May 2024 - Linux-stable-mirror

[PATCH v1] usb: typec: tcpm: unregister existing source caps before re-registration

by Amit Sunil Dhamne

Check and unregister existing source caps in tcpm_register_source_caps function before registering new ones. This change fixes following warning when port partner resends source caps after negotiating PD contract for the purpose of re-negotiation. [ 343.135030][ T151] sysfs: cannot create duplicate filename '/devices/virtual/usb_power_delivery/pd1/source-capabilities' [ 343.135071][ T151] Call trace: [ 343.135076][ T151] dump_backtrace+0xe8/0x108 [ 343.135099][ T151] show_stack+0x18/0x24 [ 343.135106][ T151] dump_stack_lvl+0x50/0x6c [ 343.135119][ T151] dump_stack+0x18/0x24 [ 343.135126][ T151] sysfs_create_dir_ns+0xe0/0x140 [ 343.135137][ T151] kobject_add_internal+0x228/0x424 [ 343.135146][ T151] kobject_add+0x94/0x10c [ 343.135152][ T151] device_add+0x1b0/0x4c0 [ 343.135187][ T151] device_register+0x20/0x34 [ 343.135195][ T151] usb_power_delivery_register_capabilities+0x90/0x20c [ 343.135209][ T151] tcpm_pd_rx_handler+0x9f0/0x15b8 [ 343.135216][ T151] kthread_worker_fn+0x11c/0x260 [ 343.135227][ T151] kthread+0x114/0x1bc [ 343.135235][ T151] ret_from_fork+0x10/0x20 [ 343.135265][ T151] kobject: kobject_add_internal failed for source-capabilities with -EEXIST, don't try to register things with the same name in the same directory. Fixes: 8203d26905ee ("usb: typec: tcpm: Register USB Power Delivery Capabilities") Cc: linux-usb(a)vger.kernel.org Cc: stable(a)vger.kernel.org Cc: linux-kernel(a)vger.kernel.org Cc: Mark Brown <broonie(a)kernel.org> Signed-off-by: Amit Sunil Dhamne <amitsd(a)google.com> --- drivers/usb/typec/tcpm/tcpm.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index ab6ed6111ed0..d8eb89f4f0c3 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -2996,7 +2996,7 @@ static int tcpm_register_source_caps(struct tcpm_port *port) { struct usb_power_delivery_desc desc = { port->negotiated_rev }; struct usb_power_delivery_capabilities_desc caps = { }; - struct usb_power_delivery_capabilities *cap; + struct usb_power_delivery_capabilities *cap = port->partner_source_caps; if (!port->partner_pd) port->partner_pd = usb_power_delivery_register(NULL, &desc); @@ -3006,6 +3006,9 @@ static int tcpm_register_source_caps(struct tcpm_port *port) memcpy(caps.pdo, port->source_caps, sizeof(u32) * port->nr_source_caps); caps.role = TYPEC_SOURCE; + if (cap) + usb_power_delivery_unregister_capabilities(cap); + cap = usb_power_delivery_register_capabilities(port->partner_pd, &caps); if (IS_ERR(cap)) return PTR_ERR(cap); base-commit: 0d31ea587709216d88183fe4ca0c8aba5e0205b8 -- 2.44.0.769.g3c40516874-goog

11 months, 3 weeks

3
3
0 0

Re: Patch "PCI: Use PCI_HEADER_TYPE_* instead of literals" has been added to the 6.6-stable tree

