September 2024 - Linux-stable-mirror

[PATCH v2 3/3] block: fix ordering between checking BLK_MQ_S_STOPPED and adding requests

by Muchun Song

Supposing first scenario with a virtio_blk driver. CPU0 CPU1 blk_mq_try_issue_directly() __blk_mq_issue_directly() q->mq_ops->queue_rq() virtio_queue_rq() blk_mq_stop_hw_queue() virtblk_done() blk_mq_request_bypass_insert() blk_mq_start_stopped_hw_queues() /* Add IO request to dispatch list */ 1) store blk_mq_start_stopped_hw_queue() clear_bit(BLK_MQ_S_STOPPED) 3) store blk_mq_run_hw_queue() blk_mq_run_hw_queue() if (!blk_mq_hctx_has_pending()) if (!blk_mq_hctx_has_pending()) 4) load return return blk_mq_sched_dispatch_requests() blk_mq_sched_dispatch_requests() if (blk_mq_hctx_stopped()) 2) load if (blk_mq_hctx_stopped()) return return __blk_mq_sched_dispatch_requests() __blk_mq_sched_dispatch_requests() Supposing another scenario. CPU0 CPU1 blk_mq_requeue_work() /* Add IO request to dispatch list */ 1) store virtblk_done() blk_mq_run_hw_queues()/blk_mq_delay_run_hw_queues() blk_mq_start_stopped_hw_queues() if (blk_mq_hctx_stopped()) 2) load blk_mq_start_stopped_hw_queue() continue clear_bit(BLK_MQ_S_STOPPED) 3) store blk_mq_run_hw_queue()/blk_mq_delay_run_hw_queue() blk_mq_run_hw_queue() if (!blk_mq_hctx_has_pending()) 4) load return blk_mq_sched_dispatch_requests() Both scenarios are similar, the full memory barrier should be inserted between 1) and 2), as well as between 3) and 4) to make sure that either CPU0 sees BLK_MQ_S_STOPPED is cleared or CPU1 sees dispatch list. Otherwise, either CPU will not rerun the hardware queue causing starvation of the request. The easy way to fix it is to add the essential full memory barrier into helper of blk_mq_hctx_stopped(). In order to not affect the fast path (hardware queue is not stopped most of the time), we only insert the barrier into the slow path. Actually, only slow path needs to care about missing of dispatching the request to the low-level device driver. Fixes: 320ae51feed5c ("blk-mq: new multi-queue block IO queueing mechanism") Cc: stable(a)vger.kernel.org Cc: Muchun Song <muchun.song(a)linux.dev> Signed-off-by: Muchun Song <songmuchun(a)bytedance.com> --- block/blk-mq.c | 6 ++++++ block/blk-mq.h | 13 +++++++++++++ 2 files changed, 19 insertions(+) diff --git a/block/blk-mq.c b/block/blk-mq.c index ac39f2a346a52..48a6a437fba5e 100644 --- a/block/blk-mq.c +++ b/block/blk-mq.c @@ -2413,6 +2413,12 @@ void blk_mq_start_stopped_hw_queue(struct blk_mq_hw_ctx *hctx, bool async) return; clear_bit(BLK_MQ_S_STOPPED, &hctx->state); + /* + * Pairs with the smp_mb() in blk_mq_hctx_stopped() to order the + * clearing of BLK_MQ_S_STOPPED above and the checking of dispatch + * list in the subsequent routine. + */ + smp_mb__after_atomic(); blk_mq_run_hw_queue(hctx, async); } EXPORT_SYMBOL_GPL(blk_mq_start_stopped_hw_queue); diff --git a/block/blk-mq.h b/block/blk-mq.h index 260beea8e332c..f36f3bff70d86 100644 --- a/block/blk-mq.h +++ b/block/blk-mq.h @@ -228,6 +228,19 @@ static inline struct blk_mq_tags *blk_mq_tags_from_data(struct blk_mq_alloc_data static inline bool blk_mq_hctx_stopped(struct blk_mq_hw_ctx *hctx) { + /* Fast path: hardware queue is not stopped most of the time. */ + if (likely(!test_bit(BLK_MQ_S_STOPPED, &hctx->state))) + return false; + + /* + * This barrier is used to order adding of dispatch list before and + * the test of BLK_MQ_S_STOPPED below. Pairs with the memory barrier + * in blk_mq_start_stopped_hw_queue() so that dispatch code could + * either see BLK_MQ_S_STOPPED is cleared or dispatch list is not + * empty to avoid missing dispatching requests. + */ + smp_mb(); + return test_bit(BLK_MQ_S_STOPPED, &hctx->state); } -- 2.20.1

