October 2023 - Linux-stable-mirror

FAILED: patch "[PATCH] tracing/kprobes: Return EADDRNOTAVAIL when func matches" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x b022f0c7e404887a7c5229788fc99eff9f9a80d5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023102137-mobster-sheath-bfb3@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b022f0c7e404887a7c5229788fc99eff9f9a80d5 Mon Sep 17 00:00:00 2001 From: Francis Laniel <flaniel(a)linux.microsoft.com> Date: Fri, 20 Oct 2023 13:42:49 +0300 Subject: [PATCH] tracing/kprobes: Return EADDRNOTAVAIL when func matches several symbols When a kprobe is attached to a function that's name is not unique (is static and shares the name with other functions in the kernel), the kprobe is attached to the first function it finds. This is a bug as the function that it is attaching to is not necessarily the one that the user wants to attach to. Instead of blindly picking a function to attach to what is ambiguous, error with EADDRNOTAVAIL to let the user know that this function is not unique, and that the user must use another unique function with an address offset to get to the function they want to attach to. Link: https://lore.kernel.org/all/20231020104250.9537-2-flaniel@linux.microsoft.c… Cc: stable(a)vger.kernel.org Fixes: 413d37d1eb69 ("tracing: Add kprobe-based event tracer") Suggested-by: Masami Hiramatsu <mhiramat(a)kernel.org> Signed-off-by: Francis Laniel <flaniel(a)linux.microsoft.com> Link: https://lore.kernel.org/lkml/20230819101105.b0c104ae4494a7d1f2eea742@kernel… Acked-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> Signed-off-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> diff --git a/kernel/trace/trace_kprobe.c b/kernel/trace/trace_kprobe.c index 3d7a180a8427..a8fef6ab0872 100644 --- a/kernel/trace/trace_kprobe.c +++ b/kernel/trace/trace_kprobe.c @@ -705,6 +705,25 @@ static struct notifier_block trace_kprobe_module_nb = { .priority = 1 /* Invoked after kprobe module callback */ }; +static int count_symbols(void *data, unsigned long unused) +{ + unsigned int *count = data; + + (*count)++; + + return 0; +} + +static unsigned int number_of_same_symbols(char *func_name) +{ + unsigned int count; + + count = 0; + kallsyms_on_each_match_symbol(count_symbols, func_name, &count); + + return count; +} + static int __trace_kprobe_create(int argc, const char *argv[]) { /* @@ -836,6 +855,31 @@ static int __trace_kprobe_create(int argc, const char *argv[]) } } + if (symbol && !strchr(symbol, ':')) { + unsigned int count; + + count = number_of_same_symbols(symbol); + if (count > 1) { + /* + * Users should use ADDR to remove the ambiguity of + * using KSYM only. + */ + trace_probe_log_err(0, NON_UNIQ_SYMBOL); + ret = -EADDRNOTAVAIL; + + goto error; + } else if (count == 0) { + /* + * We can return ENOENT earlier than when register the + * kprobe. + */ + trace_probe_log_err(0, BAD_PROBE_ADDR); + ret = -ENOENT; + + goto error; + } + } + trace_probe_log_set_index(0); if (event) { ret = traceprobe_parse_event_name(&event, &group, gbuf, @@ -1695,6 +1739,7 @@ static int unregister_kprobe_event(struct trace_kprobe *tk) } #ifdef CONFIG_PERF_EVENTS + /* create a trace_kprobe, but don't add it to global lists */ struct trace_event_call * create_local_trace_kprobe(char *func, void *addr, unsigned long offs, @@ -1705,6 +1750,24 @@ create_local_trace_kprobe(char *func, void *addr, unsigned long offs, int ret; char *event; + if (func) { + unsigned int count; + + count = number_of_same_symbols(func); + if (count > 1) + /* + * Users should use addr to remove the ambiguity of + * using func only. + */ + return ERR_PTR(-EADDRNOTAVAIL); + else if (count == 0) + /* + * We can return ENOENT earlier than when register the + * kprobe. + */ + return ERR_PTR(-ENOENT); + } + /* * local trace_kprobes are not added to dyn_event, so they are never * searched in find_trace_kprobe(). Therefore, there is no concern of diff --git a/kernel/trace/trace_probe.h b/kernel/trace/trace_probe.h index 02b432ae7513..850d9ecb6765 100644 --- a/kernel/trace/trace_probe.h +++ b/kernel/trace/trace_probe.h @@ -450,6 +450,7 @@ extern int traceprobe_define_arg_fields(struct trace_event_call *event_call, C(BAD_MAXACT, "Invalid maxactive number"), \ C(MAXACT_TOO_BIG, "Maxactive is too big"), \ C(BAD_PROBE_ADDR, "Invalid probed address or symbol"), \ + C(NON_UNIQ_SYMBOL, "The symbol is not unique"), \ C(BAD_RETPROBE, "Retprobe address must be an function entry"), \ C(NO_TRACEPOINT, "Tracepoint is not found"), \ C(BAD_ADDR_SUFFIX, "Invalid probed address suffix"), \

