January 2022 - Linux-stable-mirror

Backport memcg flush improvements into 5.15

by Ivan Babrou

Hello, We've seen a significant perf degradation when reading a tmpfs file swapped into zram between 5.10 and 5.15. The source of the issue is: * aa48e47e3906: memcg: infrastructure to flush memcg stats There's a couple of commits that helps to bridge the gap in 5.16: * 11192d9c124d: memcg: flush stats only if updated * fd25a9e0e23b: memcg: unify memcg stat flushing Both of these apply cleanly and Shakeel (the author) has okayed the backport from his end. He also suggested backporting the following: * 5b3be698a872: memcg: better bounds on the memcg stats updates I personally did not test this one, but it applies cleanly, so there's probably no harm. I cc'd Shakeel in case you want confirmation on that. It's not a part of any tag yet. Please backport all three (or at least the first two) to 5.15 LTS. Thanks!

2 years, 11 months

3
2
0 0

stable-rc/queue/4.9 baseline: 104 runs, 1 regressions (v4.9.297-154-ga1ec7e699381)

by kernelci.org bot

stable-rc/queue/4.9 baseline: 104 runs, 1 regressions (v4.9.297-154-ga1ec7e699381) Regressions Summary ------------------- platform | arch | lab | compiler | defconfig | regressions ---------+------+---------------+----------+---------------------+------------ panda | arm | lab-collabora | gcc-10 | omap2plus_defconfig | 1 Details: https://kernelci.org/test/job/stable-rc/branch/queue%2F4.9/kernel/v4.9.297-… Test: baseline Tree: stable-rc Branch: queue/4.9 Describe: v4.9.297-154-ga1ec7e699381 URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git SHA: a1ec7e699381ad0c9a81a8bcb926eb3a780a2abe Test Regressions ---------------- platform | arch | lab | compiler | defconfig | regressions ---------+------+---------------+----------+---------------------+------------ panda | arm | lab-collabora | gcc-10 | omap2plus_defconfig | 1 Details: https://kernelci.org/test/plan/id/61f2846a3df10dd3a5abbd12 Results: 4 PASS, 1 FAIL, 1 SKIP Full config: omap2plus_defconfig Compiler: gcc-10 (arm-linux-gnueabihf-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable-rc/queue-4.9/v4.9.297-154-ga1ec7e69938… HTML log: https://storage.kernelci.org//stable-rc/queue-4.9/v4.9.297-154-ga1ec7e69938… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2022… * baseline.dmesg.emerg: https://kernelci.org/test/case/id/61f2846a3df10dd3a5abbd18 failing since 2 days (last pass: v4.9.297-124-g1de5c6722df5, first fail: v4.9.297-150-g86d4516a7d68) 2 lines 2022-01-27T11:39:16.567279 [ 20.079559] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=alert RESULT=pass UNITS=lines MEASUREMENT=0> 2022-01-27T11:39:16.610247 kern :emerg : BUG: spinlock bad magic on CPU#0, udevd/121 2022-01-27T11:39:16.619242 kern :emerg : lock: emif_lock+0x0/0xfffff230 [emif], .magic: dead4ead, .owner: <none>/-1, .owner_cpu: -1

2 years, 11 months

1
0
0 0

[PATCH 4.19 0/1] Fix UBSAN: undefined-behaviour in maybe_deliver

by Huang Guobin

There is a syzkaller problem for Linux 4.19 last for over 1 year: https://www.syzkaller.appspot.com/bug?id=288ae4752bb930c26369d675316de03102… Mainline patch 7d850abd5f4e(net: bridge: add support for port isolation) introduces the BR_ISOLATED feature, a pair of ports with the BR_ISOLATED option set cannot communicate with each other. This feature applies only to ingress flow, not egress flow. However, the function br_skb_isolated that checks if an interface is isolated will be used not only for the ingress path, but also for the egress path. Since Linux-4.19 not merge the mainline patch fd65e5a95d0838(net: bridge: clear bridge's private skb space on xmit), the value of skb->cb is unde- fined because it is not initialized. Therefore, checking BR_INPUT_SKB_CB(skb)->src_port_isolated on the egress path will access an undefined value, resulting in an error in the judgment of br_skb_isolated. UBSAN triggers an alarm by finding undefined BR_INPUT_SKB_CB(skb)->src_port_isolated. So cherry-pick mainline patch fd65e5a95d0838(net: bridge: clear bridge's private skb space on xmit) to Linux 4.19 to fix it. Nikolay Aleksandrov (1): net: bridge: clear bridge's private skb space on xmit net/bridge/br_device.c | 2 ++ 1 file changed, 2 insertions(+) -- 2.25.1

