count check is dropped as well. The check is
useless for the asynchronous operation with *_when_closed().
Fixes: 030a07e44129 ("ALSA: Add USB US122L driver")
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Link: https://patch.msgid.link/20241113111042.15058-3-tiwai@suse.de
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/usb/usx2y/us122l.c | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/sound/usb/usx2y/us122l.c b/sound/usb/usx2y/us122l.c
index 709ccad972e2f..612047ca5fe7a 100644
--- a/sound/usb/usx2y/us122l.c
+++ b/sound/usb/usx2y/us122l.c
@@ -617,10 +617,7 @@ static void snd_us122l_disconnect(struct usb_interface *intf)
usb_put_intf(usb_ifnum_to_if(us122l->dev, 1));
usb_put_dev(us122l->dev);
- while (atomic_read(&us122l->mmap_count))
- msleep(500);
-
- snd_card_free(card);
+ snd_card_free_when_closed(card);
}
static int snd_us122l_suspend(struct usb_interface *intf, pm_message_t message)
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 352/817] ALSA: caiaq: Use snd_card_free_when_closed() at disconnection
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (350 preceding siblings ...)
2024-12-03 14:38 ` [PATCH 6.11 351/817] ALSA: us122l: " Greg Kroah-Hartman
@ 2024-12-03 14:38 ` Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 353/817] ALSA: 6fire: Release resources at card release Greg Kroah-Hartman
` (474 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:38 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Takashi Iwai, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Takashi Iwai <tiwai@suse.de>
[ Upstream commit b04dcbb7f7b1908806b7dc22671cdbe78ff2b82c ]
The USB disconnect callback is supposed to be short and not too-long
waiting. OTOH, the current code uses snd_card_free() at
disconnection, but this waits for the close of all used fds, hence it
can take long. It eventually blocks the upper layer USB ioctls, which
may trigger a soft lockup.
An easy workaround is to replace snd_card_free() with
snd_card_free_when_closed(). This variant returns immediately while
the release of resources is done asynchronously by the card device
release at the last close.
This patch also splits the code to the disconnect and the free phases;
the former is called immediately at the USB disconnect callback while
the latter is called from the card destructor.
Fixes: 523f1dce3743 ("[ALSA] Add Native Instrument usb audio device support")
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Link: https://patch.msgid.link/20241113111042.15058-5-tiwai@suse.de
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/usb/caiaq/audio.c | 10 ++++++++--
sound/usb/caiaq/audio.h | 1 +
sound/usb/caiaq/device.c | 19 +++++++++++++++----
sound/usb/caiaq/input.c | 12 +++++++++---
sound/usb/caiaq/input.h | 1 +
5 files changed, 34 insertions(+), 9 deletions(-)
diff --git a/sound/usb/caiaq/audio.c b/sound/usb/caiaq/audio.c
index 4981753652a7f..7a89872aa0cbd 100644
--- a/sound/usb/caiaq/audio.c
+++ b/sound/usb/caiaq/audio.c
@@ -869,14 +869,20 @@ int snd_usb_caiaq_audio_init(struct snd_usb_caiaqdev *cdev)
return 0;
}
-void snd_usb_caiaq_audio_free(struct snd_usb_caiaqdev *cdev)
+void snd_usb_caiaq_audio_disconnect(struct snd_usb_caiaqdev *cdev)
{
struct device *dev = caiaqdev_to_dev(cdev);
dev_dbg(dev, "%s(%p)\n", __func__, cdev);
stream_stop(cdev);
+}
+
+void snd_usb_caiaq_audio_free(struct snd_usb_caiaqdev *cdev)
+{
+ struct device *dev = caiaqdev_to_dev(cdev);
+
+ dev_dbg(dev, "%s(%p)\n", __func__, cdev);
free_urbs(cdev->data_urbs_in);
free_urbs(cdev->data_urbs_out);
kfree(cdev->data_cb_info);
}
-
diff --git a/sound/usb/caiaq/audio.h b/sound/usb/caiaq/audio.h
index 869bf6264d6a0..07f5d064456cf 100644
--- a/sound/usb/caiaq/audio.h
+++ b/sound/usb/caiaq/audio.h
@@ -3,6 +3,7 @@
#define CAIAQ_AUDIO_H
int snd_usb_caiaq_audio_init(struct snd_usb_caiaqdev *cdev);
+void snd_usb_caiaq_audio_disconnect(struct snd_usb_caiaqdev *cdev);
void snd_usb_caiaq_audio_free(struct snd_usb_caiaqdev *cdev);
#endif /* CAIAQ_AUDIO_H */
diff --git a/sound/usb/caiaq/device.c b/sound/usb/caiaq/device.c
index b5cbf1f195c48..dfd820483849e 100644
--- a/sound/usb/caiaq/device.c
+++ b/sound/usb/caiaq/device.c
@@ -376,6 +376,17 @@ static void setup_card(struct snd_usb_caiaqdev *cdev)
dev_err(dev, "Unable to set up control system (ret=%d)\n", ret);
}
+static void card_free(struct snd_card *card)
+{
+ struct snd_usb_caiaqdev *cdev = caiaqdev(card);
+
+#ifdef CONFIG_SND_USB_CAIAQ_INPUT
+ snd_usb_caiaq_input_free(cdev);
+#endif
+ snd_usb_caiaq_audio_free(cdev);
+ usb_reset_device(cdev->chip.dev);
+}
+
static int create_card(struct usb_device *usb_dev,
struct usb_interface *intf,
struct snd_card **cardp)
@@ -489,6 +500,7 @@ static int init_card(struct snd_usb_caiaqdev *cdev)
cdev->vendor_name, cdev->product_name, usbpath);
setup_card(cdev);
+ card->private_free = card_free;
return 0;
err_kill_urb:
@@ -534,15 +546,14 @@ static void snd_disconnect(struct usb_interface *intf)
snd_card_disconnect(card);
#ifdef CONFIG_SND_USB_CAIAQ_INPUT
- snd_usb_caiaq_input_free(cdev);
+ snd_usb_caiaq_input_disconnect(cdev);
#endif
- snd_usb_caiaq_audio_free(cdev);
+ snd_usb_caiaq_audio_disconnect(cdev);
usb_kill_urb(&cdev->ep1_in_urb);
usb_kill_urb(&cdev->midi_out_urb);
- snd_card_free(card);
- usb_reset_device(interface_to_usbdev(intf));
+ snd_card_free_when_closed(card);
}
diff --git a/sound/usb/caiaq/input.c b/sound/usb/caiaq/input.c
index 84f26dce7f5d0..a9130891bb696 100644
--- a/sound/usb/caiaq/input.c
+++ b/sound/usb/caiaq/input.c
@@ -829,15 +829,21 @@ int snd_usb_caiaq_input_init(struct snd_usb_caiaqdev *cdev)
return ret;
}
-void snd_usb_caiaq_input_free(struct snd_usb_caiaqdev *cdev)
+void snd_usb_caiaq_input_disconnect(struct snd_usb_caiaqdev *cdev)
{
if (!cdev || !cdev->input_dev)
return;
usb_kill_urb(cdev->ep4_in_urb);
+ input_unregister_device(cdev->input_dev);
+}
+
+void snd_usb_caiaq_input_free(struct snd_usb_caiaqdev *cdev)
+{
+ if (!cdev || !cdev->input_dev)
+ return;
+
usb_free_urb(cdev->ep4_in_urb);
cdev->ep4_in_urb = NULL;
-
- input_unregister_device(cdev->input_dev);
cdev->input_dev = NULL;
}
diff --git a/sound/usb/caiaq/input.h b/sound/usb/caiaq/input.h
index c42891e7be884..fbe267f85d025 100644
--- a/sound/usb/caiaq/input.h
+++ b/sound/usb/caiaq/input.h
@@ -4,6 +4,7 @@
void snd_usb_caiaq_input_dispatch(struct snd_usb_caiaqdev *cdev, char *buf, unsigned int len);
int snd_usb_caiaq_input_init(struct snd_usb_caiaqdev *cdev);
+void snd_usb_caiaq_input_disconnect(struct snd_usb_caiaqdev *cdev);
void snd_usb_caiaq_input_free(struct snd_usb_caiaqdev *cdev);
#endif
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 353/817] ALSA: 6fire: Release resources at card release
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (351 preceding siblings ...)
2024-12-03 14:38 ` [PATCH 6.11 352/817] ALSA: caiaq: " Greg Kroah-Hartman
@ 2024-12-03 14:38 ` Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 354/817] i2c: dev: Fix memory leak when underlying adapter does not support I2C Greg Kroah-Hartman
` (473 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:38 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Takashi Iwai, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Takashi Iwai <tiwai@suse.de>
[ Upstream commit a0810c3d6dd2d29a9b92604d682eacd2902ce947 ]
The current 6fire code tries to release the resources right after the
call of usb6fire_chip_abort(). But at this moment, the card object
might be still in use (as we're calling snd_card_free_when_closed()).
For avoid potential UAFs, move the release of resources to the card's
private_free instead of the manual call of usb6fire_chip_destroy() at
the USB disconnect callback.
Fixes: c6d43ba816d1 ("ALSA: usb/6fire - Driver for TerraTec DMX 6Fire USB")
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Link: https://patch.msgid.link/20241113111042.15058-6-tiwai@suse.de
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/usb/6fire/chip.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/sound/usb/6fire/chip.c b/sound/usb/6fire/chip.c
index 33e962178c936..d562a30b087f0 100644
--- a/sound/usb/6fire/chip.c
+++ b/sound/usb/6fire/chip.c
@@ -61,8 +61,10 @@ static void usb6fire_chip_abort(struct sfire_chip *chip)
}
}
-static void usb6fire_chip_destroy(struct sfire_chip *chip)
+static void usb6fire_card_free(struct snd_card *card)
{
+ struct sfire_chip *chip = card->private_data;
+
if (chip) {
if (chip->pcm)
usb6fire_pcm_destroy(chip);
@@ -72,8 +74,6 @@ static void usb6fire_chip_destroy(struct sfire_chip *chip)
usb6fire_comm_destroy(chip);
if (chip->control)
usb6fire_control_destroy(chip);
- if (chip->card)
- snd_card_free(chip->card);
}
}
@@ -136,6 +136,7 @@ static int usb6fire_chip_probe(struct usb_interface *intf,
chip->regidx = regidx;
chip->intf_count = 1;
chip->card = card;
+ card->private_free = usb6fire_card_free;
ret = usb6fire_comm_init(chip);
if (ret < 0)
@@ -162,7 +163,7 @@ static int usb6fire_chip_probe(struct usb_interface *intf,
return 0;
destroy_chip:
- usb6fire_chip_destroy(chip);
+ snd_card_free(card);
return ret;
}
@@ -181,7 +182,6 @@ static void usb6fire_chip_disconnect(struct usb_interface *intf)
chip->shutdown = true;
usb6fire_chip_abort(chip);
- usb6fire_chip_destroy(chip);
}
}
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 354/817] i2c: dev: Fix memory leak when underlying adapter does not support I2C
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (352 preceding siblings ...)
2024-12-03 14:38 ` [PATCH 6.11 353/817] ALSA: 6fire: Release resources at card release Greg Kroah-Hartman
@ 2024-12-03 14:38 ` Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 355/817] selftests: netfilter: Fix missing return values in conntrack_dump_flush Greg Kroah-Hartman
` (472 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:38 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Igor Pylypiv, Wolfram Sang,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Igor Pylypiv <ipylypiv@google.com>
[ Upstream commit 48730a9d04ffccda541602d722d1ff81920a85d8 ]
Early return in i2cdev_ioctl_rdwr() failed to free the memory allocated
by the caller. Move freeing the memory to the function where it has been
allocated to prevent similar leaks in the future.
Fixes: 97ca843f6ad3 ("i2c: dev: Check for I2C_FUNC_I2C before calling i2c_transfer")
Signed-off-by: Igor Pylypiv <ipylypiv@google.com>
[wsa: replaced '== NULL' with '!']
Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/i2c/i2c-dev.c | 17 +++++++++--------
1 file changed, 9 insertions(+), 8 deletions(-)
diff --git a/drivers/i2c/i2c-dev.c b/drivers/i2c/i2c-dev.c
index f4fb212b7f392..db5f1498e8690 100644
--- a/drivers/i2c/i2c-dev.c
+++ b/drivers/i2c/i2c-dev.c
@@ -251,10 +251,8 @@ static noinline int i2cdev_ioctl_rdwr(struct i2c_client *client,
return -EOPNOTSUPP;
data_ptrs = kmalloc_array(nmsgs, sizeof(u8 __user *), GFP_KERNEL);
- if (data_ptrs == NULL) {
- kfree(msgs);
+ if (!data_ptrs)
return -ENOMEM;
- }
res = 0;
for (i = 0; i < nmsgs; i++) {
@@ -302,7 +300,6 @@ static noinline int i2cdev_ioctl_rdwr(struct i2c_client *client,
for (j = 0; j < i; ++j)
kfree(msgs[j].buf);
kfree(data_ptrs);
- kfree(msgs);
return res;
}
@@ -316,7 +313,6 @@ static noinline int i2cdev_ioctl_rdwr(struct i2c_client *client,
kfree(msgs[i].buf);
}
kfree(data_ptrs);
- kfree(msgs);
return res;
}
@@ -446,6 +442,7 @@ static long i2cdev_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
case I2C_RDWR: {
struct i2c_rdwr_ioctl_data rdwr_arg;
struct i2c_msg *rdwr_pa;
+ int res;
if (copy_from_user(&rdwr_arg,
(struct i2c_rdwr_ioctl_data __user *)arg,
@@ -467,7 +464,9 @@ static long i2cdev_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
if (IS_ERR(rdwr_pa))
return PTR_ERR(rdwr_pa);
- return i2cdev_ioctl_rdwr(client, rdwr_arg.nmsgs, rdwr_pa);
+ res = i2cdev_ioctl_rdwr(client, rdwr_arg.nmsgs, rdwr_pa);
+ kfree(rdwr_pa);
+ return res;
}
case I2C_SMBUS: {
@@ -540,7 +539,7 @@ static long compat_i2cdev_ioctl(struct file *file, unsigned int cmd, unsigned lo
struct i2c_rdwr_ioctl_data32 rdwr_arg;
struct i2c_msg32 __user *p;
struct i2c_msg *rdwr_pa;
- int i;
+ int i, res;
if (copy_from_user(&rdwr_arg,
(struct i2c_rdwr_ioctl_data32 __user *)arg,
@@ -573,7 +572,9 @@ static long compat_i2cdev_ioctl(struct file *file, unsigned int cmd, unsigned lo
};
}
- return i2cdev_ioctl_rdwr(client, rdwr_arg.nmsgs, rdwr_pa);
+ res = i2cdev_ioctl_rdwr(client, rdwr_arg.nmsgs, rdwr_pa);
+ kfree(rdwr_pa);
+ return res;
}
case I2C_SMBUS: {
struct i2c_smbus_ioctl_data32 data32;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 355/817] selftests: netfilter: Fix missing return values in conntrack_dump_flush
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (353 preceding siblings ...)
2024-12-03 14:38 ` [PATCH 6.11 354/817] i2c: dev: Fix memory leak when underlying adapter does not support I2C Greg Kroah-Hartman
@ 2024-12-03 14:38 ` Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 356/817] Bluetooth: btintel_pcie: Add handshake between driver and firmware Greg Kroah-Hartman
` (471 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Guan Jing, Pablo Neira Ayuso,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: guanjing <guanjing@cmss.chinamobile.com>
[ Upstream commit 041bd1e4f2d82859690cd8b41c35f0f9404c3770 ]
Fix the bug of some functions were missing return values.
Fixes: eff3c558bb7e ("netfilter: ctnetlink: support filtering by zone")
Signed-off-by: Guan Jing <guanjing@cmss.chinamobile.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../testing/selftests/net/netfilter/conntrack_dump_flush.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/tools/testing/selftests/net/netfilter/conntrack_dump_flush.c b/tools/testing/selftests/net/netfilter/conntrack_dump_flush.c
index dc056fec993bd..7e8ffe6b95a45 100644
--- a/tools/testing/selftests/net/netfilter/conntrack_dump_flush.c
+++ b/tools/testing/selftests/net/netfilter/conntrack_dump_flush.c
@@ -43,6 +43,8 @@ static int build_cta_tuple_v4(struct nlmsghdr *nlh, int type,
mnl_attr_nest_end(nlh, nest_proto);
mnl_attr_nest_end(nlh, nest);
+
+ return 0;
}
static int build_cta_tuple_v6(struct nlmsghdr *nlh, int type,
@@ -71,6 +73,8 @@ static int build_cta_tuple_v6(struct nlmsghdr *nlh, int type,
mnl_attr_nest_end(nlh, nest_proto);
mnl_attr_nest_end(nlh, nest);
+
+ return 0;
}
static int build_cta_proto(struct nlmsghdr *nlh)
@@ -90,6 +94,8 @@ static int build_cta_proto(struct nlmsghdr *nlh)
mnl_attr_nest_end(nlh, nest_proto);
mnl_attr_nest_end(nlh, nest);
+
+ return 0;
}
static int conntrack_data_insert(struct mnl_socket *sock, struct nlmsghdr *nlh,
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 356/817] Bluetooth: btintel_pcie: Add handshake between driver and firmware
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (354 preceding siblings ...)
2024-12-03 14:38 ` [PATCH 6.11 355/817] selftests: netfilter: Fix missing return values in conntrack_dump_flush Greg Kroah-Hartman
@ 2024-12-03 14:38 ` Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 357/817] Bluetooth: btintel: Do no pass vendor events to stack Greg Kroah-Hartman
` (470 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Devegowda Chandrashekar, Kiran K,
Luiz Augusto von Dentz, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kiran K <kiran.k@intel.com>
[ Upstream commit 05c200c8f0295c9c91beeb3ee0552331c1f8adbe ]
The following handshake mechanism needs be followed after firmware
download is completed to bring the firmware to running state.
After firmware fragments of Operational image are downloaded and
secure sends result of the image succeeds,
1. Driver sends HCI Intel reset with boot option #1 to switch FW image.
2. FW sends Alive GP[0] MSIx
3. Driver enables data path (doorbell 0x460 for RBDs, etc...)
4. Driver gets Bootup event from firmware
5. Driver performs D0 entry to device (WRITE to IPC_Sleep_Control =0x0)
6. FW sends Alive GP[0] MSIx
7. Device host interface is fully set for BT protocol stack operation.
8. Driver may optionally get debug event with ID 0x97 which can be dropped
For Intermediate loadger image, all the above steps are applicable
expcept #5 and #6.
On HCI_OP_RESET, firmware raises alive interrupt. Driver needs to wait
for it before passing control over to bluetooth stack.
Co-developed-by: Devegowda Chandrashekar <chandrashekar.devegowda@intel.com>
Signed-off-by: Devegowda Chandrashekar <chandrashekar.devegowda@intel.com>
Signed-off-by: Kiran K <kiran.k@intel.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Stable-dep-of: 510e8380b038 ("Bluetooth: btintel: Do no pass vendor events to stack")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/bluetooth/btintel.c | 56 ++++++-
drivers/bluetooth/btintel.h | 7 +
drivers/bluetooth/btintel_pcie.c | 262 ++++++++++++++++++++++++++++++-
drivers/bluetooth/btintel_pcie.h | 16 +-
4 files changed, 329 insertions(+), 12 deletions(-)
diff --git a/drivers/bluetooth/btintel.c b/drivers/bluetooth/btintel.c
index 24d2f4f37d0fd..69e4650796f05 100644
--- a/drivers/bluetooth/btintel.c
+++ b/drivers/bluetooth/btintel.c
@@ -1841,6 +1841,37 @@ static int btintel_boot_wait(struct hci_dev *hdev, ktime_t calltime, int msec)
return 0;
}
+static int btintel_boot_wait_d0(struct hci_dev *hdev, ktime_t calltime,
+ int msec)
+{
+ ktime_t delta, rettime;
+ unsigned long long duration;
+ int err;
+
+ bt_dev_info(hdev, "Waiting for device transition to d0");
+
+ err = btintel_wait_on_flag_timeout(hdev, INTEL_WAIT_FOR_D0,
+ TASK_INTERRUPTIBLE,
+ msecs_to_jiffies(msec));
+ if (err == -EINTR) {
+ bt_dev_err(hdev, "Device d0 move interrupted");
+ return -EINTR;
+ }
+
+ if (err) {
+ bt_dev_err(hdev, "Device d0 move timeout");
+ return -ETIMEDOUT;
+ }
+
+ rettime = ktime_get();
+ delta = ktime_sub(rettime, calltime);
+ duration = (unsigned long long)ktime_to_ns(delta) >> 10;
+
+ bt_dev_info(hdev, "Device moved to D0 in %llu usecs", duration);
+
+ return 0;
+}
+
static int btintel_boot(struct hci_dev *hdev, u32 boot_addr)
{
ktime_t calltime;
@@ -1849,6 +1880,7 @@ static int btintel_boot(struct hci_dev *hdev, u32 boot_addr)
calltime = ktime_get();
btintel_set_flag(hdev, INTEL_BOOTING);
+ btintel_set_flag(hdev, INTEL_WAIT_FOR_D0);
err = btintel_send_intel_reset(hdev, boot_addr);
if (err) {
@@ -1861,13 +1893,28 @@ static int btintel_boot(struct hci_dev *hdev, u32 boot_addr)
* is done by the operational firmware sending bootup notification.
*
* Booting into operational firmware should not take longer than
- * 1 second. However if that happens, then just fail the setup
+ * 5 second. However if that happens, then just fail the setup
* since something went wrong.
*/
- err = btintel_boot_wait(hdev, calltime, 1000);
- if (err == -ETIMEDOUT)
+ err = btintel_boot_wait(hdev, calltime, 5000);
+ if (err == -ETIMEDOUT) {
btintel_reset_to_bootloader(hdev);
+ goto exit_error;
+ }
+ if (hdev->bus == HCI_PCI) {
+ /* In case of PCIe, after receiving bootup event, driver performs
+ * D0 entry by writing 0 to sleep control register (check
+ * btintel_pcie_recv_event())
+ * Firmware acks with alive interrupt indicating host is full ready to
+ * perform BT operation. Lets wait here till INTEL_WAIT_FOR_D0
+ * bit is cleared.
+ */
+ calltime = ktime_get();
+ err = btintel_boot_wait_d0(hdev, calltime, 2000);
+ }
+
+exit_error:
return err;
}
@@ -3273,7 +3320,7 @@ int btintel_configure_setup(struct hci_dev *hdev, const char *driver_name)
}
EXPORT_SYMBOL_GPL(btintel_configure_setup);
-static int btintel_diagnostics(struct hci_dev *hdev, struct sk_buff *skb)
+int btintel_diagnostics(struct hci_dev *hdev, struct sk_buff *skb)
{
struct intel_tlv *tlv = (void *)&skb->data[5];
@@ -3301,6 +3348,7 @@ static int btintel_diagnostics(struct hci_dev *hdev, struct sk_buff *skb)
recv_frame:
return hci_recv_frame(hdev, skb);
}
+EXPORT_SYMBOL_GPL(btintel_diagnostics);
int btintel_recv_event(struct hci_dev *hdev, struct sk_buff *skb)
{
diff --git a/drivers/bluetooth/btintel.h b/drivers/bluetooth/btintel.h
index aa70e4c274165..b448c67e8ed94 100644
--- a/drivers/bluetooth/btintel.h
+++ b/drivers/bluetooth/btintel.h
@@ -178,6 +178,7 @@ enum {
INTEL_ROM_LEGACY,
INTEL_ROM_LEGACY_NO_WBS_SUPPORT,
INTEL_ACPI_RESET_ACTIVE,
+ INTEL_WAIT_FOR_D0,
__INTEL_NUM_FLAGS,
};
@@ -249,6 +250,7 @@ int btintel_bootloader_setup_tlv(struct hci_dev *hdev,
int btintel_shutdown_combined(struct hci_dev *hdev);
void btintel_hw_error(struct hci_dev *hdev, u8 code);
void btintel_print_fseq_info(struct hci_dev *hdev);
+int btintel_diagnostics(struct hci_dev *hdev, struct sk_buff *skb);
#else
static inline int btintel_check_bdaddr(struct hci_dev *hdev)
@@ -382,4 +384,9 @@ static inline void btintel_hw_error(struct hci_dev *hdev, u8 code)
static inline void btintel_print_fseq_info(struct hci_dev *hdev)
{
}
+
+static inline int btintel_diagnostics(struct hci_dev *hdev, struct sk_buff *skb)
+{
+ return -EOPNOTSUPP;
+}
#endif
diff --git a/drivers/bluetooth/btintel_pcie.c b/drivers/bluetooth/btintel_pcie.c
index 5a95eb267676e..aab68e3164d36 100644
--- a/drivers/bluetooth/btintel_pcie.c
+++ b/drivers/bluetooth/btintel_pcie.c
@@ -47,6 +47,17 @@ MODULE_DEVICE_TABLE(pci, btintel_pcie_table);
#define BTINTEL_PCIE_HCI_SCO_PKT 0x00000003
#define BTINTEL_PCIE_HCI_EVT_PKT 0x00000004
+/* Alive interrupt context */
+enum {
+ BTINTEL_PCIE_ROM,
+ BTINTEL_PCIE_FW_DL,
+ BTINTEL_PCIE_HCI_RESET,
+ BTINTEL_PCIE_INTEL_HCI_RESET1,
+ BTINTEL_PCIE_INTEL_HCI_RESET2,
+ BTINTEL_PCIE_D0,
+ BTINTEL_PCIE_D3
+};
+
static inline void ipc_print_ia_ring(struct hci_dev *hdev, struct ia *ia,
u16 queue_num)
{
@@ -289,8 +300,9 @@ static int btintel_pcie_enable_bt(struct btintel_pcie_data *data)
/* wait for interrupt from the device after booting up to primary
* bootloader.
*/
+ data->alive_intr_ctxt = BTINTEL_PCIE_ROM;
err = wait_event_timeout(data->gp0_wait_q, data->gp0_received,
- msecs_to_jiffies(BTINTEL_DEFAULT_INTR_TIMEOUT));
+ msecs_to_jiffies(BTINTEL_DEFAULT_INTR_TIMEOUT_MS));
if (!err)
return -ETIME;
@@ -301,12 +313,78 @@ static int btintel_pcie_enable_bt(struct btintel_pcie_data *data)
return 0;
}
+/* BIT(0) - ROM, BIT(1) - IML and BIT(3) - OP
+ * Sometimes during firmware image switching from ROM to IML or IML to OP image,
+ * the previous image bit is not cleared by firmware when alive interrupt is
+ * received. Driver needs to take care of these sticky bits when deciding the
+ * current image running on controller.
+ * Ex: 0x10 and 0x11 - both represents that controller is running IML
+ */
+static inline bool btintel_pcie_in_rom(struct btintel_pcie_data *data)
+{
+ return data->boot_stage_cache & BTINTEL_PCIE_CSR_BOOT_STAGE_ROM &&
+ !(data->boot_stage_cache & BTINTEL_PCIE_CSR_BOOT_STAGE_IML) &&
+ !(data->boot_stage_cache & BTINTEL_PCIE_CSR_BOOT_STAGE_OPFW);
+}
+
+static inline bool btintel_pcie_in_op(struct btintel_pcie_data *data)
+{
+ return data->boot_stage_cache & BTINTEL_PCIE_CSR_BOOT_STAGE_OPFW;
+}
+
+static inline bool btintel_pcie_in_iml(struct btintel_pcie_data *data)
+{
+ return data->boot_stage_cache & BTINTEL_PCIE_CSR_BOOT_STAGE_IML &&
+ !(data->boot_stage_cache & BTINTEL_PCIE_CSR_BOOT_STAGE_OPFW);
+}
+
+static inline bool btintel_pcie_in_d3(struct btintel_pcie_data *data)
+{
+ return data->boot_stage_cache & BTINTEL_PCIE_CSR_BOOT_STAGE_D3_STATE_READY;
+}
+
+static inline bool btintel_pcie_in_d0(struct btintel_pcie_data *data)
+{
+ return !(data->boot_stage_cache & BTINTEL_PCIE_CSR_BOOT_STAGE_D3_STATE_READY);
+}
+
+static void btintel_pcie_wr_sleep_cntrl(struct btintel_pcie_data *data,
+ u32 dxstate)
+{
+ bt_dev_dbg(data->hdev, "writing sleep_ctl_reg: 0x%8.8x", dxstate);
+ btintel_pcie_wr_reg32(data, BTINTEL_PCIE_CSR_IPC_SLEEP_CTL_REG, dxstate);
+}
+
+static inline char *btintel_pcie_alivectxt_state2str(u32 alive_intr_ctxt)
+{
+ switch (alive_intr_ctxt) {
+ case BTINTEL_PCIE_ROM:
+ return "rom";
+ case BTINTEL_PCIE_FW_DL:
+ return "fw_dl";
+ case BTINTEL_PCIE_D0:
+ return "d0";
+ case BTINTEL_PCIE_D3:
+ return "d3";
+ case BTINTEL_PCIE_HCI_RESET:
+ return "hci_reset";
+ case BTINTEL_PCIE_INTEL_HCI_RESET1:
+ return "intel_reset1";
+ case BTINTEL_PCIE_INTEL_HCI_RESET2:
+ return "intel_reset2";
+ default:
+ return "unknown";
+ }
+ return "null";
+}
+
/* This function handles the MSI-X interrupt for gp0 cause (bit 0 in
* BTINTEL_PCIE_CSR_MSIX_HW_INT_CAUSES) which is sent for boot stage and image response.
*/
static void btintel_pcie_msix_gp0_handler(struct btintel_pcie_data *data)
{
- u32 reg;
+ bool submit_rx, signal_waitq;
+ u32 reg, old_ctxt;
/* This interrupt is for three different causes and it is not easy to
* know what causes the interrupt. So, it compares each register value
@@ -316,20 +394,87 @@ static void btintel_pcie_msix_gp0_handler(struct btintel_pcie_data *data)
if (reg != data->boot_stage_cache)
data->boot_stage_cache = reg;
+ bt_dev_dbg(data->hdev, "Alive context: %s old_boot_stage: 0x%8.8x new_boot_stage: 0x%8.8x",
+ btintel_pcie_alivectxt_state2str(data->alive_intr_ctxt),
+ data->boot_stage_cache, reg);
reg = btintel_pcie_rd_reg32(data, BTINTEL_PCIE_CSR_IMG_RESPONSE_REG);
if (reg != data->img_resp_cache)
data->img_resp_cache = reg;
data->gp0_received = true;
- /* If the boot stage is OP or IML, reset IA and start RX again */
- if (data->boot_stage_cache & BTINTEL_PCIE_CSR_BOOT_STAGE_OPFW ||
- data->boot_stage_cache & BTINTEL_PCIE_CSR_BOOT_STAGE_IML) {
+ old_ctxt = data->alive_intr_ctxt;
+ submit_rx = false;
+ signal_waitq = false;
+
+ switch (data->alive_intr_ctxt) {
+ case BTINTEL_PCIE_ROM:
+ data->alive_intr_ctxt = BTINTEL_PCIE_FW_DL;
+ signal_waitq = true;
+ break;
+ case BTINTEL_PCIE_FW_DL:
+ /* Error case is already handled. Ideally control shall not
+ * reach here
+ */
+ break;
+ case BTINTEL_PCIE_INTEL_HCI_RESET1:
+ if (btintel_pcie_in_op(data)) {
+ submit_rx = true;
+ break;
+ }
+
+ if (btintel_pcie_in_iml(data)) {
+ submit_rx = true;
+ data->alive_intr_ctxt = BTINTEL_PCIE_FW_DL;
+ break;
+ }
+ break;
+ case BTINTEL_PCIE_INTEL_HCI_RESET2:
+ if (btintel_test_and_clear_flag(data->hdev, INTEL_WAIT_FOR_D0)) {
+ btintel_wake_up_flag(data->hdev, INTEL_WAIT_FOR_D0);
+ data->alive_intr_ctxt = BTINTEL_PCIE_D0;
+ }
+ break;
+ case BTINTEL_PCIE_D0:
+ if (btintel_pcie_in_d3(data)) {
+ data->alive_intr_ctxt = BTINTEL_PCIE_D3;
+ signal_waitq = true;
+ break;
+ }
+ break;
+ case BTINTEL_PCIE_D3:
+ if (btintel_pcie_in_d0(data)) {
+ data->alive_intr_ctxt = BTINTEL_PCIE_D0;
+ submit_rx = true;
+ signal_waitq = true;
+ break;
+ }
+ break;
+ case BTINTEL_PCIE_HCI_RESET:
+ data->alive_intr_ctxt = BTINTEL_PCIE_D0;
+ submit_rx = true;
+ signal_waitq = true;
+ break;
+ default:
+ bt_dev_err(data->hdev, "Unknown state: 0x%2.2x",
+ data->alive_intr_ctxt);
+ break;
+ }
+
+ if (submit_rx) {
btintel_pcie_reset_ia(data);
btintel_pcie_start_rx(data);
}
- wake_up(&data->gp0_wait_q);
+ if (signal_waitq) {
+ bt_dev_dbg(data->hdev, "wake up gp0 wait_q");
+ wake_up(&data->gp0_wait_q);
+ }
+
+ if (old_ctxt != data->alive_intr_ctxt)
+ bt_dev_dbg(data->hdev, "alive context changed: %s -> %s",
+ btintel_pcie_alivectxt_state2str(old_ctxt),
+ btintel_pcie_alivectxt_state2str(data->alive_intr_ctxt));
}
/* This function handles the MSX-X interrupt for rx queue 0 which is for TX
@@ -363,6 +508,80 @@ static void btintel_pcie_msix_tx_handle(struct btintel_pcie_data *data)
}
}
+static int btintel_pcie_recv_event(struct hci_dev *hdev, struct sk_buff *skb)
+{
+ struct hci_event_hdr *hdr = (void *)skb->data;
+ const char diagnostics_hdr[] = { 0x87, 0x80, 0x03 };
+ struct btintel_pcie_data *data = hci_get_drvdata(hdev);
+
+ if (skb->len > HCI_EVENT_HDR_SIZE && hdr->evt == 0xff &&
+ hdr->plen > 0) {
+ const void *ptr = skb->data + HCI_EVENT_HDR_SIZE + 1;
+ unsigned int len = skb->len - HCI_EVENT_HDR_SIZE - 1;
+
+ if (btintel_test_flag(hdev, INTEL_BOOTLOADER)) {
+ switch (skb->data[2]) {
+ case 0x02:
+ /* When switching to the operational firmware
+ * the device sends a vendor specific event
+ * indicating that the bootup completed.
+ */
+ btintel_bootup(hdev, ptr, len);
+
+ /* If bootup event is from operational image,
+ * driver needs to write sleep control register to
+ * move into D0 state
+ */
+ if (btintel_pcie_in_op(data)) {
+ btintel_pcie_wr_sleep_cntrl(data, BTINTEL_PCIE_STATE_D0);
+ data->alive_intr_ctxt = BTINTEL_PCIE_INTEL_HCI_RESET2;
+ break;
+ }
+
+ if (btintel_pcie_in_iml(data)) {
+ /* In case of IML, there is no concept
+ * of D0 transition. Just mimic as if
+ * IML moved to D0 by clearing INTEL_WAIT_FOR_D0
+ * bit and waking up the task waiting on
+ * INTEL_WAIT_FOR_D0. This is required
+ * as intel_boot() is common function for
+ * both IML and OP image loading.
+ */
+ if (btintel_test_and_clear_flag(data->hdev,
+ INTEL_WAIT_FOR_D0))
+ btintel_wake_up_flag(data->hdev,
+ INTEL_WAIT_FOR_D0);
+ }
+ break;
+ case 0x06:
+ /* When the firmware loading completes the
+ * device sends out a vendor specific event
+ * indicating the result of the firmware
+ * loading.
+ */
+ btintel_secure_send_result(hdev, ptr, len);
+ break;
+ }
+ }
+
+ /* Handle all diagnostics events separately. May still call
+ * hci_recv_frame.
+ */
+ if (len >= sizeof(diagnostics_hdr) &&
+ memcmp(&skb->data[2], diagnostics_hdr,
+ sizeof(diagnostics_hdr)) == 0) {
+ return btintel_diagnostics(hdev, skb);
+ }
+
+ /* This is a debug event that comes from IML and OP image when it
+ * starts execution. There is no need pass this event to stack.
+ */
+ if (skb->data[2] == 0x97)
+ return 0;
+ }
+
+ return hci_recv_frame(hdev, skb);
+}
/* Process the received rx data
* It check the frame header to identify the data type and create skb
* and calling HCI API
@@ -452,7 +671,7 @@ static int btintel_pcie_recv_frame(struct btintel_pcie_data *data,
hdev->stat.byte_rx += plen;
if (pcie_pkt_type == BTINTEL_PCIE_HCI_EVT_PKT)
- ret = btintel_recv_event(hdev, new_skb);
+ ret = btintel_pcie_recv_event(hdev, new_skb);
else
ret = hci_recv_frame(hdev, new_skb);
@@ -1040,8 +1259,11 @@ static int btintel_pcie_send_frame(struct hci_dev *hdev,
struct sk_buff *skb)
{
struct btintel_pcie_data *data = hci_get_drvdata(hdev);
+ struct hci_command_hdr *cmd;
+ __u16 opcode = ~0;
int ret;
u32 type;
+ u32 old_ctxt;
/* Due to the fw limitation, the type header of the packet should be
* 4 bytes unlike 1 byte for UART. In UART, the firmware can read
@@ -1060,6 +1282,8 @@ static int btintel_pcie_send_frame(struct hci_dev *hdev,
switch (hci_skb_pkt_type(skb)) {
case HCI_COMMAND_PKT:
type = BTINTEL_PCIE_HCI_CMD_PKT;
+ cmd = (void *)skb->data;
+ opcode = le16_to_cpu(cmd->opcode);
if (btintel_test_flag(hdev, INTEL_BOOTLOADER)) {
struct hci_command_hdr *cmd = (void *)skb->data;
__u16 opcode = le16_to_cpu(cmd->opcode);
@@ -1095,6 +1319,30 @@ static int btintel_pcie_send_frame(struct hci_dev *hdev,
bt_dev_err(hdev, "Failed to send frame (%d)", ret);
goto exit_error;
}
+
+ if (type == BTINTEL_PCIE_HCI_CMD_PKT &&
+ (opcode == HCI_OP_RESET || opcode == 0xfc01)) {
+ old_ctxt = data->alive_intr_ctxt;
+ data->alive_intr_ctxt =
+ (opcode == 0xfc01 ? BTINTEL_PCIE_INTEL_HCI_RESET1 :
+ BTINTEL_PCIE_HCI_RESET);
+ bt_dev_dbg(data->hdev, "sent cmd: 0x%4.4x alive context changed: %s -> %s",
+ opcode, btintel_pcie_alivectxt_state2str(old_ctxt),
+ btintel_pcie_alivectxt_state2str(data->alive_intr_ctxt));
+ if (opcode == HCI_OP_RESET) {
+ data->gp0_received = false;
+ ret = wait_event_timeout(data->gp0_wait_q,
+ data->gp0_received,
+ msecs_to_jiffies(BTINTEL_DEFAULT_INTR_TIMEOUT_MS));
+ if (!ret) {
+ hdev->stat.err_tx++;
+ bt_dev_err(hdev, "No alive interrupt received for %s",
+ btintel_pcie_alivectxt_state2str(data->alive_intr_ctxt));
+ ret = -ETIME;
+ goto exit_error;
+ }
+ }
+ }
hdev->stat.byte_tx += skb->len;
kfree_skb(skb);
diff --git a/drivers/bluetooth/btintel_pcie.h b/drivers/bluetooth/btintel_pcie.h
index baaff70420f57..8b7824ad005a2 100644
--- a/drivers/bluetooth/btintel_pcie.h
+++ b/drivers/bluetooth/btintel_pcie.h
@@ -12,6 +12,7 @@
#define BTINTEL_PCIE_CSR_HW_REV_REG (BTINTEL_PCIE_CSR_BASE + 0x028)
#define BTINTEL_PCIE_CSR_RF_ID_REG (BTINTEL_PCIE_CSR_BASE + 0x09C)
#define BTINTEL_PCIE_CSR_BOOT_STAGE_REG (BTINTEL_PCIE_CSR_BASE + 0x108)
+#define BTINTEL_PCIE_CSR_IPC_SLEEP_CTL_REG (BTINTEL_PCIE_CSR_BASE + 0x114)
#define BTINTEL_PCIE_CSR_CI_ADDR_LSB_REG (BTINTEL_PCIE_CSR_BASE + 0x118)
#define BTINTEL_PCIE_CSR_CI_ADDR_MSB_REG (BTINTEL_PCIE_CSR_BASE + 0x11C)
#define BTINTEL_PCIE_CSR_IMG_RESPONSE_REG (BTINTEL_PCIE_CSR_BASE + 0x12C)
@@ -32,6 +33,7 @@
#define BTINTEL_PCIE_CSR_BOOT_STAGE_IML_LOCKDOWN (BIT(11))
#define BTINTEL_PCIE_CSR_BOOT_STAGE_MAC_ACCESS_ON (BIT(16))
#define BTINTEL_PCIE_CSR_BOOT_STAGE_ALIVE (BIT(23))
+#define BTINTEL_PCIE_CSR_BOOT_STAGE_D3_STATE_READY (BIT(24))
/* Registers for MSI-X */
#define BTINTEL_PCIE_CSR_MSIX_BASE (0x2000)
@@ -55,6 +57,16 @@ enum msix_hw_int_causes {
BTINTEL_PCIE_MSIX_HW_INT_CAUSES_GP0 = BIT(0), /* cause 32 */
};
+/* PCIe device states
+ * Host-Device interface is active
+ * Host-Device interface is inactive(as reflected by IPC_SLEEP_CONTROL_CSR_AD)
+ * Host-Device interface is inactive(as reflected by IPC_SLEEP_CONTROL_CSR_AD)
+ */
+enum {
+ BTINTEL_PCIE_STATE_D0 = 0,
+ BTINTEL_PCIE_STATE_D3_HOT = 2,
+ BTINTEL_PCIE_STATE_D3_COLD = 3,
+};
#define BTINTEL_PCIE_MSIX_NON_AUTO_CLEAR_CAUSE BIT(7)
/* Minimum and Maximum number of MSI-X Vector
@@ -67,7 +79,7 @@ enum msix_hw_int_causes {
#define BTINTEL_DEFAULT_MAC_ACCESS_TIMEOUT_US 200000
/* Default interrupt timeout in msec */
-#define BTINTEL_DEFAULT_INTR_TIMEOUT 3000
+#define BTINTEL_DEFAULT_INTR_TIMEOUT_MS 3000
/* The number of descriptors in TX/RX queues */
#define BTINTEL_DESCS_COUNT 16
@@ -343,6 +355,7 @@ struct rxq {
* @ia: Index Array struct
* @txq: TX Queue struct
* @rxq: RX Queue struct
+ * @alive_intr_ctxt: Alive interrupt context
*/
struct btintel_pcie_data {
struct pci_dev *pdev;
@@ -389,6 +402,7 @@ struct btintel_pcie_data {
struct ia ia;
struct txq txq;
struct rxq rxq;
+ u32 alive_intr_ctxt;
};
static inline u32 btintel_pcie_rd_reg32(struct btintel_pcie_data *data,
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 357/817] Bluetooth: btintel: Do no pass vendor events to stack
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (355 preceding siblings ...)
2024-12-03 14:38 ` [PATCH 6.11 356/817] Bluetooth: btintel_pcie: Add handshake between driver and firmware Greg Kroah-Hartman
@ 2024-12-03 14:38 ` Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 358/817] Bluetooth: btmtk: adjust the position to init iso data anchor Greg Kroah-Hartman
` (469 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Kiran K, Luiz Augusto von Dentz,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kiran K <kiran.k@intel.com>
[ Upstream commit 510e8380b0382ee3b070748656b00f83c9a5bf80 ]
During firmware download, vendor specific events like boot up and
secure send result are generated. These events can be safely processed at
the driver level. Passing on these events to stack prints unnecessary
log as below.
Bluetooth: hci0: Malformed MSFT vendor event: 0x02
Fixes: 3368aa357f3b ("Bluetooth: msft: Handle MSFT Monitor Device Event")
Signed-off-by: Kiran K <kiran.k@intel.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/bluetooth/btintel.c | 6 ++++--
drivers/bluetooth/btintel_pcie.c | 9 ++++++---
2 files changed, 10 insertions(+), 5 deletions(-)
diff --git a/drivers/bluetooth/btintel.c b/drivers/bluetooth/btintel.c
index 69e4650796f05..deb8729f73a91 100644
--- a/drivers/bluetooth/btintel.c
+++ b/drivers/bluetooth/btintel.c
@@ -3368,7 +3368,8 @@ int btintel_recv_event(struct hci_dev *hdev, struct sk_buff *skb)
* indicating that the bootup completed.
*/
btintel_bootup(hdev, ptr, len);
- break;
+ kfree_skb(skb);
+ return 0;
case 0x06:
/* When the firmware loading completes the
* device sends out a vendor specific event
@@ -3376,7 +3377,8 @@ int btintel_recv_event(struct hci_dev *hdev, struct sk_buff *skb)
* loading.
*/
btintel_secure_send_result(hdev, ptr, len);
- break;
+ kfree_skb(skb);
+ return 0;
}
}
diff --git a/drivers/bluetooth/btintel_pcie.c b/drivers/bluetooth/btintel_pcie.c
index aab68e3164d36..d239175718624 100644
--- a/drivers/bluetooth/btintel_pcie.c
+++ b/drivers/bluetooth/btintel_pcie.c
@@ -535,7 +535,8 @@ static int btintel_pcie_recv_event(struct hci_dev *hdev, struct sk_buff *skb)
if (btintel_pcie_in_op(data)) {
btintel_pcie_wr_sleep_cntrl(data, BTINTEL_PCIE_STATE_D0);
data->alive_intr_ctxt = BTINTEL_PCIE_INTEL_HCI_RESET2;
- break;
+ kfree_skb(skb);
+ return 0;
}
if (btintel_pcie_in_iml(data)) {
@@ -552,7 +553,8 @@ static int btintel_pcie_recv_event(struct hci_dev *hdev, struct sk_buff *skb)
btintel_wake_up_flag(data->hdev,
INTEL_WAIT_FOR_D0);
}
- break;
+ kfree_skb(skb);
+ return 0;
case 0x06:
/* When the firmware loading completes the
* device sends out a vendor specific event
@@ -560,7 +562,8 @@ static int btintel_pcie_recv_event(struct hci_dev *hdev, struct sk_buff *skb)
* loading.
*/
btintel_secure_send_result(hdev, ptr, len);
- break;
+ kfree_skb(skb);
+ return 0;
}
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 358/817] Bluetooth: btmtk: adjust the position to init iso data anchor
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (356 preceding siblings ...)
2024-12-03 14:38 ` [PATCH 6.11 357/817] Bluetooth: btintel: Do no pass vendor events to stack Greg Kroah-Hartman
@ 2024-12-03 14:38 ` Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 359/817] Bluetooth: btbcm: fix missing of_node_put() in btbcm_get_board_name() Greg Kroah-Hartman
` (468 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Chris Lu, Luiz Augusto von Dentz,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chris Lu <chris.lu@mediatek.com>
[ Upstream commit 61c5a3def90ac729a538e5ca5ff7f461cff72776 ]
MediaTek iso data anchor init should be moved to where MediaTek
claims iso data interface.
If there is an unexpected BT usb disconnect during setup flow,
it will cause a NULL pointer crash issue when releasing iso
anchor since the anchor wasn't been init yet. Adjust the position
to do iso data anchor init.
[ 17.137991] pc : usb_kill_anchored_urbs+0x60/0x168
[ 17.137998] lr : usb_kill_anchored_urbs+0x44/0x168
[ 17.137999] sp : ffffffc0890cb5f0
[ 17.138000] x29: ffffffc0890cb5f0 x28: ffffff80bb6c2e80
[ 17.144081] gpio gpiochip0: registered chardev handle for 1 lines
[ 17.148421] x27: 0000000000000000
[ 17.148422] x26: ffffffd301ff4298 x25: 0000000000000003 x24: 00000000000000f0
[ 17.148424] x23: 0000000000000000 x22: 00000000ffffffff x21: 0000000000000001
[ 17.148425] x20: ffffffffffffffd8 x19: ffffff80c0f25560 x18: 0000000000000000
[ 17.148427] x17: ffffffd33864e408 x16: ffffffd33808f7c8 x15: 0000000000200000
[ 17.232789] x14: e0cd73cf80ffffff x13: 50f2137c0a0338c9 x12: 0000000000000001
[ 17.239912] x11: 0000000080150011 x10: 0000000000000002 x9 : 0000000000000001
[ 17.247035] x8 : 0000000000000000 x7 : 0000000000008080 x6 : 8080000000000000
[ 17.254158] x5 : ffffffd33808ebc0 x4 : fffffffe033dcf20 x3 : 0000000080150011
[ 17.261281] x2 : ffffff8087a91400 x1 : 0000000000000000 x0 : ffffff80c0f25588
[ 17.268404] Call trace:
[ 17.270841] usb_kill_anchored_urbs+0x60/0x168
[ 17.275274] btusb_mtk_release_iso_intf+0x2c/0xd8 [btusb (HASH:5afe 6)]
[ 17.284226] btusb_mtk_disconnect+0x14/0x28 [btusb (HASH:5afe 6)]
[ 17.292652] btusb_disconnect+0x70/0x140 [btusb (HASH:5afe 6)]
[ 17.300818] usb_unbind_interface+0xc4/0x240
[ 17.305079] device_release_driver_internal+0x18c/0x258
[ 17.310296] device_release_driver+0x1c/0x30
[ 17.314557] bus_remove_device+0x140/0x160
[ 17.318643] device_del+0x1c0/0x330
[ 17.322121] usb_disable_device+0x80/0x180
[ 17.326207] usb_disconnect+0xec/0x300
[ 17.329948] hub_quiesce+0x80/0xd0
[ 17.333339] hub_disconnect+0x44/0x190
[ 17.337078] usb_unbind_interface+0xc4/0x240
[ 17.341337] device_release_driver_internal+0x18c/0x258
[ 17.346551] device_release_driver+0x1c/0x30
[ 17.350810] usb_driver_release_interface+0x70/0x88
[ 17.355677] proc_ioctl+0x13c/0x228
[ 17.359157] proc_ioctl_default+0x50/0x80
[ 17.363155] usbdev_ioctl+0x830/0xd08
[ 17.366808] __arm64_sys_ioctl+0x94/0xd0
[ 17.370723] invoke_syscall+0x6c/0xf8
[ 17.374377] el0_svc_common+0x84/0xe0
[ 17.378030] do_el0_svc+0x20/0x30
[ 17.381334] el0_svc+0x34/0x60
[ 17.384382] el0t_64_sync_handler+0x88/0xf0
[ 17.388554] el0t_64_sync+0x180/0x188
[ 17.392208] Code: f9400677 f100a2f4 54fffea0 d503201f (b8350288)
[ 17.398289] ---[ end trace 0000000000000000 ]---
Fixes: ceac1cb0259d ("Bluetooth: btusb: mediatek: add ISO data transmission functions")
Signed-off-by: Chris Lu <chris.lu@mediatek.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/bluetooth/btmtk.c | 1 -
drivers/bluetooth/btusb.c | 1 +
2 files changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/bluetooth/btmtk.c b/drivers/bluetooth/btmtk.c
index 2b7c80043aa2e..4b30d13ad5e96 100644
--- a/drivers/bluetooth/btmtk.c
+++ b/drivers/bluetooth/btmtk.c
@@ -1215,7 +1215,6 @@ static int btmtk_usb_isointf_init(struct hci_dev *hdev)
struct sk_buff *skb;
int err;
- init_usb_anchor(&btmtk_data->isopkt_anchor);
spin_lock_init(&btmtk_data->isorxlock);
__set_mtk_intr_interface(hdev);
diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c
index 2408e50743ca6..09afd75145ed9 100644
--- a/drivers/bluetooth/btusb.c
+++ b/drivers/bluetooth/btusb.c
@@ -2670,6 +2670,7 @@ static void btusb_mtk_claim_iso_intf(struct btusb_data *data)
}
set_bit(BTMTK_ISOPKT_OVER_INTR, &btmtk_data->flags);
+ init_usb_anchor(&btmtk_data->isopkt_anchor);
}
static void btusb_mtk_release_iso_intf(struct btusb_data *data)
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 359/817] Bluetooth: btbcm: fix missing of_node_put() in btbcm_get_board_name()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (357 preceding siblings ...)
2024-12-03 14:38 ` [PATCH 6.11 358/817] Bluetooth: btmtk: adjust the position to init iso data anchor Greg Kroah-Hartman
@ 2024-12-03 14:38 ` Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 360/817] Bluetooth: ISO: Use kref to track lifetime of iso_conn Greg Kroah-Hartman
` (467 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Javier Carrasco,
Luiz Augusto von Dentz, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Javier Carrasco <javier.carrasco.cruz@gmail.com>
[ Upstream commit e42eec0f182ac0605e658145f6fe3b6a7c256c45 ]
of_find_node_by_path() returns a pointer to a device_node with its
refcount incremented, and a call to of_node_put() is required to
decrement the refcount again and avoid leaking the resource.
If 'of_property_read_string_index(root, "compatible", 0, &tmp)' fails,
the function returns without calling of_node_put(root) before doing so.
The automatic cleanup attribute can be used by means of the __free()
macro to automatically call of_node_put() when the variable goes out of
scope, fixing the issue and also accounting for new error paths.
Fixes: 63fac3343b99 ("Bluetooth: btbcm: Support per-board firmware variants")
Signed-off-by: Javier Carrasco <javier.carrasco.cruz@gmail.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/bluetooth/btbcm.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/drivers/bluetooth/btbcm.c b/drivers/bluetooth/btbcm.c
index f9a7c790d7e2e..723db989d9cec 100644
--- a/drivers/bluetooth/btbcm.c
+++ b/drivers/bluetooth/btbcm.c
@@ -541,11 +541,10 @@ static const struct bcm_subver_table bcm_usb_subver_table[] = {
static const char *btbcm_get_board_name(struct device *dev)
{
#ifdef CONFIG_OF
- struct device_node *root;
+ struct device_node *root __free(device_node) = of_find_node_by_path("/");
char *board_type;
const char *tmp;
- root = of_find_node_by_path("/");
if (!root)
return NULL;
@@ -555,7 +554,6 @@ static const char *btbcm_get_board_name(struct device *dev)
/* get rid of any '/' in the compatible string */
board_type = devm_kstrdup(dev, tmp, GFP_KERNEL);
strreplace(board_type, '/', '-');
- of_node_put(root);
return board_type;
#else
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 360/817] Bluetooth: ISO: Use kref to track lifetime of iso_conn
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (358 preceding siblings ...)
2024-12-03 14:38 ` [PATCH 6.11 359/817] Bluetooth: btbcm: fix missing of_node_put() in btbcm_get_board_name() Greg Kroah-Hartman
@ 2024-12-03 14:38 ` Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 361/817] Bluetooth: ISO: Do not emit LE PA Create Sync if previous is pending Greg Kroah-Hartman
` (466 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:38 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Luiz Augusto von Dentz, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
[ Upstream commit dc26097bdb864a0d5955b9a25e43376ffc1af99b ]
This make use of kref to keep track of reference of iso_conn which
allows better tracking of its lifetime with usage of things like
kref_get_unless_zero in a similar way as used in l2cap_chan.
In addition to it remove call to iso_sock_set_timer on iso_sock_disconn
since at that point it is useless to set a timer as the sk will be freed
there is nothing to be done in iso_sock_timeout.
Fixes: ccf74f2390d6 ("Bluetooth: Add BTPROTO_ISO socket type")
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/bluetooth/iso.c | 88 ++++++++++++++++++++++++++++++++++++---------
1 file changed, 71 insertions(+), 17 deletions(-)
diff --git a/net/bluetooth/iso.c b/net/bluetooth/iso.c
index 7a83e400ac77a..109bf58c982ae 100644
--- a/net/bluetooth/iso.c
+++ b/net/bluetooth/iso.c
@@ -35,6 +35,7 @@ struct iso_conn {
struct sk_buff *rx_skb;
__u32 rx_len;
__u16 tx_sn;
+ struct kref ref;
};
#define iso_conn_lock(c) spin_lock(&(c)->lock)
@@ -93,6 +94,49 @@ static struct sock *iso_get_sock(bdaddr_t *src, bdaddr_t *dst,
#define ISO_CONN_TIMEOUT (HZ * 40)
#define ISO_DISCONN_TIMEOUT (HZ * 2)
+static void iso_conn_free(struct kref *ref)
+{
+ struct iso_conn *conn = container_of(ref, struct iso_conn, ref);
+
+ BT_DBG("conn %p", conn);
+
+ if (conn->sk)
+ iso_pi(conn->sk)->conn = NULL;
+
+ if (conn->hcon) {
+ conn->hcon->iso_data = NULL;
+ hci_conn_drop(conn->hcon);
+ }
+
+ /* Ensure no more work items will run since hci_conn has been dropped */
+ disable_delayed_work_sync(&conn->timeout_work);
+
+ kfree(conn);
+}
+
+static void iso_conn_put(struct iso_conn *conn)
+{
+ if (!conn)
+ return;
+
+ BT_DBG("conn %p refcnt %d", conn, kref_read(&conn->ref));
+
+ kref_put(&conn->ref, iso_conn_free);
+}
+
+static struct iso_conn *iso_conn_hold_unless_zero(struct iso_conn *conn)
+{
+ if (!conn)
+ return NULL;
+
+ BT_DBG("conn %p refcnt %u", conn, kref_read(&conn->ref));
+
+ if (!kref_get_unless_zero(&conn->ref))
+ return NULL;
+
+ return conn;
+}
+
static struct sock *iso_sock_hold(struct iso_conn *conn)
{
if (!conn || !bt_sock_linked(&iso_sk_list, conn->sk))
@@ -109,9 +153,14 @@ static void iso_sock_timeout(struct work_struct *work)
timeout_work.work);
struct sock *sk;
+ conn = iso_conn_hold_unless_zero(conn);
+ if (!conn)
+ return;
+
iso_conn_lock(conn);
sk = iso_sock_hold(conn);
iso_conn_unlock(conn);
+ iso_conn_put(conn);
if (!sk)
return;
@@ -149,9 +198,14 @@ static struct iso_conn *iso_conn_add(struct hci_conn *hcon)
{
struct iso_conn *conn = hcon->iso_data;
+ conn = iso_conn_hold_unless_zero(conn);
if (conn) {
- if (!conn->hcon)
+ if (!conn->hcon) {
+ iso_conn_lock(conn);
conn->hcon = hcon;
+ iso_conn_unlock(conn);
+ }
+ iso_conn_put(conn);
return conn;
}
@@ -159,6 +213,7 @@ static struct iso_conn *iso_conn_add(struct hci_conn *hcon)
if (!conn)
return NULL;
+ kref_init(&conn->ref);
spin_lock_init(&conn->lock);
INIT_DELAYED_WORK(&conn->timeout_work, iso_sock_timeout);
@@ -178,17 +233,15 @@ static void iso_chan_del(struct sock *sk, int err)
struct sock *parent;
conn = iso_pi(sk)->conn;
+ iso_pi(sk)->conn = NULL;
BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
if (conn) {
iso_conn_lock(conn);
conn->sk = NULL;
- iso_pi(sk)->conn = NULL;
iso_conn_unlock(conn);
-
- if (conn->hcon)
- hci_conn_drop(conn->hcon);
+ iso_conn_put(conn);
}
sk->sk_state = BT_CLOSED;
@@ -210,6 +263,7 @@ static void iso_conn_del(struct hci_conn *hcon, int err)
struct iso_conn *conn = hcon->iso_data;
struct sock *sk;
+ conn = iso_conn_hold_unless_zero(conn);
if (!conn)
return;
@@ -219,20 +273,18 @@ static void iso_conn_del(struct hci_conn *hcon, int err)
iso_conn_lock(conn);
sk = iso_sock_hold(conn);
iso_conn_unlock(conn);
+ iso_conn_put(conn);
- if (sk) {
- lock_sock(sk);
- iso_sock_clear_timer(sk);
- iso_chan_del(sk, err);
- release_sock(sk);
- sock_put(sk);
+ if (!sk) {
+ iso_conn_put(conn);
+ return;
}
- /* Ensure no more work items will run before freeing conn. */
- cancel_delayed_work_sync(&conn->timeout_work);
-
- hcon->iso_data = NULL;
- kfree(conn);
+ lock_sock(sk);
+ iso_sock_clear_timer(sk);
+ iso_chan_del(sk, err);
+ release_sock(sk);
+ sock_put(sk);
}
static int __iso_chan_add(struct iso_conn *conn, struct sock *sk,
@@ -652,6 +704,8 @@ static void iso_sock_destruct(struct sock *sk)
{
BT_DBG("sk %p", sk);
+ iso_conn_put(iso_pi(sk)->conn);
+
skb_queue_purge(&sk->sk_receive_queue);
skb_queue_purge(&sk->sk_write_queue);
}
@@ -711,6 +765,7 @@ static void iso_sock_disconn(struct sock *sk)
*/
if (bis_sk) {
hcon->state = BT_OPEN;
+ hcon->iso_data = NULL;
iso_pi(sk)->conn->hcon = NULL;
iso_sock_clear_timer(sk);
iso_chan_del(sk, bt_to_errno(hcon->abort_reason));
@@ -720,7 +775,6 @@ static void iso_sock_disconn(struct sock *sk)
}
sk->sk_state = BT_DISCONN;
- iso_sock_set_timer(sk, ISO_DISCONN_TIMEOUT);
iso_conn_lock(iso_pi(sk)->conn);
hci_conn_drop(iso_pi(sk)->conn->hcon);
iso_pi(sk)->conn->hcon = NULL;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 361/817] Bluetooth: ISO: Do not emit LE PA Create Sync if previous is pending
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (359 preceding siblings ...)
2024-12-03 14:38 ` [PATCH 6.11 360/817] Bluetooth: ISO: Use kref to track lifetime of iso_conn Greg Kroah-Hartman
@ 2024-12-03 14:38 ` Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 362/817] Bluetooth: ISO: Do not emit LE BIG " Greg Kroah-Hartman
` (465 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Iulia Tanasescu,
Luiz Augusto von Dentz, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Iulia Tanasescu <iulia.tanasescu@nxp.com>
[ Upstream commit 4a5e0ba68676b3a77298cf646cd2b39c94fbd2f5 ]
The Bluetooth Core spec does not allow a LE PA Create sync command to be
sent to Controller if another one is pending (Vol 4, Part E, page 2493).
In order to avoid this issue, the HCI_CONN_CREATE_PA_SYNC was added
to mark that the LE PA Create Sync command has been sent for a hcon.
Once the PA Sync Established event is received, the hcon flag is
erased and the next pending hcon is handled.
Signed-off-by: Iulia Tanasescu <iulia.tanasescu@nxp.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Stable-dep-of: 07a9342b94a9 ("Bluetooth: ISO: Send BIG Create Sync via hci_sync")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/net/bluetooth/hci.h | 3 +-
include/net/bluetooth/hci_core.h | 34 +++++++++
net/bluetooth/hci_conn.c | 123 +++++++++++++++++++++----------
net/bluetooth/hci_event.c | 19 ++++-
4 files changed, 139 insertions(+), 40 deletions(-)
diff --git a/include/net/bluetooth/hci.h b/include/net/bluetooth/hci.h
index d1d073089f384..355e2c2d56f9f 100644
--- a/include/net/bluetooth/hci.h
+++ b/include/net/bluetooth/hci.h
@@ -1,7 +1,7 @@
/*
BlueZ - Bluetooth protocol stack for Linux
Copyright (C) 2000-2001 Qualcomm Incorporated
- Copyright 2023 NXP
+ Copyright 2023-2024 NXP
Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
@@ -683,6 +683,7 @@ enum {
#define HCI_RSSI_INVALID 127
#define HCI_SYNC_HANDLE_INVALID 0xffff
+#define HCI_SID_INVALID 0xff
#define HCI_ROLE_MASTER 0x00
#define HCI_ROLE_SLAVE 0x01
diff --git a/include/net/bluetooth/hci_core.h b/include/net/bluetooth/hci_core.h
index 88265d37aa72e..494fcd68f8311 100644
--- a/include/net/bluetooth/hci_core.h
+++ b/include/net/bluetooth/hci_core.h
@@ -668,6 +668,7 @@ struct hci_conn {
__u8 adv_instance;
__u16 handle;
__u16 sync_handle;
+ __u8 sid;
__u16 state;
__u16 mtu;
__u8 mode;
@@ -947,6 +948,7 @@ enum {
HCI_CONN_CREATE_CIS,
HCI_CONN_BIG_SYNC,
HCI_CONN_BIG_SYNC_FAILED,
+ HCI_CONN_CREATE_PA_SYNC,
HCI_CONN_PA_SYNC,
HCI_CONN_PA_SYNC_FAILED,
};
@@ -1099,6 +1101,30 @@ static inline struct hci_conn *hci_conn_hash_lookup_bis(struct hci_dev *hdev,
return NULL;
}
+static inline struct hci_conn *hci_conn_hash_lookup_sid(struct hci_dev *hdev,
+ __u8 sid,
+ bdaddr_t *dst,
+ __u8 dst_type)
+{
+ struct hci_conn_hash *h = &hdev->conn_hash;
+ struct hci_conn *c;
+
+ rcu_read_lock();
+
+ list_for_each_entry_rcu(c, &h->list, list) {
+ if (c->type != ISO_LINK || bacmp(&c->dst, dst) ||
+ c->dst_type != dst_type || c->sid != sid)
+ continue;
+
+ rcu_read_unlock();
+ return c;
+ }
+
+ rcu_read_unlock();
+
+ return NULL;
+}
+
static inline struct hci_conn *
hci_conn_hash_lookup_per_adv_bis(struct hci_dev *hdev,
bdaddr_t *ba,
@@ -1328,6 +1354,13 @@ hci_conn_hash_lookup_pa_sync_handle(struct hci_dev *hdev, __u16 sync_handle)
if (c->type != ISO_LINK)
continue;
+ /* Ignore the listen hcon, we are looking
+ * for the child hcon that was created as
+ * a result of the PA sync established event.
+ */
+ if (c->state == BT_LISTEN)
+ continue;
+
if (c->sync_handle == sync_handle) {
rcu_read_unlock();
return c;
@@ -1445,6 +1478,7 @@ bool hci_setup_sync(struct hci_conn *conn, __u16 handle);
void hci_sco_setup(struct hci_conn *conn, __u8 status);
bool hci_iso_setup_path(struct hci_conn *conn);
int hci_le_create_cis_pending(struct hci_dev *hdev);
+int hci_pa_create_sync_pending(struct hci_dev *hdev);
int hci_conn_check_create_cis(struct hci_conn *conn);
struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst,
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
index a7ffce4851235..21b900995e2d2 100644
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -953,6 +953,7 @@ static struct hci_conn *__hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t
conn->tx_power = HCI_TX_POWER_INVALID;
conn->max_tx_power = HCI_TX_POWER_INVALID;
conn->sync_handle = HCI_SYNC_HANDLE_INVALID;
+ conn->sid = HCI_SID_INVALID;
set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
conn->disc_timeout = HCI_DISCONN_TIMEOUT;
@@ -2063,73 +2064,119 @@ static int create_big_sync(struct hci_dev *hdev, void *data)
static void create_pa_complete(struct hci_dev *hdev, void *data, int err)
{
- struct hci_cp_le_pa_create_sync *cp = data;
-
bt_dev_dbg(hdev, "");
if (err)
bt_dev_err(hdev, "Unable to create PA: %d", err);
+}
+
+static bool hci_conn_check_create_pa_sync(struct hci_conn *conn)
+{
+ if (conn->type != ISO_LINK || conn->sid == HCI_SID_INVALID)
+ return false;
- kfree(cp);
+ return true;
}
static int create_pa_sync(struct hci_dev *hdev, void *data)
{
- struct hci_cp_le_pa_create_sync *cp = data;
- int err;
+ struct hci_cp_le_pa_create_sync *cp = NULL;
+ struct hci_conn *conn;
+ int err = 0;
- err = __hci_cmd_sync_status(hdev, HCI_OP_LE_PA_CREATE_SYNC,
- sizeof(*cp), cp, HCI_CMD_TIMEOUT);
- if (err) {
- hci_dev_clear_flag(hdev, HCI_PA_SYNC);
- return err;
+ hci_dev_lock(hdev);
+
+ rcu_read_lock();
+
+ /* The spec allows only one pending LE Periodic Advertising Create
+ * Sync command at a time. If the command is pending now, don't do
+ * anything. We check for pending connections after each PA Sync
+ * Established event.
+ *
+ * BLUETOOTH CORE SPECIFICATION Version 5.3 | Vol 4, Part E
+ * page 2493:
+ *
+ * If the Host issues this command when another HCI_LE_Periodic_
+ * Advertising_Create_Sync command is pending, the Controller shall
+ * return the error code Command Disallowed (0x0C).
+ */
+ list_for_each_entry_rcu(conn, &hdev->conn_hash.list, list) {
+ if (test_bit(HCI_CONN_CREATE_PA_SYNC, &conn->flags))
+ goto unlock;
}
- return hci_update_passive_scan_sync(hdev);
+ list_for_each_entry_rcu(conn, &hdev->conn_hash.list, list) {
+ if (hci_conn_check_create_pa_sync(conn)) {
+ struct bt_iso_qos *qos = &conn->iso_qos;
+
+ cp = kzalloc(sizeof(*cp), GFP_KERNEL);
+ if (!cp) {
+ err = -ENOMEM;
+ goto unlock;
+ }
+
+ cp->options = qos->bcast.options;
+ cp->sid = conn->sid;
+ cp->addr_type = conn->dst_type;
+ bacpy(&cp->addr, &conn->dst);
+ cp->skip = cpu_to_le16(qos->bcast.skip);
+ cp->sync_timeout = cpu_to_le16(qos->bcast.sync_timeout);
+ cp->sync_cte_type = qos->bcast.sync_cte_type;
+
+ break;
+ }
+ }
+
+unlock:
+ rcu_read_unlock();
+
+ hci_dev_unlock(hdev);
+
+ if (cp) {
+ hci_dev_set_flag(hdev, HCI_PA_SYNC);
+ set_bit(HCI_CONN_CREATE_PA_SYNC, &conn->flags);
+
+ err = __hci_cmd_sync_status(hdev, HCI_OP_LE_PA_CREATE_SYNC,
+ sizeof(*cp), cp, HCI_CMD_TIMEOUT);
+ if (!err)
+ err = hci_update_passive_scan_sync(hdev);
+
+ kfree(cp);
+
+ if (err) {
+ hci_dev_clear_flag(hdev, HCI_PA_SYNC);
+ clear_bit(HCI_CONN_CREATE_PA_SYNC, &conn->flags);
+ }
+ }
+
+ return err;
+}
+
+int hci_pa_create_sync_pending(struct hci_dev *hdev)
+{
+ /* Queue start pa_create_sync and scan */
+ return hci_cmd_sync_queue(hdev, create_pa_sync,
+ NULL, create_pa_complete);
}
struct hci_conn *hci_pa_create_sync(struct hci_dev *hdev, bdaddr_t *dst,
__u8 dst_type, __u8 sid,
struct bt_iso_qos *qos)
{
- struct hci_cp_le_pa_create_sync *cp;
struct hci_conn *conn;
- int err;
-
- if (hci_dev_test_and_set_flag(hdev, HCI_PA_SYNC))
- return ERR_PTR(-EBUSY);
conn = hci_conn_add_unset(hdev, ISO_LINK, dst, HCI_ROLE_SLAVE);
if (IS_ERR(conn))
return conn;
conn->iso_qos = *qos;
+ conn->dst_type = dst_type;
+ conn->sid = sid;
conn->state = BT_LISTEN;
hci_conn_hold(conn);
- cp = kzalloc(sizeof(*cp), GFP_KERNEL);
- if (!cp) {
- hci_dev_clear_flag(hdev, HCI_PA_SYNC);
- hci_conn_drop(conn);
- return ERR_PTR(-ENOMEM);
- }
-
- cp->options = qos->bcast.options;
- cp->sid = sid;
- cp->addr_type = dst_type;
- bacpy(&cp->addr, dst);
- cp->skip = cpu_to_le16(qos->bcast.skip);
- cp->sync_timeout = cpu_to_le16(qos->bcast.sync_timeout);
- cp->sync_cte_type = qos->bcast.sync_cte_type;
-
- /* Queue start pa_create_sync and scan */
- err = hci_cmd_sync_queue(hdev, create_pa_sync, cp, create_pa_complete);
- if (err < 0) {
- hci_conn_drop(conn);
- kfree(cp);
- return ERR_PTR(err);
- }
+ hci_pa_create_sync_pending(hdev);
return conn;
}
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 561c8cb87473e..63504248d58dd 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -6345,7 +6345,7 @@ static void hci_le_pa_sync_estabilished_evt(struct hci_dev *hdev, void *data,
struct hci_ev_le_pa_sync_established *ev = data;
int mask = hdev->link_mode;
__u8 flags = 0;
- struct hci_conn *pa_sync;
+ struct hci_conn *pa_sync, *conn;
bt_dev_dbg(hdev, "status 0x%2.2x", ev->status);
@@ -6353,6 +6353,20 @@ static void hci_le_pa_sync_estabilished_evt(struct hci_dev *hdev, void *data,
hci_dev_clear_flag(hdev, HCI_PA_SYNC);
+ conn = hci_conn_hash_lookup_sid(hdev, ev->sid, &ev->bdaddr,
+ ev->bdaddr_type);
+ if (!conn) {
+ bt_dev_err(hdev,
+ "Unable to find connection for dst %pMR sid 0x%2.2x",
+ &ev->bdaddr, ev->sid);
+ goto unlock;
+ }
+
+ clear_bit(HCI_CONN_CREATE_PA_SYNC, &conn->flags);
+
+ conn->sync_handle = le16_to_cpu(ev->handle);
+ conn->sid = HCI_SID_INVALID;
+
mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ISO_LINK, &flags);
if (!(mask & HCI_LM_ACCEPT)) {
hci_le_pa_term_sync(hdev, ev->handle);
@@ -6379,6 +6393,9 @@ static void hci_le_pa_sync_estabilished_evt(struct hci_dev *hdev, void *data,
}
unlock:
+ /* Handle any other pending PA sync command */
+ hci_pa_create_sync_pending(hdev);
+
hci_dev_unlock(hdev);
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 362/817] Bluetooth: ISO: Do not emit LE BIG Create Sync if previous is pending
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (360 preceding siblings ...)
2024-12-03 14:38 ` [PATCH 6.11 361/817] Bluetooth: ISO: Do not emit LE PA Create Sync if previous is pending Greg Kroah-Hartman
@ 2024-12-03 14:38 ` Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 363/817] Bluetooth: ISO: Send BIG Create Sync via hci_sync Greg Kroah-Hartman
` (464 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Iulia Tanasescu,
Luiz Augusto von Dentz, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Iulia Tanasescu <iulia.tanasescu@nxp.com>
[ Upstream commit 42ecf1947135110ea08abeaca39741636f9a2285 ]
The Bluetooth Core spec does not allow a LE BIG Create sync command to be
sent to Controller if another one is pending (Vol 4, Part E, page 2586).
In order to avoid this issue, the HCI_CONN_CREATE_BIG_SYNC was added
to mark that the LE BIG Create Sync command has been sent for a hcon.
Once the BIG Sync Established event is received, the hcon flag is
erased and the next pending hcon is handled.
Signed-off-by: Iulia Tanasescu <iulia.tanasescu@nxp.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Stable-dep-of: 07a9342b94a9 ("Bluetooth: ISO: Send BIG Create Sync via hci_sync")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/net/bluetooth/hci.h | 1 +
include/net/bluetooth/hci_core.h | 29 +++++++++++
net/bluetooth/hci_conn.c | 87 +++++++++++++++++++++++++++-----
net/bluetooth/hci_event.c | 20 +++++++-
net/bluetooth/iso.c | 4 +-
5 files changed, 125 insertions(+), 16 deletions(-)
diff --git a/include/net/bluetooth/hci.h b/include/net/bluetooth/hci.h
index 355e2c2d56f9f..f2cd1ed20d691 100644
--- a/include/net/bluetooth/hci.h
+++ b/include/net/bluetooth/hci.h
@@ -29,6 +29,7 @@
#define HCI_MAX_ACL_SIZE 1024
#define HCI_MAX_SCO_SIZE 255
#define HCI_MAX_ISO_SIZE 251
+#define HCI_MAX_ISO_BIS 31
#define HCI_MAX_EVENT_SIZE 260
#define HCI_MAX_FRAME_SIZE (HCI_MAX_ACL_SIZE + 4)
diff --git a/include/net/bluetooth/hci_core.h b/include/net/bluetooth/hci_core.h
index 494fcd68f8311..4c185a08c3a3a 100644
--- a/include/net/bluetooth/hci_core.h
+++ b/include/net/bluetooth/hci_core.h
@@ -711,6 +711,9 @@ struct hci_conn {
__s8 tx_power;
__s8 max_tx_power;
struct bt_iso_qos iso_qos;
+ __u8 num_bis;
+ __u8 bis[HCI_MAX_ISO_BIS];
+
unsigned long flags;
enum conn_reasons conn_reason;
@@ -946,6 +949,7 @@ enum {
HCI_CONN_PER_ADV,
HCI_CONN_BIG_CREATED,
HCI_CONN_CREATE_CIS,
+ HCI_CONN_CREATE_BIG_SYNC,
HCI_CONN_BIG_SYNC,
HCI_CONN_BIG_SYNC_FAILED,
HCI_CONN_CREATE_PA_SYNC,
@@ -1295,6 +1299,30 @@ static inline struct hci_conn *hci_conn_hash_lookup_big(struct hci_dev *hdev,
return NULL;
}
+static inline struct hci_conn *
+hci_conn_hash_lookup_big_sync_pend(struct hci_dev *hdev,
+ __u8 handle, __u8 num_bis)
+{
+ struct hci_conn_hash *h = &hdev->conn_hash;
+ struct hci_conn *c;
+
+ rcu_read_lock();
+
+ list_for_each_entry_rcu(c, &h->list, list) {
+ if (c->type != ISO_LINK)
+ continue;
+
+ if (handle == c->iso_qos.bcast.big && num_bis == c->num_bis) {
+ rcu_read_unlock();
+ return c;
+ }
+ }
+
+ rcu_read_unlock();
+
+ return NULL;
+}
+
static inline struct hci_conn *
hci_conn_hash_lookup_big_state(struct hci_dev *hdev, __u8 handle, __u16 state)
{
@@ -1479,6 +1507,7 @@ void hci_sco_setup(struct hci_conn *conn, __u8 status);
bool hci_iso_setup_path(struct hci_conn *conn);
int hci_le_create_cis_pending(struct hci_dev *hdev);
int hci_pa_create_sync_pending(struct hci_dev *hdev);
+int hci_le_big_create_sync_pending(struct hci_dev *hdev);
int hci_conn_check_create_cis(struct hci_conn *conn);
struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst,
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
index 21b900995e2d2..b2bb14055a759 100644
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -2181,34 +2181,93 @@ struct hci_conn *hci_pa_create_sync(struct hci_dev *hdev, bdaddr_t *dst,
return conn;
}
+static bool hci_conn_check_create_big_sync(struct hci_conn *conn)
+{
+ if (!conn->num_bis)
+ return false;
+
+ return true;
+}
+
+int hci_le_big_create_sync_pending(struct hci_dev *hdev)
+{
+ DEFINE_FLEX(struct hci_cp_le_big_create_sync, pdu, bis, num_bis, 0x11);
+ struct hci_conn *conn;
+
+ rcu_read_lock();
+
+ pdu->num_bis = 0;
+
+ /* The spec allows only one pending LE BIG Create Sync command at
+ * a time. If the command is pending now, don't do anything. We
+ * check for pending connections after each BIG Sync Established
+ * event.
+ *
+ * BLUETOOTH CORE SPECIFICATION Version 5.3 | Vol 4, Part E
+ * page 2586:
+ *
+ * If the Host sends this command when the Controller is in the
+ * process of synchronizing to any BIG, i.e. the HCI_LE_BIG_Sync_
+ * Established event has not been generated, the Controller shall
+ * return the error code Command Disallowed (0x0C).
+ */
+ list_for_each_entry_rcu(conn, &hdev->conn_hash.list, list) {
+ if (test_bit(HCI_CONN_CREATE_BIG_SYNC, &conn->flags))
+ goto unlock;
+ }
+
+ list_for_each_entry_rcu(conn, &hdev->conn_hash.list, list) {
+ if (hci_conn_check_create_big_sync(conn)) {
+ struct bt_iso_qos *qos = &conn->iso_qos;
+
+ set_bit(HCI_CONN_CREATE_BIG_SYNC, &conn->flags);
+
+ pdu->handle = qos->bcast.big;
+ pdu->sync_handle = cpu_to_le16(conn->sync_handle);
+ pdu->encryption = qos->bcast.encryption;
+ memcpy(pdu->bcode, qos->bcast.bcode,
+ sizeof(pdu->bcode));
+ pdu->mse = qos->bcast.mse;
+ pdu->timeout = cpu_to_le16(qos->bcast.timeout);
+ pdu->num_bis = conn->num_bis;
+ memcpy(pdu->bis, conn->bis, conn->num_bis);
+
+ break;
+ }
+ }
+
+unlock:
+ rcu_read_unlock();
+
+ if (!pdu->num_bis)
+ return 0;
+
+ return hci_send_cmd(hdev, HCI_OP_LE_BIG_CREATE_SYNC,
+ struct_size(pdu, bis, pdu->num_bis), pdu);
+}
+
int hci_le_big_create_sync(struct hci_dev *hdev, struct hci_conn *hcon,
struct bt_iso_qos *qos,
__u16 sync_handle, __u8 num_bis, __u8 bis[])
{
- DEFINE_FLEX(struct hci_cp_le_big_create_sync, pdu, bis, num_bis, 0x11);
int err;
- if (num_bis < 0x01 || num_bis > pdu->num_bis)
+ if (num_bis < 0x01 || num_bis > ISO_MAX_NUM_BIS)
return -EINVAL;
err = qos_set_big(hdev, qos);
if (err)
return err;
- if (hcon)
- hcon->iso_qos.bcast.big = qos->bcast.big;
+ if (hcon) {
+ /* Update hcon QoS */
+ hcon->iso_qos = *qos;
- pdu->handle = qos->bcast.big;
- pdu->sync_handle = cpu_to_le16(sync_handle);
- pdu->encryption = qos->bcast.encryption;
- memcpy(pdu->bcode, qos->bcast.bcode, sizeof(pdu->bcode));
- pdu->mse = qos->bcast.mse;
- pdu->timeout = cpu_to_le16(qos->bcast.timeout);
- pdu->num_bis = num_bis;
- memcpy(pdu->bis, bis, num_bis);
+ hcon->num_bis = num_bis;
+ memcpy(hcon->bis, bis, num_bis);
+ }
- return hci_send_cmd(hdev, HCI_OP_LE_BIG_CREATE_SYNC,
- struct_size(pdu, bis, num_bis), pdu);
+ return hci_le_big_create_sync_pending(hdev);
}
static void create_big_complete(struct hci_dev *hdev, void *data, int err)
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 63504248d58dd..aa39929fa379a 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -6913,7 +6913,7 @@ static void hci_le_big_sync_established_evt(struct hci_dev *hdev, void *data,
struct sk_buff *skb)
{
struct hci_evt_le_big_sync_estabilished *ev = data;
- struct hci_conn *bis;
+ struct hci_conn *bis, *conn;
int i;
bt_dev_dbg(hdev, "status 0x%2.2x", ev->status);
@@ -6924,6 +6924,20 @@ static void hci_le_big_sync_established_evt(struct hci_dev *hdev, void *data,
hci_dev_lock(hdev);
+ conn = hci_conn_hash_lookup_big_sync_pend(hdev, ev->handle,
+ ev->num_bis);
+ if (!conn) {
+ bt_dev_err(hdev,
+ "Unable to find connection for big 0x%2.2x",
+ ev->handle);
+ goto unlock;
+ }
+
+ clear_bit(HCI_CONN_CREATE_BIG_SYNC, &conn->flags);
+
+ conn->num_bis = 0;
+ memset(conn->bis, 0, sizeof(conn->num_bis));
+
for (i = 0; i < ev->num_bis; i++) {
u16 handle = le16_to_cpu(ev->bis[i]);
__le32 interval;
@@ -6973,6 +6987,10 @@ static void hci_le_big_sync_established_evt(struct hci_dev *hdev, void *data,
hci_connect_cfm(bis, ev->status);
}
+unlock:
+ /* Handle any other pending BIG sync command */
+ hci_le_big_create_sync_pending(hdev);
+
hci_dev_unlock(hdev);
}
diff --git a/net/bluetooth/iso.c b/net/bluetooth/iso.c
index 109bf58c982ae..463c61712b249 100644
--- a/net/bluetooth/iso.c
+++ b/net/bluetooth/iso.c
@@ -1996,6 +1996,7 @@ int iso_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags)
if (sk) {
int err;
+ struct hci_conn *hcon = iso_pi(sk)->conn->hcon;
iso_pi(sk)->qos.bcast.encryption = ev2->encryption;
@@ -2004,7 +2005,8 @@ int iso_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags)
if (!test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags) &&
!test_and_set_bit(BT_SK_BIG_SYNC, &iso_pi(sk)->flags)) {
- err = hci_le_big_create_sync(hdev, NULL,
+ err = hci_le_big_create_sync(hdev,
+ hcon,
&iso_pi(sk)->qos,
iso_pi(sk)->sync_handle,
iso_pi(sk)->bc_num_bis,
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 363/817] Bluetooth: ISO: Send BIG Create Sync via hci_sync
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (361 preceding siblings ...)
2024-12-03 14:38 ` [PATCH 6.11 362/817] Bluetooth: ISO: Do not emit LE BIG " Greg Kroah-Hartman
@ 2024-12-03 14:38 ` Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 364/817] Bluetooth: fix use-after-free in device_for_each_child() Greg Kroah-Hartman
` (463 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Iulia Tanasescu,
Luiz Augusto von Dentz, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Iulia Tanasescu <iulia.tanasescu@nxp.com>
[ Upstream commit 07a9342b94a91b306ed1cf6aa8254aea210764c9 ]
Before issuing the LE BIG Create Sync command, an available BIG handle
is chosen by iterating through the conn_hash list and finding the first
unused value.
If a BIG is terminated, the associated hcons are removed from the list
and the LE BIG Terminate Sync command is sent via hci_sync queue.
However, a new LE BIG Create sync command might be issued via
hci_send_cmd, before the previous BIG sync was terminated. This
can cause the same BIG handle to be reused and the LE BIG Create Sync
to fail with Command Disallowed.
< HCI Command: LE Broadcast Isochronous Group Create Sync (0x08|0x006b)
BIG Handle: 0x00
BIG Sync Handle: 0x0002
Encryption: Unencrypted (0x00)
Broadcast Code[16]: 00000000000000000000000000000000
Maximum Number Subevents: 0x00
Timeout: 20000 ms (0x07d0)
Number of BIS: 1
BIS ID: 0x01
> HCI Event: Command Status (0x0f) plen 4
LE Broadcast Isochronous Group Create Sync (0x08|0x006b) ncmd 1
Status: Command Disallowed (0x0c)
< HCI Command: LE Broadcast Isochronous Group Terminate Sync (0x08|0x006c)
BIG Handle: 0x00
This commit fixes the ordering of the LE BIG Create Sync/LE BIG Terminate
Sync commands, to make sure that either the previous BIG sync is
terminated before reusing the handle, or that a new handle is chosen
for a new sync.
Fixes: eca0ae4aea66 ("Bluetooth: Add initial implementation of BIS connections")
Signed-off-by: Iulia Tanasescu <iulia.tanasescu@nxp.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/bluetooth/hci_conn.c | 17 ++++++++++++++++-
net/bluetooth/iso.c | 9 +++++++++
2 files changed, 25 insertions(+), 1 deletion(-)
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
index b2bb14055a759..cc3253e9d41d0 100644
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -2189,7 +2189,15 @@ static bool hci_conn_check_create_big_sync(struct hci_conn *conn)
return true;
}
-int hci_le_big_create_sync_pending(struct hci_dev *hdev)
+static void big_create_sync_complete(struct hci_dev *hdev, void *data, int err)
+{
+ bt_dev_dbg(hdev, "");
+
+ if (err)
+ bt_dev_err(hdev, "Unable to create BIG sync: %d", err);
+}
+
+static int big_create_sync(struct hci_dev *hdev, void *data)
{
DEFINE_FLEX(struct hci_cp_le_big_create_sync, pdu, bis, num_bis, 0x11);
struct hci_conn *conn;
@@ -2246,6 +2254,13 @@ int hci_le_big_create_sync_pending(struct hci_dev *hdev)
struct_size(pdu, bis, pdu->num_bis), pdu);
}
+int hci_le_big_create_sync_pending(struct hci_dev *hdev)
+{
+ /* Queue big_create_sync */
+ return hci_cmd_sync_queue_once(hdev, big_create_sync,
+ NULL, big_create_sync_complete);
+}
+
int hci_le_big_create_sync(struct hci_dev *hdev, struct hci_conn *hcon,
struct bt_iso_qos *qos,
__u16 sync_handle, __u8 num_bis, __u8 bis[])
diff --git a/net/bluetooth/iso.c b/net/bluetooth/iso.c
index 463c61712b249..5e2d9758bd3c1 100644
--- a/net/bluetooth/iso.c
+++ b/net/bluetooth/iso.c
@@ -1392,6 +1392,13 @@ static void iso_conn_big_sync(struct sock *sk)
if (!hdev)
return;
+ /* hci_le_big_create_sync requires hdev lock to be held, since
+ * it enqueues the HCI LE BIG Create Sync command via
+ * hci_cmd_sync_queue_once, which checks hdev flags that might
+ * change.
+ */
+ hci_dev_lock(hdev);
+
if (!test_and_set_bit(BT_SK_BIG_SYNC, &iso_pi(sk)->flags)) {
err = hci_le_big_create_sync(hdev, iso_pi(sk)->conn->hcon,
&iso_pi(sk)->qos,
@@ -1402,6 +1409,8 @@ static void iso_conn_big_sync(struct sock *sk)
bt_dev_err(hdev, "hci_le_big_create_sync: %d",
err);
}
+
+ hci_dev_unlock(hdev);
}
static int iso_sock_recvmsg(struct socket *sock, struct msghdr *msg,
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 364/817] Bluetooth: fix use-after-free in device_for_each_child()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (362 preceding siblings ...)
2024-12-03 14:38 ` [PATCH 6.11 363/817] Bluetooth: ISO: Send BIG Create Sync via hci_sync Greg Kroah-Hartman
@ 2024-12-03 14:38 ` Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 365/817] xsk: Free skb when TX metadata options are invalid Greg Kroah-Hartman
` (462 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+6cf5652d3df49fae2e3f,
Dmitry Antipov, Luiz Augusto von Dentz, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dmitry Antipov <dmantipov@yandex.ru>
[ Upstream commit 27aabf27fd014ae037cc179c61b0bee7cff55b3d ]
Syzbot has reported the following KASAN splat:
BUG: KASAN: slab-use-after-free in device_for_each_child+0x18f/0x1a0
Read of size 8 at addr ffff88801f605308 by task kbnepd bnep0/4980
CPU: 0 UID: 0 PID: 4980 Comm: kbnepd bnep0 Not tainted 6.12.0-rc4-00161-gae90f6a6170d #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014
Call Trace:
<TASK>
dump_stack_lvl+0x100/0x190
? device_for_each_child+0x18f/0x1a0
print_report+0x13a/0x4cb
? __virt_addr_valid+0x5e/0x590
? __phys_addr+0xc6/0x150
? device_for_each_child+0x18f/0x1a0
kasan_report+0xda/0x110
? device_for_each_child+0x18f/0x1a0
? __pfx_dev_memalloc_noio+0x10/0x10
device_for_each_child+0x18f/0x1a0
? __pfx_device_for_each_child+0x10/0x10
pm_runtime_set_memalloc_noio+0xf2/0x180
netdev_unregister_kobject+0x1ed/0x270
unregister_netdevice_many_notify+0x123c/0x1d80
? __mutex_trylock_common+0xde/0x250
? __pfx_unregister_netdevice_many_notify+0x10/0x10
? trace_contention_end+0xe6/0x140
? __mutex_lock+0x4e7/0x8f0
? __pfx_lock_acquire.part.0+0x10/0x10
? rcu_is_watching+0x12/0xc0
? unregister_netdev+0x12/0x30
unregister_netdevice_queue+0x30d/0x3f0
? __pfx_unregister_netdevice_queue+0x10/0x10
? __pfx_down_write+0x10/0x10
unregister_netdev+0x1c/0x30
bnep_session+0x1fb3/0x2ab0
? __pfx_bnep_session+0x10/0x10
? __pfx_lock_release+0x10/0x10
? __pfx_woken_wake_function+0x10/0x10
? __kthread_parkme+0x132/0x200
? __pfx_bnep_session+0x10/0x10
? kthread+0x13a/0x370
? __pfx_bnep_session+0x10/0x10
kthread+0x2b7/0x370
? __pfx_kthread+0x10/0x10
ret_from_fork+0x48/0x80
? __pfx_kthread+0x10/0x10
ret_from_fork_asm+0x1a/0x30
</TASK>
Allocated by task 4974:
kasan_save_stack+0x30/0x50
kasan_save_track+0x14/0x30
__kasan_kmalloc+0xaa/0xb0
__kmalloc_noprof+0x1d1/0x440
hci_alloc_dev_priv+0x1d/0x2820
__vhci_create_device+0xef/0x7d0
vhci_write+0x2c7/0x480
vfs_write+0x6a0/0xfc0
ksys_write+0x12f/0x260
do_syscall_64+0xc7/0x250
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Freed by task 4979:
kasan_save_stack+0x30/0x50
kasan_save_track+0x14/0x30
kasan_save_free_info+0x3b/0x60
__kasan_slab_free+0x4f/0x70
kfree+0x141/0x490
hci_release_dev+0x4d9/0x600
bt_host_release+0x6a/0xb0
device_release+0xa4/0x240
kobject_put+0x1ec/0x5a0
put_device+0x1f/0x30
vhci_release+0x81/0xf0
__fput+0x3f6/0xb30
task_work_run+0x151/0x250
do_exit+0xa79/0x2c30
do_group_exit+0xd5/0x2a0
get_signal+0x1fcd/0x2210
arch_do_signal_or_restart+0x93/0x780
syscall_exit_to_user_mode+0x140/0x290
do_syscall_64+0xd4/0x250
entry_SYSCALL_64_after_hwframe+0x77/0x7f
In 'hci_conn_del_sysfs()', 'device_unregister()' may be called when
an underlying (kobject) reference counter is greater than 1. This
means that reparenting (happened when the device is actually freed)
is delayed and, during that delay, parent controller device (hciX)
may be deleted. Since the latter may create a dangling pointer to
freed parent, avoid that scenario by reparenting to NULL explicitly.
Reported-by: syzbot+6cf5652d3df49fae2e3f@syzkaller.appspotmail.com
Tested-by: syzbot+6cf5652d3df49fae2e3f@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=6cf5652d3df49fae2e3f
Fixes: a85fb91e3d72 ("Bluetooth: Fix double free in hci_conn_cleanup")
Signed-off-by: Dmitry Antipov <dmantipov@yandex.ru>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/bluetooth/hci_sysfs.c | 15 ++++-----------
1 file changed, 4 insertions(+), 11 deletions(-)
diff --git a/net/bluetooth/hci_sysfs.c b/net/bluetooth/hci_sysfs.c
index 367e32fe30eb8..4b54dbbf0729a 100644
--- a/net/bluetooth/hci_sysfs.c
+++ b/net/bluetooth/hci_sysfs.c
@@ -21,16 +21,6 @@ static const struct device_type bt_link = {
.release = bt_link_release,
};
-/*
- * The rfcomm tty device will possibly retain even when conn
- * is down, and sysfs doesn't support move zombie device,
- * so we should move the device before conn device is destroyed.
- */
-static int __match_tty(struct device *dev, void *data)
-{
- return !strncmp(dev_name(dev), "rfcomm", 6);
-}
-
void hci_conn_init_sysfs(struct hci_conn *conn)
{
struct hci_dev *hdev = conn->hdev;
@@ -73,10 +63,13 @@ void hci_conn_del_sysfs(struct hci_conn *conn)
return;
}
+ /* If there are devices using the connection as parent reset it to NULL
+ * before unregistering the device.
+ */
while (1) {
struct device *dev;
- dev = device_find_child(&conn->dev, NULL, __match_tty);
+ dev = device_find_any_child(&conn->dev);
if (!dev)
break;
device_move(dev, NULL, DPM_ORDER_DEV_LAST);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 365/817] xsk: Free skb when TX metadata options are invalid
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (363 preceding siblings ...)
2024-12-03 14:38 ` [PATCH 6.11 364/817] Bluetooth: fix use-after-free in device_for_each_child() Greg Kroah-Hartman
@ 2024-12-03 14:38 ` Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 366/817] erofs: handle NONHEAD !delta[1] lclusters gracefully Greg Kroah-Hartman
` (461 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Michal Schmidt, Felix Maurer,
Toke Høiland-Jørgensen, Stanislav Fomichev,
Martin KaFai Lau, Jakub Kicinski, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Felix Maurer <fmaurer@redhat.com>
[ Upstream commit 0c0d0f42ffa6ac94cd79893b7ed419c15e1b45de ]
When a new skb is allocated for transmitting an xsk descriptor, i.e., for
every non-multibuf descriptor or the first frag of a multibuf descriptor,
but the descriptor is later found to have invalid options set for the TX
metadata, the new skb is never freed. This can leak skbs until the send
buffer is full which makes sending more packets impossible.
Fix this by freeing the skb in the error path if we are currently dealing
with the first frag, i.e., an skb allocated in this iteration of
xsk_build_skb.
Fixes: 48eb03dd2630 ("xsk: Add TX timestamp and TX checksum offload support")
Reported-by: Michal Schmidt <mschmidt@redhat.com>
Signed-off-by: Felix Maurer <fmaurer@redhat.com>
Reviewed-by: Toke Høiland-Jørgensen <toke@redhat.com>
Acked-by: Stanislav Fomichev <sdf@fomichev.me>
Acked-by: Martin KaFai Lau <martin.lau@kernel.org>
Link: https://patch.msgid.link/edb9b00fb19e680dff5a3350cd7581c5927975a8.1731581697.git.fmaurer@redhat.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/xdp/xsk.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/net/xdp/xsk.c b/net/xdp/xsk.c
index 7e16336044b2d..6c042e03dad3c 100644
--- a/net/xdp/xsk.c
+++ b/net/xdp/xsk.c
@@ -675,6 +675,8 @@ static struct sk_buff *xsk_build_skb(struct xdp_sock *xs,
len = desc->len;
if (!skb) {
+ first_frag = true;
+
hr = max(NET_SKB_PAD, L1_CACHE_ALIGN(dev->needed_headroom));
tr = dev->needed_tailroom;
skb = sock_alloc_send_skb(&xs->sk, hr + len + tr, 1, &err);
@@ -685,12 +687,8 @@ static struct sk_buff *xsk_build_skb(struct xdp_sock *xs,
skb_put(skb, len);
err = skb_store_bits(skb, 0, buffer, len);
- if (unlikely(err)) {
- kfree_skb(skb);
+ if (unlikely(err))
goto free_err;
- }
-
- first_frag = true;
} else {
int nr_frags = skb_shinfo(skb)->nr_frags;
struct page *page;
@@ -758,6 +756,9 @@ static struct sk_buff *xsk_build_skb(struct xdp_sock *xs,
return skb;
free_err:
+ if (first_frag && skb)
+ kfree_skb(skb);
+
if (err == -EOVERFLOW) {
/* Drop the packet */
xsk_set_destructor_arg(xs->skb);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 366/817] erofs: handle NONHEAD !delta[1] lclusters gracefully
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (364 preceding siblings ...)
2024-12-03 14:38 ` [PATCH 6.11 365/817] xsk: Free skb when TX metadata options are invalid Greg Kroah-Hartman
@ 2024-12-03 14:38 ` Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 367/817] dlm: fix dlm_recover_members refcount on error Greg Kroah-Hartman
` (460 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+6c0b301317aa0156f9eb,
Gao Xiang, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Gao Xiang <hsiangkao@linux.alibaba.com>
[ Upstream commit 0bc8061ffc733a0a246b8689b2d32a3e9204f43c ]
syzbot reported a WARNING in iomap_iter_done:
iomap_fiemap+0x73b/0x9b0 fs/iomap/fiemap.c:80
ioctl_fiemap fs/ioctl.c:220 [inline]
Generally, NONHEAD lclusters won't have delta[1]==0, except for crafted
images and filesystems created by pre-1.0 mkfs versions.
Previously, it would immediately bail out if delta[1]==0, which led to
inadequate decompressed lengths (thus FIEMAP is impacted). Treat it as
delta[1]=1 to work around these legacy mkfs versions.
`lclusterbits > 14` is illegal for compact indexes, error out too.
Reported-by: syzbot+6c0b301317aa0156f9eb@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/r/67373c0c.050a0220.2a2fcc.0079.GAE@google.com
Tested-by: syzbot+6c0b301317aa0156f9eb@syzkaller.appspotmail.com
Fixes: d95ae5e25326 ("erofs: add support for the full decompressed length")
Fixes: 001b8ccd0650 ("erofs: fix compact 4B support for 16k block size")
Signed-off-by: Gao Xiang <hsiangkao@linux.alibaba.com>
Link: https://lore.kernel.org/r/20241115173651.3339514-1-hsiangkao@linux.alibaba.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/erofs/zmap.c | 17 +++++++++--------
1 file changed, 9 insertions(+), 8 deletions(-)
diff --git a/fs/erofs/zmap.c b/fs/erofs/zmap.c
index 403af6e31d5b2..8d28cfc6a4b83 100644
--- a/fs/erofs/zmap.c
+++ b/fs/erofs/zmap.c
@@ -223,7 +223,7 @@ static int z_erofs_load_compact_lcluster(struct z_erofs_maprecorder *m,
unsigned int amortizedshift;
erofs_off_t pos;
- if (lcn >= totalidx)
+ if (lcn >= totalidx || vi->z_logical_clusterbits > 14)
return -EINVAL;
m->lcn = lcn;
@@ -398,7 +398,7 @@ static int z_erofs_get_extent_decompressedlen(struct z_erofs_maprecorder *m)
u64 lcn = m->lcn, headlcn = map->m_la >> lclusterbits;
int err;
- do {
+ while (1) {
/* handle the last EOF pcluster (no next HEAD lcluster) */
if ((lcn << lclusterbits) >= inode->i_size) {
map->m_llen = inode->i_size - map->m_la;
@@ -410,14 +410,16 @@ static int z_erofs_get_extent_decompressedlen(struct z_erofs_maprecorder *m)
return err;
if (m->type == Z_EROFS_LCLUSTER_TYPE_NONHEAD) {
- DBG_BUGON(!m->delta[1] &&
- m->clusterofs != 1 << lclusterbits);
+ /* work around invalid d1 generated by pre-1.0 mkfs */
+ if (unlikely(!m->delta[1])) {
+ m->delta[1] = 1;
+ DBG_BUGON(1);
+ }
} else if (m->type == Z_EROFS_LCLUSTER_TYPE_PLAIN ||
m->type == Z_EROFS_LCLUSTER_TYPE_HEAD1 ||
m->type == Z_EROFS_LCLUSTER_TYPE_HEAD2) {
- /* go on until the next HEAD lcluster */
if (lcn != headlcn)
- break;
+ break; /* ends at the next HEAD lcluster */
m->delta[1] = 1;
} else {
erofs_err(inode->i_sb, "unknown type %u @ lcn %llu of nid %llu",
@@ -426,8 +428,7 @@ static int z_erofs_get_extent_decompressedlen(struct z_erofs_maprecorder *m)
return -EOPNOTSUPP;
}
lcn += m->delta[1];
- } while (m->delta[1]);
-
+ }
map->m_llen = (lcn << lclusterbits) + m->clusterofs - map->m_la;
return 0;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 367/817] dlm: fix dlm_recover_members refcount on error
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (365 preceding siblings ...)
2024-12-03 14:38 ` [PATCH 6.11 366/817] erofs: handle NONHEAD !delta[1] lclusters gracefully Greg Kroah-Hartman
@ 2024-12-03 14:38 ` Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 368/817] eth: fbnic: dont disable the PCI device twice Greg Kroah-Hartman
` (459 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Alexander Aring, David Teigland,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alexander Aring <aahringo@redhat.com>
[ Upstream commit 200b977ebbc313a59174ba971006a231b3533dc5 ]
If dlm_recover_members() fails we don't drop the references of the
previous created root_list that holds and keep all rsbs alive during the
recovery. It might be not an unlikely event because ping_members() could
run into an -EINTR if another recovery progress was triggered again.
Fixes: 3a747f4a2ee8 ("dlm: move rsb root_list to ls_recover() stack")
Signed-off-by: Alexander Aring <aahringo@redhat.com>
Signed-off-by: David Teigland <teigland@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/dlm/recoverd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/dlm/recoverd.c b/fs/dlm/recoverd.c
index 34f4f9f49a6ce..12272a8f6d75f 100644
--- a/fs/dlm/recoverd.c
+++ b/fs/dlm/recoverd.c
@@ -151,7 +151,7 @@ static int ls_recover(struct dlm_ls *ls, struct dlm_recover *rv)
error = dlm_recover_members(ls, rv, &neg);
if (error) {
log_rinfo(ls, "dlm_recover_members error %d", error);
- goto fail;
+ goto fail_root_list;
}
dlm_recover_dir_nodeid(ls, &root_list);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 368/817] eth: fbnic: dont disable the PCI device twice
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (366 preceding siblings ...)
2024-12-03 14:38 ` [PATCH 6.11 367/817] dlm: fix dlm_recover_members refcount on error Greg Kroah-Hartman
@ 2024-12-03 14:39 ` Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 369/817] net: txgbe: remove GPIO interrupt controller Greg Kroah-Hartman
` (458 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Simon Horman, Jakub Kicinski,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jakub Kicinski <kuba@kernel.org>
[ Upstream commit 62e9c00ea868ceb71156c517747dc69316c25bf1 ]
We use pcim_enable_device(), there is no need to call pci_disable_device().
Fixes: 546dd90be979 ("eth: fbnic: Add scaffolding for Meta's NIC driver")
Reviewed-by: Simon Horman <horms@kernel.org>
Link: https://patch.msgid.link/20241115014809.754860-1-kuba@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/meta/fbnic/fbnic_pci.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/drivers/net/ethernet/meta/fbnic/fbnic_pci.c b/drivers/net/ethernet/meta/fbnic/fbnic_pci.c
index a4809fe0fc249..268489b15616f 100644
--- a/drivers/net/ethernet/meta/fbnic/fbnic_pci.c
+++ b/drivers/net/ethernet/meta/fbnic/fbnic_pci.c
@@ -319,7 +319,6 @@ static int fbnic_probe(struct pci_dev *pdev, const struct pci_device_id *ent)
free_irqs:
fbnic_free_irqs(fbd);
free_fbd:
- pci_disable_device(pdev);
fbnic_devlink_free(fbd);
return err;
@@ -349,7 +348,6 @@ static void fbnic_remove(struct pci_dev *pdev)
fbnic_fw_disable_mbx(fbd);
fbnic_free_irqs(fbd);
- pci_disable_device(pdev);
fbnic_devlink_free(fbd);
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 369/817] net: txgbe: remove GPIO interrupt controller
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (367 preceding siblings ...)
2024-12-03 14:39 ` [PATCH 6.11 368/817] eth: fbnic: dont disable the PCI device twice Greg Kroah-Hartman
@ 2024-12-03 14:39 ` Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 370/817] net: txgbe: fix null pointer to pcs Greg Kroah-Hartman
` (457 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:39 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Jiawen Wu, Jakub Kicinski,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jiawen Wu <jiawenwu@trustnetic.com>
[ Upstream commit e867ed3ac8aa50945170723a450b5c068a56339a ]
Since the GPIO interrupt controller is always not working properly, we need
to constantly add workaround to cope with hardware deficiencies. So just
remove GPIO interrupt controller, and let the SFP driver poll the GPIO
status.
Fixes: b4a2496c17ed ("net: txgbe: fix GPIO interrupt blocking")
Signed-off-by: Jiawen Wu <jiawenwu@trustnetic.com>
Link: https://patch.msgid.link/20241115071527.1129458-1-jiawenwu@trustnetic.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../net/ethernet/wangxun/txgbe/txgbe_irq.c | 24 +--
.../net/ethernet/wangxun/txgbe/txgbe_main.c | 1 -
.../net/ethernet/wangxun/txgbe/txgbe_phy.c | 166 ------------------
.../net/ethernet/wangxun/txgbe/txgbe_phy.h | 2 -
.../net/ethernet/wangxun/txgbe/txgbe_type.h | 7 +-
5 files changed, 4 insertions(+), 196 deletions(-)
diff --git a/drivers/net/ethernet/wangxun/txgbe/txgbe_irq.c b/drivers/net/ethernet/wangxun/txgbe/txgbe_irq.c
index a4cf682dca650..0ee73a265545c 100644
--- a/drivers/net/ethernet/wangxun/txgbe/txgbe_irq.c
+++ b/drivers/net/ethernet/wangxun/txgbe/txgbe_irq.c
@@ -72,14 +72,6 @@ int txgbe_request_queue_irqs(struct wx *wx)
return err;
}
-static int txgbe_request_gpio_irq(struct txgbe *txgbe)
-{
- txgbe->gpio_irq = irq_find_mapping(txgbe->misc.domain, TXGBE_IRQ_GPIO);
- return request_threaded_irq(txgbe->gpio_irq, NULL,
- txgbe_gpio_irq_handler,
- IRQF_ONESHOT, "txgbe-gpio-irq", txgbe);
-}
-
static int txgbe_request_link_irq(struct txgbe *txgbe)
{
txgbe->link_irq = irq_find_mapping(txgbe->misc.domain, TXGBE_IRQ_LINK);
@@ -149,11 +141,6 @@ static irqreturn_t txgbe_misc_irq_thread_fn(int irq, void *data)
u32 eicr;
eicr = wx_misc_isb(wx, WX_ISB_MISC);
- if (eicr & TXGBE_PX_MISC_GPIO) {
- sub_irq = irq_find_mapping(txgbe->misc.domain, TXGBE_IRQ_GPIO);
- handle_nested_irq(sub_irq);
- nhandled++;
- }
if (eicr & (TXGBE_PX_MISC_ETH_LK | TXGBE_PX_MISC_ETH_LKDN |
TXGBE_PX_MISC_ETH_AN)) {
sub_irq = irq_find_mapping(txgbe->misc.domain, TXGBE_IRQ_LINK);
@@ -179,7 +166,6 @@ static void txgbe_del_irq_domain(struct txgbe *txgbe)
void txgbe_free_misc_irq(struct txgbe *txgbe)
{
- free_irq(txgbe->gpio_irq, txgbe);
free_irq(txgbe->link_irq, txgbe);
free_irq(txgbe->misc.irq, txgbe);
txgbe_del_irq_domain(txgbe);
@@ -191,7 +177,7 @@ int txgbe_setup_misc_irq(struct txgbe *txgbe)
struct wx *wx = txgbe->wx;
int hwirq, err;
- txgbe->misc.nirqs = 2;
+ txgbe->misc.nirqs = 1;
txgbe->misc.domain = irq_domain_add_simple(NULL, txgbe->misc.nirqs, 0,
&txgbe_misc_irq_domain_ops, txgbe);
if (!txgbe->misc.domain)
@@ -216,20 +202,14 @@ int txgbe_setup_misc_irq(struct txgbe *txgbe)
if (err)
goto del_misc_irq;
- err = txgbe_request_gpio_irq(txgbe);
- if (err)
- goto free_msic_irq;
-
err = txgbe_request_link_irq(txgbe);
if (err)
- goto free_gpio_irq;
+ goto free_msic_irq;
wx->misc_irq_domain = true;
return 0;
-free_gpio_irq:
- free_irq(txgbe->gpio_irq, txgbe);
free_msic_irq:
free_irq(txgbe->misc.irq, txgbe);
del_misc_irq:
diff --git a/drivers/net/ethernet/wangxun/txgbe/txgbe_main.c b/drivers/net/ethernet/wangxun/txgbe/txgbe_main.c
index 93180225a6f14..f774502680364 100644
--- a/drivers/net/ethernet/wangxun/txgbe/txgbe_main.c
+++ b/drivers/net/ethernet/wangxun/txgbe/txgbe_main.c
@@ -82,7 +82,6 @@ static void txgbe_up_complete(struct wx *wx)
{
struct net_device *netdev = wx->netdev;
- txgbe_reinit_gpio_intr(wx);
wx_control_hw(wx, true);
wx_configure_vectors(wx);
diff --git a/drivers/net/ethernet/wangxun/txgbe/txgbe_phy.c b/drivers/net/ethernet/wangxun/txgbe/txgbe_phy.c
index 5f502265f0a63..119cbd3466011 100644
--- a/drivers/net/ethernet/wangxun/txgbe/txgbe_phy.c
+++ b/drivers/net/ethernet/wangxun/txgbe/txgbe_phy.c
@@ -358,169 +358,8 @@ static int txgbe_gpio_direction_out(struct gpio_chip *chip, unsigned int offset,
return 0;
}
-static void txgbe_gpio_irq_ack(struct irq_data *d)
-{
- struct gpio_chip *gc = irq_data_get_irq_chip_data(d);
- irq_hw_number_t hwirq = irqd_to_hwirq(d);
- struct wx *wx = gpiochip_get_data(gc);
- unsigned long flags;
-
- raw_spin_lock_irqsave(&wx->gpio_lock, flags);
- wr32(wx, WX_GPIO_EOI, BIT(hwirq));
- raw_spin_unlock_irqrestore(&wx->gpio_lock, flags);
-}
-
-static void txgbe_gpio_irq_mask(struct irq_data *d)
-{
- struct gpio_chip *gc = irq_data_get_irq_chip_data(d);
- irq_hw_number_t hwirq = irqd_to_hwirq(d);
- struct wx *wx = gpiochip_get_data(gc);
- unsigned long flags;
-
- gpiochip_disable_irq(gc, hwirq);
-
- raw_spin_lock_irqsave(&wx->gpio_lock, flags);
- wr32m(wx, WX_GPIO_INTMASK, BIT(hwirq), BIT(hwirq));
- raw_spin_unlock_irqrestore(&wx->gpio_lock, flags);
-}
-
-static void txgbe_gpio_irq_unmask(struct irq_data *d)
-{
- struct gpio_chip *gc = irq_data_get_irq_chip_data(d);
- irq_hw_number_t hwirq = irqd_to_hwirq(d);
- struct wx *wx = gpiochip_get_data(gc);
- unsigned long flags;
-
- gpiochip_enable_irq(gc, hwirq);
-
- raw_spin_lock_irqsave(&wx->gpio_lock, flags);
- wr32m(wx, WX_GPIO_INTMASK, BIT(hwirq), 0);
- raw_spin_unlock_irqrestore(&wx->gpio_lock, flags);
-}
-
-static void txgbe_toggle_trigger(struct gpio_chip *gc, unsigned int offset)
-{
- struct wx *wx = gpiochip_get_data(gc);
- u32 pol, val;
-
- pol = rd32(wx, WX_GPIO_POLARITY);
- val = rd32(wx, WX_GPIO_EXT);
-
- if (val & BIT(offset))
- pol &= ~BIT(offset);
- else
- pol |= BIT(offset);
-
- wr32(wx, WX_GPIO_POLARITY, pol);
-}
-
-static int txgbe_gpio_set_type(struct irq_data *d, unsigned int type)
-{
- struct gpio_chip *gc = irq_data_get_irq_chip_data(d);
- irq_hw_number_t hwirq = irqd_to_hwirq(d);
- struct wx *wx = gpiochip_get_data(gc);
- u32 level, polarity, mask;
- unsigned long flags;
-
- mask = BIT(hwirq);
-
- if (type & IRQ_TYPE_LEVEL_MASK) {
- level = 0;
- irq_set_handler_locked(d, handle_level_irq);
- } else {
- level = mask;
- irq_set_handler_locked(d, handle_edge_irq);
- }
-
- if (type == IRQ_TYPE_EDGE_RISING || type == IRQ_TYPE_LEVEL_HIGH)
- polarity = mask;
- else
- polarity = 0;
-
- raw_spin_lock_irqsave(&wx->gpio_lock, flags);
-
- wr32m(wx, WX_GPIO_INTEN, mask, mask);
- wr32m(wx, WX_GPIO_INTTYPE_LEVEL, mask, level);
- if (type == IRQ_TYPE_EDGE_BOTH)
- txgbe_toggle_trigger(gc, hwirq);
- else
- wr32m(wx, WX_GPIO_POLARITY, mask, polarity);
-
- raw_spin_unlock_irqrestore(&wx->gpio_lock, flags);
-
- return 0;
-}
-
-static const struct irq_chip txgbe_gpio_irq_chip = {
- .name = "txgbe-gpio-irq",
- .irq_ack = txgbe_gpio_irq_ack,
- .irq_mask = txgbe_gpio_irq_mask,
- .irq_unmask = txgbe_gpio_irq_unmask,
- .irq_set_type = txgbe_gpio_set_type,
- .flags = IRQCHIP_IMMUTABLE,
- GPIOCHIP_IRQ_RESOURCE_HELPERS,
-};
-
-irqreturn_t txgbe_gpio_irq_handler(int irq, void *data)
-{
- struct txgbe *txgbe = data;
- struct wx *wx = txgbe->wx;
- irq_hw_number_t hwirq;
- unsigned long gpioirq;
- struct gpio_chip *gc;
- unsigned long flags;
-
- gpioirq = rd32(wx, WX_GPIO_INTSTATUS);
-
- gc = txgbe->gpio;
- for_each_set_bit(hwirq, &gpioirq, gc->ngpio) {
- int gpio = irq_find_mapping(gc->irq.domain, hwirq);
- struct irq_data *d = irq_get_irq_data(gpio);
- u32 irq_type = irq_get_trigger_type(gpio);
-
- txgbe_gpio_irq_ack(d);
- handle_nested_irq(gpio);
-
- if ((irq_type & IRQ_TYPE_SENSE_MASK) == IRQ_TYPE_EDGE_BOTH) {
- raw_spin_lock_irqsave(&wx->gpio_lock, flags);
- txgbe_toggle_trigger(gc, hwirq);
- raw_spin_unlock_irqrestore(&wx->gpio_lock, flags);
- }
- }
-
- return IRQ_HANDLED;
-}
-
-void txgbe_reinit_gpio_intr(struct wx *wx)
-{
- struct txgbe *txgbe = wx->priv;
- irq_hw_number_t hwirq;
- unsigned long gpioirq;
- struct gpio_chip *gc;
- unsigned long flags;
-
- /* for gpio interrupt pending before irq enable */
- gpioirq = rd32(wx, WX_GPIO_INTSTATUS);
-
- gc = txgbe->gpio;
- for_each_set_bit(hwirq, &gpioirq, gc->ngpio) {
- int gpio = irq_find_mapping(gc->irq.domain, hwirq);
- struct irq_data *d = irq_get_irq_data(gpio);
- u32 irq_type = irq_get_trigger_type(gpio);
-
- txgbe_gpio_irq_ack(d);
-
- if ((irq_type & IRQ_TYPE_SENSE_MASK) == IRQ_TYPE_EDGE_BOTH) {
- raw_spin_lock_irqsave(&wx->gpio_lock, flags);
- txgbe_toggle_trigger(gc, hwirq);
- raw_spin_unlock_irqrestore(&wx->gpio_lock, flags);
- }
- }
-}
-
static int txgbe_gpio_init(struct txgbe *txgbe)
{
- struct gpio_irq_chip *girq;
struct gpio_chip *gc;
struct device *dev;
struct wx *wx;
@@ -550,11 +389,6 @@ static int txgbe_gpio_init(struct txgbe *txgbe)
gc->direction_input = txgbe_gpio_direction_in;
gc->direction_output = txgbe_gpio_direction_out;
- girq = &gc->irq;
- gpio_irq_chip_set_chip(girq, &txgbe_gpio_irq_chip);
- girq->default_type = IRQ_TYPE_NONE;
- girq->handler = handle_bad_irq;
-
ret = devm_gpiochip_add_data(dev, gc, wx);
if (ret)
return ret;
diff --git a/drivers/net/ethernet/wangxun/txgbe/txgbe_phy.h b/drivers/net/ethernet/wangxun/txgbe/txgbe_phy.h
index 8a026d804fe24..3938985355ed6 100644
--- a/drivers/net/ethernet/wangxun/txgbe/txgbe_phy.h
+++ b/drivers/net/ethernet/wangxun/txgbe/txgbe_phy.h
@@ -4,8 +4,6 @@
#ifndef _TXGBE_PHY_H_
#define _TXGBE_PHY_H_
-irqreturn_t txgbe_gpio_irq_handler(int irq, void *data);
-void txgbe_reinit_gpio_intr(struct wx *wx);
irqreturn_t txgbe_link_irq_handler(int irq, void *data);
int txgbe_init_phy(struct txgbe *txgbe);
void txgbe_remove_phy(struct txgbe *txgbe);
diff --git a/drivers/net/ethernet/wangxun/txgbe/txgbe_type.h b/drivers/net/ethernet/wangxun/txgbe/txgbe_type.h
index 959102c4c3797..8ea413a7abe9d 100644
--- a/drivers/net/ethernet/wangxun/txgbe/txgbe_type.h
+++ b/drivers/net/ethernet/wangxun/txgbe/txgbe_type.h
@@ -75,8 +75,7 @@
#define TXGBE_PX_MISC_IEN_MASK \
(TXGBE_PX_MISC_ETH_LKDN | TXGBE_PX_MISC_DEV_RST | \
TXGBE_PX_MISC_ETH_EVENT | TXGBE_PX_MISC_ETH_LK | \
- TXGBE_PX_MISC_ETH_AN | TXGBE_PX_MISC_INT_ERR | \
- TXGBE_PX_MISC_GPIO)
+ TXGBE_PX_MISC_ETH_AN | TXGBE_PX_MISC_INT_ERR)
/* Port cfg registers */
#define TXGBE_CFG_PORT_ST 0x14404
@@ -313,8 +312,7 @@ struct txgbe_nodes {
};
enum txgbe_misc_irqs {
- TXGBE_IRQ_GPIO = 0,
- TXGBE_IRQ_LINK,
+ TXGBE_IRQ_LINK = 0,
TXGBE_IRQ_MAX
};
@@ -335,7 +333,6 @@ struct txgbe {
struct clk_lookup *clock;
struct clk *clk;
struct gpio_chip *gpio;
- unsigned int gpio_irq;
unsigned int link_irq;
/* flow director */
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 370/817] net: txgbe: fix null pointer to pcs
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (368 preceding siblings ...)
2024-12-03 14:39 ` [PATCH 6.11 369/817] net: txgbe: remove GPIO interrupt controller Greg Kroah-Hartman
@ 2024-12-03 14:39 ` Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 371/817] netpoll: Use rcu_access_pointer() in netpoll_poll_lock Greg Kroah-Hartman
` (456 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:39 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Jiawen Wu, Jakub Kicinski,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jiawen Wu <jiawenwu@trustnetic.com>
[ Upstream commit 2160428bcb20f2f70a72ee84aba91a1264dc4ff3 ]
For 1000BASE-X or SGMII interface mode, the PCS also need to be selected.
Only return null pointer when there is a copper NIC with external PHY.
Fixes: 02b2a6f91b90 ("net: txgbe: support copper NIC with external PHY")
Signed-off-by: Jiawen Wu <jiawenwu@trustnetic.com>
Link: https://patch.msgid.link/20241115073508.1130046-1-jiawenwu@trustnetic.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/wangxun/txgbe/txgbe_phy.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/wangxun/txgbe/txgbe_phy.c b/drivers/net/ethernet/wangxun/txgbe/txgbe_phy.c
index 119cbd3466011..6544910535898 100644
--- a/drivers/net/ethernet/wangxun/txgbe/txgbe_phy.c
+++ b/drivers/net/ethernet/wangxun/txgbe/txgbe_phy.c
@@ -162,7 +162,7 @@ static struct phylink_pcs *txgbe_phylink_mac_select(struct phylink_config *confi
struct wx *wx = phylink_to_wx(config);
struct txgbe *txgbe = wx->priv;
- if (interface == PHY_INTERFACE_MODE_10GBASER)
+ if (wx->media_type != sp_media_copper)
return &txgbe->xpcs->pcs;
return NULL;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 371/817] netpoll: Use rcu_access_pointer() in netpoll_poll_lock
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (369 preceding siblings ...)
2024-12-03 14:39 ` [PATCH 6.11 370/817] net: txgbe: fix null pointer to pcs Greg Kroah-Hartman
@ 2024-12-03 14:39 ` Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 372/817] wireguard: selftests: load nf_conntrack if not present Greg Kroah-Hartman
` (455 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Breno Leitao, Michal Kubiak,
Jakub Kicinski, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Breno Leitao <leitao@debian.org>
[ Upstream commit a57d5a72f8dec7db8a79d0016fb0a3bdecc82b56 ]
The ndev->npinfo pointer in netpoll_poll_lock() is RCU-protected but is
being accessed directly for a NULL check. While no RCU read lock is held
in this context, we should still use proper RCU primitives for
consistency and correctness.
Replace the direct NULL check with rcu_access_pointer(), which is the
appropriate primitive when only checking for NULL without dereferencing
the pointer. This function provides the necessary ordering guarantees
without requiring RCU read-side protection.
Fixes: bea3348eef27 ("[NET]: Make NAPI polling independent of struct net_device objects.")
Signed-off-by: Breno Leitao <leitao@debian.org>
Reviewed-by: Michal Kubiak <michal.kubiak@intel.com>
Link: https://patch.msgid.link/20241118-netpoll_rcu-v1-2-a1888dcb4a02@debian.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/netpoll.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/linux/netpoll.h b/include/linux/netpoll.h
index bd19c4b91e312..3ddf205b7e2c3 100644
--- a/include/linux/netpoll.h
+++ b/include/linux/netpoll.h
@@ -71,7 +71,7 @@ static inline void *netpoll_poll_lock(struct napi_struct *napi)
{
struct net_device *dev = napi->dev;
- if (dev && dev->npinfo) {
+ if (dev && rcu_access_pointer(dev->npinfo)) {
int owner = smp_processor_id();
while (cmpxchg(&napi->poll_owner, -1, owner) != -1)
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 372/817] wireguard: selftests: load nf_conntrack if not present
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (370 preceding siblings ...)
2024-12-03 14:39 ` [PATCH 6.11 371/817] netpoll: Use rcu_access_pointer() in netpoll_poll_lock Greg Kroah-Hartman
@ 2024-12-03 14:39 ` Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 373/817] bpf: fix recursive lock when verdict program return SK_PASS Greg Kroah-Hartman
` (454 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Hangbin Liu, Simon Horman,
Jason A. Donenfeld, Jakub Kicinski, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hangbin Liu <liuhangbin@gmail.com>
[ Upstream commit 0290abc9860917f1ee8b58309c2bbd740a39ee8e ]
Some distros may not load nf_conntrack by default, which will cause
subsequent nf_conntrack sets to fail. Load this module if it is not
already loaded.
Fixes: e7096c131e51 ("net: WireGuard secure network tunnel")
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Reviewed-by: Simon Horman <horms@kernel.org>
[ Jason: add [[ -e ... ]] check so this works in the qemu harness. ]
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Link: https://patch.msgid.link/20241117212030.629159-4-Jason@zx2c4.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/wireguard/netns.sh | 1 +
1 file changed, 1 insertion(+)
diff --git a/tools/testing/selftests/wireguard/netns.sh b/tools/testing/selftests/wireguard/netns.sh
index 405ff262ca93d..55500f901fbc3 100755
--- a/tools/testing/selftests/wireguard/netns.sh
+++ b/tools/testing/selftests/wireguard/netns.sh
@@ -332,6 +332,7 @@ waitiface $netns1 vethc
waitiface $netns2 veths
n0 bash -c 'printf 1 > /proc/sys/net/ipv4/ip_forward'
+[[ -e /proc/sys/net/netfilter/nf_conntrack_udp_timeout ]] || modprobe nf_conntrack
n0 bash -c 'printf 2 > /proc/sys/net/netfilter/nf_conntrack_udp_timeout'
n0 bash -c 'printf 2 > /proc/sys/net/netfilter/nf_conntrack_udp_timeout_stream'
n0 iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -d 10.0.0.0/24 -j SNAT --to 10.0.0.1
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 373/817] bpf: fix recursive lock when verdict program return SK_PASS
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (371 preceding siblings ...)
2024-12-03 14:39 ` [PATCH 6.11 372/817] wireguard: selftests: load nf_conntrack if not present Greg Kroah-Hartman
@ 2024-12-03 14:39 ` Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 374/817] unicode: Fix utf8_load() error path Greg Kroah-Hartman
` (453 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Vincent Whitchurch, Jiayuan Chen,
John Fastabend, Martin KaFai Lau, Jakub Kicinski, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jiayuan Chen <mrpre@163.com>
[ Upstream commit 8ca2a1eeadf09862190b2810697702d803ceef2d ]
When the stream_verdict program returns SK_PASS, it places the received skb
into its own receive queue, but a recursive lock eventually occurs, leading
to an operating system deadlock. This issue has been present since v6.9.
'''
sk_psock_strp_data_ready
write_lock_bh(&sk->sk_callback_lock)
strp_data_ready
strp_read_sock
read_sock -> tcp_read_sock
strp_recv
cb.rcv_msg -> sk_psock_strp_read
# now stream_verdict return SK_PASS without peer sock assign
__SK_PASS = sk_psock_map_verd(SK_PASS, NULL)
sk_psock_verdict_apply
sk_psock_skb_ingress_self
sk_psock_skb_ingress_enqueue
sk_psock_data_ready
read_lock_bh(&sk->sk_callback_lock) <= dead lock
'''
This topic has been discussed before, but it has not been fixed.
Previous discussion:
https://lore.kernel.org/all/6684a5864ec86_403d20898@john.notmuch
Fixes: 6648e613226e ("bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue")
Reported-by: Vincent Whitchurch <vincent.whitchurch@datadoghq.com>
Signed-off-by: Jiayuan Chen <mrpre@163.com>
Signed-off-by: John Fastabend <john.fastabend@gmail.com>
Acked-by: Martin KaFai Lau <martin.lau@kernel.org>
Link: https://patch.msgid.link/20241118030910.36230-2-mrpre@163.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/core/skmsg.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/core/skmsg.c b/net/core/skmsg.c
index bbf40b9997138..846fd672f0e52 100644
--- a/net/core/skmsg.c
+++ b/net/core/skmsg.c
@@ -1117,9 +1117,9 @@ static void sk_psock_strp_data_ready(struct sock *sk)
if (tls_sw_has_ctx_rx(sk)) {
psock->saved_data_ready(sk);
} else {
- write_lock_bh(&sk->sk_callback_lock);
+ read_lock_bh(&sk->sk_callback_lock);
strp_data_ready(&psock->strp);
- write_unlock_bh(&sk->sk_callback_lock);
+ read_unlock_bh(&sk->sk_callback_lock);
}
}
rcu_read_unlock();
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 374/817] unicode: Fix utf8_load() error path
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (372 preceding siblings ...)
2024-12-03 14:39 ` [PATCH 6.11 373/817] bpf: fix recursive lock when verdict program return SK_PASS Greg Kroah-Hartman
@ 2024-12-03 14:39 ` Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 375/817] cppc_cpufreq: Use desired perf if feedback ctrs are 0 or unchanged Greg Kroah-Hartman
` (452 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, André Almeida, Theodore Tso,
Gabriel Krisman Bertazi, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: André Almeida <andrealmeid@igalia.com>
[ Upstream commit 156bb2c569cd869583c593d27a5bd69e7b2a4264 ]
utf8_load() requests the symbol "utf8_data_table" and then checks if the
requested UTF-8 version is supported. If it's unsupported, it tries to
put the data table using symbol_put(). If an unsupported version is
requested, symbol_put() fails like this:
kernel BUG at kernel/module/main.c:786!
RIP: 0010:__symbol_put+0x93/0xb0
Call Trace:
<TASK>
? __die_body.cold+0x19/0x27
? die+0x2e/0x50
? do_trap+0xca/0x110
? do_error_trap+0x65/0x80
? __symbol_put+0x93/0xb0
? exc_invalid_op+0x51/0x70
? __symbol_put+0x93/0xb0
? asm_exc_invalid_op+0x1a/0x20
? __pfx_cmp_name+0x10/0x10
? __symbol_put+0x93/0xb0
? __symbol_put+0x62/0xb0
utf8_load+0xf8/0x150
That happens because symbol_put() expects the unique string that
identify the symbol, instead of a pointer to the loaded symbol. Fix that
by using such string.
Fixes: 2b3d04787012 ("unicode: Add utf8-data module")
Signed-off-by: André Almeida <andrealmeid@igalia.com>
Reviewed-by: Theodore Ts'o <tytso@mit.edu>
Link: https://lore.kernel.org/r/20240902225511.757831-2-andrealmeid@igalia.com
Signed-off-by: Gabriel Krisman Bertazi <krisman@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/unicode/utf8-core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/unicode/utf8-core.c b/fs/unicode/utf8-core.c
index 8395066341a43..0400824ef4936 100644
--- a/fs/unicode/utf8-core.c
+++ b/fs/unicode/utf8-core.c
@@ -198,7 +198,7 @@ struct unicode_map *utf8_load(unsigned int version)
return um;
out_symbol_put:
- symbol_put(um->tables);
+ symbol_put(utf8_data_table);
out_free_um:
kfree(um);
return ERR_PTR(-EINVAL);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 375/817] cppc_cpufreq: Use desired perf if feedback ctrs are 0 or unchanged
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (373 preceding siblings ...)
2024-12-03 14:39 ` [PATCH 6.11 374/817] unicode: Fix utf8_load() error path Greg Kroah-Hartman
@ 2024-12-03 14:39 ` Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 376/817] RDMA/core: Provide rdma_user_mmap_disassociate() to disassociate mmap pages Greg Kroah-Hartman
` (451 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jie Zhan, Zeng Heng, Ionela Voinescu,
Huisong Li, Viresh Kumar, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jie Zhan <zhanjie9@hisilicon.com>
[ Upstream commit c47195631960b626058c335aec31f186fa854f97 ]
The CPPC performance feedback counters could be 0 or unchanged when the
target cpu is in a low-power idle state, e.g. power-gated or clock-gated.
When the counters are 0, cppc_cpufreq_get_rate() returns 0 KHz, which makes
cpufreq_online() get a false error and fail to generate a cpufreq policy.
When the counters are unchanged, the existing cppc_perf_from_fbctrs()
returns a cached desired perf, but some platforms may update the real
frequency back to the desired perf reg.
For the above cases in cppc_cpufreq_get_rate(), get the latest desired perf
from the CPPC reg to reflect the frequency because some platforms may
update the actual frequency back there; if failed, use the cached desired
perf.
Fixes: 6a4fec4f6d30 ("cpufreq: cppc: cppc_cpufreq_get_rate() returns zero in all error cases.")
Signed-off-by: Jie Zhan <zhanjie9@hisilicon.com>
Reviewed-by: Zeng Heng <zengheng4@huawei.com>
Reviewed-by: Ionela Voinescu <ionela.voinescu@arm.com>
Reviewed-by: Huisong Li <lihuisong@huawei.com>
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/cpufreq/cppc_cpufreq.c | 57 +++++++++++++++++++++++++++-------
1 file changed, 46 insertions(+), 11 deletions(-)
diff --git a/drivers/cpufreq/cppc_cpufreq.c b/drivers/cpufreq/cppc_cpufreq.c
index bafa32dd375d5..357dc7f4a98ce 100644
--- a/drivers/cpufreq/cppc_cpufreq.c
+++ b/drivers/cpufreq/cppc_cpufreq.c
@@ -118,6 +118,9 @@ static void cppc_scale_freq_workfn(struct kthread_work *work)
perf = cppc_perf_from_fbctrs(cpu_data, &cppc_fi->prev_perf_fb_ctrs,
&fb_ctrs);
+ if (!perf)
+ return;
+
cppc_fi->prev_perf_fb_ctrs = fb_ctrs;
perf <<= SCHED_CAPACITY_SHIFT;
@@ -724,13 +727,31 @@ static int cppc_perf_from_fbctrs(struct cppc_cpudata *cpu_data,
delta_delivered = get_delta(fb_ctrs_t1->delivered,
fb_ctrs_t0->delivered);
- /* Check to avoid divide-by zero and invalid delivered_perf */
+ /*
+ * Avoid divide-by zero and unchanged feedback counters.
+ * Leave it for callers to handle.
+ */
if (!delta_reference || !delta_delivered)
- return cpu_data->perf_ctrls.desired_perf;
+ return 0;
return (reference_perf * delta_delivered) / delta_reference;
}
+static int cppc_get_perf_ctrs_sample(int cpu,
+ struct cppc_perf_fb_ctrs *fb_ctrs_t0,
+ struct cppc_perf_fb_ctrs *fb_ctrs_t1)
+{
+ int ret;
+
+ ret = cppc_get_perf_ctrs(cpu, fb_ctrs_t0);
+ if (ret)
+ return ret;
+
+ udelay(2); /* 2usec delay between sampling */
+
+ return cppc_get_perf_ctrs(cpu, fb_ctrs_t1);
+}
+
static unsigned int cppc_cpufreq_get_rate(unsigned int cpu)
{
struct cppc_perf_fb_ctrs fb_ctrs_t0 = {0}, fb_ctrs_t1 = {0};
@@ -746,18 +767,32 @@ static unsigned int cppc_cpufreq_get_rate(unsigned int cpu)
cpufreq_cpu_put(policy);
- ret = cppc_get_perf_ctrs(cpu, &fb_ctrs_t0);
- if (ret)
- return 0;
-
- udelay(2); /* 2usec delay between sampling */
-
- ret = cppc_get_perf_ctrs(cpu, &fb_ctrs_t1);
- if (ret)
- return 0;
+ ret = cppc_get_perf_ctrs_sample(cpu, &fb_ctrs_t0, &fb_ctrs_t1);
+ if (ret) {
+ if (ret == -EFAULT)
+ /* Any of the associated CPPC regs is 0. */
+ goto out_invalid_counters;
+ else
+ return 0;
+ }
delivered_perf = cppc_perf_from_fbctrs(cpu_data, &fb_ctrs_t0,
&fb_ctrs_t1);
+ if (!delivered_perf)
+ goto out_invalid_counters;
+
+ return cppc_perf_to_khz(&cpu_data->perf_caps, delivered_perf);
+
+out_invalid_counters:
+ /*
+ * Feedback counters could be unchanged or 0 when a cpu enters a
+ * low-power idle state, e.g. clock-gated or power-gated.
+ * Use desired perf for reflecting frequency. Get the latest register
+ * value first as some platforms may update the actual delivered perf
+ * there; if failed, resort to the cached desired perf.
+ */
+ if (cppc_get_desired_perf(cpu, &delivered_perf))
+ delivered_perf = cpu_data->perf_ctrls.desired_perf;
return cppc_perf_to_khz(&cpu_data->perf_caps, delivered_perf);
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 376/817] RDMA/core: Provide rdma_user_mmap_disassociate() to disassociate mmap pages
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (374 preceding siblings ...)
2024-12-03 14:39 ` [PATCH 6.11 375/817] cppc_cpufreq: Use desired perf if feedback ctrs are 0 or unchanged Greg Kroah-Hartman
@ 2024-12-03 14:39 ` Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 377/817] RDMA/hns: Disassociate mmap pages for all uctx when HW is being reset Greg Kroah-Hartman
` (450 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Chengchang Tang, Junxian Huang,
Leon Romanovsky, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chengchang Tang <tangchengchang@huawei.com>
[ Upstream commit 51976c6cd786151b6a1bdf8b8b3334beac0ba99c ]
Provide a new api rdma_user_mmap_disassociate() for drivers to
disassociate mmap pages for a device.
Since drivers can now disassociate mmaps by calling this api,
introduce a new disassociation_lock to specifically prevent
races between this disassociation process and new mmaps. And
thus the old hw_destroy_rwsem is not needed in this api.
Signed-off-by: Chengchang Tang <tangchengchang@huawei.com>
Signed-off-by: Junxian Huang <huangjunxian6@hisilicon.com>
Link: https://patch.msgid.link/20240927103323.1897094-2-huangjunxian6@hisilicon.com
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Stable-dep-of: 615b94746a54 ("RDMA/hns: Disassociate mmap pages for all uctx when HW is being reset")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/core/uverbs.h | 2 ++
drivers/infiniband/core/uverbs_main.c | 43 +++++++++++++++++++++++++--
include/rdma/ib_verbs.h | 8 +++++
3 files changed, 51 insertions(+), 2 deletions(-)
diff --git a/drivers/infiniband/core/uverbs.h b/drivers/infiniband/core/uverbs.h
index 821d93c8f7123..dfd2e5a86e6fe 100644
--- a/drivers/infiniband/core/uverbs.h
+++ b/drivers/infiniband/core/uverbs.h
@@ -160,6 +160,8 @@ struct ib_uverbs_file {
struct page *disassociate_page;
struct xarray idr;
+
+ struct mutex disassociation_lock;
};
struct ib_uverbs_event {
diff --git a/drivers/infiniband/core/uverbs_main.c b/drivers/infiniband/core/uverbs_main.c
index bc099287de9a6..48b97e6c1fc6f 100644
--- a/drivers/infiniband/core/uverbs_main.c
+++ b/drivers/infiniband/core/uverbs_main.c
@@ -76,6 +76,7 @@ static dev_t dynamic_uverbs_dev;
static DEFINE_IDA(uverbs_ida);
static int ib_uverbs_add_one(struct ib_device *device);
static void ib_uverbs_remove_one(struct ib_device *device, void *client_data);
+static struct ib_client uverbs_client;
static char *uverbs_devnode(const struct device *dev, umode_t *mode)
{
@@ -217,6 +218,7 @@ void ib_uverbs_release_file(struct kref *ref)
if (file->disassociate_page)
__free_pages(file->disassociate_page, 0);
+ mutex_destroy(&file->disassociation_lock);
mutex_destroy(&file->umap_lock);
mutex_destroy(&file->ucontext_lock);
kfree(file);
@@ -700,8 +702,13 @@ static int ib_uverbs_mmap(struct file *filp, struct vm_area_struct *vma)
ret = PTR_ERR(ucontext);
goto out;
}
+
+ mutex_lock(&file->disassociation_lock);
+
vma->vm_ops = &rdma_umap_ops;
ret = ucontext->device->ops.mmap(ucontext, vma);
+
+ mutex_unlock(&file->disassociation_lock);
out:
srcu_read_unlock(&file->device->disassociate_srcu, srcu_key);
return ret;
@@ -723,6 +730,8 @@ static void rdma_umap_open(struct vm_area_struct *vma)
/* We are racing with disassociation */
if (!down_read_trylock(&ufile->hw_destroy_rwsem))
goto out_zap;
+ mutex_lock(&ufile->disassociation_lock);
+
/*
* Disassociation already completed, the VMA should already be zapped.
*/
@@ -734,10 +743,12 @@ static void rdma_umap_open(struct vm_area_struct *vma)
goto out_unlock;
rdma_umap_priv_init(priv, vma, opriv->entry);
+ mutex_unlock(&ufile->disassociation_lock);
up_read(&ufile->hw_destroy_rwsem);
return;
out_unlock:
+ mutex_unlock(&ufile->disassociation_lock);
up_read(&ufile->hw_destroy_rwsem);
out_zap:
/*
@@ -821,7 +832,7 @@ void uverbs_user_mmap_disassociate(struct ib_uverbs_file *ufile)
{
struct rdma_umap_priv *priv, *next_priv;
- lockdep_assert_held(&ufile->hw_destroy_rwsem);
+ mutex_lock(&ufile->disassociation_lock);
while (1) {
struct mm_struct *mm = NULL;
@@ -847,8 +858,10 @@ void uverbs_user_mmap_disassociate(struct ib_uverbs_file *ufile)
break;
}
mutex_unlock(&ufile->umap_lock);
- if (!mm)
+ if (!mm) {
+ mutex_unlock(&ufile->disassociation_lock);
return;
+ }
/*
* The umap_lock is nested under mmap_lock since it used within
@@ -878,7 +891,31 @@ void uverbs_user_mmap_disassociate(struct ib_uverbs_file *ufile)
mmap_read_unlock(mm);
mmput(mm);
}
+
+ mutex_unlock(&ufile->disassociation_lock);
+}
+
+/**
+ * rdma_user_mmap_disassociate() - Revoke mmaps for a device
+ * @device: device to revoke
+ *
+ * This function should be called by drivers that need to disable mmaps for the
+ * device, for instance because it is going to be reset.
+ */
+void rdma_user_mmap_disassociate(struct ib_device *device)
+{
+ struct ib_uverbs_device *uverbs_dev =
+ ib_get_client_data(device, &uverbs_client);
+ struct ib_uverbs_file *ufile;
+
+ mutex_lock(&uverbs_dev->lists_mutex);
+ list_for_each_entry(ufile, &uverbs_dev->uverbs_file_list, list) {
+ if (ufile->ucontext)
+ uverbs_user_mmap_disassociate(ufile);
+ }
+ mutex_unlock(&uverbs_dev->lists_mutex);
}
+EXPORT_SYMBOL(rdma_user_mmap_disassociate);
/*
* ib_uverbs_open() does not need the BKL:
@@ -949,6 +986,8 @@ static int ib_uverbs_open(struct inode *inode, struct file *filp)
mutex_init(&file->umap_lock);
INIT_LIST_HEAD(&file->umaps);
+ mutex_init(&file->disassociation_lock);
+
filp->private_data = file;
list_add_tail(&file->list, &dev->uverbs_file_list);
mutex_unlock(&dev->lists_mutex);
diff --git a/include/rdma/ib_verbs.h b/include/rdma/ib_verbs.h
index 6c5712ae559d8..5acdf98b3e789 100644
--- a/include/rdma/ib_verbs.h
+++ b/include/rdma/ib_verbs.h
@@ -2948,6 +2948,14 @@ int rdma_user_mmap_entry_insert_range(struct ib_ucontext *ucontext,
size_t length, u32 min_pgoff,
u32 max_pgoff);
+#if IS_ENABLED(CONFIG_INFINIBAND_USER_ACCESS)
+void rdma_user_mmap_disassociate(struct ib_device *device);
+#else
+static inline void rdma_user_mmap_disassociate(struct ib_device *device)
+{
+}
+#endif
+
static inline int
rdma_user_mmap_entry_insert_exact(struct ib_ucontext *ucontext,
struct rdma_user_mmap_entry *entry,
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 377/817] RDMA/hns: Disassociate mmap pages for all uctx when HW is being reset
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (375 preceding siblings ...)
2024-12-03 14:39 ` [PATCH 6.11 376/817] RDMA/core: Provide rdma_user_mmap_disassociate() to disassociate mmap pages Greg Kroah-Hartman
@ 2024-12-03 14:39 ` Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 378/817] clk: mediatek: drop two dead config options Greg Kroah-Hartman
` (449 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Chengchang Tang, Junxian Huang,
Leon Romanovsky, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chengchang Tang <tangchengchang@huawei.com>
[ Upstream commit 615b94746a54702af923b28bd8a629f4ac0ff0d8 ]
When HW is being reset, userspace should not ring doorbell otherwise
it may lead to abnormal consequence such as RAS.
Disassociate mmap pages for all uctx to prevent userspace from ringing
doorbell to HW. Since all resources will be destroyed during HW reset,
no new mmap is allowed after HW reset is completed.
Fixes: 9a4435375cd1 ("IB/hns: Add driver files for hns RoCE driver")
Signed-off-by: Chengchang Tang <tangchengchang@huawei.com>
Signed-off-by: Junxian Huang <huangjunxian6@hisilicon.com>
Link: https://patch.msgid.link/20240927103323.1897094-3-huangjunxian6@hisilicon.com
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 4 ++++
drivers/infiniband/hw/hns/hns_roce_main.c | 5 +++++
2 files changed, 9 insertions(+)
diff --git a/drivers/infiniband/hw/hns/hns_roce_hw_v2.c b/drivers/infiniband/hw/hns/hns_roce_hw_v2.c
index 24e906b9d3ae1..f1feaa79f78ee 100644
--- a/drivers/infiniband/hw/hns/hns_roce_hw_v2.c
+++ b/drivers/infiniband/hw/hns/hns_roce_hw_v2.c
@@ -7017,6 +7017,7 @@ static void hns_roce_hw_v2_uninit_instance(struct hnae3_handle *handle,
handle->rinfo.instance_state = HNS_ROCE_STATE_NON_INIT;
}
+
static int hns_roce_hw_v2_reset_notify_down(struct hnae3_handle *handle)
{
struct hns_roce_dev *hr_dev;
@@ -7035,6 +7036,9 @@ static int hns_roce_hw_v2_reset_notify_down(struct hnae3_handle *handle)
hr_dev->active = false;
hr_dev->dis_db = true;
+
+ rdma_user_mmap_disassociate(&hr_dev->ib_dev);
+
hr_dev->state = HNS_ROCE_DEVICE_STATE_RST_DOWN;
return 0;
diff --git a/drivers/infiniband/hw/hns/hns_roce_main.c b/drivers/infiniband/hw/hns/hns_roce_main.c
index 4cb0af7335870..49315f39361de 100644
--- a/drivers/infiniband/hw/hns/hns_roce_main.c
+++ b/drivers/infiniband/hw/hns/hns_roce_main.c
@@ -466,6 +466,11 @@ static int hns_roce_mmap(struct ib_ucontext *uctx, struct vm_area_struct *vma)
pgprot_t prot;
int ret;
+ if (hr_dev->dis_db) {
+ atomic64_inc(&hr_dev->dfx_cnt[HNS_ROCE_DFX_MMAP_ERR_CNT]);
+ return -EPERM;
+ }
+
rdma_entry = rdma_user_mmap_entry_get_pgoff(uctx, vma->vm_pgoff);
if (!rdma_entry) {
atomic64_inc(&hr_dev->dfx_cnt[HNS_ROCE_DFX_MMAP_ERR_CNT]);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 378/817] clk: mediatek: drop two dead config options
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (376 preceding siblings ...)
2024-12-03 14:39 ` [PATCH 6.11 377/817] RDMA/hns: Disassociate mmap pages for all uctx when HW is being reset Greg Kroah-Hartman
@ 2024-12-03 14:39 ` Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 379/817] trace/trace_event_perf: remove duplicate samples on the first tracepoint event Greg Kroah-Hartman
` (448 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Lukas Bulwahn,
AngeloGioacchino Del Regno, Stephen Boyd, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Lukas Bulwahn <lukas.bulwahn@redhat.com>
[ Upstream commit 98619dc3cecc2b3943d6abe1db235c868dc72f8d ]
Commit 0f471d31e5e8 ("clk: mediatek: Split MT8195 clock drivers and allow
module build") adds a number of new COMMON_CLK_MT8195_* config options.
Among those, the config options COMMON_CLK_MT8195_AUDSYS and
COMMON_CLK_MT8195_MSDC have no reference in the source tree and are not
used in the Makefile to include a specific file.
Drop the dead config options COMMON_CLK_MT8195_AUDSYS and
COMMON_CLK_MT8195_MSDC.
Fixes: 0f471d31e5e8 ("clk: mediatek: Split MT8195 clock drivers and allow module build")
Signed-off-by: Lukas Bulwahn <lukas.bulwahn@redhat.com>
Link: https://lore.kernel.org/r/20240927092232.386511-1-lukas.bulwahn@redhat.com
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/mediatek/Kconfig | 15 ---------------
1 file changed, 15 deletions(-)
diff --git a/drivers/clk/mediatek/Kconfig b/drivers/clk/mediatek/Kconfig
index 70a005e7e1b18..486401e1f2f19 100644
--- a/drivers/clk/mediatek/Kconfig
+++ b/drivers/clk/mediatek/Kconfig
@@ -887,13 +887,6 @@ config COMMON_CLK_MT8195_APUSYS
help
This driver supports MediaTek MT8195 AI Processor Unit System clocks.
-config COMMON_CLK_MT8195_AUDSYS
- tristate "Clock driver for MediaTek MT8195 audsys"
- depends on COMMON_CLK_MT8195
- default COMMON_CLK_MT8195
- help
- This driver supports MediaTek MT8195 audsys clocks.
-
config COMMON_CLK_MT8195_IMP_IIC_WRAP
tristate "Clock driver for MediaTek MT8195 imp_iic_wrap"
depends on COMMON_CLK_MT8195
@@ -908,14 +901,6 @@ config COMMON_CLK_MT8195_MFGCFG
help
This driver supports MediaTek MT8195 mfgcfg clocks.
-config COMMON_CLK_MT8195_MSDC
- tristate "Clock driver for MediaTek MT8195 msdc"
- depends on COMMON_CLK_MT8195
- default COMMON_CLK_MT8195
- help
- This driver supports MediaTek MT8195 MMC and SD Controller's
- msdc and msdc_top clocks.
-
config COMMON_CLK_MT8195_SCP_ADSP
tristate "Clock driver for MediaTek MT8195 scp_adsp"
depends on COMMON_CLK_MT8195
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 379/817] trace/trace_event_perf: remove duplicate samples on the first tracepoint event
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (377 preceding siblings ...)
2024-12-03 14:39 ` [PATCH 6.11 378/817] clk: mediatek: drop two dead config options Greg Kroah-Hartman
@ 2024-12-03 14:39 ` Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 380/817] pinctrl: zynqmp: drop excess struct member description Greg Kroah-Hartman
` (447 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Levi Yun, Namhyung Kim,
Steven Rostedt (Google), Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Levi Yun <yeoreum.yun@arm.com>
[ Upstream commit afe5960dc208fe069ddaaeb0994d857b24ac19d1 ]
When a tracepoint event is created with attr.freq = 1,
'hwc->period_left' is not initialized correctly. As a result,
in the perf_swevent_overflow() function, when the first time the event occurs,
it calculates the event overflow and the perf_swevent_set_period() returns 3,
this leads to the event are recorded for three duplicate times.
Step to reproduce:
1. Enable the tracepoint event & starting tracing
$ echo 1 > /sys/kernel/tracing/events/module/module_free
$ echo 1 > /sys/kernel/tracing/tracing_on
2. Record with perf
$ perf record -a --strict-freq -F 1 -e "module:module_free"
3. Trigger module_free event.
$ modprobe -i sunrpc
$ modprobe -r sunrpc
Result:
- Trace pipe result:
$ cat trace_pipe
modprobe-174509 [003] ..... 6504.868896: module_free: sunrpc
- perf sample:
modprobe 174509 [003] 6504.868980: module:module_free: sunrpc
modprobe 174509 [003] 6504.868980: module:module_free: sunrpc
modprobe 174509 [003] 6504.868980: module:module_free: sunrpc
By setting period_left via perf_swevent_set_period() as other sw_event did,
This problem could be solved.
After patch:
- Trace pipe result:
$ cat trace_pipe
modprobe 1153096 [068] 613468.867774: module:module_free: xfs
- perf sample
modprobe 1153096 [068] 613468.867794: module:module_free: xfs
Link: https://lore.kernel.org/20240913021347.595330-1-yeoreum.yun@arm.com
Fixes: bd2b5b12849a ("perf_counter: More aggressive frequency adjustment")
Signed-off-by: Levi Yun <yeoreum.yun@arm.com>
Acked-by: Namhyung Kim <namhyung@kernel.org>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/trace/trace_event_perf.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/kernel/trace/trace_event_perf.c b/kernel/trace/trace_event_perf.c
index 05e7912418126..3ff9caa4a71bb 100644
--- a/kernel/trace/trace_event_perf.c
+++ b/kernel/trace/trace_event_perf.c
@@ -352,10 +352,16 @@ void perf_uprobe_destroy(struct perf_event *p_event)
int perf_trace_add(struct perf_event *p_event, int flags)
{
struct trace_event_call *tp_event = p_event->tp_event;
+ struct hw_perf_event *hwc = &p_event->hw;
if (!(flags & PERF_EF_START))
p_event->hw.state = PERF_HES_STOPPED;
+ if (is_sampling_event(p_event)) {
+ hwc->last_period = hwc->sample_period;
+ perf_swevent_set_period(p_event);
+ }
+
/*
* If TRACE_REG_PERF_ADD returns false; no custom action was performed
* and we need to take the default action of enqueueing our event on
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 380/817] pinctrl: zynqmp: drop excess struct member description
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (378 preceding siblings ...)
2024-12-03 14:39 ` [PATCH 6.11 379/817] trace/trace_event_perf: remove duplicate samples on the first tracepoint event Greg Kroah-Hartman
@ 2024-12-03 14:39 ` Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 381/817] pinctrl: renesas: Select PINCTRL_RZG2L for RZ/V2H(P) SoC Greg Kroah-Hartman
` (446 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Bartosz Golaszewski, Linus Walleij,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
[ Upstream commit 2a85fc7044987d751f27d7f1e4423eebbcecc2c6 ]
The 'node' member has never been part of this structure so drop its
description.
Fixes: 8b242ca700f8 ("pinctrl: Add Xilinx ZynqMP pinctrl driver support")
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
Link: https://lore.kernel.org/20241010080432.7781-1-brgl@bgdev.pl
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pinctrl/pinctrl-zynqmp.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/pinctrl/pinctrl-zynqmp.c b/drivers/pinctrl/pinctrl-zynqmp.c
index 3c6d56fdb8c96..93454d2a26bcc 100644
--- a/drivers/pinctrl/pinctrl-zynqmp.c
+++ b/drivers/pinctrl/pinctrl-zynqmp.c
@@ -49,7 +49,6 @@
* @name: Name of the pin mux function
* @groups: List of pin groups for this function
* @ngroups: Number of entries in @groups
- * @node: Firmware node matching with the function
*
* This structure holds information about pin control function
* and function group names supporting that function.
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 381/817] pinctrl: renesas: Select PINCTRL_RZG2L for RZ/V2H(P) SoC
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (379 preceding siblings ...)
2024-12-03 14:39 ` [PATCH 6.11 380/817] pinctrl: zynqmp: drop excess struct member description Greg Kroah-Hartman
@ 2024-12-03 14:39 ` Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 382/817] clk: qcom: videocc-sm8550: depend on either gcc-sm8550 or gcc-sm8650 Greg Kroah-Hartman
` (445 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Biju Das, Lad Prabhakar,
Geert Uytterhoeven, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>
[ Upstream commit 5dcde519a067ac5c85c273e550dde1873e2199bf ]
Add explicit selection of the PINCTRL_RZG2L config option for the
RZ/V2H(P) (R9A09G057) SoC, ensuring pin control driver is enabled
for this SoC.
Fixes: 9bd95ac86e70 ("pinctrl: renesas: rzg2l: Add support for RZ/V2H SoC")
Reported-by: Biju Das <biju.das.jz@bp.renesas.com>
Signed-off-by: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>
Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
Link: https://lore.kernel.org/20241010132726.702658-1-prabhakar.mahadev-lad.rj@bp.renesas.com
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pinctrl/renesas/Kconfig | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/pinctrl/renesas/Kconfig b/drivers/pinctrl/renesas/Kconfig
index 14bd55d647319..7f3f41c7fe54c 100644
--- a/drivers/pinctrl/renesas/Kconfig
+++ b/drivers/pinctrl/renesas/Kconfig
@@ -41,6 +41,7 @@ config PINCTRL_RENESAS
select PINCTRL_PFC_R8A779H0 if ARCH_R8A779H0
select PINCTRL_RZG2L if ARCH_RZG2L
select PINCTRL_RZV2M if ARCH_R9A09G011
+ select PINCTRL_RZG2L if ARCH_R9A09G057
select PINCTRL_PFC_SH7203 if CPU_SUBTYPE_SH7203
select PINCTRL_PFC_SH7264 if CPU_SUBTYPE_SH7264
select PINCTRL_PFC_SH7269 if CPU_SUBTYPE_SH7269
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 382/817] clk: qcom: videocc-sm8550: depend on either gcc-sm8550 or gcc-sm8650
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (380 preceding siblings ...)
2024-12-03 14:39 ` [PATCH 6.11 381/817] pinctrl: renesas: Select PINCTRL_RZG2L for RZ/V2H(P) SoC Greg Kroah-Hartman
@ 2024-12-03 14:39 ` Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 383/817] iommu/s390: Implement blocking domain Greg Kroah-Hartman
` (444 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jonathan Marek, Dmitry Baryshkov,
Neil Armstrong, Bjorn Andersson, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jonathan Marek <jonathan@marek.ca>
[ Upstream commit aab8d53711346d5569261aec9702b7579eecf1ab ]
This driver is compatible with both sm8550 and sm8650, fix the Kconfig
entry to reflect that.
Fixes: da1f361c887c ("clk: qcom: videocc-sm8550: Add SM8650 video clock controller")
Signed-off-by: Jonathan Marek <jonathan@marek.ca>
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Reviewed-by: Neil Armstrong <neil.armstrong@linaro.org>
Link: https://lore.kernel.org/r/20241005144047.2226-1-jonathan@marek.ca
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/qcom/Kconfig | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/clk/qcom/Kconfig b/drivers/clk/qcom/Kconfig
index 11ae28430dadb..8e1b7f63e95a1 100644
--- a/drivers/clk/qcom/Kconfig
+++ b/drivers/clk/qcom/Kconfig
@@ -1203,11 +1203,11 @@ config SM_VIDEOCC_8350
config SM_VIDEOCC_8550
tristate "SM8550 Video Clock Controller"
depends on ARM64 || COMPILE_TEST
- select SM_GCC_8550
+ depends on SM_GCC_8550 || SM_GCC_8650
select QCOM_GDSC
help
Support for the video clock controller on Qualcomm Technologies, Inc.
- SM8550 devices.
+ SM8550 or SM8650 devices.
Say Y if you want to support video devices and functionality such as
video encode/decode.
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 383/817] iommu/s390: Implement blocking domain
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (381 preceding siblings ...)
2024-12-03 14:39 ` [PATCH 6.11 382/817] clk: qcom: videocc-sm8550: depend on either gcc-sm8550 or gcc-sm8650 Greg Kroah-Hartman
@ 2024-12-03 14:39 ` Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 384/817] scsi: hisi_sas: Enable all PHYs that are not disabled by user during controller reset Greg Kroah-Hartman
` (443 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Niklas Schnelle, Matthew Rosato,
Jason Gunthorpe, Joerg Roedel, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Matthew Rosato <mjrosato@linux.ibm.com>
[ Upstream commit ecda483339a5151e3ca30d6b82691ef6f1d17912 ]
This fixes a crash when surprise hot-unplugging a PCI device. This crash
happens because during hot-unplug __iommu_group_set_domain_nofail()
attaching the default domain fails when the platform no longer
recognizes the device as it has already been removed and we end up with
a NULL domain pointer and UAF. This is exactly the case referred to in
the second comment in __iommu_device_set_domain() and just as stated
there if we can instead attach the blocking domain the UAF is prevented
as this can handle the already removed device. Implement the blocking
domain to use this handling. With this change, the crash is fixed but
we still hit a warning attempting to change DMA ownership on a blocked
device.
Fixes: c76c067e488c ("s390/pci: Use dma-iommu layer")
Co-developed-by: Niklas Schnelle <schnelle@linux.ibm.com>
Signed-off-by: Niklas Schnelle <schnelle@linux.ibm.com>
Signed-off-by: Matthew Rosato <mjrosato@linux.ibm.com>
Reviewed-by: Niklas Schnelle <schnelle@linux.ibm.com>
Reviewed-by: Jason Gunthorpe <jgg@nvidia.com>
Link: https://lore.kernel.org/r/20240910211516.137933-1-mjrosato@linux.ibm.com
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/s390/include/asm/pci.h | 4 +-
arch/s390/pci/pci.c | 3 ++
arch/s390/pci/pci_debug.c | 10 ++++-
drivers/iommu/s390-iommu.c | 73 +++++++++++++++++++++++--------------
4 files changed, 59 insertions(+), 31 deletions(-)
diff --git a/arch/s390/include/asm/pci.h b/arch/s390/include/asm/pci.h
index 30820a649e6e7..a60a291fbd58d 100644
--- a/arch/s390/include/asm/pci.h
+++ b/arch/s390/include/asm/pci.h
@@ -96,7 +96,6 @@ struct zpci_bar_struct {
u8 size; /* order 2 exponent */
};
-struct s390_domain;
struct kvm_zdev;
#define ZPCI_FUNCTIONS_PER_BUS 256
@@ -181,9 +180,10 @@ struct zpci_dev {
struct dentry *debugfs_dev;
/* IOMMU and passthrough */
- struct s390_domain *s390_domain; /* s390 IOMMU domain data */
+ struct iommu_domain *s390_domain; /* attached IOMMU domain */
struct kvm_zdev *kzdev;
struct mutex kzdev_lock;
+ spinlock_t dom_lock; /* protect s390_domain change */
};
static inline bool zdev_enabled(struct zpci_dev *zdev)
diff --git a/arch/s390/pci/pci.c b/arch/s390/pci/pci.c
index cff4838fad216..759983d0e63ed 100644
--- a/arch/s390/pci/pci.c
+++ b/arch/s390/pci/pci.c
@@ -160,6 +160,7 @@ int zpci_fmb_enable_device(struct zpci_dev *zdev)
u64 req = ZPCI_CREATE_REQ(zdev->fh, 0, ZPCI_MOD_FC_SET_MEASURE);
struct zpci_iommu_ctrs *ctrs;
struct zpci_fib fib = {0};
+ unsigned long flags;
u8 cc, status;
if (zdev->fmb || sizeof(*zdev->fmb) < zdev->fmb_length)
@@ -171,6 +172,7 @@ int zpci_fmb_enable_device(struct zpci_dev *zdev)
WARN_ON((u64) zdev->fmb & 0xf);
/* reset software counters */
+ spin_lock_irqsave(&zdev->dom_lock, flags);
ctrs = zpci_get_iommu_ctrs(zdev);
if (ctrs) {
atomic64_set(&ctrs->mapped_pages, 0);
@@ -179,6 +181,7 @@ int zpci_fmb_enable_device(struct zpci_dev *zdev)
atomic64_set(&ctrs->sync_map_rpcits, 0);
atomic64_set(&ctrs->sync_rpcits, 0);
}
+ spin_unlock_irqrestore(&zdev->dom_lock, flags);
fib.fmb_addr = virt_to_phys(zdev->fmb);
diff --git a/arch/s390/pci/pci_debug.c b/arch/s390/pci/pci_debug.c
index 2cb5043a997d5..38014206c16b9 100644
--- a/arch/s390/pci/pci_debug.c
+++ b/arch/s390/pci/pci_debug.c
@@ -71,17 +71,23 @@ static void pci_fmb_show(struct seq_file *m, char *name[], int length,
static void pci_sw_counter_show(struct seq_file *m)
{
- struct zpci_iommu_ctrs *ctrs = zpci_get_iommu_ctrs(m->private);
+ struct zpci_dev *zdev = m->private;
+ struct zpci_iommu_ctrs *ctrs;
atomic64_t *counter;
+ unsigned long flags;
int i;
+ spin_lock_irqsave(&zdev->dom_lock, flags);
+ ctrs = zpci_get_iommu_ctrs(m->private);
if (!ctrs)
- return;
+ goto unlock;
counter = &ctrs->mapped_pages;
for (i = 0; i < ARRAY_SIZE(pci_sw_names); i++, counter++)
seq_printf(m, "%26s:\t%llu\n", pci_sw_names[i],
atomic64_read(counter));
+unlock:
+ spin_unlock_irqrestore(&zdev->dom_lock, flags);
}
static int pci_perf_show(struct seq_file *m, void *v)
diff --git a/drivers/iommu/s390-iommu.c b/drivers/iommu/s390-iommu.c
index d8eaa7ea380bb..fbdeded3d48b5 100644
--- a/drivers/iommu/s390-iommu.c
+++ b/drivers/iommu/s390-iommu.c
@@ -33,6 +33,8 @@ struct s390_domain {
struct rcu_head rcu;
};
+static struct iommu_domain blocking_domain;
+
static inline unsigned int calc_rtx(dma_addr_t ptr)
{
return ((unsigned long)ptr >> ZPCI_RT_SHIFT) & ZPCI_INDEX_MASK;
@@ -369,20 +371,36 @@ static void s390_domain_free(struct iommu_domain *domain)
call_rcu(&s390_domain->rcu, s390_iommu_rcu_free_domain);
}
-static void s390_iommu_detach_device(struct iommu_domain *domain,
- struct device *dev)
+static void zdev_s390_domain_update(struct zpci_dev *zdev,
+ struct iommu_domain *domain)
+{
+ unsigned long flags;
+
+ spin_lock_irqsave(&zdev->dom_lock, flags);
+ zdev->s390_domain = domain;
+ spin_unlock_irqrestore(&zdev->dom_lock, flags);
+}
+
+static int blocking_domain_attach_device(struct iommu_domain *domain,
+ struct device *dev)
{
- struct s390_domain *s390_domain = to_s390_domain(domain);
struct zpci_dev *zdev = to_zpci_dev(dev);
+ struct s390_domain *s390_domain;
unsigned long flags;
+ if (zdev->s390_domain->type == IOMMU_DOMAIN_BLOCKED)
+ return 0;
+
+ s390_domain = to_s390_domain(zdev->s390_domain);
spin_lock_irqsave(&s390_domain->list_lock, flags);
list_del_rcu(&zdev->iommu_list);
spin_unlock_irqrestore(&s390_domain->list_lock, flags);
zpci_unregister_ioat(zdev, 0);
- zdev->s390_domain = NULL;
zdev->dma_table = NULL;
+ zdev_s390_domain_update(zdev, domain);
+
+ return 0;
}
static int s390_iommu_attach_device(struct iommu_domain *domain,
@@ -401,20 +419,15 @@ static int s390_iommu_attach_device(struct iommu_domain *domain,
domain->geometry.aperture_end < zdev->start_dma))
return -EINVAL;
- if (zdev->s390_domain)
- s390_iommu_detach_device(&zdev->s390_domain->domain, dev);
+ blocking_domain_attach_device(&blocking_domain, dev);
+ /* If we fail now DMA remains blocked via blocking domain */
cc = zpci_register_ioat(zdev, 0, zdev->start_dma, zdev->end_dma,
virt_to_phys(s390_domain->dma_table), &status);
- /*
- * If the device is undergoing error recovery the reset code
- * will re-establish the new domain.
- */
if (cc && status != ZPCI_PCI_ST_FUNC_NOT_AVAIL)
return -EIO;
-
zdev->dma_table = s390_domain->dma_table;
- zdev->s390_domain = s390_domain;
+ zdev_s390_domain_update(zdev, domain);
spin_lock_irqsave(&s390_domain->list_lock, flags);
list_add_rcu(&zdev->iommu_list, &s390_domain->devices);
@@ -466,19 +479,11 @@ static struct iommu_device *s390_iommu_probe_device(struct device *dev)
if (zdev->tlb_refresh)
dev->iommu->shadow_on_flush = 1;
- return &zdev->iommu_dev;
-}
+ /* Start with DMA blocked */
+ spin_lock_init(&zdev->dom_lock);
+ zdev_s390_domain_update(zdev, &blocking_domain);
-static void s390_iommu_release_device(struct device *dev)
-{
- struct zpci_dev *zdev = to_zpci_dev(dev);
-
- /*
- * release_device is expected to detach any domain currently attached
- * to the device, but keep it attached to other devices in the group.
- */
- if (zdev)
- s390_iommu_detach_device(&zdev->s390_domain->domain, dev);
+ return &zdev->iommu_dev;
}
static int zpci_refresh_all(struct zpci_dev *zdev)
@@ -697,9 +702,15 @@ static size_t s390_iommu_unmap_pages(struct iommu_domain *domain,
struct zpci_iommu_ctrs *zpci_get_iommu_ctrs(struct zpci_dev *zdev)
{
- if (!zdev || !zdev->s390_domain)
+ struct s390_domain *s390_domain;
+
+ lockdep_assert_held(&zdev->dom_lock);
+
+ if (zdev->s390_domain->type == IOMMU_DOMAIN_BLOCKED)
return NULL;
- return &zdev->s390_domain->ctrs;
+
+ s390_domain = to_s390_domain(zdev->s390_domain);
+ return &s390_domain->ctrs;
}
int zpci_init_iommu(struct zpci_dev *zdev)
@@ -776,11 +787,19 @@ static int __init s390_iommu_init(void)
}
subsys_initcall(s390_iommu_init);
+static struct iommu_domain blocking_domain = {
+ .type = IOMMU_DOMAIN_BLOCKED,
+ .ops = &(const struct iommu_domain_ops) {
+ .attach_dev = blocking_domain_attach_device,
+ }
+};
+
static const struct iommu_ops s390_iommu_ops = {
+ .blocked_domain = &blocking_domain,
+ .release_domain = &blocking_domain,
.capable = s390_iommu_capable,
.domain_alloc_paging = s390_domain_alloc_paging,
.probe_device = s390_iommu_probe_device,
- .release_device = s390_iommu_release_device,
.device_group = generic_device_group,
.pgsize_bitmap = SZ_4K,
.get_resv_regions = s390_iommu_get_resv_regions,
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 384/817] scsi: hisi_sas: Enable all PHYs that are not disabled by user during controller reset
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (382 preceding siblings ...)
2024-12-03 14:39 ` [PATCH 6.11 383/817] iommu/s390: Implement blocking domain Greg Kroah-Hartman
@ 2024-12-03 14:39 ` Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 385/817] powerpc/vdso: Flag VDSO64 entry points as functions Greg Kroah-Hartman
` (442 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yihang Li, Xiang Chen,
Martin K. Petersen, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yihang Li <liyihang9@huawei.com>
[ Upstream commit 08a07dc71d7fc6f58c35c4fc0bcede2811c5aa4c ]
For the controller reset operation(such as FLR or clear nexus ha in SCSI
EH), we will disable all PHYs and then enable PHY based on the
hisi_hba->phy_state obtained in hisi_sas_controller_reset_prepare(). If
the device is removed before controller reset or the PHY is not attached
to any device in directly attached scenario, the corresponding bit of
phy_state is not set. After controller reset done, the PHY is disabled.
The device cannot be identified even if user reconnect the disk.
Therefore, for PHYs that are not disabled by user, hisi_sas_phy_enable()
needs to be executed even if the corresponding bit of phy_state is not
set.
Fixes: 89954f024c3a ("scsi: hisi_sas: Ensure all enabled PHYs up during controller reset")
Signed-off-by: Yihang Li <liyihang9@huawei.com>
Link: https://lore.kernel.org/r/20241008021822.2617339-5-liyihang9@huawei.com
Reviewed-by: Xiang Chen <chenxiang66@hisilicon.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/hisi_sas/hisi_sas_main.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/drivers/scsi/hisi_sas/hisi_sas_main.c b/drivers/scsi/hisi_sas/hisi_sas_main.c
index ec1a3e7ee94d3..4a51db160ac8e 100644
--- a/drivers/scsi/hisi_sas/hisi_sas_main.c
+++ b/drivers/scsi/hisi_sas/hisi_sas_main.c
@@ -1545,10 +1545,16 @@ void hisi_sas_controller_reset_done(struct hisi_hba *hisi_hba)
/* Init and wait for PHYs to come up and all libsas event finished. */
for (phy_no = 0; phy_no < hisi_hba->n_phy; phy_no++) {
struct hisi_sas_phy *phy = &hisi_hba->phy[phy_no];
+ struct asd_sas_phy *sas_phy = &phy->sas_phy;
- if (!(hisi_hba->phy_state & BIT(phy_no)))
+ if (!sas_phy->phy->enabled)
continue;
+ if (!(hisi_hba->phy_state & BIT(phy_no))) {
+ hisi_sas_phy_enable(hisi_hba, phy_no, 1);
+ continue;
+ }
+
async_schedule_domain(hisi_sas_async_init_wait_phyup,
phy, &async);
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 385/817] powerpc/vdso: Flag VDSO64 entry points as functions
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (383 preceding siblings ...)
2024-12-03 14:39 ` [PATCH 6.11 384/817] scsi: hisi_sas: Enable all PHYs that are not disabled by user during controller reset Greg Kroah-Hartman
@ 2024-12-03 14:39 ` Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 386/817] mfd: tps65010: Use IRQF_NO_AUTOEN flag in request_irq() to fix race Greg Kroah-Hartman
` (441 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christophe Leroy, Segher Boessenkool,
Michael Ellerman, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Christophe Leroy <christophe.leroy@csgroup.eu>
[ Upstream commit 0161bd38c24312853ed5ae9a425a1c41c4ac674a ]
On powerpc64 as shown below by readelf, vDSO functions symbols have
type NOTYPE.
$ powerpc64-linux-gnu-readelf -a arch/powerpc/kernel/vdso/vdso64.so.dbg
ELF Header:
Magic: 7f 45 4c 46 02 02 01 00 00 00 00 00 00 00 00 00
Class: ELF64
Data: 2's complement, big endian
Version: 1 (current)
OS/ABI: UNIX - System V
ABI Version: 0
Type: DYN (Shared object file)
Machine: PowerPC64
Version: 0x1
...
Symbol table '.dynsym' contains 12 entries:
Num: Value Size Type Bind Vis Ndx Name
...
1: 0000000000000524 84 NOTYPE GLOBAL DEFAULT 8 __[...]@@LINUX_2.6.15
...
4: 0000000000000000 0 OBJECT GLOBAL DEFAULT ABS LINUX_2.6.15
5: 00000000000006c0 48 NOTYPE GLOBAL DEFAULT 8 __[...]@@LINUX_2.6.15
Symbol table '.symtab' contains 56 entries:
Num: Value Size Type Bind Vis Ndx Name
...
45: 0000000000000000 0 OBJECT GLOBAL DEFAULT ABS LINUX_2.6.15
46: 00000000000006c0 48 NOTYPE GLOBAL DEFAULT 8 __kernel_getcpu
47: 0000000000000524 84 NOTYPE GLOBAL DEFAULT 8 __kernel_clock_getres
To overcome that, commit ba83b3239e65 ("selftests: vDSO: fix vDSO
symbols lookup for powerpc64") was applied to have selftests also
look for NOTYPE symbols, but the correct fix should be to flag VDSO
entry points as functions.
The original commit that brought VDSO support into powerpc/64 has the
following explanation:
Note that the symbols exposed by the vDSO aren't "normal" function symbols, apps
can't be expected to link against them directly, the vDSO's are both seen
as if they were linked at 0 and the symbols just contain offsets to the
various functions. This is done on purpose to avoid a relocation step
(ppc64 functions normally have descriptors with abs addresses in them).
When glibc uses those functions, it's expected to use it's own trampolines
that know how to reach them.
The descriptors it's talking about are the OPD function descriptors
used on ABI v1 (big endian). But it would be more correct for a text
symbol to have type function, even if there's no function descriptor
for it.
glibc has a special case already for handling the VDSO symbols which
creates a fake opd pointing at the kernel symbol. So changing the VDSO
symbol type to function shouldn't affect that.
For ABI v2, there is no function descriptors and VDSO functions can
safely have function type.
So lets flag VDSO entry points as functions and revert the
selftest change.
Link: https://github.com/mpe/linux-fullhistory/commit/5f2dd691b62da9d9cc54b938f8b29c22c93cb805
Fixes: ba83b3239e65 ("selftests: vDSO: fix vDSO symbols lookup for powerpc64")
Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Reviewed-By: Segher Boessenkool <segher@kernel.crashing.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://patch.msgid.link/b6ad2f1ee9887af3ca5ecade2a56f4acda517a85.1728512263.git.christophe.leroy@csgroup.eu
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/include/asm/vdso.h | 1 +
tools/testing/selftests/vDSO/parse_vdso.c | 3 +--
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/powerpc/include/asm/vdso.h b/arch/powerpc/include/asm/vdso.h
index 7650b6ce14c85..8d972bc98b55f 100644
--- a/arch/powerpc/include/asm/vdso.h
+++ b/arch/powerpc/include/asm/vdso.h
@@ -25,6 +25,7 @@ int vdso_getcpu_init(void);
#ifdef __VDSO64__
#define V_FUNCTION_BEGIN(name) \
.globl name; \
+ .type name,@function; \
name: \
#define V_FUNCTION_END(name) \
diff --git a/tools/testing/selftests/vDSO/parse_vdso.c b/tools/testing/selftests/vDSO/parse_vdso.c
index 7dd5668ea8a6e..28f35620c4991 100644
--- a/tools/testing/selftests/vDSO/parse_vdso.c
+++ b/tools/testing/selftests/vDSO/parse_vdso.c
@@ -222,8 +222,7 @@ void *vdso_sym(const char *version, const char *name)
ELF(Sym) *sym = &vdso_info.symtab[chain];
/* Check for a defined global or weak function w/ right name. */
- if (ELF64_ST_TYPE(sym->st_info) != STT_FUNC &&
- ELF64_ST_TYPE(sym->st_info) != STT_NOTYPE)
+ if (ELF64_ST_TYPE(sym->st_info) != STT_FUNC)
continue;
if (ELF64_ST_BIND(sym->st_info) != STB_GLOBAL &&
ELF64_ST_BIND(sym->st_info) != STB_WEAK)
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 386/817] mfd: tps65010: Use IRQF_NO_AUTOEN flag in request_irq() to fix race
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (384 preceding siblings ...)
2024-12-03 14:39 ` [PATCH 6.11 385/817] powerpc/vdso: Flag VDSO64 entry points as functions Greg Kroah-Hartman
@ 2024-12-03 14:39 ` Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 387/817] mfd: da9052-spi: Change read-mask to write-mask Greg Kroah-Hartman
` (440 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:39 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Jinjie Ruan, Lee Jones, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jinjie Ruan <ruanjinjie@huawei.com>
[ Upstream commit 2174f9a8c9db50f74df769edd5a4ab822c73b6d2 ]
As the comment said, disable_irq() after request_irq() still has a
time gap in which interrupts can come. request_irq() with IRQF_NO_AUTOEN
flag will disable IRQ auto-enable when request IRQ.
Fixes: 72cd799544f2 ("[PATCH] I2C: add i2c driver for TPS6501x")
Signed-off-by: Jinjie Ruan <ruanjinjie@huawei.com>
Link: https://lore.kernel.org/r/20240912031530.2211654-1-ruanjinjie@huawei.com
Signed-off-by: Lee Jones <lee@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mfd/tps65010.c | 8 ++------
1 file changed, 2 insertions(+), 6 deletions(-)
diff --git a/drivers/mfd/tps65010.c b/drivers/mfd/tps65010.c
index 2b9105295f301..710364435b6b9 100644
--- a/drivers/mfd/tps65010.c
+++ b/drivers/mfd/tps65010.c
@@ -544,17 +544,13 @@ static int tps65010_probe(struct i2c_client *client)
*/
if (client->irq > 0) {
status = request_irq(client->irq, tps65010_irq,
- IRQF_TRIGGER_FALLING, DRIVER_NAME, tps);
+ IRQF_TRIGGER_FALLING | IRQF_NO_AUTOEN,
+ DRIVER_NAME, tps);
if (status < 0) {
dev_dbg(&client->dev, "can't get IRQ %d, err %d\n",
client->irq, status);
return status;
}
- /* annoying race here, ideally we'd have an option
- * to claim the irq now and enable it later.
- * FIXME genirq IRQF_NOAUTOEN now solves that ...
- */
- disable_irq(client->irq);
set_bit(FLAG_IRQ_ENABLE, &tps->flags);
} else
dev_warn(&client->dev, "IRQ not configured!\n");
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 387/817] mfd: da9052-spi: Change read-mask to write-mask
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (385 preceding siblings ...)
2024-12-03 14:39 ` [PATCH 6.11 386/817] mfd: tps65010: Use IRQF_NO_AUTOEN flag in request_irq() to fix race Greg Kroah-Hartman
@ 2024-12-03 14:39 ` Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 388/817] mfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device Greg Kroah-Hartman
` (439 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Marcus Folkesson, Lee Jones,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Marcus Folkesson <marcus.folkesson@gmail.com>
[ Upstream commit 2e3378f6c79a1b3f7855ded1ef306ea4406352ed ]
Driver has mixed up the R/W bit.
The LSB bit is set on write rather than read.
Change it to avoid nasty things to happen.
Fixes: e9e9d3973594 ("mfd: da9052: Avoid setting read_flag_mask for da9052-i2c driver")
Signed-off-by: Marcus Folkesson <marcus.folkesson@gmail.com>
Link: https://lore.kernel.org/r/20240925-da9052-v2-1-f243e4505b07@gmail.com
Signed-off-by: Lee Jones <lee@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mfd/da9052-spi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/mfd/da9052-spi.c b/drivers/mfd/da9052-spi.c
index be5f2b34e18ae..80fc5c0cac2fb 100644
--- a/drivers/mfd/da9052-spi.c
+++ b/drivers/mfd/da9052-spi.c
@@ -37,7 +37,7 @@ static int da9052_spi_probe(struct spi_device *spi)
spi_set_drvdata(spi, da9052);
config = da9052_regmap_config;
- config.read_flag_mask = 1;
+ config.write_flag_mask = 1;
config.reg_bits = 7;
config.pad_bits = 1;
config.val_bits = 8;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 388/817] mfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (386 preceding siblings ...)
2024-12-03 14:39 ` [PATCH 6.11 387/817] mfd: da9052-spi: Change read-mask to write-mask Greg Kroah-Hartman
@ 2024-12-03 14:39 ` Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 389/817] mfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device Greg Kroah-Hartman
` (438 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhang Ning, Andy Shevchenko,
Lee Jones, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
[ Upstream commit 686fb77712a4bc94b76a0c5ae74c60118b7a0d79 ]
While design wise the idea of converting the driver to use
the hierarchy of the IRQ chips is correct, the implementation
has (inherited) flaws. This was unveiled when platform_get_irq()
had started WARN() on IRQ 0 that is supposed to be a Linux
IRQ number (also known as vIRQ).
Rework the driver to respect IRQ domain when creating each MFD
device separately, as the domain is not the same for all of them.
Fixes: 9c6235c86332 ("mfd: intel_soc_pmic_bxtwc: Add bxt_wcove_usbc device")
Fixes: d2061f9cc32d ("usb: typec: add driver for Intel Whiskey Cove PMIC USB Type-C PHY")
Fixes: 57129044f504 ("mfd: intel_soc_pmic_bxtwc: Use chained IRQs for second level IRQ chips")
Reported-by: Zhang Ning <zhangn1985@outlook.com>
Closes: https://lore.kernel.org/r/TY2PR01MB3322FEDCDC048B7D3794F922CDBA2@TY2PR01MB3322.jpnprd01.prod.outlook.com
Tested-by: Zhang Ning <zhangn1985@outlook.com>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Link: https://lore.kernel.org/r/20241005193029.1929139-2-andriy.shevchenko@linux.intel.com
Signed-off-by: Lee Jones <lee@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mfd/intel_soc_pmic_bxtwc.c | 57 +++++++++++++++++++++---------
drivers/usb/typec/tcpm/wcove.c | 4 ---
2 files changed, 40 insertions(+), 21 deletions(-)
diff --git a/drivers/mfd/intel_soc_pmic_bxtwc.c b/drivers/mfd/intel_soc_pmic_bxtwc.c
index ba32cacfc499f..5c35ccfc534ad 100644
--- a/drivers/mfd/intel_soc_pmic_bxtwc.c
+++ b/drivers/mfd/intel_soc_pmic_bxtwc.c
@@ -241,16 +241,6 @@ static struct mfd_cell bxt_wc_dev[] = {
.num_resources = ARRAY_SIZE(thermal_resources),
.resources = thermal_resources,
},
- {
- .name = "bxt_wcove_usbc",
- .num_resources = ARRAY_SIZE(usbc_resources),
- .resources = usbc_resources,
- },
- {
- .name = "bxt_wcove_ext_charger",
- .num_resources = ARRAY_SIZE(charger_resources),
- .resources = charger_resources,
- },
{
.name = "bxt_wcove_bcu",
.num_resources = ARRAY_SIZE(bcu_resources),
@@ -272,6 +262,19 @@ static struct mfd_cell bxt_wc_dev[] = {
},
};
+static struct mfd_cell bxt_wc_chgr_dev[] = {
+ {
+ .name = "bxt_wcove_usbc",
+ .num_resources = ARRAY_SIZE(usbc_resources),
+ .resources = usbc_resources,
+ },
+ {
+ .name = "bxt_wcove_ext_charger",
+ .num_resources = ARRAY_SIZE(charger_resources),
+ .resources = charger_resources,
+ },
+};
+
static int regmap_ipc_byte_reg_read(void *context, unsigned int reg,
unsigned int *val)
{
@@ -426,6 +429,26 @@ static int bxtwc_add_chained_irq_chip(struct intel_soc_pmic *pmic,
0, chip, data);
}
+static int bxtwc_add_chained_devices(struct intel_soc_pmic *pmic,
+ const struct mfd_cell *cells, int n_devs,
+ struct regmap_irq_chip_data *pdata,
+ int pirq, int irq_flags,
+ const struct regmap_irq_chip *chip,
+ struct regmap_irq_chip_data **data)
+{
+ struct device *dev = pmic->dev;
+ struct irq_domain *domain;
+ int ret;
+
+ ret = bxtwc_add_chained_irq_chip(pmic, pdata, pirq, irq_flags, chip, data);
+ if (ret)
+ return dev_err_probe(dev, ret, "Failed to add %s IRQ chip\n", chip->name);
+
+ domain = regmap_irq_get_domain(*data);
+
+ return devm_mfd_add_devices(dev, PLATFORM_DEVID_NONE, cells, n_devs, NULL, 0, domain);
+}
+
static int bxtwc_probe(struct platform_device *pdev)
{
struct device *dev = &pdev->dev;
@@ -501,14 +524,14 @@ static int bxtwc_probe(struct platform_device *pdev)
if (ret)
return dev_err_probe(dev, ret, "Failed to add ADC IRQ chip\n");
- /* Add chained IRQ handler for CHGR IRQs */
- ret = bxtwc_add_chained_irq_chip(pmic, pmic->irq_chip_data,
- BXTWC_CHGR_LVL1_IRQ,
- IRQF_ONESHOT,
- &bxtwc_regmap_irq_chip_chgr,
- &pmic->irq_chip_data_chgr);
+ ret = bxtwc_add_chained_devices(pmic, bxt_wc_chgr_dev, ARRAY_SIZE(bxt_wc_chgr_dev),
+ pmic->irq_chip_data,
+ BXTWC_CHGR_LVL1_IRQ,
+ IRQF_ONESHOT,
+ &bxtwc_regmap_irq_chip_chgr,
+ &pmic->irq_chip_data_chgr);
if (ret)
- return dev_err_probe(dev, ret, "Failed to add CHGR IRQ chip\n");
+ return ret;
/* Add chained IRQ handler for CRIT IRQs */
ret = bxtwc_add_chained_irq_chip(pmic, pmic->irq_chip_data,
diff --git a/drivers/usb/typec/tcpm/wcove.c b/drivers/usb/typec/tcpm/wcove.c
index cf719307b3f6b..60b2766a69bf8 100644
--- a/drivers/usb/typec/tcpm/wcove.c
+++ b/drivers/usb/typec/tcpm/wcove.c
@@ -621,10 +621,6 @@ static int wcove_typec_probe(struct platform_device *pdev)
if (irq < 0)
return irq;
- irq = regmap_irq_get_virq(pmic->irq_chip_data_chgr, irq);
- if (irq < 0)
- return irq;
-
ret = guid_parse(WCOVE_DSM_UUID, &wcove->guid);
if (ret)
return ret;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 389/817] mfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (387 preceding siblings ...)
2024-12-03 14:39 ` [PATCH 6.11 388/817] mfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device Greg Kroah-Hartman
@ 2024-12-03 14:39 ` Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 390/817] mfd: intel_soc_pmic_bxtwc: Use IRQ domain for PMIC devices Greg Kroah-Hartman
` (437 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhang Ning, Hans de Goede,
Andy Shevchenko, Lee Jones, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
[ Upstream commit 9b79d59e6b2b515eb9a22bc469ef7b8f0904fc73 ]
While design wise the idea of converting the driver to use
the hierarchy of the IRQ chips is correct, the implementation
has (inherited) flaws. This was unveiled when platform_get_irq()
had started WARN() on IRQ 0 that is supposed to be a Linux
IRQ number (also known as vIRQ).
Rework the driver to respect IRQ domain when creating each MFD
device separately, as the domain is not the same for all of them.
Fixes: 957ae5098185 ("platform/x86: Add Whiskey Cove PMIC TMU support")
Fixes: 57129044f504 ("mfd: intel_soc_pmic_bxtwc: Use chained IRQs for second level IRQ chips")
Reported-by: Zhang Ning <zhangn1985@outlook.com>
Closes: https://lore.kernel.org/r/TY2PR01MB3322FEDCDC048B7D3794F922CDBA2@TY2PR01MB3322.jpnprd01.prod.outlook.com
Tested-by: Zhang Ning <zhangn1985@outlook.com>
Acked-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Link: https://lore.kernel.org/r/20241005193029.1929139-3-andriy.shevchenko@linux.intel.com
Signed-off-by: Lee Jones <lee@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mfd/intel_soc_pmic_bxtwc.c | 31 ++++++++++++++------------
drivers/platform/x86/intel/bxtwc_tmu.c | 22 +++++-------------
2 files changed, 23 insertions(+), 30 deletions(-)
diff --git a/drivers/mfd/intel_soc_pmic_bxtwc.c b/drivers/mfd/intel_soc_pmic_bxtwc.c
index 5c35ccfc534ad..f4d50e35b8489 100644
--- a/drivers/mfd/intel_soc_pmic_bxtwc.c
+++ b/drivers/mfd/intel_soc_pmic_bxtwc.c
@@ -246,12 +246,6 @@ static struct mfd_cell bxt_wc_dev[] = {
.num_resources = ARRAY_SIZE(bcu_resources),
.resources = bcu_resources,
},
- {
- .name = "bxt_wcove_tmu",
- .num_resources = ARRAY_SIZE(tmu_resources),
- .resources = tmu_resources,
- },
-
{
.name = "bxt_wcove_gpio",
.num_resources = ARRAY_SIZE(gpio_resources),
@@ -262,6 +256,14 @@ static struct mfd_cell bxt_wc_dev[] = {
},
};
+static const struct mfd_cell bxt_wc_tmu_dev[] = {
+ {
+ .name = "bxt_wcove_tmu",
+ .num_resources = ARRAY_SIZE(tmu_resources),
+ .resources = tmu_resources,
+ },
+};
+
static struct mfd_cell bxt_wc_chgr_dev[] = {
{
.name = "bxt_wcove_usbc",
@@ -490,6 +492,15 @@ static int bxtwc_probe(struct platform_device *pdev)
if (ret)
return dev_err_probe(dev, ret, "Failed to add IRQ chip\n");
+ ret = bxtwc_add_chained_devices(pmic, bxt_wc_tmu_dev, ARRAY_SIZE(bxt_wc_tmu_dev),
+ pmic->irq_chip_data,
+ BXTWC_TMU_LVL1_IRQ,
+ IRQF_ONESHOT,
+ &bxtwc_regmap_irq_chip_tmu,
+ &pmic->irq_chip_data_tmu);
+ if (ret)
+ return ret;
+
ret = bxtwc_add_chained_irq_chip(pmic, pmic->irq_chip_data,
BXTWC_PWRBTN_LVL1_IRQ,
IRQF_ONESHOT,
@@ -498,14 +509,6 @@ static int bxtwc_probe(struct platform_device *pdev)
if (ret)
return dev_err_probe(dev, ret, "Failed to add PWRBTN IRQ chip\n");
- ret = bxtwc_add_chained_irq_chip(pmic, pmic->irq_chip_data,
- BXTWC_TMU_LVL1_IRQ,
- IRQF_ONESHOT,
- &bxtwc_regmap_irq_chip_tmu,
- &pmic->irq_chip_data_tmu);
- if (ret)
- return dev_err_probe(dev, ret, "Failed to add TMU IRQ chip\n");
-
/* Add chained IRQ handler for BCU IRQs */
ret = bxtwc_add_chained_irq_chip(pmic, pmic->irq_chip_data,
BXTWC_BCU_LVL1_IRQ,
diff --git a/drivers/platform/x86/intel/bxtwc_tmu.c b/drivers/platform/x86/intel/bxtwc_tmu.c
index d0e2a3c293b0b..9ac801b929b93 100644
--- a/drivers/platform/x86/intel/bxtwc_tmu.c
+++ b/drivers/platform/x86/intel/bxtwc_tmu.c
@@ -48,9 +48,8 @@ static irqreturn_t bxt_wcove_tmu_irq_handler(int irq, void *data)
static int bxt_wcove_tmu_probe(struct platform_device *pdev)
{
struct intel_soc_pmic *pmic = dev_get_drvdata(pdev->dev.parent);
- struct regmap_irq_chip_data *regmap_irq_chip;
struct wcove_tmu *wctmu;
- int ret, virq, irq;
+ int ret;
wctmu = devm_kzalloc(&pdev->dev, sizeof(*wctmu), GFP_KERNEL);
if (!wctmu)
@@ -59,27 +58,18 @@ static int bxt_wcove_tmu_probe(struct platform_device *pdev)
wctmu->dev = &pdev->dev;
wctmu->regmap = pmic->regmap;
- irq = platform_get_irq(pdev, 0);
- if (irq < 0)
- return irq;
+ wctmu->irq = platform_get_irq(pdev, 0);
+ if (wctmu->irq < 0)
+ return wctmu->irq;
- regmap_irq_chip = pmic->irq_chip_data_tmu;
- virq = regmap_irq_get_virq(regmap_irq_chip, irq);
- if (virq < 0) {
- dev_err(&pdev->dev,
- "failed to get virtual interrupt=%d\n", irq);
- return virq;
- }
-
- ret = devm_request_threaded_irq(&pdev->dev, virq,
+ ret = devm_request_threaded_irq(&pdev->dev, wctmu->irq,
NULL, bxt_wcove_tmu_irq_handler,
IRQF_ONESHOT, "bxt_wcove_tmu", wctmu);
if (ret) {
dev_err(&pdev->dev, "request irq failed: %d,virq: %d\n",
- ret, virq);
+ ret, wctmu->irq);
return ret;
}
- wctmu->irq = virq;
/* Unmask TMU second level Wake & System alarm */
regmap_update_bits(wctmu->regmap, BXTWC_MTMUIRQ_REG,
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 390/817] mfd: intel_soc_pmic_bxtwc: Use IRQ domain for PMIC devices
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (388 preceding siblings ...)
2024-12-03 14:39 ` [PATCH 6.11 389/817] mfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device Greg Kroah-Hartman
@ 2024-12-03 14:39 ` Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 391/817] irqdomain: Simplify simple and legacy domain creation Greg Kroah-Hartman
` (436 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhang Ning, Andy Shevchenko,
Lee Jones, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
[ Upstream commit 0350d783ab888cb1cb48ced36cc28b372723f1a4 ]
While design wise the idea of converting the driver to use
the hierarchy of the IRQ chips is correct, the implementation
has (inherited) flaws. This was unveiled when platform_get_irq()
had started WARN() on IRQ 0 that is supposed to be a Linux
IRQ number (also known as vIRQ).
Rework the driver to respect IRQ domain when creating each MFD
device separately, as the domain is not the same for all of them.
Fixes: 57129044f504 ("mfd: intel_soc_pmic_bxtwc: Use chained IRQs for second level IRQ chips")
Tested-by: Zhang Ning <zhangn1985@outlook.com>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Link: https://lore.kernel.org/r/20241005193029.1929139-4-andriy.shevchenko@linux.intel.com
Signed-off-by: Lee Jones <lee@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mfd/intel_soc_pmic_bxtwc.c | 54 +++++++++++++++++-------------
1 file changed, 30 insertions(+), 24 deletions(-)
diff --git a/drivers/mfd/intel_soc_pmic_bxtwc.c b/drivers/mfd/intel_soc_pmic_bxtwc.c
index f4d50e35b8489..f588e0f1fd0ad 100644
--- a/drivers/mfd/intel_soc_pmic_bxtwc.c
+++ b/drivers/mfd/intel_soc_pmic_bxtwc.c
@@ -231,21 +231,11 @@ static const struct resource tmu_resources[] = {
};
static struct mfd_cell bxt_wc_dev[] = {
- {
- .name = "bxt_wcove_gpadc",
- .num_resources = ARRAY_SIZE(adc_resources),
- .resources = adc_resources,
- },
{
.name = "bxt_wcove_thermal",
.num_resources = ARRAY_SIZE(thermal_resources),
.resources = thermal_resources,
},
- {
- .name = "bxt_wcove_bcu",
- .num_resources = ARRAY_SIZE(bcu_resources),
- .resources = bcu_resources,
- },
{
.name = "bxt_wcove_gpio",
.num_resources = ARRAY_SIZE(gpio_resources),
@@ -264,6 +254,22 @@ static const struct mfd_cell bxt_wc_tmu_dev[] = {
},
};
+static const struct mfd_cell bxt_wc_bcu_dev[] = {
+ {
+ .name = "bxt_wcove_bcu",
+ .num_resources = ARRAY_SIZE(bcu_resources),
+ .resources = bcu_resources,
+ },
+};
+
+static const struct mfd_cell bxt_wc_adc_dev[] = {
+ {
+ .name = "bxt_wcove_gpadc",
+ .num_resources = ARRAY_SIZE(adc_resources),
+ .resources = adc_resources,
+ },
+};
+
static struct mfd_cell bxt_wc_chgr_dev[] = {
{
.name = "bxt_wcove_usbc",
@@ -509,23 +515,23 @@ static int bxtwc_probe(struct platform_device *pdev)
if (ret)
return dev_err_probe(dev, ret, "Failed to add PWRBTN IRQ chip\n");
- /* Add chained IRQ handler for BCU IRQs */
- ret = bxtwc_add_chained_irq_chip(pmic, pmic->irq_chip_data,
- BXTWC_BCU_LVL1_IRQ,
- IRQF_ONESHOT,
- &bxtwc_regmap_irq_chip_bcu,
- &pmic->irq_chip_data_bcu);
+ ret = bxtwc_add_chained_devices(pmic, bxt_wc_bcu_dev, ARRAY_SIZE(bxt_wc_bcu_dev),
+ pmic->irq_chip_data,
+ BXTWC_BCU_LVL1_IRQ,
+ IRQF_ONESHOT,
+ &bxtwc_regmap_irq_chip_bcu,
+ &pmic->irq_chip_data_bcu);
if (ret)
- return dev_err_probe(dev, ret, "Failed to add BUC IRQ chip\n");
+ return ret;
- /* Add chained IRQ handler for ADC IRQs */
- ret = bxtwc_add_chained_irq_chip(pmic, pmic->irq_chip_data,
- BXTWC_ADC_LVL1_IRQ,
- IRQF_ONESHOT,
- &bxtwc_regmap_irq_chip_adc,
- &pmic->irq_chip_data_adc);
+ ret = bxtwc_add_chained_devices(pmic, bxt_wc_adc_dev, ARRAY_SIZE(bxt_wc_adc_dev),
+ pmic->irq_chip_data,
+ BXTWC_ADC_LVL1_IRQ,
+ IRQF_ONESHOT,
+ &bxtwc_regmap_irq_chip_adc,
+ &pmic->irq_chip_data_adc);
if (ret)
- return dev_err_probe(dev, ret, "Failed to add ADC IRQ chip\n");
+ return ret;
ret = bxtwc_add_chained_devices(pmic, bxt_wc_chgr_dev, ARRAY_SIZE(bxt_wc_chgr_dev),
pmic->irq_chip_data,
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 391/817] irqdomain: Simplify simple and legacy domain creation
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (389 preceding siblings ...)
2024-12-03 14:39 ` [PATCH 6.11 390/817] mfd: intel_soc_pmic_bxtwc: Use IRQ domain for PMIC devices Greg Kroah-Hartman
@ 2024-12-03 14:39 ` Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 392/817] irqdomain: Cleanup domain name allocation Greg Kroah-Hartman
` (435 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Thomas Gleixner, Matti Vaittinen,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Matti Vaittinen <mazziesaccount@gmail.com>
[ Upstream commit 70114e7f7585ef078c2b7033ee14218f95f55e22 ]
irq_domain_create_simple() and irq_domain_create_legacy() use
__irq_domain_instantiate(), but have extra handling of allocating interrupt
descriptors and associating interrupts in them. Some of that is duplicated.
There are also call sites which have conditonals to invoke different
interrupt domain creator functions, where one of them is usually
irq_domain_create_legacy(). Alternatively they associate the interrupts for
the legacy case after creating the domain.
Moving the extra logic of irq_domain_create_simple()/legacy() into
__irq_domain_instantiate() allows to consolidate that.
Introduce hwirq_base and virq_base members in the irq_domain_info
structure, which allows to transport the required information and add the
conditional interrupt descriptor allocation and interrupt association into
__irq_domain_instantiate().
This reduces irq_domain_create_legacy() and irq_domain_create_simple() to
trivial wrappers which fill in the info structure and allows call sites
which must support the legacy case along with more modern mechanism to
select the domain type via the parameters of the info struct.
[ tglx: Massaged change log ]
Suggested-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Matti Vaittinen <mazziesaccount@gmail.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Link: https://lore.kernel.org/all/32d07bd79eb2b5416e24da9e9e8fe5955423dcf9.1723120028.git.mazziesaccount@gmail.com
Stable-dep-of: 3727c0b4ff6b ("mfd: intel_soc_pmic_bxtwc: Fix IRQ domain names duplication")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/irqdomain.h | 5 +++
kernel/irq/irqdomain.c | 74 ++++++++++++++++++++++-----------------
2 files changed, 46 insertions(+), 33 deletions(-)
diff --git a/include/linux/irqdomain.h b/include/linux/irqdomain.h
index de6105f68fecd..bfcffa2c7047a 100644
--- a/include/linux/irqdomain.h
+++ b/include/linux/irqdomain.h
@@ -291,6 +291,9 @@ struct irq_domain_chip_generic_info;
* @hwirq_max: Maximum number of interrupts supported by controller
* @direct_max: Maximum value of direct maps;
* Use ~0 for no limit; 0 for no direct mapping
+ * @hwirq_base: The first hardware interrupt number (legacy domains only)
+ * @virq_base: The first Linux interrupt number for legacy domains to
+ * immediately associate the interrupts after domain creation
* @bus_token: Domain bus token
* @ops: Domain operation callbacks
* @host_data: Controller private data pointer
@@ -307,6 +310,8 @@ struct irq_domain_info {
unsigned int size;
irq_hw_number_t hwirq_max;
int direct_max;
+ unsigned int hwirq_base;
+ unsigned int virq_base;
enum irq_domain_bus_token bus_token;
const struct irq_domain_ops *ops;
void *host_data;
diff --git a/kernel/irq/irqdomain.c b/kernel/irq/irqdomain.c
index cea8f6874b1fb..7625e424f85a6 100644
--- a/kernel/irq/irqdomain.c
+++ b/kernel/irq/irqdomain.c
@@ -267,13 +267,20 @@ static void irq_domain_free(struct irq_domain *domain)
kfree(domain);
}
-/**
- * irq_domain_instantiate() - Instantiate a new irq domain data structure
- * @info: Domain information pointer pointing to the information for this domain
- *
- * Return: A pointer to the instantiated irq domain or an ERR_PTR value.
- */
-struct irq_domain *irq_domain_instantiate(const struct irq_domain_info *info)
+static void irq_domain_instantiate_descs(const struct irq_domain_info *info)
+{
+ if (!IS_ENABLED(CONFIG_SPARSE_IRQ))
+ return;
+
+ if (irq_alloc_descs(info->virq_base, info->virq_base, info->size,
+ of_node_to_nid(to_of_node(info->fwnode))) < 0) {
+ pr_info("Cannot allocate irq_descs @ IRQ%d, assuming pre-allocated\n",
+ info->virq_base);
+ }
+}
+
+static struct irq_domain *__irq_domain_instantiate(const struct irq_domain_info *info,
+ bool cond_alloc_descs)
{
struct irq_domain *domain;
int err;
@@ -306,6 +313,15 @@ struct irq_domain *irq_domain_instantiate(const struct irq_domain_info *info)
__irq_domain_publish(domain);
+ if (cond_alloc_descs && info->virq_base > 0)
+ irq_domain_instantiate_descs(info);
+
+ /* Legacy interrupt domains have a fixed Linux interrupt number */
+ if (info->virq_base > 0) {
+ irq_domain_associate_many(domain, info->virq_base, info->hwirq_base,
+ info->size - info->hwirq_base);
+ }
+
return domain;
err_domain_gc_remove:
@@ -315,6 +331,17 @@ struct irq_domain *irq_domain_instantiate(const struct irq_domain_info *info)
irq_domain_free(domain);
return ERR_PTR(err);
}
+
+/**
+ * irq_domain_instantiate() - Instantiate a new irq domain data structure
+ * @info: Domain information pointer pointing to the information for this domain
+ *
+ * Return: A pointer to the instantiated irq domain or an ERR_PTR value.
+ */
+struct irq_domain *irq_domain_instantiate(const struct irq_domain_info *info)
+{
+ return __irq_domain_instantiate(info, false);
+}
EXPORT_SYMBOL_GPL(irq_domain_instantiate);
/**
@@ -413,28 +440,13 @@ struct irq_domain *irq_domain_create_simple(struct fwnode_handle *fwnode,
.fwnode = fwnode,
.size = size,
.hwirq_max = size,
+ .virq_base = first_irq,
.ops = ops,
.host_data = host_data,
};
- struct irq_domain *domain;
-
- domain = irq_domain_instantiate(&info);
- if (IS_ERR(domain))
- return NULL;
+ struct irq_domain *domain = __irq_domain_instantiate(&info, true);
- if (first_irq > 0) {
- if (IS_ENABLED(CONFIG_SPARSE_IRQ)) {
- /* attempt to allocated irq_descs */
- int rc = irq_alloc_descs(first_irq, first_irq, size,
- of_node_to_nid(to_of_node(fwnode)));
- if (rc < 0)
- pr_info("Cannot allocate irq_descs @ IRQ%d, assuming pre-allocated\n",
- first_irq);
- }
- irq_domain_associate_many(domain, first_irq, 0, size);
- }
-
- return domain;
+ return IS_ERR(domain) ? NULL : domain;
}
EXPORT_SYMBOL_GPL(irq_domain_create_simple);
@@ -476,18 +488,14 @@ struct irq_domain *irq_domain_create_legacy(struct fwnode_handle *fwnode,
.fwnode = fwnode,
.size = first_hwirq + size,
.hwirq_max = first_hwirq + size,
+ .hwirq_base = first_hwirq,
+ .virq_base = first_irq,
.ops = ops,
.host_data = host_data,
};
- struct irq_domain *domain;
+ struct irq_domain *domain = irq_domain_instantiate(&info);
- domain = irq_domain_instantiate(&info);
- if (IS_ERR(domain))
- return NULL;
-
- irq_domain_associate_many(domain, first_irq, first_hwirq, size);
-
- return domain;
+ return IS_ERR(domain) ? NULL : domain;
}
EXPORT_SYMBOL_GPL(irq_domain_create_legacy);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 392/817] irqdomain: Cleanup domain name allocation
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (390 preceding siblings ...)
2024-12-03 14:39 ` [PATCH 6.11 391/817] irqdomain: Simplify simple and legacy domain creation Greg Kroah-Hartman
@ 2024-12-03 14:39 ` Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 393/817] irqdomain: Allow giving name suffix for domain Greg Kroah-Hartman
` (434 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Thomas Gleixner, Matti Vaittinen,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thomas Gleixner <tglx@linutronix.de>
[ Upstream commit 1bf2c92829274e7c815d06d7b3196a967ff70917 ]
irq_domain_set_name() is truly unreadable gunk. Clean it up before adding
more.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Matti Vaittinen <mazziesaccount@gmail.com>
Link: https://lore.kernel.org/all/874j7uvkbm.ffs@tglx
Stable-dep-of: 3727c0b4ff6b ("mfd: intel_soc_pmic_bxtwc: Fix IRQ domain names duplication")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/irq/irqdomain.c | 106 +++++++++++++++++++++--------------------
1 file changed, 55 insertions(+), 51 deletions(-)
diff --git a/kernel/irq/irqdomain.c b/kernel/irq/irqdomain.c
index 7625e424f85a6..72ab601871034 100644
--- a/kernel/irq/irqdomain.c
+++ b/kernel/irq/irqdomain.c
@@ -128,72 +128,76 @@ void irq_domain_free_fwnode(struct fwnode_handle *fwnode)
}
EXPORT_SYMBOL_GPL(irq_domain_free_fwnode);
-static int irq_domain_set_name(struct irq_domain *domain,
- const struct fwnode_handle *fwnode,
- enum irq_domain_bus_token bus_token)
+static int alloc_name(struct irq_domain *domain, char *base, enum irq_domain_bus_token bus_token)
+{
+ domain->name = bus_token ? kasprintf(GFP_KERNEL, "%s-%d", base, bus_token) :
+ kasprintf(GFP_KERNEL, "%s", base);
+ if (!domain->name)
+ return -ENOMEM;
+
+ domain->flags |= IRQ_DOMAIN_NAME_ALLOCATED;
+ return 0;
+}
+
+static int alloc_fwnode_name(struct irq_domain *domain, const struct fwnode_handle *fwnode,
+ enum irq_domain_bus_token bus_token)
+{
+ char *name = bus_token ? kasprintf(GFP_KERNEL, "%pfw-%d", fwnode, bus_token) :
+ kasprintf(GFP_KERNEL, "%pfw", fwnode);
+
+ if (!name)
+ return -ENOMEM;
+
+ /*
+ * fwnode paths contain '/', which debugfs is legitimately unhappy
+ * about. Replace them with ':', which does the trick and is not as
+ * offensive as '\'...
+ */
+ domain->name = strreplace(name, '/', ':');
+ domain->flags |= IRQ_DOMAIN_NAME_ALLOCATED;
+ return 0;
+}
+
+static int alloc_unknown_name(struct irq_domain *domain, enum irq_domain_bus_token bus_token)
{
static atomic_t unknown_domains;
- struct irqchip_fwid *fwid;
+ int id = atomic_inc_return(&unknown_domains);
+
+ domain->name = bus_token ? kasprintf(GFP_KERNEL, "unknown-%d-%d", id, bus_token) :
+ kasprintf(GFP_KERNEL, "unknown-%d", id);
+ if (!domain->name)
+ return -ENOMEM;
+ domain->flags |= IRQ_DOMAIN_NAME_ALLOCATED;
+ return 0;
+}
+
+static int irq_domain_set_name(struct irq_domain *domain, const struct fwnode_handle *fwnode,
+ enum irq_domain_bus_token bus_token)
+{
if (is_fwnode_irqchip(fwnode)) {
- fwid = container_of(fwnode, struct irqchip_fwid, fwnode);
+ struct irqchip_fwid *fwid = container_of(fwnode, struct irqchip_fwid, fwnode);
switch (fwid->type) {
case IRQCHIP_FWNODE_NAMED:
case IRQCHIP_FWNODE_NAMED_ID:
- domain->name = bus_token ?
- kasprintf(GFP_KERNEL, "%s-%d",
- fwid->name, bus_token) :
- kstrdup(fwid->name, GFP_KERNEL);
- if (!domain->name)
- return -ENOMEM;
- domain->flags |= IRQ_DOMAIN_NAME_ALLOCATED;
- break;
+ return alloc_name(domain, fwid->name, bus_token);
default:
domain->name = fwid->name;
- if (bus_token) {
- domain->name = kasprintf(GFP_KERNEL, "%s-%d",
- fwid->name, bus_token);
- if (!domain->name)
- return -ENOMEM;
- domain->flags |= IRQ_DOMAIN_NAME_ALLOCATED;
- }
- break;
+ if (bus_token)
+ return alloc_name(domain, fwid->name, bus_token);
}
- } else if (is_of_node(fwnode) || is_acpi_device_node(fwnode) ||
- is_software_node(fwnode)) {
- char *name;
- /*
- * fwnode paths contain '/', which debugfs is legitimately
- * unhappy about. Replace them with ':', which does
- * the trick and is not as offensive as '\'...
- */
- name = bus_token ?
- kasprintf(GFP_KERNEL, "%pfw-%d", fwnode, bus_token) :
- kasprintf(GFP_KERNEL, "%pfw", fwnode);
- if (!name)
- return -ENOMEM;
-
- domain->name = strreplace(name, '/', ':');
- domain->flags |= IRQ_DOMAIN_NAME_ALLOCATED;
+ } else if (is_of_node(fwnode) || is_acpi_device_node(fwnode) || is_software_node(fwnode)) {
+ return alloc_fwnode_name(domain, fwnode, bus_token);
}
- if (!domain->name) {
- if (fwnode)
- pr_err("Invalid fwnode type for irqdomain\n");
- domain->name = bus_token ?
- kasprintf(GFP_KERNEL, "unknown-%d-%d",
- atomic_inc_return(&unknown_domains),
- bus_token) :
- kasprintf(GFP_KERNEL, "unknown-%d",
- atomic_inc_return(&unknown_domains));
- if (!domain->name)
- return -ENOMEM;
- domain->flags |= IRQ_DOMAIN_NAME_ALLOCATED;
- }
+ if (domain->name)
+ return 0;
- return 0;
+ if (fwnode)
+ pr_err("Invalid fwnode type for irqdomain\n");
+ return alloc_unknown_name(domain, bus_token);
}
static struct irq_domain *__irq_domain_create(const struct irq_domain_info *info)
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 393/817] irqdomain: Allow giving name suffix for domain
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (391 preceding siblings ...)
2024-12-03 14:39 ` [PATCH 6.11 392/817] irqdomain: Cleanup domain name allocation Greg Kroah-Hartman
@ 2024-12-03 14:39 ` Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 394/817] regmap: Allow setting IRQ domain name suffix Greg Kroah-Hartman
` (433 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Matti Vaittinen, Thomas Gleixner,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Matti Vaittinen <mazziesaccount@gmail.com>
[ Upstream commit 1e7c05292531e5b6bebe409cd531ed4ec0b2ff56 ]
Devices can provide multiple interrupt lines. One reason for this is that
a device has multiple subfunctions, each providing its own interrupt line.
Another reason is that a device can be designed to be used (also) on a
system where some of the interrupts can be routed to another processor.
A line often further acts as a demultiplex for specific interrupts
and has it's respective set of interrupt (status, mask, ack, ...)
registers.
Regmap supports the handling of these registers and demultiplexing
interrupts, but the interrupt domain code ends up assigning the same name
for the per interrupt line domains. This causes a naming collision in the
debugFS code and leads to confusion, as /proc/interrupts shows two separate
interrupts with the same domain name and hardware interrupt number.
Instead of adding a workaround in regmap or driver code, allow giving a
name suffix for the domain name when the domain is created.
Add a name_suffix field in the irq_domain_info structure and make
irq_domain_instantiate() use this suffix if it is given when a domain is
created.
[ tglx: Adopt it to the cleanup patch and fixup the invalid NULL return ]
Signed-off-by: Matti Vaittinen <mazziesaccount@gmail.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Link: https://lore.kernel.org/all/871q2yvk5x.ffs@tglx
Stable-dep-of: 3727c0b4ff6b ("mfd: intel_soc_pmic_bxtwc: Fix IRQ domain names duplication")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/irqdomain.h | 3 +++
kernel/irq/irqdomain.c | 30 +++++++++++++++++++++++-------
2 files changed, 26 insertions(+), 7 deletions(-)
diff --git a/include/linux/irqdomain.h b/include/linux/irqdomain.h
index bfcffa2c7047a..e432b6a12a32f 100644
--- a/include/linux/irqdomain.h
+++ b/include/linux/irqdomain.h
@@ -295,6 +295,8 @@ struct irq_domain_chip_generic_info;
* @virq_base: The first Linux interrupt number for legacy domains to
* immediately associate the interrupts after domain creation
* @bus_token: Domain bus token
+ * @name_suffix: Optional name suffix to avoid collisions when multiple
+ * domains are added using same fwnode
* @ops: Domain operation callbacks
* @host_data: Controller private data pointer
* @dgc_info: Geneneric chip information structure pointer used to
@@ -313,6 +315,7 @@ struct irq_domain_info {
unsigned int hwirq_base;
unsigned int virq_base;
enum irq_domain_bus_token bus_token;
+ const char *name_suffix;
const struct irq_domain_ops *ops;
void *host_data;
#ifdef CONFIG_IRQ_DOMAIN_HIERARCHY
diff --git a/kernel/irq/irqdomain.c b/kernel/irq/irqdomain.c
index 72ab601871034..01001eb615ecc 100644
--- a/kernel/irq/irqdomain.c
+++ b/kernel/irq/irqdomain.c
@@ -140,11 +140,14 @@ static int alloc_name(struct irq_domain *domain, char *base, enum irq_domain_bus
}
static int alloc_fwnode_name(struct irq_domain *domain, const struct fwnode_handle *fwnode,
- enum irq_domain_bus_token bus_token)
+ enum irq_domain_bus_token bus_token, const char *suffix)
{
- char *name = bus_token ? kasprintf(GFP_KERNEL, "%pfw-%d", fwnode, bus_token) :
- kasprintf(GFP_KERNEL, "%pfw", fwnode);
+ const char *sep = suffix ? "-" : "";
+ const char *suf = suffix ? : "";
+ char *name;
+ name = bus_token ? kasprintf(GFP_KERNEL, "%pfw-%s%s%d", fwnode, suf, sep, bus_token) :
+ kasprintf(GFP_KERNEL, "%pfw-%s", fwnode, suf);
if (!name)
return -ENOMEM;
@@ -172,12 +175,25 @@ static int alloc_unknown_name(struct irq_domain *domain, enum irq_domain_bus_tok
return 0;
}
-static int irq_domain_set_name(struct irq_domain *domain, const struct fwnode_handle *fwnode,
- enum irq_domain_bus_token bus_token)
+static int irq_domain_set_name(struct irq_domain *domain, const struct irq_domain_info *info)
{
+ enum irq_domain_bus_token bus_token = info->bus_token;
+ const struct fwnode_handle *fwnode = info->fwnode;
+
if (is_fwnode_irqchip(fwnode)) {
struct irqchip_fwid *fwid = container_of(fwnode, struct irqchip_fwid, fwnode);
+ /*
+ * The name_suffix is only intended to be used to avoid a name
+ * collision when multiple domains are created for a single
+ * device and the name is picked using a real device node.
+ * (Typical use-case is regmap-IRQ controllers for devices
+ * providing more than one physical IRQ.) There should be no
+ * need to use name_suffix with irqchip-fwnode.
+ */
+ if (info->name_suffix)
+ return -EINVAL;
+
switch (fwid->type) {
case IRQCHIP_FWNODE_NAMED:
case IRQCHIP_FWNODE_NAMED_ID:
@@ -189,7 +205,7 @@ static int irq_domain_set_name(struct irq_domain *domain, const struct fwnode_ha
}
} else if (is_of_node(fwnode) || is_acpi_device_node(fwnode) || is_software_node(fwnode)) {
- return alloc_fwnode_name(domain, fwnode, bus_token);
+ return alloc_fwnode_name(domain, fwnode, bus_token, info->name_suffix);
}
if (domain->name)
@@ -215,7 +231,7 @@ static struct irq_domain *__irq_domain_create(const struct irq_domain_info *info
if (!domain)
return ERR_PTR(-ENOMEM);
- err = irq_domain_set_name(domain, info->fwnode, info->bus_token);
+ err = irq_domain_set_name(domain, info);
if (err) {
kfree(domain);
return ERR_PTR(err);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 394/817] regmap: Allow setting IRQ domain name suffix
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (392 preceding siblings ...)
2024-12-03 14:39 ` [PATCH 6.11 393/817] irqdomain: Allow giving name suffix for domain Greg Kroah-Hartman
@ 2024-12-03 14:39 ` Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 395/817] mfd: intel_soc_pmic_bxtwc: Fix IRQ domain names duplication Greg Kroah-Hartman
` (432 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Matti Vaittinen, Mark Brown,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Matti Vaittinen <mazziesaccount@gmail.com>
[ Upstream commit dde286ee57704226b500cb9eb59547fec07aad3d ]
When multiple IRQ domains are created from the same device-tree node they
will get the same name based on the device-tree path. This will cause a
naming collision in debugFS when IRQ domain specific entries are created.
The regmap-IRQ creates per instance IRQ domains. This will lead to a
domain name conflict when a device which provides more than one
interrupt line uses the regmap-IRQ.
Add support for specifying an IRQ domain name suffix when creating a
regmap-IRQ controller.
Signed-off-by: Matti Vaittinen <mazziesaccount@gmail.com>
Link: https://patch.msgid.link/776bc4996969e5081bcf61b9bdb5517e537147a3.1723120028.git.mazziesaccount@gmail.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Stable-dep-of: 3727c0b4ff6b ("mfd: intel_soc_pmic_bxtwc: Fix IRQ domain names duplication")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/base/regmap/regmap-irq.c | 37 ++++++++++++++++++++++----------
include/linux/regmap.h | 4 ++++
2 files changed, 30 insertions(+), 11 deletions(-)
diff --git a/drivers/base/regmap/regmap-irq.c b/drivers/base/regmap/regmap-irq.c
index 250b2cc1e5d87..6981e5f974e9a 100644
--- a/drivers/base/regmap/regmap-irq.c
+++ b/drivers/base/regmap/regmap-irq.c
@@ -612,6 +612,30 @@ int regmap_irq_set_type_config_simple(unsigned int **buf, unsigned int type,
}
EXPORT_SYMBOL_GPL(regmap_irq_set_type_config_simple);
+static int regmap_irq_create_domain(struct fwnode_handle *fwnode, int irq_base,
+ const struct regmap_irq_chip *chip,
+ struct regmap_irq_chip_data *d)
+{
+ struct irq_domain_info info = {
+ .fwnode = fwnode,
+ .size = chip->num_irqs,
+ .hwirq_max = chip->num_irqs,
+ .virq_base = irq_base,
+ .ops = ®map_domain_ops,
+ .host_data = d,
+ .name_suffix = chip->domain_suffix,
+ };
+
+ d->domain = irq_domain_instantiate(&info);
+ if (IS_ERR(d->domain)) {
+ dev_err(d->map->dev, "Failed to create IRQ domain\n");
+ return PTR_ERR(d->domain);
+ }
+
+ return 0;
+}
+
+
/**
* regmap_add_irq_chip_fwnode() - Use standard regmap IRQ controller handling
*
@@ -860,18 +884,9 @@ int regmap_add_irq_chip_fwnode(struct fwnode_handle *fwnode,
}
}
- if (irq_base)
- d->domain = irq_domain_create_legacy(fwnode, chip->num_irqs,
- irq_base, 0,
- ®map_domain_ops, d);
- else
- d->domain = irq_domain_create_linear(fwnode, chip->num_irqs,
- ®map_domain_ops, d);
- if (!d->domain) {
- dev_err(map->dev, "Failed to create IRQ domain\n");
- ret = -ENOMEM;
+ ret = regmap_irq_create_domain(fwnode, irq_base, chip, d);
+ if (ret)
goto err_alloc;
- }
ret = request_threaded_irq(irq, NULL, regmap_irq_thread,
irq_flags | IRQF_ONESHOT,
diff --git a/include/linux/regmap.h b/include/linux/regmap.h
index 122e38161acb8..f9ccad32fc5cb 100644
--- a/include/linux/regmap.h
+++ b/include/linux/regmap.h
@@ -1521,6 +1521,9 @@ struct regmap_irq_chip_data;
* struct regmap_irq_chip - Description of a generic regmap irq_chip.
*
* @name: Descriptive name for IRQ controller.
+ * @domain_suffix: Name suffix to be appended to end of IRQ domain name. Needed
+ * when multiple regmap-IRQ controllers are created from same
+ * device.
*
* @main_status: Base main status register address. For chips which have
* interrupts arranged in separate sub-irq blocks with own IRQ
@@ -1606,6 +1609,7 @@ struct regmap_irq_chip_data;
*/
struct regmap_irq_chip {
const char *name;
+ const char *domain_suffix;
unsigned int main_status;
unsigned int num_main_status_bits;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 395/817] mfd: intel_soc_pmic_bxtwc: Fix IRQ domain names duplication
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (393 preceding siblings ...)
2024-12-03 14:39 ` [PATCH 6.11 394/817] regmap: Allow setting IRQ domain name suffix Greg Kroah-Hartman
@ 2024-12-03 14:39 ` Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 396/817] cpufreq: loongson2: Unregister platform_driver on failure Greg Kroah-Hartman
` (431 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:39 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Andy Shevchenko, Lee Jones,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
[ Upstream commit 3727c0b4ff6ba0e61203544b4c831f7f8899753b ]
For all of the devices regmap IRQ may try to created the folder
with the same name which is impossible and fails with:
debugfs: File '\_SB.IPC1.PMIC' in directory 'domains' already present!
Add domain_suffix to all of the IRQ chips driver registers to solve
the issue.
Fixes: 39d047c0b1c8 ("mfd: add Intel Broxton Whiskey Cove PMIC driver")
Fixes: 957ae5098185 ("platform/x86: Add Whiskey Cove PMIC TMU support")
Fixes: 57129044f504 ("mfd: intel_soc_pmic_bxtwc: Use chained IRQs for second level IRQ chips")
Depends-on: dde286ee5770 ("regmap: Allow setting IRQ domain name suffix")
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Link: https://lore.kernel.org/r/20241005193029.1929139-5-andriy.shevchenko@linux.intel.com
Signed-off-by: Lee Jones <lee@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mfd/intel_soc_pmic_bxtwc.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/mfd/intel_soc_pmic_bxtwc.c b/drivers/mfd/intel_soc_pmic_bxtwc.c
index f588e0f1fd0ad..b65f604a1eec3 100644
--- a/drivers/mfd/intel_soc_pmic_bxtwc.c
+++ b/drivers/mfd/intel_soc_pmic_bxtwc.c
@@ -149,6 +149,7 @@ static struct regmap_irq_chip bxtwc_regmap_irq_chip = {
static struct regmap_irq_chip bxtwc_regmap_irq_chip_pwrbtn = {
.name = "bxtwc_irq_chip_pwrbtn",
+ .domain_suffix = "PWRBTN",
.status_base = BXTWC_PWRBTNIRQ,
.mask_base = BXTWC_MPWRBTNIRQ,
.irqs = bxtwc_regmap_irqs_pwrbtn,
@@ -158,6 +159,7 @@ static struct regmap_irq_chip bxtwc_regmap_irq_chip_pwrbtn = {
static struct regmap_irq_chip bxtwc_regmap_irq_chip_tmu = {
.name = "bxtwc_irq_chip_tmu",
+ .domain_suffix = "TMU",
.status_base = BXTWC_TMUIRQ,
.mask_base = BXTWC_MTMUIRQ,
.irqs = bxtwc_regmap_irqs_tmu,
@@ -167,6 +169,7 @@ static struct regmap_irq_chip bxtwc_regmap_irq_chip_tmu = {
static struct regmap_irq_chip bxtwc_regmap_irq_chip_bcu = {
.name = "bxtwc_irq_chip_bcu",
+ .domain_suffix = "BCU",
.status_base = BXTWC_BCUIRQ,
.mask_base = BXTWC_MBCUIRQ,
.irqs = bxtwc_regmap_irqs_bcu,
@@ -176,6 +179,7 @@ static struct regmap_irq_chip bxtwc_regmap_irq_chip_bcu = {
static struct regmap_irq_chip bxtwc_regmap_irq_chip_adc = {
.name = "bxtwc_irq_chip_adc",
+ .domain_suffix = "ADC",
.status_base = BXTWC_ADCIRQ,
.mask_base = BXTWC_MADCIRQ,
.irqs = bxtwc_regmap_irqs_adc,
@@ -185,6 +189,7 @@ static struct regmap_irq_chip bxtwc_regmap_irq_chip_adc = {
static struct regmap_irq_chip bxtwc_regmap_irq_chip_chgr = {
.name = "bxtwc_irq_chip_chgr",
+ .domain_suffix = "CHGR",
.status_base = BXTWC_CHGR0IRQ,
.mask_base = BXTWC_MCHGR0IRQ,
.irqs = bxtwc_regmap_irqs_chgr,
@@ -194,6 +199,7 @@ static struct regmap_irq_chip bxtwc_regmap_irq_chip_chgr = {
static struct regmap_irq_chip bxtwc_regmap_irq_chip_crit = {
.name = "bxtwc_irq_chip_crit",
+ .domain_suffix = "CRIT",
.status_base = BXTWC_CRITIRQ,
.mask_base = BXTWC_MCRITIRQ,
.irqs = bxtwc_regmap_irqs_crit,
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 396/817] cpufreq: loongson2: Unregister platform_driver on failure
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (394 preceding siblings ...)
2024-12-03 14:39 ` [PATCH 6.11 395/817] mfd: intel_soc_pmic_bxtwc: Fix IRQ domain names duplication Greg Kroah-Hartman
@ 2024-12-03 14:39 ` Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 397/817] powerpc/fadump: Refactor and prepare fadump_cma_init for late init Greg Kroah-Hartman
` (430 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:39 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Yuan Can, Viresh Kumar, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yuan Can <yuancan@huawei.com>
[ Upstream commit 5f856d71ccdf89b4bac0ff70ebb0bb582e7f7f18 ]
When cpufreq_register_driver() returns error, the cpufreq_init() returns
without unregister platform_driver, fix by add missing
platform_driver_unregister() when cpufreq_register_driver() failed.
Fixes: f8ede0f700f5 ("MIPS: Loongson 2F: Add CPU frequency scaling support")
Signed-off-by: Yuan Can <yuancan@huawei.com>
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/cpufreq/loongson2_cpufreq.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/cpufreq/loongson2_cpufreq.c b/drivers/cpufreq/loongson2_cpufreq.c
index 6a8e97896d38c..ed1a6dbad6389 100644
--- a/drivers/cpufreq/loongson2_cpufreq.c
+++ b/drivers/cpufreq/loongson2_cpufreq.c
@@ -148,7 +148,9 @@ static int __init cpufreq_init(void)
ret = cpufreq_register_driver(&loongson2_cpufreq_driver);
- if (!ret && !nowait) {
+ if (ret) {
+ platform_driver_unregister(&platform_driver);
+ } else if (!nowait) {
saved_cpu_wait = cpu_wait;
cpu_wait = loongson2_cpu_wait;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 397/817] powerpc/fadump: Refactor and prepare fadump_cma_init for late init
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (395 preceding siblings ...)
2024-12-03 14:39 ` [PATCH 6.11 396/817] cpufreq: loongson2: Unregister platform_driver on failure Greg Kroah-Hartman
@ 2024-12-03 14:39 ` Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 398/817] powerpc/fadump: Move fadump_cma_init to setup_arch() after initmem_init() Greg Kroah-Hartman
` (429 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Hari Bathini, Madhavan Srinivasan,
Ritesh Harjani (IBM), Michael Ellerman, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ritesh Harjani (IBM) <ritesh.list@gmail.com>
[ Upstream commit adfaec30ffaceecd565e06adae367aa944acc3c9 ]
We anyway don't use any return values from fadump_cma_init(). Since
fadump_reserve_mem() from where fadump_cma_init() gets called today,
already has the required checks.
This patch makes this function return type as void. Let's also handle
extra cases like return if fadump_supported is false or dump_active, so
that in later patches we can call fadump_cma_init() separately from
setup_arch().
Acked-by: Hari Bathini <hbathini@linux.ibm.com>
Reviewed-by: Madhavan Srinivasan <maddy@linux.ibm.com>
Signed-off-by: Ritesh Harjani (IBM) <ritesh.list@gmail.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://patch.msgid.link/a2afc3d6481a87a305e89cfc4a3f3d2a0b8ceab3.1729146153.git.ritesh.list@gmail.com
Stable-dep-of: 05b94cae1c47 ("powerpc/fadump: Move fadump_cma_init to setup_arch() after initmem_init()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/kernel/fadump.c | 23 +++++++++--------------
1 file changed, 9 insertions(+), 14 deletions(-)
diff --git a/arch/powerpc/kernel/fadump.c b/arch/powerpc/kernel/fadump.c
index a612e7513a4f8..162327d66982e 100644
--- a/arch/powerpc/kernel/fadump.c
+++ b/arch/powerpc/kernel/fadump.c
@@ -78,27 +78,23 @@ static struct cma *fadump_cma;
* But for some reason even if it fails we still have the memory reservation
* with us and we can still continue doing fadump.
*/
-static int __init fadump_cma_init(void)
+static void __init fadump_cma_init(void)
{
unsigned long long base, size;
int rc;
- if (!fw_dump.fadump_enabled)
- return 0;
-
+ if (!fw_dump.fadump_supported || !fw_dump.fadump_enabled ||
+ fw_dump.dump_active)
+ return;
/*
* Do not use CMA if user has provided fadump=nocma kernel parameter.
- * Return 1 to continue with fadump old behaviour.
*/
- if (fw_dump.nocma)
- return 1;
+ if (fw_dump.nocma || !fw_dump.boot_memory_size)
+ return;
base = fw_dump.reserve_dump_area_start;
size = fw_dump.boot_memory_size;
- if (!size)
- return 0;
-
rc = cma_init_reserved_mem(base, size, 0, "fadump_cma", &fadump_cma);
if (rc) {
pr_err("Failed to init cma area for firmware-assisted dump,%d\n", rc);
@@ -108,7 +104,7 @@ static int __init fadump_cma_init(void)
* blocked from production system usage. Hence return 1,
* so that we can continue with fadump.
*/
- return 1;
+ return;
}
/*
@@ -125,10 +121,9 @@ static int __init fadump_cma_init(void)
cma_get_size(fadump_cma),
(unsigned long)cma_get_base(fadump_cma) >> 20,
fw_dump.reserve_dump_area_size);
- return 1;
}
#else
-static int __init fadump_cma_init(void) { return 1; }
+static void __init fadump_cma_init(void) { }
#endif /* CONFIG_CMA */
/*
@@ -638,7 +633,7 @@ int __init fadump_reserve_mem(void)
pr_info("Reserved %lldMB of memory at %#016llx (System RAM: %lldMB)\n",
(size >> 20), base, (memblock_phys_mem_size() >> 20));
- ret = fadump_cma_init();
+ fadump_cma_init();
}
return ret;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 398/817] powerpc/fadump: Move fadump_cma_init to setup_arch() after initmem_init()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (396 preceding siblings ...)
2024-12-03 14:39 ` [PATCH 6.11 397/817] powerpc/fadump: Refactor and prepare fadump_cma_init for late init Greg Kroah-Hartman
@ 2024-12-03 14:39 ` Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 399/817] mtd: hyperbus: rpc-if: Add missing MODULE_DEVICE_TABLE Greg Kroah-Hartman
` (428 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, David Hildenbrand,
Sachin P Bappalige, Hari Bathini, Madhavan Srinivasan,
Ritesh Harjani (IBM), Michael Ellerman, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ritesh Harjani (IBM) <ritesh.list@gmail.com>
[ Upstream commit 05b94cae1c47f94588c3e7096963c1007c4d9c1d ]
During early init CMA_MIN_ALIGNMENT_BYTES can be PAGE_SIZE,
since pageblock_order is still zero and it gets initialized
later during initmem_init() e.g.
setup_arch() -> initmem_init() -> sparse_init() -> set_pageblock_order()
One such use case where this causes issue is -
early_setup() -> early_init_devtree() -> fadump_reserve_mem() -> fadump_cma_init()
This causes CMA memory alignment check to be bypassed in
cma_init_reserved_mem(). Then later cma_activate_area() can hit
a VM_BUG_ON_PAGE(pfn & ((1 << order) - 1)) if the reserved memory
area was not pageblock_order aligned.
Fix it by moving the fadump_cma_init() after initmem_init(),
where other such cma reservations also gets called.
<stack trace>
==============
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10010
flags: 0x13ffff800000000(node=1|zone=0|lastcpupid=0x7ffff) CMA
raw: 013ffff800000000 5deadbeef0000100 5deadbeef0000122 0000000000000000
raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: VM_BUG_ON_PAGE(pfn & ((1 << order) - 1))
------------[ cut here ]------------
kernel BUG at mm/page_alloc.c:778!
Call Trace:
__free_one_page+0x57c/0x7b0 (unreliable)
free_pcppages_bulk+0x1a8/0x2c8
free_unref_page_commit+0x3d4/0x4e4
free_unref_page+0x458/0x6d0
init_cma_reserved_pageblock+0x114/0x198
cma_init_reserved_areas+0x270/0x3e0
do_one_initcall+0x80/0x2f8
kernel_init_freeable+0x33c/0x530
kernel_init+0x34/0x26c
ret_from_kernel_user_thread+0x14/0x1c
Fixes: 11ac3e87ce09 ("mm: cma: use pageblock_order as the single alignment")
Suggested-by: David Hildenbrand <david@redhat.com>
Reported-by: Sachin P Bappalige <sachinpb@linux.ibm.com>
Acked-by: Hari Bathini <hbathini@linux.ibm.com>
Reviewed-by: Madhavan Srinivasan <maddy@linux.ibm.com>
Signed-off-by: Ritesh Harjani (IBM) <ritesh.list@gmail.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://patch.msgid.link/3ae208e48c0d9cefe53d2dc4f593388067405b7d.1729146153.git.ritesh.list@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/include/asm/fadump.h | 7 +++++++
arch/powerpc/kernel/fadump.c | 6 +-----
arch/powerpc/kernel/setup-common.c | 6 ++++--
3 files changed, 12 insertions(+), 7 deletions(-)
diff --git a/arch/powerpc/include/asm/fadump.h b/arch/powerpc/include/asm/fadump.h
index ef40c9b6972a6..3638f04447f59 100644
--- a/arch/powerpc/include/asm/fadump.h
+++ b/arch/powerpc/include/asm/fadump.h
@@ -34,4 +34,11 @@ extern int early_init_dt_scan_fw_dump(unsigned long node, const char *uname,
int depth, void *data);
extern int fadump_reserve_mem(void);
#endif
+
+#if defined(CONFIG_FA_DUMP) && defined(CONFIG_CMA)
+void fadump_cma_init(void);
+#else
+static inline void fadump_cma_init(void) { }
+#endif
+
#endif /* _ASM_POWERPC_FADUMP_H */
diff --git a/arch/powerpc/kernel/fadump.c b/arch/powerpc/kernel/fadump.c
index 162327d66982e..ac7b4e1645e55 100644
--- a/arch/powerpc/kernel/fadump.c
+++ b/arch/powerpc/kernel/fadump.c
@@ -78,7 +78,7 @@ static struct cma *fadump_cma;
* But for some reason even if it fails we still have the memory reservation
* with us and we can still continue doing fadump.
*/
-static void __init fadump_cma_init(void)
+void __init fadump_cma_init(void)
{
unsigned long long base, size;
int rc;
@@ -122,8 +122,6 @@ static void __init fadump_cma_init(void)
(unsigned long)cma_get_base(fadump_cma) >> 20,
fw_dump.reserve_dump_area_size);
}
-#else
-static void __init fadump_cma_init(void) { }
#endif /* CONFIG_CMA */
/*
@@ -632,8 +630,6 @@ int __init fadump_reserve_mem(void)
pr_info("Reserved %lldMB of memory at %#016llx (System RAM: %lldMB)\n",
(size >> 20), base, (memblock_phys_mem_size() >> 20));
-
- fadump_cma_init();
}
return ret;
diff --git a/arch/powerpc/kernel/setup-common.c b/arch/powerpc/kernel/setup-common.c
index 943430077375a..b6b01502e5047 100644
--- a/arch/powerpc/kernel/setup-common.c
+++ b/arch/powerpc/kernel/setup-common.c
@@ -997,9 +997,11 @@ void __init setup_arch(char **cmdline_p)
initmem_init();
/*
- * Reserve large chunks of memory for use by CMA for KVM and hugetlb. These must
- * be called after initmem_init(), so that pageblock_order is initialised.
+ * Reserve large chunks of memory for use by CMA for fadump, KVM and
+ * hugetlb. These must be called after initmem_init(), so that
+ * pageblock_order is initialised.
*/
+ fadump_cma_init();
kvm_cma_reserve();
gigantic_hugetlb_cma_reserve();
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 399/817] mtd: hyperbus: rpc-if: Add missing MODULE_DEVICE_TABLE
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (397 preceding siblings ...)
2024-12-03 14:39 ` [PATCH 6.11 398/817] powerpc/fadump: Move fadump_cma_init to setup_arch() after initmem_init() Greg Kroah-Hartman
@ 2024-12-03 14:39 ` Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 400/817] mtd: rawnand: atmel: Fix possible memory leak Greg Kroah-Hartman
` (427 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Biju Das, Geert Uytterhoeven,
Vignesh Raghavendra, Miquel Raynal, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Biju Das <biju.das.jz@bp.renesas.com>
[ Upstream commit 7d189579a287d5c568db623c5fc2344cce98a887 ]
The rpc-if-hyperflash driver can be compiled as a module, but lacks
MODULE_DEVICE_TABLE() and will therefore not be loaded automatically.
Fix this.
Fixes: 5de15b610f78 ("mtd: hyperbus: add Renesas RPC-IF driver")
Signed-off-by: Biju Das <biju.das.jz@bp.renesas.com>
Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
Reviewed-by: Vignesh Raghavendra <vigneshr@ti.com>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20240731080846.257139-1-biju.das.jz@bp.renesas.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mtd/hyperbus/rpc-if.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/mtd/hyperbus/rpc-if.c b/drivers/mtd/hyperbus/rpc-if.c
index b22aa57119f23..e7a28f3316c3f 100644
--- a/drivers/mtd/hyperbus/rpc-if.c
+++ b/drivers/mtd/hyperbus/rpc-if.c
@@ -163,9 +163,16 @@ static void rpcif_hb_remove(struct platform_device *pdev)
pm_runtime_disable(hyperbus->rpc.dev);
}
+static const struct platform_device_id rpc_if_hyperflash_id_table[] = {
+ { .name = "rpc-if-hyperflash" },
+ { /* sentinel */ }
+};
+MODULE_DEVICE_TABLE(platform, rpc_if_hyperflash_id_table);
+
static struct platform_driver rpcif_platform_driver = {
.probe = rpcif_hb_probe,
.remove_new = rpcif_hb_remove,
+ .id_table = rpc_if_hyperflash_id_table,
.driver = {
.name = "rpc-if-hyperflash",
},
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 400/817] mtd: rawnand: atmel: Fix possible memory leak
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (398 preceding siblings ...)
2024-12-03 14:39 ` [PATCH 6.11 399/817] mtd: hyperbus: rpc-if: Add missing MODULE_DEVICE_TABLE Greg Kroah-Hartman
@ 2024-12-03 14:39 ` Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 401/817] powerpc/mm/fault: Fix kfence page fault reporting Greg Kroah-Hartman
` (426 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dr. David Alan Gilbert,
Miquel Raynal, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Miquel Raynal <miquel.raynal@bootlin.com>
[ Upstream commit 6d734f1bfc336aaea91313a5632f2f197608fadd ]
The pmecc "user" structure is allocated in atmel_pmecc_create_user() and
was supposed to be freed with atmel_pmecc_destroy_user(), but this other
helper is never called. One solution would be to find the proper
location to call the destructor, but the trend today is to switch to
device managed allocations, which in this case fits pretty well.
Replace kzalloc() by devm_kzalloc() and drop the destructor entirely.
Reported-by: "Dr. David Alan Gilbert" <linux@treblig.org>
Closes: https://lore.kernel.org/all/ZvmIvRJCf6VhHvpo@gallifrey/
Fixes: f88fc122cc34 ("mtd: nand: Cleanup/rework the atmel_nand driver")
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20241001203149.387655-1-miquel.raynal@bootlin.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mtd/nand/raw/atmel/pmecc.c | 8 +-------
drivers/mtd/nand/raw/atmel/pmecc.h | 2 --
2 files changed, 1 insertion(+), 9 deletions(-)
diff --git a/drivers/mtd/nand/raw/atmel/pmecc.c b/drivers/mtd/nand/raw/atmel/pmecc.c
index 4d7dc8a9c3738..a22aab4ed4e8a 100644
--- a/drivers/mtd/nand/raw/atmel/pmecc.c
+++ b/drivers/mtd/nand/raw/atmel/pmecc.c
@@ -362,7 +362,7 @@ atmel_pmecc_create_user(struct atmel_pmecc *pmecc,
size = ALIGN(size, sizeof(s32));
size += (req->ecc.strength + 1) * sizeof(s32) * 3;
- user = kzalloc(size, GFP_KERNEL);
+ user = devm_kzalloc(pmecc->dev, size, GFP_KERNEL);
if (!user)
return ERR_PTR(-ENOMEM);
@@ -408,12 +408,6 @@ atmel_pmecc_create_user(struct atmel_pmecc *pmecc,
}
EXPORT_SYMBOL_GPL(atmel_pmecc_create_user);
-void atmel_pmecc_destroy_user(struct atmel_pmecc_user *user)
-{
- kfree(user);
-}
-EXPORT_SYMBOL_GPL(atmel_pmecc_destroy_user);
-
static int get_strength(struct atmel_pmecc_user *user)
{
const int *strengths = user->pmecc->caps->strengths;
diff --git a/drivers/mtd/nand/raw/atmel/pmecc.h b/drivers/mtd/nand/raw/atmel/pmecc.h
index 7851c05126cf1..cc0c5af1f4f1a 100644
--- a/drivers/mtd/nand/raw/atmel/pmecc.h
+++ b/drivers/mtd/nand/raw/atmel/pmecc.h
@@ -55,8 +55,6 @@ struct atmel_pmecc *devm_atmel_pmecc_get(struct device *dev);
struct atmel_pmecc_user *
atmel_pmecc_create_user(struct atmel_pmecc *pmecc,
struct atmel_pmecc_user_req *req);
-void atmel_pmecc_destroy_user(struct atmel_pmecc_user *user);
-
void atmel_pmecc_reset(struct atmel_pmecc *pmecc);
int atmel_pmecc_enable(struct atmel_pmecc_user *user, int op);
void atmel_pmecc_disable(struct atmel_pmecc_user *user);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 401/817] powerpc/mm/fault: Fix kfence page fault reporting
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (399 preceding siblings ...)