1 year, 1 month

3
5
0 0

[PATCH v1 2/2] ARM: dts: imx6q-apalis: add can power-up delay on ixora board

by Andrejs Cainikovs

From: Andrejs Cainikovs <andrejs.cainikovs(a)toradex.com> Newer variants of Ixora boards require a power-up delay when powering up the CAN transceiver of up to 1ms. Cc: stable(a)vger.kernel.org Signed-off-by: Andrejs Cainikovs <andrejs.cainikovs(a)toradex.com> --- arch/arm/boot/dts/nxp/imx/imx6q-apalis-ixora-v1.2.dts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/arm/boot/dts/nxp/imx/imx6q-apalis-ixora-v1.2.dts b/arch/arm/boot/dts/nxp/imx/imx6q-apalis-ixora-v1.2.dts index 717decda0ceb..3ac7a4501620 100644 --- a/arch/arm/boot/dts/nxp/imx/imx6q-apalis-ixora-v1.2.dts +++ b/arch/arm/boot/dts/nxp/imx/imx6q-apalis-ixora-v1.2.dts @@ -76,6 +76,7 @@ reg_can1_supply: regulator-can1-supply { pinctrl-names = "default"; pinctrl-0 = <&pinctrl_enable_can1_power>; regulator-name = "can1_supply"; + startup-delay-us = <1000>; }; reg_can2_supply: regulator-can2-supply { @@ -85,6 +86,7 @@ reg_can2_supply: regulator-can2-supply { pinctrl-names = "default"; pinctrl-0 = <&pinctrl_enable_can2_power>; regulator-name = "can2_supply"; + startup-delay-us = <1000>; }; }; -- 2.34.1

1 year, 1 month

3
2
0 0

Fwd: dwc3: regression in USB DWC3 driver in kernel 5.15 branch

by Bagas Sanjaya

Hi, I notice a stable-specific regression on Bugzilla [1]. Quoting from it: > The backport commit to 5.15 branch: > 9d4f84a15f9c9727bc07f59d9dafc89e65aadb34 "arm64: dts: imx8mp: Add snps,gfladj-refclk-lpm-sel quirk to USB nodes" (from upstream commit 5c3d5ecf48ab06c709c012bf1e8f0c91e1fcd7ad) > switched from "snps,dis-u2-freeclk-exists-quirk" to "snps,gfladj-refclk-lpm-sel-quirk". > > The problem is that the gfladj-refclk-lpm-sel-quirk quirk is not implemented / backported to 5.15 branch. > > This commit should be either reverted, or the commit introducing gfladj-refclk-lpm-sel-quirk needs to be merged to 5.15 kernel branch. > > As a result of this patch, on Gateworks Venice GW7400 revB board the USB 3.x devices which are connected to the USB Type C port does not enumerate and the following errors are generated: > > [ 14.906302] xhci-hcd xhci-hcd.0.auto: Timeout while waiting for setup device command > [ 15.122383] usb 2-1: device not accepting address 2, error -62 > [ 25.282195] xhci-hcd xhci-hcd.0.auto: Abort failed to stop command ring: -110 > [ 25.297408] xhci-hcd xhci-hcd.0.auto: xHCI host controller not responding, assume dead > [ 25.305345] xhci-hcd xhci-hcd.0.auto: HC died; cleaning up > [ 25.311058] xhci-hcd xhci-hcd.0.auto: Timeout while waiting for stop endpoint command > [ 25.334361] usb usb2-port1: couldn't allocate usb_device > > When the commit is reverted the USB 3.x drives works fine. See Bugzilla for the full thread and attach dmesgs. Anyway, I'm adding it to regzbot: #regzbot introduced: 9d4f84a15f9c97 https://bugzilla.kernel.org/show_bug.cgi?id=217670 #regzbot title: regression in USB DWC3 driver due to missing gfladj-refclk-lpm-sel-quirk quirk Thanks. [1]: https://bugzilla.kernel.org/show_bug.cgi?id=217670 -- An old man doll... just what I always wanted! - Clara

