June 2022 - Linux-stable-mirror

[PATCH v3] x86/sgx: Set active memcg prior to shmem allocation

by Kristen Carlson Accardi

When the system runs out of enclave memory, SGX can reclaim EPC pages by swapping to normal RAM. These backing pages are allocated via a per-enclave shared memory area. Since SGX allows unlimited over commit on EPC memory, the reclaimer thread can allocate a large number of backing RAM pages in response to EPC memory pressure. When the shared memory backing RAM allocation occurs during the reclaimer thread context, the shared memory is charged to the root memory control group, and the shmem usage of the enclave is not properly accounted for, making cgroups ineffective at limiting the amount of RAM an enclave can consume. For example, when using a cgroup to launch a set of test enclaves, the kernel does not properly account for 50% - 75% of shmem page allocations on average. In the worst case, when nearly all allocations occur during the reclaimer thread, the kernel accounts less than a percent of the amount of shmem used by the enclave's cgroup to the correct cgroup. SGX stores a list of mm_structs that are associated with an enclave. Pick one of them during reclaim and charge that mm's memcg with the shmem allocation. The one that gets picked is arbitrary, but this list almost always only has one mm. The cases where there is more than one mm with different memcg's are not worth considering. Create a new function - sgx_encl_alloc_backing(). This function is used whenever a new backing storage page needs to be allocated. Previously the same function was used for page allocation as well as retrieving a previously allocated page. Prior to backing page allocation, if there is a mm_struct associated with the enclave that is requesting the allocation, it is set as the active memory control group. Signed-off-by: Kristen Carlson Accardi <kristen(a)linux.intel.com> Reviewed-by: Shakeel Butt <shakeelb(a)google.com> Acked-by: Roman Gushchin <roman.gushchin(a)linux.dev> Cc: stable(a)vger.kernel.org --- V2 -> V3: Changed memcg variable names in sgx_encl_alloc_backing() and removed some whitespace. V1 -> V2: Changed sgx_encl_set_active_memcg() to simply return the correct memcg for the enclave and renamed to sgx_encl_get_mem_cgroup(). Created helper function current_is_ksgxd() to improve readability. Use mmget_not_zero()/mmput_async() when searching mm_list. Move call to set_active_memcg() to sgx_encl_alloc_backing() and use mem_cgroup_put() to avoid leaking a memcg reference. Address review feedback regarding comments and commit log. --- arch/x86/kernel/cpu/sgx/encl.c | 105 ++++++++++++++++++++++++++++++++- arch/x86/kernel/cpu/sgx/encl.h | 11 +++- arch/x86/kernel/cpu/sgx/main.c | 4 +- 3 files changed, 114 insertions(+), 6 deletions(-) diff --git a/arch/x86/kernel/cpu/sgx/encl.c b/arch/x86/kernel/cpu/sgx/encl.c index 001808e3901c..6f05e3d919f7 100644 --- a/arch/x86/kernel/cpu/sgx/encl.c +++ b/arch/x86/kernel/cpu/sgx/encl.c @@ -32,7 +32,7 @@ static int __sgx_encl_eldu(struct sgx_encl_page *encl_page, else page_index = PFN_DOWN(encl->size); - ret = sgx_encl_get_backing(encl, page_index, &b); + ret = sgx_encl_lookup_backing(encl, page_index, &b); if (ret) return ret; @@ -574,7 +574,7 @@ static struct page *sgx_encl_get_backing_page(struct sgx_encl *encl, * 0 on success, * -errno otherwise. */ -int sgx_encl_get_backing(struct sgx_encl *encl, unsigned long page_index, +static int sgx_encl_get_backing(struct sgx_encl *encl, unsigned long page_index, struct sgx_backing *backing) { pgoff_t pcmd_index = PFN_DOWN(encl->size) + 1 + (page_index >> 5); @@ -601,6 +601,107 @@ int sgx_encl_get_backing(struct sgx_encl *encl, unsigned long page_index, return 0; } +/* + * When called from ksgxd, returns the mem_cgroup of a struct mm stored + * in the enclave's mm_list. When not called from ksgxd, just returns + * the mem_cgroup of the current task. + */ +static struct mem_cgroup *sgx_encl_get_mem_cgroup(struct sgx_encl *encl) +{ + struct mem_cgroup *memcg = NULL; + struct sgx_encl_mm *encl_mm; + int idx; + + /* + * If called from normal task context, return the mem_cgroup + * of the current task's mm. The remainder of the handling is for + * ksgxd. + */ + if (!current_is_ksgxd()) + return get_mem_cgroup_from_mm(current->mm); + + /* + * Search the enclave's