April 2025 - Linux-stable-mirror

Re: Patch "hardening: Disable GCC randstruct for COMPILE_TEST" has been added to the 6.14-stable tree

by Kees Cook

On April 28, 2025 6:48:46 PM PDT, Sasha Levin <sashal(a)kernel.org> wrote: >This is a note to let you know that I've just added the patch titled > > hardening: Disable GCC randstruct for COMPILE_TEST Please don't backport this to any stable kernels. There is already a fix in -next and the problem only exists due to a 6.15 landlock change. -- Kees Cook

1 week

2
1
0 0

FAILED: patch "[PATCH] serial: msm: Configure correct working mode before starting" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 7094832b5ac861b0bd7ed8866c93cb15ef619996 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025042947-baffling-scrawny-24d8@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7094832b5ac861b0bd7ed8866c93cb15ef619996 Mon Sep 17 00:00:00 2001 From: Stephan Gerhold <stephan.gerhold(a)linaro.org> Date: Tue, 8 Apr 2025 19:22:47 +0200 Subject: [PATCH] serial: msm: Configure correct working mode before starting earlycon The MSM UART DM controller supports different working modes, e.g. DMA or the "single-character mode", where all reads/writes operate on a single character rather than 4 chars (32-bit) at once. When using earlycon, __msm_console_write() always writes 4 characters at a time, but we don't know which mode the bootloader was using and we don't set the mode either. This causes garbled output if the bootloader was using the single-character mode, because only every 4th character appears in the serial console, e.g. "[ 00oni pi 000xf0[ 00i s 5rm9(l)l s 1 1 SPMTA 7:C 5[ 00A ade k d[ 00ano:ameoi .Q1B[ 00ac _idaM00080oo'" If the bootloader was using the DMA ("DM") mode, output would likely fail entirely. Later, when the full serial driver probes, the port is re-initialized and output works as expected. Fix this also for earlycon by clearing the DMEN register and reset+re-enable the transmitter to apply the change. This ensures the transmitter is in the expected state before writing any output. Cc: stable <stable(a)kernel.org> Fixes: 0efe72963409 ("tty: serial: msm: Add earlycon support") Signed-off-by: Stephan Gerhold <stephan.gerhold(a)linaro.org> Reviewed-by: Neil Armstrong <neil.armstrong(a)linaro.org> Link: https://lore.kernel.org/r/20250408-msm-serial-earlycon-v1-1-429080127530@li… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/msm_serial.c b/drivers/tty/serial/msm_serial.c index 1b137e068444..3449945493ce 100644 --- a/drivers/tty/serial/msm_serial.c +++ b/drivers/tty/serial/msm_serial.c @@ -1746,6 +1746,12 @@ msm_serial_early_console_setup_dm(struct earlycon_device *device, if (!device->port.membase) return -ENODEV; + /* Disable DM / single-character modes */ + msm_write(&device->port, 0, UARTDM_DMEN); + msm_write(&device->port, MSM_UART_CR_CMD_RESET_RX, MSM_UART_CR); + msm_write(&device->port, MSM_UART_CR_CMD_RESET_TX, MSM_UART_CR); + msm_write(&device->port, MSM_UART_CR_TX_ENABLE, MSM_UART_CR); + device->con->write = msm_serial_early_write_dm; return 0; }

1 week

1
0
0 0

FAILED: patch "[PATCH] serial: msm: Configure correct working mode before starting" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 7094832b5ac861b0bd7ed8866c93cb15ef619996 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025042923-flagman-payroll-a044@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7094832b5ac861b0bd7ed8866c93cb15ef619996 Mon Sep 17 00:00:00 2001 From: Stephan Gerhold <stephan.gerhold(a)linaro.org> Date: Tue, 8 Apr 2025 19:22:47 +0200 Subject: [PATCH] serial: msm: Configure correct working mode before starting earlycon The MSM UART DM controller supports different working modes, e.g. DMA or the "single-character mode", where all reads/writes operate on a single character rather than 4 chars (32-bit) at once. When using earlycon, __msm_console_write() always writes 4 characters at a time, but we don't know which mode the bootloader was using and we don't set the mode either. This causes garbled output if the bootloader was using the single-character mode, because only every 4th character appears in the serial console, e.g. "[ 00oni pi 000xf0[ 00i s 5rm9(l)l s 1 1 SPMTA 7:C 5[ 00A ade k d[ 00ano:ameoi .Q1B[ 00ac _idaM00080oo'" If the bootloader was using the DMA ("DM") mode, output would likely fail entirely. Later, when the full serial driver probes, the port is re-initialized and output works as expected. Fix this also for earlycon by clearing the DMEN register and reset+re-enable the transmitter to apply the change. This ensures the transmitter is in the expected state before writing any output. Cc: stable <stable(a)kernel.org> Fixes: 0efe72963409 ("tty: serial: msm: Add earlycon support") Signed-off-by: Stephan Gerhold <stephan.gerhold(a)linaro.org> Reviewed-by: Neil Armstrong <neil.armstrong(a)linaro.org> Link: https://lore.kernel.org/r/20250408-msm-serial-earlycon-v1-1-429080127530@li… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/msm_serial.c b/drivers/tty/serial/msm_serial.c index 1b137e068444..3449945493ce 100644 --- a/drivers/tty/serial/msm_serial.c +++ b/drivers/tty/serial/msm_serial.c @@ -1746,6 +1746,12 @@ msm_serial_early_console_setup_dm(struct earlycon_device *device, if (!device->port.membase) return -ENODEV; + /* Disable DM / single-character modes */ + msm_write(&device->port, 0, UARTDM_DMEN); + msm_write(&device->port, MSM_UART_CR_CMD_RESET_RX, MSM_UART_CR); + msm_write(&device->port, MSM_UART_CR_CMD_RESET_TX, MSM_UART_CR); + msm_write(&device->port, MSM_UART_CR_TX_ENABLE, MSM_UART_CR); + device->con->write = msm_serial_early_write_dm; return 0; }

