January 2022 - Linux-stable-mirror

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.4.172 release. There are 18 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun, 16 Jan 2022 08:15:33 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.172-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.4.172-rc1 Arnd Bergmann <arnd(a)arndb.de> staging: greybus: fix stack size warning with UBSAN Nathan Chancellor <nathan(a)kernel.org> drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk() Nathan Chancellor <nathan(a)kernel.org> staging: wlan-ng: Avoid bitwise vs logical OR warning in hfa384x_usb_throttlefn() Ricardo Ribalda <ribalda(a)chromium.org> media: Revert "media: uvcvideo: Set unique vdev name based in type" Dominik Brodowski <linux(a)dominikbrodowski.net> random: fix crash on multiple early calls to add_bootloader_randomness() Eric Biggers <ebiggers(a)google.com> random: fix data race on crng init time Eric Biggers <ebiggers(a)google.com> random: fix data race on crng_node_pool Brian Silverman <brian.silverman(a)bluerivertech.com> can: gs_usb: gs_can_start_xmit(): zero-initialize hf->{flags,reserved} Marc Kleine-Budde <mkl(a)pengutronix.de> can: gs_usb: fix use of uninitialized variable, detach device on reception of invalid USB data Joe Perches <joe(a)perches.com> drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> mfd: intel-lpss: Fix too early PM enablement in the ACPI ->probe() Daniel Borkmann <daniel(a)iogearbox.net> veth: Do not record rx queue hint in veth_xmit Adrian Hunter <adrian.hunter(a)intel.com> mmc: sdhci-pci: Add PCI ID for Intel ADL Alan Stern <stern(a)rowland.harvard.edu> USB: Fix "slab-out-of-bounds Write" bug in usb_hcd_poll_rh_status Alan Stern <stern(a)rowland.harvard.edu> USB: core: Fix bug in resuming hub's handling of wakeup requests Johan Hovold <johan(a)kernel.org> Bluetooth: bfusb: fix division by zero in send path Mark-YW.Chen <mark-yw.chen(a)mediatek.com> Bluetooth: btusb: fix memory leak in btusb_mtk_submit_wmt_recv_urb() Frederic Weisbecker <frederic(a)kernel.org> workqueue: Fix unbind_workers() VS wq_worker_running() race ------------- Diffstat: Makefile | 4 +- drivers/base/arch_topology.c | 2 +- drivers/base/cacheinfo.c | 18 ++--- drivers/base/core.c | 8 +-- drivers/base/cpu.c | 39 +++++----- drivers/base/firmware_loader/fallback.c | 2 +- drivers/base/memory.c | 24 +++---- drivers/base/node.c | 28 ++++---- drivers/base/platform.c | 2 +- drivers/base/power/sysfs.c | 50 ++++++------- drivers/base/power/wakeup_stats.c | 12 ++-- drivers/base/soc.c | 10 +-- drivers/bluetooth/bfusb.c | 3 + drivers/bluetooth/btusb.c | 5 ++ drivers/char/random.c | 118 ++++++++++++++++++------------- drivers/gpu/drm/i915/intel_pm.c | 6 +- drivers/media/usb/uvc/uvc_driver.c | 7 +- drivers/mfd/intel-lpss-acpi.c | 7 +- drivers/mmc/host/sdhci-pci-core.c | 1 + drivers/mmc/host/sdhci-pci.h | 1 + drivers/net/can/usb/gs_usb.c | 5 +- drivers/net/veth.c | 1 - drivers/staging/greybus/audio_topology.c | 92 ++++++++++++------------ drivers/staging/wlan-ng/hfa384x_usb.c | 22 +++--- drivers/usb/core/hcd.c | 9 ++- drivers/usb/core/hub.c | 2 +- kernel/workqueue.c | 9 +++ 27 files changed, 265 insertions(+), 222 deletions(-)

