January 2025 - Linux-stable-mirror

[Internal Review] [Patch] btrfs: fix use-after-free of block device file in __btrfs_free_extra_devids()

by Shubham Pushpkar

From: Zhihao Cheng <chengzhihao1(a)huawei.com> commit aec8e6bf839101784f3ef037dcdb9432c3f32343 ("btrfs: fix use-after-free of block device file in __btrfs_free_extra_devids()") Mounting btrfs from two images (which have the same one fsid and two different dev_uuids) in certain executing order may trigger an UAF for variable 'device->bdev_file' in __btrfs_free_extra_devids(). And following are the details: 1. Attach image_1 to loop0, attach image_2 to loop1, and scan btrfs devices by ioctl(BTRFS_IOC_SCAN_DEV): / btrfs_device_1 → loop0 fs_device \ btrfs_device_2 → loop1 2. mount /dev/loop0 /mnt btrfs_open_devices btrfs_device_1->bdev_file = btrfs_get_bdev_and_sb(loop0) btrfs_device_2->bdev_file = btrfs_get_bdev_and_sb(loop1) btrfs_fill_super open_ctree fail: btrfs_close_devices // -ENOMEM btrfs_close_bdev(btrfs_device_1) fput(btrfs_device_1->bdev_file) // btrfs_device_1->bdev_file is freed btrfs_close_bdev(btrfs_device_2) fput(btrfs_device_2->bdev_file) 3. mount /dev/loop1 /mnt btrfs_open_devices btrfs_get_bdev_and_sb(&bdev_file) // EIO, btrfs_device_1->bdev_file is not assigned, // which points to a freed memory area btrfs_device_2->bdev_file = btrfs_get_bdev_and_sb(loop1) btrfs_fill_super open_ctree btrfs_free_extra_devids if (btrfs_device_1->bdev_file) fput(btrfs_device_1->bdev_file) // UAF ! Fix it by setting 'device->bdev_file' as 'NULL' after closing the btrfs_device in btrfs_close_one_device(). Fixes: CVE-2024-50217 Fixes: 142388194191 ("btrfs: do not background blkdev_put()") CC: stable(a)vger.kernel.org # 4.19+ Link: https://bugzilla.kernel.org/show_bug.cgi?id=219408 Signed-off-by: Zhihao Cheng <chengzhihao1(a)huawei.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> (cherry picked from commit aec8e6bf839101784f3ef037dcdb9432c3f32343) Signed-off-by: Shubham Pushpkar <spushpka(a)cisco.com> --- fs/btrfs/volumes.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c index b9a0b26d08e1..ab2412542ce5 100644 --- a/fs/btrfs/volumes.c +++ b/fs/btrfs/volumes.c @@ -1176,6 +1176,7 @@ static void btrfs_close_one_device(struct btrfs_device *device) if (device->bdev) { fs_devices->open_devices--; device->bdev = NULL; + device->bdev_file = NULL; } clear_bit(BTRFS_DEV_STATE_WRITEABLE, &device->dev_state); btrfs_destroy_dev_zone_info(device); -- 2.35.6

9 months, 1 week

3
3
0 0

[PATCH] drm/amd/display: Check link_index before accessing dc->links[]

by Shubham Pushpkar

From: Alex Hung <alex.hung(a)amd.com> commit 8aa2864044b9d13e95fe224f32e808afbf79ecdf ("drm/amd/display: Check link_index before accessing dc->links[]") [WHY & HOW] dc->links[] has max size of MAX_LINKS and NULL is return when trying to access with out-of-bound index. This fixes 3 OVERRUN and 1 RESOURCE_LEAK issues reported by Coverity. Fixes: CVE-2024-46813 Reviewed-by: Harry Wentland <harry.wentland(a)amd.com> Acked-by: Tom Chung <chiahsuan.chung(a)amd.com> Signed-off-by: Alex Hung <alex.hung(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> (cherry picked from commit 8aa2864044b9d13e95fe224f32e808afbf79ecdf) Signed-off-by: Shubham Pushpkar <spushpka(a)cisco.com> --- drivers/gpu/drm/amd/display/dc/core/dc_link_exports.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/gpu/drm/amd/display/dc/core/dc_link_exports.c b/drivers/gpu/drm/amd/display/dc/core/dc_link_exports.c index f365773d5714..b5639e88c581 100644 --- a/drivers/gpu/drm/amd/display/dc/core/dc_link_exports.c +++ b/drivers/gpu/drm/amd/display/dc/core/dc_link_exports.c @@ -37,6 +37,9 @@ #include "dce/dce_i2c.h" struct dc_link *dc_get_link_at_index(struct dc *dc, uint32_t link_index) { + if (link_index >= MAX_LINKS) + return NULL; + return dc->links[link_index]; } -- 2.35.6

9 months, 1 week

3
2
0 0

[PATCH v2] Revert v6.2-rc1 and later "ARM: dts: bcm2835-rpi: Use firmware clocks for display"

by H. Nikolaus Schaller

This reverts commit 27ab05e1b7e5c5ec9b4f658e1b2464c0908298a6. I tried to upgrade a RasPi 3B+ with Waveshare 7inch HDMI LCD from 6.1.y to 6.6.y but found that the display is broken with this log message: [ 17.776315] vc4-drm soc:gpu: bound 3f400000.hvs (ops vc4_drm_unregister [vc4]) [ 17.784034] platform 3f806000.vec: deferred probe pending Some tests revealed that while 6.1.y works, 6.2-rc1 is already broken but all newer kernels as well. And a bisect did lead me to this patch. I could repair several versions up to 6.13-rc7 by doing this revert. Newer kernels have just to take care of commit f702475b839c ("ARM: dts: bcm2835-rpi: Move duplicate firmware-clocks to bcm2835-rpi.dtsi") but that is straightforward. Fixes: 27ab05e1b7e5 ("ARM: dts: bcm2835-rpi: Use firmware clocks for display") Signed-off-by: H. Nikolaus Schaller <hns(a)goldelico.com> --- arch/arm/boot/dts/bcm2835-rpi-common.dtsi | 17 ----------------- 1 file changed, 17 deletions(-) diff --git a/arch/arm/boot/dts/bcm2835-rpi-common.dtsi b/arch/arm/boot/dts/bcm2835-rpi-common.dtsi index 4e7b4a592da7c..8a55b6cded592 100644 --- a/arch/arm/boot/dts/bcm2835-rpi-common.dtsi +++ b/arch/arm/boot/dts/bcm2835-rpi-common.dtsi @@ -7,23 +7,6 @@ #include <dt-bindings/power/raspberrypi-power.h> -&firmware { - firmware_clocks: clocks { - compatible = "raspberrypi,firmware-clocks"; - #clock-cells = <1>; - }; -}; - -&hdmi { - clocks = <&firmware_clocks 9>, - <&firmware_clocks 13>; - clock-names = "pixel", "hdmi"; -}; - &v3d { power-domains = <&power RPI_POWER_DOMAIN_V3D>; }; - -&vec { - clocks = <&firmware_clocks 15>; -}; -- 2.47.0

