September 2024 - Linux-stable-mirror

[PATCH 1/1] riscv: efi: Set NX compat flag in PE/COFF header

by Heinrich Schuchardt

The IMAGE_DLLCHARACTERISTICS_NX_COMPAT informs the firmware that the EFI binary does not rely on pages that are both executable and writable. The flag is used by some distro versions of GRUB to decide if the EFI binary may be executed. As the Linux kernel neither has RWX sections nor needs RWX pages for relocation we should set the flag. Cc: Ard Biesheuvel <ardb(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt(a)canonical.com> --- arch/riscv/kernel/efi-header.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/riscv/kernel/efi-header.S b/arch/riscv/kernel/efi-header.S index 515b2dfbca75..c5f17c2710b5 100644 --- a/arch/riscv/kernel/efi-header.S +++ b/arch/riscv/kernel/efi-header.S @@ -64,7 +64,7 @@ extra_header_fields: .long efi_header_end - _start // SizeOfHeaders .long 0 // CheckSum .short IMAGE_SUBSYSTEM_EFI_APPLICATION // Subsystem - .short 0 // DllCharacteristics + .short IMAGE_DLL_CHARACTERISTICS_NX_COMPAT // DllCharacteristics .quad 0 // SizeOfStackReserve .quad 0 // SizeOfStackCommit .quad 0 // SizeOfHeapReserve -- 2.45.2