1 week

1
0
0 0

FAILED: patch "[PATCH] serial: msm: Configure correct working mode before starting" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 7094832b5ac861b0bd7ed8866c93cb15ef619996 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025042956-parkway-commend-a62f@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7094832b5ac861b0bd7ed8866c93cb15ef619996 Mon Sep 17 00:00:00 2001 From: Stephan Gerhold <stephan.gerhold(a)linaro.org> Date: Tue, 8 Apr 2025 19:22:47 +0200 Subject: [PATCH] serial: msm: Configure correct working mode before starting earlycon The MSM UART DM controller supports different working modes, e.g. DMA or the "single-character mode", where all reads/writes operate on a single character rather than 4 chars (32-bit) at once. When using earlycon, __msm_console_write() always writes 4 characters at a time, but we don't know which mode the bootloader was using and we don't set the mode either. This causes garbled output if the bootloader was using the single-character mode, because only every 4th character appears in the serial console, e.g. "[ 00oni pi 000xf0[ 00i s 5rm9(l)l s 1 1 SPMTA 7:C 5[ 00A ade k d[ 00ano:ameoi .Q1B[ 00ac _idaM00080oo'" If the bootloader was using the DMA ("DM") mode, output would likely fail entirely. Later, when the full serial driver probes, the port is re-initialized and output works as expected. Fix this also for earlycon by clearing the DMEN register and reset+re-enable the transmitter to apply the change. This ensures the transmitter is in the expected state before writing any output. Cc: stable <stable(a)kernel.org> Fixes: 0efe72963409 ("tty: serial: msm: Add earlycon support") Signed-off-by: Stephan Gerhold <stephan.gerhold(a)linaro.org> Reviewed-by: Neil Armstrong <neil.armstrong(a)linaro.org> Link: https://lore.kernel.org/r/20250408-msm-serial-earlycon-v1-1-429080127530@li… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/msm_serial.c b/drivers/tty/serial/msm_serial.c index 1b137e068444..3449945493ce 100644 --- a/drivers/tty/serial/msm_serial.c +++ b/drivers/tty/serial/msm_serial.c @@ -1746,6 +1746,12 @@ msm_serial_early_console_setup_dm(struct earlycon_device *device, if (!device->port.membase) return -ENODEV; + /* Disable DM / single-character modes */ + msm_write(&device->port, 0, UARTDM_DMEN); + msm_write(&device->port, MSM_UART_CR_CMD_RESET_RX, MSM_UART_CR); + msm_write(&device->port, MSM_UART_CR_CMD_RESET_TX, MSM_UART_CR); + msm_write(&device->port, MSM_UART_CR_TX_ENABLE, MSM_UART_CR); + device->con->write = msm_serial_early_write_dm; return 0; }

1 week

1
0
0 0

Build failure due to backport of "bpf: Add namespace to BPF internal symbols"

