January 2025 - Linux-stable-mirror

[PATCH] drm/sched: Remove job submit/free race when using unordered workqueues

by Tvrtko Ursulin

After commit f7fe64ad0f22 ("drm/sched: Split free_job into own work item") and with drivers who use the unordered workqueue sched_jobs can be freed in parallel as soon as the complete_all(&entity->entity_idle) is called. This makes all dereferencing in the lower part of the worker unsafe so lets fix it by moving the complete_all() call to after the worker is done touching the job. Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Fixes: f7fe64ad0f22 ("drm/sched: Split free_job into own work item") Cc: Christian König <christian.koenig(a)amd.com> Cc: Danilo Krummrich <dakr(a)redhat.com> Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: Philipp Stanner <pstanner(a)redhat.com> Cc: <stable(a)vger.kernel.org> # v6.8+ --- drivers/gpu/drm/scheduler/sched_main.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/drivers/gpu/drm/scheduler/sched_main.c b/drivers/gpu/drm/scheduler/sched_main.c index 57da84908752..f0d02c061c23 100644 --- a/drivers/gpu/drm/scheduler/sched_main.c +++ b/drivers/gpu/drm/scheduler/sched_main.c @@ -1188,7 +1188,6 @@ static void drm_sched_run_job_work(struct work_struct *w) container_of(w, struct drm_gpu_scheduler, work_run_job); struct drm_sched_entity *entity; struct dma_fence *fence; - struct drm_sched_fence *s_fence; struct drm_sched_job *sched_job; int r; @@ -1207,15 +1206,12 @@ static void drm_sched_run_job_work(struct work_struct *w) return; } - s_fence = sched_job->s_fence; - atomic_add(sched_job->credits, &sched->credit_count); drm_sched_job_begin(sched_job); trace_drm_run_job(sched_job, entity); fence = sched->ops->run_job(sched_job); - complete_all(&entity->entity_idle); - drm_sched_fence_scheduled(s_fence, fence); + drm_sched_fence_scheduled(sched_job->s_fence, fence); if (!IS_ERR_OR_NULL(fence)) { /* Drop for original kref_init of the fence */ @@ -1232,6 +1228,7 @@ static void drm_sched_run_job_work(struct work_struct *w) PTR_ERR(fence) : 0); } + complete_all(&entity->entity_idle); wake_up(&sched->job_scheduled); drm_sched_run_job_queue(sched); } -- 2.47.1

3 months, 1 week

1
0
0 0

[PATCH 1/2] Revert "drm/meson: vclk: fix calculation of 59.94 fractional rates"

by Christian Hewitt

This reverts commit bfbc68e4d8695497f858a45a142665e22a512ea3. The patch does permit the offending YUV420 @ 59.94 phy_freq and vclk_freq mode to match in calculations. It also results in all fractional rates being unavailable for use. This was unintended and requires the patch to be reverted. Cc: <stable(a)vger.kernel.org> Signed-off-by: Christian Hewitt <christianshewitt(a)gmail.com> --- drivers/gpu/drm/meson/meson_vclk.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/gpu/drm/meson/meson_vclk.c b/drivers/gpu/drm/meson/meson_vclk.c index 2a942dc6a6dc..2a82119eb58e 100644 --- a/drivers/gpu/drm/meson/meson_vclk.c +++ b/drivers/gpu/drm/meson/meson_vclk.c @@ -790,13 +790,13 @@ meson_vclk_vic_supported_freq(struct meson_drm *priv, unsigned int phy_freq, FREQ_1000_1001(params[i].pixel_freq)); DRM_DEBUG_DRIVER("i = %d phy_freq = %d alt = %d\n", i, params[i].phy_freq, - FREQ_1000_1001(params[i].phy_freq/1000)*1000); + FREQ_1000_1001(params[i].phy_freq/10)*10); /* Match strict frequency */ if (phy_freq == params[i].phy_freq && vclk_freq == params[i].vclk_freq) return MODE_OK; /* Match 1000/1001 variant */ - if (phy_freq == (FREQ_1000_1001(params[i].phy_freq/1000)*1000) && + if (phy_freq == (FREQ_1000_1001(params[i].phy_freq/10)*10) && vclk_freq == FREQ_1000_1001(params[i].vclk_freq)) return MODE_OK; } @@ -1070,7 +1070,7 @@ void meson_vclk_setup(struct meson_drm *priv, unsigned int target, for (freq = 0 ; params[freq].pixel_freq ; ++freq) { if ((phy_freq == params[freq].phy_freq || - phy_freq == FREQ_1000_1001(params[freq].phy_freq/1000)*1000) && + phy_freq == FREQ_1000_1001(params[freq].phy_freq/10)*10) && (vclk_freq == params[freq].vclk_freq || vclk_freq == FREQ_1000_1001(params[freq].vclk_freq))) { if (vclk_freq != params[freq].vclk_freq) -- 2.34.1

3 months, 1 week

2
1
0 0

[PATCH net v2 2/5] vsock/bpf: return early if transport is not assigned

by Stefano Garzarella

Some of the core functions can only be called if the transport has been assigned. As Michal reported, a socket might have the transport at NULL, for example after a failed connect(), causing the following trace: BUG: kernel NULL pointer dereference, address: 00000000000000a0 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 12faf8067 P4D 12faf8067 PUD 113670067 PMD 0 Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 15 UID: 0 PID: 1198 Comm: a.out Not tainted 6.13.0-rc2+ RIP: 0010:vsock_connectible_has_data+0x1f/0x40 Call Trace: vsock_bpf_recvmsg+0xca/0x5e0 sock_recvmsg+0xb9/0xc0 __sys_recvfrom+0xb3/0x130 __x64_sys_recvfrom+0x20/0x30 do_syscall_64+0x93/0x180 entry_SYSCALL_64_after_hwframe+0x76/0x7e So we need to check the `vsk->transport` in vsock_bpf_recvmsg(), especially for connected sockets (stream/seqpacket) as we already do in __vsock_connectible_recvmsg(). Fixes: 634f1a7110b4 ("vsock: support sockmap") Cc: stable(a)vger.kernel.org Reported-by: Michal Luczaj <mhal(a)rbox.co> Closes: https://lore.kernel.org/netdev/5ca20d4c-1017-49c2-9516-f6f75fd331e9@rbox.co/ Tested-by: Michal Luczaj <mhal(a)rbox.co> Reported-by: syzbot+3affdbfc986ecd9200fd(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/netdev/677f84a8.050a0220.25a300.01b3.GAE@google.com/ Tested-by: syzbot+3affdbfc986ecd9200fd(a)syzkaller.appspotmail.com Reviewed-by: Hyunwoo Kim <v4bel(a)theori.io> Acked-by: Michael S. Tsirkin <mst(a)redhat.com> Reviewed-by: Luigi Leonardi <leonardi(a)redhat.com> Signed-off-by: Stefano Garzarella <sgarzare(a)redhat.com> --- net/vmw_vsock/vsock_bpf.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/net/vmw_vsock/vsock_bpf.c b/net/vmw_vsock/vsock_bpf.c index 4aa6e74ec295..f201d9eca1df 100644 --- a/net/vmw_vsock/vsock_bpf.c +++ b/net/vmw_vsock/vsock_bpf.c @@ -77,6 +77,7 @@ static int vsock_bpf_recvmsg(struct sock *sk, struct msghdr *msg, size_t len, int flags, int *addr_len) { struct sk_psock *psock; + struct vsock_sock *vsk; int copied; psock = sk_psock_get(sk); @@ -84,6 +85,13 @@ static int vsock_bpf_recvmsg(struct sock *sk, struct msghdr *msg, return __vsock_recvmsg(sk, msg, len, flags); lock_sock(sk); + vsk = vsock_sk(sk); + + if (!vsk->transport) { + copied = -ENODEV; + goto out; + } + if (vsock_has_data(sk, psock) && sk_psock_queue_empty(psock)) { release_sock(sk); sk_psock_put(sk, psock); @@ -108,6 +116,7 @@ static int vsock_bpf_recvmsg(struct sock *sk, struct msghdr *msg, copied = sk_msg_recvmsg(sk, psock, msg, len, flags); } +out: release_sock(sk); sk_psock_put(sk, psock); -- 2.47.1