1 year

4
3
0 0

[PATCH v2 1/3] block: fix missing dispatching request when queue is started or unquiesced

by Muchun Song

Supposing the following scenario with a virtio_blk driver. CPU0 CPU1 CPU2 blk_mq_try_issue_directly() __blk_mq_issue_directly() q->mq_ops->queue_rq() virtio_queue_rq() blk_mq_stop_hw_queue() blk_mq_try_issue_directly() virtblk_done() if (blk_mq_hctx_stopped()) blk_mq_request_bypass_insert() blk_mq_start_stopped_hw_queue() blk_mq_run_hw_queue() blk_mq_run_hw_queue() blk_mq_insert_request() return // Who is responsible for dispatching this IO request? After CPU0 has marked the queue as stopped, CPU1 will see the queue is stopped. But before CPU1 puts the request on the dispatch list, CPU2 receives the interrupt of completion of request, so it will run the hardware queue and marks the queue as non-stopped. Meanwhile, CPU1 also runs the same hardware queue. After both CPU1 and CPU2 complete blk_mq_run_hw_queue(), CPU1 just puts the request to the same hardware queue and returns. It misses dispatching a request. Fix it by running the hardware queue explicitly. And blk_mq_request_issue_directly() should handle a similar situation. Fix it as well. Fixes: d964f04a8fde8 ("blk-mq: fix direct issue") Cc: stable(a)vger.kernel.org Cc: Muchun Song <muchun.song(a)linux.dev> Signed-off-by: Muchun Song <songmuchun(a)bytedance.com> Reviewed-by: Ming Lei <ming.lei(a)redhat.com> --- block/blk-mq.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/block/blk-mq.c b/block/blk-mq.c index e3c3c0c21b553..b2d0f22de0c7f 100644 --- a/block/blk-mq.c +++ b/block/blk-mq.c @@ -2619,6 +2619,7 @@ static void blk_mq_try_issue_directly(struct blk_mq_hw_ctx *hctx, if (blk_mq_hctx_stopped(hctx) || blk_queue_quiesced(rq->q)) { blk_mq_insert_request(rq, 0); + blk_mq_run_hw_queue(hctx, false); return; } @@ -2649,6 +2650,7 @@ static blk_status_t blk_mq_request_issue_directly(struct request *rq, bool last) if (blk_mq_hctx_stopped(hctx) || blk_queue_quiesced(rq->q)) { blk_mq_insert_request(rq, 0); + blk_mq_run_hw_queue(hctx, false); return BLK_STS_OK; } -- 2.20.1