by Shung-Hsi Yu

Hi Sasha, bpf-add-namespace-to-bpf-internal-symbols.patch is stable-queue.git seems like the culprit responsible for build failure in stable 6.12 and earlier (log below). The reason is likely due to the lack of commit cdd30ebb1b9f ("module: Convert symbol namespace to string literal") before v6.13. Getting rid of the quotes s/"BPF_INTERNAL"/BPF_INTERNAL/ probably would be enough to fix it. In file included from .vmlinux.export.c:1: .vmlinux.export.c:1697:33: error: expected ‘)’ before ‘BPF_INTERNAL’ 1697 | KSYMTAB_FUNC(bpf_map_get, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:45:28: note: in definition of macro ‘__KSYMTAB’ 45 | " .asciz \"" ns "\"" "\n" \ | ^~ .vmlinux.export.c:1697:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 1697 | KSYMTAB_FUNC(bpf_map_get, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:41:12: note: to match this ‘(’ 41 | asm(" .section \"__ksymtab_strings\",\"aMS\",%progbits,1" "\n" \ | ^ ./include/linux/export-internal.h:62:41: note: in expansion of macro ‘__KSYMTAB’ 62 | #define KSYMTAB_FUNC(name, sec, ns) __KSYMTAB(name, KSYM_FUNC(name), sec, ns) | ^~~~~~~~~ .vmlinux.export.c:1697:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 1697 | KSYMTAB_FUNC(bpf_map_get, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ .vmlinux.export.c:1706:42: error: expected ‘)’ before ‘BPF_INTERNAL’ 1706 | KSYMTAB_FUNC(bpf_link_get_from_fd, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:45:28: note: in definition of macro ‘__KSYMTAB’ 45 | " .asciz \"" ns "\"" "\n" \ | ^~ .vmlinux.export.c:1706:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 1706 | KSYMTAB_FUNC(bpf_link_get_from_fd, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:41:12: note: to match this ‘(’ 41 | asm(" .section \"__ksymtab_strings\",\"aMS\",%progbits,1" "\n" \ | ^ ./include/linux/export-internal.h:62:41: note: in expansion of macro ‘__KSYMTAB’ 62 | #define KSYMTAB_FUNC(name, sec, ns) __KSYMTAB(name, KSYM_FUNC(name), sec, ns) | ^~~~~~~~~ .vmlinux.export.c:1706:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 1706 | KSYMTAB_FUNC(bpf_link_get_from_fd, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ .vmlinux.export.c:1708:34: error: expected ‘)’ before ‘BPF_INTERNAL’ 1708 | KSYMTAB_FUNC(kern_sys_bpf, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:45:28: note: in definition of macro ‘__KSYMTAB’ 45 | " .asciz \"" ns "\"" "\n" \ | ^~ .vmlinux.export.c:1708:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 1708 | KSYMTAB_FUNC(kern_sys_bpf, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ ./include/linux/export-internal.h:41:12: note: to match this ‘(’ 41 | asm(" .section \"__ksymtab_strings\",\"aMS\",%progbits,1" "\n" \ | ^ ./include/linux/export-internal.h:62:41: note: in expansion of macro ‘__KSYMTAB’ 62 | #define KSYMTAB_FUNC(name, sec, ns) __KSYMTAB(name, KSYM_FUNC(name), sec, ns) | ^~~~~~~~~ .vmlinux.export.c:1708:1: note: in expansion of macro ‘KSYMTAB_FUNC’ 1708 | KSYMTAB_FUNC(kern_sys_bpf, "", ""BPF_INTERNAL""); | ^~~~~~~~~~~~ make[2]: *** [scripts/Makefile.vmlinux:18: .vmlinux.export.o] Error 1 make[1]: *** [/home/runner/work/libbpf/libbpf/.kernel/Makefile:1184: vmlinux] Error 2 make: *** [Makefile:224: __sub-make] Error 2 Shung-Hsi Yu

