November 2021 - Linux-stable-mirror

[PATCH] mmc: sdhci-esdhc-imx: disable CMDQ support

by Tim Harvey

On IMX SoC's which support CMDQ the following can occur during high a high cpu load: mmc2: cqhci: ============ CQHCI REGISTER DUMP =========== mmc2: cqhci: Caps: 0x0000310a | Version: 0x00000510 mmc2: cqhci: Config: 0x00001001 | Control: 0x00000000 mmc2: cqhci: Int stat: 0x00000000 | Int enab: 0x00000006 mmc2: cqhci: Int sig: 0x00000006 | Int Coal: 0x00000000 mmc2: cqhci: TDL base: 0x8003f000 | TDL up32: 0x00000000 mmc2: cqhci: Doorbell: 0xbf01dfff | TCN: 0x00000000 mmc2: cqhci: Dev queue: 0x00000000 | Dev Pend: 0x08000000 mmc2: cqhci: Task clr: 0x00000000 | SSC1: 0x00011000 mmc2: cqhci: SSC2: 0x00000001 | DCMD rsp: 0x00000800 mmc2: cqhci: RED mask: 0xfdf9a080 | TERRI: 0x00000000 mmc2: cqhci: Resp idx: 0x0000000d | Resp arg: 0x00000000 mmc2: sdhci: ============ SDHCI REGISTER DUMP =========== mmc2: sdhci: Sys addr: 0x7c722000 | Version: 0x00000002 mmc2: sdhci: Blk size: 0x00000200 | Blk cnt: 0x00000020 mmc2: sdhci: Argument: 0x00018000 | Trn mode: 0x00000023 mmc2: sdhci: Present: 0x01f88008 | Host ctl: 0x00000030 mmc2: sdhci: Power: 0x00000002 | Blk gap: 0x00000080 mmc2: sdhci: Wake-up: 0x00000008 | Clock: 0x0000000f mmc2: sdhci: Timeout: 0x0000008f | Int stat: 0x00000000 mmc2: sdhci: Int enab: 0x107f4000 | Sig enab: 0x107f4000 mmc2: sdhci: ACmd stat: 0x00000000 | Slot int: 0x00000502 mmc2: sdhci: Caps: 0x07eb0000 | Caps_1: 0x8000b407 mmc2: sdhci: Cmd: 0x00000d1a | Max curr: 0x00ffffff mmc2: sdhci: Resp[0]: 0x00000000 | Resp[1]: 0xffc003ff mmc2: sdhci: Resp[2]: 0x328f5903 | Resp[3]: 0x00d07f01 mmc2: sdhci: Host ctl2: 0x00000088 mmc2: sdhci: ADMA Err: 0x00000000 | ADMA Ptr: 0xfe179020 mmc2: sdhci-esdhc-imx: ========= ESDHC IMX DEBUG STATUS DUMP ==== mmc2: sdhci-esdhc-imx: cmd debug status: 0x2120 mmc2: sdhci-esdhc-imx: data debug status: 0x2200 mmc2: sdhci-esdhc-imx: trans debug status: 0x2300 mmc2: sdhci-esdhc-imx: dma debug status: 0x2400 mmc2: sdhci-esdhc-imx: adma debug status: 0x2510 mmc2: sdhci-esdhc-imx: fifo debug status: 0x2680 mmc2: sdhci-esdhc-imx: async fifo debug status: 0x2750 mmc2: sdhci: ============================================ For now, disable CMDQ support on the imx8qm/imx8qxp/imx8mm until the issue is found and resolved. Fixes: bb6e358169bf6 ("mmc: sdhci-esdhc-imx: add CMDQ support") Fixes: cde5e8e9ff146 ("mmc: sdhci-esdhc-imx: Add an new esdhc_soc_data for i.MX8MM") Cc: stable(a)vger.kernel.org Signed-off-by: Tim Harvey <tharvey(a)gateworks.com> --- drivers/mmc/host/sdhci-esdhc-imx.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/drivers/mmc/host/sdhci-esdhc-imx.c b/drivers/mmc/host/sdhci-esdhc-imx.c index e658f0174242..60f19369de84 100644 --- a/drivers/mmc/host/sdhci-esdhc-imx.c +++ b/drivers/mmc/host/sdhci-esdhc-imx.c @@ -300,7 +300,6 @@ static struct esdhc_soc_data usdhc_imx8qxp_data = { .flags = ESDHC_FLAG_USDHC | ESDHC_FLAG_STD_TUNING | ESDHC_FLAG_HAVE_CAP1 | ESDHC_FLAG_HS200 | ESDHC_FLAG_HS400 | ESDHC_FLAG_HS400_ES - | ESDHC_FLAG_CQHCI | ESDHC_FLAG_STATE_LOST_IN_LPMODE | ESDHC_FLAG_CLK_RATE_LOST_IN_PM_RUNTIME, }; @@ -309,7 +308,6 @@ static struct esdhc_soc_data usdhc_imx8mm_data = { .flags = ESDHC_FLAG_USDHC | ESDHC_FLAG_STD_TUNING | ESDHC_FLAG_HAVE_CAP1 | ESDHC_FLAG_HS200 | ESDHC_FLAG_HS400 | ESDHC_FLAG_HS400_ES - | ESDHC_FLAG_CQHCI | ESDHC_FLAG_STATE_LOST_IN_LPMODE, }; -- 2.17.1

3 years, 1 month

5
4
0 0

FAILED: patch "[PATCH] mm, thp: fix incorrect unmap behavior for private pages" failed to apply to 5.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 8468e937df1f31411d1e127fa38db064af051fe5 Mon Sep 17 00:00:00 2001 From: Rongwei Wang <rongwei.wang(a)linux.alibaba.com> Date: Fri, 5 Nov 2021 13:43:44 -0700 Subject: [PATCH] mm, thp: fix incorrect unmap behavior for private pages When truncating pagecache on file THP, the private pages of a process should not be unmapped mapping. This incorrect behavior on a dynamic shared libraries which will cause related processes to happen core dump. A simple test for a DSO (Prerequisite is the DSO mapped in file THP): int main(int argc, char *argv[]) { int fd; fd = open(argv[1], O_WRONLY); if (fd < 0) { perror("open"); } close(fd); return 0; } The test only to open a target DSO, and do nothing. But this operation will lead one or more process to happen core dump. This patch mainly to fix this bug. Link: https://lkml.kernel.org/r/20211025092134.18562-3-rongwei.wang@linux.alibaba… Fixes: eb6ecbed0aa2 ("mm, thp: relax the VM_DENYWRITE constraint on file-backed THPs") Signed-off-by: Rongwei Wang <rongwei.wang(a)linux.alibaba.com> Tested-by: Xu Yu <xuyu(a)linux.alibaba.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Song Liu <song(a)kernel.org> Cc: William Kucharski <william.kucharski(a)oracle.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Yang Shi <shy828301(a)gmail.com> Cc: Mike Kravetz <mike.kravetz(a)oracle.com> Cc: Collin Fijalkovich <cfijalkovich(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> diff --git a/fs/open.c b/fs/open.c index 9ec3cfca3b1a..e0df1536eb69 100644 --- a/fs/open.c +++ b/fs/open.c @@ -857,8 +857,17 @@ static int do_dentry_open(struct file *f, */ smp_mb(); if (filemap_nr_thps(inode->i_mapping)) { + struct address_space *mapping = inode->i_mapping; + filemap_invalidate_lock(inode->i_mapping); - truncate_pagecache(inode, 0); + /* + * unmap_mapping_range just need to be called once + * here, because the private pages is not need to be + * unmapped mapping (e.g. data segment of dynamic + * shared libraries here). + */ + unmap_mapping_range(mapping, 0, 0, 0); + truncate_inode_pages(mapping, 0); filemap_invalidate_unlock(inode->i_mapping); } }