by Nirmal Patel

On Mon, 22 Apr 2024 18:36:27 -0400 Sasha Levin <sashal(a)kernel.org> wrote: > This is a note to let you know that I've just added the patch titled > > PCI: Use PCI_HEADER_TYPE_* instead of literals > > to the 6.6-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > pci-use-pci_header_type_-instead-of-literals.patch > and it can be found in the queue-6.6 subdirectory. > > If you, or anyone else, feels it should not be added to the stable > tree, please let <stable(a)vger.kernel.org> know about it. > > > > commit 47a6faa3158d5013c24f05c59c3d3b84f273d9dd > Author: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> > Date: Tue Oct 3 15:53:00 2023 +0300 > > PCI: Use PCI_HEADER_TYPE_* instead of literals > > [ Upstream commit 83c088148c8e5c439eec6c7651692f797547e1a8 ] > > Replace literals under drivers/pci/ with PCI_HEADER_TYPE_MASK, > PCI_HEADER_TYPE_NORMAL, and PCI_HEADER_TYPE_MFD. > > Also replace !! boolean conversions with FIELD_GET(). > > Link: > https://lore.kernel.org/r/20231003125300.5541-4-ilpo.jarvinen@linux.intel.c… > Signed-off-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> > Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> Reviewed-by: > Wolfram Sang <wsa+renesas(a)sang-engineering.com> # for Renesas R-Car > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/drivers/pci/controller/dwc/pci-layerscape.c > b/drivers/pci/controller/dwc/pci-layerscape.c index > b931d597656f6..37956e09c65bd 100644 --- > a/drivers/pci/controller/dwc/pci-layerscape.c +++ > b/drivers/pci/controller/dwc/pci-layerscape.c @@ -58,7 +58,7 @@ > static bool ls_pcie_is_bridge(struct ls_pcie *pcie) u32 header_type; > > header_type = ioread8(pci->dbi_base + PCI_HEADER_TYPE); > - header_type &= 0x7f; > + header_type &= PCI_HEADER_TYPE_MASK; > > return header_type == PCI_HEADER_TYPE_BRIDGE; > } > diff --git a/drivers/pci/controller/mobiveil/pcie-mobiveil-host.c > b/drivers/pci/controller/mobiveil/pcie-mobiveil-host.c index > 45b97a4b14dbd..32951f7d6d6d6 100644 --- > a/drivers/pci/controller/mobiveil/pcie-mobiveil-host.c +++ > b/drivers/pci/controller/mobiveil/pcie-mobiveil-host.c @@ -539,7 > +539,7 @@ static bool mobiveil_pcie_is_bridge(struct mobiveil_pcie > *pcie) u32 header_type; > header_type = mobiveil_csr_readb(pcie, PCI_HEADER_TYPE); > - header_type &= 0x7f; > + header_type &= PCI_HEADER_TYPE_MASK; > > return header_type == PCI_HEADER_TYPE_BRIDGE; > } > diff --git a/drivers/pci/controller/pcie-iproc.c > b/drivers/pci/controller/pcie-iproc.c index > bd1c98b688516..97f739a2c9f8f 100644 --- > a/drivers/pci/controller/pcie-iproc.c +++ > b/drivers/pci/controller/pcie-iproc.c @@ -783,7 +783,7 @@ static int > iproc_pcie_check_link(struct iproc_pcie *pcie) > /* make sure we are not in EP mode */ > iproc_pci_raw_config_read32(pcie, 0, PCI_HEADER_TYPE, 1, > &hdr_type); > - if ((hdr_type & 0x7f) != PCI_HEADER_TYPE_BRIDGE) { > + if ((hdr_type & PCI_HEADER_TYPE_MASK) != > PCI_HEADER_TYPE_BRIDGE) { dev_err(dev, "in EP mode, hdr=%#02x\n", > hdr_type); return -EFAULT; > } > diff --git a/drivers/pci/controller/pcie-rcar-ep.c > b/drivers/pci/controller/pcie-rcar-ep.c index > f9682df1da619..7034c0ff23d0d 100644 --- > a/drivers/pci/controller/pcie-rcar-ep.c +++ > b/drivers/pci/controller/pcie-rcar-ep.c @@ -43,7 +43,7 @@ static void > rcar_pcie_ep_hw_init(struct rcar_pcie *pcie) rcar_rmw32(pcie, > REXPCAP(0), 0xff, PCI_CAP_ID_EXP); rcar_rmw32(pcie, > REXPCAP(PCI_EXP_FLAGS), PCI_EXP_FLAGS_TYPE, PCI_EXP_TYPE_ENDPOINT << > 4); > - rcar_rmw32(pcie, RCONF(PCI_HEADER_TYPE), 0x7f, > + rcar_rmw32(pcie, RCONF(PCI_HEADER_TYPE), > PCI_HEADER_TYPE_MASK, PCI_HEADER_TYPE_NORMAL); > > /* Write out the physical slot number = 0 */ > diff --git a/drivers/pci/controller/pcie-rcar-host.c > b/drivers/pci/controller/pcie-rcar-host.c index > 88975e40ee2fb..bf7cc0b6a6957 100644 --- > a/drivers/pci/controller/pcie-rcar-host.c +++ > b/drivers/pci/controller/pcie-rcar-host.c @@ -460,7 +460,7 @@ static > int rcar_pcie_hw_init(struct rcar_pcie *pcie) rcar_rmw32(pcie, > REXPCAP(0), 0xff, PCI_CAP_ID_EXP); rcar_rmw32(pcie, > REXPCAP(PCI_EXP_FLAGS), PCI_EXP_FLAGS_TYPE, PCI_EXP_TYPE_ROOT_PORT << > 4); > - rcar_rmw32(pcie, RCONF(PCI_HEADER_TYPE), 0x7f, > + rcar_rmw32(pcie, RCONF(PCI_HEADER_TYPE), > PCI_HEADER_TYPE_MASK, PCI_HEADER_TYPE_BRIDGE); > > /* Enable data link layer active state reporting */ > diff --git a/drivers/pci/controller/vmd.c > b/drivers/pci/controller/vmd.c index 6ac0afae0ca18..2af46e6587aff > 100644 --- a/drivers/pci/controller/vmd.c > +++ b/drivers/pci/controller/vmd.c > @@ -527,7 +527,7 @@ static void vmd_domain_reset(struct vmd_dev *vmd) > > hdr_type = readb(base + PCI_HEADER_TYPE); > > - functions = (hdr_type & 0x80) ? 8 : 1; > + functions = (hdr_type & PCI_HEADER_TYPE_MFD) Acked-by: Nirmal Patel <nirmal.patel(a)linux.intel.com> > ? 8 : 1; for (fn = 0; fn < functions; fn++) { > base = vmd->cfgbar + > PCIE_ECAM_OFFSET(bus, PCI_DEVFN(dev, fn), 0); > diff --git a/drivers/pci/hotplug/cpqphp_ctrl.c > b/drivers/pci/hotplug/cpqphp_ctrl.c index > e429ecddc8feb..c01968ef0bd7b 100644 --- > a/drivers/pci/hotplug/cpqphp_ctrl.c +++ > b/drivers/pci/hotplug/cpqphp_ctrl.c @@ -2059,7 +2059,7 @@ int > cpqhp_process_SS(struct controller *ctrl, struct pci_func *func) > return rc; > /* If it's a bridge, check the VGA Enable > bit */ > - if ((header_type & 0x7F) == > PCI_HEADER_TYPE_BRIDGE) { > + if ((header_type & PCI_HEADER_TYPE_MASK) == > PCI_HEADER_TYPE_BRIDGE) { rc = pci_bus_read_config_byte(pci_bus, > devfn, PCI_BRIDGE_CONTROL, &BCR); if (rc) > return rc; > @@ -2342,7 +2342,7 @@ static int configure_new_function(struct > controller *ctrl, struct pci_func *func if (rc) > return rc; > > - if ((temp_byte & 0x7F) == PCI_HEADER_TYPE_BRIDGE) { > + if ((temp_byte & PCI_HEADER_TYPE_MASK) == > PCI_HEADER_TYPE_BRIDGE) { /* set Primary bus */ > dbg("set Primary bus = %d\n", func->bus); > rc = pci_bus_write_config_byte(pci_bus, devfn, > PCI_PRIMARY_BUS, func->bus); @@ -2739,7 +2739,7 @@ static int > configure_new_function(struct controller *ctrl, struct pci_func *func > * PCI_BRIDGE_CTL_SERR | > * PCI_BRIDGE_CTL_NO_ISA */ > rc = pci_bus_write_config_word(pci_bus, devfn, > PCI_BRIDGE_CONTROL, command); > - } else if ((temp_byte & 0x7F) == PCI_HEADER_TYPE_NORMAL) { > + } else if ((temp_byte & PCI_HEADER_TYPE_MASK) == > PCI_HEADER_TYPE_NORMAL) { /* Standard device */ > rc = pci_bus_read_config_byte(pci_bus, devfn, 0x0B, > &class_code); > diff --git a/drivers/pci/hotplug/cpqphp_pci.c > b/drivers/pci/hotplug/cpqphp_pci.c index 3b248426a9f42..e9f1fb333a718 > 100644 --- a/drivers/pci/hotplug/cpqphp_pci.c > +++ b/drivers/pci/hotplug/cpqphp_pci.c > @@ -363,7 +363,7 @@ int cpqhp_save_config(struct controller *ctrl, > int busnumber, int is_hot_plug) return rc; > > /* If multi-function device, set max_functions to 8 > */ > - if (header_type & 0x80) > + if (header_type & PCI_HEADER_TYPE_MFD) > max_functions = 8; > else > max_functions = 1; > @@ -372,7 +372,7 @@ int cpqhp_save_config(struct controller *ctrl, > int busnumber, int is_hot_plug) > do { > DevError = 0; > - if ((header_type & 0x7F) == > PCI_HEADER_TYPE_BRIDGE) { > + if ((header_type & PCI_HEADER_TYPE_MASK) == > PCI_HEADER_TYPE_BRIDGE) { /* Recurse the subordinate bus > * get the subordinate bus number > */ > @@ -487,13 +487,13 @@ int cpqhp_save_slot_config(struct controller > *ctrl, struct pci_func *new_slot) > pci_bus_read_config_byte(ctrl->pci_bus, PCI_DEVFN(new_slot->device, > 0), 0x0B, &class_code); pci_bus_read_config_byte(ctrl->pci_bus, > PCI_DEVFN(new_slot->device, 0), PCI_HEADER_TYPE, &header_type); > - if (header_type & 0x80) /* Multi-function device */ > + if (header_type & PCI_HEADER_TYPE_MFD) > max_functions = 8; > else > max_functions = 1; > > while (function < max_functions) { > - if ((header_type & 0x7F) == PCI_HEADER_TYPE_BRIDGE) { > + if ((header_type & PCI_HEADER_TYPE_MASK) == > PCI_HEADER_TYPE_BRIDGE) { /* Recurse the subordinate bus */ > pci_bus_read_config_byte(ctrl->pci_bus, > PCI_DEVFN(new_slot->device, function), PCI_SECONDARY_BUS, > &secondary_bus); @@ -571,7 +571,7 @@ int > cpqhp_save_base_addr_length(struct controller *ctrl, struct pci_func > *func) /* Check for Bridge */ pci_bus_read_config_byte(pci_bus, > devfn, PCI_HEADER_TYPE, &header_type); > - if ((header_type & 0x7F) == PCI_HEADER_TYPE_BRIDGE) { > + if ((header_type & PCI_HEADER_TYPE_MASK) == > PCI_HEADER_TYPE_BRIDGE) { pci_bus_read_config_byte(pci_bus, devfn, > PCI_SECONDARY_BUS, &secondary_bus); > sub_bus = (int) secondary_bus; > @@ -625,7 +625,7 @@ int cpqhp_save_base_addr_length(struct controller > *ctrl, struct pci_func *func) > } /* End of base register loop */ > > - } else if ((header_type & 0x7F) == 0x00) { > + } else if ((header_type & PCI_HEADER_TYPE_MASK) == > PCI_HEADER_TYPE_NORMAL) { /* Figure out IO and memory base lengths */ > for (cloop = 0x10; cloop <= 0x24; cloop += > 4) { temp_register = 0xFFFFFFFF; > @@ -723,7 +723,7 @@ int cpqhp_save_used_resources(struct controller > *ctrl, struct pci_func *func) /* Check for Bridge */ > pci_bus_read_config_byte(pci_bus, devfn, > PCI_HEADER_TYPE, &header_type); > - if ((header_type & 0x7F) == PCI_HEADER_TYPE_BRIDGE) { > + if ((header_type & PCI_HEADER_TYPE_MASK) == > PCI_HEADER_TYPE_BRIDGE) { /* Clear Bridge Control Register */ > command = 0x00; > pci_bus_write_config_word(pci_bus, devfn, > PCI_BRIDGE_CONTROL, command); @@ -858,7 +858,7 @@ int > cpqhp_save_used_resources(struct controller *ctrl, struct pci_func > *func) } } /* End of base register loop */ > /* Standard header */ > - } else if ((header_type & 0x7F) == 0x00) { > + } else if ((header_type & PCI_HEADER_TYPE_MASK) == > PCI_HEADER_TYPE_NORMAL) { /* Figure out IO and memory base lengths */ > for (cloop = 0x10; cloop <= 0x24; cloop += > 4) { pci_bus_read_config_dword(pci_bus, devfn, cloop, &save_base); > @@ -975,7 +975,7 @@ int cpqhp_configure_board(struct controller > *ctrl, struct pci_func *func) pci_bus_read_config_byte(pci_bus, > devfn, PCI_HEADER_TYPE, &header_type); > /* If this is a bridge device, restore subordinate > devices */ > - if ((header_type & 0x7F) == PCI_HEADER_TYPE_BRIDGE) { > + if ((header_type & PCI_HEADER_TYPE_MASK) == > PCI_HEADER_TYPE_BRIDGE) { pci_bus_read_config_byte(pci_bus, devfn, > PCI_SECONDARY_BUS, &secondary_bus); > sub_bus = (int) secondary_bus; > @@ -1067,7 +1067,7 @@ int cpqhp_valid_replace(struct controller > *ctrl, struct pci_func *func) /* Check for Bridge */ > pci_bus_read_config_byte(pci_bus, devfn, > PCI_HEADER_TYPE, &header_type); > - if ((header_type & 0x7F) == PCI_HEADER_TYPE_BRIDGE) { > + if ((header_type & PCI_HEADER_TYPE_MASK) == > PCI_HEADER_TYPE_BRIDGE) { /* In order to continue checking, we must > program the > * bus registers in the bridge to respond to > accesses > * for its subordinate bus(es) > @@ -1090,7 +1090,7 @@ int cpqhp_valid_replace(struct controller > *ctrl, struct pci_func *func) > } > /* Check to see if it is a standard config header */ > - else if ((header_type & 0x7F) == > PCI_HEADER_TYPE_NORMAL) { > + else if ((header_type & PCI_HEADER_TYPE_MASK) == > PCI_HEADER_TYPE_NORMAL) { /* Check subsystem vendor and ID */ > pci_bus_read_config_dword(pci_bus, devfn, > PCI_SUBSYSTEM_VENDOR_ID, &temp_register); > diff --git a/drivers/pci/hotplug/ibmphp.h > b/drivers/pci/hotplug/ibmphp.h index 41eafe511210f..c248a09be7b5d > 100644 --- a/drivers/pci/hotplug/ibmphp.h > +++ b/drivers/pci/hotplug/ibmphp.h > @@ -17,6 +17,7 @@ > */ > > #include <linux/pci_hotplug.h> > +#include <linux/pci_regs.h> > > extern int ibmphp_debug; > > @@ -286,8 +287,8 @@ int ibmphp_register_pci(void); > > /* pci specific defines */ > #define PCI_VENDOR_ID_NOTVALID 0xFFFF > -#define PCI_HEADER_TYPE_MULTIDEVICE 0x80 > -#define PCI_HEADER_TYPE_MULTIBRIDGE 0x81 > +#define PCI_HEADER_TYPE_MULTIDEVICE > (PCI_HEADER_TYPE_MFD|PCI_HEADER_TYPE_NORMAL) +#define > PCI_HEADER_TYPE_MULTIBRIDGE > (PCI_HEADER_TYPE_MFD|PCI_HEADER_TYPE_BRIDGE) #define LATENCY > 0x64 #define CACHE 64 > diff --git a/drivers/pci/hotplug/ibmphp_pci.c > b/drivers/pci/hotplug/ibmphp_pci.c index 50038e5f9ca40..eeb412cbd9fe3 > 100644 --- a/drivers/pci/hotplug/ibmphp_pci.c > +++ b/drivers/pci/hotplug/ibmphp_pci.c > @@ -1087,7 +1087,7 @@ static struct res_needed > *scan_behind_bridge(struct pci_func *func, u8 busno) > pci_bus_read_config_dword(ibmphp_pci_bus, devfn, PCI_CLASS_REVISION, > &class); debug("hdr_type behind the bridge is %x\n", hdr_type); > - if ((hdr_type & 0x7f) == > PCI_HEADER_TYPE_BRIDGE) { > + if ((hdr_type & > PCI_HEADER_TYPE_MASK) == PCI_HEADER_TYPE_BRIDGE) { err("embedded > bridges not supported for hot-plugging.\n"); amount->not_correct = 1; > return amount; > diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c > index 06fc6f532d6c4..dae9d9e2826f0 100644 > --- a/drivers/pci/pci.c > +++ b/drivers/pci/pci.c > @@ -534,7 +534,7 @@ u8 pci_bus_find_capability(struct pci_bus *bus, > unsigned int devfn, int cap) > pci_bus_read_config_byte(bus, devfn, PCI_HEADER_TYPE, > &hdr_type); > - pos = __pci_bus_find_cap_start(bus, devfn, hdr_type & 0x7f); > + pos = __pci_bus_find_cap_start(bus, devfn, hdr_type & > PCI_HEADER_TYPE_MASK); if (pos) > pos = __pci_find_next_cap(bus, devfn, pos, cap); > > diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c > index b3976dcb71f10..675f77ac1968d 100644 > --- a/drivers/pci/quirks.c > +++ b/drivers/pci/quirks.c > @@ -1849,8 +1849,8 @@ static void quirk_jmicron_ata(struct pci_dev > *pdev) > /* Update pdev accordingly */ > pci_read_config_byte(pdev, PCI_HEADER_TYPE, &hdr); > - pdev->hdr_type = hdr & 0x7f; > - pdev->multifunction = !!(hdr & 0x80); > + pdev->hdr_type = hdr & PCI_HEADER_TYPE_MASK; > + pdev->multifunction = FIELD_GET(PCI_HEADER_TYPE_MFD, hdr); > > pci_read_config_dword(pdev, PCI_CLASS_REVISION, &class); > pdev->class = class >> 8; > @@ -5710,7 +5710,7 @@ static void quirk_nvidia_hda(struct pci_dev > *gpu) > /* The GPU becomes a multi-function device when the HDA is > enabled */ pci_read_config_byte(gpu, PCI_HEADER_TYPE, &hdr_type); > - gpu->multifunction = !!(hdr_type & 0x80); > + gpu->multifunction = FIELD_GET(PCI_HEADER_TYPE_MFD, > hdr_type); } > DECLARE_PCI_FIXUP_CLASS_HEADER(PCI_VENDOR_ID_NVIDIA, PCI_ANY_ID, > PCI_BASE_CLASS_DISPLAY, 16, > quirk_nvidia_hda);