2024-12-03 14:39 ` [PATCH 6.11 400/817] mtd: rawnand: atmel: Fix possible memory leak Greg Kroah-Hartman
@ 2024-12-03 14:39 ` Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 402/817] clk: sophgo: avoid integer overflow in sg2042_pll_recalc_rate() Greg Kroah-Hartman
` (425 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christophe Leroy, Disha Goel,
Ritesh Harjani (IBM), Michael Ellerman, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ritesh Harjani (IBM) <ritesh.list@gmail.com>
[ Upstream commit 06dbbb4d5f7126b6307ab807cbf04ecfc459b933 ]
copy_from_kernel_nofault() can be called when doing read of /proc/kcore.
/proc/kcore can have some unmapped kfence objects which when read via
copy_from_kernel_nofault() can cause page faults. Since *_nofault()
functions define their own fixup table for handling fault, use that
instead of asking kfence to handle such faults.
Hence we search the exception tables for the nip which generated the
fault. If there is an entry then we let the fixup table handler handle the
page fault by returning an error from within ___do_page_fault().
This can be easily triggered if someone tries to do dd from /proc/kcore.
eg. dd if=/proc/kcore of=/dev/null bs=1M
Some example false negatives:
===============================
BUG: KFENCE: invalid read in copy_from_kernel_nofault+0x9c/0x1a0
Invalid read at 0xc0000000fdff0000:
copy_from_kernel_nofault+0x9c/0x1a0
0xc00000000665f950
read_kcore_iter+0x57c/0xa04
proc_reg_read_iter+0xe4/0x16c
vfs_read+0x320/0x3ec
ksys_read+0x90/0x154
system_call_exception+0x120/0x310
system_call_vectored_common+0x15c/0x2ec
BUG: KFENCE: use-after-free read in copy_from_kernel_nofault+0x9c/0x1a0
Use-after-free read at 0xc0000000fe050000 (in kfence-#2):
copy_from_kernel_nofault+0x9c/0x1a0
0xc00000000665f950
read_kcore_iter+0x57c/0xa04
proc_reg_read_iter+0xe4/0x16c
vfs_read+0x320/0x3ec
ksys_read+0x90/0x154
system_call_exception+0x120/0x310
system_call_vectored_common+0x15c/0x2ec
Fixes: 90cbac0e995d ("powerpc: Enable KFENCE for PPC32")
Suggested-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Reported-by: Disha Goel <disgoel@linux.ibm.com>
Signed-off-by: Ritesh Harjani (IBM) <ritesh.list@gmail.com>
Reviewed-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://patch.msgid.link/a411788081d50e3b136c6270471e35aba3dfafa3.1729271995.git.ritesh.list@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/mm/fault.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/arch/powerpc/mm/fault.c b/arch/powerpc/mm/fault.c
index 81c77ddce2e30..c156fe0d53c37 100644
--- a/arch/powerpc/mm/fault.c
+++ b/arch/powerpc/mm/fault.c
@@ -439,10 +439,16 @@ static int ___do_page_fault(struct pt_regs *regs, unsigned long address,
/*
* The kernel should never take an execute fault nor should it
* take a page fault to a kernel address or a page fault to a user
- * address outside of dedicated places
+ * address outside of dedicated places.
+ *
+ * Rather than kfence directly reporting false negatives, search whether
+ * the NIP belongs to the fixup table for cases where fault could come
+ * from functions like copy_from_kernel_nofault().
*/
if (unlikely(!is_user && bad_kernel_fault(regs, error_code, address, is_write))) {
- if (kfence_handle_page_fault(address, is_write, regs))
+ if (is_kfence_address((void *)address) &&
+ !search_exception_tables(instruction_pointer(regs)) &&
+ kfence_handle_page_fault(address, is_write, regs))
return 0;
return SIGSEGV;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 402/817] clk: sophgo: avoid integer overflow in sg2042_pll_recalc_rate()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (400 preceding siblings ...)
2024-12-03 14:39 ` [PATCH 6.11 401/817] powerpc/mm/fault: Fix kfence page fault reporting Greg Kroah-Hartman
@ 2024-12-03 14:39 ` Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 403/817] mtd: spi-nor: spansion: Use nor->addr_nbytes in octal DTR mode in RD_ANY_REG_OP Greg Kroah-Hartman
` (424 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zichen Xie, Chen Wang, Dan Carpenter,
Stephen Boyd, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zichen Xie <zichenxie0106@gmail.com>
[ Upstream commit 00f8f70a0e8c6601861628be26270a0b6f4bbb34 ]
This was found by a static analyzer.
There may be a potential integer overflow issue in
sg2042_pll_recalc_rate(). numerator is defined as u64 while
parent_rate is defined as unsigned long and ctrl_table.fbdiv
is defined as unsigned int. On 32-bit machine, the result of
the calculation will be limited to "u32" without correct casting.
Integer overflow may occur on high-performance systems.
Fixes: 48cf7e01386e ("clk: sophgo: Add SG2042 clock driver")
Signed-off-by: Zichen Xie <zichenxie0106@gmail.com>
Reviewed-by: Chen Wang <unicorn_wang@outlook.com>
Link: https://lore.kernel.org/r/20241023145146.13130-1-zichenxie0106@gmail.com
Reviewed-by: Dan Carpenter <dan.carpenter@linaro.org>
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/sophgo/clk-sg2042-pll.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/clk/sophgo/clk-sg2042-pll.c b/drivers/clk/sophgo/clk-sg2042-pll.c
index ff9deeef509b8..1537f4f05860e 100644
--- a/drivers/clk/sophgo/clk-sg2042-pll.c
+++ b/drivers/clk/sophgo/clk-sg2042-pll.c
@@ -153,7 +153,7 @@ static unsigned long sg2042_pll_recalc_rate(unsigned int reg_value,
sg2042_pll_ctrl_decode(reg_value, &ctrl_table);
- numerator = parent_rate * ctrl_table.fbdiv;
+ numerator = (u64)parent_rate * ctrl_table.fbdiv;
denominator = ctrl_table.refdiv * ctrl_table.postdiv1 * ctrl_table.postdiv2;
do_div(numerator, denominator);
return numerator;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 403/817] mtd: spi-nor: spansion: Use nor->addr_nbytes in octal DTR mode in RD_ANY_REG_OP
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (401 preceding siblings ...)
2024-12-03 14:39 ` [PATCH 6.11 402/817] clk: sophgo: avoid integer overflow in sg2042_pll_recalc_rate() Greg Kroah-Hartman
@ 2024-12-03 14:39 ` Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 404/817] powerpc/pseries: Fix dtl_access_lock to be a rw_semaphore Greg Kroah-Hartman
` (423 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Takahiro Kuwano, Tudor Ambarus,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Takahiro Kuwano <Takahiro.Kuwano@infineon.com>
[ Upstream commit b61c35e3404557779ec427c077f7a9f057bb053d ]
In octal DTR mode, RD_ANY_REG_OP needs to use 4-byte address regardless
of flash's internal address mode. Use nor->addr_nbytes which is set to 4
during setup.
Fixes: eff9604390d6 ("mtd: spi-nor: spansion: add octal DTR support in RD_ANY_REG_OP")
Signed-off-by: Takahiro Kuwano <Takahiro.Kuwano@infineon.com>
Link: https://lore.kernel.org/r/20241016000837.17951-1-Takahiro.Kuwano@infineon.com
Signed-off-by: Tudor Ambarus <tudor.ambarus@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mtd/spi-nor/spansion.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/mtd/spi-nor/spansion.c b/drivers/mtd/spi-nor/spansion.c
index 6cc237c24e072..020994374ea13 100644
--- a/drivers/mtd/spi-nor/spansion.c
+++ b/drivers/mtd/spi-nor/spansion.c
@@ -106,6 +106,7 @@ static int cypress_nor_sr_ready_and_clear_reg(struct spi_nor *nor, u64 addr)
int ret;
if (nor->reg_proto == SNOR_PROTO_8_8_8_DTR) {
+ op.addr.nbytes = nor->addr_nbytes;
op.dummy.nbytes = params->rdsr_dummy;
op.data.nbytes = 2;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 404/817] powerpc/pseries: Fix dtl_access_lock to be a rw_semaphore
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (402 preceding siblings ...)
2024-12-03 14:39 ` [PATCH 6.11 403/817] mtd: spi-nor: spansion: Use nor->addr_nbytes in octal DTR mode in RD_ANY_REG_OP Greg Kroah-Hartman
@ 2024-12-03 14:39 ` Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 405/817] cpufreq: CPPC: Fix possible null-ptr-deref for cpufreq_cpu_get_raw() Greg Kroah-Hartman
` (422 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Kajol Jain, Nysal Jan K.A,
Michael Ellerman, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michael Ellerman <mpe@ellerman.id.au>
[ Upstream commit cadae3a45d23aa4f6485938a67cbc47aaaa25e38 ]
The dtl_access_lock needs to be a rw_sempahore, a sleeping lock, because
the code calls kmalloc() while holding it, which can sleep:
# echo 1 > /proc/powerpc/vcpudispatch_stats
BUG: sleeping function called from invalid context at include/linux/sched/mm.h:337
in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 199, name: sh
preempt_count: 1, expected: 0
3 locks held by sh/199:
#0: c00000000a0743f8 (sb_writers#3){.+.+}-{0:0}, at: vfs_write+0x324/0x438
#1: c0000000028c7058 (dtl_enable_mutex){+.+.}-{3:3}, at: vcpudispatch_stats_write+0xd4/0x5f4
#2: c0000000028c70b8 (dtl_access_lock){+.+.}-{2:2}, at: vcpudispatch_stats_write+0x220/0x5f4
CPU: 0 PID: 199 Comm: sh Not tainted 6.10.0-rc4 #152
Hardware name: IBM pSeries (emulated by qemu) POWER9 (raw) 0x4e1202 0xf000005 of:SLOF,HEAD hv:linux,kvm pSeries
Call Trace:
dump_stack_lvl+0x130/0x148 (unreliable)
__might_resched+0x174/0x410
kmem_cache_alloc_noprof+0x340/0x3d0
alloc_dtl_buffers+0x124/0x1ac
vcpudispatch_stats_write+0x2a8/0x5f4
proc_reg_write+0xf4/0x150
vfs_write+0xfc/0x438
ksys_write+0x88/0x148
system_call_exception+0x1c4/0x5a0
system_call_common+0xf4/0x258
Fixes: 06220d78f24a ("powerpc/pseries: Introduce rwlock to gatekeep DTLB usage")
Tested-by: Kajol Jain <kjain@linux.ibm.com>
Reviewed-by: Nysal Jan K.A <nysal@linux.ibm.com>
Reviewed-by: Kajol Jain <kjain@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://patch.msgid.link/20240819122401.513203-1-mpe@ellerman.id.au
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/include/asm/dtl.h | 4 ++--
arch/powerpc/platforms/pseries/dtl.c | 8 ++++----
arch/powerpc/platforms/pseries/lpar.c | 8 ++++----
3 files changed, 10 insertions(+), 10 deletions(-)
diff --git a/arch/powerpc/include/asm/dtl.h b/arch/powerpc/include/asm/dtl.h
index d6f43d149f8dc..a5c21bc623cb0 100644
--- a/arch/powerpc/include/asm/dtl.h
+++ b/arch/powerpc/include/asm/dtl.h
@@ -1,8 +1,8 @@
#ifndef _ASM_POWERPC_DTL_H
#define _ASM_POWERPC_DTL_H
+#include <linux/rwsem.h>
#include <asm/lppaca.h>
-#include <linux/spinlock_types.h>
/*
* Layout of entries in the hypervisor's dispatch trace log buffer.
@@ -35,7 +35,7 @@ struct dtl_entry {
#define DTL_LOG_ALL (DTL_LOG_CEDE | DTL_LOG_PREEMPT | DTL_LOG_FAULT)
extern struct kmem_cache *dtl_cache;
-extern rwlock_t dtl_access_lock;
+extern struct rw_semaphore dtl_access_lock;
extern void register_dtl_buffer(int cpu);
extern void alloc_dtl_buffers(unsigned long *time_limit);
diff --git a/arch/powerpc/platforms/pseries/dtl.c b/arch/powerpc/platforms/pseries/dtl.c
index 3f1cdccebc9c1..ecc04ef8c53e3 100644
--- a/arch/powerpc/platforms/pseries/dtl.c
+++ b/arch/powerpc/platforms/pseries/dtl.c
@@ -191,7 +191,7 @@ static int dtl_enable(struct dtl *dtl)
return -EBUSY;
/* ensure there are no other conflicting dtl users */
- if (!read_trylock(&dtl_access_lock))
+ if (!down_read_trylock(&dtl_access_lock))
return -EBUSY;
n_entries = dtl_buf_entries;
@@ -199,7 +199,7 @@ static int dtl_enable(struct dtl *dtl)
if (!buf) {
printk(KERN_WARNING "%s: buffer alloc failed for cpu %d\n",
__func__, dtl->cpu);
- read_unlock(&dtl_access_lock);
+ up_read(&dtl_access_lock);
return -ENOMEM;
}
@@ -217,7 +217,7 @@ static int dtl_enable(struct dtl *dtl)
spin_unlock(&dtl->lock);
if (rc) {
- read_unlock(&dtl_access_lock);
+ up_read(&dtl_access_lock);
kmem_cache_free(dtl_cache, buf);
}
@@ -232,7 +232,7 @@ static void dtl_disable(struct dtl *dtl)
dtl->buf = NULL;
dtl->buf_entries = 0;
spin_unlock(&dtl->lock);
- read_unlock(&dtl_access_lock);
+ up_read(&dtl_access_lock);
}
/* file interface */
diff --git a/arch/powerpc/platforms/pseries/lpar.c b/arch/powerpc/platforms/pseries/lpar.c
index c1d8bee8f7018..bb09990eec309 100644
--- a/arch/powerpc/platforms/pseries/lpar.c
+++ b/arch/powerpc/platforms/pseries/lpar.c
@@ -169,7 +169,7 @@ struct vcpu_dispatch_data {
*/
#define NR_CPUS_H NR_CPUS
-DEFINE_RWLOCK(dtl_access_lock);
+DECLARE_RWSEM(dtl_access_lock);
static DEFINE_PER_CPU(struct vcpu_dispatch_data, vcpu_disp_data);
static DEFINE_PER_CPU(u64, dtl_entry_ridx);
static DEFINE_PER_CPU(struct dtl_worker, dtl_workers);
@@ -463,7 +463,7 @@ static int dtl_worker_enable(unsigned long *time_limit)
{
int rc = 0, state;
- if (!write_trylock(&dtl_access_lock)) {
+ if (!down_write_trylock(&dtl_access_lock)) {
rc = -EBUSY;
goto out;
}
@@ -479,7 +479,7 @@ static int dtl_worker_enable(unsigned long *time_limit)
pr_err("vcpudispatch_stats: unable to setup workqueue for DTL processing\n");
free_dtl_buffers(time_limit);
reset_global_dtl_mask();
- write_unlock(&dtl_access_lock);
+ up_write(&dtl_access_lock);
rc = -EINVAL;
goto out;
}
@@ -494,7 +494,7 @@ static void dtl_worker_disable(unsigned long *time_limit)
cpuhp_remove_state(dtl_worker_state);
free_dtl_buffers(time_limit);
reset_global_dtl_mask();
- write_unlock(&dtl_access_lock);
+ up_write(&dtl_access_lock);
}
static ssize_t vcpudispatch_stats_write(struct file *file, const char __user *p,
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 405/817] cpufreq: CPPC: Fix possible null-ptr-deref for cpufreq_cpu_get_raw()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (403 preceding siblings ...)
2024-12-03 14:39 ` [PATCH 6.11 404/817] powerpc/pseries: Fix dtl_access_lock to be a rw_semaphore Greg Kroah-Hartman
@ 2024-12-03 14:39 ` Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 406/817] cpufreq: CPPC: Fix possible null-ptr-deref for cppc_get_cpu_cost() Greg Kroah-Hartman
` (421 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:39 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Jinjie Ruan, Viresh Kumar,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jinjie Ruan <ruanjinjie@huawei.com>
[ Upstream commit a78e7207564258db6e373e86294a85f9d646d35a ]
cpufreq_cpu_get_raw() may return NULL if the cpu is not in
policy->cpus cpu mask and it will cause null pointer dereference.
Fixes: 740fcdc2c20e ("cpufreq: CPPC: Register EM based on efficiency class information")
Signed-off-by: Jinjie Ruan <ruanjinjie@huawei.com>
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/cpufreq/cppc_cpufreq.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/cpufreq/cppc_cpufreq.c b/drivers/cpufreq/cppc_cpufreq.c
index 357dc7f4a98ce..32045075c596f 100644
--- a/drivers/cpufreq/cppc_cpufreq.c
+++ b/drivers/cpufreq/cppc_cpufreq.c
@@ -423,6 +423,9 @@ static int cppc_get_cpu_power(struct device *cpu_dev,
struct cppc_cpudata *cpu_data;
policy = cpufreq_cpu_get_raw(cpu_dev->id);
+ if (!policy)
+ return 0;
+
cpu_data = policy->driver_data;
perf_caps = &cpu_data->perf_caps;
max_cap = arch_scale_cpu_capacity(cpu_dev->id);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 406/817] cpufreq: CPPC: Fix possible null-ptr-deref for cppc_get_cpu_cost()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (404 preceding siblings ...)
2024-12-03 14:39 ` [PATCH 6.11 405/817] cpufreq: CPPC: Fix possible null-ptr-deref for cpufreq_cpu_get_raw() Greg Kroah-Hartman
@ 2024-12-03 14:39 ` Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 407/817] iommu/amd: Remove amd_iommu_domain_update() from page table freeing Greg Kroah-Hartman
` (420 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:39 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Jinjie Ruan, Viresh Kumar,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jinjie Ruan <ruanjinjie@huawei.com>
[ Upstream commit 1a1374bb8c5926674973d849feed500bc61ad535 ]
cpufreq_cpu_get_raw() may return NULL if the cpu is not in
policy->cpus cpu mask and it will cause null pointer dereference,
so check NULL for cppc_get_cpu_cost().
Fixes: 740fcdc2c20e ("cpufreq: CPPC: Register EM based on efficiency class information")
Signed-off-by: Jinjie Ruan <ruanjinjie@huawei.com>
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/cpufreq/cppc_cpufreq.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/cpufreq/cppc_cpufreq.c b/drivers/cpufreq/cppc_cpufreq.c
index 32045075c596f..00556b4d83f83 100644
--- a/drivers/cpufreq/cppc_cpufreq.c
+++ b/drivers/cpufreq/cppc_cpufreq.c
@@ -493,6 +493,9 @@ static int cppc_get_cpu_cost(struct device *cpu_dev, unsigned long KHz,
int step;
policy = cpufreq_cpu_get_raw(cpu_dev->id);
+ if (!policy)
+ return 0;
+
cpu_data = policy->driver_data;
perf_caps = &cpu_data->perf_caps;
max_cap = arch_scale_cpu_capacity(cpu_dev->id);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 407/817] iommu/amd: Remove amd_iommu_domain_update() from page table freeing
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (405 preceding siblings ...)
2024-12-03 14:39 ` [PATCH 6.11 406/817] cpufreq: CPPC: Fix possible null-ptr-deref for cppc_get_cpu_cost() Greg Kroah-Hartman
@ 2024-12-03 14:39 ` Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 408/817] iommu/amd: Remove the amd_iommu_domain_set_pt_root() and related Greg Kroah-Hartman
` (419 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Vasant Hegde, Jason Gunthorpe,
Joerg Roedel, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jason Gunthorpe <jgg@nvidia.com>
[ Upstream commit 322d889ae7d39f8538a6deac35869aa3be1855bd ]
It is a serious bug if the domain is still mapped to any DTEs when it is
freed as we immediately start freeing page table memory, so any remaining
HW touch will UAF.
If it is not mapped then dev_list is empty and amd_iommu_domain_update()
does nothing.
Remove it and add a WARN_ON() to catch this class of bug.
Reviewed-by: Vasant Hegde <vasant.hegde@amd.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Link: https://lore.kernel.org/r/4-v2-831cdc4d00f3+1a315-amd_iopgtbl_jgg@nvidia.com
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Stable-dep-of: 016991606aa0 ("iommu/amd/pgtbl_v2: Take protection domain lock before invalidating TLB")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iommu/amd/io_pgtable.c | 3 ---
drivers/iommu/amd/iommu.c | 2 ++
2 files changed, 2 insertions(+), 3 deletions(-)
diff --git a/drivers/iommu/amd/io_pgtable.c b/drivers/iommu/amd/io_pgtable.c
index 05aed3cb46f1b..b3991ad1ae8ea 100644
--- a/drivers/iommu/amd/io_pgtable.c
+++ b/drivers/iommu/amd/io_pgtable.c
@@ -578,9 +578,6 @@ static void v1_free_pgtable(struct io_pgtable *iop)
/* Update data structure */
amd_iommu_domain_clr_pt_root(dom);
-
- /* Make changes visible to IOMMUs */
- amd_iommu_domain_update(dom);
}
static struct io_pgtable *v1_alloc_pgtable(struct io_pgtable_cfg *cfg, void *cookie)
diff --git a/drivers/iommu/amd/iommu.c b/drivers/iommu/amd/iommu.c
index 1a61f14459e4f..881f6c589257c 100644
--- a/drivers/iommu/amd/iommu.c
+++ b/drivers/iommu/amd/iommu.c
@@ -2262,6 +2262,8 @@ void protection_domain_free(struct protection_domain *domain)
if (!domain)
return;
+ WARN_ON(!list_empty(&domain->dev_list));
+
if (domain->iop.pgtbl_cfg.tlb)
free_io_pgtable_ops(&domain->iop.iop.ops);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 408/817] iommu/amd: Remove the amd_iommu_domain_set_pt_root() and related
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (406 preceding siblings ...)
2024-12-03 14:39 ` [PATCH 6.11 407/817] iommu/amd: Remove amd_iommu_domain_update() from page table freeing Greg Kroah-Hartman
@ 2024-12-03 14:39 ` Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 409/817] iommu/amd: Rename struct amd_io_pgtable iopt to pgtbl Greg Kroah-Hartman
` (418 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Vasant Hegde, Jason Gunthorpe,
Joerg Roedel, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jason Gunthorpe <jgg@nvidia.com>
[ Upstream commit 1ed2d21d471caf2e4351c2e8bb14143bc8062092 ]
Looks like many refactorings here have left this confused. There is only
one storage of the root/mode, it is in the iop struct.
increase_address_space() calls amd_iommu_domain_set_pgtable() with values
that it already stored in iop a few lines above.
amd_iommu_domain_clr_pt_root() is zero'ing memory we are about to free. It
used to protect against a double free of root, but that is gone now.
Remove amd_iommu_domain_set_pgtable(), amd_iommu_domain_set_pt_root(),
amd_iommu_domain_clr_pt_root() as they are all pointless.
Reviewed-by: Vasant Hegde <vasant.hegde@amd.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Link: https://lore.kernel.org/r/5-v2-831cdc4d00f3+1a315-amd_iopgtbl_jgg@nvidia.com
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Stable-dep-of: 016991606aa0 ("iommu/amd/pgtbl_v2: Take protection domain lock before invalidating TLB")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iommu/amd/amd_iommu.h | 13 -------------
drivers/iommu/amd/io_pgtable.c | 24 ------------------------
2 files changed, 37 deletions(-)
diff --git a/drivers/iommu/amd/amd_iommu.h b/drivers/iommu/amd/amd_iommu.h
index 2d5945c982bde..5a050080d2e81 100644
--- a/drivers/iommu/amd/amd_iommu.h
+++ b/drivers/iommu/amd/amd_iommu.h
@@ -143,19 +143,6 @@ static inline void *iommu_phys_to_virt(unsigned long paddr)
return phys_to_virt(__sme_clr(paddr));
}
-static inline
-void amd_iommu_domain_set_pt_root(struct protection_domain *domain, u64 root)
-{
- domain->iop.root = (u64 *)(root & PAGE_MASK);
- domain->iop.mode = root & 7; /* lowest 3 bits encode pgtable mode */
-}
-
-static inline
-void amd_iommu_domain_clr_pt_root(struct protection_domain *domain)
-{
- amd_iommu_domain_set_pt_root(domain, 0);
-}
-
static inline int get_pci_sbdf_id(struct pci_dev *pdev)
{
int seg = pci_domain_nr(pdev->bus);
diff --git a/drivers/iommu/amd/io_pgtable.c b/drivers/iommu/amd/io_pgtable.c
index b3991ad1ae8ea..5278ba3f676c4 100644
--- a/drivers/iommu/amd/io_pgtable.c
+++ b/drivers/iommu/amd/io_pgtable.c
@@ -132,18 +132,6 @@ static void free_sub_pt(u64 *root, int mode, struct list_head *freelist)
}
}
-void amd_iommu_domain_set_pgtable(struct protection_domain *domain,
- u64 *root, int mode)
-{
- u64 pt_root;
-
- /* lowest 3 bits encode pgtable mode */
- pt_root = mode & 7;
- pt_root |= (u64)root;
-
- amd_iommu_domain_set_pt_root(domain, pt_root);
-}
-
/*
* This function is used to add another level to an IO page table. Adding
* another level increases the size of the address space by 9 bits to a size up
@@ -177,12 +165,6 @@ static bool increase_address_space(struct protection_domain *domain,
amd_iommu_update_and_flush_device_table(domain);
amd_iommu_domain_flush_complete(domain);
- /*
- * Device Table needs to be updated and flushed before the new root can
- * be published.
- */
- amd_iommu_domain_set_pgtable(domain, pte, domain->iop.mode);
-
pte = NULL;
ret = true;
@@ -561,23 +543,17 @@ static int iommu_v1_read_and_clear_dirty(struct io_pgtable_ops *ops,
static void v1_free_pgtable(struct io_pgtable *iop)
{
struct amd_io_pgtable *pgtable = container_of(iop, struct amd_io_pgtable, iop);
- struct protection_domain *dom;
LIST_HEAD(freelist);
if (pgtable->mode == PAGE_MODE_NONE)
return;
- dom = container_of(pgtable, struct protection_domain, iop);
-
/* Page-table is not visible to IOMMU anymore, so free it */
BUG_ON(pgtable->mode < PAGE_MODE_NONE ||
pgtable->mode > PAGE_MODE_6_LEVEL);
free_sub_pt(pgtable->root, pgtable->mode, &freelist);
iommu_put_pages_list(&freelist);
-
- /* Update data structure */
- amd_iommu_domain_clr_pt_root(dom);
}
static struct io_pgtable *v1_alloc_pgtable(struct io_pgtable_cfg *cfg, void *cookie)
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 409/817] iommu/amd: Rename struct amd_io_pgtable iopt to pgtbl
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (407 preceding siblings ...)
2024-12-03 14:39 ` [PATCH 6.11 408/817] iommu/amd: Remove the amd_iommu_domain_set_pt_root() and related Greg Kroah-Hartman
@ 2024-12-03 14:39 ` Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 410/817] iommu/amd: Store the nid in io_pgtable_cfg instead of the domain Greg Kroah-Hartman
` (417 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Alejandro Jimenez, Vasant Hegde,
Jason Gunthorpe, Joerg Roedel, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jason Gunthorpe <jgg@nvidia.com>
[ Upstream commit 670b57796c5dc1ca58912132cad914cf4b3c0cdd ]
There is struct protection_domain iopt and struct amd_io_pgtable iopt.
Next patches are going to want to write domain.iopt.iopt.xx which is quite
unnatural to read.
Give one of them a different name, amd_io_pgtable has fewer references so
call it pgtbl, to match pgtbl_cfg, instead.
Suggested-by: Alejandro Jimenez <alejandro.j.jimenez@oracle.com>
Reviewed-by: Vasant Hegde <vasant.hegde@amd.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Link: https://lore.kernel.org/r/6-v2-831cdc4d00f3+1a315-amd_iopgtbl_jgg@nvidia.com
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Stable-dep-of: 016991606aa0 ("iommu/amd/pgtbl_v2: Take protection domain lock before invalidating TLB")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iommu/amd/amd_iommu_types.h | 4 ++--
drivers/iommu/amd/io_pgtable.c | 12 ++++++------
drivers/iommu/amd/io_pgtable_v2.c | 14 +++++++-------
drivers/iommu/amd/iommu.c | 14 +++++++-------
4 files changed, 22 insertions(+), 22 deletions(-)
diff --git a/drivers/iommu/amd/amd_iommu_types.h b/drivers/iommu/amd/amd_iommu_types.h
index 2b76b5dedc1d9..90a2e4790bffd 100644
--- a/drivers/iommu/amd/amd_iommu_types.h
+++ b/drivers/iommu/amd/amd_iommu_types.h
@@ -527,7 +527,7 @@ struct amd_irte_ops;
#define AMD_IOMMU_FLAG_TRANS_PRE_ENABLED (1 << 0)
#define io_pgtable_to_data(x) \
- container_of((x), struct amd_io_pgtable, iop)
+ container_of((x), struct amd_io_pgtable, pgtbl)
#define io_pgtable_ops_to_data(x) \
io_pgtable_to_data(io_pgtable_ops_to_pgtable(x))
@@ -548,7 +548,7 @@ struct gcr3_tbl_info {
struct amd_io_pgtable {
struct io_pgtable_cfg pgtbl_cfg;
- struct io_pgtable iop;
+ struct io_pgtable pgtbl;
int mode;
u64 *root;
u64 *pgd; /* v2 pgtable pgd pointer */
diff --git a/drivers/iommu/amd/io_pgtable.c b/drivers/iommu/amd/io_pgtable.c
index 5278ba3f676c4..dab1cf53b1f3f 100644
--- a/drivers/iommu/amd/io_pgtable.c
+++ b/drivers/iommu/amd/io_pgtable.c
@@ -542,7 +542,7 @@ static int iommu_v1_read_and_clear_dirty(struct io_pgtable_ops *ops,
*/
static void v1_free_pgtable(struct io_pgtable *iop)
{
- struct amd_io_pgtable *pgtable = container_of(iop, struct amd_io_pgtable, iop);
+ struct amd_io_pgtable *pgtable = container_of(iop, struct amd_io_pgtable, pgtbl);
LIST_HEAD(freelist);
if (pgtable->mode == PAGE_MODE_NONE)
@@ -570,12 +570,12 @@ static struct io_pgtable *v1_alloc_pgtable(struct io_pgtable_cfg *cfg, void *coo
cfg->oas = IOMMU_OUT_ADDR_BIT_SIZE;
cfg->tlb = &v1_flush_ops;
- pgtable->iop.ops.map_pages = iommu_v1_map_pages;
- pgtable->iop.ops.unmap_pages = iommu_v1_unmap_pages;
- pgtable->iop.ops.iova_to_phys = iommu_v1_iova_to_phys;
- pgtable->iop.ops.read_and_clear_dirty = iommu_v1_read_and_clear_dirty;
+ pgtable->pgtbl.ops.map_pages = iommu_v1_map_pages;
+ pgtable->pgtbl.ops.unmap_pages = iommu_v1_unmap_pages;
+ pgtable->pgtbl.ops.iova_to_phys = iommu_v1_iova_to_phys;
+ pgtable->pgtbl.ops.read_and_clear_dirty = iommu_v1_read_and_clear_dirty;
- return &pgtable->iop;
+ return &pgtable->pgtbl;
}
struct io_pgtable_init_fns io_pgtable_amd_iommu_v1_init_fns = {
diff --git a/drivers/iommu/amd/io_pgtable_v2.c b/drivers/iommu/amd/io_pgtable_v2.c
index f9227cbf75dfe..de60f6f4cb2f9 100644
--- a/drivers/iommu/amd/io_pgtable_v2.c
+++ b/drivers/iommu/amd/io_pgtable_v2.c
@@ -234,7 +234,7 @@ static int iommu_v2_map_pages(struct io_pgtable_ops *ops, unsigned long iova,
int prot, gfp_t gfp, size_t *mapped)
{
struct protection_domain *pdom = io_pgtable_ops_to_domain(ops);
- struct io_pgtable_cfg *cfg = &pdom->iop.iop.cfg;
+ struct io_pgtable_cfg *cfg = &pdom->iop.pgtbl.cfg;
u64 *pte;
unsigned long map_size;
unsigned long mapped_size = 0;
@@ -281,7 +281,7 @@ static unsigned long iommu_v2_unmap_pages(struct io_pgtable_ops *ops,
struct iommu_iotlb_gather *gather)
{
struct amd_io_pgtable *pgtable = io_pgtable_ops_to_data(ops);
- struct io_pgtable_cfg *cfg = &pgtable->iop.cfg;
+ struct io_pgtable_cfg *cfg = &pgtable->pgtbl.cfg;
unsigned long unmap_size;
unsigned long unmapped = 0;
size_t size = pgcount << __ffs(pgsize);
@@ -346,7 +346,7 @@ static const struct iommu_flush_ops v2_flush_ops = {
static void v2_free_pgtable(struct io_pgtable *iop)
{
- struct amd_io_pgtable *pgtable = container_of(iop, struct amd_io_pgtable, iop);
+ struct amd_io_pgtable *pgtable = container_of(iop, struct amd_io_pgtable, pgtbl);
if (!pgtable || !pgtable->pgd)
return;
@@ -369,16 +369,16 @@ static struct io_pgtable *v2_alloc_pgtable(struct io_pgtable_cfg *cfg, void *coo
if (get_pgtable_level() == PAGE_MODE_5_LEVEL)
ias = 57;
- pgtable->iop.ops.map_pages = iommu_v2_map_pages;
- pgtable->iop.ops.unmap_pages = iommu_v2_unmap_pages;
- pgtable->iop.ops.iova_to_phys = iommu_v2_iova_to_phys;
+ pgtable->pgtbl.ops.map_pages = iommu_v2_map_pages;
+ pgtable->pgtbl.ops.unmap_pages = iommu_v2_unmap_pages;
+ pgtable->pgtbl.ops.iova_to_phys = iommu_v2_iova_to_phys;
cfg->pgsize_bitmap = AMD_IOMMU_PGSIZES_V2,
cfg->ias = ias,
cfg->oas = IOMMU_OUT_ADDR_BIT_SIZE,
cfg->tlb = &v2_flush_ops;
- return &pgtable->iop;
+ return &pgtable->pgtbl;
}
struct io_pgtable_init_fns io_pgtable_amd_iommu_v2_init_fns = {
diff --git a/drivers/iommu/amd/iommu.c b/drivers/iommu/amd/iommu.c
index 881f6c589257c..b63f0d1bb3251 100644
--- a/drivers/iommu/amd/iommu.c
+++ b/drivers/iommu/amd/iommu.c
@@ -2265,7 +2265,7 @@ void protection_domain_free(struct protection_domain *domain)
WARN_ON(!list_empty(&domain->dev_list));
if (domain->iop.pgtbl_cfg.tlb)
- free_io_pgtable_ops(&domain->iop.iop.ops);
+ free_io_pgtable_ops(&domain->iop.pgtbl.ops);
if (domain->id)
domain_id_free(domain->id);
@@ -2373,7 +2373,7 @@ static struct iommu_domain *do_iommu_domain_alloc(unsigned int type,
domain->domain.geometry.aperture_start = 0;
domain->domain.geometry.aperture_end = dma_max_address();
domain->domain.geometry.force_aperture = true;
- domain->domain.pgsize_bitmap = domain->iop.iop.cfg.pgsize_bitmap;
+ domain->domain.pgsize_bitmap = domain->iop.pgtbl.cfg.pgsize_bitmap;
if (iommu) {
domain->domain.type = type;
@@ -2494,7 +2494,7 @@ static int amd_iommu_iotlb_sync_map(struct iommu_domain *dom,
unsigned long iova, size_t size)
{
struct protection_domain *domain = to_pdomain(dom);
- struct io_pgtable_ops *ops = &domain->iop.iop.ops;
+ struct io_pgtable_ops *ops = &domain->iop.pgtbl.ops;
if (ops->map_pages)
domain_flush_np_cache(domain, iova, size);
@@ -2506,7 +2506,7 @@ static int amd_iommu_map_pages(struct iommu_domain *dom, unsigned long iova,
int iommu_prot, gfp_t gfp, size_t *mapped)
{
struct protection_domain *domain = to_pdomain(dom);
- struct io_pgtable_ops *ops = &domain->iop.iop.ops;
+ struct io_pgtable_ops *ops = &domain->iop.pgtbl.ops;
int prot = 0;
int ret = -EINVAL;
@@ -2553,7 +2553,7 @@ static size_t amd_iommu_unmap_pages(struct iommu_domain *dom, unsigned long iova
struct iommu_iotlb_gather *gather)
{
struct protection_domain *domain = to_pdomain(dom);
- struct io_pgtable_ops *ops = &domain->iop.iop.ops;
+ struct io_pgtable_ops *ops = &domain->iop.pgtbl.ops;
size_t r;
if ((domain->pd_mode == PD_MODE_V1) &&
@@ -2572,7 +2572,7 @@ static phys_addr_t amd_iommu_iova_to_phys(struct iommu_domain *dom,
dma_addr_t iova)
{
struct protection_domain *domain = to_pdomain(dom);
- struct io_pgtable_ops *ops = &domain->iop.iop.ops;
+ struct io_pgtable_ops *ops = &domain->iop.pgtbl.ops;
return ops->iova_to_phys(ops, iova);
}
@@ -2650,7 +2650,7 @@ static int amd_iommu_read_and_clear_dirty(struct iommu_domain *domain,
struct iommu_dirty_bitmap *dirty)
{
struct protection_domain *pdomain = to_pdomain(domain);
- struct io_pgtable_ops *ops = &pdomain->iop.iop.ops;
+ struct io_pgtable_ops *ops = &pdomain->iop.pgtbl.ops;
unsigned long lflags;
if (!ops || !ops->read_and_clear_dirty)
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 410/817] iommu/amd: Store the nid in io_pgtable_cfg instead of the domain
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (408 preceding siblings ...)
2024-12-03 14:39 ` [PATCH 6.11 409/817] iommu/amd: Rename struct amd_io_pgtable iopt to pgtbl Greg Kroah-Hartman
@ 2024-12-03 14:39 ` Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 411/817] iommu/amd: Narrow the use of struct protection_domain to invalidation Greg Kroah-Hartman
` (416 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jason Gunthorpe, Vasant Hegde,
Joerg Roedel, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jason Gunthorpe <jgg@nvidia.com>
[ Upstream commit 47f218d108950984b24af81f66356ceda380eb74 ]
We already have memory in the union here that is being wasted in AMD's
case, use it to store the nid.
Putting the nid here further isolates the io_pgtable code from the struct
protection_domain.
Fixup protection_domain_alloc so that the NID from the device is provided,
at this point dev is never NULL for AMD so this will now allocate the
first table pointer on the correct NUMA node.
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Reviewed-by: Vasant Hegde <vasant.hegde@amd.com>
Link: https://lore.kernel.org/r/8-v2-831cdc4d00f3+1a315-amd_iopgtbl_jgg@nvidia.com
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Stable-dep-of: 016991606aa0 ("iommu/amd/pgtbl_v2: Take protection domain lock before invalidating TLB")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iommu/amd/amd_iommu.h | 2 +-
drivers/iommu/amd/amd_iommu_types.h | 1 -
drivers/iommu/amd/io_pgtable.c | 8 +++++---
drivers/iommu/amd/io_pgtable_v2.c | 5 ++---
drivers/iommu/amd/iommu.c | 12 +++++++-----
drivers/iommu/amd/pasid.c | 2 +-
include/linux/io-pgtable.h | 4 ++++
7 files changed, 20 insertions(+), 14 deletions(-)
diff --git a/drivers/iommu/amd/amd_iommu.h b/drivers/iommu/amd/amd_iommu.h
index 5a050080d2e81..5459f726fb29d 100644
--- a/drivers/iommu/amd/amd_iommu.h
+++ b/drivers/iommu/amd/amd_iommu.h
@@ -45,7 +45,7 @@ extern enum io_pgtable_fmt amd_iommu_pgtable;
extern int amd_iommu_gpt_level;
/* Protection domain ops */
-struct protection_domain *protection_domain_alloc(unsigned int type);
+struct protection_domain *protection_domain_alloc(unsigned int type, int nid);
void protection_domain_free(struct protection_domain *domain);
struct iommu_domain *amd_iommu_domain_alloc_sva(struct device *dev,
struct mm_struct *mm);
diff --git a/drivers/iommu/amd/amd_iommu_types.h b/drivers/iommu/amd/amd_iommu_types.h
index 90a2e4790bffd..caa469abf0327 100644
--- a/drivers/iommu/amd/amd_iommu_types.h
+++ b/drivers/iommu/amd/amd_iommu_types.h
@@ -580,7 +580,6 @@ struct protection_domain {
struct amd_io_pgtable iop;
spinlock_t lock; /* mostly used to lock the page table*/
u16 id; /* the domain id written to the device table */
- int nid; /* Node ID */
enum protection_domain_mode pd_mode; /* Track page table type */
bool dirty_tracking; /* dirty tracking is enabled in the domain */
unsigned dev_cnt; /* devices assigned to this domain */
diff --git a/drivers/iommu/amd/io_pgtable.c b/drivers/iommu/amd/io_pgtable.c
index dab1cf53b1f3f..f71140416fcf6 100644
--- a/drivers/iommu/amd/io_pgtable.c
+++ b/drivers/iommu/amd/io_pgtable.c
@@ -141,11 +141,12 @@ static bool increase_address_space(struct protection_domain *domain,
unsigned long address,
gfp_t gfp)
{
+ struct io_pgtable_cfg *cfg = &domain->iop.pgtbl.cfg;
unsigned long flags;
bool ret = true;
u64 *pte;
- pte = iommu_alloc_page_node(domain->nid, gfp);
+ pte = iommu_alloc_page_node(cfg->amd.nid, gfp);
if (!pte)
return false;
@@ -182,6 +183,7 @@ static u64 *alloc_pte(struct protection_domain *domain,
gfp_t gfp,
bool *updated)
{
+ struct io_pgtable_cfg *cfg = &domain->iop.pgtbl.cfg;
int level, end_lvl;
u64 *pte, *page;
@@ -233,7 +235,7 @@ static u64 *alloc_pte(struct protection_domain *domain,
if (!IOMMU_PTE_PRESENT(__pte) ||
pte_level == PAGE_MODE_NONE) {
- page = iommu_alloc_page_node(domain->nid, gfp);
+ page = iommu_alloc_page_node(cfg->amd.nid, gfp);
if (!page)
return NULL;
@@ -560,7 +562,7 @@ static struct io_pgtable *v1_alloc_pgtable(struct io_pgtable_cfg *cfg, void *coo
{
struct amd_io_pgtable *pgtable = io_pgtable_cfg_to_data(cfg);
- pgtable->root = iommu_alloc_page(GFP_KERNEL);
+ pgtable->root = iommu_alloc_page_node(cfg->amd.nid, GFP_KERNEL);
if (!pgtable->root)
return NULL;
pgtable->mode = PAGE_MODE_3_LEVEL;
diff --git a/drivers/iommu/amd/io_pgtable_v2.c b/drivers/iommu/amd/io_pgtable_v2.c
index de60f6f4cb2f9..c881ec848f545 100644
--- a/drivers/iommu/amd/io_pgtable_v2.c
+++ b/drivers/iommu/amd/io_pgtable_v2.c
@@ -251,7 +251,7 @@ static int iommu_v2_map_pages(struct io_pgtable_ops *ops, unsigned long iova,
while (mapped_size < size) {
map_size = get_alloc_page_size(pgsize);
- pte = v2_alloc_pte(pdom->nid, pdom->iop.pgd,
+ pte = v2_alloc_pte(cfg->amd.nid, pdom->iop.pgd,
iova, map_size, gfp, &updated);
if (!pte) {
ret = -EINVAL;
@@ -359,10 +359,9 @@ static void v2_free_pgtable(struct io_pgtable *iop)
static struct io_pgtable *v2_alloc_pgtable(struct io_pgtable_cfg *cfg, void *cookie)
{
struct amd_io_pgtable *pgtable = io_pgtable_cfg_to_data(cfg);
- struct protection_domain *pdom = (struct protection_domain *)cookie;
int ias = IOMMU_IN_ADDR_BIT_SIZE;
- pgtable->pgd = iommu_alloc_page_node(pdom->nid, GFP_KERNEL);
+ pgtable->pgd = iommu_alloc_page_node(cfg->amd.nid, GFP_KERNEL);
if (!pgtable->pgd)
return NULL;
diff --git a/drivers/iommu/amd/iommu.c b/drivers/iommu/amd/iommu.c
index b63f0d1bb3251..554179f7de29e 100644
--- a/drivers/iommu/amd/iommu.c
+++ b/drivers/iommu/amd/iommu.c
@@ -2030,6 +2030,7 @@ static int do_attach(struct iommu_dev_data *dev_data,
struct protection_domain *domain)
{
struct amd_iommu *iommu = get_amd_iommu_from_dev_data(dev_data);
+ struct io_pgtable_cfg *cfg = &domain->iop.pgtbl.cfg;
int ret = 0;
/* Update data structures */
@@ -2037,8 +2038,8 @@ static int do_attach(struct iommu_dev_data *dev_data,
list_add(&dev_data->list, &domain->dev_list);
/* Update NUMA Node ID */
- if (domain->nid == NUMA_NO_NODE)
- domain->nid = dev_to_node(dev_data->dev);
+ if (cfg->amd.nid == NUMA_NO_NODE)
+ cfg->amd.nid = dev_to_node(dev_data->dev);
/* Do reference counting */
domain->dev_iommu[iommu->index] += 1;
@@ -2273,7 +2274,7 @@ void protection_domain_free(struct protection_domain *domain)
kfree(domain);
}
-struct protection_domain *protection_domain_alloc(unsigned int type)
+struct protection_domain *protection_domain_alloc(unsigned int type, int nid)
{
struct io_pgtable_ops *pgtbl_ops;
struct protection_domain *domain;
@@ -2290,7 +2291,7 @@ struct protection_domain *protection_domain_alloc(unsigned int type)
spin_lock_init(&domain->lock);
INIT_LIST_HEAD(&domain->dev_list);
INIT_LIST_HEAD(&domain->dev_data_list);
- domain->nid = NUMA_NO_NODE;
+ domain->iop.pgtbl.cfg.amd.nid = nid;
switch (type) {
/* No need to allocate io pgtable ops in passthrough mode */
@@ -2366,7 +2367,8 @@ static struct iommu_domain *do_iommu_domain_alloc(unsigned int type,
if (dirty_tracking && !amd_iommu_hd_support(iommu))
return ERR_PTR(-EOPNOTSUPP);
- domain = protection_domain_alloc(type);
+ domain = protection_domain_alloc(type,
+ dev ? dev_to_node(dev) : NUMA_NO_NODE);
if (!domain)
return ERR_PTR(-ENOMEM);
diff --git a/drivers/iommu/amd/pasid.c b/drivers/iommu/amd/pasid.c
index a68215f2b3e1d..0657b9373be54 100644
--- a/drivers/iommu/amd/pasid.c
+++ b/drivers/iommu/amd/pasid.c
@@ -181,7 +181,7 @@ struct iommu_domain *amd_iommu_domain_alloc_sva(struct device *dev,
struct protection_domain *pdom;
int ret;
- pdom = protection_domain_alloc(IOMMU_DOMAIN_SVA);
+ pdom = protection_domain_alloc(IOMMU_DOMAIN_SVA, dev_to_node(dev));
if (!pdom)
return ERR_PTR(-ENOMEM);
diff --git a/include/linux/io-pgtable.h b/include/linux/io-pgtable.h
index f9a81761bfced..b1ecfc3cd5bcc 100644
--- a/include/linux/io-pgtable.h
+++ b/include/linux/io-pgtable.h
@@ -171,6 +171,10 @@ struct io_pgtable_cfg {
u64 ttbr[4];
u32 n_ttbrs;
} apple_dart_cfg;
+
+ struct {
+ int nid;
+ } amd;
};
};
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 411/817] iommu/amd: Narrow the use of struct protection_domain to invalidation
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (409 preceding siblings ...)
2024-12-03 14:39 ` [PATCH 6.11 410/817] iommu/amd: Store the nid in io_pgtable_cfg instead of the domain Greg Kroah-Hartman
@ 2024-12-03 14:39 ` Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 412/817] iommu/amd/pgtbl_v2: Take protection domain lock before invalidating TLB Greg Kroah-Hartman
` (415 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jason Gunthorpe, Vasant Hegde,
Joerg Roedel, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jason Gunthorpe <jgg@nvidia.com>
[ Upstream commit 9ac0b3380acdece01fa1b361687e3cd988831c55 ]
The AMD io_pgtable stuff doesn't implement the tlb ops callbacks, instead
it invokes the invalidation ops directly on the struct protection_domain.
Narrow the use of struct protection_domain to only those few code paths.
Make everything else properly use struct amd_io_pgtable through the call
chains, which is the correct modular type for an io-pgtable module.
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Reviewed-by: Vasant Hegde <vasant.hegde@amd.com>
Link: https://lore.kernel.org/r/9-v2-831cdc4d00f3+1a315-amd_iopgtbl_jgg@nvidia.com
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Stable-dep-of: 016991606aa0 ("iommu/amd/pgtbl_v2: Take protection domain lock before invalidating TLB")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iommu/amd/io_pgtable.c | 33 +++++++++++++++++--------------
drivers/iommu/amd/io_pgtable_v2.c | 11 +++++++----
2 files changed, 25 insertions(+), 19 deletions(-)
diff --git a/drivers/iommu/amd/io_pgtable.c b/drivers/iommu/amd/io_pgtable.c
index f71140416fcf6..667718db7ffde 100644
--- a/drivers/iommu/amd/io_pgtable.c
+++ b/drivers/iommu/amd/io_pgtable.c
@@ -137,11 +137,13 @@ static void free_sub_pt(u64 *root, int mode, struct list_head *freelist)
* another level increases the size of the address space by 9 bits to a size up
* to 64 bits.
*/
-static bool increase_address_space(struct protection_domain *domain,
+static bool increase_address_space(struct amd_io_pgtable *pgtable,
unsigned long address,
gfp_t gfp)
{
- struct io_pgtable_cfg *cfg = &domain->iop.pgtbl.cfg;
+ struct io_pgtable_cfg *cfg = &pgtable->pgtbl.cfg;
+ struct protection_domain *domain =
+ container_of(pgtable, struct protection_domain, iop);
unsigned long flags;
bool ret = true;
u64 *pte;
@@ -152,17 +154,17 @@ static bool increase_address_space(struct protection_domain *domain,
spin_lock_irqsave(&domain->lock, flags);
- if (address <= PM_LEVEL_SIZE(domain->iop.mode))
+ if (address <= PM_LEVEL_SIZE(pgtable->mode))
goto out;
ret = false;
- if (WARN_ON_ONCE(domain->iop.mode == PAGE_MODE_6_LEVEL))
+ if (WARN_ON_ONCE(pgtable->mode == PAGE_MODE_6_LEVEL))
goto out;
- *pte = PM_LEVEL_PDE(domain->iop.mode, iommu_virt_to_phys(domain->iop.root));
+ *pte = PM_LEVEL_PDE(pgtable->mode, iommu_virt_to_phys(pgtable->root));
- domain->iop.root = pte;
- domain->iop.mode += 1;
+ pgtable->root = pte;
+ pgtable->mode += 1;
amd_iommu_update_and_flush_device_table(domain);
amd_iommu_domain_flush_complete(domain);
@@ -176,31 +178,31 @@ static bool increase_address_space(struct protection_domain *domain,
return ret;
}
-static u64 *alloc_pte(struct protection_domain *domain,
+static u64 *alloc_pte(struct amd_io_pgtable *pgtable,
unsigned long address,
unsigned long page_size,
u64 **pte_page,
gfp_t gfp,
bool *updated)
{
- struct io_pgtable_cfg *cfg = &domain->iop.pgtbl.cfg;
+ struct io_pgtable_cfg *cfg = &pgtable->pgtbl.cfg;
int level, end_lvl;
u64 *pte, *page;
BUG_ON(!is_power_of_2(page_size));
- while (address > PM_LEVEL_SIZE(domain->iop.mode)) {
+ while (address > PM_LEVEL_SIZE(pgtable->mode)) {
/*
* Return an error if there is no memory to update the
* page-table.
*/
- if (!increase_address_space(domain, address, gfp))
+ if (!increase_address_space(pgtable, address, gfp))
return NULL;
}
- level = domain->iop.mode - 1;
- pte = &domain->iop.root[PM_LEVEL_INDEX(level, address)];
+ level = pgtable->mode - 1;
+ pte = &pgtable->root[PM_LEVEL_INDEX(level, address)];
address = PAGE_SIZE_ALIGN(address, page_size);
end_lvl = PAGE_SIZE_LEVEL(page_size);
@@ -349,7 +351,7 @@ static int iommu_v1_map_pages(struct io_pgtable_ops *ops, unsigned long iova,
phys_addr_t paddr, size_t pgsize, size_t pgcount,
int prot, gfp_t gfp, size_t *mapped)
{
- struct protection_domain *dom = io_pgtable_ops_to_domain(ops);
+ struct amd_io_pgtable *pgtable = io_pgtable_ops_to_data(ops);
LIST_HEAD(freelist);
bool updated = false;
u64 __pte, *pte;
@@ -366,7 +368,7 @@ static int iommu_v1_map_pages(struct io_pgtable_ops *ops, unsigned long iova,
while (pgcount > 0) {
count = PAGE_SIZE_PTE_COUNT(pgsize);
- pte = alloc_pte(dom, iova, pgsize, NULL, gfp, &updated);
+ pte = alloc_pte(pgtable, iova, pgsize, NULL, gfp, &updated);
ret = -ENOMEM;
if (!pte)
@@ -403,6 +405,7 @@ static int iommu_v1_map_pages(struct io_pgtable_ops *ops, unsigned long iova,
out:
if (updated) {
+ struct protection_domain *dom = io_pgtable_ops_to_domain(ops);
unsigned long flags;
spin_lock_irqsave(&dom->lock, flags);
diff --git a/drivers/iommu/amd/io_pgtable_v2.c b/drivers/iommu/amd/io_pgtable_v2.c
index c881ec848f545..afa5844495ca8 100644
--- a/drivers/iommu/amd/io_pgtable_v2.c
+++ b/drivers/iommu/amd/io_pgtable_v2.c
@@ -233,8 +233,8 @@ static int iommu_v2_map_pages(struct io_pgtable_ops *ops, unsigned long iova,
phys_addr_t paddr, size_t pgsize, size_t pgcount,
int prot, gfp_t gfp, size_t *mapped)
{
- struct protection_domain *pdom = io_pgtable_ops_to_domain(ops);
- struct io_pgtable_cfg *cfg = &pdom->iop.pgtbl.cfg;
+ struct amd_io_pgtable *pgtable = io_pgtable_ops_to_data(ops);
+ struct io_pgtable_cfg *cfg = &pgtable->pgtbl.cfg;
u64 *pte;
unsigned long map_size;
unsigned long mapped_size = 0;
@@ -251,7 +251,7 @@ static int iommu_v2_map_pages(struct io_pgtable_ops *ops, unsigned long iova,
while (mapped_size < size) {
map_size = get_alloc_page_size(pgsize);
- pte = v2_alloc_pte(cfg->amd.nid, pdom->iop.pgd,
+ pte = v2_alloc_pte(cfg->amd.nid, pgtable->pgd,
iova, map_size, gfp, &updated);
if (!pte) {
ret = -EINVAL;
@@ -266,8 +266,11 @@ static int iommu_v2_map_pages(struct io_pgtable_ops *ops, unsigned long iova,
}
out:
- if (updated)
+ if (updated) {
+ struct protection_domain *pdom = io_pgtable_ops_to_domain(ops);
+
amd_iommu_domain_flush_pages(pdom, o_iova, size);
+ }
if (mapped)
*mapped += mapped_size;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 412/817] iommu/amd/pgtbl_v2: Take protection domain lock before invalidating TLB
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (410 preceding siblings ...)
2024-12-03 14:39 ` [PATCH 6.11 411/817] iommu/amd: Narrow the use of struct protection_domain to invalidation Greg Kroah-Hartman
@ 2024-12-03 14:39 ` Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 413/817] RDMA/hns: Fix an AEQE overflow error caused by untimely update of eq_db_ci Greg Kroah-Hartman
` (414 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Vasant Hegde, Jason Gunthorpe,
Joerg Roedel, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Vasant Hegde <vasant.hegde@amd.com>
[ Upstream commit 016991606aa01c4d92e6941be636c0c897aa05c7 ]
Commit c7fc12354be0 ("iommu/amd/pgtbl_v2: Invalidate updated page ranges
only") missed to take domain lock before calling
amd_iommu_domain_flush_pages(). Fix this by taking protection domain
lock before calling TLB invalidation function.
Fixes: c7fc12354be0 ("iommu/amd/pgtbl_v2: Invalidate updated page ranges only")
Signed-off-by: Vasant Hegde <vasant.hegde@amd.com>
Reviewed-by: Jason Gunthorpe <jgg@nvidia.com>
Link: https://lore.kernel.org/r/20241030063556.6104-2-vasant.hegde@amd.com
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iommu/amd/io_pgtable_v2.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/iommu/amd/io_pgtable_v2.c b/drivers/iommu/amd/io_pgtable_v2.c
index afa5844495ca8..2c5db78065113 100644
--- a/drivers/iommu/amd/io_pgtable_v2.c
+++ b/drivers/iommu/amd/io_pgtable_v2.c
@@ -268,8 +268,11 @@ static int iommu_v2_map_pages(struct io_pgtable_ops *ops, unsigned long iova,
out:
if (updated) {
struct protection_domain *pdom = io_pgtable_ops_to_domain(ops);
+ unsigned long flags;
+ spin_lock_irqsave(&pdom->lock, flags);
amd_iommu_domain_flush_pages(pdom, o_iova, size);
+ spin_unlock_irqrestore(&pdom->lock, flags);
}
if (mapped)
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 413/817] RDMA/hns: Fix an AEQE overflow error caused by untimely update of eq_db_ci
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (411 preceding siblings ...)
2024-12-03 14:39 ` [PATCH 6.11 412/817] iommu/amd/pgtbl_v2: Take protection domain lock before invalidating TLB Greg Kroah-Hartman
@ 2024-12-03 14:39 ` Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 414/817] RDMA/hns: Fix flush cqe error when racing with destroy qp Greg Kroah-Hartman
` (413 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, wenglianfa, Junxian Huang,
Leon Romanovsky, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: wenglianfa <wenglianfa@huawei.com>
[ Upstream commit 571e4ab8a45e530623ab129803f090a844dd3fe9 ]
eq_db_ci is updated only after all AEQEs are processed in the AEQ
interrupt handler, which is not timely enough and may result in
AEQ overflow. Two optimization methods are proposed:
1. Set an upper limit for AEQE processing.
2. Move time-consuming operations such as printings to the bottom
half of the interrupt.
cmd events and flush_cqe events are still fully processed in the top half
to ensure timely handling.
Fixes: a5073d6054f7 ("RDMA/hns: Add eq support of hip08")
Signed-off-by: wenglianfa <wenglianfa@huawei.com>
Signed-off-by: Junxian Huang <huangjunxian6@hisilicon.com>
Link: https://patch.msgid.link/20241024124000.2931869-2-huangjunxian6@hisilicon.com
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/hw/hns/hns_roce_device.h | 1 +
drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 75 ++++++++++++++-------
drivers/infiniband/hw/hns/hns_roce_hw_v2.h | 5 ++
drivers/infiniband/hw/hns/hns_roce_qp.c | 54 +++++++++------
4 files changed, 91 insertions(+), 44 deletions(-)
diff --git a/drivers/infiniband/hw/hns/hns_roce_device.h b/drivers/infiniband/hw/hns/hns_roce_device.h
index 0b1e21cb6d2d3..73c78005901e6 100644
--- a/drivers/infiniband/hw/hns/hns_roce_device.h
+++ b/drivers/infiniband/hw/hns/hns_roce_device.h
@@ -1289,6 +1289,7 @@ void hns_roce_cq_completion(struct hns_roce_dev *hr_dev, u32 cqn);
void hns_roce_cq_event(struct hns_roce_dev *hr_dev, u32 cqn, int event_type);
void flush_cqe(struct hns_roce_dev *dev, struct hns_roce_qp *qp);
void hns_roce_qp_event(struct hns_roce_dev *hr_dev, u32 qpn, int event_type);
+void hns_roce_flush_cqe(struct hns_roce_dev *hr_dev, u32 qpn);
void hns_roce_srq_event(struct hns_roce_dev *hr_dev, u32 srqn, int event_type);
void hns_roce_handle_device_err(struct hns_roce_dev *hr_dev);
int hns_roce_init(struct hns_roce_dev *hr_dev);
diff --git a/drivers/infiniband/hw/hns/hns_roce_hw_v2.c b/drivers/infiniband/hw/hns/hns_roce_hw_v2.c
index f1feaa79f78ee..bbdeb02102e87 100644
--- a/drivers/infiniband/hw/hns/hns_roce_hw_v2.c
+++ b/drivers/infiniband/hw/hns/hns_roce_hw_v2.c
@@ -5967,11 +5967,10 @@ static int hns_roce_v2_query_mpt(struct hns_roce_dev *hr_dev, u32 key,
return ret;
}
-static void hns_roce_irq_work_handle(struct work_struct *work)
+static void dump_aeqe_log(struct hns_roce_work *irq_work)
{
- struct hns_roce_work *irq_work =
- container_of(work, struct hns_roce_work, work);
- struct ib_device *ibdev = &irq_work->hr_dev->ib_dev;
+ struct hns_roce_dev *hr_dev = irq_work->hr_dev;
+ struct ib_device *ibdev = &hr_dev->ib_dev;
switch (irq_work->event_type) {
case HNS_ROCE_EVENT_TYPE_PATH_MIG:
@@ -6015,6 +6014,8 @@ static void hns_roce_irq_work_handle(struct work_struct *work)
case HNS_ROCE_EVENT_TYPE_DB_OVERFLOW:
ibdev_warn(ibdev, "DB overflow.\n");
break;
+ case HNS_ROCE_EVENT_TYPE_MB:
+ break;
case HNS_ROCE_EVENT_TYPE_FLR:
ibdev_warn(ibdev, "function level reset.\n");
break;
@@ -6025,8 +6026,46 @@ static void hns_roce_irq_work_handle(struct work_struct *work)
ibdev_err(ibdev, "invalid xrceth error.\n");
break;
default:
+ ibdev_info(ibdev, "Undefined event %d.\n",
+ irq_work->event_type);
break;
}
+}
+
+static void hns_roce_irq_work_handle(struct work_struct *work)
+{
+ struct hns_roce_work *irq_work =
+ container_of(work, struct hns_roce_work, work);
+ struct hns_roce_dev *hr_dev = irq_work->hr_dev;
+ int event_type = irq_work->event_type;
+ u32 queue_num = irq_work->queue_num;
+
+ switch (event_type) {
+ case HNS_ROCE_EVENT_TYPE_PATH_MIG:
+ case HNS_ROCE_EVENT_TYPE_PATH_MIG_FAILED:
+ case HNS_ROCE_EVENT_TYPE_COMM_EST:
+ case HNS_ROCE_EVENT_TYPE_SQ_DRAINED:
+ case HNS_ROCE_EVENT_TYPE_WQ_CATAS_ERROR:
+ case HNS_ROCE_EVENT_TYPE_SRQ_LAST_WQE_REACH:
+ case HNS_ROCE_EVENT_TYPE_INV_REQ_LOCAL_WQ_ERROR:
+ case HNS_ROCE_EVENT_TYPE_LOCAL_WQ_ACCESS_ERROR:
+ case HNS_ROCE_EVENT_TYPE_XRCD_VIOLATION:
+ case HNS_ROCE_EVENT_TYPE_INVALID_XRCETH:
+ hns_roce_qp_event(hr_dev, queue_num, event_type);
+ break;
+ case HNS_ROCE_EVENT_TYPE_SRQ_LIMIT_REACH:
+ case HNS_ROCE_EVENT_TYPE_SRQ_CATAS_ERROR:
+ hns_roce_srq_event(hr_dev, queue_num, event_type);
+ break;
+ case HNS_ROCE_EVENT_TYPE_CQ_ACCESS_ERROR:
+ case HNS_ROCE_EVENT_TYPE_CQ_OVERFLOW:
+ hns_roce_cq_event(hr_dev, queue_num, event_type);
+ break;
+ default:
+ break;
+ }
+
+ dump_aeqe_log(irq_work);
kfree(irq_work);
}
@@ -6087,14 +6126,14 @@ static struct hns_roce_aeqe *next_aeqe_sw_v2(struct hns_roce_eq *eq)
static irqreturn_t hns_roce_v2_aeq_int(struct hns_roce_dev *hr_dev,
struct hns_roce_eq *eq)
{
- struct device *dev = hr_dev->dev;
struct hns_roce_aeqe *aeqe = next_aeqe_sw_v2(eq);
irqreturn_t aeqe_found = IRQ_NONE;
+ int num_aeqes = 0;
int event_type;
u32 queue_num;
int sub_type;
- while (aeqe) {
+ while (aeqe && num_aeqes < HNS_AEQ_POLLING_BUDGET) {
/* Make sure we read AEQ entry after we have checked the
* ownership bit
*/
@@ -6105,25 +6144,12 @@ static irqreturn_t hns_roce_v2_aeq_int(struct hns_roce_dev *hr_dev,
queue_num = hr_reg_read(aeqe, AEQE_EVENT_QUEUE_NUM);
switch (event_type) {
- case HNS_ROCE_EVENT_TYPE_PATH_MIG:
- case HNS_ROCE_EVENT_TYPE_PATH_MIG_FAILED:
- case HNS_ROCE_EVENT_TYPE_COMM_EST:
- case HNS_ROCE_EVENT_TYPE_SQ_DRAINED:
case HNS_ROCE_EVENT_TYPE_WQ_CATAS_ERROR:
- case HNS_ROCE_EVENT_TYPE_SRQ_LAST_WQE_REACH:
case HNS_ROCE_EVENT_TYPE_INV_REQ_LOCAL_WQ_ERROR:
case HNS_ROCE_EVENT_TYPE_LOCAL_WQ_ACCESS_ERROR:
case HNS_ROCE_EVENT_TYPE_XRCD_VIOLATION:
case HNS_ROCE_EVENT_TYPE_INVALID_XRCETH:
- hns_roce_qp_event(hr_dev, queue_num, event_type);
- break;
- case HNS_ROCE_EVENT_TYPE_SRQ_LIMIT_REACH:
- case HNS_ROCE_EVENT_TYPE_SRQ_CATAS_ERROR:
- hns_roce_srq_event(hr_dev, queue_num, event_type);
- break;
- case HNS_ROCE_EVENT_TYPE_CQ_ACCESS_ERROR:
- case HNS_ROCE_EVENT_TYPE_CQ_OVERFLOW:
- hns_roce_cq_event(hr_dev, queue_num, event_type);
+ hns_roce_flush_cqe(hr_dev, queue_num);
break;
case HNS_ROCE_EVENT_TYPE_MB:
hns_roce_cmd_event(hr_dev,
@@ -6131,12 +6157,7 @@ static irqreturn_t hns_roce_v2_aeq_int(struct hns_roce_dev *hr_dev,
aeqe->event.cmd.status,
le64_to_cpu(aeqe->event.cmd.out_param));
break;
- case HNS_ROCE_EVENT_TYPE_DB_OVERFLOW:
- case HNS_ROCE_EVENT_TYPE_FLR:
- break;
default:
- dev_err(dev, "unhandled event %d on EQ %d at idx %u.\n",
- event_type, eq->eqn, eq->cons_index);
break;
}
@@ -6150,6 +6171,7 @@ static irqreturn_t hns_roce_v2_aeq_int(struct hns_roce_dev *hr_dev,
hns_roce_v2_init_irq_work(hr_dev, eq, queue_num);
aeqe = next_aeqe_sw_v2(eq);
+ ++num_aeqes;
}
update_eq_db(eq);
@@ -6699,6 +6721,9 @@ static int hns_roce_v2_init_eq_table(struct hns_roce_dev *hr_dev)
int ret;
int i;
+ if (hr_dev->caps.aeqe_depth < HNS_AEQ_POLLING_BUDGET)
+ return -EINVAL;
+
other_num = hr_dev->caps.num_other_vectors;
comp_num = hr_dev->caps.num_comp_vectors;
aeq_num = hr_dev->caps.num_aeq_vectors;
diff --git a/drivers/infiniband/hw/hns/hns_roce_hw_v2.h b/drivers/infiniband/hw/hns/hns_roce_hw_v2.h
index c65f68a14a260..3b3c6259ace0e 100644
--- a/drivers/infiniband/hw/hns/hns_roce_hw_v2.h
+++ b/drivers/infiniband/hw/hns/hns_roce_hw_v2.h
@@ -85,6 +85,11 @@
#define HNS_ROCE_V2_TABLE_CHUNK_SIZE (1 << 18)
+/* budget must be smaller than aeqe_depth to guarantee that we update
+ * the ci before we polled all the entries in the EQ.
+ */
+#define HNS_AEQ_POLLING_BUDGET 64
+
enum {
HNS_ROCE_CMD_FLAG_IN = BIT(0),
HNS_ROCE_CMD_FLAG_OUT = BIT(1),
diff --git a/drivers/infiniband/hw/hns/hns_roce_qp.c b/drivers/infiniband/hw/hns/hns_roce_qp.c
index 6b03ba671ff8f..dcaa370d4a265 100644
--- a/drivers/infiniband/hw/hns/hns_roce_qp.c
+++ b/drivers/infiniband/hw/hns/hns_roce_qp.c
@@ -39,6 +39,25 @@
#include "hns_roce_device.h"
#include "hns_roce_hem.h"
+static struct hns_roce_qp *hns_roce_qp_lookup(struct hns_roce_dev *hr_dev,
+ u32 qpn)
+{
+ struct device *dev = hr_dev->dev;
+ struct hns_roce_qp *qp;
+ unsigned long flags;
+
+ xa_lock_irqsave(&hr_dev->qp_table_xa, flags);
+ qp = __hns_roce_qp_lookup(hr_dev, qpn);
+ if (qp)
+ refcount_inc(&qp->refcount);
+ xa_unlock_irqrestore(&hr_dev->qp_table_xa, flags);
+
+ if (!qp)
+ dev_warn(dev, "async event for bogus QP %08x\n", qpn);
+
+ return qp;
+}
+
static void flush_work_handle(struct work_struct *work)
{
struct hns_roce_work *flush_work = container_of(work,
@@ -95,31 +114,28 @@ void flush_cqe(struct hns_roce_dev *dev, struct hns_roce_qp *qp)
void hns_roce_qp_event(struct hns_roce_dev *hr_dev, u32 qpn, int event_type)
{
- struct device *dev = hr_dev->dev;
struct hns_roce_qp *qp;
- xa_lock(&hr_dev->qp_table_xa);
- qp = __hns_roce_qp_lookup(hr_dev, qpn);
- if (qp)
- refcount_inc(&qp->refcount);
- xa_unlock(&hr_dev->qp_table_xa);
-
- if (!qp) {
- dev_warn(dev, "async event for bogus QP %08x\n", qpn);
+ qp = hns_roce_qp_lookup(hr_dev, qpn);
+ if (!qp)
return;
- }
- if (event_type == HNS_ROCE_EVENT_TYPE_WQ_CATAS_ERROR ||
- event_type == HNS_ROCE_EVENT_TYPE_INV_REQ_LOCAL_WQ_ERROR ||
- event_type == HNS_ROCE_EVENT_TYPE_LOCAL_WQ_ACCESS_ERROR ||
- event_type == HNS_ROCE_EVENT_TYPE_XRCD_VIOLATION ||
- event_type == HNS_ROCE_EVENT_TYPE_INVALID_XRCETH) {
- qp->state = IB_QPS_ERR;
+ qp->event(qp, (enum hns_roce_event)event_type);
- flush_cqe(hr_dev, qp);
- }
+ if (refcount_dec_and_test(&qp->refcount))
+ complete(&qp->free);
+}
- qp->event(qp, (enum hns_roce_event)event_type);
+void hns_roce_flush_cqe(struct hns_roce_dev *hr_dev, u32 qpn)
+{
+ struct hns_roce_qp *qp;
+
+ qp = hns_roce_qp_lookup(hr_dev, qpn);
+ if (!qp)
+ return;
+
+ qp->state = IB_QPS_ERR;
+ flush_cqe(hr_dev, qp);
if (refcount_dec_and_test(&qp->refcount))
complete(&qp->free);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 414/817] RDMA/hns: Fix flush cqe error when racing with destroy qp
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (412 preceding siblings ...)
2024-12-03 14:39 ` [PATCH 6.11 413/817] RDMA/hns: Fix an AEQE overflow error caused by untimely update of eq_db_ci Greg Kroah-Hartman
@ 2024-12-03 14:39 ` Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 415/817] RDMA/hns: Modify debugfs name Greg Kroah-Hartman
` (412 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, wenglianfa, Junxian Huang,
Zhu Yanjun, Leon Romanovsky, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: wenglianfa <wenglianfa@huawei.com>
[ Upstream commit 377a2097705b915325a67e4d44f9f2844e567809 ]
QP needs to be modified to IB_QPS_ERROR to trigger HW flush cqe. But
when this process races with destroy qp, the destroy-qp process may
modify the QP to IB_QPS_RESET first. In this case flush cqe will fail
since it is invalid to modify qp from IB_QPS_RESET to IB_QPS_ERROR.
Add lock and bit flag to make sure pending flush cqe work is completed
first and no more new works will be added.
Fixes: ffd541d45726 ("RDMA/hns: Add the workqueue framework for flush cqe handler")
Signed-off-by: wenglianfa <wenglianfa@huawei.com>
Signed-off-by: Junxian Huang <huangjunxian6@hisilicon.com>
Link: https://patch.msgid.link/20241024124000.2931869-3-huangjunxian6@hisilicon.com
Reviewed-by: Zhu Yanjun <yanjun.zhu@linux.dev>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/hw/hns/hns_roce_device.h | 2 ++
drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 7 +++++++
drivers/infiniband/hw/hns/hns_roce_qp.c | 15 +++++++++++++--
3 files changed, 22 insertions(+), 2 deletions(-)
diff --git a/drivers/infiniband/hw/hns/hns_roce_device.h b/drivers/infiniband/hw/hns/hns_roce_device.h
index 73c78005901e6..9b51d5a1533f5 100644
--- a/drivers/infiniband/hw/hns/hns_roce_device.h
+++ b/drivers/infiniband/hw/hns/hns_roce_device.h
@@ -593,6 +593,7 @@ struct hns_roce_dev;
enum {
HNS_ROCE_FLUSH_FLAG = 0,
+ HNS_ROCE_STOP_FLUSH_FLAG = 1,
};
struct hns_roce_work {
@@ -656,6 +657,7 @@ struct hns_roce_qp {
enum hns_roce_cong_type cong_type;
u8 tc_mode;
u8 priority;
+ spinlock_t flush_lock;
};
struct hns_roce_ib_iboe {
diff --git a/drivers/infiniband/hw/hns/hns_roce_hw_v2.c b/drivers/infiniband/hw/hns/hns_roce_hw_v2.c
index bbdeb02102e87..4c3bc1f6a183c 100644
--- a/drivers/infiniband/hw/hns/hns_roce_hw_v2.c
+++ b/drivers/infiniband/hw/hns/hns_roce_hw_v2.c
@@ -5598,8 +5598,15 @@ int hns_roce_v2_destroy_qp(struct ib_qp *ibqp, struct ib_udata *udata)
{
struct hns_roce_dev *hr_dev = to_hr_dev(ibqp->device);
struct hns_roce_qp *hr_qp = to_hr_qp(ibqp);
+ unsigned long flags;
int ret;
+ /* Make sure flush_cqe() is completed */
+ spin_lock_irqsave(&hr_qp->flush_lock, flags);
+ set_bit(HNS_ROCE_STOP_FLUSH_FLAG, &hr_qp->flush_flag);
+ spin_unlock_irqrestore(&hr_qp->flush_lock, flags);
+ flush_work(&hr_qp->flush_work.work);
+
ret = hns_roce_v2_destroy_qp_common(hr_dev, hr_qp, udata);
if (ret)
ibdev_err(&hr_dev->ib_dev,
diff --git a/drivers/infiniband/hw/hns/hns_roce_qp.c b/drivers/infiniband/hw/hns/hns_roce_qp.c
index dcaa370d4a265..2ad03ecdbf8ec 100644
--- a/drivers/infiniband/hw/hns/hns_roce_qp.c
+++ b/drivers/infiniband/hw/hns/hns_roce_qp.c
@@ -90,11 +90,18 @@ static void flush_work_handle(struct work_struct *work)
void init_flush_work(struct hns_roce_dev *hr_dev, struct hns_roce_qp *hr_qp)
{
struct hns_roce_work *flush_work = &hr_qp->flush_work;
+ unsigned long flags;
+
+ spin_lock_irqsave(&hr_qp->flush_lock, flags);
+ /* Exit directly after destroy_qp() */
+ if (test_bit(HNS_ROCE_STOP_FLUSH_FLAG, &hr_qp->flush_flag)) {
+ spin_unlock_irqrestore(&hr_qp->flush_lock, flags);
+ return;
+ }
- flush_work->hr_dev = hr_dev;
- INIT_WORK(&flush_work->work, flush_work_handle);
refcount_inc(&hr_qp->refcount);
queue_work(hr_dev->irq_workq, &flush_work->work);
+ spin_unlock_irqrestore(&hr_qp->flush_lock, flags);
}
void flush_cqe(struct hns_roce_dev *dev, struct hns_roce_qp *qp)
@@ -1140,6 +1147,7 @@ static int hns_roce_create_qp_common(struct hns_roce_dev *hr_dev,
struct ib_udata *udata,
struct hns_roce_qp *hr_qp)
{
+ struct hns_roce_work *flush_work = &hr_qp->flush_work;
struct hns_roce_ib_create_qp_resp resp = {};
struct ib_device *ibdev = &hr_dev->ib_dev;
struct hns_roce_ib_create_qp ucmd = {};
@@ -1148,9 +1156,12 @@ static int hns_roce_create_qp_common(struct hns_roce_dev *hr_dev,
mutex_init(&hr_qp->mutex);
spin_lock_init(&hr_qp->sq.lock);
spin_lock_init(&hr_qp->rq.lock);
+ spin_lock_init(&hr_qp->flush_lock);
hr_qp->state = IB_QPS_RESET;
hr_qp->flush_flag = 0;
+ flush_work->hr_dev = hr_dev;
+ INIT_WORK(&flush_work->work, flush_work_handle);
if (init_attr->create_flags)
return -EOPNOTSUPP;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 415/817] RDMA/hns: Modify debugfs name
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (413 preceding siblings ...)
2024-12-03 14:39 ` [PATCH 6.11 414/817] RDMA/hns: Fix flush cqe error when racing with destroy qp Greg Kroah-Hartman
@ 2024-12-03 14:39 ` Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 416/817] RDMA/hns: Use dev_* printings in hem code instead of ibdev_* Greg Kroah-Hartman
` (411 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yuyu Li, Junxian Huang,
Leon Romanovsky, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yuyu Li <liyuyu6@huawei.com>
[ Upstream commit 370a9351bf84afc5a56a3f02ba3805bbfcb53c32 ]
The sub-directory of hns_roce debugfs is named after the device's
kernel name currently, but it will be inconvenient to use when
the device is renamed.
Modify the name to pci name as users can always easily find the
correspondence between an RDMA device and its pci name.
Fixes: eb7854d63db5 ("RDMA/hns: Support SW stats with debugfs")
Signed-off-by: Yuyu Li <liyuyu6@huawei.com>
Signed-off-by: Junxian Huang <huangjunxian6@hisilicon.com>
Link: https://patch.msgid.link/20241024124000.2931869-4-huangjunxian6@hisilicon.com
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/hw/hns/hns_roce_debugfs.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/infiniband/hw/hns/hns_roce_debugfs.c b/drivers/infiniband/hw/hns/hns_roce_debugfs.c
index e8febb40f6450..b869cdc541189 100644
--- a/drivers/infiniband/hw/hns/hns_roce_debugfs.c
+++ b/drivers/infiniband/hw/hns/hns_roce_debugfs.c
@@ -5,6 +5,7 @@
#include <linux/debugfs.h>
#include <linux/device.h>
+#include <linux/pci.h>
#include "hns_roce_device.h"
@@ -86,7 +87,7 @@ void hns_roce_register_debugfs(struct hns_roce_dev *hr_dev)
{
struct hns_roce_dev_debugfs *dbgfs = &hr_dev->dbgfs;
- dbgfs->root = debugfs_create_dir(dev_name(&hr_dev->ib_dev.dev),
+ dbgfs->root = debugfs_create_dir(pci_name(hr_dev->pci_dev),
hns_roce_dbgfs_root);
create_sw_stat_debugfs(hr_dev, dbgfs->root);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 416/817] RDMA/hns: Use dev_* printings in hem code instead of ibdev_*
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (414 preceding siblings ...)
2024-12-03 14:39 ` [PATCH 6.11 415/817] RDMA/hns: Modify debugfs name Greg Kroah-Hartman
@ 2024-12-03 14:39 ` Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 417/817] RDMA/hns: Fix cpu stuck caused by printings during reset Greg Kroah-Hartman
` (410 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Junxian Huang, Leon Romanovsky,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Junxian Huang <huangjunxian6@hisilicon.com>
[ Upstream commit d81fb6511abf18591befaa5f4a972ffc838690ec ]
The hem code is executed before ib_dev is registered, so use dev_*
printing instead of ibdev_* to avoid log like this:
(null): set HEM address to HW failed!
Fixes: 2f49de21f3e9 ("RDMA/hns: Optimize mhop get flow for multi-hop addressing")
Signed-off-by: Junxian Huang <huangjunxian6@hisilicon.com>
Link: https://patch.msgid.link/20241024124000.2931869-5-huangjunxian6@hisilicon.com
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/hw/hns/hns_roce_hem.c | 44 ++++++++++++------------
1 file changed, 22 insertions(+), 22 deletions(-)
diff --git a/drivers/infiniband/hw/hns/hns_roce_hem.c b/drivers/infiniband/hw/hns/hns_roce_hem.c
index c7c167e2a0451..ee5d2c1bb5ca0 100644
--- a/drivers/infiniband/hw/hns/hns_roce_hem.c
+++ b/drivers/infiniband/hw/hns/hns_roce_hem.c
@@ -300,7 +300,7 @@ static int calc_hem_config(struct hns_roce_dev *hr_dev,
struct hns_roce_hem_mhop *mhop,
struct hns_roce_hem_index *index)
{
- struct ib_device *ibdev = &hr_dev->ib_dev;
+ struct device *dev = hr_dev->dev;
unsigned long mhop_obj = obj;
u32 l0_idx, l1_idx, l2_idx;
u32 chunk_ba_num;
@@ -331,14 +331,14 @@ static int calc_hem_config(struct hns_roce_dev *hr_dev,
index->buf = l0_idx;
break;
default:
- ibdev_err(ibdev, "table %u not support mhop.hop_num = %u!\n",
- table->type, mhop->hop_num);
+ dev_err(dev, "table %u not support mhop.hop_num = %u!\n",
+ table->type, mhop->hop_num);
return -EINVAL;
}
if (unlikely(index->buf >= table->num_hem)) {
- ibdev_err(ibdev, "table %u exceed hem limt idx %llu, max %lu!\n",
- table->type, index->buf, table->num_hem);
+ dev_err(dev, "table %u exceed hem limt idx %llu, max %lu!\n",
+ table->type, index->buf, table->num_hem);
return -EINVAL;
}
@@ -448,14 +448,14 @@ static int set_mhop_hem(struct hns_roce_dev *hr_dev,
struct hns_roce_hem_mhop *mhop,
struct hns_roce_hem_index *index)
{
- struct ib_device *ibdev = &hr_dev->ib_dev;
+ struct device *dev = hr_dev->dev;
u32 step_idx;
int ret = 0;
if (index->inited & HEM_INDEX_L0) {
ret = hr_dev->hw->set_hem(hr_dev, table, obj, 0);
if (ret) {
- ibdev_err(ibdev, "set HEM step 0 failed!\n");
+ dev_err(dev, "set HEM step 0 failed!\n");
goto out;
}
}
@@ -463,7 +463,7 @@ static int set_mhop_hem(struct hns_roce_dev *hr_dev,
if (index->inited & HEM_INDEX_L1) {
ret = hr_dev->hw->set_hem(hr_dev, table, obj, 1);
if (ret) {
- ibdev_err(ibdev, "set HEM step 1 failed!\n");
+ dev_err(dev, "set HEM step 1 failed!\n");
goto out;
}
}
@@ -475,7 +475,7 @@ static int set_mhop_hem(struct hns_roce_dev *hr_dev,
step_idx = mhop->hop_num;
ret = hr_dev->hw->set_hem(hr_dev, table, obj, step_idx);
if (ret)
- ibdev_err(ibdev, "set HEM step last failed!\n");
+ dev_err(dev, "set HEM step last failed!\n");
}
out:
return ret;
@@ -485,14 +485,14 @@ static int hns_roce_table_mhop_get(struct hns_roce_dev *hr_dev,
struct hns_roce_hem_table *table,
unsigned long obj)
{
- struct ib_device *ibdev = &hr_dev->ib_dev;
struct hns_roce_hem_index index = {};
struct hns_roce_hem_mhop mhop = {};
+ struct device *dev = hr_dev->dev;
int ret;
ret = calc_hem_config(hr_dev, table, obj, &mhop, &index);
if (ret) {
- ibdev_err(ibdev, "calc hem config failed!\n");
+ dev_err(dev, "calc hem config failed!\n");
return ret;
}
@@ -504,7 +504,7 @@ static int hns_roce_table_mhop_get(struct hns_roce_dev *hr_dev,
ret = alloc_mhop_hem(hr_dev, table, &mhop, &index);
if (ret) {
- ibdev_err(ibdev, "alloc mhop hem failed!\n");
+ dev_err(dev, "alloc mhop hem failed!\n");
goto out;
}
@@ -512,7 +512,7 @@ static int hns_roce_table_mhop_get(struct hns_roce_dev *hr_dev,
if (table->type < HEM_TYPE_MTT) {
ret = set_mhop_hem(hr_dev, table, obj, &mhop, &index);
if (ret) {
- ibdev_err(ibdev, "set HEM address to HW failed!\n");
+ dev_err(dev, "set HEM address to HW failed!\n");
goto err_alloc;
}
}
@@ -575,7 +575,7 @@ static void clear_mhop_hem(struct hns_roce_dev *hr_dev,
struct hns_roce_hem_mhop *mhop,
struct hns_roce_hem_index *index)
{
- struct ib_device *ibdev = &hr_dev->ib_dev;
+ struct device *dev = hr_dev->dev;
u32 hop_num = mhop->hop_num;
u32 chunk_ba_num;
u32 step_idx;
@@ -605,21 +605,21 @@ static void clear_mhop_hem(struct hns_roce_dev *hr_dev,
ret = hr_dev->hw->clear_hem(hr_dev, table, obj, step_idx);
if (ret)
- ibdev_warn(ibdev, "failed to clear hop%u HEM, ret = %d.\n",
- hop_num, ret);
+ dev_warn(dev, "failed to clear hop%u HEM, ret = %d.\n",
+ hop_num, ret);
if (index->inited & HEM_INDEX_L1) {
ret = hr_dev->hw->clear_hem(hr_dev, table, obj, 1);
if (ret)
- ibdev_warn(ibdev, "failed to clear HEM step 1, ret = %d.\n",
- ret);
+ dev_warn(dev, "failed to clear HEM step 1, ret = %d.\n",
+ ret);
}
if (index->inited & HEM_INDEX_L0) {
ret = hr_dev->hw->clear_hem(hr_dev, table, obj, 0);
if (ret)
- ibdev_warn(ibdev, "failed to clear HEM step 0, ret = %d.\n",
- ret);
+ dev_warn(dev, "failed to clear HEM step 0, ret = %d.\n",
+ ret);
}
}
}
@@ -629,14 +629,14 @@ static void hns_roce_table_mhop_put(struct hns_roce_dev *hr_dev,
unsigned long obj,
int check_refcount)
{
- struct ib_device *ibdev = &hr_dev->ib_dev;
struct hns_roce_hem_index index = {};
struct hns_roce_hem_mhop mhop = {};
+ struct device *dev = hr_dev->dev;
int ret;
ret = calc_hem_config(hr_dev, table, obj, &mhop, &index);
if (ret) {
- ibdev_err(ibdev, "calc hem config failed!\n");
+ dev_err(dev, "calc hem config failed!\n");
return;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 417/817] RDMA/hns: Fix cpu stuck caused by printings during reset
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (415 preceding siblings ...)
2024-12-03 14:39 ` [PATCH 6.11 416/817] RDMA/hns: Use dev_* printings in hem code instead of ibdev_* Greg Kroah-Hartman
@ 2024-12-03 14:39 ` Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 418/817] RDMA/rxe: Fix the qp flush warnings in req Greg Kroah-Hartman
` (409 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, wenglianfa, Junxian Huang,
Leon Romanovsky, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: wenglianfa <wenglianfa@huawei.com>
[ Upstream commit 323275ac2ff15b2b7b3eac391ae5d8c5a3c3a999 ]
During reset, cmd to destroy resources such as qp, cq, and mr may fail,
and error logs will be printed. When a large number of resources are
destroyed, there will be lots of printings, and it may lead to a cpu
stuck.
Delete some unnecessary printings and replace other printing functions
in these paths with the ratelimited version.
Fixes: 9a4435375cd1 ("IB/hns: Add driver files for hns RoCE driver")
Fixes: c7bcb13442e1 ("RDMA/hns: Add SRQ support for hip08 kernel mode")
Fixes: 70f92521584f ("RDMA/hns: Use the reserved loopback QPs to free MR before destroying MPT")
Fixes: 926a01dc000d ("RDMA/hns: Add QP operations support for hip08 SoC")
Signed-off-by: wenglianfa <wenglianfa@huawei.com>
Signed-off-by: Junxian Huang <huangjunxian6@hisilicon.com>
Link: https://patch.msgid.link/20241024124000.2931869-6-huangjunxian6@hisilicon.com
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/hw/hns/hns_roce_cq.c | 4 +-
drivers/infiniband/hw/hns/hns_roce_hem.c | 4 +-
drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 73 ++++++++++------------
drivers/infiniband/hw/hns/hns_roce_mr.c | 4 +-
drivers/infiniband/hw/hns/hns_roce_srq.c | 4 +-
5 files changed, 41 insertions(+), 48 deletions(-)
diff --git a/drivers/infiniband/hw/hns/hns_roce_cq.c b/drivers/infiniband/hw/hns/hns_roce_cq.c
index 4ec66611a1434..4106423a1b399 100644
--- a/drivers/infiniband/hw/hns/hns_roce_cq.c
+++ b/drivers/infiniband/hw/hns/hns_roce_cq.c
@@ -179,8 +179,8 @@ static void free_cqc(struct hns_roce_dev *hr_dev, struct hns_roce_cq *hr_cq)
ret = hns_roce_destroy_hw_ctx(hr_dev, HNS_ROCE_CMD_DESTROY_CQC,
hr_cq->cqn);
if (ret)
- dev_err(dev, "DESTROY_CQ failed (%d) for CQN %06lx\n", ret,
- hr_cq->cqn);
+ dev_err_ratelimited(dev, "DESTROY_CQ failed (%d) for CQN %06lx\n",
+ ret, hr_cq->cqn);
xa_erase_irq(&cq_table->array, hr_cq->cqn);
diff --git a/drivers/infiniband/hw/hns/hns_roce_hem.c b/drivers/infiniband/hw/hns/hns_roce_hem.c
index ee5d2c1bb5ca0..f84521be3bea4 100644
--- a/drivers/infiniband/hw/hns/hns_roce_hem.c
+++ b/drivers/infiniband/hw/hns/hns_roce_hem.c
@@ -672,8 +672,8 @@ void hns_roce_table_put(struct hns_roce_dev *hr_dev,
ret = hr_dev->hw->clear_hem(hr_dev, table, obj, HEM_HOP_STEP_DIRECT);
if (ret)
- dev_warn(dev, "failed to clear HEM base address, ret = %d.\n",
- ret);
+ dev_warn_ratelimited(dev, "failed to clear HEM base address, ret = %d.\n",
+ ret);
hns_roce_free_hem(hr_dev, table->hem[i]);
table->hem[i] = NULL;
diff --git a/drivers/infiniband/hw/hns/hns_roce_hw_v2.c b/drivers/infiniband/hw/hns/hns_roce_hw_v2.c
index 4c3bc1f6a183c..d1c075fb0ad89 100644
--- a/drivers/infiniband/hw/hns/hns_roce_hw_v2.c
+++ b/drivers/infiniband/hw/hns/hns_roce_hw_v2.c
@@ -373,19 +373,12 @@ static int set_rwqe_data_seg(struct ib_qp *ibqp, const struct ib_send_wr *wr,
static int check_send_valid(struct hns_roce_dev *hr_dev,
struct hns_roce_qp *hr_qp)
{
- struct ib_device *ibdev = &hr_dev->ib_dev;
-
if (unlikely(hr_qp->state == IB_QPS_RESET ||
hr_qp->state == IB_QPS_INIT ||
- hr_qp->state == IB_QPS_RTR)) {
- ibdev_err(ibdev, "failed to post WQE, QP state %u!\n",
- hr_qp->state);
+ hr_qp->state == IB_QPS_RTR))
return -EINVAL;
- } else if (unlikely(hr_dev->state >= HNS_ROCE_DEVICE_STATE_RST_DOWN)) {
- ibdev_err(ibdev, "failed to post WQE, dev state %d!\n",
- hr_dev->state);
+ else if (unlikely(hr_dev->state >= HNS_ROCE_DEVICE_STATE_RST_DOWN))
return -EIO;
- }
return 0;
}
@@ -2775,8 +2768,8 @@ static int free_mr_modify_rsv_qp(struct hns_roce_dev *hr_dev,
ret = hr_dev->hw->modify_qp(&hr_qp->ibqp, attr, mask, IB_QPS_INIT,
IB_QPS_INIT, NULL);
if (ret) {
- ibdev_err(ibdev, "failed to modify qp to init, ret = %d.\n",
- ret);
+ ibdev_err_ratelimited(ibdev, "failed to modify qp to init, ret = %d.\n",
+ ret);
return ret;
}
@@ -3421,8 +3414,8 @@ static int free_mr_post_send_lp_wqe(struct hns_roce_qp *hr_qp)
ret = hns_roce_v2_post_send(&hr_qp->ibqp, send_wr, &bad_wr);
if (ret) {
- ibdev_err(ibdev, "failed to post wqe for free mr, ret = %d.\n",
- ret);
+ ibdev_err_ratelimited(ibdev, "failed to post wqe for free mr, ret = %d.\n",
+ ret);
return ret;
}
@@ -3461,9 +3454,9 @@ static void free_mr_send_cmd_to_hw(struct hns_roce_dev *hr_dev)
ret = free_mr_post_send_lp_wqe(hr_qp);
if (ret) {
- ibdev_err(ibdev,
- "failed to send wqe (qp:0x%lx) for free mr, ret = %d.\n",
- hr_qp->qpn, ret);
+ ibdev_err_ratelimited(ibdev,
+ "failed to send wqe (qp:0x%lx) for free mr, ret = %d.\n",
+ hr_qp->qpn, ret);
break;
}
@@ -3474,16 +3467,16 @@ static void free_mr_send_cmd_to_hw(struct hns_roce_dev *hr_dev)
while (cqe_cnt) {
npolled = hns_roce_v2_poll_cq(&free_mr->rsv_cq->ib_cq, cqe_cnt, wc);
if (npolled < 0) {
- ibdev_err(ibdev,
- "failed to poll cqe for free mr, remain %d cqe.\n",
- cqe_cnt);
+ ibdev_err_ratelimited(ibdev,
+ "failed to poll cqe for free mr, remain %d cqe.\n",
+ cqe_cnt);
goto out;
}
if (time_after(jiffies, end)) {
- ibdev_err(ibdev,
- "failed to poll cqe for free mr and timeout, remain %d cqe.\n",
- cqe_cnt);
+ ibdev_err_ratelimited(ibdev,
+ "failed to poll cqe for free mr and timeout, remain %d cqe.\n",
+ cqe_cnt);
goto out;
}
cqe_cnt -= npolled;
@@ -5061,10 +5054,8 @@ static int hns_roce_v2_set_abs_fields(struct ib_qp *ibqp,
struct hns_roce_dev *hr_dev = to_hr_dev(ibqp->device);
int ret = 0;
- if (!check_qp_state(cur_state, new_state)) {
- ibdev_err(&hr_dev->ib_dev, "Illegal state for QP!\n");
+ if (!check_qp_state(cur_state, new_state))
return -EINVAL;
- }
if (cur_state == IB_QPS_RESET && new_state == IB_QPS_INIT) {
memset(qpc_mask, 0, hr_dev->caps.qpc_sz);
@@ -5325,7 +5316,7 @@ static int hns_roce_v2_modify_qp(struct ib_qp *ibqp,
/* SW pass context to HW */
ret = hns_roce_v2_qp_modify(hr_dev, context, qpc_mask, hr_qp);
if (ret) {
- ibdev_err(ibdev, "failed to modify QP, ret = %d.\n", ret);
+ ibdev_err_ratelimited(ibdev, "failed to modify QP, ret = %d.\n", ret);
goto out;
}
@@ -5463,7 +5454,9 @@ static int hns_roce_v2_query_qp(struct ib_qp *ibqp, struct ib_qp_attr *qp_attr,
ret = hns_roce_v2_query_qpc(hr_dev, hr_qp->qpn, &context);
if (ret) {
- ibdev_err(ibdev, "failed to query QPC, ret = %d.\n", ret);
+ ibdev_err_ratelimited(ibdev,
+ "failed to query QPC, ret = %d.\n",
+ ret);
ret = -EINVAL;
goto out;
}
@@ -5471,7 +5464,7 @@ static int hns_roce_v2_query_qp(struct ib_qp *ibqp, struct ib_qp_attr *qp_attr,
state = hr_reg_read(&context, QPC_QP_ST);
tmp_qp_state = to_ib_qp_st((enum hns_roce_v2_qp_state)state);
if (tmp_qp_state == -1) {
- ibdev_err(ibdev, "Illegal ib_qp_state\n");
+ ibdev_err_ratelimited(ibdev, "Illegal ib_qp_state\n");
ret = -EINVAL;
goto out;
}
@@ -5564,9 +5557,9 @@ static int hns_roce_v2_destroy_qp_common(struct hns_roce_dev *hr_dev,
ret = hns_roce_v2_modify_qp(&hr_qp->ibqp, NULL, 0,
hr_qp->state, IB_QPS_RESET, udata);
if (ret)
- ibdev_err(ibdev,
- "failed to modify QP to RST, ret = %d.\n",
- ret);
+ ibdev_err_ratelimited(ibdev,
+ "failed to modify QP to RST, ret = %d.\n",
+ ret);
}
send_cq = hr_qp->ibqp.send_cq ? to_hr_cq(hr_qp->ibqp.send_cq) : NULL;
@@ -5609,9 +5602,9 @@ int hns_roce_v2_destroy_qp(struct ib_qp *ibqp, struct ib_udata *udata)
ret = hns_roce_v2_destroy_qp_common(hr_dev, hr_qp, udata);
if (ret)
- ibdev_err(&hr_dev->ib_dev,
- "failed to destroy QP, QPN = 0x%06lx, ret = %d.\n",
- hr_qp->qpn, ret);
+ ibdev_err_ratelimited(&hr_dev->ib_dev,
+ "failed to destroy QP, QPN = 0x%06lx, ret = %d.\n",
+ hr_qp->qpn, ret);
hns_roce_qp_destroy(hr_dev, hr_qp, udata);
@@ -5905,9 +5898,9 @@ static int hns_roce_v2_modify_cq(struct ib_cq *cq, u16 cq_count, u16 cq_period)
HNS_ROCE_CMD_MODIFY_CQC, hr_cq->cqn);
hns_roce_free_cmd_mailbox(hr_dev, mailbox);
if (ret)
- ibdev_err(&hr_dev->ib_dev,
- "failed to process cmd when modifying CQ, ret = %d.\n",
- ret);
+ ibdev_err_ratelimited(&hr_dev->ib_dev,
+ "failed to process cmd when modifying CQ, ret = %d.\n",
+ ret);
err_out:
if (ret)
@@ -5931,9 +5924,9 @@ static int hns_roce_v2_query_cqc(struct hns_roce_dev *hr_dev, u32 cqn,
ret = hns_roce_cmd_mbox(hr_dev, 0, mailbox->dma,
HNS_ROCE_CMD_QUERY_CQC, cqn);
if (ret) {
- ibdev_err(&hr_dev->ib_dev,
- "failed to process cmd when querying CQ, ret = %d.\n",
- ret);
+ ibdev_err_ratelimited(&hr_dev->ib_dev,
+ "failed to process cmd when querying CQ, ret = %d.\n",
+ ret);
goto err_mailbox;
}
diff --git a/drivers/infiniband/hw/hns/hns_roce_mr.c b/drivers/infiniband/hw/hns/hns_roce_mr.c
index 846da8c78b8b7..b3f4327d0e64a 100644
--- a/drivers/infiniband/hw/hns/hns_roce_mr.c
+++ b/drivers/infiniband/hw/hns/hns_roce_mr.c
@@ -138,8 +138,8 @@ static void hns_roce_mr_free(struct hns_roce_dev *hr_dev, struct hns_roce_mr *mr
key_to_hw_index(mr->key) &
(hr_dev->caps.num_mtpts - 1));
if (ret)
- ibdev_warn(ibdev, "failed to destroy mpt, ret = %d.\n",
- ret);
+ ibdev_warn_ratelimited(ibdev, "failed to destroy mpt, ret = %d.\n",
+ ret);
}
free_mr_pbl(hr_dev, mr);
diff --git a/drivers/infiniband/hw/hns/hns_roce_srq.c b/drivers/infiniband/hw/hns/hns_roce_srq.c
index c9b8233f4b057..70c06ef65603d 100644
--- a/drivers/infiniband/hw/hns/hns_roce_srq.c
+++ b/drivers/infiniband/hw/hns/hns_roce_srq.c
@@ -151,8 +151,8 @@ static void free_srqc(struct hns_roce_dev *hr_dev, struct hns_roce_srq *srq)
ret = hns_roce_destroy_hw_ctx(hr_dev, HNS_ROCE_CMD_DESTROY_SRQ,
srq->srqn);
if (ret)
- dev_err(hr_dev->dev, "DESTROY_SRQ failed (%d) for SRQN %06lx\n",
- ret, srq->srqn);
+ dev_err_ratelimited(hr_dev->dev, "DESTROY_SRQ failed (%d) for SRQN %06lx\n",
+ ret, srq->srqn);
xa_erase_irq(&srq_table->xa, srq->srqn);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 418/817] RDMA/rxe: Fix the qp flush warnings in req
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (416 preceding siblings ...)
2024-12-03 14:39 ` [PATCH 6.11 417/817] RDMA/hns: Fix cpu stuck caused by printings during reset Greg Kroah-Hartman
@ 2024-12-03 14:39 ` Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 419/817] RDMA/bnxt_re: Check cqe flags to know imm_data vs inv_irkey Greg Kroah-Hartman
` (408 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhu Yanjun, Leon Romanovsky,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zhu Yanjun <yanjun.zhu@linux.dev>
[ Upstream commit ea4c990fa9e19ffef0648e40c566b94ba5ab31be ]
When the qp is in error state, the status of WQEs in the queue should be
set to error. Or else the following will appear.
[ 920.617269] WARNING: CPU: 1 PID: 21 at drivers/infiniband/sw/rxe/rxe_comp.c:756 rxe_completer+0x989/0xcc0 [rdma_rxe]
[ 920.617744] Modules linked in: rnbd_client(O) rtrs_client(O) rtrs_core(O) rdma_ucm rdma_cm iw_cm ib_cm crc32_generic rdma_rxe ip6_udp_tunnel udp_tunnel ib_uverbs ib_core loop brd null_blk ipv6
[ 920.618516] CPU: 1 PID: 21 Comm: ksoftirqd/1 Tainted: G O 6.1.113-storage+ #65
[ 920.618986] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
[ 920.619396] RIP: 0010:rxe_completer+0x989/0xcc0 [rdma_rxe]
[ 920.619658] Code: 0f b6 84 24 3a 02 00 00 41 89 84 24 44 04 00 00 e9 2a f7 ff ff 39 ca bb 03 00 00 00 b8 0e 00 00 00 48 0f 45 d8 e9 15 f7 ff ff <0f> 0b e9 cb f8 ff ff 41 bf f5 ff ff ff e9 08 f8 ff ff 49 8d bc 24
[ 920.620482] RSP: 0018:ffff97b7c00bbc38 EFLAGS: 00010246
[ 920.620817] RAX: 0000000000000000 RBX: 000000000000000c RCX: 0000000000000008
[ 920.621183] RDX: ffff960dc396ebc0 RSI: 0000000000005400 RDI: ffff960dc4e2fbac
[ 920.621548] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffffffac406450
[ 920.621884] R10: ffffffffac4060c0 R11: 0000000000000001 R12: ffff960dc4e2f800
[ 920.622254] R13: ffff960dc4e2f928 R14: ffff97b7c029c580 R15: 0000000000000000
[ 920.622609] FS: 0000000000000000(0000) GS:ffff960ef7d00000(0000) knlGS:0000000000000000
[ 920.622979] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 920.623245] CR2: 00007fa056965e90 CR3: 00000001107f1000 CR4: 00000000000006e0
[ 920.623680] Call Trace:
[ 920.623815] <TASK>
[ 920.623933] ? __warn+0x79/0xc0
[ 920.624116] ? rxe_completer+0x989/0xcc0 [rdma_rxe]
[ 920.624356] ? report_bug+0xfb/0x150
[ 920.624594] ? handle_bug+0x3c/0x60
[ 920.624796] ? exc_invalid_op+0x14/0x70
[ 920.624976] ? asm_exc_invalid_op+0x16/0x20
[ 920.625203] ? rxe_completer+0x989/0xcc0 [rdma_rxe]
[ 920.625474] ? rxe_completer+0x329/0xcc0 [rdma_rxe]
[ 920.625749] rxe_do_task+0x80/0x110 [rdma_rxe]
[ 920.626037] rxe_requester+0x625/0xde0 [rdma_rxe]
[ 920.626310] ? rxe_cq_post+0xe2/0x180 [rdma_rxe]
[ 920.626583] ? do_complete+0x18d/0x220 [rdma_rxe]
[ 920.626812] ? rxe_completer+0x1a3/0xcc0 [rdma_rxe]
[ 920.627050] rxe_do_task+0x80/0x110 [rdma_rxe]
[ 920.627285] tasklet_action_common.constprop.0+0xa4/0x120
[ 920.627522] handle_softirqs+0xc2/0x250
[ 920.627728] ? sort_range+0x20/0x20
[ 920.627942] run_ksoftirqd+0x1f/0x30
[ 920.628158] smpboot_thread_fn+0xc7/0x1b0
[ 920.628334] kthread+0xd6/0x100
[ 920.628504] ? kthread_complete_and_exit+0x20/0x20
[ 920.628709] ret_from_fork+0x1f/0x30
[ 920.628892] </TASK>
Fixes: ae720bdb703b ("RDMA/rxe: Generate error completion for error requester QP state")
Signed-off-by: Zhu Yanjun <yanjun.zhu@linux.dev>
Link: https://patch.msgid.link/20241025152036.121417-1-yanjun.zhu@linux.dev
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/sw/rxe/rxe_req.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/infiniband/sw/rxe/rxe_req.c b/drivers/infiniband/sw/rxe/rxe_req.c
index 479c07e6e4ed3..87a02f0deb000 100644
--- a/drivers/infiniband/sw/rxe/rxe_req.c
+++ b/drivers/infiniband/sw/rxe/rxe_req.c
@@ -663,10 +663,12 @@ int rxe_requester(struct rxe_qp *qp)
if (unlikely(qp_state(qp) == IB_QPS_ERR)) {
wqe = __req_next_wqe(qp);
spin_unlock_irqrestore(&qp->state_lock, flags);
- if (wqe)
+ if (wqe) {
+ wqe->status = IB_WC_WR_FLUSH_ERR;
goto err;
- else
+ } else {
goto exit;
+ }
}
if (unlikely(qp_state(qp) == IB_QPS_RESET)) {
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 419/817] RDMA/bnxt_re: Check cqe flags to know imm_data vs inv_irkey
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (417 preceding siblings ...)
2024-12-03 14:39 ` [PATCH 6.11 418/817] RDMA/rxe: Fix the qp flush warnings in req Greg Kroah-Hartman
@ 2024-12-03 14:39 ` Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 420/817] clk: sunxi-ng: d1: Fix PLL_AUDIO0 preset Greg Kroah-Hartman
` (407 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Kashyap Desai, Selvin Xavier,
Leon Romanovsky, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kashyap Desai <kashyap.desai@broadcom.com>
[ Upstream commit 808ca6de989c598bc5af1ae0ad971a66077efac0 ]
Invalidate rkey is cpu endian and immediate data is in big endian format.
Both immediate data and invalidate the remote key returned by
HW is in little endian format.
While handling the commit in fixes tag, the difference between
immediate data and invalidate rkey endianness was not considered.
Without changes of this patch, Kernel ULP was failing while processing
inv_rkey.
dmesg log snippet -
nvme nvme0: Bogus remote invalidation for rkey 0x2000019Fix in this patch
Do endianness conversion based on completion queue entry flag.
Also, the HW completions are already converted to host endianness in
bnxt_qplib_cq_process_res_rc and bnxt_qplib_cq_process_res_ud and there
is no need to convert it again in bnxt_re_poll_cq. Modified the union to
hold the correct data type.
Fixes: 95b087f87b78 ("bnxt_re: Fix imm_data endianness")
Signed-off-by: Kashyap Desai <kashyap.desai@broadcom.com>
Signed-off-by: Selvin Xavier <selvin.xavier@broadcom.com>
Link: https://patch.msgid.link/1730110014-20755-1-git-send-email-selvin.xavier@broadcom.com
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/hw/bnxt_re/ib_verbs.c | 7 +++++--
drivers/infiniband/hw/bnxt_re/qplib_fp.h | 2 +-
2 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/drivers/infiniband/hw/bnxt_re/ib_verbs.c b/drivers/infiniband/hw/bnxt_re/ib_verbs.c
index 982e85ba211bc..1ec7c563a5e59 100644
--- a/drivers/infiniband/hw/bnxt_re/ib_verbs.c
+++ b/drivers/infiniband/hw/bnxt_re/ib_verbs.c
@@ -3584,7 +3584,7 @@ static void bnxt_re_process_res_shadow_qp_wc(struct bnxt_re_qp *gsi_sqp,
wc->byte_len = orig_cqe->length;
wc->qp = &gsi_qp->ib_qp;
- wc->ex.imm_data = cpu_to_be32(le32_to_cpu(orig_cqe->immdata));
+ wc->ex.imm_data = cpu_to_be32(orig_cqe->immdata);
wc->src_qp = orig_cqe->src_qp;
memcpy(wc->smac, orig_cqe->smac, ETH_ALEN);
if (bnxt_re_is_vlan_pkt(orig_cqe, &vlan_id, &sl)) {
@@ -3729,7 +3729,10 @@ int bnxt_re_poll_cq(struct ib_cq *ib_cq, int num_entries, struct ib_wc *wc)
(unsigned long)(cqe->qp_handle),
struct bnxt_re_qp, qplib_qp);
wc->qp = &qp->ib_qp;
- wc->ex.imm_data = cpu_to_be32(le32_to_cpu(cqe->immdata));
+ if (cqe->flags & CQ_RES_RC_FLAGS_IMM)
+ wc->ex.imm_data = cpu_to_be32(cqe->immdata);
+ else
+ wc->ex.invalidate_rkey = cqe->invrkey;
wc->src_qp = cqe->src_qp;
memcpy(wc->smac, cqe->smac, ETH_ALEN);
wc->port_num = 1;
diff --git a/drivers/infiniband/hw/bnxt_re/qplib_fp.h b/drivers/infiniband/hw/bnxt_re/qplib_fp.h
index 389862df818d9..010b07e87acb8 100644
--- a/drivers/infiniband/hw/bnxt_re/qplib_fp.h
+++ b/drivers/infiniband/hw/bnxt_re/qplib_fp.h
@@ -390,7 +390,7 @@ struct bnxt_qplib_cqe {
u16 cfa_meta;
u64 wr_id;
union {
- __le32 immdata;
+ u32 immdata;
u32 invrkey;
};
u64 qp_handle;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 420/817] clk: sunxi-ng: d1: Fix PLL_AUDIO0 preset
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (418 preceding siblings ...)
2024-12-03 14:39 ` [PATCH 6.11 419/817] RDMA/bnxt_re: Check cqe flags to know imm_data vs inv_irkey Greg Kroah-Hartman
@ 2024-12-03 14:39 ` Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 421/817] clk: renesas: rzg2l: Fix FOUTPOSTDIV clk Greg Kroah-Hartman
` (406 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Andre Przywara, Chen-Yu Tsai,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andre Przywara <andre.przywara@arm.com>
[ Upstream commit e0f253a52ccee3cf3eb987e99756e20c68a1aac9 ]
To work around a limitation in our clock modelling, we try to force two
bits in the AUDIO0 PLL to 0, in the CCU probe routine.
However the ~ operator only applies to the first expression, and does
not cover the second bit, so we end up clearing only bit 1.
Group the bit-ORing with parentheses, to make it both clearer to read
and actually correct.
Fixes: 35b97bb94111 ("clk: sunxi-ng: Add support for the D1 SoC clocks")
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Link: https://patch.msgid.link/20241001105016.1068558-1-andre.przywara@arm.com
Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/sunxi-ng/ccu-sun20i-d1.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/clk/sunxi-ng/ccu-sun20i-d1.c b/drivers/clk/sunxi-ng/ccu-sun20i-d1.c
index 9b5cfac2ee70c..3f095515f54f9 100644
--- a/drivers/clk/sunxi-ng/ccu-sun20i-d1.c
+++ b/drivers/clk/sunxi-ng/ccu-sun20i-d1.c
@@ -1371,7 +1371,7 @@ static int sun20i_d1_ccu_probe(struct platform_device *pdev)
/* Enforce m1 = 0, m0 = 0 for PLL_AUDIO0 */
val = readl(reg + SUN20I_D1_PLL_AUDIO0_REG);
- val &= ~BIT(1) | BIT(0);
+ val &= ~(BIT(1) | BIT(0));
writel(val, reg + SUN20I_D1_PLL_AUDIO0_REG);
/* Force fanout-27M factor N to 0. */
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 421/817] clk: renesas: rzg2l: Fix FOUTPOSTDIV clk
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (419 preceding siblings ...)
2024-12-03 14:39 ` [PATCH 6.11 420/817] clk: sunxi-ng: d1: Fix PLL_AUDIO0 preset Greg Kroah-Hartman
@ 2024-12-03 14:39 ` Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 422/817] RDMA/rxe: Set queue pair cur_qp_state when being queried Greg Kroah-Hartman
` (405 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Hien Huynh, Biju Das,
Geert Uytterhoeven, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Biju Das <biju.das.jz@bp.renesas.com>
[ Upstream commit dabf72b85f298970e86891b5218459c17b57b26a ]
While computing foutpostdiv_rate, the value of params->pl5_fracin
is discarded, which results in the wrong refresh rate. Fix the formula
for computing foutpostdiv_rate.
Fixes: 1561380ee72f ("clk: renesas: rzg2l: Add FOUTPOSTDIV clk support")
Signed-off-by: Hien Huynh <hien.huynh.px@renesas.com>
Signed-off-by: Biju Das <biju.das.jz@bp.renesas.com>
Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
Link: https://lore.kernel.org/20241024134236.315289-1-biju.das.jz@bp.renesas.com
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/renesas/rzg2l-cpg.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/drivers/clk/renesas/rzg2l-cpg.c b/drivers/clk/renesas/rzg2l-cpg.c
index 04b78064d4e01..640ab2cc28cfa 100644
--- a/drivers/clk/renesas/rzg2l-cpg.c
+++ b/drivers/clk/renesas/rzg2l-cpg.c
@@ -552,7 +552,7 @@ static unsigned long
rzg2l_cpg_get_foutpostdiv_rate(struct rzg2l_pll5_param *params,
unsigned long rate)
{
- unsigned long foutpostdiv_rate;
+ unsigned long foutpostdiv_rate, foutvco_rate;
params->pl5_intin = rate / MEGA;
params->pl5_fracin = div_u64(((u64)rate % MEGA) << 24, MEGA);
@@ -561,10 +561,11 @@ rzg2l_cpg_get_foutpostdiv_rate(struct rzg2l_pll5_param *params,
params->pl5_postdiv2 = 1;
params->pl5_spread = 0x16;
- foutpostdiv_rate =
- EXTAL_FREQ_IN_MEGA_HZ * MEGA / params->pl5_refdiv *
- ((((params->pl5_intin << 24) + params->pl5_fracin)) >> 24) /
- (params->pl5_postdiv1 * params->pl5_postdiv2);
+ foutvco_rate = div_u64(mul_u32_u32(EXTAL_FREQ_IN_MEGA_HZ * MEGA,
+ (params->pl5_intin << 24) + params->pl5_fracin),
+ params->pl5_refdiv) >> 24;
+ foutpostdiv_rate = DIV_ROUND_CLOSEST_ULL(foutvco_rate,
+ params->pl5_postdiv1 * params->pl5_postdiv2);
return foutpostdiv_rate;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 422/817] RDMA/rxe: Set queue pair cur_qp_state when being queried
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (420 preceding siblings ...)
2024-12-03 14:39 ` [PATCH 6.11 421/817] clk: renesas: rzg2l: Fix FOUTPOSTDIV clk Greg Kroah-Hartman
@ 2024-12-03 14:39 ` Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 423/817] RISC-V: KVM: Fix APLIC in_clrip and clripnum write emulation Greg Kroah-Hartman
` (404 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Liu Jian, Zhu Yanjun,
Leon Romanovsky, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Liu Jian <liujian56@huawei.com>
[ Upstream commit 775e6d3c8fda41083b16c26d05163fd69f029a62 ]
Same with commit e375b9c92985 ("RDMA/cxgb4: Set queue pair state when
being queried"). The API for ib_query_qp requires the driver to set
cur_qp_state on return, add the missing set.
Fixes: 8700e3e7c485 ("Soft RoCE driver")
Signed-off-by: Liu Jian <liujian56@huawei.com>
Link: https://patch.msgid.link/20241031092019.2138467-1-liujian56@huawei.com
Reviewed-by: Zhu Yanjun <yanjun.zhu@linux.dev>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/sw/rxe/rxe_qp.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/infiniband/sw/rxe/rxe_qp.c b/drivers/infiniband/sw/rxe/rxe_qp.c
index d2f7b5195c19d..91d329e903083 100644
--- a/drivers/infiniband/sw/rxe/rxe_qp.c
+++ b/drivers/infiniband/sw/rxe/rxe_qp.c
@@ -775,6 +775,7 @@ int rxe_qp_to_attr(struct rxe_qp *qp, struct ib_qp_attr *attr, int mask)
* Yield the processor
*/
spin_lock_irqsave(&qp->state_lock, flags);
+ attr->cur_qp_state = qp_state(qp);
if (qp->attr.sq_draining) {
spin_unlock_irqrestore(&qp->state_lock, flags);
cond_resched();
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 423/817] RISC-V: KVM: Fix APLIC in_clrip and clripnum write emulation
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (421 preceding siblings ...)
2024-12-03 14:39 ` [PATCH 6.11 422/817] RDMA/rxe: Set queue pair cur_qp_state when being queried Greg Kroah-Hartman
@ 2024-12-03 14:39 ` Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 424/817] riscv: kvm: Fix out-of-bounds array access Greg Kroah-Hartman
` (403 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yong-Xuan Wang, Vincent Chen,
Anup Patel, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yong-Xuan Wang <yongxuan.wang@sifive.com>
[ Upstream commit 60821fb4dd7345e5662094accf0a52845306de8c ]
In the section "4.7 Precise effects on interrupt-pending bits"
of the RISC-V AIA specification defines that:
"If the source mode is Level1 or Level0 and the interrupt domain
is configured in MSI delivery mode (domaincfg.DM = 1):
The pending bit is cleared whenever the rectified input value is
low, when the interrupt is forwarded by MSI, or by a relevant
write to an in_clrip register or to clripnum."
Update the aplic_write_pending() to match the spec.
Fixes: d8dd9f113e16 ("RISC-V: KVM: Fix APLIC setipnum_le/be write emulation")
Signed-off-by: Yong-Xuan Wang <yongxuan.wang@sifive.com>
Reviewed-by: Vincent Chen <vincent.chen@sifive.com>
Reviewed-by: Anup Patel <anup@brainfault.org>
Link: https://lore.kernel.org/r/20241029085542.30541-1-yongxuan.wang@sifive.com
Signed-off-by: Anup Patel <anup@brainfault.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/riscv/kvm/aia_aplic.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/riscv/kvm/aia_aplic.c b/arch/riscv/kvm/aia_aplic.c
index da6ff1bade0df..f59d1c0c8c43a 100644
--- a/arch/riscv/kvm/aia_aplic.c
+++ b/arch/riscv/kvm/aia_aplic.c
@@ -143,7 +143,7 @@ static void aplic_write_pending(struct aplic *aplic, u32 irq, bool pending)
if (sm == APLIC_SOURCECFG_SM_LEVEL_HIGH ||
sm == APLIC_SOURCECFG_SM_LEVEL_LOW) {
if (!pending)
- goto skip_write_pending;
+ goto noskip_write_pending;
if ((irqd->state & APLIC_IRQ_STATE_INPUT) &&
sm == APLIC_SOURCECFG_SM_LEVEL_LOW)
goto skip_write_pending;
@@ -152,6 +152,7 @@ static void aplic_write_pending(struct aplic *aplic, u32 irq, bool pending)
goto skip_write_pending;
}
+noskip_write_pending:
if (pending)
irqd->state |= APLIC_IRQ_STATE_PENDING;
else
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 424/817] riscv: kvm: Fix out-of-bounds array access
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (422 preceding siblings ...)
2024-12-03 14:39 ` [PATCH 6.11 423/817] RISC-V: KVM: Fix APLIC in_clrip and clripnum write emulation Greg Kroah-Hartman
@ 2024-12-03 14:39 ` Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 425/817] clk: imx: lpcg-scu: SW workaround for errata (e10858) Greg Kroah-Hartman
` (402 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Björn Töpel, Anup Patel,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Björn Töpel <bjorn@rivosinc.com>
[ Upstream commit 332fa4a802b16ccb727199da685294f85f9880cb ]
In kvm_riscv_vcpu_sbi_init() the entry->ext_idx can contain an
out-of-bound index. This is used as a special marker for the base
extensions, that cannot be disabled. However, when traversing the
extensions, that special marker is not checked prior indexing the
array.
Add an out-of-bounds check to the function.
Fixes: 56d8a385b605 ("RISC-V: KVM: Allow some SBI extensions to be disabled by default")
Signed-off-by: Björn Töpel <bjorn@rivosinc.com>
Reviewed-by: Anup Patel <anup@brainfault.org>
Link: https://lore.kernel.org/r/20241104191503.74725-1-bjorn@kernel.org
Signed-off-by: Anup Patel <anup@brainfault.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/riscv/kvm/vcpu_sbi.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/arch/riscv/kvm/vcpu_sbi.c b/arch/riscv/kvm/vcpu_sbi.c
index 7de128be8db9b..6e704ed86a83a 100644
--- a/arch/riscv/kvm/vcpu_sbi.c
+++ b/arch/riscv/kvm/vcpu_sbi.c
@@ -486,19 +486,22 @@ void kvm_riscv_vcpu_sbi_init(struct kvm_vcpu *vcpu)
struct kvm_vcpu_sbi_context *scontext = &vcpu->arch.sbi_context;
const struct kvm_riscv_sbi_extension_entry *entry;
const struct kvm_vcpu_sbi_extension *ext;
- int i;
+ int idx, i;
for (i = 0; i < ARRAY_SIZE(sbi_ext); i++) {
entry = &sbi_ext[i];
ext = entry->ext_ptr;
+ idx = entry->ext_idx;
+
+ if (idx < 0 || idx >= ARRAY_SIZE(scontext->ext_status))
+ continue;
if (ext->probe && !ext->probe(vcpu)) {
- scontext->ext_status[entry->ext_idx] =
- KVM_RISCV_SBI_EXT_STATUS_UNAVAILABLE;
+ scontext->ext_status[idx] = KVM_RISCV_SBI_EXT_STATUS_UNAVAILABLE;
continue;
}
- scontext->ext_status[entry->ext_idx] = ext->default_disabled ?
+ scontext->ext_status[idx] = ext->default_disabled ?
KVM_RISCV_SBI_EXT_STATUS_DISABLED :
KVM_RISCV_SBI_EXT_STATUS_ENABLED;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 425/817] clk: imx: lpcg-scu: SW workaround for errata (e10858)
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (423 preceding siblings ...)
2024-12-03 14:39 ` [PATCH 6.11 424/817] riscv: kvm: Fix out-of-bounds array access Greg Kroah-Hartman
@ 2024-12-03 14:39 ` Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 426/817] clk: imx: fracn-gppll: correct PLL initialization flow Greg Kroah-Hartman
` (401 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:39 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Peng Fan, Abel Vesa, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Peng Fan <peng.fan@nxp.com>
[ Upstream commit 5ee063fac85656bea9cfe3570af147ba1701ba18 ]
Back-to-back LPCG writes can be ignored by the LPCG register due to
a HW bug. The writes need to be separated by at least 4 cycles of
the gated clock. See https://www.nxp.com.cn/docs/en/errata/IMX8_1N94W.pdf
The workaround is implemented as follows:
1. For clocks running greater than or equal to 24MHz, a read
followed by the write will provide sufficient delay.
2. For clocks running below 24MHz, add a delay of 4 clock cylces
after the write to the LPCG register.
Fixes: 2f77296d3df9 ("clk: imx: add lpcg clock support")
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: Abel Vesa <abel.vesa@linaro.org>
Link: https://lore.kernel.org/r/20241027-imx-clk-v1-v3-1-89152574d1d7@nxp.com
Signed-off-by: Abel Vesa <abel.vesa@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/imx/clk-lpcg-scu.c | 37 ++++++++++++++++++++++++++--------
1 file changed, 29 insertions(+), 8 deletions(-)
diff --git a/drivers/clk/imx/clk-lpcg-scu.c b/drivers/clk/imx/clk-lpcg-scu.c
index dd5abd09f3e20..620afdf8dc03e 100644
--- a/drivers/clk/imx/clk-lpcg-scu.c
+++ b/drivers/clk/imx/clk-lpcg-scu.c
@@ -6,10 +6,12 @@
#include <linux/bits.h>
#include <linux/clk-provider.h>
+#include <linux/delay.h>
#include <linux/err.h>
#include <linux/io.h>
#include <linux/slab.h>
#include <linux/spinlock.h>
+#include <linux/units.h>
#include "clk-scu.h"
@@ -41,6 +43,29 @@ struct clk_lpcg_scu {
#define to_clk_lpcg_scu(_hw) container_of(_hw, struct clk_lpcg_scu, hw)
+/* e10858 -LPCG clock gating register synchronization errata */
+static void lpcg_e10858_writel(unsigned long rate, void __iomem *reg, u32 val)
+{
+ writel(val, reg);
+
+ if (rate >= 24 * HZ_PER_MHZ || rate == 0) {
+ /*
+ * The time taken to access the LPCG registers from the AP core
+ * through the interconnect is longer than the minimum delay
+ * of 4 clock cycles required by the errata.
+ * Adding a readl will provide sufficient delay to prevent
+ * back-to-back writes.
+ */
+ readl(reg);
+ } else {
+ /*
+ * For clocks running below 24MHz, wait a minimum of
+ * 4 clock cycles.
+ */
+ ndelay(4 * (DIV_ROUND_UP(1000 * HZ_PER_MHZ, rate)));
+ }
+}
+
static int clk_lpcg_scu_enable(struct clk_hw *hw)
{
struct clk_lpcg_scu *clk = to_clk_lpcg_scu(hw);
@@ -57,7 +82,8 @@ static int clk_lpcg_scu_enable(struct clk_hw *hw)
val |= CLK_GATE_SCU_LPCG_HW_SEL;
reg |= val << clk->bit_idx;
- writel(reg, clk->reg);
+
+ lpcg_e10858_writel(clk_hw_get_rate(hw), clk->reg, reg);
spin_unlock_irqrestore(&imx_lpcg_scu_lock, flags);
@@ -74,7 +100,7 @@ static void clk_lpcg_scu_disable(struct clk_hw *hw)
reg = readl_relaxed(clk->reg);
reg &= ~(CLK_GATE_SCU_LPCG_MASK << clk->bit_idx);
- writel(reg, clk->reg);
+ lpcg_e10858_writel(clk_hw_get_rate(hw), clk->reg, reg);
spin_unlock_irqrestore(&imx_lpcg_scu_lock, flags);
}
@@ -145,13 +171,8 @@ static int __maybe_unused imx_clk_lpcg_scu_resume(struct device *dev)
{
struct clk_lpcg_scu *clk = dev_get_drvdata(dev);
- /*
- * FIXME: Sometimes writes don't work unless the CPU issues
- * them twice
- */
-
- writel(clk->state, clk->reg);
writel(clk->state, clk->reg);
+ lpcg_e10858_writel(0, clk->reg, clk->state);
dev_dbg(dev, "restore lpcg state 0x%x\n", clk->state);
return 0;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 426/817] clk: imx: fracn-gppll: correct PLL initialization flow
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (424 preceding siblings ...)
2024-12-03 14:39 ` [PATCH 6.11 425/817] clk: imx: lpcg-scu: SW workaround for errata (e10858) Greg Kroah-Hartman
@ 2024-12-03 14:39 ` Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 427/817] clk: imx: fracn-gppll: fix pll power up Greg Kroah-Hartman
` (400 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jacky Bai, Peng Fan, Abel Vesa,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Peng Fan <peng.fan@nxp.com>
[ Upstream commit 557be501c38e1864b948fc6ccdf4b035d610a2ea ]
Per i.MX93 Reference Mannual 22.4 Initialization information
1. Program appropriate value of DIV[ODIV], DIV[RDIV] and DIV[MFI]
as per Integer mode.
2. Wait for 5 μs.
3. Program the following field in CTRL register.
Set CTRL[POWERUP] to 1'b1 to enable PLL block.
4. Poll PLL_STATUS[PLL_LOCK] register, and wait till PLL_STATUS[PLL_LOCK]
is 1'b1 and pll_lock output signal is 1'b1.
5. Set CTRL[CLKMUX_EN] to 1'b1 to enable PLL output clock.
So move the CLKMUX_EN operation after PLL locked.
Fixes: 1b26cb8a77a4 ("clk: imx: support fracn gppll")
Co-developed-by: Jacky Bai <ping.bai@nxp.com>
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: Abel Vesa <abel.vesa@linaro.org>
Link: https://lore.kernel.org/r/20241027-imx-clk-v1-v3-2-89152574d1d7@nxp.com
Signed-off-by: Abel Vesa <abel.vesa@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/imx/clk-fracn-gppll.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/clk/imx/clk-fracn-gppll.c b/drivers/clk/imx/clk-fracn-gppll.c
index 1becba2b62d0b..f85dd8798f15c 100644
--- a/drivers/clk/imx/clk-fracn-gppll.c
+++ b/drivers/clk/imx/clk-fracn-gppll.c
@@ -301,13 +301,13 @@ static int clk_fracn_gppll_prepare(struct clk_hw *hw)
val |= POWERUP_MASK;
writel_relaxed(val, pll->base + PLL_CTRL);
- val |= CLKMUX_EN;
- writel_relaxed(val, pll->base + PLL_CTRL);
-
ret = clk_fracn_gppll_wait_lock(pll);
if (ret)
return ret;
+ val |= CLKMUX_EN;
+ writel_relaxed(val, pll->base + PLL_CTRL);
+
val &= ~CLKMUX_BYPASS;
writel_relaxed(val, pll->base + PLL_CTRL);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 427/817] clk: imx: fracn-gppll: fix pll power up
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (425 preceding siblings ...)
2024-12-03 14:39 ` [PATCH 6.11 426/817] clk: imx: fracn-gppll: correct PLL initialization flow Greg Kroah-Hartman
@ 2024-12-03 14:39 ` Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 428/817] clk: imx: clk-scu: fix clk enable state save and restore Greg Kroah-Hartman
` (399 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jacky Bai, Peng Fan, Abel Vesa,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Peng Fan <peng.fan@nxp.com>
[ Upstream commit ff4279618f0aec350b0fb41b2b35841324fbd96e ]
To i.MX93 which features dual Cortex-A55 cores and DSU, when using
writel_relaxed to write value to PLL registers, the value might be
buffered. To make sure the value has been written into the hardware,
using readl to read back the register could achieve the goal.
current PLL power up flow can be simplified as below:
1. writel_relaxed to set the PLL POWERUP bit;
2. readl_poll_timeout to check the PLL lock bit:
a). timeout = ktime_add_us(ktime_get(), timeout_us);
b). readl the pll the lock reg;
c). check if the pll lock bit ready
d). check if timeout
But in some corner cases, both the write in step 1 and read in
step 2 will be blocked by other bus transaction in the SoC for a
long time, saying the value into real hardware is just before step b).
That means the timeout counting has begins for quite sometime since
step a), but value still not written into real hardware until bus
released just at a point before step b).
Then there maybe chances that the pll lock bit is not ready
when readl done but the timeout happens. readl_poll_timeout will
err return due to timeout. To avoid such unexpected failure,
read back the reg to make sure the write has been done in HW
reg.
So use readl after writel_relaxed to fix the issue.
Since we are here, to avoid udelay to run before writel_relaxed, use
readl before udelay.
Fixes: 1b26cb8a77a4 ("clk: imx: support fracn gppll")
Co-developed-by: Jacky Bai <ping.bai@nxp.com>
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: Abel Vesa <abel.vesa@linaro.org>
Link: https://lore.kernel.org/r/20241027-imx-clk-v1-v3-3-89152574d1d7@nxp.com
Signed-off-by: Abel Vesa <abel.vesa@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/imx/clk-fracn-gppll.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/clk/imx/clk-fracn-gppll.c b/drivers/clk/imx/clk-fracn-gppll.c
index f85dd8798f15c..b12b00a2f07fa 100644
--- a/drivers/clk/imx/clk-fracn-gppll.c
+++ b/drivers/clk/imx/clk-fracn-gppll.c
@@ -252,9 +252,11 @@ static int clk_fracn_gppll_set_rate(struct clk_hw *hw, unsigned long drate,
pll_div = FIELD_PREP(PLL_RDIV_MASK, rate->rdiv) | rate->odiv |
FIELD_PREP(PLL_MFI_MASK, rate->mfi);
writel_relaxed(pll_div, pll->base + PLL_DIV);
+ readl(pll->base + PLL_DIV);
if (pll->flags & CLK_FRACN_GPPLL_FRACN) {
writel_relaxed(rate->mfd, pll->base + PLL_DENOMINATOR);
writel_relaxed(FIELD_PREP(PLL_MFN_MASK, rate->mfn), pll->base + PLL_NUMERATOR);
+ readl(pll->base + PLL_NUMERATOR);
}
/* Wait for 5us according to fracn mode pll doc */
@@ -263,6 +265,7 @@ static int clk_fracn_gppll_set_rate(struct clk_hw *hw, unsigned long drate,
/* Enable Powerup */
tmp |= POWERUP_MASK;
writel_relaxed(tmp, pll->base + PLL_CTRL);
+ readl(pll->base + PLL_CTRL);
/* Wait Lock */
ret = clk_fracn_gppll_wait_lock(pll);
@@ -300,6 +303,7 @@ static int clk_fracn_gppll_prepare(struct clk_hw *hw)
val |= POWERUP_MASK;
writel_relaxed(val, pll->base + PLL_CTRL);
+ readl(pll->base + PLL_CTRL);
ret = clk_fracn_gppll_wait_lock(pll);
if (ret)
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 428/817] clk: imx: clk-scu: fix clk enable state save and restore
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (426 preceding siblings ...)
2024-12-03 14:39 ` [PATCH 6.11 427/817] clk: imx: fracn-gppll: fix pll power up Greg Kroah-Hartman
@ 2024-12-03 14:40 ` Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 429/817] clk: imx: imx8-acm: Fix return value check in clk_imx_acm_attach_pm_domains() Greg Kroah-Hartman
` (398 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Peng Fan, Carlos Song, Dong Aisheng,
Abel Vesa, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dong Aisheng <aisheng.dong@nxp.com>
[ Upstream commit e81361f6cf9bf4a1848b0813bc4becb2250870b8 ]
The scu clk_ops only inplements prepare() and unprepare() callback.
Saving the clock state during suspend by checking clk_hw_is_enabled()
is not safe as it's possible that some device drivers may only
disable the clocks without unprepare. Then the state retention will not
work for such clocks.
Fixing it by checking clk_hw_is_prepared() which is more reasonable
and safe.
Fixes: d0409631f466 ("clk: imx: scu: add suspend/resume support")
Reviewed-by: Peng Fan <peng.fan@nxp.com>
Tested-by: Carlos Song <carlos.song@nxp.com>
Signed-off-by: Dong Aisheng <aisheng.dong@nxp.com>
Link: https://lore.kernel.org/r/20241027-imx-clk-v1-v3-4-89152574d1d7@nxp.com
Signed-off-by: Abel Vesa <abel.vesa@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/imx/clk-scu.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/clk/imx/clk-scu.c b/drivers/clk/imx/clk-scu.c
index b1dd0c08e091b..b27186aaf2a15 100644
--- a/drivers/clk/imx/clk-scu.c
+++ b/drivers/clk/imx/clk-scu.c
@@ -596,7 +596,7 @@ static int __maybe_unused imx_clk_scu_suspend(struct device *dev)
clk->rate = clk_scu_recalc_rate(&clk->hw, 0);
else
clk->rate = clk_hw_get_rate(&clk->hw);
- clk->is_enabled = clk_hw_is_enabled(&clk->hw);
+ clk->is_enabled = clk_hw_is_prepared(&clk->hw);
if (clk->parent)
dev_dbg(dev, "save parent %s idx %u\n", clk_hw_get_name(clk->parent),
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 429/817] clk: imx: imx8-acm: Fix return value check in clk_imx_acm_attach_pm_domains()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (427 preceding siblings ...)
2024-12-03 14:40 ` [PATCH 6.11 428/817] clk: imx: clk-scu: fix clk enable state save and restore Greg Kroah-Hartman
@ 2024-12-03 14:40 ` Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 430/817] iommu/vt-d: Fix checks and print in dmar_fault_dump_ptes() Greg Kroah-Hartman
` (397 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang, Peng Fan, Abel Vesa,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit 81a206d736c19139d3863b79e7174f9e98b45499 ]
If device_link_add() fails, it returns NULL pointer not ERR_PTR(),
replace IS_ERR() with NULL pointer check, and return -EINVAL.
Fixes: d3a0946d7ac9 ("clk: imx: imx8: add audio clock mux driver")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: Abel Vesa <abel.vesa@linaro.org>
Link: https://lore.kernel.org/r/20241026112452.1523-1-yangyingliang@huaweicloud.com
Signed-off-by: Abel Vesa <abel.vesa@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/imx/clk-imx8-acm.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/clk/imx/clk-imx8-acm.c b/drivers/clk/imx/clk-imx8-acm.c
index 1bdb480cc96c6..37c61d10f213c 100644
--- a/drivers/clk/imx/clk-imx8-acm.c
+++ b/drivers/clk/imx/clk-imx8-acm.c
@@ -289,9 +289,9 @@ static int clk_imx_acm_attach_pm_domains(struct device *dev,
DL_FLAG_STATELESS |
DL_FLAG_PM_RUNTIME |
DL_FLAG_RPM_ACTIVE);
- if (IS_ERR(dev_pm->pd_dev_link[i])) {
+ if (!dev_pm->pd_dev_link[i]) {
dev_pm_domain_detach(dev_pm->pd_dev[i], false);
- ret = PTR_ERR(dev_pm->pd_dev_link[i]);
+ ret = -EINVAL;
goto detach_pm;
}
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 430/817] iommu/vt-d: Fix checks and print in dmar_fault_dump_ptes()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (428 preceding siblings ...)
2024-12-03 14:40 ` [PATCH 6.11 429/817] clk: imx: imx8-acm: Fix return value check in clk_imx_acm_attach_pm_domains() Greg Kroah-Hartman
@ 2024-12-03 14:40 ` Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 431/817] iommu/vt-d: Fix checks and print in pgtable_walk() Greg Kroah-Hartman
` (396 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhenzhong Duan, Lu Baolu,
Joerg Roedel, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zhenzhong Duan <zhenzhong.duan@intel.com>
[ Upstream commit 6ceb93f952f6ca34823ce3650c902c31b8385b40 ]
There are some issues in dmar_fault_dump_ptes():
1. return value of phys_to_virt() is used for checking if an entry is
present.
2. dump is confusing, e.g., "pasid table entry is not present", confusing
by unpresent pasid table vs. unpresent pasid table entry. Current code
means the former.
3. pgtable_walk() is called without checking if page table is present.
Fix 1 by checking present bit of an entry before dump a lower level entry.
Fix 2 by removing "entry" string, e.g., "pasid table is not present".
Fix 3 by checking page table present before walk.
Take issue 3 for example, before fix:
[ 442.240357] DMAR: pasid dir entry: 0x000000012c83e001
[ 442.246661] DMAR: pasid table entry[0]: 0x0000000000000000
[ 442.253429] DMAR: pasid table entry[1]: 0x0000000000000000
[ 442.260203] DMAR: pasid table entry[2]: 0x0000000000000000
[ 442.266969] DMAR: pasid table entry[3]: 0x0000000000000000
[ 442.273733] DMAR: pasid table entry[4]: 0x0000000000000000
[ 442.280479] DMAR: pasid table entry[5]: 0x0000000000000000
[ 442.287234] DMAR: pasid table entry[6]: 0x0000000000000000
[ 442.293989] DMAR: pasid table entry[7]: 0x0000000000000000
[ 442.300742] DMAR: PTE not present at level 2
After fix:
...
[ 357.241214] DMAR: pasid table entry[6]: 0x0000000000000000
[ 357.248022] DMAR: pasid table entry[7]: 0x0000000000000000
[ 357.254824] DMAR: scalable mode page table is not present
Fixes: 914ff7719e8a ("iommu/vt-d: Dump DMAR translation structure when DMA fault occurs")
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Link: https://lore.kernel.org/r/20241024092146.715063-2-zhenzhong.duan@intel.com
Signed-off-by: Lu Baolu <baolu.lu@linux.intel.com>
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iommu/intel/iommu.c | 29 ++++++++++++++++++++---------
1 file changed, 20 insertions(+), 9 deletions(-)
diff --git a/drivers/iommu/intel/iommu.c b/drivers/iommu/intel/iommu.c
index dda6dea7cce09..8e56df584d3f4 100644
--- a/drivers/iommu/intel/iommu.c
+++ b/drivers/iommu/intel/iommu.c
@@ -752,11 +752,11 @@ void dmar_fault_dump_ptes(struct intel_iommu *iommu, u16 source_id,
pr_info("Dump %s table entries for IOVA 0x%llx\n", iommu->name, addr);
/* root entry dump */
- rt_entry = &iommu->root_entry[bus];
- if (!rt_entry) {
- pr_info("root table entry is not present\n");
+ if (!iommu->root_entry) {
+ pr_info("root table is not present\n");
return;
}
+ rt_entry = &iommu->root_entry[bus];
if (sm_supported(iommu))
pr_info("scalable mode root entry: hi 0x%016llx, low 0x%016llx\n",
@@ -767,7 +767,7 @@ void dmar_fault_dump_ptes(struct intel_iommu *iommu, u16 source_id,
/* context entry dump */
ctx_entry = iommu_context_addr(iommu, bus, devfn, 0);
if (!ctx_entry) {
- pr_info("context table entry is not present\n");
+ pr_info("context table is not present\n");
return;
}
@@ -776,17 +776,23 @@ void dmar_fault_dump_ptes(struct intel_iommu *iommu, u16 source_id,
/* legacy mode does not require PASID entries */
if (!sm_supported(iommu)) {
+ if (!context_present(ctx_entry)) {
+ pr_info("legacy mode page table is not present\n");
+ return;
+ }
level = agaw_to_level(ctx_entry->hi & 7);
pgtable = phys_to_virt(ctx_entry->lo & VTD_PAGE_MASK);
goto pgtable_walk;
}
- /* get the pointer to pasid directory entry */
- dir = phys_to_virt(ctx_entry->lo & VTD_PAGE_MASK);
- if (!dir) {
- pr_info("pasid directory entry is not present\n");
+ if (!context_present(ctx_entry)) {
+ pr_info("pasid directory table is not present\n");
return;
}
+
+ /* get the pointer to pasid directory entry */
+ dir = phys_to_virt(ctx_entry->lo & VTD_PAGE_MASK);
+
/* For request-without-pasid, get the pasid from context entry */
if (intel_iommu_sm && pasid == IOMMU_PASID_INVALID)
pasid = IOMMU_NO_PASID;
@@ -798,7 +804,7 @@ void dmar_fault_dump_ptes(struct intel_iommu *iommu, u16 source_id,
/* get the pointer to the pasid table entry */
entries = get_pasid_table_from_pde(pde);
if (!entries) {
- pr_info("pasid table entry is not present\n");
+ pr_info("pasid table is not present\n");
return;
}
index = pasid & PASID_PTE_MASK;
@@ -806,6 +812,11 @@ void dmar_fault_dump_ptes(struct intel_iommu *iommu, u16 source_id,
for (i = 0; i < ARRAY_SIZE(pte->val); i++)
pr_info("pasid table entry[%d]: 0x%016llx\n", i, pte->val[i]);
+ if (!pasid_pte_is_present(pte)) {
+ pr_info("scalable mode page table is not present\n");
+ return;
+ }
+
if (pasid_pte_get_pgtt(pte) == PASID_ENTRY_PGTT_FL_ONLY) {
level = pte->val[2] & BIT_ULL(2) ? 5 : 4;
pgtable = phys_to_virt(pte->val[2] & VTD_PAGE_MASK);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 431/817] iommu/vt-d: Fix checks and print in pgtable_walk()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (429 preceding siblings ...)
2024-12-03 14:40 ` [PATCH 6.11 430/817] iommu/vt-d: Fix checks and print in dmar_fault_dump_ptes() Greg Kroah-Hartman
@ 2024-12-03 14:40 ` Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 432/817] checkpatch: always parse orig_commit in fixes tag Greg Kroah-Hartman
` (395 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhenzhong Duan, Lu Baolu,
Joerg Roedel, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zhenzhong Duan <zhenzhong.duan@intel.com>
[ Upstream commit f1645676f25d2c846798f0233c3a953efd62aafb ]
There are some issues in pgtable_walk():
1. Super page is dumped as non-present page
2. dma_pte_superpage() should not check against leaf page table entries
3. Pointer pte is never NULL so checking it is meaningless
4. When an entry is not present, it still makes sense to dump the entry
content.
Fix 1,2 by checking dma_pte_superpage()'s returned value after level check.
Fix 3 by removing pte check.
Fix 4 by checking present bit after printing.
By this chance, change to print "page table not present" instead of "PTE
not present" to be clearer.
Fixes: 914ff7719e8a ("iommu/vt-d: Dump DMAR translation structure when DMA fault occurs")
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Link: https://lore.kernel.org/r/20241024092146.715063-3-zhenzhong.duan@intel.com
Signed-off-by: Lu Baolu <baolu.lu@linux.intel.com>
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iommu/intel/iommu.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/drivers/iommu/intel/iommu.c b/drivers/iommu/intel/iommu.c
index 8e56df584d3f4..cdb8701a968fd 100644
--- a/drivers/iommu/intel/iommu.c
+++ b/drivers/iommu/intel/iommu.c
@@ -722,14 +722,15 @@ static void pgtable_walk(struct intel_iommu *iommu, unsigned long pfn,
while (1) {
offset = pfn_level_offset(pfn, level);
pte = &parent[offset];
- if (!pte || (dma_pte_superpage(pte) || !dma_pte_present(pte))) {
- pr_info("PTE not present at level %d\n", level);
- break;
- }
pr_info("pte level: %d, pte value: 0x%016llx\n", level, pte->val);
- if (level == 1)
+ if (!dma_pte_present(pte)) {
+ pr_info("page table not present at level %d\n", level - 1);
+ break;
+ }
+
+ if (level == 1 || dma_pte_superpage(pte))
break;
parent = phys_to_virt(dma_pte_addr(pte));
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 432/817] checkpatch: always parse orig_commit in fixes tag
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (430 preceding siblings ...)
2024-12-03 14:40 ` [PATCH 6.11 431/817] iommu/vt-d: Fix checks and print in pgtable_walk() Greg Kroah-Hartman
@ 2024-12-03 14:40 ` Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 433/817] mfd: rt5033: Fix missing regmap_del_irq_chip() Greg Kroah-Hartman
` (394 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Tamir Duberstein, Andy Whitcroft,
Dwaipayan Ray, Joe Perches, Louis Peens, Lukas Bulwahn,
Niklas Söderlund, Philippe Schenker, Simon Horman,
Andrew Morton, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tamir Duberstein <tamird@gmail.com>
[ Upstream commit 2f07b652384969f5d0b317e1daa5f2eb967bc73d ]
Do not require the presence of `$balanced_parens` to get the commit SHA;
this allows a `Fixes: deadbeef` tag to get a correct suggestion rather
than a suggestion containing a reference to HEAD.
Given this patch:
: From: Tamir Duberstein <tamird@gmail.com>
: Subject: Test patch
: Date: Fri, 25 Oct 2024 19:30:51 -0400
:
: This is a test patch.
:
: Fixes: bd17e036b495
: Signed-off-by: Tamir Duberstein <tamird@gmail.com>
: --- /dev/null
: +++ b/new-file
: @@ -0,0 +1 @@
: +Test.
Before:
WARNING: Please use correct Fixes: style 'Fixes: <12 chars of sha1> ("<title line>")' - ie: 'Fixes: c10a7d25e68f ("Test patch")'
After:
WARNING: Please use correct Fixes: style 'Fixes: <12 chars of sha1> ("<title line>")' - ie: 'Fixes: bd17e036b495 ("checkpatch: warn for non-standard fixes tag style")'
The prior behavior incorrectly suggested the patch's own SHA and title
line rather than the referenced commit's. This fixes that.
Ironically this:
Fixes: bd17e036b495 ("checkpatch: warn for non-standard fixes tag style")
Signed-off-by: Tamir Duberstein <tamird@gmail.com>
Cc: Andy Whitcroft <apw@canonical.com>
Cc: Dwaipayan Ray <dwaipayanray1@gmail.com>
Cc: Joe Perches <joe@perches.com>
Cc: Louis Peens <louis.peens@corigine.com>
Cc: Lukas Bulwahn <lukas.bulwahn@gmail.com>
Cc: Niklas Söderlund <niklas.soderlund+renesas@ragnatech.se>
Cc: Philippe Schenker <philippe.schenker@toradex.com>
Cc: Simon Horman <horms@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
scripts/checkpatch.pl | 37 ++++++++++++++++---------------------
1 file changed, 16 insertions(+), 21 deletions(-)
diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl
index 4427572b24771..b03d526e4c454 100755
--- a/scripts/checkpatch.pl
+++ b/scripts/checkpatch.pl
@@ -3209,36 +3209,31 @@ sub process {
# Check Fixes: styles is correct
if (!$in_header_lines &&
- $line =~ /^\s*fixes:?\s*(?:commit\s*)?[0-9a-f]{5,}\b/i) {
- my $orig_commit = "";
- my $id = "0123456789ab";
- my $title = "commit title";
- my $tag_case = 1;
- my $tag_space = 1;
- my $id_length = 1;
- my $id_case = 1;
+ $line =~ /^\s*(fixes:?)\s*(?:commit\s*)?([0-9a-f]{5,40})(?:\s*($balanced_parens))?/i) {
+ my $tag = $1;
+ my $orig_commit = $2;
+ my $title;
my $title_has_quotes = 0;
$fixes_tag = 1;
-
- if ($line =~ /(\s*fixes:?)\s+([0-9a-f]{5,})\s+($balanced_parens)/i) {
- my $tag = $1;
- $orig_commit = $2;
- $title = $3;
-
- $tag_case = 0 if $tag eq "Fixes:";
- $tag_space = 0 if ($line =~ /^fixes:? [0-9a-f]{5,} ($balanced_parens)/i);
-
- $id_length = 0 if ($orig_commit =~ /^[0-9a-f]{12}$/i);
- $id_case = 0 if ($orig_commit !~ /[A-F]/);
-
+ if (defined $3) {
# Always strip leading/trailing parens then double quotes if existing
- $title = substr($title, 1, -1);
+ $title = substr($3, 1, -1);
if ($title =~ /^".*"$/) {
$title = substr($title, 1, -1);
$title_has_quotes = 1;
}
+ } else {
+ $title = "commit title"
}
+
+ my $tag_case = not ($tag eq "Fixes:");
+ my $tag_space = not ($line =~ /^fixes:? [0-9a-f]{5,40} ($balanced_parens)/i);
+
+ my $id_length = not ($orig_commit =~ /^[0-9a-f]{12}$/i);
+ my $id_case = not ($orig_commit !~ /[A-F]/);
+
+ my $id = "0123456789ab";
my ($cid, $ctitle) = git_commit_info($orig_commit, $id,
$title);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 433/817] mfd: rt5033: Fix missing regmap_del_irq_chip()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (431 preceding siblings ...)
2024-12-03 14:40 ` [PATCH 6.11 432/817] checkpatch: always parse orig_commit in fixes tag Greg Kroah-Hartman
@ 2024-12-03 14:40 ` Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 434/817] leds: max5970: Fix unreleased fwnode_handle in probe function Greg Kroah-Hartman
` (393 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhang Changzhong, Lee Jones,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zhang Changzhong <zhangchangzhong@huawei.com>
[ Upstream commit d256d612f47529ed0b332298e2d5ea981a4dd5b8 ]
Fix missing call to regmap_del_irq_chip() in error handling path by
using devm_regmap_add_irq_chip().
Fixes: 0b271258544b ("mfd: rt5033: Add Richtek RT5033 driver core.")
Signed-off-by: Zhang Changzhong <zhangchangzhong@huawei.com>
Link: https://lore.kernel.org/r/1730302867-8391-1-git-send-email-zhangchangzhong@huawei.com
Signed-off-by: Lee Jones <lee@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mfd/rt5033.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/mfd/rt5033.c b/drivers/mfd/rt5033.c
index 7e23ab3d5842c..84ebc96f58e48 100644
--- a/drivers/mfd/rt5033.c
+++ b/drivers/mfd/rt5033.c
@@ -81,8 +81,8 @@ static int rt5033_i2c_probe(struct i2c_client *i2c)
chip_rev = dev_id & RT5033_CHIP_REV_MASK;
dev_info(&i2c->dev, "Device found (rev. %d)\n", chip_rev);
- ret = regmap_add_irq_chip(rt5033->regmap, rt5033->irq,
- IRQF_TRIGGER_FALLING | IRQF_ONESHOT,
+ ret = devm_regmap_add_irq_chip(rt5033->dev, rt5033->regmap,
+ rt5033->irq, IRQF_TRIGGER_FALLING | IRQF_ONESHOT,
0, &rt5033_irq_chip, &rt5033->irq_data);
if (ret) {
dev_err(&i2c->dev, "Failed to request IRQ %d: %d\n",
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 434/817] leds: max5970: Fix unreleased fwnode_handle in probe function
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (432 preceding siblings ...)
2024-12-03 14:40 ` [PATCH 6.11 433/817] mfd: rt5033: Fix missing regmap_del_irq_chip() Greg Kroah-Hartman
@ 2024-12-03 14:40 ` Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 435/817] leds: ktd2692: Set missing timing properties Greg Kroah-Hartman
` (392 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:40 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Javier Carrasco, Lee Jones,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Javier Carrasco <javier.carrasco.cruz@gmail.com>
[ Upstream commit 02f58f97419c828f58e30f24f54395ac9be159c0 ]
An object initialized via device_get_named_child_node() requires calls
to fwnode_handle_put() when it is no longer required to avoid leaking
memory.
Add the automatic cleanup facility for 'led_node' to ensure that
fwnode_handle_put() is called in all execution paths.
Fixes: 736214b4b02a ("leds: max5970: Add support for max5970")
Signed-off-by: Javier Carrasco <javier.carrasco.cruz@gmail.com>
Link: https://lore.kernel.org/r/20241031-max5970-of_node_put-v2-1-0ffe1f1d3bc9@gmail.com
Signed-off-by: Lee Jones <lee@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/leds/leds-max5970.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/leds/leds-max5970.c b/drivers/leds/leds-max5970.c
index 56a584311581a..285074c53b234 100644
--- a/drivers/leds/leds-max5970.c
+++ b/drivers/leds/leds-max5970.c
@@ -45,7 +45,7 @@ static int max5970_led_set_brightness(struct led_classdev *cdev,
static int max5970_led_probe(struct platform_device *pdev)
{
- struct fwnode_handle *led_node, *child;
+ struct fwnode_handle *child;
struct device *dev = &pdev->dev;
struct regmap *regmap;
struct max5970_led *ddata;
@@ -55,7 +55,8 @@ static int max5970_led_probe(struct platform_device *pdev)
if (!regmap)
return -ENODEV;
- led_node = device_get_named_child_node(dev->parent, "leds");
+ struct fwnode_handle *led_node __free(fwnode_handle) =
+ device_get_named_child_node(dev->parent, "leds");
if (!led_node)
return -ENODEV;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 435/817] leds: ktd2692: Set missing timing properties
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (433 preceding siblings ...)
2024-12-03 14:40 ` [PATCH 6.11 434/817] leds: max5970: Fix unreleased fwnode_handle in probe function Greg Kroah-Hartman
@ 2024-12-03 14:40 ` Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 436/817] fs/proc/kcore.c: fix coccinelle reported ERROR instances Greg Kroah-Hartman
` (391 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Raymond Hackley, Duje Mihanović,
Lee Jones, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Raymond Hackley <raymondhackley@protonmail.com>
[ Upstream commit 95c65546f03f888481eda98b499947252e1f3b20 ]
props.timing is not set after commit b5a8c50e5c18 ("leds: ktd2692: Convert
to use ExpressWire library"). Set it with ktd2692_timing.
Fixes: b5a8c50e5c18 ("leds: ktd2692: Convert to use ExpressWire library")
Signed-off-by: Raymond Hackley <raymondhackley@protonmail.com>
Acked-by: Duje Mihanović <duje.mihanovic@skole.hr>
Link: https://lore.kernel.org/r/20241103083505.49648-1-raymondhackley@protonmail.com
Signed-off-by: Lee Jones <lee@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/leds/flash/leds-ktd2692.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/leds/flash/leds-ktd2692.c b/drivers/leds/flash/leds-ktd2692.c
index 7bb0aa2753e36..0a8632b0da304 100644
--- a/drivers/leds/flash/leds-ktd2692.c
+++ b/drivers/leds/flash/leds-ktd2692.c
@@ -293,6 +293,7 @@ static int ktd2692_probe(struct platform_device *pdev)
fled_cdev = &led->fled_cdev;
led_cdev = &fled_cdev->led_cdev;
+ led->props.timing = ktd2692_timing;
ret = ktd2692_parse_dt(led, &pdev->dev, &led_cfg);
if (ret)
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 436/817] fs/proc/kcore.c: fix coccinelle reported ERROR instances
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (434 preceding siblings ...)
2024-12-03 14:40 ` [PATCH 6.11 435/817] leds: ktd2692: Set missing timing properties Greg Kroah-Hartman
@ 2024-12-03 14:40 ` Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 437/817] scsi: target: Fix incorrect function name in pscsi_create_type_disk() Greg Kroah-Hartman
` (390 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jakob Koschel, Mirsad Todorovac,
Mike Rapoport, David Hildenbrand, Oscar Salvador,
Brian Johannesmeyer, Cristiano Giuffrida, Bos, H.J.,
Alexey Dobriyan, Andrew Morton, Yang Li, Baoquan He, Hari Bathini,
Yan Zhen, Alexander Gordeev, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mirsad Todorovac <mtodorovac69@gmail.com>
[ Upstream commit 82e33f249f1126cf3c5f39a31b850d485ac33bc3 ]
Coccinelle complains about the nested reuse of the pointer `iter' with
different pointer type:
./fs/proc/kcore.c:515:26-30: ERROR: invalid reference to the index variable of the iterator on line 499
./fs/proc/kcore.c:534:23-27: ERROR: invalid reference to the index variable of the iterator on line 499
./fs/proc/kcore.c:550:40-44: ERROR: invalid reference to the index variable of the iterator on line 499
./fs/proc/kcore.c:568:27-31: ERROR: invalid reference to the index variable of the iterator on line 499
./fs/proc/kcore.c:581:28-32: ERROR: invalid reference to the index variable of the iterator on line 499
./fs/proc/kcore.c:599:27-31: ERROR: invalid reference to the index variable of the iterator on line 499
./fs/proc/kcore.c:607:38-42: ERROR: invalid reference to the index variable of the iterator on line 499
./fs/proc/kcore.c:614:26-30: ERROR: invalid reference to the index variable of the iterator on line 499
Replacing `struct kcore_list *iter' with `struct kcore_list *tmp' doesn't change the
scope and the functionality is the same and coccinelle seems happy.
NOTE: There was an issue with using `struct kcore_list *pos' as the nested iterator.
The build did not work!
[akpm@linux-foundation.org: s/tmp/pos/]
Link: https://lkml.kernel.org/r/20241029054651.86356-2-mtodorovac69@gmail.com
Link: https://lore.kernel.org/all/CAHk-=wgRr_D8CB-D9Kg-c=EHreAsk5SqXPwr9Y7k9sA6cWXJ6w@mail.gmail.com/ [1]
Link: https://lkml.kernel.org/r/20220331223700.902556-1-jakobkoschel@gmail.com
Fixes: 04d168c6d42d ("fs/proc/kcore.c: remove check of list iterator against head past the loop body")
Signed-off-by: Jakob Koschel <jakobkoschel@gmail.com>
Signed-off-by: Mirsad Todorovac <mtodorovac69@gmail.com>
Cc: Mike Rapoport <rppt@kernel.org>
Cc: David Hildenbrand <david@redhat.com>
Cc: Oscar Salvador <osalvador@suse.de>
Cc: "Brian Johannesmeyer" <bjohannesmeyer@gmail.com>
Cc: Cristiano Giuffrida <c.giuffrida@vu.nl>
Cc: "Bos, H.J." <h.j.bos@vu.nl>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Yang Li <yang.lee@linux.alibaba.com>
Cc: Baoquan He <bhe@redhat.com>
Cc: Hari Bathini <hbathini@linux.ibm.com>
Cc: Yan Zhen <yanzhen@vivo.com>
Cc: Alexander Gordeev <agordeev@linux.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/proc/kcore.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/fs/proc/kcore.c b/fs/proc/kcore.c
index 13a041ef0c4e9..7e4afd7409a66 100644
--- a/fs/proc/kcore.c
+++ b/fs/proc/kcore.c
@@ -493,13 +493,13 @@ static ssize_t read_kcore_iter(struct kiocb *iocb, struct iov_iter *iter)
* the previous entry, search for a matching entry.
*/
if (!m || start < m->addr || start >= m->addr + m->size) {
- struct kcore_list *iter;
+ struct kcore_list *pos;
m = NULL;
- list_for_each_entry(iter, &kclist_head, list) {
- if (start >= iter->addr &&
- start < iter->addr + iter->size) {
- m = iter;
+ list_for_each_entry(pos, &kclist_head, list) {
+ if (start >= pos->addr &&
+ start < pos->addr + pos->size) {
+ m = pos;
break;
}
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 437/817] scsi: target: Fix incorrect function name in pscsi_create_type_disk()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (435 preceding siblings ...)
2024-12-03 14:40 ` [PATCH 6.11 436/817] fs/proc/kcore.c: fix coccinelle reported ERROR instances Greg Kroah-Hartman
@ 2024-12-03 14:40 ` Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 438/817] scsi: bfa: Fix use-after-free in bfad_im_module_exit() Greg Kroah-Hartman
` (389 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Baolin Liu, Martin K. Petersen,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Baolin Liu <liubaolin@kylinos.cn>
[ Upstream commit da5aeca99dd0b6c7bf6679382756ea6bda195f72 ]
In pr_err(), bdev_open_by_path() should be renamed to
bdev_file_open_by_path()
Fixes: 034f0cf8fdf9 ("target: port block device access to file")
Signed-off-by: Baolin Liu <liubaolin@kylinos.cn>
Link: https://lore.kernel.org/r/20241030021800.234980-1-liubaolin12138@163.com
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/target/target_core_pscsi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/target/target_core_pscsi.c b/drivers/target/target_core_pscsi.c
index f98ebb18666bf..da7017113f92a 100644
--- a/drivers/target/target_core_pscsi.c
+++ b/drivers/target/target_core_pscsi.c
@@ -369,7 +369,7 @@ static int pscsi_create_type_disk(struct se_device *dev, struct scsi_device *sd)
bdev_file = bdev_file_open_by_path(dev->udev_path,
BLK_OPEN_WRITE | BLK_OPEN_READ, pdv, NULL);
if (IS_ERR(bdev_file)) {
- pr_err("pSCSI: bdev_open_by_path() failed\n");
+ pr_err("pSCSI: bdev_file_open_by_path() failed\n");
scsi_device_put(sd);
return PTR_ERR(bdev_file);
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 438/817] scsi: bfa: Fix use-after-free in bfad_im_module_exit()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (436 preceding siblings ...)
2024-12-03 14:40 ` [PATCH 6.11 437/817] scsi: target: Fix incorrect function name in pscsi_create_type_disk() Greg Kroah-Hartman
@ 2024-12-03 14:40 ` Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 439/817] scsi: fusion: Remove unused variable rc Greg Kroah-Hartman
` (388 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:40 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Ye Bin, Martin K. Petersen,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ye Bin <yebin10@huawei.com>
[ Upstream commit 178b8f38932d635e90f5f0e9af1986c6f4a89271 ]
BUG: KASAN: slab-use-after-free in __lock_acquire+0x2aca/0x3a20
Read of size 8 at addr ffff8881082d80c8 by task modprobe/25303
Call Trace:
<TASK>
dump_stack_lvl+0x95/0xe0
print_report+0xcb/0x620
kasan_report+0xbd/0xf0
__lock_acquire+0x2aca/0x3a20
lock_acquire+0x19b/0x520
_raw_spin_lock+0x2b/0x40
attribute_container_unregister+0x30/0x160
fc_release_transport+0x19/0x90 [scsi_transport_fc]
bfad_im_module_exit+0x23/0x60 [bfa]
bfad_init+0xdb/0xff0 [bfa]
do_one_initcall+0xdc/0x550
do_init_module+0x22d/0x6b0
load_module+0x4e96/0x5ff0
init_module_from_file+0xcd/0x130
idempotent_init_module+0x330/0x620
__x64_sys_finit_module+0xb3/0x110
do_syscall_64+0xc1/0x1d0
entry_SYSCALL_64_after_hwframe+0x77/0x7f
</TASK>
Allocated by task 25303:
kasan_save_stack+0x24/0x50
kasan_save_track+0x14/0x30
__kasan_kmalloc+0x7f/0x90
fc_attach_transport+0x4f/0x4740 [scsi_transport_fc]
bfad_im_module_init+0x17/0x80 [bfa]
bfad_init+0x23/0xff0 [bfa]
do_one_initcall+0xdc/0x550
do_init_module+0x22d/0x6b0
load_module+0x4e96/0x5ff0
init_module_from_file+0xcd/0x130
idempotent_init_module+0x330/0x620
__x64_sys_finit_module+0xb3/0x110
do_syscall_64+0xc1/0x1d0
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Freed by task 25303:
kasan_save_stack+0x24/0x50
kasan_save_track+0x14/0x30
kasan_save_free_info+0x3b/0x60
__kasan_slab_free+0x38/0x50
kfree+0x212/0x480
bfad_im_module_init+0x7e/0x80 [bfa]
bfad_init+0x23/0xff0 [bfa]
do_one_initcall+0xdc/0x550
do_init_module+0x22d/0x6b0
load_module+0x4e96/0x5ff0
init_module_from_file+0xcd/0x130
idempotent_init_module+0x330/0x620
__x64_sys_finit_module+0xb3/0x110
do_syscall_64+0xc1/0x1d0
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Above issue happens as follows:
bfad_init
error = bfad_im_module_init()
fc_release_transport(bfad_im_scsi_transport_template);
if (error)
goto ext;
ext:
bfad_im_module_exit();
fc_release_transport(bfad_im_scsi_transport_template);
--> Trigger double release
Don't call bfad_im_module_exit() if bfad_im_module_init() failed.
Fixes: 7725ccfda597 ("[SCSI] bfa: Brocade BFA FC SCSI driver")
Signed-off-by: Ye Bin <yebin10@huawei.com>
Link: https://lore.kernel.org/r/20241023011809.63466-1-yebin@huaweicloud.com
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/bfa/bfad.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/scsi/bfa/bfad.c b/drivers/scsi/bfa/bfad.c
index 62cb7a864fd53..70c7515a822f5 100644
--- a/drivers/scsi/bfa/bfad.c
+++ b/drivers/scsi/bfa/bfad.c
@@ -1693,9 +1693,8 @@ bfad_init(void)
error = bfad_im_module_init();
if (error) {
- error = -ENOMEM;
printk(KERN_WARNING "bfad_im_module_init failure\n");
- goto ext;
+ return -ENOMEM;
}
if (strcmp(FCPI_NAME, " fcpim") == 0)
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 439/817] scsi: fusion: Remove unused variable rc
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (437 preceding siblings ...)
2024-12-03 14:40 ` [PATCH 6.11 438/817] scsi: bfa: Fix use-after-free in bfad_im_module_exit() Greg Kroah-Hartman
@ 2024-12-03 14:40 ` Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 440/817] scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb() Greg Kroah-Hartman
` (387 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zeng Heng, Martin K. Petersen,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zeng Heng <zengheng4@huawei.com>
[ Upstream commit bd65694223f7ad11c790ab63ad1af87a771192ee ]
The return value of scsi_device_reprobe() is currently ignored in
_scsih_reprobe_lun(). Fixing the calling code to deal with the potential
error is non-trivial, so for now just WARN_ON().
The handling of scsi_device_reprobe()'s return value refers to
_scsih_reprobe_lun() and the following link:
https://lore.kernel.org/all/094fdbf57487af4f395238c0525b2a560c8f68f0.1469766027.git.calvinowens@fb.com/
Fixes: f99be43b3024 ("[SCSI] fusion: power pc and miscellaneous bug fixs")
Signed-off-by: Zeng Heng <zengheng4@huawei.com>
Link: https://lore.kernel.org/r/20241024084417.154655-1-zengheng4@huawei.com
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/message/fusion/mptsas.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/drivers/message/fusion/mptsas.c b/drivers/message/fusion/mptsas.c
index a0bcb0864ecd2..a798e26c6402d 100644
--- a/drivers/message/fusion/mptsas.c
+++ b/drivers/message/fusion/mptsas.c
@@ -4231,10 +4231,8 @@ mptsas_find_phyinfo_by_phys_disk_num(MPT_ADAPTER *ioc, u8 phys_disk_num,
static void
mptsas_reprobe_lun(struct scsi_device *sdev, void *data)
{
- int rc;
-
sdev->no_uld_attach = data ? 1 : 0;
- rc = scsi_device_reprobe(sdev);
+ WARN_ON(scsi_device_reprobe(sdev));
}
static void
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 440/817] scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (438 preceding siblings ...)
2024-12-03 14:40 ` [PATCH 6.11 439/817] scsi: fusion: Remove unused variable rc Greg Kroah-Hartman
@ 2024-12-03 14:40 ` Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 441/817] scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb() Greg Kroah-Hartman
` (386 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhen Lei, Martin K. Petersen,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zhen Lei <thunder.leizhen@huawei.com>
[ Upstream commit c62c30429db3eb4ced35c7fcf6f04a61ce3a01bb ]
Hook "qed_ops->common->sb_init = qed_sb_init" does not release the DMA
memory sb_virt when it fails. Add dma_free_coherent() to free it. This
is the same way as qedr_alloc_mem_sb() and qede_alloc_mem_sb().
Fixes: 61d8658b4a43 ("scsi: qedf: Add QLogic FastLinQ offload FCoE driver framework.")
Signed-off-by: Zhen Lei <thunder.leizhen@huawei.com>
Link: https://lore.kernel.org/r/20241026125711.484-2-thunder.leizhen@huawei.com
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/qedf/qedf_main.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/scsi/qedf/qedf_main.c b/drivers/scsi/qedf/qedf_main.c
index 4813087e58a15..6f1fc88c59fc0 100644
--- a/drivers/scsi/qedf/qedf_main.c
+++ b/drivers/scsi/qedf/qedf_main.c
@@ -2738,6 +2738,7 @@ static int qedf_alloc_and_init_sb(struct qedf_ctx *qedf,
sb_id, QED_SB_TYPE_STORAGE);
if (ret) {
+ dma_free_coherent(&qedf->pdev->dev, sizeof(*sb_virt), sb_virt, sb_phys);
QEDF_ERR(&qedf->dbg_ctx,
"Status block initialization failed (0x%x) for id = %d.\n",
ret, sb_id);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 441/817] scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (439 preceding siblings ...)
2024-12-03 14:40 ` [PATCH 6.11 440/817] scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb() Greg Kroah-Hartman
@ 2024-12-03 14:40 ` Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 442/817] scsi: sg: Enable runtime power management Greg Kroah-Hartman
` (385 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhen Lei, Martin K. Petersen,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zhen Lei <thunder.leizhen@huawei.com>
[ Upstream commit 95bbdca4999bc59a72ebab01663d421d6ce5775d ]
Hook "qedi_ops->common->sb_init = qed_sb_init" does not release the DMA
memory sb_virt when it fails. Add dma_free_coherent() to free it. This
is the same way as qedr_alloc_mem_sb() and qede_alloc_mem_sb().
Fixes: ace7f46ba5fd ("scsi: qedi: Add QLogic FastLinQ offload iSCSI driver framework.")
Signed-off-by: Zhen Lei <thunder.leizhen@huawei.com>
Link: https://lore.kernel.org/r/20241026125711.484-3-thunder.leizhen@huawei.com
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/qedi/qedi_main.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/scsi/qedi/qedi_main.c b/drivers/scsi/qedi/qedi_main.c
index cd0180b1f5b9d..ede8d1f6ae236 100644
--- a/drivers/scsi/qedi/qedi_main.c
+++ b/drivers/scsi/qedi/qedi_main.c
@@ -369,6 +369,7 @@ static int qedi_alloc_and_init_sb(struct qedi_ctx *qedi,
ret = qedi_ops->common->sb_init(qedi->cdev, sb_info, sb_virt, sb_phys,
sb_id, QED_SB_TYPE_STORAGE);
if (ret) {
+ dma_free_coherent(&qedi->pdev->dev, sizeof(*sb_virt), sb_virt, sb_phys);
QEDI_ERR(&qedi->dbg_ctx,
"Status block initialization failed for id = %d.\n",
sb_id);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 442/817] scsi: sg: Enable runtime power management
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (440 preceding siblings ...)
2024-12-03 14:40 ` [PATCH 6.11 441/817] scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb() Greg Kroah-Hartman
@ 2024-12-03 14:40 ` Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 443/817] x86/tdx: Introduce wrappers to read and write TD metadata Greg Kroah-Hartman
` (384 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Alan Stern, Douglas Gilbert,
Bart Van Assche, Martin K. Petersen, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Bart Van Assche <bvanassche@acm.org>
[ Upstream commit 4045de893f691f75193c606aec440c365cf7a7be ]
In 2010, runtime power management support was implemented in the SCSI
core. The description of patch "[SCSI] implement runtime Power
Management" mentions that the sg driver is skipped but not why. This
patch enables runtime power management even if an instance of the sg
driver is held open. Enabling runtime PM for the sg driver is safe
because all interactions of the sg driver with the SCSI device pass
through the block layer (blk_execute_rq_nowait()) and the block layer
already supports runtime PM.
Cc: Alan Stern <stern@rowland.harvard.edu>
Cc: Douglas Gilbert <dgilbert@interlog.com>
Fixes: bc4f24014de5 ("[SCSI] implement runtime Power Management")
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Link: https://lore.kernel.org/r/20241030220310.1373569-1-bvanassche@acm.org
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/sg.c | 9 +--------
1 file changed, 1 insertion(+), 8 deletions(-)
diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c
index baf870a03ecf6..9e6eebf307d3a 100644
--- a/drivers/scsi/sg.c
+++ b/drivers/scsi/sg.c
@@ -307,10 +307,6 @@ sg_open(struct inode *inode, struct file *filp)
if (retval)
goto sg_put;
- retval = scsi_autopm_get_device(device);
- if (retval)
- goto sdp_put;
-
/* scsi_block_when_processing_errors() may block so bypass
* check if O_NONBLOCK. Permits SCSI commands to be issued
* during error recovery. Tread carefully. */
@@ -318,7 +314,7 @@ sg_open(struct inode *inode, struct file *filp)
scsi_block_when_processing_errors(device))) {
retval = -ENXIO;
/* we are in error recovery for this device */
- goto error_out;
+ goto sdp_put;
}
mutex_lock(&sdp->open_rel_lock);
@@ -371,8 +367,6 @@ sg_open(struct inode *inode, struct file *filp)
}
error_mutex_locked:
mutex_unlock(&sdp->open_rel_lock);
-error_out:
- scsi_autopm_put_device(device);
sdp_put:
kref_put(&sdp->d_ref, sg_device_destroy);
scsi_device_put(device);
@@ -392,7 +386,6 @@ sg_release(struct inode *inode, struct file *filp)
SCSI_LOG_TIMEOUT(3, sg_printk(KERN_INFO, sdp, "sg_release\n"));
mutex_lock(&sdp->open_rel_lock);
- scsi_autopm_put_device(sdp->device);
kref_put(&sfp->f_ref, sg_remove_sfp);
sdp->open_cnt--;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 443/817] x86/tdx: Introduce wrappers to read and write TD metadata
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (441 preceding siblings ...)
2024-12-03 14:40 ` [PATCH 6.11 442/817] scsi: sg: Enable runtime power management Greg Kroah-Hartman
@ 2024-12-03 14:40 ` Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 444/817] x86/tdx: Rename tdx_parse_tdinfo() to tdx_setup() Greg Kroah-Hartman
` (383 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Kirill A. Shutemov, Dave Hansen,
Kai Huang, Kuppuswamy Sathyanarayanan, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
[ Upstream commit 5081e8fadb809253c911b349b01d87c5b4e3fec5 ]
The TDG_VM_WR TDCALL is used to ask the TDX module to change some
TD-specific VM configuration. There is currently only one user in the
kernel of this TDCALL leaf. More will be added shortly.
Refactor to make way for more users of TDG_VM_WR who will need to modify
other TD configuration values.
Add a wrapper for the TDG_VM_RD TDCALL that requests TD-specific
metadata from the TDX module. There are currently no users for
TDG_VM_RD. Mark it as __maybe_unused until the first user appears.
This is preparation for enumeration and enabling optional TD features.
Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: Kai Huang <kai.huang@intel.com>
Reviewed-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
Link: https://lore.kernel.org/all/20241104103803.195705-2-kirill.shutemov%40linux.intel.com
Stable-dep-of: f65aa0ad79fc ("x86/tdx: Dynamically disable SEPT violations from causing #VEs")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/coco/tdx/tdx.c | 32 ++++++++++++++++++++++++++-----
arch/x86/include/asm/shared/tdx.h | 1 +
2 files changed, 28 insertions(+), 5 deletions(-)
diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c
index 327c45c5013fe..c74bb9e7d7a35 100644
--- a/arch/x86/coco/tdx/tdx.c
+++ b/arch/x86/coco/tdx/tdx.c
@@ -78,6 +78,32 @@ static inline void tdcall(u64 fn, struct tdx_module_args *args)
panic("TDCALL %lld failed (Buggy TDX module!)\n", fn);
}
+/* Read TD-scoped metadata */
+static inline u64 __maybe_unused tdg_vm_rd(u64 field, u64 *value)
+{
+ struct tdx_module_args args = {
+ .rdx = field,
+ };
+ u64 ret;
+
+ ret = __tdcall_ret(TDG_VM_RD, &args);
+ *value = args.r8;
+
+ return ret;
+}
+
+/* Write TD-scoped metadata */
+static inline u64 tdg_vm_wr(u64 field, u64 value, u64 mask)
+{
+ struct tdx_module_args args = {
+ .rdx = field,
+ .r8 = value,
+ .r9 = mask,
+ };
+
+ return __tdcall(TDG_VM_WR, &args);
+}
+
/**
* tdx_mcall_get_report0() - Wrapper to get TDREPORT0 (a.k.a. TDREPORT
* subtype 0) using TDG.MR.REPORT TDCALL.
@@ -929,10 +955,6 @@ static void tdx_kexec_finish(void)
void __init tdx_early_init(void)
{
- struct tdx_module_args args = {
- .rdx = TDCS_NOTIFY_ENABLES,
- .r9 = -1ULL,
- };
u64 cc_mask;
u32 eax, sig[3];
@@ -951,7 +973,7 @@ void __init tdx_early_init(void)
cc_set_mask(cc_mask);
/* Kernel does not use NOTIFY_ENABLES and does not need random #VEs */
- tdcall(TDG_VM_WR, &args);
+ tdg_vm_wr(TDCS_NOTIFY_ENABLES, 0, -1ULL);
/*
* All bits above GPA width are reserved and kernel treats shared bit
diff --git a/arch/x86/include/asm/shared/tdx.h b/arch/x86/include/asm/shared/tdx.h
index fdfd41511b021..7e12cfa28bec9 100644
--- a/arch/x86/include/asm/shared/tdx.h
+++ b/arch/x86/include/asm/shared/tdx.h
@@ -16,6 +16,7 @@
#define TDG_VP_VEINFO_GET 3
#define TDG_MR_REPORT 4
#define TDG_MEM_PAGE_ACCEPT 6
+#define TDG_VM_RD 7
#define TDG_VM_WR 8
/* TDCS fields. To be used by TDG.VM.WR and TDG.VM.RD module calls */
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 444/817] x86/tdx: Rename tdx_parse_tdinfo() to tdx_setup()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (442 preceding siblings ...)
2024-12-03 14:40 ` [PATCH 6.11 443/817] x86/tdx: Introduce wrappers to read and write TD metadata Greg Kroah-Hartman
@ 2024-12-03 14:40 ` Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 445/817] x86/tdx: Dynamically disable SEPT violations from causing #VEs Greg Kroah-Hartman
` (382 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Kirill A. Shutemov, Dave Hansen,
Kuppuswamy Sathyanarayanan, Kai Huang, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
[ Upstream commit b064043d9565786b385f85e6436ca5716bbd5552 ]
Rename tdx_parse_tdinfo() to tdx_setup() and move setting NOTIFY_ENABLES
there.
The function will be extended to adjust TD configuration.
Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
Reviewed-by: Kai Huang <kai.huang@intel.com>
Link: https://lore.kernel.org/all/20241104103803.195705-3-kirill.shutemov%40linux.intel.com
Stable-dep-of: f65aa0ad79fc ("x86/tdx: Dynamically disable SEPT violations from causing #VEs")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/coco/tdx/tdx.c | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c
index c74bb9e7d7a35..28b321a95a5e8 100644
--- a/arch/x86/coco/tdx/tdx.c
+++ b/arch/x86/coco/tdx/tdx.c
@@ -194,7 +194,7 @@ static void __noreturn tdx_panic(const char *msg)
__tdx_hypercall(&args);
}
-static void tdx_parse_tdinfo(u64 *cc_mask)
+static void tdx_setup(u64 *cc_mask)
{
struct tdx_module_args args = {};
unsigned int gpa_width;
@@ -219,6 +219,9 @@ static void tdx_parse_tdinfo(u64 *cc_mask)
gpa_width = args.rcx & GENMASK(5, 0);
*cc_mask = BIT_ULL(gpa_width - 1);
+ /* Kernel does not use NOTIFY_ENABLES and does not need random #VEs */
+ tdg_vm_wr(TDCS_NOTIFY_ENABLES, 0, -1ULL);
+
/*
* The kernel can not handle #VE's when accessing normal kernel
* memory. Ensure that no #VE will be delivered for accesses to
@@ -969,11 +972,11 @@ void __init tdx_early_init(void)
setup_force_cpu_cap(X86_FEATURE_TSC_RELIABLE);
cc_vendor = CC_VENDOR_INTEL;
- tdx_parse_tdinfo(&cc_mask);
- cc_set_mask(cc_mask);
- /* Kernel does not use NOTIFY_ENABLES and does not need random #VEs */
- tdg_vm_wr(TDCS_NOTIFY_ENABLES, 0, -1ULL);
+ /* Configure the TD */
+ tdx_setup(&cc_mask);
+
+ cc_set_mask(cc_mask);
/*
* All bits above GPA width are reserved and kernel treats shared bit
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 445/817] x86/tdx: Dynamically disable SEPT violations from causing #VEs
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (443 preceding siblings ...)
2024-12-03 14:40 ` [PATCH 6.11 444/817] x86/tdx: Rename tdx_parse_tdinfo() to tdx_setup() Greg Kroah-Hartman
@ 2024-12-03 14:40 ` Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 446/817] powerpc/fadump: allocate memory for additional parameters early Greg Kroah-Hartman
` (381 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Kirill A. Shutemov, Dave Hansen,
Kai Huang, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
[ Upstream commit f65aa0ad79fca4ace921da0701644f020129043d ]
Memory access #VEs are hard for Linux to handle in contexts like the
entry code or NMIs. But other OSes need them for functionality.
There's a static (pre-guest-boot) way for a VMM to choose one or the
other. But VMMs don't always know which OS they are booting, so they
choose to deliver those #VEs so the "other" OSes will work. That,
unfortunately has left us in the lurch and exposed to these
hard-to-handle #VEs.
The TDX module has introduced a new feature. Even if the static
configuration is set to "send nasty #VEs", the kernel can dynamically
request that they be disabled. Once they are disabled, access to private
memory that is not in the Mapped state in the Secure-EPT (SEPT) will
result in an exit to the VMM rather than injecting a #VE.
Check if the feature is available and disable SEPT #VE if possible.
If the TD is allowed to disable/enable SEPT #VEs, the ATTR_SEPT_VE_DISABLE
attribute is no longer reliable. It reflects the initial state of the
control for the TD, but it will not be updated if someone (e.g. bootloader)
changes it before the kernel starts. Kernel must check TDCS_TD_CTLS bit to
determine if SEPT #VEs are enabled or disabled.
[ dhansen: remove 'return' at end of function ]
Fixes: 373e715e31bf ("x86/tdx: Panic on bad configs that #VE on "private" memory access")
Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Acked-by: Kai Huang <kai.huang@intel.com>
Link: https://lore.kernel.org/all/20241104103803.195705-4-kirill.shutemov%40linux.intel.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/coco/tdx/tdx.c | 74 ++++++++++++++++++++++++-------
arch/x86/include/asm/shared/tdx.h | 10 ++++-
2 files changed, 67 insertions(+), 17 deletions(-)
diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c
index 28b321a95a5e8..2f85ed005c42f 100644
--- a/arch/x86/coco/tdx/tdx.c
+++ b/arch/x86/coco/tdx/tdx.c
@@ -79,7 +79,7 @@ static inline void tdcall(u64 fn, struct tdx_module_args *args)
}
/* Read TD-scoped metadata */
-static inline u64 __maybe_unused tdg_vm_rd(u64 field, u64 *value)
+static inline u64 tdg_vm_rd(u64 field, u64 *value)
{
struct tdx_module_args args = {
.rdx = field,
@@ -194,6 +194,60 @@ static void __noreturn tdx_panic(const char *msg)
__tdx_hypercall(&args);
}
+/*
+ * The kernel cannot handle #VEs when accessing normal kernel memory. Ensure
+ * that no #VE will be delivered for accesses to TD-private memory.
+ *
+ * TDX 1.0 does not allow the guest to disable SEPT #VE on its own. The VMM
+ * controls if the guest will receive such #VE with TD attribute
+ * ATTR_SEPT_VE_DISABLE.
+ *
+ * Newer TDX modules allow the guest to control if it wants to receive SEPT
+ * violation #VEs.
+ *
+ * Check if the feature is available and disable SEPT #VE if possible.
+ *
+ * If the TD is allowed to disable/enable SEPT #VEs, the ATTR_SEPT_VE_DISABLE
+ * attribute is no longer reliable. It reflects the initial state of the
+ * control for the TD, but it will not be updated if someone (e.g. bootloader)
+ * changes it before the kernel starts. Kernel must check TDCS_TD_CTLS bit to
+ * determine if SEPT #VEs are enabled or disabled.
+ */
+static void disable_sept_ve(u64 td_attr)
+{
+ const char *msg = "TD misconfiguration: SEPT #VE has to be disabled";
+ bool debug = td_attr & ATTR_DEBUG;
+ u64 config, controls;
+
+ /* Is this TD allowed to disable SEPT #VE */
+ tdg_vm_rd(TDCS_CONFIG_FLAGS, &config);
+ if (!(config & TDCS_CONFIG_FLEXIBLE_PENDING_VE)) {
+ /* No SEPT #VE controls for the guest: check the attribute */
+ if (td_attr & ATTR_SEPT_VE_DISABLE)
+ return;
+
+ /* Relax SEPT_VE_DISABLE check for debug TD for backtraces */
+ if (debug)
+ pr_warn("%s\n", msg);
+ else
+ tdx_panic(msg);
+ return;
+ }
+
+ /* Check if SEPT #VE has been disabled before us */
+ tdg_vm_rd(TDCS_TD_CTLS, &controls);
+ if (controls & TD_CTLS_PENDING_VE_DISABLE)
+ return;
+
+ /* Keep #VEs enabled for splats in debugging environments */
+ if (debug)
+ return;
+
+ /* Disable SEPT #VEs */
+ tdg_vm_wr(TDCS_TD_CTLS, TD_CTLS_PENDING_VE_DISABLE,
+ TD_CTLS_PENDING_VE_DISABLE);
+}
+
static void tdx_setup(u64 *cc_mask)
{
struct tdx_module_args args = {};
@@ -219,24 +273,12 @@ static void tdx_setup(u64 *cc_mask)
gpa_width = args.rcx & GENMASK(5, 0);
*cc_mask = BIT_ULL(gpa_width - 1);
+ td_attr = args.rdx;
+
/* Kernel does not use NOTIFY_ENABLES and does not need random #VEs */
tdg_vm_wr(TDCS_NOTIFY_ENABLES, 0, -1ULL);
- /*
- * The kernel can not handle #VE's when accessing normal kernel
- * memory. Ensure that no #VE will be delivered for accesses to
- * TD-private memory. Only VMM-shared memory (MMIO) will #VE.
- */
- td_attr = args.rdx;
- if (!(td_attr & ATTR_SEPT_VE_DISABLE)) {
- const char *msg = "TD misconfiguration: SEPT_VE_DISABLE attribute must be set.";
-
- /* Relax SEPT_VE_DISABLE check for debug TD. */
- if (td_attr & ATTR_DEBUG)
- pr_warn("%s\n", msg);
- else
- tdx_panic(msg);
- }
+ disable_sept_ve(td_attr);
}
/*
diff --git a/arch/x86/include/asm/shared/tdx.h b/arch/x86/include/asm/shared/tdx.h
index 7e12cfa28bec9..fecb2a6e864be 100644
--- a/arch/x86/include/asm/shared/tdx.h
+++ b/arch/x86/include/asm/shared/tdx.h
@@ -19,9 +19,17 @@
#define TDG_VM_RD 7
#define TDG_VM_WR 8
-/* TDCS fields. To be used by TDG.VM.WR and TDG.VM.RD module calls */
+/* TDX TD-Scope Metadata. To be used by TDG.VM.WR and TDG.VM.RD */
+#define TDCS_CONFIG_FLAGS 0x1110000300000016
+#define TDCS_TD_CTLS 0x1110000300000017
#define TDCS_NOTIFY_ENABLES 0x9100000000000010
+/* TDCS_CONFIG_FLAGS bits */
+#define TDCS_CONFIG_FLEXIBLE_PENDING_VE BIT_ULL(1)
+
+/* TDCS_TD_CTLS bits */
+#define TD_CTLS_PENDING_VE_DISABLE BIT_ULL(0)
+
/* TDX hypercall Leaf IDs */
#define TDVMCALL_MAP_GPA 0x10001
#define TDVMCALL_GET_QUOTE 0x10002
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 446/817] powerpc/fadump: allocate memory for additional parameters early
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (444 preceding siblings ...)
2024-12-03 14:40 ` [PATCH 6.11 445/817] x86/tdx: Dynamically disable SEPT violations from causing #VEs Greg Kroah-Hartman
@ 2024-12-03 14:40 ` Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 447/817] fadump: reserve param area if below boot_mem_top Greg Kroah-Hartman
` (380 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Venkat Rao Bagalkote, Hari Bathini,
Sourabh Jain, Michael Ellerman, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hari Bathini <hbathini@linux.ibm.com>
[ Upstream commit f4892c68ecc1cf45e41a78820dd2eebccc945b66 ]
Memory for passing additional parameters to fadump capture kernel
is allocated during subsys_initcall level, using memblock. But
as slab is already available by this time, allocation happens via
the buddy allocator. This may work for radix MMU but is likely to
fail in most cases for hash MMU as hash MMU needs this memory in
the first memory block for it to be accessible in real mode in the
capture kernel (second boot). So, allocate memory for additional
parameters area as soon as MMU mode is obvious.
Fixes: 683eab94da75 ("powerpc/fadump: setup additional parameters for dump capture kernel")
Reported-by: Venkat Rao Bagalkote <venkat88@linux.vnet.ibm.com>
Closes: https://lore.kernel.org/lkml/a70e4064-a040-447b-8556-1fd02f19383d@linux.vnet.ibm.com/T/#u
Signed-off-by: Hari Bathini <hbathini@linux.ibm.com>
Signed-off-by: Sourabh Jain <sourabhjain@linux.ibm.com>
Tested-by: Venkat Rao Bagalkote <venkat88@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://patch.msgid.link/20241107055817.489795-1-sourabhjain@linux.ibm.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/include/asm/fadump.h | 2 ++
arch/powerpc/kernel/fadump.c | 15 ++++++++++-----
arch/powerpc/kernel/prom.c | 3 +++
3 files changed, 15 insertions(+), 5 deletions(-)
diff --git a/arch/powerpc/include/asm/fadump.h b/arch/powerpc/include/asm/fadump.h
index 3638f04447f59..a48f54dde4f65 100644
--- a/arch/powerpc/include/asm/fadump.h
+++ b/arch/powerpc/include/asm/fadump.h
@@ -19,6 +19,7 @@ extern int is_fadump_active(void);
extern int should_fadump_crash(void);
extern void crash_fadump(struct pt_regs *, const char *);
extern void fadump_cleanup(void);
+void fadump_setup_param_area(void);
extern void fadump_append_bootargs(void);
#else /* CONFIG_FA_DUMP */
@@ -26,6 +27,7 @@ static inline int is_fadump_active(void) { return 0; }
static inline int should_fadump_crash(void) { return 0; }
static inline void crash_fadump(struct pt_regs *regs, const char *str) { }
static inline void fadump_cleanup(void) { }
+static inline void fadump_setup_param_area(void) { }
static inline void fadump_append_bootargs(void) { }
#endif /* !CONFIG_FA_DUMP */
diff --git a/arch/powerpc/kernel/fadump.c b/arch/powerpc/kernel/fadump.c
index ac7b4e1645e55..6ab7934d719f7 100644
--- a/arch/powerpc/kernel/fadump.c
+++ b/arch/powerpc/kernel/fadump.c
@@ -1577,6 +1577,12 @@ static void __init fadump_init_files(void)
return;
}
+ if (fw_dump.param_area) {
+ rc = sysfs_create_file(fadump_kobj, &bootargs_append_attr.attr);
+ if (rc)
+ pr_err("unable to create bootargs_append sysfs file (%d)\n", rc);
+ }
+
debugfs_create_file("fadump_region", 0444, arch_debugfs_dir, NULL,
&fadump_region_fops);
@@ -1731,7 +1737,7 @@ static void __init fadump_process(void)
* Reserve memory to store additional parameters to be passed
* for fadump/capture kernel.
*/
-static void __init fadump_setup_param_area(void)
+void __init fadump_setup_param_area(void)
{
phys_addr_t range_start, range_end;
@@ -1739,7 +1745,7 @@ static void __init fadump_setup_param_area(void)
return;
/* This memory can't be used by PFW or bootloader as it is shared across kernels */
- if (radix_enabled()) {
+ if (early_radix_enabled()) {
/*
* Anywhere in the upper half should be good enough as all memory
* is accessible in real mode.
@@ -1767,12 +1773,12 @@ static void __init fadump_setup_param_area(void)
COMMAND_LINE_SIZE,
range_start,
range_end);
- if (!fw_dump.param_area || sysfs_create_file(fadump_kobj, &bootargs_append_attr.attr)) {
+ if (!fw_dump.param_area) {
pr_warn("WARNING: Could not setup area to pass additional parameters!\n");
return;
}
- memset(phys_to_virt(fw_dump.param_area), 0, COMMAND_LINE_SIZE);
+ memset((void *)fw_dump.param_area, 0, COMMAND_LINE_SIZE);
}
/*
@@ -1798,7 +1804,6 @@ int __init setup_fadump(void)
}
/* Initialize the kernel dump memory structure and register with f/w */
else if (fw_dump.reserve_dump_area_size) {
- fadump_setup_param_area();
fw_dump.ops->fadump_init_mem_struct(&fw_dump);
register_fadump();
}
diff --git a/arch/powerpc/kernel/prom.c b/arch/powerpc/kernel/prom.c
index 88cbe432cad59..e0059842a1c64 100644
--- a/arch/powerpc/kernel/prom.c
+++ b/arch/powerpc/kernel/prom.c
@@ -908,6 +908,9 @@ void __init early_init_devtree(void *params)
mmu_early_init_devtree();
+ /* Setup param area for passing additional parameters to fadump capture kernel. */
+ fadump_setup_param_area();
+
#ifdef CONFIG_PPC_POWERNV
/* Scan and build the list of machine check recoverable ranges */
of_scan_flat_dt(early_init_dt_scan_recoverable_ranges, NULL);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 447/817] fadump: reserve param area if below boot_mem_top
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (445 preceding siblings ...)
2024-12-03 14:40 ` [PATCH 6.11 446/817] powerpc/fadump: allocate memory for additional parameters early Greg Kroah-Hartman
@ 2024-12-03 14:40 ` Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 448/817] RDMA/hns: Fix out-of-order issue of requester when setting FENCE Greg Kroah-Hartman
` (379 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Hari Bathini, Sourabh Jain,
Michael Ellerman, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sourabh Jain <sourabhjain@linux.ibm.com>
[ Upstream commit fb90dca828b6070709093934c6dec56489a2d91d ]
The param area is a memory region where the kernel places additional
command-line arguments for fadump kernel. Currently, the param memory
area is reserved in fadump kernel if it is above boot_mem_top. However,
it should be reserved if it is below boot_mem_top because the fadump
kernel already reserves memory from boot_mem_top to the end of DRAM.
Currently, there is no impact from not reserving param memory if it is
below boot_mem_top, as it is not used after the early boot phase of the
fadump kernel. However, if this changes in the future, it could lead to
issues in the fadump kernel.
Fixes: 3416c9daa6b1 ("powerpc/fadump: pass additional parameters when fadump is active")
Acked-by: Hari Bathini <hbathini@linux.ibm.com>
Signed-off-by: Sourabh Jain <sourabhjain@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://patch.msgid.link/20241107055817.489795-2-sourabhjain@linux.ibm.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/kernel/fadump.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/powerpc/kernel/fadump.c b/arch/powerpc/kernel/fadump.c
index 6ab7934d719f7..4641de75f7fc1 100644
--- a/arch/powerpc/kernel/fadump.c
+++ b/arch/powerpc/kernel/fadump.c
@@ -136,7 +136,7 @@ void __init fadump_append_bootargs(void)
if (!fw_dump.dump_active || !fw_dump.param_area_supported || !fw_dump.param_area)
return;
- if (fw_dump.param_area >= fw_dump.boot_mem_top) {
+ if (fw_dump.param_area < fw_dump.boot_mem_top) {
if (memblock_reserve(fw_dump.param_area, COMMAND_LINE_SIZE)) {
pr_warn("WARNING: Can't use additional parameters area!\n");
fw_dump.param_area = 0;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 448/817] RDMA/hns: Fix out-of-order issue of requester when setting FENCE
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (446 preceding siblings ...)
2024-12-03 14:40 ` [PATCH 6.11 447/817] fadump: reserve param area if below boot_mem_top Greg Kroah-Hartman
@ 2024-12-03 14:40 ` Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 449/817] RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg() Greg Kroah-Hartman
` (378 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Junxian Huang, Leon Romanovsky,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Junxian Huang <huangjunxian6@hisilicon.com>
[ Upstream commit 5dbcb1c1900f45182b5651c89257c272f1f3ead7 ]
The FENCE indicator in hns WQE doesn't ensure that response data from
a previous Read/Atomic operation has been written to the requester's
memory before the subsequent Send/Write operation is processed. This
may result in the subsequent Send/Write operation accessing the original
data in memory instead of the expected response data.
Unlike FENCE, the SO (Strong Order) indicator blocks the subsequent
operation until the previous response data is written to memory and a
bresp is returned. Set the SO indicator instead of FENCE to maintain
strict order.
Fixes: 9a4435375cd1 ("IB/hns: Add driver files for hns RoCE driver")
Signed-off-by: Junxian Huang <huangjunxian6@hisilicon.com>
Link: https://patch.msgid.link/20241108075743.2652258-2-huangjunxian6@hisilicon.com
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 2 +-
drivers/infiniband/hw/hns/hns_roce_hw_v2.h | 1 +
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/infiniband/hw/hns/hns_roce_hw_v2.c b/drivers/infiniband/hw/hns/hns_roce_hw_v2.c
index d1c075fb0ad89..707e96ce222c5 100644
--- a/drivers/infiniband/hw/hns/hns_roce_hw_v2.c
+++ b/drivers/infiniband/hw/hns/hns_roce_hw_v2.c
@@ -575,7 +575,7 @@ static inline int set_rc_wqe(struct hns_roce_qp *qp,
if (WARN_ON(ret))
return ret;
- hr_reg_write(rc_sq_wqe, RC_SEND_WQE_FENCE,
+ hr_reg_write(rc_sq_wqe, RC_SEND_WQE_SO,
(wr->send_flags & IB_SEND_FENCE) ? 1 : 0);
hr_reg_write(rc_sq_wqe, RC_SEND_WQE_SE,
diff --git a/drivers/infiniband/hw/hns/hns_roce_hw_v2.h b/drivers/infiniband/hw/hns/hns_roce_hw_v2.h
index 3b3c6259ace0e..dedb1853e193e 100644
--- a/drivers/infiniband/hw/hns/hns_roce_hw_v2.h
+++ b/drivers/infiniband/hw/hns/hns_roce_hw_v2.h
@@ -924,6 +924,7 @@ struct hns_roce_v2_rc_send_wqe {
#define RC_SEND_WQE_OWNER RC_SEND_WQE_FIELD_LOC(7, 7)
#define RC_SEND_WQE_CQE RC_SEND_WQE_FIELD_LOC(8, 8)
#define RC_SEND_WQE_FENCE RC_SEND_WQE_FIELD_LOC(9, 9)
+#define RC_SEND_WQE_SO RC_SEND_WQE_FIELD_LOC(10, 10)
#define RC_SEND_WQE_SE RC_SEND_WQE_FIELD_LOC(11, 11)
#define RC_SEND_WQE_INLINE RC_SEND_WQE_FIELD_LOC(12, 12)
#define RC_SEND_WQE_WQE_INDEX RC_SEND_WQE_FIELD_LOC(30, 15)
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 449/817] RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (447 preceding siblings ...)
2024-12-03 14:40 ` [PATCH 6.11 448/817] RDMA/hns: Fix out-of-order issue of requester when setting FENCE Greg Kroah-Hartman
@ 2024-12-03 14:40 ` Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 450/817] cpufreq: loongson3: Check for error code from devm_mutex_init() call Greg Kroah-Hartman
` (377 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Junxian Huang, Leon Romanovsky,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Junxian Huang <huangjunxian6@hisilicon.com>
[ Upstream commit 6b526d17eed850352d880b93b9bf20b93006bd92 ]
ib_map_mr_sg() allows ULPs to specify NULL as the sg_offset argument.
The driver needs to check whether it is a NULL pointer before
dereferencing it.
Fixes: d387d4b54eb8 ("RDMA/hns: Fix missing pagesize and alignment check in FRMR")
Signed-off-by: Junxian Huang <huangjunxian6@hisilicon.com>
Link: https://patch.msgid.link/20241108075743.2652258-3-huangjunxian6@hisilicon.com
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/hw/hns/hns_roce_mr.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/drivers/infiniband/hw/hns/hns_roce_mr.c b/drivers/infiniband/hw/hns/hns_roce_mr.c
index b3f4327d0e64a..bf30b3a65a9ba 100644
--- a/drivers/infiniband/hw/hns/hns_roce_mr.c
+++ b/drivers/infiniband/hw/hns/hns_roce_mr.c
@@ -435,15 +435,16 @@ static int hns_roce_set_page(struct ib_mr *ibmr, u64 addr)
}
int hns_roce_map_mr_sg(struct ib_mr *ibmr, struct scatterlist *sg, int sg_nents,
- unsigned int *sg_offset)
+ unsigned int *sg_offset_p)
{
+ unsigned int sg_offset = sg_offset_p ? *sg_offset_p : 0;
struct hns_roce_dev *hr_dev = to_hr_dev(ibmr->device);
struct ib_device *ibdev = &hr_dev->ib_dev;
struct hns_roce_mr *mr = to_hr_mr(ibmr);
struct hns_roce_mtr *mtr = &mr->pbl_mtr;
int ret, sg_num = 0;
- if (!IS_ALIGNED(*sg_offset, HNS_ROCE_FRMR_ALIGN_SIZE) ||
+ if (!IS_ALIGNED(sg_offset, HNS_ROCE_FRMR_ALIGN_SIZE) ||
ibmr->page_size < HNS_HW_PAGE_SIZE ||
ibmr->page_size > HNS_HW_MAX_PAGE_SIZE)
return sg_num;
@@ -454,7 +455,7 @@ int hns_roce_map_mr_sg(struct ib_mr *ibmr, struct scatterlist *sg, int sg_nents,
if (!mr->page_list)
return sg_num;
- sg_num = ib_sg_to_pages(ibmr, sg, sg_nents, sg_offset, hns_roce_set_page);
+ sg_num = ib_sg_to_pages(ibmr, sg, sg_nents, sg_offset_p, hns_roce_set_page);
if (sg_num < 1) {
ibdev_err(ibdev, "failed to store sg pages %u %u, cnt = %d.\n",
mr->npages, mr->pbl_mtr.hem_cfg.buf_pg_count, sg_num);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 450/817] cpufreq: loongson3: Check for error code from devm_mutex_init() call
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (448 preceding siblings ...)
2024-12-03 14:40 ` [PATCH 6.11 449/817] RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg() Greg Kroah-Hartman
@ 2024-12-03 14:40 ` Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 451/817] cpufreq: CPPC: Fix wrong return value in cppc_get_cpu_cost() Greg Kroah-Hartman
` (376 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Andy Shevchenko, Viresh Kumar,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
[ Upstream commit db01e46689e9a986ca6b5d2f41b57d7a81551a4f ]
Even if it's not critical, the avoidance of checking the error code
from devm_mutex_init() call today diminishes the point of using devm
variant of it. Tomorrow it may even leak something. Add the missed
check.
Fixes: ccf51454145b ("cpufreq: Add Loongson-3 CPUFreq driver support")
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/cpufreq/loongson3_cpufreq.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/drivers/cpufreq/loongson3_cpufreq.c b/drivers/cpufreq/loongson3_cpufreq.c
index 6b5e6798d9a28..a923e196ec86e 100644
--- a/drivers/cpufreq/loongson3_cpufreq.c
+++ b/drivers/cpufreq/loongson3_cpufreq.c
@@ -346,8 +346,11 @@ static int loongson3_cpufreq_probe(struct platform_device *pdev)
{
int i, ret;
- for (i = 0; i < MAX_PACKAGES; i++)
- devm_mutex_init(&pdev->dev, &cpufreq_mutex[i]);
+ for (i = 0; i < MAX_PACKAGES; i++) {
+ ret = devm_mutex_init(&pdev->dev, &cpufreq_mutex[i]);
+ if (ret)
+ return ret;
+ }
ret = do_service_request(0, 0, CMD_GET_VERSION, 0, 0);
if (ret <= 0)
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 451/817] cpufreq: CPPC: Fix wrong return value in cppc_get_cpu_cost()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (449 preceding siblings ...)
2024-12-03 14:40 ` [PATCH 6.11 450/817] cpufreq: loongson3: Check for error code from devm_mutex_init() call Greg Kroah-Hartman
@ 2024-12-03 14:40 ` Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 452/817] cpufreq: CPPC: Fix wrong return value in cppc_get_cpu_power() Greg Kroah-Hartman
` (375 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dan Carpenter, Jinjie Ruan,
Quentin Perret, Viresh Kumar, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jinjie Ruan <ruanjinjie@huawei.com>
[ Upstream commit be392aa80f1e5b0b65ccc2a540b9304fefcfe3d8 ]
cppc_get_cpu_cost() return 0 if the policy is NULL. Then in
em_compute_costs(), the later zero check for cost is not valid
as cost is uninitialized. As Quentin pointed out, kernel energy model
core check the return value of get_cost() first, so if the callback
failed it should tell the core. Return -EINVAL to fix it.
Fixes: 1a1374bb8c59 ("cpufreq: CPPC: Fix possible null-ptr-deref for cppc_get_cpu_cost()")
Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Closes: https://lore.kernel.org/all/c4765377-7830-44c2-84fa-706b6e304e10@stanley.mountain/
Signed-off-by: Jinjie Ruan <ruanjinjie@huawei.com>
Suggested-by: Quentin Perret <qperret@google.com>
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/cpufreq/cppc_cpufreq.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/cpufreq/cppc_cpufreq.c b/drivers/cpufreq/cppc_cpufreq.c
index 00556b4d83f83..27508b396846e 100644
--- a/drivers/cpufreq/cppc_cpufreq.c
+++ b/drivers/cpufreq/cppc_cpufreq.c
@@ -494,7 +494,7 @@ static int cppc_get_cpu_cost(struct device *cpu_dev, unsigned long KHz,
policy = cpufreq_cpu_get_raw(cpu_dev->id);
if (!policy)
- return 0;
+ return -EINVAL;
cpu_data = policy->driver_data;
perf_caps = &cpu_data->perf_caps;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 452/817] cpufreq: CPPC: Fix wrong return value in cppc_get_cpu_power()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (450 preceding siblings ...)
2024-12-03 14:40 ` [PATCH 6.11 451/817] cpufreq: CPPC: Fix wrong return value in cppc_get_cpu_cost() Greg Kroah-Hartman
@ 2024-12-03 14:40 ` Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 453/817] kasan: move checks to do_strncpy_from_user Greg Kroah-Hartman
` (374 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jinjie Ruan, Quentin Perret,
Viresh Kumar, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jinjie Ruan <ruanjinjie@huawei.com>
[ Upstream commit b51eb0874d8170028434fbd259e80b78ed9b8eca ]
cppc_get_cpu_power() return 0 if the policy is NULL. Then in
em_create_perf_table(), the later zero check for power is not valid
as power is uninitialized. As Quentin pointed out, kernel energy model
core check the return value of active_power() first, so if the callback
failed it should tell the core. So return -EINVAL to fix it.
Fixes: a78e72075642 ("cpufreq: CPPC: Fix possible null-ptr-deref for cpufreq_cpu_get_raw()")
Signed-off-by: Jinjie Ruan <ruanjinjie@huawei.com>
Suggested-by: Quentin Perret <qperret@google.com>
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/cpufreq/cppc_cpufreq.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/cpufreq/cppc_cpufreq.c b/drivers/cpufreq/cppc_cpufreq.c
index 27508b396846e..6bea89bfe3e95 100644
--- a/drivers/cpufreq/cppc_cpufreq.c
+++ b/drivers/cpufreq/cppc_cpufreq.c
@@ -424,7 +424,7 @@ static int cppc_get_cpu_power(struct device *cpu_dev,
policy = cpufreq_cpu_get_raw(cpu_dev->id);
if (!policy)
- return 0;
+ return -EINVAL;
cpu_data = policy->driver_data;
perf_caps = &cpu_data->perf_caps;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 453/817] kasan: move checks to do_strncpy_from_user
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (451 preceding siblings ...)
2024-12-03 14:40 ` [PATCH 6.11 452/817] cpufreq: CPPC: Fix wrong return value in cppc_get_cpu_power() Greg Kroah-Hartman
@ 2024-12-03 14:40 ` Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 454/817] kunit: skb: use "gfp" variable instead of hardcoding GFP_KERNEL Greg Kroah-Hartman
` (373 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Sabyrzhan Tasbolatov,
Andrey Konovalov, Alexander Potapenko, Alex Shi, Andrey Ryabinin,
Dmitry Vyukov, Hu Haowen, Jonathan Corbet, Marco Elver,
Vincenzo Frascino, Yanteng Si, Andrew Morton, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sabyrzhan Tasbolatov <snovitoll@gmail.com>
[ Upstream commit ae193dd79398970ee760e0c8129ac42ef8f5c6ff ]
Patch series "kasan: migrate the last module test to kunit", v4.
copy_user_test() is the last KUnit-incompatible test with
CONFIG_KASAN_MODULE_TEST requirement, which we are going to migrate to
KUnit framework and delete the former test and Kconfig as well.
In this patch series:
- [1/3] move kasan_check_write() and check_object_size() to
do_strncpy_from_user() to cover with KASAN checks with
multiple conditions in strncpy_from_user().
- [2/3] migrated copy_user_test() to KUnit, where we can also test
strncpy_from_user() due to [1/4].
KUnits have been tested on:
- x86_64 with CONFIG_KASAN_GENERIC. Passed
- arm64 with CONFIG_KASAN_SW_TAGS. 1 fail. See [1]
- arm64 with CONFIG_KASAN_HW_TAGS. 1 fail. See [1]
[1] https://lore.kernel.org/linux-mm/CACzwLxj21h7nCcS2-KA_q7ybe+5pxH0uCDwu64q_9pPsydneWQ@mail.gmail.com/
- [3/3] delete CONFIG_KASAN_MODULE_TEST and documentation occurrences.
This patch (of 3):
Since in the commit 2865baf54077("x86: support user address masking
instead of non-speculative conditional") do_strncpy_from_user() is called
from multiple places, we should sanitize the kernel *dst memory and size
which were done in strncpy_from_user() previously.
Link: https://lkml.kernel.org/r/20241016131802.3115788-1-snovitoll@gmail.com
Link: https://lkml.kernel.org/r/20241016131802.3115788-2-snovitoll@gmail.com
Fixes: 2865baf54077 ("x86: support user address masking instead of non-speculative conditional")
Signed-off-by: Sabyrzhan Tasbolatov <snovitoll@gmail.com>
Reviewed-by: Andrey Konovalov <andreyknvl@gmail.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Alex Shi <alexs@kernel.org>
Cc: Andrey Ryabinin <ryabinin.a.a@gmail.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Hu Haowen <2023002089@link.tyut.edu.cn>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: Marco Elver <elver@google.com>
Cc: Vincenzo Frascino <vincenzo.frascino@arm.com>
Cc: Yanteng Si <siyanteng@loongson.cn>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
lib/strncpy_from_user.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/lib/strncpy_from_user.c b/lib/strncpy_from_user.c
index 989a12a678721..6dc234913dd58 100644
--- a/lib/strncpy_from_user.c
+++ b/lib/strncpy_from_user.c
@@ -120,6 +120,9 @@ long strncpy_from_user(char *dst, const char __user *src, long count)
if (unlikely(count <= 0))
return 0;
+ kasan_check_write(dst, count);
+ check_object_size(dst, count, false);
+
if (can_do_masked_user_access()) {
long retval;
@@ -142,8 +145,6 @@ long strncpy_from_user(char *dst, const char __user *src, long count)
if (max > count)
max = count;
- kasan_check_write(dst, count);
- check_object_size(dst, count, false);
if (user_read_access_begin(src, max)) {
retval = do_strncpy_from_user(dst, src, count, max);
user_read_access_end();
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 454/817] kunit: skb: use "gfp" variable instead of hardcoding GFP_KERNEL
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (452 preceding siblings ...)
2024-12-03 14:40 ` [PATCH 6.11 453/817] kasan: move checks to do_strncpy_from_user Greg Kroah-Hartman
@ 2024-12-03 14:40 ` Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 455/817] ocfs2: fix uninitialized value in ocfs2_file_read_iter() Greg Kroah-Hartman
` (372 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dan Carpenter, David Gow,
Kuan-Wei Chiu, Shuah Khan, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dan Carpenter <dan.carpenter@linaro.org>
[ Upstream commit fd0a5afb5455b4561bfc6dfb0c4b2d8226f9ccfe ]
The intent here was clearly to use the gfp variable flags instead of
hardcoding GFP_KERNEL. All the callers pass GFP_KERNEL as the gfp
flags so this doesn't affect runtime.
Fixes: b3231d353a51 ("kunit: add a convenience allocation wrapper for SKBs")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Reviewed-by: David Gow <davidgow@google.com>
Reviewed-by: Kuan-Wei Chiu <visitorckw@gmail.com>
Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/kunit/skbuff.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/kunit/skbuff.h b/include/kunit/skbuff.h
index 44d12370939a9..345e1e8f03123 100644
--- a/include/kunit/skbuff.h
+++ b/include/kunit/skbuff.h
@@ -29,7 +29,7 @@ static void kunit_action_kfree_skb(void *p)
static inline struct sk_buff *kunit_zalloc_skb(struct kunit *test, int len,
gfp_t gfp)
{
- struct sk_buff *res = alloc_skb(len, GFP_KERNEL);
+ struct sk_buff *res = alloc_skb(len, gfp);
if (!res || skb_pad(res, len))
return NULL;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 455/817] ocfs2: fix uninitialized value in ocfs2_file_read_iter()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (453 preceding siblings ...)
2024-12-03 14:40 ` [PATCH 6.11 454/817] kunit: skb: use "gfp" variable instead of hardcoding GFP_KERNEL Greg Kroah-Hartman
@ 2024-12-03 14:40 ` Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 456/817] dax: delete a stale directory pmem Greg Kroah-Hartman
` (371 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dmitry Antipov,
syzbot+a73e253cca4f0230a5a5, Mark Fasheh, Joel Becker, Junxiao Bi,
Joseph Qi, Changwei Ge, Jun Piao, Andrew Morton, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dmitry Antipov <dmantipov@yandex.ru>
[ Upstream commit adc77b19f62d7e80f98400b2fca9d700d2afdd6f ]
Syzbot has reported the following KMSAN splat:
BUG: KMSAN: uninit-value in ocfs2_file_read_iter+0x9a4/0xf80
ocfs2_file_read_iter+0x9a4/0xf80
__io_read+0x8d4/0x20f0
io_read+0x3e/0xf0
io_issue_sqe+0x42b/0x22c0
io_wq_submit_work+0xaf9/0xdc0
io_worker_handle_work+0xd13/0x2110
io_wq_worker+0x447/0x1410
ret_from_fork+0x6f/0x90
ret_from_fork_asm+0x1a/0x30
Uninit was created at:
__alloc_pages_noprof+0x9a7/0xe00
alloc_pages_mpol_noprof+0x299/0x990
alloc_pages_noprof+0x1bf/0x1e0
allocate_slab+0x33a/0x1250
___slab_alloc+0x12ef/0x35e0
kmem_cache_alloc_bulk_noprof+0x486/0x1330
__io_alloc_req_refill+0x84/0x560
io_submit_sqes+0x172f/0x2f30
__se_sys_io_uring_enter+0x406/0x41c0
__x64_sys_io_uring_enter+0x11f/0x1a0
x64_sys_call+0x2b54/0x3ba0
do_syscall_64+0xcd/0x1e0
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Since an instance of 'struct kiocb' may be passed from the block layer
with 'private' field uninitialized, introduce 'ocfs2_iocb_init_rw_locked()'
and use it from where 'ocfs2_dio_end_io()' might take care, i.e. in
'ocfs2_file_read_iter()' and 'ocfs2_file_write_iter()'.
Link: https://lkml.kernel.org/r/20241029091736.1501946-1-dmantipov@yandex.ru
Fixes: 7cdfc3a1c397 ("ocfs2: Remember rw lock level during direct io")
Signed-off-by: Dmitry Antipov <dmantipov@yandex.ru>
Reported-by: syzbot+a73e253cca4f0230a5a5@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=a73e253cca4f0230a5a5
Cc: Mark Fasheh <mark@fasheh.com>
Cc: Joel Becker <jlbec@evilplan.org>
Cc: Junxiao Bi <junxiao.bi@oracle.com>
Cc: Joseph Qi <jiangqi903@gmail.com>
Cc: Changwei Ge <gechangwei@live.cn>
Cc: Jun Piao <piaojun@huawei.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ocfs2/aops.h | 2 ++
fs/ocfs2/file.c | 4 ++++
2 files changed, 6 insertions(+)
diff --git a/fs/ocfs2/aops.h b/fs/ocfs2/aops.h
index 3a520117fa59f..a9ce7947228c8 100644
--- a/fs/ocfs2/aops.h
+++ b/fs/ocfs2/aops.h
@@ -70,6 +70,8 @@ enum ocfs2_iocb_lock_bits {
OCFS2_IOCB_NUM_LOCKS
};
+#define ocfs2_iocb_init_rw_locked(iocb) \
+ (iocb->private = NULL)
#define ocfs2_iocb_clear_rw_locked(iocb) \
clear_bit(OCFS2_IOCB_RW_LOCK, (unsigned long *)&iocb->private)
#define ocfs2_iocb_rw_locked_level(iocb) \
diff --git a/fs/ocfs2/file.c b/fs/ocfs2/file.c
index c6d0d17a759c1..f772313ccb062 100644
--- a/fs/ocfs2/file.c
+++ b/fs/ocfs2/file.c
@@ -2397,6 +2397,8 @@ static ssize_t ocfs2_file_write_iter(struct kiocb *iocb,
} else
inode_lock(inode);
+ ocfs2_iocb_init_rw_locked(iocb);
+
/*
* Concurrent O_DIRECT writes are allowed with
* mount_option "coherency=buffered".
@@ -2543,6 +2545,8 @@ static ssize_t ocfs2_file_read_iter(struct kiocb *iocb,
if (!direct_io && nowait)
return -EOPNOTSUPP;
+ ocfs2_iocb_init_rw_locked(iocb);
+
/*
* buffered reads protect themselves in ->read_folio(). O_DIRECT reads
* need locks to protect pending reads from racing with truncate.
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 456/817] dax: delete a stale directory pmem
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (454 preceding siblings ...)
2024-12-03 14:40 ` [PATCH 6.11 455/817] ocfs2: fix uninitialized value in ocfs2_file_read_iter() Greg Kroah-Hartman
@ 2024-12-03 14:40 ` Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 457/817] KVM: PPC: Book3S HV: Stop using vc->dpdes for nested KVM guests Greg Kroah-Hartman
` (370 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Vegard Nossum, Harshit Mogalapalli,
Dan Williams, Ira Weiny, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
[ Upstream commit b8e6d7ce50673c39514921ac61f7af00bbb58b87 ]
After commit: 83762cb5c7c4 ("dax: Kill DEV_DAX_PMEM_COMPAT") the pmem/
directory is not needed anymore and Makefile changes were made
accordingly in this commit, but there is a Makefile and pmem.c in pmem/
which are now stale and pmem.c is empty, remove them.
Fixes: 83762cb5c7c4 ("dax: Kill DEV_DAX_PMEM_COMPAT")
Suggested-by: Vegard Nossum <vegard.nossum@oracle.com>
Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
Reviewed-by: Dan Williams <dan.j.williams@intel.com>
Reviewed-by: Ira Weiny <ira.weiny@intel.com>
Link: https://patch.msgid.link/20241017101144.1654085-1-harshit.m.mogalapalli@oracle.com
Signed-off-by: Ira Weiny <ira.weiny@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/dax/pmem/Makefile | 7 -------
drivers/dax/pmem/pmem.c | 10 ----------
2 files changed, 17 deletions(-)
delete mode 100644 drivers/dax/pmem/Makefile
delete mode 100644 drivers/dax/pmem/pmem.c
diff --git a/drivers/dax/pmem/Makefile b/drivers/dax/pmem/Makefile
deleted file mode 100644
index 191c31f0d4f00..0000000000000
--- a/drivers/dax/pmem/Makefile
+++ /dev/null
@@ -1,7 +0,0 @@
-# SPDX-License-Identifier: GPL-2.0-only
-obj-$(CONFIG_DEV_DAX_PMEM) += dax_pmem.o
-obj-$(CONFIG_DEV_DAX_PMEM) += dax_pmem_core.o
-
-dax_pmem-y := pmem.o
-dax_pmem_core-y := core.o
-dax_pmem_compat-y := compat.o
diff --git a/drivers/dax/pmem/pmem.c b/drivers/dax/pmem/pmem.c
deleted file mode 100644
index dfe91a2990fec..0000000000000
--- a/drivers/dax/pmem/pmem.c
+++ /dev/null
@@ -1,10 +0,0 @@
-// SPDX-License-Identifier: GPL-2.0
-/* Copyright(c) 2016 - 2018 Intel Corporation. All rights reserved. */
-#include <linux/percpu-refcount.h>
-#include <linux/memremap.h>
-#include <linux/module.h>
-#include <linux/pfn_t.h>
-#include <linux/nd.h>
-#include "../bus.h"
-
-
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 457/817] KVM: PPC: Book3S HV: Stop using vc->dpdes for nested KVM guests
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (455 preceding siblings ...)
2024-12-03 14:40 ` [PATCH 6.11 456/817] dax: delete a stale directory pmem Greg Kroah-Hartman
@ 2024-12-03 14:40 ` Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 458/817] KVM: PPC: Book3S HV: Avoid returning to nested hypervisor on pending doorbells Greg Kroah-Hartman
` (369 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Gautam Menghani, Michael Ellerman,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Gautam Menghani <gautam@linux.ibm.com>
[ Upstream commit 0d3c6b28896f9889c8864dab469e0343a0ad1c0c ]
commit 6398326b9ba1 ("KVM: PPC: Book3S HV P9: Stop using vc->dpdes")
introduced an optimization to use only vcpu->doorbell_request for SMT
emulation for Power9 and above guests, but the code for nested guests
still relies on the old way of handling doorbells, due to which an L2
guest (see [1]) cannot be booted with XICS with SMT>1. The command to
repro this issue is:
// To be run in L1
qemu-system-ppc64 \
-drive file=rhel.qcow2,format=qcow2 \
-m 20G \
-smp 8,cores=1,threads=8 \
-cpu host \
-nographic \
-machine pseries,ic-mode=xics -accel kvm
Fix the plumbing to utilize vcpu->doorbell_request instead of vcore->dpdes
for nested KVM guests on P9 and above.
[1] Terminology
1. L0 : PowerNV linux running with HV privileges
2. L1 : Pseries KVM guest running on top of L0
2. L2 : Nested KVM guest running on top of L1
Fixes: 6398326b9ba1 ("KVM: PPC: Book3S HV P9: Stop using vc->dpdes")
Signed-off-by: Gautam Menghani <gautam@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://patch.msgid.link/20241109063301.105289-3-gautam@linux.ibm.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/kvm/book3s_hv.c | 9 +++++++++
arch/powerpc/kvm/book3s_hv_nested.c | 14 ++++++++++----
2 files changed, 19 insertions(+), 4 deletions(-)
diff --git a/arch/powerpc/kvm/book3s_hv.c b/arch/powerpc/kvm/book3s_hv.c
index 0ed5c5c7a350d..ccc9a8431b944 100644
--- a/arch/powerpc/kvm/book3s_hv.c
+++ b/arch/powerpc/kvm/book3s_hv.c
@@ -4303,6 +4303,15 @@ static int kvmhv_vcpu_entry_p9_nested(struct kvm_vcpu *vcpu, u64 time_limit, uns
}
hvregs.hdec_expiry = time_limit;
+ /*
+ * hvregs has the doorbell status, so zero it here which
+ * enables us to receive doorbells when H_ENTER_NESTED is
+ * in progress for this vCPU
+ */
+
+ if (vcpu->arch.doorbell_request)
+ vcpu->arch.doorbell_request = 0;
+
/*
* When setting DEC, we must always deal with irq_work_raise
* via NMI vs setting DEC. The problem occurs right as we
diff --git a/arch/powerpc/kvm/book3s_hv_nested.c b/arch/powerpc/kvm/book3s_hv_nested.c
index 05f5220960c63..125440a606ee3 100644
--- a/arch/powerpc/kvm/book3s_hv_nested.c
+++ b/arch/powerpc/kvm/book3s_hv_nested.c
@@ -32,7 +32,7 @@ void kvmhv_save_hv_regs(struct kvm_vcpu *vcpu, struct hv_guest_state *hr)
struct kvmppc_vcore *vc = vcpu->arch.vcore;
hr->pcr = vc->pcr | PCR_MASK;
- hr->dpdes = vc->dpdes;
+ hr->dpdes = vcpu->arch.doorbell_request;
hr->hfscr = vcpu->arch.hfscr;
hr->tb_offset = vc->tb_offset;
hr->dawr0 = vcpu->arch.dawr0;
@@ -105,7 +105,7 @@ static void save_hv_return_state(struct kvm_vcpu *vcpu,
{
struct kvmppc_vcore *vc = vcpu->arch.vcore;
- hr->dpdes = vc->dpdes;
+ hr->dpdes = vcpu->arch.doorbell_request;
hr->purr = vcpu->arch.purr;
hr->spurr = vcpu->arch.spurr;
hr->ic = vcpu->arch.ic;
@@ -143,7 +143,7 @@ static void restore_hv_regs(struct kvm_vcpu *vcpu, const struct hv_guest_state *
struct kvmppc_vcore *vc = vcpu->arch.vcore;
vc->pcr = hr->pcr | PCR_MASK;
- vc->dpdes = hr->dpdes;
+ vcpu->arch.doorbell_request = hr->dpdes;
vcpu->arch.hfscr = hr->hfscr;
vcpu->arch.dawr0 = hr->dawr0;
vcpu->arch.dawrx0 = hr->dawrx0;
@@ -170,7 +170,13 @@ void kvmhv_restore_hv_return_state(struct kvm_vcpu *vcpu,
{
struct kvmppc_vcore *vc = vcpu->arch.vcore;
- vc->dpdes = hr->dpdes;
+ /*
+ * This L2 vCPU might have received a doorbell while H_ENTER_NESTED was being handled.
+ * Make sure we preserve the doorbell if it was either:
+ * a) Sent after H_ENTER_NESTED was called on this vCPU (arch.doorbell_request would be 1)
+ * b) Doorbell was not handled and L2 exited for some other reason (hr->dpdes would be 1)
+ */
+ vcpu->arch.doorbell_request = vcpu->arch.doorbell_request | hr->dpdes;
vcpu->arch.hfscr = hr->hfscr;
vcpu->arch.purr = hr->purr;
vcpu->arch.spurr = hr->spurr;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 458/817] KVM: PPC: Book3S HV: Avoid returning to nested hypervisor on pending doorbells
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (456 preceding siblings ...)
2024-12-03 14:40 ` [PATCH 6.11 457/817] KVM: PPC: Book3S HV: Stop using vc->dpdes for nested KVM guests Greg Kroah-Hartman
@ 2024-12-03 14:40 ` Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 459/817] powerpc/sstep: make emulate_vsx_load and emulate_vsx_store static Greg Kroah-Hartman
` (368 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Gautam Menghani, Michael Ellerman,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Gautam Menghani <gautam@linux.ibm.com>
[ Upstream commit 26686db69917399fa30e3b3135360771e90f83ec ]
Commit 6398326b9ba1 ("KVM: PPC: Book3S HV P9: Stop using vc->dpdes")
dropped the use of vcore->dpdes for msgsndp / SMT emulation. Prior to that
commit, the below code at L1 level (see [1] for terminology) was
responsible for setting vc->dpdes for the respective L2 vCPU:
if (!nested) {
kvmppc_core_prepare_to_enter(vcpu);
if (vcpu->arch.doorbell_request) {
vc->dpdes = 1;
smp_wmb();
vcpu->arch.doorbell_request = 0;
}
L1 then sent vc->dpdes to L0 via kvmhv_save_hv_regs(), and while
servicing H_ENTER_NESTED at L0, the below condition at L0 level made sure
to abort and go back to L1 if vcpu->arch.doorbell_request = 1 so that L1
sets vc->dpdes as per above if condition:
} else if (vcpu->arch.pending_exceptions ||
vcpu->arch.doorbell_request ||
xive_interrupt_pending(vcpu)) {
vcpu->arch.ret = RESUME_HOST;
goto out;
}
This worked fine since vcpu->arch.doorbell_request was used more like a
flag and vc->dpdes was used to pass around the doorbell state. But after
Commit 6398326b9ba1 ("KVM: PPC: Book3S HV P9: Stop using vc->dpdes"),
vcpu->arch.doorbell_request is the only variable used to pass around
doorbell state.
With the plumbing for handling doorbells for nested guests updated to use
vcpu->arch.doorbell_request over vc->dpdes, the above "else if" stops
doorbells from working correctly as L0 aborts execution of L2 and
instead goes back to L1.
Remove vcpu->arch.doorbell_request from the above "else if" condition as
it is no longer needed for L0 to correctly handle the doorbell status
while running L2.
[1] Terminology
1. L0 : PowerNV linux running with HV privileges
2. L1 : Pseries KVM guest running on top of L0
2. L2 : Nested KVM guest running on top of L1
Fixes: 6398326b9ba1 ("KVM: PPC: Book3S HV P9: Stop using vc->dpdes")
Signed-off-by: Gautam Menghani <gautam@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://patch.msgid.link/20241109063301.105289-4-gautam@linux.ibm.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/kvm/book3s_hv.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/arch/powerpc/kvm/book3s_hv.c b/arch/powerpc/kvm/book3s_hv.c
index ccc9a8431b944..b0432e78fa629 100644
--- a/arch/powerpc/kvm/book3s_hv.c
+++ b/arch/powerpc/kvm/book3s_hv.c
@@ -4915,7 +4915,6 @@ int kvmhv_run_single_vcpu(struct kvm_vcpu *vcpu, u64 time_limit,
lpcr &= ~LPCR_MER;
}
} else if (vcpu->arch.pending_exceptions ||
- vcpu->arch.doorbell_request ||
xive_interrupt_pending(vcpu)) {
vcpu->arch.ret = RESUME_HOST;
goto out;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 459/817] powerpc/sstep: make emulate_vsx_load and emulate_vsx_store static
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (457 preceding siblings ...)
2024-12-03 14:40 ` [PATCH 6.11 458/817] KVM: PPC: Book3S HV: Avoid returning to nested hypervisor on pending doorbells Greg Kroah-Hartman
@ 2024-12-03 14:40 ` Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 460/817] RDMA/hns: Fix different dgids mapping to the same dip_idx Greg Kroah-Hartman
` (367 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Michal Suchanek, Michael Ellerman,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michal Suchanek <msuchanek@suse.de>
[ Upstream commit a26c4dbb3d9c1821cb0fc11cb2dbc32d5bf3463b ]
These functions are not used outside of sstep.c
Fixes: 350779a29f11 ("powerpc: Handle most loads and stores in instruction emulation code")
Signed-off-by: Michal Suchanek <msuchanek@suse.de>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://patch.msgid.link/20241001130356.14664-1-msuchanek@suse.de
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/include/asm/sstep.h | 5 -----
arch/powerpc/lib/sstep.c | 12 ++++--------
2 files changed, 4 insertions(+), 13 deletions(-)
diff --git a/arch/powerpc/include/asm/sstep.h b/arch/powerpc/include/asm/sstep.h
index 50950deedb873..e3d0e714ff280 100644
--- a/arch/powerpc/include/asm/sstep.h
+++ b/arch/powerpc/include/asm/sstep.h
@@ -173,9 +173,4 @@ int emulate_step(struct pt_regs *regs, ppc_inst_t instr);
*/
extern int emulate_loadstore(struct pt_regs *regs, struct instruction_op *op);
-extern void emulate_vsx_load(struct instruction_op *op, union vsx_reg *reg,
- const void *mem, bool cross_endian);
-extern void emulate_vsx_store(struct instruction_op *op,
- const union vsx_reg *reg, void *mem,
- bool cross_endian);
extern int emulate_dcbz(unsigned long ea, struct pt_regs *regs);
diff --git a/arch/powerpc/lib/sstep.c b/arch/powerpc/lib/sstep.c
index e65f3fb68d06b..ac3ee19531d8a 100644
--- a/arch/powerpc/lib/sstep.c
+++ b/arch/powerpc/lib/sstep.c
@@ -780,8 +780,8 @@ static nokprobe_inline int emulate_stq(struct pt_regs *regs, unsigned long ea,
#endif /* __powerpc64 */
#ifdef CONFIG_VSX
-void emulate_vsx_load(struct instruction_op *op, union vsx_reg *reg,
- const void *mem, bool rev)
+static nokprobe_inline void emulate_vsx_load(struct instruction_op *op, union vsx_reg *reg,
+ const void *mem, bool rev)
{
int size, read_size;
int i, j;
@@ -863,11 +863,9 @@ void emulate_vsx_load(struct instruction_op *op, union vsx_reg *reg,
break;
}
}
-EXPORT_SYMBOL_GPL(emulate_vsx_load);
-NOKPROBE_SYMBOL(emulate_vsx_load);
-void emulate_vsx_store(struct instruction_op *op, const union vsx_reg *reg,
- void *mem, bool rev)
+static nokprobe_inline void emulate_vsx_store(struct instruction_op *op, const union vsx_reg *reg,
+ void *mem, bool rev)
{
int size, write_size;
int i, j;
@@ -955,8 +953,6 @@ void emulate_vsx_store(struct instruction_op *op, const union vsx_reg *reg,
break;
}
}
-EXPORT_SYMBOL_GPL(emulate_vsx_store);
-NOKPROBE_SYMBOL(emulate_vsx_store);
static nokprobe_inline int do_vsx_load(struct instruction_op *op,
unsigned long ea, struct pt_regs *regs,
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 460/817] RDMA/hns: Fix different dgids mapping to the same dip_idx
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (458 preceding siblings ...)
2024-12-03 14:40 ` [PATCH 6.11 459/817] powerpc/sstep: make emulate_vsx_load and emulate_vsx_store static Greg Kroah-Hartman
@ 2024-12-03 14:40 ` Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 461/817] KVM: PPC: Book3S HV: Fix kmv -> kvm typo Greg Kroah-Hartman
` (366 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Feng Fang, Junxian Huang,
Leon Romanovsky, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Feng Fang <fangfeng4@huawei.com>
[ Upstream commit faa62440a5772b40bb7d78bf9e29556a82ecf153 ]
DIP algorithm requires a one-to-one mapping between dgid and dip_idx.
Currently a queue 'spare_idx' is used to store QPN of QPs that use
DIP algorithm. For a new dgid, use a QPN from spare_idx as dip_idx.
This method lacks a mechanism for deduplicating QPN, which may result
in different dgids sharing the same dip_idx and break the one-to-one
mapping requirement.
This patch replaces spare_idx with xarray and introduces a refcnt of
a dip_idx to indicate the number of QPs that using this dip_idx.
The state machine for dip_idx management is implemented as:
* The entry at an index in xarray is empty -- This indicates that the
corresponding dip_idx hasn't been created.
* The entry at an index in xarray is not empty but with 0 refcnt --
This indicates that the corresponding dip_idx has been created but
not used as dip_idx yet.
* The entry at an index in xarray is not empty and with non-0 refcnt --
This indicates that the corresponding dip_idx is being used by refcnt
number of DIP QPs.
Fixes: eb653eda1e91 ("RDMA/hns: Bugfix for incorrect association between dip_idx and dgid")
Fixes: f91696f2f053 ("RDMA/hns: Support congestion control type selection according to the FW")
Signed-off-by: Feng Fang <fangfeng4@huawei.com>
Signed-off-by: Junxian Huang <huangjunxian6@hisilicon.com>
Link: https://patch.msgid.link/20241112055553.3681129-1-huangjunxian6@hisilicon.com
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/hw/hns/hns_roce_device.h | 11 +--
drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 96 +++++++++++++++------
drivers/infiniband/hw/hns/hns_roce_hw_v2.h | 2 +-
drivers/infiniband/hw/hns/hns_roce_main.c | 2 -
drivers/infiniband/hw/hns/hns_roce_qp.c | 8 +-
5 files changed, 75 insertions(+), 44 deletions(-)
diff --git a/drivers/infiniband/hw/hns/hns_roce_device.h b/drivers/infiniband/hw/hns/hns_roce_device.h
index 9b51d5a1533f5..560a1d9de408f 100644
--- a/drivers/infiniband/hw/hns/hns_roce_device.h
+++ b/drivers/infiniband/hw/hns/hns_roce_device.h
@@ -489,12 +489,6 @@ struct hns_roce_bank {
u32 next; /* Next ID to allocate. */
};
-struct hns_roce_idx_table {
- u32 *spare_idx;
- u32 head;
- u32 tail;
-};
-
struct hns_roce_qp_table {
struct hns_roce_hem_table qp_table;
struct hns_roce_hem_table irrl_table;
@@ -503,7 +497,7 @@ struct hns_roce_qp_table {
struct mutex scc_mutex;
struct hns_roce_bank bank[HNS_ROCE_QP_BANK_NUM];
struct mutex bank_mutex;
- struct hns_roce_idx_table idx_table;
+ struct xarray dip_xa;
};
struct hns_roce_cq_table {
@@ -658,6 +652,7 @@ struct hns_roce_qp {
u8 tc_mode;
u8 priority;
spinlock_t flush_lock;
+ struct hns_roce_dip *dip;
};
struct hns_roce_ib_iboe {
@@ -984,8 +979,6 @@ struct hns_roce_dev {
enum hns_roce_device_state state;
struct list_head qp_list; /* list of all qps on this dev */
spinlock_t qp_list_lock; /* protect qp_list */
- struct list_head dip_list; /* list of all dest ips on this dev */
- spinlock_t dip_list_lock; /* protect dip_list */
struct list_head pgdir_list;
struct mutex pgdir_mutex;
diff --git a/drivers/infiniband/hw/hns/hns_roce_hw_v2.c b/drivers/infiniband/hw/hns/hns_roce_hw_v2.c
index 707e96ce222c5..697b17cca02e7 100644
--- a/drivers/infiniband/hw/hns/hns_roce_hw_v2.c
+++ b/drivers/infiniband/hw/hns/hns_roce_hw_v2.c
@@ -2553,20 +2553,19 @@ static void hns_roce_free_link_table(struct hns_roce_dev *hr_dev)
free_link_table_buf(hr_dev, &priv->ext_llm);
}
-static void free_dip_list(struct hns_roce_dev *hr_dev)
+static void free_dip_entry(struct hns_roce_dev *hr_dev)
{
struct hns_roce_dip *hr_dip;
- struct hns_roce_dip *tmp;
- unsigned long flags;
+ unsigned long idx;
- spin_lock_irqsave(&hr_dev->dip_list_lock, flags);
+ xa_lock(&hr_dev->qp_table.dip_xa);
- list_for_each_entry_safe(hr_dip, tmp, &hr_dev->dip_list, node) {
- list_del(&hr_dip->node);
+ xa_for_each(&hr_dev->qp_table.dip_xa, idx, hr_dip) {
+ __xa_erase(&hr_dev->qp_table.dip_xa, hr_dip->dip_idx);
kfree(hr_dip);
}
- spin_unlock_irqrestore(&hr_dev->dip_list_lock, flags);
+ xa_unlock(&hr_dev->qp_table.dip_xa);
}
static struct ib_pd *free_mr_init_pd(struct hns_roce_dev *hr_dev)
@@ -2974,7 +2973,7 @@ static void hns_roce_v2_exit(struct hns_roce_dev *hr_dev)
hns_roce_free_link_table(hr_dev);
if (hr_dev->pci_dev->revision == PCI_REVISION_ID_HIP09)
- free_dip_list(hr_dev);
+ free_dip_entry(hr_dev);
}
static int hns_roce_mbox_post(struct hns_roce_dev *hr_dev,
@@ -4694,26 +4693,49 @@ static int modify_qp_rtr_to_rts(struct ib_qp *ibqp, int attr_mask,
return 0;
}
+static int alloc_dip_entry(struct xarray *dip_xa, u32 qpn)
+{
+ struct hns_roce_dip *hr_dip;
+ int ret;
+
+ hr_dip = xa_load(dip_xa, qpn);
+ if (hr_dip)
+ return 0;
+
+ hr_dip = kzalloc(sizeof(*hr_dip), GFP_KERNEL);
+ if (!hr_dip)
+ return -ENOMEM;
+
+ ret = xa_err(xa_store(dip_xa, qpn, hr_dip, GFP_KERNEL));
+ if (ret)
+ kfree(hr_dip);
+
+ return ret;
+}
+
static int get_dip_ctx_idx(struct ib_qp *ibqp, const struct ib_qp_attr *attr,
u32 *dip_idx)
{
const struct ib_global_route *grh = rdma_ah_read_grh(&attr->ah_attr);
struct hns_roce_dev *hr_dev = to_hr_dev(ibqp->device);
- u32 *spare_idx = hr_dev->qp_table.idx_table.spare_idx;
- u32 *head = &hr_dev->qp_table.idx_table.head;
- u32 *tail = &hr_dev->qp_table.idx_table.tail;
+ struct xarray *dip_xa = &hr_dev->qp_table.dip_xa;
+ struct hns_roce_qp *hr_qp = to_hr_qp(ibqp);
struct hns_roce_dip *hr_dip;
- unsigned long flags;
+ unsigned long idx;
int ret = 0;
- spin_lock_irqsave(&hr_dev->dip_list_lock, flags);
+ ret = alloc_dip_entry(dip_xa, ibqp->qp_num);
+ if (ret)
+ return ret;
- spare_idx[*tail] = ibqp->qp_num;
- *tail = (*tail == hr_dev->caps.num_qps - 1) ? 0 : (*tail + 1);
+ xa_lock(dip_xa);
- list_for_each_entry(hr_dip, &hr_dev->dip_list, node) {
- if (!memcmp(grh->dgid.raw, hr_dip->dgid, GID_LEN_V2)) {
+ xa_for_each(dip_xa, idx, hr_dip) {
+ if (hr_dip->qp_cnt &&
+ !memcmp(grh->dgid.raw, hr_dip->dgid, GID_LEN_V2)) {
*dip_idx = hr_dip->dip_idx;
+ hr_dip->qp_cnt++;
+ hr_qp->dip = hr_dip;
goto out;
}
}
@@ -4721,19 +4743,24 @@ static int get_dip_ctx_idx(struct ib_qp *ibqp, const struct ib_qp_attr *attr,
/* If no dgid is found, a new dip and a mapping between dgid and
* dip_idx will be created.