3 years, 1 month

1
0
0 0

FAILED: patch "[PATCH] mm, thp: lock filemap when truncating page cache" failed to apply to 5.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 55fc0d91746759c71bc165bba62a2db64ac98e35 Mon Sep 17 00:00:00 2001 From: Rongwei Wang <rongwei.wang(a)linux.alibaba.com> Date: Fri, 5 Nov 2021 13:43:41 -0700 Subject: [PATCH] mm, thp: lock filemap when truncating page cache Patch series "fix two bugs for file THP". This patch (of 2): Transparent huge page has supported read-only non-shmem files. The file- backed THP is collapsed by khugepaged and truncated when written (for shared libraries). However, there is a race when multiple writers truncate the same page cache concurrently. In that case, subpage(s) of file THP can be revealed by find_get_entry in truncate_inode_pages_range, which will trigger PageTail BUG_ON in truncate_inode_page, as follows: page:000000009e420ff2 refcount:1 mapcount:0 mapping:0000000000000000 index:0x7ff pfn:0x50c3ff head:0000000075ff816d order:9 compound_mapcount:0 compound_pincount:0 flags: 0x37fffe0000010815(locked|uptodate|lru|arch_1|head) raw: 37fffe0000000000 fffffe0013108001 dead000000000122 dead000000000400 raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 head: 37fffe0000010815 fffffe001066bd48 ffff000404183c20 0000000000000000 head: 0000000000000600 0000000000000000 00000001ffffffff ffff000c0345a000 page dumped because: VM_BUG_ON_PAGE(PageTail(page)) ------------[ cut here ]------------ kernel BUG at mm/truncate.c:213! Internal error: Oops - BUG: 0 [#1] SMP Modules linked in: xfs(E) libcrc32c(E) rfkill(E) ... CPU: 14 PID: 11394 Comm: check_madvise_d Kdump: ... Hardware name: ECS, BIOS 0.0.0 02/06/2015 pstate: 60400005 (nZCv daif +PAN -UAO -TCO BTYPE=--) Call trace: truncate_inode_page+0x64/0x70 truncate_inode_pages_range+0x550/0x7e4 truncate_pagecache+0x58/0x80 do_dentry_open+0x1e4/0x3c0 vfs_open+0x38/0x44 do_open+0x1f0/0x310 path_openat+0x114/0x1dc do_filp_open+0x84/0x134 do_sys_openat2+0xbc/0x164 __arm64_sys_openat+0x74/0xc0 el0_svc_common.constprop.0+0x88/0x220 do_el0_svc+0x30/0xa0 el0_svc+0x20/0x30 el0_sync_handler+0x1a4/0x1b0 el0_sync+0x180/0x1c0 Code: aa0103e0 900061e1 910ec021 9400d300 (d4210000) This patch mainly to lock filemap when one enter truncate_pagecache(), avoiding truncating the same page cache concurrently. Link: https://lkml.kernel.org/r/20211025092134.18562-1-rongwei.wang@linux.alibaba… Link: https://lkml.kernel.org/r/20211025092134.18562-2-rongwei.wang@linux.alibaba… Fixes: eb6ecbed0aa2 ("mm, thp: relax the VM_DENYWRITE constraint on file-backed THPs") Signed-off-by: Xu Yu <xuyu(a)linux.alibaba.com> Signed-off-by: Rongwei Wang <rongwei.wang(a)linux.alibaba.com> Suggested-by: Matthew Wilcox (Oracle) <willy(a)infradead.org> Tested-by: Song Liu <song(a)kernel.org> Cc: Collin Fijalkovich <cfijalkovich(a)google.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Mike Kravetz <mike.kravetz(a)oracle.com> Cc: William Kucharski <william.kucharski(a)oracle.com> Cc: Yang Shi <shy828301(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> diff --git a/fs/open.c b/fs/open.c index daa324606a41..9ec3cfca3b1a 100644 --- a/fs/open.c +++ b/fs/open.c @@ -856,8 +856,11 @@ static int do_dentry_open(struct file *f, * of THPs into the page cache will fail. */ smp_mb(); - if (filemap_nr_thps(inode->i_mapping)) + if (filemap_nr_thps(inode->i_mapping)) { + filemap_invalidate_lock(inode->i_mapping); truncate_pagecache(inode, 0); + filemap_invalidate_unlock(inode->i_mapping); + } } return 0;