9 months, 1 week

4
5
0 0

[PATCH 6.1 00/64] 6.1.127-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.127 release. There are 64 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 24 Jan 2025 07:38:08 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.127-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.127-rc2 Wang Liang <wangliang74(a)huawei.com> net: fix data-races around sk->sk_forward_alloc Juergen Gross <jgross(a)suse.com> x86/xen: fix SLS mitigation in xen_hypercall_iret() Youzhong Yang <youzhong(a)gmail.com> nfsd: add list_head nf_gc to struct nfsd_file Gao Xiang <xiang(a)kernel.org> erofs: handle NONHEAD !delta[1] lclusters gracefully Gao Xiang <xiang(a)kernel.org> erofs: tidy up EROFS on-disk naming Kang Yang <quic_kangyang(a)quicinc.com> wifi: ath10k: avoid NULL pointer error during sdio remove Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "regmap: detach regmap from dev on regmap_exit" Suraj Sonawane <surajsonawane0215(a)gmail.com> scsi: sg: Fix slab-use-after-free read in sg_release() Zhu Yanjun <yanjun.zhu(a)linux.dev> RDMA/rxe: Fix the qp flush warnings in req Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "drm/amdgpu: rework resume handling for display (v2)" Yu Kuai <yukuai3(a)huawei.com> block: fix uaf for flush rq while iterating tags Vitaly Prosyak <vitaly.prosyak(a)amd.com> drm/amdgpu: fix usage slab after free Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create' Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: adc: rockchip_saradc: fix information leak in triggered buffer Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> iio: imu: inv_icm42600: fix timestamps after suspend if sensor is on Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> iio: imu: inv_icm42600: fix spi burst write not supported Terry Tritton <terry.tritton(a)linaro.org> Revert "PCI: Use preserve_config in place of pci_flags" Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/fb: Relax clear color alignment to 64 bytes Koichiro Den <koichiro.den(a)canonical.com> hrtimers: Handle CPU state correctly on hotplug Tomas Krcka <krckatom(a)amazon.de> irqchip/gic-v3-its: Don't enable interrupts in its_irq_set_vcpu_affinity() Yogesh Lal <quic_ylal(a)quicinc.com> irqchip/gic-v3: Handle CPU_PM_ENTER_FAILED correctly Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> irqchip: Plug a OF node reference leak in platform_irqchip_probe() Xiaolei Wang <xiaolei.wang(a)windriver.com> pmdomain: imx8mp-blk-ctrl: add missing loop break condition Zhongqiu Han <quic_zhonhan(a)quicinc.com> gpiolib: cdev: Fix use after free in lineinfo_changed_notify Rik van Riel <riel(a)surriel.com> fs/proc: fix softlockup in __read_vmcore (part 2) Marco Nelissen <marco.nelissen(a)gmail.com> filemap: avoid truncating 64-bit offset to 32 bits Stefano Garzarella <sgarzare(a)redhat.com> vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] Stefano Garzarella <sgarzare(a)redhat.com> vsock: reset socket state when de-assigning the transport Stefano Garzarella <sgarzare(a)redhat.com> vsock/virtio: cancel close work in the destructor Stefano Garzarella <sgarzare(a)redhat.com> vsock/virtio: discard packets if the transport changes Heiner Kallweit <hkallweit1(a)gmail.com> net: ethernet: xgbe: re-add aneg to supported features in PHY quirks Paolo Abeni <pabeni(a)redhat.com> selftests: mptcp: avoid spurious errors on disconnect Paolo Abeni <pabeni(a)redhat.com> mptcp: be sure to send ack when mptcp-level window re-opens Kairui Song <kasong(a)tencent.com> zram: fix potential UAF of zram table Stefan Binding <sbinding(a)opensource.cirrus.com> ALSA: hda/realtek: Add support for Ayaneo System using CS35L41 HDA Juergen Gross <jgross(a)suse.com> x86/asm: Make serialize() always_inline Oleg Nesterov <oleg(a)redhat.com> poll_wait: add mb() to fix theoretical race between waitqueue_active() and .poll() Marco Nelissen <marco.nelissen(a)gmail.com> iomap: avoid avoid truncating 64-bit offset to 32 bits Hans de Goede <hdegoede(a)redhat.com> ACPI: resource: acpi_dev_irq_override(): Check DMI match last Jakub Kicinski <kuba(a)kernel.org> selftests: tc-testing: reduce rshift value Manivannan Sadhasivam <mani(a)kernel.org> scsi: ufs: core: Honor runtime/system PM levels if set by host controller drivers Max Kellermann <max.kellermann(a)ionos.com> cachefiles: Parse the "secctx" immediately David Howells <dhowells(a)redhat.com> kheaders: Ignore silly-rename files Zhang Kunbo <zhangkunbo(a)huawei.com> fs: fix missing declaration of init_files Leo Stone <leocstone(a)gmail.com> hfs: Sanity check the root record Lizhi Xu <lizhi.xu(a)windriver.com> mac802154: check local interfaces before deleting sdata list Luis Chamberlain <mcgrof(a)kernel.org> nvmet: propagate npwg topology Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: rcar: fix NACK handling when being a target Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: mux: demux-pinctrl: check initial mux selection, too Pratyush Yadav <pratyush(a)kernel.org> Revert "mtd: spi-nor: core: replace dummy buswidth from addr to data" David Lechner <dlechner(a)baylibre.com> hwmon: (tmp513) Fix division of negative numbers Maíra Canal <mcanal(a)igalia.com> drm/v3d: Ensure job pointer is set to NULL after job completion Mark Zhang <markzhang(a)nvidia.com> net/mlx5: Clear port select structure when fail to create Patrisious Haddad <phaddad(a)nvidia.com> net/mlx5: Fix RDMA TX steering prio Sean Anderson <sean.anderson(a)linux.dev> net: xilinx: axienet: Fix IRQ coalescing packet count overflow Dan Carpenter <dan.carpenter(a)linaro.org> nfp: bpf: prevent integer overflow in nfp_bpf_event_output() Kuniyuki Iwashima <kuniyu(a)amazon.com> gtp: Destroy device along with udp socket's netns dismantle. Kuniyuki Iwashima <kuniyu(a)amazon.com> gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp(). Eric Dumazet <edumazet(a)google.com> gtp: use exit_batch_rtnl() method Eric Dumazet <edumazet(a)google.com> net: add exit_batch_rtnl() method Artem Chernyshev <artem.chernyshev(a)red-soft.ru> pktgen: Avoid out-of-bounds access in get_imix_entries Ilya Maximets <i.maximets(a)ovn.org> openvswitch: fix lockup on tx to unregistering netdev with carrier Michal Luczaj <mhal(a)rbox.co> bpf: Fix bpf_sk_select_reuseport() memory leak Sudheer Kumar Doredla <s-doredla(a)ti.com> net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field() ------------- Diffstat: Makefile | 4 +- arch/x86/include/asm/special_insns.h | 2 +- arch/x86/xen/xen-asm.S | 2 +- block/blk-sysfs.c | 6 +- block/genhd.c | 9 +- drivers/acpi/resource.c | 6 +- drivers/base/regmap/regmap.c | 12 -- drivers/block/zram/zram_drv.c | 1 + drivers/gpio/gpiolib-cdev.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 47 +------ drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c | 6 +- .../gpu/drm/amd/display/dc/dcn21/dcn21_resource.c | 2 +- drivers/gpu/drm/i915/display/intel_fb.c | 2 +- drivers/gpu/drm/v3d/v3d_irq.c | 4 + drivers/hwmon/tmp513.c | 7 +- drivers/i2c/busses/i2c-rcar.c | 20 ++- drivers/i2c/muxes/i2c-demux-pinctrl.c | 4 +- drivers/iio/adc/rockchip_saradc.c | 2 + drivers/iio/imu/inv_icm42600/inv_icm42600.h | 1 + drivers/iio/imu/inv_icm42600/inv_icm42600_core.c | 18 ++- drivers/iio/imu/inv_icm42600/inv_icm42600_spi.c | 3 +- drivers/infiniband/sw/rxe/rxe_req.c | 6 +- drivers/irqchip/irq-gic-v3-its.c | 2 +- drivers/irqchip/irq-gic-v3.c | 2 +- drivers/irqchip/irqchip.c | 4 +- drivers/mtd/spi-nor/core.c | 2 +- drivers/net/ethernet/amd/xgbe/xgbe-phy-v2.c | 19 +-- drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 1 + .../net/ethernet/mellanox/mlx5/core/lag/port_sel.c | 4 +- drivers/net/ethernet/netronome/nfp/bpf/offload.c | 3 +- drivers/net/ethernet/ti/cpsw_ale.c | 14 +- drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 6 + drivers/net/gtp.c | 42 +++--- drivers/net/wireless/ath/ath10k/sdio.c | 4 +- drivers/nvme/target/io-cmd-bdev.c | 2 +- drivers/pci/controller/pci-host-common.c | 4 + drivers/pci/probe.c | 20 +-- drivers/scsi/sg.c | 2 +- drivers/soc/imx/imx8mp-blk-ctrl.c | 2 +- drivers/ufs/core/ufshcd.c | 9 +- fs/cachefiles/daemon.c | 14 +- fs/cachefiles/internal.h | 3 +- fs/cachefiles/security.c | 6 +- fs/erofs/erofs_fs.h | 143 +++++++++------------ fs/erofs/zmap.c | 133 ++++++++++--------- fs/file.c | 1 + fs/hfs/super.c | 4 +- fs/iomap/buffered-io.c | 2 +- fs/nfsd/filecache.c | 18 +-- fs/nfsd/filecache.h | 1 + fs/proc/vmcore.c | 2 + include/linux/hrtimer.h | 1 + include/linux/poll.h | 10 +- include/net/net_namespace.h | 3 + kernel/cpu.c | 2 +- kernel/gen_kheaders.sh | 1 + kernel/time/hrtimer.c | 11 +- mm/filemap.c | 2 +- net/core/filter.c | 30 +++-- net/core/net_namespace.c | 31 ++++- net/core/pktgen.c | 6 +- net/dccp/ipv6.c | 2 +- net/ipv6/tcp_ipv6.c | 4 +- net/mac802154/iface.c | 4 + net/mptcp/options.c | 6 +- net/openvswitch/actions.c | 4 +- net/vmw_vsock/af_vsock.c | 18 +++ net/vmw_vsock/virtio_transport_common.c | 38 ++++-- sound/pci/hda/patch_realtek.c | 1 + tools/testing/selftests/net/mptcp/mptcp_connect.c | 43 +++++-- .../tc-testing/tc-tests/filters/flow.json | 4 +- 71 files changed, 477 insertions(+), 379 deletions(-)