1 year, 2 months

4
4
0 0

[RFC PATCH 0/2] soundwire: introduce controller ID

by Pierre-Louis Bossart

This patchset is an alternate proposal to the solution suggested in [1], which breaks Intel machine drivers. The only difference is to use a known controller ID instead of an IDA, which wouldn't work with the hard-coded device name. This patchset was tested on Intel and AMD platforms, testing on Qualcomm platforms is required - hence the RFC status. [1] https://lore.kernel.org/alsa-devel/20231004130243.493617-1-krzysztof.kozlow… Krzysztof Kozlowski (1): soundwire: fix initializing sysfs for same devices on different buses Pierre-Louis Bossart (1): soundwire: bus: introduce controller_id drivers/soundwire/amd_manager.c | 8 ++++++++ drivers/soundwire/bus.c | 4 ++++ drivers/soundwire/debugfs.c | 2 +- drivers/soundwire/intel_auxdevice.c | 3 +++ drivers/soundwire/master.c | 2 +- drivers/soundwire/qcom.c | 3 +++ drivers/soundwire/slave.c | 12 ++++++------ include/linux/soundwire/sdw.h | 4 +++- sound/soc/intel/boards/sof_sdw.c | 4 ++-- 9 files changed, 31 insertions(+), 11 deletions(-) -- 2.39.2