3 years, 1 month

1
0
0 0

FAILED: patch "[PATCH] PM: sleep: Avoid calling put_device() under dpm_list_mtx" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 2aa36604e8243698ff22bd5fef0dd0c6bb07ba92 Mon Sep 17 00:00:00 2001 From: "Rafael J. Wysocki" <rafael.j.wysocki(a)intel.com> Date: Thu, 4 Nov 2021 18:26:26 +0100 Subject: [PATCH] PM: sleep: Avoid calling put_device() under dpm_list_mtx It is generally unsafe to call put_device() with dpm_list_mtx held, because the given device's release routine may carry out an action depending on that lock which then may deadlock, so modify the system-wide suspend and resume of devices to always drop dpm_list_mtx before calling put_device() (and adjust white space somewhat while at it). For instance, this prevents the following splat from showing up in the kernel log after a system resume in certain configurations: [ 3290.969514] ====================================================== [ 3290.969517] WARNING: possible circular locking dependency detected [ 3290.969519] 5.15.0+ #2420 Tainted: G S [ 3290.969523] ------------------------------------------------------ [ 3290.969525] systemd-sleep/4553 is trying to acquire lock: [ 3290.969529] ffff888117ab1138 ((wq_completion)hci0#2){+.+.}-{0:0}, at: flush_workqueue+0x87/0x4a0 [ 3290.969554] but task is already holding lock: [ 3290.969556] ffffffff8280fca8 (dpm_list_mtx){+.+.}-{3:3}, at: dpm_resume+0x12e/0x3e0 [ 3290.969571] which lock already depends on the new lock. [ 3290.969573] the existing dependency chain (in reverse order) is: [ 3290.969575] -> #3 (dpm_list_mtx){+.+.}-{3:3}: [ 3290.969583] __mutex_lock+0x9d/0xa30 [ 3290.969591] device_pm_add+0x2e/0xe0 [ 3290.969597] device_add+0x4d5/0x8f0 [ 3290.969605] hci_conn_add_sysfs+0x43/0xb0 [bluetooth] [ 3290.969689] hci_conn_complete_evt.isra.71+0x124/0x750 [bluetooth] [ 3290.969747] hci_event_packet+0xd6c/0x28a0 [bluetooth] [ 3290.969798] hci_rx_work+0x213/0x640 [bluetooth] [ 3290.969842] process_one_work+0x2aa/0x650 [ 3290.969851] worker_thread+0x39/0x400 [ 3290.969859] kthread+0x142/0x170 [ 3290.969865] ret_from_fork+0x22/0x30 [ 3290.969872] -> #2 (&hdev->lock){+.+.}-{3:3}: [ 3290.969881] __mutex_lock+0x9d/0xa30 [ 3290.969887] hci_event_packet+0xba/0x28a0 [bluetooth] [ 3290.969935] hci_rx_work+0x213/0x640 [bluetooth] [ 3290.969978] process_one_work+0x2aa/0x650 [ 3290.969985] worker_thread+0x39/0x400 [ 3290.969993] kthread+0x142/0x170 [ 3290.969999] ret_from_fork+0x22/0x30 [ 3290.970004] -> #1 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}: [ 3290.970013] process_one_work+0x27d/0x650 [ 3290.970020] worker_thread+0x39/0x400 [ 3290.970028] kthread+0x142/0x170 [ 3290.970033] ret_from_fork+0x22/0x30 [ 3290.970038] -> #0 ((wq_completion)hci0#2){+.+.}-{0:0}: [ 3290.970047] __lock_acquire+0x15cb/0x1b50 [ 3290.970054] lock_acquire+0x26c/0x300 [ 3290.970059] flush_workqueue+0xae/0x4a0 [ 3290.970066] drain_workqueue+0xa1/0x130 [ 3290.970073] destroy_workqueue+0x34/0x1f0 [ 3290.970081] hci_release_dev+0x49/0x180 [bluetooth] [ 3290.970130] bt_host_release+0x1d/0x30 [bluetooth] [ 3290.970195] device_release+0x33/0x90 [ 3290.970201] kobject_release+0x63/0x160 [ 3290.970211] dpm_resume+0x164/0x3e0 [ 3290.970215] dpm_resume_end+0xd/0x20 [ 3290.970220] suspend_devices_and_enter+0x1a4/0xba0 [ 3290.970229] pm_suspend+0x26b/0x310 [ 3290.970236] state_store+0x42/0x90 [ 3290.970243] kernfs_fop_write_iter+0x135/0x1b0 [ 3290.970251] new_sync_write+0x125/0x1c0 [ 3290.970257] vfs_write+0x360/0x3c0 [ 3290.970263] ksys_write+0xa7/0xe0 [ 3290.970269] do_syscall_64+0x3a/0x80 [ 3290.970276] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 3290.970284] other info that might help us debug this: [ 3290.970285] Chain exists of: (wq_completion)hci0#2 --> &hdev->lock --> dpm_list_mtx [ 3290.970297] Possible unsafe locking scenario: [ 3290.970299] CPU0 CPU1 [ 3290.970300] ---- ---- [ 3290.970302] lock(dpm_list_mtx); [ 3290.970306] lock(&hdev->lock); [ 3290.970310] lock(dpm_list_mtx); [ 3290.970314] lock((wq_completion)hci0#2); [ 3290.970319] *** DEADLOCK *** [ 3290.970321] 7 locks held by systemd-sleep/4553: [ 3290.970325] #0: ffff888103bcd448 (sb_writers#4){.+.+}-{0:0}, at: ksys_write+0xa7/0xe0 [ 3290.970341] #1: ffff888115a14488 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x103/0x1b0 [ 3290.970355] #2: ffff888100f719e0 (kn->active#233){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x10c/0x1b0 [ 3290.970369] #3: ffffffff82661048 (autosleep_lock){+.+.}-{3:3}, at: state_store+0x12/0x90 [ 3290.970384] #4: ffffffff82658ac8 (system_transition_mutex){+.+.}-{3:3}, at: pm_suspend+0x9f/0x310 [ 3290.970399] #5: ffffffff827f2a48 (acpi_scan_lock){+.+.}-{3:3}, at: acpi_suspend_begin+0x4c/0x80 [ 3290.970416] #6: ffffffff8280fca8 (dpm_list_mtx){+.+.}-{3:3}, at: dpm_resume+0x12e/0x3e0 [ 3290.970428] stack backtrace: [ 3290.970431] CPU: 3 PID: 4553 Comm: systemd-sleep Tainted: G S 5.15.0+ #2420 [ 3290.970438] Hardware name: Dell Inc. XPS 13 9380/0RYJWW, BIOS 1.5.0 06/03/2019 [ 3290.970441] Call Trace: [ 3290.970446] dump_stack_lvl+0x44/0x57 [ 3290.970454] check_noncircular+0x105/0x120 [ 3290.970468] ? __lock_acquire+0x15cb/0x1b50 [ 3290.970474] __lock_acquire+0x15cb/0x1b50 [ 3290.970487] lock_acquire+0x26c/0x300 [ 3290.970493] ? flush_workqueue+0x87/0x4a0 [ 3290.970503] ? __raw_spin_lock_init+0x3b/0x60 [ 3290.970510] ? lockdep_init_map_type+0x58/0x240 [ 3290.970519] flush_workqueue+0xae/0x4a0 [ 3290.970526] ? flush_workqueue+0x87/0x4a0 [ 3290.970544] ? drain_workqueue+0xa1/0x130 [ 3290.970552] drain_workqueue+0xa1/0x130 [ 3290.970561] destroy_workqueue+0x34/0x1f0 [ 3290.970572] hci_release_dev+0x49/0x180 [bluetooth] [ 3290.970624] bt_host_release+0x1d/0x30 [bluetooth] [ 3290.970687] device_release+0x33/0x90 [ 3290.970695] kobject_release+0x63/0x160 [ 3290.970705] dpm_resume+0x164/0x3e0 [ 3290.970710] ? dpm_resume_early+0x251/0x3b0 [ 3290.970718] dpm_resume_end+0xd/0x20 [ 3290.970723] suspend_devices_and_enter+0x1a4/0xba0 [ 3290.970737] pm_suspend+0x26b/0x310 [ 3290.970746] state_store+0x42/0x90 [ 3290.970755] kernfs_fop_write_iter+0x135/0x1b0 [ 3290.970764] new_sync_write+0x125/0x1c0 [ 3290.970777] vfs_write+0x360/0x3c0 [ 3290.970785] ksys_write+0xa7/0xe0 [ 3290.970794] do_syscall_64+0x3a/0x80 [ 3290.970803] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 3290.970811] RIP: 0033:0x7f41b1328164 [ 3290.970819] Code: 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 80 00 00 00 00 8b 05 4a d2 2c 00 48 63 ff 85 c0 75 13 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 f3 c3 66 90 55 53 48 89 d5 48 89 f3 48 83 [ 3290.970824] RSP: 002b:00007ffe6ae21b28 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3290.970831] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f41b1328164 [ 3290.970836] RDX: 0000000000000004 RSI: 000055965e651070 RDI: 0000000000000004 [ 3290.970839] RBP: 000055965e651070 R08: 000055965e64f390 R09: 00007f41b1e3d1c0 [ 3290.970843] R10: 000000000000000a R11: 0000000000000246 R12: 0000000000000004 [ 3290.970846] R13: 0000000000000001 R14: 000055965e64f2b0 R15: 0000000000000004 Cc: All applicable <stable(a)vger.kernel.org> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> diff --git a/drivers/base/power/main.c b/drivers/base/power/main.c index 2fb08d4f1aca..f4d0c555de29 100644 --- a/drivers/base/power/main.c +++ b/drivers/base/power/main.c @@ -710,6 +710,7 @@ static void dpm_noirq_resume_devices(pm_message_t state) dev = to_device(dpm_noirq_list.next); get_device(dev); list_move_tail(&dev->power.entry, &dpm_late_early_list); + mutex_unlock(&dpm_list_mtx); if (!is_async(dev)) { @@ -724,8 +725,9 @@ static void dpm_noirq_resume_devices(pm_message_t state) } } - mutex_lock(&dpm_list_mtx); put_device(dev); + + mutex_lock(&dpm_list_mtx); } mutex_unlock(&dpm_list_mtx); async_synchronize_full(); @@ -849,6 +851,7 @@ void dpm_resume_early(pm_message_t state) dev = to_device(dpm_late_early_list.next); get_device(dev); list_move_tail(&dev->power.entry, &dpm_suspended_list); + mutex_unlock(&dpm_list_mtx); if (!is_async(dev)) { @@ -862,8 +865,10 @@ void dpm_resume_early(pm_message_t state) pm_dev_err(dev, state, " early", error); } } - mutex_lock(&dpm_list_mtx); + put_device(dev); + + mutex_lock(&dpm_list_mtx); } mutex_unlock(&dpm_list_mtx); async_synchronize_full(); @@ -1026,7 +1031,12 @@ void dpm_resume(pm_message_t state) } if (!list_empty(&dev->power.entry)) list_move_tail(&dev->power.entry, &dpm_prepared_list); + + mutex_unlock(&dpm_list_mtx); + put_device(dev); + + mutex_lock(&dpm_list_mtx); } mutex_unlock(&dpm_list_mtx); async_synchronize_full(); @@ -1104,14 +1114,16 @@ void dpm_complete(pm_message_t state) get_device(dev); dev->power.is_prepared = false; list_move(&dev->power.entry, &list); + mutex_unlock(&dpm_list_mtx); trace_device_pm_callback_start(dev, "", state.event); device_complete(dev, state); trace_device_pm_callback_end(dev, 0); - mutex_lock(&dpm_list_mtx); put_device(dev); + + mutex_lock(&dpm_list_mtx); } list_splice(&list, &dpm_list); mutex_unlock(&dpm_list_mtx); @@ -1296,17 +1308,21 @@ static int dpm_noirq_suspend_devices(pm_message_t state) error = device_suspend_noirq(dev); mutex_lock(&dpm_list_mtx); + if (error) { pm_dev_err(dev, state, " noirq", error); dpm_save_failed_dev(dev_name(dev)); - put_device(dev); - break; - } - if (!list_empty(&dev->power.entry)) + } else if (!list_empty(&dev->power.entry)) { list_move(&dev->power.entry, &dpm_noirq_list); + } + + mutex_unlock(&dpm_list_mtx); + put_device(dev); - if (async_error) + mutex_lock(&dpm_list_mtx); + + if (error || async_error) break; } mutex_unlock(&dpm_list_mtx); @@ -1472,23 +1488,28 @@ int dpm_suspend_late(pm_message_t state) struct device *dev = to_device(dpm_suspended_list.prev); get_device(dev); + mutex_unlock(&dpm_list_mtx); error = device_suspend_late(dev); mutex_lock(&dpm_list_mtx); + if (!list_empty(&dev->power.entry)) list_move(&dev->power.entry, &dpm_late_early_list); if (error) { pm_dev_err(dev, state, " late", error); dpm_save_failed_dev(dev_name(dev)); - put_device(dev); - break; } + + mutex_unlock(&dpm_list_mtx); + put_device(dev); - if (async_error) + mutex_lock(&dpm_list_mtx); + + if (error || async_error) break; } mutex_unlock(&dpm_list_mtx); @@ -1748,21 +1769,27 @@ int dpm_suspend(pm_message_t state) struct device *dev = to_device(dpm_prepared_list.prev); get_device(dev); + mutex_unlock(&dpm_list_mtx); error = device_suspend(dev); mutex_lock(&dpm_list_mtx); + if (error) { pm_dev_err(dev, state, "", error); dpm_save_failed_dev(dev_name(dev)); - put_device(dev); - break; - } - if (!list_empty(&dev->power.entry)) + } else if (!list_empty(&dev->power.entry)) { list_move(&dev->power.entry, &dpm_suspended_list); + } + + mutex_unlock(&dpm_list_mtx); + put_device(dev); - if (async_error) + + mutex_lock(&dpm_list_mtx); + + if (error || async_error) break; } mutex_unlock(&dpm_list_mtx); @@ -1879,6 +1906,7 @@ int dpm_prepare(pm_message_t state) struct device *dev = to_device(dpm_list.next); get_device(dev); + mutex_unlock(&dpm_list_mtx); trace_device_pm_callback_start(dev, "", state.event); @@ -1886,21 +1914,23 @@ int dpm_prepare(pm_message_t state) trace_device_pm_callback_end(dev, error); mutex_lock(&dpm_list_mtx); - if (error) { - if (error == -EAGAIN) { - put_device(dev); - error = 0; - continue; - } + + if (!error) { + dev->power.is_prepared = true; + if (!list_empty(&dev->power.entry)) + list_move_tail(&dev->power.entry, &dpm_prepared_list); + } else if (error == -EAGAIN) { + error = 0; + } else { dev_info(dev, "not prepared for power transition: code %d\n", error); - put_device(dev); - break; } - dev->power.is_prepared = true; - if (!list_empty(&dev->power.entry)) - list_move_tail(&dev->power.entry, &dpm_prepared_list); + + mutex_unlock(&dpm_list_mtx); + put_device(dev); + + mutex_lock(&dpm_list_mtx); } mutex_unlock(&dpm_list_mtx); trace_suspend_resume(TPS("dpm_prepare"), state.event, false);