2 years, 11 months

2
2
0 0

[PATCH v2 4.9 1/3] ion: Fix use after free during ION_IOC_ALLOC

by Lee Jones

From: Daniel Rosenberg <drosen(a)google.com> If a user happens to call ION_IOC_FREE during an ION_IOC_ALLOC on the just allocated id, and the copy_to_user fails, the cleanup code will attempt to free an already freed handle. This adds a wrapper for ion_alloc that adds an ion_handle_get to avoid this. Signed-off-by: Daniel Rosenberg <drosen(a)google.com> Signed-off-by: Dennis Cagle <d-cagle(a)codeaurora.org> Signed-off-by: Patrick Daly <pdaly(a)codeaurora.org> Signed-off-by: Lee Jones <lee.jones(a)linaro.org> --- NB: These are Android patches that were not sent to Mainline. Only v4.9 is affected by these issues due to refactoring. drivers/staging/android/ion/ion-ioctl.c | 14 +++++++++----- drivers/staging/android/ion/ion.c | 15 ++++++++++++--- drivers/staging/android/ion/ion.h | 4 ++++ 3 files changed, 25 insertions(+), 8 deletions(-) diff --git a/drivers/staging/android/ion/ion-ioctl.c b/drivers/staging/android/ion/ion-ioctl.c index e3596855a7031..f260e0e70488f 100644 --- a/drivers/staging/android/ion/ion-ioctl.c +++ b/drivers/staging/android/ion/ion-ioctl.c @@ -96,10 +96,10 @@ long ion_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) { struct ion_handle *handle; - handle = ion_alloc(client, data.allocation.len, - data.allocation.align, - data.allocation.heap_id_mask, - data.allocation.flags); + handle = __ion_alloc(client, data.allocation.len, + data.allocation.align, + data.allocation.heap_id_mask, + data.allocation.flags, true); if (IS_ERR(handle)) return PTR_ERR(handle); @@ -174,10 +174,14 @@ long ion_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) if (dir & _IOC_READ) { if (copy_to_user((void __user *)arg, &data, _IOC_SIZE(cmd))) { - if (cleanup_handle) + if (cleanup_handle) { ion_free(client, cleanup_handle); + ion_handle_put(cleanup_handle); + } return -EFAULT; } } + if (cleanup_handle) + ion_handle_put(cleanup_handle); return ret; } diff --git a/drivers/staging/android/ion/ion.c b/drivers/staging/android/ion/ion.c index aac9b38b8c25c..4f769213be1b7 100644 --- a/drivers/staging/android/ion/ion.c +++ b/drivers/staging/android/ion/ion.c @@ -401,9 +401,9 @@ static int ion_handle_add(struct ion_client *client, struct ion_handle *handle) return 0; } -struct ion_handle *ion_alloc(struct ion_client *client, size_t len, - size_t align, unsigned int heap_id_mask, - unsigned int flags) +struct ion_handle *__ion_alloc(struct ion_client *client, size_t len, + size_t align, unsigned int heap_id_mask, + unsigned int flags, bool grab_handle) { struct ion_handle *handle; struct ion_device *dev = client->dev; @@ -453,6 +453,8 @@ struct ion_handle *ion_alloc(struct ion_client *client, size_t len, return handle; mutex_lock(&client->lock); + if (grab_handle) + ion_handle_get(handle); ret = ion_handle_add(client, handle); mutex_unlock(&client->lock); if (ret) { @@ -462,6 +464,13 @@ struct ion_handle *ion_alloc(struct ion_client *client, size_t len, return handle; } + +struct ion_handle *ion_alloc(struct ion_client *client, size_t len, + size_t align, unsigned int heap_id_mask, + unsigned int flags) +{ + return __ion_alloc(client, len, align, heap_id_mask, flags, false); +} EXPORT_SYMBOL(ion_alloc); void ion_free_nolock(struct ion_client *client, diff --git a/drivers/staging/android/ion/ion.h b/drivers/staging/android/ion/ion.h index 93dafb4586e43..cfa50dfb46edc 100644 --- a/drivers/staging/android/ion/ion.h +++ b/drivers/staging/android/ion/ion.h @@ -109,6 +109,10 @@ struct ion_handle *ion_alloc(struct ion_client *client, size_t len, size_t align, unsigned int heap_id_mask, unsigned int flags); +struct ion_handle *__ion_alloc(struct ion_client *client, size_t len, + size_t align, unsigned int heap_id_mask, + unsigned int flags, bool grab_handle); + /** * ion_free - free a handle * @client: the client -- 2.35.0.rc0.227.g00780c9af4-goog