1 year

3
2
0 0

[PATCH 4.19 00/96] 4.19.322-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.19.322 release. There are 96 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 12 Sep 2024 09:25:22 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.322-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.19.322-rc1 Li RongQing <lirongqing(a)baidu.com> netns: restore ops before calling ops_exit_list Nikolay Aleksandrov <nikolay(a)cumulusnetworks.com> net: bridge: explicitly zero is_sticky in fdb_create Zhang Changzhong <zhangchangzhong(a)huawei.com> cx82310_eth: fix error return code in cx82310_bind() Daniel Borkmann <daniel(a)iogearbox.net> net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket Roland Xu <mu001999(a)outlook.com> rtmutex: Drop rt_mutex::wait_lock before scheduling Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/i915/fence: Mark debug_fence_free() with __maybe_unused Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused Jonathan Cameron <Jonathan.Cameron(a)huawei.com> ACPI: processor: Fix memory leaks in error paths of processor_add() Jonathan Cameron <Jonathan.Cameron(a)huawei.com> ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add() Eric Dumazet <edumazet(a)google.com> ila: call nf_unregister_net_hooks() sooner Eric Dumazet <edumazet(a)google.com> netns: add pre_exit method to struct pernet_operations Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: protect references to superblock parameters exposed in sysfs Qing Wang <wangqing(a)vivo.com> nilfs2: replace snprintf in show functions with sysfs_emit Zheng Yejian <zhengyejian(a)huaweicloud.com> tracing: Avoid possible softlockup in tracing_iter_reset() Steven Rostedt (VMware) <rostedt(a)goodmis.org> ring-buffer: Rename ring_buffer_read() to read_buffer_iter_advance() Sven Schnelle <svens(a)linux.ibm.com> uprobes: Use kzalloc to allocate xol area Jacky Bai <ping.bai(a)nxp.com> clocksource/drivers/imx-tpm: Fix next event not taking effect sometime Jacky Bai <ping.bai(a)nxp.com> clocksource/drivers/imx-tpm: Fix return -ETIME when delta exceeds INT_MAX David Fernandez Gonzalez <david.fernandez.gonzalez(a)oracle.com> VMCI: Fix use-after-free when removing resource in vmci_resource_remove() Naman Jain <namjain(a)linux.microsoft.com> Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic Saurabh Sengar <ssengar(a)linux.microsoft.com> uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind Geert Uytterhoeven <geert+renesas(a)glider.be> nvmem: Fix return type of devm_nvmem_device_get() in kerneldoc Matteo Martelli <matteomartelli3(a)gmail.com> iio: fix scale application in iio_convert_raw_to_processed_unlocked David Lechner <dlechner(a)baylibre.com> iio: buffer-dmaengine: fix releasing dma channel on error Michael Ellerman <mpe(a)ellerman.id.au> ata: pata_macio: Use WARN instead of BUG Stefan Wiehler <stefan.wiehler(a)nokia.com> of/irq: Prevent device address out-of-bounds read in interrupt map walk Phillip Lougher <phillip(a)squashfs.org.uk> Squashfs: sanity check symbolic link size Oliver Neukum <oneukum(a)suse.com> usbnet: ipheth: race between ipheth_close and error handling Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: uinput - reject requests with unreasonable number of slots Camila Alvarez <cam.alvarez.i(a)gmail.com> HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup David Sterba <dsterba(a)suse.com> btrfs: initialize location to fix -Wmaybe-uninitialized in btrfs_lookup_dentry() Dan Williams <dan.j.williams(a)intel.com> PCI: Add missing bridge lock to pci_bus_lock() Josef Bacik <josef(a)toxicpanda.com> btrfs: clean up our handling of refs == 0 in snapshot delete Josef Bacik <josef(a)toxicpanda.com> btrfs: replace BUG_ON with ASSERT in walk_down_proc() Zqiang <qiang.zhang1211(a)gmail.com> smp: Add missing destroy_work_on_stack() call in smp_call_on_cpu() Sascha Hauer <s.hauer(a)pengutronix.de> wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() Guenter Roeck <linux(a)roeck-us.net> hwmon: (w83627ehf) Fix underflows seen when writing limit attributes Guenter Roeck <linux(a)roeck-us.net> hwmon: (nct6775-core) Fix underflows seen when writing limit attributes Guenter Roeck <linux(a)roeck-us.net> hwmon: (lm95234) Fix underflows seen when writing limit attributes Guenter Roeck <linux(a)roeck-us.net> hwmon: (adc128d818) Fix underflows seen when writing limit attributes Krishna Kumar <krishnak(a)linux.ibm.com> pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv Zijun Hu <quic_zijuhu(a)quicinc.com> devres: Initialize an uninitialized struct member Johannes Berg <johannes.berg(a)intel.com> um: line: always fill *error_out in setup_one_line() Waiman Long <longman(a)redhat.com> cgroup: Protect css->cgroup write under css_set_lock Jacob Pan <jacob.jun.pan(a)linux.intel.com> iommu/vt-d: Handle volatile descriptor status read Pawel Dembicki <paweldembicki(a)gmail.com> net: dsa: vsc73xx: fix possible subblocks range of CAPT block Jonas Gorski <jonas.gorski(a)bisdn.de> net: bridge: br_fdb_external_learn_add(): always set EXT_LEARN Nikolay Aleksandrov <nikolay(a)cumulusnetworks.com> net: bridge: fdb: convert added_by_external_learn to use bitops Nikolay Aleksandrov <nikolay(a)cumulusnetworks.com> net: bridge: fdb: convert added_by_user to bitops Nikolay Aleksandrov <nikolay(a)cumulusnetworks.com> net: bridge: fdb: convert is_sticky to bitops Nikolay Aleksandrov <nikolay(a)cumulusnetworks.com> net: bridge: fdb: convert is_static to bitops Nikolay Aleksandrov <nikolay(a)cumulusnetworks.com> net: bridge: fdb: convert is_local to bitops Ido Schimmel <idosch(a)mellanox.com> bridge: switchdev: Allow clearing FDB entry offload indication Nikolay Aleksandrov <nikolay(a)cumulusnetworks.com> net: bridge: add support for sticky fdb entries Richard Guy Briggs <rgb(a)redhat.com> rfkill: fix spelling mistake contidion to condition Oliver Neukum <oneukum(a)suse.com> usbnet: modern method to get random MAC Jakub Kicinski <kuba(a)kernel.org> net: usb: don't write directly to netdev->dev_addr Len Baker <len.baker(a)gmx.com> drivers/net/usb: Remove all strcpy() uses Ondrej Zary <linux(a)zary.sk> cx82310_eth: re-enable ethernet mode after router reboot Aleksandr Mishin <amishin(a)t-argos.ru> platform/x86: dell-smbios: Fix error path in dell_smbios_init() Daiwei Li <daiweili(a)google.com> igb: Fix not clearing TimeSync interrupts for 82580 Kuniyuki Iwashima <kuniyu(a)amazon.com> can: bcm: Remove proc entry when dev is unregistered. Jules Irenge <jbi.octave(a)gmail.com> pcmcia: Use resource_size function on resource object Chen Ni <nichen(a)iscas.ac.cn> media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse Arend van Spriel <arend.vanspriel(a)broadcom.com> wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3 Jan Kara <jack(a)suse.cz> udf: Avoid excessive partition lengths Yunjian Wang <wangyunjian(a)huawei.com> netfilter: nf_conncount: fix wrong variable type Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Remove put_pid()/put_cred() in copy_peercred(). Pali Rohár <pali(a)kernel.org> irqchip/armada-370-xp: Do not allow mapping IRQ 0 and 1 Konstantin Andreev <andreev(a)swemel.ru> smack: unix sockets: fix accept()ed socket label Takashi Iwai <tiwai(a)suse.de> ALSA: hda: Add input value sanity checks to HDMI channel map controls Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix state management in error path of log writing function Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix missing cleanup on rollforward recovery error Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: clk-alpha-pll: Fix the pll post div mask Jann Horn <jannh(a)google.com> fuse: use unsigned type for getxattr/listxattr size truncation Sam Protsenko <semen.protsenko(a)linaro.org> mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K Zheng Qixing <zhengqixing(a)huawei.com> ata: libata: Fix memory leak for error path in ata_host_alloc() Christoffer Sandberg <cs(a)tuxedo.de> ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices Stephen Hemminger <stephen(a)networkplumber.org> sch/netem: fix use after free in netem_dequeue Hillf Danton <hdanton(a)sina.com> ALSA: usb-audio: Fix gpf in snd_usb_pipe_sanity_check Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Sanity checks for each pipe and EP types Jan Kara <jack(a)suse.cz> udf: Limit file size to 4TB Breno Leitao <leitao(a)debian.org> virtio_net: Fix napi_skb_cache_put warning Christoph Hellwig <hch(a)lst.de> block: initialize integrity buffer to zero before writing it to media Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Enforce alignment of frame and interval Casey Schaufler <casey(a)schaufler-ca.com> smack: tcp: ipv4, fix incorrect labeling Simon Holesch <simon(a)holesch.de> usbip: Don't submit special requests twice Leesoo Ahn <lsahn(a)ooseel.net> apparmor: fix possible NULL pointer dereference Michael Chen <michael.chen(a)amd.com> drm/amdkfd: Reconcile the definition and use of oem_id in struct kfd_topology_device Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix mc_data out-of-bounds read warning Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix ucode out-of-bounds read warning Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix overflowed array index read warning Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> usb: dwc3: st: add missing depopulate in probe error path Nishka Dasgupta <nishkadg.linux(a)gmail.com> usb: dwc3: st: Add of_node_put() before return in probe function ZHANG Yuntian <yt(a)radxa.com> net: usb: qmi_wwan: add MeiG Smart SRM825L ------------- Diffstat: Makefile | 4 +- arch/um/drivers/line.c | 2 + block/bio-integrity.c | 11 +- drivers/acpi/acpi_processor.c | 15 +-- drivers/ata/libata-core.c | 4 +- drivers/ata/pata_macio.c | 7 +- drivers/base/devres.c | 1 + drivers/clk/qcom/clk-alpha-pll.c | 2 +- drivers/clocksource/timer-imx-tpm.c | 16 ++- drivers/gpu/drm/amd/amdgpu/amdgpu_afmt.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c | 2 + drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c | 3 + drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c | 3 +- drivers/gpu/drm/amd/amdkfd/kfd_crat.h | 2 - drivers/gpu/drm/amd/amdkfd/kfd_topology.c | 3 +- drivers/gpu/drm/amd/amdkfd/kfd_topology.h | 5 +- drivers/gpu/drm/i915/i915_sw_fence.c | 8 +- drivers/hid/hid-cougar.c | 2 +- drivers/hv/vmbus_drv.c | 1 + drivers/hwmon/adc128d818.c | 4 +- drivers/hwmon/lm95234.c | 9 +- drivers/hwmon/nct6775.c | 2 +- drivers/hwmon/w83627ehf.c | 4 +- drivers/iio/buffer/industrialio-buffer-dmaengine.c | 4 +- drivers/iio/inkern.c | 8 +- drivers/input/misc/uinput.c | 14 +++ drivers/iommu/dmar.c | 2 +- drivers/irqchip/irq-armada-370-xp.c | 4 + drivers/media/platform/qcom/camss/camss.c | 5 +- drivers/media/usb/uvc/uvc_driver.c | 18 ++- drivers/misc/vmw_vmci/vmci_resource.c | 3 +- drivers/mmc/host/dw_mmc.c | 4 +- drivers/net/dsa/vitesse-vsc73xx.c | 10 +- drivers/net/ethernet/intel/igb/igb_main.c | 10 ++ .../ethernet/mellanox/mlxsw/spectrum_switchdev.c | 9 +- drivers/net/ethernet/rocker/rocker_main.c | 1 + drivers/net/usb/ch9200.c | 4 +- drivers/net/usb/cx82310_eth.c | 56 +++++++-- drivers/net/usb/ipheth.c | 4 +- drivers/net/usb/kaweth.c | 3 +- drivers/net/usb/mcs7830.c | 4 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/usb/sierra_net.c | 6 +- drivers/net/usb/sr9700.c | 4 +- drivers/net/usb/sr9800.c | 5 +- drivers/net/usb/usbnet.c | 23 ++-- drivers/net/virtio_net.c | 8 +- .../broadcom/brcm80211/brcmsmac/mac80211_if.c | 1 + drivers/net/wireless/marvell/mwifiex/main.h | 3 + drivers/nvmem/core.c | 6 +- drivers/of/irq.c | 15 ++- drivers/pci/hotplug/pnv_php.c | 3 +- drivers/pci/pci.c | 35 +++--- drivers/pcmcia/yenta_socket.c | 6 +- drivers/platform/x86/dell-smbios-base.c | 5 +- drivers/uio/uio_hv_generic.c | 11 +- drivers/usb/dwc3/dwc3-st.c | 12 +- drivers/usb/usbip/stub_rx.c | 77 +++++++----- fs/btrfs/extent-tree.c | 32 +++-- fs/btrfs/inode.c | 2 +- fs/fuse/xattr.c | 4 +- fs/nilfs2/recovery.c | 35 +++++- fs/nilfs2/segment.c | 10 +- fs/nilfs2/sysfs.c | 117 +++++++++++-------- fs/squashfs/inode.c | 7 +- fs/udf/super.c | 24 +++- include/linux/ring_buffer.h | 3 +- include/net/net_namespace.h | 5 + include/net/switchdev.h | 3 +- include/uapi/linux/neighbour.h | 1 + kernel/cgroup/cgroup.c | 2 +- kernel/events/uprobes.c | 3 +- kernel/locking/rtmutex.c | 4 +- kernel/smp.c | 1 + kernel/trace/ring_buffer.c | 23 +--- kernel/trace/trace.c | 6 +- kernel/trace/trace_functions_graph.c | 2 +- net/bridge/br.c | 4 +- net/bridge/br_fdb.c | 129 ++++++++++++--------- net/bridge/br_input.c | 2 +- net/bridge/br_private.h | 18 ++- net/bridge/br_switchdev.c | 11 +- net/can/bcm.c | 4 + net/core/net_namespace.c | 28 +++++ net/dsa/slave.c | 1 + net/ipv6/ila/ila.h | 1 + net/ipv6/ila/ila_main.c | 6 + net/ipv6/ila/ila_xlat.c | 13 ++- net/netfilter/nf_conncount.c | 8 +- net/rfkill/core.c | 4 +- net/sched/sch_netem.c | 9 +- net/sunrpc/xprtsock.c | 7 ++ net/unix/af_unix.c | 9 +- security/apparmor/apparmorfs.c | 4 + security/smack/smack_lsm.c | 14 ++- sound/hda/hdmi_chmap.c | 18 +++ sound/pci/hda/patch_conexant.c | 11 ++ sound/usb/helper.c | 17 +++ sound/usb/helper.h | 1 + sound/usb/quirks.c | 14 ++- 100 files changed, 768 insertions(+), 344 deletions(-)