3 years, 1 month

1
0
0 0

FAILED: patch "[PATCH] PM: sleep: Avoid calling put_device() under dpm_list_mtx" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 2aa36604e8243698ff22bd5fef0dd0c6bb07ba92 Mon Sep 17 00:00:00 2001 From: "Rafael J. Wysocki" <rafael.j.wysocki(a)intel.com> Date: Thu, 4 Nov 2021 18:26:26 +0100 Subject: [PATCH] PM: sleep: Avoid calling put_device() under dpm_list_mtx It is generally unsafe to call put_device() with dpm_list_mtx held, because the given device's release routine may carry out an action depending on that lock which then may deadlock, so modify the system-wide suspend and resume of devices to always drop dpm_list_mtx before calling put_device() (and adjust white space somewhat while at it). For instance, this prevents the following splat from showing up in the kernel log after a system resume in certain configurations: [ 3290.969514] ====================================================== [ 3290.969517] WARNING: possible circular locking dependency detected [ 3290.969519] 5.15.0+ #2420 Tainted: G S [ 3290.969523] ------------------------------------------------------ [ 3290.969525] systemd-sleep/4553 is trying to acquire lock: [ 3290.969529] ffff888117ab1138 ((wq_completion)hci0#2){+.+.}-{0:0}, at: flush_workqueue+0x87/0x4a0 [ 3290.969554] but task is already holding lock: [ 3290.969556] ffffffff8280fca8 (dpm_list_mtx){+.+.}-{3:3}, at: dpm_resume+0x12e/0x3e0 [ 3290.969571] which lock already depends on the new lock. [ 3290.969573] the existing dependency chain (in reverse order) is: [ 3290.969575] -> #3 (dpm_list_mtx){+.+.}-{3:3}: [ 3290.969583] __mutex_lock+0x9d/0xa30 [ 3290.969591] device_pm_add+0x2e/0xe0 [ 3290.969597] device_add+0x4d5/0x8f0 [ 3290.969605] hci_conn_add_sysfs+0x43/0xb0 [bluetooth] [ 3290.969689] hci_conn_complete_evt.isra.71+0x124/0x750 [bluetooth] [ 3290.969747] hci_event_packet+0xd6c/0x28a0 [bluetooth] [ 3290.969798] hci_rx_work+0x213/0x640 [bluetooth] [ 3290.969842] process_one_work+0x2aa/0x650 [ 3290.969851] worker_thread+0x39/0x400 [ 3290.969859] kthread+0x142/0x170 [ 3290.969865] ret_from_fork+0x22/0x30 [ 3290.969872] -> #2 (&hdev->lock){+.+.}-{3:3}: [ 3290.969881] __mutex_lock+0x9d/0xa30 [ 3290.969887] hci_event_packet+0xba/0x28a0 [bluetooth] [ 3290.969935] hci_rx_work+0x213/0x640 [bluetooth] [ 3290.969978] process_one_work+0x2aa/0x650 [ 3290.969985] worker_thread+0x39/0x400 [ 3290.969993] kthread+0x142/0x170 [ 3290.969999] ret_from_fork+0x22/0x30 [ 3290.970004] -> #1 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}: [ 3290.970013] process_one_work+0x27d/0x650 [ 3290.970020] worker_thread+0x39/0x400 [ 3290.970028] kthread+0x142/0x170 [ 3290.970033] ret_from_fork+0x22/0x30 [ 3290.970038] -> #0 ((wq_completion)hci0#2){+.+.}-{0:0}: [ 3290.970047] __lock_acquire+0x15cb/0x1b50 [ 3290.970054] lock_acquire+0x26c/0x300 [ 3290.970059] flush_workqueue+0xae/0x4a0 [ 3290.970066] drain_workqueue+0xa1/0x130 [ 3290.970073] destroy_workqueue+0x34/0x1f0 [ 3290.970081] hci_release_dev+0x49/0x180 [bluetooth] [ 3290.970130] bt_host_release+0x1d/0x30 [bluetooth] [ 3290.970195] device_release+0x33/0x90 [ 3290.970201] kobject_release+0x63/0x160 [ 3290.970211] dpm_resume+0x164/0x3e0 [ 3290.970215] dpm_resume_end+0xd/0x20 [ 3290.970220] suspend_devices_and_enter+0x1a4/0xba0 [ 3290.970229] pm_suspend+0x26b/0x310 [ 3290.970236] state_store+0x42/0x90 [ 3290.970243] kernfs_fop_write_iter+0x135/0x1b0 [ 3290.970251] new_sync_write+0x125/0x1c0 [ 3290.970257] vfs_write+0x360/0x3c0 [ 3290.970263] ksys_write+0xa7/0xe0 [ 3290.970269] do_syscall_64+0x3a/0x80 [ 3290.970276] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 3290.970284] other info that might help us debug this: [ 3290.970285] Chain exists of: (wq_completion)hci0#2 --> &hdev->lock --> dpm_list_mtx [ 3290.970297] Possible unsafe locking scenario: [ 3290.970299] CPU0 CPU1 [ 3290.970300] ---- ---- [ 3290.970302] lock(dpm_list_mtx); [ 3290.970306] lock(&hdev->lock); [ 3290.970310] lock(dpm_list_mtx); [ 3290.970314] lock((wq_completion)hci0#2); [ 3290.970319] *** DEADLOCK *** [ 3290.970321] 7 locks held by systemd-sleep/4553: [ 3290.970325] #0: ffff888103bcd448 (sb_writers#4){.+.+}-{0:0}, at: ksys_write+0xa7/0xe0 [ 3290.970341] #1: ffff888115a14488 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x103/0x1b0 [ 3290.970355] #2: ffff888100f719e0 (kn->active#233){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x10c/0x1b0 [ 3290.970369] #3: ffffffff82661048 (autosleep_lock){+.+.}-{3:3}, at: state_store+0x12/0x90 [ 3290.970384] #4: ffffffff82658ac8 (system_transition_mutex){+.+.}-{3:3}, at: pm_suspend+0x9f/0x310 [ 3290.970399] #5: ffffffff827f2a48 (acpi_scan_lock){+.+.}-{3:3}, at: acpi_suspend_begin+0x4c/0x80 [ 3290.970416] #6: ffffffff8280fca8 (dpm_list_mtx){+.+.}-{3:3}, at: dpm_resume+0x12e/0x3e0 [ 3290.970428] stack backtrace: [ 3290.970431] CPU: 3 PID: 4553 Comm: systemd-sleep Tainted: G S 5.15.0+ #2420 [ 3290.970438] Hardware name: Dell Inc. XPS 13 9380/0RYJWW, BIOS 1.5.0 06/03/2019 [ 3290.970441] Call Trace: [ 3290.970446] dump_stack_lvl+0x44/0x57 [ 3290.970454] check_noncircular+0x105/0x120 [ 3290.970468] ? __lock_acquire+0x15cb/0x1b50 [ 3290.970474] __lock_acquire+0x15cb/0x1b50 [ 3290.970487] lock_acquire+0x26c/0x300 [ 3290.970493] ? flush_workqueue+0x87/0x4a0 [ 3290.970503] ? __raw_spin_lock_init+0x3b/0x60 [ 3290.970510] ? lockdep_init_map_type+0x58/0x240 [ 3290.970519] flush_workqueue+0xae/0x4a0 [ 3290.970526] ? flush_workqueue+0x87/0x4a0 [ 3290.970544] ? drain_workqueue+0xa1/0x130 [ 3290.970552] drain_workqueue+0xa1/0x130 [ 3290.970561] destroy_workqueue+0x34/0x1f0 [ 3290.970572] hci_release_dev+0x49/0x180 [bluetooth] [ 3290.970624] bt_host_release+0x1d/0x30 [bluetooth] [ 3290.970687] device_release+0x33/0x90 [ 3290.970695] kobject_release+0x63/0x160 [ 3290.970705] dpm_resume+0x164/0x3e0 [ 3290.970710] ? dpm_resume_early+0x251/0x3b0 [ 3290.970718] dpm_resume_end+0xd/0x20 [ 3290.970723] suspend_devices_and_enter+0x1a4/0xba0 [ 3290.970737] pm_suspend+0x26b/0x310 [ 3290.970746] state_store+0x42/0x90 [ 3290.970755] kernfs_fop_write_iter+0x135/0x1b0 [ 3290.970764] new_sync_write+0x125/0x1c0 [ 3290.970777] vfs_write+0x360/0x3c0 [ 3290.970785] ksys_write+0xa7/0xe0 [ 3290.970794] do_syscall_64+0x3a/0x80 [ 3290.970803] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 3290.970811] RIP: 0033:0x7f41b1328164 [ 3290.970819] Code: 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 80 00 00 00 00 8b 05 4a d2 2c 00 48 63 ff 85 c0 75 13 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 f3 c3 66 90 55 53 48 89 d5 48 89 f3 48 83 [ 3290.970824] RSP: 002b:00007ffe6ae21b28 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3290.970831] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f41b1328164 [ 3290.970836] RDX: 0000000000000004 RSI: 000055965e651070 RDI: 0000000000000004 [ 3290.970839] RBP: 000055965e651070 R08: 000055965e64f390 R09: 00007f41b1e3d1c0 [ 3290.970843] R10: 000000000000000a R11: 0000000000000246 R12: 0000000000000004 [ 3290.970846] R13: 0000000000000001 R14: 000055965e64f2b0 R15: 0000000000000004 Cc: All applicable <stable(a)vger.kernel.org> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> diff --git a/drivers/base/power/main.c b/drivers/base/power/main.c index 2fb08d4f1aca..f4d0c555de29 100644 --- a/drivers/base/power/main.c +++ b/drivers/base/power/main.c @@ -710,6 +710,7 @@ static void dpm_noirq_resume_devices(pm_message_t state) dev = to_device(dpm_noirq_list.next); get_device(dev); list_move_tail(&dev->power.entry, &dpm_late_early_list); + mutex_unlock(&dpm_list_mtx); if (!is_async(dev)) { @@ -724,8 +725,9 @@ static void dpm_noirq_resume_devices(pm_message_t state) } } - mutex_lock(&dpm_list_mtx); put_device(dev); + + mutex_lock(&dpm_list_mtx); } mutex_unlock(&dpm_list_mtx); async_synchronize_full(); @@ -849,6 +851,7 @@ void dpm_resume_early(pm_message_t state) dev = to_device(dpm_late_early_list.next); get_device(dev); list_move_tail(&dev->power.entry, &dpm_suspended_list); + mutex_unlock(&dpm_list_mtx); if (!is_async(dev)) { @@ -862,8 +865,10 @@ void dpm_resume_early(pm_message_t state) pm_dev_err(dev, state, " early", error); } } - mutex_lock(&dpm_list_mtx); + put_device(dev); + + mutex_lock(&dpm_list_mtx); } mutex_unlock(&dpm_list_mtx); async_synchronize_full(); @@ -1026,7 +1031,12 @@ void dpm_resume(pm_message_t state) } if (!list_empty(&dev->power.entry)) list_move_tail(&dev->power.entry, &dpm_prepared_list); + + mutex_unlock(&dpm_list_mtx); + put_device(dev); + + mutex_lock(&dpm_list_mtx); } mutex_unlock(&dpm_list_mtx); async_synchronize_full(); @@ -1104,14 +1114,16 @@ void dpm_complete(pm_message_t state) get_device(dev); dev->power.is_prepared = false; list_move(&dev->power.entry, &list); + mutex_unlock(&dpm_list_mtx); trace_device_pm_callback_start(dev, "", state.event); device_complete(dev, state); trace_device_pm_callback_end(dev, 0); - mutex_lock(&dpm_list_mtx); put_device(dev); + + mutex_lock(&dpm_list_mtx); } list_splice(&list, &dpm_list); mutex_unlock(&dpm_list_mtx); @@ -1296,17 +1308,21 @@ static int dpm_noirq_suspend_devices(pm_message_t state) error = device_suspend_noirq(dev); mutex_lock(&dpm_list_mtx); + if (error) { pm_dev_err(dev, state, " noirq", error); dpm_save_failed_dev(dev_name(dev)); - put_device(dev); - break; - } - if (!list_empty(&dev->power.entry)) + } else if (!list_empty(&dev->power.entry)) { list_move(&dev->power.entry, &dpm_noirq_list); + } + + mutex_unlock(&dpm_list_mtx); + put_device(dev); - if (async_error) + mutex_lock(&dpm_list_mtx); + + if (error || async_error) break; } mutex_unlock(&dpm_list_mtx); @@ -1472,23 +1488,28 @@ int dpm_suspend_late(pm_message_t state) struct device *dev = to_device(dpm_suspended_list.prev); get_device(dev); + mutex_unlock(&dpm_list_mtx); error = device_suspend_late(dev); mutex_lock(&dpm_list_mtx); + if (!list_empty(&dev->power.entry)) list_move(&dev->power.entry, &dpm_late_early_list); if (error) { pm_dev_err(dev, state, " late", error); dpm_save_failed_dev(dev_name(dev)); - put_device(dev); - break; } + + mutex_unlock(&dpm_list_mtx); + put_device(dev); - if (async_error) + mutex_lock(&dpm_list_mtx); + + if (error || async_error) break; } mutex_unlock(&dpm_list_mtx); @@ -1748,21 +1769,27 @@ int dpm_suspend(pm_message_t state) struct device *dev = to_device(dpm_prepared_list.prev); get_device(dev); + mutex_unlock(&dpm_list_mtx); error = device_suspend(dev); mutex_lock(&dpm_list_mtx); + if (error) { pm_dev_err(dev, state, "", error); dpm_save_failed_dev(dev_name(dev)); - put_device(dev); - break; - } - if (!list_empty(&dev->power.entry)) + } else if (!list_empty(&dev->power.entry)) { list_move(&dev->power.entry, &dpm_suspended_list); + } + + mutex_unlock(&dpm_list_mtx); + put_device(dev); - if (async_error) + + mutex_lock(&dpm_list_mtx); + + if (error || async_error) break; } mutex_unlock(&dpm_list_mtx); @@ -1879,6 +1906,7 @@ int dpm_prepare(pm_message_t state) struct device *dev = to_device(dpm_list.next); get_device(dev); + mutex_unlock(&dpm_list_mtx); trace_device_pm_callback_start(dev, "", state.event); @@ -1886,21 +1914,23 @@ int dpm_prepare(pm_message_t state) trace_device_pm_callback_end(dev, error); mutex_lock(&dpm_list_mtx); - if (error) { - if (error == -EAGAIN) { - put_device(dev); - error = 0; - continue; - } + + if (!error) { + dev->power.is_prepared = true; + if (!list_empty(&dev->power.entry)) + list_move_tail(&dev->power.entry, &dpm_prepared_list); + } else if (error == -EAGAIN) { + error = 0; + } else { dev_info(dev, "not prepared for power transition: code %d\n", error); - put_device(dev); - break; } - dev->power.is_prepared = true; - if (!list_empty(&dev->power.entry)) - list_move_tail(&dev->power.entry, &dpm_prepared_list); + + mutex_unlock(&dpm_list_mtx); + put_device(dev); + + mutex_lock(&dpm_list_mtx); } mutex_unlock(&dpm_list_mtx); trace_suspend_resume(TPS("dpm_prepare"), state.event, false);