2 years, 12 months

7
24
0 0

[PATCH 1/7] nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind()

by Krzysztof Kozlowski

Syzbot detected a NULL pointer dereference of nfc_llcp_sock->dev pointer (which is a 'struct nfc_dev *') with calls to llcp_sock_sendmsg() after a failed llcp_sock_bind(). The message being sent is a SOCK_DGRAM. KASAN report: BUG: KASAN: null-ptr-deref in nfc_alloc_send_skb+0x2d/0xc0 Read of size 4 at addr 00000000000005c8 by task llcp_sock_nfc_a/899 CPU: 5 PID: 899 Comm: llcp_sock_nfc_a Not tainted 5.16.0-rc6-next-20211224-00001-gc6437fbf18b0 #125 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x45/0x59 ? nfc_alloc_send_skb+0x2d/0xc0 __kasan_report.cold+0x117/0x11c ? mark_lock+0x480/0x4f0 ? nfc_alloc_send_skb+0x2d/0xc0 kasan_report+0x38/0x50 nfc_alloc_send_skb+0x2d/0xc0 nfc_llcp_send_ui_frame+0x18c/0x2a0 ? nfc_llcp_send_i_frame+0x230/0x230 ? __local_bh_enable_ip+0x86/0xe0 ? llcp_sock_connect+0x470/0x470 ? llcp_sock_connect+0x470/0x470 sock_sendmsg+0x8e/0xa0 ____sys_sendmsg+0x253/0x3f0 ... The issue was visible only with multiple simultaneous calls to bind() and sendmsg(), which resulted in most of the bind() calls to fail. The bind() was failing on checking if there is available WKS/SDP/SAP (respective bit in 'struct nfc_llcp_local' fields). When there was no available WKS/SDP/SAP, the bind returned error but the sendmsg() to such socket was able to trigger mentioned NULL pointer dereference of nfc_llcp_sock->dev. The code looks simply racy and currently it protects several paths against race with checks for (!nfc_llcp_sock->local) which is NULL-ified in error paths of bind(). The llcp_sock_sendmsg() did not have such check but called function nfc_llcp_send_ui_frame() had, although not protected with lock_sock(). Therefore the race could look like (same socket is used all the time): CPU0 CPU1 ==== ==== llcp_sock_bind() - lock_sock() - success - release_sock() - return 0 llcp_sock_sendmsg() - lock_sock() - release_sock() llcp_sock_bind(), same socket - lock_sock() - error - nfc_llcp_send_ui_frame() - if (!llcp_sock->local) - llcp_sock->local = NULL - nfc_put_device(dev) - dereference llcp_sock->dev - release_sock() - return -ERRNO The nfc_llcp_send_ui_frame() checked llcp_sock->local outside of the lock, which is racy and ineffective check. Instead, its caller llcp_sock_sendmsg(), should perform the check inside lock_sock(). Reported-by: syzbot+7f23bcddf626e0593a39(a)syzkaller.appspotmail.com Fixes: b874dec21d1c ("NFC: Implement LLCP connection less Tx path") Cc: <stable(a)vger.kernel.org> Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)canonical.com> --- net/nfc/llcp_sock.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/net/nfc/llcp_sock.c b/net/nfc/llcp_sock.c index 6cfd30fc0798..0b93a17b9f11 100644 --- a/net/nfc/llcp_sock.c +++ b/net/nfc/llcp_sock.c @@ -789,6 +789,11 @@ static int llcp_sock_sendmsg(struct socket *sock, struct msghdr *msg, lock_sock(sk); + if (!llcp_sock->local) { + release_sock(sk); + return -ENODEV; + } + if (sk->sk_type == SOCK_DGRAM) { DECLARE_SOCKADDR(struct sockaddr_nfc_llcp *, addr, msg->msg_name); -- 2.32.0

2 years, 12 months

1
1
0 0

[PATCH 5.4.y] Revert "ia64: kprobes: Use generic kretprobe trampoline handler"

