January 2021 - Linux-stable-mirror

[PATCH v5 5/5] mm: hugetlb: remove VM_BUG_ON_PAGE from page_huge_active

by Muchun Song

The page_huge_active() can be called from scan_movable_pages() which do not hold a reference count to the HugeTLB page. So when we call page_huge_active() from scan_movable_pages(), the HugeTLB page can be freed parallel. Then we will trigger a BUG_ON which is in the page_huge_active() when CONFIG_DEBUG_VM is enabled. Just remove the VM_BUG_ON_PAGE. Fixes: 7e1f049efb86 ("mm: hugetlb: cleanup using paeg_huge_active()") Signed-off-by: Muchun Song <songmuchun(a)bytedance.com> Reviewed-by: Mike Kravetz <mike.kravetz(a)oracle.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Cc: stable(a)vger.kernel.org --- mm/hugetlb.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 43b7a044f248..6c5dfef682cc 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -1360,8 +1360,7 @@ struct hstate *size_to_hstate(unsigned long size) */ bool page_huge_active(struct page *page) { - VM_BUG_ON_PAGE(!PageHuge(page), page); - return PageHead(page) && PagePrivate(&page[1]); + return PageHeadHuge(page) && PagePrivate(&page[1]); } /* never called for tail page */ -- 2.11.0

4 years, 3 months

1
0
0 0

[PATCH v5 4/5] mm: hugetlb: fix a race between isolating and freeing page

by Muchun Song

There is a race between isolate_huge_page() and __free_huge_page(). CPU0: CPU1: if (PageHuge(page)) put_page(page) __free_huge_page(page) spin_lock(&hugetlb_lock) update_and_free_page(page) set_compound_page_dtor(page, NULL_COMPOUND_DTOR) spin_unlock(&hugetlb_lock) isolate_huge_page(page) // trigger BUG_ON VM_BUG_ON_PAGE(!PageHead(page), page) spin_lock(&hugetlb_lock) page_huge_active(page) // trigger BUG_ON VM_BUG_ON_PAGE(!PageHuge(page), page) spin_unlock(&hugetlb_lock) When we isolate a HugeTLB page on CPU0. Meanwhile, we free it to the buddy allocator on CPU1. Then, we can trigger a BUG_ON on CPU0. Because it is already freed to the buddy allocator. Fixes: c8721bbbdd36 ("mm: memory-hotplug: enable memory hotplug to handle hugepage") Signed-off-by: Muchun Song <songmuchun(a)bytedance.com> Reviewed-by: Mike Kravetz <mike.kravetz(a)oracle.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Cc: stable(a)vger.kernel.org --- mm/hugetlb.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 1b789d1fd06b..43b7a044f248 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -5574,9 +5574,9 @@ bool isolate_huge_page(struct page *page, struct list_head *list) { bool ret = true; - VM_BUG_ON_PAGE(!PageHead(page), page); spin_lock(&hugetlb_lock); - if (!page_huge_active(page) || !get_page_unless_zero(page)) { + if (!PageHeadHuge(page) || !page_huge_active(page) || + !get_page_unless_zero(page)) { ret = false; goto unlock; } -- 2.11.0

