- Linux-stable-mirror - lists.linaro.org

FAILED: patch "[PATCH] x86/apic: Make x2apic_disable() work correctly" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 0ecc5be200c84e67114f3640064ba2bae3ba2f5a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024090829-clench-kinfolk-03d9@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 0ecc5be200c8 ("x86/apic: Make x2apic_disable() work correctly") 720a22fd6c1c ("x86/apic: Don't access the APIC when disabling x2APIC") 5a88f354dcd8 ("x86/apic: Split register_apic_address()") d10a904435fa ("x86/apic: Consolidate boot_cpu_physical_apicid initialization sites") 49062454a3eb ("x86/apic: Rename disable_apic") bea629d57d00 ("x86/apic: Save the APIC virtual base address") 3adee777ad0d ("x86/smpboot: Remove initial_stack on 64-bit") 94a855111ed9 ("Merge tag 'x86_core_for_v6.2' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0ecc5be200c84e67114f3640064ba2bae3ba2f5a Mon Sep 17 00:00:00 2001 From: Yuntao Wang <yuntao.wang(a)linux.dev> Date: Tue, 13 Aug 2024 09:48:27 +0800 Subject: [PATCH] x86/apic: Make x2apic_disable() work correctly x2apic_disable() clears x2apic_state and x2apic_mode unconditionally, even when the state is X2APIC_ON_LOCKED, which prevents the kernel to disable it thereby creating inconsistent state. Due to the early state check for X2APIC_ON, the code path which warns about a locked X2APIC cannot be reached. Test for state < X2APIC_ON instead and move the clearing of the state and mode variables to the place which actually disables X2APIC. [ tglx: Massaged change log. Added Fixes tag. Moved clearing so it's at the right place for back ports ] Fixes: a57e456a7b28 ("x86/apic: Fix fallout from x2apic cleanup") Signed-off-by: Yuntao Wang <yuntao.wang(a)linux.dev> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/all/20240813014827.895381-1-yuntao.wang@linux.dev diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c index 66fd4b2a37a3..373638691cd4 100644 --- a/arch/x86/kernel/apic/apic.c +++ b/arch/x86/kernel/apic/apic.c @@ -1775,12 +1775,9 @@ static __init void apic_set_fixmap(bool read_apic); static __init void x2apic_disable(void) { - u32 x2apic_id, state = x2apic_state; + u32 x2apic_id; - x2apic_mode = 0; - x2apic_state = X2APIC_DISABLED; - - if (state != X2APIC_ON) + if (x2apic_state < X2APIC_ON) return; x2apic_id = read_apic_id(); @@ -1793,6 +1790,10 @@ static __init void x2apic_disable(void) } __x2apic_disable(); + + x2apic_mode = 0; + x2apic_state = X2APIC_DISABLED; + /* * Don't reread the APIC ID as it was already done from * check_x2apic() and the APIC driver still is a x2APIC variant,

1 year

1
0
0 0

FAILED: patch "[PATCH] x86/apic: Make x2apic_disable() work correctly" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 0ecc5be200c84e67114f3640064ba2bae3ba2f5a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024090828-tiny-boggle-b7b4@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 0ecc5be200c8 ("x86/apic: Make x2apic_disable() work correctly") 720a22fd6c1c ("x86/apic: Don't access the APIC when disabling x2APIC") 5a88f354dcd8 ("x86/apic: Split register_apic_address()") d10a904435fa ("x86/apic: Consolidate boot_cpu_physical_apicid initialization sites") 49062454a3eb ("x86/apic: Rename disable_apic") bea629d57d00 ("x86/apic: Save the APIC virtual base address") 3adee777ad0d ("x86/smpboot: Remove initial_stack on 64-bit") 94a855111ed9 ("Merge tag 'x86_core_for_v6.2' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0ecc5be200c84e67114f3640064ba2bae3ba2f5a Mon Sep 17 00:00:00 2001 From: Yuntao Wang <yuntao.wang(a)linux.dev> Date: Tue, 13 Aug 2024 09:48:27 +0800 Subject: [PATCH] x86/apic: Make x2apic_disable() work correctly x2apic_disable() clears x2apic_state and x2apic_mode unconditionally, even when the state is X2APIC_ON_LOCKED, which prevents the kernel to disable it thereby creating inconsistent state. Due to the early state check for X2APIC_ON, the code path which warns about a locked X2APIC cannot be reached. Test for state < X2APIC_ON instead and move the clearing of the state and mode variables to the place which actually disables X2APIC. [ tglx: Massaged change log. Added Fixes tag. Moved clearing so it's at the right place for back ports ] Fixes: a57e456a7b28 ("x86/apic: Fix fallout from x2apic cleanup") Signed-off-by: Yuntao Wang <yuntao.wang(a)linux.dev> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/all/20240813014827.895381-1-yuntao.wang@linux.dev diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c index 66fd4b2a37a3..373638691cd4 100644 --- a/arch/x86/kernel/apic/apic.c +++ b/arch/x86/kernel/apic/apic.c @@ -1775,12 +1775,9 @@ static __init void apic_set_fixmap(bool read_apic); static __init void x2apic_disable(void) { - u32 x2apic_id, state = x2apic_state; + u32 x2apic_id; - x2apic_mode = 0; - x2apic_state = X2APIC_DISABLED; - - if (state != X2APIC_ON) + if (x2apic_state < X2APIC_ON) return; x2apic_id = read_apic_id(); @@ -1793,6 +1790,10 @@ static __init void x2apic_disable(void) } __x2apic_disable(); + + x2apic_mode = 0; + x2apic_state = X2APIC_DISABLED; + /* * Don't reread the APIC ID as it was already done from * check_x2apic() and the APIC driver still is a x2APIC variant,

1 year

1
0
0 0

FAILED: patch "[PATCH] x86/apic: Make x2apic_disable() work correctly" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 0ecc5be200c84e67114f3640064ba2bae3ba2f5a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024090827-recount-humbly-e075@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 0ecc5be200c8 ("x86/apic: Make x2apic_disable() work correctly") 720a22fd6c1c ("x86/apic: Don't access the APIC when disabling x2APIC") 5a88f354dcd8 ("x86/apic: Split register_apic_address()") d10a904435fa ("x86/apic: Consolidate boot_cpu_physical_apicid initialization sites") 49062454a3eb ("x86/apic: Rename disable_apic") bea629d57d00 ("x86/apic: Save the APIC virtual base address") 3adee777ad0d ("x86/smpboot: Remove initial_stack on 64-bit") 94a855111ed9 ("Merge tag 'x86_core_for_v6.2' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0ecc5be200c84e67114f3640064ba2bae3ba2f5a Mon Sep 17 00:00:00 2001 From: Yuntao Wang <yuntao.wang(a)linux.dev> Date: Tue, 13 Aug 2024 09:48:27 +0800 Subject: [PATCH] x86/apic: Make x2apic_disable() work correctly x2apic_disable() clears x2apic_state and x2apic_mode unconditionally, even when the state is X2APIC_ON_LOCKED, which prevents the kernel to disable it thereby creating inconsistent state. Due to the early state check for X2APIC_ON, the code path which warns about a locked X2APIC cannot be reached. Test for state < X2APIC_ON instead and move the clearing of the state and mode variables to the place which actually disables X2APIC. [ tglx: Massaged change log. Added Fixes tag. Moved clearing so it's at the right place for back ports ] Fixes: a57e456a7b28 ("x86/apic: Fix fallout from x2apic cleanup") Signed-off-by: Yuntao Wang <yuntao.wang(a)linux.dev> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/all/20240813014827.895381-1-yuntao.wang@linux.dev diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c index 66fd4b2a37a3..373638691cd4 100644 --- a/arch/x86/kernel/apic/apic.c +++ b/arch/x86/kernel/apic/apic.c @@ -1775,12 +1775,9 @@ static __init void apic_set_fixmap(bool read_apic); static __init void x2apic_disable(void) { - u32 x2apic_id, state = x2apic_state; + u32 x2apic_id; - x2apic_mode = 0; - x2apic_state = X2APIC_DISABLED; - - if (state != X2APIC_ON) + if (x2apic_state < X2APIC_ON) return; x2apic_id = read_apic_id(); @@ -1793,6 +1790,10 @@ static __init void x2apic_disable(void) } __x2apic_disable(); + + x2apic_mode = 0; + x2apic_state = X2APIC_DISABLED; + /* * Don't reread the APIC ID as it was already done from * check_x2apic() and the APIC driver still is a x2APIC variant,

1 year

1
0
0 0

FAILED: patch "[PATCH] x86/fpu: Avoid writing LBR bit to IA32_XSS unless supported" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 2848ff28d180bd63a95da8e5dcbcdd76c1beeb7b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024090810-amply-schedule-a7d0@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 2848ff28d180 ("x86/fpu: Avoid writing LBR bit to IA32_XSS unless supported") c33f0a81a2cf ("x86/fpu: Add fpu_state_config::legacy_features") d72c87018d00 ("x86/fpu/xstate: Move remaining xfeature helpers to core") eda32f4f93b4 ("x86/fpu: Rework restore_regs_from_fpstate()") daddee247319 ("x86/fpu: Mop up xfeatures_mask_uabi()") 1c253ff2287f ("x86/fpu: Move xstate feature masks to fpu_*_cfg") 2bd264bce238 ("x86/fpu: Move xstate size to fpu_*_cfg") cd9ae7617449 ("x86/fpu/xstate: Cleanup size calculations") 617473acdfe4 ("x86/fpu: Cleanup fpu__init_system_xstate_size_legacy()") 578971f4e228 ("x86/fpu: Provide struct fpu_config") 5509cc78080d ("x86/fpu/signal: Use fpstate for size and features") ad6ede407aae ("x86/fpu: Use fpstate in fpu_copy_kvm_uabi_to_fpstate()") be31dfdfd75b ("x86/fpu: Use fpstate::size") 248452ce21ae ("x86/fpu: Add size and mask information to fpstate") 2dd8eedc80b1 ("x86/process: Move arch_thread_struct_whitelist() out of line") c20942ce5128 ("x86/fpu/core: Convert to fpstate") 7e049e8b7459 ("x86/fpu/signal: Convert to fpstate") 087df48c298c ("x86/fpu: Replace KVMs xstate component clearing") 18b3fa1ad15f ("x86/fpu: Convert restore_fpregs_from_fpstate() to struct fpstate") f83ac56acdad ("x86/fpu: Convert fpstate_init() to struct fpstate") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2848ff28d180bd63a95da8e5dcbcdd76c1beeb7b Mon Sep 17 00:00:00 2001 From: Mitchell Levy <levymitchell0(a)gmail.com> Date: Mon, 12 Aug 2024 13:44:12 -0700 Subject: [PATCH] x86/fpu: Avoid writing LBR bit to IA32_XSS unless supported There are two distinct CPU features related to the use of XSAVES and LBR: whether LBR is itself supported and whether XSAVES supports LBR. The LBR subsystem correctly checks both in intel_pmu_arch_lbr_init(), but the XSTATE subsystem does not. The LBR bit is only removed from xfeatures_mask_independent when LBR is not supported by the CPU, but there is no validation of XSTATE support. If XSAVES does not support LBR the write to IA32_XSS causes a #GP fault, leaving the state of IA32_XSS unchanged, i.e. zero. The fault is handled with a warning and the boot continues. Consequently the next XRSTORS which tries to restore supervisor state fails with #GP because the RFBM has zero for all supervisor features, which does not match the XCOMP_BV field. As XFEATURE_MASK_FPSTATE includes supervisor features setting up the FPU causes a #GP, which ends up in fpu_reset_from_exception_fixup(). That fails due to the same problem resulting in recursive #GPs until the kernel runs out of stack space and double faults. Prevent this by storing the supported independent features in fpu_kernel_cfg during XSTATE initialization and use that cached value for retrieving the independent feature bits to be written into IA32_XSS. [ tglx: Massaged change log ] Fixes: f0dccc9da4c0 ("x86/fpu/xstate: Support dynamic supervisor feature for LBR") Suggested-by: Thomas Gleixner <tglx(a)linutronix.de> Signed-off-by: Mitchell Levy <levymitchell0(a)gmail.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/all/20240812-xsave-lbr-fix-v3-1-95bac1bf62f4@gmail.… diff --git a/arch/x86/include/asm/fpu/types.h b/arch/x86/include/asm/fpu/types.h index eb17f31b06d2..de16862bf230 100644 --- a/arch/x86/include/asm/fpu/types.h +++ b/arch/x86/include/asm/fpu/types.h @@ -591,6 +591,13 @@ struct fpu_state_config { * even without XSAVE support, i.e. legacy features FP + SSE */ u64 legacy_features; + /* + * @independent_features: + * + * Features that are supported by XSAVES, but not managed as part of + * the FPU core, such as LBR + */ + u64 independent_features; }; /* FPU state configuration information */ diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c index c5a026fee5e0..1339f8328db5 100644 --- a/arch/x86/kernel/fpu/xstate.c +++ b/arch/x86/kernel/fpu/xstate.c @@ -788,6 +788,9 @@ void __init fpu__init_system_xstate(unsigned int legacy_size) goto out_disable; } + fpu_kernel_cfg.independent_features = fpu_kernel_cfg.max_features & + XFEATURE_MASK_INDEPENDENT; + /* * Clear XSAVE features that are disabled in the normal CPUID. */ diff --git a/arch/x86/kernel/fpu/xstate.h b/arch/x86/kernel/fpu/xstate.h index 2ee0b9c53dcc..afb404cd2059 100644 --- a/arch/x86/kernel/fpu/xstate.h +++ b/arch/x86/kernel/fpu/xstate.h @@ -62,9 +62,9 @@ static inline u64 xfeatures_mask_supervisor(void) static inline u64 xfeatures_mask_independent(void) { if (!cpu_feature_enabled(X86_FEATURE_ARCH_LBR)) - return XFEATURE_MASK_INDEPENDENT & ~XFEATURE_MASK_LBR; + return fpu_kernel_cfg.independent_features & ~XFEATURE_MASK_LBR; - return XFEATURE_MASK_INDEPENDENT; + return fpu_kernel_cfg.independent_features; } /* XSAVE/XRSTOR wrapper functions */

1 year

1
0
0 0

FAILED: patch "[PATCH] net: mana: Fix error handling in mana_create_txq/rxq's NAPI" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x b6ecc662037694488bfff7c9fd21c405df8411f2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024090822-freeload-remission-9952@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: b6ecc6620376 ("net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup") f90f84201edd ("net: mana: Add counter for packet dropped by XDP") ed5356b53f07 ("net: mana: Add XDP support") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b6ecc662037694488bfff7c9fd21c405df8411f2 Mon Sep 17 00:00:00 2001 From: Souradeep Chakrabarti <schakrabarti(a)linux.microsoft.com> Date: Mon, 2 Sep 2024 05:43:47 -0700 Subject: [PATCH] net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup Currently napi_disable() gets called during rxq and txq cleanup, even before napi is enabled and hrtimer is initialized. It causes kernel panic. ? page_fault_oops+0x136/0x2b0 ? page_counter_cancel+0x2e/0x80 ? do_user_addr_fault+0x2f2/0x640 ? refill_obj_stock+0xc4/0x110 ? exc_page_fault+0x71/0x160 ? asm_exc_page_fault+0x27/0x30 ? __mmdrop+0x10/0x180 ? __mmdrop+0xec/0x180 ? hrtimer_active+0xd/0x50 hrtimer_try_to_cancel+0x2c/0xf0 hrtimer_cancel+0x15/0x30 napi_disable+0x65/0x90 mana_destroy_rxq+0x4c/0x2f0 mana_create_rxq.isra.0+0x56c/0x6d0 ? mana_uncfg_vport+0x50/0x50 mana_alloc_queues+0x21b/0x320 ? skb_dequeue+0x5f/0x80 Cc: stable(a)vger.kernel.org Fixes: e1b5683ff62e ("net: mana: Move NAPI from EQ to CQ") Signed-off-by: Souradeep Chakrabarti <schakrabarti(a)linux.microsoft.com> Reviewed-by: Haiyang Zhang <haiyangz(a)microsoft.com> Reviewed-by: Shradha Gupta <shradhagupta(a)linux.microsoft.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/drivers/net/ethernet/microsoft/mana/mana_en.c b/drivers/net/ethernet/microsoft/mana/mana_en.c index 39f56973746d..3d151700f658 100644 --- a/drivers/net/ethernet/microsoft/mana/mana_en.c +++ b/drivers/net/ethernet/microsoft/mana/mana_en.c @@ -1872,10 +1872,12 @@ static void mana_destroy_txq(struct mana_port_context *apc) for (i = 0; i < apc->num_queues; i++) { napi = &apc->tx_qp[i].tx_cq.napi; - napi_synchronize(napi); - napi_disable(napi); - netif_napi_del(napi); - + if (apc->tx_qp[i].txq.napi_initialized) { + napi_synchronize(napi); + napi_disable(napi); + netif_napi_del(napi); + apc->tx_qp[i].txq.napi_initialized = false; + } mana_destroy_wq_obj(apc, GDMA_SQ, apc->tx_qp[i].tx_object); mana_deinit_cq(apc, &apc->tx_qp[i].tx_cq); @@ -1931,6 +1933,7 @@ static int mana_create_txq(struct mana_port_context *apc, txq->ndev = net; txq->net_txq = netdev_get_tx_queue(net, i); txq->vp_offset = apc->tx_vp_offset; + txq->napi_initialized = false; skb_queue_head_init(&txq->pending_skbs); memset(&spec, 0, sizeof(spec)); @@ -1997,6 +2000,7 @@ static int mana_create_txq(struct mana_port_context *apc, netif_napi_add_tx(net, &cq->napi, mana_poll); napi_enable(&cq->napi); + txq->napi_initialized = true; mana_gd_ring_cq(cq->gdma_cq, SET_ARM_BIT); } @@ -2008,7 +2012,7 @@ static int mana_create_txq(struct mana_port_context *apc, } static void mana_destroy_rxq(struct mana_port_context *apc, - struct mana_rxq *rxq, bool validate_state) + struct mana_rxq *rxq, bool napi_initialized) { struct gdma_context *gc = apc->ac->gdma_dev->gdma_context; @@ -2023,15 +2027,15 @@ static void mana_destroy_rxq(struct mana_port_context *apc, napi = &rxq->rx_cq.napi; - if (validate_state) + if (napi_initialized) { napi_synchronize(napi); - napi_disable(napi); + napi_disable(napi); + netif_napi_del(napi); + } xdp_rxq_info_unreg(&rxq->xdp_rxq); - netif_napi_del(napi); - mana_destroy_wq_obj(apc, GDMA_RQ, rxq->rxobj); mana_deinit_cq(apc, &rxq->rx_cq); diff --git a/include/net/mana/mana.h b/include/net/mana/mana.h index 7caa334f4888..b8a6c7504ee1 100644 --- a/include/net/mana/mana.h +++ b/include/net/mana/mana.h @@ -98,6 +98,8 @@ struct mana_txq { atomic_t pending_sends; + bool napi_initialized; + struct mana_stats_tx stats; };

1 year

1
0
0 0

FAILED: patch "[PATCH] net: mana: Fix error handling in mana_create_txq/rxq's NAPI" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x b6ecc662037694488bfff7c9fd21c405df8411f2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024090821-winking-crib-3418@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: b6ecc6620376 ("net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b6ecc662037694488bfff7c9fd21c405df8411f2 Mon Sep 17 00:00:00 2001 From: Souradeep Chakrabarti <schakrabarti(a)linux.microsoft.com> Date: Mon, 2 Sep 2024 05:43:47 -0700 Subject: [PATCH] net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup Currently napi_disable() gets called during rxq and txq cleanup, even before napi is enabled and hrtimer is initialized. It causes kernel panic. ? page_fault_oops+0x136/0x2b0 ? page_counter_cancel+0x2e/0x80 ? do_user_addr_fault+0x2f2/0x640 ? refill_obj_stock+0xc4/0x110 ? exc_page_fault+0x71/0x160 ? asm_exc_page_fault+0x27/0x30 ? __mmdrop+0x10/0x180 ? __mmdrop+0xec/0x180 ? hrtimer_active+0xd/0x50 hrtimer_try_to_cancel+0x2c/0xf0 hrtimer_cancel+0x15/0x30 napi_disable+0x65/0x90 mana_destroy_rxq+0x4c/0x2f0 mana_create_rxq.isra.0+0x56c/0x6d0 ? mana_uncfg_vport+0x50/0x50 mana_alloc_queues+0x21b/0x320 ? skb_dequeue+0x5f/0x80 Cc: stable(a)vger.kernel.org Fixes: e1b5683ff62e ("net: mana: Move NAPI from EQ to CQ") Signed-off-by: Souradeep Chakrabarti <schakrabarti(a)linux.microsoft.com> Reviewed-by: Haiyang Zhang <haiyangz(a)microsoft.com> Reviewed-by: Shradha Gupta <shradhagupta(a)linux.microsoft.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/drivers/net/ethernet/microsoft/mana/mana_en.c b/drivers/net/ethernet/microsoft/mana/mana_en.c index 39f56973746d..3d151700f658 100644 --- a/drivers/net/ethernet/microsoft/mana/mana_en.c +++ b/drivers/net/ethernet/microsoft/mana/mana_en.c @@ -1872,10 +1872,12 @@ static void mana_destroy_txq(struct mana_port_context *apc) for (i = 0; i < apc->num_queues; i++) { napi = &apc->tx_qp[i].tx_cq.napi; - napi_synchronize(napi); - napi_disable(napi); - netif_napi_del(napi); - + if (apc->tx_qp[i].txq.napi_initialized) { + napi_synchronize(napi); + napi_disable(napi); + netif_napi_del(napi); + apc->tx_qp[i].txq.napi_initialized = false; + } mana_destroy_wq_obj(apc, GDMA_SQ, apc->tx_qp[i].tx_object); mana_deinit_cq(apc, &apc->tx_qp[i].tx_cq); @@ -1931,6 +1933,7 @@ static int mana_create_txq(struct mana_port_context *apc, txq->ndev = net; txq->net_txq = netdev_get_tx_queue(net, i); txq->vp_offset = apc->tx_vp_offset; + txq->napi_initialized = false; skb_queue_head_init(&txq->pending_skbs); memset(&spec, 0, sizeof(spec)); @@ -1997,6 +2000,7 @@ static int mana_create_txq(struct mana_port_context *apc, netif_napi_add_tx(net, &cq->napi, mana_poll); napi_enable(&cq->napi); + txq->napi_initialized = true; mana_gd_ring_cq(cq->gdma_cq, SET_ARM_BIT); } @@ -2008,7 +2012,7 @@ static int mana_create_txq(struct mana_port_context *apc, } static void mana_destroy_rxq(struct mana_port_context *apc, - struct mana_rxq *rxq, bool validate_state) + struct mana_rxq *rxq, bool napi_initialized) { struct gdma_context *gc = apc->ac->gdma_dev->gdma_context; @@ -2023,15 +2027,15 @@ static void mana_destroy_rxq(struct mana_port_context *apc, napi = &rxq->rx_cq.napi; - if (validate_state) + if (napi_initialized) { napi_synchronize(napi); - napi_disable(napi); + napi_disable(napi); + netif_napi_del(napi); + } xdp_rxq_info_unreg(&rxq->xdp_rxq); - netif_napi_del(napi); - mana_destroy_wq_obj(apc, GDMA_RQ, rxq->rxobj); mana_deinit_cq(apc, &rxq->rx_cq); diff --git a/include/net/mana/mana.h b/include/net/mana/mana.h index 7caa334f4888..b8a6c7504ee1 100644 --- a/include/net/mana/mana.h +++ b/include/net/mana/mana.h @@ -98,6 +98,8 @@ struct mana_txq { atomic_t pending_sends; + bool napi_initialized; + struct mana_stats_tx stats; };

1 year

1
0
0 0

FAILED: patch "[PATCH] userfaultfd: fix checks for huge PMDs" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 71c186efc1b2cf1aeabfeff3b9bd5ac4c5ac14d8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024090859-delicious-serpent-3635@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 71c186efc1b2 ("userfaultfd: fix checks for huge PMDs") dab6e717429e ("mm: Rename pmd_read_atomic()") 024d232ae4fc ("mm: Fix pmd_read_atomic()") fbfdec9989e6 ("x86/mm/pae: Make pmd_t similar to pte_t") bd74fdaea146 ("mm: multi-gen LRU: support page table walks") 018ee47f1489 ("mm: multi-gen LRU: exploit locality in rmap") ac35a4902374 ("mm: multi-gen LRU: minimal implementation") ec1c86b25f4b ("mm: multi-gen LRU: groundwork") f1e1a7be4718 ("mm/vmscan.c: refactor shrink_node()") d3629af59f41 ("mm/vmscan: make the annotations of refaults code at the right place") e9c2dbc8bf71 ("mm/vmscan: define macros for refaults in struct lruvec") 507228044236 ("mm/khugepaged: record SCAN_PMD_MAPPED when scan_pmd() finds hugepage") 6614a3c3164a ("Merge tag 'mm-stable-2022-08-03' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 71c186efc1b2cf1aeabfeff3b9bd5ac4c5ac14d8 Mon Sep 17 00:00:00 2001 From: Jann Horn <jannh(a)google.com> Date: Tue, 13 Aug 2024 22:25:21 +0200 Subject: [PATCH] userfaultfd: fix checks for huge PMDs Patch series "userfaultfd: fix races around pmd_trans_huge() check", v2. The pmd_trans_huge() code in mfill_atomic() is wrong in three different ways depending on kernel version: 1. The pmd_trans_huge() check is racy and can lead to a BUG_ON() (if you hit the right two race windows) - I've tested this in a kernel build with some extra mdelay() calls. See the commit message for a description of the race scenario. On older kernels (before 6.5), I think the same bug can even theoretically lead to accessing transhuge page contents as a page table if you hit the right 5 narrow race windows (I haven't tested this case). 2. As pointed out by Qi Zheng, pmd_trans_huge() is not sufficient for detecting PMDs that don't point to page tables. On older kernels (before 6.5), you'd just have to win a single fairly wide race to hit this. I've tested this on 6.1 stable by racing migration (with a mdelay() patched into try_to_migrate()) against UFFDIO_ZEROPAGE - on my x86 VM, that causes a kernel oops in ptlock_ptr(). 3. On newer kernels (>=6.5), for shmem mappings, khugepaged is allowed to yank page tables out from under us (though I haven't tested that), so I think the BUG_ON() checks in mfill_atomic() are just wrong. I decided to write two separate fixes for these (one fix for bugs 1+2, one fix for bug 3), so that the first fix can be backported to kernels affected by bugs 1+2. This patch (of 2): This fixes two issues. I discovered that the following race can occur: mfill_atomic other thread ============ ============ <zap PMD> pmdp_get_lockless() [reads none pmd] <bail if trans_huge> <if none:> <pagefault creates transhuge zeropage> __pte_alloc [no-op] <zap PMD> <bail if pmd_trans_huge(*dst_pmd)> BUG_ON(pmd_none(*dst_pmd)) I have experimentally verified this in a kernel with extra mdelay() calls; the BUG_ON(pmd_none(*dst_pmd)) triggers. On kernels newer than commit 0d940a9b270b ("mm/pgtable: allow pte_offset_map[_lock]() to fail"), this can't lead to anything worse than a BUG_ON(), since the page table access helpers are actually designed to deal with page tables concurrently disappearing; but on older kernels (<=6.4), I think we could probably theoretically race past the two BUG_ON() checks and end up treating a hugepage as a page table. The second issue is that, as Qi Zheng pointed out, there are other types of huge PMDs that pmd_trans_huge() can't catch: devmap PMDs and swap PMDs (in particular, migration PMDs). On <=6.4, this is worse than the first issue: If mfill_atomic() runs on a PMD that contains a migration entry (which just requires winning a single, fairly wide race), it will pass the PMD to pte_offset_map_lock(), which assumes that the PMD points to a page table. Breakage follows: First, the kernel tries to take the PTE lock (which will crash or maybe worse if there is no "struct page" for the address bits in the migration entry PMD - I think at least on X86 there usually is no corresponding "struct page" thanks to the PTE inversion mitigation, amd64 looks different). If that didn't crash, the kernel would next try to write a PTE into what it wrongly thinks is a page table. As part of fixing these issues, get rid of the check for pmd_trans_huge() before __pte_alloc() - that's redundant, we're going to have to check for that after the __pte_alloc() anyway. Backport note: pmdp_get_lockless() is pmd_read_atomic() in older kernels. Link: https://lkml.kernel.org/r/20240813-uffd-thp-flip-fix-v2-0-5efa61078a41@goog… Link: https://lkml.kernel.org/r/20240813-uffd-thp-flip-fix-v2-1-5efa61078a41@goog… Fixes: c1a4de99fada ("userfaultfd: mcopy_atomic|mfill_zeropage: UFFDIO_COPY|UFFDIO_ZEROPAGE preparation") Signed-off-by: Jann Horn <jannh(a)google.com> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Jann Horn <jannh(a)google.com> Cc: Pavel Emelyanov <xemul(a)virtuozzo.com> Cc: Qi Zheng <zhengqi.arch(a)bytedance.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/userfaultfd.c b/mm/userfaultfd.c index e54e5c8907fa..290b2a0d84ac 100644 --- a/mm/userfaultfd.c +++ b/mm/userfaultfd.c @@ -787,21 +787,23 @@ static __always_inline ssize_t mfill_atomic(struct userfaultfd_ctx *ctx, } dst_pmdval = pmdp_get_lockless(dst_pmd); - /* - * If the dst_pmd is mapped as THP don't - * override it and just be strict. - */ - if (unlikely(pmd_trans_huge(dst_pmdval))) { - err = -EEXIST; - break; - } if (unlikely(pmd_none(dst_pmdval)) && unlikely(__pte_alloc(dst_mm, dst_pmd))) { err = -ENOMEM; break; } - /* If an huge pmd materialized from under us fail */ - if (unlikely(pmd_trans_huge(*dst_pmd))) { + dst_pmdval = pmdp_get_lockless(dst_pmd); + /* + * If the dst_pmd is THP don't override it and just be strict. + * (This includes the case where the PMD used to be THP and + * changed back to none after __pte_alloc().) + */ + if (unlikely(!pmd_present(dst_pmdval) || pmd_trans_huge(dst_pmdval) || + pmd_devmap(dst_pmdval))) { + err = -EEXIST; + break; + } + if (unlikely(pmd_bad(dst_pmdval))) { err = -EFAULT; break; }

1 year

1
0
0 0

FAILED: patch "[PATCH] userfaultfd: fix checks for huge PMDs" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 71c186efc1b2cf1aeabfeff3b9bd5ac4c5ac14d8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024090857-wieldable-pedicure-19b9@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 71c186efc1b2 ("userfaultfd: fix checks for huge PMDs") dab6e717429e ("mm: Rename pmd_read_atomic()") 024d232ae4fc ("mm: Fix pmd_read_atomic()") fbfdec9989e6 ("x86/mm/pae: Make pmd_t similar to pte_t") bd74fdaea146 ("mm: multi-gen LRU: support page table walks") 018ee47f1489 ("mm: multi-gen LRU: exploit locality in rmap") ac35a4902374 ("mm: multi-gen LRU: minimal implementation") ec1c86b25f4b ("mm: multi-gen LRU: groundwork") f1e1a7be4718 ("mm/vmscan.c: refactor shrink_node()") d3629af59f41 ("mm/vmscan: make the annotations of refaults code at the right place") e9c2dbc8bf71 ("mm/vmscan: define macros for refaults in struct lruvec") 507228044236 ("mm/khugepaged: record SCAN_PMD_MAPPED when scan_pmd() finds hugepage") 6614a3c3164a ("Merge tag 'mm-stable-2022-08-03' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 71c186efc1b2cf1aeabfeff3b9bd5ac4c5ac14d8 Mon Sep 17 00:00:00 2001 From: Jann Horn <jannh(a)google.com> Date: Tue, 13 Aug 2024 22:25:21 +0200 Subject: [PATCH] userfaultfd: fix checks for huge PMDs Patch series "userfaultfd: fix races around pmd_trans_huge() check", v2. The pmd_trans_huge() code in mfill_atomic() is wrong in three different ways depending on kernel version: 1. The pmd_trans_huge() check is racy and can lead to a BUG_ON() (if you hit the right two race windows) - I've tested this in a kernel build with some extra mdelay() calls. See the commit message for a description of the race scenario. On older kernels (before 6.5), I think the same bug can even theoretically lead to accessing transhuge page contents as a page table if you hit the right 5 narrow race windows (I haven't tested this case). 2. As pointed out by Qi Zheng, pmd_trans_huge() is not sufficient for detecting PMDs that don't point to page tables. On older kernels (before 6.5), you'd just have to win a single fairly wide race to hit this. I've tested this on 6.1 stable by racing migration (with a mdelay() patched into try_to_migrate()) against UFFDIO_ZEROPAGE - on my x86 VM, that causes a kernel oops in ptlock_ptr(). 3. On newer kernels (>=6.5), for shmem mappings, khugepaged is allowed to yank page tables out from under us (though I haven't tested that), so I think the BUG_ON() checks in mfill_atomic() are just wrong. I decided to write two separate fixes for these (one fix for bugs 1+2, one fix for bug 3), so that the first fix can be backported to kernels affected by bugs 1+2. This patch (of 2): This fixes two issues. I discovered that the following race can occur: mfill_atomic other thread ============ ============ <zap PMD> pmdp_get_lockless() [reads none pmd] <bail if trans_huge> <if none:> <pagefault creates transhuge zeropage> __pte_alloc [no-op] <zap PMD> <bail if pmd_trans_huge(*dst_pmd)> BUG_ON(pmd_none(*dst_pmd)) I have experimentally verified this in a kernel with extra mdelay() calls; the BUG_ON(pmd_none(*dst_pmd)) triggers. On kernels newer than commit 0d940a9b270b ("mm/pgtable: allow pte_offset_map[_lock]() to fail"), this can't lead to anything worse than a BUG_ON(), since the page table access helpers are actually designed to deal with page tables concurrently disappearing; but on older kernels (<=6.4), I think we could probably theoretically race past the two BUG_ON() checks and end up treating a hugepage as a page table. The second issue is that, as Qi Zheng pointed out, there are other types of huge PMDs that pmd_trans_huge() can't catch: devmap PMDs and swap PMDs (in particular, migration PMDs). On <=6.4, this is worse than the first issue: If mfill_atomic() runs on a PMD that contains a migration entry (which just requires winning a single, fairly wide race), it will pass the PMD to pte_offset_map_lock(), which assumes that the PMD points to a page table. Breakage follows: First, the kernel tries to take the PTE lock (which will crash or maybe worse if there is no "struct page" for the address bits in the migration entry PMD - I think at least on X86 there usually is no corresponding "struct page" thanks to the PTE inversion mitigation, amd64 looks different). If that didn't crash, the kernel would next try to write a PTE into what it wrongly thinks is a page table. As part of fixing these issues, get rid of the check for pmd_trans_huge() before __pte_alloc() - that's redundant, we're going to have to check for that after the __pte_alloc() anyway. Backport note: pmdp_get_lockless() is pmd_read_atomic() in older kernels. Link: https://lkml.kernel.org/r/20240813-uffd-thp-flip-fix-v2-0-5efa61078a41@goog… Link: https://lkml.kernel.org/r/20240813-uffd-thp-flip-fix-v2-1-5efa61078a41@goog… Fixes: c1a4de99fada ("userfaultfd: mcopy_atomic|mfill_zeropage: UFFDIO_COPY|UFFDIO_ZEROPAGE preparation") Signed-off-by: Jann Horn <jannh(a)google.com> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Jann Horn <jannh(a)google.com> Cc: Pavel Emelyanov <xemul(a)virtuozzo.com> Cc: Qi Zheng <zhengqi.arch(a)bytedance.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/userfaultfd.c b/mm/userfaultfd.c index e54e5c8907fa..290b2a0d84ac 100644 --- a/mm/userfaultfd.c +++ b/mm/userfaultfd.c @@ -787,21 +787,23 @@ static __always_inline ssize_t mfill_atomic(struct userfaultfd_ctx *ctx, } dst_pmdval = pmdp_get_lockless(dst_pmd); - /* - * If the dst_pmd is mapped as THP don't - * override it and just be strict. - */ - if (unlikely(pmd_trans_huge(dst_pmdval))) { - err = -EEXIST; - break; - } if (unlikely(pmd_none(dst_pmdval)) && unlikely(__pte_alloc(dst_mm, dst_pmd))) { err = -ENOMEM; break; } - /* If an huge pmd materialized from under us fail */ - if (unlikely(pmd_trans_huge(*dst_pmd))) { + dst_pmdval = pmdp_get_lockless(dst_pmd); + /* + * If the dst_pmd is THP don't override it and just be strict. + * (This includes the case where the PMD used to be THP and + * changed back to none after __pte_alloc().) + */ + if (unlikely(!pmd_present(dst_pmdval) || pmd_trans_huge(dst_pmdval) || + pmd_devmap(dst_pmdval))) { + err = -EEXIST; + break; + } + if (unlikely(pmd_bad(dst_pmdval))) { err = -EFAULT; break; }

1 year

1
0
0 0

FAILED: patch "[PATCH] userfaultfd: fix checks for huge PMDs" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 71c186efc1b2cf1aeabfeff3b9bd5ac4c5ac14d8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024090855-kiln-shrank-fea8@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 71c186efc1b2 ("userfaultfd: fix checks for huge PMDs") dab6e717429e ("mm: Rename pmd_read_atomic()") 024d232ae4fc ("mm: Fix pmd_read_atomic()") fbfdec9989e6 ("x86/mm/pae: Make pmd_t similar to pte_t") bd74fdaea146 ("mm: multi-gen LRU: support page table walks") 018ee47f1489 ("mm: multi-gen LRU: exploit locality in rmap") ac35a4902374 ("mm: multi-gen LRU: minimal implementation") ec1c86b25f4b ("mm: multi-gen LRU: groundwork") f1e1a7be4718 ("mm/vmscan.c: refactor shrink_node()") d3629af59f41 ("mm/vmscan: make the annotations of refaults code at the right place") e9c2dbc8bf71 ("mm/vmscan: define macros for refaults in struct lruvec") 507228044236 ("mm/khugepaged: record SCAN_PMD_MAPPED when scan_pmd() finds hugepage") 6614a3c3164a ("Merge tag 'mm-stable-2022-08-03' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 71c186efc1b2cf1aeabfeff3b9bd5ac4c5ac14d8 Mon Sep 17 00:00:00 2001 From: Jann Horn <jannh(a)google.com> Date: Tue, 13 Aug 2024 22:25:21 +0200 Subject: [PATCH] userfaultfd: fix checks for huge PMDs Patch series "userfaultfd: fix races around pmd_trans_huge() check", v2. The pmd_trans_huge() code in mfill_atomic() is wrong in three different ways depending on kernel version: 1. The pmd_trans_huge() check is racy and can lead to a BUG_ON() (if you hit the right two race windows) - I've tested this in a kernel build with some extra mdelay() calls. See the commit message for a description of the race scenario. On older kernels (before 6.5), I think the same bug can even theoretically lead to accessing transhuge page contents as a page table if you hit the right 5 narrow race windows (I haven't tested this case). 2. As pointed out by Qi Zheng, pmd_trans_huge() is not sufficient for detecting PMDs that don't point to page tables. On older kernels (before 6.5), you'd just have to win a single fairly wide race to hit this. I've tested this on 6.1 stable by racing migration (with a mdelay() patched into try_to_migrate()) against UFFDIO_ZEROPAGE - on my x86 VM, that causes a kernel oops in ptlock_ptr(). 3. On newer kernels (>=6.5), for shmem mappings, khugepaged is allowed to yank page tables out from under us (though I haven't tested that), so I think the BUG_ON() checks in mfill_atomic() are just wrong. I decided to write two separate fixes for these (one fix for bugs 1+2, one fix for bug 3), so that the first fix can be backported to kernels affected by bugs 1+2. This patch (of 2): This fixes two issues. I discovered that the following race can occur: mfill_atomic other thread ============ ============ <zap PMD> pmdp_get_lockless() [reads none pmd] <bail if trans_huge> <if none:> <pagefault creates transhuge zeropage> __pte_alloc [no-op] <zap PMD> <bail if pmd_trans_huge(*dst_pmd)> BUG_ON(pmd_none(*dst_pmd)) I have experimentally verified this in a kernel with extra mdelay() calls; the BUG_ON(pmd_none(*dst_pmd)) triggers. On kernels newer than commit 0d940a9b270b ("mm/pgtable: allow pte_offset_map[_lock]() to fail"), this can't lead to anything worse than a BUG_ON(), since the page table access helpers are actually designed to deal with page tables concurrently disappearing; but on older kernels (<=6.4), I think we could probably theoretically race past the two BUG_ON() checks and end up treating a hugepage as a page table. The second issue is that, as Qi Zheng pointed out, there are other types of huge PMDs that pmd_trans_huge() can't catch: devmap PMDs and swap PMDs (in particular, migration PMDs). On <=6.4, this is worse than the first issue: If mfill_atomic() runs on a PMD that contains a migration entry (which just requires winning a single, fairly wide race), it will pass the PMD to pte_offset_map_lock(), which assumes that the PMD points to a page table. Breakage follows: First, the kernel tries to take the PTE lock (which will crash or maybe worse if there is no "struct page" for the address bits in the migration entry PMD - I think at least on X86 there usually is no corresponding "struct page" thanks to the PTE inversion mitigation, amd64 looks different). If that didn't crash, the kernel would next try to write a PTE into what it wrongly thinks is a page table. As part of fixing these issues, get rid of the check for pmd_trans_huge() before __pte_alloc() - that's redundant, we're going to have to check for that after the __pte_alloc() anyway. Backport note: pmdp_get_lockless() is pmd_read_atomic() in older kernels. Link: https://lkml.kernel.org/r/20240813-uffd-thp-flip-fix-v2-0-5efa61078a41@goog… Link: https://lkml.kernel.org/r/20240813-uffd-thp-flip-fix-v2-1-5efa61078a41@goog… Fixes: c1a4de99fada ("userfaultfd: mcopy_atomic|mfill_zeropage: UFFDIO_COPY|UFFDIO_ZEROPAGE preparation") Signed-off-by: Jann Horn <jannh(a)google.com> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Jann Horn <jannh(a)google.com> Cc: Pavel Emelyanov <xemul(a)virtuozzo.com> Cc: Qi Zheng <zhengqi.arch(a)bytedance.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/userfaultfd.c b/mm/userfaultfd.c index e54e5c8907fa..290b2a0d84ac 100644 --- a/mm/userfaultfd.c +++ b/mm/userfaultfd.c @@ -787,21 +787,23 @@ static __always_inline ssize_t mfill_atomic(struct userfaultfd_ctx *ctx, } dst_pmdval = pmdp_get_lockless(dst_pmd); - /* - * If the dst_pmd is mapped as THP don't - * override it and just be strict. - */ - if (unlikely(pmd_trans_huge(dst_pmdval))) { - err = -EEXIST; - break; - } if (unlikely(pmd_none(dst_pmdval)) && unlikely(__pte_alloc(dst_mm, dst_pmd))) { err = -ENOMEM; break; } - /* If an huge pmd materialized from under us fail */ - if (unlikely(pmd_trans_huge(*dst_pmd))) { + dst_pmdval = pmdp_get_lockless(dst_pmd); + /* + * If the dst_pmd is THP don't override it and just be strict. + * (This includes the case where the PMD used to be THP and + * changed back to none after __pte_alloc().) + */ + if (unlikely(!pmd_present(dst_pmdval) || pmd_trans_huge(dst_pmdval) || + pmd_devmap(dst_pmdval))) { + err = -EEXIST; + break; + } + if (unlikely(pmd_bad(dst_pmdval))) { err = -EFAULT; break; }

1 year

1
0
0 0

FAILED: patch "[PATCH] userfaultfd: fix checks for huge PMDs" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 71c186efc1b2cf1aeabfeff3b9bd5ac4c5ac14d8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024090853-unworldly-aerobics-75a0@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 71c186efc1b2 ("userfaultfd: fix checks for huge PMDs") dab6e717429e ("mm: Rename pmd_read_atomic()") 024d232ae4fc ("mm: Fix pmd_read_atomic()") fbfdec9989e6 ("x86/mm/pae: Make pmd_t similar to pte_t") bd74fdaea146 ("mm: multi-gen LRU: support page table walks") 018ee47f1489 ("mm: multi-gen LRU: exploit locality in rmap") ac35a4902374 ("mm: multi-gen LRU: minimal implementation") ec1c86b25f4b ("mm: multi-gen LRU: groundwork") f1e1a7be4718 ("mm/vmscan.c: refactor shrink_node()") d3629af59f41 ("mm/vmscan: make the annotations of refaults code at the right place") e9c2dbc8bf71 ("mm/vmscan: define macros for refaults in struct lruvec") 507228044236 ("mm/khugepaged: record SCAN_PMD_MAPPED when scan_pmd() finds hugepage") 6614a3c3164a ("Merge tag 'mm-stable-2022-08-03' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 71c186efc1b2cf1aeabfeff3b9bd5ac4c5ac14d8 Mon Sep 17 00:00:00 2001 From: Jann Horn <jannh(a)google.com> Date: Tue, 13 Aug 2024 22:25:21 +0200 Subject: [PATCH] userfaultfd: fix checks for huge PMDs Patch series "userfaultfd: fix races around pmd_trans_huge() check", v2. The pmd_trans_huge() code in mfill_atomic() is wrong in three different ways depending on kernel version: 1. The pmd_trans_huge() check is racy and can lead to a BUG_ON() (if you hit the right two race windows) - I've tested this in a kernel build with some extra mdelay() calls. See the commit message for a description of the race scenario. On older kernels (before 6.5), I think the same bug can even theoretically lead to accessing transhuge page contents as a page table if you hit the right 5 narrow race windows (I haven't tested this case). 2. As pointed out by Qi Zheng, pmd_trans_huge() is not sufficient for detecting PMDs that don't point to page tables. On older kernels (before 6.5), you'd just have to win a single fairly wide race to hit this. I've tested this on 6.1 stable by racing migration (with a mdelay() patched into try_to_migrate()) against UFFDIO_ZEROPAGE - on my x86 VM, that causes a kernel oops in ptlock_ptr(). 3. On newer kernels (>=6.5), for shmem mappings, khugepaged is allowed to yank page tables out from under us (though I haven't tested that), so I think the BUG_ON() checks in mfill_atomic() are just wrong. I decided to write two separate fixes for these (one fix for bugs 1+2, one fix for bug 3), so that the first fix can be backported to kernels affected by bugs 1+2. This patch (of 2): This fixes two issues. I discovered that the following race can occur: mfill_atomic other thread ============ ============ <zap PMD> pmdp_get_lockless() [reads none pmd] <bail if trans_huge> <if none:> <pagefault creates transhuge zeropage> __pte_alloc [no-op] <zap PMD> <bail if pmd_trans_huge(*dst_pmd)> BUG_ON(pmd_none(*dst_pmd)) I have experimentally verified this in a kernel with extra mdelay() calls; the BUG_ON(pmd_none(*dst_pmd)) triggers. On kernels newer than commit 0d940a9b270b ("mm/pgtable: allow pte_offset_map[_lock]() to fail"), this can't lead to anything worse than a BUG_ON(), since the page table access helpers are actually designed to deal with page tables concurrently disappearing; but on older kernels (<=6.4), I think we could probably theoretically race past the two BUG_ON() checks and end up treating a hugepage as a page table. The second issue is that, as Qi Zheng pointed out, there are other types of huge PMDs that pmd_trans_huge() can't catch: devmap PMDs and swap PMDs (in particular, migration PMDs). On <=6.4, this is worse than the first issue: If mfill_atomic() runs on a PMD that contains a migration entry (which just requires winning a single, fairly wide race), it will pass the PMD to pte_offset_map_lock(), which assumes that the PMD points to a page table. Breakage follows: First, the kernel tries to take the PTE lock (which will crash or maybe worse if there is no "struct page" for the address bits in the migration entry PMD - I think at least on X86 there usually is no corresponding "struct page" thanks to the PTE inversion mitigation, amd64 looks different). If that didn't crash, the kernel would next try to write a PTE into what it wrongly thinks is a page table. As part of fixing these issues, get rid of the check for pmd_trans_huge() before __pte_alloc() - that's redundant, we're going to have to check for that after the __pte_alloc() anyway. Backport note: pmdp_get_lockless() is pmd_read_atomic() in older kernels. Link: https://lkml.kernel.org/r/20240813-uffd-thp-flip-fix-v2-0-5efa61078a41@goog… Link: https://lkml.kernel.org/r/20240813-uffd-thp-flip-fix-v2-1-5efa61078a41@goog… Fixes: c1a4de99fada ("userfaultfd: mcopy_atomic|mfill_zeropage: UFFDIO_COPY|UFFDIO_ZEROPAGE preparation") Signed-off-by: Jann Horn <jannh(a)google.com> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Jann Horn <jannh(a)google.com> Cc: Pavel Emelyanov <xemul(a)virtuozzo.com> Cc: Qi Zheng <zhengqi.arch(a)bytedance.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/userfaultfd.c b/mm/userfaultfd.c index e54e5c8907fa..290b2a0d84ac 100644 --- a/mm/userfaultfd.c +++ b/mm/userfaultfd.c @@ -787,21 +787,23 @@ static __always_inline ssize_t mfill_atomic(struct userfaultfd_ctx *ctx, } dst_pmdval = pmdp_get_lockless(dst_pmd); - /* - * If the dst_pmd is mapped as THP don't - * override it and just be strict. - */ - if (unlikely(pmd_trans_huge(dst_pmdval))) { - err = -EEXIST; - break; - } if (unlikely(pmd_none(dst_pmdval)) && unlikely(__pte_alloc(dst_mm, dst_pmd))) { err = -ENOMEM; break; } - /* If an huge pmd materialized from under us fail */ - if (unlikely(pmd_trans_huge(*dst_pmd))) { + dst_pmdval = pmdp_get_lockless(dst_pmd); + /* + * If the dst_pmd is THP don't override it and just be strict. + * (This includes the case where the PMD used to be THP and + * changed back to none after __pte_alloc().) + */ + if (unlikely(!pmd_present(dst_pmdval) || pmd_trans_huge(dst_pmdval) || + pmd_devmap(dst_pmdval))) { + err = -EEXIST; + break; + } + if (unlikely(pmd_bad(dst_pmdval))) { err = -EFAULT; break; }

1 year

1
0
0 0

FAILED: patch "[PATCH] userfaultfd: fix checks for huge PMDs" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 71c186efc1b2cf1aeabfeff3b9bd5ac4c5ac14d8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024090851-swinging-pug-fba8@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 71c186efc1b2 ("userfaultfd: fix checks for huge PMDs") dab6e717429e ("mm: Rename pmd_read_atomic()") 024d232ae4fc ("mm: Fix pmd_read_atomic()") fbfdec9989e6 ("x86/mm/pae: Make pmd_t similar to pte_t") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 71c186efc1b2cf1aeabfeff3b9bd5ac4c5ac14d8 Mon Sep 17 00:00:00 2001 From: Jann Horn <jannh(a)google.com> Date: Tue, 13 Aug 2024 22:25:21 +0200 Subject: [PATCH] userfaultfd: fix checks for huge PMDs Patch series "userfaultfd: fix races around pmd_trans_huge() check", v2. The pmd_trans_huge() code in mfill_atomic() is wrong in three different ways depending on kernel version: 1. The pmd_trans_huge() check is racy and can lead to a BUG_ON() (if you hit the right two race windows) - I've tested this in a kernel build with some extra mdelay() calls. See the commit message for a description of the race scenario. On older kernels (before 6.5), I think the same bug can even theoretically lead to accessing transhuge page contents as a page table if you hit the right 5 narrow race windows (I haven't tested this case). 2. As pointed out by Qi Zheng, pmd_trans_huge() is not sufficient for detecting PMDs that don't point to page tables. On older kernels (before 6.5), you'd just have to win a single fairly wide race to hit this. I've tested this on 6.1 stable by racing migration (with a mdelay() patched into try_to_migrate()) against UFFDIO_ZEROPAGE - on my x86 VM, that causes a kernel oops in ptlock_ptr(). 3. On newer kernels (>=6.5), for shmem mappings, khugepaged is allowed to yank page tables out from under us (though I haven't tested that), so I think the BUG_ON() checks in mfill_atomic() are just wrong. I decided to write two separate fixes for these (one fix for bugs 1+2, one fix for bug 3), so that the first fix can be backported to kernels affected by bugs 1+2. This patch (of 2): This fixes two issues. I discovered that the following race can occur: mfill_atomic other thread ============ ============ <zap PMD> pmdp_get_lockless() [reads none pmd] <bail if trans_huge> <if none:> <pagefault creates transhuge zeropage> __pte_alloc [no-op] <zap PMD> <bail if pmd_trans_huge(*dst_pmd)> BUG_ON(pmd_none(*dst_pmd)) I have experimentally verified this in a kernel with extra mdelay() calls; the BUG_ON(pmd_none(*dst_pmd)) triggers. On kernels newer than commit 0d940a9b270b ("mm/pgtable: allow pte_offset_map[_lock]() to fail"), this can't lead to anything worse than a BUG_ON(), since the page table access helpers are actually designed to deal with page tables concurrently disappearing; but on older kernels (<=6.4), I think we could probably theoretically race past the two BUG_ON() checks and end up treating a hugepage as a page table. The second issue is that, as Qi Zheng pointed out, there are other types of huge PMDs that pmd_trans_huge() can't catch: devmap PMDs and swap PMDs (in particular, migration PMDs). On <=6.4, this is worse than the first issue: If mfill_atomic() runs on a PMD that contains a migration entry (which just requires winning a single, fairly wide race), it will pass the PMD to pte_offset_map_lock(), which assumes that the PMD points to a page table. Breakage follows: First, the kernel tries to take the PTE lock (which will crash or maybe worse if there is no "struct page" for the address bits in the migration entry PMD - I think at least on X86 there usually is no corresponding "struct page" thanks to the PTE inversion mitigation, amd64 looks different). If that didn't crash, the kernel would next try to write a PTE into what it wrongly thinks is a page table. As part of fixing these issues, get rid of the check for pmd_trans_huge() before __pte_alloc() - that's redundant, we're going to have to check for that after the __pte_alloc() anyway. Backport note: pmdp_get_lockless() is pmd_read_atomic() in older kernels. Link: https://lkml.kernel.org/r/20240813-uffd-thp-flip-fix-v2-0-5efa61078a41@goog… Link: https://lkml.kernel.org/r/20240813-uffd-thp-flip-fix-v2-1-5efa61078a41@goog… Fixes: c1a4de99fada ("userfaultfd: mcopy_atomic|mfill_zeropage: UFFDIO_COPY|UFFDIO_ZEROPAGE preparation") Signed-off-by: Jann Horn <jannh(a)google.com> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Jann Horn <jannh(a)google.com> Cc: Pavel Emelyanov <xemul(a)virtuozzo.com> Cc: Qi Zheng <zhengqi.arch(a)bytedance.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/userfaultfd.c b/mm/userfaultfd.c index e54e5c8907fa..290b2a0d84ac 100644 --- a/mm/userfaultfd.c +++ b/mm/userfaultfd.c @@ -787,21 +787,23 @@ static __always_inline ssize_t mfill_atomic(struct userfaultfd_ctx *ctx, } dst_pmdval = pmdp_get_lockless(dst_pmd); - /* - * If the dst_pmd is mapped as THP don't - * override it and just be strict. - */ - if (unlikely(pmd_trans_huge(dst_pmdval))) { - err = -EEXIST; - break; - } if (unlikely(pmd_none(dst_pmdval)) && unlikely(__pte_alloc(dst_mm, dst_pmd))) { err = -ENOMEM; break; } - /* If an huge pmd materialized from under us fail */ - if (unlikely(pmd_trans_huge(*dst_pmd))) { + dst_pmdval = pmdp_get_lockless(dst_pmd); + /* + * If the dst_pmd is THP don't override it and just be strict. + * (This includes the case where the PMD used to be THP and + * changed back to none after __pte_alloc().) + */ + if (unlikely(!pmd_present(dst_pmdval) || pmd_trans_huge(dst_pmdval) || + pmd_devmap(dst_pmdval))) { + err = -EEXIST; + break; + } + if (unlikely(pmd_bad(dst_pmdval))) { err = -EFAULT; break; }

1 year

1
0
0 0

FAILED: patch "[PATCH] tracing: Avoid possible softlockup in tracing_iter_reset()" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 49aa8a1f4d6800721c7971ed383078257f12e8f9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024090835-matchbox-untreated-40ad@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 49aa8a1f4d68 ("tracing: Avoid possible softlockup in tracing_iter_reset()") bc1a72afdc4a ("ring-buffer: Rename ring_buffer_read() to read_buffer_iter_advance()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 49aa8a1f4d6800721c7971ed383078257f12e8f9 Mon Sep 17 00:00:00 2001 From: Zheng Yejian <zhengyejian(a)huaweicloud.com> Date: Tue, 27 Aug 2024 20:46:54 +0800 Subject: [PATCH] tracing: Avoid possible softlockup in tracing_iter_reset() In __tracing_open(), when max latency tracers took place on the cpu, the time start of its buffer would be updated, then event entries with timestamps being earlier than start of the buffer would be skipped (see tracing_iter_reset()). Softlockup will occur if the kernel is non-preemptible and too many entries were skipped in the loop that reset every cpu buffer, so add cond_resched() to avoid it. Cc: stable(a)vger.kernel.org Fixes: 2f26ebd549b9a ("tracing: use timestamp to determine start of latency traces") Link: https://lore.kernel.org/20240827124654.3817443-1-zhengyejian@huaweicloud.com Suggested-by: Steven Rostedt <rostedt(a)goodmis.org> Signed-off-by: Zheng Yejian <zhengyejian(a)huaweicloud.com> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c index ebe7ce2f5f4a..edf6bc817aa1 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c @@ -3958,6 +3958,8 @@ void tracing_iter_reset(struct trace_iterator *iter, int cpu) break; entries++; ring_buffer_iter_advance(buf_iter); + /* This could be a big loop */ + cond_resched(); } per_cpu_ptr(iter->array_buffer->data, cpu)->skipped_entries = entries;

1 year

1
0
0 0

FAILED: patch "[PATCH] tracing: Avoid possible softlockup in tracing_iter_reset()" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 49aa8a1f4d6800721c7971ed383078257f12e8f9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024090834-cheddar-crust-24f3@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 49aa8a1f4d68 ("tracing: Avoid possible softlockup in tracing_iter_reset()") bc1a72afdc4a ("ring-buffer: Rename ring_buffer_read() to read_buffer_iter_advance()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 49aa8a1f4d6800721c7971ed383078257f12e8f9 Mon Sep 17 00:00:00 2001 From: Zheng Yejian <zhengyejian(a)huaweicloud.com> Date: Tue, 27 Aug 2024 20:46:54 +0800 Subject: [PATCH] tracing: Avoid possible softlockup in tracing_iter_reset() In __tracing_open(), when max latency tracers took place on the cpu, the time start of its buffer would be updated, then event entries with timestamps being earlier than start of the buffer would be skipped (see tracing_iter_reset()). Softlockup will occur if the kernel is non-preemptible and too many entries were skipped in the loop that reset every cpu buffer, so add cond_resched() to avoid it. Cc: stable(a)vger.kernel.org Fixes: 2f26ebd549b9a ("tracing: use timestamp to determine start of latency traces") Link: https://lore.kernel.org/20240827124654.3817443-1-zhengyejian@huaweicloud.com Suggested-by: Steven Rostedt <rostedt(a)goodmis.org> Signed-off-by: Zheng Yejian <zhengyejian(a)huaweicloud.com> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c index ebe7ce2f5f4a..edf6bc817aa1 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c @@ -3958,6 +3958,8 @@ void tracing_iter_reset(struct trace_iterator *iter, int cpu) break; entries++; ring_buffer_iter_advance(buf_iter); + /* This could be a big loop */ + cond_resched(); } per_cpu_ptr(iter->array_buffer->data, cpu)->skipped_entries = entries;

1 year

1
0
0 0

FAILED: patch "[PATCH] Revert "mm: skip CMA pages when they are not available"" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x bfe0857c20c663fcc1592fa4e3a61ca12b07dac9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024090830-imaging-symphonic-8783@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: bfe0857c20c6 ("Revert "mm: skip CMA pages when they are not available"") 97144ce008f9 ("mm/vmscan: use folio_migratetype() instead of get_pageblock_migratetype()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From bfe0857c20c663fcc1592fa4e3a61ca12b07dac9 Mon Sep 17 00:00:00 2001 From: Usama Arif <usamaarif642(a)gmail.com> Date: Wed, 21 Aug 2024 20:26:07 +0100 Subject: [PATCH] Revert "mm: skip CMA pages when they are not available" This reverts commit 5da226dbfce3 ("mm: skip CMA pages when they are not available") and b7108d66318a ("Multi-gen LRU: skip CMA pages when they are not eligible"). lruvec->lru_lock is highly contended and is held when calling isolate_lru_folios. If the lru has a large number of CMA folios consecutively, while the allocation type requested is not MIGRATE_MOVABLE, isolate_lru_folios can hold the lock for a very long time while it skips those. For FIO workload, ~150million order=0 folios were skipped to isolate a few ZONE_DMA folios [1]. This can cause lockups [1] and high memory pressure for extended periods of time [2]. Remove skipping CMA for MGLRU as well, as it was introduced in sort_folio for the same resaon as 5da226dbfce3a2f44978c2c7cf88166e69a6788b. [1] https://lore.kernel.org/all/CAOUHufbkhMZYz20aM_3rHZ3OcK4m2puji2FGpUpn_-DevG… [2] https://lore.kernel.org/all/ZrssOrcJIDy8hacI@gmail.com/ [usamaarif642(a)gmail.com: also revert b7108d66318a, per Johannes] Link: https://lkml.kernel.org/r/9060a32d-b2d7-48c0-8626-1db535653c54@gmail.com Link: https://lkml.kernel.org/r/357ac325-4c61-497a-92a3-bdbd230d5ec9@gmail.com Link: https://lkml.kernel.org/r/9060a32d-b2d7-48c0-8626-1db535653c54@gmail.com Fixes: 5da226dbfce3 ("mm: skip CMA pages when they are not available") Signed-off-by: Usama Arif <usamaarif642(a)gmail.com> Acked-by: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Bharata B Rao <bharata(a)amd.com> Cc: Breno Leitao <leitao(a)debian.org> Cc: David Hildenbrand <david(a)redhat.com> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: Rik van Riel <riel(a)surriel.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Yu Zhao <yuzhao(a)google.com> Cc: Zhaoyang Huang <huangzhaoyang(a)gmail.com> Cc: Zhaoyang Huang <zhaoyang.huang(a)unisoc.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/vmscan.c b/mm/vmscan.c index cfa839284b92..bd489c1af228 100644 --- a/mm/vmscan.c +++ b/mm/vmscan.c @@ -1604,25 +1604,6 @@ static __always_inline void update_lru_sizes(struct lruvec *lruvec, } -#ifdef CONFIG_CMA -/* - * It is waste of effort to scan and reclaim CMA pages if it is not available - * for current allocation context. Kswapd can not be enrolled as it can not - * distinguish this scenario by using sc->gfp_mask = GFP_KERNEL - */ -static bool skip_cma(struct folio *folio, struct scan_control *sc) -{ - return !current_is_kswapd() && - gfp_migratetype(sc->gfp_mask) != MIGRATE_MOVABLE && - folio_migratetype(folio) == MIGRATE_CMA; -} -#else -static bool skip_cma(struct folio *folio, struct scan_control *sc) -{ - return false; -} -#endif - /* * Isolating page from the lruvec to fill in @dst list by nr_to_scan times. * @@ -1669,8 +1650,7 @@ static unsigned long isolate_lru_folios(unsigned long nr_to_scan, nr_pages = folio_nr_pages(folio); total_scan += nr_pages; - if (folio_zonenum(folio) > sc->reclaim_idx || - skip_cma(folio, sc)) { + if (folio_zonenum(folio) > sc->reclaim_idx) { nr_skipped[folio_zonenum(folio)] += nr_pages; move_to = &folios_skipped; goto move; @@ -4320,7 +4300,7 @@ static bool sort_folio(struct lruvec *lruvec, struct folio *folio, struct scan_c } /* ineligible */ - if (zone > sc->reclaim_idx || skip_cma(folio, sc)) { + if (zone > sc->reclaim_idx) { gen = folio_inc_gen(lruvec, folio, false); list_move_tail(&folio->lru, &lrugen->folios[gen][type][zone]); return true;

1 year

1
0
0 0

FAILED: patch "[PATCH] maple_tree: remove rcu_read_lock() from mt_validate()" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x f806de88d8f7f8191afd0fd9b94db4cd058e7d4f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024090851-coroner-surname-cd39@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: f806de88d8f7 ("maple_tree: remove rcu_read_lock() from mt_validate()") 9a40d45c1f2c ("maple_tree: remove mas_searchable()") 067311d33e65 ("maple_tree: separate ma_state node from status") 271f61a8b41d ("maple_tree: clean up inlines for some functions") bf857ddd21d0 ("maple_tree: move debug check to __mas_set_range()") f7a590189539 ("maple_tree: make mas_erase() more robust") a2587a7e8d37 ("maple_tree: add test for mtree_dup()") fd32e4e9b764 ("maple_tree: introduce interfaces __mt_dup() and mtree_dup()") 4f2267b58a22 ("maple_tree: add mt_free_one() and mt_attr() helpers") a8091f039c1e ("maple_tree: add MAS_UNDERFLOW and MAS_OVERFLOW states") 5c590804b6b0 ("maple_tree: add mas_is_active() to detect in-tree walks") 530f745c7620 ("maple_tree: replace data before marking dead in split and spanning store") 4ffc2ee2cf01 ("maple_tree: introduce mas_tree_parent() definition") 1238f6a226dc ("maple_tree: introduce mas_put_in_tree()") 72bcf4aa86ec ("maple_tree: reorder replacement of nodes to avoid live lock") fec29364348f ("maple_tree: reduce resets during store setup") da0892547b10 ("maple_tree: re-introduce entry to mas_preallocate() arguments") 53bee98d004f ("mm: remove re-walk from mmap_region()") c1297987cc2a ("maple_tree: introduce __mas_set_range()") a489539e33c2 ("maple_tree: update mt_validate()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f806de88d8f7f8191afd0fd9b94db4cd058e7d4f Mon Sep 17 00:00:00 2001 From: "Liam R. Howlett" <Liam.Howlett(a)Oracle.com> Date: Tue, 20 Aug 2024 13:54:17 -0400 Subject: [PATCH] maple_tree: remove rcu_read_lock() from mt_validate() The write lock should be held when validating the tree to avoid updates racing with checks. Holding the rcu read lock during a large tree validation may also cause a prolonged rcu read window and "rcu_preempt detected stalls" warnings. Link: https://lore.kernel.org/all/0000000000001d12d4062005aea1@google.com/ Link: https://lkml.kernel.org/r/20240820175417.2782532-1-Liam.Howlett@oracle.com Fixes: 54a611b60590 ("Maple Tree: add new data structure") Signed-off-by: Liam R. Howlett <Liam.Howlett(a)Oracle.com> Reported-by: syzbot+036af2f0c7338a33b0cd(a)syzkaller.appspotmail.com Cc: Hillf Danton <hdanton(a)sina.com> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: "Paul E. McKenney" <paulmck(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/lib/maple_tree.c b/lib/maple_tree.c index aa3a5df15b8e..6df3a8b95808 100644 --- a/lib/maple_tree.c +++ b/lib/maple_tree.c @@ -7566,14 +7566,14 @@ static void mt_validate_nulls(struct maple_tree *mt) * 2. The gap is correctly set in the parents */ void mt_validate(struct maple_tree *mt) + __must_hold(mas->tree->ma_lock) { unsigned char end; MA_STATE(mas, mt, 0, 0); - rcu_read_lock(); mas_start(&mas); if (!mas_is_active(&mas)) - goto done; + return; while (!mte_is_leaf(mas.node)) mas_descend(&mas); @@ -7594,9 +7594,6 @@ void mt_validate(struct maple_tree *mt) mas_dfs_postorder(&mas, ULONG_MAX); } mt_validate_nulls(mt); -done: - rcu_read_unlock(); - } EXPORT_SYMBOL_GPL(mt_validate);