9 months, 1 week

10
9
0 0

[PATCH] ASoC: acp: Support microphone from Lenovo Go S

by Mario Limonciello

From: Mario Limonciello <mario.limonciello(a)amd.com> On Lenovo Go S there is a DMIC connected to the ACP but the firmware has no `AcpDmicConnected` ACPI _DSD. Add a DMI entry for all possible Lenovo Go S SKUs to enable DMIC. Cc: nijs1(a)lenovo.com Cc: pgriffais(a)valvesoftware.com Cc: mpearson-lenovo(a)squebb.ca Cc: stable(a)vger.kernel.org Signed-off-by: Mario Limonciello <mario.limonciello(a)amd.com> --- sound/soc/amd/yc/acp6x-mach.c | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/sound/soc/amd/yc/acp6x-mach.c b/sound/soc/amd/yc/acp6x-mach.c index ecf57a6cb7c37..b16587d8f97a8 100644 --- a/sound/soc/amd/yc/acp6x-mach.c +++ b/sound/soc/amd/yc/acp6x-mach.c @@ -304,6 +304,34 @@ static const struct dmi_system_id yc_acp_quirk_table[] = { DMI_MATCH(DMI_PRODUCT_NAME, "83AS"), } }, + { + .driver_data = &acp6x_card, + .matches = { + DMI_MATCH(DMI_BOARD_VENDOR, "LENOVO"), + DMI_MATCH(DMI_PRODUCT_NAME, "83L3"), + } + }, + { + .driver_data = &acp6x_card, + .matches = { + DMI_MATCH(DMI_BOARD_VENDOR, "LENOVO"), + DMI_MATCH(DMI_PRODUCT_NAME, "83N6"), + } + }, + { + .driver_data = &acp6x_card, + .matches = { + DMI_MATCH(DMI_BOARD_VENDOR, "LENOVO"), + DMI_MATCH(DMI_PRODUCT_NAME, "83Q2"), + } + }, + { + .driver_data = &acp6x_card, + .matches = { + DMI_MATCH(DMI_BOARD_VENDOR, "LENOVO"), + DMI_MATCH(DMI_PRODUCT_NAME, "83Q3"), + } + }, { .driver_data = &acp6x_card, .matches = { -- 2.43.0

9 months, 1 week

2
1
0 0

[tip: timers/urgent] hrtimers: Force migrate away hrtimers queued after CPUHP_AP_HRTIMERS_DYING