1 year

2
97
0 0

[PATCH v3] KVM: arm64: Add memory length checks and remove inline in do_ffa_mem_xfer

by Snehal Koukuntla

When we share memory through FF-A and the description of the buffers exceeds the size of the mapped buffer, the fragmentation API is used. The fragmentation API allows specifying chunks of descriptors in subsequent FF-A fragment calls and no upper limit has been established for this. The entire memory region transferred is identified by a handle which can be used to reclaim the transferred memory. To be able to reclaim the memory, the description of the buffers has to fit in the ffa_desc_buf. Add a bounds check on the FF-A sharing path to prevent the memory reclaim from failing. Also do_ffa_mem_xfer() does not need __always_inline Fixes: 634d90cf0ac65 ("KVM: arm64: Handle FFA_MEM_LEND calls from the host") Cc: stable(a)vger.kernel.org Reviewed-by: Sebastian Ene <sebastianene(a)google.com> Signed-off-by: Snehal Koukuntla <snehalreddy(a)google.com> --- arch/arm64/kvm/hyp/nvhe/ffa.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/arch/arm64/kvm/hyp/nvhe/ffa.c b/arch/arm64/kvm/hyp/nvhe/ffa.c index e715c157c2c4..637425f63fd1 100644 --- a/arch/arm64/kvm/hyp/nvhe/ffa.c +++ b/arch/arm64/kvm/hyp/nvhe/ffa.c @@ -426,7 +426,7 @@ static void do_ffa_mem_frag_tx(struct arm_smccc_res *res, return; } -static __always_inline void do_ffa_mem_xfer(const u64 func_id, +static void do_ffa_mem_xfer(const u64 func_id, struct arm_smccc_res *res, struct kvm_cpu_context *ctxt) { @@ -461,6 +461,11 @@ static __always_inline void do_ffa_mem_xfer(const u64 func_id, goto out_unlock; } + if (len > ffa_desc_buf.len) { + ret = FFA_RET_NO_MEMORY; + goto out_unlock; + } + buf = hyp_buffers.tx; memcpy(buf, host_buffers.tx, fraglen); -- 2.46.0.598.g6f2099f65c-goog

1 year

4
7
0 0

[PATCH 0/2] arm64: KVM: prevent overflow in inject_abt64

by Anastasia Belova

Add explicit casting to prevent expantion of 32th bit of u32 into highest half of u64. Found by Linux Verification Center (linuxtesting.org) with SVACE.

1 year

4
10
0 0

[PATCH 6.6] membarrier: riscv: Add full memory barrier in switch_mm()