1 year

1
0
0 0

FAILED: patch "[PATCH] maple_tree: remove rcu_read_lock() from mt_validate()" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x f806de88d8f7f8191afd0fd9b94db4cd058e7d4f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024090850-skirt-unsaved-fc27@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: f806de88d8f7 ("maple_tree: remove rcu_read_lock() from mt_validate()") 9a40d45c1f2c ("maple_tree: remove mas_searchable()") 067311d33e65 ("maple_tree: separate ma_state node from status") 271f61a8b41d ("maple_tree: clean up inlines for some functions") bf857ddd21d0 ("maple_tree: move debug check to __mas_set_range()") f7a590189539 ("maple_tree: make mas_erase() more robust") a2587a7e8d37 ("maple_tree: add test for mtree_dup()") fd32e4e9b764 ("maple_tree: introduce interfaces __mt_dup() and mtree_dup()") 4f2267b58a22 ("maple_tree: add mt_free_one() and mt_attr() helpers") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f806de88d8f7f8191afd0fd9b94db4cd058e7d4f Mon Sep 17 00:00:00 2001 From: "Liam R. Howlett" <Liam.Howlett(a)Oracle.com> Date: Tue, 20 Aug 2024 13:54:17 -0400 Subject: [PATCH] maple_tree: remove rcu_read_lock() from mt_validate() The write lock should be held when validating the tree to avoid updates racing with checks. Holding the rcu read lock during a large tree validation may also cause a prolonged rcu read window and "rcu_preempt detected stalls" warnings. Link: https://lore.kernel.org/all/0000000000001d12d4062005aea1@google.com/ Link: https://lkml.kernel.org/r/20240820175417.2782532-1-Liam.Howlett@oracle.com Fixes: 54a611b60590 ("Maple Tree: add new data structure") Signed-off-by: Liam R. Howlett <Liam.Howlett(a)Oracle.com> Reported-by: syzbot+036af2f0c7338a33b0cd(a)syzkaller.appspotmail.com Cc: Hillf Danton <hdanton(a)sina.com> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: "Paul E. McKenney" <paulmck(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/lib/maple_tree.c b/lib/maple_tree.c index aa3a5df15b8e..6df3a8b95808 100644 --- a/lib/maple_tree.c +++ b/lib/maple_tree.c @@ -7566,14 +7566,14 @@ static void mt_validate_nulls(struct maple_tree *mt) * 2. The gap is correctly set in the parents */ void mt_validate(struct maple_tree *mt) + __must_hold(mas->tree->ma_lock) { unsigned char end; MA_STATE(mas, mt, 0, 0); - rcu_read_lock(); mas_start(&mas); if (!mas_is_active(&mas)) - goto done; + return; while (!mte_is_leaf(mas.node)) mas_descend(&mas); @@ -7594,9 +7594,6 @@ void mt_validate(struct maple_tree *mt) mas_dfs_postorder(&mas, ULONG_MAX); } mt_validate_nulls(mt); -done: - rcu_read_unlock(); - } EXPORT_SYMBOL_GPL(mt_validate);

1 year

1
0
0 0

[Backport request for 5.4.y] clk: hi6220: use CLK_OF_DECLARE_DRIVER

by Yongqin Liu

Hi, Greg Could you please help to cherry-pick the following commit to the 5.4.y branch? f1edb498bd9f ("clk: hi6220: use CLK_OF_DECLARE_DRIVER") It's been there since the 5.10 kernel, and this along with the reset controller patch are needed for Hikey devices to work with 5.4.y kernels, otherwise it will get stuck during the boot. -- Best Regards, Yongqin Liu --------------------------------------------------------------- #mailing list linaro-android(a)lists.linaro.org http://lists.linaro.org/mailman/listinfo/linaro-android

1 year

2
1
0 0

FAILED: patch "[PATCH] fuse: fix memory leak in fuse_create_open" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 3002240d16494d798add0575e8ba1f284258ab34 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024090804-leverage-floral-9b6b@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 3002240d1649 ("fuse: fix memory leak in fuse_create_open") 15d937d7ca8c ("fuse: add request extension") 153524053bbb ("fuse: allow non-extending parallel direct writes on the same file") 4f8d37020e1f ("fuse: add "expire only" mode to FUSE_NOTIFY_INVAL_ENTRY") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3002240d16494d798add0575e8ba1f284258ab34 Mon Sep 17 00:00:00 2001 From: yangyun <yangyun50(a)huawei.com> Date: Fri, 23 Aug 2024 16:51:46 +0800 Subject: [PATCH] fuse: fix memory leak in fuse_create_open The memory of struct fuse_file is allocated but not freed when get_create_ext return error. Fixes: 3e2b6fdbdc9a ("fuse: send security context of inode on file") Cc: stable(a)vger.kernel.org # v5.17 Signed-off-by: yangyun <yangyun50(a)huawei.com> Signed-off-by: Miklos Szeredi <mszeredi(a)redhat.com> diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c index 2b0d4781f394..8e96df9fd76c 100644 --- a/fs/fuse/dir.c +++ b/fs/fuse/dir.c @@ -670,7 +670,7 @@ static int fuse_create_open(struct inode *dir, struct dentry *entry, err = get_create_ext(&args, dir, entry, mode); if (err) - goto out_put_forget_req; + goto out_free_ff; err = fuse_simple_request(fm, &args); free_ext_value(&args);

1 year

1
0
0 0

FAILED: patch "[PATCH] OPP: Fix support for required OPPs for multiple PM domains" failed to apply to 6.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.10.y git checkout FETCH_HEAD git cherry-pick -x 9ec87c5957ea9bf68d36f5e098605b585b2571e4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024090809-portion-riptide-f7d9@gregkh' --subject-prefix 'PATCH 6.10.y' HEAD^.. Possible dependencies: 9ec87c5957ea ("OPP: Fix support for required OPPs for multiple PM domains") 0d865221c8b1 ("OPP: Drop a redundant in-parameter to _set_opp_level()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9ec87c5957ea9bf68d36f5e098605b585b2571e4 Mon Sep 17 00:00:00 2001 From: Ulf Hansson <ulf.hansson(a)linaro.org> Date: Fri, 23 Aug 2024 00:45:38 +0200 Subject: [PATCH] OPP: Fix support for required OPPs for multiple PM domains It has turned out that having _set_required_opps() to recursively call dev_pm_opp_set_opp() to set the required OPPs, doesn't really work as well as we expected. More precisely, at each recursive call to dev_pm_opp_set_opp() we are changing an OPP for a required_dev that belongs to a required-OPP table. The problem with this, is that we may have several devices sharing the same required-OPP table, which leads to an incorrect behaviour in regards to aggregating the per device votes. To fix the problem for a required-OPP table belonging to a PM domain, which is the only existing usecase for now, let's simply replace the call to dev_pm_opp_set_opp() in _set_required_opps() by a call to _set_opp_level(). Moving forward we may potentially need to add support for other types of required-OPP tables. In this case, the aggregation needs to be thought of. Fixes: e37440e7e2c2 ("OPP: Call dev_pm_opp_set_opp() for required OPPs") Cc: stable(a)vger.kernel.org Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> Acked-by: Viresh Kumar <viresh.kumar(a)linaro.org> Link: https://lore.kernel.org/r/20240822224547.385095-2-ulf.hansson@linaro.org diff --git a/drivers/opp/core.c b/drivers/opp/core.c index 5f4598246a87..494f8860220d 100644 --- a/drivers/opp/core.c +++ b/drivers/opp/core.c @@ -1061,6 +1061,27 @@ static int _set_opp_bw(const struct opp_table *opp_table, return 0; } +static int _set_opp_level(struct device *dev, struct dev_pm_opp *opp) +{ + unsigned int level = 0; + int ret = 0; + + if (opp) { + if (opp->level == OPP_LEVEL_UNSET) + return 0; + + level = opp->level; + } + + /* Request a new performance state through the device's PM domain. */ + ret = dev_pm_domain_set_performance_state(dev, level); + if (ret) + dev_err(dev, "Failed to set performance state %u (%d)\n", level, + ret); + + return ret; +} + /* This is only called for PM domain for now */ static int _set_required_opps(struct device *dev, struct opp_table *opp_table, struct dev_pm_opp *opp, bool up) @@ -1091,7 +1112,7 @@ static int _set_required_opps(struct device *dev, struct opp_table *opp_table, if (devs[index]) { required_opp = opp ? opp->required_opps[index] : NULL; - ret = dev_pm_opp_set_opp(devs[index], required_opp); + ret = _set_opp_level(devs[index], required_opp); if (ret) return ret; } @@ -1102,27 +1123,6 @@ static int _set_required_opps(struct device *dev, struct opp_table *opp_table, return 0; } -static int _set_opp_level(struct device *dev, struct dev_pm_opp *opp) -{ - unsigned int level = 0; - int ret = 0; - - if (opp) { - if (opp->level == OPP_LEVEL_UNSET) - return 0; - - level = opp->level; - } - - /* Request a new performance state through the device's PM domain. */ - ret = dev_pm_domain_set_performance_state(dev, level); - if (ret) - dev_err(dev, "Failed to set performance state %u (%d)\n", level, - ret); - - return ret; -} - static void _find_current_opp(struct device *dev, struct opp_table *opp_table) { struct dev_pm_opp *opp = ERR_PTR(-ENODEV); @@ -2457,18 +2457,6 @@ static int _opp_attach_genpd(struct opp_table *opp_table, struct device *dev, } } - /* - * Add the virtual genpd device as a user of the OPP table, so - * we can call dev_pm_opp_set_opp() on it directly. - * - * This will be automatically removed when the OPP table is - * removed, don't need to handle that here. - */ - if (!_add_opp_dev(virt_dev, opp_table->required_opp_tables[index])) { - ret = -ENOMEM; - goto err; - } - opp_table->required_devs[index] = virt_dev; index++; name++;

1 year

1
0
0 0

FAILED: patch "[PATCH] mmc: cqhci: Fix checking of CQHCI_HALT state" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x aea62c744a9ae2a8247c54ec42138405216414da # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024090853-flogging-deepen-eabe@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: aea62c744a9a ("mmc: cqhci: Fix checking of CQHCI_HALT state") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From aea62c744a9ae2a8247c54ec42138405216414da Mon Sep 17 00:00:00 2001 From: Seunghwan Baek <sh8267.baek(a)samsung.com> Date: Thu, 29 Aug 2024 15:18:22 +0900 Subject: [PATCH] mmc: cqhci: Fix checking of CQHCI_HALT state To check if mmc cqe is in halt state, need to check set/clear of CQHCI_HALT bit. At this time, we need to check with &, not &&. Fixes: a4080225f51d ("mmc: cqhci: support for command queue enabled host") Cc: stable(a)vger.kernel.org Signed-off-by: Seunghwan Baek <sh8267.baek(a)samsung.com> Reviewed-by: Ritesh Harjani <ritesh.list(a)gmail.com> Acked-by: Adrian Hunter <adrian.hunter(a)intel.com> Link: https://lore.kernel.org/r/20240829061823.3718-2-sh8267.baek@samsung.com Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> diff --git a/drivers/mmc/host/cqhci-core.c b/drivers/mmc/host/cqhci-core.c index c14d7251d0bb..a02da26a1efd 100644 --- a/drivers/mmc/host/cqhci-core.c +++ b/drivers/mmc/host/cqhci-core.c @@ -617,7 +617,7 @@ static int cqhci_request(struct mmc_host *mmc, struct mmc_request *mrq) cqhci_writel(cq_host, 0, CQHCI_CTL); mmc->cqe_on = true; pr_debug("%s: cqhci: CQE on\n", mmc_hostname(mmc)); - if (cqhci_readl(cq_host, CQHCI_CTL) && CQHCI_HALT) { + if (cqhci_readl(cq_host, CQHCI_CTL) & CQHCI_HALT) { pr_err("%s: cqhci: CQE failed to exit halt state\n", mmc_hostname(mmc)); }

1 year

1
0
0 0

FAILED: patch "[PATCH] mmc: cqhci: Fix checking of CQHCI_HALT state" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x aea62c744a9ae2a8247c54ec42138405216414da # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024090853-unweave-borrowing-7c2a@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: aea62c744a9a ("mmc: cqhci: Fix checking of CQHCI_HALT state") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From aea62c744a9ae2a8247c54ec42138405216414da Mon Sep 17 00:00:00 2001 From: Seunghwan Baek <sh8267.baek(a)samsung.com> Date: Thu, 29 Aug 2024 15:18:22 +0900 Subject: [PATCH] mmc: cqhci: Fix checking of CQHCI_HALT state To check if mmc cqe is in halt state, need to check set/clear of CQHCI_HALT bit. At this time, we need to check with &, not &&. Fixes: a4080225f51d ("mmc: cqhci: support for command queue enabled host") Cc: stable(a)vger.kernel.org Signed-off-by: Seunghwan Baek <sh8267.baek(a)samsung.com> Reviewed-by: Ritesh Harjani <ritesh.list(a)gmail.com> Acked-by: Adrian Hunter <adrian.hunter(a)intel.com> Link: https://lore.kernel.org/r/20240829061823.3718-2-sh8267.baek@samsung.com Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> diff --git a/drivers/mmc/host/cqhci-core.c b/drivers/mmc/host/cqhci-core.c index c14d7251d0bb..a02da26a1efd 100644 --- a/drivers/mmc/host/cqhci-core.c +++ b/drivers/mmc/host/cqhci-core.c @@ -617,7 +617,7 @@ static int cqhci_request(struct mmc_host *mmc, struct mmc_request *mrq) cqhci_writel(cq_host, 0, CQHCI_CTL); mmc->cqe_on = true; pr_debug("%s: cqhci: CQE on\n", mmc_hostname(mmc)); - if (cqhci_readl(cq_host, CQHCI_CTL) && CQHCI_HALT) { + if (cqhci_readl(cq_host, CQHCI_CTL) & CQHCI_HALT) { pr_err("%s: cqhci: CQE failed to exit halt state\n", mmc_hostname(mmc)); }

1 year

1
0
0 0

patch "iio: magnetometer: ak8975: Fix reading for ak099xx sensors" added to char-misc-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: magnetometer: ak8975: Fix reading for ak099xx sensors to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. From 129464e86c7445a858b790ac2d28d35f58256bbe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Barnab=C3=A1s=20Cz=C3=A9m=C3=A1n?= <barnabas.czeman(a)mainlining.org> Date: Mon, 19 Aug 2024 00:29:40 +0200 Subject: iio: magnetometer: ak8975: Fix reading for ak099xx sensors MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Move ST2 reading with overflow handling after measurement data reading. ST2 register read have to be read after read measurment data, because it means end of the reading and realease the lock on the data. Remove ST2 read skip on interrupt based waiting because ST2 required to be read out at and of the axis read. Fixes: 57e73a423b1e ("iio: ak8975: add ak09911 and ak09912 support") Signed-off-by: Barnabás Czémán <barnabas.czeman(a)mainlining.org> Link: https://patch.msgid.link/20240819-ak09918-v4-2-f0734d14cfb9@mainlining.org Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/magnetometer/ak8975.c | 32 +++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/drivers/iio/magnetometer/ak8975.c b/drivers/iio/magnetometer/ak8975.c index 67d5d1f2402f..1d5f79b7005b 100644 --- a/drivers/iio/magnetometer/ak8975.c +++ b/drivers/iio/magnetometer/ak8975.c @@ -696,22 +696,8 @@ static int ak8975_start_read_axis(struct ak8975_data *data, if (ret < 0) return ret; - /* This will be executed only for non-interrupt based waiting case */ - if (ret & data->def->ctrl_masks[ST1_DRDY]) { - ret = i2c_smbus_read_byte_data(client, - data->def->ctrl_regs[ST2]); - if (ret < 0) { - dev_err(&client->dev, "Error in reading ST2\n"); - return ret; - } - if (ret & (data->def->ctrl_masks[ST2_DERR] | - data->def->ctrl_masks[ST2_HOFL])) { - dev_err(&client->dev, "ST2 status error 0x%x\n", ret); - return -EINVAL; - } - } - - return 0; + /* Return with zero if the data is ready. */ + return !data->def->ctrl_regs[ST1_DRDY]; } /* Retrieve raw flux value for one of the x, y, or z axis. */ @@ -738,6 +724,20 @@ static int ak8975_read_axis(struct iio_dev *indio_dev, int index, int *val) if (ret < 0) goto exit; + /* Read out ST2 for release lock on measurment data. */ + ret = i2c_smbus_read_byte_data(client, data->def->ctrl_regs[ST2]); + if (ret < 0) { + dev_err(&client->dev, "Error in reading ST2\n"); + goto exit; + } + + if (ret & (data->def->ctrl_masks[ST2_DERR] | + data->def->ctrl_masks[ST2_HOFL])) { + dev_err(&client->dev, "ST2 status error 0x%x\n", ret); + ret = -EINVAL; + goto exit; + } + mutex_unlock(&data->lock); pm_runtime_mark_last_busy(&data->client->dev); -- 2.46.0

1 year

1
0
0 0

patch "iio: magnetometer: ak8975: Fix reading for ak099xx sensors" added to char-misc-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: magnetometer: ak8975: Fix reading for ak099xx sensors to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the char-misc-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. From 129464e86c7445a858b790ac2d28d35f58256bbe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Barnab=C3=A1s=20Cz=C3=A9m=C3=A1n?= <barnabas.czeman(a)mainlining.org> Date: Mon, 19 Aug 2024 00:29:40 +0200 Subject: iio: magnetometer: ak8975: Fix reading for ak099xx sensors MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Move ST2 reading with overflow handling after measurement data reading. ST2 register read have to be read after read measurment data, because it means end of the reading and realease the lock on the data. Remove ST2 read skip on interrupt based waiting because ST2 required to be read out at and of the axis read. Fixes: 57e73a423b1e ("iio: ak8975: add ak09911 and ak09912 support") Signed-off-by: Barnabás Czémán <barnabas.czeman(a)mainlining.org> Link: https://patch.msgid.link/20240819-ak09918-v4-2-f0734d14cfb9@mainlining.org Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/magnetometer/ak8975.c | 32 +++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/drivers/iio/magnetometer/ak8975.c b/drivers/iio/magnetometer/ak8975.c index 67d5d1f2402f..1d5f79b7005b 100644 --- a/drivers/iio/magnetometer/ak8975.c +++ b/drivers/iio/magnetometer/ak8975.c @@ -696,22 +696,8 @@ static int ak8975_start_read_axis(struct ak8975_data *data, if (ret < 0) return ret; - /* This will be executed only for non-interrupt based waiting case */ - if (ret & data->def->ctrl_masks[ST1_DRDY]) { - ret = i2c_smbus_read_byte_data(client, - data->def->ctrl_regs[ST2]); - if (ret < 0) { - dev_err(&client->dev, "Error in reading ST2\n"); - return ret; - } - if (ret & (data->def->ctrl_masks[ST2_DERR] | - data->def->ctrl_masks[ST2_HOFL])) { - dev_err(&client->dev, "ST2 status error 0x%x\n", ret); - return -EINVAL; - } - } - - return 0; + /* Return with zero if the data is ready. */ + return !data->def->ctrl_regs[ST1_DRDY]; } /* Retrieve raw flux value for one of the x, y, or z axis. */ @@ -738,6 +724,20 @@ static int ak8975_read_axis(struct iio_dev *indio_dev, int index, int *val) if (ret < 0) goto exit; + /* Read out ST2 for release lock on measurment data. */ + ret = i2c_smbus_read_byte_data(client, data->def->ctrl_regs[ST2]); + if (ret < 0) { + dev_err(&client->dev, "Error in reading ST2\n"); + goto exit; + } + + if (ret & (data->def->ctrl_masks[ST2_DERR] | + data->def->ctrl_masks[ST2_HOFL])) { + dev_err(&client->dev, "ST2 status error 0x%x\n", ret); + ret = -EINVAL; + goto exit; + } + mutex_unlock(&data->lock); pm_runtime_mark_last_busy(&data->client->dev); -- 2.46.0

1 year

1
0
0 0

FAILED: patch "[PATCH] KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 4bcdd831d9d01e0fb64faea50732b59b2ee88da1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024090850-handrail-battering-849f@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 4bcdd831d9d0 ("KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4bcdd831d9d01e0fb64faea50732b59b2ee88da1 Mon Sep 17 00:00:00 2001 From: Sean Christopherson <seanjc(a)google.com> Date: Tue, 23 Jul 2024 16:20:55 -0700 Subject: [PATCH] KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS Grab kvm->srcu when processing KVM_SET_VCPU_EVENTS, as KVM will forcibly leave nested VMX/SVM if SMM mode is being toggled, and leaving nested VMX reads guest memory. Note, kvm_vcpu_ioctl_x86_set_vcpu_events() can also be called from KVM_RUN via sync_regs(), which already holds SRCU. I.e. trying to precisely use kvm_vcpu_srcu_read_lock() around the problematic SMM code would cause problems. Acquiring SRCU isn't all that expensive, so for simplicity, grab it unconditionally for KVM_SET_VCPU_EVENTS. ============================= WARNING: suspicious RCU usage 6.10.0-rc7-332d2c1d713e-next-vm #552 Not tainted ----------------------------- include/linux/kvm_host.h:1027 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 1 lock held by repro/1071: #0: ffff88811e424430 (&vcpu->mutex){+.+.}-{3:3}, at: kvm_vcpu_ioctl+0x7d/0x970 [kvm] stack backtrace: CPU: 15 PID: 1071 Comm: repro Not tainted 6.10.0-rc7-332d2c1d713e-next-vm #552 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 Call Trace: <TASK> dump_stack_lvl+0x7f/0x90 lockdep_rcu_suspicious+0x13f/0x1a0 kvm_vcpu_gfn_to_memslot+0x168/0x190 [kvm] kvm_vcpu_read_guest+0x3e/0x90 [kvm] nested_vmx_load_msr+0x6b/0x1d0 [kvm_intel] load_vmcs12_host_state+0x432/0xb40 [kvm_intel] vmx_leave_nested+0x30/0x40 [kvm_intel] kvm_vcpu_ioctl_x86_set_vcpu_events+0x15d/0x2b0 [kvm] kvm_arch_vcpu_ioctl+0x1107/0x1750 [kvm] ? mark_held_locks+0x49/0x70 ? kvm_vcpu_ioctl+0x7d/0x970 [kvm] ? kvm_vcpu_ioctl+0x497/0x970 [kvm] kvm_vcpu_ioctl+0x497/0x970 [kvm] ? lock_acquire+0xba/0x2d0 ? find_held_lock+0x2b/0x80 ? do_user_addr_fault+0x40c/0x6f0 ? lock_release+0xb7/0x270 __x64_sys_ioctl+0x82/0xb0 do_syscall_64+0x6c/0x170 entry_SYSCALL_64_after_hwframe+0x4b/0x53 RIP: 0033:0x7ff11eb1b539 </TASK> Fixes: f7e570780efc ("KVM: x86: Forcibly leave nested virt when SMM state is toggled") Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240723232055.3643811-1-seanjc@google.com Signed-off-by: Sean Christopherson <seanjc(a)google.com> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 70219e406987..2c7327ef0f0d 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -6040,7 +6040,9 @@ long kvm_arch_vcpu_ioctl(struct file *filp, if (copy_from_user(&events, argp, sizeof(struct kvm_vcpu_events))) break; + kvm_vcpu_srcu_read_lock(vcpu); r = kvm_vcpu_ioctl_x86_set_vcpu_events(vcpu, &events); + kvm_vcpu_srcu_read_unlock(vcpu); break; } case KVM_GET_DEBUGREGS: {

1 year

1
0
0 0

FAILED: patch "[PATCH] KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 4bcdd831d9d01e0fb64faea50732b59b2ee88da1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024090849-facsimile-hamstring-a776@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 4bcdd831d9d0 ("KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4bcdd831d9d01e0fb64faea50732b59b2ee88da1 Mon Sep 17 00:00:00 2001 From: Sean Christopherson <seanjc(a)google.com> Date: Tue, 23 Jul 2024 16:20:55 -0700 Subject: [PATCH] KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS Grab kvm->srcu when processing KVM_SET_VCPU_EVENTS, as KVM will forcibly leave nested VMX/SVM if SMM mode is being toggled, and leaving nested VMX reads guest memory. Note, kvm_vcpu_ioctl_x86_set_vcpu_events() can also be called from KVM_RUN via sync_regs(), which already holds SRCU. I.e. trying to precisely use kvm_vcpu_srcu_read_lock() around the problematic SMM code would cause problems. Acquiring SRCU isn't all that expensive, so for simplicity, grab it unconditionally for KVM_SET_VCPU_EVENTS. ============================= WARNING: suspicious RCU usage 6.10.0-rc7-332d2c1d713e-next-vm #552 Not tainted ----------------------------- include/linux/kvm_host.h:1027 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 1 lock held by repro/1071: #0: ffff88811e424430 (&vcpu->mutex){+.+.}-{3:3}, at: kvm_vcpu_ioctl+0x7d/0x970 [kvm] stack backtrace: CPU: 15 PID: 1071 Comm: repro Not tainted 6.10.0-rc7-332d2c1d713e-next-vm #552 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 Call Trace: <TASK> dump_stack_lvl+0x7f/0x90 lockdep_rcu_suspicious+0x13f/0x1a0 kvm_vcpu_gfn_to_memslot+0x168/0x190 [kvm] kvm_vcpu_read_guest+0x3e/0x90 [kvm] nested_vmx_load_msr+0x6b/0x1d0 [kvm_intel] load_vmcs12_host_state+0x432/0xb40 [kvm_intel] vmx_leave_nested+0x30/0x40 [kvm_intel] kvm_vcpu_ioctl_x86_set_vcpu_events+0x15d/0x2b0 [kvm] kvm_arch_vcpu_ioctl+0x1107/0x1750 [kvm] ? mark_held_locks+0x49/0x70 ? kvm_vcpu_ioctl+0x7d/0x970 [kvm] ? kvm_vcpu_ioctl+0x497/0x970 [kvm] kvm_vcpu_ioctl+0x497/0x970 [kvm] ? lock_acquire+0xba/0x2d0 ? find_held_lock+0x2b/0x80 ? do_user_addr_fault+0x40c/0x6f0 ? lock_release+0xb7/0x270 __x64_sys_ioctl+0x82/0xb0 do_syscall_64+0x6c/0x170 entry_SYSCALL_64_after_hwframe+0x4b/0x53 RIP: 0033:0x7ff11eb1b539 </TASK> Fixes: f7e570780efc ("KVM: x86: Forcibly leave nested virt when SMM state is toggled") Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240723232055.3643811-1-seanjc@google.com Signed-off-by: Sean Christopherson <seanjc(a)google.com> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 70219e406987..2c7327ef0f0d 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -6040,7 +6040,9 @@ long kvm_arch_vcpu_ioctl(struct file *filp, if (copy_from_user(&events, argp, sizeof(struct kvm_vcpu_events))) break; + kvm_vcpu_srcu_read_lock(vcpu); r = kvm_vcpu_ioctl_x86_set_vcpu_events(vcpu, &events); + kvm_vcpu_srcu_read_unlock(vcpu); break; } case KVM_GET_DEBUGREGS: {

1 year

1
0
0 0

FAILED: patch "[PATCH] rtmutex: Drop rt_mutex::wait_lock before scheduling" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x d33d26036a0274b472299d7dcdaa5fb34329f91b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024090849-android-shield-d1fd@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: d33d26036a02 ("rtmutex: Drop rt_mutex::wait_lock before scheduling") add461325ec5 ("locking/rtmutex: Extend the rtmutex core to support ww_mutex") 1c143c4b65da ("locking/rtmutex: Provide the spin/rwlock core lock function") e17ba59b7e8e ("locking/rtmutex: Guard regular sleeping locks specific functions") 7980aa397cc0 ("locking/rtmutex: Use rt_mutex_wake_q_head") c014ef69b3ac ("locking/rtmutex: Add wake_state to rt_mutex_waiter") 42254105dfe8 ("locking/rwsem: Add rtmutex based R/W semaphore implementation") ebbdc41e90ff ("locking/rtmutex: Provide rt_mutex_slowlock_locked()") 830e6acc8a1c ("locking/rtmutex: Split out the inner parts of 'struct rtmutex'") 531ae4b06a73 ("locking/rtmutex: Split API from implementation") 785159301bed ("locking/rtmutex: Convert macros to inlines") b41cda037655 ("locking/rtmutex: Set proper wait context for lockdep") 2f064a59a11f ("sched: Change task_struct::state") d6c23bb3a2ad ("sched: Add get_current_state()") b03fbd4ff24c ("sched: Introduce task_is_running()") a9e906b71f96 ("Merge branch 'sched/urgent' into sched/core, to pick up fixes") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d33d26036a0274b472299d7dcdaa5fb34329f91b Mon Sep 17 00:00:00 2001 From: Roland Xu <mu001999(a)outlook.com> Date: Thu, 15 Aug 2024 10:58:13 +0800 Subject: [PATCH] rtmutex: Drop rt_mutex::wait_lock before scheduling rt_mutex_handle_deadlock() is called with rt_mutex::wait_lock held. In the good case it returns with the lock held and in the deadlock case it emits a warning and goes into an endless scheduling loop with the lock held, which triggers the 'scheduling in atomic' warning. Unlock rt_mutex::wait_lock in the dead lock case before issuing the warning and dropping into the schedule for ever loop. [ tglx: Moved unlock before the WARN(), removed the pointless comment, massaged changelog, added Fixes tag ] Fixes: 3d5c9340d194 ("rtmutex: Handle deadlock detection smarter") Signed-off-by: Roland Xu <mu001999(a)outlook.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/all/ME0P300MB063599BEF0743B8FA339C2CECC802@ME0P300M… diff --git a/kernel/locking/rtmutex.c b/kernel/locking/rtmutex.c index 88d08eeb8bc0..fba1229f1de6 100644 --- a/kernel/locking/rtmutex.c +++ b/kernel/locking/rtmutex.c @@ -1644,6 +1644,7 @@ static int __sched rt_mutex_slowlock_block(struct rt_mutex_base *lock, } static void __sched rt_mutex_handle_deadlock(int res, int detect_deadlock, + struct rt_mutex_base *lock, struct rt_mutex_waiter *w) { /* @@ -1656,10 +1657,10 @@ static void __sched rt_mutex_handle_deadlock(int res, int detect_deadlock, if (build_ww_mutex() && w->ww_ctx) return; - /* - * Yell loudly and stop the task right here. - */ + raw_spin_unlock_irq(&lock->wait_lock); + WARN(1, "rtmutex deadlock detected\n"); + while (1) { set_current_state(TASK_INTERRUPTIBLE); rt_mutex_schedule(); @@ -1713,7 +1714,7 @@ static int __sched __rt_mutex_slowlock(struct rt_mutex_base *lock, } else { __set_current_state(TASK_RUNNING); remove_waiter(lock, waiter); - rt_mutex_handle_deadlock(ret, chwalk, waiter); + rt_mutex_handle_deadlock(ret, chwalk, lock, waiter); } /*

1 year

1
0
0 0

FAILED: patch "[PATCH] rtmutex: Drop rt_mutex::wait_lock before scheduling" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x d33d26036a0274b472299d7dcdaa5fb34329f91b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024090848-dragster-ahoy-c47e@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: d33d26036a02 ("rtmutex: Drop rt_mutex::wait_lock before scheduling") add461325ec5 ("locking/rtmutex: Extend the rtmutex core to support ww_mutex") 1c143c4b65da ("locking/rtmutex: Provide the spin/rwlock core lock function") e17ba59b7e8e ("locking/rtmutex: Guard regular sleeping locks specific functions") 7980aa397cc0 ("locking/rtmutex: Use rt_mutex_wake_q_head") c014ef69b3ac ("locking/rtmutex: Add wake_state to rt_mutex_waiter") 42254105dfe8 ("locking/rwsem: Add rtmutex based R/W semaphore implementation") ebbdc41e90ff ("locking/rtmutex: Provide rt_mutex_slowlock_locked()") 830e6acc8a1c ("locking/rtmutex: Split out the inner parts of 'struct rtmutex'") 531ae4b06a73 ("locking/rtmutex: Split API from implementation") 785159301bed ("locking/rtmutex: Convert macros to inlines") b41cda037655 ("locking/rtmutex: Set proper wait context for lockdep") 2f064a59a11f ("sched: Change task_struct::state") d6c23bb3a2ad ("sched: Add get_current_state()") b03fbd4ff24c ("sched: Introduce task_is_running()") a9e906b71f96 ("Merge branch 'sched/urgent' into sched/core, to pick up fixes") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d33d26036a0274b472299d7dcdaa5fb34329f91b Mon Sep 17 00:00:00 2001 From: Roland Xu <mu001999(a)outlook.com> Date: Thu, 15 Aug 2024 10:58:13 +0800 Subject: [PATCH] rtmutex: Drop rt_mutex::wait_lock before scheduling rt_mutex_handle_deadlock() is called with rt_mutex::wait_lock held. In the good case it returns with the lock held and in the deadlock case it emits a warning and goes into an endless scheduling loop with the lock held, which triggers the 'scheduling in atomic' warning. Unlock rt_mutex::wait_lock in the dead lock case before issuing the warning and dropping into the schedule for ever loop. [ tglx: Moved unlock before the WARN(), removed the pointless comment, massaged changelog, added Fixes tag ] Fixes: 3d5c9340d194 ("rtmutex: Handle deadlock detection smarter") Signed-off-by: Roland Xu <mu001999(a)outlook.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/all/ME0P300MB063599BEF0743B8FA339C2CECC802@ME0P300M… diff --git a/kernel/locking/rtmutex.c b/kernel/locking/rtmutex.c index 88d08eeb8bc0..fba1229f1de6 100644 --- a/kernel/locking/rtmutex.c +++ b/kernel/locking/rtmutex.c @@ -1644,6 +1644,7 @@ static int __sched rt_mutex_slowlock_block(struct rt_mutex_base *lock, } static void __sched rt_mutex_handle_deadlock(int res, int detect_deadlock, + struct rt_mutex_base *lock, struct rt_mutex_waiter *w) { /* @@ -1656,10 +1657,10 @@ static void __sched rt_mutex_handle_deadlock(int res, int detect_deadlock, if (build_ww_mutex() && w->ww_ctx) return; - /* - * Yell loudly and stop the task right here. - */ + raw_spin_unlock_irq(&lock->wait_lock); + WARN(1, "rtmutex deadlock detected\n"); + while (1) { set_current_state(TASK_INTERRUPTIBLE); rt_mutex_schedule(); @@ -1713,7 +1714,7 @@ static int __sched __rt_mutex_slowlock(struct rt_mutex_base *lock, } else { __set_current_state(TASK_RUNNING); remove_waiter(lock, waiter); - rt_mutex_handle_deadlock(ret, chwalk, waiter); + rt_mutex_handle_deadlock(ret, chwalk, lock, waiter); } /*

1 year

1
0
0 0

FAILED: patch "[PATCH] x86/kaslr: Expose and use the end of the physical memory" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x ea72ce5da22806d5713f3ffb39a6d5ae73841f93 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024090830-cough-rewrite-bcc9@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: ea72ce5da228 ("x86/kaslr: Expose and use the end of the physical memory address space") 1a167ddd3c56 ("x86: kmsan: pgtable: reduce vmalloc space") 14b80582c43e ("resource: Introduce alloc_free_mem_region()") 27674ef6c73f ("mm: remove the extra ZONE_DEVICE struct page refcount") dc90f0846df4 ("mm: don't include <linux/memremap.h> in <linux/mm.h>") 895749455f60 ("mm: simplify freeing of devmap managed pages") 75e55d8a107e ("mm: move free_devmap_managed_page to memremap.c") 730ff52194cd ("mm: remove pointless includes from <linux/hmm.h>") f56caedaf94f ("Merge branch 'akpm' (patches from Andrew)") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ea72ce5da22806d5713f3ffb39a6d5ae73841f93 Mon Sep 17 00:00:00 2001 From: Thomas Gleixner <tglx(a)linutronix.de> Date: Wed, 14 Aug 2024 00:29:36 +0200 Subject: [PATCH] x86/kaslr: Expose and use the end of the physical memory address space iounmap() on x86 occasionally fails to unmap because the provided valid ioremap address is not below high_memory. It turned out that this happens due to KASLR. KASLR uses the full address space between PAGE_OFFSET and vaddr_end to randomize the starting points of the direct map, vmalloc and vmemmap regions. It thereby limits the size of the direct map by using the installed memory size plus an extra configurable margin for hot-plug memory. This limitation is done to gain more randomization space because otherwise only the holes between the direct map, vmalloc, vmemmap and vaddr_end would be usable for randomizing. The limited direct map size is not exposed to the rest of the kernel, so the memory hot-plug and resource management related code paths still operate under the assumption that the available address space can be determined with MAX_PHYSMEM_BITS. request_free_mem_region() allocates from (1 << MAX_PHYSMEM_BITS) - 1 downwards. That means the first allocation happens past the end of the direct map and if unlucky this address is in the vmalloc space, which causes high_memory to become greater than VMALLOC_START and consequently causes iounmap() to fail for valid ioremap addresses. MAX_PHYSMEM_BITS cannot be changed for that because the randomization does not align with address bit boundaries and there are other places which actually require to know the maximum number of address bits. All remaining usage sites of MAX_PHYSMEM_BITS have been analyzed and found to be correct. Cure this by exposing the end of the direct map via PHYSMEM_END and use that for the memory hot-plug and resource management related places instead of relying on MAX_PHYSMEM_BITS. In the KASLR case PHYSMEM_END maps to a variable which is initialized by the KASLR initialization and otherwise it is based on MAX_PHYSMEM_BITS as before. To prevent future hickups add a check into add_pages() to catch callers trying to add memory above PHYSMEM_END. Fixes: 0483e1fa6e09 ("x86/mm: Implement ASLR for kernel memory regions") Reported-by: Max Ramanouski <max8rr8(a)gmail.com> Reported-by: Alistair Popple <apopple(a)nvidia.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Tested-By: Max Ramanouski <max8rr8(a)gmail.com> Tested-by: Alistair Popple <apopple(a)nvidia.com> Reviewed-by: Dan Williams <dan.j.williams(a)intel.com> Reviewed-by: Alistair Popple <apopple(a)nvidia.com> Reviewed-by: Kees Cook <kees(a)kernel.org> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/all/87ed6soy3z.ffs@tglx diff --git a/arch/x86/include/asm/page_64.h b/arch/x86/include/asm/page_64.h index af4302d79b59..f3d257c45225 100644 --- a/arch/x86/include/asm/page_64.h +++ b/arch/x86/include/asm/page_64.h @@ -17,6 +17,7 @@ extern unsigned long phys_base; extern unsigned long page_offset_base; extern unsigned long vmalloc_base; extern unsigned long vmemmap_base; +extern unsigned long physmem_end; static __always_inline unsigned long __phys_addr_nodebug(unsigned long x) { diff --git a/arch/x86/include/asm/pgtable_64_types.h b/arch/x86/include/asm/pgtable_64_types.h index 9053dfe9fa03..a98e53491a4e 100644 --- a/arch/x86/include/asm/pgtable_64_types.h +++ b/arch/x86/include/asm/pgtable_64_types.h @@ -140,6 +140,10 @@ extern unsigned int ptrs_per_p4d; # define VMEMMAP_START __VMEMMAP_BASE_L4 #endif /* CONFIG_DYNAMIC_MEMORY_LAYOUT */ +#ifdef CONFIG_RANDOMIZE_MEMORY +# define PHYSMEM_END physmem_end +#endif + /* * End of the region for which vmalloc page tables are pre-allocated. * For non-KMSAN builds, this is the same as VMALLOC_END. diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c index d8dbeac8b206..ff253648706f 100644 --- a/arch/x86/mm/init_64.c +++ b/arch/x86/mm/init_64.c @@ -958,8 +958,12 @@ static void update_end_of_memory_vars(u64 start, u64 size) int add_pages(int nid, unsigned long start_pfn, unsigned long nr_pages, struct mhp_params *params) { + unsigned long end = ((start_pfn + nr_pages) << PAGE_SHIFT) - 1; int ret; + if (WARN_ON_ONCE(end > PHYSMEM_END)) + return -ERANGE; + ret = __add_pages(nid, start_pfn, nr_pages, params); WARN_ON_ONCE(ret); diff --git a/arch/x86/mm/kaslr.c b/arch/x86/mm/kaslr.c index 37db264866b6..230f1dee4f09 100644 --- a/arch/x86/mm/kaslr.c +++ b/arch/x86/mm/kaslr.c @@ -47,13 +47,24 @@ static const unsigned long vaddr_end = CPU_ENTRY_AREA_BASE; */ static __initdata struct kaslr_memory_region { unsigned long *base; + unsigned long *end; unsigned long size_tb; } kaslr_regions[] = { - { &page_offset_base, 0 }, - { &vmalloc_base, 0 }, - { &vmemmap_base, 0 }, + { + .base = &page_offset_base, + .end = &physmem_end, + }, + { + .base = &vmalloc_base, + }, + { + .base = &vmemmap_base, + }, }; +/* The end of the possible address space for physical memory */ +unsigned long physmem_end __ro_after_init; + /* Get size in bytes used by the memory region */ static inline unsigned long get_padding(struct kaslr_memory_region *region) { @@ -82,6 +93,8 @@ void __init kernel_randomize_memory(void) BUILD_BUG_ON(vaddr_end != CPU_ENTRY_AREA_BASE); BUILD_BUG_ON(vaddr_end > __START_KERNEL_map); + /* Preset the end of the possible address space for physical memory */ + physmem_end = ((1ULL << MAX_PHYSMEM_BITS) - 1); if (!kaslr_memory_enabled()) return; @@ -128,11 +141,18 @@ void __init kernel_randomize_memory(void) vaddr += entropy; *kaslr_regions[i].base = vaddr; - /* - * Jump the region and add a minimum padding based on - * randomization alignment. - */ + /* Calculate the end of the region */ vaddr += get_padding(&kaslr_regions[i]); + /* + * KASLR trims the maximum possible size of the + * direct-map. Update the physmem_end boundary. + * No rounding required as the region starts + * PUD aligned and size is in units of TB. + */ + if (kaslr_regions[i].end) + *kaslr_regions[i].end = __pa_nodebug(vaddr - 1); + + /* Add a minimum padding based on randomization alignment. */ vaddr = round_up(vaddr + 1, PUD_SIZE); remain_entropy -= entropy; } diff --git a/include/linux/mm.h b/include/linux/mm.h index c4b238a20b76..b3864156eaa4 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -97,6 +97,10 @@ extern const int mmap_rnd_compat_bits_max; extern int mmap_rnd_compat_bits __read_mostly; #endif +#ifndef PHYSMEM_END +# define PHYSMEM_END ((1ULL << MAX_PHYSMEM_BITS) - 1) +#endif + #include <asm/page.h> #include <asm/processor.h> diff --git a/kernel/resource.c b/kernel/resource.c index 14777afb0a99..a83040fde236 100644 --- a/kernel/resource.c +++ b/kernel/resource.c @@ -1826,8 +1826,7 @@ static resource_size_t gfr_start(struct resource *base, resource_size_t size, if (flags & GFR_DESCENDING) { resource_size_t end; - end = min_t(resource_size_t, base->end, - (1ULL << MAX_PHYSMEM_BITS) - 1); + end = min_t(resource_size_t, base->end, PHYSMEM_END); return end - size + 1; } @@ -1844,8 +1843,7 @@ static bool gfr_continue(struct resource *base, resource_size_t addr, * @size did not wrap 0. */ return addr > addr - size && - addr <= min_t(resource_size_t, base->end, - (1ULL << MAX_PHYSMEM_BITS) - 1); + addr <= min_t(resource_size_t, base->end, PHYSMEM_END); } static resource_size_t gfr_next(resource_size_t addr, resource_size_t size, diff --git a/mm/memory_hotplug.c b/mm/memory_hotplug.c index 66267c26ca1b..951878ab627a 100644 --- a/mm/memory_hotplug.c +++ b/mm/memory_hotplug.c @@ -1681,7 +1681,7 @@ struct range __weak arch_get_mappable_range(void) struct range mhp_get_pluggable_range(bool need_mapping) { - const u64 max_phys = (1ULL << MAX_PHYSMEM_BITS) - 1; + const u64 max_phys = PHYSMEM_END; struct range mhp_range; if (need_mapping) { diff --git a/mm/sparse.c b/mm/sparse.c index e4b830091d13..0c3bff882033 100644 --- a/mm/sparse.c +++ b/mm/sparse.c @@ -129,7 +129,7 @@ static inline int sparse_early_nid(struct mem_section *section) static void __meminit mminit_validate_memmodel_limits(unsigned long *start_pfn, unsigned long *end_pfn) { - unsigned long max_sparsemem_pfn = 1UL << (MAX_PHYSMEM_BITS-PAGE_SHIFT); + unsigned long max_sparsemem_pfn = (PHYSMEM_END + 1) >> PAGE_SHIFT; /* * Sanity checks - do not allow an architecture to pass

1 year

1
0
0 0

FAILED: patch "[PATCH] x86/kaslr: Expose and use the end of the physical memory" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x ea72ce5da22806d5713f3ffb39a6d5ae73841f93 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024090829-swizzle-angelfish-9047@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: ea72ce5da228 ("x86/kaslr: Expose and use the end of the physical memory address space") 1a167ddd3c56 ("x86: kmsan: pgtable: reduce vmalloc space") 14b80582c43e ("resource: Introduce alloc_free_mem_region()") 27674ef6c73f ("mm: remove the extra ZONE_DEVICE struct page refcount") dc90f0846df4 ("mm: don't include <linux/memremap.h> in <linux/mm.h>") 895749455f60 ("mm: simplify freeing of devmap managed pages") 75e55d8a107e ("mm: move free_devmap_managed_page to memremap.c") 730ff52194cd ("mm: remove pointless includes from <linux/hmm.h>") f56caedaf94f ("Merge branch 'akpm' (patches from Andrew)") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ea72ce5da22806d5713f3ffb39a6d5ae73841f93 Mon Sep 17 00:00:00 2001 From: Thomas Gleixner <tglx(a)linutronix.de> Date: Wed, 14 Aug 2024 00:29:36 +0200 Subject: [PATCH] x86/kaslr: Expose and use the end of the physical memory address space iounmap() on x86 occasionally fails to unmap because the provided valid ioremap address is not below high_memory. It turned out that this happens due to KASLR. KASLR uses the full address space between PAGE_OFFSET and vaddr_end to randomize the starting points of the direct map, vmalloc and vmemmap regions. It thereby limits the size of the direct map by using the installed memory size plus an extra configurable margin for hot-plug memory. This limitation is done to gain more randomization space because otherwise only the holes between the direct map, vmalloc, vmemmap and vaddr_end would be usable for randomizing. The limited direct map size is not exposed to the rest of the kernel, so the memory hot-plug and resource management related code paths still operate under the assumption that the available address space can be determined with MAX_PHYSMEM_BITS. request_free_mem_region() allocates from (1 << MAX_PHYSMEM_BITS) - 1 downwards. That means the first allocation happens past the end of the direct map and if unlucky this address is in the vmalloc space, which causes high_memory to become greater than VMALLOC_START and consequently causes iounmap() to fail for valid ioremap addresses. MAX_PHYSMEM_BITS cannot be changed for that because the randomization does not align with address bit boundaries and there are other places which actually require to know the maximum number of address bits. All remaining usage sites of MAX_PHYSMEM_BITS have been analyzed and found to be correct. Cure this by exposing the end of the direct map via PHYSMEM_END and use that for the memory hot-plug and resource management related places instead of relying on MAX_PHYSMEM_BITS. In the KASLR case PHYSMEM_END maps to a variable which is initialized by the KASLR initialization and otherwise it is based on MAX_PHYSMEM_BITS as before. To prevent future hickups add a check into add_pages() to catch callers trying to add memory above PHYSMEM_END. Fixes: 0483e1fa6e09 ("x86/mm: Implement ASLR for kernel memory regions") Reported-by: Max Ramanouski <max8rr8(a)gmail.com> Reported-by: Alistair Popple <apopple(a)nvidia.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Tested-By: Max Ramanouski <max8rr8(a)gmail.com> Tested-by: Alistair Popple <apopple(a)nvidia.com> Reviewed-by: Dan Williams <dan.j.williams(a)intel.com> Reviewed-by: Alistair Popple <apopple(a)nvidia.com> Reviewed-by: Kees Cook <kees(a)kernel.org> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/all/87ed6soy3z.ffs@tglx diff --git a/arch/x86/include/asm/page_64.h b/arch/x86/include/asm/page_64.h index af4302d79b59..f3d257c45225 100644 --- a/arch/x86/include/asm/page_64.h +++ b/arch/x86/include/asm/page_64.h @@ -17,6 +17,7 @@ extern unsigned long phys_base; extern unsigned long page_offset_base; extern unsigned long vmalloc_base; extern unsigned long vmemmap_base; +extern unsigned long physmem_end; static __always_inline unsigned long __phys_addr_nodebug(unsigned long x) { diff --git a/arch/x86/include/asm/pgtable_64_types.h b/arch/x86/include/asm/pgtable_64_types.h index 9053dfe9fa03..a98e53491a4e 100644 --- a/arch/x86/include/asm/pgtable_64_types.h +++ b/arch/x86/include/asm/pgtable_64_types.h @@ -140,6 +140,10 @@ extern unsigned int ptrs_per_p4d; # define VMEMMAP_START __VMEMMAP_BASE_L4 #endif /* CONFIG_DYNAMIC_MEMORY_LAYOUT */ +#ifdef CONFIG_RANDOMIZE_MEMORY +# define PHYSMEM_END physmem_end +#endif + /* * End of the region for which vmalloc page tables are pre-allocated. * For non-KMSAN builds, this is the same as VMALLOC_END. diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c index d8dbeac8b206..ff253648706f 100644 --- a/arch/x86/mm/init_64.c +++ b/arch/x86/mm/init_64.c @@ -958,8 +958,12 @@ static void update_end_of_memory_vars(u64 start, u64 size) int add_pages(int nid, unsigned long start_pfn, unsigned long nr_pages, struct mhp_params *params) { + unsigned long end = ((start_pfn + nr_pages) << PAGE_SHIFT) - 1; int ret; + if (WARN_ON_ONCE(end > PHYSMEM_END)) + return -ERANGE; + ret = __add_pages(nid, start_pfn, nr_pages, params); WARN_ON_ONCE(ret); diff --git a/arch/x86/mm/kaslr.c b/arch/x86/mm/kaslr.c index 37db264866b6..230f1dee4f09 100644 --- a/arch/x86/mm/kaslr.c +++ b/arch/x86/mm/kaslr.c @@ -47,13 +47,24 @@ static const unsigned long vaddr_end = CPU_ENTRY_AREA_BASE; */ static __initdata struct kaslr_memory_region { unsigned long *base; + unsigned long *end; unsigned long size_tb; } kaslr_regions[] = { - { &page_offset_base, 0 }, - { &vmalloc_base, 0 }, - { &vmemmap_base, 0 }, + { + .base = &page_offset_base, + .end = &physmem_end, + }, + { + .base = &vmalloc_base, + }, + { + .base = &vmemmap_base, + }, }; +/* The end of the possible address space for physical memory */ +unsigned long physmem_end __ro_after_init; + /* Get size in bytes used by the memory region */ static inline unsigned long get_padding(struct kaslr_memory_region *region) { @@ -82,6 +93,8 @@ void __init kernel_randomize_memory(void) BUILD_BUG_ON(vaddr_end != CPU_ENTRY_AREA_BASE); BUILD_BUG_ON(vaddr_end > __START_KERNEL_map); + /* Preset the end of the possible address space for physical memory */ + physmem_end = ((1ULL << MAX_PHYSMEM_BITS) - 1); if (!kaslr_memory_enabled()) return; @@ -128,11 +141,18 @@ void __init kernel_randomize_memory(void) vaddr += entropy; *kaslr_regions[i].base = vaddr; - /* - * Jump the region and add a minimum padding based on - * randomization alignment. - */ + /* Calculate the end of the region */ vaddr += get_padding(&kaslr_regions[i]); + /* + * KASLR trims the maximum possible size of the + * direct-map. Update the physmem_end boundary. + * No rounding required as the region starts + * PUD aligned and size is in units of TB. + */ + if (kaslr_regions[i].end) + *kaslr_regions[i].end = __pa_nodebug(vaddr - 1); + + /* Add a minimum padding based on randomization alignment. */ vaddr = round_up(vaddr + 1, PUD_SIZE); remain_entropy -= entropy; } diff --git a/include/linux/mm.h b/include/linux/mm.h index c4b238a20b76..b3864156eaa4 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -97,6 +97,10 @@ extern const int mmap_rnd_compat_bits_max; extern int mmap_rnd_compat_bits __read_mostly; #endif +#ifndef PHYSMEM_END +# define PHYSMEM_END ((1ULL << MAX_PHYSMEM_BITS) - 1) +#endif + #include <asm/page.h> #include <asm/processor.h> diff --git a/kernel/resource.c b/kernel/resource.c index 14777afb0a99..a83040fde236 100644 --- a/kernel/resource.c +++ b/kernel/resource.c @@ -1826,8 +1826,7 @@ static resource_size_t gfr_start(struct resource *base, resource_size_t size, if (flags & GFR_DESCENDING) { resource_size_t end; - end = min_t(resource_size_t, base->end, - (1ULL << MAX_PHYSMEM_BITS) - 1); + end = min_t(resource_size_t, base->end, PHYSMEM_END); return end - size + 1; } @@ -1844,8 +1843,7 @@ static bool gfr_continue(struct resource *base, resource_size_t addr, * @size did not wrap 0. */ return addr > addr - size && - addr <= min_t(resource_size_t, base->end, - (1ULL << MAX_PHYSMEM_BITS) - 1); + addr <= min_t(resource_size_t, base->end, PHYSMEM_END); } static resource_size_t gfr_next(resource_size_t addr, resource_size_t size, diff --git a/mm/memory_hotplug.c b/mm/memory_hotplug.c index 66267c26ca1b..951878ab627a 100644 --- a/mm/memory_hotplug.c +++ b/mm/memory_hotplug.c @@ -1681,7 +1681,7 @@ struct range __weak arch_get_mappable_range(void) struct range mhp_get_pluggable_range(bool need_mapping) { - const u64 max_phys = (1ULL << MAX_PHYSMEM_BITS) - 1; + const u64 max_phys = PHYSMEM_END; struct range mhp_range; if (need_mapping) { diff --git a/mm/sparse.c b/mm/sparse.c index e4b830091d13..0c3bff882033 100644 --- a/mm/sparse.c +++ b/mm/sparse.c @@ -129,7 +129,7 @@ static inline int sparse_early_nid(struct mem_section *section) static void __meminit mminit_validate_memmodel_limits(unsigned long *start_pfn, unsigned long *end_pfn) { - unsigned long max_sparsemem_pfn = 1UL << (MAX_PHYSMEM_BITS-PAGE_SHIFT); + unsigned long max_sparsemem_pfn = (PHYSMEM_END + 1) >> PAGE_SHIFT; /* * Sanity checks - do not allow an architecture to pass

1 year

1
0
0 0

FAILED: patch "[PATCH] x86/kaslr: Expose and use the end of the physical memory" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x ea72ce5da22806d5713f3ffb39a6d5ae73841f93 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024090827-corporate-raider-afc5@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: ea72ce5da228 ("x86/kaslr: Expose and use the end of the physical memory address space") 1a167ddd3c56 ("x86: kmsan: pgtable: reduce vmalloc space") 14b80582c43e ("resource: Introduce alloc_free_mem_region()") 27674ef6c73f ("mm: remove the extra ZONE_DEVICE struct page refcount") dc90f0846df4 ("mm: don't include <linux/memremap.h> in <linux/mm.h>") 895749455f60 ("mm: simplify freeing of devmap managed pages") 75e55d8a107e ("mm: move free_devmap_managed_page to memremap.c") 730ff52194cd ("mm: remove pointless includes from <linux/hmm.h>") f56caedaf94f ("Merge branch 'akpm' (patches from Andrew)") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ea72ce5da22806d5713f3ffb39a6d5ae73841f93 Mon Sep 17 00:00:00 2001 From: Thomas Gleixner <tglx(a)linutronix.de> Date: Wed, 14 Aug 2024 00:29:36 +0200 Subject: [PATCH] x86/kaslr: Expose and use the end of the physical memory address space iounmap() on x86 occasionally fails to unmap because the provided valid ioremap address is not below high_memory. It turned out that this happens due to KASLR. KASLR uses the full address space between PAGE_OFFSET and vaddr_end to randomize the starting points of the direct map, vmalloc and vmemmap regions. It thereby limits the size of the direct map by using the installed memory size plus an extra configurable margin for hot-plug memory. This limitation is done to gain more randomization space because otherwise only the holes between the direct map, vmalloc, vmemmap and vaddr_end would be usable for randomizing. The limited direct map size is not exposed to the rest of the kernel, so the memory hot-plug and resource management related code paths still operate under the assumption that the available address space can be determined with MAX_PHYSMEM_BITS. request_free_mem_region() allocates from (1 << MAX_PHYSMEM_BITS) - 1 downwards. That means the first allocation happens past the end of the direct map and if unlucky this address is in the vmalloc space, which causes high_memory to become greater than VMALLOC_START and consequently causes iounmap() to fail for valid ioremap addresses. MAX_PHYSMEM_BITS cannot be changed for that because the randomization does not align with address bit boundaries and there are other places which actually require to know the maximum number of address bits. All remaining usage sites of MAX_PHYSMEM_BITS have been analyzed and found to be correct. Cure this by exposing the end of the direct map via PHYSMEM_END and use that for the memory hot-plug and resource management related places instead of relying on MAX_PHYSMEM_BITS. In the KASLR case PHYSMEM_END maps to a variable which is initialized by the KASLR initialization and otherwise it is based on MAX_PHYSMEM_BITS as before. To prevent future hickups add a check into add_pages() to catch callers trying to add memory above PHYSMEM_END. Fixes: 0483e1fa6e09 ("x86/mm: Implement ASLR for kernel memory regions") Reported-by: Max Ramanouski <max8rr8(a)gmail.com> Reported-by: Alistair Popple <apopple(a)nvidia.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Tested-By: Max Ramanouski <max8rr8(a)gmail.com> Tested-by: Alistair Popple <apopple(a)nvidia.com> Reviewed-by: Dan Williams <dan.j.williams(a)intel.com> Reviewed-by: Alistair Popple <apopple(a)nvidia.com> Reviewed-by: Kees Cook <kees(a)kernel.org> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/all/87ed6soy3z.ffs@tglx diff --git a/arch/x86/include/asm/page_64.h b/arch/x86/include/asm/page_64.h index af4302d79b59..f3d257c45225 100644 --- a/arch/x86/include/asm/page_64.h +++ b/arch/x86/include/asm/page_64.h @@ -17,6 +17,7 @@ extern unsigned long phys_base; extern unsigned long page_offset_base; extern unsigned long vmalloc_base; extern unsigned long vmemmap_base; +extern unsigned long physmem_end; static __always_inline unsigned long __phys_addr_nodebug(unsigned long x) { diff --git a/arch/x86/include/asm/pgtable_64_types.h b/arch/x86/include/asm/pgtable_64_types.h index 9053dfe9fa03..a98e53491a4e 100644 --- a/arch/x86/include/asm/pgtable_64_types.h +++ b/arch/x86/include/asm/pgtable_64_types.h @@ -140,6 +140,10 @@ extern unsigned int ptrs_per_p4d; # define VMEMMAP_START __VMEMMAP_BASE_L4 #endif /* CONFIG_DYNAMIC_MEMORY_LAYOUT */ +#ifdef CONFIG_RANDOMIZE_MEMORY +# define PHYSMEM_END physmem_end +#endif + /* * End of the region for which vmalloc page tables are pre-allocated. * For non-KMSAN builds, this is the same as VMALLOC_END. diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c index d8dbeac8b206..ff253648706f 100644 --- a/arch/x86/mm/init_64.c +++ b/arch/x86/mm/init_64.c @@ -958,8 +958,12 @@ static void update_end_of_memory_vars(u64 start, u64 size) int add_pages(int nid, unsigned long start_pfn, unsigned long nr_pages, struct mhp_params *params) { + unsigned long end = ((start_pfn + nr_pages) << PAGE_SHIFT) - 1; int ret; + if (WARN_ON_ONCE(end > PHYSMEM_END)) + return -ERANGE; + ret = __add_pages(nid, start_pfn, nr_pages, params); WARN_ON_ONCE(ret); diff --git a/arch/x86/mm/kaslr.c b/arch/x86/mm/kaslr.c index 37db264866b6..230f1dee4f09 100644 --- a/arch/x86/mm/kaslr.c +++ b/arch/x86/mm/kaslr.c @@ -47,13 +47,24 @@ static const unsigned long vaddr_end = CPU_ENTRY_AREA_BASE; */ static __initdata struct kaslr_memory_region { unsigned long *base; + unsigned long *end; unsigned long size_tb; } kaslr_regions[] = { - { &page_offset_base, 0 }, - { &vmalloc_base, 0 }, - { &vmemmap_base, 0 }, + { + .base = &page_offset_base, + .end = &physmem_end, + }, + { + .base = &vmalloc_base, + }, + { + .base = &vmemmap_base, + }, }; +/* The end of the possible address space for physical memory */ +unsigned long physmem_end __ro_after_init; + /* Get size in bytes used by the memory region */ static inline unsigned long get_padding(struct kaslr_memory_region *region) { @@ -82,6 +93,8 @@ void __init kernel_randomize_memory(void) BUILD_BUG_ON(vaddr_end != CPU_ENTRY_AREA_BASE); BUILD_BUG_ON(vaddr_end > __START_KERNEL_map); + /* Preset the end of the possible address space for physical memory */ + physmem_end = ((1ULL << MAX_PHYSMEM_BITS) - 1); if (!kaslr_memory_enabled()) return; @@ -128,11 +141,18 @@ void __init kernel_randomize_memory(void) vaddr += entropy; *kaslr_regions[i].base = vaddr; - /* - * Jump the region and add a minimum padding based on - * randomization alignment. - */ + /* Calculate the end of the region */ vaddr += get_padding(&kaslr_regions[i]); + /* + * KASLR trims the maximum possible size of the + * direct-map. Update the physmem_end boundary. + * No rounding required as the region starts + * PUD aligned and size is in units of TB. + */ + if (kaslr_regions[i].end) + *kaslr_regions[i].end = __pa_nodebug(vaddr - 1); + + /* Add a minimum padding based on randomization alignment. */ vaddr = round_up(vaddr + 1, PUD_SIZE); remain_entropy -= entropy; } diff --git a/include/linux/mm.h b/include/linux/mm.h index c4b238a20b76..b3864156eaa4 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -97,6 +97,10 @@ extern const int mmap_rnd_compat_bits_max; extern int mmap_rnd_compat_bits __read_mostly; #endif +#ifndef PHYSMEM_END +# define PHYSMEM_END ((1ULL << MAX_PHYSMEM_BITS) - 1) +#endif + #include <asm/page.h> #include <asm/processor.h> diff --git a/kernel/resource.c b/kernel/resource.c index 14777afb0a99..a83040fde236 100644 --- a/kernel/resource.c +++ b/kernel/resource.c @@ -1826,8 +1826,7 @@ static resource_size_t gfr_start(struct resource *base, resource_size_t size, if (flags & GFR_DESCENDING) { resource_size_t end; - end = min_t(resource_size_t, base->end, - (1ULL << MAX_PHYSMEM_BITS) - 1); + end = min_t(resource_size_t, base->end, PHYSMEM_END); return end - size + 1; } @@ -1844,8 +1843,7 @@ static bool gfr_continue(struct resource *base, resource_size_t addr, * @size did not wrap 0. */ return addr > addr - size && - addr <= min_t(resource_size_t, base->end, - (1ULL << MAX_PHYSMEM_BITS) - 1); + addr <= min_t(resource_size_t, base->end, PHYSMEM_END); } static resource_size_t gfr_next(resource_size_t addr, resource_size_t size, diff --git a/mm/memory_hotplug.c b/mm/memory_hotplug.c index 66267c26ca1b..951878ab627a 100644 --- a/mm/memory_hotplug.c +++ b/mm/memory_hotplug.c @@ -1681,7 +1681,7 @@ struct range __weak arch_get_mappable_range(void) struct range mhp_get_pluggable_range(bool need_mapping) { - const u64 max_phys = (1ULL << MAX_PHYSMEM_BITS) - 1; + const u64 max_phys = PHYSMEM_END; struct range mhp_range; if (need_mapping) { diff --git a/mm/sparse.c b/mm/sparse.c index e4b830091d13..0c3bff882033 100644 --- a/mm/sparse.c +++ b/mm/sparse.c @@ -129,7 +129,7 @@ static inline int sparse_early_nid(struct mem_section *section) static void __meminit mminit_validate_memmodel_limits(unsigned long *start_pfn, unsigned long *end_pfn) { - unsigned long max_sparsemem_pfn = 1UL << (MAX_PHYSMEM_BITS-PAGE_SHIFT); + unsigned long max_sparsemem_pfn = (PHYSMEM_END + 1) >> PAGE_SHIFT; /* * Sanity checks - do not allow an architecture to pass

