December 2023 - Linux-stable-mirror

[PATCH] dt-bindings: phy: qcom,sc8280xp-qmp-usb43dp-phy: fix path to header

by Krzysztof Kozlowski

Fix the path to bindings header in description. Fixes: e1c4c5436b4a ("dt-bindings: phy: qcom,qmp-usb3-dp: fix sc8280xp binding") Cc: <stable(a)vger.kernel.org> Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> --- .../bindings/phy/qcom,sc8280xp-qmp-usb43dp-phy.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Documentation/devicetree/bindings/phy/qcom,sc8280xp-qmp-usb43dp-phy.yaml b/Documentation/devicetree/bindings/phy/qcom,sc8280xp-qmp-usb43dp-phy.yaml index ae83cb8cb21f..59d34a2a2196 100644 --- a/Documentation/devicetree/bindings/phy/qcom,sc8280xp-qmp-usb43dp-phy.yaml +++ b/Documentation/devicetree/bindings/phy/qcom,sc8280xp-qmp-usb43dp-phy.yaml @@ -63,12 +63,12 @@ properties: "#clock-cells": const: 1 description: - See include/dt-bindings/dt-bindings/phy/phy-qcom-qmp.h + See include/dt-bindings/phy/phy-qcom-qmp.h "#phy-cells": const: 1 description: - See include/dt-bindings/dt-bindings/phy/phy-qcom-qmp.h + See include/dt-bindings/phy/phy-qcom-qmp.h orientation-switch: description: -- 2.34.1

10 months

4
3
0 0

[PATCH 02/18] serial: sc16is7xx: fix invalid sc16is7xx_lines bitfield in case of probe error

by Hugo Villeneuve

From: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> If an error occurs during probing, the sc16is7xx_lines bitfield may be left in a state that doesn't represent the correct state of lines allocation. For example, in a system with two SC16 devices, if an error occurs only during probing of channel (port) B of the second device, sc16is7xx_lines final state will be 00001011b instead of the expected 00000011b. This is caused in part because of the "i--" in the for/loop located in the out_ports: error path. Fix this by checking the return value of uart_add_one_port() and set line allocation bit only if this was successful. This allows the refactor of the obfuscated for(i--...) loop in the error path, and properly call uart_remove_one_port() only when needed, and properly unset line allocation bits. Also use same mechanism in remove() when calling uart_remove_one_port(). Fixes: c64349722d14 ("sc16is7xx: support multiple devices") Cc: stable(a)vger.kernel.org Cc: Yury Norov <yury.norov(a)gmail.com> Signed-off-by: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> --- There is already a patch by Yury Norov <yury.norov(a)gmail.com> to simplify sc16is7xx_alloc_line(): https://lore.kernel.org/all/20231212022749.625238-30-yury.norov@gmail.com/ Since my patch gets rid of sc16is7xx_alloc_line() entirely, it would make Yury's patch unnecessary. --- drivers/tty/serial/sc16is7xx.c | 44 ++++++++++++++-------------------- 1 file changed, 18 insertions(+), 26 deletions(-) diff --git a/drivers/tty/serial/sc16is7xx.c b/drivers/tty/serial/sc16is7xx.c index b585663c1e6e..b92fd01cfeec 100644 --- a/drivers/tty/serial/sc16is7xx.c +++ b/drivers/tty/serial/sc16is7xx.c @@ -407,19 +407,6 @@ static void sc16is7xx_port_update(struct uart_port *port, u8 reg, regmap_update_bits(one->regmap, reg, mask, val); } -static int sc16is7xx_alloc_line(void) -{ - int i; - - BUILD_BUG_ON(SC16IS7XX_MAX_DEVS > BITS_PER_LONG); - - for (i = 0; i < SC16IS7XX_MAX_DEVS; i++) - if (!test_and_set_bit(i, &sc16is7xx_lines)) - break; - - return i; -} - static void sc16is7xx_power(struct uart_port *port, int on) { sc16is7xx_port_update(port, SC16IS7XX_IER_REG, @@ -1550,6 +1537,13 @@ static int sc16is7xx_probe(struct device *dev, SC16IS7XX_IOCONTROL_SRESET_BIT); for (i = 0; i < devtype->nr_uart; ++i) { + s->p[i].port.line = find_first_zero_bit(&sc16is7xx_lines, + SC16IS7XX_MAX_DEVS); + if (s->p[i].port.line >= SC16IS7XX_MAX_DEVS) { + ret = -ERANGE; + goto out_ports; + } + /* Initialize port data */ s->p[i].port.dev = dev; s->p[i].port.irq = irq; @@ -1569,14 +1563,8 @@ static int sc16is7xx_probe(struct device *dev, s->p[i].port.rs485_supported = sc16is7xx_rs485_supported; s->p[i].port.ops = &sc16is7xx_ops; s->p[i].old_mctrl = 0; - s->p[i].port.line = sc16is7xx_alloc_line(); s->p[i].regmap = regmaps[i]; - if (s->p[i].port.line >= SC16IS7XX_MAX_DEVS) { - ret = -ENOMEM; - goto out_ports; - } - mutex_init(&s->p[i].efr_lock); ret = uart_get_rs485_mode(&s->p[i].port); @@ -1594,8 +1582,13 @@ static int sc16is7xx_probe(struct device *dev, kthread_init_work(&s->p[i].tx_work, sc16is7xx_tx_proc); kthread_init_work(&s->p[i].reg_work, sc16is7xx_reg_proc); kthread_init_delayed_work(&s->p[i].ms_work, sc16is7xx_ms_proc); + /* Register port */ - uart_add_one_port(&sc16is7xx_uart, &s->p[i].port); + ret = uart_add_one_port(&sc16is7xx_uart, &s->p[i].port); + if (ret) + goto out_ports; + + set_bit(s->p[i].port.line, &sc16is7xx_lines); /* Enable EFR */ sc16is7xx_port_write(&s->p[i].port, SC16IS7XX_LCR_REG, @@ -1653,10 +1646,9 @@ static int sc16is7xx_probe(struct device *dev, #endif out_ports: - for (i--; i >= 0; i--) { - uart_remove_one_port(&sc16is7xx_uart, &s->p[i].port); - clear_bit(s->p[i].port.line, &sc16is7xx_lines); - } + for (i = 0; i < devtype->nr_uart; i++) + if (test_and_clear_bit(s->p[i].port.line, &sc16is7xx_lines)) + uart_remove_one_port(&sc16is7xx_uart, &s->p[i].port); kthread_stop(s->kworker_task); @@ -1683,8 +1675,8 @@ static void sc16is7xx_remove(struct device *dev) for (i = 0; i < s->devtype->nr_uart; i++) { kthread_cancel_delayed_work_sync(&s->p[i].ms_work); - uart_remove_one_port(&sc16is7xx_uart, &s->p[i].port); - clear_bit(s->p[i].port.line, &sc16is7xx_lines); + if (test_and_clear_bit(s->p[i].port.line, &sc16is7xx_lines)) + uart_remove_one_port(&sc16is7xx_uart, &s->p[i].port); sc16is7xx_power(&s->p[i].port, 0); } -- 2.39.2