3 months, 1 week

1
0
0 0

[PATCH 5.10 000/138] 5.10.233-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.10.233 release. There are 138 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 08 Jan 2025 15:11:04 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.233-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.10.233-rc1 Seiji Nishikawa <snishika(a)redhat.com> mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim() Biju Das <biju.das.jz(a)bp.renesas.com> drm: adv7511: Drop dsi single lane support Nikolay Kuratov <kniv(a)yandex-team.ru> net/sctp: Prevent autoclose integer overflow in sctp_association_init() Pascal Hambourg <pascal(a)plouf.fr.eu.org> sky2: Add device ID 11ab:4373 for Marvell 88E8075 Evgenii Shatokhin <e.shatokhin(a)yadro.com> pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking Dan Carpenter <dan.carpenter(a)linaro.org> RDMA/uverbs: Prevent integer overflow issue Masahiro Yamada <masahiroy(a)kernel.org> modpost: fix the missed iteration for the max bit in do_input() Masahiro Yamada <masahiroy(a)kernel.org> modpost: fix input MODULE_DEVICE_TABLE() built for 64-bit on 32-bit host Zygo Blaxell <ce3g8jdj(a)umail.furryterror.org> btrfs: don't set lock_owner when locking extent buffer for reading Josef Bacik <josef(a)toxicpanda.com> btrfs: locking: remove the recursion handling code Leon Romanovsky <leon(a)kernel.org> ARC: build: Try to guess GCC variant of cross compiler Uros Bizjak <ubizjak(a)gmail.com> irqchip/gic: Correct declaration of *percpu_base pointer in union gic_base Daniele Palmas <dnlplm(a)gmail.com> net: usb: qmi_wwan: add Telit FE910C04 compositions Anton Protopopov <aspsk(a)isovalent.com> bpf: fix potential error return Adrian Ratiu <adrian.ratiu(a)collabora.com> sound: usb: format: don't warn that raw DSD is unsupported Filipe Manana <fdmanana(a)suse.com> btrfs: flush delalloc workers queue before stopping cleaner kthread during unmount Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: mac80211: wake the queues in case of failure in resume Lizhi Xu <lizhi.xu(a)windriver.com> tracing: Prevent bad count for tracing_cpumask_write Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> kernel: Initialize cpumask before parsing Filipe Manana <fdmanana(a)suse.com> btrfs: fix use-after-free when COWing tree bock and tracing is enabled Filipe Manana <fdmanana(a)suse.com> btrfs: rename and export __btrfs_cow_block() Josef Bacik <josef(a)toxicpanda.com> btrfs: locking: remove all the blocking helpers Josef Bacik <josef(a)toxicpanda.com> btrfs: switch extent buffer tree lock to rw_semaphore Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> dmaengine: dw: Select only supported masters for ACPI devices Eric Dumazet <edumazet(a)google.com> ila: serialize calls to nf_register_net_hooks() Eric Dumazet <edumazet(a)google.com> af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK Eric Dumazet <edumazet(a)google.com> af_packet: fix vlan_get_tci() vs MSG_PEEK Li Zhijian <lizhijian(a)fujitsu.com> RDMA/rtrs: Ensure 'ib_sge list' is accessible Vitalii Mordan <mordan(a)ispras.ru> eth: bcmsysport: fix call balance of priv->clk handling routines Tanya Agarwal <tanyaagarwal25699(a)gmail.com> ALSA: usb-audio: US16x08: Initialize array before use Antonio Pastor <antonio.pastor(a)gmail.com> net: llc: reset skb->transport_header Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext Ilya Shchipletsov <rabbelkin(a)mail.ru> netrom: check buffer length before accessing it Stefan Ekenberg <stefan.ekenberg(a)axis.com> drm/bridge: adv7511_audio: Update Audio InfoFrame properly Selvin Xavier <selvin.xavier(a)broadcom.com> RDMA/bnxt_re: Fix the locking while accessing the QP table Selvin Xavier <selvin.xavier(a)broadcom.com> RDMA/bnxt_re: Fix max_qp_wrs reported Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Fix reporting hw_ver in query_device Saravanan Vajravel <saravanan.vajravel(a)broadcom.com> RDMA/bnxt_re: Add check for path mtu in modify_qp Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Enforce same type port association for multiport RoCE Parav Pandit <parav(a)nvidia.com> net/mlx5: Make API mlx5_core_is_ecpf accept const pointer Kairui Song <kasong(a)tencent.com> zram: fix uninitialized ZRAM not releasing backing device Sergey Senozhatsky <senozhatsky(a)chromium.org> drivers/block/zram/zram_drv.c: do not keep dangling zcomp pointer after zram reset Christoph Hellwig <hch(a)lst.de> zram: use set_capacity_and_notify Christoph Hellwig <hch(a)lst.de> block: remove the update_bdev parameter to set_capacity_revalidate_and_notify Christoph Hellwig <hch(a)lst.de> sd: update the bdev size in sd_revalidate_disk Christoph Hellwig <hch(a)lst.de> nvme: let set_capacity_revalidate_and_notify update the bdev size Christoph Hellwig <hch(a)lst.de> loop: let set_capacity_revalidate_and_notify update the bdev size Mika Westerberg <mika.westerberg(a)linux.intel.com> thunderbolt: Add support for Intel Panther Lake-M/P Mika Westerberg <mika.westerberg(a)linux.intel.com> thunderbolt: Add support for Intel Lunar Lake Mika Westerberg <mika.westerberg(a)linux.intel.com> thunderbolt: Add Intel Barlow Ridge PCI ID Mika Westerberg <mika.westerberg(a)linux.intel.com> thunderbolt: Add support for Intel Meteor Lake George D Sworo <george.d.sworo(a)intel.com> thunderbolt: Add support for Intel Raptor Lake Azhar Shaikh <azhar.shaikh(a)intel.com> thunderbolt: Add support for Intel Alder Lake Thiébaud Weksteen <tweek(a)google.com> selinux: ignore unknown extended permissions Naman Jain <namjain(a)linux.microsoft.com> x86/hyperv: Fix hv tsc page based sched_clock for hibernation Eric Dumazet <edumazet(a)google.com> ipv6: prevent possible UAF in ip6_xmit() Vasily Averin <vvs(a)virtuozzo.com> skb_expand_head() adjust skb->truesize incorrectly Yang Erkun <yangerkun(a)huaweicloud.com> nfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net Filipe Manana <fdmanana(a)suse.com> btrfs: avoid monopolizing a core when activating a swap file Dimitri Fedrau <dimitri.fedrau(a)liebherr.com> power: supply: gpio-charger: Fix set charge current limits Christian Göttsche <cgzones(a)googlemail.com> tracing: Constify string literal data member in struct trace_event_call Catalin Marinas <catalin.marinas(a)arm.com> arm64: Ensure bits ASID[15:8] are masked out when the kernel uses 8-bit ASIDs Yunfeng Ye <yeyunfeng(a)huawei.com> arm64: mm: Rename asid2idx() to ctxid2asid() Imre Deak <imre.deak(a)intel.com> drm/dp_mst: Fix MST sideband message body length check Jiayuan Chen <mrpre(a)163.com> bpf: fix recursive lock when verdict program return SK_PASS Hou Tao <houtao1(a)huawei.com> bpf: Check validity of link->type in bpf_link_show_fdinfo() Eric Dumazet <edumazet(a)google.com> ipv6: fix possible UAF in ip6_finish_output2() Vasily Averin <vvs(a)virtuozzo.com> ipv6: use skb_expand_head in ip6_xmit Vasily Averin <vvs(a)virtuozzo.com> ipv6: use skb_expand_head in ip6_finish_output2 Vasily Averin <vvs(a)virtuozzo.com> skbuff: introduce skb_expand_head() Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: Probe toolchain support of -msym32 Ming Lei <ming.lei(a)redhat.com> virtio-blk: don't keep queue frozen during system suspend Cathy Avery <cavery(a)redhat.com> scsi: storvsc: Do not flag MAINTENANCE_IN return of SRB_STATUS_DATA_OVERRUN as an error Ranjan Kumar <ranjan.kumar(a)broadcom.com> scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time Armin Wolf <W_Armin(a)gmx.de> platform/x86: asus-nb-wmi: Ignore unknown event 0xCF Mark Brown <broonie(a)kernel.org> regmap: Use correct format specifier for logging range errors bo liu <bo.liu(a)senarytech.com> ALSA: hda/conexant: fix Z60MR100 startup pop issue Tomas Henzl <thenzl(a)redhat.com> scsi: megaraid_sas: Fix for a potential deadlock Magnus Lindholm <linmag7(a)gmail.com> scsi: qla1280: Fix hw revision numbering for ISP1020/1040 James Hilliard <james.hilliard1(a)gmail.com> watchdog: it87_wdt: add PWRGD enable quirk for Qotom QCML04 Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing/kprobe: Make trace_kprobe's module callback called after jump_label update Dan Carpenter <dan.carpenter(a)linaro.org> mtd: rawnand: fix double free in atmel_pmecc_create_user() Chen Ridong <chenridong(a)huawei.com> dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset Javier Carrasco <javier.carrasco.cruz(a)gmail.com> dmaengine: mv_xor: fix child node refcount handling in early exit Zijun Hu <quic_zijuhu(a)quicinc.com> phy: core: Fix that API devm_phy_destroy() fails to destroy the phy Zijun Hu <quic_zijuhu(a)quicinc.com> phy: core: Fix that API devm_of_phy_provider_unregister() fails to unregister the phy provider Zijun Hu <quic_zijuhu(a)quicinc.com> phy: core: Fix that API devm_phy_put() fails to release the phy Zijun Hu <quic_zijuhu(a)quicinc.com> phy: core: Fix an OF node refcount leakage in of_phy_provider_lookup() Zijun Hu <quic_zijuhu(a)quicinc.com> phy: core: Fix an OF node refcount leakage in _of_phy_get() Zichen Xie <zichenxie0106(a)gmail.com> mtd: diskonchip: Cast an operand to prevent potential overflow NeilBrown <neilb(a)suse.de> nfsd: restore callback functionality for NFSv4.0 Cong Wang <cong.wang(a)bytedance.com> bpf: Check negative offsets in __bpf_skb_min_len() Cong Wang <cong.wang(a)bytedance.com> tcp_bpf: Charge receive socket buffer in