2 years, 11 months

2
3
0 0

[4.9 PATCH] ARM: 8800/1: use choice for kernel unwinders

by Anders Roxell

From: Stefan Agner <stefan(a)agner.ch> commit f9b58e8c7d031b0daa5c9a9ee27f5a4028ba53ac upstream. While in theory multiple unwinders could be compiled in, it does not make sense in practise. Use a choice to make the unwinder selection mutually exclusive and mandatory. Already before this commit it has not been possible to deselect FRAME_POINTER. Remove the obsolete comment. Furthermore, to produce a meaningful backtrace with FRAME_POINTER enabled the kernel needs a specific function prologue: mov ip, sp stmfd sp!, {fp, ip, lr, pc} sub fp, ip, #4 To get to the required prologue gcc uses apcs and no-sched-prolog. This compiler options are not available on clang, and clang is not able to generate the required prologue. Make the FRAME_POINTER config symbol depending on !clang. Suggested-by: Arnd Bergmann <arnd(a)arndb.de> Signed-off-by: Stefan Agner <stefan(a)agner.ch> Reviewed-by: Arnd Bergmann <arnd(a)arndb.de> Signed-off-by: Russell King <rmk+kernel(a)armlinux.org.uk> Signed-off-by: Anders Roxell <anders.roxell(a)linaro.org> --- arch/arm/Kconfig.debug | 44 +++++++++++++++++++++++++++--------------- lib/Kconfig.debug | 6 +++--- 2 files changed, 31 insertions(+), 19 deletions(-) diff --git a/arch/arm/Kconfig.debug b/arch/arm/Kconfig.debug index 8349a171a8f3..e1d21c6449ea 100644 --- a/arch/arm/Kconfig.debug +++ b/arch/arm/Kconfig.debug @@ -15,30 +15,42 @@ config ARM_PTDUMP kernel. If in doubt, say "N" -# RMK wants arm kernels compiled with frame pointers or stack unwinding. -# If you know what you are doing and are willing to live without stack -# traces, you can get a slightly smaller kernel by setting this option to -# n, but then RMK will have to kill you ;). -config FRAME_POINTER - bool - depends on !THUMB2_KERNEL - default y if !ARM_UNWIND || FUNCTION_GRAPH_TRACER +choice + prompt "Choose kernel unwinder" + default UNWINDER_ARM if AEABI && !FUNCTION_GRAPH_TRACER + default UNWINDER_FRAME_POINTER if !AEABI || FUNCTION_GRAPH_TRACER + help + This determines which method will be used for unwinding kernel stack + traces for panics, oopses, bugs, warnings, perf, /proc/<pid>/stack, + livepatch, lockdep, and more. + +config UNWINDER_FRAME_POINTER + bool "Frame pointer unwinder" + depends on !THUMB2_KERNEL && !CC_IS_CLANG + select ARCH_WANT_FRAME_POINTERS + select FRAME_POINTER help - If you say N here, the resulting kernel will be slightly smaller and - faster. However, if neither FRAME_POINTER nor ARM_UNWIND are enabled, - when a problem occurs with the kernel, the information that is - reported is severely limited. + This option enables the frame pointer unwinder for unwinding + kernel stack traces. -config ARM_UNWIND - bool "Enable stack unwinding support (EXPERIMENTAL)" +config UNWINDER_ARM + bool "ARM EABI stack unwinder" depends on AEABI - default y + select ARM_UNWIND help This option enables stack unwinding support in the kernel using the information automatically generated by the compiler. The resulting kernel image is slightly bigger but the performance is not affected. Currently, this feature - only works with EABI compilers. If unsure say Y. + only works with EABI compilers. + +endchoice + +config ARM_UNWIND + bool + +config FRAME_POINTER + bool config OLD_MCOUNT bool diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug index bc5ff3a53d4a..e7addfcd302f 100644 --- a/lib/Kconfig.debug +++ b/lib/Kconfig.debug @@ -1091,7 +1091,7 @@ config LOCKDEP bool depends on DEBUG_KERNEL && TRACE_IRQFLAGS_SUPPORT && STACKTRACE_SUPPORT && LOCKDEP_SUPPORT select STACKTRACE - select FRAME_POINTER if !MIPS && !PPC && !ARM_UNWIND && !S390 && !MICROBLAZE && !ARC && !SCORE + select FRAME_POINTER if !MIPS && !PPC && !ARM && !S390 && !MICROBLAZE && !ARC && !SCORE select KALLSYMS select KALLSYMS_ALL @@ -1670,7 +1670,7 @@ config FAULT_INJECTION_STACKTRACE_FILTER depends on FAULT_INJECTION_DEBUG_FS && STACKTRACE_SUPPORT depends on !X86_64 select STACKTRACE - select FRAME_POINTER if !MIPS && !PPC && !S390 && !MICROBLAZE && !ARM_UNWIND && !ARC && !SCORE + select FRAME_POINTER if !MIPS && !PPC && !S390 && !MICROBLAZE && !ARM && !ARC && !SCORE help Provide stacktrace filter for fault-injection capabilities @@ -1679,7 +1679,7 @@ config LATENCYTOP depends on DEBUG_KERNEL depends on STACKTRACE_SUPPORT depends on PROC_FS - select FRAME_POINTER if !MIPS && !PPC && !S390 && !MICROBLAZE && !ARM_UNWIND && !ARC + select FRAME_POINTER if !MIPS && !PPC && !S390 && !MICROBLAZE && !ARM && !ARC select KALLSYMS select KALLSYMS_ALL select STACKTRACE -- 2.34.1