1 week

2
1
0 0

[PATCH V3] arm64/boot: Enable EL2 requirements for FEAT_PMUv3p9

by Anshuman Khandual

FEAT_PMUv3p9 registers such as PMICNTR_EL0, PMICFILTR_EL0, and PMUACR_EL1 access from EL1 requires appropriate EL2 fine grained trap configuration via FEAT_FGT2 based trap control registers HDFGRTR2_EL2 and HDFGWTR2_EL2. Otherwise such register accesses will result in traps into EL2. Add a new helper __init_el2_fgt2() which initializes FEAT_FGT2 based fine grained trap control registers HDFGRTR2_EL2 and HDFGWTR2_EL2 (setting the bits nPMICNTR_EL0, nPMICFILTR_EL0 and nPMUACR_EL1) to enable access into PMICNTR_EL0, PMICFILTR_EL0, and PMUACR_EL1 registers. Also update booting.rst with SCR_EL3.FGTEn2 requirement for all FEAT_FGT2 based registers to be accessible in EL2. Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Will Deacon <will(a)kernel.org> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Rob Herring <robh(a)kernel.org> Cc: Jonathan Corbet <corbet(a)lwn.net> Cc: Marc Zyngier <maz(a)kernel.org> Cc: Oliver Upton <oliver.upton(a)linux.dev> Cc: linux-arm-kernel(a)lists.infradead.org Cc: linux-doc(a)vger.kernel.org Cc: linux-kernel(a)vger.kernel.org Cc: kvmarm(a)lists.linux.dev Fixes: 0bbff9ed8165 ("perf/arm_pmuv3: Add PMUv3.9 per counter EL0 access control") Fixes: d8226d8cfbaf ("perf: arm_pmuv3: Add support for Armv9.4 PMU instruction counter") Cc: stable(a)vger.kernel.org Tested-by: Rob Herring (Arm) <robh(a)kernel.org> Reviewed-by: Rob Herring (Arm) <robh(a)kernel.org> Signed-off-by: Anshuman Khandual <anshuman.khandual(a)arm.com> --- Changes in V3: - Added 'MDCR_EL3.EnPM2 = 0b1' as a booting requirement per Mark - Added 'Fixes:' and 'CC: stable' tags per Mark Changes in V2: https://lore.kernel.org/all/20250203050828.1049370-8-anshuman.khandual@arm.… Documentation/arch/arm64/booting.rst | 22 ++++++++++++++++++++++ arch/arm64/include/asm/el2_setup.h | 25 +++++++++++++++++++++++++ 2 files changed, 47 insertions(+) diff --git a/Documentation/arch/arm64/booting.rst b/Documentation/arch/arm64/booting.rst index cad6fdc96b98..dee7b6de864f 100644 --- a/Documentation/arch/arm64/booting.rst +++ b/Documentation/arch/arm64/booting.rst @@ -288,6 +288,12 @@ Before jumping into the kernel, the following conditions must be met: - SCR_EL3.FGTEn (bit 27) must be initialised to 0b1. + For CPUs with the Fine Grained Traps 2 (FEAT_FGT2) extension present: + + - If EL3 is present and the kernel is entered at EL2: + + - SCR_EL3.FGTEn2 (bit 59) must be initialised to 0b1. + For CPUs with support for HCRX_EL2 (FEAT_HCX) present: - If EL3 is present and the kernel is entered at EL2: @@ -382,6 +388,22 @@ Before jumping into the kernel, the following conditions must be met: - SMCR_EL2.EZT0 (bit 30) must be initialised to 0b1. + For CPUs with the Performance Monitors Extension (FEAT_PMUv3p9): + + - If EL3 is present: + + - MDCR_EL3.EnPM2 (bit 7) must be initialised to 0b1. + + - If the kernel is entered at EL1 and EL2 is present: + + - HDFGRTR2_EL2.nPMICNTR_EL0 (bit 2) must be initialised to 0b1. + - HDFGRTR2_EL2.nPMICFILTR_EL0 (bit 3) must be initialised to 0b1. + - HDFGRTR2_EL2.nPMUACR_EL1 (bit 4) must be initialised to 0b1. + + - HDFGWTR2_EL2.nPMICNTR_EL0 (bit 2) must be initialised to 0b1. + - HDFGWTR2_EL2.nPMICFILTR_EL0 (bit 3) must be initialised to 0b1. + - HDFGWTR2_EL2.nPMUACR_EL1 (bit 4) must be initialised to 0b1. + For CPUs with Memory Copy and Memory Set instructions (FEAT_MOPS): - If the kernel is entered at EL1 and EL2 is present: diff --git a/arch/arm64/include/asm/el2_setup.h b/arch/arm64/include/asm/el2_setup.h index 25e162651750..1a0071faf57e 100644 --- a/arch/arm64/include/asm/el2_setup.h +++ b/arch/arm64/include/asm/el2_setup.h @@ -233,6 +233,30 @@ .Lskip_fgt_\@: .endm +.macro __init_el2_fgt2 + mrs x1, id_aa64mmfr0_el1 + ubfx x1, x1, #ID_AA64MMFR0_EL1_FGT_SHIFT, #4 + cmp x1, #ID_AA64MMFR0_EL1_FGT_FGT2 + b.lt .Lskip_fgt2_\@ + + mov x0, xzr + mrs x1, id_aa64dfr0_el1 + ubfx x1, x1, #ID_AA64DFR0_EL1_PMUVer_SHIFT, #4 + cmp x1, #ID_AA64DFR0_EL1_PMUVer_V3P9 + b.lt .Lskip_pmuv3p9_\@ + + orr x0, x0, #HDFGRTR2_EL2_nPMICNTR_EL0 + orr x0, x0, #HDFGRTR2_EL2_nPMICFILTR_EL0 + orr x0, x0, #HDFGRTR2_EL2_nPMUACR_EL1 +.Lskip_pmuv3p9_\@: + msr_s SYS_HDFGRTR2_EL2, x0 + msr_s SYS_HDFGWTR2_EL2, x0 + msr_s SYS_HFGRTR2_EL2, xzr + msr_s SYS_HFGWTR2_EL2, xzr + msr_s SYS_HFGITR2_EL2, xzr +.Lskip_fgt2_\@: +.endm + .macro __init_el2_gcs mrs_s x1, SYS_ID_AA64PFR1_EL1 ubfx x1, x1, #ID_AA64PFR1_EL1_GCS_SHIFT, #4 @@ -283,6 +307,7 @@ __init_el2_nvhe_idregs __init_el2_cptr __init_el2_fgt + __init_el2_fgt2 __init_el2_gcs .endm -- 2.25.1