bpf_tcp_ingress() Bart Van Assche <bvanassche(a)acm.org> mm/vmstat: fix a W=1 clang compiler warning Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg Xuewen Yan <xuewen.yan(a)unisoc.com> epoll: Add synchronous wakeup support for ep_poll_callback Ilya Dryomov <idryomov(a)gmail.com> ceph: validate snapdirname option length when mounting Zijun Hu <quic_zijuhu(a)quicinc.com> of: Fix refcount leakage for OF node returned by __of_get_dma_parent() Herve Codina <herve.codina(a)bootlin.com> of: Fix error path in of_parse_phandle_with_args_map() Jann Horn <jannh(a)google.com> udmabuf: also check for F_SEAL_FUTURE_WRITE Edward Adam Davis <eadavis(a)qq.com> nilfs2: prevent use of deleted inode Zijun Hu <quic_zijuhu(a)quicinc.com> of/irq: Fix using uninitialized variable @addr_len in API of_irq_parse_one() Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS/pnfs: Fix a live lock between recalled layouts and layoutget Michael Kelley <mhklinux(a)outlook.com> Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet Qu Wenruo <wqu(a)suse.com> btrfs: tree-checker: reject inline extent items with 0 ref count Kairui Song <kasong(a)tencent.com> zram: refuse to use zero sized block device as backing device Geert Uytterhoeven <geert+renesas(a)glider.be> sh: clk: Fix clk_enable() to return 0 on NULL clk Murad Masimov <m.masimov(a)maxima.ru> hwmon: (tmp513) Fix interpretation of values of Temperature Result and Limit Registers Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/modes: Avoid divide by zero harder in drm_mode_vrefresh() Daniele Palmas <dnlplm(a)gmail.com> USB: serial: option: add Telit FE910C04 rmnet compositions Jack Wu <wojackbb(a)gmail.com> USB: serial: option: add MediaTek T7XX compositions Mank Wang <mank.wang(a)netprisma.com> USB: serial: option: add Netprisma LCUK54 modules for WWAN Ready Michal Hrusecky <michal.hrusecky(a)turris.com> USB: serial: option: add MeiG Smart SLM770A Daniel Swanemar <d.swanemar(a)gmail.com> USB: serial: option: add TCL IK512 MBIM & ECM James Bottomley <James.Bottomley(a)HansenPartnership.com> efivarfs: Fix error on non-existent file Geert Uytterhoeven <geert+renesas(a)glider.be> i2c: riic: Always round-up when calculating bus period Dan Carpenter <dan.carpenter(a)linaro.org> chelsio/chtls: prevent potential integer overflow on 32bit Prathamesh Shete <pshete(a)nvidia.com> mmc: sdhci-tegra: Remove SDHCI_QUIRK_BROKEN_ADMA_ZEROLEN_DESC quirk Phil Sutter <phil(a)nwl.cc> netfilter: ipset: Fix for recursive locking warning Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> net: ethernet: bgmac-platform: fix an OF node reference leak Dan Carpenter <dan.carpenter(a)linaro.org> net: hinic: Fix cleanup in create_rxqs/txqs() Shannon Nelson <shannon.nelson(a)amd.com> ionic: use ee->offset when returning sprom data Eric Dumazet <edumazet(a)google.com> netdevsim: prevent bad user input in nsim_dev_health_break_write() Wei Yongjun <weiyongjun1(a)huawei.com> netdevsim: switch to memdup_user_nul() Guangguan Wang <guangguan.wang(a)linux.alibaba.com> net/smc: check return value of sock_recvmsg when draining clc data Guangguan Wang <guangguan.wang(a)linux.alibaba.com> net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg Guangguan Wang <guangguan.wang(a)linux.alibaba.com> net/smc: check sndbuf_space again after NOSPACE flag is set in smc_poll Gao Xiang <hsiangkao(a)linux.alibaba.com> erofs: fix incorrect symlink detection in fast symlink Gao Xiang <hsiangkao(a)linux.alibaba.com> erofs: fix order >= MAX_ORDER warning due to crafted negative i_size Vladimir Riabchun <ferr.lambarginio(a)gmail.com> i2c: pnx: Fix timeout in wait functions Peng Hongchi <hongchi.peng(a)siengine.com> usb: dwc2: gadget: Don't write invalid mapped sg entries into dma_desc with iommu enabled Roger Quadros <rogerq(a)kernel.org> usb: cdns3: Add quirk flag to enable suspend residency Ajit Khaparde <ajit.khaparde(a)broadcom.com> PCI: Add ACS quirk for Broadcom BCM5760X NIC Takashi Iwai <tiwai(a)suse.de> ALSA: usb: Fix UBSAN warning in parse_audio_unit() Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: Loongson64: DTS: Fix msi node for ls7a Vidya Sagar <vidyas(a)nvidia.com> PCI: Use preserve_config in place of pci_flags Kai-Heng Feng <kai.heng.feng(a)canonical.com> PCI/AER: Disable AER service on suspend Lion Ackermann <nnamrec(a)gmail.com> net: sched: fix ordering of qlen adjustment ------------- Diffstat: Makefile | 4 +- arch/arc/Makefile | 2 +- arch/arm64/mm/context.c | 22 +- arch/mips/Makefile | 2 +- .../boot/dts/loongson/loongson64g_4core_ls7a.dts | 1 + arch/x86/kernel/cpu/mshyperv.c | 58 +++ block/genhd.c | 13 +- drivers/base/regmap/regmap.c | 4 +- drivers/block/loop.c | 8 +- drivers/block/virtio_blk.c | 9 +- drivers/block/xen-blkfront.c | 2 +- drivers/block/zram/zram_drv.c | 35 +- drivers/clocksource/hyperv_timer.c | 14 +- drivers/dma-buf/udmabuf.c | 2 +- drivers/dma/at_xdmac.c | 2 + drivers/dma/dw/acpi.c | 6 +- drivers/dma/dw/internal.h | 6 + drivers/dma/dw/pci.c | 4 +- drivers/dma/mv_xor.c | 2 + drivers/gpu/drm/bridge/adv7511/adv7511_audio.c | 14 +- drivers/gpu/drm/bridge/adv7511/adv7533.c | 2 +- drivers/gpu/drm/drm_dp_mst_topology.c | 3 + drivers/gpu/drm/drm_modes.c | 11 +- drivers/hv/hv_kvp.c | 6 + drivers/hv/hv_snapshot.c | 6 + drivers/hv/hv_util.c | 9 + drivers/hv/hyperv_vmbus.h | 2 + drivers/hwmon/tmp513.c | 2 +- drivers/i2c/busses/i2c-pnx.c | 4 +- drivers/i2c/busses/i2c-riic.c | 2 +- drivers/infiniband/core/uverbs_cmd.c | 16 +- drivers/infiniband/hw/bnxt_re/ib_verbs.c | 28 +- drivers/infiniband/hw/bnxt_re/qplib_fp.c | 2 + drivers/infiniband/hw/bnxt_re/qplib_sp.c | 2 +- drivers/infiniband/hw/mlx5/main.c | 6 +- drivers/infiniband/ulp/rtrs/rtrs-srv.c | 2 +- drivers/irqchip/irq-gic.c | 2 +- drivers/media/dvb-frontends/dib3000mb.c | 2 +- drivers/mmc/host/sdhci-tegra.c | 1 - drivers/mtd/nand/raw/atmel/pmecc.c | 4 +- drivers/mtd/nand/raw/diskonchip.c | 2 +- drivers/net/ethernet/broadcom/bcmsysport.c | 21 +- drivers/net/ethernet/broadcom/bgmac-platform.c | 5 +- .../chelsio/inline_crypto/chtls/chtls_main.c | 5 +- drivers/net/ethernet/huawei/hinic/hinic_main.c | 2 + drivers/net/ethernet/marvell/sky2.c | 1 + .../net/ethernet/pensando/ionic/ionic_ethtool.c | 4 +- drivers/net/netdevsim/health.c | 13 +- drivers/net/usb/qmi_wwan.c | 3 + drivers/nvme/host/core.c | 5 +- drivers/of/address.c | 2 +- drivers/of/base.c | 15 +- drivers/of/irq.c | 1 + drivers/pci/controller/pci-host-common.c | 4 - drivers/pci/pcie/aer.c | 18 + drivers/pci/probe.c | 22 +- drivers/pci/quirks.c | 4 + drivers/phy/phy-core.c | 21 +- drivers/pinctrl/pinctrl-mcp23s08.c | 6 + drivers/platform/x86/asus-nb-wmi.c | 1 + drivers/power/supply/gpio-charger.c | 8 + drivers/scsi/megaraid/megaraid_sas_base.c | 5 +- drivers/scsi/mpt3sas/mpt3sas_base.c | 7 +- drivers/scsi/qla1280.h | 12 +- drivers/scsi/sd.c | 9 +- drivers/scsi/storvsc_drv.c | 7 +- drivers/sh/clk/core.c | 2 +- drivers/thunderbolt/icm.c | 7 + drivers/thunderbolt/nhi.c | 28 ++ drivers/thunderbolt/nhi.h | 15 + drivers/usb/cdns3/core.h | 1 + drivers/usb/cdns3/drd.c | 10 +- drivers/usb/cdns3/drd.h | 3 + drivers/usb/dwc2/gadget.c | 4 +- drivers/usb/serial/option.c | 27 ++ drivers/watchdog/it87_wdt.c | 39 ++ fs/btrfs/backref.c | 10 +- fs/btrfs/ctree.c | 128 ++---- fs/btrfs/ctree.h | 7 + fs/btrfs/delayed-inode.c | 7 - fs/btrfs/disk-io.c | 17 +- fs/btrfs/extent-tree.c | 19 +- fs/btrfs/extent_io.c | 13 +- fs/btrfs/extent_io.h | 21 +- fs/btrfs/file.c | 3 +- fs/btrfs/inode.c | 3 +- fs/btrfs/locking.c | 447 ++------------------- fs/btrfs/locking.h | 13 +- fs/btrfs/print-tree.c | 11 +- fs/btrfs/qgroup.c | 9 +- fs/btrfs/ref-verify.c | 6 +- fs/btrfs/relocation.c | 4 - fs/btrfs/transaction.c | 2 - fs/btrfs/tree-checker.c | 27 +- fs/btrfs/tree-defrag.c | 1 - fs/btrfs/tree-log.c | 3 - fs/ceph/super.c | 2 + fs/efivarfs/inode.c | 2 +- fs/efivarfs/internal.h | 1 - fs/efivarfs/super.c | 3 - fs/erofs/inode.c | 20 +- fs/eventpoll.c | 5 +- fs/nfs/pnfs.c | 2 +- fs/nfsd/nfs4callback.c | 4 +- fs/nfsd/nfs4state.c | 2 +- fs/nilfs2/inode.c | 8 +- fs/nilfs2/namei.c | 5 + include/clocksource/hyperv_timer.h | 2 + include/linux/genhd.h | 3 +- include/linux/hyperv.h | 1 + include/linux/if_vlan.h | 16 +- include/linux/mlx5/driver.h | 8 +- include/linux/skbuff.h | 1 + include/linux/trace_events.h | 2 +- include/linux/vmstat.h | 2 +- include/linux/wait.h | 1 + include/net/netfilter/nf_tables.h | 7 +- include/net/sock.h | 10 +- kernel/bpf/core.c | 6 +- kernel/bpf/syscall.c | 13 +- kernel/irq/proc.c | 4 +- kernel/profile.c | 2 +- kernel/trace/trace.c | 5 +- kernel/trace/trace_kprobe.c | 2 +- mm/vmscan.c | 9 +- net/core/filter.c | 21 +- net/core/skbuff.c | 52 +++ net/core/skmsg.c | 4 +- net/ipv4/tcp_bpf.c | 2 +- net/ipv6/ila/ila_xlat.c | 16 +- net/ipv6/ip6_output.c | 86 ++-- net/llc/llc_input.c | 2 +- net/mac80211/util.c | 3 + net/netfilter/ipset/ip_set_list_set.c | 3 + net/netrom/nr_route.c | 6 + net/packet/af_packet.c | 28 +- net/sched/sch_cake.c | 2 +- net/sched/sch_choke.c | 2 +- net/sctp/associola.c | 3 +- net/smc/af_smc.c | 13 +- net/smc/smc_clc.c | 9 + net/smc/smc_clc.h | 6 +- scripts/mod/file2alias.c | 4 +- security/selinux/ss/services.c | 8 +- sound/pci/hda/patch_conexant.c | 28 ++ sound/usb/format.c | 7 +- sound/usb/mixer.c | 7 + sound/usb/mixer_us16x08.c | 2 +- 148 files changed, 934 insertions(+), 940 deletions(-)