1 day, 5 hours

5
8
0 0

[PATCH v2] drm/meson: switch to a managed drm device

by Anastasia Belova

Switch to a managed drm device to cleanup some error handling and make future work easier. Fix dereference of NULL in meson_drv_bind_master by removing drm_dev_put(drm) before meson_encoder_*_remove and component_unbind_all where drm is dereferenced. Co-developed by Linux Verification Center (linuxtesting.org). Cc: stable(a)vger.kernel.org # 6.5 Fixes: 6a044642988b ("drm/meson: fix unbind path if HDMI fails to bind") Signed-off-by: Anastasia Belova <abelova(a)astralinux.ru> --- v2: fix commit message and add Cc: stable(a)vger.kernel.org drivers/gpu/drm/meson/meson_crtc.c | 10 +-- drivers/gpu/drm/meson/meson_drv.c | 71 ++++++++++------------ drivers/gpu/drm/meson/meson_drv.h | 2 +- drivers/gpu/drm/meson/meson_encoder_cvbs.c | 8 +-- drivers/gpu/drm/meson/meson_overlay.c | 8 +-- drivers/gpu/drm/meson/meson_plane.c | 10 +-- 6 files changed, 51 insertions(+), 58 deletions(-) diff --git a/drivers/gpu/drm/meson/meson_crtc.c b/drivers/gpu/drm/meson/meson_crtc.c index d70616da8ce2..e1c0bf3baeea 100644 --- a/drivers/gpu/drm/meson/meson_crtc.c +++ b/drivers/gpu/drm/meson/meson_crtc.c @@ -662,13 +662,13 @@ void meson_crtc_irq(struct meson_drm *priv) drm_crtc_handle_vblank(priv->crtc); - spin_lock_irqsave(&priv->drm->event_lock, flags); + spin_lock_irqsave(&priv->drm.event_lock, flags); if (meson_crtc->event) { drm_crtc_send_vblank_event(priv->crtc, meson_crtc->event); drm_crtc_vblank_put(priv->crtc); meson_crtc->event = NULL; } - spin_unlock_irqrestore(&priv->drm->event_lock, flags); + spin_unlock_irqrestore(&priv->drm.event_lock, flags); } int meson_crtc_create(struct meson_drm *priv) @@ -677,18 +677,18 @@ int meson_crtc_create(struct meson_drm *priv) struct drm_crtc *crtc; int ret; - meson_crtc = devm_kzalloc(priv->drm->dev, sizeof(*meson_crtc), + meson_crtc = devm_kzalloc(priv->drm.dev, sizeof(*meson_crtc), GFP_KERNEL); if (!meson_crtc) return -ENOMEM; meson_crtc->priv = priv; crtc = &meson_crtc->base; - ret = drm_crtc_init_with_planes(priv->drm, crtc, + ret = drm_crtc_init_with_planes(&priv->drm, crtc, priv->primary_plane, NULL, &meson_crtc_funcs, "meson_crtc"); if (ret) { - dev_err(priv->drm->dev, "Failed to init CRTC\n"); + dev_err(priv->drm.dev, "Failed to init CRTC\n"); return ret; } diff --git a/drivers/gpu/drm/meson/meson_drv.c b/drivers/gpu/drm/meson/meson_drv.c index 4bd0baa2a4f5..2e7c2e7c7b82 100644 --- a/drivers/gpu/drm/meson/meson_drv.c +++ b/drivers/gpu/drm/meson/meson_drv.c @@ -182,7 +182,6 @@ static int meson_drv_bind_master(struct device *dev, bool has_components) struct platform_device *pdev = to_platform_device(dev); const struct meson_drm_match_data *match; struct meson_drm *priv; - struct drm_device *drm; struct resource *res; void __iomem *regs; int ret, i; @@ -197,17 +196,13 @@ static int meson_drv_bind_master(struct device *dev, bool has_components) if (!match) return -ENODEV; - drm = drm_dev_alloc(&meson_driver, dev); - if (IS_ERR(drm)) - return PTR_ERR(drm); + priv = devm_drm_dev_alloc(dev, &meson_driver, + struct meson_drm, drm); - priv = devm_kzalloc(dev, sizeof(*priv), GFP_KERNEL); - if (!priv) { - ret = -ENOMEM; - goto free_drm; - } - drm->dev_private = priv; - priv->drm = drm; + if (IS_ERR(priv)) + return PTR_ERR(priv); + + priv->drm.dev_private = priv; priv->dev = dev; priv->compat = match->compat; priv->afbcd.ops = match->afbcd_ops; @@ -215,7 +210,7 @@ static int meson_drv_bind_master(struct device *dev, bool has_components) regs = devm_platform_ioremap_resource_byname(pdev, "vpu"); if (IS_ERR(regs)) { ret = PTR_ERR(regs); - goto free_drm; + goto remove_encoders; } priv->io_base = regs; @@ -223,13 +218,13 @@ static int meson_drv_bind_master(struct device *dev, bool has_components) res = platform_get_resource_byname(pdev, IORESOURCE_MEM, "hhi"); if (!res) { ret = -EINVAL; - goto free_drm; + goto remove_encoders; } /* Simply ioremap since it may be a shared register zone */ regs = devm_ioremap(dev, res->start, resource_size(res)); if (!regs) { ret = -EADDRNOTAVAIL; - goto free_drm; + goto remove_encoders; } priv->hhi = devm_regmap_init_mmio(dev, regs, @@ -237,18 +232,18 @@ static int meson_drv_bind_master(struct device *dev, bool has_components) if (IS_ERR(priv->hhi)) { dev_err(&pdev->dev, "Couldn't create the HHI regmap\n"); ret = PTR_ERR(priv->hhi); - goto free_drm; + goto remove_encoders; } priv->canvas = meson_canvas_get(dev); if (IS_ERR(priv->canvas)) { ret = PTR_ERR(priv->canvas); - goto free_drm; + goto remove_encoders; } ret = meson_canvas_alloc(priv->canvas, &priv->canvas_id_osd1); if (ret) - goto free_drm; + goto remove_encoders; ret = meson_canvas_alloc(priv->canvas, &priv->canvas_id_vd1_0); if (ret) goto free_canvas_osd1; @@ -261,7 +256,7 @@ static int meson_drv_bind_master(struct device *dev, bool has_components) priv->vsync_irq = platform_get_irq(pdev, 0); - ret = drm_vblank_init(drm, 1); + ret = drm_vblank_init(&priv->drm, 1); if (ret) goto free_canvas_vd1_2; @@ -284,10 +279,10 @@ static int meson_drv_bind_master(struct device *dev, bool has_components) ret = drmm_mode_config_init(drm); if (ret) goto free_canvas_vd1_2; - drm->mode_config.max_width = 3840; - drm->mode_config.max_height = 2160; - drm->mode_config.funcs = &meson_mode_config_funcs; - drm->mode_config.helper_private = &meson_mode_config_helpers; + priv->drm.mode_config.max_width = 3840; + priv->drm.mode_config.max_height = 2160; + priv->drm.mode_config.funcs = &meson_mode_config_funcs; + priv->drm.mode_config.helper_private = &meson_mode_config_helpers; /* Hardware Initialization */ @@ -308,9 +303,9 @@ static int meson_drv_bind_master(struct device *dev, bool has_components) goto exit_afbcd; if (has_components) { - ret = component_bind_all(dev, drm); + ret = component_bind_all(dev, &priv->drm); if (ret) { - dev_err(drm->dev, "Couldn't bind all components\n"); + dev_err(priv->drm.dev, "Couldn't bind all components\n"); /* Do not try to unbind */ has_components = false; goto exit_afbcd; @@ -339,26 +334,26 @@ static int meson_drv_bind_master(struct device *dev, bool has_components) if (ret) goto exit_afbcd; - ret = request_irq(priv->vsync_irq, meson_irq, 0, drm->driver->name, drm); + ret = request_irq(priv->vsync_irq, meson_irq, 0, priv->drm.driver->name, &priv->drm); if (ret) goto exit_afbcd; - drm_mode_config_reset(drm); + drm_mode_config_reset(&priv->drm); - drm_kms_helper_poll_init(drm); + drm_kms_helper_poll_init(&priv->drm); platform_set_drvdata(pdev, priv); - ret = drm_dev_register(drm, 0); + ret = drm_dev_register(&priv->drm, 0); if (ret) goto uninstall_irq; - drm_fbdev_dma_setup(drm, 32); + drm_fbdev_dma_setup(&priv->drm, 32); return 0; uninstall_irq: - free_irq(priv->vsync_irq, drm); + free_irq(priv->vsync_irq, &priv->drm); exit_afbcd: if (priv->afbcd.ops) priv->afbcd.ops->exit(priv); @@ -370,15 +365,14 @@ static int meson_drv_bind_master(struct device *dev, bool has_components) meson_canvas_free(priv->canvas, priv->canvas_id_vd1_0); free_canvas_osd1: meson_canvas_free(priv->canvas, priv->canvas_id_osd1); -free_drm: - drm_dev_put(drm); +remove_encoders: meson_encoder_dsi_remove(priv); meson_encoder_hdmi_remove(priv); meson_encoder_cvbs_remove(priv); if (has_components) - component_unbind_all(dev, drm); + component_unbind_all(dev, &priv->drm); return ret; } @@ -391,7 +385,7 @@ static int meson_drv_bind(struct device *dev) static void meson_drv_unbind(struct device *dev) { struct meson_drm *priv = dev_get_drvdata(dev); - struct drm_device *drm = priv->drm; + struct drm_device *drm = &priv->drm; if (priv->canvas) { meson_canvas_free(priv->canvas, priv->canvas_id_osd1); @@ -404,7 +398,6 @@ static void meson_drv_unbind(struct device *dev) drm_kms_helper_poll_fini(drm); drm_atomic_helper_shutdown(drm); free_irq(priv->vsync_irq, drm); - drm_dev_put(drm); meson_encoder_dsi_remove(priv); meson_encoder_hdmi_remove(priv); @@ -428,7 +421,7 @@ static int __maybe_unused meson_drv_pm_suspend(struct device *dev) if (!priv) return 0; - return drm_mode_config_helper_suspend(priv->drm); + return drm_mode_config_helper_suspend(&priv->drm); } static int __maybe_unused meson_drv_pm_resume(struct device *dev) @@ -445,7 +438,7 @@ static int __maybe_unused meson_drv_pm_resume(struct device *dev) if (priv->afbcd.ops) priv->afbcd.ops->init(priv); - return drm_mode_config_helper_resume(priv->drm); + return drm_mode_config_helper_resume(&priv->drm); } static void meson_drv_shutdown(struct platform_device *pdev) @@ -455,8 +448,8 @@ static void meson_drv_shutdown(struct platform_device *pdev) if (!priv) return; - drm_kms_helper_poll_fini(priv->drm); - drm_atomic_helper_shutdown(priv->drm); + drm_kms_helper_poll_fini(&priv->drm); + drm_atomic_helper_shutdown(&priv->drm); } /* diff --git a/drivers/gpu/drm/meson/meson_drv.h b/drivers/gpu/drm/meson/meson_drv.h index 3f9345c14f31..c4c6c810cb20 100644 --- a/drivers/gpu/drm/meson/meson_drv.h +++ b/drivers/gpu/drm/meson/meson_drv.h @@ -53,7 +53,7 @@ struct meson_drm { u8 canvas_id_vd1_1; u8 canvas_id_vd1_2; - struct drm_device *drm; + struct drm_device drm; struct drm_crtc *crtc; struct drm_plane *primary_plane; struct drm_plane *overlay_plane; diff --git a/drivers/gpu/drm/meson/meson_encoder_cvbs.c b/drivers/gpu/drm/meson/meson_encoder_cvbs.c index d1191de855d9..ddca22c8c1ff 100644 --- a/drivers/gpu/drm/meson/meson_encoder_cvbs.c +++ b/drivers/gpu/drm/meson/meson_encoder_cvbs.c @@ -104,7 +104,7 @@ static int meson_encoder_cvbs_get_modes(struct drm_bridge *bridge, for (i = 0; i < MESON_CVBS_MODES_COUNT; ++i) { struct meson_cvbs_mode *meson_mode = &meson_cvbs_modes[i]; - mode = drm_mode_duplicate(priv->drm, &meson_mode->mode); + mode = drm_mode_duplicate(&priv->drm, &meson_mode->mode); if (!mode) { dev_err(priv->dev, "Failed to create a new display mode\n"); return 0; @@ -221,7 +221,7 @@ static const struct drm_bridge_funcs meson_encoder_cvbs_bridge_funcs = { int meson_encoder_cvbs_probe(struct meson_drm *priv) { - struct drm_device *drm = priv->drm; + struct drm_device *drm = &priv->drm; struct meson_encoder_cvbs *meson_encoder_cvbs; struct drm_connector *connector; struct device_node *remote; @@ -256,7 +256,7 @@ int meson_encoder_cvbs_probe(struct meson_drm *priv) meson_encoder_cvbs->priv = priv; /* Encoder */ - ret = drm_simple_encoder_init(priv->drm, &meson_encoder_cvbs->encoder, + ret = drm_simple_encoder_init(&priv->drm, &meson_encoder_cvbs->encoder, DRM_MODE_ENCODER_TVDAC); if (ret) return dev_err_probe(priv->dev, ret, @@ -273,7 +273,7 @@ int meson_encoder_cvbs_probe(struct meson_drm *priv) } /* Initialize & attach Bridge Connector */ - connector = drm_bridge_connector_init(priv->drm, &meson_encoder_cvbs->encoder); + connector = drm_bridge_connector_init(&priv->drm, &meson_encoder_cvbs->encoder); if (IS_ERR(connector)) return dev_err_probe(priv->dev, PTR_ERR(connector), "Unable to create CVBS bridge connector\n"); diff --git a/drivers/gpu/drm/meson/meson_overlay.c b/drivers/gpu/drm/meson/meson_overlay.c index 7f98de38842b..60ee7f758723 100644 --- a/drivers/gpu/drm/meson/meson_overlay.c +++ b/drivers/gpu/drm/meson/meson_overlay.c @@ -484,7 +484,7 @@ static void meson_overlay_atomic_update(struct drm_plane *plane, interlace_mode = new_state->crtc->mode.flags & DRM_MODE_FLAG_INTERLACE; - spin_lock_irqsave(&priv->drm->event_lock, flags); + spin_lock_irqsave(&priv->drm.event_lock, flags); if ((fb->modifier & DRM_FORMAT_MOD_AMLOGIC_FBC(0, 0)) == DRM_FORMAT_MOD_AMLOGIC_FBC(0, 0)) { @@ -717,7 +717,7 @@ static void meson_overlay_atomic_update(struct drm_plane *plane, priv->viu.vd1_enabled = true; - spin_unlock_irqrestore(&priv->drm->event_lock, flags); + spin_unlock_irqrestore(&priv->drm.event_lock, flags); DRM_DEBUG_DRIVER("\n"); } @@ -838,7 +838,7 @@ int meson_overlay_create(struct meson_drm *priv) DRM_DEBUG_DRIVER("\n"); - meson_overlay = devm_kzalloc(priv->drm->dev, sizeof(*meson_overlay), + meson_overlay = devm_kzalloc(priv->drm.dev, sizeof(*meson_overlay), GFP_KERNEL); if (!meson_overlay) return -ENOMEM; @@ -846,7 +846,7 @@ int meson_overlay_create(struct meson_drm *priv) meson_overlay->priv = priv; plane = &meson_overlay->base; - drm_universal_plane_init(priv->drm, plane, 0xFF, + drm_universal_plane_init(&priv->drm, plane, 0xFF, &meson_overlay_funcs, supported_drm_formats, ARRAY_SIZE(supported_drm_formats), diff --git a/drivers/gpu/drm/meson/meson_plane.c b/drivers/gpu/drm/meson/meson_plane.c index b43ac61201f3..13be94309bf4 100644 --- a/drivers/gpu/drm/meson/meson_plane.c +++ b/drivers/gpu/drm/meson/meson_plane.c @@ -157,7 +157,7 @@ static void meson_plane_atomic_update(struct drm_plane *plane, * Update Buffer * Enable Plane */ - spin_lock_irqsave(&priv->drm->event_lock, flags); + spin_lock_irqsave(&priv->drm.event_lock, flags); /* Check if AFBC decoder is required for this buffer */ if ((meson_vpu_is_compatible(priv, VPU_COMPATIBLE_GXM) || @@ -393,7 +393,7 @@ static void meson_plane_atomic_update(struct drm_plane *plane, priv->viu.osd1_enabled = true; - spin_unlock_irqrestore(&priv->drm->event_lock, flags); + spin_unlock_irqrestore(&priv->drm.event_lock, flags); } static void meson_plane_atomic_disable(struct drm_plane *plane, @@ -536,7 +536,7 @@ int meson_plane_create(struct meson_drm *priv) const uint64_t *format_modifiers = format_modifiers_default; int ret; - meson_plane = devm_kzalloc(priv->drm->dev, sizeof(*meson_plane), + meson_plane = devm_kzalloc(priv->drm.dev, sizeof(*meson_plane), GFP_KERNEL); if (!meson_plane) return -ENOMEM; @@ -549,14 +549,14 @@ int meson_plane_create(struct meson_drm *priv) else if (meson_vpu_is_compatible(priv, VPU_COMPATIBLE_G12A)) format_modifiers = format_modifiers_afbc_g12a; - ret = drm_universal_plane_init(priv->drm, plane, 0xFF, + ret = drm_universal_plane_init(&priv->drm, plane, 0xFF, &meson_plane_funcs, supported_drm_formats, ARRAY_SIZE(supported_drm_formats), format_modifiers, DRM_PLANE_TYPE_PRIMARY, "meson_primary_plane"); if (ret) { - devm_kfree(priv->drm->dev, meson_plane); + devm_kfree(priv->drm.dev, meson_plane); return ret; } -- 2.30.2