1 year, 2 months

6
9
0 0

[PATCH v4] aacraid: reply queue mapping to CPUs based of IRQ affinity

by Sagar Biradar

Fix the IO hang that arises because of MSIx vector not having a mapped online CPU upon receiving completion. The SCSI cmds take the blk_mq route, which is setup during the init. The reserved cmds fetch the vector_no from mq_map after the init is complete and before the init, they use 0 - as per the norm. Reviewed-by: Gilbert Wu <gilbert.wu(a)microchip.com> Signed-off-by: Sagar Biradar <Sagar.Biradar(a)microchip.com> --- drivers/scsi/aacraid/aacraid.h | 1 + drivers/scsi/aacraid/comminit.c | 1 - drivers/scsi/aacraid/commsup.c | 6 +++++- drivers/scsi/aacraid/linit.c | 14 ++++++++++++++ drivers/scsi/aacraid/src.c | 25 +++++++++++++++++++++++-- 5 files changed, 43 insertions(+), 4 deletions(-) diff --git a/drivers/scsi/aacraid/aacraid.h b/drivers/scsi/aacraid/aacraid.h index 5e115e8b2ba4..7c6efde75da6 100644 --- a/drivers/scsi/aacraid/aacraid.h +++ b/drivers/scsi/aacraid/aacraid.h @@ -1678,6 +1678,7 @@ struct aac_dev u32 handle_pci_error; bool init_reset; u8 soft_reset_support; + u8 use_map_queue; }; #define aac_adapter_interrupt(dev) \ diff --git a/drivers/scsi/aacraid/comminit.c b/drivers/scsi/aacraid/comminit.c index bd99c5492b7d..a5483e7e283a 100644 --- a/drivers/scsi/aacraid/comminit.c +++ b/drivers/scsi/aacraid/comminit.c @@ -657,4 +657,3 @@ struct aac_dev *aac_init_adapter(struct aac_dev *dev) return dev; } - diff --git a/drivers/scsi/aacraid/commsup.c b/drivers/scsi/aacraid/commsup.c index deb32c9f4b3e..3f062e4013ab 100644 --- a/drivers/scsi/aacraid/commsup.c +++ b/drivers/scsi/aacraid/commsup.c @@ -223,8 +223,12 @@ int aac_fib_setup(struct aac_dev * dev) struct fib *aac_fib_alloc_tag(struct aac_dev *dev, struct scsi_cmnd *scmd) { struct fib *fibptr; + u32 blk_tag; + int i; - fibptr = &dev->fibs[scsi_cmd_to_rq(scmd)->tag]; + blk_tag = blk_mq_unique_tag(scsi_cmd_to_rq(scmd)); + i = blk_mq_unique_tag_to_tag(blk_tag); + fibptr = &dev->fibs[i]; /* * Null out fields that depend on being zero at the start of * each I/O diff --git a/drivers/scsi/aacraid/linit.c b/drivers/scsi/aacraid/linit.c index 5ba5c18b77b4..9caf8c314ce1 100644 --- a/drivers/scsi/aacraid/linit.c +++ b/drivers/scsi/aacraid/linit.c @@ -19,6 +19,7 @@ #include <linux/compat.h> #include <linux/blkdev.h> +#include <linux/blk-mq-pci.h> #include <linux/completion.h> #include <linux/init.h> #include <linux/interrupt.h> @@ -505,6 +506,15 @@ static int aac_slave_configure(struct scsi_device *sdev) return 0; } +static void aac_map_queues(struct Scsi_Host *shost) +{ + struct aac_dev *aac = (struct aac_dev *)shost->hostdata; + + blk_mq_pci_map_queues(&shost->tag_set.map[HCTX_TYPE_DEFAULT], + aac->pdev, 0); + aac->use_map_queue = true; +} + /** * aac_change_queue_depth - alter queue depths * @sdev: SCSI device we are considering @@ -1489,6 +1499,7 @@ static struct scsi_host_template aac_driver_template = { .bios_param = aac_biosparm, .shost_groups = aac_host_groups, .slave_configure = aac_slave_configure, + .map_queues = aac_map_queues, .change_queue_depth = aac_change_queue_depth, .sdev_groups = aac_dev_groups, .eh_abort_handler = aac_eh_abort, @@ -1776,6 +1787,8 @@ static int aac_probe_one(struct pci_dev *pdev, const struct pci_device_id *id) shost->max_lun = AAC_MAX_LUN; pci_set_drvdata(pdev, shost); + shost->nr_hw_queues = aac->max_msix; + shost->host_tagset = 1; error = scsi_add_host(shost, &pdev->dev); if (error) @@ -1908,6 +1921,7 @@ static void aac_remove_one(struct pci_dev *pdev) struct aac_dev *aac = (struct aac_dev *)shost->hostdata; aac_cancel_rescan_worker(aac); + aac->use_map_queue = false; scsi_remove_host(shost); __aac_shutdown(aac); diff --git a/drivers/scsi/aacraid/src.c b/drivers/scsi/aacraid/src.c index 11ef58204e96..61949f374188 100644 --- a/drivers/scsi/aacraid/src.c +++ b/drivers/scsi/aacraid/src.c @@ -493,6 +493,10 @@ static int aac_src_deliver_message(struct fib *fib) #endif u16 vector_no; + struct scsi_cmnd *scmd; + u32 blk_tag; + struct Scsi_Host *shost = dev->scsi_host_ptr; + struct blk_mq_queue_map *qmap; atomic_inc(&q->numpending); @@ -505,8 +509,25 @@ static int aac_src_deliver_message(struct fib *fib) if ((dev->comm_interface == AAC_COMM_MESSAGE_TYPE3) && dev->sa_firmware) vector_no = aac_get_vector(dev); - else - vector_no = fib->vector_no; + else { + if (!fib->vector_no || !fib->callback_data) { + if (shost && dev->use_map_queue) { + qmap = &shost->tag_set.map[HCTX_TYPE_DEFAULT]; + vector_no = qmap->mq_map[raw_smp_processor_id()]; + } + /* + * We hardcode the vector_no for + * reserved commands as a valid shost is + * absent during the init + */ + else + vector_no = 0; + } else { + scmd = (struct scsi_cmnd *)fib->callback_data; + blk_tag = blk_mq_unique_tag(scsi_cmd_to_rq(scmd)); + vector_no = blk_mq_unique_tag_to_hwq(blk_tag); + } + } if (native_hba) { if (fib->flags & FIB_CONTEXT_FLAG_NATIVE_HBA_TMF) { -- 2.29.0