3 years, 1 month

1
0
0 0

FAILED: patch "[PATCH] bcache: fix use-after-free problem in bcache_device_free()" failed to apply to 5.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 8468f45091d2866affed6f6a7aecc20779139173 Mon Sep 17 00:00:00 2001 From: Coly Li <colyli(a)suse.de> Date: Wed, 3 Nov 2021 14:49:17 +0800 Subject: [PATCH] bcache: fix use-after-free problem in bcache_device_free() In bcache_device_free(), pointer disk is referenced still in ida_simple_remove() after blk_cleanup_disk() gets called on this pointer. This may cause a potential panic by use-after-free on the disk pointer. This patch fixes the problem by calling blk_cleanup_disk() after ida_simple_remove(). Fixes: bc70852fd104 ("bcache: convert to blk_alloc_disk/blk_cleanup_disk") Signed-off-by: Coly Li <colyli(a)suse.de> Cc: Christoph Hellwig <hch(a)lst.de> Cc: Hannes Reinecke <hare(a)suse.de> Cc: Ulf Hansson <ulf.hansson(a)linaro.org> Cc: stable(a)vger.kernel.org # v5.14+ Reviewed-by: Christoph Hellwig <hch(a)lst.de> Link: https://lore.kernel.org/r/20211103064917.67383-1-colyli@suse.de Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/drivers/md/bcache/super.c b/drivers/md/bcache/super.c index 84a48eed8e24..a7bb3355b776 100644 --- a/drivers/md/bcache/super.c +++ b/drivers/md/bcache/super.c @@ -885,9 +885,9 @@ static void bcache_device_free(struct bcache_device *d) bcache_device_detach(d); if (disk) { - blk_cleanup_disk(disk); ida_simple_remove(&bcache_device_idx, first_minor_to_idx(disk->first_minor)); + blk_cleanup_disk(disk); } bioset_exit(&d->bio_split);

3 years, 1 month

1
0
0 0

[PATCH 5.10 0/4] powerpc/bpf: Various fixes

by Naveen N. Rao

This is a backport of the remaining patches from the below series: https://lore.kernel.org/all/cover.1633464148.git.naveen.n.rao@linux.vnet.ib… Kindly apply to the longterm tree for v5.10 Thanks, Naveen Naveen N. Rao (4): powerpc/lib: Add helper to check if offset is within conditional branch range powerpc/bpf: Validate branch ranges powerpc/security: Add a helper to query stf_barrier type powerpc/bpf: Emit stf barrier instruction sequences for BPF_NOSPEC arch/powerpc/include/asm/code-patching.h | 1 + arch/powerpc/include/asm/security_features.h | 5 ++ arch/powerpc/kernel/security.c | 5 ++ arch/powerpc/lib/code-patching.c | 7 ++- arch/powerpc/net/bpf_jit.h | 33 ++++++---- arch/powerpc/net/bpf_jit64.h | 8 +-- arch/powerpc/net/bpf_jit_comp64.c | 64 ++++++++++++++++++-- 7 files changed, 100 insertions(+), 23 deletions(-) base-commit: 5040520482a594e92d4f69141229a6dd26173511 -- 2.33.1

3 years, 1 month

2
5
0 0

FAILED: patch "[PATCH] io-wq: serialize hash clear with wakeup" failed to apply to 5.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From d3e3c102d107bb84251455a298cf475f24bab995 Mon Sep 17 00:00:00 2001 From: Jens Axboe <axboe(a)kernel.dk> Date: Thu, 11 Nov 2021 17:32:53 -0700 Subject: [PATCH] io-wq: serialize hash clear with wakeup We need to ensure that we serialize the stalled and hash bits with the wait_queue wait handler, or we could be racing with someone modifying the hashed state after we find it busy, but before we then give up and wait for it to be cleared. This can cause random delays or stalls when handling buffered writes for many files, where some of these files cause hash collisions between the worker threads. Cc: stable(a)vger.kernel.org Reported-by: Daniel Black <daniel(a)mariadb.org> Fixes: e941894eae31 ("io-wq: make buffered file write hashed work map per-ctx") Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/fs/io-wq.c b/fs/io-wq.c index afd955d53db9..88202de519f6 100644 --- a/fs/io-wq.c +++ b/fs/io-wq.c @@ -423,9 +423,10 @@ static inline unsigned int io_get_work_hash(struct io_wq_work *work) return work->flags >> IO_WQ_HASH_SHIFT; } -static void io_wait_on_hash(struct io_wqe *wqe, unsigned int hash) +static bool io_wait_on_hash(struct io_wqe *wqe, unsigned int hash) { struct io_wq *wq = wqe->wq; + bool ret = false; spin_lock_irq(&wq->hash->wait.lock); if (list_empty(&wqe->wait.entry)) { @@ -433,9 +434,11 @@ static void io_wait_on_hash(struct io_wqe *wqe, unsigned int hash) if (!test_bit(hash, &wq->hash->map)) { __set_current_state(TASK_RUNNING); list_del_init(&wqe->wait.entry); + ret = true; } } spin_unlock_irq(&wq->hash->wait.lock); + return ret; } static struct io_wq_work *io_get_next_work(struct io_wqe_acct *acct, @@ -475,14 +478,21 @@ static struct io_wq_work *io_get_next_work(struct io_wqe_acct *acct, } if (stall_hash != -1U) { + bool unstalled; + /* * Set this before dropping the lock to avoid racing with new * work being added and clearing the stalled bit. */ set_bit(IO_ACCT_STALLED_BIT, &acct->flags); raw_spin_unlock(&wqe->lock); - io_wait_on_hash(wqe, stall_hash); + unstalled = io_wait_on_hash(wqe, stall_hash); raw_spin_lock(&wqe->lock); + if (unstalled) { + clear_bit(IO_ACCT_STALLED_BIT, &acct->flags); + if (wq_has_sleeper(&wqe->wq->hash->wait)) + wake_up(&wqe->wq->hash->wait); + } } return NULL; @@ -564,8 +574,11 @@ static void io_worker_handle_work(struct io_worker *worker) io_wqe_enqueue(wqe, linked); if (hash != -1U && !next_hashed) { + /* serialize hash clear with wake_up() */ + spin_lock_irq(&wq->hash->wait.lock); clear_bit(hash, &wq->hash->map); clear_bit(IO_ACCT_STALLED_BIT, &acct->flags); + spin_unlock_irq(&wq->hash->wait.lock); if (wq_has_sleeper(&wq->hash->wait)) wake_up(&wq->hash->wait); raw_spin_lock(&wqe->lock);