1 week

2
3
0 0

[PATCH v2] drm/amdgpu: Remove redundant return value checks for amdgpu_ras_error_data_init

by Wentao Liang

The function amdgpu_ras_error_data_init() always returns 0, making its return value checks redundant. This patch changes its return type to void and removes all unnecessary checks in the callers. This simplifies the code and avoids confusion about the function's behavior. Additionally, this change keeps the usage consistent within amdgpu_ras_do_page_retirement(), which also does not check the return value. Fixes: 5b1270beb380 ("drm/amdgpu: add ras_err_info to identify RAS error source") Cc: stable(a)vger.kernel.org # 6.7+ Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- v2: Add a missing semicolon drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c | 19 +++++-------------- drivers/gpu/drm/amd/amdgpu/amdgpu_ras.h | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_umc.c | 8 ++------ drivers/gpu/drm/amd/amdgpu/nbio_v7_4.c | 3 +-- drivers/gpu/drm/amd/amdgpu/nbio_v7_9.c | 3 +-- 5 files changed, 10 insertions(+), 25 deletions(-) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c index 4c9fa24dd972..5be391ebeca3 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c @@ -182,9 +182,7 @@ static int amdgpu_reserve_page_direct(struct amdgpu_device *adev, uint64_t addre return 0; } - ret = amdgpu_ras_error_data_init(&err_data); - if (ret) - return ret; + amdgpu_ras_error_data_init(&err_data); memset(&err_rec, 0x0, sizeof(struct eeprom_table_record)); err_data.err_addr = &err_rec; @@ -687,8 +685,7 @@ static struct ras_manager *amdgpu_ras_create_obj(struct amdgpu_device *adev, if (alive_obj(obj)) return NULL; - if (amdgpu_ras_error_data_init(&obj->err_data)) - return NULL; + amdgpu_ras_error_data_init(&obj->err_data); obj->head = *head; obj->adev = adev; @@ -1428,9 +1425,7 @@ static int amdgpu_ras_query_error_status_with_event(struct amdgpu_device *adev, if (!obj) return -EINVAL; - ret = amdgpu_ras_error_data_init(&err_data); - if (ret) - return ret; + amdgpu_ras_error_data_init(&err_data); if (!amdgpu_ras_get_error_query_mode(adev, &error_query_mode)) return -EINVAL; @@ -2255,9 +2250,7 @@ static void amdgpu_ras_interrupt_umc_handler(struct ras_manager *obj, if (!data->cb) return; - ret = amdgpu_ras_error_data_init(&err_data); - if (ret) - return; + amdgpu_ras_error_data_init(&err_data); /* Let IP handle its data, maybe we need get the output * from the callback to update the error type/count, etc @@ -4623,13 +4616,11 @@ void amdgpu_ras_inst_reset_ras_error_count(struct amdgpu_device *adev, } } -int amdgpu_ras_error_data_init(struct ras_err_data *err_data) +void amdgpu_ras_error_data_init(struct ras_err_data *err_data) { memset(err_data, 0, sizeof(*err_data)); INIT_LIST_HEAD(&err_data->err_node_list); - - return 0; } static void amdgpu_ras_error_node_release(struct ras_err_node *err_node) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_ras.h b/drivers/gpu/drm/amd/amdgpu/amdgpu_ras.h index 6db772ecfee4..5f88e70fbf5c 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ras.h +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ras.h @@ -931,7 +931,7 @@ void amdgpu_ras_inst_reset_ras_error_count(struct amdgpu_device *adev, uint32_t reg_list_size, uint32_t instance); -int amdgpu_ras_error_data_init(struct ras_err_data *err_data); +void amdgpu_ras_error_data_init(struct ras_err_data *err_data); void amdgpu_ras_error_data_fini(struct ras_err_data *err_data); int amdgpu_ras_error_statistic_ce_count(struct ras_err_data *err_data, struct amdgpu_smuio_mcm_config_info *mcm_info, diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_umc.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_umc.c index 896f3609b0ee..5de6e332c2cd 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_umc.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_umc.c @@ -52,9 +52,7 @@ int amdgpu_umc_page_retirement_mca(struct amdgpu_device *adev, struct ras_err_data err_data; int ret; - ret = amdgpu_ras_error_data_init(&err_data); - if (ret) - return ret; + amdgpu_ras_error_data_init(&err_data); err_data.err_addr = kcalloc(adev->umc.max_ras_err_cnt_per_query, @@ -230,9 +228,7 @@ int amdgpu_umc_pasid_poison_handler(struct amdgpu_device *adev, }; struct ras_manager *obj = amdgpu_ras_find_obj(adev, &head); - ret = amdgpu_ras_error_data_init(&err_data); - if (ret) - return ret; + amdgpu_ras_error_data_init(&err_data); ret = amdgpu_umc_do_page_retirement(adev, &err_data, NULL, reset); diff --git a/drivers/gpu/drm/amd/amdgpu/nbio_v7_4.c b/drivers/gpu/drm/amd/amdgpu/nbio_v7_4.c index a26a9be58eac..d4bdfe280c88 100644 --- a/drivers/gpu/drm/amd/amdgpu/nbio_v7_4.c +++ b/drivers/gpu/drm/amd/amdgpu/nbio_v7_4.c @@ -364,8 +364,7 @@ static void nbio_v7_4_handle_ras_controller_intr_no_bifring(struct amdgpu_device struct ras_err_data err_data; struct amdgpu_ras *ras = amdgpu_ras_get_context(adev); - if (amdgpu_ras_error_data_init(&err_data)) - return; + amdgpu_ras_error_data_init(&err_data); if (adev->asic_type == CHIP_ALDEBARAN) bif_doorbell_intr_cntl = RREG32_SOC15(NBIO, 0, mmBIF_DOORBELL_INT_CNTL_ALDE); diff --git a/drivers/gpu/drm/amd/amdgpu/nbio_v7_9.c b/drivers/gpu/drm/amd/amdgpu/nbio_v7_9.c index 8a0a63ac88d2..c79ed1adf681 100644 --- a/drivers/gpu/drm/amd/amdgpu/nbio_v7_9.c +++ b/drivers/gpu/drm/amd/amdgpu/nbio_v7_9.c @@ -537,8 +537,7 @@ static void nbio_v7_9_handle_ras_controller_intr_no_bifring(struct amdgpu_device struct ras_err_data err_data; struct amdgpu_ras *ras = amdgpu_ras_get_context(adev); - if (amdgpu_ras_error_data_init(&err_data)) - return; + amdgpu_ras_error_data_init(&err_data); bif_doorbell_intr_cntl = RREG32_SOC15(NBIO, 0, regBIF_BX0_BIF_DOORBELL_INT_CNTL); -- 2.42.0.windows.2