11 months, 3 weeks

1
0
0 0

[PATCH v6 00/10] Fix Kselftest's vfork() side effects

by Mickaël Salaün

Hi, This sixth series just update the last patch description. Shuah, I think this should be in -next really soon to make sure everything works fine for the v6.9 release, which is not currently the case. I cannot test against all kselftests though. I would prefer to let you handle this, but I guess you're not able to do so and I'll push it on my branch without reply from you. Even if I push it on my branch, please push it on yours too as soon as you see this and I'll remove it from mine. Mark, Jakub, could you please test this series? As reported by Kernel Test Robot [1] and Sean Christopherson [2], some tests fail since v6.9-rc1 . This is due to the use of vfork() which introduced some side effects. Similarly, while making it more generic, a previous commit made some Landlock file system tests flaky, and subject to the host's file system mount configuration. This series fixes all these side effects by replacing vfork() with clone3() and CLONE_VFORK, which is cleaner (no arbitrary shared memory) and makes the Kselftest framework more robust. I tried different approaches and I found this one to be the cleaner and less invasive for current test cases. I successfully ran the following tests (using TEST_F and fork/clone/clone3, and KVM_ONE_VCPU_TEST) with this series: - kvm:fix_hypercall_test - kvm:sync_regs_test - kvm:userspace_msr_exit_test - kvm:vmx_pmu_caps_test - landlock:fs_test - landlock:net_test - landlock:ptrace_test - move_mount_set_group:move_mount_set_group_test - net/af_unix:scm_pidfd - perf_events:remove_on_exec - pidfd:pidfd_getfd_test - pidfd:pidfd_setns_test - seccomp:seccomp_bpf - user_events:abi_test [1] https://lore.kernel.org/oe-lkp/202403291015.1fcfa957-oliver.sang@intel.com [2] https://lore.kernel.org/r/ZjPelW6-AbtYvslu@google.com Previous versions: v1: https://lore.kernel.org/r/20240426172252.1862930-1-mic@digikod.net v2: https://lore.kernel.org/r/20240429130931.2394118-1-mic@digikod.net v3: https://lore.kernel.org/r/20240429191911.2552580-1-mic@digikod.net v4: https://lore.kernel.org/r/20240502210926.145539-1-mic@digikod.net v5: https://lore.kernel.org/r/20240503105820.300927-1-mic@digikod.net Regards, Mickaël Salaün (10): selftests/pidfd: Fix config for pidfd_setns_test selftests/landlock: Fix FS tests when run on a private mount point selftests/harness: Fix fixture teardown selftests/harness: Fix interleaved scheduling leading to race conditions selftests/landlock: Do not allocate memory in fixture data selftests/harness: Constify fixture variants selftests/pidfd: Fix wrong expectation selftests/harness: Share _metadata between forked processes selftests/harness: Fix vfork() side effects selftests/harness: Handle TEST_F()'s explicit exit codes tools/testing/selftests/kselftest_harness.h | 122 +++++++++++++----- tools/testing/selftests/landlock/fs_test.c | 83 +++++++----- tools/testing/selftests/pidfd/config | 2 + .../selftests/pidfd/pidfd_setns_test.c | 2 +- 4 files changed, 143 insertions(+), 66 deletions(-) base-commit: e67572cd2204894179d89bd7b984072f19313b03 -- 2.45.0