by tip-bot2 for Frederic Weisbecker

The following commit has been merged into the timers/urgent branch of tip: Commit-ID: b7a110336261147ccb373f4100cc88271c54bd91 Gitweb: https://git.kernel.org/tip/b7a110336261147ccb373f4100cc88271c54bd91 Author: Frederic Weisbecker <frederic(a)kernel.org> AuthorDate: Sat, 18 Jan 2025 00:24:33 +01:00 Committer: Thomas Gleixner <tglx(a)linutronix.de> CommitterDate: Thu, 23 Jan 2025 11:47:23 +01:00 hrtimers: Force migrate away hrtimers queued after CPUHP_AP_HRTIMERS_DYING hrtimers are migrated away from the dying CPU to any online target at the CPUHP_AP_HRTIMERS_DYING stage in order not to delay bandwidth timers handling tasks involved in the CPU hotplug forward progress. However wakeups can still be performed by the outgoing CPU after CPUHP_AP_HRTIMERS_DYING. Those can result again in bandwidth timers being armed. Depending on several considerations (crystal ball power management based election, earliest timer already enqueued, timer migration enabled or not), the target may eventually be the current CPU even if offline. If that happens, the timer is eventually ignored. The most notable example is RCU which had to deal with each and every of those wake-ups by deferring them to an online CPU, along with related workarounds: _ e787644caf76 (rcu: Defer RCU kthreads wakeup when CPU is dying) _ 9139f93209d1 (rcu/nocb: Fix RT throttling hrtimer armed from offline CPU) _ f7345ccc62a4 (rcu/nocb: Fix rcuog wake-up from offline softirq) The problem isn't confined to RCU though as the stop machine kthread (which runs CPUHP_AP_HRTIMERS_DYING) reports its completion at the end of its work through cpu_stop_signal_done() and performs a wake up that eventually arms the deadline server timer: WARNING: CPU: 94 PID: 588 at kernel/time/hrtimer.c:1086 hrtimer_start_range_ns+0x289/0x2d0 CPU: 94 UID: 0 PID: 588 Comm: migration/94 Not tainted Stopper: multi_cpu_stop+0x0/0x120 <- stop_machine_cpuslocked+0x66/0xc0 RIP: 0010:hrtimer_start_range_ns+0x289/0x2d0 Call Trace: <TASK> start_dl_timer enqueue_dl_entity dl_server_start enqueue_task_fair enqueue_task ttwu_do_activate try_to_wake_up complete cpu_stopper_thread Instead of providing yet another bandaid to work around the situation, fix it in the hrtimers infrastructure instead: always migrate away a timer to an online target whenever it is enqueued from an offline CPU. This will also allow to revert all the above RCU disgraceful hacks. Fixes: 5c0930ccaad5 ("hrtimers: Push pending hrtimers away from outgoing CPU earlier") Reported-by: Vlad Poenaru <vlad.wing(a)gmail.com> Reported-by: Usama Arif <usamaarif642(a)gmail.com> Signed-off-by: Frederic Weisbecker <frederic(a)kernel.org> Signed-off-by: Paul E. McKenney <paulmck(a)kernel.org> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org Tested-by: Paul E. McKenney <paulmck(a)kernel.org> Link: https://lore.kernel.org/all/20250117232433.24027-1-frederic@kernel.org Closes: 20241213203739.1519801-1-usamaarif642(a)gmail.com --- include/linux/hrtimer_defs.h | 1 +- kernel/time/hrtimer.c | 103 +++++++++++++++++++++++++++------- 2 files changed, 83 insertions(+), 21 deletions(-) diff --git a/include/linux/hrtimer_defs.h b/include/linux/hrtimer_defs.h index c3b4b7e..84a5045 100644 --- a/include/linux/hrtimer_defs.h +++ b/include/linux/hrtimer_defs.h @@ -125,6 +125,7 @@ struct hrtimer_cpu_base { ktime_t softirq_expires_next; struct hrtimer *softirq_next_timer; struct hrtimer_clock_base clock_base[HRTIMER_MAX_CLOCK_BASES]; + call_single_data_t csd; } ____cacheline_aligned; diff --git a/kernel/time/hrtimer.c b/kernel/time/hrtimer.c index 14bd09c..0feb38b 100644 --- a/kernel/time/hrtimer.c +++ b/kernel/time/hrtimer.c @@ -58,6 +58,8 @@ #define HRTIMER_ACTIVE_SOFT (HRTIMER_ACTIVE_HARD << MASK_SHIFT) #define HRTIMER_ACTIVE_ALL (HRTIMER_ACTIVE_SOFT | HRTIMER_ACTIVE_HARD) +static void retrigger_next_event(void *arg); + /* * The timer bases: * @@ -111,7 +113,8 @@ DEFINE_PER_CPU(struct hrtimer_cpu_base, hrtimer_bases) = .clockid = CLOCK_TAI, .get_time = &ktime_get_clocktai, }, - } + }, + .csd = CSD_INIT(retrigger_next_event, NULL) }; static const int hrtimer_clock_to_base_table[MAX_CLOCKS] = { @@ -124,6 +127,14 @@ static const int hrtimer_clock_to_base_table[MAX_CLOCKS] = { [CLOCK_TAI] = HRTIMER_BASE_TAI, }; +static inline bool hrtimer_base_is_online(struct hrtimer_cpu_base *base) +{ + if (!IS_ENABLED(CONFIG_HOTPLUG_CPU)) + return true; + else + return likely(base->online); +} + /* * Functions and macros which are different for UP/SMP systems are kept in a * single place @@ -183,27 +194,54 @@ struct hrtimer_clock_base *lock_hrtimer_base(const struct hrtimer *timer, } /* - * We do not migrate the timer when it is expiring before the next - * event on the target cpu. When high resolution is enabled, we cannot - * reprogram the target cpu hardware and we would cause it to fire - * late. To keep it simple, we handle the high resolution enabled and - * disabled case similar. + * Check if the elected target is suitable considering its next + * event and the hotplug state of the current CPU. + * + * If the elected target is remote and its next event is after the timer + * to queue, then a remote reprogram is necessary. However there is no + * guarantee the IPI handling the operation would arrive in time to meet + * the high resolution deadline. In this case the local CPU becomes a + * preferred target, unless it is offline. + * + * High and low resolution modes are handled the same way for simplicity. * * Called with cpu_base->lock of target cpu held. */ -static int -hrtimer_check_target(struct hrtimer *timer, struct hrtimer_clock_base *new_base) +static bool hrtimer_suitable_target(struct hrtimer *timer, struct hrtimer_clock_base *new_base, + struct hrtimer_cpu_base *new_cpu_base, + struct hrtimer_cpu_base *this_cpu_base) { ktime_t expires; + /* + * The local CPU clockevent can be reprogrammed. Also get_target_base() + * guarantees it is online. + */ + if (new_cpu_base == this_cpu_base) + return true; + + /* + * The offline local CPU can't be the default target if the + * next remote target event is after this timer. Keep the + * elected new base. An IPI will we issued to reprogram + * it as a last resort. + */ + if (!hrtimer_base_is_online(this_cpu_base)) + return true; + expires = ktime_sub(hrtimer_get_expires(timer), new_base->offset); - return expires < new_base->cpu_base->expires_next; + + return expires >= new_base->cpu_base->expires_next; } -static inline -struct hrtimer_cpu_base *get_target_base(struct hrtimer_cpu_base *base, - int pinned) +static inline struct hrtimer_cpu_base *get_target_base(struct hrtimer_cpu_base *base, int pinned) { + if (!hrtimer_base_is_online(base)) { + int cpu = cpumask_any_and(cpu_online_mask, housekeeping_cpumask(HK_TYPE_TIMER)); + + return &per_cpu(hrtimer_bases, cpu); + } + #if defined(CONFIG_SMP) && defined(CONFIG_NO_HZ_COMMON) if (static_branch_likely(&timers_migration_enabled) && !pinned) return &per_cpu(hrtimer_bases, get_nohz_timer_target()); @@ -254,8 +292,8 @@ again: raw_spin_unlock(&base->cpu_base->lock); raw_spin_lock(&new_base->cpu_base->lock); - if (new_cpu_base != this_cpu_base && - hrtimer_check_target(timer, new_base)) { + if (!hrtimer_suitable_target(timer, new_base, new_cpu_base, + this_cpu_base)) { raw_spin_unlock(&new_base->cpu_base->lock); raw_spin_lock(&base->cpu_base->lock); new_cpu_base = this_cpu_base; @@ -264,8 +302,7 @@ again: } WRITE_ONCE(timer->base, new_base); } else { - if (new_cpu_base != this_cpu_base && - hrtimer_check_target(timer, new_base)) { + if (!hrtimer_suitable_target(timer, new_base, new_cpu_base, this_cpu_base)) { new_cpu_base = this_cpu_base; goto again; } @@ -716,8 +753,6 @@ static inline int hrtimer_is_hres_enabled(void) return hrtimer_hres_enabled; } -static void retrigger_next_event(void *arg); - /* * Switch to high resolution mode */ @@ -1205,6 +1240,7 @@ static int __hrtimer_start_range_ns(struct hrtimer *timer, ktime_t tim, u64 delta_ns, const enum hrtimer_mode mode, struct hrtimer_clock_base *base) { + struct hrtimer_cpu_base *this_cpu_base = this_cpu_ptr(&hrtimer_bases); struct hrtimer_clock_base *new_base; bool force_local, first; @@ -1216,10 +1252,16 @@ static int __hrtimer_start_range_ns(struct hrtimer *timer, ktime_t tim, * and enforce reprogramming after it is queued no matter whether * it is the new first expiring timer again or not. */ - force_local = base->cpu_base == this_cpu_ptr(&hrtimer_bases); + force_local = base->cpu_base == this_cpu_base; force_local &= base->cpu_base->next_timer == timer; /* + * Don't force local queuing if this enqueue happens on a unplugged + * CPU after hrtimer_cpu_dying() has been invoked. + */ + force_local &= this_cpu_base->online; + + /* * Remove an active timer from the queue. In case it is not queued * on the current CPU, make sure that remove_hrtimer() updates the * remote data correctly. @@ -1248,8 +1290,27 @@ static int __hrtimer_start_range_ns(struct hrtimer *timer, ktime_t tim, } first = enqueue_hrtimer(timer, new_base, mode); - if (!force_local) - return first; + if (!force_local) { + /* + * If the current CPU base is online, then the timer is + * never queued on a remote CPU if it would be the first + * expiring timer there. + */ + if (hrtimer_base_is_online(this_cpu_base)) + return first; + + /* + * Timer was enqueued remote because the current base is + * already offline. If the timer is the first to expire, + * kick the remote CPU to reprogram the clock event. + */ + if (first) { + struct hrtimer_cpu_base *new_cpu_base = new_base->cpu_base; + + smp_call_function_single_async(new_cpu_base->cpu, &new_cpu_base->csd); + } + return 0; + } /* * Timer was forced to stay on the current CPU to avoid