1 year

1
0
0 0

FAILED: patch "[PATCH] x86/kaslr: Expose and use the end of the physical memory" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x ea72ce5da22806d5713f3ffb39a6d5ae73841f93 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024090826-expulsion-unkempt-11e3@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: ea72ce5da228 ("x86/kaslr: Expose and use the end of the physical memory address space") 1a167ddd3c56 ("x86: kmsan: pgtable: reduce vmalloc space") 14b80582c43e ("resource: Introduce alloc_free_mem_region()") 27674ef6c73f ("mm: remove the extra ZONE_DEVICE struct page refcount") dc90f0846df4 ("mm: don't include <linux/memremap.h> in <linux/mm.h>") 895749455f60 ("mm: simplify freeing of devmap managed pages") 75e55d8a107e ("mm: move free_devmap_managed_page to memremap.c") 730ff52194cd ("mm: remove pointless includes from <linux/hmm.h>") f56caedaf94f ("Merge branch 'akpm' (patches from Andrew)") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ea72ce5da22806d5713f3ffb39a6d5ae73841f93 Mon Sep 17 00:00:00 2001 From: Thomas Gleixner <tglx(a)linutronix.de> Date: Wed, 14 Aug 2024 00:29:36 +0200 Subject: [PATCH] x86/kaslr: Expose and use the end of the physical memory address space iounmap() on x86 occasionally fails to unmap because the provided valid ioremap address is not below high_memory. It turned out that this happens due to KASLR. KASLR uses the full address space between PAGE_OFFSET and vaddr_end to randomize the starting points of the direct map, vmalloc and vmemmap regions. It thereby limits the size of the direct map by using the installed memory size plus an extra configurable margin for hot-plug memory. This limitation is done to gain more randomization space because otherwise only the holes between the direct map, vmalloc, vmemmap and vaddr_end would be usable for randomizing. The limited direct map size is not exposed to the rest of the kernel, so the memory hot-plug and resource management related code paths still operate under the assumption that the available address space can be determined with MAX_PHYSMEM_BITS. request_free_mem_region() allocates from (1 << MAX_PHYSMEM_BITS) - 1 downwards. That means the first allocation happens past the end of the direct map and if unlucky this address is in the vmalloc space, which causes high_memory to become greater than VMALLOC_START and consequently causes iounmap() to fail for valid ioremap addresses. MAX_PHYSMEM_BITS cannot be changed for that because the randomization does not align with address bit boundaries and there are other places which actually require to know the maximum number of address bits. All remaining usage sites of MAX_PHYSMEM_BITS have been analyzed and found to be correct. Cure this by exposing the end of the direct map via PHYSMEM_END and use that for the memory hot-plug and resource management related places instead of relying on MAX_PHYSMEM_BITS. In the KASLR case PHYSMEM_END maps to a variable which is initialized by the KASLR initialization and otherwise it is based on MAX_PHYSMEM_BITS as before. To prevent future hickups add a check into add_pages() to catch callers trying to add memory above PHYSMEM_END. Fixes: 0483e1fa6e09 ("x86/mm: Implement ASLR for kernel memory regions") Reported-by: Max Ramanouski <max8rr8(a)gmail.com> Reported-by: Alistair Popple <apopple(a)nvidia.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Tested-By: Max Ramanouski <max8rr8(a)gmail.com> Tested-by: Alistair Popple <apopple(a)nvidia.com> Reviewed-by: Dan Williams <dan.j.williams(a)intel.com> Reviewed-by: Alistair Popple <apopple(a)nvidia.com> Reviewed-by: Kees Cook <kees(a)kernel.org> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/all/87ed6soy3z.ffs@tglx diff --git a/arch/x86/include/asm/page_64.h b/arch/x86/include/asm/page_64.h index af4302d79b59..f3d257c45225 100644 --- a/arch/x86/include/asm/page_64.h +++ b/arch/x86/include/asm/page_64.h @@ -17,6 +17,7 @@ extern unsigned long phys_base; extern unsigned long page_offset_base; extern unsigned long vmalloc_base; extern unsigned long vmemmap_base; +extern unsigned long physmem_end; static __always_inline unsigned long __phys_addr_nodebug(unsigned long x) { diff --git a/arch/x86/include/asm/pgtable_64_types.h b/arch/x86/include/asm/pgtable_64_types.h index 9053dfe9fa03..a98e53491a4e 100644 --- a/arch/x86/include/asm/pgtable_64_types.h +++ b/arch/x86/include/asm/pgtable_64_types.h @@ -140,6 +140,10 @@ extern unsigned int ptrs_per_p4d; # define VMEMMAP_START __VMEMMAP_BASE_L4 #endif /* CONFIG_DYNAMIC_MEMORY_LAYOUT */ +#ifdef CONFIG_RANDOMIZE_MEMORY +# define PHYSMEM_END physmem_end +#endif + /* * End of the region for which vmalloc page tables are pre-allocated. * For non-KMSAN builds, this is the same as VMALLOC_END. diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c index d8dbeac8b206..ff253648706f 100644 --- a/arch/x86/mm/init_64.c +++ b/arch/x86/mm/init_64.c @@ -958,8 +958,12 @@ static void update_end_of_memory_vars(u64 start, u64 size) int add_pages(int nid, unsigned long start_pfn, unsigned long nr_pages, struct mhp_params *params) { + unsigned long end = ((start_pfn + nr_pages) << PAGE_SHIFT) - 1; int ret; + if (WARN_ON_ONCE(end > PHYSMEM_END)) + return -ERANGE; + ret = __add_pages(nid, start_pfn, nr_pages, params); WARN_ON_ONCE(ret); diff --git a/arch/x86/mm/kaslr.c b/arch/x86/mm/kaslr.c index 37db264866b6..230f1dee4f09 100644 --- a/arch/x86/mm/kaslr.c +++ b/arch/x86/mm/kaslr.c @@ -47,13 +47,24 @@ static const unsigned long vaddr_end = CPU_ENTRY_AREA_BASE; */ static __initdata struct kaslr_memory_region { unsigned long *base; + unsigned long *end; unsigned long size_tb; } kaslr_regions[] = { - { &page_offset_base, 0 }, - { &vmalloc_base, 0 }, - { &vmemmap_base, 0 }, + { + .base = &page_offset_base, + .end = &physmem_end, + }, + { + .base = &vmalloc_base, + }, + { + .base = &vmemmap_base, + }, }; +/* The end of the possible address space for physical memory */ +unsigned long physmem_end __ro_after_init; + /* Get size in bytes used by the memory region */ static inline unsigned long get_padding(struct kaslr_memory_region *region) { @@ -82,6 +93,8 @@ void __init kernel_randomize_memory(void) BUILD_BUG_ON(vaddr_end != CPU_ENTRY_AREA_BASE); BUILD_BUG_ON(vaddr_end > __START_KERNEL_map); + /* Preset the end of the possible address space for physical memory */ + physmem_end = ((1ULL << MAX_PHYSMEM_BITS) - 1); if (!kaslr_memory_enabled()) return; @@ -128,11 +141,18 @@ void __init kernel_randomize_memory(void) vaddr += entropy; *kaslr_regions[i].base = vaddr; - /* - * Jump the region and add a minimum padding based on - * randomization alignment. - */ + /* Calculate the end of the region */ vaddr += get_padding(&kaslr_regions[i]); + /* + * KASLR trims the maximum possible size of the + * direct-map. Update the physmem_end boundary. + * No rounding required as the region starts + * PUD aligned and size is in units of TB. + */ + if (kaslr_regions[i].end) + *kaslr_regions[i].end = __pa_nodebug(vaddr - 1); + + /* Add a minimum padding based on randomization alignment. */ vaddr = round_up(vaddr + 1, PUD_SIZE); remain_entropy -= entropy; } diff --git a/include/linux/mm.h b/include/linux/mm.h index c4b238a20b76..b3864156eaa4 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -97,6 +97,10 @@ extern const int mmap_rnd_compat_bits_max; extern int mmap_rnd_compat_bits __read_mostly; #endif +#ifndef PHYSMEM_END +# define PHYSMEM_END ((1ULL << MAX_PHYSMEM_BITS) - 1) +#endif + #include <asm/page.h> #include <asm/processor.h> diff --git a/kernel/resource.c b/kernel/resource.c index 14777afb0a99..a83040fde236 100644 --- a/kernel/resource.c +++ b/kernel/resource.c @@ -1826,8 +1826,7 @@ static resource_size_t gfr_start(struct resource *base, resource_size_t size, if (flags & GFR_DESCENDING) { resource_size_t end; - end = min_t(resource_size_t, base->end, - (1ULL << MAX_PHYSMEM_BITS) - 1); + end = min_t(resource_size_t, base->end, PHYSMEM_END); return end - size + 1; } @@ -1844,8 +1843,7 @@ static bool gfr_continue(struct resource *base, resource_size_t addr, * @size did not wrap 0. */ return addr > addr - size && - addr <= min_t(resource_size_t, base->end, - (1ULL << MAX_PHYSMEM_BITS) - 1); + addr <= min_t(resource_size_t, base->end, PHYSMEM_END); } static resource_size_t gfr_next(resource_size_t addr, resource_size_t size, diff --git a/mm/memory_hotplug.c b/mm/memory_hotplug.c index 66267c26ca1b..951878ab627a 100644 --- a/mm/memory_hotplug.c +++ b/mm/memory_hotplug.c @@ -1681,7 +1681,7 @@ struct range __weak arch_get_mappable_range(void) struct range mhp_get_pluggable_range(bool need_mapping) { - const u64 max_phys = (1ULL << MAX_PHYSMEM_BITS) - 1; + const u64 max_phys = PHYSMEM_END; struct range mhp_range; if (need_mapping) { diff --git a/mm/sparse.c b/mm/sparse.c index e4b830091d13..0c3bff882033 100644 --- a/mm/sparse.c +++ b/mm/sparse.c @@ -129,7 +129,7 @@ static inline int sparse_early_nid(struct mem_section *section) static void __meminit mminit_validate_memmodel_limits(unsigned long *start_pfn, unsigned long *end_pfn) { - unsigned long max_sparsemem_pfn = 1UL << (MAX_PHYSMEM_BITS-PAGE_SHIFT); + unsigned long max_sparsemem_pfn = (PHYSMEM_END + 1) >> PAGE_SHIFT; /* * Sanity checks - do not allow an architecture to pass

1 year

1
0
0 0

FAILED: patch "[PATCH] irqchip/gic-v2m: Fix refcount leak in gicv2m_of_init()" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x c5af2c90ba5629f0424a8d315f75fb8d91713c3c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024090844-cohesive-abrasion-ef6b@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: c5af2c90ba56 ("irqchip/gic-v2m: Fix refcount leak in gicv2m_of_init()") 90b4c5558615 ("irqchip/gic-v2m: Add support for Amazon Graviton variant of GICv3+GICv2m") 737be74710f3 ("irqchip/gicv2m: Don't map the MSI page in gicv2m_compose_msi_msg()") d38a71c54525 ("irqchip/gic-v3-its: Change initialization ordering for LPIs") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c5af2c90ba5629f0424a8d315f75fb8d91713c3c Mon Sep 17 00:00:00 2001 From: Ma Ke <make24(a)iscas.ac.cn> Date: Tue, 20 Aug 2024 17:28:43 +0800 Subject: [PATCH] irqchip/gic-v2m: Fix refcount leak in gicv2m_of_init() gicv2m_of_init() fails to perform an of_node_put() when of_address_to_resource() fails, leading to a refcount leak. Address this by moving the error handling path outside of the loop and making it common to all failure modes. Fixes: 4266ab1a8ff5 ("irqchip/gic-v2m: Refactor to prepare for ACPI support") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Reviewed-by: Marc Zyngier <maz(a)kernel.org> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/all/20240820092843.1219933-1-make24@iscas.ac.cn diff --git a/drivers/irqchip/irq-gic-v2m.c b/drivers/irqchip/irq-gic-v2m.c index 51af63c046ed..be35c5349986 100644 --- a/drivers/irqchip/irq-gic-v2m.c +++ b/drivers/irqchip/irq-gic-v2m.c @@ -407,12 +407,12 @@ static int __init gicv2m_of_init(struct fwnode_handle *parent_handle, ret = gicv2m_init_one(&child->fwnode, spi_start, nr_spis, &res, 0); - if (ret) { - of_node_put(child); + if (ret) break; - } } + if (ret && child) + of_node_put(child); if (!ret) ret = gicv2m_allocate_domains(parent); if (ret)

1 year

1
0
0 0

FAILED: patch "[PATCH] perf/x86/intel: Limit the period on Haswell" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 25dfc9e357af8aed1ca79b318a73f2c59c1f0b2b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024090841-erasure-dice-630c@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 25dfc9e357af ("perf/x86/intel: Limit the period on Haswell") 28f0f3c44b5c ("perf/x86: Change x86_pmu::limit_period signature") 706460a96fc6 ("perf/x86/amd/core: Add generic branch record interfaces") b40d0156f560 ("perf/x86/amd/brs: Move feature-specific functions") 3c27b0c6ea48 ("perf/x86/amd: Fix AMD BRS period adjustment") 9622e67e3980 ("perf/x86/amd/core: Add PerfMonV2 counter control") 21d59e3e2c40 ("perf/x86/amd/core: Detect PerfMonV2 support") cc37e520a236 ("perf/x86/amd: Make Zen3 branch sampling opt-in") ba2fe7500845 ("perf/x86/amd: Add AMD branch sampling period adjustment") ada543459cab ("perf/x86/amd: Add AMD Fam19h Branch Sampling support") 369461ce8fb6 ("x86: perf: Move RDPMC event flag to a common definition") 05485745ad48 ("perf/amd/uncore: Allow the driver to be built as a module") 5471eea5d3bf ("perf/x86: Reset the dirty counter to prevent the leak for an RDPMC task") f83d2f91d259 ("perf/x86/intel: Add Alder Lake Hybrid support") 58ae30c29a37 ("perf/x86/intel: Add attr_update for Hybrid PMUs") d9977c43bff8 ("perf/x86: Register hybrid PMUs") e11c1a7eb302 ("perf/x86: Factor out x86_pmu_show_pmu_cap") b98567298bad ("perf/x86: Remove temporary pmu assignment in event_init") 34d5b61f29ee ("perf/x86/intel: Factor out intel_pmu_check_extra_regs") bc14fe1beeec ("perf/x86/intel: Factor out intel_pmu_check_event_constraints") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 25dfc9e357af8aed1ca79b318a73f2c59c1f0b2b Mon Sep 17 00:00:00 2001 From: Kan Liang <kan.liang(a)linux.intel.com> Date: Mon, 19 Aug 2024 11:30:04 -0700 Subject: [PATCH] perf/x86/intel: Limit the period on Haswell Running the ltp test cve-2015-3290 concurrently reports the following warnings. perfevents: irq loop stuck! WARNING: CPU: 31 PID: 32438 at arch/x86/events/intel/core.c:3174 intel_pmu_handle_irq+0x285/0x370 Call Trace: <NMI> ? __warn+0xa4/0x220 ? intel_pmu_handle_irq+0x285/0x370 ? __report_bug+0x123/0x130 ? intel_pmu_handle_irq+0x285/0x370 ? __report_bug+0x123/0x130 ? intel_pmu_handle_irq+0x285/0x370 ? report_bug+0x3e/0xa0 ? handle_bug+0x3c/0x70 ? exc_invalid_op+0x18/0x50 ? asm_exc_invalid_op+0x1a/0x20 ? irq_work_claim+0x1e/0x40 ? intel_pmu_handle_irq+0x285/0x370 perf_event_nmi_handler+0x3d/0x60 nmi_handle+0x104/0x330 Thanks to Thomas Gleixner's analysis, the issue is caused by the low initial period (1) of the frequency estimation algorithm, which triggers the defects of the HW, specifically erratum HSW11 and HSW143. (For the details, please refer https://lore.kernel.org/lkml/87plq9l5d2.ffs@tglx/) The HSW11 requires a period larger than 100 for the INST_RETIRED.ALL event, but the initial period in the freq mode is 1. The erratum is the same as the BDM11, which has been supported in the kernel. A minimum period of 128 is enforced as well on HSW. HSW143 is regarding that the fixed counter 1 may overcount 32 with the Hyper-Threading is enabled. However, based on the test, the hardware has more issues than it tells. Besides the fixed counter 1, the message 'interrupt took too long' can be observed on any counter which was armed with a period < 32 and two events expired in the same NMI. A minimum period of 32 is enforced for the rest of the events. The recommended workaround code of the HSW143 is not implemented. Because it only addresses the issue for the fixed counter. It brings extra overhead through extra MSR writing. No related overcounting issue has been reported so far. Fixes: 3a632cb229bf ("perf/x86/intel: Add simple Haswell PMU support") Reported-by: Li Huafei <lihuafei1(a)huawei.com> Suggested-by: Thomas Gleixner <tglx(a)linutronix.de> Signed-off-by: Kan Liang <kan.liang(a)linux.intel.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/all/20240819183004.3132920-1-kan.liang@linux.intel.… Closes: https://lore.kernel.org/lkml/20240729223328.327835-1-lihuafei1@huawei.com/ diff --git a/arch/x86/events/intel/core.c b/arch/x86/events/intel/core.c index 0c9c2706d4ec..9e519d8a810a 100644 --- a/arch/x86/events/intel/core.c +++ b/arch/x86/events/intel/core.c @@ -4589,6 +4589,25 @@ static enum hybrid_cpu_type adl_get_hybrid_cpu_type(void) return HYBRID_INTEL_CORE; } +static inline bool erratum_hsw11(struct perf_event *event) +{ + return (event->hw.config & INTEL_ARCH_EVENT_MASK) == + X86_CONFIG(.event=0xc0, .umask=0x01); +} + +/* + * The HSW11 requires a period larger than 100 which is the same as the BDM11. + * A minimum period of 128 is enforced as well for the INST_RETIRED.ALL. + * + * The message 'interrupt took too long' can be observed on any counter which + * was armed with a period < 32 and two events expired in the same NMI. + * A minimum period of 32 is enforced for the rest of the events. + */ +static void hsw_limit_period(struct perf_event *event, s64 *left) +{ + *left = max(*left, erratum_hsw11(event) ? 128 : 32); +} + /* * Broadwell: * @@ -4606,8 +4625,7 @@ static enum hybrid_cpu_type adl_get_hybrid_cpu_type(void) */ static void bdw_limit_period(struct perf_event *event, s64 *left) { - if ((event->hw.config & INTEL_ARCH_EVENT_MASK) == - X86_CONFIG(.event=0xc0, .umask=0x01)) { + if (erratum_hsw11(event)) { if (*left < 128) *left = 128; *left &= ~0x3fULL; @@ -6766,6 +6784,7 @@ __init int intel_pmu_init(void) x86_pmu.hw_config = hsw_hw_config; x86_pmu.get_event_constraints = hsw_get_event_constraints; + x86_pmu.limit_period = hsw_limit_period; x86_pmu.lbr_double_abort = true; extra_attr = boot_cpu_has(X86_FEATURE_RTM) ? hsw_format_attr : nhm_format_attr;

1 year

1
0
0 0

FAILED: patch "[PATCH] perf/x86/intel: Limit the period on Haswell" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 25dfc9e357af8aed1ca79b318a73f2c59c1f0b2b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024090839-issuing-jeep-f477@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 25dfc9e357af ("perf/x86/intel: Limit the period on Haswell") 28f0f3c44b5c ("perf/x86: Change x86_pmu::limit_period signature") 706460a96fc6 ("perf/x86/amd/core: Add generic branch record interfaces") b40d0156f560 ("perf/x86/amd/brs: Move feature-specific functions") 3c27b0c6ea48 ("perf/x86/amd: Fix AMD BRS period adjustment") 9622e67e3980 ("perf/x86/amd/core: Add PerfMonV2 counter control") 21d59e3e2c40 ("perf/x86/amd/core: Detect PerfMonV2 support") cc37e520a236 ("perf/x86/amd: Make Zen3 branch sampling opt-in") ba2fe7500845 ("perf/x86/amd: Add AMD branch sampling period adjustment") ada543459cab ("perf/x86/amd: Add AMD Fam19h Branch Sampling support") 369461ce8fb6 ("x86: perf: Move RDPMC event flag to a common definition") 05485745ad48 ("perf/amd/uncore: Allow the driver to be built as a module") 5471eea5d3bf ("perf/x86: Reset the dirty counter to prevent the leak for an RDPMC task") f83d2f91d259 ("perf/x86/intel: Add Alder Lake Hybrid support") 58ae30c29a37 ("perf/x86/intel: Add attr_update for Hybrid PMUs") d9977c43bff8 ("perf/x86: Register hybrid PMUs") e11c1a7eb302 ("perf/x86: Factor out x86_pmu_show_pmu_cap") b98567298bad ("perf/x86: Remove temporary pmu assignment in event_init") 34d5b61f29ee ("perf/x86/intel: Factor out intel_pmu_check_extra_regs") bc14fe1beeec ("perf/x86/intel: Factor out intel_pmu_check_event_constraints") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 25dfc9e357af8aed1ca79b318a73f2c59c1f0b2b Mon Sep 17 00:00:00 2001 From: Kan Liang <kan.liang(a)linux.intel.com> Date: Mon, 19 Aug 2024 11:30:04 -0700 Subject: [PATCH] perf/x86/intel: Limit the period on Haswell Running the ltp test cve-2015-3290 concurrently reports the following warnings. perfevents: irq loop stuck! WARNING: CPU: 31 PID: 32438 at arch/x86/events/intel/core.c:3174 intel_pmu_handle_irq+0x285/0x370 Call Trace: <NMI> ? __warn+0xa4/0x220 ? intel_pmu_handle_irq+0x285/0x370 ? __report_bug+0x123/0x130 ? intel_pmu_handle_irq+0x285/0x370 ? __report_bug+0x123/0x130 ? intel_pmu_handle_irq+0x285/0x370 ? report_bug+0x3e/0xa0 ? handle_bug+0x3c/0x70 ? exc_invalid_op+0x18/0x50 ? asm_exc_invalid_op+0x1a/0x20 ? irq_work_claim+0x1e/0x40 ? intel_pmu_handle_irq+0x285/0x370 perf_event_nmi_handler+0x3d/0x60 nmi_handle+0x104/0x330 Thanks to Thomas Gleixner's analysis, the issue is caused by the low initial period (1) of the frequency estimation algorithm, which triggers the defects of the HW, specifically erratum HSW11 and HSW143. (For the details, please refer https://lore.kernel.org/lkml/87plq9l5d2.ffs@tglx/) The HSW11 requires a period larger than 100 for the INST_RETIRED.ALL event, but the initial period in the freq mode is 1. The erratum is the same as the BDM11, which has been supported in the kernel. A minimum period of 128 is enforced as well on HSW. HSW143 is regarding that the fixed counter 1 may overcount 32 with the Hyper-Threading is enabled. However, based on the test, the hardware has more issues than it tells. Besides the fixed counter 1, the message 'interrupt took too long' can be observed on any counter which was armed with a period < 32 and two events expired in the same NMI. A minimum period of 32 is enforced for the rest of the events. The recommended workaround code of the HSW143 is not implemented. Because it only addresses the issue for the fixed counter. It brings extra overhead through extra MSR writing. No related overcounting issue has been reported so far. Fixes: 3a632cb229bf ("perf/x86/intel: Add simple Haswell PMU support") Reported-by: Li Huafei <lihuafei1(a)huawei.com> Suggested-by: Thomas Gleixner <tglx(a)linutronix.de> Signed-off-by: Kan Liang <kan.liang(a)linux.intel.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/all/20240819183004.3132920-1-kan.liang@linux.intel.… Closes: https://lore.kernel.org/lkml/20240729223328.327835-1-lihuafei1@huawei.com/ diff --git a/arch/x86/events/intel/core.c b/arch/x86/events/intel/core.c index 0c9c2706d4ec..9e519d8a810a 100644 --- a/arch/x86/events/intel/core.c +++ b/arch/x86/events/intel/core.c @@ -4589,6 +4589,25 @@ static enum hybrid_cpu_type adl_get_hybrid_cpu_type(void) return HYBRID_INTEL_CORE; } +static inline bool erratum_hsw11(struct perf_event *event) +{ + return (event->hw.config & INTEL_ARCH_EVENT_MASK) == + X86_CONFIG(.event=0xc0, .umask=0x01); +} + +/* + * The HSW11 requires a period larger than 100 which is the same as the BDM11. + * A minimum period of 128 is enforced as well for the INST_RETIRED.ALL. + * + * The message 'interrupt took too long' can be observed on any counter which + * was armed with a period < 32 and two events expired in the same NMI. + * A minimum period of 32 is enforced for the rest of the events. + */ +static void hsw_limit_period(struct perf_event *event, s64 *left) +{ + *left = max(*left, erratum_hsw11(event) ? 128 : 32); +} + /* * Broadwell: * @@ -4606,8 +4625,7 @@ static enum hybrid_cpu_type adl_get_hybrid_cpu_type(void) */ static void bdw_limit_period(struct perf_event *event, s64 *left) { - if ((event->hw.config & INTEL_ARCH_EVENT_MASK) == - X86_CONFIG(.event=0xc0, .umask=0x01)) { + if (erratum_hsw11(event)) { if (*left < 128) *left = 128; *left &= ~0x3fULL; @@ -6766,6 +6784,7 @@ __init int intel_pmu_init(void) x86_pmu.hw_config = hsw_hw_config; x86_pmu.get_event_constraints = hsw_get_event_constraints; + x86_pmu.limit_period = hsw_limit_period; x86_pmu.lbr_double_abort = true; extra_attr = boot_cpu_has(X86_FEATURE_RTM) ? hsw_format_attr : nhm_format_attr;

1 year

1
0
0 0

FAILED: patch "[PATCH] perf/x86/intel: Limit the period on Haswell" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 25dfc9e357af8aed1ca79b318a73f2c59c1f0b2b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024090838-facility-embargo-19d0@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 25dfc9e357af ("perf/x86/intel: Limit the period on Haswell") 28f0f3c44b5c ("perf/x86: Change x86_pmu::limit_period signature") 706460a96fc6 ("perf/x86/amd/core: Add generic branch record interfaces") b40d0156f560 ("perf/x86/amd/brs: Move feature-specific functions") 3c27b0c6ea48 ("perf/x86/amd: Fix AMD BRS period adjustment") 9622e67e3980 ("perf/x86/amd/core: Add PerfMonV2 counter control") 21d59e3e2c40 ("perf/x86/amd/core: Detect PerfMonV2 support") cc37e520a236 ("perf/x86/amd: Make Zen3 branch sampling opt-in") ba2fe7500845 ("perf/x86/amd: Add AMD branch sampling period adjustment") ada543459cab ("perf/x86/amd: Add AMD Fam19h Branch Sampling support") 369461ce8fb6 ("x86: perf: Move RDPMC event flag to a common definition") 05485745ad48 ("perf/amd/uncore: Allow the driver to be built as a module") 5471eea5d3bf ("perf/x86: Reset the dirty counter to prevent the leak for an RDPMC task") f83d2f91d259 ("perf/x86/intel: Add Alder Lake Hybrid support") 58ae30c29a37 ("perf/x86/intel: Add attr_update for Hybrid PMUs") d9977c43bff8 ("perf/x86: Register hybrid PMUs") e11c1a7eb302 ("perf/x86: Factor out x86_pmu_show_pmu_cap") b98567298bad ("perf/x86: Remove temporary pmu assignment in event_init") 34d5b61f29ee ("perf/x86/intel: Factor out intel_pmu_check_extra_regs") bc14fe1beeec ("perf/x86/intel: Factor out intel_pmu_check_event_constraints") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 25dfc9e357af8aed1ca79b318a73f2c59c1f0b2b Mon Sep 17 00:00:00 2001 From: Kan Liang <kan.liang(a)linux.intel.com> Date: Mon, 19 Aug 2024 11:30:04 -0700 Subject: [PATCH] perf/x86/intel: Limit the period on Haswell Running the ltp test cve-2015-3290 concurrently reports the following warnings. perfevents: irq loop stuck! WARNING: CPU: 31 PID: 32438 at arch/x86/events/intel/core.c:3174 intel_pmu_handle_irq+0x285/0x370 Call Trace: <NMI> ? __warn+0xa4/0x220 ? intel_pmu_handle_irq+0x285/0x370 ? __report_bug+0x123/0x130 ? intel_pmu_handle_irq+0x285/0x370 ? __report_bug+0x123/0x130 ? intel_pmu_handle_irq+0x285/0x370 ? report_bug+0x3e/0xa0 ? handle_bug+0x3c/0x70 ? exc_invalid_op+0x18/0x50 ? asm_exc_invalid_op+0x1a/0x20 ? irq_work_claim+0x1e/0x40 ? intel_pmu_handle_irq+0x285/0x370 perf_event_nmi_handler+0x3d/0x60 nmi_handle+0x104/0x330 Thanks to Thomas Gleixner's analysis, the issue is caused by the low initial period (1) of the frequency estimation algorithm, which triggers the defects of the HW, specifically erratum HSW11 and HSW143. (For the details, please refer https://lore.kernel.org/lkml/87plq9l5d2.ffs@tglx/) The HSW11 requires a period larger than 100 for the INST_RETIRED.ALL event, but the initial period in the freq mode is 1. The erratum is the same as the BDM11, which has been supported in the kernel. A minimum period of 128 is enforced as well on HSW. HSW143 is regarding that the fixed counter 1 may overcount 32 with the Hyper-Threading is enabled. However, based on the test, the hardware has more issues than it tells. Besides the fixed counter 1, the message 'interrupt took too long' can be observed on any counter which was armed with a period < 32 and two events expired in the same NMI. A minimum period of 32 is enforced for the rest of the events. The recommended workaround code of the HSW143 is not implemented. Because it only addresses the issue for the fixed counter. It brings extra overhead through extra MSR writing. No related overcounting issue has been reported so far. Fixes: 3a632cb229bf ("perf/x86/intel: Add simple Haswell PMU support") Reported-by: Li Huafei <lihuafei1(a)huawei.com> Suggested-by: Thomas Gleixner <tglx(a)linutronix.de> Signed-off-by: Kan Liang <kan.liang(a)linux.intel.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/all/20240819183004.3132920-1-kan.liang@linux.intel.… Closes: https://lore.kernel.org/lkml/20240729223328.327835-1-lihuafei1@huawei.com/ diff --git a/arch/x86/events/intel/core.c b/arch/x86/events/intel/core.c index 0c9c2706d4ec..9e519d8a810a 100644 --- a/arch/x86/events/intel/core.c +++ b/arch/x86/events/intel/core.c @@ -4589,6 +4589,25 @@ static enum hybrid_cpu_type adl_get_hybrid_cpu_type(void) return HYBRID_INTEL_CORE; } +static inline bool erratum_hsw11(struct perf_event *event) +{ + return (event->hw.config & INTEL_ARCH_EVENT_MASK) == + X86_CONFIG(.event=0xc0, .umask=0x01); +} + +/* + * The HSW11 requires a period larger than 100 which is the same as the BDM11. + * A minimum period of 128 is enforced as well for the INST_RETIRED.ALL. + * + * The message 'interrupt took too long' can be observed on any counter which + * was armed with a period < 32 and two events expired in the same NMI. + * A minimum period of 32 is enforced for the rest of the events. + */ +static void hsw_limit_period(struct perf_event *event, s64 *left) +{ + *left = max(*left, erratum_hsw11(event) ? 128 : 32); +} + /* * Broadwell: * @@ -4606,8 +4625,7 @@ static enum hybrid_cpu_type adl_get_hybrid_cpu_type(void) */ static void bdw_limit_period(struct perf_event *event, s64 *left) { - if ((event->hw.config & INTEL_ARCH_EVENT_MASK) == - X86_CONFIG(.event=0xc0, .umask=0x01)) { + if (erratum_hsw11(event)) { if (*left < 128) *left = 128; *left &= ~0x3fULL; @@ -6766,6 +6784,7 @@ __init int intel_pmu_init(void) x86_pmu.hw_config = hsw_hw_config; x86_pmu.get_event_constraints = hsw_get_event_constraints; + x86_pmu.limit_period = hsw_limit_period; x86_pmu.lbr_double_abort = true; extra_attr = boot_cpu_has(X86_FEATURE_RTM) ? hsw_format_attr : nhm_format_attr;

1 year

1
0
0 0

FAILED: patch "[PATCH] perf/x86/intel: Limit the period on Haswell" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 25dfc9e357af8aed1ca79b318a73f2c59c1f0b2b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024090837-twisty-deodorant-ee35@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 25dfc9e357af ("perf/x86/intel: Limit the period on Haswell") 28f0f3c44b5c ("perf/x86: Change x86_pmu::limit_period signature") 706460a96fc6 ("perf/x86/amd/core: Add generic branch record interfaces") b40d0156f560 ("perf/x86/amd/brs: Move feature-specific functions") 3c27b0c6ea48 ("perf/x86/amd: Fix AMD BRS period adjustment") 9622e67e3980 ("perf/x86/amd/core: Add PerfMonV2 counter control") 21d59e3e2c40 ("perf/x86/amd/core: Detect PerfMonV2 support") cc37e520a236 ("perf/x86/amd: Make Zen3 branch sampling opt-in") ba2fe7500845 ("perf/x86/amd: Add AMD branch sampling period adjustment") ada543459cab ("perf/x86/amd: Add AMD Fam19h Branch Sampling support") 369461ce8fb6 ("x86: perf: Move RDPMC event flag to a common definition") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 25dfc9e357af8aed1ca79b318a73f2c59c1f0b2b Mon Sep 17 00:00:00 2001 From: Kan Liang <kan.liang(a)linux.intel.com> Date: Mon, 19 Aug 2024 11:30:04 -0700 Subject: [PATCH] perf/x86/intel: Limit the period on Haswell Running the ltp test cve-2015-3290 concurrently reports the following warnings. perfevents: irq loop stuck! WARNING: CPU: 31 PID: 32438 at arch/x86/events/intel/core.c:3174 intel_pmu_handle_irq+0x285/0x370 Call Trace: <NMI> ? __warn+0xa4/0x220 ? intel_pmu_handle_irq+0x285/0x370 ? __report_bug+0x123/0x130 ? intel_pmu_handle_irq+0x285/0x370 ? __report_bug+0x123/0x130 ? intel_pmu_handle_irq+0x285/0x370 ? report_bug+0x3e/0xa0 ? handle_bug+0x3c/0x70 ? exc_invalid_op+0x18/0x50 ? asm_exc_invalid_op+0x1a/0x20 ? irq_work_claim+0x1e/0x40 ? intel_pmu_handle_irq+0x285/0x370 perf_event_nmi_handler+0x3d/0x60 nmi_handle+0x104/0x330 Thanks to Thomas Gleixner's analysis, the issue is caused by the low initial period (1) of the frequency estimation algorithm, which triggers the defects of the HW, specifically erratum HSW11 and HSW143. (For the details, please refer https://lore.kernel.org/lkml/87plq9l5d2.ffs@tglx/) The HSW11 requires a period larger than 100 for the INST_RETIRED.ALL event, but the initial period in the freq mode is 1. The erratum is the same as the BDM11, which has been supported in the kernel. A minimum period of 128 is enforced as well on HSW. HSW143 is regarding that the fixed counter 1 may overcount 32 with the Hyper-Threading is enabled. However, based on the test, the hardware has more issues than it tells. Besides the fixed counter 1, the message 'interrupt took too long' can be observed on any counter which was armed with a period < 32 and two events expired in the same NMI. A minimum period of 32 is enforced for the rest of the events. The recommended workaround code of the HSW143 is not implemented. Because it only addresses the issue for the fixed counter. It brings extra overhead through extra MSR writing. No related overcounting issue has been reported so far. Fixes: 3a632cb229bf ("perf/x86/intel: Add simple Haswell PMU support") Reported-by: Li Huafei <lihuafei1(a)huawei.com> Suggested-by: Thomas Gleixner <tglx(a)linutronix.de> Signed-off-by: Kan Liang <kan.liang(a)linux.intel.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/all/20240819183004.3132920-1-kan.liang@linux.intel.… Closes: https://lore.kernel.org/lkml/20240729223328.327835-1-lihuafei1@huawei.com/ diff --git a/arch/x86/events/intel/core.c b/arch/x86/events/intel/core.c index 0c9c2706d4ec..9e519d8a810a 100644 --- a/arch/x86/events/intel/core.c +++ b/arch/x86/events/intel/core.c @@ -4589,6 +4589,25 @@ static enum hybrid_cpu_type adl_get_hybrid_cpu_type(void) return HYBRID_INTEL_CORE; } +static inline bool erratum_hsw11(struct perf_event *event) +{ + return (event->hw.config & INTEL_ARCH_EVENT_MASK) == + X86_CONFIG(.event=0xc0, .umask=0x01); +} + +/* + * The HSW11 requires a period larger than 100 which is the same as the BDM11. + * A minimum period of 128 is enforced as well for the INST_RETIRED.ALL. + * + * The message 'interrupt took too long' can be observed on any counter which + * was armed with a period < 32 and two events expired in the same NMI. + * A minimum period of 32 is enforced for the rest of the events. + */ +static void hsw_limit_period(struct perf_event *event, s64 *left) +{ + *left = max(*left, erratum_hsw11(event) ? 128 : 32); +} + /* * Broadwell: * @@ -4606,8 +4625,7 @@ static enum hybrid_cpu_type adl_get_hybrid_cpu_type(void) */ static void bdw_limit_period(struct perf_event *event, s64 *left) { - if ((event->hw.config & INTEL_ARCH_EVENT_MASK) == - X86_CONFIG(.event=0xc0, .umask=0x01)) { + if (erratum_hsw11(event)) { if (*left < 128) *left = 128; *left &= ~0x3fULL; @@ -6766,6 +6784,7 @@ __init int intel_pmu_init(void) x86_pmu.hw_config = hsw_hw_config; x86_pmu.get_event_constraints = hsw_get_event_constraints; + x86_pmu.limit_period = hsw_limit_period; x86_pmu.lbr_double_abort = true; extra_attr = boot_cpu_has(X86_FEATURE_RTM) ? hsw_format_attr : nhm_format_attr;

1 year

1
0
0 0

FAILED: patch "[PATCH] ksmbd: Unlock on in ksmbd_tcp_set_interfaces()" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 844436e045ac2ab7895d8b281cb784a24de1d14d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024090848-botch-appointee-7cb2@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 844436e045ac ("ksmbd: Unlock on in ksmbd_tcp_set_interfaces()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 844436e045ac2ab7895d8b281cb784a24de1d14d Mon Sep 17 00:00:00 2001 From: Dan Carpenter <dan.carpenter(a)linaro.org> Date: Thu, 29 Aug 2024 22:22:35 +0300 Subject: [PATCH] ksmbd: Unlock on in ksmbd_tcp_set_interfaces() Unlock before returning an error code if this allocation fails. Fixes: 0626e6641f6b ("cifsd: add server handler for central processing and tranport layers") Cc: stable(a)vger.kernel.org # v5.15+ Signed-off-by: Dan Carpenter <dan.carpenter(a)linaro.org> Acked-by: Namjae Jeon <linkinjeon(a)kernel.org> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/server/transport_tcp.c b/fs/smb/server/transport_tcp.c index a84788396daa..aaed9e293b2e 100644 --- a/fs/smb/server/transport_tcp.c +++ b/fs/smb/server/transport_tcp.c @@ -624,8 +624,10 @@ int ksmbd_tcp_set_interfaces(char *ifc_list, int ifc_list_sz) for_each_netdev(&init_net, netdev) { if (netif_is_bridge_port(netdev)) continue; - if (!alloc_iface(kstrdup(netdev->name, GFP_KERNEL))) + if (!alloc_iface(kstrdup(netdev->name, GFP_KERNEL))) { + rtnl_unlock(); return -ENOMEM; + } } rtnl_unlock(); bind_additional_ifaces = 1;

1 year

1
0
0 0

FAILED: patch "[PATCH] ksmbd: unset the binding mark of a reused connection" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 78c5a6f1f630172b19af4912e755e1da93ef0ab5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024090838-reentry-fender-aec1@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 78c5a6f1f630 ("ksmbd: unset the binding mark of a reused connection") 38c8a9a52082 ("smb: move client and server files to common directory fs/smb") f5c779b7ddbd ("ksmbd: fix racy issue from session setup and logoff") 1d9c4172110e ("ksmbd: Implements sess->ksmbd_chann_list as xarray") 62c487b53a7f ("ksmbd: limit pdu length size according to connection status") abdb1742a312 ("cifs: get rid of mount options string parsing") 9fd29a5bae6e ("cifs: use fs_context for automounts") 5dd8ce24667a ("cifs: missing directory in MAINTAINERS file") 332019e23a51 ("Merge tag '5.20-rc-smb3-client-fixes-part2' of git://git.samba.org/sfrench/cifs-2.6") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 78c5a6f1f630172b19af4912e755e1da93ef0ab5 Mon Sep 17 00:00:00 2001 From: Namjae Jeon <linkinjeon(a)kernel.org> Date: Tue, 27 Aug 2024 21:44:41 +0900 Subject: [PATCH] ksmbd: unset the binding mark of a reused connection Steve French reported null pointer dereference error from sha256 lib. cifs.ko can send session setup requests on reused connection. If reused connection is used for binding session, conn->binding can still remain true and generate_preauth_hash() will not set sess->Preauth_HashValue and it will be NULL. It is used as a material to create an encryption key in ksmbd_gen_smb311_encryptionkey. ->Preauth_HashValue cause null pointer dereference error from crypto_shash_update(). BUG: kernel NULL pointer dereference, address: 0000000000000000 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 8 PID: 429254 Comm: kworker/8:39 Hardware name: LENOVO 20MAS08500/20MAS08500, BIOS N2CET69W (1.52 ) Workqueue: ksmbd-io handle_ksmbd_work [ksmbd] RIP: 0010:lib_sha256_base_do_update.isra.0+0x11e/0x1d0 [sha256_ssse3] <TASK> ? show_regs+0x6d/0x80 ? __die+0x24/0x80 ? page_fault_oops+0x99/0x1b0 ? do_user_addr_fault+0x2ee/0x6b0 ? exc_page_fault+0x83/0x1b0 ? asm_exc_page_fault+0x27/0x30 ? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3] ? lib_sha256_base_do_update.isra.0+0x11e/0x1d0 [sha256_ssse3] ? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3] ? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3] _sha256_update+0x77/0xa0 [sha256_ssse3] sha256_avx2_update+0x15/0x30 [sha256_ssse3] crypto_shash_update+0x1e/0x40 hmac_update+0x12/0x20 crypto_shash_update+0x1e/0x40 generate_key+0x234/0x380 [ksmbd] generate_smb3encryptionkey+0x40/0x1c0 [ksmbd] ksmbd_gen_smb311_encryptionkey+0x72/0xa0 [ksmbd] ntlm_authenticate.isra.0+0x423/0x5d0 [ksmbd] smb2_sess_setup+0x952/0xaa0 [ksmbd] __process_request+0xa3/0x1d0 [ksmbd] __handle_ksmbd_work+0x1c4/0x2f0 [ksmbd] handle_ksmbd_work+0x2d/0xa0 [ksmbd] process_one_work+0x16c/0x350 worker_thread+0x306/0x440 ? __pfx_worker_thread+0x10/0x10 kthread+0xef/0x120 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x44/0x70 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 </TASK> Fixes: f5a544e3bab7 ("ksmbd: add support for SMB3 multichannel") Cc: stable(a)vger.kernel.org # v5.15+ Signed-off-by: Namjae Jeon <linkinjeon(a)kernel.org> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/server/smb2pdu.c b/fs/smb/server/smb2pdu.c index 20846a4d3031..8bdc59251418 100644 --- a/fs/smb/server/smb2pdu.c +++ b/fs/smb/server/smb2pdu.c @@ -1690,6 +1690,8 @@ int smb2_sess_setup(struct ksmbd_work *work) rc = ksmbd_session_register(conn, sess); if (rc) goto out_err; + + conn->binding = false; } else if (conn->dialect >= SMB30_PROT_ID && (server_conf.flags & KSMBD_GLOBAL_FLAG_SMB3_MULTICHANNEL) && req->Flags & SMB2_SESSION_REQ_FLAG_BINDING) { @@ -1768,6 +1770,8 @@ int smb2_sess_setup(struct ksmbd_work *work) sess = NULL; goto out_err; } + + conn->binding = false; } work->sess = sess;

1 year

1
0
0 0

Linux 6.10.9

by Greg Kroah-Hartman

I'm announcing the release of the 6.10.9 kernel. All users of the 6.10 kernel series must upgrade. The updated 6.10.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.10.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/locking/hwspinlock.rst | 11 Makefile | 2 arch/arm64/boot/dts/qcom/x1e80100-crd.dts | 81 +++++ arch/arm64/boot/dts/qcom/x1e80100-qcp.dts | 81 +++++ arch/x86/kernel/cpu/amd.c | 2 block/blk-integrity.c | 2 crypto/ecc.c | 2 drivers/base/regmap/regmap-spi.c | 3 drivers/cpufreq/scmi-cpufreq.c | 4 drivers/crypto/stm32/stm32-cryp.c | 6 drivers/dma/altera-msgdma.c | 9 drivers/gpu/drm/amd/amdgpu/amdgpu_aca.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_afmt.c | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 9 drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 5 drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_eeprom.c | 6 drivers/gpu/drm/amd/amdgpu/amdgpu_eeprom.h | 4 drivers/gpu/drm/amd/amdgpu/amdgpu_gart.c | 6 drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c | 11 drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c | 19 + drivers/gpu/drm/amd/amdgpu/amdgpu_ras.h | 13 drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c | 5 drivers/gpu/drm/amd/amdgpu/amdgpu_securedisplay.c | 4 drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c | 15 drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c | 12 drivers/gpu/drm/amd/amdgpu/amdgpu_xgmi.c | 3 drivers/gpu/drm/amd/amdgpu/aqua_vanjaram.c | 6 drivers/gpu/drm/amd/amdgpu/df_v1_7.c | 2 drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_5.c | 2 drivers/gpu/drm/amd/amdgpu/mmhub_v1_7.c | 2 drivers/gpu/drm/amd/amdgpu/mmhub_v2_0.c | 2 drivers/gpu/drm/amd/amdgpu/mmhub_v3_3.c | 2 drivers/gpu/drm/amd/amdgpu/mmhub_v9_4.c | 2 drivers/gpu/drm/amd/amdgpu/nbio_v7_4.c | 3 drivers/gpu/drm/amd/amdgpu/vcn_v5_0_0.c | 19 - drivers/gpu/drm/amd/amdkfd/kfd_crat.h | 2 drivers/gpu/drm/amd/amdkfd/kfd_debug.c | 4 drivers/gpu/drm/amd/amdkfd/kfd_int_process_v9.c | 4 drivers/gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 9 drivers/gpu/drm/amd/amdkfd/kfd_topology.c | 3 drivers/gpu/drm/amd/amdkfd/kfd_topology.h | 5 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 49 +-- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.h | 2 drivers/gpu/drm/amd/display/dc/bios/bios_parser.c | 18 + drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c | 7 drivers/gpu/drm/amd/display/dc/clk_mgr/dcn21/rn_clk_mgr.c | 3 drivers/gpu/drm/amd/display/dc/core/dc.c | 1 drivers/gpu/drm/amd/display/dc/core/dc_link_exports.c | 3 drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 8 drivers/gpu/drm/amd/display/dc/core/dc_state.c | 10 drivers/gpu/drm/amd/display/dc/dce/dmub_abm_lcd.c | 2 drivers/gpu/drm/amd/display/dc/dce/dmub_replay.c | 3 drivers/gpu/drm/amd/display/dc/dcn20/dcn20_dwb_scl.c | 3 drivers/gpu/drm/amd/display/dc/dcn35/dcn35_dccg.c | 2 drivers/gpu/drm/amd/display/dc/dml/calcs/dcn_calcs.c | 7 drivers/gpu/drm/amd/display/dc/dml/dcn302/dcn302_fpu.c | 10 drivers/gpu/drm/amd/display/dc/dml/dcn303/dcn303_fpu.c | 10 drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c | 10 drivers/gpu/drm/amd/display/dc/dml/dcn321/dcn321_fpu.c | 10 drivers/gpu/drm/amd/display/dc/dml/display_mode_vba.c | 7 drivers/gpu/drm/amd/display/dc/gpio/gpio_service.c | 17 - drivers/gpu/drm/amd/display/dc/hdcp/hdcp_msg.c | 17 - drivers/gpu/drm/amd/display/dc/hwss/dcn201/dcn201_hwseq.c | 3 drivers/gpu/drm/amd/display/dc/hwss/dcn21/dcn21_hwseq.c | 2 drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 3 drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_capability.c | 26 - drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_training.c | 4 drivers/gpu/drm/amd/display/dc/link/protocols/link_dpcd.c | 1 drivers/gpu/drm/amd/display/dc/resource/dce80/dce80_resource.c | 1 drivers/gpu/drm/amd/display/dc/resource/dcn31/dcn31_resource.c | 1 drivers/gpu/drm/amd/display/dc/resource/dcn314/dcn314_resource.c | 4 drivers/gpu/drm/amd/display/dc/resource/dcn35/dcn35_resource.c | 2 drivers/gpu/drm/amd/display/dc/resource/dcn351/dcn351_resource.c | 1 drivers/gpu/drm/amd/display/dmub/src/dmub_dcn35.c | 5 drivers/gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c | 28 + drivers/gpu/drm/amd/pm/powerplay/amd_powerplay.c | 2 drivers/gpu/drm/amd/pm/powerplay/hwmgr/pp_psm.c | 13 drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c | 5 drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu10_hwmgr.c | 29 + drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c | 2 drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu8_hwmgr.c | 15 drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_hwmgr.c | 60 ++- drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega12_hwmgr.c | 20 - drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega20_hwmgr.c | 31 + drivers/gpu/drm/amd/pm/powerplay/smumgr/vega10_smumgr.c | 6 drivers/gpu/drm/amd/pm/swsmu/inc/smu_v13_0.h | 4 drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c | 5 drivers/gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c | 31 + drivers/gpu/drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.c | 4 drivers/gpu/drm/amd/pm/swsmu/smu11/vangogh_ppt.c | 14 drivers/gpu/drm/amd/pm/swsmu/smu13/aldebaran_ppt.c | 3 drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0.c | 55 ++- drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c | 5 drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_4_ppt.c | 28 - drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_5_ppt.c | 28 - drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_6_ppt.c | 2 drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_7_ppt.c | 4 drivers/gpu/drm/amd/pm/swsmu/smu13/yellow_carp_ppt.c | 28 - drivers/gpu/drm/amd/pm/swsmu/smu14/smu_v14_0_2_ppt.c | 5 drivers/gpu/drm/bridge/tc358767.c | 2 drivers/gpu/drm/drm_bridge.c | 5 drivers/gpu/drm/drm_fb_helper.c | 11 drivers/gpu/drm/drm_panel_orientation_quirks.c | 6 drivers/gpu/drm/meson/meson_plane.c | 17 - drivers/gpu/drm/xe/xe_force_wake.h | 13 drivers/gpu/drm/xe/xe_gt_ccs_mode.c | 4 drivers/gpu/drm/xe/xe_gt_topology.c | 4 drivers/gpu/drm/xe/xe_guc_relay.c | 9 drivers/gpu/drm/xe/xe_guc_submit.c | 5 drivers/gpu/drm/xe/xe_hwmon.c | 9 drivers/gpu/drm/xe/xe_migrate.c | 55 ++- drivers/gpu/drm/xe/xe_pcode.c | 6 drivers/hwmon/k10temp.c | 36 +- drivers/hwspinlock/hwspinlock_core.c | 28 + drivers/hwspinlock/hwspinlock_internal.h | 3 drivers/iio/industrialio-core.c | 7 drivers/iio/industrialio-event.c | 9 drivers/iio/inkern.c | 32 +- drivers/infiniband/hw/efa/efa_com.c | 30 + drivers/media/usb/uvc/uvc_driver.c | 18 - drivers/media/v4l2-core/v4l2-cci.c | 9 drivers/net/ethernet/mellanox/mlx5/core/en_rx.c | 3 drivers/net/ethernet/mellanox/mlx5/core/steering/dr_rule.c | 2 drivers/net/ethernet/pensando/ionic/ionic_lif.c | 2 drivers/net/usb/qmi_wwan.c | 1 drivers/net/virtio_net.c | 6 drivers/net/wireless/ath/ath11k/qmi.c | 2 drivers/net/wireless/ath/ath12k/dp_rx.c | 2 drivers/net/wireless/ath/ath12k/qmi.c | 2 drivers/net/wireless/intel/iwlwifi/fw/debugfs.c | 3 drivers/net/wireless/intel/iwlwifi/fw/runtime.h | 1 drivers/net/wireless/intel/iwlwifi/mvm/link.c | 14 drivers/net/wireless/intel/iwlwifi/mvm/ops.c | 6 drivers/net/wireless/intel/iwlwifi/mvm/tests/links.c | 1 drivers/net/wireless/realtek/rtw89/ser.c | 8 drivers/pci/controller/dwc/pcie-al.c | 16 - drivers/pinctrl/core.c | 1 drivers/pinctrl/renesas/pinctrl-rzg2l.c | 12 drivers/platform/chrome/cros_ec_lpc_mec.c | 76 ++++ drivers/platform/chrome/cros_ec_lpc_mec.h | 11 drivers/platform/x86/amd/pmf/core.c | 3 drivers/platform/x86/amd/pmf/pmf-quirks.c | 9 drivers/ras/amd/atl/dehash.c | 43 -- drivers/ras/amd/atl/map.c | 77 ++++ drivers/remoteproc/mtk_scp.c | 2 drivers/remoteproc/qcom_q6v5_pas.c | 11 drivers/soc/qcom/smem.c | 26 + drivers/spi/spi-hisi-kunpeng.c | 1 drivers/thermal/thermal_sysfs.c | 6 drivers/thermal/thermal_trip.c | 2 drivers/ufs/core/ufshcd.c | 19 + drivers/usb/typec/ucsi/ucsi.h | 2 drivers/usb/usbip/stub_rx.c | 77 +++- fs/btrfs/inode.c | 3 fs/btrfs/scrub.c | 25 + fs/btrfs/tree-checker.c | 47 ++ fs/f2fs/f2fs.h | 2 fs/f2fs/inline.c | 20 + fs/f2fs/inode.c | 2 fs/gfs2/quota.c | 19 - fs/gfs2/util.c | 6 fs/notify/fsnotify.c | 31 + fs/notify/fsnotify.h | 2 fs/notify/mark.c | 32 +- fs/smb/client/smb2inode.c | 6 include/clocksource/timer-xilinx.h | 2 include/linux/fsnotify_backend.h | 8 include/linux/hwspinlock.h | 6 include/linux/i2c.h | 2 include/linux/soc/qcom/smem.h | 2 include/net/inet_timewait_sock.h | 6 include/net/ip.h | 3 include/net/tcp.h | 2 include/sound/ump_convert.h | 1 include/ufs/ufshcd.h | 1 include/ufs/ufshci.h | 1 kernel/dma/debug.c | 5 kernel/rcu/tree.h | 1 kernel/rcu/tree_nocb.h | 32 -- mm/filemap.c | 2 net/dccp/minisocks.c | 3 net/ipv4/fib_semantics.c | 5 net/ipv4/inet_timewait_sock.c | 52 ++- net/ipv4/metrics.c | 8 net/ipv4/tcp_cong.c | 11 net/ipv4/tcp_ipv4.c | 14 net/ipv4/tcp_minisocks.c | 25 - net/ipv6/route.c | 2 net/ipv6/tcp_ipv6.c | 6 net/mac80211/main.c | 3 net/wireless/ibss.c | 5 net/wireless/mesh.c | 5 net/wireless/nl80211.c | 21 - net/wireless/scan.c | 46 ++ security/apparmor/apparmorfs.c | 4 security/smack/smack_lsm.c | 2 sound/core/seq/seq_ports.h | 14 sound/core/seq/seq_ump_convert.c | 95 +++-- sound/core/ump_convert.c | 60 ++- sound/pci/hda/hda_generic.c | 63 +++ sound/pci/hda/hda_generic.h | 1 sound/pci/hda/patch_conexant.c | 2 sound/soc/amd/yc/acp6x-mach.c | 14 sound/soc/codecs/es8326.c | 2 tools/testing/selftests/net/mptcp/mptcp_join.sh | 160 +++++++++- tools/testing/selftests/net/mptcp/mptcp_lib.sh | 4 210 files changed, 2042 insertions(+), 693 deletions(-) Abel Vesa (1): arm64: dts: qcom: x1e80100: Describe the PCIe 6a resources Abhishek Pandit-Subedi (1): usb: typec: ucsi: Fix null pointer dereference in trace Aleksandr Mishin (1): PCI: al: Check IORESOURCE_BUS existence during probe Alex Hung (12): drm/amd/display: Ensure array index tg_inst won't be -1 drm/amd/display: Check gpio_id before used as array index drm/amd/display: Fix incorrect size calculation for loop drm/amd/display: Check index for aux_rd_interval before using drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] drm/amd/display: Check msg_id before processing transcation drm/amd/display: Check link_index before accessing dc->links[] drm/amd/display: Spinlock before reading event drm/amd/display: Ensure index calculation will not overflow drm/amd/display: Avoid overflow from uint32_t to uint8_t drm/amd/display: Check BIOS images before it is used drm/amd/display: Skip wbscl_set_scaler_filter if filter is null Alvin Lee (1): drm/amd/display: Assign linear_pitch_alignment even for VM Amir Goldstein (1): fsnotify: clear PARENT_WATCHED flags lazily Andreas Gruenbacher (1): gfs2: Revert "Add quota_change type" Andy Shevchenko (1): regmap: spi: Fix potential off-by-one when calculating reserved size AngeloGioacchino Del Regno (1): remoteproc: mediatek: Zero out only remaining bytes of IPI buffer Asad Kamal (1): drm/amd/amdgpu: Check tbo resource pointer Ben Walsh (1): platform/chrome: cros_ec_lpc: MEC access can use an AML mutex Bob Zhou (1): drm/amdgpu: fix overflowed constant warning in mmhub_set_clockgating() Boris Burkov (1): btrfs: fix qgroup reserve leaks in cow_file_range Bruno Ancona (1): ASoC: amd: yc: Support mic on HP 14-em0002la Casey Schaufler (1): smack: tcp: ipv4, fix incorrect labeling Chao Yu (1): f2fs: fix to do sanity check on blocks for inline_data inode Chris Lew (1): soc: qcom: smem: Add qcom_smem_bust_hwspin_lock_by_host() Christoph Hellwig (1): block: remove the blk_flush_integrity call in blk_integrity_unregister David (Ming Qiang) Wu (1): drm/amdgpu/vcn: remove irq disabling in vcn 5 suspend David Howells (1): mm: Fix filemap_invalidate_inode() to use invalidate_inode_pages2_range() Devyn Liu (1): spi: hisi-kunpeng: Add validation for the minimum value of speed_hz Dragos Tatulea (1): net/mlx5e: SHAMPO, Fix incorrect page release Eric Dumazet (1): tcp: annotate data-races around tw->tw_ts_recent and tw->tw_ts_recent_stamp Francois Dugast (1): drm/xe/gt: Fix assert in L3 bank mask generation Frederic Weisbecker (1): rcu/nocb: Remove buggy bypass lock contention mitigation Greg Kroah-Hartman (1): Linux 6.10.9 Haoran Liu (1): drm/meson: plane: Add error handling Heng Qi (1): virtio-net: check feature before configuring the vq coalescing command Hersen Wu (13): drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links drm/amd/display: Add missing NULL pointer check within dpcd_extend_address_range drm/amd/display: Add array index check for hdcp ddc access drm/amd/display: Release state memory if amdgpu_dm_create_color_properties fail drm/amd/display: Add otg_master NULL check within resource_log_pipe_topology_update drm/amd/display: Fix Coverity INTERGER_OVERFLOW within construct_integrated_info drm/amd/display: Fix Coverity INTEGER_OVERFLOW within dal_gpio_service_create drm/amd/display: Release clck_src memory if clk_src_construct fails drm/amd/display: Fix Coverity INTEGER_OVERFLOW within decide_fallback_link_setting_max_bw_policy drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration drm/amd/display: Fix writeback job lock evasion within dm_crtc_high_irq drm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box Himal Prasad Ghimiray (3): drm/xe: Fix the warning conditions drm/xe: Ensure caller uses sole domain for xe_force_wake_assert_held drm/xe: Check valid domain is passed in xe_force_wake_ref Jagadeesh Kona (1): cpufreq: scmi: Avoid overflow of target_freq in fast switch Jason Xing (1): net: remove NULL-pointer net parameter in ip_metrics_convert Jeff Johnson (3): wifi: ath12k: initialize 'ret' in ath12k_qmi_load_file_target_mem() wifi: ath11k: initialize 'ret' in ath11k_qmi_load_file_target_mem() wifi: ath12k: initialize 'ret' in ath12k_dp_rxdma_ring_sel_config_wcn7850() Jesse Zhang (13): drm/amd/pm: fix uninitialized variable warning drm/amd/pm: fix warning using uninitialized value of max_vid_step drm/amd/pm: Fix negative array index read drm/amd/pm: fix the Out-of-bounds read warning drm/amdgpu: Fix the warning division or modulo by zero drm/amdgpu: fix dereference after null check drm/amdgpu: fix the waring dereferencing hive drm/amd/pm: check specific index for aldebaran drm/amd/pm: check specific index for smu13 drm/amdgpu: the warning dereferencing obj for nbio_v7_4 drm/amdgpu: fix the warning bad bit shift operation for aca_error_type type drm/amd/pm: check negtive return for table entries drm/amdgu: fix Unintentional integer overflow for mall size Johan Hovold (4): arm64: dts: qcom: x1e80100-crd: fix up PCIe6a pinctrl node arm64: dts: qcom: x1e80100-crd: fix missing PCIe4 gpios arm64: dts: qcom: x1e80100-qcp: fix up PCIe6a pinctrl node arm64: dts: qcom: x1e80100-qcp: fix missing PCIe4 gpios Johannes Berg (4): wifi: cfg80211: restrict operation during radar detection wifi: iwlwifi: mvm: use only beacon BSS load for active links wifi: mac80211: check ieee80211_bss_info_change_notify() against MLD wifi: cfg80211: make hash table duplicates more survivable John Allen (1): RAS/AMD/ATL: Validate address map when information is gathered Joshua Aberback (1): Revert "drm/amd/display: Fix incorrect pointer assignment" Julien Stephan (1): driver: iio: add missing checks on iio_info's callback access Karthik Poosa (1): drm/xe/hwmon: Remove unwanted write permission for currN_label Ken Sloat (1): pwm: xilinx: Fix u32 overflow issue in 32-bit width PWM mode. Krzysztof Stępniak (1): ASoC: amd: yc: Support mic on Lenovo Thinkpad E14 Gen 6 Kyoungrul Kim (1): scsi: ufs: core: Check LSDBS cap when !mcq Lad Prabhakar (1): pinctrl: renesas: rzg2l: Validate power registers for SD and ETH Leesoo Ahn (1): apparmor: fix possible NULL pointer dereference Lin.Cao (1): drm/amdkfd: Check debug trap enable before write dbg_ev_file Luke D. Jones (1): platform/x86/amd: pmf: Add quirk for ROG Ally X Léo DUBOIN (1): pinctrl: core: reset gpio_device in loop in pinctrl_pins_show() Ma Jun (10): drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr drm/amdgpu/pm: Check the return value of smum_send_msg_to_smc drm/amdgpu/pm: Fix uninitialized variable warning for smu10 drm/amdgpu/pm: Fix uninitialized variable agc_btc_response drm/amdgpu: Fix the uninitialized variable warning drm/amdgpu: Fix out-of-bounds write warning drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number drm/amdgpu: Fix uninitialized variable warning in amdgpu_info_ioctl drm/amdgpu/pm: Check input value for CUSTOM profile mode setting on legacy SOCs drm/amdgpu/pm: Check input value for power profile setting on smu11, smu13 and smu14 Marek Vasut (1): drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ Matthew Brost (2): drm/xe: Don't overmap identity VRAM mapping drm/xe: Add GuC state asserts to deregister_exec_queue Matthieu Baerts (NGI0) (5): selftests: mptcp: join: check re-using ID of unused ADD_ADDR selftests: mptcp: join: check re-adding init endp with != id selftests: mptcp: join: validate event numbers selftests: mptcp: join: check re-re-adding ID 0 signal selftests: mptcp: join: test for flush/re-add endpoints Maxime Méré (1): crypto: stm32/cryp - call finalize with bh disabled Michael Chen (1): drm/amdkfd: Reconcile the definition and use of oem_id in struct kfd_topology_device Michael Margolin (1): RDMA/efa: Properly handle unexpected AQ completions Nicholas Kazlauskas (3): drm/amd/display: Don't use fsleep for PSR exit waits on dmub replay drm/amd/display: Remove register from DCN35 DMCUB diagnostic collection drm/amd/display: Disable DMCUB timeout for DCN35 Nicholas Susanto (1): drm/amd/display: Fix pipe addition logic in calc_blocks_to_ungate DCN35 Nirmoy Das (1): drm/xe: Use missing lock in relay_needs_worker Olivier Dautricourt (2): dmaengine: altera-msgdma: use irq variant of spin_lock/unlock while invoking callbacks dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor Paolo Abeni (1): selftests: mptcp: add explicit test case for remove/readd Paulo Alcantara (1): smb: client: fix FSCTL_GET_REPARSE_POINT against NetApp Perry Yuan (1): x86/CPU/AMD: Add models 0x60-0x6f to the Zen5 range Peter Wang (1): scsi: ufs: core: Bypass quick recovery if force reset is needed Philip Mueller (1): drm: panel-orientation-quirks: Add quirk for OrangePi Neo Philip Yang (1): drm/amdgpu: Handle sg size limit for contiguous allocation Qiuxu Zhuo (1): drm/fb-helper: Don't schedule_work() to flush frame buffer during panic() Qu Wenruo (3): btrfs: tree-checker: validate dref root and objectid btrfs: factor out stripe length calculation into a helper btrfs: scrub: update last_physical after scrubbing one stripe Rafael J. Wysocki (1): thermal: trip: Use READ_ONCE() for lockless access to trip properties Ricardo Ribalda (1): media: uvcvideo: Enforce alignment of frame and interval Richard Fitzgerald (2): i2c: Fix conditional for substituting empty ACPI functions i2c: Use IS_REACHABLE() for substituting empty ACPI functions Richard Maina (2): hwspinlock: Introduce hwspin_lock_bust() remoteproc: qcom_q6v5_pas: Add hwspinlock bust on stop Rik van Riel (1): dma-debug: avoid deadlock between dma debug vs printk and netconsole Rodrigo Siqueira (1): drm/amd/display: Handle the case which quad_part is equal 0 Rodrigo Vivi (1): drm/xe: Demote CCS_MODE info to debug only Sakari Ailus (1): media: v4l2-cci: Always assign *val Shahar S Matityahu (1): wifi: iwlwifi: remove fw_running op Shannon Nelson (1): ionic: fix potential irq name truncation Shyam Sundar S K (1): platform/x86/amd/pmf: Add new ACPI ID AMDI0107 Simon Holesch (1): usbip: Don't submit special requests twice Stefan Berger (1): crypto: ecc - Fix off-by-one missing to clear most significant digit Sui Jingfeng (1): drm/drm-bridge: Drop conditionals around of_node pointers Takashi Iwai (7): ALSA: hda/generic: Add a helper to mute speakers at suspend/shutdown ALSA: hda/conexant: Mute speakers at suspend / shutdown ALSA: ump: Transmit RPN/NRPN message at each MSB/LSB data reception ALSA: ump: Explicitly reset RPN with Null RPN ALSA: seq: ump: Use the common RPN/bank conversion context ALSA: seq: ump: Transmit RPN/NRPN message at each MSB/LSB data reception ALSA: seq: ump: Explicitly reset RPN with Null RPN Tao Zhou (3): drm/amdgpu: update type of buf size to u32 for eeprom functions drm/amdgpu: set RAS fed status for more cases drm/amdkfd: use mode1 reset for RAS poison consumption Tim Huang (10): drm/amdgpu: fix overflowed array index read warning drm/amd/pm: fix uninitialized variable warning for smu8_hwmgr drm/amd/pm: fix uninitialized variable warning for smu_v13 drm/amdgpu: fix uninitialized scalar variable warning drm/amd/pm: fix uninitialized variable warnings for vega10_hwmgr drm/amd/pm: fix uninitialized variable warnings for vangogh_ppt drm/amdgpu: fix uninitialized variable warning for amdgpu_xgmi drm/amdgpu: fix uninitialized variable warning for jpeg_v4 drm/amdgpu: fix ucode out-of-bounds read warning drm/amdgpu: fix mc_data out-of-bounds read warning Valentin Schneider (1): net: tcp/dccp: prepare for tw_timer un-pinning Victor Skvortsov (1): drm/amdgpu: Queue KFD reset workitem in VF FED Wayne Lin (1): drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX Wenjing Liu (1): drm/amd/display: use preferred link settings for dp signal only Xiaogang Chen (1): drm/kfd: Correct pinned buffer handling at kfd restore and validate process Yang Wang (2): drm/amdgpu: fix compiler 'side-effect' check issue for RAS_EVENT_LOG() drm/amdgpu: remove redundant semicolons in RAS_EVENT_LOG Yazen Ghannam (1): hwmon: (k10temp) Check return value of amd_smn_read() Yevgeny Kliteynik (1): net/mlx5: DR, Fix 'stack guard page was hit' error in dr_rule Yunxiang Li (3): drm/amdgpu: add skip_hw_access checks for sriov drm/amdgpu: add lock in amdgpu_gart_invalidate_tlb drm/amdgpu: add lock in kfd_process_dequeue_from_device ZHANG Yuntian (1): net: usb: qmi_wwan: add MeiG Smart SRM825L Zhang Yi (1): ASoC: codecs: ES8326: button detect issue Zhigang Luo (1): drm/amdgpu: avoid reading vf2pf info size from FB Zong-Zhe Yang (1): wifi: rtw89: ser: avoid multiple deinit on same CAM winstang (1): drm/amd/display: added NULL check at start of dc_validate_stream