by Masami Hiramatsu

This reverts commit 77fa5e15c933a1ec812de61ad709c00aa51e96ae. Since the upstream commit e792ff804f49720ce003b3e4c618b5d996256a18 depends on the generic kretprobe trampoline handler, which was introduced by commit 66ada2ccae4e ("kprobes: Add generic kretprobe trampoline handler") but that is not ported to the stable kernel because it is not a bugfix series. So revert this commit to fix a build error. NOTE: I keep commit a7fe2378454c ("ia64: kprobes: Fix to pass correct trampoline address to the handler") on the tree, that seems just a cleanup without the original reverted commit, but it would be better to use dereference_function_descriptor() macro instead of accessing descriptor's field directly. Fixes: 77fa5e15c933 ("ia64: kprobes: Use generic kretprobe trampoline handler") Reported-by: kernel test robot <lkp(a)intel.com> Signed-off-by: Masami Hiramatsu <mhiramat(a)kernel.org> --- arch/ia64/kernel/kprobes.c | 78 ++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 75 insertions(+), 3 deletions(-) diff --git a/arch/ia64/kernel/kprobes.c b/arch/ia64/kernel/kprobes.c index 8a223d0e4918..5d2d58644378 100644 --- a/arch/ia64/kernel/kprobes.c +++ b/arch/ia64/kernel/kprobes.c @@ -396,10 +396,83 @@ static void kretprobe_trampoline(void) { } +/* + * At this point the target function has been tricked into + * returning into our trampoline. Lookup the associated instance + * and then: + * - call the handler function + * - cleanup by marking the instance as unused + * - long jump back to the original return address + */ int __kprobes trampoline_probe_handler(struct kprobe *p, struct pt_regs *regs) { - regs->cr_iip = __kretprobe_trampoline_handler(regs, - dereference_function_descriptor(kretprobe_trampoline), NULL); + struct kretprobe_instance *ri = NULL; + struct hlist_head *head, empty_rp; + struct hlist_node *tmp; + unsigned long flags, orig_ret_address = 0; + unsigned long trampoline_address = + dereference_function_descriptor(kretprobe_trampoline); + + INIT_HLIST_HEAD(&empty_rp); + kretprobe_hash_lock(current, &head, &flags); + + /* + * It is possible to have multiple instances associated with a given + * task either because an multiple functions in the call path + * have a return probe installed on them, and/or more than one return + * return probe was registered for a target function. + * + * We can handle this because: + * - instances are always inserted at the head of the list + * - when multiple return probes are registered for the same + * function, the first instance's ret_addr will point to the + * real return address, and all the rest will point to + * kretprobe_trampoline + */ + hlist_for_each_entry_safe(ri, tmp, head, hlist) { + if (ri->task != current) + /* another task is sharing our hash bucket */ + continue; + + orig_ret_address = (unsigned long)ri->ret_addr; + if (orig_ret_address != trampoline_address) + /* + * This is the real return address. Any other + * instances associated with this task are for + * other calls deeper on the call stack + */ + break; + } + + regs->cr_iip = orig_ret_address; + + hlist_for_each_entry_safe(ri, tmp, head, hlist) { + if (ri->task != current) + /* another task is sharing our hash bucket */ + continue; + + if (ri->rp && ri->rp->handler) + ri->rp->handler(ri, regs); + + orig_ret_address = (unsigned long)ri->ret_addr; + recycle_rp_inst(ri, &empty_rp); + + if (orig_ret_address != trampoline_address) + /* + * This is the real return address. Any other + * instances associated with this task are for + * other calls deeper on the call stack + */ + break; + } + kretprobe_assert(ri, orig_ret_address, trampoline_address); + + kretprobe_hash_unlock(current, &flags); + + hlist_for_each_entry_safe(ri, tmp, &empty_rp, hlist) { + hlist_del(&ri->hlist); + kfree(ri); + } /* * By returning a non-zero value, we are telling * kprobe_handler() that we don't want the post_handler @@ -412,7 +485,6 @@ void __kprobes arch_prepare_kretprobe(struct kretprobe_instance *ri, struct pt_regs *regs) { ri->ret_addr = (kprobe_opcode_t *)regs->b0; - ri->fp = NULL; /* Replace the return addr with trampoline addr */ regs->b0 = (unsigned long)dereference_function_descriptor(kretprobe_trampoline);