1 week

1
0
0 0

[PATCH] fs/erofs/fileio: call erofs_onlinefolio_split() after bio_add_folio()

by Max Kellermann

If bio_add_folio() fails (because it is full), erofs_fileio_scan_folio() needs to submit the I/O request via erofs_fileio_rq_submit() and allocate a new I/O request with an empty `struct bio`. Then it retries the bio_add_folio() call. However, at this point, erofs_onlinefolio_split() has already been called which increments `folio->private`; the retry will call erofs_onlinefolio_split() again, but there will never be a matching erofs_onlinefolio_end() call. This leaves the folio locked forever and all waiters will be stuck in folio_wait_bit_common(). This bug has been added by commit ce63cb62d794 ("erofs: support unencoded inodes for fileio"), but was practically unreachable because there was room for 256 folios in the `struct bio` - until commit 9f74ae8c9ac9 ("erofs: shorten bvecs[] for file-backed mounts") which reduced the array capacity to 16 folios. It was now trivial to trigger the bug by manually invoking readahead from userspace, e.g.: posix_fadvise(fd, 0, st.st_size, POSIX_FADV_WILLNEED); This should be fixed by invoking erofs_onlinefolio_split() only after bio_add_folio() has succeeded. This is safe: asynchronous completions invoking erofs_onlinefolio_end() will not unlock the folio because erofs_fileio_scan_folio() is still holding a reference to be released by erofs_onlinefolio_end() at the end. Fixes: ce63cb62d794 ("erofs: support unencoded inodes for fileio") Fixes: 9f74ae8c9ac9 ("erofs: shorten bvecs[] for file-backed mounts") Cc: stable(a)vger.kernel.org Signed-off-by: Max Kellermann <max.kellermann(a)ionos.com> --- fs/erofs/fileio.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/erofs/fileio.c b/fs/erofs/fileio.c index 4fa0a0121288..60c7cc4c105c 100644 --- a/fs/erofs/fileio.c +++ b/fs/erofs/fileio.c @@ -150,10 +150,10 @@ static int erofs_fileio_scan_folio(struct erofs_fileio *io, struct folio *folio) io->rq->bio.bi_iter.bi_sector = io->dev.m_pa >> 9; attached = 0; } - if (!attached++) - erofs_onlinefolio_split(folio); if (!bio_add_folio(&io->rq->bio, folio, len, cur)) goto io_retry; + if (!attached++) + erofs_onlinefolio_split(folio); io->dev.m_pa += len; } cur += len; -- 2.47.2