10 months

2
6
0 0

Re: Patch "mm/damon/core: use number of passed access sampling as a timer" has been added to the 6.6-stable tree

by SeongJae Park

Hi Sasha, Thank you for picking this patch. On Thu, 21 Dec 2023 09:53:01 -0500 Sasha Levin <sashal(a)kernel.org> wrote: > This is a note to let you know that I've just added the patch titled > > mm/damon/core: use number of passed access sampling as a timer > > to the 6.6-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > mm-damon-core-use-number-of-passed-access-sampling-a.patch > and it can be found in the queue-6.6 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > > > commit dfda8d41e94ee98ebd2ad78c7cb49625a8c92474 > Author: SeongJae Park <sj(a)kernel.org> > Date: Thu Sep 14 02:15:23 2023 +0000 > > mm/damon/core: use number of passed access sampling as a timer > > [ Upstream commit 4472edf63d6630e6cf65e205b4fc8c3c94d0afe5 ] > > DAMON sleeps for sampling interval after each sampling, and check if the > aggregation interval and the ops update interval have passed using > ktime_get_coarse_ts64() and baseline timestamps for the intervals. That > design is for making the operations occur at deterministic timing > regardless of the time that spend for each work. However, it turned out > it is not that useful, and incur not-that-intuitive results. > > After all, timer functions, and especially sleep functions that DAMON uses > to wait for specific timing, are not necessarily strictly accurate. It is > legal design, so no problem. However, depending on such inaccuracies, the > nr_accesses can be larger than aggregation interval divided by sampling > interval. For example, with the default setting (5 ms sampling interval > and 100 ms aggregation interval) we frequently show regions having > nr_accesses larger than 20. Also, if the execution of a DAMOS scheme > takes a long time, next aggregation could happen before enough number of > samples are collected. This is not what usual users would intuitively > expect. > > Since access check sampling is the smallest unit work of DAMON, using the > number of passed sampling intervals as the DAMON-internal timer can easily > avoid these problems. That is, convert aggregation and ops update > intervals to numbers of sampling intervals that need to be passed before > those operations be executed, count the number of passed sampling > intervals, and invoke the operations as soon as the specific amount of > sampling intervals passed. Make the change. > > Note that this could make a behavioral change to settings that using > intervals that not aligned by the sampling interval. For example, if the > sampling interval is 5 ms and the aggregation interval is 12 ms, DAMON > effectively uses 15 ms as its aggregation interval, because it checks > whether the aggregation interval after sleeping the sampling interval. > This change will make DAMON to effectively use 10 ms as aggregation > interval, since it uses 'aggregation interval / sampling interval * > sampling interval' as the effective aggregation interval, and we don't use > floating point types. Usual users would have used aligned intervals, so > this behavioral change is not expected to make any meaningful impact, so > just make this change. > > Link: https://lkml.kernel.org/r/20230914021523.60649-1-sj@kernel.org > Signed-off-by: SeongJae Park <sj(a)kernel.org> > Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> > Stable-dep-of: 6376a8245956 ("mm/damon/core: make damon_start() waits until kdamond_fn() starts") I think adding this patch on 6.6.y has no problem. Nonetheless, Greg notified me the patch that depends on this ("mm/damon/core: make damon_start() waits until kdamond_fn() starts") cannot cleanly applied on 6.1.y and 6.6.y[1,2], and hence I sent conflict-resolved patches for those[3,4] before. Hence this patch might not really required, but I also think adding this now might help merging future fixes. I don't have strong opinion on whether this patch should be added to 6.6.y or not. I hope you to select a way that better for minimizing stable kernels maintenance overhead. [1] https://lore.kernel.org/stable/2023121849-ambulance-violate-e5b2@gregkh/ [2] https://lore.kernel.org/stable/2023121843-pension-tactile-868b@gregkh/ [3] https://lore.kernel.org/r/20231218175939.99263-1-sj@kernel.org [4] https://lore.kernel.org/r/20231218175959.99278-1-sj@kernel.org Thanks, SJ [...]