1 day, 13 hours

3
7
0 0

[REGRESSION][BISECTED] Commit 60e3318e3e900 in stable/linux-6.1.y breaks cifs client failover to another server in DFS namespace

by Andrew Paniakin

Commit 60e3318e3e900 ("cifs: use fs_context for automounts") was released in v6.1.54 and broke the failover when one of the servers inside DFS becomes unavailable. We reproduced the problem on the EC2 instances of different types. Reverting aforementioned commint on top of the latest stable verison v6.1.94 helps to resolve the problem. Earliest working version is v6.2-rc1. There were two big merges of CIFS fixes: [1] and [2]. We would like to ask for the help to investigate this problem and if some of those patches need to be backported. Also, is it safe to just revert problematic commit until proper fixes/backports will be available? We will help to do testing and confirm if fix works, but let me also list the steps we used to reproduce the problem if it will help to identify the problem: 1. Create Active Directory domain eg. 'corp.fsxtest.local' in AWS Directory Service with: - three AWS FSX file systems filesystem1..filesystem3 - three Windows servers; They have DFS installed as per https://learn.microsoft.com/en-us/windows-server/storage/dfs-namespaces/dfs…: - dfs-srv1: EC2AMAZ-2EGTM59 - dfs-srv2: EC2AMAZ-1N36PRD - dfs-srv3: EC2AMAZ-0PAUH2U 2. Create DFS namespace eg. 'dfs-namespace' in Windows server 2008 mode and three folders targets in it: - referral-a mapped to filesystem1.corp.local - referral-b mapped to filesystem2.corp.local - referral-c mapped to filesystem3.corp.local - local folders dfs-srv1..dfs-srv3 in C:\DFSRoots\dfs-namespace of every Windows server. This helps to quickly define underlying server when DFS is mounted. 3. Enabled cifs debug logs: ``` echo 'module cifs +p' > /sys/kernel/debug/dynamic_debug/control echo 'file fs/cifs/* +p' > /sys/kernel/debug/dynamic_debug/control echo 7 > /proc/fs/cifs/cifsFYI ``` 4. Mount DFS namespace on Amazon Linux 2023 instance running any vanilla kernel v6.1.54+: ``` dmesg -c &>/dev/null cd /mnt mount -t cifs -o cred=/mnt/creds,echo_interval=5 \ //corp.fsxtest.local/dfs-namespace \ ./dfs-namespace ``` 5. List DFS root, it's also required to avoid recursive mounts that happen during regular 'ls' run: ``` sh -c 'ls dfs-namespace' dfs-srv2 referral-a referral-b ``` The DFS server is EC2AMAZ-1N36PRD, it's also listed in mount: ``` [root@ip-172-31-2-82 mnt]# mount | grep dfs //corp.fsxtest.local/dfs-namespace on /mnt/dfs-namespace type cifs (rw,relatime,vers=3.1.1,cache=strict,username=Admin,domain=corp.fsxtest.local,uid=0,noforceuid,gid=0,noforcegid,addr=172.31.11.26,file_mode=0755,dir_mode=0755,soft,nounix,mapposix,rsize=4194304,wsize=4194304,bsize=1048576,echo_interval=5,actimeo=1,closetimeo=1) //EC2AMAZ-1N36PRD.corp.fsxtest.local/dfs-namespace/referral-a on /mnt/dfs-namespace/referral-a type cifs (rw,relatime,vers=3.1.1,cache=strict,username=Admin,domain=corp.fsxtest.local,uid=0,noforceuid,gid=0,noforcegid,addr=172.31.12.80,file_mode=0755,dir_mode=0755,soft,nounix,mapposix,rsize=4194304,wsize=4194304,bsize=1048576,echo_interval=5,actimeo=1,closetimeo=1) ``` List files in first folder: ``` sh -c 'ls dfs-namespace/referral-a' filea.txt.txt ``` 6. Shutdown DFS server-2. List DFS root again, server changed from dfs-srv2 to dfs-srv1 EC2AMAZ-2EGTM59: ``` sh -c 'ls dfs-namespace' dfs-srv1 referral-a referral-b ``` 7. Try to list files in another folder, this causes ls to fail with error: ``` sh -c 'ls dfs-namespace/referral-b' ls: cannot access 'dfs-namespace/referral-b': No route to host``` Sometimes it's also 'Operation now in progress' error. mount shows the same output: ``` //corp.fsxtest.local/dfs-namespace on /mnt/dfs-namespace type cifs (rw,relatime,vers=3.1.1,cache=strict,username=Admin,domain=corp.fsxtest.local,uid=0,noforceuid,gid=0,noforcegid,addr=172.31.11.26,file_mode=0755,dir_mode=0755,soft,nounix,mapposix,rsize=4194304,wsize=4194304,bsize=1048576,echo_interval=5,actimeo=1,closetimeo=1) //EC2AMAZ-1N36PRD.corp.fsxtest.local/dfs-namespace/referral-a on /mnt/dfs-namespace/referral-a type cifs (rw,relatime,vers=3.1.1,cache=strict,username=Admin,domain=corp.fsxtest.local,uid=0,noforceuid,gid=0,noforcegid,addr=172.31.12.80,file_mode=0755,dir_mode=0755,soft,nounix,mapposix,rsize=4194304,wsize=4194304,bsize=1048576,echo_interval=5,actimeo=1,closetimeo=1) ``` I also attached kernel debug logs from this test. [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… [2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… Reported-by: Andrei Paniakin <apanyaki(a)amazon.com> Bisected-by: Simba Bonga <simbarb(a)amazon.com> --- #regzbot introduced: v6.1.54..v6.2-rc1