3 months, 1 week

11
155
0 0

[PATCH v3 05/10] btrfs: do proper folio cleanup when run_delalloc_nocow() failed

by Qu Wenruo

[BUG] With CONFIG_DEBUG_VM set, test case generic/476 has some chance to crash with the following VM_BUG_ON_FOLIO(): BTRFS error (device dm-3): cow_file_range failed, start 1146880 end 1253375 len 106496 ret -28 BTRFS error (device dm-3): run_delalloc_nocow failed, start 1146880 end 1253375 len 106496 ret -28 page: refcount:4 mapcount:0 mapping:00000000592787cc index:0x12 pfn:0x10664 aops:btrfs_aops [btrfs] ino:101 dentry name(?):"f1774" flags: 0x2fffff80004028(uptodate|lru|private|node=0|zone=2|lastcpupid=0xfffff) page dumped because: VM_BUG_ON_FOLIO(!folio_test_locked(folio)) ------------[ cut here ]------------ kernel BUG at mm/page-writeback.c:2992! Internal error: Oops - BUG: 00000000f2000800 [#1] SMP CPU: 2 UID: 0 PID: 3943513 Comm: kworker/u24:15 Tainted: G OE 6.12.0-rc7-custom+ #87 Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022 Workqueue: events_unbound btrfs_async_reclaim_data_space [btrfs] pc : folio_clear_dirty_for_io+0x128/0x258 lr : folio_clear_dirty_for_io+0x128/0x258 Call trace: folio_clear_dirty_for_io+0x128/0x258 btrfs_folio_clamp_clear_dirty+0x80/0xd0 [btrfs] __process_folios_contig+0x154/0x268 [btrfs] extent_clear_unlock_delalloc+0x5c/0x80 [btrfs] run_delalloc_nocow+0x5f8/0x760 [btrfs] btrfs_run_delalloc_range+0xa8/0x220 [btrfs] writepage_delalloc+0x230/0x4c8 [btrfs] extent_writepage+0xb8/0x358 [btrfs] extent_write_cache_pages+0x21c/0x4e8 [btrfs] btrfs_writepages+0x94/0x150 [btrfs] do_writepages+0x74/0x190 filemap_fdatawrite_wbc+0x88/0xc8 start_delalloc_inodes+0x178/0x3a8 [btrfs] btrfs_start_delalloc_roots+0x174/0x280 [btrfs] shrink_delalloc+0x114/0x280 [btrfs] flush_space+0x250/0x2f8 [btrfs] btrfs_async_reclaim_data_space+0x180/0x228 [btrfs] process_one_work+0x164/0x408 worker_thread+0x25c/0x388 kthread+0x100/0x118 ret_from_fork+0x10/0x20 Code: 910a8021 a90363f7 a9046bf9 94012379 (d4210000) ---[ end trace 0000000000000000 ]--- [CAUSE] The first two lines of extra debug messages show the problem is caused by the error handling of run_delalloc_nocow(). E.g. we have the following dirtied range (4K blocksize 4K page size): 0 16K 32K |//////////////////////////////////////| | Pre-allocated | And the range [0, 16K) has a preallocated extent. - Enter run_delalloc_nocow() for range [0, 16K) Which found range [0, 16K) is preallocated, can do the proper NOCOW write. - Enter fallback_to_fow() for range [16K, 32K) Since the range [16K, 32K) is not backed by preallocated extent, we have to go COW. - cow_file_range() failed for range [16K, 32K) So cow_file_range() will do the clean up by clearing folio dirty, unlock the folios. Now the folios in range [16K, 32K) is unlocked. - Enter extent_clear_unlock_delalloc() from run_delalloc_nocow() Which is called with PAGE_START_WRITEBACK to start page writeback. But folios can only be marked writeback when it's properly locked, thus this triggered the VM_BUG_ON_FOLIO(). Furthermore there is another hidden but common bug that run_delalloc_nocow() is not clearing the folio dirty flags in its error handling path. This is the common bug shared between run_delalloc_nocow() and cow_file_range(). [FIX] - Clear folio dirty for range [@start, @cur_offset) Introduce a helper, cleanup_dirty_folios(), which will find and lock the folio in the range, clear the dirty flag and start/end the writeback, with the extra handling for the @locked_folio. - Introduce a helper to clear folio dirty, start and end writeback - Introduce a helper to record the last failed COW range end This is to trace which range we should skip, to avoid double unlocking. - Skip the failed COW range for the error handling Cc: stable(a)vger.kernel.org Reviewed-by: Boris Burkov <boris(a)bur.io> Signed-off-by: Qu Wenruo <wqu(a)suse.com> --- fs/btrfs/inode.c | 98 ++++++++++++++++++++++++++++++++++++++++++---- fs/btrfs/subpage.h | 13 ++++++ 2 files changed, 104 insertions(+), 7 deletions(-) diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index 1afbeaf3cf4c..a450fc080ca3 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -1958,6 +1958,54 @@ static int can_nocow_file_extent(struct btrfs_path *path, return ret < 0 ? ret : can_nocow; } +/* + * To cleanup the dirty folios which will never be submitted due to + * error. + * + * When running a delalloc range, we may need to split the ranges (due to + * fragmentation or NOCOW limit). If we hit an error in the later part, + * we will error out and previously successfully executed range will never + * be submitted, thus we have to cleanup those folios by clear their + * dirty flag, start and finish the writeback. + */ +static void cleanup_dirty_folios(struct btrfs_inode *inode, + struct folio *locked_folio, + u64 start, u64 end, int error) +{ + struct btrfs_fs_info *fs_info = inode->root->fs_info; + struct address_space *mapping = inode->vfs_inode.i_mapping; + pgoff_t start_index = start >> PAGE_SHIFT; + pgoff_t end_index = end >> PAGE_SHIFT; + u32 len; + + ASSERT(end + 1 - start < U32_MAX); + ASSERT(IS_ALIGNED(start, fs_info->sectorsize) && + IS_ALIGNED(end + 1, fs_info->sectorsize)); + len = end + 1 - start; + + /* + * Handle the locked folio first. + * btrfs_folio_clamp_*() helpers can handle range out of the folio case. + */ + btrfs_folio_clamp_finish_io(fs_info, locked_folio, start, len); + + for (pgoff_t index = start_index; index <= end_index; index++) { + struct folio *folio; + + /* Already handled at the beginning. */ + if (index == locked_folio->index) + continue; + folio = __filemap_get_folio(mapping, index, FGP_LOCK, GFP_NOFS); + /* Cache already dropped, no need to do any cleanup. */ + if (IS_ERR(folio)) + continue; + btrfs_folio_clamp_finish_io(fs_info, locked_folio, start, len); + folio_unlock(folio); + folio_put(folio); + } + mapping_set_error(mapping, error); +} + /* * when nowcow writeback call back. This checks for snapshots or COW copies * of the extents that exist in the file, and COWs the file as required. @@ -1973,6 +2021,11 @@ static noinline int run_delalloc_nocow(struct btrfs_inode *inode, struct btrfs_root *root = inode->root; struct btrfs_path *path; u64 cow_start = (u64)-1; + /* + * If not 0, represents the inclusive end of the last fallback_to_cow() + * range. Only for error handling. + */ + u64 cow_end = 0; u64 cur_offset = start; int ret; bool check_prev = true; @@ -2133,6 +2186,7 @@ static noinline int run_delalloc_nocow(struct btrfs_inode *inode, found_key.offset - 1); cow_start = (u64)-1; if (ret) { + cow_end = found_key.offset - 1; btrfs_dec_nocow_writers(nocow_bg); goto error; } @@ -2206,11 +2260,12 @@ static noinline int run_delalloc_nocow(struct btrfs_inode *inode, cow_start = cur_offset; if (cow_start != (u64)-1) { - cur_offset = end; ret = fallback_to_cow(inode, locked_folio, cow_start, end); cow_start = (u64)-1; - if (ret) + if (ret) { + cow_end = end; goto error; + } } btrfs_free_path(path); @@ -2218,12 +2273,41 @@ static noinline int run_delalloc_nocow(struct btrfs_inode *inode, error: /* - * If an error happened while a COW region is outstanding, cur_offset - * needs to be reset to cow_start to ensure the COW region is unlocked - * as well. + * There are several error cases: + * + * 1) Failed without falling back to COW + * start cur_offset end + * |/////////////| | + * + * For range [start, cur_offset) the folios are already unlocked (except + * @locked_folio), EXTENT_DELALLOC already removed. + * Only need to clear the dirty flag as they will never be submitted. + * Ordered extent and extent maps are handled by + * btrfs_mark_ordered_io_finished() inside run_delalloc_range(). + * + * 2) Failed with error from fallback_to_cow() + * start cur_offset cow_end end + * |/////////////|-----------| | + * + * For range [start, cur_offset) it's the same as case 1). + * But for range [cur_offset, cow_end), the folios have dirty flag + * cleared and unlocked, EXTENT_DEALLLOC cleared by cow_file_range(). + * + * Thus we should not call extent_clear_unlock_delalloc() on range + * [cur_offset, cow_end), as the folios are already unlocked. + * + * So clear the folio dirty flags for [start, cur_offset) first. */ - if (cow_start != (u64)-1) - cur_offset = cow_start; + if (cur_offset > start) + cleanup_dirty_folios(inode, locked_folio, start, cur_offset - 1, ret); + + /* + * If an error happened while a COW region is outstanding, cur_offset + * needs to be reset to @cow_end + 1 to skip the COW range, as + * cow_file_range() will do the proper cleanup at error. + */ + if (cow_end) + cur_offset = cow_end + 1; /* * We need to lock the extent here because we're clearing DELALLOC and diff --git a/fs/btrfs/subpage.h b/fs/btrfs/subpage.h index 428fa9389fd4..44fff1f4eac4 100644 --- a/fs/btrfs/subpage.h +++ b/fs/btrfs/subpage.h @@ -137,6 +137,19 @@ DECLARE_BTRFS_SUBPAGE_OPS(writeback); DECLARE_BTRFS_SUBPAGE_OPS(ordered); DECLARE_BTRFS_SUBPAGE_OPS(checked); +/* + * Helper for error cleanup, where a folio will have its dirty flag cleared, + * with writeback started and finished. + */ +static inline void btrfs_folio_clamp_finish_io(struct btrfs_fs_info *fs_info, + struct folio *locked_folio, + u64 start, u32 len) +{ + btrfs_folio_clamp_clear_dirty(fs_info, locked_folio, start, len); + btrfs_folio_clamp_set_writeback(fs_info, locked_folio, start, len); + btrfs_folio_clamp_clear_writeback(fs_info, locked_folio, start, len); +} + bool btrfs_subpage_clear_and_test_dirty(const struct btrfs_fs_info *fs_info, struct folio *folio, u64 start, u32 len); -- 2.47.1