4 years, 3 months

1
0
0 0

[PATCH v5 2/5] mm: hugetlbfs: fix cannot migrate the fallocated HugeTLB page

by Muchun Song

If a new hugetlb page is allocated during fallocate it will not be marked as active (set_page_huge_active) which will result in a later isolate_huge_page failure when the page migration code would like to move that page. Such a failure would be unexpected and wrong. Only export set_page_huge_active, just leave clear_page_huge_active as static. Because there are no external users. Fixes: 70c3547e36f5 (hugetlbfs: add hugetlbfs_fallocate()) Signed-off-by: Muchun Song <songmuchun(a)bytedance.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Reviewed-by: Mike Kravetz <mike.kravetz(a)oracle.com> Reviewed-by: Oscar Salvador <osalvador(a)suse.de> Cc: stable(a)vger.kernel.org --- fs/hugetlbfs/inode.c | 3 ++- include/linux/hugetlb.h | 2 ++ mm/hugetlb.c | 2 +- 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c index b5c109703daa..21c20fd5f9ee 100644 --- a/fs/hugetlbfs/inode.c +++ b/fs/hugetlbfs/inode.c @@ -735,9 +735,10 @@ static long hugetlbfs_fallocate(struct file *file, int mode, loff_t offset, mutex_unlock(&hugetlb_fault_mutex_table[hash]); + set_page_huge_active(page); /* * unlock_page because locked by add_to_page_cache() - * page_put due to reference from alloc_huge_page() + * put_page() due to reference from alloc_huge_page() */ unlock_page(page); put_page(page); diff --git a/include/linux/hugetlb.h b/include/linux/hugetlb.h index ebca2ef02212..b5807f23caf8 100644 --- a/include/linux/hugetlb.h +++ b/include/linux/hugetlb.h @@ -770,6 +770,8 @@ static inline void huge_ptep_modify_prot_commit(struct vm_area_struct *vma, } #endif +void set_page_huge_active(struct page *page); + #else /* CONFIG_HUGETLB_PAGE */ struct hstate {}; diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 1f3bf1710b66..4741d60f8955 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -1348,7 +1348,7 @@ bool page_huge_active(struct page *page) } /* never called for tail page */ -static void set_page_huge_active(struct page *page) +void set_page_huge_active(struct page *page) { VM_BUG_ON_PAGE(!PageHeadHuge(page), page); SetPagePrivate(&page[1]); -- 2.11.0

4 years, 3 months

1
0
0 0

[PATCH] mfd: gateworks-gsc: fix interrupt type

by Tim Harvey

The Gateworks System Controller has an active-low interrupt. Fix the interrupt request type. Fixes: d85234994b2f ("mfd: Add Gateworks System Controller core driver") Cc: <stable(a)vger.kernel.org> Signed-off-by: Tim Harvey <tharvey(a)gateworks.com> --- drivers/mfd/gateworks-gsc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/mfd/gateworks-gsc.c b/drivers/mfd/gateworks-gsc.c index 576da62..d878767 100644 --- a/drivers/mfd/gateworks-gsc.c +++ b/drivers/mfd/gateworks-gsc.c @@ -234,7 +234,7 @@ static int gsc_probe(struct i2c_client *client) ret = devm_regmap_add_irq_chip(dev, gsc->regmap, client->irq, IRQF_ONESHOT | IRQF_SHARED | - IRQF_TRIGGER_FALLING, 0, + IRQF_TRIGGER_LOW, 0, &gsc_irq_chip, &irq_data); if (ret) return ret; -- 2.7.4

4 years, 3 months

2
1
0 0

[PATCH] drm/amdgpu: add green_sardine device id (v2)

by Mengbing Wang

From: Prike Liang <Prike.Liang(a)amd.com> Add green_sardine PCI id support and map it to renoir asic type. v2: add apu flag Signed-off-by: Prike Liang <Prike.Liang(a)amd.com> Reviewed-by: Alex Deucher <alexander.deucher(a)amd.com> Reviewed-by: Huang Rui <ray.huang(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org # 5.10.x --- drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c index f52fa2cf58e2..f523eae461b4 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c @@ -1119,6 +1119,7 @@ static const struct pci_device_id pciidlist[] = { /* Renoir */ {0x1002, 0x1636, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_RENOIR|AMD_IS_APU}, + {0x1002, 0x1638, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_RENOIR|AMD_IS_APU}, /* Navi12 */ {0x1002, 0x7360, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_NAVI12}, -- 2.17.1