10 months

1
0
0 0

[PATCH 5.10 00/62] 5.10.205-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.10.205 release. There are 62 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 20 Dec 2023 13:50:31 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.205-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.10.205-rc1 Naveen N Rao <naveen(a)kernel.org> powerpc/ftrace: Fix stack teardown in ftrace_no_trace Naveen N Rao <naveen(a)kernel.org> powerpc/ftrace: Create a dummy stackframe to fix stack unwind Mazin Al Haddad <mazinalhaddad05(a)gmail.com> tty: n_gsm: add sanity check for gsm->receive in gsm_receive_buf() Jiri Slaby <jirislaby(a)kernel.org> tty: n_gsm, remove duplicates of parameters Daniel Starke <daniel.starke(a)siemens.com> tty: n_gsm: fix tty registration before control channel open Roy Luo <royluo(a)google.com> USB: gadget: core: adjust uevent timing on gadget unbind Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Fix a race in rb_time_cmpxchg() for 32 bit archs Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Fix writing to the buffer with max_data_size Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Have saved event hold the entire event Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Update snapshot buffer on resize if it is allocated Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Fix memory leak of free page Florent Revest <revest(a)chromium.org> team: Fix use-after-free when an option instance allocation fails James Houghton <jthoughton(a)google.com> arm64: mm: Always make sw-dirty PTEs hw-dirty in pte_modify Baokun Li <libaokun1(a)huawei.com> ext4: prevent the normalized size from exceeding EXT_MAX_BLOCKS Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soundwire: stream: fix NULL pointer dereference for multi_link Mark Rutland <mark.rutland(a)arm.com> perf: Fix perf_event_validate_size() lockdep splat Denis Benato <benato.denis96(a)gmail.com> HID: hid-asus: add const to read-only outgoing usb buffer Lech Perczak <lech.perczak(a)gmail.com> net: usb: qmi_wwan: claim interface 4 for ZTE MF290 Linus Torvalds <torvalds(a)linux-foundation.org> asm-generic: qspinlock: fix queued_spin_value_unlocked() implementation Aoba K <nexp_0x17(a)outlook.com> HID: multitouch: Add quirk for HONOR GLO-GXXX touchpad Denis Benato <benato.denis96(a)gmail.com> HID: hid-asus: reset the backlight brightness level on resume Oliver Neukum <oneukum(a)suse.com> HID: add ALWAYS_POLL quirk for Apple kb Brett Raye <braye(a)fastmail.com> HID: glorious: fix Glorious Model I HID report Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> platform/x86: intel_telemetry: Fix kernel doc descriptions Coly Li <colyli(a)suse.de> bcache: avoid NULL checking to c->root in run_cache_set() Coly Li <colyli(a)suse.de> bcache: add code comments for bch_btree_node_get() and __bch_btree_node_alloc() Colin Ian King <colin.i.king(a)gmail.com> bcache: remove redundant assignment to variable cur_idx Coly Li <colyli(a)suse.de> bcache: avoid oversize memory allocation by small stripe_size Ming Lei <ming.lei(a)redhat.com> blk-throttle: fix lockdep warning of "cgroup_mutex or RCU read lock required!" Oliver Neukum <oneukum(a)suse.com> usb: aqc111: check packet for fixup for true limit Jason-JH.Lin <jason-jh.lin(a)mediatek.com> drm/mediatek: Add spinlock for setting vblank event in atomic_begin Maxime Ripard <maxime(a)cerno.tech> drm: Use state helper instead of CRTC state pointer Maxime Ripard <maxime(a)cerno.tech> drm/atomic: Pass the full state to CRTC atomic begin and flush Jiaxun Yang <jiaxun.yang(a)flygoat.com> PCI: loongson: Limit MRRS to 256 Bjorn Helgaas <bhelgaas(a)google.com> Revert "PCI: acpiphp: Reassign resources on bridge if necessary" Hartmut Knaack <knaack.h(a)gmx.de> ALSA: hda/realtek: Apply mute LED quirk for HP15-db Kai Vehmanen <kai.vehmanen(a)linux.intel.com> ALSA: hda/hdmi: add force-connect quirks for ASUSTeK Z170 variants Hangyu Hua <hbh25y(a)gmail.com> fuse: dax: set fc->dax to NULL in fuse_dax_conn_free() Jens Axboe <axboe(a)kernel.dk> cred: switch to using atomic_long_t Igor Russkikh <irusskikh(a)marvell.com> net: atlantic: fix double free in ring reinit logic Hyunwoo Kim <v4bel(a)theori.io> appletalk: Fix Use-After-Free in atalk_ioctl Andrew Halaney <ahalaney(a)redhat.com> net: stmmac: Handle disabled MDIO busses from devicetree Rasmus Villemoes <linux(a)rasmusvillemoes.dk> net: stmmac: use dev_err_probe() for reporting mdio bus registration failure Nikolay Kuratov <kniv(a)yandex-team.ru> vsock/virtio: Fix unsigned integer wrap around in virtio_transport_has_space() Yusong Gao <a869920004(a)gmail.com> sign-file: Fix incorrect return values check David Arinzon <darinzon(a)amazon.com> net: ena: Fix XDP redirection error David Arinzon <darinzon(a)amazon.com> net: ena: Destroy correct number of xdp queues upon failure Dong Chenchen <dongchenchen2(a)huawei.com> net: Remove acked SYN flag from packet in the transmit queue correctly Dinghao Liu <dinghao.liu(a)zju.edu.cn> qed: Fix a potential use-after-free in qed_cxt_tables_alloc Hyunwoo Kim <v4bel(a)theori.io> net/rose: Fix Use-After-Free in rose_ioctl Hyunwoo Kim <v4bel(a)theori.io> atm: Fix Use-After-Free in do_vcc_ioctl Radu Bulie <radu-andrei.bulie(a)nxp.com> net: fec: correct queue selection Vladimir Oltean <vladimir.oltean(a)nxp.com> net: vlan: introduce skb_vlan_eth_hdr() Chengfeng Ye <dg573847474(a)gmail.com> atm: solos-pci: Fix potential deadlock on &tx_queue_lock Chengfeng Ye <dg573847474(a)gmail.com> atm: solos-pci: Fix potential deadlock on &cli_queue_lock Stefan Wahren <wahrenst(a)gmx.net> qca_spi: Fix reset behavior Stefan Wahren <wahrenst(a)gmx.net> qca_debug: Fix ethtool -G iface tx behavior Stefan Wahren <wahrenst(a)gmx.net> qca_debug: Prevent crash on TX ring changes Maciej Żenczykowski <maze(a)google.com> net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX Mikhail Khvainitski <me(a)khvoinitsky.org> HID: lenovo: Restrict detection of patched firmware only to USB cptkbd David Howells <dhowells(a)redhat.com> afs: Fix refcount underflow from error handling race Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: fix 'exist' matching on bigendian arches ------------- Diffstat: Makefile | 4 +- arch/arm64/include/asm/pgtable.h | 6 + arch/powerpc/kernel/trace/ftrace_64_mprofile.S | 17 ++- block/blk-throttle.c | 2 + drivers/atm/solos-pci.c | 8 +- drivers/gpu/drm/arm/display/komeda/komeda_crtc.c | 8 +- drivers/gpu/drm/arm/hdlcd_crtc.c | 2 +- drivers/gpu/drm/armada/armada_crtc.c | 12 +- drivers/gpu/drm/ast/ast_mode.c | 9 +- drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_crtc.c | 4 +- drivers/gpu/drm/drm_atomic_helper.c | 8 +- drivers/gpu/drm/exynos/exynos_drm_crtc.c | 4 +- drivers/gpu/drm/fsl-dcu/fsl_dcu_drm_crtc.c | 2 +- drivers/gpu/drm/hisilicon/hibmc/hibmc_drm_de.c | 4 +- drivers/gpu/drm/hisilicon/kirin/kirin_drm_ade.c | 4 +- drivers/gpu/drm/imx/dcss/dcss-crtc.c | 4 +- drivers/gpu/drm/imx/ipuv3-crtc.c | 4 +- drivers/gpu/drm/ingenic/ingenic-drm-drv.c | 22 ++-- drivers/gpu/drm/mediatek/mtk_drm_crtc.c | 24 ++-- drivers/gpu/drm/meson/meson_crtc.c | 4 +- drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c | 4 +- drivers/gpu/drm/msm/disp/mdp4/mdp4_crtc.c | 4 +- drivers/gpu/drm/msm/disp/mdp5/mdp5_crtc.c | 4 +- drivers/gpu/drm/mxsfb/mxsfb_kms.c | 2 +- drivers/gpu/drm/omapdrm/omap_crtc.c | 4 +- drivers/gpu/drm/qxl/qxl_display.c | 2 +- drivers/gpu/drm/rcar-du/rcar_du_crtc.c | 4 +- drivers/gpu/drm/rockchip/rockchip_drm_vop.c | 14 ++- drivers/gpu/drm/sti/sti_crtc.c | 2 +- drivers/gpu/drm/stm/ltdc.c | 2 +- drivers/gpu/drm/sun4i/sun4i_crtc.c | 6 +- drivers/gpu/drm/tegra/dc.c | 12 +- drivers/gpu/drm/tidss/tidss_crtc.c | 4 +- drivers/gpu/drm/tilcdc/tilcdc_crtc.c | 2 +- drivers/gpu/drm/vboxvideo/vbox_mode.c | 2 +- drivers/gpu/drm/vc4/vc4_drv.h | 3 +- drivers/gpu/drm/vc4/vc4_hvs.c | 4 +- drivers/gpu/drm/virtio/virtgpu_display.c | 6 +- drivers/gpu/drm/vkms/vkms_crtc.c | 4 +- drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 4 +- drivers/gpu/drm/vmwgfx/vmwgfx_kms.h | 4 +- drivers/gpu/drm/xlnx/zynqmp_disp.c | 4 +- drivers/gpu/drm/zte/zx_vou.c | 2 +- drivers/hid/hid-asus.c | 25 +++- drivers/hid/hid-glorious.c | 16 ++- drivers/hid/hid-ids.h | 11 +- drivers/hid/hid-lenovo.c | 3 +- drivers/hid/hid-multitouch.c | 5 + drivers/hid/hid-quirks.c | 1 + drivers/md/bcache/bcache.h | 1 + drivers/md/bcache/btree.c | 7 ++ drivers/md/bcache/super.c | 4 +- drivers/md/bcache/writeback.c | 2 +- drivers/net/ethernet/amazon/ena/ena_eth_com.c | 3 - drivers/net/ethernet/amazon/ena/ena_netdev.c | 13 +- drivers/net/ethernet/aquantia/atlantic/aq_ring.c | 5 +- drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 3 +- drivers/net/ethernet/emulex/benet/be_main.c | 2 +- drivers/net/ethernet/freescale/fec_main.c | 27 ++--- drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 2 +- drivers/net/ethernet/intel/i40e/i40e_txrx.c | 2 +- drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 2 +- .../net/ethernet/qlogic/netxen/netxen_nic_main.c | 2 +- drivers/net/ethernet/qlogic/qed/qed_cxt.c | 1 + drivers/net/ethernet/qlogic/qlcnic/qlcnic_io.c | 4 +- drivers/net/ethernet/qualcomm/qca_debug.c | 17 +-- drivers/net/ethernet/qualcomm/qca_spi.c | 20 +++- drivers/net/ethernet/sfc/tx_tso.c | 2 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 13 +- drivers/net/ethernet/stmicro/stmmac/stmmac_mdio.c | 8 +- drivers/net/team/team.c | 4 +- drivers/net/usb/aqc111.c | 8 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/pci/controller/pci-loongson.c | 46 +++++++- drivers/pci/hotplug/acpiphp_glue.c | 9 +- drivers/platform/x86/intel_telemetry_core.c | 4 +- drivers/soundwire/stream.c | 7 +- drivers/staging/gdm724x/gdm_lte.c | 4 +- drivers/tty/n_gsm.c | 131 +++++++++++++-------- drivers/usb/gadget/udc/core.c | 4 +- fs/afs/rxrpc.c | 2 +- fs/ext4/mballoc.c | 4 + fs/fuse/dax.c | 1 + include/asm-generic/qspinlock.h | 2 +- include/drm/drm_modeset_helper_vtables.h | 4 +- include/linux/cred.h | 8 +- include/linux/if_vlan.h | 12 +- include/net/addrconf.h | 12 +- include/net/if_inet6.h | 4 - kernel/cred.c | 64 +++++----- kernel/events/core.c | 10 ++ kernel/trace/ring_buffer.c | 18 ++- kernel/trace/trace.c | 4 +- net/appletalk/ddp.c | 9 +- net/atm/ioctl.c | 7 +- net/batman-adv/soft-interface.c | 2 +- net/ipv4/tcp_output.c | 6 + net/ipv6/addrconf.c | 6 +- net/netfilter/nft_exthdr.c | 2 +- net/netfilter/nft_fib.c | 8 +- net/rose/af_rose.c | 4 +- net/vmw_vsock/virtio_transport_common.c | 2 +- scripts/sign-file.c | 12 +- sound/pci/hda/patch_hdmi.c | 2 + sound/pci/hda/patch_realtek.c | 1 + 105 files changed, 564 insertions(+), 312 deletions(-)