3 months, 1 week

1
0
0 0

[PATCH v3 04/10] btrfs: do proper folio cleanup when cow_file_range() failed

by Qu Wenruo

[BUG] When testing with COW fixup marked as BUG_ON() (this is involved with the new pin_user_pages*() change, which should not result new out-of-band dirty pages), I hit a crash triggered by the BUG_ON() from hitting COW fixup path. This BUG_ON() happens just after a failed btrfs_run_delalloc_range(): BTRFS error (device dm-2): failed to run delalloc range, root 348 ino 405 folio 65536 submit_bitmap 6-15 start 90112 len 106496: -28 ------------[ cut here ]------------ kernel BUG at fs/btrfs/extent_io.c:1444! Internal error: Oops - BUG: 00000000f2000800 [#1] SMP CPU: 0 UID: 0 PID: 434621 Comm: kworker/u24:8 Tainted: G OE 6.12.0-rc7-custom+ #86 Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022 Workqueue: events_unbound btrfs_async_reclaim_data_space [btrfs] pc : extent_writepage_io+0x2d4/0x308 [btrfs] lr : extent_writepage_io+0x2d4/0x308 [btrfs] Call trace: extent_writepage_io+0x2d4/0x308 [btrfs] extent_writepage+0x218/0x330 [btrfs] extent_write_cache_pages+0x1d4/0x4b0 [btrfs] btrfs_writepages+0x94/0x150 [btrfs] do_writepages+0x74/0x190 filemap_fdatawrite_wbc+0x88/0xc8 start_delalloc_inodes+0x180/0x3b0 [btrfs] btrfs_start_delalloc_roots+0x174/0x280 [btrfs] shrink_delalloc+0x114/0x280 [btrfs] flush_space+0x250/0x2f8 [btrfs] btrfs_async_reclaim_data_space+0x180/0x228 [btrfs] process_one_work+0x164/0x408 worker_thread+0x25c/0x388 kthread+0x100/0x118 ret_from_fork+0x10/0x20 Code: aa1403e1 9402f3ef aa1403e0 9402f36f (d4210000) ---[ end trace 0000000000000000 ]--- [CAUSE] That failure is mostly from cow_file_range(), where we can hit -ENOSPC. Although the -ENOSPC is already a bug related to our space reservation code, let's just focus on the error handling. For example, we have the following dirty range [0, 64K) of an inode, with 4K sector size and 4K page size: 0 16K 32K 48K 64K |///////////////////////////////////////| |#######################################| Where |///| means page are still dirty, and |###| means the extent io tree has EXTENT_DELALLOC flag. - Enter extent_writepage() for page 0 - Enter btrfs_run_delalloc_range() for range [0, 64K) - Enter cow_file_range() for range [0, 64K) - Function btrfs_reserve_extent() only reserved one 16K extent So we created extent map and ordered extent for range [0, 16K) 0 16K 32K 48K 64K |////////|//////////////////////////////| |<- OE ->|##############################| And range [0, 16K) has its delalloc flag cleared. But since we haven't yet submit any bio, involved 4 pages are still dirty. - Function btrfs_reserve_extent() return with -ENOSPC Now we have to run error cleanup, which will clear all EXTENT_DELALLOC* flags and clear the dirty flags for the remaining ranges: 0 16K 32K 48K 64K |////////| | | | | Note that range [0, 16K) still has their pages dirty. - Some time later, writeback are triggered again for the range [0, 16K) since the page range still have dirty flags. - btrfs_run_delalloc_range() will do nothing because there is no EXTENT_DELALLOC flag. - extent_writepage_io() find page 0 has no ordered flag Which falls into the COW fixup path, triggering the BUG_ON(). Unfortunately this error handling bug dates back to the introduction of btrfs. Thankfully with the abuse of cow fixup, at least it won't crash the kernel. [FIX] Instead of immediately unlock the extent and folios, we keep the extent and folios locked until either erroring out or the whole delalloc range finished. When the whole delalloc range finished without error, we just unlock the whole range with PAGE_SET_ORDERED (and PAGE_UNLOCK for !keep_locked cases), with EXTENT_DELALLOC and EXTENT_LOCKED cleared. And those involved folios will be properly submitted, with their dirty flags cleared during submission. For the error path, it will be a little more complex: - The range with ordered extent allocated (range (1)) We only clear the EXTENT_DELALLOC and EXTENT_LOCKED, as the remaining flags are cleaned up by btrfs_mark_ordered_io_finished()->btrfs_finish_one_ordered(). For folios we finish the IO (clear dirty, start writeback and immediately finish the writeback) and unlock the folios. - The range with reserved extent but no ordered extent (range(2)) - The range we never touched (range(3)) For both range (2) and range(3) the behavior is not changed. Now even if cow_file_range() failed halfway with some successfully reserved extents/ordered extents, we will keep all folios clean, so there will be no future writeback triggered on them. Cc: stable(a)vger.kernel.org Reviewed-by: Boris Burkov <boris(a)bur.io> Signed-off-by: Qu Wenruo <wqu(a)suse.com> --- fs/btrfs/inode.c | 65 ++++++++++++++++++++++++------------------------ 1 file changed, 32 insertions(+), 33 deletions(-) diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index e1c9bd673118..1afbeaf3cf4c 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -1364,6 +1364,17 @@ static noinline int cow_file_range(struct btrfs_inode *inode, alloc_hint = btrfs_get_extent_allocation_hint(inode, start, num_bytes); + /* + * We're not doing compressed IO, don't unlock the first page + * (which the caller expects to stay locked), don't clear any + * dirty bits and don't set any writeback bits + * + * Do set the Ordered (Private2) bit so we know this page was + * properly setup for writepage. + */ + page_ops = (keep_locked ? 0 : PAGE_UNLOCK); + page_ops |= PAGE_SET_ORDERED; + /* * Relocation relies on the relocated extents to have exactly the same * size as the original extents. Normally writeback for relocation data @@ -1423,6 +1434,10 @@ static noinline int cow_file_range(struct btrfs_inode *inode, file_extent.offset = 0; file_extent.compression = BTRFS_COMPRESS_NONE; + /* + * Locked range will be released either during error clean up or + * after the whole range is finished. + */ lock_extent(&inode->io_tree, start, start + cur_alloc_size - 1, &cached); @@ -1468,21 +1483,6 @@ static noinline int cow_file_range(struct btrfs_inode *inode, btrfs_dec_block_group_reservations(fs_info, ins.objectid); - /* - * We're not doing compressed IO, don't unlock the first page - * (which the caller expects to stay locked), don't clear any - * dirty bits and don't set any writeback bits - * - * Do set the Ordered flag so we know this page was - * properly setup for writepage. - */ - page_ops = (keep_locked ? 0 : PAGE_UNLOCK); - page_ops |= PAGE_SET_ORDERED; - - extent_clear_unlock_delalloc(inode, start, start + cur_alloc_size - 1, - locked_folio, &cached, - EXTENT_LOCKED | EXTENT_DELALLOC, - page_ops); if (num_bytes < cur_alloc_size) num_bytes = 0; else @@ -1499,6 +1499,9 @@ static noinline int cow_file_range(struct btrfs_inode *inode, if (ret) goto out_unlock; } + extent_clear_unlock_delalloc(inode, orig_start, end, locked_folio, &cached, + EXTENT_LOCKED | EXTENT_DELALLOC, + page_ops); done: if (done_offset) *done_offset = end; @@ -1519,35 +1522,31 @@ static noinline int cow_file_range(struct btrfs_inode *inode, * We process each region below. */ - clear_bits = EXTENT_LOCKED | EXTENT_DELALLOC | EXTENT_DELALLOC_NEW | - EXTENT_DEFRAG | EXTENT_CLEAR_META_RESV; - page_ops = PAGE_UNLOCK | PAGE_START_WRITEBACK | PAGE_END_WRITEBACK; - /* * For the range (1). We have already instantiated the ordered extents * for this region. They are cleaned up by * btrfs_cleanup_ordered_extents() in e.g, - * btrfs_run_delalloc_range(). EXTENT_LOCKED | EXTENT_DELALLOC are - * already cleared in the above loop. And, EXTENT_DELALLOC_NEW | - * EXTENT_DEFRAG | EXTENT_CLEAR_META_RESV are handled by the cleanup - * function. + * btrfs_run_delalloc_range(). + * EXTENT_DELALLOC_NEW | EXTENT_DEFRAG | EXTENT_CLEAR_META_RESV + * are also handled by the cleanup function. * - * However, in case of @keep_locked, we still need to unlock the pages - * (except @locked_folio) to ensure all the pages are unlocked. + * So here we only clear EXTENT_LOCKED and EXTENT_DELALLOC flag, + * and finish the writeback of the involved folios, which will be + * never submitted. */ - if (keep_locked && orig_start < start) { + if (orig_start < start) { + clear_bits = EXTENT_LOCKED | EXTENT_DELALLOC; + page_ops = PAGE_UNLOCK | PAGE_START_WRITEBACK | PAGE_END_WRITEBACK; + if (!locked_folio) mapping_set_error(inode->vfs_inode.i_mapping, ret); extent_clear_unlock_delalloc(inode, orig_start, start - 1, - locked_folio, NULL, 0, page_ops); + locked_folio, NULL, clear_bits, page_ops); } - /* - * At this point we're unlocked, we want to make sure we're only - * clearing these flags under the extent lock, so lock the rest of the - * range and clear everything up. - */ - lock_extent(&inode->io_tree, start, end, NULL); + clear_bits = EXTENT_LOCKED | EXTENT_DELALLOC | EXTENT_DELALLOC_NEW | + EXTENT_DEFRAG | EXTENT_CLEAR_META_RESV; + page_ops = PAGE_UNLOCK | PAGE_START_WRITEBACK | PAGE_END_WRITEBACK; /* * For the range (2). If we reserved an extent for our delalloc range -- 2.47.1