1 year

1
1
0 0

Linux 6.6.50

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.50 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/locking/hwspinlock.rst | 11 Makefile | 2 block/blk-integrity.c | 2 drivers/base/regmap/regmap-spi.c | 3 drivers/cpufreq/scmi-cpufreq.c | 4 drivers/crypto/stm32/stm32-cryp.c | 6 drivers/dma/altera-msgdma.c | 9 drivers/gpu/drm/amd/amdgpu/amdgpu_afmt.c | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 9 drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 5 drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_eeprom.c | 6 drivers/gpu/drm/amd/amdgpu/amdgpu_eeprom.h | 4 drivers/gpu/drm/amd/amdgpu/amdgpu_gart.c | 6 drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c | 5 drivers/gpu/drm/amd/amdgpu/amdgpu_securedisplay.c | 4 drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c | 11 drivers/gpu/drm/amd/amdgpu/aqua_vanjaram.c | 6 drivers/gpu/drm/amd/amdgpu/df_v1_7.c | 2 drivers/gpu/drm/amd/amdgpu/nbio_v7_4.c | 2 drivers/gpu/drm/amd/amdkfd/kfd_crat.h | 2 drivers/gpu/drm/amd/amdkfd/kfd_debug.c | 4 drivers/gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 9 drivers/gpu/drm/amd/amdkfd/kfd_topology.c | 3 drivers/gpu/drm/amd/amdkfd/kfd_topology.h | 5 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 19 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.h | 2 drivers/gpu/drm/amd/display/dc/bios/bios_parser.c | 18 drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c | 7 drivers/gpu/drm/amd/display/dc/clk_mgr/dcn21/rn_clk_mgr.c | 3 drivers/gpu/drm/amd/display/dc/core/dc.c | 1 drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 3 drivers/gpu/drm/amd/display/dc/dce/dmub_replay.c | 3 drivers/gpu/drm/amd/display/dc/dcn20/dcn20_dwb_scl.c | 3 drivers/gpu/drm/amd/display/dc/dml/calcs/dcn_calcs.c | 7 drivers/gpu/drm/amd/display/dc/dml/dcn302/dcn302_fpu.c | 10 drivers/gpu/drm/amd/display/dc/dml/dcn303/dcn303_fpu.c | 10 drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c | 10 drivers/gpu/drm/amd/display/dc/dml/dcn321/dcn321_fpu.c | 10 drivers/gpu/drm/amd/display/dc/dml/display_mode_vba.c | 7 drivers/gpu/drm/amd/display/dc/gpio/gpio_service.c | 17 drivers/gpu/drm/amd/display/dc/hdcp/hdcp_msg.c | 17 drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_capability.c | 26 drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_training.c | 4 drivers/gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c | 28 drivers/gpu/drm/amd/pm/powerplay/amd_powerplay.c | 2 drivers/gpu/drm/amd/pm/powerplay/hwmgr/pp_psm.c | 13 drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c | 5 drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu10_hwmgr.c | 29 drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c | 2 drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu8_hwmgr.c | 15 drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_hwmgr.c | 60 + drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega12_hwmgr.c | 20 drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega20_hwmgr.c | 31 - drivers/gpu/drm/amd/pm/powerplay/smumgr/vega10_smumgr.c | 6 drivers/gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c | 27 drivers/gpu/drm/amd/pm/swsmu/smu11/vangogh_ppt.c | 14 drivers/gpu/drm/amd/pm/swsmu/smu13/aldebaran_ppt.c | 3 drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_6_ppt.c | 2 drivers/gpu/drm/bridge/tc358767.c | 2 drivers/gpu/drm/drm_fb_helper.c | 11 drivers/gpu/drm/drm_panel_orientation_quirks.c | 6 drivers/gpu/drm/meson/meson_plane.c | 17 drivers/hwmon/k10temp.c | 36 - drivers/hwspinlock/hwspinlock_core.c | 28 drivers/hwspinlock/hwspinlock_internal.h | 3 drivers/iio/industrialio-core.c | 7 drivers/iio/industrialio-event.c | 9 drivers/iio/inkern.c | 32 - drivers/infiniband/hw/efa/efa_com.c | 30 drivers/media/usb/uvc/uvc_driver.c | 18 drivers/media/v4l2-core/v4l2-cci.c | 9 drivers/net/ethernet/mellanox/mlx5/core/en_rx.c | 3 drivers/net/ethernet/mellanox/mlx5/core/steering/dr_rule.c | 2 drivers/net/ethernet/pensando/ionic/ionic_lif.c | 2 drivers/net/usb/qmi_wwan.c | 1 drivers/net/virtio_net.c | 8 drivers/net/wireless/ath/ath11k/qmi.c | 2 drivers/net/wireless/ath/ath12k/qmi.c | 2 drivers/net/wireless/intel/iwlwifi/fw/debugfs.c | 3 drivers/net/wireless/intel/iwlwifi/fw/runtime.h | 1 drivers/net/wireless/intel/iwlwifi/mvm/ops.c | 6 drivers/net/wireless/realtek/rtw89/ser.c | 8 drivers/pci/controller/dwc/pcie-al.c | 16 drivers/platform/chrome/cros_ec_lpc_mec.c | 76 ++ drivers/platform/chrome/cros_ec_lpc_mec.h | 11 drivers/soc/qcom/smem.c | 26 drivers/spi/spi-hisi-kunpeng.c | 1 drivers/ufs/core/ufshcd.c | 19 drivers/usb/typec/ucsi/ucsi.h | 2 drivers/usb/usbip/stub_rx.c | 77 +- fs/btrfs/tree-checker.c | 47 + fs/f2fs/f2fs.h | 2 fs/f2fs/inline.c | 20 fs/f2fs/inode.c | 2 fs/gfs2/quota.c | 19 fs/gfs2/util.c | 6 fs/notify/fsnotify.c | 31 - fs/notify/fsnotify.h | 2 fs/notify/mark.c | 32 - fs/smb/client/smb2inode.c | 6 include/clocksource/timer-xilinx.h | 2 include/linux/fsnotify_backend.h | 8 include/linux/hwspinlock.h | 6 include/linux/i2c.h | 2 include/linux/soc/qcom/smem.h | 2 include/net/ip.h | 3 include/net/tcp.h | 2 include/sound/ump_convert.h | 1 include/ufs/ufshcd.h | 1 include/ufs/ufshci.h | 1 kernel/dma/debug.c | 5 kernel/rcu/tree.h | 1 kernel/rcu/tree_nocb.h | 32 - net/ipv4/fib_semantics.c | 5 net/ipv4/metrics.c | 8 net/ipv4/tcp_cong.c | 11 net/ipv6/route.c | 2 net/mac80211/main.c | 3 net/mptcp/fastopen.c | 4 net/mptcp/options.c | 50 - net/mptcp/pm.c | 28 net/mptcp/pm_netlink.c | 52 - net/mptcp/protocol.c | 58 + net/mptcp/protocol.h | 9 net/mptcp/sched.c | 4 net/mptcp/sockopt.c | 4 net/mptcp/subflow.c | 48 - net/wireless/scan.c | 46 + security/apparmor/apparmorfs.c | 4 security/smack/smack_lsm.c | 2 sound/core/seq/seq_ports.h | 14 sound/core/seq/seq_ump_convert.c | 95 +-- sound/core/ump_convert.c | 60 + sound/pci/hda/hda_generic.c | 63 ++ sound/pci/hda/hda_generic.h | 1 sound/pci/hda/patch_conexant.c | 2 sound/soc/amd/yc/acp6x-mach.c | 14 sound/soc/codecs/es8326.c | 2 tools/testing/selftests/net/mptcp/mptcp_join.sh | 304 +++++++++- tools/testing/selftests/net/mptcp/mptcp_lib.sh | 38 + tools/testing/selftests/net/mptcp/userspace_pm.sh | 30 145 files changed, 1662 insertions(+), 571 deletions(-) Abhishek Pandit-Subedi (1): usb: typec: ucsi: Fix null pointer dereference in trace Aleksandr Mishin (1): PCI: al: Check IORESOURCE_BUS existence during probe Alex Hung (8): drm/amd/display: Check gpio_id before used as array index drm/amd/display: Check index for aux_rd_interval before using drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] drm/amd/display: Check msg_id before processing transcation drm/amd/display: Spinlock before reading event drm/amd/display: Ensure index calculation will not overflow drm/amd/display: Check BIOS images before it is used drm/amd/display: Skip wbscl_set_scaler_filter if filter is null Alvin Lee (1): drm/amd/display: Assign linear_pitch_alignment even for VM Amir Goldstein (1): fsnotify: clear PARENT_WATCHED flags lazily Andreas Gruenbacher (1): gfs2: Revert "Add quota_change type" Andy Shevchenko (1): regmap: spi: Fix potential off-by-one when calculating reserved size Asad Kamal (1): drm/amd/amdgpu: Check tbo resource pointer Ben Walsh (1): platform/chrome: cros_ec_lpc: MEC access can use an AML mutex Breno Leitao (1): virtio_net: Fix napi_skb_cache_put warning Bruno Ancona (1): ASoC: amd: yc: Support mic on HP 14-em0002la Casey Schaufler (1): smack: tcp: ipv4, fix incorrect labeling Chao Yu (1): f2fs: fix to do sanity check on blocks for inline_data inode Chris Lew (1): soc: qcom: smem: Add qcom_smem_bust_hwspin_lock_by_host() Christoph Hellwig (1): block: remove the blk_flush_integrity call in blk_integrity_unregister Devyn Liu (1): spi: hisi-kunpeng: Add validation for the minimum value of speed_hz Dragos Tatulea (1): net/mlx5e: SHAMPO, Fix incorrect page release Frederic Weisbecker (1): rcu/nocb: Remove buggy bypass lock contention mitigation Geliang Tang (6): mptcp: make pm_remove_addrs_and_subflows static selftests: mptcp: userspace pm create id 0 subflow selftests: mptcp: dump userspace addrs list selftests: mptcp: userspace pm get addr tests selftests: mptcp: declare event macros in mptcp_lib selftests: mptcp: add mptcp_lib_events helper Greg Kroah-Hartman (1): Linux 6.6.50 Haoran Liu (1): drm/meson: plane: Add error handling Hersen Wu (7): drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 drm/amd/display: Add array index check for hdcp ddc access drm/amd/display: Fix Coverity INTERGER_OVERFLOW within construct_integrated_info drm/amd/display: Fix Coverity INTEGER_OVERFLOW within dal_gpio_service_create drm/amd/display: Fix Coverity INTEGER_OVERFLOW within decide_fallback_link_setting_max_bw_policy drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration drm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box Jagadeesh Kona (1): cpufreq: scmi: Avoid overflow of target_freq in fast switch Jason Xing (1): net: remove NULL-pointer net parameter in ip_metrics_convert Jeff Johnson (2): wifi: ath12k: initialize 'ret' in ath12k_qmi_load_file_target_mem() wifi: ath11k: initialize 'ret' in ath11k_qmi_load_file_target_mem() Jesse Zhang (12): drm/amd/pm: fix uninitialized variable warning drm/amd/pm: fix warning using uninitialized value of max_vid_step drm/amd/pm: Fix negative array index read drm/amd/pm: fix the Out-of-bounds read warning drm/amdgpu: Fix the warning division or modulo by zero drm/amdgpu: fix dereference after null check drm/amdgpu: fix the waring dereferencing hive drm/amd/pm: check specific index for aldebaran drm/amd/pm: check specific index for smu13 drm/amdgpu: the warning dereferencing obj for nbio_v7_4 drm/amd/pm: check negtive return for table entries drm/amdgu: fix Unintentional integer overflow for mall size Johannes Berg (2): wifi: mac80211: check ieee80211_bss_info_change_notify() against MLD wifi: cfg80211: make hash table duplicates more survivable Julien Stephan (1): driver: iio: add missing checks on iio_info's callback access Ken Sloat (1): pwm: xilinx: Fix u32 overflow issue in 32-bit width PWM mode. Krzysztof Stępniak (1): ASoC: amd: yc: Support mic on Lenovo Thinkpad E14 Gen 6 Kyoungrul Kim (1): scsi: ufs: core: Check LSDBS cap when !mcq Leesoo Ahn (1): apparmor: fix possible NULL pointer dereference Lin.Cao (1): drm/amdkfd: Check debug trap enable before write dbg_ev_file Ma Jun (8): drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr drm/amdgpu/pm: Check the return value of smum_send_msg_to_smc drm/amdgpu/pm: Fix uninitialized variable warning for smu10 drm/amdgpu/pm: Fix uninitialized variable agc_btc_response drm/amdgpu: Fix the uninitialized variable warning drm/amdgpu: Fix out-of-bounds write warning drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number drm/amdgpu/pm: Check input value for CUSTOM profile mode setting on legacy SOCs Marek Vasut (1): drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ Matthieu Baerts (NGI0) (11): mptcp: pm: fix RM_ADDR ID for the initial subflow selftests: mptcp: join: cannot rm sf if closed selftests: mptcp: join: check re-using ID of unused ADD_ADDR selftests: mptcp: join: check re-adding init endp with != id selftests: mptcp: join: validate event numbers selftests: mptcp: join: check re-re-adding ID 0 signal selftests: mptcp: join: test for flush/re-add endpoints selftests: mptcp: join: disable get and dump addr checks selftests: mptcp: join: stop transfer when check is done (part 2.2) mptcp: avoid duplicated SUB_CLOSED events mptcp: pr_debug: add missing \n at the end Maxime Méré (1): crypto: stm32/cryp - call finalize with bh disabled Michael Chen (1): drm/amdkfd: Reconcile the definition and use of oem_id in struct kfd_topology_device Michael Margolin (1): RDMA/efa: Properly handle unexpected AQ completions Nicholas Kazlauskas (1): drm/amd/display: Don't use fsleep for PSR exit waits on dmub replay Olivier Dautricourt (2): dmaengine: altera-msgdma: use irq variant of spin_lock/unlock while invoking callbacks dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor Paolo Abeni (1): selftests: mptcp: add explicit test case for remove/readd Paulo Alcantara (1): smb: client: fix FSCTL_GET_REPARSE_POINT against NetApp Peter Wang (1): scsi: ufs: core: Bypass quick recovery if force reset is needed Philip Mueller (1): drm: panel-orientation-quirks: Add quirk for OrangePi Neo Qiuxu Zhuo (1): drm/fb-helper: Don't schedule_work() to flush frame buffer during panic() Qu Wenruo (1): btrfs: tree-checker: validate dref root and objectid Ricardo Ribalda (1): media: uvcvideo: Enforce alignment of frame and interval Richard Fitzgerald (2): i2c: Fix conditional for substituting empty ACPI functions i2c: Use IS_REACHABLE() for substituting empty ACPI functions Richard Maina (1): hwspinlock: Introduce hwspin_lock_bust() Rik van Riel (1): dma-debug: avoid deadlock between dma debug vs printk and netconsole Sakari Ailus (1): media: v4l2-cci: Always assign *val Shahar S Matityahu (1): wifi: iwlwifi: remove fw_running op Shannon Nelson (1): ionic: fix potential irq name truncation Simon Holesch (1): usbip: Don't submit special requests twice Takashi Iwai (7): ALSA: hda/generic: Add a helper to mute speakers at suspend/shutdown ALSA: hda/conexant: Mute speakers at suspend / shutdown ALSA: ump: Transmit RPN/NRPN message at each MSB/LSB data reception ALSA: ump: Explicitly reset RPN with Null RPN ALSA: seq: ump: Use the common RPN/bank conversion context ALSA: seq: ump: Transmit RPN/NRPN message at each MSB/LSB data reception ALSA: seq: ump: Explicitly reset RPN with Null RPN Tao Zhou (1): drm/amdgpu: update type of buf size to u32 for eeprom functions Tim Huang (6): drm/amdgpu: fix overflowed array index read warning drm/amd/pm: fix uninitialized variable warning for smu8_hwmgr drm/amd/pm: fix uninitialized variable warnings for vega10_hwmgr drm/amd/pm: fix uninitialized variable warnings for vangogh_ppt drm/amdgpu: fix ucode out-of-bounds read warning drm/amdgpu: fix mc_data out-of-bounds read warning Wayne Lin (1): drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX Wenjing Liu (1): drm/amd/display: use preferred link settings for dp signal only Xiaogang Chen (1): drm/kfd: Correct pinned buffer handling at kfd restore and validate process Yazen Ghannam (1): hwmon: (k10temp) Check return value of amd_smn_read() Yevgeny Kliteynik (1): net/mlx5: DR, Fix 'stack guard page was hit' error in dr_rule Yunxiang Li (3): drm/amdgpu: add skip_hw_access checks for sriov drm/amdgpu: add lock in amdgpu_gart_invalidate_tlb drm/amdgpu: add lock in kfd_process_dequeue_from_device ZHANG Yuntian (1): net: usb: qmi_wwan: add MeiG Smart SRM825L Zhang Yi (1): ASoC: codecs: ES8326: button detect issue Zhigang Luo (1): drm/amdgpu: avoid reading vf2pf info size from FB Zong-Zhe Yang (1): wifi: rtw89: ser: avoid multiple deinit on same CAM winstang (1): drm/amd/display: added NULL check at start of dc_validate_stream

1 year

1
1
0 0

Linux 6.1.109

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.109 kernel. All users of the 6.1 kernel series must upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/locking/hwspinlock.rst | 11 + Makefile | 2 block/blk-integrity.c | 2 drivers/base/regmap/regmap-spi.c | 3 drivers/cpufreq/scmi-cpufreq.c | 4 drivers/dma/altera-msgdma.c | 9 drivers/gpu/drm/amd/amdgpu/amdgpu_afmt.c | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 5 drivers/gpu/drm/amd/amdgpu/amdgpu_eeprom.c | 6 drivers/gpu/drm/amd/amdgpu/amdgpu_eeprom.h | 4 drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c | 5 drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c | 2 drivers/gpu/drm/amd/amdgpu/df_v1_7.c | 2 drivers/gpu/drm/amd/amdgpu/nbio_v7_4.c | 2 drivers/gpu/drm/amd/amdkfd/kfd_crat.h | 2 drivers/gpu/drm/amd/amdkfd/kfd_topology.c | 3 drivers/gpu/drm/amd/amdkfd/kfd_topology.h | 5 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 19 - drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.h | 2 drivers/gpu/drm/amd/display/dc/clk_mgr/dcn21/rn_clk_mgr.c | 3 drivers/gpu/drm/amd/display/dc/core/dc.c | 1 drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 3 drivers/gpu/drm/amd/display/dc/dcn20/dcn20_dwb_scl.c | 3 drivers/gpu/drm/amd/display/dc/dml/calcs/dcn_calcs.c | 7 drivers/gpu/drm/amd/display/dc/dml/display_mode_vba.c | 7 drivers/gpu/drm/amd/display/dc/gpio/gpio_service.c | 17 + drivers/gpu/drm/amd/display/dc/hdcp/hdcp_msg.c | 17 + drivers/gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c | 28 ++ drivers/gpu/drm/amd/pm/powerplay/amd_powerplay.c | 2 drivers/gpu/drm/amd/pm/powerplay/hwmgr/pp_psm.c | 13 - drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c | 5 drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu10_hwmgr.c | 29 ++ drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c | 2 drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu8_hwmgr.c | 15 + drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_hwmgr.c | 60 ++++- drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega12_hwmgr.c | 20 + drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega20_hwmgr.c | 31 ++ drivers/gpu/drm/amd/pm/powerplay/smumgr/vega10_smumgr.c | 6 drivers/gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c | 27 +- drivers/gpu/drm/amd/pm/swsmu/smu11/vangogh_ppt.c | 14 + drivers/gpu/drm/amd/pm/swsmu/smu13/aldebaran_ppt.c | 3 drivers/gpu/drm/bridge/tc358767.c | 2 drivers/gpu/drm/drm_panel_orientation_quirks.c | 6 drivers/gpu/drm/meson/meson_plane.c | 17 + drivers/hwmon/k10temp.c | 36 ++- drivers/hwspinlock/hwspinlock_core.c | 28 ++ drivers/hwspinlock/hwspinlock_internal.h | 3 drivers/iio/industrialio-core.c | 7 drivers/iio/industrialio-event.c | 9 drivers/iio/inkern.c | 32 ++ drivers/infiniband/hw/efa/efa_com.c | 30 +- drivers/media/usb/uvc/uvc_driver.c | 18 + drivers/net/ethernet/mellanox/mlx5/core/en_rx.c | 3 drivers/net/ethernet/pensando/ionic/ionic_lif.c | 2 drivers/net/usb/qmi_wwan.c | 1 drivers/net/virtio_net.c | 8 drivers/net/wireless/ath/ath11k/qmi.c | 2 drivers/net/wireless/intel/iwlwifi/fw/debugfs.c | 3 drivers/net/wireless/intel/iwlwifi/fw/runtime.h | 1 drivers/net/wireless/intel/iwlwifi/mvm/ops.c | 6 drivers/net/wireless/realtek/rtw89/ser.c | 8 drivers/pci/controller/dwc/pcie-al.c | 16 + drivers/pci/msi/msi.c | 10 drivers/ufs/core/ufshcd.c | 3 drivers/usb/typec/ucsi/ucsi.h | 2 drivers/usb/usbip/stub_rx.c | 77 ++++--- fs/ext4/extents.c | 2 fs/ext4/inode.c | 5 fs/ext4/page-io.c | 14 + fs/f2fs/f2fs.h | 1 fs/f2fs/file.c | 42 +++ fs/f2fs/inode.c | 8 fs/notify/fsnotify.c | 31 +- fs/notify/fsnotify.h | 2 fs/notify/mark.c | 32 ++ fs/udf/super.c | 9 include/clocksource/timer-xilinx.h | 2 include/linux/fsnotify_backend.h | 8 include/linux/hwspinlock.h | 6 include/linux/i2c.h | 2 kernel/dma/debug.c | 5 kernel/rcu/tree.h | 1 kernel/rcu/tree_nocb.h | 32 -- net/bluetooth/sco.c | 76 ++++--- net/mptcp/options.c | 50 ++-- net/mptcp/pm.c | 28 +- net/mptcp/pm_netlink.c | 151 ++++++++------ net/mptcp/protocol.c | 58 ++--- net/mptcp/protocol.h | 10 net/mptcp/sockopt.c | 4 net/mptcp/subflow.c | 50 ++-- net/wireless/scan.c | 46 +++- security/apparmor/apparmorfs.c | 4 security/smack/smack_lsm.c | 2 sound/pci/hda/hda_generic.c | 63 +++++ sound/pci/hda/hda_generic.h | 1 sound/pci/hda/patch_conexant.c | 2 sound/soc/amd/yc/acp6x-mach.c | 7 tools/testing/selftests/net/mptcp/mptcp_join.sh | 136 ++++++++++-- 102 files changed, 1141 insertions(+), 489 deletions(-) Abhishek Pandit-Subedi (1): usb: typec: ucsi: Fix null pointer dereference in trace Aleksandr Mishin (1): PCI: al: Check IORESOURCE_BUS existence during probe Alex Hung (6): drm/amd/display: Check gpio_id before used as array index drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] drm/amd/display: Check msg_id before processing transcation drm/amd/display: Spinlock before reading event drm/amd/display: Ensure index calculation will not overflow drm/amd/display: Skip wbscl_set_scaler_filter if filter is null Alvin Lee (1): drm/amd/display: Assign linear_pitch_alignment even for VM Amir Goldstein (1): fsnotify: clear PARENT_WATCHED flags lazily Andy Shevchenko (1): regmap: spi: Fix potential off-by-one when calculating reserved size Asad Kamal (1): drm/amd/amdgpu: Check tbo resource pointer Breno Leitao (1): virtio_net: Fix napi_skb_cache_put warning Casey Schaufler (1): smack: tcp: ipv4, fix incorrect labeling Chao Yu (1): f2fs: fix to truncate preallocated blocks in f2fs_file_open() Christoph Hellwig (1): block: remove the blk_flush_integrity call in blk_integrity_unregister Dragos Tatulea (1): net/mlx5e: SHAMPO, Fix incorrect page release Eric Biggers (1): ext4: reject casefold inode flag without casefold feature Frederic Weisbecker (1): rcu/nocb: Remove buggy bypass lock contention mitigation Geliang Tang (1): mptcp: make pm_remove_addrs_and_subflows static Greg Kroah-Hartman (1): Linux 6.1.109 Haoran Liu (1): drm/meson: plane: Add error handling Hersen Wu (4): drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 drm/amd/display: Add array index check for hdcp ddc access drm/amd/display: Fix Coverity INTEGER_OVERFLOW within dal_gpio_service_create drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration Jagadeesh Kona (1): cpufreq: scmi: Avoid overflow of target_freq in fast switch Jan Kara (2): udf: Limit file size to 4TB ext4: handle redirtying in ext4_bio_write_page() Jeff Johnson (1): wifi: ath11k: initialize 'ret' in ath11k_qmi_load_file_target_mem() Jesse Zhang (9): drm/amd/pm: fix uninitialized variable warning drm/amd/pm: fix warning using uninitialized value of max_vid_step drm/amd/pm: Fix negative array index read drm/amd/pm: fix the Out-of-bounds read warning drm/amdgpu: fix dereference after null check drm/amdgpu: fix the waring dereferencing hive drm/amd/pm: check specific index for aldebaran drm/amdgpu: the warning dereferencing obj for nbio_v7_4 drm/amd/pm: check negtive return for table entries Johannes Berg (1): wifi: cfg80211: make hash table duplicates more survivable Julien Stephan (1): driver: iio: add missing checks on iio_info's callback access Ken Sloat (1): pwm: xilinx: Fix u32 overflow issue in 32-bit width PWM mode. Krzysztof Stępniak (1): ASoC: amd: yc: Support mic on Lenovo Thinkpad E14 Gen 6 Leesoo Ahn (1): apparmor: fix possible NULL pointer dereference Luiz Augusto von Dentz (1): Bluetooth: SCO: Fix possible circular locking dependency on sco_connect_cfm Ma Jun (7): drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr drm/amdgpu/pm: Check the return value of smum_send_msg_to_smc drm/amdgpu/pm: Fix uninitialized variable warning for smu10 drm/amdgpu/pm: Fix uninitialized variable agc_btc_response drm/amdgpu: Fix out-of-bounds write warning drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number drm/amdgpu/pm: Check input value for CUSTOM profile mode setting on legacy SOCs Marek Vasut (1): drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ Matthieu Baerts (NGI0) (17): mptcp: pm: fix RM_ADDR ID for the initial subflow mptcp: pm: fullmesh: select the right ID later mptcp: pm: avoid possible UaF when selecting endp mptcp: pm: reuse ID 0 after delete and re-add mptcp: pm: fix ID 0 endp usage after multiple re-creations selftests: mptcp: join: validate fullmesh endp on 1st sf selftests: mptcp: join: check re-using ID of closed subflow selftests: mptcp: add explicit test case for remove/readd selftests: mptcp: join: test for flush/re-add endpoints selftests: mptcp: join: check re-using ID of unused ADD_ADDR selftests: mptcp: join: check re-adding init endp with != id mptcp: pr_debug: add missing \n at the end mptcp: avoid duplicated SUB_CLOSED events selftests: mptcp: join: check removing ID 0 endpoint selftests: mptcp: join: no extra msg if no counter selftests: mptcp: join: check re-re-adding ID 0 endp selftests: mptcp: join: cannot rm sf if closed Michael Chen (1): drm/amdkfd: Reconcile the definition and use of oem_id in struct kfd_topology_device Michael Margolin (1): RDMA/efa: Properly handle unexpected AQ completions Mostafa Saleh (1): PCI/MSI: Fix UAF in msi_capability_init Olivier Dautricourt (2): dmaengine: altera-msgdma: use irq variant of spin_lock/unlock while invoking callbacks dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor Pauli Virtanen (1): Bluetooth: SCO: fix sco_conn related locking and validity issues Peter Wang (1): scsi: ufs: core: Bypass quick recovery if force reset is needed Philip Mueller (1): drm: panel-orientation-quirks: Add quirk for OrangePi Neo Ricardo Ribalda (1): media: uvcvideo: Enforce alignment of frame and interval Richard Fitzgerald (2): i2c: Fix conditional for substituting empty ACPI functions i2c: Use IS_REACHABLE() for substituting empty ACPI functions Richard Maina (1): hwspinlock: Introduce hwspin_lock_bust() Rik van Riel (1): dma-debug: avoid deadlock between dma debug vs printk and netconsole Shahar S Matityahu (1): wifi: iwlwifi: remove fw_running op Shannon Nelson (1): ionic: fix potential irq name truncation Simon Holesch (1): usbip: Don't submit special requests twice Takashi Iwai (2): ALSA: hda/generic: Add a helper to mute speakers at suspend/shutdown ALSA: hda/conexant: Mute speakers at suspend / shutdown Tao Zhou (1): drm/amdgpu: update type of buf size to u32 for eeprom functions Tim Huang (6): drm/amdgpu: fix overflowed array index read warning drm/amd/pm: fix uninitialized variable warning for smu8_hwmgr drm/amd/pm: fix uninitialized variable warnings for vega10_hwmgr drm/amd/pm: fix uninitialized variable warnings for vangogh_ppt drm/amdgpu: fix ucode out-of-bounds read warning drm/amdgpu: fix mc_data out-of-bounds read warning Wayne Lin (1): drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX Yazen Ghannam (1): hwmon: (k10temp) Check return value of amd_smn_read() ZHANG Yuntian (1): net: usb: qmi_wwan: add MeiG Smart SRM825L Zhigang Luo (1): drm/amdgpu: avoid reading vf2pf info size from FB Zong-Zhe Yang (1): wifi: rtw89: ser: avoid multiple deinit on same CAM winstang (1): drm/amd/display: added NULL check at start of dc_validate_stream zhanchengbin (1): ext4: fix inode tree inconsistency caused by ENOMEM

1 year

1
1
0 0

+ mm-codetag-add-pgalloc_tag_copy.patch added to mm-unstable branch

by Andrew Morton

The patch titled Subject: mm/codetag: add pgalloc_tag_copy() has been added to the -mm mm-unstable branch. Its filename is mm-codetag-add-pgalloc_tag_copy.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Yu Zhao <yuzhao(a)google.com> Subject: mm/codetag: add pgalloc_tag_copy() Date: Thu, 5 Sep 2024 22:21:08 -0600 Add pgalloc_tag_copy() to transfer the codetag from the old folio to the new one during migration. This makes original allocation sites persist cross migration rather than lump into the get_new_folio callbacks passed into migrate_pages(), e.g., compaction_alloc(): # echo 1 >/proc/sys/vm/compact_memory # grep compaction_alloc /proc/allocinfo Before this patch: 132968448 32463 mm/compaction.c:1880 func:compaction_alloc After this patch: 0 0 mm/compaction.c:1880 func:compaction_alloc Link: https://lkml.kernel.org/r/20240906042108.1150526-3-yuzhao@google.com Fixes: dcfe378c81f7 ("lib: introduce support for page allocation tagging") Signed-off-by: Yu Zhao <yuzhao(a)google.com> Acked-by: Suren Baghdasaryan <surenb(a)google.com> Cc: <stable(a)vger.kernel.org> Cc: Kent Overstreet <kent.overstreet(a)linux.dev> Cc: Muchun Song <muchun.song(a)linux.dev> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/alloc_tag.h | 24 ++++++++++-------------- include/linux/mm.h | 27 +++++++++++++++++++++++++++ mm/migrate.c | 1 + 3 files changed, 38 insertions(+), 14 deletions(-) --- a/include/linux/alloc_tag.h~mm-codetag-add-pgalloc_tag_copy +++ a/include/linux/alloc_tag.h @@ -137,7 +137,16 @@ static inline void alloc_tag_sub_check(u /* Caller should verify both ref and tag to be valid */ static inline void __alloc_tag_ref_set(union codetag_ref *ref, struct alloc_tag *tag) { + alloc_tag_add_check(ref, tag); + if (!ref || !tag) + return; + ref->ct = &tag->ct; +} + +static inline void alloc_tag_ref_set(union codetag_ref *ref, struct alloc_tag *tag) +{ + __alloc_tag_ref_set(ref, tag); /* * We need in increment the call counter every time we have a new * allocation or when we split a large allocation into smaller ones. @@ -147,22 +156,9 @@ static inline void __alloc_tag_ref_set(u this_cpu_inc(tag->counters->calls); } -static inline void alloc_tag_ref_set(union codetag_ref *ref, struct alloc_tag *tag) -{ - alloc_tag_add_check(ref, tag); - if (!ref || !tag) - return; - - __alloc_tag_ref_set(ref, tag); -} - static inline void alloc_tag_add(union codetag_ref *ref, struct alloc_tag *tag, size_t bytes) { - alloc_tag_add_check(ref, tag); - if (!ref || !tag) - return; - - __alloc_tag_ref_set(ref, tag); + alloc_tag_ref_set(ref, tag); this_cpu_add(tag->counters->bytes, bytes); } --- a/include/linux/mm.h~mm-codetag-add-pgalloc_tag_copy +++ a/include/linux/mm.h @@ -4161,10 +4161,37 @@ static inline void pgalloc_tag_split(str } } } + +static inline void pgalloc_tag_copy(struct folio *new, struct folio *old) +{ + struct alloc_tag *tag; + union codetag_ref *ref; + + tag = pgalloc_tag_get(&old->page); + if (!tag) + return; + + ref = get_page_tag_ref(&new->page); + if (!ref) + return; + + /* Clear the old ref to the original allocation tag. */ + clear_page_tag_ref(&old->page); + /* Decrement the counters of the tag on get_new_folio. */ + alloc_tag_sub(ref, folio_nr_pages(new)); + + __alloc_tag_ref_set(ref, tag); + + put_page_tag_ref(ref); +} #else /* !CONFIG_MEM_ALLOC_PROFILING */ static inline void pgalloc_tag_split(struct folio *folio, int old_order, int new_order) { } + +static inline void pgalloc_tag_copy(struct folio *new, struct folio *old) +{ +} #endif /* CONFIG_MEM_ALLOC_PROFILING */ #endif /* _LINUX_MM_H */ --- a/mm/migrate.c~mm-codetag-add-pgalloc_tag_copy +++ a/mm/migrate.c @@ -743,6 +743,7 @@ void folio_migrate_flags(struct folio *n folio_set_readahead(newfolio); folio_copy_owner(newfolio, folio); + pgalloc_tag_copy(newfolio, folio); mem_cgroup_migrate(folio, newfolio); } _ Patches currently in -mm which might be from yuzhao(a)google.com are mm-remap-unused-subpages-to-shared-zeropage-when-splitting-isolated-thp.patch mm-codetag-fix-a-typo.patch mm-codetag-fix-pgalloc_tag_split.patch mm-codetag-add-pgalloc_tag_copy.patch

1 year

1
0
0 0

+ mm-codetag-fix-pgalloc_tag_split.patch added to mm-unstable branch

by Andrew Morton

The patch titled Subject: mm/codetag: fix pgalloc_tag_split() has been added to the -mm mm-unstable branch. Its filename is mm-codetag-fix-pgalloc_tag_split.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Yu Zhao <yuzhao(a)google.com> Subject: mm/codetag: fix pgalloc_tag_split() Date: Thu, 5 Sep 2024 22:21:07 -0600 The current assumption is that a large folio can only be split into order-0 folios. That is not the case for hugeTLB demotion, nor for THP split: see commit c010d47f107f ("mm: thp: split huge page to any lower order pages"). When a large folio is split into ones of a lower non-zero order, only the new head pages should be tagged. Tagging tail pages can cause imbalanced "calls" counters, since only head pages are untagged by pgalloc_tag_sub() and the "calls" counts on tail pages are leaked, e.g., # echo 2048kB >/sys/kernel/mm/hugepages/hugepages-1048576kB/demote_size # echo 700 >/sys/kernel/mm/hugepages/hugepages-1048576kB/nr_hugepages # time echo 700 >/sys/kernel/mm/hugepages/hugepages-1048576kB/demote # echo 0 >/sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages # grep alloc_gigantic_folio /proc/allocinfo Before this patch: 0 549427200 mm/hugetlb.c:1549 func:alloc_gigantic_folio real 0m2.057s user 0m0.000s sys 0m2.051s After this patch: 0 0 mm/hugetlb.c:1549 func:alloc_gigantic_folio real 0m1.711s user 0m0.000s sys 0m1.704s Not tagging tail pages also improves the splitting time, e.g., by about 15% when demoting 1GB hugeTLB folios to 2MB ones, as shown above. Link: https://lkml.kernel.org/r/20240906042108.1150526-2-yuzhao@google.com Fixes: be25d1d4e822 ("mm: create new codetag references during page splitting") Signed-off-by: Yu Zhao <yuzhao(a)google.com> Acked-by: Suren Baghdasaryan <surenb(a)google.com> Cc: <stable(a)vger.kernel.org> Cc: Kent Overstreet <kent.overstreet(a)linux.dev> Cc: Muchun Song <muchun.song(a)linux.dev> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/mm.h | 30 ++++++++++++++++++++++++++++++ include/linux/pgalloc_tag.h | 31 ------------------------------- mm/huge_memory.c | 2 +- mm/hugetlb.c | 2 +- mm/page_alloc.c | 4 ++-- 5 files changed, 34 insertions(+), 35 deletions(-) --- a/include/linux/mm.h~mm-codetag-fix-pgalloc_tag_split +++ a/include/linux/mm.h @@ -4137,4 +4137,34 @@ void vma_pgtable_walk_end(struct vm_area int reserve_mem_find_by_name(const char *name, phys_addr_t *start, phys_addr_t *size); +#ifdef CONFIG_MEM_ALLOC_PROFILING +static inline void pgalloc_tag_split(struct folio *folio, int old_order, int new_order) +{ + int i; + struct alloc_tag *tag; + unsigned int nr_pages = 1 << new_order; + + if (!mem_alloc_profiling_enabled()) + return; + + tag = pgalloc_tag_get(&folio->page); + if (!tag) + return; + + for (i = nr_pages; i < (1 << old_order); i += nr_pages) { + union codetag_ref *ref = get_page_tag_ref(folio_page(folio, i)); + + if (ref) { + /* Set new reference to point to the original tag */ + alloc_tag_ref_set(ref, tag); + put_page_tag_ref(ref); + } + } +} +#else /* !CONFIG_MEM_ALLOC_PROFILING */ +static inline void pgalloc_tag_split(struct folio *folio, int old_order, int new_order) +{ +} +#endif /* CONFIG_MEM_ALLOC_PROFILING */ + #endif /* _LINUX_MM_H */ --- a/include/linux/pgalloc_tag.h~mm-codetag-fix-pgalloc_tag_split +++ a/include/linux/pgalloc_tag.h @@ -80,36 +80,6 @@ static inline void pgalloc_tag_sub(struc } } -static inline void pgalloc_tag_split(struct page *page, unsigned int nr) -{ - int i; - struct page_ext *first_page_ext; - struct page_ext *page_ext; - union codetag_ref *ref; - struct alloc_tag *tag; - - if (!mem_alloc_profiling_enabled()) - return; - - first_page_ext = page_ext = page_ext_get(page); - if (unlikely(!page_ext)) - return; - - ref = codetag_ref_from_page_ext(page_ext); - if (!ref->ct) - goto out; - - tag = ct_to_alloc_tag(ref->ct); - page_ext = page_ext_next(page_ext); - for (i = 1; i < nr; i++) { - /* Set new reference to point to the original tag */ - alloc_tag_ref_set(codetag_ref_from_page_ext(page_ext), tag); - page_ext = page_ext_next(page_ext); - } -out: - page_ext_put(first_page_ext); -} - static inline struct alloc_tag *pgalloc_tag_get(struct page *page) { struct alloc_tag *tag = NULL; @@ -142,7 +112,6 @@ static inline void clear_page_tag_ref(st static inline void pgalloc_tag_add(struct page *page, struct task_struct *task, unsigned int nr) {} static inline void pgalloc_tag_sub(struct page *page, unsigned int nr) {} -static inline void pgalloc_tag_split(struct page *page, unsigned int nr) {} static inline struct alloc_tag *pgalloc_tag_get(struct page *page) { return NULL; } static inline void pgalloc_tag_sub_pages(struct alloc_tag *tag, unsigned int nr) {} --- a/mm/huge_memory.c~mm-codetag-fix-pgalloc_tag_split +++ a/mm/huge_memory.c @@ -3242,7 +3242,7 @@ static void __split_huge_page(struct pag /* Caller disabled irqs, so they are still disabled here */ split_page_owner(head, order, new_order); - pgalloc_tag_split(head, 1 << order); + pgalloc_tag_split(folio, order, new_order); /* See comment in __split_huge_page_tail() */ if (folio_test_anon(folio)) { --- a/mm/hugetlb.c~mm-codetag-fix-pgalloc_tag_split +++ a/mm/hugetlb.c @@ -3795,7 +3795,7 @@ static long demote_free_hugetlb_folios(s list_del(&folio->lru); split_page_owner(&folio->page, huge_page_order(src), huge_page_order(dst)); - pgalloc_tag_split(&folio->page, 1 << huge_page_order(src)); + pgalloc_tag_split(folio, huge_page_order(src), huge_page_order(dst)); for (i = 0; i < pages_per_huge_page(src); i += pages_per_huge_page(dst)) { struct page *page = folio_page(folio, i); --- a/mm/page_alloc.c~mm-codetag-fix-pgalloc_tag_split +++ a/mm/page_alloc.c @@ -2783,7 +2783,7 @@ void split_page(struct page *page, unsig for (i = 1; i < (1 << order); i++) set_page_refcounted(page + i); split_page_owner(page, order, 0); - pgalloc_tag_split(page, 1 << order); + pgalloc_tag_split(page_folio(page), order, 0); split_page_memcg(page, order, 0); } EXPORT_SYMBOL_GPL(split_page); @@ -4981,7 +4981,7 @@ static void *make_alloc_exact(unsigned l struct page *last = page + nr; split_page_owner(page, order, 0); - pgalloc_tag_split(page, 1 << order); + pgalloc_tag_split(page_folio(page), order, 0); split_page_memcg(page, order, 0); while (page < --last) set_page_refcounted(last); _ Patches currently in -mm which might be from yuzhao(a)google.com are mm-remap-unused-subpages-to-shared-zeropage-when-splitting-isolated-thp.patch mm-codetag-fix-a-typo.patch mm-codetag-fix-pgalloc_tag_split.patch mm-codetag-add-pgalloc_tag_copy.patch

1 year

1
0
0 0

[PATCH v5 1/9] iio: adc: ad7606: remove frstdata check for serial mode

by Alexandru Ardelean

From: Guillaume Stols <gstols(a)baylibre.com> The current implementation attempts to recover from an eventual glitch in the clock by checking frstdata state after reading the first channel's sample: If frstdata is low, it will reset the chip and return -EIO. This will only work in parallel mode, where frstdata pin is set low after the 2nd sample read starts. For the serial mode, according to the datasheet, "The FRSTDATA output returns to a logic low following the 16th SCLK falling edge.", thus after the Xth pulse, X being the number of bits in a sample, the check will always be true, and the driver will not work at all in serial mode if frstdata(optional) is defined in the devicetree as it will reset the chip, and return -EIO every time read_sample is called. Hence, this check must be removed for serial mode. Fixes: b9618c0cacd7 ("staging: IIO: ADC: New driver for AD7606/AD7606-6/AD7606-4") Signed-off-by: Guillaume Stols <gstols(a)baylibre.com> Reviewed-by: Nuno Sa <nuno.sa(a)analog.com> Link: https://patch.msgid.link/20240702-cleanup-ad7606-v3-1-18d5ea18770e@baylibre… Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/adc/ad7606.c | 28 ++------------------- drivers/iio/adc/ad7606.h | 2 ++ drivers/iio/adc/ad7606_par.c | 48 +++++++++++++++++++++++++++++++++--- 3 files changed, 49 insertions(+), 29 deletions(-) diff --git a/drivers/iio/adc/ad7606.c b/drivers/iio/adc/ad7606.c index 539e4a8621fe..9b457472d49c 100644 --- a/drivers/iio/adc/ad7606.c +++ b/drivers/iio/adc/ad7606.c @@ -49,7 +49,7 @@ static const unsigned int ad7616_oversampling_avail[8] = { 1, 2, 4, 8, 16, 32, 64, 128, }; -static int ad7606_reset(struct ad7606_state *st) +int ad7606_reset(struct ad7606_state *st) { if (st->gpio_reset) { gpiod_set_value(st->gpio_reset, 1); @@ -60,6 +60,7 @@ static int ad7606_reset(struct ad7606_state *st) return -ENODEV; } +EXPORT_SYMBOL_NS_GPL(ad7606_reset, IIO_AD7606); static int ad7606_reg_access(struct iio_dev *indio_dev, unsigned int reg, @@ -86,31 +87,6 @@ static int ad7606_read_samples(struct ad7606_state *st) { unsigned int num = st->chip_info->num_channels - 1; u16 *data = st->data; - int ret; - - /* - * The frstdata signal is set to high while and after reading the sample - * of the first channel and low for all other channels. This can be used - * to check that the incoming data is correctly aligned. During normal - * operation the data should never become unaligned, but some glitch or - * electrostatic discharge might cause an extra read or clock cycle. - * Monitoring the frstdata signal allows to recover from such failure - * situations. - */ - - if (st->gpio_frstdata) { - ret = st->bops->read_block(st->dev, 1, data); - if (ret) - return ret; - - if (!gpiod_get_value(st->gpio_frstdata)) { - ad7606_reset(st); - return -EIO; - } - - data++; - num--; - } return st->bops->read_block(st->dev, num, data); } diff --git a/drivers/iio/adc/ad7606.h b/drivers/iio/adc/ad7606.h index 0c6a88cc4695..6649e84d25de 100644 --- a/drivers/iio/adc/ad7606.h +++ b/drivers/iio/adc/ad7606.h @@ -151,6 +151,8 @@ int ad7606_probe(struct device *dev, int irq, void __iomem *base_address, const char *name, unsigned int id, const struct ad7606_bus_ops *bops); +int ad7606_reset(struct ad7606_state *st); + enum ad7606_supported_device_ids { ID_AD7605_4, ID_AD7606_8, diff --git a/drivers/iio/adc/ad7606_par.c b/drivers/iio/adc/ad7606_par.c index b5975bbfcbe0..02d8c309304e 100644 --- a/drivers/iio/adc/ad7606_par.c +++ b/drivers/iio/adc/ad7606_par.c @@ -7,6 +7,7 @@ #include <linux/mod_devicetable.h> #include <linux/module.h> +#include <linux/gpio/consumer.h> #include <linux/platform_device.h> #include <linux/types.h> #include <linux/err.h> @@ -21,8 +22,29 @@ static int ad7606_par16_read_block(struct device *dev, struct iio_dev *indio_dev = dev_get_drvdata(dev); struct ad7606_state *st = iio_priv(indio_dev); - insw((unsigned long)st->base_address, buf, count); + /* + * On the parallel interface, the frstdata signal is set to high while + * and after reading the sample of the first channel and low for all + * other channels. This can be used to check that the incoming data is + * correctly aligned. During normal operation the data should never + * become unaligned, but some glitch or electrostatic discharge might + * cause an extra read or clock cycle. Monitoring the frstdata signal + * allows to recover from such failure situations. + */ + int num = count; + u16 *_buf = buf; + + if (st->gpio_frstdata) { + insw((unsigned long)st->base_address, _buf, 1); + if (!gpiod_get_value(st->gpio_frstdata)) { + ad7606_reset(st); + return -EIO; + } + _buf++; + num--; + } + insw((unsigned long)st->base_address, _buf, num); return 0; } @@ -35,8 +57,28 @@ static int ad7606_par8_read_block(struct device *dev, { struct iio_dev *indio_dev = dev_get_drvdata(dev); struct ad7606_state *st = iio_priv(indio_dev); - - insb((unsigned long)st->base_address, buf, count * 2); + /* + * On the parallel interface, the frstdata signal is set to high while + * and after reading the sample of the first channel and low for all + * other channels. This can be used to check that the incoming data is + * correctly aligned. During normal operation the data should never + * become unaligned, but some glitch or electrostatic discharge might + * cause an extra read or clock cycle. Monitoring the frstdata signal + * allows to recover from such failure situations. + */ + int num = count; + u16 *_buf = buf; + + if (st->gpio_frstdata) { + insb((unsigned long)st->base_address, _buf, 2); + if (!gpiod_get_value(st->gpio_frstdata)) { + ad7606_reset(st); + return -EIO; + } + _buf++; + num--; + } + insb((unsigned long)st->base_address, _buf, num * 2); return 0; } -- 2.46.0

1 year

2
2
0 0

[PATCH] bcachefs: Fix negative timespecs

by Alyssa Ross

This fixes two problems in the handling of negative times: • rem is signed, but the rem * c->sb.nsec_per_time_unit operation produced a bogus unsigned result, because s32 * u32 = u32. • The timespec was not normalized (it could contain more than a billion nanoseconds). For example, { .tv_sec = -14245441, .tv_nsec = 750000000 }, after being round tripped through timespec_to_bch2_time and then bch2_time_to_timespec would come back as { .tv_sec = -14245440, .tv_nsec = 4044967296 } (more than 4 billion nanoseconds). Cc: stable(a)vger.kernel.org Fixes: 595c1e9bab7f ("bcachefs: Fix time handling") Closes: https://github.com/koverstreet/bcachefs/issues/743 Co-developed-by: Erin Shepherd <erin.shepherd(a)e43.eu> Signed-off-by: Erin Shepherd <erin.shepherd(a)e43.eu> Co-developed-by: Ryan Lahfa <ryan(a)lahfa.xyz> Signed-off-by: Ryan Lahfa <ryan(a)lahfa.xyz> Signed-off-by: Alyssa Ross <hi(a)alyssa.is> --- I've submitted an RFC to fstests to add a regression test for this: https://lore.kernel.org/fstests/20240907154527.604864-2-hi@alyssa.is/ fs/bcachefs/bcachefs.h | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/fs/bcachefs/bcachefs.h b/fs/bcachefs/bcachefs.h index 0c7086e00d18..81c4d935cca8 100644 --- a/fs/bcachefs/bcachefs.h +++ b/fs/bcachefs/bcachefs.h @@ -1195,12 +1195,15 @@ static inline bool btree_id_cached(const struct bch_fs *c, enum btree_id btree) static inline struct timespec64 bch2_time_to_timespec(const struct bch_fs *c, s64 time) { struct timespec64 t; + s64 sec; s32 rem; time += c->sb.time_base_lo; - t.tv_sec = div_s64_rem(time, c->sb.time_units_per_sec, &rem); - t.tv_nsec = rem * c->sb.nsec_per_time_unit; + sec = div_s64_rem(time, c->sb.time_units_per_sec, &rem); + + set_normalized_timespec64(&t, sec, rem * (s64)c->sb.nsec_per_time_unit); + return t; } base-commit: 53f6619554fb1edf8d7599b560d44dbea085c730 -- 2.45.2

1 year

2
1
0 0

MPTCP stable backports: is the workflow OK?

by Matthieu Baerts

Hi Greg, Thank you again for your support when we send patches for stable versions for MPTCP! Recently, I sent many patches for the stable versions, and I just wanted to check if what I did was OK for you? I tried to reply to all the 'FAILED: patch' emails you sent, either with patches, or with reasons explaining why it is fine not to backport them. Are you OK with that? Or do you prefer only receiving the patches, and not the emails with the reasons not to backport some of them? About the patches, do you prefer to receive one big series per version or individual patches sent in reply to the different 'FAILED: patch' emails like I did? Do not hesitate if there are things we can improve! Cheers, Matt -- Sponsored by the NGI0 Core fund.

1 year

3
3
0 0

[PATCH v3 1/1] io_uring/sqpoll: inherit cpumask of creating process

by Felix Moessbauer

The submit queue polling threads are userland threads that just never exit to the userland. In case the creating task is part of a cgroup with the cpuset controller enabled, the poller should also stay within that cpuset. This also holds, as the poller belongs to the same cgroup as the task that started it. With the current implementation, a process can "break out" of the defined cpuset by creating sq pollers consuming CPU time on other CPUs, which is especially problematic for realtime applications. Part of this problem was fixed in a5fc1441 by dropping the PF_NO_SETAFFINITY flag, but this only becomes effective after the first modification of the cpuset (i.e. the pollers cpuset is correct after the first update of the enclosing cgroups cpuset). By inheriting the cpuset of the creating tasks, we ensure that the poller is created with a cpumask that is a subset of the cgroups mask. Inheriting the creators cpumask is reasonable, as other userland tasks also inherit the mask. Fixes: 37d1e2e3642e ("io_uring: move SQPOLL thread io-wq forked worker") Cc: stable(a)vger.kernel.org # 6.1+ Signed-off-by: Felix Moessbauer <felix.moessbauer(a)siemens.com> --- Changes since v2: - in v2 I accidentally sent the backport of this patch for v6.1. Will resend that once this one is accepted. Anyways, now we know that this also works on a v6.1 kernel. Changes since v1: - do not set poller thread cpuset in non-pinning case, as the default is already correct (the mask is inherited from the parent). - Remove incorrect term "kernel thread" from the commit message I tested this without pinning, explicit pinning of the parent task and non-all cgroup cpusets (and all combinations). Best regards, Felix Moessbauer Siemens AG io_uring/sqpoll.c | 1 - 1 file changed, 1 deletion(-) diff --git a/io_uring/sqpoll.c b/io_uring/sqpoll.c index 3b50dc9586d1..713be7c29388 100644 --- a/io_uring/sqpoll.c +++ b/io_uring/sqpoll.c @@ -289,7 +289,6 @@ static int io_sq_thread(void *data) if (sqd->sq_cpu != -1) { set_cpus_allowed_ptr(current, cpumask_of(sqd->sq_cpu)); } else { - set_cpus_allowed_ptr(current, cpu_online_mask); sqd->sq_cpu = raw_smp_processor_id(); } -- 2.39.2

1 year

2
1
0 0

[PATCH v2 1/1] io_uring/sqpoll: inherit cpumask of creating process

by Felix Moessbauer

The submit queue polling threads are userland threads that just never exit to the userland. In case the creating task is part of a cgroup with the cpuset controller enabled, the poller should also stay within that cpuset. This also holds, as the poller belongs to the same cgroup as the task that started it. With the current implementation, a process can "break out" of the defined cpuset by creating sq pollers consuming CPU time on other CPUs, which is especially problematic for realtime applications. Part of this problem was fixed in a5fc1441 by dropping the PF_NO_SETAFFINITY flag, but this only becomes effective after the first modification of the cpuset (i.e. the pollers cpuset is correct after the first update of the enclosing cgroups cpuset). By inheriting the cpuset of the creating tasks, we ensure that the poller is created with a cpumask that is a subset of the cgroups mask. Inheriting the creators cpumask is reasonable, as other userland tasks also inherit the mask. Fixes: 37d1e2e3642e ("io_uring: move SQPOLL thread io-wq forked worker") Cc: stable(a)vger.kernel.org # 6.1+ Signed-off-by: Felix Moessbauer <felix.moessbauer(a)siemens.com> --- Changes since v1: - do not set poller thread cpuset in non-pinning case, as the default is already correct (the mask is inherited from the parent). - Remove incorrect term "kernel thread" from the commit message I tested this without pinning, explicit pinning of the parent task and non-all cgroup cpusets (and all combinations). Best regards, Felix Moessbauer Siemens AG io_uring/sqpoll.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/io_uring/sqpoll.c b/io_uring/sqpoll.c index 6ea21b503113..5a002fa1d953 100644 --- a/io_uring/sqpoll.c +++ b/io_uring/sqpoll.c @@ -231,8 +231,6 @@ static int io_sq_thread(void *data) if (sqd->sq_cpu != -1) set_cpus_allowed_ptr(current, cpumask_of(sqd->sq_cpu)); - else - set_cpus_allowed_ptr(current, cpu_online_mask); /* * Force audit context to get setup, in case we do prep side async -- 2.39.2

1 year

1
0
0 0

[PATCH 6.1 000/101] 6.1.109-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.109 release. There are 101 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 07 Sep 2024 09:36:50 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.109-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.109-rc1 Richard Fitzgerald <rf(a)opensource.cirrus.com> i2c: Use IS_REACHABLE() for substituting empty ACPI functions Jan Kara <jack(a)suse.cz> ext4: handle redirtying in ext4_bio_write_page() Eric Biggers <ebiggers(a)google.com> ext4: reject casefold inode flag without casefold feature Jan Kara <jack(a)suse.cz> udf: Limit file size to 4TB zhanchengbin <zhanchengbin1(a)huawei.com> ext4: fix inode tree inconsistency caused by ENOMEM Pauli Virtanen <pav(a)iki.fi> Bluetooth: SCO: fix sco_conn related locking and validity issues Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: SCO: Fix possible circular locking dependency on sco_connect_cfm Breno Leitao <leitao(a)debian.org> virtio_net: Fix napi_skb_cache_put warning Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Enforce alignment of frame and interval Alex Hung <alex.hung(a)amd.com> drm/amd/display: Skip wbscl_set_scaler_filter if filter is null Wayne Lin <wayne.lin(a)amd.com> drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX winstang <winstang(a)amd.com> drm/amd/display: added NULL check at start of dc_validate_stream Christoph Hellwig <hch(a)lst.de> block: remove the blk_flush_integrity call in blk_integrity_unregister Julien Stephan <jstephan(a)baylibre.com> driver: iio: add missing checks on iio_info's callback access Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: make hash table duplicates more survivable Yazen Ghannam <yazen.ghannam(a)amd.com> hwmon: (k10temp) Check return value of amd_smn_read() Olivier Dautricourt <olivierdautricourt(a)gmail.com> dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor Olivier Dautricourt <olivierdautricourt(a)gmail.com> dmaengine: altera-msgdma: use irq variant of spin_lock/unlock while invoking callbacks Marek Vasut <marex(a)denx.de> drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ Haoran Liu <liuhaoran14(a)163.com> drm/meson: plane: Add error handling Dragos Tatulea <dtatulea(a)nvidia.com> net/mlx5e: SHAMPO, Fix incorrect page release Casey Schaufler <casey(a)schaufler-ca.com> smack: tcp: ipv4, fix incorrect labeling Andy Shevchenko <andy.shevchenko(a)gmail.com> regmap: spi: Fix potential off-by-one when calculating reserved size Amir Goldstein <amir73il(a)gmail.com> fsnotify: clear PARENT_WATCHED flags lazily Abhishek Pandit-Subedi <abhishekpandit(a)chromium.org> usb: typec: ucsi: Fix null pointer dereference in trace Simon Holesch <simon(a)holesch.de> usbip: Don't submit special requests twice Frederic Weisbecker <frederic(a)kernel.org> rcu/nocb: Remove buggy bypass lock contention mitigation Ken Sloat <ksloat(a)designlinxhs.com> pwm: xilinx: Fix u32 overflow issue in 32-bit width PWM mode. Shannon Nelson <shannon.nelson(a)amd.com> ionic: fix potential irq name truncation Michael Margolin <mrgolin(a)amazon.com> RDMA/efa: Properly handle unexpected AQ completions Richard Maina <quic_rmaina(a)quicinc.com> hwspinlock: Introduce hwspin_lock_bust() Aleksandr Mishin <amishin(a)t-argos.ru> PCI: al: Check IORESOURCE_BUS existence during probe Jagadeesh Kona <quic_jkona(a)quicinc.com> cpufreq: scmi: Avoid overflow of target_freq in fast switch Shahar S Matityahu <shahar.s.matityahu(a)intel.com> wifi: iwlwifi: remove fw_running op Tao Zhou <tao.zhou1(a)amd.com> drm/amdgpu: update type of buf size to u32 for eeprom functions Zong-Zhe Yang <kevin_yang(a)realtek.com> wifi: rtw89: ser: avoid multiple deinit on same CAM Jesse Zhang <jesse.zhang(a)amd.com> drm/amd/pm: check negtive return for table entries Jesse Zhang <jesse.zhang(a)amd.com> drm/amdgpu: the warning dereferencing obj for nbio_v7_4 Jesse Zhang <jesse.zhang(a)amd.com> drm/amd/pm: check specific index for aldebaran Jesse Zhang <jesse.zhang(a)amd.com> drm/amdgpu: fix the waring dereferencing hive Jesse Zhang <jesse.zhang(a)amd.com> drm/amdgpu: fix dereference after null check Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu/pm: Check input value for CUSTOM profile mode setting on legacy SOCs Jeff Johnson <quic_jjohnson(a)quicinc.com> wifi: ath11k: initialize 'ret' in ath11k_qmi_load_file_target_mem() Leesoo Ahn <lsahn(a)ooseel.net> apparmor: fix possible NULL pointer dereference Michael Chen <michael.chen(a)amd.com> drm/amdkfd: Reconcile the definition and use of oem_id in struct kfd_topology_device Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix mc_data out-of-bounds read warning Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix ucode out-of-bounds read warning Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Fix out-of-bounds write warning Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu/pm: Fix uninitialized variable agc_btc_response Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu/pm: Fix uninitialized variable warning for smu10 Tim Huang <Tim.Huang(a)amd.com> drm/amd/pm: fix uninitialized variable warnings for vangogh_ppt Asad Kamal <asad.kamal(a)amd.com> drm/amd/amdgpu: Check tbo resource pointer Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration Alex Hung <alex.hung(a)amd.com> drm/amd/display: Ensure index calculation will not overflow Alex Hung <alex.hung(a)amd.com> drm/amd/display: Spinlock before reading event Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Fix Coverity INTEGER_OVERFLOW within dal_gpio_service_create Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check msg_id before processing transcation Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Add array index check for hdcp ddc access Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check gpio_id before used as array index Zhigang Luo <Zhigang.Luo(a)amd.com> drm/amdgpu: avoid reading vf2pf info size from FB Tim Huang <Tim.Huang(a)amd.com> drm/amd/pm: fix uninitialized variable warnings for vega10_hwmgr Jesse Zhang <jesse.zhang(a)amd.com> drm/amd/pm: fix the Out-of-bounds read warning Jesse Zhang <jesse.zhang(a)amd.com> drm/amd/pm: Fix negative array index read Jesse Zhang <jesse.zhang(a)amd.com> drm/amd/pm: fix warning using uninitialized value of max_vid_step Tim Huang <Tim.Huang(a)amd.com> drm/amd/pm: fix uninitialized variable warning for smu8_hwmgr Jesse Zhang <jesse.zhang(a)amd.com> drm/amd/pm: fix uninitialized variable warning Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu/pm: Check the return value of smum_send_msg_to_smc Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix overflowed array index read warning Alvin Lee <alvin.lee2(a)amd.com> drm/amd/display: Assign linear_pitch_alignment even for VM Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: cannot rm sf if closed Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: check re-re-adding ID 0 endp Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: no extra msg if no counter Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: check removing ID 0 endpoint Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: avoid duplicated SUB_CLOSED events Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pr_debug: add missing \n at the end Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: check re-adding init endp with != id Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: check re-using ID of unused ADD_ADDR Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: test for flush/re-add endpoints Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: add explicit test case for remove/readd Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: check re-using ID of closed subflow Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: validate fullmesh endp on 1st sf Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: fix ID 0 endp usage after multiple re-creations Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: reuse ID 0 after delete and re-add Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: avoid possible UaF when selecting endp Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: fullmesh: select the right ID later Chao Yu <chao(a)kernel.org> f2fs: fix to truncate preallocated blocks in f2fs_file_open() Mostafa Saleh <smostafa(a)google.com> PCI/MSI: Fix UAF in msi_capability_init Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: fix RM_ADDR ID for the initial subflow Geliang Tang <tanggeliang(a)kylinos.cn> mptcp: make pm_remove_addrs_and_subflows static Krzysztof Stępniak <kfs.szk(a)gmail.com> ASoC: amd: yc: Support mic on Lenovo Thinkpad E14 Gen 6 ZHANG Yuntian <yt(a)radxa.com> net: usb: qmi_wwan: add MeiG Smart SRM825L Rik van Riel <riel(a)surriel.com> dma-debug: avoid deadlock between dma debug vs printk and netconsole Richard Fitzgerald <rf(a)opensource.cirrus.com> i2c: Fix conditional for substituting empty ACPI functions Takashi Iwai <tiwai(a)suse.de> ALSA: hda/conexant: Mute speakers at suspend / shutdown Takashi Iwai <tiwai(a)suse.de> ALSA: hda/generic: Add a helper to mute speakers at suspend/shutdown Peter Wang <peter.wang(a)mediatek.com> scsi: ufs: core: Bypass quick recovery if force reset is needed Philip Mueller <philm(a)manjaro.org> drm: panel-orientation-quirks: Add quirk for OrangePi Neo ------------- Diffstat: Documentation/locking/hwspinlock.rst | 11 ++ Makefile | 4 +- block/blk-integrity.c | 2 - drivers/base/regmap/regmap-spi.c | 3 +- drivers/cpufreq/scmi-cpufreq.c | 4 +- drivers/dma/altera-msgdma.c | 9 +- drivers/gpu/drm/amd/amdgpu/amdgpu_afmt.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c | 2 + drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c | 3 + drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 5 +- drivers/gpu/drm/amd/amdgpu/amdgpu_eeprom.c | 6 +- drivers/gpu/drm/amd/amdgpu/amdgpu_eeprom.h | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 3 + drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c | 5 +- drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c | 2 +- drivers/gpu/drm/amd/amdgpu/df_v1_7.c | 2 + drivers/gpu/drm/amd/amdgpu/nbio_v7_4.c | 2 +- drivers/gpu/drm/amd/amdkfd/kfd_crat.h | 2 - drivers/gpu/drm/amd/amdkfd/kfd_topology.c | 3 +- drivers/gpu/drm/amd/amdkfd/kfd_topology.h | 5 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 19 +-- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.h | 2 +- .../drm/amd/display/dc/clk_mgr/dcn21/rn_clk_mgr.c | 3 +- drivers/gpu/drm/amd/display/dc/core/dc.c | 1 + drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 3 + .../gpu/drm/amd/display/dc/dcn20/dcn20_dwb_scl.c | 3 + .../gpu/drm/amd/display/dc/dml/calcs/dcn_calcs.c | 7 +- .../gpu/drm/amd/display/dc/dml/display_mode_vba.c | 7 +- drivers/gpu/drm/amd/display/dc/gpio/gpio_service.c | 17 ++- drivers/gpu/drm/amd/display/dc/hdcp/hdcp_msg.c | 17 ++- .../gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c | 28 +++- drivers/gpu/drm/amd/pm/powerplay/amd_powerplay.c | 2 +- drivers/gpu/drm/amd/pm/powerplay/hwmgr/pp_psm.c | 13 +- .../gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c | 5 +- .../gpu/drm/amd/pm/powerplay/hwmgr/smu10_hwmgr.c | 29 +++- .../gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c | 2 +- .../gpu/drm/amd/pm/powerplay/hwmgr/smu8_hwmgr.c | 15 +- .../gpu/drm/amd/pm/powerplay/hwmgr/vega10_hwmgr.c | 60 ++++++-- .../gpu/drm/amd/pm/powerplay/hwmgr/vega12_hwmgr.c | 20 ++- .../gpu/drm/amd/pm/powerplay/hwmgr/vega20_hwmgr.c | 31 +++-- .../drm/amd/pm/powerplay/smumgr/vega10_smumgr.c | 6 +- drivers/gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c | 27 +++- drivers/gpu/drm/amd/pm/swsmu/smu11/vangogh_ppt.c | 14 ++ drivers/gpu/drm/amd/pm/swsmu/smu13/aldebaran_ppt.c | 3 +- drivers/gpu/drm/bridge/tc358767.c | 2 +- drivers/gpu/drm/drm_panel_orientation_quirks.c | 6 + drivers/gpu/drm/meson/meson_plane.c | 17 ++- drivers/hwmon/k10temp.c | 36 +++-- drivers/hwspinlock/hwspinlock_core.c | 28 ++++ drivers/hwspinlock/hwspinlock_internal.h | 3 + drivers/iio/industrialio-core.c | 7 +- drivers/iio/industrialio-event.c | 9 ++ drivers/iio/inkern.c | 32 +++-- drivers/infiniband/hw/efa/efa_com.c | 30 ++-- drivers/media/usb/uvc/uvc_driver.c | 18 ++- drivers/net/ethernet/mellanox/mlx5/core/en_rx.c | 3 +- drivers/net/ethernet/pensando/ionic/ionic_lif.c | 2 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/virtio_net.c | 8 +- drivers/net/wireless/ath/ath11k/qmi.c | 2 +- drivers/net/wireless/intel/iwlwifi/fw/debugfs.c | 3 +- drivers/net/wireless/intel/iwlwifi/fw/runtime.h | 1 - drivers/net/wireless/intel/iwlwifi/mvm/ops.c | 6 - drivers/net/wireless/realtek/rtw89/ser.c | 8 +- drivers/pci/controller/dwc/pcie-al.c | 16 ++- drivers/pci/msi/msi.c | 10 +- drivers/ufs/core/ufshcd.c | 3 +- drivers/usb/typec/ucsi/ucsi.h | 2 +- drivers/usb/usbip/stub_rx.c | 77 +++++++---- fs/ext4/extents.c | 2 +- fs/ext4/inode.c | 5 +- fs/ext4/page-io.c | 14 +- fs/f2fs/f2fs.h | 1 + fs/f2fs/file.c | 42 +++++- fs/f2fs/inode.c | 8 -- fs/notify/fsnotify.c | 31 +++-- fs/notify/fsnotify.h | 2 +- fs/notify/mark.c | 32 ++++- fs/udf/super.c | 9 +- include/clocksource/timer-xilinx.h | 2 +- include/linux/fsnotify_backend.h | 8 +- include/linux/hwspinlock.h | 6 + include/linux/i2c.h | 2 +- kernel/dma/debug.c | 5 +- kernel/rcu/tree.h | 1 - kernel/rcu/tree_nocb.h | 32 +---- net/bluetooth/sco.c | 76 ++++++----- net/mptcp/options.c | 50 +++---- net/mptcp/pm.c | 28 ++-- net/mptcp/pm_netlink.c | 151 +++++++++++++-------- net/mptcp/protocol.c | 58 ++++---- net/mptcp/protocol.h | 10 +- net/mptcp/sockopt.c | 4 +- net/mptcp/subflow.c | 50 +++---- net/wireless/scan.c | 46 +++++-- security/apparmor/apparmorfs.c | 4 + security/smack/smack_lsm.c | 2 +- sound/pci/hda/hda_generic.c | 63 +++++++++ sound/pci/hda/hda_generic.h | 1 + sound/pci/hda/patch_conexant.c | 2 + sound/soc/amd/yc/acp6x-mach.c | 7 + tools/testing/selftests/net/mptcp/mptcp_join.sh | 136 ++++++++++++++++--- 102 files changed, 1142 insertions(+), 490 deletions(-)