10 months

4
66
0 0

[for-linus][PATCH 3/3] tracing / synthetic: Disable events after testing in synth_event_gen_test_init()

by Steven Rostedt

From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> The synth_event_gen_test module can be built in, if someone wants to run the tests at boot up and not have to load them. The synth_event_gen_test_init() function creates and enables the synthetic events and runs its tests. The synth_event_gen_test_exit() disables the events it created and destroys the events. If the module is builtin, the events are never disabled. The issue is, the events should be disable after the tests are run. This could be an issue if the rest of the boot up tests are enabled, as they expect the events to be in a known state before testing. That known state happens to be disabled. When CONFIG_SYNTH_EVENT_GEN_TEST=y and CONFIG_EVENT_TRACE_STARTUP_TEST=y a warning will trigger: Running tests on trace events: Testing event create_synth_test: Enabled event during self test! ------------[ cut here ]------------ WARNING: CPU: 2 PID: 1 at kernel/trace/trace_events.c:4150 event_trace_self_tests+0x1c2/0x480 Modules linked in: CPU: 2 PID: 1 Comm: swapper/0 Not tainted 6.7.0-rc2-test-00031-gb803d7c664d5-dirty #276 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 RIP: 0010:event_trace_self_tests+0x1c2/0x480 Code: bb e8 a2 ab 5d fc 48 8d 7b 48 e8 f9 3d 99 fc 48 8b 73 48 40 f6 c6 01 0f 84 d6 fe ff ff 48 c7 c7 20 b6 ad bb e8 7f ab 5d fc 90 <0f> 0b 90 48 89 df e8 d3 3d 99 fc 48 8b 1b 4c 39 f3 0f 85 2c ff ff RSP: 0000:ffffc9000001fdc0 EFLAGS: 00010246 RAX: 0000000000000029 RBX: ffff88810399ca80 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffffb9f19478 RDI: ffff88823c734e64 RBP: ffff88810399f300 R08: 0000000000000000 R09: fffffbfff79eb32a R10: ffffffffbcf59957 R11: 0000000000000001 R12: ffff888104068090 R13: ffffffffbc89f0a0 R14: ffffffffbc8a0f08 R15: 0000000000000078 FS: 0000000000000000(0000) GS:ffff88823c700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 00000001f6282001 CR4: 0000000000170ef0 Call Trace: <TASK> ? __warn+0xa5/0x200 ? event_trace_self_tests+0x1c2/0x480 ? report_bug+0x1f6/0x220 ? handle_bug+0x6f/0x90 ? exc_invalid_op+0x17/0x50 ? asm_exc_invalid_op+0x1a/0x20 ? tracer_preempt_on+0x78/0x1c0 ? event_trace_self_tests+0x1c2/0x480 ? __pfx_event_trace_self_tests_init+0x10/0x10 event_trace_self_tests_init+0x27/0xe0 do_one_initcall+0xd6/0x3c0 ? __pfx_do_one_initcall+0x10/0x10 ? kasan_set_track+0x25/0x30 ? rcu_is_watching+0x38/0x60 kernel_init_freeable+0x324/0x450 ? __pfx_kernel_init+0x10/0x10 kernel_init+0x1f/0x1e0 ? _raw_spin_unlock_irq+0x33/0x50 ret_from_fork+0x34/0x60 ? __pfx_kernel_init+0x10/0x10 ret_from_fork_asm+0x1b/0x30 </TASK> This is because the synth_event_gen_test_init() left the synthetic events that it created enabled. By having it disable them after testing, the other selftests will run fine. Link: https://lore.kernel.org/linux-trace-kernel/20231220111525.2f0f49b0@gandalf.… Cc: stable(a)vger.kernel.org Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Tom Zanussi <zanussi(a)kernel.org> Fixes: 9fe41efaca084 ("tracing: Add synth event generation test module") Acked-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> Reported-by: Alexander Graf <graf(a)amazon.com> Tested-by: Alexander Graf <graf(a)amazon.com> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/synth_event_gen_test.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/kernel/trace/synth_event_gen_test.c b/kernel/trace/synth_event_gen_test.c index 8dfe85499d4a..354c2117be43 100644 --- a/kernel/trace/synth_event_gen_test.c +++ b/kernel/trace/synth_event_gen_test.c @@ -477,6 +477,17 @@ static int __init synth_event_gen_test_init(void) ret = test_trace_synth_event(); WARN_ON(ret); + + /* Disable when done */ + trace_array_set_clr_event(gen_synth_test->tr, + "synthetic", + "gen_synth_test", false); + trace_array_set_clr_event(empty_synth_test->tr, + "synthetic", + "empty_synth_test", false); + trace_array_set_clr_event(create_synth_test->tr, + "synthetic", + "create_synth_test", false); out: return ret; } -- 2.42.0

10 months

1
0
0 0

[for-linus][PATCH 2/3] eventfs: Have event files and directories default to parent uid and gid

by Steven Rostedt

From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> Dongliang reported: I found that in the latest version, the nodes of tracefs have been changed to dynamically created. This has caused me to encounter a problem where the gid I specified in the mounting parameters cannot apply to all files, as in the following situation: /data/tmp/events # mount | grep tracefs tracefs on /data/tmp type tracefs (rw,seclabel,relatime,gid=3012) gid 3012 = readtracefs /data/tmp # ls -lh total 0 -r--r----- 1 root readtracefs 0 1970-01-01 08:00 README -r--r----- 1 root readtracefs 0 1970-01-01 08:00 available_events ums9621_1h10:/data/tmp/events # ls -lh total 0 drwxr-xr-x 2 root root 0 2023-12-19 00:56 alarmtimer drwxr-xr-x 2 root root 0 2023-12-19 00:56 asoc It will prevent certain applications from accessing tracefs properly, I try to avoid this issue by making the following modifications. To fix this, have the files created default to taking the ownership of the parent dentry unless the ownership was previously set by the user. Link: https://lore.kernel.org/linux-trace-kernel/1703063706-30539-1-git-send-emai… Link: https://lore.kernel.org/linux-trace-kernel/20231220105017.1489d790@gandalf.… Cc: stable(a)vger.kernel.org Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Hongyu Jin <hongyu.jin(a)unisoc.com> Fixes: 28e12c09f5aa0 ("eventfs: Save ownership and mode") Acked-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> Reported-by: Dongliang Cui <cuidongliang390(a)gmail.com> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- fs/tracefs/event_inode.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/fs/tracefs/event_inode.c b/fs/tracefs/event_inode.c index 43e237864a42..2ccc849a5bda 100644 --- a/fs/tracefs/event_inode.c +++ b/fs/tracefs/event_inode.c @@ -148,7 +148,8 @@ static const struct file_operations eventfs_file_operations = { .release = eventfs_release, }; -static void update_inode_attr(struct inode *inode, struct eventfs_attr *attr, umode_t mode) +static void update_inode_attr(struct dentry *dentry, struct inode *inode, + struct eventfs_attr *attr, umode_t mode) { if (!attr) { inode->i_mode = mode; @@ -162,9 +163,13 @@ static void update_inode_attr(struct inode *inode, struct eventfs_attr *attr, um if (attr->mode & EVENTFS_SAVE_UID) inode->i_uid = attr->uid; + else + inode->i_uid = d_inode(dentry->d_parent)->i_uid; if (attr->mode & EVENTFS_SAVE_GID) inode->i_gid = attr->gid; + else + inode->i_gid = d_inode(dentry->d_parent)->i_gid; } /** @@ -206,7 +211,7 @@ static struct dentry *create_file(const char *name, umode_t mode, return eventfs_failed_creating(dentry); /* If the user updated the directory's attributes, use them */ - update_inode_attr(inode, attr, mode); + update_inode_attr(dentry, inode, attr, mode); inode->i_op = &eventfs_file_inode_operations; inode->i_fop = fop; @@ -242,7 +247,8 @@ static struct dentry *create_dir(struct eventfs_inode *ei, struct dentry *parent return eventfs_failed_creating(dentry); /* If the user updated the directory's attributes, use them */ - update_inode_attr(inode, &ei->attr, S_IFDIR | S_IRWXU | S_IRUGO | S_IXUGO); + update_inode_attr(dentry, inode, &ei->attr, + S_IFDIR | S_IRWXU | S_IRUGO | S_IXUGO); inode->i_op = &eventfs_root_dir_inode_operations; inode->i_fop = &eventfs_file_operations; -- 2.42.0