9 months, 1 week

1
0
0 0

[PATCH 6.1.y] block: fix integer overflow in BLKSECDISCARD

by Rajani kantha

From: Alexey Dobriyan <adobriyan(a)gmail.com> [ upstream commit 697ba0b6ec4ae04afb67d3911799b5e2043b4455 ] I independently rediscovered commit 22d24a544b0d49bbcbd61c8c0eaf77d3c9297155 block: fix overflow in blk_ioctl_discard() but for secure erase. Same problem: uint64_t r[2] = {512, 18446744073709551104ULL}; ioctl(fd, BLKSECDISCARD, r); will enter near infinite loop inside blkdev_issue_secure_erase(): a.out: attempt to access beyond end of device loop0: rw=5, sector=3399043073, nr_sectors = 1024 limit=2048 bio_check_eod: 3286214 callbacks suppressed Signed-off-by: Alexey Dobriyan <adobriyan(a)gmail.com> Link: https://lore.kernel.org/r/9e64057f-650a-46d1-b9f7-34af391536ef@p183 Signed-off-by: Jens Axboe <axboe(a)kernel.dk> Signed-off-by: Rajani Kantha <rajanikantha(a)engineer.com> --- block/ioctl.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/block/ioctl.c b/block/ioctl.c index c7390d8c9fc7..552da0ccbec0 100644 --- a/block/ioctl.c +++ b/block/ioctl.c @@ -115,7 +115,7 @@ static int blk_ioctl_discard(struct block_device *bdev, fmode_t mode, return -EINVAL; filemap_invalidate_lock(inode->i_mapping); - err = truncate_bdev_range(bdev, mode, start, start + len - 1); + err = truncate_bdev_range(bdev, mode, start, end - 1); if (err) goto fail; err = blkdev_issue_discard(bdev, start >> 9, len >> 9, GFP_KERNEL); @@ -127,7 +127,7 @@ static int blk_ioctl_discard(struct block_device *bdev, fmode_t mode, static int blk_ioctl_secure_erase(struct block_device *bdev, fmode_t mode, void __user *argp) { - uint64_t start, len; + uint64_t start, len, end; uint64_t range[2]; int err; @@ -142,11 +142,12 @@ static int blk_ioctl_secure_erase(struct block_device *bdev, fmode_t mode, len = range[1]; if ((start & 511) || (len & 511)) return -EINVAL; - if (start + len > bdev_nr_bytes(bdev)) + if (check_add_overflow(start, len, &end) || + end > bdev_nr_bytes(bdev)) return -EINVAL; filemap_invalidate_lock(bdev->bd_inode->i_mapping); - err = truncate_bdev_range(bdev, mode, start, start + len - 1); + err = truncate_bdev_range(bdev, mode, start, end - 1); if (!err) err = blkdev_issue_secure_erase(bdev, start >> 9, len >> 9, GFP_KERNEL); -- 2.35.3

9 months, 1 week

1
0
0 0

[PATCH 6.6.y] block: fix integer overflow in BLKSECDISCARD

by Rajani kantha

From: Alexey Dobriyan <adobriyan(a)gmail.com> [ upstream commit 697ba0b6ec4ae04afb67d3911799b5e2043b4455 ] I independently rediscovered commit 22d24a544b0d49bbcbd61c8c0eaf77d3c9297155 block: fix overflow in blk_ioctl_discard() but for secure erase. Same problem: uint64_t r[2] = {512, 18446744073709551104ULL}; ioctl(fd, BLKSECDISCARD, r); will enter near infinite loop inside blkdev_issue_secure_erase(): a.out: attempt to access beyond end of device loop0: rw=5, sector=3399043073, nr_sectors = 1024 limit=2048 bio_check_eod: 3286214 callbacks suppressed Signed-off-by: Alexey Dobriyan <adobriyan(a)gmail.com> Link: https://lore.kernel.org/r/9e64057f-650a-46d1-b9f7-34af391536ef@p183 Signed-off-by: Jens Axboe <axboe(a)kernel.dk> Signed-off-by: Rajani Kantha <rajanikantha(a)engineer.com> --- block/ioctl.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/block/ioctl.c b/block/ioctl.c index 378603334284..231537f79a8c 100644 --- a/block/ioctl.c +++ b/block/ioctl.c @@ -115,7 +115,7 @@ static int blk_ioctl_discard(struct block_device *bdev, blk_mode_t mode, return -EINVAL; filemap_invalidate_lock(inode->i_mapping); - err = truncate_bdev_range(bdev, mode, start, start + len - 1); + err = truncate_bdev_range(bdev, mode, start, end - 1); if (err) goto fail; err = blkdev_issue_discard(bdev, start >> 9, len >> 9, GFP_KERNEL); @@ -127,7 +127,7 @@ static int blk_ioctl_discard(struct block_device *bdev, blk_mode_t mode, static int blk_ioctl_secure_erase(struct block_device *bdev, blk_mode_t mode, void __user *argp) { - uint64_t start, len; + uint64_t start, len, end; uint64_t range[2]; int err; @@ -142,11 +142,12 @@ static int blk_ioctl_secure_erase(struct block_device *bdev, blk_mode_t mode, len = range[1]; if ((start & 511) || (len & 511)) return -EINVAL; - if (start + len > bdev_nr_bytes(bdev)) + if (check_add_overflow(start, len, &end) || + end > bdev_nr_bytes(bdev)) return -EINVAL; filemap_invalidate_lock(bdev->bd_inode->i_mapping); - err = truncate_bdev_range(bdev, mode, start, start + len - 1); + err = truncate_bdev_range(bdev, mode, start, end - 1); if (!err) err = blkdev_issue_secure_erase(bdev, start >> 9, len >> 9, GFP_KERNEL); -- 2.35.3