11 months, 3 weeks

4
14
0 0

[PATCH] nvme-pci: Add quirk for broken MSIs

by Sean Anderson

Sandisk SN530 NVMe drives have broken MSIs. On systems without MSI-X support, all commands time out resulting in the following message: nvme nvme0: I/O tag 12 (100c) QID 0 timeout, completion polled These timeouts cause the boot to take an excessively-long time (over 20 minutes) while the initial command queue is flushed. Address this by adding a quirk for drives with buggy MSIs. The lspci output for this device (recorded on a system with MSI-X support) is: 02:00.0 Non-Volatile memory controller: Sandisk Corp Device 5008 (rev 01) (prog-if 02 [NVM Express]) Subsystem: Sandisk Corp Device 5008 Flags: bus master, fast devsel, latency 0, IRQ 16, NUMA node 0 Memory at f7e00000 (64-bit, non-prefetchable) [size=16K] Memory at f7e04000 (64-bit, non-prefetchable) [size=256] Capabilities: [80] Power Management version 3 Capabilities: [90] MSI: Enable- Count=1/32 Maskable- 64bit+ Capabilities: [b0] MSI-X: Enable+ Count=17 Masked- Capabilities: [c0] Express Endpoint, MSI 00 Capabilities: [100] Advanced Error Reporting Capabilities: [150] Device Serial Number 00-00-00-00-00-00-00-00 Capabilities: [1b8] Latency Tolerance Reporting Capabilities: [300] Secondary PCI Express Capabilities: [900] L1 PM Substates Kernel driver in use: nvme Kernel modules: nvme Cc: <stable(a)vger.kernel.org> Signed-off-by: Sean Anderson <sean.anderson(a)linux.dev> --- drivers/nvme/host/nvme.h | 5 +++++ drivers/nvme/host/pci.c | 14 +++++++++++--- 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/drivers/nvme/host/nvme.h b/drivers/nvme/host/nvme.h index 7b87763e2f8a..738719085e05 100644 --- a/drivers/nvme/host/nvme.h +++ b/drivers/nvme/host/nvme.h @@ -162,6 +162,11 @@ enum nvme_quirks { * Disables simple suspend/resume path. */ NVME_QUIRK_FORCE_NO_SIMPLE_SUSPEND = (1 << 20), + + /* + * MSI (but not MSI-X) interrupts are broken and never fire. + */ + NVME_QUIRK_BROKEN_MSI = (1 << 21), }; /* diff --git a/drivers/nvme/host/pci.c b/drivers/nvme/host/pci.c index e6267a6aa380..d1f0fa2e7c96 100644 --- a/drivers/nvme/host/pci.c +++ b/drivers/nvme/host/pci.c @@ -2218,6 +2218,7 @@ static int nvme_setup_irqs(struct nvme_dev *dev, unsigned int nr_io_queues) .priv = dev, }; unsigned int irq_queues, poll_queues; + unsigned int flags = PCI_IRQ_ALL_TYPES | PCI_IRQ_AFFINITY; /* * Poll queues don't need interrupts, but we need at least one I/O queue @@ -2241,8 +2242,10 @@ static int nvme_setup_irqs(struct nvme_dev *dev, unsigned int nr_io_queues) irq_queues = 1; if (!(dev->ctrl.quirks & NVME_QUIRK_SINGLE_VECTOR)) irq_queues += (nr_io_queues - poll_queues); - return pci_alloc_irq_vectors_affinity(pdev, 1, irq_queues, - PCI_IRQ_ALL_TYPES | PCI_IRQ_AFFINITY, &affd); + if (dev->ctrl.quirks & NVME_QUIRK_BROKEN_MSI) + flags &= ~PCI_IRQ_MSI; + return pci_alloc_irq_vectors_affinity(pdev, 1, irq_queues, flags, + &affd); } static unsigned int nvme_max_io_queues(struct nvme_dev *dev) @@ -2471,6 +2474,7 @@ static int nvme_pci_enable(struct nvme_dev *dev) { int result = -ENOMEM; struct pci_dev *pdev = to_pci_dev(dev->dev); + unsigned int flags = PCI_IRQ_ALL_TYPES; if (pci_enable_device_mem(pdev)) return result; @@ -2487,7 +2491,9 @@ static int nvme_pci_enable(struct nvme_dev *dev) * interrupts. Pre-enable a single MSIX or MSI vec for setup. We'll * adjust this later. */ - result = pci_alloc_irq_vectors(pdev, 1, 1, PCI_IRQ_ALL_TYPES); + if (dev->ctrl.quirks & NVME_QUIRK_BROKEN_MSI) + flags &= ~PCI_IRQ_MSI; + result = pci_alloc_irq_vectors(pdev, 1, 1, flags); if (result < 0) goto disable; @@ -3381,6 +3387,8 @@ static const struct pci_device_id nvme_id_table[] = { .driver_data = NVME_QUIRK_DELAY_BEFORE_CHK_RDY | NVME_QUIRK_DISABLE_WRITE_ZEROES| NVME_QUIRK_IGNORE_DEV_SUBNQN, }, + { PCI_DEVICE(0x15b7, 0x5008), /* Sandisk SN530 */ + .driver_data = NVME_QUIRK_BROKEN_MSI }, { PCI_DEVICE(0x1987, 0x5012), /* Phison E12 */ .driver_data = NVME_QUIRK_BOGUS_NID, }, { PCI_DEVICE(0x1987, 0x5016), /* Phison E16 */ -- 2.35.1.1320.gc452695387.dirty