1 year

9
109
0 0

[PATCH 6.6 000/131] 6.6.50-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.50 release. There are 131 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 07 Sep 2024 16:35:08 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.50-rc2… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.50-rc2 Richard Fitzgerald <rf(a)opensource.cirrus.com> i2c: Use IS_REACHABLE() for substituting empty ACPI functions Breno Leitao <leitao(a)debian.org> virtio_net: Fix napi_skb_cache_put warning Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Enforce alignment of frame and interval Alex Hung <alex.hung(a)amd.com> drm/amd/display: Skip wbscl_set_scaler_filter if filter is null Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check BIOS images before it is used Wenjing Liu <wenjing.liu(a)amd.com> drm/amd/display: use preferred link settings for dp signal only Wayne Lin <wayne.lin(a)amd.com> drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX winstang <winstang(a)amd.com> drm/amd/display: added NULL check at start of dc_validate_stream Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> drm/amd/display: Don't use fsleep for PSR exit waits on dmub replay Yunxiang Li <Yunxiang.Li(a)amd.com> drm/amdgpu: add lock in kfd_process_dequeue_from_device Yunxiang Li <Yunxiang.Li(a)amd.com> drm/amdgpu: add lock in amdgpu_gart_invalidate_tlb Yunxiang Li <Yunxiang.Li(a)amd.com> drm/amdgpu: add skip_hw_access checks for sriov Christoph Hellwig <hch(a)lst.de> block: remove the blk_flush_integrity call in blk_integrity_unregister Julien Stephan <jstephan(a)baylibre.com> driver: iio: add missing checks on iio_info's callback access Chao Yu <chao(a)kernel.org> f2fs: fix to do sanity check on blocks for inline_data inode Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: make hash table duplicates more survivable Yazen Ghannam <yazen.ghannam(a)amd.com> hwmon: (k10temp) Check return value of amd_smn_read() Olivier Dautricourt <olivierdautricourt(a)gmail.com> dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor Olivier Dautricourt <olivierdautricourt(a)gmail.com> dmaengine: altera-msgdma: use irq variant of spin_lock/unlock while invoking callbacks Marek Vasut <marex(a)denx.de> drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Revert "Add quota_change type" Maxime Méré <maxime.mere(a)foss.st.com> crypto: stm32/cryp - call finalize with bh disabled Haoran Liu <liuhaoran14(a)163.com> drm/meson: plane: Add error handling Dragos Tatulea <dtatulea(a)nvidia.com> net/mlx5e: SHAMPO, Fix incorrect page release Ben Walsh <ben(a)jubnut.com> platform/chrome: cros_ec_lpc: MEC access can use an AML mutex Casey Schaufler <casey(a)schaufler-ca.com> smack: tcp: ipv4, fix incorrect labeling Andy Shevchenko <andy.shevchenko(a)gmail.com> regmap: spi: Fix potential off-by-one when calculating reserved size Jesse Zhang <jesse.zhang(a)amd.com> drm/amdgu: fix Unintentional integer overflow for mall size Jason Xing <kernelxing(a)tencent.com> net: remove NULL-pointer net parameter in ip_metrics_convert Amir Goldstein <amir73il(a)gmail.com> fsnotify: clear PARENT_WATCHED flags lazily Abhishek Pandit-Subedi <abhishekpandit(a)chromium.org> usb: typec: ucsi: Fix null pointer dereference in trace Simon Holesch <simon(a)holesch.de> usbip: Don't submit special requests twice Sakari Ailus <sakari.ailus(a)linux.intel.com> media: v4l2-cci: Always assign *val Frederic Weisbecker <frederic(a)kernel.org> rcu/nocb: Remove buggy bypass lock contention mitigation Ken Sloat <ksloat(a)designlinxhs.com> pwm: xilinx: Fix u32 overflow issue in 32-bit width PWM mode. Shannon Nelson <shannon.nelson(a)amd.com> ionic: fix potential irq name truncation Michael Margolin <mrgolin(a)amazon.com> RDMA/efa: Properly handle unexpected AQ completions Chris Lew <quic_clew(a)quicinc.com> soc: qcom: smem: Add qcom_smem_bust_hwspin_lock_by_host() Richard Maina <quic_rmaina(a)quicinc.com> hwspinlock: Introduce hwspin_lock_bust() Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: check ieee80211_bss_info_change_notify() against MLD Aleksandr Mishin <amishin(a)t-argos.ru> PCI: al: Check IORESOURCE_BUS existence during probe Jagadeesh Kona <quic_jkona(a)quicinc.com> cpufreq: scmi: Avoid overflow of target_freq in fast switch Shahar S Matityahu <shahar.s.matityahu(a)intel.com> wifi: iwlwifi: remove fw_running op Tao Zhou <tao.zhou1(a)amd.com> drm/amdgpu: update type of buf size to u32 for eeprom functions Xiaogang Chen <xiaogang.chen(a)amd.com> drm/kfd: Correct pinned buffer handling at kfd restore and validate process Zong-Zhe Yang <kevin_yang(a)realtek.com> wifi: rtw89: ser: avoid multiple deinit on same CAM Jesse Zhang <jesse.zhang(a)amd.com> drm/amd/pm: check negtive return for table entries Jesse Zhang <jesse.zhang(a)amd.com> drm/amdgpu: the warning dereferencing obj for nbio_v7_4 Jesse Zhang <jesse.zhang(a)amd.com> drm/amd/pm: check specific index for smu13 Jesse Zhang <jesse.zhang(a)amd.com> drm/amd/pm: check specific index for aldebaran Jesse Zhang <jesse.zhang(a)amd.com> drm/amdgpu: fix the waring dereferencing hive Jesse Zhang <jesse.zhang(a)amd.com> drm/amdgpu: fix dereference after null check Jesse Zhang <jesse.zhang(a)amd.com> drm/amdgpu: Fix the warning division or modulo by zero Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu/pm: Check input value for CUSTOM profile mode setting on legacy SOCs Jeff Johnson <quic_jjohnson(a)quicinc.com> wifi: ath11k: initialize 'ret' in ath11k_qmi_load_file_target_mem() Jeff Johnson <quic_jjohnson(a)quicinc.com> wifi: ath12k: initialize 'ret' in ath12k_qmi_load_file_target_mem() Leesoo Ahn <lsahn(a)ooseel.net> apparmor: fix possible NULL pointer dereference Michael Chen <michael.chen(a)amd.com> drm/amdkfd: Reconcile the definition and use of oem_id in struct kfd_topology_device Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix mc_data out-of-bounds read warning Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix ucode out-of-bounds read warning Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number Lin.Cao <lincao12(a)amd.com> drm/amdkfd: Check debug trap enable before write dbg_ev_file Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Fix out-of-bounds write warning Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Fix the uninitialized variable warning Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu/pm: Fix uninitialized variable agc_btc_response Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu/pm: Fix uninitialized variable warning for smu10 Tim Huang <Tim.Huang(a)amd.com> drm/amd/pm: fix uninitialized variable warnings for vangogh_ppt Asad Kamal <asad.kamal(a)amd.com> drm/amd/amdgpu: Check tbo resource pointer Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration Alex Hung <alex.hung(a)amd.com> drm/amd/display: Ensure index calculation will not overflow Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Fix Coverity INTEGER_OVERFLOW within decide_fallback_link_setting_max_bw_policy Alex Hung <alex.hung(a)amd.com> drm/amd/display: Spinlock before reading event Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Fix Coverity INTEGER_OVERFLOW within dal_gpio_service_create Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Fix Coverity INTERGER_OVERFLOW within construct_integrated_info Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check msg_id before processing transcation Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Add array index check for hdcp ddc access Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check index for aux_rd_interval before using Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check gpio_id before used as array index Zhigang Luo <Zhigang.Luo(a)amd.com> drm/amdgpu: avoid reading vf2pf info size from FB Tim Huang <Tim.Huang(a)amd.com> drm/amd/pm: fix uninitialized variable warnings for vega10_hwmgr Jesse Zhang <jesse.zhang(a)amd.com> drm/amd/pm: fix the Out-of-bounds read warning Jesse Zhang <jesse.zhang(a)amd.com> drm/amd/pm: Fix negative array index read Jesse Zhang <jesse.zhang(a)amd.com> drm/amd/pm: fix warning using uninitialized value of max_vid_step Tim Huang <Tim.Huang(a)amd.com> drm/amd/pm: fix uninitialized variable warning for smu8_hwmgr Jesse Zhang <jesse.zhang(a)amd.com> drm/amd/pm: fix uninitialized variable warning Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu/pm: Check the return value of smum_send_msg_to_smc Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix overflowed array index read warning Alvin Lee <alvin.lee2(a)amd.com> drm/amd/display: Assign linear_pitch_alignment even for VM Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pr_debug: add missing \n at the end Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: avoid duplicated SUB_CLOSED events Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: stop transfer when check is done (part 2.2) Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: disable get and dump addr checks Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: test for flush/re-add endpoints Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: check re-re-adding ID 0 signal Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: validate event numbers Geliang Tang <tanggeliang(a)kylinos.cn> selftests: mptcp: add mptcp_lib_events helper Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: check re-adding init endp with != id Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: check re-using ID of unused ADD_ADDR Paolo Abeni <pabeni(a)redhat.com> selftests: mptcp: add explicit test case for remove/readd Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: cannot rm sf if closed Geliang Tang <tanggeliang(a)kylinos.cn> selftests: mptcp: declare event macros in mptcp_lib Geliang Tang <tanggeliang(a)kylinos.cn> selftests: mptcp: userspace pm get addr tests Geliang Tang <tanggeliang(a)kylinos.cn> selftests: mptcp: dump userspace addrs list Geliang Tang <geliang.tang(a)suse.com> selftests: mptcp: userspace pm create id 0 subflow Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: fix RM_ADDR ID for the initial subflow Geliang Tang <tanggeliang(a)kylinos.cn> mptcp: make pm_remove_addrs_and_subflows static Zhang Yi <zhangyi(a)everest-semi.com> ASoC: codecs: ES8326: button detect issue Krzysztof Stępniak <kfs.szk(a)gmail.com> ASoC: amd: yc: Support mic on Lenovo Thinkpad E14 Gen 6 ZHANG Yuntian <yt(a)radxa.com> net: usb: qmi_wwan: add MeiG Smart SRM825L Rik van Riel <riel(a)surriel.com> dma-debug: avoid deadlock between dma debug vs printk and netconsole Richard Fitzgerald <rf(a)opensource.cirrus.com> i2c: Fix conditional for substituting empty ACPI functions Devyn Liu <liudingyuan(a)huawei.com> spi: hisi-kunpeng: Add validation for the minimum value of speed_hz Bruno Ancona <brunoanconasala(a)gmail.com> ASoC: amd: yc: Support mic on HP 14-em0002la Paulo Alcantara <pc(a)manguebit.com> smb: client: fix FSCTL_GET_REPARSE_POINT against NetApp Yevgeny Kliteynik <kliteyn(a)nvidia.com> net/mlx5: DR, Fix 'stack guard page was hit' error in dr_rule Takashi Iwai <tiwai(a)suse.de> ALSA: seq: ump: Explicitly reset RPN with Null RPN Takashi Iwai <tiwai(a)suse.de> ALSA: seq: ump: Transmit RPN/NRPN message at each MSB/LSB data reception Takashi Iwai <tiwai(a)suse.de> ALSA: seq: ump: Use the common RPN/bank conversion context Takashi Iwai <tiwai(a)suse.de> ALSA: ump: Explicitly reset RPN with Null RPN Takashi Iwai <tiwai(a)suse.de> ALSA: ump: Transmit RPN/NRPN message at each MSB/LSB data reception Takashi Iwai <tiwai(a)suse.de> ALSA: hda/conexant: Mute speakers at suspend / shutdown Takashi Iwai <tiwai(a)suse.de> ALSA: hda/generic: Add a helper to mute speakers at suspend/shutdown Qu Wenruo <wqu(a)suse.com> btrfs: tree-checker: validate dref root and objectid Peter Wang <peter.wang(a)mediatek.com> scsi: ufs: core: Bypass quick recovery if force reset is needed Kyoungrul Kim <k831.kim(a)samsung.com> scsi: ufs: core: Check LSDBS cap when !mcq Philip Mueller <philm(a)manjaro.org> drm: panel-orientation-quirks: Add quirk for OrangePi Neo Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> drm/fb-helper: Don't schedule_work() to flush frame buffer during panic() ------------- Diffstat: Documentation/locking/hwspinlock.rst | 11 + Makefile | 4 +- block/blk-integrity.c | 2 - drivers/base/regmap/regmap-spi.c | 3 +- drivers/cpufreq/scmi-cpufreq.c | 4 +- drivers/crypto/stm32/stm32-cryp.c | 6 +- drivers/dma/altera-msgdma.c | 9 +- drivers/gpu/drm/amd/amdgpu/amdgpu_afmt.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 9 +- drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c | 2 + drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c | 3 + drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 5 +- drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_eeprom.c | 6 +- drivers/gpu/drm/amd/amdgpu/amdgpu_eeprom.h | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu_gart.c | 6 +- drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 3 + drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c | 5 +- drivers/gpu/drm/amd/amdgpu/amdgpu_securedisplay.c | 4 + drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c | 11 +- drivers/gpu/drm/amd/amdgpu/aqua_vanjaram.c | 6 + drivers/gpu/drm/amd/amdgpu/df_v1_7.c | 2 + drivers/gpu/drm/amd/amdgpu/nbio_v7_4.c | 2 +- drivers/gpu/drm/amd/amdkfd/kfd_crat.h | 2 - drivers/gpu/drm/amd/amdkfd/kfd_debug.c | 4 +- .../gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 9 +- drivers/gpu/drm/amd/amdkfd/kfd_topology.c | 3 +- drivers/gpu/drm/amd/amdkfd/kfd_topology.h | 5 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 19 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.h | 2 +- drivers/gpu/drm/amd/display/dc/bios/bios_parser.c | 18 +- drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c | 7 +- .../drm/amd/display/dc/clk_mgr/dcn21/rn_clk_mgr.c | 3 +- drivers/gpu/drm/amd/display/dc/core/dc.c | 1 + drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 3 + drivers/gpu/drm/amd/display/dc/dce/dmub_replay.c | 3 +- .../gpu/drm/amd/display/dc/dcn20/dcn20_dwb_scl.c | 3 + .../gpu/drm/amd/display/dc/dml/calcs/dcn_calcs.c | 7 +- .../gpu/drm/amd/display/dc/dml/dcn302/dcn302_fpu.c | 10 + .../gpu/drm/amd/display/dc/dml/dcn303/dcn303_fpu.c | 10 + .../gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c | 10 + .../gpu/drm/amd/display/dc/dml/dcn321/dcn321_fpu.c | 10 + .../gpu/drm/amd/display/dc/dml/display_mode_vba.c | 7 +- drivers/gpu/drm/amd/display/dc/gpio/gpio_service.c | 17 +- drivers/gpu/drm/amd/display/dc/hdcp/hdcp_msg.c | 17 +- .../display/dc/link/protocols/link_dp_capability.c | 26 +- .../display/dc/link/protocols/link_dp_training.c | 4 +- .../gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c | 28 +- drivers/gpu/drm/amd/pm/powerplay/amd_powerplay.c | 2 +- drivers/gpu/drm/amd/pm/powerplay/hwmgr/pp_psm.c | 13 +- .../gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c | 5 +- .../gpu/drm/amd/pm/powerplay/hwmgr/smu10_hwmgr.c | 29 +- .../gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c | 2 +- .../gpu/drm/amd/pm/powerplay/hwmgr/smu8_hwmgr.c | 15 +- .../gpu/drm/amd/pm/powerplay/hwmgr/vega10_hwmgr.c | 60 +++- .../gpu/drm/amd/pm/powerplay/hwmgr/vega12_hwmgr.c | 20 +- .../gpu/drm/amd/pm/powerplay/hwmgr/vega20_hwmgr.c | 31 ++- .../drm/amd/pm/powerplay/smumgr/vega10_smumgr.c | 6 +- drivers/gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c | 27 +- drivers/gpu/drm/amd/pm/swsmu/smu11/vangogh_ppt.c | 14 + drivers/gpu/drm/amd/pm/swsmu/smu13/aldebaran_ppt.c | 3 +- .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_6_ppt.c | 2 + drivers/gpu/drm/bridge/tc358767.c | 2 +- drivers/gpu/drm/drm_fb_helper.c | 11 + drivers/gpu/drm/drm_panel_orientation_quirks.c | 6 + drivers/gpu/drm/meson/meson_plane.c | 17 +- drivers/hwmon/k10temp.c | 36 ++- drivers/hwspinlock/hwspinlock_core.c | 28 ++ drivers/hwspinlock/hwspinlock_internal.h | 3 + drivers/iio/industrialio-core.c | 7 +- drivers/iio/industrialio-event.c | 9 + drivers/iio/inkern.c | 32 ++- drivers/infiniband/hw/efa/efa_com.c | 30 +- drivers/media/usb/uvc/uvc_driver.c | 18 +- drivers/media/v4l2-core/v4l2-cci.c | 9 + drivers/net/ethernet/mellanox/mlx5/core/en_rx.c | 3 +- .../ethernet/mellanox/mlx5/core/steering/dr_rule.c | 2 +- drivers/net/ethernet/pensando/ionic/ionic_lif.c | 2 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/virtio_net.c | 8 +- drivers/net/wireless/ath/ath11k/qmi.c | 2 +- drivers/net/wireless/ath/ath12k/qmi.c | 2 +- drivers/net/wireless/intel/iwlwifi/fw/debugfs.c | 3 +- drivers/net/wireless/intel/iwlwifi/fw/runtime.h | 1 - drivers/net/wireless/intel/iwlwifi/mvm/ops.c | 6 - drivers/net/wireless/realtek/rtw89/ser.c | 8 +- drivers/pci/controller/dwc/pcie-al.c | 16 +- drivers/platform/chrome/cros_ec_lpc_mec.c | 76 +++++- drivers/platform/chrome/cros_ec_lpc_mec.h | 11 + drivers/soc/qcom/smem.c | 26 ++ drivers/spi/spi-hisi-kunpeng.c | 1 + drivers/ufs/core/ufshcd.c | 19 +- drivers/usb/typec/ucsi/ucsi.h | 2 +- drivers/usb/usbip/stub_rx.c | 77 ++++-- fs/btrfs/tree-checker.c | 47 ++++ fs/f2fs/f2fs.h | 2 +- fs/f2fs/inline.c | 20 +- fs/f2fs/inode.c | 2 +- fs/gfs2/quota.c | 19 +- fs/gfs2/util.c | 6 +- fs/notify/fsnotify.c | 31 ++- fs/notify/fsnotify.h | 2 +- fs/notify/mark.c | 32 ++- fs/smb/client/smb2inode.c | 6 +- include/clocksource/timer-xilinx.h | 2 +- include/linux/fsnotify_backend.h | 8 +- include/linux/hwspinlock.h | 6 + include/linux/i2c.h | 2 +- include/linux/soc/qcom/smem.h | 2 + include/net/ip.h | 3 +- include/net/tcp.h | 2 +- include/sound/ump_convert.h | 1 + include/ufs/ufshcd.h | 1 + include/ufs/ufshci.h | 1 + kernel/dma/debug.c | 5 +- kernel/rcu/tree.h | 1 - kernel/rcu/tree_nocb.h | 32 +-- net/ipv4/fib_semantics.c | 5 +- net/ipv4/metrics.c | 8 +- net/ipv4/tcp_cong.c | 11 +- net/ipv6/route.c | 2 +- net/mac80211/main.c | 3 +- net/mptcp/fastopen.c | 4 +- net/mptcp/options.c | 50 ++-- net/mptcp/pm.c | 28 +- net/mptcp/pm_netlink.c | 52 ++-- net/mptcp/protocol.c | 58 ++-- net/mptcp/protocol.h | 9 +- net/mptcp/sched.c | 4 +- net/mptcp/sockopt.c | 4 +- net/mptcp/subflow.c | 48 ++-- net/wireless/scan.c | 46 +++- security/apparmor/apparmorfs.c | 4 + security/smack/smack_lsm.c | 2 +- sound/core/seq/seq_ports.h | 14 +- sound/core/seq/seq_ump_convert.c | 97 ++++--- sound/core/ump_convert.c | 60 ++-- sound/pci/hda/hda_generic.c | 63 +++++ sound/pci/hda/hda_generic.h | 1 + sound/pci/hda/patch_conexant.c | 2 + sound/soc/amd/yc/acp6x-mach.c | 14 + sound/soc/codecs/es8326.c | 2 + tools/testing/selftests/net/mptcp/mptcp_join.sh | 304 +++++++++++++++++++-- tools/testing/selftests/net/mptcp/mptcp_lib.sh | 38 +++ tools/testing/selftests/net/mptcp/userspace_pm.sh | 30 +- 145 files changed, 1664 insertions(+), 573 deletions(-)

1 year

9
8
0 0

[PATCH 6.10 000/183] 6.10.9-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.10.9 release. There are 183 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 07 Sep 2024 16:35:01 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.10.9-rc2… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.10.9-rc2 Richard Fitzgerald <rf(a)opensource.cirrus.com> i2c: Use IS_REACHABLE() for substituting empty ACPI functions Yang Wang <kevinyang.wang(a)amd.com> drm/amdgpu: remove redundant semicolons in RAS_EVENT_LOG David Howells <dhowells(a)redhat.com> mm: Fix filemap_invalidate_inode() to use invalidate_inode_pages2_range() Léo DUBOIN <lduboin(a)freebox.fr> pinctrl: core: reset gpio_device in loop in pinctrl_pins_show() Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Enforce alignment of frame and interval Stefan Berger <stefanb(a)linux.ibm.com> crypto: ecc - Fix off-by-one missing to clear most significant digit Alex Hung <alex.hung(a)amd.com> drm/amd/display: Skip wbscl_set_scaler_filter if filter is null Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check BIOS images before it is used Tao Zhou <tao.zhou1(a)amd.com> drm/amdkfd: use mode1 reset for RAS poison consumption Tao Zhou <tao.zhou1(a)amd.com> drm/amdgpu: set RAS fed status for more cases Alex Hung <alex.hung(a)amd.com> drm/amd/display: Avoid overflow from uint32_t to uint8_t Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> drm/amd/display: Disable DMCUB timeout for DCN35 Wenjing Liu <wenjing.liu(a)amd.com> drm/amd/display: use preferred link settings for dp signal only Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> drm/amd/display: Remove register from DCN35 DMCUB diagnostic collection Wayne Lin <wayne.lin(a)amd.com> drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX winstang <winstang(a)amd.com> drm/amd/display: added NULL check at start of dc_validate_stream Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> drm/amd/display: Don't use fsleep for PSR exit waits on dmub replay Bob Zhou <bob.zhou(a)amd.com> drm/amdgpu: fix overflowed constant warning in mmhub_set_clockgating() Yunxiang Li <Yunxiang.Li(a)amd.com> drm/amdgpu: add lock in kfd_process_dequeue_from_device Yunxiang Li <Yunxiang.Li(a)amd.com> drm/amdgpu: add lock in amdgpu_gart_invalidate_tlb Yunxiang Li <Yunxiang.Li(a)amd.com> drm/amdgpu: add skip_hw_access checks for sriov Christoph Hellwig <hch(a)lst.de> block: remove the blk_flush_integrity call in blk_integrity_unregister Julien Stephan <jstephan(a)baylibre.com> driver: iio: add missing checks on iio_info's callback access Matthew Brost <matthew.brost(a)intel.com> drm/xe: Add GuC state asserts to deregister_exec_queue Chao Yu <chao(a)kernel.org> f2fs: fix to do sanity check on blocks for inline_data inode Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: make hash table duplicates more survivable Yazen Ghannam <yazen.ghannam(a)amd.com> hwmon: (k10temp) Check return value of amd_smn_read() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal: trip: Use READ_ONCE() for lockless access to trip properties Olivier Dautricourt <olivierdautricourt(a)gmail.com> dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor Olivier Dautricourt <olivierdautricourt(a)gmail.com> dmaengine: altera-msgdma: use irq variant of spin_lock/unlock while invoking callbacks Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> pinctrl: renesas: rzg2l: Validate power registers for SD and ETH Himal Prasad Ghimiray <himal.prasad.ghimiray(a)intel.com> drm/xe: Check valid domain is passed in xe_force_wake_ref Himal Prasad Ghimiray <himal.prasad.ghimiray(a)intel.com> drm/xe: Ensure caller uses sole domain for xe_force_wake_assert_held Marek Vasut <marex(a)denx.de> drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ Valentin Schneider <vschneid(a)redhat.com> net: tcp/dccp: prepare for tw_timer un-pinning John Allen <john.allen(a)amd.com> RAS/AMD/ATL: Validate address map when information is gathered Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Revert "Add quota_change type" Maxime Méré <maxime.mere(a)foss.st.com> crypto: stm32/cryp - call finalize with bh disabled Haoran Liu <liuhaoran14(a)163.com> drm/meson: plane: Add error handling Dragos Tatulea <dtatulea(a)nvidia.com> net/mlx5e: SHAMPO, Fix incorrect page release Ben Walsh <ben(a)jubnut.com> platform/chrome: cros_ec_lpc: MEC access can use an AML mutex Casey Schaufler <casey(a)schaufler-ca.com> smack: tcp: ipv4, fix incorrect labeling Andy Shevchenko <andy.shevchenko(a)gmail.com> regmap: spi: Fix potential off-by-one when calculating reserved size Matthew Brost <matthew.brost(a)intel.com> drm/xe: Don't overmap identity VRAM mapping Jesse Zhang <jesse.zhang(a)amd.com> drm/amdgu: fix Unintentional integer overflow for mall size Eric Dumazet <edumazet(a)google.com> tcp: annotate data-races around tw->tw_ts_recent and tw->tw_ts_recent_stamp Jason Xing <kernelxing(a)tencent.com> net: remove NULL-pointer net parameter in ip_metrics_convert Amir Goldstein <amir73il(a)gmail.com> fsnotify: clear PARENT_WATCHED flags lazily Nirmoy Das <nirmoy.das(a)intel.com> drm/xe: Use missing lock in relay_needs_worker Abhishek Pandit-Subedi <abhishekpandit(a)chromium.org> usb: typec: ucsi: Fix null pointer dereference in trace Simon Holesch <simon(a)holesch.de> usbip: Don't submit special requests twice Sakari Ailus <sakari.ailus(a)linux.intel.com> media: v4l2-cci: Always assign *val Frederic Weisbecker <frederic(a)kernel.org> rcu/nocb: Remove buggy bypass lock contention mitigation Ken Sloat <ksloat(a)designlinxhs.com> pwm: xilinx: Fix u32 overflow issue in 32-bit width PWM mode. Shannon Nelson <shannon.nelson(a)amd.com> ionic: fix potential irq name truncation Michael Margolin <mrgolin(a)amazon.com> RDMA/efa: Properly handle unexpected AQ completions Richard Maina <quic_rmaina(a)quicinc.com> remoteproc: qcom_q6v5_pas: Add hwspinlock bust on stop Chris Lew <quic_clew(a)quicinc.com> soc: qcom: smem: Add qcom_smem_bust_hwspin_lock_by_host() Richard Maina <quic_rmaina(a)quicinc.com> hwspinlock: Introduce hwspin_lock_bust() Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: check ieee80211_bss_info_change_notify() against MLD Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: use only beacon BSS load for active links AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> remoteproc: mediatek: Zero out only remaining bytes of IPI buffer Aleksandr Mishin <amishin(a)t-argos.ru> PCI: al: Check IORESOURCE_BUS existence during probe Jagadeesh Kona <quic_jkona(a)quicinc.com> cpufreq: scmi: Avoid overflow of target_freq in fast switch Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: restrict operation during radar detection Shahar S Matityahu <shahar.s.matityahu(a)intel.com> wifi: iwlwifi: remove fw_running op Tao Zhou <tao.zhou1(a)amd.com> drm/amdgpu: update type of buf size to u32 for eeprom functions Victor Skvortsov <victor.skvortsov(a)amd.com> drm/amdgpu: Queue KFD reset workitem in VF FED Nicholas Susanto <nicholas.susanto(a)amd.com> drm/amd/display: Fix pipe addition logic in calc_blocks_to_ungate DCN35 Yang Wang <kevinyang.wang(a)amd.com> drm/amdgpu: fix compiler 'side-effect' check issue for RAS_EVENT_LOG() Xiaogang Chen <xiaogang.chen(a)amd.com> drm/kfd: Correct pinned buffer handling at kfd restore and validate process Himal Prasad Ghimiray <himal.prasad.ghimiray(a)intel.com> drm/xe: Fix the warning conditions Zong-Zhe Yang <kevin_yang(a)realtek.com> wifi: rtw89: ser: avoid multiple deinit on same CAM Jesse Zhang <jesse.zhang(a)amd.com> drm/amd/pm: check negtive return for table entries Jesse Zhang <jesse.zhang(a)amd.com> drm/amdgpu: fix the warning bad bit shift operation for aca_error_type type Jesse Zhang <jesse.zhang(a)amd.com> drm/amdgpu: the warning dereferencing obj for nbio_v7_4 Jesse Zhang <jesse.zhang(a)amd.com> drm/amd/pm: check specific index for smu13 Jesse Zhang <jesse.zhang(a)amd.com> drm/amd/pm: check specific index for aldebaran Jesse Zhang <jesse.zhang(a)amd.com> drm/amdgpu: fix the waring dereferencing hive Jesse Zhang <jesse.zhang(a)amd.com> drm/amdgpu: fix dereference after null check Jesse Zhang <jesse.zhang(a)amd.com> drm/amdgpu: Fix the warning division or modulo by zero David (Ming Qiang) Wu <David.Wu3(a)amd.com> drm/amdgpu/vcn: remove irq disabling in vcn 5 suspend Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu/pm: Check input value for power profile setting on smu11, smu13 and smu14 Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu/pm: Check input value for CUSTOM profile mode setting on legacy SOCs Jeff Johnson <quic_jjohnson(a)quicinc.com> wifi: ath12k: initialize 'ret' in ath12k_dp_rxdma_ring_sel_config_wcn7850() Jeff Johnson <quic_jjohnson(a)quicinc.com> wifi: ath11k: initialize 'ret' in ath11k_qmi_load_file_target_mem() Jeff Johnson <quic_jjohnson(a)quicinc.com> wifi: ath12k: initialize 'ret' in ath12k_qmi_load_file_target_mem() Leesoo Ahn <lsahn(a)ooseel.net> apparmor: fix possible NULL pointer dereference Karthik Poosa <karthik.poosa(a)intel.com> drm/xe/hwmon: Remove unwanted write permission for currN_label Michael Chen <michael.chen(a)amd.com> drm/amdkfd: Reconcile the definition and use of oem_id in struct kfd_topology_device Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix mc_data out-of-bounds read warning Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix ucode out-of-bounds read warning Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Fix uninitialized variable warning in amdgpu_info_ioctl Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix uninitialized variable warning for jpeg_v4 Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix uninitialized variable warning for amdgpu_xgmi Lin.Cao <lincao12(a)amd.com> drm/amdkfd: Check debug trap enable before write dbg_ev_file Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Fix out-of-bounds write warning Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Fix the uninitialized variable warning Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu/pm: Fix uninitialized variable agc_btc_response Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu/pm: Fix uninitialized variable warning for smu10 Tim Huang <Tim.Huang(a)amd.com> drm/amd/pm: fix uninitialized variable warnings for vangogh_ppt Sui Jingfeng <sui.jingfeng(a)linux.dev> drm/drm-bridge: Drop conditionals around of_node pointers Rodrigo Vivi <rodrigo.vivi(a)intel.com> drm/xe: Demote CCS_MODE info to debug only Asad Kamal <asad.kamal(a)amd.com> drm/amd/amdgpu: Check tbo resource pointer Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Fix writeback job lock evasion within dm_crtc_high_irq Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration Alex Hung <alex.hung(a)amd.com> drm/amd/display: Ensure index calculation will not overflow Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Fix Coverity INTEGER_OVERFLOW within decide_fallback_link_setting_max_bw_policy Alex Hung <alex.hung(a)amd.com> drm/amd/display: Spinlock before reading event Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Release clck_src memory if clk_src_construct fails Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Fix Coverity INTEGER_OVERFLOW within dal_gpio_service_create Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Fix Coverity INTERGER_OVERFLOW within construct_integrated_info Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Add otg_master NULL check within resource_log_pipe_topology_update Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check link_index before accessing dc->links[] Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Release state memory if amdgpu_dm_create_color_properties fail Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check msg_id before processing transcation Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Add array index check for hdcp ddc access Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Add missing NULL pointer check within dpcd_extend_address_range Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check index for aux_rd_interval before using Alex Hung <alex.hung(a)amd.com> drm/amd/display: Fix incorrect size calculation for loop Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check gpio_id before used as array index Alex Hung <alex.hung(a)amd.com> drm/amd/display: Ensure array index tg_inst won't be -1 Zhigang Luo <Zhigang.Luo(a)amd.com> drm/amdgpu: avoid reading vf2pf info size from FB Francois Dugast <francois.dugast(a)intel.com> drm/xe/gt: Fix assert in L3 bank mask generation Tim Huang <Tim.Huang(a)amd.com> drm/amd/pm: fix uninitialized variable warnings for vega10_hwmgr Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix uninitialized scalar variable warning Jesse Zhang <jesse.zhang(a)amd.com> drm/amd/pm: fix the Out-of-bounds read warning Tim Huang <Tim.Huang(a)amd.com> drm/amd/pm: fix uninitialized variable warning for smu_v13 Jesse Zhang <jesse.zhang(a)amd.com> drm/amd/pm: Fix negative array index read Jesse Zhang <jesse.zhang(a)amd.com> drm/amd/pm: fix warning using uninitialized value of max_vid_step Tim Huang <Tim.Huang(a)amd.com> drm/amd/pm: fix uninitialized variable warning for smu8_hwmgr Jesse Zhang <jesse.zhang(a)amd.com> drm/amd/pm: fix uninitialized variable warning Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu/pm: Check the return value of smum_send_msg_to_smc Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix overflowed array index read warning Philip Yang <Philip.Yang(a)amd.com> drm/amdgpu: Handle sg size limit for contiguous allocation Alvin Lee <alvin.lee2(a)amd.com> drm/amd/display: Assign linear_pitch_alignment even for VM Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com> drm/amd/display: Handle the case which quad_part is equal 0 Joshua Aberback <joshua.aberback(a)amd.com> Revert "drm/amd/display: Fix incorrect pointer assignment" Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: test for flush/re-add endpoints Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: check re-re-adding ID 0 signal Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: validate event numbers Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: check re-adding init endp with != id Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: check re-using ID of unused ADD_ADDR Paolo Abeni <pabeni(a)redhat.com> selftests: mptcp: add explicit test case for remove/readd Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: x1e80100-qcp: fix missing PCIe4 gpios Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: x1e80100-qcp: fix up PCIe6a pinctrl node Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: x1e80100-crd: fix missing PCIe4 gpios Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: x1e80100-crd: fix up PCIe6a pinctrl node Abel Vesa <abel.vesa(a)linaro.org> arm64: dts: qcom: x1e80100: Describe the PCIe 6a resources Zhang Yi <zhangyi(a)everest-semi.com> ASoC: codecs: ES8326: button detect issue Krzysztof Stępniak <kfs.szk(a)gmail.com> ASoC: amd: yc: Support mic on Lenovo Thinkpad E14 Gen 6 ZHANG Yuntian <yt(a)radxa.com> net: usb: qmi_wwan: add MeiG Smart SRM825L Rik van Riel <riel(a)surriel.com> dma-debug: avoid deadlock between dma debug vs printk and netconsole Heng Qi <hengqi(a)linux.alibaba.com> virtio-net: check feature before configuring the vq coalescing command Richard Fitzgerald <rf(a)opensource.cirrus.com> i2c: Fix conditional for substituting empty ACPI functions Boris Burkov <boris(a)bur.io> btrfs: fix qgroup reserve leaks in cow_file_range Qu Wenruo <wqu(a)suse.com> btrfs: scrub: update last_physical after scrubbing one stripe Qu Wenruo <wqu(a)suse.com> btrfs: factor out stripe length calculation into a helper Shyam Sundar S K <Shyam-sundar.S-k(a)amd.com> platform/x86/amd/pmf: Add new ACPI ID AMDI0107 Luke D. Jones <luke(a)ljones.dev> platform/x86/amd: pmf: Add quirk for ROG Ally X Devyn Liu <liudingyuan(a)huawei.com> spi: hisi-kunpeng: Add validation for the minimum value of speed_hz Bruno Ancona <brunoanconasala(a)gmail.com> ASoC: amd: yc: Support mic on HP 14-em0002la Paulo Alcantara <pc(a)manguebit.com> smb: client: fix FSCTL_GET_REPARSE_POINT against NetApp Yevgeny Kliteynik <kliteyn(a)nvidia.com> net/mlx5: DR, Fix 'stack guard page was hit' error in dr_rule Takashi Iwai <tiwai(a)suse.de> ALSA: seq: ump: Explicitly reset RPN with Null RPN Takashi Iwai <tiwai(a)suse.de> ALSA: seq: ump: Transmit RPN/NRPN message at each MSB/LSB data reception Takashi Iwai <tiwai(a)suse.de> ALSA: seq: ump: Use the common RPN/bank conversion context Takashi Iwai <tiwai(a)suse.de> ALSA: ump: Explicitly reset RPN with Null RPN Takashi Iwai <tiwai(a)suse.de> ALSA: ump: Transmit RPN/NRPN message at each MSB/LSB data reception Perry Yuan <perry.yuan(a)amd.com> x86/CPU/AMD: Add models 0x60-0x6f to the Zen5 range Takashi Iwai <tiwai(a)suse.de> ALSA: hda/conexant: Mute speakers at suspend / shutdown Takashi Iwai <tiwai(a)suse.de> ALSA: hda/generic: Add a helper to mute speakers at suspend/shutdown Qu Wenruo <wqu(a)suse.com> btrfs: tree-checker: validate dref root and objectid Peter Wang <peter.wang(a)mediatek.com> scsi: ufs: core: Bypass quick recovery if force reset is needed Kyoungrul Kim <k831.kim(a)samsung.com> scsi: ufs: core: Check LSDBS cap when !mcq Philip Mueller <philm(a)manjaro.org> drm: panel-orientation-quirks: Add quirk for OrangePi Neo Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> drm/fb-helper: Don't schedule_work() to flush frame buffer during panic() ------------- Diffstat: Documentation/locking/hwspinlock.rst | 11 ++ Makefile | 4 +- arch/arm64/boot/dts/qcom/x1e80100-crd.dts | 81 +++++++++++ arch/arm64/boot/dts/qcom/x1e80100-qcp.dts | 81 +++++++++++ arch/x86/kernel/cpu/amd.c | 2 +- block/blk-integrity.c | 2 - crypto/ecc.c | 2 +- drivers/base/regmap/regmap-spi.c | 3 +- drivers/cpufreq/scmi-cpufreq.c | 4 +- drivers/crypto/stm32/stm32-cryp.c | 6 +- drivers/dma/altera-msgdma.c | 9 +- drivers/gpu/drm/amd/amdgpu/amdgpu_aca.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_afmt.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 9 +- drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c | 2 + drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c | 3 + drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 5 +- drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_eeprom.c | 6 +- drivers/gpu/drm/amd/amdgpu/amdgpu_eeprom.h | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu_gart.c | 6 +- drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c | 11 +- drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 3 + drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c | 19 +++ drivers/gpu/drm/amd/amdgpu/amdgpu_ras.h | 13 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c | 5 +- drivers/gpu/drm/amd/amdgpu/amdgpu_securedisplay.c | 4 + drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c | 15 +- drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c | 12 +- drivers/gpu/drm/amd/amdgpu/amdgpu_xgmi.c | 3 + drivers/gpu/drm/amd/amdgpu/aqua_vanjaram.c | 6 + drivers/gpu/drm/amd/amdgpu/df_v1_7.c | 2 + drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_5.c | 2 +- drivers/gpu/drm/amd/amdgpu/mmhub_v1_7.c | 2 +- drivers/gpu/drm/amd/amdgpu/mmhub_v2_0.c | 2 +- drivers/gpu/drm/amd/amdgpu/mmhub_v3_3.c | 2 +- drivers/gpu/drm/amd/amdgpu/mmhub_v9_4.c | 2 +- drivers/gpu/drm/amd/amdgpu/nbio_v7_4.c | 3 +- drivers/gpu/drm/amd/amdgpu/vcn_v5_0_0.c | 19 --- drivers/gpu/drm/amd/amdkfd/kfd_crat.h | 2 - drivers/gpu/drm/amd/amdkfd/kfd_debug.c | 4 +- drivers/gpu/drm/amd/amdkfd/kfd_int_process_v9.c | 4 +- .../gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 9 +- drivers/gpu/drm/amd/amdkfd/kfd_topology.c | 3 +- drivers/gpu/drm/amd/amdkfd/kfd_topology.h | 5 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 49 ++++--- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.h | 2 +- drivers/gpu/drm/amd/display/dc/bios/bios_parser.c | 18 ++- drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c | 7 +- .../drm/amd/display/dc/clk_mgr/dcn21/rn_clk_mgr.c | 3 +- drivers/gpu/drm/amd/display/dc/core/dc.c | 1 + .../gpu/drm/amd/display/dc/core/dc_link_exports.c | 3 + drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 8 +- drivers/gpu/drm/amd/display/dc/core/dc_state.c | 10 +- drivers/gpu/drm/amd/display/dc/dce/dmub_abm_lcd.c | 2 +- drivers/gpu/drm/amd/display/dc/dce/dmub_replay.c | 3 +- .../gpu/drm/amd/display/dc/dcn20/dcn20_dwb_scl.c | 3 + drivers/gpu/drm/amd/display/dc/dcn35/dcn35_dccg.c | 2 +- .../gpu/drm/amd/display/dc/dml/calcs/dcn_calcs.c | 7 +- .../gpu/drm/amd/display/dc/dml/dcn302/dcn302_fpu.c | 10 ++ .../gpu/drm/amd/display/dc/dml/dcn303/dcn303_fpu.c | 10 ++ .../gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c | 10 ++ .../gpu/drm/amd/display/dc/dml/dcn321/dcn321_fpu.c | 10 ++ .../gpu/drm/amd/display/dc/dml/display_mode_vba.c | 7 +- drivers/gpu/drm/amd/display/dc/gpio/gpio_service.c | 17 ++- drivers/gpu/drm/amd/display/dc/hdcp/hdcp_msg.c | 17 ++- .../drm/amd/display/dc/hwss/dcn201/dcn201_hwseq.c | 3 + .../drm/amd/display/dc/hwss/dcn21/dcn21_hwseq.c | 2 +- .../drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 3 +- .../display/dc/link/protocols/link_dp_capability.c | 26 ++-- .../display/dc/link/protocols/link_dp_training.c | 4 +- .../drm/amd/display/dc/link/protocols/link_dpcd.c | 1 + .../amd/display/dc/resource/dce80/dce80_resource.c | 1 + .../amd/display/dc/resource/dcn31/dcn31_resource.c | 1 + .../display/dc/resource/dcn314/dcn314_resource.c | 4 +- .../amd/display/dc/resource/dcn35/dcn35_resource.c | 2 + .../display/dc/resource/dcn351/dcn351_resource.c | 1 + drivers/gpu/drm/amd/display/dmub/src/dmub_dcn35.c | 5 +- .../gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c | 28 +++- drivers/gpu/drm/amd/pm/powerplay/amd_powerplay.c | 2 +- drivers/gpu/drm/amd/pm/powerplay/hwmgr/pp_psm.c | 13 +- .../gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c | 5 +- .../gpu/drm/amd/pm/powerplay/hwmgr/smu10_hwmgr.c | 29 +++- .../gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c | 2 +- .../gpu/drm/amd/pm/powerplay/hwmgr/smu8_hwmgr.c | 15 +- .../gpu/drm/amd/pm/powerplay/hwmgr/vega10_hwmgr.c | 60 ++++++-- .../gpu/drm/amd/pm/powerplay/hwmgr/vega12_hwmgr.c | 20 ++- .../gpu/drm/amd/pm/powerplay/hwmgr/vega20_hwmgr.c | 31 ++-- .../drm/amd/pm/powerplay/smumgr/vega10_smumgr.c | 6 +- drivers/gpu/drm/amd/pm/swsmu/inc/smu_v13_0.h | 4 + drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c | 5 + drivers/gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c | 31 +++- .../drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.c | 4 + drivers/gpu/drm/amd/pm/swsmu/smu11/vangogh_ppt.c | 14 ++ drivers/gpu/drm/amd/pm/swsmu/smu13/aldebaran_ppt.c | 3 +- drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0.c | 55 ++++--- .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c | 5 + .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_4_ppt.c | 28 +--- .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_5_ppt.c | 28 +--- .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_6_ppt.c | 2 + .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_7_ppt.c | 4 + .../gpu/drm/amd/pm/swsmu/smu13/yellow_carp_ppt.c | 28 +--- .../gpu/drm/amd/pm/swsmu/smu14/smu_v14_0_2_ppt.c | 5 + drivers/gpu/drm/bridge/tc358767.c | 2 +- drivers/gpu/drm/drm_bridge.c | 5 - drivers/gpu/drm/drm_fb_helper.c | 11 ++ drivers/gpu/drm/drm_panel_orientation_quirks.c | 6 + drivers/gpu/drm/meson/meson_plane.c | 17 ++- drivers/gpu/drm/xe/xe_force_wake.h | 13 +- drivers/gpu/drm/xe/xe_gt_ccs_mode.c | 4 +- drivers/gpu/drm/xe/xe_gt_topology.c | 4 +- drivers/gpu/drm/xe/xe_guc_relay.c | 9 +- drivers/gpu/drm/xe/xe_guc_submit.c | 5 + drivers/gpu/drm/xe/xe_hwmon.c | 9 +- drivers/gpu/drm/xe/xe_migrate.c | 55 +++++-- drivers/gpu/drm/xe/xe_pcode.c | 6 +- drivers/hwmon/k10temp.c | 36 +++-- drivers/hwspinlock/hwspinlock_core.c | 28 ++++ drivers/hwspinlock/hwspinlock_internal.h | 3 + drivers/iio/industrialio-core.c | 7 +- drivers/iio/industrialio-event.c | 9 ++ drivers/iio/inkern.c | 32 +++-- drivers/infiniband/hw/efa/efa_com.c | 30 ++-- drivers/media/usb/uvc/uvc_driver.c | 18 ++- drivers/media/v4l2-core/v4l2-cci.c | 9 ++ drivers/net/ethernet/mellanox/mlx5/core/en_rx.c | 3 +- .../ethernet/mellanox/mlx5/core/steering/dr_rule.c | 2 +- drivers/net/ethernet/pensando/ionic/ionic_lif.c | 2 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/virtio_net.c | 6 + drivers/net/wireless/ath/ath11k/qmi.c | 2 +- drivers/net/wireless/ath/ath12k/dp_rx.c | 2 +- drivers/net/wireless/ath/ath12k/qmi.c | 2 +- drivers/net/wireless/intel/iwlwifi/fw/debugfs.c | 3 +- drivers/net/wireless/intel/iwlwifi/fw/runtime.h | 1 - drivers/net/wireless/intel/iwlwifi/mvm/link.c | 14 +- drivers/net/wireless/intel/iwlwifi/mvm/ops.c | 6 - .../net/wireless/intel/iwlwifi/mvm/tests/links.c | 1 + drivers/net/wireless/realtek/rtw89/ser.c | 8 +- drivers/pci/controller/dwc/pcie-al.c | 16 ++- drivers/pinctrl/core.c | 1 + drivers/pinctrl/renesas/pinctrl-rzg2l.c | 12 +- drivers/platform/chrome/cros_ec_lpc_mec.c | 76 +++++++++- drivers/platform/chrome/cros_ec_lpc_mec.h | 11 ++ drivers/platform/x86/amd/pmf/core.c | 3 + drivers/platform/x86/amd/pmf/pmf-quirks.c | 9 +- drivers/ras/amd/atl/dehash.c | 43 ------ drivers/ras/amd/atl/map.c | 77 ++++++++++ drivers/remoteproc/mtk_scp.c | 2 +- drivers/remoteproc/qcom_q6v5_pas.c | 11 ++ drivers/soc/qcom/smem.c | 26 ++++ drivers/spi/spi-hisi-kunpeng.c | 1 + drivers/thermal/thermal_sysfs.c | 6 +- drivers/thermal/thermal_trip.c | 2 +- drivers/ufs/core/ufshcd.c | 19 ++- drivers/usb/typec/ucsi/ucsi.h | 2 +- drivers/usb/usbip/stub_rx.c | 77 ++++++---- fs/btrfs/inode.c | 3 + fs/btrfs/scrub.c | 25 +++- fs/btrfs/tree-checker.c | 47 ++++++ fs/f2fs/f2fs.h | 2 +- fs/f2fs/inline.c | 20 ++- fs/f2fs/inode.c | 2 +- fs/gfs2/quota.c | 19 +-- fs/gfs2/util.c | 6 +- fs/notify/fsnotify.c | 31 ++-- fs/notify/fsnotify.h | 2 +- fs/notify/mark.c | 32 ++++- fs/smb/client/smb2inode.c | 6 +- include/clocksource/timer-xilinx.h | 2 +- include/linux/fsnotify_backend.h | 8 +- include/linux/hwspinlock.h | 6 + include/linux/i2c.h | 2 +- include/linux/soc/qcom/smem.h | 2 + include/net/inet_timewait_sock.h | 6 +- include/net/ip.h | 3 +- include/net/tcp.h | 2 +- include/sound/ump_convert.h | 1 + include/ufs/ufshcd.h | 1 + include/ufs/ufshci.h | 1 + kernel/dma/debug.c | 5 +- kernel/rcu/tree.h | 1 - kernel/rcu/tree_nocb.h | 32 +---- mm/filemap.c | 2 +- net/dccp/minisocks.c | 3 +- net/ipv4/fib_semantics.c | 5 +- net/ipv4/inet_timewait_sock.c | 52 ++++++- net/ipv4/metrics.c | 8 +- net/ipv4/tcp_cong.c | 11 +- net/ipv4/tcp_ipv4.c | 14 +- net/ipv4/tcp_minisocks.c | 25 ++-- net/ipv6/route.c | 2 +- net/ipv6/tcp_ipv6.c | 6 +- net/mac80211/main.c | 3 +- net/wireless/ibss.c | 5 +- net/wireless/mesh.c | 5 +- net/wireless/nl80211.c | 21 ++- net/wireless/scan.c | 46 ++++-- security/apparmor/apparmorfs.c | 4 + security/smack/smack_lsm.c | 2 +- sound/core/seq/seq_ports.h | 14 +- sound/core/seq/seq_ump_convert.c | 97 ++++++++----- sound/core/ump_convert.c | 60 +++++--- sound/pci/hda/hda_generic.c | 63 ++++++++ sound/pci/hda/hda_generic.h | 1 + sound/pci/hda/patch_conexant.c | 2 + sound/soc/amd/yc/acp6x-mach.c | 14 ++ sound/soc/codecs/es8326.c | 2 + tools/testing/selftests/net/mptcp/mptcp_join.sh | 160 ++++++++++++++++++++- tools/testing/selftests/net/mptcp/mptcp_lib.sh | 4 + 210 files changed, 2044 insertions(+), 695 deletions(-)

1 year

8
7
0 0

[PATCH] drm/i915/guc: prevent a possible int overflow in wq offsets

by Nikita Zhandarovich

It may be possible for the sum of the values derived from i915_ggtt_offset() and __get_parent_scratch_offset()/ i915_ggtt_offset() to go over the u32 limit before being assigned to wq offsets of u64 type. Mitigate these issues by expanding one of the right operands to u64 to avoid any overflow issues just in case. Found by Linux Verification Center (linuxtesting.org) with static analysis tool SVACE. Fixes: 2584b3549f4c ("drm/i915/guc: Update to GuC version 70.1.1") Cc: stable(a)vger.kernel.org Signed-off-by: Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> --- drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c b/drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c index 9400d0eb682b..908ebfa22933 100644 --- a/drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c +++ b/drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c @@ -2842,9 +2842,9 @@ static void prepare_context_registration_info_v70(struct intel_context *ce, ce->parallel.guc.wqi_tail = 0; ce->parallel.guc.wqi_head = 0; - wq_desc_offset = i915_ggtt_offset(ce->state) + + wq_desc_offset = (u64)i915_ggtt_offset(ce->state) + __get_parent_scratch_offset(ce); - wq_base_offset = i915_ggtt_offset(ce->state) + + wq_base_offset = (u64)i915_ggtt_offset(ce->state) + __get_wq_offset(ce); info->wq_desc_lo = lower_32_bits(wq_desc_offset); info->wq_desc_hi = upper_32_bits(wq_desc_offset);

1 year

3
3
0 0

[PATCH v2 RESEND] tpm: export tpm2_sessions_init() to fix ibmvtpm building

by Kexy Biscuit

Commit 08d08e2e9f0a ("tpm: ibmvtpm: Call tpm2_sessions_init() to initialize session support") adds call to tpm2_sessions_init() in ibmvtpm, which could be built as a module. However, tpm2_sessions_init() wasn't exported, causing libmvtpm to fail to build as a module: ERROR: modpost: "tpm2_sessions_init" [drivers/char/tpm/tpm_ibmvtpm.ko] undefined! Export tpm2_sessions_init() to resolve the issue. Cc: stable(a)vger.kernel.org # v6.10+ Reported-by: kernel test robot <lkp(a)intel.com> Closes: https://lore.kernel.org/oe-kbuild-all/202408051735.ZJkAPQ3b-lkp@intel.com/ Fixes: 08d08e2e9f0a ("tpm: ibmvtpm: Call tpm2_sessions_init() to initialize session support") Signed-off-by: Kexy Biscuit <kexybiscuit(a)aosc.io> Signed-off-by: Mingcong Bai <jeffbai(a)aosc.io> --- V1 -> V2: Added Fixes tag and fixed email format RESEND: The previous email was sent directly to stable-rc review drivers/char/tpm/tpm2-sessions.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/char/tpm/tpm2-sessions.c b/drivers/char/tpm/tpm2-sessions.c index d3521aadd43e..44f60730cff4 100644 --- a/drivers/char/tpm/tpm2-sessions.c +++ b/drivers/char/tpm/tpm2-sessions.c @@ -1362,4 +1362,5 @@ int tpm2_sessions_init(struct tpm_chip *chip) return rc; } +EXPORT_SYMBOL(tpm2_sessions_init); #endif /* CONFIG_TCG_TPM2_HMAC */ -- 2.46.0

1 year

3
3
0 0

Missing fix backports detected by syzbot

by Aleksandr Nogikh

Hi Greg, Sasha, A number of commits were identified[1] by syzbot as non-backported fixes for the fuzzer-detected findings in various Linux LTS trees. [1] https://syzkaller.appspot.com/upstream/backports Please consider backporting the following commits to LTS v6.1: 9a8ec9e8ebb5a7c0cfbce2d6b4a6b67b2b78e8f3 "Bluetooth: SCO: Fix possible circular locking dependency on sco_connect_cfm" (fixes 9a8ec9e) 3dcaa192ac2159193bc6ab57bc5369dcb84edd8e "Bluetooth: SCO: fix sco_conn related locking and validity issues" 3f5424790d4377839093b68c12b130077a4e4510 "ext4: fix inode tree inconsistency caused by ENOMEM" 7b0151caf73a656b75b550e361648430233455a0 "KVM: x86: Remove WARN sanity check on hypervisor timer vs. UNINITIALIZED vCPU" c2efd13a2ed4f29bf9ef14ac2fbb7474084655f8 "udf: Limit file size to 4TB" 4b827b3f305d1fcf837265f1e12acc22ee84327c "xfs: remove WARN when dquot cache insertion fails" These were verified to apply cleanly on top of v6.1.107 and to build/boot. The following commits to LTS v5.15: 8216776ccff6fcd40e3fdaa109aa4150ebe760b3 "ext4: reject casefold inode flag without casefold feature" c2efd13a2ed4f29bf9ef14ac2fbb7474084655f8 "udf: Limit file size to 4TB" These were verified to apply cleanly on top of v5.15.165 and to build/boot. The following commits to LTS v5.10: 04e568a3b31cfbd545c04c8bfc35c20e5ccfce0f "ext4: handle redirtying in ext4_bio_write_page()" 2a1fc7dc36260fbe74b6ca29dc6d9088194a2115 "KVM: x86: Suppress MMIO that is triggered during task switch emulation" 2454ad83b90afbc6ed2c22ec1310b624c40bf0d3 "fs: Restrict lock_two_nondirectories() to non-directory inodes" (fixes 2454ad) 33ab231f83cc12d0157711bbf84e180c3be7d7bc "fs: don't assume arguments are non-NULL" These were verified to apply cleanly on top of v5.10.224 and to build/boot. There are also a lot of syzbot-detected fix commits that did not apply cleanly, but the conflicts seem to be quite straightforward to resolve manually. Could you please share what the current process is with respect to such fix patches? For example, are you sending emails asking developers to adjust the non-applied patch (if they want), or is it the other way around -- you expect the authors to be proactive and send the adjusted patch versions themselves? Some sample commits, which failed to apply to v6.1.107: ff91059932401894e6c86341915615c5eb0eca48 "bpf, sockmap: Prevent lock inversion deadlock in map delete elem" f8f210dc84709804c9f952297f2bfafa6ea6b4bd "btrfs: calculate the right space for delayed refs when updating global reserve" -- Aleksandr

1 year

2
5
0 0

[PATCH 1/1] io_uring/sqpoll: inherit cpumask of creating process

by Felix Moessbauer

The submit queue polling threads are "kernel" threads that are started from the userland. In case the userland task is part of a cgroup with the cpuset controller enabled, the poller should also stay within that cpuset. This also holds, as the poller belongs to the same cgroup as the task that started it. With the current implementation, a process can "break out" of the defined cpuset by creating sq pollers consuming CPU time on other CPUs, which is especially problematic for realtime applications. Part of this problem was fixed in a5fc1441 by dropping the PF_NO_SETAFFINITY flag, but this only becomes effective after the first modification of the cpuset (i.e. the pollers cpuset is correct after the first update of the enclosing cgroups cpuset). By inheriting the cpuset of the creating tasks, we ensure that the poller is created with a cpumask that is a subset of the cgroups mask. Inheriting the creators cpumask is reasonable, as other userland tasks also inherit the mask. Fixes: 37d1e2e3642e ("io_uring: move SQPOLL thread io-wq forked worker") Cc: stable(a)vger.kernel.org # 6.1+ Signed-off-by: Felix Moessbauer <felix.moessbauer(a)siemens.com> --- io_uring/sqpoll.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/io_uring/sqpoll.c b/io_uring/sqpoll.c index 3b50dc9586d1..4681b2c41a96 100644 --- a/io_uring/sqpoll.c +++ b/io_uring/sqpoll.c @@ -289,7 +289,7 @@ static int io_sq_thread(void *data) if (sqd->sq_cpu != -1) { set_cpus_allowed_ptr(current, cpumask_of(sqd->sq_cpu)); } else { - set_cpus_allowed_ptr(current, cpu_online_mask); + set_cpus_allowed_ptr(current, sqd->thread->cpus_ptr); sqd->sq_cpu = raw_smp_processor_id(); } -- 2.39.2

1 year

3
5
0 0

[PATCH] of/irq: handle irq_of_parse_and_map() errors

by Ma Ke

Zero and negative number is not a valid IRQ for in-kernel code and the irq_of_parse_and_map() function returns zero on error. So this check for valid IRQs should only accept values > 0. Cc: stable(a)vger.kernel.org Fixes: f7578496a671 ("of/irq: Use irq_of_parse_and_map()") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- drivers/i2c/busses/i2c-cpm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/i2c/busses/i2c-cpm.c b/drivers/i2c/busses/i2c-cpm.c index 4794ec066eb0..41e3c95c0ef7 100644 --- a/drivers/i2c/busses/i2c-cpm.c +++ b/drivers/i2c/busses/i2c-cpm.c @@ -435,7 +435,7 @@ static int cpm_i2c_setup(struct cpm_i2c *cpm) init_waitqueue_head(&cpm->i2c_wait); cpm->irq = irq_of_parse_and_map(ofdev->dev.of_node, 0); - if (!cpm->irq) + if (cpm->irq <= 0) return -EINVAL; /* Install interrupt handler. */ -- 2.25.1

1 year

4
3
0 0

[PATCH 1/8] serial: qcom-geni: fix fifo polling timeout

by Johan Hovold

The qcom_geni_serial_poll_bit() can be used to wait for events like command completion and is supposed to wait for the time it takes to clear a full fifo before timing out. As noted by Doug, the current implementation does not account for start, stop and parity bits when determining the timeout. The helper also does not currently account for the shift register and the two-word intermediate transfer register. Instead of determining the fifo timeout on every call, store the timeout when updating it in set_termios() and wait for up to 19/16 the time it takes to clear the 16 word fifo to account for the shift and intermediate registers. Note that serial core has already added a 20 ms margin to the fifo timeout. Also note that the current uart_fifo_timeout() interface does unnecessary calculations on every call and also did not exists in earlier kernels so only store its result once. This also facilitates backports as earlier kernels can derive the timeout from uport->timeout, which has since been removed. Fixes: c4f528795d1a ("tty: serial: msm_geni_serial: Add serial driver support for GENI based QUP") Cc: stable(a)vger.kernel.org # 4.17 Reported-by: Douglas Anderson <dianders(a)chromium.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/tty/serial/qcom_geni_serial.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/drivers/tty/serial/qcom_geni_serial.c b/drivers/tty/serial/qcom_geni_serial.c index 69a632fefc41..e1926124339d 100644 --- a/drivers/tty/serial/qcom_geni_serial.c +++ b/drivers/tty/serial/qcom_geni_serial.c @@ -124,7 +124,7 @@ struct qcom_geni_serial_port { dma_addr_t tx_dma_addr; dma_addr_t rx_dma_addr; bool setup; - unsigned int baud; + unsigned long fifo_timeout_us; unsigned long clk_rate; void *rx_buf; u32 loopback; @@ -270,22 +270,21 @@ static bool qcom_geni_serial_poll_bit(struct uart_port *uport, { u32 reg; struct qcom_geni_serial_port *port; - unsigned int baud; - unsigned int fifo_bits; unsigned long timeout_us = 20000; struct qcom_geni_private_data *private_data = uport->private_data; if (private_data->drv) { port = to_dev_port(uport); - baud = port->baud; - if (!baud) - baud = 115200; - fifo_bits = port->tx_fifo_depth * port->tx_fifo_width; + /* - * Total polling iterations based on FIFO worth of bytes to be - * sent at current baud. Add a little fluff to the wait. + * Wait up to 19/16 the time it would take to clear a full + * FIFO, which accounts for the three words in the shift and + * intermediate registers. + * + * Note that fifo_timeout_us already has a 20 ms margin. */ - timeout_us = ((fifo_bits * USEC_PER_SEC) / baud) + 500; + if (port->fifo_timeout_us) + timeout_us = 19 * port->fifo_timeout_us / 16; } /* @@ -1248,7 +1247,6 @@ static void qcom_geni_serial_set_termios(struct uart_port *uport, qcom_geni_serial_stop_rx(uport); /* baud rate */ baud = uart_get_baud_rate(uport, termios, old, 300, 4000000); - port->baud = baud; sampling_rate = UART_OVERSAMPLING; /* Sampling rate is halved for IP versions >= 2.5 */ @@ -1326,8 +1324,10 @@ static void qcom_geni_serial_set_termios(struct uart_port *uport, else tx_trans_cfg |= UART_CTS_MASK; - if (baud) + if (baud) { uart_update_timeout(uport, termios->c_cflag, baud); + port->fifo_timeout_us = jiffies_to_usecs(uart_fifo_timeout(uport)); + } if (!uart_console(uport)) writel(port->loopback, -- 2.44.2

1 year

3
3
0 0

[PATCH v2 8/8] serial: qcom-geni: fix polled console corruption

by Johan Hovold

The polled UART operations are used by the kernel debugger (KDB, KGDB), which can interrupt the kernel at any point in time. The current Qualcomm GENI implementation does not really work when there is on-going serial output as it inadvertently "hijacks" the current tx command, which can result in both the initial debugger output being corrupted as well as the corruption of any on-going serial output (up to 4k characters) when execution resumes: 0190: abcdefghijklmnopqrstuvwxyz0123456789 0190: abcdefghijklmnopqrstuvwxyz0123456789 0191: abcdefghijklmnop[ 50.825552] sysrq: DEBUG qrstuvwxyz0123456789 0191: abcdefghijklmnopqrstuvwxyz0123456789 Entering kdb (current=0xffff53510b4cd280, pid 640) on processor 2 due to Keyboard Entry [2]kdb> go omlji3h3h2g2g1f1f0e0ezdzdycycxbxbwawav :t72r2rp o9n976k5j5j4i4i3h3h2g2g1f1f0e0ezdzdycycxbxbwawavu:t7t8s8s8r2r2q0q0p o9n9n8ml6k6k5j5j4i4i3h3h2g2g1f1f0e0ezdzdycycxbxbwawav v u:u:t9t0s4s4rq0p o9n9n8m8m7l7l6k6k5j5j40q0p p o o9n9n8m8m7l7l6k6k5j5j4i4i3h3h2g2g1f1f0e0ezdzdycycxbxbwawav :t8t9s4s4r4r4q0q0p Fix this by making sure that the polled output implementation waits for the tx fifo to drain before cancelling any on-going longer transfers. As the polled code cannot take any locks, leave the state variables as they are and instead make sure that the interrupt handler always starts a new tx command when there is data in the write buffer. Since the debugger can interrupt the interrupt handler when it is writing data to the tx fifo, it is currently not possible to fully prevent losing up to 64 bytes of tty output on resume. Fixes: c4f528795d1a ("tty: serial: msm_geni_serial: Add serial driver support for GENI based QUP") Cc: stable(a)vger.kernel.org # 4.17 Reviewed-by: Douglas Anderson <dianders(a)chromium.org> Tested-by: Nícolas F. R. A. Prado <nfraprado(a)collabora.com> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/tty/serial/qcom_geni_serial.c | 27 ++++++++++++++++++--------- 1 file changed, 18 insertions(+), 9 deletions(-) diff --git a/drivers/tty/serial/qcom_geni_serial.c b/drivers/tty/serial/qcom_geni_serial.c index f23fd0ac3cfd..6f0db310cf69 100644 --- a/drivers/tty/serial/qcom_geni_serial.c +++ b/drivers/tty/serial/qcom_geni_serial.c @@ -145,6 +145,7 @@ static const struct uart_ops qcom_geni_uart_pops; static struct uart_driver qcom_geni_console_driver; static struct uart_driver qcom_geni_uart_driver; +static void __qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport); static void qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport); static inline struct qcom_geni_serial_port *to_dev_port(struct uart_port *uport) @@ -384,13 +385,14 @@ static int qcom_geni_serial_get_char(struct uart_port *uport) static void qcom_geni_serial_poll_put_char(struct uart_port *uport, unsigned char c) { - writel(DEF_TX_WM, uport->membase + SE_GENI_TX_WATERMARK_REG); + if (qcom_geni_serial_main_active(uport)) { + qcom_geni_serial_poll_tx_done(uport); + __qcom_geni_serial_cancel_tx_cmd(uport); + } + writel(M_CMD_DONE_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); qcom_geni_serial_setup_tx(uport, 1); - WARN_ON(!qcom_geni_serial_poll_bit(uport, SE_GENI_M_IRQ_STATUS, - M_TX_FIFO_WATERMARK_EN, true)); writel(c, uport->membase + SE_GENI_TX_FIFOn); - writel(M_TX_FIFO_WATERMARK_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); qcom_geni_serial_poll_tx_done(uport); } #endif @@ -677,13 +679,10 @@ static void qcom_geni_serial_stop_tx_fifo(struct uart_port *uport) writel(irq_en, uport->membase + SE_GENI_M_IRQ_EN); } -static void qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport) +static void __qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport) { struct qcom_geni_serial_port *port = to_dev_port(uport); - if (!qcom_geni_serial_main_active(uport)) - return; - geni_se_cancel_m_cmd(&port->se); if (!qcom_geni_serial_poll_bit(uport, SE_GENI_M_IRQ_STATUS, M_CMD_CANCEL_EN, true)) { @@ -693,6 +692,16 @@ static void qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport) writel(M_CMD_ABORT_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); } writel(M_CMD_CANCEL_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); +} + +static void qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport) +{ + struct qcom_geni_serial_port *port = to_dev_port(uport); + + if (!qcom_geni_serial_main_active(uport)) + return; + + __qcom_geni_serial_cancel_tx_cmd(uport); port->tx_remaining = 0; port->tx_queued = 0; @@ -919,7 +928,7 @@ static void qcom_geni_serial_handle_tx_fifo(struct uart_port *uport, if (!chunk) goto out_write_wakeup; - if (!port->tx_remaining) { + if (!active) { qcom_geni_serial_setup_tx(uport, pending); port->tx_remaining = pending; port->tx_queued = 0; -- 2.44.2

1 year

1
0
0 0

[PATCH v2 6/8] serial: qcom-geni: fix console corruption

by Johan Hovold

The Qualcomm serial console implementation is broken and can lose characters when the serial port is also used for tty output. Specifically, the console code only waits for the current tx command to complete when all data has already been written to the fifo. When there are on-going longer transfers this often means that console output is lost when the console code inadvertently "hijacks" the current tx command instead of starting a new one. This can, for example, be observed during boot when console output that should have been interspersed with init output is truncated: [ 9.462317] qcom-snps-eusb2-hsphy fde000.phy: Registered Qcom-eUSB2 phy [ OK ] Found device KBG50ZNS256G KIOXIA Wi[ 9.471743ndows. [ 9.539915] xhci-hcd xhci-hcd.0.auto: xHCI Host Controller Add a new state variable to track how much data has been written to the fifo and use it to determine when the fifo and shift register are both empty. This is needed since there is currently no other known way to determine when the shift register is empty. This in turn allows the console code to interrupt long transfers without losing data. Note that the oops-in-progress case is similarly broken as it does not cancel any active command and also waits for the wrong status flag when attempting to drain the fifo (TX_FIFO_NOT_EMPTY_EN is only set when cancelling a command leaves data in the fifo). Fixes: c4f528795d1a ("tty: serial: msm_geni_serial: Add serial driver support for GENI based QUP") Fixes: a1fee899e5be ("tty: serial: qcom_geni_serial: Fix softlock") Fixes: 9e957a155005 ("serial: qcom-geni: Don't cancel/abort if we can't get the port lock") Cc: stable(a)vger.kernel.org # 4.17 Reviewed-by: Douglas Anderson <dianders(a)chromium.org> Tested-by: Nícolas F. R. A. Prado <nfraprado(a)collabora.com> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/tty/serial/qcom_geni_serial.c | 45 +++++++++++++-------------- 1 file changed, 22 insertions(+), 23 deletions(-) diff --git a/drivers/tty/serial/qcom_geni_serial.c b/drivers/tty/serial/qcom_geni_serial.c index 7bbd70c30620..f8f6e9466b40 100644 --- a/drivers/tty/serial/qcom_geni_serial.c +++ b/drivers/tty/serial/qcom_geni_serial.c @@ -131,6 +131,7 @@ struct qcom_geni_serial_port { bool brk; unsigned int tx_remaining; + unsigned int tx_queued; int wakeup_irq; bool rx_tx_swap; bool cts_rts_swap; @@ -144,6 +145,8 @@ static const struct uart_ops qcom_geni_uart_pops; static struct uart_driver qcom_geni_console_driver; static struct uart_driver qcom_geni_uart_driver; +static void qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport); + static inline struct qcom_geni_serial_port *to_dev_port(struct uart_port *uport) { return container_of(uport, struct qcom_geni_serial_port, uport); @@ -393,6 +396,14 @@ static void qcom_geni_serial_poll_put_char(struct uart_port *uport, #endif #ifdef CONFIG_SERIAL_QCOM_GENI_CONSOLE +static void qcom_geni_serial_drain_fifo(struct uart_port *uport) +{ + struct qcom_geni_serial_port *port = to_dev_port(uport); + + qcom_geni_serial_poll_bitfield(uport, SE_GENI_M_GP_LENGTH, GP_LENGTH, + port->tx_queued); +} + static void qcom_geni_serial_wr_char(struct uart_port *uport, unsigned char ch) { struct qcom_geni_private_data *private_data = uport->private_data; @@ -468,7 +479,6 @@ static void qcom_geni_serial_console_write(struct console *co, const char *s, struct qcom_geni_serial_port *port; bool locked = true; unsigned long flags; - u32 geni_status; WARN_ON(co->index < 0 || co->index >= GENI_UART_CONS_PORTS); @@ -482,34 +492,20 @@ static void qcom_geni_serial_console_write(struct console *co, const char *s, else uart_port_lock_irqsave(uport, &flags); - geni_status = readl(uport->membase + SE_GENI_STATUS); + if (qcom_geni_serial_main_active(uport)) { + /* Wait for completion or drain FIFO */ + if (!locked || port->tx_remaining == 0) + qcom_geni_serial_poll_tx_done(uport); + else + qcom_geni_serial_drain_fifo(uport); - if (!locked) { - /* - * We can only get here if an oops is in progress then we were - * unable to get the lock. This means we can't safely access - * our state variables like tx_remaining. About the best we - * can do is wait for the FIFO to be empty before we start our - * transfer, so we'll do that. - */ - qcom_geni_serial_poll_bit(uport, SE_GENI_M_IRQ_STATUS, - M_TX_FIFO_NOT_EMPTY_EN, false); - } else if ((geni_status & M_GENI_CMD_ACTIVE) && !port->tx_remaining) { - /* - * It seems we can't interrupt existing transfers if all data - * has been sent, in which case we need to look for done first. - */ - qcom_geni_serial_poll_tx_done(uport); + qcom_geni_serial_cancel_tx_cmd(uport); } __qcom_geni_serial_console_write(uport, s, count); - - if (locked) { - if (port->tx_remaining) - qcom_geni_serial_setup_tx(uport, port->tx_remaining); + if (locked) uart_port_unlock_irqrestore(uport, flags); - } } static void handle_rx_console(struct uart_port *uport, u32 bytes, bool drop) @@ -690,6 +686,7 @@ static void qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport) writel(M_CMD_CANCEL_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); port->tx_remaining = 0; + port->tx_queued = 0; } static void qcom_geni_serial_handle_rx_fifo(struct uart_port *uport, bool drop) @@ -916,6 +913,7 @@ static void qcom_geni_serial_handle_tx_fifo(struct uart_port *uport, if (!port->tx_remaining) { qcom_geni_serial_setup_tx(uport, pending); port->tx_remaining = pending; + port->tx_queued = 0; irq_en = readl(uport->membase + SE_GENI_M_IRQ_EN); if (!(irq_en & M_TX_FIFO_WATERMARK_EN)) @@ -924,6 +922,7 @@ static void qcom_geni_serial_handle_tx_fifo(struct uart_port *uport, } qcom_geni_serial_send_chunk_fifo(uport, chunk); + port->tx_queued += chunk; /* * The tx fifo watermark is level triggered and latched. Though we had -- 2.44.2

1 year

1
0
0 0

[PATCH v2 2/8] serial: qcom-geni: fix false console tx restart

by Johan Hovold

Commit 663abb1a7a7f ("tty: serial: qcom_geni_serial: Fix UART hang") addressed an issue with stalled tx after the console code interrupted the last bytes of a tx command by reenabling the watermark interrupt if there is data in write buffer. This can however break software flow control by re-enabling tx after the user has stopped it. Address the original issue by not clearing the CMD_DONE flag after polling for command completion. This allows the interrupt handler to start another transfer when the CMD_DONE interrupt has not been disabled due to flow control. Fixes: c4f528795d1a ("tty: serial: msm_geni_serial: Add serial driver support for GENI based QUP") Fixes: 663abb1a7a7f ("tty: serial: qcom_geni_serial: Fix UART hang") Cc: stable(a)vger.kernel.org # 4.17 Reviewed-by: Douglas Anderson <dianders(a)chromium.org> Tested-by: Nícolas F. R. A. Prado <nfraprado(a)collabora.com> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/tty/serial/qcom_geni_serial.c | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/drivers/tty/serial/qcom_geni_serial.c b/drivers/tty/serial/qcom_geni_serial.c index 309c0bddf26a..b88435c0ea50 100644 --- a/drivers/tty/serial/qcom_geni_serial.c +++ b/drivers/tty/serial/qcom_geni_serial.c @@ -306,18 +306,16 @@ static void qcom_geni_serial_setup_tx(struct uart_port *uport, u32 xmit_size) static void qcom_geni_serial_poll_tx_done(struct uart_port *uport) { int done; - u32 irq_clear = M_CMD_DONE_EN; done = qcom_geni_serial_poll_bit(uport, SE_GENI_M_IRQ_STATUS, M_CMD_DONE_EN, true); if (!done) { writel(M_GENI_CMD_ABORT, uport->membase + SE_GENI_M_CMD_CTRL_REG); - irq_clear |= M_CMD_ABORT_EN; qcom_geni_serial_poll_bit(uport, SE_GENI_M_IRQ_STATUS, M_CMD_ABORT_EN, true); + writel(M_CMD_ABORT_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); } - writel(irq_clear, uport->membase + SE_GENI_M_IRQ_CLEAR); } static void qcom_geni_serial_abort_rx(struct uart_port *uport) @@ -378,6 +376,7 @@ static void qcom_geni_serial_poll_put_char(struct uart_port *uport, unsigned char c) { writel(DEF_TX_WM, uport->membase + SE_GENI_TX_WATERMARK_REG); + writel(M_CMD_DONE_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); qcom_geni_serial_setup_tx(uport, 1); WARN_ON(!qcom_geni_serial_poll_bit(uport, SE_GENI_M_IRQ_STATUS, M_TX_FIFO_WATERMARK_EN, true)); @@ -422,6 +421,7 @@ __qcom_geni_serial_console_write(struct uart_port *uport, const char *s, } writel(DEF_TX_WM, uport->membase + SE_GENI_TX_WATERMARK_REG); + writel(M_CMD_DONE_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); qcom_geni_serial_setup_tx(uport, bytes_to_send); for (i = 0; i < count; ) { size_t chars_to_write = 0; @@ -463,7 +463,6 @@ static void qcom_geni_serial_console_write(struct console *co, const char *s, bool locked = true; unsigned long flags; u32 geni_status; - u32 irq_en; WARN_ON(co->index < 0 || co->index >= GENI_UART_CONS_PORTS); @@ -495,12 +494,6 @@ static void qcom_geni_serial_console_write(struct console *co, const char *s, * has been sent, in which case we need to look for done first. */ qcom_geni_serial_poll_tx_done(uport); - - if (!kfifo_is_empty(&uport->state->port.xmit_fifo)) { - irq_en = readl(uport->membase + SE_GENI_M_IRQ_EN); - writel(irq_en | M_TX_FIFO_WATERMARK_EN, - uport->membase + SE_GENI_M_IRQ_EN); - } } __qcom_geni_serial_console_write(uport, s, count); -- 2.44.2

1 year

1
0
0 0

[Backport request for 5.4.y] reset: hi6220: Add support for AO reset controller

by Yongqin Liu

Hi, Greg Could you please help to cherry-pick the following commit to the 5.4.y branch? 697fa27dc5fb ("reset: hi6220: Add support for AO reset controller") It's been there since the 5.10 kernel, and this along with the clk patch are needed for Hikey devices to work with the 5.4.y kernels, otherwise it will reboot again and again during the boot. -- Best Regards, Yongqin Liu --------------------------------------------------------------- #mailing list linaro-android(a)lists.linaro.org http://lists.linaro.org/mailman/listinfo/linaro-android

1 year

1
0
0 0

[PATCH v2] powerpc/qspinlock: Fix deadlock in MCS queue

by Nysal Jan K.A.