3 months, 1 week

1
0
0 0

[PATCH v3 02/10] btrfs: fix double accounting race when extent_writepage_io() failed

by Qu Wenruo

[BUG] If submit_one_sector() failed inside extent_writepage_io() for sector size < page size cases (e.g. 4K sector size and 64K page size), then we can hit double ordered extent accounting error. This should be very rare, as submit_one_sector() only fails when we failed to grab the extent map, and such extent map should exist inside the memory and have been pinned. [CAUSE] For example we have the following folio layout: 0 4K 32K 48K 60K 64K |//| |//////| |///| Where |///| is the dirty range we need to writeback. The 3 different dirty ranges are submitted for regular COW. Now we hit the following sequence: - submit_one_sector() returned 0 for [0, 4K) - submit_one_sector() returned 0 for [32K, 48K) - submit_one_sector() returned error for [60K, 64K) - btrfs_mark_ordered_io_finished() called for the whole folio This will mark the following ranges as finished: * [0, 4K) * [32K, 48K) Both ranges have their IO already submitted, this cleanup will lead to double accounting. * [60K, 64K) That's the correct cleanup. The only good news is, this error is only theoretical, as the target extent map is always pinned, thus we should directly grab it from memory, other than reading it from the disk. [FIX] Instead of calling btrfs_mark_ordered_io_finished() for the whole folio range, which can touch ranges we should not touch, instead move the error handling inside extent_writepage_io(). So that we can cleanup exact sectors that are ought to be submitted but failed. This provide much more accurate cleanup, avoiding the double accounting. Cc: stable(a)vger.kernel.org # 5.15+ Signed-off-by: Qu Wenruo <wqu(a)suse.com> --- fs/btrfs/extent_io.c | 37 ++++++++++++++++++++++++------------- 1 file changed, 24 insertions(+), 13 deletions(-) diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c index d1e263f56171..54081b1783fc 100644 --- a/fs/btrfs/extent_io.c +++ b/fs/btrfs/extent_io.c @@ -1428,6 +1428,7 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode, struct btrfs_fs_info *fs_info = inode->root->fs_info; unsigned long range_bitmap = 0; bool submitted_io = false; + bool error = false; const u64 folio_start = folio_pos(folio); u64 cur; int bit; @@ -1470,11 +1471,26 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode, break; } ret = submit_one_sector(inode, folio, cur, bio_ctrl, i_size); - if (ret < 0) - goto out; + if (unlikely(ret < 0)) { + /* + * bio_ctrl may contain a bio crossing several folios. + * Submit it immediately so that the bio has a chance + * to finish normally, other than marked as error. + */ + submit_one_bio(bio_ctrl); + /* + * Failed to grab the extent map which should be very rare. + * Since there is no bio submitted to finish the ordered + * extent, we have to manually finish this sector. + */ + btrfs_mark_ordered_io_finished(inode, folio, cur, + fs_info->sectorsize, false); + error = true; + continue; + } submitted_io = true; } -out: + /* * If we didn't submitted any sector (>= i_size), folio dirty get * cleared but PAGECACHE_TAG_DIRTY is not cleared (only cleared @@ -1482,8 +1498,11 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode, * * Here we set writeback and clear for the range. If the full folio * is no longer dirty then we clear the PAGECACHE_TAG_DIRTY tag. + * + * If we hit any error, the corresponding sector will still be dirty + * thus no need to clear PAGECACHE_TAG_DIRTY. */ - if (!submitted_io) { + if (!submitted_io && !error) { btrfs_folio_set_writeback(fs_info, folio, start, len); btrfs_folio_clear_writeback(fs_info, folio, start, len); } @@ -1503,7 +1522,6 @@ static int extent_writepage(struct folio *folio, struct btrfs_bio_ctrl *bio_ctrl { struct inode *inode = folio->mapping->host; struct btrfs_fs_info *fs_info = inode_to_fs_info(inode); - const u64 page_start = folio_pos(folio); int ret; size_t pg_offset; loff_t i_size = i_size_read(inode); @@ -1546,10 +1564,6 @@ static int extent_writepage(struct folio *folio, struct btrfs_bio_ctrl *bio_ctrl bio_ctrl->wbc->nr_to_write--; - if (ret) - btrfs_mark_ordered_io_finished(BTRFS_I(inode), folio, - page_start, PAGE_SIZE, !ret); - done: if (ret < 0) mapping_set_error(folio->mapping, ret); @@ -2329,11 +2343,8 @@ void extent_write_locked_range(struct inode *inode, const struct folio *locked_f if (ret == 1) goto next_page; - if (ret) { - btrfs_mark_ordered_io_finished(BTRFS_I(inode), folio, - cur, cur_len, !ret); + if (ret) mapping_set_error(mapping, ret); - } btrfs_folio_end_lock(fs_info, folio, cur, cur_len); if (ret < 0) found_error = true; -- 2.47.1