10 months

1
0
0 0

stable-rc/queue/6.1 baseline: 86 runs, 4 regressions (v6.1.68-109-g72c91a6aec84e)

by kernelci.org bot

stable-rc/queue/6.1 baseline: 86 runs, 4 regressions (v6.1.68-109-g72c91a6aec84e) Regressions Summary ------------------- platform | arch | lab | compiler | defconfig | regressions -------------------+-------+---------------+----------+-----------+------------ r8a77960-ulcb | arm64 | lab-collabora | gcc-10 | defconfig | 1 r8a779m1-ulcb | arm64 | lab-collabora | gcc-10 | defconfig | 1 sun50i-h6-pine-h64 | arm64 | lab-clabbe | gcc-10 | defconfig | 1 sun50i-h6-pine-h64 | arm64 | lab-collabora | gcc-10 | defconfig | 1 Details: https://kernelci.org/test/job/stable-rc/branch/queue%2F6.1/kernel/v6.1.68-1… Test: baseline Tree: stable-rc Branch: queue/6.1 Describe: v6.1.68-109-g72c91a6aec84e URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git SHA: 72c91a6aec84e00beb4efae0f0c87057a8702425 Test Regressions ---------------- platform | arch | lab | compiler | defconfig | regressions -------------------+-------+---------------+----------+-----------+------------ r8a77960-ulcb | arm64 | lab-collabora | gcc-10 | defconfig | 1 Details: https://kernelci.org/test/plan/id/65841b53ac4358b64ee134a7 Results: 4 PASS, 2 FAIL, 1 SKIP Full config: defconfig Compiler: gcc-10 (aarch64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable-rc/queue-6.1/v6.1.68-109-g72c91a6aec84… HTML log: https://storage.kernelci.org//stable-rc/queue-6.1/v6.1.68-109-g72c91a6aec84… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2023… * baseline.bootrr.deferred-probe-empty: https://kernelci.org/test/case/id/65841b53ac4358b64ee134ac failing since 28 days (last pass: v6.1.31-26-gef50524405c2, first fail: v6.1.63-176-gecc0fed1ffa4) 2023-12-21T11:09:52.707914 / # # 2023-12-21T11:09:52.809849 export SHELL=/bin/sh 2023-12-21T11:09:52.810508 # 2023-12-21T11:09:52.911771 / # export SHELL=/bin/sh. /lava-12339173/environment 2023-12-21T11:09:52.912653 2023-12-21T11:09:53.013977 / # . /lava-12339173/environment/lava-12339173/bin/lava-test-runner /lava-12339173/1 2023-12-21T11:09:53.014951 2023-12-21T11:09:53.056792 / # /lava-12339173/bin/lava-test-runner /lava-12339173/1 2023-12-21T11:09:53.080466 + export 'TESTRUN_ID=1_bootrr' 2023-12-21T11:09:53.080982 + cd /lav<8>[ 19.062659] <LAVA_SIGNAL_STARTRUN 1_bootrr 12339173_1.5.2.4.5> ... (28 line(s) more) platform | arch | lab | compiler | defconfig | regressions -------------------+-------+---------------+----------+-----------+------------ r8a779m1-ulcb | arm64 | lab-collabora | gcc-10 | defconfig | 1 Details: https://kernelci.org/test/plan/id/65841b53f31978d4bfe13491 Results: 0 PASS, 1 FAIL, 0 SKIP Full config: defconfig Compiler: gcc-10 (aarch64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable-rc/queue-6.1/v6.1.68-109-g72c91a6aec84… HTML log: https://storage.kernelci.org//stable-rc/queue-6.1/v6.1.68-109-g72c91a6aec84… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2023… * baseline.login: https://kernelci.org/test/case/id/65841b53f31978d4bfe13492 new failure (last pass: v6.1.68-108-g5ec595eb8752d) platform | arch | lab | compiler | defconfig | regressions -------------------+-------+---------------+----------+-----------+------------ sun50i-h6-pine-h64 | arm64 | lab-clabbe | gcc-10 | defconfig | 1 Details: https://kernelci.org/test/plan/id/65841b219cf275b1efe134a2 Results: 5 PASS, 1 FAIL, 1 SKIP Full config: defconfig Compiler: gcc-10 (aarch64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable-rc/queue-6.1/v6.1.68-109-g72c91a6aec84… HTML log: https://storage.kernelci.org//stable-rc/queue-6.1/v6.1.68-109-g72c91a6aec84… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2023… * baseline.bootrr.deferred-probe-empty: https://kernelci.org/test/case/id/65841b219cf275b1efe134a7 failing since 28 days (last pass: v6.1.22-372-g971903477e72, first fail: v6.1.63-176-gecc0fed1ffa4) 2023-12-21T11:01:46.371232 <8>[ 18.155576] <LAVA_SIGNAL_ENDRUN 0_dmesg 449286_1.5.2.4.1> 2023-12-21T11:01:46.476281 / # # 2023-12-21T11:01:46.577834 export SHELL=/bin/sh 2023-12-21T11:01:46.578370 # 2023-12-21T11:01:46.679355 / # export SHELL=/bin/sh. /lava-449286/environment 2023-12-21T11:01:46.679923 2023-12-21T11:01:46.780923 / # . /lava-449286/environment/lava-449286/bin/lava-test-runner /lava-449286/1 2023-12-21T11:01:46.781789 2023-12-21T11:01:46.786586 / # /lava-449286/bin/lava-test-runner /lava-449286/1 2023-12-21T11:01:46.859605 + export 'TESTRUN_ID=1_bootrr' ... (12 line(s) more) platform | arch | lab | compiler | defconfig | regressions -------------------+-------+---------------+----------+-----------+------------ sun50i-h6-pine-h64 | arm64 | lab-collabora | gcc-10 | defconfig | 1 Details: https://kernelci.org/test/plan/id/65841b54ac4358b64ee134b2 Results: 5 PASS, 1 FAIL, 1 SKIP Full config: defconfig Compiler: gcc-10 (aarch64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable-rc/queue-6.1/v6.1.68-109-g72c91a6aec84… HTML log: https://storage.kernelci.org//stable-rc/queue-6.1/v6.1.68-109-g72c91a6aec84… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2023… * baseline.bootrr.deferred-probe-empty: https://kernelci.org/test/case/id/65841b54ac4358b64ee134b7 failing since 28 days (last pass: v6.1.22-372-g971903477e72, first fail: v6.1.63-176-gecc0fed1ffa4) 2023-12-21T11:10:04.855506 / # # 2023-12-21T11:10:04.957554 export SHELL=/bin/sh 2023-12-21T11:10:04.957802 # 2023-12-21T11:10:05.058505 / # export SHELL=/bin/sh. /lava-12339200/environment 2023-12-21T11:10:05.059171 2023-12-21T11:10:05.160491 / # . /lava-12339200/environment/lava-12339200/bin/lava-test-runner /lava-12339200/1 2023-12-21T11:10:05.161550 2023-12-21T11:10:05.163681 / # /lava-12339200/bin/lava-test-runner /lava-12339200/1 2023-12-21T11:10:05.243935 + export 'TESTRUN_ID=1_bootrr' 2023-12-21T11:10:05.244475 + cd /lava-1233920<8>[ 19.116040] <LAVA_SIGNAL_STARTRUN 1_bootrr 12339200_1.5.2.4.5> ... (11 line(s) more)