1 year, 2 months

7
6
0 0

[PATCH] drm/msm/dpu: Add missing safe_lut_tbl in sc8280xp catalog

by Bjorn Andersson

During USB transfers on the SC8280XP __arm_smmu_tlb_sync() is seen to typically take 1-2ms to complete. As expected this results in poor performance, something that has been mitigated by proposing running the iommu in non-strict mode (boot with iommu.strict=0). This turns out to be related to the SAFE logic, and programming the QOS SAFE values in the DPU (per suggestion from Rob and Doug) reduces the TLB sync time to below 10us, which means significant less time spent with interrupts disabled and a significant boost in throughput. Fixes: 4a352c2fc15a ("drm/msm/dpu: Introduce SC8280XP") Cc: stable(a)vger.kernel.org Suggested-by: Doug Anderson <dianders(a)chromium.org> Suggested-by: Rob Clark <robdclark(a)chromium.org> Signed-off-by: Bjorn Andersson <quic_bjorande(a)quicinc.com> --- drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_8_0_sc8280xp.h | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_8_0_sc8280xp.h b/drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_8_0_sc8280xp.h index 1ccd1edd693c..4c0528794e7a 100644 --- a/drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_8_0_sc8280xp.h +++ b/drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_8_0_sc8280xp.h @@ -406,6 +406,7 @@ static const struct dpu_perf_cfg sc8280xp_perf_data = { .min_llcc_ib = 0, .min_dram_ib = 800000, .danger_lut_tbl = {0xf, 0xffff, 0x0}, + .safe_lut_tbl = {0xfe00, 0xfe00, 0xffff}, .qos_lut_tbl = { {.nentry = ARRAY_SIZE(sc8180x_qos_linear), .entries = sc8180x_qos_linear --- base-commit: c503e3eec382ac708ee7adf874add37b77c5d312 change-id: 20231030-sc8280xp-dpu-safe-lut-9769027b8452 Best regards, -- Bjorn Andersson <quic_bjorande(a)quicinc.com>