*/
- hr_dip = kzalloc(sizeof(*hr_dip), GFP_ATOMIC);
- if (!hr_dip) {
- ret = -ENOMEM;
- goto out;
+ xa_for_each(dip_xa, idx, hr_dip) {
+ if (hr_dip->qp_cnt)
+ continue;
+
+ *dip_idx = idx;
+ memcpy(hr_dip->dgid, grh->dgid.raw, sizeof(grh->dgid.raw));
+ hr_dip->dip_idx = idx;
+ hr_dip->qp_cnt++;
+ hr_qp->dip = hr_dip;
+ break;
}
- memcpy(hr_dip->dgid, grh->dgid.raw, sizeof(grh->dgid.raw));
- hr_dip->dip_idx = *dip_idx = spare_idx[*head];
- *head = (*head == hr_dev->caps.num_qps - 1) ? 0 : (*head + 1);
- list_add_tail(&hr_dip->node, &hr_dev->dip_list);
+ /* This should never happen. */
+ if (WARN_ON_ONCE(!hr_qp->dip))
+ ret = -ENOSPC;
out:
- spin_unlock_irqrestore(&hr_dev->dip_list_lock, flags);
+ xa_unlock(dip_xa);
return ret;
}
@@ -5587,6 +5614,20 @@ static int hns_roce_v2_destroy_qp_common(struct hns_roce_dev *hr_dev,
return ret;
}
+static void put_dip_ctx_idx(struct hns_roce_dev *hr_dev,
+ struct hns_roce_qp *hr_qp)
+{
+ struct hns_roce_dip *hr_dip = hr_qp->dip;
+
+ xa_lock(&hr_dev->qp_table.dip_xa);
+
+ hr_dip->qp_cnt--;
+ if (!hr_dip->qp_cnt)
+ memset(hr_dip->dgid, 0, GID_LEN_V2);
+
+ xa_unlock(&hr_dev->qp_table.dip_xa);
+}
+
int hns_roce_v2_destroy_qp(struct ib_qp *ibqp, struct ib_udata *udata)
{
struct hns_roce_dev *hr_dev = to_hr_dev(ibqp->device);
@@ -5600,6 +5641,9 @@ int hns_roce_v2_destroy_qp(struct ib_qp *ibqp, struct ib_udata *udata)
spin_unlock_irqrestore(&hr_qp->flush_lock, flags);
flush_work(&hr_qp->flush_work.work);
+ if (hr_qp->cong_type == CONG_TYPE_DIP)
+ put_dip_ctx_idx(hr_dev, hr_qp);
+
ret = hns_roce_v2_destroy_qp_common(hr_dev, hr_qp, udata);
if (ret)
ibdev_err_ratelimited(&hr_dev->ib_dev,
diff --git a/drivers/infiniband/hw/hns/hns_roce_hw_v2.h b/drivers/infiniband/hw/hns/hns_roce_hw_v2.h
index dedb1853e193e..cbdbc9edbce6e 100644
--- a/drivers/infiniband/hw/hns/hns_roce_hw_v2.h
+++ b/drivers/infiniband/hw/hns/hns_roce_hw_v2.h
@@ -1348,7 +1348,7 @@ struct hns_roce_v2_priv {
struct hns_roce_dip {
u8 dgid[GID_LEN_V2];
u32 dip_idx;
- struct list_head node; /* all dips are on a list */
+ u32 qp_cnt;
};
struct fmea_ram_ecc {
diff --git a/drivers/infiniband/hw/hns/hns_roce_main.c b/drivers/infiniband/hw/hns/hns_roce_main.c
index 49315f39361de..ae24c81c9812d 100644
--- a/drivers/infiniband/hw/hns/hns_roce_main.c
+++ b/drivers/infiniband/hw/hns/hns_roce_main.c
@@ -1135,8 +1135,6 @@ int hns_roce_init(struct hns_roce_dev *hr_dev)
INIT_LIST_HEAD(&hr_dev->qp_list);
spin_lock_init(&hr_dev->qp_list_lock);
- INIT_LIST_HEAD(&hr_dev->dip_list);
- spin_lock_init(&hr_dev->dip_list_lock);
ret = hns_roce_register_device(hr_dev);
if (ret)
diff --git a/drivers/infiniband/hw/hns/hns_roce_qp.c b/drivers/infiniband/hw/hns/hns_roce_qp.c
index 2ad03ecdbf8ec..9e2e76c594063 100644
--- a/drivers/infiniband/hw/hns/hns_roce_qp.c
+++ b/drivers/infiniband/hw/hns/hns_roce_qp.c
@@ -1573,14 +1573,10 @@ int hns_roce_init_qp_table(struct hns_roce_dev *hr_dev)
unsigned int reserved_from_bot;
unsigned int i;
- qp_table->idx_table.spare_idx = kcalloc(hr_dev->caps.num_qps,
- sizeof(u32), GFP_KERNEL);
- if (!qp_table->idx_table.spare_idx)
- return -ENOMEM;
-
mutex_init(&qp_table->scc_mutex);
mutex_init(&qp_table->bank_mutex);
xa_init(&hr_dev->qp_table_xa);
+ xa_init(&qp_table->dip_xa);
reserved_from_bot = hr_dev->caps.reserved_qps;
@@ -1605,7 +1601,7 @@ void hns_roce_cleanup_qp_table(struct hns_roce_dev *hr_dev)
for (i = 0; i < HNS_ROCE_QP_BANK_NUM; i++)
ida_destroy(&hr_dev->qp_table.bank[i].ida);
+ xa_destroy(&hr_dev->qp_table.dip_xa);
mutex_destroy(&hr_dev->qp_table.bank_mutex);
mutex_destroy(&hr_dev->qp_table.scc_mutex);
- kfree(hr_dev->qp_table.idx_table.spare_idx);
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 461/817] KVM: PPC: Book3S HV: Fix kmv -> kvm typo
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (459 preceding siblings ...)
2024-12-03 14:40 ` [PATCH 6.11 460/817] RDMA/hns: Fix different dgids mapping to the same dip_idx Greg Kroah-Hartman
@ 2024-12-03 14:40 ` Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 462/817] powerpc/kexec: Fix return of uninitialized variable Greg Kroah-Hartman
` (365 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Madhavan Srinivasan,
Ritesh Harjani (IBM), Amit Machhiwal, Kajol Jain,
Michael Ellerman, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kajol Jain <kjain@linux.ibm.com>
[ Upstream commit 590d2f9347f7974d7954400e5d937672fd844a8b ]
Fix typo in the following kvm function names from:
kmvhv_counters_tracepoint_regfunc -> kvmhv_counters_tracepoint_regfunc
kmvhv_counters_tracepoint_unregfunc -> kvmhv_counters_tracepoint_unregfunc
Fixes: e1f288d2f9c6 ("KVM: PPC: Book3S HV nestedv2: Add support for reading VPA counters for pseries guests")
Reported-by: Madhavan Srinivasan <maddy@linux.ibm.com>
Reviewed-by: Ritesh Harjani (IBM) <ritesh.list@gmail.com>
Reviewed-by: Amit Machhiwal <amachhiw@linux.ibm.com>
Signed-off-by: Kajol Jain <kjain@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://patch.msgid.link/20241114085020.1147912-1-kjain@linux.ibm.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/include/asm/kvm_book3s_64.h | 4 ++--
arch/powerpc/kvm/book3s_hv.c | 4 ++--
arch/powerpc/kvm/trace_hv.h | 2 +-
3 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/arch/powerpc/include/asm/kvm_book3s_64.h b/arch/powerpc/include/asm/kvm_book3s_64.h
index 2ef9a5f4e5d14..11065313d4c12 100644
--- a/arch/powerpc/include/asm/kvm_book3s_64.h
+++ b/arch/powerpc/include/asm/kvm_book3s_64.h
@@ -684,8 +684,8 @@ int kvmhv_nestedv2_set_ptbl_entry(unsigned long lpid, u64 dw0, u64 dw1);
int kvmhv_nestedv2_parse_output(struct kvm_vcpu *vcpu);
int kvmhv_nestedv2_set_vpa(struct kvm_vcpu *vcpu, unsigned long vpa);
-int kmvhv_counters_tracepoint_regfunc(void);
-void kmvhv_counters_tracepoint_unregfunc(void);
+int kvmhv_counters_tracepoint_regfunc(void);
+void kvmhv_counters_tracepoint_unregfunc(void);
int kvmhv_get_l2_counters_status(void);
void kvmhv_set_l2_counters_status(int cpu, bool status);
diff --git a/arch/powerpc/kvm/book3s_hv.c b/arch/powerpc/kvm/book3s_hv.c
index b0432e78fa629..45b24706f7512 100644
--- a/arch/powerpc/kvm/book3s_hv.c
+++ b/arch/powerpc/kvm/book3s_hv.c
@@ -4148,7 +4148,7 @@ void kvmhv_set_l2_counters_status(int cpu, bool status)
lppaca_of(cpu).l2_counters_enable = 0;
}
-int kmvhv_counters_tracepoint_regfunc(void)
+int kvmhv_counters_tracepoint_regfunc(void)
{
int cpu;
@@ -4158,7 +4158,7 @@ int kmvhv_counters_tracepoint_regfunc(void)
return 0;
}
-void kmvhv_counters_tracepoint_unregfunc(void)
+void kvmhv_counters_tracepoint_unregfunc(void)
{
int cpu;
diff --git a/arch/powerpc/kvm/trace_hv.h b/arch/powerpc/kvm/trace_hv.h
index 77ebc724e6cdf..35fccaa575cc1 100644
--- a/arch/powerpc/kvm/trace_hv.h
+++ b/arch/powerpc/kvm/trace_hv.h
@@ -538,7 +538,7 @@ TRACE_EVENT_FN_COND(kvmppc_vcpu_stats,
TP_printk("VCPU %d: l1_to_l2_cs_time=%llu ns l2_to_l1_cs_time=%llu ns l2_runtime=%llu ns",
__entry->vcpu_id, __entry->l1_to_l2_cs,
__entry->l2_to_l1_cs, __entry->l2_runtime),
- kmvhv_counters_tracepoint_regfunc, kmvhv_counters_tracepoint_unregfunc
+ kvmhv_counters_tracepoint_regfunc, kvmhv_counters_tracepoint_unregfunc
);
#endif
#endif /* _TRACE_KVM_HV_H */
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 462/817] powerpc/kexec: Fix return of uninitialized variable
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (460 preceding siblings ...)
2024-12-03 14:40 ` [PATCH 6.11 461/817] KVM: PPC: Book3S HV: Fix kmv -> kvm typo Greg Kroah-Hartman
@ 2024-12-03 14:40 ` Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 463/817] fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem() Greg Kroah-Hartman
` (364 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhang Zekun, Michael Ellerman,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zhang Zekun <zhangzekun11@huawei.com>
[ Upstream commit 83b5a407fbb73e6965adfb4bd0a803724bf87f96 ]
of_property_read_u64() can fail and leave the variable uninitialized,
which will then be used. Return error if reading the property failed.
Fixes: 2e6bd221d96f ("powerpc/kexec_file: Enable early kernel OPAL calls")
Signed-off-by: Zhang Zekun <zhangzekun11@huawei.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://patch.msgid.link/20240930075628.125138-1-zhangzekun11@huawei.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/kexec/file_load_64.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/arch/powerpc/kexec/file_load_64.c b/arch/powerpc/kexec/file_load_64.c
index 9738adabeb1fe..dc65c13911577 100644
--- a/arch/powerpc/kexec/file_load_64.c
+++ b/arch/powerpc/kexec/file_load_64.c
@@ -736,13 +736,18 @@ int setup_purgatory_ppc64(struct kimage *image, const void *slave_code,
if (dn) {
u64 val;
- of_property_read_u64(dn, "opal-base-address", &val);
+ ret = of_property_read_u64(dn, "opal-base-address", &val);
+ if (ret)
+ goto out;
+
ret = kexec_purgatory_get_set_symbol(image, "opal_base", &val,
sizeof(val), false);
if (ret)
goto out;
- of_property_read_u64(dn, "opal-entry-address", &val);
+ ret = of_property_read_u64(dn, "opal-entry-address", &val);
+ if (ret)
+ goto out;
ret = kexec_purgatory_get_set_symbol(image, "opal_entry", &val,
sizeof(val), false);
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 463/817] fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (461 preceding siblings ...)
2024-12-03 14:40 ` [PATCH 6.11 462/817] powerpc/kexec: Fix return of uninitialized variable Greg Kroah-Hartman
@ 2024-12-03 14:40 ` Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 464/817] RDMA/mlx5: Move events notifier registration to be after device registration Greg Kroah-Hartman
` (363 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhen Lei, Dmitry Baryshkov,
Helge Deller, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zhen Lei <thunder.leizhen@huawei.com>
[ Upstream commit f89d17ae2ac42931be2a0153fecbf8533280c927 ]
When information such as info->screen_base is not ready, calling
sh7760fb_free_mem() does not release memory correctly. Call
dma_free_coherent() instead.
Fixes: 4a25e41831ee ("video: sh7760fb: SH7760/SH7763 LCDC framebuffer driver")
Signed-off-by: Zhen Lei <thunder.leizhen@huawei.com>
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/video/fbdev/sh7760fb.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/video/fbdev/sh7760fb.c b/drivers/video/fbdev/sh7760fb.c
index 08a4943dc5418..d0ee5fec647ad 100644
--- a/drivers/video/fbdev/sh7760fb.c
+++ b/drivers/video/fbdev/sh7760fb.c
@@ -409,12 +409,11 @@ static int sh7760fb_alloc_mem(struct fb_info *info)
vram = PAGE_SIZE;
fbmem = dma_alloc_coherent(info->device, vram, &par->fbdma, GFP_KERNEL);
-
if (!fbmem)
return -ENOMEM;
if ((par->fbdma & SH7760FB_DMA_MASK) != SH7760FB_DMA_MASK) {
- sh7760fb_free_mem(info);
+ dma_free_coherent(info->device, vram, fbmem, par->fbdma);
dev_err(info->device, "kernel gave me memory at 0x%08lx, which is"
"unusable for the LCDC\n", (unsigned long)par->fbdma);
return -ENOMEM;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 464/817] RDMA/mlx5: Move events notifier registration to be after device registration
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (462 preceding siblings ...)
2024-12-03 14:40 ` [PATCH 6.11 463/817] fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem() Greg Kroah-Hartman
@ 2024-12-03 14:40 ` Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 465/817] clk: clk-apple-nco: Add NULL check in applnco_probe Greg Kroah-Hartman
` (362 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Patrisious Haddad, Michael Guralnik,
Leon Romanovsky, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Patrisious Haddad <phaddad@nvidia.com>
[ Upstream commit ede132a5cf559f3ab35a4c28bac4f4a6c20334d8 ]
Move pkey change work initialization and cleanup from device resources
stage to notifier stage, since this is the stage which handles this work
events.
Fix a race between the device deregistration and pkey change work by moving
MLX5_IB_STAGE_DEVICE_NOTIFIER to be after MLX5_IB_STAGE_IB_REG in order to
ensure that the notifier is deregistered before the device during cleanup.
Which ensures there are no works that are being executed after the
device has already unregistered which can cause the panic below.
BUG: kernel NULL pointer dereference, address: 0000000000000000
PGD 0 P4D 0
Oops: 0000 [#1] PREEMPT SMP PTI
CPU: 1 PID: 630071 Comm: kworker/1:2 Kdump: loaded Tainted: G W OE --------- --- 5.14.0-162.6.1.el9_1.x86_64 #1
Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS 090008 02/27/2023
Workqueue: events pkey_change_handler [mlx5_ib]
RIP: 0010:setup_qp+0x38/0x1f0 [mlx5_ib]
Code: ee 41 54 45 31 e4 55 89 f5 53 48 89 fb 48 83 ec 20 8b 77 08 65 48 8b 04 25 28 00 00 00 48 89 44 24 18 48 8b 07 48 8d 4c 24 16 <4c> 8b 38 49 8b 87 80 0b 00 00 4c 89 ff 48 8b 80 08 05 00 00 8b 40
RSP: 0018:ffffbcc54068be20 EFLAGS: 00010282
RAX: 0000000000000000 RBX: ffff954054494128 RCX: ffffbcc54068be36
RDX: ffff954004934000 RSI: 0000000000000001 RDI: ffff954054494128
RBP: 0000000000000023 R08: ffff954001be2c20 R09: 0000000000000001
R10: ffff954001be2c20 R11: ffff9540260133c0 R12: 0000000000000000
R13: 0000000000000023 R14: 0000000000000000 R15: ffff9540ffcb0905
FS: 0000000000000000(0000) GS:ffff9540ffc80000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 000000010625c001 CR4: 00000000003706e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
mlx5_ib_gsi_pkey_change+0x20/0x40 [mlx5_ib]
process_one_work+0x1e8/0x3c0
worker_thread+0x50/0x3b0
? rescuer_thread+0x380/0x380
kthread+0x149/0x170
? set_kthread_struct+0x50/0x50
ret_from_fork+0x22/0x30
Modules linked in: rdma_ucm(OE) rdma_cm(OE) iw_cm(OE) ib_ipoib(OE) ib_cm(OE) ib_umad(OE) mlx5_ib(OE) mlx5_fwctl(OE) fwctl(OE) ib_uverbs(OE) mlx5_core(OE) mlxdevm(OE) ib_core(OE) mlx_compat(OE) psample mlxfw(OE) tls knem(OE) netconsole nfsv3 nfs_acl nfs lockd grace fscache netfs qrtr rfkill sunrpc intel_rapl_msr intel_rapl_common rapl hv_balloon hv_utils i2c_piix4 pcspkr joydev fuse ext4 mbcache jbd2 sr_mod sd_mod cdrom t10_pi sg ata_generic pci_hyperv pci_hyperv_intf hyperv_drm drm_shmem_helper drm_kms_helper hv_storvsc syscopyarea hv_netvsc sysfillrect sysimgblt hid_hyperv fb_sys_fops scsi_transport_fc hyperv_keyboard drm ata_piix crct10dif_pclmul crc32_pclmul crc32c_intel libata ghash_clmulni_intel hv_vmbus serio_raw [last unloaded: ib_core]
CR2: 0000000000000000
---[ end trace f6f8be4eae12f7bc ]---
Fixes: 7722f47e71e5 ("IB/mlx5: Create GSI transmission QPs when P_Key table is changed")
Signed-off-by: Patrisious Haddad <phaddad@nvidia.com>
Reviewed-by: Michael Guralnik <michaelgur@nvidia.com>
Link: https://patch.msgid.link/d271ceeff0c08431b3cbbbb3e2d416f09b6d1621.1731496944.git.leon@kernel.org
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/hw/mlx5/main.c | 40 +++++++++++++---------------
drivers/infiniband/hw/mlx5/mlx5_ib.h | 2 +-
2 files changed, 20 insertions(+), 22 deletions(-)
diff --git a/drivers/infiniband/hw/mlx5/main.c b/drivers/infiniband/hw/mlx5/main.c
index 5926fd07a6021..a7e5daeaacc7e 100644
--- a/drivers/infiniband/hw/mlx5/main.c
+++ b/drivers/infiniband/hw/mlx5/main.c
@@ -2968,7 +2968,6 @@ int mlx5_ib_dev_res_srq_init(struct mlx5_ib_dev *dev)
static int mlx5_ib_dev_res_init(struct mlx5_ib_dev *dev)
{
struct mlx5_ib_resources *devr = &dev->devr;
- int port;
int ret;
if (!MLX5_CAP_GEN(dev->mdev, xrc))
@@ -2984,10 +2983,6 @@ static int mlx5_ib_dev_res_init(struct mlx5_ib_dev *dev)
return ret;
}
- for (port = 0; port < ARRAY_SIZE(devr->ports); ++port)
- INIT_WORK(&devr->ports[port].pkey_change_work,
- pkey_change_handler);
-
mutex_init(&devr->cq_lock);
mutex_init(&devr->srq_lock);
@@ -2997,16 +2992,6 @@ static int mlx5_ib_dev_res_init(struct mlx5_ib_dev *dev)
static void mlx5_ib_dev_res_cleanup(struct mlx5_ib_dev *dev)
{
struct mlx5_ib_resources *devr = &dev->devr;
- int port;
-
- /*
- * Make sure no change P_Key work items are still executing.
- *
- * At this stage, the mlx5_ib_event should be unregistered
- * and it ensures that no new works are added.
- */
- for (port = 0; port < ARRAY_SIZE(devr->ports); ++port)
- cancel_work_sync(&devr->ports[port].pkey_change_work);
/* After s0/s1 init, they are not unset during the device lifetime. */
if (devr->s1) {
@@ -4279,6 +4264,13 @@ static void mlx5_ib_stage_delay_drop_cleanup(struct mlx5_ib_dev *dev)
static int mlx5_ib_stage_dev_notifier_init(struct mlx5_ib_dev *dev)
{
+ struct mlx5_ib_resources *devr = &dev->devr;
+ int port;
+
+ for (port = 0; port < ARRAY_SIZE(devr->ports); ++port)
+ INIT_WORK(&devr->ports[port].pkey_change_work,
+ pkey_change_handler);
+
dev->mdev_events.notifier_call = mlx5_ib_event;
mlx5_notifier_register(dev->mdev, &dev->mdev_events);
@@ -4289,8 +4281,14 @@ static int mlx5_ib_stage_dev_notifier_init(struct mlx5_ib_dev *dev)
static void mlx5_ib_stage_dev_notifier_cleanup(struct mlx5_ib_dev *dev)
{
+ struct mlx5_ib_resources *devr = &dev->devr;
+ int port;
+
mlx5r_macsec_event_unregister(dev);
mlx5_notifier_unregister(dev->mdev, &dev->mdev_events);
+
+ for (port = 0; port < ARRAY_SIZE(devr->ports); ++port)
+ cancel_work_sync(&devr->ports[port].pkey_change_work);
}
void __mlx5_ib_remove(struct mlx5_ib_dev *dev,
@@ -4364,9 +4362,6 @@ static const struct mlx5_ib_profile pf_profile = {
STAGE_CREATE(MLX5_IB_STAGE_DEVICE_RESOURCES,
mlx5_ib_dev_res_init,
mlx5_ib_dev_res_cleanup),
- STAGE_CREATE(MLX5_IB_STAGE_DEVICE_NOTIFIER,
- mlx5_ib_stage_dev_notifier_init,
- mlx5_ib_stage_dev_notifier_cleanup),
STAGE_CREATE(MLX5_IB_STAGE_ODP,
mlx5_ib_odp_init_one,
mlx5_ib_odp_cleanup_one),
@@ -4391,6 +4386,9 @@ static const struct mlx5_ib_profile pf_profile = {
STAGE_CREATE(MLX5_IB_STAGE_IB_REG,
mlx5_ib_stage_ib_reg_init,
mlx5_ib_stage_ib_reg_cleanup),
+ STAGE_CREATE(MLX5_IB_STAGE_DEVICE_NOTIFIER,
+ mlx5_ib_stage_dev_notifier_init,
+ mlx5_ib_stage_dev_notifier_cleanup),
STAGE_CREATE(MLX5_IB_STAGE_POST_IB_REG_UMR,
mlx5_ib_stage_post_ib_reg_umr_init,
NULL),
@@ -4427,9 +4425,6 @@ const struct mlx5_ib_profile raw_eth_profile = {
STAGE_CREATE(MLX5_IB_STAGE_DEVICE_RESOURCES,
mlx5_ib_dev_res_init,
mlx5_ib_dev_res_cleanup),
- STAGE_CREATE(MLX5_IB_STAGE_DEVICE_NOTIFIER,
- mlx5_ib_stage_dev_notifier_init,
- mlx5_ib_stage_dev_notifier_cleanup),
STAGE_CREATE(MLX5_IB_STAGE_COUNTERS,
mlx5_ib_counters_init,
mlx5_ib_counters_cleanup),
@@ -4451,6 +4446,9 @@ const struct mlx5_ib_profile raw_eth_profile = {
STAGE_CREATE(MLX5_IB_STAGE_IB_REG,
mlx5_ib_stage_ib_reg_init,
mlx5_ib_stage_ib_reg_cleanup),
+ STAGE_CREATE(MLX5_IB_STAGE_DEVICE_NOTIFIER,
+ mlx5_ib_stage_dev_notifier_init,
+ mlx5_ib_stage_dev_notifier_cleanup),
STAGE_CREATE(MLX5_IB_STAGE_POST_IB_REG_UMR,
mlx5_ib_stage_post_ib_reg_umr_init,
NULL),
diff --git a/drivers/infiniband/hw/mlx5/mlx5_ib.h b/drivers/infiniband/hw/mlx5/mlx5_ib.h
index 85118b7cb63db..8e25afe36390a 100644
--- a/drivers/infiniband/hw/mlx5/mlx5_ib.h
+++ b/drivers/infiniband/hw/mlx5/mlx5_ib.h
@@ -971,7 +971,6 @@ enum mlx5_ib_stages {
MLX5_IB_STAGE_QP,
MLX5_IB_STAGE_SRQ,
MLX5_IB_STAGE_DEVICE_RESOURCES,
- MLX5_IB_STAGE_DEVICE_NOTIFIER,
MLX5_IB_STAGE_ODP,
MLX5_IB_STAGE_COUNTERS,
MLX5_IB_STAGE_CONG_DEBUGFS,
@@ -980,6 +979,7 @@ enum mlx5_ib_stages {
MLX5_IB_STAGE_PRE_IB_REG_UMR,
MLX5_IB_STAGE_WHITELIST_UID,
MLX5_IB_STAGE_IB_REG,
+ MLX5_IB_STAGE_DEVICE_NOTIFIER,
MLX5_IB_STAGE_POST_IB_REG_UMR,
MLX5_IB_STAGE_DELAY_DROP,
MLX5_IB_STAGE_RESTRACK,
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 465/817] clk: clk-apple-nco: Add NULL check in applnco_probe
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (463 preceding siblings ...)
2024-12-03 14:40 ` [PATCH 6.11 464/817] RDMA/mlx5: Move events notifier registration to be after device registration Greg Kroah-Hartman
@ 2024-12-03 14:40 ` Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 466/817] clk: ralink: mtmips: fix clock plan for Ralink SoC RT3883 Greg Kroah-Hartman
` (361 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Charles Han, Martin Povišer,
Stephen Boyd, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Charles Han <hanchunchao@inspur.com>
[ Upstream commit 969c765e2b508cca9099d246c010a1e48dcfd089 ]
Add NULL check in applnco_probe, to handle kernel NULL pointer
dereference error.
Fixes: 6641057d5dba ("clk: clk-apple-nco: Add driver for Apple NCO")
Signed-off-by: Charles Han <hanchunchao@inspur.com>
Link: https://lore.kernel.org/r/20241114072820.3071-1-hanchunchao@inspur.com
Reviewed-by: Martin Povišer <povik+lin@cutebit.org>
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/clk-apple-nco.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/clk/clk-apple-nco.c b/drivers/clk/clk-apple-nco.c
index 39472a51530a3..457a48d489412 100644
--- a/drivers/clk/clk-apple-nco.c
+++ b/drivers/clk/clk-apple-nco.c
@@ -297,6 +297,9 @@ static int applnco_probe(struct platform_device *pdev)
memset(&init, 0, sizeof(init));
init.name = devm_kasprintf(&pdev->dev, GFP_KERNEL,
"%s-%d", np->name, i);
+ if (!init.name)
+ return -ENOMEM;
+
init.ops = &applnco_ops;
init.parent_data = &pdata;
init.num_parents = 1;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 466/817] clk: ralink: mtmips: fix clock plan for Ralink SoC RT3883
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (464 preceding siblings ...)
2024-12-03 14:40 ` [PATCH 6.11 465/817] clk: clk-apple-nco: Add NULL check in applnco_probe Greg Kroah-Hartman
@ 2024-12-03 14:40 ` Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 467/817] clk: ralink: mtmips: fix clocks probe order in oldest ralink SoCs Greg Kroah-Hartman
` (360 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Sergio Paracuellos, Stephen Boyd,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sergio Paracuellos <sergio.paracuellos@gmail.com>
[ Upstream commit 33239152305567b3e9bf052f71fd4baecd626341 ]
Clock plan for Ralink SoC RT3883 needs an extra 'periph' clock to properly
set some peripherals that has this clock as their parent. When this driver
was mainlined we could not find any active users of this SoC so we cannot
perform any real tests for it. Now, one user of a Belkin f9k1109 version 1
device which uses this SoC appear and reported some issues in openWRT:
- https://github.com/openwrt/openwrt/issues/16054
The peripherals that are wrong are 'uart', 'i2c', 'i2s' and 'uartlite' which
has a not defined 'periph' clock as parent. Hence, introduce it to have a
properly working clock plan for this SoC.
Fixes: 6f3b15586eef ("clk: ralink: add clock and reset driver for MTMIPS SoCs")
Signed-off-by: Sergio Paracuellos <sergio.paracuellos@gmail.com>
Link: https://lore.kernel.org/r/20240910044024.120009-2-sergio.paracuellos@gmail.com
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/ralink/clk-mtmips.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/drivers/clk/ralink/clk-mtmips.c b/drivers/clk/ralink/clk-mtmips.c
index 50a443bf79ecd..62f9801ecd3a4 100644
--- a/drivers/clk/ralink/clk-mtmips.c
+++ b/drivers/clk/ralink/clk-mtmips.c
@@ -267,6 +267,11 @@ static struct mtmips_clk_fixed rt305x_fixed_clocks[] = {
CLK_FIXED("xtal", NULL, 40000000)
};
+static struct mtmips_clk_fixed rt3883_fixed_clocks[] = {
+ CLK_FIXED("xtal", NULL, 40000000),
+ CLK_FIXED("periph", "xtal", 40000000)
+};
+
static struct mtmips_clk_fixed rt3352_fixed_clocks[] = {
CLK_FIXED("periph", "xtal", 40000000)
};
@@ -779,8 +784,8 @@ static const struct mtmips_clk_data rt3352_clk_data = {
static const struct mtmips_clk_data rt3883_clk_data = {
.clk_base = rt3883_clks_base,
.num_clk_base = ARRAY_SIZE(rt3883_clks_base),
- .clk_fixed = rt305x_fixed_clocks,
- .num_clk_fixed = ARRAY_SIZE(rt305x_fixed_clocks),
+ .clk_fixed = rt3883_fixed_clocks,
+ .num_clk_fixed = ARRAY_SIZE(rt3883_fixed_clocks),
.clk_factor = NULL,
.num_clk_factor = 0,
.clk_periph = rt5350_pherip_clks,
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 467/817] clk: ralink: mtmips: fix clocks probe order in oldest ralink SoCs
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (465 preceding siblings ...)
2024-12-03 14:40 ` [PATCH 6.11 466/817] clk: ralink: mtmips: fix clock plan for Ralink SoC RT3883 Greg Kroah-Hartman
@ 2024-12-03 14:40 ` Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 468/817] clk: en7523: remove REG_PCIE*_{MEM,MEM_MASK} configuration Greg Kroah-Hartman
` (359 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Sergio Paracuellos, Stephen Boyd,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sergio Paracuellos <sergio.paracuellos@gmail.com>
[ Upstream commit d34db686a3d74bd564bfce2ada15011c556269fc ]
Base clocks are the first in being probed and are real dependencies of the
rest of fixed, factor and peripheral clocks. For old ralink SoCs RT2880,
RT305x and RT3883 'xtal' must be defined first since in any other case,
when fixed clocks are probed they are delayed until 'xtal' is probed so the
following warning appears:
WARNING: CPU: 0 PID: 0 at drivers/clk/ralink/clk-mtmips.c:499 rt3883_bus_recalc_rate+0x98/0x138
Modules linked in:
CPU: 0 PID: 0 Comm: swapper Not tainted 6.6.43 #0
Stack : 805e58d0 00000000 00000004 8004f950 00000000 00000004 00000000 00000000
80669c54 80830000 80700000 805ae570 80670068 00000001 80669bf8 00000000
00000000 00000000 805ae570 80669b38 00000020 804db7dc 00000000 00000000
203a6d6d 80669b78 80669e48 70617773 00000000 805ae570 00000000 00000009
00000000 00000001 00000004 00000001 00000000 00000000 83fe43b0 00000000
...
Call Trace:
[<800065d0>] show_stack+0x64/0xf4
[<804bca14>] dump_stack_lvl+0x38/0x60
[<800218ac>] __warn+0x94/0xe4
[<8002195c>] warn_slowpath_fmt+0x60/0x94
[<80259ff8>] rt3883_bus_recalc_rate+0x98/0x138
[<80254530>] __clk_register+0x568/0x688
[<80254838>] of_clk_hw_register+0x18/0x2c
[<8070b910>] rt2880_clk_of_clk_init_driver+0x18c/0x594
[<8070b628>] of_clk_init+0x1c0/0x23c
[<806fc448>] plat_time_init+0x58/0x18c
[<806fdaf0>] time_init+0x10/0x6c
[<806f9bc4>] start_kernel+0x458/0x67c
---[ end trace 0000000000000000 ]---
When this driver was mainlined we could not find any active users of old
ralink SoCs so we cannot perform any real tests for them. Now, one user
of a Belkin f9k1109 version 1 device which uses RT3883 SoC appeared and
reported some issues in openWRT:
- https://github.com/openwrt/openwrt/issues/16054
Thus, define a 'rt2880_xtal_recalc_rate()' just returning the expected
frequency 40Mhz and use it along the old ralink SoCs to have a correct
boot trace with no warnings and a working clock plan from the beggining.
Fixes: 6f3b15586eef ("clk: ralink: add clock and reset driver for MTMIPS SoCs")
Signed-off-by: Sergio Paracuellos <sergio.paracuellos@gmail.com>
Link: https://lore.kernel.org/r/20240910044024.120009-3-sergio.paracuellos@gmail.com
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/ralink/clk-mtmips.c | 21 +++++++++++++--------
1 file changed, 13 insertions(+), 8 deletions(-)
diff --git a/drivers/clk/ralink/clk-mtmips.c b/drivers/clk/ralink/clk-mtmips.c
index 62f9801ecd3a4..76285fbbdeaa2 100644
--- a/drivers/clk/ralink/clk-mtmips.c
+++ b/drivers/clk/ralink/clk-mtmips.c
@@ -263,10 +263,6 @@ static int mtmips_register_pherip_clocks(struct device_node *np,
.rate = _rate \
}
-static struct mtmips_clk_fixed rt305x_fixed_clocks[] = {
- CLK_FIXED("xtal", NULL, 40000000)
-};
-
static struct mtmips_clk_fixed rt3883_fixed_clocks[] = {
CLK_FIXED("xtal", NULL, 40000000),
CLK_FIXED("periph", "xtal", 40000000)
@@ -371,6 +367,12 @@ static inline struct mtmips_clk *to_mtmips_clk(struct clk_hw *hw)
return container_of(hw, struct mtmips_clk, hw);
}
+static unsigned long rt2880_xtal_recalc_rate(struct clk_hw *hw,
+ unsigned long parent_rate)
+{
+ return 40000000;
+}
+
static unsigned long rt5350_xtal_recalc_rate(struct clk_hw *hw,
unsigned long parent_rate)
{
@@ -682,10 +684,12 @@ static unsigned long mt76x8_cpu_recalc_rate(struct clk_hw *hw,
}
static struct mtmips_clk rt2880_clks_base[] = {
+ { CLK_BASE("xtal", NULL, rt2880_xtal_recalc_rate) },
{ CLK_BASE("cpu", "xtal", rt2880_cpu_recalc_rate) }
};
static struct mtmips_clk rt305x_clks_base[] = {
+ { CLK_BASE("xtal", NULL, rt2880_xtal_recalc_rate) },
{ CLK_BASE("cpu", "xtal", rt305x_cpu_recalc_rate) }
};
@@ -695,6 +699,7 @@ static struct mtmips_clk rt3352_clks_base[] = {
};
static struct mtmips_clk rt3883_clks_base[] = {
+ { CLK_BASE("xtal", NULL, rt2880_xtal_recalc_rate) },
{ CLK_BASE("cpu", "xtal", rt3883_cpu_recalc_rate) },
{ CLK_BASE("bus", "cpu", rt3883_bus_recalc_rate) }
};
@@ -751,8 +756,8 @@ static int mtmips_register_clocks(struct device_node *np,
static const struct mtmips_clk_data rt2880_clk_data = {
.clk_base = rt2880_clks_base,
.num_clk_base = ARRAY_SIZE(rt2880_clks_base),
- .clk_fixed = rt305x_fixed_clocks,
- .num_clk_fixed = ARRAY_SIZE(rt305x_fixed_clocks),
+ .clk_fixed = NULL,
+ .num_clk_fixed = 0,
.clk_factor = rt2880_factor_clocks,
.num_clk_factor = ARRAY_SIZE(rt2880_factor_clocks),
.clk_periph = rt2880_pherip_clks,
@@ -762,8 +767,8 @@ static const struct mtmips_clk_data rt2880_clk_data = {
static const struct mtmips_clk_data rt305x_clk_data = {
.clk_base = rt305x_clks_base,
.num_clk_base = ARRAY_SIZE(rt305x_clks_base),
- .clk_fixed = rt305x_fixed_clocks,
- .num_clk_fixed = ARRAY_SIZE(rt305x_fixed_clocks),
+ .clk_fixed = NULL,
+ .num_clk_fixed = 0,
.clk_factor = rt305x_factor_clocks,
.num_clk_factor = ARRAY_SIZE(rt305x_factor_clocks),
.clk_periph = rt305x_pherip_clks,
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 468/817] clk: en7523: remove REG_PCIE*_{MEM,MEM_MASK} configuration
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (466 preceding siblings ...)
2024-12-03 14:40 ` [PATCH 6.11 467/817] clk: ralink: mtmips: fix clocks probe order in oldest ralink SoCs Greg Kroah-Hartman
@ 2024-12-03 14:40 ` Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 469/817] clk: en7523: move clock_register in hw_init callback Greg Kroah-Hartman
` (358 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Lorenzo Bianconi, Stephen Boyd,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Lorenzo Bianconi <lorenzo@kernel.org>
[ Upstream commit c31d1cdd7bff1d2c13d435bb9d0c76bfaa332097 ]
REG_PCIE*_MEM and REG_PCIE*_MEM_MASK regs (PBUS_CSR memory region) are not
part of the scu block on the EN7581 SoC and they are used to select the
PCIE ports on the PBUS, so remove this configuration from the clock driver
and set these registers in the PCIE host driver instead.
This patch does not introduce any backward incompatibility since the dts
for EN7581 SoC is not upstream yet.
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Link: https://lore.kernel.org/r/20241112-clk-en7581-syscon-v2-2-8ada5e394ae4@kernel.org
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Stable-dep-of: f98eded9e9ab ("clk: en7523: fix estimation of fixed rate for EN7581")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/clk-en7523.c | 18 ------------------
1 file changed, 18 deletions(-)
diff --git a/drivers/clk/clk-en7523.c b/drivers/clk/clk-en7523.c
index 22fbea61c3dcc..ec6716844fdcf 100644
--- a/drivers/clk/clk-en7523.c
+++ b/drivers/clk/clk-en7523.c
@@ -31,12 +31,6 @@
#define REG_RESET_CONTROL_PCIE1 BIT(27)
#define REG_RESET_CONTROL_PCIE2 BIT(26)
/* EN7581 */
-#define REG_PCIE0_MEM 0x00
-#define REG_PCIE0_MEM_MASK 0x04
-#define REG_PCIE1_MEM 0x08
-#define REG_PCIE1_MEM_MASK 0x0c
-#define REG_PCIE2_MEM 0x10
-#define REG_PCIE2_MEM_MASK 0x14
#define REG_NP_SCU_PCIC 0x88
#define REG_NP_SCU_SSTR 0x9c
#define REG_PCIE_XSI0_SEL_MASK GENMASK(14, 13)
@@ -415,26 +409,14 @@ static void en7581_pci_disable(struct clk_hw *hw)
static int en7581_clk_hw_init(struct platform_device *pdev,
void __iomem *np_base)
{
- void __iomem *pb_base;
u32 val;
- pb_base = devm_platform_ioremap_resource(pdev, 3);
- if (IS_ERR(pb_base))
- return PTR_ERR(pb_base);
-
val = readl(np_base + REG_NP_SCU_SSTR);
val &= ~(REG_PCIE_XSI0_SEL_MASK | REG_PCIE_XSI1_SEL_MASK);
writel(val, np_base + REG_NP_SCU_SSTR);
val = readl(np_base + REG_NP_SCU_PCIC);
writel(val | 3, np_base + REG_NP_SCU_PCIC);
- writel(0x20000000, pb_base + REG_PCIE0_MEM);
- writel(0xfc000000, pb_base + REG_PCIE0_MEM_MASK);
- writel(0x24000000, pb_base + REG_PCIE1_MEM);
- writel(0xfc000000, pb_base + REG_PCIE1_MEM_MASK);
- writel(0x28000000, pb_base + REG_PCIE2_MEM);
- writel(0xfc000000, pb_base + REG_PCIE2_MEM_MASK);
-
return 0;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 469/817] clk: en7523: move clock_register in hw_init callback
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (467 preceding siblings ...)
2024-12-03 14:40 ` [PATCH 6.11 468/817] clk: en7523: remove REG_PCIE*_{MEM,MEM_MASK} configuration Greg Kroah-Hartman
@ 2024-12-03 14:40 ` Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 470/817] clk: en7523: introduce chip_scu regmap Greg Kroah-Hartman
` (357 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Lorenzo Bianconi, Stephen Boyd,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Lorenzo Bianconi <lorenzo@kernel.org>
[ Upstream commit b8bdfc666bc5f58caf46e67b615132fccbaca3d4 ]
Move en7523_register_clocks routine in hw_init callback.
Introduce en7523_clk_hw_init callback for EN7523 SoC.
This is a preliminary patch to differentiate IO mapped region between
EN7523 and EN7581 SoCs in order to access chip-scu IO region
<0x1fa20000 0x384> on EN7581 SoC as syscon device since it contains
miscellaneous registers needed by multiple devices (clock, pinctrl ..).
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Link: https://lore.kernel.org/r/20241112-clk-en7581-syscon-v2-3-8ada5e394ae4@kernel.org
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Stable-dep-of: f98eded9e9ab ("clk: en7523: fix estimation of fixed rate for EN7581")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/clk-en7523.c | 82 ++++++++++++++++++++++++----------------
1 file changed, 50 insertions(+), 32 deletions(-)
diff --git a/drivers/clk/clk-en7523.c b/drivers/clk/clk-en7523.c
index ec6716844fdcf..da112c9fe8ef9 100644
--- a/drivers/clk/clk-en7523.c
+++ b/drivers/clk/clk-en7523.c
@@ -78,7 +78,8 @@ struct en_clk_soc_data {
const u16 *idx_map;
u16 idx_map_nr;
} reset;
- int (*hw_init)(struct platform_device *pdev, void __iomem *np_base);
+ int (*hw_init)(struct platform_device *pdev,
+ struct clk_hw_onecell_data *clk_data);
};
static const u32 gsw_base[] = { 400000000, 500000000 };
@@ -406,20 +407,6 @@ static void en7581_pci_disable(struct clk_hw *hw)
usleep_range(1000, 2000);
}
-static int en7581_clk_hw_init(struct platform_device *pdev,
- void __iomem *np_base)
-{
- u32 val;
-
- val = readl(np_base + REG_NP_SCU_SSTR);
- val &= ~(REG_PCIE_XSI0_SEL_MASK | REG_PCIE_XSI1_SEL_MASK);
- writel(val, np_base + REG_NP_SCU_SSTR);
- val = readl(np_base + REG_NP_SCU_PCIC);
- writel(val | 3, np_base + REG_NP_SCU_PCIC);
-
- return 0;
-}
-
static void en7523_register_clocks(struct device *dev, struct clk_hw_onecell_data *clk_data,
void __iomem *base, void __iomem *np_base)
{
@@ -449,6 +436,49 @@ static void en7523_register_clocks(struct device *dev, struct clk_hw_onecell_dat
clk_data->num = EN7523_NUM_CLOCKS;
}
+static int en7523_clk_hw_init(struct platform_device *pdev,
+ struct clk_hw_onecell_data *clk_data)
+{
+ void __iomem *base, *np_base;
+
+ base = devm_platform_ioremap_resource(pdev, 0);
+ if (IS_ERR(base))
+ return PTR_ERR(base);
+
+ np_base = devm_platform_ioremap_resource(pdev, 1);
+ if (IS_ERR(np_base))
+ return PTR_ERR(np_base);
+
+ en7523_register_clocks(&pdev->dev, clk_data, base, np_base);
+
+ return 0;
+}
+
+static int en7581_clk_hw_init(struct platform_device *pdev,
+ struct clk_hw_onecell_data *clk_data)
+{
+ void __iomem *base, *np_base;
+ u32 val;
+
+ base = devm_platform_ioremap_resource(pdev, 0);
+ if (IS_ERR(base))
+ return PTR_ERR(base);
+
+ np_base = devm_platform_ioremap_resource(pdev, 1);
+ if (IS_ERR(np_base))
+ return PTR_ERR(np_base);
+
+ en7523_register_clocks(&pdev->dev, clk_data, base, np_base);
+
+ val = readl(np_base + REG_NP_SCU_SSTR);
+ val &= ~(REG_PCIE_XSI0_SEL_MASK | REG_PCIE_XSI1_SEL_MASK);
+ writel(val, np_base + REG_NP_SCU_SSTR);
+ val = readl(np_base + REG_NP_SCU_PCIC);
+ writel(val | 3, np_base + REG_NP_SCU_PCIC);
+
+ return 0;
+}
+
static int en7523_reset_update(struct reset_controller_dev *rcdev,
unsigned long id, bool assert)
{
@@ -543,31 +573,18 @@ static int en7523_clk_probe(struct platform_device *pdev)
struct device_node *node = pdev->dev.of_node;
const struct en_clk_soc_data *soc_data;
struct clk_hw_onecell_data *clk_data;
- void __iomem *base, *np_base;
int r;
- base = devm_platform_ioremap_resource(pdev, 0);
- if (IS_ERR(base))
- return PTR_ERR(base);
-
- np_base = devm_platform_ioremap_resource(pdev, 1);
- if (IS_ERR(np_base))
- return PTR_ERR(np_base);
-
- soc_data = device_get_match_data(&pdev->dev);
- if (soc_data->hw_init) {
- r = soc_data->hw_init(pdev, np_base);
- if (r)
- return r;
- }
-
clk_data = devm_kzalloc(&pdev->dev,
struct_size(clk_data, hws, EN7523_NUM_CLOCKS),
GFP_KERNEL);
if (!clk_data)
return -ENOMEM;
- en7523_register_clocks(&pdev->dev, clk_data, base, np_base);
+ soc_data = device_get_match_data(&pdev->dev);
+ r = soc_data->hw_init(pdev, clk_data);
+ if (r)
+ return r;
r = of_clk_add_hw_provider(node, of_clk_hw_onecell_get, clk_data);
if (r)
@@ -590,6 +607,7 @@ static const struct en_clk_soc_data en7523_data = {
.prepare = en7523_pci_prepare,
.unprepare = en7523_pci_unprepare,
},
+ .hw_init = en7523_clk_hw_init,
};
static const struct en_clk_soc_data en7581_data = {
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 470/817] clk: en7523: introduce chip_scu regmap
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (468 preceding siblings ...)
2024-12-03 14:40 ` [PATCH 6.11 469/817] clk: en7523: move clock_register in hw_init callback Greg Kroah-Hartman
@ 2024-12-03 14:40 ` Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 471/817] clk: en7523: fix estimation of fixed rate for EN7581 Greg Kroah-Hartman
` (356 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Lorenzo Bianconi, Stephen Boyd,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Lorenzo Bianconi <lorenzo@kernel.org>
[ Upstream commit f72fc22038dd544fa4d39c06e8c81c09c0041ed4 ]
Introduce chip_scu regmap pointer since EN7581 SoC will access chip-scu
memory area via a syscon node. Remove first memory region mapping
for EN7581 SoC. This patch does not introduce any backward incompatibility
since the dts for EN7581 SoC is not upstream yet.
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Link: https://lore.kernel.org/r/20241112-clk-en7581-syscon-v2-4-8ada5e394ae4@kernel.org
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Stable-dep-of: f98eded9e9ab ("clk: en7523: fix estimation of fixed rate for EN7581")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/clk-en7523.c | 81 ++++++++++++++++++++++++++++++----------
1 file changed, 61 insertions(+), 20 deletions(-)
diff --git a/drivers/clk/clk-en7523.c b/drivers/clk/clk-en7523.c
index da112c9fe8ef9..7f83cbce01eeb 100644
--- a/drivers/clk/clk-en7523.c
+++ b/drivers/clk/clk-en7523.c
@@ -3,8 +3,10 @@
#include <linux/delay.h>
#include <linux/clk-provider.h>
#include <linux/io.h>
+#include <linux/mfd/syscon.h>
#include <linux/platform_device.h>
#include <linux/property.h>
+#include <linux/regmap.h>
#include <linux/reset-controller.h>
#include <dt-bindings/clock/en7523-clk.h>
#include <dt-bindings/reset/airoha,en7581-reset.h>
@@ -247,15 +249,11 @@ static const u16 en7581_rst_map[] = {
[EN7581_XPON_MAC_RST] = RST_NR_PER_BANK + 31,
};
-static unsigned int en7523_get_base_rate(void __iomem *base, unsigned int i)
+static u32 en7523_get_base_rate(const struct en_clk_desc *desc, u32 val)
{
- const struct en_clk_desc *desc = &en7523_base_clks[i];
- u32 val;
-
if (!desc->base_bits)
return desc->base_value;
- val = readl(base + desc->base_reg);
val >>= desc->base_shift;
val &= (1 << desc->base_bits) - 1;
@@ -265,16 +263,11 @@ static unsigned int en7523_get_base_rate(void __iomem *base, unsigned int i)
return desc->base_values[val];
}
-static u32 en7523_get_div(void __iomem *base, int i)
+static u32 en7523_get_div(const struct en_clk_desc *desc, u32 val)
{
- const struct en_clk_desc *desc = &en7523_base_clks[i];
- u32 reg, val;
-
if (!desc->div_bits)
return 1;
- reg = desc->div_reg ? desc->div_reg : desc->base_reg;
- val = readl(base + reg);
val >>= desc->div_shift;
val &= (1 << desc->div_bits) - 1;
@@ -416,9 +409,12 @@ static void en7523_register_clocks(struct device *dev, struct clk_hw_onecell_dat
for (i = 0; i < ARRAY_SIZE(en7523_base_clks); i++) {
const struct en_clk_desc *desc = &en7523_base_clks[i];
+ u32 reg = desc->div_reg ? desc->div_reg : desc->base_reg;
+ u32 val = readl(base + desc->base_reg);
- rate = en7523_get_base_rate(base, i);
- rate /= en7523_get_div(base, i);
+ rate = en7523_get_base_rate(desc, val);
+ val = readl(base + reg);
+ rate /= en7523_get_div(desc, val);
hw = clk_hw_register_fixed_rate(dev, desc->name, NULL, 0, rate);
if (IS_ERR(hw)) {
@@ -454,21 +450,66 @@ static int en7523_clk_hw_init(struct platform_device *pdev,
return 0;
}
+static void en7581_register_clocks(struct device *dev, struct clk_hw_onecell_data *clk_data,
+ struct regmap *map, void __iomem *base)
+{
+ struct clk_hw *hw;
+ u32 rate;
+ int i;
+
+ for (i = 0; i < ARRAY_SIZE(en7523_base_clks); i++) {
+ const struct en_clk_desc *desc = &en7523_base_clks[i];
+ u32 val, reg = desc->div_reg ? desc->div_reg : desc->base_reg;
+ int err;
+
+ err = regmap_read(map, desc->base_reg, &val);
+ if (err) {
+ pr_err("Failed reading fixed clk rate %s: %d\n",
+ desc->name, err);
+ continue;
+ }
+ rate = en7523_get_base_rate(desc, val);
+
+ err = regmap_read(map, reg, &val);
+ if (err) {
+ pr_err("Failed reading fixed clk div %s: %d\n",
+ desc->name, err);
+ continue;
+ }
+ rate /= en7523_get_div(desc, val);
+
+ hw = clk_hw_register_fixed_rate(dev, desc->name, NULL, 0, rate);
+ if (IS_ERR(hw)) {
+ pr_err("Failed to register clk %s: %ld\n",
+ desc->name, PTR_ERR(hw));
+ continue;
+ }
+
+ clk_data->hws[desc->id] = hw;
+ }
+
+ hw = en7523_register_pcie_clk(dev, base);
+ clk_data->hws[EN7523_CLK_PCIE] = hw;
+
+ clk_data->num = EN7523_NUM_CLOCKS;
+}
+
static int en7581_clk_hw_init(struct platform_device *pdev,
struct clk_hw_onecell_data *clk_data)
{
- void __iomem *base, *np_base;
+ void __iomem *np_base;
+ struct regmap *map;
u32 val;
- base = devm_platform_ioremap_resource(pdev, 0);
- if (IS_ERR(base))
- return PTR_ERR(base);
+ map = syscon_regmap_lookup_by_compatible("airoha,en7581-chip-scu");
+ if (IS_ERR(map))
+ return PTR_ERR(map);
- np_base = devm_platform_ioremap_resource(pdev, 1);
+ np_base = devm_platform_ioremap_resource(pdev, 0);
if (IS_ERR(np_base))
return PTR_ERR(np_base);
- en7523_register_clocks(&pdev->dev, clk_data, base, np_base);
+ en7581_register_clocks(&pdev->dev, clk_data, map, np_base);
val = readl(np_base + REG_NP_SCU_SSTR);
val &= ~(REG_PCIE_XSI0_SEL_MASK | REG_PCIE_XSI1_SEL_MASK);
@@ -545,7 +586,7 @@ static int en7523_reset_register(struct platform_device *pdev,
if (!soc_data->reset.idx_map_nr)
return 0;
- base = devm_platform_ioremap_resource(pdev, 2);
+ base = devm_platform_ioremap_resource(pdev, 1);
if (IS_ERR(base))
return PTR_ERR(base);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 471/817] clk: en7523: fix estimation of fixed rate for EN7581
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (469 preceding siblings ...)
2024-12-03 14:40 ` [PATCH 6.11 470/817] clk: en7523: introduce chip_scu regmap Greg Kroah-Hartman
@ 2024-12-03 14:40 ` Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 472/817] dt-bindings: clock: axi-clkgen: include AXI clk Greg Kroah-Hartman
` (355 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Lorenzo Bianconi, Stephen Boyd,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Lorenzo Bianconi <lorenzo@kernel.org>
[ Upstream commit f98eded9e9ab048c88ff59c5523e703a6ced5523 ]
Introduce en7581_base_clks array in order to define per-SoC fixed-rate
clock parameters and fix wrong parameters for emi, npu and crypto EN7581
clocks
Fixes: 66bc47326ce2 ("clk: en7523: Add EN7581 support")
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Link: https://lore.kernel.org/r/20241112-clk-en7581-syscon-v2-5-8ada5e394ae4@kernel.org
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/clk-en7523.c | 105 ++++++++++++++++++++++++++++++++++++++-
1 file changed, 103 insertions(+), 2 deletions(-)
diff --git a/drivers/clk/clk-en7523.c b/drivers/clk/clk-en7523.c
index 7f83cbce01eeb..fdd8ea989ed24 100644
--- a/drivers/clk/clk-en7523.c
+++ b/drivers/clk/clk-en7523.c
@@ -37,6 +37,7 @@
#define REG_NP_SCU_SSTR 0x9c
#define REG_PCIE_XSI0_SEL_MASK GENMASK(14, 13)
#define REG_PCIE_XSI1_SEL_MASK GENMASK(12, 11)
+#define REG_CRYPTO_CLKSRC2 0x20c
#define REG_RST_CTRL2 0x00
#define REG_RST_CTRL1 0x04
@@ -89,6 +90,10 @@ static const u32 emi_base[] = { 333000000, 400000000 };
static const u32 bus_base[] = { 500000000, 540000000 };
static const u32 slic_base[] = { 100000000, 3125000 };
static const u32 npu_base[] = { 333000000, 400000000, 500000000 };
+/* EN7581 */
+static const u32 emi7581_base[] = { 540000000, 480000000, 400000000, 300000000 };
+static const u32 npu7581_base[] = { 800000000, 750000000, 720000000, 600000000 };
+static const u32 crypto_base[] = { 540000000, 480000000 };
static const struct en_clk_desc en7523_base_clks[] = {
{
@@ -186,6 +191,102 @@ static const struct en_clk_desc en7523_base_clks[] = {
}
};
+static const struct en_clk_desc en7581_base_clks[] = {
+ {
+ .id = EN7523_CLK_GSW,
+ .name = "gsw",
+
+ .base_reg = REG_GSW_CLK_DIV_SEL,
+ .base_bits = 1,
+ .base_shift = 8,
+ .base_values = gsw_base,
+ .n_base_values = ARRAY_SIZE(gsw_base),
+
+ .div_bits = 3,
+ .div_shift = 0,
+ .div_step = 1,
+ .div_offset = 1,
+ }, {
+ .id = EN7523_CLK_EMI,
+ .name = "emi",
+
+ .base_reg = REG_EMI_CLK_DIV_SEL,
+ .base_bits = 2,
+ .base_shift = 8,
+ .base_values = emi7581_base,
+ .n_base_values = ARRAY_SIZE(emi7581_base),
+
+ .div_bits = 3,
+ .div_shift = 0,
+ .div_step = 1,
+ .div_offset = 1,
+ }, {
+ .id = EN7523_CLK_BUS,
+ .name = "bus",
+
+ .base_reg = REG_BUS_CLK_DIV_SEL,
+ .base_bits = 1,
+ .base_shift = 8,
+ .base_values = bus_base,
+ .n_base_values = ARRAY_SIZE(bus_base),
+
+ .div_bits = 3,
+ .div_shift = 0,
+ .div_step = 1,
+ .div_offset = 1,
+ }, {
+ .id = EN7523_CLK_SLIC,
+ .name = "slic",
+
+ .base_reg = REG_SPI_CLK_FREQ_SEL,
+ .base_bits = 1,
+ .base_shift = 0,
+ .base_values = slic_base,
+ .n_base_values = ARRAY_SIZE(slic_base),
+
+ .div_reg = REG_SPI_CLK_DIV_SEL,
+ .div_bits = 5,
+ .div_shift = 24,
+ .div_val0 = 20,
+ .div_step = 2,
+ }, {
+ .id = EN7523_CLK_SPI,
+ .name = "spi",
+
+ .base_reg = REG_SPI_CLK_DIV_SEL,
+
+ .base_value = 400000000,
+
+ .div_bits = 5,
+ .div_shift = 8,
+ .div_val0 = 40,
+ .div_step = 2,
+ }, {
+ .id = EN7523_CLK_NPU,
+ .name = "npu",
+
+ .base_reg = REG_NPU_CLK_DIV_SEL,
+ .base_bits = 2,
+ .base_shift = 8,
+ .base_values = npu7581_base,
+ .n_base_values = ARRAY_SIZE(npu7581_base),
+
+ .div_bits = 3,
+ .div_shift = 0,
+ .div_step = 1,
+ .div_offset = 1,
+ }, {
+ .id = EN7523_CLK_CRYPTO,
+ .name = "crypto",
+
+ .base_reg = REG_CRYPTO_CLKSRC2,
+ .base_bits = 1,
+ .base_shift = 0,
+ .base_values = crypto_base,
+ .n_base_values = ARRAY_SIZE(crypto_base),
+ }
+};
+
static const u16 en7581_rst_ofs[] = {
REG_RST_CTRL2,
REG_RST_CTRL1,
@@ -457,8 +558,8 @@ static void en7581_register_clocks(struct device *dev, struct clk_hw_onecell_dat
u32 rate;
int i;
- for (i = 0; i < ARRAY_SIZE(en7523_base_clks); i++) {
- const struct en_clk_desc *desc = &en7523_base_clks[i];
+ for (i = 0; i < ARRAY_SIZE(en7581_base_clks); i++) {
+ const struct en_clk_desc *desc = &en7581_base_clks[i];
u32 val, reg = desc->div_reg ? desc->div_reg : desc->base_reg;
int err;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 472/817] dt-bindings: clock: axi-clkgen: include AXI clk
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (470 preceding siblings ...)
2024-12-03 14:40 ` [PATCH 6.11 471/817] clk: en7523: fix estimation of fixed rate for EN7581 Greg Kroah-Hartman
@ 2024-12-03 14:40 ` Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 473/817] clk: clk-axi-clkgen: make sure to enable the AXI bus clock Greg Kroah-Hartman
` (354 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Nuno Sa, Conor Dooley, Stephen Boyd,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nuno Sa <nuno.sa@analog.com>
[ Upstream commit 47f3f5a82a31527e027929c5cec3dd1ef5ef30f5 ]
In order to access the registers of the HW, we need to make sure that
the AXI bus clock is enabled. Hence let's increase the number of clocks
by one and add clock-names to differentiate between parent clocks and
the bus clock.
Fixes: 0e646c52cf0e ("clk: Add axi-clkgen driver")
Signed-off-by: Nuno Sa <nuno.sa@analog.com>
Link: https://lore.kernel.org/r/20241029-axi-clkgen-fix-axiclk-v2-1-bc5e0733ad76@analog.com
Reviewed-by: Conor Dooley <conor.dooley@microchip.com>
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../bindings/clock/adi,axi-clkgen.yaml | 22 +++++++++++++++----
1 file changed, 18 insertions(+), 4 deletions(-)
diff --git a/Documentation/devicetree/bindings/clock/adi,axi-clkgen.yaml b/Documentation/devicetree/bindings/clock/adi,axi-clkgen.yaml
index 5e942bccf2778..2b2041818a0a4 100644
--- a/Documentation/devicetree/bindings/clock/adi,axi-clkgen.yaml
+++ b/Documentation/devicetree/bindings/clock/adi,axi-clkgen.yaml
@@ -26,9 +26,21 @@ properties:
description:
Specifies the reference clock(s) from which the output frequency is
derived. This must either reference one clock if only the first clock
- input is connected or two if both clock inputs are connected.
- minItems: 1
- maxItems: 2
+ input is connected or two if both clock inputs are connected. The last
+ clock is the AXI bus clock that needs to be enabled so we can access the
+ core registers.
+ minItems: 2
+ maxItems: 3
+
+ clock-names:
+ oneOf:
+ - items:
+ - const: clkin1
+ - const: s_axi_aclk
+ - items:
+ - const: clkin1
+ - const: clkin2
+ - const: s_axi_aclk
'#clock-cells':
const: 0
@@ -40,6 +52,7 @@ required:
- compatible
- reg
- clocks
+ - clock-names
- '#clock-cells'
additionalProperties: false
@@ -50,5 +63,6 @@ examples:
compatible = "adi,axi-clkgen-2.00.a";
#clock-cells = <0>;
reg = <0xff000000 0x1000>;
- clocks = <&osc 1>;
+ clocks = <&osc 1>, <&clkc 15>;
+ clock-names = "clkin1", "s_axi_aclk";
};
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 473/817] clk: clk-axi-clkgen: make sure to enable the AXI bus clock
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (471 preceding siblings ...)
2024-12-03 14:40 ` [PATCH 6.11 472/817] dt-bindings: clock: axi-clkgen: include AXI clk Greg Kroah-Hartman
@ 2024-12-03 14:40 ` Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 474/817] arm64: dts: qcom: sc8180x: Add a SoC-specific compatible to cpufreq-hw Greg Kroah-Hartman
` (353 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:40 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Nuno Sa, Stephen Boyd, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nuno Sa <nuno.sa@analog.com>
[ Upstream commit c64ef7e4851d1a9abbb7f7833e4936973ac5ba79 ]
In order to access the registers of the HW, we need to make sure that
the AXI bus clock is enabled. Hence let's increase the number of clocks
by one.
In order to keep backward compatibility and make sure old DTs still work
we check if clock-names is available or not. If it is, then we can
disambiguate between really having the AXI clock or a parent clock and
so we can enable the bus clock. If not, we fallback to what was done
before and don't explicitly enable the AXI bus clock.
Note that if clock-names is given, the axi clock must be the last one in
the phandle array (also enforced in the DT bindings) so that we can reuse
as much code as possible.
Fixes: 0e646c52cf0e ("clk: Add axi-clkgen driver")
Signed-off-by: Nuno Sa <nuno.sa@analog.com>
Link: https://lore.kernel.org/r/20241029-axi-clkgen-fix-axiclk-v2-2-bc5e0733ad76@analog.com
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/clk-axi-clkgen.c | 22 ++++++++++++++++++++--
1 file changed, 20 insertions(+), 2 deletions(-)
diff --git a/drivers/clk/clk-axi-clkgen.c b/drivers/clk/clk-axi-clkgen.c
index bf4d8ddc93aea..934e53a96ddda 100644
--- a/drivers/clk/clk-axi-clkgen.c
+++ b/drivers/clk/clk-axi-clkgen.c
@@ -7,6 +7,7 @@
*/
#include <linux/platform_device.h>
+#include <linux/clk.h>
#include <linux/clk-provider.h>
#include <linux/slab.h>
#include <linux/io.h>
@@ -512,6 +513,7 @@ static int axi_clkgen_probe(struct platform_device *pdev)
struct clk_init_data init;
const char *parent_names[2];
const char *clk_name;
+ struct clk *axi_clk;
unsigned int i;
int ret;
@@ -528,8 +530,24 @@ static int axi_clkgen_probe(struct platform_device *pdev)
return PTR_ERR(axi_clkgen->base);
init.num_parents = of_clk_get_parent_count(pdev->dev.of_node);
- if (init.num_parents < 1 || init.num_parents > 2)
- return -EINVAL;
+
+ axi_clk = devm_clk_get_enabled(&pdev->dev, "s_axi_aclk");
+ if (!IS_ERR(axi_clk)) {
+ if (init.num_parents < 2 || init.num_parents > 3)
+ return -EINVAL;
+
+ init.num_parents -= 1;
+ } else {
+ /*
+ * Legacy... So that old DTs which do not have clock-names still
+ * work. In this case we don't explicitly enable the AXI bus
+ * clock.
+ */
+ if (PTR_ERR(axi_clk) != -ENOENT)
+ return PTR_ERR(axi_clk);
+ if (init.num_parents < 1 || init.num_parents > 2)
+ return -EINVAL;
+ }
for (i = 0; i < init.num_parents; i++) {
parent_names[i] = of_clk_get_parent_name(pdev->dev.of_node, i);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 474/817] arm64: dts: qcom: sc8180x: Add a SoC-specific compatible to cpufreq-hw
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (472 preceding siblings ...)
2024-12-03 14:40 ` [PATCH 6.11 473/817] clk: clk-axi-clkgen: make sure to enable the AXI bus clock Greg Kroah-Hartman
@ 2024-12-03 14:40 ` Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 475/817] pinctrl: k210: Undef K210_PC_DEFAULT Greg Kroah-Hartman
` (352 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Konrad Dybcio, Dmitry Baryshkov,
Viresh Kumar, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Konrad Dybcio <konrad.dybcio@oss.qualcomm.com>
[ Upstream commit 5df30684415d5a902f23862ab5bbed2a2df7fbf1 ]
Comply with bindings guidelines and get rid of errors such as:
cpufreq@18323000: compatible: 'oneOf' conditional failed, one must be fixed:
['qcom,cpufreq-hw'] is too short
Fixes: 8575f197b077 ("arm64: dts: qcom: Introduce the SC8180x platform")
Signed-off-by: Konrad Dybcio <konrad.dybcio@oss.qualcomm.com>
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/sc8180x.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm64/boot/dts/qcom/sc8180x.dtsi b/arch/arm64/boot/dts/qcom/sc8180x.dtsi
index 6e707d993aeb3..b1451f8ad2a60 100644
--- a/arch/arm64/boot/dts/qcom/sc8180x.dtsi
+++ b/arch/arm64/boot/dts/qcom/sc8180x.dtsi
@@ -3730,7 +3730,7 @@ lmh@18358800 {
};
cpufreq_hw: cpufreq@18323000 {
- compatible = "qcom,cpufreq-hw";
+ compatible = "qcom,sc8180x-cpufreq-hw", "qcom,cpufreq-hw";
reg = <0 0x18323000 0 0x1400>, <0 0x18325800 0 0x1400>;
reg-names = "freq-domain0", "freq-domain1";
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 475/817] pinctrl: k210: Undef K210_PC_DEFAULT
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (473 preceding siblings ...)
2024-12-03 14:40 ` [PATCH 6.11 474/817] arm64: dts: qcom: sc8180x: Add a SoC-specific compatible to cpufreq-hw Greg Kroah-Hartman
@ 2024-12-03 14:40 ` Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 476/817] rtla/timerlat: Do not set params->user_workload with -U Greg Kroah-Hartman
` (351 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, zhang jiao, Damien Le Moal,
Linus Walleij, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: zhang jiao <zhangjiao2@cmss.chinamobile.com>
[ Upstream commit 7e86490c5dee5c41a55f32d0dc34269e200e6909 ]
When the temporary macro K210_PC_DEFAULT is not needed anymore,
use its name in the #undef statement instead of
the incorrect "DEFAULT" name.
Fixes: d4c34d09ab03 ("pinctrl: Add RISC-V Canaan Kendryte K210 FPIOA driver")
Signed-off-by: zhang jiao <zhangjiao2@cmss.chinamobile.com>
Reviewed-by: Damien Le Moal <dlemoal@kernel.org>
Link: https://lore.kernel.org/20241113071201.5440-1-zhangjiao2@cmss.chinamobile.com
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pinctrl/pinctrl-k210.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/pinctrl/pinctrl-k210.c b/drivers/pinctrl/pinctrl-k210.c
index a898e40451fe4..9c1aa3246df7d 100644
--- a/drivers/pinctrl/pinctrl-k210.c
+++ b/drivers/pinctrl/pinctrl-k210.c
@@ -183,7 +183,7 @@ static const u32 k210_pinconf_mode_id_to_mode[] = {
[K210_PC_DEFAULT_INT13] = K210_PC_MODE_IN | K210_PC_PU,
};
-#undef DEFAULT
+#undef K210_PC_DEFAULT
/*
* Pin functions configuration information.
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 476/817] rtla/timerlat: Do not set params->user_workload with -U
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (474 preceding siblings ...)
2024-12-03 14:40 ` [PATCH 6.11 475/817] pinctrl: k210: Undef K210_PC_DEFAULT Greg Kroah-Hartman
@ 2024-12-03 14:40 ` Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 477/817] smb: cached directories can be more than root file handle Greg Kroah-Hartman
` (350 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Tomas Glozar,
Steven Rostedt (Google), Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tomas Glozar <tglozar@redhat.com>
[ Upstream commit fcbc60d7dc4b125c8de130aa1512e5d20726c06e ]
Since commit fb9e90a67ee9 ("rtla/timerlat: Make user-space threads
the default"), rtla-timerlat has been defaulting to
params->user_workload if neither that or params->kernel_workload is set.
This has unintentionally made -U, which sets only params->user_hist/top
but not params->user_workload, to behave like -u unless -k is set,
preventing the user from running a custom workload.
Example:
$ rtla timerlat hist -U -c 0 &
[1] 7413
$ python sample/timerlat_load.py 0
Error opening timerlat fd, did you run timerlat -U?
$ ps | grep timerlatu
7415 pts/4 00:00:00 timerlatu/0
Fix the issue by checking for params->user_top/hist instead of
params->user_workload when setting default thread mode.
Link: https://lore.kernel.org/20241021123140.14652-1-tglozar@redhat.com
Fixes: fb9e90a67ee9 ("rtla/timerlat: Make user-space threads the default")
Signed-off-by: Tomas Glozar <tglozar@redhat.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/tracing/rtla/src/timerlat_hist.c | 2 +-
tools/tracing/rtla/src/timerlat_top.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/tools/tracing/rtla/src/timerlat_hist.c b/tools/tracing/rtla/src/timerlat_hist.c
index a3907c390d67a..829511a712224 100644
--- a/tools/tracing/rtla/src/timerlat_hist.c
+++ b/tools/tracing/rtla/src/timerlat_hist.c
@@ -1064,7 +1064,7 @@ timerlat_hist_apply_config(struct osnoise_tool *tool, struct timerlat_hist_param
* If the user did not specify a type of thread, try user-threads first.
* Fall back to kernel threads otherwise.
*/
- if (!params->kernel_workload && !params->user_workload) {
+ if (!params->kernel_workload && !params->user_hist) {
retval = tracefs_file_exists(NULL, "osnoise/per_cpu/cpu0/timerlat_fd");
if (retval) {
debug_msg("User-space interface detected, setting user-threads\n");
diff --git a/tools/tracing/rtla/src/timerlat_top.c b/tools/tracing/rtla/src/timerlat_top.c
index 210b0f533534a..3b62519a412fc 100644
--- a/tools/tracing/rtla/src/timerlat_top.c
+++ b/tools/tracing/rtla/src/timerlat_top.c
@@ -830,7 +830,7 @@ timerlat_top_apply_config(struct osnoise_tool *top, struct timerlat_top_params *
* If the user did not specify a type of thread, try user-threads first.
* Fall back to kernel threads otherwise.
*/
- if (!params->kernel_workload && !params->user_workload) {
+ if (!params->kernel_workload && !params->user_top) {
retval = tracefs_file_exists(NULL, "osnoise/per_cpu/cpu0/timerlat_fd");
if (retval) {
debug_msg("User-space interface detected, setting user-threads\n");
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 477/817] smb: cached directories can be more than root file handle
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (475 preceding siblings ...)
2024-12-03 14:40 ` [PATCH 6.11 476/817] rtla/timerlat: Do not set params->user_workload with -U Greg Kroah-Hartman
@ 2024-12-03 14:40 ` Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 478/817] mailbox: mtk-cmdq: fix wrong use of sizeof in cmdq_get_clocks() Greg Kroah-Hartman
` (349 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Paul Aurich, Bharath SM,
Steve French, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Paul Aurich <paul@darkrain42.org>
[ Upstream commit 128630e1dbec8074c7707aad107299169047e68f ]
Update this log message since cached fids may represent things other
than the root of a mount.
Fixes: e4029e072673 ("cifs: find and use the dentry for cached non-root directories also")
Signed-off-by: Paul Aurich <paul@darkrain42.org>
Reviewed-by: Bharath SM <bharathsm@microsoft.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/smb/client/cached_dir.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/smb/client/cached_dir.c b/fs/smb/client/cached_dir.c
index 0ff2491c311d8..adcba13352045 100644
--- a/fs/smb/client/cached_dir.c
+++ b/fs/smb/client/cached_dir.c
@@ -401,7 +401,7 @@ int open_cached_dir_by_dentry(struct cifs_tcon *tcon,
spin_lock(&cfids->cfid_list_lock);
list_for_each_entry(cfid, &cfids->entries, entry) {
if (dentry && cfid->dentry == dentry) {
- cifs_dbg(FYI, "found a cached root file handle by dentry\n");
+ cifs_dbg(FYI, "found a cached file handle by dentry\n");
kref_get(&cfid->refcount);
*ret_cfid = cfid;
spin_unlock(&cfids->cfid_list_lock);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 478/817] mailbox: mtk-cmdq: fix wrong use of sizeof in cmdq_get_clocks()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (476 preceding siblings ...)
2024-12-03 14:40 ` [PATCH 6.11 477/817] smb: cached directories can be more than root file handle Greg Kroah-Hartman
@ 2024-12-03 14:40 ` Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 479/817] mailbox: arm_mhuv2: clean up loop in get_irq_chan_comb() Greg Kroah-Hartman
` (348 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:40 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Yang Yingliang, Jassi Brar,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit 271ee263cc8771982809185007181ca10346fe73 ]
It should be size of the struct clk_bulk_data, not data pointer pass to
devm_kcalloc().
Fixes: aa1609f571ca ("mailbox: mtk-cmdq: Dynamically allocate clk_bulk_data structure")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: Jassi Brar <jassisinghbrar@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mailbox/mtk-cmdq-mailbox.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/mailbox/mtk-cmdq-mailbox.c b/drivers/mailbox/mtk-cmdq-mailbox.c
index 4bff73532085b..9c43ed9bdd37b 100644
--- a/drivers/mailbox/mtk-cmdq-mailbox.c
+++ b/drivers/mailbox/mtk-cmdq-mailbox.c
@@ -584,7 +584,7 @@ static int cmdq_get_clocks(struct device *dev, struct cmdq *cmdq)
struct clk_bulk_data *clks;
cmdq->clocks = devm_kcalloc(dev, cmdq->pdata->gce_num,
- sizeof(cmdq->clocks), GFP_KERNEL);
+ sizeof(*cmdq->clocks), GFP_KERNEL);
if (!cmdq->clocks)
return -ENOMEM;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 479/817] mailbox: arm_mhuv2: clean up loop in get_irq_chan_comb()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (477 preceding siblings ...)
2024-12-03 14:40 ` [PATCH 6.11 478/817] mailbox: mtk-cmdq: fix wrong use of sizeof in cmdq_get_clocks() Greg Kroah-Hartman
@ 2024-12-03 14:40 ` Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 480/817] x86: fix off-by-one in access_ok() Greg Kroah-Hartman
` (347 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dan Carpenter, Viresh Kumar,
Jassi Brar, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dan Carpenter <dan.carpenter@linaro.org>
[ Upstream commit 192a16a3430ca459c4e986f3d10758c4d6b1aa29 ]
Both the inner and outer loops in this code use the "i" iterator.
The inner loop should really use a different iterator.
It doesn't affect things in practice because the data comes from the
device tree. The "protocol" and "windows" variables are going to be
zero. That means we're always going to hit the "return &chans[channel];"
statement and we're not going to want to iterate through the outer
loop again.
Still it's worth fixing this for future use cases.
Fixes: 5a6338cce9f4 ("mailbox: arm_mhuv2: Add driver")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Acked-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Jassi Brar <jassisinghbrar@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mailbox/arm_mhuv2.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/mailbox/arm_mhuv2.c b/drivers/mailbox/arm_mhuv2.c
index 0ec21dcdbde72..cff7c343ee082 100644
--- a/drivers/mailbox/arm_mhuv2.c
+++ b/drivers/mailbox/arm_mhuv2.c
@@ -500,7 +500,7 @@ static const struct mhuv2_protocol_ops mhuv2_data_transfer_ops = {
static struct mbox_chan *get_irq_chan_comb(struct mhuv2 *mhu, u32 __iomem *reg)
{
struct mbox_chan *chans = mhu->mbox.chans;
- int channel = 0, i, offset = 0, windows, protocol, ch_wn;
+ int channel = 0, i, j, offset = 0, windows, protocol, ch_wn;
u32 stat;
for (i = 0; i < MHUV2_CMB_INT_ST_REG_CNT; i++) {
@@ -510,9 +510,9 @@ static struct mbox_chan *get_irq_chan_comb(struct mhuv2 *mhu, u32 __iomem *reg)
ch_wn = i * MHUV2_STAT_BITS + __builtin_ctz(stat);
- for (i = 0; i < mhu->length; i += 2) {
- protocol = mhu->protocols[i];
- windows = mhu->protocols[i + 1];
+ for (j = 0; j < mhu->length; j += 2) {
+ protocol = mhu->protocols[j];
+ windows = mhu->protocols[j + 1];
if (ch_wn >= offset + windows) {
if (protocol == DOORBELL)
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 480/817] x86: fix off-by-one in access_ok()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (478 preceding siblings ...)
2024-12-03 14:40 ` [PATCH 6.11 479/817] mailbox: arm_mhuv2: clean up loop in get_irq_chan_comb() Greg Kroah-Hartman
@ 2024-12-03 14:40 ` Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 481/817] perf cs-etm: Dont flush when packet_queue fills up Greg Kroah-Hartman
` (346 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, David Laight, Linus Torvalds,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: David Laight <David.Laight@ACULAB.COM>
[ Upstream commit 573f45a9f9a47fed4c7957609689b772121b33d7 ]
When the size isn't a small constant, __access_ok() will call
valid_user_address() with the address after the last byte of the user
buffer.
It is valid for a buffer to end with the last valid user address so
valid_user_address() must allow accesses to the base of the guard page.
[ This introduces an off-by-one in the other direction for the plain
non-sized accesses, but since we have that guard region that is a
whole page, those checks "allowing" accesses to that guard region
don't really matter. The access will fault anyway, whether to the
guard page or if the address has been masked to all ones - Linus ]
Fixes: 86e6b1547b3d0 ("x86: fix user address masking non-canonical speculation issue")
Signed-off-by: David Laight <david.laight@aculab.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kernel/cpu/common.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index c472282ab40fd..fd89f1c65c947 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -2374,12 +2374,12 @@ void __init arch_cpu_finalize_init(void)
alternative_instructions();
if (IS_ENABLED(CONFIG_X86_64)) {
- unsigned long USER_PTR_MAX = TASK_SIZE_MAX-1;
+ unsigned long USER_PTR_MAX = TASK_SIZE_MAX;
/*
* Enable this when LAM is gated on LASS support
if (cpu_feature_enabled(X86_FEATURE_LAM))
- USER_PTR_MAX = (1ul << 63) - PAGE_SIZE - 1;
+ USER_PTR_MAX = (1ul << 63) - PAGE_SIZE;
*/
runtime_const_init(ptr, USER_PTR_MAX);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 481/817] perf cs-etm: Dont flush when packet_queue fills up
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (479 preceding siblings ...)
2024-12-03 14:40 ` [PATCH 6.11 480/817] x86: fix off-by-one in access_ok() Greg Kroah-Hartman
@ 2024-12-03 14:40 ` Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 482/817] gfs2: Rename GLF_VERIFY_EVICT to GLF_VERIFY_DELETE Greg Kroah-Hartman
` (345 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ganapatrao Kulkarni, Leo Yan,
James Clark, Ben Gainey, Suzuki K Poulose, Will Deacon,
Mathieu Poirier, Mike Leach, Ruidong Tian, Benjamin Gray,
linux-arm-kernel, coresight, John Garry, scclevenger,
Namhyung Kim, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: James Clark <james.clark@linaro.org>
[ Upstream commit 5afd032961e8465808c4bc385c06e7676fbe1951 ]
cs_etm__flush(), like cs_etm__sample() is an operation that generates a
sample and then swaps the current with the previous packet. Calling
flush after processing the queues results in two swaps which corrupts
the next sample. Therefore it wasn't appropriate to call flush here so
remove it.
Flushing is still done on a discontinuity to explicitly clear the last
branch buffer, but when the packet_queue fills up before reaching a
timestamp, that's not a discontinuity and the call to
cs_etm__process_traceid_queue() already generated samples and drained
the buffers correctly.
This is visible by looking for a branch that has the same target as the
previous branch and the following source is before the address of the
last target, which is impossible as execution would have had to have
gone backwards:
ffff800080849d40 _find_next_and_bit+0x78 => ffff80008011cadc update_sg_lb_stats+0x94
(packet_queue fills here before a timestamp, resulting in a flush and
branch target ffff80008011cadc is duplicated.)
ffff80008011cb1c update_sg_lb_stats+0xd4 => ffff80008011cadc update_sg_lb_stats+0x94
ffff8000801117c4 cpu_util+0x24 => ffff8000801117d4 cpu_util+0x34
After removing the flush the correct branch target is used for the
second sample, and ffff8000801117c4 is no longer before the previous
address:
ffff800080849d40 _find_next_and_bit+0x78 => ffff80008011cadc update_sg_lb_stats+0x94
ffff80008011cb1c update_sg_lb_stats+0xd4 => ffff8000801117a0 cpu_util+0x0
ffff8000801117c4 cpu_util+0x24 => ffff8000801117d4 cpu_util+0x34
Make sure that a final branch stack is output at the end of the trace
by calling cs_etm__end_block(). This is already done for both the
timeless decode paths.
Fixes: 21fe8dc1191a ("perf cs-etm: Add support for CPU-wide trace scenarios")
Reported-by: Ganapatrao Kulkarni <gankulkarni@os.amperecomputing.com>
Closes: https://lore.kernel.org/all/20240719092619.274730-1-gankulkarni@os.amperecomputing.com/
Reviewed-by: Leo Yan <leo.yan@arm.com>
Signed-off-by: James Clark <james.clark@linaro.org>
Tested-by: Ganapatrao Kulkarni <gankulkarni@os.amperecomputing.com>
Cc: Ben Gainey <ben.gainey@arm.com>
Cc: Suzuki K Poulose <suzuki.poulose@arm.com>
Cc: Will Deacon <will@kernel.org>
Cc: Mathieu Poirier <mathieu.poirier@linaro.org>
Cc: Mike Leach <mike.leach@linaro.org>
Cc: Ruidong Tian <tianruidong@linux.alibaba.com>
Cc: Benjamin Gray <bgray@linux.ibm.com>
Cc: linux-arm-kernel@lists.infradead.org
Cc: coresight@lists.linaro.org
Cc: John Garry <john.g.garry@oracle.com>
Cc: scclevenger@os.amperecomputing.com
Link: https://lore.kernel.org/r/20240916135743.1490403-2-james.clark@linaro.org
Signed-off-by: Namhyung Kim <namhyung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/perf/util/cs-etm.c | 25 ++++++++++++++++++-------
1 file changed, 18 insertions(+), 7 deletions(-)
diff --git a/tools/perf/util/cs-etm.c b/tools/perf/util/cs-etm.c
index 5e9fbcfad7d44..f4615fa4280d8 100644
--- a/tools/perf/util/cs-etm.c
+++ b/tools/perf/util/cs-etm.c
@@ -2439,12 +2439,6 @@ static void cs_etm__clear_all_traceid_queues(struct cs_etm_queue *etmq)
/* Ignore return value */
cs_etm__process_traceid_queue(etmq, tidq);
-
- /*
- * Generate an instruction sample with the remaining
- * branchstack entries.
- */
- cs_etm__flush(etmq, tidq);
}
}
@@ -2587,7 +2581,7 @@ static int cs_etm__process_timestamped_queues(struct cs_etm_auxtrace *etm)
while (1) {
if (!etm->heap.heap_cnt)
- goto out;
+ break;
/* Take the entry at the top of the min heap */
cs_queue_nr = etm->heap.heap_array[0].queue_nr;
@@ -2670,6 +2664,23 @@ static int cs_etm__process_timestamped_queues(struct cs_etm_auxtrace *etm)
ret = auxtrace_heap__add(&etm->heap, cs_queue_nr, cs_timestamp);
}
+ for (i = 0; i < etm->queues.nr_queues; i++) {
+ struct int_node *inode;
+
+ etmq = etm->queues.queue_array[i].priv;
+ if (!etmq)
+ continue;
+
+ intlist__for_each_entry(inode, etmq->traceid_queues_list) {
+ int idx = (int)(intptr_t)inode->priv;
+
+ /* Flush any remaining branch stack entries */
+ tidq = etmq->traceid_queues[idx];
+ ret = cs_etm__end_block(etmq, tidq);
+ if (ret)
+ return ret;
+ }
+ }
out:
return ret;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 482/817] gfs2: Rename GLF_VERIFY_EVICT to GLF_VERIFY_DELETE
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (480 preceding siblings ...)
2024-12-03 14:40 ` [PATCH 6.11 481/817] perf cs-etm: Dont flush when packet_queue fills up Greg Kroah-Hartman
@ 2024-12-03 14:40 ` Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 483/817] gfs2: Allow immediate GLF_VERIFY_DELETE work Greg Kroah-Hartman
` (344 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:40 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Andreas Gruenbacher, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andreas Gruenbacher <agruenba@redhat.com>
[ Upstream commit 820ce8ed53ce2111aa5171f7349f289d7e9d0693 ]
Rename the GLF_VERIFY_EVICT flag to GLF_VERIFY_DELETE: that flag
indicates that we want to delete an inode / verify that it has been
deleted.
To match, rename gfs2_queue_verify_evict() to
gfs2_queue_verify_delete().
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Stable-dep-of: 7c6f714d8847 ("gfs2: Fix unlinked inode cleanup")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/gfs2/glock.c | 14 +++++++-------
fs/gfs2/incore.h | 2 +-
2 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/fs/gfs2/glock.c b/fs/gfs2/glock.c
index 4775c2cb8ae1b..301139db908bf 100644
--- a/fs/gfs2/glock.c
+++ b/fs/gfs2/glock.c
@@ -1013,11 +1013,11 @@ bool gfs2_queue_try_to_evict(struct gfs2_glock *gl)
&gl->gl_delete, 0);
}
-static bool gfs2_queue_verify_evict(struct gfs2_glock *gl)
+static bool gfs2_queue_verify_delete(struct gfs2_glock *gl)
{
struct gfs2_sbd *sdp = gl->gl_name.ln_sbd;
- if (test_and_set_bit(GLF_VERIFY_EVICT, &gl->gl_flags))
+ if (test_and_set_bit(GLF_VERIFY_DELETE, &gl->gl_flags))
return false;
return queue_delayed_work(sdp->sd_delete_wq,
&gl->gl_delete, 5 * HZ);
@@ -1052,19 +1052,19 @@ static void delete_work_func(struct work_struct *work)
if (gfs2_try_evict(gl)) {
if (test_bit(SDF_KILL, &sdp->sd_flags))
goto out;
- if (gfs2_queue_verify_evict(gl))
+ if (gfs2_queue_verify_delete(gl))
return;
}
goto out;
}
- if (test_and_clear_bit(GLF_VERIFY_EVICT, &gl->gl_flags)) {
+ if (test_and_clear_bit(GLF_VERIFY_DELETE, &gl->gl_flags)) {
inode = gfs2_lookup_by_inum(sdp, no_addr, gl->gl_no_formal_ino,
GFS2_BLKST_UNLINKED);
if (IS_ERR(inode)) {
if (PTR_ERR(inode) == -EAGAIN &&
!test_bit(SDF_KILL, &sdp->sd_flags) &&
- gfs2_queue_verify_evict(gl))
+ gfs2_queue_verify_delete(gl))
return;
} else {
d_prune_aliases(inode);
@@ -2116,7 +2116,7 @@ static void glock_hash_walk(glock_examiner examiner, const struct gfs2_sbd *sdp)
void gfs2_cancel_delete_work(struct gfs2_glock *gl)
{
clear_bit(GLF_TRY_TO_EVICT, &gl->gl_flags);
- clear_bit(GLF_VERIFY_EVICT, &gl->gl_flags);
+ clear_bit(GLF_VERIFY_DELETE, &gl->gl_flags);
if (cancel_delayed_work(&gl->gl_delete))
gfs2_glock_put(gl);
}
@@ -2369,7 +2369,7 @@ static const char *gflags2str(char *buf, const struct gfs2_glock *gl)
*p++ = 'N';
if (test_bit(GLF_TRY_TO_EVICT, gflags))
*p++ = 'e';
- if (test_bit(GLF_VERIFY_EVICT, gflags))
+ if (test_bit(GLF_VERIFY_DELETE, gflags))
*p++ = 'E';
*p = 0;
return buf;
diff --git a/fs/gfs2/incore.h b/fs/gfs2/incore.h
index aa4ef67a34e03..bd1348bff90eb 100644
--- a/fs/gfs2/incore.h
+++ b/fs/gfs2/incore.h
@@ -329,7 +329,7 @@ enum {
GLF_BLOCKING = 15,
GLF_UNLOCKED = 16, /* Wait for glock to be unlocked */
GLF_TRY_TO_EVICT = 17, /* iopen glocks only */
- GLF_VERIFY_EVICT = 18, /* iopen glocks only */
+ GLF_VERIFY_DELETE = 18, /* iopen glocks only */
};
struct gfs2_glock {
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 483/817] gfs2: Allow immediate GLF_VERIFY_DELETE work
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (481 preceding siblings ...)
2024-12-03 14:40 ` [PATCH 6.11 482/817] gfs2: Rename GLF_VERIFY_EVICT to GLF_VERIFY_DELETE Greg Kroah-Hartman
@ 2024-12-03 14:40 ` Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 484/817] gfs2: Fix unlinked inode cleanup Greg Kroah-Hartman
` (343 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:40 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Andreas Gruenbacher, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andreas Gruenbacher <agruenba@redhat.com>
[ Upstream commit 160bc9555d8654464cbbd7bb1f6687048471d2f6 ]
Add an argument to gfs2_queue_verify_delete() that allows it to queue
GLF_VERIFY_DELETE work for immediate execution. This is used in the
next patch.
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Stable-dep-of: 7c6f714d8847 ("gfs2: Fix unlinked inode cleanup")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/gfs2/glock.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/fs/gfs2/glock.c b/fs/gfs2/glock.c
index 301139db908bf..b7f5347e4b41b 100644
--- a/fs/gfs2/glock.c
+++ b/fs/gfs2/glock.c
@@ -1013,14 +1013,15 @@ bool gfs2_queue_try_to_evict(struct gfs2_glock *gl)
&gl->gl_delete, 0);
}
-static bool gfs2_queue_verify_delete(struct gfs2_glock *gl)
+static bool gfs2_queue_verify_delete(struct gfs2_glock *gl, bool later)
{
struct gfs2_sbd *sdp = gl->gl_name.ln_sbd;
+ unsigned long delay;
if (test_and_set_bit(GLF_VERIFY_DELETE, &gl->gl_flags))
return false;
- return queue_delayed_work(sdp->sd_delete_wq,
- &gl->gl_delete, 5 * HZ);
+ delay = later ? 5 * HZ : 0;
+ return queue_delayed_work(sdp->sd_delete_wq, &gl->gl_delete, delay);
}
static void delete_work_func(struct work_struct *work)
@@ -1052,7 +1053,7 @@ static void delete_work_func(struct work_struct *work)
if (gfs2_try_evict(gl)) {
if (test_bit(SDF_KILL, &sdp->sd_flags))
goto out;
- if (gfs2_queue_verify_delete(gl))
+ if (gfs2_queue_verify_delete(gl, true))
return;
}
goto out;
@@ -1064,7 +1065,7 @@ static void delete_work_func(struct work_struct *work)
if (IS_ERR(inode)) {
if (PTR_ERR(inode) == -EAGAIN &&
!test_bit(SDF_KILL, &sdp->sd_flags) &&
- gfs2_queue_verify_delete(gl))
+ gfs2_queue_verify_delete(gl, true))
return;
} else {
d_prune_aliases(inode);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 484/817] gfs2: Fix unlinked inode cleanup
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (482 preceding siblings ...)
2024-12-03 14:40 ` [PATCH 6.11 483/817] gfs2: Allow immediate GLF_VERIFY_DELETE work Greg Kroah-Hartman
@ 2024-12-03 14:40 ` Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 485/817] perf test: Add test for Intel TPEBS counting mode Greg Kroah-Hartman
` (342 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:40 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Andreas Gruenbacher, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andreas Gruenbacher <agruenba@redhat.com>
[ Upstream commit 7c6f714d88475ceae5342264858a641eafa19632 ]
Before commit f0e56edc2ec7 ("gfs2: Split the two kinds of glock "delete"
work"), function delete_work_func() was used to trigger the eviction of
in-memory inodes from remote as well as deleting unlinked inodes at a
later point. These two kinds of work were then split into two kinds of
work, and the two places in the code were deferred deletion of inodes is
required accidentally ended up queuing the wrong kind of work. This
caused unlinked inodes to be left behind, which could in the worst case
fill up filesystems and require a filesystem check to recover.
Fix that by queuing the right kind of work in try_rgrp_unlink() and
gfs2_drop_inode().
Fixes: f0e56edc2ec7 ("gfs2: Split the two kinds of glock "delete" work")
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/gfs2/glock.c | 2 +-
fs/gfs2/glock.h | 1 +
fs/gfs2/rgrp.c | 2 +-
fs/gfs2/super.c | 2 +-
4 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/fs/gfs2/glock.c b/fs/gfs2/glock.c
index b7f5347e4b41b..3af6120d55b51 100644
--- a/fs/gfs2/glock.c
+++ b/fs/gfs2/glock.c
@@ -1013,7 +1013,7 @@ bool gfs2_queue_try_to_evict(struct gfs2_glock *gl)
&gl->gl_delete, 0);
}
-static bool gfs2_queue_verify_delete(struct gfs2_glock *gl, bool later)
+bool gfs2_queue_verify_delete(struct gfs2_glock *gl, bool later)
{
struct gfs2_sbd *sdp = gl->gl_name.ln_sbd;
unsigned long delay;
diff --git a/fs/gfs2/glock.h b/fs/gfs2/glock.h
index adf0091cc98f9..63e101d448e96 100644
--- a/fs/gfs2/glock.h
+++ b/fs/gfs2/glock.h
@@ -245,6 +245,7 @@ static inline int gfs2_glock_nq_init(struct gfs2_glock *gl,
void gfs2_glock_cb(struct gfs2_glock *gl, unsigned int state);
void gfs2_glock_complete(struct gfs2_glock *gl, int ret);
bool gfs2_queue_try_to_evict(struct gfs2_glock *gl);
+bool gfs2_queue_verify_delete(struct gfs2_glock *gl, bool later);
void gfs2_cancel_delete_work(struct gfs2_glock *gl);
void gfs2_flush_delete_work(struct gfs2_sbd *sdp);
void gfs2_gl_hash_clear(struct gfs2_sbd *sdp);
diff --git a/fs/gfs2/rgrp.c b/fs/gfs2/rgrp.c
index 29c7728167652..5393031297153 100644
--- a/fs/gfs2/rgrp.c
+++ b/fs/gfs2/rgrp.c
@@ -1879,7 +1879,7 @@ static void try_rgrp_unlink(struct gfs2_rgrpd *rgd, u64 *last_unlinked, u64 skip
*/
ip = gl->gl_object;
- if (ip || !gfs2_queue_try_to_evict(gl))
+ if (ip || !gfs2_queue_verify_delete(gl, false))
gfs2_glock_put(gl);
else
found++;
diff --git a/fs/gfs2/super.c b/fs/gfs2/super.c
index 6678060ed4d2b..e22c1edc32b39 100644
--- a/fs/gfs2/super.c
+++ b/fs/gfs2/super.c
@@ -1045,7 +1045,7 @@ static int gfs2_drop_inode(struct inode *inode)
struct gfs2_glock *gl = ip->i_iopen_gh.gh_gl;
gfs2_glock_hold(gl);
- if (!gfs2_queue_try_to_evict(gl))
+ if (!gfs2_queue_verify_delete(gl, true))
gfs2_glock_put_async(gl);
return 0;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 485/817] perf test: Add test for Intel TPEBS counting mode
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (483 preceding siblings ...)
2024-12-03 14:40 ` [PATCH 6.11 484/817] gfs2: Fix unlinked inode cleanup Greg Kroah-Hartman
@ 2024-12-03 14:40 ` Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 486/817] perf stat: Uniquify event name improvements Greg Kroah-Hartman
` (341 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Namhyung Kim, Weilin Wang,
Ian Rogers, Arnaldo Carvalho de Melo, Adrian Hunter,
Alexander Shishkin, Caleb Biggers, Ingo Molnar, Jiri Olsa,
Kan Liang, Perry Taylor, Peter Zijlstra, Samantha Alt,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Weilin Wang <weilin.wang@intel.com>
[ Upstream commit b2738fda24543777a623a7d1cc2a9985ab81b448 ]
Intel TPEBS sampling mode is supported through perf record. The counting mode
code uses perf record to capture retire_latency value and use it in metric
calculation. This test checks the counting mode code on Intel platforms.
Committer testing:
root@x1:~# perf test tpebs
123: test Intel TPEBS counting mode : Ok
root@x1:~# set -o vi
root@x1:~# perf test tpebs
123: test Intel TPEBS counting mode : Ok
root@x1:~# perf test -v tpebs
123: test Intel TPEBS counting mode : Ok
root@x1:~# perf test -vvv tpebs
123: test Intel TPEBS counting mode:
--- start ---
test child forked, pid 16603
Testing without --record-tpebs
Testing with --record-tpebs
---- end(0) ----
123: test Intel TPEBS counting mode : Ok
root@x1:~#
Reviewed-by: Namhyung Kim <namhyung@kernel.org>
Signed-off-by: Weilin Wang <weilin.wang@intel.com>
Acked-by: Ian Rogers <irogers@google.com>
Tested-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Caleb Biggers <caleb.biggers@intel.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Kan Liang <kan.liang@linux.intel.com>
Cc: Perry Taylor <perry.taylor@intel.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Samantha Alt <samantha.alt@intel.com>
Link: https://lore.kernel.org/r/20240720062102.444578-9-weilin.wang@intel.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Stable-dep-of: 057f8bfc6f70 ("perf stat: Uniquify event name improvements")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../perf/tests/shell/test_stat_intel_tpebs.sh | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
create mode 100755 tools/perf/tests/shell/test_stat_intel_tpebs.sh
diff --git a/tools/perf/tests/shell/test_stat_intel_tpebs.sh b/tools/perf/tests/shell/test_stat_intel_tpebs.sh
new file mode 100755
index 0000000000000..c60b29add9801
--- /dev/null
+++ b/tools/perf/tests/shell/test_stat_intel_tpebs.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+# test Intel TPEBS counting mode
+# SPDX-License-Identifier: GPL-2.0
+
+set -e
+grep -q GenuineIntel /proc/cpuinfo || { echo Skipping non-Intel; exit 2; }
+
+# Use this event for testing because it should exist in all platforms
+event=cache-misses:R
+
+# Without this cmd option, default value or zero is returned
+echo "Testing without --record-tpebs"
+result=$(perf stat -e "$event" true 2>&1)
+[[ "$result" =~ $event ]] || exit 1
+
+# In platforms that do not support TPEBS, it should execute without error.
+echo "Testing with --record-tpebs"
+result=$(perf stat -e "$event" --record-tpebs -a sleep 0.01 2>&1)
+[[ "$result" =~ "perf record" && "$result" =~ $event ]] || exit 1
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 486/817] perf stat: Uniquify event name improvements
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (484 preceding siblings ...)
2024-12-03 14:40 ` [PATCH 6.11 485/817] perf test: Add test for Intel TPEBS counting mode Greg Kroah-Hartman
@ 2024-12-03 14:40 ` Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 487/817] perf mem: Fix printing PERF_MEM_LVLNUM_{L2_MHB|MSC} Greg Kroah-Hartman
` (340 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Namhyung Kim, Ian Rogers, Kan Liang,
James Clark, Yang Jihong, Dominique Martinet, Colin Ian King,
Howard Chu, Ze Gao, Yicong Yang, Weilin Wang, Will Deacon,
Mike Leach, Jing Zhang, Yang Li, Leo Yan, ak, Athira Rajeev,
linux-arm-kernel, Sun Haiyong, John Garry, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ian Rogers <irogers@google.com>
[ Upstream commit 057f8bfc6f7070577523d1e3081081bbf4229c1c ]
Without aggregation on Intel:
```
$ perf stat -e instructions,cycles ...
```
Will use "cycles" for the name of the legacy cycles event but as
"instructions" has a sysfs name it will and a "[cpu]" PMU suffix. This
often breaks things as the space between the event and the PMU name
look like an extra column. The existing uniquify logic was also
uniquifying in cases when all events are core and not with uncore
events, it was not correctly handling modifiers, etc.
Change the logic so that an initial pass that can disable
uniquification is run. For individual counters, disable uniquification
in more cases such as for consistency with legacy events or for
libpfm4 events. Don't use the "[pmu]" style suffix in uniquification,
always use "pmu/.../". Change how modifiers/terms are handled in the
uniquification so that they look like parse-able events.
This fixes "102: perf stat metrics (shadow stat) test:" that has been
failing due to "instructions [cpu]" breaking its column/awk logic when
values aren't aggregated. This started happening when instructions
could match a sysfs rather than a legacy event, so the fixes tag
reflects this.
Fixes: 617824a7f0f7 ("perf parse-events: Prefer sysfs/JSON hardware events over legacy")
Acked-by: Namhyung Kim <namhyung@kernel.org>
Signed-off-by: Ian Rogers <irogers@google.com>
[ Fix Intel TPEBS counting mode test ]
Acked-by: Kan Liang <kan.liang@linux.intel.com>
Signed-off-by: James Clark <james.clark@linaro.org>
Cc: Yang Jihong <yangjihong@bytedance.com>
Cc: Dominique Martinet <asmadeus@codewreck.org>
Cc: Colin Ian King <colin.i.king@gmail.com>
Cc: Howard Chu <howardchu95@gmail.com>
Cc: Ze Gao <zegao2021@gmail.com>
Cc: Yicong Yang <yangyicong@hisilicon.com>
Cc: Weilin Wang <weilin.wang@intel.com>
Cc: Will Deacon <will@kernel.org>
Cc: Mike Leach <mike.leach@linaro.org>
Cc: Jing Zhang <renyu.zj@linux.alibaba.com>
Cc: Yang Li <yang.lee@linux.alibaba.com>
Cc: Leo Yan <leo.yan@linux.dev>
Cc: ak@linux.intel.com
Cc: Athira Rajeev <atrajeev@linux.vnet.ibm.com>
Cc: linux-arm-kernel@lists.infradead.org
Cc: Sun Haiyong <sunhaiyong@loongson.cn>
Cc: John Garry <john.g.garry@oracle.com>
Link: https://lore.kernel.org/r/20240926144851.245903-3-james.clark@linaro.org
Signed-off-by: Namhyung Kim <namhyung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../perf/tests/shell/test_stat_intel_tpebs.sh | 11 +-
tools/perf/util/stat-display.c | 101 ++++++++++++++----
2 files changed, 85 insertions(+), 27 deletions(-)
diff --git a/tools/perf/tests/shell/test_stat_intel_tpebs.sh b/tools/perf/tests/shell/test_stat_intel_tpebs.sh
index c60b29add9801..9a11f42d153ca 100755
--- a/tools/perf/tests/shell/test_stat_intel_tpebs.sh
+++ b/tools/perf/tests/shell/test_stat_intel_tpebs.sh
@@ -8,12 +8,15 @@ grep -q GenuineIntel /proc/cpuinfo || { echo Skipping non-Intel; exit 2; }
# Use this event for testing because it should exist in all platforms
event=cache-misses:R
+# Hybrid platforms output like "cpu_atom/cache-misses/R", rather than as above
+alt_name=/cache-misses/R
+
# Without this cmd option, default value or zero is returned
-echo "Testing without --record-tpebs"
-result=$(perf stat -e "$event" true 2>&1)
-[[ "$result" =~ $event ]] || exit 1
+#echo "Testing without --record-tpebs"
+#result=$(perf stat -e "$event" true 2>&1)
+#[[ "$result" =~ $event || "$result" =~ $alt_name ]] || exit 1
# In platforms that do not support TPEBS, it should execute without error.
echo "Testing with --record-tpebs"
result=$(perf stat -e "$event" --record-tpebs -a sleep 0.01 2>&1)
-[[ "$result" =~ "perf record" && "$result" =~ $event ]] || exit 1
+[[ "$result" =~ "perf record" && "$result" =~ $event || "$result" =~ $alt_name ]] || exit 1
diff --git a/tools/perf/util/stat-display.c b/tools/perf/util/stat-display.c
index ea96e4ebad8c8..cbff43ff8d0fb 100644
--- a/tools/perf/util/stat-display.c
+++ b/tools/perf/util/stat-display.c
@@ -871,38 +871,66 @@ static void printout(struct perf_stat_config *config, struct outstate *os,
static void uniquify_event_name(struct evsel *counter)
{
- char *new_name;
- char *config;
- int ret = 0;
+ const char *name, *pmu_name;
+ char *new_name, *config;
+ int ret;
- if (counter->uniquified_name || counter->use_config_name ||
- !counter->pmu_name || !strncmp(evsel__name(counter), counter->pmu_name,
- strlen(counter->pmu_name)))
+ /* The evsel was already uniquified. */
+ if (counter->uniquified_name)
return;
- config = strchr(counter->name, '/');
+ /* Avoid checking to uniquify twice. */
+ counter->uniquified_name = true;
+
+ /* The evsel has a "name=" config term or is from libpfm. */
+ if (counter->use_config_name || counter->is_libpfm_event)
+ return;
+
+ /* Legacy no PMU event, don't uniquify. */
+ if (!counter->pmu ||
+ (counter->pmu->type < PERF_TYPE_MAX && counter->pmu->type != PERF_TYPE_RAW))
+ return;
+
+ /* A sysfs or json event replacing a legacy event, don't uniquify. */
+ if (counter->pmu->is_core && counter->alternate_hw_config != PERF_COUNT_HW_MAX)
+ return;
+
+ name = evsel__name(counter);
+ pmu_name = counter->pmu->name;
+ /* Already prefixed by the PMU name. */
+ if (!strncmp(name, pmu_name, strlen(pmu_name)))
+ return;
+
+ config = strchr(name, '/');
if (config) {
- if (asprintf(&new_name,
- "%s%s", counter->pmu_name, config) > 0) {
- free(counter->name);
- counter->name = new_name;
- }
- } else {
- if (evsel__is_hybrid(counter)) {
- ret = asprintf(&new_name, "%s/%s/",
- counter->pmu_name, counter->name);
+ int len = config - name;
+
+ if (config[1] == '/') {
+ /* case: event// */
+ ret = asprintf(&new_name, "%s/%.*s/%s", pmu_name, len, name, config + 2);
} else {
- ret = asprintf(&new_name, "%s [%s]",
- counter->name, counter->pmu_name);
+ /* case: event/.../ */
+ ret = asprintf(&new_name, "%s/%.*s,%s", pmu_name, len, name, config + 1);
}
+ } else {
+ config = strchr(name, ':');
+ if (config) {
+ /* case: event:.. */
+ int len = config - name;
- if (ret) {
- free(counter->name);
- counter->name = new_name;
+ ret = asprintf(&new_name, "%s/%.*s/%s", pmu_name, len, name, config + 1);
+ } else {
+ /* case: event */
+ ret = asprintf(&new_name, "%s/%s/", pmu_name, name);
}
}
-
- counter->uniquified_name = true;
+ if (ret > 0) {
+ free(counter->name);
+ counter->name = new_name;
+ } else {
+ /* ENOMEM from asprintf. */
+ counter->uniquified_name = false;
+ }
}
static bool hybrid_uniquify(struct evsel *evsel, struct perf_stat_config *config)
@@ -1559,6 +1587,31 @@ static void print_cgroup_counter(struct perf_stat_config *config, struct evlist
print_metric_end(config, os);
}
+static void disable_uniquify(struct evlist *evlist)
+{
+ struct evsel *counter;
+ struct perf_pmu *last_pmu = NULL;
+ bool first = true;
+
+ evlist__for_each_entry(evlist, counter) {
+ /* If PMUs vary then uniquify can be useful. */
+ if (!first && counter->pmu != last_pmu)
+ return;
+ first = false;
+ if (counter->pmu) {
+ /* Allow uniquify for uncore PMUs. */
+ if (!counter->pmu->is_core)
+ return;
+ /* Keep hybrid event names uniquified for clarity. */
+ if (perf_pmus__num_core_pmus() > 1)
+ return;
+ }
+ }
+ evlist__for_each_entry_continue(evlist, counter) {
+ counter->uniquified_name = true;
+ }
+}
+
void evlist__print_counters(struct evlist *evlist, struct perf_stat_config *config,
struct target *_target, struct timespec *ts,
int argc, const char **argv)
@@ -1572,6 +1625,8 @@ void evlist__print_counters(struct evlist *evlist, struct perf_stat_config *conf
.first = true,
};
+ disable_uniquify(evlist);
+
if (config->iostat_run)
evlist->selected = evlist__first(evlist);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 487/817] perf mem: Fix printing PERF_MEM_LVLNUM_{L2_MHB|MSC}
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (485 preceding siblings ...)
2024-12-03 14:40 ` [PATCH 6.11 486/817] perf stat: Uniquify event name improvements Greg Kroah-Hartman
@ 2024-12-03 14:40 ` Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 488/817] PCI: Fix reset_method_store() memory leak Greg Kroah-Hartman
` (339 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Kan Liang, Thomas Falcon, Leo Yan,
Namhyung Kim, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thomas Falcon <thomas.falcon@intel.com>
[ Upstream commit 4f23fc34cc68812c68c3a3dec15e26e87565f430 ]
With commit 8ec9497d3ef34 ("tools/include: Sync uapi/linux/perf.h
with the kernel sources"), 'perf mem report' gives an incorrect memory
access string.
...
0.02% 1 3644 L5 hit [.] 0x0000000000009b0e mlc [.] 0x00007fce43f59480
...
This occurs because, if no entry exists in mem_lvlnum, perf_mem__lvl_scnprintf
will default to 'L%d, lvl', which in this case for PERF_MEM_LVLNUM_L2_MHB is 0x05.
Add entries for PERF_MEM_LVLNUM_L2_MHB and PERF_MEM_LVLNUM_MSC to mem_lvlnum,
so that the correct strings are printed.
...
0.02% 1 3644 L2 MHB hit [.] 0x0000000000009b0e mlc [.] 0x00007fce43f59480
...
Fixes: 8ec9497d3ef34 ("tools/include: Sync uapi/linux/perf.h with the kernel sources")
Suggested-by: Kan Liang <kan.liang@linux.intel.com>
Signed-off-by: Thomas Falcon <thomas.falcon@intel.com>
Reviewed-by: Leo Yan <leo.yan@arm.com>
Link: https://lore.kernel.org/r/20240926144040.77897-1-thomas.falcon@intel.com
Signed-off-by: Namhyung Kim <namhyung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/perf/util/mem-events.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/tools/perf/util/mem-events.c b/tools/perf/util/mem-events.c
index 051feb93ed8d4..bf5090f5220bb 100644
--- a/tools/perf/util/mem-events.c
+++ b/tools/perf/util/mem-events.c
@@ -366,6 +366,12 @@ static const char * const mem_lvl[] = {
};
static const char * const mem_lvlnum[] = {
+ [PERF_MEM_LVLNUM_L1] = "L1",
+ [PERF_MEM_LVLNUM_L2] = "L2",
+ [PERF_MEM_LVLNUM_L3] = "L3",
+ [PERF_MEM_LVLNUM_L4] = "L4",
+ [PERF_MEM_LVLNUM_L2_MHB] = "L2 MHB",
+ [PERF_MEM_LVLNUM_MSC] = "Memory-side Cache",
[PERF_MEM_LVLNUM_UNC] = "Uncached",
[PERF_MEM_LVLNUM_CXL] = "CXL",
[PERF_MEM_LVLNUM_IO] = "I/O",
@@ -448,7 +454,7 @@ int perf_mem__lvl_scnprintf(char *out, size_t sz, const struct mem_info *mem_inf
if (mem_lvlnum[lvl])
l += scnprintf(out + l, sz - l, mem_lvlnum[lvl]);
else
- l += scnprintf(out + l, sz - l, "L%d", lvl);
+ l += scnprintf(out + l, sz - l, "Unknown level %d", lvl);
l += scnprintf(out + l, sz - l, " %s", hit_miss);
return l;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 488/817] PCI: Fix reset_method_store() memory leak
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (486 preceding siblings ...)
2024-12-03 14:40 ` [PATCH 6.11 487/817] perf mem: Fix printing PERF_MEM_LVLNUM_{L2_MHB|MSC} Greg Kroah-Hartman
@ 2024-12-03 14:41 ` Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 489/817] perf stat: Close cork_fd when create_perf_stat_counter() failed Greg Kroah-Hartman
` (338 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:41 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Todd Kjos, Bjorn Helgaas,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Todd Kjos <tkjos@google.com>
[ Upstream commit 2985b1844f3f3447f2d938eff1ef6762592065a5 ]
In reset_method_store(), a string is allocated via kstrndup() and assigned
to the local "options". options is then used in with strsep() to find
spaces:
while ((name = strsep(&options, " ")) != NULL) {
If there are no remaining spaces, then options is set to NULL by strsep(),
so the subsequent kfree(options) doesn't free the memory allocated via
kstrndup().
Fix by using a separate tmp_options to iterate with strsep() so options is
preserved.
Link: https://lore.kernel.org/r/20241001231147.3583649-1-tkjos@google.com
Fixes: d88f521da3ef ("PCI: Allow userspace to query and set device reset mechanism")
Signed-off-by: Todd Kjos <tkjos@google.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/pci.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c
index 51407c376a222..1a720cae37a1e 100644
--- a/drivers/pci/pci.c
+++ b/drivers/pci/pci.c
@@ -5233,7 +5233,7 @@ static ssize_t reset_method_store(struct device *dev,
const char *buf, size_t count)
{
struct pci_dev *pdev = to_pci_dev(dev);
- char *options, *name;
+ char *options, *tmp_options, *name;
int m, n;
u8 reset_methods[PCI_NUM_RESET_METHODS] = { 0 };
@@ -5253,7 +5253,8 @@ static ssize_t reset_method_store(struct device *dev,
return -ENOMEM;
n = 0;
- while ((name = strsep(&options, " ")) != NULL) {
+ tmp_options = options;
+ while ((name = strsep(&tmp_options, " ")) != NULL) {
if (sysfs_streq(name, ""))
continue;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 489/817] perf stat: Close cork_fd when create_perf_stat_counter() failed
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (487 preceding siblings ...)
2024-12-03 14:41 ` [PATCH 6.11 488/817] PCI: Fix reset_method_store() memory leak Greg Kroah-Hartman
@ 2024-12-03 14:41 ` Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 490/817] perf stat: Fix affinity memory leaks on error path Greg Kroah-Hartman
` (337 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Levi Yun, James Clark, Andi Kleen,
nd, howardchu95, Namhyung Kim, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Levi Yun <yeoreum.yun@arm.com>
[ Upstream commit e880a70f8046df0dd9089fa60dcb866a2cc69194 ]
When create_perf_stat_counter() failed, it doesn't close workload.cork_fd
open in evlist__prepare_workload(). This could make too many open file
error while __run_perf_stat() repeats.
Introduce evlist__cancel_workload to close workload.cork_fd and
wait workload.child_pid until exit to clear child process
when create_perf_stat_counter() is failed.
Signed-off-by: Levi Yun <yeoreum.yun@arm.com>
Reviewed-by: James Clark <james.clark@linaro.org>
Reviewed-by: Andi Kleen <ak@linux.intel.com>
Cc: nd@arm.com
Cc: howardchu95@gmail.com
Link: https://lore.kernel.org/r/20240925132022.2650180-2-yeoreum.yun@arm.com
Signed-off-by: Namhyung Kim <namhyung@kernel.org>
Stable-dep-of: 7f6ccb70e465 ("perf stat: Fix affinity memory leaks on error path")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/perf/builtin-stat.c | 50 +++++++++++++++++++++++++++------------
tools/perf/util/evlist.c | 19 +++++++++++++--
tools/perf/util/evlist.h | 1 +
3 files changed, 53 insertions(+), 17 deletions(-)
diff --git a/tools/perf/builtin-stat.c b/tools/perf/builtin-stat.c
index 661832756a248..d0cbd1477dfcc 100644
--- a/tools/perf/builtin-stat.c
+++ b/tools/perf/builtin-stat.c
@@ -712,15 +712,19 @@ static int __run_perf_stat(int argc, const char **argv, int run_idx)
}
if (!cpu_map__is_dummy(evsel_list->core.user_requested_cpus)) {
- if (affinity__setup(&saved_affinity) < 0)
- return -1;
+ if (affinity__setup(&saved_affinity) < 0) {
+ err = -1;
+ goto err_out;
+ }
affinity = &saved_affinity;
}
evlist__for_each_entry(evsel_list, counter) {
counter->reset_group = false;
- if (bpf_counter__load(counter, &target))
- return -1;
+ if (bpf_counter__load(counter, &target)) {
+ err = -1;
+ goto err_out;
+ }
if (!(evsel__is_bperf(counter)))
all_counters_use_bpf = false;
}
@@ -763,7 +767,8 @@ static int __run_perf_stat(int argc, const char **argv, int run_idx)
switch (stat_handle_error(counter)) {
case COUNTER_FATAL:
- return -1;
+ err = -1;
+ goto err_out;
case COUNTER_RETRY:
goto try_again;
case COUNTER_SKIP:
@@ -804,7 +809,8 @@ static int __run_perf_stat(int argc, const char **argv, int run_idx)
switch (stat_handle_error(counter)) {
case COUNTER_FATAL:
- return -1;
+ err = -1;
+ goto err_out;
case COUNTER_RETRY:
goto try_again_reset;
case COUNTER_SKIP:
@@ -829,8 +835,10 @@ static int __run_perf_stat(int argc, const char **argv, int run_idx)
stat_config.unit_width = l;
if (evsel__should_store_id(counter) &&
- evsel__store_ids(counter, evsel_list))
- return -1;
+ evsel__store_ids(counter, evsel_list)) {
+ err = -1;
+ goto err_out;
+ }
}
if (evlist__apply_filters(evsel_list, &counter)) {
@@ -851,20 +859,23 @@ static int __run_perf_stat(int argc, const char **argv, int run_idx)
}
if (err < 0)
- return err;
+ goto err_out;
err = perf_event__synthesize_stat_events(&stat_config, NULL, evsel_list,
process_synthesized_event, is_pipe);
if (err < 0)
- return err;
+ goto err_out;
+
}
if (target.initial_delay) {
pr_info(EVLIST_DISABLED_MSG);
} else {
err = enable_counters();
- if (err)
- return -1;
+ if (err) {
+ err = -1;
+ goto err_out;
+ }
}
/* Exec the command, if any */
@@ -874,8 +885,10 @@ static int __run_perf_stat(int argc, const char **argv, int run_idx)
if (target.initial_delay > 0) {
usleep(target.initial_delay * USEC_PER_MSEC);
err = enable_counters();
- if (err)
- return -1;
+ if (err) {
+ err = -1;
+ goto err_out;
+ }
pr_info(EVLIST_ENABLED_MSG);
}
@@ -895,7 +908,8 @@ static int __run_perf_stat(int argc, const char **argv, int run_idx)
if (workload_exec_errno) {
const char *emsg = str_error_r(workload_exec_errno, msg, sizeof(msg));
pr_err("Workload failed: %s\n", emsg);
- return -1;
+ err = -1;
+ goto err_out;
}
if (WIFSIGNALED(status))
@@ -942,6 +956,12 @@ static int __run_perf_stat(int argc, const char **argv, int run_idx)
evlist__close(evsel_list);
return WEXITSTATUS(status);
+
+err_out:
+ if (forks)
+ evlist__cancel_workload(evsel_list);
+
+ return err;
}
static int run_perf_stat(int argc, const char **argv, int run_idx)
diff --git a/tools/perf/util/evlist.c b/tools/perf/util/evlist.c
index 3a719edafc7ad..6c4227e9832fa 100644
--- a/tools/perf/util/evlist.c
+++ b/tools/perf/util/evlist.c
@@ -46,6 +46,7 @@
#include <sys/mman.h>
#include <sys/prctl.h>
#include <sys/timerfd.h>
+#include <sys/wait.h>
#include <linux/bitops.h>
#include <linux/hash.h>
@@ -1413,6 +1414,8 @@ int evlist__prepare_workload(struct evlist *evlist, struct target *target, const
int child_ready_pipe[2], go_pipe[2];
char bf;
+ evlist->workload.cork_fd = -1;
+
if (pipe(child_ready_pipe) < 0) {
perror("failed to create 'ready' pipe");
return -1;
@@ -1465,7 +1468,7 @@ int evlist__prepare_workload(struct evlist *evlist, struct target *target, const
* For cancelling the workload without actually running it,
* the parent will just close workload.cork_fd, without writing
* anything, i.e. read will return zero and we just exit()
- * here.
+ * here (See evlist__cancel_workload()).
*/
if (ret != 1) {
if (ret == -1)
@@ -1529,7 +1532,7 @@ int evlist__prepare_workload(struct evlist *evlist, struct target *target, const
int evlist__start_workload(struct evlist *evlist)
{
- if (evlist->workload.cork_fd > 0) {
+ if (evlist->workload.cork_fd >= 0) {
char bf = 0;
int ret;
/*
@@ -1540,12 +1543,24 @@ int evlist__start_workload(struct evlist *evlist)
perror("unable to write to pipe");
close(evlist->workload.cork_fd);
+ evlist->workload.cork_fd = -1;
return ret;
}
return 0;
}
+void evlist__cancel_workload(struct evlist *evlist)
+{
+ int status;
+
+ if (evlist->workload.cork_fd >= 0) {
+ close(evlist->workload.cork_fd);
+ evlist->workload.cork_fd = -1;
+ waitpid(evlist->workload.pid, &status, WNOHANG);
+ }
+}
+
int evlist__parse_sample(struct evlist *evlist, union perf_event *event, struct perf_sample *sample)
{
struct evsel *evsel = evlist__event2evsel(evlist, event);
diff --git a/tools/perf/util/evlist.h b/tools/perf/util/evlist.h
index cb91dc9117a27..12f929ffdf920 100644
--- a/tools/perf/util/evlist.h
+++ b/tools/perf/util/evlist.h
@@ -184,6 +184,7 @@ int evlist__prepare_workload(struct evlist *evlist, struct target *target,
const char *argv[], bool pipe_output,
void (*exec_error)(int signo, siginfo_t *info, void *ucontext));
int evlist__start_workload(struct evlist *evlist);
+void evlist__cancel_workload(struct evlist *evlist);
struct option;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 490/817] perf stat: Fix affinity memory leaks on error path
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (488 preceding siblings ...)
2024-12-03 14:41 ` [PATCH 6.11 489/817] perf stat: Close cork_fd when create_perf_stat_counter() failed Greg Kroah-Hartman
@ 2024-12-03 14:41 ` Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 491/817] perf trace: Keep exited threads for summary Greg Kroah-Hartman
` (336 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:41 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Ian Rogers, Namhyung Kim,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ian Rogers <irogers@google.com>
[ Upstream commit 7f6ccb70e465bd8c9cf8973aee1c01224e4bdb3c ]
Missed cleanup when an error occurs.
Fixes: 49de179577e7 ("perf stat: No need to setup affinities when starting a workload")
Signed-off-by: Ian Rogers <irogers@google.com>
Link: https://lore.kernel.org/r/20241001052327.7052-2-irogers@google.com
Signed-off-by: Namhyung Kim <namhyung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/perf/builtin-stat.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/tools/perf/builtin-stat.c b/tools/perf/builtin-stat.c
index d0cbd1477dfcc..668a8ad2bf604 100644
--- a/tools/perf/builtin-stat.c
+++ b/tools/perf/builtin-stat.c
@@ -823,6 +823,7 @@ static int __run_perf_stat(int argc, const char **argv, int run_idx)
}
}
affinity__cleanup(affinity);
+ affinity = NULL;
evlist__for_each_entry(evsel_list, counter) {
if (!counter->supported) {
@@ -961,6 +962,7 @@ static int __run_perf_stat(int argc, const char **argv, int run_idx)
if (forks)
evlist__cancel_workload(evsel_list);
+ affinity__cleanup(affinity);
return err;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 491/817] perf trace: Keep exited threads for summary
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (489 preceding siblings ...)
2024-12-03 14:41 ` [PATCH 6.11 490/817] perf stat: Fix affinity memory leaks on error path Greg Kroah-Hartman
@ 2024-12-03 14:41 ` Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 492/817] perf test attr: Add back missing topdown events Greg Kroah-Hartman
` (335 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Veronika Molnarova, Michael Petlan,
Namhyung Kim, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michael Petlan <mpetlan@redhat.com>
[ Upstream commit d29d92df410e2fb523f640478b18f70c1823e55e ]
Since 9ffa6c7512ca ("perf machine thread: Remove exited threads by
default") perf cleans exited threads up, but as said, sometimes they
are necessary to be kept. The mentioned commit does not cover all the
cases, we also need the information to construct the summary table in
perf-trace.
Before:
# perf trace -s true
Summary of events:
After:
# perf trace -s -- true
Summary of events:
true (383382), 64 events, 91.4%
syscall calls errors total min avg max stddev
(msec) (msec) (msec) (msec) (%)
--------------- -------- ------ -------- --------- --------- --------- ------
mmap 8 0 0.150 0.013 0.019 0.031 11.90%
mprotect 3 0 0.045 0.014 0.015 0.017 6.47%
openat 2 0 0.014 0.006 0.007 0.007 9.73%
munmap 1 0 0.009 0.009 0.009 0.009 0.00%
access 1 1 0.009 0.009 0.009 0.009 0.00%
pread64 4 0 0.006 0.001 0.001 0.002 4.53%
fstat 2 0 0.005 0.001 0.002 0.003 37.59%
arch_prctl 2 1 0.003 0.001 0.002 0.002 25.91%
read 1 0 0.003 0.003 0.003 0.003 0.00%
close 2 0 0.003 0.001 0.001 0.001 3.86%
brk 1 0 0.002 0.002 0.002 0.002 0.00%
rseq 1 0 0.001 0.001 0.001 0.001 0.00%
prlimit64 1 0 0.001 0.001 0.001 0.001 0.00%
set_robust_list 1 0 0.001 0.001 0.001 0.001 0.00%
set_tid_address 1 0 0.001 0.001 0.001 0.001 0.00%
execve 1 0 0.000 0.000 0.000 0.000 0.00%
[namhyung: simplified the condition]
Fixes: 9ffa6c7512ca ("perf machine thread: Remove exited threads by default")
Reported-by: Veronika Molnarova <vmolnaro@redhat.com>
Signed-off-by: Michael Petlan <mpetlan@redhat.com>
Link: https://lore.kernel.org/r/20240927151926.399474-1-mpetlan@redhat.com
Signed-off-by: Namhyung Kim <namhyung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/perf/builtin-trace.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/tools/perf/builtin-trace.c b/tools/perf/builtin-trace.c
index 8449f2beb54d7..19db23f78b199 100644
--- a/tools/perf/builtin-trace.c
+++ b/tools/perf/builtin-trace.c
@@ -5038,6 +5038,10 @@ int cmd_trace(int argc, const char **argv)
if (trace.summary_only)
trace.summary = trace.summary_only;
+ /* Keep exited threads, otherwise information might be lost for summary */
+ if (trace.summary)
+ symbol_conf.keep_exited_threads = true;
+
if (output_name != NULL) {
err = trace__open_output(&trace, output_name);
if (err < 0) {
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 492/817] perf test attr: Add back missing topdown events
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (490 preceding siblings ...)
2024-12-03 14:41 ` [PATCH 6.11 491/817] perf trace: Keep exited threads for summary Greg Kroah-Hartman
@ 2024-12-03 14:41 ` Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 493/817] f2fs: compress: fix inconsistent update of i_blocks in release_compress_blocks and reserve_compress_blocks Greg Kroah-Hartman
` (334 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Veronika Molnarova, Ian Rogers,
mpetlan, Namhyung Kim, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Veronika Molnarova <vmolnaro@redhat.com>
[ Upstream commit 6bff76af9635411214ca44ea38fc2781e78064b6 ]
With the patch 0b6c5371c03c "Add missing topdown metrics events" eight
topdown metric events with numbers ranging from 0x8000 to 0x8700 were
added to the test since they were added as 'perf stat' default events.
Later the patch 951efb9976ce "Update no event/metric expectations" kept
only 4 of those events(0x8000-0x8300).
Currently, the topdown events with numbers 0x8400 to 0x8700 are missing
from the list of expected events resulting in a failure. Add back the
missing topdown events.
Fixes: 951efb9976ce ("perf test attr: Update no event/metric expectations")
Signed-off-by: Veronika Molnarova <vmolnaro@redhat.com>
Tested-by: Ian Rogers <irogers@google.com>
Cc: mpetlan@redhat.com
Link: https://lore.kernel.org/r/20240311081611.7835-1-vmolnaro@redhat.com
Signed-off-by: Namhyung Kim <namhyung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/perf/tests/attr/test-stat-default | 90 ++++++++++----
tools/perf/tests/attr/test-stat-detailed-1 | 106 +++++++++++-----
tools/perf/tests/attr/test-stat-detailed-2 | 130 ++++++++++++-------
tools/perf/tests/attr/test-stat-detailed-3 | 138 ++++++++++++++-------
4 files changed, 320 insertions(+), 144 deletions(-)
diff --git a/tools/perf/tests/attr/test-stat-default b/tools/perf/tests/attr/test-stat-default
index a1e2da0a9a6dd..e47fb49446799 100644
--- a/tools/perf/tests/attr/test-stat-default
+++ b/tools/perf/tests/attr/test-stat-default
@@ -88,98 +88,142 @@ enable_on_exec=0
read_format=15
optional=1
-# PERF_TYPE_RAW / topdown-fe-bound (0x8200)
+# PERF_TYPE_RAW / topdown-bad-spec (0x8100)
[event13:base-stat]
fd=13
group_fd=11
type=4
-config=33280
+config=33024
disabled=0
enable_on_exec=0
read_format=15
optional=1
-# PERF_TYPE_RAW / topdown-be-bound (0x8300)
+# PERF_TYPE_RAW / topdown-fe-bound (0x8200)
[event14:base-stat]
fd=14
group_fd=11
type=4
-config=33536
+config=33280
disabled=0
enable_on_exec=0
read_format=15
optional=1
-# PERF_TYPE_RAW / topdown-bad-spec (0x8100)
+# PERF_TYPE_RAW / topdown-be-bound (0x8300)
[event15:base-stat]
fd=15
group_fd=11
type=4
-config=33024
+config=33536
disabled=0
enable_on_exec=0
read_format=15
optional=1
-# PERF_TYPE_RAW / INT_MISC.UOP_DROPPING
+# PERF_TYPE_RAW / topdown-heavy-ops (0x8400)
[event16:base-stat]
fd=16
+group_fd=11
type=4
-config=4109
+config=33792
+disabled=0
+enable_on_exec=0
+read_format=15
optional=1
-# PERF_TYPE_RAW / cpu/INT_MISC.RECOVERY_CYCLES,cmask=1,edge/
+# PERF_TYPE_RAW / topdown-br-mispredict (0x8500)
[event17:base-stat]
fd=17
+group_fd=11
type=4
-config=17039629
+config=34048
+disabled=0
+enable_on_exec=0
+read_format=15
optional=1
-# PERF_TYPE_RAW / CPU_CLK_UNHALTED.THREAD
+# PERF_TYPE_RAW / topdown-fetch-lat (0x8600)
[event18:base-stat]
fd=18
+group_fd=11
type=4
-config=60
+config=34304
+disabled=0
+enable_on_exec=0
+read_format=15
optional=1
-# PERF_TYPE_RAW / INT_MISC.RECOVERY_CYCLES_ANY
+# PERF_TYPE_RAW / topdown-mem-bound (0x8700)
[event19:base-stat]
fd=19
+group_fd=11
type=4
-config=2097421
+config=34560
+disabled=0
+enable_on_exec=0
+read_format=15
optional=1
-# PERF_TYPE_RAW / CPU_CLK_UNHALTED.REF_XCLK
+# PERF_TYPE_RAW / INT_MISC.UOP_DROPPING
[event20:base-stat]
fd=20
type=4
-config=316
+config=4109
optional=1
-# PERF_TYPE_RAW / IDQ_UOPS_NOT_DELIVERED.CORE
+# PERF_TYPE_RAW / cpu/INT_MISC.RECOVERY_CYCLES,cmask=1,edge/
[event21:base-stat]
fd=21
type=4
-config=412
+config=17039629
optional=1
-# PERF_TYPE_RAW / CPU_CLK_UNHALTED.ONE_THREAD_ACTIVE
+# PERF_TYPE_RAW / CPU_CLK_UNHALTED.THREAD
[event22:base-stat]
fd=22
type=4
-config=572
+config=60
optional=1
-# PERF_TYPE_RAW / UOPS_RETIRED.RETIRE_SLOTS
+# PERF_TYPE_RAW / INT_MISC.RECOVERY_CYCLES_ANY
[event23:base-stat]
fd=23
type=4
-config=706
+config=2097421
optional=1
-# PERF_TYPE_RAW / UOPS_ISSUED.ANY
+# PERF_TYPE_RAW / CPU_CLK_UNHALTED.REF_XCLK
[event24:base-stat]
fd=24
type=4
+config=316
+optional=1
+
+# PERF_TYPE_RAW / IDQ_UOPS_NOT_DELIVERED.CORE
+[event25:base-stat]
+fd=25
+type=4
+config=412
+optional=1
+
+# PERF_TYPE_RAW / CPU_CLK_UNHALTED.ONE_THREAD_ACTIVE
+[event26:base-stat]
+fd=26
+type=4
+config=572
+optional=1
+
+# PERF_TYPE_RAW / UOPS_RETIRED.RETIRE_SLOTS
+[event27:base-stat]
+fd=27
+type=4
+config=706
+optional=1
+
+# PERF_TYPE_RAW / UOPS_ISSUED.ANY
+[event28:base-stat]
+fd=28
+type=4
config=270
optional=1
diff --git a/tools/perf/tests/attr/test-stat-detailed-1 b/tools/perf/tests/attr/test-stat-detailed-1
index 1c52cb05c900d..3d500d3e0c5c8 100644
--- a/tools/perf/tests/attr/test-stat-detailed-1
+++ b/tools/perf/tests/attr/test-stat-detailed-1
@@ -90,99 +90,143 @@ enable_on_exec=0
read_format=15
optional=1
-# PERF_TYPE_RAW / topdown-fe-bound (0x8200)
+# PERF_TYPE_RAW / topdown-bad-spec (0x8100)
[event13:base-stat]
fd=13
group_fd=11
type=4
-config=33280
+config=33024
disabled=0
enable_on_exec=0
read_format=15
optional=1
-# PERF_TYPE_RAW / topdown-be-bound (0x8300)
+# PERF_TYPE_RAW / topdown-fe-bound (0x8200)
[event14:base-stat]
fd=14
group_fd=11
type=4
-config=33536
+config=33280
disabled=0
enable_on_exec=0
read_format=15
optional=1
-# PERF_TYPE_RAW / topdown-bad-spec (0x8100)
+# PERF_TYPE_RAW / topdown-be-bound (0x8300)
[event15:base-stat]
fd=15
group_fd=11
type=4
-config=33024
+config=33536
disabled=0
enable_on_exec=0
read_format=15
optional=1
-# PERF_TYPE_RAW / INT_MISC.UOP_DROPPING
+# PERF_TYPE_RAW / topdown-heavy-ops (0x8400)
[event16:base-stat]
fd=16
+group_fd=11
type=4
-config=4109
+config=33792
+disabled=0
+enable_on_exec=0
+read_format=15
optional=1
-# PERF_TYPE_RAW / cpu/INT_MISC.RECOVERY_CYCLES,cmask=1,edge/
+# PERF_TYPE_RAW / topdown-br-mispredict (0x8500)
[event17:base-stat]
fd=17
+group_fd=11
type=4
-config=17039629
+config=34048
+disabled=0
+enable_on_exec=0
+read_format=15
optional=1
-# PERF_TYPE_RAW / CPU_CLK_UNHALTED.THREAD
+# PERF_TYPE_RAW / topdown-fetch-lat (0x8600)
[event18:base-stat]
fd=18
+group_fd=11
type=4
-config=60
+config=34304
+disabled=0
+enable_on_exec=0
+read_format=15
optional=1
-# PERF_TYPE_RAW / INT_MISC.RECOVERY_CYCLES_ANY
+# PERF_TYPE_RAW / topdown-mem-bound (0x8700)
[event19:base-stat]
fd=19
+group_fd=11
type=4
-config=2097421
+config=34560
+disabled=0
+enable_on_exec=0
+read_format=15
optional=1
-# PERF_TYPE_RAW / CPU_CLK_UNHALTED.REF_XCLK
+# PERF_TYPE_RAW / INT_MISC.UOP_DROPPING
[event20:base-stat]
fd=20
type=4
-config=316
+config=4109
optional=1
-# PERF_TYPE_RAW / IDQ_UOPS_NOT_DELIVERED.CORE
+# PERF_TYPE_RAW / cpu/INT_MISC.RECOVERY_CYCLES,cmask=1,edge/
[event21:base-stat]
fd=21
type=4
-config=412
+config=17039629
optional=1
-# PERF_TYPE_RAW / CPU_CLK_UNHALTED.ONE_THREAD_ACTIVE
+# PERF_TYPE_RAW / CPU_CLK_UNHALTED.THREAD
[event22:base-stat]
fd=22
type=4
-config=572
+config=60
optional=1
-# PERF_TYPE_RAW / UOPS_RETIRED.RETIRE_SLOTS
+# PERF_TYPE_RAW / INT_MISC.RECOVERY_CYCLES_ANY
[event23:base-stat]
fd=23
type=4
-config=706
+config=2097421
optional=1
-# PERF_TYPE_RAW / UOPS_ISSUED.ANY
+# PERF_TYPE_RAW / CPU_CLK_UNHALTED.REF_XCLK
[event24:base-stat]
fd=24
type=4
+config=316
+optional=1
+
+# PERF_TYPE_RAW / IDQ_UOPS_NOT_DELIVERED.CORE
+[event25:base-stat]
+fd=25
+type=4
+config=412
+optional=1
+
+# PERF_TYPE_RAW / CPU_CLK_UNHALTED.ONE_THREAD_ACTIVE
+[event26:base-stat]
+fd=26
+type=4
+config=572
+optional=1
+
+# PERF_TYPE_RAW / UOPS_RETIRED.RETIRE_SLOTS
+[event27:base-stat]
+fd=27
+type=4
+config=706
+optional=1
+
+# PERF_TYPE_RAW / UOPS_ISSUED.ANY
+[event28:base-stat]
+fd=28
+type=4
config=270
optional=1
@@ -190,8 +234,8 @@ optional=1
# PERF_COUNT_HW_CACHE_L1D << 0 |
# (PERF_COUNT_HW_CACHE_OP_READ << 8) |
# (PERF_COUNT_HW_CACHE_RESULT_ACCESS << 16)
-[event25:base-stat]
-fd=25
+[event29:base-stat]
+fd=29
type=3
config=0
optional=1
@@ -200,8 +244,8 @@ optional=1
# PERF_COUNT_HW_CACHE_L1D << 0 |
# (PERF_COUNT_HW_CACHE_OP_READ << 8) |
# (PERF_COUNT_HW_CACHE_RESULT_MISS << 16)
-[event26:base-stat]
-fd=26
+[event30:base-stat]
+fd=30
type=3
config=65536
optional=1
@@ -210,8 +254,8 @@ optional=1
# PERF_COUNT_HW_CACHE_LL << 0 |
# (PERF_COUNT_HW_CACHE_OP_READ << 8) |
# (PERF_COUNT_HW_CACHE_RESULT_ACCESS << 16)
-[event27:base-stat]
-fd=27
+[event31:base-stat]
+fd=31
type=3
config=2
optional=1
@@ -220,8 +264,8 @@ optional=1
# PERF_COUNT_HW_CACHE_LL << 0 |
# (PERF_COUNT_HW_CACHE_OP_READ << 8) |
# (PERF_COUNT_HW_CACHE_RESULT_MISS << 16)
-[event28:base-stat]
-fd=28
+[event32:base-stat]
+fd=32
type=3
config=65538
optional=1
diff --git a/tools/perf/tests/attr/test-stat-detailed-2 b/tools/perf/tests/attr/test-stat-detailed-2
index 7e961d24a885a..01777a63752fe 100644
--- a/tools/perf/tests/attr/test-stat-detailed-2
+++ b/tools/perf/tests/attr/test-stat-detailed-2
@@ -90,99 +90,143 @@ enable_on_exec=0
read_format=15
optional=1
-# PERF_TYPE_RAW / topdown-fe-bound (0x8200)
+# PERF_TYPE_RAW / topdown-bad-spec (0x8100)
[event13:base-stat]
fd=13
group_fd=11
type=4
-config=33280
+config=33024
disabled=0
enable_on_exec=0
read_format=15
optional=1
-# PERF_TYPE_RAW / topdown-be-bound (0x8300)
+# PERF_TYPE_RAW / topdown-fe-bound (0x8200)
[event14:base-stat]
fd=14
group_fd=11
type=4
-config=33536
+config=33280
disabled=0
enable_on_exec=0
read_format=15
optional=1
-# PERF_TYPE_RAW / topdown-bad-spec (0x8100)
+# PERF_TYPE_RAW / topdown-be-bound (0x8300)
[event15:base-stat]
fd=15
group_fd=11
type=4
-config=33024
+config=33536
disabled=0
enable_on_exec=0
read_format=15
optional=1
-# PERF_TYPE_RAW / INT_MISC.UOP_DROPPING
+# PERF_TYPE_RAW / topdown-heavy-ops (0x8400)
[event16:base-stat]
fd=16
+group_fd=11
type=4
-config=4109
+config=33792
+disabled=0
+enable_on_exec=0
+read_format=15
optional=1
-# PERF_TYPE_RAW / cpu/INT_MISC.RECOVERY_CYCLES,cmask=1,edge/
+# PERF_TYPE_RAW / topdown-br-mispredict (0x8500)
[event17:base-stat]
fd=17
+group_fd=11
type=4
-config=17039629
+config=34048
+disabled=0
+enable_on_exec=0
+read_format=15
optional=1
-# PERF_TYPE_RAW / CPU_CLK_UNHALTED.THREAD
+# PERF_TYPE_RAW / topdown-fetch-lat (0x8600)
[event18:base-stat]
fd=18
+group_fd=11
type=4
-config=60
+config=34304
+disabled=0
+enable_on_exec=0
+read_format=15
optional=1
-# PERF_TYPE_RAW / INT_MISC.RECOVERY_CYCLES_ANY
+# PERF_TYPE_RAW / topdown-mem-bound (0x8700)
[event19:base-stat]
fd=19
+group_fd=11
type=4
-config=2097421
+config=34560
+disabled=0
+enable_on_exec=0
+read_format=15
optional=1
-# PERF_TYPE_RAW / CPU_CLK_UNHALTED.REF_XCLK
+# PERF_TYPE_RAW / INT_MISC.UOP_DROPPING
[event20:base-stat]
fd=20
type=4
-config=316
+config=4109
optional=1
-# PERF_TYPE_RAW / IDQ_UOPS_NOT_DELIVERED.CORE
+# PERF_TYPE_RAW / cpu/INT_MISC.RECOVERY_CYCLES,cmask=1,edge/
[event21:base-stat]
fd=21
type=4
-config=412
+config=17039629
optional=1
-# PERF_TYPE_RAW / CPU_CLK_UNHALTED.ONE_THREAD_ACTIVE
+# PERF_TYPE_RAW / CPU_CLK_UNHALTED.THREAD
[event22:base-stat]
fd=22
type=4
-config=572
+config=60
optional=1
-# PERF_TYPE_RAW / UOPS_RETIRED.RETIRE_SLOTS
+# PERF_TYPE_RAW / INT_MISC.RECOVERY_CYCLES_ANY
[event23:base-stat]
fd=23
type=4
-config=706
+config=2097421
optional=1
-# PERF_TYPE_RAW / UOPS_ISSUED.ANY
+# PERF_TYPE_RAW / CPU_CLK_UNHALTED.REF_XCLK
[event24:base-stat]
fd=24
type=4
+config=316
+optional=1
+
+# PERF_TYPE_RAW / IDQ_UOPS_NOT_DELIVERED.CORE
+[event25:base-stat]
+fd=25
+type=4
+config=412
+optional=1
+
+# PERF_TYPE_RAW / CPU_CLK_UNHALTED.ONE_THREAD_ACTIVE
+[event26:base-stat]
+fd=26
+type=4
+config=572
+optional=1
+
+# PERF_TYPE_RAW / UOPS_RETIRED.RETIRE_SLOTS
+[event27:base-stat]
+fd=27
+type=4
+config=706
+optional=1
+
+# PERF_TYPE_RAW / UOPS_ISSUED.ANY
+[event28:base-stat]
+fd=28
+type=4
config=270
optional=1
@@ -190,8 +234,8 @@ optional=1
# PERF_COUNT_HW_CACHE_L1D << 0 |
# (PERF_COUNT_HW_CACHE_OP_READ << 8) |
# (PERF_COUNT_HW_CACHE_RESULT_ACCESS << 16)
-[event25:base-stat]
-fd=25
+[event29:base-stat]
+fd=29
type=3
config=0
optional=1
@@ -200,8 +244,8 @@ optional=1
# PERF_COUNT_HW_CACHE_L1D << 0 |
# (PERF_COUNT_HW_CACHE_OP_READ << 8) |
# (PERF_COUNT_HW_CACHE_RESULT_MISS << 16)
-[event26:base-stat]
-fd=26
+[event30:base-stat]
+fd=30
type=3
config=65536
optional=1
@@ -210,8 +254,8 @@ optional=1
# PERF_COUNT_HW_CACHE_LL << 0 |
# (PERF_COUNT_HW_CACHE_OP_READ << 8) |
# (PERF_COUNT_HW_CACHE_RESULT_ACCESS << 16)
-[event27:base-stat]
-fd=27
+[event31:base-stat]
+fd=31
type=3
config=2
optional=1
@@ -220,8 +264,8 @@ optional=1
# PERF_COUNT_HW_CACHE_LL << 0 |
# (PERF_COUNT_HW_CACHE_OP_READ << 8) |
# (PERF_COUNT_HW_CACHE_RESULT_MISS << 16)
-[event28:base-stat]
-fd=28
+[event32:base-stat]
+fd=32
type=3
config=65538
optional=1
@@ -230,8 +274,8 @@ optional=1
# PERF_COUNT_HW_CACHE_L1I << 0 |
# (PERF_COUNT_HW_CACHE_OP_READ << 8) |
# (PERF_COUNT_HW_CACHE_RESULT_ACCESS << 16)
-[event29:base-stat]
-fd=29
+[event33:base-stat]
+fd=33
type=3
config=1
optional=1
@@ -240,8 +284,8 @@ optional=1
# PERF_COUNT_HW_CACHE_L1I << 0 |
# (PERF_COUNT_HW_CACHE_OP_READ << 8) |
# (PERF_COUNT_HW_CACHE_RESULT_MISS << 16)
-[event30:base-stat]
-fd=30
+[event34:base-stat]
+fd=34
type=3
config=65537
optional=1
@@ -250,8 +294,8 @@ optional=1
# PERF_COUNT_HW_CACHE_DTLB << 0 |
# (PERF_COUNT_HW_CACHE_OP_READ << 8) |
# (PERF_COUNT_HW_CACHE_RESULT_ACCESS << 16)
-[event31:base-stat]
-fd=31
+[event35:base-stat]
+fd=35
type=3
config=3
optional=1
@@ -260,8 +304,8 @@ optional=1
# PERF_COUNT_HW_CACHE_DTLB << 0 |
# (PERF_COUNT_HW_CACHE_OP_READ << 8) |
# (PERF_COUNT_HW_CACHE_RESULT_MISS << 16)
-[event32:base-stat]
-fd=32
+[event36:base-stat]
+fd=36
type=3
config=65539
optional=1
@@ -270,8 +314,8 @@ optional=1
# PERF_COUNT_HW_CACHE_ITLB << 0 |
# (PERF_COUNT_HW_CACHE_OP_READ << 8) |
# (PERF_COUNT_HW_CACHE_RESULT_ACCESS << 16)
-[event33:base-stat]
-fd=33
+[event37:base-stat]
+fd=37
type=3
config=4
optional=1
@@ -280,8 +324,8 @@ optional=1
# PERF_COUNT_HW_CACHE_ITLB << 0 |
# (PERF_COUNT_HW_CACHE_OP_READ << 8) |
# (PERF_COUNT_HW_CACHE_RESULT_MISS << 16)
-[event34:base-stat]
-fd=34
+[event38:base-stat]
+fd=38
type=3
config=65540
optional=1
diff --git a/tools/perf/tests/attr/test-stat-detailed-3 b/tools/perf/tests/attr/test-stat-detailed-3
index e50535f45977c..8400abd7e1e48 100644
--- a/tools/perf/tests/attr/test-stat-detailed-3
+++ b/tools/perf/tests/attr/test-stat-detailed-3
@@ -90,99 +90,143 @@ enable_on_exec=0
read_format=15
optional=1
-# PERF_TYPE_RAW / topdown-fe-bound (0x8200)
+# PERF_TYPE_RAW / topdown-bad-spec (0x8100)
[event13:base-stat]
fd=13
group_fd=11
type=4
-config=33280
+config=33024
disabled=0
enable_on_exec=0
read_format=15
optional=1
-# PERF_TYPE_RAW / topdown-be-bound (0x8300)
+# PERF_TYPE_RAW / topdown-fe-bound (0x8200)
[event14:base-stat]
fd=14
group_fd=11
type=4
-config=33536
+config=33280
disabled=0
enable_on_exec=0
read_format=15
optional=1
-# PERF_TYPE_RAW / topdown-bad-spec (0x8100)
+# PERF_TYPE_RAW / topdown-be-bound (0x8300)
[event15:base-stat]
fd=15
group_fd=11
type=4
-config=33024
+config=33536
disabled=0
enable_on_exec=0
read_format=15
optional=1
-# PERF_TYPE_RAW / INT_MISC.UOP_DROPPING
+# PERF_TYPE_RAW / topdown-heavy-ops (0x8400)
[event16:base-stat]
fd=16
+group_fd=11
type=4
-config=4109
+config=33792
+disabled=0
+enable_on_exec=0
+read_format=15
optional=1
-# PERF_TYPE_RAW / cpu/INT_MISC.RECOVERY_CYCLES,cmask=1,edge/
+# PERF_TYPE_RAW / topdown-br-mispredict (0x8500)
[event17:base-stat]
fd=17
+group_fd=11
type=4
-config=17039629
+config=34048
+disabled=0
+enable_on_exec=0
+read_format=15
optional=1
-# PERF_TYPE_RAW / CPU_CLK_UNHALTED.THREAD
+# PERF_TYPE_RAW / topdown-fetch-lat (0x8600)
[event18:base-stat]
fd=18
+group_fd=11
type=4
-config=60
+config=34304
+disabled=0
+enable_on_exec=0
+read_format=15
optional=1
-# PERF_TYPE_RAW / INT_MISC.RECOVERY_CYCLES_ANY
+# PERF_TYPE_RAW / topdown-mem-bound (0x8700)
[event19:base-stat]
fd=19
+group_fd=11
type=4
-config=2097421
+config=34560
+disabled=0
+enable_on_exec=0
+read_format=15
optional=1
-# PERF_TYPE_RAW / CPU_CLK_UNHALTED.REF_XCLK
+# PERF_TYPE_RAW / INT_MISC.UOP_DROPPING
[event20:base-stat]
fd=20
type=4
-config=316
+config=4109
optional=1
-# PERF_TYPE_RAW / IDQ_UOPS_NOT_DELIVERED.CORE
+# PERF_TYPE_RAW / cpu/INT_MISC.RECOVERY_CYCLES,cmask=1,edge/
[event21:base-stat]
fd=21
type=4
-config=412
+config=17039629
optional=1
-# PERF_TYPE_RAW / CPU_CLK_UNHALTED.ONE_THREAD_ACTIVE
+# PERF_TYPE_RAW / CPU_CLK_UNHALTED.THREAD
[event22:base-stat]
fd=22
type=4
-config=572
+config=60
optional=1
-# PERF_TYPE_RAW / UOPS_RETIRED.RETIRE_SLOTS
+# PERF_TYPE_RAW / INT_MISC.RECOVERY_CYCLES_ANY
[event23:base-stat]
fd=23
type=4
-config=706
+config=2097421
optional=1
-# PERF_TYPE_RAW / UOPS_ISSUED.ANY
+# PERF_TYPE_RAW / CPU_CLK_UNHALTED.REF_XCLK
[event24:base-stat]
fd=24
type=4
+config=316
+optional=1
+
+# PERF_TYPE_RAW / IDQ_UOPS_NOT_DELIVERED.CORE
+[event25:base-stat]
+fd=25
+type=4
+config=412
+optional=1
+
+# PERF_TYPE_RAW / CPU_CLK_UNHALTED.ONE_THREAD_ACTIVE
+[event26:base-stat]
+fd=26
+type=4
+config=572
+optional=1
+
+# PERF_TYPE_RAW / UOPS_RETIRED.RETIRE_SLOTS
+[event27:base-stat]
+fd=27
+type=4
+config=706
+optional=1
+
+# PERF_TYPE_RAW / UOPS_ISSUED.ANY
+[event28:base-stat]
+fd=28
+type=4
config=270
optional=1
@@ -190,8 +234,8 @@ optional=1
# PERF_COUNT_HW_CACHE_L1D << 0 |
# (PERF_COUNT_HW_CACHE_OP_READ << 8) |
# (PERF_COUNT_HW_CACHE_RESULT_ACCESS << 16)
-[event25:base-stat]
-fd=25
+[event29:base-stat]
+fd=29
type=3
config=0
optional=1
@@ -200,8 +244,8 @@ optional=1
# PERF_COUNT_HW_CACHE_L1D << 0 |
# (PERF_COUNT_HW_CACHE_OP_READ << 8) |
# (PERF_COUNT_HW_CACHE_RESULT_MISS << 16)
-[event26:base-stat]
-fd=26
+[event30:base-stat]
+fd=30
type=3
config=65536
optional=1
@@ -210,8 +254,8 @@ optional=1
# PERF_COUNT_HW_CACHE_LL << 0 |
# (PERF_COUNT_HW_CACHE_OP_READ << 8) |
# (PERF_COUNT_HW_CACHE_RESULT_ACCESS << 16)
-[event27:base-stat]
-fd=27
+[event31:base-stat]
+fd=31
type=3
config=2
optional=1
@@ -220,8 +264,8 @@ optional=1
# PERF_COUNT_HW_CACHE_LL << 0 |
# (PERF_COUNT_HW_CACHE_OP_READ << 8) |
# (PERF_COUNT_HW_CACHE_RESULT_MISS << 16)
-[event28:base-stat]
-fd=28
+[event32:base-stat]
+fd=32
type=3
config=65538
optional=1
@@ -230,8 +274,8 @@ optional=1
# PERF_COUNT_HW_CACHE_L1I << 0 |
# (PERF_COUNT_HW_CACHE_OP_READ << 8) |
# (PERF_COUNT_HW_CACHE_RESULT_ACCESS << 16)
-[event29:base-stat]
-fd=29
+[event33:base-stat]
+fd=33
type=3
config=1
optional=1
@@ -240,8 +284,8 @@ optional=1
# PERF_COUNT_HW_CACHE_L1I << 0 |
# (PERF_COUNT_HW_CACHE_OP_READ << 8) |
# (PERF_COUNT_HW_CACHE_RESULT_MISS << 16)
-[event30:base-stat]
-fd=30
+[event34:base-stat]
+fd=34
type=3
config=65537
optional=1
@@ -250,8 +294,8 @@ optional=1
# PERF_COUNT_HW_CACHE_DTLB << 0 |
# (PERF_COUNT_HW_CACHE_OP_READ << 8) |
# (PERF_COUNT_HW_CACHE_RESULT_ACCESS << 16)
-[event31:base-stat]
-fd=31
+[event35:base-stat]
+fd=35
type=3
config=3
optional=1
@@ -260,8 +304,8 @@ optional=1
# PERF_COUNT_HW_CACHE_DTLB << 0 |
# (PERF_COUNT_HW_CACHE_OP_READ << 8) |
# (PERF_COUNT_HW_CACHE_RESULT_MISS << 16)
-[event32:base-stat]
-fd=32
+[event36:base-stat]
+fd=36
type=3
config=65539
optional=1
@@ -270,8 +314,8 @@ optional=1
# PERF_COUNT_HW_CACHE_ITLB << 0 |
# (PERF_COUNT_HW_CACHE_OP_READ << 8) |
# (PERF_COUNT_HW_CACHE_RESULT_ACCESS << 16)
-[event33:base-stat]
-fd=33
+[event37:base-stat]
+fd=37
type=3
config=4
optional=1
@@ -280,8 +324,8 @@ optional=1
# PERF_COUNT_HW_CACHE_ITLB << 0 |
# (PERF_COUNT_HW_CACHE_OP_READ << 8) |
# (PERF_COUNT_HW_CACHE_RESULT_MISS << 16)
-[event34:base-stat]
-fd=34
+[event38:base-stat]
+fd=38
type=3
config=65540
optional=1
@@ -290,8 +334,8 @@ optional=1
# PERF_COUNT_HW_CACHE_L1D << 0 |
# (PERF_COUNT_HW_CACHE_OP_PREFETCH << 8) |
# (PERF_COUNT_HW_CACHE_RESULT_ACCESS << 16)
-[event35:base-stat]
-fd=35
+[event39:base-stat]
+fd=39
type=3
config=512
optional=1
@@ -300,8 +344,8 @@ optional=1
# PERF_COUNT_HW_CACHE_L1D << 0 |
# (PERF_COUNT_HW_CACHE_OP_PREFETCH << 8) |
# (PERF_COUNT_HW_CACHE_RESULT_MISS << 16)
-[event36:base-stat]
-fd=36
+[event40:base-stat]
+fd=40
type=3
config=66048
optional=1
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 493/817] f2fs: compress: fix inconsistent update of i_blocks in release_compress_blocks and reserve_compress_blocks
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (491 preceding siblings ...)
2024-12-03 14:41 ` [PATCH 6.11 492/817] perf test attr: Add back missing topdown events Greg Kroah-Hartman
@ 2024-12-03 14:41 ` Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 494/817] f2fs: fix null-ptr-deref in f2fs_submit_page_bio() Greg Kroah-Hartman
` (333 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Qi Han, Chao Yu, Jaegeuk Kim,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Qi Han <hanqi@vivo.com>
[ Upstream commit 26413ce18e85de3dda2cd3d72c3c3e8ab8f4f996 ]
After release a file and subsequently reserve it, the FSCK flag is set
when the file is deleted, as shown in the following backtrace:
F2FS-fs (dm-48): Inconsistent i_blocks, ino:401231, iblocks:1448, sectors:1472
fs_rec_info_write_type+0x58/0x274
f2fs_rec_info_write+0x1c/0x2c
set_sbi_flag+0x74/0x98
dec_valid_block_count+0x150/0x190
f2fs_truncate_data_blocks_range+0x2d4/0x3cc
f2fs_do_truncate_blocks+0x2fc/0x5f0
f2fs_truncate_blocks+0x68/0x100
f2fs_truncate+0x80/0x128
f2fs_evict_inode+0x1a4/0x794
evict+0xd4/0x280
iput+0x238/0x284
do_unlinkat+0x1ac/0x298
__arm64_sys_unlinkat+0x48/0x68
invoke_syscall+0x58/0x11c
For clusters of the following type, i_blocks are decremented by 1 and
i_compr_blocks are incremented by 7 in release_compress_blocks, while
updates to i_blocks and i_compr_blocks are skipped in reserve_compress_blocks.
raw node:
D D D D D D D D
after compress:
C D D D D D D D
after reserve:
C D D D D D D D
Let's update i_blocks and i_compr_blocks properly in reserve_compress_blocks.
Fixes: eb8fbaa53374 ("f2fs: compress: fix to check unreleased compressed cluster")
Signed-off-by: Qi Han <hanqi@vivo.com>
Reviewed-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/f2fs/file.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c
index 80ebc13ccb35b..38d11635261ee 100644
--- a/fs/f2fs/file.c
+++ b/fs/f2fs/file.c
@@ -3798,7 +3798,7 @@ static int reserve_compress_blocks(struct dnode_of_data *dn, pgoff_t count,
to_reserved = cluster_size - compr_blocks - reserved;
/* for the case all blocks in cluster were reserved */
- if (to_reserved == 1) {
+ if (reserved && to_reserved == 1) {
dn->ofs_in_node += cluster_size;
goto next;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 494/817] f2fs: fix null-ptr-deref in f2fs_submit_page_bio()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (492 preceding siblings ...)
2024-12-03 14:41 ` [PATCH 6.11 493/817] f2fs: compress: fix inconsistent update of i_blocks in release_compress_blocks and reserve_compress_blocks Greg Kroah-Hartman
@ 2024-12-03 14:41 ` Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 495/817] f2fs: fix to account dirty data in __get_secs_required() Greg Kroah-Hartman
` (332 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ye Bin, Chao Yu, Jaegeuk Kim,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ye Bin <yebin10@huawei.com>
[ Upstream commit b7d0a97b28083084ebdd8e5c6bccd12e6ec18faa ]
There's issue as follows when concurrently installing the f2fs.ko
module and mounting the f2fs file system:
KASAN: null-ptr-deref in range [0x0000000000000020-0x0000000000000027]
RIP: 0010:__bio_alloc+0x2fb/0x6c0 [f2fs]
Call Trace:
<TASK>
f2fs_submit_page_bio+0x126/0x8b0 [f2fs]
__get_meta_page+0x1d4/0x920 [f2fs]
get_checkpoint_version.constprop.0+0x2b/0x3c0 [f2fs]
validate_checkpoint+0xac/0x290 [f2fs]
f2fs_get_valid_checkpoint+0x207/0x950 [f2fs]
f2fs_fill_super+0x1007/0x39b0 [f2fs]
mount_bdev+0x183/0x250
legacy_get_tree+0xf4/0x1e0
vfs_get_tree+0x88/0x340
do_new_mount+0x283/0x5e0
path_mount+0x2b2/0x15b0
__x64_sys_mount+0x1fe/0x270
do_syscall_64+0x5f/0x170
entry_SYSCALL_64_after_hwframe+0x76/0x7e
Above issue happens as the biset of the f2fs file system is not
initialized before register "f2fs_fs_type".
To address above issue just register "f2fs_fs_type" at the last in
init_f2fs_fs(). Ensure that all f2fs file system resources are
initialized.
Fixes: f543805fcd60 ("f2fs: introduce private bioset")
Signed-off-by: Ye Bin <yebin10@huawei.com>
Reviewed-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/f2fs/super.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c
index 0f6e2b3f6a4c5..615ca1f0ef59b 100644
--- a/fs/f2fs/super.c
+++ b/fs/f2fs/super.c
@@ -4972,9 +4972,6 @@ static int __init init_f2fs_fs(void)
err = f2fs_init_shrinker();
if (err)
goto free_sysfs;
- err = register_filesystem(&f2fs_fs_type);
- if (err)
- goto free_shrinker;
f2fs_create_root_stats();
err = f2fs_init_post_read_processing();
if (err)
@@ -4997,7 +4994,12 @@ static int __init init_f2fs_fs(void)
err = f2fs_create_casefold_cache();
if (err)
goto free_compress_cache;
+ err = register_filesystem(&f2fs_fs_type);
+ if (err)
+ goto free_casefold_cache;
return 0;
+free_casefold_cache:
+ f2fs_destroy_casefold_cache();
free_compress_cache:
f2fs_destroy_compress_cache();
free_compress_mempool:
@@ -5012,8 +5014,6 @@ static int __init init_f2fs_fs(void)
f2fs_destroy_post_read_processing();
free_root_stats:
f2fs_destroy_root_stats();
- unregister_filesystem(&f2fs_fs_type);
-free_shrinker:
f2fs_exit_shrinker();
free_sysfs:
f2fs_exit_sysfs();
@@ -5037,6 +5037,7 @@ static int __init init_f2fs_fs(void)
static void __exit exit_f2fs_fs(void)
{
+ unregister_filesystem(&f2fs_fs_type);
f2fs_destroy_casefold_cache();
f2fs_destroy_compress_cache();
f2fs_destroy_compress_mempool();
@@ -5045,7 +5046,6 @@ static void __exit exit_f2fs_fs(void)
f2fs_destroy_iostat_processing();
f2fs_destroy_post_read_processing();
f2fs_destroy_root_stats();
- unregister_filesystem(&f2fs_fs_type);
f2fs_exit_shrinker();
f2fs_exit_sysfs();
f2fs_destroy_garbage_collection_cache();
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 495/817] f2fs: fix to account dirty data in __get_secs_required()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (493 preceding siblings ...)
2024-12-03 14:41 ` [PATCH 6.11 494/817] f2fs: fix null-ptr-deref in f2fs_submit_page_bio() Greg Kroah-Hartman
@ 2024-12-03 14:41 ` Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 496/817] perf dso: Fix symtab_type for kmod compression Greg Kroah-Hartman
` (331 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Daniel Rosenberg, Chao Yu,
Jaegeuk Kim, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chao Yu <chao@kernel.org>
[ Upstream commit 1acd73edbbfef2c3c5b43cba4006a7797eca7050 ]
It will trigger system panic w/ testcase in [1]:
------------[ cut here ]------------
kernel BUG at fs/f2fs/segment.c:2752!
RIP: 0010:new_curseg+0xc81/0x2110
Call Trace:
f2fs_allocate_data_block+0x1c91/0x4540
do_write_page+0x163/0xdf0
f2fs_outplace_write_data+0x1aa/0x340
f2fs_do_write_data_page+0x797/0x2280
f2fs_write_single_data_page+0x16cd/0x2190
f2fs_write_cache_pages+0x994/0x1c80
f2fs_write_data_pages+0x9cc/0xea0
do_writepages+0x194/0x7a0
filemap_fdatawrite_wbc+0x12b/0x1a0
__filemap_fdatawrite_range+0xbb/0xf0
file_write_and_wait_range+0xa1/0x110
f2fs_do_sync_file+0x26f/0x1c50
f2fs_sync_file+0x12b/0x1d0
vfs_fsync_range+0xfa/0x230
do_fsync+0x3d/0x80
__x64_sys_fsync+0x37/0x50
x64_sys_call+0x1e88/0x20d0
do_syscall_64+0x4b/0x110
entry_SYSCALL_64_after_hwframe+0x76/0x7e
The root cause is if checkpoint_disabling and lfs_mode are both on,
it will trigger OPU for all overwritten data, it may cost more free
segment than expected, so f2fs must account those data correctly to
calculate cosumed free segments later, and return ENOSPC earlier to
avoid run out of free segment during block allocation.
[1] https://lore.kernel.org/fstests/20241015025106.3203676-1-chao@kernel.org/
Fixes: 4354994f097d ("f2fs: checkpoint disabling")
Cc: Daniel Rosenberg <drosen@google.com>
Signed-off-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/f2fs/segment.h | 35 +++++++++++++++++++++++++----------
1 file changed, 25 insertions(+), 10 deletions(-)
diff --git a/fs/f2fs/segment.h b/fs/f2fs/segment.h
index bfc01a521cb98..c3aeca7e0dde6 100644
--- a/fs/f2fs/segment.h
+++ b/fs/f2fs/segment.h
@@ -558,18 +558,21 @@ static inline int reserved_sections(struct f2fs_sb_info *sbi)
}
static inline bool has_curseg_enough_space(struct f2fs_sb_info *sbi,
- unsigned int node_blocks, unsigned int dent_blocks)
+ unsigned int node_blocks, unsigned int data_blocks,
+ unsigned int dent_blocks)
{
- unsigned segno, left_blocks;
+ unsigned int segno, left_blocks, blocks;
int i;
- /* check current node sections in the worst case. */
- for (i = CURSEG_HOT_NODE; i <= CURSEG_COLD_NODE; i++) {
+ /* check current data/node sections in the worst case. */
+ for (i = CURSEG_HOT_DATA; i < NR_PERSISTENT_LOG; i++) {
segno = CURSEG_I(sbi, i)->segno;
left_blocks = CAP_BLKS_PER_SEC(sbi) -
get_ckpt_valid_blocks(sbi, segno, true);
- if (node_blocks > left_blocks)
+
+ blocks = i <= CURSEG_COLD_DATA ? data_blocks : node_blocks;
+ if (blocks > left_blocks)
return false;
}
@@ -583,8 +586,9 @@ static inline bool has_curseg_enough_space(struct f2fs_sb_info *sbi,
}
/*
- * calculate needed sections for dirty node/dentry
- * and call has_curseg_enough_space
+ * calculate needed sections for dirty node/dentry and call
+ * has_curseg_enough_space, please note that, it needs to account
+ * dirty data as well in lfs mode when checkpoint is disabled.
*/
static inline void __get_secs_required(struct f2fs_sb_info *sbi,
unsigned int *lower_p, unsigned int *upper_p, bool *curseg_p)
@@ -593,19 +597,30 @@ static inline void __get_secs_required(struct f2fs_sb_info *sbi,
get_pages(sbi, F2FS_DIRTY_DENTS) +
get_pages(sbi, F2FS_DIRTY_IMETA);
unsigned int total_dent_blocks = get_pages(sbi, F2FS_DIRTY_DENTS);
+ unsigned int total_data_blocks = 0;
unsigned int node_secs = total_node_blocks / CAP_BLKS_PER_SEC(sbi);
unsigned int dent_secs = total_dent_blocks / CAP_BLKS_PER_SEC(sbi);
+ unsigned int data_secs = 0;
unsigned int node_blocks = total_node_blocks % CAP_BLKS_PER_SEC(sbi);
unsigned int dent_blocks = total_dent_blocks % CAP_BLKS_PER_SEC(sbi);
+ unsigned int data_blocks = 0;
+
+ if (f2fs_lfs_mode(sbi) &&
+ unlikely(is_sbi_flag_set(sbi, SBI_CP_DISABLED))) {
+ total_data_blocks = get_pages(sbi, F2FS_DIRTY_DATA);
+ data_secs = total_data_blocks / CAP_BLKS_PER_SEC(sbi);
+ data_blocks = total_data_blocks % CAP_BLKS_PER_SEC(sbi);
+ }
if (lower_p)
- *lower_p = node_secs + dent_secs;
+ *lower_p = node_secs + dent_secs + data_secs;
if (upper_p)
*upper_p = node_secs + dent_secs +
- (node_blocks ? 1 : 0) + (dent_blocks ? 1 : 0);
+ (node_blocks ? 1 : 0) + (dent_blocks ? 1 : 0) +
+ (data_blocks ? 1 : 0);
if (curseg_p)
*curseg_p = has_curseg_enough_space(sbi,
- node_blocks, dent_blocks);
+ node_blocks, data_blocks, dent_blocks);
}
static inline bool has_not_enough_free_secs(struct f2fs_sb_info *sbi,
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 496/817] perf dso: Fix symtab_type for kmod compression
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (494 preceding siblings ...)
2024-12-03 14:41 ` [PATCH 6.11 495/817] f2fs: fix to account dirty data in __get_secs_required() Greg Kroah-Hartman
@ 2024-12-03 14:41 ` Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 497/817] perf probe: Fix libdw memory leak Greg Kroah-Hartman
` (330 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Veronika Molnarova, Michael Petlan,
Namhyung Kim, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Veronika Molnarova <vmolnaro@redhat.com>
[ Upstream commit 05a62936e6b14c005db3b0c9c7d8b93d825dd9ca ]
During the rework of the dso structure in patch ee756ef7491eafd an
increment was forgotten for the symtab_type in case the data for
the kernel module are compressed. This affects the probing of the
kernel modules, which fails if the data are not already cached.
Increment the value of the symtab_type to its compressed variant so the
data could be recovered successfully.
Fixes: ee756ef7491eafd7 ("perf dso: Add reference count checking and accessor functions")
Signed-off-by: Veronika Molnarova <vmolnaro@redhat.com>
Acked-by: Michael Petlan <mpetlan@redhat.com>
Acked-by: Namhyung Kim <namhyung@kernel.org>
Tested-by: Michael Petlan <mpetlan@redhat.com>
Link: https://lore.kernel.org/r/20241010144836.16424-1-vmolnaro@redhat.com
Signed-off-by: Namhyung Kim <namhyung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/perf/util/machine.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/perf/util/machine.c b/tools/perf/util/machine.c
index 706be5e4a0761..b2e6e73d7a925 100644
--- a/tools/perf/util/machine.c
+++ b/tools/perf/util/machine.c
@@ -1342,7 +1342,7 @@ static int maps__set_module_path(struct maps *maps, const char *path, struct kmo
* we need to update the symtab_type if needed.
*/
if (m->comp && is_kmod_dso(dso)) {
- dso__set_symtab_type(dso, dso__symtab_type(dso));
+ dso__set_symtab_type(dso, dso__symtab_type(dso)+1);
dso__set_comp(dso, m->comp);
}
map__put(map);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 497/817] perf probe: Fix libdw memory leak
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (495 preceding siblings ...)
2024-12-03 14:41 ` [PATCH 6.11 496/817] perf dso: Fix symtab_type for kmod compression Greg Kroah-Hartman
@ 2024-12-03 14:41 ` Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 498/817] perf probe: Correct demangled symbols in C++ program Greg Kroah-Hartman
` (329 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ian Rogers, David S. Miller,
Steinar H. Gunderson, Alexander Lobakin,
Masami Hiramatsu (Google), Kajol Jain, Athira Rajeev,
Hemant Kumar, Namhyung Kim, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ian Rogers <irogers@google.com>
[ Upstream commit 4585038b8e186252141ef86e9f0d8e97f11dce8d ]
Add missing dwarf_cfi_end to free memory associated with probe_finder
cfi_eh which is allocated and owned via a call to
dwarf_getcfi_elf. Confusingly cfi_dbg shouldn't be freed as its memory
is owned by the passed in debuginfo struct. Add comments to highlight
this.
This addresses leak sanitizer issues seen in:
tools/perf/tests/shell/test_uprobe_from_different_cu.sh
Fixes: 270bde1e76f4 ("perf probe: Search both .eh_frame and .debug_frame sections for probe location")
Signed-off-by: Ian Rogers <irogers@google.com>
Cc: David S. Miller <davem@davemloft.net>
Cc: Steinar H. Gunderson <sesse@google.com>
Cc: Alexander Lobakin <aleksander.lobakin@intel.com>
Cc: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Cc: Kajol Jain <kjain@linux.ibm.com>
Cc: Athira Rajeev <atrajeev@linux.vnet.ibm.com>
Cc: Hemant Kumar <hemant@linux.vnet.ibm.com>
Link: https://lore.kernel.org/r/20241016235622.52166-3-irogers@google.com
Signed-off-by: Namhyung Kim <namhyung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/perf/util/probe-finder.c | 4 ++++
tools/perf/util/probe-finder.h | 4 ++--
2 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/tools/perf/util/probe-finder.c b/tools/perf/util/probe-finder.c
index 630e16c54ed5c..d6b902899940b 100644
--- a/tools/perf/util/probe-finder.c
+++ b/tools/perf/util/probe-finder.c
@@ -1379,6 +1379,10 @@ int debuginfo__find_trace_events(struct debuginfo *dbg,
if (ret >= 0 && tf.pf.skip_empty_arg)
ret = fill_empty_trace_arg(pev, tf.tevs, tf.ntevs);
+#if _ELFUTILS_PREREQ(0, 142)
+ dwarf_cfi_end(tf.pf.cfi_eh);
+#endif
+
if (ret < 0 || tf.ntevs == 0) {
for (i = 0; i < tf.ntevs; i++)
clear_probe_trace_event(&tf.tevs[i]);
diff --git a/tools/perf/util/probe-finder.h b/tools/perf/util/probe-finder.h
index 3add5ff516e12..724db829b49e0 100644
--- a/tools/perf/util/probe-finder.h
+++ b/tools/perf/util/probe-finder.h
@@ -64,9 +64,9 @@ struct probe_finder {
/* For variable searching */
#if _ELFUTILS_PREREQ(0, 142)
- /* Call Frame Information from .eh_frame */
+ /* Call Frame Information from .eh_frame. Owned by this struct. */
Dwarf_CFI *cfi_eh;
- /* Call Frame Information from .debug_frame */
+ /* Call Frame Information from .debug_frame. Not owned. */
Dwarf_CFI *cfi_dbg;
#endif
Dwarf_Op *fb_ops; /* Frame base attribute */
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 498/817] perf probe: Correct demangled symbols in C++ program
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (496 preceding siblings ...)
2024-12-03 14:41 ` [PATCH 6.11 497/817] perf probe: Fix libdw memory leak Greg Kroah-Hartman
@ 2024-12-03 14:41 ` Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 499/817] rust: kernel: fix THIS_MODULE header path in ThisModule doc comment Greg Kroah-Hartman
` (328 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Leo Yan, Masami Hiramatsu (Google),
Namhyung Kim, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Leo Yan <leo.yan@arm.com>
[ Upstream commit 314909f13cc12d47c468602c37dace512d225eeb ]
An issue can be observed when probe C++ demangled symbol with steps:
# nm test_cpp_mangle | grep print_data
0000000000000c94 t _GLOBAL__sub_I__Z10print_datai
0000000000000afc T _Z10print_datai
0000000000000b38 T _Z10print_dataR5Point
# perf probe -x /home/niayan01/test_cpp_mangle -F --demangle
...
print_data(Point&)
print_data(int)
...
# perf --debug verbose=3 probe -x test_cpp_mangle --add "test=print_data(int)"
probe-definition(0): test=print_data(int)
symbol:print_data(int) file:(null) line:0 offset:0 return:0 lazy:(null)
0 arguments
Open Debuginfo file: /home/niayan01/test_cpp_mangle
Try to find probe point from debuginfo.
Symbol print_data(int) address found : afc
Matched function: print_data [2ccf]
Probe point found: print_data+0
Found 1 probe_trace_events.
Opening /sys/kernel/tracing//uprobe_events write=1
Opening /sys/kernel/tracing//README write=0
Writing event: p:probe_test_cpp_mangle/test /home/niayan01/test_cpp_mangle:0xb38
...
When tried to probe symbol "print_data(int)", the log shows:
Symbol print_data(int) address found : afc
The found address is 0xafc - which is right with verifying the output
result from nm. Afterwards when write event, the command uses offset
0xb38 in the last log, which is a wrong address.
The dwarf_diename() gets a common function name, in above case, it
returns string "print_data". As a result, the tool parses the offset
based on the common name. This leads to probe at the wrong symbol
"print_data(Point&)".
To fix the issue, use the die_get_linkage_name() function to retrieve
the distinct linkage name - this is the mangled name for the C++ case.
Based on this unique name, the tool can get a correct offset for
probing. Based on DWARF doc, it is possible the linkage name is missed
in the DIE, it rolls back to use dwarf_diename().
After:
# perf --debug verbose=3 probe -x test_cpp_mangle --add "test=print_data(int)"
probe-definition(0): test=print_data(int)
symbol:print_data(int) file:(null) line:0 offset:0 return:0 lazy:(null)
0 arguments
Open Debuginfo file: /home/niayan01/test_cpp_mangle
Try to find probe point from debuginfo.
Symbol print_data(int) address found : afc
Matched function: print_data [2d06]
Probe point found: print_data+0
Found 1 probe_trace_events.
Opening /sys/kernel/tracing//uprobe_events write=1
Opening /sys/kernel/tracing//README write=0
Writing event: p:probe_test_cpp_mangle/test /home/niayan01/test_cpp_mangle:0xafc
Added new event:
probe_test_cpp_mangle:test (on print_data(int) in /home/niayan01/test_cpp_mangle)
You can now use it in all perf tools, such as:
perf record -e probe_test_cpp_mangle:test -aR sleep 1
# perf --debug verbose=3 probe -x test_cpp_mangle --add "test2=print_data(Point&)"
probe-definition(0): test2=print_data(Point&)
symbol:print_data(Point&) file:(null) line:0 offset:0 return:0 lazy:(null)
0 arguments
Open Debuginfo file: /home/niayan01/test_cpp_mangle
Try to find probe point from debuginfo.
Symbol print_data(Point&) address found : b38
Matched function: print_data [2ccf]
Probe point found: print_data+0
Found 1 probe_trace_events.
Opening /sys/kernel/tracing//uprobe_events write=1
Parsing probe_events: p:probe_test_cpp_mangle/test /home/niayan01/test_cpp_mangle:0x0000000000000afc
Group:probe_test_cpp_mangle Event:test probe:p
Opening /sys/kernel/tracing//README write=0
Writing event: p:probe_test_cpp_mangle/test2 /home/niayan01/test_cpp_mangle:0xb38
Added new event:
probe_test_cpp_mangle:test2 (on print_data(Point&) in /home/niayan01/test_cpp_mangle)
You can now use it in all perf tools, such as:
perf record -e probe_test_cpp_mangle:test2 -aR sleep 1
Fixes: fb1587d869a3 ("perf probe: List probes with line number and file name")
Signed-off-by: Leo Yan <leo.yan@arm.com>
Acked-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Link: https://lore.kernel.org/r/20241012141432.877894-1-leo.yan@arm.com
Signed-off-by: Namhyung Kim <namhyung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/perf/util/probe-finder.c | 17 +++++++++++++++--
1 file changed, 15 insertions(+), 2 deletions(-)
diff --git a/tools/perf/util/probe-finder.c b/tools/perf/util/probe-finder.c
index d6b902899940b..a30f88ed03004 100644
--- a/tools/perf/util/probe-finder.c
+++ b/tools/perf/util/probe-finder.c
@@ -1587,8 +1587,21 @@ int debuginfo__find_probe_point(struct debuginfo *dbg, u64 addr,
/* Find a corresponding function (name, baseline and baseaddr) */
if (die_find_realfunc(&cudie, (Dwarf_Addr)addr, &spdie)) {
- /* Get function entry information */
- func = basefunc = dwarf_diename(&spdie);
+ /*
+ * Get function entry information.
+ *
+ * As described in the document DWARF Debugging Information
+ * Format Version 5, section 2.22 Linkage Names, "mangled names,
+ * are used in various ways, ... to distinguish multiple
+ * entities that have the same name".
+ *
+ * Firstly try to get distinct linkage name, if fail then
+ * rollback to get associated name in DIE.
+ */
+ func = basefunc = die_get_linkage_name(&spdie);
+ if (!func)
+ func = basefunc = dwarf_diename(&spdie);
+
if (!func ||
die_entrypc(&spdie, &baseaddr) != 0 ||
dwarf_decl_line(&spdie, &baseline) != 0) {
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 499/817] rust: kernel: fix THIS_MODULE header path in ThisModule doc comment
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (497 preceding siblings ...)
2024-12-03 14:41 ` [PATCH 6.11 498/817] perf probe: Correct demangled symbols in C++ program Greg Kroah-Hartman
@ 2024-12-03 14:41 ` Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 500/817] rust: macros: fix documentation of the paste! macro Greg Kroah-Hartman
` (327 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:41 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Yutaro Ohno, Miguel Ojeda,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yutaro Ohno <yutaro.ono.418@gmail.com>
[ Upstream commit 8b55dc8610acf816a66373be53ca6e3bbe2d313a ]
The doc comment for `ThisModule` incorrectly states the C header file
for `THIS_MODULE` as `include/linux/export.h`, while the correct path is
`include/linux/init.h`. This is because `THIS_MODULE` was moved in
commit 5b20755b7780 ("init: move THIS_MODULE from <linux/export.h> to
<linux/init.h>").
Update the doc comment for `ThisModule` to reflect the correct header
file path for `THIS_MODULE`.
Fixes: 5b20755b7780 ("init: move THIS_MODULE from <linux/export.h> to <linux/init.h>")
Signed-off-by: Yutaro Ohno <yutaro.ono.418@gmail.com>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Link: https://lore.kernel.org/r/ZxXDZwxWgoEiIYkj@ohnotp
Signed-off-by: Miguel Ojeda <ojeda@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
rust/kernel/lib.rs | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/rust/kernel/lib.rs b/rust/kernel/lib.rs
index 274bdc1b0a824..4b25c9a474c24 100644
--- a/rust/kernel/lib.rs
+++ b/rust/kernel/lib.rs
@@ -80,7 +80,7 @@ pub trait Module: Sized + Sync + Send {
/// Equivalent to `THIS_MODULE` in the C API.
///
-/// C header: [`include/linux/export.h`](srctree/include/linux/export.h)
+/// C header: [`include/linux/init.h`](srctree/include/linux/init.h)
pub struct ThisModule(*mut bindings::module);
// SAFETY: `THIS_MODULE` may be used from all threads within a module.
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 500/817] rust: macros: fix documentation of the paste! macro
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (498 preceding siblings ...)
2024-12-03 14:41 ` [PATCH 6.11 499/817] rust: kernel: fix THIS_MODULE header path in ThisModule doc comment Greg Kroah-Hartman
@ 2024-12-03 14:41 ` Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 501/817] PCI: cpqphp: Use PCI_POSSIBLE_ERROR() to check config reads Greg Kroah-Hartman
` (326 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Paolo Bonzini, Alice Ryhl,
Miguel Ojeda, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Paolo Bonzini <pbonzini@redhat.com>
[ Upstream commit 15541c9263ce34ff95a06bc68f45d9bc5c990bcd ]
One of the example in this section uses a curious mix of the constant
and function declaration syntaxes; fix it.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Alice Ryhl <aliceryhl@google.com>
Fixes: 823d4737d4c2 ("rust: macros: add `paste!` proc macro")
Link: https://lore.kernel.org/r/20241019072208.1016707-1-pbonzini@redhat.com
Signed-off-by: Miguel Ojeda <ojeda@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
rust/macros/lib.rs | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/rust/macros/lib.rs b/rust/macros/lib.rs
index 5be0cb9db3ee4..8a2ed9472bb08 100644
--- a/rust/macros/lib.rs
+++ b/rust/macros/lib.rs
@@ -355,7 +355,7 @@ pub fn pinned_drop(args: TokenStream, input: TokenStream) -> TokenStream {
/// macro_rules! pub_no_prefix {
/// ($prefix:ident, $($newname:ident),+) => {
/// kernel::macros::paste! {
-/// $(pub(crate) const fn [<$newname:lower:span>]: u32 = [<$prefix $newname:span>];)+
+/// $(pub(crate) const fn [<$newname:lower:span>]() -> u32 { [<$prefix $newname:span>] })+
/// }
/// };
/// }
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 501/817] PCI: cpqphp: Use PCI_POSSIBLE_ERROR() to check config reads
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (499 preceding siblings ...)
2024-12-03 14:41 ` [PATCH 6.11 500/817] rust: macros: fix documentation of the paste! macro Greg Kroah-Hartman
@ 2024-12-03 14:41 ` Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 502/817] PCI: cpqphp: Fix PCIBIOS_* return value confusion Greg Kroah-Hartman
` (325 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:41 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, weiyufeng, Bjorn Helgaas,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: weiyufeng <weiyufeng@kylinos.cn>
[ Upstream commit 87d5403378cccc557af9e02a8a2c8587ad8b7e9a ]
Use PCI_POSSIBLE_ERROR() to check the response we get when we read data
from hardware. This unifies PCI error response checking and makes error
checks consistent and easier to find.
Link: https://lore.kernel.org/r/20240806065050.28725-1-412574090@163.com
Signed-off-by: weiyufeng <weiyufeng@kylinos.cn>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Stable-dep-of: e2226dbc4a49 ("PCI: cpqphp: Fix PCIBIOS_* return value confusion")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/hotplug/cpqphp_pci.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/pci/hotplug/cpqphp_pci.c b/drivers/pci/hotplug/cpqphp_pci.c
index e9f1fb333a718..718bc6cf12cb3 100644
--- a/drivers/pci/hotplug/cpqphp_pci.c
+++ b/drivers/pci/hotplug/cpqphp_pci.c
@@ -138,7 +138,7 @@ static int PCI_RefinedAccessConfig(struct pci_bus *bus, unsigned int devfn, u8 o
if (pci_bus_read_config_dword(bus, devfn, PCI_VENDOR_ID, &vendID) == -1)
return -1;
- if (vendID == 0xffffffff)
+ if (PCI_POSSIBLE_ERROR(vendID))
return -1;
return pci_bus_read_config_dword(bus, devfn, offset, value);
}
@@ -253,7 +253,7 @@ static int PCI_GetBusDevHelper(struct controller *ctrl, u8 *bus_num, u8 *dev_num
*dev_num = tdevice;
ctrl->pci_bus->number = tbus;
pci_bus_read_config_dword(ctrl->pci_bus, *dev_num, PCI_VENDOR_ID, &work);
- if (!nobridge || (work == 0xffffffff))
+ if (!nobridge || PCI_POSSIBLE_ERROR(work))
return 0;
dbg("bus_num %d devfn %d\n", *bus_num, *dev_num);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 502/817] PCI: cpqphp: Fix PCIBIOS_* return value confusion
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (500 preceding siblings ...)
2024-12-03 14:41 ` [PATCH 6.11 501/817] PCI: cpqphp: Use PCI_POSSIBLE_ERROR() to check config reads Greg Kroah-Hartman
@ 2024-12-03 14:41 ` Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 503/817] rust: block: fix formatting of `kernel::block::mq::request` module Greg Kroah-Hartman
` (324 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ilpo Järvinen, Bjorn Helgaas,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
[ Upstream commit e2226dbc4a4919d9c8bd9293299b532090bdf020 ]
Code in and related to PCI_RefinedAccessConfig() has three types of return
type confusion:
- PCI_RefinedAccessConfig() tests pci_bus_read_config_dword() return value
against -1.
- PCI_RefinedAccessConfig() returns both -1 and PCIBIOS_* return codes.
- Callers of PCI_RefinedAccessConfig() only test for -1.
Make PCI_RefinedAccessConfig() return PCIBIOS_* codes consistently and
adapt callers accordingly.
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Link: https://lore.kernel.org/r/20241022091140.3504-2-ilpo.jarvinen@linux.intel.com
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/hotplug/cpqphp_pci.c | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
diff --git a/drivers/pci/hotplug/cpqphp_pci.c b/drivers/pci/hotplug/cpqphp_pci.c
index 718bc6cf12cb3..974c7db3265b5 100644
--- a/drivers/pci/hotplug/cpqphp_pci.c
+++ b/drivers/pci/hotplug/cpqphp_pci.c
@@ -135,11 +135,13 @@ int cpqhp_unconfigure_device(struct pci_func *func)
static int PCI_RefinedAccessConfig(struct pci_bus *bus, unsigned int devfn, u8 offset, u32 *value)
{
u32 vendID = 0;
+ int ret;
- if (pci_bus_read_config_dword(bus, devfn, PCI_VENDOR_ID, &vendID) == -1)
- return -1;
+ ret = pci_bus_read_config_dword(bus, devfn, PCI_VENDOR_ID, &vendID);
+ if (ret != PCIBIOS_SUCCESSFUL)
+ return PCIBIOS_DEVICE_NOT_FOUND;
if (PCI_POSSIBLE_ERROR(vendID))
- return -1;
+ return PCIBIOS_DEVICE_NOT_FOUND;
return pci_bus_read_config_dword(bus, devfn, offset, value);
}
@@ -202,13 +204,15 @@ static int PCI_ScanBusForNonBridge(struct controller *ctrl, u8 bus_num, u8 *dev_
{
u16 tdevice;
u32 work;
+ int ret;
u8 tbus;
ctrl->pci_bus->number = bus_num;
for (tdevice = 0; tdevice < 0xFF; tdevice++) {
/* Scan for access first */
- if (PCI_RefinedAccessConfig(ctrl->pci_bus, tdevice, 0x08, &work) == -1)
+ ret = PCI_RefinedAccessConfig(ctrl->pci_bus, tdevice, 0x08, &work);
+ if (ret)
continue;
dbg("Looking for nonbridge bus_num %d dev_num %d\n", bus_num, tdevice);
/* Yep we got one. Not a bridge ? */
@@ -220,7 +224,8 @@ static int PCI_ScanBusForNonBridge(struct controller *ctrl, u8 bus_num, u8 *dev_
}
for (tdevice = 0; tdevice < 0xFF; tdevice++) {
/* Scan for access first */
- if (PCI_RefinedAccessConfig(ctrl->pci_bus, tdevice, 0x08, &work) == -1)
+ ret = PCI_RefinedAccessConfig(ctrl->pci_bus, tdevice, 0x08, &work);
+ if (ret)
continue;
dbg("Looking for bridge bus_num %d dev_num %d\n", bus_num, tdevice);
/* Yep we got one. bridge ? */
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 503/817] rust: block: fix formatting of `kernel::block::mq::request` module
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (501 preceding siblings ...)
2024-12-03 14:41 ` [PATCH 6.11 502/817] PCI: cpqphp: Fix PCIBIOS_* return value confusion Greg Kroah-Hartman
@ 2024-12-03 14:41 ` Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 504/817] perf disasm: Use disasm_line__free() to properly free disasm_line Greg Kroah-Hartman
` (323 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Miguel Ojeda, Francesco Zardi,
Andreas Hindborg, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Francesco Zardi <frazar00@gmail.com>
[ Upstream commit 28e848386b92645f93b9f2fdba5882c3ca7fb3e2 ]
Fix several issues with rustdoc formatting for the
`kernel::block::mq::Request` module, in particular:
- An ordered list not rendering correctly, fixed by using numbers
prefixes instead of letters.
- Code snippets formatted as regular text, fixed by wrapping the
code with `back-ticks`.
- References to types missing intra-doc links, fixed by wrapping the
types with [square brackets].
Reported-by: Miguel Ojeda <ojeda@kernel.org>
Closes: https://github.com/Rust-for-Linux/linux/issues/1108
Signed-off-by: Francesco Zardi <frazar00@gmail.com>
Acked-by: Andreas Hindborg <a.hindborg@kernel.org>
Fixes: 3253aba3408a ("rust: block: introduce `kernel::block::mq` module")
Link: https://lore.kernel.org/r/20240903173027.16732-3-frazar00@gmail.com
[ Added an extra intra-doc link. Took the chance to add some periods
for consistency. Reworded slightly. - Miguel ]
Signed-off-by: Miguel Ojeda <ojeda@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
rust/kernel/block/mq/request.rs | 67 +++++++++++++++++++--------------
1 file changed, 38 insertions(+), 29 deletions(-)
diff --git a/rust/kernel/block/mq/request.rs b/rust/kernel/block/mq/request.rs
index a0e22827f3f4e..7943f43b95753 100644
--- a/rust/kernel/block/mq/request.rs
+++ b/rust/kernel/block/mq/request.rs
@@ -16,50 +16,55 @@
sync::atomic::{AtomicU64, Ordering},
};
-/// A wrapper around a blk-mq `struct request`. This represents an IO request.
+/// A wrapper around a blk-mq [`struct request`]. This represents an IO request.
///
/// # Implementation details
///
/// There are four states for a request that the Rust bindings care about:
///
-/// A) Request is owned by block layer (refcount 0)
-/// B) Request is owned by driver but with zero `ARef`s in existence
-/// (refcount 1)
-/// C) Request is owned by driver with exactly one `ARef` in existence
-/// (refcount 2)
-/// D) Request is owned by driver with more than one `ARef` in existence
-/// (refcount > 2)
+/// 1. Request is owned by block layer (refcount 0).
+/// 2. Request is owned by driver but with zero [`ARef`]s in existence
+/// (refcount 1).
+/// 3. Request is owned by driver with exactly one [`ARef`] in existence
+/// (refcount 2).
+/// 4. Request is owned by driver with more than one [`ARef`] in existence
+/// (refcount > 2).
///
///
-/// We need to track A and B to ensure we fail tag to request conversions for
+/// We need to track 1 and 2 to ensure we fail tag to request conversions for
/// requests that are not owned by the driver.
///
-/// We need to track C and D to ensure that it is safe to end the request and hand
+/// We need to track 3 and 4 to ensure that it is safe to end the request and hand
/// back ownership to the block layer.
///
/// The states are tracked through the private `refcount` field of
/// `RequestDataWrapper`. This structure lives in the private data area of the C
-/// `struct request`.
+/// [`struct request`].
///
/// # Invariants
///
-/// * `self.0` is a valid `struct request` created by the C portion of the kernel.
+/// * `self.0` is a valid [`struct request`] created by the C portion of the
+/// kernel.
/// * The private data area associated with this request must be an initialized
/// and valid `RequestDataWrapper<T>`.
/// * `self` is reference counted by atomic modification of
-/// self.wrapper_ref().refcount().
+/// `self.wrapper_ref().refcount()`.
+///
+/// [`struct request`]: srctree/include/linux/blk-mq.h
///
#[repr(transparent)]
pub struct Request<T: Operations>(Opaque<bindings::request>, PhantomData<T>);
impl<T: Operations> Request<T> {
- /// Create an `ARef<Request>` from a `struct request` pointer.
+ /// Create an [`ARef<Request>`] from a [`struct request`] pointer.
///
/// # Safety
///
/// * The caller must own a refcount on `ptr` that is transferred to the
- /// returned `ARef`.
- /// * The type invariants for `Request` must hold for the pointee of `ptr`.
+ /// returned [`ARef`].
+ /// * The type invariants for [`Request`] must hold for the pointee of `ptr`.
+ ///
+ /// [`struct request`]: srctree/include/linux/blk-mq.h
pub(crate) unsafe fn aref_from_raw(ptr: *mut bindings::request) -> ARef<Self> {
// INVARIANT: By the safety requirements of this function, invariants are upheld.
// SAFETY: By the safety requirement of this function, we own a
@@ -84,12 +89,14 @@ pub(crate) unsafe fn start_unchecked(this: &ARef<Self>) {
}
/// Try to take exclusive ownership of `this` by dropping the refcount to 0.
- /// This fails if `this` is not the only `ARef` pointing to the underlying
- /// `Request`.
+ /// This fails if `this` is not the only [`ARef`] pointing to the underlying
+ /// [`Request`].
///
- /// If the operation is successful, `Ok` is returned with a pointer to the
- /// C `struct request`. If the operation fails, `this` is returned in the
- /// `Err` variant.
+ /// If the operation is successful, [`Ok`] is returned with a pointer to the
+ /// C [`struct request`]. If the operation fails, `this` is returned in the
+ /// [`Err`] variant.
+ ///
+ /// [`struct request`]: srctree/include/linux/blk-mq.h
fn try_set_end(this: ARef<Self>) -> Result<*mut bindings::request, ARef<Self>> {
// We can race with `TagSet::tag_to_rq`
if let Err(_old) = this.wrapper_ref().refcount().compare_exchange(
@@ -109,7 +116,7 @@ fn try_set_end(this: ARef<Self>) -> Result<*mut bindings::request, ARef<Self>> {
/// Notify the block layer that the request has been completed without errors.
///
- /// This function will return `Err` if `this` is not the only `ARef`
+ /// This function will return [`Err`] if `this` is not the only [`ARef`]
/// referencing the request.
pub fn end_ok(this: ARef<Self>) -> Result<(), ARef<Self>> {
let request_ptr = Self::try_set_end(this)?;
@@ -123,13 +130,13 @@ pub fn end_ok(this: ARef<Self>) -> Result<(), ARef<Self>> {
Ok(())
}
- /// Return a pointer to the `RequestDataWrapper` stored in the private area
+ /// Return a pointer to the [`RequestDataWrapper`] stored in the private area
/// of the request structure.
///
/// # Safety
///
/// - `this` must point to a valid allocation of size at least size of
- /// `Self` plus size of `RequestDataWrapper`.
+ /// [`Self`] plus size of [`RequestDataWrapper`].
pub(crate) unsafe fn wrapper_ptr(this: *mut Self) -> NonNull<RequestDataWrapper> {
let request_ptr = this.cast::<bindings::request>();
// SAFETY: By safety requirements for this function, `this` is a
@@ -141,7 +148,7 @@ pub(crate) unsafe fn wrapper_ptr(this: *mut Self) -> NonNull<RequestDataWrapper>
unsafe { NonNull::new_unchecked(wrapper_ptr) }
}
- /// Return a reference to the `RequestDataWrapper` stored in the private
+ /// Return a reference to the [`RequestDataWrapper`] stored in the private
/// area of the request structure.
pub(crate) fn wrapper_ref(&self) -> &RequestDataWrapper {
// SAFETY: By type invariant, `self.0` is a valid allocation. Further,
@@ -152,13 +159,15 @@ pub(crate) fn wrapper_ref(&self) -> &RequestDataWrapper {
}
}
-/// A wrapper around data stored in the private area of the C `struct request`.
+/// A wrapper around data stored in the private area of the C [`struct request`].
+///
+/// [`struct request`]: srctree/include/linux/blk-mq.h
pub(crate) struct RequestDataWrapper {
/// The Rust request refcount has the following states:
///
/// - 0: The request is owned by C block layer.
- /// - 1: The request is owned by Rust abstractions but there are no ARef references to it.
- /// - 2+: There are `ARef` references to the request.
+ /// - 1: The request is owned by Rust abstractions but there are no [`ARef`] references to it.
+ /// - 2+: There are [`ARef`] references to the request.
refcount: AtomicU64,
}
@@ -204,7 +213,7 @@ fn atomic_relaxed_op_return(target: &AtomicU64, op: impl Fn(u64) -> u64) -> u64
}
/// Store the result of `op(target.load)` in `target` if `target.load() !=
-/// pred`, returning true if the target was updated.
+/// pred`, returning [`true`] if the target was updated.
fn atomic_relaxed_op_unless(target: &AtomicU64, op: impl Fn(u64) -> u64, pred: u64) -> bool {
target
.fetch_update(Ordering::Relaxed, Ordering::Relaxed, |x| {
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 504/817] perf disasm: Use disasm_line__free() to properly free disasm_line
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (502 preceding siblings ...)
2024-12-03 14:41 ` [PATCH 6.11 503/817] rust: block: fix formatting of `kernel::block::mq::request` module Greg Kroah-Hartman
@ 2024-12-03 14:41 ` Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 505/817] virtiofs: use pages instead of pointer for kernel direct IO Greg Kroah-Hartman
` (322 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Li Huafei, Athira Rajeev, sesse,
kjain, Namhyung Kim, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Li Huafei <lihuafei1@huawei.com>
[ Upstream commit b4e0e9a1e30059f4523c9b6a1f8045ad89b5db8a ]
The structure disasm_line contains members that require dynamically
allocated memory and need to be freed correctly using
disasm_line__free().
This patch fixes the incorrect release in
symbol__disassemble_capstone().
Fixes: 6d17edc113de ("perf annotate: Use libcapstone to disassemble")
Signed-off-by: Li Huafei <lihuafei1@huawei.com>
Tested-by: Athira Rajeev <atrajeev@linux.vnet.ibm.com>
Cc: sesse@google.com
Cc: kjain@linux.ibm.com
Link: https://lore.kernel.org/r/20241019154157.282038-1-lihuafei1@huawei.com
Signed-off-by: Namhyung Kim <namhyung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/perf/util/disasm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/perf/util/disasm.c b/tools/perf/util/disasm.c
index 766cbd005f32a..c2ce33e447e35 100644
--- a/tools/perf/util/disasm.c
+++ b/tools/perf/util/disasm.c
@@ -1391,7 +1391,7 @@ static int symbol__disassemble_capstone(char *filename, struct symbol *sym,
*/
list_for_each_entry_safe(dl, tmp, ¬es->src->source, al.node) {
list_del(&dl->al.node);
- free(dl);
+ disasm_line__free(dl);
}
}
count = -1;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 505/817] virtiofs: use pages instead of pointer for kernel direct IO
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (503 preceding siblings ...)
2024-12-03 14:41 ` [PATCH 6.11 504/817] perf disasm: Use disasm_line__free() to properly free disasm_line Greg Kroah-Hartman
@ 2024-12-03 14:41 ` Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 506/817] perf ftrace latency: Fix unit on histogram first entry when using --use-nsec Greg Kroah-Hartman
` (321 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Hou Tao, Jingbo Xu, Miklos Szeredi,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hou Tao <houtao1@huawei.com>
[ Upstream commit 41748675c0bf252b3c5f600a95830f0936d366c1 ]
When trying to insert a 10MB kernel module kept in a virtio-fs with cache
disabled, the following warning was reported:
------------[ cut here ]------------
WARNING: CPU: 1 PID: 404 at mm/page_alloc.c:4551 ......
Modules linked in:
CPU: 1 PID: 404 Comm: insmod Not tainted 6.9.0-rc5+ #123
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) ......
RIP: 0010:__alloc_pages+0x2bf/0x380
......
Call Trace:
<TASK>
? __warn+0x8e/0x150
? __alloc_pages+0x2bf/0x380
__kmalloc_large_node+0x86/0x160
__kmalloc+0x33c/0x480
virtio_fs_enqueue_req+0x240/0x6d0
virtio_fs_wake_pending_and_unlock+0x7f/0x190
queue_request_and_unlock+0x55/0x60
fuse_simple_request+0x152/0x2b0
fuse_direct_io+0x5d2/0x8c0
fuse_file_read_iter+0x121/0x160
__kernel_read+0x151/0x2d0
kernel_read+0x45/0x50
kernel_read_file+0x1a9/0x2a0
init_module_from_file+0x6a/0xe0
idempotent_init_module+0x175/0x230
__x64_sys_finit_module+0x5d/0xb0
x64_sys_call+0x1c3/0x9e0
do_syscall_64+0x3d/0xc0
entry_SYSCALL_64_after_hwframe+0x4b/0x53
......
</TASK>
---[ end trace 0000000000000000 ]---
The warning is triggered as follows:
1) syscall finit_module() handles the module insertion and it invokes
kernel_read_file() to read the content of the module first.
2) kernel_read_file() allocates a 10MB buffer by using vmalloc() and
passes it to kernel_read(). kernel_read() constructs a kvec iter by
using iov_iter_kvec() and passes it to fuse_file_read_iter().
3) virtio-fs disables the cache, so fuse_file_read_iter() invokes
fuse_direct_io(). As for now, the maximal read size for kvec iter is
only limited by fc->max_read. For virtio-fs, max_read is UINT_MAX, so
fuse_direct_io() doesn't split the 10MB buffer. It saves the address and
the size of the 10MB-sized buffer in out_args[0] of a fuse request and
passes the fuse request to virtio_fs_wake_pending_and_unlock().
4) virtio_fs_wake_pending_and_unlock() uses virtio_fs_enqueue_req() to
queue the request. Because virtiofs need DMA-able address, so
virtio_fs_enqueue_req() uses kmalloc() to allocate a bounce buffer for
all fuse args, copies these args into the bounce buffer and passed the
physical address of the bounce buffer to virtiofsd. The total length of
these fuse args for the passed fuse request is about 10MB, so
copy_args_to_argbuf() invokes kmalloc() with a 10MB size parameter and
it triggers the warning in __alloc_pages():
if (WARN_ON_ONCE_GFP(order > MAX_PAGE_ORDER, gfp))
return NULL;
5) virtio_fs_enqueue_req() will retry the memory allocation in a
kworker, but it won't help, because kmalloc() will always return NULL
due to the abnormal size and finit_module() will hang forever.
A feasible solution is to limit the value of max_read for virtio-fs, so
the length passed to kmalloc() will be limited. However it will affect
the maximal read size for normal read. And for virtio-fs write initiated
from kernel, it has the similar problem but now there is no way to limit
fc->max_write in kernel.
So instead of limiting both the values of max_read and max_write in
kernel, introducing use_pages_for_kvec_io in fuse_conn and setting it as
true in virtiofs. When use_pages_for_kvec_io is enabled, fuse will use
pages instead of pointer to pass the KVEC_IO data.
After switching to pages for KVEC_IO data, these pages will be used for
DMA through virtio-fs. If these pages are backed by vmalloc(),
{flush|invalidate}_kernel_vmap_range() are necessary to flush or
invalidate the cache before the DMA operation. So add two new fields in
fuse_args_pages to record the base address of vmalloc area and the
condition indicating whether invalidation is needed. Perform the flush
in fuse_get_user_pages() for write operations and the invalidation in
fuse_release_user_pages() for read operations.
It may seem necessary to introduce another field in fuse_conn to
indicate that these KVEC_IO pages are used for DMA, However, considering
that virtio-fs is currently the only user of use_pages_for_kvec_io, just
reuse use_pages_for_kvec_io to indicate that these pages will be used
for DMA.
Fixes: a62a8ef9d97d ("virtio-fs: add virtiofs filesystem")
Signed-off-by: Hou Tao <houtao1@huawei.com>
Tested-by: Jingbo Xu <jefflexu@linux.alibaba.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/fuse/file.c | 62 +++++++++++++++++++++++++++++++--------------
fs/fuse/fuse_i.h | 6 +++++
fs/fuse/virtio_fs.c | 1 +
3 files changed, 50 insertions(+), 19 deletions(-)
diff --git a/fs/fuse/file.c b/fs/fuse/file.c
index 08f7d538ca98f..f4d17cd8c734c 100644
--- a/fs/fuse/file.c
+++ b/fs/fuse/file.c
@@ -645,7 +645,7 @@ void fuse_read_args_fill(struct fuse_io_args *ia, struct file *file, loff_t pos,
args->out_args[0].size = count;
}
-static void fuse_release_user_pages(struct fuse_args_pages *ap,
+static void fuse_release_user_pages(struct fuse_args_pages *ap, ssize_t nres,
bool should_dirty)
{
unsigned int i;
@@ -656,6 +656,9 @@ static void fuse_release_user_pages(struct fuse_args_pages *ap,
if (ap->args.is_pinned)
unpin_user_page(ap->pages[i]);
}
+
+ if (nres > 0 && ap->args.invalidate_vmap)
+ invalidate_kernel_vmap_range(ap->args.vmap_base, nres);
}
static void fuse_io_release(struct kref *kref)
@@ -754,25 +757,29 @@ static void fuse_aio_complete_req(struct fuse_mount *fm, struct fuse_args *args,
struct fuse_io_args *ia = container_of(args, typeof(*ia), ap.args);
struct fuse_io_priv *io = ia->io;
ssize_t pos = -1;
-
- fuse_release_user_pages(&ia->ap, io->should_dirty);
+ size_t nres;
if (err) {
/* Nothing */
} else if (io->write) {
if (ia->write.out.size > ia->write.in.size) {
err = -EIO;
- } else if (ia->write.in.size != ia->write.out.size) {
- pos = ia->write.in.offset - io->offset +
- ia->write.out.size;
+ } else {
+ nres = ia->write.out.size;
+ if (ia->write.in.size != ia->write.out.size)
+ pos = ia->write.in.offset - io->offset +
+ ia->write.out.size;
}
} else {
u32 outsize = args->out_args[0].size;
+ nres = outsize;
if (ia->read.in.size != outsize)
pos = ia->read.in.offset - io->offset + outsize;
}
+ fuse_release_user_pages(&ia->ap, err ?: nres, io->should_dirty);
+
fuse_aio_complete(io, err, pos);
fuse_io_free(ia);
}
@@ -1467,24 +1474,37 @@ static inline size_t fuse_get_frag_size(const struct iov_iter *ii,
static int fuse_get_user_pages(struct fuse_args_pages *ap, struct iov_iter *ii,
size_t *nbytesp, int write,
- unsigned int max_pages)
+ unsigned int max_pages,
+ bool use_pages_for_kvec_io)
{
+ bool flush_or_invalidate = false;
size_t nbytes = 0; /* # bytes already packed in req */
ssize_t ret = 0;
- /* Special case for kernel I/O: can copy directly into the buffer */
+ /* Special case for kernel I/O: can copy directly into the buffer.
+ * However if the implementation of fuse_conn requires pages instead of
+ * pointer (e.g., virtio-fs), use iov_iter_extract_pages() instead.
+ */
if (iov_iter_is_kvec(ii)) {
- unsigned long user_addr = fuse_get_user_addr(ii);
- size_t frag_size = fuse_get_frag_size(ii, *nbytesp);
+ void *user_addr = (void *)fuse_get_user_addr(ii);
- if (write)
- ap->args.in_args[1].value = (void *) user_addr;
- else
- ap->args.out_args[0].value = (void *) user_addr;
+ if (!use_pages_for_kvec_io) {
+ size_t frag_size = fuse_get_frag_size(ii, *nbytesp);
- iov_iter_advance(ii, frag_size);
- *nbytesp = frag_size;
- return 0;
+ if (write)
+ ap->args.in_args[1].value = user_addr;
+ else
+ ap->args.out_args[0].value = user_addr;
+
+ iov_iter_advance(ii, frag_size);
+ *nbytesp = frag_size;
+ return 0;
+ }
+
+ if (is_vmalloc_addr(user_addr)) {
+ ap->args.vmap_base = user_addr;
+ flush_or_invalidate = true;
+ }
}
while (nbytes < *nbytesp && ap->num_pages < max_pages) {
@@ -1513,6 +1533,10 @@ static int fuse_get_user_pages(struct fuse_args_pages *ap, struct iov_iter *ii,
(PAGE_SIZE - ret) & (PAGE_SIZE - 1);
}
+ if (write && flush_or_invalidate)
+ flush_kernel_vmap_range(ap->args.vmap_base, nbytes);
+
+ ap->args.invalidate_vmap = !write && flush_or_invalidate;
ap->args.is_pinned = iov_iter_extract_will_pin(ii);
ap->args.user_pages = true;
if (write)
@@ -1581,7 +1605,7 @@ ssize_t fuse_direct_io(struct fuse_io_priv *io, struct iov_iter *iter,
size_t nbytes = min(count, nmax);
err = fuse_get_user_pages(&ia->ap, iter, &nbytes, write,
- max_pages);
+ max_pages, fc->use_pages_for_kvec_io);
if (err && !nbytes)
break;
@@ -1595,7 +1619,7 @@ ssize_t fuse_direct_io(struct fuse_io_priv *io, struct iov_iter *iter,
}
if (!io->async || nres < 0) {
- fuse_release_user_pages(&ia->ap, io->should_dirty);
+ fuse_release_user_pages(&ia->ap, nres, io->should_dirty);
fuse_io_free(ia);
}
ia = NULL;
diff --git a/fs/fuse/fuse_i.h b/fs/fuse/fuse_i.h
index f239196103137..79add14c363fb 100644
--- a/fs/fuse/fuse_i.h
+++ b/fs/fuse/fuse_i.h
@@ -309,9 +309,12 @@ struct fuse_args {
bool may_block:1;
bool is_ext:1;
bool is_pinned:1;
+ bool invalidate_vmap:1;
struct fuse_in_arg in_args[3];
struct fuse_arg out_args[2];
void (*end)(struct fuse_mount *fm, struct fuse_args *args, int error);
+ /* Used for kvec iter backed by vmalloc address */
+ void *vmap_base;
};
struct fuse_args_pages {
@@ -860,6 +863,9 @@ struct fuse_conn {
/** Passthrough support for read/write IO */
unsigned int passthrough:1;
+ /* Use pages instead of pointer for kernel I/O */
+ unsigned int use_pages_for_kvec_io:1;
+
/** Maximum stack depth for passthrough backing files */
int max_stack_depth;
diff --git a/fs/fuse/virtio_fs.c b/fs/fuse/virtio_fs.c
index dd52601416150..43d66ab5e8918 100644
--- a/fs/fuse/virtio_fs.c
+++ b/fs/fuse/virtio_fs.c
@@ -1568,6 +1568,7 @@ static int virtio_fs_get_tree(struct fs_context *fsc)
fc->delete_stale = true;
fc->auto_submounts = true;
fc->sync_fs = true;
+ fc->use_pages_for_kvec_io = true;
/* Tell FUSE to split requests that exceed the virtqueue's size */
fc->max_pages_limit = min_t(unsigned int, fc->max_pages_limit,
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 506/817] perf ftrace latency: Fix unit on histogram first entry when using --use-nsec
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (504 preceding siblings ...)
2024-12-03 14:41 ` [PATCH 6.11 505/817] virtiofs: use pages instead of pointer for kernel direct IO Greg Kroah-Hartman
@ 2024-12-03 14:41 ` Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 507/817] i3c: master: Remove i3c_dev_disable_ibi_locked(olddev) on device hotjoin Greg Kroah-Hartman
` (320 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Arnaldo Carvalho de Melo,
Gabriele Monaco, Namhyung Kim, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Arnaldo Carvalho de Melo <acme@kernel.org>
[ Upstream commit 064d569e20e82c065b1dec9d20c29c7087bb1a00 ]
The use_nsec arg wasn't being taken into account when printing the first
histogram entry, fix it:
root@number:~# perf ftrace latency --use-nsec -T switch_mm_irqs_off -a sleep 2
# DURATION | COUNT | GRAPH |
0 - 1 us | 0 | |
1 - 2 ns | 0 | |
2 - 4 ns | 0 | |
4 - 8 ns | 0 | |
8 - 16 ns | 0 | |
16 - 32 ns | 0 | |
32 - 64 ns | 125 | |
64 - 128 ns | 335 | |
128 - 256 ns | 2155 | #### |
256 - 512 ns | 9996 | ################### |
512 - 1024 ns | 4958 | ######### |
1 - 2 us | 4636 | ######### |
2 - 4 us | 1053 | ## |
4 - 8 us | 15 | |
8 - 16 us | 1 | |
16 - 32 us | 0 | |
32 - 64 us | 0 | |
64 - 128 us | 0 | |
128 - 256 us | 0 | |
256 - 512 us | 0 | |
512 - 1024 us | 0 | |
1 - ... ms | 0 | |
root@number:~#
After:
root@number:~# perf ftrace latency --use-nsec -T switch_mm_irqs_off -a sleep 2
# DURATION | COUNT | GRAPH |
0 - 1 ns | 0 | |
1 - 2 ns | 0 | |
2 - 4 ns | 0 | |
4 - 8 ns | 0 | |
8 - 16 ns | 0 | |
16 - 32 ns | 0 | |
32 - 64 ns | 19 | |
64 - 128 ns | 94 | |
128 - 256 ns | 2191 | #### |
256 - 512 ns | 9719 | #################### |
512 - 1024 ns | 5330 | ########### |
1 - 2 us | 4104 | ######## |
2 - 4 us | 807 | # |
4 - 8 us | 9 | |
8 - 16 us | 0 | |
16 - 32 us | 0 | |
32 - 64 us | 0 | |
64 - 128 us | 0 | |
128 - 256 us | 0 | |
256 - 512 us | 0 | |
512 - 1024 us | 0 | |
1 - ... ms | 0 | |
root@number:~#
Fixes: 84005bb6148618cc ("perf ftrace latency: Add -n/--use-nsec option")
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Gabriele Monaco <gmonaco@redhat.com>
Link: https://lore.kernel.org/r/ZyE3frB-hMXHCnMO@x1
Signed-off-by: Namhyung Kim <namhyung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/perf/builtin-ftrace.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/perf/builtin-ftrace.c b/tools/perf/builtin-ftrace.c
index eb30c8eca4887..8eab3cdb2c6de 100644
--- a/tools/perf/builtin-ftrace.c
+++ b/tools/perf/builtin-ftrace.c
@@ -771,7 +771,7 @@ static void display_histogram(int buckets[], bool use_nsec)
bar_len = buckets[0] * bar_total / total;
printf(" %4d - %-4d %s | %10d | %.*s%*s |\n",
- 0, 1, "us", buckets[0], bar_len, bar, bar_total - bar_len, "");
+ 0, 1, use_nsec ? "ns" : "us", buckets[0], bar_len, bar, bar_total - bar_len, "");
for (i = 1; i < NUM_BUCKET - 1; i++) {
int start = (1 << (i - 1));
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 507/817] i3c: master: Remove i3c_dev_disable_ibi_locked(olddev) on device hotjoin
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (505 preceding siblings ...)
2024-12-03 14:41 ` [PATCH 6.11 506/817] perf ftrace latency: Fix unit on histogram first entry when using --use-nsec Greg Kroah-Hartman
@ 2024-12-03 14:41 ` Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 508/817] f2fs: fix the wrong f2fs_bug_on condition in f2fs_do_replace_block Greg Kroah-Hartman
` (319 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ravindra Yashvant Shinde,
Miquel Raynal, Frank Li, Alexandre Belloni, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Frank Li <Frank.Li@nxp.com>
[ Upstream commit 36faa04ce3d9c962b4b29d285ad07ca29e2988e4 ]
When a new device hotjoins, a new dynamic address is assigned.
i3c_master_add_i3c_dev_locked() identifies that the device was previously
attached to the bus and locates the olddev.
i3c_master_add_i3c_dev_locked()
{
...
olddev = i3c_master_search_i3c_dev_duplicate(newdev);
...
if (olddev) {
...
i3c_dev_disable_ibi_locked(olddev);
^^^^^^
The olddev should not receive any commands on the i3c bus as it
does not exist and has been assigned a new address. This will
result in NACK or timeout. So remove it.
}
i3c_dev_free_ibi_locked(olddev);
^^^^^^^^
This function internally calls i3c_dev_disable_ibi_locked() function
causing to send DISEC command with old Address.
The olddev should not receive any commands on the i3c bus as it
does not exist and has been assigned a new address. This will
result in NACK or timeout. So, update the olddev->ibi->enabled
flag to false to avoid DISEC with OldAddr.
}
Include part of Ravindra Yashvant Shinde's work:
https://lore.kernel.org/linux-i3c/20240820151917.3904956-1-ravindra.yashvant.shinde@nxp.com/T/#u
Fixes: 317bacf960a4 ("i3c: master: add enable(disable) hot join in sys entry")
Co-developed-by: Ravindra Yashvant Shinde <ravindra.yashvant.shinde@nxp.com>
Signed-off-by: Ravindra Yashvant Shinde <ravindra.yashvant.shinde@nxp.com>
Reviewed-by: Miquel Raynal <miquel.raynal@bootlin.com>
Signed-off-by: Frank Li <Frank.Li@nxp.com>
Link: https://lore.kernel.org/r/20241001162232.223724-1-Frank.Li@nxp.com
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/i3c/master.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/drivers/i3c/master.c b/drivers/i3c/master.c
index 7028f03c2c42e..82f031928e413 100644
--- a/drivers/i3c/master.c
+++ b/drivers/i3c/master.c
@@ -2039,11 +2039,16 @@ int i3c_master_add_i3c_dev_locked(struct i3c_master_controller *master,
ibireq.max_payload_len = olddev->ibi->max_payload_len;
ibireq.num_slots = olddev->ibi->num_slots;
- if (olddev->ibi->enabled) {
+ if (olddev->ibi->enabled)
enable_ibi = true;
- i3c_dev_disable_ibi_locked(olddev);
- }
-
+ /*
+ * The olddev should not receive any commands on the
+ * i3c bus as it does not exist and has been assigned
+ * a new address. This will result in NACK or timeout.
+ * So, update the olddev->ibi->enabled flag to false
+ * to avoid DISEC with OldAddr.
+ */
+ olddev->ibi->enabled = false;
i3c_dev_free_ibi_locked(olddev);
}
mutex_unlock(&olddev->ibi_lock);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 508/817] f2fs: fix the wrong f2fs_bug_on condition in f2fs_do_replace_block
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (506 preceding siblings ...)
2024-12-03 14:41 ` [PATCH 6.11 507/817] i3c: master: Remove i3c_dev_disable_ibi_locked(olddev) on device hotjoin Greg Kroah-Hartman
@ 2024-12-03 14:41 ` Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 509/817] f2fs: check curseg->inited before write_sum_page in change_curseg Greg Kroah-Hartman
` (318 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, LongPing Wei, Chao Yu, Jaegeuk Kim,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: LongPing Wei <weilongping@oppo.com>
[ Upstream commit c3af1f13476ec23fd99c98d060a89be28c1e8871 ]
This f2fs_bug_on was introduced by commit 2c1905042c8c ("f2fs: check
segment type in __f2fs_replace_block") when there were only 6 curseg types.
After commit d0b9e42ab615 ("f2fs: introduce inmem curseg") was introduced,
the condition should be changed to checking curseg->seg_type.
Fixes: d0b9e42ab615 ("f2fs: introduce inmem curseg")
Signed-off-by: LongPing Wei <weilongping@oppo.com>
Reviewed-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/f2fs/segment.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c
index c9320c98cb142..3f49a9e0ec642 100644
--- a/fs/f2fs/segment.c
+++ b/fs/f2fs/segment.c
@@ -3974,8 +3974,8 @@ void f2fs_do_replace_block(struct f2fs_sb_info *sbi, struct f2fs_summary *sum,
}
}
- f2fs_bug_on(sbi, !IS_DATASEG(type));
curseg = CURSEG_I(sbi, type);
+ f2fs_bug_on(sbi, !IS_DATASEG(curseg->seg_type));
mutex_lock(&curseg->curseg_mutex);
down_write(&sit_i->sentry_lock);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 509/817] f2fs: check curseg->inited before write_sum_page in change_curseg
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (507 preceding siblings ...)
2024-12-03 14:41 ` [PATCH 6.11 508/817] f2fs: fix the wrong f2fs_bug_on condition in f2fs_do_replace_block Greg Kroah-Hartman
@ 2024-12-03 14:41 ` Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 510/817] f2fs: Fix not used variable index Greg Kroah-Hartman
` (317 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yongpeng Yang, Chao Yu, Jaegeuk Kim,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yongpeng Yang <yangyongpeng1@oppo.com>
[ Upstream commit 43563069e1c1df417d2eed6eca8a22fc6b04691d ]
In the __f2fs_init_atgc_curseg->get_atssr_segment calling,
curseg->segno is NULL_SEGNO, indicating that there is no summary
block that needs to be written.
Fixes: 093749e296e2 ("f2fs: support age threshold based garbage collection")
Signed-off-by: Yongpeng Yang <yangyongpeng1@oppo.com>
Reviewed-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/f2fs/segment.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c
index 3f49a9e0ec642..6379d9c40a024 100644
--- a/fs/f2fs/segment.c
+++ b/fs/f2fs/segment.c
@@ -2926,7 +2926,8 @@ static int change_curseg(struct f2fs_sb_info *sbi, int type)
struct f2fs_summary_block *sum_node;
struct page *sum_page;
- write_sum_page(sbi, curseg->sum_blk, GET_SUM_BLOCK(sbi, curseg->segno));
+ if (curseg->inited)
+ write_sum_page(sbi, curseg->sum_blk, GET_SUM_BLOCK(sbi, curseg->segno));
__set_test_and_inuse(sbi, new_segno);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 510/817] f2fs: Fix not used variable index
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (508 preceding siblings ...)
2024-12-03 14:41 ` [PATCH 6.11 509/817] f2fs: check curseg->inited before write_sum_page in change_curseg Greg Kroah-Hartman
@ 2024-12-03 14:41 ` Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 511/817] f2fs: fix to avoid potential deadlock in f2fs_record_stop_reason() Greg Kroah-Hartman
` (316 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zeng Heng, Chao Yu, Jaegeuk Kim,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zeng Heng <zengheng4@huawei.com>
[ Upstream commit 0c3a38a4b442893f8baca72e44a2a27d52d6cc75 ]
Fix the following compilation warning:
fs/f2fs/data.c:2391:10: warning: variable ‘index’ set but not used
[-Wunused-but-set-variable]
2391 | pgoff_t index;
Only define and set the variable index when the CONFIG_F2FS_FS_COMPRESSION
is enabled.
Fixes: db92e6c729d8 ("f2fs: convert f2fs_mpage_readpages() to use folio")
Signed-off-by: Zeng Heng <zengheng4@huawei.com>
Reviewed-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/f2fs/data.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/fs/f2fs/data.c
+++ b/fs/f2fs/data.c
@@ -2354,10 +2354,10 @@ static int f2fs_mpage_readpages(struct i
.nr_cpages = 0,
};
pgoff_t nc_cluster_idx = NULL_CLUSTER;
+ pgoff_t index;
#endif
unsigned nr_pages = rac ? readahead_count(rac) : 1;
unsigned max_nr_pages = nr_pages;
- pgoff_t index;
int ret = 0;
map.m_pblk = 0;
@@ -2375,9 +2375,9 @@ static int f2fs_mpage_readpages(struct i
prefetchw(&folio->flags);
}
+#ifdef CONFIG_F2FS_FS_COMPRESSION
index = folio_index(folio);
-#ifdef CONFIG_F2FS_FS_COMPRESSION
if (!f2fs_compressed_file(inode))
goto read_single_page;
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 511/817] f2fs: fix to avoid potential deadlock in f2fs_record_stop_reason()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (509 preceding siblings ...)
2024-12-03 14:41 ` [PATCH 6.11 510/817] f2fs: Fix not used variable index Greg Kroah-Hartman
@ 2024-12-03 14:41 ` Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 512/817] f2fs: fix to avoid use GC_AT when setting gc_mode as GC_URGENT_LOW or GC_URGENT_MID Greg Kroah-Hartman
` (315 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+be4a9983e95a5e25c8d3, Chao Yu,
Daejun Park, Jaegeuk Kim, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chao Yu <chao@kernel.org>
[ Upstream commit f10a890308a7cd8794e21f646f09827c6cb4bf5d ]
syzbot reports deadlock issue of f2fs as below:
======================================================
WARNING: possible circular locking dependency detected
6.12.0-rc3-syzkaller-00087-gc964ced77262 #0 Not tainted
------------------------------------------------------
kswapd0/79 is trying to acquire lock:
ffff888011824088 (&sbi->sb_lock){++++}-{3:3}, at: f2fs_down_write fs/f2fs/f2fs.h:2199 [inline]
ffff888011824088 (&sbi->sb_lock){++++}-{3:3}, at: f2fs_record_stop_reason+0x52/0x1d0 fs/f2fs/super.c:4068
but task is already holding lock:
ffff88804bd92610 (sb_internal#2){.+.+}-{0:0}, at: f2fs_evict_inode+0x662/0x15c0 fs/f2fs/inode.c:842
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #2 (sb_internal#2){.+.+}-{0:0}:
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825
percpu_down_read include/linux/percpu-rwsem.h:51 [inline]
__sb_start_write include/linux/fs.h:1716 [inline]
sb_start_intwrite+0x4d/0x1c0 include/linux/fs.h:1899
f2fs_evict_inode+0x662/0x15c0 fs/f2fs/inode.c:842
evict+0x4e8/0x9b0 fs/inode.c:725
f2fs_evict_inode+0x1a4/0x15c0 fs/f2fs/inode.c:807
evict+0x4e8/0x9b0 fs/inode.c:725
dispose_list fs/inode.c:774 [inline]
prune_icache_sb+0x239/0x2f0 fs/inode.c:963
super_cache_scan+0x38c/0x4b0 fs/super.c:223
do_shrink_slab+0x701/0x1160 mm/shrinker.c:435
shrink_slab+0x1093/0x14d0 mm/shrinker.c:662
shrink_one+0x43b/0x850 mm/vmscan.c:4818
shrink_many mm/vmscan.c:4879 [inline]
lru_gen_shrink_node mm/vmscan.c:4957 [inline]
shrink_node+0x3799/0x3de0 mm/vmscan.c:5937
kswapd_shrink_node mm/vmscan.c:6765 [inline]
balance_pgdat mm/vmscan.c:6957 [inline]
kswapd+0x1ca3/0x3700 mm/vmscan.c:7226
kthread+0x2f0/0x390 kernel/kthread.c:389
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
-> #1 (fs_reclaim){+.+.}-{0:0}:
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825
__fs_reclaim_acquire mm/page_alloc.c:3834 [inline]
fs_reclaim_acquire+0x88/0x130 mm/page_alloc.c:3848
might_alloc include/linux/sched/mm.h:318 [inline]
prepare_alloc_pages+0x147/0x5b0 mm/page_alloc.c:4493
__alloc_pages_noprof+0x16f/0x710 mm/page_alloc.c:4722
alloc_pages_mpol_noprof+0x3e8/0x680 mm/mempolicy.c:2265
alloc_pages_noprof mm/mempolicy.c:2345 [inline]
folio_alloc_noprof+0x128/0x180 mm/mempolicy.c:2352
filemap_alloc_folio_noprof+0xdf/0x500 mm/filemap.c:1010
do_read_cache_folio+0x2eb/0x850 mm/filemap.c:3787
read_mapping_folio include/linux/pagemap.h:1011 [inline]
f2fs_commit_super+0x3c0/0x7d0 fs/f2fs/super.c:4032
f2fs_record_stop_reason+0x13b/0x1d0 fs/f2fs/super.c:4079
f2fs_handle_critical_error+0x2ac/0x5c0 fs/f2fs/super.c:4174
f2fs_write_inode+0x35f/0x4d0 fs/f2fs/inode.c:785
write_inode fs/fs-writeback.c:1503 [inline]
__writeback_single_inode+0x711/0x10d0 fs/fs-writeback.c:1723
writeback_single_inode+0x1f3/0x660 fs/fs-writeback.c:1779
sync_inode_metadata+0xc4/0x120 fs/fs-writeback.c:2849
f2fs_release_file+0xa8/0x100 fs/f2fs/file.c:1941
__fput+0x23f/0x880 fs/file_table.c:431
task_work_run+0x24f/0x310 kernel/task_work.c:228
resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
__syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
syscall_exit_to_user_mode+0x168/0x370 kernel/entry/common.c:218
do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> #0 (&sbi->sb_lock){++++}-{3:3}:
check_prev_add kernel/locking/lockdep.c:3161 [inline]
check_prevs_add kernel/locking/lockdep.c:3280 [inline]
validate_chain+0x18ef/0x5920 kernel/locking/lockdep.c:3904
__lock_acquire+0x1384/0x2050 kernel/locking/lockdep.c:5202
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825
down_write+0x99/0x220 kernel/locking/rwsem.c:1577
f2fs_down_write fs/f2fs/f2fs.h:2199 [inline]
f2fs_record_stop_reason+0x52/0x1d0 fs/f2fs/super.c:4068
f2fs_handle_critical_error+0x2ac/0x5c0 fs/f2fs/super.c:4174
f2fs_evict_inode+0xa61/0x15c0 fs/f2fs/inode.c:883
evict+0x4e8/0x9b0 fs/inode.c:725
f2fs_evict_inode+0x1a4/0x15c0 fs/f2fs/inode.c:807
evict+0x4e8/0x9b0 fs/inode.c:725
dispose_list fs/inode.c:774 [inline]
prune_icache_sb+0x239/0x2f0 fs/inode.c:963
super_cache_scan+0x38c/0x4b0 fs/super.c:223
do_shrink_slab+0x701/0x1160 mm/shrinker.c:435
shrink_slab+0x1093/0x14d0 mm/shrinker.c:662
shrink_one+0x43b/0x850 mm/vmscan.c:4818
shrink_many mm/vmscan.c:4879 [inline]
lru_gen_shrink_node mm/vmscan.c:4957 [inline]
shrink_node+0x3799/0x3de0 mm/vmscan.c:5937
kswapd_shrink_node mm/vmscan.c:6765 [inline]
balance_pgdat mm/vmscan.c:6957 [inline]
kswapd+0x1ca3/0x3700 mm/vmscan.c:7226
kthread+0x2f0/0x390 kernel/kthread.c:389
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
other info that might help us debug this:
Chain exists of:
&sbi->sb_lock --> fs_reclaim --> sb_internal#2
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
rlock(sb_internal#2);
lock(fs_reclaim);
lock(sb_internal#2);
lock(&sbi->sb_lock);
Root cause is there will be potential deadlock in between
below tasks:
Thread A Kswapd
- f2fs_ioc_commit_atomic_write
- mnt_want_write_file -- down_read lock A
- balance_pgdat
- __fs_reclaim_acquire -- lock B
- shrink_node
- prune_icache_sb
- dispose_list
- f2fs_evict_inode
- sb_start_intwrite -- down_read lock A
- f2fs_do_sync_file
- f2fs_write_inode
- f2fs_handle_critical_error
- f2fs_record_stop_reason
- f2fs_commit_super
- read_mapping_folio
- filemap_alloc_folio_noprof
- fs_reclaim_acquire -- lock B
Both threads try to acquire read lock of lock A, then its upcoming write
lock grabber will trigger deadlock.
Let's always create an asynchronous task in f2fs_handle_critical_error()
rather than calling f2fs_record_stop_reason() synchronously to avoid
this potential deadlock issue.
Fixes: b62e71be2110 ("f2fs: support errors=remount-ro|continue|panic mountoption")
Reported-by: syzbot+be4a9983e95a5e25c8d3@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/all/6704d667.050a0220.1e4d62.0081.GAE@google.com
Signed-off-by: Chao Yu <chao@kernel.org>
Reviewed-by: Daejun Park <daejun7.park@samsung.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/f2fs/checkpoint.c | 2 +-
fs/f2fs/f2fs.h | 3 +--
fs/f2fs/super.c | 13 +++++++------
3 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/fs/f2fs/checkpoint.c b/fs/f2fs/checkpoint.c
index bdd96329dddd4..4184755535553 100644
--- a/fs/f2fs/checkpoint.c
+++ b/fs/f2fs/checkpoint.c
@@ -32,7 +32,7 @@ void f2fs_stop_checkpoint(struct f2fs_sb_info *sbi, bool end_io,
f2fs_build_fault_attr(sbi, 0, 0);
if (!end_io)
f2fs_flush_merged_writes(sbi);
- f2fs_handle_critical_error(sbi, reason, end_io);
+ f2fs_handle_critical_error(sbi, reason);
}
/*
diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h
index 3bdfa53b24bb9..0c8afcd638518 100644
--- a/fs/f2fs/f2fs.h
+++ b/fs/f2fs/f2fs.h
@@ -3635,8 +3635,7 @@ int f2fs_quota_sync(struct super_block *sb, int type);
loff_t max_file_blocks(struct inode *inode);
void f2fs_quota_off_umount(struct super_block *sb);
void f2fs_save_errors(struct f2fs_sb_info *sbi, unsigned char flag);
-void f2fs_handle_critical_error(struct f2fs_sb_info *sbi, unsigned char reason,
- bool irq_context);
+void f2fs_handle_critical_error(struct f2fs_sb_info *sbi, unsigned char reason);
void f2fs_handle_error(struct f2fs_sb_info *sbi, unsigned char error);
void f2fs_handle_error_async(struct f2fs_sb_info *sbi, unsigned char error);
int f2fs_commit_super(struct f2fs_sb_info *sbi, bool recover);
diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c
index 615ca1f0ef59b..bb892d92c5b26 100644
--- a/fs/f2fs/super.c
+++ b/fs/f2fs/super.c
@@ -4136,8 +4136,7 @@ static bool system_going_down(void)
|| system_state == SYSTEM_RESTART;
}
-void f2fs_handle_critical_error(struct f2fs_sb_info *sbi, unsigned char reason,
- bool irq_context)
+void f2fs_handle_critical_error(struct f2fs_sb_info *sbi, unsigned char reason)
{
struct super_block *sb = sbi->sb;
bool shutdown = reason == STOP_CP_REASON_SHUTDOWN;
@@ -4149,10 +4148,12 @@ void f2fs_handle_critical_error(struct f2fs_sb_info *sbi, unsigned char reason,
if (!f2fs_hw_is_readonly(sbi)) {
save_stop_reason(sbi, reason);
- if (irq_context && !shutdown)
- schedule_work(&sbi->s_error_work);
- else
- f2fs_record_stop_reason(sbi);
+ /*
+ * always create an asynchronous task to record stop_reason
+ * in order to avoid potential deadlock when running into
+ * f2fs_record_stop_reason() synchronously.
+ */
+ schedule_work(&sbi->s_error_work);
}
/*
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 512/817] f2fs: fix to avoid use GC_AT when setting gc_mode as GC_URGENT_LOW or GC_URGENT_MID
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (510 preceding siblings ...)
2024-12-03 14:41 ` [PATCH 6.11 511/817] f2fs: fix to avoid potential deadlock in f2fs_record_stop_reason() Greg Kroah-Hartman
@ 2024-12-03 14:41 ` Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 513/817] PCI: qcom-ep: Move controller cleanups to qcom_pcie_perst_deassert() Greg Kroah-Hartman
` (314 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhiguo Niu, Chao Yu, Jaegeuk Kim,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zhiguo Niu <zhiguo.niu@unisoc.com>
[ Upstream commit 296b8cb34e65fa93382cf919be5a056f719c9a26 ]
If gc_mode is set to GC_URGENT_LOW or GC_URGENT_MID, cost benefit GC
approach should be used, but if ATGC is enabled at the same time,
Age-threshold approach will be selected, which can only do amount of
GC and it is much less than the numbers of CB approach.
some traces:
f2fs_gc-254:48-396 [007] ..... 2311600.684028: f2fs_gc_begin: dev = (254,48), gc_type = Background GC, no_background_GC = 0, nr_free_secs = 0, nodes = 1053, dents = 2, imeta = 18, free_sec:44898, free_seg:44898, rsv_seg:239, prefree_seg:0
f2fs_gc-254:48-396 [007] ..... 2311600.684527: f2fs_get_victim: dev = (254,48), type = No TYPE, policy = (Background GC, LFS-mode, Age-threshold), victim = 10, cost = 4294364975, ofs_unit = 1, pre_victim_secno = -1, prefree = 0, free = 44898
f2fs_gc-254:48-396 [007] ..... 2311600.714835: f2fs_gc_end: dev = (254,48), ret = 0, seg_freed = 0, sec_freed = 0, nodes = 1562, dents = 2, imeta = 18, free_sec:44898, free_seg:44898, rsv_seg:239, prefree_seg:0
f2fs_gc-254:48-396 [007] ..... 2311600.714843: f2fs_background_gc: dev = (254,48), wait_ms = 50, prefree = 0, free = 44898
f2fs_gc-254:48-396 [007] ..... 2311600.771785: f2fs_gc_begin: dev = (254,48), gc_type = Background GC, no_background_GC = 0, nr_free_secs = 0, nodes = 1562, dents = 2, imeta = 18, free_sec:44898, free_seg:44898, rsv_seg:239, prefree_seg:
f2fs_gc-254:48-396 [007] ..... 2311600.772275: f2fs_gc_end: dev = (254,48), ret = -61, seg_freed = 0, sec_freed = 0, nodes = 1562, dents = 2, imeta = 18, free_sec:44898, free_seg:44898, rsv_seg:239, prefree_seg:0
Fixes: 0e5e81114de1 ("f2fs: add GC_URGENT_LOW mode in gc_urgent")
Fixes: d98af5f45520 ("f2fs: introduce gc_urgent_mid mode")
Signed-off-by: Zhiguo Niu <zhiguo.niu@unisoc.com>
Reviewed-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
Documentation/ABI/testing/sysfs-fs-f2fs | 7 +++++--
fs/f2fs/gc.c | 2 ++
2 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/Documentation/ABI/testing/sysfs-fs-f2fs b/Documentation/ABI/testing/sysfs-fs-f2fs
index d0c1acfcad405..ef2d8fcc6e993 100644
--- a/Documentation/ABI/testing/sysfs-fs-f2fs
+++ b/Documentation/ABI/testing/sysfs-fs-f2fs
@@ -311,10 +311,13 @@ Description: Do background GC aggressively when set. Set to 0 by default.
GC approach and turns SSR mode on.
gc urgent low(2): lowers the bar of checking I/O idling in
order to process outstanding discard commands and GC a
- little bit aggressively. uses cost benefit GC approach.
+ little bit aggressively. always uses cost benefit GC approach,
+ and will override age-threshold GC approach if ATGC is enabled
+ at the same time.
gc urgent mid(3): does GC forcibly in a period of given
gc_urgent_sleep_time and executes a mid level of I/O idling check.
- uses cost benefit GC approach.
+ always uses cost benefit GC approach, and will override
+ age-threshold GC approach if ATGC is enabled at the same time.
What: /sys/fs/f2fs/<disk>/gc_urgent_sleep_time
Date: August 2017
diff --git a/fs/f2fs/gc.c b/fs/f2fs/gc.c
index 938249e7819e4..2bc16e3106508 100644
--- a/fs/f2fs/gc.c
+++ b/fs/f2fs/gc.c
@@ -251,6 +251,8 @@ static int select_gc_type(struct f2fs_sb_info *sbi, int gc_type)
switch (sbi->gc_mode) {
case GC_IDLE_CB:
+ case GC_URGENT_LOW:
+ case GC_URGENT_MID:
gc_mode = GC_CB;
break;
case GC_IDLE_GREEDY:
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 513/817] PCI: qcom-ep: Move controller cleanups to qcom_pcie_perst_deassert()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (511 preceding siblings ...)
2024-12-03 14:41 ` [PATCH 6.11 512/817] f2fs: fix to avoid use GC_AT when setting gc_mode as GC_URGENT_LOW or GC_URGENT_MID Greg Kroah-Hartman
@ 2024-12-03 14:41 ` Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 514/817] PCI: tegra194: Move controller cleanups to pex_ep_event_pex_rst_deassert() Greg Kroah-Hartman
` (313 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Manivannan Sadhasivam,
Krzysztof Wilczyński, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
[ Upstream commit 7d7cf89b119af433354f865fc01017b9f8aa411a ]
Currently, the endpoint cleanup function dw_pcie_ep_cleanup() and EPF
deinit notify function pci_epc_deinit_notify() are called during the
execution of qcom_pcie_perst_assert() i.e., when the host has asserted
PERST#. But quickly after this step, refclk will also be disabled by the
host.
All of the Qcom endpoint SoCs supported as of now depend on the refclk from
the host for keeping the controller operational. Due to this limitation,
any access to the hardware registers in the absence of refclk will result
in a whole endpoint crash. Unfortunately, most of the controller cleanups
require accessing the hardware registers (like eDMA cleanup performed in
dw_pcie_ep_cleanup(), powering down MHI EPF etc...). So these cleanup
functions are currently causing the crash in the endpoint SoC once host
asserts PERST#.
One way to address this issue is by generating the refclk in the endpoint
itself and not depending on the host. But that is not always possible as
some of the endpoint designs do require the endpoint to consume refclk from
the host (as I was told by the Qcom engineers).
Thus, fix this crash by moving the controller cleanups to the start of
the qcom_pcie_perst_deassert() function. qcom_pcie_perst_deassert() is
called whenever the host has deasserted PERST# and it is guaranteed that
the refclk would be active at this point. So at the start of this function
(after enabling resources), the controller cleanup can be performed. Once
finished, rest of the code execution for PERST# deassert can continue as
usual.
Fixes: 473b2cf9c4d1 ("PCI: endpoint: Introduce 'epc_deinit' event and notify the EPF drivers")
Fixes: 570d7715eed8 ("PCI: dwc: ep: Introduce dw_pcie_ep_cleanup() API for drivers supporting PERST#")
Link: https://lore.kernel.org/r/20240817-pci-qcom-ep-cleanup-v1-1-d6b958226559@linaro.org
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Signed-off-by: Krzysztof Wilczyński <kwilczynski@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/controller/dwc/pcie-qcom-ep.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/pci/controller/dwc/pcie-qcom-ep.c b/drivers/pci/controller/dwc/pcie-qcom-ep.c
index c8bb7cd89678f..a7f65d50d4ebb 100644
--- a/drivers/pci/controller/dwc/pcie-qcom-ep.c
+++ b/drivers/pci/controller/dwc/pcie-qcom-ep.c
@@ -395,6 +395,10 @@ static int qcom_pcie_perst_deassert(struct dw_pcie *pci)
return ret;
}
+ /* Perform cleanup that requires refclk */
+ pci_epc_deinit_notify(pci->ep.epc);
+ dw_pcie_ep_cleanup(&pci->ep);
+
/* Assert WAKE# to RC to indicate device is ready */
gpiod_set_value_cansleep(pcie_ep->wake, 1);
usleep_range(WAKE_DELAY_US, WAKE_DELAY_US + 500);
@@ -534,8 +538,6 @@ static void qcom_pcie_perst_assert(struct dw_pcie *pci)
{
struct qcom_pcie_ep *pcie_ep = to_pcie_ep(pci);
- pci_epc_deinit_notify(pci->ep.epc);
- dw_pcie_ep_cleanup(&pci->ep);
qcom_pcie_disable_resources(pcie_ep);
pcie_ep->link_status = QCOM_PCIE_EP_LINK_DISABLED;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 514/817] PCI: tegra194: Move controller cleanups to pex_ep_event_pex_rst_deassert()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (512 preceding siblings ...)
2024-12-03 14:41 ` [PATCH 6.11 513/817] PCI: qcom-ep: Move controller cleanups to qcom_pcie_perst_deassert() Greg Kroah-Hartman
@ 2024-12-03 14:41 ` Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 515/817] PCI: cadence: Extract link setup sequence from cdns_pcie_host_setup() Greg Kroah-Hartman
` (312 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Manivannan Sadhasivam,
Krzysztof Wilczyński, Jonathan Hunter, Thierry Reding,
Vidya Sagar, linux-tegra, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
[ Upstream commit 40e2125381dc11379112485e3eefdd25c6df5375 ]
Currently, the endpoint cleanup function dw_pcie_ep_cleanup() and EPF
deinit notify function pci_epc_deinit_notify() are called during the
execution of pex_ep_event_pex_rst_assert() i.e., when the host has asserted
PERST#. But quickly after this step, refclk will also be disabled by the
host.