mm_list to find an mm associated with + * this enclave to charge the allocation to. + */ + idx = srcu_read_lock(&encl->srcu); + + list_for_each_entry_rcu(encl_mm, &encl->mm_list, list) { + if (!mmget_not_zero(encl_mm->mm)) + continue; + + memcg = get_mem_cgroup_from_mm(encl_mm->mm); + + mmput_async(encl_mm->mm); + + break; + } + + srcu_read_unlock(&encl->srcu, idx); + + /* + * In the rare case that there isn't an mm associated with + * the enclave, set memcg to the current active mem_cgroup. + * This will be the root mem_cgroup if there is no active + * mem_cgroup. + */ + if (!memcg) + return get_mem_cgroup_from_mm(NULL); + + return memcg; +} + +/** + * sgx_encl_alloc_backing() - allocate a new backing storage page + * @encl: an enclave pointer + * @page_index: enclave page index + * @backing: data for accessing backing storage for the page + * + * When called from ksgxd, sets the active memcg from one of the + * mms in the enclave's mm_list prior to any backing page allocation, + * in order to ensure that shmem page allocations are charged to the + * enclave. + * + * Return: + * 0 on success, + * -errno otherwise. + */ +int sgx_encl_alloc_backing(struct sgx_encl *encl, unsigned long page_index, + struct sgx_backing *backing) +{ + struct mem_cgroup *encl_memcg = sgx_encl_get_mem_cgroup(encl); + struct mem_cgroup *memcg = set_active_memcg(encl_memcg); + int ret; + + ret = sgx_encl_get_backing(encl, page_index, backing); + + set_active_memcg(memcg); + mem_cgroup_put(encl_memcg); + + return ret; +} + +/** + * sgx_encl_lookup_backing() - retrieve an existing backing storage page + * @encl: an enclave pointer + * @page_index: enclave page index + * @backing: data for accessing backing storage for the page + * + * Retrieve a backing page for loading data back into an EPC page with ELDU. + * It is the caller's responsibility to ensure that it is appropriate to use + * sgx_encl_lookup_backing() rather than sgx_encl_alloc_backing(). If lookup is + * not used correctly, this will cause an allocation which is not accounted for. + * + * Return: + * 0 on success, + * -errno otherwise. + */ +int sgx_encl_lookup_backing(struct sgx_encl *encl, unsigned long page_index, + struct sgx_backing *backing) +{ + return sgx_encl_get_backing(encl, page_index, backing); +} + /** * sgx_encl_put_backing() - Unpin the backing storage * @backing: data for accessing backing storage for the page diff --git a/arch/x86/kernel/cpu/sgx/encl.h b/arch/x86/kernel/cpu/sgx/encl.h index fec43ca65065..2de3b150ab00 100644 --- a/arch/x86/kernel/cpu/sgx/encl.h +++ b/arch/x86/kernel/cpu/sgx/encl.h @@ -100,13 +100,20 @@ static inline int sgx_encl_find(struct mm_struct *mm, unsigned long addr, return 0; } +static inline bool current_is_ksgxd(void) +{ + return current->mm ? false : true; +} + int sgx_encl_may_map(struct sgx_encl *encl, unsigned long start, unsigned long end, unsigned long vm_flags); void sgx_encl_release(struct kref *ref); int sgx_encl_mm_add(struct sgx_encl *encl, struct mm_struct *mm); -int sgx_encl_get_backing(struct sgx_encl *encl, unsigned long page_index, - struct sgx_backing *backing); +int sgx_encl_lookup_backing(struct sgx_encl *encl, unsigned long page_index, + struct sgx_backing *backing); +int sgx_encl_alloc_backing(struct sgx_encl *encl, unsigned long page_index, + struct sgx_backing *backing); void sgx_encl_put_backing(struct sgx_backing *backing, bool do_write); int sgx_encl_test_and_clear_young(struct mm_struct *mm, struct sgx_encl_page *page); diff --git a/arch/x86/kernel/cpu/sgx/main.c b/arch/x86/kernel/cpu/sgx/main.c index 4b41efc9e367..7d41c8538795 100644 --- a/arch/x86/kernel/cpu/sgx/main.c +++ b/arch/x86/kernel/cpu/sgx/main.c @@ -310,7 +310,7 @@ static void sgx_reclaimer_write(struct sgx_epc_page *epc_page, encl->secs_child_cnt--; if (!encl->secs_child_cnt && test_bit(SGX_ENCL_INITIALIZED, &encl->flags)) { - ret = sgx_encl_get_backing(encl, PFN_DOWN(encl->size), + ret = sgx_encl_alloc_backing(encl, PFN_DOWN(encl->size), &secs_backing); if (ret) goto out; @@ -381,7 +381,7 @@ static void sgx_reclaim_pages(void) goto skip; page_index = PFN_DOWN(encl_page->desc - encl_page->encl->base); - ret = sgx_encl_get_backing(encl_page->encl, page_index, &backing[i]); + ret = sgx_encl_alloc_backing(encl_page->encl, page_index, &backing[i]); if (ret) goto skip; -- 2.20.1