2 years, 11 months

2
1
0 0

[PATCH 4.9] media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt()

by Ben Hutchings

From: Dan Carpenter <dan.carpenter(a)oracle.com> commit 35d2969ea3c7d32aee78066b1f3cf61a0d935a4e upstream. The bounds checking in avc_ca_pmt() is not strict enough. It should be checking "read_pos + 4" because it's reading 5 bytes. If the "es_info_length" is non-zero then it reads a 6th byte so there needs to be an additional check for that. I also added checks for the "write_pos". I don't think these are required because "read_pos" and "write_pos" are tied together so checking one ought to be enough. But they make the code easier to understand for me. The check on write_pos is: if (write_pos + 4 >= sizeof(c->operand) - 4) { The first "+ 4" is because we're writing 5 bytes and the last " - 4" is to leave space for the CRC. The other problem is that "length" can be invalid. It comes from "data_length" in fdtv_ca_pmt(). Cc: stable(a)vger.kernel.org Reported-by: Luo Likang <luolikang(a)nsfocus.com> Signed-off-by: Dan Carpenter <dan.carpenter(a)oracle.com> Signed-off-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> [bwh: Backported to 4.9: adjust context] Signed-off-by: Ben Hutchings <ben(a)decadent.org.uk> --- drivers/media/firewire/firedtv-avc.c | 14 +++++++++++--- drivers/media/firewire/firedtv-ci.c | 2 ++ 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/drivers/media/firewire/firedtv-avc.c b/drivers/media/firewire/firedtv-avc.c index 280b5ffea592..3a373711f5ad 100644 --- a/drivers/media/firewire/firedtv-avc.c +++ b/drivers/media/firewire/firedtv-avc.c @@ -1169,7 +1169,11 @@ int avc_ca_pmt(struct firedtv *fdtv, char *msg, int length) read_pos += program_info_length; write_pos += program_info_length; } - while (read_pos < length) { + while (read_pos + 4 < length) { + if (write_pos + 4 >= sizeof(c->operand) - 4) { + ret = -EINVAL; + goto out; + } c->operand[write_pos++] = msg[read_pos++]; c->operand[write_pos++] = msg[read_pos++]; c->operand[write_pos++] = msg[read_pos++]; @@ -1181,13 +1185,17 @@ int avc_ca_pmt(struct firedtv *fdtv, char *msg, int length) c->operand[write_pos++] = es_info_length >> 8; c->operand[write_pos++] = es_info_length & 0xff; if (es_info_length > 0) { + if (read_pos >= length) { + ret = -EINVAL; + goto out; + } pmt_cmd_id = msg[read_pos++]; if (pmt_cmd_id != 1 && pmt_cmd_id != 4) dev_err(fdtv->device, "invalid pmt_cmd_id %d " "at stream level\n", pmt_cmd_id); - if (es_info_length > sizeof(c->operand) - 4 - - write_pos) { + if (es_info_length > sizeof(c->operand) - 4 - write_pos || + es_info_length > length - read_pos) { ret = -EINVAL; goto out; } diff --git a/drivers/media/firewire/firedtv-ci.c b/drivers/media/firewire/firedtv-ci.c index edbb30fdd9d9..93fb4b7312af 100644 --- a/drivers/media/firewire/firedtv-ci.c +++ b/drivers/media/firewire/firedtv-ci.c @@ -138,6 +138,8 @@ static int fdtv_ca_pmt(struct firedtv *fdtv, void *arg) } else { data_length = msg->msg[3]; } + if (data_length > sizeof(msg->msg) - data_pos) + return -EINVAL; return avc_ca_pmt(fdtv, &msg->msg[data_pos], data_length); }

2 years, 11 months

2
1
0 0

[PATCH for stable 5.x] rcu: Tighten rcu_advance_cbs_nowake() checks

by Guillaume Morin

Paul, I believe commit 614ddad17f22a22e035e2ea37a04815f50362017 (slated for 5.17) should be queued for all 5.4+ stable branches as it fixes a serious lockup bug. FWIW I have verified it applies cleanly on all 4 branches. Does that make sense to you? Guillaume. -- Guillaume Morin <guillaume(a)morinfr.org>