2 days, 1 hour

3
9
0 0

[PATCH v2] usb: using mutex lock and supporting O_NONBLOCK flag in iowarrior_read()

by Jeongjun Park

iowarrior_read() uses the iowarrior dev structure, but does not use any lock on the structure. This can cause various bugs including data-races, so it is more appropriate to use a mutex lock to safely protect the iowarrior dev structure. When using a mutex lock, you should split the branch to prevent blocking when the O_NONBLOCK flag is set. In addition, it is unnecessary to check for NULL on the iowarrior dev structure obtained by reading file->private_data. Therefore, it is better to remove the check. Cc: stable(a)vger.kernel.org Fixes: 946b960d13c1 ("USB: add driver for iowarrior devices.") Signed-off-by: Jeongjun Park <aha310510(a)gmail.com> --- v1 -> v2: Added cc tag and change log drivers/usb/misc/iowarrior.c | 46 ++++++++++++++++++++++++++++-------- 1 file changed, 36 insertions(+), 10 deletions(-) diff --git a/drivers/usb/misc/iowarrior.c b/drivers/usb/misc/iowarrior.c index 6d28467ce352..a513766b4985 100644 --- a/drivers/usb/misc/iowarrior.c +++ b/drivers/usb/misc/iowarrior.c @@ -277,28 +277,45 @@ static ssize_t iowarrior_read(struct file *file, char __user *buffer, struct iowarrior *dev; int read_idx; int offset; + int retval; dev = file->private_data; + if (file->f_flags & O_NONBLOCK) { + retval = mutex_trylock(&dev->mutex); + if (!retval) + return -EAGAIN; + } else { + retval = mutex_lock_interruptible(&dev->mutex); + if (retval) + return -ERESTARTSYS; + } + /* verify that the device wasn't unplugged */ - if (!dev || !dev->present) - return -ENODEV; + if (!dev->present) { + retval = -ENODEV; + goto exit; + } dev_dbg(&dev->interface->dev, "minor %d, count = %zd\n", dev->minor, count); /* read count must be packet size (+ time stamp) */ if ((count != dev->report_size) - && (count != (dev->report_size + 1))) - return -EINVAL; + && (count != (dev->report_size + 1))) { + retval = -EINVAL; + goto exit; + } /* repeat until no buffer overrun in callback handler occur */ do { atomic_set(&dev->overflow_flag, 0); if ((read_idx = read_index(dev)) == -1) { /* queue empty */ - if (file->f_flags & O_NONBLOCK) - return -EAGAIN; + if (file->f_flags & O_NONBLOCK) { + retval = -EAGAIN; + goto exit; + } else { //next line will return when there is either new data, or the device is unplugged int r = wait_event_interruptible(dev->read_wait, @@ -309,28 +326,37 @@ static ssize_t iowarrior_read(struct file *file, char __user *buffer, -1)); if (r) { //we were interrupted by a signal - return -ERESTART; + retval = -ERESTART; + goto exit; } if (!dev->present) { //The device was unplugged - return -ENODEV; + retval = -ENODEV; + goto exit; } if (read_idx == -1) { // Can this happen ??? - return 0; + retval = 0; + goto exit; } } } offset = read_idx * (dev->report_size + 1); if (copy_to_user(buffer, dev->read_queue + offset, count)) { - return -EFAULT; + retval = -EFAULT; + goto exit; } } while (atomic_read(&dev->overflow_flag)); read_idx = ++read_idx == MAX_INTERRUPT_BUFFER ? 0 : read_idx; atomic_set(&dev->read_idx, read_idx); + mutex_unlock(&dev->mutex); return count; + +exit: + mutex_unlock(&dev->mutex); + return retval; } /* --