All of the tegra194 endpoint SoCs supported as of now depend on the refclk
from the host for keeping the controller operational. Due to this
limitation, any access to the hardware registers in the absence of refclk
will result in a whole endpoint crash. Unfortunately, most of the
controller cleanups require accessing the hardware registers (like eDMA
cleanup performed in dw_pcie_ep_cleanup(), etc...). So these cleanup
functions can cause the crash in the endpoint SoC once host asserts PERST#.
One way to address this issue is by generating the refclk in the endpoint
itself and not depending on the host. But that is not always possible as
some of the endpoint designs do require the endpoint to consume refclk from
the host.
Thus, fix this crash by moving the controller cleanups to the start of
the pex_ep_event_pex_rst_deassert() function. This function is called
whenever the host has deasserted PERST# and it is guaranteed that the
refclk would be active at this point. So at the start of this function
(after enabling resources) the controller cleanup can be performed. Once
finished, rest of the code execution for PERST# deassert can continue as
usual.
Fixes: 473b2cf9c4d1 ("PCI: endpoint: Introduce 'epc_deinit' event and notify the EPF drivers")
Fixes: 570d7715eed8 ("PCI: dwc: ep: Introduce dw_pcie_ep_cleanup() API for drivers supporting PERST#")
Link: https://lore.kernel.org/r/20240817-pci-qcom-ep-cleanup-v1-2-d6b958226559@linaro.org
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Signed-off-by: Krzysztof Wilczyński <kwilczynski@kernel.org>
Cc: Jonathan Hunter <jonathanh@nvidia.com>
Cc: Thierry Reding <thierry.reding@gmail.com>
Cc: Vidya Sagar <vidyas@nvidia.com>
Cc: linux-tegra@vger.kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/controller/dwc/pcie-tegra194.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/drivers/pci/controller/dwc/pcie-tegra194.c b/drivers/pci/controller/dwc/pcie-tegra194.c
index 4bf7b433417a3..d68dd18ed43cb 100644
--- a/drivers/pci/controller/dwc/pcie-tegra194.c
+++ b/drivers/pci/controller/dwc/pcie-tegra194.c
@@ -1709,9 +1709,6 @@ static void pex_ep_event_pex_rst_assert(struct tegra_pcie_dw *pcie)
if (ret)
dev_err(pcie->dev, "Failed to go Detect state: %d\n", ret);
- pci_epc_deinit_notify(pcie->pci.ep.epc);
- dw_pcie_ep_cleanup(&pcie->pci.ep);
-
reset_control_assert(pcie->core_rst);
tegra_pcie_disable_phy(pcie);
@@ -1790,6 +1787,10 @@ static void pex_ep_event_pex_rst_deassert(struct tegra_pcie_dw *pcie)
goto fail_phy;
}
+ /* Perform cleanup that requires refclk */
+ pci_epc_deinit_notify(pcie->pci.ep.epc);
+ dw_pcie_ep_cleanup(&pcie->pci.ep);
+
/* Clear any stale interrupt statuses */
appl_writel(pcie, 0xFFFFFFFF, APPL_INTR_STATUS_L0);
appl_writel(pcie, 0xFFFFFFFF, APPL_INTR_STATUS_L1_0_0);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 515/817] PCI: cadence: Extract link setup sequence from cdns_pcie_host_setup()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (513 preceding siblings ...)
2024-12-03 14:41 ` [PATCH 6.11 514/817] PCI: tegra194: Move controller cleanups to pex_ep_event_pex_rst_deassert() Greg Kroah-Hartman
@ 2024-12-03 14:41 ` Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 516/817] PCI: cadence: Set cdns_pcie_host_init() global Greg Kroah-Hartman
` (311 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Thomas Richard,
Krzysztof Wilczyński, Siddharth Vadapalli, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thomas Richard <thomas.richard@bootlin.com>
[ Upstream commit d1b6f2e2ce4d8b17d9f3558c98a1517b864bfd03 ]
The function cdns_pcie_host_setup() mixes probe structure and link setup.
The link setup must be done during the resume sequence. So extract it from
cdns_pcie_host_setup() and create a dedicated function.
Link: https://lore.kernel.org/linux-pci/20240102-j7200-pcie-s2r-v7-1-a2f9156da6c3@bootlin.com
Signed-off-by: Thomas Richard <thomas.richard@bootlin.com>
Signed-off-by: Krzysztof Wilczyński <kwilczynski@kernel.org>
Reviewed-by: Siddharth Vadapalli <s-vadapalli@ti.com>
Stable-dep-of: 22a9120479a4 ("PCI: j721e: Deassert PERST# after a delay of PCIE_T_PVPERL_MS milliseconds")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../controller/cadence/pcie-cadence-host.c | 39 ++++++++++++-------
drivers/pci/controller/cadence/pcie-cadence.h | 6 +++
2 files changed, 32 insertions(+), 13 deletions(-)
diff --git a/drivers/pci/controller/cadence/pcie-cadence-host.c b/drivers/pci/controller/cadence/pcie-cadence-host.c
index 5b14f7ee3c798..93d9922730af5 100644
--- a/drivers/pci/controller/cadence/pcie-cadence-host.c
+++ b/drivers/pci/controller/cadence/pcie-cadence-host.c
@@ -497,6 +497,30 @@ static int cdns_pcie_host_init(struct device *dev,
return cdns_pcie_host_init_address_translation(rc);
}
+int cdns_pcie_host_link_setup(struct cdns_pcie_rc *rc)
+{
+ struct cdns_pcie *pcie = &rc->pcie;
+ struct device *dev = rc->pcie.dev;
+ int ret;
+
+ if (rc->quirk_detect_quiet_flag)
+ cdns_pcie_detect_quiet_min_delay_set(&rc->pcie);
+
+ cdns_pcie_host_enable_ptm_response(pcie);
+
+ ret = cdns_pcie_start_link(pcie);
+ if (ret) {
+ dev_err(dev, "Failed to start link\n");
+ return ret;
+ }
+
+ ret = cdns_pcie_host_start_link(rc);
+ if (ret)
+ dev_dbg(dev, "PCIe link never came up\n");
+
+ return 0;
+}
+
int cdns_pcie_host_setup(struct cdns_pcie_rc *rc)
{
struct device *dev = rc->pcie.dev;
@@ -533,20 +557,9 @@ int cdns_pcie_host_setup(struct cdns_pcie_rc *rc)
return PTR_ERR(rc->cfg_base);
rc->cfg_res = res;
- if (rc->quirk_detect_quiet_flag)
- cdns_pcie_detect_quiet_min_delay_set(&rc->pcie);
-
- cdns_pcie_host_enable_ptm_response(pcie);
-
- ret = cdns_pcie_start_link(pcie);
- if (ret) {
- dev_err(dev, "Failed to start link\n");
- return ret;
- }
-
- ret = cdns_pcie_host_start_link(rc);
+ ret = cdns_pcie_host_link_setup(rc);
if (ret)
- dev_dbg(dev, "PCIe link never came up\n");
+ return ret;
for (bar = RP_BAR0; bar <= RP_NO_BAR; bar++)
rc->avail_ib_bar[bar] = true;
diff --git a/drivers/pci/controller/cadence/pcie-cadence.h b/drivers/pci/controller/cadence/pcie-cadence.h
index 7a66a2f815dce..1d37d5f9f811c 100644
--- a/drivers/pci/controller/cadence/pcie-cadence.h
+++ b/drivers/pci/controller/cadence/pcie-cadence.h
@@ -521,10 +521,16 @@ static inline bool cdns_pcie_link_up(struct cdns_pcie *pcie)
}
#ifdef CONFIG_PCIE_CADENCE_HOST
+int cdns_pcie_host_link_setup(struct cdns_pcie_rc *rc);
int cdns_pcie_host_setup(struct cdns_pcie_rc *rc);
void __iomem *cdns_pci_map_bus(struct pci_bus *bus, unsigned int devfn,
int where);
#else
+static inline int cdns_pcie_host_link_setup(struct cdns_pcie_rc *rc)
+{
+ return 0;
+}
+
static inline int cdns_pcie_host_setup(struct cdns_pcie_rc *rc)
{
return 0;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 516/817] PCI: cadence: Set cdns_pcie_host_init() global
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (514 preceding siblings ...)
2024-12-03 14:41 ` [PATCH 6.11 515/817] PCI: cadence: Extract link setup sequence from cdns_pcie_host_setup() Greg Kroah-Hartman
@ 2024-12-03 14:41 ` Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 517/817] PCI: j721e: Add reset GPIO to struct j721e_pcie Greg Kroah-Hartman
` (310 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Thomas Richard,
Krzysztof Wilczyński, Siddharth Vadapalli, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thomas Richard <thomas.richard@bootlin.com>
[ Upstream commit 063c938928dc80c2bfd66f34df48344db22e009b ]
During the resume sequence of the host, cdns_pcie_host_init() needs to be
called, so set it global.
The dev function parameter is removed, as it isn't used.
Link: https://lore.kernel.org/linux-pci/20240102-j7200-pcie-s2r-v7-2-a2f9156da6c3@bootlin.com
Signed-off-by: Thomas Richard <thomas.richard@bootlin.com>
Signed-off-by: Krzysztof Wilczyński <kwilczynski@kernel.org>
Reviewed-by: Siddharth Vadapalli <s-vadapalli@ti.com>
Stable-dep-of: 22a9120479a4 ("PCI: j721e: Deassert PERST# after a delay of PCIE_T_PVPERL_MS milliseconds")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/controller/cadence/pcie-cadence-host.c | 5 ++---
drivers/pci/controller/cadence/pcie-cadence.h | 6 ++++++
2 files changed, 8 insertions(+), 3 deletions(-)
diff --git a/drivers/pci/controller/cadence/pcie-cadence-host.c b/drivers/pci/controller/cadence/pcie-cadence-host.c
index 93d9922730af5..8af95e9da7cec 100644
--- a/drivers/pci/controller/cadence/pcie-cadence-host.c
+++ b/drivers/pci/controller/cadence/pcie-cadence-host.c
@@ -485,8 +485,7 @@ static int cdns_pcie_host_init_address_translation(struct cdns_pcie_rc *rc)
return cdns_pcie_host_map_dma_ranges(rc);
}
-static int cdns_pcie_host_init(struct device *dev,
- struct cdns_pcie_rc *rc)
+int cdns_pcie_host_init(struct cdns_pcie_rc *rc)
{
int err;
@@ -564,7 +563,7 @@ int cdns_pcie_host_setup(struct cdns_pcie_rc *rc)
for (bar = RP_BAR0; bar <= RP_NO_BAR; bar++)
rc->avail_ib_bar[bar] = true;
- ret = cdns_pcie_host_init(dev, rc);
+ ret = cdns_pcie_host_init(rc);
if (ret)
return ret;
diff --git a/drivers/pci/controller/cadence/pcie-cadence.h b/drivers/pci/controller/cadence/pcie-cadence.h
index 1d37d5f9f811c..bb215aeebf20a 100644
--- a/drivers/pci/controller/cadence/pcie-cadence.h
+++ b/drivers/pci/controller/cadence/pcie-cadence.h
@@ -522,6 +522,7 @@ static inline bool cdns_pcie_link_up(struct cdns_pcie *pcie)
#ifdef CONFIG_PCIE_CADENCE_HOST
int cdns_pcie_host_link_setup(struct cdns_pcie_rc *rc);
+int cdns_pcie_host_init(struct cdns_pcie_rc *rc);
int cdns_pcie_host_setup(struct cdns_pcie_rc *rc);
void __iomem *cdns_pci_map_bus(struct pci_bus *bus, unsigned int devfn,
int where);
@@ -531,6 +532,11 @@ static inline int cdns_pcie_host_link_setup(struct cdns_pcie_rc *rc)
return 0;
}
+static inline int cdns_pcie_host_init(struct cdns_pcie_rc *rc)
+{
+ return 0;
+}
+
static inline int cdns_pcie_host_setup(struct cdns_pcie_rc *rc)
{
return 0;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 517/817] PCI: j721e: Add reset GPIO to struct j721e_pcie
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (515 preceding siblings ...)
2024-12-03 14:41 ` [PATCH 6.11 516/817] PCI: cadence: Set cdns_pcie_host_init() global Greg Kroah-Hartman
@ 2024-12-03 14:41 ` Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 518/817] PCI: j721e: Use T_PERST_CLK_US macro Greg Kroah-Hartman
` (309 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Théo Lebrun, Thomas Richard,
Krzysztof Wilczyński, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Théo Lebrun <theo.lebrun@bootlin.com>
[ Upstream commit b8600b8791cb2b7c8be894846b1ecddba7291680 ]
Add reset GPIO to struct j721e_pcie, so it can be used at suspend and
resume stages.
Link: https://lore.kernel.org/linux-pci/20240102-j7200-pcie-s2r-v7-4-a2f9156da6c3@bootlin.com
Signed-off-by: Théo Lebrun <theo.lebrun@bootlin.com>
Signed-off-by: Thomas Richard <thomas.richard@bootlin.com>
Signed-off-by: Krzysztof Wilczyński <kwilczynski@kernel.org>
Stable-dep-of: 22a9120479a4 ("PCI: j721e: Deassert PERST# after a delay of PCIE_T_PVPERL_MS milliseconds")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/controller/cadence/pci-j721e.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/pci/controller/cadence/pci-j721e.c b/drivers/pci/controller/cadence/pci-j721e.c
index 85718246016b7..d676a4ed57803 100644
--- a/drivers/pci/controller/cadence/pci-j721e.c
+++ b/drivers/pci/controller/cadence/pci-j721e.c
@@ -52,6 +52,7 @@ struct j721e_pcie {
u32 mode;
u32 num_lanes;
u32 max_lanes;
+ struct gpio_desc *reset_gpio;
void __iomem *user_cfg_base;
void __iomem *intd_cfg_base;
u32 linkdown_irq_regfield;
@@ -510,6 +511,7 @@ static int j721e_pcie_probe(struct platform_device *pdev)
dev_err(dev, "Failed to get reset GPIO\n");
goto err_get_sync;
}
+ pcie->reset_gpio = gpiod;
ret = cdns_pcie_init_phy(dev, cdns_pcie);
if (ret) {
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 518/817] PCI: j721e: Use T_PERST_CLK_US macro
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (516 preceding siblings ...)
2024-12-03 14:41 ` [PATCH 6.11 517/817] PCI: j721e: Add reset GPIO to struct j721e_pcie Greg Kroah-Hartman
@ 2024-12-03 14:41 ` Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 519/817] PCI: j721e: Add suspend and resume support Greg Kroah-Hartman
` (308 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Thomas Richard,
Krzysztof Wilczyński, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thomas Richard <thomas.richard@bootlin.com>
[ Upstream commit f96b6971373382855bc964f1c067bd6dc41cf0ab ]
Use the T_PERST_CLK_US macro, and the fsleep() function instead of
usleep_range().
Link: https://lore.kernel.org/linux-pci/20240102-j7200-pcie-s2r-v7-6-a2f9156da6c3@bootlin.com
Signed-off-by: Thomas Richard <thomas.richard@bootlin.com>
Signed-off-by: Krzysztof Wilczyński <kwilczynski@kernel.org>
Stable-dep-of: 22a9120479a4 ("PCI: j721e: Deassert PERST# after a delay of PCIE_T_PVPERL_MS milliseconds")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/controller/cadence/pci-j721e.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/pci/controller/cadence/pci-j721e.c b/drivers/pci/controller/cadence/pci-j721e.c
index d676a4ed57803..963b66b6a6832 100644
--- a/drivers/pci/controller/cadence/pci-j721e.c
+++ b/drivers/pci/controller/cadence/pci-j721e.c
@@ -542,7 +542,7 @@ static int j721e_pcie_probe(struct platform_device *pdev)
* after 100 us.
*/
if (gpiod) {
- usleep_range(100, 200);
+ fsleep(PCIE_T_PERST_CLK_US);
gpiod_set_value_cansleep(gpiod, 1);
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 519/817] PCI: j721e: Add suspend and resume support
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (517 preceding siblings ...)
2024-12-03 14:41 ` [PATCH 6.11 518/817] PCI: j721e: Use T_PERST_CLK_US macro Greg Kroah-Hartman
@ 2024-12-03 14:41 ` Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 520/817] PCI: j721e: Deassert PERST# after a delay of PCIE_T_PVPERL_MS milliseconds Greg Kroah-Hartman
` (307 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Théo Lebrun, Thomas Richard,
Krzysztof Wilczyński, Siddharth Vadapalli, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Théo Lebrun <theo.lebrun@bootlin.com>
[ Upstream commit c538d40f365b5b6d7433d371710f58e8b266fb19 ]
Add suspend and resume support. Only the Root Complex mode is supported.
During the suspend stage PERST# is asserted, then deasserted during the
resume stage.
Link: https://lore.kernel.org/linux-pci/20240102-j7200-pcie-s2r-v7-7-a2f9156da6c3@bootlin.com
Signed-off-by: Théo Lebrun <theo.lebrun@bootlin.com>
Signed-off-by: Thomas Richard <thomas.richard@bootlin.com>
[kwilczynski: commit log, update references to the PCI SIG specification]
Signed-off-by: Krzysztof Wilczyński <kwilczynski@kernel.org>
Reviewed-by: Siddharth Vadapalli <s-vadapalli@ti.com>
Stable-dep-of: 22a9120479a4 ("PCI: j721e: Deassert PERST# after a delay of PCIE_T_PVPERL_MS milliseconds")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/controller/cadence/pci-j721e.c | 98 ++++++++++++++++++++--
1 file changed, 92 insertions(+), 6 deletions(-)
diff --git a/drivers/pci/controller/cadence/pci-j721e.c b/drivers/pci/controller/cadence/pci-j721e.c
index 963b66b6a6832..d37e43dbc30b8 100644
--- a/drivers/pci/controller/cadence/pci-j721e.c
+++ b/drivers/pci/controller/cadence/pci-j721e.c
@@ -7,6 +7,8 @@
*/
#include <linux/clk.h>
+#include <linux/clk-provider.h>
+#include <linux/container_of.h>
#include <linux/delay.h>
#include <linux/gpio/consumer.h>
#include <linux/io.h>
@@ -22,6 +24,8 @@
#include "../../pci.h"
#include "pcie-cadence.h"
+#define cdns_pcie_to_rc(p) container_of(p, struct cdns_pcie_rc, pcie)
+
#define ENABLE_REG_SYS_2 0x108
#define STATUS_REG_SYS_2 0x508
#define STATUS_CLR_REG_SYS_2 0x708
@@ -534,12 +538,12 @@ static int j721e_pcie_probe(struct platform_device *pdev)
pcie->refclk = clk;
/*
- * "Power Sequencing and Reset Signal Timings" table in
- * PCI EXPRESS CARD ELECTROMECHANICAL SPECIFICATION, REV. 3.0
- * indicates PERST# should be deasserted after minimum of 100us
- * once REFCLK is stable. The REFCLK to the connector in RC
- * mode is selected while enabling the PHY. So deassert PERST#
- * after 100 us.
+ * The "Power Sequencing and Reset Signal Timings" table of the
+ * PCI Express Card Electromechanical Specification, Revision
+ * 5.1, Section 2.9.2, Symbol "T_PERST-CLK", indicates PERST#
+ * should be deasserted after minimum of 100us once REFCLK is
+ * stable. The REFCLK to the connector in RC mode is selected
+ * while enabling the PHY. So deassert PERST# after 100 us.
*/
if (gpiod) {
fsleep(PCIE_T_PERST_CLK_US);
@@ -591,6 +595,87 @@ static void j721e_pcie_remove(struct platform_device *pdev)
pm_runtime_disable(dev);
}
+static int j721e_pcie_suspend_noirq(struct device *dev)
+{
+ struct j721e_pcie *pcie = dev_get_drvdata(dev);
+
+ if (pcie->mode == PCI_MODE_RC) {
+ gpiod_set_value_cansleep(pcie->reset_gpio, 0);
+ clk_disable_unprepare(pcie->refclk);
+ }
+
+ cdns_pcie_disable_phy(pcie->cdns_pcie);
+
+ return 0;
+}
+
+static int j721e_pcie_resume_noirq(struct device *dev)
+{
+ struct j721e_pcie *pcie = dev_get_drvdata(dev);
+ struct cdns_pcie *cdns_pcie = pcie->cdns_pcie;
+ int ret;
+
+ ret = j721e_pcie_ctrl_init(pcie);
+ if (ret < 0)
+ return ret;
+
+ j721e_pcie_config_link_irq(pcie);
+
+ /*
+ * This is not called explicitly in the probe, it is called by
+ * cdns_pcie_init_phy().
+ */
+ ret = cdns_pcie_enable_phy(pcie->cdns_pcie);
+ if (ret < 0)
+ return ret;
+
+ if (pcie->mode == PCI_MODE_RC) {
+ struct cdns_pcie_rc *rc = cdns_pcie_to_rc(cdns_pcie);
+
+ ret = clk_prepare_enable(pcie->refclk);
+ if (ret < 0)
+ return ret;
+
+ /*
+ * The "Power Sequencing and Reset Signal Timings" table of the
+ * PCI Express Card Electromechanical Specification, Revision
+ * 5.1, Section 2.9.2, Symbol "T_PERST-CLK", indicates PERST#
+ * should be deasserted after minimum of 100us once REFCLK is
+ * stable. The REFCLK to the connector in RC mode is selected
+ * while enabling the PHY. So deassert PERST# after 100 us.
+ */
+ if (pcie->reset_gpio) {
+ fsleep(PCIE_T_PERST_CLK_US);
+ gpiod_set_value_cansleep(pcie->reset_gpio, 1);
+ }
+
+ ret = cdns_pcie_host_link_setup(rc);
+ if (ret < 0) {
+ clk_disable_unprepare(pcie->refclk);
+ return ret;
+ }
+
+ /*
+ * Reset internal status of BARs to force reinitialization in
+ * cdns_pcie_host_init().
+ */
+ for (enum cdns_pcie_rp_bar bar = RP_BAR0; bar <= RP_NO_BAR; bar++)
+ rc->avail_ib_bar[bar] = true;
+
+ ret = cdns_pcie_host_init(rc);
+ if (ret) {
+ clk_disable_unprepare(pcie->refclk);
+ return ret;
+ }
+ }
+
+ return 0;
+}
+
+static DEFINE_NOIRQ_DEV_PM_OPS(j721e_pcie_pm_ops,
+ j721e_pcie_suspend_noirq,
+ j721e_pcie_resume_noirq);
+
static struct platform_driver j721e_pcie_driver = {
.probe = j721e_pcie_probe,
.remove_new = j721e_pcie_remove,
@@ -598,6 +683,7 @@ static struct platform_driver j721e_pcie_driver = {
.name = "j721e-pcie",
.of_match_table = of_j721e_pcie_match,
.suppress_bind_attrs = true,
+ .pm = pm_sleep_ptr(&j721e_pcie_pm_ops),
},
};
builtin_platform_driver(j721e_pcie_driver);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 520/817] PCI: j721e: Deassert PERST# after a delay of PCIE_T_PVPERL_MS milliseconds
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (518 preceding siblings ...)
2024-12-03 14:41 ` [PATCH 6.11 519/817] PCI: j721e: Add suspend and resume support Greg Kroah-Hartman
@ 2024-12-03 14:41 ` Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 521/817] perf build: Add missing cflags when building with custom libtraceevent Greg Kroah-Hartman
` (306 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Siddharth Vadapalli,
Krzysztof Wilczyński, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Siddharth Vadapalli <s-vadapalli@ti.com>
[ Upstream commit 22a9120479a40a56c13c5e473a0100fad2e017c0 ]
According to Section 2.2 of the PCI Express Card Electromechanical
Specification (Revision 5.1), in order to ensure that the power and the
reference clock are stable, PERST# has to be deasserted after a delay of
100 milliseconds (TPVPERL).
Currently, it is being assumed that the power is already stable, which
is not necessarily true.
Hence, change the delay to PCIE_T_PVPERL_MS to guarantee that power and
reference clock are stable.
Fixes: f3e25911a430 ("PCI: j721e: Add TI J721E PCIe driver")
Fixes: f96b69713733 ("PCI: j721e: Use T_PERST_CLK_US macro")
Link: https://lore.kernel.org/r/20241104074420.1862932-1-s-vadapalli@ti.com
Signed-off-by: Siddharth Vadapalli <s-vadapalli@ti.com>
Signed-off-by: Krzysztof Wilczyński <kwilczynski@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/controller/cadence/pci-j721e.c | 26 ++++++++++------------
1 file changed, 12 insertions(+), 14 deletions(-)
diff --git a/drivers/pci/controller/cadence/pci-j721e.c b/drivers/pci/controller/cadence/pci-j721e.c
index d37e43dbc30b8..9a0e760e4b523 100644
--- a/drivers/pci/controller/cadence/pci-j721e.c
+++ b/drivers/pci/controller/cadence/pci-j721e.c
@@ -538,15 +538,14 @@ static int j721e_pcie_probe(struct platform_device *pdev)
pcie->refclk = clk;
/*
- * The "Power Sequencing and Reset Signal Timings" table of the
- * PCI Express Card Electromechanical Specification, Revision
- * 5.1, Section 2.9.2, Symbol "T_PERST-CLK", indicates PERST#
- * should be deasserted after minimum of 100us once REFCLK is
- * stable. The REFCLK to the connector in RC mode is selected
- * while enabling the PHY. So deassert PERST# after 100 us.
+ * Section 2.2 of the PCI Express Card Electromechanical
+ * Specification (Revision 5.1) mandates that the deassertion
+ * of the PERST# signal should be delayed by 100 ms (TPVPERL).
+ * This shall ensure that the power and the reference clock
+ * are stable.
*/
if (gpiod) {
- fsleep(PCIE_T_PERST_CLK_US);
+ msleep(PCIE_T_PVPERL_MS);
gpiod_set_value_cansleep(gpiod, 1);
}
@@ -637,15 +636,14 @@ static int j721e_pcie_resume_noirq(struct device *dev)
return ret;
/*
- * The "Power Sequencing and Reset Signal Timings" table of the
- * PCI Express Card Electromechanical Specification, Revision
- * 5.1, Section 2.9.2, Symbol "T_PERST-CLK", indicates PERST#
- * should be deasserted after minimum of 100us once REFCLK is
- * stable. The REFCLK to the connector in RC mode is selected
- * while enabling the PHY. So deassert PERST# after 100 us.
+ * Section 2.2 of the PCI Express Card Electromechanical
+ * Specification (Revision 5.1) mandates that the deassertion
+ * of the PERST# signal should be delayed by 100 ms (TPVPERL).
+ * This shall ensure that the power and the reference clock
+ * are stable.
*/
if (pcie->reset_gpio) {
- fsleep(PCIE_T_PERST_CLK_US);
+ msleep(PCIE_T_PVPERL_MS);
gpiod_set_value_cansleep(pcie->reset_gpio, 1);
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 521/817] perf build: Add missing cflags when building with custom libtraceevent
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (519 preceding siblings ...)
2024-12-03 14:41 ` [PATCH 6.11 520/817] PCI: j721e: Deassert PERST# after a delay of PCIE_T_PVPERL_MS milliseconds Greg Kroah-Hartman
@ 2024-12-03 14:41 ` Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 522/817] f2fs: fix race in concurrent f2fs_stop_gc_thread Greg Kroah-Hartman
` (305 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yicong Yang, Leo Yan,
Guilherme Amadio, linuxarm, Namhyung Kim, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yicong Yang <yangyicong@hisilicon.com>
[ Upstream commit d5a0a4ab4af4c27de097b78d6f1b7e7f7e31908f ]
When building with custom libtraceevent, below errors occur:
$ make -C tools/perf NO_LIBPYTHON=1 PKG_CONFIG_PATH=<custom libtraceevent>
In file included from util/session.h:5,
from builtin-buildid-list.c:17:
util/trace-event.h:153:10: fatal error: traceevent/event-parse.h: No such file or directory
153 | #include <traceevent/event-parse.h>
| ^~~~~~~~~~~~~~~~~~~~~~~~~~
<snip similar errors of missing headers>
This is because the include path is missed in the cflags. Add it.
Fixes: 0f0e1f445690 ("perf build: Use pkg-config for feature check for libtrace{event,fs}")
Signed-off-by: Yicong Yang <yangyicong@hisilicon.com>
Reviewed-by: Leo Yan <leo.yan@arm.com>
Reviewed-by: Guilherme Amadio <amadio@gentoo.org>
Cc: linuxarm@huawei.com
Link: https://lore.kernel.org/r/20241024133236.31016-1-yangyicong@huawei.com
Signed-off-by: Namhyung Kim <namhyung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/perf/Makefile.config | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/perf/Makefile.config b/tools/perf/Makefile.config
index 9fccdff682af7..0ee690498d311 100644
--- a/tools/perf/Makefile.config
+++ b/tools/perf/Makefile.config
@@ -1197,7 +1197,7 @@ endif
ifneq ($(NO_LIBTRACEEVENT),1)
$(call feature_check,libtraceevent)
ifeq ($(feature-libtraceevent), 1)
- CFLAGS += -DHAVE_LIBTRACEEVENT
+ CFLAGS += -DHAVE_LIBTRACEEVENT $(shell $(PKG_CONFIG) --cflags libtraceevent)
LDFLAGS += $(shell $(PKG_CONFIG) --libs-only-L libtraceevent)
EXTLIBS += $(shell $(PKG_CONFIG) --libs-only-l libtraceevent)
LIBTRACEEVENT_VERSION := $(shell $(PKG_CONFIG) --modversion libtraceevent).0.0
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 522/817] f2fs: fix race in concurrent f2fs_stop_gc_thread
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (520 preceding siblings ...)
2024-12-03 14:41 ` [PATCH 6.11 521/817] perf build: Add missing cflags when building with custom libtraceevent Greg Kroah-Hartman
@ 2024-12-03 14:41 ` Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 523/817] f2fs: fix to map blocks correctly for direct write Greg Kroah-Hartman
` (304 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Long Li, Chao Yu, Jaegeuk Kim,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Long Li <leo.lilong@huawei.com>
[ Upstream commit 7b0033dbc48340a1c1c3f12448ba17d6587ca092 ]
In my test case, concurrent calls to f2fs shutdown report the following
stack trace:
Oops: general protection fault, probably for non-canonical address 0xc6cfff63bb5513fc: 0000 [#1] PREEMPT SMP PTI
CPU: 0 UID: 0 PID: 678 Comm: f2fs_rep_shutdo Not tainted 6.12.0-rc5-next-20241029-g6fb2fa9805c5-dirty #85
Call Trace:
<TASK>
? show_regs+0x8b/0xa0
? __die_body+0x26/0xa0
? die_addr+0x54/0x90
? exc_general_protection+0x24b/0x5c0
? asm_exc_general_protection+0x26/0x30
? kthread_stop+0x46/0x390
f2fs_stop_gc_thread+0x6c/0x110
f2fs_do_shutdown+0x309/0x3a0
f2fs_ioc_shutdown+0x150/0x1c0
__f2fs_ioctl+0xffd/0x2ac0
f2fs_ioctl+0x76/0xe0
vfs_ioctl+0x23/0x60
__x64_sys_ioctl+0xce/0xf0
x64_sys_call+0x2b1b/0x4540
do_syscall_64+0xa7/0x240
entry_SYSCALL_64_after_hwframe+0x76/0x7e
The root cause is a race condition in f2fs_stop_gc_thread() called from
different f2fs shutdown paths:
[CPU0] [CPU1]
---------------------- -----------------------
f2fs_stop_gc_thread f2fs_stop_gc_thread
gc_th = sbi->gc_thread
gc_th = sbi->gc_thread
kfree(gc_th)
sbi->gc_thread = NULL
< gc_th != NULL >
kthread_stop(gc_th->f2fs_gc_task) //UAF
The commit c7f114d864ac ("f2fs: fix to avoid use-after-free in
f2fs_stop_gc_thread()") attempted to fix this issue by using a read
semaphore to prevent races between shutdown and remount threads, but
it fails to prevent all race conditions.
Fix it by converting to write lock of s_umount in f2fs_do_shutdown().
Fixes: 7950e9ac638e ("f2fs: stop gc/discard thread after fs shutdown")
Signed-off-by: Long Li <leo.lilong@huawei.com>
Reviewed-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/f2fs/file.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c
index 38d11635261ee..611c0aac721a3 100644
--- a/fs/f2fs/file.c
+++ b/fs/f2fs/file.c
@@ -2349,9 +2349,12 @@ int f2fs_do_shutdown(struct f2fs_sb_info *sbi, unsigned int flag,
if (readonly)
goto out;
- /* grab sb->s_umount to avoid racing w/ remount() */
+ /*
+ * grab sb->s_umount to avoid racing w/ remount() and other shutdown
+ * paths.
+ */
if (need_lock)
- down_read(&sbi->sb->s_umount);
+ down_write(&sbi->sb->s_umount);
f2fs_stop_gc_thread(sbi);
f2fs_stop_discard_thread(sbi);
@@ -2360,7 +2363,7 @@ int f2fs_do_shutdown(struct f2fs_sb_info *sbi, unsigned int flag,
clear_opt(sbi, DISCARD);
if (need_lock)
- up_read(&sbi->sb->s_umount);
+ up_write(&sbi->sb->s_umount);
f2fs_update_time(sbi, REQ_TIME);
out:
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 523/817] f2fs: fix to map blocks correctly for direct write
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (521 preceding siblings ...)
2024-12-03 14:41 ` [PATCH 6.11 522/817] f2fs: fix race in concurrent f2fs_stop_gc_thread Greg Kroah-Hartman
@ 2024-12-03 14:41 ` Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 524/817] f2fs: fix to avoid forcing direct write to use buffered IO on inline_data inode Greg Kroah-Hartman
` (303 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, kernel test robot, Cyril Hrubis,
Chao Yu, Jaegeuk Kim, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chao Yu <chao@kernel.org>
[ Upstream commit 5dd00ebda337b9295e7027691fa70540da369ff2 ]
f2fs_map_blocks() supports to map continuous holes or preallocated
address, we should avoid setting F2FS_MAP_MAPPED for these cases
only, otherwise, it may fail f2fs_iomap_begin(), and make direct
write fallbacking to use buffered IO and flush, result in performance
regression.
Fixes: 9f0f6bf42714 ("f2fs: support to map continuous holes or preallocated address")
Reported-by: kernel test robot <oliver.sang@intel.com>
Closes: https://lore.kernel.org/oe-lkp/202409122103.e45aa13b-oliver.sang@intel.com
Cc: Cyril Hrubis <chrubis@suse.cz>
Signed-off-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/f2fs/data.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/fs/f2fs/data.c b/fs/f2fs/data.c
index 60a5aaefc5b63..1f2f397febcfa 100644
--- a/fs/f2fs/data.c
+++ b/fs/f2fs/data.c
@@ -1677,7 +1677,8 @@ int f2fs_map_blocks(struct inode *inode, struct f2fs_map_blocks *map, int flag)
/* reserved delalloc block should be mapped for fiemap. */
if (blkaddr == NEW_ADDR)
map->m_flags |= F2FS_MAP_DELALLOC;
- if (flag != F2FS_GET_BLOCK_DIO || !is_hole)
+ /* DIO READ and hole case, should not map the blocks. */
+ if (!(flag == F2FS_GET_BLOCK_DIO && is_hole && !map->m_may_create))
map->m_flags |= F2FS_MAP_MAPPED;
map->m_pblk = blkaddr;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 524/817] f2fs: fix to avoid forcing direct write to use buffered IO on inline_data inode
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (522 preceding siblings ...)
2024-12-03 14:41 ` [PATCH 6.11 523/817] f2fs: fix to map blocks correctly for direct write Greg Kroah-Hartman
@ 2024-12-03 14:41 ` Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 525/817] perf trace: avoid garbage when not printing a trace events arguments Greg Kroah-Hartman
` (302 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jinsu Lee, Chao Yu, Jaegeuk Kim,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chao Yu <chao@kernel.org>
[ Upstream commit 26e6f59d0bbaac76fa3413462d780bd2b5f9f653 ]
Jinsu Lee reported a performance regression issue, after commit
5c8764f8679e ("f2fs: fix to force buffered IO on inline_data
inode"), we forced direct write to use buffered IO on inline_data
inode, it will cause performace regression due to memory copy
and data flush.
It's fine to not force direct write to use buffered IO, as it
can convert inline inode before committing direct write IO.
Fixes: 5c8764f8679e ("f2fs: fix to force buffered IO on inline_data inode")
Reported-by: Jinsu Lee <jinsu1.lee@samsung.com>
Closes: https://lore.kernel.org/linux-f2fs-devel/af03dd2c-e361-4f80-b2fd-39440766cf6e@kernel.org
Signed-off-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/f2fs/file.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c
index 611c0aac721a3..b4047d8092890 100644
--- a/fs/f2fs/file.c
+++ b/fs/f2fs/file.c
@@ -868,7 +868,11 @@ static bool f2fs_force_buffered_io(struct inode *inode, int rw)
return true;
if (f2fs_compressed_file(inode))
return true;
- if (f2fs_has_inline_data(inode))
+ /*
+ * only force direct read to use buffered IO, for direct write,
+ * it expects inline data conversion before committing IO.
+ */
+ if (f2fs_has_inline_data(inode) && rw == READ)
return true;
/* disallow direct IO if any of devices has unaligned blksize */
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 525/817] perf trace: avoid garbage when not printing a trace events arguments
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (523 preceding siblings ...)
2024-12-03 14:41 ` [PATCH 6.11 524/817] f2fs: fix to avoid forcing direct write to use buffered IO on inline_data inode Greg Kroah-Hartman
@ 2024-12-03 14:41 ` Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 526/817] m68k: mcfgpio: Fix incorrect register offset for CONFIG_M5441x Greg Kroah-Hartman
` (301 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Benjamin Peterson, Howard Chu,
Arnaldo Carvalho de Melo, Namhyung Kim, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Benjamin Peterson <benjamin@engflow.com>
[ Upstream commit 5fb8e56542a3cf469fdf25d77f50e21cbff3ae7e ]
trace__fprintf_tp_fields may not print any tracepoint arguments. E.g., if the
argument values are all zero. Previously, this would result in a totally
uninitialized buffer being passed to fprintf, which could lead to garbage on the
console. Fix the problem by passing the number of initialized bytes fprintf.
Fixes: f11b2803bb88 ("perf trace: Allow choosing how to augment the tracepoint arguments")
Signed-off-by: Benjamin Peterson <benjamin@engflow.com>
Tested-by: Howard Chu <howardchu95@gmail.com>
Tested-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Link: https://lore.kernel.org/r/20241103204816.7834-1-benjamin@engflow.com
Signed-off-by: Namhyung Kim <namhyung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/perf/builtin-trace.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/perf/builtin-trace.c b/tools/perf/builtin-trace.c
index 19db23f78b199..5298118ffb15f 100644
--- a/tools/perf/builtin-trace.c
+++ b/tools/perf/builtin-trace.c
@@ -2802,7 +2802,7 @@ static size_t trace__fprintf_tp_fields(struct trace *trace, struct evsel *evsel,
printed += syscall_arg_fmt__scnprintf_val(arg, bf + printed, size - printed, &syscall_arg, val);
}
- return printed + fprintf(trace->output, "%s", bf);
+ return printed + fprintf(trace->output, "%.*s", (int)printed, bf);
}
static int trace__event_handler(struct trace *trace, struct evsel *evsel,
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 526/817] m68k: mcfgpio: Fix incorrect register offset for CONFIG_M5441x
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (524 preceding siblings ...)
2024-12-03 14:41 ` [PATCH 6.11 525/817] perf trace: avoid garbage when not printing a trace events arguments Greg Kroah-Hartman
@ 2024-12-03 14:41 ` Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 527/817] m68k: coldfire/device.c: only build FEC when HW macros are defined Greg Kroah-Hartman
` (300 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jean-Michel Hautbois, Greg Ungerer,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jean-Michel Hautbois <jeanmichel.hautbois@yoseli.org>
[ Upstream commit f212140962c93cd5da43283a18e31681540fc23d ]
Fix a typo in the CONFIG_M5441x preprocessor condition, where the GPIO
register offset was incorrectly set to 8 instead of 0. This prevented
proper GPIO configuration for m5441x targets.
Fixes: bea8bcb12da0 ("m68knommu: Add support for the Coldfire m5441x.")
Signed-off-by: Jean-Michel Hautbois <jeanmichel.hautbois@yoseli.org>
Signed-off-by: Greg Ungerer <gerg@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/m68k/include/asm/mcfgpio.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/m68k/include/asm/mcfgpio.h b/arch/m68k/include/asm/mcfgpio.h
index 019f244395464..9c91ecdafc453 100644
--- a/arch/m68k/include/asm/mcfgpio.h
+++ b/arch/m68k/include/asm/mcfgpio.h
@@ -136,7 +136,7 @@ static inline void gpio_free(unsigned gpio)
* read-modify-write as well as those controlled by the EPORT and GPIO modules.
*/
#define MCFGPIO_SCR_START 40
-#elif defined(CONFIGM5441x)
+#elif defined(CONFIG_M5441x)
/* The m5441x EPORT doesn't have its own GPIO port, uses PORT C */
#define MCFGPIO_SCR_START 0
#else
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 527/817] m68k: coldfire/device.c: only build FEC when HW macros are defined
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (525 preceding siblings ...)
2024-12-03 14:41 ` [PATCH 6.11 526/817] m68k: mcfgpio: Fix incorrect register offset for CONFIG_M5441x Greg Kroah-Hartman
@ 2024-12-03 14:41 ` Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 528/817] svcrdma: Address an integer overflow Greg Kroah-Hartman
` (299 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:41 UTC (permalink / raw)
To: stable, Greg Ungerer, Geert Uytterhoeven
Cc: Greg Kroah-Hartman, patches, linux-m68k, linux-kernel,
Antonio Quartulli, Greg Ungerer, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Antonio Quartulli <antonio@mandelbit.com>
[ Upstream commit 63a24cf8cc330e5a68ebd2e20ae200096974c475 ]
When CONFIG_FEC is set (due to COMPILE_TEST) along with
CONFIG_M54xx, coldfire/device.c has compile errors due to
missing MCFEC_* and MCF_IRQ_FEC_* symbols.
Make the whole FEC blocks dependent on having the HW macros
defined, rather than on CONFIG_FEC itself.
This fix is very similar to commit e6e1e7b19fa1 ("m68k: coldfire/device.c: only build for MCF_EDMA when h/w macros are defined")
Fixes: b7ce7f0d0efc ("m68knommu: merge common ColdFire FEC platform setup code")
To: Greg Ungerer <gerg@linux-m68k.org>
To: Geert Uytterhoeven <geert@linux-m68k.org>
Cc: linux-m68k@lists.linux-m68k.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Antonio Quartulli <antonio@mandelbit.com>
Signed-off-by: Greg Ungerer <gerg@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/m68k/coldfire/device.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/arch/m68k/coldfire/device.c b/arch/m68k/coldfire/device.c
index 7dab46728aeda..b6958ec2a220c 100644
--- a/arch/m68k/coldfire/device.c
+++ b/arch/m68k/coldfire/device.c
@@ -93,7 +93,7 @@ static struct platform_device mcf_uart = {
.dev.platform_data = mcf_uart_platform_data,
};
-#if IS_ENABLED(CONFIG_FEC)
+#ifdef MCFFEC_BASE0
#ifdef CONFIG_M5441x
#define FEC_NAME "enet-fec"
@@ -145,6 +145,7 @@ static struct platform_device mcf_fec0 = {
.platform_data = FEC_PDATA,
}
};
+#endif /* MCFFEC_BASE0 */
#ifdef MCFFEC_BASE1
static struct resource mcf_fec1_resources[] = {
@@ -182,7 +183,6 @@ static struct platform_device mcf_fec1 = {
}
};
#endif /* MCFFEC_BASE1 */
-#endif /* CONFIG_FEC */
#if IS_ENABLED(CONFIG_SPI_COLDFIRE_QSPI)
/*
@@ -624,12 +624,12 @@ static struct platform_device mcf_flexcan0 = {
static struct platform_device *mcf_devices[] __initdata = {
&mcf_uart,
-#if IS_ENABLED(CONFIG_FEC)
+#ifdef MCFFEC_BASE0
&mcf_fec0,
+#endif
#ifdef MCFFEC_BASE1
&mcf_fec1,
#endif
-#endif
#if IS_ENABLED(CONFIG_SPI_COLDFIRE_QSPI)
&mcf_qspi,
#endif
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 528/817] svcrdma: Address an integer overflow
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (526 preceding siblings ...)
2024-12-03 14:41 ` [PATCH 6.11 527/817] m68k: coldfire/device.c: only build FEC when HW macros are defined Greg Kroah-Hartman
@ 2024-12-03 14:41 ` Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 529/817] nfsd: drop inode parameter from nfsd4_change_attribute() Greg Kroah-Hartman
` (298 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dan Carpenter, Jeff Layton,
Chuck Lever, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chuck Lever <chuck.lever@oracle.com>
[ Upstream commit 3c63d8946e578663b868cb9912dac616ea68bfd0 ]
Dan Carpenter reports:
> Commit 78147ca8b4a9 ("svcrdma: Add a "parsed chunk list" data
> structure") from Jun 22, 2020 (linux-next), leads to the following
> Smatch static checker warning:
>
> net/sunrpc/xprtrdma/svc_rdma_recvfrom.c:498 xdr_check_write_chunk()
> warn: potential user controlled sizeof overflow 'segcount * 4 * 4'
>
> net/sunrpc/xprtrdma/svc_rdma_recvfrom.c
> 488 static bool xdr_check_write_chunk(struct svc_rdma_recv_ctxt *rctxt)
> 489 {
> 490 u32 segcount;
> 491 __be32 *p;
> 492
> 493 if (xdr_stream_decode_u32(&rctxt->rc_stream, &segcount))
> ^^^^^^^^
>
> 494 return false;
> 495
> 496 /* A bogus segcount causes this buffer overflow check to fail. */
> 497 p = xdr_inline_decode(&rctxt->rc_stream,
> --> 498 segcount * rpcrdma_segment_maxsz * sizeof(*p));
>
>
> segcount is an untrusted u32. On 32bit systems anything >= SIZE_MAX / 16 will
> have an integer overflow and some those values will be accepted by
> xdr_inline_decode().
Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Fixes: 78147ca8b4a9 ("svcrdma: Add a "parsed chunk list" data structure")
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/sunrpc/xprtrdma/svc_rdma_recvfrom.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/net/sunrpc/xprtrdma/svc_rdma_recvfrom.c b/net/sunrpc/xprtrdma/svc_rdma_recvfrom.c
index d72953f292582..69d497a0ca204 100644
--- a/net/sunrpc/xprtrdma/svc_rdma_recvfrom.c
+++ b/net/sunrpc/xprtrdma/svc_rdma_recvfrom.c
@@ -493,7 +493,13 @@ static bool xdr_check_write_chunk(struct svc_rdma_recv_ctxt *rctxt)
if (xdr_stream_decode_u32(&rctxt->rc_stream, &segcount))
return false;
- /* A bogus segcount causes this buffer overflow check to fail. */
+ /* Before trusting the segcount value enough to use it in
+ * a computation, perform a simple range check. This is an
+ * arbitrary but sensible limit (ie, not architectural).
+ */
+ if (unlikely(segcount > RPCSVC_MAXPAGES))
+ return false;
+
p = xdr_inline_decode(&rctxt->rc_stream,
segcount * rpcrdma_segment_maxsz * sizeof(*p));
return p != NULL;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 529/817] nfsd: drop inode parameter from nfsd4_change_attribute()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (527 preceding siblings ...)
2024-12-03 14:41 ` [PATCH 6.11 528/817] svcrdma: Address an integer overflow Greg Kroah-Hartman
@ 2024-12-03 14:41 ` Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 530/817] perf list: Fix topic and pmu_name argument order Greg Kroah-Hartman
` (297 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:41 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Jeff Layton, Chuck Lever,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jeff Layton <jlayton@kernel.org>
[ Upstream commit f67eef8da0e8c54709fefdecd16ad8d70f0c9d20 ]
The inode that nfs4_open_delegation() passes to this function is
wrong, which throws off the result. The inode will end up getting a
directory-style change attr instead of a regular-file-style one.
Fix up nfs4_delegation_stat() to fetch STATX_MODE, and then drop the
inode parameter from nfsd4_change_attribute(), since it's no longer
needed.
Fixes: c5967721e106 ("NFSD: handle GETATTR conflict with write delegation")
Signed-off-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/nfsd/nfs4state.c | 5 ++---
fs/nfsd/nfs4xdr.c | 2 +-
fs/nfsd/nfsfh.c | 20 ++++++++++++--------
fs/nfsd/nfsfh.h | 3 +--
4 files changed, 16 insertions(+), 14 deletions(-)
diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
index d96d8cfd1ff86..e2903f4cc3ada 100644
--- a/fs/nfsd/nfs4state.c
+++ b/fs/nfsd/nfs4state.c
@@ -5955,7 +5955,7 @@ nfs4_delegation_stat(struct nfs4_delegation *dp, struct svc_fh *currentfh,
path.dentry = file_dentry(nf->nf_file);
rc = vfs_getattr(&path, stat,
- (STATX_SIZE | STATX_CTIME | STATX_CHANGE_COOKIE),
+ (STATX_MODE | STATX_SIZE | STATX_CTIME | STATX_CHANGE_COOKIE),
AT_STATX_SYNC_AS_STAT);
nfsd_file_put(nf);
@@ -6039,8 +6039,7 @@ nfs4_open_delegation(struct nfsd4_open *open, struct nfs4_ol_stateid *stp,
}
open->op_delegate_type = NFS4_OPEN_DELEGATE_WRITE;
dp->dl_cb_fattr.ncf_cur_fsize = stat.size;
- dp->dl_cb_fattr.ncf_initial_cinfo =
- nfsd4_change_attribute(&stat, d_inode(currentfh->fh_dentry));
+ dp->dl_cb_fattr.ncf_initial_cinfo = nfsd4_change_attribute(&stat);
trace_nfsd_deleg_write(&dp->dl_stid.sc_stateid);
} else {
open->op_delegate_type = NFS4_OPEN_DELEGATE_READ;
diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c
index ebbae04837ef0..6bf37124e389f 100644
--- a/fs/nfsd/nfs4xdr.c
+++ b/fs/nfsd/nfs4xdr.c
@@ -3040,7 +3040,7 @@ static __be32 nfsd4_encode_fattr4_change(struct xdr_stream *xdr,
return nfs_ok;
}
- c = nfsd4_change_attribute(&args->stat, d_inode(args->dentry));
+ c = nfsd4_change_attribute(&args->stat);
return nfsd4_encode_changeid4(xdr, c);
}
diff --git a/fs/nfsd/nfsfh.c b/fs/nfsd/nfsfh.c
index dd4e11a703aa6..85fd4d1b15620 100644
--- a/fs/nfsd/nfsfh.c
+++ b/fs/nfsd/nfsfh.c
@@ -618,20 +618,18 @@ fh_update(struct svc_fh *fhp)
__be32 __must_check fh_fill_pre_attrs(struct svc_fh *fhp)
{
bool v4 = (fhp->fh_maxsize == NFS4_FHSIZE);
- struct inode *inode;
struct kstat stat;
__be32 err;
if (fhp->fh_no_wcc || fhp->fh_pre_saved)
return nfs_ok;
- inode = d_inode(fhp->fh_dentry);
err = fh_getattr(fhp, &stat);
if (err)
return err;
if (v4)
- fhp->fh_pre_change = nfsd4_change_attribute(&stat, inode);
+ fhp->fh_pre_change = nfsd4_change_attribute(&stat);
fhp->fh_pre_mtime = stat.mtime;
fhp->fh_pre_ctime = stat.ctime;
@@ -648,7 +646,6 @@ __be32 __must_check fh_fill_pre_attrs(struct svc_fh *fhp)
__be32 fh_fill_post_attrs(struct svc_fh *fhp)
{
bool v4 = (fhp->fh_maxsize == NFS4_FHSIZE);
- struct inode *inode = d_inode(fhp->fh_dentry);
__be32 err;
if (fhp->fh_no_wcc)
@@ -664,7 +661,7 @@ __be32 fh_fill_post_attrs(struct svc_fh *fhp)
fhp->fh_post_saved = true;
if (v4)
fhp->fh_post_change =
- nfsd4_change_attribute(&fhp->fh_post_attr, inode);
+ nfsd4_change_attribute(&fhp->fh_post_attr);
return nfs_ok;
}
@@ -755,7 +752,14 @@ enum fsid_source fsid_source(const struct svc_fh *fhp)
return FSIDSOURCE_DEV;
}
-/*
+/**
+ * nfsd4_change_attribute - Generate an NFSv4 change_attribute value
+ * @stat: inode attributes
+ *
+ * Caller must fill in @stat before calling, typically by invoking
+ * vfs_getattr() with STATX_MODE, STATX_CTIME, and STATX_CHANGE_COOKIE.
+ * Returns an unsigned 64-bit changeid4 value (RFC 8881 Section 3.2).
+ *
* We could use i_version alone as the change attribute. However, i_version
* can go backwards on a regular file after an unclean shutdown. On its own
* that doesn't necessarily cause a problem, but if i_version goes backwards
@@ -772,13 +776,13 @@ enum fsid_source fsid_source(const struct svc_fh *fhp)
* assume that the new change attr is always logged to stable storage in some
* fashion before the results can be seen.
*/
-u64 nfsd4_change_attribute(const struct kstat *stat, const struct inode *inode)
+u64 nfsd4_change_attribute(const struct kstat *stat)
{
u64 chattr;
if (stat->result_mask & STATX_CHANGE_COOKIE) {
chattr = stat->change_cookie;
- if (S_ISREG(inode->i_mode) &&
+ if (S_ISREG(stat->mode) &&
!(stat->attributes & STATX_ATTR_CHANGE_MONOTONIC)) {
chattr += (u64)stat->ctime.tv_sec << 30;
chattr += stat->ctime.tv_nsec;
diff --git a/fs/nfsd/nfsfh.h b/fs/nfsd/nfsfh.h
index 6ebdf7ea27bfd..c3da6d194b5fb 100644
--- a/fs/nfsd/nfsfh.h
+++ b/fs/nfsd/nfsfh.h
@@ -293,8 +293,7 @@ static inline void fh_clear_pre_post_attrs(struct svc_fh *fhp)
fhp->fh_pre_saved = false;
}
-u64 nfsd4_change_attribute(const struct kstat *stat,
- const struct inode *inode);
+u64 nfsd4_change_attribute(const struct kstat *stat);
__be32 __must_check fh_fill_pre_attrs(struct svc_fh *fhp);
__be32 fh_fill_post_attrs(struct svc_fh *fhp);
__be32 __must_check fh_fill_both_attrs(struct svc_fh *fhp);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 530/817] perf list: Fix topic and pmu_name argument order
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (528 preceding siblings ...)
2024-12-03 14:41 ` [PATCH 6.11 529/817] nfsd: drop inode parameter from nfsd4_change_attribute() Greg Kroah-Hartman
@ 2024-12-03 14:41 ` Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 531/817] perf trace: Fix tracing itself, creating feedback loops Greg Kroah-Hartman
` (296 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Kan Liang, Jean-Philippe Romain,
Ian Rogers, Adrian Hunter, Alexander Shishkin, Ingo Molnar,
Jiri Olsa, Junhao He, Mark Rutland, Namhyung Kim, Peter Zijlstra,
Arnaldo Carvalho de Melo, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jean-Philippe Romain <jean-philippe.romain@foss.st.com>
[ Upstream commit d99b3125726aade4f5ec4aae04805134ab4b0abd ]
Fix function definitions to match header file declaration. Fix two
callers to pass the arguments in the right order.
On Intel Tigerlake, before:
```
$ perf list -j|grep "\"Topic\""|sort|uniq
"Topic": "cache",
"Topic": "cpu",
"Topic": "floating point",
"Topic": "frontend",
"Topic": "memory",
"Topic": "other",
"Topic": "pfm icl",
"Topic": "pfm ix86arch",
"Topic": "pfm perf_raw",
"Topic": "pipeline",
"Topic": "tool",
"Topic": "uncore interconnect",
"Topic": "uncore memory",
"Topic": "uncore other",
"Topic": "virtual memory",
$ perf list -j|grep "\"Unit\""|sort|uniq
"Unit": "cache",
"Unit": "cpu",
"Unit": "cstate_core",
"Unit": "cstate_pkg",
"Unit": "i915",
"Unit": "icl",
"Unit": "intel_bts",
"Unit": "intel_pt",
"Unit": "ix86arch",
"Unit": "msr",
"Unit": "perf_raw",
"Unit": "power",
"Unit": "tool",
"Unit": "uncore_arb",
"Unit": "uncore_clock",
"Unit": "uncore_imc_free_running_0",
"Unit": "uncore_imc_free_running_1",
```
After:
```
$ perf list -j|grep "\"Topic\""|sort|uniq
"Topic": "cache",
"Topic": "floating point",
"Topic": "frontend",
"Topic": "memory",
"Topic": "other",
"Topic": "pfm icl",
"Topic": "pfm ix86arch",
"Topic": "pfm perf_raw",
"Topic": "pipeline",
"Topic": "tool",
"Topic": "uncore interconnect",
"Topic": "uncore memory",
"Topic": "uncore other",
"Topic": "virtual memory",
$ perf list -j|grep "\"Unit\""|sort|uniq
"Unit": "cpu",
"Unit": "cstate_core",
"Unit": "cstate_pkg",
"Unit": "i915",
"Unit": "icl",
"Unit": "intel_bts",
"Unit": "intel_pt",
"Unit": "ix86arch",
"Unit": "msr",
"Unit": "perf_raw",
"Unit": "power",
"Unit": "tool",
"Unit": "uncore_arb",
"Unit": "uncore_clock",
"Unit": "uncore_imc_free_running_0",
"Unit": "uncore_imc_free_running_1",
```
Fixes: e5c6109f4813246a ("perf list: Reorganize to use callbacks to allow honouring command line options")
Reviewed-by: Kan Liang <kan.liang@linux.intel.com>
Signed-off-by: Jean-Philippe Romain <jean-philippe.romain@foss.st.com>
Tested-by: Ian Rogers <irogers@google.com>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Junhao He <hejunhao3@huawei.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Link: https://lore.kernel.org/r/20241109025801.560378-1-irogers@google.com
[ I fixed the two callers and added it to Jean-Phillippe's original change. ]
Signed-off-by: Ian Rogers <irogers@google.com>
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/perf/builtin-list.c | 4 ++--
tools/perf/util/pfm.c | 4 ++--
tools/perf/util/pmus.c | 2 +-
3 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/tools/perf/builtin-list.c b/tools/perf/builtin-list.c
index 82cb4b1010aa3..2624ec24fc73b 100644
--- a/tools/perf/builtin-list.c
+++ b/tools/perf/builtin-list.c
@@ -112,7 +112,7 @@ static void wordwrap(FILE *fp, const char *s, int start, int max, int corr)
}
}
-static void default_print_event(void *ps, const char *pmu_name, const char *topic,
+static void default_print_event(void *ps, const char *topic, const char *pmu_name,
const char *event_name, const char *event_alias,
const char *scale_unit __maybe_unused,
bool deprecated, const char *event_type_desc,
@@ -353,7 +353,7 @@ static void fix_escape_fprintf(FILE *fp, struct strbuf *buf, const char *fmt, ..
fputs(buf->buf, fp);
}
-static void json_print_event(void *ps, const char *pmu_name, const char *topic,
+static void json_print_event(void *ps, const char *topic, const char *pmu_name,
const char *event_name, const char *event_alias,
const char *scale_unit,
bool deprecated, const char *event_type_desc,
diff --git a/tools/perf/util/pfm.c b/tools/perf/util/pfm.c
index 5ccfe4b64cdfe..0dacc133ed396 100644
--- a/tools/perf/util/pfm.c
+++ b/tools/perf/util/pfm.c
@@ -233,7 +233,7 @@ print_libpfm_event(const struct print_callbacks *print_cb, void *print_state,
}
if (is_libpfm_event_supported(name, cpus, threads)) {
- print_cb->print_event(print_state, pinfo->name, topic,
+ print_cb->print_event(print_state, topic, pinfo->name,
name, info->equiv,
/*scale_unit=*/NULL,
/*deprecated=*/NULL, "PFM event",
@@ -267,8 +267,8 @@ print_libpfm_event(const struct print_callbacks *print_cb, void *print_state,
continue;
print_cb->print_event(print_state,
- pinfo->name,
topic,
+ pinfo->name,
name, /*alias=*/NULL,
/*scale_unit=*/NULL,
/*deprecated=*/NULL, "PFM event",
diff --git a/tools/perf/util/pmus.c b/tools/perf/util/pmus.c
index 3fcabfd8fca19..efa556e01ade2 100644
--- a/tools/perf/util/pmus.c
+++ b/tools/perf/util/pmus.c
@@ -492,8 +492,8 @@ void perf_pmus__print_pmu_events(const struct print_callbacks *print_cb, void *p
goto free;
print_cb->print_event(print_state,
- aliases[j].pmu_name,
aliases[j].topic,
+ aliases[j].pmu_name,
aliases[j].name,
aliases[j].alias,
aliases[j].scale_unit,
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 531/817] perf trace: Fix tracing itself, creating feedback loops
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (529 preceding siblings ...)
2024-12-03 14:41 ` [PATCH 6.11 530/817] perf list: Fix topic and pmu_name argument order Greg Kroah-Hartman
@ 2024-12-03 14:41 ` Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 532/817] perf trace: Do not lose last events in a race Greg Kroah-Hartman
` (295 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Howard Chu, Arnaldo Carvalho de Melo,
Adrian Hunter, Alexander Shishkin, Ian Rogers, Ingo Molnar,
James Clark, Jiri Olsa, Kan Liang, Mark Rutland, Namhyung Kim,
Peter Zijlstra, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Howard Chu <howardchu95@gmail.com>
[ Upstream commit fe4f9b4124967ffb75d66994520831231b779550 ]
There exists a pids_filtered map in augmented_raw_syscalls.bpf.c that
ceases to provide functionality after the BPF skeleton migration done
in:
5e6da6be3082f77b ("perf trace: Migrate BPF augmentation to use a skeleton")
Before the migration, pid_filtered map works, courtesy of Arnaldo
Carvalho de Melo <acme@kernel.org>:
⬢ [acme@toolbox perf-tools]$ git log --oneline -5
6f769c3458b6cf2d (HEAD) perf tests trace+probe_vfs_getname.sh: Accept quotes surrounding the filename
7777ac3dfe29f55d perf test trace+probe_vfs_getname.sh: Remove stray \ before /
33d9c5062113a4bd perf script python: Add stub for PMU symbol to the python binding
e59fea47f83e8a9a perf symbols: Fix DSO kernel load and symbol process to correctly map DSO to its long_name, type and adjust_symbols
878460e8d0ff84a0 perf build: Remove -Wno-unused-but-set-variable from the flex flags when building with clang < 13.0.0
root@x1:/home/acme/git/perf-tools# perf trace -e /tmp/augmented_raw_syscalls.o -e write* --max-events=30 &
[1] 180632
root@x1:/home/acme/git/perf-tools# 0.000 ( 0.051 ms): NetworkManager/1127 write(fd: 3, buf: 0x7ffeb508ef70, count: 8) = 8
0.115 ( 0.010 ms): NetworkManager/1127 write(fd: 3, buf: 0x7ffeb508ef70, count: 8) = 8
0.916 ( 0.068 ms): sudo/156867 write(fd: 8, buf: 0x55cb4cd2f650, count: 246) = 246
1.699 ( 0.047 ms): sudo/156867 write(fd: 8, buf: 0x55cb4cd2f650, count: 121) = 121
2.167 ( 0.041 ms): sudo/156867 write(fd: 8, buf: 0x55cb4cd2f650, count: 121) = 121
2.739 ( 0.042 ms): sudo/156867 write(fd: 8, buf: 0x55cb4cd2f650, count: 121) = 121
3.138 ( 0.027 ms): sudo/156867 write(fd: 8, buf: 0x55cb4cd2f650, count: 121) = 121
3.477 ( 0.027 ms): sudo/156867 write(fd: 8, buf: 0x55cb4cd2f650, count: 121) = 121
3.738 ( 0.023 ms): sudo/156867 write(fd: 8, buf: 0x55cb4cd2f650, count: 121) = 121
3.946 ( 0.024 ms): sudo/156867 write(fd: 8, buf: 0x55cb4cd2f650, count: 121) = 121
4.195 ( 0.024 ms): sudo/156867 write(fd: 8, buf: 0x55cb4cd2f650, count: 121) = 121
4.212 ( 0.026 ms): NetworkManager/1127 write(fd: 3, buf: 0x7ffeb508ef70, count: 8) = 8
4.285 ( 0.006 ms): NetworkManager/1127 write(fd: 3, buf: 0x7ffeb508ef70, count: 8) = 8
4.445 ( 0.018 ms): sudo/156867 write(fd: 8, buf: 0x55cb4cd2f650, count: 260) = 260
4.508 ( 0.009 ms): sudo/156867 write(fd: 8, buf: 0x55cb4cd2f650, count: 124) = 124
4.592 ( 0.010 ms): sudo/156867 write(fd: 8, buf: 0x55cb4cd2f650, count: 116) = 116
4.666 ( 0.009 ms): sudo/156867 write(fd: 8, buf: 0x55cb4cd2f650, count: 130) = 130
4.715 ( 0.010 ms): sudo/156867 write(fd: 8, buf: 0x55cb4cd2f650, count: 95) = 95
4.765 ( 0.007 ms): sudo/156867 write(fd: 8, buf: 0x55cb4cd2f650, count: 102) = 102
4.815 ( 0.009 ms): sudo/156867 write(fd: 8, buf: 0x55cb4cd2f650, count: 79) = 79
4.890 ( 0.008 ms): sudo/156867 write(fd: 8, buf: 0x55cb4cd2f650, count: 57) = 57
4.937 ( 0.007 ms): sudo/156867 write(fd: 8, buf: 0x55cb4cd2f650, count: 89) = 89
5.009 ( 0.010 ms): sudo/156867 write(fd: 8, buf: 0x55cb4cd2f650, count: 112) = 112
5.059 ( 0.010 ms): sudo/156867 write(fd: 8, buf: 0x55cb4cd2f650, count: 112) = 112
5.116 ( 0.007 ms): sudo/156867 write(fd: 8, buf: 0x55cb4cd2f650, count: 79) = 79
5.152 ( 0.009 ms): sudo/156867 write(fd: 8, buf: 0x55cb4cd2f650, count: 33) = 33
5.215 ( 0.008 ms): sudo/156867 write(fd: 8, buf: 0x55cb4cd2f650, count: 37) = 37
5.293 ( 0.010 ms): sudo/156867 write(fd: 8, buf: 0x55cb4cd2f650, count: 128) = 128
5.339 ( 0.009 ms): sudo/156867 write(fd: 8, buf: 0x55cb4cd2f650, count: 89) = 89
5.384 ( 0.008 ms): sudo/156867 write(fd: 8, buf: 0x55cb4cd2f650, count: 100) = 100
[1]+ Done perf trace -e /tmp/augmented_raw_syscalls.o -e write* --max-events=30
root@x1:/home/acme/git/perf-tools#
No events for the 'perf trace' (pid 180632), i.e. no feedback loop.
If we leave it running:
root@x1:/home/acme/git/perf-tools# perf trace -e /tmp/augmented_raw_syscalls.o -e landlock_add_rule &
[1] 181068
root@x1:/home/acme/git/perf-tools#
And then look at what maps it sets up:
root@x1:/home/acme/git/perf-tools# bpftool map | grep pids_filtered -A3
1190: hash name pids_filtered flags 0x0
key 4B value 1B max_entries 64 memlock 7264B
btf_id 1613
pids perf(181068)
root@x1:/home/acme/git/perf-tools#
And ask for dumping its contents:
We see that we are _also_ setting it to filter those:
root@x1:/home/acme/git/perf-tools# bpftool map dump id 1190
[{
"key": 181068,
"value": 1
},{
"key": 156801,
"value": 1
}
]
Now testing the migration commit:
perf $ git log
commit 5e6da6be3082f77be06894a1a94d52a90b4007dc (HEAD)
Author: Ian Rogers <irogers@google.com>
Date: Thu Aug 10 11:48:51 2023 -0700
perf trace: Migrate BPF augmentation to use a skeleton
perf $ ./perf trace -e write --max-events=10 & echo #!
[1] 1808653
perf $
0.000 ( 0.010 ms): :1808671/1808671 write(fd: 1, buf: 0x6003f5b26fc0, count: 11) = 11
0.162 ( ): perf/1808653 write(fd: 2, buf: 0x7fffc2174e50, count: 11) ...
0.174 ( ): perf/1808653 write(fd: 2, buf: 0x74ce21804563, count: 1) ...
0.184 ( ): perf/1808653 write(fd: 2, buf: 0x57b936589052, count: 5)
The feedback loop is there.
Keep it running, look into the bpf map:
perf $ bpftool map | grep pids_filtered
10675: hash name pids_filtered flags 0x0
perf $ bpftool map dump id 10675
[]
The map is empty.
Now, this commit:
64917f4df048a064 ("perf trace: Use heuristic when deciding if a syscall tracepoint "const char *" field is really a string")
Temporarily fixed the feedback loop for perf trace -e write, that's
because before using the heuristic, write is hooked to sys_enter_openat:
perf $ git log
commit 83a0943b1870944612a8aa0049f910826ebfd4f7 (HEAD)
Author: Arnaldo Carvalho de Melo <acme@redhat.com>
Date: Thu Aug 17 12:11:51 2023 -0300
perf trace: Use the augmented_raw_syscall BPF skel only for tracing syscalls
perf $ ./perf trace -e write --max-events=10 -v 2>&1 | grep Reusing
Reusing "openat" BPF sys_enter augmenter for "write"
And after the heuristic fix, it's unaugmented:
perf $ git log
commit 64917f4df048a0649ea7901c2321f020e71e6f24 (HEAD)
Author: Arnaldo Carvalho de Melo <acme@redhat.com>
Date: Thu Aug 17 15:14:21 2023 -0300
perf trace: Use heuristic when deciding if a syscall tracepoint "const char *" field is really a string
perf $ ./perf trace -e write --max-events=10 -v 2>&1 | grep Reusing
perf $
After using the heuristic, write is hooked to syscall_unaugmented, which
returns 1.
SEC("tp/raw_syscalls/sys_enter")
int syscall_unaugmented(struct syscall_enter_args *args)
{
return 1;
}
If the BPF program returns 1, the tracepoint filter will filter it
(since the tracepoint filter for perf is correctly set), but before the
heuristic, when it was hooked to a sys_enter_openat(), which is a BPF
program that calls bpf_perf_event_output() and writes to the buffer, it
didn't get filtered, thus creating feedback loop. So switching write to
unaugmented accidentally fixed the problem.
But some syscalls are not so lucky, for example newfstatat:
perf $ ./perf trace -e newfstatat --max-events=100 & echo #!
[1] 2166948
457.718 ( ): perf/2166948 newfstatat(dfd: CWD, filename: "/proc/self/ns/mnt", statbuf: 0x7fff0132a9f0) ...
457.749 ( ): perf/2166948 newfstatat(dfd: CWD, filename: "/proc/2166950/ns/mnt", statbuf: 0x7fff0132aa80) ...
457.962 ( ): perf/2166948 newfstatat(dfd: CWD, filename: "/proc/self/ns/mnt", statbuf: 0x7fff0132a9f0) ...
Currently, write is augmented by the new BTF general augmenter (which
calls bpf_perf_event_output()). The problem, which luckily got fixed,
resurfaced, and that’s how it was discovered.
Fixes: 5e6da6be3082f77b ("perf trace: Migrate BPF augmentation to use a skeleton")
Signed-off-by: Howard Chu <howardchu95@gmail.com>
Tested-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Ian Rogers <irogers@google.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: James Clark <james.clark@linaro.org>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Kan Liang <kan.liang@linux.intel.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Link: https://lore.kernel.org/r/20241030052431.2220130-1-howardchu95@gmail.com
[ Check if trace->skel is non-NULL, as it is only initialized if trace->trace_syscalls is set ]
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/perf/builtin-trace.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/tools/perf/builtin-trace.c b/tools/perf/builtin-trace.c
index 5298118ffb15f..c9399bf07c4cf 100644
--- a/tools/perf/builtin-trace.c
+++ b/tools/perf/builtin-trace.c
@@ -3922,6 +3922,9 @@ static int trace__run(struct trace *trace, int argc, const char **argv)
sizeof(__u32), BPF_ANY);
}
}
+
+ if (trace->skel)
+ trace->filter_pids.map = trace->skel->maps.pids_filtered;
#endif
err = trace__set_filter_pids(trace);
if (err < 0)
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 532/817] perf trace: Do not lose last events in a race
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (530 preceding siblings ...)
2024-12-03 14:41 ` [PATCH 6.11 531/817] perf trace: Fix tracing itself, creating feedback loops Greg Kroah-Hartman
@ 2024-12-03 14:41 ` Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 533/817] perf trace: Avoid garbage when not printing a syscalls arguments Greg Kroah-Hartman
` (294 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Benjamin Peterson, Howard Chu,
Adrian Hunter, Alexander Shishkin, Ian Rogers, Ingo Molnar,
Jiri Olsa, Kan Liang, Mark Rutland, Namhyung Kim, Peter Zijlstra,
Arnaldo Carvalho de Melo, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Benjamin Peterson <benjamin@engflow.com>
[ Upstream commit 3fd7c36973a250e17a4ee305a31545a9426021f4 ]
If a perf trace event selector specifies a maximum number of events to output
(i.e., "/nr=N/" syntax), the event printing handler, trace__event_handler,
disables the event selector after the maximum number events are
printed.
Furthermore, trace__event_handler checked if the event selector was
disabled before doing any work. This avoided exceeding the maximum
number of events to print if more events were in the buffer before the
selector was disabled.
However, the event selector can be disabled for reasons other than
exceeding the maximum number of events. In particular, when the traced
subprocess exits, the main loop disables all event selectors. This meant
the last events of a traced subprocess might be lost to the printing
handler's short-circuiting logic.
This nondeterministic problem could be seen by running the following many times:
$ perf trace -e syscalls:sys_enter_exit_group true
trace__event_handler should simply check for exceeding the maximum number of
events to print rather than the state of the event selector.
Fixes: a9c5e6c1e9bff42c ("perf trace: Introduce per-event maximum number of events property")
Signed-off-by: Benjamin Peterson <benjamin@engflow.com>
Tested-by: Howard Chu <howardchu95@gmail.com>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Ian Rogers <irogers@google.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Kan Liang <kan.liang@linux.intel.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Link: https://lore.kernel.org/r/20241107232128.108981-1-benjamin@engflow.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/perf/builtin-trace.c | 9 ++-------
1 file changed, 2 insertions(+), 7 deletions(-)
diff --git a/tools/perf/builtin-trace.c b/tools/perf/builtin-trace.c
index c9399bf07c4cf..fb1673f704a31 100644
--- a/tools/perf/builtin-trace.c
+++ b/tools/perf/builtin-trace.c
@@ -2811,13 +2811,8 @@ static int trace__event_handler(struct trace *trace, struct evsel *evsel,
{
struct thread *thread;
int callchain_ret = 0;
- /*
- * Check if we called perf_evsel__disable(evsel) due to, for instance,
- * this event's max_events having been hit and this is an entry coming
- * from the ring buffer that we should discard, since the max events
- * have already been considered/printed.
- */
- if (evsel->disabled)
+
+ if (evsel->nr_events_printed >= evsel->max_events)
return 0;
thread = machine__findnew_thread(trace->host, sample->pid, sample->tid);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 533/817] perf trace: Avoid garbage when not printing a syscalls arguments
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (531 preceding siblings ...)
2024-12-03 14:41 ` [PATCH 6.11 532/817] perf trace: Do not lose last events in a race Greg Kroah-Hartman
@ 2024-12-03 14:41 ` Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 534/817] remoteproc: qcom: pas: Remove subdevs on the error path of adsp_probe() Greg Kroah-Hartman
` (293 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Benjamin Peterson,
Arnaldo Carvalho de Melo, Howard Chu, Adrian Hunter,
Alexander Shishkin, Ian Rogers, Ingo Molnar, Jiri Olsa, Kan Liang,
Mark Rutland, Namhyung Kim, Peter Zijlstra, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Benjamin Peterson <benjamin@engflow.com>
[ Upstream commit 1302e352b26f34991b619b5d0b621b76d20a3883 ]
syscall__scnprintf_args may not place anything in the output buffer
(e.g., because the arguments are all zero). If that happened in
trace__fprintf_sys_enter, its fprintf would receive an unitialized
buffer leading to garbage output.
Fix the problem by passing the (possibly zero) bounds of the argument
buffer to the output fprintf.
Fixes: a98392bb1e169a04 ("perf trace: Use beautifiers on syscalls:sys_enter_ handlers")
Signed-off-by: Benjamin Peterson <benjamin@engflow.com>
Tested-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Tested-by: Howard Chu <howardchu95@gmail.com>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Ian Rogers <irogers@google.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Kan Liang <kan.liang@linux.intel.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Link: https://lore.kernel.org/r/20241107232128.108981-2-benjamin@engflow.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/perf/builtin-trace.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/tools/perf/builtin-trace.c b/tools/perf/builtin-trace.c
index fb1673f704a31..65cab0bdd668a 100644
--- a/tools/perf/builtin-trace.c
+++ b/tools/perf/builtin-trace.c
@@ -2423,6 +2423,7 @@ static int trace__fprintf_sys_enter(struct trace *trace, struct evsel *evsel,
char msg[1024];
void *args, *augmented_args = NULL;
int augmented_args_size;
+ size_t printed = 0;
if (sc == NULL)
return -1;
@@ -2438,8 +2439,8 @@ static int trace__fprintf_sys_enter(struct trace *trace, struct evsel *evsel,
args = perf_evsel__sc_tp_ptr(evsel, args, sample);
augmented_args = syscall__augmented_args(sc, sample, &augmented_args_size, trace->raw_augmented_syscalls_args_size);
- syscall__scnprintf_args(sc, msg, sizeof(msg), args, augmented_args, augmented_args_size, trace, thread);
- fprintf(trace->output, "%s", msg);
+ printed += syscall__scnprintf_args(sc, msg, sizeof(msg), args, augmented_args, augmented_args_size, trace, thread);
+ fprintf(trace->output, "%.*s", (int)printed, msg);
err = 0;
out_put:
thread__put(thread);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 534/817] remoteproc: qcom: pas: Remove subdevs on the error path of adsp_probe()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (532 preceding siblings ...)
2024-12-03 14:41 ` [PATCH 6.11 533/817] perf trace: Avoid garbage when not printing a syscalls arguments Greg Kroah-Hartman
@ 2024-12-03 14:41 ` Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 535/817] remoteproc: qcom: adsp: " Greg Kroah-Hartman
` (292 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Joe Hattori, Bjorn Andersson,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Joe Hattori <joe@pf.is.s.u-tokyo.ac.jp>
[ Upstream commit 587b67cf62a91b10a47f41c20ed8ad71db375334 ]
Current implementation of adsp_probe() in qcom_q6v5_pas.c does not
remove the subdevs of adsp on the error path. Fix this bug by calling
qcom_remove_{ssr,sysmon,pdm,smd,glink}_subdev(), qcom_q6v5_deinit(), and
adsp_unassign_memory_region() appropriately.
Fixes: 4b48921a8f74 ("remoteproc: qcom: Use common SMD edge handler")
Signed-off-by: Joe Hattori <joe@pf.is.s.u-tokyo.ac.jp>
Link: https://lore.kernel.org/r/a1cabc64240022a7f1d5237aa2aa6f72d8fb7052.1731038950.git.joe@pf.is.s.u-tokyo.ac.jp
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/remoteproc/qcom_q6v5_pas.c | 20 +++++++++++++++-----
1 file changed, 15 insertions(+), 5 deletions(-)
diff --git a/drivers/remoteproc/qcom_q6v5_pas.c b/drivers/remoteproc/qcom_q6v5_pas.c
index 88e7b84f223c0..65467876f09e2 100644
--- a/drivers/remoteproc/qcom_q6v5_pas.c
+++ b/drivers/remoteproc/qcom_q6v5_pas.c
@@ -759,16 +759,16 @@ static int adsp_probe(struct platform_device *pdev)
ret = adsp_init_clock(adsp);
if (ret)
- goto free_rproc;
+ goto unassign_mem;
ret = adsp_init_regulator(adsp);
if (ret)
- goto free_rproc;
+ goto unassign_mem;
ret = adsp_pds_attach(&pdev->dev, adsp->proxy_pds,
desc->proxy_pd_names);
if (ret < 0)
- goto free_rproc;
+ goto unassign_mem;
adsp->proxy_pd_count = ret;
ret = qcom_q6v5_init(&adsp->q6v5, pdev, rproc, desc->crash_reason_smem, desc->load_state,
@@ -784,18 +784,28 @@ static int adsp_probe(struct platform_device *pdev)
desc->ssctl_id);
if (IS_ERR(adsp->sysmon)) {
ret = PTR_ERR(adsp->sysmon);
- goto detach_proxy_pds;
+ goto deinit_remove_pdm_smd_glink;
}
qcom_add_ssr_subdev(rproc, &adsp->ssr_subdev, desc->ssr_name);
ret = rproc_add(rproc);
if (ret)
- goto detach_proxy_pds;
+ goto remove_ssr_sysmon;
return 0;
+remove_ssr_sysmon:
+ qcom_remove_ssr_subdev(rproc, &adsp->ssr_subdev);
+ qcom_remove_sysmon_subdev(adsp->sysmon);
+deinit_remove_pdm_smd_glink:
+ qcom_remove_pdm_subdev(rproc, &adsp->pdm_subdev);
+ qcom_remove_smd_subdev(rproc, &adsp->smd_subdev);
+ qcom_remove_glink_subdev(rproc, &adsp->glink_subdev);
+ qcom_q6v5_deinit(&adsp->q6v5);
detach_proxy_pds:
adsp_pds_detach(adsp, adsp->proxy_pds, adsp->proxy_pd_count);
+unassign_mem:
+ adsp_unassign_memory_region(adsp);
free_rproc:
device_init_wakeup(adsp->dev, false);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 535/817] remoteproc: qcom: adsp: Remove subdevs on the error path of adsp_probe()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (533 preceding siblings ...)
2024-12-03 14:41 ` [PATCH 6.11 534/817] remoteproc: qcom: pas: Remove subdevs on the error path of adsp_probe() Greg Kroah-Hartman
@ 2024-12-03 14:41 ` Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 536/817] remoteproc: qcom: pas: add minidump_id to SM8350 resources Greg Kroah-Hartman
` (291 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Joe Hattori, Bjorn Andersson,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Joe Hattori <joe@pf.is.s.u-tokyo.ac.jp>
[ Upstream commit fe80d3205e91e36e67f4d3d6c326793298d15766 ]
Current implementation of adsp_probe() in qcom_q6v5_adsp.c and does not
remove the subdevs of adsp on the error path. Fix this bug by calling
qcom_remove_{ssr,sysmon,pdm,smd,glink}_subdev(), and qcom_q6v5_deinit()
appropriately.
Fixes: dc160e449122 ("remoteproc: qcom: Introduce Non-PAS ADSP PIL driver")
Signed-off-by: Joe Hattori <joe@pf.is.s.u-tokyo.ac.jp>
Link: https://lore.kernel.org/r/fed3df4219543d46b88bacf87990d947f3fac8d7.1731038950.git.joe@pf.is.s.u-tokyo.ac.jp
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/remoteproc/qcom_q6v5_adsp.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/drivers/remoteproc/qcom_q6v5_adsp.c b/drivers/remoteproc/qcom_q6v5_adsp.c
index 572dcb0f055b7..223f6ca0745d3 100644
--- a/drivers/remoteproc/qcom_q6v5_adsp.c
+++ b/drivers/remoteproc/qcom_q6v5_adsp.c
@@ -734,15 +734,22 @@ static int adsp_probe(struct platform_device *pdev)
desc->ssctl_id);
if (IS_ERR(adsp->sysmon)) {
ret = PTR_ERR(adsp->sysmon);
- goto disable_pm;
+ goto deinit_remove_glink_pdm_ssr;
}
ret = rproc_add(rproc);
if (ret)
- goto disable_pm;
+ goto remove_sysmon;
return 0;
+remove_sysmon:
+ qcom_remove_sysmon_subdev(adsp->sysmon);
+deinit_remove_glink_pdm_ssr:
+ qcom_q6v5_deinit(&adsp->q6v5);
+ qcom_remove_glink_subdev(rproc, &adsp->glink_subdev);
+ qcom_remove_pdm_subdev(rproc, &adsp->pdm_subdev);
+ qcom_remove_ssr_subdev(rproc, &adsp->ssr_subdev);
disable_pm:
qcom_rproc_pds_detach(adsp);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 536/817] remoteproc: qcom: pas: add minidump_id to SM8350 resources
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (534 preceding siblings ...)
2024-12-03 14:41 ` [PATCH 6.11 535/817] remoteproc: qcom: adsp: " Greg Kroah-Hartman
@ 2024-12-03 14:41 ` Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 537/817] rpmsg: glink: use only lower 16-bits of param2 for CMD_OPEN name length Greg Kroah-Hartman
` (290 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dmitry Baryshkov, Neil Armstrong,
Bjorn Andersson, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
[ Upstream commit e8983156d54f59f57e648ecd44f01c16572da842 ]
Specify minidump_id for the SM8350 DSPs. It was omitted for in the
original commit e8b4e9a21af7 ("remoteproc: qcom: pas: Add SM8350 PAS
remoteprocs").
Fixes: e8b4e9a21af7 ("remoteproc: qcom: pas: Add SM8350 PAS remoteprocs")
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Reviewed-by: Neil Armstrong <neil.armstrong@linaro.org>
Link: https://lore.kernel.org/r/20241027-sar2130p-adsp-v1-2-bd204e39d24e@linaro.org
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/remoteproc/qcom_q6v5_pas.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/remoteproc/qcom_q6v5_pas.c b/drivers/remoteproc/qcom_q6v5_pas.c
index 65467876f09e2..a4abec1e1e846 100644
--- a/drivers/remoteproc/qcom_q6v5_pas.c
+++ b/drivers/remoteproc/qcom_q6v5_pas.c
@@ -900,6 +900,7 @@ static const struct adsp_data sm8250_adsp_resource = {
.crash_reason_smem = 423,
.firmware_name = "adsp.mdt",
.pas_id = 1,
+ .minidump_id = 5,
.auto_boot = true,
.proxy_pd_names = (char*[]){
"lcx",
@@ -1081,6 +1082,7 @@ static const struct adsp_data sm8350_cdsp_resource = {
.crash_reason_smem = 601,
.firmware_name = "cdsp.mdt",
.pas_id = 18,
+ .minidump_id = 7,
.auto_boot = true,
.proxy_pd_names = (char*[]){
"cx",
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 537/817] rpmsg: glink: use only lower 16-bits of param2 for CMD_OPEN name length
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (535 preceding siblings ...)
2024-12-03 14:41 ` [PATCH 6.11 536/817] remoteproc: qcom: pas: add minidump_id to SM8350 resources Greg Kroah-Hartman
@ 2024-12-03 14:41 ` Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 538/817] remoteproc: qcom_q6v5_mss: Re-order writes to the IMEM region Greg Kroah-Hartman
` (289 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jonathan Marek, Dmitry Baryshkov,
Bjorn Andersson, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jonathan Marek <jonathan@marek.ca>
[ Upstream commit 06c59d97f63c1b8af521fa5aef8a716fb988b285 ]
The name len field of the CMD_OPEN packet is only 16-bits and the upper
16-bits of "param2" are a different "prio" field, which can be nonzero in
certain situations, and CMD_OPEN packets can be unexpectedly dropped
because of this.
Fix this by masking out the upper 16 bits of param2.
Fixes: b4f8e52b89f6 ("rpmsg: Introduce Qualcomm RPM glink driver")
Signed-off-by: Jonathan Marek <jonathan@marek.ca>
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Link: https://lore.kernel.org/r/20241007235935.6216-1-jonathan@marek.ca
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/rpmsg/qcom_glink_native.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/rpmsg/qcom_glink_native.c b/drivers/rpmsg/qcom_glink_native.c
index d877a1a1aeb4b..c7f91a82e634f 100644
--- a/drivers/rpmsg/qcom_glink_native.c
+++ b/drivers/rpmsg/qcom_glink_native.c
@@ -1117,7 +1117,8 @@ void qcom_glink_native_rx(struct qcom_glink *glink)
qcom_glink_rx_advance(glink, ALIGN(sizeof(msg), 8));
break;
case GLINK_CMD_OPEN:
- ret = qcom_glink_rx_defer(glink, param2);
+ /* upper 16 bits of param2 are the "prio" field */
+ ret = qcom_glink_rx_defer(glink, param2 & 0xffff);
break;
case GLINK_CMD_TX_DATA:
case GLINK_CMD_TX_DATA_CONT:
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 538/817] remoteproc: qcom_q6v5_mss: Re-order writes to the IMEM region
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (536 preceding siblings ...)
2024-12-03 14:41 ` [PATCH 6.11 537/817] rpmsg: glink: use only lower 16-bits of param2 for CMD_OPEN name length Greg Kroah-Hartman
@ 2024-12-03 14:41 ` Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 539/817] PCI: endpoint: epf-mhi: Avoid NULL dereference if DT lacks mmio Greg Kroah-Hartman
` (288 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Sibi Sankar, Douglas Anderson,
Bjorn Andersson, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sibi Sankar <quic_sibis@quicinc.com>
[ Upstream commit 7b22b7719fc17d5979a991c918c868ab041be5c8 ]
Any write access to the IMEM region when the Q6 is setting up XPU
protection on it will result in a XPU violation. Fix this by ensuring
IMEM writes related to the MBA post-mortem logs happen before the Q6
is brought out of reset.
Fixes: 318130cc9362 ("remoteproc: qcom_q6v5_mss: Add MBA log extraction support")
Signed-off-by: Sibi Sankar <quic_sibis@quicinc.com>
Reviewed-by: Douglas Anderson <dianders@chromium.org>
Tested-by: Douglas Anderson <dianders@chromium.org>
Link: https://lore.kernel.org/r/20240819073020.3291287-1-quic_sibis@quicinc.com
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/remoteproc/qcom_q6v5_mss.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/remoteproc/qcom_q6v5_mss.c b/drivers/remoteproc/qcom_q6v5_mss.c
index 2a42215ce8e07..32c3531b20c70 100644
--- a/drivers/remoteproc/qcom_q6v5_mss.c
+++ b/drivers/remoteproc/qcom_q6v5_mss.c
@@ -1162,6 +1162,9 @@ static int q6v5_mba_load(struct q6v5 *qproc)
goto disable_active_clks;
}
+ if (qproc->has_mba_logs)
+ qcom_pil_info_store("mba", qproc->mba_phys, MBA_LOG_SIZE);
+
writel(qproc->mba_phys, qproc->rmb_base + RMB_MBA_IMAGE_REG);
if (qproc->dp_size) {
writel(qproc->mba_phys + SZ_1M, qproc->rmb_base + RMB_PMI_CODE_START_REG);
@@ -1172,9 +1175,6 @@ static int q6v5_mba_load(struct q6v5 *qproc)
if (ret)
goto reclaim_mba;
- if (qproc->has_mba_logs)
- qcom_pil_info_store("mba", qproc->mba_phys, MBA_LOG_SIZE);
-
ret = q6v5_rmb_mba_wait(qproc, 0, 5000);
if (ret == -ETIMEDOUT) {
dev_err(qproc->dev, "MBA boot timed out\n");
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 539/817] PCI: endpoint: epf-mhi: Avoid NULL dereference if DT lacks mmio
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (537 preceding siblings ...)
2024-12-03 14:41 ` [PATCH 6.11 538/817] remoteproc: qcom_q6v5_mss: Re-order writes to the IMEM region Greg Kroah-Hartman
@ 2024-12-03 14:41 ` Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 540/817] NFSD: Prevent NULL dereference in nfsd4_process_cb_update() Greg Kroah-Hartman
` (287 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhongqiu Han,
Krzysztof Wilczyński, Bjorn Helgaas, Niklas Cassel,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zhongqiu Han <quic_zhonhan@quicinc.com>
[ Upstream commit 5089b3d874e9933d9842e90410d3af1520494757 ]
If platform_get_resource_byname() fails and returns NULL because DT lacks
an 'mmio' property for the MHI endpoint, dereferencing res->start will
cause a NULL pointer access. Add a check to prevent it.
Fixes: 1bf5f25324f7 ("PCI: endpoint: Add PCI Endpoint function driver for MHI bus")
Link: https://lore.kernel.org/r/20241105120735.1240728-1-quic_zhonhan@quicinc.com
Signed-off-by: Zhongqiu Han <quic_zhonhan@quicinc.com>
[kwilczynski: error message update per the review feedback]
Signed-off-by: Krzysztof Wilczyński <kwilczynski@kernel.org>
[bhelgaas: commit log]
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Niklas Cassel <cassel@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/endpoint/functions/pci-epf-mhi.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/pci/endpoint/functions/pci-epf-mhi.c b/drivers/pci/endpoint/functions/pci-epf-mhi.c
index 7d070b1def116..54286a40bdfbf 100644
--- a/drivers/pci/endpoint/functions/pci-epf-mhi.c
+++ b/drivers/pci/endpoint/functions/pci-epf-mhi.c
@@ -867,12 +867,18 @@ static int pci_epf_mhi_bind(struct pci_epf *epf)
{
struct pci_epf_mhi *epf_mhi = epf_get_drvdata(epf);
struct pci_epc *epc = epf->epc;
+ struct device *dev = &epf->dev;
struct platform_device *pdev = to_platform_device(epc->dev.parent);
struct resource *res;
int ret;
/* Get MMIO base address from Endpoint controller */
res = platform_get_resource_byname(pdev, IORESOURCE_MEM, "mmio");
+ if (!res) {
+ dev_err(dev, "Failed to get \"mmio\" resource\n");
+ return -ENODEV;
+ }
+
epf_mhi->mmio_phys = res->start;
epf_mhi->mmio_size = resource_size(res);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 540/817] NFSD: Prevent NULL dereference in nfsd4_process_cb_update()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (538 preceding siblings ...)
2024-12-03 14:41 ` [PATCH 6.11 539/817] PCI: endpoint: epf-mhi: Avoid NULL dereference if DT lacks mmio Greg Kroah-Hartman
@ 2024-12-03 14:41 ` Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 541/817] NFSD: Cap the number of bytes copied by nfs4_reset_recoverydir() Greg Kroah-Hartman
` (286 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:41 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Jeff Layton, Chuck Lever,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chuck Lever <chuck.lever@oracle.com>
[ Upstream commit 1e02c641c3a43c88cecc08402000418e15578d38 ]
@ses is initialized to NULL. If __nfsd4_find_backchannel() finds no
available backchannel session, setup_callback_client() will try to
dereference @ses and segfault.
Fixes: dcbeaa68dbbd ("nfsd4: allow backchannel recovery")
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/nfsd/nfs4callback.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/fs/nfsd/nfs4callback.c b/fs/nfsd/nfs4callback.c
index d756f443fc444..e6183097517ff 100644
--- a/fs/nfsd/nfs4callback.c
+++ b/fs/nfsd/nfs4callback.c
@@ -1455,6 +1455,8 @@ static void nfsd4_process_cb_update(struct nfsd4_callback *cb)
ses = c->cn_session;
}
spin_unlock(&clp->cl_lock);
+ if (!c)
+ return;
err = setup_callback_client(clp, &conn, ses);
if (err) {
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 541/817] NFSD: Cap the number of bytes copied by nfs4_reset_recoverydir()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (539 preceding siblings ...)
2024-12-03 14:41 ` [PATCH 6.11 540/817] NFSD: Prevent NULL dereference in nfsd4_process_cb_update() Greg Kroah-Hartman
@ 2024-12-03 14:41 ` Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 542/817] nfsd: release svc_expkey/svc_export with rcu_work Greg Kroah-Hartman
` (285 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:41 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Jeff Layton, Chuck Lever,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chuck Lever <chuck.lever@oracle.com>
[ Upstream commit f64ea4af43161bb86ffc77e6aeb5bcf5c3229df0 ]
It's only current caller already length-checks the string, but let's
be safe.
Fixes: 0964a3d3f1aa ("[PATCH] knfsd: nfsd4 reboot dirname fix")
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/nfsd/nfs4recover.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/fs/nfsd/nfs4recover.c b/fs/nfsd/nfs4recover.c
index 69a3a84e159e6..d92c650888312 100644
--- a/fs/nfsd/nfs4recover.c
+++ b/fs/nfsd/nfs4recover.c
@@ -659,7 +659,8 @@ nfs4_reset_recoverydir(char *recdir)
return status;
status = -ENOTDIR;
if (d_is_dir(path.dentry)) {
- strcpy(user_recovery_dirname, recdir);
+ strscpy(user_recovery_dirname, recdir,
+ sizeof(user_recovery_dirname));
status = 0;
}
path_put(&path);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 542/817] nfsd: release svc_expkey/svc_export with rcu_work
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (540 preceding siblings ...)
2024-12-03 14:41 ` [PATCH 6.11 541/817] NFSD: Cap the number of bytes copied by nfs4_reset_recoverydir() Greg Kroah-Hartman
@ 2024-12-03 14:41 ` Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 543/817] svcrdma: fix miss destroy percpu_counter in svc_rdma_proc_init() Greg Kroah-Hartman
` (284 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Erkun, Jeff Layton, Chuck Lever,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yang Erkun <yangerkun@huawei.com>
[ Upstream commit f8c989a0c89a75d30f899a7cabdc14d72522bb8d ]
The last reference for `cache_head` can be reduced to zero in `c_show`
and `e_show`(using `rcu_read_lock` and `rcu_read_unlock`). Consequently,
`svc_export_put` and `expkey_put` will be invoked, leading to two
issues:
1. The `svc_export_put` will directly free ex_uuid. However,
`e_show`/`c_show` will access `ex_uuid` after `cache_put`, which can
trigger a use-after-free issue, shown below.
==================================================================
BUG: KASAN: slab-use-after-free in svc_export_show+0x362/0x430 [nfsd]
Read of size 1 at addr ff11000010fdc120 by task cat/870
CPU: 1 UID: 0 PID: 870 Comm: cat Not tainted 6.12.0-rc3+ #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
1.16.1-2.fc37 04/01/2014
Call Trace:
<TASK>
dump_stack_lvl+0x53/0x70
print_address_description.constprop.0+0x2c/0x3a0
print_report+0xb9/0x280
kasan_report+0xae/0xe0
svc_export_show+0x362/0x430 [nfsd]
c_show+0x161/0x390 [sunrpc]
seq_read_iter+0x589/0x770
seq_read+0x1e5/0x270
proc_reg_read+0xe1/0x140
vfs_read+0x125/0x530
ksys_read+0xc1/0x160
do_syscall_64+0x5f/0x170
entry_SYSCALL_64_after_hwframe+0x76/0x7e
Allocated by task 830:
kasan_save_stack+0x20/0x40
kasan_save_track+0x14/0x30
__kasan_kmalloc+0x8f/0xa0
__kmalloc_node_track_caller_noprof+0x1bc/0x400
kmemdup_noprof+0x22/0x50
svc_export_parse+0x8a9/0xb80 [nfsd]
cache_do_downcall+0x71/0xa0 [sunrpc]
cache_write_procfs+0x8e/0xd0 [sunrpc]
proc_reg_write+0xe1/0x140
vfs_write+0x1a5/0x6d0
ksys_write+0xc1/0x160
do_syscall_64+0x5f/0x170
entry_SYSCALL_64_after_hwframe+0x76/0x7e
Freed by task 868:
kasan_save_stack+0x20/0x40
kasan_save_track+0x14/0x30
kasan_save_free_info+0x3b/0x60
__kasan_slab_free+0x37/0x50
kfree+0xf3/0x3e0
svc_export_put+0x87/0xb0 [nfsd]
cache_purge+0x17f/0x1f0 [sunrpc]
nfsd_destroy_serv+0x226/0x2d0 [nfsd]
nfsd_svc+0x125/0x1e0 [nfsd]
write_threads+0x16a/0x2a0 [nfsd]
nfsctl_transaction_write+0x74/0xa0 [nfsd]
vfs_write+0x1a5/0x6d0
ksys_write+0xc1/0x160
do_syscall_64+0x5f/0x170
entry_SYSCALL_64_after_hwframe+0x76/0x7e
2. We cannot sleep while using `rcu_read_lock`/`rcu_read_unlock`.
However, `svc_export_put`/`expkey_put` will call path_put, which
subsequently triggers a sleeping operation due to the following
`dput`.
=============================
WARNING: suspicious RCU usage
5.10.0-dirty #141 Not tainted
-----------------------------
...
Call Trace:
dump_stack+0x9a/0xd0
___might_sleep+0x231/0x240
dput+0x39/0x600
path_put+0x1b/0x30
svc_export_put+0x17/0x80
e_show+0x1c9/0x200
seq_read_iter+0x63f/0x7c0
seq_read+0x226/0x2d0
vfs_read+0x113/0x2c0
ksys_read+0xc9/0x170
do_syscall_64+0x33/0x40
entry_SYSCALL_64_after_hwframe+0x67/0xd1
Fix these issues by using `rcu_work` to help release
`svc_expkey`/`svc_export`. This approach allows for an asynchronous
context to invoke `path_put` and also facilitates the freeing of
`uuid/exp/key` after an RCU grace period.
Fixes: 9ceddd9da134 ("knfsd: Allow lockless lookups of the exports")
Signed-off-by: Yang Erkun <yangerkun@huawei.com>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/nfsd/export.c | 31 +++++++++++++++++++++++++------
fs/nfsd/export.h | 4 ++--
2 files changed, 27 insertions(+), 8 deletions(-)
diff --git a/fs/nfsd/export.c b/fs/nfsd/export.c
index 50b3135d07ac7..d8e22bae76e8c 100644
--- a/fs/nfsd/export.c
+++ b/fs/nfsd/export.c
@@ -40,15 +40,24 @@
#define EXPKEY_HASHMAX (1 << EXPKEY_HASHBITS)
#define EXPKEY_HASHMASK (EXPKEY_HASHMAX -1)
-static void expkey_put(struct kref *ref)
+static void expkey_put_work(struct work_struct *work)
{
- struct svc_expkey *key = container_of(ref, struct svc_expkey, h.ref);
+ struct svc_expkey *key =
+ container_of(to_rcu_work(work), struct svc_expkey, ek_rcu_work);
if (test_bit(CACHE_VALID, &key->h.flags) &&
!test_bit(CACHE_NEGATIVE, &key->h.flags))
path_put(&key->ek_path);
auth_domain_put(key->ek_client);
- kfree_rcu(key, ek_rcu);
+ kfree(key);
+}
+
+static void expkey_put(struct kref *ref)
+{
+ struct svc_expkey *key = container_of(ref, struct svc_expkey, h.ref);
+
+ INIT_RCU_WORK(&key->ek_rcu_work, expkey_put_work);
+ queue_rcu_work(system_wq, &key->ek_rcu_work);
}
static int expkey_upcall(struct cache_detail *cd, struct cache_head *h)
@@ -355,16 +364,26 @@ static void export_stats_destroy(struct export_stats *stats)
EXP_STATS_COUNTERS_NUM);
}
-static void svc_export_put(struct kref *ref)
+static void svc_export_put_work(struct work_struct *work)
{
- struct svc_export *exp = container_of(ref, struct svc_export, h.ref);
+ struct svc_export *exp =
+ container_of(to_rcu_work(work), struct svc_export, ex_rcu_work);
+
path_put(&exp->ex_path);
auth_domain_put(exp->ex_client);
nfsd4_fslocs_free(&exp->ex_fslocs);
export_stats_destroy(exp->ex_stats);
kfree(exp->ex_stats);
kfree(exp->ex_uuid);
- kfree_rcu(exp, ex_rcu);
+ kfree(exp);
+}
+
+static void svc_export_put(struct kref *ref)
+{
+ struct svc_export *exp = container_of(ref, struct svc_export, h.ref);
+
+ INIT_RCU_WORK(&exp->ex_rcu_work, svc_export_put_work);
+ queue_rcu_work(system_wq, &exp->ex_rcu_work);
}
static int svc_export_upcall(struct cache_detail *cd, struct cache_head *h)
diff --git a/fs/nfsd/export.h b/fs/nfsd/export.h
index ca9dc230ae3d0..9d895570ceba0 100644
--- a/fs/nfsd/export.h
+++ b/fs/nfsd/export.h
@@ -75,7 +75,7 @@ struct svc_export {
u32 ex_layout_types;
struct nfsd4_deviceid_map *ex_devid_map;
struct cache_detail *cd;
- struct rcu_head ex_rcu;
+ struct rcu_work ex_rcu_work;
unsigned long ex_xprtsec_modes;
struct export_stats *ex_stats;
};
@@ -92,7 +92,7 @@ struct svc_expkey {
u32 ek_fsid[6];
struct path ek_path;
- struct rcu_head ek_rcu;
+ struct rcu_work ek_rcu_work;
};
#define EX_ISSYNC(exp) (!((exp)->ex_flags & NFSEXP_ASYNC))
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 543/817] svcrdma: fix miss destroy percpu_counter in svc_rdma_proc_init()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (541 preceding siblings ...)
2024-12-03 14:41 ` [PATCH 6.11 542/817] nfsd: release svc_expkey/svc_export with rcu_work Greg Kroah-Hartman
@ 2024-12-03 14:41 ` Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 544/817] NFSD: Fix nfsd4_shutdown_copy() Greg Kroah-Hartman
` (283 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:41 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Ye Bin, Chuck Lever, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ye Bin <yebin10@huawei.com>
[ Upstream commit ce89e742a4c12b20f09a43fec1b21db33f2166cd ]
There's issue as follows:
RPC: Registered rdma transport module.
RPC: Registered rdma backchannel transport module.
RPC: Unregistered rdma transport module.
RPC: Unregistered rdma backchannel transport module.
BUG: unable to handle page fault for address: fffffbfff80c609a
PGD 123fee067 P4D 123fee067 PUD 123fea067 PMD 10c624067 PTE 0
Oops: Oops: 0000 [#1] PREEMPT SMP KASAN NOPTI
RIP: 0010:percpu_counter_destroy_many+0xf7/0x2a0
Call Trace:
<TASK>
__die+0x1f/0x70
page_fault_oops+0x2cd/0x860
spurious_kernel_fault+0x36/0x450
do_kern_addr_fault+0xca/0x100
exc_page_fault+0x128/0x150
asm_exc_page_fault+0x26/0x30
percpu_counter_destroy_many+0xf7/0x2a0
mmdrop+0x209/0x350
finish_task_switch.isra.0+0x481/0x840
schedule_tail+0xe/0xd0
ret_from_fork+0x23/0x80
ret_from_fork_asm+0x1a/0x30
</TASK>
If register_sysctl() return NULL, then svc_rdma_proc_cleanup() will not
destroy the percpu counters which init in svc_rdma_proc_init().
If CONFIG_HOTPLUG_CPU is enabled, residual nodes may be in the
'percpu_counters' list. The above issue may occur once the module is
removed. If the CONFIG_HOTPLUG_CPU configuration is not enabled, memory
leakage occurs.
To solve above issue just destroy all percpu counters when
register_sysctl() return NULL.
Fixes: 1e7e55731628 ("svcrdma: Restore read and write stats")
Fixes: 22df5a22462e ("svcrdma: Convert rdma_stat_sq_starve to a per-CPU counter")
Fixes: df971cd853c0 ("svcrdma: Convert rdma_stat_recv to a per-CPU counter")
Signed-off-by: Ye Bin <yebin10@huawei.com>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/sunrpc/xprtrdma/svc_rdma.c | 19 ++++++++++++++-----
1 file changed, 14 insertions(+), 5 deletions(-)
diff --git a/net/sunrpc/xprtrdma/svc_rdma.c b/net/sunrpc/xprtrdma/svc_rdma.c
index 58ae6ec4f25b4..415c0310101f0 100644
--- a/net/sunrpc/xprtrdma/svc_rdma.c
+++ b/net/sunrpc/xprtrdma/svc_rdma.c
@@ -233,25 +233,34 @@ static int svc_rdma_proc_init(void)
rc = percpu_counter_init(&svcrdma_stat_read, 0, GFP_KERNEL);
if (rc)
- goto out_err;
+ goto err;
rc = percpu_counter_init(&svcrdma_stat_recv, 0, GFP_KERNEL);
if (rc)
- goto out_err;
+ goto err_read;
rc = percpu_counter_init(&svcrdma_stat_sq_starve, 0, GFP_KERNEL);
if (rc)
- goto out_err;
+ goto err_recv;
rc = percpu_counter_init(&svcrdma_stat_write, 0, GFP_KERNEL);
if (rc)
- goto out_err;
+ goto err_sq;
svcrdma_table_header = register_sysctl("sunrpc/svc_rdma",
svcrdma_parm_table);
+ if (!svcrdma_table_header)
+ goto err_write;
+
return 0;
-out_err:
+err_write:
+ rc = -ENOMEM;
+ percpu_counter_destroy(&svcrdma_stat_write);
+err_sq:
percpu_counter_destroy(&svcrdma_stat_sq_starve);
+err_recv:
percpu_counter_destroy(&svcrdma_stat_recv);
+err_read:
percpu_counter_destroy(&svcrdma_stat_read);
+err:
return rc;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 544/817] NFSD: Fix nfsd4_shutdown_copy()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (542 preceding siblings ...)
2024-12-03 14:41 ` [PATCH 6.11 543/817] svcrdma: fix miss destroy percpu_counter in svc_rdma_proc_init() Greg Kroah-Hartman
@ 2024-12-03 14:41 ` Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 545/817] f2fs: clean up val{>>,<<}F2FS_BLKSIZE_BITS Greg Kroah-Hartman
` (282 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:41 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Jeff Layton, Chuck Lever,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chuck Lever <chuck.lever@oracle.com>
[ Upstream commit 62a8642ba00aa8ceb0a02ade942f5ec52e877c95 ]
nfsd4_shutdown_copy() is just this:
while ((copy = nfsd4_get_copy(clp)) != NULL)
nfsd4_stop_copy(copy);
nfsd4_get_copy() bumps @copy's reference count, preventing
nfsd4_stop_copy() from releasing @copy.
A while loop like this usually works by removing the first element
of the list, but neither nfsd4_get_copy() nor nfsd4_stop_copy()
alters the async_copies list.
Best I can tell, then, is that nfsd4_shutdown_copy() continues to
loop until other threads manage to remove all the items from this
list. The spinning loop blocks shutdown until these items are gone.
Possibly the reason we haven't seen this issue in the field is
because client_has_state() prevents __destroy_client() from calling
nfsd4_shutdown_copy() if there are any items on this list. In a
subsequent patch I plan to remove that restriction.
Fixes: e0639dc5805a ("NFSD introduce async copy feature")
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/nfsd/nfs4proc.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c
index 8b78d493e301f..0d6505ac1a33e 100644
--- a/fs/nfsd/nfs4proc.c
+++ b/fs/nfsd/nfs4proc.c
@@ -1291,7 +1291,7 @@ static void nfsd4_stop_copy(struct nfsd4_copy *copy)
nfs4_put_copy(copy);
}
-static struct nfsd4_copy *nfsd4_get_copy(struct nfs4_client *clp)
+static struct nfsd4_copy *nfsd4_unhash_copy(struct nfs4_client *clp)
{
struct nfsd4_copy *copy = NULL;
@@ -1300,6 +1300,9 @@ static struct nfsd4_copy *nfsd4_get_copy(struct nfs4_client *clp)
copy = list_first_entry(&clp->async_copies, struct nfsd4_copy,
copies);
refcount_inc(©->refcount);
+ copy->cp_clp = NULL;
+ if (!list_empty(©->copies))
+ list_del_init(©->copies);
}
spin_unlock(&clp->async_lock);
return copy;
@@ -1309,7 +1312,7 @@ void nfsd4_shutdown_copy(struct nfs4_client *clp)
{
struct nfsd4_copy *copy;
- while ((copy = nfsd4_get_copy(clp)) != NULL)
+ while ((copy = nfsd4_unhash_copy(clp)) != NULL)
nfsd4_stop_copy(copy);
}
#ifdef CONFIG_NFSD_V4_2_INTER_SSC
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 545/817] f2fs: clean up val{>>,<<}F2FS_BLKSIZE_BITS
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (543 preceding siblings ...)
2024-12-03 14:41 ` [PATCH 6.11 544/817] NFSD: Fix nfsd4_shutdown_copy() Greg Kroah-Hartman
@ 2024-12-03 14:41 ` Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 546/817] f2fs: fix to do cast in F2FS_{BLK_TO_BYTES, BTYES_TO_BLK} to avoid overflow Greg Kroah-Hartman
` (281 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhiguo Niu, Chao Yu, Jaegeuk Kim,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zhiguo Niu <zhiguo.niu@unisoc.com>
[ Upstream commit 8fb9f31984bdc0aaa1b0f7c7e7a27bd3137f8744 ]
Use F2FS_BYTES_TO_BLK(bytes) and F2FS_BLK_TO_BYTES(blk) for cleanup
Signed-off-by: Zhiguo Niu <zhiguo.niu@unisoc.com>
Reviewed-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Stable-dep-of: 3273d8ad947d ("f2fs: fix to do cast in F2FS_{BLK_TO_BYTES, BTYES_TO_BLK} to avoid overflow")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/f2fs/checkpoint.c | 2 +-
fs/f2fs/debug.c | 2 +-
fs/f2fs/file.c | 6 +++---
fs/f2fs/node.c | 4 ++--
fs/f2fs/super.c | 2 +-
include/linux/f2fs_fs.h | 2 +-
6 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/fs/f2fs/checkpoint.c b/fs/f2fs/checkpoint.c
index 4184755535553..ee8b29745a5b2 100644
--- a/fs/f2fs/checkpoint.c
+++ b/fs/f2fs/checkpoint.c
@@ -1551,7 +1551,7 @@ static int do_checkpoint(struct f2fs_sb_info *sbi, struct cp_control *cpc)
blk = start_blk + BLKS_PER_SEG(sbi) - nm_i->nat_bits_blocks;
for (i = 0; i < nm_i->nat_bits_blocks; i++)
f2fs_update_meta_page(sbi, nm_i->nat_bits +
- (i << F2FS_BLKSIZE_BITS), blk + i);
+ F2FS_BLK_TO_BYTES(i), blk + i);
}
/* write out checkpoint buffer at block 0 */
diff --git a/fs/f2fs/debug.c b/fs/f2fs/debug.c
index 8b0e1e71b6674..546b8ba912613 100644
--- a/fs/f2fs/debug.c
+++ b/fs/f2fs/debug.c
@@ -275,7 +275,7 @@ static void update_mem_info(struct f2fs_sb_info *sbi)
/* build nm */
si->base_mem += sizeof(struct f2fs_nm_info);
si->base_mem += __bitmap_size(sbi, NAT_BITMAP);
- si->base_mem += (NM_I(sbi)->nat_bits_blocks << F2FS_BLKSIZE_BITS);
+ si->base_mem += F2FS_BLK_TO_BYTES(NM_I(sbi)->nat_bits_blocks);
si->base_mem += NM_I(sbi)->nat_blocks *
f2fs_bitmap_size(NAT_ENTRY_PER_BLOCK);
si->base_mem += NM_I(sbi)->nat_blocks / 8;
diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c
index b4047d8092890..5f79d49b22bb8 100644
--- a/fs/f2fs/file.c
+++ b/fs/f2fs/file.c
@@ -3013,9 +3013,9 @@ static int f2fs_move_file_range(struct file *file_in, loff_t pos_in,
}
f2fs_lock_op(sbi);
- ret = __exchange_data_block(src, dst, pos_in >> F2FS_BLKSIZE_BITS,
- pos_out >> F2FS_BLKSIZE_BITS,
- len >> F2FS_BLKSIZE_BITS, false);
+ ret = __exchange_data_block(src, dst, F2FS_BYTES_TO_BLK(pos_in),
+ F2FS_BYTES_TO_BLK(pos_out),
+ F2FS_BYTES_TO_BLK(len), false);
if (!ret) {
if (dst_max_i_size)
diff --git a/fs/f2fs/node.c b/fs/f2fs/node.c
index b72ef96f7e33a..296cd3a0049a7 100644
--- a/fs/f2fs/node.c
+++ b/fs/f2fs/node.c
@@ -3166,7 +3166,7 @@ static int __get_nat_bitmaps(struct f2fs_sb_info *sbi)
nm_i->nat_bits_blocks = F2FS_BLK_ALIGN((nat_bits_bytes << 1) + 8);
nm_i->nat_bits = f2fs_kvzalloc(sbi,
- nm_i->nat_bits_blocks << F2FS_BLKSIZE_BITS, GFP_KERNEL);
+ F2FS_BLK_TO_BYTES(nm_i->nat_bits_blocks), GFP_KERNEL);
if (!nm_i->nat_bits)
return -ENOMEM;
@@ -3185,7 +3185,7 @@ static int __get_nat_bitmaps(struct f2fs_sb_info *sbi)
if (IS_ERR(page))
return PTR_ERR(page);
- memcpy(nm_i->nat_bits + (i << F2FS_BLKSIZE_BITS),
+ memcpy(nm_i->nat_bits + F2FS_BLK_TO_BYTES(i),
page_address(page), F2FS_BLKSIZE);
f2fs_put_page(page, 1);
}
diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c
index bb892d92c5b26..403b5877c748e 100644
--- a/fs/f2fs/super.c
+++ b/fs/f2fs/super.c
@@ -3323,7 +3323,7 @@ loff_t max_file_blocks(struct inode *inode)
* fit within U32_MAX + 1 data units.
*/
- result = min(result, (((loff_t)U32_MAX + 1) * 4096) >> F2FS_BLKSIZE_BITS);
+ result = min(result, F2FS_BYTES_TO_BLK(((loff_t)U32_MAX + 1) * 4096));
return result;
}
diff --git a/include/linux/f2fs_fs.h b/include/linux/f2fs_fs.h
index c68e37201a12a..b0b821edfd97d 100644
--- a/include/linux/f2fs_fs.h
+++ b/include/linux/f2fs_fs.h
@@ -19,7 +19,6 @@
#define F2FS_BLKSIZE_BITS PAGE_SHIFT /* bits for F2FS_BLKSIZE */
#define F2FS_MAX_EXTENSION 64 /* # of extension entries */
#define F2FS_EXTENSION_LEN 8 /* max size of extension */
-#define F2FS_BLK_ALIGN(x) (((x) + F2FS_BLKSIZE - 1) >> F2FS_BLKSIZE_BITS)
#define NULL_ADDR ((block_t)0) /* used as block_t addresses */
#define NEW_ADDR ((block_t)-1) /* used as block_t addresses */
@@ -28,6 +27,7 @@
#define F2FS_BYTES_TO_BLK(bytes) ((bytes) >> F2FS_BLKSIZE_BITS)
#define F2FS_BLK_TO_BYTES(blk) ((blk) << F2FS_BLKSIZE_BITS)
#define F2FS_BLK_END_BYTES(blk) (F2FS_BLK_TO_BYTES(blk + 1) - 1)
+#define F2FS_BLK_ALIGN(x) (F2FS_BYTES_TO_BLK((x) + F2FS_BLKSIZE - 1))
/* 0, 1(node nid), 2(meta nid) are reserved node id */
#define F2FS_RESERVED_NODE_NUM 3
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 546/817] f2fs: fix to do cast in F2FS_{BLK_TO_BYTES, BTYES_TO_BLK} to avoid overflow
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (544 preceding siblings ...)
2024-12-03 14:41 ` [PATCH 6.11 545/817] f2fs: clean up val{>>,<<}F2FS_BLKSIZE_BITS Greg Kroah-Hartman
@ 2024-12-03 14:41 ` Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 547/817] hwmon: (tps23861) Fix reporting of negative temperatures Greg Kroah-Hartman
` (280 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:41 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Chao Yu, Jaegeuk Kim, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chao Yu <chao@kernel.org>
[ Upstream commit 3273d8ad947dea925a65a78ca29e5351c960c801 ]
It missed to cast variable to unsigned long long type before
bit shift, which will cause overflow, fix it.
Fixes: f7ef9b83b583 ("f2fs: introduce macros to convert bytes and blocks in f2fs")
Signed-off-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/f2fs/super.c | 2 +-
include/linux/f2fs_fs.h | 6 +++---
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c
index 403b5877c748e..dc569587e8b96 100644
--- a/fs/f2fs/super.c
+++ b/fs/f2fs/super.c
@@ -3323,7 +3323,7 @@ loff_t max_file_blocks(struct inode *inode)
* fit within U32_MAX + 1 data units.
*/
- result = min(result, F2FS_BYTES_TO_BLK(((loff_t)U32_MAX + 1) * 4096));
+ result = umin(result, F2FS_BYTES_TO_BLK(((loff_t)U32_MAX + 1) * 4096));
return result;
}
diff --git a/include/linux/f2fs_fs.h b/include/linux/f2fs_fs.h
index b0b821edfd97d..3b2ad444c002e 100644
--- a/include/linux/f2fs_fs.h
+++ b/include/linux/f2fs_fs.h
@@ -24,10 +24,10 @@
#define NEW_ADDR ((block_t)-1) /* used as block_t addresses */
#define COMPRESS_ADDR ((block_t)-2) /* used as compressed data flag */
-#define F2FS_BYTES_TO_BLK(bytes) ((bytes) >> F2FS_BLKSIZE_BITS)
-#define F2FS_BLK_TO_BYTES(blk) ((blk) << F2FS_BLKSIZE_BITS)
+#define F2FS_BYTES_TO_BLK(bytes) ((unsigned long long)(bytes) >> F2FS_BLKSIZE_BITS)
+#define F2FS_BLK_TO_BYTES(blk) ((unsigned long long)(blk) << F2FS_BLKSIZE_BITS)
#define F2FS_BLK_END_BYTES(blk) (F2FS_BLK_TO_BYTES(blk + 1) - 1)
-#define F2FS_BLK_ALIGN(x) (F2FS_BYTES_TO_BLK((x) + F2FS_BLKSIZE - 1))
+#define F2FS_BLK_ALIGN(x) (F2FS_BYTES_TO_BLK((x) + F2FS_BLKSIZE - 1))
/* 0, 1(node nid), 2(meta nid) are reserved node id */
#define F2FS_RESERVED_NODE_NUM 3
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 547/817] hwmon: (tps23861) Fix reporting of negative temperatures
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (545 preceding siblings ...)
2024-12-03 14:41 ` [PATCH 6.11 546/817] f2fs: fix to do cast in F2FS_{BLK_TO_BYTES, BTYES_TO_BLK} to avoid overflow Greg Kroah-Hartman
@ 2024-12-03 14:41 ` Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 548/817] hwmon: (aquacomputer_d5next) Fix length of speed_input array Greg Kroah-Hartman
` (279 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Murad Masimov, Guenter Roeck,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Murad Masimov <m.masimov@maxima.ru>
[ Upstream commit de2bf507fabba9c0c678cf5ed54beb546f5ca29a ]
Negative temperatures are reported as large positive temperatures
due to missing sign extension from unsigned int to long. Cast unsigned
raw register values to signed before performing the calculations
to fix the problem.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: fff7b8ab2255 ("hwmon: add Texas Instruments TPS23861 driver")
Signed-off-by: Murad Masimov <m.masimov@maxima.ru>
Message-ID: <20241121173604.2021-1-m.masimov@maxima.ru>
[groeck: Updated subject and description]
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hwmon/tps23861.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/hwmon/tps23861.c b/drivers/hwmon/tps23861.c
index dfcfb09d9f3cd..80fb03f30c302 100644
--- a/drivers/hwmon/tps23861.c
+++ b/drivers/hwmon/tps23861.c
@@ -132,7 +132,7 @@ static int tps23861_read_temp(struct tps23861_data *data, long *val)
if (err < 0)
return err;
- *val = (regval * TEMPERATURE_LSB) - 20000;
+ *val = ((long)regval * TEMPERATURE_LSB) - 20000;
return 0;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 548/817] hwmon: (aquacomputer_d5next) Fix length of speed_input array
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (546 preceding siblings ...)
2024-12-03 14:41 ` [PATCH 6.11 547/817] hwmon: (tps23861) Fix reporting of negative temperatures Greg Kroah-Hartman
@ 2024-12-03 14:42 ` Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 549/817] phy: airoha: Fix REG_CSR_2L_PLL_CMN_RESERVE0 config in airoha_pcie_phy_init_clk_out() Greg Kroah-Hartman
` (278 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Arne Schwabe, Aleksa Savic,
Guenter Roeck, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Aleksa Savic <savicaleksa83@gmail.com>
[ Upstream commit 998b5a78a9ce1cc4378e7281e4ea310e37596170 ]
Commit 120584c728a6 ("hwmon: (aquacomputer_d5next) Add support for Octo
flow sensor") added support for reading Octo flow sensor, but didn't
update the priv->speed_input array length. Since Octo has 8 fans, with
the addition of the flow sensor the proper length for speed_input is 9.
Reported by Arne Schwabe on Github [1], who received a UBSAN warning.
Fixes: 120584c728a6 ("hwmon: (aquacomputer_d5next) Add support for Octo flow sensor")
Closes: https://github.com/aleksamagicka/aquacomputer_d5next-hwmon/issues/100 [1]
Reported-by: Arne Schwabe <arne@rfc2549.org>
Signed-off-by: Aleksa Savic <savicaleksa83@gmail.com>
Message-ID: <20241124152725.7205-1-savicaleksa83@gmail.com>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hwmon/aquacomputer_d5next.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/hwmon/aquacomputer_d5next.c b/drivers/hwmon/aquacomputer_d5next.c
index 8e55cd2f46f53..a72315a08f161 100644
--- a/drivers/hwmon/aquacomputer_d5next.c
+++ b/drivers/hwmon/aquacomputer_d5next.c
@@ -597,7 +597,7 @@ struct aqc_data {
/* Sensor values */
s32 temp_input[20]; /* Max 4 physical and 16 virtual or 8 physical and 12 virtual */
- s32 speed_input[8];
+ s32 speed_input[9];
u32 speed_input_min[1];
u32 speed_input_target[1];
u32 speed_input_max[1];
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 549/817] phy: airoha: Fix REG_CSR_2L_PLL_CMN_RESERVE0 config in airoha_pcie_phy_init_clk_out()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (547 preceding siblings ...)
2024-12-03 14:42 ` [PATCH 6.11 548/817] hwmon: (aquacomputer_d5next) Fix length of speed_input array Greg Kroah-Hartman
@ 2024-12-03 14:42 ` Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 550/817] phy: airoha: Fix REG_PCIE_PMA_TX_RESET config in airoha_pcie_phy_init_csr_2l() Greg Kroah-Hartman
` (277 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Lorenzo Bianconi, Vinod Koul,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Lorenzo Bianconi <lorenzo@kernel.org>
[ Upstream commit 09a19fb75498985cbb598f1fa43a7d2416925c30 ]
Fix typo configuring REG_CSR_2L_PLL_CMN_RESERVE0 register in
airoha_pcie_phy_init_clk_out routine.
Fixes: d7d2818b9383 ("phy: airoha: Add PCIe PHY driver for EN7581 SoC.")
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Link: https://lore.kernel.org/r/20240918-airoha-en7581-phy-fixes-v1-1-8291729a87f8@kernel.org
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/phy/phy-airoha-pcie.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/phy/phy-airoha-pcie.c b/drivers/phy/phy-airoha-pcie.c
index bd3edaa986c8b..3113be0a0e5b6 100644
--- a/drivers/phy/phy-airoha-pcie.c
+++ b/drivers/phy/phy-airoha-pcie.c
@@ -456,7 +456,7 @@ static void airoha_pcie_phy_init_clk_out(struct airoha_pcie_phy *pcie_phy)
airoha_phy_csr_2l_clear_bits(pcie_phy, REG_CSR_2L_CLKTX1_OFFSET,
CSR_2L_PXP_CLKTX1_SR);
airoha_phy_csr_2l_update_field(pcie_phy, REG_CSR_2L_PLL_CMN_RESERVE0,
- CSR_2L_PXP_PLL_RESERVE_MASK, 0xdd);
+ CSR_2L_PXP_PLL_RESERVE_MASK, 0xd0d);
}
static void airoha_pcie_phy_init_csr_2l(struct airoha_pcie_phy *pcie_phy)
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 550/817] phy: airoha: Fix REG_PCIE_PMA_TX_RESET config in airoha_pcie_phy_init_csr_2l()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (548 preceding siblings ...)
2024-12-03 14:42 ` [PATCH 6.11 549/817] phy: airoha: Fix REG_CSR_2L_PLL_CMN_RESERVE0 config in airoha_pcie_phy_init_clk_out() Greg Kroah-Hartman
@ 2024-12-03 14:42 ` Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 551/817] phy: airoha: Fix REG_CSR_2L_JCPLL_SDM_HREN config in airoha_pcie_phy_init_ssc_jcpll() Greg Kroah-Hartman
` (276 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Lorenzo Bianconi, Vinod Koul,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Lorenzo Bianconi <lorenzo@kernel.org>
[ Upstream commit f9c5d6369d3e8e36b7beb15e86b1ef0911ace85f ]
Fix typos configuring REG_PCIE_PMA_TX_RESET register in
airoha_pcie_phy_init_csr_2l routine for lane0 and lane1
Fixes: d7d2818b9383 ("phy: airoha: Add PCIe PHY driver for EN7581 SoC.")
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Link: https://lore.kernel.org/r/20240918-airoha-en7581-phy-fixes-v1-2-8291729a87f8@kernel.org
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/phy/phy-airoha-pcie.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/phy/phy-airoha-pcie.c b/drivers/phy/phy-airoha-pcie.c
index 3113be0a0e5b6..3e5f49d9942a6 100644
--- a/drivers/phy/phy-airoha-pcie.c
+++ b/drivers/phy/phy-airoha-pcie.c
@@ -468,9 +468,9 @@ static void airoha_pcie_phy_init_csr_2l(struct airoha_pcie_phy *pcie_phy)
PCIE_SW_XFI_RXPCS_RST | PCIE_SW_REF_RST |
PCIE_SW_RX_RST);
airoha_phy_pma0_set_bits(pcie_phy, REG_PCIE_PMA_TX_RESET,
- PCIE_TX_TOP_RST | REG_PCIE_PMA_TX_RESET);
+ PCIE_TX_TOP_RST | PCIE_TX_CAL_RST);
airoha_phy_pma1_set_bits(pcie_phy, REG_PCIE_PMA_TX_RESET,
- PCIE_TX_TOP_RST | REG_PCIE_PMA_TX_RESET);
+ PCIE_TX_TOP_RST | PCIE_TX_CAL_RST);
}
static void airoha_pcie_phy_init_rx(struct airoha_pcie_phy *pcie_phy)
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 551/817] phy: airoha: Fix REG_CSR_2L_JCPLL_SDM_HREN config in airoha_pcie_phy_init_ssc_jcpll()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (549 preceding siblings ...)
2024-12-03 14:42 ` [PATCH 6.11 550/817] phy: airoha: Fix REG_PCIE_PMA_TX_RESET config in airoha_pcie_phy_init_csr_2l() Greg Kroah-Hartman
@ 2024-12-03 14:42 ` Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 552/817] phy: airoha: Fix REG_CSR_2L_RX{0,1}_REV0 definitions Greg Kroah-Hartman
` (275 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Lorenzo Bianconi, Vinod Koul,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Lorenzo Bianconi <lorenzo@kernel.org>
[ Upstream commit 6fd016c965d241673a2e62afbf9eeb4bcbfbbe45 ]
Fix typo configuring REG_CSR_2L_JCPLL_SDM_HREN register in
airoha_pcie_phy_init_ssc_jcpll routine.
Fixes: d7d2818b9383 ("phy: airoha: Add PCIe PHY driver for EN7581 SoC.")
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Link: https://lore.kernel.org/r/20240918-airoha-en7581-phy-fixes-v1-3-8291729a87f8@kernel.org
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/phy/phy-airoha-pcie.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/phy/phy-airoha-pcie.c b/drivers/phy/phy-airoha-pcie.c
index 3e5f49d9942a6..9d222898760bc 100644
--- a/drivers/phy/phy-airoha-pcie.c
+++ b/drivers/phy/phy-airoha-pcie.c
@@ -799,7 +799,7 @@ static void airoha_pcie_phy_init_ssc_jcpll(struct airoha_pcie_phy *pcie_phy)
airoha_phy_csr_2l_set_bits(pcie_phy, REG_CSR_2L_JCPLL_SDM_IFM,
CSR_2L_PXP_JCPLL_SDM_IFM);
airoha_phy_csr_2l_set_bits(pcie_phy, REG_CSR_2L_JCPLL_SDM_HREN,
- REG_CSR_2L_JCPLL_SDM_HREN);
+ CSR_2L_PXP_JCPLL_SDM_HREN);
airoha_phy_csr_2l_clear_bits(pcie_phy, REG_CSR_2L_JCPLL_RST_DLY,
CSR_2L_PXP_JCPLL_SDM_DI_EN);
airoha_phy_csr_2l_set_bits(pcie_phy, REG_CSR_2L_JCPLL_SSC,
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 552/817] phy: airoha: Fix REG_CSR_2L_RX{0,1}_REV0 definitions
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (550 preceding siblings ...)
2024-12-03 14:42 ` [PATCH 6.11 551/817] phy: airoha: Fix REG_CSR_2L_JCPLL_SDM_HREN config in airoha_pcie_phy_init_ssc_jcpll() Greg Kroah-Hartman
@ 2024-12-03 14:42 ` Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 553/817] vdpa/mlx5: Fix suboptimal range on iotlb iteration Greg Kroah-Hartman
` (274 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Lorenzo Bianconi, Vinod Koul,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Lorenzo Bianconi <lorenzo@kernel.org>
[ Upstream commit e56272f2bb8314eb13b0eb0a4e8055831c700255 ]
Fix the following register definitions for REG_CSR_2L_RX{0,1}_REV0
registers:
- CSR_2L_PXP_VOS_PNINV
- CSR_2L_PXP_FE_GAIN_NORMAL_MODE
- CSR_2L_PXP_FE_GAIN_TRAIN_MODE
Fixes: d7d2818b9383 ("phy: airoha: Add PCIe PHY driver for EN7581 SoC.")
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Link: https://lore.kernel.org/r/20240918-airoha-en7581-phy-fixes-v1-4-8291729a87f8@kernel.org
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/phy/phy-airoha-pcie-regs.h | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/phy/phy-airoha-pcie-regs.h b/drivers/phy/phy-airoha-pcie-regs.h
index bb1f679ca1dfa..b938a7b468fee 100644
--- a/drivers/phy/phy-airoha-pcie-regs.h
+++ b/drivers/phy/phy-airoha-pcie-regs.h
@@ -197,9 +197,9 @@
#define CSR_2L_PXP_TX1_MULTLANE_EN BIT(0)
#define REG_CSR_2L_RX0_REV0 0x00fc
-#define CSR_2L_PXP_VOS_PNINV GENMASK(3, 2)
-#define CSR_2L_PXP_FE_GAIN_NORMAL_MODE GENMASK(6, 4)
-#define CSR_2L_PXP_FE_GAIN_TRAIN_MODE GENMASK(10, 8)
+#define CSR_2L_PXP_VOS_PNINV GENMASK(19, 18)
+#define CSR_2L_PXP_FE_GAIN_NORMAL_MODE GENMASK(22, 20)
+#define CSR_2L_PXP_FE_GAIN_TRAIN_MODE GENMASK(26, 24)
#define REG_CSR_2L_RX0_PHYCK_DIV 0x0100
#define CSR_2L_PXP_RX0_PHYCK_SEL GENMASK(9, 8)
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 553/817] vdpa/mlx5: Fix suboptimal range on iotlb iteration
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (551 preceding siblings ...)
2024-12-03 14:42 ` [PATCH 6.11 552/817] phy: airoha: Fix REG_CSR_2L_RX{0,1}_REV0 definitions Greg Kroah-Hartman
@ 2024-12-03 14:42 ` Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 554/817] vfio/mlx5: Fix an unwind issue in mlx5vf_add_migration_pages() Greg Kroah-Hartman
` (273 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Si-Wei Liu, Dragos Tatulea,
Michael S. Tsirkin, Jason Wang, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Si-Wei Liu <si-wei.liu@oracle.com>
[ Upstream commit 35025963326e44d8bced3eecd42d2f040f4f0024 ]
The starting iova address to iterate iotlb map entry within a range
was set to an irrelevant value when passing to the itree_next()
iterator, although luckily it doesn't affect the outcome of finding
out the granule of the smallest iotlb map size. Fix the code to make
it consistent with the following for-loop.
Fixes: 94abbccdf291 ("vdpa/mlx5: Add shared memory registration code")
Signed-off-by: Si-Wei Liu <si-wei.liu@oracle.com>
Signed-off-by: Dragos Tatulea <dtatulea@nvidia.com>
Message-Id: <20241021134040.975221-3-dtatulea@nvidia.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/vdpa/mlx5/core/mr.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/drivers/vdpa/mlx5/core/mr.c b/drivers/vdpa/mlx5/core/mr.c
index f1da0b7e08e9e..906b39f2c4be4 100644
--- a/drivers/vdpa/mlx5/core/mr.c
+++ b/drivers/vdpa/mlx5/core/mr.c
@@ -227,7 +227,6 @@ static int map_direct_mr(struct mlx5_vdpa_dev *mvdev, struct mlx5_vdpa_direct_mr
unsigned long lgcd = 0;
int log_entity_size;
unsigned long size;
- u64 start = 0;
int err;
struct page *pg;
unsigned int nsg;
@@ -238,10 +237,9 @@ static int map_direct_mr(struct mlx5_vdpa_dev *mvdev, struct mlx5_vdpa_direct_mr
struct device *dma = mvdev->vdev.dma_dev;
for (map = vhost_iotlb_itree_first(iotlb, mr->start, mr->end - 1);
- map; map = vhost_iotlb_itree_next(map, start, mr->end - 1)) {
+ map; map = vhost_iotlb_itree_next(map, mr->start, mr->end - 1)) {
size = maplen(map, mr);
lgcd = gcd(lgcd, size);
- start += size;
}
log_entity_size = ilog2(lgcd);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 554/817] vfio/mlx5: Fix an unwind issue in mlx5vf_add_migration_pages()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (552 preceding siblings ...)
2024-12-03 14:42 ` [PATCH 6.11 553/817] vdpa/mlx5: Fix suboptimal range on iotlb iteration Greg Kroah-Hartman
@ 2024-12-03 14:42 ` Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 555/817] vfio/mlx5: Fix unwind flows in mlx5vf_pci_save/resume_device_data() Greg Kroah-Hartman
` (272 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yishai Hadas, Jason Gunthorpe,
Alex Williamson, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yishai Hadas <yishaih@nvidia.com>
[ Upstream commit 22e87bf3f77c18f5982c19ffe2732ef0c7a25f16 ]
Fix an unwind issue in mlx5vf_add_migration_pages().
If a set of pages is allocated but fails to be added to the SG table,
they need to be freed to prevent a memory leak.
Any pages successfully added to the SG table will be freed as part of
mlx5vf_free_data_buffer().
Fixes: 6fadb021266d ("vfio/mlx5: Implement vfio_pci driver for mlx5 devices")
Signed-off-by: Yishai Hadas <yishaih@nvidia.com>
Reviewed-by: Jason Gunthorpe <jgg@nvidia.com>
Link: https://lore.kernel.org/r/20241114095318.16556-2-yishaih@nvidia.com
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/vfio/pci/mlx5/cmd.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/vfio/pci/mlx5/cmd.c b/drivers/vfio/pci/mlx5/cmd.c
index 41a4b0cf42975..7527e277c8989 100644
--- a/drivers/vfio/pci/mlx5/cmd.c
+++ b/drivers/vfio/pci/mlx5/cmd.c
@@ -423,6 +423,7 @@ static int mlx5vf_add_migration_pages(struct mlx5_vhca_data_buffer *buf,
unsigned long filled;
unsigned int to_fill;
int ret;
+ int i;
to_fill = min_t(unsigned int, npages, PAGE_SIZE / sizeof(*page_list));
page_list = kvzalloc(to_fill * sizeof(*page_list), GFP_KERNEL_ACCOUNT);
@@ -443,7 +444,7 @@ static int mlx5vf_add_migration_pages(struct mlx5_vhca_data_buffer *buf,
GFP_KERNEL_ACCOUNT);
if (ret)
- goto err;
+ goto err_append;
buf->allocated_length += filled * PAGE_SIZE;
/* clean input for another bulk allocation */
memset(page_list, 0, filled * sizeof(*page_list));
@@ -454,6 +455,9 @@ static int mlx5vf_add_migration_pages(struct mlx5_vhca_data_buffer *buf,
kvfree(page_list);
return 0;
+err_append:
+ for (i = filled - 1; i >= 0; i--)
+ __free_page(page_list[i]);
err:
kvfree(page_list);
return ret;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 555/817] vfio/mlx5: Fix unwind flows in mlx5vf_pci_save/resume_device_data()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (553 preceding siblings ...)
2024-12-03 14:42 ` [PATCH 6.11 554/817] vfio/mlx5: Fix an unwind issue in mlx5vf_add_migration_pages() Greg Kroah-Hartman
@ 2024-12-03 14:42 ` Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 556/817] selftests/mount_setattr: Fix failures on 64K PAGE_SIZE kernels Greg Kroah-Hartman
` (271 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yishai Hadas, Jason Gunthorpe,
Alex Williamson, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yishai Hadas <yishaih@nvidia.com>
[ Upstream commit cb04444c243c001fc27f275e84792ff1c2b96867 ]
Fix unwind flows in mlx5vf_pci_save_device_data() and
mlx5vf_pci_resume_device_data() to avoid freeing the migf pointer at the
'end' label, as this will be handled by fput(migf->filp) through
mlx5vf_release_file().
To ensure mlx5vf_release_file() functions correctly, move the
initialization of migf fields (such as migf->lock) to occur before any
potential unwind flow, as these fields may be accessed within
mlx5vf_release_file().
Fixes: 9945a67ea4b3 ("vfio/mlx5: Refactor PD usage")
Signed-off-by: Yishai Hadas <yishaih@nvidia.com>
Reviewed-by: Jason Gunthorpe <jgg@nvidia.com>
Link: https://lore.kernel.org/r/20241114095318.16556-3-yishaih@nvidia.com
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/vfio/pci/mlx5/main.c | 35 +++++++++++++++++------------------
1 file changed, 17 insertions(+), 18 deletions(-)
diff --git a/drivers/vfio/pci/mlx5/main.c b/drivers/vfio/pci/mlx5/main.c
index 61d9b0f9146d1..8de6037c88194 100644
--- a/drivers/vfio/pci/mlx5/main.c
+++ b/drivers/vfio/pci/mlx5/main.c
@@ -641,14 +641,11 @@ mlx5vf_pci_save_device_data(struct mlx5vf_pci_core_device *mvdev, bool track)
O_RDONLY);
if (IS_ERR(migf->filp)) {
ret = PTR_ERR(migf->filp);
- goto end;
+ kfree(migf);
+ return ERR_PTR(ret);
}
migf->mvdev = mvdev;
- ret = mlx5vf_cmd_alloc_pd(migf);
- if (ret)
- goto out_free;
-
stream_open(migf->filp->f_inode, migf->filp);
mutex_init(&migf->lock);
init_waitqueue_head(&migf->poll_wait);
@@ -664,6 +661,11 @@ mlx5vf_pci_save_device_data(struct mlx5vf_pci_core_device *mvdev, bool track)
INIT_LIST_HEAD(&migf->buf_list);
INIT_LIST_HEAD(&migf->avail_list);
spin_lock_init(&migf->list_lock);
+
+ ret = mlx5vf_cmd_alloc_pd(migf);
+ if (ret)
+ goto out;
+
ret = mlx5vf_cmd_query_vhca_migration_state(mvdev, &length, &full_size, 0);
if (ret)
goto out_pd;
@@ -693,10 +695,8 @@ mlx5vf_pci_save_device_data(struct mlx5vf_pci_core_device *mvdev, bool track)
mlx5vf_free_data_buffer(buf);
out_pd:
mlx5fv_cmd_clean_migf_resources(migf);
-out_free:
+out:
fput(migf->filp);
-end:
- kfree(migf);
return ERR_PTR(ret);
}
@@ -1018,13 +1018,19 @@ mlx5vf_pci_resume_device_data(struct mlx5vf_pci_core_device *mvdev)
O_WRONLY);
if (IS_ERR(migf->filp)) {
ret = PTR_ERR(migf->filp);
- goto end;
+ kfree(migf);
+ return ERR_PTR(ret);
}
+ stream_open(migf->filp->f_inode, migf->filp);
+ mutex_init(&migf->lock);
+ INIT_LIST_HEAD(&migf->buf_list);
+ INIT_LIST_HEAD(&migf->avail_list);
+ spin_lock_init(&migf->list_lock);
migf->mvdev = mvdev;
ret = mlx5vf_cmd_alloc_pd(migf);
if (ret)
- goto out_free;
+ goto out;
buf = mlx5vf_alloc_data_buffer(migf, 0, DMA_TO_DEVICE);
if (IS_ERR(buf)) {
@@ -1043,20 +1049,13 @@ mlx5vf_pci_resume_device_data(struct mlx5vf_pci_core_device *mvdev)
migf->buf_header[0] = buf;
migf->load_state = MLX5_VF_LOAD_STATE_READ_HEADER;
- stream_open(migf->filp->f_inode, migf->filp);
- mutex_init(&migf->lock);
- INIT_LIST_HEAD(&migf->buf_list);
- INIT_LIST_HEAD(&migf->avail_list);
- spin_lock_init(&migf->list_lock);
return migf;
out_buf:
mlx5vf_free_data_buffer(migf->buf[0]);
out_pd:
mlx5vf_cmd_dealloc_pd(migf);
-out_free:
+out:
fput(migf->filp);
-end:
- kfree(migf);
return ERR_PTR(ret);
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 556/817] selftests/mount_setattr: Fix failures on 64K PAGE_SIZE kernels
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (554 preceding siblings ...)
2024-12-03 14:42 ` [PATCH 6.11 555/817] vfio/mlx5: Fix unwind flows in mlx5vf_pci_save/resume_device_data() Greg Kroah-Hartman
@ 2024-12-03 14:42 ` Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 557/817] gpio: zevio: Add missed label initialisation Greg Kroah-Hartman
` (270 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Michael Ellerman,
Ritesh Harjani (IBM), Christian Brauner, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michael Ellerman <mpe@ellerman.id.au>
[ Upstream commit f13242a46438e690067a4bf47068fde4d5719947 ]
Currently the mount_setattr_test fails on machines with a 64K PAGE_SIZE,
with errors such as:
# RUN mount_setattr_idmapped.invalid_fd_negative ...
mkfs.ext4: No space left on device while writing out and closing file system
# mount_setattr_test.c:1055:invalid_fd_negative:Expected system("mkfs.ext4 -q /mnt/C/ext4.img") (256) == 0 (0)
# invalid_fd_negative: Test terminated by assertion
# FAIL mount_setattr_idmapped.invalid_fd_negative
not ok 12 mount_setattr_idmapped.invalid_fd_negative
The code creates a 100,000 byte tmpfs:
ASSERT_EQ(mount("testing", "/mnt", "tmpfs", MS_NOATIME | MS_NODEV,
"size=100000,mode=700"), 0);
And then a little later creates a 2MB ext4 filesystem in that tmpfs:
ASSERT_EQ(ftruncate(img_fd, 1024 * 2048), 0);
ASSERT_EQ(system("mkfs.ext4 -q /mnt/C/ext4.img"), 0);
At first glance it seems like that should never work, after all 2MB is
larger than 100,000 bytes. However the filesystem image doesn't actually
occupy 2MB on "disk" (actually RAM, due to tmpfs). On 4K kernels the
ext4.img uses ~84KB of actual space (according to du), which just fits.
However on 64K PAGE_SIZE kernels the ext4.img takes at least 256KB,
which is too large to fit in the tmpfs, hence the errors.
It seems fraught to rely on the ext4.img taking less space on disk than
the allocated size, so instead create the tmpfs with a size of 2MB. With
that all 21 tests pass on 64K PAGE_SIZE kernels.
Fixes: 01eadc8dd96d ("tests: add mount_setattr() selftests")
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20241115134114.1219555-1-mpe@ellerman.id.au
Reviewed-by: Ritesh Harjani (IBM) <ritesh.list@gmail.com>
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/mount_setattr/mount_setattr_test.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/testing/selftests/mount_setattr/mount_setattr_test.c b/tools/testing/selftests/mount_setattr/mount_setattr_test.c
index c6a8c732b8021..304e6422a1f1c 100644
--- a/tools/testing/selftests/mount_setattr/mount_setattr_test.c
+++ b/tools/testing/selftests/mount_setattr/mount_setattr_test.c
@@ -1026,7 +1026,7 @@ FIXTURE_SETUP(mount_setattr_idmapped)
"size=100000,mode=700"), 0);
ASSERT_EQ(mount("testing", "/mnt", "tmpfs", MS_NOATIME | MS_NODEV,
- "size=100000,mode=700"), 0);
+ "size=2m,mode=700"), 0);
ASSERT_EQ(mkdir("/mnt/A", 0777), 0);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 557/817] gpio: zevio: Add missed label initialisation
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (555 preceding siblings ...)
2024-12-03 14:42 ` [PATCH 6.11 556/817] selftests/mount_setattr: Fix failures on 64K PAGE_SIZE kernels Greg Kroah-Hartman
@ 2024-12-03 14:42 ` Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 558/817] vfio/pci: Properly hide first-in-list PCIe extended capability Greg Kroah-Hartman
` (269 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Andy Shevchenko, Bartosz Golaszewski,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
[ Upstream commit 5bbed54ba66925ebca19092d0750630f943d7bf2 ]
Initialise the GPIO chip label correctly as it was done by
of_mm_gpiochip_add_data() before the below mentioned change.
Fixes: cf8f4462e5fa ("gpio: zevio: drop of_gpio.h header")
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Link: https://lore.kernel.org/r/20241118092729.516736-1-andriy.shevchenko@linux.intel.com
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpio/gpio-zevio.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/gpio/gpio-zevio.c b/drivers/gpio/gpio-zevio.c
index 2de61337ad3b5..d7230fd83f5d6 100644
--- a/drivers/gpio/gpio-zevio.c
+++ b/drivers/gpio/gpio-zevio.c
@@ -11,6 +11,7 @@
#include <linux/io.h>
#include <linux/mod_devicetable.h>
#include <linux/platform_device.h>
+#include <linux/property.h>
#include <linux/slab.h>
#include <linux/spinlock.h>
@@ -169,6 +170,7 @@ static const struct gpio_chip zevio_gpio_chip = {
/* Initialization */
static int zevio_gpio_probe(struct platform_device *pdev)
{
+ struct device *dev = &pdev->dev;
struct zevio_gpio *controller;
int status, i;
@@ -180,6 +182,10 @@ static int zevio_gpio_probe(struct platform_device *pdev)
controller->chip = zevio_gpio_chip;
controller->chip.parent = &pdev->dev;
+ controller->chip.label = devm_kasprintf(dev, GFP_KERNEL, "%pfw", dev_fwnode(dev));
+ if (!controller->chip.label)
+ return -ENOMEM;
+
controller->regs = devm_platform_ioremap_resource(pdev, 0);
if (IS_ERR(controller->regs))
return dev_err_probe(&pdev->dev, PTR_ERR(controller->regs),
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 558/817] vfio/pci: Properly hide first-in-list PCIe extended capability
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (556 preceding siblings ...)
2024-12-03 14:42 ` [PATCH 6.11 557/817] gpio: zevio: Add missed label initialisation Greg Kroah-Hartman
@ 2024-12-03 14:42 ` Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 559/817] fs_parser: update mount_api doc to match function signature Greg Kroah-Hartman
` (268 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Avihai Horon, Yi Liu,
Alex Williamson, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Avihai Horon <avihaih@nvidia.com>
[ Upstream commit fe4bf8d0b6716a423b16495d55b35d3fe515905d ]
There are cases where a PCIe extended capability should be hidden from
the user. For example, an unknown capability (i.e., capability with ID
greater than PCI_EXT_CAP_ID_MAX) or a capability that is intentionally
chosen to be hidden from the user.
Hiding a capability is done by virtualizing and modifying the 'Next
Capability Offset' field of the previous capability so it points to the
capability after the one that should be hidden.
The special case where the first capability in the list should be hidden
is handled differently because there is no previous capability that can
be modified. In this case, the capability ID and version are zeroed
while leaving the next pointer intact. This hides the capability and
leaves an anchor for the rest of the capability list.
However, today, hiding the first capability in the list is not done
properly if the capability is unknown, as struct
vfio_pci_core_device->pci_config_map is set to the capability ID during
initialization but the capability ID is not properly checked later when
used in vfio_config_do_rw(). This leads to the following warning [1] and
to an out-of-bounds access to ecap_perms array.
Fix it by checking cap_id in vfio_config_do_rw(), and if it is greater
than PCI_EXT_CAP_ID_MAX, use an alternative struct perm_bits for direct
read only access instead of the ecap_perms array.
Note that this is safe since the above is the only case where cap_id can
exceed PCI_EXT_CAP_ID_MAX (except for the special capabilities, which
are already checked before).
[1]
WARNING: CPU: 118 PID: 5329 at drivers/vfio/pci/vfio_pci_config.c:1900 vfio_pci_config_rw+0x395/0x430 [vfio_pci_core]
CPU: 118 UID: 0 PID: 5329 Comm: simx-qemu-syste Not tainted 6.12.0+ #1
(snip)
Call Trace:
<TASK>
? show_regs+0x69/0x80
? __warn+0x8d/0x140
? vfio_pci_config_rw+0x395/0x430 [vfio_pci_core]
? report_bug+0x18f/0x1a0
? handle_bug+0x63/0xa0
? exc_invalid_op+0x19/0x70
? asm_exc_invalid_op+0x1b/0x20
? vfio_pci_config_rw+0x395/0x430 [vfio_pci_core]
? vfio_pci_config_rw+0x244/0x430 [vfio_pci_core]
vfio_pci_rw+0x101/0x1b0 [vfio_pci_core]
vfio_pci_core_read+0x1d/0x30 [vfio_pci_core]
vfio_device_fops_read+0x27/0x40 [vfio]
vfs_read+0xbd/0x340
? vfio_device_fops_unl_ioctl+0xbb/0x740 [vfio]
? __rseq_handle_notify_resume+0xa4/0x4b0
__x64_sys_pread64+0x96/0xc0
x64_sys_call+0x1c3d/0x20d0
do_syscall_64+0x4d/0x120
entry_SYSCALL_64_after_hwframe+0x76/0x7e
Fixes: 89e1f7d4c66d ("vfio: Add PCI device driver")
Signed-off-by: Avihai Horon <avihaih@nvidia.com>
Reviewed-by: Yi Liu <yi.l.liu@intel.com>
Tested-by: Yi Liu <yi.l.liu@intel.com>
Link: https://lore.kernel.org/r/20241124142739.21698-1-avihaih@nvidia.com
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/vfio/pci/vfio_pci_config.c | 16 ++++++++++++++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git a/drivers/vfio/pci/vfio_pci_config.c b/drivers/vfio/pci/vfio_pci_config.c
index 97422aafaa7b5..ea2745c1ac5e6 100644
--- a/drivers/vfio/pci/vfio_pci_config.c
+++ b/drivers/vfio/pci/vfio_pci_config.c
@@ -313,6 +313,10 @@ static int vfio_virt_config_read(struct vfio_pci_core_device *vdev, int pos,
return count;
}
+static struct perm_bits direct_ro_perms = {
+ .readfn = vfio_direct_config_read,
+};
+
/* Default capability regions to read-only, no-virtualization */
static struct perm_bits cap_perms[PCI_CAP_ID_MAX + 1] = {
[0 ... PCI_CAP_ID_MAX] = { .readfn = vfio_direct_config_read }
@@ -1897,9 +1901,17 @@ static ssize_t vfio_config_do_rw(struct vfio_pci_core_device *vdev, char __user
cap_start = *ppos;
} else {
if (*ppos >= PCI_CFG_SPACE_SIZE) {
- WARN_ON(cap_id > PCI_EXT_CAP_ID_MAX);
+ /*
+ * We can get a cap_id that exceeds PCI_EXT_CAP_ID_MAX
+ * if we're hiding an unknown capability at the start
+ * of the extended capability list. Use default, ro
+ * access, which will virtualize the id and next values.
+ */
+ if (cap_id > PCI_EXT_CAP_ID_MAX)
+ perm = &direct_ro_perms;
+ else
+ perm = &ecap_perms[cap_id];
- perm = &ecap_perms[cap_id];
cap_start = vfio_find_cap_start(vdev, *ppos);
} else {
WARN_ON(cap_id > PCI_CAP_ID_MAX);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 559/817] fs_parser: update mount_api doc to match function signature
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (557 preceding siblings ...)
2024-12-03 14:42 ` [PATCH 6.11 558/817] vfio/pci: Properly hide first-in-list PCIe extended capability Greg Kroah-Hartman
@ 2024-12-03 14:42 ` Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 560/817] LoongArch: Fix build failure with GCC 15 (-std=gnu23) Greg Kroah-Hartman
` (267 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Randy Dunlap, Eric Sandeen,
David Howells, Al Viro, Christian Brauner, Jan Kara,
Jonathan Corbet, linux-doc, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit c66f759832a83cb273ba5a55c66dcc99384efa74 ]
Add the missing 'name' parameter to the mount_api documentation for
fs_validate_description().
Fixes: 96cafb9ccb15 ("fs_parser: remove fs_parameter_description name field")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Link: https://lore.kernel.org/r/20241125215021.231758-1-rdunlap@infradead.org
Cc: Eric Sandeen <sandeen@redhat.com>
Cc: David Howells <dhowells@redhat.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Christian Brauner <brauner@kernel.org>
Cc: Jan Kara <jack@suse.cz>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: linux-doc@vger.kernel.org
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
Documentation/filesystems/mount_api.rst | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/Documentation/filesystems/mount_api.rst b/Documentation/filesystems/mount_api.rst
index 317934c9e8fca..d92c276f1575a 100644
--- a/Documentation/filesystems/mount_api.rst
+++ b/Documentation/filesystems/mount_api.rst
@@ -770,7 +770,8 @@ process the parameters it is given.
* ::
- bool fs_validate_description(const struct fs_parameter_description *desc);
+ bool fs_validate_description(const char *name,
+ const struct fs_parameter_description *desc);
This performs some validation checks on a parameter description. It
returns true if the description is good and false if it is not. It will
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 560/817] LoongArch: Fix build failure with GCC 15 (-std=gnu23)
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (558 preceding siblings ...)
2024-12-03 14:42 ` [PATCH 6.11 559/817] fs_parser: update mount_api doc to match function signature Greg Kroah-Hartman
@ 2024-12-03 14:42 ` Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 561/817] LoongArch: BPF: Sign-extend return values Greg Kroah-Hartman
` (266 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:42 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Tiezhu Yang, Huacai Chen,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tiezhu Yang <yangtiezhu@loongson.cn>
[ Upstream commit 947d5d036c788156f09e83e7f16322ffe8124384 ]
Whenever I try to build the kernel with upcoming GCC 15 which defaults
to -std=gnu23 I get a build failure:
CC arch/loongarch/vdso/vgetcpu.o
In file included from ./include/uapi/linux/posix_types.h:5,
from ./include/uapi/linux/types.h:14,
from ./include/linux/types.h:6,
from ./include/linux/kasan-checks.h:5,
from ./include/asm-generic/rwonce.h:26,
from ./arch/loongarch/include/generated/asm/rwonce.h:1,
from ./include/linux/compiler.h:317,
from ./include/asm-generic/bug.h:5,
from ./arch/loongarch/include/asm/bug.h:60,
from ./include/linux/bug.h:5,
from ./include/linux/mmdebug.h:5,
from ./include/linux/mm.h:6,
from ./arch/loongarch/include/asm/vdso.h:10,
from arch/loongarch/vdso/vgetcpu.c:6:
./include/linux/stddef.h:11:9: error: expected identifier before 'false'
11 | false = 0,
| ^~~~~
./include/linux/types.h:35:33: error: two or more data types in declaration specifiers
35 | typedef _Bool bool;
| ^~~~
./include/linux/types.h:35:1: warning: useless type name in empty declaration
35 | typedef _Bool bool;
| ^~~~~~~
The kernel builds explicitly with -std=gnu11 in top Makefile, but
arch/loongarch/vdso does not use KBUILD_CFLAGS from the rest of the
kernel, just add -std=gnu11 flag to arch/loongarch/vdso/Makefile.
By the way, commit e8c07082a810 ("Kbuild: move to -std=gnu11") did a
similar change for arch/arm64/kernel/vdso32/Makefile.
Fixes: c6b99bed6b8f ("LoongArch: Add VDSO and VSYSCALL support")
Signed-off-by: Tiezhu Yang <yangtiezhu@loongson.cn>
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/loongarch/vdso/Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/loongarch/vdso/Makefile b/arch/loongarch/vdso/Makefile
index d724d46b07c84..3e5e30125b212 100644
--- a/arch/loongarch/vdso/Makefile
+++ b/arch/loongarch/vdso/Makefile
@@ -18,7 +18,7 @@ ccflags-vdso := \
cflags-vdso := $(ccflags-vdso) \
-isystem $(shell $(CC) -print-file-name=include) \
$(filter -W%,$(filter-out -Wa$(comma)%,$(KBUILD_CFLAGS))) \
- -O2 -g -fno-strict-aliasing -fno-common -fno-builtin \
+ -std=gnu11 -O2 -g -fno-strict-aliasing -fno-common -fno-builtin \
-fno-stack-protector -fno-jump-tables -DDISABLE_BRANCH_PROFILING \
$(call cc-option, -fno-asynchronous-unwind-tables) \
$(call cc-option, -fno-stack-protector)
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 561/817] LoongArch: BPF: Sign-extend return values
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (559 preceding siblings ...)
2024-12-03 14:42 ` [PATCH 6.11 560/817] LoongArch: Fix build failure with GCC 15 (-std=gnu23) Greg Kroah-Hartman
@ 2024-12-03 14:42 ` Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 562/817] power: supply: core: Remove might_sleep() from power_supply_put() Greg Kroah-Hartman
` (265 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, John Fastabend, Tiezhu Yang,
Huacai Chen, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tiezhu Yang <yangtiezhu@loongson.cn>
[ Upstream commit 73c359d1d356cf10236ccd358bd55edab33e9424 ]
(1) Description of Problem:
When testing BPF JIT with the latest compiler toolchains on LoongArch,
there exist some strange failed test cases, dmesg shows something like
this:
# dmesg -t | grep FAIL | head -1
... ret -3 != -3 (0xfffffffd != 0xfffffffd)FAIL ...
(2) Steps to Reproduce:
# echo 1 > /proc/sys/net/core/bpf_jit_enable
# modprobe test_bpf
(3) Additional Info:
There are no failed test cases compiled with the lower version of GCC
such as 13.3.0, while the problems only appear with higher version of
GCC such as 14.2.0.
This is because the problems were hidden by the lower version of GCC due
to redundant sign extension instructions generated by compiler, but with
optimization of higher version of GCC, the sign extension instructions
have been removed.
(4) Root Cause Analysis:
The LoongArch architecture does not expose sub-registers, and hold all
32-bit values in a sign-extended format. While BPF, on the other hand,
exposes sub-registers, and use zero-extension (similar to arm64/x86).
This has led to some subtle bugs, where a BPF JITted program has not
sign-extended the a0 register (return value in LoongArch land), passed
the return value up the kernel, for example:
| int from_bpf(void);
|
| long foo(void)
| {
| return from_bpf();
| }
Here, a0 would be 0xffffffff instead of the expected 0xffffffffffffffff.
Internally, the LoongArch JIT uses a5 as a dedicated register for BPF
return values. That is to say, the LoongArch BPF uses a5 for BPF return
values, which are zero-extended, whereas the LoongArch ABI uses a0 which
is sign-extended.
(5) Final Solution:
Keep a5 zero-extended, but explicitly sign-extend a0 (which is used
outside BPF land). Because libbpf currently defines the return value
of an ebpf program as a 32-bit unsigned integer, just use addi.w to
extend bit 31 into bits 63 through 32 of a5 to a0. This is similar to
commit 2f1b0d3d7331 ("riscv, bpf: Sign-extend return values").
Fixes: 5dc615520c4d ("LoongArch: Add BPF JIT support")
Acked-by: John Fastabend <john.fastabend@gmail.com>
Signed-off-by: Tiezhu Yang <yangtiezhu@loongson.cn>
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/loongarch/net/bpf_jit.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/loongarch/net/bpf_jit.c b/arch/loongarch/net/bpf_jit.c
index 7dbefd4ba2107..dd350cba1252f 100644
--- a/arch/loongarch/net/bpf_jit.c
+++ b/arch/loongarch/net/bpf_jit.c
@@ -179,7 +179,7 @@ static void __build_epilogue(struct jit_ctx *ctx, bool is_tail_call)
if (!is_tail_call) {
/* Set return value */
- move_reg(ctx, LOONGARCH_GPR_A0, regmap[BPF_REG_0]);
+ emit_insn(ctx, addiw, LOONGARCH_GPR_A0, regmap[BPF_REG_0], 0);
/* Return to the caller */
emit_insn(ctx, jirl, LOONGARCH_GPR_RA, LOONGARCH_GPR_ZERO, 0);
} else {
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 562/817] power: supply: core: Remove might_sleep() from power_supply_put()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (560 preceding siblings ...)
2024-12-03 14:42 ` [PATCH 6.11 561/817] LoongArch: BPF: Sign-extend return values Greg Kroah-Hartman
@ 2024-12-03 14:42 ` Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 563/817] power: supply: bq27xxx: Fix registers of bq27426 Greg Kroah-Hartman
` (264 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Kyle Tso, Krzysztof Kozlowski,
Bart Van Assche, Krzysztof Kozlowski, Sebastian Reichel,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Bart Van Assche <bvanassche@acm.org>
[ Upstream commit f6da4553ff24a5d1c959c9627c965323adc3d307 ]
The put_device() call in power_supply_put() may call
power_supply_dev_release(). The latter function does not sleep so
power_supply_put() doesn't sleep either. Hence, remove the might_sleep()
call from power_supply_put(). This patch suppresses false positive
complaints about calling a sleeping function from atomic context if
power_supply_put() is called from atomic context.
Cc: Kyle Tso <kyletso@google.com>
Cc: Krzysztof Kozlowski <krzk@kernel.org>
Fixes: 1a352462b537 ("power_supply: Add power_supply_put for decrementing device reference counter")
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Link: https://lore.kernel.org/r/20240917193914.47566-1-bvanassche@acm.org
Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/power/supply/power_supply_core.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/drivers/power/supply/power_supply_core.c b/drivers/power/supply/power_supply_core.c
index b43c2557241e7..06ce24abbe77f 100644
--- a/drivers/power/supply/power_supply_core.c
+++ b/drivers/power/supply/power_supply_core.c
@@ -483,8 +483,6 @@ EXPORT_SYMBOL_GPL(power_supply_get_by_name);
*/
void power_supply_put(struct power_supply *psy)
{
- might_sleep();
-
atomic_dec(&psy->use_cnt);
put_device(&psy->dev);
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 563/817] power: supply: bq27xxx: Fix registers of bq27426
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (561 preceding siblings ...)
2024-12-03 14:42 ` [PATCH 6.11 562/817] power: supply: core: Remove might_sleep() from power_supply_put() Greg Kroah-Hartman
@ 2024-12-03 14:42 ` Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 564/817] power: supply: rt9471: Fix wrong WDT function regfield declaration Greg Kroah-Hartman
` (263 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Barnabás Czémán,
Sebastian Reichel, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Barnabás Czémán <barnabas.czeman@mainlining.org>
[ Upstream commit 34f99d3b706a519e556841f405c224ca708b1f54 ]
Correct bq27426 registers, according to technical reference manual
it does not have Design Capacity register so it is not register
compatible with bq27421.
Fixes: 5ef6a16033b47 ("power: supply: bq27xxx: Add support for BQ27426")
Signed-off-by: Barnabás Czémán <barnabas.czeman@mainlining.org>
Link: https://lore.kernel.org/r/20241016-fix_bq27426-v2-1-aa6c0f51a9f6@mainlining.org
Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/power/supply/bq27xxx_battery.c | 37 ++++++++++++++++++++++++--
1 file changed, 35 insertions(+), 2 deletions(-)
diff --git a/drivers/power/supply/bq27xxx_battery.c b/drivers/power/supply/bq27xxx_battery.c
index 750fda543308c..51fb88aca0f9f 100644
--- a/drivers/power/supply/bq27xxx_battery.c
+++ b/drivers/power/supply/bq27xxx_battery.c
@@ -449,9 +449,29 @@ static u8
[BQ27XXX_REG_AP] = 0x18,
BQ27XXX_DM_REG_ROWS,
},
+ bq27426_regs[BQ27XXX_REG_MAX] = {
+ [BQ27XXX_REG_CTRL] = 0x00,
+ [BQ27XXX_REG_TEMP] = 0x02,
+ [BQ27XXX_REG_INT_TEMP] = 0x1e,
+ [BQ27XXX_REG_VOLT] = 0x04,
+ [BQ27XXX_REG_AI] = 0x10,
+ [BQ27XXX_REG_FLAGS] = 0x06,
+ [BQ27XXX_REG_TTE] = INVALID_REG_ADDR,
+ [BQ27XXX_REG_TTF] = INVALID_REG_ADDR,
+ [BQ27XXX_REG_TTES] = INVALID_REG_ADDR,
+ [BQ27XXX_REG_TTECP] = INVALID_REG_ADDR,
+ [BQ27XXX_REG_NAC] = 0x08,
+ [BQ27XXX_REG_RC] = 0x0c,
+ [BQ27XXX_REG_FCC] = 0x0e,
+ [BQ27XXX_REG_CYCT] = INVALID_REG_ADDR,
+ [BQ27XXX_REG_AE] = INVALID_REG_ADDR,
+ [BQ27XXX_REG_SOC] = 0x1c,
+ [BQ27XXX_REG_DCAP] = INVALID_REG_ADDR,
+ [BQ27XXX_REG_AP] = 0x18,
+ BQ27XXX_DM_REG_ROWS,
+ },
#define bq27411_regs bq27421_regs
#define bq27425_regs bq27421_regs
-#define bq27426_regs bq27421_regs
#define bq27441_regs bq27421_regs
#define bq27621_regs bq27421_regs
bq27z561_regs[BQ27XXX_REG_MAX] = {
@@ -769,10 +789,23 @@ static enum power_supply_property bq27421_props[] = {
};
#define bq27411_props bq27421_props
#define bq27425_props bq27421_props
-#define bq27426_props bq27421_props
#define bq27441_props bq27421_props
#define bq27621_props bq27421_props
+static enum power_supply_property bq27426_props[] = {
+ POWER_SUPPLY_PROP_STATUS,
+ POWER_SUPPLY_PROP_PRESENT,
+ POWER_SUPPLY_PROP_VOLTAGE_NOW,
+ POWER_SUPPLY_PROP_CURRENT_NOW,
+ POWER_SUPPLY_PROP_CAPACITY,
+ POWER_SUPPLY_PROP_CAPACITY_LEVEL,
+ POWER_SUPPLY_PROP_TEMP,
+ POWER_SUPPLY_PROP_TECHNOLOGY,
+ POWER_SUPPLY_PROP_CHARGE_FULL,
+ POWER_SUPPLY_PROP_CHARGE_NOW,
+ POWER_SUPPLY_PROP_MANUFACTURER,
+};
+
static enum power_supply_property bq27z561_props[] = {
POWER_SUPPLY_PROP_STATUS,
POWER_SUPPLY_PROP_PRESENT,
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 564/817] power: supply: rt9471: Fix wrong WDT function regfield declaration
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (562 preceding siblings ...)
2024-12-03 14:42 ` [PATCH 6.11 563/817] power: supply: bq27xxx: Fix registers of bq27426 Greg Kroah-Hartman
@ 2024-12-03 14:42 ` Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 565/817] power: supply: rt9471: Use IC status regfield to report real charger status Greg Kroah-Hartman
` (262 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Lucas Tsai, ChiYuan Huang,
Sebastian Reichel, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: ChiYuan Huang <cy_huang@richtek.com>
[ Upstream commit d10ff07dd2b933e3864c592ca932996b07bbf22a ]
Fix F_WDT and F_WDT_RST wrong regfield declaration.
Fixes: 4a1a5f6781d8 ("power: supply: rt9471: Add Richtek RT9471 charger driver")
Reported-by: Lucas Tsai <lucas_tsai@richtek.com>
Signed-off-by: ChiYuan Huang <cy_huang@richtek.com>
Link: https://lore.kernel.org/r/f862e23f220612f01fabb6d8e76cfaf63756c22b.1727252762.git.cy_huang@richtek.com
Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/power/supply/rt9471.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/power/supply/rt9471.c b/drivers/power/supply/rt9471.c
index 868b0703d15c5..f62154d929028 100644
--- a/drivers/power/supply/rt9471.c
+++ b/drivers/power/supply/rt9471.c
@@ -153,8 +153,8 @@ struct rt9471_chip {
};
static const struct reg_field rt9471_reg_fields[F_MAX_FIELDS] = {
- [F_WDT] = REG_FIELD(RT9471_REG_TOP, 0, 0),
- [F_WDT_RST] = REG_FIELD(RT9471_REG_TOP, 1, 1),
+ [F_WDT] = REG_FIELD(RT9471_REG_TOP, 0, 1),
+ [F_WDT_RST] = REG_FIELD(RT9471_REG_TOP, 2, 2),
[F_CHG_EN] = REG_FIELD(RT9471_REG_FUNC, 0, 0),
[F_HZ] = REG_FIELD(RT9471_REG_FUNC, 5, 5),
[F_BATFET_DIS] = REG_FIELD(RT9471_REG_FUNC, 7, 7),
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 565/817] power: supply: rt9471: Use IC status regfield to report real charger status
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (563 preceding siblings ...)
2024-12-03 14:42 ` [PATCH 6.11 564/817] power: supply: rt9471: Fix wrong WDT function regfield declaration Greg Kroah-Hartman
@ 2024-12-03 14:42 ` Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 566/817] net: usb: lan78xx: Fix double free issue with interrupt buffer allocation Greg Kroah-Hartman
` (261 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Lucas Tsai, ChiYuan Huang,
Sebastian Reichel, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: ChiYuan Huang <cy_huang@richtek.com>
[ Upstream commit c46a9ee5c6210682611d3d4276436c23a95e1996 ]
Use IC status regfield to rewrite the 'get_staus' function. The original
one cannot cover some special scenario like as charger OTG or JEITA case.
Fixes: 4a1a5f6781d8 ("power: supply: rt9471: Add Richtek RT9471 charger driver")
Reported-by: Lucas Tsai <lucas_tsai@richtek.com>
Signed-off-by: ChiYuan Huang <cy_huang@richtek.com>
Link: https://lore.kernel.org/r/67ba92bb4a9c51d9cafadab30b788a3a2c3048e1.1727252762.git.cy_huang@richtek.com
Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/power/supply/rt9471.c | 48 ++++++++++++++++++++++-------------
1 file changed, 31 insertions(+), 17 deletions(-)
diff --git a/drivers/power/supply/rt9471.c b/drivers/power/supply/rt9471.c
index f62154d929028..522a67736fa5a 100644
--- a/drivers/power/supply/rt9471.c
+++ b/drivers/power/supply/rt9471.c
@@ -139,6 +139,19 @@ enum {
RT9471_PORTSTAT_DCP,
};
+enum {
+ RT9471_ICSTAT_SLEEP = 0,
+ RT9471_ICSTAT_VBUSRDY,
+ RT9471_ICSTAT_TRICKLECHG,
+ RT9471_ICSTAT_PRECHG,
+ RT9471_ICSTAT_FASTCHG,
+ RT9471_ICSTAT_IEOC,
+ RT9471_ICSTAT_BGCHG,
+ RT9471_ICSTAT_CHGDONE,
+ RT9471_ICSTAT_CHGFAULT,
+ RT9471_ICSTAT_OTG = 15,
+};
+
struct rt9471_chip {
struct device *dev;
struct regmap *regmap;
@@ -255,31 +268,32 @@ static int rt9471_get_ieoc(struct rt9471_chip *chip, int *microamp)
static int rt9471_get_status(struct rt9471_chip *chip, int *status)
{
- unsigned int chg_ready, chg_done, fault_stat;
+ unsigned int ic_stat;
int ret;
- ret = regmap_field_read(chip->rm_fields[F_ST_CHG_RDY], &chg_ready);
- if (ret)
- return ret;
-
- ret = regmap_field_read(chip->rm_fields[F_ST_CHG_DONE], &chg_done);
+ ret = regmap_field_read(chip->rm_fields[F_IC_STAT], &ic_stat);
if (ret)
return ret;
- ret = regmap_read(chip->regmap, RT9471_REG_STAT1, &fault_stat);
- if (ret)
- return ret;
-
- fault_stat &= RT9471_CHGFAULT_MASK;
-
- if (chg_ready && chg_done)
- *status = POWER_SUPPLY_STATUS_FULL;
- else if (chg_ready && fault_stat)
+ switch (ic_stat) {
+ case RT9471_ICSTAT_VBUSRDY:
+ case RT9471_ICSTAT_CHGFAULT:
*status = POWER_SUPPLY_STATUS_NOT_CHARGING;
- else if (chg_ready && !fault_stat)
+ break;
+ case RT9471_ICSTAT_TRICKLECHG ... RT9471_ICSTAT_BGCHG:
*status = POWER_SUPPLY_STATUS_CHARGING;
- else
+ break;
+ case RT9471_ICSTAT_CHGDONE:
+ *status = POWER_SUPPLY_STATUS_FULL;
+ break;
+ case RT9471_ICSTAT_SLEEP:
+ case RT9471_ICSTAT_OTG:
*status = POWER_SUPPLY_STATUS_DISCHARGING;
+ break;
+ default:
+ *status = POWER_SUPPLY_STATUS_UNKNOWN;
+ break;
+ }
return 0;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 566/817] net: usb: lan78xx: Fix double free issue with interrupt buffer allocation
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (564 preceding siblings ...)
2024-12-03 14:42 ` [PATCH 6.11 565/817] power: supply: rt9471: Use IC status regfield to report real charger status Greg Kroah-Hartman
@ 2024-12-03 14:42 ` Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 567/817] net: usb: lan78xx: Fix memory leak on device unplug by freeing PHY device Greg Kroah-Hartman
` (260 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, John Efstathiades, Oleksij Rempel,
Jakub Kicinski, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Oleksij Rempel <o.rempel@pengutronix.de>
[ Upstream commit 03819abbeb11117dcbba40bfe322b88c0c88a6b6 ]
In lan78xx_probe(), the buffer `buf` was being freed twice: once
implicitly through `usb_free_urb(dev->urb_intr)` with the
`URB_FREE_BUFFER` flag and again explicitly by `kfree(buf)`. This caused
a double free issue.
To resolve this, reordered `kmalloc()` and `usb_alloc_urb()` calls to
simplify the initialization sequence and removed the redundant
`kfree(buf)`. Now, `buf` is allocated after `usb_alloc_urb()`, ensuring
it is correctly managed by `usb_fill_int_urb()` and freed by
`usb_free_urb()` as intended.
Fixes: a6df95cae40b ("lan78xx: Fix memory allocation bug")
Cc: John Efstathiades <john.efstathiades@pebblebay.com>
Signed-off-by: Oleksij Rempel <o.rempel@pengutronix.de>
Link: https://patch.msgid.link/20241116130558.1352230-1-o.rempel@pengutronix.de
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/usb/lan78xx.c | 29 ++++++++++++++---------------
1 file changed, 14 insertions(+), 15 deletions(-)
diff --git a/drivers/net/usb/lan78xx.c b/drivers/net/usb/lan78xx.c
index 8adf77e3557e7..094a47b8b97eb 100644
--- a/drivers/net/usb/lan78xx.c
+++ b/drivers/net/usb/lan78xx.c
@@ -4414,29 +4414,30 @@ static int lan78xx_probe(struct usb_interface *intf,
period = ep_intr->desc.bInterval;
maxp = usb_maxpacket(dev->udev, dev->pipe_intr);
- buf = kmalloc(maxp, GFP_KERNEL);
- if (!buf) {
+
+ dev->urb_intr = usb_alloc_urb(0, GFP_KERNEL);
+ if (!dev->urb_intr) {
ret = -ENOMEM;
goto out5;
}
- dev->urb_intr = usb_alloc_urb(0, GFP_KERNEL);
- if (!dev->urb_intr) {
+ buf = kmalloc(maxp, GFP_KERNEL);
+ if (!buf) {
ret = -ENOMEM;
- goto out6;
- } else {
- usb_fill_int_urb(dev->urb_intr, dev->udev,
- dev->pipe_intr, buf, maxp,
- intr_complete, dev, period);
- dev->urb_intr->transfer_flags |= URB_FREE_BUFFER;
+ goto free_urbs;
}
+ usb_fill_int_urb(dev->urb_intr, dev->udev,
+ dev->pipe_intr, buf, maxp,
+ intr_complete, dev, period);
+ dev->urb_intr->transfer_flags |= URB_FREE_BUFFER;
+
dev->maxpacket = usb_maxpacket(dev->udev, dev->pipe_out);
/* Reject broken descriptors. */
if (dev->maxpacket == 0) {
ret = -ENODEV;
- goto out6;
+ goto free_urbs;
}
/* driver requires remote-wakeup capability during autosuspend. */
@@ -4444,7 +4445,7 @@ static int lan78xx_probe(struct usb_interface *intf,
ret = lan78xx_phy_init(dev);
if (ret < 0)
- goto out7;
+ goto free_urbs;
ret = register_netdev(netdev);
if (ret != 0) {
@@ -4466,10 +4467,8 @@ static int lan78xx_probe(struct usb_interface *intf,
out8:
phy_disconnect(netdev->phydev);
-out7:
+free_urbs:
usb_free_urb(dev->urb_intr);
-out6:
- kfree(buf);
out5:
lan78xx_unbind(dev, intf);
out4:
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 567/817] net: usb: lan78xx: Fix memory leak on device unplug by freeing PHY device
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (565 preceding siblings ...)
2024-12-03 14:42 ` [PATCH 6.11 566/817] net: usb: lan78xx: Fix double free issue with interrupt buffer allocation Greg Kroah-Hartman
@ 2024-12-03 14:42 ` Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 568/817] tg3: Set coherent DMA mask bits to 31 for BCM57766 chipsets Greg Kroah-Hartman
` (259 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Raghuram Chary J, Oleksij Rempel,
Jakub Kicinski, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Oleksij Rempel <o.rempel@pengutronix.de>
[ Upstream commit ae7370e61c5d8f5bcefc2d4fca724bd4e9bbf789 ]
Add calls to `phy_device_free` after `fixed_phy_unregister` to fix a
memory leak that occurs when the device is unplugged. This ensures
proper cleanup of pseudo fixed-link PHYs.
Fixes: 89b36fb5e532 ("lan78xx: Lan7801 Support for Fixed PHY")
Cc: Raghuram Chary J <raghuramchary.jallipalli@microchip.com>
Signed-off-by: Oleksij Rempel <o.rempel@pengutronix.de>
Link: https://patch.msgid.link/20241116130558.1352230-2-o.rempel@pengutronix.de
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/usb/lan78xx.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/net/usb/lan78xx.c b/drivers/net/usb/lan78xx.c
index 094a47b8b97eb..9f191b6ce8215 100644
--- a/drivers/net/usb/lan78xx.c
+++ b/drivers/net/usb/lan78xx.c
@@ -2380,6 +2380,7 @@ static int lan78xx_phy_init(struct lan78xx_net *dev)
if (dev->chipid == ID_REV_CHIP_ID_7801_) {
if (phy_is_pseudo_fixed_link(phydev)) {
fixed_phy_unregister(phydev);
+ phy_device_free(phydev);
} else {
phy_unregister_fixup_for_uid(PHY_KSZ9031RNX,
0xfffffff0);
@@ -4246,8 +4247,10 @@ static void lan78xx_disconnect(struct usb_interface *intf)
phy_disconnect(net->phydev);
- if (phy_is_pseudo_fixed_link(phydev))
+ if (phy_is_pseudo_fixed_link(phydev)) {
fixed_phy_unregister(phydev);
+ phy_device_free(phydev);
+ }
usb_scuttle_anchored_urbs(&dev->deferred);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 568/817] tg3: Set coherent DMA mask bits to 31 for BCM57766 chipsets
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (566 preceding siblings ...)
2024-12-03 14:42 ` [PATCH 6.11 567/817] net: usb: lan78xx: Fix memory leak on device unplug by freeing PHY device Greg Kroah-Hartman
@ 2024-12-03 14:42 ` Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 569/817] net: usb: lan78xx: Fix refcounting and autosuspend on invalid WoL configuration Greg Kroah-Hartman
` (258 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Salam Noureddine, Kalesh AP,
Somnath Kotur, Pavan Chebbi, Michal Kubiak, Jakub Kicinski,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Pavan Chebbi <pavan.chebbi@broadcom.com>
[ Upstream commit 614f4d166eeeb9bd709b0ad29552f691c0f45776 ]
The hardware on Broadcom 1G chipsets have a known limitation
where they cannot handle DMA addresses that cross over 4GB.
When such an address is encountered, the hardware sets the
address overflow error bit in the DMA status register and
triggers a reset.
However, BCM57766 hardware is setting the overflow bit and
triggering a reset in some cases when there is no actual
underlying address overflow. The hardware team analyzed the
issue and concluded that it is happening when the status
block update has an address with higher (b16 to b31) bits
as 0xffff following a previous update that had lowest bits
as 0xffff.
To work around this bug in the BCM57766 hardware, set the
coherent dma mask from the current 64b to 31b. This will
ensure that upper bits of the status block DMA address are
always at most 0x7fff, thus avoiding the improper overflow
check described above. This work around is intended for only
status block and ring memories and has no effect on TX and
RX buffers as they do not require coherent memory.
Fixes: 72f2afb8a685 ("[TG3]: Add DMA address workaround")
Reported-by: Salam Noureddine <noureddine@arista.com>
Reviewed-by: Kalesh AP <kalesh-anakkur.purayil@broadcom.com>
Reviewed-by: Somnath Kotur <somnath.kotur@broadcom.com>
Signed-off-by: Pavan Chebbi <pavan.chebbi@broadcom.com>
Reviewed-by: Michal Kubiak <michal.kubiak@intel.com>
Link: https://patch.msgid.link/20241119055741.147144-1-pavan.chebbi@broadcom.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/broadcom/tg3.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/net/ethernet/broadcom/tg3.c b/drivers/net/ethernet/broadcom/tg3.c
index 0ec5f01551f98..8d22830862067 100644
--- a/drivers/net/ethernet/broadcom/tg3.c
+++ b/drivers/net/ethernet/broadcom/tg3.c
@@ -17805,6 +17805,9 @@ static int tg3_init_one(struct pci_dev *pdev,
} else
persist_dma_mask = dma_mask = DMA_BIT_MASK(64);
+ if (tg3_asic_rev(tp) == ASIC_REV_57766)
+ persist_dma_mask = DMA_BIT_MASK(31);
+
/* Configure DMA attributes. */
if (dma_mask > DMA_BIT_MASK(32)) {
err = dma_set_mask(&pdev->dev, dma_mask);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 569/817] net: usb: lan78xx: Fix refcounting and autosuspend on invalid WoL configuration
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (567 preceding siblings ...)
2024-12-03 14:42 ` [PATCH 6.11 568/817] tg3: Set coherent DMA mask bits to 31 for BCM57766 chipsets Greg Kroah-Hartman
@ 2024-12-03 14:42 ` Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 570/817] net: microchip: vcap: Add typegroup table terminators in kunit tests Greg Kroah-Hartman
` (257 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Oleksij Rempel, Florian Fainelli,
Jakub Kicinski, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Oleksij Rempel <o.rempel@pengutronix.de>
[ Upstream commit e863ff806f72098bccaf8fa89c80d9ad6187c3b0 ]
Validate Wake-on-LAN (WoL) options in `lan78xx_set_wol` before calling
`usb_autopm_get_interface`. This prevents USB autopm refcounting issues
and ensures the adapter can properly enter autosuspend when invalid WoL
options are provided.
Fixes: eb9ad088f966 ("lan78xx: Check for supported Wake-on-LAN modes")
Signed-off-by: Oleksij Rempel <o.rempel@pengutronix.de>
Acked-by: Florian Fainelli <f.fainelli@gmail.com>
Link: https://patch.msgid.link/20241118140351.2398166-1-o.rempel@pengutronix.de
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/usb/lan78xx.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/net/usb/lan78xx.c b/drivers/net/usb/lan78xx.c
index 9f191b6ce8215..531b1b6a37d19 100644
--- a/drivers/net/usb/lan78xx.c
+++ b/drivers/net/usb/lan78xx.c
@@ -1652,13 +1652,13 @@ static int lan78xx_set_wol(struct net_device *netdev,
struct lan78xx_priv *pdata = (struct lan78xx_priv *)(dev->data[0]);
int ret;
+ if (wol->wolopts & ~WAKE_ALL)
+ return -EINVAL;
+
ret = usb_autopm_get_interface(dev->intf);
if (ret < 0)
return ret;
- if (wol->wolopts & ~WAKE_ALL)
- return -EINVAL;
-
pdata->wol = wol->wolopts;
device_set_wakeup_enable(&dev->udev->dev, (bool)wol->wolopts);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 570/817] net: microchip: vcap: Add typegroup table terminators in kunit tests
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (568 preceding siblings ...)
2024-12-03 14:42 ` [PATCH 6.11 569/817] net: usb: lan78xx: Fix refcounting and autosuspend on invalid WoL configuration Greg Kroah-Hartman
@ 2024-12-03 14:42 ` Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 571/817] netlink: fix false positive warning in extack during dumps Greg Kroah-Hartman
` (256 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Steen Hegelund, Guenter Roeck,
Daniel Machon, Jacob Keller, Jakub Kicinski, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Guenter Roeck <linux@roeck-us.net>
[ Upstream commit f164b296638d1eb1fb1c537e93ab5c8b49966546 ]
VCAP API unit tests fail randomly with errors such as
# vcap_api_iterator_init_test: EXPECTATION FAILED at drivers/net/ethernet/microchip/vcap/vcap_api_kunit.c:387
Expected 134 + 7 == iter.offset, but
134 + 7 == 141 (0x8d)
iter.offset == 17214 (0x433e)
# vcap_api_iterator_init_test: EXPECTATION FAILED at drivers/net/ethernet/microchip/vcap/vcap_api_kunit.c:388
Expected 5 == iter.reg_idx, but
iter.reg_idx == 702 (0x2be)
# vcap_api_iterator_init_test: EXPECTATION FAILED at drivers/net/ethernet/microchip/vcap/vcap_api_kunit.c:389
Expected 11 == iter.reg_bitpos, but
iter.reg_bitpos == 15 (0xf)
# vcap_api_iterator_init_test: pass:0 fail:1 skip:0 total:1
Comments in the code state that "A typegroup table ends with an all-zero
terminator". Add the missing terminators.
Some of the typegroups did have a terminator of ".offset = 0, .width = 0,
.value = 0,". Replace those terminators with "{ }" (no trailing ',') for
consistency and to excplicitly state "this is a terminator".
Fixes: 67d637516fa9 ("net: microchip: sparx5: Adding KUNIT test for the VCAP API")
Cc: Steen Hegelund <steen.hegelund@microchip.com>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Reviewed-by: Daniel Machon <daniel.machon@microchip.com>
Reviewed-by: Jacob Keller <jacob.e.keller@intel.com>
Link: https://patch.msgid.link/20241119213202.2884639-1-linux@roeck-us.net
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../ethernet/microchip/vcap/vcap_api_kunit.c | 17 ++++++++++-------
1 file changed, 10 insertions(+), 7 deletions(-)
diff --git a/drivers/net/ethernet/microchip/vcap/vcap_api_kunit.c b/drivers/net/ethernet/microchip/vcap/vcap_api_kunit.c
index 7251121ab196e..16eb3de60eb6d 100644
--- a/drivers/net/ethernet/microchip/vcap/vcap_api_kunit.c
+++ b/drivers/net/ethernet/microchip/vcap/vcap_api_kunit.c
@@ -366,12 +366,13 @@ static void vcap_api_iterator_init_test(struct kunit *test)
struct vcap_typegroup typegroups[] = {
{ .offset = 0, .width = 2, .value = 2, },
{ .offset = 156, .width = 1, .value = 0, },
- { .offset = 0, .width = 0, .value = 0, },
+ { }
};
struct vcap_typegroup typegroups2[] = {
{ .offset = 0, .width = 3, .value = 4, },
{ .offset = 49, .width = 2, .value = 0, },
{ .offset = 98, .width = 2, .value = 0, },
+ { }
};
vcap_iter_init(&iter, 52, typegroups, 86);
@@ -399,6 +400,7 @@ static void vcap_api_iterator_next_test(struct kunit *test)
{ .offset = 147, .width = 3, .value = 0, },
{ .offset = 196, .width = 2, .value = 0, },
{ .offset = 245, .width = 1, .value = 0, },
+ { }
};
int idx;
@@ -433,7 +435,7 @@ static void vcap_api_encode_typegroups_test(struct kunit *test)
{ .offset = 147, .width = 3, .value = 5, },
{ .offset = 196, .width = 2, .value = 2, },
{ .offset = 245, .width = 5, .value = 27, },
- { .offset = 0, .width = 0, .value = 0, },
+ { }
};
vcap_encode_typegroups(stream, 49, typegroups, false);
@@ -463,6 +465,7 @@ static void vcap_api_encode_bit_test(struct kunit *test)
{ .offset = 147, .width = 3, .value = 5, },
{ .offset = 196, .width = 2, .value = 2, },
{ .offset = 245, .width = 1, .value = 0, },
+ { }
};
vcap_iter_init(&iter, 49, typegroups, 44);
@@ -489,7 +492,7 @@ static void vcap_api_encode_field_test(struct kunit *test)
{ .offset = 147, .width = 3, .value = 5, },
{ .offset = 196, .width = 2, .value = 2, },
{ .offset = 245, .width = 5, .value = 27, },
- { .offset = 0, .width = 0, .value = 0, },
+ { }
};
struct vcap_field rf = {
.type = VCAP_FIELD_U32,
@@ -538,7 +541,7 @@ static void vcap_api_encode_short_field_test(struct kunit *test)
{ .offset = 0, .width = 3, .value = 7, },
{ .offset = 21, .width = 2, .value = 3, },
{ .offset = 42, .width = 1, .value = 1, },
- { .offset = 0, .width = 0, .value = 0, },
+ { }
};
struct vcap_field rf = {
.type = VCAP_FIELD_U32,
@@ -608,7 +611,7 @@ static void vcap_api_encode_keyfield_test(struct kunit *test)
struct vcap_typegroup tgt[] = {
{ .offset = 0, .width = 2, .value = 2, },
{ .offset = 156, .width = 1, .value = 1, },
- { .offset = 0, .width = 0, .value = 0, },
+ { }
};
vcap_test_api_init(&admin);
@@ -671,7 +674,7 @@ static void vcap_api_encode_max_keyfield_test(struct kunit *test)
struct vcap_typegroup tgt[] = {
{ .offset = 0, .width = 2, .value = 2, },
{ .offset = 156, .width = 1, .value = 1, },
- { .offset = 0, .width = 0, .value = 0, },
+ { }
};
u32 keyres[] = {
0x928e8a84,
@@ -732,7 +735,7 @@ static void vcap_api_encode_actionfield_test(struct kunit *test)
{ .offset = 0, .width = 2, .value = 2, },
{ .offset = 21, .width = 1, .value = 1, },
{ .offset = 42, .width = 1, .value = 0, },
- { .offset = 0, .width = 0, .value = 0, },
+ { }
};
vcap_encode_actionfield(&rule, &caf, &rf, tgt);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 571/817] netlink: fix false positive warning in extack during dumps
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (569 preceding siblings ...)
2024-12-03 14:42 ` [PATCH 6.11 570/817] net: microchip: vcap: Add typegroup table terminators in kunit tests Greg Kroah-Hartman
@ 2024-12-03 14:42 ` Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 572/817] exfat: fix file being changed by unaligned direct write Greg Kroah-Hartman
` (255 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+d4373fa8042c06cefa84,
Jacob Keller, Jakub Kicinski, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jakub Kicinski <kuba@kernel.org>
[ Upstream commit 3bf39fa849ab8ed52abb6715922e6102d3df9f97 ]
Commit under fixes extended extack reporting to dumps.
It works under normal conditions, because extack errors are
usually reported during ->start() or the first ->dump(),
it's quite rare that the dump starts okay but fails later.
If the dump does fail later, however, the input skb will
already have the initiating message pulled, so checking
if bad attr falls within skb->data will fail.
Switch the check to using nlh, which is always valid.
syzbot found a way to hit that scenario by filling up
the receive queue. In this case we initiate a dump
but don't call ->dump() until there is read space for
an skb.
WARNING: CPU: 1 PID: 5845 at net/netlink/af_netlink.c:2210 netlink_ack_tlv_fill+0x1a8/0x560 net/netlink/af_netlink.c:2209
RIP: 0010:netlink_ack_tlv_fill+0x1a8/0x560 net/netlink/af_netlink.c:2209
Call Trace:
<TASK>
netlink_dump_done+0x513/0x970 net/netlink/af_netlink.c:2250
netlink_dump+0x91f/0xe10 net/netlink/af_netlink.c:2351
netlink_recvmsg+0x6bb/0x11d0 net/netlink/af_netlink.c:1983
sock_recvmsg_nosec net/socket.c:1051 [inline]
sock_recvmsg+0x22f/0x280 net/socket.c:1073
__sys_recvfrom+0x246/0x3d0 net/socket.c:2267
__do_sys_recvfrom net/socket.c:2285 [inline]
__se_sys_recvfrom net/socket.c:2281 [inline]
__x64_sys_recvfrom+0xde/0x100 net/socket.c:2281
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7ff37dd17a79
Reported-by: syzbot+d4373fa8042c06cefa84@syzkaller.appspotmail.com
Fixes: 8af4f60472fc ("netlink: support all extack types in dumps")
Reviewed-by: Jacob Keller <jacob.e.keller@intel.com>
Link: https://patch.msgid.link/20241119224432.1713040-1-kuba@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/netlink/af_netlink.c | 21 +++++++++++----------
1 file changed, 11 insertions(+), 10 deletions(-)
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
index f84aad420d446..775d707ec708a 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -2176,9 +2176,14 @@ netlink_ack_tlv_len(struct netlink_sock *nlk, int err,
return tlvlen;
}
+static bool nlmsg_check_in_payload(const struct nlmsghdr *nlh, const void *addr)
+{
+ return !WARN_ON(addr < nlmsg_data(nlh) ||
+ addr - (const void *) nlh >= nlh->nlmsg_len);
+}
+
static void
-netlink_ack_tlv_fill(struct sk_buff *in_skb, struct sk_buff *skb,
- const struct nlmsghdr *nlh, int err,
+netlink_ack_tlv_fill(struct sk_buff *skb, const struct nlmsghdr *nlh, int err,
const struct netlink_ext_ack *extack)
{
if (extack->_msg)
@@ -2190,9 +2195,7 @@ netlink_ack_tlv_fill(struct sk_buff *in_skb, struct sk_buff *skb,
if (!err)
return;
- if (extack->bad_attr &&
- !WARN_ON((u8 *)extack->bad_attr < in_skb->data ||
- (u8 *)extack->bad_attr >= in_skb->data + in_skb->len))
+ if (extack->bad_attr && nlmsg_check_in_payload(nlh, extack->bad_attr))
WARN_ON(nla_put_u32(skb, NLMSGERR_ATTR_OFFS,
(u8 *)extack->bad_attr - (const u8 *)nlh));
if (extack->policy)
@@ -2201,9 +2204,7 @@ netlink_ack_tlv_fill(struct sk_buff *in_skb, struct sk_buff *skb,
if (extack->miss_type)
WARN_ON(nla_put_u32(skb, NLMSGERR_ATTR_MISS_TYPE,
extack->miss_type));
- if (extack->miss_nest &&
- !WARN_ON((u8 *)extack->miss_nest < in_skb->data ||
- (u8 *)extack->miss_nest > in_skb->data + in_skb->len))
+ if (extack->miss_nest && nlmsg_check_in_payload(nlh, extack->miss_nest))
WARN_ON(nla_put_u32(skb, NLMSGERR_ATTR_MISS_NEST,
(u8 *)extack->miss_nest - (const u8 *)nlh));
}
@@ -2232,7 +2233,7 @@ static int netlink_dump_done(struct netlink_sock *nlk, struct sk_buff *skb,
if (extack_len) {
nlh->nlmsg_flags |= NLM_F_ACK_TLVS;
if (skb_tailroom(skb) >= extack_len) {
- netlink_ack_tlv_fill(cb->skb, skb, cb->nlh,
+ netlink_ack_tlv_fill(skb, cb->nlh,
nlk->dump_done_errno, extack);
nlmsg_end(skb, nlh);
}
@@ -2491,7 +2492,7 @@ void netlink_ack(struct sk_buff *in_skb, struct nlmsghdr *nlh, int err,
}
if (tlvlen)
- netlink_ack_tlv_fill(in_skb, skb, nlh, err, extack);
+ netlink_ack_tlv_fill(skb, nlh, err, extack);
nlmsg_end(skb, rep);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 572/817] exfat: fix file being changed by unaligned direct write
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (570 preceding siblings ...)
2024-12-03 14:42 ` [PATCH 6.11 571/817] netlink: fix false positive warning in extack during dumps Greg Kroah-Hartman
@ 2024-12-03 14:42 ` Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 573/817] s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct() Greg Kroah-Hartman
` (254 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:42 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Yuezhang Mo, Namjae Jeon,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yuezhang Mo <Yuezhang.Mo@sony.com>
[ Upstream commit 2e94e5bb94a3e641a25716a560bf474225fda83c ]
Unaligned direct writes are invalid and should return an error
without making any changes, rather than extending ->valid_size
and then returning an error. Therefore, alignment checking is
required before extending ->valid_size.
Fixes: 11a347fb6cef ("exfat: change to get file size from DataLength")
Signed-off-by: Yuezhang Mo <Yuezhang.Mo@sony.com>
Co-developed-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/exfat/file.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/fs/exfat/file.c b/fs/exfat/file.c
index 64c31867bc761..525c3ad411ea3 100644
--- a/fs/exfat/file.c
+++ b/fs/exfat/file.c
@@ -578,6 +578,16 @@ static ssize_t exfat_file_write_iter(struct kiocb *iocb, struct iov_iter *iter)
if (ret < 0)
goto unlock;
+ if (iocb->ki_flags & IOCB_DIRECT) {
+ unsigned long align = pos | iov_iter_alignment(iter);
+
+ if (!IS_ALIGNED(align, i_blocksize(inode)) &&
+ !IS_ALIGNED(align, bdev_logical_block_size(inode->i_sb->s_bdev))) {
+ ret = -EINVAL;
+ goto unlock;
+ }
+ }
+
if (pos > valid_size) {
ret = exfat_file_zeroed_range(file, valid_size, pos);
if (ret < 0 && ret != -ENOSPC) {
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 573/817] s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (571 preceding siblings ...)
2024-12-03 14:42 ` [PATCH 6.11 572/817] exfat: fix file being changed by unaligned direct write Greg Kroah-Hartman
@ 2024-12-03 14:42 ` Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 574/817] net/ipv6: delete temporary address if mngtmpaddr is removed or unmanaged Greg Kroah-Hartman
` (253 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Alexandra Winter, Thorsten Winkler,
Sidraya Jayagond, David Wei, Paolo Abeni, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sidraya Jayagond <sidraya@linux.ibm.com>
[ Upstream commit ebaf81317e42aa990ad20b113cfe3a7b20d4e937 ]
Passing MSG_PEEK flag to skb_recv_datagram() increments skb refcount
(skb->users) and iucv_sock_recvmsg() does not decrement skb refcount
at exit.
This results in skb memory leak in skb_queue_purge() and WARN_ON in
iucv_sock_destruct() during socket close. To fix this decrease
skb refcount by one if MSG_PEEK is set in order to prevent memory
leak and WARN_ON.
WARNING: CPU: 2 PID: 6292 at net/iucv/af_iucv.c:286 iucv_sock_destruct+0x144/0x1a0 [af_iucv]
CPU: 2 PID: 6292 Comm: afiucv_test_msg Kdump: loaded Tainted: G W 6.10.0-rc7 #1
Hardware name: IBM 3931 A01 704 (z/VM 7.3.0)
Call Trace:
[<001587c682c4aa98>] iucv_sock_destruct+0x148/0x1a0 [af_iucv]
[<001587c682c4a9d0>] iucv_sock_destruct+0x80/0x1a0 [af_iucv]
[<001587c704117a32>] __sk_destruct+0x52/0x550
[<001587c704104a54>] __sock_release+0xa4/0x230
[<001587c704104c0c>] sock_close+0x2c/0x40
[<001587c702c5f5a8>] __fput+0x2e8/0x970
[<001587c7024148c4>] task_work_run+0x1c4/0x2c0
[<001587c7023b0716>] do_exit+0x996/0x1050
[<001587c7023b13aa>] do_group_exit+0x13a/0x360
[<001587c7023b1626>] __s390x_sys_exit_group+0x56/0x60
[<001587c7022bccca>] do_syscall+0x27a/0x380
[<001587c7049a6a0c>] __do_syscall+0x9c/0x160
[<001587c7049ce8a8>] system_call+0x70/0x98
Last Breaking-Event-Address:
[<001587c682c4a9d4>] iucv_sock_destruct+0x84/0x1a0 [af_iucv]
Fixes: eac3731bd04c ("[S390]: Add AF_IUCV socket support")
Reviewed-by: Alexandra Winter <wintera@linux.ibm.com>
Reviewed-by: Thorsten Winkler <twinkler@linux.ibm.com>
Signed-off-by: Sidraya Jayagond <sidraya@linux.ibm.com>
Signed-off-by: Alexandra Winter <wintera@linux.ibm.com>
Reviewed-by: David Wei <dw@davidwei.uk>
Link: https://patch.msgid.link/20241119152219.3712168-1-wintera@linux.ibm.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/iucv/af_iucv.c | 26 +++++++++++++++++---------
1 file changed, 17 insertions(+), 9 deletions(-)
diff --git a/net/iucv/af_iucv.c b/net/iucv/af_iucv.c
index c00323fa9eb66..7929df08d4e02 100644
--- a/net/iucv/af_iucv.c
+++ b/net/iucv/af_iucv.c
@@ -1236,7 +1236,9 @@ static int iucv_sock_recvmsg(struct socket *sock, struct msghdr *msg,
return -EOPNOTSUPP;
/* receive/dequeue next skb:
- * the function understands MSG_PEEK and, thus, does not dequeue skb */
+ * the function understands MSG_PEEK and, thus, does not dequeue skb
+ * only refcount is increased.
+ */
skb = skb_recv_datagram(sk, flags, &err);
if (!skb) {
if (sk->sk_shutdown & RCV_SHUTDOWN)
@@ -1252,9 +1254,8 @@ static int iucv_sock_recvmsg(struct socket *sock, struct msghdr *msg,
cskb = skb;
if (skb_copy_datagram_msg(cskb, offset, msg, copied)) {
- if (!(flags & MSG_PEEK))
- skb_queue_head(&sk->sk_receive_queue, skb);
- return -EFAULT;
+ err = -EFAULT;
+ goto err_out;
}
/* SOCK_SEQPACKET: set MSG_TRUNC if recv buf size is too small */
@@ -1271,11 +1272,8 @@ static int iucv_sock_recvmsg(struct socket *sock, struct msghdr *msg,
err = put_cmsg(msg, SOL_IUCV, SCM_IUCV_TRGCLS,
sizeof(IUCV_SKB_CB(skb)->class),
(void *)&IUCV_SKB_CB(skb)->class);
- if (err) {
- if (!(flags & MSG_PEEK))
- skb_queue_head(&sk->sk_receive_queue, skb);
- return err;
- }
+ if (err)
+ goto err_out;
/* Mark read part of skb as used */
if (!(flags & MSG_PEEK)) {
@@ -1331,8 +1329,18 @@ static int iucv_sock_recvmsg(struct socket *sock, struct msghdr *msg,
/* SOCK_SEQPACKET: return real length if MSG_TRUNC is set */
if (sk->sk_type == SOCK_SEQPACKET && (flags & MSG_TRUNC))
copied = rlen;
+ if (flags & MSG_PEEK)
+ skb_unref(skb);
return copied;
+
+err_out:
+ if (!(flags & MSG_PEEK))
+ skb_queue_head(&sk->sk_receive_queue, skb);
+ else
+ skb_unref(skb);
+
+ return err;
}
static inline __poll_t iucv_accept_poll(struct sock *parent)
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 574/817] net/ipv6: delete temporary address if mngtmpaddr is removed or unmanaged
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (572 preceding siblings ...)
2024-12-03 14:42 ` [PATCH 6.11 573/817] s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct() Greg Kroah-Hartman
@ 2024-12-03 14:42 ` Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 575/817] net: mdio-ipq4019: add missing error check Greg Kroah-Hartman
` (252 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Hangbin Liu, David Ahern,
Paolo Abeni, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hangbin Liu <liuhangbin@gmail.com>
[ Upstream commit 00b5b7aab9e422d00d5a9d03d7e0760a76b5d57f ]
RFC8981 section 3.4 says that existing temporary addresses must have their
lifetimes adjusted so that no temporary addresses should ever remain "valid"
or "preferred" longer than the incoming SLAAC Prefix Information. This would
strongly imply in Linux's case that if the "mngtmpaddr" address is deleted or
un-flagged as such, its corresponding temporary addresses must be cleared out
right away.
But now the temporary address is renewed even after ‘mngtmpaddr’ is removed
or becomes unmanaged as manage_tempaddrs() set temporary addresses
prefered/valid time to 0, and later in addrconf_verify_rtnl() all checkings
failed to remove the addresses. Fix this by deleting the temporary address
directly for these situations.
Fixes: 778964f2fdf0 ("ipv6/addrconf: fix timing bug in tempaddr regen")
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv6/addrconf.c | 41 +++++++++++++++++++++++++++++------------
1 file changed, 29 insertions(+), 12 deletions(-)
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index f70d8757af1a4..acf190723b1ea 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -2570,6 +2570,24 @@ static struct inet6_dev *addrconf_add_dev(struct net_device *dev)
return idev;
}
+static void delete_tempaddrs(struct inet6_dev *idev,
+ struct inet6_ifaddr *ifp)
+{
+ struct inet6_ifaddr *ift, *tmp;
+
+ write_lock_bh(&idev->lock);
+ list_for_each_entry_safe(ift, tmp, &idev->tempaddr_list, tmp_list) {
+ if (ift->ifpub != ifp)
+ continue;
+
+ in6_ifa_hold(ift);
+ write_unlock_bh(&idev->lock);
+ ipv6_del_addr(ift);
+ write_lock_bh(&idev->lock);
+ }
+ write_unlock_bh(&idev->lock);
+}
+
static void manage_tempaddrs(struct inet6_dev *idev,
struct inet6_ifaddr *ifp,
__u32 valid_lft, __u32 prefered_lft,
@@ -3122,11 +3140,12 @@ static int inet6_addr_del(struct net *net, int ifindex, u32 ifa_flags,
in6_ifa_hold(ifp);
read_unlock_bh(&idev->lock);
- if (!(ifp->flags & IFA_F_TEMPORARY) &&
- (ifa_flags & IFA_F_MANAGETEMPADDR))
- manage_tempaddrs(idev, ifp, 0, 0, false,
- jiffies);
ipv6_del_addr(ifp);
+
+ if (!(ifp->flags & IFA_F_TEMPORARY) &&
+ (ifp->flags & IFA_F_MANAGETEMPADDR))
+ delete_tempaddrs(idev, ifp);
+
addrconf_verify_rtnl(net);
if (ipv6_addr_is_multicast(pfx)) {
ipv6_mc_config(net->ipv6.mc_autojoin_sk,
@@ -4950,14 +4969,12 @@ static int inet6_addr_modify(struct net *net, struct inet6_ifaddr *ifp,
}
if (was_managetempaddr || ifp->flags & IFA_F_MANAGETEMPADDR) {
- if (was_managetempaddr &&
- !(ifp->flags & IFA_F_MANAGETEMPADDR)) {
- cfg->valid_lft = 0;
- cfg->preferred_lft = 0;
- }
- manage_tempaddrs(ifp->idev, ifp, cfg->valid_lft,
- cfg->preferred_lft, !was_managetempaddr,
- jiffies);
+ if (was_managetempaddr && !(ifp->flags & IFA_F_MANAGETEMPADDR))
+ delete_tempaddrs(ifp->idev, ifp);
+ else
+ manage_tempaddrs(ifp->idev, ifp, cfg->valid_lft,
+ cfg->preferred_lft, !was_managetempaddr,
+ jiffies);
}
addrconf_verify_rtnl(net);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 575/817] net: mdio-ipq4019: add missing error check
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (573 preceding siblings ...)
2024-12-03 14:42 ` [PATCH 6.11 574/817] net/ipv6: delete temporary address if mngtmpaddr is removed or unmanaged Greg Kroah-Hartman
@ 2024-12-03 14:42 ` Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 576/817] marvell: pxa168_eth: fix call balance of pep->clk handling routines Greg Kroah-Hartman
` (251 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Rosen Penev, Andrew Lunn,
Paolo Abeni, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Rosen Penev <rosenp@gmail.com>
[ Upstream commit 9cc8d0ecdd2aad42e377e971e3bb114339df609e ]
If an optional resource is found but fails to remap, return on failure.
Avoids any potential problems when using the iomapped resource as the
assumption is that it's available.
Fixes: 23a890d493e3 ("net: mdio: Add the reset function for IPQ MDIO driver")
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Link: https://patch.msgid.link/20241121193152.8966-1-rosenp@gmail.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/mdio/mdio-ipq4019.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/net/mdio/mdio-ipq4019.c b/drivers/net/mdio/mdio-ipq4019.c
index 9d8f43b28aac5..ea1f64596a85c 100644
--- a/drivers/net/mdio/mdio-ipq4019.c
+++ b/drivers/net/mdio/mdio-ipq4019.c
@@ -352,8 +352,11 @@ static int ipq4019_mdio_probe(struct platform_device *pdev)
/* The platform resource is provided on the chipset IPQ5018 */
/* This resource is optional */
res = platform_get_resource(pdev, IORESOURCE_MEM, 1);
- if (res)
+ if (res) {
priv->eth_ldo_rdy = devm_ioremap_resource(&pdev->dev, res);
+ if (IS_ERR(priv->eth_ldo_rdy))
+ return PTR_ERR(priv->eth_ldo_rdy);
+ }
bus->name = "ipq4019_mdio";
bus->read = ipq4019_mdio_read_c22;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 576/817] marvell: pxa168_eth: fix call balance of pep->clk handling routines
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (574 preceding siblings ...)
2024-12-03 14:42 ` [PATCH 6.11 575/817] net: mdio-ipq4019: add missing error check Greg Kroah-Hartman
@ 2024-12-03 14:42 ` Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 577/817] net: stmmac: dwmac-socfpga: Set RX watchdog interrupt as broken Greg Kroah-Hartman
` (250 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Vitalii Mordan, Paolo Abeni,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Vitalii Mordan <mordan@ispras.ru>
[ Upstream commit b032ae57d4fe2b2445e3bc190db6fcaa8c102f68 ]
If the clock pep->clk was not enabled in pxa168_eth_probe,
it should not be disabled in any path.
Conversely, if it was enabled in pxa168_eth_probe, it must be disabled
in all error paths to ensure proper cleanup.
Use the devm_clk_get_enabled helper function to ensure proper call balance
for pep->clk.
Found by Linux Verification Center (linuxtesting.org) with Klever.
Fixes: a49f37eed22b ("net: add Fast Ethernet driver for PXA168.")
Signed-off-by: Vitalii Mordan <mordan@ispras.ru>
Link: https://patch.msgid.link/20241121200658.2203871-1-mordan@ispras.ru
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/marvell/pxa168_eth.c | 14 ++++----------
1 file changed, 4 insertions(+), 10 deletions(-)
diff --git a/drivers/net/ethernet/marvell/pxa168_eth.c b/drivers/net/ethernet/marvell/pxa168_eth.c
index 1a59c952aa01c..45f115e41857b 100644
--- a/drivers/net/ethernet/marvell/pxa168_eth.c
+++ b/drivers/net/ethernet/marvell/pxa168_eth.c
@@ -1394,18 +1394,15 @@ static int pxa168_eth_probe(struct platform_device *pdev)
printk(KERN_NOTICE "PXA168 10/100 Ethernet Driver\n");
- clk = devm_clk_get(&pdev->dev, NULL);
+ clk = devm_clk_get_enabled(&pdev->dev, NULL);
if (IS_ERR(clk)) {
- dev_err(&pdev->dev, "Fast Ethernet failed to get clock\n");
+ dev_err(&pdev->dev, "Fast Ethernet failed to get and enable clock\n");
return -ENODEV;
}
- clk_prepare_enable(clk);
dev = alloc_etherdev(sizeof(struct pxa168_eth_private));
- if (!dev) {
- err = -ENOMEM;
- goto err_clk;
- }
+ if (!dev)
+ return -ENOMEM;
platform_set_drvdata(pdev, dev);
pep = netdev_priv(dev);
@@ -1523,8 +1520,6 @@ static int pxa168_eth_probe(struct platform_device *pdev)
mdiobus_free(pep->smi_bus);
err_netdev:
free_netdev(dev);
-err_clk:
- clk_disable_unprepare(clk);
return err;
}
@@ -1542,7 +1537,6 @@ static void pxa168_eth_remove(struct platform_device *pdev)
if (dev->phydev)
phy_disconnect(dev->phydev);
- clk_disable_unprepare(pep->clk);
mdiobus_unregister(pep->smi_bus);
mdiobus_free(pep->smi_bus);
unregister_netdev(dev);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 577/817] net: stmmac: dwmac-socfpga: Set RX watchdog interrupt as broken
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (575 preceding siblings ...)
2024-12-03 14:42 ` [PATCH 6.11 576/817] marvell: pxa168_eth: fix call balance of pep->clk handling routines Greg Kroah-Hartman
@ 2024-12-03 14:42 ` Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 578/817] octeontx2-af: RPM: Fix mismatch in lmac type Greg Kroah-Hartman
` (249 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Maxime Chevallier, Paolo Abeni,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Maxime Chevallier <maxime.chevallier@bootlin.com>
[ Upstream commit 407618d66dba55e7db1278872e8be106808bbe91 ]
On DWMAC3 and later, there's a RX Watchdog interrupt that's used for
interrupt coalescing. It's known to be buggy on some platforms, and
dwmac-socfpga appears to be one of them. Changing the interrupt
coalescing from ethtool doesn't appear to have any effect here.
Without disabling RIWT (Received Interrupt Watchdog Timer, I
believe...), we observe latencies while receiving traffic that amount to
around ~0.4ms. This was discovered with NTP but can be easily reproduced
with a simple ping. Without this patch :
64 bytes from 192.168.5.2: icmp_seq=1 ttl=64 time=0.657 ms
With this patch :
64 bytes from 192.168.5.2: icmp_seq=1 ttl=64 time=0.254 ms
Fixes: 801d233b7302 ("net: stmmac: Add SOCFPGA glue driver")
Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
Link: https://patch.msgid.link/20241122141256.764578-1-maxime.chevallier@bootlin.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/stmicro/stmmac/dwmac-socfpga.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/net/ethernet/stmicro/stmmac/dwmac-socfpga.c b/drivers/net/ethernet/stmicro/stmmac/dwmac-socfpga.c
index fdb4c773ec98a..e897b49aa9e05 100644
--- a/drivers/net/ethernet/stmicro/stmmac/dwmac-socfpga.c
+++ b/drivers/net/ethernet/stmicro/stmmac/dwmac-socfpga.c
@@ -486,6 +486,8 @@ static int socfpga_dwmac_probe(struct platform_device *pdev)
plat_dat->pcs_exit = socfpga_dwmac_pcs_exit;
plat_dat->select_pcs = socfpga_dwmac_select_pcs;
+ plat_dat->riwt_off = 1;
+
ret = stmmac_dvr_probe(&pdev->dev, plat_dat, &stmmac_res);
if (ret)
return ret;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 578/817] octeontx2-af: RPM: Fix mismatch in lmac type
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (576 preceding siblings ...)
2024-12-03 14:42 ` [PATCH 6.11 577/817] net: stmmac: dwmac-socfpga: Set RX watchdog interrupt as broken Greg Kroah-Hartman
@ 2024-12-03 14:42 ` Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 579/817] octeontx2-af: RPM: Fix low network performance Greg Kroah-Hartman
` (248 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Hariprasad Kelam, Paolo Abeni,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hariprasad Kelam <hkelam@marvell.com>
[ Upstream commit 7ebbbb23ea5b6d051509cb11399afac5042c9266 ]
Due to a bug in the previous patch, there is a mismatch
between the lmac type reported by the driver and the actual
hardware configuration.
Fixes: 3ad3f8f93c81 ("octeontx2-af: cn10k: MAC internal loopback support")
Signed-off-by: Hariprasad Kelam <hkelam@marvell.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/marvell/octeontx2/af/rpm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/marvell/octeontx2/af/rpm.c b/drivers/net/ethernet/marvell/octeontx2/af/rpm.c
index 1b34cf9c97035..9e8c5e4389f8b 100644
--- a/drivers/net/ethernet/marvell/octeontx2/af/rpm.c
+++ b/drivers/net/ethernet/marvell/octeontx2/af/rpm.c
@@ -467,7 +467,7 @@ u8 rpm_get_lmac_type(void *rpmd, int lmac_id)
int err;
req = FIELD_SET(CMDREG_ID, CGX_CMD_GET_LINK_STS, req);
- err = cgx_fwi_cmd_generic(req, &resp, rpm, 0);
+ err = cgx_fwi_cmd_generic(req, &resp, rpm, lmac_id);
if (!err)
return FIELD_GET(RESP_LINKSTAT_LMAC_TYPE, resp);
return err;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 579/817] octeontx2-af: RPM: Fix low network performance
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (577 preceding siblings ...)
2024-12-03 14:42 ` [PATCH 6.11 578/817] octeontx2-af: RPM: Fix mismatch in lmac type Greg Kroah-Hartman
@ 2024-12-03 14:42 ` Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 580/817] octeontx2-af: RPM: fix stale RSFEC counters Greg Kroah-Hartman
` (247 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Hariprasad Kelam, Paolo Abeni,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hariprasad Kelam <hkelam@marvell.com>
[ Upstream commit d1e8884e050c1255a9ceb477f5ff926ee9214a23 ]
Low network performance is observed even on RPMs with larger
FIFO lengths.
The cn10kb silicon has three RPM blocks with the following
FIFO sizes:
--------------------
| RPM0 | 256KB |
| RPM1 | 256KB |
| RPM2 | 128KB |
--------------------
The current design stores the FIFO length in a common structure for all
RPMs (mac_ops). As a result, the FIFO length of the last RPM is applied
to all RPMs, leading to reduced network performance.
This patch resolved the problem by storing the fifo length in per MAC
structure (cgx).
Fixes: b9d0fedc6234 ("octeontx2-af: cn10kb: Add RPM_USX MAC support")
Signed-off-by: Hariprasad Kelam <hkelam@marvell.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 9 +++++++--
drivers/net/ethernet/marvell/octeontx2/af/cgx.h | 1 +
drivers/net/ethernet/marvell/octeontx2/af/lmac_common.h | 5 ++++-
drivers/net/ethernet/marvell/octeontx2/af/rpm.c | 6 +++---
drivers/net/ethernet/marvell/octeontx2/af/rvu_cgx.c | 9 ++++-----
5 files changed, 19 insertions(+), 11 deletions(-)
diff --git a/drivers/net/ethernet/marvell/octeontx2/af/cgx.c b/drivers/net/ethernet/marvell/octeontx2/af/cgx.c
index 27935c54b91bc..2f621714c54e6 100644
--- a/drivers/net/ethernet/marvell/octeontx2/af/cgx.c
+++ b/drivers/net/ethernet/marvell/octeontx2/af/cgx.c
@@ -112,6 +112,11 @@ struct mac_ops *get_mac_ops(void *cgxd)
return ((struct cgx *)cgxd)->mac_ops;
}
+u32 cgx_get_fifo_len(void *cgxd)
+{
+ return ((struct cgx *)cgxd)->fifo_len;
+}
+
void cgx_write(struct cgx *cgx, u64 lmac, u64 offset, u64 val)
{
writeq(val, cgx->reg_base + (lmac << cgx->mac_ops->lmac_offset) +
@@ -501,7 +506,7 @@ static u32 cgx_get_lmac_fifo_len(void *cgxd, int lmac_id)
u8 num_lmacs;
u32 fifo_len;
- fifo_len = cgx->mac_ops->fifo_len;
+ fifo_len = cgx->fifo_len;
num_lmacs = cgx->mac_ops->get_nr_lmacs(cgx);
switch (num_lmacs) {
@@ -1764,7 +1769,7 @@ static void cgx_populate_features(struct cgx *cgx)
u64 cfg;
cfg = cgx_read(cgx, 0, CGX_CONST);
- cgx->mac_ops->fifo_len = FIELD_GET(CGX_CONST_RXFIFO_SIZE, cfg);
+ cgx->fifo_len = FIELD_GET(CGX_CONST_RXFIFO_SIZE, cfg);
cgx->max_lmac_per_mac = FIELD_GET(CGX_CONST_MAX_LMACS, cfg);
if (is_dev_rpm(cgx))
diff --git a/drivers/net/ethernet/marvell/octeontx2/af/cgx.h b/drivers/net/ethernet/marvell/octeontx2/af/cgx.h
index dc9ace30554af..f9cd4b58f0c02 100644
--- a/drivers/net/ethernet/marvell/octeontx2/af/cgx.h
+++ b/drivers/net/ethernet/marvell/octeontx2/af/cgx.h
@@ -185,4 +185,5 @@ int cgx_lmac_get_pfc_frm_cfg(void *cgxd, int lmac_id, u8 *tx_pause,
int verify_lmac_fc_cfg(void *cgxd, int lmac_id, u8 tx_pause, u8 rx_pause,
int pfvf_idx);
int cgx_lmac_reset(void *cgxd, int lmac_id, u8 pf_req_flr);
+u32 cgx_get_fifo_len(void *cgxd);
#endif /* CGX_H */
diff --git a/drivers/net/ethernet/marvell/octeontx2/af/lmac_common.h b/drivers/net/ethernet/marvell/octeontx2/af/lmac_common.h
index 9ffc6790c5130..c43ff68ef1408 100644
--- a/drivers/net/ethernet/marvell/octeontx2/af/lmac_common.h
+++ b/drivers/net/ethernet/marvell/octeontx2/af/lmac_common.h
@@ -72,7 +72,6 @@ struct mac_ops {
u8 irq_offset;
u8 int_ena_bit;
u8 lmac_fwi;
- u32 fifo_len;
bool non_contiguous_serdes_lane;
/* RPM & CGX differs in number of Receive/transmit stats */
u8 rx_stats_cnt;
@@ -142,6 +141,10 @@ struct cgx {
u8 lmac_count;
/* number of LMACs per MAC could be 4 or 8 */
u8 max_lmac_per_mac;
+ /* length of fifo varies depending on the number
+ * of LMACS
+ */
+ u32 fifo_len;
#define MAX_LMAC_COUNT 8
struct lmac *lmac_idmap[MAX_LMAC_COUNT];
struct work_struct cgx_cmd_work;
diff --git a/drivers/net/ethernet/marvell/octeontx2/af/rpm.c b/drivers/net/ethernet/marvell/octeontx2/af/rpm.c
index 9e8c5e4389f8b..22dd50a3fcd3a 100644
--- a/drivers/net/ethernet/marvell/octeontx2/af/rpm.c
+++ b/drivers/net/ethernet/marvell/octeontx2/af/rpm.c
@@ -480,7 +480,7 @@ u32 rpm_get_lmac_fifo_len(void *rpmd, int lmac_id)
u8 num_lmacs;
u32 fifo_len;
- fifo_len = rpm->mac_ops->fifo_len;
+ fifo_len = rpm->fifo_len;
num_lmacs = rpm->mac_ops->get_nr_lmacs(rpm);
switch (num_lmacs) {
@@ -533,9 +533,9 @@ u32 rpm2_get_lmac_fifo_len(void *rpmd, int lmac_id)
*/
max_lmac = (rpm_read(rpm, 0, CGX_CONST) >> 24) & 0xFF;
if (max_lmac > 4)
- fifo_len = rpm->mac_ops->fifo_len / 2;
+ fifo_len = rpm->fifo_len / 2;
else
- fifo_len = rpm->mac_ops->fifo_len;
+ fifo_len = rpm->fifo_len;
if (lmac_id < 4) {
num_lmacs = hweight8(lmac_info & 0xF);
diff --git a/drivers/net/ethernet/marvell/octeontx2/af/rvu_cgx.c b/drivers/net/ethernet/marvell/octeontx2/af/rvu_cgx.c
index 266ecbc1b97a6..4dcd7bfcad4e4 100644
--- a/drivers/net/ethernet/marvell/octeontx2/af/rvu_cgx.c
+++ b/drivers/net/ethernet/marvell/octeontx2/af/rvu_cgx.c
@@ -923,13 +923,12 @@ int rvu_mbox_handler_cgx_features_get(struct rvu *rvu,
u32 rvu_cgx_get_fifolen(struct rvu *rvu)
{
- struct mac_ops *mac_ops;
- u32 fifo_len;
+ void *cgxd = rvu_first_cgx_pdata(rvu);
- mac_ops = get_mac_ops(rvu_first_cgx_pdata(rvu));
- fifo_len = mac_ops ? mac_ops->fifo_len : 0;
+ if (!cgxd)
+ return 0;
- return fifo_len;
+ return cgx_get_fifo_len(cgxd);
}
u32 rvu_cgx_get_lmac_fifolen(struct rvu *rvu, int cgx, int lmac)
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 580/817] octeontx2-af: RPM: fix stale RSFEC counters
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (578 preceding siblings ...)
2024-12-03 14:42 ` [PATCH 6.11 579/817] octeontx2-af: RPM: Fix low network performance Greg Kroah-Hartman
@ 2024-12-03 14:42 ` Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 581/817] octeontx2-af: RPM: fix stale FCFEC counters Greg Kroah-Hartman
` (246 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Hariprasad Kelam, Paolo Abeni,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hariprasad Kelam <hkelam@marvell.com>
[ Upstream commit 07cd1eb166a3fa7244afa74d48bd13c9df7c559d ]
The earlier patch sets the 'Stats control register' for RPM
receive/transmit statistics instead of RSFEC statistics,
causing the driver to return stale FEC counters.
Fixes: 84ad3642115d ("octeontx2-af: Add FEC stats for RPM/RPM_USX block")
Signed-off-by: Hariprasad Kelam <hkelam@marvell.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/marvell/octeontx2/af/rpm.c | 13 +++++++++----
drivers/net/ethernet/marvell/octeontx2/af/rpm.h | 4 +++-
2 files changed, 12 insertions(+), 5 deletions(-)
diff --git a/drivers/net/ethernet/marvell/octeontx2/af/rpm.c b/drivers/net/ethernet/marvell/octeontx2/af/rpm.c
index 22dd50a3fcd3a..70629f94c27ef 100644
--- a/drivers/net/ethernet/marvell/octeontx2/af/rpm.c
+++ b/drivers/net/ethernet/marvell/octeontx2/af/rpm.c
@@ -699,6 +699,10 @@ int rpm_get_fec_stats(void *rpmd, int lmac_id, struct cgx_fec_stats_rsp *rsp)
if (rpm->lmac_idmap[lmac_id]->link_info.fec == OTX2_FEC_NONE)
return 0;
+ /* latched registers FCFECX_CW_HI/RSFEC_STAT_FAST_DATA_HI_CDC are common
+ * for all counters. Acquire lock to ensure serialized reads
+ */
+ mutex_lock(&rpm->lock);
if (rpm->lmac_idmap[lmac_id]->link_info.fec == OTX2_FEC_BASER) {
val_lo = rpm_read(rpm, lmac_id, RPMX_MTI_FCFECX_VL0_CCW_LO);
val_hi = rpm_read(rpm, lmac_id, RPMX_MTI_FCFECX_CW_HI);
@@ -725,20 +729,21 @@ int rpm_get_fec_stats(void *rpmd, int lmac_id, struct cgx_fec_stats_rsp *rsp)
}
} else {
/* enable RS-FEC capture */
- cfg = rpm_read(rpm, 0, RPMX_MTI_STAT_STATN_CONTROL);
+ cfg = rpm_read(rpm, 0, RPMX_MTI_RSFEC_STAT_STATN_CONTROL);
cfg |= RPMX_RSFEC_RX_CAPTURE | BIT(lmac_id);
- rpm_write(rpm, 0, RPMX_MTI_STAT_STATN_CONTROL, cfg);
+ rpm_write(rpm, 0, RPMX_MTI_RSFEC_STAT_STATN_CONTROL, cfg);
val_lo = rpm_read(rpm, 0,
RPMX_MTI_RSFEC_STAT_COUNTER_CAPTURE_2);
- val_hi = rpm_read(rpm, 0, RPMX_MTI_STAT_DATA_HI_CDC);
+ val_hi = rpm_read(rpm, 0, RPMX_MTI_RSFEC_STAT_FAST_DATA_HI_CDC);
rsp->fec_corr_blks = (val_hi << 32 | val_lo);
val_lo = rpm_read(rpm, 0,
RPMX_MTI_RSFEC_STAT_COUNTER_CAPTURE_3);
- val_hi = rpm_read(rpm, 0, RPMX_MTI_STAT_DATA_HI_CDC);
+ val_hi = rpm_read(rpm, 0, RPMX_MTI_RSFEC_STAT_FAST_DATA_HI_CDC);
rsp->fec_uncorr_blks = (val_hi << 32 | val_lo);
}
+ mutex_unlock(&rpm->lock);
return 0;
}
diff --git a/drivers/net/ethernet/marvell/octeontx2/af/rpm.h b/drivers/net/ethernet/marvell/octeontx2/af/rpm.h
index 34b11deb0f3c1..a5773fbacaff8 100644
--- a/drivers/net/ethernet/marvell/octeontx2/af/rpm.h
+++ b/drivers/net/ethernet/marvell/octeontx2/af/rpm.h
@@ -84,9 +84,11 @@
/* FEC stats */
#define RPMX_MTI_STAT_STATN_CONTROL 0x10018
#define RPMX_MTI_STAT_DATA_HI_CDC 0x10038
-#define RPMX_RSFEC_RX_CAPTURE BIT_ULL(27)
+#define RPMX_RSFEC_RX_CAPTURE BIT_ULL(28)
#define RPMX_CMD_CLEAR_RX BIT_ULL(30)
#define RPMX_CMD_CLEAR_TX BIT_ULL(31)
+#define RPMX_MTI_RSFEC_STAT_STATN_CONTROL 0x40018
+#define RPMX_MTI_RSFEC_STAT_FAST_DATA_HI_CDC 0x40000
#define RPMX_MTI_RSFEC_STAT_COUNTER_CAPTURE_2 0x40050
#define RPMX_MTI_RSFEC_STAT_COUNTER_CAPTURE_3 0x40058
#define RPMX_MTI_FCFECX_VL0_CCW_LO 0x38618
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 581/817] octeontx2-af: RPM: fix stale FCFEC counters
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (579 preceding siblings ...)
2024-12-03 14:42 ` [PATCH 6.11 580/817] octeontx2-af: RPM: fix stale RSFEC counters Greg Kroah-Hartman
@ 2024-12-03 14:42 ` Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 582/817] octeontx2-af: Quiesce traffic before NIX block reset Greg Kroah-Hartman
` (245 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Hariprasad Kelam, Paolo Abeni,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hariprasad Kelam <hkelam@marvell.com>
[ Upstream commit 6fc2164108462b913a1290fa2c44054c70b060ef ]
The corrected words register(FCFECX_VL0_CCW_LO)/Uncorrected words
register (FCFECX_VL0_NCCW_LO) of FCFEC counter has different LMAC
offset which needs to be accessed differently.
Fixes: 84ad3642115d ("octeontx2-af: Add FEC stats for RPM/RPM_USX block")
Signed-off-by: Hariprasad Kelam <hkelam@marvell.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../net/ethernet/marvell/octeontx2/af/rpm.c | 24 +++++++++----------
.../net/ethernet/marvell/octeontx2/af/rpm.h | 10 ++++----
2 files changed, 17 insertions(+), 17 deletions(-)
diff --git a/drivers/net/ethernet/marvell/octeontx2/af/rpm.c b/drivers/net/ethernet/marvell/octeontx2/af/rpm.c
index 70629f94c27ef..e97fcc51d7f24 100644
--- a/drivers/net/ethernet/marvell/octeontx2/af/rpm.c
+++ b/drivers/net/ethernet/marvell/octeontx2/af/rpm.c
@@ -704,27 +704,27 @@ int rpm_get_fec_stats(void *rpmd, int lmac_id, struct cgx_fec_stats_rsp *rsp)
*/
mutex_lock(&rpm->lock);
if (rpm->lmac_idmap[lmac_id]->link_info.fec == OTX2_FEC_BASER) {
- val_lo = rpm_read(rpm, lmac_id, RPMX_MTI_FCFECX_VL0_CCW_LO);
- val_hi = rpm_read(rpm, lmac_id, RPMX_MTI_FCFECX_CW_HI);
+ val_lo = rpm_read(rpm, 0, RPMX_MTI_FCFECX_VL0_CCW_LO(lmac_id));
+ val_hi = rpm_read(rpm, 0, RPMX_MTI_FCFECX_CW_HI(lmac_id));
rsp->fec_corr_blks = (val_hi << 16 | val_lo);
- val_lo = rpm_read(rpm, lmac_id, RPMX_MTI_FCFECX_VL0_NCCW_LO);
- val_hi = rpm_read(rpm, lmac_id, RPMX_MTI_FCFECX_CW_HI);
+ val_lo = rpm_read(rpm, 0, RPMX_MTI_FCFECX_VL0_NCCW_LO(lmac_id));
+ val_hi = rpm_read(rpm, 0, RPMX_MTI_FCFECX_CW_HI(lmac_id));
rsp->fec_uncorr_blks = (val_hi << 16 | val_lo);
/* 50G uses 2 Physical serdes lines */
if (rpm->lmac_idmap[lmac_id]->link_info.lmac_type_id ==
LMAC_MODE_50G_R) {
- val_lo = rpm_read(rpm, lmac_id,
- RPMX_MTI_FCFECX_VL1_CCW_LO);
- val_hi = rpm_read(rpm, lmac_id,
- RPMX_MTI_FCFECX_CW_HI);
+ val_lo = rpm_read(rpm, 0,
+ RPMX_MTI_FCFECX_VL1_CCW_LO(lmac_id));
+ val_hi = rpm_read(rpm, 0,
+ RPMX_MTI_FCFECX_CW_HI(lmac_id));
rsp->fec_corr_blks += (val_hi << 16 | val_lo);
- val_lo = rpm_read(rpm, lmac_id,
- RPMX_MTI_FCFECX_VL1_NCCW_LO);
- val_hi = rpm_read(rpm, lmac_id,
- RPMX_MTI_FCFECX_CW_HI);
+ val_lo = rpm_read(rpm, 0,
+ RPMX_MTI_FCFECX_VL1_NCCW_LO(lmac_id));
+ val_hi = rpm_read(rpm, 0,
+ RPMX_MTI_FCFECX_CW_HI(lmac_id));
rsp->fec_uncorr_blks += (val_hi << 16 | val_lo);
}
} else {
diff --git a/drivers/net/ethernet/marvell/octeontx2/af/rpm.h b/drivers/net/ethernet/marvell/octeontx2/af/rpm.h
index a5773fbacaff8..5194fec4c3b8e 100644
--- a/drivers/net/ethernet/marvell/octeontx2/af/rpm.h
+++ b/drivers/net/ethernet/marvell/octeontx2/af/rpm.h
@@ -91,11 +91,11 @@
#define RPMX_MTI_RSFEC_STAT_FAST_DATA_HI_CDC 0x40000
#define RPMX_MTI_RSFEC_STAT_COUNTER_CAPTURE_2 0x40050
#define RPMX_MTI_RSFEC_STAT_COUNTER_CAPTURE_3 0x40058
-#define RPMX_MTI_FCFECX_VL0_CCW_LO 0x38618
-#define RPMX_MTI_FCFECX_VL0_NCCW_LO 0x38620
-#define RPMX_MTI_FCFECX_VL1_CCW_LO 0x38628
-#define RPMX_MTI_FCFECX_VL1_NCCW_LO 0x38630
-#define RPMX_MTI_FCFECX_CW_HI 0x38638
+#define RPMX_MTI_FCFECX_VL0_CCW_LO(a) (0x38618 + ((a) * 0x40))
+#define RPMX_MTI_FCFECX_VL0_NCCW_LO(a) (0x38620 + ((a) * 0x40))
+#define RPMX_MTI_FCFECX_VL1_CCW_LO(a) (0x38628 + ((a) * 0x40))
+#define RPMX_MTI_FCFECX_VL1_NCCW_LO(a) (0x38630 + ((a) * 0x40))
+#define RPMX_MTI_FCFECX_CW_HI(a) (0x38638 + ((a) * 0x40))
/* CN10KB CSR Declaration */
#define RPM2_CMRX_SW_INT 0x1b0
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 582/817] octeontx2-af: Quiesce traffic before NIX block reset
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (580 preceding siblings ...)
2024-12-03 14:42 ` [PATCH 6.11 581/817] octeontx2-af: RPM: fix stale FCFEC counters Greg Kroah-Hartman
@ 2024-12-03 14:42 ` Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 583/817] spi: atmel-quadspi: Fix register name in verbose logging function Greg Kroah-Hartman
` (244 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Hariprasad Kelam, Paolo Abeni,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hariprasad Kelam <hkelam@marvell.com>
[ Upstream commit 762ca6eed026346d9d41ed5ac633083c4f1e5071 ]
During initialization, the AF driver resets all blocks. The RPM (MAC)
block and NIX block operate on a credit-based model. When the NIX block
resets during active traffic flow, it doesn't release credits to the RPM
block. This causes the RPM FIFO to overflow, leading to receive traffic
struck.
To address this issue, the patch introduces the following changes:
1. Stop receiving traffic at the MAC level during AF driver
initialization.