1 year, 2 months

6
7
0 0

[PATCH] MIPS: process: Remove lazy context flags for new kernel thread

by Jiaxun Yang

We received a report from debian infra team, says their build machine crashes regularly with: [ 4066.698500] do_cpu invoked from kernel context![#1]: [ 4066.703455] CPU: 1 PID: 76608 Comm: iou-sqp-76326 Not tainted 5.10.0-21-loongson-3 #1 Debian 5.10.162-1 [ 4066.712793] Hardware name: Loongson Lemote-3A4000-7A-1w-V1.00-A1901/Lemote-3A4000-7A-1w-V1.00-A1901, BIOS Loongson-PMON-V3.3-20201222 12/22/2020 [ 4066.725672] $ 0 : 0000000000000000 ffffffff80bf2e48 0000000000000001 9800000200804000 [ 4066.733642] $ 4 : 9800000105115280 ffffffff80db4728 0000000000000008 0000020080000200 [ 4066.741607] $ 8 : 0000000000000001 0000000000000001 0000000000000000 0000000002e85400 [ 4066.749571] $12 : 000000005400cce0 ffffffff80199c00 000000000000036f 000000000000036f [ 4066.757536] $16 : 980000010025c080 ffffffff80ec4740 0000000000000000 980000000234b8c0 [ 4066.765501] $20 : ffffffff80ec5ce0 9800000105115280 98000001051158a0 0000000000000000 [ 4066.773466] $24 : 0000000000000028 9800000200807e58 [ 4066.781431] $28 : 9800000200804000 9800000200807d40 980000000234b8c0 ffffffff80bf3074 [ 4066.789395] Hi : 00000000000002fb [ 4066.792943] Lo : 00000000428f6816 [ 4066.796500] epc : ffffffff802177c0 _save_fp+0x10/0xa0 [ 4066.801695] ra : ffffffff80bf3074 __schedule+0x804/0xe08 [ 4066.807230] Status: 5400cce2 KX SX UX KERNEL EXL [ 4066.811917] Cause : 1000002c (ExcCode 0b) [ 4066.815899] PrId : 0014c004 (ICT Loongson-3) [ 4066.820228] Modules linked in: asix usbnet mii sg ip6t_REJECT nf_reject_ipv6 ip6table_filter ip6_tables nfnetlink_log nfnetlink xt_hashlimit ipt_REJECT nf_reject_ipv4 xt_NFLOG xt_multiport xt_tcpudp xt_state xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 libcrc32c iptable_filter sch_fq tcp_bbr fuse drm drm_panel_orientation_quirks configfs ip_tables x_tables autofs4 ext4 crc16 mbcache jbd2 crc32c_generic ohci_pci dm_mod r8169 realtek mdio_devres ohci_hcd ehci_pci of_mdio xhci_pci fixed_phy xhci_hcd ehci_hcd libphy usbcore usb_common [ 4066.868085] Process iou-sqp-76326 (pid: 76608, threadinfo=0000000056dd346c, task=000000001209ac62, tls=000000fff18298e0) [ 4066.878897] Stack : ffffffff80ec0000 0000000000000000 ffffffff80ec0000 980000010db34100 [ 4066.886867] 9800000100000004 d253a55201683fdc 9800000105115280 0000000000000000 [ 4066.894832] 0000000000000000 0000000000000001 980000010db340e8 0000000000000001 [ 4066.902796] 0000000000000004 0000000000000000 980000010db33d28 ffffffff80bf36d0 [ 4066.910761] 980000010db340e8 980000010db34100 980000010db340c8 ffffffff8070d740 [ 4066.918726] 980000010946cc80 9800000104b56c80 980000010db340c0 0000000000000000 [ 4066.926690] ffffffff80ec0000 980000010db340c8 980000010025c080 ffffffff80ec5ce0 [ 4066.934654] 0000000000000000 9800000105115280 ffffffff802c59b8 980000010db34108 [ 4066.942619] 980000010db34108 2d7071732d756f69 ffff003632333637 d253a55201683fdc [ 4066.950585] ffffffff8070d1c8 980000010db340c0 98000001092276c8 000000007400cce0 [ 4066.958552] ... [ 4066.960981] Call Trace: [ 4066.963414] [<ffffffff802177c0>] _save_fp+0x10/0xa0 [ 4066.968270] [<ffffffff80bf3074>] __schedule+0x804/0xe08 [ 4066.973462] [<ffffffff80bf36d0>] schedule+0x58/0x150 [ 4066.978397] [<ffffffff8070d740>] io_sq_thread+0x578/0x5a0 [ 4066.983764] [<ffffffff8020518c>] ret_from_kernel_thread+0x14/0x1c [ 4066.989823] [ 4066.991297] Code: 000c6940 05a10011 00000000 <f4810af0> f4830b10 f4850b30 f4870b50 f4890b70 f48b0b90 It seems like kernel is trying to save a FP context for a kthread. Since we don't use FPU in kernel for now, TIF_USEDFPU must be set accidentally for that kthread. Inspecting the code it seems like create_io_thread may be invoked from threads that have FP context alive, causing TIF_USEDFPU to be copied from that context to kthread unexpectedly. Move around code blocks to ensure flags regarding lazy hardware context get cleared for kernel threads as well. Cc: stable(a)vger.kernel.org Reported-by: Aurelien Jarno <aurel32(a)debian.org> Signed-off-by: Jiaxun Yang <jiaxun.yang(a)flygoat.com> --- Folks, it might be helpful to check ST0_CU1 in is_fpu_owner to catch this kind of problem in future, what's your opinion? --- arch/mips/kernel/process.c | 35 +++++++++++++++++------------------ 1 file changed, 17 insertions(+), 18 deletions(-) diff --git a/arch/mips/kernel/process.c b/arch/mips/kernel/process.c index 5387ed0a5186..fecffa32f3e0 100644 --- a/arch/mips/kernel/process.c +++ b/arch/mips/kernel/process.c @@ -136,24 +136,26 @@ int copy_thread(struct task_struct *p, const struct kernel_clone_args *args) status |= ST0_EXL; #endif childregs->cp0_status = status; - return 0; - } + } else { + /* user thread */ + *childregs = *regs; + childregs->regs[7] = 0; /* Clear error flag */ + childregs->regs[2] = 0; /* Child gets zero as return value */ + if (usp) + childregs->regs[29] = usp; - /* user thread */ - *childregs = *regs; - childregs->regs[7] = 0; /* Clear error flag */ - childregs->regs[2] = 0; /* Child gets zero as return value */ - if (usp) - childregs->regs[29] = usp; + p->thread.reg29 = (unsigned long) childregs; + p->thread.reg31 = (unsigned long) ret_from_fork; - p->thread.reg29 = (unsigned long) childregs; - p->thread.reg31 = (unsigned long) ret_from_fork; + /* + * New tasks lose permission to use the fpu. This accelerates context + * switching for most programs since they don't use the fpu. + */ + childregs->cp0_status &= ~(ST0_CU2|ST0_CU1); - /* - * New tasks lose permission to use the fpu. This accelerates context - * switching for most programs since they don't use the fpu. - */ - childregs->cp0_status &= ~(ST0_CU2|ST0_CU1); + if (clone_flags & CLONE_SETTLS) + ti->tp_value = tls; + } clear_tsk_thread_flag(p, TIF_USEDFPU); clear_tsk_thread_flag(p, TIF_USEDMSA); @@ -167,9 +169,6 @@ int copy_thread(struct task_struct *p, const struct kernel_clone_args *args) atomic_set(&p->thread.bd_emu_frame, BD_EMUFRAME_NONE); #endif - if (clone_flags & CLONE_SETTLS) - ti->tp_value = tls; - return 0; } -- 2.34.1