2 years, 12 months

3
3
0 0

[PATCH 1/3] crypto: rsa-pkcs1pad - correctly get hash from source scatterlist

by Eric Biggers

From: Eric Biggers <ebiggers(a)google.com> Commit c7381b012872 ("crypto: akcipher - new verify API for public key algorithms") changed akcipher_alg::verify to take in both the signature and the actual hash and do the signature verification, rather than just return the hash expected by the signature as was the case before. To do this, it implemented a hack where the signature and hash are concatenated with each other in one scatterlist. Obviously, for this to work correctly, akcipher_alg::verify needs to correctly extract the two items from the scatterlist it is given. Unfortunately, it doesn't correctly extract the hash in the case where the signature is longer than the RSA key size, as it assumes that the signature's length is equal to the RSA key size. This causes a prefix of the hash, or even the entire hash, to be taken from the *signature*. It is unclear whether the resulting scheme has any useful security properties. Fix this by correctly extracting the hash from the scatterlist. Fixes: c7381b012872 ("crypto: akcipher - new verify API for public key algorithms") Cc: <stable(a)vger.kernel.org> # v5.2+ Signed-off-by: Eric Biggers <ebiggers(a)google.com> --- crypto/rsa-pkcs1pad.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/rsa-pkcs1pad.c b/crypto/rsa-pkcs1pad.c index 1b3545781425..7b223adebabf 100644 --- a/crypto/rsa-pkcs1pad.c +++ b/crypto/rsa-pkcs1pad.c @@ -495,7 +495,7 @@ static int pkcs1pad_verify_complete(struct akcipher_request *req, int err) sg_nents_for_len(req->src, req->src_len + req->dst_len), req_ctx->out_buf + ctx->key_size, - req->dst_len, ctx->key_size); + req->dst_len, req->src_len); /* Do the actual verification step. */ if (memcmp(req_ctx->out_buf + ctx->key_size, out_buf + pos, req->dst_len) != 0) -- 2.34.1

2 years, 12 months

2
2
0 0

[PATCH net v3] net: phy: marvell: add Marvell specific PHY loopback

by Mohammad Athari Bin Ismail

Existing genphy_loopback() is not applicable for Marvell PHY. Besides configuring bit-6 and bit-13 in Page 0 Register 0 (Copper Control Register), it is also required to configure same bits in Page 2 Register 21 (MAC Specific Control Register 2) according to speed of the loopback is operating. Tested working on Marvell88E1510 PHY for all speeds (1000/100/10Mbps). FIXME: Based on trial and error test, it seem 1G need to have delay between soft reset and loopback enablement. Fixes: 014068dcb5b1 ("net: phy: genphy_loopback: add link speed configuration") Cc: <stable(a)vger.kernel.org> # 5.15.x Signed-off-by: Mohammad Athari Bin Ismail <mohammad.athari.ismail(a)intel.com> --- v3 changelog: - Use phy_write() to configure speed for BMCR. - Add error handling. All commented by Russell King <linux(a)armlinux.org.uk> v2 changelog: - For loopback enabled, add bit-6 and bit-13 configuration in both Page 0 Register 0 and Page 2 Register 21. Commented by Heiner Kallweit <hkallweit1(a)gmail.com>. - For loopback disabled, follow genphy_loopback() implementation --- drivers/net/phy/marvell.c | 56 ++++++++++++++++++++++++++++++++++++++- 1 file changed, 55 insertions(+), 1 deletion(-) diff --git a/drivers/net/phy/marvell.c b/drivers/net/phy/marvell.c index 4fcfca4e1702..5c371c2de9a0 100644 --- a/drivers/net/phy/marvell.c +++ b/drivers/net/phy/marvell.c @@ -189,6 +189,8 @@ #define MII_88E1510_GEN_CTRL_REG_1_MODE_RGMII_SGMII 0x4 #define MII_88E1510_GEN_CTRL_REG_1_RESET 0x8000 /* Soft reset */ +#define MII_88E1510_MSCR_2 0x15 + #define MII_VCT5_TX_RX_MDI0_COUPLING 0x10 #define MII_VCT5_TX_RX_MDI1_COUPLING 0x11 #define MII_VCT5_TX_RX_MDI2_COUPLING 0x12 @@ -1932,6 +1934,58 @@ static void marvell_get_stats(struct phy_device *phydev, data[i] = marvell_get_stat(phydev, i); } +static int marvell_loopback(struct phy_device *phydev, bool enable) +{ + int err; + + if (enable) { + u16 bmcr_ctl = 0, mscr2_ctl = 0; + + if (phydev->speed == SPEED_1000) + bmcr_ctl = BMCR_SPEED1000; + else if (phydev->speed == SPEED_100) + bmcr_ctl = BMCR_SPEED100; + + if (phydev->duplex == DUPLEX_FULL) + bmcr_ctl |= BMCR_FULLDPLX; + + err = phy_write(phydev, MII_BMCR, bmcr_ctl); + if (err < 0) + return err; + + if (phydev->speed == SPEED_1000) + mscr2_ctl = BMCR_SPEED1000; + else if (phydev->speed == SPEED_100) + mscr2_ctl = BMCR_SPEED100; + + err = phy_modify_paged(phydev, MII_MARVELL_MSCR_PAGE, + MII_88E1510_MSCR_2, BMCR_SPEED1000 | + BMCR_SPEED100, mscr2_ctl); + if (err < 0) + return err; + + /* Need soft reset to have speed configuration takes effect */ + err = genphy_soft_reset(phydev); + if (err < 0) + return err; + + /* FIXME: Based on trial and error test, it seem 1G need to have + * delay between soft reset and loopback enablement. + */ + if (phydev->speed == SPEED_1000) + msleep(1000); + + return phy_modify(phydev, MII_BMCR, BMCR_LOOPBACK, + BMCR_LOOPBACK); + } else { + err = phy_modify(phydev, MII_BMCR, BMCR_LOOPBACK, 0); + if (err < 0) + return err; + + return phy_config_aneg(phydev); + } +} + static int marvell_vct5_wait_complete(struct phy_device *phydev) { int i; @@ -3078,7 +3132,7 @@ static struct phy_driver marvell_drivers[] = { .get_sset_count = marvell_get_sset_count, .get_strings = marvell_get_strings, .get_stats = marvell_get_stats, - .set_loopback = genphy_loopback, + .set_loopback = marvell_loopback, .get_tunable = m88e1011_get_tunable, .set_tunable = m88e1011_set_tunable, .cable_test_start = marvell_vct7_cable_test_start, -- 2.17.1