If an interrupt occurs in queued_spin_lock_slowpath() after we increment qnodesp->count and before node->lock is initialized, another CPU might see stale lock values in get_tail_qnode(). If the stale lock value happens to match the lock on that CPU, then we write to the "next" pointer of the wrong qnode. This causes a deadlock as the former CPU, once it becomes the head of the MCS queue, will spin indefinitely until it's "next" pointer is set by its successor in the queue. Running stress-ng on a 16 core (16EC/16VP) shared LPAR, results in occasional lockups similar to the following: $ stress-ng --all 128 --vm-bytes 80% --aggressive \ --maximize --oomable --verify --syslog \ --metrics --times --timeout 5m watchdog: CPU 15 Hard LOCKUP ...... NIP [c0000000000b78f4] queued_spin_lock_slowpath+0x1184/0x1490 LR [c000000001037c5c] _raw_spin_lock+0x6c/0x90 Call Trace: 0xc000002cfffa3bf0 (unreliable) _raw_spin_lock+0x6c/0x90 raw_spin_rq_lock_nested.part.135+0x4c/0xd0 sched_ttwu_pending+0x60/0x1f0 __flush_smp_call_function_queue+0x1dc/0x670 smp_ipi_demux_relaxed+0xa4/0x100 xive_muxed_ipi_action+0x20/0x40 __handle_irq_event_percpu+0x80/0x240 handle_irq_event_percpu+0x2c/0x80 handle_percpu_irq+0x84/0xd0 generic_handle_irq+0x54/0x80 __do_irq+0xac/0x210 __do_IRQ+0x74/0xd0 0x0 do_IRQ+0x8c/0x170 hardware_interrupt_common_virt+0x29c/0x2a0 --- interrupt: 500 at queued_spin_lock_slowpath+0x4b8/0x1490 ...... NIP [c0000000000b6c28] queued_spin_lock_slowpath+0x4b8/0x1490 LR [c000000001037c5c] _raw_spin_lock+0x6c/0x90 --- interrupt: 500 0xc0000029c1a41d00 (unreliable) _raw_spin_lock+0x6c/0x90 futex_wake+0x100/0x260 do_futex+0x21c/0x2a0 sys_futex+0x98/0x270 system_call_exception+0x14c/0x2f0 system_call_vectored_common+0x15c/0x2ec The following code flow illustrates how the deadlock occurs. For the sake of brevity, assume that both locks (A and B) are contended and we call the queued_spin_lock_slowpath() function. CPU0 CPU1 ---- ---- spin_lock_irqsave(A) | spin_unlock_irqrestore(A) | spin_lock(B) | | | ▼ | id = qnodesp->count++; | (Note that nodes[0].lock == A) | | | ▼ | Interrupt | (happens before "nodes[0].lock = B") | | | ▼ | spin_lock_irqsave(A) | | | ▼ | id = qnodesp->count++ | nodes[1].lock = A | | | ▼ | Tail of MCS queue | | spin_lock_irqsave(A) ▼ | Head of MCS queue ▼ | CPU0 is previous tail ▼ | Spin indefinitely ▼ (until "nodes[1].next != NULL") prev = get_tail_qnode(A, CPU0) | ▼ prev == &qnodes[CPU0].nodes[0] (as qnodes[CPU0].nodes[0].lock == A) | ▼ WRITE_ONCE(prev->next, node) | ▼ Spin indefinitely (until nodes[0].locked == 1) Thanks to Saket Kumar Bhaskar for help with recreating the issue Fixes: 84990b169557 ("powerpc/qspinlock: add mcs queueing for contended waiters") Cc: stable(a)vger.kernel.org # v6.2+ Reported-by: Geetika Moolchandani <geetika(a)linux.ibm.com> Reported-by: Vaishnavi Bhat <vaish123(a)in.ibm.com> Reported-by: Jijo Varghese <vargjijo(a)in.ibm.com> Signed-off-by: Nysal Jan K.A. <nysal(a)linux.ibm.com> Reviewed-by: Nicholas Piggin <npiggin(a)gmail.com> --- arch/powerpc/lib/qspinlock.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/arch/powerpc/lib/qspinlock.c b/arch/powerpc/lib/qspinlock.c index 5de4dd549f6e..bcc7e4dff8c3 100644 --- a/arch/powerpc/lib/qspinlock.c +++ b/arch/powerpc/lib/qspinlock.c @@ -697,7 +697,15 @@ static __always_inline void queued_spin_lock_mcs_queue(struct qspinlock *lock, b } release: - qnodesp->count--; /* release the node */ + /* + * Clear the lock before releasing the node, as another CPU might see stale + * values if an interrupt occurs after we increment qnodesp->count + * but before node->lock is initialized. The barrier ensures that + * there are no further stores to the node after it has been released. + */ + node->lock = NULL; + barrier(); + qnodesp->count--; } void queued_spin_lock_slowpath(struct qspinlock *lock) -- 2.46.0

1 year

2
1
0 0

[PATCH 5.10] btrfs: fix use-after-free after failure to create a snapshot

by hsimeliere.opensource＠witekio.com

From: Filipe Manana <fdmanana(a)suse.com> commit 28b21c558a3753171097193b6f6602a94169093a upstream. At ioctl.c:create_snapshot(), we allocate a pending snapshot structure and then attach it to the transaction's list of pending snapshots. After that we call btrfs_commit_transaction(), and if that returns an error we jump to 'fail' label, where we kfree() the pending snapshot structure. This can result in a later use-after-free of the pending snapshot: 1) We allocated the pending snapshot and added it to the transaction's list of pending snapshots; 2) We call btrfs_commit_transaction(), and it fails either at the first call to btrfs_run_delayed_refs() or btrfs_start_dirty_block_groups(). In both cases, we don't abort the transaction and we release our transaction handle. We jump to the 'fail' label and free the pending snapshot structure. We return with the pending snapshot still in the transaction's list; 3) Another task commits the transaction. This time there's no error at all, and then during the transaction commit it accesses a pointer to the pending snapshot structure that the snapshot creation task has already freed, resulting in a user-after-free. This issue could actually be detected by smatch, which produced the following warning: fs/btrfs/ioctl.c:843 create_snapshot() warn: '&pending_snapshot->list' not removed from list So fix this by not having the snapshot creation ioctl directly add the pending snapshot to the transaction's list. Instead add the pending snapshot to the transaction handle, and then at btrfs_commit_transaction() we add the snapshot to the list only when we can guarantee that any error returned after that point will result in a transaction abort, in which case the ioctl code can safely free the pending snapshot and no one can access it anymore. CC: stable(a)vger.kernel.org # 5.10+ Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource(a)witekio.com> --- fs/btrfs/ioctl.c | 5 +---- fs/btrfs/transaction.c | 24 ++++++++++++++++++++++++ fs/btrfs/transaction.h | 2 ++ 3 files changed, 27 insertions(+), 4 deletions(-) diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c index ab8ed187746e..24c4d059cfab 100644 --- a/fs/btrfs/ioctl.c +++ b/fs/btrfs/ioctl.c @@ -853,10 +853,7 @@ static int create_snapshot(struct btrfs_root *root, struct inode *dir, goto fail; } - spin_lock(&fs_info->trans_lock); - list_add(&pending_snapshot->list, - &trans->transaction->pending_snapshots); - spin_unlock(&fs_info->trans_lock); + trans->pending_snapshot = pending_snapshot; ret = btrfs_commit_transaction(trans); if (ret) diff --git a/fs/btrfs/transaction.c b/fs/btrfs/transaction.c index 8cefe11c57db..8878aa7cbdc5 100644 --- a/fs/btrfs/transaction.c +++ b/fs/btrfs/transaction.c @@ -2075,6 +2075,27 @@ static inline void btrfs_wait_delalloc_flush(struct btrfs_trans_handle *trans) } } +/* + * Add a pending snapshot associated with the given transaction handle to the + * respective handle. This must be called after the transaction commit started + * and while holding fs_info->trans_lock. + * This serves to guarantee a caller of btrfs_commit_transaction() that it can + * safely free the pending snapshot pointer in case btrfs_commit_transaction() + * returns an error. + */ +static void add_pending_snapshot(struct btrfs_trans_handle *trans) +{ + struct btrfs_transaction *cur_trans = trans->transaction; + + if (!trans->pending_snapshot) + return; + + lockdep_assert_held(&trans->fs_info->trans_lock); + ASSERT(cur_trans->state >= TRANS_STATE_COMMIT_START); + + list_add(&trans->pending_snapshot->list, &cur_trans->pending_snapshots); +} + int btrfs_commit_transaction(struct btrfs_trans_handle *trans) { struct btrfs_fs_info *fs_info = trans->fs_info; @@ -2161,6 +2182,8 @@ int btrfs_commit_transaction(struct btrfs_trans_handle *trans) spin_lock(&fs_info->trans_lock); if (cur_trans->state >= TRANS_STATE_COMMIT_START) { + add_pending_snapshot(trans); + spin_unlock(&fs_info->trans_lock); refcount_inc(&cur_trans->use_count); ret = btrfs_end_transaction(trans); @@ -2243,6 +2266,7 @@ int btrfs_commit_transaction(struct btrfs_trans_handle *trans) * COMMIT_DOING so make sure to wait for num_writers to == 1 again. */ spin_lock(&fs_info->trans_lock); + add_pending_snapshot(trans); cur_trans->state = TRANS_STATE_COMMIT_DOING; spin_unlock(&fs_info->trans_lock); wait_event(cur_trans->writer_wait, diff --git a/fs/btrfs/transaction.h b/fs/btrfs/transaction.h index f73654d93fa0..eb26eb068fe8 100644 --- a/fs/btrfs/transaction.h +++ b/fs/btrfs/transaction.h @@ -122,6 +122,8 @@ struct btrfs_trans_handle { struct btrfs_transaction *transaction; struct btrfs_block_rsv *block_rsv; struct btrfs_block_rsv *orig_rsv; + /* Set by a task that wants to create a snapshot. */ + struct btrfs_pending_snapshot *pending_snapshot; refcount_t use_count; unsigned int type; /* -- 2.43.0

1 year

1
0
0 0

Re: [5.15 Backport] cifs: Check the lease context if we actually got a lease

by Greg KH

On Fri, Sep 06, 2024 at 04:07:59PM +0530, Meetakshi Setiya wrote: > Upstream commit 66d45ca1350a3bb8d5f4db8879ccad3ed492337a > > Yes, you are right, it would be good to backport to 6.1 as well. > Please let me know if you need anything from me. I need a working backport for 6.1.y before we can take this one. Oh wait, it's already in 6.1.16, a long time ago. This will be fine, thanks. greg k-h

1 year

1
0
0 0

[5.15 Backport] cifs: Check the lease context if we actually got a lease

by meetakshisetiyaoss＠gmail.com

This patch fixes a directory lease bug on the smb client and prevents it from incorrectly caching the directories if the server returns an invalid lease state. The patch is in 6.3 kernel, requesting backport to stable 5.15. I have cherry-picked the patch for 5.15 kernel below From 2bb51b129ceb884145c3527f8c04817cc00d0e6e Mon Sep 17 00:00:00 2001 From: Ronnie Sahlberg <lsahlber(a)redhat.com> Date: Fri, 17 Feb 2023 13:35:00 +1000 Subject: [PATCH] cifs: Check the lease context if we actually got a lease Some servers may return that we got a lease in rsp->OplockLevel but then in the lease context contradict this and say we got no lease at all. Thus we need to check the context if we have a lease. Additionally, If we do not get a lease we need to make sure we close the handle before we return an error to the caller. Signed-off-by: Ronnie Sahlberg <lsahlber(a)redhat.com> Cc: stable(a)vger.kernel.org Reviewed-by: Bharath SM <bharathsm(a)microsoft.com> Reviewed-by: Paulo Alcantara (SUSE) <pc(a)manguebit.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> Signed-off-by: Meetakshi Setiya <msetiya(a)microsoft.com> --- fs/cifs/smb2ops.c | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c index b725bd3144fb..6c30fff8a029 100644 --- a/fs/cifs/smb2ops.c +++ b/fs/cifs/smb2ops.c @@ -886,8 +886,6 @@ int open_cached_dir(unsigned int xid, struct cifs_tcon *tcon, goto oshr_exit; } - atomic_inc(&tcon->num_remote_opens); - o_rsp = (struct smb2_create_rsp *)rsp_iov[0].iov_base; oparms.fid->persistent_fid = o_rsp->PersistentFileId; oparms.fid->volatile_fid = o_rsp->VolatileFileId; @@ -897,8 +895,6 @@ int open_cached_dir(unsigned int xid, struct cifs_tcon *tcon, tcon->crfid.tcon = tcon; tcon->crfid.is_valid = true; - tcon->crfid.dentry = dentry; - dget(dentry); kref_init(&tcon->crfid.refcount); /* BB TBD check to see if oplock level check can be removed below */ @@ -907,14 +903,16 @@ int open_cached_dir(unsigned int xid, struct cifs_tcon *tcon, * See commit 2f94a3125b87. Increment the refcount when we * get a lease for root, release it if lease break occurs */ - kref_get(&tcon->crfid.refcount); - tcon->crfid.has_lease = true; rc = smb2_parse_contexts(server, rsp_iov, &oparms.fid->epoch, oparms.fid->lease_key, &oplock, NULL, NULL); if (rc) goto oshr_exit; + + if (!(oplock & SMB2_LEASE_READ_CACHING_HE)) + goto oshr_exit; + } else goto oshr_exit; @@ -928,7 +926,10 @@ int open_cached_dir(unsigned int xid, struct cifs_tcon *tcon, (char *)&tcon->crfid.file_all_info)) tcon->crfid.file_all_info_is_valid = true; tcon->crfid.time = jiffies; - + tcon->crfid.dentry = dentry; + dget(dentry); + kref_get(&tcon->crfid.refcount); + tcon->crfid.has_lease = true; oshr_exit: mutex_unlock(&tcon->crfid.fid_mutex); @@ -937,8 +938,15 @@ int open_cached_dir(unsigned int xid, struct cifs_tcon *tcon, SMB2_query_info_free(&rqst[1]); free_rsp_buf(resp_buftype[0], rsp_iov[0].iov_base); free_rsp_buf(resp_buftype[1], rsp_iov[1].iov_base); - if (rc == 0) + if (rc) { + if (tcon->crfid.is_valid) + SMB2_close(0, tcon, oparms.fid->persistent_fid, + oparms.fid->volatile_fid); + } + if (rc == 0) { *cfid = &tcon->crfid; + atomic_inc(&tcon->num_remote_opens); + } return rc; } -- 2.46.0.46.g406f326d27

1 year

2
1
0 0

[PATCH v2] pinctrl: stm32: check devm_kasprintf() returned value

by Ma Ke

devm_kasprintf() can return a NULL pointer on failure but this returned value is not checked. Fix this lack and check the returned value. Found by code review. Cc: stable(a)vger.kernel.org Fixes: 32c170ff15b0 ("pinctrl: stm32: set default gpio line names using pin names") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v2: - modified the patch according to suggestions, added braces; - modified the typo. --- drivers/pinctrl/stm32/pinctrl-stm32.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/drivers/pinctrl/stm32/pinctrl-stm32.c b/drivers/pinctrl/stm32/pinctrl-stm32.c index a8673739871d..f23b081f31b3 100644 --- a/drivers/pinctrl/stm32/pinctrl-stm32.c +++ b/drivers/pinctrl/stm32/pinctrl-stm32.c @@ -1374,10 +1374,16 @@ static int stm32_gpiolib_register_bank(struct stm32_pinctrl *pctl, struct fwnode for (i = 0; i < npins; i++) { stm32_pin = stm32_pctrl_get_desc_pin_from_gpio(pctl, bank, i); - if (stm32_pin && stm32_pin->pin.name) + if (stm32_pin && stm32_pin->pin.name) { names[i] = devm_kasprintf(dev, GFP_KERNEL, "%s", stm32_pin->pin.name); - else + if (!names[i]) { + err = -ENOMEM; + goto err_clk; + } + } + + else { names[i] = NULL; + } } bank->gpio_chip.names = (const char * const *)names; -- 2.25.1

1 year

2
1
0 0

FAILED: patch "[PATCH] mptcp: pm: reuse ID 0 after delete and re-add" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 8b8ed1b429f8fa7ebd5632555e7b047bc0620075 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024083041-irate-headless-590c@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8b8ed1b429f8fa7ebd5632555e7b047bc0620075 Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Wed, 28 Aug 2024 08:14:24 +0200 Subject: [PATCH] mptcp: pm: reuse ID 0 after delete and re-add When the endpoint used by the initial subflow is removed and re-added later, the PM has to force the ID 0, it is a special case imposed by the MPTCP specs. Note that the endpoint should then need to be re-added reusing the same ID. Fixes: 3ad14f54bd74 ("mptcp: more accurate MPC endpoint tracking") Cc: stable(a)vger.kernel.org Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c index 8d2f97854c64..ec45ab4c66ab 100644 --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -585,6 +585,11 @@ static void mptcp_pm_create_subflow_or_signal_addr(struct mptcp_sock *msk) __clear_bit(local.addr.id, msk->pm.id_avail_bitmap); msk->pm.add_addr_signaled++; + + /* Special case for ID0: set the correct ID */ + if (local.addr.id == msk->mpc_endpoint_id) + local.addr.id = 0; + mptcp_pm_announce_addr(msk, &local.addr, false); mptcp_pm_nl_addr_send_ack(msk); @@ -609,6 +614,11 @@ static void mptcp_pm_create_subflow_or_signal_addr(struct mptcp_sock *msk) msk->pm.local_addr_used++; __clear_bit(local.addr.id, msk->pm.id_avail_bitmap); + + /* Special case for ID0: set the correct ID */ + if (local.addr.id == msk->mpc_endpoint_id) + local.addr.id = 0; + nr = fill_remote_addresses_vec(msk, &local.addr, fullmesh, addrs); if (nr == 0) continue;

1 year

3
2
0 0

FAILED: patch "[PATCH] mptcp: pm: avoid possible UaF when selecting endp" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 48e50dcbcbaaf713d82bf2da5c16aeced94ad07d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024082658-pectin-freeness-1354@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 48e50dcbcbaa ("mptcp: pm: avoid possible UaF when selecting endp") 85df533a787b ("mptcp: pm: do not ignore 'subflow' if 'signal' flag is also set") cd7c957f936f ("mptcp: pm: don't try to create sf if alloc failed") c95eb32ced82 ("mptcp: pm: reduce indentation blocks") 528cb5f2a1e8 ("mptcp: pass addr to mptcp_pm_alloc_anno_list") 77e4b94a3de6 ("mptcp: update userspace pm infos") 24430f8bf516 ("mptcp: add address into userspace pm list") b9d69db87fb7 ("mptcp: let the in-kernel PM use mixed IPv4 and IPv6 addresses") fb00ee4f3343 ("mptcp: netlink: respect v4/v6-only sockets") 80638684e840 ("mptcp: get sk from msk directly") 5ccecaec5c1e ("mptcp: fix locking in mptcp_nl_cmd_sf_destroy()") 76a13b315709 ("mptcp: invoke MP_FAIL response when needed") d9fb797046c5 ("mptcp: Do not traverse the subflow connection list without lock") d42f9e4e2384 ("mptcp: Check for orphaned subflow before handling MP_FAIL timer") d7e6f5836038 ("Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 48e50dcbcbaaf713d82bf2da5c16aeced94ad07d Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Mon, 19 Aug 2024 21:45:32 +0200 Subject: [PATCH] mptcp: pm: avoid possible UaF when selecting endp select_local_address() and select_signal_address() both select an endpoint entry from the list inside an RCU protected section, but return a reference to it, to be read later on. If the entry is dereferenced after the RCU unlock, reading info could cause a Use-after-Free. A simple solution is to copy the required info while inside the RCU protected section to avoid any risk of UaF later. The address ID might need to be modified later to handle the ID0 case later, so a copy seems OK to deal with. Reported-by: Paolo Abeni <pabeni(a)redhat.com> Closes: https://lore.kernel.org/45cd30d3-7710-491c-ae4d-a1368c00beb1@redhat.com Fixes: 01cacb00b35c ("mptcp: add netlink-based PM") Cc: stable(a)vger.kernel.org Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://patch.msgid.link/20240819-net-mptcp-pm-reusing-id-v1-14-38035d40de5… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c index a2e37ab1c40f..3e4ad801786f 100644 --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -143,11 +143,13 @@ static bool lookup_subflow_by_daddr(const struct list_head *list, return false; } -static struct mptcp_pm_addr_entry * +static bool select_local_address(const struct pm_nl_pernet *pernet, - const struct mptcp_sock *msk) + const struct mptcp_sock *msk, + struct mptcp_pm_addr_entry *new_entry) { - struct mptcp_pm_addr_entry *entry, *ret = NULL; + struct mptcp_pm_addr_entry *entry; + bool found = false; msk_owned_by_me(msk); @@ -159,17 +161,21 @@ select_local_address(const struct pm_nl_pernet *pernet, if (!test_bit(entry->addr.id, msk->pm.id_avail_bitmap)) continue; - ret = entry; + *new_entry = *entry; + found = true; break; } rcu_read_unlock(); - return ret; + + return found; } -static struct mptcp_pm_addr_entry * -select_signal_address(struct pm_nl_pernet *pernet, const struct mptcp_sock *msk) +static bool +select_signal_address(struct pm_nl_pernet *pernet, const struct mptcp_sock *msk, + struct mptcp_pm_addr_entry *new_entry) { - struct mptcp_pm_addr_entry *entry, *ret = NULL; + struct mptcp_pm_addr_entry *entry; + bool found = false; rcu_read_lock(); /* do not keep any additional per socket state, just signal @@ -184,11 +190,13 @@ select_signal_address(struct pm_nl_pernet *pernet, const struct mptcp_sock *msk) if (!(entry->flags & MPTCP_PM_ADDR_FLAG_SIGNAL)) continue; - ret = entry; + *new_entry = *entry; + found = true; break; } rcu_read_unlock(); - return ret; + + return found; } unsigned int mptcp_pm_get_add_addr_signal_max(const struct mptcp_sock *msk) @@ -512,9 +520,10 @@ __lookup_addr(struct pm_nl_pernet *pernet, const struct mptcp_addr_info *info) static void mptcp_pm_create_subflow_or_signal_addr(struct mptcp_sock *msk) { - struct mptcp_pm_addr_entry *local, *signal_and_subflow = NULL; struct sock *sk = (struct sock *)msk; + struct mptcp_pm_addr_entry local; unsigned int add_addr_signal_max; + bool signal_and_subflow = false; unsigned int local_addr_max; struct pm_nl_pernet *pernet; unsigned int subflows_max; @@ -565,23 +574,22 @@ static void mptcp_pm_create_subflow_or_signal_addr(struct mptcp_sock *msk) if (msk->pm.addr_signal & BIT(MPTCP_ADD_ADDR_SIGNAL)) return; - local = select_signal_address(pernet, msk); - if (!local) + if (!select_signal_address(pernet, msk, &local)) goto subflow; /* If the alloc fails, we are on memory pressure, not worth * continuing, and trying to create subflows. */ - if (!mptcp_pm_alloc_anno_list(msk, &local->addr)) + if (!mptcp_pm_alloc_anno_list(msk, &local.addr)) return; - __clear_bit(local->addr.id, msk->pm.id_avail_bitmap); + __clear_bit(local.addr.id, msk->pm.id_avail_bitmap); msk->pm.add_addr_signaled++; - mptcp_pm_announce_addr(msk, &local->addr, false); + mptcp_pm_announce_addr(msk, &local.addr, false); mptcp_pm_nl_addr_send_ack(msk); - if (local->flags & MPTCP_PM_ADDR_FLAG_SUBFLOW) - signal_and_subflow = local; + if (local.flags & MPTCP_PM_ADDR_FLAG_SUBFLOW) + signal_and_subflow = true; } subflow: @@ -592,26 +600,22 @@ static void mptcp_pm_create_subflow_or_signal_addr(struct mptcp_sock *msk) bool fullmesh; int i, nr; - if (signal_and_subflow) { - local = signal_and_subflow; - signal_and_subflow = NULL; - } else { - local = select_local_address(pernet, msk); - if (!local) - break; - } + if (signal_and_subflow) + signal_and_subflow = false; + else if (!select_local_address(pernet, msk, &local)) + break; - fullmesh = !!(local->flags & MPTCP_PM_ADDR_FLAG_FULLMESH); + fullmesh = !!(local.flags & MPTCP_PM_ADDR_FLAG_FULLMESH); msk->pm.local_addr_used++; - __clear_bit(local->addr.id, msk->pm.id_avail_bitmap); - nr = fill_remote_addresses_vec(msk, &local->addr, fullmesh, addrs); + __clear_bit(local.addr.id, msk->pm.id_avail_bitmap); + nr = fill_remote_addresses_vec(msk, &local.addr, fullmesh, addrs); if (nr == 0) continue; spin_unlock_bh(&msk->pm.lock); for (i = 0; i < nr; i++) - __mptcp_subflow_connect(sk, &local->addr, &addrs[i]); + __mptcp_subflow_connect(sk, &local.addr, &addrs[i]); spin_lock_bh(&msk->pm.lock); } mptcp_pm_nl_check_work_pending(msk);

1 year

3
3
0 0

FAILED: patch "[PATCH] mptcp: pr_debug: add missing \n at the end" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x cb41b195e634d3f1ecfcd845314e64fd4bb3c7aa # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024083023-dock-showdown-0b54@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: cb41b195e634 ("mptcp: pr_debug: add missing \n at the end") 68cc924729ff ("mptcp: fix duplicate data handling") 89721e3038d1 ("Merge tag 'net-accept-more-20240515' of git://git.kernel.dk/linux") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From cb41b195e634d3f1ecfcd845314e64fd4bb3c7aa Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Mon, 26 Aug 2024 19:11:21 +0200 Subject: [PATCH] mptcp: pr_debug: add missing \n at the end pr_debug() have been added in various places in MPTCP code to help developers to debug some situations. With the dynamic debug feature, it is easy to enable all or some of them, and asks users to reproduce issues with extra debug. Many of these pr_debug() don't end with a new line, while no 'pr_cont()' are used in MPTCP code. So the goal was not to display multiple debug messages on one line: they were then not missing the '\n' on purpose. Not having the new line at the end causes these messages to be printed with a delay, when something else needs to be printed. This issue is not visible when many messages need to be printed, but it is annoying and confusing when only specific messages are expected, e.g. # echo "func mptcp_pm_add_addr_echoed +fmp" \ > /sys/kernel/debug/dynamic_debug/control # ./mptcp_join.sh "signal address"; \ echo "$(awk '{print $1}' /proc/uptime) - end"; \ sleep 5s; \ echo "$(awk '{print $1}' /proc/uptime) - restart"; \ ./mptcp_join.sh "signal address" 013 signal address (...) 10.75 - end 15.76 - restart 013 signal address [ 10.367935] mptcp:mptcp_pm_add_addr_echoed: MPTCP: msk=(...) (...) => a delay of 5 seconds: printed with a 10.36 ts, but after 'restart' which was printed at the 15.76 ts. The 'Fixes' tag here below points to the first pr_debug() used without '\n' in net/mptcp. This patch could be split in many small ones, with different Fixes tag, but it doesn't seem worth it, because it is easy to re-generate this patch with this simple 'sed' command: git grep -l pr_debug -- net/mptcp | xargs sed -i "s/$pr_debug(\".*[^n]$$\"[,)]$/\1\\\n\2/g" So in case of conflicts, simply drop the modifications, and launch this command. Fixes: f870fa0b5768 ("mptcp: Add MPTCP socket stubs") Cc: stable(a)vger.kernel.org Reviewed-by: Geliang Tang <geliang(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://patch.msgid.link/20240826-net-mptcp-close-extra-sf-fin-v1-4-905199f… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/mptcp/fastopen.c b/net/mptcp/fastopen.c index ad28da655f8b..a29ff901df75 100644 --- a/net/mptcp/fastopen.c +++ b/net/mptcp/fastopen.c @@ -68,12 +68,12 @@ void __mptcp_fastopen_gen_msk_ackseq(struct mptcp_sock *msk, struct mptcp_subflo skb = skb_peek_tail(&sk->sk_receive_queue); if (skb) { WARN_ON_ONCE(MPTCP_SKB_CB(skb)->end_seq); - pr_debug("msk %p moving seq %llx -> %llx end_seq %llx -> %llx", sk, + pr_debug("msk %p moving seq %llx -> %llx end_seq %llx -> %llx\n", sk, MPTCP_SKB_CB(skb)->map_seq, MPTCP_SKB_CB(skb)->map_seq + msk->ack_seq, MPTCP_SKB_CB(skb)->end_seq, MPTCP_SKB_CB(skb)->end_seq + msk->ack_seq); MPTCP_SKB_CB(skb)->map_seq += msk->ack_seq; MPTCP_SKB_CB(skb)->end_seq += msk->ack_seq; } - pr_debug("msk=%p ack_seq=%llx", msk, msk->ack_seq); + pr_debug("msk=%p ack_seq=%llx\n", msk, msk->ack_seq); } diff --git a/net/mptcp/options.c b/net/mptcp/options.c index ac2f1a54cc43..370c3836b771 100644 --- a/net/mptcp/options.c +++ b/net/mptcp/options.c @@ -117,7 +117,7 @@ static void mptcp_parse_option(const struct sk_buff *skb, mp_opt->suboptions |= OPTION_MPTCP_CSUMREQD; ptr += 2; } - pr_debug("MP_CAPABLE version=%x, flags=%x, optlen=%d sndr=%llu, rcvr=%llu len=%d csum=%u", + pr_debug("MP_CAPABLE version=%x, flags=%x, optlen=%d sndr=%llu, rcvr=%llu len=%d csum=%u\n", version, flags, opsize, mp_opt->sndr_key, mp_opt->rcvr_key, mp_opt->data_len, mp_opt->csum); break; @@ -131,7 +131,7 @@ static void mptcp_parse_option(const struct sk_buff *skb, ptr += 4; mp_opt->nonce = get_unaligned_be32(ptr); ptr += 4; - pr_debug("MP_JOIN bkup=%u, id=%u, token=%u, nonce=%u", + pr_debug("MP_JOIN bkup=%u, id=%u, token=%u, nonce=%u\n", mp_opt->backup, mp_opt->join_id, mp_opt->token, mp_opt->nonce); } else if (opsize == TCPOLEN_MPTCP_MPJ_SYNACK) { @@ -142,19 +142,19 @@ static void mptcp_parse_option(const struct sk_buff *skb, ptr += 8; mp_opt->nonce = get_unaligned_be32(ptr); ptr += 4; - pr_debug("MP_JOIN bkup=%u, id=%u, thmac=%llu, nonce=%u", + pr_debug("MP_JOIN bkup=%u, id=%u, thmac=%llu, nonce=%u\n", mp_opt->backup, mp_opt->join_id, mp_opt->thmac, mp_opt->nonce); } else if (opsize == TCPOLEN_MPTCP_MPJ_ACK) { mp_opt->suboptions |= OPTION_MPTCP_MPJ_ACK; ptr += 2; memcpy(mp_opt->hmac, ptr, MPTCPOPT_HMAC_LEN); - pr_debug("MP_JOIN hmac"); + pr_debug("MP_JOIN hmac\n"); } break; case MPTCPOPT_DSS: - pr_debug("DSS"); + pr_debug("DSS\n"); ptr++; /* we must clear 'mpc_map' be able to detect MP_CAPABLE @@ -169,7 +169,7 @@ static void mptcp_parse_option(const struct sk_buff *skb, mp_opt->ack64 = (flags & MPTCP_DSS_ACK64) != 0; mp_opt->use_ack = (flags & MPTCP_DSS_HAS_ACK); - pr_debug("data_fin=%d dsn64=%d use_map=%d ack64=%d use_ack=%d", + pr_debug("data_fin=%d dsn64=%d use_map=%d ack64=%d use_ack=%d\n", mp_opt->data_fin, mp_opt->dsn64, mp_opt->use_map, mp_opt->ack64, mp_opt->use_ack); @@ -207,7 +207,7 @@ static void mptcp_parse_option(const struct sk_buff *skb, ptr += 4; } - pr_debug("data_ack=%llu", mp_opt->data_ack); + pr_debug("data_ack=%llu\n", mp_opt->data_ack); } if (mp_opt->use_map) { @@ -231,7 +231,7 @@ static void mptcp_parse_option(const struct sk_buff *skb, ptr += 2; } - pr_debug("data_seq=%llu subflow_seq=%u data_len=%u csum=%d:%u", + pr_debug("data_seq=%llu subflow_seq=%u data_len=%u csum=%d:%u\n", mp_opt->data_seq, mp_opt->subflow_seq, mp_opt->data_len, !!(mp_opt->suboptions & OPTION_MPTCP_CSUMREQD), mp_opt->csum); @@ -293,7 +293,7 @@ static void mptcp_parse_option(const struct sk_buff *skb, mp_opt->ahmac = get_unaligned_be64(ptr); ptr += 8; } - pr_debug("ADD_ADDR%s: id=%d, ahmac=%llu, echo=%d, port=%d", + pr_debug("ADD_ADDR%s: id=%d, ahmac=%llu, echo=%d, port=%d\n", (mp_opt->addr.family == AF_INET6) ? "6" : "", mp_opt->addr.id, mp_opt->ahmac, mp_opt->echo, ntohs(mp_opt->addr.port)); break; @@ -309,7 +309,7 @@ static void mptcp_parse_option(const struct sk_buff *skb, mp_opt->rm_list.nr = opsize - TCPOLEN_MPTCP_RM_ADDR_BASE; for (i = 0; i < mp_opt->rm_list.nr; i++) mp_opt->rm_list.ids[i] = *ptr++; - pr_debug("RM_ADDR: rm_list_nr=%d", mp_opt->rm_list.nr); + pr_debug("RM_ADDR: rm_list_nr=%d\n", mp_opt->rm_list.nr); break; case MPTCPOPT_MP_PRIO: @@ -318,7 +318,7 @@ static void mptcp_parse_option(const struct sk_buff *skb, mp_opt->suboptions |= OPTION_MPTCP_PRIO; mp_opt->backup = *ptr++ & MPTCP_PRIO_BKUP; - pr_debug("MP_PRIO: prio=%d", mp_opt->backup); + pr_debug("MP_PRIO: prio=%d\n", mp_opt->backup); break; case MPTCPOPT_MP_FASTCLOSE: @@ -329,7 +329,7 @@ static void mptcp_parse_option(const struct sk_buff *skb, mp_opt->rcvr_key = get_unaligned_be64(ptr); ptr += 8; mp_opt->suboptions |= OPTION_MPTCP_FASTCLOSE; - pr_debug("MP_FASTCLOSE: recv_key=%llu", mp_opt->rcvr_key); + pr_debug("MP_FASTCLOSE: recv_key=%llu\n", mp_opt->rcvr_key); break; case MPTCPOPT_RST: @@ -343,7 +343,7 @@ static void mptcp_parse_option(const struct sk_buff *skb, flags = *ptr++; mp_opt->reset_transient = flags & MPTCP_RST_TRANSIENT; mp_opt->reset_reason = *ptr; - pr_debug("MP_RST: transient=%u reason=%u", + pr_debug("MP_RST: transient=%u reason=%u\n", mp_opt->reset_transient, mp_opt->reset_reason); break; @@ -354,7 +354,7 @@ static void mptcp_parse_option(const struct sk_buff *skb, ptr += 2; mp_opt->suboptions |= OPTION_MPTCP_FAIL; mp_opt->fail_seq = get_unaligned_be64(ptr); - pr_debug("MP_FAIL: data_seq=%llu", mp_opt->fail_seq); + pr_debug("MP_FAIL: data_seq=%llu\n", mp_opt->fail_seq); break; default: @@ -417,7 +417,7 @@ bool mptcp_syn_options(struct sock *sk, const struct sk_buff *skb, *size = TCPOLEN_MPTCP_MPC_SYN; return true; } else if (subflow->request_join) { - pr_debug("remote_token=%u, nonce=%u", subflow->remote_token, + pr_debug("remote_token=%u, nonce=%u\n", subflow->remote_token, subflow->local_nonce); opts->suboptions = OPTION_MPTCP_MPJ_SYN; opts->join_id = subflow->local_id; @@ -500,7 +500,7 @@ static bool mptcp_established_options_mp(struct sock *sk, struct sk_buff *skb, *size = TCPOLEN_MPTCP_MPC_ACK; } - pr_debug("subflow=%p, local_key=%llu, remote_key=%llu map_len=%d", + pr_debug("subflow=%p, local_key=%llu, remote_key=%llu map_len=%d\n", subflow, subflow->local_key, subflow->remote_key, data_len); @@ -509,7 +509,7 @@ static bool mptcp_established_options_mp(struct sock *sk, struct sk_buff *skb, opts->suboptions = OPTION_MPTCP_MPJ_ACK; memcpy(opts->hmac, subflow->hmac, MPTCPOPT_HMAC_LEN); *size = TCPOLEN_MPTCP_MPJ_ACK; - pr_debug("subflow=%p", subflow); + pr_debug("subflow=%p\n", subflow); /* we can use the full delegate action helper only from BH context * If we are in process context - sk is flushing the backlog at @@ -675,7 +675,7 @@ static bool mptcp_established_options_add_addr(struct sock *sk, struct sk_buff * *size = len; if (drop_other_suboptions) { - pr_debug("drop other suboptions"); + pr_debug("drop other suboptions\n"); opts->suboptions = 0; /* note that e.g. DSS could have written into the memory @@ -695,7 +695,7 @@ static bool mptcp_established_options_add_addr(struct sock *sk, struct sk_buff * } else { MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_ECHOADDTX); } - pr_debug("addr_id=%d, ahmac=%llu, echo=%d, port=%d", + pr_debug("addr_id=%d, ahmac=%llu, echo=%d, port=%d\n", opts->addr.id, opts->ahmac, echo, ntohs(opts->addr.port)); return true; @@ -726,7 +726,7 @@ static bool mptcp_established_options_rm_addr(struct sock *sk, opts->rm_list = rm_list; for (i = 0; i < opts->rm_list.nr; i++) - pr_debug("rm_list_ids[%d]=%d", i, opts->rm_list.ids[i]); + pr_debug("rm_list_ids[%d]=%d\n", i, opts->rm_list.ids[i]); MPTCP_ADD_STATS(sock_net(sk), MPTCP_MIB_RMADDRTX, opts->rm_list.nr); return true; } @@ -752,7 +752,7 @@ static bool mptcp_established_options_mp_prio(struct sock *sk, opts->suboptions |= OPTION_MPTCP_PRIO; opts->backup = subflow->request_bkup; - pr_debug("prio=%d", opts->backup); + pr_debug("prio=%d\n", opts->backup); return true; } @@ -794,7 +794,7 @@ static bool mptcp_established_options_fastclose(struct sock *sk, opts->suboptions |= OPTION_MPTCP_FASTCLOSE; opts->rcvr_key = READ_ONCE(msk->remote_key); - pr_debug("FASTCLOSE key=%llu", opts->rcvr_key); + pr_debug("FASTCLOSE key=%llu\n", opts->rcvr_key); MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_MPFASTCLOSETX); return true; } @@ -816,7 +816,7 @@ static bool mptcp_established_options_mp_fail(struct sock *sk, opts->suboptions |= OPTION_MPTCP_FAIL; opts->fail_seq = subflow->map_seq; - pr_debug("MP_FAIL fail_seq=%llu", opts->fail_seq); + pr_debug("MP_FAIL fail_seq=%llu\n", opts->fail_seq); MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_MPFAILTX); return true; @@ -904,7 +904,7 @@ bool mptcp_synack_options(const struct request_sock *req, unsigned int *size, opts->csum_reqd = subflow_req->csum_reqd; opts->allow_join_id0 = subflow_req->allow_join_id0; *size = TCPOLEN_MPTCP_MPC_SYNACK; - pr_debug("subflow_req=%p, local_key=%llu", + pr_debug("subflow_req=%p, local_key=%llu\n", subflow_req, subflow_req->local_key); return true; } else if (subflow_req->mp_join) { @@ -913,7 +913,7 @@ bool mptcp_synack_options(const struct request_sock *req, unsigned int *size, opts->join_id = subflow_req->local_id; opts->thmac = subflow_req->thmac; opts->nonce = subflow_req->local_nonce; - pr_debug("req=%p, bkup=%u, id=%u, thmac=%llu, nonce=%u", + pr_debug("req=%p, bkup=%u, id=%u, thmac=%llu, nonce=%u\n", subflow_req, opts->backup, opts->join_id, opts->thmac, opts->nonce); *size = TCPOLEN_MPTCP_MPJ_SYNACK; diff --git a/net/mptcp/pm.c b/net/mptcp/pm.c index 3e6e0f5510bb..3f8dbde243f1 100644 --- a/net/mptcp/pm.c +++ b/net/mptcp/pm.c @@ -19,7 +19,7 @@ int mptcp_pm_announce_addr(struct mptcp_sock *msk, { u8 add_addr = READ_ONCE(msk->pm.addr_signal); - pr_debug("msk=%p, local_id=%d, echo=%d", msk, addr->id, echo); + pr_debug("msk=%p, local_id=%d, echo=%d\n", msk, addr->id, echo); lockdep_assert_held(&msk->pm.lock); @@ -45,7 +45,7 @@ int mptcp_pm_remove_addr(struct mptcp_sock *msk, const struct mptcp_rm_list *rm_ { u8 rm_addr = READ_ONCE(msk->pm.addr_signal); - pr_debug("msk=%p, rm_list_nr=%d", msk, rm_list->nr); + pr_debug("msk=%p, rm_list_nr=%d\n", msk, rm_list->nr); if (rm_addr) { MPTCP_ADD_STATS(sock_net((struct sock *)msk), @@ -66,7 +66,7 @@ void mptcp_pm_new_connection(struct mptcp_sock *msk, const struct sock *ssk, int { struct mptcp_pm_data *pm = &msk->pm; - pr_debug("msk=%p, token=%u side=%d", msk, READ_ONCE(msk->token), server_side); + pr_debug("msk=%p, token=%u side=%d\n", msk, READ_ONCE(msk->token), server_side); WRITE_ONCE(pm->server_side, server_side); mptcp_event(MPTCP_EVENT_CREATED, msk, ssk, GFP_ATOMIC); @@ -90,7 +90,7 @@ bool mptcp_pm_allow_new_subflow(struct mptcp_sock *msk) subflows_max = mptcp_pm_get_subflows_max(msk); - pr_debug("msk=%p subflows=%d max=%d allow=%d", msk, pm->subflows, + pr_debug("msk=%p subflows=%d max=%d allow=%d\n", msk, pm->subflows, subflows_max, READ_ONCE(pm->accept_subflow)); /* try to avoid acquiring the lock below */ @@ -114,7 +114,7 @@ bool mptcp_pm_allow_new_subflow(struct mptcp_sock *msk) static bool mptcp_pm_schedule_work(struct mptcp_sock *msk, enum mptcp_pm_status new_status) { - pr_debug("msk=%p status=%x new=%lx", msk, msk->pm.status, + pr_debug("msk=%p status=%x new=%lx\n", msk, msk->pm.status, BIT(new_status)); if (msk->pm.status & BIT(new_status)) return false; @@ -129,7 +129,7 @@ void mptcp_pm_fully_established(struct mptcp_sock *msk, const struct sock *ssk) struct mptcp_pm_data *pm = &msk->pm; bool announce = false; - pr_debug("msk=%p", msk); + pr_debug("msk=%p\n", msk); spin_lock_bh(&pm->lock); @@ -153,14 +153,14 @@ void mptcp_pm_fully_established(struct mptcp_sock *msk, const struct sock *ssk) void mptcp_pm_connection_closed(struct mptcp_sock *msk) { - pr_debug("msk=%p", msk); + pr_debug("msk=%p\n", msk); } void mptcp_pm_subflow_established(struct mptcp_sock *msk) { struct mptcp_pm_data *pm = &msk->pm; - pr_debug("msk=%p", msk); + pr_debug("msk=%p\n", msk); if (!READ_ONCE(pm->work_pending)) return; @@ -212,7 +212,7 @@ void mptcp_pm_add_addr_received(const struct sock *ssk, struct mptcp_sock *msk = mptcp_sk(subflow->conn); struct mptcp_pm_data *pm = &msk->pm; - pr_debug("msk=%p remote_id=%d accept=%d", msk, addr->id, + pr_debug("msk=%p remote_id=%d accept=%d\n", msk, addr->id, READ_ONCE(pm->accept_addr)); mptcp_event_addr_announced(ssk, addr); @@ -243,7 +243,7 @@ void mptcp_pm_add_addr_echoed(struct mptcp_sock *msk, { struct mptcp_pm_data *pm = &msk->pm; - pr_debug("msk=%p", msk); + pr_debug("msk=%p\n", msk); spin_lock_bh(&pm->lock); @@ -267,7 +267,7 @@ void mptcp_pm_rm_addr_received(struct mptcp_sock *msk, struct mptcp_pm_data *pm = &msk->pm; u8 i; - pr_debug("msk=%p remote_ids_nr=%d", msk, rm_list->nr); + pr_debug("msk=%p remote_ids_nr=%d\n", msk, rm_list->nr); for (i = 0; i < rm_list->nr; i++) mptcp_event_addr_removed(msk, rm_list->ids[i]); @@ -299,19 +299,19 @@ void mptcp_pm_mp_fail_received(struct sock *sk, u64 fail_seq) struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(sk); struct mptcp_sock *msk = mptcp_sk(subflow->conn); - pr_debug("fail_seq=%llu", fail_seq); + pr_debug("fail_seq=%llu\n", fail_seq); if (!READ_ONCE(msk->allow_infinite_fallback)) return; if (!subflow->fail_tout) { - pr_debug("send MP_FAIL response and infinite map"); + pr_debug("send MP_FAIL response and infinite map\n"); subflow->send_mp_fail = 1; subflow->send_infinite_map = 1; tcp_send_ack(sk); } else { - pr_debug("MP_FAIL response received"); + pr_debug("MP_FAIL response received\n"); WRITE_ONCE(subflow->fail_tout, 0); } } diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c index 3e4ad801786f..8d2f97854c64 100644 --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -287,7 +287,7 @@ static void mptcp_pm_add_timer(struct timer_list *timer) struct mptcp_sock *msk = entry->sock; struct sock *sk = (struct sock *)msk; - pr_debug("msk=%p", msk); + pr_debug("msk=%p\n", msk); if (!msk) return; @@ -306,7 +306,7 @@ static void mptcp_pm_add_timer(struct timer_list *timer) spin_lock_bh(&msk->pm.lock); if (!mptcp_pm_should_add_signal_addr(msk)) { - pr_debug("retransmit ADD_ADDR id=%d", entry->addr.id); + pr_debug("retransmit ADD_ADDR id=%d\n", entry->addr.id); mptcp_pm_announce_addr(msk, &entry->addr, false); mptcp_pm_add_addr_send_ack(msk); entry->retrans_times++; @@ -387,7 +387,7 @@ void mptcp_pm_free_anno_list(struct mptcp_sock *msk) struct sock *sk = (struct sock *)msk; LIST_HEAD(free_list); - pr_debug("msk=%p", msk); + pr_debug("msk=%p\n", msk); spin_lock_bh(&msk->pm.lock); list_splice_init(&msk->pm.anno_list, &free_list); @@ -473,7 +473,7 @@ static void __mptcp_pm_send_ack(struct mptcp_sock *msk, struct mptcp_subflow_con struct sock *ssk = mptcp_subflow_tcp_sock(subflow); bool slow; - pr_debug("send ack for %s", + pr_debug("send ack for %s\n", prio ? "mp_prio" : (mptcp_pm_should_add_signal(msk) ? "add_addr" : "rm_addr")); slow = lock_sock_fast(ssk); @@ -708,7 +708,7 @@ static void mptcp_pm_nl_add_addr_received(struct mptcp_sock *msk) add_addr_accept_max = mptcp_pm_get_add_addr_accept_max(msk); subflows_max = mptcp_pm_get_subflows_max(msk); - pr_debug("accepted %d:%d remote family %d", + pr_debug("accepted %d:%d remote family %d\n", msk->pm.add_addr_accepted, add_addr_accept_max, msk->pm.remote.family); @@ -767,7 +767,7 @@ int mptcp_pm_nl_mp_prio_send_ack(struct mptcp_sock *msk, { struct mptcp_subflow_context *subflow; - pr_debug("bkup=%d", bkup); + pr_debug("bkup=%d\n", bkup); mptcp_for_each_subflow(msk, subflow) { struct sock *ssk = mptcp_subflow_tcp_sock(subflow); @@ -803,7 +803,7 @@ static void mptcp_pm_nl_rm_addr_or_subflow(struct mptcp_sock *msk, struct sock *sk = (struct sock *)msk; u8 i; - pr_debug("%s rm_list_nr %d", + pr_debug("%s rm_list_nr %d\n", rm_type == MPTCP_MIB_RMADDR ? "address" : "subflow", rm_list->nr); msk_owned_by_me(msk); @@ -832,7 +832,7 @@ static void mptcp_pm_nl_rm_addr_or_subflow(struct mptcp_sock *msk, if (rm_type == MPTCP_MIB_RMSUBFLOW && !mptcp_local_id_match(msk, id, rm_id)) continue; - pr_debug(" -> %s rm_list_ids[%d]=%u local_id=%u remote_id=%u mpc_id=%u", + pr_debug(" -> %s rm_list_ids[%d]=%u local_id=%u remote_id=%u mpc_id=%u\n", rm_type == MPTCP_MIB_RMADDR ? "address" : "subflow", i, rm_id, id, remote_id, msk->mpc_endpoint_id); spin_unlock_bh(&msk->pm.lock); @@ -889,7 +889,7 @@ void mptcp_pm_nl_work(struct mptcp_sock *msk) spin_lock_bh(&msk->pm.lock); - pr_debug("msk=%p status=%x", msk, pm->status); + pr_debug("msk=%p status=%x\n", msk, pm->status); if (pm->status & BIT(MPTCP_PM_ADD_ADDR_RECEIVED)) { pm->status &= ~BIT(MPTCP_PM_ADD_ADDR_RECEIVED); mptcp_pm_nl_add_addr_received(msk); @@ -1476,7 +1476,7 @@ static int mptcp_nl_remove_subflow_and_signal_addr(struct net *net, long s_slot = 0, s_num = 0; struct mptcp_sock *msk; - pr_debug("remove_id=%d", addr->id); + pr_debug("remove_id=%d\n", addr->id); list.ids[list.nr++] = addr->id; diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 34fec753b9c1..b571fba88a2f 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -139,7 +139,7 @@ static bool mptcp_try_coalesce(struct sock *sk, struct sk_buff *to, !skb_try_coalesce(to, from, &fragstolen, &delta)) return false; - pr_debug("colesced seq %llx into %llx new len %d new end seq %llx", + pr_debug("colesced seq %llx into %llx new len %d new end seq %llx\n", MPTCP_SKB_CB(from)->map_seq, MPTCP_SKB_CB(to)->map_seq, to->len, MPTCP_SKB_CB(from)->end_seq); MPTCP_SKB_CB(to)->end_seq = MPTCP_SKB_CB(from)->end_seq; @@ -217,7 +217,7 @@ static void mptcp_data_queue_ofo(struct mptcp_sock *msk, struct sk_buff *skb) end_seq = MPTCP_SKB_CB(skb)->end_seq; max_seq = atomic64_read(&msk->rcv_wnd_sent); - pr_debug("msk=%p seq=%llx limit=%llx empty=%d", msk, seq, max_seq, + pr_debug("msk=%p seq=%llx limit=%llx empty=%d\n", msk, seq, max_seq, RB_EMPTY_ROOT(&msk->out_of_order_queue)); if (after64(end_seq, max_seq)) { /* out of window */ @@ -643,7 +643,7 @@ static bool __mptcp_move_skbs_from_subflow(struct mptcp_sock *msk, } } - pr_debug("msk=%p ssk=%p", msk, ssk); + pr_debug("msk=%p ssk=%p\n", msk, ssk); tp = tcp_sk(ssk); do { u32 map_remaining, offset; @@ -724,7 +724,7 @@ static bool __mptcp_ofo_queue(struct mptcp_sock *msk) u64 end_seq; p = rb_first(&msk->out_of_order_queue); - pr_debug("msk=%p empty=%d", msk, RB_EMPTY_ROOT(&msk->out_of_order_queue)); + pr_debug("msk=%p empty=%d\n", msk, RB_EMPTY_ROOT(&msk->out_of_order_queue)); while (p) { skb = rb_to_skb(p); if (after64(MPTCP_SKB_CB(skb)->map_seq, msk->ack_seq)) @@ -746,7 +746,7 @@ static bool __mptcp_ofo_queue(struct mptcp_sock *msk) int delta = msk->ack_seq - MPTCP_SKB_CB(skb)->map_seq; /* skip overlapping data, if any */ - pr_debug("uncoalesced seq=%llx ack seq=%llx delta=%d", + pr_debug("uncoalesced seq=%llx ack seq=%llx delta=%d\n", MPTCP_SKB_CB(skb)->map_seq, msk->ack_seq, delta); MPTCP_SKB_CB(skb)->offset += delta; @@ -1240,7 +1240,7 @@ static int mptcp_sendmsg_frag(struct sock *sk, struct sock *ssk, size_t copy; int i; - pr_debug("msk=%p ssk=%p sending dfrag at seq=%llu len=%u already sent=%u", + pr_debug("msk=%p ssk=%p sending dfrag at seq=%llu len=%u already sent=%u\n", msk, ssk, dfrag->data_seq, dfrag->data_len, info->sent); if (WARN_ON_ONCE(info->sent > info->limit || @@ -1341,7 +1341,7 @@ static int mptcp_sendmsg_frag(struct sock *sk, struct sock *ssk, mpext->use_map = 1; mpext->dsn64 = 1; - pr_debug("data_seq=%llu subflow_seq=%u data_len=%u dsn64=%d", + pr_debug("data_seq=%llu subflow_seq=%u data_len=%u dsn64=%d\n", mpext->data_seq, mpext->subflow_seq, mpext->data_len, mpext->dsn64); @@ -1892,7 +1892,7 @@ static int mptcp_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) if (!msk->first_pending) WRITE_ONCE(msk->first_pending, dfrag); } - pr_debug("msk=%p dfrag at seq=%llu len=%u sent=%u new=%d", msk, + pr_debug("msk=%p dfrag at seq=%llu len=%u sent=%u new=%d\n", msk, dfrag->data_seq, dfrag->data_len, dfrag->already_sent, !dfrag_collapsed); @@ -2248,7 +2248,7 @@ static int mptcp_recvmsg(struct sock *sk, struct msghdr *msg, size_t len, } } - pr_debug("block timeout %ld", timeo); + pr_debug("block timeout %ld\n", timeo); sk_wait_data(sk, &timeo, NULL); } @@ -2264,7 +2264,7 @@ static int mptcp_recvmsg(struct sock *sk, struct msghdr *msg, size_t len, } } - pr_debug("msk=%p rx queue empty=%d:%d copied=%d", + pr_debug("msk=%p rx queue empty=%d:%d copied=%d\n", msk, skb_queue_empty_lockless(&sk->sk_receive_queue), skb_queue_empty(&msk->receive_queue), copied); if (!(flags & MSG_PEEK)) @@ -2717,7 +2717,7 @@ static void mptcp_mp_fail_no_response(struct mptcp_sock *msk) if (!ssk) return; - pr_debug("MP_FAIL doesn't respond, reset the subflow"); + pr_debug("MP_FAIL doesn't respond, reset the subflow\n"); slow = lock_sock_fast(ssk); mptcp_subflow_reset(ssk); @@ -2891,7 +2891,7 @@ void mptcp_subflow_shutdown(struct sock *sk, struct sock *ssk, int how) break; default: if (__mptcp_check_fallback(mptcp_sk(sk))) { - pr_debug("Fallback"); + pr_debug("Fallback\n"); ssk->sk_shutdown |= how; tcp_shutdown(ssk, how); @@ -2901,7 +2901,7 @@ void mptcp_subflow_shutdown(struct sock *sk, struct sock *ssk, int how) WRITE_ONCE(mptcp_sk(sk)->snd_una, mptcp_sk(sk)->snd_nxt); mptcp_schedule_work(sk); } else { - pr_debug("Sending DATA_FIN on subflow %p", ssk); + pr_debug("Sending DATA_FIN on subflow %p\n", ssk); tcp_send_ack(ssk); if (!mptcp_rtx_timer_pending(sk)) mptcp_reset_rtx_timer(sk); @@ -2967,7 +2967,7 @@ static void mptcp_check_send_data_fin(struct sock *sk) struct mptcp_subflow_context *subflow; struct mptcp_sock *msk = mptcp_sk(sk); - pr_debug("msk=%p snd_data_fin_enable=%d pending=%d snd_nxt=%llu write_seq=%llu", + pr_debug("msk=%p snd_data_fin_enable=%d pending=%d snd_nxt=%llu write_seq=%llu\n", msk, msk->snd_data_fin_enable, !!mptcp_send_head(sk), msk->snd_nxt, msk->write_seq); @@ -2991,7 +2991,7 @@ static void __mptcp_wr_shutdown(struct sock *sk) { struct mptcp_sock *msk = mptcp_sk(sk); - pr_debug("msk=%p snd_data_fin_enable=%d shutdown=%x state=%d pending=%d", + pr_debug("msk=%p snd_data_fin_enable=%d shutdown=%x state=%d pending=%d\n", msk, msk->snd_data_fin_enable, sk->sk_shutdown, sk->sk_state, !!mptcp_send_head(sk)); @@ -3006,7 +3006,7 @@ static void __mptcp_destroy_sock(struct sock *sk) { struct mptcp_sock *msk = mptcp_sk(sk); - pr_debug("msk=%p", msk); + pr_debug("msk=%p\n", msk); might_sleep(); @@ -3114,7 +3114,7 @@ bool __mptcp_close(struct sock *sk, long timeout) mptcp_set_state(sk, TCP_CLOSE); sock_hold(sk); - pr_debug("msk=%p state=%d", sk, sk->sk_state); + pr_debug("msk=%p state=%d\n", sk, sk->sk_state); if (msk->token) mptcp_event(MPTCP_EVENT_CLOSED, msk, NULL, GFP_KERNEL); @@ -3546,7 +3546,7 @@ static int mptcp_get_port(struct sock *sk, unsigned short snum) { struct mptcp_sock *msk = mptcp_sk(sk); - pr_debug("msk=%p, ssk=%p", msk, msk->first); + pr_debug("msk=%p, ssk=%p\n", msk, msk->first); if (WARN_ON_ONCE(!msk->first)) return -EINVAL; @@ -3563,7 +3563,7 @@ void mptcp_finish_connect(struct sock *ssk) sk = subflow->conn; msk = mptcp_sk(sk); - pr_debug("msk=%p, token=%u", sk, subflow->token); + pr_debug("msk=%p, token=%u\n", sk, subflow->token); subflow->map_seq = subflow->iasn; subflow->map_subflow_seq = 1; @@ -3592,7 +3592,7 @@ bool mptcp_finish_join(struct sock *ssk) struct sock *parent = (void *)msk; bool ret = true; - pr_debug("msk=%p, subflow=%p", msk, subflow); + pr_debug("msk=%p, subflow=%p\n", msk, subflow); /* mptcp socket already closing? */ if (!mptcp_is_fully_established(parent)) { @@ -3638,7 +3638,7 @@ bool mptcp_finish_join(struct sock *ssk) static void mptcp_shutdown(struct sock *sk, int how) { - pr_debug("sk=%p, how=%d", sk, how); + pr_debug("sk=%p, how=%d\n", sk, how); if ((how & SEND_SHUTDOWN) && mptcp_close_state(sk)) __mptcp_wr_shutdown(sk); @@ -3859,7 +3859,7 @@ static int mptcp_listen(struct socket *sock, int backlog) struct sock *ssk; int err; - pr_debug("msk=%p", msk); + pr_debug("msk=%p\n", msk); lock_sock(sk); @@ -3898,7 +3898,7 @@ static int mptcp_stream_accept(struct socket *sock, struct socket *newsock, struct mptcp_sock *msk = mptcp_sk(sock->sk); struct sock *ssk, *newsk; - pr_debug("msk=%p", msk); + pr_debug("msk=%p\n", msk); /* Buggy applications can call accept on socket states other then LISTEN * but no need to allocate the first subflow just to error out. @@ -3907,12 +3907,12 @@ static int mptcp_stream_accept(struct socket *sock, struct socket *newsock, if (!ssk) return -EINVAL; - pr_debug("ssk=%p, listener=%p", ssk, mptcp_subflow_ctx(ssk)); + pr_debug("ssk=%p, listener=%p\n", ssk, mptcp_subflow_ctx(ssk)); newsk = inet_csk_accept(ssk, arg); if (!newsk) return arg->err; - pr_debug("newsk=%p, subflow is mptcp=%d", newsk, sk_is_mptcp(newsk)); + pr_debug("newsk=%p, subflow is mptcp=%d\n", newsk, sk_is_mptcp(newsk)); if (sk_is_mptcp(newsk)) { struct mptcp_subflow_context *subflow; struct sock *new_mptcp_sock; @@ -4005,7 +4005,7 @@ static __poll_t mptcp_poll(struct file *file, struct socket *sock, sock_poll_wait(file, sock, wait); state = inet_sk_state_load(sk); - pr_debug("msk=%p state=%d flags=%lx", msk, state, msk->flags); + pr_debug("msk=%p state=%d flags=%lx\n", msk, state, msk->flags); if (state == TCP_LISTEN) { struct sock *ssk = READ_ONCE(msk->first); diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h index a1c1b0ff1ce1..240d7c2ea551 100644 --- a/net/mptcp/protocol.h +++ b/net/mptcp/protocol.h @@ -1177,7 +1177,7 @@ static inline bool mptcp_check_fallback(const struct sock *sk) static inline void __mptcp_do_fallback(struct mptcp_sock *msk) { if (__mptcp_check_fallback(msk)) { - pr_debug("TCP fallback already done (msk=%p)", msk); + pr_debug("TCP fallback already done (msk=%p)\n", msk); return; } set_bit(MPTCP_FALLBACK_DONE, &msk->flags); @@ -1213,7 +1213,7 @@ static inline void mptcp_do_fallback(struct sock *ssk) } } -#define pr_fallback(a) pr_debug("%s:fallback to TCP (msk=%p)", __func__, a) +#define pr_fallback(a) pr_debug("%s:fallback to TCP (msk=%p)\n", __func__, a) static inline bool mptcp_check_infinite_map(struct sk_buff *skb) { diff --git a/net/mptcp/sched.c b/net/mptcp/sched.c index 4a7fd0508ad2..78ed508ebc1b 100644 --- a/net/mptcp/sched.c +++ b/net/mptcp/sched.c @@ -86,7 +86,7 @@ int mptcp_register_scheduler(struct mptcp_sched_ops *sched) list_add_tail_rcu(&sched->list, &mptcp_sched_list); spin_unlock(&mptcp_sched_list_lock); - pr_debug("%s registered", sched->name); + pr_debug("%s registered\n", sched->name); return 0; } @@ -118,7 +118,7 @@ int mptcp_init_sched(struct mptcp_sock *msk, if (msk->sched->init) msk->sched->init(msk); - pr_debug("sched=%s", msk->sched->name); + pr_debug("sched=%s\n", msk->sched->name); return 0; } diff --git a/net/mptcp/sockopt.c b/net/mptcp/sockopt.c index 2026a9a36f80..505445a9598f 100644 --- a/net/mptcp/sockopt.c +++ b/net/mptcp/sockopt.c @@ -873,7 +873,7 @@ int mptcp_setsockopt(struct sock *sk, int level, int optname, struct mptcp_sock *msk = mptcp_sk(sk); struct sock *ssk; - pr_debug("msk=%p", msk); + pr_debug("msk=%p\n", msk); if (level == SOL_SOCKET) return mptcp_setsockopt_sol_socket(msk, optname, optval, optlen); @@ -1453,7 +1453,7 @@ int mptcp_getsockopt(struct sock *sk, int level, int optname, struct mptcp_sock *msk = mptcp_sk(sk); struct sock *ssk; - pr_debug("msk=%p", msk); + pr_debug("msk=%p\n", msk); /* @@ the meaning of setsockopt() when the socket is connected and * there are multiple subflows is not yet defined. It is up to the diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index 4834e7fc2fb6..064ab3235893 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -39,7 +39,7 @@ static void subflow_req_destructor(struct request_sock *req) { struct mptcp_subflow_request_sock *subflow_req = mptcp_subflow_rsk(req); - pr_debug("subflow_req=%p", subflow_req); + pr_debug("subflow_req=%p\n", subflow_req); if (subflow_req->msk) sock_put((struct sock *)subflow_req->msk); @@ -146,7 +146,7 @@ static int subflow_check_req(struct request_sock *req, struct mptcp_options_received mp_opt; bool opt_mp_capable, opt_mp_join; - pr_debug("subflow_req=%p, listener=%p", subflow_req, listener); + pr_debug("subflow_req=%p, listener=%p\n", subflow_req, listener); #ifdef CONFIG_TCP_MD5SIG /* no MPTCP if MD5SIG is enabled on this socket or we may run out of @@ -221,7 +221,7 @@ static int subflow_check_req(struct request_sock *req, } if (subflow_use_different_sport(subflow_req->msk, sk_listener)) { - pr_debug("syn inet_sport=%d %d", + pr_debug("syn inet_sport=%d %d\n", ntohs(inet_sk(sk_listener)->inet_sport), ntohs(inet_sk((struct sock *)subflow_req->msk)->inet_sport)); if (!mptcp_pm_sport_in_anno_list(subflow_req->msk, sk_listener)) { @@ -243,7 +243,7 @@ static int subflow_check_req(struct request_sock *req, subflow_init_req_cookie_join_save(subflow_req, skb); } - pr_debug("token=%u, remote_nonce=%u msk=%p", subflow_req->token, + pr_debug("token=%u, remote_nonce=%u msk=%p\n", subflow_req->token, subflow_req->remote_nonce, subflow_req->msk); } @@ -527,7 +527,7 @@ static void subflow_finish_connect(struct sock *sk, const struct sk_buff *skb) subflow->rel_write_seq = 1; subflow->conn_finished = 1; subflow->ssn_offset = TCP_SKB_CB(skb)->seq; - pr_debug("subflow=%p synack seq=%x", subflow, subflow->ssn_offset); + pr_debug("subflow=%p synack seq=%x\n", subflow, subflow->ssn_offset); mptcp_get_options(skb, &mp_opt); if (subflow->request_mptcp) { @@ -559,7 +559,7 @@ static void subflow_finish_connect(struct sock *sk, const struct sk_buff *skb) subflow->thmac = mp_opt.thmac; subflow->remote_nonce = mp_opt.nonce; WRITE_ONCE(subflow->remote_id, mp_opt.join_id); - pr_debug("subflow=%p, thmac=%llu, remote_nonce=%u backup=%d", + pr_debug("subflow=%p, thmac=%llu, remote_nonce=%u backup=%d\n", subflow, subflow->thmac, subflow->remote_nonce, subflow->backup); @@ -585,7 +585,7 @@ static void subflow_finish_connect(struct sock *sk, const struct sk_buff *skb) MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_JOINSYNACKBACKUPRX); if (subflow_use_different_dport(msk, sk)) { - pr_debug("synack inet_dport=%d %d", + pr_debug("synack inet_dport=%d %d\n", ntohs(inet_sk(sk)->inet_dport), ntohs(inet_sk(parent)->inet_dport)); MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_JOINPORTSYNACKRX); @@ -655,7 +655,7 @@ static int subflow_v4_conn_request(struct sock *sk, struct sk_buff *skb) { struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(sk); - pr_debug("subflow=%p", subflow); + pr_debug("subflow=%p\n", subflow); /* Never answer to SYNs sent to broadcast or multicast */ if (skb_rtable(skb)->rt_flags & (RTCF_BROADCAST | RTCF_MULTICAST)) @@ -686,7 +686,7 @@ static int subflow_v6_conn_request(struct sock *sk, struct sk_buff *skb) { struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(sk); - pr_debug("subflow=%p", subflow); + pr_debug("subflow=%p\n", subflow); if (skb->protocol == htons(ETH_P_IP)) return subflow_v4_conn_request(sk, skb); @@ -807,7 +807,7 @@ static struct sock *subflow_syn_recv_sock(const struct sock *sk, struct mptcp_sock *owner; struct sock *child; - pr_debug("listener=%p, req=%p, conn=%p", listener, req, listener->conn); + pr_debug("listener=%p, req=%p, conn=%p\n", listener, req, listener->conn); /* After child creation we must look for MPC even when options * are not parsed @@ -898,7 +898,7 @@ static struct sock *subflow_syn_recv_sock(const struct sock *sk, ctx->conn = (struct sock *)owner; if (subflow_use_different_sport(owner, sk)) { - pr_debug("ack inet_sport=%d %d", + pr_debug("ack inet_sport=%d %d\n", ntohs(inet_sk(sk)->inet_sport), ntohs(inet_sk((struct sock *)owner)->inet_sport)); if (!mptcp_pm_sport_in_anno_list(owner, sk)) { @@ -961,7 +961,7 @@ enum mapping_status { static void dbg_bad_map(struct mptcp_subflow_context *subflow, u32 ssn) { - pr_debug("Bad mapping: ssn=%d map_seq=%d map_data_len=%d", + pr_debug("Bad mapping: ssn=%d map_seq=%d map_data_len=%d\n", ssn, subflow->map_subflow_seq, subflow->map_data_len); } @@ -1121,7 +1121,7 @@ static enum mapping_status get_mapping_status(struct sock *ssk, data_len = mpext->data_len; if (data_len == 0) { - pr_debug("infinite mapping received"); + pr_debug("infinite mapping received\n"); MPTCP_INC_STATS(sock_net(ssk), MPTCP_MIB_INFINITEMAPRX); subflow->map_data_len = 0; return MAPPING_INVALID; @@ -1133,7 +1133,7 @@ static enum mapping_status get_mapping_status(struct sock *ssk, if (data_len == 1) { bool updated = mptcp_update_rcv_data_fin(msk, mpext->data_seq, mpext->dsn64); - pr_debug("DATA_FIN with no payload seq=%llu", mpext->data_seq); + pr_debug("DATA_FIN with no payload seq=%llu\n", mpext->data_seq); if (subflow->map_valid) { /* A DATA_FIN might arrive in a DSS * option before the previous mapping @@ -1159,7 +1159,7 @@ static enum mapping_status get_mapping_status(struct sock *ssk, data_fin_seq &= GENMASK_ULL(31, 0); mptcp_update_rcv_data_fin(msk, data_fin_seq, mpext->dsn64); - pr_debug("DATA_FIN with mapping seq=%llu dsn64=%d", + pr_debug("DATA_FIN with mapping seq=%llu dsn64=%d\n", data_fin_seq, mpext->dsn64); /* Adjust for DATA_FIN using 1 byte of sequence space */ @@ -1205,7 +1205,7 @@ static enum mapping_status get_mapping_status(struct sock *ssk, if (unlikely(subflow->map_csum_reqd != csum_reqd)) return MAPPING_INVALID; - pr_debug("new map seq=%llu subflow_seq=%u data_len=%u csum=%d:%u", + pr_debug("new map seq=%llu subflow_seq=%u data_len=%u csum=%d:%u\n", subflow->map_seq, subflow->map_subflow_seq, subflow->map_data_len, subflow->map_csum_reqd, subflow->map_data_csum); @@ -1240,7 +1240,7 @@ static void mptcp_subflow_discard_data(struct sock *ssk, struct sk_buff *skb, avail_len = skb->len - offset; incr = limit >= avail_len ? avail_len + fin : limit; - pr_debug("discarding=%d len=%d offset=%d seq=%d", incr, skb->len, + pr_debug("discarding=%d len=%d offset=%d seq=%d\n", incr, skb->len, offset, subflow->map_subflow_seq); MPTCP_INC_STATS(sock_net(ssk), MPTCP_MIB_DUPDATA); tcp_sk(ssk)->copied_seq += incr; @@ -1341,7 +1341,7 @@ static bool subflow_check_data_avail(struct sock *ssk) old_ack = READ_ONCE(msk->ack_seq); ack_seq = mptcp_subflow_get_mapped_dsn(subflow); - pr_debug("msk ack_seq=%llx subflow ack_seq=%llx", old_ack, + pr_debug("msk ack_seq=%llx subflow ack_seq=%llx\n", old_ack, ack_seq); if (unlikely(before64(ack_seq, old_ack))) { mptcp_subflow_discard_data(ssk, skb, old_ack - ack_seq); @@ -1413,7 +1413,7 @@ bool mptcp_subflow_data_available(struct sock *sk) subflow->map_valid = 0; WRITE_ONCE(subflow->data_avail, false); - pr_debug("Done with mapping: seq=%u data_len=%u", + pr_debug("Done with mapping: seq=%u data_len=%u\n", subflow->map_subflow_seq, subflow->map_data_len); } @@ -1523,7 +1523,7 @@ void mptcpv6_handle_mapped(struct sock *sk, bool mapped) target = mapped ? &subflow_v6m_specific : subflow_default_af_ops(sk); - pr_debug("subflow=%p family=%d ops=%p target=%p mapped=%d", + pr_debug("subflow=%p family=%d ops=%p target=%p mapped=%d\n", subflow, sk->sk_family, icsk->icsk_af_ops, target, mapped); if (likely(icsk->icsk_af_ops == target)) @@ -1616,7 +1616,7 @@ int __mptcp_subflow_connect(struct sock *sk, const struct mptcp_addr_info *loc, goto failed; mptcp_crypto_key_sha(subflow->remote_key, &remote_token, NULL); - pr_debug("msk=%p remote_token=%u local_id=%d remote_id=%d", msk, + pr_debug("msk=%p remote_token=%u local_id=%d remote_id=%d\n", msk, remote_token, local_id, remote_id); subflow->remote_token = remote_token; WRITE_ONCE(subflow->remote_id, remote_id); @@ -1751,7 +1751,7 @@ int mptcp_subflow_create_socket(struct sock *sk, unsigned short family, SOCK_INODE(sf)->i_gid = SOCK_INODE(sk->sk_socket)->i_gid; subflow = mptcp_subflow_ctx(sf->sk); - pr_debug("subflow=%p", subflow); + pr_debug("subflow=%p\n", subflow); *new_sock = sf; sock_hold(sk); @@ -1780,7 +1780,7 @@ static struct mptcp_subflow_context *subflow_create_ctx(struct sock *sk, INIT_LIST_HEAD(&ctx->node); INIT_LIST_HEAD(&ctx->delegated_node); - pr_debug("subflow=%p", ctx); + pr_debug("subflow=%p\n", ctx); ctx->tcp_sock = sk; WRITE_ONCE(ctx->local_id, -1); @@ -1931,7 +1931,7 @@ static int subflow_ulp_init(struct sock *sk) goto out; } - pr_debug("subflow=%p, family=%d", ctx, sk->sk_family); + pr_debug("subflow=%p, family=%d\n", ctx, sk->sk_family); tp->is_mptcp = 1; ctx->icsk_af_ops = icsk->icsk_af_ops;