3 years, 6 months

3
2
0 0

[PATCH] assoc_array: Fix BUG_ON during garbage collect

by David Howells

From: Stephen Brennan <stephen.s.brennan(a)oracle.com> A rare BUG_ON triggered in assoc_array_gc: [3430308.818153] kernel BUG at lib/assoc_array.c:1609! Which corresponded to the statement currently at line 1593 upstream: BUG_ON(assoc_array_ptr_is_meta(p)); Using the data from the core dump, I was able to generate a userspace reproducer[1] and determine the cause of the bug. [1]: https://github.com/brenns10/kernel_stuff/tree/master/assoc_array_gc After running the iterator on the entire branch, an internal tree node looked like the following: NODE (nr_leaves_on_branch: 3) SLOT [0] NODE (2 leaves) SLOT [1] NODE (1 leaf) SLOT [2..f] NODE (empty) In the userspace reproducer, the pr_devel output when compressing this node was: -- compress node 0x5607cc089380 -- free=0, leaves=0 [0] retain node 2/1 [nx 0] [1] fold node 1/1 [nx 0] [2] fold node 0/1 [nx 2] [3] fold node 0/2 [nx 2] [4] fold node 0/3 [nx 2] [5] fold node 0/4 [nx 2] [6] fold node 0/5 [nx 2] [7] fold node 0/6 [nx 2] [8] fold node 0/7 [nx 2] [9] fold node 0/8 [nx 2] [10] fold node 0/9 [nx 2] [11] fold node 0/10 [nx 2] [12] fold node 0/11 [nx 2] [13] fold node 0/12 [nx 2] [14] fold node 0/13 [nx 2] [15] fold node 0/14 [nx 2] after: 3 At slot 0, an internal node with 2 leaves could not be folded into the node, because there was only one available slot (slot 0). Thus, the internal node was retained. At slot 1, the node had one leaf, and was able to be folded in successfully. The remaining nodes had no leaves, and so were removed. By the end of the compression stage, there were 14 free slots, and only 3 leaf nodes. The tree was ascended and then its parent node was compressed. When this node was seen, it could not be folded, due to the internal node it contained. The invariant for compression in this function is: whenever nr_leaves_on_branch < ASSOC_ARRAY_FAN_OUT, the node should contain all leaf nodes. The compression step currently cannot guarantee this, given the corner case shown above. To fix this issue, retry compression whenever we have retained a node, and yet nr_leaves_on_branch < ASSOC_ARRAY_FAN_OUT. This second compression will then allow the node in slot 1 to be folded in, satisfying the invariant. Below is the output of the reproducer once the fix is applied: -- compress node 0x560e9c562380 -- free=0, leaves=0 [0] retain node 2/1 [nx 0] [1] fold node 1/1 [nx 0] [2] fold node 0/1 [nx 2] [3] fold node 0/2 [nx 2] [4] fold node 0/3 [nx 2] [5] fold node 0/4 [nx 2] [6] fold node 0/5 [nx 2] [7] fold node 0/6 [nx 2] [8] fold node 0/7 [nx 2] [9] fold node 0/8 [nx 2] [10] fold node 0/9 [nx 2] [11] fold node 0/10 [nx 2] [12] fold node 0/11 [nx 2] [13] fold node 0/12 [nx 2] [14] fold node 0/13 [nx 2] [15] fold node 0/14 [nx 2] internal nodes remain despite enough space, retrying -- compress node 0x560e9c562380 -- free=14, leaves=1 [0] fold node 2/15 [nx 0] after: 3 Changes ======= DH: - Use false instead of 0. - Reorder the inserted lines in a couple of places to put retained before next_slot. ver #2) - Fix typo in pr_devel, correct comparison to "<=" Fixes: 3cb989501c26 ("Add a generic associative array implementation.") Cc: <stable(a)vger.kernel.org> Signed-off-by: Stephen Brennan <stephen.s.brennan(a)oracle.com> Signed-off-by: David Howells <dhowells(a)redhat.com> cc: Jarkko Sakkinen <jarkko(a)kernel.org> cc: Andrew Morton <akpm(a)linux-foundation.org> cc: keyrings(a)vger.kernel.org Link: https://lore.kernel.org/r/20220511225517.407935-1-stephen.s.brennan@oracle.… # v1 Link: https://lore.kernel.org/r/20220512215045.489140-1-stephen.s.brennan@oracle.… # v2 --- lib/assoc_array.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/lib/assoc_array.c b/lib/assoc_array.c index 079c72e26493..ca0b4f360c1a 100644 --- a/lib/assoc_array.c +++ b/lib/assoc_array.c @@ -1461,6 +1461,7 @@ int assoc_array_gc(struct assoc_array *array, struct assoc_array_ptr *cursor, *ptr; struct assoc_array_ptr *new_root, *new_parent, **new_ptr_pp; unsigned long nr_leaves_on_tree; + bool retained; int keylen, slot, nr_free, next_slot, i; pr_devel("-->%s()\n", __func__); @@ -1536,6 +1537,7 @@ int assoc_array_gc(struct assoc_array *array, goto descend; } +retry_compress: pr_devel("-- compress node %p --\n", new_n); /* Count up the number of empty slots in this node and work out the @@ -1553,6 +1555,7 @@ int assoc_array_gc(struct assoc_array *array, pr_devel("free=%d, leaves=%lu\n", nr_free, new_n->nr_leaves_on_branch); /* See what we can fold in */ + retained = false; next_slot = 0; for (slot = 0; slot < ASSOC_ARRAY_FAN_OUT; slot++) { struct assoc_array_shortcut *s; @@ -1602,9 +1605,14 @@ int assoc_array_gc(struct assoc_array *array, pr_devel("[%d] retain node %lu/%d [nx %d]\n", slot, child->nr_leaves_on_branch, nr_free + 1, next_slot); + retained = true; } } + if (retained && new_n->nr_leaves_on_branch <= ASSOC_ARRAY_FAN_OUT) { + pr_devel("internal nodes remain despite enough space, retrying\n"); + goto retry_compress; + } pr_devel("after: %lu\n", new_n->nr_leaves_on_branch); nr_leaves_on_tree = new_n->nr_leaves_on_branch;