2 days, 6 hours

2
2
0 0

[PATCH] drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too

by Mario Limonciello

Stuart Hayhurst has found that both at bootup and fullscreen VA-API video is leading to black screens for around 1 second and kernel WARNING [1] traces when calling dmub_psr_enable() with Parade 08-01 TCON. These symptoms all go away with PSR-SU disabled for this TCON, so disable it for now while DMUB traces [2] from the failure can be analyzed and the failure state properly root caused. Cc: stable(a)vger.kernel.org Cc: Marc Rossi <Marc.Rossi(a)amd.com> Cc: Hamza Mahfooz <Hamza.Mahfooz(a)amd.com> Link: https://gitlab.freedesktop.org/drm/amd/uploads/a832dd515b571ee171b3e3b566e9… [1] Link: https://gitlab.freedesktop.org/drm/amd/uploads/8f13ff3b00963c833e23e68aa811… [2] Closes: https://gitlab.freedesktop.org/drm/amd/-/issues/2645 Signed-off-by: Mario Limonciello <mario.limonciello(a)amd.com> --- --- drivers/gpu/drm/amd/display/modules/power/power_helpers.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/gpu/drm/amd/display/modules/power/power_helpers.c b/drivers/gpu/drm/amd/display/modules/power/power_helpers.c index e304e8435fb8..477289846a0a 100644 --- a/drivers/gpu/drm/amd/display/modules/power/power_helpers.c +++ b/drivers/gpu/drm/amd/display/modules/power/power_helpers.c @@ -841,6 +841,8 @@ bool is_psr_su_specific_panel(struct dc_link *link) isPSRSUSupported = false; else if (dpcd_caps->sink_dev_id_str[1] == 0x08 && dpcd_caps->sink_dev_id_str[0] == 0x03) isPSRSUSupported = false; + else if (dpcd_caps->sink_dev_id_str[1] == 0x08 && dpcd_caps->sink_dev_id_str[0] == 0x01) + isPSRSUSupported = false; else if (dpcd_caps->psr_info.force_psrsu_cap == 0x1) isPSRSUSupported = true; } -- 2.34.1

3 days, 21 hours

4
3
0 0

[PATCH] HID: plantronics: Update to map micmute controls

by Wade Wang

telephony page of Plantronics headset is ignored currently, it caused micmute button no function, Now follow native HID key mapping for telephony page map, telephony micmute key is enabled by default Cc: stable(a)vger.kernel.org Signed-off-by: Wade Wang <wade.wang(a)hp.com> --- drivers/hid/hid-plantronics.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/hid/hid-plantronics.c b/drivers/hid/hid-plantronics.c index 2a19f3646ecb..2d17534fce61 100644 --- a/drivers/hid/hid-plantronics.c +++ b/drivers/hid/hid-plantronics.c @@ -77,10 +77,10 @@ static int plantronics_input_mapping(struct hid_device *hdev, } } /* handle standard types - plt_type is 0xffa0uuuu or 0xffa2uuuu */ - /* 'basic telephony compliant' - allow default consumer page map */ + /* 'basic telephony compliant' - allow default consumer & telephony page map */ else if ((plt_type & HID_USAGE) >= PLT_BASIC_TELEPHONY && (plt_type & HID_USAGE) != PLT_BASIC_EXCEPTION) { - if (PLT_ALLOW_CONSUMER) + if (PLT_ALLOW_CONSUMER || (usage->hid & HID_USAGE_PAGE) == HID_UP_TELEPHONY) goto defaulted; } /* not 'basic telephony' - apply legacy mapping */ -- 2.34.1

4 days, 9 hours

4
8
0 0

[PATCH 5.4.y 0/2] tracing/kprobes: Backport request about

by Sherry Yang

The new test case which checks non unique symbol kprobe_non_uniq_symbol.tc failed because of missing kernel functionality support from commit b022f0c7e404 ("tracing/kprobes: Return EADDRNOTAVAIL when func matches several symbols"). Backport it and its fix commit to 5.4.y together. Resolved minor context change conflicts. Andrii Nakryiko (1): tracing/kprobes: Fix symbol counting logic by looking at modules as well Francis Laniel (1): tracing/kprobes: Return EADDRNOTAVAIL when func matches several symbols kernel/trace/trace_kprobe.c | 76 +++++++++++++++++++++++++++++++++++++ kernel/trace/trace_probe.h | 1 + 2 files changed, 77 insertions(+) -- 2.46.0