2 years, 11 months

4
9
0 0

stable/linux-5.4.y baseline: 183 runs, 4 regressions (v5.4.174)

by kernelci.org bot

stable/linux-5.4.y baseline: 183 runs, 4 regressions (v5.4.174) Regressions Summary ------------------- platform | arch | lab | compiler | defconfig | regressions -------------------------+------+--------------+----------+--------------------+------------ qemu_arm-virt-gicv2-uefi | arm | lab-baylibre | gcc-10 | multi_v7_defconfig | 1 qemu_arm-virt-gicv2-uefi | arm | lab-broonie | gcc-10 | multi_v7_defconfig | 1 qemu_arm-virt-gicv3-uefi | arm | lab-baylibre | gcc-10 | multi_v7_defconfig | 1 qemu_arm-virt-gicv3-uefi | arm | lab-broonie | gcc-10 | multi_v7_defconfig | 1 Details: https://kernelci.org/test/job/stable/branch/linux-5.4.y/kernel/v5.4.174/pla… Test: baseline Tree: stable Branch: linux-5.4.y Describe: v5.4.174 URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git SHA: 411d8da1c84369f4d4eef7dd55766dffc0a169fd Test Regressions ---------------- platform | arch | lab | compiler | defconfig | regressions -------------------------+------+--------------+----------+--------------------+------------ qemu_arm-virt-gicv2-uefi | arm | lab-baylibre | gcc-10 | multi_v7_defconfig | 1 Details: https://kernelci.org/test/plan/id/61f2817a0ce0c171fbabbd3e Results: 0 PASS, 1 FAIL, 0 SKIP Full config: multi_v7_defconfig Compiler: gcc-10 (arm-linux-gnueabihf-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable/linux-5.4.y/v5.4.174/arm/multi_v7_defc… HTML log: https://storage.kernelci.org//stable/linux-5.4.y/v5.4.174/arm/multi_v7_defc… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2022… * baseline.login: https://kernelci.org/test/case/id/61f2817a0ce0c171fbabbd3f failing since 41 days (last pass: v5.4.166, first fail: v5.4.167) platform | arch | lab | compiler | defconfig | regressions -------------------------+------+--------------+----------+--------------------+------------ qemu_arm-virt-gicv2-uefi | arm | lab-broonie | gcc-10 | multi_v7_defconfig | 1 Details: https://kernelci.org/test/plan/id/61f28170d3da46af04abbd1c Results: 0 PASS, 1 FAIL, 0 SKIP Full config: multi_v7_defconfig Compiler: gcc-10 (arm-linux-gnueabihf-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable/linux-5.4.y/v5.4.174/arm/multi_v7_defc… HTML log: https://storage.kernelci.org//stable/linux-5.4.y/v5.4.174/arm/multi_v7_defc… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2022… * baseline.login: https://kernelci.org/test/case/id/61f28170d3da46af04abbd1d failing since 41 days (last pass: v5.4.166, first fail: v5.4.167) platform | arch | lab | compiler | defconfig | regressions -------------------------+------+--------------+----------+--------------------+------------ qemu_arm-virt-gicv3-uefi | arm | lab-baylibre | gcc-10 | multi_v7_defconfig | 1 Details: https://kernelci.org/test/plan/id/61f2817972c64cda9babbd4d Results: 0 PASS, 1 FAIL, 0 SKIP Full config: multi_v7_defconfig Compiler: gcc-10 (arm-linux-gnueabihf-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable/linux-5.4.y/v5.4.174/arm/multi_v7_defc… HTML log: https://storage.kernelci.org//stable/linux-5.4.y/v5.4.174/arm/multi_v7_defc… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2022… * baseline.login: https://kernelci.org/test/case/id/61f2817972c64cda9babbd4e failing since 41 days (last pass: v5.4.166, first fail: v5.4.167) platform | arch | lab | compiler | defconfig | regressions -------------------------+------+--------------+----------+--------------------+------------ qemu_arm-virt-gicv3-uefi | arm | lab-broonie | gcc-10 | multi_v7_defconfig | 1 Details: https://kernelci.org/test/plan/id/61f2816fd3da46af04abbd19 Results: 0 PASS, 1 FAIL, 0 SKIP Full config: multi_v7_defconfig Compiler: gcc-10 (arm-linux-gnueabihf-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable/linux-5.4.y/v5.4.174/arm/multi_v7_defc… HTML log: https://storage.kernelci.org//stable/linux-5.4.y/v5.4.174/arm/multi_v7_defc… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2022… * baseline.login: https://kernelci.org/test/case/id/61f2816fd3da46af04abbd1a failing since 41 days (last pass: v5.4.166, first fail: v5.4.167)