10 months

1
0
0 0

stable-rc/queue/6.6 baseline: 87 runs, 1 regressions (v6.6.7-168-g611edaf5fedea)

by kernelci.org bot

stable-rc/queue/6.6 baseline: 87 runs, 1 regressions (v6.6.7-168-g611edaf5fedea) Regressions Summary ------------------- platform | arch | lab | compiler | defconfig | regressions -------------------+-------+-------------+----------+-----------+------------ kontron-pitx-imx8m | arm64 | lab-kontron | gcc-10 | defconfig | 1 Details: https://kernelci.org/test/job/stable-rc/branch/queue%2F6.6/kernel/v6.6.7-16… Test: baseline Tree: stable-rc Branch: queue/6.6 Describe: v6.6.7-168-g611edaf5fedea URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git SHA: 611edaf5fedea04df15f13c80a8d88ab76c9f6e9 Test Regressions ---------------- platform | arch | lab | compiler | defconfig | regressions -------------------+-------+-------------+----------+-----------+------------ kontron-pitx-imx8m | arm64 | lab-kontron | gcc-10 | defconfig | 1 Details: https://kernelci.org/test/plan/id/65841d385b9a1133c0e13495 Results: 0 PASS, 1 FAIL, 0 SKIP Full config: defconfig Compiler: gcc-10 (aarch64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable-rc/queue-6.6/v6.6.7-168-g611edaf5fedea… HTML log: https://storage.kernelci.org//stable-rc/queue-6.6/v6.6.7-168-g611edaf5fedea… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2023… * baseline.login: https://kernelci.org/test/case/id/65841d385b9a1133c0e13496 new failure (last pass: v6.6.7-166-g4a769d77505ba)

10 months

1
0
0 0

[PATCH v2] wifi: mwifiex: fix uninitialized firmware_stat

by David Lin

Variable firmware_stat is possible to be used without initialization. Signed-off-by: David Lin <yu-hao.lin(a)nxp.com> Fixes: 1c5d463c0770 ("wifi: mwifiex: add extra delay for firmware ready") Cc: stable(a)vger.kernel.org Reported-by: kernel test robot <lkp(a)intel.com> Reported-by: Dan Carpenter <error27(a)gmail.com> Closes: https://lore.kernel.org/r/202312192236.ZflaWYCw-lkp@intel.com/ --- v2: - corrected spelling error: possilbe -> possible. --- drivers/net/wireless/marvell/mwifiex/sdio.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/wireless/marvell/mwifiex/sdio.c b/drivers/net/wireless/marvell/mwifiex/sdio.c index ef3e68d1059c..75f53c2f1e1f 100644 --- a/drivers/net/wireless/marvell/mwifiex/sdio.c +++ b/drivers/net/wireless/marvell/mwifiex/sdio.c @@ -779,7 +779,7 @@ static int mwifiex_check_fw_status(struct mwifiex_adapter *adapter, { struct sdio_mmc_card *card = adapter->card; int ret = 0; - u16 firmware_stat; + u16 firmware_stat = 0; u32 tries; for (tries = 0; tries < poll_num; tries++) { base-commit: 783004b6dbda2cfe9a552a4cc9c1d168a2068f6c prerequisite-patch-id: ee10b03f813ab1e72d05c59aef4e07a26afdf678 -- 2.25.1