1 year

2
1
0 0

FAILED: patch "[PATCH] mptcp: pm: ADD_ADDR 0 is not a new address" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 57f86203b41c98b322119dfdbb1ec54ce5e3369b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024083025-evoke-catering-3aab@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 57f86203b41c ("mptcp: pm: ADD_ADDR 0 is not a new address") 4d25247d3ae4 ("mptcp: bypass in-kernel PM restrictions for non-kernel PMs") 14b06811bec6 ("mptcp: Bypass kernel PM when userspace PM is enabled") a88c9e496937 ("mptcp: do not block subflows creation on errors") 86e39e04482b ("mptcp: keep track of local endpoint still available for each msk") f7d6a237d742 ("mptcp: fix per socket endpoint accounting") b29fcfb54cd7 ("mptcp: full disconnect implementation") 59060a47ca50 ("mptcp: clean up harmless false expressions") 3ce0852c86b9 ("mptcp: enforce HoL-blocking estimation") 6511882cdd82 ("mptcp: allocate fwd memory separately on the rx and tx path") 765ff425528f ("mptcp: use lockdep_assert_held_once() instead of open-coding it") 1094c6fe7280 ("mptcp: fix possible divide by zero") 33c563ad28e3 ("selftests: mptcp: add_addr and echo race test") 2843ff6f36db ("mptcp: remote addresses fullmesh") ee285257a9c1 ("mptcp: drop flags and ifindex arguments") ff5a0b421cb2 ("mptcp: faster active backup recovery") 6da14d74e2bd ("mptcp: cleanup sysctl data and helpers") 1e1d9d6f119c ("mptcp: handle pending data on closed subflow") 71b7dec27f34 ("mptcp: less aggressive retransmission strategy") 33d41c9cd74c ("mptcp: more accurate timeout") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 57f86203b41c98b322119dfdbb1ec54ce5e3369b Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Wed, 28 Aug 2024 08:14:37 +0200 Subject: [PATCH] mptcp: pm: ADD_ADDR 0 is not a new address The ADD_ADDR 0 with the address from the initial subflow should not be considered as a new address: this is not something new. If the host receives it, it simply means that the address is available again. When receiving an ADD_ADDR for the ID 0, the PM already doesn't consider it as new by not incrementing the 'add_addr_accepted' counter. But the 'accept_addr' might not be set if the limit has already been reached: this can be bypassed in this case. But before, it is important to check that this ADD_ADDR for the ID 0 is for the same address as the initial subflow. If not, it is not something that should happen, and the ADD_ADDR can be ignored. Note that if an ADD_ADDR is received while there is already a subflow opened using the same address, this ADD_ADDR is ignored as well. It means that if multiple ADD_ADDR for ID 0 are received, there will not be any duplicated subflows created by the client. Fixes: d0876b2284cf ("mptcp: add the incoming RM_ADDR support") Cc: stable(a)vger.kernel.org Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> diff --git a/net/mptcp/pm.c b/net/mptcp/pm.c index 3f8dbde243f1..37f6dbcd8434 100644 --- a/net/mptcp/pm.c +++ b/net/mptcp/pm.c @@ -226,7 +226,9 @@ void mptcp_pm_add_addr_received(const struct sock *ssk, } else { __MPTCP_INC_STATS(sock_net((struct sock *)msk), MPTCP_MIB_ADDADDRDROP); } - } else if (!READ_ONCE(pm->accept_addr)) { + /* id0 should not have a different address */ + } else if ((addr->id == 0 && !mptcp_pm_nl_is_init_remote_addr(msk, addr)) || + (addr->id > 0 && !READ_ONCE(pm->accept_addr))) { mptcp_pm_announce_addr(msk, addr, true); mptcp_pm_add_addr_send_ack(msk); } else if (mptcp_pm_schedule_work(msk, MPTCP_PM_ADD_ADDR_RECEIVED)) { diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c index a93450ded50a..f891bc714668 100644 --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -760,6 +760,15 @@ static void mptcp_pm_nl_add_addr_received(struct mptcp_sock *msk) } } +bool mptcp_pm_nl_is_init_remote_addr(struct mptcp_sock *msk, + const struct mptcp_addr_info *remote) +{ + struct mptcp_addr_info mpc_remote; + + remote_address((struct sock_common *)msk, &mpc_remote); + return mptcp_addresses_equal(&mpc_remote, remote, remote->port); +} + void mptcp_pm_nl_addr_send_ack(struct mptcp_sock *msk) { struct mptcp_subflow_context *subflow; diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h index 26eb898a202b..3b22313d1b86 100644 --- a/net/mptcp/protocol.h +++ b/net/mptcp/protocol.h @@ -993,6 +993,8 @@ void mptcp_pm_add_addr_received(const struct sock *ssk, void mptcp_pm_add_addr_echoed(struct mptcp_sock *msk, const struct mptcp_addr_info *addr); void mptcp_pm_add_addr_send_ack(struct mptcp_sock *msk); +bool mptcp_pm_nl_is_init_remote_addr(struct mptcp_sock *msk, + const struct mptcp_addr_info *remote); void mptcp_pm_nl_addr_send_ack(struct mptcp_sock *msk); void mptcp_pm_rm_addr_received(struct mptcp_sock *msk, const struct mptcp_rm_list *rm_list);

1 year

2
1
0 0

FAILED: patch "[PATCH] mptcp: pm: check add_addr_accept_max before accepting new" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 0137a3c7c2ea3f9df8ebfc65d78b4ba712a187bb # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024082609-vivacious-jaywalker-cfac@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 0137a3c7c2ea ("mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR") 1c1f72137598 ("mptcp: pm: only decrement add_addr_accepted for MPJ req") 322ea3778965 ("mptcp: pm: only mark 'subflow' endp as available") f448451aa62d ("mptcp: pm: remove mptcp_pm_remove_subflow()") ef34a6ea0cab ("mptcp: pm: re-using ID of unused flushed subflows") edd8b5d868a4 ("mptcp: pm: re-using ID of unused removed subflows") 4b317e0eb287 ("mptcp: fix NL PM announced address accounting") 6a09788c1a66 ("mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID") 9bbec87ecfe8 ("mptcp: unify pm get_local_id interfaces") dc886bce753c ("mptcp: export local_address") 8b1c94da1e48 ("mptcp: only send RM_ADDR in nl_cmd_remove") 3ad14f54bd74 ("mptcp: more accurate MPC endpoint tracking") c157bbe776b7 ("mptcp: allow the in kernel PM to set MPC subflow priority") 843b5e75efff ("mptcp: fix local endpoint accounting") d9a4594edabf ("mptcp: netlink: Add MPTCP_PM_CMD_REMOVE") 9ab4807c84a4 ("mptcp: netlink: Add MPTCP_PM_CMD_ANNOUNCE") 982f17ba1a25 ("mptcp: netlink: split mptcp_pm_parse_addr into two functions") 8b20137012d9 ("mptcp: read attributes of addr entries managed by userspace PMs") 4638de5aefe5 ("mptcp: handle local addrs announced by userspace PMs") 4d25247d3ae4 ("mptcp: bypass in-kernel PM restrictions for non-kernel PMs") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0137a3c7c2ea3f9df8ebfc65d78b4ba712a187bb Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Mon, 19 Aug 2024 21:45:28 +0200 Subject: [PATCH] mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR The limits might have changed in between, it is best to check them before accepting new ADD_ADDR. Fixes: d0876b2284cf ("mptcp: add the incoming RM_ADDR support") Cc: stable(a)vger.kernel.org Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://patch.msgid.link/20240819-net-mptcp-pm-reusing-id-v1-10-38035d40de5… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c index 882781571c7b..28a9a3726146 100644 --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -848,8 +848,8 @@ static void mptcp_pm_nl_rm_addr_or_subflow(struct mptcp_sock *msk, /* Note: if the subflow has been closed before, this * add_addr_accepted counter will not be decremented. */ - msk->pm.add_addr_accepted--; - WRITE_ONCE(msk->pm.accept_addr, true); + if (--msk->pm.add_addr_accepted < mptcp_pm_get_add_addr_accept_max(msk)) + WRITE_ONCE(msk->pm.accept_addr, true); } } }

1 year

2
1
0 0

FAILED: patch "[PATCH] mptcp: pm: only decrement add_addr_accepted for MPJ req" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 1c1f721375989579e46741f59523e39ec9b2a9bd # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024082653-scenic-deprive-65e4@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 1c1f72137598 ("mptcp: pm: only decrement add_addr_accepted for MPJ req") 6a09788c1a66 ("mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID") 3ad14f54bd74 ("mptcp: more accurate MPC endpoint tracking") c157bbe776b7 ("mptcp: allow the in kernel PM to set MPC subflow priority") 843b5e75efff ("mptcp: fix local endpoint accounting") 4638de5aefe5 ("mptcp: handle local addrs announced by userspace PMs") 4d25247d3ae4 ("mptcp: bypass in-kernel PM restrictions for non-kernel PMs") 14b06811bec6 ("mptcp: Bypass kernel PM when userspace PM is enabled") 0530020a7c8f ("mptcp: track and update contiguous data status") 0348c690ed37 ("mptcp: add the fallback check") 1761fed25678 ("mptcp: don't send RST for single subflow") c682bf536cf4 ("mptcp: add pm_nl_pernet helpers") ae7bd9ccecc3 ("selftests: mptcp: join: option to execute specific tests") e59300ce3ff8 ("selftests: mptcp: join: reset failing links") 3afd0280e7d3 ("selftests: mptcp: join: define tests groups once") 3c082695e78b ("selftests: mptcp: drop msg argument of chk_csum_nr") 69c6ce7b6eca ("selftests: mptcp: add implicit endpoint test case") 4cf86ae84c71 ("mptcp: strict local address ID selection") d045b9eb95a9 ("mptcp: introduce implicit endpoints") 6fa0174a7c86 ("mptcp: more careful RM_ADDR generation") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1c1f721375989579e46741f59523e39ec9b2a9bd Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Mon, 19 Aug 2024 21:45:27 +0200 Subject: [PATCH] mptcp: pm: only decrement add_addr_accepted for MPJ req Adding the following warning ... WARN_ON_ONCE(msk->pm.add_addr_accepted == 0) ... before decrementing the add_addr_accepted counter helped to find a bug when running the "remove single subflow" subtest from the mptcp_join.sh selftest. Removing a 'subflow' endpoint will first trigger a RM_ADDR, then the subflow closure. Before this patch, and upon the reception of the RM_ADDR, the other peer will then try to decrement this add_addr_accepted. That's not correct because the attached subflows have not been created upon the reception of an ADD_ADDR. A way to solve that is to decrement the counter only if the attached subflow was an MP_JOIN to a remote id that was not 0, and initiated by the host receiving the RM_ADDR. Fixes: d0876b2284cf ("mptcp: add the incoming RM_ADDR support") Cc: stable(a)vger.kernel.org Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://patch.msgid.link/20240819-net-mptcp-pm-reusing-id-v1-9-38035d40de5b… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c index 4cf7cc851f80..882781571c7b 100644 --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -829,7 +829,7 @@ static void mptcp_pm_nl_rm_addr_or_subflow(struct mptcp_sock *msk, mptcp_close_ssk(sk, ssk, subflow); spin_lock_bh(&msk->pm.lock); - removed = true; + removed |= subflow->request_join; if (rm_type == MPTCP_MIB_RMSUBFLOW) __MPTCP_INC_STATS(sock_net(sk), rm_type); } @@ -843,7 +843,11 @@ static void mptcp_pm_nl_rm_addr_or_subflow(struct mptcp_sock *msk, if (!mptcp_pm_is_kernel(msk)) continue; - if (rm_type == MPTCP_MIB_RMADDR) { + if (rm_type == MPTCP_MIB_RMADDR && rm_id && + !WARN_ON_ONCE(msk->pm.add_addr_accepted == 0)) { + /* Note: if the subflow has been closed before, this + * add_addr_accepted counter will not be decremented. + */ msk->pm.add_addr_accepted--; WRITE_ONCE(msk->pm.accept_addr, true); }

1 year

2
1
0 0

FAILED: patch "[PATCH] mptcp: pm: re-using ID of unused flushed subflows" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x ef34a6ea0cab1800f4b3c9c3c2cefd5091e03379 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024082631-emerald-impotence-a278@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: ef34a6ea0cab ("mptcp: pm: re-using ID of unused flushed subflows") 06faa2271034 ("mptcp: remove multi addresses and subflows in PM") 141694df6573 ("mptcp: remove address when netlink flushes addrs") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ef34a6ea0cab1800f4b3c9c3c2cefd5091e03379 Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Mon, 19 Aug 2024 21:45:23 +0200 Subject: [PATCH] mptcp: pm: re-using ID of unused flushed subflows If no subflows are attached to the 'subflow' endpoints that are being flushed, the corresponding addr IDs will not be marked as available again. Mark all ID as being available when flushing all the 'subflow' endpoints, and reset local_addr_used counter to cover these cases. Note that mptcp_pm_remove_addrs_and_subflows() helper is only called for flushing operations, not to remove a specific set of addresses and subflows. Fixes: 06faa2271034 ("mptcp: remove multi addresses and subflows in PM") Cc: stable(a)vger.kernel.org Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://patch.msgid.link/20240819-net-mptcp-pm-reusing-id-v1-5-38035d40de5b… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c index 8b232a210a06..2c26696b820e 100644 --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -1623,8 +1623,15 @@ static void mptcp_pm_remove_addrs_and_subflows(struct mptcp_sock *msk, mptcp_pm_remove_addr(msk, &alist); spin_unlock_bh(&msk->pm.lock); } + if (slist.nr) mptcp_pm_remove_subflow(msk, &slist); + + /* Reset counters: maybe some subflows have been removed before */ + spin_lock_bh(&msk->pm.lock); + bitmap_fill(msk->pm.id_avail_bitmap, MPTCP_PM_MAX_ADDR_ID + 1); + msk->pm.local_addr_used = 0; + spin_unlock_bh(&msk->pm.lock); } static void mptcp_nl_remove_addrs_list(struct net *net,

1 year

2
1
0 0

FAILED: patch "[PATCH] mptcp: pm: remove mptcp_pm_remove_subflow()" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x f448451aa62d54be16acb0034223c17e0d12bc69 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024082657-quartered-obtuse-ce45@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: f448451aa62d ("mptcp: pm: remove mptcp_pm_remove_subflow()") ef34a6ea0cab ("mptcp: pm: re-using ID of unused flushed subflows") edd8b5d868a4 ("mptcp: pm: re-using ID of unused removed subflows") 4b317e0eb287 ("mptcp: fix NL PM announced address accounting") 9bbec87ecfe8 ("mptcp: unify pm get_local_id interfaces") dc886bce753c ("mptcp: export local_address") 8b1c94da1e48 ("mptcp: only send RM_ADDR in nl_cmd_remove") c157bbe776b7 ("mptcp: allow the in kernel PM to set MPC subflow priority") d9a4594edabf ("mptcp: netlink: Add MPTCP_PM_CMD_REMOVE") 9ab4807c84a4 ("mptcp: netlink: Add MPTCP_PM_CMD_ANNOUNCE") 982f17ba1a25 ("mptcp: netlink: split mptcp_pm_parse_addr into two functions") 8b20137012d9 ("mptcp: read attributes of addr entries managed by userspace PMs") 4638de5aefe5 ("mptcp: handle local addrs announced by userspace PMs") c682bf536cf4 ("mptcp: add pm_nl_pernet helpers") 4cf86ae84c71 ("mptcp: strict local address ID selection") d045b9eb95a9 ("mptcp: introduce implicit endpoints") 6fa0174a7c86 ("mptcp: more careful RM_ADDR generation") 7d9bf018f907 ("selftests: mptcp: update output info of chk_rm_nr") 90d930882139 ("mptcp: constify a bunch of of helpers") 33397b83eee6 ("selftests: mptcp: add backup with port testcase") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f448451aa62d54be16acb0034223c17e0d12bc69 Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Mon, 19 Aug 2024 21:45:25 +0200 Subject: [PATCH] mptcp: pm: remove mptcp_pm_remove_subflow() This helper is confusing. It is in pm.c, but it is specific to the in-kernel PM and it cannot be used by the userspace one. Also, it simply calls one in-kernel specific function with the PM lock, while the similar mptcp_pm_remove_addr() helper requires the PM lock. What's left is the pr_debug(), which is not that useful, because a similar one is present in the only function called by this helper: mptcp_pm_nl_rm_subflow_received() After these modifications, this helper can be marked as 'static', and the lock can be taken only once in mptcp_pm_flush_addrs_and_subflows(). Note that it is not a bug fix, but it will help backporting the following commits. Fixes: 0ee4261a3681 ("mptcp: implement mptcp_pm_remove_subflow") Cc: stable(a)vger.kernel.org Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://patch.msgid.link/20240819-net-mptcp-pm-reusing-id-v1-7-38035d40de5b… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/mptcp/pm.c b/net/mptcp/pm.c index 23bb89c94e90..925123e99889 100644 --- a/net/mptcp/pm.c +++ b/net/mptcp/pm.c @@ -60,16 +60,6 @@ int mptcp_pm_remove_addr(struct mptcp_sock *msk, const struct mptcp_rm_list *rm_ return 0; } -int mptcp_pm_remove_subflow(struct mptcp_sock *msk, const struct mptcp_rm_list *rm_list) -{ - pr_debug("msk=%p, rm_list_nr=%d", msk, rm_list->nr); - - spin_lock_bh(&msk->pm.lock); - mptcp_pm_nl_rm_subflow_received(msk, rm_list); - spin_unlock_bh(&msk->pm.lock); - return 0; -} - /* path manager event handlers */ void mptcp_pm_new_connection(struct mptcp_sock *msk, const struct sock *ssk, int server_side) diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c index 2c26696b820e..44fc1c5959ac 100644 --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -857,8 +857,8 @@ static void mptcp_pm_nl_rm_addr_received(struct mptcp_sock *msk) mptcp_pm_nl_rm_addr_or_subflow(msk, &msk->pm.rm_list_rx, MPTCP_MIB_RMADDR); } -void mptcp_pm_nl_rm_subflow_received(struct mptcp_sock *msk, - const struct mptcp_rm_list *rm_list) +static void mptcp_pm_nl_rm_subflow_received(struct mptcp_sock *msk, + const struct mptcp_rm_list *rm_list) { mptcp_pm_nl_rm_addr_or_subflow(msk, rm_list, MPTCP_MIB_RMSUBFLOW); } @@ -1471,7 +1471,9 @@ static int mptcp_nl_remove_subflow_and_signal_addr(struct net *net, !(entry->flags & MPTCP_PM_ADDR_FLAG_IMPLICIT)); if (remove_subflow) { - mptcp_pm_remove_subflow(msk, &list); + spin_lock_bh(&msk->pm.lock); + mptcp_pm_nl_rm_subflow_received(msk, &list); + spin_unlock_bh(&msk->pm.lock); } else if (entry->flags & MPTCP_PM_ADDR_FLAG_SUBFLOW) { /* If the subflow has been used, but now closed */ spin_lock_bh(&msk->pm.lock); @@ -1617,18 +1619,14 @@ static void mptcp_pm_remove_addrs_and_subflows(struct mptcp_sock *msk, alist.ids[alist.nr++] = entry->addr.id; } + spin_lock_bh(&msk->pm.lock); if (alist.nr) { - spin_lock_bh(&msk->pm.lock); msk->pm.add_addr_signaled -= alist.nr; mptcp_pm_remove_addr(msk, &alist); - spin_unlock_bh(&msk->pm.lock); } - if (slist.nr) - mptcp_pm_remove_subflow(msk, &slist); - + mptcp_pm_nl_rm_subflow_received(msk, &slist); /* Reset counters: maybe some subflows have been removed before */ - spin_lock_bh(&msk->pm.lock); bitmap_fill(msk->pm.id_avail_bitmap, MPTCP_PM_MAX_ADDR_ID + 1); msk->pm.local_addr_used = 0; spin_unlock_bh(&msk->pm.lock); diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h index 60c6b073d65f..a1c1b0ff1ce1 100644 --- a/net/mptcp/protocol.h +++ b/net/mptcp/protocol.h @@ -1026,7 +1026,6 @@ int mptcp_pm_announce_addr(struct mptcp_sock *msk, const struct mptcp_addr_info *addr, bool echo); int mptcp_pm_remove_addr(struct mptcp_sock *msk, const struct mptcp_rm_list *rm_list); -int mptcp_pm_remove_subflow(struct mptcp_sock *msk, const struct mptcp_rm_list *rm_list); void mptcp_pm_remove_addrs(struct mptcp_sock *msk, struct list_head *rm_list); void mptcp_free_local_addr_list(struct mptcp_sock *msk); @@ -1133,8 +1132,6 @@ static inline u8 subflow_get_local_id(const struct mptcp_subflow_context *subflo void __init mptcp_pm_nl_init(void); void mptcp_pm_nl_work(struct mptcp_sock *msk); -void mptcp_pm_nl_rm_subflow_received(struct mptcp_sock *msk, - const struct mptcp_rm_list *rm_list); unsigned int mptcp_pm_get_add_addr_signal_max(const struct mptcp_sock *msk); unsigned int mptcp_pm_get_add_addr_accept_max(const struct mptcp_sock *msk); unsigned int mptcp_pm_get_subflows_max(const struct mptcp_sock *msk);

1 year

2
1
0 0

FAILED: patch "[PATCH] mptcp: pm: remove mptcp_pm_remove_subflow()" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x f448451aa62d54be16acb0034223c17e0d12bc69 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024082656-shield-daily-d746@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: f448451aa62d ("mptcp: pm: remove mptcp_pm_remove_subflow()") ef34a6ea0cab ("mptcp: pm: re-using ID of unused flushed subflows") edd8b5d868a4 ("mptcp: pm: re-using ID of unused removed subflows") 4b317e0eb287 ("mptcp: fix NL PM announced address accounting") 9bbec87ecfe8 ("mptcp: unify pm get_local_id interfaces") dc886bce753c ("mptcp: export local_address") 8b1c94da1e48 ("mptcp: only send RM_ADDR in nl_cmd_remove") c157bbe776b7 ("mptcp: allow the in kernel PM to set MPC subflow priority") d9a4594edabf ("mptcp: netlink: Add MPTCP_PM_CMD_REMOVE") 9ab4807c84a4 ("mptcp: netlink: Add MPTCP_PM_CMD_ANNOUNCE") 982f17ba1a25 ("mptcp: netlink: split mptcp_pm_parse_addr into two functions") 8b20137012d9 ("mptcp: read attributes of addr entries managed by userspace PMs") 4638de5aefe5 ("mptcp: handle local addrs announced by userspace PMs") c682bf536cf4 ("mptcp: add pm_nl_pernet helpers") 4cf86ae84c71 ("mptcp: strict local address ID selection") d045b9eb95a9 ("mptcp: introduce implicit endpoints") 6fa0174a7c86 ("mptcp: more careful RM_ADDR generation") 7d9bf018f907 ("selftests: mptcp: update output info of chk_rm_nr") 90d930882139 ("mptcp: constify a bunch of of helpers") 33397b83eee6 ("selftests: mptcp: add backup with port testcase") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f448451aa62d54be16acb0034223c17e0d12bc69 Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Mon, 19 Aug 2024 21:45:25 +0200 Subject: [PATCH] mptcp: pm: remove mptcp_pm_remove_subflow() This helper is confusing. It is in pm.c, but it is specific to the in-kernel PM and it cannot be used by the userspace one. Also, it simply calls one in-kernel specific function with the PM lock, while the similar mptcp_pm_remove_addr() helper requires the PM lock. What's left is the pr_debug(), which is not that useful, because a similar one is present in the only function called by this helper: mptcp_pm_nl_rm_subflow_received() After these modifications, this helper can be marked as 'static', and the lock can be taken only once in mptcp_pm_flush_addrs_and_subflows(). Note that it is not a bug fix, but it will help backporting the following commits. Fixes: 0ee4261a3681 ("mptcp: implement mptcp_pm_remove_subflow") Cc: stable(a)vger.kernel.org Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://patch.msgid.link/20240819-net-mptcp-pm-reusing-id-v1-7-38035d40de5b… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/mptcp/pm.c b/net/mptcp/pm.c index 23bb89c94e90..925123e99889 100644 --- a/net/mptcp/pm.c +++ b/net/mptcp/pm.c @@ -60,16 +60,6 @@ int mptcp_pm_remove_addr(struct mptcp_sock *msk, const struct mptcp_rm_list *rm_ return 0; } -int mptcp_pm_remove_subflow(struct mptcp_sock *msk, const struct mptcp_rm_list *rm_list) -{ - pr_debug("msk=%p, rm_list_nr=%d", msk, rm_list->nr); - - spin_lock_bh(&msk->pm.lock); - mptcp_pm_nl_rm_subflow_received(msk, rm_list); - spin_unlock_bh(&msk->pm.lock); - return 0; -} - /* path manager event handlers */ void mptcp_pm_new_connection(struct mptcp_sock *msk, const struct sock *ssk, int server_side) diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c index 2c26696b820e..44fc1c5959ac 100644 --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -857,8 +857,8 @@ static void mptcp_pm_nl_rm_addr_received(struct mptcp_sock *msk) mptcp_pm_nl_rm_addr_or_subflow(msk, &msk->pm.rm_list_rx, MPTCP_MIB_RMADDR); } -void mptcp_pm_nl_rm_subflow_received(struct mptcp_sock *msk, - const struct mptcp_rm_list *rm_list) +static void mptcp_pm_nl_rm_subflow_received(struct mptcp_sock *msk, + const struct mptcp_rm_list *rm_list) { mptcp_pm_nl_rm_addr_or_subflow(msk, rm_list, MPTCP_MIB_RMSUBFLOW); } @@ -1471,7 +1471,9 @@ static int mptcp_nl_remove_subflow_and_signal_addr(struct net *net, !(entry->flags & MPTCP_PM_ADDR_FLAG_IMPLICIT)); if (remove_subflow) { - mptcp_pm_remove_subflow(msk, &list); + spin_lock_bh(&msk->pm.lock); + mptcp_pm_nl_rm_subflow_received(msk, &list); + spin_unlock_bh(&msk->pm.lock); } else if (entry->flags & MPTCP_PM_ADDR_FLAG_SUBFLOW) { /* If the subflow has been used, but now closed */ spin_lock_bh(&msk->pm.lock); @@ -1617,18 +1619,14 @@ static void mptcp_pm_remove_addrs_and_subflows(struct mptcp_sock *msk, alist.ids[alist.nr++] = entry->addr.id; } + spin_lock_bh(&msk->pm.lock); if (alist.nr) { - spin_lock_bh(&msk->pm.lock); msk->pm.add_addr_signaled -= alist.nr; mptcp_pm_remove_addr(msk, &alist); - spin_unlock_bh(&msk->pm.lock); } - if (slist.nr) - mptcp_pm_remove_subflow(msk, &slist); - + mptcp_pm_nl_rm_subflow_received(msk, &slist); /* Reset counters: maybe some subflows have been removed before */ - spin_lock_bh(&msk->pm.lock); bitmap_fill(msk->pm.id_avail_bitmap, MPTCP_PM_MAX_ADDR_ID + 1); msk->pm.local_addr_used = 0; spin_unlock_bh(&msk->pm.lock); diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h index 60c6b073d65f..a1c1b0ff1ce1 100644 --- a/net/mptcp/protocol.h +++ b/net/mptcp/protocol.h @@ -1026,7 +1026,6 @@ int mptcp_pm_announce_addr(struct mptcp_sock *msk, const struct mptcp_addr_info *addr, bool echo); int mptcp_pm_remove_addr(struct mptcp_sock *msk, const struct mptcp_rm_list *rm_list); -int mptcp_pm_remove_subflow(struct mptcp_sock *msk, const struct mptcp_rm_list *rm_list); void mptcp_pm_remove_addrs(struct mptcp_sock *msk, struct list_head *rm_list); void mptcp_free_local_addr_list(struct mptcp_sock *msk); @@ -1133,8 +1132,6 @@ static inline u8 subflow_get_local_id(const struct mptcp_subflow_context *subflo void __init mptcp_pm_nl_init(void); void mptcp_pm_nl_work(struct mptcp_sock *msk); -void mptcp_pm_nl_rm_subflow_received(struct mptcp_sock *msk, - const struct mptcp_rm_list *rm_list); unsigned int mptcp_pm_get_add_addr_signal_max(const struct mptcp_sock *msk); unsigned int mptcp_pm_get_add_addr_accept_max(const struct mptcp_sock *msk); unsigned int mptcp_pm_get_subflows_max(const struct mptcp_sock *msk);

1 year

2
1
0 0

FAILED: patch "[PATCH] mptcp: close subflow when receiving TCP+FIN" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x f09b0ad55a1196f5891663f8888463c0541059cb # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024083037-germproof-omnivore-ecf0@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: f09b0ad55a11 ("mptcp: close subflow when receiving TCP+FIN") a5cb752b1257 ("mptcp: use mptcp_schedule_work instead of open-coding it") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f09b0ad55a1196f5891663f8888463c0541059cb Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Mon, 26 Aug 2024 19:11:18 +0200 Subject: [PATCH] mptcp: close subflow when receiving TCP+FIN When a peer decides to close one subflow in the middle of a connection having multiple subflows, the receiver of the first FIN should accept that, and close the subflow on its side as well. If not, the subflow will stay half closed, and would even continue to be used until the end of the MPTCP connection or a reset from the network. The issue has not been seen before, probably because the in-kernel path-manager always sends a RM_ADDR before closing the subflow. Upon the reception of this RM_ADDR, the other peer will initiate the closure on its side as well. On the other hand, if the RM_ADDR is lost, or if the path-manager of the other peer only closes the subflow without sending a RM_ADDR, the subflow would switch to TCP_CLOSE_WAIT, but that's it, leaving the subflow half-closed. So now, when the subflow switches to the TCP_CLOSE_WAIT state, and if the MPTCP connection has not been closed before with a DATA_FIN, the kernel owning the subflow schedules its worker to initiate the closure on its side as well. This issue can be easily reproduced with packetdrill, as visible in [1], by creating an additional subflow, injecting a FIN+ACK before sending the DATA_FIN, and expecting a FIN+ACK in return. Fixes: 40947e13997a ("mptcp: schedule worker when subflow is closed") Cc: stable(a)vger.kernel.org Link: https://github.com/multipath-tcp/packetdrill/pull/154 [1] Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://patch.msgid.link/20240826-net-mptcp-close-extra-sf-fin-v1-1-905199f… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 0d536b183a6c..151e82e2ff2e 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -2533,8 +2533,11 @@ static void __mptcp_close_subflow(struct sock *sk) mptcp_for_each_subflow_safe(msk, subflow, tmp) { struct sock *ssk = mptcp_subflow_tcp_sock(subflow); + int ssk_state = inet_sk_state_load(ssk); - if (inet_sk_state_load(ssk) != TCP_CLOSE) + if (ssk_state != TCP_CLOSE && + (ssk_state != TCP_CLOSE_WAIT || + inet_sk_state_load(sk) != TCP_ESTABLISHED)) continue; /* 'subflow_data_ready' will re-sched once rx queue is empty */ diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index a21c712350c3..4834e7fc2fb6 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -1255,12 +1255,16 @@ static void mptcp_subflow_discard_data(struct sock *ssk, struct sk_buff *skb, /* sched mptcp worker to remove the subflow if no more data is pending */ static void subflow_sched_work_if_closed(struct mptcp_sock *msk, struct sock *ssk) { - if (likely(ssk->sk_state != TCP_CLOSE)) + struct sock *sk = (struct sock *)msk; + + if (likely(ssk->sk_state != TCP_CLOSE && + (ssk->sk_state != TCP_CLOSE_WAIT || + inet_sk_state_load(sk) != TCP_ESTABLISHED))) return; if (skb_queue_empty(&ssk->sk_receive_queue) && !test_and_set_bit(MPTCP_WORK_CLOSE_SUBFLOW, &msk->flags)) - mptcp_schedule_work((struct sock *)msk); + mptcp_schedule_work(sk); } static bool subflow_can_fallback(struct mptcp_subflow_context *subflow)

1 year

2
1
0 0

FAILED: patch "[PATCH] mptcp: pm: ADD_ADDR 0 is not a new address" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 57f86203b41c98b322119dfdbb1ec54ce5e3369b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024083024-distort-gallantly-afea@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 57f86203b41c ("mptcp: pm: ADD_ADDR 0 is not a new address") 4d25247d3ae4 ("mptcp: bypass in-kernel PM restrictions for non-kernel PMs") 14b06811bec6 ("mptcp: Bypass kernel PM when userspace PM is enabled") a88c9e496937 ("mptcp: do not block subflows creation on errors") 86e39e04482b ("mptcp: keep track of local endpoint still available for each msk") f7d6a237d742 ("mptcp: fix per socket endpoint accounting") b29fcfb54cd7 ("mptcp: full disconnect implementation") 59060a47ca50 ("mptcp: clean up harmless false expressions") 3ce0852c86b9 ("mptcp: enforce HoL-blocking estimation") 6511882cdd82 ("mptcp: allocate fwd memory separately on the rx and tx path") 765ff425528f ("mptcp: use lockdep_assert_held_once() instead of open-coding it") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 57f86203b41c98b322119dfdbb1ec54ce5e3369b Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Wed, 28 Aug 2024 08:14:37 +0200 Subject: [PATCH] mptcp: pm: ADD_ADDR 0 is not a new address The ADD_ADDR 0 with the address from the initial subflow should not be considered as a new address: this is not something new. If the host receives it, it simply means that the address is available again. When receiving an ADD_ADDR for the ID 0, the PM already doesn't consider it as new by not incrementing the 'add_addr_accepted' counter. But the 'accept_addr' might not be set if the limit has already been reached: this can be bypassed in this case. But before, it is important to check that this ADD_ADDR for the ID 0 is for the same address as the initial subflow. If not, it is not something that should happen, and the ADD_ADDR can be ignored. Note that if an ADD_ADDR is received while there is already a subflow opened using the same address, this ADD_ADDR is ignored as well. It means that if multiple ADD_ADDR for ID 0 are received, there will not be any duplicated subflows created by the client. Fixes: d0876b2284cf ("mptcp: add the incoming RM_ADDR support") Cc: stable(a)vger.kernel.org Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> diff --git a/net/mptcp/pm.c b/net/mptcp/pm.c index 3f8dbde243f1..37f6dbcd8434 100644 --- a/net/mptcp/pm.c +++ b/net/mptcp/pm.c @@ -226,7 +226,9 @@ void mptcp_pm_add_addr_received(const struct sock *ssk, } else { __MPTCP_INC_STATS(sock_net((struct sock *)msk), MPTCP_MIB_ADDADDRDROP); } - } else if (!READ_ONCE(pm->accept_addr)) { + /* id0 should not have a different address */ + } else if ((addr->id == 0 && !mptcp_pm_nl_is_init_remote_addr(msk, addr)) || + (addr->id > 0 && !READ_ONCE(pm->accept_addr))) { mptcp_pm_announce_addr(msk, addr, true); mptcp_pm_add_addr_send_ack(msk); } else if (mptcp_pm_schedule_work(msk, MPTCP_PM_ADD_ADDR_RECEIVED)) { diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c index a93450ded50a..f891bc714668 100644 --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -760,6 +760,15 @@ static void mptcp_pm_nl_add_addr_received(struct mptcp_sock *msk) } } +bool mptcp_pm_nl_is_init_remote_addr(struct mptcp_sock *msk, + const struct mptcp_addr_info *remote) +{ + struct mptcp_addr_info mpc_remote; + + remote_address((struct sock_common *)msk, &mpc_remote); + return mptcp_addresses_equal(&mpc_remote, remote, remote->port); +} + void mptcp_pm_nl_addr_send_ack(struct mptcp_sock *msk) { struct mptcp_subflow_context *subflow; diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h index 26eb898a202b..3b22313d1b86 100644 --- a/net/mptcp/protocol.h +++ b/net/mptcp/protocol.h @@ -993,6 +993,8 @@ void mptcp_pm_add_addr_received(const struct sock *ssk, void mptcp_pm_add_addr_echoed(struct mptcp_sock *msk, const struct mptcp_addr_info *addr); void mptcp_pm_add_addr_send_ack(struct mptcp_sock *msk); +bool mptcp_pm_nl_is_init_remote_addr(struct mptcp_sock *msk, + const struct mptcp_addr_info *remote); void mptcp_pm_nl_addr_send_ack(struct mptcp_sock *msk); void mptcp_pm_rm_addr_received(struct mptcp_sock *msk, const struct mptcp_rm_list *rm_list);

1 year

2
1
0 0

FAILED: patch "[PATCH] mptcp: avoid duplicated SUB_CLOSED events" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x d82809b6c5f2676b382f77a5cbeb1a5d91ed2235 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024083029-shrank-thirstily-a532@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: d82809b6c5f2 ("mptcp: avoid duplicated SUB_CLOSED events") a7cfe7766370 ("mptcp: fix data races on local_id") 84c531f54ad9 ("mptcp: userspace pm send RM_ADDR for ID 0") f1f26512a9bf ("mptcp: use plain bool instead of custom binary enum") 1e07938e29c5 ("net: mptcp: rename netlink handlers to mptcp_pm_nl_<blah>_{doit,dumpit}") 1d0507f46843 ("net: mptcp: convert netlink from small_ops to ops") fce68b03086f ("mptcp: add scheduled in mptcp_subflow_context") 1730b2b2c5a5 ("mptcp: add sched in mptcp_sock") 740ebe35bd3f ("mptcp: add struct mptcp_sched_ops") a7384f391875 ("Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d82809b6c5f2676b382f77a5cbeb1a5d91ed2235 Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Wed, 28 Aug 2024 08:14:35 +0200 Subject: [PATCH] mptcp: avoid duplicated SUB_CLOSED events MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The initial subflow might have already been closed, but still in the connection list. When the worker is instructed to close the subflows that have been marked as closed, it might then try to close the initial subflow again. A consequence of that is that the SUB_CLOSED event can be seen twice: # ip mptcp endpoint 1.1.1.1 id 1 subflow dev eth0 2.2.2.2 id 2 subflow dev eth1 # ip mptcp monitor & [ CREATED] remid=0 locid=0 saddr4=1.1.1.1 daddr4=9.9.9.9 [ ESTABLISHED] remid=0 locid=0 saddr4=1.1.1.1 daddr4=9.9.9.9 [ SF_ESTABLISHED] remid=0 locid=2 saddr4=2.2.2.2 daddr4=9.9.9.9 # ip mptcp endpoint delete id 1 [ SF_CLOSED] remid=0 locid=0 saddr4=1.1.1.1 daddr4=9.9.9.9 [ SF_CLOSED] remid=0 locid=0 saddr4=1.1.1.1 daddr4=9.9.9.9 The first one is coming from mptcp_pm_nl_rm_subflow_received(), and the second one from __mptcp_close_subflow(). To avoid doing the post-closed processing twice, the subflow is now marked as closed the first time. Note that it is not enough to check if we are dealing with the first subflow and check its sk_state: the subflow might have been reset or closed before calling mptcp_close_ssk(). Fixes: b911c97c7dc7 ("mptcp: add netlink event support") Cc: stable(a)vger.kernel.org Tested-by: Arınç ÜNAL <arinc.unal(a)arinc9.com> Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index b571fba88a2f..37ebcb7640eb 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -2508,6 +2508,12 @@ static void __mptcp_close_ssk(struct sock *sk, struct sock *ssk, void mptcp_close_ssk(struct sock *sk, struct sock *ssk, struct mptcp_subflow_context *subflow) { + /* The first subflow can already be closed and still in the list */ + if (subflow->close_event_done) + return; + + subflow->close_event_done = true; + if (sk->sk_state == TCP_ESTABLISHED) mptcp_event(MPTCP_EVENT_SUB_CLOSED, mptcp_sk(sk), ssk, GFP_KERNEL); diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h index 240d7c2ea551..26eb898a202b 100644 --- a/net/mptcp/protocol.h +++ b/net/mptcp/protocol.h @@ -524,7 +524,8 @@ struct mptcp_subflow_context { stale : 1, /* unable to snd/rcv data, do not use for xmit */ valid_csum_seen : 1, /* at least one csum validated */ is_mptfo : 1, /* subflow is doing TFO */ - __unused : 10; + close_event_done : 1, /* has done the post-closed part */ + __unused : 9; bool data_avail; bool scheduled; u32 remote_nonce;

1 year

2
1
0 0

FAILED: patch "[PATCH] mptcp: pm: do not remove already closed subflows" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 58e1b66b4e4b8a602d3f2843e8eba00a969ecce2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024083057-italics-abrasion-ab81@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 58e1b66b4e4b ("mptcp: pm: do not remove already closed subflows") 967d3c27127e ("mptcp: fix data races on remote_id") a7cfe7766370 ("mptcp: fix data races on local_id") 84c531f54ad9 ("mptcp: userspace pm send RM_ADDR for ID 0") f1f26512a9bf ("mptcp: use plain bool instead of custom binary enum") 1e07938e29c5 ("net: mptcp: rename netlink handlers to mptcp_pm_nl_<blah>_{doit,dumpit}") 1d0507f46843 ("net: mptcp: convert netlink from small_ops to ops") fce68b03086f ("mptcp: add scheduled in mptcp_subflow_context") 1730b2b2c5a5 ("mptcp: add sched in mptcp_sock") 740ebe35bd3f ("mptcp: add struct mptcp_sched_ops") a7384f391875 ("Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 58e1b66b4e4b8a602d3f2843e8eba00a969ecce2 Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Wed, 28 Aug 2024 08:14:32 +0200 Subject: [PATCH] mptcp: pm: do not remove already closed subflows It is possible to have in the list already closed subflows, e.g. the initial subflow has been already closed, but still in the list. No need to try to close it again, and increments the related counters again. Fixes: 0ee4261a3681 ("mptcp: implement mptcp_pm_remove_subflow") Cc: stable(a)vger.kernel.org Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c index 5a84a55e37cc..3ff273e219f2 100644 --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -838,6 +838,8 @@ static void mptcp_pm_nl_rm_addr_or_subflow(struct mptcp_sock *msk, int how = RCV_SHUTDOWN | SEND_SHUTDOWN; u8 id = subflow_get_local_id(subflow); + if (inet_sk_state_load(ssk) == TCP_CLOSE) + continue; if (rm_type == MPTCP_MIB_RMADDR && remote_id != rm_id) continue; if (rm_type == MPTCP_MIB_RMSUBFLOW && id != rm_id)

1 year

2
1
0 0

FAILED: patch "[PATCH] mptcp: pm: send ACK on an active subflow" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x c07cc3ed895f9bfe0c53b5ed6be710c133b4271c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024083031-diffuser-strongbox-b85f@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: c07cc3ed895f ("mptcp: pm: send ACK on an active subflow") f5360e9b314c ("mptcp: introduce and use mptcp_pm_send_ack()") 892f396c8e68 ("mptcp: netlink: issue MP_PRIO signals from userspace PMs") a657430260e5 ("mptcp: Acquire the subflow socket lock before modifying MP_PRIO flags") c21b50d5912b ("mptcp: Avoid acquiring PM lock for subflow priority changes") 702c2f646d42 ("mptcp: netlink: allow userspace-driven subflow establishment") d9a4594edabf ("mptcp: netlink: Add MPTCP_PM_CMD_REMOVE") 9ab4807c84a4 ("mptcp: netlink: Add MPTCP_PM_CMD_ANNOUNCE") 982f17ba1a25 ("mptcp: netlink: split mptcp_pm_parse_addr into two functions") 8b20137012d9 ("mptcp: read attributes of addr entries managed by userspace PMs") 4638de5aefe5 ("mptcp: handle local addrs announced by userspace PMs") c682bf536cf4 ("mptcp: add pm_nl_pernet helpers") 0e203c324752 ("mptcp: reset the packet scheduler on PRIO change") 4cf86ae84c71 ("mptcp: strict local address ID selection") d045b9eb95a9 ("mptcp: introduce implicit endpoints") 90d930882139 ("mptcp: constify a bunch of of helpers") 33397b83eee6 ("selftests: mptcp: add backup with port testcase") 09f12c3ab7a5 ("mptcp: allow to use port and non-signal in set_flags") 6a0653b96f5d ("selftests: mptcp: add fullmesh setting tests") 73c762c1f07d ("mptcp: set fullmesh flag in pm_netlink") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c07cc3ed895f9bfe0c53b5ed6be710c133b4271c Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Wed, 28 Aug 2024 08:14:27 +0200 Subject: [PATCH] mptcp: pm: send ACK on an active subflow Taking the first one on the list doesn't work in some cases, e.g. if the initial subflow is being removed. Pick another one instead of not sending anything. Fixes: 84dfe3677a6f ("mptcp: send out dedicated ADD_ADDR packet") Cc: stable(a)vger.kernel.org Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c index 42d4e7b5f65d..ed2205ef7208 100644 --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -765,9 +765,12 @@ void mptcp_pm_nl_addr_send_ack(struct mptcp_sock *msk) !mptcp_pm_should_rm_signal(msk)) return; - subflow = list_first_entry_or_null(&msk->conn_list, typeof(*subflow), node); - if (subflow) - mptcp_pm_send_ack(msk, subflow, false, false); + mptcp_for_each_subflow(msk, subflow) { + if (__mptcp_subflow_active(subflow)) { + mptcp_pm_send_ack(msk, subflow, false, false); + break; + } + } } int mptcp_pm_nl_mp_prio_send_ack(struct mptcp_sock *msk,

1 year

2
1
0 0

FAILED: patch "[PATCH] mptcp: pm: skip connecting to already established sf" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x bc19ff57637ff563d2bdf2b385b48c41e6509e0d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024083003-chowder-scurvy-2e9c@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: bc19ff57637f ("mptcp: pm: skip connecting to already established sf") 4638de5aefe5 ("mptcp: handle local addrs announced by userspace PMs") c682bf536cf4 ("mptcp: add pm_nl_pernet helpers") 4cf86ae84c71 ("mptcp: strict local address ID selection") d045b9eb95a9 ("mptcp: introduce implicit endpoints") 90d930882139 ("mptcp: constify a bunch of of helpers") 33397b83eee6 ("selftests: mptcp: add backup with port testcase") 09f12c3ab7a5 ("mptcp: allow to use port and non-signal in set_flags") 6a0653b96f5d ("selftests: mptcp: add fullmesh setting tests") 8e9eacad7ec7 ("mptcp: fix msk traversal in mptcp_nl_cmd_set_flags()") 327b9a94e2a8 ("selftests: mptcp: more stable join tests-cases") a88c9e496937 ("mptcp: do not block subflows creation on errors") 86e39e04482b ("mptcp: keep track of local endpoint still available for each msk") f7d6a237d742 ("mptcp: fix per socket endpoint accounting") b29fcfb54cd7 ("mptcp: full disconnect implementation") 59060a47ca50 ("mptcp: clean up harmless false expressions") 3ce0852c86b9 ("mptcp: enforce HoL-blocking estimation") 602837e8479d ("mptcp: allow changing the "backup" bit by endpoint id") 6511882cdd82 ("mptcp: allocate fwd memory separately on the rx and tx path") dd9a887b35b0 ("Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From bc19ff57637ff563d2bdf2b385b48c41e6509e0d Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Wed, 28 Aug 2024 08:14:28 +0200 Subject: [PATCH] mptcp: pm: skip connecting to already established sf The lookup_subflow_by_daddr() helper checks if there is already a subflow connected to this address. But there could be a subflow that is closing, but taking time due to some reasons: latency, losses, data to process, etc. If an ADD_ADDR is received while the endpoint is being closed, it is better to try connecting to it, instead of rejecting it: the peer which has sent the ADD_ADDR will not be notified that the ADD_ADDR has been rejected for this reason, and the expected subflow will not be created at the end. This helper should then only look for subflows that are established, or going to be, but not the ones being closed. Fixes: d84ad04941c3 ("mptcp: skip connecting the connected address") Cc: stable(a)vger.kernel.org Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c index ed2205ef7208..0134b6273c54 100644 --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -130,12 +130,15 @@ static bool lookup_subflow_by_daddr(const struct list_head *list, { struct mptcp_subflow_context *subflow; struct mptcp_addr_info cur; - struct sock_common *skc; list_for_each_entry(subflow, list, node) { - skc = (struct sock_common *)mptcp_subflow_tcp_sock(subflow); + struct sock *ssk = mptcp_subflow_tcp_sock(subflow); - remote_address(skc, &cur); + if (!((1 << inet_sk_state_load(ssk)) & + (TCPF_ESTABLISHED | TCPF_SYN_SENT | TCPF_SYN_RECV))) + continue; + + remote_address((struct sock_common *)ssk, &cur); if (mptcp_addresses_equal(&cur, daddr, daddr->port)) return true; }