2 years, 11 months

1
0
0 0

[PATCH stable 5.16 1/2] bnx2x: Utilize firmware 7.13.21.0

by Manish Chopra

commit b7a49f73059fe6147b6b78e8f674ce0d21237432 upstream This new firmware addresses few important issues and enhancements as mentioned below - - Support direct invalidation of FP HSI Ver per function ID, required for invalidating FP HSI Ver prior to each VF start, as there is no VF start - BRB hardware block parity error detection support for the driver - Fix the FCOE underrun flow - Fix PSOD during FCoE BFS over the NIC ports after preboot driver - Maintains backward compatibility This patch incorporates this new firmware 7.13.21.0 in bnx2x driver. Signed-off-by: Manish Chopra <manishc(a)marvell.com> Signed-off-by: Prabhakar Kushwaha <pkushwaha(a)marvell.com> Signed-off-by: Alok Prasad <palok(a)marvell.com> Signed-off-by: Ariel Elior <aelior(a)marvell.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> --- drivers/net/ethernet/broadcom/bnx2x/bnx2x.h | 11 +++- drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 6 +- .../net/ethernet/broadcom/bnx2x/bnx2x_fw_defs.h | 2 + drivers/net/ethernet/broadcom/bnx2x/bnx2x_hsi.h | 3 +- drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 75 +++++++++++++++------- 5 files changed, 69 insertions(+), 28 deletions(-) diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x.h b/drivers/net/ethernet/broadcom/bnx2x/bnx2x.h index d049948..bb3ba61 100644 --- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x.h +++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x.h @@ -1850,6 +1850,14 @@ struct bnx2x { /* Vxlan/Geneve related information */ u16 udp_tunnel_ports[BNX2X_UDP_PORT_MAX]; + +#define FW_CAP_INVALIDATE_VF_FP_HSI BIT(0) + u32 fw_cap; + + u32 fw_major; + u32 fw_minor; + u32 fw_rev; + u32 fw_eng; }; /* Tx queues may be less or equal to Rx queues */ @@ -2526,5 +2534,6 @@ enum { * Meant for implicit re-load flows. */ int bnx2x_vlan_reconfigure_vid(struct bnx2x *bp); - +int bnx2x_init_firmware(struct bnx2x *bp); +void bnx2x_release_firmware(struct bnx2x *bp); #endif /* bnx2x.h */ diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c index 1a6ec1a..1083c5f 100644 --- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c +++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c @@ -2364,10 +2364,8 @@ int bnx2x_compare_fw_ver(struct bnx2x *bp, u32 load_code, bool print_err) if (load_code != FW_MSG_CODE_DRV_LOAD_COMMON_CHIP && load_code != FW_MSG_CODE_DRV_LOAD_COMMON) { /* build my FW version dword */ - u32 my_fw = (BCM_5710_FW_MAJOR_VERSION) + - (BCM_5710_FW_MINOR_VERSION << 8) + - (BCM_5710_FW_REVISION_VERSION << 16) + - (BCM_5710_FW_ENGINEERING_VERSION << 24); + u32 my_fw = (bp->fw_major) + (bp->fw_minor << 8) + + (bp->fw_rev << 16) + (bp->fw_eng << 24); /* read loaded FW from chip */ u32 loaded_fw = REG_RD(bp, XSEM_REG_PRAM); diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_fw_defs.h b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_fw_defs.h index 3f84352..a84d015 100644 --- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_fw_defs.h +++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_fw_defs.h @@ -241,6 +241,8 @@ IRO[221].m2)) #define XSTORM_VF_TO_PF_OFFSET(funcId) \ (IRO[48].base + ((funcId) * IRO[48].m1)) +#define XSTORM_ETH_FUNCTION_INFO_FP_HSI_VALID_E2_OFFSET(fid) \ + (IRO[386].base + ((fid) * IRO[386].m1)) #define COMMON_ASM_INVALID_ASSERT_OPCODE 0x0 /* eth hsi version */ diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_hsi.h b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_hsi.h index 622fadc..611efee 100644 --- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_hsi.h +++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_hsi.h @@ -3024,7 +3024,8 @@ struct afex_stats { #define BCM_5710_FW_MAJOR_VERSION 7 #define BCM_5710_FW_MINOR_VERSION 13 -#define BCM_5710_FW_REVISION_VERSION 15 +#define BCM_5710_FW_REVISION_VERSION 21 +#define BCM_5710_FW_REVISION_VERSION_V15 15 #define BCM_5710_FW_ENGINEERING_VERSION 0 #define BCM_5710_FW_COMPILE_FLAGS 1 diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c index 28069b2..9a86367 100644 --- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c +++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c @@ -74,9 +74,19 @@ __stringify(BCM_5710_FW_MINOR_VERSION) "." \ __stringify(BCM_5710_FW_REVISION_VERSION) "." \ __stringify(BCM_5710_FW_ENGINEERING_VERSION) + +#define FW_FILE_VERSION_V15 \ + __stringify(BCM_5710_FW_MAJOR_VERSION) "." \ + __stringify(BCM_5710_FW_MINOR_VERSION) "." \ + __stringify(BCM_5710_FW_REVISION_VERSION_V15) "." \ + __stringify(BCM_5710_FW_ENGINEERING_VERSION) + #define FW_FILE_NAME_E1 "bnx2x/bnx2x-e1-" FW_FILE_VERSION ".fw" #define FW_FILE_NAME_E1H "bnx2x/bnx2x-e1h-" FW_FILE_VERSION ".fw" #define FW_FILE_NAME_E2 "bnx2x/bnx2x-e2-" FW_FILE_VERSION ".fw" +#define FW_FILE_NAME_E1_V15 "bnx2x/bnx2x-e1-" FW_FILE_VERSION_V15 ".fw" +#define FW_FILE_NAME_E1H_V15 "bnx2x/bnx2x-e1h-" FW_FILE_VERSION_V15 ".fw" +#define FW_FILE_NAME_E2_V15 "bnx2x/bnx2x-e2-" FW_FILE_VERSION_V15 ".fw" /* Time in jiffies before concluding the transmitter is hung */ #define TX_TIMEOUT (5*HZ) @@ -747,9 +757,7 @@ static int bnx2x_mc_assert(struct bnx2x *bp) CHIP_IS_E1(bp) ? "everest1" : CHIP_IS_E1H(bp) ? "everest1h" : CHIP_IS_E2(bp) ? "everest2" : "everest3", - BCM_5710_FW_MAJOR_VERSION, - BCM_5710_FW_MINOR_VERSION, - BCM_5710_FW_REVISION_VERSION); + bp->fw_major, bp->fw_minor, bp->fw_rev); return rc; } @@ -12355,6 +12363,15 @@ static int bnx2x_init_bp(struct bnx2x *bp) bnx2x_read_fwinfo(bp); + if (IS_PF(bp)) { + rc = bnx2x_init_firmware(bp); + + if (rc) { + bnx2x_free_mem_bp(bp); + return rc; + } + } + func = BP_FUNC(bp); /* need to reset chip if undi was active */ @@ -12367,6 +12384,7 @@ static int bnx2x_init_bp(struct bnx2x *bp) rc = bnx2x_prev_unload(bp); if (rc) { + bnx2x_release_firmware(bp); bnx2x_free_mem_bp(bp); return rc; } @@ -13366,16 +13384,11 @@ static int bnx2x_check_firmware(struct bnx2x *bp) /* Check FW version */ offset = be32_to_cpu(fw_hdr->fw_version.offset); fw_ver = firmware->data + offset; - if ((fw_ver[0] != BCM_5710_FW_MAJOR_VERSION) || - (fw_ver[1] != BCM_5710_FW_MINOR_VERSION) || - (fw_ver[2] != BCM_5710_FW_REVISION_VERSION) || - (fw_ver[3] != BCM_5710_FW_ENGINEERING_VERSION)) { + if (fw_ver[0] != bp->fw_major || fw_ver[1] != bp->fw_minor || + fw_ver[2] != bp->fw_rev || fw_ver[3] != bp->fw_eng) { BNX2X_ERR("Bad FW version:%d.%d.%d.%d. Should be %d.%d.%d.%d\n", - fw_ver[0], fw_ver[1], fw_ver[2], fw_ver[3], - BCM_5710_FW_MAJOR_VERSION, - BCM_5710_FW_MINOR_VERSION, - BCM_5710_FW_REVISION_VERSION, - BCM_5710_FW_ENGINEERING_VERSION); + fw_ver[0], fw_ver[1], fw_ver[2], fw_ver[3], + bp->fw_major, bp->fw_minor, bp->fw_rev, bp->fw_eng); return -EINVAL; } @@ -13453,34 +13466,51 @@ static void be16_to_cpu_n(const u8 *_source, u8 *_target, u32 n) (u8 *)bp->arr, len); \ } while (0) -static int bnx2x_init_firmware(struct bnx2x *bp) +int bnx2x_init_firmware(struct bnx2x *bp) { - const char *fw_file_name; + const char *fw_file_name, *fw_file_name_v15; struct bnx2x_fw_file_hdr *fw_hdr; int rc; if (bp->firmware) return 0; - if (CHIP_IS_E1(bp)) + if (CHIP_IS_E1(bp)) { fw_file_name = FW_FILE_NAME_E1; - else if (CHIP_IS_E1H(bp)) + fw_file_name_v15 = FW_FILE_NAME_E1_V15; + } else if (CHIP_IS_E1H(bp)) { fw_file_name = FW_FILE_NAME_E1H; - else if (!CHIP_IS_E1x(bp)) + fw_file_name_v15 = FW_FILE_NAME_E1H_V15; + } else if (!CHIP_IS_E1x(bp)) { fw_file_name = FW_FILE_NAME_E2; - else { + fw_file_name_v15 = FW_FILE_NAME_E2_V15; + } else { BNX2X_ERR("Unsupported chip revision\n"); return -EINVAL; } + BNX2X_DEV_INFO("Loading %s\n", fw_file_name); rc = request_firmware(&bp->firmware, fw_file_name, &bp->pdev->dev); if (rc) { - BNX2X_ERR("Can't load firmware file %s\n", - fw_file_name); - goto request_firmware_exit; + BNX2X_DEV_INFO("Trying to load older fw %s\n", fw_file_name_v15); + + /* try to load prev version */ + rc = request_firmware(&bp->firmware, fw_file_name_v15, &bp->pdev->dev); + + if (rc) + goto request_firmware_exit; + + bp->fw_rev = BCM_5710_FW_REVISION_VERSION_V15; + } else { + bp->fw_cap |= FW_CAP_INVALIDATE_VF_FP_HSI; + bp->fw_rev = BCM_5710_FW_REVISION_VERSION; } + bp->fw_major = BCM_5710_FW_MAJOR_VERSION; + bp->fw_minor = BCM_5710_FW_MINOR_VERSION; + bp->fw_eng = BCM_5710_FW_ENGINEERING_VERSION; + rc = bnx2x_check_firmware(bp); if (rc) { BNX2X_ERR("Corrupt firmware file %s\n", fw_file_name); @@ -13536,7 +13566,7 @@ static int bnx2x_init_firmware(struct bnx2x *bp) return rc; } -static void bnx2x_release_firmware(struct bnx2x *bp) +void bnx2x_release_firmware(struct bnx2x *bp) { kfree(bp->init_ops_offsets); kfree(bp->init_ops); @@ -14053,6 +14083,7 @@ static int bnx2x_init_one(struct pci_dev *pdev, return 0; init_one_freemem: + bnx2x_release_firmware(bp); bnx2x_free_mem_bp(bp); init_one_exit: -- 1.8.3.1