4 days, 13 hours

2
5
0 0

[PATCH v2] pps: Remove embedded cdev to fix a use-after-free

by Calvin Owens

On a board running ntpd and gpsd, I'm seeing a consistent use-after-free in sys_exit() from gpsd when rebooting: pps pps1: removed ------------[ cut here ]------------ kobject: '(null)' (00000000db4bec24): is not initialized, yet kobject_put() is being called. WARNING: CPU: 2 PID: 440 at lib/kobject.c:734 kobject_put+0x120/0x150 CPU: 2 UID: 299 PID: 440 Comm: gpsd Not tainted 6.11.0-rc6-00308-gb31c44928842 #1 Hardware name: Raspberry Pi 4 Model B Rev 1.1 (DT) pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : kobject_put+0x120/0x150 lr : kobject_put+0x120/0x150 sp : ffffffc0803d3ae0 x29: ffffffc0803d3ae0 x28: ffffff8042dc9738 x27: 0000000000000001 x26: 0000000000000000 x25: ffffff8042dc9040 x24: ffffff8042dc9440 x23: ffffff80402a4620 x22: ffffff8042ef4bd0 x21: ffffff80405cb600 x20: 000000000008001b x19: ffffff8040b3b6e0 x18: 0000000000000000 x17: 0000000000000000 x16: 0000000000000000 x15: 696e6920746f6e20 x14: 7369203a29343263 x13: 205d303434542020 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000 x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000 x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000 Call trace: kobject_put+0x120/0x150 cdev_put+0x20/0x3c __fput+0x2c4/0x2d8 ____fput+0x1c/0x38 task_work_run+0x70/0xfc do_exit+0x2a0/0x924 do_group_exit+0x34/0x90 get_signal+0x7fc/0x8c0 do_signal+0x128/0x13b4 do_notify_resume+0xdc/0x160 el0_svc+0xd4/0xf8 el0t_64_sync_handler+0x140/0x14c el0t_64_sync+0x190/0x194 ---[ end trace 0000000000000000 ]--- ...followed by more symptoms of corruption, with similar stacks: refcount_t: underflow; use-after-free. kernel BUG at lib/list_debug.c:62! Kernel panic - not syncing: Oops - BUG: Fatal exception This happens because pps_device_destruct() frees the pps_device with the embedded cdev immediately after calling cdev_del(), but, as the comment above cdev_del() notes, fops for previously opened cdevs are still callable even after cdev_del() returns. I think this bug has always been there: I can't explain why it suddenly started happening every time I reboot this particular board. In commit d953e0e837e6 ("pps: Fix a use-after free bug when unregistering a source."), George Spelvin suggested removing the embedded cdev. That seems like the simplest way to fix this, so I've implemented his suggestion, with pps_idr becoming the source of truth for which minor corresponds to which device. But now that pps_idr defines userspace visibility instead of cdev_add(), we need to be sure the pps->dev kobject refcount can't reach zero while userspace can still find it again. So, the idr_remove() call moves to pps_unregister_cdev(), and pps_idr now holds a reference to the pps->dev kobject. pps_core: source serial1 got cdev (251:1) <...> pps pps1: removed pps_core: unregistering pps1 pps_core: deallocating pps1 Fixes: d953e0e837e6 ("pps: Fix a use-after free bug when unregistering a source.") Cc: stable(a)vger.kernel.org Signed-off-by: Calvin Owens <calvin(a)wbinvd.org> --- Changes in v2: - Don't move pr_debug() from pps_device_destruct() to pps_unregister_cdev() - Actually add stable(a)vger.kernel.org to CC --- drivers/pps/pps.c | 83 ++++++++++++++++++++------------------ include/linux/pps_kernel.h | 1 - 2 files changed, 44 insertions(+), 40 deletions(-) diff --git a/drivers/pps/pps.c b/drivers/pps/pps.c index 5d19baae6a38..6980ab17f314 100644 --- a/drivers/pps/pps.c +++ b/drivers/pps/pps.c @@ -25,7 +25,7 @@ * Local variables */ -static dev_t pps_devt; +static int pps_major; static struct class *pps_class; static DEFINE_MUTEX(pps_idr_lock); @@ -296,19 +296,35 @@ static long pps_cdev_compat_ioctl(struct file *file, #define pps_cdev_compat_ioctl NULL #endif +static struct pps_device *pps_idr_get(unsigned long id) +{ + struct pps_device *pps; + + mutex_lock(&pps_idr_lock); + pps = idr_find(&pps_idr, id); + if (pps) + kobject_get(&pps->dev->kobj); + + mutex_unlock(&pps_idr_lock); + return pps; +} + static int pps_cdev_open(struct inode *inode, struct file *file) { - struct pps_device *pps = container_of(inode->i_cdev, - struct pps_device, cdev); + struct pps_device *pps = pps_idr_get(iminor(inode)); + + if (!pps) + return -ENODEV; + file->private_data = pps; - kobject_get(&pps->dev->kobj); return 0; } static int pps_cdev_release(struct inode *inode, struct file *file) { - struct pps_device *pps = container_of(inode->i_cdev, - struct pps_device, cdev); + struct pps_device *pps = file->private_data; + + WARN_ON(pps->id != iminor(inode)); kobject_put(&pps->dev->kobj); return 0; } @@ -332,14 +348,7 @@ static void pps_device_destruct(struct device *dev) { struct pps_device *pps = dev_get_drvdata(dev); - cdev_del(&pps->cdev); - - /* Now we can release the ID for re-use */ pr_debug("deallocating pps%d\n", pps->id); - mutex_lock(&pps_idr_lock); - idr_remove(&pps_idr, pps->id); - mutex_unlock(&pps_idr_lock); - kfree(dev); kfree(pps); } @@ -364,39 +373,26 @@ int pps_register_cdev(struct pps_device *pps) goto out_unlock; } pps->id = err; - mutex_unlock(&pps_idr_lock); - devt = MKDEV(MAJOR(pps_devt), pps->id); - - cdev_init(&pps->cdev, &pps_cdev_fops); - pps->cdev.owner = pps->info.owner; - - err = cdev_add(&pps->cdev, devt, 1); - if (err) { - pr_err("%s: failed to add char device %d:%d\n", - pps->info.name, MAJOR(pps_devt), pps->id); - goto free_idr; - } + devt = MKDEV(pps_major, pps->id); pps->dev = device_create(pps_class, pps->info.dev, devt, pps, "pps%d", pps->id); if (IS_ERR(pps->dev)) { err = PTR_ERR(pps->dev); - goto del_cdev; + goto free_idr; } /* Override the release function with our own */ pps->dev->release = pps_device_destruct; - pr_debug("source %s got cdev (%d:%d)\n", pps->info.name, - MAJOR(pps_devt), pps->id); + pr_debug("source %s got cdev (%d:%d)\n", pps->info.name, pps_major, + pps->id); + kobject_get(&pps->dev->kobj); + mutex_unlock(&pps_idr_lock); return 0; -del_cdev: - cdev_del(&pps->cdev); - free_idr: - mutex_lock(&pps_idr_lock); idr_remove(&pps_idr, pps->id); out_unlock: mutex_unlock(&pps_idr_lock); @@ -408,6 +404,12 @@ void pps_unregister_cdev(struct pps_device *pps) pr_debug("unregistering pps%d\n", pps->id); pps->lookup_cookie = NULL; device_destroy(pps_class, pps->dev->devt); + + /* Now we can release the ID for re-use */ + mutex_lock(&pps_idr_lock); + idr_remove(&pps_idr, pps->id); + kobject_put(&pps->dev->kobj); + mutex_unlock(&pps_idr_lock); } /* @@ -427,6 +429,11 @@ void pps_unregister_cdev(struct pps_device *pps) * so that it will not be used again, even if the pps device cannot * be removed from the idr due to pending references holding the minor * number in use. + * + * Since pps_idr holds a reference to the kobject, the returned + * pps_device is guaranteed to be valid until pps_unregister_cdev() is + * called on it. But after calling pps_unregister_cdev(), it may be + * freed at any time. */ struct pps_device *pps_lookup_dev(void const *cookie) { @@ -449,13 +456,11 @@ EXPORT_SYMBOL(pps_lookup_dev); static void __exit pps_exit(void) { class_destroy(pps_class); - unregister_chrdev_region(pps_devt, PPS_MAX_SOURCES); + __unregister_chrdev(pps_major, 0, PPS_MAX_SOURCES, "pps"); } static int __init pps_init(void) { - int err; - pps_class = class_create("pps"); if (IS_ERR(pps_class)) { pr_err("failed to allocate class\n"); @@ -463,8 +468,9 @@ static int __init pps_init(void) } pps_class->dev_groups = pps_groups; - err = alloc_chrdev_region(&pps_devt, 0, PPS_MAX_SOURCES, "pps"); - if (err < 0) { + pps_major = __register_chrdev(0, 0, PPS_MAX_SOURCES, "pps", + &pps_cdev_fops); + if (pps_major < 0) { pr_err("failed to allocate char device region\n"); goto remove_class; } @@ -477,8 +483,7 @@ static int __init pps_init(void) remove_class: class_destroy(pps_class); - - return err; + return pps_major; } subsys_initcall(pps_init); diff --git a/include/linux/pps_kernel.h b/include/linux/pps_kernel.h index 78c8ac4951b5..8ee312788118 100644 --- a/include/linux/pps_kernel.h +++ b/include/linux/pps_kernel.h @@ -56,7 +56,6 @@ struct pps_device { unsigned int id; /* PPS source unique ID */ void const *lookup_cookie; /* For pps_lookup_dev() only */ - struct cdev cdev; struct device *dev; struct fasync_struct *async_queue; /* fasync method */ spinlock_t lock; -- 2.45.2