11 months, 3 weeks

3
5
0 0

[PATCH v2 5/7] arm64: dts: qcom: sc8280xp-x13s: fix touchscreen power on

by Johan Hovold

The Elan eKTH5015M touch controller on the X13s requires a 300 ms delay before sending commands after having deasserted reset during power on. Switch to the Elan specific binding so that the OS can determine the required power-on sequence and make sure that the controller is always detected during boot. Note that the always-on 1.8 V supply (s10b) is not used by the controller directly and should not be described. Fixes: 32c231385ed4 ("arm64: dts: qcom: sc8280xp: add Lenovo Thinkpad X13s devicetree") Cc: stable(a)vger.kernel.org # 6.0 Tested-by: Steev Klimaszewski <steev(a)kali.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- .../dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/arch/arm64/boot/dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts b/arch/arm64/boot/dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts index 569add4ebfab..98c1b75513be 100644 --- a/arch/arm64/boot/dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts +++ b/arch/arm64/boot/dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts @@ -653,15 +653,16 @@ &i2c4 { status = "okay"; - /* FIXME: verify */ touchscreen@10 { - compatible = "hid-over-i2c"; + compatible = "elan,ekth5015m", "elan,ekth6915"; reg = <0x10>; - hid-descr-addr = <0x1>; interrupts-extended = <&tlmm 175 IRQ_TYPE_LEVEL_LOW>; - vdd-supply = <&vreg_misc_3p3>; - vddl-supply = <&vreg_s10b>; + reset-gpios = <&tlmm 99 (GPIO_ACTIVE_LOW | GPIO_OPEN_DRAIN)>; + no-reset-on-power-off; + + vcc33-supply = <&vreg_misc_3p3>; + vccio-supply = <&vreg_misc_3p3>; pinctrl-names = "default"; pinctrl-0 = <&ts0_default>; @@ -1507,8 +1508,8 @@ int-n-pins { reset-n-pins { pins = "gpio99"; function = "gpio"; - output-high; - drive-strength = <16>; + drive-strength = <2>; + bias-disable; }; }; -- 2.43.2

11 months, 3 weeks

1
0
0 0

[PATCH v4] can: mcp251xfd: fix infinite loop when xmit fails

by Vitor Soares

From: Vitor Soares <vitor.soares(a)toradex.com> When the mcp251xfd_start_xmit() function fails, the driver stops processing messages, and the interrupt routine does not return, running indefinitely even after killing the running application. Error messages: [ 441.298819] mcp251xfd spi2.0 can0: ERROR in mcp251xfd_start_xmit: -16 [ 441.306498] mcp251xfd spi2.0 can0: Transmit Event FIFO buffer not empty. (seq=0x000017c7, tef_tail=0x000017cf, tef_head=0x000017d0, tx_head=0x000017d3). ... and repeat forever. The issue can be triggered when multiple devices share the same SPI interface. And there is concurrent access to the bus. The problem occurs because tx_ring->head increments even if mcp251xfd_start_xmit() fails. Consequently, the driver skips one TX package while still expecting a response in mcp251xfd_handle_tefif_one(). This patch resolves the issue by decreasing tx_ring->head and removing the skb from the echo stack if mcp251xfd_start_xmit() fails. Consequently, the package is dropped not been possible to re-transmit. Fixes: 55e5b97f003e ("can: mcp25xxfd: add driver for Microchip MCP25xxFD SPI CAN") Cc: stable(a)vger.kernel.org Signed-off-by: Vitor Soares <vitor.soares(a)toradex.com> --- With this approach, some packages get lost in concurrent SPI bus access due to can_put_echo_skb() being called before mcp251xfd_tx_obj_write(). The can_put_echo_skb() calls can_create_echo_skb() that consumes the original skb resulting in a Kernel NULL pointer dereference error if return NETDEV_TX_BUSY on mcp251xfd_tx_obj_write() failure. A potential solution would be to change the code to use spi_sync(), which would wait for SPI bus to be unlocked. Any thoughts about this? V3->V4: - Leave can_put_echo_skb() and stop the queue if needed, before mcp251xfd_tx_obj_write(). - Re-sync head and remove echo skb if mcp251xfd_tx_obj_write() fails. - Revert -> return NETDEV_TX_BUSY if mcp251xfd_tx_obj_write() == -EBUSY. V2->V3: - Add tx_dropped stats. - netdev_sent_queue() only if can_put_echo_skb() succeed. V1->V2: - Return NETDEV_TX_BUSY if mcp251xfd_tx_obj_write() == -EBUSY. - Rework the commit message to address the change above. - Change can_put_echo_skb() to be called after mcp251xfd_tx_obj_write() succeed. Otherwise, we get Kernel NULL pointer dereference error. drivers/net/can/spi/mcp251xfd/mcp251xfd-tx.c | 26 ++++++++++++++------ 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/drivers/net/can/spi/mcp251xfd/mcp251xfd-tx.c b/drivers/net/can/spi/mcp251xfd/mcp251xfd-tx.c index 160528d3cc26..9909e23de7b9 100644 --- a/drivers/net/can/spi/mcp251xfd/mcp251xfd-tx.c +++ b/drivers/net/can/spi/mcp251xfd/mcp251xfd-tx.c @@ -166,11 +166,12 @@ netdev_tx_t mcp251xfd_start_xmit(struct sk_buff *skb, struct net_device *ndev) { struct mcp251xfd_priv *priv = netdev_priv(ndev); + struct net_device_stats *stats = &ndev->stats; struct mcp251xfd_tx_ring *tx_ring = priv->tx; struct mcp251xfd_tx_obj *tx_obj; unsigned int frame_len; + int err, echo_err; u8 tx_head; - int err; if (can_dev_dropped_skb(ndev, skb)) return NETDEV_TX_OK; @@ -188,18 +189,27 @@ netdev_tx_t mcp251xfd_start_xmit(struct sk_buff *skb, netif_stop_queue(ndev); frame_len = can_skb_get_frame_len(skb); - err = can_put_echo_skb(skb, ndev, tx_head, frame_len); - if (!err) + echo_err = can_put_echo_skb(skb, ndev, tx_head, frame_len); + if (!echo_err) netdev_sent_queue(priv->ndev, frame_len); err = mcp251xfd_tx_obj_write(priv, tx_obj); - if (err) - goto out_err; + if (err) { + tx_ring->head--; - return NETDEV_TX_OK; + if (!echo_err) { + can_free_echo_skb(ndev, tx_head, &frame_len); + netdev_completed_queue(ndev, 1, frame_len); + } + + if (mcp251xfd_get_tx_free(tx_ring)) + netif_wake_queue(ndev); - out_err: - netdev_err(priv->ndev, "ERROR in %s: %d\n", __func__, err); + stats->tx_dropped++; + if (net_ratelimit()) + netdev_err(priv->ndev, + "ERROR in %s: %d\n", __func__, err); + } return NETDEV_TX_OK; } -- 2.34.1