2 years, 11 months

2
2
0 0

[PATCH stable-5.16] io_uring: fix not released cached task refs

by Pavel Begunkov

[ upstream commit 3cc7fdb9f90a25ae92250bf9e6cf3b9556b230e9 ] tctx_task_work() may get run after io_uring cancellation and so there will be no one to put cached in tctx task refs that may have been added back by tw handlers using inline completion infra, Call io_uring_drop_tctx_refs() at the end of the main tw handler to release them. Cc: stable(a)vger.kernel.org # 5.15+ Reported-by: Lukas Bulwahn <lukas.bulwahn(a)gmail.com> Fixes: e98e49b2bbf7 ("io_uring: extend task put optimisations") Signed-off-by: Pavel Begunkov <asml.silence(a)gmail.com> Link: https://lore.kernel.org/r/69f226b35fbdb996ab799a8bbc1c06bf634ccec1.16416888… Signed-off-by: Jens Axboe <axboe(a)kernel.dk> --- fs/io_uring.c | 34 +++++++++++++++++++++------------- 1 file changed, 21 insertions(+), 13 deletions(-) diff --git a/fs/io_uring.c b/fs/io_uring.c index fb2a0cb4aaf8..9cab29b6f579 100644 --- a/fs/io_uring.c +++ b/fs/io_uring.c @@ -1830,6 +1830,18 @@ static inline void io_get_task_refs(int nr) io_task_refs_refill(tctx); } +static __cold void io_uring_drop_tctx_refs(struct task_struct *task) +{ + struct io_uring_task *tctx = task->io_uring; + unsigned int refs = tctx->cached_refs; + + if (refs) { + tctx->cached_refs = 0; + percpu_counter_sub(&tctx->inflight, refs); + put_task_struct_many(task, refs); + } +} + static bool io_cqring_event_overflow(struct io_ring_ctx *ctx, u64 user_data, s32 res, u32 cflags) { @@ -2250,6 +2262,10 @@ static void tctx_task_work(struct callback_head *cb) } ctx_flush_and_put(ctx, &locked); + + /* relaxed read is enough as only the task itself sets ->in_idle */ + if (unlikely(atomic_read(&tctx->in_idle))) + io_uring_drop_tctx_refs(current); } static void io_req_task_work_add(struct io_kiocb *req) @@ -9814,18 +9830,6 @@ static s64 tctx_inflight(struct io_uring_task *tctx, bool tracked) return percpu_counter_sum(&tctx->inflight); } -static __cold void io_uring_drop_tctx_refs(struct task_struct *task) -{ - struct io_uring_task *tctx = task->io_uring; - unsigned int refs = tctx->cached_refs; - - if (refs) { - tctx->cached_refs = 0; - percpu_counter_sub(&tctx->inflight, refs); - put_task_struct_many(task, refs); - } -} - /* * Find any io_uring ctx that this task has registered or done IO on, and cancel * requests. @sqd should be not-null IFF it's an SQPOLL thread cancellation. @@ -9883,10 +9887,14 @@ static __cold void io_uring_cancel_generic(bool cancel_all, schedule(); finish_wait(&tctx->wait, &wait); } while (1); - atomic_dec(&tctx->in_idle); io_uring_clean_tctx(tctx); if (cancel_all) { + /* + * We shouldn't run task_works after cancel, so just leave + * ->in_idle set for normal exit. + */ + atomic_dec(&tctx->in_idle); /* for exec all current's requests should be gone, kill tctx */ __io_uring_free(current); } -- 2.34.1

2 years, 11 months

2
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror January 2022