3 years, 6 months

5
7
0 0

[PATCH] bpf: Fix KASAN use-after-free Read in compute_effective_progs

by Tadeusz Struk

Syzbot found a Use After Free bug in compute_effective_progs(). The reproducer creates a number of BPF links, and causes a fault injected alloc to fail, while calling bpf_link_detach on them. Link detach triggers the link to be freed by bpf_link_free(), which calls __cgroup_bpf_detach() and update_effective_progs(). If the memory allocation in this function fails, the function restores the pointer to the bpf_cgroup_link on the cgroup list, but the memory gets freed just after it returns. After this, every subsequent call to update_effective_progs() causes this already deallocated pointer to be dereferenced in prog_list_length(), and triggers KASAN UAF error. To fix this don't preserve the pointer to the link on the cgroup list in __cgroup_bpf_detach(), but proceed with the cleanup and retry calling update_effective_progs() again afterwards. Cc: "Alexei Starovoitov" <ast(a)kernel.org> Cc: "Daniel Borkmann" <daniel(a)iogearbox.net> Cc: "Andrii Nakryiko" <andrii(a)kernel.org> Cc: "Martin KaFai Lau" <kafai(a)fb.com> Cc: "Song Liu" <songliubraving(a)fb.com> Cc: "Yonghong Song" <yhs(a)fb.com> Cc: "John Fastabend" <john.fastabend(a)gmail.com> Cc: "KP Singh" <kpsingh(a)kernel.org> Cc: <netdev(a)vger.kernel.org> Cc: <bpf(a)vger.kernel.org> Cc: <stable(a)vger.kernel.org> Cc: <linux-kernel(a)vger.kernel.org> Link: https://syzkaller.appspot.com/bug?id=8ebf179a95c2a2670f7cf1ba62429ec044369d… Fixes: af6eea57437a ("bpf: Implement bpf_link-based cgroup BPF program attachment") Reported-by: <syzbot+f264bffdfbd5614f3bb2(a)syzkaller.appspotmail.com> Signed-off-by: Tadeusz Struk <tadeusz.struk(a)linaro.org> --- kernel/bpf/cgroup.c | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/kernel/bpf/cgroup.c b/kernel/bpf/cgroup.c index 128028efda64..b6307337a3c7 100644 --- a/kernel/bpf/cgroup.c +++ b/kernel/bpf/cgroup.c @@ -723,10 +723,11 @@ static int __cgroup_bpf_detach(struct cgroup *cgrp, struct bpf_prog *prog, pl->link = NULL; err = update_effective_progs(cgrp, atype); - if (err) - goto cleanup; - - /* now can actually delete it from this cgroup list */ + /* + * Proceed regardless of error. The link and/or prog will be freed + * just after this function returns so just delete it from this + * cgroup list and retry calling update_effective_progs again later. + */ list_del(&pl->node); kfree(pl); if (list_empty(progs)) @@ -735,12 +736,11 @@ static int __cgroup_bpf_detach(struct cgroup *cgrp, struct bpf_prog *prog, if (old_prog) bpf_prog_put(old_prog); static_branch_dec(&cgroup_bpf_enabled_key[atype]); - return 0; -cleanup: - /* restore back prog or link */ - pl->prog = old_prog; - pl->link = link; + /* In case of error call update_effective_progs again */ + if (err) + err = update_effective_progs(cgrp, atype); + return err; } @@ -881,6 +881,7 @@ static void bpf_cgroup_link_release(struct bpf_link *link) struct bpf_cgroup_link *cg_link = container_of(link, struct bpf_cgroup_link, link); struct cgroup *cg; + int err; /* link might have been auto-detached by dying cgroup already, * in that case our work is done here @@ -896,8 +897,10 @@ static void bpf_cgroup_link_release(struct bpf_link *link) return; } - WARN_ON(__cgroup_bpf_detach(cg_link->cgroup, NULL, cg_link, - cg_link->type)); + err = __cgroup_bpf_detach(cg_link->cgroup, NULL, cg_link, + cg_link->type); + if (err) + pr_warn("cgroup_bpf_detach() failed, err %d\n", err); cg = cg_link->cgroup; cg_link->cgroup = NULL; -- 2.35.1

3 years, 6 months

2
21
0 0

リクエスト

by Mr/ Mrs

あなたのEメールアドレスATMカード速達$6,500を案内する勝利の手紙を受け取りましたか？

3 years, 6 months

1
0
0 0

[PATCH 4.19 0/1] block-map: backport fix for CVE-2022-0494

by Dragos-Marian Panait

The following commit is needed to fix CVE-2022-0494: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… Haimin Zhang (1): block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern block/bio.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) base-commit: 06d93c33da2cc9c3ca79f5ba757e08306455d9d6 -- 2.36.1

3 years, 6 months

1
1
0 0

[PATCH 0/2] can: kvaser_usb: CAN clock frequency regression

by Jimmy Assarsson

When fixing the CAN clock frequency, fb12797ab1fe ("can: kvaser_usb: get CAN clock frequency from device"), I introduced a regression. For Leaf devices based on M32C, the firmware expects bittiming parameters calculated for 16MHz clock. Regardless of the actual clock frequency. This regression affects M32C based Leaf devices with non-16MHz clock. Also correct the bittiming constants in kvaser_usb_leaf.c, where the limits are different depending on which firmware/device being used. Once merged to mainline, I'll backport these fixes for the stable kernels. Jimmy Assarsson (2): can: kvaser_usb: kvaser_usb_leaf: Fix CAN clock frequency regression can: kvaser_usb: kvaser_usb_leaf: Fix bittiming limits drivers/net/can/usb/kvaser_usb/kvaser_usb.h | 17 ++++ .../net/can/usb/kvaser_usb/kvaser_usb_core.c | 20 +++- .../net/can/usb/kvaser_usb/kvaser_usb_hydra.c | 14 +-- .../net/can/usb/kvaser_usb/kvaser_usb_leaf.c | 95 +++++++++++-------- 4 files changed, 89 insertions(+), 57 deletions(-) -- 2.36.1