2. Perform an X2P reset (prevents RXFIFO of all LMACS from pushing data)
3. Reset the NIX block.
4. Clear the X2P reset and re-enable receiving traffic.
Fixes: 54d557815e15 ("octeontx2-af: Reset all RVU blocks")
Signed-off-by: Hariprasad Kelam <hkelam@marvell.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../net/ethernet/marvell/octeontx2/af/cgx.c | 61 +++++++++++++++++++
.../net/ethernet/marvell/octeontx2/af/cgx.h | 4 ++
.../marvell/octeontx2/af/lmac_common.h | 2 +
.../net/ethernet/marvell/octeontx2/af/rpm.c | 42 +++++++++++++
.../net/ethernet/marvell/octeontx2/af/rpm.h | 4 ++
.../net/ethernet/marvell/octeontx2/af/rvu.c | 1 +
.../net/ethernet/marvell/octeontx2/af/rvu.h | 1 +
.../ethernet/marvell/octeontx2/af/rvu_cgx.c | 36 +++++++++--
8 files changed, 145 insertions(+), 6 deletions(-)
diff --git a/drivers/net/ethernet/marvell/octeontx2/af/cgx.c b/drivers/net/ethernet/marvell/octeontx2/af/cgx.c
index 2f621714c54e6..8216f843a7cd5 100644
--- a/drivers/net/ethernet/marvell/octeontx2/af/cgx.c
+++ b/drivers/net/ethernet/marvell/octeontx2/af/cgx.c
@@ -214,6 +214,24 @@ u8 cgx_lmac_get_p2x(int cgx_id, int lmac_id)
return (cfg & CMR_P2X_SEL_MASK) >> CMR_P2X_SEL_SHIFT;
}
+static u8 cgx_get_nix_resetbit(struct cgx *cgx)
+{
+ int first_lmac;
+ u8 p2x;
+
+ /* non 98XX silicons supports only NIX0 block */
+ if (cgx->pdev->subsystem_device != PCI_SUBSYS_DEVID_98XX)
+ return CGX_NIX0_RESET;
+
+ first_lmac = find_first_bit(&cgx->lmac_bmap, cgx->max_lmac_per_mac);
+ p2x = cgx_lmac_get_p2x(cgx->cgx_id, first_lmac);
+
+ if (p2x == CMR_P2X_SEL_NIX1)
+ return CGX_NIX1_RESET;
+ else
+ return CGX_NIX0_RESET;
+}
+
/* Ensure the required lock for event queue(where asynchronous events are
* posted) is acquired before calling this API. Else an asynchronous event(with
* latest link status) can reach the destination before this function returns
@@ -1724,6 +1742,8 @@ static int cgx_lmac_init(struct cgx *cgx)
lmac->lmac_type = cgx->mac_ops->get_lmac_type(cgx, lmac->lmac_id);
}
+ /* Start X2P reset on given MAC block */
+ cgx->mac_ops->mac_x2p_reset(cgx, true);
return cgx_lmac_verify_fwi_version(cgx);
err_bitmap_free:
@@ -1789,6 +1809,45 @@ static u8 cgx_get_rxid_mapoffset(struct cgx *cgx)
return 0x60;
}
+static void cgx_x2p_reset(void *cgxd, bool enable)
+{
+ struct cgx *cgx = cgxd;
+ int lmac_id;
+ u64 cfg;
+
+ if (enable) {
+ for_each_set_bit(lmac_id, &cgx->lmac_bmap, cgx->max_lmac_per_mac)
+ cgx->mac_ops->mac_enadis_rx(cgx, lmac_id, false);
+
+ usleep_range(1000, 2000);
+
+ cfg = cgx_read(cgx, 0, CGXX_CMR_GLOBAL_CONFIG);
+ cfg |= cgx_get_nix_resetbit(cgx) | CGX_NSCI_DROP;
+ cgx_write(cgx, 0, CGXX_CMR_GLOBAL_CONFIG, cfg);
+ } else {
+ cfg = cgx_read(cgx, 0, CGXX_CMR_GLOBAL_CONFIG);
+ cfg &= ~(cgx_get_nix_resetbit(cgx) | CGX_NSCI_DROP);
+ cgx_write(cgx, 0, CGXX_CMR_GLOBAL_CONFIG, cfg);
+ }
+}
+
+static int cgx_enadis_rx(void *cgxd, int lmac_id, bool enable)
+{
+ struct cgx *cgx = cgxd;
+ u64 cfg;
+
+ if (!is_lmac_valid(cgx, lmac_id))
+ return -ENODEV;
+
+ cfg = cgx_read(cgx, lmac_id, CGXX_CMRX_CFG);
+ if (enable)
+ cfg |= DATA_PKT_RX_EN;
+ else
+ cfg &= ~DATA_PKT_RX_EN;
+ cgx_write(cgx, lmac_id, CGXX_CMRX_CFG, cfg);
+ return 0;
+}
+
static struct mac_ops cgx_mac_ops = {
.name = "cgx",
.csr_offset = 0,
@@ -1820,6 +1879,8 @@ static struct mac_ops cgx_mac_ops = {
.mac_get_pfc_frm_cfg = cgx_lmac_get_pfc_frm_cfg,
.mac_reset = cgx_lmac_reset,
.mac_stats_reset = cgx_stats_reset,
+ .mac_x2p_reset = cgx_x2p_reset,
+ .mac_enadis_rx = cgx_enadis_rx,
};
static int cgx_probe(struct pci_dev *pdev, const struct pci_device_id *id)
diff --git a/drivers/net/ethernet/marvell/octeontx2/af/cgx.h b/drivers/net/ethernet/marvell/octeontx2/af/cgx.h
index f9cd4b58f0c02..1cf12e5c7da87 100644
--- a/drivers/net/ethernet/marvell/octeontx2/af/cgx.h
+++ b/drivers/net/ethernet/marvell/octeontx2/af/cgx.h
@@ -32,6 +32,10 @@
#define CGX_LMAC_TYPE_MASK 0xF
#define CGXX_CMRX_INT 0x040
#define FW_CGX_INT BIT_ULL(1)
+#define CGXX_CMR_GLOBAL_CONFIG 0x08
+#define CGX_NIX0_RESET BIT_ULL(2)
+#define CGX_NIX1_RESET BIT_ULL(3)
+#define CGX_NSCI_DROP BIT_ULL(9)
#define CGXX_CMRX_INT_ENA_W1S 0x058
#define CGXX_CMRX_RX_ID_MAP 0x060
#define CGXX_CMRX_RX_STAT0 0x070
diff --git a/drivers/net/ethernet/marvell/octeontx2/af/lmac_common.h b/drivers/net/ethernet/marvell/octeontx2/af/lmac_common.h
index c43ff68ef1408..6180e68e1765a 100644
--- a/drivers/net/ethernet/marvell/octeontx2/af/lmac_common.h
+++ b/drivers/net/ethernet/marvell/octeontx2/af/lmac_common.h
@@ -132,6 +132,8 @@ struct mac_ops {
int (*get_fec_stats)(void *cgxd, int lmac_id,
struct cgx_fec_stats_rsp *rsp);
int (*mac_stats_reset)(void *cgxd, int lmac_id);
+ void (*mac_x2p_reset)(void *cgxd, bool enable);
+ int (*mac_enadis_rx)(void *cgxd, int lmac_id, bool enable);
};
struct cgx {
diff --git a/drivers/net/ethernet/marvell/octeontx2/af/rpm.c b/drivers/net/ethernet/marvell/octeontx2/af/rpm.c
index e97fcc51d7f24..2e9945446199e 100644
--- a/drivers/net/ethernet/marvell/octeontx2/af/rpm.c
+++ b/drivers/net/ethernet/marvell/octeontx2/af/rpm.c
@@ -39,6 +39,8 @@ static struct mac_ops rpm_mac_ops = {
.mac_get_pfc_frm_cfg = rpm_lmac_get_pfc_frm_cfg,
.mac_reset = rpm_lmac_reset,
.mac_stats_reset = rpm_stats_reset,
+ .mac_x2p_reset = rpm_x2p_reset,
+ .mac_enadis_rx = rpm_enadis_rx,
};
static struct mac_ops rpm2_mac_ops = {
@@ -72,6 +74,8 @@ static struct mac_ops rpm2_mac_ops = {
.mac_get_pfc_frm_cfg = rpm_lmac_get_pfc_frm_cfg,
.mac_reset = rpm_lmac_reset,
.mac_stats_reset = rpm_stats_reset,
+ .mac_x2p_reset = rpm_x2p_reset,
+ .mac_enadis_rx = rpm_enadis_rx,
};
bool is_dev_rpm2(void *rpmd)
@@ -768,3 +772,41 @@ int rpm_lmac_reset(void *rpmd, int lmac_id, u8 pf_req_flr)
return 0;
}
+
+void rpm_x2p_reset(void *rpmd, bool enable)
+{
+ rpm_t *rpm = rpmd;
+ int lmac_id;
+ u64 cfg;
+
+ if (enable) {
+ for_each_set_bit(lmac_id, &rpm->lmac_bmap, rpm->max_lmac_per_mac)
+ rpm->mac_ops->mac_enadis_rx(rpm, lmac_id, false);
+
+ usleep_range(1000, 2000);
+
+ cfg = rpm_read(rpm, 0, RPMX_CMR_GLOBAL_CFG);
+ rpm_write(rpm, 0, RPMX_CMR_GLOBAL_CFG, cfg | RPM_NIX0_RESET);
+ } else {
+ cfg = rpm_read(rpm, 0, RPMX_CMR_GLOBAL_CFG);
+ cfg &= ~RPM_NIX0_RESET;
+ rpm_write(rpm, 0, RPMX_CMR_GLOBAL_CFG, cfg);
+ }
+}
+
+int rpm_enadis_rx(void *rpmd, int lmac_id, bool enable)
+{
+ rpm_t *rpm = rpmd;
+ u64 cfg;
+
+ if (!is_lmac_valid(rpm, lmac_id))
+ return -ENODEV;
+
+ cfg = rpm_read(rpm, lmac_id, RPMX_MTI_MAC100X_COMMAND_CONFIG);
+ if (enable)
+ cfg |= RPM_RX_EN;
+ else
+ cfg &= ~RPM_RX_EN;
+ rpm_write(rpm, lmac_id, RPMX_MTI_MAC100X_COMMAND_CONFIG, cfg);
+ return 0;
+}
diff --git a/drivers/net/ethernet/marvell/octeontx2/af/rpm.h b/drivers/net/ethernet/marvell/octeontx2/af/rpm.h
index 5194fec4c3b8e..b8d3972e096ae 100644
--- a/drivers/net/ethernet/marvell/octeontx2/af/rpm.h
+++ b/drivers/net/ethernet/marvell/octeontx2/af/rpm.h
@@ -17,6 +17,8 @@
/* Registers */
#define RPMX_CMRX_CFG 0x00
+#define RPMX_CMR_GLOBAL_CFG 0x08
+#define RPM_NIX0_RESET BIT_ULL(3)
#define RPMX_RX_TS_PREPEND BIT_ULL(22)
#define RPMX_TX_PTP_1S_SUPPORT BIT_ULL(17)
#define RPMX_CMRX_RX_ID_MAP 0x80
@@ -139,4 +141,6 @@ bool is_dev_rpm2(void *rpmd);
int rpm_get_fec_stats(void *cgxd, int lmac_id, struct cgx_fec_stats_rsp *rsp);
int rpm_lmac_reset(void *rpmd, int lmac_id, u8 pf_req_flr);
int rpm_stats_reset(void *rpmd, int lmac_id);
+void rpm_x2p_reset(void *rpmd, bool enable);
+int rpm_enadis_rx(void *rpmd, int lmac_id, bool enable);
#endif /* RPM_H */
diff --git a/drivers/net/ethernet/marvell/octeontx2/af/rvu.c b/drivers/net/ethernet/marvell/octeontx2/af/rvu.c
index ac7ee3f3598c9..02ebfe71b6910 100644
--- a/drivers/net/ethernet/marvell/octeontx2/af/rvu.c
+++ b/drivers/net/ethernet/marvell/octeontx2/af/rvu.c
@@ -1162,6 +1162,7 @@ static int rvu_setup_hw_resources(struct rvu *rvu)
}
rvu_program_channels(rvu);
+ cgx_start_linkup(rvu);
err = rvu_mcs_init(rvu);
if (err) {
diff --git a/drivers/net/ethernet/marvell/octeontx2/af/rvu.h b/drivers/net/ethernet/marvell/octeontx2/af/rvu.h
index db2db0738ee42..9ada11f114b1e 100644
--- a/drivers/net/ethernet/marvell/octeontx2/af/rvu.h
+++ b/drivers/net/ethernet/marvell/octeontx2/af/rvu.h
@@ -967,6 +967,7 @@ int rvu_cgx_prio_flow_ctrl_cfg(struct rvu *rvu, u16 pcifunc, u8 tx_pause, u8 rx_
int rvu_cgx_cfg_pause_frm(struct rvu *rvu, u16 pcifunc, u8 tx_pause, u8 rx_pause);
void rvu_mac_reset(struct rvu *rvu, u16 pcifunc);
u32 rvu_cgx_get_lmac_fifolen(struct rvu *rvu, int cgx, int lmac);
+void cgx_start_linkup(struct rvu *rvu);
int npc_get_nixlf_mcam_index(struct npc_mcam *mcam, u16 pcifunc, int nixlf,
int type);
bool is_mcam_entry_enabled(struct rvu *rvu, struct npc_mcam *mcam, int blkaddr,
diff --git a/drivers/net/ethernet/marvell/octeontx2/af/rvu_cgx.c b/drivers/net/ethernet/marvell/octeontx2/af/rvu_cgx.c
index 4dcd7bfcad4e4..992fa0b82e8d2 100644
--- a/drivers/net/ethernet/marvell/octeontx2/af/rvu_cgx.c
+++ b/drivers/net/ethernet/marvell/octeontx2/af/rvu_cgx.c
@@ -349,6 +349,7 @@ static void rvu_cgx_wq_destroy(struct rvu *rvu)
int rvu_cgx_init(struct rvu *rvu)
{
+ struct mac_ops *mac_ops;
int cgx, err;
void *cgxd;
@@ -375,6 +376,15 @@ int rvu_cgx_init(struct rvu *rvu)
if (err)
return err;
+ /* Clear X2P reset on all MAC blocks */
+ for (cgx = 0; cgx < rvu->cgx_cnt_max; cgx++) {
+ cgxd = rvu_cgx_pdata(cgx, rvu);
+ if (!cgxd)
+ continue;
+ mac_ops = get_mac_ops(cgxd);
+ mac_ops->mac_x2p_reset(cgxd, false);
+ }
+
/* Register for CGX events */
err = cgx_lmac_event_handler_init(rvu);
if (err)
@@ -382,10 +392,26 @@ int rvu_cgx_init(struct rvu *rvu)
mutex_init(&rvu->cgx_cfg_lock);
- /* Ensure event handler registration is completed, before
- * we turn on the links
- */
- mb();
+ return 0;
+}
+
+void cgx_start_linkup(struct rvu *rvu)
+{
+ unsigned long lmac_bmap;
+ struct mac_ops *mac_ops;
+ int cgx, lmac, err;
+ void *cgxd;
+
+ /* Enable receive on all LMACS */
+ for (cgx = 0; cgx <= rvu->cgx_cnt_max; cgx++) {
+ cgxd = rvu_cgx_pdata(cgx, rvu);
+ if (!cgxd)
+ continue;
+ mac_ops = get_mac_ops(cgxd);
+ lmac_bmap = cgx_get_lmac_bmap(cgxd);
+ for_each_set_bit(lmac, &lmac_bmap, rvu->hw->lmac_per_cgx)
+ mac_ops->mac_enadis_rx(cgxd, lmac, true);
+ }
/* Do link up for all CGX ports */
for (cgx = 0; cgx <= rvu->cgx_cnt_max; cgx++) {
@@ -398,8 +424,6 @@ int rvu_cgx_init(struct rvu *rvu)
"Link up process failed to start on cgx %d\n",
cgx);
}
-
- return 0;
}
int rvu_cgx_exit(struct rvu *rvu)
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 583/817] spi: atmel-quadspi: Fix register name in verbose logging function
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (581 preceding siblings ...)
2024-12-03 14:42 ` [PATCH 6.11 582/817] octeontx2-af: Quiesce traffic before NIX block reset Greg Kroah-Hartman
@ 2024-12-03 14:42 ` Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 584/817] net: hsr: fix hsr_init_sk() vs network/transport headers Greg Kroah-Hartman
` (243 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, =20Bence?=, Alexander Dahl,
Mark Brown, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Csókás, Bence <csokas.bence@prolan.hu>
[ Upstream commit 2ac40e6d0ccdd93031f8b1af61b0fe5cdd704923 ]
`atmel_qspi_reg_name()` is used for pretty-printing register offsets
for verbose logging of register accesses. However, due to a typo
(likely a copy-paste error), QSPI_RD's offset prints as "MR", the
name of the previous register. Fix this typo.
Fixes: c528ecfbef04 ("spi: atmel-quadspi: Add verbose debug facilities to monitor register accesses")
Signed-off-by: Csókás, Bence <csokas.bence@prolan.hu>
Reviewed-by: Alexander Dahl <ada@thorsis.com>
Link: https://patch.msgid.link/20241122141302.2599636-1-csokas.bence@prolan.hu
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/atmel-quadspi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/spi/atmel-quadspi.c b/drivers/spi/atmel-quadspi.c
index 9ea91432c11d8..e583146bf8504 100644
--- a/drivers/spi/atmel-quadspi.c
+++ b/drivers/spi/atmel-quadspi.c
@@ -183,7 +183,7 @@ static const char *atmel_qspi_reg_name(u32 offset, char *tmp, size_t sz)
case QSPI_MR:
return "MR";
case QSPI_RD:
- return "MR";
+ return "RD";
case QSPI_TD:
return "TD";
case QSPI_SR:
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 584/817] net: hsr: fix hsr_init_sk() vs network/transport headers.
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (582 preceding siblings ...)
2024-12-03 14:42 ` [PATCH 6.11 583/817] spi: atmel-quadspi: Fix register name in verbose logging function Greg Kroah-Hartman
@ 2024-12-03 14:42 ` Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 585/817] bnxt_en: Reserve rings after PCIe AER recovery if NIC interface is down Greg Kroah-Hartman
` (242 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Eric Dumazet, George McCollister,
Paolo Abeni, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 9cfb5e7f0ded2bfaabc270ceb5f91d13f0e805b9 ]
Following sequence in hsr_init_sk() is invalid :
skb_reset_mac_header(skb);
skb_reset_mac_len(skb);
skb_reset_network_header(skb);
skb_reset_transport_header(skb);
It is invalid because skb_reset_mac_len() needs the correct
network header, which should be after the mac header.
This patch moves the skb_reset_network_header()
and skb_reset_transport_header() before
the call to dev_hard_header().
As a result skb->mac_len is no longer set to a value
close to 65535.
Fixes: 48b491a5cc74 ("net: hsr: fix mac_len checks")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: George McCollister <george.mccollister@gmail.com>
Link: https://patch.msgid.link/20241122171343.897551-1-edumazet@google.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/hsr/hsr_device.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/hsr/hsr_device.c b/net/hsr/hsr_device.c
index 049e22bdaafb7..1f40259597bc0 100644
--- a/net/hsr/hsr_device.c
+++ b/net/hsr/hsr_device.c
@@ -266,6 +266,8 @@ static struct sk_buff *hsr_init_skb(struct hsr_port *master)
skb->dev = master->dev;
skb->priority = TC_PRIO_CONTROL;
+ skb_reset_network_header(skb);
+ skb_reset_transport_header(skb);
if (dev_hard_header(skb, skb->dev, ETH_P_PRP,
hsr->sup_multicast_addr,
skb->dev->dev_addr, skb->len) <= 0)
@@ -273,8 +275,6 @@ static struct sk_buff *hsr_init_skb(struct hsr_port *master)
skb_reset_mac_header(skb);
skb_reset_mac_len(skb);
- skb_reset_network_header(skb);
- skb_reset_transport_header(skb);
return skb;
out:
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 585/817] bnxt_en: Reserve rings after PCIe AER recovery if NIC interface is down
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (583 preceding siblings ...)
2024-12-03 14:42 ` [PATCH 6.11 584/817] net: hsr: fix hsr_init_sk() vs network/transport headers Greg Kroah-Hartman
@ 2024-12-03 14:42 ` Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 586/817] bnxt_en: Set backplane link modes correctly for ethtool Greg Kroah-Hartman
` (241 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Somnath Kotur, Pavan Chebbi,
Kashyap Desai, Saravanan Vajravel, Michael Chan, Paolo Abeni,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Saravanan Vajravel <saravanan.vajravel@broadcom.com>
[ Upstream commit 5311598f7f3293683cdc761df71ae3469327332c ]
After successful PCIe AER recovery, FW will reset all resource
reservations. If it is IF_UP, the driver will call bnxt_open() and
all resources will be reserved again. It it is IF_DOWN, we should
call bnxt_reserve_rings() so that we can reserve resources including
RoCE resources to allow RoCE to resume after AER. Without this
patch, RoCE fails to resume in this IF_DOWN scenario.
Later, if it becomes IF_UP, bnxt_open() will see that resources have
been reserved and will not reserve again.
Fixes: fb1e6e562b37 ("bnxt_en: Fix AER recovery.")
Reviewed-by: Somnath Kotur <somnath.kotur@broadcom.com>
Reviewed-by: Pavan Chebbi <pavan.chebbi@broadcom.com>
Reviewed-by: Kashyap Desai <kashyap.desai@broadcom.com>
Signed-off-by: Saravanan Vajravel <saravanan.vajravel@broadcom.com>
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.c b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
index 103e6aa604c33..4facf0368564b 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
@@ -16171,8 +16171,12 @@ static void bnxt_io_resume(struct pci_dev *pdev)
rtnl_lock();
err = bnxt_hwrm_func_qcaps(bp);
- if (!err && netif_running(netdev))
- err = bnxt_open(netdev);
+ if (!err) {
+ if (netif_running(netdev))
+ err = bnxt_open(netdev);
+ else
+ err = bnxt_reserve_rings(bp, true);
+ }
if (!err)
netif_device_attach(netdev);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 586/817] bnxt_en: Set backplane link modes correctly for ethtool
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (584 preceding siblings ...)
2024-12-03 14:42 ` [PATCH 6.11 585/817] bnxt_en: Reserve rings after PCIe AER recovery if NIC interface is down Greg Kroah-Hartman
@ 2024-12-03 14:42 ` Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 587/817] bnxt_en: Fix receive ring space parameters when XDP is active Greg Kroah-Hartman
` (240 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Somnath Kotur, Shravya KN,
Michael Chan, Paolo Abeni, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Shravya KN <shravya.k-n@broadcom.com>
[ Upstream commit 5007991670941c132fb3bc0484c009cf4bcea30f ]
Use the return value from bnxt_get_media() to determine the port and
link modes. bnxt_get_media() returns the proper BNXT_MEDIA_KR when
the PHY is backplane. This will correct the ethtool settings for
backplane devices.
Fixes: 5d4e1bf60664 ("bnxt_en: extend media types to supported and autoneg modes")
Reviewed-by: Somnath Kotur <somnath.kotur@broadcom.com>
Signed-off-by: Shravya KN <shravya.k-n@broadcom.com>
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c
index ac06f4a4cf97c..0f9441de2f2d7 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c
@@ -2837,19 +2837,24 @@ static int bnxt_get_link_ksettings(struct net_device *dev,
}
base->port = PORT_NONE;
- if (link_info->media_type == PORT_PHY_QCFG_RESP_MEDIA_TYPE_TP) {
+ if (media == BNXT_MEDIA_TP) {
base->port = PORT_TP;
linkmode_set_bit(ETHTOOL_LINK_MODE_TP_BIT,
lk_ksettings->link_modes.supported);
linkmode_set_bit(ETHTOOL_LINK_MODE_TP_BIT,
lk_ksettings->link_modes.advertising);
+ } else if (media == BNXT_MEDIA_KR) {
+ linkmode_set_bit(ETHTOOL_LINK_MODE_Backplane_BIT,
+ lk_ksettings->link_modes.supported);
+ linkmode_set_bit(ETHTOOL_LINK_MODE_Backplane_BIT,
+ lk_ksettings->link_modes.advertising);
} else {
linkmode_set_bit(ETHTOOL_LINK_MODE_FIBRE_BIT,
lk_ksettings->link_modes.supported);
linkmode_set_bit(ETHTOOL_LINK_MODE_FIBRE_BIT,
lk_ksettings->link_modes.advertising);
- if (link_info->media_type == PORT_PHY_QCFG_RESP_MEDIA_TYPE_DAC)
+ if (media == BNXT_MEDIA_CR)
base->port = PORT_DA;
else
base->port = PORT_FIBRE;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 587/817] bnxt_en: Fix receive ring space parameters when XDP is active
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (585 preceding siblings ...)
2024-12-03 14:42 ` [PATCH 6.11 586/817] bnxt_en: Set backplane link modes correctly for ethtool Greg Kroah-Hartman
@ 2024-12-03 14:42 ` Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 588/817] bnxt_en: Refactor bnxt_ptp_init() Greg Kroah-Hartman
` (239 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Somnath Kotur, Shravya KN,
Michael Chan, Paolo Abeni, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Shravya KN <shravya.k-n@broadcom.com>
[ Upstream commit 3051a77a09dfe3022aa012071346937fdf059033 ]
The MTU setting at the time an XDP multi-buffer is attached
determines whether the aggregation ring will be used and the
rx_skb_func handler. This is done in bnxt_set_rx_skb_mode().
If the MTU is later changed, the aggregation ring setting may need
to be changed and it may become out-of-sync with the settings
initially done in bnxt_set_rx_skb_mode(). This may result in
random memory corruption and crashes as the HW may DMA data larger
than the allocated buffer size, such as:
BUG: kernel NULL pointer dereference, address: 00000000000003c0
PGD 0 P4D 0
Oops: 0000 [#1] PREEMPT SMP NOPTI
CPU: 17 PID: 0 Comm: swapper/17 Kdump: loaded Tainted: G S OE 6.1.0-226bf9805506 #1
Hardware name: Wiwynn Delta Lake PVT BZA.02601.0150/Delta Lake-Class1, BIOS F0E_3A12 08/26/2021
RIP: 0010:bnxt_rx_pkt+0xe97/0x1ae0 [bnxt_en]
Code: 8b 95 70 ff ff ff 4c 8b 9d 48 ff ff ff 66 41 89 87 b4 00 00 00 e9 0b f7 ff ff 0f b7 43 0a 49 8b 95 a8 04 00 00 25 ff 0f 00 00 <0f> b7 14 42 48 c1 e2 06 49 03 95 a0 04 00 00 0f b6 42 33f
RSP: 0018:ffffa19f40cc0d18 EFLAGS: 00010202
RAX: 00000000000001e0 RBX: ffff8e2c805c6100 RCX: 00000000000007ff
RDX: 0000000000000000 RSI: ffff8e2c271ab990 RDI: ffff8e2c84f12380
RBP: ffffa19f40cc0e48 R08: 000000000001000d R09: 974ea2fcddfa4cbf
R10: 0000000000000000 R11: ffffa19f40cc0ff8 R12: ffff8e2c94b58980
R13: ffff8e2c952d6600 R14: 0000000000000016 R15: ffff8e2c271ab990
FS: 0000000000000000(0000) GS:ffff8e3b3f840000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000000003c0 CR3: 0000000e8580a004 CR4: 00000000007706e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
PKRU: 55555554
Call Trace:
<IRQ>
__bnxt_poll_work+0x1c2/0x3e0 [bnxt_en]
To address the issue, we now call bnxt_set_rx_skb_mode() within
bnxt_change_mtu() to properly set the AGG rings configuration and
update rx_skb_func based on the new MTU value.
Additionally, BNXT_FLAG_NO_AGG_RINGS is cleared at the beginning of
bnxt_set_rx_skb_mode() to make sure it gets set or cleared based on
the current MTU.
Fixes: 08450ea98ae9 ("bnxt_en: Fix max_mtu setting for multi-buf XDP")
Co-developed-by: Somnath Kotur <somnath.kotur@broadcom.com>
Signed-off-by: Somnath Kotur <somnath.kotur@broadcom.com>
Signed-off-by: Shravya KN <shravya.k-n@broadcom.com>
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.c b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
index 4facf0368564b..bc0592ae6c4ba 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
@@ -4589,7 +4589,7 @@ int bnxt_set_rx_skb_mode(struct bnxt *bp, bool page_mode)
struct net_device *dev = bp->dev;
if (page_mode) {
- bp->flags &= ~BNXT_FLAG_AGG_RINGS;
+ bp->flags &= ~(BNXT_FLAG_AGG_RINGS | BNXT_FLAG_NO_AGG_RINGS);
bp->flags |= BNXT_FLAG_RX_PAGE_MODE;
if (bp->xdp_prog->aux->xdp_has_frags)
@@ -14454,6 +14454,14 @@ static int bnxt_change_mtu(struct net_device *dev, int new_mtu)
bnxt_close_nic(bp, true, false);
WRITE_ONCE(dev->mtu, new_mtu);
+
+ /* MTU change may change the AGG ring settings if an XDP multi-buffer
+ * program is attached. We need to set the AGG rings settings and
+ * rx_skb_func accordingly.
+ */
+ if (READ_ONCE(bp->xdp_prog))
+ bnxt_set_rx_skb_mode(bp, true);
+
bnxt_set_ring_params(bp);
if (netif_running(dev))
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 588/817] bnxt_en: Refactor bnxt_ptp_init()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (586 preceding siblings ...)
2024-12-03 14:42 ` [PATCH 6.11 587/817] bnxt_en: Fix receive ring space parameters when XDP is active Greg Kroah-Hartman
@ 2024-12-03 14:42 ` Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 589/817] bnxt_en: Unregister PTP during PCI shutdown and suspend Greg Kroah-Hartman
` (238 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Somnath Kotur, Pavan Chebbi,
Kalesh AP, Michael Chan, Paolo Abeni, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michael Chan <michael.chan@broadcom.com>
[ Upstream commit 1e9614cd956268e10a669c0593e7e54d03d0c087 ]
Instead of passing the 2nd parameter phc_cfg to bnxt_ptp_init().
Store it in bp->ptp_cfg so that the caller doesn't need to know what
the value should be.
In the next patch, we'll need to call bnxt_ptp_init() in bnxt_resume()
and this will make it easier.
Reviewed-by: Somnath Kotur <somnath.kotur@broadcom.com>
Reviewed-by: Pavan Chebbi <pavan.chebbi@broadcom.com>
Reviewed-by: Kalesh AP <kalesh-anakkur.purayil@broadcom.com>
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Stable-dep-of: 3661c05c54e8 ("bnxt_en: Unregister PTP during PCI shutdown and suspend")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 6 +++---
drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.c | 4 ++--
drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.h | 3 ++-
3 files changed, 7 insertions(+), 6 deletions(-)
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.c b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
index bc0592ae6c4ba..f999c10cefac6 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
@@ -9008,7 +9008,6 @@ static int __bnxt_hwrm_ptp_qcfg(struct bnxt *bp)
struct hwrm_port_mac_ptp_qcfg_output *resp;
struct hwrm_port_mac_ptp_qcfg_input *req;
struct bnxt_ptp_cfg *ptp = bp->ptp_cfg;
- bool phc_cfg;
u8 flags;
int rc;
@@ -9055,8 +9054,9 @@ static int __bnxt_hwrm_ptp_qcfg(struct bnxt *bp)
rc = -ENODEV;
goto exit;
}
- phc_cfg = (flags & PORT_MAC_PTP_QCFG_RESP_FLAGS_RTC_CONFIGURED) != 0;
- rc = bnxt_ptp_init(bp, phc_cfg);
+ ptp->rtc_configured =
+ (flags & PORT_MAC_PTP_QCFG_RESP_FLAGS_RTC_CONFIGURED) != 0;
+ rc = bnxt_ptp_init(bp);
if (rc)
netdev_warn(bp->dev, "PTP initialization failed.\n");
exit:
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.c
index fa514be876502..781225d3ba8ff 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.c
@@ -1024,7 +1024,7 @@ static void bnxt_ptp_free(struct bnxt *bp)
}
}
-int bnxt_ptp_init(struct bnxt *bp, bool phc_cfg)
+int bnxt_ptp_init(struct bnxt *bp)
{
struct bnxt_ptp_cfg *ptp = bp->ptp_cfg;
int rc;
@@ -1047,7 +1047,7 @@ int bnxt_ptp_init(struct bnxt *bp, bool phc_cfg)
if (BNXT_PTP_USE_RTC(bp)) {
bnxt_ptp_timecounter_init(bp, false);
- rc = bnxt_ptp_init_rtc(bp, phc_cfg);
+ rc = bnxt_ptp_init_rtc(bp, ptp->rtc_configured);
if (rc)
goto out;
} else {
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.h b/drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.h
index f322466ecad35..61e89bb2d2690 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.h
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.h
@@ -133,6 +133,7 @@ struct bnxt_ptp_cfg {
BNXT_PTP_MSG_PDELAY_REQ | \
BNXT_PTP_MSG_PDELAY_RESP)
u8 tx_tstamp_en:1;
+ u8 rtc_configured:1;
int rx_filter;
u32 tstamp_filters;
@@ -180,6 +181,6 @@ void bnxt_tx_ts_cmp(struct bnxt *bp, struct bnxt_napi *bnapi,
struct tx_ts_cmp *tscmp);
void bnxt_ptp_rtc_timecounter_init(struct bnxt_ptp_cfg *ptp, u64 ns);
int bnxt_ptp_init_rtc(struct bnxt *bp, bool phc_cfg);
-int bnxt_ptp_init(struct bnxt *bp, bool phc_cfg);
+int bnxt_ptp_init(struct bnxt *bp);
void bnxt_ptp_clear(struct bnxt *bp);
#endif
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 589/817] bnxt_en: Unregister PTP during PCI shutdown and suspend
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (587 preceding siblings ...)
2024-12-03 14:42 ` [PATCH 6.11 588/817] bnxt_en: Refactor bnxt_ptp_init() Greg Kroah-Hartman
@ 2024-12-03 14:42 ` Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 590/817] Bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync Greg Kroah-Hartman
` (237 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Richard Cochran, Somnath Kotur,
Pavan Chebbi, Kalesh AP, Michael Chan, Paolo Abeni, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michael Chan <michael.chan@broadcom.com>
[ Upstream commit 3661c05c54e8db7064aa96a0774654740974dffc ]
If we go through the PCI shutdown or suspend path, we shutdown the
NIC but PTP remains registered. If the kernel continues to run for
a little bit, the periodic PTP .do_aux_work() function may be called
and it will read the PHC from the BAR register. Since the device
has already been disabled, it will cause a PCIe completion timeout.
Fix it by calling bnxt_ptp_clear() in the PCI shutdown/suspend
handlers. bnxt_ptp_clear() will unregister from PTP and
.do_aux_work() will be canceled.
In bnxt_resume(), we need to re-initialize PTP.
Fixes: a521c8a01d26 ("bnxt_en: Move bnxt_ptp_init() from bnxt_open() back to bnxt_init_one()")
Cc: Richard Cochran <richardcochran@gmail.com>
Reviewed-by: Somnath Kotur <somnath.kotur@broadcom.com>
Reviewed-by: Pavan Chebbi <pavan.chebbi@broadcom.com>
Reviewed-by: Kalesh AP <kalesh-anakkur.purayil@broadcom.com>
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.c b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
index f999c10cefac6..68e6e202d4ecd 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
@@ -15933,6 +15933,7 @@ static void bnxt_shutdown(struct pci_dev *pdev)
if (netif_running(dev))
dev_close(dev);
+ bnxt_ptp_clear(bp);
bnxt_clear_int_mode(bp);
pci_disable_device(pdev);
@@ -15960,6 +15961,7 @@ static int bnxt_suspend(struct device *device)
rc = bnxt_close(dev);
}
bnxt_hwrm_func_drv_unrgtr(bp);
+ bnxt_ptp_clear(bp);
pci_disable_device(bp->pdev);
bnxt_free_ctx_mem(bp);
rtnl_unlock();
@@ -16001,6 +16003,10 @@ static int bnxt_resume(struct device *device)
goto resume_exit;
}
+ if (bnxt_ptp_init(bp)) {
+ kfree(bp->ptp_cfg);
+ bp->ptp_cfg = NULL;
+ }
bnxt_get_wol_settings(bp);
if (netif_running(dev)) {
rc = bnxt_open(dev);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 590/817] Bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (588 preceding siblings ...)
2024-12-03 14:42 ` [PATCH 6.11 589/817] bnxt_en: Unregister PTP during PCI shutdown and suspend Greg Kroah-Hartman
@ 2024-12-03 14:42 ` Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 591/817] Bluetooth: MGMT: Fix possible deadlocks Greg Kroah-Hartman
` (236 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+03d6270b6425df1605bf,
Luiz Augusto von Dentz, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
[ Upstream commit 0b882940665ca2849386ee459d4331aa2f8c4e7d ]
This fixes the following crash:
==================================================================
BUG: KASAN: slab-use-after-free in set_powered_sync+0x3a/0xc0 net/bluetooth/mgmt.c:1353
Read of size 8 at addr ffff888029b4dd18 by task kworker/u9:0/54
CPU: 1 UID: 0 PID: 54 Comm: kworker/u9:0 Not tainted 6.11.0-rc6-syzkaller-01155-gf723224742fc #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
Workqueue: hci0 hci_cmd_sync_work
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:93 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119
print_address_description mm/kasan/report.c:377 [inline]
print_report+0x169/0x550 mm/kasan/report.c:488
q kasan_report+0x143/0x180 mm/kasan/report.c:601
set_powered_sync+0x3a/0xc0 net/bluetooth/mgmt.c:1353
hci_cmd_sync_work+0x22b/0x400 net/bluetooth/hci_sync.c:328
process_one_work kernel/workqueue.c:3231 [inline]
process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3312
worker_thread+0x86d/0xd10 kernel/workqueue.c:3389
kthread+0x2f0/0x390 kernel/kthread.c:389
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
Allocated by task 5247:
kasan_save_stack mm/kasan/common.c:47 [inline]
kasan_save_track+0x3f/0x80 mm/kasan/common.c:68
poison_kmalloc_redzone mm/kasan/common.c:370 [inline]
__kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:387
kasan_kmalloc include/linux/kasan.h:211 [inline]
__kmalloc_cache_noprof+0x19c/0x2c0 mm/slub.c:4193
kmalloc_noprof include/linux/slab.h:681 [inline]
kzalloc_noprof include/linux/slab.h:807 [inline]
mgmt_pending_new+0x65/0x250 net/bluetooth/mgmt_util.c:269
mgmt_pending_add+0x36/0x120 net/bluetooth/mgmt_util.c:296
set_powered+0x3cd/0x5e0 net/bluetooth/mgmt.c:1394
hci_mgmt_cmd+0xc47/0x11d0 net/bluetooth/hci_sock.c:1712
hci_sock_sendmsg+0x7b8/0x11c0 net/bluetooth/hci_sock.c:1832
sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg+0x221/0x270 net/socket.c:745
sock_write_iter+0x2dd/0x400 net/socket.c:1160
new_sync_write fs/read_write.c:497 [inline]
vfs_write+0xa72/0xc90 fs/read_write.c:590
ksys_write+0x1a0/0x2c0 fs/read_write.c:643
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Freed by task 5246:
kasan_save_stack mm/kasan/common.c:47 [inline]
kasan_save_track+0x3f/0x80 mm/kasan/common.c:68
kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:579
poison_slab_object+0xe0/0x150 mm/kasan/common.c:240
__kasan_slab_free+0x37/0x60 mm/kasan/common.c:256
kasan_slab_free include/linux/kasan.h:184 [inline]
slab_free_hook mm/slub.c:2256 [inline]
slab_free mm/slub.c:4477 [inline]
kfree+0x149/0x360 mm/slub.c:4598
settings_rsp+0x2bc/0x390 net/bluetooth/mgmt.c:1443
mgmt_pending_foreach+0xd1/0x130 net/bluetooth/mgmt_util.c:259
__mgmt_power_off+0x112/0x420 net/bluetooth/mgmt.c:9455
hci_dev_close_sync+0x665/0x11a0 net/bluetooth/hci_sync.c:5191
hci_dev_do_close net/bluetooth/hci_core.c:483 [inline]
hci_dev_close+0x112/0x210 net/bluetooth/hci_core.c:508
sock_do_ioctl+0x158/0x460 net/socket.c:1222
sock_ioctl+0x629/0x8e0 net/socket.c:1341
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:907 [inline]
__se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83gv
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Reported-by: syzbot+03d6270b6425df1605bf@syzkaller.appspotmail.com
Tested-by: syzbot+03d6270b6425df1605bf@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=03d6270b6425df1605bf
Fixes: 275f3f648702 ("Bluetooth: Fix not checking MGMT cmd pending queue")
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/bluetooth/mgmt.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
index 4157d9f23f46e..3cd747ca65437 100644
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -1317,7 +1317,8 @@ static void mgmt_set_powered_complete(struct hci_dev *hdev, void *data, int err)
struct mgmt_mode *cp;
/* Make sure cmd still outstanding. */
- if (cmd != pending_find(MGMT_OP_SET_POWERED, hdev))
+ if (err == -ECANCELED ||
+ cmd != pending_find(MGMT_OP_SET_POWERED, hdev))
return;
cp = cmd->param;
@@ -1350,7 +1351,13 @@ static void mgmt_set_powered_complete(struct hci_dev *hdev, void *data, int err)
static int set_powered_sync(struct hci_dev *hdev, void *data)
{
struct mgmt_pending_cmd *cmd = data;
- struct mgmt_mode *cp = cmd->param;
+ struct mgmt_mode *cp;
+
+ /* Make sure cmd still outstanding. */
+ if (cmd != pending_find(MGMT_OP_SET_POWERED, hdev))
+ return -ECANCELED;
+
+ cp = cmd->param;
BT_DBG("%s", hdev->name);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 591/817] Bluetooth: MGMT: Fix possible deadlocks
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (589 preceding siblings ...)
2024-12-03 14:42 ` [PATCH 6.11 590/817] Bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync Greg Kroah-Hartman
@ 2024-12-03 14:42 ` Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 592/817] llc: Improve setsockopt() handling of malformed user input Greg Kroah-Hartman
` (235 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Kiran K, Luiz Augusto von Dentz,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
[ Upstream commit a66dfaf18fd61bb75ef8cee83db46b2aadf153d0 ]
This fixes possible deadlocks like the following caused by
hci_cmd_sync_dequeue causing the destroy function to run:
INFO: task kworker/u19:0:143 blocked for more than 120 seconds.
Tainted: G W O 6.8.0-2024-03-19-intel-next-iLS-24ww14 #1
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u19:0 state:D stack:0 pid:143 tgid:143 ppid:2 flags:0x00004000
Workqueue: hci0 hci_cmd_sync_work [bluetooth]
Call Trace:
<TASK>
__schedule+0x374/0xaf0
schedule+0x3c/0xf0
schedule_preempt_disabled+0x1c/0x30
__mutex_lock.constprop.0+0x3ef/0x7a0
__mutex_lock_slowpath+0x13/0x20
mutex_lock+0x3c/0x50
mgmt_set_connectable_complete+0xa4/0x150 [bluetooth]
? kfree+0x211/0x2a0
hci_cmd_sync_dequeue+0xae/0x130 [bluetooth]
? __pfx_cmd_complete_rsp+0x10/0x10 [bluetooth]
cmd_complete_rsp+0x26/0x80 [bluetooth]
mgmt_pending_foreach+0x4d/0x70 [bluetooth]
__mgmt_power_off+0x8d/0x180 [bluetooth]
? _raw_spin_unlock_irq+0x23/0x40
hci_dev_close_sync+0x445/0x5b0 [bluetooth]
hci_set_powered_sync+0x149/0x250 [bluetooth]
set_powered_sync+0x24/0x60 [bluetooth]
hci_cmd_sync_work+0x90/0x150 [bluetooth]
process_one_work+0x13e/0x300
worker_thread+0x2f7/0x420
? __pfx_worker_thread+0x10/0x10
kthread+0x107/0x140
? __pfx_kthread+0x10/0x10
ret_from_fork+0x3d/0x60
? __pfx_kthread+0x10/0x10
ret_from_fork_asm+0x1b/0x30
</TASK>
Tested-by: Kiran K <kiran.k@intel.com>
Fixes: f53e1c9c726d ("Bluetooth: MGMT: Fix possible crash on mgmt_index_removed")
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/bluetooth/mgmt.c | 27 ++++++++++++++++++---------
1 file changed, 18 insertions(+), 9 deletions(-)
diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
index 3cd747ca65437..ac5684b38dbeb 100644
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -1517,7 +1517,8 @@ static void mgmt_set_discoverable_complete(struct hci_dev *hdev, void *data,
bt_dev_dbg(hdev, "err %d", err);
/* Make sure cmd still outstanding. */
- if (cmd != pending_find(MGMT_OP_SET_DISCOVERABLE, hdev))
+ if (err == -ECANCELED ||
+ cmd != pending_find(MGMT_OP_SET_DISCOVERABLE, hdev))
return;
hci_dev_lock(hdev);
@@ -1691,7 +1692,8 @@ static void mgmt_set_connectable_complete(struct hci_dev *hdev, void *data,
bt_dev_dbg(hdev, "err %d", err);
/* Make sure cmd still outstanding. */
- if (cmd != pending_find(MGMT_OP_SET_CONNECTABLE, hdev))
+ if (err == -ECANCELED ||
+ cmd != pending_find(MGMT_OP_SET_CONNECTABLE, hdev))
return;
hci_dev_lock(hdev);
@@ -1923,7 +1925,7 @@ static void set_ssp_complete(struct hci_dev *hdev, void *data, int err)
bool changed;
/* Make sure cmd still outstanding. */
- if (cmd != pending_find(MGMT_OP_SET_SSP, hdev))
+ if (err == -ECANCELED || cmd != pending_find(MGMT_OP_SET_SSP, hdev))
return;
if (err) {
@@ -3789,7 +3791,8 @@ static void set_name_complete(struct hci_dev *hdev, void *data, int err)
bt_dev_dbg(hdev, "err %d", err);
- if (cmd != pending_find(MGMT_OP_SET_LOCAL_NAME, hdev))
+ if (err == -ECANCELED ||
+ cmd != pending_find(MGMT_OP_SET_LOCAL_NAME, hdev))
return;
if (status) {
@@ -3964,7 +3967,8 @@ static void set_default_phy_complete(struct hci_dev *hdev, void *data, int err)
struct sk_buff *skb = cmd->skb;
u8 status = mgmt_status(err);
- if (cmd != pending_find(MGMT_OP_SET_PHY_CONFIGURATION, hdev))
+ if (err == -ECANCELED ||
+ cmd != pending_find(MGMT_OP_SET_PHY_CONFIGURATION, hdev))
return;
if (!status) {
@@ -5855,13 +5859,16 @@ static void start_discovery_complete(struct hci_dev *hdev, void *data, int err)
{
struct mgmt_pending_cmd *cmd = data;
+ bt_dev_dbg(hdev, "err %d", err);
+
+ if (err == -ECANCELED)
+ return;
+
if (cmd != pending_find(MGMT_OP_START_DISCOVERY, hdev) &&
cmd != pending_find(MGMT_OP_START_LIMITED_DISCOVERY, hdev) &&
cmd != pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev))
return;
- bt_dev_dbg(hdev, "err %d", err);
-
mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(err),
cmd->param, 1);
mgmt_pending_remove(cmd);
@@ -6094,7 +6101,8 @@ static void stop_discovery_complete(struct hci_dev *hdev, void *data, int err)
{
struct mgmt_pending_cmd *cmd = data;
- if (cmd != pending_find(MGMT_OP_STOP_DISCOVERY, hdev))
+ if (err == -ECANCELED ||
+ cmd != pending_find(MGMT_OP_STOP_DISCOVERY, hdev))
return;
bt_dev_dbg(hdev, "err %d", err);
@@ -8085,7 +8093,8 @@ static void read_local_oob_ext_data_complete(struct hci_dev *hdev, void *data,
u8 status = mgmt_status(err);
u16 eir_len;
- if (cmd != pending_find(MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev))
+ if (err == -ECANCELED ||
+ cmd != pending_find(MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev))
return;
if (!status) {
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 592/817] llc: Improve setsockopt() handling of malformed user input
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (590 preceding siblings ...)
2024-12-03 14:42 ` [PATCH 6.11 591/817] Bluetooth: MGMT: Fix possible deadlocks Greg Kroah-Hartman
@ 2024-12-03 14:42 ` Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 593/817] rxrpc: " Greg Kroah-Hartman
` (234 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, David Wei, Michal Luczaj,
Paolo Abeni, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michal Luczaj <mhal@rbox.co>
[ Upstream commit 1465036b10be4b8b00eb31c879e86de633ad74c1 ]
copy_from_sockptr() is used incorrectly: return value is the number of
bytes that could not be copied. Since it's deprecated, switch to
copy_safe_from_sockptr().
Note: Keeping the `optlen != sizeof(int)` check as copy_safe_from_sockptr()
by itself would also accept optlen > sizeof(int). Which would allow a more
lenient handling of inputs.
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Suggested-by: David Wei <dw@davidwei.uk>
Signed-off-by: Michal Luczaj <mhal@rbox.co>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/llc/af_llc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/llc/af_llc.c b/net/llc/af_llc.c
index 4eb52add7103b..0259cde394ba0 100644
--- a/net/llc/af_llc.c
+++ b/net/llc/af_llc.c
@@ -1098,7 +1098,7 @@ static int llc_ui_setsockopt(struct socket *sock, int level, int optname,
lock_sock(sk);
if (unlikely(level != SOL_LLC || optlen != sizeof(int)))
goto out;
- rc = copy_from_sockptr(&opt, optval, sizeof(opt));
+ rc = copy_safe_from_sockptr(&opt, sizeof(opt), optval, optlen);
if (rc)
goto out;
rc = -EINVAL;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 593/817] rxrpc: Improve setsockopt() handling of malformed user input
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (591 preceding siblings ...)
2024-12-03 14:42 ` [PATCH 6.11 592/817] llc: Improve setsockopt() handling of malformed user input Greg Kroah-Hartman
@ 2024-12-03 14:42 ` Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 594/817] tcp: Fix use-after-free of nreq in reqsk_timer_handler() Greg Kroah-Hartman
` (233 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:42 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Michal Luczaj, Paolo Abeni,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michal Luczaj <mhal@rbox.co>
[ Upstream commit 02020056647017e70509bb58c3096448117099e1 ]
copy_from_sockptr() does not return negative value on error; instead, it
reports the number of bytes that failed to copy. Since it's deprecated,
switch to copy_safe_from_sockptr().
Note: Keeping the `optlen != sizeof(unsigned int)` check as
copy_safe_from_sockptr() by itself would also accept
optlen > sizeof(unsigned int). Which would allow a more lenient handling
of inputs.
Fixes: 17926a79320a ("[AF_RXRPC]: Provide secure RxRPC sockets for use by userspace and kernel both")
Signed-off-by: Michal Luczaj <mhal@rbox.co>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/rxrpc/af_rxrpc.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/net/rxrpc/af_rxrpc.c b/net/rxrpc/af_rxrpc.c
index f4844683e1203..9d8bd0b37e41d 100644
--- a/net/rxrpc/af_rxrpc.c
+++ b/net/rxrpc/af_rxrpc.c
@@ -707,9 +707,10 @@ static int rxrpc_setsockopt(struct socket *sock, int level, int optname,
ret = -EISCONN;
if (rx->sk.sk_state != RXRPC_UNBOUND)
goto error;
- ret = copy_from_sockptr(&min_sec_level, optval,
- sizeof(unsigned int));
- if (ret < 0)
+ ret = copy_safe_from_sockptr(&min_sec_level,
+ sizeof(min_sec_level),
+ optval, optlen);
+ if (ret)
goto error;
ret = -EINVAL;
if (min_sec_level > RXRPC_SECURITY_MAX)
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 594/817] tcp: Fix use-after-free of nreq in reqsk_timer_handler().
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (592 preceding siblings ...)
2024-12-03 14:42 ` [PATCH 6.11 593/817] rxrpc: " Greg Kroah-Hartman
@ 2024-12-03 14:42 ` Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 595/817] ip6mr: fix tables suspicious RCU usage Greg Kroah-Hartman
` (232 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Liu Jian, Kuniyuki Iwashima,
Vadim Fedorenko, Eric Dumazet, Martin KaFai Lau, Paolo Abeni,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kuniyuki Iwashima <kuniyu@amazon.com>
[ Upstream commit c31e72d021db2714df03df6c42855a1db592716c ]
The cited commit replaced inet_csk_reqsk_queue_drop_and_put() with
__inet_csk_reqsk_queue_drop() and reqsk_put() in reqsk_timer_handler().
Then, oreq should be passed to reqsk_put() instead of req; otherwise
use-after-free of nreq could happen when reqsk is migrated but the
retry attempt failed (e.g. due to timeout).
Let's pass oreq to reqsk_put().
Fixes: e8c526f2bdf1 ("tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink().")
Reported-by: Liu Jian <liujian56@huawei.com>
Closes: https://lore.kernel.org/netdev/1284490f-9525-42ee-b7b8-ccadf6606f6d@huawei.com/
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Reviewed-by: Vadim Fedorenko <vadim.fedorenko@linux.dev>
Reviewed-by: Liu Jian <liujian56@huawei.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: Martin KaFai Lau <martin.lau@kernel.org>
Link: https://patch.msgid.link/20241123174236.62438-1-kuniyu@amazon.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv4/inet_connection_sock.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c
index cd7989b514eaa..f5592670420b5 100644
--- a/net/ipv4/inet_connection_sock.c
+++ b/net/ipv4/inet_connection_sock.c
@@ -1188,7 +1188,7 @@ static void reqsk_timer_handler(struct timer_list *t)
drop:
__inet_csk_reqsk_queue_drop(sk_listener, oreq, true);
- reqsk_put(req);
+ reqsk_put(oreq);
}
static bool reqsk_queue_hash_req(struct request_sock *req,
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 595/817] ip6mr: fix tables suspicious RCU usage
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (593 preceding siblings ...)
2024-12-03 14:42 ` [PATCH 6.11 594/817] tcp: Fix use-after-free of nreq in reqsk_timer_handler() Greg Kroah-Hartman
@ 2024-12-03 14:42 ` Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 596/817] ipmr: " Greg Kroah-Hartman
` (231 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:42 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, David Ahern, Paolo Abeni,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Paolo Abeni <pabeni@redhat.com>
[ Upstream commit f1553c9894b4dbeb10a2ab15ab1aa113b3b4047c ]
Several places call ip6mr_get_table() with no RCU nor RTNL lock.
Add RCU protection inside such helper and provide a lockless variant
for the few callers that already acquired the relevant lock.
Note that some users additionally reference the table outside the RCU
lock. That is actually safe as the table deletion can happen only
after all table accesses are completed.
Fixes: e2d57766e674 ("net: Provide compat support for SIOCGETMIFCNT_IN6 and SIOCGETSGCNT_IN6.")
Fixes: d7c31cbde4bc ("net: ip6mr: add RTM_GETROUTE netlink op")
Reviewed-by: David Ahern <dsahern@kernel.org>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv6/ip6mr.c | 38 +++++++++++++++++++++++++++-----------
1 file changed, 27 insertions(+), 11 deletions(-)
diff --git a/net/ipv6/ip6mr.c b/net/ipv6/ip6mr.c
index dd342e6ecf3f4..f2b1e9210905b 100644
--- a/net/ipv6/ip6mr.c
+++ b/net/ipv6/ip6mr.c
@@ -125,7 +125,7 @@ static struct mr_table *ip6mr_mr_table_iter(struct net *net,
return ret;
}
-static struct mr_table *ip6mr_get_table(struct net *net, u32 id)
+static struct mr_table *__ip6mr_get_table(struct net *net, u32 id)
{
struct mr_table *mrt;
@@ -136,6 +136,16 @@ static struct mr_table *ip6mr_get_table(struct net *net, u32 id)
return NULL;
}
+static struct mr_table *ip6mr_get_table(struct net *net, u32 id)
+{
+ struct mr_table *mrt;
+
+ rcu_read_lock();
+ mrt = __ip6mr_get_table(net, id);
+ rcu_read_unlock();
+ return mrt;
+}
+
static int ip6mr_fib_lookup(struct net *net, struct flowi6 *flp6,
struct mr_table **mrt)
{
@@ -177,7 +187,7 @@ static int ip6mr_rule_action(struct fib_rule *rule, struct flowi *flp,
arg->table = fib_rule_get_table(rule, arg);
- mrt = ip6mr_get_table(rule->fr_net, arg->table);
+ mrt = __ip6mr_get_table(rule->fr_net, arg->table);
if (!mrt)
return -EAGAIN;
res->mrt = mrt;
@@ -304,6 +314,8 @@ static struct mr_table *ip6mr_get_table(struct net *net, u32 id)
return net->ipv6.mrt6;
}
+#define __ip6mr_get_table ip6mr_get_table
+
static int ip6mr_fib_lookup(struct net *net, struct flowi6 *flp6,
struct mr_table **mrt)
{
@@ -382,7 +394,7 @@ static struct mr_table *ip6mr_new_table(struct net *net, u32 id)
{
struct mr_table *mrt;
- mrt = ip6mr_get_table(net, id);
+ mrt = __ip6mr_get_table(net, id);
if (mrt)
return mrt;
@@ -411,13 +423,15 @@ static void *ip6mr_vif_seq_start(struct seq_file *seq, loff_t *pos)
struct net *net = seq_file_net(seq);
struct mr_table *mrt;
- mrt = ip6mr_get_table(net, RT6_TABLE_DFLT);
- if (!mrt)
+ rcu_read_lock();
+ mrt = __ip6mr_get_table(net, RT6_TABLE_DFLT);
+ if (!mrt) {
+ rcu_read_unlock();
return ERR_PTR(-ENOENT);
+ }
iter->mrt = mrt;
- rcu_read_lock();
return mr_vif_seq_start(seq, pos);
}
@@ -2275,11 +2289,13 @@ int ip6mr_get_route(struct net *net, struct sk_buff *skb, struct rtmsg *rtm,
struct mfc6_cache *cache;
struct rt6_info *rt = dst_rt6_info(skb_dst(skb));
- mrt = ip6mr_get_table(net, RT6_TABLE_DFLT);
- if (!mrt)
+ rcu_read_lock();
+ mrt = __ip6mr_get_table(net, RT6_TABLE_DFLT);
+ if (!mrt) {
+ rcu_read_unlock();
return -ENOENT;
+ }
- rcu_read_lock();
cache = ip6mr_cache_find(mrt, &rt->rt6i_src.addr, &rt->rt6i_dst.addr);
if (!cache && skb->dev) {
int vif = ip6mr_find_vif(mrt, skb->dev);
@@ -2560,7 +2576,7 @@ static int ip6mr_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr *nlh,
grp = nla_get_in6_addr(tb[RTA_DST]);
tableid = tb[RTA_TABLE] ? nla_get_u32(tb[RTA_TABLE]) : 0;
- mrt = ip6mr_get_table(net, tableid ?: RT_TABLE_DEFAULT);
+ mrt = __ip6mr_get_table(net, tableid ?: RT_TABLE_DEFAULT);
if (!mrt) {
NL_SET_ERR_MSG_MOD(extack, "MR table does not exist");
return -ENOENT;
@@ -2607,7 +2623,7 @@ static int ip6mr_rtm_dumproute(struct sk_buff *skb, struct netlink_callback *cb)
if (filter.table_id) {
struct mr_table *mrt;
- mrt = ip6mr_get_table(sock_net(skb->sk), filter.table_id);
+ mrt = __ip6mr_get_table(sock_net(skb->sk), filter.table_id);
if (!mrt) {
if (rtnl_msg_family(cb->nlh) != RTNL_FAMILY_IP6MR)
return skb->len;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 596/817] ipmr: fix tables suspicious RCU usage
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (594 preceding siblings ...)
2024-12-03 14:42 ` [PATCH 6.11 595/817] ip6mr: fix tables suspicious RCU usage Greg Kroah-Hartman
@ 2024-12-03 14:42 ` Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 597/817] iio: light: al3010: Fix an error handling path in al3010_probe() Greg Kroah-Hartman
` (230 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:42 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, David Ahern, Paolo Abeni,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Paolo Abeni <pabeni@redhat.com>
[ Upstream commit fc9c273d6daaa9866f349bbe8cae25c67764c456 ]
Similar to the previous patch, plumb the RCU lock inside
the ipmr_get_table(), provided a lockless variant and apply
the latter in the few spots were the lock is already held.
Fixes: 709b46e8d90b ("net: Add compat ioctl support for the ipv4 multicast ioctl SIOCGETSGCNT")
Fixes: f0ad0860d01e ("ipv4: ipmr: support multiple tables")
Reviewed-by: David Ahern <dsahern@kernel.org>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv4/ipmr.c | 42 +++++++++++++++++++++++++++++-------------
1 file changed, 29 insertions(+), 13 deletions(-)
diff --git a/net/ipv4/ipmr.c b/net/ipv4/ipmr.c
index 6c750bd13dd8d..035d6f0ff01ee 100644
--- a/net/ipv4/ipmr.c
+++ b/net/ipv4/ipmr.c
@@ -136,7 +136,7 @@ static struct mr_table *ipmr_mr_table_iter(struct net *net,
return ret;
}
-static struct mr_table *ipmr_get_table(struct net *net, u32 id)
+static struct mr_table *__ipmr_get_table(struct net *net, u32 id)
{
struct mr_table *mrt;
@@ -147,6 +147,16 @@ static struct mr_table *ipmr_get_table(struct net *net, u32 id)
return NULL;
}
+static struct mr_table *ipmr_get_table(struct net *net, u32 id)
+{
+ struct mr_table *mrt;
+
+ rcu_read_lock();
+ mrt = __ipmr_get_table(net, id);
+ rcu_read_unlock();
+ return mrt;
+}
+
static int ipmr_fib_lookup(struct net *net, struct flowi4 *flp4,
struct mr_table **mrt)
{
@@ -188,7 +198,7 @@ static int ipmr_rule_action(struct fib_rule *rule, struct flowi *flp,
arg->table = fib_rule_get_table(rule, arg);
- mrt = ipmr_get_table(rule->fr_net, arg->table);
+ mrt = __ipmr_get_table(rule->fr_net, arg->table);
if (!mrt)
return -EAGAIN;
res->mrt = mrt;
@@ -314,6 +324,8 @@ static struct mr_table *ipmr_get_table(struct net *net, u32 id)
return net->ipv4.mrt;
}
+#define __ipmr_get_table ipmr_get_table
+
static int ipmr_fib_lookup(struct net *net, struct flowi4 *flp4,
struct mr_table **mrt)
{
@@ -402,7 +414,7 @@ static struct mr_table *ipmr_new_table(struct net *net, u32 id)
if (id != RT_TABLE_DEFAULT && id >= 1000000000)
return ERR_PTR(-EINVAL);
- mrt = ipmr_get_table(net, id);
+ mrt = __ipmr_get_table(net, id);
if (mrt)
return mrt;
@@ -1373,7 +1385,7 @@ int ip_mroute_setsockopt(struct sock *sk, int optname, sockptr_t optval,
goto out_unlock;
}
- mrt = ipmr_get_table(net, raw_sk(sk)->ipmr_table ? : RT_TABLE_DEFAULT);
+ mrt = __ipmr_get_table(net, raw_sk(sk)->ipmr_table ? : RT_TABLE_DEFAULT);
if (!mrt) {
ret = -ENOENT;
goto out_unlock;
@@ -2261,11 +2273,13 @@ int ipmr_get_route(struct net *net, struct sk_buff *skb,
struct mr_table *mrt;
int err;
- mrt = ipmr_get_table(net, RT_TABLE_DEFAULT);
- if (!mrt)
+ rcu_read_lock();
+ mrt = __ipmr_get_table(net, RT_TABLE_DEFAULT);
+ if (!mrt) {
+ rcu_read_unlock();
return -ENOENT;
+ }
- rcu_read_lock();
cache = ipmr_cache_find(mrt, saddr, daddr);
if (!cache && skb->dev) {
int vif = ipmr_find_vif(mrt, skb->dev);
@@ -2550,7 +2564,7 @@ static int ipmr_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr *nlh,
grp = tb[RTA_DST] ? nla_get_in_addr(tb[RTA_DST]) : 0;
tableid = tb[RTA_TABLE] ? nla_get_u32(tb[RTA_TABLE]) : 0;
- mrt = ipmr_get_table(net, tableid ? tableid : RT_TABLE_DEFAULT);
+ mrt = __ipmr_get_table(net, tableid ? tableid : RT_TABLE_DEFAULT);
if (!mrt) {
err = -ENOENT;
goto errout_free;
@@ -2604,7 +2618,7 @@ static int ipmr_rtm_dumproute(struct sk_buff *skb, struct netlink_callback *cb)
if (filter.table_id) {
struct mr_table *mrt;
- mrt = ipmr_get_table(sock_net(skb->sk), filter.table_id);
+ mrt = __ipmr_get_table(sock_net(skb->sk), filter.table_id);
if (!mrt) {
if (rtnl_msg_family(cb->nlh) != RTNL_FAMILY_IPMR)
return skb->len;
@@ -2712,7 +2726,7 @@ static int rtm_to_ipmr_mfcc(struct net *net, struct nlmsghdr *nlh,
break;
}
}
- mrt = ipmr_get_table(net, tblid);
+ mrt = __ipmr_get_table(net, tblid);
if (!mrt) {
ret = -ENOENT;
goto out;
@@ -2920,13 +2934,15 @@ static void *ipmr_vif_seq_start(struct seq_file *seq, loff_t *pos)
struct net *net = seq_file_net(seq);
struct mr_table *mrt;
- mrt = ipmr_get_table(net, RT_TABLE_DEFAULT);
- if (!mrt)
+ rcu_read_lock();
+ mrt = __ipmr_get_table(net, RT_TABLE_DEFAULT);
+ if (!mrt) {
+ rcu_read_unlock();
return ERR_PTR(-ENOENT);
+ }
iter->mrt = mrt;
- rcu_read_lock();
return mr_vif_seq_start(seq, pos);
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 597/817] iio: light: al3010: Fix an error handling path in al3010_probe()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (595 preceding siblings ...)
2024-12-03 14:42 ` [PATCH 6.11 596/817] ipmr: " Greg Kroah-Hartman
@ 2024-12-03 14:42 ` Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 598/817] usb: using mutex lock and supporting O_NONBLOCK flag in iowarrior_read() Greg Kroah-Hartman
` (229 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christophe JAILLET, Jonathan Cameron,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit a4b7064d34186cf4970fe0333c3b27346cf8f819 ]
If i2c_smbus_write_byte_data() fails in al3010_init(),
al3010_set_pwr(false) is not called.
In order to avoid such a situation, move the devm_add_action_or_reset()
witch calls al3010_set_pwr(false) right after a successful
al3010_set_pwr(true).
Fixes: c36b5195ab70 ("iio: light: add Dyna-Image AL3010 driver")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Link: https://patch.msgid.link/ee5d10a2dd2b70f29772d5df33774d3974a80f30.1725993353.git.christophe.jaillet@wanadoo.fr
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iio/light/al3010.c | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/drivers/iio/light/al3010.c b/drivers/iio/light/al3010.c
index 53569587ccb7b..7cbb8b2033009 100644
--- a/drivers/iio/light/al3010.c
+++ b/drivers/iio/light/al3010.c
@@ -87,7 +87,12 @@ static int al3010_init(struct al3010_data *data)
int ret;
ret = al3010_set_pwr(data->client, true);
+ if (ret < 0)
+ return ret;
+ ret = devm_add_action_or_reset(&data->client->dev,
+ al3010_set_pwr_off,
+ data);
if (ret < 0)
return ret;
@@ -190,12 +195,6 @@ static int al3010_probe(struct i2c_client *client)
return ret;
}
- ret = devm_add_action_or_reset(&client->dev,
- al3010_set_pwr_off,
- data);
- if (ret < 0)
- return ret;
-
return devm_iio_device_register(&client->dev, indio_dev);
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 598/817] usb: using mutex lock and supporting O_NONBLOCK flag in iowarrior_read()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (596 preceding siblings ...)
2024-12-03 14:42 ` [PATCH 6.11 597/817] iio: light: al3010: Fix an error handling path in al3010_probe() Greg Kroah-Hartman
@ 2024-12-03 14:42 ` Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 599/817] usb: yurex: make waiting on yurex_write interruptible Greg Kroah-Hartman
` (228 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:42 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Jeongjun Park, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jeongjun Park <aha310510@gmail.com>
[ Upstream commit 44feafbaa66ec86232b123bb8437a6a262442025 ]
iowarrior_read() uses the iowarrior dev structure, but does not use any
lock on the structure. This can cause various bugs including data-races,
so it is more appropriate to use a mutex lock to safely protect the
iowarrior dev structure. When using a mutex lock, you should split the
branch to prevent blocking when the O_NONBLOCK flag is set.
In addition, it is unnecessary to check for NULL on the iowarrior dev
structure obtained by reading file->private_data. Therefore, it is
better to remove the check.
Fixes: 946b960d13c1 ("USB: add driver for iowarrior devices.")
Signed-off-by: Jeongjun Park <aha310510@gmail.com>
Link: https://lore.kernel.org/r/20240919103403.3986-1-aha310510@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/misc/iowarrior.c | 46 ++++++++++++++++++++++++++++--------
1 file changed, 36 insertions(+), 10 deletions(-)
diff --git a/drivers/usb/misc/iowarrior.c b/drivers/usb/misc/iowarrior.c
index 6d28467ce3522..a513766b4985d 100644
--- a/drivers/usb/misc/iowarrior.c
+++ b/drivers/usb/misc/iowarrior.c
@@ -277,28 +277,45 @@ static ssize_t iowarrior_read(struct file *file, char __user *buffer,
struct iowarrior *dev;
int read_idx;
int offset;
+ int retval;
dev = file->private_data;
+ if (file->f_flags & O_NONBLOCK) {
+ retval = mutex_trylock(&dev->mutex);
+ if (!retval)
+ return -EAGAIN;
+ } else {
+ retval = mutex_lock_interruptible(&dev->mutex);
+ if (retval)
+ return -ERESTARTSYS;
+ }
+
/* verify that the device wasn't unplugged */
- if (!dev || !dev->present)
- return -ENODEV;
+ if (!dev->present) {
+ retval = -ENODEV;
+ goto exit;
+ }
dev_dbg(&dev->interface->dev, "minor %d, count = %zd\n",
dev->minor, count);
/* read count must be packet size (+ time stamp) */
if ((count != dev->report_size)
- && (count != (dev->report_size + 1)))
- return -EINVAL;
+ && (count != (dev->report_size + 1))) {
+ retval = -EINVAL;
+ goto exit;
+ }
/* repeat until no buffer overrun in callback handler occur */
do {
atomic_set(&dev->overflow_flag, 0);
if ((read_idx = read_index(dev)) == -1) {
/* queue empty */
- if (file->f_flags & O_NONBLOCK)
- return -EAGAIN;
+ if (file->f_flags & O_NONBLOCK) {
+ retval = -EAGAIN;
+ goto exit;
+ }
else {
//next line will return when there is either new data, or the device is unplugged
int r = wait_event_interruptible(dev->read_wait,
@@ -309,28 +326,37 @@ static ssize_t iowarrior_read(struct file *file, char __user *buffer,
-1));
if (r) {
//we were interrupted by a signal
- return -ERESTART;
+ retval = -ERESTART;
+ goto exit;
}
if (!dev->present) {
//The device was unplugged
- return -ENODEV;
+ retval = -ENODEV;
+ goto exit;
}
if (read_idx == -1) {
// Can this happen ???
- return 0;
+ retval = 0;
+ goto exit;
}
}
}
offset = read_idx * (dev->report_size + 1);
if (copy_to_user(buffer, dev->read_queue + offset, count)) {
- return -EFAULT;
+ retval = -EFAULT;
+ goto exit;
}
} while (atomic_read(&dev->overflow_flag));
read_idx = ++read_idx == MAX_INTERRUPT_BUFFER ? 0 : read_idx;
atomic_set(&dev->read_idx, read_idx);
+ mutex_unlock(&dev->mutex);
return count;
+
+exit:
+ mutex_unlock(&dev->mutex);
+ return retval;
}
/*
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 599/817] usb: yurex: make waiting on yurex_write interruptible
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (597 preceding siblings ...)
2024-12-03 14:42 ` [PATCH 6.11 598/817] usb: using mutex lock and supporting O_NONBLOCK flag in iowarrior_read() Greg Kroah-Hartman
@ 2024-12-03 14:42 ` Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 600/817] USB: chaoskey: fail open after removal Greg Kroah-Hartman
` (227 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:42 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Oliver Neukum, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Oliver Neukum <oneukum@suse.com>
[ Upstream commit e0aa9614ab0fd35b404e4b16ebe879f9fc152591 ]
The IO yurex_write() needs to wait for in order to have a device
ready for writing again can take a long time time.
Consequently the sleep is done in an interruptible state.
Therefore others waiting for yurex_write() itself to finish should
use mutex_lock_interruptible.
Signed-off-by: Oliver Neukum <oneukum@suse.com>
Fixes: 6bc235a2e24a5 ("USB: add driver for Meywa-Denki & Kayac YUREX")
Rule: add
Link: https://lore.kernel.org/stable/20240924084415.300557-1-oneukum%40suse.com
Link: https://lore.kernel.org/r/20240924084415.300557-1-oneukum@suse.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/misc/iowarrior.c | 4 ----
drivers/usb/misc/yurex.c | 5 ++++-
2 files changed, 4 insertions(+), 5 deletions(-)
diff --git a/drivers/usb/misc/iowarrior.c b/drivers/usb/misc/iowarrior.c
index a513766b4985d..365c100693458 100644
--- a/drivers/usb/misc/iowarrior.c
+++ b/drivers/usb/misc/iowarrior.c
@@ -911,7 +911,6 @@ static int iowarrior_probe(struct usb_interface *interface,
static void iowarrior_disconnect(struct usb_interface *interface)
{
struct iowarrior *dev = usb_get_intfdata(interface);
- int minor = dev->minor;
usb_deregister_dev(interface, &iowarrior_class);
@@ -935,9 +934,6 @@ static void iowarrior_disconnect(struct usb_interface *interface)
mutex_unlock(&dev->mutex);
iowarrior_delete(dev);
}
-
- dev_info(&interface->dev, "I/O-Warror #%d now disconnected\n",
- minor - IOWARRIOR_MINOR_BASE);
}
/* usb specific object needed to register this driver with the usb subsystem */
diff --git a/drivers/usb/misc/yurex.c b/drivers/usb/misc/yurex.c
index 7c12b937d0759..bd94bf078de3b 100644
--- a/drivers/usb/misc/yurex.c
+++ b/drivers/usb/misc/yurex.c
@@ -441,7 +441,10 @@ static ssize_t yurex_write(struct file *file, const char __user *user_buffer,
if (count == 0)
goto error;
- mutex_lock(&dev->io_mutex);
+ retval = mutex_lock_interruptible(&dev->io_mutex);
+ if (retval < 0)
+ return -EINTR;
+
if (dev->disconnected) { /* already disconnected */
mutex_unlock(&dev->io_mutex);
retval = -ENODEV;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 600/817] USB: chaoskey: fail open after removal
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (598 preceding siblings ...)
2024-12-03 14:42 ` [PATCH 6.11 599/817] usb: yurex: make waiting on yurex_write interruptible Greg Kroah-Hartman
@ 2024-12-03 14:42 ` Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 601/817] USB: chaoskey: Fix possible deadlock chaoskey_list_lock Greg Kroah-Hartman
` (226 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Oliver Neukum,
syzbot+422188bce66e76020e55, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Oliver Neukum <oneukum@suse.com>
[ Upstream commit 422dc0a4d12d0b80dd3aab3fe5943f665ba8f041 ]
chaoskey_open() takes the lock only to increase the
counter of openings. That means that the mutual exclusion
with chaoskey_disconnect() cannot prevent an increase
of the counter and chaoskey_open() returning a success.
If that race is hit, chaoskey_disconnect() will happily
free all resources associated with the device after
it has dropped the lock, as it has read the counter
as zero.
To prevent this race chaoskey_open() has to check
the presence of the device under the lock.
However, the current per device lock cannot be used,
because it is a part of the data structure to be
freed. Hence an additional global mutex is needed.
The issue is as old as the driver.
Signed-off-by: Oliver Neukum <oneukum@suse.com>
Reported-by: syzbot+422188bce66e76020e55@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=422188bce66e76020e55
Fixes: 66e3e591891da ("usb: Add driver for Altus Metrum ChaosKey device (v2)")
Rule: add
Link: https://lore.kernel.org/stable/20241002132201.552578-1-oneukum%40suse.com
Link: https://lore.kernel.org/r/20241002132201.552578-1-oneukum@suse.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/misc/chaoskey.c | 35 ++++++++++++++++++++++++-----------
1 file changed, 24 insertions(+), 11 deletions(-)
diff --git a/drivers/usb/misc/chaoskey.c b/drivers/usb/misc/chaoskey.c
index 6fb5140e29b9d..e8b63df5f9759 100644
--- a/drivers/usb/misc/chaoskey.c
+++ b/drivers/usb/misc/chaoskey.c
@@ -27,6 +27,8 @@ static struct usb_class_driver chaoskey_class;
static int chaoskey_rng_read(struct hwrng *rng, void *data,
size_t max, bool wait);
+static DEFINE_MUTEX(chaoskey_list_lock);
+
#define usb_dbg(usb_if, format, arg...) \
dev_dbg(&(usb_if)->dev, format, ## arg)
@@ -230,6 +232,7 @@ static void chaoskey_disconnect(struct usb_interface *interface)
if (dev->hwrng_registered)
hwrng_unregister(&dev->hwrng);
+ mutex_lock(&chaoskey_list_lock);
usb_deregister_dev(interface, &chaoskey_class);
usb_set_intfdata(interface, NULL);
@@ -244,6 +247,7 @@ static void chaoskey_disconnect(struct usb_interface *interface)
} else
mutex_unlock(&dev->lock);
+ mutex_unlock(&chaoskey_list_lock);
usb_dbg(interface, "disconnect done");
}
@@ -251,6 +255,7 @@ static int chaoskey_open(struct inode *inode, struct file *file)
{
struct chaoskey *dev;
struct usb_interface *interface;
+ int rv = 0;
/* get the interface from minor number and driver information */
interface = usb_find_interface(&chaoskey_driver, iminor(inode));
@@ -266,18 +271,23 @@ static int chaoskey_open(struct inode *inode, struct file *file)
}
file->private_data = dev;
+ mutex_lock(&chaoskey_list_lock);
mutex_lock(&dev->lock);
- ++dev->open;
+ if (dev->present)
+ ++dev->open;
+ else
+ rv = -ENODEV;
mutex_unlock(&dev->lock);
+ mutex_unlock(&chaoskey_list_lock);
- usb_dbg(interface, "open success");
- return 0;
+ return rv;
}
static int chaoskey_release(struct inode *inode, struct file *file)
{
struct chaoskey *dev = file->private_data;
struct usb_interface *interface;
+ int rv = 0;
if (dev == NULL)
return -ENODEV;
@@ -286,14 +296,15 @@ static int chaoskey_release(struct inode *inode, struct file *file)
usb_dbg(interface, "release");
+ mutex_lock(&chaoskey_list_lock);
mutex_lock(&dev->lock);
usb_dbg(interface, "open count at release is %d", dev->open);
if (dev->open <= 0) {
usb_dbg(interface, "invalid open count (%d)", dev->open);
- mutex_unlock(&dev->lock);
- return -ENODEV;
+ rv = -ENODEV;
+ goto bail;
}
--dev->open;
@@ -302,13 +313,15 @@ static int chaoskey_release(struct inode *inode, struct file *file)
if (dev->open == 0) {
mutex_unlock(&dev->lock);
chaoskey_free(dev);
- } else
- mutex_unlock(&dev->lock);
- } else
- mutex_unlock(&dev->lock);
-
+ goto destruction;
+ }
+ }
+bail:
+ mutex_unlock(&dev->lock);
+destruction:
+ mutex_lock(&chaoskey_list_lock);
usb_dbg(interface, "release success");
- return 0;
+ return rv;
}
static void chaos_read_callback(struct urb *urb)
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 601/817] USB: chaoskey: Fix possible deadlock chaoskey_list_lock
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (599 preceding siblings ...)
2024-12-03 14:42 ` [PATCH 6.11 600/817] USB: chaoskey: fail open after removal Greg Kroah-Hartman
@ 2024-12-03 14:42 ` Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 602/817] misc: apds990x: Fix missing pm_runtime_disable() Greg Kroah-Hartman
` (225 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+685e14d04fe35692d3bc,
syzbot+1f8ca5ee82576ec01f12, Edward Adam Davis,
syzbot+5f1ce62e956b7b19610e, Oliver Neukum, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Edward Adam Davis <eadavis@qq.com>
[ Upstream commit d73dc7b182be4238b75278bfae16afb4c5564a58 ]
[Syzbot reported two possible deadlocks]
The first possible deadlock is:
WARNING: possible recursive locking detected
6.12.0-rc1-syzkaller-00027-g4a9fe2a8ac53 #0 Not tainted
--------------------------------------------
syz-executor363/2651 is trying to acquire lock:
ffffffff89b120e8 (chaoskey_list_lock){+.+.}-{3:3}, at: chaoskey_release+0x15d/0x2c0 drivers/usb/misc/chaoskey.c:322
but task is already holding lock:
ffffffff89b120e8 (chaoskey_list_lock){+.+.}-{3:3}, at: chaoskey_release+0x7f/0x2c0 drivers/usb/misc/chaoskey.c:299
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(chaoskey_list_lock);
lock(chaoskey_list_lock);
*** DEADLOCK ***
The second possible deadlock is:
WARNING: possible circular locking dependency detected
6.12.0-rc1-syzkaller-00027-g4a9fe2a8ac53 #0 Not tainted
------------------------------------------------------
kworker/0:2/804 is trying to acquire lock:
ffffffff899dadb0 (minor_rwsem){++++}-{3:3}, at: usb_deregister_dev+0x7c/0x1e0 drivers/usb/core/file.c:186
but task is already holding lock:
ffffffff89b120e8 (chaoskey_list_lock){+.+.}-{3:3}, at: chaoskey_disconnect+0xa8/0x2a0 drivers/usb/misc/chaoskey.c:235
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (chaoskey_list_lock){+.+.}-{3:3}:
__mutex_lock_common kernel/locking/mutex.c:608 [inline]
__mutex_lock+0x175/0x9c0 kernel/locking/mutex.c:752
chaoskey_open+0xdd/0x220 drivers/usb/misc/chaoskey.c:274
usb_open+0x186/0x220 drivers/usb/core/file.c:47
chrdev_open+0x237/0x6a0 fs/char_dev.c:414
do_dentry_open+0x6cb/0x1390 fs/open.c:958
vfs_open+0x82/0x3f0 fs/open.c:1088
do_open fs/namei.c:3774 [inline]
path_openat+0x1e6a/0x2d60 fs/namei.c:3933
do_filp_open+0x1dc/0x430 fs/namei.c:3960
do_sys_openat2+0x17a/0x1e0 fs/open.c:1415
do_sys_open fs/open.c:1430 [inline]
__do_sys_openat fs/open.c:1446 [inline]
__se_sys_openat fs/open.c:1441 [inline]
__x64_sys_openat+0x175/0x210 fs/open.c:1441
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> #0 (minor_rwsem){++++}-{3:3}:
check_prev_add kernel/locking/lockdep.c:3161 [inline]
check_prevs_add kernel/locking/lockdep.c:3280 [inline]
validate_chain kernel/locking/lockdep.c:3904 [inline]
__lock_acquire+0x250b/0x3ce0 kernel/locking/lockdep.c:5202
lock_acquire.part.0+0x11b/0x380 kernel/locking/lockdep.c:5825
down_write+0x93/0x200 kernel/locking/rwsem.c:1577
usb_deregister_dev+0x7c/0x1e0 drivers/usb/core/file.c:186
chaoskey_disconnect+0xb7/0x2a0 drivers/usb/misc/chaoskey.c:236
usb_unbind_interface+0x1e8/0x970 drivers/usb/core/driver.c:461
device_remove drivers/base/dd.c:569 [inline]
device_remove+0x122/0x170 drivers/base/dd.c:561
__device_release_driver drivers/base/dd.c:1273 [inline]
device_release_driver_internal+0x44a/0x610 drivers/base/dd.c:1296
bus_remove_device+0x22f/0x420 drivers/base/bus.c:576
device_del+0x396/0x9f0 drivers/base/core.c:3864
usb_disable_device+0x36c/0x7f0 drivers/usb/core/message.c:1418
usb_disconnect+0x2e1/0x920 drivers/usb/core/hub.c:2304
hub_port_connect drivers/usb/core/hub.c:5361 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5661 [inline]
port_event drivers/usb/core/hub.c:5821 [inline]
hub_event+0x1bed/0x4f40 drivers/usb/core/hub.c:5903
process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3229
process_scheduled_works kernel/workqueue.c:3310 [inline]
worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391
kthread+0x2c1/0x3a0 kernel/kthread.c:389
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(chaoskey_list_lock);
lock(minor_rwsem);
lock(chaoskey_list_lock);
lock(minor_rwsem);
*** DEADLOCK ***
[Analysis]
The first is AA lock, it because wrong logic, it need a unlock.
The second is AB lock, it needs to rearrange the order of lock usage.
Fixes: 422dc0a4d12d ("USB: chaoskey: fail open after removal")
Reported-by: syzbot+685e14d04fe35692d3bc@syzkaller.appspotmail.com
Reported-by: syzbot+1f8ca5ee82576ec01f12@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=685e14d04fe35692d3bc
Signed-off-by: Edward Adam Davis <eadavis@qq.com>
Tested-by: syzbot+685e14d04fe35692d3bc@syzkaller.appspotmail.com
Reported-by: syzbot+5f1ce62e956b7b19610e@syzkaller.appspotmail.com
Tested-by: syzbot+5f1ce62e956b7b19610e@syzkaller.appspotmail.com
Tested-by: syzbot+1f8ca5ee82576ec01f12@syzkaller.appspotmail.com
Link: https://lore.kernel.org/r/tencent_84EB865C89862EC22EE94CB3A7C706C59206@qq.com
Cc: Oliver Neukum <oneukum@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/misc/chaoskey.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/usb/misc/chaoskey.c b/drivers/usb/misc/chaoskey.c
index e8b63df5f9759..225863321dc47 100644
--- a/drivers/usb/misc/chaoskey.c
+++ b/drivers/usb/misc/chaoskey.c
@@ -232,10 +232,10 @@ static void chaoskey_disconnect(struct usb_interface *interface)
if (dev->hwrng_registered)
hwrng_unregister(&dev->hwrng);
- mutex_lock(&chaoskey_list_lock);
usb_deregister_dev(interface, &chaoskey_class);
usb_set_intfdata(interface, NULL);
+ mutex_lock(&chaoskey_list_lock);
mutex_lock(&dev->lock);
dev->present = false;
@@ -319,7 +319,7 @@ static int chaoskey_release(struct inode *inode, struct file *file)
bail:
mutex_unlock(&dev->lock);
destruction:
- mutex_lock(&chaoskey_list_lock);
+ mutex_unlock(&chaoskey_list_lock);
usb_dbg(interface, "release success");
return rv;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 602/817] misc: apds990x: Fix missing pm_runtime_disable()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (600 preceding siblings ...)
2024-12-03 14:42 ` [PATCH 6.11 601/817] USB: chaoskey: Fix possible deadlock chaoskey_list_lock Greg Kroah-Hartman
@ 2024-12-03 14:42 ` Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 603/817] devres: Fix page faults when tracing devres from unloaded modules Greg Kroah-Hartman
` (224 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:42 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Jinjie Ruan, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jinjie Ruan <ruanjinjie@huawei.com>
[ Upstream commit 3c5d8b819d27012264edd17e6ae7fffda382fe44 ]
The pm_runtime_disable() is missing in probe error path,
so add it to fix it.
Fixes: 92b1f84d46b2 ("drivers/misc: driver for APDS990X ALS and proximity sensors")
Signed-off-by: Jinjie Ruan <ruanjinjie@huawei.com>
Link: https://lore.kernel.org/r/20240923035556.3009105-1-ruanjinjie@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/misc/apds990x.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/drivers/misc/apds990x.c b/drivers/misc/apds990x.c
index 6d4edd69db126..e7d73c972f65d 100644
--- a/drivers/misc/apds990x.c
+++ b/drivers/misc/apds990x.c
@@ -1147,7 +1147,7 @@ static int apds990x_probe(struct i2c_client *client)
err = chip->pdata->setup_resources();
if (err) {
err = -EINVAL;
- goto fail3;
+ goto fail4;
}
}
@@ -1155,7 +1155,7 @@ static int apds990x_probe(struct i2c_client *client)
apds990x_attribute_group);
if (err < 0) {
dev_err(&chip->client->dev, "Sysfs registration failed\n");
- goto fail4;
+ goto fail5;
}
err = request_threaded_irq(client->irq, NULL,
@@ -1166,15 +1166,17 @@ static int apds990x_probe(struct i2c_client *client)
if (err) {
dev_err(&client->dev, "could not get IRQ %d\n",
client->irq);
- goto fail5;
+ goto fail6;
}
return err;
-fail5:
+fail6:
sysfs_remove_group(&chip->client->dev.kobj,
&apds990x_attribute_group[0]);
-fail4:
+fail5:
if (chip->pdata && chip->pdata->release_resources)
chip->pdata->release_resources();
+fail4:
+ pm_runtime_disable(&client->dev);
fail3:
regulator_bulk_disable(ARRAY_SIZE(chip->regs), chip->regs);
fail2:
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 603/817] devres: Fix page faults when tracing devres from unloaded modules
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (601 preceding siblings ...)
2024-12-03 14:42 ` [PATCH 6.11 602/817] misc: apds990x: Fix missing pm_runtime_disable() Greg Kroah-Hartman
@ 2024-12-03 14:42 ` Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 604/817] usb: gadget: uvc: wake pump everytime we update the free list Greg Kroah-Hartman
` (223 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Andy Shevchenko, Keita Morisaki,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Keita Morisaki <keyz@google.com>
[ Upstream commit 765399553714e934a219d698953d435f4f99caa7 ]
The devres ftrace event logs the name of the devres node, which is often a
function name (e.g., "devm_work_drop") stringified by macros like
devm_add_action. Currently, ftrace stores this name as a string literal
address, which can become invalid when the module containing the string is
unloaded. This results in page faults when ftrace tries to access the name.
This behavior is problematic because the devres ftrace event is designed to
trace resource management throughout a device driver's lifecycle, including
during module unload. The event should be available even after the module
is unloaded to properly diagnose resource issues.
Fix the issue by copying the devres node name into the ftrace ring buffer
using __assign_str(), instead of storing just the address. This ensures
that ftrace can always access the name, even if the module is unloaded.
This change increases the memory usage for each of the ftrace entry by
12-16 bytes assuming the average devres node name is 20 bytes long,
depending on the size of const char *.
Note that this change does not affect anything unless all of following
conditions are met.
- CONFIG_DEBUG_DEVRES is enabled
- ftrace tracing is enabled
- The devres event is enabled in ftrace tracing
Fixes: 09705dcb63d2 ("devres: Enable trace events")
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Keita Morisaki <keyz@google.com>
Link: https://lore.kernel.org/r/20240928125005.714781-1-keyz@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/base/trace.h | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/base/trace.h b/drivers/base/trace.h
index e52b6eae060dd..3b83b13a57ff1 100644
--- a/drivers/base/trace.h
+++ b/drivers/base/trace.h
@@ -24,18 +24,18 @@ DECLARE_EVENT_CLASS(devres,
__field(struct device *, dev)
__field(const char *, op)
__field(void *, node)
- __field(const char *, name)
+ __string(name, name)
__field(size_t, size)
),
TP_fast_assign(
__assign_str(devname);
__entry->op = op;
__entry->node = node;
- __entry->name = name;
+ __assign_str(name);
__entry->size = size;
),
TP_printk("%s %3s %p %s (%zu bytes)", __get_str(devname),
- __entry->op, __entry->node, __entry->name, __entry->size)
+ __entry->op, __entry->node, __get_str(name), __entry->size)
);
DEFINE_EVENT(devres, devres_log,
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 604/817] usb: gadget: uvc: wake pump everytime we update the free list
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (602 preceding siblings ...)
2024-12-03 14:42 ` [PATCH 6.11 603/817] devres: Fix page faults when tracing devres from unloaded modules Greg Kroah-Hartman
@ 2024-12-03 14:42 ` Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 605/817] interconnect: qcom: icc-rpmh: probe defer incase of missing QoS clock dependency Greg Kroah-Hartman
` (222 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:42 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Michael Grzeschik, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michael Grzeschik <m.grzeschik@pengutronix.de>
[ Upstream commit adc292d54de9db2e6b8ecb7f81f278bbbaf713e9 ]
Since the req_free list will updated if enqueuing one request was not
possible it will be added back to the free list. With every available
free request in the queue it is a valid case for the pump worker to use
it and continue the pending bufferdata into requests for the req_ready
list.
Fixes: 6acba0345b68 ("usb:gadget:uvc Do not use worker thread to pump isoc usb requests")
Signed-off-by: Michael Grzeschik <m.grzeschik@pengutronix.de>
Link: https://lore.kernel.org/r/20240403-uvc_request_length_by_interval-v7-1-e224bb1035f0@pengutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/gadget/function/uvc_video.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/usb/gadget/function/uvc_video.c b/drivers/usb/gadget/function/uvc_video.c
index a9edd60fbbf77..48fd8d3c50b0c 100644
--- a/drivers/usb/gadget/function/uvc_video.c
+++ b/drivers/usb/gadget/function/uvc_video.c
@@ -480,6 +480,10 @@ uvc_video_complete(struct usb_ep *ep, struct usb_request *req)
* up later.
*/
list_add_tail(&to_queue->list, &video->req_free);
+ /*
+ * There is a new free request - wake up the pump.
+ */
+ queue_work(video->async_wq, &video->pump);
}
spin_unlock_irqrestore(&video->req_lock, flags);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 605/817] interconnect: qcom: icc-rpmh: probe defer incase of missing QoS clock dependency
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (603 preceding siblings ...)
2024-12-03 14:42 ` [PATCH 6.11 604/817] usb: gadget: uvc: wake pump everytime we update the free list Greg Kroah-Hartman
@ 2024-12-03 14:42 ` Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 606/817] phy: realtek: usb: fix NULL deref in rtk_usb2phy_probe Greg Kroah-Hartman
` (221 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Bjorn Andersson,
Raviteja Laggyshetty, Konrad Dybcio, Georgi Djakov, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Raviteja Laggyshetty <quic_rlaggysh@quicinc.com>
[ Upstream commit 05123e3299dd6aa02508469b303262338c2a661c ]
Return -EPROBE_DEFER from interconnect provider incase probe defer is
received from devm_clk_bulk_get_all(). This would help in reattempting
the inteconnect driver probe, once the required QoS clocks are
available.
Suggested-by: Bjorn Andersson <andersson@kernel.org>
Signed-off-by: Raviteja Laggyshetty <quic_rlaggysh@quicinc.com>
Reviewed-by: Konrad Dybcio <konradybcio@kernel.org>
Fixes: 0a7be6b35da8 ("interconnect: qcom: icc-rpmh: Add QoS configuration support")
Link: https://lore.kernel.org/r/20240911094516.16901-1-quic_rlaggysh@quicinc.com
Signed-off-by: Georgi Djakov <djakov@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/interconnect/qcom/icc-rpmh.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/interconnect/qcom/icc-rpmh.c b/drivers/interconnect/qcom/icc-rpmh.c
index f49a8e0cb03c0..adacd6f7d6a8f 100644
--- a/drivers/interconnect/qcom/icc-rpmh.c
+++ b/drivers/interconnect/qcom/icc-rpmh.c
@@ -311,6 +311,9 @@ int qcom_icc_rpmh_probe(struct platform_device *pdev)
}
qp->num_clks = devm_clk_bulk_get_all(qp->dev, &qp->clks);
+ if (qp->num_clks == -EPROBE_DEFER)
+ return dev_err_probe(dev, qp->num_clks, "Failed to get QoS clocks\n");
+
if (qp->num_clks < 0 || (!qp->num_clks && desc->qos_clks_required)) {
dev_info(dev, "Skipping QoS, failed to get clk: %d\n", qp->num_clks);
goto skip_qos_config;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 606/817] phy: realtek: usb: fix NULL deref in rtk_usb2phy_probe
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (604 preceding siblings ...)
2024-12-03 14:42 ` [PATCH 6.11 605/817] interconnect: qcom: icc-rpmh: probe defer incase of missing QoS clock dependency Greg Kroah-Hartman
@ 2024-12-03 14:42 ` Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 607/817] phy: realtek: usb: fix NULL deref in rtk_usb3phy_probe Greg Kroah-Hartman
` (220 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:42 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Charles Han, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Charles Han <hanchunchao@inspur.com>
[ Upstream commit 04e3e9188291a183b27306ddb833722c0d083d6a ]
In rtk_usb2phy_probe() devm_kzalloc() may return NULL
but this returned value is not checked.
Fixes: 134e6d25f6bd ("phy: realtek: usb: Add driver for the Realtek SoC USB 2.0 PHY")
Signed-off-by: Charles Han <hanchunchao@inspur.com>
Link: https://lore.kernel.org/r/20241025065912.143692-1-hanchunchao@inspur.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/phy/realtek/phy-rtk-usb2.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/phy/realtek/phy-rtk-usb2.c b/drivers/phy/realtek/phy-rtk-usb2.c
index e3ad7cea51099..e8ca2ec5998fe 100644
--- a/drivers/phy/realtek/phy-rtk-usb2.c
+++ b/drivers/phy/realtek/phy-rtk-usb2.c
@@ -1023,6 +1023,8 @@ static int rtk_usb2phy_probe(struct platform_device *pdev)
rtk_phy->dev = &pdev->dev;
rtk_phy->phy_cfg = devm_kzalloc(dev, sizeof(*phy_cfg), GFP_KERNEL);
+ if (!rtk_phy->phy_cfg)
+ return -ENOMEM;
memcpy(rtk_phy->phy_cfg, phy_cfg, sizeof(*phy_cfg));
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 607/817] phy: realtek: usb: fix NULL deref in rtk_usb3phy_probe
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (605 preceding siblings ...)
2024-12-03 14:42 ` [PATCH 6.11 606/817] phy: realtek: usb: fix NULL deref in rtk_usb2phy_probe Greg Kroah-Hartman
@ 2024-12-03 14:42 ` Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 608/817] counter: stm32-timer-cnt: Add check for clk_enable() Greg Kroah-Hartman
` (219 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:42 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Charles Han, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Charles Han <hanchunchao@inspur.com>
[ Upstream commit bf373d2919d98f3d1fe1b19a0304f72fe74386d9 ]
In rtk_usb3phy_probe() devm_kzalloc() may return NULL
but this returned value is not checked.
Fixes: adda6e82a7de ("phy: realtek: usb: Add driver for the Realtek SoC USB 3.0 PHY")
Signed-off-by: Charles Han <hanchunchao@inspur.com>
Link: https://lore.kernel.org/r/20241025070744.149070-1-hanchunchao@inspur.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/phy/realtek/phy-rtk-usb3.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/phy/realtek/phy-rtk-usb3.c b/drivers/phy/realtek/phy-rtk-usb3.c
index dfcf4b921bba6..96af483e5444b 100644
--- a/drivers/phy/realtek/phy-rtk-usb3.c
+++ b/drivers/phy/realtek/phy-rtk-usb3.c
@@ -577,6 +577,8 @@ static int rtk_usb3phy_probe(struct platform_device *pdev)
rtk_phy->dev = &pdev->dev;
rtk_phy->phy_cfg = devm_kzalloc(dev, sizeof(*phy_cfg), GFP_KERNEL);
+ if (!rtk_phy->phy_cfg)
+ return -ENOMEM;
memcpy(rtk_phy->phy_cfg, phy_cfg, sizeof(*phy_cfg));
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 608/817] counter: stm32-timer-cnt: Add check for clk_enable()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (606 preceding siblings ...)
2024-12-03 14:42 ` [PATCH 6.11 607/817] phy: realtek: usb: fix NULL deref in rtk_usb3phy_probe Greg Kroah-Hartman
@ 2024-12-03 14:43 ` Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 609/817] counter: ti-ecap-capture: " Greg Kroah-Hartman
` (218 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:43 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jiasheng Jiang,
William Breathitt Gray, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jiasheng Jiang <jiashengjiangcool@gmail.com>
[ Upstream commit 842c3755a6bfbfcafa4a1438078d2485a9eb1d87 ]
Add check for the return value of clk_enable() in order to catch the
potential exception.
Fixes: c5b8425514da ("counter: stm32-timer-cnt: add power management support")
Fixes: ad29937e206f ("counter: Add STM32 Timer quadrature encoder")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
Link: https://lore.kernel.org/r/20241104191825.40155-1-jiashengjiangcool@gmail.com
Signed-off-by: William Breathitt Gray <wbg@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/counter/stm32-timer-cnt.c | 16 +++++++++++++---
1 file changed, 13 insertions(+), 3 deletions(-)
diff --git a/drivers/counter/stm32-timer-cnt.c b/drivers/counter/stm32-timer-cnt.c
index 186e73d6ccb45..9c188d9edd89f 100644
--- a/drivers/counter/stm32-timer-cnt.c
+++ b/drivers/counter/stm32-timer-cnt.c
@@ -214,11 +214,17 @@ static int stm32_count_enable_write(struct counter_device *counter,
{
struct stm32_timer_cnt *const priv = counter_priv(counter);
u32 cr1;
+ int ret;
if (enable) {
regmap_read(priv->regmap, TIM_CR1, &cr1);
- if (!(cr1 & TIM_CR1_CEN))
- clk_enable(priv->clk);
+ if (!(cr1 & TIM_CR1_CEN)) {
+ ret = clk_enable(priv->clk);
+ if (ret) {
+ dev_err(counter->parent, "Cannot enable clock %d\n", ret);
+ return ret;
+ }
+ }
regmap_update_bits(priv->regmap, TIM_CR1, TIM_CR1_CEN,
TIM_CR1_CEN);
@@ -816,7 +822,11 @@ static int __maybe_unused stm32_timer_cnt_resume(struct device *dev)
return ret;
if (priv->enabled) {
- clk_enable(priv->clk);
+ ret = clk_enable(priv->clk);
+ if (ret) {
+ dev_err(dev, "Cannot enable clock %d\n", ret);
+ return ret;
+ }
/* Restore registers that may have been lost */
regmap_write(priv->regmap, TIM_SMCR, priv->bak.smcr);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 609/817] counter: ti-ecap-capture: Add check for clk_enable()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (607 preceding siblings ...)
2024-12-03 14:43 ` [PATCH 6.11 608/817] counter: stm32-timer-cnt: Add check for clk_enable() Greg Kroah-Hartman
@ 2024-12-03 14:43 ` Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 610/817] bus: mhi: host: Switch trace_mhi_gen_tre fields to native endian Greg Kroah-Hartman
` (217 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:43 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Julien Panis, Jiasheng Jiang,
William Breathitt Gray, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jiasheng Jiang <jiashengjiangcool@gmail.com>
[ Upstream commit 1437d9f1c56fce9c24e566508bce1d218dd5497a ]
Add check for the return value of clk_enable() in order to catch the
potential exception.
Fixes: 4e2f42aa00b6 ("counter: ti-ecap-capture: capture driver support for ECAP")
Reviewed-by: Julien Panis <jpanis@baylibre.com>
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
Link: https://lore.kernel.org/r/20241104194059.47924-1-jiashengjiangcool@gmail.com
Signed-off-by: William Breathitt Gray <wbg@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/counter/ti-ecap-capture.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/counter/ti-ecap-capture.c b/drivers/counter/ti-ecap-capture.c
index 675447315cafb..b119aeede693e 100644
--- a/drivers/counter/ti-ecap-capture.c
+++ b/drivers/counter/ti-ecap-capture.c
@@ -574,8 +574,13 @@ static int ecap_cnt_resume(struct device *dev)
{
struct counter_device *counter_dev = dev_get_drvdata(dev);
struct ecap_cnt_dev *ecap_dev = counter_priv(counter_dev);
+ int ret;
- clk_enable(ecap_dev->clk);
+ ret = clk_enable(ecap_dev->clk);
+ if (ret) {
+ dev_err(dev, "Cannot enable clock %d\n", ret);
+ return ret;
+ }
ecap_cnt_capture_set_evmode(counter_dev, ecap_dev->pm_ctx.ev_mode);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 610/817] bus: mhi: host: Switch trace_mhi_gen_tre fields to native endian
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (608 preceding siblings ...)
2024-12-03 14:43 ` [PATCH 6.11 609/817] counter: ti-ecap-capture: " Greg Kroah-Hartman
@ 2024-12-03 14:43 ` Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 611/817] usb: typec: fix potential array underflow in ucsi_ccg_sync_control() Greg Kroah-Hartman
` (216 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:43 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, kernel test robot, Carl Vanderlip,
Jeffrey Hugo, Mayank Rana, Manivannan Sadhasivam, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Carl Vanderlip <quic_carlv@quicinc.com>
[ Upstream commit 23388a1b305e8aac714fafd5fdc72a580586bd0c ]
Each of the __field() macros were triggering sparse warnings similar to:
trace.h:87:1: sparse: sparse: cast to restricted __le64
trace.h:87:1: sparse: sparse: restricted __le64 degrades to integer
trace.h:87:1: sparse: sparse: restricted __le64 degrades to integer
Change each little endian type to its similarly sized native integer.
Convert inputs into native endian.
Reported-by: kernel test robot <lkp@intel.com>
Closes: https://lore.kernel.org/oe-kbuild-all/202402071859.8qMhgJEQ-lkp@intel.com/
Fixes: ceeb64f41fe6 ("bus: mhi: host: Add tracing support")
Signed-off-by: Carl Vanderlip <quic_carlv@quicinc.com>
Reviewed-by: Jeffrey Hugo <quic_jhugo@quicinc.com>
Reviewed-by: Mayank Rana <quic_mrana@quicinc.com>
Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Link: https://lore.kernel.org/r/20241004170321.4047492-1-quic_carlv@quicinc.com
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/bus/mhi/host/trace.h | 25 +++++++++++++------------
1 file changed, 13 insertions(+), 12 deletions(-)
diff --git a/drivers/bus/mhi/host/trace.h b/drivers/bus/mhi/host/trace.h
index 95613c8ebe069..3e0c41777429e 100644
--- a/drivers/bus/mhi/host/trace.h
+++ b/drivers/bus/mhi/host/trace.h
@@ -9,6 +9,7 @@
#if !defined(_TRACE_EVENT_MHI_HOST_H) || defined(TRACE_HEADER_MULTI_READ)
#define _TRACE_EVENT_MHI_HOST_H
+#include <linux/byteorder/generic.h>
#include <linux/tracepoint.h>
#include <linux/trace_seq.h>
#include "../common.h"
@@ -97,18 +98,18 @@ TRACE_EVENT(mhi_gen_tre,
__string(name, mhi_cntrl->mhi_dev->name)
__field(int, ch_num)
__field(void *, wp)
- __field(__le64, tre_ptr)
- __field(__le32, dword0)
- __field(__le32, dword1)
+ __field(uint64_t, tre_ptr)
+ __field(uint32_t, dword0)
+ __field(uint32_t, dword1)
),
TP_fast_assign(
__assign_str(name);
__entry->ch_num = mhi_chan->chan;
__entry->wp = mhi_tre;
- __entry->tre_ptr = mhi_tre->ptr;
- __entry->dword0 = mhi_tre->dword[0];
- __entry->dword1 = mhi_tre->dword[1];
+ __entry->tre_ptr = le64_to_cpu(mhi_tre->ptr);
+ __entry->dword0 = le32_to_cpu(mhi_tre->dword[0]);
+ __entry->dword1 = le32_to_cpu(mhi_tre->dword[1]);
),
TP_printk("%s: Chan: %d TRE: 0x%p TRE buf: 0x%llx DWORD0: 0x%08x DWORD1: 0x%08x\n",
@@ -176,19 +177,19 @@ DECLARE_EVENT_CLASS(mhi_process_event_ring,
TP_STRUCT__entry(
__string(name, mhi_cntrl->mhi_dev->name)
- __field(__le32, dword0)
- __field(__le32, dword1)
+ __field(uint32_t, dword0)
+ __field(uint32_t, dword1)
__field(int, state)
- __field(__le64, ptr)
+ __field(uint64_t, ptr)
__field(void *, rp)
),
TP_fast_assign(
__assign_str(name);
__entry->rp = rp;
- __entry->ptr = rp->ptr;
- __entry->dword0 = rp->dword[0];
- __entry->dword1 = rp->dword[1];
+ __entry->ptr = le64_to_cpu(rp->ptr);
+ __entry->dword0 = le32_to_cpu(rp->dword[0]);
+ __entry->dword1 = le32_to_cpu(rp->dword[1]);
__entry->state = MHI_TRE_GET_EV_STATE(rp);
),
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 611/817] usb: typec: fix potential array underflow in ucsi_ccg_sync_control()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (609 preceding siblings ...)
2024-12-03 14:43 ` [PATCH 6.11 610/817] bus: mhi: host: Switch trace_mhi_gen_tre fields to native endian Greg Kroah-Hartman
@ 2024-12-03 14:43 ` Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 612/817] firmware_loader: Fix possible resource leak in fw_log_firmware_info() Greg Kroah-Hartman
` (215 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:43 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dan Carpenter, Heikki Krogerus,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dan Carpenter <dan.carpenter@linaro.org>
[ Upstream commit e56aac6e5a25630645607b6856d4b2a17b2311a5 ]
The "command" variable can be controlled by the user via debugfs. The
worry is that if con_index is zero then "&uc->ucsi->connector[con_index
- 1]" would be an array underflow.
Fixes: 170a6726d0e2 ("usb: typec: ucsi: add support for separate DP altmode devices")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Reviewed-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Link: https://lore.kernel.org/r/c69ef0b3-61b0-4dde-98dd-97b97f81d912@stanley.mountain
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/typec/ucsi/ucsi_ccg.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/usb/typec/ucsi/ucsi_ccg.c b/drivers/usb/typec/ucsi/ucsi_ccg.c
index 763ff99f000d9..14c2dc9255b54 100644
--- a/drivers/usb/typec/ucsi/ucsi_ccg.c
+++ b/drivers/usb/typec/ucsi/ucsi_ccg.c
@@ -644,6 +644,10 @@ static int ucsi_ccg_sync_control(struct ucsi *ucsi, u64 command)
uc->has_multiple_dp) {
con_index = (uc->last_cmd_sent >> 16) &
UCSI_CMD_CONNECTOR_MASK;
+ if (con_index == 0) {
+ ret = -EINVAL;
+ goto unlock;
+ }
con = &uc->ucsi->connector[con_index - 1];
ucsi_ccg_update_set_new_cam_cmd(uc, con, &command);
}
@@ -651,6 +655,7 @@ static int ucsi_ccg_sync_control(struct ucsi *ucsi, u64 command)
ret = ucsi_sync_control_common(ucsi, command);
pm_runtime_put_sync(uc->dev);
+unlock:
mutex_unlock(&uc->lock);
return ret;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 612/817] firmware_loader: Fix possible resource leak in fw_log_firmware_info()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (610 preceding siblings ...)
2024-12-03 14:43 ` [PATCH 6.11 611/817] usb: typec: fix potential array underflow in ucsi_ccg_sync_control() Greg Kroah-Hartman
@ 2024-12-03 14:43 ` Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 613/817] ALSA: hda/realtek: Update ALC256 depop procedure Greg Kroah-Hartman
` (214 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:43 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Gaosheng Cui,
Amadeusz Sławiński, Russ Weight, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Gaosheng Cui <cuigaosheng1@huawei.com>
[ Upstream commit 369a9c046c2fdfe037f05b43b84c386bdbccc103 ]
The alg instance should be released under the exception path, otherwise
there may be resource leak here.
To mitigate this, free the alg instance with crypto_free_shash when kmalloc
fails.
Fixes: 02fe26f25325 ("firmware_loader: Add debug message with checksum for FW file")
Signed-off-by: Gaosheng Cui <cuigaosheng1@huawei.com>
Reviewed-by: Amadeusz Sławiński <amadeuszx.slawinski@linux.intel.com>
Reviewed-by: Russ Weight <russ.weight@linux.dev>
Link: https://lore.kernel.org/r/20241016110335.3677924-1-cuigaosheng1@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/base/firmware_loader/main.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/drivers/base/firmware_loader/main.c b/drivers/base/firmware_loader/main.c
index 324a9a3c087aa..c6664a7879697 100644
--- a/drivers/base/firmware_loader/main.c
+++ b/drivers/base/firmware_loader/main.c
@@ -829,19 +829,18 @@ static void fw_log_firmware_info(const struct firmware *fw, const char *name, st
shash->tfm = alg;
if (crypto_shash_digest(shash, fw->data, fw->size, sha256buf) < 0)
- goto out_shash;
+ goto out_free;
for (int i = 0; i < SHA256_DIGEST_SIZE; i++)
sprintf(&outbuf[i * 2], "%02x", sha256buf[i]);
outbuf[SHA256_BLOCK_SIZE] = 0;
dev_dbg(device, "Loaded FW: %s, sha256: %s\n", name, outbuf);
-out_shash:
- crypto_free_shash(alg);
out_free:
kfree(shash);
kfree(outbuf);
kfree(sha256buf);
+ crypto_free_shash(alg);
}
#else
static void fw_log_firmware_info(const struct firmware *fw, const char *name,
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 613/817] ALSA: hda/realtek: Update ALC256 depop procedure
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (611 preceding siblings ...)
2024-12-03 14:43 ` [PATCH 6.11 612/817] firmware_loader: Fix possible resource leak in fw_log_firmware_info() Greg Kroah-Hartman
@ 2024-12-03 14:43 ` Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 614/817] drm/radeon: add helper rdev_to_drm(rdev) Greg Kroah-Hartman
` (213 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:43 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Kailang Yang, Takashi Iwai,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kailang Yang <kailang@realtek.com>
[ Upstream commit cc3d0b5dd989d3238d456f9fd385946379a9c13d ]
Old procedure has a chance to meet Headphone no output.
Fixes: 4a219ef8f370 ("ALSA: hda/realtek - Add ALC256 HP depop function")
Signed-off-by: Kailang Yang <kailang@realtek.com>
Link: https://lore.kernel.org/463c5f93715d4714967041a0a8cec28e@realtek.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/pci/hda/patch_realtek.c | 42 ++++++++++++++++-------------------
1 file changed, 19 insertions(+), 23 deletions(-)
diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
index 149079afa7969..dcbb7981496c9 100644
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -3602,25 +3602,22 @@ static void alc256_init(struct hda_codec *codec)
hp_pin_sense = snd_hda_jack_detect(codec, hp_pin);
- if (hp_pin_sense)
+ if (hp_pin_sense) {
msleep(2);
+ alc_update_coefex_idx(codec, 0x57, 0x04, 0x0007, 0x1); /* Low power */
- alc_update_coefex_idx(codec, 0x57, 0x04, 0x0007, 0x1); /* Low power */
-
- snd_hda_codec_write(codec, hp_pin, 0,
- AC_VERB_SET_AMP_GAIN_MUTE, AMP_OUT_MUTE);
-
- if (hp_pin_sense || spec->ultra_low_power)
- msleep(85);
-
- snd_hda_codec_write(codec, hp_pin, 0,
+ snd_hda_codec_write(codec, hp_pin, 0,
AC_VERB_SET_PIN_WIDGET_CONTROL, PIN_OUT);
- if (hp_pin_sense || spec->ultra_low_power)
- msleep(100);
+ msleep(75);
+
+ snd_hda_codec_write(codec, hp_pin, 0,
+ AC_VERB_SET_AMP_GAIN_MUTE, AMP_OUT_UNMUTE);
+ msleep(75);
+ alc_update_coefex_idx(codec, 0x57, 0x04, 0x0007, 0x4); /* Hight power */
+ }
alc_update_coef_idx(codec, 0x46, 3 << 12, 0);
- alc_update_coefex_idx(codec, 0x57, 0x04, 0x0007, 0x4); /* Hight power */
alc_update_coefex_idx(codec, 0x53, 0x02, 0x8000, 1 << 15); /* Clear bit */
alc_update_coefex_idx(codec, 0x53, 0x02, 0x8000, 0 << 15);
/*
@@ -3644,29 +3641,28 @@ static void alc256_shutup(struct hda_codec *codec)
alc_update_coefex_idx(codec, 0x57, 0x04, 0x0007, 0x1); /* Low power */
hp_pin_sense = snd_hda_jack_detect(codec, hp_pin);
- if (hp_pin_sense)
+ if (hp_pin_sense) {
msleep(2);
- snd_hda_codec_write(codec, hp_pin, 0,
+ snd_hda_codec_write(codec, hp_pin, 0,
AC_VERB_SET_AMP_GAIN_MUTE, AMP_OUT_MUTE);
- if (hp_pin_sense || spec->ultra_low_power)
- msleep(85);
+ msleep(75);
/* 3k pull low control for Headset jack. */
/* NOTE: call this before clearing the pin, otherwise codec stalls */
/* If disable 3k pulldown control for alc257, the Mic detection will not work correctly
* when booting with headset plugged. So skip setting it for the codec alc257
*/
- if (spec->en_3kpull_low)
- alc_update_coef_idx(codec, 0x46, 0, 3 << 12);
+ if (spec->en_3kpull_low)
+ alc_update_coef_idx(codec, 0x46, 0, 3 << 12);
- if (!spec->no_shutup_pins)
- snd_hda_codec_write(codec, hp_pin, 0,
+ if (!spec->no_shutup_pins)
+ snd_hda_codec_write(codec, hp_pin, 0,
AC_VERB_SET_PIN_WIDGET_CONTROL, 0x0);
- if (hp_pin_sense || spec->ultra_low_power)
- msleep(100);
+ msleep(75);
+ }
alc_auto_setup_eapd(codec, false);
alc_shutup_pins(codec);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 614/817] drm/radeon: add helper rdev_to_drm(rdev)
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (612 preceding siblings ...)
2024-12-03 14:43 ` [PATCH 6.11 613/817] ALSA: hda/realtek: Update ALC256 depop procedure Greg Kroah-Hartman
@ 2024-12-03 14:43 ` Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 615/817] drm/radeon: change rdev->ddev to rdev_to_drm(rdev) Greg Kroah-Hartman
` (212 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:43 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Thomas Zimmermann, Wu Hoi Pok,
Alex Deucher, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Wu Hoi Pok <wuhoipok@gmail.com>
[ Upstream commit a6e23bec8ed184ed2a11080b28cdbd7a3024f0c0 ]
Add helper rdev_to_drm(rdev), similar to amdgpu, most function should
access the "drm_device" with "rdev_to_drm(rdev)" instead, where amdgpu has
"adev_to_drm(adev)". It also makes changing from "*drm_device" to "drm_device"
in "radeon_devicce" later on easier.
Reviewed-by: Thomas Zimmermann <tzimmermann@suse.de>
Tested-by: Thomas Zimmermann <tzimmermann@suse.de>
Signed-off-by: Wu Hoi Pok <wuhoipok@gmail.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Stable-dep-of: 7037bb04265e ("drm/radeon: Fix spurious unplug event on radeon HDMI")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/radeon/radeon.h | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/gpu/drm/radeon/radeon.h b/drivers/gpu/drm/radeon/radeon.h
index 0999c8eaae94a..ae35c102a487e 100644
--- a/drivers/gpu/drm/radeon/radeon.h
+++ b/drivers/gpu/drm/radeon/radeon.h
@@ -2476,6 +2476,11 @@ void r100_io_wreg(struct radeon_device *rdev, u32 reg, u32 v);
u32 cik_mm_rdoorbell(struct radeon_device *rdev, u32 index);
void cik_mm_wdoorbell(struct radeon_device *rdev, u32 index, u32 v);
+static inline struct drm_device *rdev_to_drm(struct radeon_device *rdev)
+{
+ return rdev->ddev;
+}
+
/*
* Cast helper
*/
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 615/817] drm/radeon: change rdev->ddev to rdev_to_drm(rdev)
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (613 preceding siblings ...)
2024-12-03 14:43 ` [PATCH 6.11 614/817] drm/radeon: add helper rdev_to_drm(rdev) Greg Kroah-Hartman
@ 2024-12-03 14:43 ` Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 616/817] drm/radeon: Fix spurious unplug event on radeon HDMI Greg Kroah-Hartman
` (211 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:43 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Thomas Zimmermann, Wu Hoi Pok,
Alex Deucher, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Wu Hoi Pok <wuhoipok@gmail.com>
[ Upstream commit fb1b5e1dd53fc834e12f69749cbc8484382599c4 ]
This patch changes the way "drm_device" is accessed. It uses "rdev_to_drm(rdev)"
instead of accessing the struct member directly.
Reviewed-by: Thomas Zimmermann <tzimmermann@suse.de>
Tested-by: Thomas Zimmermann <tzimmermann@suse.de>
Signed-off-by: Wu Hoi Pok <wuhoipok@gmail.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Stable-dep-of: 7037bb04265e ("drm/radeon: Fix spurious unplug event on radeon HDMI")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/radeon/atombios_encoders.c | 2 +-
drivers/gpu/drm/radeon/cik.c | 14 ++--
drivers/gpu/drm/radeon/dce6_afmt.c | 2 +-
drivers/gpu/drm/radeon/evergreen.c | 12 ++--
drivers/gpu/drm/radeon/ni.c | 2 +-
drivers/gpu/drm/radeon/r100.c | 24 +++----
drivers/gpu/drm/radeon/r300.c | 6 +-
drivers/gpu/drm/radeon/r420.c | 6 +-
drivers/gpu/drm/radeon/r520.c | 2 +-
drivers/gpu/drm/radeon/r600.c | 12 ++--
drivers/gpu/drm/radeon/r600_cs.c | 2 +-
drivers/gpu/drm/radeon/r600_dpm.c | 4 +-
drivers/gpu/drm/radeon/r600_hdmi.c | 2 +-
drivers/gpu/drm/radeon/radeon_acpi.c | 10 +--
drivers/gpu/drm/radeon/radeon_agp.c | 2 +-
drivers/gpu/drm/radeon/radeon_atombios.c | 2 +-
drivers/gpu/drm/radeon/radeon_audio.c | 4 +-
drivers/gpu/drm/radeon/radeon_combios.c | 12 ++--
drivers/gpu/drm/radeon/radeon_device.c | 10 +--
drivers/gpu/drm/radeon/radeon_display.c | 74 +++++++++++-----------
drivers/gpu/drm/radeon/radeon_fbdev.c | 26 ++++----
drivers/gpu/drm/radeon/radeon_fence.c | 8 +--
drivers/gpu/drm/radeon/radeon_gem.c | 2 +-
drivers/gpu/drm/radeon/radeon_i2c.c | 2 +-
drivers/gpu/drm/radeon/radeon_ib.c | 2 +-
drivers/gpu/drm/radeon/radeon_irq_kms.c | 12 ++--
drivers/gpu/drm/radeon/radeon_object.c | 2 +-
drivers/gpu/drm/radeon/radeon_pm.c | 20 +++---
drivers/gpu/drm/radeon/radeon_ring.c | 2 +-
drivers/gpu/drm/radeon/radeon_ttm.c | 6 +-
drivers/gpu/drm/radeon/rs400.c | 6 +-
drivers/gpu/drm/radeon/rs600.c | 14 ++--
drivers/gpu/drm/radeon/rs690.c | 2 +-
drivers/gpu/drm/radeon/rv515.c | 4 +-
drivers/gpu/drm/radeon/rv770.c | 2 +-
drivers/gpu/drm/radeon/si.c | 4 +-
36 files changed, 159 insertions(+), 159 deletions(-)
diff --git a/drivers/gpu/drm/radeon/atombios_encoders.c b/drivers/gpu/drm/radeon/atombios_encoders.c
index 03e6871b30653..c82e0fbc49b4b 100644
--- a/drivers/gpu/drm/radeon/atombios_encoders.c
+++ b/drivers/gpu/drm/radeon/atombios_encoders.c
@@ -2179,7 +2179,7 @@ int radeon_atom_pick_dig_encoder(struct drm_encoder *encoder, int fe_idx)
void
radeon_atom_encoder_init(struct radeon_device *rdev)
{
- struct drm_device *dev = rdev->ddev;
+ struct drm_device *dev = rdev_to_drm(rdev);
struct drm_encoder *encoder;
list_for_each_entry(encoder, &dev->mode_config.encoder_list, head) {
diff --git a/drivers/gpu/drm/radeon/cik.c b/drivers/gpu/drm/radeon/cik.c
index b5e96a8fc2c16..11a492f21157f 100644
--- a/drivers/gpu/drm/radeon/cik.c
+++ b/drivers/gpu/drm/radeon/cik.c
@@ -7585,7 +7585,7 @@ int cik_irq_process(struct radeon_device *rdev)
DRM_DEBUG("IH: IH event w/o asserted irq bit?\n");
if (rdev->irq.crtc_vblank_int[0]) {
- drm_handle_vblank(rdev->ddev, 0);
+ drm_handle_vblank(rdev_to_drm(rdev), 0);
rdev->pm.vblank_sync = true;
wake_up(&rdev->irq.vblank_queue);
}
@@ -7615,7 +7615,7 @@ int cik_irq_process(struct radeon_device *rdev)
DRM_DEBUG("IH: IH event w/o asserted irq bit?\n");
if (rdev->irq.crtc_vblank_int[1]) {
- drm_handle_vblank(rdev->ddev, 1);
+ drm_handle_vblank(rdev_to_drm(rdev), 1);
rdev->pm.vblank_sync = true;
wake_up(&rdev->irq.vblank_queue);
}
@@ -7645,7 +7645,7 @@ int cik_irq_process(struct radeon_device *rdev)
DRM_DEBUG("IH: IH event w/o asserted irq bit?\n");
if (rdev->irq.crtc_vblank_int[2]) {
- drm_handle_vblank(rdev->ddev, 2);
+ drm_handle_vblank(rdev_to_drm(rdev), 2);
rdev->pm.vblank_sync = true;
wake_up(&rdev->irq.vblank_queue);
}
@@ -7675,7 +7675,7 @@ int cik_irq_process(struct radeon_device *rdev)
DRM_DEBUG("IH: IH event w/o asserted irq bit?\n");
if (rdev->irq.crtc_vblank_int[3]) {
- drm_handle_vblank(rdev->ddev, 3);
+ drm_handle_vblank(rdev_to_drm(rdev), 3);
rdev->pm.vblank_sync = true;
wake_up(&rdev->irq.vblank_queue);
}
@@ -7705,7 +7705,7 @@ int cik_irq_process(struct radeon_device *rdev)
DRM_DEBUG("IH: IH event w/o asserted irq bit?\n");
if (rdev->irq.crtc_vblank_int[4]) {
- drm_handle_vblank(rdev->ddev, 4);
+ drm_handle_vblank(rdev_to_drm(rdev), 4);
rdev->pm.vblank_sync = true;
wake_up(&rdev->irq.vblank_queue);
}
@@ -7735,7 +7735,7 @@ int cik_irq_process(struct radeon_device *rdev)
DRM_DEBUG("IH: IH event w/o asserted irq bit?\n");
if (rdev->irq.crtc_vblank_int[5]) {
- drm_handle_vblank(rdev->ddev, 5);
+ drm_handle_vblank(rdev_to_drm(rdev), 5);
rdev->pm.vblank_sync = true;
wake_up(&rdev->irq.vblank_queue);
}
@@ -8581,7 +8581,7 @@ int cik_init(struct radeon_device *rdev)
/* Initialize surface registers */
radeon_surface_init(rdev);
/* Initialize clocks */
- radeon_get_clock_info(rdev->ddev);
+ radeon_get_clock_info(rdev_to_drm(rdev));
/* Fence driver */
radeon_fence_driver_init(rdev);
diff --git a/drivers/gpu/drm/radeon/dce6_afmt.c b/drivers/gpu/drm/radeon/dce6_afmt.c
index 4c06f47453fd2..d6ab93ed9ec4c 100644
--- a/drivers/gpu/drm/radeon/dce6_afmt.c
+++ b/drivers/gpu/drm/radeon/dce6_afmt.c
@@ -91,7 +91,7 @@ struct r600_audio_pin *dce6_audio_get_pin(struct radeon_device *rdev)
pin = &rdev->audio.pin[i];
pin_count = 0;
- list_for_each_entry(encoder, &rdev->ddev->mode_config.encoder_list, head) {
+ list_for_each_entry(encoder, &rdev_to_drm(rdev)->mode_config.encoder_list, head) {
if (radeon_encoder_is_digital(encoder)) {
radeon_encoder = to_radeon_encoder(encoder);
dig = radeon_encoder->enc_priv;
diff --git a/drivers/gpu/drm/radeon/evergreen.c b/drivers/gpu/drm/radeon/evergreen.c
index c634dc28e6c30..bc4ab71613a55 100644
--- a/drivers/gpu/drm/radeon/evergreen.c
+++ b/drivers/gpu/drm/radeon/evergreen.c
@@ -1673,7 +1673,7 @@ void evergreen_pm_misc(struct radeon_device *rdev)
*/
void evergreen_pm_prepare(struct radeon_device *rdev)
{
- struct drm_device *ddev = rdev->ddev;
+ struct drm_device *ddev = rdev_to_drm(rdev);
struct drm_crtc *crtc;
struct radeon_crtc *radeon_crtc;
u32 tmp;
@@ -1698,7 +1698,7 @@ void evergreen_pm_prepare(struct radeon_device *rdev)
*/
void evergreen_pm_finish(struct radeon_device *rdev)
{
- struct drm_device *ddev = rdev->ddev;
+ struct drm_device *ddev = rdev_to_drm(rdev);
struct drm_crtc *crtc;
struct radeon_crtc *radeon_crtc;
u32 tmp;
@@ -1763,7 +1763,7 @@ void evergreen_hpd_set_polarity(struct radeon_device *rdev,
*/
void evergreen_hpd_init(struct radeon_device *rdev)
{
- struct drm_device *dev = rdev->ddev;
+ struct drm_device *dev = rdev_to_drm(rdev);
struct drm_connector *connector;
unsigned enabled = 0;
u32 tmp = DC_HPDx_CONNECTION_TIMER(0x9c4) |
@@ -1804,7 +1804,7 @@ void evergreen_hpd_init(struct radeon_device *rdev)
*/
void evergreen_hpd_fini(struct radeon_device *rdev)
{
- struct drm_device *dev = rdev->ddev;
+ struct drm_device *dev = rdev_to_drm(rdev);
struct drm_connector *connector;
unsigned disabled = 0;
@@ -4753,7 +4753,7 @@ int evergreen_irq_process(struct radeon_device *rdev)
event_name = "vblank";
if (rdev->irq.crtc_vblank_int[crtc_idx]) {
- drm_handle_vblank(rdev->ddev, crtc_idx);
+ drm_handle_vblank(rdev_to_drm(rdev), crtc_idx);
rdev->pm.vblank_sync = true;
wake_up(&rdev->irq.vblank_queue);
}
@@ -5211,7 +5211,7 @@ int evergreen_init(struct radeon_device *rdev)
/* Initialize surface registers */
radeon_surface_init(rdev);
/* Initialize clocks */
- radeon_get_clock_info(rdev->ddev);
+ radeon_get_clock_info(rdev_to_drm(rdev));
/* Fence driver */
radeon_fence_driver_init(rdev);
/* initialize AGP */
diff --git a/drivers/gpu/drm/radeon/ni.c b/drivers/gpu/drm/radeon/ni.c
index 77aee99e473a6..3890911fe693c 100644
--- a/drivers/gpu/drm/radeon/ni.c
+++ b/drivers/gpu/drm/radeon/ni.c
@@ -2360,7 +2360,7 @@ int cayman_init(struct radeon_device *rdev)
/* Initialize surface registers */
radeon_surface_init(rdev);
/* Initialize clocks */
- radeon_get_clock_info(rdev->ddev);
+ radeon_get_clock_info(rdev_to_drm(rdev));
/* Fence driver */
radeon_fence_driver_init(rdev);
/* initialize memory controller */
diff --git a/drivers/gpu/drm/radeon/r100.c b/drivers/gpu/drm/radeon/r100.c
index bfd42e3e161e9..80703417d8a18 100644
--- a/drivers/gpu/drm/radeon/r100.c
+++ b/drivers/gpu/drm/radeon/r100.c
@@ -459,7 +459,7 @@ void r100_pm_misc(struct radeon_device *rdev)
*/
void r100_pm_prepare(struct radeon_device *rdev)
{
- struct drm_device *ddev = rdev->ddev;
+ struct drm_device *ddev = rdev_to_drm(rdev);
struct drm_crtc *crtc;
struct radeon_crtc *radeon_crtc;
u32 tmp;
@@ -490,7 +490,7 @@ void r100_pm_prepare(struct radeon_device *rdev)
*/
void r100_pm_finish(struct radeon_device *rdev)
{
- struct drm_device *ddev = rdev->ddev;
+ struct drm_device *ddev = rdev_to_drm(rdev);
struct drm_crtc *crtc;
struct radeon_crtc *radeon_crtc;
u32 tmp;
@@ -603,7 +603,7 @@ void r100_hpd_set_polarity(struct radeon_device *rdev,
*/
void r100_hpd_init(struct radeon_device *rdev)
{
- struct drm_device *dev = rdev->ddev;
+ struct drm_device *dev = rdev_to_drm(rdev);
struct drm_connector *connector;
unsigned enable = 0;
@@ -626,7 +626,7 @@ void r100_hpd_init(struct radeon_device *rdev)
*/
void r100_hpd_fini(struct radeon_device *rdev)
{
- struct drm_device *dev = rdev->ddev;
+ struct drm_device *dev = rdev_to_drm(rdev);
struct drm_connector *connector;
unsigned disable = 0;
@@ -798,7 +798,7 @@ int r100_irq_process(struct radeon_device *rdev)
/* Vertical blank interrupts */
if (status & RADEON_CRTC_VBLANK_STAT) {
if (rdev->irq.crtc_vblank_int[0]) {
- drm_handle_vblank(rdev->ddev, 0);
+ drm_handle_vblank(rdev_to_drm(rdev), 0);
rdev->pm.vblank_sync = true;
wake_up(&rdev->irq.vblank_queue);
}
@@ -807,7 +807,7 @@ int r100_irq_process(struct radeon_device *rdev)
}
if (status & RADEON_CRTC2_VBLANK_STAT) {
if (rdev->irq.crtc_vblank_int[1]) {
- drm_handle_vblank(rdev->ddev, 1);
+ drm_handle_vblank(rdev_to_drm(rdev), 1);
rdev->pm.vblank_sync = true;
wake_up(&rdev->irq.vblank_queue);
}
@@ -1491,7 +1491,7 @@ int r100_cs_packet_parse_vline(struct radeon_cs_parser *p)
header = radeon_get_ib_value(p, h_idx);
crtc_id = radeon_get_ib_value(p, h_idx + 5);
reg = R100_CP_PACKET0_GET_REG(header);
- crtc = drm_crtc_find(p->rdev->ddev, p->filp, crtc_id);
+ crtc = drm_crtc_find(rdev_to_drm(p->rdev), p->filp, crtc_id);
if (!crtc) {
DRM_ERROR("cannot find crtc %d\n", crtc_id);
return -ENOENT;
@@ -3079,7 +3079,7 @@ DEFINE_SHOW_ATTRIBUTE(r100_debugfs_mc_info);
void r100_debugfs_rbbm_init(struct radeon_device *rdev)
{
#if defined(CONFIG_DEBUG_FS)
- struct dentry *root = rdev->ddev->primary->debugfs_root;
+ struct dentry *root = rdev_to_drm(rdev)->primary->debugfs_root;
debugfs_create_file("r100_rbbm_info", 0444, root, rdev,
&r100_debugfs_rbbm_info_fops);
@@ -3089,7 +3089,7 @@ void r100_debugfs_rbbm_init(struct radeon_device *rdev)
void r100_debugfs_cp_init(struct radeon_device *rdev)
{
#if defined(CONFIG_DEBUG_FS)
- struct dentry *root = rdev->ddev->primary->debugfs_root;
+ struct dentry *root = rdev_to_drm(rdev)->primary->debugfs_root;
debugfs_create_file("r100_cp_ring_info", 0444, root, rdev,
&r100_debugfs_cp_ring_info_fops);
@@ -3101,7 +3101,7 @@ void r100_debugfs_cp_init(struct radeon_device *rdev)
void r100_debugfs_mc_info_init(struct radeon_device *rdev)
{
#if defined(CONFIG_DEBUG_FS)
- struct dentry *root = rdev->ddev->primary->debugfs_root;
+ struct dentry *root = rdev_to_drm(rdev)->primary->debugfs_root;
debugfs_create_file("r100_mc_info", 0444, root, rdev,
&r100_debugfs_mc_info_fops);
@@ -3967,7 +3967,7 @@ int r100_resume(struct radeon_device *rdev)
RREG32(R_0007C0_CP_STAT));
}
/* post */
- radeon_combios_asic_init(rdev->ddev);
+ radeon_combios_asic_init(rdev_to_drm(rdev));
/* Resume clock after posting */
r100_clock_startup(rdev);
/* Initialize surface registers */
@@ -4076,7 +4076,7 @@ int r100_init(struct radeon_device *rdev)
/* Set asic errata */
r100_errata(rdev);
/* Initialize clocks */
- radeon_get_clock_info(rdev->ddev);
+ radeon_get_clock_info(rdev_to_drm(rdev));
/* initialize AGP */
if (rdev->flags & RADEON_IS_AGP) {
r = radeon_agp_init(rdev);
diff --git a/drivers/gpu/drm/radeon/r300.c b/drivers/gpu/drm/radeon/r300.c
index 1620f534f55f6..05c13102a8cb8 100644
--- a/drivers/gpu/drm/radeon/r300.c
+++ b/drivers/gpu/drm/radeon/r300.c
@@ -616,7 +616,7 @@ DEFINE_SHOW_ATTRIBUTE(rv370_debugfs_pcie_gart_info);
static void rv370_debugfs_pcie_gart_info_init(struct radeon_device *rdev)
{
#if defined(CONFIG_DEBUG_FS)
- struct dentry *root = rdev->ddev->primary->debugfs_root;
+ struct dentry *root = rdev_to_drm(rdev)->primary->debugfs_root;
debugfs_create_file("rv370_pcie_gart_info", 0444, root, rdev,
&rv370_debugfs_pcie_gart_info_fops);
@@ -1452,7 +1452,7 @@ int r300_resume(struct radeon_device *rdev)
RREG32(R_0007C0_CP_STAT));
}
/* post */
- radeon_combios_asic_init(rdev->ddev);
+ radeon_combios_asic_init(rdev_to_drm(rdev));
/* Resume clock after posting */
r300_clock_startup(rdev);
/* Initialize surface registers */
@@ -1538,7 +1538,7 @@ int r300_init(struct radeon_device *rdev)
/* Set asic errata */
r300_errata(rdev);
/* Initialize clocks */
- radeon_get_clock_info(rdev->ddev);
+ radeon_get_clock_info(rdev_to_drm(rdev));
/* initialize AGP */
if (rdev->flags & RADEON_IS_AGP) {
r = radeon_agp_init(rdev);
diff --git a/drivers/gpu/drm/radeon/r420.c b/drivers/gpu/drm/radeon/r420.c
index a979662eaa73b..9a31cdec64157 100644
--- a/drivers/gpu/drm/radeon/r420.c
+++ b/drivers/gpu/drm/radeon/r420.c
@@ -322,7 +322,7 @@ int r420_resume(struct radeon_device *rdev)
if (rdev->is_atom_bios) {
atom_asic_init(rdev->mode_info.atom_context);
} else {
- radeon_combios_asic_init(rdev->ddev);
+ radeon_combios_asic_init(rdev_to_drm(rdev));
}
/* Resume clock after posting */
r420_clock_resume(rdev);
@@ -414,7 +414,7 @@ int r420_init(struct radeon_device *rdev)
return -EINVAL;
/* Initialize clocks */
- radeon_get_clock_info(rdev->ddev);
+ radeon_get_clock_info(rdev_to_drm(rdev));
/* initialize AGP */
if (rdev->flags & RADEON_IS_AGP) {
r = radeon_agp_init(rdev);
@@ -493,7 +493,7 @@ DEFINE_SHOW_ATTRIBUTE(r420_debugfs_pipes_info);
void r420_debugfs_pipes_info_init(struct radeon_device *rdev)
{
#if defined(CONFIG_DEBUG_FS)
- struct dentry *root = rdev->ddev->primary->debugfs_root;
+ struct dentry *root = rdev_to_drm(rdev)->primary->debugfs_root;
debugfs_create_file("r420_pipes_info", 0444, root, rdev,
&r420_debugfs_pipes_info_fops);
diff --git a/drivers/gpu/drm/radeon/r520.c b/drivers/gpu/drm/radeon/r520.c
index 6cbcaa8451924..08e127b3249a2 100644
--- a/drivers/gpu/drm/radeon/r520.c
+++ b/drivers/gpu/drm/radeon/r520.c
@@ -287,7 +287,7 @@ int r520_init(struct radeon_device *rdev)
atom_asic_init(rdev->mode_info.atom_context);
}
/* Initialize clocks */
- radeon_get_clock_info(rdev->ddev);
+ radeon_get_clock_info(rdev_to_drm(rdev));
/* initialize AGP */
if (rdev->flags & RADEON_IS_AGP) {
r = radeon_agp_init(rdev);
diff --git a/drivers/gpu/drm/radeon/r600.c b/drivers/gpu/drm/radeon/r600.c
index 087d41e370fdc..8b62f7faa5b99 100644
--- a/drivers/gpu/drm/radeon/r600.c
+++ b/drivers/gpu/drm/radeon/r600.c
@@ -950,7 +950,7 @@ void r600_hpd_set_polarity(struct radeon_device *rdev,
void r600_hpd_init(struct radeon_device *rdev)
{
- struct drm_device *dev = rdev->ddev;
+ struct drm_device *dev = rdev_to_drm(rdev);
struct drm_connector *connector;
unsigned enable = 0;
@@ -1017,7 +1017,7 @@ void r600_hpd_init(struct radeon_device *rdev)
void r600_hpd_fini(struct radeon_device *rdev)
{
- struct drm_device *dev = rdev->ddev;
+ struct drm_device *dev = rdev_to_drm(rdev);
struct drm_connector *connector;
unsigned disable = 0;
@@ -3280,7 +3280,7 @@ int r600_init(struct radeon_device *rdev)
/* Initialize surface registers */
radeon_surface_init(rdev);
/* Initialize clocks */
- radeon_get_clock_info(rdev->ddev);
+ radeon_get_clock_info(rdev_to_drm(rdev));
/* Fence driver */
radeon_fence_driver_init(rdev);
if (rdev->flags & RADEON_IS_AGP) {
@@ -4136,7 +4136,7 @@ int r600_irq_process(struct radeon_device *rdev)
DRM_DEBUG("IH: D1 vblank - IH event w/o asserted irq bit?\n");
if (rdev->irq.crtc_vblank_int[0]) {
- drm_handle_vblank(rdev->ddev, 0);
+ drm_handle_vblank(rdev_to_drm(rdev), 0);
rdev->pm.vblank_sync = true;
wake_up(&rdev->irq.vblank_queue);
}
@@ -4166,7 +4166,7 @@ int r600_irq_process(struct radeon_device *rdev)
DRM_DEBUG("IH: D2 vblank - IH event w/o asserted irq bit?\n");
if (rdev->irq.crtc_vblank_int[1]) {
- drm_handle_vblank(rdev->ddev, 1);
+ drm_handle_vblank(rdev_to_drm(rdev), 1);
rdev->pm.vblank_sync = true;
wake_up(&rdev->irq.vblank_queue);
}
@@ -4358,7 +4358,7 @@ DEFINE_SHOW_ATTRIBUTE(r600_debugfs_mc_info);
static void r600_debugfs_mc_info_init(struct radeon_device *rdev)
{
#if defined(CONFIG_DEBUG_FS)
- struct dentry *root = rdev->ddev->primary->debugfs_root;
+ struct dentry *root = rdev_to_drm(rdev)->primary->debugfs_root;
debugfs_create_file("r600_mc_info", 0444, root, rdev,
&r600_debugfs_mc_info_fops);
diff --git a/drivers/gpu/drm/radeon/r600_cs.c b/drivers/gpu/drm/radeon/r600_cs.c
index 6cf54a747749d..1b2d31c4d77ca 100644
--- a/drivers/gpu/drm/radeon/r600_cs.c
+++ b/drivers/gpu/drm/radeon/r600_cs.c
@@ -884,7 +884,7 @@ int r600_cs_common_vline_parse(struct radeon_cs_parser *p,
crtc_id = radeon_get_ib_value(p, h_idx + 2 + 7 + 1);
reg = R600_CP_PACKET0_GET_REG(header);
- crtc = drm_crtc_find(p->rdev->ddev, p->filp, crtc_id);
+ crtc = drm_crtc_find(rdev_to_drm(p->rdev), p->filp, crtc_id);
if (!crtc) {
DRM_ERROR("cannot find crtc %d\n", crtc_id);
return -ENOENT;
diff --git a/drivers/gpu/drm/radeon/r600_dpm.c b/drivers/gpu/drm/radeon/r600_dpm.c
index 64980a61d38a8..81d58ef667dd4 100644
--- a/drivers/gpu/drm/radeon/r600_dpm.c
+++ b/drivers/gpu/drm/radeon/r600_dpm.c
@@ -153,7 +153,7 @@ void r600_dpm_print_ps_status(struct radeon_device *rdev,
u32 r600_dpm_get_vblank_time(struct radeon_device *rdev)
{
- struct drm_device *dev = rdev->ddev;
+ struct drm_device *dev = rdev_to_drm(rdev);
struct drm_crtc *crtc;
struct radeon_crtc *radeon_crtc;
u32 vblank_in_pixels;
@@ -180,7 +180,7 @@ u32 r600_dpm_get_vblank_time(struct radeon_device *rdev)
u32 r600_dpm_get_vrefresh(struct radeon_device *rdev)
{
- struct drm_device *dev = rdev->ddev;
+ struct drm_device *dev = rdev_to_drm(rdev);
struct drm_crtc *crtc;
struct radeon_crtc *radeon_crtc;
u32 vrefresh = 0;
diff --git a/drivers/gpu/drm/radeon/r600_hdmi.c b/drivers/gpu/drm/radeon/r600_hdmi.c
index f3551ebaa2f08..661f374f5f27a 100644
--- a/drivers/gpu/drm/radeon/r600_hdmi.c
+++ b/drivers/gpu/drm/radeon/r600_hdmi.c
@@ -116,7 +116,7 @@ void r600_audio_update_hdmi(struct work_struct *work)
{
struct radeon_device *rdev = container_of(work, struct radeon_device,
audio_work);
- struct drm_device *dev = rdev->ddev;
+ struct drm_device *dev = rdev_to_drm(rdev);
struct r600_audio_pin audio_status = r600_audio_status(rdev);
struct drm_encoder *encoder;
bool changed = false;
diff --git a/drivers/gpu/drm/radeon/radeon_acpi.c b/drivers/gpu/drm/radeon/radeon_acpi.c
index 603a78e41ba55..22ce61bdfc060 100644
--- a/drivers/gpu/drm/radeon/radeon_acpi.c
+++ b/drivers/gpu/drm/radeon/radeon_acpi.c
@@ -405,11 +405,11 @@ static int radeon_atif_handler(struct radeon_device *rdev,
if (req.pending & ATIF_DGPU_DISPLAY_EVENT) {
if ((rdev->flags & RADEON_IS_PX) &&
radeon_atpx_dgpu_req_power_for_displays()) {
- pm_runtime_get_sync(rdev->ddev->dev);
+ pm_runtime_get_sync(rdev_to_drm(rdev)->dev);
/* Just fire off a uevent and let userspace tell us what to do */
- drm_helper_hpd_irq_event(rdev->ddev);
- pm_runtime_mark_last_busy(rdev->ddev->dev);
- pm_runtime_put_autosuspend(rdev->ddev->dev);
+ drm_helper_hpd_irq_event(rdev_to_drm(rdev));
+ pm_runtime_mark_last_busy(rdev_to_drm(rdev)->dev);
+ pm_runtime_put_autosuspend(rdev_to_drm(rdev)->dev);
}
}
/* TODO: check other events */
@@ -736,7 +736,7 @@ int radeon_acpi_init(struct radeon_device *rdev)
struct radeon_encoder *target = NULL;
/* Find the encoder controlling the brightness */
- list_for_each_entry(tmp, &rdev->ddev->mode_config.encoder_list,
+ list_for_each_entry(tmp, &rdev_to_drm(rdev)->mode_config.encoder_list,
head) {
struct radeon_encoder *enc = to_radeon_encoder(tmp);
diff --git a/drivers/gpu/drm/radeon/radeon_agp.c b/drivers/gpu/drm/radeon/radeon_agp.c
index a3d749e350f9c..89d7b0e9e79f8 100644
--- a/drivers/gpu/drm/radeon/radeon_agp.c
+++ b/drivers/gpu/drm/radeon/radeon_agp.c
@@ -161,7 +161,7 @@ struct radeon_agp_head *radeon_agp_head_init(struct drm_device *dev)
static int radeon_agp_head_acquire(struct radeon_device *rdev)
{
- struct drm_device *dev = rdev->ddev;
+ struct drm_device *dev = rdev_to_drm(rdev);
struct pci_dev *pdev = to_pci_dev(dev->dev);
if (!rdev->agp)
diff --git a/drivers/gpu/drm/radeon/radeon_atombios.c b/drivers/gpu/drm/radeon/radeon_atombios.c
index d698a899eaf4c..168f3f94003bf 100644
--- a/drivers/gpu/drm/radeon/radeon_atombios.c
+++ b/drivers/gpu/drm/radeon/radeon_atombios.c
@@ -187,7 +187,7 @@ void radeon_atombios_i2c_init(struct radeon_device *rdev)
if (i2c.valid) {
sprintf(stmp, "0x%x", i2c.i2c_id);
- rdev->i2c_bus[i] = radeon_i2c_create(rdev->ddev, &i2c, stmp);
+ rdev->i2c_bus[i] = radeon_i2c_create(rdev_to_drm(rdev), &i2c, stmp);
}
gpio = (ATOM_GPIO_I2C_ASSIGMENT *)
((u8 *)gpio + sizeof(ATOM_GPIO_I2C_ASSIGMENT));
diff --git a/drivers/gpu/drm/radeon/radeon_audio.c b/drivers/gpu/drm/radeon/radeon_audio.c
index 0bcd767b9f471..47aa06a9a9422 100644
--- a/drivers/gpu/drm/radeon/radeon_audio.c
+++ b/drivers/gpu/drm/radeon/radeon_audio.c
@@ -196,7 +196,7 @@ static void radeon_audio_enable(struct radeon_device *rdev,
return;
if (rdev->mode_info.mode_config_initialized) {
- list_for_each_entry(encoder, &rdev->ddev->mode_config.encoder_list, head) {
+ list_for_each_entry(encoder, &rdev_to_drm(rdev)->mode_config.encoder_list, head) {
if (radeon_encoder_is_digital(encoder)) {
radeon_encoder = to_radeon_encoder(encoder);
dig = radeon_encoder->enc_priv;
@@ -760,7 +760,7 @@ static int radeon_audio_component_get_eld(struct device *kdev, int port,
if (!rdev->audio.enabled || !rdev->mode_info.mode_config_initialized)
return 0;
- list_for_each_entry(encoder, &rdev->ddev->mode_config.encoder_list, head) {
+ list_for_each_entry(encoder, &rdev_to_drm(rdev)->mode_config.encoder_list, head) {
if (!radeon_encoder_is_digital(encoder))
continue;
radeon_encoder = to_radeon_encoder(encoder);
diff --git a/drivers/gpu/drm/radeon/radeon_combios.c b/drivers/gpu/drm/radeon/radeon_combios.c
index 6952b1273b0f7..41ddc576f8f8b 100644
--- a/drivers/gpu/drm/radeon/radeon_combios.c
+++ b/drivers/gpu/drm/radeon/radeon_combios.c
@@ -372,7 +372,7 @@ bool radeon_combios_check_hardcoded_edid(struct radeon_device *rdev)
int edid_info, size;
struct edid *edid;
unsigned char *raw;
- edid_info = combios_get_table_offset(rdev->ddev, COMBIOS_HARDCODED_EDID_TABLE);
+ edid_info = combios_get_table_offset(rdev_to_drm(rdev), COMBIOS_HARDCODED_EDID_TABLE);
if (!edid_info)
return false;
@@ -642,7 +642,7 @@ static struct radeon_i2c_bus_rec combios_setup_i2c_bus(struct radeon_device *rde
static struct radeon_i2c_bus_rec radeon_combios_get_i2c_info_from_table(struct radeon_device *rdev)
{
- struct drm_device *dev = rdev->ddev;
+ struct drm_device *dev = rdev_to_drm(rdev);
struct radeon_i2c_bus_rec i2c;
u16 offset;
u8 id, blocks, clk, data;
@@ -670,7 +670,7 @@ static struct radeon_i2c_bus_rec radeon_combios_get_i2c_info_from_table(struct r
void radeon_combios_i2c_init(struct radeon_device *rdev)
{
- struct drm_device *dev = rdev->ddev;
+ struct drm_device *dev = rdev_to_drm(rdev);
struct radeon_i2c_bus_rec i2c;
/* actual hw pads
@@ -812,7 +812,7 @@ bool radeon_combios_get_clock_info(struct drm_device *dev)
bool radeon_combios_sideport_present(struct radeon_device *rdev)
{
- struct drm_device *dev = rdev->ddev;
+ struct drm_device *dev = rdev_to_drm(rdev);
u16 igp_info;
/* sideport is AMD only */
@@ -915,7 +915,7 @@ struct radeon_encoder_primary_dac *radeon_combios_get_primary_dac_info(struct
enum radeon_tv_std
radeon_combios_get_tv_info(struct radeon_device *rdev)
{
- struct drm_device *dev = rdev->ddev;
+ struct drm_device *dev = rdev_to_drm(rdev);
uint16_t tv_info;
enum radeon_tv_std tv_std = TV_STD_NTSC;
@@ -2637,7 +2637,7 @@ static const char *thermal_controller_names[] = {
void radeon_combios_get_power_modes(struct radeon_device *rdev)
{
- struct drm_device *dev = rdev->ddev;
+ struct drm_device *dev = rdev_to_drm(rdev);
u16 offset, misc, misc2 = 0;
u8 rev, tmp;
int state_index = 0;
diff --git a/drivers/gpu/drm/radeon/radeon_device.c b/drivers/gpu/drm/radeon/radeon_device.c
index afbb3a80c0c6b..32851632643db 100644
--- a/drivers/gpu/drm/radeon/radeon_device.c
+++ b/drivers/gpu/drm/radeon/radeon_device.c
@@ -760,7 +760,7 @@ bool radeon_boot_test_post_card(struct radeon_device *rdev)
if (rdev->is_atom_bios)
atom_asic_init(rdev->mode_info.atom_context);
else
- radeon_combios_asic_init(rdev->ddev);
+ radeon_combios_asic_init(rdev_to_drm(rdev));
return true;
} else {
dev_err(rdev->dev, "Card not posted and no BIOS - ignoring\n");
@@ -980,7 +980,7 @@ int radeon_atombios_init(struct radeon_device *rdev)
return -ENOMEM;
rdev->mode_info.atom_card_info = atom_card_info;
- atom_card_info->dev = rdev->ddev;
+ atom_card_info->dev = rdev_to_drm(rdev);
atom_card_info->reg_read = cail_reg_read;
atom_card_info->reg_write = cail_reg_write;
/* needed for iio ops */
@@ -1005,7 +1005,7 @@ int radeon_atombios_init(struct radeon_device *rdev)
mutex_init(&rdev->mode_info.atom_context->mutex);
mutex_init(&rdev->mode_info.atom_context->scratch_mutex);
- radeon_atom_initialize_bios_scratch_regs(rdev->ddev);
+ radeon_atom_initialize_bios_scratch_regs(rdev_to_drm(rdev));
atom_allocate_fb_scratch(rdev->mode_info.atom_context);
return 0;
}
@@ -1049,7 +1049,7 @@ void radeon_atombios_fini(struct radeon_device *rdev)
*/
int radeon_combios_init(struct radeon_device *rdev)
{
- radeon_combios_initialize_bios_scratch_regs(rdev->ddev);
+ radeon_combios_initialize_bios_scratch_regs(rdev_to_drm(rdev));
return 0;
}
@@ -1847,7 +1847,7 @@ int radeon_gpu_reset(struct radeon_device *rdev)
downgrade_write(&rdev->exclusive_lock);
- drm_helper_resume_force_mode(rdev->ddev);
+ drm_helper_resume_force_mode(rdev_to_drm(rdev));
/* set the power state here in case we are a PX system or headless */
if ((rdev->pm.pm_method == PM_METHOD_DPM) && rdev->pm.dpm_enabled)
diff --git a/drivers/gpu/drm/radeon/radeon_display.c b/drivers/gpu/drm/radeon/radeon_display.c
index 843383f7237fb..10fd58f400bc5 100644
--- a/drivers/gpu/drm/radeon/radeon_display.c
+++ b/drivers/gpu/drm/radeon/radeon_display.c
@@ -302,13 +302,13 @@ void radeon_crtc_handle_vblank(struct radeon_device *rdev, int crtc_id)
if ((radeon_use_pflipirq == 2) && ASIC_IS_DCE4(rdev))
return;
- spin_lock_irqsave(&rdev->ddev->event_lock, flags);
+ spin_lock_irqsave(&rdev_to_drm(rdev)->event_lock, flags);
if (radeon_crtc->flip_status != RADEON_FLIP_SUBMITTED) {
DRM_DEBUG_DRIVER("radeon_crtc->flip_status = %d != "
"RADEON_FLIP_SUBMITTED(%d)\n",
radeon_crtc->flip_status,
RADEON_FLIP_SUBMITTED);
- spin_unlock_irqrestore(&rdev->ddev->event_lock, flags);
+ spin_unlock_irqrestore(&rdev_to_drm(rdev)->event_lock, flags);
return;
}
@@ -334,7 +334,7 @@ void radeon_crtc_handle_vblank(struct radeon_device *rdev, int crtc_id)
*/
if (update_pending &&
(DRM_SCANOUTPOS_VALID &
- radeon_get_crtc_scanoutpos(rdev->ddev, crtc_id,
+ radeon_get_crtc_scanoutpos(rdev_to_drm(rdev), crtc_id,
GET_DISTANCE_TO_VBLANKSTART,
&vpos, &hpos, NULL, NULL,
&rdev->mode_info.crtcs[crtc_id]->base.hwmode)) &&
@@ -347,7 +347,7 @@ void radeon_crtc_handle_vblank(struct radeon_device *rdev, int crtc_id)
*/
update_pending = 0;
}
- spin_unlock_irqrestore(&rdev->ddev->event_lock, flags);
+ spin_unlock_irqrestore(&rdev_to_drm(rdev)->event_lock, flags);
if (!update_pending)
radeon_crtc_handle_flip(rdev, crtc_id);
}
@@ -370,14 +370,14 @@ void radeon_crtc_handle_flip(struct radeon_device *rdev, int crtc_id)
if (radeon_crtc == NULL)
return;
- spin_lock_irqsave(&rdev->ddev->event_lock, flags);
+ spin_lock_irqsave(&rdev_to_drm(rdev)->event_lock, flags);
work = radeon_crtc->flip_work;
if (radeon_crtc->flip_status != RADEON_FLIP_SUBMITTED) {
DRM_DEBUG_DRIVER("radeon_crtc->flip_status = %d != "
"RADEON_FLIP_SUBMITTED(%d)\n",
radeon_crtc->flip_status,
RADEON_FLIP_SUBMITTED);
- spin_unlock_irqrestore(&rdev->ddev->event_lock, flags);
+ spin_unlock_irqrestore(&rdev_to_drm(rdev)->event_lock, flags);
return;
}
@@ -389,7 +389,7 @@ void radeon_crtc_handle_flip(struct radeon_device *rdev, int crtc_id)
if (work->event)
drm_crtc_send_vblank_event(&radeon_crtc->base, work->event);
- spin_unlock_irqrestore(&rdev->ddev->event_lock, flags);
+ spin_unlock_irqrestore(&rdev_to_drm(rdev)->event_lock, flags);
drm_crtc_vblank_put(&radeon_crtc->base);
radeon_irq_kms_pflip_irq_put(rdev, work->crtc_id);
@@ -408,7 +408,7 @@ static void radeon_flip_work_func(struct work_struct *__work)
struct radeon_flip_work *work =
container_of(__work, struct radeon_flip_work, flip_work);
struct radeon_device *rdev = work->rdev;
- struct drm_device *dev = rdev->ddev;
+ struct drm_device *dev = rdev_to_drm(rdev);
struct radeon_crtc *radeon_crtc = rdev->mode_info.crtcs[work->crtc_id];
struct drm_crtc *crtc = &radeon_crtc->base;
@@ -1401,7 +1401,7 @@ static int radeon_modeset_create_props(struct radeon_device *rdev)
if (rdev->is_atom_bios) {
rdev->mode_info.coherent_mode_property =
- drm_property_create_range(rdev->ddev, 0 , "coherent", 0, 1);
+ drm_property_create_range(rdev_to_drm(rdev), 0, "coherent", 0, 1);
if (!rdev->mode_info.coherent_mode_property)
return -ENOMEM;
}
@@ -1409,57 +1409,57 @@ static int radeon_modeset_create_props(struct radeon_device *rdev)
if (!ASIC_IS_AVIVO(rdev)) {
sz = ARRAY_SIZE(radeon_tmds_pll_enum_list);
rdev->mode_info.tmds_pll_property =
- drm_property_create_enum(rdev->ddev, 0,
+ drm_property_create_enum(rdev_to_drm(rdev), 0,
"tmds_pll",
radeon_tmds_pll_enum_list, sz);
}
rdev->mode_info.load_detect_property =
- drm_property_create_range(rdev->ddev, 0, "load detection", 0, 1);
+ drm_property_create_range(rdev_to_drm(rdev), 0, "load detection", 0, 1);
if (!rdev->mode_info.load_detect_property)
return -ENOMEM;
- drm_mode_create_scaling_mode_property(rdev->ddev);
+ drm_mode_create_scaling_mode_property(rdev_to_drm(rdev));
sz = ARRAY_SIZE(radeon_tv_std_enum_list);
rdev->mode_info.tv_std_property =
- drm_property_create_enum(rdev->ddev, 0,
+ drm_property_create_enum(rdev_to_drm(rdev), 0,
"tv standard",
radeon_tv_std_enum_list, sz);
sz = ARRAY_SIZE(radeon_underscan_enum_list);
rdev->mode_info.underscan_property =
- drm_property_create_enum(rdev->ddev, 0,
+ drm_property_create_enum(rdev_to_drm(rdev), 0,
"underscan",
radeon_underscan_enum_list, sz);
rdev->mode_info.underscan_hborder_property =
- drm_property_create_range(rdev->ddev, 0,
+ drm_property_create_range(rdev_to_drm(rdev), 0,
"underscan hborder", 0, 128);
if (!rdev->mode_info.underscan_hborder_property)
return -ENOMEM;
rdev->mode_info.underscan_vborder_property =
- drm_property_create_range(rdev->ddev, 0,
+ drm_property_create_range(rdev_to_drm(rdev), 0,
"underscan vborder", 0, 128);
if (!rdev->mode_info.underscan_vborder_property)
return -ENOMEM;
sz = ARRAY_SIZE(radeon_audio_enum_list);
rdev->mode_info.audio_property =
- drm_property_create_enum(rdev->ddev, 0,
+ drm_property_create_enum(rdev_to_drm(rdev), 0,
"audio",
radeon_audio_enum_list, sz);
sz = ARRAY_SIZE(radeon_dither_enum_list);
rdev->mode_info.dither_property =
- drm_property_create_enum(rdev->ddev, 0,
+ drm_property_create_enum(rdev_to_drm(rdev), 0,
"dither",
radeon_dither_enum_list, sz);
sz = ARRAY_SIZE(radeon_output_csc_enum_list);
rdev->mode_info.output_csc_property =
- drm_property_create_enum(rdev->ddev, 0,
+ drm_property_create_enum(rdev_to_drm(rdev), 0,
"output_csc",
radeon_output_csc_enum_list, sz);
@@ -1578,29 +1578,29 @@ int radeon_modeset_init(struct radeon_device *rdev)
int i;
int ret;
- drm_mode_config_init(rdev->ddev);
+ drm_mode_config_init(rdev_to_drm(rdev));
rdev->mode_info.mode_config_initialized = true;
- rdev->ddev->mode_config.funcs = &radeon_mode_funcs;
+ rdev_to_drm(rdev)->mode_config.funcs = &radeon_mode_funcs;
if (radeon_use_pflipirq == 2 && rdev->family >= CHIP_R600)
- rdev->ddev->mode_config.async_page_flip = true;
+ rdev_to_drm(rdev)->mode_config.async_page_flip = true;
if (ASIC_IS_DCE5(rdev)) {
- rdev->ddev->mode_config.max_width = 16384;
- rdev->ddev->mode_config.max_height = 16384;
+ rdev_to_drm(rdev)->mode_config.max_width = 16384;
+ rdev_to_drm(rdev)->mode_config.max_height = 16384;
} else if (ASIC_IS_AVIVO(rdev)) {
- rdev->ddev->mode_config.max_width = 8192;
- rdev->ddev->mode_config.max_height = 8192;
+ rdev_to_drm(rdev)->mode_config.max_width = 8192;
+ rdev_to_drm(rdev)->mode_config.max_height = 8192;
} else {
- rdev->ddev->mode_config.max_width = 4096;
- rdev->ddev->mode_config.max_height = 4096;
+ rdev_to_drm(rdev)->mode_config.max_width = 4096;
+ rdev_to_drm(rdev)->mode_config.max_height = 4096;
}
- rdev->ddev->mode_config.preferred_depth = 24;
- rdev->ddev->mode_config.prefer_shadow = 1;
+ rdev_to_drm(rdev)->mode_config.preferred_depth = 24;
+ rdev_to_drm(rdev)->mode_config.prefer_shadow = 1;
- rdev->ddev->mode_config.fb_modifiers_not_supported = true;
+ rdev_to_drm(rdev)->mode_config.fb_modifiers_not_supported = true;
ret = radeon_modeset_create_props(rdev);
if (ret) {
@@ -1618,11 +1618,11 @@ int radeon_modeset_init(struct radeon_device *rdev)
/* allocate crtcs */
for (i = 0; i < rdev->num_crtc; i++) {
- radeon_crtc_init(rdev->ddev, i);
+ radeon_crtc_init(rdev_to_drm(rdev), i);
}
/* okay we should have all the bios connectors */
- ret = radeon_setup_enc_conn(rdev->ddev);
+ ret = radeon_setup_enc_conn(rdev_to_drm(rdev));
if (!ret) {
return ret;
}
@@ -1639,7 +1639,7 @@ int radeon_modeset_init(struct radeon_device *rdev)
/* setup afmt */
radeon_afmt_init(rdev);
- drm_kms_helper_poll_init(rdev->ddev);
+ drm_kms_helper_poll_init(rdev_to_drm(rdev));
/* do pm late init */
ret = radeon_pm_late_init(rdev);
@@ -1650,11 +1650,11 @@ int radeon_modeset_init(struct radeon_device *rdev)
void radeon_modeset_fini(struct radeon_device *rdev)
{
if (rdev->mode_info.mode_config_initialized) {
- drm_kms_helper_poll_fini(rdev->ddev);
+ drm_kms_helper_poll_fini(rdev_to_drm(rdev));
radeon_hpd_fini(rdev);
- drm_helper_force_disable_all(rdev->ddev);
+ drm_helper_force_disable_all(rdev_to_drm(rdev));
radeon_afmt_fini(rdev);
- drm_mode_config_cleanup(rdev->ddev);
+ drm_mode_config_cleanup(rdev_to_drm(rdev));
rdev->mode_info.mode_config_initialized = false;
}
diff --git a/drivers/gpu/drm/radeon/radeon_fbdev.c b/drivers/gpu/drm/radeon/radeon_fbdev.c
index 02bf25759059a..fb70de29545c6 100644
--- a/drivers/gpu/drm/radeon/radeon_fbdev.c
+++ b/drivers/gpu/drm/radeon/radeon_fbdev.c
@@ -67,7 +67,7 @@ static int radeon_fbdev_create_pinned_object(struct drm_fb_helper *fb_helper,
int height = mode_cmd->height;
u32 cpp;
- info = drm_get_format_info(rdev->ddev, mode_cmd);
+ info = drm_get_format_info(rdev_to_drm(rdev), mode_cmd);
cpp = info->cpp[0];
/* need to align pitch with crtc limits */
@@ -148,15 +148,15 @@ static int radeon_fbdev_fb_open(struct fb_info *info, int user)
struct radeon_device *rdev = fb_helper->dev->dev_private;
int ret;
- ret = pm_runtime_get_sync(rdev->ddev->dev);
+ ret = pm_runtime_get_sync(rdev_to_drm(rdev)->dev);
if (ret < 0 && ret != -EACCES)
goto err_pm_runtime_mark_last_busy;
return 0;
err_pm_runtime_mark_last_busy:
- pm_runtime_mark_last_busy(rdev->ddev->dev);
- pm_runtime_put_autosuspend(rdev->ddev->dev);
+ pm_runtime_mark_last_busy(rdev_to_drm(rdev)->dev);
+ pm_runtime_put_autosuspend(rdev_to_drm(rdev)->dev);
return ret;
}
@@ -165,8 +165,8 @@ static int radeon_fbdev_fb_release(struct fb_info *info, int user)
struct drm_fb_helper *fb_helper = info->par;
struct radeon_device *rdev = fb_helper->dev->dev_private;
- pm_runtime_mark_last_busy(rdev->ddev->dev);
- pm_runtime_put_autosuspend(rdev->ddev->dev);
+ pm_runtime_mark_last_busy(rdev_to_drm(rdev)->dev);
+ pm_runtime_put_autosuspend(rdev_to_drm(rdev)->dev);
return 0;
}
@@ -236,7 +236,7 @@ static int radeon_fbdev_fb_helper_fb_probe(struct drm_fb_helper *fb_helper,
ret = -ENOMEM;
goto err_radeon_fbdev_destroy_pinned_object;
}
- ret = radeon_framebuffer_init(rdev->ddev, fb, &mode_cmd, gobj);
+ ret = radeon_framebuffer_init(rdev_to_drm(rdev), fb, &mode_cmd, gobj);
if (ret) {
DRM_ERROR("failed to initialize framebuffer %d\n", ret);
goto err_kfree;
@@ -374,12 +374,12 @@ void radeon_fbdev_setup(struct radeon_device *rdev)
fb_helper = kzalloc(sizeof(*fb_helper), GFP_KERNEL);
if (!fb_helper)
return;
- drm_fb_helper_prepare(rdev->ddev, fb_helper, bpp_sel, &radeon_fbdev_fb_helper_funcs);
+ drm_fb_helper_prepare(rdev_to_drm(rdev), fb_helper, bpp_sel, &radeon_fbdev_fb_helper_funcs);
- ret = drm_client_init(rdev->ddev, &fb_helper->client, "radeon-fbdev",
+ ret = drm_client_init(rdev_to_drm(rdev), &fb_helper->client, "radeon-fbdev",
&radeon_fbdev_client_funcs);
if (ret) {
- drm_err(rdev->ddev, "Failed to register client: %d\n", ret);
+ drm_err(rdev_to_drm(rdev), "Failed to register client: %d\n", ret);
goto err_drm_client_init;
}
@@ -394,13 +394,13 @@ void radeon_fbdev_setup(struct radeon_device *rdev)
void radeon_fbdev_set_suspend(struct radeon_device *rdev, int state)
{
- if (rdev->ddev->fb_helper)
- drm_fb_helper_set_suspend(rdev->ddev->fb_helper, state);
+ if (rdev_to_drm(rdev)->fb_helper)
+ drm_fb_helper_set_suspend(rdev_to_drm(rdev)->fb_helper, state);
}
bool radeon_fbdev_robj_is_fb(struct radeon_device *rdev, struct radeon_bo *robj)
{
- struct drm_fb_helper *fb_helper = rdev->ddev->fb_helper;
+ struct drm_fb_helper *fb_helper = rdev_to_drm(rdev)->fb_helper;
struct drm_gem_object *gobj;
if (!fb_helper)
diff --git a/drivers/gpu/drm/radeon/radeon_fence.c b/drivers/gpu/drm/radeon/radeon_fence.c
index 4fb780d96f32a..daff61586be52 100644
--- a/drivers/gpu/drm/radeon/radeon_fence.c
+++ b/drivers/gpu/drm/radeon/radeon_fence.c
@@ -150,7 +150,7 @@ int radeon_fence_emit(struct radeon_device *rdev,
rdev->fence_context + ring,
seq);
radeon_fence_ring_emit(rdev, ring, *fence);
- trace_radeon_fence_emit(rdev->ddev, ring, (*fence)->seq);
+ trace_radeon_fence_emit(rdev_to_drm(rdev), ring, (*fence)->seq);
radeon_fence_schedule_check(rdev, ring);
return 0;
}
@@ -489,7 +489,7 @@ static long radeon_fence_wait_seq_timeout(struct radeon_device *rdev,
if (!target_seq[i])
continue;
- trace_radeon_fence_wait_begin(rdev->ddev, i, target_seq[i]);
+ trace_radeon_fence_wait_begin(rdev_to_drm(rdev), i, target_seq[i]);
radeon_irq_kms_sw_irq_get(rdev, i);
}
@@ -511,7 +511,7 @@ static long radeon_fence_wait_seq_timeout(struct radeon_device *rdev,
continue;
radeon_irq_kms_sw_irq_put(rdev, i);
- trace_radeon_fence_wait_end(rdev->ddev, i, target_seq[i]);
+ trace_radeon_fence_wait_end(rdev_to_drm(rdev), i, target_seq[i]);
}
return r;
@@ -995,7 +995,7 @@ DEFINE_DEBUGFS_ATTRIBUTE(radeon_debugfs_gpu_reset_fops,
void radeon_debugfs_fence_init(struct radeon_device *rdev)
{
#if defined(CONFIG_DEBUG_FS)
- struct dentry *root = rdev->ddev->primary->debugfs_root;
+ struct dentry *root = rdev_to_drm(rdev)->primary->debugfs_root;
debugfs_create_file("radeon_gpu_reset", 0444, root, rdev,
&radeon_debugfs_gpu_reset_fops);
diff --git a/drivers/gpu/drm/radeon/radeon_gem.c b/drivers/gpu/drm/radeon/radeon_gem.c
index e66a230331eef..210e8d43bb23a 100644
--- a/drivers/gpu/drm/radeon/radeon_gem.c
+++ b/drivers/gpu/drm/radeon/radeon_gem.c
@@ -899,7 +899,7 @@ DEFINE_SHOW_ATTRIBUTE(radeon_debugfs_gem_info);
void radeon_gem_debugfs_init(struct radeon_device *rdev)
{
#if defined(CONFIG_DEBUG_FS)
- struct dentry *root = rdev->ddev->primary->debugfs_root;
+ struct dentry *root = rdev_to_drm(rdev)->primary->debugfs_root;
debugfs_create_file("radeon_gem_info", 0444, root, rdev,
&radeon_debugfs_gem_info_fops);
diff --git a/drivers/gpu/drm/radeon/radeon_i2c.c b/drivers/gpu/drm/radeon/radeon_i2c.c
index 3d174390a8afe..1f16619ed06ed 100644
--- a/drivers/gpu/drm/radeon/radeon_i2c.c
+++ b/drivers/gpu/drm/radeon/radeon_i2c.c
@@ -1011,7 +1011,7 @@ void radeon_i2c_add(struct radeon_device *rdev,
struct radeon_i2c_bus_rec *rec,
const char *name)
{
- struct drm_device *dev = rdev->ddev;
+ struct drm_device *dev = rdev_to_drm(rdev);
int i;
for (i = 0; i < RADEON_MAX_I2C_BUS; i++) {
diff --git a/drivers/gpu/drm/radeon/radeon_ib.c b/drivers/gpu/drm/radeon/radeon_ib.c
index 63d914f3414d3..1aa41cc3f9911 100644
--- a/drivers/gpu/drm/radeon/radeon_ib.c
+++ b/drivers/gpu/drm/radeon/radeon_ib.c
@@ -309,7 +309,7 @@ DEFINE_SHOW_ATTRIBUTE(radeon_debugfs_sa_info);
static void radeon_debugfs_sa_init(struct radeon_device *rdev)
{
#if defined(CONFIG_DEBUG_FS)
- struct dentry *root = rdev->ddev->primary->debugfs_root;
+ struct dentry *root = rdev_to_drm(rdev)->primary->debugfs_root;
debugfs_create_file("radeon_sa_info", 0444, root, rdev,
&radeon_debugfs_sa_info_fops);
diff --git a/drivers/gpu/drm/radeon/radeon_irq_kms.c b/drivers/gpu/drm/radeon/radeon_irq_kms.c
index c4dda908666cf..9961251b44ba0 100644
--- a/drivers/gpu/drm/radeon/radeon_irq_kms.c
+++ b/drivers/gpu/drm/radeon/radeon_irq_kms.c
@@ -80,7 +80,7 @@ static void radeon_hotplug_work_func(struct work_struct *work)
{
struct radeon_device *rdev = container_of(work, struct radeon_device,
hotplug_work.work);
- struct drm_device *dev = rdev->ddev;
+ struct drm_device *dev = rdev_to_drm(rdev);
struct drm_mode_config *mode_config = &dev->mode_config;
struct drm_connector *connector;
@@ -101,7 +101,7 @@ static void radeon_dp_work_func(struct work_struct *work)
{
struct radeon_device *rdev = container_of(work, struct radeon_device,
dp_work);
- struct drm_device *dev = rdev->ddev;
+ struct drm_device *dev = rdev_to_drm(rdev);
struct drm_mode_config *mode_config = &dev->mode_config;
struct drm_connector *connector;
@@ -197,7 +197,7 @@ static void radeon_driver_irq_uninstall_kms(struct drm_device *dev)
static int radeon_irq_install(struct radeon_device *rdev, int irq)
{
- struct drm_device *dev = rdev->ddev;
+ struct drm_device *dev = rdev_to_drm(rdev);
int ret;
if (irq == IRQ_NOTCONNECTED)
@@ -218,7 +218,7 @@ static int radeon_irq_install(struct radeon_device *rdev, int irq)
static void radeon_irq_uninstall(struct radeon_device *rdev)
{
- struct drm_device *dev = rdev->ddev;
+ struct drm_device *dev = rdev_to_drm(rdev);
struct pci_dev *pdev = to_pci_dev(dev->dev);
radeon_driver_irq_uninstall_kms(dev);
@@ -322,9 +322,9 @@ int radeon_irq_kms_init(struct radeon_device *rdev)
spin_lock_init(&rdev->irq.lock);
/* Disable vblank irqs aggressively for power-saving */
- rdev->ddev->vblank_disable_immediate = true;
+ rdev_to_drm(rdev)->vblank_disable_immediate = true;
- r = drm_vblank_init(rdev->ddev, rdev->num_crtc);
+ r = drm_vblank_init(rdev_to_drm(rdev), rdev->num_crtc);
if (r) {
return r;
}
diff --git a/drivers/gpu/drm/radeon/radeon_object.c b/drivers/gpu/drm/radeon/radeon_object.c
index a955f8a2f7fee..450ff7daa46cf 100644
--- a/drivers/gpu/drm/radeon/radeon_object.c
+++ b/drivers/gpu/drm/radeon/radeon_object.c
@@ -150,7 +150,7 @@ int radeon_bo_create(struct radeon_device *rdev,
bo = kzalloc(sizeof(struct radeon_bo), GFP_KERNEL);
if (bo == NULL)
return -ENOMEM;
- drm_gem_private_object_init(rdev->ddev, &bo->tbo.base, size);
+ drm_gem_private_object_init(rdev_to_drm(rdev), &bo->tbo.base, size);
bo->rdev = rdev;
bo->surface_reg = -1;
INIT_LIST_HEAD(&bo->list);
diff --git a/drivers/gpu/drm/radeon/radeon_pm.c b/drivers/gpu/drm/radeon/radeon_pm.c
index 2d9d9f46f2437..b4fb7e70320b8 100644
--- a/drivers/gpu/drm/radeon/radeon_pm.c
+++ b/drivers/gpu/drm/radeon/radeon_pm.c
@@ -282,7 +282,7 @@ static void radeon_pm_set_clocks(struct radeon_device *rdev)
if (rdev->irq.installed) {
i = 0;
- drm_for_each_crtc(crtc, rdev->ddev) {
+ drm_for_each_crtc(crtc, rdev_to_drm(rdev)) {
if (rdev->pm.active_crtcs & (1 << i)) {
/* This can fail if a modeset is in progress */
if (drm_crtc_vblank_get(crtc) == 0)
@@ -299,7 +299,7 @@ static void radeon_pm_set_clocks(struct radeon_device *rdev)
if (rdev->irq.installed) {
i = 0;
- drm_for_each_crtc(crtc, rdev->ddev) {
+ drm_for_each_crtc(crtc, rdev_to_drm(rdev)) {
if (rdev->pm.req_vblank & (1 << i)) {
rdev->pm.req_vblank &= ~(1 << i);
drm_crtc_vblank_put(crtc);
@@ -671,7 +671,7 @@ static ssize_t radeon_hwmon_show_temp(struct device *dev,
char *buf)
{
struct radeon_device *rdev = dev_get_drvdata(dev);
- struct drm_device *ddev = rdev->ddev;
+ struct drm_device *ddev = rdev_to_drm(rdev);
int temp;
/* Can't get temperature when the card is off */
@@ -715,7 +715,7 @@ static ssize_t radeon_hwmon_show_sclk(struct device *dev,
struct device_attribute *attr, char *buf)
{
struct radeon_device *rdev = dev_get_drvdata(dev);
- struct drm_device *ddev = rdev->ddev;
+ struct drm_device *ddev = rdev_to_drm(rdev);
u32 sclk = 0;
/* Can't get clock frequency when the card is off */
@@ -740,7 +740,7 @@ static ssize_t radeon_hwmon_show_vddc(struct device *dev,
struct device_attribute *attr, char *buf)
{
struct radeon_device *rdev = dev_get_drvdata(dev);
- struct drm_device *ddev = rdev->ddev;
+ struct drm_device *ddev = rdev_to_drm(rdev);
u16 vddc = 0;
/* Can't get vddc when the card is off */
@@ -1692,7 +1692,7 @@ void radeon_pm_fini(struct radeon_device *rdev)
static void radeon_pm_compute_clocks_old(struct radeon_device *rdev)
{
- struct drm_device *ddev = rdev->ddev;
+ struct drm_device *ddev = rdev_to_drm(rdev);
struct drm_crtc *crtc;
struct radeon_crtc *radeon_crtc;
@@ -1765,7 +1765,7 @@ static void radeon_pm_compute_clocks_old(struct radeon_device *rdev)
static void radeon_pm_compute_clocks_dpm(struct radeon_device *rdev)
{
- struct drm_device *ddev = rdev->ddev;
+ struct drm_device *ddev = rdev_to_drm(rdev);
struct drm_crtc *crtc;
struct radeon_crtc *radeon_crtc;
struct radeon_connector *radeon_connector;
@@ -1826,7 +1826,7 @@ static bool radeon_pm_in_vbl(struct radeon_device *rdev)
*/
for (crtc = 0; (crtc < rdev->num_crtc) && in_vbl; crtc++) {
if (rdev->pm.active_crtcs & (1 << crtc)) {
- vbl_status = radeon_get_crtc_scanoutpos(rdev->ddev,
+ vbl_status = radeon_get_crtc_scanoutpos(rdev_to_drm(rdev),
crtc,
USE_REAL_VBLANKSTART,
&vpos, &hpos, NULL, NULL,
@@ -1918,7 +1918,7 @@ static void radeon_dynpm_idle_work_handler(struct work_struct *work)
static int radeon_debugfs_pm_info_show(struct seq_file *m, void *unused)
{
struct radeon_device *rdev = m->private;
- struct drm_device *ddev = rdev->ddev;
+ struct drm_device *ddev = rdev_to_drm(rdev);
if ((rdev->flags & RADEON_IS_PX) &&
(ddev->switch_power_state != DRM_SWITCH_POWER_ON)) {
@@ -1955,7 +1955,7 @@ DEFINE_SHOW_ATTRIBUTE(radeon_debugfs_pm_info);
static void radeon_debugfs_pm_init(struct radeon_device *rdev)
{
#if defined(CONFIG_DEBUG_FS)
- struct dentry *root = rdev->ddev->primary->debugfs_root;
+ struct dentry *root = rdev_to_drm(rdev)->primary->debugfs_root;
debugfs_create_file("radeon_pm_info", 0444, root, rdev,
&radeon_debugfs_pm_info_fops);
diff --git a/drivers/gpu/drm/radeon/radeon_ring.c b/drivers/gpu/drm/radeon/radeon_ring.c
index 8d1d458286a84..581ae20c46e4b 100644
--- a/drivers/gpu/drm/radeon/radeon_ring.c
+++ b/drivers/gpu/drm/radeon/radeon_ring.c
@@ -550,7 +550,7 @@ static void radeon_debugfs_ring_init(struct radeon_device *rdev, struct radeon_r
{
#if defined(CONFIG_DEBUG_FS)
const char *ring_name = radeon_debugfs_ring_idx_to_name(ring->idx);
- struct dentry *root = rdev->ddev->primary->debugfs_root;
+ struct dentry *root = rdev_to_drm(rdev)->primary->debugfs_root;
if (ring_name)
debugfs_create_file(ring_name, 0444, root, ring,
diff --git a/drivers/gpu/drm/radeon/radeon_ttm.c b/drivers/gpu/drm/radeon/radeon_ttm.c
index 5c65b6dfb99af..69d0c12fa419f 100644
--- a/drivers/gpu/drm/radeon/radeon_ttm.c
+++ b/drivers/gpu/drm/radeon/radeon_ttm.c
@@ -682,8 +682,8 @@ int radeon_ttm_init(struct radeon_device *rdev)
/* No others user of address space so set it to 0 */
r = ttm_device_init(&rdev->mman.bdev, &radeon_bo_driver, rdev->dev,
- rdev->ddev->anon_inode->i_mapping,
- rdev->ddev->vma_offset_manager,
+ rdev_to_drm(rdev)->anon_inode->i_mapping,
+ rdev_to_drm(rdev)->vma_offset_manager,
rdev->need_swiotlb,
dma_addressing_limited(&rdev->pdev->dev));
if (r) {
@@ -890,7 +890,7 @@ static const struct file_operations radeon_ttm_gtt_fops = {
static void radeon_ttm_debugfs_init(struct radeon_device *rdev)
{
#if defined(CONFIG_DEBUG_FS)
- struct drm_minor *minor = rdev->ddev->primary;
+ struct drm_minor *minor = rdev_to_drm(rdev)->primary;
struct dentry *root = minor->debugfs_root;
debugfs_create_file("radeon_vram", 0444, root, rdev,
diff --git a/drivers/gpu/drm/radeon/rs400.c b/drivers/gpu/drm/radeon/rs400.c
index d4d1501e6576d..d6c18fd740ec6 100644
--- a/drivers/gpu/drm/radeon/rs400.c
+++ b/drivers/gpu/drm/radeon/rs400.c
@@ -379,7 +379,7 @@ DEFINE_SHOW_ATTRIBUTE(rs400_debugfs_gart_info);
static void rs400_debugfs_pcie_gart_info_init(struct radeon_device *rdev)
{
#if defined(CONFIG_DEBUG_FS)
- struct dentry *root = rdev->ddev->primary->debugfs_root;
+ struct dentry *root = rdev_to_drm(rdev)->primary->debugfs_root;
debugfs_create_file("rs400_gart_info", 0444, root, rdev,
&rs400_debugfs_gart_info_fops);
@@ -474,7 +474,7 @@ int rs400_resume(struct radeon_device *rdev)
RREG32(R_0007C0_CP_STAT));
}
/* post */
- radeon_combios_asic_init(rdev->ddev);
+ radeon_combios_asic_init(rdev_to_drm(rdev));
/* Resume clock after posting */
r300_clock_startup(rdev);
/* Initialize surface registers */
@@ -552,7 +552,7 @@ int rs400_init(struct radeon_device *rdev)
return -EINVAL;
/* Initialize clocks */
- radeon_get_clock_info(rdev->ddev);
+ radeon_get_clock_info(rdev_to_drm(rdev));
/* initialize memory controller */
rs400_mc_init(rdev);
/* Fence driver */
diff --git a/drivers/gpu/drm/radeon/rs600.c b/drivers/gpu/drm/radeon/rs600.c
index 5c162778899b0..88c8e91ea6512 100644
--- a/drivers/gpu/drm/radeon/rs600.c
+++ b/drivers/gpu/drm/radeon/rs600.c
@@ -321,7 +321,7 @@ void rs600_pm_misc(struct radeon_device *rdev)
void rs600_pm_prepare(struct radeon_device *rdev)
{
- struct drm_device *ddev = rdev->ddev;
+ struct drm_device *ddev = rdev_to_drm(rdev);
struct drm_crtc *crtc;
struct radeon_crtc *radeon_crtc;
u32 tmp;
@@ -339,7 +339,7 @@ void rs600_pm_prepare(struct radeon_device *rdev)
void rs600_pm_finish(struct radeon_device *rdev)
{
- struct drm_device *ddev = rdev->ddev;
+ struct drm_device *ddev = rdev_to_drm(rdev);
struct drm_crtc *crtc;
struct radeon_crtc *radeon_crtc;
u32 tmp;
@@ -408,7 +408,7 @@ void rs600_hpd_set_polarity(struct radeon_device *rdev,
void rs600_hpd_init(struct radeon_device *rdev)
{
- struct drm_device *dev = rdev->ddev;
+ struct drm_device *dev = rdev_to_drm(rdev);
struct drm_connector *connector;
unsigned enable = 0;
@@ -435,7 +435,7 @@ void rs600_hpd_init(struct radeon_device *rdev)
void rs600_hpd_fini(struct radeon_device *rdev)
{
- struct drm_device *dev = rdev->ddev;
+ struct drm_device *dev = rdev_to_drm(rdev);
struct drm_connector *connector;
unsigned disable = 0;
@@ -797,7 +797,7 @@ int rs600_irq_process(struct radeon_device *rdev)
/* Vertical blank interrupts */
if (G_007EDC_LB_D1_VBLANK_INTERRUPT(rdev->irq.stat_regs.r500.disp_int)) {
if (rdev->irq.crtc_vblank_int[0]) {
- drm_handle_vblank(rdev->ddev, 0);
+ drm_handle_vblank(rdev_to_drm(rdev), 0);
rdev->pm.vblank_sync = true;
wake_up(&rdev->irq.vblank_queue);
}
@@ -806,7 +806,7 @@ int rs600_irq_process(struct radeon_device *rdev)
}
if (G_007EDC_LB_D2_VBLANK_INTERRUPT(rdev->irq.stat_regs.r500.disp_int)) {
if (rdev->irq.crtc_vblank_int[1]) {
- drm_handle_vblank(rdev->ddev, 1);
+ drm_handle_vblank(rdev_to_drm(rdev), 1);
rdev->pm.vblank_sync = true;
wake_up(&rdev->irq.vblank_queue);
}
@@ -1133,7 +1133,7 @@ int rs600_init(struct radeon_device *rdev)
return -EINVAL;
/* Initialize clocks */
- radeon_get_clock_info(rdev->ddev);
+ radeon_get_clock_info(rdev_to_drm(rdev));
/* initialize memory controller */
rs600_mc_init(rdev);
r100_debugfs_rbbm_init(rdev);
diff --git a/drivers/gpu/drm/radeon/rs690.c b/drivers/gpu/drm/radeon/rs690.c
index 14fb0819b8c19..016eb4992803d 100644
--- a/drivers/gpu/drm/radeon/rs690.c
+++ b/drivers/gpu/drm/radeon/rs690.c
@@ -845,7 +845,7 @@ int rs690_init(struct radeon_device *rdev)
return -EINVAL;
/* Initialize clocks */
- radeon_get_clock_info(rdev->ddev);
+ radeon_get_clock_info(rdev_to_drm(rdev));
/* initialize memory controller */
rs690_mc_init(rdev);
rv515_debugfs(rdev);
diff --git a/drivers/gpu/drm/radeon/rv515.c b/drivers/gpu/drm/radeon/rv515.c
index bbc6ccabf7887..1b4dfb6455858 100644
--- a/drivers/gpu/drm/radeon/rv515.c
+++ b/drivers/gpu/drm/radeon/rv515.c
@@ -255,7 +255,7 @@ DEFINE_SHOW_ATTRIBUTE(rv515_debugfs_ga_info);
void rv515_debugfs(struct radeon_device *rdev)
{
#if defined(CONFIG_DEBUG_FS)
- struct dentry *root = rdev->ddev->primary->debugfs_root;
+ struct dentry *root = rdev_to_drm(rdev)->primary->debugfs_root;
debugfs_create_file("rv515_pipes_info", 0444, root, rdev,
&rv515_debugfs_pipes_info_fops);
@@ -636,7 +636,7 @@ int rv515_init(struct radeon_device *rdev)
if (radeon_boot_test_post_card(rdev) == false)
return -EINVAL;
/* Initialize clocks */
- radeon_get_clock_info(rdev->ddev);
+ radeon_get_clock_info(rdev_to_drm(rdev));
/* initialize AGP */
if (rdev->flags & RADEON_IS_AGP) {
r = radeon_agp_init(rdev);
diff --git a/drivers/gpu/drm/radeon/rv770.c b/drivers/gpu/drm/radeon/rv770.c
index 9ce12fa3c3568..7d4b0bf591090 100644
--- a/drivers/gpu/drm/radeon/rv770.c
+++ b/drivers/gpu/drm/radeon/rv770.c
@@ -1935,7 +1935,7 @@ int rv770_init(struct radeon_device *rdev)
/* Initialize surface registers */
radeon_surface_init(rdev);
/* Initialize clocks */
- radeon_get_clock_info(rdev->ddev);
+ radeon_get_clock_info(rdev_to_drm(rdev));
/* Fence driver */
radeon_fence_driver_init(rdev);
/* initialize AGP */
diff --git a/drivers/gpu/drm/radeon/si.c b/drivers/gpu/drm/radeon/si.c
index 15759c8ca5b7b..6c95575ce109f 100644
--- a/drivers/gpu/drm/radeon/si.c
+++ b/drivers/gpu/drm/radeon/si.c
@@ -6277,7 +6277,7 @@ int si_irq_process(struct radeon_device *rdev)
event_name = "vblank";
if (rdev->irq.crtc_vblank_int[crtc_idx]) {
- drm_handle_vblank(rdev->ddev, crtc_idx);
+ drm_handle_vblank(rdev_to_drm(rdev), crtc_idx);
rdev->pm.vblank_sync = true;
wake_up(&rdev->irq.vblank_queue);
}
@@ -6839,7 +6839,7 @@ int si_init(struct radeon_device *rdev)
/* Initialize surface registers */
radeon_surface_init(rdev);
/* Initialize clocks */
- radeon_get_clock_info(rdev->ddev);
+ radeon_get_clock_info(rdev_to_drm(rdev));
/* Fence driver */
radeon_fence_driver_init(rdev);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 616/817] drm/radeon: Fix spurious unplug event on radeon HDMI
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (614 preceding siblings ...)
2024-12-03 14:43 ` [PATCH 6.11 615/817] drm/radeon: change rdev->ddev to rdev_to_drm(rdev) Greg Kroah-Hartman
@ 2024-12-03 14:43 ` Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 617/817] drm/amd/display: Fix null check for pipe_ctx->plane_state in dcn20_program_pipe Greg Kroah-Hartman
` (210 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:43 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Steven Steve Kendall, Alex Deucher,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Steven 'Steve' Kendall <skend@chromium.org>
[ Upstream commit 7037bb04265ef05c6ffad56d884b0df76f57b095 ]
On several HP models (tested on HP 3125 and HP Probook 455 G2),
spurious unplug events are emitted upon login on Chrome OS.
This is likely due to the way Chrome OS restarts graphics
upon login, so it's possible it's an issue on other
distributions but not as common, though I haven't
reproduced the issue elsewhere.
Use logic from an earlier version of the merged change
(see link below) which iterates over connectors and finds
matching encoders, rather than the other way around.
Also fixes an issue with screen mirroring on Chrome OS.
I've deployed this patch on Fedora and did not observe
any regression on these devices.
Link: https://gitlab.freedesktop.org/drm/amd/-/issues/1569#note_1603002
Link: https://gitlab.freedesktop.org/drm/amd/-/issues/3771
Fixes: 20ea34710f7b ("drm/radeon: Add HD-audio component notifier support (v6)")
Signed-off-by: Steven 'Steve' Kendall <skend@chromium.org>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/radeon/radeon_audio.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/drivers/gpu/drm/radeon/radeon_audio.c b/drivers/gpu/drm/radeon/radeon_audio.c
index 47aa06a9a9422..5b69cc8011b42 100644
--- a/drivers/gpu/drm/radeon/radeon_audio.c
+++ b/drivers/gpu/drm/radeon/radeon_audio.c
@@ -760,16 +760,20 @@ static int radeon_audio_component_get_eld(struct device *kdev, int port,
if (!rdev->audio.enabled || !rdev->mode_info.mode_config_initialized)
return 0;
- list_for_each_entry(encoder, &rdev_to_drm(rdev)->mode_config.encoder_list, head) {
+ list_for_each_entry(connector, &dev->mode_config.connector_list, head) {
+ const struct drm_connector_helper_funcs *connector_funcs =
+ connector->helper_private;
+ encoder = connector_funcs->best_encoder(connector);
+
+ if (!encoder)
+ continue;
+
if (!radeon_encoder_is_digital(encoder))
continue;
radeon_encoder = to_radeon_encoder(encoder);
dig = radeon_encoder->enc_priv;
if (!dig->pin || dig->pin->id != port)
continue;
- connector = radeon_get_connector_for_encoder(encoder);
- if (!connector)
- continue;
*enabled = true;
ret = drm_eld_size(connector->eld);
memcpy(buf, connector->eld, min(max_bytes, ret));
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 617/817] drm/amd/display: Fix null check for pipe_ctx->plane_state in dcn20_program_pipe
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (615 preceding siblings ...)
2024-12-03 14:43 ` [PATCH 6.11 616/817] drm/radeon: Fix spurious unplug event on radeon HDMI Greg Kroah-Hartman
@ 2024-12-03 14:43 ` Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 618/817] drm/amd/display: Fix null check for pipe_ctx->plane_state in hwss_setup_dpp Greg Kroah-Hartman
` (209 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:43 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Tom Chung, Zicheng Qu, Alex Deucher,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zicheng Qu <quzicheng@huawei.com>
[ Upstream commit 6a057072ddd127255350357dd880903e8fa23f36 ]
This commit addresses a null pointer dereference issue in
dcn20_program_pipe(). Previously, commit 8e4ed3cf1642 ("drm/amd/display:
Add null check for pipe_ctx->plane_state in dcn20_program_pipe")
partially fixed the null pointer dereference issue. However, in
dcn20_update_dchubp_dpp(), the variable pipe_ctx is passed in, and
plane_state is accessed again through pipe_ctx. Multiple if statements
directly call attributes of plane_state, leading to potential null
pointer dereference issues. This patch adds necessary null checks to
ensure stability.
Fixes: 8e4ed3cf1642 ("drm/amd/display: Add null check for pipe_ctx->plane_state in dcn20_program_pipe")
Reviewed-by: Tom Chung <chiahsuan.chung@amd.com>
Signed-off-by: Zicheng Qu <quzicheng@huawei.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c b/drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c
index 936c0ec076bc4..18c1e52924996 100644
--- a/drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c
+++ b/drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c
@@ -1922,9 +1922,9 @@ static void dcn20_program_pipe(
dc->res_pool->hubbub, pipe_ctx->plane_res.hubp->inst, pipe_ctx->hubp_regs.det_size);
}
- if (pipe_ctx->update_flags.raw ||
- (pipe_ctx->plane_state && pipe_ctx->plane_state->update_flags.raw) ||
- pipe_ctx->stream->update_flags.raw)
+ if (pipe_ctx->plane_state && (pipe_ctx->update_flags.raw ||
+ pipe_ctx->plane_state->update_flags.raw ||
+ pipe_ctx->stream->update_flags.raw))
dcn20_update_dchubp_dpp(dc, pipe_ctx, context);
if (pipe_ctx->update_flags.bits.enable ||
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 618/817] drm/amd/display: Fix null check for pipe_ctx->plane_state in hwss_setup_dpp
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (616 preceding siblings ...)
2024-12-03 14:43 ` [PATCH 6.11 617/817] drm/amd/display: Fix null check for pipe_ctx->plane_state in dcn20_program_pipe Greg Kroah-Hartman
@ 2024-12-03 14:43 ` Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 619/817] ASoC: imx-audmix: Add NULL check in imx_audmix_probe Greg Kroah-Hartman
` (208 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:43 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Tom Chung, Zicheng Qu, Alex Deucher,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zicheng Qu <quzicheng@huawei.com>
[ Upstream commit 2bc96c95070571c6c824e0d4c7783bee25a37876 ]
This commit addresses a null pointer dereference issue in
hwss_setup_dpp(). The issue could occur when pipe_ctx->plane_state is
null. The fix adds a check to ensure `pipe_ctx->plane_state` is not null
before accessing. This prevents a null pointer dereference.
Fixes: 0baae6246307 ("drm/amd/display: Refactor fast update to use new HWSS build sequence")
Reviewed-by: Tom Chung <chiahsuan.chung@amd.com>
Signed-off-by: Zicheng Qu <quzicheng@huawei.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/display/dc/core/dc_hw_sequencer.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/gpu/drm/amd/display/dc/core/dc_hw_sequencer.c b/drivers/gpu/drm/amd/display/dc/core/dc_hw_sequencer.c
index 4a88412fdfab1..29ef24f9a40f2 100644
--- a/drivers/gpu/drm/amd/display/dc/core/dc_hw_sequencer.c
+++ b/drivers/gpu/drm/amd/display/dc/core/dc_hw_sequencer.c
@@ -881,6 +881,9 @@ void hwss_setup_dpp(union block_sequence_params *params)
struct dpp *dpp = pipe_ctx->plane_res.dpp;
struct dc_plane_state *plane_state = pipe_ctx->plane_state;
+ if (!plane_state)
+ return;
+
if (dpp && dpp->funcs->dpp_setup) {
// program the input csc
dpp->funcs->dpp_setup(dpp,
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 619/817] ASoC: imx-audmix: Add NULL check in imx_audmix_probe
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (617 preceding siblings ...)
2024-12-03 14:43 ` [PATCH 6.11 618/817] drm/amd/display: Fix null check for pipe_ctx->plane_state in hwss_setup_dpp Greg Kroah-Hartman
@ 2024-12-03 14:43 ` Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 620/817] drm/xe/ufence: Wake up waiters after setting ufence->signalled Greg Kroah-Hartman
` (207 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:43 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Charles Han, Mark Brown, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Charles Han <hanchunchao@inspur.com>
[ Upstream commit e038f43edaf0083f6aa7c9415d86cf28dfd152f9 ]
devm_kasprintf() can return a NULL pointer on failure,but this
returned value in imx_audmix_probe() is not checked.
Add NULL check in imx_audmix_probe(), to handle kernel NULL
pointer dereference error.
Fixes: 05d996e11348 ("ASoC: imx-audmix: Split capture device for audmix")
Signed-off-by: Charles Han <hanchunchao@inspur.com>
Link: https://patch.msgid.link/20241118084553.4195-1-hanchunchao@inspur.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/fsl/imx-audmix.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/sound/soc/fsl/imx-audmix.c b/sound/soc/fsl/imx-audmix.c
index 6fbcf33fd0dea..8e7b75cf64db4 100644
--- a/sound/soc/fsl/imx-audmix.c
+++ b/sound/soc/fsl/imx-audmix.c
@@ -275,6 +275,9 @@ static int imx_audmix_probe(struct platform_device *pdev)
/* Add AUDMIX Backend */
be_name = devm_kasprintf(&pdev->dev, GFP_KERNEL,
"audmix-%d", i);
+ if (!be_name)
+ return -ENOMEM;
+
priv->dai[num_dai + i].cpus = &dlc[1];
priv->dai[num_dai + i].codecs = &snd_soc_dummy_dlc;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 620/817] drm/xe/ufence: Wake up waiters after setting ufence->signalled
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (618 preceding siblings ...)
2024-12-03 14:43 ` [PATCH 6.11 619/817] ASoC: imx-audmix: Add NULL check in imx_audmix_probe Greg Kroah-Hartman
@ 2024-12-03 14:43 ` Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 621/817] apparmor: fix Do simple duplicate message elimination Greg Kroah-Hartman
` (206 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:43 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Matthew Brost, Nirmoy Das,
Thomas Hellström, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nirmoy Das <nirmoy.das@intel.com>
[ Upstream commit 37a1cf288e4538eb39b38dbc745fe0da7ae53d94 ]
If a previous ufence is not signalled, vm_bind will return -EBUSY.
Delaying the modification of ufence->signalled can cause issues if the
UMD reuses the same ufence so update ufence->signalled before waking up
waiters.
Cc: Matthew Brost <matthew.brost@intel.com>
Link: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/3233
Fixes: 977e5b82e090 ("drm/xe: Expose user fence from xe_sync_entry")
Reviewed-by: Matthew Brost <matthew.brost@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20241114150537.4161573-1-nirmoy.das@intel.com
Signed-off-by: Nirmoy Das <nirmoy.das@intel.com>
(cherry picked from commit 553a5d14fcd927194c409b10faced6a6dbc678d1)
Signed-off-by: Thomas Hellström <thomas.hellstrom@linux.intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/xe/xe_sync.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/xe/xe_sync.c b/drivers/gpu/drm/xe/xe_sync.c
index 9d77f2d4096f5..6e17bace67dd1 100644
--- a/drivers/gpu/drm/xe/xe_sync.c
+++ b/drivers/gpu/drm/xe/xe_sync.c
@@ -85,8 +85,12 @@ static void user_fence_worker(struct work_struct *w)
mmput(ufence->mm);
}
- wake_up_all(&ufence->xe->ufence_wq);
+ /*
+ * Wake up waiters only after updating the ufence state, allowing the UMD
+ * to safely reuse the same ufence without encountering -EBUSY errors.
+ */
WRITE_ONCE(ufence->signalled, 1);
+ wake_up_all(&ufence->xe->ufence_wq);
user_fence_put(ufence);
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 621/817] apparmor: fix Do simple duplicate message elimination
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (619 preceding siblings ...)
2024-12-03 14:43 ` [PATCH 6.11 620/817] drm/xe/ufence: Wake up waiters after setting ufence->signalled Greg Kroah-Hartman
@ 2024-12-03 14:43 ` Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 622/817] ALSA: core: Fix possible NULL dereference caused by kunit_kzalloc() Greg Kroah-Hartman
` (205 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:43 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, chao liu, John Johansen, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: chao liu <liuzgyid@outlook.com>
[ Upstream commit 9b897132424fe76bf6c61f22f9cf12af7f1d1e6a ]
Multiple profiles shared 'ent->caps', so some logs missed.
Fixes: 0ed3b28ab8bf ("AppArmor: mediation of non file objects")
Signed-off-by: chao liu <liuzgyid@outlook.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
security/apparmor/capability.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/security/apparmor/capability.c b/security/apparmor/capability.c
index 9934df16c8431..bf7df60868308 100644
--- a/security/apparmor/capability.c
+++ b/security/apparmor/capability.c
@@ -96,6 +96,8 @@ static int audit_caps(struct apparmor_audit_data *ad, struct aa_profile *profile
return error;
} else {
aa_put_profile(ent->profile);
+ if (profile != ent->profile)
+ cap_clear(ent->caps);
ent->profile = aa_get_profile(profile);
cap_raise(ent->caps, cap);
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 622/817] ALSA: core: Fix possible NULL dereference caused by kunit_kzalloc()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (620 preceding siblings ...)
2024-12-03 14:43 ` [PATCH 6.11 621/817] apparmor: fix Do simple duplicate message elimination Greg Kroah-Hartman
@ 2024-12-03 14:43 ` Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 623/817] ASoC: amd: yc: Fix for enabling DMIC on acp6x via _DSD entry Greg Kroah-Hartman
` (204 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:43 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Zichen Xie, Takashi Iwai,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zichen Xie <zichenxie0106@gmail.com>
[ Upstream commit 9ad467a2b2716d4ed12f003b041aa6c776a13ff5 ]
kunit_kzalloc() may return a NULL pointer, dereferencing it without
NULL check may lead to NULL dereference.
Add NULL checks for all the kunit_kzalloc() in sound_kunit.c
Fixes: 3e39acf56ede ("ALSA: core: Add sound core KUnit test")
Signed-off-by: Zichen Xie <zichenxie0106@gmail.com>
Link: https://patch.msgid.link/20241126192448.12645-1-zichenxie0106@gmail.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/core/sound_kunit.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/sound/core/sound_kunit.c b/sound/core/sound_kunit.c
index bfed1a25fc8f7..84e337ecbddd0 100644
--- a/sound/core/sound_kunit.c
+++ b/sound/core/sound_kunit.c
@@ -172,6 +172,7 @@ static void test_format_fill_silence(struct kunit *test)
u32 i, j;
buffer = kunit_kzalloc(test, SILENCE_BUFFER_SIZE, GFP_KERNEL);
+ KUNIT_ASSERT_NOT_ERR_OR_NULL(test, buffer);
for (i = 0; i < ARRAY_SIZE(buf_samples); i++) {
for (j = 0; j < ARRAY_SIZE(valid_fmt); j++)
@@ -208,8 +209,12 @@ static void test_playback_avail(struct kunit *test)
struct snd_pcm_runtime *r = kunit_kzalloc(test, sizeof(*r), GFP_KERNEL);
u32 i;
+ KUNIT_ASSERT_NOT_ERR_OR_NULL(test, r);
+
r->status = kunit_kzalloc(test, sizeof(*r->status), GFP_KERNEL);
r->control = kunit_kzalloc(test, sizeof(*r->control), GFP_KERNEL);
+ KUNIT_ASSERT_NOT_ERR_OR_NULL(test, r->status);
+ KUNIT_ASSERT_NOT_ERR_OR_NULL(test, r->control);
for (i = 0; i < ARRAY_SIZE(p_avail_data); i++) {
r->buffer_size = p_avail_data[i].buffer_size;
@@ -232,8 +237,12 @@ static void test_capture_avail(struct kunit *test)
struct snd_pcm_runtime *r = kunit_kzalloc(test, sizeof(*r), GFP_KERNEL);
u32 i;
+ KUNIT_ASSERT_NOT_ERR_OR_NULL(test, r);
+
r->status = kunit_kzalloc(test, sizeof(*r->status), GFP_KERNEL);
r->control = kunit_kzalloc(test, sizeof(*r->control), GFP_KERNEL);
+ KUNIT_ASSERT_NOT_ERR_OR_NULL(test, r->status);
+ KUNIT_ASSERT_NOT_ERR_OR_NULL(test, r->control);
for (i = 0; i < ARRAY_SIZE(c_avail_data); i++) {
r->buffer_size = c_avail_data[i].buffer_size;
@@ -247,6 +256,7 @@ static void test_capture_avail(struct kunit *test)
static void test_card_set_id(struct kunit *test)
{
struct snd_card *card = kunit_kzalloc(test, sizeof(*card), GFP_KERNEL);
+ KUNIT_ASSERT_NOT_ERR_OR_NULL(test, card);
snd_card_set_id(card, VALID_NAME);
KUNIT_EXPECT_STREQ(test, card->id, VALID_NAME);
@@ -280,6 +290,7 @@ static void test_pcm_format_name(struct kunit *test)
static void test_card_add_component(struct kunit *test)
{
struct snd_card *card = kunit_kzalloc(test, sizeof(*card), GFP_KERNEL);
+ KUNIT_ASSERT_NOT_ERR_OR_NULL(test, card);
snd_component_add(card, TEST_FIRST_COMPONENT);
KUNIT_ASSERT_STREQ(test, card->components, TEST_FIRST_COMPONENT);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 623/817] ASoC: amd: yc: Fix for enabling DMIC on acp6x via _DSD entry
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (621 preceding siblings ...)
2024-12-03 14:43 ` [PATCH 6.11 622/817] ALSA: core: Fix possible NULL dereference caused by kunit_kzalloc() Greg Kroah-Hartman
@ 2024-12-03 14:43 ` Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 624/817] ASoC: mediatek: Check num_codecs is not zero to avoid panic during probe Greg Kroah-Hartman
` (203 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:43 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Venkata Prasad Potturu, Mark Brown,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Venkata Prasad Potturu <venkataprasad.potturu@amd.com>
[ Upstream commit 4095cf872084ecfdfdb0e681f3e9ff9745acfa75 ]
Add condition check to register ACP PDM sound card by reading
_WOV acpi entry.
Fixes: 5426f506b584 ("ASoC: amd: Add support for enabling DMIC on acp6x via _DSD")
Signed-off-by: Venkata Prasad Potturu <venkataprasad.potturu@amd.com>
Link: https://patch.msgid.link/20241127112227.227106-1-venkataprasad.potturu@amd.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/amd/yc/acp6x-mach.c | 18 +++++++++++++++++-
1 file changed, 17 insertions(+), 1 deletion(-)
diff --git a/sound/soc/amd/yc/acp6x-mach.c b/sound/soc/amd/yc/acp6x-mach.c
index 2436e8deb2be4..639e7136ef2a7 100644
--- a/sound/soc/amd/yc/acp6x-mach.c
+++ b/sound/soc/amd/yc/acp6x-mach.c
@@ -537,8 +537,14 @@ static int acp6x_probe(struct platform_device *pdev)
struct acp6x_pdm *machine = NULL;
struct snd_soc_card *card;
struct acpi_device *adev;
+ acpi_handle handle;
+ acpi_integer dmic_status;
int ret;
+ bool is_dmic_enable, wov_en;
+ /* IF WOV entry not found, enable dmic based on AcpDmicConnected entry*/
+ is_dmic_enable = false;
+ wov_en = true;
/* check the parent device's firmware node has _DSD or not */
adev = ACPI_COMPANION(pdev->dev.parent);
if (adev) {
@@ -546,9 +552,19 @@ static int acp6x_probe(struct platform_device *pdev)
if (!acpi_dev_get_property(adev, "AcpDmicConnected", ACPI_TYPE_INTEGER, &obj) &&
obj->integer.value == 1)
- platform_set_drvdata(pdev, &acp6x_card);
+ is_dmic_enable = true;
}
+ handle = ACPI_HANDLE(pdev->dev.parent);
+ ret = acpi_evaluate_integer(handle, "_WOV", NULL, &dmic_status);
+ if (!ACPI_FAILURE(ret))
+ wov_en = dmic_status;
+
+ if (is_dmic_enable && wov_en)
+ platform_set_drvdata(pdev, &acp6x_card);
+ else
+ return 0;
+
/* check for any DMI overrides */
dmi_id = dmi_first_match(yc_acp_quirk_table);
if (dmi_id)
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 624/817] ASoC: mediatek: Check num_codecs is not zero to avoid panic during probe
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (622 preceding siblings ...)
2024-12-03 14:43 ` [PATCH 6.11 623/817] ASoC: amd: yc: Fix for enabling DMIC on acp6x via _DSD entry Greg Kroah-Hartman
@ 2024-12-03 14:43 ` Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 625/817] s390/pci: Fix potential double remove of hotplug slot Greg Kroah-Hartman
` (202 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:43 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Nícolas F . R . A . Prado,
AngeloGioacchino Del Regno, Kuninori Morimoto, Fei Shao,
Trevor Wu, Mark Brown, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nícolas F. R. A. Prado <nfraprado@collabora.com>
[ Upstream commit 2f2020327cc8561d7c520d2f2d9acea84fa7b3a3 ]
Following commit 13f58267cda3 ("ASoC: soc.h: don't create dummy
Component via COMP_DUMMY()"), COMP_DUMMY() became an array with zero
length, and only gets populated with the dummy struct after the card is
registered. Since the sound card driver's probe happens before the card
registration, accessing any of the members of a dummy component during
probe will result in undefined behavior.
This can be observed in the mt8188 and mt8195 machine sound drivers. By
omitting a dai link subnode in the sound card's node in the Devicetree,
the default uninitialized dummy codec is used, and when its dai_name
pointer gets passed to strcmp() it results in a null pointer dereference
and a kernel panic.
In addition to that, set_card_codec_info() in the generic helpers file,
mtk-soundcard-driver.c, will populate a dai link with a dummy codec when
a dai link node is present in DT but with no codec property.
The result is that at probe time, a dummy codec can either be
uninitialized with num_codecs = 0, or be an initialized dummy codec,
with num_codecs = 1 and dai_name = "snd-soc-dummy-dai". In order to
accommodate for both situations, check that num_codecs is not zero
before accessing the codecs' fields but still check for the codec's dai
name against "snd-soc-dummy-dai" as needed.
While at it, also drop the check that dai_name is not null in the mt8192
driver, introduced in commit 4d4e1b6319e5 ("ASoC: mediatek: mt8192:
Check existence of dai_name before dereferencing"), as it is actually
redundant given the preceding num_codecs != 0 check.
Fixes: 13f58267cda3 ("ASoC: soc.h: don't create dummy Component via COMP_DUMMY()")
Signed-off-by: Nícolas F. R. A. Prado <nfraprado@collabora.com>
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Acked-by: Kuninori Morimoto <kuninori.morimoto.gx@renesas.com>
Reviewed-by: Fei Shao <fshao@chromium.org>
Acked-by: Trevor Wu <trevor.wu@mediatek.com>
Link: https://patch.msgid.link/20241126-asoc-mtk-dummy-panic-v1-1-42d53e168d2e@collabora.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/mediatek/mt8188/mt8188-mt6359.c | 9 +++++++--
sound/soc/mediatek/mt8192/mt8192-mt6359-rt1015-rt5682.c | 4 ++--
sound/soc/mediatek/mt8195/mt8195-mt6359.c | 9 +++++++--
3 files changed, 16 insertions(+), 6 deletions(-)
diff --git a/sound/soc/mediatek/mt8188/mt8188-mt6359.c b/sound/soc/mediatek/mt8188/mt8188-mt6359.c
index 08ae962afeb92..4eed90d13a532 100644
--- a/sound/soc/mediatek/mt8188/mt8188-mt6359.c
+++ b/sound/soc/mediatek/mt8188/mt8188-mt6359.c
@@ -1279,10 +1279,12 @@ static int mt8188_mt6359_soc_card_probe(struct mtk_soc_card_data *soc_card_data,
for_each_card_prelinks(card, i, dai_link) {
if (strcmp(dai_link->name, "DPTX_BE") == 0) {
- if (strcmp(dai_link->codecs->dai_name, "snd-soc-dummy-dai"))
+ if (dai_link->num_codecs &&
+ strcmp(dai_link->codecs->dai_name, "snd-soc-dummy-dai"))
dai_link->init = mt8188_dptx_codec_init;
} else if (strcmp(dai_link->name, "ETDM3_OUT_BE") == 0) {
- if (strcmp(dai_link->codecs->dai_name, "snd-soc-dummy-dai"))
+ if (dai_link->num_codecs &&
+ strcmp(dai_link->codecs->dai_name, "snd-soc-dummy-dai"))
dai_link->init = mt8188_hdmi_codec_init;
} else if (strcmp(dai_link->name, "DL_SRC_BE") == 0 ||
strcmp(dai_link->name, "UL_SRC_BE") == 0) {
@@ -1294,6 +1296,9 @@ static int mt8188_mt6359_soc_card_probe(struct mtk_soc_card_data *soc_card_data,
strcmp(dai_link->name, "ETDM2_OUT_BE") == 0 ||
strcmp(dai_link->name, "ETDM1_IN_BE") == 0 ||
strcmp(dai_link->name, "ETDM2_IN_BE") == 0) {
+ if (!dai_link->num_codecs)
+ continue;
+
if (!strcmp(dai_link->codecs->dai_name, MAX98390_CODEC_DAI)) {
/*
* The TDM protocol settings with fixed 4 slots are defined in
diff --git a/sound/soc/mediatek/mt8192/mt8192-mt6359-rt1015-rt5682.c b/sound/soc/mediatek/mt8192/mt8192-mt6359-rt1015-rt5682.c
index 8b323fb199251..de8737dcf53d7 100644
--- a/sound/soc/mediatek/mt8192/mt8192-mt6359-rt1015-rt5682.c
+++ b/sound/soc/mediatek/mt8192/mt8192-mt6359-rt1015-rt5682.c
@@ -1099,7 +1099,7 @@ static int mt8192_mt6359_legacy_probe(struct mtk_soc_card_data *soc_card_data)
dai_link->ignore = 0;
}
- if (dai_link->num_codecs && dai_link->codecs[0].dai_name &&
+ if (dai_link->num_codecs &&
strcmp(dai_link->codecs[0].dai_name, RT1015_CODEC_DAI) == 0)
dai_link->ops = &mt8192_rt1015_i2s_ops;
}
@@ -1129,7 +1129,7 @@ static int mt8192_mt6359_soc_card_probe(struct mtk_soc_card_data *soc_card_data,
int i;
for_each_card_prelinks(card, i, dai_link)
- if (dai_link->num_codecs && dai_link->codecs[0].dai_name &&
+ if (dai_link->num_codecs &&
strcmp(dai_link->codecs[0].dai_name, RT1015_CODEC_DAI) == 0)
dai_link->ops = &mt8192_rt1015_i2s_ops;
}
diff --git a/sound/soc/mediatek/mt8195/mt8195-mt6359.c b/sound/soc/mediatek/mt8195/mt8195-mt6359.c
index 2832ef78eaed7..8ebf6c7502aa3 100644
--- a/sound/soc/mediatek/mt8195/mt8195-mt6359.c
+++ b/sound/soc/mediatek/mt8195/mt8195-mt6359.c
@@ -1380,10 +1380,12 @@ static int mt8195_mt6359_soc_card_probe(struct mtk_soc_card_data *soc_card_data,
for_each_card_prelinks(card, i, dai_link) {
if (strcmp(dai_link->name, "DPTX_BE") == 0) {
- if (strcmp(dai_link->codecs->dai_name, "snd-soc-dummy-dai"))
+ if (dai_link->num_codecs &&
+ strcmp(dai_link->codecs->dai_name, "snd-soc-dummy-dai"))
dai_link->init = mt8195_dptx_codec_init;
} else if (strcmp(dai_link->name, "ETDM3_OUT_BE") == 0) {
- if (strcmp(dai_link->codecs->dai_name, "snd-soc-dummy-dai"))
+ if (dai_link->num_codecs &&
+ strcmp(dai_link->codecs->dai_name, "snd-soc-dummy-dai"))
dai_link->init = mt8195_hdmi_codec_init;
} else if (strcmp(dai_link->name, "DL_SRC_BE") == 0 ||
strcmp(dai_link->name, "UL_SRC1_BE") == 0 ||
@@ -1396,6 +1398,9 @@ static int mt8195_mt6359_soc_card_probe(struct mtk_soc_card_data *soc_card_data,
strcmp(dai_link->name, "ETDM2_OUT_BE") == 0 ||
strcmp(dai_link->name, "ETDM1_IN_BE") == 0 ||
strcmp(dai_link->name, "ETDM2_IN_BE") == 0) {
+ if (!dai_link->num_codecs)
+ continue;
+
if (!strcmp(dai_link->codecs->dai_name, MAX98390_CODEC_DAI)) {
if (!(codec_init & MAX98390_CODEC_INIT)) {
dai_link->init = mt8195_max98390_init;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 625/817] s390/pci: Fix potential double remove of hotplug slot
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (623 preceding siblings ...)
2024-12-03 14:43 ` [PATCH 6.11 624/817] ASoC: mediatek: Check num_codecs is not zero to avoid panic during probe Greg Kroah-Hartman
@ 2024-12-03 14:43 ` Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 626/817] net_sched: sch_fq: dont follow the fast path if Tx is behind now Greg Kroah-Hartman
` (201 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:43 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Matthew Rosato, Gerd Bayer,
Niklas Schnelle, Heiko Carstens, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Niklas Schnelle <schnelle@linux.ibm.com>
[ Upstream commit c4a585e952ca403a370586d3f16e8331a7564901 ]
In commit 6ee600bfbe0f ("s390/pci: remove hotplug slot when releasing the
device") the zpci_exit_slot() was moved from zpci_device_reserved() to
zpci_release_device() with the intention of keeping the hotplug slot
around until the device is actually removed.
Now zpci_release_device() is only called once all references are
dropped. Since the zPCI subsystem only drops its reference once the
device is in the reserved state it follows that zpci_release_device()
must only deal with devices in the reserved state. Despite that it
contains code to tear down from both configured and standby state. For
the standby case this already includes the removal of the hotplug slot
so would cause a double removal if a device was ever removed in
either configured or standby state.
Instead of causing a potential double removal in a case that should
never happen explicitly WARN_ON() if a device in non-reserved state is
released and get rid of the dead code cases.
Fixes: 6ee600bfbe0f ("s390/pci: remove hotplug slot when releasing the device")
Reviewed-by: Matthew Rosato <mjrosato@linux.ibm.com>
Reviewed-by: Gerd Bayer <gbayer@linux.ibm.com>
Tested-by: Gerd Bayer <gbayer@linux.ibm.com>
Signed-off-by: Niklas Schnelle <schnelle@linux.ibm.com>
Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/s390/pci/pci.c | 34 +++++++++-------------------------
1 file changed, 9 insertions(+), 25 deletions(-)
diff --git a/arch/s390/pci/pci.c b/arch/s390/pci/pci.c
index 759983d0e63ed..827b4c7b4688c 100644
--- a/arch/s390/pci/pci.c
+++ b/arch/s390/pci/pci.c
@@ -918,10 +918,8 @@ void zpci_device_reserved(struct zpci_dev *zdev)
void zpci_release_device(struct kref *kref)
{
struct zpci_dev *zdev = container_of(kref, struct zpci_dev, kref);
- int ret;
- if (zdev->has_hp_slot)
- zpci_exit_slot(zdev);
+ WARN_ON(zdev->state != ZPCI_FN_STATE_RESERVED);
if (zdev->zbus->bus)
zpci_bus_remove_device(zdev, false);
@@ -929,28 +927,14 @@ void zpci_release_device(struct kref *kref)
if (zdev_enabled(zdev))
zpci_disable_device(zdev);
- switch (zdev->state) {
- case ZPCI_FN_STATE_CONFIGURED:
- ret = sclp_pci_deconfigure(zdev->fid);
- zpci_dbg(3, "deconf fid:%x, rc:%d\n", zdev->fid, ret);
- fallthrough;
- case ZPCI_FN_STATE_STANDBY:
- if (zdev->has_hp_slot)
- zpci_exit_slot(zdev);
- spin_lock(&zpci_list_lock);
- list_del(&zdev->entry);
- spin_unlock(&zpci_list_lock);
- zpci_dbg(3, "rsv fid:%x\n", zdev->fid);
- fallthrough;
- case ZPCI_FN_STATE_RESERVED:
- if (zdev->has_resources)
- zpci_cleanup_bus_resources(zdev);
- zpci_bus_device_unregister(zdev);
- zpci_destroy_iommu(zdev);
- fallthrough;
- default:
- break;
- }
+ if (zdev->has_hp_slot)
+ zpci_exit_slot(zdev);
+
+ if (zdev->has_resources)
+ zpci_cleanup_bus_resources(zdev);
+
+ zpci_bus_device_unregister(zdev);
+ zpci_destroy_iommu(zdev);
zpci_dbg(3, "rem fid:%x\n", zdev->fid);
kfree_rcu(zdev, rcu);
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 626/817] net_sched: sch_fq: dont follow the fast path if Tx is behind now
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (624 preceding siblings ...)
2024-12-03 14:43 ` [PATCH 6.11 625/817] s390/pci: Fix potential double remove of hotplug slot Greg Kroah-Hartman
@ 2024-12-03 14:43 ` Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 627/817] xen: Fix the issue of resource not being properly released in xenbus_dev_probe() Greg Kroah-Hartman
` (200 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:43 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jakub Kicinski, Eric Dumazet,
Paolo Abeni
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jakub Kicinski <kuba@kernel.org>
commit 122aba8c80618eca904490b1733af27fb8f07528 upstream.
Recent kernels cause a lot of TCP retransmissions
[ ID] Interval Transfer Bitrate Retr Cwnd
[ 5] 0.00-1.00 sec 2.24 GBytes 19.2 Gbits/sec 2767 442 KBytes
[ 5] 1.00-2.00 sec 2.23 GBytes 19.1 Gbits/sec 2312 350 KBytes
^^^^
Replacing the qdisc with pfifo makes retransmissions go away.
It appears that a flow may have a delayed packet with a very near
Tx time. Later, we may get busy processing Rx and the target Tx time
will pass, but we won't service Tx since the CPU is busy with Rx.
If Rx sees an ACK and we try to push more data for the delayed flow
we may fastpath the skb, not realizing that there are already "ready
to send" packets for this flow sitting in the qdisc.
Don't trust the fastpath if we are "behind" according to the projected
Tx time for next flow waiting in the Qdisc. Because we consider anything
within the offload window to be okay for fastpath we must consider
the entire offload window as "now".
Qdisc config:
qdisc fq 8001: dev eth0 parent 1234:1 limit 10000p flow_limit 100p \
buckets 32768 orphan_mask 1023 bands 3 \
priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1 \
weights 589824 196608 65536 quantum 3028b initial_quantum 15140b \
low_rate_threshold 550Kbit \
refill_delay 40ms timer_slack 10us horizon 10s horizon_drop
For iperf this change seems to do fine, the reordering is gone.
The fastpath still gets used most of the time:
gc 0 highprio 0 fastpath 142614 throttled 418309 latency 19.1us
xx_behind 2731
where "xx_behind" counts how many times we hit the new "return false".
CC: stable@vger.kernel.org
Fixes: 076433bd78d7 ("net_sched: sch_fq: add fast path for mostly idle qdisc")
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Link: https://patch.msgid.link/20241124022148.3126719-1-kuba@kernel.org
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
[stable: drop the offload horizon, it's not supported / 0]
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/sched/sch_fq.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/net/sched/sch_fq.c
+++ b/net/sched/sch_fq.c
@@ -331,6 +331,12 @@ static bool fq_fastpath_check(const stru
*/
if (q->internal.qlen >= 8)
return false;
+
+ /* Ordering invariants fall apart if some delayed flows
+ * are ready but we haven't serviced them, yet.
+ */
+ if (q->time_next_delayed_flow <= now)
+ return false;
}
sk = skb->sk;
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 627/817] xen: Fix the issue of resource not being properly released in xenbus_dev_probe()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (625 preceding siblings ...)
2024-12-03 14:43 ` [PATCH 6.11 626/817] net_sched: sch_fq: dont follow the fast path if Tx is behind now Greg Kroah-Hartman
@ 2024-12-03 14:43 ` Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 628/817] ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices Greg Kroah-Hartman
` (199 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:43 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Qiu-ji Chen, Juergen Gross
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Qiu-ji Chen <chenqiuji666@gmail.com>
commit afc545da381ba0c651b2658966ac737032676f01 upstream.
This patch fixes an issue in the function xenbus_dev_probe(). In the
xenbus_dev_probe() function, within the if (err) branch at line 313, the
program incorrectly returns err directly without releasing the resources
allocated by err = drv->probe(dev, id). As the return value is non-zero,
the upper layers assume the processing logic has failed. However, the probe
operation was performed earlier without a corresponding remove operation.
Since the probe actually allocates resources, failing to perform the remove
operation could lead to problems.
To fix this issue, we followed the resource release logic of the
xenbus_dev_remove() function by adding a new block fail_remove before the
fail_put block. After entering the branch if (err) at line 313, the
function will use a goto statement to jump to the fail_remove block,
ensuring that the previously acquired resources are correctly released,
thus preventing the reference count leak.
This bug was identified by an experimental static analysis tool developed
by our team. The tool specializes in analyzing reference count operations
and detecting potential issues where resources are not properly managed.
In this case, the tool flagged the missing release operation as a
potential problem, which led to the development of this patch.
Fixes: 4bac07c993d0 ("xen: add the Xenbus sysfs and virtual device hotplug driver")
Cc: stable@vger.kernel.org
Signed-off-by: Qiu-ji Chen <chenqiuji666@gmail.com>
Reviewed-by: Juergen Gross <jgross@suse.com>
Message-ID: <20241105130919.4621-1-chenqiuji666@gmail.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/xen/xenbus/xenbus_probe.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
--- a/drivers/xen/xenbus/xenbus_probe.c
+++ b/drivers/xen/xenbus/xenbus_probe.c
@@ -313,7 +313,7 @@ int xenbus_dev_probe(struct device *_dev
if (err) {
dev_warn(&dev->dev, "watch_otherend on %s failed.\n",
dev->nodename);
- return err;
+ goto fail_remove;
}
dev->spurious_threshold = 1;
@@ -322,6 +322,12 @@ int xenbus_dev_probe(struct device *_dev
dev->nodename);
return 0;
+fail_remove:
+ if (drv->remove) {
+ down(&dev->reclaim_sem);
+ drv->remove(dev);
+ up(&dev->reclaim_sem);
+ }
fail_put:
module_put(drv->driver.owner);
fail:
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 628/817] ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (626 preceding siblings ...)
2024-12-03 14:43 ` [PATCH 6.11 627/817] xen: Fix the issue of resource not being properly released in xenbus_dev_probe() Greg Kroah-Hartman
@ 2024-12-03 14:43 ` Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 629/817] ALSA: usb-audio: Fix out of bounds reads when finding clock sources Greg Kroah-Hartman
` (198 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:43 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Benoît Sevens, stable,
Takashi Iwai
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Benoît Sevens <bsevens@google.com>
commit b909df18ce2a998afef81d58bbd1a05dc0788c40 upstream.
A bogus device can provide a bNumConfigurations value that exceeds the
initial value used in usb_get_configuration for allocating dev->config.
This can lead to out-of-bounds accesses later, e.g. in
usb_destroy_configuration.
Signed-off-by: Benoît Sevens <bsevens@google.com>
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Cc: stable@kernel.org
Link: https://patch.msgid.link/20241120124144.3814457-1-bsevens@google.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/usb/quirks.c | 27 +++++++++++++++++++++------
1 file changed, 21 insertions(+), 6 deletions(-)
--- a/sound/usb/quirks.c
+++ b/sound/usb/quirks.c
@@ -555,6 +555,7 @@ int snd_usb_create_quirk(struct snd_usb_
static int snd_usb_extigy_boot_quirk(struct usb_device *dev, struct usb_interface *intf)
{
struct usb_host_config *config = dev->actconfig;
+ struct usb_device_descriptor new_device_descriptor;
int err;
if (le16_to_cpu(get_cfg_desc(config)->wTotalLength) == EXTIGY_FIRMWARE_SIZE_OLD ||
@@ -566,10 +567,14 @@ static int snd_usb_extigy_boot_quirk(str
if (err < 0)
dev_dbg(&dev->dev, "error sending boot message: %d\n", err);
err = usb_get_descriptor(dev, USB_DT_DEVICE, 0,
- &dev->descriptor, sizeof(dev->descriptor));
- config = dev->actconfig;
+ &new_device_descriptor, sizeof(new_device_descriptor));
if (err < 0)
dev_dbg(&dev->dev, "error usb_get_descriptor: %d\n", err);
+ if (new_device_descriptor.bNumConfigurations > dev->descriptor.bNumConfigurations)
+ dev_dbg(&dev->dev, "error too large bNumConfigurations: %d\n",
+ new_device_descriptor.bNumConfigurations);
+ else
+ memcpy(&dev->descriptor, &new_device_descriptor, sizeof(dev->descriptor));
err = usb_reset_configuration(dev);
if (err < 0)
dev_dbg(&dev->dev, "error usb_reset_configuration: %d\n", err);
@@ -901,6 +906,7 @@ static void mbox2_setup_48_24_magic(stru
static int snd_usb_mbox2_boot_quirk(struct usb_device *dev)
{
struct usb_host_config *config = dev->actconfig;
+ struct usb_device_descriptor new_device_descriptor;
int err;
u8 bootresponse[0x12];
int fwsize;
@@ -936,10 +942,14 @@ static int snd_usb_mbox2_boot_quirk(stru
dev_dbg(&dev->dev, "device initialised!\n");
err = usb_get_descriptor(dev, USB_DT_DEVICE, 0,
- &dev->descriptor, sizeof(dev->descriptor));
- config = dev->actconfig;
+ &new_device_descriptor, sizeof(new_device_descriptor));
if (err < 0)
dev_dbg(&dev->dev, "error usb_get_descriptor: %d\n", err);
+ if (new_device_descriptor.bNumConfigurations > dev->descriptor.bNumConfigurations)
+ dev_dbg(&dev->dev, "error too large bNumConfigurations: %d\n",
+ new_device_descriptor.bNumConfigurations);
+ else
+ memcpy(&dev->descriptor, &new_device_descriptor, sizeof(dev->descriptor));
err = usb_reset_configuration(dev);
if (err < 0)
@@ -1249,6 +1259,7 @@ static void mbox3_setup_defaults(struct
static int snd_usb_mbox3_boot_quirk(struct usb_device *dev)
{
struct usb_host_config *config = dev->actconfig;
+ struct usb_device_descriptor new_device_descriptor;
int err;
int descriptor_size;
@@ -1262,10 +1273,14 @@ static int snd_usb_mbox3_boot_quirk(stru
dev_dbg(&dev->dev, "MBOX3: device initialised!\n");
err = usb_get_descriptor(dev, USB_DT_DEVICE, 0,
- &dev->descriptor, sizeof(dev->descriptor));
- config = dev->actconfig;
+ &new_device_descriptor, sizeof(new_device_descriptor));
if (err < 0)
dev_dbg(&dev->dev, "MBOX3: error usb_get_descriptor: %d\n", err);
+ if (new_device_descriptor.bNumConfigurations > dev->descriptor.bNumConfigurations)
+ dev_dbg(&dev->dev, "MBOX3: error too large bNumConfigurations: %d\n",
+ new_device_descriptor.bNumConfigurations);
+ else
+ memcpy(&dev->descriptor, &new_device_descriptor, sizeof(dev->descriptor));
err = usb_reset_configuration(dev);
if (err < 0)
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 629/817] ALSA: usb-audio: Fix out of bounds reads when finding clock sources
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (627 preceding siblings ...)
2024-12-03 14:43 ` [PATCH 6.11 628/817] ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices Greg Kroah-Hartman
@ 2024-12-03 14:43 ` Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 630/817] usb: ehci-spear: fix call balance of sehci clk handling routines Greg Kroah-Hartman
` (197 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:43 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Benoît Sevens, Takashi Iwai
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Takashi Iwai <tiwai@suse.de>
commit a3dd4d63eeb452cfb064a13862fb376ab108f6a6 upstream.
The current USB-audio driver code doesn't check bLength of each
descriptor at traversing for clock descriptors. That is, when a
device provides a bogus descriptor with a shorter bLength, the driver
might hit out-of-bounds reads.
For addressing it, this patch adds sanity checks to the validator
functions for the clock descriptor traversal. When the descriptor
length is shorter than expected, it's skipped in the loop.
For the clock source and clock multiplier descriptors, we can just
check bLength against the sizeof() of each descriptor type.
OTOH, the clock selector descriptor of UAC2 and UAC3 has an array
of bNrInPins elements and two more fields at its tail, hence those
have to be checked in addition to the sizeof() check.
Reported-by: Benoît Sevens <bsevens@google.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/20241121140613.3651-1-bsevens@google.com
Link: https://patch.msgid.link/20241125144629.20757-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/usb/clock.c | 24 +++++++++++++++++++++++-
1 file changed, 23 insertions(+), 1 deletion(-)
--- a/sound/usb/clock.c
+++ b/sound/usb/clock.c
@@ -36,6 +36,12 @@ union uac23_clock_multiplier_desc {
struct uac_clock_multiplier_descriptor v3;
};
+/* check whether the descriptor bLength has the minimal length */
+#define DESC_LENGTH_CHECK(p, proto) \
+ ((proto) == UAC_VERSION_3 ? \
+ ((p)->v3.bLength >= sizeof((p)->v3)) : \
+ ((p)->v2.bLength >= sizeof((p)->v2)))
+
#define GET_VAL(p, proto, field) \
((proto) == UAC_VERSION_3 ? (p)->v3.field : (p)->v2.field)
@@ -58,6 +64,8 @@ static bool validate_clock_source(void *
{
union uac23_clock_source_desc *cs = p;
+ if (!DESC_LENGTH_CHECK(cs, proto))
+ return false;
return GET_VAL(cs, proto, bClockID) == id;
}
@@ -65,13 +73,27 @@ static bool validate_clock_selector(void
{
union uac23_clock_selector_desc *cs = p;
- return GET_VAL(cs, proto, bClockID) == id;
+ if (!DESC_LENGTH_CHECK(cs, proto))
+ return false;
+ if (GET_VAL(cs, proto, bClockID) != id)
+ return false;
+ /* additional length check for baCSourceID array (in bNrInPins size)
+ * and two more fields (which sizes depend on the protocol)
+ */
+ if (proto == UAC_VERSION_3)
+ return cs->v3.bLength >= sizeof(cs->v3) + cs->v3.bNrInPins +
+ 4 /* bmControls */ + 2 /* wCSelectorDescrStr */;
+ else
+ return cs->v2.bLength >= sizeof(cs->v2) + cs->v2.bNrInPins +
+ 1 /* bmControls */ + 1 /* iClockSelector */;
}
static bool validate_clock_multiplier(void *p, int id, int proto)
{
union uac23_clock_multiplier_desc *cs = p;
+ if (!DESC_LENGTH_CHECK(cs, proto))
+ return false;
return GET_VAL(cs, proto, bClockID) == id;
}
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 630/817] usb: ehci-spear: fix call balance of sehci clk handling routines
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (628 preceding siblings ...)
2024-12-03 14:43 ` [PATCH 6.11 629/817] ALSA: usb-audio: Fix out of bounds reads when finding clock sources Greg Kroah-Hartman
@ 2024-12-03 14:43 ` Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 631/817] usb: typec: ucsi: glink: fix off-by-one in connector_status Greg Kroah-Hartman
` (196 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:43 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Vitalii Mordan, Alan Stern
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Vitalii Mordan <mordan@ispras.ru>
commit 40c974826734836402abfd44efbf04f63a2cc1c1 upstream.
If the clock sehci->clk was not enabled in spear_ehci_hcd_drv_probe,
it should not be disabled in any path.
Conversely, if it was enabled in spear_ehci_hcd_drv_probe, it must be disabled
in all error paths to ensure proper cleanup.
Found by Linux Verification Center (linuxtesting.org) with Klever.
Fixes: 7675d6ba436f ("USB: EHCI: make ehci-spear a separate driver")
Cc: stable@vger.kernel.org
Signed-off-by: Vitalii Mordan <mordan@ispras.ru>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Link: https://lore.kernel.org/r/20241114230310.432213-1-mordan@ispras.ru
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/host/ehci-spear.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
--- a/drivers/usb/host/ehci-spear.c
+++ b/drivers/usb/host/ehci-spear.c
@@ -105,7 +105,9 @@ static int spear_ehci_hcd_drv_probe(stru
/* registers start at offset 0x0 */
hcd_to_ehci(hcd)->caps = hcd->regs;
- clk_prepare_enable(sehci->clk);
+ retval = clk_prepare_enable(sehci->clk);
+ if (retval)
+ goto err_put_hcd;
retval = usb_add_hcd(hcd, irq, IRQF_SHARED);
if (retval)
goto err_stop_ehci;
@@ -130,8 +132,7 @@ static void spear_ehci_hcd_drv_remove(st
usb_remove_hcd(hcd);
- if (sehci->clk)
- clk_disable_unprepare(sehci->clk);
+ clk_disable_unprepare(sehci->clk);
usb_put_hcd(hcd);
}
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 631/817] usb: typec: ucsi: glink: fix off-by-one in connector_status
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (629 preceding siblings ...)
2024-12-03 14:43 ` [PATCH 6.11 630/817] usb: ehci-spear: fix call balance of sehci clk handling routines Greg Kroah-Hartman
@ 2024-12-03 14:43 ` Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 632/817] dm-cache: fix warnings about duplicate slab caches Greg Kroah-Hartman
` (195 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:43 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Abel Vesa, Neil Armstrong,
Johan Hovold, Dmitry Baryshkov
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
commit 4a22918810980897393fa1776ea3877e4baf8cca upstream.
UCSI connector's indices start from 1 up to 3, PMIC_GLINK_MAX_PORTS.
Correct the condition in the pmic_glink_ucsi_connector_status()
callback, fixing Type-C orientation reporting for the third USB-C
connector.
Fixes: 76716fd5bf09 ("usb: typec: ucsi: glink: move GPIO reading into connector_status callback")
Cc: stable@vger.kernel.org
Reported-by: Abel Vesa <abel.vesa@linaro.org>
Reviewed-by: Neil Armstrong <neil.armstrong@linaro.org>
Reviewed-by: Johan Hovold <johan+linaro@kernel.org>
Tested-by: Johan Hovold <johan+linaro@kernel.org>
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Link: https://lore.kernel.org/r/20241109-ucsi-glue-fixes-v2-1-8b21ff4f9fbe@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/typec/ucsi/ucsi_glink.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/usb/typec/ucsi/ucsi_glink.c b/drivers/usb/typec/ucsi/ucsi_glink.c
index 3e4d88ab338e..2e12758000a7 100644
--- a/drivers/usb/typec/ucsi/ucsi_glink.c
+++ b/drivers/usb/typec/ucsi/ucsi_glink.c
@@ -185,7 +185,7 @@ static void pmic_glink_ucsi_connector_status(struct ucsi_connector *con)
struct pmic_glink_ucsi *ucsi = ucsi_get_drvdata(con->ucsi);
int orientation;
- if (con->num >= PMIC_GLINK_MAX_PORTS ||
+ if (con->num > PMIC_GLINK_MAX_PORTS ||
!ucsi->port_orientation[con->num - 1])
return;
--
2.47.1
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 632/817] dm-cache: fix warnings about duplicate slab caches
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (630 preceding siblings ...)
2024-12-03 14:43 ` [PATCH 6.11 631/817] usb: typec: ucsi: glink: fix off-by-one in connector_status Greg Kroah-Hartman
@ 2024-12-03 14:43 ` Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 633/817] dm-bufio: " Greg Kroah-Hartman
` (194 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:43 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Mikulas Patocka
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mikulas Patocka <mpatocka@redhat.com>
commit 346dbf1b1345476a6524512892cceb931bee3039 upstream.
The commit 4c39529663b9 adds a warning about duplicate cache names if
CONFIG_DEBUG_VM is selected. These warnings are triggered by the dm-cache
code.
The dm-cache code allocates a slab cache for each device. This commit
changes it to allocate just one slab cache in the module init function.
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Fixes: 4c39529663b9 ("slab: Warn on duplicate cache names when DEBUG_VM=y")
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/dm-cache-background-tracker.c | 25 ++++++-------------------
drivers/md/dm-cache-background-tracker.h | 8 ++++++++
drivers/md/dm-cache-target.c | 25 ++++++++++++++++++++-----
3 files changed, 34 insertions(+), 24 deletions(-)
--- a/drivers/md/dm-cache-background-tracker.c
+++ b/drivers/md/dm-cache-background-tracker.c
@@ -11,12 +11,6 @@
#define DM_MSG_PREFIX "dm-background-tracker"
-struct bt_work {
- struct list_head list;
- struct rb_node node;
- struct policy_work work;
-};
-
struct background_tracker {
unsigned int max_work;
atomic_t pending_promotes;
@@ -26,10 +20,10 @@ struct background_tracker {
struct list_head issued;
struct list_head queued;
struct rb_root pending;
-
- struct kmem_cache *work_cache;
};
+struct kmem_cache *btracker_work_cache = NULL;
+
struct background_tracker *btracker_create(unsigned int max_work)
{
struct background_tracker *b = kmalloc(sizeof(*b), GFP_KERNEL);
@@ -48,12 +42,6 @@ struct background_tracker *btracker_crea
INIT_LIST_HEAD(&b->queued);
b->pending = RB_ROOT;
- b->work_cache = KMEM_CACHE(bt_work, 0);
- if (!b->work_cache) {
- DMERR("couldn't create mempool for background work items");
- kfree(b);
- b = NULL;
- }
return b;
}
@@ -66,10 +54,9 @@ void btracker_destroy(struct background_
BUG_ON(!list_empty(&b->issued));
list_for_each_entry_safe (w, tmp, &b->queued, list) {
list_del(&w->list);
- kmem_cache_free(b->work_cache, w);
+ kmem_cache_free(btracker_work_cache, w);
}
- kmem_cache_destroy(b->work_cache);
kfree(b);
}
EXPORT_SYMBOL_GPL(btracker_destroy);
@@ -180,7 +167,7 @@ static struct bt_work *alloc_work(struct
if (max_work_reached(b))
return NULL;
- return kmem_cache_alloc(b->work_cache, GFP_NOWAIT);
+ return kmem_cache_alloc(btracker_work_cache, GFP_NOWAIT);
}
int btracker_queue(struct background_tracker *b,
@@ -203,7 +190,7 @@ int btracker_queue(struct background_tra
* There was a race, we'll just ignore this second
* bit of work for the same oblock.
*/
- kmem_cache_free(b->work_cache, w);
+ kmem_cache_free(btracker_work_cache, w);
return -EINVAL;
}
@@ -244,7 +231,7 @@ void btracker_complete(struct background
update_stats(b, &w->work, -1);
rb_erase(&w->node, &b->pending);
list_del(&w->list);
- kmem_cache_free(b->work_cache, w);
+ kmem_cache_free(btracker_work_cache, w);
}
EXPORT_SYMBOL_GPL(btracker_complete);
--- a/drivers/md/dm-cache-background-tracker.h
+++ b/drivers/md/dm-cache-background-tracker.h
@@ -26,6 +26,14 @@
* protected with a spinlock.
*/
+struct bt_work {
+ struct list_head list;
+ struct rb_node node;
+ struct policy_work work;
+};
+
+extern struct kmem_cache *btracker_work_cache;
+
struct background_work;
struct background_tracker;
--- a/drivers/md/dm-cache-target.c
+++ b/drivers/md/dm-cache-target.c
@@ -10,6 +10,7 @@
#include "dm-bio-record.h"
#include "dm-cache-metadata.h"
#include "dm-io-tracker.h"
+#include "dm-cache-background-tracker.h"
#include <linux/dm-io.h>
#include <linux/dm-kcopyd.h>
@@ -2263,7 +2264,7 @@ static int parse_cache_args(struct cache
/*----------------------------------------------------------------*/
-static struct kmem_cache *migration_cache;
+static struct kmem_cache *migration_cache = NULL;
#define NOT_CORE_OPTION 1
@@ -3449,22 +3450,36 @@ static int __init dm_cache_init(void)
int r;
migration_cache = KMEM_CACHE(dm_cache_migration, 0);
- if (!migration_cache)
- return -ENOMEM;
+ if (!migration_cache) {
+ r = -ENOMEM;
+ goto err;
+ }
+
+ btracker_work_cache = kmem_cache_create("dm_cache_bt_work",
+ sizeof(struct bt_work), __alignof__(struct bt_work), 0, NULL);
+ if (!btracker_work_cache) {
+ r = -ENOMEM;
+ goto err;
+ }
r = dm_register_target(&cache_target);
if (r) {
- kmem_cache_destroy(migration_cache);
- return r;
+ goto err;
}
return 0;
+
+err:
+ kmem_cache_destroy(migration_cache);
+ kmem_cache_destroy(btracker_work_cache);
+ return r;
}
static void __exit dm_cache_exit(void)
{
dm_unregister_target(&cache_target);
kmem_cache_destroy(migration_cache);
+ kmem_cache_destroy(btracker_work_cache);
}
module_init(dm_cache_init);
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 633/817] dm-bufio: fix warnings about duplicate slab caches
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (631 preceding siblings ...)
2024-12-03 14:43 ` [PATCH 6.11 632/817] dm-cache: fix warnings about duplicate slab caches Greg Kroah-Hartman
@ 2024-12-03 14:43 ` Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 634/817] ASoC: Intel: sst: Fix used of uninitialized ctx to log an error Greg Kroah-Hartman
` (193 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:43 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Mikulas Patocka
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mikulas Patocka <mpatocka@redhat.com>
commit 42964e4b5e3ac95090bdd23ed7da2a941ccd902c upstream.
The commit 4c39529663b9 adds a warning about duplicate cache names if
CONFIG_DEBUG_VM is selected. These warnings are triggered by the dm-bufio
code. The dm-bufio code allocates a slab cache with each client. It is
not possible to preallocate the caches in the module init function
because the size of auxiliary per-buffer data is not known at this point.
So, this commit changes dm-bufio so that it appends a unique atomic value
to the cache name, to avoid the warnings.
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Fixes: 4c39529663b9 ("slab: Warn on duplicate cache names when DEBUG_VM=y")
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/dm-bufio.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
--- a/drivers/md/dm-bufio.c
+++ b/drivers/md/dm-bufio.c
@@ -2474,7 +2474,8 @@ struct dm_bufio_client *dm_bufio_client_
int r;
unsigned int num_locks;
struct dm_bufio_client *c;
- char slab_name[27];
+ char slab_name[64];
+ static atomic_t seqno = ATOMIC_INIT(0);
if (!block_size || block_size & ((1 << SECTOR_SHIFT) - 1)) {
DMERR("%s: block size not specified or is not multiple of 512b", __func__);
@@ -2525,7 +2526,8 @@ struct dm_bufio_client *dm_bufio_client_
(block_size < PAGE_SIZE || !is_power_of_2(block_size))) {
unsigned int align = min(1U << __ffs(block_size), (unsigned int)PAGE_SIZE);
- snprintf(slab_name, sizeof(slab_name), "dm_bufio_cache-%u", block_size);
+ snprintf(slab_name, sizeof(slab_name), "dm_bufio_cache-%u-%u",
+ block_size, atomic_inc_return(&seqno));
c->slab_cache = kmem_cache_create(slab_name, block_size, align,
SLAB_RECLAIM_ACCOUNT, NULL);
if (!c->slab_cache) {
@@ -2534,9 +2536,11 @@ struct dm_bufio_client *dm_bufio_client_
}
}
if (aux_size)
- snprintf(slab_name, sizeof(slab_name), "dm_bufio_buffer-%u", aux_size);
+ snprintf(slab_name, sizeof(slab_name), "dm_bufio_buffer-%u-%u",
+ aux_size, atomic_inc_return(&seqno));
else
- snprintf(slab_name, sizeof(slab_name), "dm_bufio_buffer");
+ snprintf(slab_name, sizeof(slab_name), "dm_bufio_buffer-%u",
+ atomic_inc_return(&seqno));
c->slab_buffer = kmem_cache_create(slab_name, sizeof(struct dm_buffer) + aux_size,
0, SLAB_RECLAIM_ACCOUNT, NULL);
if (!c->slab_buffer) {
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 634/817] ASoC: Intel: sst: Fix used of uninitialized ctx to log an error
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (632 preceding siblings ...)
2024-12-03 14:43 ` [PATCH 6.11 633/817] dm-bufio: " Greg Kroah-Hartman
@ 2024-12-03 14:43 ` Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 635/817] soc: qcom: socinfo: fix revision check in qcom_socinfo_probe() Greg Kroah-Hartman
` (192 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:43 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, kernel test robot, Hans de Goede,
Mark Brown
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hans de Goede <hdegoede@redhat.com>
commit c1895ba181e560144601fafe46aeedbafdf4dbc4 upstream.
Fix the new "LPE0F28" code path using the uninitialized ctx variable
to log an error.
Fixes: 6668610b4d8c ("ASoC: Intel: sst: Support LPE0F28 ACPI HID")
Reported-by: kernel test robot <lkp@intel.com>
Closes: https://lore.kernel.org/oe-kbuild-all/202410261106.EBx49ssy-lkp@intel.com/
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Link: https://patch.msgid.link/20241026143615.171821-1-hdegoede@redhat.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/soc/intel/atom/sst/sst_acpi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/sound/soc/intel/atom/sst/sst_acpi.c
+++ b/sound/soc/intel/atom/sst/sst_acpi.c
@@ -308,7 +308,7 @@ static int sst_acpi_probe(struct platfor
rsrc = platform_get_resource(pdev, IORESOURCE_MEM,
pdata->res_info->acpi_lpe_res_index);
if (!rsrc) {
- dev_err(ctx->dev, "Invalid SHIM base\n");
+ dev_err(dev, "Invalid SHIM base\n");
return -EIO;
}
rsrc->start -= pdata->res_info->shim_offset;
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 635/817] soc: qcom: socinfo: fix revision check in qcom_socinfo_probe()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (633 preceding siblings ...)