2 years, 12 months

3
2
0 0

<> Rank pharma or adult sites with blackhat SEO <>

by Elena

Special Blackhat plans for special website needs https://blackhatseoservices.tk/ Unsubscribe: https://mgdots.co/unsubscribe/

2 years, 12 months

1
0
0 0

[PATCH v2 1/4] KVM: x86/mmu: Fix write-protection of PTs mapped by the TDP MMU

by David Matlack

When the TDP MMU is write-protection GFNs for page table protection (as opposed to for dirty logging, or due to the HVA not being writable), it checks if the SPTE is already write-protected and if so skips modifying the SPTE and the TLB flush. This behavior is incorrect because the SPTE may be write-protected for dirty logging. This implies that the SPTE could be locklessly be made writable on the next write access, and that vCPUs could still be running with writable SPTEs cached in their TLB. Fix this by only skipping setting the SPTE if the SPTE is already write-protected *and* MMU-writable is already clear. Fixes: 46044f72c382 ("kvm: x86/mmu: Support write protection for nesting in tdp MMU") Cc: stable(a)vger.kernel.org Signed-off-by: David Matlack <dmatlack(a)google.com> --- arch/x86/kvm/mmu/tdp_mmu.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/x86/kvm/mmu/tdp_mmu.c b/arch/x86/kvm/mmu/tdp_mmu.c index 7b1bc816b7c3..bc9e3553fba2 100644 --- a/arch/x86/kvm/mmu/tdp_mmu.c +++ b/arch/x86/kvm/mmu/tdp_mmu.c @@ -1442,12 +1442,12 @@ static bool write_protect_gfn(struct kvm *kvm, struct kvm_mmu_page *root, !is_last_spte(iter.old_spte, iter.level)) continue; - if (!is_writable_pte(iter.old_spte)) - break; - new_spte = iter.old_spte & ~(PT_WRITABLE_MASK | shadow_mmu_writable_mask); + if (new_spte == iter.old_spte) + break; + tdp_mmu_set_spte(kvm, &iter, new_spte); spte_set = true; } base-commit: fea31d1690945e6dd6c3e89ec5591490857bc3d4 -- 2.34.1.703.g22d0c6ccf7-goog