by WangYuli

From: Andrea Parri <parri.andrea(a)gmail.com> [ Upstream commit d6cfd1770f20392d7009ae1fdb04733794514fa9 ] The membarrier system call requires a full memory barrier after storing to rq->curr, before going back to user-space. The barrier is only needed when switching between processes: the barrier is implied by mmdrop() when switching from kernel to userspace, and it's not needed when switching from userspace to kernel. Rely on the feature/mechanism ARCH_HAS_MEMBARRIER_CALLBACKS and on the primitive membarrier_arch_switch_mm(), already adopted by the PowerPC architecture, to insert the required barrier. Fixes: fab957c11efe2f ("RISC-V: Atomic and Locking Code") Signed-off-by: Andrea Parri <parri.andrea(a)gmail.com> Reviewed-by: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Link: https://lore.kernel.org/r/20240131144936.29190-2-parri.andrea@gmail.com Signed-off-by: Palmer Dabbelt <palmer(a)rivosinc.com> Signed-off-by: WangYuli <wangyuli(a)uniontech.com> --- MAINTAINERS | 2 +- arch/riscv/Kconfig | 1 + arch/riscv/include/asm/membarrier.h | 31 +++++++++++++++++++++++++++++ arch/riscv/mm/context.c | 2 ++ kernel/sched/core.c | 5 +++-- 5 files changed, 38 insertions(+), 3 deletions(-) create mode 100644 arch/riscv/include/asm/membarrier.h diff --git a/MAINTAINERS b/MAINTAINERS index f09415b2b3c5..ae4c0cec5073 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -13702,7 +13702,7 @@ M: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> M: "Paul E. McKenney" <paulmck(a)kernel.org> L: linux-kernel(a)vger.kernel.org S: Supported -F: arch/powerpc/include/asm/membarrier.h +F: arch/*/include/asm/membarrier.h F: include/uapi/linux/membarrier.h F: kernel/sched/membarrier.c diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig index c785a0200573..1df4afccc381 100644 --- a/arch/riscv/Kconfig +++ b/arch/riscv/Kconfig @@ -27,6 +27,7 @@ config RISCV select ARCH_HAS_GCOV_PROFILE_ALL select ARCH_HAS_GIGANTIC_PAGE select ARCH_HAS_KCOV + select ARCH_HAS_MEMBARRIER_CALLBACKS select ARCH_HAS_MMIOWB select ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE select ARCH_HAS_PMEM_API diff --git a/arch/riscv/include/asm/membarrier.h b/arch/riscv/include/asm/membarrier.h new file mode 100644 index 000000000000..6c016ebb5020 --- /dev/null +++ b/arch/riscv/include/asm/membarrier.h @@ -0,0 +1,31 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +#ifndef _ASM_RISCV_MEMBARRIER_H +#define _ASM_RISCV_MEMBARRIER_H + +static inline void membarrier_arch_switch_mm(struct mm_struct *prev, + struct mm_struct *next, + struct task_struct *tsk) +{ + /* + * Only need the full barrier when switching between processes. + * Barrier when switching from kernel to userspace is not + * required here, given that it is implied by mmdrop(). Barrier + * when switching from userspace to kernel is not needed after + * store to rq->curr. + */ + if (IS_ENABLED(CONFIG_SMP) && + likely(!(atomic_read(&next->membarrier_state) & + (MEMBARRIER_STATE_PRIVATE_EXPEDITED | + MEMBARRIER_STATE_GLOBAL_EXPEDITED)) || !prev)) + return; + + /* + * The membarrier system call requires a full memory barrier + * after storing to rq->curr, before going back to user-space. + * Matches a full barrier in the proximity of the membarrier + * system call entry. + */ + smp_mb(); +} + +#endif /* _ASM_RISCV_MEMBARRIER_H */ diff --git a/arch/riscv/mm/context.c b/arch/riscv/mm/context.c index 217fd4de6134..ba8eb3944687 100644 --- a/arch/riscv/mm/context.c +++ b/arch/riscv/mm/context.c @@ -323,6 +323,8 @@ void switch_mm(struct mm_struct *prev, struct mm_struct *next, if (unlikely(prev == next)) return; + membarrier_arch_switch_mm(prev, next, task); + /* * Mark the current MM context as inactive, and the next as * active. This is at least used by the icache flushing diff --git a/kernel/sched/core.c b/kernel/sched/core.c index 97571d390f18..9b406d988654 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c @@ -6679,8 +6679,9 @@ static void __sched notrace __schedule(unsigned int sched_mode) * * Here are the schemes providing that barrier on the * various architectures: - * - mm ? switch_mm() : mmdrop() for x86, s390, sparc, PowerPC. - * switch_mm() rely on membarrier_arch_switch_mm() on PowerPC. + * - mm ? switch_mm() : mmdrop() for x86, s390, sparc, PowerPC, + * RISC-V. switch_mm() relies on membarrier_arch_switch_mm() + * on PowerPC and on RISC-V. * - finish_lock_switch() for weakly-ordered * architectures where spin_unlock is a full barrier, * - switch_to() for arm64 (weakly-ordered, spin_unlock -- 2.43.4