4 years, 3 months

1
0
0 0

patch "USB: gadget: dummy-hcd: Fix errors in port-reset handling" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled USB: gadget: dummy-hcd: Fix errors in port-reset handling to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 6e6aa61d81194c01283880950df563b1b9abec46 Mon Sep 17 00:00:00 2001 From: Alan Stern <stern(a)rowland.harvard.edu> Date: Wed, 13 Jan 2021 14:45:10 -0500 Subject: USB: gadget: dummy-hcd: Fix errors in port-reset handling Commit c318840fb2a4 ("USB: Gadget: dummy-hcd: Fix shift-out-of-bounds bug") messed up the way dummy-hcd handles requests to turn on the RESET port feature (I didn't notice that the original switch case ended with a fallthrough). The call to set_link_state() was inadvertently removed, as was the code to set the USB_PORT_STAT_RESET flag when the speed is USB2. In addition, the original code never checked whether the port was connected before handling the port-reset request. There was a check for the port being powered, but it was removed by that commit! In practice this doesn't matter much because the kernel doesn't try to reset disconnected ports, but it's still bad form. This patch fixes these problems by changing the fallthrough to break, adding back in the missing set_link_state() call, setting the port-reset status flag, adding a port-is-connected test, and removing a redundant assignment statement. Fixes: c318840fb2a4 ("USB: Gadget: dummy-hcd: Fix shift-out-of-bounds bug") CC: <stable(a)vger.kernel.org> Acked-by: Felipe Balbi <balbi(a)kernel.org> Signed-off-by: Alan Stern <stern(a)rowland.harvard.edu> Link: https://lore.kernel.org/r/20210113194510.GA1290698@rowland.harvard.edu Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/gadget/udc/dummy_hcd.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/drivers/usb/gadget/udc/dummy_hcd.c b/drivers/usb/gadget/udc/dummy_hcd.c index 1a953f44183a..57067763b100 100644 --- a/drivers/usb/gadget/udc/dummy_hcd.c +++ b/drivers/usb/gadget/udc/dummy_hcd.c @@ -2270,17 +2270,20 @@ static int dummy_hub_control( } fallthrough; case USB_PORT_FEAT_RESET: + if (!(dum_hcd->port_status & USB_PORT_STAT_CONNECTION)) + break; /* if it's already enabled, disable */ if (hcd->speed == HCD_USB3) { - dum_hcd->port_status = 0; dum_hcd->port_status = (USB_SS_PORT_STAT_POWER | USB_PORT_STAT_CONNECTION | USB_PORT_STAT_RESET); - } else + } else { dum_hcd->port_status &= ~(USB_PORT_STAT_ENABLE | USB_PORT_STAT_LOW_SPEED | USB_PORT_STAT_HIGH_SPEED); + dum_hcd->port_status |= USB_PORT_STAT_RESET; + } /* * We want to reset device status. All but the * Self powered feature @@ -2292,7 +2295,8 @@ static int dummy_hub_control( * interval? Is it still 50msec as for HS? */ dum_hcd->re_timeout = jiffies + msecs_to_jiffies(50); - fallthrough; + set_link_state(dum_hcd); + break; case USB_PORT_FEAT_C_CONNECTION: case USB_PORT_FEAT_C_RESET: case USB_PORT_FEAT_C_ENABLE: -- 2.30.0

4 years, 3 months

1
0
0 0

[PATCH v3] usb: udc: core: Use lock when write to soft_connect

by Thinh Nguyen

Use lock to guard against concurrent access for soft-connect/disconnect operations when writing to soft_connect sysfs. Cc: stable(a)vger.kernel.org Fixes: 2ccea03a8f7e ("usb: gadget: introduce UDC Class") Signed-off-by: Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> --- Changes in v3: - Improve flow: avoid assigning "ret = n" early Changes in v2: - Consolidate mutex_unlock to a single place using "goto out" drivers/usb/gadget/udc/core.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/drivers/usb/gadget/udc/core.c b/drivers/usb/gadget/udc/core.c index 6a62bbd01324..ea114f922ccf 100644 --- a/drivers/usb/gadget/udc/core.c +++ b/drivers/usb/gadget/udc/core.c @@ -1529,10 +1529,13 @@ static ssize_t soft_connect_store(struct device *dev, struct device_attribute *attr, const char *buf, size_t n) { struct usb_udc *udc = container_of(dev, struct usb_udc, dev); + ssize_t ret; + mutex_lock(&udc_lock); if (!udc->driver) { dev_err(dev, "soft-connect without a gadget driver\n"); - return -EOPNOTSUPP; + ret = -EOPNOTSUPP; + goto out; } if (sysfs_streq(buf, "connect")) { @@ -1543,10 +1546,14 @@ static ssize_t soft_connect_store(struct device *dev, usb_gadget_udc_stop(udc); } else { dev_err(dev, "unsupported command '%s'\n", buf); - return -EINVAL; + ret = -EINVAL; + goto out; } - return n; + ret = n; +out: + mutex_unlock(&udc_lock); + return ret; } static DEVICE_ATTR_WO(soft_connect); base-commit: 4e0dcf62ab4cf917d0cbe751b8bf229a065248d4 -- 2.28.0