3 years, 1 month

3
2
0 0

[PATCH 5.13 000/151] 5.13.12-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.13.12 release. There are 151 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 18 Aug 2021 12:54:12 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.13.12-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.13.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.13.12-rc1 Kuan-Ying Lee <Kuan-Ying.Lee(a)mediatek.com> kasan, slub: reset tag when printing address Jeff Layton <jlayton(a)kernel.org> ceph: take snap_empty_lock atomically with snaprealm refcount change Jeff Layton <jlayton(a)kernel.org> ceph: clean up locking annotation for ceph_get_snap_realm and __lookup_snap_realm Jeff Layton <jlayton(a)kernel.org> ceph: add some lockdep assertions around snaprealm handling Sean Christopherson <seanjc(a)google.com> KVM: x86/mmu: Protect marking SPs unsync when using TDP MMU with spinlock Sean Christopherson <seanjc(a)google.com> KVM: x86/mmu: Don't leak non-leaf SPTEs when zapping all SPTEs Sean Christopherson <seanjc(a)google.com> KVM: nVMX: Use vmx_need_pf_intercept() when deciding if L0 wants a #PF Sean Christopherson <seanjc(a)google.com> KVM: VMX: Use current VMCS to query WAITPKG support for MSR emulation Zhen Lei <thunder.leizhen(a)huawei.com> locking/rtmutex: Use the correct rtmutex debugging config option Ard Biesheuvel <ardb(a)kernel.org> efi/libstub: arm64: Double check image alignment at entry Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/32: Fix critical and debug interrupts on BOOKE Cédric Le Goater <clg(a)kaod.org> powerpc/xive: Do not skip CPU-less nodes when creating the IPIs Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/smp: Fix OOPS in topology_init() Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/32s: Fix napping restore in data storage interrupt (DSI) Laurent Dufour <ldufour(a)linux.ibm.com> powerpc/pseries: Fix update of LPAR security flavor after LPM Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/interrupt: Do not call single_step_exception() from other exceptions Thomas Gleixner <tglx(a)linutronix.de> PCI/MSI: Protect msi_desc::masked for multi-MSI Thomas Gleixner <tglx(a)linutronix.de> PCI/MSI: Use msi_mask_irq() in pci_msi_shutdown() Thomas Gleixner <tglx(a)linutronix.de> PCI/MSI: Correct misleading comments Thomas Gleixner <tglx(a)linutronix.de> PCI/MSI: Do not set invalid bits in MSI mask Thomas Gleixner <tglx(a)linutronix.de> PCI/MSI: Enforce MSI[X] entry updates to be visible Thomas Gleixner <tglx(a)linutronix.de> PCI/MSI: Enforce that MSI-X table entry is masked for update Thomas Gleixner <tglx(a)linutronix.de> PCI/MSI: Mask all unused MSI-X entries Thomas Gleixner <tglx(a)linutronix.de> PCI/MSI: Enable and mask MSI-X early Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/interrupt: Fix OOPS by not calling do_IRQ() from timer_interrupt() Ben Dai <ben.dai(a)unisoc.com> genirq/timings: Prevent potential array overflow in __irq_timings_store() Bixuan Cui <cuibixuan(a)huawei.com> genirq/msi: Ensure deactivation on teardown Babu Moger <Babu.Moger(a)amd.com> x86/resctrl: Fix default monitoring groups reporting Thomas Gleixner <tglx(a)linutronix.de> x86/ioapic: Force affinity setup before startup Thomas Gleixner <tglx(a)linutronix.de> x86/msi: Force affinity setup before startup Thomas Gleixner <tglx(a)linutronix.de> genirq: Provide IRQCHIP_AFFINITY_PRE_STARTUP Randy Dunlap <rdunlap(a)infradead.org> x86/tools: Fix objdump version check again Dhananjay Phadke <dphadke(a)linux.microsoft.com> i2c: iproc: fix race between client unreg and tasklet Pu Lehui <pulehui(a)huawei.com> powerpc/kprobes: Fix kprobe Oops happens in booke Ard Biesheuvel <ardb(a)kernel.org> efi/libstub: arm64: Relax 2M alignment again for relocatable kernels Ard Biesheuvel <ardb(a)kernel.org> efi/libstub: arm64: Force Image reallocation if BSS was not reserved David Brazdil <dbrazdil(a)google.com> KVM: arm64: Fix off-by-one in range_is_memory Benjamin Herrenschmidt <benh(a)kernel.crashing.org> arm64: efi: kaslr: Fix occasional random alloc (and boot) failure Xie Yongji <xieyongji(a)bytedance.com> nbd: Aovid double completion of a request Longpeng(Mike) <longpeng2(a)huawei.com> vsock/virtio: avoid potential deadlock when vsock device remove Maximilian Heyne <mheyne(a)amazon.de> xen/events: Fix race in set_evtchn_to_irq Matt Roper <matthew.d.roper(a)intel.com> drm/i915: Only access SFC_DONE when media domain is not fused off Eric Dumazet <edumazet(a)google.com> net: igmp: increase size of mr_ifc_count Neal Cardwell <ncardwell(a)google.com> tcp_bbr: fix u32 wrap bug in round logic if bbr_init() called after 2B packets Willy Tarreau <w(a)1wt.eu> net: linkwatch: fix failure to restore device state across suspend/resume Yang Yingliang <yangyingliang(a)huawei.com> net: bridge: fix memleak in br_add_if() Nikolay Aleksandrov <nikolay(a)nvidia.com> net: bridge: fix flags interpretation for extern learn fdb entries Andre Przywara <andre.przywara(a)arm.com> pinctrl: sunxi: Don't underestimate number of functions Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: sja1105: fix broken backpressure in .port_fdb_dump Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: lantiq: fix broken backpressure in .port_fdb_dump Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: lan9303: fix broken backpressure in .port_fdb_dump Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: hellcreek: fix broken backpressure in .port_fdb_dump Eric Dumazet <edumazet(a)google.com> net: igmp: fix data-race in igmp_ifc_timer_expire() Takeshi Misawa <jeliantsurux(a)gmail.com> net: Fix memory leak in ieee802154_raw_deliver Ben Hutchings <ben.hutchings(a)mind.be> net: dsa: microchip: ksz8795: Don't use phy_port_cnt in VLAN table lookup Ben Hutchings <ben.hutchings(a)mind.be> net: dsa: microchip: ksz8795: Fix VLAN filtering Ben Hutchings <ben.hutchings(a)mind.be> net: dsa: microchip: ksz8795: Use software untagging on CPU port Ben Hutchings <ben.hutchings(a)mind.be> net: dsa: microchip: ksz8795: Fix VLAN untagged flag change on deletion Ben Hutchings <ben.hutchings(a)mind.be> net: dsa: microchip: ksz8795: Reject unsupported VLAN configuration Ben Hutchings <ben.hutchings(a)mind.be> net: dsa: microchip: ksz8795: Fix PVID tag insertion Ben Hutchings <ben.hutchings(a)mind.be> net: dsa: microchip: Fix ksz_read64() Yonghong Song <yhs(a)fb.com> bpf: Fix potentially incorrect results with bpf_get_local_storage() Miklos Szeredi <mszeredi(a)redhat.com> ovl: fix deadlock in splice write Christian Hewitt <christianshewitt(a)gmail.com> drm/meson: fix colour distortion from HDR set during vendor u-boot Aya Levin <ayal(a)nvidia.com> net/mlx5: Fix return value from tracer initialization Shay Drory <shayd(a)nvidia.com> net/mlx5: Synchronize correct IRQ when destroying CQ Chris Mi <cmi(a)nvidia.com> net/mlx5e: TC, Fix error handling memory leak Aya Levin <ayal(a)nvidia.com> net/mlx5: Block switchdev mode while devlink traps are active Maxim Mikityanskiy <maximmi(a)nvidia.com> net/mlx5e: Destroy page pool after XDP SQ to fix use-after-free Roi Dayan <roid(a)nvidia.com> net/mlx5e: Avoid creating tunnel headers for local route Alex Vesker <valex(a)nvidia.com> net/mlx5: DR, Add fail on error check on decap Leon Romanovsky <leon(a)kernel.org> net/mlx5: Don't skip subfunction cleanup in case of error in module init Hao Xu <haoxu(a)linux.alibaba.com> io-wq: fix IO_WORKER_F_FIXED issue in create_io_worker() Hao Xu <haoxu(a)linux.alibaba.com> io-wq: fix bug of creating io-wokers unconditionally Guillaume Nault <gnault(a)redhat.com> bareudp: Fix invalid read beyond skb's linear data Roi Dayan <roid(a)nvidia.com> psample: Add a fwd declaration for skbuff Md Fahad Iqbal Polash <md.fahad.iqbal.polash(a)intel.com> iavf: Set RSS LUT and key in reset handle path Brett Creeley <brett.creeley(a)intel.com> ice: don't remove netdev->dev_addr from uc sync list Anirudh Venkataramanan <anirudh.venkataramanan(a)intel.com> ice: Stop processing VF messages during teardown Anirudh Venkataramanan <anirudh.venkataramanan(a)intel.com> ice: Prevent probing virtual functions Hangbin Liu <liuhangbin(a)gmail.com> net: sched: act_mirred: Reset ct info when mirror/redirect skb Guvenc Gulce <guvenc(a)linux.ibm.com> net/smc: Correct smc link connection counter in case of smc client Karsten Graul <kgraul(a)linux.ibm.com> net/smc: fix wait on already cleared link Nadav Amit <namit(a)vmware.com> io_uring: clear TIF_NOTIFY_SIGNAL when running task work Pali Rohár <pali(a)kernel.org> ppp: Fix generating ifname when empty IFLA_IFNAME is specified Ben Hutchings <ben.hutchings(a)mind.be> net: phy: micrel: Fix link detection on ksz87xx switch" Oleksij Rempel <linux(a)rempel-privat.de> net: dsa: qca: ar9331: make proper initial port defaults Tatsuhiko Yasumatsu <th.yasumatsu(a)gmail.com> bpf: Fix integer overflow involving bucket_size Daniel Xu <dxu(a)dxuuu.xyz> libbpf: Do not close un-owned FD 0 on errors Robin Gögge <r.goegge(a)googlemail.com> libbpf: Fix probe for BPF_PROG_TYPE_CGROUP_SOCKOPT Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> drm/amd/pm: Fix a memory leak in an error handling path in 'vangogh_tables_init()' Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel: Apply mid ACK for small core Hans de Goede <hdegoede(a)redhat.com> platform/x86: pcengines-apuv2: Add missing terminating entries to gpio-lookup tables John Hubbard <jhubbard(a)nvidia.com> net: mvvp2: fix short frame size on s390 DENG Qingfang <dqfext(a)gmail.com> net: dsa: mt7530: add the missing RxUnicast MIB counter Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs42l42: Fix mono playback Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs42l42: Fix LRCLK frame start edge Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs42l42: PLL must be running when changing MCLK_SRC_SEL Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> pinctrl: tigerlake: Fix GPIO mapping for newer version of software Yajun Deng <yajun.deng(a)linux.dev> netfilter: nf_conntrack_bridge: Fix memory leak when error Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs42l42: Remove duplicate control for WNF filter frequency Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs42l42: Fix inversion of ADC Notch Switch control Guennadi Liakhovetski <guennadi.liakhovetski(a)linux.intel.com> ASoC: SOF: Intel: hda-ipc: fix reply size checking Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: SOF: Intel: Kconfig: fix SoundWire dependencies Tianjia Zhang <tianjia.zhang(a)linux.alibaba.com> selftests/sgx: Fix Q1 and Q2 calculation in sigstruct.c Mike Tipton <mdtipton(a)codeaurora.org> interconnect: qcom: icc-rpmh: Add BCMs to commit list in pre_aggregate Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs42l42: Fix bclk calculation for mono Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs42l42: Don't allow SND_SOC_DAIFMT_LEFT_J Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs42l42: Correct definition of ADC Volume control Hsin-Yi Wang <hsinyi(a)chromium.org> pinctrl: mediatek: Fix fallback behavior for bias_set_combo jason-jh.lin <jason-jh.lin(a)mediatek.com> drm/mediatek: Fix cursor plane no update Dongliang Mu <mudongliangabcd(a)gmail.com> ieee802154: hwsim: fix GPF in hwsim_new_edge_nl Dongliang Mu <mudongliangabcd(a)gmail.com> ieee802154: hwsim: fix GPF in hwsim_set_edge_lqi Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: handle VCN instances when harvesting (v2) Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: don't enable baco on boco platforms in runpm Solomon Chiu <solomon.chiu(a)amd.com> drm/amdgpu: Add preferred mode in modeset when freesync video mode's enabled. Anson Jacob <Anson.Jacob(a)amd.com> drm/amd/display: use GFP_ATOMIC in amdgpu_dm_irq_schedule_work Eric Bernstein <eric.bernstein(a)amd.com> drm/amd/display: Remove invalid assert for ODM + MPC case Ankit Nautiyal <ankit.k.nautiyal(a)intel.com> drm/i915/display: Fix the 12 BPC bits for PIPE_MISC reg Zhenyu Wang <zhenyuw(a)linux.intel.com> drm/i915/gvt: Fix cached atomics setting for Windows VM Nathan Chancellor <nathan(a)kernel.org> vmlinux.lds.h: Handle clang's module.