3 years, 6 months

2
6
0 0

[PATCH v2] xen/gntdev: Avoid blocking in unmap_grant_pages()

by Demi Marie Obenour

unmap_grant_pages() currently waits for the pages to no longer be used. In https://github.com/QubesOS/qubes-issues/issues/7481, this lead to a deadlock against i915: i915 was waiting for gntdev's MMU notifier to finish, while gntdev was waiting for i915 to free its pages. I also believe this is responsible for various deadlocks I have experienced in the past. Avoid these problems by making unmap_grant_pages async. This requires making it return void, as any errors will not be available when the function returns. Fortunately, the only use of the return value is a WARN_ON(), which can be replaced by a WARN_ON when the error is detected. Additionally, a failed call will not prevent further calls from being made, but this is harmless. Because unmap_grant_pages is now async, the grant handle will be sent to INVALID_GRANT_HANDLE too late to prevent multiple unmaps of the same handle. Instead, a separate bool array is allocated for this purpose. This wastes memory, but stuffing this information in padding bytes is too fragile. Furthermore, it is necessary to grab a reference to the map before making the asynchronous call, and release the reference when the call returns. Fixes: 745282256c75 ("xen/gntdev: safely unmap grants in case they are still in use") Cc: stable(a)vger.kernel.org Signed-off-by: Demi Marie Obenour <demi(a)invisiblethingslab.com> --- drivers/xen/gntdev-common.h | 5 ++ drivers/xen/gntdev.c | 100 +++++++++++++++++++----------------- 2 files changed, 59 insertions(+), 46 deletions(-) diff --git a/drivers/xen/gntdev-common.h b/drivers/xen/gntdev-common.h index 20d7d059dadb..a268cdb1f7bf 100644 --- a/drivers/xen/gntdev-common.h +++ b/drivers/xen/gntdev-common.h @@ -16,6 +16,7 @@ #include <linux/mmu_notifier.h> #include <linux/types.h> #include <xen/interface/event_channel.h> +#include <xen/grant_table.h> struct gntdev_dmabuf_priv; @@ -56,6 +57,7 @@ struct gntdev_grant_map { struct gnttab_unmap_grant_ref *unmap_ops; struct gnttab_map_grant_ref *kmap_ops; struct gnttab_unmap_grant_ref *kunmap_ops; + bool *being_removed; struct page **pages; unsigned long pages_vm_start; @@ -73,6 +75,9 @@ struct gntdev_grant_map { /* Needed to avoid allocation in gnttab_dma_free_pages(). */ xen_pfn_t *frames; #endif + + /* Needed to avoid allocation in __unmap_grant_pages */ + struct gntab_unmap_queue_data unmap_data; }; struct gntdev_grant_map *gntdev_alloc_map(struct gntdev_priv *priv, int count, diff --git a/drivers/xen/gntdev.c b/drivers/xen/gntdev.c index 59ffea800079..90bd2b5ef7dd 100644 --- a/drivers/xen/gntdev.c +++ b/drivers/xen/gntdev.c @@ -35,6 +35,7 @@ #include <linux/slab.h> #include <linux/highmem.h> #include <linux/refcount.h> +#include <linux/workqueue.h> #include <xen/xen.h> #include <xen/grant_table.h> @@ -62,8 +63,8 @@ MODULE_PARM_DESC(limit, static int use_ptemod; -static int unmap_grant_pages(struct gntdev_grant_map *map, - int offset, int pages); +static void unmap_grant_pages(struct gntdev_grant_map *map, + int offset, int pages); static struct miscdevice gntdev_miscdev; @@ -120,6 +121,7 @@ static void gntdev_free_map(struct gntdev_grant_map *map) kvfree(map->unmap_ops); kvfree(map->kmap_ops); kvfree(map->kunmap_ops); + kvfree(map->being_removed); kfree(map); } @@ -140,10 +142,13 @@ struct gntdev_grant_map *gntdev_alloc_map(struct gntdev_priv *priv, int count, add->unmap_ops = kvmalloc_array(count, sizeof(add->unmap_ops[0]), GFP_KERNEL); add->pages = kvcalloc(count, sizeof(add->pages[0]), GFP_KERNEL); + add->being_removed = + kvcalloc(count, sizeof(add->being_removed[0]), GFP_KERNEL); if (NULL == add->grants || NULL == add->map_ops || NULL == add->unmap_ops || - NULL == add->pages) + NULL == add->pages || + NULL == add->being_removed) goto err; if (use_ptemod) { add->kmap_ops = kvmalloc_array(count, sizeof(add->kmap_ops[0]), @@ -349,79 +354,84 @@ int gntdev_map_grant_pages(struct gntdev_grant_map *map) return err; } -static int __unmap_grant_pages(struct gntdev_grant_map *map, int offset, - int pages) +static void __unmap_grant_pages_done(int result, + struct