1 week

2
1
0 0

kernel BUG in write_dev_supers in linux6.15-rc1

by Jianzhou Zhao

Hello, I found a potential bug titled " kernel BUG in write_dev_supers " with modified syzkaller in the Linux6.15-rc1. If you fix this issue, please add the following tag to the commit: Reported-by: Jianzhou Zhao <luckd0g(a)163.com>, xingwei lee <xrivendell7(a)gmail.com> The commit of the kernel is : 0af2f6be1b4281385b618cb86ad946eded089ac8 kernel config: https://syzkaller.appspot.com/text?tag=KernelConfig&x=4c918722cb7e3d7 compiler: gcc version 11.4.0 Unfortunately, we failed to generate the reproduction program of this bug. ------------[ cut here ]----------------------------------------- TITLE: kernel BUG in write_dev_supers ------------[ cut here ]------------ ================================================================== assertion failed: folio_order(folio) == 0, in fs/btrfs/disk-io.c:3856 ------------[ cut here ]------------ kernel BUG at fs/btrfs/disk-io.c:3856! Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI CPU: 0 UID: 0 PID: 9462 Comm: syz-executor Not tainted 6.15.0-rc1-dirty #9 PREEMPT(full) Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 RIP: 0010:write_dev_supers+0x7f0/0x910 fs/btrfs/disk-io.c:3856 Code: e9 03 ff ff ff e8 70 a3 eb fd b9 10 0f 00 00 48 c7 c2 60 c0 d9 8b 48 c7 c6 60 c7 d9 8b 48 c7 c7 e0 c0 d9 8b e8 41 d4 ca fd 90 <0f> 0b 48 8b 7c 24 38 e8 04 f9 51 fe e9 3d f9 ff ff e8 3a f8 51 fe RSP: 0018:ffffc900053ff7c0 EFLAGS: 00010286 RAX: 0000000000000045 RBX: ffff888029e60000 RCX: ffffffff819a5929 RDX: 0000000000000000 RSI: ffff88801eb9bc80 RDI: 0000000000000002 RBP: ffffea0001560a00 R08: fffffbfff1c4bb00 R09: fffff52000a7feb1 R10: fffff52000a7feb0 R11: ffffc900053ff587 R12: dffffc0000000000 R13: 0000000000000000 R14: 0000000000000002 R15: 0000000001000000 FS: 000055556e3c5500(0000) GS:ffff888097b41000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f8af4976080 CR3: 0000000076248000 CR4: 0000000000752ef0 PKRU: 80000000 Call Trace: <TASK> write_all_supers+0x921/0x3680 fs/btrfs/disk-io.c:4153 btrfs_commit_transaction+0x2dad/0x4620 fs/btrfs/transaction.c:2541 btrfs_sync_fs+0x130/0x760 fs/btrfs/super.c:1040 sync_filesystem fs/sync.c:66 [inline] sync_filesystem+0x1d3/0x2a0 fs/sync.c:30 generic_shutdown_super+0x74/0x390 fs/super.c:621 kill_anon_super+0x3a/0x60 fs/super.c:1237 btrfs_kill_super+0x3c/0x50 fs/btrfs/super.c:2100 deactivate_locked_super+0xb8/0x130 fs/super.c:473 deactivate_super fs/super.c:506 [inline] deactivate_super+0xb1/0xd0 fs/super.c:502 cleanup_mnt+0x378/0x510 fs/namespace.c:1435 task_work_run+0x16f/0x280 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop kernel/entry/common.c:114 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x29e/0x2a0 kernel/entry/common.c:218 do_syscall_64+0xdc/0x260 arch/x86/entry/syscall_64.c:100 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fe31fbadfcb Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 90 f3 0f 1e fa 31 f6 e9 05 00 00 00 0f 1f 44 00 00 f3 0f 1e fa b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 c7 c2 a8 ff ff ff f7 d8 RSP: 002b:00007fff6eed1d98 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 RAX: 0000000000000000 RBX: 00000000000000cf RCX: 00007fe31fbadfcb RDX: 00007fe31fa4eb30 RSI: 0000000000000009 RDI: 00007fff6eed1e50 RBP: 00007fff6eed1e50 R08: 0000000000000000 R09: 00007fff6eed1c20 R10: 000055556e3d8673 R11: 0000000000000246 R12: 00007fe31fc44135 R13: 00007fff6eed2f20 R14: 000055556e3d8600 R15: 000000000003644b </TASK> Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:write_dev_supers+0x7f0/0x910 fs/btrfs/disk-io.c:3856 Code: e9 03 ff ff ff e8 70 a3 eb fd b9 10 0f 00 00 48 c7 c2 60 c0 d9 8b 48 c7 c6 60 c7 d9 8b 48 c7 c7 e0 c0 d9 8b e8 41 d4 ca fd 90 <0f> 0b 48 8b 7c 24 38 e8 04 f9 51 fe e9 3d f9 ff ff e8 3a f8 51 fe RSP: 0018:ffffc900053ff7c0 EFLAGS: 00010286 RAX: 0000000000000045 RBX: ffff888029e60000 RCX: ffffffff819a5929 RDX: 0000000000000000 RSI: ffff88801eb9bc80 RDI: 0000000000000002 RBP: ffffea0001560a00 R08: fffffbfff1c4bb00 R09: fffff52000a7feb1 R10: fffff52000a7feb0 R11: ffffc900053ff587 R12: dffffc0000000000 R13: 0000000000000000 R14: 0000000000000002 R15: 0000000001000000 FS: 000055556e3c5500(0000) GS:ffff8880eb341000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fa5b213e730 CR3: 0000000076248000 CR4: 0000000000752ef0 PKRU: 80000000 ================================================================== I hope it helps. Best regards Jianzhou Zhao