3 months, 1 week

1
0
0 0

[PATCH v3 01/10] btrfs: fix double accounting race when btrfs_run_delalloc_range() failed

by Qu Wenruo

[BUG] When running btrfs with block size (4K) smaller than page size (64K, aarch64), there is a very high chance to crash the kernel at generic/750, with the following messages: (before the call traces, there are 3 extra debug messages added) BTRFS warning (device dm-3): read-write for sector size 4096 with page size 65536 is experimental BTRFS info (device dm-3): checking UUID tree hrtimer: interrupt took 5451385 ns BTRFS error (device dm-3): cow_file_range failed, root=4957 inode=257 start=1605632 len=69632: -28 BTRFS error (device dm-3): run_delalloc_nocow failed, root=4957 inode=257 start=1605632 len=69632: -28 BTRFS error (device dm-3): failed to run delalloc range, root=4957 ino=257 folio=1572864 submit_bitmap=8-15 start=1605632 len=69632: -28 ------------[ cut here ]------------ WARNING: CPU: 2 PID: 3020984 at ordered-data.c:360 can_finish_ordered_extent+0x370/0x3b8 [btrfs] CPU: 2 UID: 0 PID: 3020984 Comm: kworker/u24:1 Tainted: G OE 6.13.0-rc1-custom+ #89 Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022 Workqueue: events_unbound btrfs_async_reclaim_data_space [btrfs] pc : can_finish_ordered_extent+0x370/0x3b8 [btrfs] lr : can_finish_ordered_extent+0x1ec/0x3b8 [btrfs] Call trace: can_finish_ordered_extent+0x370/0x3b8 [btrfs] (P) can_finish_ordered_extent+0x1ec/0x3b8 [btrfs] (L) btrfs_mark_ordered_io_finished+0x130/0x2b8 [btrfs] extent_writepage+0x10c/0x3b8 [btrfs] extent_write_cache_pages+0x21c/0x4e8 [btrfs] btrfs_writepages+0x94/0x160 [btrfs] do_writepages+0x74/0x190 filemap_fdatawrite_wbc+0x74/0xa0 start_delalloc_inodes+0x17c/0x3b0 [btrfs] btrfs_start_delalloc_roots+0x17c/0x288 [btrfs] shrink_delalloc+0x11c/0x280 [btrfs] flush_space+0x288/0x328 [btrfs] btrfs_async_reclaim_data_space+0x180/0x228 [btrfs] process_one_work+0x228/0x680 worker_thread+0x1bc/0x360 kthread+0x100/0x118 ret_from_fork+0x10/0x20 ---[ end trace 0000000000000000 ]--- BTRFS critical (device dm-3): bad ordered extent accounting, root=4957 ino=257 OE offset=1605632 OE len=16384 to_dec=16384 left=0 BTRFS critical (device dm-3): bad ordered extent accounting, root=4957 ino=257 OE offset=1622016 OE len=12288 to_dec=12288 left=0 Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008 BTRFS critical (device dm-3): bad ordered extent accounting, root=4957 ino=257 OE offset=1634304 OE len=8192 to_dec=4096 left=0 CPU: 1 UID: 0 PID: 3286940 Comm: kworker/u24:3 Tainted: G W OE 6.13.0-rc1-custom+ #89 Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022 Workqueue: btrfs_work_helper [btrfs] (btrfs-endio-write) pstate: 404000c5 (nZcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : process_one_work+0x110/0x680 lr : worker_thread+0x1bc/0x360 Call trace: process_one_work+0x110/0x680 (P) worker_thread+0x1bc/0x360 (L) worker_thread+0x1bc/0x360 kthread+0x100/0x118 ret_from_fork+0x10/0x20 Code: f84086a1 f9000fe1 53041c21 b9003361 (f9400661) ---[ end trace 0000000000000000 ]--- Kernel panic - not syncing: Oops: Fatal exception SMP: stopping secondary CPUs SMP: failed to stop secondary CPUs 2-3 Dumping ftrace buffer: (ftrace buffer empty) Kernel Offset: 0x275bb9540000 from 0xffff800080000000 PHYS_OFFSET: 0xffff8fbba0000000 CPU features: 0x100,00000070,00801250,8201720b [CAUSE] The above warning is triggered immediately after the delalloc range failure, this happens in the following sequence: - Range [1568K, 1636K) is dirty 1536K 1568K 1600K 1636K 1664K | |/////////|////////| | Where 1536K, 1600K and 1664K are page boundaries (64K page size) - Enter extent_writepage() for page 1536K - Enter run_delalloc_nocow() with locked page 1536K and range [1568K, 1636K) This is due to the inode has preallocated extents. - Enter cow_file_range() with locked page 1536K and range [1568K, 1636K) - btrfs_reserve_extent() only reserved two extents The main loop of cow_file_range() only reserved two data extents, Now we have: 1536K 1568K 1600K 1636K 1664K | |<-->|<--->|/|///////| | 1584K 1596K Range [1568K, 1596K) has ordered extent reserved. - btrfs_reserve_extent() failed inside cow_file_range() for file offset 1596K This is already a bug in our space reservation code, but for now let's focus on the error handling path. Now cow_file_range() returned -ENOSPC. - btrfs_run_delalloc_range() do error cleanup <<< ROOT CAUSE Call btrfs_cleanup_ordered_extents() with locked folio 1536K and range [1568K, 1636K) Function btrfs_cleanup_ordered_extents() normally needs to skip the ranges inside the folio, as it will normally be cleaned up by extent_writepage(). Such split error handling is already problematic in the first place. What's worse is the folio range skipping itself, which is not taking subpage cases into consideration at all, it will only skip the range if the page start >= the range start. In our case, the page start < the range start, since for subpage cases we can have delalloc ranges inside the folio but not covering the folio. So it doesn't skip the page range at all. This means all the ordered extents, both [1568K, 1584K) and [1584K, 1596K) will be marked as IOERR. And those two ordered extents have no more pending ios, it is marked finished, and *QUEUED* to be deleted from the io tree. - extent_writepage() do error cleanup Call btrfs_mark_ordered_io_finished() for the range [1536K, 1600K). Although ranges [1568K, 1584K) and [1584K, 1596K) are finished, the deletion from io tree is async, it may or may not happen at this timing. If the ranges are not yet removed, we will do double cleaning on those ranges, triggers the above ordered extent warnings. In theory there are other bugs, like the cleanup in extent_writepage() can cause double accounting on ranges that are submitted async (compression for example). But that's much harder to trigger because normally we do not mix regular and compression delalloc ranges. [FIX] The folio range split is already buggy and not subpage compatible, it's introduced a long time ago where subpage support is not even considered. So instead of splitting the ordered extents cleanup into the folio range and out of folio range, do all the cleanup inside writepage_delalloc(). - Pass @NULL as locked_folio for btrfs_cleanup_ordered_extents() in btrfs_run_delalloc_range() - Skip the btrfs_cleanup_ordered_extents() if writepage_delalloc() failed So all ordered extents are only cleaned up by btrfs_run_delalloc_range(). - Handle the ranges that already have ordered extents allocated If part of the folio already has ordered extent allocated, and btrfs_run_delalloc_range() failed, we also need to cleanup that range. Now we have a concentrated error handling for ordered extents during btrfs_run_delalloc_range(). Cc: stable(a)vger.kernel.org # 5.15+ Fixes: d1051d6ebf8e ("btrfs: Fix error handling in btrfs_cleanup_ordered_extents") Reviewed-by: Boris Burkov <boris(a)bur.io> Signed-off-by: Qu Wenruo <wqu(a)suse.com> --- fs/btrfs/extent_io.c | 57 ++++++++++++++++++++++++++++++++++++-------- fs/btrfs/inode.c | 2 +- 2 files changed, 48 insertions(+), 11 deletions(-) diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c index 9725ff7f274d..d1e263f56171 100644 --- a/fs/btrfs/extent_io.c +++ b/fs/btrfs/extent_io.c @@ -1144,12 +1144,17 @@ static bool find_next_delalloc_bitmap(struct folio *folio, /* * helper for extent_writepage(), doing all of the delayed allocation setup. * - * This returns 1 if btrfs_run_delalloc_range function did all the work required - * to write the page (copy into inline extent). In this case the IO has - * been started and the page is already unlocked. + * Return >0 if all the dirty blocks are submitted async (compression) or inlined. + * The @folio should no longer be touched (treat it as already unlocked). * - * This returns 0 if all went well (page still locked) - * This returns < 0 if there were errors (page still locked) + * Return 0 if there is still dirty block that needs to be submitted through + * extent_writepage_io(). + * bio_ctrl->submit_bitmap will indicate which blocks of the folio should be + * submitted, and @folio is still kept locked. + * + * Return <0 if there is any error hit. + * Any allocated ordered extent range covering this folio will be marked + * finished (IOERR), and @folio is still kept locked. */ static noinline_for_stack int writepage_delalloc(struct btrfs_inode *inode, struct folio *folio, @@ -1167,6 +1172,16 @@ static noinline_for_stack int writepage_delalloc(struct btrfs_inode *inode, * last delalloc end. */ u64 last_delalloc_end = 0; + /* + * The range end (exclusive) of the last successfully finished delalloc + * range. + * Any range covered by ordered extent must either be manually marked + * finished (error handling), or has IO submitted (and finish the + * ordered extent normally). + * + * This records where our ordered extent cleanup should start. + */ + u64 last_finished_delalloc_end = page_start; u64 delalloc_start = page_start; u64 delalloc_end = page_end; u64 delalloc_to_write = 0; @@ -1235,11 +1250,19 @@ static noinline_for_stack int writepage_delalloc(struct btrfs_inode *inode, found_len = last_delalloc_end + 1 - found_start; if (ret >= 0) { + /* + * Some delalloc range may be created by previous folios. + * Thus we still need to clean those range up during error + * handling. + */ + last_finished_delalloc_end = found_start; /* No errors hit so far, run the current delalloc range. */ ret = btrfs_run_delalloc_range(inode, folio, found_start, found_start + found_len - 1, wbc); + if (ret >= 0) + last_finished_delalloc_end = found_start + found_len; } else { /* * We've hit an error during previous delalloc range, @@ -1274,8 +1297,22 @@ static noinline_for_stack int writepage_delalloc(struct btrfs_inode *inode, delalloc_start = found_start + found_len; } - if (ret < 0) + /* + * It's possible we have some ordered extents created before we hit + * an error, cleanup non-async successfully created delalloc ranges. + */ + if (unlikely(ret < 0)) { + unsigned int bitmap_size = min( + (last_finished_delalloc_end - page_start) >> + fs_info->sectorsize_bits, + fs_info->sectors_per_page); + + for_each_set_bit(bit, &bio_ctrl->submit_bitmap, bitmap_size) + btrfs_mark_ordered_io_finished(inode, folio, + page_start + (bit << fs_info->sectorsize_bits), + fs_info->sectorsize, false); return ret; + } out: if (last_delalloc_end) delalloc_end = last_delalloc_end; @@ -1509,13 +1546,13 @@ static int extent_writepage(struct folio *folio, struct btrfs_bio_ctrl *bio_ctrl bio_ctrl->wbc->nr_to_write--; -done: - if (ret) { + if (ret) btrfs_mark_ordered_io_finished(BTRFS_I(inode), folio, page_start, PAGE_SIZE, !ret); - mapping_set_error(folio->mapping, ret); - } +done: + if (ret < 0) + mapping_set_error(folio->mapping, ret); /* * Only unlock ranges that are submitted. As there can be some async * submitted ranges inside the folio. diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index 8a173a24ac05..0a15473655ed 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -2302,7 +2302,7 @@ int btrfs_run_delalloc_range(struct btrfs_inode *inode, struct folio *locked_fol out: if (ret < 0) - btrfs_cleanup_ordered_extents(inode, locked_folio, start, + btrfs_cleanup_ordered_extents(inode, NULL, start, end - start + 1); return ret; } -- 2.47.1