2 years, 12 months

2
1
0 0

stable-rc/queue/4.14 baseline: 120 runs, 1 regressions (v4.14.262-10-g2c80b66182ea)

by kernelci.org bot

stable-rc/queue/4.14 baseline: 120 runs, 1 regressions (v4.14.262-10-g2c80b66182ea) Regressions Summary ------------------- platform | arch | lab | compiler | defconfig | regressions ---------+------+---------------+----------+---------------------+------------ panda | arm | lab-collabora | gcc-10 | omap2plus_defconfig | 1 Details: https://kernelci.org/test/job/stable-rc/branch/queue%2F4.14/kernel/v4.14.26… Test: baseline Tree: stable-rc Branch: queue/4.14 Describe: v4.14.262-10-g2c80b66182ea URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git SHA: 2c80b66182ea2f5db89b3db12808225a84b99979 Test Regressions ---------------- platform | arch | lab | compiler | defconfig | regressions ---------+------+---------------+----------+---------------------+------------ panda | arm | lab-collabora | gcc-10 | omap2plus_defconfig | 1 Details: https://kernelci.org/test/plan/id/61e1d243fd6e19c5b1ef6748 Results: 4 PASS, 1 FAIL, 1 SKIP Full config: omap2plus_defconfig Compiler: gcc-10 (arm-linux-gnueabihf-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable-rc/queue-4.14/v4.14.262-10-g2c80b66182… HTML log: https://storage.kernelci.org//stable-rc/queue-4.14/v4.14.262-10-g2c80b66182… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2021… * baseline.dmesg.emerg: https://kernelci.org/test/case/id/61e1d243fd6e19c5b1ef674b failing since 11 days (last pass: v4.14.260-5-g5ba2b1f2b4df, first fail: v4.14.260-9-gb7bb5018400c) 2 lines 2022-01-14T19:42:41.049463 kern :emerg : BUG: spinlock bad magic on CPU#0, udevd/101 2022-01-14T19:42:41.058401 kern :emerg : lock: emif_lock+0x0/0xffffed3c [emif], .magic: dead4ead, .owner: <none>/-1, .owner_cpu: -1 2022-01-14T19:42:41.075479 [ 20.177490] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=emerg RESULT=fail UNITS=lines MEASUREMENT=2>

2 years, 12 months

1
0
0 0

stable-rc/queue/5.10 baseline: 140 runs, 1 regressions (v5.10.91-25-g3eccd3159d8f)

by kernelci.org bot

stable-rc/queue/5.10 baseline: 140 runs, 1 regressions (v5.10.91-25-g3eccd3159d8f) Regressions Summary ------------------- platform | arch | lab | compiler | defconfig | regressions ---------------------+-------+--------------+----------+-----------+------------ meson-gxl-s905d-p230 | arm64 | lab-baylibre | gcc-10 | defconfig | 1 Details: https://kernelci.org/test/job/stable-rc/branch/queue%2F5.10/kernel/v5.10.91… Test: baseline Tree: stable-rc Branch: queue/5.10 Describe: v5.10.91-25-g3eccd3159d8f URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git SHA: 3eccd3159d8f80879941c0ecf50fa20cabec9ef8 Test Regressions ---------------- platform | arch | lab | compiler | defconfig | regressions ---------------------+-------+--------------+----------+-----------+------------ meson-gxl-s905d-p230 | arm64 | lab-baylibre | gcc-10 | defconfig | 1 Details: https://kernelci.org/test/plan/id/61e1c3de840dc9e3a4ef6740 Results: 0 PASS, 1 FAIL, 0 SKIP Full config: defconfig Compiler: gcc-10 (aarch64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable-rc/queue-5.10/v5.10.91-25-g3eccd3159d8… HTML log: https://storage.kernelci.org//stable-rc/queue-5.10/v5.10.91-25-g3eccd3159d8… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2021… * baseline.login: https://kernelci.org/test/case/id/61e1c3de840dc9e3a4ef6741 new failure (last pass: v5.10.91-25-g1763ee9718f9)