1 week

1
1
0 0

[PATCH v2] usb: cdnsp: fix L1 resume issue for RTL_REVISION_NEW_LPM version

by Pawel Laszczak

The controllers with rtl version larger than RTL_REVISION_NEW_LPM (0x00002700) has bug which causes that controller doesn't resume from L1 state. It happens if after receiving LPM packet controller starts transitioning to L1 and in this moment the driver force resuming by write operation to PORTSC.PLS. It's corner case and happens when write operation to PORTSC occurs during device delay before transitioning to L1 after transmitting ACK time (TL1TokenRetry). Forcing transition from L1->L0 by driver for revision larger than RTL_REVISION_NEW_LPM is not needed, so driver can simply fix this issue through block call of cdnsp_force_l0_go function. Fixes: 3d82904559f4 ("usb: cdnsp: cdns3 Add main part of Cadence USBSSP DRD Driver") cc: stable(a)vger.kernel.org Signed-off-by: Pawel Laszczak <pawell(a)cadence.com> --- Changelog: v2: - improved patch description - changed RTL_REVISION_NEW_LPM value drivers/usb/cdns3/cdnsp-gadget.c | 2 ++ drivers/usb/cdns3/cdnsp-gadget.h | 3 +++ drivers/usb/cdns3/cdnsp-ring.c | 3 ++- 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/drivers/usb/cdns3/cdnsp-gadget.c b/drivers/usb/cdns3/cdnsp-gadget.c index 87f310841735..e64c8f7eb0c5 100644 --- a/drivers/usb/cdns3/cdnsp-gadget.c +++ b/drivers/usb/cdns3/cdnsp-gadget.c @@ -1773,6 +1773,8 @@ static void cdnsp_get_rev_cap(struct cdnsp_device *pdev) reg += cdnsp_find_next_ext_cap(reg, 0, RTL_REV_CAP); pdev->rev_cap = reg; + pdev->rtl_revision = readl(&pdev->rev_cap->rtl_revision); + dev_info(pdev->dev, "Rev: %08x/%08x, eps: %08x, buff: %08x/%08x\n", readl(&pdev->rev_cap->ctrl_revision), readl(&pdev->rev_cap->rtl_revision), diff --git a/drivers/usb/cdns3/cdnsp-gadget.h b/drivers/usb/cdns3/cdnsp-gadget.h index 84887dfea763..357ddbe53917 100644 --- a/drivers/usb/cdns3/cdnsp-gadget.h +++ b/drivers/usb/cdns3/cdnsp-gadget.h @@ -1357,6 +1357,7 @@ struct cdnsp_port { * @rev_cap: Controller Capabilities Registers. * @hcs_params1: Cached register copies of read-only HCSPARAMS1 * @hcc_params: Cached register copies of read-only HCCPARAMS1 + * @rtl_revision: Cached controller rtl revision. * @setup: Temporary buffer for setup packet. * @ep0_preq: Internal allocated request used during enumeration. * @ep0_stage: ep0 stage during enumeration process. @@ -1411,6 +1412,8 @@ struct cdnsp_device { __u32 hcs_params1; __u32 hcs_params3; __u32 hcc_params; + #define RTL_REVISION_NEW_LPM 0x2700 + __u32 rtl_revision; /* Lock used in interrupt thread context. */ spinlock_t lock; struct usb_ctrlrequest setup; diff --git a/drivers/usb/cdns3/cdnsp-ring.c b/drivers/usb/cdns3/cdnsp-ring.c index 46852529499d..fd06cb85c4ea 100644 --- a/drivers/usb/cdns3/cdnsp-ring.c +++ b/drivers/usb/cdns3/cdnsp-ring.c @@ -308,7 +308,8 @@ static bool cdnsp_ring_ep_doorbell(struct cdnsp_device *pdev, writel(db_value, reg_addr); - cdnsp_force_l0_go(pdev); + if (pdev->rtl_revision < RTL_REVISION_NEW_LPM) + cdnsp_force_l0_go(pdev); /* Doorbell was set. */ return true; -- 2.43.0

1 week

2
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror April 2025