3 months, 1 week

1
0
0 0

[PATCH v4] arm64: mm: Populate vmemmap/linear at the page level for hotplugged sections

by Zhenhua Huang

On the arm64 platform with 4K base page config, SECTION_SIZE_BITS is set to 27, making one section 128M. The related page struct which vmemmap points to is 2M then. Commit c1cc1552616d ("arm64: MMU initialisation") optimizes the vmemmap to populate at the PMD section level which was suitable initially since hot plug granule is always one section(128M). However, commit ba72b4c8cf60 ("mm/sparsemem: support sub-section hotplug") introduced a 2M(SUBSECTION_SIZE) hot plug granule, which disrupted the existing arm64 assumptions. Considering the vmemmap_free -> unmap_hotplug_pmd_range path, when pmd_sect() is true, the entire PMD section is cleared, even if there is other effective subsection. For example page_struct_map1 and page_strcut_map2 are part of a single PMD entry and they are hot-added sequentially. Then page_struct_map1 is removed, vmemmap_free() will clear the entire PMD entry freeing the struct page map for the whole section, even though page_struct_map2 is still active. Similar problem exists with linear mapping as well, for 16K base page(PMD size = 32M) or 64K base page(PMD = 512M), their block mappings exceed SUBSECTION_SIZE. Tearing down the entire PMD mapping too will leave other subsections unmapped in the linear mapping. To address the issue, we need to prevent PMD/PUD/CONT mappings for both linear and vmemmap for non-boot sections if corresponding size on the given base page exceeds 2MB(SUBSECTION_SIZE). We only permit 2MB PMD block linear mapping in 4K page size config as its PMD_SIZE matches the SUBSECTION_SIZE. Cc: stable(a)vger.kernel.org # v5.4+ Fixes: ba72b4c8cf60 ("mm/sparsemem: support sub-section hotplug") Signed-off-by: Zhenhua Huang <quic_zhenhuah(a)quicinc.com> --- arch/arm64/mm/mmu.c | 43 +++++++++++++++++++++++++++++++++++++------ 1 file changed, 37 insertions(+), 6 deletions(-) diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c index e2739b69e11b..5e0f514de870 100644 --- a/arch/arm64/mm/mmu.c +++ b/arch/arm64/mm/mmu.c @@ -42,9 +42,11 @@ #include <asm/pgalloc.h> #include <asm/kfence.h> -#define NO_BLOCK_MAPPINGS BIT(0) -#define NO_CONT_MAPPINGS BIT(1) -#define NO_EXEC_MAPPINGS BIT(2) /* assumes FEAT_HPDS is not used */ +#define NO_PMD_BLOCK_MAPPINGS BIT(0) +#define NO_PUD_BLOCK_MAPPINGS BIT(1) /* Hotplug case: do not want block mapping for PUD */ +#define NO_BLOCK_MAPPINGS (NO_PMD_BLOCK_MAPPINGS | NO_PUD_BLOCK_MAPPINGS) +#define NO_CONT_MAPPINGS BIT(2) +#define NO_EXEC_MAPPINGS BIT(3) /* assumes FEAT_HPDS is not used */ u64 kimage_voffset __ro_after_init; EXPORT_SYMBOL(kimage_voffset); @@ -254,7 +256,7 @@ static void init_pmd(pmd_t *pmdp, unsigned long addr, unsigned long end, /* try section mapping first */ if (((addr | next | phys) & ~PMD_MASK) == 0 && - (flags & NO_BLOCK_MAPPINGS) == 0) { + (flags & NO_PMD_BLOCK_MAPPINGS) == 0) { pmd_set_huge(pmdp, phys, prot); /* @@ -356,10 +358,11 @@ static void alloc_init_pud(p4d_t *p4dp, unsigned long addr, unsigned long end, /* * For 4K granule only, attempt to put down a 1GB block + * Hotplug case: do not attempt 1GB block */ if (pud_sect_supported() && ((addr | next | phys) & ~PUD_MASK) == 0 && - (flags & NO_BLOCK_MAPPINGS) == 0) { + (flags & NO_PUD_BLOCK_MAPPINGS) == 0) { pud_set_huge(pudp, phys, prot); /* @@ -1175,9 +1178,21 @@ int __meminit vmemmap_check_pmd(pmd_t *pmdp, int node, int __meminit vmemmap_populate(unsigned long start, unsigned long end, int node, struct vmem_altmap *altmap) { + unsigned long start_pfn; + struct mem_section *ms; + WARN_ON((start < VMEMMAP_START) || (end > VMEMMAP_END)); - if (!IS_ENABLED(CONFIG_ARM64_4K_PAGES)) + start_pfn = page_to_pfn((struct page *)start); + ms = __pfn_to_section(start_pfn); + + /* + * Hotplugged section does not support hugepages as + * PMD_SIZE (hence PUD_SIZE) section mapping covers + * struct page range that exceeds a SUBSECTION_SIZE + * i.e 2MB - for all available base page sizes. + */ + if (!IS_ENABLED(CONFIG_ARM64_4K_PAGES) || !early_section(ms)) return vmemmap_populate_basepages(start, end, node, altmap); else return vmemmap_populate_hugepages(start, end, node, altmap); @@ -1339,9 +1354,25 @@ int arch_add_memory(int nid, u64 start, u64 size, struct mhp_params *params) { int ret, flags = NO_EXEC_MAPPINGS; + unsigned long start_pfn = page_to_pfn((struct page *)start); + struct mem_section *ms = __pfn_to_section(start_pfn); VM_BUG_ON(!mhp_range_allowed(start, size, true)); + /* should not be invoked by early section */ + WARN_ON(early_section(ms)); + + /* + * 4K base page's PMD_SIZE matches SUBSECTION_SIZE i.e 2MB. Hence + * PMD section mapping can be allowed, but only for 4K base pages. + * Where as PMD_SIZE (hence PUD_SIZE) for other page sizes exceed + * SUBSECTION_SIZE. + */ + if (IS_ENABLED(CONFIG_ARM64_4K_PAGES)) + flags |= NO_PUD_BLOCK_MAPPINGS | NO_CONT_MAPPINGS; + else + flags |= NO_BLOCK_MAPPINGS | NO_CONT_MAPPINGS; + if (can_set_direct_map()) flags |= NO_BLOCK_MAPPINGS | NO_CONT_MAPPINGS; -- 2.25.1

3 months, 1 week

3
9
0 0

[PATCH v2] usb: dwc3-am62: Fix an OF node leak in phy_syscon_pll_refclk()

by Joe Hattori

phy_syscon_pll_refclk() leaks an OF node obtained by of_parse_phandle_with_fixed_args(), thus add an of_node_put() call. Cc: stable(a)vger.kernel.org Fixes: e8784c0aec03 ("drivers: usb: dwc3: Add AM62 USB wrapper driver") Signed-off-by: Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> --- Changes in v2: - Add the stable tag. --- drivers/usb/dwc3/dwc3-am62.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/usb/dwc3/dwc3-am62.c b/drivers/usb/dwc3/dwc3-am62.c index 5e3d1741701f..0a33ed958ebb 100644 --- a/drivers/usb/dwc3/dwc3-am62.c +++ b/drivers/usb/dwc3/dwc3-am62.c @@ -166,6 +166,7 @@ static int phy_syscon_pll_refclk(struct dwc3_am62 *am62) if (ret) return ret; + of_node_put(args.np); am62->offset = args.args[0]; /* Core voltage. PHY_CORE_VOLTAGE bit Recommended to be 0 always */ -- 2.34.1

3 months, 1 week

2
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror January 2025