1 year, 2 months

4
10
0 0

[PATCH v2] usb: dwc3: set the dma max_seg_size

by Ricardo Ribalda

Allow devices to have dma operations beyond 4K, and avoid warnings such as: DMA-API: dwc3 a600000.usb: mapping sg segment longer than device claims to support [len=86016] [max=65536] Cc: stable(a)vger.kernel.org Fixes: 72246da40f37 ("usb: Introduce DesignWare USB3 DRD Driver") Reported-by: Zubin Mithra <zsm(a)chromium.org> Signed-off-by: Ricardo Ribalda <ribalda(a)chromium.org> --- Found while running yavta -f YUYV -s 1280x720 -c /dev/video0 with: CONFIG_DMA_API_DEBUG=y --- Changes in v2: - Add stable tag - Link to v1: https://lore.kernel.org/r/20231026-dwc3-v1-1-643c74771599@chromium.org --- drivers/usb/dwc3/core.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/usb/dwc3/core.c b/drivers/usb/dwc3/core.c index 343d2570189f..65f73dd8ef47 100644 --- a/drivers/usb/dwc3/core.c +++ b/drivers/usb/dwc3/core.c @@ -1918,6 +1918,8 @@ static int dwc3_probe(struct platform_device *pdev) pm_runtime_put(dev); + dma_set_max_seg_size(dev, UINT_MAX); + return 0; err_exit_debugfs: --- base-commit: 611da07b89fdd53f140d7b33013f255bf0ed8f34 change-id: 20231026-dwc3-fac74fcb3b2a Best regards, -- Ricardo Ribalda <ribalda(a)chromium.org>

1 year, 2 months

3
5
0 0

Question about LTS 4.19 patch "89047634f5ce NFS: Don't interrupt file writeout due to fatal errors"

by ChenXiaoSong

Hi Trond and Greg: LTS 4.19 reported null-ptr-deref BUG as follows: BUG: unable to handle kernel NULL pointer dereference at 0000000000000080 Call Trace: nfs_inode_add_request+0x1cc/0x5b8 nfs_setup_write_request+0x1fa/0x1fc nfs_writepage_setup+0x2d/0x7d nfs_updatepage+0x8b8/0x936 nfs_write_end+0x61d/0xd45 generic_perform_write+0x19a/0x3f0 nfs_file_write+0x2cc/0x6e5 new_sync_write+0x442/0x560 __vfs_write+0xda/0xef vfs_write+0x176/0x48b ksys_write+0x10a/0x1e9 __se_sys_write+0x24/0x29 __x64_sys_write+0x79/0x93 do_syscall_64+0x16d/0x4bb entry_SYSCALL_64_after_hwframe+0x5c/0xc1 The reason is: generic_error_remove_page set page->mapping to NULL when nfs server have a fatal error: nfs_updatepage nfs_writepage_setup nfs_setup_write_request nfs_try_to_update_request // return NULL nfs_wb_page // return 0 nfs_writepage_locked // return 0 nfs_do_writepage // return 0 nfs_page_async_flush // return 0 nfs_error_is_fatal_on_server generic_error_remove_page truncate_inode_page delete_from_page_cache __delete_from_page_cache page_cache_tree_delete page->mapping = NULL // this is point nfs_create_request req->wb_page = page // the page is freed nfs_inode_add_request mapping = page_file_mapping(req->wb_page) return page->mapping spin_lock(&mapping->private_lock) // mapping is NULL It is reasonable by reverting the patch "89047634f5ce NFS: Don't interrupt file writeout due to fatal errors" to fix this bug? This patch is one patch of patchset [Fix up soft mounts for NFSv4.x](https://lore.kernel.org/all/20190407175912.23528-1-trond.myklebust…, the patchset replace custom error reporting mechanism. it seams that we should merge all the patchset to LTS 4.19, or all patchs should not be merged. And the "Fixes:" label is not correct, this patch is a refactoring patch, not for fixing bugs.