1 year

3
6
0 0

[PATCH AUTOSEL 4.19 1/2] ASoC: tda7419: fix module autoloading

by Sasha Levin

From: Liao Chen <liaochen4(a)huawei.com> [ Upstream commit 934b44589da9aa300201a00fe139c5c54f421563 ] Add MODULE_DEVICE_TABLE(), so modules could be properly autoloaded based on the alias from of_device_id table. Signed-off-by: Liao Chen <liaochen4(a)huawei.com> Link: https://patch.msgid.link/20240826084924.368387-4-liaochen4@huawei.com Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- sound/soc/codecs/tda7419.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sound/soc/codecs/tda7419.c b/sound/soc/codecs/tda7419.c index 7f3b79c5a563..a3fc9b7fefd8 100644 --- a/sound/soc/codecs/tda7419.c +++ b/sound/soc/codecs/tda7419.c @@ -637,6 +637,7 @@ static const struct of_device_id tda7419_of_match[] = { { .compatible = "st,tda7419" }, { }, }; +MODULE_DEVICE_TABLE(of, tda7419_of_match); static struct i2c_driver tda7419_driver = { .driver = { -- 2.43.0

1 year

1
1
0 0

[PATCH AUTOSEL 5.4 1/3] ASoC: tda7419: fix module autoloading

by Sasha Levin

From: Liao Chen <liaochen4(a)huawei.com> [ Upstream commit 934b44589da9aa300201a00fe139c5c54f421563 ] Add MODULE_DEVICE_TABLE(), so modules could be properly autoloaded based on the alias from of_device_id table. Signed-off-by: Liao Chen <liaochen4(a)huawei.com> Link: https://patch.msgid.link/20240826084924.368387-4-liaochen4@huawei.com Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- sound/soc/codecs/tda7419.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sound/soc/codecs/tda7419.c b/sound/soc/codecs/tda7419.c index 2bf4f5e8af27..9d8753b28e36 100644 --- a/sound/soc/codecs/tda7419.c +++ b/sound/soc/codecs/tda7419.c @@ -629,6 +629,7 @@ static const struct of_device_id tda7419_of_match[] = { { .compatible = "st,tda7419" }, { }, }; +MODULE_DEVICE_TABLE(of, tda7419_of_match); static struct i2c_driver tda7419_driver = { .driver = { -- 2.43.0

1 year

1
2
0 0

[PATCH AUTOSEL 5.10 1/4] ASoC: intel: fix module autoloading

by Sasha Levin

From: Liao Chen <liaochen4(a)huawei.com> [ Upstream commit ae61a3391088d29aa8605c9f2db84295ab993a49 ] Add MODULE_DEVICE_TABLE(), so modules could be properly autoloaded based on the alias from of_device_id table. Signed-off-by: Liao Chen <liaochen4(a)huawei.com> Link: https://patch.msgid.link/20240826084924.368387-2-liaochen4@huawei.com Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- sound/soc/intel/keembay/kmb_platform.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sound/soc/intel/keembay/kmb_platform.c b/sound/soc/intel/keembay/kmb_platform.c index 291a686568c2..c7b754034d24 100644 --- a/sound/soc/intel/keembay/kmb_platform.c +++ b/sound/soc/intel/keembay/kmb_platform.c @@ -634,6 +634,7 @@ static const struct of_device_id kmb_plat_of_match[] = { { .compatible = "intel,keembay-tdm", .data = &intel_kmb_tdm_dai}, {} }; +MODULE_DEVICE_TABLE(of, kmb_plat_of_match); static int kmb_plat_dai_probe(struct platform_device *pdev) { -- 2.43.0

1 year

1
3
0 0

[PATCH AUTOSEL 5.15 1/5] ASoC: intel: fix module autoloading

by Sasha Levin

From: Liao Chen <liaochen4(a)huawei.com> [ Upstream commit ae61a3391088d29aa8605c9f2db84295ab993a49 ] Add MODULE_DEVICE_TABLE(), so modules could be properly autoloaded based on the alias from of_device_id table. Signed-off-by: Liao Chen <liaochen4(a)huawei.com> Link: https://patch.msgid.link/20240826084924.368387-2-liaochen4@huawei.com Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- sound/soc/intel/keembay/kmb_platform.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sound/soc/intel/keembay/kmb_platform.c b/sound/soc/intel/keembay/kmb_platform.c index a6fb74ba1c42..86a4c32686e7 100644 --- a/sound/soc/intel/keembay/kmb_platform.c +++ b/sound/soc/intel/keembay/kmb_platform.c @@ -815,6 +815,7 @@ static const struct of_device_id kmb_plat_of_match[] = { { .compatible = "intel,keembay-tdm", .data = &intel_kmb_tdm_dai}, {} }; +MODULE_DEVICE_TABLE(of, kmb_plat_of_match); static int kmb_plat_dai_probe(struct platform_device *pdev) { -- 2.43.0

1 year

1
4
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror September 2024