gntab_unmap_queue_data *data) { - int i, err = 0; - struct gntab_unmap_queue_data unmap_data; - - if (map->notify.flags & UNMAP_NOTIFY_CLEAR_BYTE) { - int pgno = (map->notify.addr >> PAGE_SHIFT); - if (pgno >= offset && pgno < offset + pages) { - /* No need for kmap, pages are in lowmem */ - uint8_t *tmp = pfn_to_kaddr(page_to_pfn(map->pages[pgno])); - tmp[map->notify.addr & (PAGE_SIZE-1)] = 0; - map->notify.flags &= ~UNMAP_NOTIFY_CLEAR_BYTE; - } - } - - unmap_data.unmap_ops = map->unmap_ops + offset; - unmap_data.kunmap_ops = use_ptemod ? map->kunmap_ops + offset : NULL; - unmap_data.pages = map->pages + offset; - unmap_data.count = pages; - - err = gnttab_unmap_refs_sync(&unmap_data); - if (err) - return err; + unsigned int i; + struct gntdev_grant_map *map = data->data; + unsigned int offset = data->unmap_ops - map->unmap_ops; - for (i = 0; i < pages; i++) { - if (map->unmap_ops[offset+i].status) - err = -EINVAL; + for (i = 0; i < data->count; i++) { + WARN_ON(map->unmap_ops[offset+i].status); pr_debug("unmap handle=%d st=%d\n", map->unmap_ops[offset+i].handle, map->unmap_ops[offset+i].status); map->unmap_ops[offset+i].handle = INVALID_GRANT_HANDLE; if (use_ptemod) { - if (map->kunmap_ops[offset+i].status) - err = -EINVAL; + WARN_ON(map->kunmap_ops[offset+i].status); pr_debug("kunmap handle=%u st=%d\n", map->kunmap_ops[offset+i].handle, map->kunmap_ops[offset+i].status); map->kunmap_ops[offset+i].handle = INVALID_GRANT_HANDLE; } } - return err; + + /* Release reference taken by __unmap_grant_pages */ + gntdev_put_map(NULL, map); } -static int unmap_grant_pages(struct gntdev_grant_map *map, int offset, - int pages) +static void __unmap_grant_pages(struct gntdev_grant_map *map, int offset, + int pages) +{ + if (map->notify.flags & UNMAP_NOTIFY_CLEAR_BYTE) { + int pgno = (map->notify.addr >> PAGE_SHIFT); + + if (pgno >= offset && pgno < offset + pages) { + /* No need for kmap, pages are in lowmem */ + uint8_t *tmp = pfn_to_kaddr(page_to_pfn(map->pages[pgno])); + + tmp[map->notify.addr & (PAGE_SIZE-1)] = 0; + map->notify.flags &= ~UNMAP_NOTIFY_CLEAR_BYTE; + } + } + + map->unmap_data.unmap_ops = map->unmap_ops + offset; + map->unmap_data.kunmap_ops = use_ptemod ? map->kunmap_ops + offset : NULL; + map->unmap_data.pages = map->pages + offset; + map->unmap_data.count = pages; + map->unmap_data.done = __unmap_grant_pages_done; + map->unmap_data.data = map; + refcount_inc(&map->users); /* to keep map alive during async call below */ + + gnttab_unmap_refs_async(&map->unmap_data); +} + +static void unmap_grant_pages(struct gntdev_grant_map *map, int offset, + int pages) { - int range, err = 0; + int range; pr_debug("unmap %d+%d [%d+%d]\n", map->index, map->count, offset, pages); /* It is possible the requested range will have a "hole" where we * already unmapped some of the grants. Only unmap valid ranges. */ - while (pages && !err) { - while (pages && - map->unmap_ops[offset].handle == INVALID_GRANT_HANDLE) { + while (pages) { + while (pages && map->being_removed[offset]) { offset++; pages--; } range = 0; while (range < pages) { - if (map->unmap_ops[offset + range].handle == - INVALID_GRANT_HANDLE) + if (map->being_removed[offset + range]) break; + map->being_removed[offset + range] = true; range++; } - err = __unmap_grant_pages(map, offset, range); + __unmap_grant_pages(map, offset, range); offset += range; pages -= range; } - - return err; } /* ------------------------------------------------------------------ */ @@ -473,7 +483,6 @@ static bool gntdev_invalidate(struct mmu_interval_notifier *mn, struct gntdev_grant_map *map = container_of(mn, struct gntdev_grant_map, notifier); unsigned long mstart, mend; - int err; if (!mmu_notifier_range_blockable(range)) return false; @@ -494,10 +503,9 @@ static bool gntdev_invalidate(struct mmu_interval_notifier *mn, map->index, map->count, map->vma->vm_start, map->vma->vm_end, range->start, range->end, mstart, mend); - err = unmap_grant_pages(map, + unmap_grant_pages(map, (mstart - map->vma->vm_start) >> PAGE_SHIFT, (mend - mstart) >> PAGE_SHIFT); - WARN_ON(err); return true; } -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab

3 years, 6 months

2
3
0 0

[PATCH v3] HID: uclogic: properly format kernel-doc comment for hid_dbg() wrappers

by Bagas Sanjaya

Running kernel-doc script on drivers/hid/hid-uclogic-params.c, it found 6 warnings for hid_dbg() wrapper functions below: drivers/hid/hid-uclogic-params.c:48: warning: This comment starts with '/**', but isn't a kernel-doc comment. Refer Documentation/doc-guide/kernel-doc.rst * Dump tablet interface pen parameters with hid_dbg(), indented with one tab. drivers/hid/hid-uclogic-params.c:48: warning: missing initial short description on line: * Dump tablet interface pen parameters with hid_dbg(), indented with one tab. drivers/hid/hid-uclogic-params.c:48: info: Scanning doc for function Dump drivers/hid/hid-uclogic-params.c:80: warning: This comment starts with '/**', but isn't a kernel-doc comment. Refer Documentation/doc-guide/kernel-doc.rst * Dump tablet interface frame parameters with hid_dbg(), indented with two drivers/hid/hid-uclogic-params.c:80: warning: missing initial short description on line: * Dump tablet interface frame parameters with hid_dbg(), indented with two drivers/hid/hid-uclogic-params.c:80: info: Scanning doc for function Dump drivers/hid/hid-uclogic-params.c:105: warning: This comment starts with '/**', but isn't a kernel-doc comment. Refer Documentation/doc-guide/kernel-doc.rst * Dump tablet interface parameters with hid_dbg(). drivers/hid/hid-uclogic-params.c:105: warning: missing initial short description on line: * Dump tablet interface parameters with hid_dbg(). One of them is reported by kernel test robot. Fix these warnings by properly format kernel-doc comment for these functions. Link: https://lore.kernel.org/linux-doc/202205272033.XFYlYj8k-lkp@intel.com/ Fixes: a228809fa6f39c ("HID: uclogic: Move param printing to a function") Reported-by: kernel test robot <lkp(a)intel.com> Tested-by: Randy Dunlap <rdunlap(a)infradead.org> Tested-by: José Expósito <jose.exposito89(a)gmail.com> Acked-by: Randy Dunlap <rdunlap(a)infradead.org> Cc: Nikolai Kondrashov <spbnick(a)gmail.com> Cc: Jiri Kosina <jikos(a)kernel.org> Cc: Benjamin Tissoires <benjamin.tissoires(a)redhat.com> Cc: llvm(a)lists.linux.dev Cc: stable(a)vger.kernel.org # v5.18 Cc: linux-input(a)vger.kernel.org Cc: linux-kernel(a)vger.kernel.org Signed-off-by: Bagas Sanjaya <bagasdotme(a)gmail.com> --- Changes since v2 [1]: - Format NULL as kernel-doc constant (suggested by Randy Dunlap) - Collect review tags: - Tested-by and Acked-by from Randy Dunlap - Tested-by from José Expósito [1]: https://lore.kernel.org/linux-doc/20220531092817.13894-1-bagasdotme@gmail.c… drivers/hid/hid-uclogic-params.c | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/drivers/hid/hid-uclogic-params.c b/drivers/hid/hid-uclogic-params.c index db838f16282d64..e5e65d849faa97 100644 --- a/drivers/hid/hid-uclogic-params.c +++ b/drivers/hid/hid-uclogic-params.c @@ -23,11 +23,11 @@ /** * uclogic_params_pen_inrange_to_str() - Convert a pen in-range reporting type * to a string. - * * @inrange: The in-range reporting type to convert. * - * Returns: - * The string representing the type, or NULL if the type is unknown. + * Return: + * * The string representing the type, or + * * %NULL if the type is unknown. */ static const char *uclogic_params_pen_inrange_to_str( enum uclogic_params_pen_inrange inrange) @@ -45,10 +45,12 @@ static const char *uclogic_params_pen_inrange_to_str( } /** - * Dump tablet interface pen parameters with hid_dbg(), indented with one tab. - * + * uclogic_params_pen_hid_dbg() - Dump tablet interface pen parameters * @hdev: The HID device the pen parameters describe. * @pen: The pen parameters to dump. + * + * Dump tablet interface pen parameters with hid_dbg(). The dump is indented + * with a tab. */ static void uclogic_params_pen_hid_dbg(const struct hid_device *hdev, const struct uclogic_params_pen *pen) @@ -77,11 +79,12 @@ static void uclogic_params_pen_hid_dbg(const struct hid_device *hdev, } /** - * Dump tablet interface frame parameters with hid_dbg(), indented with two - * tabs. - * + * uclogic_params_frame_hid_dbg() - Dump tablet interface frame parameters * @hdev: The HID device the pen parameters describe. * @frame: The frame parameters to dump. + * + * Dump tablet interface frame parameters with hid_dbg(). The dump is + * indented with two tabs. */ static void uclogic_params_frame_hid_dbg( const struct hid_device *hdev, @@ -102,10 +105,11 @@ static void uclogic_params_frame_hid_dbg( } /** - * Dump tablet interface parameters with hid_dbg(). - * + * uclogic_params_hid_dbg() - Dump tablet interface parameters * @hdev: The HID device the parameters describe. * @params: The parameters to dump. + * + * Dump tablet interface parameters with hid_dbg(). */ void uclogic_params_hid_dbg(const struct hid_device *hdev, const struct uclogic_params *params) base-commit: d1dc87763f406d4e67caf16dbe438a5647692395 -- An old man doll... just what I always wanted! - Clara

3 years, 6 months

2
2
0 0

Guten Tag

by Francis Crespo

Guten Tag, Ich möchte Sie persönlich kontaktieren; Ich weiß, Sie werden überrascht sein, meine E-Mail zu lesen. Bitte seien Sie nicht skeptisch, wenn Sie mir antworten. Mein Name ist Rechtsanwalt Francis Perez Crespo. Es tut mir leid, Ihren Tag zu unterbrechen, mit gebührendem Respekt, Vertrauen und Demut. Ich schreibe Ihnen diese E-Mail, von der ich glaube, dass sie für Sie von großem Interesse wäre, und um zu sehen, ob Ihre E-Mail funktioniert. Ich habe etwas absolut Wichtiges mit Ihnen zu besprechen. Für weitere Einzelheiten senden Sie mir bitte eine E-Mail mit folgenden Angaben. Vollständiger Name: Heimatadresse: Telefonnummer: Handynummer: Geburtsdatum: Beruf: Mit freundlichen Grüßen. Francis Pérez Crespo RECHTSANWALT