11 months, 3 weeks

2
2
0 0

[PATCH] usb: typec: ucsi: displayport: Fix potential deadlock

by Heikki Krogerus

The function ucsi_displayport_work() does not access the connector, so it also must not acquire the connector lock. This fixes a potential deadlock scenario: ucsi_displayport_work() -> lock(&con->lock) typec_altmode_vdm() dp_altmode_vdm() dp_altmode_work() typec_altmode_enter() ucsi_displayport_enter() -> lock(&con->lock) Reported-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> Fixes: af8622f6a585 ("usb: typec: ucsi: Support for DisplayPort alt mode") Cc: stable(a)vger.kernel.org Signed-off-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> --- drivers/usb/typec/ucsi/displayport.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/drivers/usb/typec/ucsi/displayport.c b/drivers/usb/typec/ucsi/displayport.c index d9d3c91125ca..8be92fc1d12c 100644 --- a/drivers/usb/typec/ucsi/displayport.c +++ b/drivers/usb/typec/ucsi/displayport.c @@ -275,8 +275,6 @@ static void ucsi_displayport_work(struct work_struct *work) struct ucsi_dp *dp = container_of(work, struct ucsi_dp, work); int ret; - mutex_lock(&dp->con->lock); - ret = typec_altmode_vdm(dp->alt, dp->header, dp->vdo_data, dp->vdo_size); if (ret) @@ -285,8 +283,6 @@ static void ucsi_displayport_work(struct work_struct *work) dp->vdo_data = NULL; dp->vdo_size = 0; dp->header = 0; - - mutex_unlock(&dp->con->lock); } void ucsi_displayport_remove_partner(struct typec_altmode *alt) -- 2.43.0

11 months, 3 weeks

1
0
0 0

[PATCH] ASoC: qcom: audioreach: Correct mapping of back speakers

by Krzysztof Kozlowski

Qualcomm DSP, according to downstream sources, expects back speakers to be mapped as "back", not "surround". The surround is used only for 8+ speakers configuration. Reported-by: Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> Fixes: 3c5fcb20e07e ("ASoC: qcom: audioreach: Add 4 channel support") Cc: <stable(a)vger.kernel.org> Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> --- sound/soc/qcom/qdsp6/audioreach.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/sound/soc/qcom/qdsp6/audioreach.c b/sound/soc/qcom/qdsp6/audioreach.c index 5291deac0a0b..c655f0213723 100644 --- a/sound/soc/qcom/qdsp6/audioreach.c +++ b/sound/soc/qcom/qdsp6/audioreach.c @@ -277,8 +277,8 @@ static void audioreach_set_channel_mapping(u8 *ch_map, int num_channels) } else if (num_channels == 4) { ch_map[0] = PCM_CHANNEL_FL; ch_map[1] = PCM_CHANNEL_FR; - ch_map[2] = PCM_CHANNEL_LS; - ch_map[3] = PCM_CHANNEL_RS; + ch_map[2] = PCM_CHANNEL_LB; + ch_map[3] = PCM_CHANNEL_RB; } } @@ -851,8 +851,8 @@ static int audioreach_mfc_set_media_format(struct q6apm_graph *graph, } else if (num_channels == 4) { media_format->channel_mapping[0] = PCM_CHANNEL_FL; media_format->channel_mapping[1] = PCM_CHANNEL_FR; - media_format->channel_mapping[2] = PCM_CHANNEL_LS; - media_format->channel_mapping[3] = PCM_CHANNEL_RS; + media_format->channel_mapping[2] = PCM_CHANNEL_LB; + media_format->channel_mapping[3] = PCM_CHANNEL_RB; } rc = q6apm_send_cmd_sync(graph->apm, pkt, 0); -- 2.43.0

11 months, 3 weeks

1
1
0 0

[PATCH v2] drivers/i915/intel_bios: Fix parsing backlight BDB data

by Karthikeyan Ramasubramanian

Starting BDB version 239, hdr_dpcd_refresh_timeout is introduced to backlight BDB data. Commit 700034566d68 ("drm/i915/bios: Define more BDB contents") updated the backlight BDB data accordingly. This broke the parsing of backlight BDB data in VBT for versions 236 - 238 (both inclusive) and hence the backlight controls are not responding on units with the concerned BDB version. backlight_control information has been present in backlight BDB data from at least BDB version 191 onwards, if not before. Hence this patch extracts the backlight_control information for BDB version 191 or newer. Tested on Chromebooks using Jasperlake SoC (reports bdb->version = 236). Tested on Chromebooks using Raptorlake SoC (reports bdb->version = 251). Fixes: 700034566d68 ("drm/i915/bios: Define more BDB contents") Cc: stable(a)vger.kernel.org Cc: Jani Nikula <jani.nikula(a)intel.com> Cc: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Signed-off-by: Karthikeyan Ramasubramanian <kramasub(a)chromium.org> --- Changes in v2: - removed checking the block size of the backlight BDB data drivers/gpu/drm/i915/display/intel_bios.c | 19 ++++--------------- drivers/gpu/drm/i915/display/intel_vbt_defs.h | 5 ----- 2 files changed, 4 insertions(+), 20 deletions(-) diff --git a/drivers/gpu/drm/i915/display/intel_bios.c b/drivers/gpu/drm/i915/display/intel_bios.c index aa169b0055e97..8c1eb05fe77d2 100644 --- a/drivers/gpu/drm/i915/display/intel_bios.c +++ b/drivers/gpu/drm/i915/display/intel_bios.c @@ -1042,22 +1042,11 @@ parse_lfp_backlight(struct drm_i915_private *i915, panel->vbt.backlight.type = INTEL_BACKLIGHT_DISPLAY_DDI; panel->vbt.backlight.controller = 0; if (i915->display.vbt.version >= 191) { - size_t exp_size; + const struct lfp_backlight_control_method *method; - if (i915->display.vbt.version >= 236) - exp_size = sizeof(struct bdb_lfp_backlight_data); - else if (i915->display.vbt.version >= 234) - exp_size = EXP_BDB_LFP_BL_DATA_SIZE_REV_234; - else - exp_size = EXP_BDB_LFP_BL_DATA_SIZE_REV_191; - - if (get_blocksize(backlight_data) >= exp_size) { - const struct lfp_backlight_control_method *method; - - method = &backlight_data->backlight_control[panel_type]; - panel->vbt.backlight.type = method->type; - panel->vbt.backlight.controller = method->controller; - } + method = &backlight_data->backlight_control[panel_type]; + panel->vbt.backlight.type = method->type; + panel->vbt.backlight.controller = method->controller; } panel->vbt.backlight.pwm_freq_hz = entry->pwm_freq_hz; diff --git a/drivers/gpu/drm/i915/display/intel_vbt_defs.h b/drivers/gpu/drm/i915/display/intel_vbt_defs.h index a9f44abfc9fc2..b50cd0dcabda9 100644 --- a/drivers/gpu/drm/i915/display/intel_vbt_defs.h +++ b/drivers/gpu/drm/i915/display/intel_vbt_defs.h @@ -897,11 +897,6 @@ struct lfp_brightness_level { u16 reserved; } __packed; -#define EXP_BDB_LFP_BL_DATA_SIZE_REV_191 \ - offsetof(struct bdb_lfp_backlight_data, brightness_level) -#define EXP_BDB_LFP_BL_DATA_SIZE_REV_234 \ - offsetof(struct bdb_lfp_backlight_data, brightness_precision_bits) - struct bdb_lfp_backlight_data { u8 entry_size; struct lfp_backlight_data_entry data[16]; -- 2.44.0.rc0.258.g7320e95886-goog