2 years, 12 months

1
0
0 0

[patch 087/146] mm/page_alloc.c: do not warn allocation failure on zone DMA if no managed pages

by Andrew Morton

From: Baoquan He <bhe(a)redhat.com> Subject: mm/page_alloc.c: do not warn allocation failure on zone DMA if no managed pages In kdump kernel of x86_64, page allocation failure is observed: kworker/u2:2: page allocation failure: order:0, mode:0xcc1(GFP_KERNEL|GFP_DMA), nodemask=(null),cpuset=/,mems_allowed=0 CPU: 0 PID: 55 Comm: kworker/u2:2 Not tainted 5.16.0-rc4+ #5 Hardware name: AMD Dinar/Dinar, BIOS RDN1505B 06/05/2013 Workqueue: events_unbound async_run_entry_fn Call Trace: <TASK> dump_stack_lvl+0x48/0x5e warn_alloc.cold+0x72/0xd6 __alloc_pages_slowpath.constprop.0+0xc69/0xcd0 __alloc_pages+0x1df/0x210 new_slab+0x389/0x4d0 ___slab_alloc+0x58f/0x770 __slab_alloc.constprop.0+0x4a/0x80 kmem_cache_alloc_trace+0x24b/0x2c0 sr_probe+0x1db/0x620 ...... device_add+0x405/0x920 ...... __scsi_add_device+0xe5/0x100 ata_scsi_scan_host+0x97/0x1d0 async_run_entry_fn+0x30/0x130 process_one_work+0x1e8/0x3c0 worker_thread+0x50/0x3b0 ? rescuer_thread+0x350/0x350 kthread+0x16b/0x190 ? set_kthread_struct+0x40/0x40 ret_from_fork+0x22/0x30 </TASK> Mem-Info: ...... The above failure happened when calling kmalloc() to allocate buffer with GFP_DMA. It requests to allocate slab page from DMA zone while no managed pages at all in there. sr_probe() --> get_capabilities() --> buffer = kmalloc(512, GFP_KERNEL | GFP_DMA); Because in the current kernel, dma-kmalloc will be created as long as CONFIG_ZONE_DMA is enabled. However, kdump kernel of x86_64 doesn't have managed pages on DMA zone since commit 6f599d84231f ("x86/kdump: Always reserve the low 1M when the crashkernel option is specified"). The failure can be always reproduced. For now, let's mute the warning of allocation failure if requesting pages from DMA zone while no managed pages. [akpm(a)linux-foundation.org: fix warning] Link: https://lkml.kernel.org/r/20211223094435.248523-4-bhe@redhat.com Fixes: 6f599d84231f ("x86/kdump: Always reserve the low 1M when the crashkernel option is specified") Signed-off-by: Baoquan He <bhe(a)redhat.com> Acked-by: John Donnelly <john.p.donnelly(a)oracle.com> Reviewed-by: Hyeonggon Yoo <42.hyeyoo(a)gmail.com> Cc: Christoph Lameter <cl(a)linux.com> Cc: Pekka Enberg <penberg(a)kernel.org> Cc: David Rientjes <rientjes(a)google.com> Cc: Joonsoo Kim <iamjoonsoo.kim(a)lge.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Borislav Petkov <bp(a)alien8.de> Cc: Christoph Hellwig <hch(a)lst.de> Cc: David Hildenbrand <david(a)redhat.com> Cc: David Laight <David.Laight(a)ACULAB.COM> Cc: Marek Szyprowski <m.szyprowski(a)samsung.com> Cc: Robin Murphy <robin.murphy(a)arm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/page_alloc.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/mm/page_alloc.c~mm-page_allocc-do-not-warn-allocation-failure-on-zone-dma-if-no-managed-pages +++ a/mm/page_alloc.c @@ -4218,7 +4218,9 @@ void warn_alloc(gfp_t gfp_mask, nodemask va_list args; static DEFINE_RATELIMIT_STATE(nopage_rs, 10*HZ, 1); - if ((gfp_mask & __GFP_NOWARN) || !__ratelimit(&nopage_rs)) + if ((gfp_mask & __GFP_NOWARN) || + !__ratelimit(&nopage_rs) || + ((gfp_mask & __GFP_DMA) && !has_managed_dma())) return; va_start(args, fmt); _

2 years, 12 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror January 2022