10 months

3
3
0 0

Re: [PATCHv4 bpf 1/2] bpf: Fix prog_array_map_poke_run map poke update

by Lee Jones

Dear Stable, > Lee pointed out issue found by syscaller [0] hitting BUG in prog array > map poke update in prog_array_map_poke_run function due to error value > returned from bpf_arch_text_poke function. > > There's race window where bpf_arch_text_poke can fail due to missing > bpf program kallsym symbols, which is accounted for with check for > -EINVAL in that BUG_ON call. > > The problem is that in such case we won't update the tail call jump > and cause imbalance for the next tail call update check which will > fail with -EBUSY in bpf_arch_text_poke. > > I'm hitting following race during the program load: > > CPU 0 CPU 1 > > bpf_prog_load > bpf_check > do_misc_fixups > prog_array_map_poke_track > > map_update_elem > bpf_fd_array_map_update_elem > prog_array_map_poke_run > > bpf_arch_text_poke returns -EINVAL > > bpf_prog_kallsyms_add > > After bpf_arch_text_poke (CPU 1) fails to update the tail call jump, the next > poke update fails on expected jump instruction check in bpf_arch_text_poke > with -EBUSY and triggers the BUG_ON in prog_array_map_poke_run. > > Similar race exists on the program unload. > > Fixing this by moving the update to bpf_arch_poke_desc_update function which > makes sure we call __bpf_arch_text_poke that skips the bpf address check. > > Each architecture has slightly different approach wrt looking up bpf address > in bpf_arch_text_poke, so instead of splitting the function or adding new > 'checkip' argument in previous version, it seems best to move the whole > map_poke_run update as arch specific code. > > [0] https://syzkaller.appspot.com/bug?extid=97a4fe20470e9bc30810 > > Cc: Lee Jones <lee(a)kernel.org> > Cc: Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> > Fixes: ebf7d1f508a7 ("bpf, x64: rework pro/epilogue and tailcall handling in JIT") > Reported-by: syzbot+97a4fe20470e9bc30810(a)syzkaller.appspotmail.com > Acked-by: Yonghong Song <yonghong.song(a)linux.dev> > Signed-off-by: Jiri Olsa <jolsa(a)kernel.org> > --- > arch/x86/net/bpf_jit_comp.c | 46 +++++++++++++++++++++++++++++ > include/linux/bpf.h | 3 ++ > kernel/bpf/arraymap.c | 58 +++++++------------------------------ > 3 files changed, 59 insertions(+), 48 deletions(-) Please could we have this backported? Guided by the Fixes: tag. > diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c > index 8c10d9abc239..e89e415aa743 100644 > --- a/arch/x86/net/bpf_jit_comp.c > +++ b/arch/x86/net/bpf_jit_comp.c > @@ -3025,3 +3025,49 @@ void arch_bpf_stack_walk(bool (*consume_fn)(void *cookie, u64 ip, u64 sp, u64 bp > #endif > WARN(1, "verification of programs using bpf_throw should have failed\n"); > } > + > +void bpf_arch_poke_desc_update(struct bpf_jit_poke_descriptor *poke, > + struct bpf_prog *new, struct bpf_prog *old) > +{ > + u8 *old_addr, *new_addr, *old_bypass_addr; > + int ret; > + > + old_bypass_addr = old ? NULL : poke->bypass_addr; > + old_addr = old ? (u8 *)old->bpf_func + poke->adj_off : NULL; > + new_addr = new ? (u8 *)new->bpf_func + poke->adj_off : NULL; > + > + /* > + * On program loading or teardown, the program's kallsym entry > + * might not be in place, so we use __bpf_arch_text_poke to skip > + * the kallsyms check. > + */ > + if (new) { > + ret = __bpf_arch_text_poke(poke->tailcall_target, > + BPF_MOD_JUMP, > + old_addr, new_addr); > + BUG_ON(ret < 0); > + if (!old) { > + ret = __bpf_arch_text_poke(poke->tailcall_bypass, > + BPF_MOD_JUMP, > + poke->bypass_addr, > + NULL); > + BUG_ON(ret < 0); > + } > + } else { > + ret = __bpf_arch_text_poke(poke->tailcall_bypass, > + BPF_MOD_JUMP, > + old_bypass_addr, > + poke->bypass_addr); > + BUG_ON(ret < 0); > + /* let other CPUs finish the execution of program > + * so that it will not possible to expose them > + * to invalid nop, stack unwind, nop state > + */ > + if (!ret) > + synchronize_rcu(); > + ret = __bpf_arch_text_poke(poke->tailcall_target, > + BPF_MOD_JUMP, > + old_addr, NULL); > + BUG_ON(ret < 0); > + } > +} > diff --git a/include/linux/bpf.h b/include/linux/bpf.h > index 6762dac3ef76..cff5bb08820e 100644 > --- a/include/linux/bpf.h > +++ b/include/linux/bpf.h > @@ -3175,6 +3175,9 @@ enum bpf_text_poke_type { > int bpf_arch_text_poke(void *ip, enum bpf_text_poke_type t, > void *addr1, void *addr2); > > +void bpf_arch_poke_desc_update(struct bpf_jit_poke_descriptor *poke, > + struct bpf_prog *new, struct bpf_prog *old); > + > void *bpf_arch_text_copy(void *dst, void *src, size_t len); > int bpf_arch_text_invalidate(void *dst, size_t len); > > diff --git a/kernel/bpf/arraymap.c b/kernel/bpf/arraymap.c > index 2058e89b5ddd..c85ff9162a5c 100644 > --- a/kernel/bpf/arraymap.c > +++ b/kernel/bpf/arraymap.c > @@ -1012,11 +1012,16 @@ static void prog_array_map_poke_untrack(struct bpf_map *map, > mutex_unlock(&aux->poke_mutex); > } > > +void __weak bpf_arch_poke_desc_update(struct bpf_jit_poke_descriptor *poke, > + struct bpf_prog *new, struct bpf_prog *old) > +{ > + WARN_ON_ONCE(1); > +} > + > static void prog_array_map_poke_run(struct bpf_map *map, u32 key, > struct bpf_prog *old, > struct bpf_prog *new) > { > - u8 *old_addr, *new_addr, *old_bypass_addr; > struct prog_poke_elem *elem; > struct bpf_array_aux *aux; > > @@ -1025,7 +1030,7 @@ static void prog_array_map_poke_run(struct bpf_map *map, u32 key, > > list_for_each_entry(elem, &aux->poke_progs, list) { > struct bpf_jit_poke_descriptor *poke; > - int i, ret; > + int i; > > for (i = 0; i < elem->aux->size_poke_tab; i++) { > poke = &elem->aux->poke_tab[i]; > @@ -1044,21 +1049,10 @@ static void prog_array_map_poke_run(struct bpf_map *map, u32 key, > * activated, so tail call updates can arrive from here > * while JIT is still finishing its final fixup for > * non-activated poke entries. > - * 3) On program teardown, the program's kallsym entry gets > - * removed out of RCU callback, but we can only untrack > - * from sleepable context, therefore bpf_arch_text_poke() > - * might not see that this is in BPF text section and > - * bails out with -EINVAL. As these are unreachable since > - * RCU grace period already passed, we simply skip them. > - * 4) Also programs reaching refcount of zero while patching > + * 3) Also programs reaching refcount of zero while patching > * is in progress is okay since we're protected under > * poke_mutex and untrack the programs before the JIT > - * buffer is freed. When we're still in the middle of > - * patching and suddenly kallsyms entry of the program > - * gets evicted, we just skip the rest which is fine due > - * to point 3). > - * 5) Any other error happening below from bpf_arch_text_poke() > - * is a unexpected bug. > + * buffer is freed. > */ > if (!READ_ONCE(poke->tailcall_target_stable)) > continue; > @@ -1068,39 +1062,7 @@ static void prog_array_map_poke_run(struct bpf_map *map, u32 key, > poke->tail_call.key != key) > continue; > > - old_bypass_addr = old ? NULL : poke->bypass_addr; > - old_addr = old ? (u8 *)old->bpf_func + poke->adj_off : NULL; > - new_addr = new ? (u8 *)new->bpf_func + poke->adj_off : NULL; > - > - if (new) { > - ret = bpf_arch_text_poke(poke->tailcall_target, > - BPF_MOD_JUMP, > - old_addr, new_addr); > - BUG_ON(ret < 0 && ret != -EINVAL); > - if (!old) { > - ret = bpf_arch_text_poke(poke->tailcall_bypass, > - BPF_MOD_JUMP, > - poke->bypass_addr, > - NULL); > - BUG_ON(ret < 0 && ret != -EINVAL); > - } > - } else { > - ret = bpf_arch_text_poke(poke->tailcall_bypass, > - BPF_MOD_JUMP, > - old_bypass_addr, > - poke->bypass_addr); > - BUG_ON(ret < 0 && ret != -EINVAL); > - /* let other CPUs finish the execution of program > - * so that it will not possible to expose them > - * to invalid nop, stack unwind, nop state > - */ > - if (!ret) > - synchronize_rcu(); > - ret = bpf_arch_text_poke(poke->tailcall_target, > - BPF_MOD_JUMP, > - old_addr, NULL); > - BUG_ON(ret < 0 && ret != -EINVAL); > - } > + bpf_arch_poke_desc_update(poke, new, old); > } > } > } > -- > 2.43.0 > -- Lee Jones [李琼斯]

10 months

3
6
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror December 2023