3 years, 6 months

1
0
0 0

[PATCH v2] HID: uclogic: properly format kernel-doc comment for hid_dbg() wrappers

by Bagas Sanjaya

Running kernel-doc script on drivers/hid/hid-uclogic-params.c, it found 6 warnings for hid_dbg() wrapper functions below: drivers/hid/hid-uclogic-params.c:48: warning: This comment starts with '/**', but isn't a kernel-doc comment. Refer Documentation/doc-guide/kernel-doc.rst * Dump tablet interface pen parameters with hid_dbg(), indented with one tab. drivers/hid/hid-uclogic-params.c:48: warning: missing initial short description on line: * Dump tablet interface pen parameters with hid_dbg(), indented with one tab. drivers/hid/hid-uclogic-params.c:48: info: Scanning doc for function Dump drivers/hid/hid-uclogic-params.c:80: warning: This comment starts with '/**', but isn't a kernel-doc comment. Refer Documentation/doc-guide/kernel-doc.rst * Dump tablet interface frame parameters with hid_dbg(), indented with two drivers/hid/hid-uclogic-params.c:80: warning: missing initial short description on line: * Dump tablet interface frame parameters with hid_dbg(), indented with two drivers/hid/hid-uclogic-params.c:80: info: Scanning doc for function Dump drivers/hid/hid-uclogic-params.c:105: warning: This comment starts with '/**', but isn't a kernel-doc comment. Refer Documentation/doc-guide/kernel-doc.rst * Dump tablet interface parameters with hid_dbg(). drivers/hid/hid-uclogic-params.c:105: warning: missing initial short description on line: * Dump tablet interface parameters with hid_dbg(). One of them is reported by kernel test robot. Fix these warnings by properly format kernel-doc comment for these functions. Link: https://lore.kernel.org/linux-doc/202205272033.XFYlYj8k-lkp@intel.com/ Fixes: a228809fa6f39c ("HID: uclogic: Move param printing to a function") Reported-by: kernel test robot <lkp(a)intel.com> Cc: Nikolai Kondrashov <spbnick(a)gmail.com> Cc: Jiri Kosina <jikos(a)kernel.org> Cc: Benjamin Tissoires <benjamin.tissoires(a)redhat.com> Cc: "José Expósito" <jose.exposito89(a)gmail.com> Cc: llvm(a)lists.linux.dev Cc: stable(a)vger.kernel.org # v5.18 Cc: linux-input(a)vger.kernel.org Cc: linux-kernel(a)vger.kernel.org Signed-off-by: Bagas Sanjaya <bagasdotme(a)gmail.com> --- Changes since v1 [1]: - Approach the warning by fixing kernel-doc comments formatting (suggested by Jonathan Corbet) [1]: https://lore.kernel.org/linux-doc/20220528091403.160169-1-bagasdotme@gmail.… drivers/hid/hid-uclogic-params.c | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/drivers/hid/hid-uclogic-params.c b/drivers/hid/hid-uclogic-params.c index db838f16282d64..647bbd3e000e2f 100644 --- a/drivers/hid/hid-uclogic-params.c +++ b/drivers/hid/hid-uclogic-params.c @@ -23,11 +23,11 @@ /** * uclogic_params_pen_inrange_to_str() - Convert a pen in-range reporting type * to a string. - * * @inrange: The in-range reporting type to convert. * - * Returns: - * The string representing the type, or NULL if the type is unknown. + * Return: + * * The string representing the type, or + * * NULL if the type is unknown. */ static const char *uclogic_params_pen_inrange_to_str( enum uclogic_params_pen_inrange inrange) @@ -45,10 +45,12 @@ static const char *uclogic_params_pen_inrange_to_str( } /** - * Dump tablet interface pen parameters with hid_dbg(), indented with one tab. - * + * uclogic_params_pen_hid_dbg() - Dump tablet interface pen parameters * @hdev: The HID device the pen parameters describe. * @pen: The pen parameters to dump. + * + * Dump tablet interface pen parameters with hid_dbg(). The dump is indented + * with a tab. */ static void uclogic_params_pen_hid_dbg(const struct hid_device *hdev, const struct uclogic_params_pen *pen) @@ -77,11 +79,12 @@ static void uclogic_params_pen_hid_dbg(const struct hid_device *hdev, } /** - * Dump tablet interface frame parameters with hid_dbg(), indented with two - * tabs. - * + * uclogic_params_frame_hid_dbg() - Dump tablet interface frame parameters * @hdev: The HID device the pen parameters describe. * @frame: The frame parameters to dump. + * + * Dump tablet interface frame parameters with hid_dbg(). The dump is + * indented with two tabs. */ static void uclogic_params_frame_hid_dbg( const struct hid_device *hdev, @@ -102,10 +105,11 @@ static void uclogic_params_frame_hid_dbg( } /** - * Dump tablet interface parameters with hid_dbg(). - * + * uclogic_params_hid_dbg() - Dump tablet interface parameters * @hdev: The HID device the parameters describe. * @params: The parameters to dump. + * + * Dump tablet interface parameters with hid_dbg(). */ void uclogic_params_hid_dbg(const struct hid_device *hdev, const struct uclogic_params *params) base-commit: 8ab2afa23bd197df47819a87f0265c0ac95c5b6a -- An old man doll... just what I always wanted! - Clara

3 years, 6 months

3
5
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror June 2022