4 years, 3 months

2
1
0 0

Re: [PATCH v2] usb: udc: core: Use lock when write to soft_connect

by Greg Kroah-Hartman

On Thu, Jan 14, 2021 at 09:03:53AM +0200, Andy Shevchenko wrote: > On Thursday, January 14, 2021, Ahmed S. Darwish <a.darwish(a)linutronix.de> > wrote: > > > On Wed, Jan 13, 2021 at 07:38:28PM -0800, Thinh Nguyen wrote: > > ... > > > @@ -1543,10 +1546,12 @@ static ssize_t soft_connect_store(struct device > > *dev, > > > usb_gadget_udc_stop(udc); > > > } else { > > > dev_err(dev, "unsupported command '%s'\n", buf); > > > - return -EINVAL; > > > + ret = -EINVAL; > > > } > > > > > > - return n; > > > > Should be ret = n; here. Why? That happened higher up in the patch. thanks, greg k-h

4 years, 3 months

1
0
0 0

[PATCH v2] usb: udc: core: Use lock when write to soft_connect

by Thinh Nguyen

Use lock to guard against concurrent access for soft-connect/disconnect operations when writing to soft_connect sysfs. Cc: stable(a)vger.kernel.org Fixes: 2ccea03a8f7e ("usb: gadget: introduce UDC Class") Signed-off-by: Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> --- Changes in v2: - Consolidate mutex_unlock to a single place using "goto out" drivers/usb/gadget/udc/core.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/drivers/usb/gadget/udc/core.c b/drivers/usb/gadget/udc/core.c index 6a62bbd01324..3363f5c282f1 100644 --- a/drivers/usb/gadget/udc/core.c +++ b/drivers/usb/gadget/udc/core.c @@ -1529,10 +1529,13 @@ static ssize_t soft_connect_store(struct device *dev, struct device_attribute *attr, const char *buf, size_t n) { struct usb_udc *udc = container_of(dev, struct usb_udc, dev); + ssize_t ret = n; + mutex_lock(&udc_lock); if (!udc->driver) { dev_err(dev, "soft-connect without a gadget driver\n"); - return -EOPNOTSUPP; + ret = -EOPNOTSUPP; + goto out; } if (sysfs_streq(buf, "connect")) { @@ -1543,10 +1546,12 @@ static ssize_t soft_connect_store(struct device *dev, usb_gadget_udc_stop(udc); } else { dev_err(dev, "unsupported command '%s'\n", buf); - return -EINVAL; + ret = -EINVAL; } - return n; +out: + mutex_unlock(&udc_lock); + return ret; } static DEVICE_ATTR_WO(soft_connect); base-commit: 4e0dcf62ab4cf917d0cbe751b8bf229a065248d4 -- 2.28.0

4 years, 3 months

3
2
0 0

Re: [PATCH v2] usb: udc: core: Use lock when write to soft_connect

by Thinh Nguyen

Andy Shevchenko wrote: > > > On Thursday, January 14, 2021, Ahmed S. Darwish > <a.darwish(a)linutronix.de <mailto:a.darwish@linutronix.de>> wrote: > > On Wed, Jan 13, 2021 at 07:38:28PM -0800, Thinh Nguyen wrote: > ... > > @@ -1543,10 +1546,12 @@ static ssize_t soft_connect_store(struct > device *dev, > > usb_gadget_udc_stop(udc); > > } else { > > dev_err(dev, "unsupported command '%s'\n", buf); > > - return -EINVAL; > > + ret = -EINVAL; > > } > > > > - return n; > > > > Should be ret = n; here. > > > > +out: > > + mutex_unlock(&udc_lock); > > + return ret; > > } > > This is *very* tricky: the return value will be easily broken if > someone > adds any code later after the else body and before the "out" label. > > > > +1 and it’s not good pattern to assign return value at the definition > time (see comment above ). > > > -- > With Best Regards, > Andy Shevchenko > > Good point. I didn't think about that. Thanks guys. Thinh

4 years, 3 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror January 2021