2024-12-03 14:43 ` [PATCH 6.11 634/817] ASoC: Intel: sst: Fix used of uninitialized ctx to log an error Greg Kroah-Hartman
@ 2024-12-03 14:43 ` Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 636/817] irqdomain: Always associate interrupts for legacy domains Greg Kroah-Hartman
` (191 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:43 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Manikanta Mylavarapu, Konrad Dybcio,
Bjorn Andersson
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Manikanta Mylavarapu <quic_mmanikan@quicinc.com>
commit 128fdbf36cddc2a901c4889ba1c89fa9f2643f2c upstream.
In success case, the revision holds a non-null pointer. The current
logic incorrectly returns an error for a non-null pointer, whereas
it should return an error for a null pointer.
The socinfo driver for IPQ9574 and IPQ5332 is currently broken,
resulting in the following error message
qcom-socinfo qcom-socinfo: probe with driver qcom-socinfo failed with
error -12
Add a null check for the revision to ensure it returns an error only in
failure case (null pointer).
Fixes: e694d2b5c58b ("soc: qcom: Add check devm_kasprintf() returned value")
Signed-off-by: Manikanta Mylavarapu <quic_mmanikan@quicinc.com>
Reviewed-by: Konrad Dybcio <konrad.dybcio@oss.qualcomm.com>
Link: https://lore.kernel.org/r/20241016144852.2888679-1-quic_mmanikan@quicinc.com
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/soc/qcom/socinfo.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/soc/qcom/socinfo.c
+++ b/drivers/soc/qcom/socinfo.c
@@ -782,7 +782,7 @@ static int qcom_socinfo_probe(struct pla
qs->attr.revision = devm_kasprintf(&pdev->dev, GFP_KERNEL, "%u.%u",
SOCINFO_MAJOR(le32_to_cpu(info->ver)),
SOCINFO_MINOR(le32_to_cpu(info->ver)));
- if (!qs->attr.soc_id || qs->attr.revision)
+ if (!qs->attr.soc_id || !qs->attr.revision)
return -ENOMEM;
if (offsetof(struct socinfo, serial_num) <= item_size) {
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 636/817] irqdomain: Always associate interrupts for legacy domains
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (634 preceding siblings ...)
2024-12-03 14:43 ` [PATCH 6.11 635/817] soc: qcom: socinfo: fix revision check in qcom_socinfo_probe() Greg Kroah-Hartman
@ 2024-12-03 14:43 ` Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 637/817] ext4: supress data-race warnings in ext4_free_inodes_{count,set}() Greg Kroah-Hartman
` (190 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:43 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Jiaxun Yang, Thomas Gleixner
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Matti Vaittinen <mazziesaccount@gmail.com>
commit 24d02c4e53e2f02da16b2ae8a1bc92553110ca25 upstream.
The unification of irq_domain_create_legacy() missed the fact that
interrupts must be associated even when the Linux interrupt number provided
in the first_irq argument is 0.
This breaks all call sites of irq_domain_create_legacy() which supply 0 as
the first_irq argument.
Enforce the association for legacy domains in __irq_domain_instantiate() to
cure this.
[ tglx: Massaged it slightly. ]
Fixes: 70114e7f7585 ("irqdomain: Simplify simple and legacy domain creation")
Reported-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Signed-off-by Matti Vaittinen <mazziesaccount@gmail.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Tested-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Link: https://lore.kernel.org/all/c3379142-10bc-4f14-b8ac-a46927aeac38@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/irq/irqdomain.c | 16 ++++++++++------
1 file changed, 10 insertions(+), 6 deletions(-)
--- a/kernel/irq/irqdomain.c
+++ b/kernel/irq/irqdomain.c
@@ -300,7 +300,7 @@ static void irq_domain_instantiate_descs
}
static struct irq_domain *__irq_domain_instantiate(const struct irq_domain_info *info,
- bool cond_alloc_descs)
+ bool cond_alloc_descs, bool force_associate)
{
struct irq_domain *domain;
int err;
@@ -336,8 +336,12 @@ static struct irq_domain *__irq_domain_i
if (cond_alloc_descs && info->virq_base > 0)
irq_domain_instantiate_descs(info);
- /* Legacy interrupt domains have a fixed Linux interrupt number */
- if (info->virq_base > 0) {
+ /*
+ * Legacy interrupt domains have a fixed Linux interrupt number
+ * associated. Other interrupt domains can request association by
+ * providing a Linux interrupt number > 0.
+ */
+ if (force_associate || info->virq_base > 0) {
irq_domain_associate_many(domain, info->virq_base, info->hwirq_base,
info->size - info->hwirq_base);
}
@@ -360,7 +364,7 @@ err_domain_free:
*/
struct irq_domain *irq_domain_instantiate(const struct irq_domain_info *info)
{
- return __irq_domain_instantiate(info, false);
+ return __irq_domain_instantiate(info, false, false);
}
EXPORT_SYMBOL_GPL(irq_domain_instantiate);
@@ -464,7 +468,7 @@ struct irq_domain *irq_domain_create_sim
.ops = ops,
.host_data = host_data,
};
- struct irq_domain *domain = __irq_domain_instantiate(&info, true);
+ struct irq_domain *domain = __irq_domain_instantiate(&info, true, false);
return IS_ERR(domain) ? NULL : domain;
}
@@ -513,7 +517,7 @@ struct irq_domain *irq_domain_create_leg
.ops = ops,
.host_data = host_data,
};
- struct irq_domain *domain = irq_domain_instantiate(&info);
+ struct irq_domain *domain = __irq_domain_instantiate(&info, false, true);
return IS_ERR(domain) ? NULL : domain;
}
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 637/817] ext4: supress data-race warnings in ext4_free_inodes_{count,set}()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (635 preceding siblings ...)
2024-12-03 14:43 ` [PATCH 6.11 636/817] irqdomain: Always associate interrupts for legacy domains Greg Kroah-Hartman
@ 2024-12-03 14:43 ` Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 638/817] ext4: fix FS_IOC_GETFSMAP handling Greg Kroah-Hartman
` (189 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:43 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jeongjun Park, Andreas Dilger,
Theodore Tso
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jeongjun Park <aha310510@gmail.com>
commit 902cc179c931a033cd7f4242353aa2733bf8524c upstream.
find_group_other() and find_group_orlov() read *_lo, *_hi with
ext4_free_inodes_count without additional locking. This can cause
data-race warning, but since the lock is held for most writes and free
inodes value is generally not a problem even if it is incorrect, it is
more appropriate to use READ_ONCE()/WRITE_ONCE() than to add locking.
==================================================================
BUG: KCSAN: data-race in ext4_free_inodes_count / ext4_free_inodes_set
write to 0xffff88810404300e of 2 bytes by task 6254 on cpu 1:
ext4_free_inodes_set+0x1f/0x80 fs/ext4/super.c:405
__ext4_new_inode+0x15ca/0x2200 fs/ext4/ialloc.c:1216
ext4_symlink+0x242/0x5a0 fs/ext4/namei.c:3391
vfs_symlink+0xca/0x1d0 fs/namei.c:4615
do_symlinkat+0xe3/0x340 fs/namei.c:4641
__do_sys_symlinkat fs/namei.c:4657 [inline]
__se_sys_symlinkat fs/namei.c:4654 [inline]
__x64_sys_symlinkat+0x5e/0x70 fs/namei.c:4654
x64_sys_call+0x1dda/0x2d60 arch/x86/include/generated/asm/syscalls_64.h:267
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0x54/0x120 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x76/0x7e
read to 0xffff88810404300e of 2 bytes by task 6257 on cpu 0:
ext4_free_inodes_count+0x1c/0x80 fs/ext4/super.c:349
find_group_other fs/ext4/ialloc.c:594 [inline]
__ext4_new_inode+0x6ec/0x2200 fs/ext4/ialloc.c:1017
ext4_symlink+0x242/0x5a0 fs/ext4/namei.c:3391
vfs_symlink+0xca/0x1d0 fs/namei.c:4615
do_symlinkat+0xe3/0x340 fs/namei.c:4641
__do_sys_symlinkat fs/namei.c:4657 [inline]
__se_sys_symlinkat fs/namei.c:4654 [inline]
__x64_sys_symlinkat+0x5e/0x70 fs/namei.c:4654
x64_sys_call+0x1dda/0x2d60 arch/x86/include/generated/asm/syscalls_64.h:267
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0x54/0x120 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x76/0x7e
Cc: stable@vger.kernel.org
Signed-off-by: Jeongjun Park <aha310510@gmail.com>
Reviewed-by: Andreas Dilger <adilger@dilger.ca>
Link: https://patch.msgid.link/20241003125337.47283-1-aha310510@gmail.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/super.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -353,9 +353,9 @@ __u32 ext4_free_group_clusters(struct su
__u32 ext4_free_inodes_count(struct super_block *sb,
struct ext4_group_desc *bg)
{
- return le16_to_cpu(bg->bg_free_inodes_count_lo) |
+ return le16_to_cpu(READ_ONCE(bg->bg_free_inodes_count_lo)) |
(EXT4_DESC_SIZE(sb) >= EXT4_MIN_DESC_SIZE_64BIT ?
- (__u32)le16_to_cpu(bg->bg_free_inodes_count_hi) << 16 : 0);
+ (__u32)le16_to_cpu(READ_ONCE(bg->bg_free_inodes_count_hi)) << 16 : 0);
}
__u32 ext4_used_dirs_count(struct super_block *sb,
@@ -409,9 +409,9 @@ void ext4_free_group_clusters_set(struct
void ext4_free_inodes_set(struct super_block *sb,
struct ext4_group_desc *bg, __u32 count)
{
- bg->bg_free_inodes_count_lo = cpu_to_le16((__u16)count);
+ WRITE_ONCE(bg->bg_free_inodes_count_lo, cpu_to_le16((__u16)count));
if (EXT4_DESC_SIZE(sb) >= EXT4_MIN_DESC_SIZE_64BIT)
- bg->bg_free_inodes_count_hi = cpu_to_le16(count >> 16);
+ WRITE_ONCE(bg->bg_free_inodes_count_hi, cpu_to_le16(count >> 16));
}
void ext4_used_dirs_set(struct super_block *sb,
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 638/817] ext4: fix FS_IOC_GETFSMAP handling
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (636 preceding siblings ...)
2024-12-03 14:43 ` [PATCH 6.11 637/817] ext4: supress data-race warnings in ext4_free_inodes_{count,set}() Greg Kroah-Hartman
@ 2024-12-03 14:43 ` Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 639/817] jfs: xattr: check invalid xattr size more strictly Greg Kroah-Hartman
` (188 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:43 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Theodore Tso
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Theodore Ts'o <tytso@mit.edu>
commit 4a622e4d477bb12ad5ed4abbc7ad1365de1fa347 upstream.
The original implementation ext4's FS_IOC_GETFSMAP handling only
worked when the range of queried blocks included at least one free
(unallocated) block range. This is because how the metadata blocks
were emitted was as a side effect of ext4_mballoc_query_range()
calling ext4_getfsmap_datadev_helper(), and that function was only
called when a free block range was identified. As a result, this
caused generic/365 to fail.
Fix this by creating a new function ext4_getfsmap_meta_helper() which
gets called so that blocks before the first free block range in a
block group can get properly reported.
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/fsmap.c | 54 +++++++++++++++++++++++++++++++++++++++++++++++++++++-
fs/ext4/mballoc.c | 18 ++++++++++++++----
fs/ext4/mballoc.h | 1 +
3 files changed, 68 insertions(+), 5 deletions(-)
--- a/fs/ext4/fsmap.c
+++ b/fs/ext4/fsmap.c
@@ -185,6 +185,56 @@ static inline ext4_fsblk_t ext4_fsmap_ne
return fmr->fmr_physical + fmr->fmr_length;
}
+static int ext4_getfsmap_meta_helper(struct super_block *sb,
+ ext4_group_t agno, ext4_grpblk_t start,
+ ext4_grpblk_t len, void *priv)
+{
+ struct ext4_getfsmap_info *info = priv;
+ struct ext4_fsmap *p;
+ struct ext4_fsmap *tmp;
+ struct ext4_sb_info *sbi = EXT4_SB(sb);
+ ext4_fsblk_t fsb, fs_start, fs_end;
+ int error;
+
+ fs_start = fsb = (EXT4_C2B(sbi, start) +
+ ext4_group_first_block_no(sb, agno));
+ fs_end = fs_start + EXT4_C2B(sbi, len);
+
+ /* Return relevant extents from the meta_list */
+ list_for_each_entry_safe(p, tmp, &info->gfi_meta_list, fmr_list) {
+ if (p->fmr_physical < info->gfi_next_fsblk) {
+ list_del(&p->fmr_list);
+ kfree(p);
+ continue;
+ }
+ if (p->fmr_physical <= fs_start ||
+ p->fmr_physical + p->fmr_length <= fs_end) {
+ /* Emit the retained free extent record if present */
+ if (info->gfi_lastfree.fmr_owner) {
+ error = ext4_getfsmap_helper(sb, info,
+ &info->gfi_lastfree);
+ if (error)
+ return error;
+ info->gfi_lastfree.fmr_owner = 0;
+ }
+ error = ext4_getfsmap_helper(sb, info, p);
+ if (error)
+ return error;
+ fsb = p->fmr_physical + p->fmr_length;
+ if (info->gfi_next_fsblk < fsb)
+ info->gfi_next_fsblk = fsb;
+ list_del(&p->fmr_list);
+ kfree(p);
+ continue;
+ }
+ }
+ if (info->gfi_next_fsblk < fsb)
+ info->gfi_next_fsblk = fsb;
+
+ return 0;
+}
+
+
/* Transform a blockgroup's free record into a fsmap */
static int ext4_getfsmap_datadev_helper(struct super_block *sb,
ext4_group_t agno, ext4_grpblk_t start,
@@ -539,6 +589,7 @@ static int ext4_getfsmap_datadev(struct
error = ext4_mballoc_query_range(sb, info->gfi_agno,
EXT4_B2C(sbi, info->gfi_low.fmr_physical),
EXT4_B2C(sbi, info->gfi_high.fmr_physical),
+ ext4_getfsmap_meta_helper,
ext4_getfsmap_datadev_helper, info);
if (error)
goto err;
@@ -560,7 +611,8 @@ static int ext4_getfsmap_datadev(struct
/* Report any gaps at the end of the bg */
info->gfi_last = true;
- error = ext4_getfsmap_datadev_helper(sb, end_ag, last_cluster, 0, info);
+ error = ext4_getfsmap_datadev_helper(sb, end_ag, last_cluster + 1,
+ 0, info);
if (error)
goto err;
--- a/fs/ext4/mballoc.c
+++ b/fs/ext4/mballoc.c
@@ -6998,13 +6998,14 @@ int
ext4_mballoc_query_range(
struct super_block *sb,
ext4_group_t group,
- ext4_grpblk_t start,
+ ext4_grpblk_t first,
ext4_grpblk_t end,
+ ext4_mballoc_query_range_fn meta_formatter,
ext4_mballoc_query_range_fn formatter,
void *priv)
{
void *bitmap;
- ext4_grpblk_t next;
+ ext4_grpblk_t start, next;
struct ext4_buddy e4b;
int error;
@@ -7015,10 +7016,19 @@ ext4_mballoc_query_range(
ext4_lock_group(sb, group);
- start = max(e4b.bd_info->bb_first_free, start);
+ start = max(e4b.bd_info->bb_first_free, first);
if (end >= EXT4_CLUSTERS_PER_GROUP(sb))
end = EXT4_CLUSTERS_PER_GROUP(sb) - 1;
-
+ if (meta_formatter && start != first) {
+ if (start > end)
+ start = end;
+ ext4_unlock_group(sb, group);
+ error = meta_formatter(sb, group, first, start - first,
+ priv);
+ if (error)
+ goto out_unload;
+ ext4_lock_group(sb, group);
+ }
while (start <= end) {
start = mb_find_next_zero_bit(bitmap, end + 1, start);
if (start > end)
--- a/fs/ext4/mballoc.h
+++ b/fs/ext4/mballoc.h
@@ -259,6 +259,7 @@ ext4_mballoc_query_range(
ext4_group_t agno,
ext4_grpblk_t start,
ext4_grpblk_t end,
+ ext4_mballoc_query_range_fn meta_formatter,
ext4_mballoc_query_range_fn formatter,
void *priv);
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 639/817] jfs: xattr: check invalid xattr size more strictly
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (637 preceding siblings ...)
2024-12-03 14:43 ` [PATCH 6.11 638/817] ext4: fix FS_IOC_GETFSMAP handling Greg Kroah-Hartman
@ 2024-12-03 14:43 ` Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 640/817] ASoC: amd: yc: Add a quirk for microfone on Lenovo ThinkPad P14s Gen 5 21MES00B00 Greg Kroah-Hartman
` (187 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:43 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Artem Sadovnikov, Dave Kleikamp
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Artem Sadovnikov <ancowi69@gmail.com>
commit d9f9d96136cba8fedd647d2c024342ce090133c2 upstream.
Commit 7c55b78818cf ("jfs: xattr: fix buffer overflow for invalid xattr")
also addresses this issue but it only fixes it for positive values, while
ea_size is an integer type and can take negative values, e.g. in case of
a corrupted filesystem. This still breaks validation and would overflow
because of implicit conversion from int to size_t in print_hex_dump().
Fix this issue by clamping the ea_size value instead.
Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
Cc: stable@vger.kernel.org
Signed-off-by: Artem Sadovnikov <ancowi69@gmail.com>
Signed-off-by: Dave Kleikamp <dave.kleikamp@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/jfs/xattr.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/jfs/xattr.c
+++ b/fs/jfs/xattr.c
@@ -559,7 +559,7 @@ static int ea_get(struct inode *inode, s
size_check:
if (EALIST_SIZE(ea_buf->xattr) != ea_size) {
- int size = min_t(int, EALIST_SIZE(ea_buf->xattr), ea_size);
+ int size = clamp_t(int, ea_size, 0, EALIST_SIZE(ea_buf->xattr));
printk(KERN_ERR "ea_get: invalid extended attribute\n");
print_hex_dump(KERN_ERR, "", DUMP_PREFIX_ADDRESS, 16, 1,
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 640/817] ASoC: amd: yc: Add a quirk for microfone on Lenovo ThinkPad P14s Gen 5 21MES00B00
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (638 preceding siblings ...)
2024-12-03 14:43 ` [PATCH 6.11 639/817] jfs: xattr: check invalid xattr size more strictly Greg Kroah-Hartman
@ 2024-12-03 14:43 ` Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 641/817] ASoC: codecs: Fix atomicity violation in snd_soc_component_get_drvdata() Greg Kroah-Hartman
` (186 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:43 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Ilya Zverev, Mark Brown
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ilya Zverev <ilya@zverev.info>
commit b682aa788e5f9f1ddacdfbb453e49fd3f4e83721 upstream.
New ThinkPads need new quirk entries. Ilya has tested this one.
Laptop product id is 21MES00B00, though the shorthand 21ME works.
Closes: https://bugzilla.kernel.org/show_bug.cgi?id=219533
Cc: stable@vger.kernel.org
Signed-off-by: Ilya Zverev <ilya@zverev.info>
Link: https://patch.msgid.link/20241127134420.14471-1-ilya@zverev.info
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/soc/amd/yc/acp6x-mach.c | 7 +++++++
1 file changed, 7 insertions(+)
--- a/sound/soc/amd/yc/acp6x-mach.c
+++ b/sound/soc/amd/yc/acp6x-mach.c
@@ -245,6 +245,13 @@ static const struct dmi_system_id yc_acp
.driver_data = &acp6x_card,
.matches = {
DMI_MATCH(DMI_BOARD_VENDOR, "LENOVO"),
+ DMI_MATCH(DMI_PRODUCT_NAME, "21ME"),
+ }
+ },
+ {
+ .driver_data = &acp6x_card,
+ .matches = {
+ DMI_MATCH(DMI_BOARD_VENDOR, "LENOVO"),
DMI_MATCH(DMI_PRODUCT_NAME, "82QF"),
}
},
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 641/817] ASoC: codecs: Fix atomicity violation in snd_soc_component_get_drvdata()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (639 preceding siblings ...)
2024-12-03 14:43 ` [PATCH 6.11 640/817] ASoC: amd: yc: Add a quirk for microfone on Lenovo ThinkPad P14s Gen 5 21MES00B00 Greg Kroah-Hartman
@ 2024-12-03 14:43 ` Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 642/817] ASoC: da7213: Populate max_register to regmap_config Greg Kroah-Hartman
` (185 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:43 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Qiu-ji Chen, Mark Brown
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Qiu-ji Chen <chenqiuji666@gmail.com>
commit 1157733344651ca505e259d6554591ff156922fa upstream.
An atomicity violation occurs when the validity of the variables
da7219->clk_src and da7219->mclk_rate is being assessed. Since the entire
assessment is not protected by a lock, the da7219 variable might still be
in flux during the assessment, rendering this check invalid.
To fix this issue, we recommend adding a lock before the block
if ((da7219->clk_src == clk_id) && (da7219->mclk_rate == freq)) so that
the legitimacy check for da7219->clk_src and da7219->mclk_rate is
protected by the lock, ensuring the validity of the check.
This possible bug is found by an experimental static analysis tool
developed by our team. This tool analyzes the locking APIs
to extract function pairs that can be concurrently executed, and then
analyzes the instructions in the paired functions to identify possible
concurrency bugs including data races and atomicity violations.
Fixes: 6d817c0e9fd7 ("ASoC: codecs: Add da7219 codec driver")
Cc: stable@vger.kernel.org
Signed-off-by: Qiu-ji Chen <chenqiuji666@gmail.com>
Link: https://patch.msgid.link/20240930101216.23723-1-chenqiuji666@gmail.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/soc/codecs/da7219.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
--- a/sound/soc/codecs/da7219.c
+++ b/sound/soc/codecs/da7219.c
@@ -1167,17 +1167,20 @@ static int da7219_set_dai_sysclk(struct
struct da7219_priv *da7219 = snd_soc_component_get_drvdata(component);
int ret = 0;
- if ((da7219->clk_src == clk_id) && (da7219->mclk_rate == freq))
+ mutex_lock(&da7219->pll_lock);
+
+ if ((da7219->clk_src == clk_id) && (da7219->mclk_rate == freq)) {
+ mutex_unlock(&da7219->pll_lock);
return 0;
+ }
if ((freq < 2000000) || (freq > 54000000)) {
+ mutex_unlock(&da7219->pll_lock);
dev_err(codec_dai->dev, "Unsupported MCLK value %d\n",
freq);
return -EINVAL;
}
- mutex_lock(&da7219->pll_lock);
-
switch (clk_id) {
case DA7219_CLKSRC_MCLK_SQR:
snd_soc_component_update_bits(component, DA7219_PLL_CTRL,
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 642/817] ASoC: da7213: Populate max_register to regmap_config
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (640 preceding siblings ...)
2024-12-03 14:43 ` [PATCH 6.11 641/817] ASoC: codecs: Fix atomicity violation in snd_soc_component_get_drvdata() Greg Kroah-Hartman
@ 2024-12-03 14:43 ` Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 643/817] perf/x86/intel/pt: Fix buffer full but size is 0 case Greg Kroah-Hartman
` (184 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:43 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Claudiu Beznea, Mark Brown
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Claudiu Beznea <claudiu.beznea.uj@bp.renesas.com>
commit 9d4f9f6a7bb1afbde57d08c98f2db4ff019ee19d upstream.
On the Renesas RZ/G3S SMARC Carrier II board having a DA7212 codec (using
da7213 driver) connected to one SSIF-2 available on the Renesas RZ/G3S SoC
it has been discovered that using the runtime PM API for suspend/resume
(as will be proposed in the following commits) leads to the codec not
being propertly initialized after resume. This is because w/o
max_register populated to regmap_config the regcache_rbtree_sync()
breaks on base_reg > max condition and the regcache_sync_block() call is
skipped.
Fixes: ef5c2eba2412 ("ASoC: codecs: Add da7213 codec")
Cc: stable@vger.kernel.org
Signed-off-by: Claudiu Beznea <claudiu.beznea.uj@bp.renesas.com>
Link: https://patch.msgid.link/20241106081826.1211088-23-claudiu.beznea.uj@bp.renesas.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/soc/codecs/da7213.c | 1 +
1 file changed, 1 insertion(+)
--- a/sound/soc/codecs/da7213.c
+++ b/sound/soc/codecs/da7213.c
@@ -2136,6 +2136,7 @@ static const struct regmap_config da7213
.reg_bits = 8,
.val_bits = 8,
+ .max_register = DA7213_TONE_GEN_OFF_PER,
.reg_defaults = da7213_reg_defaults,
.num_reg_defaults = ARRAY_SIZE(da7213_reg_defaults),
.volatile_reg = da7213_volatile_register,
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 643/817] perf/x86/intel/pt: Fix buffer full but size is 0 case
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (641 preceding siblings ...)
2024-12-03 14:43 ` [PATCH 6.11 642/817] ASoC: da7213: Populate max_register to regmap_config Greg Kroah-Hartman
@ 2024-12-03 14:43 ` Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 644/817] crypto: x86/aegis128 - access 32-bit arguments as 32-bit Greg Kroah-Hartman
` (183 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:43 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Adrian Hunter,
Peter Zijlstra (Intel)
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Adrian Hunter <adrian.hunter@intel.com>
commit 5b590160d2cf776b304eb054afafea2bd55e3620 upstream.
If the trace data buffer becomes full, a truncated flag [T] is reported
in PERF_RECORD_AUX. In some cases, the size reported is 0, even though
data must have been added to make the buffer full.
That happens when the buffer fills up from empty to full before the
Intel PT driver has updated the buffer position. Then the driver
calculates the new buffer position before calculating the data size.
If the old and new positions are the same, the data size is reported
as 0, even though it is really the whole buffer size.
Fix by detecting when the buffer position is wrapped, and adjust the
data size calculation accordingly.
Example
Use a very small buffer size (8K) and observe the size of truncated [T]
data. Before the fix, it is possible to see records of 0 size.
Before:
$ perf record -m,8K -e intel_pt// uname
Linux
[ perf record: Woken up 2 times to write data ]
[ perf record: Captured and wrote 0.105 MB perf.data ]
$ perf script -D --no-itrace | grep AUX | grep -F '[T]'
Warning:
AUX data lost 2 times out of 3!
5 19462712368111 0x19710 [0x40]: PERF_RECORD_AUX offset: 0 size: 0 flags: 0x1 [T]
5 19462712700046 0x19ba8 [0x40]: PERF_RECORD_AUX offset: 0x170 size: 0xe90 flags: 0x1 [T]
After:
$ perf record -m,8K -e intel_pt// uname
Linux
[ perf record: Woken up 3 times to write data ]
[ perf record: Captured and wrote 0.040 MB perf.data ]
$ perf script -D --no-itrace | grep AUX | grep -F '[T]'
Warning:
AUX data lost 2 times out of 3!
1 113720802995 0x4948 [0x40]: PERF_RECORD_AUX offset: 0 size: 0x2000 flags: 0x1 [T]
1 113720979812 0x6b10 [0x40]: PERF_RECORD_AUX offset: 0x2000 size: 0x2000 flags: 0x1 [T]
Fixes: 52ca9ced3f70 ("perf/x86/intel/pt: Add Intel PT PMU driver")
Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: stable@vger.kernel.org
Link: https://lkml.kernel.org/r/20241022155920.17511-2-adrian.hunter@intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/events/intel/pt.c | 11 ++++++++---
arch/x86/events/intel/pt.h | 2 ++
2 files changed, 10 insertions(+), 3 deletions(-)
--- a/arch/x86/events/intel/pt.c
+++ b/arch/x86/events/intel/pt.c
@@ -828,11 +828,13 @@ static void pt_buffer_advance(struct pt_
buf->cur_idx++;
if (buf->cur_idx == buf->cur->last) {
- if (buf->cur == buf->last)
+ if (buf->cur == buf->last) {
buf->cur = buf->first;
- else
+ buf->wrapped = true;
+ } else {
buf->cur = list_entry(buf->cur->list.next, struct topa,
list);
+ }
buf->cur_idx = 0;
}
}
@@ -846,8 +848,11 @@ static void pt_buffer_advance(struct pt_
static void pt_update_head(struct pt *pt)
{
struct pt_buffer *buf = perf_get_aux(&pt->handle);
+ bool wrapped = buf->wrapped;
u64 topa_idx, base, old;
+ buf->wrapped = false;
+
if (buf->single) {
local_set(&buf->data_size, buf->output_off);
return;
@@ -865,7 +870,7 @@ static void pt_update_head(struct pt *pt
} else {
old = (local64_xchg(&buf->head, base) &
((buf->nr_pages << PAGE_SHIFT) - 1));
- if (base < old)
+ if (base < old || (base == old && wrapped))
base += buf->nr_pages << PAGE_SHIFT;
local_add(base - old, &buf->data_size);
--- a/arch/x86/events/intel/pt.h
+++ b/arch/x86/events/intel/pt.h
@@ -65,6 +65,7 @@ struct pt_pmu {
* @head: logical write offset inside the buffer
* @snapshot: if this is for a snapshot/overwrite counter
* @single: use Single Range Output instead of ToPA
+ * @wrapped: buffer advance wrapped back to the first topa table
* @stop_pos: STOP topa entry index
* @intr_pos: INT topa entry index
* @stop_te: STOP topa entry pointer
@@ -82,6 +83,7 @@ struct pt_buffer {
local64_t head;
bool snapshot;
bool single;
+ bool wrapped;
long stop_pos, intr_pos;
struct topa_entry *stop_te, *intr_te;
void **data_pages;
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 644/817] crypto: x86/aegis128 - access 32-bit arguments as 32-bit
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (642 preceding siblings ...)
2024-12-03 14:43 ` [PATCH 6.11 643/817] perf/x86/intel/pt: Fix buffer full but size is 0 case Greg Kroah-Hartman
@ 2024-12-03 14:43 ` Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 645/817] KVM: x86: switch hugepage recovery thread to vhost_task Greg Kroah-Hartman
` (182 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:43 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ondrej Mosnacek, Eric Biggers,
Herbert Xu
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Biggers <ebiggers@google.com>
commit 3b2f2d22fb424e9bebda4dbf6676cbfc7f9f62cd upstream.
Fix the AEGIS assembly code to access 'unsigned int' arguments as 32-bit
values instead of 64-bit, since the upper bits of the corresponding
64-bit registers are not guaranteed to be zero.
Note: there haven't been any reports of this bug actually causing
incorrect behavior. Neither gcc nor clang guarantee zero-extension to
64 bits, but zero-extension is likely to happen in practice because most
instructions that operate on 32-bit registers zero-extend to 64 bits.
Fixes: 1d373d4e8e15 ("crypto: x86 - Add optimized AEGIS implementations")
Cc: stable@vger.kernel.org
Reviewed-by: Ondrej Mosnacek <omosnace@redhat.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/crypto/aegis128-aesni-asm.S | 29 +++++++++++++++--------------
1 file changed, 15 insertions(+), 14 deletions(-)
--- a/arch/x86/crypto/aegis128-aesni-asm.S
+++ b/arch/x86/crypto/aegis128-aesni-asm.S
@@ -21,7 +21,7 @@
#define T1 %xmm7
#define STATEP %rdi
-#define LEN %rsi
+#define LEN %esi
#define SRC %rdx
#define DST %rcx
@@ -76,32 +76,32 @@ SYM_FUNC_START_LOCAL(__load_partial)
xor %r9d, %r9d
pxor MSG, MSG
- mov LEN, %r8
+ mov LEN, %r8d
and $0x1, %r8
jz .Lld_partial_1
- mov LEN, %r8
+ mov LEN, %r8d
and $0x1E, %r8
add SRC, %r8
mov (%r8), %r9b
.Lld_partial_1:
- mov LEN, %r8
+ mov LEN, %r8d
and $0x2, %r8
jz .Lld_partial_2
- mov LEN, %r8
+ mov LEN, %r8d
and $0x1C, %r8
add SRC, %r8
shl $0x10, %r9
mov (%r8), %r9w
.Lld_partial_2:
- mov LEN, %r8
+ mov LEN, %r8d
and $0x4, %r8
jz .Lld_partial_4
- mov LEN, %r8
+ mov LEN, %r8d
and $0x18, %r8
add SRC, %r8
shl $32, %r9
@@ -111,11 +111,11 @@ SYM_FUNC_START_LOCAL(__load_partial)
.Lld_partial_4:
movq %r9, MSG
- mov LEN, %r8
+ mov LEN, %r8d
and $0x8, %r8
jz .Lld_partial_8
- mov LEN, %r8
+ mov LEN, %r8d
and $0x10, %r8
add SRC, %r8
pslldq $8, MSG
@@ -139,7 +139,7 @@ SYM_FUNC_END(__load_partial)
* %r10
*/
SYM_FUNC_START_LOCAL(__store_partial)
- mov LEN, %r8
+ mov LEN, %r8d
mov DST, %r9
movq T0, %r10
@@ -677,7 +677,7 @@ SYM_TYPED_FUNC_START(crypto_aegis128_aes
call __store_partial
/* mask with byte count: */
- movq LEN, T0
+ movd LEN, T0
punpcklbw T0, T0
punpcklbw T0, T0
punpcklbw T0, T0
@@ -702,7 +702,8 @@ SYM_FUNC_END(crypto_aegis128_aesni_dec_t
/*
* void crypto_aegis128_aesni_final(void *state, void *tag_xor,
- * u64 assoclen, u64 cryptlen);
+ * unsigned int assoclen,
+ * unsigned int cryptlen);
*/
SYM_FUNC_START(crypto_aegis128_aesni_final)
FRAME_BEGIN
@@ -715,8 +716,8 @@ SYM_FUNC_START(crypto_aegis128_aesni_fin
movdqu 0x40(STATEP), STATE4
/* prepare length block: */
- movq %rdx, MSG
- movq %rcx, T0
+ movd %edx, MSG
+ movd %ecx, T0
pslldq $8, T0
pxor T0, MSG
psllq $3, MSG /* multiply by 8 (to get bit count) */
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 645/817] KVM: x86: switch hugepage recovery thread to vhost_task
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (643 preceding siblings ...)
2024-12-03 14:43 ` [PATCH 6.11 644/817] crypto: x86/aegis128 - access 32-bit arguments as 32-bit Greg Kroah-Hartman
@ 2024-12-03 14:43 ` Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 646/817] KVM: x86/mmu: Skip the "try unsync" path iff the old SPTE was a leaf SPTE Greg Kroah-Hartman
` (181 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:43 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Tejun Heo, Luca Boccassi,
Sean Christopherson, Paolo Bonzini
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Paolo Bonzini <pbonzini@redhat.com>
commit d96c77bd4eeba469bddbbb14323d2191684da82a upstream.
kvm_vm_create_worker_thread() is meant to be used for kthreads that
can consume significant amounts of CPU time on behalf of a VM or in
response to how the VM behaves (for example how it accesses its memory).
Therefore it wants to charge the CPU time consumed by that work to
the VM's container.
However, because of these threads, cgroups which have kvm instances
inside never complete freezing. This can be trivially reproduced:
root@test ~# mkdir /sys/fs/cgroup/test
root@test ~# echo $$ > /sys/fs/cgroup/test/cgroup.procs
root@test ~# qemu-system-x86_64 -nographic -enable-kvm
and in another terminal:
root@test ~# echo 1 > /sys/fs/cgroup/test/cgroup.freeze
root@test ~# cat /sys/fs/cgroup/test/cgroup.events
populated 1
frozen 0
The cgroup freezing happens in the signal delivery path but
kvm_nx_huge_page_recovery_worker, while joining non-root cgroups, never
calls into the signal delivery path and thus never gets frozen. Because
the cgroup freezer determines whether a given cgroup is frozen by
comparing the number of frozen threads to the total number of threads
in the cgroup, the cgroup never becomes frozen and users waiting for
the state transition may hang indefinitely.
Since the worker kthread is tied to a user process, it's better if
it behaves similarly to user tasks as much as possible, including
being able to send SIGSTOP and SIGCONT. In fact, vhost_task is all
that kvm_vm_create_worker_thread() wanted to be and more: not only it
inherits the userspace process's cgroups, it has other niceties like
being parented properly in the process tree. Use it instead of the
homegrown alternative.
Incidentally, the new code is also better behaved when you flip recovery
back and forth to disabled and back to enabled. If your recovery period
is 1 minute, it will run the next recovery after 1 minute independent
of how many times you flipped the parameter.
(Commit message based on emails from Tejun).
Reported-by: Tejun Heo <tj@kernel.org>
Reported-by: Luca Boccassi <bluca@debian.org>
Acked-by: Tejun Heo <tj@kernel.org>
Tested-by: Luca Boccassi <bluca@debian.org>
Cc: stable@vger.kernel.org
Reviewed-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/include/asm/kvm_host.h | 4 +
arch/x86/kvm/Kconfig | 1
arch/x86/kvm/mmu/mmu.c | 68 ++++++++++++--------------
include/linux/kvm_host.h | 6 --
virt/kvm/kvm_main.c | 103 ----------------------------------------
5 files changed, 35 insertions(+), 147 deletions(-)
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -26,6 +26,7 @@
#include <linux/irqbypass.h>
#include <linux/hyperv.h>
#include <linux/kfifo.h>
+#include <linux/sched/vhost_task.h>
#include <asm/apic.h>
#include <asm/pvclock-abi.h>
@@ -1445,7 +1446,8 @@ struct kvm_arch {
bool sgx_provisioning_allowed;
struct kvm_x86_pmu_event_filter __rcu *pmu_event_filter;
- struct task_struct *nx_huge_page_recovery_thread;
+ struct vhost_task *nx_huge_page_recovery_thread;
+ u64 nx_huge_page_last;
#ifdef CONFIG_X86_64
/* The number of TDP MMU pages across all roots. */
--- a/arch/x86/kvm/Kconfig
+++ b/arch/x86/kvm/Kconfig
@@ -29,6 +29,7 @@ config KVM
select HAVE_KVM_IRQ_BYPASS
select HAVE_KVM_IRQ_ROUTING
select HAVE_KVM_READONLY_MEM
+ select VHOST_TASK
select KVM_ASYNC_PF
select USER_RETURN_NOTIFIER
select KVM_MMIO
--- a/arch/x86/kvm/mmu/mmu.c
+++ b/arch/x86/kvm/mmu/mmu.c
@@ -7160,7 +7160,7 @@ static int set_nx_huge_pages(const char
kvm_mmu_zap_all_fast(kvm);
mutex_unlock(&kvm->slots_lock);
- wake_up_process(kvm->arch.nx_huge_page_recovery_thread);
+ vhost_task_wake(kvm->arch.nx_huge_page_recovery_thread);
}
mutex_unlock(&kvm_lock);
}
@@ -7306,7 +7306,7 @@ static int set_nx_huge_pages_recovery_pa
mutex_lock(&kvm_lock);
list_for_each_entry(kvm, &vm_list, vm_list)
- wake_up_process(kvm->arch.nx_huge_page_recovery_thread);
+ vhost_task_wake(kvm->arch.nx_huge_page_recovery_thread);
mutex_unlock(&kvm_lock);
}
@@ -7409,62 +7409,56 @@ static void kvm_recover_nx_huge_pages(st
srcu_read_unlock(&kvm->srcu, rcu_idx);
}
-static long get_nx_huge_page_recovery_timeout(u64 start_time)
+static void kvm_nx_huge_page_recovery_worker_kill(void *data)
{
- bool enabled;
- uint period;
-
- enabled = calc_nx_huge_pages_recovery_period(&period);
-
- return enabled ? start_time + msecs_to_jiffies(period) - get_jiffies_64()
- : MAX_SCHEDULE_TIMEOUT;
}
-static int kvm_nx_huge_page_recovery_worker(struct kvm *kvm, uintptr_t data)
+static bool kvm_nx_huge_page_recovery_worker(void *data)
{
- u64 start_time;
+ struct kvm *kvm = data;
+ bool enabled;
+ uint period;
long remaining_time;
- while (true) {
- start_time = get_jiffies_64();
- remaining_time = get_nx_huge_page_recovery_timeout(start_time);
-
- set_current_state(TASK_INTERRUPTIBLE);
- while (!kthread_should_stop() && remaining_time > 0) {
- schedule_timeout(remaining_time);
- remaining_time = get_nx_huge_page_recovery_timeout(start_time);
- set_current_state(TASK_INTERRUPTIBLE);
- }
-
- set_current_state(TASK_RUNNING);
-
- if (kthread_should_stop())
- return 0;
+ enabled = calc_nx_huge_pages_recovery_period(&period);
+ if (!enabled)
+ return false;
- kvm_recover_nx_huge_pages(kvm);
+ remaining_time = kvm->arch.nx_huge_page_last + msecs_to_jiffies(period)
+ - get_jiffies_64();
+ if (remaining_time > 0) {
+ schedule_timeout(remaining_time);
+ /* check for signals and come back */
+ return true;
}
+
+ __set_current_state(TASK_RUNNING);
+ kvm_recover_nx_huge_pages(kvm);
+ kvm->arch.nx_huge_page_last = get_jiffies_64();
+ return true;
}
int kvm_mmu_post_init_vm(struct kvm *kvm)
{
- int err;
-
if (nx_hugepage_mitigation_hard_disabled)
return 0;
- err = kvm_vm_create_worker_thread(kvm, kvm_nx_huge_page_recovery_worker, 0,
- "kvm-nx-lpage-recovery",
- &kvm->arch.nx_huge_page_recovery_thread);
- if (!err)
- kthread_unpark(kvm->arch.nx_huge_page_recovery_thread);
+ kvm->arch.nx_huge_page_last = get_jiffies_64();
+ kvm->arch.nx_huge_page_recovery_thread = vhost_task_create(
+ kvm_nx_huge_page_recovery_worker, kvm_nx_huge_page_recovery_worker_kill,
+ kvm, "kvm-nx-lpage-recovery");
- return err;
+ if (!kvm->arch.nx_huge_page_recovery_thread)
+ return -ENOMEM;
+
+ vhost_task_start(kvm->arch.nx_huge_page_recovery_thread);
+ return 0;
}
void kvm_mmu_pre_destroy_vm(struct kvm *kvm)
{
if (kvm->arch.nx_huge_page_recovery_thread)
- kthread_stop(kvm->arch.nx_huge_page_recovery_thread);
+ vhost_task_stop(kvm->arch.nx_huge_page_recovery_thread);
}
#ifdef CONFIG_KVM_GENERIC_MEMORY_ATTRIBUTES
--- a/include/linux/kvm_host.h
+++ b/include/linux/kvm_host.h
@@ -2370,12 +2370,6 @@ static inline int kvm_arch_vcpu_run_pid_
}
#endif /* CONFIG_HAVE_KVM_VCPU_RUN_PID_CHANGE */
-typedef int (*kvm_vm_thread_fn_t)(struct kvm *kvm, uintptr_t data);
-
-int kvm_vm_create_worker_thread(struct kvm *kvm, kvm_vm_thread_fn_t thread_fn,
- uintptr_t data, const char *name,
- struct task_struct **thread_ptr);
-
#ifdef CONFIG_KVM_XFER_TO_GUEST_WORK
static inline void kvm_handle_signal_exit(struct kvm_vcpu *vcpu)
{
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -6573,106 +6573,3 @@ void kvm_exit(void)
kvm_irqfd_exit();
}
EXPORT_SYMBOL_GPL(kvm_exit);
-
-struct kvm_vm_worker_thread_context {
- struct kvm *kvm;
- struct task_struct *parent;
- struct completion init_done;
- kvm_vm_thread_fn_t thread_fn;
- uintptr_t data;
- int err;
-};
-
-static int kvm_vm_worker_thread(void *context)
-{
- /*
- * The init_context is allocated on the stack of the parent thread, so
- * we have to locally copy anything that is needed beyond initialization
- */
- struct kvm_vm_worker_thread_context *init_context = context;
- struct task_struct *parent;
- struct kvm *kvm = init_context->kvm;
- kvm_vm_thread_fn_t thread_fn = init_context->thread_fn;
- uintptr_t data = init_context->data;
- int err;
-
- err = kthread_park(current);
- /* kthread_park(current) is never supposed to return an error */
- WARN_ON(err != 0);
- if (err)
- goto init_complete;
-
- err = cgroup_attach_task_all(init_context->parent, current);
- if (err) {
- kvm_err("%s: cgroup_attach_task_all failed with err %d\n",
- __func__, err);
- goto init_complete;
- }
-
- set_user_nice(current, task_nice(init_context->parent));
-
-init_complete:
- init_context->err = err;
- complete(&init_context->init_done);
- init_context = NULL;
-
- if (err)
- goto out;
-
- /* Wait to be woken up by the spawner before proceeding. */
- kthread_parkme();
-
- if (!kthread_should_stop())
- err = thread_fn(kvm, data);
-
-out:
- /*
- * Move kthread back to its original cgroup to prevent it lingering in
- * the cgroup of the VM process, after the latter finishes its
- * execution.
- *
- * kthread_stop() waits on the 'exited' completion condition which is
- * set in exit_mm(), via mm_release(), in do_exit(). However, the
- * kthread is removed from the cgroup in the cgroup_exit() which is
- * called after the exit_mm(). This causes the kthread_stop() to return
- * before the kthread actually quits the cgroup.
- */
- rcu_read_lock();
- parent = rcu_dereference(current->real_parent);
- get_task_struct(parent);
- rcu_read_unlock();
- cgroup_attach_task_all(parent, current);
- put_task_struct(parent);
-
- return err;
-}
-
-int kvm_vm_create_worker_thread(struct kvm *kvm, kvm_vm_thread_fn_t thread_fn,
- uintptr_t data, const char *name,
- struct task_struct **thread_ptr)
-{
- struct kvm_vm_worker_thread_context init_context = {};
- struct task_struct *thread;
-
- *thread_ptr = NULL;
- init_context.kvm = kvm;
- init_context.parent = current;
- init_context.thread_fn = thread_fn;
- init_context.data = data;
- init_completion(&init_context.init_done);
-
- thread = kthread_run(kvm_vm_worker_thread, &init_context,
- "%s-%d", name, task_pid_nr(current));
- if (IS_ERR(thread))
- return PTR_ERR(thread);
-
- /* kthread_run is never supposed to return NULL */
- WARN_ON(thread == NULL);
-
- wait_for_completion(&init_context.init_done);
-
- if (!init_context.err)
- *thread_ptr = thread;
-
- return init_context.err;
-}
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 646/817] KVM: x86/mmu: Skip the "try unsync" path iff the old SPTE was a leaf SPTE
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (644 preceding siblings ...)
2024-12-03 14:43 ` [PATCH 6.11 645/817] KVM: x86: switch hugepage recovery thread to vhost_task Greg Kroah-Hartman
@ 2024-12-03 14:43 ` Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 647/817] powerpc/pseries: Fix KVM guest detection for disabling hardlockup detector Greg Kroah-Hartman
` (180 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:43 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Alex Bennée,
Sean Christopherson, Dmitry Osipenko, Paolo Bonzini
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sean Christopherson <seanjc@google.com>
commit 2867eb782cf7f64c2ac427596133b6f9c3f64b7a upstream.
Apply make_spte()'s optimization to skip trying to unsync shadow pages if
and only if the old SPTE was a leaf SPTE, as non-leaf SPTEs in direct MMUs
are always writable, i.e. could trigger a false positive and incorrectly
lead to KVM creating a SPTE without write-protecting or marking shadow
pages unsync.
This bug only affects the TDP MMU, as the shadow MMU only overwrites a
shadow-present SPTE when synchronizing SPTEs (and only 4KiB SPTEs can be
unsync). Specifically, mmu_set_spte() drops any non-leaf SPTEs *before*
calling make_spte(), whereas the TDP MMU can do a direct replacement of a
page table with the leaf SPTE.
Opportunistically update the comment to explain why skipping the unsync
stuff is safe, as opposed to simply saying "it's someone else's problem".
Cc: stable@vger.kernel.org
Tested-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Sean Christopherson <seanjc@google.com>
Tested-by: Dmitry Osipenko <dmitry.osipenko@collabora.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-ID: <20241010182427.1434605-5-seanjc@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/mmu/spte.c | 18 +++++++++++++-----
1 file changed, 13 insertions(+), 5 deletions(-)
--- a/arch/x86/kvm/mmu/spte.c
+++ b/arch/x86/kvm/mmu/spte.c
@@ -226,12 +226,20 @@ bool make_spte(struct kvm_vcpu *vcpu, st
spte |= PT_WRITABLE_MASK | shadow_mmu_writable_mask;
/*
- * Optimization: for pte sync, if spte was writable the hash
- * lookup is unnecessary (and expensive). Write protection
- * is responsibility of kvm_mmu_get_page / kvm_mmu_sync_roots.
- * Same reasoning can be applied to dirty page accounting.
+ * When overwriting an existing leaf SPTE, and the old SPTE was
+ * writable, skip trying to unsync shadow pages as any relevant
+ * shadow pages must already be unsync, i.e. the hash lookup is
+ * unnecessary (and expensive).
+ *
+ * The same reasoning applies to dirty page/folio accounting;
+ * KVM will mark the folio dirty using the old SPTE, thus
+ * there's no need to immediately mark the new SPTE as dirty.
+ *
+ * Note, both cases rely on KVM not changing PFNs without first
+ * zapping the old SPTE, which is guaranteed by both the shadow
+ * MMU and the TDP MMU.
*/
- if (is_writable_pte(old_spte))
+ if (is_last_spte(old_spte, level) && is_writable_pte(old_spte))
goto out;
/*
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 647/817] powerpc/pseries: Fix KVM guest detection for disabling hardlockup detector
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (645 preceding siblings ...)
2024-12-03 14:43 ` [PATCH 6.11 646/817] KVM: x86/mmu: Skip the "try unsync" path iff the old SPTE was a leaf SPTE Greg Kroah-Hartman
@ 2024-12-03 14:43 ` Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 648/817] KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR Greg Kroah-Hartman
` (179 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:43 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Gautam Menghani, Michael Ellerman
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Gautam Menghani <gautam@linux.ibm.com>
commit 44e5d21e6d3fd2a1fed7f0327cf72e99397e2eaf upstream.
As per the kernel documentation[1], hardlockup detector should
be disabled in KVM guests as it may give false positives. On
PPC, hardlockup detector is enabled inside KVM guests because
disable_hardlockup_detector() is marked as early_initcall and it
relies on kvm_guest static key (is_kvm_guest()) which is initialized
later during boot by check_kvm_guest(), which is a core_initcall.
check_kvm_guest() is also called in pSeries_smp_probe(), which is called
before initcalls, but it is skipped if KVM guest does not have doorbell
support or if the guest is launched with SMT=1.
Call check_kvm_guest() in disable_hardlockup_detector() so that
is_kvm_guest() check goes through fine and hardlockup detector can be
disabled inside the KVM guest.
[1]: Documentation/admin-guide/sysctl/kernel.rst
Fixes: 633c8e9800f3 ("powerpc/pseries: Enable hardlockup watchdog for PowerVM partitions")
Cc: stable@vger.kernel.org # v5.14+
Signed-off-by: Gautam Menghani <gautam@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://patch.msgid.link/20241108094839.33084-1-gautam@linux.ibm.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/kernel/setup_64.c | 1 +
1 file changed, 1 insertion(+)
--- a/arch/powerpc/kernel/setup_64.c
+++ b/arch/powerpc/kernel/setup_64.c
@@ -920,6 +920,7 @@ static int __init disable_hardlockup_det
hardlockup_detector_disable();
#else
if (firmware_has_feature(FW_FEATURE_LPAR)) {
+ check_kvm_guest();
if (is_kvm_guest())
hardlockup_detector_disable();
}
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 648/817] KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (646 preceding siblings ...)
2024-12-03 14:43 ` [PATCH 6.11 647/817] powerpc/pseries: Fix KVM guest detection for disabling hardlockup detector Greg Kroah-Hartman
@ 2024-12-03 14:43 ` Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 649/817] KVM: arm64: Ignore PMCNTENSET_EL0 while checking for overflow status Greg Kroah-Hartman
` (178 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:43 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Alexander Potapenko, Marc Zyngier,
Oliver Upton
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Marc Zyngier <maz@kernel.org>
commit d561491ba927cb5634094ff311795e9d618e9b86 upstream.
Make sure we filter out non-LPI invalidation when handling writes
to GICR_INVLPIR.
Fixes: 4645d11f4a553 ("KVM: arm64: vgic-v3: Implement MMIO-based LPI invalidation")
Reported-by: Alexander Potapenko <glider@google.com>
Tested-by: Alexander Potapenko <glider@google.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20241117165757.247686-2-maz@kernel.org
Signed-off-by: Oliver Upton <oliver.upton@linux.dev>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/kvm/vgic/vgic-mmio-v3.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
--- a/arch/arm64/kvm/vgic/vgic-mmio-v3.c
+++ b/arch/arm64/kvm/vgic/vgic-mmio-v3.c
@@ -530,6 +530,7 @@ static void vgic_mmio_write_invlpi(struc
unsigned long val)
{
struct vgic_irq *irq;
+ u32 intid;
/*
* If the guest wrote only to the upper 32bit part of the
@@ -541,9 +542,13 @@ static void vgic_mmio_write_invlpi(struc
if ((addr & 4) || !vgic_lpis_enabled(vcpu))
return;
+ intid = lower_32_bits(val);
+ if (intid < VGIC_MIN_LPI)
+ return;
+
vgic_set_rdist_busy(vcpu, true);
- irq = vgic_get_irq(vcpu->kvm, NULL, lower_32_bits(val));
+ irq = vgic_get_irq(vcpu->kvm, NULL, intid);
if (irq) {
vgic_its_inv_lpi(vcpu->kvm, irq);
vgic_put_irq(vcpu->kvm, irq);
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 649/817] KVM: arm64: Ignore PMCNTENSET_EL0 while checking for overflow status
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (647 preceding siblings ...)
2024-12-03 14:43 ` [PATCH 6.11 648/817] KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR Greg Kroah-Hartman
@ 2024-12-03 14:43 ` Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 650/817] KVM: arm64: Dont retire aborted MMIO instruction Greg Kroah-Hartman
` (177 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:43 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Raghavendra Rao Ananta, Marc Zyngier,
Oliver Upton
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Raghavendra Rao Ananta <rananta@google.com>
commit 54bbee190d42166209185d89070c58a343bf514b upstream.
DDI0487K.a D13.3.1 describes the PMU overflow condition, which evaluates
to true if any counter's global enable (PMCR_EL0.E), overflow flag
(PMOVSSET_EL0[n]), and interrupt enable (PMINTENSET_EL1[n]) are all 1.
Of note, this does not require a counter to be enabled
(i.e. PMCNTENSET_EL0[n] = 1) to generate an overflow.
Align kvm_pmu_overflow_status() with the reality of the architecture
and stop using PMCNTENSET_EL0 as part of the overflow condition. The
bug was discovered while running an SBSA PMU test [*], which only sets
PMCR.E, PMOVSSET<0>, PMINTENSET<0>, and expects an overflow interrupt.
Cc: stable@vger.kernel.org
Fixes: 76d883c4e640 ("arm64: KVM: Add access handler for PMOVSSET and PMOVSCLR register")
Link: https://github.com/ARM-software/sbsa-acs/blob/master/test_pool/pmu/operating_system/test_pmu001.c
Signed-off-by: Raghavendra Rao Ananta <rananta@google.com>
[ oliver: massaged changelog ]
Reviewed-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20241120005230.2335682-2-oliver.upton@linux.dev
Signed-off-by: Oliver Upton <oliver.upton@linux.dev>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/kvm/pmu-emul.c | 1 -
1 file changed, 1 deletion(-)
--- a/arch/arm64/kvm/pmu-emul.c
+++ b/arch/arm64/kvm/pmu-emul.c
@@ -342,7 +342,6 @@ static u64 kvm_pmu_overflow_status(struc
if ((kvm_vcpu_read_pmcr(vcpu) & ARMV8_PMU_PMCR_E)) {
reg = __vcpu_sys_reg(vcpu, PMOVSSET_EL0);
- reg &= __vcpu_sys_reg(vcpu, PMCNTENSET_EL0);
reg &= __vcpu_sys_reg(vcpu, PMINTENSET_EL1);
}
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 650/817] KVM: arm64: Dont retire aborted MMIO instruction
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (648 preceding siblings ...)
2024-12-03 14:43 ` [PATCH 6.11 649/817] KVM: arm64: Ignore PMCNTENSET_EL0 while checking for overflow status Greg Kroah-Hartman
@ 2024-12-03 14:43 ` Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 651/817] KVM: arm64: vgic-its: Clear ITE when DISCARD frees an ITE Greg Kroah-Hartman
` (176 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:43 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Alexander Potapenko, Marc Zyngier,
Oliver Upton
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Oliver Upton <oliver.upton@linux.dev>
commit e735a5da64420a86be370b216c269b5dd8e830e2 upstream.
Returning an abort to the guest for an unsupported MMIO access is a
documented feature of the KVM UAPI. Nevertheless, it's clear that this
plumbing has seen limited testing, since userspace can trivially cause a
WARN in the MMIO return:
WARNING: CPU: 0 PID: 30558 at arch/arm64/include/asm/kvm_emulate.h:536 kvm_handle_mmio_return+0x46c/0x5c4 arch/arm64/include/asm/kvm_emulate.h:536
Call trace:
kvm_handle_mmio_return+0x46c/0x5c4 arch/arm64/include/asm/kvm_emulate.h:536
kvm_arch_vcpu_ioctl_run+0x98/0x15b4 arch/arm64/kvm/arm.c:1133
kvm_vcpu_ioctl+0x75c/0xa78 virt/kvm/kvm_main.c:4487
__do_sys_ioctl fs/ioctl.c:51 [inline]
__se_sys_ioctl fs/ioctl.c:893 [inline]
__arm64_sys_ioctl+0x14c/0x1c8 fs/ioctl.c:893
__invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49
el0_svc_common+0x1e0/0x23c arch/arm64/kernel/syscall.c:132
do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
el0_svc+0x38/0x68 arch/arm64/kernel/entry-common.c:712
el0t_64_sync_handler+0x90/0xfc arch/arm64/kernel/entry-common.c:730
el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598
The splat is complaining that KVM is advancing PC while an exception is
pending, i.e. that KVM is retiring the MMIO instruction despite a
pending synchronous external abort. Womp womp.
Fix the glaring UAPI bug by skipping over all the MMIO emulation in
case there is a pending synchronous exception. Note that while userspace
is capable of pending an asynchronous exception (SError, IRQ, or FIQ),
it is still safe to retire the MMIO instruction in this case as (1) they
are by definition asynchronous, and (2) KVM relies on hardware support
for pending/delivering these exceptions instead of the software state
machine for advancing PC.
Cc: stable@vger.kernel.org
Fixes: da345174ceca ("KVM: arm/arm64: Allow user injection of external data aborts")
Reported-by: Alexander Potapenko <glider@google.com>
Reviewed-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20241025203106.3529261-2-oliver.upton@linux.dev
Signed-off-by: Oliver Upton <oliver.upton@linux.dev>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/kvm/mmio.c | 32 ++++++++++++++++++++++++++++++--
1 file changed, 30 insertions(+), 2 deletions(-)
--- a/arch/arm64/kvm/mmio.c
+++ b/arch/arm64/kvm/mmio.c
@@ -72,6 +72,31 @@ unsigned long kvm_mmio_read_buf(const vo
return data;
}
+static bool kvm_pending_sync_exception(struct kvm_vcpu *vcpu)
+{
+ if (!vcpu_get_flag(vcpu, PENDING_EXCEPTION))
+ return false;
+
+ if (vcpu_el1_is_32bit(vcpu)) {
+ switch (vcpu_get_flag(vcpu, EXCEPT_MASK)) {
+ case unpack_vcpu_flag(EXCEPT_AA32_UND):
+ case unpack_vcpu_flag(EXCEPT_AA32_IABT):
+ case unpack_vcpu_flag(EXCEPT_AA32_DABT):
+ return true;
+ default:
+ return false;
+ }
+ } else {
+ switch (vcpu_get_flag(vcpu, EXCEPT_MASK)) {
+ case unpack_vcpu_flag(EXCEPT_AA64_EL1_SYNC):
+ case unpack_vcpu_flag(EXCEPT_AA64_EL2_SYNC):
+ return true;
+ default:
+ return false;
+ }
+ }
+}
+
/**
* kvm_handle_mmio_return -- Handle MMIO loads after user space emulation
* or in-kernel IO emulation
@@ -84,8 +109,11 @@ int kvm_handle_mmio_return(struct kvm_vc
unsigned int len;
int mask;
- /* Detect an already handled MMIO return */
- if (unlikely(!vcpu->mmio_needed))
+ /*
+ * Detect if the MMIO return was already handled or if userspace aborted
+ * the MMIO access.
+ */
+ if (unlikely(!vcpu->mmio_needed || kvm_pending_sync_exception(vcpu)))
return 1;
vcpu->mmio_needed = 0;
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 651/817] KVM: arm64: vgic-its: Clear ITE when DISCARD frees an ITE
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (649 preceding siblings ...)
2024-12-03 14:43 ` [PATCH 6.11 650/817] KVM: arm64: Dont retire aborted MMIO instruction Greg Kroah-Hartman
@ 2024-12-03 14:43 ` Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 652/817] KVM: arm64: Get rid of userspace_irqchip_in_use Greg Kroah-Hartman
` (175 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:43 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Kunkun Jiang, Jing Zhang,
Oliver Upton
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kunkun Jiang <jiangkunkun@huawei.com>
commit 7602ffd1d5e8927fadd5187cb4aed2fdc9c47143 upstream.
When DISCARD frees an ITE, it does not invalidate the
corresponding ITE. In the scenario of continuous saves and
restores, there may be a situation where an ITE is not saved
but is restored. This is unreasonable and may cause restore
to fail. This patch clears the corresponding ITE when DISCARD
frees an ITE.
Cc: stable@vger.kernel.org
Fixes: eff484e0298d ("KVM: arm64: vgic-its: ITT save and restore")
Signed-off-by: Kunkun Jiang <jiangkunkun@huawei.com>
[Jing: Update with entry write helper]
Signed-off-by: Jing Zhang <jingzhangos@google.com>
Link: https://lore.kernel.org/r/20241107214137.428439-6-jingzhangos@google.com
Signed-off-by: Oliver Upton <oliver.upton@linux.dev>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/kvm/vgic/vgic-its.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
--- a/arch/arm64/kvm/vgic/vgic-its.c
+++ b/arch/arm64/kvm/vgic/vgic-its.c
@@ -782,6 +782,9 @@ static int vgic_its_cmd_handle_discard(s
ite = find_ite(its, device_id, event_id);
if (ite && its_is_collection_mapped(ite->collection)) {
+ struct its_device *device = find_its_device(its, device_id);
+ int ite_esz = vgic_its_get_abi(its)->ite_esz;
+ gpa_t gpa = device->itt_addr + ite->event_id * ite_esz;
/*
* Though the spec talks about removing the pending state, we
* don't bother here since we clear the ITTE anyway and the
@@ -790,7 +793,8 @@ static int vgic_its_cmd_handle_discard(s
vgic_its_invalidate_cache(its);
its_free_ite(kvm, ite);
- return 0;
+
+ return vgic_its_write_entry_lock(its, gpa, 0, ite_esz);
}
return E_ITS_DISCARD_UNMAPPED_INTERRUPT;
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 652/817] KVM: arm64: Get rid of userspace_irqchip_in_use
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (650 preceding siblings ...)
2024-12-03 14:43 ` [PATCH 6.11 651/817] KVM: arm64: vgic-its: Clear ITE when DISCARD frees an ITE Greg Kroah-Hartman
@ 2024-12-03 14:43 ` Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 653/817] KVM: arm64: vgic-its: Add a data length check in vgic_its_save_* Greg Kroah-Hartman
` (174 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:43 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot, Marc Zyngier,
Raghavendra Rao Ananta, Oliver Upton
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Raghavendra Rao Ananta <rananta@google.com>
commit 38d7aacca09230fdb98a34194fec2af597e8e20d upstream.
Improper use of userspace_irqchip_in_use led to syzbot hitting the
following WARN_ON() in kvm_timer_update_irq():
WARNING: CPU: 0 PID: 3281 at arch/arm64/kvm/arch_timer.c:459
kvm_timer_update_irq+0x21c/0x394
Call trace:
kvm_timer_update_irq+0x21c/0x394 arch/arm64/kvm/arch_timer.c:459
kvm_timer_vcpu_reset+0x158/0x684 arch/arm64/kvm/arch_timer.c:968
kvm_reset_vcpu+0x3b4/0x560 arch/arm64/kvm/reset.c:264
kvm_vcpu_set_target arch/arm64/kvm/arm.c:1553 [inline]
kvm_arch_vcpu_ioctl_vcpu_init arch/arm64/kvm/arm.c:1573 [inline]
kvm_arch_vcpu_ioctl+0x112c/0x1b3c arch/arm64/kvm/arm.c:1695
kvm_vcpu_ioctl+0x4ec/0xf74 virt/kvm/kvm_main.c:4658
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:907 [inline]
__se_sys_ioctl fs/ioctl.c:893 [inline]
__arm64_sys_ioctl+0x108/0x184 fs/ioctl.c:893
__invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
invoke_syscall+0x78/0x1b8 arch/arm64/kernel/syscall.c:49
el0_svc_common+0xe8/0x1b0 arch/arm64/kernel/syscall.c:132
do_el0_svc+0x40/0x50 arch/arm64/kernel/syscall.c:151
el0_svc+0x54/0x14c arch/arm64/kernel/entry-common.c:712
el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730
el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598
The following sequence led to the scenario:
- Userspace creates a VM and a vCPU.
- The vCPU is initialized with KVM_ARM_VCPU_PMU_V3 during
KVM_ARM_VCPU_INIT.
- Without any other setup, such as vGIC or vPMU, userspace issues
KVM_RUN on the vCPU. Since the vPMU is requested, but not setup,
kvm_arm_pmu_v3_enable() fails in kvm_arch_vcpu_run_pid_change().
As a result, KVM_RUN returns after enabling the timer, but before
incrementing 'userspace_irqchip_in_use':
kvm_arch_vcpu_run_pid_change()
ret = kvm_arm_pmu_v3_enable()
if (!vcpu->arch.pmu.created)
return -EINVAL;
if (ret)
return ret;
[...]
if (!irqchip_in_kernel(kvm))
static_branch_inc(&userspace_irqchip_in_use);
- Userspace ignores the error and issues KVM_ARM_VCPU_INIT again.
Since the timer is already enabled, control moves through the
following flow, ultimately hitting the WARN_ON():
kvm_timer_vcpu_reset()
if (timer->enabled)
kvm_timer_update_irq()
if (!userspace_irqchip())
ret = kvm_vgic_inject_irq()
ret = vgic_lazy_init()
if (unlikely(!vgic_initialized(kvm)))
if (kvm->arch.vgic.vgic_model !=
KVM_DEV_TYPE_ARM_VGIC_V2)
return -EBUSY;
WARN_ON(ret);
Theoretically, since userspace_irqchip_in_use's functionality can be
simply replaced by '!irqchip_in_kernel()', get rid of the static key
to avoid the mismanagement, which also helps with the syzbot issue.
Cc: <stable@vger.kernel.org>
Reported-by: syzbot <syzkaller@googlegroups.com>
Suggested-by: Marc Zyngier <maz@kernel.org>
Signed-off-by: Raghavendra Rao Ananta <rananta@google.com>
Signed-off-by: Oliver Upton <oliver.upton@linux.dev>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/include/asm/kvm_host.h | 2 --
arch/arm64/kvm/arch_timer.c | 3 +--
arch/arm64/kvm/arm.c | 18 +++---------------
3 files changed, 4 insertions(+), 19 deletions(-)
--- a/arch/arm64/include/asm/kvm_host.h
+++ b/arch/arm64/include/asm/kvm_host.h
@@ -73,8 +73,6 @@ enum kvm_mode kvm_get_mode(void);
static inline enum kvm_mode kvm_get_mode(void) { return KVM_MODE_NONE; };
#endif
-DECLARE_STATIC_KEY_FALSE(userspace_irqchip_in_use);
-
extern unsigned int __ro_after_init kvm_sve_max_vl;
extern unsigned int __ro_after_init kvm_host_sve_max_vl;
int __init kvm_arm_init_sve(void);
--- a/arch/arm64/kvm/arch_timer.c
+++ b/arch/arm64/kvm/arch_timer.c
@@ -206,8 +206,7 @@ void get_timer_map(struct kvm_vcpu *vcpu
static inline bool userspace_irqchip(struct kvm *kvm)
{
- return static_branch_unlikely(&userspace_irqchip_in_use) &&
- unlikely(!irqchip_in_kernel(kvm));
+ return unlikely(!irqchip_in_kernel(kvm));
}
static void soft_timer_start(struct hrtimer *hrt, u64 ns)
--- a/arch/arm64/kvm/arm.c
+++ b/arch/arm64/kvm/arm.c
@@ -67,7 +67,6 @@ DECLARE_KVM_NVHE_PER_CPU(struct kvm_cpu_
static bool vgic_present, kvm_arm_initialised;
static DEFINE_PER_CPU(unsigned char, kvm_hyp_initialized);
-DEFINE_STATIC_KEY_FALSE(userspace_irqchip_in_use);
bool is_kvm_arm_initialised(void)
{
@@ -500,9 +499,6 @@ void kvm_arch_vcpu_postcreate(struct kvm
void kvm_arch_vcpu_destroy(struct kvm_vcpu *vcpu)
{
- if (vcpu_has_run_once(vcpu) && unlikely(!irqchip_in_kernel(vcpu->kvm)))
- static_branch_dec(&userspace_irqchip_in_use);
-
kvm_mmu_free_memory_cache(&vcpu->arch.mmu_page_cache);
kvm_timer_vcpu_terminate(vcpu);
kvm_pmu_vcpu_destroy(vcpu);
@@ -847,14 +843,6 @@ int kvm_arch_vcpu_run_pid_change(struct
return ret;
}
- if (!irqchip_in_kernel(kvm)) {
- /*
- * Tell the rest of the code that there are userspace irqchip
- * VMs in the wild.
- */
- static_branch_inc(&userspace_irqchip_in_use);
- }
-
/*
* Initialize traps for protected VMs.
* NOTE: Move to run in EL2 directly, rather than via a hypercall, once
@@ -1074,7 +1062,7 @@ static bool kvm_vcpu_exit_request(struct
* state gets updated in kvm_timer_update_run and
* kvm_pmu_update_run below).
*/
- if (static_branch_unlikely(&userspace_irqchip_in_use)) {
+ if (unlikely(!irqchip_in_kernel(vcpu->kvm))) {
if (kvm_timer_should_notify_user(vcpu) ||
kvm_pmu_should_notify_user(vcpu)) {
*ret = -EINTR;
@@ -1196,7 +1184,7 @@ int kvm_arch_vcpu_ioctl_run(struct kvm_v
vcpu->mode = OUTSIDE_GUEST_MODE;
isb(); /* Ensure work in x_flush_hwstate is committed */
kvm_pmu_sync_hwstate(vcpu);
- if (static_branch_unlikely(&userspace_irqchip_in_use))
+ if (unlikely(!irqchip_in_kernel(vcpu->kvm)))
kvm_timer_sync_user(vcpu);
kvm_vgic_sync_hwstate(vcpu);
local_irq_enable();
@@ -1242,7 +1230,7 @@ int kvm_arch_vcpu_ioctl_run(struct kvm_v
* we don't want vtimer interrupts to race with syncing the
* timer virtual interrupt state.
*/
- if (static_branch_unlikely(&userspace_irqchip_in_use))
+ if (unlikely(!irqchip_in_kernel(vcpu->kvm)))
kvm_timer_sync_user(vcpu);
kvm_arch_vcpu_ctxsync_fp(vcpu);
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 653/817] KVM: arm64: vgic-its: Add a data length check in vgic_its_save_*
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (651 preceding siblings ...)
2024-12-03 14:43 ` [PATCH 6.11 652/817] KVM: arm64: Get rid of userspace_irqchip_in_use Greg Kroah-Hartman
@ 2024-12-03 14:43 ` Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 654/817] KVM: arm64: vgic-its: Clear DTE when MAPD unmaps a device Greg Kroah-Hartman
` (173 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:43 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Kunkun Jiang, Jing Zhang,
Oliver Upton
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jing Zhang <jingzhangos@google.com>
commit 7fe28d7e68f92cc3d0668b8f2fbdf5c303ac3022 upstream.
In all the vgic_its_save_*() functinos, they do not check whether
the data length is 8 bytes before calling vgic_write_guest_lock.
This patch adds the check. To prevent the kernel from being blown up
when the fault occurs, KVM_BUG_ON() is used. And the other BUG_ON()s
are replaced together.
Cc: stable@vger.kernel.org
Signed-off-by: Kunkun Jiang <jiangkunkun@huawei.com>
[Jing: Update with the new entry read/write helpers]
Signed-off-by: Jing Zhang <jingzhangos@google.com>
Link: https://lore.kernel.org/r/20241107214137.428439-4-jingzhangos@google.com
Signed-off-by: Oliver Upton <oliver.upton@linux.dev>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/kvm/vgic/vgic-its.c | 20 ++++++++------------
arch/arm64/kvm/vgic/vgic.h | 23 +++++++++++++++++++++++
2 files changed, 31 insertions(+), 12 deletions(-)
--- a/arch/arm64/kvm/vgic/vgic-its.c
+++ b/arch/arm64/kvm/vgic/vgic-its.c
@@ -2090,7 +2090,6 @@ static int scan_its_table(struct vgic_it
static int vgic_its_save_ite(struct vgic_its *its, struct its_device *dev,
struct its_ite *ite, gpa_t gpa, int ite_esz)
{
- struct kvm *kvm = its->dev->kvm;
u32 next_offset;
u64 val;
@@ -2099,7 +2098,8 @@ static int vgic_its_save_ite(struct vgic
((u64)ite->irq->intid << KVM_ITS_ITE_PINTID_SHIFT) |
ite->collection->collection_id;
val = cpu_to_le64(val);
- return vgic_write_guest_lock(kvm, gpa, &val, ite_esz);
+
+ return vgic_its_write_entry_lock(its, gpa, val, ite_esz);
}
/**
@@ -2243,7 +2243,6 @@ static int vgic_its_restore_itt(struct v
static int vgic_its_save_dte(struct vgic_its *its, struct its_device *dev,
gpa_t ptr, int dte_esz)
{
- struct kvm *kvm = its->dev->kvm;
u64 val, itt_addr_field;
u32 next_offset;
@@ -2254,7 +2253,8 @@ static int vgic_its_save_dte(struct vgic
(itt_addr_field << KVM_ITS_DTE_ITTADDR_SHIFT) |
(dev->num_eventid_bits - 1));
val = cpu_to_le64(val);
- return vgic_write_guest_lock(kvm, ptr, &val, dte_esz);
+
+ return vgic_its_write_entry_lock(its, ptr, val, dte_esz);
}
/**
@@ -2441,7 +2441,8 @@ static int vgic_its_save_cte(struct vgic
((u64)collection->target_addr << KVM_ITS_CTE_RDBASE_SHIFT) |
collection->collection_id);
val = cpu_to_le64(val);
- return vgic_write_guest_lock(its->dev->kvm, gpa, &val, esz);
+
+ return vgic_its_write_entry_lock(its, gpa, val, esz);
}
/*
@@ -2457,8 +2458,7 @@ static int vgic_its_restore_cte(struct v
u64 val;
int ret;
- BUG_ON(esz > sizeof(val));
- ret = kvm_read_guest_lock(kvm, gpa, &val, esz);
+ ret = vgic_its_read_entry_lock(its, gpa, &val, esz);
if (ret)
return ret;
val = le64_to_cpu(val);
@@ -2496,7 +2496,6 @@ static int vgic_its_save_collection_tabl
u64 baser = its->baser_coll_table;
gpa_t gpa = GITS_BASER_ADDR_48_to_52(baser);
struct its_collection *collection;
- u64 val;
size_t max_size, filled = 0;
int ret, cte_esz = abi->cte_esz;
@@ -2520,10 +2519,7 @@ static int vgic_its_save_collection_tabl
* table is not fully filled, add a last dummy element
* with valid bit unset
*/
- val = 0;
- BUG_ON(cte_esz > sizeof(val));
- ret = vgic_write_guest_lock(its->dev->kvm, gpa, &val, cte_esz);
- return ret;
+ return vgic_its_write_entry_lock(its, gpa, 0, cte_esz);
}
/*
--- a/arch/arm64/kvm/vgic/vgic.h
+++ b/arch/arm64/kvm/vgic/vgic.h
@@ -146,6 +146,29 @@ static inline int vgic_write_guest_lock(
return ret;
}
+static inline int vgic_its_read_entry_lock(struct vgic_its *its, gpa_t eaddr,
+ u64 *eval, unsigned long esize)
+{
+ struct kvm *kvm = its->dev->kvm;
+
+ if (KVM_BUG_ON(esize != sizeof(*eval), kvm))
+ return -EINVAL;
+
+ return kvm_read_guest_lock(kvm, eaddr, eval, esize);
+
+}
+
+static inline int vgic_its_write_entry_lock(struct vgic_its *its, gpa_t eaddr,
+ u64 eval, unsigned long esize)
+{
+ struct kvm *kvm = its->dev->kvm;
+
+ if (KVM_BUG_ON(esize != sizeof(eval), kvm))
+ return -EINVAL;
+
+ return vgic_write_guest_lock(kvm, eaddr, &eval, esize);
+}
+
/*
* This struct provides an intermediate representation of the fields contained
* in the GICH_VMCR and ICH_VMCR registers, such that code exporting the GIC
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 654/817] KVM: arm64: vgic-its: Clear DTE when MAPD unmaps a device
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (652 preceding siblings ...)
2024-12-03 14:43 ` [PATCH 6.11 653/817] KVM: arm64: vgic-its: Add a data length check in vgic_its_save_* Greg Kroah-Hartman
@ 2024-12-03 14:43 ` Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 655/817] Compiler Attributes: disable __counted_by for clang < 19.1.3 Greg Kroah-Hartman
` (172 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:43 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Shusen Li, Kunkun Jiang, Jing Zhang,
Oliver Upton
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kunkun Jiang <jiangkunkun@huawei.com>
commit e9649129d33dca561305fc590a7c4ba8c3e5675a upstream.
vgic_its_save_device_tables will traverse its->device_list to
save DTE for each device. vgic_its_restore_device_tables will
traverse each entry of device table and check if it is valid.
Restore if valid.
But when MAPD unmaps a device, it does not invalidate the
corresponding DTE. In the scenario of continuous saves
and restores, there may be a situation where a device's DTE
is not saved but is restored. This is unreasonable and may
cause restore to fail. This patch clears the corresponding
DTE when MAPD unmaps a device.
Cc: stable@vger.kernel.org
Fixes: 57a9a117154c ("KVM: arm64: vgic-its: Device table save/restore")
Co-developed-by: Shusen Li <lishusen2@huawei.com>
Signed-off-by: Shusen Li <lishusen2@huawei.com>
Signed-off-by: Kunkun Jiang <jiangkunkun@huawei.com>
[Jing: Update with entry write helper]
Signed-off-by: Jing Zhang <jingzhangos@google.com>
Link: https://lore.kernel.org/r/20241107214137.428439-5-jingzhangos@google.com
Signed-off-by: Oliver Upton <oliver.upton@linux.dev>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/kvm/vgic/vgic-its.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/arch/arm64/kvm/vgic/vgic-its.c
+++ b/arch/arm64/kvm/vgic/vgic-its.c
@@ -1143,9 +1143,11 @@ static int vgic_its_cmd_handle_mapd(stru
bool valid = its_cmd_get_validbit(its_cmd);
u8 num_eventid_bits = its_cmd_get_size(its_cmd);
gpa_t itt_addr = its_cmd_get_ittaddr(its_cmd);
+ int dte_esz = vgic_its_get_abi(its)->dte_esz;
struct its_device *device;
+ gpa_t gpa;
- if (!vgic_its_check_id(its, its->baser_device_table, device_id, NULL))
+ if (!vgic_its_check_id(its, its->baser_device_table, device_id, &gpa))
return E_ITS_MAPD_DEVICE_OOR;
if (valid && num_eventid_bits > VITS_TYPER_IDBITS)
@@ -1166,7 +1168,7 @@ static int vgic_its_cmd_handle_mapd(stru
* is an error, so we are done in any case.
*/
if (!valid)
- return 0;
+ return vgic_its_write_entry_lock(its, gpa, 0, dte_esz);
device = vgic_its_alloc_device(its, device_id, itt_addr,
num_eventid_bits);
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 655/817] Compiler Attributes: disable __counted_by for clang < 19.1.3
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (653 preceding siblings ...)
2024-12-03 14:43 ` [PATCH 6.11 654/817] KVM: arm64: vgic-its: Clear DTE when MAPD unmaps a device Greg Kroah-Hartman
@ 2024-12-03 14:43 ` Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 656/817] PCI: Fix use-after-free of slot->bus on hot remove Greg Kroah-Hartman
` (171 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:43 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Nathan Chancellor, kernel test robot,
Jan Hendrik Farr, Miguel Ojeda, Thorsten Blum, Kees Cook
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jan Hendrik Farr <kernel@jfarr.cc>
commit f06e108a3dc53c0f5234d18de0bd224753db5019 upstream.
This patch disables __counted_by for clang versions < 19.1.3 because
of the two issues listed below. It does this by introducing
CONFIG_CC_HAS_COUNTED_BY.
1. clang < 19.1.2 has a bug that can lead to __bdos returning 0:
https://github.com/llvm/llvm-project/pull/110497
2. clang < 19.1.3 has a bug that can lead to __bdos being off by 4:
https://github.com/llvm/llvm-project/pull/112636
Fixes: c8248faf3ca2 ("Compiler Attributes: counted_by: Adjust name and identifier expansion")
Cc: stable@vger.kernel.org # 6.6.x: 16c31dd7fdf6: Compiler Attributes: counted_by: bump min gcc version
Cc: stable@vger.kernel.org # 6.6.x: 2993eb7a8d34: Compiler Attributes: counted_by: fixup clang URL
Cc: stable@vger.kernel.org # 6.6.x: 231dc3f0c936: lkdtm/bugs: Improve warning message for compilers without counted_by support
Cc: stable@vger.kernel.org # 6.6.x
Reported-by: Nathan Chancellor <nathan@kernel.org>
Closes: https://lore.kernel.org/all/20240913164630.GA4091534@thelio-3990X/
Reported-by: kernel test robot <oliver.sang@intel.com>
Closes: https://lore.kernel.org/oe-lkp/202409260949.a1254989-oliver.sang@intel.com
Link: https://lore.kernel.org/all/Zw8iawAF5W2uzGuh@archlinux/T/#m204c09f63c076586a02d194b87dffc7e81b8de7b
Suggested-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Jan Hendrik Farr <kernel@jfarr.cc>
Reviewed-by: Nathan Chancellor <nathan@kernel.org>
Tested-by: Nathan Chancellor <nathan@kernel.org>
Reviewed-by: Miguel Ojeda <ojeda@kernel.org>
Reviewed-by: Thorsten Blum <thorsten.blum@linux.dev>
Link: https://lore.kernel.org/r/20241029140036.577804-2-kernel@jfarr.cc
Signed-off-by: Kees Cook <kees@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/misc/lkdtm/bugs.c | 2 +-
include/linux/compiler_attributes.h | 13 -------------
include/linux/compiler_types.h | 19 +++++++++++++++++++
init/Kconfig | 9 +++++++++
lib/overflow_kunit.c | 2 +-
5 files changed, 30 insertions(+), 15 deletions(-)
--- a/drivers/misc/lkdtm/bugs.c
+++ b/drivers/misc/lkdtm/bugs.c
@@ -445,7 +445,7 @@ static void lkdtm_FAM_BOUNDS(void)
pr_err("FAIL: survived access of invalid flexible array member index!\n");
- if (!__has_attribute(__counted_by__))
+ if (!IS_ENABLED(CONFIG_CC_HAS_COUNTED_BY))
pr_warn("This is expected since this %s was built with a compiler that does not support __counted_by\n",
lkdtm_kernel_info);
else if (IS_ENABLED(CONFIG_UBSAN_BOUNDS))
--- a/include/linux/compiler_attributes.h
+++ b/include/linux/compiler_attributes.h
@@ -95,19 +95,6 @@
#endif
/*
- * Optional: only supported since gcc >= 15
- * Optional: only supported since clang >= 18
- *
- * gcc: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108896
- * clang: https://github.com/llvm/llvm-project/pull/76348
- */
-#if __has_attribute(__counted_by__)
-# define __counted_by(member) __attribute__((__counted_by__(member)))
-#else
-# define __counted_by(member)
-#endif
-
-/*
* Optional: not supported by gcc
* Optional: only supported since clang >= 14.0
*
--- a/include/linux/compiler_types.h
+++ b/include/linux/compiler_types.h
@@ -324,6 +324,25 @@ struct ftrace_likely_data {
#endif
/*
+ * Optional: only supported since gcc >= 15
+ * Optional: only supported since clang >= 18
+ *
+ * gcc: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108896
+ * clang: https://github.com/llvm/llvm-project/pull/76348
+ *
+ * __bdos on clang < 19.1.2 can erroneously return 0:
+ * https://github.com/llvm/llvm-project/pull/110497
+ *
+ * __bdos on clang < 19.1.3 can be off by 4:
+ * https://github.com/llvm/llvm-project/pull/112636
+ */
+#ifdef CONFIG_CC_HAS_COUNTED_BY
+# define __counted_by(member) __attribute__((__counted_by__(member)))
+#else
+# define __counted_by(member)
+#endif
+
+/*
* Apply __counted_by() when the Endianness matches to increase test coverage.
*/
#ifdef __LITTLE_ENDIAN
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -109,6 +109,15 @@ config CC_HAS_ASM_INLINE
config CC_HAS_NO_PROFILE_FN_ATTR
def_bool $(success,echo '__attribute__((no_profile_instrument_function)) int x();' | $(CC) -x c - -c -o /dev/null -Werror)
+config CC_HAS_COUNTED_BY
+ # TODO: when gcc 15 is released remove the build test and add
+ # a gcc version check
+ def_bool $(success,echo 'struct flex { int count; int array[] __attribute__((__counted_by__(count))); };' | $(CC) $(CLANG_FLAGS) -x c - -c -o /dev/null -Werror)
+ # clang needs to be at least 19.1.3 to avoid __bdos miscalculations
+ # https://github.com/llvm/llvm-project/pull/110497
+ # https://github.com/llvm/llvm-project/pull/112636
+ depends on !(CC_IS_CLANG && CLANG_VERSION < 190103)
+
config PAHOLE_VERSION
int
default $(shell,$(srctree)/scripts/pahole-version.sh $(PAHOLE))
--- a/lib/overflow_kunit.c
+++ b/lib/overflow_kunit.c
@@ -1187,7 +1187,7 @@ static void DEFINE_FLEX_test(struct kuni
{
/* Using _RAW_ on a __counted_by struct will initialize "counter" to zero */
DEFINE_RAW_FLEX(struct foo, two_but_zero, array, 2);
-#if __has_attribute(__counted_by__)
+#ifdef CONFIG_CC_HAS_COUNTED_BY
int expected_raw_size = sizeof(struct foo);
#else
int expected_raw_size = sizeof(struct foo) + 2 * sizeof(s16);
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 656/817] PCI: Fix use-after-free of slot->bus on hot remove
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (654 preceding siblings ...)
2024-12-03 14:43 ` [PATCH 6.11 655/817] Compiler Attributes: disable __counted_by for clang < 19.1.3 Greg Kroah-Hartman
@ 2024-12-03 14:43 ` Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 657/817] LoongArch: Explicitly specify code model in Makefile Greg Kroah-Hartman
` (170 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:43 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dennis Wassenberg, Lukas Wunner,
Bjorn Helgaas, Mika Westerberg
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Lukas Wunner <lukas@wunner.de>
commit c7acef99642b763ba585f4a43af999fcdbcc3dc4 upstream.
Dennis reports a boot crash on recent Lenovo laptops with a USB4 dock.
Since commit 0fc70886569c ("thunderbolt: Reset USB4 v2 host router") and
commit 59a54c5f3dbd ("thunderbolt: Reset topology created by the boot
firmware"), USB4 v2 and v1 Host Routers are reset on probe of the
thunderbolt driver.
The reset clears the Presence Detect State and Data Link Layer Link Active
bits at the USB4 Host Router's Root Port and thus causes hot removal of the
dock.
The crash occurs when pciehp is unbound from one of the dock's Downstream
Ports: pciehp creates a pci_slot on bind and destroys it on unbind. The
pci_slot contains a pointer to the pci_bus below the Downstream Port, but
a reference on that pci_bus is never acquired. The pci_bus is destroyed
before the pci_slot, so a use-after-free ensues when pci_slot_release()
accesses slot->bus.
In principle this should not happen because pci_stop_bus_device() unbinds
pciehp (and therefore destroys the pci_slot) before the pci_bus is
destroyed by pci_remove_bus_device().
However the stacktrace provided by Dennis shows that pciehp is unbound from
pci_remove_bus_device() instead of pci_stop_bus_device(). To understand
the significance of this, one needs to know that the PCI core uses a two
step process to remove a portion of the hierarchy: It first unbinds all
drivers in the sub-hierarchy in pci_stop_bus_device() and then actually
removes the devices in pci_remove_bus_device(). There is no precaution to
prevent driver binding in-between pci_stop_bus_device() and
pci_remove_bus_device().
In Dennis' case, it seems removal of the hierarchy by pciehp races with
driver binding by pci_bus_add_devices(). pciehp is bound to the
Downstream Port after pci_stop_bus_device() has run, so it is unbound by
pci_remove_bus_device() instead of pci_stop_bus_device(). Because the
pci_bus has already been destroyed at that point, accesses to it result in
a use-after-free.
One might conclude that driver binding needs to be prevented after
pci_stop_bus_device() has run. However it seems risky that pci_slot points
to pci_bus without holding a reference. Solely relying on correct ordering
of driver unbind versus pci_bus destruction is certainly not defensive
programming.
If pci_slot has a need to access data in pci_bus, it ought to acquire a
reference. Amend pci_create_slot() accordingly. Dennis reports that the
crash is not reproducible with this change.
Abridged stacktrace:
pcieport 0000:00:07.0: PME: Signaling with IRQ 156
pcieport 0000:00:07.0: pciehp: Slot #12 AttnBtn- PwrCtrl- MRL- AttnInd- PwrInd- HotPlug+ Surprise+ Interlock- NoCompl+ IbPresDis- LLActRep+
pci_bus 0000:20: dev 00, created physical slot 12
pcieport 0000:00:07.0: pciehp: Slot(12): Card not present
...
pcieport 0000:21:02.0: pciehp: pcie_disable_notification: SLOTCTRL d8 write cmd 0
Oops: general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6b6b: 0000 [#1] PREEMPT SMP NOPTI
CPU: 13 UID: 0 PID: 134 Comm: irq/156-pciehp Not tainted 6.11.0-devel+ #1
RIP: 0010:dev_driver_string+0x12/0x40
pci_destroy_slot
pciehp_remove
pcie_port_remove_service
device_release_driver_internal
bus_remove_device
device_del
device_unregister
remove_iter
device_for_each_child
pcie_portdrv_remove
pci_device_remove
device_release_driver_internal
bus_remove_device
device_del
pci_remove_bus_device (recursive invocation)
pci_remove_bus_device
pciehp_unconfigure_device
pciehp_disable_slot
pciehp_handle_presence_or_link_change
pciehp_ist
Link: https://lore.kernel.org/r/4bfd4c0e976c1776cd08e76603903b338cf25729.1728579288.git.lukas@wunner.de
Reported-by: Dennis Wassenberg <Dennis.Wassenberg@secunet.com>
Closes: https://lore.kernel.org/r/6de4b45ff2b32dd91a805ec02ec8ec73ef411bf6.camel@secunet.com/
Tested-by: Dennis Wassenberg <Dennis.Wassenberg@secunet.com>
Signed-off-by: Lukas Wunner <lukas@wunner.de>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pci/slot.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/drivers/pci/slot.c
+++ b/drivers/pci/slot.c
@@ -79,6 +79,7 @@ static void pci_slot_release(struct kobj
up_read(&pci_bus_sem);
list_del(&slot->list);
+ pci_bus_put(slot->bus);
kfree(slot);
}
@@ -261,7 +262,7 @@ placeholder:
goto err;
}
- slot->bus = parent;
+ slot->bus = pci_bus_get(parent);
slot->number = slot_nr;
slot->kobj.kset = pci_slots_kset;
@@ -269,6 +270,7 @@ placeholder:
slot_name = make_slot_name(name);
if (!slot_name) {
err = -ENOMEM;
+ pci_bus_put(slot->bus);
kfree(slot);
goto err;
}
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 657/817] LoongArch: Explicitly specify code model in Makefile
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (655 preceding siblings ...)
2024-12-03 14:43 ` [PATCH 6.11 656/817] PCI: Fix use-after-free of slot->bus on hot remove Greg Kroah-Hartman
@ 2024-12-03 14:43 ` Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 658/817] clk: clk-loongson2: Fix memory corruption bug in struct loongson2_clk_provider Greg Kroah-Hartman
` (169 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:43 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Haiyong Sun, Huacai Chen
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Huacai Chen <chenhuacai@loongson.cn>
commit e67e0eb6a98b261caf45048f9eb95fd7609289c0 upstream.
LoongArch's toolchain may change the default code model from normal to
medium. This is unnecessary for kernel, and generates some relocations
which cannot be handled by the module loader. So explicitly specify the
code model to normal in Makefile (for Rust 'normal' is 'small').
Cc: stable@vger.kernel.org
Tested-by: Haiyong Sun <sunhaiyong@loongson.cn>
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/loongarch/Makefile | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/arch/loongarch/Makefile
+++ b/arch/loongarch/Makefile
@@ -59,7 +59,7 @@ endif
ifdef CONFIG_64BIT
ld-emul = $(64bit-emul)
-cflags-y += -mabi=lp64s
+cflags-y += -mabi=lp64s -mcmodel=normal
endif
cflags-y += -pipe $(CC_FLAGS_NO_FPU)
@@ -104,7 +104,7 @@ ifdef CONFIG_OBJTOOL
KBUILD_CFLAGS += -fno-jump-tables
endif
-KBUILD_RUSTFLAGS += --target=loongarch64-unknown-none-softfloat
+KBUILD_RUSTFLAGS += --target=loongarch64-unknown-none-softfloat -Ccode-model=small
KBUILD_RUSTFLAGS_KERNEL += -Zdirect-access-external-data=yes
KBUILD_RUSTFLAGS_MODULE += -Zdirect-access-external-data=no
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 658/817] clk: clk-loongson2: Fix memory corruption bug in struct loongson2_clk_provider
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (656 preceding siblings ...)
2024-12-03 14:43 ` [PATCH 6.11 657/817] LoongArch: Explicitly specify code model in Makefile Greg Kroah-Hartman
@ 2024-12-03 14:43 ` Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 659/817] clk: clk-loongson2: Fix potential buffer overflow in flexible-array member access Greg Kroah-Hartman
` (168 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:43 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Gustavo A. R. Silva, Stephen Boyd
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Gustavo A. R. Silva <gustavoars@kernel.org>
commit 6e4bf018bb040955da53dae9f8628ef8fcec2dbe upstream.
Some heap space is allocated for the flexible structure `struct
clk_hw_onecell_data` and its flexible-array member `hws` through
the composite structure `struct loongson2_clk_provider` in function
`loongson2_clk_probe()`, as shown below:
289 struct loongson2_clk_provider *clp;
...
296 for (p = data; p->name; p++)
297 clks_num++;
298
299 clp = devm_kzalloc(dev, struct_size(clp, clk_data.hws, clks_num),
300 GFP_KERNEL);
Then some data is written into the flexible array:
350 clp->clk_data.hws[p->id] = hw;
This corrupts `clk_lock`, which is the spinlock variable immediately
following the `clk_data` member in `struct loongson2_clk_provider`:
struct loongson2_clk_provider {
void __iomem *base;
struct device *dev;
struct clk_hw_onecell_data clk_data;
spinlock_t clk_lock; /* protect access to DIV registers */
};
The problem is that the flexible structure is currently placed in the
middle of `struct loongson2_clk_provider` instead of at the end.
Fix this by moving `struct clk_hw_onecell_data clk_data;` to the end of
`struct loongson2_clk_provider`. Also, add a code comment to help
prevent this from happening again in case new members are added to the
structure in the future.
This change also fixes the following -Wflex-array-member-not-at-end
warning:
drivers/clk/clk-loongson2.c:32:36: warning: structure containing a flexible array member is not at the end of another structure [-Wflex-array-member-not-at-end]
Fixes: 9796ec0bd04b ("clk: clk-loongson2: Refactor driver for adding new platforms")
Cc: stable@vger.kernel.org
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Link: https://lore.kernel.org/r/ZzZ-cd_EFXs6qFaH@kspp
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/clk/clk-loongson2.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/clk/clk-loongson2.c b/drivers/clk/clk-loongson2.c
index 820bb1e9e3b7..e99ba79feec6 100644
--- a/drivers/clk/clk-loongson2.c
+++ b/drivers/clk/clk-loongson2.c
@@ -29,8 +29,10 @@ enum loongson2_clk_type {
struct loongson2_clk_provider {
void __iomem *base;
struct device *dev;
- struct clk_hw_onecell_data clk_data;
spinlock_t clk_lock; /* protect access to DIV registers */
+
+ /* Must be last --ends in a flexible-array member. */
+ struct clk_hw_onecell_data clk_data;
};
struct loongson2_clk_data {
--
2.47.1
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 659/817] clk: clk-loongson2: Fix potential buffer overflow in flexible-array member access
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (657 preceding siblings ...)
2024-12-03 14:43 ` [PATCH 6.11 658/817] clk: clk-loongson2: Fix memory corruption bug in struct loongson2_clk_provider Greg Kroah-Hartman
@ 2024-12-03 14:43 ` Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 660/817] fsnotify: fix sending inotify event with unexpected filename Greg Kroah-Hartman
` (167 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:43 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Gustavo A. R. Silva, Stephen Boyd
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Gustavo A. R. Silva <gustavoars@kernel.org>
commit 02fb4f0084331ef72c28d0c70fcb15d1bea369ec upstream.
Flexible-array member `hws` in `struct clk_hw_onecell_data` is annotated
with the `counted_by()` attribute. This means that when memory is
allocated for this array, the _counter_, which in this case is member
`num` in the flexible structure, should be set to the maximum number of
elements the flexible array can contain, or fewer.
In this case, the total number of elements for the flexible array is
determined by variable `clks_num` when allocating heap space via
`devm_kzalloc()`, as shown below:
289 struct loongson2_clk_provider *clp;
...
296 for (p = data; p->name; p++)
297 clks_num++;
298
299 clp = devm_kzalloc(dev, struct_size(clp, clk_data.hws, clks_num),
300 GFP_KERNEL);
So, `clp->clk_data.num` should be set to `clks_num` or less, and not
exceed `clks_num`, as is currently the case. Otherwise, if data is
written into `clp->clk_data.hws[clks_num]`, the instrumentation
provided by the compiler won't detect the overflow, leading to a
memory corruption bug at runtime.
Fix this issue by setting `clp->clk_data.num` to `clks_num`.
Fixes: 9796ec0bd04b ("clk: clk-loongson2: Refactor driver for adding new platforms")
Cc: stable@vger.kernel.org
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Link: https://lore.kernel.org/r/ZzaN5MpmMr0hwHw9@kspp
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/clk/clk-loongson2.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/clk/clk-loongson2.c b/drivers/clk/clk-loongson2.c
index e99ba79feec6..7082b4309c6f 100644
--- a/drivers/clk/clk-loongson2.c
+++ b/drivers/clk/clk-loongson2.c
@@ -306,7 +306,7 @@ static int loongson2_clk_probe(struct platform_device *pdev)
return PTR_ERR(clp->base);
spin_lock_init(&clp->clk_lock);
- clp->clk_data.num = clks_num + 1;
+ clp->clk_data.num = clks_num;
clp->dev = dev;
for (i = 0; i < clks_num; i++) {
--
2.47.1
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 660/817] fsnotify: fix sending inotify event with unexpected filename
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (658 preceding siblings ...)
2024-12-03 14:43 ` [PATCH 6.11 659/817] clk: clk-loongson2: Fix potential buffer overflow in flexible-array member access Greg Kroah-Hartman
@ 2024-12-03 14:43 ` Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 661/817] fsnotify: Fix ordering of iput() and watched_objects decrement Greg Kroah-Hartman
` (166 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:43 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Miklos Szeredi, Amir Goldstein,
Jan Kara
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Amir Goldstein <amir73il@gmail.com>
commit aa52c54da40d9eee3ba87c05cdcb0cd07c04fa13 upstream.
We got a report that adding a fanotify filsystem watch prevents tail -f
from receiving events.
Reproducer:
1. Create 3 windows / login sessions. Become root in each session.
2. Choose a mounted filesystem that is pretty quiet; I picked /boot.
3. In the first window, run: fsnotifywait -S -m /boot
4. In the second window, run: echo data >> /boot/foo
5. In the third window, run: tail -f /boot/foo
6. Go back to the second window and run: echo more data >> /boot/foo
7. Observe that the tail command doesn't show the new data.
8. In the first window, hit control-C to interrupt fsnotifywait.
9. In the second window, run: echo still more data >> /boot/foo
10. Observe that the tail command in the third window has now printed
the missing data.
When stracing tail, we observed that when fanotify filesystem mark is
set, tail does get the inotify event, but the event is receieved with
the filename:
read(4, "\1\0\0\0\2\0\0\0\0\0\0\0\20\0\0\0foo\0\0\0\0\0\0\0\0\0\0\0\0\0",
50) = 32
This is unexpected, because tail is watching the file itself and not its
parent and is inconsistent with the inotify event received by tail when
fanotify filesystem mark is not set:
read(4, "\1\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0", 50) = 16
The inteference between different fsnotify groups was caused by the fact
that the mark on the sb requires the filename, so the filename is passed
to fsnotify(). Later on, fsnotify_handle_event() tries to take care of
not passing the filename to groups (such as inotify) that are interested
in the filename only when the parent is watching.
But the logic was incorrect for the case that no group is watching the
parent, some groups are watching the sb and some watching the inode.
Reported-by: Miklos Szeredi <miklos@szeredi.hu>
Fixes: 7372e79c9eb9 ("fanotify: fix logic of reporting name info with watched parent")
Cc: stable@vger.kernel.org # 5.10+
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/notify/fsnotify.c | 23 +++++++++++++----------
1 file changed, 13 insertions(+), 10 deletions(-)
--- a/fs/notify/fsnotify.c
+++ b/fs/notify/fsnotify.c
@@ -333,16 +333,19 @@ static int fsnotify_handle_event(struct
if (!inode_mark)
return 0;
- if (mask & FS_EVENT_ON_CHILD) {
- /*
- * Some events can be sent on both parent dir and child marks
- * (e.g. FS_ATTRIB). If both parent dir and child are
- * watching, report the event once to parent dir with name (if
- * interested) and once to child without name (if interested).
- * The child watcher is expecting an event without a file name
- * and without the FS_EVENT_ON_CHILD flag.
- */
- mask &= ~FS_EVENT_ON_CHILD;
+ /*
+ * Some events can be sent on both parent dir and child marks (e.g.
+ * FS_ATTRIB). If both parent dir and child are watching, report the
+ * event once to parent dir with name (if interested) and once to child
+ * without name (if interested).
+ *
+ * In any case regardless whether the parent is watching or not, the
+ * child watcher is expecting an event without the FS_EVENT_ON_CHILD
+ * flag. The file name is expected if and only if this is a directory
+ * event.
+ */
+ mask &= ~FS_EVENT_ON_CHILD;
+ if (!(mask & ALL_FSNOTIFY_DIRENT_EVENTS)) {
dir = NULL;
name = NULL;
}
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 661/817] fsnotify: Fix ordering of iput() and watched_objects decrement
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (659 preceding siblings ...)
2024-12-03 14:43 ` [PATCH 6.11 660/817] fsnotify: fix sending inotify event with unexpected filename Greg Kroah-Hartman
@ 2024-12-03 14:43 ` Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 662/817] comedi: Flush partial mappings in error case Greg Kroah-Hartman
` (165 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:43 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, stable, Jann Horn, Jan Kara
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jann Horn <jannh@google.com>
commit 21d1b618b6b9da46c5116c640ac4b1cc8d40d63a upstream.
Ensure the superblock is kept alive until we're done with iput().
Holding a reference to an inode is not allowed unless we ensure the
superblock stays alive, which fsnotify does by keeping the
watched_objects count elevated, so iput() must happen before the
watched_objects decrement.
This can lead to a UAF of something like sb->s_fs_info in tmpfs, but the
UAF is hard to hit because race orderings that oops are more likely, thanks
to the CHECK_DATA_CORRUPTION() block in generic_shutdown_super().
Also, ensure that fsnotify_put_sb_watched_objects() doesn't call
fsnotify_sb_watched_objects() on a superblock that may have already been
freed, which would cause a UAF read of sb->s_fsnotify_info.
Cc: stable@kernel.org
Fixes: d2f277e26f52 ("fsnotify: rename fsnotify_{get,put}_sb_connectors()")
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/notify/mark.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/fs/notify/mark.c b/fs/notify/mark.c
index c45b222cf9c1..4981439e6209 100644
--- a/fs/notify/mark.c
+++ b/fs/notify/mark.c
@@ -138,8 +138,11 @@ static void fsnotify_get_sb_watched_objects(struct super_block *sb)
static void fsnotify_put_sb_watched_objects(struct super_block *sb)
{
- if (atomic_long_dec_and_test(fsnotify_sb_watched_objects(sb)))
- wake_up_var(fsnotify_sb_watched_objects(sb));
+ atomic_long_t *watched_objects = fsnotify_sb_watched_objects(sb);
+
+ /* the superblock can go away after this decrement */
+ if (atomic_long_dec_and_test(watched_objects))
+ wake_up_var(watched_objects);
}
static void fsnotify_get_inode_ref(struct inode *inode)
@@ -150,8 +153,11 @@ static void fsnotify_get_inode_ref(struct inode *inode)
static void fsnotify_put_inode_ref(struct inode *inode)
{
- fsnotify_put_sb_watched_objects(inode->i_sb);
+ /* read ->i_sb before the inode can go away */
+ struct super_block *sb = inode->i_sb;
+
iput(inode);
+ fsnotify_put_sb_watched_objects(sb);
}
/*
--
2.47.1
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 662/817] comedi: Flush partial mappings in error case
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (660 preceding siblings ...)
2024-12-03 14:43 ` [PATCH 6.11 661/817] fsnotify: Fix ordering of iput() and watched_objects decrement Greg Kroah-Hartman
@ 2024-12-03 14:43 ` Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 663/817] apparmor: test: Fix memory leak for aa_unpack_strdup() Greg Kroah-Hartman
` (164 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:43 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Jann Horn
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jann Horn <jannh@google.com>
commit ce8f9fb651fac95dd41f69afe54d935420b945bd upstream.
If some remap_pfn_range() calls succeeded before one failed, we still have
buffer pages mapped into the userspace page tables when we drop the buffer
reference with comedi_buf_map_put(bm). The userspace mappings are only
cleaned up later in the mmap error path.
Fix it by explicitly flushing all mappings in our VMA on the error path.
See commit 79a61cc3fc04 ("mm: avoid leaving partial pfn mappings around in
error case").
Cc: stable@vger.kernel.org
Fixes: ed9eccbe8970 ("Staging: add comedi core")
Signed-off-by: Jann Horn <jannh@google.com>
Link: https://lore.kernel.org/r/20241017-comedi-tlb-v3-1-16b82f9372ce@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/comedi/comedi_fops.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
--- a/drivers/comedi/comedi_fops.c
+++ b/drivers/comedi/comedi_fops.c
@@ -2407,6 +2407,18 @@ static int comedi_mmap(struct file *file
start += PAGE_SIZE;
}
+
+#ifdef CONFIG_MMU
+ /*
+ * Leaving behind a partial mapping of a buffer we're about to
+ * drop is unsafe, see remap_pfn_range_notrack().
+ * We need to zap the range here ourselves instead of relying
+ * on the automatic zapping in remap_pfn_range() because we call
+ * remap_pfn_range() in a loop.
+ */
+ if (retval)
+ zap_vma_ptes(vma, vma->vm_start, size);
+#endif
}
if (retval == 0) {
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 663/817] apparmor: test: Fix memory leak for aa_unpack_strdup()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (661 preceding siblings ...)
2024-12-03 14:43 ` [PATCH 6.11 662/817] comedi: Flush partial mappings in error case Greg Kroah-Hartman
@ 2024-12-03 14:43 ` Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 664/817] iio: dac: adi-axi-dac: fix wrong register bitfield Greg Kroah-Hartman
` (163 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:43 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Jinjie Ruan, John Johansen
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jinjie Ruan <ruanjinjie@huawei.com>
commit 7290f59231910ccba427d441a6e8b8c6f6112448 upstream.
The string allocated by kmemdup() in aa_unpack_strdup() is not
freed and cause following memory leaks, free them to fix it.
unreferenced object 0xffffff80c6af8a50 (size 8):
comm "kunit_try_catch", pid 225, jiffies 4294894407
hex dump (first 8 bytes):
74 65 73 74 69 6e 67 00 testing.
backtrace (crc 5eab668b):
[<0000000001e3714d>] kmemleak_alloc+0x34/0x40
[<000000006e6c7776>] __kmalloc_node_track_caller_noprof+0x300/0x3e0
[<000000006870467c>] kmemdup_noprof+0x34/0x60
[<000000001176bb03>] aa_unpack_strdup+0xd0/0x18c
[<000000008ecde918>] policy_unpack_test_unpack_strdup_with_null_name+0xf8/0x3ec
[<0000000032ef8f77>] kunit_try_run_case+0x13c/0x3ac
[<00000000f3edea23>] kunit_generic_run_threadfn_adapter+0x80/0xec
[<00000000adf936cf>] kthread+0x2e8/0x374
[<0000000041bb1628>] ret_from_fork+0x10/0x20
unreferenced object 0xffffff80c2a29090 (size 8):
comm "kunit_try_catch", pid 227, jiffies 4294894409
hex dump (first 8 bytes):
74 65 73 74 69 6e 67 00 testing.
backtrace (crc 5eab668b):
[<0000000001e3714d>] kmemleak_alloc+0x34/0x40
[<000000006e6c7776>] __kmalloc_node_track_caller_noprof+0x300/0x3e0
[<000000006870467c>] kmemdup_noprof+0x34/0x60
[<000000001176bb03>] aa_unpack_strdup+0xd0/0x18c
[<0000000046a45c1a>] policy_unpack_test_unpack_strdup_with_name+0xd0/0x3c4
[<0000000032ef8f77>] kunit_try_run_case+0x13c/0x3ac
[<00000000f3edea23>] kunit_generic_run_threadfn_adapter+0x80/0xec
[<00000000adf936cf>] kthread+0x2e8/0x374
[<0000000041bb1628>] ret_from_fork+0x10/0x20
Cc: stable@vger.kernel.org
Fixes: 4d944bcd4e73 ("apparmor: add AppArmor KUnit tests for policy unpack")
Signed-off-by: Jinjie Ruan <ruanjinjie@huawei.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
security/apparmor/policy_unpack_test.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/security/apparmor/policy_unpack_test.c
+++ b/security/apparmor/policy_unpack_test.c
@@ -281,6 +281,8 @@ static void policy_unpack_test_unpack_st
((uintptr_t)puf->e->start <= (uintptr_t)string)
&& ((uintptr_t)string <= (uintptr_t)puf->e->end));
KUNIT_EXPECT_STREQ(test, string, TEST_STRING_DATA);
+
+ kfree(string);
}
static void policy_unpack_test_unpack_strdup_with_name(struct kunit *test)
@@ -296,6 +298,8 @@ static void policy_unpack_test_unpack_st
((uintptr_t)puf->e->start <= (uintptr_t)string)
&& ((uintptr_t)string <= (uintptr_t)puf->e->end));
KUNIT_EXPECT_STREQ(test, string, TEST_STRING_DATA);
+
+ kfree(string);
}
static void policy_unpack_test_unpack_strdup_out_of_bounds(struct kunit *test)
@@ -313,6 +317,8 @@ static void policy_unpack_test_unpack_st
KUNIT_EXPECT_EQ(test, size, 0);
KUNIT_EXPECT_NULL(test, string);
KUNIT_EXPECT_PTR_EQ(test, puf->e->pos, start);
+
+ kfree(string);
}
static void policy_unpack_test_unpack_nameX_with_null_name(struct kunit *test)
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 664/817] iio: dac: adi-axi-dac: fix wrong register bitfield
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (662 preceding siblings ...)
2024-12-03 14:43 ` [PATCH 6.11 663/817] apparmor: test: Fix memory leak for aa_unpack_strdup() Greg Kroah-Hartman
@ 2024-12-03 14:43 ` Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 665/817] tty: ldsic: fix tty_ldisc_autoload sysctls proc_handler Greg Kroah-Hartman
` (162 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:43 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Angelo Dureghello, Nuno Sa,
Jonathan Cameron
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Angelo Dureghello <adureghello@baylibre.com>
commit 70602f529e4d76798c95aeed5ce2a8d36263abe5 upstream.
Fix ADI_DAC_R1_MODE of AXI_DAC_REG_CNTRL_2.
Both generic DAC and ad3552r DAC IPs docs are reporting
bit 5 for it.
Link: https://wiki.analog.com/resources/fpga/docs/axi_dac_ip
Fixes: 4e3949a192e4 ("iio: dac: add support for AXI DAC IP core")
Cc: stable@vger.kernel.org
Signed-off-by: Angelo Dureghello <adureghello@baylibre.com>
Reviewed-by: Nuno Sa <nuno.sa@analog.com>
Link: https://patch.msgid.link/20241008-wip-bl-ad3552r-axi-v0-iio-testing-v5-1-3d410944a63d@baylibre.com
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iio/dac/adi-axi-dac.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/iio/dac/adi-axi-dac.c b/drivers/iio/dac/adi-axi-dac.c
index 0cb00f3bec04..b8b4171b8043 100644
--- a/drivers/iio/dac/adi-axi-dac.c
+++ b/drivers/iio/dac/adi-axi-dac.c
@@ -46,7 +46,7 @@
#define AXI_DAC_REG_CNTRL_1 0x0044
#define AXI_DAC_SYNC BIT(0)
#define AXI_DAC_REG_CNTRL_2 0x0048
-#define ADI_DAC_R1_MODE BIT(4)
+#define ADI_DAC_R1_MODE BIT(5)
#define AXI_DAC_DRP_STATUS 0x0074
#define AXI_DAC_DRP_LOCKED BIT(17)
/* DAC Channel controls */
--
2.47.1
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 665/817] tty: ldsic: fix tty_ldisc_autoload sysctls proc_handler
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (663 preceding siblings ...)
2024-12-03 14:43 ` [PATCH 6.11 664/817] iio: dac: adi-axi-dac: fix wrong register bitfield Greg Kroah-Hartman
@ 2024-12-03 14:43 ` Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 666/817] locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass() Greg Kroah-Hartman
` (161 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:43 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, stable, Nicolas Bouchinet, Lin Feng,
Jiri Slaby
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nicolas Bouchinet <nicolas.bouchinet@ssi.gouv.fr>
commit 635a9fca54f4f4148be1ae1c7c6bd37af80f5773 upstream.
Commit 7c0cca7c847e ("tty: ldisc: add sysctl to prevent autoloading of
ldiscs") introduces the tty_ldisc_autoload sysctl with the wrong
proc_handler. .extra1 and .extra2 parameters are set to avoid other values
thant SYSCTL_ZERO or SYSCTL_ONE to be set but proc_dointvec do not uses
them.
This commit fixes this by using proc_dointvec_minmax instead of
proc_dointvec.
Fixes: 7c0cca7c847e ("tty: ldisc: add sysctl to prevent autoloading of ldiscs")
Cc: stable <stable@kernel.org>
Signed-off-by: Nicolas Bouchinet <nicolas.bouchinet@ssi.gouv.fr>
Reviewed-by: Lin Feng <linf@wangsu.com>
Reviewed-by: Jiri Slaby <jirislaby@kernel.org>
Link: https://lore.kernel.org/r/20241112131357.49582-4-nicolas.bouchinet@clip-os.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/tty/tty_io.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/tty/tty_io.c
+++ b/drivers/tty/tty_io.c
@@ -3631,7 +3631,7 @@ static struct ctl_table tty_table[] = {
.data = &tty_ldisc_autoload,
.maxlen = sizeof(tty_ldisc_autoload),
.mode = 0644,
- .proc_handler = proc_dointvec,
+ .proc_handler = proc_dointvec_minmax,
.extra1 = SYSCTL_ZERO,
.extra2 = SYSCTL_ONE,
},
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 666/817] locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (664 preceding siblings ...)
2024-12-03 14:43 ` [PATCH 6.11 665/817] tty: ldsic: fix tty_ldisc_autoload sysctls proc_handler Greg Kroah-Hartman
@ 2024-12-03 14:43 ` Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 667/817] tools/nolibc: s390: include std.h Greg Kroah-Hartman
` (160 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:43 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+7f4a6f7f7051474e40ad,
Ahmed Ehab, Boqun Feng
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ahmed Ehab <bottaawesome633@gmail.com>
commit d7fe143cb115076fed0126ad8cf5ba6c3e575e43 upstream.
Syzbot reports a problem that a warning will be triggered while
searching a lock class in look_up_lock_class().
The cause of the issue is that a new name is created and used by
lockdep_set_subclass() instead of using the existing one. This results
in a lock instance has a different name pointer than previous registered
one stored in lock class, and WARN_ONCE() is triggered because of that
in look_up_lock_class().
To fix this, change lockdep_set_subclass() to use the existing name
instead of a new one. Hence, no new name will be created by
lockdep_set_subclass(). Hence, the warning is avoided.
[boqun: Reword the commit log to state the correct issue]
Reported-by: <syzbot+7f4a6f7f7051474e40ad@syzkaller.appspotmail.com>
Fixes: de8f5e4f2dc1f ("lockdep: Introduce wait-type checks")
Cc: stable@vger.kernel.org
Signed-off-by: Ahmed Ehab <bottaawesome633@gmail.com>
Signed-off-by: Boqun Feng <boqun.feng@gmail.com>
Link: https://lore.kernel.org/lkml/20240824221031.7751-1-bottaawesome633@gmail.com/
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/lockdep.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/include/linux/lockdep.h
+++ b/include/linux/lockdep.h
@@ -173,7 +173,7 @@ static inline void lockdep_init_map(stru
(lock)->dep_map.lock_type)
#define lockdep_set_subclass(lock, sub) \
- lockdep_init_map_type(&(lock)->dep_map, #lock, (lock)->dep_map.key, sub,\
+ lockdep_init_map_type(&(lock)->dep_map, (lock)->dep_map.name, (lock)->dep_map.key, sub,\
(lock)->dep_map.wait_type_inner, \
(lock)->dep_map.wait_type_outer, \
(lock)->dep_map.lock_type)
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 667/817] tools/nolibc: s390: include std.h
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (665 preceding siblings ...)
2024-12-03 14:43 ` [PATCH 6.11 666/817] locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass() Greg Kroah-Hartman
@ 2024-12-03 14:43 ` Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 668/817] pinctrl: qcom: spmi: fix debugfs drive strength Greg Kroah-Hartman
` (159 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:43 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Thomas Weißschuh,
Thomas Weißschuh
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thomas Weißschuh <thomas.weissschuh@linutronix.de>
commit 711b5875814b2a0e9a5aaf7a85ba7c80f5a389b1 upstream.
arch-s390.h uses types from std.h, but does not include it.
Depending on the inclusion order the compilation can fail.
Include std.h explicitly to avoid these errors.
Fixes: 404fa87c0eaf ("tools/nolibc: s390: provide custom implementation for sys_fork")
Cc: stable@vger.kernel.org
Signed-off-by: Thomas Weißschuh <thomas.weissschuh@linutronix.de>
Link: https://lore.kernel.org/r/20240927-nolibc-s390-std-h-v1-1-30442339a6b9@linutronix.de
Signed-off-by: Thomas Weißschuh <linux@weissschuh.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/include/nolibc/arch-s390.h | 1 +
1 file changed, 1 insertion(+)
--- a/tools/include/nolibc/arch-s390.h
+++ b/tools/include/nolibc/arch-s390.h
@@ -10,6 +10,7 @@
#include "compiler.h"
#include "crt.h"
+#include "std.h"
/* Syscalls for s390:
* - registers are 64-bit
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 668/817] pinctrl: qcom: spmi: fix debugfs drive strength
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (666 preceding siblings ...)
2024-12-03 14:43 ` [PATCH 6.11 667/817] tools/nolibc: s390: include std.h Greg Kroah-Hartman
@ 2024-12-03 14:44 ` Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 669/817] dt-bindings: pinctrl: samsung: Fix interrupt constraint for variants with fallbacks Greg Kroah-Hartman
` (158 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Anjelique Melendez, Johan Hovold,
Konrad Dybcio, Linus Walleij
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Johan Hovold <johan+linaro@kernel.org>
commit 6bc0ebfb1d920f13c522545f114cdabb49e9408a upstream.
Commit 723e8462a4fe ("pinctrl: qcom: spmi-gpio: Fix the GPIO strength
mapping") fixed a long-standing issue in the Qualcomm SPMI PMIC gpio
driver which had the 'low' and 'high' drive strength settings switched
but failed to update the debugfs interface which still gets this wrong.
Fix the debugfs code so that the exported values match the hardware
settings.
Note that this probably means that most devicetrees that try to describe
the firmware settings got this wrong if the settings were derived from
debugfs. Before the above mentioned commit the settings would have
actually matched the firmware settings even if they were described
incorrectly, but now they are inverted.
Fixes: 723e8462a4fe ("pinctrl: qcom: spmi-gpio: Fix the GPIO strength mapping")
Fixes: eadff3024472 ("pinctrl: Qualcomm SPMI PMIC GPIO pin controller driver")
Cc: Anjelique Melendez <quic_amelende@quicinc.com>
Cc: stable@vger.kernel.org # 3.19
Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
Reviewed-by: Konrad Dybcio <konrad.dybcio@oss.qualcomm.com>
Link: https://lore.kernel.org/20241025121622.1496-1-johan+linaro@kernel.org
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pinctrl/qcom/pinctrl-spmi-gpio.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/pinctrl/qcom/pinctrl-spmi-gpio.c
+++ b/drivers/pinctrl/qcom/pinctrl-spmi-gpio.c
@@ -667,7 +667,7 @@ static void pmic_gpio_config_dbg_show(st
"push-pull", "open-drain", "open-source"
};
static const char *const strengths[] = {
- "no", "high", "medium", "low"
+ "no", "low", "medium", "high"
};
pad = pctldev->desc->pins[pin].drv_data;
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 669/817] dt-bindings: pinctrl: samsung: Fix interrupt constraint for variants with fallbacks
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (667 preceding siblings ...)
2024-12-03 14:44 ` [PATCH 6.11 668/817] pinctrl: qcom: spmi: fix debugfs drive strength Greg Kroah-Hartman
@ 2024-12-03 14:44 ` Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 670/817] dt-bindings: iio: dac: ad3552r: fix maximum spi speed Greg Kroah-Hartman
` (157 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Rob Herring (Arm), Linus Walleij,
Krzysztof Kozlowski
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
commit ffb30875172eabff727e2896f097ccd4bb68723f upstream.
Commit 904140fa4553 ("dt-bindings: pinctrl: samsung: use Exynos7
fallbacks for newer wake-up controllers") added
samsung,exynos7-wakeup-eint fallback to some compatibles, so the
intention in the if:then: conditions was to handle the cases:
1. Single Exynos7 compatible or Exynos5433+Exynos7 or
Exynos7885+Exynos7: only one interrupt
2. Exynos850+Exynos7: no interrupts
This was not implemented properly however and if:then: block matches
only single Exynos5433 or Exynos7885 compatibles, which do not exist in
DTS anymore, so basically is a no-op and no enforcement on number of
interrupts is made by the binding.
Fix the if:then: condition so interrupts in the Exynos5433 and
Exynos7885 wake-up pin controller will be properly constrained.
Fixes: 904140fa4553 ("dt-bindings: pinctrl: samsung: use Exynos7 fallbacks for newer wake-up controllers")
Cc: stable@vger.kernel.org
Acked-by: Rob Herring (Arm) <robh@kernel.org>
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Link: https://lore.kernel.org/r/20241015065848.29429-1-krzysztof.kozlowski@linaro.org
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
Documentation/devicetree/bindings/pinctrl/samsung,pinctrl-wakeup-interrupt.yaml | 19 +++++-----
1 file changed, 11 insertions(+), 8 deletions(-)
--- a/Documentation/devicetree/bindings/pinctrl/samsung,pinctrl-wakeup-interrupt.yaml
+++ b/Documentation/devicetree/bindings/pinctrl/samsung,pinctrl-wakeup-interrupt.yaml
@@ -91,14 +91,17 @@ allOf:
- if:
properties:
compatible:
- # Match without "contains", to skip newer variants which are still
- # compatible with samsung,exynos7-wakeup-eint
- enum:
- - samsung,s5pv210-wakeup-eint
- - samsung,exynos4210-wakeup-eint
- - samsung,exynos5433-wakeup-eint
- - samsung,exynos7-wakeup-eint
- - samsung,exynos7885-wakeup-eint
+ oneOf:
+ # Match without "contains", to skip newer variants which are still
+ # compatible with samsung,exynos7-wakeup-eint
+ - enum:
+ - samsung,exynos4210-wakeup-eint
+ - samsung,exynos7-wakeup-eint
+ - samsung,s5pv210-wakeup-eint
+ - contains:
+ enum:
+ - samsung,exynos5433-wakeup-eint
+ - samsung,exynos7885-wakeup-eint
then:
properties:
interrupts:
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 670/817] dt-bindings: iio: dac: ad3552r: fix maximum spi speed
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (668 preceding siblings ...)
2024-12-03 14:44 ` [PATCH 6.11 669/817] dt-bindings: pinctrl: samsung: Fix interrupt constraint for variants with fallbacks Greg Kroah-Hartman
@ 2024-12-03 14:44 ` Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 671/817] exfat: fix uninit-value in __exfat_get_dentry_set Greg Kroah-Hartman
` (156 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Angelo Dureghello,
Krzysztof Kozlowski, Jonathan Cameron
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Angelo Dureghello <adureghello@baylibre.com>
commit d1d1c117f39b2057d1e978f26a8bd9631ddb193b upstream.
Fix maximum SPI clock speed, as per datasheet (Rev. B, page 6).
Fixes: b0a96c5f599e ("dt-bindings: iio: dac: Add adi,ad3552r.yaml")
Cc: stable@vger.kernel.org
Signed-off-by: Angelo Dureghello <adureghello@baylibre.com>
Acked-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Link: https://patch.msgid.link/20241003-wip-bl-ad3552r-axi-v0-iio-testing-v4-4-ceb157487329@baylibre.com
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
Documentation/devicetree/bindings/iio/dac/adi,ad3552r.yaml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/Documentation/devicetree/bindings/iio/dac/adi,ad3552r.yaml
+++ b/Documentation/devicetree/bindings/iio/dac/adi,ad3552r.yaml
@@ -30,7 +30,7 @@ properties:
maxItems: 1
spi-max-frequency:
- maximum: 30000000
+ maximum: 66000000
reset-gpios:
maxItems: 1
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 671/817] exfat: fix uninit-value in __exfat_get_dentry_set
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (669 preceding siblings ...)
2024-12-03 14:44 ` [PATCH 6.11 670/817] dt-bindings: iio: dac: ad3552r: fix maximum spi speed Greg Kroah-Hartman
@ 2024-12-03 14:44 ` Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 672/817] exfat: fix out-of-bounds access of directory entries Greg Kroah-Hartman
` (155 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+01218003be74b5e1213a,
Yuezhang Mo, Namjae Jeon
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Namjae Jeon <linkinjeon@kernel.org>
commit 02dffe9ab092fc4c8800aee68cb7eafd37a980c4 upstream.
There is no check if stream size and start_clu are invalid.
If start_clu is EOF cluster and stream size is 4096, It will
cause uninit value access. because ei->hint_femp.eidx could
be 128(if cluster size is 4K) and wrong hint will allocate
next cluster. and this cluster will be same with the cluster
that is allocated by exfat_extend_valid_size(). The previous
patch will check invalid start_clu, but for clarity, initialize
hint_femp.eidx to zero.
Cc: stable@vger.kernel.org
Reported-by: syzbot+01218003be74b5e1213a@syzkaller.appspotmail.com
Tested-by: syzbot+01218003be74b5e1213a@syzkaller.appspotmail.com
Reviewed-by: Yuezhang Mo <Yuezhang.Mo@sony.com>
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/exfat/namei.c | 1 +
1 file changed, 1 insertion(+)
--- a/fs/exfat/namei.c
+++ b/fs/exfat/namei.c
@@ -345,6 +345,7 @@ static int exfat_find_empty_entry(struct
if (ei->start_clu == EXFAT_EOF_CLUSTER) {
ei->start_clu = clu.dir;
p_dir->dir = clu.dir;
+ hint_femp.eidx = 0;
}
/* append to the FAT chain */
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 672/817] exfat: fix out-of-bounds access of directory entries
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (670 preceding siblings ...)
2024-12-03 14:44 ` [PATCH 6.11 671/817] exfat: fix uninit-value in __exfat_get_dentry_set Greg Kroah-Hartman
@ 2024-12-03 14:44 ` Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 673/817] xhci: Fix control transfer error on Etron xHCI host Greg Kroah-Hartman
` (154 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:44 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Yuezhang Mo, Namjae Jeon
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yuezhang Mo <Yuezhang.Mo@sony.com>
commit 184fa506e392eb78364d9283c961217ff2c0617b upstream.
In the case of the directory size is greater than or equal to
the cluster size, if start_clu becomes an EOF cluster(an invalid
cluster) due to file system corruption, then the directory entry
where ei->hint_femp.eidx hint is outside the directory, resulting
in an out-of-bounds access, which may cause further file system
corruption.
This commit adds a check for start_clu, if it is an invalid cluster,
the file or directory will be treated as empty.
Cc: stable@vger.kernel.org
Signed-off-by: Yuezhang Mo <Yuezhang.Mo@sony.com>
Co-developed-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/exfat/namei.c | 20 ++++++++++++++++----
1 file changed, 16 insertions(+), 4 deletions(-)
--- a/fs/exfat/namei.c
+++ b/fs/exfat/namei.c
@@ -637,14 +637,26 @@ static int exfat_find(struct inode *dir,
info->size = le64_to_cpu(ep2->dentry.stream.valid_size);
info->valid_size = le64_to_cpu(ep2->dentry.stream.valid_size);
info->size = le64_to_cpu(ep2->dentry.stream.size);
+
+ info->start_clu = le32_to_cpu(ep2->dentry.stream.start_clu);
+ if (!is_valid_cluster(sbi, info->start_clu) && info->size) {
+ exfat_warn(sb, "start_clu is invalid cluster(0x%x)",
+ info->start_clu);
+ info->size = 0;
+ info->valid_size = 0;
+ }
+
+ if (info->valid_size > info->size) {
+ exfat_warn(sb, "valid_size(%lld) is greater than size(%lld)",
+ info->valid_size, info->size);
+ info->valid_size = info->size;
+ }
+
if (info->size == 0) {
info->flags = ALLOC_NO_FAT_CHAIN;
info->start_clu = EXFAT_EOF_CLUSTER;
- } else {
+ } else
info->flags = ep2->dentry.stream.flags;
- info->start_clu =
- le32_to_cpu(ep2->dentry.stream.start_clu);
- }
exfat_get_entry_time(sbi, &info->crtime,
ep->dentry.file.create_tz,
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 673/817] xhci: Fix control transfer error on Etron xHCI host
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (671 preceding siblings ...)
2024-12-03 14:44 ` [PATCH 6.11 672/817] exfat: fix out-of-bounds access of directory entries Greg Kroah-Hartman
@ 2024-12-03 14:44 ` Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 674/817] xhci: Combine two if statements for " Greg Kroah-Hartman
` (153 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:44 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Kuangyi Chiang, Mathias Nyman
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kuangyi Chiang <ki.chiang65@gmail.com>
commit 5e1c67abc9301d05130b7e267c204e7005503b33 upstream.
Performing a stability stress test on a USB3.0 2.5G ethernet adapter
results in errors like this:
[ 91.441469] r8152 2-3:1.0 eth3: get_registers -71
[ 91.458659] r8152 2-3:1.0 eth3: get_registers -71
[ 91.475911] r8152 2-3:1.0 eth3: get_registers -71
[ 91.493203] r8152 2-3:1.0 eth3: get_registers -71
[ 91.510421] r8152 2-3:1.0 eth3: get_registers -71
The r8152 driver will periodically issue lots of control-IN requests
to access the status of ethernet adapter hardware registers during
the test.
This happens when the xHCI driver enqueue a control TD (which cross
over the Link TRB between two ring segments, as shown) in the endpoint
zero's transfer ring. Seems the Etron xHCI host can not perform this
TD correctly, causing the USB transfer error occurred, maybe the upper
driver retry that control-IN request can solve problem, but not all
drivers do this.
| |
-------
| TRB | Setup Stage
-------
| TRB | Link
-------
-------
| TRB | Data Stage
-------
| TRB | Status Stage
-------
| |
To work around this, the xHCI driver should enqueue a No Op TRB if
next available TRB is the Link TRB in the ring segment, this can
prevent the Setup and Data Stage TRB to be breaked by the Link TRB.
Check if the XHCI_ETRON_HOST quirk flag is set before invoking the
workaround in xhci_queue_ctrl_tx().
Fixes: d0e96f5a71a0 ("USB: xhci: Control transfer support.")
Cc: stable@vger.kernel.org
Signed-off-by: Kuangyi Chiang <ki.chiang65@gmail.com>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Link: https://lore.kernel.org/r/20241106101459.775897-20-mathias.nyman@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/host/xhci-ring.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
--- a/drivers/usb/host/xhci-ring.c
+++ b/drivers/usb/host/xhci-ring.c
@@ -3741,6 +3741,20 @@ int xhci_queue_ctrl_tx(struct xhci_hcd *
if (!urb->setup_packet)
return -EINVAL;
+ if ((xhci->quirks & XHCI_ETRON_HOST) &&
+ urb->dev->speed >= USB_SPEED_SUPER) {
+ /*
+ * If next available TRB is the Link TRB in the ring segment then
+ * enqueue a No Op TRB, this can prevent the Setup and Data Stage
+ * TRB to be breaked by the Link TRB.
+ */
+ if (trb_is_link(ep_ring->enqueue + 1)) {
+ field = TRB_TYPE(TRB_TR_NOOP) | ep_ring->cycle_state;
+ queue_trb(xhci, ep_ring, false, 0, 0,
+ TRB_INTR_TARGET(0), field);
+ }
+ }
+
/* 1 TRB for setup, 1 for status */
num_trbs = 2;
/*
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 674/817] xhci: Combine two if statements for Etron xHCI host
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (672 preceding siblings ...)
2024-12-03 14:44 ` [PATCH 6.11 673/817] xhci: Fix control transfer error on Etron xHCI host Greg Kroah-Hartman
@ 2024-12-03 14:44 ` Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 675/817] xhci: Dont perform Soft Retry " Greg Kroah-Hartman
` (152 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:44 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Kuangyi Chiang, Mathias Nyman
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kuangyi Chiang <ki.chiang65@gmail.com>
commit d7b11fe5790203fcc0db182249d7bfd945e44ccb upstream.
Combine two if statements, because these hosts have the same
quirk flags applied.
[Mathias: has stable tag because other fixes in series depend on this]
Fixes: 91f7a1524a92 ("xhci: Apply broken streams quirk to Etron EJ188 xHCI host")
Cc: stable@vger.kernel.org
Signed-off-by: Kuangyi Chiang <ki.chiang65@gmail.com>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Link: https://lore.kernel.org/r/20241106101459.775897-18-mathias.nyman@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/host/xhci-pci.c | 8 ++------
1 file changed, 2 insertions(+), 6 deletions(-)
--- a/drivers/usb/host/xhci-pci.c
+++ b/drivers/usb/host/xhci-pci.c
@@ -401,12 +401,8 @@ static void xhci_pci_quirks(struct devic
xhci->quirks |= XHCI_DEFAULT_PM_RUNTIME_ALLOW;
if (pdev->vendor == PCI_VENDOR_ID_ETRON &&
- pdev->device == PCI_DEVICE_ID_EJ168) {
- xhci->quirks |= XHCI_RESET_ON_RESUME;
- xhci->quirks |= XHCI_BROKEN_STREAMS;
- }
- if (pdev->vendor == PCI_VENDOR_ID_ETRON &&
- pdev->device == PCI_DEVICE_ID_EJ188) {
+ (pdev->device == PCI_DEVICE_ID_EJ168 ||
+ pdev->device == PCI_DEVICE_ID_EJ188)) {
xhci->quirks |= XHCI_RESET_ON_RESUME;
xhci->quirks |= XHCI_BROKEN_STREAMS;
}
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 675/817] xhci: Dont perform Soft Retry for Etron xHCI host
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (673 preceding siblings ...)
2024-12-03 14:44 ` [PATCH 6.11 674/817] xhci: Combine two if statements for " Greg Kroah-Hartman
@ 2024-12-03 14:44 ` Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 676/817] xhci: Dont issue Reset Device command to " Greg Kroah-Hartman
` (151 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:44 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Kuangyi Chiang, Mathias Nyman
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kuangyi Chiang <ki.chiang65@gmail.com>
commit e735e957f2b9cfe4be486e0304732ec36928591f upstream.
Since commit f8f80be501aa ("xhci: Use soft retry to recover faster from
transaction errors"), unplugging USB device while enumeration results in
errors like this:
[ 364.855321] xhci_hcd 0000:0b:00.0: ERROR Transfer event for disabled endpoint slot 5 ep 2
[ 364.864622] xhci_hcd 0000:0b:00.0: @0000002167656d70 67f03000 00000021 0c000000 05038001
[ 374.934793] xhci_hcd 0000:0b:00.0: Abort failed to stop command ring: -110
[ 374.958793] xhci_hcd 0000:0b:00.0: xHCI host controller not responding, assume dead
[ 374.967590] xhci_hcd 0000:0b:00.0: HC died; cleaning up
[ 374.973984] xhci_hcd 0000:0b:00.0: Timeout while waiting for configure endpoint command
Seems that Etorn xHCI host can not perform Soft Retry correctly, apply
XHCI_NO_SOFT_RETRY quirk to disable Soft Retry and then issue is gone.
This patch depends on commit a4a251f8c235 ("usb: xhci: do not perform
Soft Retry for some xHCI hosts").
Fixes: f8f80be501aa ("xhci: Use soft retry to recover faster from transaction errors")
Cc: stable@vger.kernel.org
Signed-off-by: Kuangyi Chiang <ki.chiang65@gmail.com>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Link: https://lore.kernel.org/r/20241106101459.775897-21-mathias.nyman@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/host/xhci-pci.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/usb/host/xhci-pci.c
+++ b/drivers/usb/host/xhci-pci.c
@@ -405,6 +405,7 @@ static void xhci_pci_quirks(struct devic
pdev->device == PCI_DEVICE_ID_EJ188)) {
xhci->quirks |= XHCI_RESET_ON_RESUME;
xhci->quirks |= XHCI_BROKEN_STREAMS;
+ xhci->quirks |= XHCI_NO_SOFT_RETRY;
}
if (pdev->vendor == PCI_VENDOR_ID_RENESAS &&
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 676/817] xhci: Dont issue Reset Device command to Etron xHCI host
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (674 preceding siblings ...)
2024-12-03 14:44 ` [PATCH 6.11 675/817] xhci: Dont perform Soft Retry " Greg Kroah-Hartman
@ 2024-12-03 14:44 ` Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 677/817] Bluetooth: Fix type of len in rfcomm_sock_getsockopt{,_old}() Greg Kroah-Hartman
` (150 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:44 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Kuangyi Chiang, Mathias Nyman
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kuangyi Chiang <ki.chiang65@gmail.com>
commit 76d98856b1c6d06ce18f32c20527a4f9d283e660 upstream.
Sometimes the hub driver does not recognize the USB device connected
to the external USB2.0 hub when the system resumes from S4.
After the SetPortFeature(PORT_RESET) request is completed, the hub
driver calls the HCD reset_device callback, which will issue a Reset
Device command and free all structures associated with endpoints
that were disabled.
This happens when the xHCI driver issue a Reset Device command to
inform the Etron xHCI host that the USB device associated with a
device slot has been reset. Seems that the Etron xHCI host can not
perform this command correctly, affecting the USB device.
To work around this, the xHCI driver should obtain a new device slot
with reference to commit 651aaf36a7d7 ("usb: xhci: Handle USB transaction
error on address command"), which is another way to inform the Etron
xHCI host that the USB device has been reset.
Add a new XHCI_ETRON_HOST quirk flag to invoke the workaround in
xhci_discover_or_reset_device().
Fixes: 2a8f82c4ceaf ("USB: xhci: Notify the xHC when a device is reset.")
Cc: stable@vger.kernel.org
Signed-off-by: Kuangyi Chiang <ki.chiang65@gmail.com>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Link: https://lore.kernel.org/r/20241106101459.775897-19-mathias.nyman@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/host/xhci-pci.c | 1 +
drivers/usb/host/xhci.c | 19 +++++++++++++++++++
drivers/usb/host/xhci.h | 1 +
3 files changed, 21 insertions(+)
--- a/drivers/usb/host/xhci-pci.c
+++ b/drivers/usb/host/xhci-pci.c
@@ -403,6 +403,7 @@ static void xhci_pci_quirks(struct devic
if (pdev->vendor == PCI_VENDOR_ID_ETRON &&
(pdev->device == PCI_DEVICE_ID_EJ168 ||
pdev->device == PCI_DEVICE_ID_EJ188)) {
+ xhci->quirks |= XHCI_ETRON_HOST;
xhci->quirks |= XHCI_RESET_ON_RESUME;
xhci->quirks |= XHCI_BROKEN_STREAMS;
xhci->quirks |= XHCI_NO_SOFT_RETRY;
--- a/drivers/usb/host/xhci.c
+++ b/drivers/usb/host/xhci.c
@@ -3692,6 +3692,8 @@ void xhci_free_device_endpoint_resources
xhci->num_active_eps);
}
+static void xhci_free_dev(struct usb_hcd *hcd, struct usb_device *udev);
+
/*
* This submits a Reset Device Command, which will set the device state to 0,
* set the device address to 0, and disable all the endpoints except the default
@@ -3762,6 +3764,23 @@ static int xhci_discover_or_reset_device
SLOT_STATE_DISABLED)
return 0;
+ if (xhci->quirks & XHCI_ETRON_HOST) {
+ /*
+ * Obtaining a new device slot to inform the xHCI host that
+ * the USB device has been reset.
+ */
+ ret = xhci_disable_slot(xhci, udev->slot_id);
+ xhci_free_virt_device(xhci, udev->slot_id);
+ if (!ret) {
+ ret = xhci_alloc_dev(hcd, udev);
+ if (ret == 1)
+ ret = 0;
+ else
+ ret = -EINVAL;
+ }
+ return ret;
+ }
+
trace_xhci_discover_or_reset_device(slot_ctx);
xhci_dbg(xhci, "Resetting device with slot ID %u\n", slot_id);
--- a/drivers/usb/host/xhci.h
+++ b/drivers/usb/host/xhci.h
@@ -1629,6 +1629,7 @@ struct xhci_hcd {
#define XHCI_ZHAOXIN_HOST BIT_ULL(46)
#define XHCI_WRITE_64_HI_LO BIT_ULL(47)
#define XHCI_CDNS_SCTX_QUIRK BIT_ULL(48)
+#define XHCI_ETRON_HOST BIT_ULL(49)
unsigned int num_active_eps;
unsigned int limit_active_eps;
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 677/817] Bluetooth: Fix type of len in rfcomm_sock_getsockopt{,_old}()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (675 preceding siblings ...)
2024-12-03 14:44 ` [PATCH 6.11 676/817] xhci: Dont issue Reset Device command to " Greg Kroah-Hartman
@ 2024-12-03 14:44 ` Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 678/817] usb: xhci: Limit Stop Endpoint retries Greg Kroah-Hartman
` (149 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Andrej Shadura, Nathan Chancellor,
Luiz Augusto von Dentz, Aleksei Vetrov
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andrej Shadura <andrew.shadura@collabora.co.uk>
commit 5fe6caa62b07fd39cd6a28acc8f92ba2955e11a6 upstream.
Commit 9bf4e919ccad worked around an issue introduced after an innocuous
optimisation change in LLVM main:
> len is defined as an 'int' because it is assigned from
> '__user int *optlen'. However, it is clamped against the result of
> sizeof(), which has a type of 'size_t' ('unsigned long' for 64-bit
> platforms). This is done with min_t() because min() requires compatible
> types, which results in both len and the result of sizeof() being casted
> to 'unsigned int', meaning len changes signs and the result of sizeof()
> is truncated. From there, len is passed to copy_to_user(), which has a
> third parameter type of 'unsigned long', so it is widened and changes
> signs again. This excessive casting in combination with the KCSAN
> instrumentation causes LLVM to fail to eliminate the __bad_copy_from()
> call, failing the build.
The same issue occurs in rfcomm in functions rfcomm_sock_getsockopt and
rfcomm_sock_getsockopt_old.
Change the type of len to size_t in both rfcomm_sock_getsockopt and
rfcomm_sock_getsockopt_old and replace min_t() with min().
Cc: stable@vger.kernel.org
Co-authored-by: Aleksei Vetrov <vvvvvv@google.com>
Improves: 9bf4e919ccad ("Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old()")
Link: https://github.com/ClangBuiltLinux/linux/issues/2007
Link: https://github.com/llvm/llvm-project/issues/85647
Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>
Reviewed-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/bluetooth/rfcomm/sock.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
--- a/net/bluetooth/rfcomm/sock.c
+++ b/net/bluetooth/rfcomm/sock.c
@@ -729,7 +729,8 @@ static int rfcomm_sock_getsockopt_old(st
struct sock *l2cap_sk;
struct l2cap_conn *conn;
struct rfcomm_conninfo cinfo;
- int len, err = 0;
+ int err = 0;
+ size_t len;
u32 opt;
BT_DBG("sk %p", sk);
@@ -783,7 +784,7 @@ static int rfcomm_sock_getsockopt_old(st
cinfo.hci_handle = conn->hcon->handle;
memcpy(cinfo.dev_class, conn->hcon->dev_class, 3);
- len = min_t(unsigned int, len, sizeof(cinfo));
+ len = min(len, sizeof(cinfo));
if (copy_to_user(optval, (char *) &cinfo, len))
err = -EFAULT;
@@ -802,7 +803,8 @@ static int rfcomm_sock_getsockopt(struct
{
struct sock *sk = sock->sk;
struct bt_security sec;
- int len, err = 0;
+ int err = 0;
+ size_t len;
BT_DBG("sk %p", sk);
@@ -827,7 +829,7 @@ static int rfcomm_sock_getsockopt(struct
sec.level = rfcomm_pi(sk)->sec_level;
sec.key_size = 0;
- len = min_t(unsigned int, len, sizeof(sec));
+ len = min(len, sizeof(sec));
if (copy_to_user(optval, (char *) &sec, len))
err = -EFAULT;
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 678/817] usb: xhci: Limit Stop Endpoint retries
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (676 preceding siblings ...)
2024-12-03 14:44 ` [PATCH 6.11 677/817] Bluetooth: Fix type of len in rfcomm_sock_getsockopt{,_old}() Greg Kroah-Hartman
@ 2024-12-03 14:44 ` Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 679/817] usb: xhci: Fix TD invalidation under pending Set TR Dequeue Greg Kroah-Hartman
` (148 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:44 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Michal Pecio, Mathias Nyman
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michal Pecio <michal.pecio@gmail.com>
commit 42b7581376015c1bbcbe5831f043cd0ac119d028 upstream.
Some host controllers fail to atomically transition an endpoint to the
Running state on a doorbell ring and enter a hidden "Restarting" state,
which looks very much like Stopped, with the important difference that
it will spontaneously transition to Running anytime soon.
A Stop Endpoint command queued in the Restarting state typically fails
with Context State Error and the completion handler sees the Endpoint
Context State as either still Stopped or already Running. Even a case
of Halted was observed, when an error occurred right after the restart.
The Halted state is already recovered from by resetting the endpoint.
The Running state is handled by retrying Stop Endpoint.
The Stopped state was recognized as a problem on NEC controllers and
worked around also by retrying, because the endpoint soon restarts and
then stops for good. But there is a risk: the command may fail if the
endpoint is "stopped for good" already, and retries will fail forever.
The possibility of this was not realized at the time, but a number of
cases were discovered later and reproduced. Some proved difficult to
deal with, and it is outright impossible to predict if an endpoint may
fail to ever start at all due to a hardware bug. One such bug (albeit
on ASM3142, not on NEC) was found to be reliably triggered simply by
toggling an AX88179 NIC up/down in a tight loop for a few seconds.
An endless retries storm is quite nasty. Besides putting needless load
on the xHC and CPU, it causes URBs never to be given back, paralyzing
the device and connection/disconnection logic for the whole bus if the
device is unplugged. User processes waiting for URBs become unkillable,
drivers and kworker threads lock up and xhci_hcd cannot be reloaded.
For peace of mind, impose a timeout on Stop Endpoint retries in this
case. If they don't succeed in 100ms, consider the endpoint stopped
permanently for some reason and just give back the unlinked URBs. This
failure case is rare already and work is under way to make it rarer.
Start this work today by also handling one simple case of race with
Reset Endpoint, because it costs just two lines to implement.
Fixes: fd9d55d190c0 ("xhci: retry Stop Endpoint on buggy NEC controllers")
CC: stable@vger.kernel.org
Signed-off-by: Michal Pecio <michal.pecio@gmail.com>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Link: https://lore.kernel.org/r/20241106101459.775897-32-mathias.nyman@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/host/xhci-ring.c | 28 ++++++++++++++++++++++++----
drivers/usb/host/xhci.c | 2 ++
drivers/usb/host/xhci.h | 1 +
3 files changed, 27 insertions(+), 4 deletions(-)
--- a/drivers/usb/host/xhci-ring.c
+++ b/drivers/usb/host/xhci-ring.c
@@ -52,6 +52,7 @@
* endpoint rings; it generates events on the event ring for these.
*/
+#include <linux/jiffies.h>
#include <linux/scatterlist.h>
#include <linux/slab.h>
#include <linux/dma-mapping.h>
@@ -1151,16 +1152,35 @@ static void xhci_handle_cmd_stop_ep(stru
return;
case EP_STATE_STOPPED:
/*
- * NEC uPD720200 sometimes sets this state and fails with
- * Context Error while continuing to process TRBs.
- * Be conservative and trust EP_CTX_STATE on other chips.
+ * Per xHCI 4.6.9, Stop Endpoint command on a Stopped
+ * EP is a Context State Error, and EP stays Stopped.
+ *
+ * But maybe it failed on Halted, and somebody ran Reset
+ * Endpoint later. EP state is now Stopped and EP_HALTED
+ * still set because Reset EP handler will run after us.
+ */
+ if (ep->ep_state & EP_HALTED)
+ break;
+ /*
+ * On some HCs EP state remains Stopped for some tens of
+ * us to a few ms or more after a doorbell ring, and any
+ * new Stop Endpoint fails without aborting the restart.
+ * This handler may run quickly enough to still see this
+ * Stopped state, but it will soon change to Running.
+ *
+ * Assume this bug on unexpected Stop Endpoint failures.
+ * Keep retrying until the EP starts and stops again, on
+ * chips where this is known to help. Wait for 100ms.
*/
if (!(xhci->quirks & XHCI_NEC_HOST))
break;
+ if (time_is_before_jiffies(ep->stop_time + msecs_to_jiffies(100)))
+ break;
fallthrough;
case EP_STATE_RUNNING:
/* Race, HW handled stop ep cmd before ep was running */
- xhci_dbg(xhci, "Stop ep completion ctx error, ep is running\n");
+ xhci_dbg(xhci, "Stop ep completion ctx error, ctx_state %d\n",
+ GET_EP_CTX_STATE(ep_ctx));
command = xhci_alloc_command(xhci, false, GFP_ATOMIC);
if (!command) {
--- a/drivers/usb/host/xhci.c
+++ b/drivers/usb/host/xhci.c
@@ -8,6 +8,7 @@
* Some code borrowed from the Linux EHCI driver.
*/
+#include <linux/jiffies.h>
#include <linux/pci.h>
#include <linux/iommu.h>
#include <linux/iopoll.h>
@@ -1777,6 +1778,7 @@ static int xhci_urb_dequeue(struct usb_h
ret = -ENOMEM;
goto done;
}
+ ep->stop_time = jiffies;
ep->ep_state |= EP_STOP_CMD_PENDING;
xhci_queue_stop_endpoint(xhci, command, urb->dev->slot_id,
ep_index, 0);
--- a/drivers/usb/host/xhci.h
+++ b/drivers/usb/host/xhci.h
@@ -690,6 +690,7 @@ struct xhci_virt_ep {
/* Bandwidth checking storage */
struct xhci_bw_info bw_info;
struct list_head bw_endpoint_list;
+ unsigned long stop_time;
/* Isoch Frame ID checking storage */
int next_frame_id;
/* Use new Isoch TRB layout needed for extended TBC support */
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 679/817] usb: xhci: Fix TD invalidation under pending Set TR Dequeue
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (677 preceding siblings ...)
2024-12-03 14:44 ` [PATCH 6.11 678/817] usb: xhci: Limit Stop Endpoint retries Greg Kroah-Hartman
@ 2024-12-03 14:44 ` Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 680/817] usb: xhci: Avoid queuing redundant Stop Endpoint commands Greg Kroah-Hartman
` (147 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:44 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Michal Pecio, Mathias Nyman
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michal Pecio <michal.pecio@gmail.com>
commit 484c3bab2d5dfa13ff659a51a06e9a393141eefc upstream.
xhci_invalidate_cancelled_tds() may not work correctly if the hardware
is modifying endpoint or stream contexts at the same time by executing
a Set TR Dequeue command. And even if it worked, it would be unable to
queue Set TR Dequeue for the next stream, failing to clear xHC cache.
On stream endpoints, a chain of Set TR Dequeue commands may take some
time to execute and we may want to cancel more TDs during this time.
Currently this leads to Stop Endpoint completion handler calling this
function without testing for SET_DEQ_PENDING, which will trigger the
aforementioned problems when it happens.
On all endpoints, a halt condition causes Reset Endpoint to be queued
and an error status given to the class driver, which may unlink more
URBs in response. Stop Endpoint is queued and its handler may execute
concurrently with Set TR Dequeue queued by Reset Endpoint handler.
(Reset Endpoint handler calls this function too, but there seems to
be no possibility of it running concurrently with Set TR Dequeue).
Fix xhci_invalidate_cancelled_tds() to work correctly under a pending
Set TR Dequeue. Bail out of the function when SET_DEQ_PENDING is set,
then make the completion handler call the function again and also call
xhci_giveback_invalidated_tds(), which needs to be called next.
This seems to fix another potential bug, where the handler would call
xhci_invalidate_cancelled_tds(), which may clear some deferred TDs if
a sanity check fails, and the TDs wouldn't be given back promptly.
Said sanity check seems to be wrong and prone to false positives when
the endpoint halts, but fixing it is beyond the scope of this change,
besides ensuring that cleared TDs are given back properly.
Fixes: 5ceac4402f5d ("xhci: Handle TD clearing for multiple streams case")
CC: stable@vger.kernel.org
Signed-off-by: Michal Pecio <michal.pecio@gmail.com>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Link: https://lore.kernel.org/r/20241106101459.775897-33-mathias.nyman@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/host/xhci-ring.c | 18 +++++++++++++-----
1 file changed, 13 insertions(+), 5 deletions(-)
--- a/drivers/usb/host/xhci-ring.c
+++ b/drivers/usb/host/xhci-ring.c
@@ -973,6 +973,13 @@ static int xhci_invalidate_cancelled_tds
unsigned int slot_id = ep->vdev->slot_id;
int err;
+ /*
+ * This is not going to work if the hardware is changing its dequeue
+ * pointers as we look at them. Completion handler will call us later.
+ */
+ if (ep->ep_state & SET_DEQ_PENDING)
+ return 0;
+
xhci = ep->xhci;
list_for_each_entry_safe(td, tmp_td, &ep->cancelled_td_list, cancelled_td_list) {
@@ -1359,7 +1366,6 @@ static void xhci_handle_cmd_set_deq(stru
struct xhci_ep_ctx *ep_ctx;
struct xhci_slot_ctx *slot_ctx;
struct xhci_td *td, *tmp_td;
- bool deferred = false;
ep_index = TRB_TO_EP_INDEX(le32_to_cpu(trb->generic.field[3]));
stream_id = TRB_TO_STREAM_ID(le32_to_cpu(trb->generic.field[2]));
@@ -1460,8 +1466,6 @@ static void xhci_handle_cmd_set_deq(stru
xhci_dbg(ep->xhci, "%s: Giveback cancelled URB %p TD\n",
__func__, td->urb);
xhci_td_cleanup(ep->xhci, td, ep_ring, td->status);
- } else if (td->cancel_status == TD_CLEARING_CACHE_DEFERRED) {
- deferred = true;
} else {
xhci_dbg(ep->xhci, "%s: Keep cancelled URB %p TD as cancel_status is %d\n",
__func__, td->urb, td->cancel_status);
@@ -1472,11 +1476,15 @@ cleanup:
ep->queued_deq_seg = NULL;
ep->queued_deq_ptr = NULL;
- if (deferred) {
- /* We have more streams to clear */
+ /* Check for deferred or newly cancelled TDs */
+ if (!list_empty(&ep->cancelled_td_list)) {
xhci_dbg(ep->xhci, "%s: Pending TDs to clear, continuing with invalidation\n",
__func__);
xhci_invalidate_cancelled_tds(ep);
+ /* Try to restart the endpoint if all is done */
+ ring_doorbell_for_active_rings(xhci, slot_id, ep_index);
+ /* Start giving back any TDs invalidated above */
+ xhci_giveback_invalidated_tds(ep);
} else {
/* Restart any rings with pending URBs */
xhci_dbg(ep->xhci, "%s: All TDs cleared, ring doorbell\n", __func__);
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 680/817] usb: xhci: Avoid queuing redundant Stop Endpoint commands
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (678 preceding siblings ...)
2024-12-03 14:44 ` [PATCH 6.11 679/817] usb: xhci: Fix TD invalidation under pending Set TR Dequeue Greg Kroah-Hartman
@ 2024-12-03 14:44 ` Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 681/817] ARM: dts: omap36xx: declare 1GHz OPP as turbo again Greg Kroah-Hartman
` (146 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:44 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Michal Pecio, Mathias Nyman
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michal Pecio <michal.pecio@gmail.com>
commit 474538b8dd1cd9c666e56cfe8ef60fbb0fb513f4 upstream.
Stop Endpoint command on an already stopped endpoint fails and may be
misinterpreted as a known hardware bug by the completion handler. This
results in an unnecessary delay with repeated retries of the command.
Avoid queuing this command when endpoint state flags indicate that it's
stopped or halted and the command will fail. If commands are pending on
the endpoint, their completion handlers will process cancelled TDs so
it's done. In case of waiting for external operations like clearing TT
buffer, the endpoint is stopped and cancelled TDs can be processed now.
This eliminates practically all unnecessary retries because an endpoint
with pending URBs is maintained in Running state by the driver, unless
aforementioned commands or other operations are pending on it. This is
guaranteed by xhci_ring_ep_doorbell() and by the fact that it is called
every time any of those operations completes.
The only known exceptions are hardware bugs (the endpoint never starts
at all) and Stream Protocol errors not associated with any TRB, which
cause an endpoint reset not followed by restart. Sounds like a bug.
Generally, these retries are only expected to happen when the endpoint
fails to start for unknown/no reason, which is a worse problem itself,
and fixing the bug eliminates the retries too.
All cases were tested and found to work as expected. SET_DEQ_PENDING
was produced by patching uvcvideo to unlink URBs in 100us intervals,
which then runs into this case very often. EP_HALTED was produced by
restarting 'cat /dev/ttyUSB0' on a serial dongle with broken cable.
EP_CLEARING_TT by the same, with the dongle on an external hub.
Fixes: fd9d55d190c0 ("xhci: retry Stop Endpoint on buggy NEC controllers")
CC: stable@vger.kernel.org
Signed-off-by: Michal Pecio <michal.pecio@gmail.com>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Link: https://lore.kernel.org/r/20241106101459.775897-34-mathias.nyman@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/host/xhci-ring.c | 13 +++++++++++++
drivers/usb/host/xhci.c | 19 +++++++++++++++----
drivers/usb/host/xhci.h | 1 +
3 files changed, 29 insertions(+), 4 deletions(-)
--- a/drivers/usb/host/xhci-ring.c
+++ b/drivers/usb/host/xhci-ring.c
@@ -1070,6 +1070,19 @@ static int xhci_invalidate_cancelled_tds
}
/*
+ * Erase queued TDs from transfer ring(s) and give back those the xHC didn't
+ * stop on. If necessary, queue commands to move the xHC off cancelled TDs it
+ * stopped on. Those will be given back later when the commands complete.
+ *
+ * Call under xhci->lock on a stopped endpoint.
+ */
+void xhci_process_cancelled_tds(struct xhci_virt_ep *ep)
+{
+ xhci_invalidate_cancelled_tds(ep);
+ xhci_giveback_invalidated_tds(ep);
+}
+
+/*
* Returns the TD the endpoint ring halted on.
* Only call for non-running rings without streams.
*/
--- a/drivers/usb/host/xhci.c
+++ b/drivers/usb/host/xhci.c
@@ -1769,10 +1769,21 @@ static int xhci_urb_dequeue(struct usb_h
}
}
- /* Queue a stop endpoint command, but only if this is
- * the first cancellation to be handled.
- */
- if (!(ep->ep_state & EP_STOP_CMD_PENDING)) {
+ /* These completion handlers will sort out cancelled TDs for us */
+ if (ep->ep_state & (EP_STOP_CMD_PENDING | EP_HALTED | SET_DEQ_PENDING)) {
+ xhci_dbg(xhci, "Not queuing Stop Endpoint on slot %d ep %d in state 0x%x\n",
+ urb->dev->slot_id, ep_index, ep->ep_state);
+ goto done;
+ }
+
+ /* In this case no commands are pending but the endpoint is stopped */
+ if (ep->ep_state & EP_CLEARING_TT) {
+ /* and cancelled TDs can be given back right away */
+ xhci_dbg(xhci, "Invalidating TDs instantly on slot %d ep %d in state 0x%x\n",
+ urb->dev->slot_id, ep_index, ep->ep_state);
+ xhci_process_cancelled_tds(ep);
+ } else {
+ /* Otherwise, queue a new Stop Endpoint command */
command = xhci_alloc_command(xhci, false, GFP_ATOMIC);
if (!command) {
ret = -ENOMEM;
--- a/drivers/usb/host/xhci.h
+++ b/drivers/usb/host/xhci.h
@@ -1921,6 +1921,7 @@ void xhci_ring_doorbell_for_active_rings
void xhci_cleanup_command_queue(struct xhci_hcd *xhci);
void inc_deq(struct xhci_hcd *xhci, struct xhci_ring *ring);
unsigned int count_trbs(u64 addr, u64 len);
+void xhci_process_cancelled_tds(struct xhci_virt_ep *ep);
/* xHCI roothub code */
void xhci_set_link_state(struct xhci_hcd *xhci, struct xhci_port *port,
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 681/817] ARM: dts: omap36xx: declare 1GHz OPP as turbo again
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (679 preceding siblings ...)
2024-12-03 14:44 ` [PATCH 6.11 680/817] usb: xhci: Avoid queuing redundant Stop Endpoint commands Greg Kroah-Hartman
@ 2024-12-03 14:44 ` Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 682/817] wifi: ath12k: fix warning when unbinding Greg Kroah-Hartman
` (145 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:44 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Stable, Andreas Kemnade,
Kevin Hilman
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andreas Kemnade <andreas@kemnade.info>
commit 96a64e9730c2c76cfa5c510583a0fbf40d62886b upstream.
Operating stable without reduced chip life at 1Ghz needs several
technologies working: The technologies involve
- SmartReflex
- DVFS
As this cannot directly specified in the OPP table as dependecies in the
devicetree yet, use the turbo flag again to mark this OPP as something
special to have some kind of opt-in.
So revert commit
5f1bf7ae8481 ("ARM: dts: omap36xx: Remove turbo mode for 1GHz variants")
Practical reasoning:
At least the GTA04A5 (DM3730) has become unstable with that OPP enabled.
Furthermore nothing enforces the availability of said technologies,
even in the kernel configuration, so allow users to rather opt-in.
Cc: Stable@vger.kernel.org
Fixes: 5f1bf7ae8481 ("ARM: dts: omap36xx: Remove turbo mode for 1GHz variants")
Signed-off-by: Andreas Kemnade <andreas@kemnade.info>
Link: https://lore.kernel.org/r/20241018214727.275162-1-andreas@kemnade.info
Signed-off-by: Kevin Hilman <khilman@baylibre.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/boot/dts/ti/omap/omap36xx.dtsi | 1 +
1 file changed, 1 insertion(+)
--- a/arch/arm/boot/dts/ti/omap/omap36xx.dtsi
+++ b/arch/arm/boot/dts/ti/omap/omap36xx.dtsi
@@ -72,6 +72,7 @@
<1375000 1375000 1375000>;
/* only on am/dm37x with speed-binned bit set */
opp-supported-hw = <0xffffffff 2>;
+ turbo-mode;
};
};
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 682/817] wifi: ath12k: fix warning when unbinding
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (680 preceding siblings ...)
2024-12-03 14:44 ` [PATCH 6.11 681/817] ARM: dts: omap36xx: declare 1GHz OPP as turbo again Greg Kroah-Hartman
@ 2024-12-03 14:44 ` Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 683/817] wifi: rtlwifi: Drastically reduce the attempts to read efuse in case of failures Greg Kroah-Hartman
` (144 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jose Ignacio Tornos Martinez,
Jeff Johnson
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jose Ignacio Tornos Martinez <jtornosm@redhat.com>
commit ca68ce0d9f4bcd032fd1334441175ae399642a06 upstream.
If there is an error during some initialization related to firmware,
the buffers dp->tx_ring[i].tx_status are released.
However this is released again when the device is unbinded (ath12k_pci),
and we get:
WARNING: CPU: 0 PID: 2098 at mm/slub.c:4689 free_large_kmalloc+0x4d/0x80
Call Trace:
free_large_kmalloc
ath12k_dp_free
ath12k_core_deinit
ath12k_pci_remove
...
The issue is always reproducible from a VM because the MSI addressing
initialization is failing.
In order to fix the issue, just set the buffers to NULL after releasing in
order to avoid the double free.
cc: stable@vger.kernel.org
Fixes: d889913205cf ("wifi: ath12k: driver for Qualcomm Wi-Fi 7 devices")
Signed-off-by: Jose Ignacio Tornos Martinez <jtornosm@redhat.com>
Link: https://patch.msgid.link/20241017181004.199589-3-jtornosm@redhat.com
Signed-off-by: Jeff Johnson <quic_jjohnson@quicinc.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/ath/ath12k/dp.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/drivers/net/wireless/ath/ath12k/dp.c
+++ b/drivers/net/wireless/ath/ath12k/dp.c
@@ -1282,8 +1282,10 @@ void ath12k_dp_free(struct ath12k_base *
ath12k_dp_rx_reo_cmd_list_cleanup(ab);
- for (i = 0; i < ab->hw_params->max_tx_ring; i++)
+ for (i = 0; i < ab->hw_params->max_tx_ring; i++) {
kfree(dp->tx_ring[i].tx_status);
+ dp->tx_ring[i].tx_status = NULL;
+ }
ath12k_dp_rx_free(ab);
/* Deinit any SOC level resource */
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 683/817] wifi: rtlwifi: Drastically reduce the attempts to read efuse in case of failures
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (681 preceding siblings ...)
2024-12-03 14:44 ` [PATCH 6.11 682/817] wifi: ath12k: fix warning when unbinding Greg Kroah-Hartman
@ 2024-12-03 14:44 ` Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 684/817] wifi: nl80211: fix bounds checker error in nl80211_parse_sched_scan Greg Kroah-Hartman
` (143 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+edd9fe0d3a65b14588d5,
Bitterblue Smith, Guilherme G. Piccoli, Ping-Ke Shih
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Guilherme G. Piccoli <gpiccoli@igalia.com>
commit 5c1b544563005a00591a3aa86ecff62ed4d11be3 upstream.
Syzkaller reported a hung task with uevent_show() on stack trace. That
specific issue was addressed by another commit [0], but even with that
fix applied (for example, running v6.12-rc5) we face another type of hung
task that comes from the same reproducer [1]. By investigating that, we
could narrow it to the following path:
(a) Syzkaller emulates a Realtek USB WiFi adapter using raw-gadget and
dummy_hcd infrastructure.
(b) During the probe of rtl8192cu, the driver ends-up performing an efuse
read procedure (which is related to EEPROM load IIUC), and here lies the
issue: the function read_efuse() calls read_efuse_byte() many times, as
loop iterations depending on the efuse size (in our example, 512 in total).
This procedure for reading efuse bytes relies in a loop that performs an
I/O read up to *10k* times in case of failures. We measured the time of
the loop inside read_efuse_byte() alone, and in this reproducer (which
involves the dummy_hcd emulation layer), it takes 15 seconds each. As a
consequence, we have the driver stuck in its probe routine for big time,
exposing a stack trace like below if we attempt to reboot the system, for
example:
task:kworker/0:3 state:D stack:0 pid:662 tgid:662 ppid:2 flags:0x00004000
Workqueue: usb_hub_wq hub_event
Call Trace:
__schedule+0xe22/0xeb6
schedule_timeout+0xe7/0x132
__wait_for_common+0xb5/0x12e
usb_start_wait_urb+0xc5/0x1ef
? usb_alloc_urb+0x95/0xa4
usb_control_msg+0xff/0x184
_usbctrl_vendorreq_sync+0xa0/0x161
_usb_read_sync+0xb3/0xc5
read_efuse_byte+0x13c/0x146
read_efuse+0x351/0x5f0
efuse_read_all_map+0x42/0x52
rtl_efuse_shadow_map_update+0x60/0xef
rtl_get_hwinfo+0x5d/0x1c2
rtl92cu_read_eeprom_info+0x10a/0x8d5
? rtl92c_read_chip_version+0x14f/0x17e
rtl_usb_probe+0x323/0x851
usb_probe_interface+0x278/0x34b
really_probe+0x202/0x4a4
__driver_probe_device+0x166/0x1b2
driver_probe_device+0x2f/0xd8
[...]
We propose hereby to drastically reduce the attempts of doing the I/O
reads in case of failures, restricted to USB devices (given that
they're inherently slower than PCIe ones). By retrying up to 10 times
(instead of 10000), we got reponsiveness in the reproducer, while seems
reasonable to believe that there's no sane USB device implementation in
the field requiring this amount of retries at every I/O read in order
to properly work. Based on that assumption, it'd be good to have it
backported to stable but maybe not since driver implementation (the 10k
number comes from day 0), perhaps up to 6.x series makes sense.
[0] Commit 15fffc6a5624 ("driver core: Fix uevent_show() vs driver detach race")
[1] A note about that: this syzkaller report presents multiple reproducers
that differs by the type of emulated USB device. For this specific case,
check the entry from 2024/08/08 06:23 in the list of crashes; the C repro
is available at https://syzkaller.appspot.com/text?tag=ReproC&x=1521fc83980000.
Cc: stable@vger.kernel.org # v6.1+
Reported-by: syzbot+edd9fe0d3a65b14588d5@syzkaller.appspotmail.com
Tested-by: Bitterblue Smith <rtl8821cerfe2@gmail.com>
Signed-off-by: Guilherme G. Piccoli <gpiccoli@igalia.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Link: https://patch.msgid.link/20241101193412.1390391-1-gpiccoli@igalia.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/realtek/rtlwifi/efuse.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
--- a/drivers/net/wireless/realtek/rtlwifi/efuse.c
+++ b/drivers/net/wireless/realtek/rtlwifi/efuse.c
@@ -162,10 +162,19 @@ void efuse_write_1byte(struct ieee80211_
void read_efuse_byte(struct ieee80211_hw *hw, u16 _offset, u8 *pbuf)
{
struct rtl_priv *rtlpriv = rtl_priv(hw);
+ u16 max_attempts = 10000;
u32 value32;
u8 readbyte;
u16 retry;
+ /*
+ * In case of USB devices, transfer speeds are limited, hence
+ * efuse I/O reads could be (way) slower. So, decrease (a lot)
+ * the read attempts in case of failures.
+ */
+ if (rtlpriv->rtlhal.interface == INTF_USB)
+ max_attempts = 10;
+
rtl_write_byte(rtlpriv, rtlpriv->cfg->maps[EFUSE_CTRL] + 1,
(_offset & 0xff));
readbyte = rtl_read_byte(rtlpriv, rtlpriv->cfg->maps[EFUSE_CTRL] + 2);
@@ -178,7 +187,7 @@ void read_efuse_byte(struct ieee80211_hw
retry = 0;
value32 = rtl_read_dword(rtlpriv, rtlpriv->cfg->maps[EFUSE_CTRL]);
- while (!(((value32 >> 24) & 0xff) & 0x80) && (retry < 10000)) {
+ while (!(((value32 >> 24) & 0xff) & 0x80) && (retry < max_attempts)) {
value32 = rtl_read_dword(rtlpriv,
rtlpriv->cfg->maps[EFUSE_CTRL]);
retry++;
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 684/817] wifi: nl80211: fix bounds checker error in nl80211_parse_sched_scan
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (682 preceding siblings ...)
2024-12-03 14:44 ` [PATCH 6.11 683/817] wifi: rtlwifi: Drastically reduce the attempts to read efuse in case of failures Greg Kroah-Hartman
@ 2024-12-03 14:44 ` Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 685/817] wifi: ath12k: fix crash when unbinding Greg Kroah-Hartman
` (142 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Aleksei Vetrov, Jeff Johnson,
Johannes Berg
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Aleksei Vetrov <vvvvvv@google.com>
commit 9c46a3a5b394d6d123866aa44436fc2cd342eb0d upstream.
The channels array in the cfg80211_scan_request has a __counted_by
attribute attached to it, which points to the n_channels variable. This
attribute is used in bounds checking, and if it is not set before the
array is filled, then the bounds sanitizer will issue a warning or a
kernel panic if CONFIG_UBSAN_TRAP is set.
This patch sets the size of allocated memory as the initial value for
n_channels. It is updated with the actual number of added elements after
the array is filled.
Fixes: aa4ec06c455d ("wifi: cfg80211: use __counted_by where appropriate")
Cc: stable@vger.kernel.org
Signed-off-by: Aleksei Vetrov <vvvvvv@google.com>
Reviewed-by: Jeff Johnson <quic_jjohnson@quicinc.com>
Link: https://patch.msgid.link/20241029-nl80211_parse_sched_scan-bounds-checker-fix-v2-1-c804b787341f@google.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/wireless/nl80211.c | 1 +
1 file changed, 1 insertion(+)
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -9776,6 +9776,7 @@ nl80211_parse_sched_scan(struct wiphy *w
request = kzalloc(size, GFP_KERNEL);
if (!request)
return ERR_PTR(-ENOMEM);
+ request->n_channels = n_channels;
if (n_ssids)
request->ssids = (void *)request +
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 685/817] wifi: ath12k: fix crash when unbinding
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (683 preceding siblings ...)
2024-12-03 14:44 ` [PATCH 6.11 684/817] wifi: nl80211: fix bounds checker error in nl80211_parse_sched_scan Greg Kroah-Hartman
@ 2024-12-03 14:44 ` Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 686/817] wifi: brcmfmac: release root node in all execution paths Greg Kroah-Hartman
` (141 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jose Ignacio Tornos Martinez,
Jeff Johnson
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jose Ignacio Tornos Martinez <jtornosm@redhat.com>
commit 1304446f67863385dc4c914b6e0194f6664ee764 upstream.
If there is an error during some initialization related to firmware,
the function ath12k_dp_cc_cleanup is called to release resources.
However this is released again when the device is unbinded (ath12k_pci),
and we get:
BUG: kernel NULL pointer dereference, address: 0000000000000020
at RIP: 0010:ath12k_dp_cc_cleanup.part.0+0xb6/0x500 [ath12k]
Call Trace:
ath12k_dp_cc_cleanup
ath12k_dp_free
ath12k_core_deinit
ath12k_pci_remove
...
The issue is always reproducible from a VM because the MSI addressing
initialization is failing.
In order to fix the issue, just set to NULL the released structure in
ath12k_dp_cc_cleanup at the end.
cc: stable@vger.kernel.org
Fixes: d889913205cf ("wifi: ath12k: driver for Qualcomm Wi-Fi 7 devices")
Signed-off-by: Jose Ignacio Tornos Martinez <jtornosm@redhat.com>
Link: https://patch.msgid.link/20241017181004.199589-2-jtornosm@redhat.com
Signed-off-by: Jeff Johnson <quic_jjohnson@quicinc.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/ath/ath12k/dp.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/net/wireless/ath/ath12k/dp.c
+++ b/drivers/net/wireless/ath/ath12k/dp.c
@@ -1247,6 +1247,7 @@ static void ath12k_dp_cc_cleanup(struct
}
kfree(dp->spt_info);
+ dp->spt_info = NULL;
}
static void ath12k_dp_reoq_lut_cleanup(struct ath12k_base *ab)
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 686/817] wifi: brcmfmac: release root node in all execution paths
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (684 preceding siblings ...)
2024-12-03 14:44 ` [PATCH 6.11 685/817] wifi: ath12k: fix crash when unbinding Greg Kroah-Hartman
@ 2024-12-03 14:44 ` Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 687/817] Revert "exec: dont WARN for racy path_noexec check" Greg Kroah-Hartman
` (140 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:44 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Javier Carrasco, Kalle Valo
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Javier Carrasco <javier.carrasco.cruz@gmail.com>
commit 2e19a3b590ebf2e351fc9d0e7c323430e65b6b6d upstream.
The fixed patch introduced an additional condition to enter the scope
where the 'root' device_node is released (!settings->board_type,
currently 'err'), which avoid decrementing the refcount with a call to
of_node_put() if that second condition is not satisfied.
Move the call to of_node_put() to the point where 'root' is no longer
required to avoid leaking the resource if err is not zero.
Cc: stable@vger.kernel.org
Fixes: 7682de8b3351 ("wifi: brcmfmac: of: Fetch Apple properties")
Signed-off-by: Javier Carrasco <javier.carrasco.cruz@gmail.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://patch.msgid.link/20241030-brcmfmac-of-cleanup-v1-1-0b90eefb4279@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/broadcom/brcm80211/brcmfmac/of.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/of.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/of.c
@@ -110,9 +110,8 @@ void brcmf_of_probe(struct device *dev,
}
strreplace(board_type, '/', '-');
settings->board_type = board_type;
-
- of_node_put(root);
}
+ of_node_put(root);
if (!np || !of_device_is_compatible(np, "brcm,bcm4329-fmac"))
return;
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 687/817] Revert "exec: dont WARN for racy path_noexec check"
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (685 preceding siblings ...)
2024-12-03 14:44 ` [PATCH 6.11 686/817] wifi: brcmfmac: release root node in all execution paths Greg Kroah-Hartman
@ 2024-12-03 14:44 ` Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 688/817] Revert "fs: dont block i_writecount during exec" Greg Kroah-Hartman
` (139 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mateusz Guzik, Christian Brauner,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This reverts commit d62ba2a5536df83473a2ac15ab302258e3845251 which is
commit 0d196e7589cefe207d5d41f37a0a28a1fdeeb7c6 upstream.
A later commit needs to be reverted so revert this one as well to allow
that to happen properly.
Cc: Mateusz Guzik <mjguzik@gmail.com>
Cc: Christian Brauner <brauner@kernel.org>
Cc: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/exec.c | 33 ++++++++++++++++++++-------------
1 file changed, 20 insertions(+), 13 deletions(-)
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -145,11 +145,13 @@ SYSCALL_DEFINE1(uselib, const char __use
goto out;
/*
- * Check do_open_execat() for an explanation.
+ * may_open() has already checked for this, so it should be
+ * impossible to trip now. But we need to be extra cautious
+ * and check again at the very end too.
*/
error = -EACCES;
- if (WARN_ON_ONCE(!S_ISREG(file_inode(file)->i_mode)) ||
- path_noexec(&file->f_path))
+ if (WARN_ON_ONCE(!S_ISREG(file_inode(file)->i_mode) ||
+ path_noexec(&file->f_path)))
goto exit;
error = -ENOEXEC;
@@ -953,6 +955,7 @@ EXPORT_SYMBOL(transfer_args_to_stack);
static struct file *do_open_execat(int fd, struct filename *name, int flags)
{
struct file *file;
+ int err;
struct open_flags open_exec_flags = {
.open_flag = O_LARGEFILE | O_RDONLY | __FMODE_EXEC,
.acc_mode = MAY_EXEC,
@@ -969,20 +972,24 @@ static struct file *do_open_execat(int f
file = do_filp_open(fd, name, &open_exec_flags);
if (IS_ERR(file))
- return file;
+ goto out;
/*
- * In the past the regular type check was here. It moved to may_open() in
- * 633fb6ac3980 ("exec: move S_ISREG() check earlier"). Since then it is
- * an invariant that all non-regular files error out before we get here.
- */
- if (WARN_ON_ONCE(!S_ISREG(file_inode(file)->i_mode)) ||
- path_noexec(&file->f_path)) {
- fput(file);
- return ERR_PTR(-EACCES);
- }
+ * may_open() has already checked for this, so it should be
+ * impossible to trip now. But we need to be extra cautious
+ * and check again at the very end too.
+ */
+ err = -EACCES;
+ if (WARN_ON_ONCE(!S_ISREG(file_inode(file)->i_mode) ||
+ path_noexec(&file->f_path)))
+ goto exit;
+out:
return file;
+
+exit:
+ fput(file);
+ return ERR_PTR(err);
}
/**
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 688/817] Revert "fs: dont block i_writecount during exec"
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (686 preceding siblings ...)
2024-12-03 14:44 ` [PATCH 6.11 687/817] Revert "exec: dont WARN for racy path_noexec check" Greg Kroah-Hartman
@ 2024-12-03 14:44 ` Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 689/817] Revert "f2fs: remove unreachable lazytime mount option parsing" Greg Kroah-Hartman
` (138 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:44 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Christian Brauner
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Christian Brauner <brauner@kernel.org>
commit 3b832035387ff508fdcf0fba66701afc78f79e3d upstream.
This reverts commit 2a010c41285345da60cece35575b4e0af7e7bf44.
Rui Ueyama <rui314@gmail.com> writes:
> I'm the creator and the maintainer of the mold linker
> (https://github.com/rui314/mold). Recently, we discovered that mold
> started causing process crashes in certain situations due to a change
> in the Linux kernel. Here are the details:
>
> - In general, overwriting an existing file is much faster than
> creating an empty file and writing to it on Linux, so mold attempts to
> reuse an existing executable file if it exists.
>
> - If a program is running, opening the executable file for writing
> previously failed with ETXTBSY. If that happens, mold falls back to
> creating a new file.
>
> - However, the Linux kernel recently changed the behavior so that
> writing to an executable file is now always permitted
> (https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2a010c412853).
>
> That caused mold to write to an executable file even if there's a
> process running that file. Since changes to mmap'ed files are
> immediately visible to other processes, any processes running that
> file would almost certainly crash in a very mysterious way.
> Identifying the cause of these random crashes took us a few days.
>
> Rejecting writes to an executable file that is currently running is a
> well-known behavior, and Linux had operated that way for a very long
> time. So, I don’t believe relying on this behavior was our mistake;
> rather, I see this as a regression in the Linux kernel.
Quoting myself from commit 2a010c412853 ("fs: don't block i_writecount during exec")
> Yes, someone in userspace could potentially be relying on this. It's not
> completely out of the realm of possibility but let's find out if that's
> actually the case and not guess.
It seems we found out that someone is relying on this obscure behavior.
So revert the change.
Link: https://github.com/rui314/mold/issues/1361
Link: https://lore.kernel.org/r/4a2bc207-76be-4715-8e12-7fc45a76a125@leemhuis.info
Cc: <stable@vger.kernel.org>
Signed-off-by: Christian Brauner <brauner@kernel.org>
[ revert the original, not the 6.13-rc1 version - gregkh ]
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/binfmt_elf.c | 2 ++
fs/binfmt_elf_fdpic.c | 5 ++++-
fs/binfmt_misc.c | 7 +++++--
fs/exec.c | 14 +++++++++++---
kernel/fork.c | 26 +++++++++++++++++++++++---
5 files changed, 45 insertions(+), 9 deletions(-)
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -1251,6 +1251,7 @@ out_free_interp:
}
reloc_func_desc = interp_load_addr;
+ allow_write_access(interpreter);
fput(interpreter);
kfree(interp_elf_ex);
@@ -1342,6 +1343,7 @@ out_free_dentry:
kfree(interp_elf_ex);
kfree(interp_elf_phdata);
out_free_file:
+ allow_write_access(interpreter);
if (interpreter)
fput(interpreter);
out_free_ph:
--- a/fs/binfmt_elf_fdpic.c
+++ b/fs/binfmt_elf_fdpic.c
@@ -394,6 +394,7 @@ static int load_elf_fdpic_binary(struct
goto error;
}
+ allow_write_access(interpreter);
fput(interpreter);
interpreter = NULL;
}
@@ -465,8 +466,10 @@ static int load_elf_fdpic_binary(struct
retval = 0;
error:
- if (interpreter)
+ if (interpreter) {
+ allow_write_access(interpreter);
fput(interpreter);
+ }
kfree(interpreter_name);
kfree(exec_params.phdrs);
kfree(exec_params.loadmap);
--- a/fs/binfmt_misc.c
+++ b/fs/binfmt_misc.c
@@ -247,10 +247,13 @@ static int load_misc_binary(struct linux
if (retval < 0)
goto ret;
- if (fmt->flags & MISC_FMT_OPEN_FILE)
+ if (fmt->flags & MISC_FMT_OPEN_FILE) {
interp_file = file_clone_open(fmt->interp_file);
- else
+ if (!IS_ERR(interp_file))
+ deny_write_access(interp_file);
+ } else {
interp_file = open_exec(fmt->interpreter);
+ }
retval = PTR_ERR(interp_file);
if (IS_ERR(interp_file))
goto ret;
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -984,6 +984,10 @@ static struct file *do_open_execat(int f
path_noexec(&file->f_path)))
goto exit;
+ err = deny_write_access(file);
+ if (err)
+ goto exit;
+
out:
return file;
@@ -999,7 +1003,8 @@ exit:
*
* Returns ERR_PTR on failure or allocated struct file on success.
*
- * As this is a wrapper for the internal do_open_execat(). Also see
+ * As this is a wrapper for the internal do_open_execat(), callers
+ * must call allow_write_access() before fput() on release. Also see
* do_close_execat().
*/
struct file *open_exec(const char *name)
@@ -1551,8 +1556,10 @@ static int prepare_bprm_creds(struct lin
/* Matches do_open_execat() */
static void do_close_execat(struct file *file)
{
- if (file)
- fput(file);
+ if (!file)
+ return;
+ allow_write_access(file);
+ fput(file);
}
static void free_bprm(struct linux_binprm *bprm)
@@ -1877,6 +1884,7 @@ static int exec_binprm(struct linux_binp
bprm->file = bprm->interpreter;
bprm->interpreter = NULL;
+ allow_write_access(exec);
if (unlikely(bprm->have_execfd)) {
if (bprm->executable) {
fput(exec);
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -621,6 +621,12 @@ static void dup_mm_exe_file(struct mm_st
exe_file = get_mm_exe_file(oldmm);
RCU_INIT_POINTER(mm->exe_file, exe_file);
+ /*
+ * We depend on the oldmm having properly denied write access to the
+ * exe_file already.
+ */
+ if (exe_file && deny_write_access(exe_file))
+ pr_warn_once("deny_write_access() failed in %s\n", __func__);
}
#ifdef CONFIG_MMU
@@ -1412,11 +1418,20 @@ int set_mm_exe_file(struct mm_struct *mm
*/
old_exe_file = rcu_dereference_raw(mm->exe_file);
- if (new_exe_file)
+ if (new_exe_file) {
+ /*
+ * We expect the caller (i.e., sys_execve) to already denied
+ * write access, so this is unlikely to fail.
+ */
+ if (unlikely(deny_write_access(new_exe_file)))
+ return -EACCES;
get_file(new_exe_file);
+ }
rcu_assign_pointer(mm->exe_file, new_exe_file);
- if (old_exe_file)
+ if (old_exe_file) {
+ allow_write_access(old_exe_file);
fput(old_exe_file);
+ }
return 0;
}
@@ -1455,6 +1470,9 @@ int replace_mm_exe_file(struct mm_struct
return ret;
}
+ ret = deny_write_access(new_exe_file);
+ if (ret)
+ return -EACCES;
get_file(new_exe_file);
/* set the new file */
@@ -1463,8 +1481,10 @@ int replace_mm_exe_file(struct mm_struct
rcu_assign_pointer(mm->exe_file, new_exe_file);
mmap_write_unlock(mm);
- if (old_exe_file)
+ if (old_exe_file) {
+ allow_write_access(old_exe_file);
fput(old_exe_file);
+ }
return 0;
}
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 689/817] Revert "f2fs: remove unreachable lazytime mount option parsing"
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (687 preceding siblings ...)
2024-12-03 14:44 ` [PATCH 6.11 688/817] Revert "fs: dont block i_writecount during exec" Greg Kroah-Hartman
@ 2024-12-03 14:44 ` Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 690/817] Revert "usb: gadget: composite: fix OS descriptors w_value logic" Greg Kroah-Hartman
` (137 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:44 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Daniel Rosenberg, Chao Yu,
Jaegeuk Kim
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jaegeuk Kim <jaegeuk@kernel.org>
commit acff9409dd40beaca2bd982678d222e2740ad84b upstream.
This reverts commit 54f43a10fa257ad4af02a1d157fefef6ebcfa7dc.
The above commit broke the lazytime mount, given
mount("/dev/vdb", "/mnt/test", "f2fs", 0, "lazytime");
CC: stable@vger.kernel.org # 6.11+
Signed-off-by: Daniel Rosenberg <drosen@google.com>
Reviewed-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/f2fs/super.c | 10 ++++++++++
1 file changed, 10 insertions(+)
--- a/fs/f2fs/super.c
+++ b/fs/f2fs/super.c
@@ -151,6 +151,8 @@ enum {
Opt_mode,
Opt_fault_injection,
Opt_fault_type,
+ Opt_lazytime,
+ Opt_nolazytime,
Opt_quota,
Opt_noquota,
Opt_usrquota,
@@ -227,6 +229,8 @@ static match_table_t f2fs_tokens = {
{Opt_mode, "mode=%s"},
{Opt_fault_injection, "fault_injection=%u"},
{Opt_fault_type, "fault_type=%u"},
+ {Opt_lazytime, "lazytime"},
+ {Opt_nolazytime, "nolazytime"},
{Opt_quota, "quota"},
{Opt_noquota, "noquota"},
{Opt_usrquota, "usrquota"},
@@ -919,6 +923,12 @@ static int parse_options(struct super_bl
f2fs_info(sbi, "fault_type options not supported");
break;
#endif
+ case Opt_lazytime:
+ sb->s_flags |= SB_LAZYTIME;
+ break;
+ case Opt_nolazytime:
+ sb->s_flags &= ~SB_LAZYTIME;
+ break;
#ifdef CONFIG_QUOTA
case Opt_quota:
case Opt_usrquota:
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 690/817] Revert "usb: gadget: composite: fix OS descriptors w_value logic"
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (688 preceding siblings ...)
2024-12-03 14:44 ` [PATCH 6.11 689/817] Revert "f2fs: remove unreachable lazytime mount option parsing" Greg Kroah-Hartman
@ 2024-12-03 14:44 ` Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 691/817] serial: sh-sci: Clean sci_ports[0] after at earlycon exit Greg Kroah-Hartman
` (136 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Michal Vrastil, Elson Roy Serrao,
Peter korsgaard
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michal Vrastil <michal.vrastil@hidglobal.com>
commit 51cdd69d6a857f527d6d0697a2e1f0fa8bca1005 upstream.
This reverts commit ec6ce7075ef879b91a8710829016005dc8170f17.
Fix installation of WinUSB driver using OS descriptors. Without the
fix the drivers are not installed correctly and the property
'DeviceInterfaceGUID' is missing on host side.
The original change was based on the assumption that the interface
number is in the high byte of wValue but it is in the low byte,
instead. Unfortunately, the fix is based on MS documentation which is
also wrong.
The actual USB request for OS descriptors (using USB analyzer) looks
like:
Offset 0 1 2 3 4 5 6 7
0x000 C1 A1 02 00 05 00 0A 00
C1: bmRequestType (device to host, vendor, interface)
A1: nas magic number
0002: wValue (2: nas interface)
0005: wIndex (5: get extended property i.e. nas interface GUID)
008E: wLength (142)
The fix was tested on Windows 10 and Windows 11.
Cc: stable@vger.kernel.org
Fixes: ec6ce7075ef8 ("usb: gadget: composite: fix OS descriptors w_value logic")
Signed-off-by: Michal Vrastil <michal.vrastil@hidglobal.com>
Signed-off-by: Elson Roy Serrao <quic_eserrao@quicinc.com>
Acked-by: Peter korsgaard <peter@korsgaard.com>
Link: https://lore.kernel.org/r/20241113235433.20244-1-quic_eserrao@quicinc.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/gadget/composite.c | 18 +++++++++++++++---
1 file changed, 15 insertions(+), 3 deletions(-)
--- a/drivers/usb/gadget/composite.c
+++ b/drivers/usb/gadget/composite.c
@@ -2111,8 +2111,20 @@ unknown:
memset(buf, 0, w_length);
buf[5] = 0x01;
switch (ctrl->bRequestType & USB_RECIP_MASK) {
+ /*
+ * The Microsoft CompatID OS Descriptor Spec(w_index = 0x4) and
+ * Extended Prop OS Desc Spec(w_index = 0x5) state that the
+ * HighByte of wValue is the InterfaceNumber and the LowByte is
+ * the PageNumber. This high/low byte ordering is incorrectly
+ * documented in the Spec. USB analyzer output on the below
+ * request packets show the high/low byte inverted i.e LowByte
+ * is the InterfaceNumber and the HighByte is the PageNumber.
+ * Since we dont support >64KB CompatID/ExtendedProp descriptors,
+ * PageNumber is set to 0. Hence verify that the HighByte is 0
+ * for below two cases.
+ */
case USB_RECIP_DEVICE:
- if (w_index != 0x4 || (w_value & 0xff))
+ if (w_index != 0x4 || (w_value >> 8))
break;
buf[6] = w_index;
/* Number of ext compat interfaces */
@@ -2128,9 +2140,9 @@ unknown:
}
break;
case USB_RECIP_INTERFACE:
- if (w_index != 0x5 || (w_value & 0xff))
+ if (w_index != 0x5 || (w_value >> 8))
break;
- interface = w_value >> 8;
+ interface = w_value & 0xFF;
if (interface >= MAX_CONFIG_INTERFACES ||
!os_desc_cfg->interface[interface])
break;
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 691/817] serial: sh-sci: Clean sci_ports[0] after at earlycon exit
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (689 preceding siblings ...)
2024-12-03 14:44 ` [PATCH 6.11 690/817] Revert "usb: gadget: composite: fix OS descriptors w_value logic" Greg Kroah-Hartman
@ 2024-12-03 14:44 ` Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 692/817] Revert "serial: sh-sci: Clean sci_ports[0] after at earlycon exit" Greg Kroah-Hartman
` (135 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:44 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Claudiu Beznea
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Claudiu Beznea <claudiu.beznea.uj@bp.renesas.com>
commit 3791ea69a4858b81e0277f695ca40f5aae40f312 upstream.
The early_console_setup() function initializes the sci_ports[0].port with
an object of type struct uart_port obtained from the object of type
struct earlycon_device received as argument by the early_console_setup().
It may happen that later, when the rest of the serial ports are probed,
the serial port that was used as earlycon (e.g., port A) to be mapped to a
different position in sci_ports[] and the slot 0 to be used by a different
serial port (e.g., port B), as follows:
sci_ports[0] = port A
sci_ports[X] = port B
In this case, the new port mapped at index zero will have associated data
that was used for earlycon.
In case this happens, after Linux boot, any access to the serial port that
maps on sci_ports[0] (port A) will block the serial port that was used as
earlycon (port B).
To fix this, add early_console_exit() that clean the sci_ports[0] at
earlycon exit time.
Fixes: 0b0cced19ab1 ("serial: sh-sci: Add CONFIG_SERIAL_EARLYCON support")
Cc: stable@vger.kernel.org
Signed-off-by: Claudiu Beznea <claudiu.beznea.uj@bp.renesas.com>
Link: https://lore.kernel.org/r/20241106120118.1719888-4-claudiu.beznea.uj@bp.renesas.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/tty/serial/sh-sci.c | 28 ++++++++++++++++++++++++++++
1 file changed, 28 insertions(+)
--- a/drivers/tty/serial/sh-sci.c
+++ b/drivers/tty/serial/sh-sci.c
@@ -3535,6 +3535,32 @@ sh_early_platform_init_buffer("earlyprin
#ifdef CONFIG_SERIAL_SH_SCI_EARLYCON
static struct plat_sci_port port_cfg __initdata;
+static int early_console_exit(struct console *co)
+{
+ struct sci_port *sci_port = &sci_ports[0];
+ struct uart_port *port = &sci_port->port;
+ unsigned long flags;
+ int locked = 1;
+
+ if (port->sysrq)
+ locked = 0;
+ else if (oops_in_progress)
+ locked = uart_port_trylock_irqsave(port, &flags);
+ else
+ uart_port_lock_irqsave(port, &flags);
+
+ /*
+ * Clean the slot used by earlycon. A new SCI device might
+ * map to this slot.
+ */
+ memset(sci_ports, 0, sizeof(*sci_port));
+
+ if (locked)
+ uart_port_unlock_irqrestore(port, flags);
+
+ return 0;
+}
+
static int __init early_console_setup(struct earlycon_device *device,
int type)
{
@@ -3551,6 +3577,8 @@ static int __init early_console_setup(st
SCSCR_RE | SCSCR_TE | port_cfg.scscr);
device->con->write = serial_console_write;
+ device->con->exit = early_console_exit;
+
return 0;
}
static int __init sci_early_console_setup(struct earlycon_device *device,
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 692/817] Revert "serial: sh-sci: Clean sci_ports[0] after at earlycon exit"
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (690 preceding siblings ...)
2024-12-03 14:44 ` [PATCH 6.11 691/817] serial: sh-sci: Clean sci_ports[0] after at earlycon exit Greg Kroah-Hartman
@ 2024-12-03 14:44 ` Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 693/817] io_uring: fix corner case forgetting to vunmap Greg Kroah-Hartman
` (134 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Geert Uytterhoeven, stable,
Claudiu Beznea
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 718632467d88e98816fa01ab12681ef1c2aa56f8 upstream.
This reverts commit 3791ea69a4858b81e0277f695ca40f5aae40f312.
It was reported to cause boot-time issues, so revert it for now.
Reported-by: Geert Uytterhoeven <geert@linux-m68k.org>
Fixes: 3791ea69a485 ("serial: sh-sci: Clean sci_ports[0] after at earlycon exit")
Cc: stable <stable@kernel.org>
Cc: Claudiu Beznea <claudiu.beznea.uj@bp.renesas.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/tty/serial/sh-sci.c | 28 ----------------------------
1 file changed, 28 deletions(-)
--- a/drivers/tty/serial/sh-sci.c
+++ b/drivers/tty/serial/sh-sci.c
@@ -3535,32 +3535,6 @@ sh_early_platform_init_buffer("earlyprin
#ifdef CONFIG_SERIAL_SH_SCI_EARLYCON
static struct plat_sci_port port_cfg __initdata;
-static int early_console_exit(struct console *co)
-{
- struct sci_port *sci_port = &sci_ports[0];
- struct uart_port *port = &sci_port->port;
- unsigned long flags;
- int locked = 1;
-
- if (port->sysrq)
- locked = 0;
- else if (oops_in_progress)
- locked = uart_port_trylock_irqsave(port, &flags);
- else
- uart_port_lock_irqsave(port, &flags);
-
- /*
- * Clean the slot used by earlycon. A new SCI device might
- * map to this slot.
- */
- memset(sci_ports, 0, sizeof(*sci_port));
-
- if (locked)
- uart_port_unlock_irqrestore(port, flags);
-
- return 0;
-}
-
static int __init early_console_setup(struct earlycon_device *device,
int type)
{
@@ -3577,8 +3551,6 @@ static int __init early_console_setup(st
SCSCR_RE | SCSCR_TE | port_cfg.scscr);
device->con->write = serial_console_write;
- device->con->exit = early_console_exit;
-
return 0;
}
static int __init sci_early_console_setup(struct earlycon_device *device,
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 693/817] io_uring: fix corner case forgetting to vunmap
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (691 preceding siblings ...)
2024-12-03 14:44 ` [PATCH 6.11 692/817] Revert "serial: sh-sci: Clean sci_ports[0] after at earlycon exit" Greg Kroah-Hartman
@ 2024-12-03 14:44 ` Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 694/817] io_uring: check for overflows in io_pin_pages Greg Kroah-Hartman
` (133 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:44 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Pavel Begunkov, Jens Axboe
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Pavel Begunkov <asml.silence@gmail.com>
commit 43eef70e7e2ac74e7767731dd806720c7fb5e010 upstream.
io_pages_unmap() is a bit tricky in trying to figure whether the pages
were previously vmap'ed or not. In particular If there is juts one page
it belives there is no need to vunmap. Paired io_pages_map(), however,
could've failed io_mem_alloc_compound() and attempted to
io_mem_alloc_single(), which does vmap, and that leads to unpaired vmap.
The solution is to fail if io_mem_alloc_compound() can't allocate a
single page. That's the easiest way to deal with it, and those two
functions are getting removed soon, so no need to overcomplicate it.
Cc: stable@vger.kernel.org
Fixes: 3ab1db3c6039e ("io_uring: get rid of remap_pfn_range() for mapping rings/sqes")
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Link: https://lore.kernel.org/r/477e75a3907a2fe83249e49c0a92cd480b2c60e0.1732569842.git.asml.silence@gmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
io_uring/memmap.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/io_uring/memmap.c
+++ b/io_uring/memmap.c
@@ -72,6 +72,8 @@ void *io_pages_map(struct page ***out_pa
ret = io_mem_alloc_compound(pages, nr_pages, size, gfp);
if (!IS_ERR(ret))
goto done;
+ if (nr_pages == 1)
+ goto fail;
ret = io_mem_alloc_single(pages, nr_pages, size, gfp);
if (!IS_ERR(ret)) {
@@ -80,7 +82,7 @@ done:
*npages = nr_pages;
return ret;
}
-
+fail:
kvfree(pages);
*out_pages = NULL;
*npages = 0;
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 694/817] io_uring: check for overflows in io_pin_pages
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (692 preceding siblings ...)
2024-12-03 14:44 ` [PATCH 6.11 693/817] io_uring: fix corner case forgetting to vunmap Greg Kroah-Hartman
@ 2024-12-03 14:44 ` Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 695/817] blk-settings: round down io_opt to physical_block_size Greg Kroah-Hartman
` (132 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+2159cbb522b02847c053,
Pavel Begunkov, Jens Axboe
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Pavel Begunkov <asml.silence@gmail.com>
commit 0c0a4eae26ac78379d0c1db053de168a8febc6c9 upstream.
WARNING: CPU: 0 PID: 5834 at io_uring/memmap.c:144 io_pin_pages+0x149/0x180 io_uring/memmap.c:144
CPU: 0 UID: 0 PID: 5834 Comm: syz-executor825 Not tainted 6.12.0-next-20241118-syzkaller #0
Call Trace:
<TASK>
__io_uaddr_map+0xfb/0x2d0 io_uring/memmap.c:183
io_rings_map io_uring/io_uring.c:2611 [inline]
io_allocate_scq_urings+0x1c0/0x650 io_uring/io_uring.c:3470
io_uring_create+0x5b5/0xc00 io_uring/io_uring.c:3692
io_uring_setup io_uring/io_uring.c:3781 [inline]
...
</TASK>
io_pin_pages()'s uaddr parameter came directly from the user and can be
garbage. Don't just add size to it as it can overflow.
Cc: stable@vger.kernel.org
Reported-by: syzbot+2159cbb522b02847c053@syzkaller.appspotmail.com
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Link: https://lore.kernel.org/r/1b7520ddb168e1d537d64be47414a0629d0d8f8f.1732581026.git.asml.silence@gmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
io_uring/memmap.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
--- a/io_uring/memmap.c
+++ b/io_uring/memmap.c
@@ -137,7 +137,12 @@ struct page **io_pin_pages(unsigned long
struct page **pages;
int ret;
- end = (uaddr + len + PAGE_SIZE - 1) >> PAGE_SHIFT;
+ if (check_add_overflow(uaddr, len, &end))
+ return ERR_PTR(-EOVERFLOW);
+ if (check_add_overflow(end, PAGE_SIZE - 1, &end))
+ return ERR_PTR(-EOVERFLOW);
+
+ end = end >> PAGE_SHIFT;
start = uaddr >> PAGE_SHIFT;
nr_pages = end - start;
if (WARN_ON_ONCE(!nr_pages))
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 695/817] blk-settings: round down io_opt to physical_block_size
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (693 preceding siblings ...)
2024-12-03 14:44 ` [PATCH 6.11 694/817] io_uring: check for overflows in io_pin_pages Greg Kroah-Hartman
@ 2024-12-03 14:44 ` Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 696/817] gpio: exar: set value when external pull-up or pull-down is present Greg Kroah-Hartman
` (131 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mikulas Patocka, Christoph Hellwig,
Jens Axboe
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mikulas Patocka <mpatocka@redhat.com>
commit 9c0ba14828d64744ccd195c610594ba254a1a9ab upstream.
There was a bug report [1] where the user got a warning alignment
inconsistency. The user has optimal I/O 16776704 (0xFFFE00) and physical
block size 4096. Note that the optimal I/O size may be set by the DMA
engines or SCSI controllers and they have no knowledge about the disks
attached to them, so the situation with optimal I/O not aligned to
physical block size may happen.
This commit makes blk_validate_limits round down optimal I/O size to the
physical block size of the block device.
Closes: https://lore.kernel.org/dm-devel/1426ad71-79b4-4062-b2bf-84278be66a5d@redhat.com/T/ [1]
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Fixes: a23634644afc ("block: take io_opt and io_min into account for max_sectors")
Cc: stable@vger.kernel.org # v6.11+
Reviewed-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/3dc0014b-9690-dc38-81c9-4a316a2d4fb2@redhat.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
block/blk-settings.c | 7 +++++++
1 file changed, 7 insertions(+)
--- a/block/blk-settings.c
+++ b/block/blk-settings.c
@@ -250,6 +250,13 @@ static int blk_validate_limits(struct qu
lim->io_min = lim->physical_block_size;
/*
+ * The optimal I/O size may not be aligned to physical block size
+ * (because it may be limited by dma engines which have no clue about
+ * block size of the disks attached to them), so we round it down here.
+ */
+ lim->io_opt = round_down(lim->io_opt, lim->physical_block_size);
+
+ /*
* max_hw_sectors has a somewhat weird default for historical reason,
* but driver really should set their own instead of relying on this
* value.
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 696/817] gpio: exar: set value when external pull-up or pull-down is present
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (694 preceding siblings ...)
2024-12-03 14:44 ` [PATCH 6.11 695/817] blk-settings: round down io_opt to physical_block_size Greg Kroah-Hartman
@ 2024-12-03 14:44 ` Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 697/817] netfilter: ipset: add missing range check in bitmap_ip_uadt Greg Kroah-Hartman
` (130 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Matthew McClain, Sai Kumar Cholleti,
Andy Shevchenko, Bartosz Golaszewski
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sai Kumar Cholleti <skmr537@gmail.com>
commit 72cef64180de04a7b055b4773c138d78f4ebdb77 upstream.
Setting GPIO direction = high, sometimes results in GPIO value = 0.
If a GPIO is pulled high, the following construction results in the
value being 0 when the desired value is 1:
$ echo "high" > /sys/class/gpio/gpio336/direction
$ cat /sys/class/gpio/gpio336/value
0
Before the GPIO direction is changed from an input to an output,
exar_set_value() is called with value = 1, but since the GPIO is an
input when exar_set_value() is called, _regmap_update_bits() reads a 1
due to an external pull-up. regmap_set_bits() sets force_write =
false, so the value (1) is not written. When the direction is then
changed, the GPIO becomes an output with the value of 0 (the hardware
default).
regmap_write_bits() sets force_write = true, so the value is always
written by exar_set_value() and an external pull-up doesn't affect the
outcome of setting direction = high.
The same can happen when a GPIO is pulled low, but the scenario is a
little more complicated.
$ echo high > /sys/class/gpio/gpio351/direction
$ cat /sys/class/gpio/gpio351/value
1
$ echo in > /sys/class/gpio/gpio351/direction
$ cat /sys/class/gpio/gpio351/value
0
$ echo low > /sys/class/gpio/gpio351/direction
$ cat /sys/class/gpio/gpio351/value
1
Fixes: 36fb7218e878 ("gpio: exar: switch to using regmap")
Co-developed-by: Matthew McClain <mmcclain@noprivs.com>
Signed-off-by: Matthew McClain <mmcclain@noprivs.com>
Signed-off-by: Sai Kumar Cholleti <skmr537@gmail.com>
Cc: stable@vger.kernel.org
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Link: https://lore.kernel.org/r/20241105071523.2372032-1-skmr537@gmail.com
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpio/gpio-exar.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
--- a/drivers/gpio/gpio-exar.c
+++ b/drivers/gpio/gpio-exar.c
@@ -99,11 +99,13 @@ static void exar_set_value(struct gpio_c
struct exar_gpio_chip *exar_gpio = gpiochip_get_data(chip);
unsigned int addr = exar_offset_to_lvl_addr(exar_gpio, offset);
unsigned int bit = exar_offset_to_bit(exar_gpio, offset);
+ unsigned int bit_value = value ? BIT(bit) : 0;
- if (value)
- regmap_set_bits(exar_gpio->regmap, addr, BIT(bit));
- else
- regmap_clear_bits(exar_gpio->regmap, addr, BIT(bit));
+ /*
+ * regmap_write_bits() forces value to be written when an external
+ * pull up/down might otherwise indicate value was already set.
+ */
+ regmap_write_bits(exar_gpio->regmap, addr, BIT(bit), bit_value);
}
static int exar_direction_output(struct gpio_chip *chip, unsigned int offset,
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 697/817] netfilter: ipset: add missing range check in bitmap_ip_uadt
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (695 preceding siblings ...)
2024-12-03 14:44 ` [PATCH 6.11 696/817] gpio: exar: set value when external pull-up or pull-down is present Greg Kroah-Hartman
@ 2024-12-03 14:44 ` Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 698/817] spi: Fix acpi deferred irq probe Greg Kroah-Hartman
` (129 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+58c872f7790a4d2ac951,
Jeongjun Park, Jozsef Kadlecsik, Pablo Neira Ayuso
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jeongjun Park <aha310510@gmail.com>
commit 35f56c554eb1b56b77b3cf197a6b00922d49033d upstream.
When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists,
the values of ip and ip_to are slightly swapped. Therefore, the range check
for ip should be done later, but this part is missing and it seems that the
vulnerability occurs.
So we should add missing range checks and remove unnecessary range checks.
Cc: <stable@vger.kernel.org>
Reported-by: syzbot+58c872f7790a4d2ac951@syzkaller.appspotmail.com
Fixes: 72205fc68bd1 ("netfilter: ipset: bitmap:ip set type support")
Signed-off-by: Jeongjun Park <aha310510@gmail.com>
Acked-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/netfilter/ipset/ip_set_bitmap_ip.c | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)
--- a/net/netfilter/ipset/ip_set_bitmap_ip.c
+++ b/net/netfilter/ipset/ip_set_bitmap_ip.c
@@ -163,11 +163,8 @@ bitmap_ip_uadt(struct ip_set *set, struc
ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP_TO], &ip_to);
if (ret)
return ret;
- if (ip > ip_to) {
+ if (ip > ip_to)
swap(ip, ip_to);
- if (ip < map->first_ip)
- return -IPSET_ERR_BITMAP_RANGE;
- }
} else if (tb[IPSET_ATTR_CIDR]) {
u8 cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]);
@@ -178,7 +175,7 @@ bitmap_ip_uadt(struct ip_set *set, struc
ip_to = ip;
}
- if (ip_to > map->last_ip)
+ if (ip < map->first_ip || ip_to > map->last_ip)
return -IPSET_ERR_BITMAP_RANGE;
for (; !before(ip_to, ip); ip += map->hosts) {
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 698/817] spi: Fix acpi deferred irq probe
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (696 preceding siblings ...)
2024-12-03 14:44 ` [PATCH 6.11 697/817] netfilter: ipset: add missing range check in bitmap_ip_uadt Greg Kroah-Hartman
@ 2024-12-03 14:44 ` Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 699/817] mtd: spi-nor: core: replace dummy buswidth from addr to data Greg Kroah-Hartman
` (128 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Hans de Goede, Stanislaw Gruszka,
Mark Brown, Alexis Lothoré
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Stanislaw Gruszka <stanislaw.gruszka@linux.intel.com>
commit d24cfee7f63d6b44d45a67c5662bd1cc48e8b3ca upstream.
When probing spi device take care of deferred probe of ACPI irq gpio
similar like for OF/DT case.
>From practical standpoint this fixes issue with vsc-tp driver on
Dell XP 9340 laptop, which try to request interrupt with spi->irq
equal to -EPROBE_DEFER and fail to probe with the following error:
vsc-tp spi-INTC10D0:00: probe with driver vsc-tp failed with error -22
Suggested-by: Hans de Goede <hdegoede@redhat.com>
Fixes: 33ada67da352 ("ACPI / spi: attach GPIO IRQ from ACPI description to SPI device")
Cc: stable@vger.kernel.org
Signed-off-by: Stanislaw Gruszka <stanislaw.gruszka@linux.intel.com>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Tested-by: Alexis Lothoré <alexis.lothore@bootlin.com> # Dell XPS9320, ov01a10
Link: https://patch.msgid.link/20241122094224.226773-1-stanislaw.gruszka@linux.intel.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/spi/spi.c | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
--- a/drivers/spi/spi.c
+++ b/drivers/spi/spi.c
@@ -424,6 +424,16 @@ static int spi_probe(struct device *dev)
spi->irq = 0;
}
+ if (has_acpi_companion(dev) && spi->irq < 0) {
+ struct acpi_device *adev = to_acpi_device_node(dev->fwnode);
+
+ spi->irq = acpi_dev_gpio_irq_get(adev, 0);
+ if (spi->irq == -EPROBE_DEFER)
+ return -EPROBE_DEFER;
+ if (spi->irq < 0)
+ spi->irq = 0;
+ }
+
ret = dev_pm_domain_attach(dev, true);
if (ret)
return ret;
@@ -2869,9 +2879,6 @@ static acpi_status acpi_register_spi_dev
acpi_set_modalias(adev, acpi_device_hid(adev), spi->modalias,
sizeof(spi->modalias));
- if (spi->irq < 0)
- spi->irq = acpi_dev_gpio_irq_get(adev, 0);
-
acpi_device_set_enumerated(adev);
adev->power.flags.ignore_parent = true;
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 699/817] mtd: spi-nor: core: replace dummy buswidth from addr to data
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (697 preceding siblings ...)
2024-12-03 14:44 ` [PATCH 6.11 698/817] spi: Fix acpi deferred irq probe Greg Kroah-Hartman
@ 2024-12-03 14:44 ` Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 700/817] cpufreq: mediatek-hw: Fix wrong return value in mtk_cpufreq_get_cpu_power() Greg Kroah-Hartman
` (127 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Pratyush Yadav, Cheng Ming Lin,
Tudor Ambarus
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Cheng Ming Lin <chengminglin@mxic.com.tw>
commit 98d1fb94ce75f39febd456d6d3cbbe58b6678795 upstream.
The default dummy cycle for Macronix SPI NOR flash in Octal Output
Read Mode(1-1-8) is 20.
Currently, the dummy buswidth is set according to the address bus width.
In the 1-1-8 mode, this means the dummy buswidth is 1. When converting
dummy cycles to bytes, this results in 20 x 1 / 8 = 2 bytes, causing the
host to read data 4 cycles too early.
Since the protocol data buswidth is always greater than or equal to the
address buswidth. Setting the dummy buswidth to match the data buswidth
increases the likelihood that the dummy cycle-to-byte conversion will be
divisible, preventing the host from reading data prematurely.
Fixes: 0e30f47232ab ("mtd: spi-nor: add support for DTR protocol")
Cc: stable@vger.kernel.org
Reviewed-by: Pratyush Yadav <pratyush@kernel.org>
Signed-off-by: Cheng Ming Lin <chengminglin@mxic.com.tw>
Link: https://lore.kernel.org/r/20241112075242.174010-2-linchengming884@gmail.com
Signed-off-by: Tudor Ambarus <tudor.ambarus@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mtd/spi-nor/core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/mtd/spi-nor/core.c
+++ b/drivers/mtd/spi-nor/core.c
@@ -89,7 +89,7 @@ void spi_nor_spimem_setup_op(const struc
op->addr.buswidth = spi_nor_get_protocol_addr_nbits(proto);
if (op->dummy.nbytes)
- op->dummy.buswidth = spi_nor_get_protocol_addr_nbits(proto);
+ op->dummy.buswidth = spi_nor_get_protocol_data_nbits(proto);
if (op->data.nbytes)
op->data.buswidth = spi_nor_get_protocol_data_nbits(proto);
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 700/817] cpufreq: mediatek-hw: Fix wrong return value in mtk_cpufreq_get_cpu_power()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (698 preceding siblings ...)
2024-12-03 14:44 ` [PATCH 6.11 699/817] mtd: spi-nor: core: replace dummy buswidth from addr to data Greg Kroah-Hartman
@ 2024-12-03 14:44 ` Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 701/817] cifs: support mounting with alternate password to allow password rotation Greg Kroah-Hartman
` (126 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:44 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Lukasz Luba, Jinjie Ruan,
Viresh Kumar
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jinjie Ruan <ruanjinjie@huawei.com>
commit 172bf5ed04cb6c9e66d58de003938ed5c8756570 upstream.
mtk_cpufreq_get_cpu_power() return 0 if the policy is NULL. Then in
em_create_perf_table(), the later zero check for power is not invalid
as power is uninitialized. As Lukasz suggested, it must return -EINVAL when
the 'policy' is not found. So return -EINVAL to fix it.
Cc: stable@vger.kernel.org
Fixes: 4855e26bcf4d ("cpufreq: mediatek-hw: Add support for CPUFREQ HW")
Reviewed-by: Lukasz Luba <lukasz.luba@arm.com>
Suggested-by: Lukasz Luba <lukasz.luba@arm.com>
Signed-off-by: Jinjie Ruan <ruanjinjie@huawei.com>
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/cpufreq/mediatek-cpufreq-hw.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/cpufreq/mediatek-cpufreq-hw.c
+++ b/drivers/cpufreq/mediatek-cpufreq-hw.c
@@ -62,7 +62,7 @@ mtk_cpufreq_get_cpu_power(struct device
policy = cpufreq_cpu_get_raw(cpu_dev->id);
if (!policy)
- return 0;
+ return -EINVAL;
data = policy->driver_data;
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 701/817] cifs: support mounting with alternate password to allow password rotation
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (699 preceding siblings ...)
2024-12-03 14:44 ` [PATCH 6.11 700/817] cpufreq: mediatek-hw: Fix wrong return value in mtk_cpufreq_get_cpu_power() Greg Kroah-Hartman
@ 2024-12-03 14:44 ` Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 702/817] parisc/ftrace: Fix function graph tracing disablement Greg Kroah-Hartman
` (125 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:44 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Meetakshi Setiya, Steve French
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Meetakshi Setiya <msetiya@microsoft.com>
commit b9aef1b13a0a92aa7058ba235afb24b5b89153ca upstream.
Fixes the case for example where the password specified on mount is a
recently expired password, but password2 is valid. Without this patch
this mount scenario would fail.
This patch introduces the following changes to support password rotation on
mount:
1. If an existing session is not found and the new session setup results in
EACCES, EKEYEXPIRED or EKEYREVOKED, swap password and password2 (if
available), and retry the mount.
2. To match the new mount with an existing session, add conditions to check
if a) password and password2 of the new mount and the existing session are
the same, or b) password of the new mount is the same as the password2 of
the existing session, and password2 of the new mount is the same as the
password of the existing session.
3. If an existing session is found, but needs reconnect, retry the session
setup after swapping password and password2 (if available), in case the
previous attempt results in EACCES, EKEYEXPIRED or EKEYREVOKED.
Cc: stable@vger.kernel.org
Signed-off-by: Meetakshi Setiya <msetiya@microsoft.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/smb/client/connect.c | 57 ++++++++++++++++++++++++++++++++++++++++++------
1 file changed, 50 insertions(+), 7 deletions(-)
--- a/fs/smb/client/connect.c
+++ b/fs/smb/client/connect.c
@@ -1908,11 +1908,35 @@ static int match_session(struct cifs_ses
CIFS_MAX_USERNAME_LEN))
return 0;
if ((ctx->username && strlen(ctx->username) != 0) &&
- ses->password != NULL &&
- strncmp(ses->password,
- ctx->password ? ctx->password : "",
- CIFS_MAX_PASSWORD_LEN))
- return 0;
+ ses->password != NULL) {
+
+ /* New mount can only share sessions with an existing mount if:
+ * 1. Both password and password2 match, or
+ * 2. password2 of the old mount matches password of the new mount
+ * and password of the old mount matches password2 of the new
+ * mount
+ */
+ if (ses->password2 != NULL && ctx->password2 != NULL) {
+ if (!((strncmp(ses->password, ctx->password ?
+ ctx->password : "", CIFS_MAX_PASSWORD_LEN) == 0 &&
+ strncmp(ses->password2, ctx->password2,
+ CIFS_MAX_PASSWORD_LEN) == 0) ||
+ (strncmp(ses->password, ctx->password2,
+ CIFS_MAX_PASSWORD_LEN) == 0 &&
+ strncmp(ses->password2, ctx->password ?
+ ctx->password : "", CIFS_MAX_PASSWORD_LEN) == 0)))
+ return 0;
+
+ } else if ((ses->password2 == NULL && ctx->password2 != NULL) ||
+ (ses->password2 != NULL && ctx->password2 == NULL)) {
+ return 0;
+
+ } else {
+ if (strncmp(ses->password, ctx->password ?
+ ctx->password : "", CIFS_MAX_PASSWORD_LEN))
+ return 0;
+ }
+ }
}
if (strcmp(ctx->local_nls->charset, ses->local_nls->charset))
@@ -2256,6 +2280,7 @@ struct cifs_ses *
cifs_get_smb_ses(struct TCP_Server_Info *server, struct smb3_fs_context *ctx)
{
int rc = 0;
+ int retries = 0;
unsigned int xid;
struct cifs_ses *ses;
struct sockaddr_in *addr = (struct sockaddr_in *)&server->dstaddr;
@@ -2274,6 +2299,8 @@ cifs_get_smb_ses(struct TCP_Server_Info
cifs_dbg(FYI, "Session needs reconnect\n");
mutex_lock(&ses->session_mutex);
+
+retry_old_session:
rc = cifs_negotiate_protocol(xid, ses, server);
if (rc) {
mutex_unlock(&ses->session_mutex);
@@ -2286,6 +2313,13 @@ cifs_get_smb_ses(struct TCP_Server_Info
rc = cifs_setup_session(xid, ses, server,
ctx->local_nls);
if (rc) {
+ if (((rc == -EACCES) || (rc == -EKEYEXPIRED) ||
+ (rc == -EKEYREVOKED)) && !retries && ses->password2) {
+ retries++;
+ cifs_dbg(FYI, "Session reconnect failed, retrying with alternate password\n");
+ swap(ses->password, ses->password2);
+ goto retry_old_session;
+ }
mutex_unlock(&ses->session_mutex);
/* problem -- put our reference */
cifs_put_smb_ses(ses);
@@ -2361,6 +2395,7 @@ cifs_get_smb_ses(struct TCP_Server_Info
ses->chans_need_reconnect = 1;
spin_unlock(&ses->chan_lock);
+retry_new_session:
mutex_lock(&ses->session_mutex);
rc = cifs_negotiate_protocol(xid, ses, server);
if (!rc)
@@ -2373,8 +2408,16 @@ cifs_get_smb_ses(struct TCP_Server_Info
sizeof(ses->smb3signingkey));
spin_unlock(&ses->chan_lock);
- if (rc)
- goto get_ses_fail;
+ if (rc) {
+ if (((rc == -EACCES) || (rc == -EKEYEXPIRED) ||
+ (rc == -EKEYREVOKED)) && !retries && ses->password2) {
+ retries++;
+ cifs_dbg(FYI, "Session setup failed, retrying with alternate password\n");
+ swap(ses->password, ses->password2);
+ goto retry_new_session;
+ } else
+ goto get_ses_fail;
+ }
/*
* success, put it on the list and add it as first channel
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 702/817] parisc/ftrace: Fix function graph tracing disablement
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (700 preceding siblings ...)
2024-12-03 14:44 ` [PATCH 6.11 701/817] cifs: support mounting with alternate password to allow password rotation Greg Kroah-Hartman
@ 2024-12-03 14:44 ` Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 703/817] RISC-V: Scalar unaligned access emulated on hotplug CPUs Greg Kroah-Hartman
` (124 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:44 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Josh Poimboeuf, Helge Deller
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Josh Poimboeuf <jpoimboe@kernel.org>
commit a5f05a138a8cac035bf9da9b6ed0e532bc7942c8 upstream.
Due to an apparent copy-paste bug, the parisc implementation of
ftrace_disable_ftrace_graph_caller() doesn't actually do anything.
It enables the (already-enabled) static key rather than disabling it.
The result is that after function graph tracing has been "disabled", any
subsequent (non-graph) function tracing will inadvertently also enable
the slow fgraph return address hijacking.
Fixes: 98f2926171ae ("parisc/ftrace: use static key to enable/disable function graph tracer")
Cc: stable@vger.kernel.org # 5.16+
Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org>
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/parisc/kernel/ftrace.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/parisc/kernel/ftrace.c
+++ b/arch/parisc/kernel/ftrace.c
@@ -87,7 +87,7 @@ int ftrace_enable_ftrace_graph_caller(vo
int ftrace_disable_ftrace_graph_caller(void)
{
- static_key_enable(&ftrace_graph_enable.key);
+ static_key_disable(&ftrace_graph_enable.key);
return 0;
}
#endif
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 703/817] RISC-V: Scalar unaligned access emulated on hotplug CPUs
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (701 preceding siblings ...)
2024-12-03 14:44 ` [PATCH 6.11 702/817] parisc/ftrace: Fix function graph tracing disablement Greg Kroah-Hartman
@ 2024-12-03 14:44 ` Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 704/817] RISC-V: Check scalar unaligned access on all CPUs Greg Kroah-Hartman
` (123 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:44 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Jesse Taube, Evan Green,
Palmer Dabbelt
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jesse Taube <jesse@rivosinc.com>
commit 9c528b5f7927b857b40f3c46afbc869827af3c94 upstream.
The check_unaligned_access_emulated() function should have been called
during CPU hotplug to ensure that if all CPUs had emulated unaligned
accesses, the new CPU also does.
This patch adds the call to check_unaligned_access_emulated() in
the hotplug path.
Fixes: 55e0bf49a0d0 ("RISC-V: Probe misaligned access speed in parallel")
Signed-off-by: Jesse Taube <jesse@rivosinc.com>
Reviewed-by: Evan Green <evan@rivosinc.com>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20241017-jesse_unaligned_vector-v10-2-5b33500160f8@rivosinc.com
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/riscv/kernel/unaligned_access_speed.c | 1 +
1 file changed, 1 insertion(+)
--- a/arch/riscv/kernel/unaligned_access_speed.c
+++ b/arch/riscv/kernel/unaligned_access_speed.c
@@ -191,6 +191,7 @@ static int riscv_online_cpu(unsigned int
if (per_cpu(misaligned_access_speed, cpu) != RISCV_HWPROBE_MISALIGNED_SCALAR_UNKNOWN)
goto exit;
+ check_unaligned_access_emulated(NULL);
buf = alloc_pages(GFP_KERNEL, MISALIGNED_BUFFER_ORDER);
if (!buf) {
pr_warn("Allocation failure, not measuring misaligned performance\n");
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 704/817] RISC-V: Check scalar unaligned access on all CPUs
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (702 preceding siblings ...)
2024-12-03 14:44 ` [PATCH 6.11 703/817] RISC-V: Scalar unaligned access emulated on hotplug CPUs Greg Kroah-Hartman
@ 2024-12-03 14:44 ` Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 705/817] ksmbd: fix use-after-free in SMB request handling Greg Kroah-Hartman
` (122 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jesse Taube, Charlie Jenkins,
Evan Green, Palmer Dabbelt
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jesse Taube <jesse@rivosinc.com>
commit 8d20a739f17a2de9e269db72330f5655d6545dd4 upstream.
Originally, the check_unaligned_access_emulated_all_cpus function
only checked the boot hart. This fixes the function to check all
harts.
Fixes: 71c54b3d169d ("riscv: report misaligned accesses emulation to hwprobe")
Signed-off-by: Jesse Taube <jesse@rivosinc.com>
Reviewed-by: Charlie Jenkins <charlie@rivosinc.com>
Reviewed-by: Evan Green <evan@rivosinc.com>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20241017-jesse_unaligned_vector-v10-1-5b33500160f8@rivosinc.com
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/riscv/include/asm/cpufeature.h | 2 ++
arch/riscv/kernel/traps_misaligned.c | 14 +++++++-------
2 files changed, 9 insertions(+), 7 deletions(-)
--- a/arch/riscv/include/asm/cpufeature.h
+++ b/arch/riscv/include/asm/cpufeature.h
@@ -8,6 +8,7 @@
#include <linux/bitmap.h>
#include <linux/jump_label.h>
+#include <linux/workqueue.h>
#include <asm/hwcap.h>
#include <asm/alternative-macros.h>
#include <asm/errno.h>
@@ -60,6 +61,7 @@ void riscv_user_isa_enable(void);
#if defined(CONFIG_RISCV_MISALIGNED)
bool check_unaligned_access_emulated_all_cpus(void);
+void check_unaligned_access_emulated(struct work_struct *work __always_unused);
void unaligned_emulation_finish(void);
bool unaligned_ctl_available(void);
DECLARE_PER_CPU(long, misaligned_access_speed);
--- a/arch/riscv/kernel/traps_misaligned.c
+++ b/arch/riscv/kernel/traps_misaligned.c
@@ -524,11 +524,11 @@ int handle_misaligned_store(struct pt_re
return 0;
}
-static bool check_unaligned_access_emulated(int cpu)
+void check_unaligned_access_emulated(struct work_struct *work __always_unused)
{
+ int cpu = smp_processor_id();
long *mas_ptr = per_cpu_ptr(&misaligned_access_speed, cpu);
unsigned long tmp_var, tmp_val;
- bool misaligned_emu_detected;
*mas_ptr = RISCV_HWPROBE_MISALIGNED_SCALAR_UNKNOWN;
@@ -536,19 +536,16 @@ static bool check_unaligned_access_emula
" "REG_L" %[tmp], 1(%[ptr])\n"
: [tmp] "=r" (tmp_val) : [ptr] "r" (&tmp_var) : "memory");
- misaligned_emu_detected = (*mas_ptr == RISCV_HWPROBE_MISALIGNED_SCALAR_EMULATED);
/*
* If unaligned_ctl is already set, this means that we detected that all
* CPUS uses emulated misaligned access at boot time. If that changed
* when hotplugging the new cpu, this is something we don't handle.
*/
- if (unlikely(unaligned_ctl && !misaligned_emu_detected)) {
+ if (unlikely(unaligned_ctl && (*mas_ptr != RISCV_HWPROBE_MISALIGNED_SCALAR_EMULATED))) {
pr_crit("CPU misaligned accesses non homogeneous (expected all emulated)\n");
while (true)
cpu_relax();
}
-
- return misaligned_emu_detected;
}
bool check_unaligned_access_emulated_all_cpus(void)
@@ -560,8 +557,11 @@ bool check_unaligned_access_emulated_all
* accesses emulated since tasks requesting such control can run on any
* CPU.
*/
+ schedule_on_each_cpu(check_unaligned_access_emulated);
+
for_each_online_cpu(cpu)
- if (!check_unaligned_access_emulated(cpu))
+ if (per_cpu(misaligned_access_speed, cpu)
+ != RISCV_HWPROBE_MISALIGNED_SCALAR_EMULATED)
return false;
unaligned_ctl = true;
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 705/817] ksmbd: fix use-after-free in SMB request handling
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (703 preceding siblings ...)
2024-12-03 14:44 ` [PATCH 6.11 704/817] RISC-V: Check scalar unaligned access on all CPUs Greg Kroah-Hartman
@ 2024-12-03 14:44 ` Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 706/817] smb: client: fix NULL ptr deref in crypto_aead_setkey() Greg Kroah-Hartman
` (121 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, linux-cifs, syzkaller, Yunseong Kim,
Namjae Jeon, Steve French
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yunseong Kim <yskelg@gmail.com>
commit 9a8c5d89d327ff58e9b2517f8a6afb4181d32c6e upstream.
A race condition exists between SMB request handling in
`ksmbd_conn_handler_loop()` and the freeing of `ksmbd_conn` in the
workqueue handler `handle_ksmbd_work()`. This leads to a UAF.
- KASAN: slab-use-after-free Read in handle_ksmbd_work
- KASAN: slab-use-after-free in rtlock_slowlock_locked
This race condition arises as follows:
- `ksmbd_conn_handler_loop()` waits for `conn->r_count` to reach zero:
`wait_event(conn->r_count_q, atomic_read(&conn->r_count) == 0);`
- Meanwhile, `handle_ksmbd_work()` decrements `conn->r_count` using
`atomic_dec_return(&conn->r_count)`, and if it reaches zero, calls
`ksmbd_conn_free()`, which frees `conn`.
- However, after `handle_ksmbd_work()` decrements `conn->r_count`,
it may still access `conn->r_count_q` in the following line:
`waitqueue_active(&conn->r_count_q)` or `wake_up(&conn->r_count_q)`
This results in a UAF, as `conn` has already been freed.
The discovery of this UAF can be referenced in the following PR for
syzkaller's support for SMB requests.
Link: https://github.com/google/syzkaller/pull/5524
Fixes: ee426bfb9d09 ("ksmbd: add refcnt to ksmbd_conn struct")
Cc: linux-cifs@vger.kernel.org
Cc: stable@vger.kernel.org # v6.6.55+, v6.10.14+, v6.11.3+
Cc: syzkaller@googlegroups.com
Signed-off-by: Yunseong Kim <yskelg@gmail.com>
Acked-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/smb/server/server.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/fs/smb/server/server.c
+++ b/fs/smb/server/server.c
@@ -276,8 +276,12 @@ static void handle_ksmbd_work(struct wor
* disconnection. waitqueue_active is safe because it
* uses atomic operation for condition.
*/
+ atomic_inc(&conn->refcnt);
if (!atomic_dec_return(&conn->r_count) && waitqueue_active(&conn->r_count_q))
wake_up(&conn->r_count_q);
+
+ if (atomic_dec_and_test(&conn->refcnt))
+ kfree(conn);
}
/**
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 706/817] smb: client: fix NULL ptr deref in crypto_aead_setkey()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (704 preceding siblings ...)
2024-12-03 14:44 ` [PATCH 6.11 705/817] ksmbd: fix use-after-free in SMB request handling Greg Kroah-Hartman
@ 2024-12-03 14:44 ` Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 707/817] platform/chrome: cros_ec_typec: fix missing fwnode reference decrement Greg Kroah-Hartman
` (120 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Tom Talpey, Jianhong Yin,
Paulo Alcantara (Red Hat), Steve French
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Paulo Alcantara <pc@manguebit.com>
commit 4bdec0d1f658f7c98749bd2c5a486e6cfa8565d2 upstream.
Neither SMB3.0 or SMB3.02 supports encryption negotiate context, so
when SMB2_GLOBAL_CAP_ENCRYPTION flag is set in the negotiate response,
the client uses AES-128-CCM as the default cipher. See MS-SMB2
3.3.5.4.
Commit b0abcd65ec54 ("smb: client: fix UAF in async decryption") added
a @server->cipher_type check to conditionally call
smb3_crypto_aead_allocate(), but that check would always be false as
@server->cipher_type is unset for SMB3.02.
Fix the following KASAN splat by setting @server->cipher_type for
SMB3.02 as well.
mount.cifs //srv/share /mnt -o vers=3.02,seal,...
BUG: KASAN: null-ptr-deref in crypto_aead_setkey+0x2c/0x130
Read of size 8 at addr 0000000000000020 by task mount.cifs/1095
CPU: 1 UID: 0 PID: 1095 Comm: mount.cifs Not tainted 6.12.0 #1
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-3.fc41
04/01/2014
Call Trace:
<TASK>
dump_stack_lvl+0x5d/0x80
? crypto_aead_setkey+0x2c/0x130
kasan_report+0xda/0x110
? crypto_aead_setkey+0x2c/0x130
crypto_aead_setkey+0x2c/0x130
crypt_message+0x258/0xec0 [cifs]
? __asan_memset+0x23/0x50
? __pfx_crypt_message+0x10/0x10 [cifs]
? mark_lock+0xb0/0x6a0
? hlock_class+0x32/0xb0
? mark_lock+0xb0/0x6a0
smb3_init_transform_rq+0x352/0x3f0 [cifs]
? lock_acquire.part.0+0xf4/0x2a0
smb_send_rqst+0x144/0x230 [cifs]
? __pfx_smb_send_rqst+0x10/0x10 [cifs]
? hlock_class+0x32/0xb0
? smb2_setup_request+0x225/0x3a0 [cifs]
? __pfx_cifs_compound_last_callback+0x10/0x10 [cifs]
compound_send_recv+0x59b/0x1140 [cifs]
? __pfx_compound_send_recv+0x10/0x10 [cifs]
? __create_object+0x5e/0x90
? hlock_class+0x32/0xb0
? do_raw_spin_unlock+0x9a/0xf0
cifs_send_recv+0x23/0x30 [cifs]
SMB2_tcon+0x3ec/0xb30 [cifs]
? __pfx_SMB2_tcon+0x10/0x10 [cifs]
? lock_acquire.part.0+0xf4/0x2a0
? __pfx_lock_release+0x10/0x10
? do_raw_spin_trylock+0xc6/0x120
? lock_acquire+0x3f/0x90
? _get_xid+0x16/0xd0 [cifs]
? __pfx_SMB2_tcon+0x10/0x10 [cifs]
? cifs_get_smb_ses+0xcdd/0x10a0 [cifs]
cifs_get_smb_ses+0xcdd/0x10a0 [cifs]
? __pfx_cifs_get_smb_ses+0x10/0x10 [cifs]
? cifs_get_tcp_session+0xaa0/0xca0 [cifs]
cifs_mount_get_session+0x8a/0x210 [cifs]
dfs_mount_share+0x1b0/0x11d0 [cifs]
? __pfx___lock_acquire+0x10/0x10
? __pfx_dfs_mount_share+0x10/0x10 [cifs]
? lock_acquire.part.0+0xf4/0x2a0
? find_held_lock+0x8a/0xa0
? hlock_class+0x32/0xb0
? lock_release+0x203/0x5d0
cifs_mount+0xb3/0x3d0 [cifs]
? do_raw_spin_trylock+0xc6/0x120
? __pfx_cifs_mount+0x10/0x10 [cifs]
? lock_acquire+0x3f/0x90
? find_nls+0x16/0xa0
? smb3_update_mnt_flags+0x372/0x3b0 [cifs]
cifs_smb3_do_mount+0x1e2/0xc80 [cifs]
? __pfx_vfs_parse_fs_string+0x10/0x10
? __pfx_cifs_smb3_do_mount+0x10/0x10 [cifs]
smb3_get_tree+0x1bf/0x330 [cifs]
vfs_get_tree+0x4a/0x160
path_mount+0x3c1/0xfb0
? kasan_quarantine_put+0xc7/0x1d0
? __pfx_path_mount+0x10/0x10
? kmem_cache_free+0x118/0x3e0
? user_path_at+0x74/0xa0
__x64_sys_mount+0x1a6/0x1e0
? __pfx___x64_sys_mount+0x10/0x10
? mark_held_locks+0x1a/0x90
do_syscall_64+0xbb/0x1d0
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Cc: Tom Talpey <tom@talpey.com>
Reported-by: Jianhong Yin <jiyin@redhat.com>
Cc: stable@vger.kernel.org # v6.12
Fixes: b0abcd65ec54 ("smb: client: fix UAF in async decryption")
Signed-off-by: Paulo Alcantara (Red Hat) <pc@manguebit.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/smb/client/smb2pdu.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/fs/smb/client/smb2pdu.c
+++ b/fs/smb/client/smb2pdu.c
@@ -1230,7 +1230,9 @@ SMB2_negotiate(const unsigned int xid,
* SMB3.0 supports only 1 cipher and doesn't have a encryption neg context
* Set the cipher type manually.
*/
- if (server->dialect == SMB30_PROT_ID && (server->capabilities & SMB2_GLOBAL_CAP_ENCRYPTION))
+ if ((server->dialect == SMB30_PROT_ID ||
+ server->dialect == SMB302_PROT_ID) &&
+ (server->capabilities & SMB2_GLOBAL_CAP_ENCRYPTION))
server->cipher_type = SMB2_ENCRYPTION_AES128_CCM;
security_blob = smb2_get_data_area_len(&blob_offset, &blob_length,
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 707/817] platform/chrome: cros_ec_typec: fix missing fwnode reference decrement
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (705 preceding siblings ...)
2024-12-03 14:44 ` [PATCH 6.11 706/817] smb: client: fix NULL ptr deref in crypto_aead_setkey() Greg Kroah-Hartman
@ 2024-12-03 14:44 ` Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 708/817] irqchip/irq-mvebu-sei: Move misplaced select() callback to SEI CP domain Greg Kroah-Hartman
` (119 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:44 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Javier Carrasco, Tzung-Bi Shih
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Javier Carrasco <javier.carrasco.cruz@gmail.com>
commit 9c41f371457bd9a24874e3c7934d9745e87fbc58 upstream.
The device_for_each_child_node() macro requires explicit calls to
fwnode_handle_put() upon early exits (return, break, goto) to decrement
the fwnode's refcount, and avoid levaing a node reference behind.
Add the missing fwnode_handle_put() after the common label for all error
paths.
Cc: stable@vger.kernel.org
Fixes: fdc6b21e2444 ("platform/chrome: Add Type C connector class driver")
Signed-off-by: Javier Carrasco <javier.carrasco.cruz@gmail.com>
Link: https://lore.kernel.org/r/20241013-cross_ec_typec_fwnode_handle_put-v2-1-9182b2cd7767@gmail.com
Signed-off-by: Tzung-Bi Shih <tzungbi@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/platform/chrome/cros_ec_typec.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/platform/chrome/cros_ec_typec.c
+++ b/drivers/platform/chrome/cros_ec_typec.c
@@ -409,6 +409,7 @@ static int cros_typec_init_ports(struct
return 0;
unregister_ports:
+ fwnode_handle_put(fwnode);
cros_unregister_ports(typec);
return ret;
}
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 708/817] irqchip/irq-mvebu-sei: Move misplaced select() callback to SEI CP domain
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (706 preceding siblings ...)
2024-12-03 14:44 ` [PATCH 6.11 707/817] platform/chrome: cros_ec_typec: fix missing fwnode reference decrement Greg Kroah-Hartman
@ 2024-12-03 14:44 ` Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 709/817] x86/CPU/AMD: Terminate the erratum_1386_microcode array Greg Kroah-Hartman
` (118 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:44 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Russell King (Oracle),
Thomas Gleixner
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
commit 12aaf67584cf19dc84615b7aba272fe642c35b8b upstream.
Commit fbdf14e90ce4 ("irqchip/irq-mvebu-sei: Switch to MSI parent")
introduced in v6.11-rc1 broke Mavell Armada platforms (and possibly others)
by incorrectly switching irq-mvebu-sei to MSI parent.
In the above commit, msi_parent_ops is set for the sei->cp_domain, but
rather than adding a .select method to mvebu_sei_cp_domain_ops (which is
associated with sei->cp_domain), it was added to mvebu_sei_domain_ops which
is associated with sei->sei_domain, which doesn't have any
msi_parent_ops. This makes the call to msi_lib_irq_domain_select() always
fail.
This bug manifests itself with the following kernel messages on Armada 8040
based systems:
platform f21e0000.interrupt-controller:interrupt-controller@50: deferred probe pending: (reason unknown)
platform f41e0000.interrupt-controller:interrupt-controller@50: deferred probe pending: (reason unknown)
Move the select callback to mvebu_sei_cp_domain_ops to cure it.
Fixes: fbdf14e90ce4 ("irqchip/irq-mvebu-sei: Switch to MSI parent")
Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/all/E1tE6bh-004CmX-QU@rmk-PC.armlinux.org.uk
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/irqchip/irq-mvebu-sei.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/irqchip/irq-mvebu-sei.c b/drivers/irqchip/irq-mvebu-sei.c
index f8c70f2d100a..065166ab5dbc 100644
--- a/drivers/irqchip/irq-mvebu-sei.c
+++ b/drivers/irqchip/irq-mvebu-sei.c
@@ -192,7 +192,6 @@ static void mvebu_sei_domain_free(struct irq_domain *domain, unsigned int virq,
}
static const struct irq_domain_ops mvebu_sei_domain_ops = {
- .select = msi_lib_irq_domain_select,
.alloc = mvebu_sei_domain_alloc,
.free = mvebu_sei_domain_free,
};
@@ -306,6 +305,7 @@ static void mvebu_sei_cp_domain_free(struct irq_domain *domain,
}
static const struct irq_domain_ops mvebu_sei_cp_domain_ops = {
+ .select = msi_lib_irq_domain_select,
.alloc = mvebu_sei_cp_domain_alloc,
.free = mvebu_sei_cp_domain_free,
};
--
2.47.1
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 709/817] x86/CPU/AMD: Terminate the erratum_1386_microcode array
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (707 preceding siblings ...)
2024-12-03 14:44 ` [PATCH 6.11 708/817] irqchip/irq-mvebu-sei: Move misplaced select() callback to SEI CP domain Greg Kroah-Hartman
@ 2024-12-03 14:44 ` Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 710/817] ubi: wl: Put source PEB into correct list if trying locking LEB failed Greg Kroah-Hartman
` (117 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Sebastian Andrzej Siewior,
Borislav Petkov (AMD), stable
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
commit ff6cdc407f4179748f4673c39b0921503199a0ad upstream.
The erratum_1386_microcode array requires an empty entry at the end.
Otherwise x86_match_cpu_with_stepping() will continue iterate the array after
it ended.
Add an empty entry to erratum_1386_microcode to its end.
Fixes: 29ba89f189528 ("x86/CPU/AMD: Improve the erratum 1386 workaround")
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Cc: <stable@kernel.org>
Link: https://lore.kernel.org/r/20241126134722.480975-1-bigeasy@linutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kernel/cpu/amd.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
index 823f44f7bc94..d8408aafeed9 100644
--- a/arch/x86/kernel/cpu/amd.c
+++ b/arch/x86/kernel/cpu/amd.c
@@ -798,6 +798,7 @@ static void init_amd_bd(struct cpuinfo_x86 *c)
static const struct x86_cpu_desc erratum_1386_microcode[] = {
AMD_CPU_DESC(0x17, 0x1, 0x2, 0x0800126e),
AMD_CPU_DESC(0x17, 0x31, 0x0, 0x08301052),
+ {},
};
static void fix_erratum_1386(struct cpuinfo_x86 *c)
--
2.47.1
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 710/817] ubi: wl: Put source PEB into correct list if trying locking LEB failed
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (708 preceding siblings ...)
2024-12-03 14:44 ` [PATCH 6.11 709/817] x86/CPU/AMD: Terminate the erratum_1386_microcode array Greg Kroah-Hartman
@ 2024-12-03 14:44 ` Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 711/817] um: ubd: Do not use drvdata in release Greg Kroah-Hartman
` (116 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:44 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Zhihao Cheng, Richard Weinberger
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zhihao Cheng <chengzhihao1@huawei.com>
commit d610020f030bec819f42de327c2bd5437d2766b3 upstream.