9 months, 1 week

1
0
0 0

[PATCH 6.6.y] cpufreq: amd-pstate: add check for cpufreq_cpu_get's return value

by Rajani kantha

From: Anastasia Belova <abelova(a)astralinux.ru> [ upstream commit 5493f9714e4cdaf0ee7cec15899a231400cb1a9f ] cpufreq_cpu_get may return NULL. To avoid NULL-dereference check it and return in case of error. Found by Linux Verification Center (linuxtesting.org) with SVACE. Signed-off-by: Anastasia Belova <abelova(a)astralinux.ru> Reviewed-by: Perry Yuan <perry.yuan(a)amd.com> Signed-off-by: Viresh Kumar <viresh.kumar(a)linaro.org> <Raj: on 6.6, there don't have function amd_pstate_update_limits() so applied the NULL checking in amd_pstate_adjust_perf() only> Signed-off-by: Rajani Kantha <rajanikantha(a)engineer.com> --- drivers/cpufreq/amd-pstate.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/cpufreq/amd-pstate.c b/drivers/cpufreq/amd-pstate.c index cdead37d0823..a64baa97e358 100644 --- a/drivers/cpufreq/amd-pstate.c +++ b/drivers/cpufreq/amd-pstate.c @@ -579,8 +579,13 @@ static void amd_pstate_adjust_perf(unsigned int cpu, unsigned long max_perf, min_perf, des_perf, cap_perf, lowest_nonlinear_perf, max_freq; struct cpufreq_policy *policy = cpufreq_cpu_get(cpu); - struct amd_cpudata *cpudata = policy->driver_data; unsigned int target_freq; + struct amd_cpudata *cpudata; + + if (!policy) + return; + + cpudata = policy->driver_data; if (policy->min != cpudata->min_limit_freq || policy->max != cpudata->max_limit_freq) amd_pstate_update_min_max_limit(policy); -- 2.35.3