{c,d}tor sections Changbin Du <changbin.du(a)intel.com> riscv: kexec: do not add '-mno-relax' flag if compiler doesn't support it Dan Williams <dan.j.williams(a)intel.com> libnvdimm/region: Fix label activation vs errors Dan Williams <dan.j.williams(a)intel.com> ACPI: NFIT: Fix support for virtual SPA ranges Damien Le Moal <damien.lemoal(a)wdc.com> pinctrl: k210: Fix k210_fpioa_probe() Luis Henriques <lhenriques(a)suse.de> ceph: reduce contention in ceph_check_delayed_caps() Vineet Gupta <vgupta(a)synopsys.com> ARC: fp: set FPU_STATUS.FWE to enable FPU_STATUS update on context switch Grygorii Strashko <grygorii.strashko(a)ti.com> net: ethernet: ti: cpsw: fix min eth packet size for non-switch use-cases Loic Poulain <loic.poulain(a)linaro.org> net: wwan: mhi_wwan_ctrl: Fix possible deadlock Hsuan-Chi Kuo <hsuanchikuo(a)gmail.com> seccomp: Fix setting loaded filter count during TSYNC Tejun Heo <tj(a)kernel.org> cgroup: rstat: fix A-A deadlock on 32bit around u64_stats_sync Ewan D. Milne <emilne(a)redhat.com> scsi: lpfc: Move initialization of phba->poll_list earlier to avoid crash Pavel Begunkov <asml.silence(a)gmail.com> io_uring: fix ctx-exit io_rsrc_put_work() deadlock Jens Axboe <axboe(a)kernel.dk> io_uring: drop ctx->uring_lock before flushing work item Ronnie Sahlberg <lsahlber(a)redhat.com> cifs: use the correct max-length for dentry_path_raw() Rohith Surabattula <rohiths(a)microsoft.com> cifs: Call close synchronously during unlink/rename/lease break. Shyam Prasad N <sprasad(a)microsoft.com> cifs: create sd context must be a multiple of 8 Rohith Surabattula <rohiths(a)microsoft.com> cifs: Handle race conditions during rename Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> i2c: dev: zero out array used for i2c reads from userspace Takashi Iwai <tiwai(a)suse.de> ASoC: intel: atom: Fix reference to PCM buffer address Takashi Iwai <tiwai(a)suse.de> ASoC: kirkwood: Fix reference to PCM buffer address Mark Brown <broonie(a)kernel.org> ASoC: tlv320aic31xx: Fix jack detection after suspend Takashi Iwai <tiwai(a)suse.de> ASoC: uniphier: Fix reference to PCM buffer address Takashi Iwai <tiwai(a)suse.de> ASoC: xilinx: Fix reference to PCM buffer address Takashi Iwai <tiwai(a)suse.de> ASoC: amd: Fix reference to PCM buffer address Colin Ian King <colin.king(a)canonical.com> iio: adc: Fix incorrect exit of for-loop Chris Lesiak <chris.lesiak(a)licor.com> iio: humidity: hdc100x: Add margin to the conversion time Antti Keränen <detegr(a)rbx.email> iio: adis: set GPIO reset pin direction Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> iio: adc: ti-ads7950: Ensure CS is deasserted after reading channels Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "usb: dwc3: gadget: Use list_replace_init() before traversing lists" Liang Wang <wangliang101(a)huawei.com> lib: use PFN_PHYS() in devmem_is_allowed() ------------- Diffstat: Documentation/virt/kvm/locking.rst | 8 +- Makefile | 4 +- arch/arc/kernel/fpu.c | 9 +- arch/arm64/kvm/hyp/nvhe/mem_protect.c | 2 +- arch/powerpc/include/asm/interrupt.h | 3 + arch/powerpc/include/asm/irq.h | 2 +- arch/powerpc/include/asm/ptrace.h | 16 +++ arch/powerpc/kernel/asm-offsets.c | 31 +++-- arch/powerpc/kernel/head_book3s_32.S | 2 +- arch/powerpc/kernel/head_booke.h | 27 +---- arch/powerpc/kernel/irq.c | 7 +- arch/powerpc/kernel/kprobes.c | 3 +- arch/powerpc/kernel/sysfs.c | 2 +- arch/powerpc/kernel/time.c | 2 +- arch/powerpc/kernel/traps.c | 9 +- arch/powerpc/platforms/pseries/setup.c | 5 +- arch/powerpc/sysdev/xive/common.c | 35 ++++-- arch/riscv/kernel/Makefile | 2 +- arch/x86/events/intel/core.c | 23 ++-- arch/x86/events/perf_event.h | 15 +++ arch/x86/include/asm/kvm_host.h | 7 ++ arch/x86/kernel/apic/io_apic.c | 6 +- arch/x86/kernel/apic/msi.c | 11 +- arch/x86/kernel/cpu/resctrl/monitor.c | 27 +++-- arch/x86/kernel/hpet.c | 2 +- arch/x86/kvm/mmu/mmu.c | 28 +++++ arch/x86/kvm/mmu/tdp_mmu.c | 26 +++-- arch/x86/kvm/vmx/nested.c | 3 +- arch/x86/kvm/vmx/vmx.h | 2 +- arch/x86/tools/chkobjdump.awk | 1 + block/blk-cgroup.c | 14 ++- drivers/acpi/nfit/core.c | 3 + drivers/base/core.c | 1 + drivers/block/nbd.c | 14 ++- drivers/firmware/efi/libstub/arm64-stub.c | 69 ++++++++++-- drivers/firmware/efi/libstub/randomalloc.c | 2 + drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 12 +- drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 2 + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 7 +- .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_irq.c | 2 +- .../gpu/drm/amd/display/dc/dcn30/dcn30_resource.c | 1 - drivers/gpu/drm/amd/pm/swsmu/smu11/vangogh_ppt.c | 2 +- drivers/gpu/drm/i915/display/intel_display.c | 34 ++++-- drivers/gpu/drm/i915/gvt/handlers.c | 1 + drivers/gpu/drm/i915/gvt/mmio_context.c | 2 + drivers/gpu/drm/i915/i915_gpu_error.c | 19 +++- drivers/gpu/drm/i915/i915_reg.h | 16 ++- drivers/gpu/drm/mediatek/mtk_drm_crtc.c | 3 - drivers/gpu/drm/mediatek/mtk_drm_plane.c | 60 +++++----- drivers/gpu/drm/meson/meson_registers.h | 5 + drivers/gpu/drm/meson/meson_viu.c | 7 +- drivers/i2c/busses/i2c-bcm-iproc.c | 4 +- drivers/i2c/i2c-dev.c | 5 +- drivers/iio/adc/palmas_gpadc.c | 4 +- drivers/iio/adc/ti-ads7950.c | 1 - drivers/iio/humidity/hdc100x.c | 6 +- drivers/iio/imu/adis.c | 3 +- drivers/infiniband/hw/mlx5/cq.c | 4 +- drivers/infiniband/hw/mlx5/devx.c | 3 +- drivers/interconnect/qcom/icc-rpmh.c | 10 +- drivers/net/bareudp.c | 16 ++- drivers/net/dsa/hirschmann/hellcreek.c | 7 +- drivers/net/dsa/lan9303-core.c | 34 +++--- drivers/net/dsa/lantiq_gswip.c | 14 ++- drivers/net/dsa/microchip/ksz8795.c | 82 +++++++++++--- drivers/net/dsa/microchip/ksz8795_reg.h | 4 + drivers/net/dsa/microchip/ksz_common.h | 9 +- drivers/net/dsa/mt7530.c | 1 + drivers/net/dsa/qca/ar9331.c | 73 +++++++++++- drivers/net/dsa/sja1105/sja1105_main.c | 4 +- drivers/net/ethernet/intel/iavf/iavf_main.c | 13 ++- drivers/net/ethernet/intel/ice/ice.h | 1 + drivers/net/ethernet/intel/ice/ice_main.c | 28 +++-- drivers/net/ethernet/intel/ice/ice_virtchnl_pf.c | 7 ++ drivers/net/ethernet/marvell/mvpp2/mvpp2.h | 2 +- drivers/net/ethernet/mellanox/mlx5/core/cq.c | 1 + .../ethernet/mellanox/mlx5/core/diag/fw_tracer.c | 11 +- .../net/ethernet/mellanox/mlx5/core/en/tc_tun.c | 5 + drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 33 ++---- drivers/net/ethernet/mellanox/mlx5/core/eq.c | 20 +++- .../net/ethernet/mellanox/mlx5/core/esw/sample.c | 1 + .../ethernet/mellanox/mlx5/core/eswitch_offloads.c | 14 ++- .../net/ethernet/mellanox/mlx5/core/fpga/conn.c | 4 +- drivers/net/ethernet/mellanox/mlx5/core/lib/eq.h | 2 + drivers/net/ethernet/mellanox/mlx5/core/main.c | 12 +- .../net/ethernet/mellanox/mlx5/core/mlx5_core.h | 5 + .../ethernet/mellanox/mlx5/core/steering/dr_send.c | 4 +- .../mellanox/mlx5/core/steering/dr_ste_v0.c | 2 + drivers/net/ethernet/ti/cpsw_new.c | 7 +- drivers/net/ethernet/ti/cpsw_priv.h | 4 +- drivers/net/ieee802154/mac802154_hwsim.c | 6 +- drivers/net/phy/micrel.c | 2 - drivers/net/ppp/ppp_generic.c | 2 +- drivers/net/wwan/mhi_wwan_ctrl.c | 12 +- drivers/nvdimm/namespace_devs.c | 17 ++- drivers/pci/msi.c | 125 +++++++++++++-------- drivers/pinctrl/intel/pinctrl-tigerlake.c | 26 ++--- drivers/pinctrl/mediatek/pinctrl-mtk-common-v2.c | 8 +- drivers/pinctrl/pinctrl-k210.c | 26 ++++- drivers/pinctrl/sunxi/pinctrl-sunxi.c | 8 +- drivers/platform/x86/pcengines-apuv2.c | 2 + drivers/scsi/lpfc/lpfc_init.c | 3 +- drivers/usb/dwc3/gadget.c | 18 +-- drivers/vdpa/mlx5/net/mlx5_vnet.c | 3 +- drivers/xen/events/events_base.c | 20 +++- fs/ceph/caps.c | 17 ++- fs/ceph/mds_client.c | 25 +++-- fs/ceph/snap.c | 54 +++++---- fs/ceph/super.h | 2 +- fs/cifs/cifsglob.h | 5 + fs/cifs/dir.c | 2 +- fs/cifs/file.c | 35 +++--- fs/cifs/inode.c | 19 +++- fs/cifs/misc.c | 50 +++++++-- fs/cifs/smb2pdu.c | 2 +- fs/io-wq.c | 26 +++-- fs/io_uring.c | 26 +++-- fs/overlayfs/file.c | 47 +++++++- include/asm-generic/vmlinux.lds.h | 1 + include/linux/bpf-cgroup.h | 4 +- include/linux/device.h | 1 + include/linux/inetdevice.h | 2 +- include/linux/irq.h | 2 + include/linux/mlx5/driver.h | 3 +- include/linux/msi.h | 2 +- include/net/psample.h | 2 + include/uapi/linux/neighbour.h | 7 +- kernel/bpf/hashtab.c | 4 +- kernel/bpf/helpers.c | 4 +- kernel/cgroup/rstat.c | 19 ++-- kernel/irq/chip.c | 5 +- kernel/irq/msi.c | 13 ++- kernel/irq/timings.c | 5 + kernel/locking/rtmutex.c | 2 +- kernel/seccomp.c | 2 +- lib/devmem_is_allowed.c | 2 +- mm/slub.c | 4 +- net/bridge/br.c | 3 +- net/bridge/br_fdb.c | 11 +- net/bridge/br_if.c | 2 + net/bridge/br_private.h | 2 +- net/bridge/netfilter/nf_conntrack_bridge.c | 6 + net/core/link_watch.c | 5 +- net/ieee802154/socket.c | 7 +- net/ipv4/igmp.c | 21 ++-- net/ipv4/tcp_bbr.c | 2 +- net/sched/act_mirred.c | 3 + net/smc/af_smc.c | 2 +- net/smc/smc_core.c | 4 +- net/smc/smc_core.h | 4 + net/smc/smc_llc.c | 10 +- net/smc/smc_tx.c | 18 ++- net/smc/smc_wr.c | 10 ++ net/vmw_vsock/virtio_transport.c | 7 +- sound/soc/amd/acp-pcm-dma.c | 2 +- sound/soc/amd/raven/acp3x-pcm-dma.c | 2 +- sound/soc/amd/renoir/acp3x-pdm-dma.c | 2 +- sound/soc/codecs/cs42l42.c | 83 ++++++++------ sound/soc/codecs/cs42l42.h | 3 + sound/soc/codecs/tlv320aic31xx.c | 10 ++ sound/soc/intel/atom/sst-mfld-platform-pcm.c | 3 +- sound/soc/kirkwood/kirkwood-dma.c | 26 +++-- sound/soc/sof/intel/Kconfig | 4 +- sound/soc/sof/intel/hda-ipc.c | 4 +- sound/soc/uniphier/aio-dma.c | 2 +- sound/soc/xilinx/xlnx_formatter_pcm.c | 4 +- tools/lib/bpf/btf.c | 3 +- tools/lib/bpf/libbpf_probes.c | 4 +- tools/testing/selftests/sgx/sigstruct.c | 41 +++---- 169 files changed, 1382 insertions(+), 656 deletions(-)