5 days, 7 hours

3
2
0 0

[PATCH] coresight: etm4x: Fix PID tracing when perf is run in an init PID namespace

by Julien Meunier

The previous implementation limited the tracing capabilities when perf was run in the init PID namespace, making it impossible to trace applications in non-init PID namespaces. This update improves the tracing process by verifying the event owner. This allows us to determine whether the user has the necessary permissions to trace the application. Cc: stable(a)vger.kernel.org Fixes: aab473867fed ("coresight: etm4x: Don't trace PID for non-root PID namespace") Signed-off-by: Julien Meunier <julien.meunier(a)nokia.com> --- drivers/hwtracing/coresight/coresight-etm4x-core.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/hwtracing/coresight/coresight-etm4x-core.c b/drivers/hwtracing/coresight/coresight-etm4x-core.c index bf01f01964cf..8365307b1aec 100644 --- a/drivers/hwtracing/coresight/coresight-etm4x-core.c +++ b/drivers/hwtracing/coresight/coresight-etm4x-core.c @@ -695,7 +695,7 @@ static int etm4_parse_event_config(struct coresight_device *csdev, /* Only trace contextID when runs in root PID namespace */ if ((attr->config & BIT(ETM_OPT_CTXTID)) && - task_is_in_init_pid_ns(current)) + task_is_in_init_pid_ns(event->owner)) /* bit[6], Context ID tracing bit */ config->cfg |= TRCCONFIGR_CID; @@ -710,7 +710,7 @@ static int etm4_parse_event_config(struct coresight_device *csdev, goto out; } /* Only trace virtual contextID when runs in root PID namespace */ - if (task_is_in_init_pid_ns(current)) + if (task_is_in_init_pid_ns(event->owner)) config->cfg |= TRCCONFIGR_VMID | TRCCONFIGR_VMIDOPT; } -- 2.34.1

5 days, 7 hours

4
7
0 0

[PATCH v2] x86/CPU/AMD: Only apply Zenbleed fix for Zen2 during late microcode load

by John Allen

A problem was introduced with commit f69759be251d ("x86/CPU/AMD: Move Zenbleed check to the Zen2 init function") where a bit in the DE_CFG MSR is getting set after a microcode late load. The problem seems to be that the microcode late load path calls into amd_check_microcode() and subsequently zen2_zenbleed_check(). Since the patch removes the cpu_has_amd_erratum() check from zen2_zenbleed_check(), this will cause all non-Zen2 CPUs to go through the function and set the bit in the DE_CFG MSR. Call into the zenbleed fix path on Zen2 CPUs only. Fixes: f69759be251d ("x86/CPU/AMD: Move Zenbleed check to the Zen2 init function") Cc: <stable(a)vger.kernel.org> Acked-by: Borislav Petkov (AMD) <bp(a)alien8.de> Signed-off-by: John Allen <john.allen(a)amd.com> --- v2: - Clean up commit description --- arch/x86/kernel/cpu/amd.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c index 015971adadfc..368344e1394b 100644 --- a/arch/x86/kernel/cpu/amd.c +++ b/arch/x86/kernel/cpu/amd.c @@ -1202,5 +1202,6 @@ void amd_check_microcode(void) if (boot_cpu_data.x86_vendor != X86_VENDOR_AMD) return; - on_each_cpu(zenbleed_check_cpu, NULL, 1); + if (boot_cpu_has(X86_FEATURE_ZEN2)) + on_each_cpu(zenbleed_check_cpu, NULL, 1); } -- 2.34.1

1 week

2
1
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror September 2024