9 months, 1 week

1
1
0 0

SPI regression seen on ARM am335x in kernel 6.12.8 and 6.6.71

by Lars Pedersen

Hi. We have discovered an SPI regression when upgrading from 6.1.99 to a newer LTS version. Same error on kernel 6.6.71 and 6.12.8. I think we have identified the problem down to the reference clock calculation that seems to end up to zero in the spi-omap2-mcspi driver. Also we think it relates to commit 4c6ac5446d060f0bf435ccc8bc3aa7b7b5f718ad, where OMAP2_MCSPI_MAX_FREQ is used as fallback on error. In our case it seems to hit the else case. Snippets for device tree, spi-omap2-mcspi driver and kernel divide by zero error log with dynamic debug enabled. /Lars Pedersen diff --git a/drivers/spi/spi-omap2-mcspi.c b/drivers/spi/spi-omap2-mcspi.c index 67441b2cd603..8fedfc7db1fa 100644 --- a/drivers/spi/spi-omap2-mcspi.c +++ b/drivers/spi/spi-omap2-mcspi.c @@ -1559,12 +1559,13 @@ static int omap2_mcspi_probe(struct platform_device *pdev) dev_err(&pdev->dev, "Cannot request IRQ"); goto free_ctlr; } - + dev_dbg(&pdev->dev, "DEBUG_EXTRA pre calc\n"); mcspi->ref_clk = devm_clk_get_optional_enabled(&pdev->dev, NULL); if (IS_ERR(mcspi->ref_clk)) mcspi->ref_clk_hz = OMAP2_MCSPI_MAX_FREQ; else mcspi->ref_clk_hz = clk_get_rate(mcspi->ref_clk); + dev_dbg(&pdev->dev, "DEBUG_EXTRA: ref_clk_hz %d\n", mcspi->ref_clk_hz); ctlr->max_speed_hz = mcspi->ref_clk_hz; ctlr->min_speed_hz = mcspi->ref_clk_hz >> 15; ---8<--- /dts-v1/; #include "am33xx.dtsi" #include <dt-bindings/interrupt-controller/irq.h> ... &spi0 { status = "okay"; pinctrl-names = "default"; pinctrl-0 = <&spi0_pins_default>; ti,spi-num-cs = <1>; flash@0 { compatible = "jedec,spi-nor"; reg = <0>; spi-tx-bus-width = <1>; spi-rx-bus-width = <1>; spi-max-frequency = <10000000>; partitions { compatible = "fixed-partitions"; #address-cells = <1>; #size-cells = <1>; partition@0 { reg = <0x0 0x1f00000>; label = "radio-program"; }; partition@1f00000 { reg = <0x1f00000 0xe0000>; label = "linux-data"; read-only; }; partition@1fe0000 { reg = <0x1fe0000 0x10000>; label = "radio-config"; read-only; }; partition@1ff0000 { reg = <0x1ff0000 0x10000>; label = "baseband-config"; read-only; }; }; }; }; ---8<--- Jan 16 11:30:53 ptxdist kernel: omap2_mcspi 48030000.spi: DEBUG_EXTRA pre calc Jan 16 11:30:54 ptxdist kernel: omap2_mcspi 48030000.spi: DEBUG_EXTRA: ref_clk_hz 0 Jan 16 11:30:54 ptxdist kernel: omap2_mcspi 48030000.spi: registered host spi0 Jan 16 11:30:54 ptxdist kernel: Division by zero in kernel. Jan 16 11:30:54 ptxdist kernel: CPU: 0 UID: 0 PID: 161 Comm: (udev-worker) Not tainted 6.12.8 #1 Jan 16 11:30:54 ptxdist kernel: Hardware name: Generic AM33XX (Flattened Device Tree) Jan 16 11:30:54 ptxdist kernel: Call trace: Jan 16 11:30:54 ptxdist kernel: dump_backtrace from show_stack+0x20/0x38 Jan 16 11:30:54 ptxdist kernel: r7:c4a7ff00 r6:c0cef6bc r5:00000000 r4:600f0113 Jan 16 11:30:54 ptxdist kernel: show_stack from dump_stack_lvl+0x40/0x78 Jan 16 11:30:54 ptxdist kernel: dump_stack_lvl from dump_stack+0x18/0x28 Jan 16 11:30:54 ptxdist kernel: r7:c4a7ff00 r6:00000008 r5:c477dbc0 r4:c4a7ec00 Jan 16 11:30:54 ptxdist kernel: dump_stack from __div0+0x24/0x34 Jan 16 11:30:54 ptxdist kernel: __div0 from Ldiv0+0x8/0x10 Jan 16 11:30:54 ptxdist kernel: omap2_mcspi_setup_transfer [spi_omap2_mcspi] from omap2_mcspi_setup+0x134/0x20c [spi_omap2_mcspi] Jan 16 11:30:54 ptxdist kernel: r9:c4a7ff28 r8:c477dbd0 r7:c4a7ff00 r6:c4a7ec00 r5:c2572c10 r4:00000001 Jan 16 11:30:54 ptxdist kernel: omap2_mcspi_setup [spi_omap2_mcspi] from spi_setup+0x124/0x4f8 Jan 16 11:30:54 ptxdist kernel: r9:c4a7edaf r8:00000000 r7:c2572c10 r6:c4a7fc00 r5:00000000 r4:c4a7ec00 Jan 16 11:30:54 ptxdist kernel: spi_setup from __spi_add_device+0x15c/0x300 Jan 16 11:30:54 ptxdist kernel: r6:c4a7fc00 r5:c4a7ec00 r4:c4a7ed9f Jan 16 11:30:54 ptxdist kernel: __spi_add_device from of_register_spi_devices+0x74/0x1a8 Jan 16 11:30:54 ptxdist kernel: r10:c0fe67cc r9:c4a7fd98 r8:c4a7fdd4 r7:c4a7ec00 r6:c4a7fc00 r5:00000000 Jan 16 11:30:54 ptxdist kernel: r4:cfce0df4 Jan 16 11:30:54 ptxdist kernel: of_register_spi_devices from spi_register_controller+0x3d0/0x4d0 Jan 16 11:30:54 ptxdist kernel: r9:c4a7fd98 r8:c0fe67d4 r7:c4a7fda0 r6:00000000 r5:c0fe67d4 r4:c4a7fc00 Jan 16 11:30:54 ptxdist kernel: spi_register_controller from devm_spi_register_controller+0x54/0xbc Jan 16 11:30:54 ptxdist kernel: r10:bf006108 r9:c2572c10 r8:c4a7fc00 r7:c2572c10 r6:c4a7fc00 r5:c4a7ff00 Jan 16 11:30:54 ptxdist kernel: r4:c46cd2c0 Jan 16 11:30:54 ptxdist kernel: devm_spi_register_controller from omap2_mcspi_probe+0x51c/0x5cc [spi_omap2_mcspi] Jan 16 11:30:54 ptxdist kernel: r7:c4a7fc00 r6:c2572c10 r5:c4a7ff00 r4:c2572c10 Jan 16 11:30:54 ptxdist kernel: omap2_mcspi_probe [spi_omap2_mcspi] from platform_probe+0x6c/0xd0 Jan 16 11:30:54 ptxdist kernel: r10:d0481ed0 r9:00000001 r8:00000000 r7:c1028ef8 r6:bf004014 r5:c2572c10 Jan 16 11:30:54 ptxdist kernel: r4:00000000 Jan 16 11:30:54 ptxdist kernel: platform_probe from really_probe+0xf0/0x3ec Jan 16 11:30:54 ptxdist kernel: r7:c1028ef8 r6:bf004014 r5:00000000 r4:c2572c10 Jan 16 11:30:54 ptxdist kernel: really_probe from __driver_probe_device+0xac/0x13c Jan 16 11:30:54 ptxdist kernel: r8:c27a50b4 r7:0000007d r6:c2572c10 r5:bf004014 r4:c2572c10 Jan 16 11:30:54 ptxdist kernel: __driver_probe_device from driver_probe_device+0x40/0xe4 Jan 16 11:30:54 ptxdist kernel: r5:bf004014 r4:c1071d9c Jan 16 11:30:54 ptxdist kernel: driver_probe_device from __driver_attach+0x154/0x204 Jan 16 11:30:54 ptxdist kernel: r7:00000000 r6:c2572c54 r5:bf004014 r4:c2572c10 Jan 16 11:30:54 ptxdist kernel: __driver_attach from bus_for_each_dev+0x8c/0xf0 Jan 16 11:30:54 ptxdist kernel: r7:00000000 r6:c20e96c0 r5:c06404ec r4:bf004014 Jan 16 11:30:54 ptxdist kernel: bus_for_each_dev from driver_attach+0x2c/0x44 Jan 16 11:30:54 ptxdist kernel: r7:c20e96c0 r6:00000000 r5:c27a5080 r4:bf004014 Jan 16 11:30:54 ptxdist kernel: driver_attach from bus_add_driver+0x104/0x244 Jan 16 11:30:54 ptxdist kernel: bus_add_driver from driver_register+0x8c/0x164 Jan 16 11:30:54 ptxdist kernel: r8:00000000 r7:bf004100 r6:c101f840 r5:a7ac7714 r4:bf004014 Jan 16 11:30:54 ptxdist kernel: driver_register from __platform_driver_register+0x2c/0x40 Jan 16 11:30:54 ptxdist kernel: r5:a7ac7714 r4:c0fac2fc Jan 16 11:30:54 ptxdist kernel: __platform_driver_register from omap2_mcspi_driver_init+0x38/0x1000 [spi_omap2_mcspi] Jan 16 11:30:54 ptxdist kernel: omap2_mcspi_driver_init [spi_omap2_mcspi] from do_one_initcall+0x68/0x2b8 Jan 16 11:30:54 ptxdist kernel: r5:c2a95800 r4:bf008000 Jan 16 11:30:54 ptxdist kernel: do_one_initcall from do_init_module+0x64/0x218 Jan 16 11:30:54 ptxdist kernel: r8:bf004100 r7:bf004100 r6:c477d240 r5:00000000 r4:bf004100 Jan 16 11:30:54 ptxdist kernel: do_init_module from load_module+0x7e4/0xa18 Jan 16 11:30:54 ptxdist kernel: r6:00000000 r5:00000000 r4:00000000 Jan 16 11:30:54 ptxdist kernel: load_module from init_module_from_file+0xa4/0xec Jan 16 11:30:54 ptxdist kernel: r10:c477c080 r9:c1054a48 r8:c477c080 r7:c1054a38 r6:b5b1d7f0 r5:c477c080 Jan 16 11:30:54 ptxdist kernel: r4:00000000 Jan 16 11:30:54 ptxdist kernel: init_module_from_file from sys_finit_module+0x244/0x39c Jan 16 11:30:54 ptxdist kernel: r6:00000001 r5:000000f4 r4:c2a95800 Jan 16 11:30:54 ptxdist kernel: sys_finit_module from __sys_trace_return+0x0/0x10 Jan 16 11:30:54 ptxdist kernel: Exception stack(0xd0481fa8 to 0xd0481ff0) Jan 16 11:30:54 ptxdist kernel: 1fa0: 14cb6a00 00000000 0000001a b5b1d7f0 00000000 00000000 Jan 16 11:30:54 ptxdist kernel: 1fc0: 14cb6a00 00000000 00826358 0000017b 008456d0 b6f75934 b5b1739d 00000000 Jan 16 11:30:54 ptxdist kernel: 1fe0: bee9d538 bee9d528 b5b16643 b6c5d262 Jan 16 11:30:54 ptxdist kernel: r10:0000017b r9:c2a95800 r8:c01002c4 r7:0000017b r6:00826358 r5:00000000 Jan 16 11:30:54 ptxdist kernel: r4:14cb6a00 Jan 16 11:30:54 ptxdist kernel: Division by zero in kernel. Jan 16 11:30:54 ptxdist kernel: CPU: 0 UID: 0 PID: 161 Comm: (udev-worker) Not tainted 6.12.8 #1 Jan 16 11:30:54 ptxdist kernel: Hardware name: Generic AM33XX (Flattened Device Tree) Jan 16 11:30:54 ptxdist kernel: Call trace: Jan 16 11:30:54 ptxdist kernel: dump_backtrace from show_stack+0x20/0x38 Jan 16 11:30:54 ptxdist kernel: r7:c4a7ff00 r6:c0cef6bc r5:00000000 r4:600f0113 Jan 16 11:30:54 ptxdist kernel: show_stack from dump_stack_lvl+0x40/0x78 Jan 16 11:30:54 ptxdist kernel: dump_stack_lvl from dump_stack+0x18/0x28 Jan 16 11:30:54 ptxdist kernel: r7:c4a7ff00 r6:00000008 r5:c477dbc0 r4:c4a7ec00 Jan 16 11:30:54 ptxdist kernel: dump_stack from __div0+0x24/0x34 Jan 16 11:30:54 ptxdist kernel: __div0 from Ldiv0+0x8/0x10 Jan 16 11:30:54 ptxdist kernel: omap2_mcspi_setup_transfer [spi_omap2_mcspi] from omap2_mcspi_setup+0x134/0x20c [spi_omap2_mcspi] Jan 16 11:30:54 ptxdist kernel: r9:c4a7ff28 r8:c477dbd0 r7:c4a7ff00 r6:c4a7ec00 r5:c2572c10 r4:00000001 Jan 16 11:30:54 ptxdist kernel: omap2_mcspi_setup [spi_omap2_mcspi] from spi_setup+0x124/0x4f8 Jan 16 11:30:54 ptxdist kernel: r9:c4a7edaf r8:00000000 r7:c2572c10 r6:c4a7fc00 r5:00000000 r4:c4a7ec00 Jan 16 11:30:54 ptxdist kernel: spi_setup from __spi_add_device+0x15c/0x300 Jan 16 11:30:54 ptxdist kernel: r6:c4a7fc00 r5:c4a7ec00 r4:c4a7ed9f Jan 16 11:30:54 ptxdist kernel: __spi_add_device from of_register_spi_devices+0x74/0x1a8 Jan 16 11:30:54 ptxdist kernel: r10:c0fe67cc r9:c4a7fd98 r8:c4a7fdd4 r7:c4a7ec00 r6:c4a7fc00 r5:00000000 Jan 16 11:30:54 ptxdist kernel: r4:cfce0df4 Jan 16 11:30:54 ptxdist kernel: of_register_spi_devices from spi_register_controller+0x3d0/0x4d0 Jan 16 11:30:54 ptxdist kernel: r9:c4a7fd98 r8:c0fe67d4 r7:c4a7fda0 r6:00000000 r5:c0fe67d4 r4:c4a7fc00 Jan 16 11:30:54 ptxdist kernel: spi_register_controller from devm_spi_register_controller+0x54/0xbc Jan 16 11:30:54 ptxdist kernel: r10:bf006108 r9:c2572c10 r8:c4a7fc00 r7:c2572c10 r6:c4a7fc00 r5:c4a7ff00 Jan 16 11:30:54 ptxdist kernel: r4:c46cd2c0 Jan 16 11:30:54 ptxdist kernel: devm_spi_register_controller from omap2_mcspi_probe+0x51c/0x5cc [spi_omap2_mcspi] Jan 16 11:30:54 ptxdist kernel: r7:c4a7fc00 r6:c2572c10 r5:c4a7ff00 r4:c2572c10 Jan 16 11:30:54 ptxdist kernel: omap2_mcspi_probe [spi_omap2_mcspi] from platform_probe+0x6c/0xd0 Jan 16 11:30:54 ptxdist kernel: r10:d0481ed0 r9:00000001 r8:00000000 r7:c1028ef8 r6:bf004014 r5:c2572c10 Jan 16 11:30:54 ptxdist kernel: r4:00000000 Jan 16 11:30:54 ptxdist kernel: platform_probe from really_probe+0xf0/0x3ec Jan 16 11:30:54 ptxdist kernel: r7:c1028ef8 r6:bf004014 r5:00000000 r4:c2572c10 Jan 16 11:30:54 ptxdist kernel: really_probe from __driver_probe_device+0xac/0x13c Jan 16 11:30:54 ptxdist kernel: r8:c27a50b4 r7:0000007d r6:c2572c10 r5:bf004014 r4:c2572c10 Jan 16 11:30:54 ptxdist kernel: __driver_probe_device from driver_probe_device+0x40/0xe4 Jan 16 11:30:54 ptxdist kernel: r5:bf004014 r4:c1071d9c Jan 16 11:30:54 ptxdist kernel: driver_probe_device from __driver_attach+0x154/0x204 Jan 16 11:30:54 ptxdist kernel: r7:00000000 r6:c2572c54 r5:bf004014 r4:c2572c10 Jan 16 11:30:54 ptxdist kernel: __driver_attach from bus_for_each_dev+0x8c/0xf0 Jan 16 11:30:54 ptxdist kernel: r7:00000000 r6:c20e96c0 r5:c06404ec r4:bf004014 Jan 16 11:30:54 ptxdist kernel: bus_for_each_dev from driver_attach+0x2c/0x44 Jan 16 11:30:54 ptxdist kernel: r7:c20e96c0 r6:00000000 r5:c27a5080 r4:bf004014 Jan 16 11:30:54 ptxdist kernel: driver_attach from bus_add_driver+0x104/0x244 Jan 16 11:30:54 ptxdist kernel: bus_add_driver from driver_register+0x8c/0x164 Jan 16 11:30:54 ptxdist kernel: r8:00000000 r7:bf004100 r6:c101f840 r5:a7ac7714 r4:bf004014 Jan 16 11:30:54 ptxdist kernel: driver_register from __platform_driver_register+0x2c/0x40 Jan 16 11:30:54 ptxdist kernel: r5:a7ac7714 r4:c0fac2fc Jan 16 11:30:54 ptxdist kernel: __platform_driver_register from omap2_mcspi_driver_init+0x38/0x1000 [spi_omap2_mcspi] Jan 16 11:30:54 ptxdist kernel: omap2_mcspi_driver_init [spi_omap2_mcspi] from do_one_initcall+0x68/0x2b8 Jan 16 11:30:54 ptxdist kernel: r5:c2a95800 r4:bf008000 Jan 16 11:30:54 ptxdist kernel: do_one_initcall from do_init_module+0x64/0x218 Jan 16 11:30:54 ptxdist kernel: r8:bf004100 r7:bf004100 r6:c477d240 r5:00000000 r4:bf004100 Jan 16 11:30:54 ptxdist kernel: do_init_module from load_module+0x7e4/0xa18 Jan 16 11:30:54 ptxdist kernel: r6:00000000 r5:00000000 r4:00000000 Jan 16 11:30:54 ptxdist kernel: load_module from init_module_from_file+0xa4/0xec Jan 16 11:30:54 ptxdist kernel: r10:c477c080 r9:c1054a48 r8:c477c080 r7:c1054a38 r6:b5b1d7f0 r5:c477c080 Jan 16 11:30:54 ptxdist kernel: r4:00000000 Jan 16 11:30:54 ptxdist kernel: init_module_from_file from sys_finit_module+0x244/0x39c Jan 16 11:30:54 ptxdist kernel: r6:00000001 r5:000000f4 r4:c2a95800 Jan 16 11:30:54 ptxdist kernel: sys_finit_module from __sys_trace_return+0x0/0x10 Jan 16 11:30:54 ptxdist kernel: Exception stack(0xd0481fa8 to 0xd0481ff0) Jan 16 11:30:54 ptxdist kernel: 1fa0: 14cb6a00 00000000 0000001a b5b1d7f0 00000000 00000000 Jan 16 11:30:54 ptxdist kernel: 1fc0: 14cb6a00 00000000 00826358 0000017b 008456d0 b6f75934 b5b1739d 00000000 Jan 16 11:30:55 ptxdist kernel: 1fe0: bee9d538 bee9d528 b5b16643 b6c5d262 Jan 16 11:30:55 ptxdist kernel: r10:0000017b r9:c2a95800 r8:c01002c4 r7:0000017b r6:00826358 r5:00000000 Jan 16 11:30:55 ptxdist kernel: r4:14cb6a00 Jan 16 11:30:55 ptxdist kernel: spi spi0.0: setup: speed 0, sample leading edge, clk normal Jan 16 11:30:55 ptxdist kernel: spi spi0.0: setup mode 0, 8 bits/w, 10000000 Hz max --> 0

9 months, 1 week

3
3
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror January 2025