During wear-leveing work, the source PEB will be moved into scrub list
when source LEB cannot be locked in ubi_eba_copy_leb(), which is wrong
for non-scrub type source PEB. The problem could bring extra and
ineffective wear-leveing jobs, which makes more or less negative effects
for the life time of flash. Specifically, the process is divided 2 steps:
1. wear_leveling_worker // generate false scrub type PEB
ubi_eba_copy_leb // MOVE_RETRY is returned
leb_write_trylock // trylock failed
scrubbing = 1;
e1 is put into ubi->scrub
2. wear_leveling_worker // schedule false scrub type PEB for wl
scrubbing = 1
e1 = rb_entry(rb_first(&ubi->scrub))
The problem can be reproduced easily by running fsstress on a small
UBIFS partition(<64M, simulated by nandsim) for 5~10mins
(CONFIG_MTD_UBI_FASTMAP=y,CONFIG_MTD_UBI_WL_THRESHOLD=50). Following
message is shown:
ubi0: scrubbed PEB 66 (LEB 0:10), data moved to PEB 165
Since scrub type source PEB has set variable scrubbing as '1', and
variable scrubbing is checked before variable keep, so the problem can
be fixed by setting keep variable as 1 directly if the source LEB cannot
be locked.
Fixes: e801e128b220 ("UBI: fix missing scrub when there is a bit-flip")
CC: stable@vger.kernel.org
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mtd/ubi/wl.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
--- a/drivers/mtd/ubi/wl.c
+++ b/drivers/mtd/ubi/wl.c
@@ -846,7 +846,14 @@ static int wear_leveling_worker(struct u
goto out_not_moved;
}
if (err == MOVE_RETRY) {
- scrubbing = 1;
+ /*
+ * For source PEB:
+ * 1. The scrubbing is set for scrub type PEB, it will
+ * be put back into ubi->scrub list.
+ * 2. Non-scrub type PEB will be put back into ubi->used
+ * list.
+ */
+ keep = 1;
dst_leb_clean = 1;
goto out_not_moved;
}
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 711/817] um: ubd: Do not use drvdata in release
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (709 preceding siblings ...)
2024-12-03 14:44 ` [PATCH 6.11 710/817] ubi: wl: Put source PEB into correct list if trying locking LEB failed Greg Kroah-Hartman
@ 2024-12-03 14:44 ` Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 712/817] um: net: " Greg Kroah-Hartman
` (115 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:44 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Tiwei Bie, Anton Ivanov,
Johannes Berg
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tiwei Bie <tiwei.btw@antgroup.com>
commit 5bee35e5389f450a7eea7318deb9073e9414d3b1 upstream.
The drvdata is not available in release. Let's just use container_of()
to get the ubd instance. Otherwise, removing a ubd device will result
in a crash:
RIP: 0033:blk_mq_free_tag_set+0x1f/0xba
RSP: 00000000e2083bf0 EFLAGS: 00010246
RAX: 000000006021463a RBX: 0000000000000348 RCX: 0000000062604d00
RDX: 0000000004208060 RSI: 00000000605241a0 RDI: 0000000000000348
RBP: 00000000e2083c10 R08: 0000000062414010 R09: 00000000601603f7
R10: 000000000000133a R11: 000000006038c4bd R12: 0000000000000000
R13: 0000000060213a5c R14: 0000000062405d20 R15: 00000000604f7aa0
Kernel panic - not syncing: Segfault with no mm
CPU: 0 PID: 17 Comm: kworker/0:1 Not tainted 6.8.0-rc3-00107-gba3f67c11638 #1
Workqueue: events mc_work_proc
Stack:
00000000 604f7ef0 62c5d000 62405d20
e2083c30 6002c776 6002c755 600e47ff
e2083c60 6025ffe3 04208060 603d36e0
Call Trace:
[<6002c776>] ubd_device_release+0x21/0x55
[<6002c755>] ? ubd_device_release+0x0/0x55
[<600e47ff>] ? kfree+0x0/0x100
[<6025ffe3>] device_release+0x70/0xba
[<60381d6a>] kobject_put+0xb5/0xe2
[<6026027b>] put_device+0x19/0x1c
[<6026a036>] platform_device_put+0x26/0x29
[<6026ac5a>] platform_device_unregister+0x2c/0x2e
[<6002c52e>] ubd_remove+0xb8/0xd6
[<6002bb74>] ? mconsole_reply+0x0/0x50
[<6002b926>] mconsole_remove+0x160/0x1cc
[<6002bbbc>] ? mconsole_reply+0x48/0x50
[<6003379c>] ? um_set_signals+0x3b/0x43
[<60061c55>] ? update_min_vruntime+0x14/0x70
[<6006251f>] ? dequeue_task_fair+0x164/0x235
[<600620aa>] ? update_cfs_group+0x0/0x40
[<603a0e77>] ? __schedule+0x0/0x3ed
[<60033761>] ? um_set_signals+0x0/0x43
[<6002af6a>] mc_work_proc+0x77/0x91
[<600520b4>] process_scheduled_works+0x1af/0x2c3
[<6004ede3>] ? assign_work+0x0/0x58
[<600527a1>] worker_thread+0x2f7/0x37a
[<6004ee3b>] ? set_pf_worker+0x0/0x64
[<6005765d>] ? arch_local_irq_save+0x0/0x2d
[<60058e07>] ? kthread_exit+0x0/0x3a
[<600524aa>] ? worker_thread+0x0/0x37a
[<60058f9f>] kthread+0x130/0x135
[<6002068e>] new_thread_handler+0x85/0xb6
Cc: stable@vger.kernel.org
Signed-off-by: Tiwei Bie <tiwei.btw@antgroup.com>
Acked-By: Anton Ivanov <anton.ivanov@cambridgegreys.com>
Link: https://patch.msgid.link/20241104163203.435515-3-tiwei.btw@antgroup.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/um/drivers/ubd_kern.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/um/drivers/ubd_kern.c
+++ b/arch/um/drivers/ubd_kern.c
@@ -779,7 +779,7 @@ static int ubd_open_dev(struct ubd *ubd_
static void ubd_device_release(struct device *dev)
{
- struct ubd *ubd_dev = dev_get_drvdata(dev);
+ struct ubd *ubd_dev = container_of(dev, struct ubd, pdev.dev);
blk_mq_free_tag_set(&ubd_dev->tag_set);
*ubd_dev = ((struct ubd) DEFAULT_UBD);
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 712/817] um: net: Do not use drvdata in release
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (710 preceding siblings ...)
2024-12-03 14:44 ` [PATCH 6.11 711/817] um: ubd: Do not use drvdata in release Greg Kroah-Hartman
@ 2024-12-03 14:44 ` Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 713/817] dt-bindings: serial: rs485: Fix rs485-rts-delay property Greg Kroah-Hartman
` (114 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:44 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Tiwei Bie, Anton Ivanov,
Johannes Berg
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tiwei Bie <tiwei.btw@antgroup.com>
commit d1db692a9be3b4bd3473b64fcae996afaffe8438 upstream.
The drvdata is not available in release. Let's just use container_of()
to get the uml_net instance. Otherwise, removing a network device will
result in a crash:
RIP: 0033:net_device_release+0x10/0x6f
RSP: 00000000e20c7c40 EFLAGS: 00010206
RAX: 000000006002e4e7 RBX: 00000000600f1baf RCX: 00000000624074e0
RDX: 0000000062778000 RSI: 0000000060551c80 RDI: 00000000627af028
RBP: 00000000e20c7c50 R08: 00000000603ad594 R09: 00000000e20c7b70
R10: 000000000000135a R11: 00000000603ad422 R12: 0000000000000000
R13: 0000000062c7af00 R14: 0000000062406d60 R15: 00000000627700b6
Kernel panic - not syncing: Segfault with no mm
CPU: 0 UID: 0 PID: 29 Comm: kworker/0:2 Not tainted 6.12.0-rc6-g59b723cd2adb #1
Workqueue: events mc_work_proc
Stack:
627af028 62c7af00 e20c7c80 60276fcd
62778000 603f5820 627af028 00000000
e20c7cb0 603a2bcd 627af000 62770010
Call Trace:
[<60276fcd>] device_release+0x70/0xba
[<603a2bcd>] kobject_put+0xba/0xe7
[<60277265>] put_device+0x19/0x1c
[<60281266>] platform_device_put+0x26/0x29
[<60281e5f>] platform_device_unregister+0x2c/0x2e
[<6002ec9c>] net_remove+0x63/0x69
[<60031316>] ? mconsole_reply+0x0/0x50
[<600310c8>] mconsole_remove+0x160/0x1cc
[<60087d40>] ? __remove_hrtimer+0x38/0x74
[<60087ff8>] ? hrtimer_try_to_cancel+0x8c/0x98
[<6006b3cf>] ? dl_server_stop+0x3f/0x48
[<6006b390>] ? dl_server_stop+0x0/0x48
[<600672e8>] ? dequeue_entities+0x327/0x390
[<60038fa6>] ? um_set_signals+0x0/0x43
[<6003070c>] mc_work_proc+0x77/0x91
[<60057664>] process_scheduled_works+0x1b3/0x2dd
[<60055f32>] ? assign_work+0x0/0x58
[<60057f0a>] worker_thread+0x1e9/0x293
[<6005406f>] ? set_pf_worker+0x0/0x64
[<6005d65d>] ? arch_local_irq_save+0x0/0x2d
[<6005d748>] ? kthread_exit+0x0/0x3a
[<60057d21>] ? worker_thread+0x0/0x293
[<6005dbf1>] kthread+0x126/0x12b
[<600219c5>] new_thread_handler+0x85/0xb6
Cc: stable@vger.kernel.org
Signed-off-by: Tiwei Bie <tiwei.btw@antgroup.com>
Acked-By: Anton Ivanov <anton.ivanov@cambridgegreys.com>
Link: https://patch.msgid.link/20241104163203.435515-4-tiwei.btw@antgroup.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/um/drivers/net_kern.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/um/drivers/net_kern.c
+++ b/arch/um/drivers/net_kern.c
@@ -336,7 +336,7 @@ static struct platform_driver uml_net_dr
static void net_device_release(struct device *dev)
{
- struct uml_net *device = dev_get_drvdata(dev);
+ struct uml_net *device = container_of(dev, struct uml_net, pdev.dev);
struct net_device *netdev = device->dev;
struct uml_net_private *lp = netdev_priv(netdev);
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 713/817] dt-bindings: serial: rs485: Fix rs485-rts-delay property
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (711 preceding siblings ...)
2024-12-03 14:44 ` [PATCH 6.11 712/817] um: net: " Greg Kroah-Hartman
@ 2024-12-03 14:44 ` Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 714/817] serial: 8250_fintek: Add support for F81216E Greg Kroah-Hartman
` (113 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:44 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Michal Simek, Krzysztof Kozlowski
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michal Simek <michal.simek@amd.com>
commit 12b3642b6c242061d3ba84e6e3050c3141ded14c upstream.
Code expects array only with 2 items which should be checked.
But also item checking is not working as it should likely because of
incorrect items description.
Fixes: d50f974c4f7f ("dt-bindings: serial: Convert rs485 bindings to json-schema")
Signed-off-by: Michal Simek <michal.simek@amd.com>
Cc: stable@vger.kernel.org
Reviewed-by: Krzysztof Kozlowski <krzk@kernel.org>
Link: https://lore.kernel.org/r/820c639b9e22fe037730ed44d1b044cdb6d28b75.1726480384.git.michal.simek@amd.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
Documentation/devicetree/bindings/serial/rs485.yaml | 19 +++++++++----------
1 file changed, 9 insertions(+), 10 deletions(-)
--- a/Documentation/devicetree/bindings/serial/rs485.yaml
+++ b/Documentation/devicetree/bindings/serial/rs485.yaml
@@ -18,16 +18,15 @@ properties:
description: prop-encoded-array <a b>
$ref: /schemas/types.yaml#/definitions/uint32-array
items:
- items:
- - description: Delay between rts signal and beginning of data sent in
- milliseconds. It corresponds to the delay before sending data.
- default: 0
- maximum: 100
- - description: Delay between end of data sent and rts signal in milliseconds.
- It corresponds to the delay after sending data and actual release
- of the line.
- default: 0
- maximum: 100
+ - description: Delay between rts signal and beginning of data sent in
+ milliseconds. It corresponds to the delay before sending data.
+ default: 0
+ maximum: 100
+ - description: Delay between end of data sent and rts signal in milliseconds.
+ It corresponds to the delay after sending data and actual release
+ of the line.
+ default: 0
+ maximum: 100
rs485-rts-active-high:
description: drive RTS high when sending (this is the default).
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 714/817] serial: 8250_fintek: Add support for F81216E
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (712 preceding siblings ...)
2024-12-03 14:44 ` [PATCH 6.11 713/817] dt-bindings: serial: rs485: Fix rs485-rts-delay property Greg Kroah-Hartman
@ 2024-12-03 14:44 ` Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 715/817] serial: 8250: omap: Move pm_runtime_get_sync Greg Kroah-Hartman
` (112 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:44 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Filip Brozovic, stable
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Filip Brozovic <fbrozovic@gmail.com>
commit 166105c9030a30ba08574a9998afc7b60bc72dd7 upstream.
The F81216E is a LPC/eSPI to 4 UART Super I/O and is mostly compatible with
the F81216H, but does not support RS-485 auto-direction delays on any port.
Signed-off-by: Filip Brozovic <fbrozovic@gmail.com>
Cc: stable <stable@kernel.org>
Link: https://lore.kernel.org/r/20241110111703.15494-1-fbrozovic@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/tty/serial/8250/8250_fintek.c | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
--- a/drivers/tty/serial/8250/8250_fintek.c
+++ b/drivers/tty/serial/8250/8250_fintek.c
@@ -21,6 +21,7 @@
#define CHIP_ID_F81866 0x1010
#define CHIP_ID_F81966 0x0215
#define CHIP_ID_F81216AD 0x1602
+#define CHIP_ID_F81216E 0x1617
#define CHIP_ID_F81216H 0x0501
#define CHIP_ID_F81216 0x0802
#define VENDOR_ID1 0x23
@@ -158,6 +159,7 @@ static int fintek_8250_check_id(struct f
case CHIP_ID_F81866:
case CHIP_ID_F81966:
case CHIP_ID_F81216AD:
+ case CHIP_ID_F81216E:
case CHIP_ID_F81216H:
case CHIP_ID_F81216:
break;
@@ -181,6 +183,7 @@ static int fintek_8250_get_ldn_range(str
return 0;
case CHIP_ID_F81216AD:
+ case CHIP_ID_F81216E:
case CHIP_ID_F81216H:
case CHIP_ID_F81216:
*min = F81216_LDN_LOW;
@@ -250,6 +253,7 @@ static void fintek_8250_set_irq_mode(str
break;
case CHIP_ID_F81216AD:
+ case CHIP_ID_F81216E:
case CHIP_ID_F81216H:
case CHIP_ID_F81216:
sio_write_mask_reg(pdata, FINTEK_IRQ_MODE, IRQ_SHARE,
@@ -263,7 +267,8 @@ static void fintek_8250_set_irq_mode(str
static void fintek_8250_set_max_fifo(struct fintek_8250 *pdata)
{
switch (pdata->pid) {
- case CHIP_ID_F81216H: /* 128Bytes FIFO */
+ case CHIP_ID_F81216E: /* 128Bytes FIFO */
+ case CHIP_ID_F81216H:
case CHIP_ID_F81966:
case CHIP_ID_F81866:
sio_write_mask_reg(pdata, FIFO_CTRL,
@@ -297,6 +302,7 @@ static void fintek_8250_set_termios(stru
goto exit;
switch (pdata->pid) {
+ case CHIP_ID_F81216E:
case CHIP_ID_F81216H:
reg = RS485;
break;
@@ -346,6 +352,7 @@ static void fintek_8250_set_termios_hand
struct fintek_8250 *pdata = uart->port.private_data;
switch (pdata->pid) {
+ case CHIP_ID_F81216E:
case CHIP_ID_F81216H:
case CHIP_ID_F81966:
case CHIP_ID_F81866:
@@ -438,6 +445,11 @@ static void fintek_8250_set_rs485_handle
uart->port.rs485_supported = fintek_8250_rs485_supported;
break;
+ case CHIP_ID_F81216E: /* F81216E does not support RS485 delays */
+ uart->port.rs485_config = fintek_8250_rs485_config;
+ uart->port.rs485_supported = fintek_8250_rs485_supported;
+ break;
+
default: /* No RS485 Auto direction functional */
break;
}
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 715/817] serial: 8250: omap: Move pm_runtime_get_sync
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (713 preceding siblings ...)
2024-12-03 14:44 ` [PATCH 6.11 714/817] serial: 8250_fintek: Add support for F81216E Greg Kroah-Hartman
@ 2024-12-03 14:44 ` Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 716/817] serial: amba-pl011: Fix RX stall when DMA is used Greg Kroah-Hartman
` (111 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:44 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Bin Liu, Judith Mendez, Kevin Hilman
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Bin Liu <b-liu@ti.com>
commit bcc7ba668818dcadd2f1db66b39ed860a63ecf97 upstream.
Currently in omap_8250_shutdown, the dma->rx_running flag is
set to zero in omap_8250_rx_dma_flush. Next pm_runtime_get_sync
is called, which is a runtime resume call stack which can
re-set the flag. When the call omap_8250_shutdown returns, the
flag is expected to be UN-SET, but this is not the case. This
is causing issues the next time UART is re-opened and
omap_8250_rx_dma is called. Fix by moving pm_runtime_get_sync
before the omap_8250_rx_dma_flush.
cc: stable@vger.kernel.org
Fixes: 0e31c8d173ab ("tty: serial: 8250_omap: add custom DMA-RX callback")
Signed-off-by: Bin Liu <b-liu@ti.com>
[Judith: Add commit message]
Signed-off-by: Judith Mendez <jm@ti.com>
Reviewed-by: Kevin Hilman <khilman@baylibre.com>
Tested-by: Kevin Hilman <khilman@baylibre.com>
Link: https://lore.kernel.org/r/20241031172315.453750-1-jm@ti.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/tty/serial/8250/8250_omap.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/tty/serial/8250/8250_omap.c
+++ b/drivers/tty/serial/8250/8250_omap.c
@@ -777,12 +777,12 @@ static void omap_8250_shutdown(struct ua
struct uart_8250_port *up = up_to_u8250p(port);
struct omap8250_priv *priv = port->private_data;
+ pm_runtime_get_sync(port->dev);
+
flush_work(&priv->qos_work);
if (up->dma)
omap_8250_rx_dma_flush(up);
- pm_runtime_get_sync(port->dev);
-
serial_out(up, UART_OMAP_WER, 0);
if (priv->habit & UART_HAS_EFR2)
serial_out(up, UART_OMAP_EFR2, 0x0);
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 716/817] serial: amba-pl011: Fix RX stall when DMA is used
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (714 preceding siblings ...)
2024-12-03 14:44 ` [PATCH 6.11 715/817] serial: 8250: omap: Move pm_runtime_get_sync Greg Kroah-Hartman
@ 2024-12-03 14:44 ` Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 717/817] serial: amba-pl011: fix build regression Greg Kroah-Hartman
` (110 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:44 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Kartik Rajput, Linus Walleij
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kartik Rajput <kkartik@nvidia.com>
commit 2bcacc1c87acf9a8ebc17de18cb2b3cfeca547cf upstream.
Function pl011_throttle_rx() calls pl011_stop_rx() to disable RX, which
also disables the RX DMA by clearing the RXDMAE bit of the DMACR
register. However, to properly unthrottle RX when DMA is used, the
function pl011_unthrottle_rx() is expected to set the RXDMAE bit of
the DMACR register, which it currently lacks. This causes RX to stall
after the throttle API is called.
Set RXDMAE bit in the DMACR register while unthrottling RX if RX DMA is
used.
Fixes: 211565b10099 ("serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle")
Cc: stable@vger.kernel.org
Signed-off-by: Kartik Rajput <kkartik@nvidia.com>
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Link: https://lore.kernel.org/r/20241113092629.60226-1-kkartik@nvidia.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/tty/serial/amba-pl011.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/drivers/tty/serial/amba-pl011.c
+++ b/drivers/tty/serial/amba-pl011.c
@@ -1819,6 +1819,11 @@ static void pl011_unthrottle_rx(struct u
pl011_write(uap->im, uap, REG_IMSC);
+ if (uap->using_rx_dma) {
+ uap->dmacr |= UART011_RXDMAE;
+ pl011_write(uap->dmacr, uap, REG_DMACR);
+ }
+
uart_port_unlock_irqrestore(&uap->port, flags);
}
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 717/817] serial: amba-pl011: fix build regression
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (715 preceding siblings ...)
2024-12-03 14:44 ` [PATCH 6.11 716/817] serial: amba-pl011: Fix RX stall when DMA is used Greg Kroah-Hartman
@ 2024-12-03 14:44 ` Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 718/817] mtd: ubi: fix unreleased fwnode_handle in find_volume_fwnode() Greg Kroah-Hartman
` (109 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, stable, kernel test robot,
Arnd Bergmann
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Arnd Bergmann <arnd@arndb.de>
commit b5a23a60e8ab5711f4952912424347bf3864ce8d upstream.
When CONFIG_DMA_ENGINE is disabled, the driver now fails to build:
drivers/tty/serial/amba-pl011.c: In function 'pl011_unthrottle_rx':
drivers/tty/serial/amba-pl011.c:1822:16: error: 'struct uart_amba_port' has no member named 'using_rx_dma'
1822 | if (uap->using_rx_dma) {
| ^~
drivers/tty/serial/amba-pl011.c:1823:20: error: 'struct uart_amba_port' has no member named 'dmacr'
1823 | uap->dmacr |= UART011_RXDMAE;
| ^~
drivers/tty/serial/amba-pl011.c:1824:32: error: 'struct uart_amba_port' has no member named 'dmacr'
1824 | pl011_write(uap->dmacr, uap, REG_DMACR);
| ^~
Add the missing #ifdef check around these field accesses, matching
what other parts of this driver do.
Fixes: 2bcacc1c87ac ("serial: amba-pl011: Fix RX stall when DMA is used")
Cc: stable <stable@kernel.org>
Reported-by: kernel test robot <lkp@intel.com>
Closes: https://lore.kernel.org/oe-kbuild-all/202411140617.nkjeHhsK-lkp@intel.com/
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Link: https://lore.kernel.org/r/20241115110021.744332-1-arnd@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/tty/serial/amba-pl011.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/tty/serial/amba-pl011.c
+++ b/drivers/tty/serial/amba-pl011.c
@@ -1819,10 +1819,12 @@ static void pl011_unthrottle_rx(struct u
pl011_write(uap->im, uap, REG_IMSC);
+#ifdef CONFIG_DMA_ENGINE
if (uap->using_rx_dma) {
uap->dmacr |= UART011_RXDMAE;
pl011_write(uap->dmacr, uap, REG_DMACR);
}
+#endif
uart_port_unlock_irqrestore(&uap->port, flags);
}
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 718/817] mtd: ubi: fix unreleased fwnode_handle in find_volume_fwnode()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (716 preceding siblings ...)
2024-12-03 14:44 ` [PATCH 6.11 717/817] serial: amba-pl011: fix build regression Greg Kroah-Hartman
@ 2024-12-03 14:44 ` Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 719/817] block: Prevent potential deadlock in blk_revalidate_disk_zones() Greg Kroah-Hartman
` (108 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Javier Carrasco, Zhihao Cheng,
Richard Weinberger
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Javier Carrasco <javier.carrasco.cruz@gmail.com>
commit 07593293ffabba14125c8998525adde5a832bfa3 upstream.
The 'fw_vols' fwnode_handle initialized via
device_get_named_child_node() requires explicit calls to
fwnode_handle_put() when the variable is no longer required.
Add the missing calls to fwnode_handle_put() before the function
returns.
Cc: stable@vger.kernel.org
Fixes: 51932f9fc487 ("mtd: ubi: populate ubi volume fwnode")
Signed-off-by: Javier Carrasco <javier.carrasco.cruz@gmail.com>
Reviewed-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mtd/ubi/vmt.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/mtd/ubi/vmt.c
+++ b/drivers/mtd/ubi/vmt.c
@@ -143,8 +143,10 @@ static struct fwnode_handle *find_volume
vol->vol_id != volid)
continue;
+ fwnode_handle_put(fw_vols);
return fw_vol;
}
+ fwnode_handle_put(fw_vols);
return NULL;
}
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 719/817] block: Prevent potential deadlock in blk_revalidate_disk_zones()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (717 preceding siblings ...)
2024-12-03 14:44 ` [PATCH 6.11 718/817] mtd: ubi: fix unreleased fwnode_handle in find_volume_fwnode() Greg Kroah-Hartman
@ 2024-12-03 14:44 ` Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 720/817] um: vector: Do not use drvdata in release Greg Kroah-Hartman
` (107 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Damien Le Moal, Christoph Hellwig,
Jens Axboe
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Damien Le Moal <dlemoal@kernel.org>
commit 0b83c86b444ab467134b0e618f45ad2216a4973c upstream.
The function blk_revalidate_disk_zones() calls the function
disk_update_zone_resources() after freezing the device queue. In turn,
disk_update_zone_resources() calls queue_limits_start_update() which
takes a queue limits mutex lock, resulting in the ordering:
q->q_usage_counter check -> q->limits_lock. However, the usual ordering
is to always take a queue limit lock before freezing the queue to commit
the limits updates, e.g., the code pattern:
lim = queue_limits_start_update(q);
...
blk_mq_freeze_queue(q);
ret = queue_limits_commit_update(q, &lim);
blk_mq_unfreeze_queue(q);
Thus, blk_revalidate_disk_zones() introduces a potential circular
locking dependency deadlock that lockdep sometimes catches with the
splat:
[ 51.934109] ======================================================
[ 51.935916] WARNING: possible circular locking dependency detected
[ 51.937561] 6.12.0+ #2107 Not tainted
[ 51.938648] ------------------------------------------------------
[ 51.940351] kworker/u16:4/157 is trying to acquire lock:
[ 51.941805] ffff9fff0aa0bea8 (&q->limits_lock){+.+.}-{4:4}, at: disk_update_zone_resources+0x86/0x170
[ 51.944314]
but task is already holding lock:
[ 51.945688] ffff9fff0aa0b890 (&q->q_usage_counter(queue)#3){++++}-{0:0}, at: blk_revalidate_disk_zones+0x15f/0x340
[ 51.948527]
which lock already depends on the new lock.
[ 51.951296]
the existing dependency chain (in reverse order) is:
[ 51.953708]
-> #1 (&q->q_usage_counter(queue)#3){++++}-{0:0}:
[ 51.956131] blk_queue_enter+0x1c9/0x1e0
[ 51.957290] blk_mq_alloc_request+0x187/0x2a0
[ 51.958365] scsi_execute_cmd+0x78/0x490 [scsi_mod]
[ 51.959514] read_capacity_16+0x111/0x410 [sd_mod]
[ 51.960693] sd_revalidate_disk.isra.0+0x872/0x3240 [sd_mod]
[ 51.962004] sd_probe+0x2d7/0x520 [sd_mod]
[ 51.962993] really_probe+0xd5/0x330
[ 51.963898] __driver_probe_device+0x78/0x110
[ 51.964925] driver_probe_device+0x1f/0xa0
[ 51.965916] __driver_attach_async_helper+0x60/0xe0
[ 51.967017] async_run_entry_fn+0x2e/0x140
[ 51.968004] process_one_work+0x21f/0x5a0
[ 51.968987] worker_thread+0x1dc/0x3c0
[ 51.969868] kthread+0xe0/0x110
[ 51.970377] ret_from_fork+0x31/0x50
[ 51.970983] ret_from_fork_asm+0x11/0x20
[ 51.971587]
-> #0 (&q->limits_lock){+.+.}-{4:4}:
[ 51.972479] __lock_acquire+0x1337/0x2130
[ 51.973133] lock_acquire+0xc5/0x2d0
[ 51.973691] __mutex_lock+0xda/0xcf0
[ 51.974300] disk_update_zone_resources+0x86/0x170
[ 51.975032] blk_revalidate_disk_zones+0x16c/0x340
[ 51.975740] sd_zbc_revalidate_zones+0x73/0x160 [sd_mod]
[ 51.976524] sd_revalidate_disk.isra.0+0x465/0x3240 [sd_mod]
[ 51.977824] sd_probe+0x2d7/0x520 [sd_mod]
[ 51.978917] really_probe+0xd5/0x330
[ 51.979915] __driver_probe_device+0x78/0x110
[ 51.981047] driver_probe_device+0x1f/0xa0
[ 51.982143] __driver_attach_async_helper+0x60/0xe0
[ 51.983282] async_run_entry_fn+0x2e/0x140
[ 51.984319] process_one_work+0x21f/0x5a0
[ 51.985873] worker_thread+0x1dc/0x3c0
[ 51.987289] kthread+0xe0/0x110
[ 51.988546] ret_from_fork+0x31/0x50
[ 51.989926] ret_from_fork_asm+0x11/0x20
[ 51.991376]
other info that might help us debug this:
[ 51.994127] Possible unsafe locking scenario:
[ 51.995651] CPU0 CPU1
[ 51.996694] ---- ----
[ 51.997716] lock(&q->q_usage_counter(queue)#3);
[ 51.998817] lock(&q->limits_lock);
[ 52.000043] lock(&q->q_usage_counter(queue)#3);
[ 52.001638] lock(&q->limits_lock);
[ 52.002485]
*** DEADLOCK ***
Prevent this issue by moving the calls to blk_mq_freeze_queue() and
blk_mq_unfreeze_queue() around the call to queue_limits_commit_update()
in disk_update_zone_resources(). In case of revalidation failure, the
call to disk_free_zone_resources() in blk_revalidate_disk_zones()
is still done with the queue frozen as before.
Fixes: 843283e96e5a ("block: Fake max open zones limit when there is no limit")
Cc: stable@vger.kernel.org
Signed-off-by: Damien Le Moal <dlemoal@kernel.org>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/20241126104705.183996-1-dlemoal@kernel.org
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
block/blk-zoned.c | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
--- a/block/blk-zoned.c
+++ b/block/blk-zoned.c
@@ -1541,6 +1541,7 @@ static int disk_update_zone_resources(st
unsigned int nr_seq_zones, nr_conv_zones = 0;
unsigned int pool_size;
struct queue_limits lim;
+ int ret;
disk->nr_zones = args->nr_zones;
disk->zone_capacity = args->zone_capacity;
@@ -1593,7 +1594,11 @@ static int disk_update_zone_resources(st
}
commit:
- return queue_limits_commit_update(q, &lim);
+ blk_mq_freeze_queue(q);
+ ret = queue_limits_commit_update(q, &lim);
+ blk_mq_unfreeze_queue(q);
+
+ return ret;
}
static int blk_revalidate_conv_zone(struct blk_zone *zone, unsigned int idx,
@@ -1814,14 +1819,15 @@ int blk_revalidate_disk_zones(struct gen
* Set the new disk zone parameters only once the queue is frozen and
* all I/Os are completed.
*/
- blk_mq_freeze_queue(q);
if (ret > 0)
ret = disk_update_zone_resources(disk, &args);
else
pr_warn("%s: failed to revalidate zones\n", disk->disk_name);
- if (ret)
+ if (ret) {
+ blk_mq_freeze_queue(q);
disk_free_zone_resources(disk);
- blk_mq_unfreeze_queue(q);
+ blk_mq_unfreeze_queue(q);
+ }
kfree(args.conv_zones_bitmap);
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 720/817] um: vector: Do not use drvdata in release
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (718 preceding siblings ...)
2024-12-03 14:44 ` [PATCH 6.11 719/817] block: Prevent potential deadlock in blk_revalidate_disk_zones() Greg Kroah-Hartman
@ 2024-12-03 14:44 ` Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 721/817] sh: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK Greg Kroah-Hartman
` (106 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:44 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Tiwei Bie, Anton Ivanov,
Johannes Berg
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tiwei Bie <tiwei.btw@antgroup.com>
commit 51b39d741970742a5c41136241a9c48ac607cf82 upstream.
The drvdata is not available in release. Let's just use container_of()
to get the vector_device instance. Otherwise, removing a vector device
will result in a crash:
RIP: 0033:vector_device_release+0xf/0x50
RSP: 00000000e187bc40 EFLAGS: 00010202
RAX: 0000000060028f61 RBX: 00000000600f1baf RCX: 00000000620074e0
RDX: 000000006220b9c0 RSI: 0000000060551c80 RDI: 0000000000000000
RBP: 00000000e187bc50 R08: 00000000603ad594 R09: 00000000e187bb70
R10: 000000000000135a R11: 00000000603ad422 R12: 00000000623ae028
R13: 000000006287a200 R14: 0000000062006d30 R15: 00000000623700b6
Kernel panic - not syncing: Segfault with no mm
CPU: 0 UID: 0 PID: 16 Comm: kworker/0:1 Not tainted 6.12.0-rc6-g59b723cd2adb #1
Workqueue: events mc_work_proc
Stack:
60028f61 623ae028 e187bc80 60276fcd
6220b9c0 603f5820 623ae028 00000000
e187bcb0 603a2bcd 623ae000 62370010
Call Trace:
[<60028f61>] ? vector_device_release+0x0/0x50
[<60276fcd>] device_release+0x70/0xba
[<603a2bcd>] kobject_put+0xba/0xe7
[<60277265>] put_device+0x19/0x1c
[<60281266>] platform_device_put+0x26/0x29
[<60281e5f>] platform_device_unregister+0x2c/0x2e
[<60029422>] vector_remove+0x52/0x58
[<60031316>] ? mconsole_reply+0x0/0x50
[<600310c8>] mconsole_remove+0x160/0x1cc
[<603b19f4>] ? strlen+0x0/0x15
[<60066611>] ? __dequeue_entity+0x1a9/0x206
[<600666a7>] ? set_next_entity+0x39/0x63
[<6006666e>] ? set_next_entity+0x0/0x63
[<60038fa6>] ? um_set_signals+0x0/0x43
[<6003070c>] mc_work_proc+0x77/0x91
[<60057664>] process_scheduled_works+0x1b3/0x2dd
[<60055f32>] ? assign_work+0x0/0x58
[<60057f0a>] worker_thread+0x1e9/0x293
[<6005406f>] ? set_pf_worker+0x0/0x64
[<6005d65d>] ? arch_local_irq_save+0x0/0x2d
[<6005d748>] ? kthread_exit+0x0/0x3a
[<60057d21>] ? worker_thread+0x0/0x293
[<6005dbf1>] kthread+0x126/0x12b
[<600219c5>] new_thread_handler+0x85/0xb6
Cc: stable@vger.kernel.org
Signed-off-by: Tiwei Bie <tiwei.btw@antgroup.com>
Acked-By: Anton Ivanov <anton.ivanov@cambridgegreys.com>
Link: https://patch.msgid.link/20241104163203.435515-5-tiwei.btw@antgroup.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/um/drivers/vector_kern.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/arch/um/drivers/vector_kern.c
+++ b/arch/um/drivers/vector_kern.c
@@ -821,7 +821,8 @@ static struct platform_driver uml_net_dr
static void vector_device_release(struct device *dev)
{
- struct vector_device *device = dev_get_drvdata(dev);
+ struct vector_device *device =
+ container_of(dev, struct vector_device, pdev.dev);
struct net_device *netdev = device->dev;
list_del(&device->list);
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 721/817] sh: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (719 preceding siblings ...)
2024-12-03 14:44 ` [PATCH 6.11 720/817] um: vector: Do not use drvdata in release Greg Kroah-Hartman
@ 2024-12-03 14:44 ` Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 722/817] iio: gts: Fix uninitialized symbol ret Greg Kroah-Hartman
` (105 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:44 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Huacai Chen,
John Paul Adrian Glaubitz
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Huacai Chen <chenhuacai@loongson.cn>
commit 3c891f7c6a4e90bb1199497552f24b26e46383bc upstream.
When CONFIG_CPUMASK_OFFSTACK and CONFIG_DEBUG_PER_CPU_MAPS are selected,
cpu_max_bits_warn() generates a runtime warning similar as below when
showing /proc/cpuinfo. Fix this by using nr_cpu_ids (the runtime limit)
instead of NR_CPUS to iterate CPUs.
[ 3.052463] ------------[ cut here ]------------
[ 3.059679] WARNING: CPU: 3 PID: 1 at include/linux/cpumask.h:108 show_cpuinfo+0x5e8/0x5f0
[ 3.070072] Modules linked in: efivarfs autofs4
[ 3.076257] CPU: 0 PID: 1 Comm: systemd Not tainted 5.19-rc5+ #1052
[ 3.099465] Stack : 9000000100157b08 9000000000f18530 9000000000cf846c 9000000100154000
[ 3.109127] 9000000100157a50 0000000000000000 9000000100157a58 9000000000ef7430
[ 3.118774] 90000001001578e8 0000000000000040 0000000000000020 ffffffffffffffff
[ 3.128412] 0000000000aaaaaa 1ab25f00eec96a37 900000010021de80 900000000101c890
[ 3.138056] 0000000000000000 0000000000000000 0000000000000000 0000000000aaaaaa
[ 3.147711] ffff8000339dc220 0000000000000001 0000000006ab4000 0000000000000000
[ 3.157364] 900000000101c998 0000000000000004 9000000000ef7430 0000000000000000
[ 3.167012] 0000000000000009 000000000000006c 0000000000000000 0000000000000000
[ 3.176641] 9000000000d3de08 9000000001639390 90000000002086d8 00007ffff0080286
[ 3.186260] 00000000000000b0 0000000000000004 0000000000000000 0000000000071c1c
[ 3.195868] ...
[ 3.199917] Call Trace:
[ 3.203941] [<90000000002086d8>] show_stack+0x38/0x14c
[ 3.210666] [<9000000000cf846c>] dump_stack_lvl+0x60/0x88
[ 3.217625] [<900000000023d268>] __warn+0xd0/0x100
[ 3.223958] [<9000000000cf3c90>] warn_slowpath_fmt+0x7c/0xcc
[ 3.231150] [<9000000000210220>] show_cpuinfo+0x5e8/0x5f0
[ 3.238080] [<90000000004f578c>] seq_read_iter+0x354/0x4b4
[ 3.245098] [<90000000004c2e90>] new_sync_read+0x17c/0x1c4
[ 3.252114] [<90000000004c5174>] vfs_read+0x138/0x1d0
[ 3.258694] [<90000000004c55f8>] ksys_read+0x70/0x100
[ 3.265265] [<9000000000cfde9c>] do_syscall+0x7c/0x94
[ 3.271820] [<9000000000202fe4>] handle_syscall+0xc4/0x160
[ 3.281824] ---[ end trace 8b484262b4b8c24c ]---
Cc: stable@vger.kernel.org
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
Reviewed-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
Tested-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
Signed-off-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/sh/kernel/cpu/proc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/sh/kernel/cpu/proc.c
+++ b/arch/sh/kernel/cpu/proc.c
@@ -132,7 +132,7 @@ static int show_cpuinfo(struct seq_file
static void *c_start(struct seq_file *m, loff_t *pos)
{
- return *pos < NR_CPUS ? cpu_data + *pos : NULL;
+ return *pos < nr_cpu_ids ? cpu_data + *pos : NULL;
}
static void *c_next(struct seq_file *m, void *v, loff_t *pos)
{
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 722/817] iio: gts: Fix uninitialized symbol ret
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (720 preceding siblings ...)
2024-12-03 14:44 ` [PATCH 6.11 721/817] sh: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK Greg Kroah-Hartman
@ 2024-12-03 14:44 ` Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 723/817] ublk: fix ublk_ch_mmap() for 64K page size Greg Kroah-Hartman
` (104 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zicheng Qu, Matti Vaittinen,
Jonathan Cameron
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zicheng Qu <quzicheng@huawei.com>
commit e2fb2f89faf87b681038475d093214f4cbe12ebb upstream.
Initialize the variable ret at the time of declaration to prevent it from
being returned without a defined value. Fixes smatch warning:
drivers/iio/industrialio-gts-helper.c:256 gain_to_scaletables() error:
uninitialized symbol 'ret'.
Cc: stable@vger.kernel.org # v6.6+
Fixes: 38416c28e168 ("iio: light: Add gain-time-scale helpers")
Signed-off-by: Zicheng Qu <quzicheng@huawei.com>
Reviewed-by: Matti Vaittinen <mazziesaccount@gmail.com>
Link: https://patch.msgid.link/20241031014505.2313035-1-quzicheng@huawei.com
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iio/industrialio-gts-helper.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/iio/industrialio-gts-helper.c
+++ b/drivers/iio/industrialio-gts-helper.c
@@ -167,7 +167,7 @@ static int iio_gts_gain_cmp(const void *
static int gain_to_scaletables(struct iio_gts *gts, int **gains, int **scales)
{
- int ret, i, j, new_idx, time_idx;
+ int i, j, new_idx, time_idx, ret = 0;
int *all_gains;
size_t gain_bytes;
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 723/817] ublk: fix ublk_ch_mmap() for 64K page size
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (721 preceding siblings ...)
2024-12-03 14:44 ` [PATCH 6.11 722/817] iio: gts: Fix uninitialized symbol ret Greg Kroah-Hartman
@ 2024-12-03 14:44 ` Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 724/817] arm64: tls: Fix context-switching of tpidrro_el0 when kpti is enabled Greg Kroah-Hartman
` (103 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:44 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Ming Lei, Jens Axboe
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ming Lei <ming.lei@redhat.com>
commit d369735e02ef122d19d4c3d093028da0eb400636 upstream.
In ublk_ch_mmap(), queue id is calculated in the following way:
(vma->vm_pgoff << PAGE_SHIFT) / `max_cmd_buf_size`
'max_cmd_buf_size' is equal to
`UBLK_MAX_QUEUE_DEPTH * sizeof(struct ublksrv_io_desc)`
and UBLK_MAX_QUEUE_DEPTH is 4096 and part of UAPI, so 'max_cmd_buf_size'
is always page aligned in 4K page size kernel. However, it isn't true in
64K page size kernel.
Fixes the issue by always rounding up 'max_cmd_buf_size' with PAGE_SIZE.
Cc: stable@vger.kernel.org
Fixes: 71f28f3136af ("ublk_drv: add io_uring based userspace block driver")
Signed-off-by: Ming Lei <ming.lei@redhat.com>
Link: https://lore.kernel.org/r/20241111110718.1394001-1-ming.lei@redhat.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/block/ublk_drv.c | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
--- a/drivers/block/ublk_drv.c
+++ b/drivers/block/ublk_drv.c
@@ -664,12 +664,21 @@ static inline char *ublk_queue_cmd_buf(s
return ublk_get_queue(ub, q_id)->io_cmd_buf;
}
+static inline int __ublk_queue_cmd_buf_size(int depth)
+{
+ return round_up(depth * sizeof(struct ublksrv_io_desc), PAGE_SIZE);
+}
+
static inline int ublk_queue_cmd_buf_size(struct ublk_device *ub, int q_id)
{
struct ublk_queue *ubq = ublk_get_queue(ub, q_id);
- return round_up(ubq->q_depth * sizeof(struct ublksrv_io_desc),
- PAGE_SIZE);
+ return __ublk_queue_cmd_buf_size(ubq->q_depth);
+}
+
+static int ublk_max_cmd_buf_size(void)
+{
+ return __ublk_queue_cmd_buf_size(UBLK_MAX_QUEUE_DEPTH);
}
static inline bool ublk_queue_can_use_recovery_reissue(
@@ -1322,7 +1331,7 @@ static int ublk_ch_mmap(struct file *fil
{
struct ublk_device *ub = filp->private_data;
size_t sz = vma->vm_end - vma->vm_start;
- unsigned max_sz = UBLK_MAX_QUEUE_DEPTH * sizeof(struct ublksrv_io_desc);
+ unsigned max_sz = ublk_max_cmd_buf_size();
unsigned long pfn, end, phys_off = vma->vm_pgoff << PAGE_SHIFT;
int q_id, ret = 0;
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 724/817] arm64: tls: Fix context-switching of tpidrro_el0 when kpti is enabled
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (722 preceding siblings ...)
2024-12-03 14:44 ` [PATCH 6.11 723/817] ublk: fix ublk_ch_mmap() for 64K page size Greg Kroah-Hartman
@ 2024-12-03 14:44 ` Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 725/817] block: fix missing dispatching request when queue is started or unquiesced Greg Kroah-Hartman
` (102 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mark Rutland, Will Deacon,
Catalin Marinas
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Will Deacon <will@kernel.org>
commit 67ab51cbdfee02ef07fb9d7d14cc0bf6cb5a5e5c upstream.
Commit 18011eac28c7 ("arm64: tls: Avoid unconditional zeroing of
tpidrro_el0 for native tasks") tried to optimise the context switching
of tpidrro_el0 by eliding the clearing of the register when switching
to a native task with kpti enabled, on the erroneous assumption that
the kpti trampoline entry code would already have taken care of the
write.
Although the kpti trampoline does zero the register on entry from a
native task, the check in tls_thread_switch() is on the *next* task and
so we can end up leaving a stale, non-zero value in the register if the
previous task was 32-bit.
Drop the broken optimisation and zero tpidrro_el0 unconditionally when
switching to a native 64-bit task.
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: stable@vger.kernel.org
Fixes: 18011eac28c7 ("arm64: tls: Avoid unconditional zeroing of tpidrro_el0 for native tasks")
Signed-off-by: Will Deacon <will@kernel.org>
Acked-by: Mark Rutland <mark.rutland@arm.com>
Link: https://lore.kernel.org/r/20241114095332.23391-1-will@kernel.org
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/kernel/process.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/arm64/kernel/process.c
+++ b/arch/arm64/kernel/process.c
@@ -426,7 +426,7 @@ static void tls_thread_switch(struct tas
if (is_compat_thread(task_thread_info(next)))
write_sysreg(next->thread.uw.tp_value, tpidrro_el0);
- else if (!arm64_kernel_unmapped_at_el0())
+ else
write_sysreg(0, tpidrro_el0);
write_sysreg(*task_user_tls(next), tpidr_el0);
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 725/817] block: fix missing dispatching request when queue is started or unquiesced
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (723 preceding siblings ...)
2024-12-03 14:44 ` [PATCH 6.11 724/817] arm64: tls: Fix context-switching of tpidrro_el0 when kpti is enabled Greg Kroah-Hartman
@ 2024-12-03 14:44 ` Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 726/817] block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding Greg Kroah-Hartman
` (101 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Muchun Song, Muchun Song, Ming Lei,
Jens Axboe
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Muchun Song <songmuchun@bytedance.com>
commit 2003ee8a9aa14d766b06088156978d53c2e9be3d upstream.
Supposing the following scenario with a virtio_blk driver.
CPU0 CPU1 CPU2
blk_mq_try_issue_directly()
__blk_mq_issue_directly()
q->mq_ops->queue_rq()
virtio_queue_rq()
blk_mq_stop_hw_queue()
virtblk_done()
blk_mq_try_issue_directly()
if (blk_mq_hctx_stopped())
blk_mq_request_bypass_insert() blk_mq_run_hw_queue()
blk_mq_run_hw_queue() blk_mq_run_hw_queue()
blk_mq_insert_request()
return
After CPU0 has marked the queue as stopped, CPU1 will see the queue is
stopped. But before CPU1 puts the request on the dispatch list, CPU2
receives the interrupt of completion of request, so it will run the
hardware queue and marks the queue as non-stopped. Meanwhile, CPU1 also
runs the same hardware queue. After both CPU1 and CPU2 complete
blk_mq_run_hw_queue(), CPU1 just puts the request to the same hardware
queue and returns. It misses dispatching a request. Fix it by running
the hardware queue explicitly. And blk_mq_request_issue_directly()
should handle a similar situation. Fix it as well.
Fixes: d964f04a8fde ("blk-mq: fix direct issue")
Cc: stable@vger.kernel.org
Cc: Muchun Song <muchun.song@linux.dev>
Signed-off-by: Muchun Song <songmuchun@bytedance.com>
Reviewed-by: Ming Lei <ming.lei@redhat.com>
Link: https://lore.kernel.org/r/20241014092934.53630-2-songmuchun@bytedance.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
block/blk-mq.c | 2 ++
1 file changed, 2 insertions(+)
--- a/block/blk-mq.c
+++ b/block/blk-mq.c
@@ -2619,6 +2619,7 @@ static void blk_mq_try_issue_directly(st
if (blk_mq_hctx_stopped(hctx) || blk_queue_quiesced(rq->q)) {
blk_mq_insert_request(rq, 0);
+ blk_mq_run_hw_queue(hctx, false);
return;
}
@@ -2649,6 +2650,7 @@ static blk_status_t blk_mq_request_issue
if (blk_mq_hctx_stopped(hctx) || blk_queue_quiesced(rq->q)) {
blk_mq_insert_request(rq, 0);
+ blk_mq_run_hw_queue(hctx, false);
return BLK_STS_OK;
}
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 726/817] block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (724 preceding siblings ...)
2024-12-03 14:44 ` [PATCH 6.11 725/817] block: fix missing dispatching request when queue is started or unquiesced Greg Kroah-Hartman
@ 2024-12-03 14:44 ` Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 727/817] block: fix ordering between checking BLK_MQ_S_STOPPED " Greg Kroah-Hartman
` (100 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Muchun Song, Muchun Song, Ming Lei,
Jens Axboe
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Muchun Song <songmuchun@bytedance.com>
commit 6bda857bcbb86fb9d0e54fbef93a093d51172acc upstream.
Supposing the following scenario.
CPU0 CPU1
blk_mq_insert_request() 1) store
blk_mq_unquiesce_queue()
blk_queue_flag_clear() 3) store
blk_mq_run_hw_queues()
blk_mq_run_hw_queue()
if (!blk_mq_hctx_has_pending()) 4) load
return
blk_mq_run_hw_queue()
if (blk_queue_quiesced()) 2) load
return
blk_mq_sched_dispatch_requests()
The full memory barrier should be inserted between 1) and 2), as well as
between 3) and 4) to make sure that either CPU0 sees QUEUE_FLAG_QUIESCED
is cleared or CPU1 sees dispatch list or setting of bitmap of software
queue. Otherwise, either CPU will not rerun the hardware queue causing
starvation.
So the first solution is to 1) add a pair of memory barrier to fix the
problem, another solution is to 2) use hctx->queue->queue_lock to
synchronize QUEUE_FLAG_QUIESCED. Here, we chose 2) to fix it since
memory barrier is not easy to be maintained.
Fixes: f4560ffe8cec ("blk-mq: use QUEUE_FLAG_QUIESCED to quiesce queue")
Cc: stable@vger.kernel.org
Cc: Muchun Song <muchun.song@linux.dev>
Signed-off-by: Muchun Song <songmuchun@bytedance.com>
Reviewed-by: Ming Lei <ming.lei@redhat.com>
Link: https://lore.kernel.org/r/20241014092934.53630-3-songmuchun@bytedance.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
block/blk-mq.c | 49 +++++++++++++++++++++++++++++++++++--------------
1 file changed, 35 insertions(+), 14 deletions(-)
--- a/block/blk-mq.c
+++ b/block/blk-mq.c
@@ -2202,6 +2202,24 @@ void blk_mq_delay_run_hw_queue(struct bl
}
EXPORT_SYMBOL(blk_mq_delay_run_hw_queue);
+static inline bool blk_mq_hw_queue_need_run(struct blk_mq_hw_ctx *hctx)
+{
+ bool need_run;
+
+ /*
+ * When queue is quiesced, we may be switching io scheduler, or
+ * updating nr_hw_queues, or other things, and we can't run queue
+ * any more, even blk_mq_hctx_has_pending() can't be called safely.
+ *
+ * And queue will be rerun in blk_mq_unquiesce_queue() if it is
+ * quiesced.
+ */
+ __blk_mq_run_dispatch_ops(hctx->queue, false,
+ need_run = !blk_queue_quiesced(hctx->queue) &&
+ blk_mq_hctx_has_pending(hctx));
+ return need_run;
+}
+
/**
* blk_mq_run_hw_queue - Start to run a hardware queue.
* @hctx: Pointer to the hardware queue to run.
@@ -2222,20 +2240,23 @@ void blk_mq_run_hw_queue(struct blk_mq_h
might_sleep_if(!async && hctx->flags & BLK_MQ_F_BLOCKING);
- /*
- * When queue is quiesced, we may be switching io scheduler, or
- * updating nr_hw_queues, or other things, and we can't run queue
- * any more, even __blk_mq_hctx_has_pending() can't be called safely.
- *
- * And queue will be rerun in blk_mq_unquiesce_queue() if it is
- * quiesced.
- */
- __blk_mq_run_dispatch_ops(hctx->queue, false,
- need_run = !blk_queue_quiesced(hctx->queue) &&
- blk_mq_hctx_has_pending(hctx));
-
- if (!need_run)
- return;
+ need_run = blk_mq_hw_queue_need_run(hctx);
+ if (!need_run) {
+ unsigned long flags;
+
+ /*
+ * Synchronize with blk_mq_unquiesce_queue(), because we check
+ * if hw queue is quiesced locklessly above, we need the use
+ * ->queue_lock to make sure we see the up-to-date status to
+ * not miss rerunning the hw queue.
+ */
+ spin_lock_irqsave(&hctx->queue->queue_lock, flags);
+ need_run = blk_mq_hw_queue_need_run(hctx);
+ spin_unlock_irqrestore(&hctx->queue->queue_lock, flags);
+
+ if (!need_run)
+ return;
+ }
if (async || !cpumask_test_cpu(raw_smp_processor_id(), hctx->cpumask)) {
blk_mq_delay_run_hw_queue(hctx, 0);
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 727/817] block: fix ordering between checking BLK_MQ_S_STOPPED request adding
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (725 preceding siblings ...)
2024-12-03 14:44 ` [PATCH 6.11 726/817] block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding Greg Kroah-Hartman
@ 2024-12-03 14:44 ` Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 728/817] blk-mq: Make blk_mq_quiesce_tagset() hold the tag list mutex less long Greg Kroah-Hartman
` (99 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:44 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Muchun Song, Muchun Song, Ming Lei,
Jens Axboe
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Muchun Song <songmuchun@bytedance.com>
commit 96a9fe64bfd486ebeeacf1e6011801ffe89dae18 upstream.
Supposing first scenario with a virtio_blk driver.
CPU0 CPU1
blk_mq_try_issue_directly()
__blk_mq_issue_directly()
q->mq_ops->queue_rq()
virtio_queue_rq()
blk_mq_stop_hw_queue()
virtblk_done()
blk_mq_request_bypass_insert() 1) store
blk_mq_start_stopped_hw_queue()
clear_bit(BLK_MQ_S_STOPPED) 3) store
blk_mq_run_hw_queue()
if (!blk_mq_hctx_has_pending()) 4) load
return
blk_mq_sched_dispatch_requests()
blk_mq_run_hw_queue()
if (!blk_mq_hctx_has_pending())
return
blk_mq_sched_dispatch_requests()
if (blk_mq_hctx_stopped()) 2) load
return
__blk_mq_sched_dispatch_requests()
Supposing another scenario.
CPU0 CPU1
blk_mq_requeue_work()
blk_mq_insert_request() 1) store
virtblk_done()
blk_mq_start_stopped_hw_queue()
blk_mq_run_hw_queues() clear_bit(BLK_MQ_S_STOPPED) 3) store
blk_mq_run_hw_queue()
if (!blk_mq_hctx_has_pending()) 4) load
return
blk_mq_sched_dispatch_requests()
if (blk_mq_hctx_stopped()) 2) load
continue
blk_mq_run_hw_queue()
Both scenarios are similar, the full memory barrier should be inserted
between 1) and 2), as well as between 3) and 4) to make sure that either
CPU0 sees BLK_MQ_S_STOPPED is cleared or CPU1 sees dispatch list.
Otherwise, either CPU will not rerun the hardware queue causing
starvation of the request.
The easy way to fix it is to add the essential full memory barrier into
helper of blk_mq_hctx_stopped(). In order to not affect the fast path
(hardware queue is not stopped most of the time), we only insert the
barrier into the slow path. Actually, only slow path needs to care about
missing of dispatching the request to the low-level device driver.
Fixes: 320ae51feed5 ("blk-mq: new multi-queue block IO queueing mechanism")
Cc: stable@vger.kernel.org
Cc: Muchun Song <muchun.song@linux.dev>
Signed-off-by: Muchun Song <songmuchun@bytedance.com>
Reviewed-by: Ming Lei <ming.lei@redhat.com>
Link: https://lore.kernel.org/r/20241014092934.53630-4-songmuchun@bytedance.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
block/blk-mq.c | 6 ++++++
block/blk-mq.h | 13 +++++++++++++
2 files changed, 19 insertions(+)
--- a/block/blk-mq.c
+++ b/block/blk-mq.c
@@ -2413,6 +2413,12 @@ void blk_mq_start_stopped_hw_queue(struc
return;
clear_bit(BLK_MQ_S_STOPPED, &hctx->state);
+ /*
+ * Pairs with the smp_mb() in blk_mq_hctx_stopped() to order the
+ * clearing of BLK_MQ_S_STOPPED above and the checking of dispatch
+ * list in the subsequent routine.
+ */
+ smp_mb__after_atomic();
blk_mq_run_hw_queue(hctx, async);
}
EXPORT_SYMBOL_GPL(blk_mq_start_stopped_hw_queue);
--- a/block/blk-mq.h
+++ b/block/blk-mq.h
@@ -230,6 +230,19 @@ static inline struct blk_mq_tags *blk_mq
static inline bool blk_mq_hctx_stopped(struct blk_mq_hw_ctx *hctx)
{
+ /* Fast path: hardware queue is not stopped most of the time. */
+ if (likely(!test_bit(BLK_MQ_S_STOPPED, &hctx->state)))
+ return false;
+
+ /*
+ * This barrier is used to order adding of dispatch list before and
+ * the test of BLK_MQ_S_STOPPED below. Pairs with the memory barrier
+ * in blk_mq_start_stopped_hw_queue() so that dispatch code could
+ * either see BLK_MQ_S_STOPPED is cleared or dispatch list is not
+ * empty to avoid missing dispatching requests.
+ */
+ smp_mb();
+
return test_bit(BLK_MQ_S_STOPPED, &hctx->state);
}
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 728/817] blk-mq: Make blk_mq_quiesce_tagset() hold the tag list mutex less long
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (726 preceding siblings ...)
2024-12-03 14:44 ` [PATCH 6.11 727/817] block: fix ordering between checking BLK_MQ_S_STOPPED " Greg Kroah-Hartman
@ 2024-12-03 14:45 ` Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 729/817] gve: Flow steering trigger reset only for timeout error Greg Kroah-Hartman
` (98 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Peter Wang, Chao Leng, Ming Lei,
Bart Van Assche, Keith Busch, Jens Axboe
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Bart Van Assche <bvanassche@acm.org>
commit ccd9e252c515ac5a3ed04a414c95d1307d17f159 upstream.
Make sure that the tag_list_lock mutex is not held any longer than
necessary. This change reduces latency if e.g. blk_mq_quiesce_tagset()
is called concurrently from more than one thread. This function is used
by the NVMe core and also by the UFS driver.
Reported-by: Peter Wang <peter.wang@mediatek.com>
Cc: Chao Leng <lengchao@huawei.com>
Cc: Ming Lei <ming.lei@redhat.com>
Cc: stable@vger.kernel.org
Fixes: 414dd48e882c ("blk-mq: add tagset quiesce interface")
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Reviewed-by: Keith Busch <kbusch@kernel.org>
Link: https://lore.kernel.org/r/20241022181617.2716173-1-bvanassche@acm.org
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
block/blk-mq.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/block/blk-mq.c
+++ b/block/blk-mq.c
@@ -283,8 +283,9 @@ void blk_mq_quiesce_tagset(struct blk_mq
if (!blk_queue_skip_tagset_quiesce(q))
blk_mq_quiesce_queue_nowait(q);
}
- blk_mq_wait_quiesce_done(set);
mutex_unlock(&set->tag_list_lock);
+
+ blk_mq_wait_quiesce_done(set);
}
EXPORT_SYMBOL_GPL(blk_mq_quiesce_tagset);
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 729/817] gve: Flow steering trigger reset only for timeout error
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (727 preceding siblings ...)
2024-12-03 14:45 ` [PATCH 6.11 728/817] blk-mq: Make blk_mq_quiesce_tagset() hold the tag list mutex less long Greg Kroah-Hartman
@ 2024-12-03 14:45 ` Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 730/817] HID: wacom: Interpret tilt data from Intuos Pro BT as signed values Greg Kroah-Hartman
` (97 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ziwei Xiao, Jeroen de Borst,
Harshitha Ramamurthy, Simon Horman, Jakub Kicinski
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ziwei Xiao <ziweixiao@google.com>
commit 8ffade77b6337a8767fae9820d57d7a6413dd1a1 upstream.
When configuring flow steering rules, the driver is currently going
through a reset for all errors from the device. Instead, the driver
should only reset when there's a timeout error from the device.
Fixes: 57718b60df9b ("gve: Add flow steering adminq commands")
Cc: stable@vger.kernel.org
Signed-off-by: Ziwei Xiao <ziweixiao@google.com>
Signed-off-by: Jeroen de Borst <jeroendb@google.com>
Reviewed-by: Harshitha Ramamurthy <hramamurthy@google.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Link: https://patch.msgid.link/20241113175930.2585680-1-jeroendb@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/google/gve/gve_adminq.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/net/ethernet/google/gve/gve_adminq.c
+++ b/drivers/net/ethernet/google/gve/gve_adminq.c
@@ -1208,10 +1208,10 @@ gve_adminq_configure_flow_rule(struct gv
sizeof(struct gve_adminq_configure_flow_rule),
flow_rule_cmd);
- if (err) {
+ if (err == -ETIME) {
dev_err(&priv->pdev->dev, "Timeout to configure the flow rule, trigger reset");
gve_reset(priv, true);
- } else {
+ } else if (!err) {
priv->flow_rules_cache.rules_cache_synced = false;
}
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 730/817] HID: wacom: Interpret tilt data from Intuos Pro BT as signed values
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (728 preceding siblings ...)
2024-12-03 14:45 ` [PATCH 6.11 729/817] gve: Flow steering trigger reset only for timeout error Greg Kroah-Hartman
@ 2024-12-03 14:45 ` Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 731/817] i40e: Fix handling changed priv flags Greg Kroah-Hartman
` (96 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:45 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Jason Gerecke, Jiri Kosina
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jason Gerecke <jason.gerecke@wacom.com>
commit 49a397ad24ee5e2c53a59dada2780d7e71bd3f77 upstream.
The tilt data contained in the Bluetooth packets of an Intuos Pro are
supposed to be interpreted as signed values. Simply casting the values
to type `char` is not guaranteed to work since it is implementation-
defined whether it is signed or unsigned. At least one user has noticed
the data being reported incorrectly on their system. To ensure that the
data is interpreted properly, we specifically cast to `signed char`
instead.
Link: https://github.com/linuxwacom/input-wacom/issues/445
Fixes: 4922cd26f03c ("HID: wacom: Support 2nd-gen Intuos Pro's Bluetooth classic interface")
CC: stable@vger.kernel.org # 4.11+
Signed-off-by: Jason Gerecke <jason.gerecke@wacom.com>
Signed-off-by: Jiri Kosina <jkosina@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/hid/wacom_wac.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/hid/wacom_wac.c
+++ b/drivers/hid/wacom_wac.c
@@ -1353,9 +1353,9 @@ static void wacom_intuos_pro2_bt_pen(str
rotation -= 1800;
input_report_abs(pen_input, ABS_TILT_X,
- (char)frame[7]);
+ (signed char)frame[7]);
input_report_abs(pen_input, ABS_TILT_Y,
- (char)frame[8]);
+ (signed char)frame[8]);
input_report_abs(pen_input, ABS_Z, rotation);
input_report_abs(pen_input, ABS_WHEEL,
get_unaligned_le16(&frame[11]));
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 731/817] i40e: Fix handling changed priv flags
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (729 preceding siblings ...)
2024-12-03 14:45 ` [PATCH 6.11 730/817] HID: wacom: Interpret tilt data from Intuos Pro BT as signed values Greg Kroah-Hartman
@ 2024-12-03 14:45 ` Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 732/817] media: wl128x: Fix atomicity violation in fmc_send_cmd() Greg Kroah-Hartman
` (95 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Peter Große, Paul Menzel,
Przemek Kitszel, Tony Nguyen, Jakub Kicinski,
Pucha Himasekhar Reddy
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Peter Große <pegro@friiks.de>
commit ea301aec8bb718b02b68761d2229fc12c9fefa29 upstream.
After assembling the new private flags on a PF, the operation to determine
the changed flags uses the wrong bitmaps. Instead of xor-ing orig_flags
with new_flags, it uses the still unchanged pf->flags, thus changed_flags
is always 0.
Fix it by using the correct bitmaps.
The issue was discovered while debugging why disabling source pruning
stopped working with release 6.7. Although the new flags will be copied to
pf->flags later on in that function, disabling source pruning requires
a reset of the PF, which was skipped due to this bug.
Disabling source pruning:
$ sudo ethtool --set-priv-flags eno1 disable-source-pruning on
$ sudo ethtool --show-priv-flags eno1
Private flags for eno1:
MFP : off
total-port-shutdown : off
LinkPolling : off
flow-director-atr : on
veb-stats : off
hw-atr-eviction : off
link-down-on-close : off
legacy-rx : off
disable-source-pruning: on
disable-fw-lldp : off
rs-fec : off
base-r-fec : off
vf-vlan-pruning : off
Regarding reproducing:
I observed the issue with a rather complicated lab setup, where
* two VLAN interfaces are created on eno1
* each with a different MAC address assigned
* each moved into a separate namespace
* both VLANs are bridged externally, so they form a single layer 2 network
The external bridge is done via a channel emulator adding packet loss and
delay and the application in the namespaces tries to send/receive traffic
and measure the performance. Sender and receiver are separated by
namespaces, yet the network card "sees its own traffic" send back to it.
To make that work, source pruning has to be disabled.
Cc: stable@vger.kernel.org
Fixes: 70756d0a4727 ("i40e: Use DECLARE_BITMAP for flags and hw_features fields in i40e_pf")
Signed-off-by: Peter Große <pegro@friiks.de>
Reviewed-by: Paul Menzel <pmenzel@molgen.mpg.de>
Reviewed-by: Przemek Kitszel <przemyslaw.kitszel@intel.com>
Tested-by: Pucha Himasekhar Reddy <himasekharx.reddy.pucha@intel.com> (A Contingent worker at Intel)
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Link: https://patch.msgid.link/20241113210705.1296408-1-anthony.l.nguyen@intel.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/intel/i40e/i40e_ethtool.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/net/ethernet/intel/i40e/i40e_ethtool.c
+++ b/drivers/net/ethernet/intel/i40e/i40e_ethtool.c
@@ -5303,7 +5303,7 @@ static int i40e_set_priv_flags(struct ne
}
flags_complete:
- bitmap_xor(changed_flags, pf->flags, orig_flags, I40E_PF_FLAGS_NBITS);
+ bitmap_xor(changed_flags, new_flags, orig_flags, I40E_PF_FLAGS_NBITS);
if (test_bit(I40E_FLAG_FW_LLDP_DIS, changed_flags))
reset_needed = I40E_PF_RESET_AND_REBUILD_FLAG;
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 732/817] media: wl128x: Fix atomicity violation in fmc_send_cmd()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (730 preceding siblings ...)
2024-12-03 14:45 ` [PATCH 6.11 731/817] i40e: Fix handling changed priv flags Greg Kroah-Hartman
@ 2024-12-03 14:45 ` Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 733/817] media: intel/ipu6: do not handle interrupts when device is disabled Greg Kroah-Hartman
` (94 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:45 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Qiu-ji Chen, Hans Verkuil
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Qiu-ji Chen <chenqiuji666@gmail.com>
commit ca59f9956d4519ab18ab2270be47c6b8c6ced091 upstream.
Atomicity violation occurs when the fmc_send_cmd() function is executed
simultaneously with the modification of the fmdev->resp_skb value.
Consider a scenario where, after passing the validity check within the
function, a non-null fmdev->resp_skb variable is assigned a null value.
This results in an invalid fmdev->resp_skb variable passing the validity
check. As seen in the later part of the function, skb = fmdev->resp_skb;
when the invalid fmdev->resp_skb passes the check, a null pointer
dereference error may occur at line 478, evt_hdr = (void *)skb->data;
To address this issue, it is recommended to include the validity check of
fmdev->resp_skb within the locked section of the function. This
modification ensures that the value of fmdev->resp_skb does not change
during the validation process, thereby maintaining its validity.
This possible bug is found by an experimental static analysis tool
developed by our team. This tool analyzes the locking APIs
to extract function pairs that can be concurrently executed, and then
analyzes the instructions in the paired functions to identify possible
concurrency bugs including data races and atomicity violations.
Fixes: e8454ff7b9a4 ("[media] drivers:media:radio: wl128x: FM Driver Common sources")
Cc: stable@vger.kernel.org
Signed-off-by: Qiu-ji Chen <chenqiuji666@gmail.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/radio/wl128x/fmdrv_common.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/media/radio/wl128x/fmdrv_common.c
+++ b/drivers/media/radio/wl128x/fmdrv_common.c
@@ -466,11 +466,12 @@ int fmc_send_cmd(struct fmdev *fmdev, u8
jiffies_to_msecs(FM_DRV_TX_TIMEOUT) / 1000);
return -ETIMEDOUT;
}
+ spin_lock_irqsave(&fmdev->resp_skb_lock, flags);
if (!fmdev->resp_skb) {
+ spin_unlock_irqrestore(&fmdev->resp_skb_lock, flags);
fmerr("Response SKB is missing\n");
return -EFAULT;
}
- spin_lock_irqsave(&fmdev->resp_skb_lock, flags);
skb = fmdev->resp_skb;
fmdev->resp_skb = NULL;
spin_unlock_irqrestore(&fmdev->resp_skb_lock, flags);
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 733/817] media: intel/ipu6: do not handle interrupts when device is disabled
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (731 preceding siblings ...)
2024-12-03 14:45 ` [PATCH 6.11 732/817] media: wl128x: Fix atomicity violation in fmc_send_cmd() Greg Kroah-Hartman
@ 2024-12-03 14:45 ` Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 734/817] arm64: dts: mediatek: mt8186-corsola-voltorb: Merge speaker codec nodes Greg Kroah-Hartman
` (93 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Stanislaw Gruszka, Hans de Goede,
Sakari Ailus, Hans Verkuil
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Stanislaw Gruszka <stanislaw.gruszka@linux.intel.com>
commit 1429826883bb18847092b2e04c6598ef34bae1d4 upstream.
Some IPU6 devices have shared interrupts. We need to handle properly
case when interrupt is triggered from other device on shared irq line
and IPU6 itself disabled. In such case we get 0xffffffff from
ISR_STATUS register and handle all irq's cases, for what we are not
not prepared and usually hang the whole system.
To avoid the issue use pm_runtime_get_if_active() to check if
the device is enabled and prevent suspending it when we handle irq
until the end of irq. Additionally use synchronize_irq() in suspend
Fixes: ab29a2478e70 ("media: intel/ipu6: add IPU6 buttress interface driver")
Cc: stable@vger.kernel.org
Signed-off-by: Stanislaw Gruszka <stanislaw.gruszka@linux.intel.com>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Tested-by: Hans de Goede <hdegoede@redhat.com> # ThinkPad X1 Yoga Gen 8, ov2740
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Hans Verkuil <hverkuil@xs4all.nl>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/pci/intel/ipu6/ipu6-buttress.c | 13 +++++++++----
drivers/media/pci/intel/ipu6/ipu6.c | 3 +++
2 files changed, 12 insertions(+), 4 deletions(-)
--- a/drivers/media/pci/intel/ipu6/ipu6-buttress.c
+++ b/drivers/media/pci/intel/ipu6/ipu6-buttress.c
@@ -346,12 +346,16 @@ irqreturn_t ipu6_buttress_isr(int irq, v
u32 disable_irqs = 0;
u32 irq_status;
u32 i, count = 0;
+ int active;
- pm_runtime_get_noresume(&isp->pdev->dev);
+ active = pm_runtime_get_if_active(&isp->pdev->dev);
+ if (!active)
+ return IRQ_NONE;
irq_status = readl(isp->base + reg_irq_sts);
- if (!irq_status) {
- pm_runtime_put_noidle(&isp->pdev->dev);
+ if (irq_status == 0 || WARN_ON_ONCE(irq_status == 0xffffffffu)) {
+ if (active > 0)
+ pm_runtime_put_noidle(&isp->pdev->dev);
return IRQ_NONE;
}
@@ -427,7 +431,8 @@ irqreturn_t ipu6_buttress_isr(int irq, v
writel(BUTTRESS_IRQS & ~disable_irqs,
isp->base + BUTTRESS_REG_ISR_ENABLE);
- pm_runtime_put(&isp->pdev->dev);
+ if (active > 0)
+ pm_runtime_put(&isp->pdev->dev);
return ret;
}
--- a/drivers/media/pci/intel/ipu6/ipu6.c
+++ b/drivers/media/pci/intel/ipu6/ipu6.c
@@ -758,6 +758,9 @@ static void ipu6_pci_reset_done(struct p
*/
static int ipu6_suspend(struct device *dev)
{
+ struct pci_dev *pdev = to_pci_dev(dev);
+
+ synchronize_irq(pdev->irq);
return 0;
}
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 734/817] arm64: dts: mediatek: mt8186-corsola-voltorb: Merge speaker codec nodes
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (732 preceding siblings ...)
2024-12-03 14:45 ` [PATCH 6.11 733/817] media: intel/ipu6: do not handle interrupts when device is disabled Greg Kroah-Hartman
@ 2024-12-03 14:45 ` Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 735/817] netdev-genl: Hold rcu_read_lock in napi_get Greg Kroah-Hartman
` (92 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Chen-Yu Tsai,
AngeloGioacchino Del Regno
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chen-Yu Tsai <wenst@chromium.org>
commit 26ea2459d1724406bf0b342df6b4b1f002d7f8e3 upstream.
The Voltorb device uses a speaker codec different from the original
Corsola device. When the Voltorb device tree was first added, the new
codec was added as a separate node when it should have just replaced the
existing one.
Merge the two nodes. The only differences are the compatible string and
the GPIO line property name. This keeps the device node path for the
speaker codec the same across the MT8186 Chromebook line. Also rename
the related labels and node names from having rt1019p to speaker codec.
Cc: stable@vger.kernel.org # v6.11+
Signed-off-by: Chen-Yu Tsai <wenst@chromium.org>
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Link: https://lore.kernel.org/r/20241018082113.1297268-1-wenst@chromium.org
Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
.../dts/mediatek/mt8186-corsola-voltorb.dtsi | 21 +++++--------------
.../boot/dts/mediatek/mt8186-corsola.dtsi | 8 +++----
2 files changed, 9 insertions(+), 20 deletions(-)
diff --git a/arch/arm64/boot/dts/mediatek/mt8186-corsola-voltorb.dtsi b/arch/arm64/boot/dts/mediatek/mt8186-corsola-voltorb.dtsi
index 52ec58128d56..b495a241b443 100644
--- a/arch/arm64/boot/dts/mediatek/mt8186-corsola-voltorb.dtsi
+++ b/arch/arm64/boot/dts/mediatek/mt8186-corsola-voltorb.dtsi
@@ -10,12 +10,6 @@
/ {
chassis-type = "laptop";
-
- max98360a: max98360a {
- compatible = "maxim,max98360a";
- sdmode-gpios = <&pio 150 GPIO_ACTIVE_HIGH>;
- #sound-dai-cells = <0>;
- };
};
&cpu6 {
@@ -59,19 +53,14 @@ &cluster1_opp_15 {
opp-hz = /bits/ 64 <2200000000>;
};
-&rt1019p{
- status = "disabled";
-};
-
&sound {
compatible = "mediatek,mt8186-mt6366-rt5682s-max98360-sound";
- status = "okay";
+};
- spk-hdmi-playback-dai-link {
- codec {
- sound-dai = <&it6505dptx>, <&max98360a>;
- };
- };
+&speaker_codec {
+ compatible = "maxim,max98360a";
+ sdmode-gpios = <&pio 150 GPIO_ACTIVE_HIGH>;
+ /delete-property/ sdb-gpios;
};
&spmi {
diff --git a/arch/arm64/boot/dts/mediatek/mt8186-corsola.dtsi b/arch/arm64/boot/dts/mediatek/mt8186-corsola.dtsi
index 682c6ad2574d..0c0b3ac59745 100644
--- a/arch/arm64/boot/dts/mediatek/mt8186-corsola.dtsi
+++ b/arch/arm64/boot/dts/mediatek/mt8186-corsola.dtsi
@@ -259,15 +259,15 @@ spk-hdmi-playback-dai-link {
mediatek,clk-provider = "cpu";
/* RT1019P and IT6505 connected to the same I2S line */
codec {
- sound-dai = <&it6505dptx>, <&rt1019p>;
+ sound-dai = <&it6505dptx>, <&speaker_codec>;
};
};
};
- rt1019p: speaker-codec {
+ speaker_codec: speaker-codec {
compatible = "realtek,rt1019p";
pinctrl-names = "default";
- pinctrl-0 = <&rt1019p_pins_default>;
+ pinctrl-0 = <&speaker_codec_pins_default>;
#sound-dai-cells = <0>;
sdb-gpios = <&pio 150 GPIO_ACTIVE_HIGH>;
};
@@ -1179,7 +1179,7 @@ pins {
};
};
- rt1019p_pins_default: rt1019p-default-pins {
+ speaker_codec_pins_default: speaker-codec-default-pins {
pins-sdb {
pinmux = <PINMUX_GPIO150__FUNC_GPIO150>;
output-low;
--
2.47.1
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 735/817] netdev-genl: Hold rcu_read_lock in napi_get
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (733 preceding siblings ...)
2024-12-03 14:45 ` [PATCH 6.11 734/817] arm64: dts: mediatek: mt8186-corsola-voltorb: Merge speaker codec nodes Greg Kroah-Hartman
@ 2024-12-03 14:45 ` Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 736/817] soc: fsl: rcpm: fix missing of_node_put() in copy_ippdexpcr1_setting() Greg Kroah-Hartman
` (91 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:45 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Joe Damato, Jakub Kicinski
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Joe Damato <jdamato@fastly.com>
commit c53bf100f68619acf6cedcf4cf5249a1ca2db0b4 upstream.
Hold rcu_read_lock in netdev_nl_napi_get_doit, which calls napi_by_id
and is required to be called under rcu_read_lock.
Cc: stable@vger.kernel.org
Fixes: 27f91aaf49b3 ("netdev-genl: Add netlink framework functions for napi")
Signed-off-by: Joe Damato <jdamato@fastly.com>
Link: https://patch.msgid.link/20241114175157.16604-1-jdamato@fastly.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/core/netdev-genl.c | 2 ++
1 file changed, 2 insertions(+)
--- a/net/core/netdev-genl.c
+++ b/net/core/netdev-genl.c
@@ -214,6 +214,7 @@ int netdev_nl_napi_get_doit(struct sk_bu
return -ENOMEM;
rtnl_lock();
+ rcu_read_lock();
napi = napi_by_id(napi_id);
if (napi) {
@@ -223,6 +224,7 @@ int netdev_nl_napi_get_doit(struct sk_bu
err = -ENOENT;
}
+ rcu_read_unlock();
rtnl_unlock();
if (err)
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 736/817] soc: fsl: rcpm: fix missing of_node_put() in copy_ippdexpcr1_setting()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (734 preceding siblings ...)
2024-12-03 14:45 ` [PATCH 6.11 735/817] netdev-genl: Hold rcu_read_lock in napi_get Greg Kroah-Hartman
@ 2024-12-03 14:45 ` Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 737/817] media: v4l2-core: v4l2-dv-timings: check cvt/gtf result Greg Kroah-Hartman
` (90 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:45 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Javier Carrasco, Christophe Leroy
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Javier Carrasco <javier.carrasco.cruz@gmail.com>
commit c9f1efabf8e3b3ff886a42669f7093789dbeca94 upstream.
of_find_compatible_node() requires a call to of_node_put() when the
pointer to the node is not required anymore to decrement its refcount
and avoid leaking memory.
Add the missing call to of_node_put() after the node has been used.
Cc: stable@vger.kernel.org
Fixes: e95f287deed2 ("soc: fsl: handle RCPM errata A-008646 on SoC LS1021A")
Signed-off-by: Javier Carrasco <javier.carrasco.cruz@gmail.com>
Link: https://lore.kernel.org/r/20241013-rcpm-of_node_put-v1-1-9a8e55a01eae@gmail.com
Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/soc/fsl/rcpm.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/soc/fsl/rcpm.c
+++ b/drivers/soc/fsl/rcpm.c
@@ -36,6 +36,7 @@ static void copy_ippdexpcr1_setting(u32
return;
regs = of_iomap(np, 0);
+ of_node_put(np);
if (!regs)
return;
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 737/817] media: v4l2-core: v4l2-dv-timings: check cvt/gtf result
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (735 preceding siblings ...)
2024-12-03 14:45 ` [PATCH 6.11 736/817] soc: fsl: rcpm: fix missing of_node_put() in copy_ippdexpcr1_setting() Greg Kroah-Hartman
@ 2024-12-03 14:45 ` Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 738/817] ALSA: rawmidi: Fix kvfree() call in spinlock Greg Kroah-Hartman
` (89 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Hans Verkuil,
syzbot+a828133770f62293563e
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hans Verkuil <hverkuil@xs4all.nl>
commit 9f070b1862f3411b8bcdfd51a8eaad25286f9deb upstream.
The v4l2_detect_cvt/gtf functions should check the result against the
timing capabilities: these functions calculate the timings, so if they
are out of bounds, they should be rejected.
To do this, add the struct v4l2_dv_timings_cap as argument to those
functions.
This required updates to the adv7604 and adv7842 drivers since the
prototype of these functions has now changed. The timings struct
that is passed to v4l2_detect_cvt/gtf in those two drivers is filled
with the timings detected by the hardware.
The vivid driver was also updated, but an additional check was added:
the width and height specified by VIDIOC_S_DV_TIMINGS has to match the
calculated result, otherwise something went wrong. Note that vivid
*emulates* hardware, so all the values passed to the v4l2_detect_cvt/gtf
functions came from the timings struct that was filled by userspace
and passed on to the driver via VIDIOC_S_DV_TIMINGS. So these fields
can contain random data. Both the constraints check via
struct v4l2_dv_timings_cap and the additional width/height check
ensure that the resulting timings are sane and not messed up by the
v4l2_detect_cvt/gtf calculations.
Signed-off-by: Hans Verkuil <hverkuil@xs4all.nl>
Fixes: 2576415846bc ("[media] v4l2: move dv-timings related code to v4l2-dv-timings.c")
Cc: stable@vger.kernel.org
Reported-by: syzbot+a828133770f62293563e@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/linux-media/000000000000013050062127830a@google.com/
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/i2c/adv7604.c | 5
drivers/media/i2c/adv7842.c | 13 +-
drivers/media/test-drivers/vivid/vivid-vid-cap.c | 15 ++
drivers/media/v4l2-core/v4l2-dv-timings.c | 132 ++++++++++++-----------
include/media/v4l2-dv-timings.h | 18 ++-
5 files changed, 107 insertions(+), 76 deletions(-)
--- a/drivers/media/i2c/adv7604.c
+++ b/drivers/media/i2c/adv7604.c
@@ -1405,12 +1405,13 @@ static int stdi2dv_timings(struct v4l2_s
if (v4l2_detect_cvt(stdi->lcf + 1, hfreq, stdi->lcvs, 0,
(stdi->hs_pol == '+' ? V4L2_DV_HSYNC_POS_POL : 0) |
(stdi->vs_pol == '+' ? V4L2_DV_VSYNC_POS_POL : 0),
- false, timings))
+ false, adv76xx_get_dv_timings_cap(sd, -1), timings))
return 0;
if (v4l2_detect_gtf(stdi->lcf + 1, hfreq, stdi->lcvs,
(stdi->hs_pol == '+' ? V4L2_DV_HSYNC_POS_POL : 0) |
(stdi->vs_pol == '+' ? V4L2_DV_VSYNC_POS_POL : 0),
- false, state->aspect_ratio, timings))
+ false, state->aspect_ratio,
+ adv76xx_get_dv_timings_cap(sd, -1), timings))
return 0;
v4l2_dbg(2, debug, sd,
--- a/drivers/media/i2c/adv7842.c
+++ b/drivers/media/i2c/adv7842.c
@@ -1431,14 +1431,15 @@ static int stdi2dv_timings(struct v4l2_s
}
if (v4l2_detect_cvt(stdi->lcf + 1, hfreq, stdi->lcvs, 0,
- (stdi->hs_pol == '+' ? V4L2_DV_HSYNC_POS_POL : 0) |
- (stdi->vs_pol == '+' ? V4L2_DV_VSYNC_POS_POL : 0),
- false, timings))
+ (stdi->hs_pol == '+' ? V4L2_DV_HSYNC_POS_POL : 0) |
+ (stdi->vs_pol == '+' ? V4L2_DV_VSYNC_POS_POL : 0),
+ false, adv7842_get_dv_timings_cap(sd), timings))
return 0;
if (v4l2_detect_gtf(stdi->lcf + 1, hfreq, stdi->lcvs,
- (stdi->hs_pol == '+' ? V4L2_DV_HSYNC_POS_POL : 0) |
- (stdi->vs_pol == '+' ? V4L2_DV_VSYNC_POS_POL : 0),
- false, state->aspect_ratio, timings))
+ (stdi->hs_pol == '+' ? V4L2_DV_HSYNC_POS_POL : 0) |
+ (stdi->vs_pol == '+' ? V4L2_DV_VSYNC_POS_POL : 0),
+ false, state->aspect_ratio,
+ adv7842_get_dv_timings_cap(sd), timings))
return 0;
v4l2_dbg(2, debug, sd,
--- a/drivers/media/test-drivers/vivid/vivid-vid-cap.c
+++ b/drivers/media/test-drivers/vivid/vivid-vid-cap.c
@@ -1459,12 +1459,19 @@ static bool valid_cvt_gtf_timings(struct
h_freq = (u32)bt->pixelclock / total_h_pixel;
if (bt->standards == 0 || (bt->standards & V4L2_DV_BT_STD_CVT)) {
+ struct v4l2_dv_timings cvt = {};
+
if (v4l2_detect_cvt(total_v_lines, h_freq, bt->vsync, bt->width,
- bt->polarities, bt->interlaced, timings))
+ bt->polarities, bt->interlaced,
+ &vivid_dv_timings_cap, &cvt) &&
+ cvt.bt.width == bt->width && cvt.bt.height == bt->height) {
+ *timings = cvt;
return true;
+ }
}
if (bt->standards == 0 || (bt->standards & V4L2_DV_BT_STD_GTF)) {
+ struct v4l2_dv_timings gtf = {};
struct v4l2_fract aspect_ratio;
find_aspect_ratio(bt->width, bt->height,
@@ -1472,8 +1479,12 @@ static bool valid_cvt_gtf_timings(struct
&aspect_ratio.denominator);
if (v4l2_detect_gtf(total_v_lines, h_freq, bt->vsync,
bt->polarities, bt->interlaced,
- aspect_ratio, timings))
+ aspect_ratio, &vivid_dv_timings_cap,
+ >f) &&
+ gtf.bt.width == bt->width && gtf.bt.height == bt->height) {
+ *timings = gtf;
return true;
+ }
}
return false;
}
--- a/drivers/media/v4l2-core/v4l2-dv-timings.c
+++ b/drivers/media/v4l2-core/v4l2-dv-timings.c
@@ -481,25 +481,28 @@ EXPORT_SYMBOL_GPL(v4l2_calc_timeperframe
* @polarities - the horizontal and vertical polarities (same as struct
* v4l2_bt_timings polarities).
* @interlaced - if this flag is true, it indicates interlaced format
- * @fmt - the resulting timings.
+ * @cap - the v4l2_dv_timings_cap capabilities.
+ * @timings - the resulting timings.
*
* This function will attempt to detect if the given values correspond to a
* valid CVT format. If so, then it will return true, and fmt will be filled
* in with the found CVT timings.
*/
-bool v4l2_detect_cvt(unsigned frame_height,
- unsigned hfreq,
- unsigned vsync,
- unsigned active_width,
+bool v4l2_detect_cvt(unsigned int frame_height,
+ unsigned int hfreq,
+ unsigned int vsync,
+ unsigned int active_width,
u32 polarities,
bool interlaced,
- struct v4l2_dv_timings *fmt)
+ const struct v4l2_dv_timings_cap *cap,
+ struct v4l2_dv_timings *timings)
{
- int v_fp, v_bp, h_fp, h_bp, hsync;
- int frame_width, image_height, image_width;
+ struct v4l2_dv_timings t = {};
+ int v_fp, v_bp, h_fp, h_bp, hsync;
+ int frame_width, image_height, image_width;
bool reduced_blanking;
bool rb_v2 = false;
- unsigned pix_clk;
+ unsigned int pix_clk;
if (vsync < 4 || vsync > 8)
return false;
@@ -625,36 +628,39 @@ bool v4l2_detect_cvt(unsigned frame_heig
h_fp = h_blank - hsync - h_bp;
}
- fmt->type = V4L2_DV_BT_656_1120;
- fmt->bt.polarities = polarities;
- fmt->bt.width = image_width;
- fmt->bt.height = image_height;
- fmt->bt.hfrontporch = h_fp;
- fmt->bt.vfrontporch = v_fp;
- fmt->bt.hsync = hsync;
- fmt->bt.vsync = vsync;
- fmt->bt.hbackporch = frame_width - image_width - h_fp - hsync;
+ t.type = V4L2_DV_BT_656_1120;
+ t.bt.polarities = polarities;
+ t.bt.width = image_width;
+ t.bt.height = image_height;
+ t.bt.hfrontporch = h_fp;
+ t.bt.vfrontporch = v_fp;
+ t.bt.hsync = hsync;
+ t.bt.vsync = vsync;
+ t.bt.hbackporch = frame_width - image_width - h_fp - hsync;
if (!interlaced) {
- fmt->bt.vbackporch = frame_height - image_height - v_fp - vsync;
- fmt->bt.interlaced = V4L2_DV_PROGRESSIVE;
+ t.bt.vbackporch = frame_height - image_height - v_fp - vsync;
+ t.bt.interlaced = V4L2_DV_PROGRESSIVE;
} else {
- fmt->bt.vbackporch = (frame_height - image_height - 2 * v_fp -
+ t.bt.vbackporch = (frame_height - image_height - 2 * v_fp -
2 * vsync) / 2;
- fmt->bt.il_vbackporch = frame_height - image_height - 2 * v_fp -
- 2 * vsync - fmt->bt.vbackporch;
- fmt->bt.il_vfrontporch = v_fp;
- fmt->bt.il_vsync = vsync;
- fmt->bt.flags |= V4L2_DV_FL_HALF_LINE;
- fmt->bt.interlaced = V4L2_DV_INTERLACED;
+ t.bt.il_vbackporch = frame_height - image_height - 2 * v_fp -
+ 2 * vsync - t.bt.vbackporch;
+ t.bt.il_vfrontporch = v_fp;
+ t.bt.il_vsync = vsync;
+ t.bt.flags |= V4L2_DV_FL_HALF_LINE;
+ t.bt.interlaced = V4L2_DV_INTERLACED;
}
- fmt->bt.pixelclock = pix_clk;
- fmt->bt.standards = V4L2_DV_BT_STD_CVT;
+ t.bt.pixelclock = pix_clk;
+ t.bt.standards = V4L2_DV_BT_STD_CVT;
if (reduced_blanking)
- fmt->bt.flags |= V4L2_DV_FL_REDUCED_BLANKING;
+ t.bt.flags |= V4L2_DV_FL_REDUCED_BLANKING;
+ if (!v4l2_valid_dv_timings(&t, cap, NULL, NULL))
+ return false;
+ *timings = t;
return true;
}
EXPORT_SYMBOL_GPL(v4l2_detect_cvt);
@@ -699,22 +705,25 @@ EXPORT_SYMBOL_GPL(v4l2_detect_cvt);
* image height, so it has to be passed explicitly. Usually
* the native screen aspect ratio is used for this. If it
* is not filled in correctly, then 16:9 will be assumed.
- * @fmt - the resulting timings.
+ * @cap - the v4l2_dv_timings_cap capabilities.
+ * @timings - the resulting timings.
*
* This function will attempt to detect if the given values correspond to a
* valid GTF format. If so, then it will return true, and fmt will be filled
* in with the found GTF timings.
*/
-bool v4l2_detect_gtf(unsigned frame_height,
- unsigned hfreq,
- unsigned vsync,
- u32 polarities,
- bool interlaced,
- struct v4l2_fract aspect,
- struct v4l2_dv_timings *fmt)
+bool v4l2_detect_gtf(unsigned int frame_height,
+ unsigned int hfreq,
+ unsigned int vsync,
+ u32 polarities,
+ bool interlaced,
+ struct v4l2_fract aspect,
+ const struct v4l2_dv_timings_cap *cap,
+ struct v4l2_dv_timings *timings)
{
+ struct v4l2_dv_timings t = {};
int pix_clk;
- int v_fp, v_bp, h_fp, hsync;
+ int v_fp, v_bp, h_fp, hsync;
int frame_width, image_height, image_width;
bool default_gtf;
int h_blank;
@@ -783,36 +792,39 @@ bool v4l2_detect_gtf(unsigned frame_heig
h_fp = h_blank / 2 - hsync;
- fmt->type = V4L2_DV_BT_656_1120;
- fmt->bt.polarities = polarities;
- fmt->bt.width = image_width;
- fmt->bt.height = image_height;
- fmt->bt.hfrontporch = h_fp;
- fmt->bt.vfrontporch = v_fp;
- fmt->bt.hsync = hsync;
- fmt->bt.vsync = vsync;
- fmt->bt.hbackporch = frame_width - image_width - h_fp - hsync;
+ t.type = V4L2_DV_BT_656_1120;
+ t.bt.polarities = polarities;
+ t.bt.width = image_width;
+ t.bt.height = image_height;
+ t.bt.hfrontporch = h_fp;
+ t.bt.vfrontporch = v_fp;
+ t.bt.hsync = hsync;
+ t.bt.vsync = vsync;
+ t.bt.hbackporch = frame_width - image_width - h_fp - hsync;
if (!interlaced) {
- fmt->bt.vbackporch = frame_height - image_height - v_fp - vsync;
- fmt->bt.interlaced = V4L2_DV_PROGRESSIVE;
+ t.bt.vbackporch = frame_height - image_height - v_fp - vsync;
+ t.bt.interlaced = V4L2_DV_PROGRESSIVE;
} else {
- fmt->bt.vbackporch = (frame_height - image_height - 2 * v_fp -
+ t.bt.vbackporch = (frame_height - image_height - 2 * v_fp -
2 * vsync) / 2;
- fmt->bt.il_vbackporch = frame_height - image_height - 2 * v_fp -
- 2 * vsync - fmt->bt.vbackporch;
- fmt->bt.il_vfrontporch = v_fp;
- fmt->bt.il_vsync = vsync;
- fmt->bt.flags |= V4L2_DV_FL_HALF_LINE;
- fmt->bt.interlaced = V4L2_DV_INTERLACED;
+ t.bt.il_vbackporch = frame_height - image_height - 2 * v_fp -
+ 2 * vsync - t.bt.vbackporch;
+ t.bt.il_vfrontporch = v_fp;
+ t.bt.il_vsync = vsync;
+ t.bt.flags |= V4L2_DV_FL_HALF_LINE;
+ t.bt.interlaced = V4L2_DV_INTERLACED;
}
- fmt->bt.pixelclock = pix_clk;
- fmt->bt.standards = V4L2_DV_BT_STD_GTF;
+ t.bt.pixelclock = pix_clk;
+ t.bt.standards = V4L2_DV_BT_STD_GTF;
if (!default_gtf)
- fmt->bt.flags |= V4L2_DV_FL_REDUCED_BLANKING;
+ t.bt.flags |= V4L2_DV_FL_REDUCED_BLANKING;
+ if (!v4l2_valid_dv_timings(&t, cap, NULL, NULL))
+ return false;
+ *timings = t;
return true;
}
EXPORT_SYMBOL_GPL(v4l2_detect_gtf);
--- a/include/media/v4l2-dv-timings.h
+++ b/include/media/v4l2-dv-timings.h
@@ -146,15 +146,18 @@ void v4l2_print_dv_timings(const char *d
* @polarities: the horizontal and vertical polarities (same as struct
* v4l2_bt_timings polarities).
* @interlaced: if this flag is true, it indicates interlaced format
+ * @cap: the v4l2_dv_timings_cap capabilities.
* @fmt: the resulting timings.
*
* This function will attempt to detect if the given values correspond to a
* valid CVT format. If so, then it will return true, and fmt will be filled
* in with the found CVT timings.
*/
-bool v4l2_detect_cvt(unsigned frame_height, unsigned hfreq, unsigned vsync,
- unsigned active_width, u32 polarities, bool interlaced,
- struct v4l2_dv_timings *fmt);
+bool v4l2_detect_cvt(unsigned int frame_height, unsigned int hfreq,
+ unsigned int vsync, unsigned int active_width,
+ u32 polarities, bool interlaced,
+ const struct v4l2_dv_timings_cap *cap,
+ struct v4l2_dv_timings *fmt);
/**
* v4l2_detect_gtf - detect if the given timings follow the GTF standard
@@ -170,15 +173,18 @@ bool v4l2_detect_cvt(unsigned frame_heig
* image height, so it has to be passed explicitly. Usually
* the native screen aspect ratio is used for this. If it
* is not filled in correctly, then 16:9 will be assumed.
+ * @cap: the v4l2_dv_timings_cap capabilities.
* @fmt: the resulting timings.
*
* This function will attempt to detect if the given values correspond to a
* valid GTF format. If so, then it will return true, and fmt will be filled
* in with the found GTF timings.
*/
-bool v4l2_detect_gtf(unsigned frame_height, unsigned hfreq, unsigned vsync,
- u32 polarities, bool interlaced, struct v4l2_fract aspect,
- struct v4l2_dv_timings *fmt);
+bool v4l2_detect_gtf(unsigned int frame_height, unsigned int hfreq,
+ unsigned int vsync, u32 polarities, bool interlaced,
+ struct v4l2_fract aspect,
+ const struct v4l2_dv_timings_cap *cap,
+ struct v4l2_dv_timings *fmt);
/**
* v4l2_calc_aspect_ratio - calculate the aspect ratio based on bytes
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 738/817] ALSA: rawmidi: Fix kvfree() call in spinlock
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (736 preceding siblings ...)
2024-12-03 14:45 ` [PATCH 6.11 737/817] media: v4l2-core: v4l2-dv-timings: check cvt/gtf result Greg Kroah-Hartman
@ 2024-12-03 14:45 ` Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 739/817] ALSA: ump: Fix evaluation of MIDI 1.0 FB info Greg Kroah-Hartman
` (88 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+351f8764833934c68836,
Eric Dumazet, Takashi Iwai
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Takashi Iwai <tiwai@suse.de>
commit 20c0c49720dc4e205d4c1d64add56a5043c5ec5f upstream.
At the conversion of locking with guard(), I overlooked that kvfree()
must not be called inside the spinlock unlike kfree(), and this was
caught by syzkaller now.
This patch reverts the conversion partially for restoring the kvfree()
call outside the spinlock. It's not trivial to use guard() in this
context, unfortunately.
Fixes: 84bb065b316e ("ALSA: rawmidi: Use guard() for locking")
Reported-by: syzbot+351f8764833934c68836@syzkaller.appspotmail.com
Reported-by: Eric Dumazet <eric.dumazet@gmail.com>
Closes: https://lore.kernel.org/6744737b.050a0220.1cc393.007e.GAE@google.com
Cc: <stable@vger.kernel.org>
Link: https://patch.msgid.link/20241125142041.16578-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/core/rawmidi.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/sound/core/rawmidi.c b/sound/core/rawmidi.c
index 03306be5fa02..348ce1b7725e 100644
--- a/sound/core/rawmidi.c
+++ b/sound/core/rawmidi.c
@@ -724,8 +724,9 @@ static int resize_runtime_buffer(struct snd_rawmidi_substream *substream,
newbuf = kvzalloc(params->buffer_size, GFP_KERNEL);
if (!newbuf)
return -ENOMEM;
- guard(spinlock_irq)(&substream->lock);
+ spin_lock_irq(&substream->lock);
if (runtime->buffer_ref) {
+ spin_unlock_irq(&substream->lock);
kvfree(newbuf);
return -EBUSY;
}
@@ -733,6 +734,7 @@ static int resize_runtime_buffer(struct snd_rawmidi_substream *substream,
runtime->buffer = newbuf;
runtime->buffer_size = params->buffer_size;
__reset_runtime_ptrs(runtime, is_input);
+ spin_unlock_irq(&substream->lock);
kvfree(oldbuf);
}
runtime->avail_min = params->avail_min;
--
2.47.1
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 739/817] ALSA: ump: Fix evaluation of MIDI 1.0 FB info
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (737 preceding siblings ...)
2024-12-03 14:45 ` [PATCH 6.11 738/817] ALSA: rawmidi: Fix kvfree() call in spinlock Greg Kroah-Hartman
@ 2024-12-03 14:45 ` Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 740/817] ALSA: pcm: Add sanity NULL check for the default mmap fault handler Greg Kroah-Hartman
` (87 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:45 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Takashi Iwai
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Takashi Iwai <tiwai@suse.de>
commit 7be34f6feedd60e418de1c2c48e661d70416635f upstream.
The m1.0 field of UMP Function Block info specifies whether the given
FB is a MIDI 1.0 port or not. When implementing the UMP support on
Linux, I somehow interpreted as if it were bit flags, but the field is
actually an enumeration from 0 to 2, where 2 means MIDI 1.0 *and* low
speed.
This patch corrects the interpretation and sets the right bit flags
depending on the m1.0 field of FB Info. This effectively fixes the
missing detection of MIDI 1.0 FB when m1.0 is 2.
Fixes: 37e0e14128e0 ("ALSA: ump: Support UMP Endpoint and Function Block parsing")
Cc: <stable@vger.kernel.org>
Link: https://patch.msgid.link/20241127070059.8099-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/core/ump.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
--- a/sound/core/ump.c
+++ b/sound/core/ump.c
@@ -724,7 +724,10 @@ static void fill_fb_info(struct snd_ump_
info->ui_hint = buf->fb_info.ui_hint;
info->first_group = buf->fb_info.first_group;
info->num_groups = buf->fb_info.num_groups;
- info->flags = buf->fb_info.midi_10;
+ if (buf->fb_info.midi_10 < 2)
+ info->flags = buf->fb_info.midi_10;
+ else
+ info->flags = SNDRV_UMP_BLOCK_IS_MIDI1 | SNDRV_UMP_BLOCK_IS_LOWSPEED;
info->active = buf->fb_info.active;
info->midi_ci_version = buf->fb_info.midi_ci_version;
info->sysex8_streams = buf->fb_info.sysex8_streams;
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 740/817] ALSA: pcm: Add sanity NULL check for the default mmap fault handler
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (738 preceding siblings ...)
2024-12-03 14:45 ` [PATCH 6.11 739/817] ALSA: ump: Fix evaluation of MIDI 1.0 FB info Greg Kroah-Hartman
@ 2024-12-03 14:45 ` Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 741/817] ALSA: hda/realtek: Update ALC225 depop procedure Greg Kroah-Hartman
` (86 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+4bf62a7b1d0f4fdb7ae2,
Takashi Iwai
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Takashi Iwai <tiwai@suse.de>
commit d2913a07d9037fe7aed4b7e680684163eaed6bc4 upstream.
A driver might allow the mmap access before initializing its
runtime->dma_area properly. Add a proper NULL check before passing to
virt_to_page() for avoiding a panic.
Reported-by: syzbot+4bf62a7b1d0f4fdb7ae2@syzkaller.appspotmail.com
Cc: <stable@vger.kernel.org>
Link: https://patch.msgid.link/20241120141104.7060-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/core/pcm_native.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/sound/core/pcm_native.c
+++ b/sound/core/pcm_native.c
@@ -3789,9 +3789,11 @@ static vm_fault_t snd_pcm_mmap_data_faul
return VM_FAULT_SIGBUS;
if (substream->ops->page)
page = substream->ops->page(substream, offset);
- else if (!snd_pcm_get_dma_buf(substream))
+ else if (!snd_pcm_get_dma_buf(substream)) {
+ if (WARN_ON_ONCE(!runtime->dma_area))
+ return VM_FAULT_SIGBUS;
page = virt_to_page(runtime->dma_area + offset);
- else
+ } else
page = snd_sgbuf_get_page(snd_pcm_get_dma_buf(substream), offset);
if (!page)
return VM_FAULT_SIGBUS;
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 741/817] ALSA: hda/realtek: Update ALC225 depop procedure
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (739 preceding siblings ...)
2024-12-03 14:45 ` [PATCH 6.11 740/817] ALSA: pcm: Add sanity NULL check for the default mmap fault handler Greg Kroah-Hartman
@ 2024-12-03 14:45 ` Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 742/817] ALSA: hda/realtek: Set PCBeep to default value for ALC274 Greg Kroah-Hartman
` (85 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:45 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Kailang Yang, Takashi Iwai
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kailang Yang <kailang@realtek.com>
commit 1fd50509fe14a9adc9329e0454b986157a4c155a upstream.
Old procedure has a chance to meet Headphone no output.
Fixes: da911b1f5e98 ("ALSA: hda/realtek - update ALC225 depop optimize")
Signed-off-by: Kailang Yang <kailang@realtek.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/5a27b016ba9d42b4a4e6dadce50a3ba4@realtek.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/patch_realtek.c | 95 +++++++++++++++++++-----------------------
1 file changed, 43 insertions(+), 52 deletions(-)
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -3757,33 +3757,28 @@ static void alc225_init(struct hda_codec
hp1_pin_sense = snd_hda_jack_detect(codec, hp_pin);
hp2_pin_sense = snd_hda_jack_detect(codec, 0x16);
- if (hp1_pin_sense || hp2_pin_sense)
+ if (hp1_pin_sense || hp2_pin_sense) {
msleep(2);
+ alc_update_coefex_idx(codec, 0x57, 0x04, 0x0007, 0x1); /* Low power */
- alc_update_coefex_idx(codec, 0x57, 0x04, 0x0007, 0x1); /* Low power */
+ if (hp1_pin_sense)
+ snd_hda_codec_write(codec, hp_pin, 0,
+ AC_VERB_SET_PIN_WIDGET_CONTROL, PIN_OUT);
+ if (hp2_pin_sense)
+ snd_hda_codec_write(codec, 0x16, 0,
+ AC_VERB_SET_PIN_WIDGET_CONTROL, PIN_OUT);
+ msleep(75);
+
+ if (hp1_pin_sense)
+ snd_hda_codec_write(codec, hp_pin, 0,
+ AC_VERB_SET_AMP_GAIN_MUTE, AMP_OUT_UNMUTE);
+ if (hp2_pin_sense)
+ snd_hda_codec_write(codec, 0x16, 0,
+ AC_VERB_SET_AMP_GAIN_MUTE, AMP_OUT_UNMUTE);
- if (hp1_pin_sense || spec->ultra_low_power)
- snd_hda_codec_write(codec, hp_pin, 0,
- AC_VERB_SET_AMP_GAIN_MUTE, AMP_OUT_MUTE);
- if (hp2_pin_sense)
- snd_hda_codec_write(codec, 0x16, 0,
- AC_VERB_SET_AMP_GAIN_MUTE, AMP_OUT_MUTE);
-
- if (hp1_pin_sense || hp2_pin_sense || spec->ultra_low_power)
- msleep(85);
-
- if (hp1_pin_sense || spec->ultra_low_power)
- snd_hda_codec_write(codec, hp_pin, 0,
- AC_VERB_SET_PIN_WIDGET_CONTROL, PIN_OUT);
- if (hp2_pin_sense)
- snd_hda_codec_write(codec, 0x16, 0,
- AC_VERB_SET_PIN_WIDGET_CONTROL, PIN_OUT);
-
- if (hp1_pin_sense || hp2_pin_sense || spec->ultra_low_power)
- msleep(100);
-
- alc_update_coef_idx(codec, 0x4a, 3 << 10, 0);
- alc_update_coefex_idx(codec, 0x57, 0x04, 0x0007, 0x4); /* Hight power */
+ msleep(75);
+ alc_update_coefex_idx(codec, 0x57, 0x04, 0x0007, 0x4); /* Hight power */
+ }
}
static void alc225_shutup(struct hda_codec *codec)
@@ -3795,36 +3790,35 @@ static void alc225_shutup(struct hda_cod
if (!hp_pin)
hp_pin = 0x21;
- alc_disable_headset_jack_key(codec);
- /* 3k pull low control for Headset jack. */
- alc_update_coef_idx(codec, 0x4a, 0, 3 << 10);
-
hp1_pin_sense = snd_hda_jack_detect(codec, hp_pin);
hp2_pin_sense = snd_hda_jack_detect(codec, 0x16);
- if (hp1_pin_sense || hp2_pin_sense)
+ if (hp1_pin_sense || hp2_pin_sense) {
+ alc_disable_headset_jack_key(codec);
+ /* 3k pull low control for Headset jack. */
+ alc_update_coef_idx(codec, 0x4a, 0, 3 << 10);
msleep(2);
- if (hp1_pin_sense || spec->ultra_low_power)
- snd_hda_codec_write(codec, hp_pin, 0,
- AC_VERB_SET_AMP_GAIN_MUTE, AMP_OUT_MUTE);
- if (hp2_pin_sense)
- snd_hda_codec_write(codec, 0x16, 0,
- AC_VERB_SET_AMP_GAIN_MUTE, AMP_OUT_MUTE);
-
- if (hp1_pin_sense || hp2_pin_sense || spec->ultra_low_power)
- msleep(85);
-
- if (hp1_pin_sense || spec->ultra_low_power)
- snd_hda_codec_write(codec, hp_pin, 0,
- AC_VERB_SET_PIN_WIDGET_CONTROL, 0x0);
- if (hp2_pin_sense)
- snd_hda_codec_write(codec, 0x16, 0,
- AC_VERB_SET_PIN_WIDGET_CONTROL, 0x0);
-
- if (hp1_pin_sense || hp2_pin_sense || spec->ultra_low_power)
- msleep(100);
-
+ if (hp1_pin_sense)
+ snd_hda_codec_write(codec, hp_pin, 0,
+ AC_VERB_SET_AMP_GAIN_MUTE, AMP_OUT_MUTE);
+ if (hp2_pin_sense)
+ snd_hda_codec_write(codec, 0x16, 0,
+ AC_VERB_SET_AMP_GAIN_MUTE, AMP_OUT_MUTE);
+
+ msleep(75);
+
+ if (hp1_pin_sense)
+ snd_hda_codec_write(codec, hp_pin, 0,
+ AC_VERB_SET_PIN_WIDGET_CONTROL, 0x0);
+ if (hp2_pin_sense)
+ snd_hda_codec_write(codec, 0x16, 0,
+ AC_VERB_SET_PIN_WIDGET_CONTROL, 0x0);
+
+ msleep(75);
+ alc_update_coef_idx(codec, 0x4a, 3 << 10, 0);
+ alc_enable_headset_jack_key(codec);
+ }
alc_auto_setup_eapd(codec, false);
alc_shutup_pins(codec);
if (spec->ultra_low_power) {
@@ -3835,9 +3829,6 @@ static void alc225_shutup(struct hda_cod
alc_update_coef_idx(codec, 0x4a, 3<<4, 2<<4);
msleep(30);
}
-
- alc_update_coef_idx(codec, 0x4a, 3 << 10, 0);
- alc_enable_headset_jack_key(codec);
}
static void alc_default_init(struct hda_codec *codec)
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 742/817] ALSA: hda/realtek: Set PCBeep to default value for ALC274
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (740 preceding siblings ...)
2024-12-03 14:45 ` [PATCH 6.11 741/817] ALSA: hda/realtek: Update ALC225 depop procedure Greg Kroah-Hartman
@ 2024-12-03 14:45 ` Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 743/817] ALSA: hda/realtek: Fix Internal Speaker and Mic boost of Infinix Y4 Max Greg Kroah-Hartman
` (84 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:45 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Kailang Yang, Takashi Iwai
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kailang Yang <kailang@realtek.com>
commit 155699ccab7c78cbba69798242b68bc8ac66d5d2 upstream.
BIOS Enable PC beep path cause pop noise via speaker during boot time.
Set to default value from driver will solve the issue.
Signed-off-by: Kailang Yang <kailang@realtek.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/2721bb57e20a44c3826c473e933f9105@realtek.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/patch_realtek.c | 2 ++
1 file changed, 2 insertions(+)
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -473,6 +473,8 @@ static void alc_fill_eapd_coef(struct hd
break;
case 0x10ec0234:
case 0x10ec0274:
+ alc_write_coef_idx(codec, 0x6e, 0x0c25);
+ fallthrough;
case 0x10ec0294:
case 0x10ec0700:
case 0x10ec0701:
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 743/817] ALSA: hda/realtek: Fix Internal Speaker and Mic boost of Infinix Y4 Max
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (741 preceding siblings ...)
2024-12-03 14:45 ` [PATCH 6.11 742/817] ALSA: hda/realtek: Set PCBeep to default value for ALC274 Greg Kroah-Hartman
@ 2024-12-03 14:45 ` Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 744/817] ALSA: hda/realtek: Apply quirk for Medion E15433 Greg Kroah-Hartman
` (83 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:45 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Dinesh Kumar, Takashi Iwai
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dinesh Kumar <desikumar81@gmail.com>
commit 5ebe792a5139f1ce6e4aed22bef12e7e2660df96 upstream.
Internal Speaker of Infinix Y4 Max remains muted due to incorrect
Pin configuration, and the Internal Mic records high noise. This patch
corrects the Pin configuration for the Internal Speaker and limits
the Internal Mic boost.
HW Probe for device: https://linux-hardware.org/?probe=6d4386c347
Test: Internal Speaker works fine, Mic has low noise.
Signed-off-by: Dinesh Kumar <desikumar81@gmail.com>
Cc: <stable@vger.kernel.org>
Link: https://patch.msgid.link/20241125092842.13208-1-desikumar81@gmail.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/patch_realtek.c | 11 +++++++++++
1 file changed, 11 insertions(+)
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -7534,6 +7534,7 @@ enum {
ALC269_FIXUP_THINKPAD_ACPI,
ALC269_FIXUP_DMIC_THINKPAD_ACPI,
ALC269VB_FIXUP_INFINIX_ZERO_BOOK_13,
+ ALC269VC_FIXUP_INFINIX_Y4_MAX,
ALC269VB_FIXUP_CHUWI_COREBOOK_XPRO,
ALC255_FIXUP_ACER_MIC_NO_PRESENCE,
ALC255_FIXUP_ASUS_MIC_NO_PRESENCE,
@@ -7992,6 +7993,15 @@ static const struct hda_fixup alc269_fix
.chained = true,
.chain_id = ALC269_FIXUP_LIMIT_INT_MIC_BOOST
},
+ [ALC269VC_FIXUP_INFINIX_Y4_MAX] = {
+ .type = HDA_FIXUP_PINS,
+ .v.pins = (const struct hda_pintbl[]) {
+ { 0x1b, 0x90170150 }, /* use as internal speaker */
+ { }
+ },
+ .chained = true,
+ .chain_id = ALC269_FIXUP_LIMIT_INT_MIC_BOOST
+ },
[ALC269VB_FIXUP_CHUWI_COREBOOK_XPRO] = {
.type = HDA_FIXUP_PINS,
.v.pins = (const struct hda_pintbl[]) {
@@ -11017,6 +11027,7 @@ static const struct snd_pci_quirk alc269
SND_PCI_QUIRK(0x2782, 0x0214, "VAIO VJFE-CL", ALC269_FIXUP_LIMIT_INT_MIC_BOOST),
SND_PCI_QUIRK(0x2782, 0x0228, "Infinix ZERO BOOK 13", ALC269VB_FIXUP_INFINIX_ZERO_BOOK_13),
SND_PCI_QUIRK(0x2782, 0x0232, "CHUWI CoreBook XPro", ALC269VB_FIXUP_CHUWI_COREBOOK_XPRO),
+ SND_PCI_QUIRK(0x2782, 0x1701, "Infinix Y4 Max", ALC269VC_FIXUP_INFINIX_Y4_MAX),
SND_PCI_QUIRK(0x2782, 0x1707, "Vaio VJFE-ADL", ALC298_FIXUP_SPK_VOLUME),
SND_PCI_QUIRK(0x8086, 0x2074, "Intel NUC 8", ALC233_FIXUP_INTEL_NUC8_DMIC),
SND_PCI_QUIRK(0x8086, 0x2080, "Intel NUC 8 Rugged", ALC256_FIXUP_INTEL_NUC8_RUGGED),
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 744/817] ALSA: hda/realtek: Apply quirk for Medion E15433
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (742 preceding siblings ...)
2024-12-03 14:45 ` [PATCH 6.11 743/817] ALSA: hda/realtek: Fix Internal Speaker and Mic boost of Infinix Y4 Max Greg Kroah-Hartman
@ 2024-12-03 14:45 ` Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 745/817] smb3: request handle caching when caching directories Greg Kroah-Hartman
` (82 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:45 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Takashi Iwai
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Takashi Iwai <tiwai@suse.de>
commit ca0f79f0286046f6a91c099dc941cf7afae198d6 upstream.
Medion E15433 laptop wich ALC269VC (SSID 2782:1705) needs the same
workaround for the missing speaker as another model.
Link: https://bugzilla.suse.com/show_bug.cgi?id=1233298
Cc: <stable@vger.kernel.org>
Link: https://patch.msgid.link/20241128072646.15659-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/patch_realtek.c | 1 +
1 file changed, 1 insertion(+)
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -11028,6 +11028,7 @@ static const struct snd_pci_quirk alc269
SND_PCI_QUIRK(0x2782, 0x0228, "Infinix ZERO BOOK 13", ALC269VB_FIXUP_INFINIX_ZERO_BOOK_13),
SND_PCI_QUIRK(0x2782, 0x0232, "CHUWI CoreBook XPro", ALC269VB_FIXUP_CHUWI_COREBOOK_XPRO),
SND_PCI_QUIRK(0x2782, 0x1701, "Infinix Y4 Max", ALC269VC_FIXUP_INFINIX_Y4_MAX),
+ SND_PCI_QUIRK(0x2782, 0x1705, "MEDION E15433", ALC269VC_FIXUP_INFINIX_Y4_MAX),
SND_PCI_QUIRK(0x2782, 0x1707, "Vaio VJFE-ADL", ALC298_FIXUP_SPK_VOLUME),
SND_PCI_QUIRK(0x8086, 0x2074, "Intel NUC 8", ALC233_FIXUP_INTEL_NUC8_DMIC),
SND_PCI_QUIRK(0x8086, 0x2080, "Intel NUC 8 Rugged", ALC256_FIXUP_INTEL_NUC8_RUGGED),
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 745/817] smb3: request handle caching when caching directories
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (743 preceding siblings ...)
2024-12-03 14:45 ` [PATCH 6.11 744/817] ALSA: hda/realtek: Apply quirk for Medion E15433 Greg Kroah-Hartman
@ 2024-12-03 14:45 ` Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 746/817] smb: client: handle max length for SMB symlinks Greg Kroah-Hartman
` (81 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:45 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Steve French
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Steve French <stfrench@microsoft.com>
commit 9ed9d83a51a9636d367c796252409e7b2f4de4d4 upstream.
This client was only requesting READ caching, not READ and HANDLE caching
in the LeaseState on the open requests we send for directories. To
delay closing a handle (e.g. for caching directory contents) we should
be requesting HANDLE as well as READ (as we already do for deferred
close of files). See MS-SMB2 3.3.1.4 e.g.
Cc: stable@vger.kernel.org
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/smb/client/smb2ops.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/smb/client/smb2ops.c
+++ b/fs/smb/client/smb2ops.c
@@ -4078,7 +4078,7 @@ map_oplock_to_lease(u8 oplock)
if (oplock == SMB2_OPLOCK_LEVEL_EXCLUSIVE)
return SMB2_LEASE_WRITE_CACHING_LE | SMB2_LEASE_READ_CACHING_LE;
else if (oplock == SMB2_OPLOCK_LEVEL_II)
- return SMB2_LEASE_READ_CACHING_LE;
+ return SMB2_LEASE_READ_CACHING_LE | SMB2_LEASE_HANDLE_CACHING_LE;
else if (oplock == SMB2_OPLOCK_LEVEL_BATCH)
return SMB2_LEASE_HANDLE_CACHING_LE | SMB2_LEASE_READ_CACHING_LE |
SMB2_LEASE_WRITE_CACHING_LE;
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 746/817] smb: client: handle max length for SMB symlinks
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (744 preceding siblings ...)
2024-12-03 14:45 ` [PATCH 6.11 745/817] smb3: request handle caching when caching directories Greg Kroah-Hartman
@ 2024-12-03 14:45 ` Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 747/817] smb: Dont leak cfid when reconnect races with open_cached_dir Greg Kroah-Hartman
` (80 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, David Howells,
Paulo Alcantara (Red Hat), Steve French
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Paulo Alcantara <pc@manguebit.com>
commit 0812340811e45ec4039d409049be53056182a552 upstream.
We can't use PATH_MAX for SMB symlinks because
(1) Windows Server will fail FSCTL_SET_REPARSE_POINT with
STATUS_IO_REPARSE_DATA_INVALID when input buffer is larger than
16K, as specified in MS-FSA 2.1.5.10.37.
(2) The client won't be able to parse large SMB responses that
includes SMB symlink path within SMB2_CREATE or SMB2_IOCTL
responses.
Fix this by defining a maximum length value (4060) for SMB symlinks
that both client and server can handle.
Cc: David Howells <dhowells@redhat.com>
Cc: stable@vger.kernel.org
Signed-off-by: Paulo Alcantara (Red Hat) <pc@manguebit.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/smb/client/reparse.c | 5 ++++-
fs/smb/client/reparse.h | 2 ++
2 files changed, 6 insertions(+), 1 deletion(-)
--- a/fs/smb/client/reparse.c
+++ b/fs/smb/client/reparse.c
@@ -35,6 +35,9 @@ int smb2_create_reparse_symlink(const un
u16 len, plen;
int rc = 0;
+ if (strlen(symname) > REPARSE_SYM_PATH_MAX)
+ return -ENAMETOOLONG;
+
sym = kstrdup(symname, GFP_KERNEL);
if (!sym)
return -ENOMEM;
@@ -64,7 +67,7 @@ int smb2_create_reparse_symlink(const un
if (rc < 0)
goto out;
- plen = 2 * UniStrnlen((wchar_t *)path, PATH_MAX);
+ plen = 2 * UniStrnlen((wchar_t *)path, REPARSE_SYM_PATH_MAX);
len = sizeof(*buf) + plen * 2;
buf = kzalloc(len, GFP_KERNEL);
if (!buf) {
--- a/fs/smb/client/reparse.h
+++ b/fs/smb/client/reparse.h
@@ -12,6 +12,8 @@
#include "fs_context.h"
#include "cifsglob.h"
+#define REPARSE_SYM_PATH_MAX 4060
+
/*
* Used only by cifs.ko to ignore reparse points from files when client or
* server doesn't support FSCTL_GET_REPARSE_POINT.
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 747/817] smb: Dont leak cfid when reconnect races with open_cached_dir
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (745 preceding siblings ...)
2024-12-03 14:45 ` [PATCH 6.11 746/817] smb: client: handle max length for SMB symlinks Greg Kroah-Hartman
@ 2024-12-03 14:45 ` Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 748/817] smb: prevent use-after-free due to open_cached_dir error paths Greg Kroah-Hartman
` (79 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:45 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Paul Aurich, Steve French
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Paul Aurich <paul@darkrain42.org>
commit 7afb86733685c64c604d32faf00fa4a1f22c2ab1 upstream.
open_cached_dir() may either race with the tcon reconnection even before
compound_send_recv() or directly trigger a reconnection via
SMB2_open_init() or SMB_query_info_init().
The reconnection process invokes invalidate_all_cached_dirs() via
cifs_mark_open_files_invalid(), which removes all cfids from the
cfids->entries list but doesn't drop a ref if has_lease isn't true. This
results in the currently-being-constructed cfid not being on the list,
but still having a refcount of 2. It leaks if returned from
open_cached_dir().
Fix this by setting cfid->has_lease when the ref is actually taken; the
cfid will not be used by other threads until it has a valid time.
Addresses these kmemleaks:
unreferenced object 0xffff8881090c4000 (size 1024):
comm "bash", pid 1860, jiffies 4295126592
hex dump (first 32 bytes):
00 01 00 00 00 00 ad de 22 01 00 00 00 00 ad de ........".......
00 ca 45 22 81 88 ff ff f8 dc 4f 04 81 88 ff ff ..E"......O.....
backtrace (crc 6f58c20f):
[<ffffffff8b895a1e>] __kmalloc_cache_noprof+0x2be/0x350
[<ffffffff8bda06e3>] open_cached_dir+0x993/0x1fb0
[<ffffffff8bdaa750>] cifs_readdir+0x15a0/0x1d50
[<ffffffff8b9a853f>] iterate_dir+0x28f/0x4b0
[<ffffffff8b9a9aed>] __x64_sys_getdents64+0xfd/0x200
[<ffffffff8cf6da05>] do_syscall_64+0x95/0x1a0
[<ffffffff8d00012f>] entry_SYSCALL_64_after_hwframe+0x76/0x7e
unreferenced object 0xffff8881044fdcf8 (size 8):
comm "bash", pid 1860, jiffies 4295126592
hex dump (first 8 bytes):
00 cc cc cc cc cc cc cc ........
backtrace (crc 10c106a9):
[<ffffffff8b89a3d3>] __kmalloc_node_track_caller_noprof+0x363/0x480
[<ffffffff8b7d7256>] kstrdup+0x36/0x60
[<ffffffff8bda0700>] open_cached_dir+0x9b0/0x1fb0
[<ffffffff8bdaa750>] cifs_readdir+0x15a0/0x1d50
[<ffffffff8b9a853f>] iterate_dir+0x28f/0x4b0
[<ffffffff8b9a9aed>] __x64_sys_getdents64+0xfd/0x200
[<ffffffff8cf6da05>] do_syscall_64+0x95/0x1a0
[<ffffffff8d00012f>] entry_SYSCALL_64_after_hwframe+0x76/0x7e
And addresses these BUG splats when unmounting the SMB filesystem:
BUG: Dentry ffff888140590ba0{i=1000000000080,n=/} still in use (2) [unmount of cifs cifs]
WARNING: CPU: 3 PID: 3433 at fs/dcache.c:1536 umount_check+0xd0/0x100
Modules linked in:
CPU: 3 UID: 0 PID: 3433 Comm: bash Not tainted 6.12.0-rc4-g850925a8133c-dirty #49
Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020
RIP: 0010:umount_check+0xd0/0x100
Code: 8d 7c 24 40 e8 31 5a f4 ff 49 8b 54 24 40 41 56 49 89 e9 45 89 e8 48 89 d9 41 57 48 89 de 48 c7 c7 80 e7 db ac e8 f0 72 9a ff <0f> 0b 58 31 c0 5a 5b 5d 41 5c 41 5d 41 5e 41 5f e9 2b e5 5d 01 41
RSP: 0018:ffff88811cc27978 EFLAGS: 00010286
RAX: 0000000000000000 RBX: ffff888140590ba0 RCX: ffffffffaaf20bae
RDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffff8881f6fb6f40
RBP: ffff8881462ec000 R08: 0000000000000001 R09: ffffed1023984ee3
R10: ffff88811cc2771f R11: 00000000016cfcc0 R12: ffff888134383e08
R13: 0000000000000002 R14: ffff8881462ec668 R15: ffffffffaceab4c0
FS: 00007f23bfa98740(0000) GS:ffff8881f6f80000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000556de4a6f808 CR3: 0000000123c80000 CR4: 0000000000350ef0
Call Trace:
<TASK>
d_walk+0x6a/0x530
shrink_dcache_for_umount+0x6a/0x200
generic_shutdown_super+0x52/0x2a0
kill_anon_super+0x22/0x40
cifs_kill_sb+0x159/0x1e0
deactivate_locked_super+0x66/0xe0
cleanup_mnt+0x140/0x210
task_work_run+0xfb/0x170
syscall_exit_to_user_mode+0x29f/0x2b0
do_syscall_64+0xa1/0x1a0
entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f23bfb93ae7
Code: ff ff ff ff c3 66 0f 1f 44 00 00 48 8b 0d 11 93 0d 00 f7 d8 64 89 01 b8 ff ff ff ff eb bf 0f 1f 44 00 00 b8 50 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d e9 92 0d 00 f7 d8 64 89 01 48
RSP: 002b:00007ffee9138598 EFLAGS: 00000246 ORIG_RAX: 0000000000000050
RAX: 0000000000000000 RBX: 0000558f1803e9a0 RCX: 00007f23bfb93ae7
RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000558f1803e9a0
RBP: 0000558f1803e600 R08: 0000000000000007 R09: 0000558f17fab610
R10: d91d5ec34ab757b0 R11: 0000000000000246 R12: 0000000000000001
R13: 0000000000000000 R14: 0000000000000015 R15: 0000000000000000
</TASK>
irq event stamp: 1163486
hardirqs last enabled at (1163485): [<ffffffffac98d344>] _raw_spin_unlock_irqrestore+0x34/0x60
hardirqs last disabled at (1163486): [<ffffffffac97dcfc>] __schedule+0xc7c/0x19a0
softirqs last enabled at (1163482): [<ffffffffab79a3ee>] __smb_send_rqst+0x3de/0x990
softirqs last disabled at (1163480): [<ffffffffac2314f1>] release_sock+0x21/0xf0
---[ end trace 0000000000000000 ]---
VFS: Busy inodes after unmount of cifs (cifs)
------------[ cut here ]------------
kernel BUG at fs/super.c:661!
Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI
CPU: 1 UID: 0 PID: 3433 Comm: bash Tainted: G W 6.12.0-rc4-g850925a8133c-dirty #49
Tainted: [W]=WARN
Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020
RIP: 0010:generic_shutdown_super+0x290/0x2a0
Code: e8 15 7c f7 ff 48 8b 5d 28 48 89 df e8 09 7c f7 ff 48 8b 0b 48 89 ee 48 8d 95 68 06 00 00 48 c7 c7 80 7f db ac e8 00 69 af ff <0f> 0b 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 90 90 90 90 90 90
RSP: 0018:ffff88811cc27a50 EFLAGS: 00010246
RAX: 000000000000003e RBX: ffffffffae994420 RCX: 0000000000000027
RDX: 0000000000000000 RSI: ffffffffab06180e RDI: ffff8881f6eb18c8
RBP: ffff8881462ec000 R08: 0000000000000001 R09: ffffed103edd6319
R10: ffff8881f6eb18cb R11: 00000000016d3158 R12: ffff8881462ec9c0
R13: ffff8881462ec050 R14: 0000000000000001 R15: 0000000000000000
FS: 00007f23bfa98740(0000) GS:ffff8881f6e80000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f8364005d68 CR3: 0000000123c80000 CR4: 0000000000350ef0
Call Trace:
<TASK>
kill_anon_super+0x22/0x40
cifs_kill_sb+0x159/0x1e0
deactivate_locked_super+0x66/0xe0
cleanup_mnt+0x140/0x210
task_work_run+0xfb/0x170
syscall_exit_to_user_mode+0x29f/0x2b0
do_syscall_64+0xa1/0x1a0
entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f23bfb93ae7
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:generic_shutdown_super+0x290/0x2a0
Code: e8 15 7c f7 ff 48 8b 5d 28 48 89 df e8 09 7c f7 ff 48 8b 0b 48 89 ee 48 8d 95 68 06 00 00 48 c7 c7 80 7f db ac e8 00 69 af ff <0f> 0b 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 90 90 90 90 90 90
RSP: 0018:ffff88811cc27a50 EFLAGS: 00010246
RAX: 000000000000003e RBX: ffffffffae994420 RCX: 0000000000000027
RDX: 0000000000000000 RSI: ffffffffab06180e RDI: ffff8881f6eb18c8
RBP: ffff8881462ec000 R08: 0000000000000001 R09: ffffed103edd6319
R10: ffff8881f6eb18cb R11: 00000000016d3158 R12: ffff8881462ec9c0
R13: ffff8881462ec050 R14: 0000000000000001 R15: 0000000000000000
FS: 00007f23bfa98740(0000) GS:ffff8881f6e80000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f8364005d68 CR3: 0000000123c80000 CR4: 0000000000350ef0
This reproduces eventually with an SMB mount and two shells running
these loops concurrently
- while true; do
cd ~; sleep 1;
for i in {1..3}; do cd /mnt/test/subdir;
echo $PWD; sleep 1; cd ..; echo $PWD; sleep 1;
done;
echo ...;
done
- while true; do
iptables -F OUTPUT; mount -t cifs -a;
for _ in {0..2}; do ls /mnt/test/subdir/ | wc -l; done;
iptables -I OUTPUT -p tcp --dport 445 -j DROP;
sleep 10
echo "unmounting"; umount -l -t cifs -a; echo "done unmounting";
sleep 20
echo "recovering"; iptables -F OUTPUT;
sleep 10;
done
Fixes: ebe98f1447bb ("cifs: enable caching of directories for which a lease is held")
Fixes: 5c86919455c1 ("smb: client: fix use-after-free in smb2_query_info_compound()")
Cc: stable@vger.kernel.org
Signed-off-by: Paul Aurich <paul@darkrain42.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/smb/client/cached_dir.c | 27 ++++++++++++++-------------
1 file changed, 14 insertions(+), 13 deletions(-)
--- a/fs/smb/client/cached_dir.c
+++ b/fs/smb/client/cached_dir.c
@@ -59,6 +59,16 @@ static struct cached_fid *find_or_create
list_add(&cfid->entry, &cfids->entries);
cfid->on_list = true;
kref_get(&cfid->refcount);
+ /*
+ * Set @cfid->has_lease to true during construction so that the lease
+ * reference can be put in cached_dir_lease_break() due to a potential
+ * lease break right after the request is sent or while @cfid is still
+ * being cached, or if a reconnection is triggered during construction.
+ * Concurrent processes won't be to use it yet due to @cfid->time being
+ * zero.
+ */
+ cfid->has_lease = true;
+
spin_unlock(&cfids->cfid_list_lock);
return cfid;
}
@@ -176,12 +186,12 @@ replay_again:
return -ENOENT;
}
/*
- * Return cached fid if it has a lease. Otherwise, it is either a new
- * entry or laundromat worker removed it from @cfids->entries. Caller
- * will put last reference if the latter.
+ * Return cached fid if it is valid (has a lease and has a time).
+ * Otherwise, it is either a new entry or laundromat worker removed it
+ * from @cfids->entries. Caller will put last reference if the latter.
*/
spin_lock(&cfids->cfid_list_lock);
- if (cfid->has_lease) {
+ if (cfid->has_lease && cfid->time) {
spin_unlock(&cfids->cfid_list_lock);
*ret_cfid = cfid;
kfree(utf16_path);
@@ -267,15 +277,6 @@ replay_again:
smb2_set_related(&rqst[1]);
- /*
- * Set @cfid->has_lease to true before sending out compounded request so
- * its lease reference can be put in cached_dir_lease_break() due to a
- * potential lease break right after the request is sent or while @cfid
- * is still being cached. Concurrent processes won't be to use it yet
- * due to @cfid->time being zero.
- */
- cfid->has_lease = true;
-
if (retries) {
smb2_set_replay(server, &rqst[0]);
smb2_set_replay(server, &rqst[1]);
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 748/817] smb: prevent use-after-free due to open_cached_dir error paths
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (746 preceding siblings ...)
2024-12-03 14:45 ` [PATCH 6.11 747/817] smb: Dont leak cfid when reconnect races with open_cached_dir Greg Kroah-Hartman
@ 2024-12-03 14:45 ` Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 749/817] smb: During unmount, ensure all cached dir instances drop their dentry Greg Kroah-Hartman
` (78 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:45 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Paul Aurich, Steve French
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Paul Aurich <paul@darkrain42.org>
commit a9685b409a03b73d2980bbfa53eb47555802d0a9 upstream.
If open_cached_dir() encounters an error parsing the lease from the
server, the error handling may race with receiving a lease break,
resulting in open_cached_dir() freeing the cfid while the queued work is
pending.
Update open_cached_dir() to drop refs rather than directly freeing the
cfid.
Have cached_dir_lease_break(), cfids_laundromat_worker(), and
invalidate_all_cached_dirs() clear has_lease immediately while still
holding cfids->cfid_list_lock, and then use this to also simplify the
reference counting in cfids_laundromat_worker() and
invalidate_all_cached_dirs().
Fixes this KASAN splat (which manually injects an error and lease break
in open_cached_dir()):
==================================================================
BUG: KASAN: slab-use-after-free in smb2_cached_lease_break+0x27/0xb0
Read of size 8 at addr ffff88811cc24c10 by task kworker/3:1/65
CPU: 3 UID: 0 PID: 65 Comm: kworker/3:1 Not tainted 6.12.0-rc6-g255cf264e6e5-dirty #87
Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020
Workqueue: cifsiod smb2_cached_lease_break
Call Trace:
<TASK>
dump_stack_lvl+0x77/0xb0
print_report+0xce/0x660
kasan_report+0xd3/0x110
smb2_cached_lease_break+0x27/0xb0
process_one_work+0x50a/0xc50
worker_thread+0x2ba/0x530
kthread+0x17c/0x1c0
ret_from_fork+0x34/0x60
ret_from_fork_asm+0x1a/0x30
</TASK>
Allocated by task 2464:
kasan_save_stack+0x33/0x60
kasan_save_track+0x14/0x30
__kasan_kmalloc+0xaa/0xb0
open_cached_dir+0xa7d/0x1fb0
smb2_query_path_info+0x43c/0x6e0
cifs_get_fattr+0x346/0xf10
cifs_get_inode_info+0x157/0x210
cifs_revalidate_dentry_attr+0x2d1/0x460
cifs_getattr+0x173/0x470
vfs_statx_path+0x10f/0x160
vfs_statx+0xe9/0x150
vfs_fstatat+0x5e/0xc0
__do_sys_newfstatat+0x91/0xf0
do_syscall_64+0x95/0x1a0
entry_SYSCALL_64_after_hwframe+0x76/0x7e
Freed by task 2464:
kasan_save_stack+0x33/0x60
kasan_save_track+0x14/0x30
kasan_save_free_info+0x3b/0x60
__kasan_slab_free+0x51/0x70
kfree+0x174/0x520
open_cached_dir+0x97f/0x1fb0
smb2_query_path_info+0x43c/0x6e0
cifs_get_fattr+0x346/0xf10
cifs_get_inode_info+0x157/0x210
cifs_revalidate_dentry_attr+0x2d1/0x460
cifs_getattr+0x173/0x470
vfs_statx_path+0x10f/0x160
vfs_statx+0xe9/0x150
vfs_fstatat+0x5e/0xc0
__do_sys_newfstatat+0x91/0xf0
do_syscall_64+0x95/0x1a0
entry_SYSCALL_64_after_hwframe+0x76/0x7e
Last potentially related work creation:
kasan_save_stack+0x33/0x60
__kasan_record_aux_stack+0xad/0xc0
insert_work+0x32/0x100
__queue_work+0x5c9/0x870
queue_work_on+0x82/0x90
open_cached_dir+0x1369/0x1fb0
smb2_query_path_info+0x43c/0x6e0
cifs_get_fattr+0x346/0xf10
cifs_get_inode_info+0x157/0x210
cifs_revalidate_dentry_attr+0x2d1/0x460
cifs_getattr+0x173/0x470
vfs_statx_path+0x10f/0x160
vfs_statx+0xe9/0x150
vfs_fstatat+0x5e/0xc0
__do_sys_newfstatat+0x91/0xf0
do_syscall_64+0x95/0x1a0
entry_SYSCALL_64_after_hwframe+0x76/0x7e
The buggy address belongs to the object at ffff88811cc24c00
which belongs to the cache kmalloc-1k of size 1024
The buggy address is located 16 bytes inside of
freed 1024-byte region [ffff88811cc24c00, ffff88811cc25000)
Cc: stable@vger.kernel.org
Signed-off-by: Paul Aurich <paul@darkrain42.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/smb/client/cached_dir.c | 70 ++++++++++++++++++---------------------------
1 file changed, 29 insertions(+), 41 deletions(-)
--- a/fs/smb/client/cached_dir.c
+++ b/fs/smb/client/cached_dir.c
@@ -348,6 +348,7 @@ oshr_free:
SMB2_query_info_free(&rqst[1]);
free_rsp_buf(resp_buftype[0], rsp_iov[0].iov_base);
free_rsp_buf(resp_buftype[1], rsp_iov[1].iov_base);
+out:
if (rc) {
spin_lock(&cfids->cfid_list_lock);
if (cfid->on_list) {
@@ -359,23 +360,14 @@ oshr_free:
/*
* We are guaranteed to have two references at this
* point. One for the caller and one for a potential
- * lease. Release the Lease-ref so that the directory
- * will be closed when the caller closes the cached
- * handle.
+ * lease. Release one here, and the second below.
*/
cfid->has_lease = false;
- spin_unlock(&cfids->cfid_list_lock);
kref_put(&cfid->refcount, smb2_close_cached_fid);
- goto out;
}
spin_unlock(&cfids->cfid_list_lock);
- }
-out:
- if (rc) {
- if (cfid->is_open)
- SMB2_close(0, cfid->tcon, cfid->fid.persistent_fid,
- cfid->fid.volatile_fid);
- free_cached_dir(cfid);
+
+ kref_put(&cfid->refcount, smb2_close_cached_fid);
} else {
*ret_cfid = cfid;
atomic_inc(&tcon->num_remote_opens);
@@ -513,25 +505,24 @@ void invalidate_all_cached_dirs(struct c
cfids->num_entries--;
cfid->is_open = false;
cfid->on_list = false;
- /* To prevent race with smb2_cached_lease_break() */
- kref_get(&cfid->refcount);
+ if (cfid->has_lease) {
+ /*
+ * The lease was never cancelled from the server,
+ * so steal that reference.
+ */
+ cfid->has_lease = false;
+ } else
+ kref_get(&cfid->refcount);
}
spin_unlock(&cfids->cfid_list_lock);
list_for_each_entry_safe(cfid, q, &entry, entry) {
list_del(&cfid->entry);
cancel_work_sync(&cfid->lease_break);
- if (cfid->has_lease) {
- /*
- * We lease was never cancelled from the server so we
- * need to drop the reference.
- */
- spin_lock(&cfids->cfid_list_lock);
- cfid->has_lease = false;
- spin_unlock(&cfids->cfid_list_lock);
- kref_put(&cfid->refcount, smb2_close_cached_fid);
- }
- /* Drop the extra reference opened above*/
+ /*
+ * Drop the ref-count from above, either the lease-ref (if there
+ * was one) or the extra one acquired.
+ */
kref_put(&cfid->refcount, smb2_close_cached_fid);
}
}
@@ -542,9 +533,6 @@ smb2_cached_lease_break(struct work_stru
struct cached_fid *cfid = container_of(work,
struct cached_fid, lease_break);
- spin_lock(&cfid->cfids->cfid_list_lock);
- cfid->has_lease = false;
- spin_unlock(&cfid->cfids->cfid_list_lock);
kref_put(&cfid->refcount, smb2_close_cached_fid);
}
@@ -562,6 +550,7 @@ int cached_dir_lease_break(struct cifs_t
!memcmp(lease_key,
cfid->fid.lease_key,
SMB2_LEASE_KEY_SIZE)) {
+ cfid->has_lease = false;
cfid->time = 0;
/*
* We found a lease remove it from the list
@@ -639,8 +628,14 @@ static void cfids_laundromat_worker(stru
cfid->on_list = false;
list_move(&cfid->entry, &entry);
cfids->num_entries--;
- /* To prevent race with smb2_cached_lease_break() */
- kref_get(&cfid->refcount);
+ if (cfid->has_lease) {
+ /*
+ * Our lease has not yet been cancelled from the
+ * server. Steal that reference.
+ */
+ cfid->has_lease = false;
+ } else
+ kref_get(&cfid->refcount);
}
}
spin_unlock(&cfids->cfid_list_lock);
@@ -652,17 +647,10 @@ static void cfids_laundromat_worker(stru
* with it.
*/
cancel_work_sync(&cfid->lease_break);
- if (cfid->has_lease) {
- /*
- * Our lease has not yet been cancelled from the server
- * so we need to drop the reference.
- */
- spin_lock(&cfids->cfid_list_lock);
- cfid->has_lease = false;
- spin_unlock(&cfids->cfid_list_lock);
- kref_put(&cfid->refcount, smb2_close_cached_fid);
- }
- /* Drop the extra reference opened above */
+ /*
+ * Drop the ref-count from above, either the lease-ref (if there
+ * was one) or the extra one acquired.
+ */
kref_put(&cfid->refcount, smb2_close_cached_fid);
}
queue_delayed_work(cifsiod_wq, &cfids->laundromat_work,
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 749/817] smb: During unmount, ensure all cached dir instances drop their dentry
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (747 preceding siblings ...)
2024-12-03 14:45 ` [PATCH 6.11 748/817] smb: prevent use-after-free due to open_cached_dir error paths Greg Kroah-Hartman
@ 2024-12-03 14:45 ` Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 750/817] usb: misc: ljca: set small runtime autosuspend delay Greg Kroah-Hartman
` (77 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:45 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Paul Aurich, Steve French
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Paul Aurich <paul@darkrain42.org>
commit 3fa640d035e5ae526769615c35cb9ed4be6e3662 upstream.
The unmount process (cifs_kill_sb() calling close_all_cached_dirs()) can
race with various cached directory operations, which ultimately results
in dentries not being dropped and these kernel BUGs:
BUG: Dentry ffff88814f37e358{i=1000000000080,n=/} still in use (2) [unmount of cifs cifs]
VFS: Busy inodes after unmount of cifs (cifs)
------------[ cut here ]------------
kernel BUG at fs/super.c:661!
This happens when a cfid is in the process of being cleaned up when, and
has been removed from the cfids->entries list, including:
- Receiving a lease break from the server
- Server reconnection triggers invalidate_all_cached_dirs(), which
removes all the cfids from the list
- The laundromat thread decides to expire an old cfid.
To solve these problems, dropping the dentry is done in queued work done
in a newly-added cfid_put_wq workqueue, and close_all_cached_dirs()
flushes that workqueue after it drops all the dentries of which it's
aware. This is a global workqueue (rather than scoped to a mount), but
the queued work is minimal.
The final cleanup work for cleaning up a cfid is performed via work
queued in the serverclose_wq workqueue; this is done separate from
dropping the dentries so that close_all_cached_dirs() doesn't block on
any server operations.
Both of these queued works expect to invoked with a cfid reference and
a tcon reference to avoid those objects from being freed while the work
is ongoing.
While we're here, add proper locking to close_all_cached_dirs(), and
locking around the freeing of cfid->dentry.
Fixes: ebe98f1447bb ("cifs: enable caching of directories for which a lease is held")
Cc: stable@vger.kernel.org
Signed-off-by: Paul Aurich <paul@darkrain42.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/smb/client/cached_dir.c | 156 ++++++++++++++++++++++++++++++++++++---------
fs/smb/client/cached_dir.h | 6 +
fs/smb/client/cifsfs.c | 12 +++
fs/smb/client/cifsglob.h | 3
fs/smb/client/inode.c | 3
fs/smb/client/trace.h | 3
6 files changed, 147 insertions(+), 36 deletions(-)
--- a/fs/smb/client/cached_dir.c
+++ b/fs/smb/client/cached_dir.c
@@ -17,6 +17,11 @@ static void free_cached_dir(struct cache
static void smb2_close_cached_fid(struct kref *ref);
static void cfids_laundromat_worker(struct work_struct *work);
+struct cached_dir_dentry {
+ struct list_head entry;
+ struct dentry *dentry;
+};
+
static struct cached_fid *find_or_create_cached_dir(struct cached_fids *cfids,
const char *path,
bool lookup_only,
@@ -470,7 +475,10 @@ void close_all_cached_dirs(struct cifs_s
struct cifs_tcon *tcon;
struct tcon_link *tlink;
struct cached_fids *cfids;
+ struct cached_dir_dentry *tmp_list, *q;
+ LIST_HEAD(entry);
+ spin_lock(&cifs_sb->tlink_tree_lock);
for (node = rb_first(root); node; node = rb_next(node)) {
tlink = rb_entry(node, struct tcon_link, tl_rbnode);
tcon = tlink_tcon(tlink);
@@ -479,11 +487,30 @@ void close_all_cached_dirs(struct cifs_s
cfids = tcon->cfids;
if (cfids == NULL)
continue;
+ spin_lock(&cfids->cfid_list_lock);
list_for_each_entry(cfid, &cfids->entries, entry) {
- dput(cfid->dentry);
+ tmp_list = kmalloc(sizeof(*tmp_list), GFP_ATOMIC);
+ if (tmp_list == NULL)
+ break;
+ spin_lock(&cfid->fid_lock);
+ tmp_list->dentry = cfid->dentry;
cfid->dentry = NULL;
+ spin_unlock(&cfid->fid_lock);
+
+ list_add_tail(&tmp_list->entry, &entry);
}
+ spin_unlock(&cfids->cfid_list_lock);
+ }
+ spin_unlock(&cifs_sb->tlink_tree_lock);
+
+ list_for_each_entry_safe(tmp_list, q, &entry, entry) {
+ list_del(&tmp_list->entry);
+ dput(tmp_list->dentry);
+ kfree(tmp_list);
}
+
+ /* Flush any pending work that will drop dentries */
+ flush_workqueue(cfid_put_wq);
}
/*
@@ -494,14 +521,18 @@ void invalidate_all_cached_dirs(struct c
{
struct cached_fids *cfids = tcon->cfids;
struct cached_fid *cfid, *q;
- LIST_HEAD(entry);
if (cfids == NULL)
return;
+ /*
+ * Mark all the cfids as closed, and move them to the cfids->dying list.
+ * They'll be cleaned up later by cfids_invalidation_worker. Take
+ * a reference to each cfid during this process.
+ */
spin_lock(&cfids->cfid_list_lock);
list_for_each_entry_safe(cfid, q, &cfids->entries, entry) {
- list_move(&cfid->entry, &entry);
+ list_move(&cfid->entry, &cfids->dying);
cfids->num_entries--;
cfid->is_open = false;
cfid->on_list = false;
@@ -514,26 +545,47 @@ void invalidate_all_cached_dirs(struct c
} else
kref_get(&cfid->refcount);
}
+ /*
+ * Queue dropping of the dentries once locks have been dropped
+ */
+ if (!list_empty(&cfids->dying))
+ queue_work(cfid_put_wq, &cfids->invalidation_work);
spin_unlock(&cfids->cfid_list_lock);
-
- list_for_each_entry_safe(cfid, q, &entry, entry) {
- list_del(&cfid->entry);
- cancel_work_sync(&cfid->lease_break);
- /*
- * Drop the ref-count from above, either the lease-ref (if there
- * was one) or the extra one acquired.
- */
- kref_put(&cfid->refcount, smb2_close_cached_fid);
- }
}
static void
-smb2_cached_lease_break(struct work_struct *work)
+cached_dir_offload_close(struct work_struct *work)
{
struct cached_fid *cfid = container_of(work,
- struct cached_fid, lease_break);
+ struct cached_fid, close_work);
+ struct cifs_tcon *tcon = cfid->tcon;
+
+ WARN_ON(cfid->on_list);
kref_put(&cfid->refcount, smb2_close_cached_fid);
+ cifs_put_tcon(tcon, netfs_trace_tcon_ref_put_cached_close);
+}
+
+/*
+ * Release the cached directory's dentry, and then queue work to drop cached
+ * directory itself (closing on server if needed).
+ *
+ * Must be called with a reference to the cached_fid and a reference to the
+ * tcon.
+ */
+static void cached_dir_put_work(struct work_struct *work)
+{
+ struct cached_fid *cfid = container_of(work, struct cached_fid,
+ put_work);
+ struct dentry *dentry;
+
+ spin_lock(&cfid->fid_lock);
+ dentry = cfid->dentry;
+ cfid->dentry = NULL;
+ spin_unlock(&cfid->fid_lock);
+
+ dput(dentry);
+ queue_work(serverclose_wq, &cfid->close_work);
}
int cached_dir_lease_break(struct cifs_tcon *tcon, __u8 lease_key[16])
@@ -560,8 +612,10 @@ int cached_dir_lease_break(struct cifs_t
cfid->on_list = false;
cfids->num_entries--;
- queue_work(cifsiod_wq,
- &cfid->lease_break);
+ ++tcon->tc_count;
+ trace_smb3_tcon_ref(tcon->debug_id, tcon->tc_count,
+ netfs_trace_tcon_ref_get_cached_lease_break);
+ queue_work(cfid_put_wq, &cfid->put_work);
spin_unlock(&cfids->cfid_list_lock);
return true;
}
@@ -583,7 +637,8 @@ static struct cached_fid *init_cached_di
return NULL;
}
- INIT_WORK(&cfid->lease_break, smb2_cached_lease_break);
+ INIT_WORK(&cfid->close_work, cached_dir_offload_close);
+ INIT_WORK(&cfid->put_work, cached_dir_put_work);
INIT_LIST_HEAD(&cfid->entry);
INIT_LIST_HEAD(&cfid->dirents.entries);
mutex_init(&cfid->dirents.de_mutex);
@@ -596,6 +651,9 @@ static void free_cached_dir(struct cache
{
struct cached_dirent *dirent, *q;
+ WARN_ON(work_pending(&cfid->close_work));
+ WARN_ON(work_pending(&cfid->put_work));
+
dput(cfid->dentry);
cfid->dentry = NULL;
@@ -613,10 +671,30 @@ static void free_cached_dir(struct cache
kfree(cfid);
}
+static void cfids_invalidation_worker(struct work_struct *work)
+{
+ struct cached_fids *cfids = container_of(work, struct cached_fids,
+ invalidation_work);
+ struct cached_fid *cfid, *q;
+ LIST_HEAD(entry);
+
+ spin_lock(&cfids->cfid_list_lock);
+ /* move cfids->dying to the local list */
+ list_cut_before(&entry, &cfids->dying, &cfids->dying);
+ spin_unlock(&cfids->cfid_list_lock);
+
+ list_for_each_entry_safe(cfid, q, &entry, entry) {
+ list_del(&cfid->entry);
+ /* Drop the ref-count acquired in invalidate_all_cached_dirs */
+ kref_put(&cfid->refcount, smb2_close_cached_fid);
+ }
+}
+
static void cfids_laundromat_worker(struct work_struct *work)
{
struct cached_fids *cfids;
struct cached_fid *cfid, *q;
+ struct dentry *dentry;
LIST_HEAD(entry);
cfids = container_of(work, struct cached_fids, laundromat_work.work);
@@ -642,18 +720,28 @@ static void cfids_laundromat_worker(stru
list_for_each_entry_safe(cfid, q, &entry, entry) {
list_del(&cfid->entry);
- /*
- * Cancel and wait for the work to finish in case we are racing
- * with it.
- */
- cancel_work_sync(&cfid->lease_break);
- /*
- * Drop the ref-count from above, either the lease-ref (if there
- * was one) or the extra one acquired.
- */
- kref_put(&cfid->refcount, smb2_close_cached_fid);
+
+ spin_lock(&cfid->fid_lock);
+ dentry = cfid->dentry;
+ cfid->dentry = NULL;
+ spin_unlock(&cfid->fid_lock);
+
+ dput(dentry);
+ if (cfid->is_open) {
+ spin_lock(&cifs_tcp_ses_lock);
+ ++cfid->tcon->tc_count;
+ trace_smb3_tcon_ref(cfid->tcon->debug_id, cfid->tcon->tc_count,
+ netfs_trace_tcon_ref_get_cached_laundromat);
+ spin_unlock(&cifs_tcp_ses_lock);
+ queue_work(serverclose_wq, &cfid->close_work);
+ } else
+ /*
+ * Drop the ref-count from above, either the lease-ref (if there
+ * was one) or the extra one acquired.
+ */
+ kref_put(&cfid->refcount, smb2_close_cached_fid);
}
- queue_delayed_work(cifsiod_wq, &cfids->laundromat_work,
+ queue_delayed_work(cfid_put_wq, &cfids->laundromat_work,
dir_cache_timeout * HZ);
}
@@ -666,9 +754,11 @@ struct cached_fids *init_cached_dirs(voi
return NULL;
spin_lock_init(&cfids->cfid_list_lock);
INIT_LIST_HEAD(&cfids->entries);
+ INIT_LIST_HEAD(&cfids->dying);
+ INIT_WORK(&cfids->invalidation_work, cfids_invalidation_worker);
INIT_DELAYED_WORK(&cfids->laundromat_work, cfids_laundromat_worker);
- queue_delayed_work(cifsiod_wq, &cfids->laundromat_work,
+ queue_delayed_work(cfid_put_wq, &cfids->laundromat_work,
dir_cache_timeout * HZ);
return cfids;
@@ -687,12 +777,18 @@ void free_cached_dirs(struct cached_fids
return;
cancel_delayed_work_sync(&cfids->laundromat_work);
+ cancel_work_sync(&cfids->invalidation_work);
spin_lock(&cfids->cfid_list_lock);
list_for_each_entry_safe(cfid, q, &cfids->entries, entry) {
cfid->on_list = false;
cfid->is_open = false;
list_move(&cfid->entry, &entry);
+ }
+ list_for_each_entry_safe(cfid, q, &cfids->dying, entry) {
+ cfid->on_list = false;
+ cfid->is_open = false;
+ list_move(&cfid->entry, &entry);
}
spin_unlock(&cfids->cfid_list_lock);
--- a/fs/smb/client/cached_dir.h
+++ b/fs/smb/client/cached_dir.h
@@ -44,7 +44,8 @@ struct cached_fid {
spinlock_t fid_lock;
struct cifs_tcon *tcon;
struct dentry *dentry;
- struct work_struct lease_break;
+ struct work_struct put_work;
+ struct work_struct close_work;
struct smb2_file_all_info file_all_info;
struct cached_dirents dirents;
};
@@ -53,10 +54,13 @@ struct cached_fid {
struct cached_fids {
/* Must be held when:
* - accessing the cfids->entries list
+ * - accessing the cfids->dying list
*/
spinlock_t cfid_list_lock;
int num_entries;
struct list_head entries;
+ struct list_head dying;
+ struct work_struct invalidation_work;
struct delayed_work laundromat_work;
};
--- a/fs/smb/client/cifsfs.c
+++ b/fs/smb/client/cifsfs.c
@@ -157,6 +157,7 @@ struct workqueue_struct *fileinfo_put_wq
struct workqueue_struct *cifsoplockd_wq;
struct workqueue_struct *deferredclose_wq;
struct workqueue_struct *serverclose_wq;
+struct workqueue_struct *cfid_put_wq;
__u32 cifs_lock_secret;
/*
@@ -1895,9 +1896,16 @@ init_cifs(void)
goto out_destroy_deferredclose_wq;
}
+ cfid_put_wq = alloc_workqueue("cfid_put_wq",
+ WQ_FREEZABLE|WQ_MEM_RECLAIM, 0);
+ if (!cfid_put_wq) {
+ rc = -ENOMEM;
+ goto out_destroy_serverclose_wq;
+ }
+
rc = cifs_init_inodecache();
if (rc)
- goto out_destroy_serverclose_wq;
+ goto out_destroy_cfid_put_wq;
rc = cifs_init_netfs();
if (rc)
@@ -1965,6 +1973,8 @@ out_destroy_netfs:
cifs_destroy_netfs();
out_destroy_inodecache:
cifs_destroy_inodecache();
+out_destroy_cfid_put_wq:
+ destroy_workqueue(cfid_put_wq);
out_destroy_serverclose_wq:
destroy_workqueue(serverclose_wq);
out_destroy_deferredclose_wq:
--- a/fs/smb/client/cifsglob.h
+++ b/fs/smb/client/cifsglob.h
@@ -1982,7 +1982,7 @@ require use of the stronger protocol */
* cifsInodeInfo->lock_sem cifsInodeInfo->llist cifs_init_once
* ->can_cache_brlcks
* cifsInodeInfo->deferred_lock cifsInodeInfo->deferred_closes cifsInodeInfo_alloc
- * cached_fid->fid_mutex cifs_tcon->crfid tcon_info_alloc
+ * cached_fids->cfid_list_lock cifs_tcon->cfids->entries init_cached_dirs
* cifsFileInfo->fh_mutex cifsFileInfo cifs_new_fileinfo
* cifsFileInfo->file_info_lock cifsFileInfo->count cifs_new_fileinfo
* ->invalidHandle initiate_cifs_search
@@ -2070,6 +2070,7 @@ extern struct workqueue_struct *fileinfo
extern struct workqueue_struct *cifsoplockd_wq;
extern struct workqueue_struct *deferredclose_wq;
extern struct workqueue_struct *serverclose_wq;
+extern struct workqueue_struct *cfid_put_wq;
extern __u32 cifs_lock_secret;
extern mempool_t *cifs_sm_req_poolp;
--- a/fs/smb/client/inode.c
+++ b/fs/smb/client/inode.c
@@ -2433,13 +2433,10 @@ cifs_dentry_needs_reval(struct dentry *d
return true;
if (!open_cached_dir_by_dentry(tcon, dentry->d_parent, &cfid)) {
- spin_lock(&cfid->fid_lock);
if (cfid->time && cifs_i->time > cfid->time) {
- spin_unlock(&cfid->fid_lock);
close_cached_dir(cfid);
return false;
}
- spin_unlock(&cfid->fid_lock);
close_cached_dir(cfid);
}
/*
--- a/fs/smb/client/trace.h
+++ b/fs/smb/client/trace.h
@@ -44,6 +44,8 @@
EM(netfs_trace_tcon_ref_free_ipc, "FRE Ipc ") \
EM(netfs_trace_tcon_ref_free_ipc_fail, "FRE Ipc-F ") \
EM(netfs_trace_tcon_ref_free_reconnect_server, "FRE Reconn") \
+ EM(netfs_trace_tcon_ref_get_cached_laundromat, "GET Ch-Lau") \
+ EM(netfs_trace_tcon_ref_get_cached_lease_break, "GET Ch-Lea") \
EM(netfs_trace_tcon_ref_get_cancelled_close, "GET Cn-Cls") \
EM(netfs_trace_tcon_ref_get_dfs_refer, "GET DfsRef") \
EM(netfs_trace_tcon_ref_get_find, "GET Find ") \
@@ -52,6 +54,7 @@
EM(netfs_trace_tcon_ref_new, "NEW ") \
EM(netfs_trace_tcon_ref_new_ipc, "NEW Ipc ") \
EM(netfs_trace_tcon_ref_new_reconnect_server, "NEW Reconn") \
+ EM(netfs_trace_tcon_ref_put_cached_close, "PUT Ch-Cls") \
EM(netfs_trace_tcon_ref_put_cancelled_close, "PUT Cn-Cls") \
EM(netfs_trace_tcon_ref_put_cancelled_close_fid, "PUT Cn-Fid") \
EM(netfs_trace_tcon_ref_put_cancelled_mid, "PUT Cn-Mid") \
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 750/817] usb: misc: ljca: set small runtime autosuspend delay
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (748 preceding siblings ...)
2024-12-03 14:45 ` [PATCH 6.11 749/817] smb: During unmount, ensure all cached dir instances drop their dentry Greg Kroah-Hartman
@ 2024-12-03 14:45 ` Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 751/817] usb: misc: ljca: move usb_autopm_put_interface() after wait for response Greg Kroah-Hartman
` (76 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Hans de Goede, Sakari Ailus,
Stanislaw Gruszka
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Stanislaw Gruszka <stanislaw.gruszka@linux.intel.com>
commit 2481af79671a6603fce201cbbc48f31e488e9fae upstream.
On some Lenovo platforms, the patch works around problems with ov2740
sensor initialization, which manifest themself like below:
[ 4.540476] ov2740 i2c-INT3474:01: error -EIO: failed to find sensor
[ 4.542066] ov2740 i2c-INT3474:01: probe with driver ov2740 failed with error -5
or
[ 7.742633] ov2740 i2c-INT3474:01: chip id mismatch: 2740 != 0
[ 7.742638] ov2740 i2c-INT3474:01: error -ENXIO: failed to find sensor
and also by random failures of video stream start.
Issue can be reproduced by this script:
n=0
k=0
while [ $n -lt 50 ] ; do
sudo modprobe -r ov2740
sleep `expr $RANDOM % 5`
sudo modprobe ov2740
if media-ctl -p | grep -q ov2740 ; then
let k++
fi
let n++
done
echo Success rate $k/$n
Without the patch, success rate is approximately 15 or 50 tries.
With the patch it does not fail.
This problem is some hardware or firmware malfunction, that can not be
easy debug and fix. While setting small autosuspend delay is not perfect
workaround as user can configure it to any value, it will prevent
the failures by default.
Additionally setting small autosuspend delay should have positive effect
on power consumption as for most ljca workloads device is used for just
a few milliseconds flowed by long periods of at least 100ms of inactivity
(usually more).
Fixes: acd6199f195d ("usb: Add support for Intel LJCA device")
Cc: stable@vger.kernel.org
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Tested-by: Hans de Goede <hdegoede@redhat.com> # ThinkPad X1 Yoga Gen 8, ov2740
Acked-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Stanislaw Gruszka <stanislaw.gruszka@linux.intel.com>
Link: https://lore.kernel.org/r/20241112075514.680712-2-stanislaw.gruszka@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/misc/usb-ljca.c | 8 ++++++++
1 file changed, 8 insertions(+)
--- a/drivers/usb/misc/usb-ljca.c
+++ b/drivers/usb/misc/usb-ljca.c
@@ -811,6 +811,14 @@ static int ljca_probe(struct usb_interfa
if (ret)
goto err_free;
+ /*
+ * This works around problems with ov2740 initialization on some
+ * Lenovo platforms. The autosuspend delay, has to be smaller than
+ * the delay after setting the reset_gpio line in ov2740_resume().
+ * Otherwise the sensor randomly fails to initialize.
+ */
+ pm_runtime_set_autosuspend_delay(&usb_dev->dev, 10);
+
usb_enable_autosuspend(usb_dev);
return 0;
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 751/817] usb: misc: ljca: move usb_autopm_put_interface() after wait for response
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (749 preceding siblings ...)
2024-12-03 14:45 ` [PATCH 6.11 750/817] usb: misc: ljca: set small runtime autosuspend delay Greg Kroah-Hartman
@ 2024-12-03 14:45 ` Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 752/817] usb: dwc3: ep0: Dont clear ep0 DWC3_EP_TRANSFER_STARTED Greg Kroah-Hartman
` (75 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Hans de Goede, Sakari Ailus,
Stanislaw Gruszka
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Stanislaw Gruszka <stanislaw.gruszka@linux.intel.com>
commit 5c5d8eb8af06df615e8b1dc88e5847196c846045 upstream.
Do not mark interface as ready to suspend when we are still waiting
for response messages from the device.
Fixes: acd6199f195d ("usb: Add support for Intel LJCA device")
Cc: stable@vger.kernel.org
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Tested-by: Hans de Goede <hdegoede@redhat.com> # ThinkPad X1 Yoga Gen 8, ov2740
Acked-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Stanislaw Gruszka <stanislaw.gruszka@linux.intel.com>
Link: https://lore.kernel.org/r/20241112075514.680712-1-stanislaw.gruszka@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/misc/usb-ljca.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
--- a/drivers/usb/misc/usb-ljca.c
+++ b/drivers/usb/misc/usb-ljca.c
@@ -332,14 +332,11 @@ static int ljca_send(struct ljca_adapter
ret = usb_bulk_msg(adap->usb_dev, adap->tx_pipe, header,
msg_len, &transferred, LJCA_WRITE_TIMEOUT_MS);
-
- usb_autopm_put_interface(adap->intf);
-
if (ret < 0)
- goto out;
+ goto out_put;
if (transferred != msg_len) {
ret = -EIO;
- goto out;
+ goto out_put;
}
if (ack) {
@@ -347,11 +344,14 @@ static int ljca_send(struct ljca_adapter
timeout);
if (!ret) {
ret = -ETIMEDOUT;
- goto out;
+ goto out_put;
}
}
ret = adap->actual_length;
+out_put:
+ usb_autopm_put_interface(adap->intf);
+
out:
spin_lock_irqsave(&adap->lock, flags);
adap->ex_buf = NULL;
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 752/817] usb: dwc3: ep0: Dont clear ep0 DWC3_EP_TRANSFER_STARTED
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (750 preceding siblings ...)
2024-12-03 14:45 ` [PATCH 6.11 751/817] usb: misc: ljca: move usb_autopm_put_interface() after wait for response Greg Kroah-Hartman
@ 2024-12-03 14:45 ` Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 753/817] usb: musb: Fix hardware lockup on first Rx endpoint request Greg Kroah-Hartman
` (74 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:45 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Thinh Nguyen
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
commit 5d2fb074dea289c41f5aaf2c3f68286bee370634 upstream.
The driver cannot issue the End Transfer command to the SETUP transfer.
Don't clear DWC3_EP_TRANSFER_STARTED flag to make sure that the driver
won't send Start Transfer command again, which can cause no-resource
error. For example this can occur if the host issues a reset to the
device.
Cc: stable@vger.kernel.org
Fixes: 76cb323f80ac ("usb: dwc3: ep0: clear all EP0 flags")
Signed-off-by: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
Link: https://lore.kernel.org/r/d3d618185fd614bb7426352a9fc1199641d3b5f5.1731545781.git.Thinh.Nguyen@synopsys.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/dwc3/ep0.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/usb/dwc3/ep0.c
+++ b/drivers/usb/dwc3/ep0.c
@@ -232,7 +232,7 @@ void dwc3_ep0_stall_and_restart(struct d
/* stall is always issued on EP0 */
dep = dwc->eps[0];
__dwc3_gadget_ep_set_halt(dep, 1, false);
- dep->flags &= DWC3_EP_RESOURCE_ALLOCATED;
+ dep->flags &= DWC3_EP_RESOURCE_ALLOCATED | DWC3_EP_TRANSFER_STARTED;
dep->flags |= DWC3_EP_ENABLED;
dwc->delayed_status = false;
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 753/817] usb: musb: Fix hardware lockup on first Rx endpoint request
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (751 preceding siblings ...)
2024-12-03 14:45 ` [PATCH 6.11 752/817] usb: dwc3: ep0: Dont clear ep0 DWC3_EP_TRANSFER_STARTED Greg Kroah-Hartman
@ 2024-12-03 14:45 ` Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 754/817] usb: dwc3: gadget: Fix checking for number of TRBs left Greg Kroah-Hartman
` (73 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:45 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Hubert Wiśniewski
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hubert Wiśniewski <hubert.wisniewski.25632@gmail.com>
commit 3fc137386c4620305bbc2a216868c53f9245670a upstream.
There is a possibility that a request's callback could be invoked from
usb_ep_queue() (call trace below, supplemented with missing calls):
req->complete from usb_gadget_giveback_request
(drivers/usb/gadget/udc/core.c:999)
usb_gadget_giveback_request from musb_g_giveback
(drivers/usb/musb/musb_gadget.c:147)
musb_g_giveback from rxstate
(drivers/usb/musb/musb_gadget.c:784)
rxstate from musb_ep_restart
(drivers/usb/musb/musb_gadget.c:1169)
musb_ep_restart from musb_ep_restart_resume_work
(drivers/usb/musb/musb_gadget.c:1176)
musb_ep_restart_resume_work from musb_queue_resume_work
(drivers/usb/musb/musb_core.c:2279)
musb_queue_resume_work from musb_gadget_queue
(drivers/usb/musb/musb_gadget.c:1241)
musb_gadget_queue from usb_ep_queue
(drivers/usb/gadget/udc/core.c:300)
According to the docstring of usb_ep_queue(), this should not happen:
"Note that @req's ->complete() callback must never be called from within
usb_ep_queue() as that can create deadlock situations."
In fact, a hardware lockup might occur in the following sequence:
1. The gadget is initialized using musb_gadget_enable().
2. Meanwhile, a packet arrives, and the RXPKTRDY flag is set, raising an
interrupt.
3. If IRQs are enabled, the interrupt is handled, but musb_g_rx() finds an
empty queue (next_request() returns NULL). The interrupt flag has
already been cleared by the glue layer handler, but the RXPKTRDY flag
remains set.
4. The first request is enqueued using usb_ep_queue(), leading to the call
of req->complete(), as shown in the call trace above.
5. If the callback enables IRQs and another packet is waiting, step (3)
repeats. The request queue is empty because usb_g_giveback() removes the
request before invoking the callback.
6. The endpoint remains locked up, as the interrupt triggered by hardware
setting the RXPKTRDY flag has been handled, but the flag itself remains
set.
For this scenario to occur, it is only necessary for IRQs to be enabled at
some point during the complete callback. This happens with the USB Ethernet
gadget, whose rx_complete() callback calls netif_rx(). If called in the
task context, netif_rx() disables the bottom halves (BHs). When the BHs are
re-enabled, IRQs are also enabled to allow soft IRQs to be processed. The
gadget itself is initialized at module load (or at boot if built-in), but
the first request is enqueued when the network interface is brought up,
triggering rx_complete() in the task context via ioctl(). If a packet
arrives while the interface is down, it can prevent the interface from
receiving any further packets from the USB host.
The situation is quite complicated with many parties involved. This
particular issue can be resolved in several possible ways:
1. Ensure that callbacks never enable IRQs. This would be difficult to
enforce, as discovering how netif_rx() interacts with interrupts was
already quite challenging and u_ether is not the only function driver.
Similar "bugs" could be hidden in other drivers as well.
2. Disable MUSB interrupts in musb_g_giveback() before calling the callback
and re-enable them afterwars (by calling musb_{dis,en}able_interrupts(),
for example). This would ensure that MUSB interrupts are not handled
during the callback, even if IRQs are enabled. In fact, it would allow
IRQs to be enabled when releasing the lock. However, this feels like an
inelegant hack.
3. Modify the interrupt handler to clear the RXPKTRDY flag if the request
queue is empty. While this approach also feels like a hack, it wastes
CPU time by attempting to handle incoming packets when the software is
not ready to process them.
4. Flush the Rx FIFO instead of calling rxstate() in musb_ep_restart().
This ensures that the hardware can receive packets when there is at
least one request in the queue. Once IRQs are enabled, the interrupt
handler will be able to correctly process the next incoming packet
(eventually calling rxstate()). This approach may cause one or two
packets to be dropped (two if double buffering is enabled), but this
seems to be a minor issue, as packet loss can occur when the software is
not yet ready to process them. Additionally, this solution makes the
gadget driver compliant with the rule mentioned in the docstring of
usb_ep_queue().
There may be additional solutions, but from these four, the last one has
been chosen as it seems to be the most appropriate, as it addresses the
"bad" behavior of the driver.
Fixes: baebdf48c360 ("net: dev: Makes sure netif_rx() can be invoked in any context.")
Cc: stable@vger.kernel.org
Signed-off-by: Hubert Wiśniewski <hubert.wisniewski.25632@gmail.com>
Link: https://lore.kernel.org/r/4ee1ead4525f78fb5909a8cbf99513ad0082ad21.camel@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/musb/musb_gadget.c | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
--- a/drivers/usb/musb/musb_gadget.c
+++ b/drivers/usb/musb/musb_gadget.c
@@ -1161,12 +1161,19 @@ void musb_free_request(struct usb_ep *ep
*/
void musb_ep_restart(struct musb *musb, struct musb_request *req)
{
+ u16 csr;
+ void __iomem *epio = req->ep->hw_ep->regs;
+
trace_musb_req_start(req);
musb_ep_select(musb->mregs, req->epnum);
- if (req->tx)
+ if (req->tx) {
txstate(musb, req);
- else
- rxstate(musb, req);
+ } else {
+ csr = musb_readw(epio, MUSB_RXCSR);
+ csr |= MUSB_RXCSR_FLUSHFIFO | MUSB_RXCSR_P_WZC_BITS;
+ musb_writew(epio, MUSB_RXCSR, csr);
+ musb_writew(epio, MUSB_RXCSR, csr);
+ }
}
static int musb_ep_restart_resume_work(struct musb *musb, void *data)
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 754/817] usb: dwc3: gadget: Fix checking for number of TRBs left
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (752 preceding siblings ...)
2024-12-03 14:45 ` [PATCH 6.11 753/817] usb: musb: Fix hardware lockup on first Rx endpoint request Greg Kroah-Hartman
@ 2024-12-03 14:45 ` Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 755/817] usb: dwc3: gadget: Fix looping of queued SG entries Greg Kroah-Hartman
` (72 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:45 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Thinh Nguyen
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
commit 02a6982b0ccfcdc39e20016f5fc9a1b7826a6ee7 upstream.
The check whether the TRB ring is full or empty in dwc3_calc_trbs_left()
is insufficient. It assumes there are active TRBs if there's any request
in the started_list. However, that's not the case for requests with a
large SG list.
That is, if we have a single usb request that requires more TRBs than
the total TRBs in the TRB ring, the queued TRBs will be available when
all the TRBs in the ring are completed. But the request is only
partially completed and remains in the started_list. With the current
logic, the TRB ring is empty, but dwc3_calc_trbs_left() returns 0.
Fix this by additionally checking for the request->num_trbs for active
TRB count.
Cc: stable@vger.kernel.org
Fixes: 51f1954ad853 ("usb: dwc3: gadget: Fix dwc3_calc_trbs_left()")
Signed-off-by: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
Link: https://lore.kernel.org/r/708dc62b56b77da1f704cc2ae9b6ddb1f2dbef1f.1731545781.git.Thinh.Nguyen@synopsys.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/dwc3/gadget.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
--- a/drivers/usb/dwc3/gadget.c
+++ b/drivers/usb/dwc3/gadget.c
@@ -1177,11 +1177,14 @@ static u32 dwc3_calc_trbs_left(struct dw
* pending to be processed by the driver.
*/
if (dep->trb_enqueue == dep->trb_dequeue) {
+ struct dwc3_request *req;
+
/*
- * If there is any request remained in the started_list at
- * this point, that means there is no TRB available.
+ * If there is any request remained in the started_list with
+ * active TRBs at this point, then there is no TRB available.
*/
- if (!list_empty(&dep->started_list))
+ req = next_request(&dep->started_list);
+ if (req && req->num_trbs)
return 0;
return DWC3_TRB_NUM - 1;
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 755/817] usb: dwc3: gadget: Fix looping of queued SG entries
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (753 preceding siblings ...)
2024-12-03 14:45 ` [PATCH 6.11 754/817] usb: dwc3: gadget: Fix checking for number of TRBs left Greg Kroah-Hartman
@ 2024-12-03 14:45 ` Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 756/817] staging: vchiq_arm: Fix missing refcount decrement in error path for fw_node Greg Kroah-Hartman
` (71 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:45 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Thinh Nguyen
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
commit b7fc65f5141c24785dc8c19249ca4efcf71b3524 upstream.
The dwc3_request->num_queued_sgs is decremented on completion. If a
partially completed request is handled, then the
dwc3_request->num_queued_sgs no longer reflects the total number of
num_queued_sgs (it would be cleared).
Correctly check the number of request SG entries remained to be prepare
and queued. Failure to do this may cause null pointer dereference when
accessing non-existent SG entry.
Cc: stable@vger.kernel.org
Fixes: c96e6725db9d ("usb: dwc3: gadget: Correct the logic for queuing sgs")
Signed-off-by: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
Link: https://lore.kernel.org/r/d07a7c4aa0fcf746cdca0515150dbe5c52000af7.1731545781.git.Thinh.Nguyen@synopsys.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/dwc3/gadget.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/drivers/usb/dwc3/gadget.c
+++ b/drivers/usb/dwc3/gadget.c
@@ -1417,8 +1417,8 @@ static int dwc3_prepare_trbs_sg(struct d
struct scatterlist *s;
int i;
unsigned int length = req->request.length;
- unsigned int remaining = req->request.num_mapped_sgs
- - req->num_queued_sgs;
+ unsigned int remaining = req->num_pending_sgs;
+ unsigned int num_queued_sgs = req->request.num_mapped_sgs - remaining;
unsigned int num_trbs = req->num_trbs;
bool needs_extra_trb = dwc3_needs_extra_trb(dep, req);
@@ -1426,7 +1426,7 @@ static int dwc3_prepare_trbs_sg(struct d
* If we resume preparing the request, then get the remaining length of
* the request and resume where we left off.
*/
- for_each_sg(req->request.sg, s, req->num_queued_sgs, i)
+ for_each_sg(req->request.sg, s, num_queued_sgs, i)
length -= sg_dma_len(s);
for_each_sg(sg, s, remaining, i) {
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 756/817] staging: vchiq_arm: Fix missing refcount decrement in error path for fw_node
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (754 preceding siblings ...)
2024-12-03 14:45 ` [PATCH 6.11 755/817] usb: dwc3: gadget: Fix looping of queued SG entries Greg Kroah-Hartman
@ 2024-12-03 14:45 ` Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 757/817] counter: stm32-timer-cnt: fix device_node handling in probe_encoder() Greg Kroah-Hartman
` (70 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Javier Carrasco, Dan Carpenter,
Umang Jain
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Javier Carrasco <javier.carrasco.cruz@gmail.com>
commit 22a3703af127e897dc7df89372b85bb9dc331c5f upstream.
An error path was introduced without including the required call to
of_node_put() to decrement the node's refcount and avoid leaking memory.
If the call to kzalloc() for 'mgmt' fails, the probe returns without
decrementing the refcount.
Use the automatic cleanup facility to fix the bug and protect the code
against new error paths where the call to of_node_put() might be missing
again.
Cc: stable@vger.kernel.org
Fixes: 1c9e16b73166 ("staging: vc04_services: vchiq_arm: Split driver static and runtime data")
Signed-off-by: Javier Carrasco <javier.carrasco.cruz@gmail.com>
Reviewed-by: Dan Carpenter <dan.carpenter@linaro.org>
Reviewed-by: Umang Jain <umang.jain@ideasonboard.com>
Link: https://lore.kernel.org/r/20241014-vchiq_arm-of_node_put-v2-2-cafe0a4c2666@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
--- a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c
+++ b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c
@@ -1715,7 +1715,6 @@ MODULE_DEVICE_TABLE(of, vchiq_of_match);
static int vchiq_probe(struct platform_device *pdev)
{
- struct device_node *fw_node;
const struct vchiq_platform_info *info;
struct vchiq_drv_mgmt *mgmt;
int ret;
@@ -1724,8 +1723,8 @@ static int vchiq_probe(struct platform_d
if (!info)
return -EINVAL;
- fw_node = of_find_compatible_node(NULL, NULL,
- "raspberrypi,bcm2835-firmware");
+ struct device_node *fw_node __free(device_node) =
+ of_find_compatible_node(NULL, NULL, "raspberrypi,bcm2835-firmware");
if (!fw_node) {
dev_err(&pdev->dev, "Missing firmware node\n");
return -ENOENT;
@@ -1736,7 +1735,6 @@ static int vchiq_probe(struct platform_d
return -ENOMEM;
mgmt->fw = devm_rpi_firmware_get(&pdev->dev, fw_node);
- of_node_put(fw_node);
if (!mgmt->fw)
return -EPROBE_DEFER;
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 757/817] counter: stm32-timer-cnt: fix device_node handling in probe_encoder()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (755 preceding siblings ...)
2024-12-03 14:45 ` [PATCH 6.11 756/817] staging: vchiq_arm: Fix missing refcount decrement in error path for fw_node Greg Kroah-Hartman
@ 2024-12-03 14:45 ` Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 758/817] ublk: fix error code for unsupported command Greg Kroah-Hartman
` (69 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:45 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Javier Carrasco,
William Breathitt Gray
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Javier Carrasco <javier.carrasco.cruz@gmail.com>
commit 147359e23e5c9652ff8c5a98a51a7323bd51c94a upstream.
Device nodes accessed via of_get_compatible_child() require
of_node_put() to be called when the node is no longer required to avoid
leaving a reference to the node behind, leaking the resource.
In this case, the usage of 'tnode' is straightforward and there are no
error paths, allowing for a single of_node_put() when 'tnode' is no
longer required.
Cc: stable@vger.kernel.org
Fixes: 29646ee33cc3 ("counter: stm32-timer-cnt: add checks on quadrature encoder capability")
Signed-off-by: Javier Carrasco <javier.carrasco.cruz@gmail.com>
Link: https://lore.kernel.org/r/20241027-stm32-timer-cnt-of_node_put-v1-1-ebd903cdf7ac@gmail.com
Signed-off-by: William Breathitt Gray <wbg@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/counter/stm32-timer-cnt.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/counter/stm32-timer-cnt.c
+++ b/drivers/counter/stm32-timer-cnt.c
@@ -700,6 +700,7 @@ static int stm32_timer_cnt_probe_encoder
}
ret = of_property_read_u32(tnode, "reg", &idx);
+ of_node_put(tnode);
if (ret) {
dev_err(dev, "Can't get index (%d)\n", ret);
return ret;
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 758/817] ublk: fix error code for unsupported command
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (756 preceding siblings ...)
2024-12-03 14:45 ` [PATCH 6.11 757/817] counter: stm32-timer-cnt: fix device_node handling in probe_encoder() Greg Kroah-Hartman
@ 2024-12-03 14:45 ` Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 759/817] lib: string_helpers: silence snprintf() output truncation warning Greg Kroah-Hartman
` (68 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:45 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Ming Lei, Jens Axboe
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ming Lei <ming.lei@redhat.com>
commit 34c1227035b3ab930a1ae6ab6f22fec1af8ab09e upstream.
ENOTSUPP is for kernel use only, and shouldn't be sent to userspace.
Fix it by replacing it with EOPNOTSUPP.
Cc: stable@vger.kernel.org
Fixes: bfbcef036396 ("ublk_drv: move ublk_get_device_from_id into ublk_ctrl_uring_cmd")
Signed-off-by: Ming Lei <ming.lei@redhat.com>
Link: https://lore.kernel.org/r/20241119030646.2319030-1-ming.lei@redhat.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/block/ublk_drv.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/block/ublk_drv.c
+++ b/drivers/block/ublk_drv.c
@@ -2975,7 +2975,7 @@ static int ublk_ctrl_uring_cmd(struct io
ret = ublk_ctrl_end_recovery(ub, cmd);
break;
default:
- ret = -ENOTSUPP;
+ ret = -EOPNOTSUPP;
break;
}
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 759/817] lib: string_helpers: silence snprintf() output truncation warning
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (757 preceding siblings ...)
2024-12-03 14:45 ` [PATCH 6.11 758/817] ublk: fix error code for unsupported command Greg Kroah-Hartman
@ 2024-12-03 14:45 ` Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 760/817] f2fs: fix to do sanity check on node blkaddr in truncate_node() Greg Kroah-Hartman
` (67 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Bartosz Golaszewski, Andy Shevchenko,
James E.J. Bottomley, Kees Cook, Andrew Morton
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
commit a508ef4b1dcc82227edc594ffae583874dd425d7 upstream.
The output of ".%03u" with the unsigned int in range [0, 4294966295] may
get truncated if the target buffer is not 12 bytes. This can't really
happen here as the 'remainder' variable cannot exceed 999 but the
compiler doesn't know it. To make it happy just increase the buffer to
where the warning goes away.
Fixes: 3c9f3681d0b4 ("[SCSI] lib: add generic helper to print sizes rounded to the correct SI range")
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
Reviewed-by: Andy Shevchenko <andy@kernel.org>
Cc: James E.J. Bottomley <James.Bottomley@HansenPartnership.com>
Cc: Kees Cook <kees@kernel.org>
Cc: stable@vger.kernel.org
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Link: https://lore.kernel.org/r/20241101205453.9353-1-brgl@bgdev.pl
Signed-off-by: Kees Cook <kees@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
lib/string_helpers.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/lib/string_helpers.c
+++ b/lib/string_helpers.c
@@ -57,7 +57,7 @@ int string_get_size(u64 size, u64 blk_si
static const unsigned int rounding[] = { 500, 50, 5 };
int i = 0, j;
u32 remainder = 0, sf_cap;
- char tmp[8];
+ char tmp[12];
const char *unit;
tmp[0] = '\0';
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 760/817] f2fs: fix to do sanity check on node blkaddr in truncate_node()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (758 preceding siblings ...)
2024-12-03 14:45 ` [PATCH 6.11 759/817] lib: string_helpers: silence snprintf() output truncation warning Greg Kroah-Hartman
@ 2024-12-03 14:45 ` Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 761/817] ipc: fix memleak if msg_init_ns failed in create_ipc_ns Greg Kroah-Hartman
` (66 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+33379ce4ac76acf7d0c7, Chao Yu,
Jaegeuk Kim
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chao Yu <chao@kernel.org>
commit 6babe00ccd34fc65b78ef8b99754e32b4385f23d upstream.
syzbot reports a f2fs bug as below:
------------[ cut here ]------------
kernel BUG at fs/f2fs/segment.c:2534!
RIP: 0010:f2fs_invalidate_blocks+0x35f/0x370 fs/f2fs/segment.c:2534
Call Trace:
truncate_node+0x1ae/0x8c0 fs/f2fs/node.c:909
f2fs_remove_inode_page+0x5c2/0x870 fs/f2fs/node.c:1288
f2fs_evict_inode+0x879/0x15c0 fs/f2fs/inode.c:856
evict+0x4e8/0x9b0 fs/inode.c:723
f2fs_handle_failed_inode+0x271/0x2e0 fs/f2fs/inode.c:986
f2fs_create+0x357/0x530 fs/f2fs/namei.c:394
lookup_open fs/namei.c:3595 [inline]
open_last_lookups fs/namei.c:3694 [inline]
path_openat+0x1c03/0x3590 fs/namei.c:3930
do_filp_open+0x235/0x490 fs/namei.c:3960
do_sys_openat2+0x13e/0x1d0 fs/open.c:1415
do_sys_open fs/open.c:1430 [inline]
__do_sys_openat fs/open.c:1446 [inline]
__se_sys_openat fs/open.c:1441 [inline]
__x64_sys_openat+0x247/0x2a0 fs/open.c:1441
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0010:f2fs_invalidate_blocks+0x35f/0x370 fs/f2fs/segment.c:2534
The root cause is: on a fuzzed image, blkaddr in nat entry may be
corrupted, then it will cause system panic when using it in
f2fs_invalidate_blocks(), to avoid this, let's add sanity check on
nat blkaddr in truncate_node().
Reported-by: syzbot+33379ce4ac76acf7d0c7@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/linux-f2fs-devel/0000000000009a6cd706224ca720@google.com/
Cc: stable@vger.kernel.org
Signed-off-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/f2fs/node.c | 10 ++++++++++
1 file changed, 10 insertions(+)
--- a/fs/f2fs/node.c
+++ b/fs/f2fs/node.c
@@ -905,6 +905,16 @@ static int truncate_node(struct dnode_of
if (err)
return err;
+ if (ni.blk_addr != NEW_ADDR &&
+ !f2fs_is_valid_blkaddr(sbi, ni.blk_addr, DATA_GENERIC_ENHANCE)) {
+ f2fs_err_ratelimited(sbi,
+ "nat entry is corrupted, run fsck to fix it, ino:%u, "
+ "nid:%u, blkaddr:%u", ni.ino, ni.nid, ni.blk_addr);
+ set_sbi_flag(sbi, SBI_NEED_FSCK);
+ f2fs_handle_error(sbi, ERROR_INCONSISTENT_NAT);
+ return -EFSCORRUPTED;
+ }
+
/* Deallocate node address */
f2fs_invalidate_blocks(sbi, ni.blk_addr);
dec_valid_node_count(sbi, dn->inode, dn->nid == dn->inode->i_ino);
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 761/817] ipc: fix memleak if msg_init_ns failed in create_ipc_ns
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (759 preceding siblings ...)
2024-12-03 14:45 ` [PATCH 6.11 760/817] f2fs: fix to do sanity check on node blkaddr in truncate_node() Greg Kroah-Hartman
@ 2024-12-03 14:45 ` Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 762/817] Input: cs40l50 - fix wrong usage of INIT_WORK() Greg Kroah-Hartman
` (65 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:45 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Ma Wupeng, Andrew Morton
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ma Wupeng <mawupeng1@huawei.com>
commit bc8f5921cd69188627c08041276238de222ab466 upstream.
Percpu memory allocation may failed during create_ipc_ns however this
fail is not handled properly since ipc sysctls and mq sysctls is not
released properly. Fix this by release these two resource when failure.
Here is the kmemleak stack when percpu failed:
unreferenced object 0xffff88819de2a600 (size 512):
comm "shmem_2nstest", pid 120711, jiffies 4300542254
hex dump (first 32 bytes):
60 aa 9d 84 ff ff ff ff fc 18 48 b2 84 88 ff ff `.........H.....
04 00 00 00 a4 01 00 00 20 e4 56 81 ff ff ff ff ........ .V.....
backtrace (crc be7cba35):
[<ffffffff81b43f83>] __kmalloc_node_track_caller_noprof+0x333/0x420
[<ffffffff81a52e56>] kmemdup_noprof+0x26/0x50
[<ffffffff821b2f37>] setup_mq_sysctls+0x57/0x1d0
[<ffffffff821b29cc>] copy_ipcs+0x29c/0x3b0
[<ffffffff815d6a10>] create_new_namespaces+0x1d0/0x920
[<ffffffff815d7449>] copy_namespaces+0x2e9/0x3e0
[<ffffffff815458f3>] copy_process+0x29f3/0x7ff0
[<ffffffff8154b080>] kernel_clone+0xc0/0x650
[<ffffffff8154b6b1>] __do_sys_clone+0xa1/0xe0
[<ffffffff843df8ff>] do_syscall_64+0xbf/0x1c0
[<ffffffff846000b0>] entry_SYSCALL_64_after_hwframe+0x4b/0x53
Link: https://lkml.kernel.org/r/20241023093129.3074301-1-mawupeng1@huawei.com
Fixes: 72d1e611082e ("ipc/msg: mitigate the lock contention with percpu counter")
Signed-off-by: Ma Wupeng <mawupeng1@huawei.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
ipc/namespace.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/ipc/namespace.c
+++ b/ipc/namespace.c
@@ -83,13 +83,15 @@ static struct ipc_namespace *create_ipc_
err = msg_init_ns(ns);
if (err)
- goto fail_put;
+ goto fail_ipc;
sem_init_ns(ns);
shm_init_ns(ns);
return ns;
+fail_ipc:
+ retire_ipc_sysctls(ns);
fail_mq:
retire_mq_sysctls(ns);
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 762/817] Input: cs40l50 - fix wrong usage of INIT_WORK()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (760 preceding siblings ...)
2024-12-03 14:45 ` [PATCH 6.11 761/817] ipc: fix memleak if msg_init_ns failed in create_ipc_ns Greg Kroah-Hartman
@ 2024-12-03 14:45 ` Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 763/817] NFSD: Prevent a potential integer overflow Greg Kroah-Hartman
` (64 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yuan Can, James Ogletree,
Dmitry Torokhov
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yuan Can <yuancan@huawei.com>
commit 5c822c0ce5cc83ed4cd8394f3dc46dae8d9a681d upstream.
In cs40l50_add(), the work_data is a local variable and the work_data.work
should initialize with INIT_WORK_ONSTACK() instead of INIT_WORK().
Small error in cs40l50_erase() also fixed in this commit.
Fixes: c38fe1bb5d21 ("Input: cs40l50 - Add support for the CS40L50 haptic driver")
Signed-off-by: Yuan Can <yuancan@huawei.com>
Reviewed-by: James Ogletree <jogletre@opensource.cirrus.com>
Link: https://lore.kernel.org/r/20241106013549.78142-1-yuancan@huawei.com
Cc: stable@vger.kernel.org
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/input/misc/cs40l50-vibra.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/input/misc/cs40l50-vibra.c b/drivers/input/misc/cs40l50-vibra.c
index 03bdb7c26ec0..dce3b0ec8cf3 100644
--- a/drivers/input/misc/cs40l50-vibra.c
+++ b/drivers/input/misc/cs40l50-vibra.c
@@ -334,11 +334,12 @@ static int cs40l50_add(struct input_dev *dev, struct ff_effect *effect,
work_data.custom_len = effect->u.periodic.custom_len;
work_data.vib = vib;
work_data.effect = effect;
- INIT_WORK(&work_data.work, cs40l50_add_worker);
+ INIT_WORK_ONSTACK(&work_data.work, cs40l50_add_worker);
/* Push to the workqueue to serialize with playbacks */
queue_work(vib->vib_wq, &work_data.work);
flush_work(&work_data.work);
+ destroy_work_on_stack(&work_data.work);
kfree(work_data.custom_data);
@@ -467,11 +468,12 @@ static int cs40l50_erase(struct input_dev *dev, int effect_id)
work_data.vib = vib;
work_data.effect = &dev->ff->effects[effect_id];
- INIT_WORK(&work_data.work, cs40l50_erase_worker);
+ INIT_WORK_ONSTACK(&work_data.work, cs40l50_erase_worker);
/* Push to workqueue to serialize with playbacks */
queue_work(vib->vib_wq, &work_data.work);
flush_work(&work_data.work);
+ destroy_work_on_stack(&work_data.work);
return work_data.error;
}
--
2.47.1
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 763/817] NFSD: Prevent a potential integer overflow
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (761 preceding siblings ...)
2024-12-03 14:45 ` [PATCH 6.11 762/817] Input: cs40l50 - fix wrong usage of INIT_WORK() Greg Kroah-Hartman
@ 2024-12-03 14:45 ` Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 764/817] SUNRPC: make sure cache entry active before cache_show Greg Kroah-Hartman
` (63 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:45 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Dan Carpenter, Jeff Layton,
Chuck Lever
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chuck Lever <chuck.lever@oracle.com>
commit 7f33b92e5b18e904a481e6e208486da43e4dc841 upstream.
If the tag length is >= U32_MAX - 3 then the "length + 4" addition
can result in an integer overflow. Address this by splitting the
decoding into several steps so that decode_cb_compound4res() does
not have to perform arithmetic on the unsafe length value.
Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Cc: stable@vger.kernel.org
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/nfsd/nfs4callback.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
--- a/fs/nfsd/nfs4callback.c
+++ b/fs/nfsd/nfs4callback.c
@@ -287,17 +287,17 @@ static int decode_cb_compound4res(struct
u32 length;
__be32 *p;
- p = xdr_inline_decode(xdr, 4 + 4);
+ p = xdr_inline_decode(xdr, XDR_UNIT);
if (unlikely(p == NULL))
goto out_overflow;
- hdr->status = be32_to_cpup(p++);
+ hdr->status = be32_to_cpup(p);
/* Ignore the tag */
- length = be32_to_cpup(p++);
- p = xdr_inline_decode(xdr, length + 4);
- if (unlikely(p == NULL))
+ if (xdr_stream_decode_u32(xdr, &length) < 0)
+ goto out_overflow;
+ if (xdr_inline_decode(xdr, length) == NULL)
+ goto out_overflow;
+ if (xdr_stream_decode_u32(xdr, &hdr->nops) < 0)
goto out_overflow;
- p += XDR_QUADLEN(length);
- hdr->nops = be32_to_cpup(p);
return 0;
out_overflow:
return -EIO;
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 764/817] SUNRPC: make sure cache entry active before cache_show
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (762 preceding siblings ...)
2024-12-03 14:45 ` [PATCH 6.11 763/817] NFSD: Prevent a potential integer overflow Greg Kroah-Hartman
@ 2024-12-03 14:45 ` Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 765/817] um: Fix potential integer overflow during physmem setup Greg Kroah-Hartman
` (62 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:45 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Yang Erkun, Jeff Layton, Chuck Lever
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yang Erkun <yangerkun@huawei.com>
commit 2862eee078a4d2d1f584e7f24fa50dddfa5f3471 upstream.
The function `c_show` was called with protection from RCU. This only
ensures that `cp` will not be freed. Therefore, the reference count for
`cp` can drop to zero, which will trigger a refcount use-after-free
warning when `cache_get` is called. To resolve this issue, use
`cache_get_rcu` to ensure that `cp` remains active.
------------[ cut here ]------------
refcount_t: addition on 0; use-after-free.
WARNING: CPU: 7 PID: 822 at lib/refcount.c:25
refcount_warn_saturate+0xb1/0x120
CPU: 7 UID: 0 PID: 822 Comm: cat Not tainted 6.12.0-rc3+ #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
1.16.1-2.fc37 04/01/2014
RIP: 0010:refcount_warn_saturate+0xb1/0x120
Call Trace:
<TASK>
c_show+0x2fc/0x380 [sunrpc]
seq_read_iter+0x589/0x770
seq_read+0x1e5/0x270
proc_reg_read+0xe1/0x140
vfs_read+0x125/0x530
ksys_read+0xc1/0x160
do_syscall_64+0x5f/0x170
entry_SYSCALL_64_after_hwframe+0x76/0x7e
Cc: stable@vger.kernel.org # v4.20+
Signed-off-by: Yang Erkun <yangerkun@huawei.com>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/sunrpc/cache.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/net/sunrpc/cache.c
+++ b/net/sunrpc/cache.c
@@ -1431,7 +1431,9 @@ static int c_show(struct seq_file *m, vo
seq_printf(m, "# expiry=%lld refcnt=%d flags=%lx\n",
convert_to_wallclock(cp->expiry_time),
kref_read(&cp->ref), cp->flags);
- cache_get(cp);
+ if (!cache_get_rcu(cp))
+ return 0;
+
if (cache_check(cd, cp, NULL))
/* cache_check does a cache_put on failure */
seq_puts(m, "# ");
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 765/817] um: Fix potential integer overflow during physmem setup
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (763 preceding siblings ...)
2024-12-03 14:45 ` [PATCH 6.11 764/817] SUNRPC: make sure cache entry active before cache_show Greg Kroah-Hartman
@ 2024-12-03 14:45 ` Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 766/817] um: Fix the return value of elf_core_copy_task_fpregs Greg Kroah-Hartman
` (61 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:45 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Tiwei Bie, Johannes Berg,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tiwei Bie <tiwei.btw@antgroup.com>
[ Upstream commit a98b7761f697e590ed5d610d87fa12be66f23419 ]
This issue happens when the real map size is greater than LONG_MAX,
which can be easily triggered on UML/i386.
Fixes: fe205bdd1321 ("um: Print minimum physical memory requirement")
Signed-off-by: Tiwei Bie <tiwei.btw@antgroup.com>
Link: https://patch.msgid.link/20240916045950.508910-3-tiwei.btw@antgroup.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/um/kernel/physmem.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/arch/um/kernel/physmem.c b/arch/um/kernel/physmem.c
index fb2adfb499452..ee693e0b2b58b 100644
--- a/arch/um/kernel/physmem.c
+++ b/arch/um/kernel/physmem.c
@@ -81,10 +81,10 @@ void __init setup_physmem(unsigned long start, unsigned long reserve_end,
unsigned long len, unsigned long long highmem)
{
unsigned long reserve = reserve_end - start;
- long map_size = len - reserve;
+ unsigned long map_size = len - reserve;
int err;
- if(map_size <= 0) {
+ if (len <= reserve) {
os_warn("Too few physical memory! Needed=%lu, given=%lu\n",
reserve, len);
exit(1);
@@ -95,7 +95,7 @@ void __init setup_physmem(unsigned long start, unsigned long reserve_end,
err = os_map_memory((void *) reserve_end, physmem_fd, reserve,
map_size, 1, 1, 1);
if (err < 0) {
- os_warn("setup_physmem - mapping %ld bytes of memory at 0x%p "
+ os_warn("setup_physmem - mapping %lu bytes of memory at 0x%p "
"failed - errno = %d\n", map_size,
(void *) reserve_end, err);
exit(1);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 766/817] um: Fix the return value of elf_core_copy_task_fpregs
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (764 preceding siblings ...)
2024-12-03 14:45 ` [PATCH 6.11 765/817] um: Fix potential integer overflow during physmem setup Greg Kroah-Hartman
@ 2024-12-03 14:45 ` Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 767/817] kfifo: dont include dma-mapping.h in kfifo.h Greg Kroah-Hartman
` (60 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:45 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Tiwei Bie, Johannes Berg,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tiwei Bie <tiwei.btw@antgroup.com>
[ Upstream commit 865e3845eeaa21e9a62abc1361644e67124f1ec0 ]
This function is expected to return a boolean value, which should be
true on success and false on failure.
Fixes: d1254b12c93e ("uml: fix x86_64 core dump crash")
Signed-off-by: Tiwei Bie <tiwei.btw@antgroup.com>
Link: https://patch.msgid.link/20240913023302.130300-1-tiwei.btw@antgroup.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/um/kernel/process.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/um/kernel/process.c b/arch/um/kernel/process.c
index f36b63f53babd..d3786577c6fbf 100644
--- a/arch/um/kernel/process.c
+++ b/arch/um/kernel/process.c
@@ -292,6 +292,6 @@ int elf_core_copy_task_fpregs(struct task_struct *t, elf_fpregset_t *fpu)
{
int cpu = current_thread_info()->cpu;
- return save_i387_registers(userspace_pid[cpu], (unsigned long *) fpu);
+ return save_i387_registers(userspace_pid[cpu], (unsigned long *) fpu) == 0;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 767/817] kfifo: dont include dma-mapping.h in kfifo.h
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (765 preceding siblings ...)
2024-12-03 14:45 ` [PATCH 6.11 766/817] um: Fix the return value of elf_core_copy_task_fpregs Greg Kroah-Hartman
@ 2024-12-03 14:45 ` Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 768/817] um: ubd: Initialize ubds disk pointer in ubd_add Greg Kroah-Hartman
` (59 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:45 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Christoph Hellwig, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Christoph Hellwig <hch@lst.de>
[ Upstream commit 44059790a5cb9258ae6137387e4c39b717fd2ced ]
Nothing in kfifo.h directly needs dma-mapping.h, only two macros
use DMA_MAPPING_ERROR when actually instantiated. Drop the
dma-mapping.h include to reduce include bloat.
Add an explicity <linux/io.h> include to drivers/mailbox/omap-mailbox.c
as that file uses __raw_readl and __raw_writel through a complicated
include chain involving <linux/dma-mapping.h>
Fixes: d52b761e4b1a ("kfifo: add kfifo_dma_out_prepare_mapped()")
Signed-off-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/20241023055317.313234-1-hch@lst.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mailbox/omap-mailbox.c | 1 +
include/linux/kfifo.h | 1 -
samples/kfifo/dma-example.c | 1 +
3 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/mailbox/omap-mailbox.c b/drivers/mailbox/omap-mailbox.c
index 7a87424657a15..bd0b9762cef4f 100644
--- a/drivers/mailbox/omap-mailbox.c
+++ b/drivers/mailbox/omap-mailbox.c
@@ -15,6 +15,7 @@
#include <linux/slab.h>
#include <linux/kfifo.h>
#include <linux/err.h>
+#include <linux/io.h>
#include <linux/module.h>
#include <linux/of.h>
#include <linux/platform_device.h>
diff --git a/include/linux/kfifo.h b/include/linux/kfifo.h
index 564868bdce898..fd743d4c4b4bd 100644
--- a/include/linux/kfifo.h
+++ b/include/linux/kfifo.h
@@ -37,7 +37,6 @@
*/
#include <linux/array_size.h>
-#include <linux/dma-mapping.h>
#include <linux/spinlock.h>
#include <linux/stddef.h>
#include <linux/types.h>
diff --git a/samples/kfifo/dma-example.c b/samples/kfifo/dma-example.c
index 48df719dac8c6..8076ac410161a 100644
--- a/samples/kfifo/dma-example.c
+++ b/samples/kfifo/dma-example.c
@@ -9,6 +9,7 @@
#include <linux/kfifo.h>
#include <linux/module.h>
#include <linux/scatterlist.h>
+#include <linux/dma-mapping.h>
/*
* This module shows how to handle fifo dma operations.
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 768/817] um: ubd: Initialize ubds disk pointer in ubd_add
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (766 preceding siblings ...)
2024-12-03 14:45 ` [PATCH 6.11 767/817] kfifo: dont include dma-mapping.h in kfifo.h Greg Kroah-Hartman
@ 2024-12-03 14:45 ` Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 769/817] um: Always dump trace for specified task in show_stack Greg Kroah-Hartman
` (58 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Tiwei Bie, Anton Ivanov,
Johannes Berg, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tiwei Bie <tiwei.btw@antgroup.com>
[ Upstream commit df700802abcac3c7c4a4ced099aa42b9a144eea8 ]
Currently, the initialization of the disk pointer in the ubd structure
is missing. It should be initialized with the allocated gendisk pointer
in ubd_add().
Fixes: 32621ad7a7ea ("ubd: remove the ubd_gendisk array")
Signed-off-by: Tiwei Bie <tiwei.btw@antgroup.com>
Acked-By: Anton Ivanov <anton.ivanov@cambridgegreys.com>
Link: https://patch.msgid.link/20241104163203.435515-2-tiwei.btw@antgroup.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/um/drivers/ubd_kern.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/um/drivers/ubd_kern.c b/arch/um/drivers/ubd_kern.c
index 119df76627002..2bfb17373244b 100644
--- a/arch/um/drivers/ubd_kern.c
+++ b/arch/um/drivers/ubd_kern.c
@@ -898,6 +898,8 @@ static int ubd_add(int n, char **error_out)
if (err)
goto out_cleanup_disk;
+ ubd_dev->disk = disk;
+
return 0;
out_cleanup_disk:
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 769/817] um: Always dump trace for specified task in show_stack
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (767 preceding siblings ...)
2024-12-03 14:45 ` [PATCH 6.11 768/817] um: ubd: Initialize ubds disk pointer in ubd_add Greg Kroah-Hartman
@ 2024-12-03 14:45 ` Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 770/817] NFSv4.0: Fix a use-after-free problem in the asynchronous open() Greg Kroah-Hartman
` (57 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:45 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Tiwei Bie, Johannes Berg,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tiwei Bie <tiwei.btw@antgroup.com>
[ Upstream commit 0f659ff362eac69777c4c191b7e5ccb19d76c67d ]
Currently, show_stack() always dumps the trace of the current task.
However, it should dump the trace of the specified task if one is
provided. Otherwise, things like running "echo t > sysrq-trigger"
won't work as expected.
Fixes: 970e51feaddb ("um: Add support for CONFIG_STACKTRACE")
Signed-off-by: Tiwei Bie <tiwei.btw@antgroup.com>
Link: https://patch.msgid.link/20241106103933.1132365-1-tiwei.btw@antgroup.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/um/kernel/sysrq.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/um/kernel/sysrq.c b/arch/um/kernel/sysrq.c
index 746715379f12a..7e897e44a03da 100644
--- a/arch/um/kernel/sysrq.c
+++ b/arch/um/kernel/sysrq.c
@@ -53,5 +53,5 @@ void show_stack(struct task_struct *task, unsigned long *stack,
}
printk("%sCall Trace:\n", loglvl);
- dump_trace(current, &stackops, (void *)loglvl);
+ dump_trace(task ?: current, &stackops, (void *)loglvl);
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 770/817] NFSv4.0: Fix a use-after-free problem in the asynchronous open()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (768 preceding siblings ...)
2024-12-03 14:45 ` [PATCH 6.11 769/817] um: Always dump trace for specified task in show_stack Greg Kroah-Hartman
@ 2024-12-03 14:45 ` Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 771/817] rtc: st-lpc: Use IRQF_NO_AUTOEN flag in request_irq() Greg Kroah-Hartman
` (56 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Erkun, Trond Myklebust,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Trond Myklebust <trond.myklebust@hammerspace.com>
[ Upstream commit 2fdb05dc0931250574f0cb0ebeb5ed8e20f4a889 ]
Yang Erkun reports that when two threads are opening files at the same
time, and are forced to abort before a reply is seen, then the call to
nfs_release_seqid() in nfs4_opendata_free() can result in a
use-after-free of the pointer to the defunct rpc task of the other
thread.
The fix is to ensure that if the RPC call is aborted before the call to
nfs_wait_on_sequence() is complete, then we must call nfs_release_seqid()
in nfs4_open_release() before the rpc_task is freed.
Reported-by: Yang Erkun <yangerkun@huawei.com>
Fixes: 24ac23ab88df ("NFSv4: Convert open() into an asynchronous RPC call")
Reviewed-by: Yang Erkun <yangerkun@huawei.com>
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/nfs/nfs4proc.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
index 9d40319e063de..405f17e6e0b45 100644
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -2603,12 +2603,14 @@ static void nfs4_open_release(void *calldata)
struct nfs4_opendata *data = calldata;
struct nfs4_state *state = NULL;
+ /* In case of error, no cleanup! */
+ if (data->rpc_status != 0 || !data->rpc_done) {
+ nfs_release_seqid(data->o_arg.seqid);
+ goto out_free;
+ }
/* If this request hasn't been cancelled, do nothing */
if (!data->cancelled)
goto out_free;
- /* In case of error, no cleanup! */
- if (data->rpc_status != 0 || !data->rpc_done)
- goto out_free;
/* In case we need an open_confirm, no cleanup! */
if (data->o_res.rflags & NFS4_OPEN_RESULT_CONFIRM)
goto out_free;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 771/817] rtc: st-lpc: Use IRQF_NO_AUTOEN flag in request_irq()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (769 preceding siblings ...)
2024-12-03 14:45 ` [PATCH 6.11 770/817] NFSv4.0: Fix a use-after-free problem in the asynchronous open() Greg Kroah-Hartman
@ 2024-12-03 14:45 ` Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 772/817] rtc: abx80x: Fix WDT bit position of the status register Greg Kroah-Hartman
` (55 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jinjie Ruan, Alexandre Belloni,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jinjie Ruan <ruanjinjie@huawei.com>
[ Upstream commit b6cd7adec0cf03f0aefc55676e71dd721cbc71a8 ]
If request_irq() fails in st_rtc_probe(), there is no need to enable
the irq, and if it succeeds, disable_irq() after request_irq() still has
a time gap in which interrupts can come.
request_irq() with IRQF_NO_AUTOEN flag will disable IRQ auto-enable when
request IRQ.
Fixes: b5b2bdfc2893 ("rtc: st: Add new driver for ST's LPC RTC")
Signed-off-by: Jinjie Ruan <ruanjinjie@huawei.com>
Link: https://lore.kernel.org/r/20240912033727.3013951-1-ruanjinjie@huawei.com
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/rtc/rtc-st-lpc.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/drivers/rtc/rtc-st-lpc.c b/drivers/rtc/rtc-st-lpc.c
index d492a2d26600c..c6d4522411b31 100644
--- a/drivers/rtc/rtc-st-lpc.c
+++ b/drivers/rtc/rtc-st-lpc.c
@@ -218,15 +218,14 @@ static int st_rtc_probe(struct platform_device *pdev)
return -EINVAL;
}
- ret = devm_request_irq(&pdev->dev, rtc->irq, st_rtc_handler, 0,
- pdev->name, rtc);
+ ret = devm_request_irq(&pdev->dev, rtc->irq, st_rtc_handler,
+ IRQF_NO_AUTOEN, pdev->name, rtc);
if (ret) {
dev_err(&pdev->dev, "Failed to request irq %i\n", rtc->irq);
return ret;
}
enable_irq_wake(rtc->irq);
- disable_irq(rtc->irq);
rtc->clk = devm_clk_get_enabled(&pdev->dev, NULL);
if (IS_ERR(rtc->clk))
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 772/817] rtc: abx80x: Fix WDT bit position of the status register
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (770 preceding siblings ...)
2024-12-03 14:45 ` [PATCH 6.11 771/817] rtc: st-lpc: Use IRQF_NO_AUTOEN flag in request_irq() Greg Kroah-Hartman
@ 2024-12-03 14:45 ` Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 773/817] rtc: check if __rtc_read_time was successful in rtc_timer_do_work() Greg Kroah-Hartman
` (54 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jeremy Gebben, Nobuhiro Iwamatsu,
Alexandre Belloni, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nobuhiro Iwamatsu <iwamatsu@nigauri.org>
[ Upstream commit 10e078b273ee7a2b8b4f05a64ac458f5e652d18d ]
The WDT bit in the status register is 5, not 6. This fixes from 6 to 5.
Link: https://abracon.com/Support/AppsManuals/Precisiontiming/AB08XX-Application-Manual.pdf
Link: https://www.microcrystal.com/fileadmin/Media/Products/RTC/App.Manual/RV-1805-C3_App-Manual.pdf
Fixes: 749e36d0a0d7 ("rtc: abx80x: add basic watchdog support")
Cc: Jeremy Gebben <jgebben@sweptlaser.com>
Signed-off-by: Nobuhiro Iwamatsu <iwamatsu@nigauri.org>
Link: https://lore.kernel.org/r/20241008041737.1640633-1-iwamatsu@nigauri.org
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/rtc/rtc-abx80x.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/rtc/rtc-abx80x.c b/drivers/rtc/rtc-abx80x.c
index 1298962402ff4..3fee27914ba80 100644
--- a/drivers/rtc/rtc-abx80x.c
+++ b/drivers/rtc/rtc-abx80x.c
@@ -39,7 +39,7 @@
#define ABX8XX_REG_STATUS 0x0f
#define ABX8XX_STATUS_AF BIT(2)
#define ABX8XX_STATUS_BLF BIT(4)
-#define ABX8XX_STATUS_WDT BIT(6)
+#define ABX8XX_STATUS_WDT BIT(5)
#define ABX8XX_REG_CTRL1 0x10
#define ABX8XX_CTRL_WRITE BIT(0)
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 773/817] rtc: check if __rtc_read_time was successful in rtc_timer_do_work()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (771 preceding siblings ...)
2024-12-03 14:45 ` [PATCH 6.11 772/817] rtc: abx80x: Fix WDT bit position of the status register Greg Kroah-Hartman
@ 2024-12-03 14:45 ` Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 774/817] ubi: fastmap: wl: Schedule fm_work if wear-leveling pool is empty Greg Kroah-Hartman
` (53 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yongliang Gao, Jingqun Li,
Alexandre Belloni, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yongliang Gao <leonylgao@tencent.com>
[ Upstream commit e8ba8a2bc4f60a1065f23d6a0e7cbea945a0f40d ]
If the __rtc_read_time call fails,, the struct rtc_time tm; may contain
uninitialized data, or an illegal date/time read from the RTC hardware.
When calling rtc_tm_to_ktime later, the result may be a very large value
(possibly KTIME_MAX). If there are periodic timers in rtc->timerqueue,
they will continually expire, may causing kernel softlockup.
Fixes: 6610e0893b8b ("RTC: Rework RTC code to use timerqueue for events")
Signed-off-by: Yongliang Gao <leonylgao@tencent.com>
Acked-by: Jingqun Li <jingqunli@tencent.com>
Link: https://lore.kernel.org/r/20241011043153.3788112-1-leonylgao@gmail.com
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/rtc/interface.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/rtc/interface.c b/drivers/rtc/interface.c
index cca650b2e0b94..aaf76406cd7d7 100644
--- a/drivers/rtc/interface.c
+++ b/drivers/rtc/interface.c
@@ -904,13 +904,18 @@ void rtc_timer_do_work(struct work_struct *work)
struct timerqueue_node *next;
ktime_t now;
struct rtc_time tm;
+ int err;
struct rtc_device *rtc =
container_of(work, struct rtc_device, irqwork);
mutex_lock(&rtc->ops_lock);
again:
- __rtc_read_time(rtc, &tm);
+ err = __rtc_read_time(rtc, &tm);
+ if (err) {
+ mutex_unlock(&rtc->ops_lock);
+ return;
+ }
now = rtc_tm_to_ktime(tm);
while ((next = timerqueue_getnext(&rtc->timerqueue))) {
if (next->expires > now)
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 774/817] ubi: fastmap: wl: Schedule fm_work if wear-leveling pool is empty
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (772 preceding siblings ...)
2024-12-03 14:45 ` [PATCH 6.11 773/817] rtc: check if __rtc_read_time was successful in rtc_timer_do_work() Greg Kroah-Hartman
@ 2024-12-03 14:45 ` Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 775/817] ubifs: Correct the total block count by deducting journal reservation Greg Kroah-Hartman
` (52 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhihao Cheng, Richard Weinberger,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zhihao Cheng <chengzhihao1@huawei.com>
[ Upstream commit c4595fe394a289927077e3da561db27811919ee0 ]
Since commit 14072ee33d5a ("ubi: fastmap: Check wl_pool for free peb
before wear leveling"), wear_leveling_worker() won't schedule fm_work
if wear-leveling pool is empty, which could temporarily disable the
wear-leveling until the fastmap is updated(eg. pool becomes empty).
Fix it by scheduling fm_work if wl_pool is empty during wear-leveing.
Fixes: 14072ee33d5a ("ubi: fastmap: Check wl_pool for free peb before wear leveling")
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mtd/ubi/fastmap-wl.c | 19 ++++++++++++++++---
drivers/mtd/ubi/wl.c | 2 +-
drivers/mtd/ubi/wl.h | 3 ++-
3 files changed, 19 insertions(+), 5 deletions(-)
diff --git a/drivers/mtd/ubi/fastmap-wl.c b/drivers/mtd/ubi/fastmap-wl.c
index 2a9cc9413c427..9bdb6525f1281 100644
--- a/drivers/mtd/ubi/fastmap-wl.c
+++ b/drivers/mtd/ubi/fastmap-wl.c
@@ -346,14 +346,27 @@ int ubi_wl_get_peb(struct ubi_device *ubi)
* WL sub-system.
*
* @ubi: UBI device description object
+ * @need_fill: whether to fill wear-leveling pool when no PEBs are found
*/
-static struct ubi_wl_entry *next_peb_for_wl(struct ubi_device *ubi)
+static struct ubi_wl_entry *next_peb_for_wl(struct ubi_device *ubi,
+ bool need_fill)
{
struct ubi_fm_pool *pool = &ubi->fm_wl_pool;
int pnum;
- if (pool->used == pool->size)
+ if (pool->used == pool->size) {
+ if (need_fill && !ubi->fm_work_scheduled) {
+ /*
+ * We cannot update the fastmap here because this
+ * function is called in atomic context.
+ * Let's fail here and refill/update it as soon as
+ * possible.
+ */
+ ubi->fm_work_scheduled = 1;
+ schedule_work(&ubi->fm_work);
+ }
return NULL;
+ }
pnum = pool->pebs[pool->used];
return ubi->lookuptbl[pnum];
@@ -375,7 +388,7 @@ static bool need_wear_leveling(struct ubi_device *ubi)
if (!ubi->used.rb_node)
return false;
- e = next_peb_for_wl(ubi);
+ e = next_peb_for_wl(ubi, false);
if (!e) {
if (!ubi->free.rb_node)
return false;
diff --git a/drivers/mtd/ubi/wl.c b/drivers/mtd/ubi/wl.c
index 8a26968aba11f..fbd399cf65033 100644
--- a/drivers/mtd/ubi/wl.c
+++ b/drivers/mtd/ubi/wl.c
@@ -683,7 +683,7 @@ static int wear_leveling_worker(struct ubi_device *ubi, struct ubi_work *wrk,
ubi_assert(!ubi->move_to_put);
#ifdef CONFIG_MTD_UBI_FASTMAP
- if (!next_peb_for_wl(ubi) ||
+ if (!next_peb_for_wl(ubi, true) ||
#else
if (!ubi->free.rb_node ||
#endif
diff --git a/drivers/mtd/ubi/wl.h b/drivers/mtd/ubi/wl.h
index 7b6715ef6d4a3..a69169c35e310 100644
--- a/drivers/mtd/ubi/wl.h
+++ b/drivers/mtd/ubi/wl.h
@@ -5,7 +5,8 @@
static void update_fastmap_work_fn(struct work_struct *wrk);
static struct ubi_wl_entry *find_anchor_wl_entry(struct rb_root *root);
static struct ubi_wl_entry *get_peb_for_wl(struct ubi_device *ubi);
-static struct ubi_wl_entry *next_peb_for_wl(struct ubi_device *ubi);
+static struct ubi_wl_entry *next_peb_for_wl(struct ubi_device *ubi,
+ bool need_fill);
static bool need_wear_leveling(struct ubi_device *ubi);
static void ubi_fastmap_close(struct ubi_device *ubi);
static inline void ubi_fastmap_init(struct ubi_device *ubi, int *count)
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 775/817] ubifs: Correct the total block count by deducting journal reservation
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (773 preceding siblings ...)
2024-12-03 14:45 ` [PATCH 6.11 774/817] ubi: fastmap: wl: Schedule fm_work if wear-leveling pool is empty Greg Kroah-Hartman
@ 2024-12-03 14:45 ` Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 776/817] ubi: fastmap: Fix duplicate slab cache names while attaching Greg Kroah-Hartman
` (51 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhihao Cheng, Richard Weinberger,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zhihao Cheng <chengzhihao1@huawei.com>
[ Upstream commit 84a2bee9c49769310efa19601157ef50a1df1267 ]
Since commit e874dcde1cbf ("ubifs: Reserve one leb for each journal
head while doing budget"), available space is calulated by deducting
reservation for all journal heads. However, the total block count (
which is only used by statfs) is not updated yet, which will cause
the wrong displaying for used space(total - available).
Fix it by deducting reservation for all journal heads from total
block count.
Fixes: e874dcde1cbf ("ubifs: Reserve one leb for each journal head while doing budget")
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ubifs/super.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/fs/ubifs/super.c b/fs/ubifs/super.c
index 291583005dd12..245a10cc1eeb4 100644
--- a/fs/ubifs/super.c
+++ b/fs/ubifs/super.c
@@ -773,10 +773,10 @@ static void init_constants_master(struct ubifs_info *c)
* necessary to report something for the 'statfs()' call.
*
* Subtract the LEB reserved for GC, the LEB which is reserved for
- * deletions, minimum LEBs for the index, and assume only one journal
- * head is available.
+ * deletions, minimum LEBs for the index, the LEBs which are reserved
+ * for each journal head.
*/
- tmp64 = c->main_lebs - 1 - 1 - MIN_INDEX_LEBS - c->jhead_cnt + 1;
+ tmp64 = c->main_lebs - 1 - 1 - MIN_INDEX_LEBS - c->jhead_cnt;
tmp64 *= (long long)c->leb_size - c->leb_overhead;
tmp64 = ubifs_reported_space(c, tmp64);
c->block_cnt = tmp64 >> UBIFS_BLOCK_SHIFT;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 776/817] ubi: fastmap: Fix duplicate slab cache names while attaching
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (774 preceding siblings ...)
2024-12-03 14:45 ` [PATCH 6.11 775/817] ubifs: Correct the total block count by deducting journal reservation Greg Kroah-Hartman
@ 2024-12-03 14:45 ` Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 777/817] ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit Greg Kroah-Hartman
` (50 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhihao Cheng, Richard Weinberger,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zhihao Cheng <chengzhihao1@huawei.com>
[ Upstream commit bcddf52b7a17adcebc768d26f4e27cf79adb424c ]
Since commit 4c39529663b9 ("slab: Warn on duplicate cache names when
DEBUG_VM=y"), the duplicate slab cache names can be detected and a
kernel WARNING is thrown out.
In UBI fast attaching process, alloc_ai() could be invoked twice
with the same slab cache name 'ubi_aeb_slab_cache', which will trigger
following warning messages:
kmem_cache of name 'ubi_aeb_slab_cache' already exists
WARNING: CPU: 0 PID: 7519 at mm/slab_common.c:107
__kmem_cache_create_args+0x100/0x5f0
Modules linked in: ubi(+) nandsim [last unloaded: nandsim]
CPU: 0 UID: 0 PID: 7519 Comm: modprobe Tainted: G 6.12.0-rc2
RIP: 0010:__kmem_cache_create_args+0x100/0x5f0
Call Trace:
__kmem_cache_create_args+0x100/0x5f0
alloc_ai+0x295/0x3f0 [ubi]
ubi_attach+0x3c3/0xcc0 [ubi]
ubi_attach_mtd_dev+0x17cf/0x3fa0 [ubi]
ubi_init+0x3fb/0x800 [ubi]
do_init_module+0x265/0x7d0
__x64_sys_finit_module+0x7a/0xc0
The problem could be easily reproduced by loading UBI device by fastmap
with CONFIG_DEBUG_VM=y.
Fix it by using different slab names for alloc_ai() callers.
Fixes: d2158f69a7d4 ("UBI: Remove alloc_ai() slab name from parameter list")
Fixes: fdf10ed710c0 ("ubi: Rework Fastmap attach base code")
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mtd/ubi/attach.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/drivers/mtd/ubi/attach.c b/drivers/mtd/ubi/attach.c
index ae5abe492b52a..adc47b87b38a5 100644
--- a/drivers/mtd/ubi/attach.c
+++ b/drivers/mtd/ubi/attach.c
@@ -1447,7 +1447,7 @@ static int scan_all(struct ubi_device *ubi, struct ubi_attach_info *ai,
return err;
}
-static struct ubi_attach_info *alloc_ai(void)
+static struct ubi_attach_info *alloc_ai(const char *slab_name)
{
struct ubi_attach_info *ai;
@@ -1461,7 +1461,7 @@ static struct ubi_attach_info *alloc_ai(void)
INIT_LIST_HEAD(&ai->alien);
INIT_LIST_HEAD(&ai->fastmap);
ai->volumes = RB_ROOT;
- ai->aeb_slab_cache = kmem_cache_create("ubi_aeb_slab_cache",
+ ai->aeb_slab_cache = kmem_cache_create(slab_name,
sizeof(struct ubi_ainf_peb),
0, 0, NULL);
if (!ai->aeb_slab_cache) {
@@ -1491,7 +1491,7 @@ static int scan_fast(struct ubi_device *ubi, struct ubi_attach_info **ai)
err = -ENOMEM;
- scan_ai = alloc_ai();
+ scan_ai = alloc_ai("ubi_aeb_slab_cache_fastmap");
if (!scan_ai)
goto out;
@@ -1557,7 +1557,7 @@ int ubi_attach(struct ubi_device *ubi, int force_scan)
int err;
struct ubi_attach_info *ai;
- ai = alloc_ai();
+ ai = alloc_ai("ubi_aeb_slab_cache");
if (!ai)
return -ENOMEM;
@@ -1575,7 +1575,7 @@ int ubi_attach(struct ubi_device *ubi, int force_scan)
if (err > 0 || mtd_is_eccerr(err)) {
if (err != UBI_NO_FASTMAP) {
destroy_ai(ai);
- ai = alloc_ai();
+ ai = alloc_ai("ubi_aeb_slab_cache");
if (!ai)
return -ENOMEM;
@@ -1614,7 +1614,7 @@ int ubi_attach(struct ubi_device *ubi, int force_scan)
if (ubi->fm && ubi_dbg_chk_fastmap(ubi)) {
struct ubi_attach_info *scan_ai;
- scan_ai = alloc_ai();
+ scan_ai = alloc_ai("ubi_aeb_slab_cache_dbg_chk_fastmap");
if (!scan_ai) {
err = -ENOMEM;
goto out_wl;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 777/817] ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (775 preceding siblings ...)
2024-12-03 14:45 ` [PATCH 6.11 776/817] ubi: fastmap: Fix duplicate slab cache names while attaching Greg Kroah-Hartman
@ 2024-12-03 14:45 ` Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 778/817] jffs2: fix use of uninitialized variable Greg Kroah-Hartman
` (49 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Waqar Hameed, Zhihao Cheng,
Richard Weinberger, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Waqar Hameed <waqar.hameed@axis.com>
[ Upstream commit 4617fb8fc15effe8eda4dd898d4e33eb537a7140 ]
After an insertion in TNC, the tree might split and cause a node to
change its `znode->parent`. A further deletion of other nodes in the
tree (which also could free the nodes), the aforementioned node's
`znode->cparent` could still point to a freed node. This
`znode->cparent` may not be updated when getting nodes to commit in
`ubifs_tnc_start_commit()`. This could then trigger a use-after-free
when accessing the `znode->cparent` in `write_index()` in
`ubifs_tnc_end_commit()`.
This can be triggered by running
rm -f /etc/test-file.bin
dd if=/dev/urandom of=/etc/test-file.bin bs=1M count=60 conv=fsync
in a loop, and with `CONFIG_UBIFS_FS_AUTHENTICATION`. KASAN then
reports:
BUG: KASAN: use-after-free in ubifs_tnc_end_commit+0xa5c/0x1950
Write of size 32 at addr ffffff800a3af86c by task ubifs_bgt0_20/153
Call trace:
dump_backtrace+0x0/0x340
show_stack+0x18/0x24
dump_stack_lvl+0x9c/0xbc
print_address_description.constprop.0+0x74/0x2b0
kasan_report+0x1d8/0x1f0
kasan_check_range+0xf8/0x1a0
memcpy+0x84/0xf4
ubifs_tnc_end_commit+0xa5c/0x1950
do_commit+0x4e0/0x1340
ubifs_bg_thread+0x234/0x2e0
kthread+0x36c/0x410
ret_from_fork+0x10/0x20
Allocated by task 401:
kasan_save_stack+0x38/0x70
__kasan_kmalloc+0x8c/0xd0
__kmalloc+0x34c/0x5bc
tnc_insert+0x140/0x16a4
ubifs_tnc_add+0x370/0x52c
ubifs_jnl_write_data+0x5d8/0x870
do_writepage+0x36c/0x510
ubifs_writepage+0x190/0x4dc
__writepage+0x58/0x154
write_cache_pages+0x394/0x830
do_writepages+0x1f0/0x5b0
filemap_fdatawrite_wbc+0x170/0x25c
file_write_and_wait_range+0x140/0x190
ubifs_fsync+0xe8/0x290
vfs_fsync_range+0xc0/0x1e4
do_fsync+0x40/0x90
__arm64_sys_fsync+0x34/0x50
invoke_syscall.constprop.0+0xa8/0x260
do_el0_svc+0xc8/0x1f0
el0_svc+0x34/0x70
el0t_64_sync_handler+0x108/0x114
el0t_64_sync+0x1a4/0x1a8
Freed by task 403:
kasan_save_stack+0x38/0x70
kasan_set_track+0x28/0x40
kasan_set_free_info+0x28/0x4c
__kasan_slab_free+0xd4/0x13c
kfree+0xc4/0x3a0
tnc_delete+0x3f4/0xe40
ubifs_tnc_remove_range+0x368/0x73c
ubifs_tnc_remove_ino+0x29c/0x2e0
ubifs_jnl_delete_inode+0x150/0x260
ubifs_evict_inode+0x1d4/0x2e4
evict+0x1c8/0x450
iput+0x2a0/0x3c4
do_unlinkat+0x2cc/0x490
__arm64_sys_unlinkat+0x90/0x100
invoke_syscall.constprop.0+0xa8/0x260
do_el0_svc+0xc8/0x1f0
el0_svc+0x34/0x70
el0t_64_sync_handler+0x108/0x114
el0t_64_sync+0x1a4/0x1a8
The offending `memcpy()` in `ubifs_copy_hash()` has a use-after-free
when a node becomes root in TNC but still has a `cparent` to an already
freed node. More specifically, consider the following TNC:
zroot
/
/
zp1
/
/
zn
Inserting a new node `zn_new` with a key smaller then `zn` will trigger
a split in `tnc_insert()` if `zp1` is full:
zroot
/ \
/ \
zp1 zp2
/ \
/ \
zn_new zn
`zn->parent` has now been moved to `zp2`, *but* `zn->cparent` still
points to `zp1`.
Now, consider a removal of all the nodes _except_ `zn`. Just when
`tnc_delete()` is about to delete `zroot` and `zp2`:
zroot
\
\
zp2
\
\
zn
`zroot` and `zp2` get freed and the tree collapses:
zn
`zn` now becomes the new `zroot`.
`get_znodes_to_commit()` will now only find `zn`, the new `zroot`, and
`write_index()` will check its `znode->cparent` that wrongly points to
the already freed `zp1`. `ubifs_copy_hash()` thus gets wrongly called
with `znode->cparent->zbranch[znode->iip].hash` that triggers the
use-after-free!
Fix this by explicitly setting `znode->cparent` to `NULL` in
`get_znodes_to_commit()` for the root node. The search for the dirty
nodes is bottom-up in the tree. Thus, when `find_next_dirty(znode)`
returns NULL, the current `znode` _is_ the root node. Add an assert for
this.
Fixes: 16a26b20d2af ("ubifs: authentication: Add hashes to index nodes")
Tested-by: Waqar Hameed <waqar.hameed@axis.com>
Co-developed-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: Waqar Hameed <waqar.hameed@axis.com>
Reviewed-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ubifs/tnc_commit.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/fs/ubifs/tnc_commit.c b/fs/ubifs/tnc_commit.c
index a55e04822d16e..7c43e0ccf6d47 100644
--- a/fs/ubifs/tnc_commit.c
+++ b/fs/ubifs/tnc_commit.c
@@ -657,6 +657,8 @@ static int get_znodes_to_commit(struct ubifs_info *c)
znode->alt = 0;
cnext = find_next_dirty(znode);
if (!cnext) {
+ ubifs_assert(c, !znode->parent);
+ znode->cparent = NULL;
znode->cnext = c->cnext;
break;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 778/817] jffs2: fix use of uninitialized variable
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (776 preceding siblings ...)
2024-12-03 14:45 ` [PATCH 6.11 777/817] ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit Greg Kroah-Hartman
@ 2024-12-03 14:45 ` Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 779/817] rtc: rzn1: fix BCD to rtc_time conversion errors Greg Kroah-Hartman
` (48 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Qingfang Deng, Zhihao Cheng,
Richard Weinberger, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Qingfang Deng <qingfang.deng@siflower.com.cn>
[ Upstream commit 3ba44ee966bc3c41dd8a944f963466c8fcc60dc8 ]
When building the kernel with -Wmaybe-uninitialized, the compiler
reports this warning:
In function 'jffs2_mark_erased_block',
inlined from 'jffs2_erase_pending_blocks' at fs/jffs2/erase.c:116:4:
fs/jffs2/erase.c:474:9: warning: 'bad_offset' may be used uninitialized [-Wmaybe-uninitialized]
474 | jffs2_erase_failed(c, jeb, bad_offset);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/jffs2/erase.c: In function 'jffs2_erase_pending_blocks':
fs/jffs2/erase.c:402:18: note: 'bad_offset' was declared here
402 | uint32_t bad_offset;
| ^~~~~~~~~~
When mtd->point() is used, jffs2_erase_pending_blocks can return -EIO
without initializing bad_offset, which is later used at the filebad
label in jffs2_mark_erased_block.
Fix it by initializing this variable.
Fixes: 8a0f572397ca ("[JFFS2] Return values of jffs2_block_check_erase error paths")
Signed-off-by: Qingfang Deng <qingfang.deng@siflower.com.cn>
Reviewed-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/jffs2/erase.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/fs/jffs2/erase.c b/fs/jffs2/erase.c
index acd32f05b5198..ef3a1e1b6cb06 100644
--- a/fs/jffs2/erase.c
+++ b/fs/jffs2/erase.c
@@ -338,10 +338,9 @@ static int jffs2_block_check_erase(struct jffs2_sb_info *c, struct jffs2_erasebl
} while(--retlen);
mtd_unpoint(c->mtd, jeb->offset, c->sector_size);
if (retlen) {
- pr_warn("Newly-erased block contained word 0x%lx at offset 0x%08tx\n",
- *wordebuf,
- jeb->offset +
- c->sector_size-retlen * sizeof(*wordebuf));
+ *bad_offset = jeb->offset + c->sector_size - retlen * sizeof(*wordebuf);
+ pr_warn("Newly-erased block contained word 0x%lx at offset 0x%08x\n",
+ *wordebuf, *bad_offset);
return -EIO;
}
return 0;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 779/817] rtc: rzn1: fix BCD to rtc_time conversion errors
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (777 preceding siblings ...)
2024-12-03 14:45 ` [PATCH 6.11 778/817] jffs2: fix use of uninitialized variable Greg Kroah-Hartman
@ 2024-12-03 14:45 ` Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 780/817] Revert "nfs: dont reuse partially completed requests in nfs_lock_and_join_requests" Greg Kroah-Hartman
` (47 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Wolfram Sang, Miquel Raynal,
Alexandre Belloni, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Wolfram Sang <wsa+renesas@sang-engineering.com>
[ Upstream commit 55727188dfa3572aecd946e58fab9e4a64f06894 ]
tm_mon describes months from 0 to 11, but the register contains BCD from
1 to 12. tm_year contains years since 1900, but the BCD contains 20XX.
Apply the offsets when converting these numbers.
Fixes: deeb4b5393e1 ("rtc: rzn1: Add new RTC driver")
Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
Reviewed-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/r/20241113113032.27409-1-wsa+renesas@sang-engineering.com
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/rtc/rtc-rzn1.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/rtc/rtc-rzn1.c b/drivers/rtc/rtc-rzn1.c
index 56ebbd4d04814..8570c8e63d70c 100644
--- a/drivers/rtc/rtc-rzn1.c
+++ b/drivers/rtc/rtc-rzn1.c
@@ -111,8 +111,8 @@ static int rzn1_rtc_read_time(struct device *dev, struct rtc_time *tm)
tm->tm_hour = bcd2bin(tm->tm_hour);
tm->tm_wday = bcd2bin(tm->tm_wday);
tm->tm_mday = bcd2bin(tm->tm_mday);
- tm->tm_mon = bcd2bin(tm->tm_mon);
- tm->tm_year = bcd2bin(tm->tm_year);
+ tm->tm_mon = bcd2bin(tm->tm_mon) - 1;
+ tm->tm_year = bcd2bin(tm->tm_year) + 100;
return 0;
}
@@ -128,8 +128,8 @@ static int rzn1_rtc_set_time(struct device *dev, struct rtc_time *tm)
tm->tm_hour = bin2bcd(tm->tm_hour);
tm->tm_wday = bin2bcd(rzn1_rtc_tm_to_wday(tm));
tm->tm_mday = bin2bcd(tm->tm_mday);
- tm->tm_mon = bin2bcd(tm->tm_mon);
- tm->tm_year = bin2bcd(tm->tm_year);
+ tm->tm_mon = bin2bcd(tm->tm_mon + 1);
+ tm->tm_year = bin2bcd(tm->tm_year - 100);
val = readl(rtc->base + RZN1_RTC_CTL2);
if (!(val & RZN1_RTC_CTL2_STOPPED)) {
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 780/817] Revert "nfs: dont reuse partially completed requests in nfs_lock_and_join_requests"
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (778 preceding siblings ...)
2024-12-03 14:45 ` [PATCH 6.11 779/817] rtc: rzn1: fix BCD to rtc_time conversion errors Greg Kroah-Hartman
@ 2024-12-03 14:45 ` Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 781/817] nvme-multipath: avoid hang on inaccessible namespaces Greg Kroah-Hartman
` (46 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Igor Raits, Trond Myklebust,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Trond Myklebust <trond.myklebust@hammerspace.com>
[ Upstream commit 66f9dac9077c9c063552e465212abeb8f97d28a7 ]
This reverts commit b571cfcb9dcac187c6d967987792d37cb0688610.
This patch appears to assume that if one request is complete, then the
others will complete too before unlocking. That is not a valid
assumption, since other requests could hit a non-fatal error or a short
write that would cause them not to complete.
Reported-by: Igor Raits <igor@gooddata.com>
Link: https://bugzilla.kernel.org/show_bug.cgi?id=219508
Fixes: b571cfcb9dca ("nfs: don't reuse partially completed requests in nfs_lock_and_join_requests")
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/nfs/write.c | 49 +++++++++++++++++++++++++++++--------------------
1 file changed, 29 insertions(+), 20 deletions(-)
diff --git a/fs/nfs/write.c b/fs/nfs/write.c
index d074d0ceb4f01..1e2b9ee4222e7 100644
--- a/fs/nfs/write.c
+++ b/fs/nfs/write.c
@@ -144,6 +144,31 @@ static void nfs_io_completion_put(struct nfs_io_completion *ioc)
kref_put(&ioc->refcount, nfs_io_completion_release);
}
+static void
+nfs_page_set_inode_ref(struct nfs_page *req, struct inode *inode)
+{
+ if (!test_and_set_bit(PG_INODE_REF, &req->wb_flags)) {
+ kref_get(&req->wb_kref);
+ atomic_long_inc(&NFS_I(inode)->nrequests);
+ }
+}
+
+static int
+nfs_cancel_remove_inode(struct nfs_page *req, struct inode *inode)
+{
+ int ret;
+
+ if (!test_bit(PG_REMOVE, &req->wb_flags))
+ return 0;
+ ret = nfs_page_group_lock(req);
+ if (ret)
+ return ret;
+ if (test_and_clear_bit(PG_REMOVE, &req->wb_flags))
+ nfs_page_set_inode_ref(req, inode);
+ nfs_page_group_unlock(req);
+ return 0;
+}
+
/**
* nfs_folio_find_head_request - find head request associated with a folio
* @folio: pointer to folio
@@ -540,7 +565,6 @@ static struct nfs_page *nfs_lock_and_join_requests(struct folio *folio)
struct inode *inode = folio->mapping->host;
struct nfs_page *head, *subreq;
struct nfs_commit_info cinfo;
- bool removed;
int ret;
/*
@@ -565,18 +589,18 @@ static struct nfs_page *nfs_lock_and_join_requests(struct folio *folio)
goto retry;
}
- ret = nfs_page_group_lock(head);
+ ret = nfs_cancel_remove_inode(head, inode);
if (ret < 0)
goto out_unlock;
- removed = test_bit(PG_REMOVE, &head->wb_flags);
+ ret = nfs_page_group_lock(head);
+ if (ret < 0)
+ goto out_unlock;
/* lock each request in the page group */
for (subreq = head->wb_this_page;
subreq != head;
subreq = subreq->wb_this_page) {
- if (test_bit(PG_REMOVE, &subreq->wb_flags))
- removed = true;
ret = nfs_page_group_lock_subreq(head, subreq);
if (ret < 0)
goto out_unlock;
@@ -584,21 +608,6 @@ static struct nfs_page *nfs_lock_and_join_requests(struct folio *folio)
nfs_page_group_unlock(head);
- /*
- * If PG_REMOVE is set on any request, I/O on that request has
- * completed, but some requests were still under I/O at the time
- * we locked the head request.
- *
- * In that case the above wait for all requests means that all I/O
- * has now finished, and we can restart from a clean slate. Let the
- * old requests go away and start from scratch instead.
- */
- if (removed) {
- nfs_unroll_locks(head, head);
- nfs_unlock_and_release_request(head);
- goto retry;
- }
-
nfs_init_cinfo_from_inode(&cinfo, inode);
nfs_join_page_group(head, &cinfo, inode);
return head;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 781/817] nvme-multipath: avoid hang on inaccessible namespaces
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (779 preceding siblings ...)
2024-12-03 14:45 ` [PATCH 6.11 780/817] Revert "nfs: dont reuse partially completed requests in nfs_lock_and_join_requests" Greg Kroah-Hartman
@ 2024-12-03 14:45 ` Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 782/817] nvme/multipath: Fix RCU list traversal to use SRCU primitive Greg Kroah-Hartman
` (45 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Hannes Reinecke, Sagi Grimberg,
Keith Busch, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hannes Reinecke <hare@kernel.org>
[ Upstream commit 3b97f5a05cfc55e7729ff3769f63eef64e2178bb ]
During repetitive namespace remapping operations on the target the
namespace might have changed between the time the initial scan
was performed, and partition scan was invoked by device_add_disk()
in nvme_mpath_set_live(). We then end up with a stuck scanning process:
[<0>] folio_wait_bit_common+0x12a/0x310
[<0>] filemap_read_folio+0x97/0xd0
[<0>] do_read_cache_folio+0x108/0x390
[<0>] read_part_sector+0x31/0xa0
[<0>] read_lba+0xc5/0x160
[<0>] efi_partition+0xd9/0x8f0
[<0>] bdev_disk_changed+0x23d/0x6d0
[<0>] blkdev_get_whole+0x78/0xc0
[<0>] bdev_open+0x2c6/0x3b0
[<0>] bdev_file_open_by_dev+0xcb/0x120
[<0>] disk_scan_partitions+0x5d/0x100
[<0>] device_add_disk+0x402/0x420
[<0>] nvme_mpath_set_live+0x4f/0x1f0 [nvme_core]
[<0>] nvme_mpath_add_disk+0x107/0x120 [nvme_core]
[<0>] nvme_alloc_ns+0xac6/0xe60 [nvme_core]
[<0>] nvme_scan_ns+0x2dd/0x3e0 [nvme_core]
[<0>] nvme_scan_work+0x1a3/0x490 [nvme_core]
This happens when we have several paths, some of which are inaccessible,
and the active paths are removed first. Then nvme_find_path() will requeue
I/O in the ns_head (as paths are present), but the requeue list is never
triggered as all remaining paths are inactive.
This patch checks for NVME_NSHEAD_DISK_LIVE in nvme_available_path(),
and requeue I/O after NVME_NSHEAD_DISK_LIVE has been cleared once
the last path has been removed to properly terminate pending I/O.
Signed-off-by: Hannes Reinecke <hare@kernel.org>
Reviewed-by: Sagi Grimberg <sagi@grimberg.me>
Signed-off-by: Keith Busch <kbusch@kernel.org>
Stable-dep-of: 5dd18f09ce73 ("nvme/multipath: Fix RCU list traversal to use SRCU primitive")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/nvme/host/multipath.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/drivers/nvme/host/multipath.c b/drivers/nvme/host/multipath.c
index a43982aaa40d7..6b2decd998de5 100644
--- a/drivers/nvme/host/multipath.c
+++ b/drivers/nvme/host/multipath.c
@@ -421,6 +421,9 @@ static bool nvme_available_path(struct nvme_ns_head *head)
{
struct nvme_ns *ns;
+ if (!test_bit(NVME_NSHEAD_DISK_LIVE, &head->flags))
+ return NULL;
+
list_for_each_entry_rcu(ns, &head->list, siblings) {
if (test_bit(NVME_CTRL_FAILFAST_EXPIRED, &ns->ctrl->flags))
continue;
@@ -995,8 +998,7 @@ void nvme_mpath_shutdown_disk(struct nvme_ns_head *head)
{
if (!head->disk)
return;
- kblockd_schedule_work(&head->requeue_work);
- if (test_bit(NVME_NSHEAD_DISK_LIVE, &head->flags)) {
+ if (test_and_clear_bit(NVME_NSHEAD_DISK_LIVE, &head->flags)) {
nvme_cdev_del(&head->cdev, &head->cdev_device);
/*
* requeue I/O after NVME_NSHEAD_DISK_LIVE has been cleared
@@ -1006,6 +1008,12 @@ void nvme_mpath_shutdown_disk(struct nvme_ns_head *head)
kblockd_schedule_work(&head->requeue_work);
del_gendisk(head->disk);
}
+ /*
+ * requeue I/O after NVME_NSHEAD_DISK_LIVE has been cleared
+ * to allow multipath to fail all I/O.