1 year, 2 months

3
8
0 0

[PATCH] sched: psi: fix unprivileged polling against cgroups

by Johannes Weiner

519fabc7aaba ("psi: remove 500ms min window size limitation for triggers") breaks unprivileged psi polling on cgroups. Historically, we had a privilege check for polling in the open() of a pressure file in /proc, but were erroneously missing it for the open() of cgroup pressure files. When unprivileged polling was introduced in d82caa273565 ("sched/psi: Allow unprivileged polling of N*2s period"), it needed to filter privileges depending on the exact polling parameters, and as such moved the CAP_SYS_RESOURCE check from the proc open() callback to psi_trigger_create(). Both the proc files as well as cgroup files go through this during write(). This implicitly added the missing check for privileges required for HT polling for cgroups. When 519fabc7aaba ("psi: remove 500ms min window size limitation for triggers") followed right after to remove further restrictions on the RT polling window, it incorrectly assumed the cgroup privilege check was still missing and added it to the cgroup open(), mirroring what we used to do for proc files in the past. As a result, unprivileged poll requests that would be supported now get rejected when opening the cgroup pressure file for writing. Remove the cgroup open() check. psi_trigger_create() handles it. Fixes: 519fabc7aaba ("psi: remove 500ms min window size limitation for triggers") Cc: stable(a)vger.kernel.org # 6.5+ Reported-by: Luca Boccassi <bluca(a)debian.org> Signed-off-by: Johannes Weiner <hannes(a)cmpxchg.org> --- kernel/cgroup/cgroup.c | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c index f11488b18ceb..2069ee98da60 100644 --- a/kernel/cgroup/cgroup.c +++ b/kernel/cgroup/cgroup.c @@ -3879,14 +3879,6 @@ static __poll_t cgroup_pressure_poll(struct kernfs_open_file *of, return psi_trigger_poll(&ctx->psi.trigger, of->file, pt); } -static int cgroup_pressure_open(struct kernfs_open_file *of) -{ - if (of->file->f_mode & FMODE_WRITE && !capable(CAP_SYS_RESOURCE)) - return -EPERM; - - return 0; -} - static void cgroup_pressure_release(struct kernfs_open_file *of) { struct cgroup_file_ctx *ctx = of->priv; @@ -5287,7 +5279,6 @@ static struct cftype cgroup_psi_files[] = { { .name = "io.pressure", .file_offset = offsetof(struct cgroup, psi_files[PSI_IO]), - .open = cgroup_pressure_open, .seq_show = cgroup_io_pressure_show, .write = cgroup_io_pressure_write, .poll = cgroup_pressure_poll, @@ -5296,7 +5287,6 @@ static struct cftype cgroup_psi_files[] = { { .name = "memory.pressure", .file_offset = offsetof(struct cgroup, psi_files[PSI_MEM]), - .open = cgroup_pressure_open, .seq_show = cgroup_memory_pressure_show, .write = cgroup_memory_pressure_write, .poll = cgroup_pressure_poll, @@ -5305,7 +5295,6 @@ static struct cftype cgroup_psi_files[] = { { .name = "cpu.pressure", .file_offset = offsetof(struct cgroup, psi_files[PSI_CPU]), - .open = cgroup_pressure_open, .seq_show = cgroup_cpu_pressure_show, .write = cgroup_cpu_pressure_write, .poll = cgroup_pressure_poll, @@ -5315,7 +5304,6 @@ static struct cftype cgroup_psi_files[] = { { .name = "irq.pressure", .file_offset = offsetof(struct cgroup, psi_files[PSI_IRQ]), - .open = cgroup_pressure_open, .seq_show = cgroup_irq_pressure_show, .write = cgroup_irq_pressure_write, .poll = cgroup_pressure_poll, -- 2.42.0

1 year, 2 months

5
5
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror October 2023