3 years, 1 month

4
156
0 0

FAILED: patch "[PATCH] block: Hold invalidate_lock in BLKZEROOUT ioctl" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 35e4c6c1a2fc2eb11b9306e95cda1fa06a511948 Mon Sep 17 00:00:00 2001 From: Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> Date: Tue, 9 Nov 2021 19:47:23 +0900 Subject: [PATCH] block: Hold invalidate_lock in BLKZEROOUT ioctl When BLKZEROOUT ioctl and data read race, the data read leaves stale page cache. To avoid the stale page cache, hold invalidate_lock of the block device file mapping. The stale page cache is observed when blktests test case block/009 is modified to call "blkdiscard -z" command and repeated hundreds of times. This patch can be applied back to the stable kernel version v5.15.y. Rework is required for older stable kernels. Fixes: 22dd6d356628 ("block: invalidate the page cache when issuing BLKZEROOUT") Signed-off-by: Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> Cc: stable(a)vger.kernel.org # v5.15 Reviewed-by: Jan Kara <jack(a)suse.cz> Link: https://lore.kernel.org/r/20211109104723.835533-3-shinichiro.kawasaki@wdc.c… Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/block/ioctl.c b/block/ioctl.c index 9fa87f64f703..0a1d10ac2e1a 100644 --- a/block/ioctl.c +++ b/block/ioctl.c @@ -154,6 +154,7 @@ static int blk_ioctl_zeroout(struct block_device *bdev, fmode_t mode, { uint64_t range[2]; uint64_t start, end, len; + struct inode *inode = bdev->bd_inode; int err; if (!(mode & FMODE_WRITE)) @@ -176,12 +177,17 @@ static int blk_ioctl_zeroout(struct block_device *bdev, fmode_t mode, return -EINVAL; /* Invalidate the page cache, including dirty pages */ + filemap_invalidate_lock(inode->i_mapping); err = truncate_bdev_range(bdev, mode, start, end); if (err) - return err; + goto fail; + + err = blkdev_issue_zeroout(bdev, start >> 9, len >> 9, GFP_KERNEL, + BLKDEV_ZERO_NOUNMAP); - return blkdev_issue_zeroout(bdev, start >> 9, len >> 9, GFP_KERNEL, - BLKDEV_ZERO_NOUNMAP); +fail: + filemap_invalidate_unlock(inode->i_mapping); + return err; } static int put_ushort(unsigned short __user *argp, unsigned short val)

3 years, 1 month

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror November 2021