+ */
+ synchronize_srcu(&head->srcu);
+ kblockd_schedule_work(&head->requeue_work);
}
void nvme_mpath_remove_disk(struct nvme_ns_head *head)
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 782/817] nvme/multipath: Fix RCU list traversal to use SRCU primitive
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (780 preceding siblings ...)
2024-12-03 14:45 ` [PATCH 6.11 781/817] nvme-multipath: avoid hang on inaccessible namespaces Greg Kroah-Hartman
@ 2024-12-03 14:45 ` Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 783/817] blk-mq: add non_owner variant of start_freeze/unfreeze queue APIs Greg Kroah-Hartman
` (44 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:45 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Breno Leitao, Keith Busch,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Breno Leitao <leitao@debian.org>
[ Upstream commit 5dd18f09ce7399df6fffe80d1598add46c395ae9 ]
The code currently uses list_for_each_entry_rcu() while holding an SRCU
lock, triggering false positive warnings with CONFIG_PROVE_RCU=y
enabled:
drivers/nvme/host/multipath.c:168 RCU-list traversed in non-reader section!!
drivers/nvme/host/multipath.c:227 RCU-list traversed in non-reader section!!
drivers/nvme/host/multipath.c:260 RCU-list traversed in non-reader section!!
While the list is properly protected by SRCU lock, the code uses the
wrong list traversal primitive. Replace list_for_each_entry_rcu() with
list_for_each_entry_srcu() to correctly indicate SRCU-based protection
and eliminate the false warning.
Signed-off-by: Breno Leitao <leitao@debian.org>
Fixes: be647e2c76b2 ("nvme: use srcu for iterating namespace list")
Signed-off-by: Keith Busch <kbusch@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/nvme/host/multipath.c | 21 ++++++++++++++-------
1 file changed, 14 insertions(+), 7 deletions(-)
diff --git a/drivers/nvme/host/multipath.c b/drivers/nvme/host/multipath.c
index 6b2decd998de5..07fcf98540c56 100644
--- a/drivers/nvme/host/multipath.c
+++ b/drivers/nvme/host/multipath.c
@@ -165,7 +165,8 @@ void nvme_kick_requeue_lists(struct nvme_ctrl *ctrl)
int srcu_idx;
srcu_idx = srcu_read_lock(&ctrl->srcu);
- list_for_each_entry_rcu(ns, &ctrl->namespaces, list) {
+ list_for_each_entry_srcu(ns, &ctrl->namespaces, list,
+ srcu_read_lock_held(&ctrl->srcu)) {
if (!ns->head->disk)
continue;
kblockd_schedule_work(&ns->head->requeue_work);
@@ -209,7 +210,8 @@ void nvme_mpath_clear_ctrl_paths(struct nvme_ctrl *ctrl)
int srcu_idx;
srcu_idx = srcu_read_lock(&ctrl->srcu);
- list_for_each_entry_rcu(ns, &ctrl->namespaces, list) {
+ list_for_each_entry_srcu(ns, &ctrl->namespaces, list,
+ srcu_read_lock_held(&ctrl->srcu)) {
nvme_mpath_clear_current_path(ns);
kblockd_schedule_work(&ns->head->requeue_work);
}
@@ -224,7 +226,8 @@ void nvme_mpath_revalidate_paths(struct nvme_ns *ns)
int srcu_idx;
srcu_idx = srcu_read_lock(&head->srcu);
- list_for_each_entry_rcu(ns, &head->list, siblings) {
+ list_for_each_entry_srcu(ns, &head->list, siblings,
+ srcu_read_lock_held(&head->srcu)) {
if (capacity != get_capacity(ns->disk))
clear_bit(NVME_NS_READY, &ns->flags);
}
@@ -257,7 +260,8 @@ static struct nvme_ns *__nvme_find_path(struct nvme_ns_head *head, int node)
int found_distance = INT_MAX, fallback_distance = INT_MAX, distance;
struct nvme_ns *found = NULL, *fallback = NULL, *ns;
- list_for_each_entry_rcu(ns, &head->list, siblings) {
+ list_for_each_entry_srcu(ns, &head->list, siblings,
+ srcu_read_lock_held(&head->srcu)) {
if (nvme_path_is_disabled(ns))
continue;
@@ -356,7 +360,8 @@ static struct nvme_ns *nvme_queue_depth_path(struct nvme_ns_head *head)
unsigned int min_depth_opt = UINT_MAX, min_depth_nonopt = UINT_MAX;
unsigned int depth;
- list_for_each_entry_rcu(ns, &head->list, siblings) {
+ list_for_each_entry_srcu(ns, &head->list, siblings,
+ srcu_read_lock_held(&head->srcu)) {
if (nvme_path_is_disabled(ns))
continue;
@@ -424,7 +429,8 @@ static bool nvme_available_path(struct nvme_ns_head *head)
if (!test_bit(NVME_NSHEAD_DISK_LIVE, &head->flags))
return NULL;
- list_for_each_entry_rcu(ns, &head->list, siblings) {
+ list_for_each_entry_srcu(ns, &head->list, siblings,
+ srcu_read_lock_held(&head->srcu)) {
if (test_bit(NVME_CTRL_FAILFAST_EXPIRED, &ns->ctrl->flags))
continue;
switch (nvme_ctrl_state(ns->ctrl)) {
@@ -786,7 +792,8 @@ static int nvme_update_ana_state(struct nvme_ctrl *ctrl,
return 0;
srcu_idx = srcu_read_lock(&ctrl->srcu);
- list_for_each_entry_rcu(ns, &ctrl->namespaces, list) {
+ list_for_each_entry_srcu(ns, &ctrl->namespaces, list,
+ srcu_read_lock_held(&ctrl->srcu)) {
unsigned nsid;
again:
nsid = le32_to_cpu(desc->nsids[n]);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 783/817] blk-mq: add non_owner variant of start_freeze/unfreeze queue APIs
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (781 preceding siblings ...)
2024-12-03 14:45 ` [PATCH 6.11 782/817] nvme/multipath: Fix RCU list traversal to use SRCU primitive Greg Kroah-Hartman
@ 2024-12-03 14:45 ` Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 784/817] block: model freeze & enter queue as lock for supporting lockdep Greg Kroah-Hartman
` (43 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christoph Hellwig, Ming Lei,
Jens Axboe, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ming Lei <ming.lei@redhat.com>
[ Upstream commit 8acdd0e7bfadda6b5103f2960d293581954454ed ]
Add non_owner variant of start_freeze/unfreeze queue APIs, so that the
caller knows that what they are doing, and we can skip lockdep support
for non_owner variant in per-call level.
Prepare for supporting lockdep for freezing/unfreezing queue.
Reviewed-by: Christoph Hellwig <hch@lst.de>
Suggested-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Ming Lei <ming.lei@redhat.com>
Link: https://lore.kernel.org/r/20241025003722.3630252-2-ming.lei@redhat.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Stable-dep-of: 3802f73bd807 ("block: fix uaf for flush rq while iterating tags")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
block/blk-mq.c | 20 ++++++++++++++++++++
include/linux/blk-mq.h | 2 ++
2 files changed, 22 insertions(+)
diff --git a/block/blk-mq.c b/block/blk-mq.c
index f2c7fe2dc7aac..a2c40a97328b6 100644
--- a/block/blk-mq.c
+++ b/block/blk-mq.c
@@ -196,6 +196,26 @@ void blk_mq_unfreeze_queue(struct request_queue *q)
}
EXPORT_SYMBOL_GPL(blk_mq_unfreeze_queue);
+/*
+ * non_owner variant of blk_freeze_queue_start
+ *
+ * Unlike blk_freeze_queue_start, the queue doesn't need to be unfrozen
+ * by the same task. This is fragile and should not be used if at all
+ * possible.
+ */
+void blk_freeze_queue_start_non_owner(struct request_queue *q)
+{
+ blk_freeze_queue_start(q);
+}
+EXPORT_SYMBOL_GPL(blk_freeze_queue_start_non_owner);
+
+/* non_owner variant of blk_mq_unfreeze_queue */
+void blk_mq_unfreeze_queue_non_owner(struct request_queue *q)
+{
+ __blk_mq_unfreeze_queue(q, false);
+}
+EXPORT_SYMBOL_GPL(blk_mq_unfreeze_queue_non_owner);
+
/*
* FIXME: replace the scsi_internal_device_*block_nowait() calls in the
* mpt3sas driver such that this function can be removed.
diff --git a/include/linux/blk-mq.h b/include/linux/blk-mq.h
index 8d304b1d16b15..a2d27a4d7b6c7 100644
--- a/include/linux/blk-mq.h
+++ b/include/linux/blk-mq.h
@@ -928,6 +928,8 @@ void blk_freeze_queue_start(struct request_queue *q);
void blk_mq_freeze_queue_wait(struct request_queue *q);
int blk_mq_freeze_queue_wait_timeout(struct request_queue *q,
unsigned long timeout);
+void blk_mq_unfreeze_queue_non_owner(struct request_queue *q);
+void blk_freeze_queue_start_non_owner(struct request_queue *q);
void blk_mq_map_queues(struct blk_mq_queue_map *qmap);
void blk_mq_update_nr_hw_queues(struct blk_mq_tag_set *set, int nr_hw_queues);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 784/817] block: model freeze & enter queue as lock for supporting lockdep
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (782 preceding siblings ...)
2024-12-03 14:45 ` [PATCH 6.11 783/817] blk-mq: add non_owner variant of start_freeze/unfreeze queue APIs Greg Kroah-Hartman
@ 2024-12-03 14:45 ` Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 785/817] block: fix uaf for flush rq while iterating tags Greg Kroah-Hartman
` (42 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christoph Hellwig, Ming Lei,
Jens Axboe, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ming Lei <ming.lei@redhat.com>
[ Upstream commit f1be1788a32e8fa63416ad4518bbd1a85a825c9d ]
Recently we got several deadlock report[1][2][3] caused by
blk_mq_freeze_queue and blk_enter_queue().
Turns out the two are just like acquiring read/write lock, so model them
as read/write lock for supporting lockdep:
1) model q->q_usage_counter as two locks(io and queue lock)
- queue lock covers sync with blk_enter_queue()
- io lock covers sync with bio_enter_queue()
2) make the lockdep class/key as per-queue:
- different subsystem has very different lock use pattern, shared lock
class causes false positive easily
- freeze_queue degrades to no lock in case that disk state becomes DEAD
because bio_enter_queue() won't be blocked any more
- freeze_queue degrades to no lock in case that request queue becomes dying
because blk_enter_queue() won't be blocked any more
3) model blk_mq_freeze_queue() as acquire_exclusive & try_lock
- it is exclusive lock, so dependency with blk_enter_queue() is covered
- it is trylock because blk_mq_freeze_queue() are allowed to run
concurrently
4) model blk_enter_queue() & bio_enter_queue() as acquire_read()
- nested blk_enter_queue() are allowed
- dependency with blk_mq_freeze_queue() is covered
- blk_queue_exit() is often called from other contexts(such as irq), and
it can't be annotated as lock_release(), so simply do it in
blk_enter_queue(), this way still covered cases as many as possible
With lockdep support, such kind of reports may be reported asap and
needn't wait until the real deadlock is triggered.
For example, lockdep report can be triggered in the report[3] with this
patch applied.
[1] occasional block layer hang when setting 'echo noop > /sys/block/sda/queue/scheduler'
https://bugzilla.kernel.org/show_bug.cgi?id=219166
[2] del_gendisk() vs blk_queue_enter() race condition
https://lore.kernel.org/linux-block/20241003085610.GK11458@google.com/
[3] queue_freeze & queue_enter deadlock in scsi
https://lore.kernel.org/linux-block/ZxG38G9BuFdBpBHZ@fedora/T/#u
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Ming Lei <ming.lei@redhat.com>
Link: https://lore.kernel.org/r/20241025003722.3630252-4-ming.lei@redhat.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Stable-dep-of: 3802f73bd807 ("block: fix uaf for flush rq while iterating tags")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
block/blk-core.c | 18 ++++++++++++++++--
block/blk-mq.c | 26 ++++++++++++++++++++++----
block/blk.h | 29 ++++++++++++++++++++++++++---
block/genhd.c | 15 +++++++++++----
include/linux/blkdev.h | 6 ++++++
5 files changed, 81 insertions(+), 13 deletions(-)
diff --git a/block/blk-core.c b/block/blk-core.c
index bc5e8c5eaac9f..09d10bb95fda0 100644
--- a/block/blk-core.c
+++ b/block/blk-core.c
@@ -261,6 +261,8 @@ static void blk_free_queue(struct request_queue *q)
blk_mq_release(q);
ida_free(&blk_queue_ida, q->id);
+ lockdep_unregister_key(&q->io_lock_cls_key);
+ lockdep_unregister_key(&q->q_lock_cls_key);
call_rcu(&q->rcu_head, blk_free_queue_rcu);
}
@@ -278,18 +280,20 @@ void blk_put_queue(struct request_queue *q)
}
EXPORT_SYMBOL(blk_put_queue);
-void blk_queue_start_drain(struct request_queue *q)
+bool blk_queue_start_drain(struct request_queue *q)
{
/*
* When queue DYING flag is set, we need to block new req
* entering queue, so we call blk_freeze_queue_start() to
* prevent I/O from crossing blk_queue_enter().
*/
- blk_freeze_queue_start(q);
+ bool freeze = __blk_freeze_queue_start(q);
if (queue_is_mq(q))
blk_mq_wake_waiters(q);
/* Make blk_queue_enter() reexamine the DYING flag. */
wake_up_all(&q->mq_freeze_wq);
+
+ return freeze;
}
/**
@@ -321,6 +325,8 @@ int blk_queue_enter(struct request_queue *q, blk_mq_req_flags_t flags)
return -ENODEV;
}
+ rwsem_acquire_read(&q->q_lockdep_map, 0, 0, _RET_IP_);
+ rwsem_release(&q->q_lockdep_map, _RET_IP_);
return 0;
}
@@ -352,6 +358,8 @@ int __bio_queue_enter(struct request_queue *q, struct bio *bio)
goto dead;
}
+ rwsem_acquire_read(&q->io_lockdep_map, 0, 0, _RET_IP_);
+ rwsem_release(&q->io_lockdep_map, _RET_IP_);
return 0;
dead:
bio_io_error(bio);
@@ -441,6 +449,12 @@ struct request_queue *blk_alloc_queue(struct queue_limits *lim, int node_id)
PERCPU_REF_INIT_ATOMIC, GFP_KERNEL);
if (error)
goto fail_stats;
+ lockdep_register_key(&q->io_lock_cls_key);
+ lockdep_register_key(&q->q_lock_cls_key);
+ lockdep_init_map(&q->io_lockdep_map, "&q->q_usage_counter(io)",
+ &q->io_lock_cls_key, 0);
+ lockdep_init_map(&q->q_lockdep_map, "&q->q_usage_counter(queue)",
+ &q->q_lock_cls_key, 0);
q->nr_requests = BLKDEV_DEFAULT_RQ;
diff --git a/block/blk-mq.c b/block/blk-mq.c
index a2c40a97328b6..46e1cd2d1be8d 100644
--- a/block/blk-mq.c
+++ b/block/blk-mq.c
@@ -120,17 +120,29 @@ void blk_mq_in_flight_rw(struct request_queue *q, struct block_device *part,
inflight[1] = mi.inflight[1];
}
-void blk_freeze_queue_start(struct request_queue *q)
+bool __blk_freeze_queue_start(struct request_queue *q)
{
+ int freeze;
+
mutex_lock(&q->mq_freeze_lock);
if (++q->mq_freeze_depth == 1) {
percpu_ref_kill(&q->q_usage_counter);
mutex_unlock(&q->mq_freeze_lock);
if (queue_is_mq(q))
blk_mq_run_hw_queues(q, false);
+ freeze = true;
} else {
mutex_unlock(&q->mq_freeze_lock);
+ freeze = false;
}
+
+ return freeze;
+}
+
+void blk_freeze_queue_start(struct request_queue *q)
+{
+ if (__blk_freeze_queue_start(q))
+ blk_freeze_acquire_lock(q, false, false);
}
EXPORT_SYMBOL_GPL(blk_freeze_queue_start);
@@ -176,8 +188,10 @@ void blk_mq_freeze_queue(struct request_queue *q)
}
EXPORT_SYMBOL_GPL(blk_mq_freeze_queue);
-void __blk_mq_unfreeze_queue(struct request_queue *q, bool force_atomic)
+bool __blk_mq_unfreeze_queue(struct request_queue *q, bool force_atomic)
{
+ int unfreeze = false;
+
mutex_lock(&q->mq_freeze_lock);
if (force_atomic)
q->q_usage_counter.data->force_atomic = true;
@@ -186,13 +200,17 @@ void __blk_mq_unfreeze_queue(struct request_queue *q, bool force_atomic)
if (!q->mq_freeze_depth) {
percpu_ref_resurrect(&q->q_usage_counter);
wake_up_all(&q->mq_freeze_wq);
+ unfreeze = true;
}
mutex_unlock(&q->mq_freeze_lock);
+
+ return unfreeze;
}
void blk_mq_unfreeze_queue(struct request_queue *q)
{
- __blk_mq_unfreeze_queue(q, false);
+ if (__blk_mq_unfreeze_queue(q, false))
+ blk_unfreeze_release_lock(q, false, false);
}
EXPORT_SYMBOL_GPL(blk_mq_unfreeze_queue);
@@ -205,7 +223,7 @@ EXPORT_SYMBOL_GPL(blk_mq_unfreeze_queue);
*/
void blk_freeze_queue_start_non_owner(struct request_queue *q)
{
- blk_freeze_queue_start(q);
+ __blk_freeze_queue_start(q);
}
EXPORT_SYMBOL_GPL(blk_freeze_queue_start_non_owner);
diff --git a/block/blk.h b/block/blk.h
index 61c2afa67daab..42f1d31d4649a 100644
--- a/block/blk.h
+++ b/block/blk.h
@@ -4,6 +4,7 @@
#include <linux/bio-integrity.h>
#include <linux/blk-crypto.h>
+#include <linux/lockdep.h>
#include <linux/memblock.h> /* for max_pfn/max_low_pfn */
#include <linux/sched/sysctl.h>
#include <linux/timekeeping.h>
@@ -35,8 +36,9 @@ struct blk_flush_queue *blk_alloc_flush_queue(int node, int cmd_size,
void blk_free_flush_queue(struct blk_flush_queue *q);
void blk_freeze_queue(struct request_queue *q);
-void __blk_mq_unfreeze_queue(struct request_queue *q, bool force_atomic);
-void blk_queue_start_drain(struct request_queue *q);
+bool __blk_mq_unfreeze_queue(struct request_queue *q, bool force_atomic);
+bool blk_queue_start_drain(struct request_queue *q);
+bool __blk_freeze_queue_start(struct request_queue *q);
int __bio_queue_enter(struct request_queue *q, struct bio *bio);
void submit_bio_noacct_nocheck(struct bio *bio);
void bio_await_chain(struct bio *bio);
@@ -69,8 +71,11 @@ static inline int bio_queue_enter(struct bio *bio)
{
struct request_queue *q = bdev_get_queue(bio->bi_bdev);
- if (blk_try_enter_queue(q, false))
+ if (blk_try_enter_queue(q, false)) {
+ rwsem_acquire_read(&q->io_lockdep_map, 0, 0, _RET_IP_);
+ rwsem_release(&q->io_lockdep_map, _RET_IP_);
return 0;
+ }
return __bio_queue_enter(q, bio);
}
@@ -724,4 +729,22 @@ void blk_integrity_verify(struct bio *bio);
void blk_integrity_prepare(struct request *rq);
void blk_integrity_complete(struct request *rq, unsigned int nr_bytes);
+static inline void blk_freeze_acquire_lock(struct request_queue *q, bool
+ disk_dead, bool queue_dying)
+{
+ if (!disk_dead)
+ rwsem_acquire(&q->io_lockdep_map, 0, 1, _RET_IP_);
+ if (!queue_dying)
+ rwsem_acquire(&q->q_lockdep_map, 0, 1, _RET_IP_);
+}
+
+static inline void blk_unfreeze_release_lock(struct request_queue *q, bool
+ disk_dead, bool queue_dying)
+{
+ if (!queue_dying)
+ rwsem_release(&q->q_lockdep_map, _RET_IP_);
+ if (!disk_dead)
+ rwsem_release(&q->io_lockdep_map, _RET_IP_);
+}
+
#endif /* BLK_INTERNAL_H */
diff --git a/block/genhd.c b/block/genhd.c
index 1c05dd4c6980b..6ad3fcde01105 100644
--- a/block/genhd.c
+++ b/block/genhd.c
@@ -581,13 +581,13 @@ static void blk_report_disk_dead(struct gendisk *disk, bool surprise)
rcu_read_unlock();
}
-static void __blk_mark_disk_dead(struct gendisk *disk)
+static bool __blk_mark_disk_dead(struct gendisk *disk)
{
/*
* Fail any new I/O.
*/
if (test_and_set_bit(GD_DEAD, &disk->state))
- return;
+ return false;
if (test_bit(GD_OWNS_QUEUE, &disk->state))
blk_queue_flag_set(QUEUE_FLAG_DYING, disk->queue);
@@ -600,7 +600,7 @@ static void __blk_mark_disk_dead(struct gendisk *disk)
/*
* Prevent new I/O from crossing bio_queue_enter().
*/
- blk_queue_start_drain(disk->queue);
+ return blk_queue_start_drain(disk->queue);
}
/**
@@ -641,6 +641,7 @@ void del_gendisk(struct gendisk *disk)
struct request_queue *q = disk->queue;
struct block_device *part;
unsigned long idx;
+ bool start_drain, queue_dying;
might_sleep();
@@ -668,7 +669,10 @@ void del_gendisk(struct gendisk *disk)
* Drop all partitions now that the disk is marked dead.
*/
mutex_lock(&disk->open_mutex);
- __blk_mark_disk_dead(disk);
+ start_drain = __blk_mark_disk_dead(disk);
+ queue_dying = blk_queue_dying(q);
+ if (start_drain)
+ blk_freeze_acquire_lock(q, true, queue_dying);
xa_for_each_start(&disk->part_tbl, idx, part, 1)
drop_partition(part);
mutex_unlock(&disk->open_mutex);
@@ -725,6 +729,9 @@ void del_gendisk(struct gendisk *disk)
if (queue_is_mq(q))
blk_mq_exit_queue(q);
}
+
+ if (start_drain)
+ blk_unfreeze_release_lock(q, true, queue_dying);
}
EXPORT_SYMBOL(del_gendisk);
diff --git a/include/linux/blkdev.h b/include/linux/blkdev.h
index 643c9020a35a6..a6e42a823b71e 100644
--- a/include/linux/blkdev.h
+++ b/include/linux/blkdev.h
@@ -25,6 +25,7 @@
#include <linux/uuid.h>
#include <linux/xarray.h>
#include <linux/file.h>
+#include <linux/lockdep.h>
struct module;
struct request_queue;
@@ -471,6 +472,11 @@ struct request_queue {
struct xarray hctx_table;
struct percpu_ref q_usage_counter;
+ struct lock_class_key io_lock_cls_key;
+ struct lockdep_map io_lockdep_map;
+
+ struct lock_class_key q_lock_cls_key;
+ struct lockdep_map q_lockdep_map;
struct request *last_merge;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 785/817] block: fix uaf for flush rq while iterating tags
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (783 preceding siblings ...)
2024-12-03 14:45 ` [PATCH 6.11 784/817] block: model freeze & enter queue as lock for supporting lockdep Greg Kroah-Hartman
@ 2024-12-03 14:45 ` Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 786/817] block: return unsigned int from bdev_io_min Greg Kroah-Hartman
` (41 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yu Kuai, Ming Lei, Jens Axboe,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yu Kuai <yukuai3@huawei.com>
[ Upstream commit 3802f73bd80766d70f319658f334754164075bc3 ]
blk_mq_clear_flush_rq_mapping() is not called during scsi probe, by
checking blk_queue_init_done(). However, QUEUE_FLAG_INIT_DONE is cleared
in del_gendisk by commit aec89dc5d421 ("block: keep q_usage_counter in
atomic mode after del_gendisk"), hence for disk like scsi, following
blk_mq_destroy_queue() will not clear flush rq from tags->rqs[] as well,
cause following uaf that is found by our syzkaller for v6.6:
==================================================================
BUG: KASAN: slab-use-after-free in blk_mq_find_and_get_req+0x16e/0x1a0 block/blk-mq-tag.c:261
Read of size 4 at addr ffff88811c969c20 by task kworker/1:2H/224909
CPU: 1 PID: 224909 Comm: kworker/1:2H Not tainted 6.6.0-ga836a5060850 #32
Workqueue: kblockd blk_mq_timeout_work
Call Trace:
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x91/0xf0 lib/dump_stack.c:106
print_address_description.constprop.0+0x66/0x300 mm/kasan/report.c:364
print_report+0x3e/0x70 mm/kasan/report.c:475
kasan_report+0xb8/0xf0 mm/kasan/report.c:588
blk_mq_find_and_get_req+0x16e/0x1a0 block/blk-mq-tag.c:261
bt_iter block/blk-mq-tag.c:288 [inline]
__sbitmap_for_each_set include/linux/sbitmap.h:295 [inline]
sbitmap_for_each_set include/linux/sbitmap.h:316 [inline]
bt_for_each+0x455/0x790 block/blk-mq-tag.c:325
blk_mq_queue_tag_busy_iter+0x320/0x740 block/blk-mq-tag.c:534
blk_mq_timeout_work+0x1a3/0x7b0 block/blk-mq.c:1673
process_one_work+0x7c4/0x1450 kernel/workqueue.c:2631
process_scheduled_works kernel/workqueue.c:2704 [inline]
worker_thread+0x804/0xe40 kernel/workqueue.c:2785
kthread+0x346/0x450 kernel/kthread.c:388
ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1b/0x30 arch/x86/entry/entry_64.S:293
Allocated by task 942:
kasan_save_stack+0x22/0x50 mm/kasan/common.c:45
kasan_set_track+0x25/0x30 mm/kasan/common.c:52
____kasan_kmalloc mm/kasan/common.c:374 [inline]
__kasan_kmalloc mm/kasan/common.c:383 [inline]
__kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:380
kasan_kmalloc include/linux/kasan.h:198 [inline]
__do_kmalloc_node mm/slab_common.c:1007 [inline]
__kmalloc_node+0x69/0x170 mm/slab_common.c:1014
kmalloc_node include/linux/slab.h:620 [inline]
kzalloc_node include/linux/slab.h:732 [inline]
blk_alloc_flush_queue+0x144/0x2f0 block/blk-flush.c:499
blk_mq_alloc_hctx+0x601/0x940 block/blk-mq.c:3788
blk_mq_alloc_and_init_hctx+0x27f/0x330 block/blk-mq.c:4261
blk_mq_realloc_hw_ctxs+0x488/0x5e0 block/blk-mq.c:4294
blk_mq_init_allocated_queue+0x188/0x860 block/blk-mq.c:4350
blk_mq_init_queue_data block/blk-mq.c:4166 [inline]
blk_mq_init_queue+0x8d/0x100 block/blk-mq.c:4176
scsi_alloc_sdev+0x843/0xd50 drivers/scsi/scsi_scan.c:335
scsi_probe_and_add_lun+0x77c/0xde0 drivers/scsi/scsi_scan.c:1189
__scsi_scan_target+0x1fc/0x5a0 drivers/scsi/scsi_scan.c:1727
scsi_scan_channel drivers/scsi/scsi_scan.c:1815 [inline]
scsi_scan_channel+0x14b/0x1e0 drivers/scsi/scsi_scan.c:1791
scsi_scan_host_selected+0x2fe/0x400 drivers/scsi/scsi_scan.c:1844
scsi_scan+0x3a0/0x3f0 drivers/scsi/scsi_sysfs.c:151
store_scan+0x2a/0x60 drivers/scsi/scsi_sysfs.c:191
dev_attr_store+0x5c/0x90 drivers/base/core.c:2388
sysfs_kf_write+0x11c/0x170 fs/sysfs/file.c:136
kernfs_fop_write_iter+0x3fc/0x610 fs/kernfs/file.c:338
call_write_iter include/linux/fs.h:2083 [inline]
new_sync_write+0x1b4/0x2d0 fs/read_write.c:493
vfs_write+0x76c/0xb00 fs/read_write.c:586
ksys_write+0x127/0x250 fs/read_write.c:639
do_syscall_x64 arch/x86/entry/common.c:51 [inline]
do_syscall_64+0x70/0x120 arch/x86/entry/common.c:81
entry_SYSCALL_64_after_hwframe+0x78/0xe2
Freed by task 244687:
kasan_save_stack+0x22/0x50 mm/kasan/common.c:45
kasan_set_track+0x25/0x30 mm/kasan/common.c:52
kasan_save_free_info+0x2b/0x50 mm/kasan/generic.c:522
____kasan_slab_free mm/kasan/common.c:236 [inline]
__kasan_slab_free+0x12a/0x1b0 mm/kasan/common.c:244
kasan_slab_free include/linux/kasan.h:164 [inline]
slab_free_hook mm/slub.c:1815 [inline]
slab_free_freelist_hook mm/slub.c:1841 [inline]
slab_free mm/slub.c:3807 [inline]
__kmem_cache_free+0xe4/0x520 mm/slub.c:3820
blk_free_flush_queue+0x40/0x60 block/blk-flush.c:520
blk_mq_hw_sysfs_release+0x4a/0x170 block/blk-mq-sysfs.c:37
kobject_cleanup+0x136/0x410 lib/kobject.c:689
kobject_release lib/kobject.c:720 [inline]
kref_put include/linux/kref.h:65 [inline]
kobject_put+0x119/0x140 lib/kobject.c:737
blk_mq_release+0x24f/0x3f0 block/blk-mq.c:4144
blk_free_queue block/blk-core.c:298 [inline]
blk_put_queue+0xe2/0x180 block/blk-core.c:314
blkg_free_workfn+0x376/0x6e0 block/blk-cgroup.c:144
process_one_work+0x7c4/0x1450 kernel/workqueue.c:2631
process_scheduled_works kernel/workqueue.c:2704 [inline]
worker_thread+0x804/0xe40 kernel/workqueue.c:2785
kthread+0x346/0x450 kernel/kthread.c:388
ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1b/0x30 arch/x86/entry/entry_64.S:293
Other than blk_mq_clear_flush_rq_mapping(), the flag is only used in
blk_register_queue() from initialization path, hence it's safe not to
clear the flag in del_gendisk. And since QUEUE_FLAG_REGISTERED already
make sure that queue should only be registered once, there is no need
to test the flag as well.
Fixes: 6cfeadbff3f8 ("blk-mq: don't clear flush_rq from tags->rqs[]")
Depends-on: commit aec89dc5d421 ("block: keep q_usage_counter in atomic mode after del_gendisk")
Signed-off-by: Yu Kuai <yukuai3@huawei.com>
Reviewed-by: Ming Lei <ming.lei@redhat.com>
Link: https://lore.kernel.org/r/20241104110005.1412161-1-yukuai1@huaweicloud.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
block/blk-sysfs.c | 6 ++----
block/genhd.c | 9 +++------
2 files changed, 5 insertions(+), 10 deletions(-)
diff --git a/block/blk-sysfs.c b/block/blk-sysfs.c
index e85941bec857b..207577145c54f 100644
--- a/block/blk-sysfs.c
+++ b/block/blk-sysfs.c
@@ -794,10 +794,8 @@ int blk_register_queue(struct gendisk *disk)
* faster to shut down and is made fully functional here as
* request_queues for non-existent devices never get registered.
*/
- if (!blk_queue_init_done(q)) {
- blk_queue_flag_set(QUEUE_FLAG_INIT_DONE, q);
- percpu_ref_switch_to_percpu(&q->q_usage_counter);
- }
+ blk_queue_flag_set(QUEUE_FLAG_INIT_DONE, q);
+ percpu_ref_switch_to_percpu(&q->q_usage_counter);
return ret;
diff --git a/block/genhd.c b/block/genhd.c
index 6ad3fcde01105..8645cf3b0816e 100644
--- a/block/genhd.c
+++ b/block/genhd.c
@@ -722,13 +722,10 @@ void del_gendisk(struct gendisk *disk)
* If the disk does not own the queue, allow using passthrough requests
* again. Else leave the queue frozen to fail all I/O.
*/
- if (!test_bit(GD_OWNS_QUEUE, &disk->state)) {
- blk_queue_flag_clear(QUEUE_FLAG_INIT_DONE, q);
+ if (!test_bit(GD_OWNS_QUEUE, &disk->state))
__blk_mq_unfreeze_queue(q, true);
- } else {
- if (queue_is_mq(q))
- blk_mq_exit_queue(q);
- }
+ else if (queue_is_mq(q))
+ blk_mq_exit_queue(q);
if (start_drain)
blk_unfreeze_release_lock(q, true, queue_dying);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 786/817] block: return unsigned int from bdev_io_min
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (784 preceding siblings ...)
2024-12-03 14:45 ` [PATCH 6.11 785/817] block: fix uaf for flush rq while iterating tags Greg Kroah-Hartman
@ 2024-12-03 14:45 ` Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 787/817] nvme-fabrics: fix kernel crash while shutting down controller Greg Kroah-Hartman
` (40 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christoph Hellwig,
Martin K. Petersen, John Garry, Jens Axboe, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Christoph Hellwig <hch@lst.de>
[ Upstream commit 46fd48ab3ea3eb3bb215684bd66ea3d260b091a9 ]
The underlying limit is defined as an unsigned int, so return that from
bdev_io_min as well.
Fixes: ac481c20ef8f ("block: Topology ioctls")
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Martin K. Petersen <martin.petersen@oracle.com>
Reviewed-by: John Garry <john.g.garry@oracle.com>
Link: https://lore.kernel.org/r/20241119072602.1059488-1-hch@lst.de
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/blkdev.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/linux/blkdev.h b/include/linux/blkdev.h
index a6e42a823b71e..7e35d9ebdc374 100644
--- a/include/linux/blkdev.h
+++ b/include/linux/blkdev.h
@@ -1255,7 +1255,7 @@ static inline unsigned int queue_io_min(const struct request_queue *q)
return q->limits.io_min;
}
-static inline int bdev_io_min(struct block_device *bdev)
+static inline unsigned int bdev_io_min(struct block_device *bdev)
{
return queue_io_min(bdev_get_queue(bdev));
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 787/817] nvme-fabrics: fix kernel crash while shutting down controller
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (785 preceding siblings ...)
2024-12-03 14:45 ` [PATCH 6.11 786/817] block: return unsigned int from bdev_io_min Greg Kroah-Hartman
@ 2024-12-03 14:45 ` Greg Kroah-Hartman
2024-12-03 14:46 ` [PATCH 6.11 788/817] 9p/xen: fix init sequence Greg Kroah-Hartman
` (39 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:45 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ming Lei, Nilay Shroff, Keith Busch,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nilay Shroff <nilay@linux.ibm.com>
[ Upstream commit e9869c85c81168a1275f909d5972a3fc435304be ]
The nvme keep-alive operation, which executes at a periodic interval,
could potentially sneak in while shutting down a fabric controller.
This may lead to a race between the fabric controller admin queue
destroy code path (invoked while shutting down controller) and hw/hctx
queue dispatcher called from the nvme keep-alive async request queuing
operation. This race could lead to the kernel crash shown below:
Call Trace:
autoremove_wake_function+0x0/0xbc (unreliable)
__blk_mq_sched_dispatch_requests+0x114/0x24c
blk_mq_sched_dispatch_requests+0x44/0x84
blk_mq_run_hw_queue+0x140/0x220
nvme_keep_alive_work+0xc8/0x19c [nvme_core]
process_one_work+0x200/0x4e0
worker_thread+0x340/0x504
kthread+0x138/0x140
start_kernel_thread+0x14/0x18
While shutting down fabric controller, if nvme keep-alive request sneaks
in then it would be flushed off. The nvme_keep_alive_end_io function is
then invoked to handle the end of the keep-alive operation which
decrements the admin->q_usage_counter and assuming this is the last/only
request in the admin queue then the admin->q_usage_counter becomes zero.
If that happens then blk-mq destroy queue operation (blk_mq_destroy_
queue()) which could be potentially running simultaneously on another
cpu (as this is the controller shutdown code path) would forward
progress and deletes the admin queue. So, now from this point onward
we are not supposed to access the admin queue resources. However the
issue here's that the nvme keep-alive thread running hw/hctx queue
dispatch operation hasn't yet finished its work and so it could still
potentially access the admin queue resource while the admin queue had
been already deleted and that causes the above crash.
The above kernel crash is regression caused due to changes implemented
in commit a54a93d0e359 ("nvme: move stopping keep-alive into
nvme_uninit_ctrl()"). Ideally we should stop keep-alive before destroyin
g the admin queue and freeing the admin tagset so that it wouldn't sneak
in during the shutdown operation. However we removed the keep alive stop
operation from the beginning of the controller shutdown code path in commit
a54a93d0e359 ("nvme: move stopping keep-alive into nvme_uninit_ctrl()")
and added it under nvme_uninit_ctrl() which executes very late in the
shutdown code path after the admin queue is destroyed and its tagset is
removed. So this change created the possibility of keep-alive sneaking in
and interfering with the shutdown operation and causing observed kernel
crash.
To fix the observed crash, we decided to move nvme_stop_keep_alive() from
nvme_uninit_ctrl() to nvme_remove_admin_tag_set(). This change would ensure
that we don't forward progress and delete the admin queue until the keep-
alive operation is finished (if it's in-flight) or cancelled and that would
help contain the race condition explained above and hence avoid the crash.
Moving nvme_stop_keep_alive() to nvme_remove_admin_tag_set() instead of
adding nvme_stop_keep_alive() to the beginning of the controller shutdown
code path in nvme_stop_ctrl(), as was the case earlier before commit
a54a93d0e359 ("nvme: move stopping keep-alive into nvme_uninit_ctrl()"),
would help save one callsite of nvme_stop_keep_alive().
Fixes: a54a93d0e359 ("nvme: move stopping keep-alive into nvme_uninit_ctrl()")
Link: https://lore.kernel.org/all/1a21f37b-0f2a-4745-8c56-4dc8628d3983@linux.ibm.com/
Reviewed-by: Ming Lei <ming.lei@redhat.com>
Signed-off-by: Nilay Shroff <nilay@linux.ibm.com>
Signed-off-by: Keith Busch <kbusch@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/nvme/host/core.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c
index 128932c849a1a..f49431cbc8dfc 100644
--- a/drivers/nvme/host/core.c
+++ b/drivers/nvme/host/core.c
@@ -4551,6 +4551,11 @@ EXPORT_SYMBOL_GPL(nvme_alloc_admin_tag_set);
void nvme_remove_admin_tag_set(struct nvme_ctrl *ctrl)
{
+ /*
+ * As we're about to destroy the queue and free tagset
+ * we can not have keep-alive work running.
+ */
+ nvme_stop_keep_alive(ctrl);
blk_mq_destroy_queue(ctrl->admin_q);
blk_put_queue(ctrl->admin_q);
if (ctrl->ops->flags & NVME_F_FABRICS) {
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 788/817] 9p/xen: fix init sequence
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (786 preceding siblings ...)
2024-12-03 14:45 ` [PATCH 6.11 787/817] nvme-fabrics: fix kernel crash while shutting down controller Greg Kroah-Hartman
@ 2024-12-03 14:46 ` Greg Kroah-Hartman
2024-12-03 14:46 ` [PATCH 6.11 789/817] 9p/xen: fix release of IRQ Greg Kroah-Hartman
` (38 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Alex Zenla, Alexander Merritt,
Ariadne Conill, Juergen Gross, Dominique Martinet, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alex Zenla <alex@edera.dev>
[ Upstream commit 7ef3ae82a6ebbf4750967d1ce43bcdb7e44ff74b ]
Large amount of mount hangs observed during hotplugging of 9pfs devices. The
9pfs Xen driver attempts to initialize itself more than once, causing the
frontend and backend to disagree: the backend listens on a channel that the
frontend does not send on, resulting in stalled processing.
Only allow initialization of 9p frontend once.
Fixes: c15fe55d14b3b ("9p/xen: fix connection sequence")
Signed-off-by: Alex Zenla <alex@edera.dev>
Signed-off-by: Alexander Merritt <alexander@edera.dev>
Signed-off-by: Ariadne Conill <ariadne@ariadne.space>
Reviewed-by: Juergen Gross <jgross@suse.com>
Message-ID: <20241119211633.38321-1-alexander@edera.dev>
Signed-off-by: Dominique Martinet <asmadeus@codewreck.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/9p/trans_xen.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/net/9p/trans_xen.c b/net/9p/trans_xen.c
index dfdbe1ca53387..0304e8a1616d8 100644
--- a/net/9p/trans_xen.c
+++ b/net/9p/trans_xen.c
@@ -465,6 +465,7 @@ static int xen_9pfs_front_init(struct xenbus_device *dev)
goto error;
}
+ xenbus_switch_state(dev, XenbusStateInitialised);
return 0;
error_xenbus:
@@ -512,8 +513,10 @@ static void xen_9pfs_front_changed(struct xenbus_device *dev,
break;
case XenbusStateInitWait:
- if (!xen_9pfs_front_init(dev))
- xenbus_switch_state(dev, XenbusStateInitialised);
+ if (dev->state != XenbusStateInitialising)
+ break;
+
+ xen_9pfs_front_init(dev);
break;
case XenbusStateConnected:
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 789/817] 9p/xen: fix release of IRQ
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (787 preceding siblings ...)
2024-12-03 14:46 ` [PATCH 6.11 788/817] 9p/xen: fix init sequence Greg Kroah-Hartman
@ 2024-12-03 14:46 ` Greg Kroah-Hartman
2024-12-03 14:46 ` [PATCH 6.11 790/817] perf/arm-smmuv3: Fix lockdep assert in ->event_init() Greg Kroah-Hartman
` (37 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Alex Zenla, Alexander Merritt,
Ariadne Conill, Juergen Gross, Dominique Martinet, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alex Zenla <alex@edera.dev>
[ Upstream commit e43c608f40c065b30964f0a806348062991b802d ]
Kernel logs indicate an IRQ was double-freed.
Pass correct device ID during IRQ release.
Fixes: 71ebd71921e45 ("xen/9pfs: connect to the backend")
Signed-off-by: Alex Zenla <alex@edera.dev>
Signed-off-by: Alexander Merritt <alexander@edera.dev>
Signed-off-by: Ariadne Conill <ariadne@ariadne.space>
Reviewed-by: Juergen Gross <jgross@suse.com>
Message-ID: <20241121225100.5736-1-alexander@edera.dev>
[Dominique: remove confusing variable reset to 0]
Signed-off-by: Dominique Martinet <asmadeus@codewreck.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/9p/trans_xen.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/9p/trans_xen.c b/net/9p/trans_xen.c
index 0304e8a1616d8..b9ff69c7522a1 100644
--- a/net/9p/trans_xen.c
+++ b/net/9p/trans_xen.c
@@ -286,7 +286,7 @@ static void xen_9pfs_front_free(struct xen_9pfs_front_priv *priv)
if (!priv->rings[i].intf)
break;
if (priv->rings[i].irq > 0)
- unbind_from_irqhandler(priv->rings[i].irq, priv->dev);
+ unbind_from_irqhandler(priv->rings[i].irq, ring);
if (priv->rings[i].data.in) {
for (j = 0;
j < (1 << priv->rings[i].intf->ring_order);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 790/817] perf/arm-smmuv3: Fix lockdep assert in ->event_init()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (788 preceding siblings ...)
2024-12-03 14:46 ` [PATCH 6.11 789/817] 9p/xen: fix release of IRQ Greg Kroah-Hartman
@ 2024-12-03 14:46 ` Greg Kroah-Hartman
2024-12-03 14:46 ` [PATCH 6.11 791/817] perf/arm-cmn: Ensure port and device id bits are set properly Greg Kroah-Hartman
` (36 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Greg Thelen, Namhyung Kim,
Robin Murphy, Tuan Phan, Chun-Tse Shao, Will Deacon,
Catalin Marinas, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chun-Tse Shao <ctshao@google.com>
[ Upstream commit 02a55f2743012a8089f09f6867220c3d57f16564 ]
Same as
https://lore.kernel.org/all/20240514180050.182454-1-namhyung@kernel.org/,
we should skip `for_each_sibling_event()` for group leader since it
doesn't have the ctx yet.
Fixes: f3c0eba28704 ("perf: Add a few assertions")
Reported-by: Greg Thelen <gthelen@google.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Robin Murphy <robin.murphy@arm.com>
Cc: Tuan Phan <tuanphan@os.amperecomputing.com>
Signed-off-by: Chun-Tse Shao <ctshao@google.com>
Acked-by: Will Deacon <will@kernel.org>
Link: https://lore.kernel.org/r/20241108050806.3730811-1-ctshao@google.com
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/perf/arm_smmuv3_pmu.c | 19 +++++++++++--------
1 file changed, 11 insertions(+), 8 deletions(-)
diff --git a/drivers/perf/arm_smmuv3_pmu.c b/drivers/perf/arm_smmuv3_pmu.c
index d5fa92ba83739..dabdb9f7bb82c 100644
--- a/drivers/perf/arm_smmuv3_pmu.c
+++ b/drivers/perf/arm_smmuv3_pmu.c
@@ -431,6 +431,17 @@ static int smmu_pmu_event_init(struct perf_event *event)
return -EINVAL;
}
+ /*
+ * Ensure all events are on the same cpu so all events are in the
+ * same cpu context, to avoid races on pmu_enable etc.
+ */
+ event->cpu = smmu_pmu->on_cpu;
+
+ hwc->idx = -1;
+
+ if (event->group_leader == event)
+ return 0;
+
for_each_sibling_event(sibling, event->group_leader) {
if (is_software_event(sibling))
continue;
@@ -442,14 +453,6 @@ static int smmu_pmu_event_init(struct perf_event *event)
return -EINVAL;
}
- hwc->idx = -1;
-
- /*
- * Ensure all events are on the same cpu so all events are in the
- * same cpu context, to avoid races on pmu_enable etc.
- */
- event->cpu = smmu_pmu->on_cpu;
-
return 0;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 791/817] perf/arm-cmn: Ensure port and device id bits are set properly
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (789 preceding siblings ...)
2024-12-03 14:46 ` [PATCH 6.11 790/817] perf/arm-smmuv3: Fix lockdep assert in ->event_init() Greg Kroah-Hartman
@ 2024-12-03 14:46 ` Greg Kroah-Hartman
2024-12-03 14:46 ` [PATCH 6.11 792/817] smb: client: disable directory caching when dir_cache_timeout is zero Greg Kroah-Hartman
` (35 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Namhyung Kim, Will Deacon,
Robin Murphy, Catalin Marinas, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Namhyung Kim <namhyung@kernel.org>
[ Upstream commit dfdf714fed559c09021df1d2a4bb64c0ad5f53bc ]
The portid_bits and deviceid_bits were set only for XP type nodes in
the arm_cmn_discover() and it confused other nodes to find XP nodes.
Copy the both bits from the XP nodes directly when it sets up a new
node.
Fixes: e79634b53e39 ("perf/arm-cmn: Refactor node ID handling. Again.")
Signed-off-by: Namhyung Kim <namhyung@kernel.org>
Acked-by: Will Deacon <will@kernel.org>
Reviewed-by: Robin Murphy <robin.murphy@arm.com>
Link: https://lore.kernel.org/r/20241121001334.331334-1-namhyung@kernel.org
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/perf/arm-cmn.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/perf/arm-cmn.c b/drivers/perf/arm-cmn.c
index 48863b31ccfb1..a2032d3979640 100644
--- a/drivers/perf/arm-cmn.c
+++ b/drivers/perf/arm-cmn.c
@@ -2147,8 +2147,6 @@ static int arm_cmn_init_dtcs(struct arm_cmn *cmn)
continue;
xp = arm_cmn_node_to_xp(cmn, dn);
- dn->portid_bits = xp->portid_bits;
- dn->deviceid_bits = xp->deviceid_bits;
dn->dtc = xp->dtc;
dn->dtm = xp->dtm;
if (cmn->multi_dtm)
@@ -2379,6 +2377,8 @@ static int arm_cmn_discover(struct arm_cmn *cmn, unsigned int rgn_offset)
}
arm_cmn_init_node_info(cmn, reg & CMN_CHILD_NODE_ADDR, dn);
+ dn->portid_bits = xp->portid_bits;
+ dn->deviceid_bits = xp->deviceid_bits;
switch (dn->type) {
case CMN_TYPE_DTC:
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 792/817] smb: client: disable directory caching when dir_cache_timeout is zero
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (790 preceding siblings ...)
2024-12-03 14:46 ` [PATCH 6.11 791/817] perf/arm-cmn: Ensure port and device id bits are set properly Greg Kroah-Hartman
@ 2024-12-03 14:46 ` Greg Kroah-Hartman
2024-12-03 14:46 ` [PATCH 6.11 793/817] x86/Documentation: Update algo in init_size description of boot protocol Greg Kroah-Hartman
` (34 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Paulo Alcantara (Red Hat),
Enzo Matsumiya, Henrique Carvalho, Steve French, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Henrique Carvalho <henrique.carvalho@suse.com>
[ Upstream commit ceaf1451990e3ea7fb50aebb5a149f57945f6e9f ]
Setting dir_cache_timeout to zero should disable the caching of
directory contents. Currently, even when dir_cache_timeout is zero,
some caching related functions are still invoked, which is unintended
behavior.
Fix the issue by setting tcon->nohandlecache to true when
dir_cache_timeout is zero, ensuring that directory handle caching
is properly disabled.
Fixes: 238b351d0935 ("smb3: allow controlling length of time directory entries are cached with dir leases")
Reviewed-by: Paulo Alcantara (Red Hat) <pc@manguebit.com>
Reviewed-by: Enzo Matsumiya <ematsumiya@suse.de>
Signed-off-by: Henrique Carvalho <henrique.carvalho@suse.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/smb/client/connect.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/smb/client/connect.c b/fs/smb/client/connect.c
index be0f91000171b..9cf87ba0fb8c9 100644
--- a/fs/smb/client/connect.c
+++ b/fs/smb/client/connect.c
@@ -2601,7 +2601,7 @@ cifs_get_tcon(struct cifs_ses *ses, struct smb3_fs_context *ctx)
if (ses->server->dialect >= SMB20_PROT_ID &&
(ses->server->capabilities & SMB2_GLOBAL_CAP_DIRECTORY_LEASING))
- nohandlecache = ctx->nohandlecache;
+ nohandlecache = ctx->nohandlecache || !dir_cache_timeout;
else
nohandlecache = true;
tcon = tcon_info_alloc(!nohandlecache, netfs_trace_tcon_ref_new);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 793/817] x86/Documentation: Update algo in init_size description of boot protocol
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (791 preceding siblings ...)
2024-12-03 14:46 ` [PATCH 6.11 792/817] smb: client: disable directory caching when dir_cache_timeout is zero Greg Kroah-Hartman
@ 2024-12-03 14:46 ` Greg Kroah-Hartman
2024-12-03 14:46 ` [PATCH 6.11 794/817] cifs: Fix parsing native symlinks relative to the export Greg Kroah-Hartman
` (33 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Andy Shevchenko, Ingo Molnar,
Randy Dunlap, H. Peter Anvin, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
[ Upstream commit be4ca6c53e66cb275cf0d71f32dac0c4606b9dc0 ]
The init_size description of boot protocol has an example of the runtime
start address for the compressed bzImage. For non-relocatable kernel
it relies on the pref_address value (if not 0), but for relocatable case
only pays respect to the load_addres and kernel_alignment, and it is
inaccurate for the latter. Boot loader must consider the pref_address
as the Linux kernel relocates to it before being decompressed as nicely
described in this commit message a year ago:
43b1d3e68ee7 ("kexec: Allocate kernel above bzImage's pref_address")
Due to this documentation inaccuracy some of the bootloaders (*) made a
mistake in the calculations and if kernel image is big enough, this may
lead to unbootable configurations.
*)
In particular, kexec-tools missed that and resently got a couple of
changes which will be part of v2.0.30 release. For the record,
commit 43b1d3e68ee7 only fixed the kernel kexec implementation and
also missed to update the init_size description.
While at it, make an example C-like looking as it's done elsewhere in
the document and fix indentation as presribed by the reStructuredText
specifications, so the syntax highliting will work properly.
Fixes: 43b1d3e68ee7 ("kexec: Allocate kernel above bzImage's pref_address")
Fixes: d297366ba692 ("x86: document new bzImage fields")
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Acked-by: Randy Dunlap <rdunlap@infradead.org>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Link: https://lore.kernel.org/r/20241125105005.1616154-1-andriy.shevchenko@linux.intel.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
Documentation/arch/x86/boot.rst | 17 +++++++++++++----
1 file changed, 13 insertions(+), 4 deletions(-)
diff --git a/Documentation/arch/x86/boot.rst b/Documentation/arch/x86/boot.rst
index 4fd492cb49704..ad2d8ddad27fe 100644
--- a/Documentation/arch/x86/boot.rst
+++ b/Documentation/arch/x86/boot.rst
@@ -896,10 +896,19 @@ Offset/size: 0x260/4
The kernel runtime start address is determined by the following algorithm::
- if (relocatable_kernel)
- runtime_start = align_up(load_address, kernel_alignment)
- else
- runtime_start = pref_address
+ if (relocatable_kernel) {
+ if (load_address < pref_address)
+ load_address = pref_address;
+ runtime_start = align_up(load_address, kernel_alignment);
+ } else {
+ runtime_start = pref_address;
+ }
+
+Hence the necessary memory window location and size can be estimated by
+a boot loader as::
+
+ memory_window_start = runtime_start;
+ memory_window_size = init_size;
============ ===============
Field name: handover_offset
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 794/817] cifs: Fix parsing native symlinks relative to the export
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (792 preceding siblings ...)
2024-12-03 14:46 ` [PATCH 6.11 793/817] x86/Documentation: Update algo in init_size description of boot protocol Greg Kroah-Hartman
@ 2024-12-03 14:46 ` Greg Kroah-Hartman
2024-12-03 14:46 ` [PATCH 6.11 795/817] cifs: Fix parsing reparse point with native symlink in SMB1 non-UNICODE session Greg Kroah-Hartman
` (32 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Pali Rohár, Steve French,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Pali Rohár <pali@kernel.org>
[ Upstream commit 723f4ef90452aa629f3d923e92e0449d69362b1d ]
SMB symlink which has SYMLINK_FLAG_RELATIVE set is relative (as opposite of
the absolute) and it can be relative either to the current directory (where
is the symlink stored) or relative to the top level export path. To what it
is relative depends on the first character of the symlink target path.
If the first character is path separator then symlink is relative to the
export, otherwise to the current directory. Linux (and generally POSIX
systems) supports only symlink paths relative to the current directory
where is symlink stored.
Currently if Linux SMB client reads relative SMB symlink with first
character as path separator (slash), it let as is. Which means that Linux
interpret it as absolute symlink pointing from the root (/). But this
location is different than the top level directory of SMB export (unless
SMB export was mounted to the root) and thefore SMB symlinks relative to
the export are interpreted wrongly by Linux SMB client.
Fix this problem. As Linux does not have equivalent of the path relative to
the top of the mount point, convert such symlink target path relative to
the current directory. Do this by prepending "../" pattern N times before
the SMB target path, where N is the number of path separators found in SMB
symlink path.
So for example, if SMB share is mounted to Linux path /mnt/share/, symlink
is stored in file /mnt/share/test/folder1/symlink (so SMB symlink path is
test\folder1\symlink) and SMB symlink target points to \test\folder2\file,
then convert symlink target path to Linux path ../../test/folder2/file.
Deduplicate code for parsing SMB symlinks in native form from functions
smb2_parse_symlink_response() and parse_reparse_native_symlink() into new
function smb2_parse_native_symlink() and pass into this new function a new
full_path parameter from callers, which specify SMB full path where is
symlink stored.
This change fixes resolving of the native Windows symlinks relative to the
top level directory of the SMB share.
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Stable-dep-of: f4ca4f5a36ea ("cifs: Fix parsing reparse point with native symlink in SMB1 non-UNICODE session")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/smb/client/cifsglob.h | 1 +
fs/smb/client/cifsproto.h | 1 +
fs/smb/client/inode.c | 1 +
fs/smb/client/reparse.c | 90 +++++++++++++++++++++++++++++++++------
fs/smb/client/reparse.h | 4 +-
fs/smb/client/smb1ops.c | 3 +-
fs/smb/client/smb2file.c | 21 +++++----
fs/smb/client/smb2inode.c | 6 ++-
fs/smb/client/smb2proto.h | 9 +++-
9 files changed, 108 insertions(+), 28 deletions(-)
diff --git a/fs/smb/client/cifsglob.h b/fs/smb/client/cifsglob.h
index 1dfedb64ffcbc..64610236cc725 100644
--- a/fs/smb/client/cifsglob.h
+++ b/fs/smb/client/cifsglob.h
@@ -589,6 +589,7 @@ struct smb_version_operations {
/* Check for STATUS_NETWORK_NAME_DELETED */
bool (*is_network_name_deleted)(char *buf, struct TCP_Server_Info *srv);
int (*parse_reparse_point)(struct cifs_sb_info *cifs_sb,
+ const char *full_path,
struct kvec *rsp_iov,
struct cifs_open_info_data *data);
int (*create_reparse_symlink)(const unsigned int xid,
diff --git a/fs/smb/client/cifsproto.h b/fs/smb/client/cifsproto.h
index 497bf3c447bcb..8d35a5cab39e3 100644
--- a/fs/smb/client/cifsproto.h
+++ b/fs/smb/client/cifsproto.h
@@ -675,6 +675,7 @@ char *extract_hostname(const char *unc);
char *extract_sharename(const char *unc);
int parse_reparse_point(struct reparse_data_buffer *buf,
u32 plen, struct cifs_sb_info *cifs_sb,
+ const char *full_path,
bool unicode, struct cifs_open_info_data *data);
int cifs_sfu_make_node(unsigned int xid, struct inode *inode,
struct dentry *dentry, struct cifs_tcon *tcon,
diff --git a/fs/smb/client/inode.c b/fs/smb/client/inode.c
index ede36884be8ae..200936773a956 100644
--- a/fs/smb/client/inode.c
+++ b/fs/smb/client/inode.c
@@ -1075,6 +1075,7 @@ static int reparse_info_to_fattr(struct cifs_open_info_data *data,
rc = 0;
} else if (iov && server->ops->parse_reparse_point) {
rc = server->ops->parse_reparse_point(cifs_sb,
+ full_path,
iov, data);
}
break;
diff --git a/fs/smb/client/reparse.c b/fs/smb/client/reparse.c
index 90da1e2b6217b..f74d0a86f44a4 100644
--- a/fs/smb/client/reparse.c
+++ b/fs/smb/client/reparse.c
@@ -535,9 +535,76 @@ static int parse_reparse_posix(struct reparse_posix_data *buf,
return 0;
}
+int smb2_parse_native_symlink(char **target, const char *buf, unsigned int len,
+ bool unicode, bool relative,
+ const char *full_path,
+ struct cifs_sb_info *cifs_sb)
+{
+ char sep = CIFS_DIR_SEP(cifs_sb);
+ char *linux_target = NULL;
+ char *smb_target = NULL;
+ int levels;
+ int rc;
+ int i;
+
+ smb_target = cifs_strndup_from_utf16(buf, len, unicode, cifs_sb->local_nls);
+ if (!smb_target) {
+ rc = -ENOMEM;
+ goto out;
+ }
+
+ if (smb_target[0] == sep && relative) {
+ /*
+ * This is a relative SMB symlink from the top of the share,
+ * which is the top level directory of the Linux mount point.
+ * Linux does not support such relative symlinks, so convert
+ * it to the relative symlink from the current directory.
+ * full_path is the SMB path to the symlink (from which is
+ * extracted current directory) and smb_target is the SMB path
+ * where symlink points, therefore full_path must always be on
+ * the SMB share.
+ */
+ int smb_target_len = strlen(smb_target)+1;
+ levels = 0;
+ for (i = 1; full_path[i]; i++) { /* i=1 to skip leading sep */
+ if (full_path[i] == sep)
+ levels++;
+ }
+ linux_target = kmalloc(levels*3 + smb_target_len, GFP_KERNEL);
+ if (!linux_target) {
+ rc = -ENOMEM;
+ goto out;
+ }
+ for (i = 0; i < levels; i++) {
+ linux_target[i*3 + 0] = '.';
+ linux_target[i*3 + 1] = '.';
+ linux_target[i*3 + 2] = sep;
+ }
+ memcpy(linux_target + levels*3, smb_target+1, smb_target_len); /* +1 to skip leading sep */
+ } else {
+ linux_target = smb_target;
+ smb_target = NULL;
+ }
+
+ if (sep == '\\')
+ convert_delimiter(linux_target, '/');
+
+ rc = 0;
+ *target = linux_target;
+
+ cifs_dbg(FYI, "%s: symlink target: %s\n", __func__, *target);
+
+out:
+ if (rc != 0)
+ kfree(linux_target);
+ kfree(smb_target);
+ return rc;
+}
+
static int parse_reparse_symlink(struct reparse_symlink_data_buffer *sym,
u32 plen, bool unicode,
struct cifs_sb_info *cifs_sb,
+ const char *full_path,
struct cifs_open_info_data *data)
{
unsigned int len;
@@ -552,20 +619,18 @@ static int parse_reparse_symlink(struct reparse_symlink_data_buffer *sym,
return -EIO;
}
- data->symlink_target = cifs_strndup_from_utf16(sym->PathBuffer + offs,
- len, unicode,
- cifs_sb->local_nls);
- if (!data->symlink_target)
- return -ENOMEM;
-
- convert_delimiter(data->symlink_target, '/');
- cifs_dbg(FYI, "%s: target path: %s\n", __func__, data->symlink_target);
-
- return 0;
+ return smb2_parse_native_symlink(&data->symlink_target,
+ sym->PathBuffer + offs,
+ len,
+ unicode,
+ le32_to_cpu(sym->Flags) & SYMLINK_FLAG_RELATIVE,
+ full_path,
+ cifs_sb);
}
int parse_reparse_point(struct reparse_data_buffer *buf,
u32 plen, struct cifs_sb_info *cifs_sb,
+ const char *full_path,
bool unicode, struct cifs_open_info_data *data)
{
struct cifs_tcon *tcon = cifs_sb_master_tcon(cifs_sb);
@@ -580,7 +645,7 @@ int parse_reparse_point(struct reparse_data_buffer *buf,
case IO_REPARSE_TAG_SYMLINK:
return parse_reparse_symlink(
(struct reparse_symlink_data_buffer *)buf,
- plen, unicode, cifs_sb, data);
+ plen, unicode, cifs_sb, full_path, data);
case IO_REPARSE_TAG_LX_SYMLINK:
case IO_REPARSE_TAG_AF_UNIX:
case IO_REPARSE_TAG_LX_FIFO:
@@ -596,6 +661,7 @@ int parse_reparse_point(struct reparse_data_buffer *buf,
}
int smb2_parse_reparse_point(struct cifs_sb_info *cifs_sb,
+ const char *full_path,
struct kvec *rsp_iov,
struct cifs_open_info_data *data)
{
@@ -605,7 +671,7 @@ int smb2_parse_reparse_point(struct cifs_sb_info *cifs_sb,
buf = (struct reparse_data_buffer *)((u8 *)io +
le32_to_cpu(io->OutputOffset));
- return parse_reparse_point(buf, plen, cifs_sb, true, data);
+ return parse_reparse_point(buf, plen, cifs_sb, full_path, true, data);
}
static void wsl_to_fattr(struct cifs_open_info_data *data,
diff --git a/fs/smb/client/reparse.h b/fs/smb/client/reparse.h
index 2a9f4f9f79de0..ff05b0e75c928 100644
--- a/fs/smb/client/reparse.h
+++ b/fs/smb/client/reparse.h
@@ -117,7 +117,9 @@ int smb2_create_reparse_symlink(const unsigned int xid, struct inode *inode,
int smb2_mknod_reparse(unsigned int xid, struct inode *inode,
struct dentry *dentry, struct cifs_tcon *tcon,
const char *full_path, umode_t mode, dev_t dev);
-int smb2_parse_reparse_point(struct cifs_sb_info *cifs_sb, struct kvec *rsp_iov,
+int smb2_parse_reparse_point(struct cifs_sb_info *cifs_sb,
+ const char *full_path,
+ struct kvec *rsp_iov,
struct cifs_open_info_data *data);
#endif /* _CIFS_REPARSE_H */
diff --git a/fs/smb/client/smb1ops.c b/fs/smb/client/smb1ops.c
index 8c03250d85ae0..3c7f3c4b94c8d 100644
--- a/fs/smb/client/smb1ops.c
+++ b/fs/smb/client/smb1ops.c
@@ -994,6 +994,7 @@ static int cifs_query_symlink(const unsigned int xid,
}
static int cifs_parse_reparse_point(struct cifs_sb_info *cifs_sb,
+ const char *full_path,
struct kvec *rsp_iov,
struct cifs_open_info_data *data)
{
@@ -1004,7 +1005,7 @@ static int cifs_parse_reparse_point(struct cifs_sb_info *cifs_sb,
buf = (struct reparse_data_buffer *)((__u8 *)&io->hdr.Protocol +
le32_to_cpu(io->DataOffset));
- return parse_reparse_point(buf, plen, cifs_sb, unicode, data);
+ return parse_reparse_point(buf, plen, cifs_sb, full_path, unicode, data);
}
static bool
diff --git a/fs/smb/client/smb2file.c b/fs/smb/client/smb2file.c
index c23478ab1cf85..dc52995f55910 100644
--- a/fs/smb/client/smb2file.c
+++ b/fs/smb/client/smb2file.c
@@ -63,12 +63,12 @@ static struct smb2_symlink_err_rsp *symlink_data(const struct kvec *iov)
return sym;
}
-int smb2_parse_symlink_response(struct cifs_sb_info *cifs_sb, const struct kvec *iov, char **path)
+int smb2_parse_symlink_response(struct cifs_sb_info *cifs_sb, const struct kvec *iov,
+ const char *full_path, char **path)
{
struct smb2_symlink_err_rsp *sym;
unsigned int sub_offs, sub_len;
unsigned int print_offs, print_len;
- char *s;
if (!cifs_sb || !iov || !iov->iov_base || !iov->iov_len || !path)
return -EINVAL;
@@ -86,15 +86,13 @@ int smb2_parse_symlink_response(struct cifs_sb_info *cifs_sb, const struct kvec
iov->iov_len < SMB2_SYMLINK_STRUCT_SIZE + print_offs + print_len)
return -EINVAL;
- s = cifs_strndup_from_utf16((char *)sym->PathBuffer + sub_offs, sub_len, true,
- cifs_sb->local_nls);
- if (!s)
- return -ENOMEM;
- convert_delimiter(s, '/');
- cifs_dbg(FYI, "%s: symlink target: %s\n", __func__, s);
-
- *path = s;
- return 0;
+ return smb2_parse_native_symlink(path,
+ (char *)sym->PathBuffer + sub_offs,
+ sub_len,
+ true,
+ le32_to_cpu(sym->Flags) & SYMLINK_FLAG_RELATIVE,
+ full_path,
+ cifs_sb);
}
int smb2_open_file(const unsigned int xid, struct cifs_open_parms *oparms, __u32 *oplock, void *buf)
@@ -126,6 +124,7 @@ int smb2_open_file(const unsigned int xid, struct cifs_open_parms *oparms, __u32
goto out;
if (hdr->Status == STATUS_STOPPED_ON_SYMLINK) {
rc = smb2_parse_symlink_response(oparms->cifs_sb, &err_iov,
+ oparms->path,
&data->symlink_target);
if (!rc) {
memset(smb2_data, 0, sizeof(*smb2_data));
diff --git a/fs/smb/client/smb2inode.c b/fs/smb/client/smb2inode.c
index cdb0e028e73c4..9a28a30ec1a34 100644
--- a/fs/smb/client/smb2inode.c
+++ b/fs/smb/client/smb2inode.c
@@ -828,6 +828,7 @@ static int smb2_compound_op(const unsigned int xid, struct cifs_tcon *tcon,
static int parse_create_response(struct cifs_open_info_data *data,
struct cifs_sb_info *cifs_sb,
+ const char *full_path,
const struct kvec *iov)
{
struct smb2_create_rsp *rsp = iov->iov_base;
@@ -841,6 +842,7 @@ static int parse_create_response(struct cifs_open_info_data *data,
break;
case STATUS_STOPPED_ON_SYMLINK:
rc = smb2_parse_symlink_response(cifs_sb, iov,
+ full_path,
&data->symlink_target);
if (rc)
return rc;
@@ -930,14 +932,14 @@ int smb2_query_path_info(const unsigned int xid,
switch (rc) {
case 0:
- rc = parse_create_response(data, cifs_sb, &out_iov[0]);
+ rc = parse_create_response(data, cifs_sb, full_path, &out_iov[0]);
break;
case -EOPNOTSUPP:
/*
* BB TODO: When support for special files added to Samba
* re-verify this path.
*/
- rc = parse_create_response(data, cifs_sb, &out_iov[0]);
+ rc = parse_create_response(data, cifs_sb, full_path, &out_iov[0]);
if (rc || !data->reparse_point)
goto out;
diff --git a/fs/smb/client/smb2proto.h b/fs/smb/client/smb2proto.h
index 5e0855fefcfe6..aa01ae234732a 100644
--- a/fs/smb/client/smb2proto.h
+++ b/fs/smb/client/smb2proto.h
@@ -113,7 +113,14 @@ extern int smb3_query_mf_symlink(unsigned int xid, struct cifs_tcon *tcon,
struct cifs_sb_info *cifs_sb,
const unsigned char *path, char *pbuf,
unsigned int *pbytes_read);
-int smb2_parse_symlink_response(struct cifs_sb_info *cifs_sb, const struct kvec *iov, char **path);
+int smb2_parse_native_symlink(char **target, const char *buf, unsigned int len,
+ bool unicode, bool relative,
+ const char *full_path,
+ struct cifs_sb_info *cifs_sb);
+int smb2_parse_symlink_response(struct cifs_sb_info *cifs_sb,
+ const struct kvec *iov,
+ const char *full_path,
+ char **path);
int smb2_open_file(const unsigned int xid, struct cifs_open_parms *oparms, __u32 *oplock,
void *buf);
extern int smb2_unlock_range(struct cifsFileInfo *cfile,
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 795/817] cifs: Fix parsing reparse point with native symlink in SMB1 non-UNICODE session
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (793 preceding siblings ...)
2024-12-03 14:46 ` [PATCH 6.11 794/817] cifs: Fix parsing native symlinks relative to the export Greg Kroah-Hartman
@ 2024-12-03 14:46 ` Greg Kroah-Hartman
2024-12-03 14:46 ` [PATCH 6.11 796/817] rtc: ab-eoz9: dont fail temperature reads on undervoltage notification Greg Kroah-Hartman
` (31 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Pali Rohár, Steve French,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Pali Rohár <pali@kernel.org>
[ Upstream commit f4ca4f5a36eac9b4da378a0f28cbbe38534a0901 ]
SMB1 NT_TRANSACT_IOCTL/FSCTL_GET_REPARSE_POINT even in non-UNICODE mode
returns reparse buffer in UNICODE/UTF-16 format.
This is because FSCTL_GET_REPARSE_POINT is NT-based IOCTL which does not
distinguish between 8-bit non-UNICODE and 16-bit UNICODE modes and its path
buffers are always encoded in UTF-16.
This change fixes reading of native symlinks in SMB1 when UNICODE session
is not active.
Fixes: ed3e0a149b58 ("smb: client: implement ->query_reparse_point() for SMB1")
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/smb/client/smb1ops.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/fs/smb/client/smb1ops.c b/fs/smb/client/smb1ops.c
index 3c7f3c4b94c8d..c252447918d67 100644
--- a/fs/smb/client/smb1ops.c
+++ b/fs/smb/client/smb1ops.c
@@ -1000,12 +1000,11 @@ static int cifs_parse_reparse_point(struct cifs_sb_info *cifs_sb,
{
struct reparse_data_buffer *buf;
TRANSACT_IOCTL_RSP *io = rsp_iov->iov_base;
- bool unicode = !!(io->hdr.Flags2 & SMBFLG2_UNICODE);
u32 plen = le16_to_cpu(io->ByteCount);
buf = (struct reparse_data_buffer *)((__u8 *)&io->hdr.Protocol +
le32_to_cpu(io->DataOffset));
- return parse_reparse_point(buf, plen, cifs_sb, full_path, unicode, data);
+ return parse_reparse_point(buf, plen, cifs_sb, full_path, true, data);
}
static bool
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 796/817] rtc: ab-eoz9: dont fail temperature reads on undervoltage notification
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (794 preceding siblings ...)
2024-12-03 14:46 ` [PATCH 6.11 795/817] cifs: Fix parsing reparse point with native symlink in SMB1 non-UNICODE session Greg Kroah-Hartman
@ 2024-12-03 14:46 ` Greg Kroah-Hartman
2024-12-03 14:46 ` [PATCH 6.11 797/817] Rename .data.unlikely to .data..unlikely Greg Kroah-Hartman
` (30 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Maxime Chevallier, Alexandre Belloni,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Maxime Chevallier <maxime.chevallier@bootlin.com>
[ Upstream commit e0779a0dcf41a6452ac0a169cd96863feb5787c7 ]
The undervoltage flags reported by the RTC are useful to know if the
time and date are reliable after a reboot. Although the threshold VLOW1
indicates that the thermometer has been shutdown and time compensation
is off, it doesn't mean that the temperature readout is currently
impossible.
As the system is running, the RTC voltage is now fully established and
we can read the temperature.
Fixes: 67075b63cce2 ("rtc: add AB-RTCMC-32.768kHz-EOZ9 RTC support")
Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
Link: https://lore.kernel.org/r/20241122101031.68916-3-maxime.chevallier@bootlin.com
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/rtc/rtc-ab-eoz9.c | 7 -------
1 file changed, 7 deletions(-)
diff --git a/drivers/rtc/rtc-ab-eoz9.c b/drivers/rtc/rtc-ab-eoz9.c
index 02f7d07112877..e17bce9a27468 100644
--- a/drivers/rtc/rtc-ab-eoz9.c
+++ b/drivers/rtc/rtc-ab-eoz9.c
@@ -396,13 +396,6 @@ static int abeoz9z3_temp_read(struct device *dev,
if (ret < 0)
return ret;
- if ((val & ABEOZ9_REG_CTRL_STATUS_V1F) ||
- (val & ABEOZ9_REG_CTRL_STATUS_V2F)) {
- dev_err(dev,
- "thermometer might be disabled due to low voltage\n");
- return -EINVAL;
- }
-
switch (attr) {
case hwmon_temp_input:
ret = regmap_read(regmap, ABEOZ9_REG_REG_TEMP, &val);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 797/817] Rename .data.unlikely to .data..unlikely
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (795 preceding siblings ...)
2024-12-03 14:46 ` [PATCH 6.11 796/817] rtc: ab-eoz9: dont fail temperature reads on undervoltage notification Greg Kroah-Hartman
@ 2024-12-03 14:46 ` Greg Kroah-Hartman
2024-12-03 14:46 ` [PATCH 6.11 798/817] Rename .data.once to .data..once to fix resetting WARN*_ONCE Greg Kroah-Hartman
` (29 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:46 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Masahiro Yamada, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Masahiro Yamada <masahiroy@kernel.org>
[ Upstream commit bb43a59944f45e89aa158740b8a16ba8f0b0fa2b ]
Commit 7ccaba5314ca ("consolidate WARN_...ONCE() static variables")
was intended to collect all .data.unlikely sections into one chunk.
However, this has not worked when CONFIG_LD_DEAD_CODE_DATA_ELIMINATION
or CONFIG_LTO_CLANG is enabled, because .data.unlikely matches the
.data.[0-9a-zA-Z_]* pattern in the DATA_MAIN macro.
Commit cb87481ee89d ("kbuild: linker script do not match C names unless
LD_DEAD_CODE_DATA_ELIMINATION is configured") was introduced to suppress
the issue for the default CONFIG_LD_DEAD_CODE_DATA_ELIMINATION=n case,
providing a minimal fix for stable backporting. We were aware this did
not address the issue for CONFIG_LD_DEAD_CODE_DATA_ELIMINATION=y. The
plan was to apply correct fixes and then revert cb87481ee89d. [1]
Seven years have passed since then, yet the #ifdef workaround remains in
place.
Using a ".." separator in the section name fixes the issue for
CONFIG_LD_DEAD_CODE_DATA_ELIMINATION and CONFIG_LTO_CLANG.
[1]: https://lore.kernel.org/linux-kbuild/CAK7LNASck6BfdLnESxXUeECYL26yUDm0cwRZuM4gmaWUkxjL5g@mail.gmail.com/
Fixes: cb87481ee89d ("kbuild: linker script do not match C names unless LD_DEAD_CODE_DATA_ELIMINATION is configured")
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/asm-generic/vmlinux.lds.h | 2 +-
include/linux/rcupdate.h | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h
index 1ae44793132a8..bee5a71f4b41e 100644
--- a/include/asm-generic/vmlinux.lds.h
+++ b/include/asm-generic/vmlinux.lds.h
@@ -349,7 +349,7 @@
*(.data..decrypted) \
*(.ref.data) \
*(.data..shared_aligned) /* percpu related */ \
- *(.data.unlikely) \
+ *(.data..unlikely) \
__start_once = .; \
*(.data.once) \
__end_once = .; \
diff --git a/include/linux/rcupdate.h b/include/linux/rcupdate.h
index 13f6f00aecf9c..1986d017b67fb 100644
--- a/include/linux/rcupdate.h
+++ b/include/linux/rcupdate.h
@@ -390,7 +390,7 @@ static inline int debug_lockdep_rcu_enabled(void)
*/
#define RCU_LOCKDEP_WARN(c, s) \
do { \
- static bool __section(".data.unlikely") __warned; \
+ static bool __section(".data..unlikely") __warned; \
if (debug_lockdep_rcu_enabled() && (c) && \
debug_lockdep_rcu_enabled() && !__warned) { \
__warned = true; \
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 798/817] Rename .data.once to .data..once to fix resetting WARN*_ONCE
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (796 preceding siblings ...)
2024-12-03 14:46 ` [PATCH 6.11 797/817] Rename .data.unlikely to .data..unlikely Greg Kroah-Hartman
@ 2024-12-03 14:46 ` Greg Kroah-Hartman
2024-12-03 14:46 ` [PATCH 6.11 799/817] kbuild: deb-pkg: Dont fail if modules.order is missing Greg Kroah-Hartman
` (28 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:46 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Masahiro Yamada, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Masahiro Yamada <masahiroy@kernel.org>
[ Upstream commit dbefa1f31a91670c9e7dac9b559625336206466f ]
Commit b1fca27d384e ("kernel debug: support resetting WARN*_ONCE")
added support for clearing the state of once warnings. However,
it is not functional when CONFIG_LD_DEAD_CODE_DATA_ELIMINATION or
CONFIG_LTO_CLANG is enabled, because .data.once matches the
.data.[0-9a-zA-Z_]* pattern in the DATA_MAIN macro.
Commit cb87481ee89d ("kbuild: linker script do not match C names unless
LD_DEAD_CODE_DATA_ELIMINATION is configured") was introduced to suppress
the issue for the default CONFIG_LD_DEAD_CODE_DATA_ELIMINATION=n case,
providing a minimal fix for stable backporting. We were aware this did
not address the issue for CONFIG_LD_DEAD_CODE_DATA_ELIMINATION=y. The
plan was to apply correct fixes and then revert cb87481ee89d. [1]
Seven years have passed since then, yet the #ifdef workaround remains in
place. Meanwhile, commit b1fca27d384e introduced the .data.once section,
and commit dc5723b02e52 ("kbuild: add support for Clang LTO") extended
the #ifdef.
Using a ".." separator in the section name fixes the issue for
CONFIG_LD_DEAD_CODE_DATA_ELIMINATION and CONFIG_LTO_CLANG.
[1]: https://lore.kernel.org/linux-kbuild/CAK7LNASck6BfdLnESxXUeECYL26yUDm0cwRZuM4gmaWUkxjL5g@mail.gmail.com/
Fixes: b1fca27d384e ("kernel debug: support resetting WARN*_ONCE")
Fixes: dc5723b02e52 ("kbuild: add support for Clang LTO")
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/asm-generic/vmlinux.lds.h | 2 +-
include/linux/mmdebug.h | 6 +++---
include/linux/once.h | 4 ++--
include/linux/once_lite.h | 2 +-
include/net/net_debug.h | 2 +-
mm/internal.h | 2 +-
6 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h
index bee5a71f4b41e..38d710f620efc 100644
--- a/include/asm-generic/vmlinux.lds.h
+++ b/include/asm-generic/vmlinux.lds.h
@@ -351,7 +351,7 @@
*(.data..shared_aligned) /* percpu related */ \
*(.data..unlikely) \
__start_once = .; \
- *(.data.once) \
+ *(.data..once) \
__end_once = .; \
STRUCT_ALIGN(); \
*(__tracepoints) \
diff --git a/include/linux/mmdebug.h b/include/linux/mmdebug.h
index 39a7714605a79..d7cb1e5ecbda9 100644
--- a/include/linux/mmdebug.h
+++ b/include/linux/mmdebug.h
@@ -46,7 +46,7 @@ void vma_iter_dump_tree(const struct vma_iterator *vmi);
} \
} while (0)
#define VM_WARN_ON_ONCE_PAGE(cond, page) ({ \
- static bool __section(".data.once") __warned; \
+ static bool __section(".data..once") __warned; \
int __ret_warn_once = !!(cond); \
\
if (unlikely(__ret_warn_once && !__warned)) { \
@@ -66,7 +66,7 @@ void vma_iter_dump_tree(const struct vma_iterator *vmi);
unlikely(__ret_warn); \
})
#define VM_WARN_ON_ONCE_FOLIO(cond, folio) ({ \
- static bool __section(".data.once") __warned; \
+ static bool __section(".data..once") __warned; \
int __ret_warn_once = !!(cond); \
\
if (unlikely(__ret_warn_once && !__warned)) { \
@@ -77,7 +77,7 @@ void vma_iter_dump_tree(const struct vma_iterator *vmi);
unlikely(__ret_warn_once); \
})
#define VM_WARN_ON_ONCE_MM(cond, mm) ({ \
- static bool __section(".data.once") __warned; \
+ static bool __section(".data..once") __warned; \
int __ret_warn_once = !!(cond); \
\
if (unlikely(__ret_warn_once && !__warned)) { \
diff --git a/include/linux/once.h b/include/linux/once.h
index bc714d414448a..30346fcdc7995 100644
--- a/include/linux/once.h
+++ b/include/linux/once.h
@@ -46,7 +46,7 @@ void __do_once_sleepable_done(bool *done, struct static_key_true *once_key,
#define DO_ONCE(func, ...) \
({ \
bool ___ret = false; \
- static bool __section(".data.once") ___done = false; \
+ static bool __section(".data..once") ___done = false; \
static DEFINE_STATIC_KEY_TRUE(___once_key); \
if (static_branch_unlikely(&___once_key)) { \
unsigned long ___flags; \
@@ -64,7 +64,7 @@ void __do_once_sleepable_done(bool *done, struct static_key_true *once_key,
#define DO_ONCE_SLEEPABLE(func, ...) \
({ \
bool ___ret = false; \
- static bool __section(".data.once") ___done = false; \
+ static bool __section(".data..once") ___done = false; \
static DEFINE_STATIC_KEY_TRUE(___once_key); \
if (static_branch_unlikely(&___once_key)) { \
___ret = __do_once_sleepable_start(&___done); \
diff --git a/include/linux/once_lite.h b/include/linux/once_lite.h
index b7bce4983638f..27de7bc32a061 100644
--- a/include/linux/once_lite.h
+++ b/include/linux/once_lite.h
@@ -12,7 +12,7 @@
#define __ONCE_LITE_IF(condition) \
({ \
- static bool __section(".data.once") __already_done; \
+ static bool __section(".data..once") __already_done; \
bool __ret_cond = !!(condition); \
bool __ret_once = false; \
\
diff --git a/include/net/net_debug.h b/include/net/net_debug.h
index 1e74684cbbdbc..4a79204c8d306 100644
--- a/include/net/net_debug.h
+++ b/include/net/net_debug.h
@@ -27,7 +27,7 @@ void netdev_info(const struct net_device *dev, const char *format, ...);
#define netdev_level_once(level, dev, fmt, ...) \
do { \
- static bool __section(".data.once") __print_once; \
+ static bool __section(".data..once") __print_once; \
\
if (!__print_once) { \
__print_once = true; \
diff --git a/mm/internal.h b/mm/internal.h
index 7da580dfae6c5..c791312eae764 100644
--- a/mm/internal.h
+++ b/mm/internal.h
@@ -42,7 +42,7 @@ struct folio_batch;
* when we specify __GFP_NOWARN.
*/
#define WARN_ON_ONCE_GFP(cond, gfp) ({ \
- static bool __section(".data.once") __warned; \
+ static bool __section(".data..once") __warned; \
int __ret_warn_once = !!(cond); \
\
if (unlikely(!(gfp & __GFP_NOWARN) && __ret_warn_once && !__warned)) { \
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 799/817] kbuild: deb-pkg: Dont fail if modules.order is missing
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (797 preceding siblings ...)
2024-12-03 14:46 ` [PATCH 6.11 798/817] Rename .data.once to .data..once to fix resetting WARN*_ONCE Greg Kroah-Hartman
@ 2024-12-03 14:46 ` Greg Kroah-Hartman
2024-12-03 14:46 ` [PATCH 6.11 800/817] smb: Initialize cfid->tcon before performing network ops Greg Kroah-Hartman
` (27 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Matt Fleming, Masahiro Yamada,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Matt Fleming <mfleming@cloudflare.com>
[ Upstream commit bcbbf493f2fa6fa1f0832f6b5b4c80a65de242d6 ]
Kernels built without CONFIG_MODULES might still want to create -dbg deb
packages but install_linux_image_dbg() assumes modules.order always
exists. This obviously isn't true if no modules were built, so we should
skip reading modules.order in that case.
Fixes: 16c36f8864e3 ("kbuild: deb-pkg: use build ID instead of debug link for dbg package")
Signed-off-by: Matt Fleming <mfleming@cloudflare.com>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
scripts/package/builddeb | 22 ++++++++++++----------
1 file changed, 12 insertions(+), 10 deletions(-)
diff --git a/scripts/package/builddeb b/scripts/package/builddeb
index c1757db6aa8a8..718fbf99e2cea 100755
--- a/scripts/package/builddeb
+++ b/scripts/package/builddeb
@@ -97,16 +97,18 @@ install_linux_image_dbg () {
# Parse modules.order directly because 'make modules_install' may sign,
# compress modules, and then run unneeded depmod.
- while read -r mod; do
- mod="${mod%.o}.ko"
- dbg="${pdir}/usr/lib/debug/lib/modules/${KERNELRELEASE}/kernel/${mod}"
- buildid=$("${READELF}" -n "${mod}" | sed -n 's@^.*Build ID: \(..\)\(.*\)@\1/\2@p')
- link="${pdir}/usr/lib/debug/.build-id/${buildid}.debug"
-
- mkdir -p "${dbg%/*}" "${link%/*}"
- "${OBJCOPY}" --only-keep-debug "${mod}" "${dbg}"
- ln -sf --relative "${dbg}" "${link}"
- done < modules.order
+ if is_enabled CONFIG_MODULES; then
+ while read -r mod; do
+ mod="${mod%.o}.ko"
+ dbg="${pdir}/usr/lib/debug/lib/modules/${KERNELRELEASE}/kernel/${mod}"
+ buildid=$("${READELF}" -n "${mod}" | sed -n 's@^.*Build ID: \(..\)\(.*\)@\1/\2@p')
+ link="${pdir}/usr/lib/debug/.build-id/${buildid}.debug"
+
+ mkdir -p "${dbg%/*}" "${link%/*}"
+ "${OBJCOPY}" --only-keep-debug "${mod}" "${dbg}"
+ ln -sf --relative "${dbg}" "${link}"
+ done < modules.order
+ fi
# Build debug package
# Different tools want the image in different locations
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 800/817] smb: Initialize cfid->tcon before performing network ops
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (798 preceding siblings ...)
2024-12-03 14:46 ` [PATCH 6.11 799/817] kbuild: deb-pkg: Dont fail if modules.order is missing Greg Kroah-Hartman
@ 2024-12-03 14:46 ` Greg Kroah-Hartman
2024-12-03 14:46 ` [PATCH 6.11 801/817] block: Dont allow an atomic write be truncated in blkdev_write_iter() Greg Kroah-Hartman
` (26 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:46 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Paul Aurich, Steve French,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Paul Aurich <paul@darkrain42.org>
[ Upstream commit c353ee4fb119a2582d0e011f66a76a38f5cf984d ]
Avoid leaking a tcon ref when a lease break races with opening the
cached directory. Processing the leak break might take a reference to
the tcon in cached_dir_lease_break() and then fail to release the ref in
cached_dir_offload_close, since cfid->tcon is still NULL.
Fixes: ebe98f1447bb ("cifs: enable caching of directories for which a lease is held")
Signed-off-by: Paul Aurich <paul@darkrain42.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/smb/client/cached_dir.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/smb/client/cached_dir.c b/fs/smb/client/cached_dir.c
index 004349a7ab69d..9c0ef4195b582 100644
--- a/fs/smb/client/cached_dir.c
+++ b/fs/smb/client/cached_dir.c
@@ -227,6 +227,7 @@ int open_cached_dir(unsigned int xid, struct cifs_tcon *tcon,
}
}
cfid->dentry = dentry;
+ cfid->tcon = tcon;
/*
* We do not hold the lock for the open because in case
@@ -298,7 +299,6 @@ int open_cached_dir(unsigned int xid, struct cifs_tcon *tcon,
}
goto oshr_free;
}
- cfid->tcon = tcon;
cfid->is_open = true;
spin_lock(&cfids->cfid_list_lock);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 801/817] block: Dont allow an atomic write be truncated in blkdev_write_iter()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (799 preceding siblings ...)
2024-12-03 14:46 ` [PATCH 6.11 800/817] smb: Initialize cfid->tcon before performing network ops Greg Kroah-Hartman
@ 2024-12-03 14:46 ` Greg Kroah-Hartman
2024-12-03 14:46 ` [PATCH 6.11 802/817] modpost: remove incorrect code in do_eisa_entry() Greg Kroah-Hartman
` (25 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, John Garry, Christoph Hellwig,
Jens Axboe, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: John Garry <john.g.garry@oracle.com>
[ Upstream commit 2cbd51f1f8739fd2fdf4bae1386bcf75ce0176ba ]
A write which goes past the end of the bdev in blkdev_write_iter() will
be truncated. Truncating cannot tolerated for an atomic write, so error
that condition.
Fixes: caf336f81b3a ("block: Add fops atomic write support")
Signed-off-by: John Garry <john.g.garry@oracle.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/20241127092318.632790-1-john.g.garry@oracle.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
block/fops.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/block/fops.c b/block/fops.c
index 56db751bba49b..16bb5ae702379 100644
--- a/block/fops.c
+++ b/block/fops.c
@@ -676,6 +676,7 @@ static ssize_t blkdev_write_iter(struct kiocb *iocb, struct iov_iter *from)
struct file *file = iocb->ki_filp;
struct inode *bd_inode = bdev_file_inode(file);
struct block_device *bdev = I_BDEV(bd_inode);
+ bool atomic = iocb->ki_flags & IOCB_ATOMIC;
loff_t size = bdev_nr_bytes(bdev);
size_t shorted = 0;
ssize_t ret;
@@ -695,7 +696,7 @@ static ssize_t blkdev_write_iter(struct kiocb *iocb, struct iov_iter *from)
if ((iocb->ki_flags & (IOCB_NOWAIT | IOCB_DIRECT)) == IOCB_NOWAIT)
return -EOPNOTSUPP;
- if (iocb->ki_flags & IOCB_ATOMIC) {
+ if (atomic) {
ret = generic_atomic_write_valid(iocb, from);
if (ret)
return ret;
@@ -703,6 +704,8 @@ static ssize_t blkdev_write_iter(struct kiocb *iocb, struct iov_iter *from)
size -= iocb->ki_pos;
if (iov_iter_count(from) > size) {
+ if (atomic)
+ return -EINVAL;
shorted = iov_iter_count(from) - size;
iov_iter_truncate(from, size);
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 802/817] modpost: remove incorrect code in do_eisa_entry()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (800 preceding siblings ...)
2024-12-03 14:46 ` [PATCH 6.11 801/817] block: Dont allow an atomic write be truncated in blkdev_write_iter() Greg Kroah-Hartman
@ 2024-12-03 14:46 ` Greg Kroah-Hartman
2024-12-03 14:46 ` [PATCH 6.11 803/817] cifs: during remount, make sure passwords are in sync Greg Kroah-Hartman
` (24 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:46 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Masahiro Yamada, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Masahiro Yamada <masahiroy@kernel.org>
[ Upstream commit 0c3e091319e4748cb36ac9a50848903dc6f54054 ]
This function contains multiple bugs after the following commits:
- ac551828993e ("modpost: i2c aliases need no trailing wildcard")
- 6543becf26ff ("mod/file2alias: make modalias generation safe for cross compiling")
Commit ac551828993e inserted the following code to do_eisa_entry():
else
strcat(alias, "*");
This is incorrect because 'alias' is uninitialized. If it is not
NULL-terminated, strcat() could cause a buffer overrun.
Even if 'alias' happens to be zero-filled, it would output:
MODULE_ALIAS("*");
This would match anything. As a result, the module could be loaded by
any unrelated uevent from an unrelated subsystem.
Commit ac551828993e introduced another bug.
Prior to that commit, the conditional check was:
if (eisa->sig[0])
This checked if the first character of eisa_device_id::sig was not '\0'.
However, commit ac551828993e changed it as follows:
if (sig[0])
sig[0] is NOT the first character of the eisa_device_id::sig. The
type of 'sig' is 'char (*)[8]', meaning that the type of 'sig[0]' is
'char [8]' instead of 'char'. 'sig[0]' and 'symval' refer to the same
address, which never becomes NULL.
The correct conversion would have been:
if ((*sig)[0])
However, this if-conditional was meaningless because the earlier change
in commit ac551828993e was incorrect.
This commit removes the entire incorrect code, which should never have
been executed.
Fixes: ac551828993e ("modpost: i2c aliases need no trailing wildcard")
Fixes: 6543becf26ff ("mod/file2alias: make modalias generation safe for cross compiling")
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
scripts/mod/file2alias.c | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/scripts/mod/file2alias.c b/scripts/mod/file2alias.c
index 5d1c61fa5a550..bcb5a7e20775e 100644
--- a/scripts/mod/file2alias.c
+++ b/scripts/mod/file2alias.c
@@ -809,10 +809,7 @@ static int do_eisa_entry(const char *filename, void *symval,
char *alias)
{
DEF_FIELD_ADDR(symval, eisa_device_id, sig);
- if (sig[0])
- sprintf(alias, EISA_DEVICE_MODALIAS_FMT "*", *sig);
- else
- strcat(alias, "*");
+ sprintf(alias, EISA_DEVICE_MODALIAS_FMT "*", *sig);
return 1;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 803/817] cifs: during remount, make sure passwords are in sync
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (801 preceding siblings ...)
2024-12-03 14:46 ` [PATCH 6.11 802/817] modpost: remove incorrect code in do_eisa_entry() Greg Kroah-Hartman
@ 2024-12-03 14:46 ` Greg Kroah-Hartman
2024-12-03 14:46 ` [PATCH 6.11 804/817] cifs: unlock on error in smb3_reconfigure() Greg Kroah-Hartman
` (23 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Shyam Prasad N, Meetakshi Setiya,
Steve French, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Shyam Prasad N <sprasad@microsoft.com>
[ Upstream commit 0f0e357902957fba28ed31bde0d6921c6bd1485d ]
This fixes scenarios where remount can overwrite the only currently
working password, breaking reconnect.
We recently introduced a password2 field in both ses and ctx structs.
This was done so as to allow the client to rotate passwords for a mount
without any downtime. However, when the client transparently handles
password rotation, it can swap the values of the two password fields
in the ses struct, but not in smb3_fs_context struct that hangs off
cifs_sb. This can lead to a situation where a remount unintentionally
overwrites a working password in the ses struct.
In order to fix this, we first get the passwords in ctx struct
in-sync with ses struct, before replacing them with what the passwords
that could be passed as a part of remount.
Also, in order to avoid race condition between smb2_reconnect and
smb3_reconfigure, we make sure to lock session_mutex before changing
password and password2 fields of the ses structure.
Fixes: 35f834265e0d ("smb3: fix broken reconnect when password changing on the server by allowing password rotation")
Signed-off-by: Shyam Prasad N <sprasad@microsoft.com>
Signed-off-by: Meetakshi Setiya <msetiya@microsoft.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/smb/client/fs_context.c | 83 +++++++++++++++++++++++++++++++++-----
fs/smb/client/fs_context.h | 1 +
2 files changed, 75 insertions(+), 9 deletions(-)
diff --git a/fs/smb/client/fs_context.c b/fs/smb/client/fs_context.c
index 4069b69fbc7e0..e84660b48d533 100644
--- a/fs/smb/client/fs_context.c
+++ b/fs/smb/client/fs_context.c
@@ -890,12 +890,37 @@ do { \
cifs_sb->ctx->field = NULL; \
} while (0)
+int smb3_sync_session_ctx_passwords(struct cifs_sb_info *cifs_sb, struct cifs_ses *ses)
+{
+ if (ses->password &&
+ cifs_sb->ctx->password &&
+ strcmp(ses->password, cifs_sb->ctx->password)) {
+ kfree_sensitive(cifs_sb->ctx->password);
+ cifs_sb->ctx->password = kstrdup(ses->password, GFP_KERNEL);
+ if (!cifs_sb->ctx->password)
+ return -ENOMEM;
+ }
+ if (ses->password2 &&
+ cifs_sb->ctx->password2 &&
+ strcmp(ses->password2, cifs_sb->ctx->password2)) {
+ kfree_sensitive(cifs_sb->ctx->password2);
+ cifs_sb->ctx->password2 = kstrdup(ses->password2, GFP_KERNEL);
+ if (!cifs_sb->ctx->password2) {
+ kfree_sensitive(cifs_sb->ctx->password);
+ cifs_sb->ctx->password = NULL;
+ return -ENOMEM;
+ }
+ }
+ return 0;
+}
+
static int smb3_reconfigure(struct fs_context *fc)
{
struct smb3_fs_context *ctx = smb3_fc2context(fc);
struct dentry *root = fc->root;
struct cifs_sb_info *cifs_sb = CIFS_SB(root->d_sb);
struct cifs_ses *ses = cifs_sb_master_tcon(cifs_sb)->ses;
+ char *new_password = NULL, *new_password2 = NULL;
bool need_recon = false;
int rc;
@@ -915,21 +940,61 @@ static int smb3_reconfigure(struct fs_context *fc)
STEAL_STRING(cifs_sb, ctx, UNC);
STEAL_STRING(cifs_sb, ctx, source);
STEAL_STRING(cifs_sb, ctx, username);
+
if (need_recon == false)
STEAL_STRING_SENSITIVE(cifs_sb, ctx, password);
else {
- kfree_sensitive(ses->password);
- ses->password = kstrdup(ctx->password, GFP_KERNEL);
- if (!ses->password)
- return -ENOMEM;
- kfree_sensitive(ses->password2);
- ses->password2 = kstrdup(ctx->password2, GFP_KERNEL);
- if (!ses->password2) {
- kfree_sensitive(ses->password);
- ses->password = NULL;
+ if (ctx->password) {
+ new_password = kstrdup(ctx->password, GFP_KERNEL);
+ if (!new_password)
+ return -ENOMEM;
+ } else
+ STEAL_STRING_SENSITIVE(cifs_sb, ctx, password);
+ }
+
+ /*
+ * if a new password2 has been specified, then reset it's value
+ * inside the ses struct
+ */
+ if (ctx->password2) {
+ new_password2 = kstrdup(ctx->password2, GFP_KERNEL);
+ if (!new_password2) {
+ kfree_sensitive(new_password);
return -ENOMEM;
}
+ } else
+ STEAL_STRING_SENSITIVE(cifs_sb, ctx, password2);
+
+ /*
+ * we may update the passwords in the ses struct below. Make sure we do
+ * not race with smb2_reconnect
+ */
+ mutex_lock(&ses->session_mutex);
+
+ /*
+ * smb2_reconnect may swap password and password2 in case session setup
+ * failed. First get ctx passwords in sync with ses passwords. It should
+ * be okay to do this even if this function were to return an error at a
+ * later stage
+ */
+ rc = smb3_sync_session_ctx_passwords(cifs_sb, ses);
+ if (rc)
+ return rc;
+
+ /*
+ * now that allocations for passwords are done, commit them
+ */
+ if (new_password) {
+ kfree_sensitive(ses->password);
+ ses->password = new_password;
}
+ if (new_password2) {
+ kfree_sensitive(ses->password2);
+ ses->password2 = new_password2;
+ }
+
+ mutex_unlock(&ses->session_mutex);
+
STEAL_STRING(cifs_sb, ctx, domainname);
STEAL_STRING(cifs_sb, ctx, nodename);
STEAL_STRING(cifs_sb, ctx, iocharset);
diff --git a/fs/smb/client/fs_context.h b/fs/smb/client/fs_context.h
index cf577ec0dd0ac..bbd2063ab838d 100644
--- a/fs/smb/client/fs_context.h
+++ b/fs/smb/client/fs_context.h
@@ -298,6 +298,7 @@ static inline struct smb3_fs_context *smb3_fc2context(const struct fs_context *f
}
extern int smb3_fs_context_dup(struct smb3_fs_context *new_ctx, struct smb3_fs_context *ctx);
+extern int smb3_sync_session_ctx_passwords(struct cifs_sb_info *cifs_sb, struct cifs_ses *ses);
extern void smb3_update_mnt_flags(struct cifs_sb_info *cifs_sb);
/*
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 804/817] cifs: unlock on error in smb3_reconfigure()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (802 preceding siblings ...)
2024-12-03 14:46 ` [PATCH 6.11 803/817] cifs: during remount, make sure passwords are in sync Greg Kroah-Hartman
@ 2024-12-03 14:46 ` Greg Kroah-Hartman
2024-12-03 14:46 ` [PATCH 6.11 805/817] nfs: ignore SB_RDONLY when mounting nfs Greg Kroah-Hartman
` (22 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dan Carpenter, Bharath SM,
Steve French, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dan Carpenter <dan.carpenter@linaro.org>
[ Upstream commit cda88d2fef7aa7de80b5697e8009fcbbb436f42d ]
Unlock before returning if smb3_sync_session_ctx_passwords() fails.
Fixes: 7e654ab7da03 ("cifs: during remount, make sure passwords are in sync")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Reviewed-by: Bharath SM <bharathsm@microsoft.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/smb/client/fs_context.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/fs/smb/client/fs_context.c b/fs/smb/client/fs_context.c
index e84660b48d533..e9fe48a3625ba 100644
--- a/fs/smb/client/fs_context.c
+++ b/fs/smb/client/fs_context.c
@@ -978,8 +978,10 @@ static int smb3_reconfigure(struct fs_context *fc)
* later stage
*/
rc = smb3_sync_session_ctx_passwords(cifs_sb, ses);
- if (rc)
+ if (rc) {
+ mutex_unlock(&ses->session_mutex);
return rc;
+ }
/*
* now that allocations for passwords are done, commit them
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 805/817] nfs: ignore SB_RDONLY when mounting nfs
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (803 preceding siblings ...)
2024-12-03 14:46 ` [PATCH 6.11 804/817] cifs: unlock on error in smb3_reconfigure() Greg Kroah-Hartman
@ 2024-12-03 14:46 ` Greg Kroah-Hartman
2024-12-03 14:46 ` [PATCH 6.11 806/817] sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport Greg Kroah-Hartman
` (21 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Li Lingfeng, Trond Myklebust,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Li Lingfeng <lilingfeng3@huawei.com>
[ Upstream commit 52cb7f8f177878b4f22397b9c4d2c8f743766be3 ]
When exporting only one file system with fsid=0 on the server side, the
client alternately uses the ro/rw mount options to perform the mount
operation, and a new vfsmount is generated each time.
It can be reproduced as follows:
[root@localhost ~]# mount /dev/sda /mnt2
[root@localhost ~]# echo "/mnt2 *(rw,no_root_squash,fsid=0)" >/etc/exports
[root@localhost ~]# systemctl restart nfs-server
[root@localhost ~]# mount -t nfs -o ro,vers=4 127.0.0.1:/ /mnt/sdaa
[root@localhost ~]# mount -t nfs -o rw,vers=4 127.0.0.1:/ /mnt/sdaa
[root@localhost ~]# mount -t nfs -o ro,vers=4 127.0.0.1:/ /mnt/sdaa
[root@localhost ~]# mount -t nfs -o rw,vers=4 127.0.0.1:/ /mnt/sdaa
[root@localhost ~]# mount | grep nfs4
127.0.0.1:/ on /mnt/sdaa type nfs4 (ro,relatime,vers=4.2,rsize=1048576,...
127.0.0.1:/ on /mnt/sdaa type nfs4 (rw,relatime,vers=4.2,rsize=1048576,...
127.0.0.1:/ on /mnt/sdaa type nfs4 (ro,relatime,vers=4.2,rsize=1048576,...
127.0.0.1:/ on /mnt/sdaa type nfs4 (rw,relatime,vers=4.2,rsize=1048576,...
[root@localhost ~]#
We expected that after mounting with the ro option, using the rw option to
mount again would return EBUSY, but the actual situation was not the case.
As shown above, when mounting for the first time, a superblock with the ro
flag will be generated, and at the same time, in do_new_mount_fc -->
do_add_mount, it detects that the superblock corresponding to the current
target directory is inconsistent with the currently generated one
(path->mnt->mnt_sb != newmnt->mnt.mnt_sb), and a new vfsmount will be
generated.
When mounting with the rw option for the second time, since no matching
superblock can be found in the fs_supers list, a new superblock with the
rw flag will be generated again. The superblock in use (ro) is different
from the newly generated superblock (rw), and a new vfsmount will be
generated again.
When mounting with the ro option for the third time, the superblock (ro)
is found in fs_supers, the superblock in use (rw) is different from the
found superblock (ro), and a new vfsmount will be generated again.
We can switch between ro/rw through remount, and only one superblock needs
to be generated, thus avoiding the problem of repeated generation of
vfsmount caused by switching superblocks.
Furthermore, This can also resolve the issue described in the link.
Fixes: 275a5d24bf56 ("NFS: Error when mounting the same filesystem with different options")
Link: https://lore.kernel.org/all/20240604112636.236517-3-lilingfeng@huaweicloud.com/
Signed-off-by: Li Lingfeng <lilingfeng3@huawei.com>
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/nfs/internal.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/nfs/internal.h b/fs/nfs/internal.h
index 5902a9beca1f3..080af26c14dce 100644
--- a/fs/nfs/internal.h
+++ b/fs/nfs/internal.h
@@ -11,7 +11,7 @@
#include <linux/nfs_page.h>
#include <linux/wait_bit.h>
-#define NFS_SB_MASK (SB_RDONLY|SB_NOSUID|SB_NODEV|SB_NOEXEC|SB_SYNCHRONOUS)
+#define NFS_SB_MASK (SB_NOSUID|SB_NODEV|SB_NOEXEC|SB_SYNCHRONOUS)
extern const struct export_operations nfs_export_ops;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 806/817] sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (804 preceding siblings ...)
2024-12-03 14:46 ` [PATCH 6.11 805/817] nfs: ignore SB_RDONLY when mounting nfs Greg Kroah-Hartman
@ 2024-12-03 14:46 ` Greg Kroah-Hartman
2024-12-03 14:46 ` [PATCH 6.11 807/817] SUNRPC: timeout and cancel TLS handshake with -ETIMEDOUT Greg Kroah-Hartman
` (20 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Li Lingfeng, Liu Jian,
Trond Myklebust, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Liu Jian <liujian56@huawei.com>
[ Upstream commit 4db9ad82a6c823094da27de4825af693a3475d51 ]
Since transport->sock has been set to NULL during reset transport,
XPRT_SOCK_UPD_TIMEOUT also needs to be cleared. Otherwise, the
xs_tcp_set_socket_timeouts() may be triggered in xs_tcp_send_request()
to dereference the transport->sock that has been set to NULL.
Fixes: 7196dbb02ea0 ("SUNRPC: Allow changing of the TCP timeout parameters on the fly")
Signed-off-by: Li Lingfeng <lilingfeng3@huawei.com>
Signed-off-by: Liu Jian <liujian56@huawei.com>
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/sunrpc/xprtsock.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/sunrpc/xprtsock.c b/net/sunrpc/xprtsock.c
index 1326fbf45a347..539cdda2093e5 100644
--- a/net/sunrpc/xprtsock.c
+++ b/net/sunrpc/xprtsock.c
@@ -1198,6 +1198,7 @@ static void xs_sock_reset_state_flags(struct rpc_xprt *xprt)
clear_bit(XPRT_SOCK_WAKE_WRITE, &transport->sock_state);
clear_bit(XPRT_SOCK_WAKE_DISCONNECT, &transport->sock_state);
clear_bit(XPRT_SOCK_NOSPACE, &transport->sock_state);
+ clear_bit(XPRT_SOCK_UPD_TIMEOUT, &transport->sock_state);
}
static void xs_run_error_worker(struct sock_xprt *transport, unsigned int nr)
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 807/817] SUNRPC: timeout and cancel TLS handshake with -ETIMEDOUT
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (805 preceding siblings ...)
2024-12-03 14:46 ` [PATCH 6.11 806/817] sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport Greg Kroah-Hartman
@ 2024-12-03 14:46 ` Greg Kroah-Hartman
2024-12-03 14:46 ` [PATCH 6.11 808/817] sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket Greg Kroah-Hartman
` (19 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Benjamin Coddington, Chuck Lever,
Trond Myklebust, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Benjamin Coddington <bcodding@redhat.com>
[ Upstream commit d7bdd849ef1b681da03ac05ca0957b2cbe2d24b6 ]
We've noticed a situation where an unstable TCP connection can cause the
TLS handshake to timeout waiting for userspace to complete it. When this
happens, we don't want to return from xs_tls_handshake_sync() with zero, as
this will cause the upper xprt to be set CONNECTED, and subsequent attempts
to transmit will be returned with -EPIPE. The sunrpc machine does not
recover from this situation and will spin attempting to transmit.
The return value of tls_handshake_cancel() can be used to detect a race
with completion:
* tls_handshake_cancel - cancel a pending handshake
* Return values:
* %true - Uncompleted handshake request was canceled
* %false - Handshake request already completed or not found
If true, we do not want the upper xprt to be connected, so return
-ETIMEDOUT. If false, its possible the handshake request was lost and
that may be the reason for our timeout. Again we do not want the upper
xprt to be connected, so return -ETIMEDOUT.
Ensure that we alway return an error from xs_tls_handshake_sync() if we
call tls_handshake_cancel().
Signed-off-by: Benjamin Coddington <bcodding@redhat.com>
Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
Fixes: 75eb6af7acdf ("SUNRPC: Add a TCP-with-TLS RPC transport class")
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/sunrpc/xprtsock.c | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/net/sunrpc/xprtsock.c b/net/sunrpc/xprtsock.c
index 539cdda2093e5..43fb96de8ebe5 100644
--- a/net/sunrpc/xprtsock.c
+++ b/net/sunrpc/xprtsock.c
@@ -2615,11 +2615,10 @@ static int xs_tls_handshake_sync(struct rpc_xprt *lower_xprt, struct xprtsec_par
rc = wait_for_completion_interruptible_timeout(&lower_transport->handshake_done,
XS_TLS_HANDSHAKE_TO);
if (rc <= 0) {
- if (!tls_handshake_cancel(sk)) {
- if (rc == 0)
- rc = -ETIMEDOUT;
- goto out_put_xprt;
- }
+ tls_handshake_cancel(sk);
+ if (rc == 0)
+ rc = -ETIMEDOUT;
+ goto out_put_xprt;
}
rc = lower_transport->xprt_err;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 808/817] sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (806 preceding siblings ...)
2024-12-03 14:46 ` [PATCH 6.11 807/817] SUNRPC: timeout and cancel TLS handshake with -ETIMEDOUT Greg Kroah-Hartman
@ 2024-12-03 14:46 ` Greg Kroah-Hartman
2024-12-03 14:46 ` [PATCH 6.11 809/817] nfs/blocklayout: Dont attempt unregister for invalid block device Greg Kroah-Hartman
` (18 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Liu Jian, Jeff Layton,
Kuniyuki Iwashima, Trond Myklebust, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Liu Jian <liujian56@huawei.com>
[ Upstream commit 3f23f96528e8fcf8619895c4c916c52653892ec1 ]
BUG: KASAN: slab-use-after-free in tcp_write_timer_handler+0x156/0x3e0
Read of size 1 at addr ffff888111f322cd by task swapper/0/0
CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.0-rc4-dirty #7
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1
Call Trace:
<IRQ>
dump_stack_lvl+0x68/0xa0
print_address_description.constprop.0+0x2c/0x3d0
print_report+0xb4/0x270
kasan_report+0xbd/0xf0
tcp_write_timer_handler+0x156/0x3e0
tcp_write_timer+0x66/0x170
call_timer_fn+0xfb/0x1d0
__run_timers+0x3f8/0x480
run_timer_softirq+0x9b/0x100
handle_softirqs+0x153/0x390
__irq_exit_rcu+0x103/0x120
irq_exit_rcu+0xe/0x20
sysvec_apic_timer_interrupt+0x76/0x90
</IRQ>
<TASK>
asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:default_idle+0xf/0x20
Code: 4c 01 c7 4c 29 c2 e9 72 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90
90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 33 f8 25 00 fb f4 <fa> c3 cc cc cc
cc 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90
RSP: 0018:ffffffffa2007e28 EFLAGS: 00000242
RAX: 00000000000f3b31 RBX: 1ffffffff4400fc7 RCX: ffffffffa09c3196
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff9f00590f
RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed102360835d
R10: ffff88811b041aeb R11: 0000000000000001 R12: 0000000000000000
R13: ffffffffa202d7c0 R14: 0000000000000000 R15: 00000000000147d0
default_idle_call+0x6b/0xa0
cpuidle_idle_call+0x1af/0x1f0
do_idle+0xbc/0x130
cpu_startup_entry+0x33/0x40
rest_init+0x11f/0x210
start_kernel+0x39a/0x420
x86_64_start_reservations+0x18/0x30
x86_64_start_kernel+0x97/0xa0
common_startup_64+0x13e/0x141
</TASK>
Allocated by task 595:
kasan_save_stack+0x24/0x50
kasan_save_track+0x14/0x30
__kasan_slab_alloc+0x87/0x90
kmem_cache_alloc_noprof+0x12b/0x3f0
copy_net_ns+0x94/0x380
create_new_namespaces+0x24c/0x500
unshare_nsproxy_namespaces+0x75/0xf0
ksys_unshare+0x24e/0x4f0
__x64_sys_unshare+0x1f/0x30
do_syscall_64+0x70/0x180
entry_SYSCALL_64_after_hwframe+0x76/0x7e
Freed by task 100:
kasan_save_stack+0x24/0x50
kasan_save_track+0x14/0x30
kasan_save_free_info+0x3b/0x60
__kasan_slab_free+0x54/0x70
kmem_cache_free+0x156/0x5d0
cleanup_net+0x5d3/0x670
process_one_work+0x776/0xa90
worker_thread+0x2e2/0x560
kthread+0x1a8/0x1f0
ret_from_fork+0x34/0x60
ret_from_fork_asm+0x1a/0x30
Reproduction script:
mkdir -p /mnt/nfsshare
mkdir -p /mnt/nfs/netns_1
mkfs.ext4 /dev/sdb
mount /dev/sdb /mnt/nfsshare
systemctl restart nfs-server
chmod 777 /mnt/nfsshare
exportfs -i -o rw,no_root_squash *:/mnt/nfsshare
ip netns add netns_1
ip link add name veth_1_peer type veth peer veth_1
ifconfig veth_1_peer 11.11.0.254 up
ip link set veth_1 netns netns_1
ip netns exec netns_1 ifconfig veth_1 11.11.0.1
ip netns exec netns_1 /root/iptables -A OUTPUT -d 11.11.0.254 -p tcp \
--tcp-flags FIN FIN -j DROP
(note: In my environment, a DESTROY_CLIENTID operation is always sent
immediately, breaking the nfs tcp connection.)
ip netns exec netns_1 timeout -s 9 300 mount -t nfs -o proto=tcp,vers=4.1 \
11.11.0.254:/mnt/nfsshare /mnt/nfs/netns_1
ip netns del netns_1
The reason here is that the tcp socket in netns_1 (nfs side) has been
shutdown and closed (done in xs_destroy), but the FIN message (with ack)
is discarded, and the nfsd side keeps sending retransmission messages.
As a result, when the tcp sock in netns_1 processes the received message,
it sends the message (FIN message) in the sending queue, and the tcp timer
is re-established. When the network namespace is deleted, the net structure
accessed by tcp's timer handler function causes problems.
To fix this problem, let's hold netns refcnt for the tcp kernel socket as
done in other modules. This is an ugly hack which can easily be backported
to earlier kernels. A proper fix which cleans up the interfaces will
follow, but may not be so easy to backport.
Fixes: 26abe14379f8 ("net: Modify sk_alloc to not reference count the netns of kernel sockets.")
Signed-off-by: Liu Jian <liujian56@huawei.com>
Acked-by: Jeff Layton <jlayton@kernel.org>
Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/sunrpc/svcsock.c | 4 ++++
net/sunrpc/xprtsock.c | 7 +++++++
2 files changed, 11 insertions(+)
diff --git a/net/sunrpc/svcsock.c b/net/sunrpc/svcsock.c
index 6b3f01beb294b..9a97ffef3adf0 100644
--- a/net/sunrpc/svcsock.c
+++ b/net/sunrpc/svcsock.c
@@ -1552,6 +1552,10 @@ static struct svc_xprt *svc_create_socket(struct svc_serv *serv,
newlen = error;
if (protocol == IPPROTO_TCP) {
+ __netns_tracker_free(net, &sock->sk->ns_tracker, false);
+ sock->sk->sk_net_refcnt = 1;
+ get_net_track(net, &sock->sk->ns_tracker, GFP_KERNEL);
+ sock_inuse_add(net, 1);
if ((error = kernel_listen(sock, 64)) < 0)
goto bummer;
}
diff --git a/net/sunrpc/xprtsock.c b/net/sunrpc/xprtsock.c
index 43fb96de8ebe5..b69e6290acfab 100644
--- a/net/sunrpc/xprtsock.c
+++ b/net/sunrpc/xprtsock.c
@@ -1940,6 +1940,13 @@ static struct socket *xs_create_sock(struct rpc_xprt *xprt,
goto out;
}
+ if (protocol == IPPROTO_TCP) {
+ __netns_tracker_free(xprt->xprt_net, &sock->sk->ns_tracker, false);
+ sock->sk->sk_net_refcnt = 1;
+ get_net_track(xprt->xprt_net, &sock->sk->ns_tracker, GFP_KERNEL);
+ sock_inuse_add(xprt->xprt_net, 1);
+ }
+
filp = sock_alloc_file(sock, O_NONBLOCK, NULL);
if (IS_ERR(filp))
return ERR_CAST(filp);
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 809/817] nfs/blocklayout: Dont attempt unregister for invalid block device
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (807 preceding siblings ...)
2024-12-03 14:46 ` [PATCH 6.11 808/817] sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket Greg Kroah-Hartman
@ 2024-12-03 14:46 ` Greg Kroah-Hartman
2024-12-03 14:46 ` [PATCH 6.11 810/817] nfs/blocklayout: Limit repeat device registration on failure Greg Kroah-Hartman
` (17 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Benjamin Coddington,
Christoph Hellwig, Chuck Lever, Trond Myklebust, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Benjamin Coddington <bcodding@redhat.com>
[ Upstream commit 3a4ce14d9a6b868e0787e4582420b721c04ee41e ]
Since commit d869da91cccb ("nfs/blocklayout: Fix premature PR key
unregistration") an unmount of a pNFS SCSI layout-enabled NFS may
dereference a NULL block_device in:
bl_unregister_scsi+0x16/0xe0 [blocklayoutdriver]
bl_free_device+0x70/0x80 [blocklayoutdriver]
bl_free_deviceid_node+0x12/0x30 [blocklayoutdriver]
nfs4_put_deviceid_node+0x60/0xc0 [nfsv4]
nfs4_deviceid_purge_client+0x132/0x190 [nfsv4]
unset_pnfs_layoutdriver+0x59/0x60 [nfsv4]
nfs4_destroy_server+0x36/0x70 [nfsv4]
nfs_free_server+0x23/0xe0 [nfs]
deactivate_locked_super+0x30/0xb0
cleanup_mnt+0xba/0x150
task_work_run+0x59/0x90
syscall_exit_to_user_mode+0x217/0x220
do_syscall_64+0x8e/0x160
This happens because even though we were able to create the
nfs4_deviceid_node, the lookup for the device was unable to attach the
block device to the pnfs_block_dev.
If we never found a block device to register, we can avoid this case with
the PNFS_BDEV_REGISTERED flag. Move the deref behind the test for the
flag.
Fixes: d869da91cccb ("nfs/blocklayout: Fix premature PR key unregistration")
Signed-off-by: Benjamin Coddington <bcodding@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/nfs/blocklayout/dev.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/fs/nfs/blocklayout/dev.c b/fs/nfs/blocklayout/dev.c
index 6252f44479457..cab8809f0e0f4 100644
--- a/fs/nfs/blocklayout/dev.c
+++ b/fs/nfs/blocklayout/dev.c
@@ -20,9 +20,6 @@ static void bl_unregister_scsi(struct pnfs_block_dev *dev)
const struct pr_ops *ops = bdev->bd_disk->fops->pr_ops;
int status;
- if (!test_and_clear_bit(PNFS_BDEV_REGISTERED, &dev->flags))
- return;
-
status = ops->pr_register(bdev, dev->pr_key, 0, false);
if (status)
trace_bl_pr_key_unreg_err(bdev, dev->pr_key, status);
@@ -58,7 +55,8 @@ static void bl_unregister_dev(struct pnfs_block_dev *dev)
return;
}
- if (dev->type == PNFS_BLOCK_VOLUME_SCSI)
+ if (dev->type == PNFS_BLOCK_VOLUME_SCSI &&
+ test_and_clear_bit(PNFS_BDEV_REGISTERED, &dev->flags))
bl_unregister_scsi(dev);
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 810/817] nfs/blocklayout: Limit repeat device registration on failure
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (808 preceding siblings ...)
2024-12-03 14:46 ` [PATCH 6.11 809/817] nfs/blocklayout: Dont attempt unregister for invalid block device Greg Kroah-Hartman
@ 2024-12-03 14:46 ` Greg Kroah-Hartman
2024-12-03 14:46 ` [PATCH 6.11 811/817] block, bfq: fix bfqq uaf in bfq_limit_depth() Greg Kroah-Hartman
` (16 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Benjamin Coddington,
Christoph Hellwig, Chuck Lever, Trond Myklebust, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Benjamin Coddington <bcodding@redhat.com>
[ Upstream commit 614733f9441ed53bb442d4734112ec1e24bd6da7 ]
Every pNFS SCSI IO wants to do LAYOUTGET, then within the layout find the
device which can drive GETDEVINFO, then finally may need to prep the device
with a reservation. This slow work makes a mess of IO latencies if one of
the later steps is going to fail for awhile.
If we're unable to register a SCSI device, ensure we mark the device as
unavailable so that it will timeout and be re-added via GETDEVINFO. This
avoids repeated doomed attempts to register a device in the IO path.
Add some clarifying comments as well.
Fixes: d869da91cccb ("nfs/blocklayout: Fix premature PR key unregistration")
Signed-off-by: Benjamin Coddington <bcodding@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/nfs/blocklayout/blocklayout.c | 15 ++++++++++++++-
1 file changed, 14 insertions(+), 1 deletion(-)
diff --git a/fs/nfs/blocklayout/blocklayout.c b/fs/nfs/blocklayout/blocklayout.c
index 0becdec129704..47189476b5538 100644
--- a/fs/nfs/blocklayout/blocklayout.c
+++ b/fs/nfs/blocklayout/blocklayout.c
@@ -571,19 +571,32 @@ bl_find_get_deviceid(struct nfs_server *server,
if (!node)
return ERR_PTR(-ENODEV);
+ /*
+ * Devices that are marked unavailable are left in the cache with a
+ * timeout to avoid sending GETDEVINFO after every LAYOUTGET, or
+ * constantly attempting to register the device. Once marked as
+ * unavailable they must be deleted and never reused.
+ */
if (test_bit(NFS_DEVICEID_UNAVAILABLE, &node->flags)) {
unsigned long end = jiffies;
unsigned long start = end - PNFS_DEVICE_RETRY_TIMEOUT;
if (!time_in_range(node->timestamp_unavailable, start, end)) {
+ /* Uncork subsequent GETDEVINFO operations for this device */
nfs4_delete_deviceid(node->ld, node->nfs_client, id);
goto retry;
}
goto out_put;
}
- if (!bl_register_dev(container_of(node, struct pnfs_block_dev, node)))
+ if (!bl_register_dev(container_of(node, struct pnfs_block_dev, node))) {
+ /*
+ * If we cannot register, treat this device as transient:
+ * Make a negative cache entry for the device
+ */
+ nfs4_mark_deviceid_unavailable(node);
goto out_put;
+ }
return node;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 811/817] block, bfq: fix bfqq uaf in bfq_limit_depth()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (809 preceding siblings ...)
2024-12-03 14:46 ` [PATCH 6.11 810/817] nfs/blocklayout: Limit repeat device registration on failure Greg Kroah-Hartman
@ 2024-12-03 14:46 ` Greg Kroah-Hartman
2024-12-03 14:46 ` [PATCH 6.11 812/817] brd: decrease the number of allocated pages which discarded Greg Kroah-Hartman
` (15 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jan Kara, Yu Kuai, Jens Axboe,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yu Kuai <yukuai3@huawei.com>
[ Upstream commit e8b8344de3980709080d86c157d24e7de07d70ad ]
Set new allocated bfqq to bic or remove freed bfqq from bic are both
protected by bfqd->lock, however bfq_limit_depth() is deferencing bfqq
from bic without the lock, this can lead to UAF if the io_context is
shared by multiple tasks.
For example, test bfq with io_uring can trigger following UAF in v6.6:
==================================================================
BUG: KASAN: slab-use-after-free in bfqq_group+0x15/0x50
Call Trace:
<TASK>
dump_stack_lvl+0x47/0x80
print_address_description.constprop.0+0x66/0x300
print_report+0x3e/0x70
kasan_report+0xb4/0xf0
bfqq_group+0x15/0x50
bfqq_request_over_limit+0x130/0x9a0
bfq_limit_depth+0x1b5/0x480
__blk_mq_alloc_requests+0x2b5/0xa00
blk_mq_get_new_requests+0x11d/0x1d0
blk_mq_submit_bio+0x286/0xb00
submit_bio_noacct_nocheck+0x331/0x400
__block_write_full_folio+0x3d0/0x640
writepage_cb+0x3b/0xc0
write_cache_pages+0x254/0x6c0
write_cache_pages+0x254/0x6c0
do_writepages+0x192/0x310
filemap_fdatawrite_wbc+0x95/0xc0
__filemap_fdatawrite_range+0x99/0xd0
filemap_write_and_wait_range.part.0+0x4d/0xa0
blkdev_read_iter+0xef/0x1e0
io_read+0x1b6/0x8a0
io_issue_sqe+0x87/0x300
io_wq_submit_work+0xeb/0x390
io_worker_handle_work+0x24d/0x550
io_wq_worker+0x27f/0x6c0
ret_from_fork_asm+0x1b/0x30
</TASK>
Allocated by task 808602:
kasan_save_stack+0x1e/0x40
kasan_set_track+0x21/0x30
__kasan_slab_alloc+0x83/0x90
kmem_cache_alloc_node+0x1b1/0x6d0
bfq_get_queue+0x138/0xfa0
bfq_get_bfqq_handle_split+0xe3/0x2c0
bfq_init_rq+0x196/0xbb0
bfq_insert_request.isra.0+0xb5/0x480
bfq_insert_requests+0x156/0x180
blk_mq_insert_request+0x15d/0x440
blk_mq_submit_bio+0x8a4/0xb00
submit_bio_noacct_nocheck+0x331/0x400
__blkdev_direct_IO_async+0x2dd/0x330
blkdev_write_iter+0x39a/0x450
io_write+0x22a/0x840
io_issue_sqe+0x87/0x300
io_wq_submit_work+0xeb/0x390
io_worker_handle_work+0x24d/0x550
io_wq_worker+0x27f/0x6c0
ret_from_fork+0x2d/0x50
ret_from_fork_asm+0x1b/0x30
Freed by task 808589:
kasan_save_stack+0x1e/0x40
kasan_set_track+0x21/0x30
kasan_save_free_info+0x27/0x40
__kasan_slab_free+0x126/0x1b0
kmem_cache_free+0x10c/0x750
bfq_put_queue+0x2dd/0x770
__bfq_insert_request.isra.0+0x155/0x7a0
bfq_insert_request.isra.0+0x122/0x480
bfq_insert_requests+0x156/0x180
blk_mq_dispatch_plug_list+0x528/0x7e0
blk_mq_flush_plug_list.part.0+0xe5/0x590
__blk_flush_plug+0x3b/0x90
blk_finish_plug+0x40/0x60
do_writepages+0x19d/0x310
filemap_fdatawrite_wbc+0x95/0xc0
__filemap_fdatawrite_range+0x99/0xd0
filemap_write_and_wait_range.part.0+0x4d/0xa0
blkdev_read_iter+0xef/0x1e0
io_read+0x1b6/0x8a0
io_issue_sqe+0x87/0x300
io_wq_submit_work+0xeb/0x390
io_worker_handle_work+0x24d/0x550
io_wq_worker+0x27f/0x6c0
ret_from_fork+0x2d/0x50
ret_from_fork_asm+0x1b/0x30
Fix the problem by protecting bic_to_bfqq() with bfqd->lock.
CC: Jan Kara <jack@suse.cz>
Fixes: 76f1df88bbc2 ("bfq: Limit number of requests consumed by each cgroup")
Signed-off-by: Yu Kuai <yukuai3@huawei.com>
Link: https://lore.kernel.org/r/20241129091509.2227136-1-yukuai1@huaweicloud.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
block/bfq-iosched.c | 37 ++++++++++++++++++++++++-------------
1 file changed, 24 insertions(+), 13 deletions(-)
diff --git a/block/bfq-iosched.c b/block/bfq-iosched.c
index 1cc40a857fb85..2d94a4bb9efa5 100644
--- a/block/bfq-iosched.c
+++ b/block/bfq-iosched.c
@@ -582,23 +582,31 @@ static struct request *bfq_choose_req(struct bfq_data *bfqd,
#define BFQ_LIMIT_INLINE_DEPTH 16
#ifdef CONFIG_BFQ_GROUP_IOSCHED
-static bool bfqq_request_over_limit(struct bfq_queue *bfqq, int limit)
+static bool bfqq_request_over_limit(struct bfq_data *bfqd,
+ struct bfq_io_cq *bic, blk_opf_t opf,
+ unsigned int act_idx, int limit)
{
- struct bfq_data *bfqd = bfqq->bfqd;
- struct bfq_entity *entity = &bfqq->entity;
struct bfq_entity *inline_entities[BFQ_LIMIT_INLINE_DEPTH];
struct bfq_entity **entities = inline_entities;
- int depth, level, alloc_depth = BFQ_LIMIT_INLINE_DEPTH;
- int class_idx = bfqq->ioprio_class - 1;
+ int alloc_depth = BFQ_LIMIT_INLINE_DEPTH;
struct bfq_sched_data *sched_data;
+ struct bfq_entity *entity;
+ struct bfq_queue *bfqq;
unsigned long wsum;
bool ret = false;
-
- if (!entity->on_st_or_in_serv)
- return false;
+ int depth;
+ int level;
retry:
spin_lock_irq(&bfqd->lock);
+ bfqq = bic_to_bfqq(bic, op_is_sync(opf), act_idx);
+ if (!bfqq)
+ goto out;
+
+ entity = &bfqq->entity;
+ if (!entity->on_st_or_in_serv)
+ goto out;
+
/* +1 for bfqq entity, root cgroup not included */
depth = bfqg_to_blkg(bfqq_group(bfqq))->blkcg->css.cgroup->level + 1;
if (depth > alloc_depth) {
@@ -643,7 +651,7 @@ static bool bfqq_request_over_limit(struct bfq_queue *bfqq, int limit)
* class.
*/
wsum = 0;
- for (i = 0; i <= class_idx; i++) {
+ for (i = 0; i <= bfqq->ioprio_class - 1; i++) {
wsum = wsum * IOPRIO_BE_NR +
sched_data->service_tree[i].wsum;
}
@@ -666,7 +674,9 @@ static bool bfqq_request_over_limit(struct bfq_queue *bfqq, int limit)
return ret;
}
#else
-static bool bfqq_request_over_limit(struct bfq_queue *bfqq, int limit)
+static bool bfqq_request_over_limit(struct bfq_data *bfqd,
+ struct bfq_io_cq *bic, blk_opf_t opf,
+ unsigned int act_idx, int limit)
{
return false;
}
@@ -704,8 +714,9 @@ static void bfq_limit_depth(blk_opf_t opf, struct blk_mq_alloc_data *data)
}
for (act_idx = 0; bic && act_idx < bfqd->num_actuators; act_idx++) {
- struct bfq_queue *bfqq =
- bic_to_bfqq(bic, op_is_sync(opf), act_idx);
+ /* Fast path to check if bfqq is already allocated. */
+ if (!bic_to_bfqq(bic, op_is_sync(opf), act_idx))
+ continue;
/*
* Does queue (or any parent entity) exceed number of
@@ -713,7 +724,7 @@ static void bfq_limit_depth(blk_opf_t opf, struct blk_mq_alloc_data *data)
* limit depth so that it cannot consume more
* available requests and thus starve other entities.
*/
- if (bfqq && bfqq_request_over_limit(bfqq, limit)) {
+ if (bfqq_request_over_limit(bfqd, bic, opf, act_idx, limit)) {
depth = 1;
break;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 812/817] brd: decrease the number of allocated pages which discarded
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (810 preceding siblings ...)
2024-12-03 14:46 ` [PATCH 6.11 811/817] block, bfq: fix bfqq uaf in bfq_limit_depth() Greg Kroah-Hartman
@ 2024-12-03 14:46 ` Greg Kroah-Hartman
2024-12-03 14:46 ` [PATCH 6.11 813/817] sh: intc: Fix use-after-free bug in register_intc_controller() Greg Kroah-Hartman
` (14 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhang Xianwei, Ming Lei, Jens Axboe,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zhang Xianwei <zhang.xianwei8@zte.com.cn>
[ Upstream commit 82734209bedd65a8b508844bab652b464379bfdd ]
The number of allocated pages which discarded will not decrease.
Fix it.
Fixes: 9ead7efc6f3f ("brd: implement discard support")
Signed-off-by: Zhang Xianwei <zhang.xianwei8@zte.com.cn>
Reviewed-by: Ming Lei <ming.lei@redhat.com>
Link: https://lore.kernel.org/r/20241128170056565nPKSz2vsP8K8X2uk2iaDG@zte.com.cn
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/block/brd.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/block/brd.c b/drivers/block/brd.c
index 5a95671d81515..292f127cae0ab 100644
--- a/drivers/block/brd.c
+++ b/drivers/block/brd.c
@@ -231,8 +231,10 @@ static void brd_do_discard(struct brd_device *brd, sector_t sector, u32 size)
xa_lock(&brd->brd_pages);
while (size >= PAGE_SIZE && aligned_sector < rd_size * 2) {
page = __xa_erase(&brd->brd_pages, aligned_sector >> PAGE_SECTORS_SHIFT);
- if (page)
+ if (page) {
__free_page(page);
+ brd->brd_nr_pages--;
+ }
aligned_sector += PAGE_SECTORS;
size -= PAGE_SIZE;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 813/817] sh: intc: Fix use-after-free bug in register_intc_controller()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (811 preceding siblings ...)
2024-12-03 14:46 ` [PATCH 6.11 812/817] brd: decrease the number of allocated pages which discarded Greg Kroah-Hartman
@ 2024-12-03 14:46 ` Greg Kroah-Hartman
2024-12-03 14:46 ` [PATCH 6.11 814/817] tools/power turbostat: Fix trailing \n parsing Greg Kroah-Hartman
` (13 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dan Carpenter,
John Paul Adrian Glaubitz, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dan Carpenter <dan.carpenter@linaro.org>
[ Upstream commit 63e72e551942642c48456a4134975136cdcb9b3c ]
In the error handling for this function, d is freed without ever
removing it from intc_list which would lead to a use after free.
To fix this, let's only add it to the list after everything has
succeeded.
Fixes: 2dcec7a988a1 ("sh: intc: set_irq_wake() support")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Reviewed-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
Signed-off-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/sh/intc/core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/sh/intc/core.c b/drivers/sh/intc/core.c
index 74350b5871dc8..ea571eeb30787 100644
--- a/drivers/sh/intc/core.c
+++ b/drivers/sh/intc/core.c
@@ -209,7 +209,6 @@ int __init register_intc_controller(struct intc_desc *desc)
goto err0;
INIT_LIST_HEAD(&d->list);
- list_add_tail(&d->list, &intc_list);
raw_spin_lock_init(&d->lock);
INIT_RADIX_TREE(&d->tree, GFP_ATOMIC);
@@ -369,6 +368,7 @@ int __init register_intc_controller(struct intc_desc *desc)
d->skip_suspend = desc->skip_syscore_suspend;
+ list_add_tail(&d->list, &intc_list);
nr_intc_controllers++;
return 0;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 814/817] tools/power turbostat: Fix trailing \n parsing
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (812 preceding siblings ...)
2024-12-03 14:46 ` [PATCH 6.11 813/817] sh: intc: Fix use-after-free bug in register_intc_controller() Greg Kroah-Hartman
@ 2024-12-03 14:46 ` Greg Kroah-Hartman
2024-12-03 14:46 ` [PATCH 6.11 815/817] tools/power turbostat: Fix childs argument forwarding Greg Kroah-Hartman
` (12 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:46 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Zhang Rui, Len Brown, Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zhang Rui <rui.zhang@intel.com>
[ Upstream commit fed8511cc8996989178823052dc0200643e1389a ]
parse_cpu_string() parses the string input either from command line or
from /sys/fs/cgroup/cpuset.cpus.effective to get a list of CPUs that
turbostat can run with.
The cpu string returned by /sys/fs/cgroup/cpuset.cpus.effective contains
a trailing '\n', but strtoul() fails to treat this as an error.
That says, for the code below
val = ("\n", NULL, 10);
val returns 0, and errno is also not set.
As a result, CPU0 is erroneously considered as allowed CPU and this
causes failures when turbostat tries to run on CPU0.
get_counters: Could not migrate to CPU 0
...
turbostat: re-initialized with num_cpus 8, allowed_cpus 5
get_counters: Could not migrate to CPU 0
Add a check to return immediately if '\n' or '\0' is detected.
Fixes: 8c3dd2c9e542 ("tools/power/turbostat: Abstrct function for parsing cpu string")
Signed-off-by: Zhang Rui <rui.zhang@intel.com>
Signed-off-by: Len Brown <len.brown@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/power/x86/turbostat/turbostat.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/tools/power/x86/turbostat/turbostat.c b/tools/power/x86/turbostat/turbostat.c
index 089220aaa5c92..aa9200319d0ea 100644
--- a/tools/power/x86/turbostat/turbostat.c
+++ b/tools/power/x86/turbostat/turbostat.c
@@ -5385,6 +5385,9 @@ static int parse_cpu_str(char *cpu_str, cpu_set_t *cpu_set, int cpu_set_size)
if (*next == '-') /* no negative cpu numbers */
return 1;
+ if (*next == '\0' || *next == '\n')
+ break;
+
start = strtoul(next, &next, 10);
if (start >= CPU_SUBSET_MAXCPUS)
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 815/817] tools/power turbostat: Fix childs argument forwarding
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (813 preceding siblings ...)
2024-12-03 14:46 ` [PATCH 6.11 814/817] tools/power turbostat: Fix trailing \n parsing Greg Kroah-Hartman
@ 2024-12-03 14:46 ` Greg Kroah-Hartman
2024-12-03 14:46 ` [PATCH 6.11 816/817] block: always verify unfreeze lock on the owner task Greg Kroah-Hartman
` (11 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:46 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Patryk Wlazlyn, Len Brown,
Sasha Levin
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Patryk Wlazlyn <patryk.wlazlyn@linux.intel.com>
[ Upstream commit 1da0daf746342dfdc114e4dc8fbf3ece28666d4f ]
Add '+' to optstring when early scanning for --no-msr and --no-perf.
It causes option processing to stop as soon as a nonoption argument is
encountered, effectively skipping child's arguments.
Fixes: 3e4048466c39 ("tools/power turbostat: Add --no-msr option")
Signed-off-by: Patryk Wlazlyn <patryk.wlazlyn@linux.intel.com>
Signed-off-by: Len Brown <len.brown@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/power/x86/turbostat/turbostat.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/power/x86/turbostat/turbostat.c b/tools/power/x86/turbostat/turbostat.c
index aa9200319d0ea..a5ebee8b23bbe 100644
--- a/tools/power/x86/turbostat/turbostat.c
+++ b/tools/power/x86/turbostat/turbostat.c
@@ -9784,7 +9784,7 @@ void cmdline(int argc, char **argv)
* Parse some options early, because they may make other options invalid,
* like adding the MSR counter with --add and at the same time using --no-msr.
*/
- while ((opt = getopt_long_only(argc, argv, "MPn:", long_options, &option_index)) != -1) {
+ while ((opt = getopt_long_only(argc, argv, "+MPn:", long_options, &option_index)) != -1) {
switch (opt) {
case 'M':
no_msr = 1;
--
2.43.0
^ permalink raw reply related [flat|nested] 833+ messages in thread
* [PATCH 6.11 816/817] block: always verify unfreeze lock on the owner task
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (814 preceding siblings ...)
2024-12-03 14:46 ` [PATCH 6.11 815/817] tools/power turbostat: Fix childs argument forwarding Greg Kroah-Hartman
@ 2024-12-03 14:46 ` Greg Kroah-Hartman
2024-12-03 14:46 ` [PATCH 6.11 817/817] block: dont verify IO lock for freeze/unfreeze in elevator_init_mq() Greg Kroah-Hartman
` (10 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:46 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Ming Lei, Jens Axboe
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ming Lei <ming.lei@redhat.com>
commit 6a78699838a0ddeed3620ddf50c1521f1fe1e811 upstream.
commit f1be1788a32e ("block: model freeze & enter queue as lock for
supporting lockdep") tries to apply lockdep for verifying freeze &
unfreeze. However, the verification is only done the outmost freeze and
unfreeze. This way is actually not correct because q->mq_freeze_depth
still may drop to zero on other task instead of the freeze owner task.
Fix this issue by always verifying the last unfreeze lock on the owner
task context, and make sure both the outmost freeze & unfreeze are
verified in the current task.
Fixes: f1be1788a32e ("block: model freeze & enter queue as lock for supporting lockdep")
Signed-off-by: Ming Lei <ming.lei@redhat.com>
Link: https://lore.kernel.org/r/20241031133723.303835-4-ming.lei@redhat.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
block/blk-core.c | 2 -
block/blk-mq.c | 62 ++++++++++++++++++++++++++++++++++++++++++-------
block/blk.h | 3 +-
include/linux/blkdev.h | 4 +++
4 files changed, 61 insertions(+), 10 deletions(-)
--- a/block/blk-core.c
+++ b/block/blk-core.c
@@ -287,7 +287,7 @@ bool blk_queue_start_drain(struct reques
* entering queue, so we call blk_freeze_queue_start() to
* prevent I/O from crossing blk_queue_enter().
*/
- bool freeze = __blk_freeze_queue_start(q);
+ bool freeze = __blk_freeze_queue_start(q, current);
if (queue_is_mq(q))
blk_mq_wake_waiters(q);
/* Make blk_queue_enter() reexamine the DYING flag. */
--- a/block/blk-mq.c
+++ b/block/blk-mq.c
@@ -120,20 +120,66 @@ void blk_mq_in_flight_rw(struct request_
inflight[1] = mi.inflight[1];
}
-bool __blk_freeze_queue_start(struct request_queue *q)
+#ifdef CONFIG_LOCKDEP
+static bool blk_freeze_set_owner(struct request_queue *q,
+ struct task_struct *owner)
{
- int freeze;
+ if (!owner)
+ return false;
+
+ if (!q->mq_freeze_depth) {
+ q->mq_freeze_owner = owner;
+ q->mq_freeze_owner_depth = 1;
+ return true;
+ }
+
+ if (owner == q->mq_freeze_owner)
+ q->mq_freeze_owner_depth += 1;
+ return false;
+}
+
+/* verify the last unfreeze in owner context */
+static bool blk_unfreeze_check_owner(struct request_queue *q)
+{
+ if (!q->mq_freeze_owner)
+ return false;
+ if (q->mq_freeze_owner != current)
+ return false;
+ if (--q->mq_freeze_owner_depth == 0) {
+ q->mq_freeze_owner = NULL;
+ return true;
+ }
+ return false;
+}
+
+#else
+
+static bool blk_freeze_set_owner(struct request_queue *q,
+ struct task_struct *owner)
+{
+ return false;
+}
+
+static bool blk_unfreeze_check_owner(struct request_queue *q)
+{
+ return false;
+}
+#endif
+
+bool __blk_freeze_queue_start(struct request_queue *q,
+ struct task_struct *owner)
+{
+ bool freeze;
mutex_lock(&q->mq_freeze_lock);
+ freeze = blk_freeze_set_owner(q, owner);
if (++q->mq_freeze_depth == 1) {
percpu_ref_kill(&q->q_usage_counter);
mutex_unlock(&q->mq_freeze_lock);
if (queue_is_mq(q))
blk_mq_run_hw_queues(q, false);
- freeze = true;
} else {
mutex_unlock(&q->mq_freeze_lock);
- freeze = false;
}
return freeze;
@@ -141,7 +187,7 @@ bool __blk_freeze_queue_start(struct req
void blk_freeze_queue_start(struct request_queue *q)
{
- if (__blk_freeze_queue_start(q))
+ if (__blk_freeze_queue_start(q, current))
blk_freeze_acquire_lock(q, false, false);
}
EXPORT_SYMBOL_GPL(blk_freeze_queue_start);
@@ -190,7 +236,7 @@ EXPORT_SYMBOL_GPL(blk_mq_freeze_queue);
bool __blk_mq_unfreeze_queue(struct request_queue *q, bool force_atomic)
{
- int unfreeze = false;
+ bool unfreeze;
mutex_lock(&q->mq_freeze_lock);
if (force_atomic)
@@ -200,8 +246,8 @@ bool __blk_mq_unfreeze_queue(struct requ
if (!q->mq_freeze_depth) {
percpu_ref_resurrect(&q->q_usage_counter);
wake_up_all(&q->mq_freeze_wq);
- unfreeze = true;
}
+ unfreeze = blk_unfreeze_check_owner(q);
mutex_unlock(&q->mq_freeze_lock);
return unfreeze;
@@ -223,7 +269,7 @@ EXPORT_SYMBOL_GPL(blk_mq_unfreeze_queue)
*/
void blk_freeze_queue_start_non_owner(struct request_queue *q)
{
- __blk_freeze_queue_start(q);
+ __blk_freeze_queue_start(q, NULL);
}
EXPORT_SYMBOL_GPL(blk_freeze_queue_start_non_owner);
--- a/block/blk.h
+++ b/block/blk.h
@@ -38,7 +38,8 @@ void blk_free_flush_queue(struct blk_flu
void blk_freeze_queue(struct request_queue *q);
bool __blk_mq_unfreeze_queue(struct request_queue *q, bool force_atomic);
bool blk_queue_start_drain(struct request_queue *q);
-bool __blk_freeze_queue_start(struct request_queue *q);
+bool __blk_freeze_queue_start(struct request_queue *q,
+ struct task_struct *owner);
int __bio_queue_enter(struct request_queue *q, struct bio *bio);
void submit_bio_noacct_nocheck(struct bio *bio);
void bio_await_chain(struct bio *bio);
--- a/include/linux/blkdev.h
+++ b/include/linux/blkdev.h
@@ -572,6 +572,10 @@ struct request_queue {
struct throtl_data *td;
#endif
struct rcu_head rcu_head;
+#ifdef CONFIG_LOCKDEP
+ struct task_struct *mq_freeze_owner;
+ int mq_freeze_owner_depth;
+#endif
wait_queue_head_t mq_freeze_wq;
/*
* Protect concurrent access to q_usage_counter by
^ permalink raw reply [flat|nested] 833+ messages in thread
* [PATCH 6.11 817/817] block: dont verify IO lock for freeze/unfreeze in elevator_init_mq()
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (815 preceding siblings ...)
2024-12-03 14:46 ` [PATCH 6.11 816/817] block: always verify unfreeze lock on the owner task Greg Kroah-Hartman
@ 2024-12-03 14:46 ` Greg Kroah-Hartman
2024-12-03 22:07 ` [PATCH 6.11 000/817] 6.11.11-rc1 review Mark Brown
` (9 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-03 14:46 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Marek Szyprowski, Lai Yi, Ming Lei,
Jens Axboe
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ming Lei <ming.lei@redhat.com>
commit 357e1b7f730bd85a383e7afa75a3caba329c5707 upstream.
elevator_init_mq() is only called at the entry of add_disk_fwnode() when
disk IO isn't allowed yet.
So not verify io lock(q->io_lockdep_map) for freeze & unfreeze in
elevator_init_mq().
Reported-by: Marek Szyprowski <m.szyprowski@samsung.com>
Reported-by: Lai Yi <yi1.lai@linux.intel.com>
Fixes: f1be1788a32e ("block: model freeze & enter queue as lock for supporting lockdep")
Signed-off-by: Ming Lei <ming.lei@redhat.com>
Link: https://lore.kernel.org/r/20241031133723.303835-5-ming.lei@redhat.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
block/elevator.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
--- a/block/elevator.c
+++ b/block/elevator.c
@@ -598,13 +598,19 @@ void elevator_init_mq(struct request_que
* drain any dispatch activities originated from passthrough
* requests, then no need to quiesce queue which may add long boot
* latency, especially when lots of disks are involved.
+ *
+ * Disk isn't added yet, so verifying queue lock only manually.
*/
- blk_mq_freeze_queue(q);
+ blk_freeze_queue_start_non_owner(q);
+ blk_freeze_acquire_lock(q, true, false);
+ blk_mq_freeze_queue_wait(q);
+
blk_mq_cancel_work_sync(q);
err = blk_mq_init_sched(q, e);
- blk_mq_unfreeze_queue(q);
+ blk_unfreeze_release_lock(q, true, false);
+ blk_mq_unfreeze_queue_non_owner(q);
if (err) {
pr_warn("\"%s\" elevator initialization failed, "
^ permalink raw reply [flat|nested] 833+ messages in thread
* Re: [PATCH 6.11 000/817] 6.11.11-rc1 review
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (816 preceding siblings ...)
2024-12-03 14:46 ` [PATCH 6.11 817/817] block: dont verify IO lock for freeze/unfreeze in elevator_init_mq() Greg Kroah-Hartman
@ 2024-12-03 22:07 ` Mark Brown
2024-12-03 22:09 ` Peter Schneider
` (8 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Mark Brown @ 2024-12-03 22:07 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: stable, patches, linux-kernel, torvalds, akpm, linux, shuah,
patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow, conor, hargar
[-- Attachment #1: Type: text/plain, Size: 347 bytes --]
On Tue, Dec 03, 2024 at 03:32:52PM +0100, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 6.11.11 release.
> There are 817 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
Tested-by: Mark Brown <broonie@kernel.org>
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
^ permalink raw reply [flat|nested] 833+ messages in thread
* Re: [PATCH 6.11 000/817] 6.11.11-rc1 review
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (817 preceding siblings ...)
2024-12-03 22:07 ` [PATCH 6.11 000/817] 6.11.11-rc1 review Mark Brown
@ 2024-12-03 22:09 ` Peter Schneider
2024-12-03 22:33 ` Florian Fainelli
` (7 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Peter Schneider @ 2024-12-03 22:09 UTC (permalink / raw)
To: Greg Kroah-Hartman, stable
Cc: patches, linux-kernel, torvalds, akpm, linux, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, sudipm.mukherjee, srw,
rwarsow, conor, hargar, broonie
Am 03.12.2024 um 15:32 schrieb Greg Kroah-Hartman:
> -----------
> Note, this is will probably be the last 6.11.y kernel to be released.
> Please move to the 6.12.y branch at this time.
> -----------
>
> This is the start of the stable review cycle for the 6.11.11 release.
> There are 817 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
Builds, boots and works on my 2-socket Ivy Bridge Xeon E5-2697 v2 server. No dmesg
oddities or regressions found.
Tested-by: Peter Schneider <pschneider1968@googlemail.com>
Beste Grüße,
Peter Schneider
--
Climb the mountain not to plant your flag, but to embrace the challenge,
enjoy the air and behold the view. Climb it so you can see the world,
not so the world can see you. -- David McCullough Jr.
OpenPGP: 0xA3828BD796CCE11A8CADE8866E3A92C92C3FF244
Download: https://www.peters-netzplatz.de/download/pschneider1968_pub.asc
https://keys.mailvelope.com/pks/lookup?op=get&search=pschneider1968@googlemail.com
https://keys.mailvelope.com/pks/lookup?op=get&search=pschneider1968@gmail.com
^ permalink raw reply [flat|nested] 833+ messages in thread
* Re: [PATCH 6.11 000/817] 6.11.11-rc1 review
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (818 preceding siblings ...)
2024-12-03 22:09 ` Peter Schneider
@ 2024-12-03 22:33 ` Florian Fainelli
2024-12-04 0:23 ` SeongJae Park
` (6 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Florian Fainelli @ 2024-12-03 22:33 UTC (permalink / raw)
To: Greg Kroah-Hartman, stable
Cc: patches, linux-kernel, torvalds, akpm, linux, shuah, patches,
lkft-triage, pavel, jonathanh, sudipm.mukherjee, srw, rwarsow,
conor, hargar, broonie
On 12/3/24 06:32, Greg Kroah-Hartman wrote:
> -----------
> Note, this is will probably be the last 6.11.y kernel to be released.
> Please move to the 6.12.y branch at this time.
> -----------
>
> This is the start of the stable review cycle for the 6.11.11 release.
> There are 817 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Thu, 05 Dec 2024 14:36:47 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.11.11-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.11.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
perf fails to build for ARM 32-bit, ARM 64-bit and BMIPS with:
util/stat-display.c: In function 'uniquify_event_name':
util/stat-display.c:895:45: error: 'struct evsel' has no member named
'alternate_hw_config'
895 | if (counter->pmu->is_core &&
counter->alternate_hw_config != PERF_COUNT_HW_MAX)
| ^~
make[6]: ***
[/local/users/fainelli/buildroot/output/arm/build/linux-custom/tools/build/Makefile.build:106:
/local/users/fainelli/buildroot/output/arm/build/linux-custom/tools/perf/util/stat-display.o]
Error 1
make[5]: ***
[/local/users/fainelli/buildroot/output/arm/build/linux-custom/tools/build/Makefile.build:158:
util] Error 2
make[4]: *** [Makefile.perf:787:
/local/users/fainelli/buildroot/output/arm/build/linux-custom/tools/perf/perf-util-in.o]
Error 2
make[3]: *** [Makefile.perf:290: sub-make] Error 2
make[2]: *** [Makefile:70: all] Error 2
make[1]: *** [package/pkg-generic.mk:300:
/local/users/fainelli/buildroot/output/arm/build/linux-tools/.stamp_built]
Error 2
make: *** [Makefile:29: _all] Error 2
This is caused by 73666ad2a629ae8c2fbe3b7211ef9a56de4b5948 ("perf stat:
Uniquify event name improvements")
--
Florian
^ permalink raw reply [flat|nested] 833+ messages in thread
* Re: [PATCH 6.11 000/817] 6.11.11-rc1 review
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (819 preceding siblings ...)
2024-12-03 22:33 ` Florian Fainelli
@ 2024-12-04 0:23 ` SeongJae Park
2024-12-04 7:16 ` Ron Economos
` (5 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: SeongJae Park @ 2024-12-04 0:23 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: SeongJae Park, stable, patches, linux-kernel, torvalds, akpm,
linux, shuah, patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow, conor, hargar, broonie, damon
Hello,
On Tue, 3 Dec 2024 15:32:52 +0100 Greg Kroah-Hartman <gregkh@linuxfoundation.org> wrote:
> -----------
> Note, this is will probably be the last 6.11.y kernel to be released.
> Please move to the 6.12.y branch at this time.
> -----------
>
> This is the start of the stable review cycle for the 6.11.11 release.
> There are 817 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Thu, 05 Dec 2024 14:36:47 +0000.
> Anything received after that time might be too late.
This rc kernel passes DAMON functionality test[1] on my test machine.
Attaching the test results summary below. Please note that I retrieved the
kernel from linux-stable-rc tree[2].
Tested-by: SeongJae Park <sj@kernel.org>
[1] https://github.com/damonitor/damon-tests/tree/next/corr
[2] 57f39ce086c9 ("Linux 6.11.11-rc1")
Thanks,
SJ
[...]
---
ok 9 selftests: damon: damos_tried_regions.py
ok 10 selftests: damon: damon_nr_regions.py
ok 11 selftests: damon: reclaim.sh
ok 12 selftests: damon: lru_sort.sh
ok 13 selftests: damon: debugfs_empty_targets.sh
ok 14 selftests: damon: debugfs_huge_count_read_write.sh
ok 15 selftests: damon: debugfs_duplicate_context_creation.sh
ok 16 selftests: damon: debugfs_rm_non_contexts.sh
ok 17 selftests: damon: debugfs_target_ids_read_before_terminate_race.sh
ok 18 selftests: damon: debugfs_target_ids_pid_leak.sh
ok 19 selftests: damon: sysfs_update_removed_scheme_dir.sh
ok 20 selftests: damon: sysfs_update_schemes_tried_regions_hang.py
ok 1 selftests: damon-tests: kunit.sh
ok 2 selftests: damon-tests: huge_count_read_write.sh
ok 3 selftests: damon-tests: buffer_overflow.sh
ok 4 selftests: damon-tests: rm_contexts.sh
ok 5 selftests: damon-tests: record_null_deref.sh
ok 6 selftests: damon-tests: dbgfs_target_ids_read_before_terminate_race.sh
ok 7 selftests: damon-tests: dbgfs_target_ids_pid_leak.sh
ok 8 selftests: damon-tests: damo_tests.sh
ok 9 selftests: damon-tests: masim-record.sh
ok 10 selftests: damon-tests: build_i386.sh
ok 11 selftests: damon-tests: build_arm64.sh # SKIP
ok 12 selftests: damon-tests: build_m68k.sh # SKIP
ok 13 selftests: damon-tests: build_i386_idle_flag.sh
ok 14 selftests: damon-tests: build_i386_highpte.sh
ok 15 selftests: damon-tests: build_nomemcg.sh
[33m
[92mPASS [39m
^ permalink raw reply [flat|nested] 833+ messages in thread
* Re: [PATCH 6.11 207/817] media: venus: fix enc/dec destruction order
2024-12-03 14:36 ` [PATCH 6.11 207/817] media: venus: fix enc/dec destruction order Greg Kroah-Hartman
@ 2024-12-04 3:10 ` Sergey Senozhatsky
2024-12-04 7:10 ` Greg Kroah-Hartman
0 siblings, 1 reply; 833+ messages in thread
From: Sergey Senozhatsky @ 2024-12-04 3:10 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: stable, patches, Tomasz Figa, Sergey Senozhatsky, Bryan ODonoghue,
Stanimir Varbanov, Hans Verkuil, Sasha Levin
On (24/12/03 15:36), Greg Kroah-Hartman wrote:
> 6.11-stable review patch. If anyone has any objections, please let me know.
>
> ------------------
>
> From: Sergey Senozhatsky <senozhatsky@chromium.org>
>
> [ Upstream commit 6c9934c5a00ae722a98d1a06ed44b673514407b5 ]
>
> We destroy mutex-es too early as they are still taken in
> v4l2_fh_exit()->v4l2_event_unsubscribe()->v4l2_ctrl_find().
>
> We should destroy mutex-es right before kfree(). Also
> do not vdec_ctrl_deinit() before v4l2_fh_exit().
Hi Greg, I just received a regression report which potentially
might have been caused by these venus patches. Please do not
take
media: venus: sync with threaded IRQ during inst destruction
media: venus: fix enc/dec destruction order
to any stable kernels yet. I need to investigate first.
^ permalink raw reply [flat|nested] 833+ messages in thread
* Re: [PATCH 6.11 207/817] media: venus: fix enc/dec destruction order
2024-12-04 3:10 ` Sergey Senozhatsky
@ 2024-12-04 7:10 ` Greg Kroah-Hartman
2024-12-04 7:16 ` Sergey Senozhatsky
0 siblings, 1 reply; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-04 7:10 UTC (permalink / raw)
To: Sergey Senozhatsky
Cc: stable, patches, Tomasz Figa, Bryan ODonoghue, Stanimir Varbanov,
Hans Verkuil, Sasha Levin
On Wed, Dec 04, 2024 at 12:10:31PM +0900, Sergey Senozhatsky wrote:
> On (24/12/03 15:36), Greg Kroah-Hartman wrote:
> > 6.11-stable review patch. If anyone has any objections, please let me know.
> >
> > ------------------
> >
> > From: Sergey Senozhatsky <senozhatsky@chromium.org>
> >
> > [ Upstream commit 6c9934c5a00ae722a98d1a06ed44b673514407b5 ]
> >
> > We destroy mutex-es too early as they are still taken in
> > v4l2_fh_exit()->v4l2_event_unsubscribe()->v4l2_ctrl_find().
> >
> > We should destroy mutex-es right before kfree(). Also
> > do not vdec_ctrl_deinit() before v4l2_fh_exit().
>
> Hi Greg, I just received a regression report which potentially
> might have been caused by these venus patches. Please do not
> take
>
> media: venus: sync with threaded IRQ during inst destruction
> media: venus: fix enc/dec destruction order
>
> to any stable kernels yet. I need to investigate first.
What are the git commit id of these that I should be dropping?
thanks,
greg k-h
^ permalink raw reply [flat|nested] 833+ messages in thread
* Re: [PATCH 6.11 207/817] media: venus: fix enc/dec destruction order
2024-12-04 7:10 ` Greg Kroah-Hartman
@ 2024-12-04 7:16 ` Sergey Senozhatsky
2024-12-04 9:43 ` Greg Kroah-Hartman
0 siblings, 1 reply; 833+ messages in thread
From: Sergey Senozhatsky @ 2024-12-04 7:16 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: Sergey Senozhatsky, stable, patches, Tomasz Figa, Bryan ODonoghue,
Stanimir Varbanov, Hans Verkuil, Sasha Levin
On (24/12/04 08:10), Greg Kroah-Hartman wrote:
> > > From: Sergey Senozhatsky <senozhatsky@chromium.org>
> > >
> > > [ Upstream commit 6c9934c5a00ae722a98d1a06ed44b673514407b5 ]
> > >
> > > We destroy mutex-es too early as they are still taken in
> > > v4l2_fh_exit()->v4l2_event_unsubscribe()->v4l2_ctrl_find().
> > >
> > > We should destroy mutex-es right before kfree(). Also
> > > do not vdec_ctrl_deinit() before v4l2_fh_exit().
> >
> > Hi Greg, I just received a regression report which potentially
> > might have been caused by these venus patches. Please do not
> > take
> >
> > media: venus: sync with threaded IRQ during inst destruction
> > media: venus: fix enc/dec destruction order
> >
> > to any stable kernels yet. I need to investigate first.
>
> What are the git commit id of these that I should be dropping?
Upstream:
6c9934c5a00ae722a98d1a06ed44b673514407b5
45b1a1b348ec178a599323f1ce7d7932aea8c6d4
as far as I can tell.
^ permalink raw reply [flat|nested] 833+ messages in thread
* Re: [PATCH 6.11 000/817] 6.11.11-rc1 review
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (820 preceding siblings ...)
2024-12-04 0:23 ` SeongJae Park
@ 2024-12-04 7:16 ` Ron Economos
2024-12-04 13:25 ` Naresh Kamboju
` (4 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Ron Economos @ 2024-12-04 7:16 UTC (permalink / raw)
To: Greg Kroah-Hartman, stable
Cc: patches, linux-kernel, torvalds, akpm, linux, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, sudipm.mukherjee, srw,
rwarsow, conor, hargar, broonie
On 12/3/24 06:32, Greg Kroah-Hartman wrote:
> -----------
> Note, this is will probably be the last 6.11.y kernel to be released.
> Please move to the 6.12.y branch at this time.
> -----------
>
> This is the start of the stable review cycle for the 6.11.11 release.
> There are 817 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Thu, 05 Dec 2024 14:36:47 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.11.11-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.11.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
Built and booted successfully on RISC-V RV64 (HiFive Unmatched).
Tested-by: Ron Economos <re@w6rz.net>
^ permalink raw reply [flat|nested] 833+ messages in thread
* Re: [PATCH 6.11 207/817] media: venus: fix enc/dec destruction order
2024-12-04 7:16 ` Sergey Senozhatsky
@ 2024-12-04 9:43 ` Greg Kroah-Hartman
0 siblings, 0 replies; 833+ messages in thread
From: Greg Kroah-Hartman @ 2024-12-04 9:43 UTC (permalink / raw)
To: Sergey Senozhatsky
Cc: stable, patches, Tomasz Figa, Bryan ODonoghue, Stanimir Varbanov,
Hans Verkuil, Sasha Levin
On Wed, Dec 04, 2024 at 04:16:42PM +0900, Sergey Senozhatsky wrote:
> On (24/12/04 08:10), Greg Kroah-Hartman wrote:
> > > > From: Sergey Senozhatsky <senozhatsky@chromium.org>
> > > >
> > > > [ Upstream commit 6c9934c5a00ae722a98d1a06ed44b673514407b5 ]
> > > >
> > > > We destroy mutex-es too early as they are still taken in
> > > > v4l2_fh_exit()->v4l2_event_unsubscribe()->v4l2_ctrl_find().
> > > >
> > > > We should destroy mutex-es right before kfree(). Also
> > > > do not vdec_ctrl_deinit() before v4l2_fh_exit().
> > >
> > > Hi Greg, I just received a regression report which potentially
> > > might have been caused by these venus patches. Please do not
> > > take
> > >
> > > media: venus: sync with threaded IRQ during inst destruction
> > > media: venus: fix enc/dec destruction order
> > >
> > > to any stable kernels yet. I need to investigate first.
> >
> > What are the git commit id of these that I should be dropping?
>
> Upstream:
>
> 6c9934c5a00ae722a98d1a06ed44b673514407b5
> 45b1a1b348ec178a599323f1ce7d7932aea8c6d4
>
> as far as I can tell.
Looks right, thanks, I'll go drop these from all stable queues now.
greg k-h
^ permalink raw reply [flat|nested] 833+ messages in thread
* Re: [PATCH 6.11 000/817] 6.11.11-rc1 review
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (821 preceding siblings ...)
2024-12-04 7:16 ` Ron Economos
@ 2024-12-04 13:25 ` Naresh Kamboju
2024-12-04 16:55 ` Shuah Khan
` (3 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Naresh Kamboju @ 2024-12-04 13:25 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: stable, patches, linux-kernel, torvalds, akpm, linux, shuah,
patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow, conor, hargar, broonie,
Anders Roxell, Arnd Bergmann, Dan Carpenter, Dmitry Baryshkov,
Michael Ellerman, Herbert Xu, Alexander Stein, Michal Suchanek,
clang-built-linux
On Tue, 3 Dec 2024 at 20:24, Greg Kroah-Hartman
<gregkh@linuxfoundation.org> wrote:
>
> -----------
> Note, this is will probably be the last 6.11.y kernel to be released.
> Please move to the 6.12.y branch at this time.
> -----------
>
> This is the start of the stable review cycle for the 6.11.11 release.
> There are 817 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Thu, 05 Dec 2024 14:36:47 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.11.11-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.11.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
Results from Linaro’s test farm.
Regressions on arm64, arm, x86_64, riscv and powerpc.
Reported-by: Linux Kernel Functional Testing <lkft@linaro.org>
The listed below errors are the same as reported on stable-rc linux-6.12.y
1) The allmodconfig builds failed on arm64, arm, riscv and x86_64 due
to following build warnings / errors.
Build error allmodconfig:
------------------------
/drivers/gpu/drm/imx/ipuv3/parallel-display.c:75:3: error: variable
'num_modes' is uninitialized when used here [-Werror,-Wuninitialized]
75 | num_modes++;
| ^~~~~~~~~
/drivers/gpu/drm/imx/ipuv3/parallel-display.c:55:15: note: initialize
the variable 'num_modes' to silence this warning
55 | int num_modes;
| ^
| = 0
1 error generated.
make[8]: *** [/scripts/Makefile.build:244:
drivers/gpu/drm/imx/ipuv3/parallel-display.o] Error 1
/drivers/gpu/drm/imx/ipuv3/imx-ldb.c:143:3: error: variable
'num_modes' is uninitialized when used here [-Werror,-Wuninitialized]
143 | num_modes++;
| ^~~~~~~~~
/drivers/gpu/drm/imx/ipuv3/imx-ldb.c:133:15: note: initialize the
variable 'num_modes' to silence this warning
133 | int num_modes;
| ^
| = 0
1 error generated.
2) The powerpc builds failed due to these build warnings / errors.
Build errors on powerpc:
---------------
ERROR: modpost: "gcm_update"
[arch/powerpc/crypto/aes-gcm-p10-crypto.ko] undefined!
3) As other reported perf build failures
Build errors perf:
----------------------
util/stat-display.c: In function 'uniquify_event_name':
util/stat-display.c:895:45: error: 'struct evsel' has no member
named 'alternate_hw_config'
895 | if (counter->pmu->is_core &&
counter->alternate_hw_config != PERF_COUNT_HW_MAX)
| ^~
## Build
* kernel: 6.11.11-rc1
* git: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git
* git commit: 57f39ce086c9b727df2d92ea7ab7cc80e89d7ed2
* git describe: v6.11.10-818-g57f39ce086c9
* test details:
https://qa-reports.linaro.org/lkft/linux-stable-rc-linux-6.11.y/build/v6.11.10-818-g57f39ce086c9
## Test Regressions (compared to v6.11.9-108-gc9b39c48bf4a)
* arm, build
- gcc-13-lkftconfig-perf
* arm64, build
- clang-19-allmodconfig
- gcc-13-lkftconfig-perf
* i386, build
- gcc-13-lkftconfig-perf
* powerpc, build
- clang-19-defconfig
- clang-nightly-defconfig
- gcc-13-defconfig
- gcc-8-defconfig
* riscv, build
- clang-19-allmodconfig
* x86_64, build
- clang-19-allmodconfig
- gcc-13-lkftconfig-perf
## Metric Regressions (compared to v6.11.9-108-gc9b39c48bf4a)
## Test Fixes (compared to v6.11.9-108-gc9b39c48bf4a)
## Metric Fixes (compared to v6.11.9-108-gc9b39c48bf4a)
## Test result summary
total: 130907, pass: 108166, fail: 1524, skip: 21217, xfail: 0
## Build Summary
* arc: 5 total, 5 passed, 0 failed
* arm: 130 total, 127 passed, 3 failed
* arm64: 42 total, 40 passed, 2 failed
* i386: 18 total, 15 passed, 3 failed
* mips: 26 total, 25 passed, 1 failed
* parisc: 4 total, 4 passed, 0 failed
* powerpc: 32 total, 27 passed, 5 failed
* riscv: 16 total, 14 passed, 2 failed
* s390: 14 total, 13 passed, 1 failed
* sh: 5 total, 5 passed, 0 failed
* sparc: 4 total, 3 passed, 1 failed
* x86_64: 34 total, 32 passed, 2 failed
## Test suites summary
* boot
* commands
* kselftest-arm64
* kselftest-breakpoints
* kselftest-capabilities
* kselftest-cgroup
* kselftest-clone3
* kselftest-core
* kselftest-cpu-hotplug
* kselftest-cpufreq
* kselftest-efivarfs
* kselftest-exec
* kselftest-filesystems
* kselftest-filesystems-binderfs
* kselftest-filesystems-epoll
* kselftest-firmware
* kselftest-fpu
* kselftest-ftrace
* kselftest-futex
* kselftest-gpio
* kselftest-intel_pstate
* kselftest-ipc
* kselftest-kcmp
* kselftest-kvm
* kselftest-livepatch
* kselftest-membarrier
* kselftest-memfd
* kselftest-mincore
* kselftest-mqueue
* kselftest-net
* kselftest-net-mptcp
* kselftest-openat2
* kselftest-ptrace
* kselftest-rseq
* kselftest-rtc
* kselftest-rust
* kselftest-seccomp
* kselftest-sigaltstack
* kselftest-size
* kselftest-tc-testing
* kselftest-timers
* kselftest-tmpfs
* kselftest-tpm2
* kselftest-user_events
* kselftest-vDSO
* kselftest-watchdog
* kselftest-x86
* kunit
* kvm-unit-tests
* libgpiod
* libhugetlbfs
* log-parser-boot
* log-parser-test
* ltp-commands
* ltp-containers
* ltp-controllers
* ltp-cpuhotplug
* ltp-crypto
* ltp-cve
* ltp-dio
* ltp-fcntl-locktests
* ltp-fs
* ltp-fs_bind
* ltp-fs_perms_simple
* ltp-hugetlb
* ltp-ipc
* ltp-math
* ltp-mm
* ltp-nptl
* ltp-pty
* ltp-sched
* ltp-smoke
* ltp-syscalls
* ltp-tracing
* rcutorture
--
Linaro LKFT
https://lkft.linaro.org
^ permalink raw reply [flat|nested] 833+ messages in thread
* Re: [PATCH 6.11 000/817] 6.11.11-rc1 review
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (822 preceding siblings ...)
2024-12-04 13:25 ` Naresh Kamboju
@ 2024-12-04 16:55 ` Shuah Khan
2024-12-04 18:51 ` Miguel Ojeda
` (2 subsequent siblings)
826 siblings, 0 replies; 833+ messages in thread
From: Shuah Khan @ 2024-12-04 16:55 UTC (permalink / raw)
To: Greg Kroah-Hartman, stable
Cc: patches, linux-kernel, torvalds, akpm, linux, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, sudipm.mukherjee, srw,
rwarsow, conor, hargar, broonie, Shuah Khan
On 12/3/24 07:32, Greg Kroah-Hartman wrote:
> -----------
> Note, this is will probably be the last 6.11.y kernel to be released.
> Please move to the 6.12.y branch at this time.
> -----------
>
> This is the start of the stable review cycle for the 6.11.11 release.
> There are 817 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Thu, 05 Dec 2024 14:36:47 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.11.11-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.11.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
>
Compiled and booted on my test system. No dmesg regressions.
Tested-by: Shuah Khan <skhan@linuxfoundation.org>
thanks,
-- Shuah
^ permalink raw reply [flat|nested] 833+ messages in thread
* Re: [PATCH 6.11 000/817] 6.11.11-rc1 review
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (823 preceding siblings ...)
2024-12-04 16:55 ` Shuah Khan
@ 2024-12-04 18:51 ` Miguel Ojeda
2024-12-05 11:05 ` Muhammad Usama Anjum
2024-12-05 14:39 ` Jon Hunter
826 siblings, 0 replies; 833+ messages in thread
From: Miguel Ojeda @ 2024-12-04 18:51 UTC (permalink / raw)
To: gregkh
Cc: akpm, broonie, conor, f.fainelli, hargar, jonathanh, linux-kernel,
linux, lkft-triage, patches, patches, pavel, rwarsow, shuah, srw,
stable, sudipm.mukherjee, torvalds, Miguel Ojeda
On Tue, 03 Dec 2024 15:32:52 +0100 Greg Kroah-Hartman <gregkh@linuxfoundation.org> wrote:
>
> -----------
> Note, this is will probably be the last 6.11.y kernel to be released.
> Please move to the 6.12.y branch at this time.
> -----------
>
> This is the start of the stable review cycle for the 6.11.11 release.
> There are 817 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Thu, 05 Dec 2024 14:36:47 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.11.11-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.11.y
> and the diffstat can be found below.
Boot-tested under QEMU for Rust x86_64, arm64 and riscv64; built-tested
for loongarch64:
Tested-by: Miguel Ojeda <ojeda@kernel.org>
Thanks!
Cheers,
Miguel
^ permalink raw reply [flat|nested] 833+ messages in thread
* Re: [PATCH 6.11 000/817] 6.11.11-rc1 review
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (824 preceding siblings ...)
2024-12-04 18:51 ` Miguel Ojeda
@ 2024-12-05 11:05 ` Muhammad Usama Anjum
2024-12-05 14:39 ` Jon Hunter
826 siblings, 0 replies; 833+ messages in thread
From: Muhammad Usama Anjum @ 2024-12-05 11:05 UTC (permalink / raw)
To: Greg Kroah-Hartman, stable
Cc: Usama.Anjum, patches, linux-kernel, torvalds, akpm, linux, shuah,
patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow, conor, hargar, broonie
On 12/3/24 7:32 PM, Greg Kroah-Hartman wrote:
> -----------
> Note, this is will probably be the last 6.11.y kernel to be released.
> Please move to the 6.12.y branch at this time.
> -----------
>
> This is the start of the stable review cycle for the 6.11.11 release.
> There are 817 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Thu, 05 Dec 2024 14:36:47 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.11.11-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.11.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
>
OVERVIEW
Builds: 14 passed, 0 failed
Boot tests: 0 passed, 0 failed
CI systems: broonie
REVISION
Commit
name: v6.11.10-818-g57f39ce086c9
hash: 57f39ce086c9b727df2d92ea7ab7cc80e89d7ed2
Checked out from
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.11.y
BUILDS
No build failures found
BOOT TESTS
No boot failures found
See complete and up-to-date report at:
https://kcidb.kernelci.org/d/revision/revision?orgId=1&var-git_commit_hash=57f39ce086c9b727df2d92ea7ab7cc80e89d7ed2&var-patchset_hash=
Tested-by: kernelci.org bot <bot@kernelci.org>
Thanks,
KernelCI team
^ permalink raw reply [flat|nested] 833+ messages in thread
* Re: [PATCH 6.11 000/817] 6.11.11-rc1 review
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
` (825 preceding siblings ...)
2024-12-05 11:05 ` Muhammad Usama Anjum
@ 2024-12-05 14:39 ` Jon Hunter
2024-12-05 14:45 ` Jon Hunter
826 siblings, 1 reply; 833+ messages in thread
From: Jon Hunter @ 2024-12-05 14:39 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: Greg Kroah-Hartman, patches, linux-kernel, torvalds, akpm, linux,
shuah, patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow, conor, hargar, broonie,
linux-tegra, stable
On Tue, 03 Dec 2024 15:32:52 +0100, Greg Kroah-Hartman wrote:
> -----------
> Note, this is will probably be the last 6.11.y kernel to be released.
> Please move to the 6.12.y branch at this time.
> -----------
>
> This is the start of the stable review cycle for the 6.11.11 release.
> There are 817 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Thu, 05 Dec 2024 14:36:47 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.11.11-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.11.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
Failures detected for Tegra ...
Test results for stable-v6.11:
10 builds: 10 pass, 0 fail
26 boots: 26 pass, 0 fail
111 tests: 109 pass, 2 fail
Linux version: 6.11.11-rc1-g57f39ce086c9
Boards tested: tegra124-jetson-tk1, tegra186-p2771-0000,
tegra194-p2972-0000, tegra194-p3509-0000+p3668-0000,
tegra20-ventana, tegra210-p2371-2180,
tegra210-p3450-0000, tegra30-cardhu-a04
Test failures: tegra186-p2771-0000: cpufreq
tegra186-p2771-0000: mmc-dd-urandom.sh
Jon
^ permalink raw reply [flat|nested] 833+ messages in thread
* Re: [PATCH 6.11 000/817] 6.11.11-rc1 review
2024-12-05 14:39 ` Jon Hunter
@ 2024-12-05 14:45 ` Jon Hunter
0 siblings, 0 replies; 833+ messages in thread
From: Jon Hunter @ 2024-12-05 14:45 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: patches, linux-kernel, torvalds, akpm, linux, shuah, patches,
lkft-triage, pavel, f.fainelli, sudipm.mukherjee, srw, rwarsow,
conor, hargar, broonie, linux-tegra, stable
On 05/12/2024 14:39, Jon Hunter wrote:
> On Tue, 03 Dec 2024 15:32:52 +0100, Greg Kroah-Hartman wrote:
>> -----------
>> Note, this is will probably be the last 6.11.y kernel to be released.
>> Please move to the 6.12.y branch at this time.
>> -----------
>>
>> This is the start of the stable review cycle for the 6.11.11 release.
>> There are 817 patches in this series, all will be posted as a response
>> to this one. If anyone has any issues with these being applied, please
>> let me know.
>>
>> Responses should be made by Thu, 05 Dec 2024 14:36:47 +0000.
>> Anything received after that time might be too late.
>>
>> The whole patch series can be found in one patch at:
>> https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.11.11-rc1.gz
>> or in the git tree and branch at:
>> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.11.y
>> and the diffstat can be found below.
>>
>> thanks,
>>
>> greg k-h
>
> Failures detected for Tegra ...
>
> Test results for stable-v6.11:
> 10 builds: 10 pass, 0 fail
> 26 boots: 26 pass, 0 fail
> 111 tests: 109 pass, 2 fail
>
> Linux version: 6.11.11-rc1-g57f39ce086c9
> Boards tested: tegra124-jetson-tk1, tegra186-p2771-0000,
> tegra194-p2972-0000, tegra194-p3509-0000+p3668-0000,
> tegra20-ventana, tegra210-p2371-2180,
> tegra210-p3450-0000, tegra30-cardhu-a04
>
> Test failures: tegra186-p2771-0000: cpufreq
> tegra186-p2771-0000: mmc-dd-urandom.sh
This is a known issue in the mainline that was not caught for Linux
v6.12. It is intermittent and so not easily caught. It landed in stable
before this cycle and so nothing we can resolve on this cycle. The good
news is that a fix [0] has been identified and once in mainline we can
backport for stable. It is a networking issue that is causing random
test failures when running with NFS.
With that for this update ...
Tested-by: Jon Hunter <jonathanh@nvidia.com>
Jon
[0]
https://lore.kernel.org/netdev/20241205091830.3719609-1-0x1207@gmail.com/
--
nvpublic
^ permalink raw reply [flat|nested] 833+ messages in thread
end of thread, other threads:[~2024-12-05 14:46 UTC | newest]
Thread overview: 833+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-12-03 14:32 [PATCH 6.11 000/817] 6.11.11-rc1 review Greg Kroah-Hartman
2024-12-03 14:32 ` [PATCH 6.11 001/817] wifi: mac80211: Fix setting txpower with emulate_chanctx Greg Kroah-Hartman
2024-12-03 14:32 ` [PATCH 6.11 002/817] wifi: cfg80211: Add wiphy_delayed_work_pending() Greg Kroah-Hartman
2024-12-03 14:32 ` [PATCH 6.11 003/817] wifi: mac80211: Convert color collision detection to wiphy work Greg Kroah-Hartman
2024-12-03 14:32 ` [PATCH 6.11 004/817] wifi: radiotap: Avoid -Wflex-array-member-not-at-end warnings Greg Kroah-Hartman
2024-12-03 14:32 ` [PATCH 6.11 005/817] spi: stm32: fix missing device mode capability in stm32mp25 Greg Kroah-Hartman
2024-12-03 14:32 ` [PATCH 6.11 006/817] ASoC: codecs: rt5640: Always disable IRQs from rt5640_cancel_work() Greg Kroah-Hartman
2024-12-03 14:32 ` [PATCH 6.11 007/817] ASoC: Intel: bytcr_rt5640: Add support for non ACPI instantiated codec Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 008/817] ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 009/817] ASoC: Intel: sst: Support LPE0F28 ACPI HID Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 010/817] wifi: iwlwifi: mvm: Use the sync timepoint API in suspend Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 011/817] wifi: iwlwifi: mvm: SAR table alignment Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 012/817] mac80211: fix user-power when emulating chanctx Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 013/817] usb: add support for new USB device ID 0x17EF:0x3098 for the r8152 driver Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 014/817] usb: typec: use cleanup facility for altmodes_node Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 015/817] selftests/watchdog-test: Fix system accidentally reset after watchdog-test Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 016/817] ALSA: hda/realtek: Add subwoofer quirk for Infinix ZERO BOOK 13 Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 017/817] ASoC: codecs: wcd937x: add missing LO Switch control Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 018/817] ASoC: codecs: wcd937x: relax the AUX PDM watchdog Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 019/817] x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 020/817] bpf: fix filed access without lock Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 021/817] net: usb: qmi_wwan: add Quectel RG650V Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 022/817] soc: qcom: Add check devm_kasprintf() returned value Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 023/817] firmware: arm_scmi: Reject clear channel request on A2P Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 024/817] regulator: rk808: Add apply_bit for BUCK3 on RK809 Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 025/817] platform/x86: dell-smbios-base: Extends support to Alienware products Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 026/817] platform/x86: dell-wmi-base: Handle META key Lock/Unlock events Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 027/817] platform/x86: ideapad-laptop: add missing Ideapad Pro 5 fn keys Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 028/817] ASoC: tas2781: Add new driver version for tas2563 & tas2781 qfn chip Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 029/817] tools/lib/thermal: Remove the thermal.h soft link when doing make clean Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 030/817] can: j1939: fix error in J1939 documentation Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 031/817] platform/x86: thinkpad_acpi: Fix for ThinkPads with ECFW showing incorrect fan speed Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 032/817] ASoC: amd: yc: Support dmic on another model of Lenovo Thinkpad E14 Gen 6 Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 033/817] ASoC: stm: Prevent potential division by zero in stm32_sai_mclk_round_rate() Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 034/817] ASoC: stm: Prevent potential division by zero in stm32_sai_get_clk_div() Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 035/817] drm: panel-orientation-quirks: Make Lenovo Yoga Tab 3 X90F DMI match less strict Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 036/817] proc/softirqs: replace seq_printf with seq_put_decimal_ull_width Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 037/817] integrity: Use static_assert() to check struct sizes Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 038/817] ASoC: audio-graph-card2: Purge absent supplies for device tree nodes Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 039/817] LoongArch: For all possible CPUs setup logical-physical CPU mapping Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 040/817] LoongArch: Define a default value for VM_DATA_DEFAULT_FLAGS Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 041/817] ASoC: max9768: Fix event generation for playback mute Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 042/817] ALSA: usb-audio: Fix Yamaha P-125 Quirk Entry Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 043/817] ARM: 9420/1: smp: Fix SMP for xip kernels Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 044/817] ARM: 9434/1: cfi: Fix compilation corner case Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 045/817] ipmr: Fix access to mfc_cache_list without lock held Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 046/817] f2fs: fix fiemap failure issue when page size is 16KB Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 047/817] drm/amd/display: Skip Invalid Streams from DSC Policy Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 048/817] drm/amd/display: Fix incorrect DSC recompute trigger Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 049/817] s390/facilities: Fix warning about shadow of global variable Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 050/817] efs: fix the efs new mount api implementation Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 051/817] arm64: probes: Disable kprobes/uprobes on MOPS instructions Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 052/817] kselftest/arm64: hwcap: fix f8dp2 cpuinfo name Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 053/817] kselftest/arm64: mte: fix printf type warnings about __u64 Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 054/817] kselftest/arm64: mte: fix printf type warnings about longs Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 055/817] block/fs: Pass an iocb to generic_atomic_write_valid() Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 056/817] fs/block: Check for IOCB_DIRECT in generic_atomic_write_valid() Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 057/817] s390/cio: Do not unregister the subchannel based on DNV Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 058/817] s390/pageattr: Implement missing kernel_page_present() Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 059/817] x86/pvh: Set phys_base when calling xen_prepare_pvh() Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 060/817] x86/pvh: Call C code via the kernel virtual mapping Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 061/817] brd: defer automatic disk creation until module initialization succeeds Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 062/817] ext4: avoid remount errors with abort mount option Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 063/817] mips: asm: fix warning when disabling MIPS_FP_SUPPORT Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 064/817] initramfs: avoid filename buffer overrun Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 065/817] arm64: Expose ID_AA64ISAR1_EL1.XS to sanitised feature consumers Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 066/817] kselftest/arm64: Fix encoding for SVE B16B16 test Greg Kroah-Hartman
2024-12-03 14:33 ` [PATCH 6.11 067/817] nvme-pci: fix freeing of the HMB descriptor table Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 068/817] m68k: mvme147: Fix SCSI controller IRQ numbers Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 069/817] m68k: mvme147: Reinstate early console Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 070/817] arm64: fix .data.rel.ro size assertion when CONFIG_LTO_CLANG Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 071/817] acpi/arm64: Adjust error handling procedure in gtdt_parse_timer_block() Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 072/817] loop: fix type of block size Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 073/817] cachefiles: Fix incorrect length return value in cachefiles_ondemand_fd_write_iter() Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 074/817] cachefiles: Fix missing pos updates " Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 075/817] cachefiles: Fix NULL pointer dereference in object->file Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 076/817] netfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 077/817] block: constify the lim argument to queue_limits_max_zone_append_sectors Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 078/817] block: properly handle REQ_OP_ZONE_APPEND in __bio_split_to_limits Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 079/817] block: take chunk_sectors into account in bio_split_write_zeroes Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 080/817] block: fix bio_split_rw_at to take zone_write_granularity into account Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 081/817] s390/syscalls: Avoid creation of arch/arch/ directory Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 082/817] hfsplus: dont query the device logical block size multiple times Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 083/817] ext4: pipeline buffer reads in mext_page_mkuptodate() Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 084/817] ext4: remove array of buffer_heads from mext_page_mkuptodate() Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 085/817] ext4: fix race in buffer_head read fault injection Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 086/817] nvme-pci: reverse request order in nvme_queue_rqs Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 087/817] virtio_blk: reverse request order in virtio_queue_rqs Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 088/817] crypto: mxs-dcp - Fix AES-CBC with hardware-bound keys Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 089/817] crypto: caam - Fix the pointer passed to caam_qi_shutdown() Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 090/817] crypto: qat - remove check after debugfs_create_dir() Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 091/817] crypto: powerpc/p10-aes-gcm - Register modules as SIMD Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 092/817] crypto: powerpc/p10-aes-gcm - Add dependency on CRYPTO_SIMDand re-enable CRYPTO_AES_GCM_P10 Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 093/817] crypto: qat/qat_420xx - fix off by one in uof_get_name() Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 094/817] crypto: qat/qat_4xxx " Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 095/817] firmware: google: Unregister driver_info on failure Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 096/817] EDAC/bluefield: Fix potential integer overflow Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 097/817] crypto: qat - remove faulty arbiter config reset Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 098/817] thermal: core: Initialize thermal zones before registering them Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 099/817] thermal: core: Drop thermal_zone_device_is_enabled() Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 100/817] thermal: core: Rearrange PM notification code Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 101/817] thermal: core: Represent suspend-related thermal zone flags as bits Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 102/817] thermal: core: Mark thermal zones as initializing to start with Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 103/817] thermal: core: Fix race between zone registration and system suspend Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 104/817] EDAC/fsl_ddr: Fix bad bit shift operations Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 105/817] EDAC/skx_common: Differentiate memory error sources Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 106/817] EDAC/{skx_common,i10nm}: Fix incorrect far-memory error source indicator Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 107/817] crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 108/817] crypto: cavium - Fix the if condition to exit loop after timeout Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 109/817] cpufreq/amd-pstate: Dont update CPPC request in amd_pstate_cpu_boost_update() Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 110/817] amd-pstate: Set min_perf to nominal_perf for active mode performance gov Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 111/817] crypto: hisilicon/qm - disable same error report before resetting Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 112/817] EDAC/igen6: Avoid segmentation fault on module unload Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 113/817] crypto: qat - Fix missing destroy_workqueue in adf_init_aer() Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 114/817] crypto: inside-secure - Fix the return value of safexcel_xcbcmac_cra_init() Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 115/817] sched/cpufreq: Ensure sd is rebuilt for EAS check Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 116/817] doc: rcu: update printed dynticks counter bits Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 117/817] rcu/srcutiny: dont return before reenabling preemption Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 118/817] rcu/kvfree: Fix data-race in __mod_timer / kvfree_call_rcu Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 119/817] hwmon: (pmbus/core) clear faults after setting smbalert mask Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 120/817] hwmon: (nct6775-core) Fix overflows seen when writing limit attributes Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 121/817] ACPI: CPPC: Fix _CPC register setting issue Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 122/817] crypto: caam - add error check to caam_rsa_set_priv_key_form Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 123/817] crypto: bcm - add error check in the ahash_hmac_init function Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 124/817] crypto: aes-gcm-p10 - Use the correct bit to test for P10 Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 125/817] crypto: cavium - Fix an error handling path in cpt_ucode_load_fw() Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 126/817] rcuscale: Do a proper cleanup if kfree_scale_init() fails Greg Kroah-Hartman
2024-12-03 14:34 ` [PATCH 6.11 127/817] tools/lib/thermal: Make more generic the command encoding function Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 128/817] thermal/lib: Fix memory leak on error in thermal_genl_auto() Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 129/817] x86/unwind/orc: Fix unwind for newly forked tasks Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 130/817] Revert "scripts/faddr2line: Check only two symbols when calculating symbol size" Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 131/817] cleanup: Remove address space of returned pointer Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 132/817] time: Partially revert cleanup on msecs_to_jiffies() documentation Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 133/817] time: Fix references to _msecs_to_jiffies() handling of values Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 134/817] locking/atomic/x86: Use ALT_OUTPUT_SP() for __alternative_atomic64() Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 135/817] locking/atomic/x86: Use ALT_OUTPUT_SP() for __arch_{,try_}cmpxchg64_emu() Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 136/817] kcsan, seqlock: Support seqcount_latch_t Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 137/817] kcsan, seqlock: Fix incorrect assumption in read_seqbegin() Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 138/817] clocksource/drivers:sp804: Make user selectable Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 139/817] clocksource/drivers/timer-ti-dm: Fix child node refcount handling Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 140/817] regulator: qcom-smd: make smd_vreg_rpm static Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 141/817] spi: spi-fsl-lpspi: Use IRQF_NO_AUTOEN flag in request_irq() Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 142/817] arm64: dts: qcom: qcs6390-rb3gen2: use modem.mbn for modem DSP Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 143/817] ARM: dts: renesas: genmai: Fix partition size for QSPI NOR Flash Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 144/817] drivers: soc: xilinx: add the missing kfree in xlnx_add_cb_for_suspend() Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 145/817] microblaze: Export xmb_manager functions Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 146/817] arm64: dts: mediatek: mt8188: Fix wrong clock provider in MFG1 power domain Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 147/817] arm64: dts: mediatek: mt8395-genio-1200-evk: Fix dtbs_check error for phy Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 148/817] arm64: dts: mt8195: Fix dtbs_check error for mutex node Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 149/817] arm64: dts: mt8195: Fix dtbs_check error for infracfg_ao node Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 150/817] soc: ti: smartreflex: Use IRQF_NO_AUTOEN flag in request_irq() Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 151/817] soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 152/817] arm64: dts: qcom: sm6350: Fix GPU frequencies missing on some speedbins Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 153/817] arm64: dts: qcom: sda660-ifc6560: fix l10a voltage ranges Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 154/817] ARM: dts: microchip: sam9x60: Add missing property atmel,usart-mode Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 155/817] mmc: mmc_spi: drop buggy snprintf() Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 156/817] scripts/kernel-doc: Do not track section counter across processed files Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 157/817] arm64: dts: qcom: x1e80100-slim7x: Drop orientation-switch from USB SS[0-1] QMP PHYs Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 158/817] arm64: dts: qcom: x1e80100-vivobook-s15: " Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 159/817] openrisc: Implement fixmap to fix earlycon Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 160/817] efi/libstub: fix efi_parse_options() ignoring the default command line Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 161/817] tpm: fix signed/unsigned bug when checking event logs Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 162/817] media: i2c: vgxy61: Fix an error handling path in vgxy61_detect() Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 163/817] media: i2c: ds90ub960: Fix missing return check on ub960_rxport_read call Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 164/817] arm64: dts: mt8183: krane: Fix the address of eeprom at i2c4 Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 165/817] arm64: dts: mt8183: kukui: " Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 166/817] arm64: dts: qcom: x1e80100: Resize GIC Redistributor register region Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 167/817] kernel-doc: allow object-like macros in ReST output Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 168/817] arm64: dts: ti: k3-am62x-phyboard-lyra: Drop unnecessary McASP AFIFOs Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 169/817] arm64: dts: mediatek: mt8173-elm-hana: Add vdd-supply to second source trackpad Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 170/817] arm64: dts: mediatek: mt8188: Fix USB3 PHY port default status Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 171/817] arm64: dts: mediatek: mt8195-cherry: Use correct audio codec DAI Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 172/817] Revert "cgroup: Fix memory leak caused by missing cgroup_bpf_offline" Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 173/817] cgroup/bpf: only cgroup v2 can be attached by bpf programs Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 174/817] regulator: rk808: Restrict DVS GPIOs to the RK808 variant only Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 175/817] power: sequencing: make the QCom PMU pwrseq driver depend on CONFIG_OF Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 176/817] arm64: dts: rockchip: Remove enable-active-low from two boards Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 177/817] arm64: dts: mt8183: fennel: add i2c2s i2c-scl-internal-delay-ns Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 178/817] arm64: dts: mt8183: burnet: " Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 179/817] arm64: dts: mt8183: cozmo: " Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 180/817] arm64: dts: mt8183: Damu: " Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 181/817] pwm: imx27: Workaround of the pwm output bug when decrease the duty cycle Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 182/817] ARM: dts: cubieboard4: Fix DCDC5 regulator constraints Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 183/817] arm64: dts: ti: k3-j7200: Fix register map for main domain pmx Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 184/817] arm64: dts: ti: k3-j7200: Fix clock ids for MCSPI instances Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 185/817] arm64: dts: ti: k3-j721e: Fix clock IDs " Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 186/817] arm64: dts: ti: k3-j721s2: " Greg Kroah-Hartman
2024-12-03 14:35 ` [PATCH 6.11 187/817] watchdog: Add HAS_IOPORT dependency for SBC8360 and SBC7240 Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 188/817] arm64: dts: qcom: x1e80100: Update C4/C5 residency/exit numbers Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 189/817] dt-bindings: cache: qcom,llcc: Fix X1E80100 reg entries Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 190/817] of/fdt: add dt_phys arg to early_init_dt_scan and early_init_dt_verify Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 191/817] pmdomain: ti-sci: Add missing of_node_put() for args.np Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 192/817] spi: tegra210-quad: Avoid shift-out-of-bounds Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 193/817] spi: zynqmp-gqspi: Undo runtime PM changes at driver exit time Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 194/817] regmap: irq: Set lockdep class for hierarchical IRQ domains Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 195/817] arm64: dts: renesas: hihope: Drop #sound-dai-cells Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 196/817] arm64: dts: imx8mn-tqma8mqnl-mba8mx-usbot: fix coexistence of output-low and output-high in GPIO Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 197/817] arm64: dts: mediatek: Add ADC node on MT6357, MT6358, MT6359 PMICs Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 198/817] arm64: dts: mediatek: mt6358: fix dtbs_check error Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 199/817] arm64: dts: mediatek: mt8183-kukui-jacuzzi: Fix DP bridge supply names Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 200/817] arm64: dts: mediatek: mt8183-kukui-jacuzzi: Add supplies for fixed regulators Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 201/817] selftests/resctrl: Print accurate buffer size as part of MBM results Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 202/817] selftests/resctrl: Fix memory overflow due to unhandled wraparound Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 203/817] selftests/resctrl: Protect against array overrun during iMC config parsing Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 204/817] firmware: arm_scpi: Check the DVFS OPP count returned by the firmware Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 205/817] media: ipu6: Fix DMA and physical address debugging messages for 32-bit Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 206/817] media: ipu6: not override the dma_ops of device in driver Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 207/817] media: venus: fix enc/dec destruction order Greg Kroah-Hartman
2024-12-04 3:10 ` Sergey Senozhatsky
2024-12-04 7:10 ` Greg Kroah-Hartman
2024-12-04 7:16 ` Sergey Senozhatsky
2024-12-04 9:43 ` Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 208/817] media: venus: sync with threaded IRQ during inst destruction Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 209/817] pwm: Assume a disabled PWM to emit a constant inactive output Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 210/817] media: atomisp: Add check for rgby_data memory allocation failure Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 211/817] arm64: dts: rockchip: correct analog audio name on Indiedroid Nova Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 212/817] HID: hyperv: streamline driver probe to avoid devres issues Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 213/817] platform/x86: panasonic-laptop: Return errno correctly in show callback Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 214/817] drm/imagination: Convert to use time_before macro Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 215/817] drm/imagination: Use pvr_vm_context_get() Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 216/817] drm/mm: Mark drm_mm_interval_tree*() functions with __maybe_unused Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 217/817] drm/vc4: hvs: Dont write gamma luts on 2711 Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 218/817] drm/vc4: hdmi: Avoid hang with debug registers when suspended Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 219/817] drm/vc4: hvs: Fix dlist debug not resetting the next entry pointer Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 220/817] drm/vc4: hvs: Remove incorrect limit from hvs_dlist debugfs function Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 221/817] drm/vc4: hvs: Correct logic on stopping an HVS channel Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 222/817] wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 223/817] drm/omap: Fix possible NULL dereference Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 224/817] drm/omap: Fix locking in omap_gem_new_dmabuf() Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 225/817] drm/v3d: Appease lockdep while updating GPU stats Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 226/817] wifi: p54: Use IRQF_NO_AUTOEN flag in request_irq() Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 227/817] wifi: mwifiex: " Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 228/817] udmabuf: change folios array from kmalloc to kvmalloc Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 229/817] udmabuf: fix vmap_udmabuf error page set Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 230/817] drm/imx/dcss: Use IRQF_NO_AUTOEN flag in request_irq() Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 231/817] drm/imx/ipuv3: " Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 232/817] drm/ipuv3/parallel: convert to struct drm_edid Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 233/817] drm/imx: parallel-display: drop edid override support Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 234/817] drm/imx: ldb: drop custom EDID support Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 235/817] drm/imx: ldb: drop custom DDC bus support Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 236/817] drm/imx: ldb: switch to drm_panel_bridge Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 237/817] drm/imx: parallel-display: " Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 238/817] drm/imx: Add missing DRM_BRIDGE_CONNECTOR dependency Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 239/817] drm/panel: nt35510: Make new commands optional Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 240/817] drm/v3d: Address race-condition in MMU flush Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 241/817] drm/v3d: Flush the MMU before we supply more memory to the binner Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 242/817] drm/amdgpu: Fix JPEG v4.0.3 register write Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 243/817] wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss1 Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 244/817] wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss2 Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 245/817] wifi: ath12k: Skip Rx TID cleanup for self peer Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 246/817] dt-bindings: vendor-prefixes: Add NeoFidelity, Inc Greg Kroah-Hartman
2024-12-03 14:36 ` [PATCH 6.11 247/817] ASoC: fsl_micfil: fix regmap_write_bits usage Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 248/817] ASoC: dt-bindings: mt6359: Update generic node name and dmic-mode Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 249/817] ASoC: fsl-asoc-card: Add missing handling of {hp,mic}-dt-gpios Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 250/817] drm/bridge: anx7625: Drop EDID cache on bridge power off Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 251/817] drm/bridge: it6505: " Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 252/817] libbpf: Fix expected_attach_type set handling in program load callback Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 253/817] libbpf: Fix output .symtab byte-order during linking Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 254/817] dlm: fix swapped args sb_flags vs sb_status Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 255/817] wifi: rtl8xxxu: Perform update_beacon_work when beaconing is enabled Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 256/817] drm/amd/display: fix a memleak issue when driver is removed Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 257/817] wifi: ath12k: fix use-after-free in ath12k_dp_cc_cleanup() Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 258/817] wifi: ath12k: fix one more memcpy size error Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 259/817] bpf: Fix the xdp_adjust_tail sample prog issue Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 260/817] selftests/bpf: netns_new() and netns_free() helpers Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 261/817] selftests/bpf: Fix backtrace printing for selftests crashes Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 262/817] wifi: ath11k: Fix CE offset address calculation for WCN6750 in SSR Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 263/817] selftests/bpf: add missing header include for htons Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 264/817] wifi: cfg80211: check radio iface combination for multi radio per wiphy Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 265/817] ice: consistently use q_idx in ice_vc_cfg_qs_msg() Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 266/817] drm/vc4: hdmi: Increase audio MAI fifo dreq threshold Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 267/817] drm/vc4: Introduce generation number enum Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 268/817] drm/vc4: Match drm_dev_enter and exit calls in vc4_hvs_lut_load Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 269/817] drm/vc4: Match drm_dev_enter and exit calls in vc4_hvs_atomic_flush Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 270/817] drm/vc4: Correct generation check in vc4_hvs_lut_load Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 271/817] libbpf: fix sym_is_subprog() logic for weak global subprogs Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 272/817] accel/ivpu: Prevent recovery invocation during probe and resume Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 273/817] ASoC: rt722-sdca: Remove logically deadcode in rt722-sdca.c Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 274/817] libbpf: never interpret subprogs in .text as entry programs Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 275/817] netdevsim: copy addresses for both in and out paths Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 276/817] drm/bridge: tc358767: Fix link properties discovery Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 277/817] selftests/bpf: Fix msg_verify_data in test_sockmap Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 278/817] selftests/bpf: Fix txmsg_redir of test_txmsg_pull " Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 279/817] wifi: wilc1000: Set MAC after operation mode Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 280/817] wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 281/817] drm: fsl-dcu: enable PIXCLK on LS1021A Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 282/817] drm: panel: nv3052c: correct spi_device_id for RG35XX panel Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 283/817] drm/msm/dpu: on SDM845 move DSPP_3 to LM_5 block Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 284/817] drm/msm/dpu: drop LM_3 / LM_4 on SDM845 Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 285/817] drm/msm/dpu: drop LM_3 / LM_4 on MSM8998 Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 286/817] octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_common.c Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 287/817] octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_ethtool.c Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 288/817] octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_flows.c Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 289/817] octeontx2-pf: handle otx2_mbox_get_rsp errors in cn10k.c Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 290/817] octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dmac_flt.c Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 291/817] octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dcbnl.c Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 292/817] selftests/bpf: fix test_spin_lock_fail.cs global vars usage Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 293/817] libbpf: move global data mmap()ing into bpf_object__load() Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 294/817] drm/panfrost: Remove unused id_mask from struct panfrost_model Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 295/817] bpf, arm64: Remove garbage frame for struct_ops trampoline Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 296/817] drm/msm/adreno: Use IRQF_NO_AUTOEN flag in request_irq() Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 297/817] drm/msm/gpu: Check the status of registration to PM QoS Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 298/817] drm/xe/hdcp: Fix gsc structure check in fw check status Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 299/817] drm/etnaviv: Request pages from DMA32 zone on addressing_limited Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 300/817] drm/etnaviv: hold GPU lock across perfmon sampling Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 301/817] drm/amd/display: Increase idle worker HPD detection time Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 302/817] drm/amd/display: Reduce HPD Detection Interval for IPS Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 303/817] drm/nouveau/gr/gf100: Fix missing unlock in gf100_gr_chan_new() Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 304/817] drm: zynqmp_kms: Unplug DRM device before removal Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 305/817] drm: xlnx: zynqmp_disp: layer may be null while releasing Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 306/817] wifi: wfx: Fix error handling in wfx_core_init() Greg Kroah-Hartman
2024-12-03 14:37 ` [PATCH 6.11 307/817] wifi: cw1200: Fix potential NULL dereference Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 308/817] drm/msm/dpu: cast crtc_clk calculation to u64 in _dpu_core_perf_calc_clk() Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 309/817] bpf, bpftool: Fix incorrect disasm pc Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 310/817] bpf: Tighten tail call checks for lingering locks, RCU, preempt_disable Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 311/817] drm/vkms: Drop unnecessary call to drm_crtc_cleanup() Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 312/817] drm/amdgpu: Fix the memory allocation issue in amdgpu_discovery_get_nps_info() Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 313/817] bpf: Support __nullable argument suffix for tp_btf Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 314/817] selftests/bpf: Add test for __nullable suffix in tp_btf Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 315/817] bpf: Mark raw_tp arguments with PTR_MAYBE_NULL Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 316/817] drm: use ATOMIC64_INIT() for atomic64_t Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 317/817] netfilter: nf_tables: avoid false-positive lockdep splat on rule deletion Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 318/817] netfilter: nf_tables: must hold rcu read lock while iterating expression type list Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 319/817] netfilter: nf_tables: must hold rcu read lock while iterating object " Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 320/817] netlink: typographical error in nlmsg_type constants definition Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 321/817] wifi: rtw89: coex: check NULL return of kmalloc in btc_fw_set_monreg() Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 322/817] drm/panfrost: Add missing OPP table refcnt decremental Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 323/817] drm/panthor: introduce job cycle and timestamp accounting Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 324/817] drm/panthor: record current and maximum device clock frequencies Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 325/817] drm/panthor: Fix OPP refcnt leaks in devfreq initialisation Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 326/817] isofs: avoid memory leak in iocharset Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 327/817] selftests/bpf: Add txmsg_pass to pull/push/pop in test_sockmap Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 328/817] selftests/bpf: Fix SENDPAGE data logic " Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 329/817] selftests/bpf: Fix total_bytes in msg_loop_rx " Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 330/817] selftests/bpf: Add push/pop checking for msg_verify_data " Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 331/817] bpf, sockmap: Several fixes to bpf_msg_push_data Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 332/817] bpf, sockmap: Several fixes to bpf_msg_pop_data Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 333/817] bpf, sockmap: Fix sk_msg_reset_curr Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 334/817] ipv6: release nexthop on device removal Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 335/817] selftests: net: really check for bg process completion Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 336/817] wifi: cfg80211: Remove the Medium Synchronization Delay validity check Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 337/817] wifi: iwlwifi: allow fast resume on ax200 Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 338/817] wifi: iwlwifi: mvm: tell iwlmei when we finished suspending Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 339/817] drm/amdgpu: fix ACA bank count boundary check error Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 340/817] drm/amdgpu: Fix map/unmap queue logic Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 341/817] drm/amdkfd: Fix wrong usage of INIT_WORK() Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 342/817] bpf: Allow return values 0 and 1 for kprobe session Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 343/817] bpf: Force uprobe bpf program to always return 0 Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 344/817] selftests/bpf: skip the timer_lockup test for single-CPU nodes Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 345/817] ipv6: Fix soft lockups in fib6_select_path under high next hop churn Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 346/817] net: rfkill: gpio: Add check for clk_enable() Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 347/817] Revert "wifi: iwlegacy: do not skip frames with bad FCS" Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 348/817] bpf: Use function pointers count as struct_ops links count Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 349/817] bpf: Add kernel symbol for struct_ops trampoline Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 350/817] ALSA: usx2y: Use snd_card_free_when_closed() at disconnection Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 351/817] ALSA: us122l: " Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 352/817] ALSA: caiaq: " Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 353/817] ALSA: 6fire: Release resources at card release Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 354/817] i2c: dev: Fix memory leak when underlying adapter does not support I2C Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 355/817] selftests: netfilter: Fix missing return values in conntrack_dump_flush Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 356/817] Bluetooth: btintel_pcie: Add handshake between driver and firmware Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 357/817] Bluetooth: btintel: Do no pass vendor events to stack Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 358/817] Bluetooth: btmtk: adjust the position to init iso data anchor Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 359/817] Bluetooth: btbcm: fix missing of_node_put() in btbcm_get_board_name() Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 360/817] Bluetooth: ISO: Use kref to track lifetime of iso_conn Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 361/817] Bluetooth: ISO: Do not emit LE PA Create Sync if previous is pending Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 362/817] Bluetooth: ISO: Do not emit LE BIG " Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 363/817] Bluetooth: ISO: Send BIG Create Sync via hci_sync Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 364/817] Bluetooth: fix use-after-free in device_for_each_child() Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 365/817] xsk: Free skb when TX metadata options are invalid Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 366/817] erofs: handle NONHEAD !delta[1] lclusters gracefully Greg Kroah-Hartman
2024-12-03 14:38 ` [PATCH 6.11 367/817] dlm: fix dlm_recover_members refcount on error Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 368/817] eth: fbnic: dont disable the PCI device twice Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 369/817] net: txgbe: remove GPIO interrupt controller Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 370/817] net: txgbe: fix null pointer to pcs Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 371/817] netpoll: Use rcu_access_pointer() in netpoll_poll_lock Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 372/817] wireguard: selftests: load nf_conntrack if not present Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 373/817] bpf: fix recursive lock when verdict program return SK_PASS Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 374/817] unicode: Fix utf8_load() error path Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 375/817] cppc_cpufreq: Use desired perf if feedback ctrs are 0 or unchanged Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 376/817] RDMA/core: Provide rdma_user_mmap_disassociate() to disassociate mmap pages Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 377/817] RDMA/hns: Disassociate mmap pages for all uctx when HW is being reset Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 378/817] clk: mediatek: drop two dead config options Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 379/817] trace/trace_event_perf: remove duplicate samples on the first tracepoint event Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 380/817] pinctrl: zynqmp: drop excess struct member description Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 381/817] pinctrl: renesas: Select PINCTRL_RZG2L for RZ/V2H(P) SoC Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 382/817] clk: qcom: videocc-sm8550: depend on either gcc-sm8550 or gcc-sm8650 Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 383/817] iommu/s390: Implement blocking domain Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 384/817] scsi: hisi_sas: Enable all PHYs that are not disabled by user during controller reset Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 385/817] powerpc/vdso: Flag VDSO64 entry points as functions Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 386/817] mfd: tps65010: Use IRQF_NO_AUTOEN flag in request_irq() to fix race Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 387/817] mfd: da9052-spi: Change read-mask to write-mask Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 388/817] mfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 389/817] mfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 390/817] mfd: intel_soc_pmic_bxtwc: Use IRQ domain for PMIC devices Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 391/817] irqdomain: Simplify simple and legacy domain creation Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 392/817] irqdomain: Cleanup domain name allocation Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 393/817] irqdomain: Allow giving name suffix for domain Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 394/817] regmap: Allow setting IRQ domain name suffix Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 395/817] mfd: intel_soc_pmic_bxtwc: Fix IRQ domain names duplication Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 396/817] cpufreq: loongson2: Unregister platform_driver on failure Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 397/817] powerpc/fadump: Refactor and prepare fadump_cma_init for late init Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 398/817] powerpc/fadump: Move fadump_cma_init to setup_arch() after initmem_init() Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 399/817] mtd: hyperbus: rpc-if: Add missing MODULE_DEVICE_TABLE Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 400/817] mtd: rawnand: atmel: Fix possible memory leak Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 401/817] powerpc/mm/fault: Fix kfence page fault reporting Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 402/817] clk: sophgo: avoid integer overflow in sg2042_pll_recalc_rate() Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 403/817] mtd: spi-nor: spansion: Use nor->addr_nbytes in octal DTR mode in RD_ANY_REG_OP Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 404/817] powerpc/pseries: Fix dtl_access_lock to be a rw_semaphore Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 405/817] cpufreq: CPPC: Fix possible null-ptr-deref for cpufreq_cpu_get_raw() Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 406/817] cpufreq: CPPC: Fix possible null-ptr-deref for cppc_get_cpu_cost() Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 407/817] iommu/amd: Remove amd_iommu_domain_update() from page table freeing Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 408/817] iommu/amd: Remove the amd_iommu_domain_set_pt_root() and related Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 409/817] iommu/amd: Rename struct amd_io_pgtable iopt to pgtbl Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 410/817] iommu/amd: Store the nid in io_pgtable_cfg instead of the domain Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 411/817] iommu/amd: Narrow the use of struct protection_domain to invalidation Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 412/817] iommu/amd/pgtbl_v2: Take protection domain lock before invalidating TLB Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 413/817] RDMA/hns: Fix an AEQE overflow error caused by untimely update of eq_db_ci Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 414/817] RDMA/hns: Fix flush cqe error when racing with destroy qp Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 415/817] RDMA/hns: Modify debugfs name Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 416/817] RDMA/hns: Use dev_* printings in hem code instead of ibdev_* Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 417/817] RDMA/hns: Fix cpu stuck caused by printings during reset Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 418/817] RDMA/rxe: Fix the qp flush warnings in req Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 419/817] RDMA/bnxt_re: Check cqe flags to know imm_data vs inv_irkey Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 420/817] clk: sunxi-ng: d1: Fix PLL_AUDIO0 preset Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 421/817] clk: renesas: rzg2l: Fix FOUTPOSTDIV clk Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 422/817] RDMA/rxe: Set queue pair cur_qp_state when being queried Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 423/817] RISC-V: KVM: Fix APLIC in_clrip and clripnum write emulation Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 424/817] riscv: kvm: Fix out-of-bounds array access Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 425/817] clk: imx: lpcg-scu: SW workaround for errata (e10858) Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 426/817] clk: imx: fracn-gppll: correct PLL initialization flow Greg Kroah-Hartman
2024-12-03 14:39 ` [PATCH 6.11 427/817] clk: imx: fracn-gppll: fix pll power up Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 428/817] clk: imx: clk-scu: fix clk enable state save and restore Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 429/817] clk: imx: imx8-acm: Fix return value check in clk_imx_acm_attach_pm_domains() Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 430/817] iommu/vt-d: Fix checks and print in dmar_fault_dump_ptes() Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 431/817] iommu/vt-d: Fix checks and print in pgtable_walk() Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 432/817] checkpatch: always parse orig_commit in fixes tag Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 433/817] mfd: rt5033: Fix missing regmap_del_irq_chip() Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 434/817] leds: max5970: Fix unreleased fwnode_handle in probe function Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 435/817] leds: ktd2692: Set missing timing properties Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 436/817] fs/proc/kcore.c: fix coccinelle reported ERROR instances Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 437/817] scsi: target: Fix incorrect function name in pscsi_create_type_disk() Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 438/817] scsi: bfa: Fix use-after-free in bfad_im_module_exit() Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 439/817] scsi: fusion: Remove unused variable rc Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 440/817] scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb() Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 441/817] scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb() Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 442/817] scsi: sg: Enable runtime power management Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 443/817] x86/tdx: Introduce wrappers to read and write TD metadata Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 444/817] x86/tdx: Rename tdx_parse_tdinfo() to tdx_setup() Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 445/817] x86/tdx: Dynamically disable SEPT violations from causing #VEs Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 446/817] powerpc/fadump: allocate memory for additional parameters early Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 447/817] fadump: reserve param area if below boot_mem_top Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 448/817] RDMA/hns: Fix out-of-order issue of requester when setting FENCE Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 449/817] RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg() Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 450/817] cpufreq: loongson3: Check for error code from devm_mutex_init() call Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 451/817] cpufreq: CPPC: Fix wrong return value in cppc_get_cpu_cost() Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 452/817] cpufreq: CPPC: Fix wrong return value in cppc_get_cpu_power() Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 453/817] kasan: move checks to do_strncpy_from_user Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 454/817] kunit: skb: use "gfp" variable instead of hardcoding GFP_KERNEL Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 455/817] ocfs2: fix uninitialized value in ocfs2_file_read_iter() Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 456/817] dax: delete a stale directory pmem Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 457/817] KVM: PPC: Book3S HV: Stop using vc->dpdes for nested KVM guests Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 458/817] KVM: PPC: Book3S HV: Avoid returning to nested hypervisor on pending doorbells Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 459/817] powerpc/sstep: make emulate_vsx_load and emulate_vsx_store static Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 460/817] RDMA/hns: Fix different dgids mapping to the same dip_idx Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 461/817] KVM: PPC: Book3S HV: Fix kmv -> kvm typo Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 462/817] powerpc/kexec: Fix return of uninitialized variable Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 463/817] fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem() Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 464/817] RDMA/mlx5: Move events notifier registration to be after device registration Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 465/817] clk: clk-apple-nco: Add NULL check in applnco_probe Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 466/817] clk: ralink: mtmips: fix clock plan for Ralink SoC RT3883 Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 467/817] clk: ralink: mtmips: fix clocks probe order in oldest ralink SoCs Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 468/817] clk: en7523: remove REG_PCIE*_{MEM,MEM_MASK} configuration Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 469/817] clk: en7523: move clock_register in hw_init callback Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 470/817] clk: en7523: introduce chip_scu regmap Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 471/817] clk: en7523: fix estimation of fixed rate for EN7581 Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 472/817] dt-bindings: clock: axi-clkgen: include AXI clk Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 473/817] clk: clk-axi-clkgen: make sure to enable the AXI bus clock Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 474/817] arm64: dts: qcom: sc8180x: Add a SoC-specific compatible to cpufreq-hw Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 475/817] pinctrl: k210: Undef K210_PC_DEFAULT Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 476/817] rtla/timerlat: Do not set params->user_workload with -U Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 477/817] smb: cached directories can be more than root file handle Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 478/817] mailbox: mtk-cmdq: fix wrong use of sizeof in cmdq_get_clocks() Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 479/817] mailbox: arm_mhuv2: clean up loop in get_irq_chan_comb() Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 480/817] x86: fix off-by-one in access_ok() Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 481/817] perf cs-etm: Dont flush when packet_queue fills up Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 482/817] gfs2: Rename GLF_VERIFY_EVICT to GLF_VERIFY_DELETE Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 483/817] gfs2: Allow immediate GLF_VERIFY_DELETE work Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 484/817] gfs2: Fix unlinked inode cleanup Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 485/817] perf test: Add test for Intel TPEBS counting mode Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 486/817] perf stat: Uniquify event name improvements Greg Kroah-Hartman
2024-12-03 14:40 ` [PATCH 6.11 487/817] perf mem: Fix printing PERF_MEM_LVLNUM_{L2_MHB|MSC} Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 488/817] PCI: Fix reset_method_store() memory leak Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 489/817] perf stat: Close cork_fd when create_perf_stat_counter() failed Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 490/817] perf stat: Fix affinity memory leaks on error path Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 491/817] perf trace: Keep exited threads for summary Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 492/817] perf test attr: Add back missing topdown events Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 493/817] f2fs: compress: fix inconsistent update of i_blocks in release_compress_blocks and reserve_compress_blocks Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 494/817] f2fs: fix null-ptr-deref in f2fs_submit_page_bio() Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 495/817] f2fs: fix to account dirty data in __get_secs_required() Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 496/817] perf dso: Fix symtab_type for kmod compression Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 497/817] perf probe: Fix libdw memory leak Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 498/817] perf probe: Correct demangled symbols in C++ program Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 499/817] rust: kernel: fix THIS_MODULE header path in ThisModule doc comment Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 500/817] rust: macros: fix documentation of the paste! macro Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 501/817] PCI: cpqphp: Use PCI_POSSIBLE_ERROR() to check config reads Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 502/817] PCI: cpqphp: Fix PCIBIOS_* return value confusion Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 503/817] rust: block: fix formatting of `kernel::block::mq::request` module Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 504/817] perf disasm: Use disasm_line__free() to properly free disasm_line Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 505/817] virtiofs: use pages instead of pointer for kernel direct IO Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 506/817] perf ftrace latency: Fix unit on histogram first entry when using --use-nsec Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 507/817] i3c: master: Remove i3c_dev_disable_ibi_locked(olddev) on device hotjoin Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 508/817] f2fs: fix the wrong f2fs_bug_on condition in f2fs_do_replace_block Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 509/817] f2fs: check curseg->inited before write_sum_page in change_curseg Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 510/817] f2fs: Fix not used variable index Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 511/817] f2fs: fix to avoid potential deadlock in f2fs_record_stop_reason() Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 512/817] f2fs: fix to avoid use GC_AT when setting gc_mode as GC_URGENT_LOW or GC_URGENT_MID Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 513/817] PCI: qcom-ep: Move controller cleanups to qcom_pcie_perst_deassert() Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 514/817] PCI: tegra194: Move controller cleanups to pex_ep_event_pex_rst_deassert() Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 515/817] PCI: cadence: Extract link setup sequence from cdns_pcie_host_setup() Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 516/817] PCI: cadence: Set cdns_pcie_host_init() global Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 517/817] PCI: j721e: Add reset GPIO to struct j721e_pcie Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 518/817] PCI: j721e: Use T_PERST_CLK_US macro Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 519/817] PCI: j721e: Add suspend and resume support Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 520/817] PCI: j721e: Deassert PERST# after a delay of PCIE_T_PVPERL_MS milliseconds Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 521/817] perf build: Add missing cflags when building with custom libtraceevent Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 522/817] f2fs: fix race in concurrent f2fs_stop_gc_thread Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 523/817] f2fs: fix to map blocks correctly for direct write Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 524/817] f2fs: fix to avoid forcing direct write to use buffered IO on inline_data inode Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 525/817] perf trace: avoid garbage when not printing a trace events arguments Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 526/817] m68k: mcfgpio: Fix incorrect register offset for CONFIG_M5441x Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 527/817] m68k: coldfire/device.c: only build FEC when HW macros are defined Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 528/817] svcrdma: Address an integer overflow Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 529/817] nfsd: drop inode parameter from nfsd4_change_attribute() Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 530/817] perf list: Fix topic and pmu_name argument order Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 531/817] perf trace: Fix tracing itself, creating feedback loops Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 532/817] perf trace: Do not lose last events in a race Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 533/817] perf trace: Avoid garbage when not printing a syscalls arguments Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 534/817] remoteproc: qcom: pas: Remove subdevs on the error path of adsp_probe() Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 535/817] remoteproc: qcom: adsp: " Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 536/817] remoteproc: qcom: pas: add minidump_id to SM8350 resources Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 537/817] rpmsg: glink: use only lower 16-bits of param2 for CMD_OPEN name length Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 538/817] remoteproc: qcom_q6v5_mss: Re-order writes to the IMEM region Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 539/817] PCI: endpoint: epf-mhi: Avoid NULL dereference if DT lacks mmio Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 540/817] NFSD: Prevent NULL dereference in nfsd4_process_cb_update() Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 541/817] NFSD: Cap the number of bytes copied by nfs4_reset_recoverydir() Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 542/817] nfsd: release svc_expkey/svc_export with rcu_work Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 543/817] svcrdma: fix miss destroy percpu_counter in svc_rdma_proc_init() Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 544/817] NFSD: Fix nfsd4_shutdown_copy() Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 545/817] f2fs: clean up val{>>,<<}F2FS_BLKSIZE_BITS Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 546/817] f2fs: fix to do cast in F2FS_{BLK_TO_BYTES, BTYES_TO_BLK} to avoid overflow Greg Kroah-Hartman
2024-12-03 14:41 ` [PATCH 6.11 547/817] hwmon: (tps23861) Fix reporting of negative temperatures Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 548/817] hwmon: (aquacomputer_d5next) Fix length of speed_input array Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 549/817] phy: airoha: Fix REG_CSR_2L_PLL_CMN_RESERVE0 config in airoha_pcie_phy_init_clk_out() Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 550/817] phy: airoha: Fix REG_PCIE_PMA_TX_RESET config in airoha_pcie_phy_init_csr_2l() Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 551/817] phy: airoha: Fix REG_CSR_2L_JCPLL_SDM_HREN config in airoha_pcie_phy_init_ssc_jcpll() Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 552/817] phy: airoha: Fix REG_CSR_2L_RX{0,1}_REV0 definitions Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 553/817] vdpa/mlx5: Fix suboptimal range on iotlb iteration Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 554/817] vfio/mlx5: Fix an unwind issue in mlx5vf_add_migration_pages() Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 555/817] vfio/mlx5: Fix unwind flows in mlx5vf_pci_save/resume_device_data() Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 556/817] selftests/mount_setattr: Fix failures on 64K PAGE_SIZE kernels Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 557/817] gpio: zevio: Add missed label initialisation Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 558/817] vfio/pci: Properly hide first-in-list PCIe extended capability Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 559/817] fs_parser: update mount_api doc to match function signature Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 560/817] LoongArch: Fix build failure with GCC 15 (-std=gnu23) Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 561/817] LoongArch: BPF: Sign-extend return values Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 562/817] power: supply: core: Remove might_sleep() from power_supply_put() Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 563/817] power: supply: bq27xxx: Fix registers of bq27426 Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 564/817] power: supply: rt9471: Fix wrong WDT function regfield declaration Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 565/817] power: supply: rt9471: Use IC status regfield to report real charger status Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 566/817] net: usb: lan78xx: Fix double free issue with interrupt buffer allocation Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 567/817] net: usb: lan78xx: Fix memory leak on device unplug by freeing PHY device Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 568/817] tg3: Set coherent DMA mask bits to 31 for BCM57766 chipsets Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 569/817] net: usb: lan78xx: Fix refcounting and autosuspend on invalid WoL configuration Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 570/817] net: microchip: vcap: Add typegroup table terminators in kunit tests Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 571/817] netlink: fix false positive warning in extack during dumps Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 572/817] exfat: fix file being changed by unaligned direct write Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 573/817] s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct() Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 574/817] net/ipv6: delete temporary address if mngtmpaddr is removed or unmanaged Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 575/817] net: mdio-ipq4019: add missing error check Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 576/817] marvell: pxa168_eth: fix call balance of pep->clk handling routines Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 577/817] net: stmmac: dwmac-socfpga: Set RX watchdog interrupt as broken Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 578/817] octeontx2-af: RPM: Fix mismatch in lmac type Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 579/817] octeontx2-af: RPM: Fix low network performance Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 580/817] octeontx2-af: RPM: fix stale RSFEC counters Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 581/817] octeontx2-af: RPM: fix stale FCFEC counters Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 582/817] octeontx2-af: Quiesce traffic before NIX block reset Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 583/817] spi: atmel-quadspi: Fix register name in verbose logging function Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 584/817] net: hsr: fix hsr_init_sk() vs network/transport headers Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 585/817] bnxt_en: Reserve rings after PCIe AER recovery if NIC interface is down Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 586/817] bnxt_en: Set backplane link modes correctly for ethtool Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 587/817] bnxt_en: Fix receive ring space parameters when XDP is active Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 588/817] bnxt_en: Refactor bnxt_ptp_init() Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 589/817] bnxt_en: Unregister PTP during PCI shutdown and suspend Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 590/817] Bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 591/817] Bluetooth: MGMT: Fix possible deadlocks Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 592/817] llc: Improve setsockopt() handling of malformed user input Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 593/817] rxrpc: " Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 594/817] tcp: Fix use-after-free of nreq in reqsk_timer_handler() Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 595/817] ip6mr: fix tables suspicious RCU usage Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 596/817] ipmr: " Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 597/817] iio: light: al3010: Fix an error handling path in al3010_probe() Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 598/817] usb: using mutex lock and supporting O_NONBLOCK flag in iowarrior_read() Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 599/817] usb: yurex: make waiting on yurex_write interruptible Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 600/817] USB: chaoskey: fail open after removal Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 601/817] USB: chaoskey: Fix possible deadlock chaoskey_list_lock Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 602/817] misc: apds990x: Fix missing pm_runtime_disable() Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 603/817] devres: Fix page faults when tracing devres from unloaded modules Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 604/817] usb: gadget: uvc: wake pump everytime we update the free list Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 605/817] interconnect: qcom: icc-rpmh: probe defer incase of missing QoS clock dependency Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 606/817] phy: realtek: usb: fix NULL deref in rtk_usb2phy_probe Greg Kroah-Hartman
2024-12-03 14:42 ` [PATCH 6.11 607/817] phy: realtek: usb: fix NULL deref in rtk_usb3phy_probe Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 608/817] counter: stm32-timer-cnt: Add check for clk_enable() Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 609/817] counter: ti-ecap-capture: " Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 610/817] bus: mhi: host: Switch trace_mhi_gen_tre fields to native endian Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 611/817] usb: typec: fix potential array underflow in ucsi_ccg_sync_control() Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 612/817] firmware_loader: Fix possible resource leak in fw_log_firmware_info() Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 613/817] ALSA: hda/realtek: Update ALC256 depop procedure Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 614/817] drm/radeon: add helper rdev_to_drm(rdev) Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 615/817] drm/radeon: change rdev->ddev to rdev_to_drm(rdev) Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 616/817] drm/radeon: Fix spurious unplug event on radeon HDMI Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 617/817] drm/amd/display: Fix null check for pipe_ctx->plane_state in dcn20_program_pipe Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 618/817] drm/amd/display: Fix null check for pipe_ctx->plane_state in hwss_setup_dpp Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 619/817] ASoC: imx-audmix: Add NULL check in imx_audmix_probe Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 620/817] drm/xe/ufence: Wake up waiters after setting ufence->signalled Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 621/817] apparmor: fix Do simple duplicate message elimination Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 622/817] ALSA: core: Fix possible NULL dereference caused by kunit_kzalloc() Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 623/817] ASoC: amd: yc: Fix for enabling DMIC on acp6x via _DSD entry Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 624/817] ASoC: mediatek: Check num_codecs is not zero to avoid panic during probe Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 625/817] s390/pci: Fix potential double remove of hotplug slot Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 626/817] net_sched: sch_fq: dont follow the fast path if Tx is behind now Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 627/817] xen: Fix the issue of resource not being properly released in xenbus_dev_probe() Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 628/817] ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 629/817] ALSA: usb-audio: Fix out of bounds reads when finding clock sources Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 630/817] usb: ehci-spear: fix call balance of sehci clk handling routines Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 631/817] usb: typec: ucsi: glink: fix off-by-one in connector_status Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 632/817] dm-cache: fix warnings about duplicate slab caches Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 633/817] dm-bufio: " Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 634/817] ASoC: Intel: sst: Fix used of uninitialized ctx to log an error Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 635/817] soc: qcom: socinfo: fix revision check in qcom_socinfo_probe() Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 636/817] irqdomain: Always associate interrupts for legacy domains Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 637/817] ext4: supress data-race warnings in ext4_free_inodes_{count,set}() Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 638/817] ext4: fix FS_IOC_GETFSMAP handling Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 639/817] jfs: xattr: check invalid xattr size more strictly Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 640/817] ASoC: amd: yc: Add a quirk for microfone on Lenovo ThinkPad P14s Gen 5 21MES00B00 Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 641/817] ASoC: codecs: Fix atomicity violation in snd_soc_component_get_drvdata() Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 642/817] ASoC: da7213: Populate max_register to regmap_config Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 643/817] perf/x86/intel/pt: Fix buffer full but size is 0 case Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 644/817] crypto: x86/aegis128 - access 32-bit arguments as 32-bit Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 645/817] KVM: x86: switch hugepage recovery thread to vhost_task Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 646/817] KVM: x86/mmu: Skip the "try unsync" path iff the old SPTE was a leaf SPTE Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 647/817] powerpc/pseries: Fix KVM guest detection for disabling hardlockup detector Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 648/817] KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 649/817] KVM: arm64: Ignore PMCNTENSET_EL0 while checking for overflow status Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 650/817] KVM: arm64: Dont retire aborted MMIO instruction Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 651/817] KVM: arm64: vgic-its: Clear ITE when DISCARD frees an ITE Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 652/817] KVM: arm64: Get rid of userspace_irqchip_in_use Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 653/817] KVM: arm64: vgic-its: Add a data length check in vgic_its_save_* Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 654/817] KVM: arm64: vgic-its: Clear DTE when MAPD unmaps a device Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 655/817] Compiler Attributes: disable __counted_by for clang < 19.1.3 Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 656/817] PCI: Fix use-after-free of slot->bus on hot remove Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 657/817] LoongArch: Explicitly specify code model in Makefile Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 658/817] clk: clk-loongson2: Fix memory corruption bug in struct loongson2_clk_provider Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 659/817] clk: clk-loongson2: Fix potential buffer overflow in flexible-array member access Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 660/817] fsnotify: fix sending inotify event with unexpected filename Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 661/817] fsnotify: Fix ordering of iput() and watched_objects decrement Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 662/817] comedi: Flush partial mappings in error case Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 663/817] apparmor: test: Fix memory leak for aa_unpack_strdup() Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 664/817] iio: dac: adi-axi-dac: fix wrong register bitfield Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 665/817] tty: ldsic: fix tty_ldisc_autoload sysctls proc_handler Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 666/817] locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass() Greg Kroah-Hartman
2024-12-03 14:43 ` [PATCH 6.11 667/817] tools/nolibc: s390: include std.h Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 668/817] pinctrl: qcom: spmi: fix debugfs drive strength Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 669/817] dt-bindings: pinctrl: samsung: Fix interrupt constraint for variants with fallbacks Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 670/817] dt-bindings: iio: dac: ad3552r: fix maximum spi speed Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 671/817] exfat: fix uninit-value in __exfat_get_dentry_set Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 672/817] exfat: fix out-of-bounds access of directory entries Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 673/817] xhci: Fix control transfer error on Etron xHCI host Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 674/817] xhci: Combine two if statements for " Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 675/817] xhci: Dont perform Soft Retry " Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 676/817] xhci: Dont issue Reset Device command to " Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 677/817] Bluetooth: Fix type of len in rfcomm_sock_getsockopt{,_old}() Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 678/817] usb: xhci: Limit Stop Endpoint retries Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 679/817] usb: xhci: Fix TD invalidation under pending Set TR Dequeue Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 680/817] usb: xhci: Avoid queuing redundant Stop Endpoint commands Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 681/817] ARM: dts: omap36xx: declare 1GHz OPP as turbo again Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 682/817] wifi: ath12k: fix warning when unbinding Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 683/817] wifi: rtlwifi: Drastically reduce the attempts to read efuse in case of failures Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 684/817] wifi: nl80211: fix bounds checker error in nl80211_parse_sched_scan Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 685/817] wifi: ath12k: fix crash when unbinding Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 686/817] wifi: brcmfmac: release root node in all execution paths Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 687/817] Revert "exec: dont WARN for racy path_noexec check" Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 688/817] Revert "fs: dont block i_writecount during exec" Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 689/817] Revert "f2fs: remove unreachable lazytime mount option parsing" Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 690/817] Revert "usb: gadget: composite: fix OS descriptors w_value logic" Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 691/817] serial: sh-sci: Clean sci_ports[0] after at earlycon exit Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 692/817] Revert "serial: sh-sci: Clean sci_ports[0] after at earlycon exit" Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 693/817] io_uring: fix corner case forgetting to vunmap Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 694/817] io_uring: check for overflows in io_pin_pages Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 695/817] blk-settings: round down io_opt to physical_block_size Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 696/817] gpio: exar: set value when external pull-up or pull-down is present Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 697/817] netfilter: ipset: add missing range check in bitmap_ip_uadt Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 698/817] spi: Fix acpi deferred irq probe Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 699/817] mtd: spi-nor: core: replace dummy buswidth from addr to data Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 700/817] cpufreq: mediatek-hw: Fix wrong return value in mtk_cpufreq_get_cpu_power() Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 701/817] cifs: support mounting with alternate password to allow password rotation Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 702/817] parisc/ftrace: Fix function graph tracing disablement Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 703/817] RISC-V: Scalar unaligned access emulated on hotplug CPUs Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 704/817] RISC-V: Check scalar unaligned access on all CPUs Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 705/817] ksmbd: fix use-after-free in SMB request handling Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 706/817] smb: client: fix NULL ptr deref in crypto_aead_setkey() Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 707/817] platform/chrome: cros_ec_typec: fix missing fwnode reference decrement Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 708/817] irqchip/irq-mvebu-sei: Move misplaced select() callback to SEI CP domain Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 709/817] x86/CPU/AMD: Terminate the erratum_1386_microcode array Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 710/817] ubi: wl: Put source PEB into correct list if trying locking LEB failed Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 711/817] um: ubd: Do not use drvdata in release Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 712/817] um: net: " Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 713/817] dt-bindings: serial: rs485: Fix rs485-rts-delay property Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 714/817] serial: 8250_fintek: Add support for F81216E Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 715/817] serial: 8250: omap: Move pm_runtime_get_sync Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 716/817] serial: amba-pl011: Fix RX stall when DMA is used Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 717/817] serial: amba-pl011: fix build regression Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 718/817] mtd: ubi: fix unreleased fwnode_handle in find_volume_fwnode() Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 719/817] block: Prevent potential deadlock in blk_revalidate_disk_zones() Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 720/817] um: vector: Do not use drvdata in release Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 721/817] sh: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 722/817] iio: gts: Fix uninitialized symbol ret Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 723/817] ublk: fix ublk_ch_mmap() for 64K page size Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 724/817] arm64: tls: Fix context-switching of tpidrro_el0 when kpti is enabled Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 725/817] block: fix missing dispatching request when queue is started or unquiesced Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 726/817] block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding Greg Kroah-Hartman
2024-12-03 14:44 ` [PATCH 6.11 727/817] block: fix ordering between checking BLK_MQ_S_STOPPED " Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 728/817] blk-mq: Make blk_mq_quiesce_tagset() hold the tag list mutex less long Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 729/817] gve: Flow steering trigger reset only for timeout error Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 730/817] HID: wacom: Interpret tilt data from Intuos Pro BT as signed values Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 731/817] i40e: Fix handling changed priv flags Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 732/817] media: wl128x: Fix atomicity violation in fmc_send_cmd() Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 733/817] media: intel/ipu6: do not handle interrupts when device is disabled Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 734/817] arm64: dts: mediatek: mt8186-corsola-voltorb: Merge speaker codec nodes Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 735/817] netdev-genl: Hold rcu_read_lock in napi_get Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 736/817] soc: fsl: rcpm: fix missing of_node_put() in copy_ippdexpcr1_setting() Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 737/817] media: v4l2-core: v4l2-dv-timings: check cvt/gtf result Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 738/817] ALSA: rawmidi: Fix kvfree() call in spinlock Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 739/817] ALSA: ump: Fix evaluation of MIDI 1.0 FB info Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 740/817] ALSA: pcm: Add sanity NULL check for the default mmap fault handler Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 741/817] ALSA: hda/realtek: Update ALC225 depop procedure Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 742/817] ALSA: hda/realtek: Set PCBeep to default value for ALC274 Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 743/817] ALSA: hda/realtek: Fix Internal Speaker and Mic boost of Infinix Y4 Max Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 744/817] ALSA: hda/realtek: Apply quirk for Medion E15433 Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 745/817] smb3: request handle caching when caching directories Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 746/817] smb: client: handle max length for SMB symlinks Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 747/817] smb: Dont leak cfid when reconnect races with open_cached_dir Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 748/817] smb: prevent use-after-free due to open_cached_dir error paths Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 749/817] smb: During unmount, ensure all cached dir instances drop their dentry Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 750/817] usb: misc: ljca: set small runtime autosuspend delay Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 751/817] usb: misc: ljca: move usb_autopm_put_interface() after wait for response Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 752/817] usb: dwc3: ep0: Dont clear ep0 DWC3_EP_TRANSFER_STARTED Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 753/817] usb: musb: Fix hardware lockup on first Rx endpoint request Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 754/817] usb: dwc3: gadget: Fix checking for number of TRBs left Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 755/817] usb: dwc3: gadget: Fix looping of queued SG entries Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 756/817] staging: vchiq_arm: Fix missing refcount decrement in error path for fw_node Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 757/817] counter: stm32-timer-cnt: fix device_node handling in probe_encoder() Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 758/817] ublk: fix error code for unsupported command Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 759/817] lib: string_helpers: silence snprintf() output truncation warning Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 760/817] f2fs: fix to do sanity check on node blkaddr in truncate_node() Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 761/817] ipc: fix memleak if msg_init_ns failed in create_ipc_ns Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 762/817] Input: cs40l50 - fix wrong usage of INIT_WORK() Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 763/817] NFSD: Prevent a potential integer overflow Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 764/817] SUNRPC: make sure cache entry active before cache_show Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 765/817] um: Fix potential integer overflow during physmem setup Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 766/817] um: Fix the return value of elf_core_copy_task_fpregs Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 767/817] kfifo: dont include dma-mapping.h in kfifo.h Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 768/817] um: ubd: Initialize ubds disk pointer in ubd_add Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 769/817] um: Always dump trace for specified task in show_stack Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 770/817] NFSv4.0: Fix a use-after-free problem in the asynchronous open() Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 771/817] rtc: st-lpc: Use IRQF_NO_AUTOEN flag in request_irq() Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 772/817] rtc: abx80x: Fix WDT bit position of the status register Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 773/817] rtc: check if __rtc_read_time was successful in rtc_timer_do_work() Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 774/817] ubi: fastmap: wl: Schedule fm_work if wear-leveling pool is empty Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 775/817] ubifs: Correct the total block count by deducting journal reservation Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 776/817] ubi: fastmap: Fix duplicate slab cache names while attaching Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 777/817] ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 778/817] jffs2: fix use of uninitialized variable Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 779/817] rtc: rzn1: fix BCD to rtc_time conversion errors Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 780/817] Revert "nfs: dont reuse partially completed requests in nfs_lock_and_join_requests" Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 781/817] nvme-multipath: avoid hang on inaccessible namespaces Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 782/817] nvme/multipath: Fix RCU list traversal to use SRCU primitive Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 783/817] blk-mq: add non_owner variant of start_freeze/unfreeze queue APIs Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 784/817] block: model freeze & enter queue as lock for supporting lockdep Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 785/817] block: fix uaf for flush rq while iterating tags Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 786/817] block: return unsigned int from bdev_io_min Greg Kroah-Hartman
2024-12-03 14:45 ` [PATCH 6.11 787/817] nvme-fabrics: fix kernel crash while shutting down controller Greg Kroah-Hartman
2024-12-03 14:46 ` [PATCH 6.11 788/817] 9p/xen: fix init sequence Greg Kroah-Hartman
2024-12-03 14:46 ` [PATCH 6.11 789/817] 9p/xen: fix release of IRQ Greg Kroah-Hartman
2024-12-03 14:46 ` [PATCH 6.11 790/817] perf/arm-smmuv3: Fix lockdep assert in ->event_init() Greg Kroah-Hartman
2024-12-03 14:46 ` [PATCH 6.11 791/817] perf/arm-cmn: Ensure port and device id bits are set properly Greg Kroah-Hartman
2024-12-03 14:46 ` [PATCH 6.11 792/817] smb: client: disable directory caching when dir_cache_timeout is zero Greg Kroah-Hartman
2024-12-03 14:46 ` [PATCH 6.11 793/817] x86/Documentation: Update algo in init_size description of boot protocol Greg Kroah-Hartman
2024-12-03 14:46 ` [PATCH 6.11 794/817] cifs: Fix parsing native symlinks relative to the export Greg Kroah-Hartman
2024-12-03 14:46 ` [PATCH 6.11 795/817] cifs: Fix parsing reparse point with native symlink in SMB1 non-UNICODE session Greg Kroah-Hartman
2024-12-03 14:46 ` [PATCH 6.11 796/817] rtc: ab-eoz9: dont fail temperature reads on undervoltage notification Greg Kroah-Hartman
2024-12-03 14:46 ` [PATCH 6.11 797/817] Rename .data.unlikely to .data..unlikely Greg Kroah-Hartman
2024-12-03 14:46 ` [PATCH 6.11 798/817] Rename .data.once to .data..once to fix resetting WARN*_ONCE Greg Kroah-Hartman
2024-12-03 14:46 ` [PATCH 6.11 799/817] kbuild: deb-pkg: Dont fail if modules.order is missing Greg Kroah-Hartman
2024-12-03 14:46 ` [PATCH 6.11 800/817] smb: Initialize cfid->tcon before performing network ops Greg Kroah-Hartman
2024-12-03 14:46 ` [PATCH 6.11 801/817] block: Dont allow an atomic write be truncated in blkdev_write_iter() Greg Kroah-Hartman
2024-12-03 14:46 ` [PATCH 6.11 802/817] modpost: remove incorrect code in do_eisa_entry() Greg Kroah-Hartman
2024-12-03 14:46 ` [PATCH 6.11 803/817] cifs: during remount, make sure passwords are in sync Greg Kroah-Hartman
2024-12-03 14:46 ` [PATCH 6.11 804/817] cifs: unlock on error in smb3_reconfigure() Greg Kroah-Hartman
2024-12-03 14:46 ` [PATCH 6.11 805/817] nfs: ignore SB_RDONLY when mounting nfs Greg Kroah-Hartman
2024-12-03 14:46 ` [PATCH 6.11 806/817] sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport Greg Kroah-Hartman
2024-12-03 14:46 ` [PATCH 6.11 807/817] SUNRPC: timeout and cancel TLS handshake with -ETIMEDOUT Greg Kroah-Hartman
2024-12-03 14:46 ` [PATCH 6.11 808/817] sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket Greg Kroah-Hartman
2024-12-03 14:46 ` [PATCH 6.11 809/817] nfs/blocklayout: Dont attempt unregister for invalid block device Greg Kroah-Hartman
2024-12-03 14:46 ` [PATCH 6.11 810/817] nfs/blocklayout: Limit repeat device registration on failure Greg Kroah-Hartman
2024-12-03 14:46 ` [PATCH 6.11 811/817] block, bfq: fix bfqq uaf in bfq_limit_depth() Greg Kroah-Hartman
2024-12-03 14:46 ` [PATCH 6.11 812/817] brd: decrease the number of allocated pages which discarded Greg Kroah-Hartman
2024-12-03 14:46 ` [PATCH 6.11 813/817] sh: intc: Fix use-after-free bug in register_intc_controller() Greg Kroah-Hartman
2024-12-03 14:46 ` [PATCH 6.11 814/817] tools/power turbostat: Fix trailing \n parsing Greg Kroah-Hartman
2024-12-03 14:46 ` [PATCH 6.11 815/817] tools/power turbostat: Fix childs argument forwarding Greg Kroah-Hartman
2024-12-03 14:46 ` [PATCH 6.11 816/817] block: always verify unfreeze lock on the owner task Greg Kroah-Hartman
2024-12-03 14:46 ` [PATCH 6.11 817/817] block: dont verify IO lock for freeze/unfreeze in elevator_init_mq() Greg Kroah-Hartman
2024-12-03 22:07 ` [PATCH 6.11 000/817] 6.11.11-rc1 review Mark Brown
2024-12-03 22:09 ` Peter Schneider
2024-12-03 22:33 ` Florian Fainelli
2024-12-04 0:23 ` SeongJae Park
2024-12-04 7:16 ` Ron Economos
2024-12-04 13:25 ` Naresh Kamboju
2024-12-04 16:55 ` Shuah Khan
2024-12-04 18:51 ` Miguel Ojeda
2024-12-05 11:05 ` Muhammad Usama Anjum
2024-12-05 14:39 ` Jon Hunter
2024-12-05 14:45 ` Jon Hunter
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).