11 months, 3 weeks

2
2
0 0

[PATCH linux-next] jff2:fix potential illegal address access in jffs2_free_inode

by xu.xin16＠zte.com.cn

From: Wang Yong <wang.yong12(a)zte.com.cn> During the stress testing of the jffs2 file system,the following abnormal printouts were found: [ 2430.649000] Unable to handle kernel paging request at virtual address 0069696969696948 [ 2430.649622] Mem abort info: [ 2430.649829] ESR = 0x96000004 [ 2430.650115] EC = 0x25: DABT (current EL), IL = 32 bits [ 2430.650564] SET = 0, FnV = 0 [ 2430.650795] EA = 0, S1PTW = 0 [ 2430.651032] FSC = 0x04: level 0 translation fault [ 2430.651446] Data abort info: [ 2430.651683] ISV = 0, ISS = 0x00000004 [ 2430.652001] CM = 0, WnR = 0 [ 2430.652558] [0069696969696948] address between user and kernel address ranges [ 2430.653265] Internal error: Oops: 96000004 [#1] PREEMPT SMP [ 2430.654512] CPU: 2 PID: 20919 Comm: cat Not tainted 5.15.25-g512f31242bf6 #33 [ 2430.655008] Hardware name: linux,dummy-virt (DT) [ 2430.655517] pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 2430.656142] pc : kfree+0x78/0x348 [ 2430.656630] lr : jffs2_free_inode+0x24/0x48 [ 2430.657051] sp : ffff800009eebd10 [ 2430.657355] x29: ffff800009eebd10 x28: 0000000000000001 x27: 0000000000000000 [ 2430.658327] x26: ffff000038f09d80 x25: 0080000000000000 x24: ffff800009d38000 [ 2430.658919] x23: 5a5a5a5a5a5a5a5a x22: ffff000038f09d80 x21: ffff8000084f0d14 [ 2430.659434] x20: ffff0000bf9a6ac0 x19: 0169696969696940 x18: 0000000000000000 [ 2430.659969] x17: ffff8000b6506000 x16: ffff800009eec000 x15: 0000000000004000 [ 2430.660637] x14: 0000000000000000 x13: 00000001000820a1 x12: 00000000000d1b19 [ 2430.661345] x11: 0004000800000000 x10: 0000000000000001 x9 : ffff8000084f0d14 [ 2430.662025] x8 : ffff0000bf9a6b40 x7 : ffff0000bf9a6b48 x6 : 0000000003470302 [ 2430.662695] x5 : ffff00002e41dcc0 x4 : ffff0000bf9aa3b0 x3 : 0000000003470342 [ 2430.663486] x2 : 0000000000000000 x1 : ffff8000084f0d14 x0 : fffffc0000000000 [ 2430.664217] Call trace: [ 2430.664528] kfree+0x78/0x348 [ 2430.664855] jffs2_free_inode+0x24/0x48 [ 2430.665233] i_callback+0x24/0x50 [ 2430.665528] rcu_do_batch+0x1ac/0x448 [ 2430.665892] rcu_core+0x28c/0x3c8 [ 2430.666151] rcu_core_si+0x18/0x28 [ 2430.666473] __do_softirq+0x138/0x3cc [ 2430.666781] irq_exit+0xf0/0x110 [ 2430.667065] handle_domain_irq+0x6c/0x98 [ 2430.667447] gic_handle_irq+0xac/0xe8 [ 2430.667739] call_on_irq_stack+0x28/0x54 The parameter passed to kfree was 5a5a5a5a, which corresponds to the target field of the jffs_inode_info structure. It was found that all variables in the jffs_inode_info structure were 5a5a5a5a, except for the first member sem. It is suspected that these variables are not initialized because they were set to 5a5a5a5a during memory testing, which is meant to detect uninitialized memory.The sem variable is initialized in the function jffs2_i_init_once, while other members are initialized in the function jffs2_init_inode_info. The function jffs2_init_inode_info is called after iget_locked, but in the iget_locked function, the destroy_inode process is triggered, which releases the inode and consequently, the target member of the inode is not initialized.In concurrent high pressure scenarios, iget_locked may enter the destroy_inode branch as described in the code. Since the destroy_inode functionality of jffs2 only releases the target, the fix method is to set target to NULL in jffs2_i_init_once. Signed-off-by: Wang Yong <wang.yong12(a)zte.com.cn> Reviewed-by: Lu Zhongjun <lu.zhongjun(a)zte.com.cn> Reviewed-by: Yang Tao <yang.tao172(a)zte.com.cn> Cc: Xu Xin <xu.xin16(a)zte.com.cn> Cc: Yang Yang <yang.yang29(a)zte.com.cn> --- fs/jffs2/super.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/jffs2/super.c b/fs/jffs2/super.c index 81ca58c..40cc5e6 100644 --- a/fs/jffs2/super.c +++ b/fs/jffs2/super.c @@ -58,6 +58,7 @@ static void jffs2_i_init_once(void *foo) struct jffs2_inode_info *f = foo; mutex_init(&f->sem); + f->target = NULL; inode_init_once(&f->vfs_inode); } -- 2.15.2

11 months, 3 weeks

2
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror May 2024