1 year

2
1
0 0

FAILED: patch "[PATCH] mptcp: pr_debug: add missing \n at the end" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x cb41b195e634d3f1ecfcd845314e64fd4bb3c7aa # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024083021-sudden-riverbank-b088@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: cb41b195e634 ("mptcp: pr_debug: add missing \n at the end") 68cc924729ff ("mptcp: fix duplicate data handling") 89721e3038d1 ("Merge tag 'net-accept-more-20240515' of git://git.kernel.dk/linux") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From cb41b195e634d3f1ecfcd845314e64fd4bb3c7aa Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Mon, 26 Aug 2024 19:11:21 +0200 Subject: [PATCH] mptcp: pr_debug: add missing \n at the end pr_debug() have been added in various places in MPTCP code to help developers to debug some situations. With the dynamic debug feature, it is easy to enable all or some of them, and asks users to reproduce issues with extra debug. Many of these pr_debug() don't end with a new line, while no 'pr_cont()' are used in MPTCP code. So the goal was not to display multiple debug messages on one line: they were then not missing the '\n' on purpose. Not having the new line at the end causes these messages to be printed with a delay, when something else needs to be printed. This issue is not visible when many messages need to be printed, but it is annoying and confusing when only specific messages are expected, e.g. # echo "func mptcp_pm_add_addr_echoed +fmp" \ > /sys/kernel/debug/dynamic_debug/control # ./mptcp_join.sh "signal address"; \ echo "$(awk '{print $1}' /proc/uptime) - end"; \ sleep 5s; \ echo "$(awk '{print $1}' /proc/uptime) - restart"; \ ./mptcp_join.sh "signal address" 013 signal address (...) 10.75 - end 15.76 - restart 013 signal address [ 10.367935] mptcp:mptcp_pm_add_addr_echoed: MPTCP: msk=(...) (...) => a delay of 5 seconds: printed with a 10.36 ts, but after 'restart' which was printed at the 15.76 ts. The 'Fixes' tag here below points to the first pr_debug() used without '\n' in net/mptcp. This patch could be split in many small ones, with different Fixes tag, but it doesn't seem worth it, because it is easy to re-generate this patch with this simple 'sed' command: git grep -l pr_debug -- net/mptcp | xargs sed -i "s/$pr_debug(\".*[^n]$$\"[,)]$/\1\\\n\2/g" So in case of conflicts, simply drop the modifications, and launch this command. Fixes: f870fa0b5768 ("mptcp: Add MPTCP socket stubs") Cc: stable(a)vger.kernel.org Reviewed-by: Geliang Tang <geliang(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://patch.msgid.link/20240826-net-mptcp-close-extra-sf-fin-v1-4-905199f… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/mptcp/fastopen.c b/net/mptcp/fastopen.c index ad28da655f8b..a29ff901df75 100644 --- a/net/mptcp/fastopen.c +++ b/net/mptcp/fastopen.c @@ -68,12 +68,12 @@ void __mptcp_fastopen_gen_msk_ackseq(struct mptcp_sock *msk, struct mptcp_subflo skb = skb_peek_tail(&sk->sk_receive_queue); if (skb) { WARN_ON_ONCE(MPTCP_SKB_CB(skb)->end_seq); - pr_debug("msk %p moving seq %llx -> %llx end_seq %llx -> %llx", sk, + pr_debug("msk %p moving seq %llx -> %llx end_seq %llx -> %llx\n", sk, MPTCP_SKB_CB(skb)->map_seq, MPTCP_SKB_CB(skb)->map_seq + msk->ack_seq, MPTCP_SKB_CB(skb)->end_seq, MPTCP_SKB_CB(skb)->end_seq + msk->ack_seq); MPTCP_SKB_CB(skb)->map_seq += msk->ack_seq; MPTCP_SKB_CB(skb)->end_seq += msk->ack_seq; } - pr_debug("msk=%p ack_seq=%llx", msk, msk->ack_seq); + pr_debug("msk=%p ack_seq=%llx\n", msk, msk->ack_seq); } diff --git a/net/mptcp/options.c b/net/mptcp/options.c index ac2f1a54cc43..370c3836b771 100644 --- a/net/mptcp/options.c +++ b/net/mptcp/options.c @@ -117,7 +117,7 @@ static void mptcp_parse_option(const struct sk_buff *skb, mp_opt->suboptions |= OPTION_MPTCP_CSUMREQD; ptr += 2; } - pr_debug("MP_CAPABLE version=%x, flags=%x, optlen=%d sndr=%llu, rcvr=%llu len=%d csum=%u", + pr_debug("MP_CAPABLE version=%x, flags=%x, optlen=%d sndr=%llu, rcvr=%llu len=%d csum=%u\n", version, flags, opsize, mp_opt->sndr_key, mp_opt->rcvr_key, mp_opt->data_len, mp_opt->csum); break; @@ -131,7 +131,7 @@ static void mptcp_parse_option(const struct sk_buff *skb, ptr += 4; mp_opt->nonce = get_unaligned_be32(ptr); ptr += 4; - pr_debug("MP_JOIN bkup=%u, id=%u, token=%u, nonce=%u", + pr_debug("MP_JOIN bkup=%u, id=%u, token=%u, nonce=%u\n", mp_opt->backup, mp_opt->join_id, mp_opt->token, mp_opt->nonce); } else if (opsize == TCPOLEN_MPTCP_MPJ_SYNACK) { @@ -142,19 +142,19 @@ static void mptcp_parse_option(const struct sk_buff *skb, ptr += 8; mp_opt->nonce = get_unaligned_be32(ptr); ptr += 4; - pr_debug("MP_JOIN bkup=%u, id=%u, thmac=%llu, nonce=%u", + pr_debug("MP_JOIN bkup=%u, id=%u, thmac=%llu, nonce=%u\n", mp_opt->backup, mp_opt->join_id, mp_opt->thmac, mp_opt->nonce); } else if (opsize == TCPOLEN_MPTCP_MPJ_ACK) { mp_opt->suboptions |= OPTION_MPTCP_MPJ_ACK; ptr += 2; memcpy(mp_opt->hmac, ptr, MPTCPOPT_HMAC_LEN); - pr_debug("MP_JOIN hmac"); + pr_debug("MP_JOIN hmac\n"); } break; case MPTCPOPT_DSS: - pr_debug("DSS"); + pr_debug("DSS\n"); ptr++; /* we must clear 'mpc_map' be able to detect MP_CAPABLE @@ -169,7 +169,7 @@ static void mptcp_parse_option(const struct sk_buff *skb, mp_opt->ack64 = (flags & MPTCP_DSS_ACK64) != 0; mp_opt->use_ack = (flags & MPTCP_DSS_HAS_ACK); - pr_debug("data_fin=%d dsn64=%d use_map=%d ack64=%d use_ack=%d", + pr_debug("data_fin=%d dsn64=%d use_map=%d ack64=%d use_ack=%d\n", mp_opt->data_fin, mp_opt->dsn64, mp_opt->use_map, mp_opt->ack64, mp_opt->use_ack); @@ -207,7 +207,7 @@ static void mptcp_parse_option(const struct sk_buff *skb, ptr += 4; } - pr_debug("data_ack=%llu", mp_opt->data_ack); + pr_debug("data_ack=%llu\n", mp_opt->data_ack); } if (mp_opt->use_map) { @@ -231,7 +231,7 @@ static void mptcp_parse_option(const struct sk_buff *skb, ptr += 2; } - pr_debug("data_seq=%llu subflow_seq=%u data_len=%u csum=%d:%u", + pr_debug("data_seq=%llu subflow_seq=%u data_len=%u csum=%d:%u\n", mp_opt->data_seq, mp_opt->subflow_seq, mp_opt->data_len, !!(mp_opt->suboptions & OPTION_MPTCP_CSUMREQD), mp_opt->csum); @@ -293,7 +293,7 @@ static void mptcp_parse_option(const struct sk_buff *skb, mp_opt->ahmac = get_unaligned_be64(ptr); ptr += 8; } - pr_debug("ADD_ADDR%s: id=%d, ahmac=%llu, echo=%d, port=%d", + pr_debug("ADD_ADDR%s: id=%d, ahmac=%llu, echo=%d, port=%d\n", (mp_opt->addr.family == AF_INET6) ? "6" : "", mp_opt->addr.id, mp_opt->ahmac, mp_opt->echo, ntohs(mp_opt->addr.port)); break; @@ -309,7 +309,7 @@ static void mptcp_parse_option(const struct sk_buff *skb, mp_opt->rm_list.nr = opsize - TCPOLEN_MPTCP_RM_ADDR_BASE; for (i = 0; i < mp_opt->rm_list.nr; i++) mp_opt->rm_list.ids[i] = *ptr++; - pr_debug("RM_ADDR: rm_list_nr=%d", mp_opt->rm_list.nr); + pr_debug("RM_ADDR: rm_list_nr=%d\n", mp_opt->rm_list.nr); break; case MPTCPOPT_MP_PRIO: @@ -318,7 +318,7 @@ static void mptcp_parse_option(const struct sk_buff *skb, mp_opt->suboptions |= OPTION_MPTCP_PRIO; mp_opt->backup = *ptr++ & MPTCP_PRIO_BKUP; - pr_debug("MP_PRIO: prio=%d", mp_opt->backup); + pr_debug("MP_PRIO: prio=%d\n", mp_opt->backup); break; case MPTCPOPT_MP_FASTCLOSE: @@ -329,7 +329,7 @@ static void mptcp_parse_option(const struct sk_buff *skb, mp_opt->rcvr_key = get_unaligned_be64(ptr); ptr += 8; mp_opt->suboptions |= OPTION_MPTCP_FASTCLOSE; - pr_debug("MP_FASTCLOSE: recv_key=%llu", mp_opt->rcvr_key); + pr_debug("MP_FASTCLOSE: recv_key=%llu\n", mp_opt->rcvr_key); break; case MPTCPOPT_RST: @@ -343,7 +343,7 @@ static void mptcp_parse_option(const struct sk_buff *skb, flags = *ptr++; mp_opt->reset_transient = flags & MPTCP_RST_TRANSIENT; mp_opt->reset_reason = *ptr; - pr_debug("MP_RST: transient=%u reason=%u", + pr_debug("MP_RST: transient=%u reason=%u\n", mp_opt->reset_transient, mp_opt->reset_reason); break; @@ -354,7 +354,7 @@ static void mptcp_parse_option(const struct sk_buff *skb, ptr += 2; mp_opt->suboptions |= OPTION_MPTCP_FAIL; mp_opt->fail_seq = get_unaligned_be64(ptr); - pr_debug("MP_FAIL: data_seq=%llu", mp_opt->fail_seq); + pr_debug("MP_FAIL: data_seq=%llu\n", mp_opt->fail_seq); break; default: @@ -417,7 +417,7 @@ bool mptcp_syn_options(struct sock *sk, const struct sk_buff *skb, *size = TCPOLEN_MPTCP_MPC_SYN; return true; } else if (subflow->request_join) { - pr_debug("remote_token=%u, nonce=%u", subflow->remote_token, + pr_debug("remote_token=%u, nonce=%u\n", subflow->remote_token, subflow->local_nonce); opts->suboptions = OPTION_MPTCP_MPJ_SYN; opts->join_id = subflow->local_id; @@ -500,7 +500,7 @@ static bool mptcp_established_options_mp(struct sock *sk, struct sk_buff *skb, *size = TCPOLEN_MPTCP_MPC_ACK; } - pr_debug("subflow=%p, local_key=%llu, remote_key=%llu map_len=%d", + pr_debug("subflow=%p, local_key=%llu, remote_key=%llu map_len=%d\n", subflow, subflow->local_key, subflow->remote_key, data_len); @@ -509,7 +509,7 @@ static bool mptcp_established_options_mp(struct sock *sk, struct sk_buff *skb, opts->suboptions = OPTION_MPTCP_MPJ_ACK; memcpy(opts->hmac, subflow->hmac, MPTCPOPT_HMAC_LEN); *size = TCPOLEN_MPTCP_MPJ_ACK; - pr_debug("subflow=%p", subflow); + pr_debug("subflow=%p\n", subflow); /* we can use the full delegate action helper only from BH context * If we are in process context - sk is flushing the backlog at @@ -675,7 +675,7 @@ static bool mptcp_established_options_add_addr(struct sock *sk, struct sk_buff * *size = len; if (drop_other_suboptions) { - pr_debug("drop other suboptions"); + pr_debug("drop other suboptions\n"); opts->suboptions = 0; /* note that e.g. DSS could have written into the memory @@ -695,7 +695,7 @@ static bool mptcp_established_options_add_addr(struct sock *sk, struct sk_buff * } else { MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_ECHOADDTX); } - pr_debug("addr_id=%d, ahmac=%llu, echo=%d, port=%d", + pr_debug("addr_id=%d, ahmac=%llu, echo=%d, port=%d\n", opts->addr.id, opts->ahmac, echo, ntohs(opts->addr.port)); return true; @@ -726,7 +726,7 @@ static bool mptcp_established_options_rm_addr(struct sock *sk, opts->rm_list = rm_list; for (i = 0; i < opts->rm_list.nr; i++) - pr_debug("rm_list_ids[%d]=%d", i, opts->rm_list.ids[i]); + pr_debug("rm_list_ids[%d]=%d\n", i, opts->rm_list.ids[i]); MPTCP_ADD_STATS(sock_net(sk), MPTCP_MIB_RMADDRTX, opts->rm_list.nr); return true; } @@ -752,7 +752,7 @@ static bool mptcp_established_options_mp_prio(struct sock *sk, opts->suboptions |= OPTION_MPTCP_PRIO; opts->backup = subflow->request_bkup; - pr_debug("prio=%d", opts->backup); + pr_debug("prio=%d\n", opts->backup); return true; } @@ -794,7 +794,7 @@ static bool mptcp_established_options_fastclose(struct sock *sk, opts->suboptions |= OPTION_MPTCP_FASTCLOSE; opts->rcvr_key = READ_ONCE(msk->remote_key); - pr_debug("FASTCLOSE key=%llu", opts->rcvr_key); + pr_debug("FASTCLOSE key=%llu\n", opts->rcvr_key); MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_MPFASTCLOSETX); return true; } @@ -816,7 +816,7 @@ static bool mptcp_established_options_mp_fail(struct sock *sk, opts->suboptions |= OPTION_MPTCP_FAIL; opts->fail_seq = subflow->map_seq; - pr_debug("MP_FAIL fail_seq=%llu", opts->fail_seq); + pr_debug("MP_FAIL fail_seq=%llu\n", opts->fail_seq); MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_MPFAILTX); return true; @@ -904,7 +904,7 @@ bool mptcp_synack_options(const struct request_sock *req, unsigned int *size, opts->csum_reqd = subflow_req->csum_reqd; opts->allow_join_id0 = subflow_req->allow_join_id0; *size = TCPOLEN_MPTCP_MPC_SYNACK; - pr_debug("subflow_req=%p, local_key=%llu", + pr_debug("subflow_req=%p, local_key=%llu\n", subflow_req, subflow_req->local_key); return true; } else if (subflow_req->mp_join) { @@ -913,7 +913,7 @@ bool mptcp_synack_options(const struct request_sock *req, unsigned int *size, opts->join_id = subflow_req->local_id; opts->thmac = subflow_req->thmac; opts->nonce = subflow_req->local_nonce; - pr_debug("req=%p, bkup=%u, id=%u, thmac=%llu, nonce=%u", + pr_debug("req=%p, bkup=%u, id=%u, thmac=%llu, nonce=%u\n", subflow_req, opts->backup, opts->join_id, opts->thmac, opts->nonce); *size = TCPOLEN_MPTCP_MPJ_SYNACK; diff --git a/net/mptcp/pm.c b/net/mptcp/pm.c index 3e6e0f5510bb..3f8dbde243f1 100644 --- a/net/mptcp/pm.c +++ b/net/mptcp/pm.c @@ -19,7 +19,7 @@ int mptcp_pm_announce_addr(struct mptcp_sock *msk, { u8 add_addr = READ_ONCE(msk->pm.addr_signal); - pr_debug("msk=%p, local_id=%d, echo=%d", msk, addr->id, echo); + pr_debug("msk=%p, local_id=%d, echo=%d\n", msk, addr->id, echo); lockdep_assert_held(&msk->pm.lock); @@ -45,7 +45,7 @@ int mptcp_pm_remove_addr(struct mptcp_sock *msk, const struct mptcp_rm_list *rm_ { u8 rm_addr = READ_ONCE(msk->pm.addr_signal); - pr_debug("msk=%p, rm_list_nr=%d", msk, rm_list->nr); + pr_debug("msk=%p, rm_list_nr=%d\n", msk, rm_list->nr); if (rm_addr) { MPTCP_ADD_STATS(sock_net((struct sock *)msk), @@ -66,7 +66,7 @@ void mptcp_pm_new_connection(struct mptcp_sock *msk, const struct sock *ssk, int { struct mptcp_pm_data *pm = &msk->pm; - pr_debug("msk=%p, token=%u side=%d", msk, READ_ONCE(msk->token), server_side); + pr_debug("msk=%p, token=%u side=%d\n", msk, READ_ONCE(msk->token), server_side); WRITE_ONCE(pm->server_side, server_side); mptcp_event(MPTCP_EVENT_CREATED, msk, ssk, GFP_ATOMIC); @@ -90,7 +90,7 @@ bool mptcp_pm_allow_new_subflow(struct mptcp_sock *msk) subflows_max = mptcp_pm_get_subflows_max(msk); - pr_debug("msk=%p subflows=%d max=%d allow=%d", msk, pm->subflows, + pr_debug("msk=%p subflows=%d max=%d allow=%d\n", msk, pm->subflows, subflows_max, READ_ONCE(pm->accept_subflow)); /* try to avoid acquiring the lock below */ @@ -114,7 +114,7 @@ bool mptcp_pm_allow_new_subflow(struct mptcp_sock *msk) static bool mptcp_pm_schedule_work(struct mptcp_sock *msk, enum mptcp_pm_status new_status) { - pr_debug("msk=%p status=%x new=%lx", msk, msk->pm.status, + pr_debug("msk=%p status=%x new=%lx\n", msk, msk->pm.status, BIT(new_status)); if (msk->pm.status & BIT(new_status)) return false; @@ -129,7 +129,7 @@ void mptcp_pm_fully_established(struct mptcp_sock *msk, const struct sock *ssk) struct mptcp_pm_data *pm = &msk->pm; bool announce = false; - pr_debug("msk=%p", msk); + pr_debug("msk=%p\n", msk); spin_lock_bh(&pm->lock); @@ -153,14 +153,14 @@ void mptcp_pm_fully_established(struct mptcp_sock *msk, const struct sock *ssk) void mptcp_pm_connection_closed(struct mptcp_sock *msk) { - pr_debug("msk=%p", msk); + pr_debug("msk=%p\n", msk); } void mptcp_pm_subflow_established(struct mptcp_sock *msk) { struct mptcp_pm_data *pm = &msk->pm; - pr_debug("msk=%p", msk); + pr_debug("msk=%p\n", msk); if (!READ_ONCE(pm->work_pending)) return; @@ -212,7 +212,7 @@ void mptcp_pm_add_addr_received(const struct sock *ssk, struct mptcp_sock *msk = mptcp_sk(subflow->conn); struct mptcp_pm_data *pm = &msk->pm; - pr_debug("msk=%p remote_id=%d accept=%d", msk, addr->id, + pr_debug("msk=%p remote_id=%d accept=%d\n", msk, addr->id, READ_ONCE(pm->accept_addr)); mptcp_event_addr_announced(ssk, addr); @@ -243,7 +243,7 @@ void mptcp_pm_add_addr_echoed(struct mptcp_sock *msk, { struct mptcp_pm_data *pm = &msk->pm; - pr_debug("msk=%p", msk); + pr_debug("msk=%p\n", msk); spin_lock_bh(&pm->lock); @@ -267,7 +267,7 @@ void mptcp_pm_rm_addr_received(struct mptcp_sock *msk, struct mptcp_pm_data *pm = &msk->pm; u8 i; - pr_debug("msk=%p remote_ids_nr=%d", msk, rm_list->nr); + pr_debug("msk=%p remote_ids_nr=%d\n", msk, rm_list->nr); for (i = 0; i < rm_list->nr; i++) mptcp_event_addr_removed(msk, rm_list->ids[i]); @@ -299,19 +299,19 @@ void mptcp_pm_mp_fail_received(struct sock *sk, u64 fail_seq) struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(sk); struct mptcp_sock *msk = mptcp_sk(subflow->conn); - pr_debug("fail_seq=%llu", fail_seq); + pr_debug("fail_seq=%llu\n", fail_seq); if (!READ_ONCE(msk->allow_infinite_fallback)) return; if (!subflow->fail_tout) { - pr_debug("send MP_FAIL response and infinite map"); + pr_debug("send MP_FAIL response and infinite map\n"); subflow->send_mp_fail = 1; subflow->send_infinite_map = 1; tcp_send_ack(sk); } else { - pr_debug("MP_FAIL response received"); + pr_debug("MP_FAIL response received\n"); WRITE_ONCE(subflow->fail_tout, 0); } } diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c index 3e4ad801786f..8d2f97854c64 100644 --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -287,7 +287,7 @@ static void mptcp_pm_add_timer(struct timer_list *timer) struct mptcp_sock *msk = entry->sock; struct sock *sk = (struct sock *)msk; - pr_debug("msk=%p", msk); + pr_debug("msk=%p\n", msk); if (!msk) return; @@ -306,7 +306,7 @@ static void mptcp_pm_add_timer(struct timer_list *timer) spin_lock_bh(&msk->pm.lock); if (!mptcp_pm_should_add_signal_addr(msk)) { - pr_debug("retransmit ADD_ADDR id=%d", entry->addr.id); + pr_debug("retransmit ADD_ADDR id=%d\n", entry->addr.id); mptcp_pm_announce_addr(msk, &entry->addr, false); mptcp_pm_add_addr_send_ack(msk); entry->retrans_times++; @@ -387,7 +387,7 @@ void mptcp_pm_free_anno_list(struct mptcp_sock *msk) struct sock *sk = (struct sock *)msk; LIST_HEAD(free_list); - pr_debug("msk=%p", msk); + pr_debug("msk=%p\n", msk); spin_lock_bh(&msk->pm.lock); list_splice_init(&msk->pm.anno_list, &free_list); @@ -473,7 +473,7 @@ static void __mptcp_pm_send_ack(struct mptcp_sock *msk, struct mptcp_subflow_con struct sock *ssk = mptcp_subflow_tcp_sock(subflow); bool slow; - pr_debug("send ack for %s", + pr_debug("send ack for %s\n", prio ? "mp_prio" : (mptcp_pm_should_add_signal(msk) ? "add_addr" : "rm_addr")); slow = lock_sock_fast(ssk); @@ -708,7 +708,7 @@ static void mptcp_pm_nl_add_addr_received(struct mptcp_sock *msk) add_addr_accept_max = mptcp_pm_get_add_addr_accept_max(msk); subflows_max = mptcp_pm_get_subflows_max(msk); - pr_debug("accepted %d:%d remote family %d", + pr_debug("accepted %d:%d remote family %d\n", msk->pm.add_addr_accepted, add_addr_accept_max, msk->pm.remote.family); @@ -767,7 +767,7 @@ int mptcp_pm_nl_mp_prio_send_ack(struct mptcp_sock *msk, { struct mptcp_subflow_context *subflow; - pr_debug("bkup=%d", bkup); + pr_debug("bkup=%d\n", bkup); mptcp_for_each_subflow(msk, subflow) { struct sock *ssk = mptcp_subflow_tcp_sock(subflow); @@ -803,7 +803,7 @@ static void mptcp_pm_nl_rm_addr_or_subflow(struct mptcp_sock *msk, struct sock *sk = (struct sock *)msk; u8 i; - pr_debug("%s rm_list_nr %d", + pr_debug("%s rm_list_nr %d\n", rm_type == MPTCP_MIB_RMADDR ? "address" : "subflow", rm_list->nr); msk_owned_by_me(msk); @@ -832,7 +832,7 @@ static void mptcp_pm_nl_rm_addr_or_subflow(struct mptcp_sock *msk, if (rm_type == MPTCP_MIB_RMSUBFLOW && !mptcp_local_id_match(msk, id, rm_id)) continue; - pr_debug(" -> %s rm_list_ids[%d]=%u local_id=%u remote_id=%u mpc_id=%u", + pr_debug(" -> %s rm_list_ids[%d]=%u local_id=%u remote_id=%u mpc_id=%u\n", rm_type == MPTCP_MIB_RMADDR ? "address" : "subflow", i, rm_id, id, remote_id, msk->mpc_endpoint_id); spin_unlock_bh(&msk->pm.lock); @@ -889,7 +889,7 @@ void mptcp_pm_nl_work(struct mptcp_sock *msk) spin_lock_bh(&msk->pm.lock); - pr_debug("msk=%p status=%x", msk, pm->status); + pr_debug("msk=%p status=%x\n", msk, pm->status); if (pm->status & BIT(MPTCP_PM_ADD_ADDR_RECEIVED)) { pm->status &= ~BIT(MPTCP_PM_ADD_ADDR_RECEIVED); mptcp_pm_nl_add_addr_received(msk); @@ -1476,7 +1476,7 @@ static int mptcp_nl_remove_subflow_and_signal_addr(struct net *net, long s_slot = 0, s_num = 0; struct mptcp_sock *msk; - pr_debug("remove_id=%d", addr->id); + pr_debug("remove_id=%d\n", addr->id); list.ids[list.nr++] = addr->id; diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 34fec753b9c1..b571fba88a2f 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -139,7 +139,7 @@ static bool mptcp_try_coalesce(struct sock *sk, struct sk_buff *to, !skb_try_coalesce(to, from, &fragstolen, &delta)) return false; - pr_debug("colesced seq %llx into %llx new len %d new end seq %llx", + pr_debug("colesced seq %llx into %llx new len %d new end seq %llx\n", MPTCP_SKB_CB(from)->map_seq, MPTCP_SKB_CB(to)->map_seq, to->len, MPTCP_SKB_CB(from)->end_seq); MPTCP_SKB_CB(to)->end_seq = MPTCP_SKB_CB(from)->end_seq; @@ -217,7 +217,7 @@ static void mptcp_data_queue_ofo(struct mptcp_sock *msk, struct sk_buff *skb) end_seq = MPTCP_SKB_CB(skb)->end_seq; max_seq = atomic64_read(&msk->rcv_wnd_sent); - pr_debug("msk=%p seq=%llx limit=%llx empty=%d", msk, seq, max_seq, + pr_debug("msk=%p seq=%llx limit=%llx empty=%d\n", msk, seq, max_seq, RB_EMPTY_ROOT(&msk->out_of_order_queue)); if (after64(end_seq, max_seq)) { /* out of window */ @@ -643,7 +643,7 @@ static bool __mptcp_move_skbs_from_subflow(struct mptcp_sock *msk, } } - pr_debug("msk=%p ssk=%p", msk, ssk); + pr_debug("msk=%p ssk=%p\n", msk, ssk); tp = tcp_sk(ssk); do { u32 map_remaining, offset; @@ -724,7 +724,7 @@ static bool __mptcp_ofo_queue(struct mptcp_sock *msk) u64 end_seq; p = rb_first(&msk->out_of_order_queue); - pr_debug("msk=%p empty=%d", msk, RB_EMPTY_ROOT(&msk->out_of_order_queue)); + pr_debug("msk=%p empty=%d\n", msk, RB_EMPTY_ROOT(&msk->out_of_order_queue)); while (p) { skb = rb_to_skb(p); if (after64(MPTCP_SKB_CB(skb)->map_seq, msk->ack_seq)) @@ -746,7 +746,7 @@ static bool __mptcp_ofo_queue(struct mptcp_sock *msk) int delta = msk->ack_seq - MPTCP_SKB_CB(skb)->map_seq; /* skip overlapping data, if any */ - pr_debug("uncoalesced seq=%llx ack seq=%llx delta=%d", + pr_debug("uncoalesced seq=%llx ack seq=%llx delta=%d\n", MPTCP_SKB_CB(skb)->map_seq, msk->ack_seq, delta); MPTCP_SKB_CB(skb)->offset += delta; @@ -1240,7 +1240,7 @@ static int mptcp_sendmsg_frag(struct sock *sk, struct sock *ssk, size_t copy; int i; - pr_debug("msk=%p ssk=%p sending dfrag at seq=%llu len=%u already sent=%u", + pr_debug("msk=%p ssk=%p sending dfrag at seq=%llu len=%u already sent=%u\n", msk, ssk, dfrag->data_seq, dfrag->data_len, info->sent); if (WARN_ON_ONCE(info->sent > info->limit || @@ -1341,7 +1341,7 @@ static int mptcp_sendmsg_frag(struct sock *sk, struct sock *ssk, mpext->use_map = 1; mpext->dsn64 = 1; - pr_debug("data_seq=%llu subflow_seq=%u data_len=%u dsn64=%d", + pr_debug("data_seq=%llu subflow_seq=%u data_len=%u dsn64=%d\n", mpext->data_seq, mpext->subflow_seq, mpext->data_len, mpext->dsn64); @@ -1892,7 +1892,7 @@ static int mptcp_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) if (!msk->first_pending) WRITE_ONCE(msk->first_pending, dfrag); } - pr_debug("msk=%p dfrag at seq=%llu len=%u sent=%u new=%d", msk, + pr_debug("msk=%p dfrag at seq=%llu len=%u sent=%u new=%d\n", msk, dfrag->data_seq, dfrag->data_len, dfrag->already_sent, !dfrag_collapsed); @@ -2248,7 +2248,7 @@ static int mptcp_recvmsg(struct sock *sk, struct msghdr *msg, size_t len, } } - pr_debug("block timeout %ld", timeo); + pr_debug("block timeout %ld\n", timeo); sk_wait_data(sk, &timeo, NULL); } @@ -2264,7 +2264,7 @@ static int mptcp_recvmsg(struct sock *sk, struct msghdr *msg, size_t len, } } - pr_debug("msk=%p rx queue empty=%d:%d copied=%d", + pr_debug("msk=%p rx queue empty=%d:%d copied=%d\n", msk, skb_queue_empty_lockless(&sk->sk_receive_queue), skb_queue_empty(&msk->receive_queue), copied); if (!(flags & MSG_PEEK)) @@ -2717,7 +2717,7 @@ static void mptcp_mp_fail_no_response(struct mptcp_sock *msk) if (!ssk) return; - pr_debug("MP_FAIL doesn't respond, reset the subflow"); + pr_debug("MP_FAIL doesn't respond, reset the subflow\n"); slow = lock_sock_fast(ssk); mptcp_subflow_reset(ssk); @@ -2891,7 +2891,7 @@ void mptcp_subflow_shutdown(struct sock *sk, struct sock *ssk, int how) break; default: if (__mptcp_check_fallback(mptcp_sk(sk))) { - pr_debug("Fallback"); + pr_debug("Fallback\n"); ssk->sk_shutdown |= how; tcp_shutdown(ssk, how); @@ -2901,7 +2901,7 @@ void mptcp_subflow_shutdown(struct sock *sk, struct sock *ssk, int how) WRITE_ONCE(mptcp_sk(sk)->snd_una, mptcp_sk(sk)->snd_nxt); mptcp_schedule_work(sk); } else { - pr_debug("Sending DATA_FIN on subflow %p", ssk); + pr_debug("Sending DATA_FIN on subflow %p\n", ssk); tcp_send_ack(ssk); if (!mptcp_rtx_timer_pending(sk)) mptcp_reset_rtx_timer(sk); @@ -2967,7 +2967,7 @@ static void mptcp_check_send_data_fin(struct sock *sk) struct mptcp_subflow_context *subflow; struct mptcp_sock *msk = mptcp_sk(sk); - pr_debug("msk=%p snd_data_fin_enable=%d pending=%d snd_nxt=%llu write_seq=%llu", + pr_debug("msk=%p snd_data_fin_enable=%d pending=%d snd_nxt=%llu write_seq=%llu\n", msk, msk->snd_data_fin_enable, !!mptcp_send_head(sk), msk->snd_nxt, msk->write_seq); @@ -2991,7 +2991,7 @@ static void __mptcp_wr_shutdown(struct sock *sk) { struct mptcp_sock *msk = mptcp_sk(sk); - pr_debug("msk=%p snd_data_fin_enable=%d shutdown=%x state=%d pending=%d", + pr_debug("msk=%p snd_data_fin_enable=%d shutdown=%x state=%d pending=%d\n", msk, msk->snd_data_fin_enable, sk->sk_shutdown, sk->sk_state, !!mptcp_send_head(sk)); @@ -3006,7 +3006,7 @@ static void __mptcp_destroy_sock(struct sock *sk) { struct mptcp_sock *msk = mptcp_sk(sk); - pr_debug("msk=%p", msk); + pr_debug("msk=%p\n", msk); might_sleep(); @@ -3114,7 +3114,7 @@ bool __mptcp_close(struct sock *sk, long timeout) mptcp_set_state(sk, TCP_CLOSE); sock_hold(sk); - pr_debug("msk=%p state=%d", sk, sk->sk_state); + pr_debug("msk=%p state=%d\n", sk, sk->sk_state); if (msk->token) mptcp_event(MPTCP_EVENT_CLOSED, msk, NULL, GFP_KERNEL); @@ -3546,7 +3546,7 @@ static int mptcp_get_port(struct sock *sk, unsigned short snum) { struct mptcp_sock *msk = mptcp_sk(sk); - pr_debug("msk=%p, ssk=%p", msk, msk->first); + pr_debug("msk=%p, ssk=%p\n", msk, msk->first); if (WARN_ON_ONCE(!msk->first)) return -EINVAL; @@ -3563,7 +3563,7 @@ void mptcp_finish_connect(struct sock *ssk) sk = subflow->conn; msk = mptcp_sk(sk); - pr_debug("msk=%p, token=%u", sk, subflow->token); + pr_debug("msk=%p, token=%u\n", sk, subflow->token); subflow->map_seq = subflow->iasn; subflow->map_subflow_seq = 1; @@ -3592,7 +3592,7 @@ bool mptcp_finish_join(struct sock *ssk) struct sock *parent = (void *)msk; bool ret = true; - pr_debug("msk=%p, subflow=%p", msk, subflow); + pr_debug("msk=%p, subflow=%p\n", msk, subflow); /* mptcp socket already closing? */ if (!mptcp_is_fully_established(parent)) { @@ -3638,7 +3638,7 @@ bool mptcp_finish_join(struct sock *ssk) static void mptcp_shutdown(struct sock *sk, int how) { - pr_debug("sk=%p, how=%d", sk, how); + pr_debug("sk=%p, how=%d\n", sk, how); if ((how & SEND_SHUTDOWN) && mptcp_close_state(sk)) __mptcp_wr_shutdown(sk); @@ -3859,7 +3859,7 @@ static int mptcp_listen(struct socket *sock, int backlog) struct sock *ssk; int err; - pr_debug("msk=%p", msk); + pr_debug("msk=%p\n", msk); lock_sock(sk); @@ -3898,7 +3898,7 @@ static int mptcp_stream_accept(struct socket *sock, struct socket *newsock, struct mptcp_sock *msk = mptcp_sk(sock->sk); struct sock *ssk, *newsk; - pr_debug("msk=%p", msk); + pr_debug("msk=%p\n", msk); /* Buggy applications can call accept on socket states other then LISTEN * but no need to allocate the first subflow just to error out. @@ -3907,12 +3907,12 @@ static int mptcp_stream_accept(struct socket *sock, struct socket *newsock, if (!ssk) return -EINVAL; - pr_debug("ssk=%p, listener=%p", ssk, mptcp_subflow_ctx(ssk)); + pr_debug("ssk=%p, listener=%p\n", ssk, mptcp_subflow_ctx(ssk)); newsk = inet_csk_accept(ssk, arg); if (!newsk) return arg->err; - pr_debug("newsk=%p, subflow is mptcp=%d", newsk, sk_is_mptcp(newsk)); + pr_debug("newsk=%p, subflow is mptcp=%d\n", newsk, sk_is_mptcp(newsk)); if (sk_is_mptcp(newsk)) { struct mptcp_subflow_context *subflow; struct sock *new_mptcp_sock; @@ -4005,7 +4005,7 @@ static __poll_t mptcp_poll(struct file *file, struct socket *sock, sock_poll_wait(file, sock, wait); state = inet_sk_state_load(sk); - pr_debug("msk=%p state=%d flags=%lx", msk, state, msk->flags); + pr_debug("msk=%p state=%d flags=%lx\n", msk, state, msk->flags); if (state == TCP_LISTEN) { struct sock *ssk = READ_ONCE(msk->first); diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h index a1c1b0ff1ce1..240d7c2ea551 100644 --- a/net/mptcp/protocol.h +++ b/net/mptcp/protocol.h @@ -1177,7 +1177,7 @@ static inline bool mptcp_check_fallback(const struct sock *sk) static inline void __mptcp_do_fallback(struct mptcp_sock *msk) { if (__mptcp_check_fallback(msk)) { - pr_debug("TCP fallback already done (msk=%p)", msk); + pr_debug("TCP fallback already done (msk=%p)\n", msk); return; } set_bit(MPTCP_FALLBACK_DONE, &msk->flags); @@ -1213,7 +1213,7 @@ static inline void mptcp_do_fallback(struct sock *ssk) } } -#define pr_fallback(a) pr_debug("%s:fallback to TCP (msk=%p)", __func__, a) +#define pr_fallback(a) pr_debug("%s:fallback to TCP (msk=%p)\n", __func__, a) static inline bool mptcp_check_infinite_map(struct sk_buff *skb) { diff --git a/net/mptcp/sched.c b/net/mptcp/sched.c index 4a7fd0508ad2..78ed508ebc1b 100644 --- a/net/mptcp/sched.c +++ b/net/mptcp/sched.c @@ -86,7 +86,7 @@ int mptcp_register_scheduler(struct mptcp_sched_ops *sched) list_add_tail_rcu(&sched->list, &mptcp_sched_list); spin_unlock(&mptcp_sched_list_lock); - pr_debug("%s registered", sched->name); + pr_debug("%s registered\n", sched->name); return 0; } @@ -118,7 +118,7 @@ int mptcp_init_sched(struct mptcp_sock *msk, if (msk->sched->init) msk->sched->init(msk); - pr_debug("sched=%s", msk->sched->name); + pr_debug("sched=%s\n", msk->sched->name); return 0; } diff --git a/net/mptcp/sockopt.c b/net/mptcp/sockopt.c index 2026a9a36f80..505445a9598f 100644 --- a/net/mptcp/sockopt.c +++ b/net/mptcp/sockopt.c @@ -873,7 +873,7 @@ int mptcp_setsockopt(struct sock *sk, int level, int optname, struct mptcp_sock *msk = mptcp_sk(sk); struct sock *ssk; - pr_debug("msk=%p", msk); + pr_debug("msk=%p\n", msk); if (level == SOL_SOCKET) return mptcp_setsockopt_sol_socket(msk, optname, optval, optlen); @@ -1453,7 +1453,7 @@ int mptcp_getsockopt(struct sock *sk, int level, int optname, struct mptcp_sock *msk = mptcp_sk(sk); struct sock *ssk; - pr_debug("msk=%p", msk); + pr_debug("msk=%p\n", msk); /* @@ the meaning of setsockopt() when the socket is connected and * there are multiple subflows is not yet defined. It is up to the diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index 4834e7fc2fb6..064ab3235893 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -39,7 +39,7 @@ static void subflow_req_destructor(struct request_sock *req) { struct mptcp_subflow_request_sock *subflow_req = mptcp_subflow_rsk(req); - pr_debug("subflow_req=%p", subflow_req); + pr_debug("subflow_req=%p\n", subflow_req); if (subflow_req->msk) sock_put((struct sock *)subflow_req->msk); @@ -146,7 +146,7 @@ static int subflow_check_req(struct request_sock *req, struct mptcp_options_received mp_opt; bool opt_mp_capable, opt_mp_join; - pr_debug("subflow_req=%p, listener=%p", subflow_req, listener); + pr_debug("subflow_req=%p, listener=%p\n", subflow_req, listener); #ifdef CONFIG_TCP_MD5SIG /* no MPTCP if MD5SIG is enabled on this socket or we may run out of @@ -221,7 +221,7 @@ static int subflow_check_req(struct request_sock *req, } if (subflow_use_different_sport(subflow_req->msk, sk_listener)) { - pr_debug("syn inet_sport=%d %d", + pr_debug("syn inet_sport=%d %d\n", ntohs(inet_sk(sk_listener)->inet_sport), ntohs(inet_sk((struct sock *)subflow_req->msk)->inet_sport)); if (!mptcp_pm_sport_in_anno_list(subflow_req->msk, sk_listener)) { @@ -243,7 +243,7 @@ static int subflow_check_req(struct request_sock *req, subflow_init_req_cookie_join_save(subflow_req, skb); } - pr_debug("token=%u, remote_nonce=%u msk=%p", subflow_req->token, + pr_debug("token=%u, remote_nonce=%u msk=%p\n", subflow_req->token, subflow_req->remote_nonce, subflow_req->msk); } @@ -527,7 +527,7 @@ static void subflow_finish_connect(struct sock *sk, const struct sk_buff *skb) subflow->rel_write_seq = 1; subflow->conn_finished = 1; subflow->ssn_offset = TCP_SKB_CB(skb)->seq; - pr_debug("subflow=%p synack seq=%x", subflow, subflow->ssn_offset); + pr_debug("subflow=%p synack seq=%x\n", subflow, subflow->ssn_offset); mptcp_get_options(skb, &mp_opt); if (subflow->request_mptcp) { @@ -559,7 +559,7 @@ static void subflow_finish_connect(struct sock *sk, const struct sk_buff *skb) subflow->thmac = mp_opt.thmac; subflow->remote_nonce = mp_opt.nonce; WRITE_ONCE(subflow->remote_id, mp_opt.join_id); - pr_debug("subflow=%p, thmac=%llu, remote_nonce=%u backup=%d", + pr_debug("subflow=%p, thmac=%llu, remote_nonce=%u backup=%d\n", subflow, subflow->thmac, subflow->remote_nonce, subflow->backup); @@ -585,7 +585,7 @@ static void subflow_finish_connect(struct sock *sk, const struct sk_buff *skb) MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_JOINSYNACKBACKUPRX); if (subflow_use_different_dport(msk, sk)) { - pr_debug("synack inet_dport=%d %d", + pr_debug("synack inet_dport=%d %d\n", ntohs(inet_sk(sk)->inet_dport), ntohs(inet_sk(parent)->inet_dport)); MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_JOINPORTSYNACKRX); @@ -655,7 +655,7 @@ static int subflow_v4_conn_request(struct sock *sk, struct sk_buff *skb) { struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(sk); - pr_debug("subflow=%p", subflow); + pr_debug("subflow=%p\n", subflow); /* Never answer to SYNs sent to broadcast or multicast */ if (skb_rtable(skb)->rt_flags & (RTCF_BROADCAST | RTCF_MULTICAST)) @@ -686,7 +686,7 @@ static int subflow_v6_conn_request(struct sock *sk, struct sk_buff *skb) { struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(sk); - pr_debug("subflow=%p", subflow); + pr_debug("subflow=%p\n", subflow); if (skb->protocol == htons(ETH_P_IP)) return subflow_v4_conn_request(sk, skb); @@ -807,7 +807,7 @@ static struct sock *subflow_syn_recv_sock(const struct sock *sk, struct mptcp_sock *owner; struct sock *child; - pr_debug("listener=%p, req=%p, conn=%p", listener, req, listener->conn); + pr_debug("listener=%p, req=%p, conn=%p\n", listener, req, listener->conn); /* After child creation we must look for MPC even when options * are not parsed @@ -898,7 +898,7 @@ static struct sock *subflow_syn_recv_sock(const struct sock *sk, ctx->conn = (struct sock *)owner; if (subflow_use_different_sport(owner, sk)) { - pr_debug("ack inet_sport=%d %d", + pr_debug("ack inet_sport=%d %d\n", ntohs(inet_sk(sk)->inet_sport), ntohs(inet_sk((struct sock *)owner)->inet_sport)); if (!mptcp_pm_sport_in_anno_list(owner, sk)) { @@ -961,7 +961,7 @@ enum mapping_status { static void dbg_bad_map(struct mptcp_subflow_context *subflow, u32 ssn) { - pr_debug("Bad mapping: ssn=%d map_seq=%d map_data_len=%d", + pr_debug("Bad mapping: ssn=%d map_seq=%d map_data_len=%d\n", ssn, subflow->map_subflow_seq, subflow->map_data_len); } @@ -1121,7 +1121,7 @@ static enum mapping_status get_mapping_status(struct sock *ssk, data_len = mpext->data_len; if (data_len == 0) { - pr_debug("infinite mapping received"); + pr_debug("infinite mapping received\n"); MPTCP_INC_STATS(sock_net(ssk), MPTCP_MIB_INFINITEMAPRX); subflow->map_data_len = 0; return MAPPING_INVALID; @@ -1133,7 +1133,7 @@ static enum mapping_status get_mapping_status(struct sock *ssk, if (data_len == 1) { bool updated = mptcp_update_rcv_data_fin(msk, mpext->data_seq, mpext->dsn64); - pr_debug("DATA_FIN with no payload seq=%llu", mpext->data_seq); + pr_debug("DATA_FIN with no payload seq=%llu\n", mpext->data_seq); if (subflow->map_valid) { /* A DATA_FIN might arrive in a DSS * option before the previous mapping @@ -1159,7 +1159,7 @@ static enum mapping_status get_mapping_status(struct sock *ssk, data_fin_seq &= GENMASK_ULL(31, 0); mptcp_update_rcv_data_fin(msk, data_fin_seq, mpext->dsn64); - pr_debug("DATA_FIN with mapping seq=%llu dsn64=%d", + pr_debug("DATA_FIN with mapping seq=%llu dsn64=%d\n", data_fin_seq, mpext->dsn64); /* Adjust for DATA_FIN using 1 byte of sequence space */ @@ -1205,7 +1205,7 @@ static enum mapping_status get_mapping_status(struct sock *ssk, if (unlikely(subflow->map_csum_reqd != csum_reqd)) return MAPPING_INVALID; - pr_debug("new map seq=%llu subflow_seq=%u data_len=%u csum=%d:%u", + pr_debug("new map seq=%llu subflow_seq=%u data_len=%u csum=%d:%u\n", subflow->map_seq, subflow->map_subflow_seq, subflow->map_data_len, subflow->map_csum_reqd, subflow->map_data_csum); @@ -1240,7 +1240,7 @@ static void mptcp_subflow_discard_data(struct sock *ssk, struct sk_buff *skb, avail_len = skb->len - offset; incr = limit >= avail_len ? avail_len + fin : limit; - pr_debug("discarding=%d len=%d offset=%d seq=%d", incr, skb->len, + pr_debug("discarding=%d len=%d offset=%d seq=%d\n", incr, skb->len, offset, subflow->map_subflow_seq); MPTCP_INC_STATS(sock_net(ssk), MPTCP_MIB_DUPDATA); tcp_sk(ssk)->copied_seq += incr; @@ -1341,7 +1341,7 @@ static bool subflow_check_data_avail(struct sock *ssk) old_ack = READ_ONCE(msk->ack_seq); ack_seq = mptcp_subflow_get_mapped_dsn(subflow); - pr_debug("msk ack_seq=%llx subflow ack_seq=%llx", old_ack, + pr_debug("msk ack_seq=%llx subflow ack_seq=%llx\n", old_ack, ack_seq); if (unlikely(before64(ack_seq, old_ack))) { mptcp_subflow_discard_data(ssk, skb, old_ack - ack_seq); @@ -1413,7 +1413,7 @@ bool mptcp_subflow_data_available(struct sock *sk) subflow->map_valid = 0; WRITE_ONCE(subflow->data_avail, false); - pr_debug("Done with mapping: seq=%u data_len=%u", + pr_debug("Done with mapping: seq=%u data_len=%u\n", subflow->map_subflow_seq, subflow->map_data_len); } @@ -1523,7 +1523,7 @@ void mptcpv6_handle_mapped(struct sock *sk, bool mapped) target = mapped ? &subflow_v6m_specific : subflow_default_af_ops(sk); - pr_debug("subflow=%p family=%d ops=%p target=%p mapped=%d", + pr_debug("subflow=%p family=%d ops=%p target=%p mapped=%d\n", subflow, sk->sk_family, icsk->icsk_af_ops, target, mapped); if (likely(icsk->icsk_af_ops == target)) @@ -1616,7 +1616,7 @@ int __mptcp_subflow_connect(struct sock *sk, const struct mptcp_addr_info *loc, goto failed; mptcp_crypto_key_sha(subflow->remote_key, &remote_token, NULL); - pr_debug("msk=%p remote_token=%u local_id=%d remote_id=%d", msk, + pr_debug("msk=%p remote_token=%u local_id=%d remote_id=%d\n", msk, remote_token, local_id, remote_id); subflow->remote_token = remote_token; WRITE_ONCE(subflow->remote_id, remote_id); @@ -1751,7 +1751,7 @@ int mptcp_subflow_create_socket(struct sock *sk, unsigned short family, SOCK_INODE(sf)->i_gid = SOCK_INODE(sk->sk_socket)->i_gid; subflow = mptcp_subflow_ctx(sf->sk); - pr_debug("subflow=%p", subflow); + pr_debug("subflow=%p\n", subflow); *new_sock = sf; sock_hold(sk); @@ -1780,7 +1780,7 @@ static struct mptcp_subflow_context *subflow_create_ctx(struct sock *sk, INIT_LIST_HEAD(&ctx->node); INIT_LIST_HEAD(&ctx->delegated_node); - pr_debug("subflow=%p", ctx); + pr_debug("subflow=%p\n", ctx); ctx->tcp_sock = sk; WRITE_ONCE(ctx->local_id, -1); @@ -1931,7 +1931,7 @@ static int subflow_ulp_init(struct sock *sk) goto out; } - pr_debug("subflow=%p, family=%d", ctx, sk->sk_family); + pr_debug("subflow=%p, family=%d\n", ctx, sk->sk_family); tp->is_mptcp = 1; ctx->icsk_af_ops = icsk->icsk_af_ops;

1 year

2
1
0 0

FAILED: patch "[PATCH] mptcp: pm: avoid possible UaF when selecting endp" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 48e50dcbcbaaf713d82bf2da5c16aeced94ad07d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024082657-dealer-troubling-1332@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 48e50dcbcbaa ("mptcp: pm: avoid possible UaF when selecting endp") 85df533a787b ("mptcp: pm: do not ignore 'subflow' if 'signal' flag is also set") cd7c957f936f ("mptcp: pm: don't try to create sf if alloc failed") c95eb32ced82 ("mptcp: pm: reduce indentation blocks") 528cb5f2a1e8 ("mptcp: pass addr to mptcp_pm_alloc_anno_list") 77e4b94a3de6 ("mptcp: update userspace pm infos") 24430f8bf516 ("mptcp: add address into userspace pm list") b9d69db87fb7 ("mptcp: let the in-kernel PM use mixed IPv4 and IPv6 addresses") fb00ee4f3343 ("mptcp: netlink: respect v4/v6-only sockets") 80638684e840 ("mptcp: get sk from msk directly") 5ccecaec5c1e ("mptcp: fix locking in mptcp_nl_cmd_sf_destroy()") 76a13b315709 ("mptcp: invoke MP_FAIL response when needed") d9fb797046c5 ("mptcp: Do not traverse the subflow connection list without lock") d42f9e4e2384 ("mptcp: Check for orphaned subflow before handling MP_FAIL timer") d7e6f5836038 ("Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 48e50dcbcbaaf713d82bf2da5c16aeced94ad07d Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Mon, 19 Aug 2024 21:45:32 +0200 Subject: [PATCH] mptcp: pm: avoid possible UaF when selecting endp select_local_address() and select_signal_address() both select an endpoint entry from the list inside an RCU protected section, but return a reference to it, to be read later on. If the entry is dereferenced after the RCU unlock, reading info could cause a Use-after-Free. A simple solution is to copy the required info while inside the RCU protected section to avoid any risk of UaF later. The address ID might need to be modified later to handle the ID0 case later, so a copy seems OK to deal with. Reported-by: Paolo Abeni <pabeni(a)redhat.com> Closes: https://lore.kernel.org/45cd30d3-7710-491c-ae4d-a1368c00beb1@redhat.com Fixes: 01cacb00b35c ("mptcp: add netlink-based PM") Cc: stable(a)vger.kernel.org Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://patch.msgid.link/20240819-net-mptcp-pm-reusing-id-v1-14-38035d40de5… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c index a2e37ab1c40f..3e4ad801786f 100644 --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -143,11 +143,13 @@ static bool lookup_subflow_by_daddr(const struct list_head *list, return false; } -static struct mptcp_pm_addr_entry * +static bool select_local_address(const struct pm_nl_pernet *pernet, - const struct mptcp_sock *msk) + const struct mptcp_sock *msk, + struct mptcp_pm_addr_entry *new_entry) { - struct mptcp_pm_addr_entry *entry, *ret = NULL; + struct mptcp_pm_addr_entry *entry; + bool found = false; msk_owned_by_me(msk); @@ -159,17 +161,21 @@ select_local_address(const struct pm_nl_pernet *pernet, if (!test_bit(entry->addr.id, msk->pm.id_avail_bitmap)) continue; - ret = entry; + *new_entry = *entry; + found = true; break; } rcu_read_unlock(); - return ret; + + return found; } -static struct mptcp_pm_addr_entry * -select_signal_address(struct pm_nl_pernet *pernet, const struct mptcp_sock *msk) +static bool +select_signal_address(struct pm_nl_pernet *pernet, const struct mptcp_sock *msk, + struct mptcp_pm_addr_entry *new_entry) { - struct mptcp_pm_addr_entry *entry, *ret = NULL; + struct mptcp_pm_addr_entry *entry; + bool found = false; rcu_read_lock(); /* do not keep any additional per socket state, just signal @@ -184,11 +190,13 @@ select_signal_address(struct pm_nl_pernet *pernet, const struct mptcp_sock *msk) if (!(entry->flags & MPTCP_PM_ADDR_FLAG_SIGNAL)) continue; - ret = entry; + *new_entry = *entry; + found = true; break; } rcu_read_unlock(); - return ret; + + return found; } unsigned int mptcp_pm_get_add_addr_signal_max(const struct mptcp_sock *msk) @@ -512,9 +520,10 @@ __lookup_addr(struct pm_nl_pernet *pernet, const struct mptcp_addr_info *info) static void mptcp_pm_create_subflow_or_signal_addr(struct mptcp_sock *msk) { - struct mptcp_pm_addr_entry *local, *signal_and_subflow = NULL; struct sock *sk = (struct sock *)msk; + struct mptcp_pm_addr_entry local; unsigned int add_addr_signal_max; + bool signal_and_subflow = false; unsigned int local_addr_max; struct pm_nl_pernet *pernet; unsigned int subflows_max; @@ -565,23 +574,22 @@ static void mptcp_pm_create_subflow_or_signal_addr(struct mptcp_sock *msk) if (msk->pm.addr_signal & BIT(MPTCP_ADD_ADDR_SIGNAL)) return; - local = select_signal_address(pernet, msk); - if (!local) + if (!select_signal_address(pernet, msk, &local)) goto subflow; /* If the alloc fails, we are on memory pressure, not worth * continuing, and trying to create subflows. */ - if (!mptcp_pm_alloc_anno_list(msk, &local->addr)) + if (!mptcp_pm_alloc_anno_list(msk, &local.addr)) return; - __clear_bit(local->addr.id, msk->pm.id_avail_bitmap); + __clear_bit(local.addr.id, msk->pm.id_avail_bitmap); msk->pm.add_addr_signaled++; - mptcp_pm_announce_addr(msk, &local->addr, false); + mptcp_pm_announce_addr(msk, &local.addr, false); mptcp_pm_nl_addr_send_ack(msk); - if (local->flags & MPTCP_PM_ADDR_FLAG_SUBFLOW) - signal_and_subflow = local; + if (local.flags & MPTCP_PM_ADDR_FLAG_SUBFLOW) + signal_and_subflow = true; } subflow: @@ -592,26 +600,22 @@ static void mptcp_pm_create_subflow_or_signal_addr(struct mptcp_sock *msk) bool fullmesh; int i, nr; - if (signal_and_subflow) { - local = signal_and_subflow; - signal_and_subflow = NULL; - } else { - local = select_local_address(pernet, msk); - if (!local) - break; - } + if (signal_and_subflow) + signal_and_subflow = false; + else if (!select_local_address(pernet, msk, &local)) + break; - fullmesh = !!(local->flags & MPTCP_PM_ADDR_FLAG_FULLMESH); + fullmesh = !!(local.flags & MPTCP_PM_ADDR_FLAG_FULLMESH); msk->pm.local_addr_used++; - __clear_bit(local->addr.id, msk->pm.id_avail_bitmap); - nr = fill_remote_addresses_vec(msk, &local->addr, fullmesh, addrs); + __clear_bit(local.addr.id, msk->pm.id_avail_bitmap); + nr = fill_remote_addresses_vec(msk, &local.addr, fullmesh, addrs); if (nr == 0) continue; spin_unlock_bh(&msk->pm.lock); for (i = 0; i < nr; i++) - __mptcp_subflow_connect(sk, &local->addr, &addrs[i]); + __mptcp_subflow_connect(sk, &local.addr, &addrs[i]); spin_lock_bh(&msk->pm.lock); } mptcp_pm_nl_check_work_pending(msk);

1 year

2
2
0 0

FAILED: patch "[PATCH] mptcp: pm: fullmesh: select the right ID later" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 09355f7abb9fbfc1a240be029837921ea417bf4f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024082641-cauterize-slum-9eb2@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 09355f7abb9f ("mptcp: pm: fullmesh: select the right ID later") b9d69db87fb7 ("mptcp: let the in-kernel PM use mixed IPv4 and IPv6 addresses") 837cf45df163 ("mptcp: fix race in incoming ADD_ADDR option processing") a88c9e496937 ("mptcp: do not block subflows creation on errors") 86e39e04482b ("mptcp: keep track of local endpoint still available for each msk") f7d6a237d742 ("mptcp: fix per socket endpoint accounting") b29fcfb54cd7 ("mptcp: full disconnect implementation") 59060a47ca50 ("mptcp: clean up harmless false expressions") 3ce0852c86b9 ("mptcp: enforce HoL-blocking estimation") 6511882cdd82 ("mptcp: allocate fwd memory separately on the rx and tx path") 765ff425528f ("mptcp: use lockdep_assert_held_once() instead of open-coding it") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 09355f7abb9fbfc1a240be029837921ea417bf4f Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Mon, 19 Aug 2024 21:45:30 +0200 Subject: [PATCH] mptcp: pm: fullmesh: select the right ID later When reacting upon the reception of an ADD_ADDR, the in-kernel PM first looks for fullmesh endpoints. If there are some, it will pick them, using their entry ID. It should set the ID 0 when using the endpoint corresponding to the initial subflow, it is a special case imposed by the MPTCP specs. Note that msk->mpc_endpoint_id might not be set when receiving the first ADD_ADDR from the server. So better to compare the addresses. Fixes: 1a0d6136c5f0 ("mptcp: local addresses fullmesh") Cc: stable(a)vger.kernel.org Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://patch.msgid.link/20240819-net-mptcp-pm-reusing-id-v1-12-38035d40de5… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c index d0a80f537fc3..a2e37ab1c40f 100644 --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -636,6 +636,7 @@ static unsigned int fill_local_addresses_vec(struct mptcp_sock *msk, { struct sock *sk = (struct sock *)msk; struct mptcp_pm_addr_entry *entry; + struct mptcp_addr_info mpc_addr; struct pm_nl_pernet *pernet; unsigned int subflows_max; int i = 0; @@ -643,6 +644,8 @@ static unsigned int fill_local_addresses_vec(struct mptcp_sock *msk, pernet = pm_nl_get_pernet_from_msk(msk); subflows_max = mptcp_pm_get_subflows_max(msk); + mptcp_local_address((struct sock_common *)msk, &mpc_addr); + rcu_read_lock(); list_for_each_entry_rcu(entry, &pernet->local_addr_list, list) { if (!(entry->flags & MPTCP_PM_ADDR_FLAG_FULLMESH)) @@ -653,7 +656,13 @@ static unsigned int fill_local_addresses_vec(struct mptcp_sock *msk, if (msk->pm.subflows < subflows_max) { msk->pm.subflows++; - addrs[i++] = entry->addr; + addrs[i] = entry->addr; + + /* Special case for ID0: set the correct ID */ + if (mptcp_addresses_equal(&entry->addr, &mpc_addr, entry->addr.port)) + addrs[i].id = 0; + + i++; } } rcu_read_unlock();

1 year

2
1
0 0

FAILED: patch "[PATCH] mptcp: pm: check add_addr_accept_max before accepting new" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 0137a3c7c2ea3f9df8ebfc65d78b4ba712a187bb # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024082608-cornmeal-stoop-7021@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 0137a3c7c2ea ("mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR") 1c1f72137598 ("mptcp: pm: only decrement add_addr_accepted for MPJ req") 322ea3778965 ("mptcp: pm: only mark 'subflow' endp as available") f448451aa62d ("mptcp: pm: remove mptcp_pm_remove_subflow()") ef34a6ea0cab ("mptcp: pm: re-using ID of unused flushed subflows") edd8b5d868a4 ("mptcp: pm: re-using ID of unused removed subflows") 4b317e0eb287 ("mptcp: fix NL PM announced address accounting") 6a09788c1a66 ("mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID") 9bbec87ecfe8 ("mptcp: unify pm get_local_id interfaces") dc886bce753c ("mptcp: export local_address") 8b1c94da1e48 ("mptcp: only send RM_ADDR in nl_cmd_remove") 3ad14f54bd74 ("mptcp: more accurate MPC endpoint tracking") c157bbe776b7 ("mptcp: allow the in kernel PM to set MPC subflow priority") 843b5e75efff ("mptcp: fix local endpoint accounting") d9a4594edabf ("mptcp: netlink: Add MPTCP_PM_CMD_REMOVE") 9ab4807c84a4 ("mptcp: netlink: Add MPTCP_PM_CMD_ANNOUNCE") 982f17ba1a25 ("mptcp: netlink: split mptcp_pm_parse_addr into two functions") 8b20137012d9 ("mptcp: read attributes of addr entries managed by userspace PMs") 4638de5aefe5 ("mptcp: handle local addrs announced by userspace PMs") 4d25247d3ae4 ("mptcp: bypass in-kernel PM restrictions for non-kernel PMs") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0137a3c7c2ea3f9df8ebfc65d78b4ba712a187bb Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Mon, 19 Aug 2024 21:45:28 +0200 Subject: [PATCH] mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR The limits might have changed in between, it is best to check them before accepting new ADD_ADDR. Fixes: d0876b2284cf ("mptcp: add the incoming RM_ADDR support") Cc: stable(a)vger.kernel.org Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://patch.msgid.link/20240819-net-mptcp-pm-reusing-id-v1-10-38035d40de5… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c index 882781571c7b..28a9a3726146 100644 --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -848,8 +848,8 @@ static void mptcp_pm_nl_rm_addr_or_subflow(struct mptcp_sock *msk, /* Note: if the subflow has been closed before, this * add_addr_accepted counter will not be decremented. */ - msk->pm.add_addr_accepted--; - WRITE_ONCE(msk->pm.accept_addr, true); + if (--msk->pm.add_addr_accepted < mptcp_pm_get_add_addr_accept_max(msk)) + WRITE_ONCE(msk->pm.accept_addr, true); } } }

1 year

2
1
0 0

FAILED: patch "[PATCH] mptcp: pm: only decrement add_addr_accepted for MPJ req" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 1c1f721375989579e46741f59523e39ec9b2a9bd # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024082652-polka-escapist-f8f8@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 1c1f72137598 ("mptcp: pm: only decrement add_addr_accepted for MPJ req") 6a09788c1a66 ("mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID") 3ad14f54bd74 ("mptcp: more accurate MPC endpoint tracking") c157bbe776b7 ("mptcp: allow the in kernel PM to set MPC subflow priority") 843b5e75efff ("mptcp: fix local endpoint accounting") 4638de5aefe5 ("mptcp: handle local addrs announced by userspace PMs") 4d25247d3ae4 ("mptcp: bypass in-kernel PM restrictions for non-kernel PMs") 14b06811bec6 ("mptcp: Bypass kernel PM when userspace PM is enabled") 0530020a7c8f ("mptcp: track and update contiguous data status") 0348c690ed37 ("mptcp: add the fallback check") 1761fed25678 ("mptcp: don't send RST for single subflow") c682bf536cf4 ("mptcp: add pm_nl_pernet helpers") ae7bd9ccecc3 ("selftests: mptcp: join: option to execute specific tests") e59300ce3ff8 ("selftests: mptcp: join: reset failing links") 3afd0280e7d3 ("selftests: mptcp: join: define tests groups once") 3c082695e78b ("selftests: mptcp: drop msg argument of chk_csum_nr") 69c6ce7b6eca ("selftests: mptcp: add implicit endpoint test case") 4cf86ae84c71 ("mptcp: strict local address ID selection") d045b9eb95a9 ("mptcp: introduce implicit endpoints") 6fa0174a7c86 ("mptcp: more careful RM_ADDR generation") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1c1f721375989579e46741f59523e39ec9b2a9bd Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Mon, 19 Aug 2024 21:45:27 +0200 Subject: [PATCH] mptcp: pm: only decrement add_addr_accepted for MPJ req Adding the following warning ... WARN_ON_ONCE(msk->pm.add_addr_accepted == 0) ... before decrementing the add_addr_accepted counter helped to find a bug when running the "remove single subflow" subtest from the mptcp_join.sh selftest. Removing a 'subflow' endpoint will first trigger a RM_ADDR, then the subflow closure. Before this patch, and upon the reception of the RM_ADDR, the other peer will then try to decrement this add_addr_accepted. That's not correct because the attached subflows have not been created upon the reception of an ADD_ADDR. A way to solve that is to decrement the counter only if the attached subflow was an MP_JOIN to a remote id that was not 0, and initiated by the host receiving the RM_ADDR. Fixes: d0876b2284cf ("mptcp: add the incoming RM_ADDR support") Cc: stable(a)vger.kernel.org Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://patch.msgid.link/20240819-net-mptcp-pm-reusing-id-v1-9-38035d40de5b… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c index 4cf7cc851f80..882781571c7b 100644 --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -829,7 +829,7 @@ static void mptcp_pm_nl_rm_addr_or_subflow(struct mptcp_sock *msk, mptcp_close_ssk(sk, ssk, subflow); spin_lock_bh(&msk->pm.lock); - removed = true; + removed |= subflow->request_join; if (rm_type == MPTCP_MIB_RMSUBFLOW) __MPTCP_INC_STATS(sock_net(sk), rm_type); } @@ -843,7 +843,11 @@ static void mptcp_pm_nl_rm_addr_or_subflow(struct mptcp_sock *msk, if (!mptcp_pm_is_kernel(msk)) continue; - if (rm_type == MPTCP_MIB_RMADDR) { + if (rm_type == MPTCP_MIB_RMADDR && rm_id && + !WARN_ON_ONCE(msk->pm.add_addr_accepted == 0)) { + /* Note: if the subflow has been closed before, this + * add_addr_accepted counter will not be decremented. + */ msk->pm.add_addr_accepted--; WRITE_ONCE(msk->pm.accept_addr, true); }

1 year

2
1
0 0

FAILED: patch "[PATCH] selftests: mptcp: join: validate fullmesh endp on 1st sf" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 4878f9f8421f4587bee7b232c1c8a9d3a7d4d782 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024082646-slang-phoniness-d213@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 4878f9f8421f ("selftests: mptcp: join: validate fullmesh endp on 1st sf") e571fb09c893 ("selftests: mptcp: add speed env var") 4aadde088a58 ("selftests: mptcp: add fullmesh env var") 080b7f5733fd ("selftests: mptcp: add fastclose env var") 662aa22d7dcd ("selftests: mptcp: set all env vars as local ones") 9e9d176df8e9 ("selftests: mptcp: add pm_nl_set_endpoint helper") 1534f87ee0dc ("selftests: mptcp: drop sflags parameter") 595ef566a2ef ("selftests: mptcp: drop addr_nr_ns1/2 parameters") 0c93af1f8907 ("selftests: mptcp: drop test_linkfail parameter") be7e9786c915 ("selftests: mptcp: set FAILING_LINKS in run_tests") 4369c198e599 ("selftests: mptcp: test userspace pm out of transfer") ae947bb2c253 ("selftests: mptcp: join: skip Fastclose tests if not supported") d4c81bbb8600 ("selftests: mptcp: join: support local endpoint being tracked or not") 4a0b866a3f7d ("selftests: mptcp: join: skip test if iptables/tc cmds fail") 0c4cd3f86a40 ("selftests: mptcp: join: use 'iptables-legacy' if available") 6c160b636c91 ("selftests: mptcp: update userspace pm subflow tests") 48d73f609dcc ("selftests: mptcp: update userspace pm addr tests") 8697a258ae24 ("Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4878f9f8421f4587bee7b232c1c8a9d3a7d4d782 Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Mon, 19 Aug 2024 21:45:31 +0200 Subject: [PATCH] selftests: mptcp: join: validate fullmesh endp on 1st sf This case was not covered, and the wrong ID was set before the previous commit. The rest is not modified, it is just that it will increase the code coverage. The right address ID can be verified by looking at the packet traces. We could automate that using Netfilter with some cBPF code for example, but that's always a bit cryptic. Packetdrill seems better fitted for that. Fixes: 4f49d63352da ("selftests: mptcp: add fullmesh testcases") Cc: stable(a)vger.kernel.org Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://patch.msgid.link/20240819-net-mptcp-pm-reusing-id-v1-13-38035d40de5… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/tools/testing/selftests/net/mptcp/mptcp_join.sh b/tools/testing/selftests/net/mptcp/mptcp_join.sh index f609c02c6123..89e553e0e0c2 100755 --- a/tools/testing/selftests/net/mptcp/mptcp_join.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_join.sh @@ -3059,6 +3059,7 @@ fullmesh_tests() pm_nl_set_limits $ns1 1 3 pm_nl_set_limits $ns2 1 3 pm_nl_add_endpoint $ns1 10.0.2.1 flags signal + pm_nl_add_endpoint $ns2 10.0.1.2 flags subflow,fullmesh fullmesh=1 speed=slow \ run_tests $ns1 $ns2 10.0.1.1 chk_join_nr 3 3 3

1 year

2
1
0 0

FAILED: patch "[PATCH] selftests: mptcp: join: check re-re-adding ID 0 signal" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x f18fa2abf81099d822d842a107f8c9889c86043c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024083034-parched-driller-96e5@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: f18fa2abf810 ("selftests: mptcp: join: check re-re-adding ID 0 signal") 20ccc7c5f7a3 ("selftests: mptcp: join: validate event numbers") d397d7246c11 ("selftests: mptcp: join: check re-re-adding ID 0 endp") 1c2326fcae4f ("selftests: mptcp: join: check re-adding init endp with != id") 5f94b08c0012 ("selftests: mptcp: join: check removing ID 0 endpoint") 65fb58afa341 ("selftests: mptcp: join: check re-using ID of closed subflow") a13d5aad4dd9 ("selftests: mptcp: join: check re-using ID of unused ADD_ADDR") b5e2fb832f48 ("selftests: mptcp: add explicit test case for remove/readd") 40061817d95b ("selftests: mptcp: join: fix dev in check_endpoint") 23a0485d1c04 ("selftests: mptcp: declare event macros in mptcp_lib") 35bc143a8514 ("selftests: mptcp: add mptcp_lib_events helper") 3a0f9bed3c28 ("selftests: mptcp: add mptcp_lib_ns_init/exit helpers") 3fb8c33ef4b9 ("selftests: mptcp: add mptcp_lib_check_tools helper") 7c2eac649054 ("selftests: mptcp: stop forcing iptables-legacy") 4cc5cc7ca052 ("selftests: mptcp: userspace pm get addr tests") 38f027fca1b7 ("selftests: mptcp: dump userspace addrs list") 2d0c1d27ea4e ("selftests: mptcp: add mptcp_lib_check_output helper") 9480f388a2ef ("selftests: mptcp: join: add ss mptcp support check") 7092dbee2328 ("selftests: mptcp: rm subflow with v4/v4mapped addr") 04b57c9e096a ("selftests: mptcp: join: stop transfer when check is done (part 2)") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f18fa2abf81099d822d842a107f8c9889c86043c Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Wed, 28 Aug 2024 08:14:38 +0200 Subject: [PATCH] selftests: mptcp: join: check re-re-adding ID 0 signal This test extends "delete re-add signal" to validate the previous commit: when the 'signal' endpoint linked to the initial subflow (ID 0) is re-added multiple times, it will re-send the ADD_ADDR with id 0. The client should still be able to re-create this subflow, even if the add_addr_accepted limit has been reached as this special address is not considered as a new address. The 'Fixes' tag here below is the same as the one from the previous commit: this patch here is not fixing anything wrong in the selftests, but it validates the previous fix for an issue introduced by this commit ID. Fixes: d0876b2284cf ("mptcp: add the incoming RM_ADDR support") Cc: stable(a)vger.kernel.org Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> diff --git a/tools/testing/selftests/net/mptcp/mptcp_join.sh b/tools/testing/selftests/net/mptcp/mptcp_join.sh index a8ea0fe200fb..a4762c49a878 100755 --- a/tools/testing/selftests/net/mptcp/mptcp_join.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_join.sh @@ -3688,7 +3688,7 @@ endpoint_tests() # broadcast IP: no packet for this address will be received on ns1 pm_nl_add_endpoint $ns1 224.0.0.1 id 2 flags signal pm_nl_add_endpoint $ns1 10.0.1.1 id 42 flags signal - test_linkfail=4 speed=20 \ + test_linkfail=4 speed=5 \ run_tests $ns1 $ns2 10.0.1.1 & local tests_pid=$! @@ -3717,7 +3717,17 @@ endpoint_tests() pm_nl_add_endpoint $ns1 10.0.1.1 id 99 flags signal wait_mpj $ns2 - chk_subflow_nr "after re-add" 3 + chk_subflow_nr "after re-add ID 0" 3 + chk_mptcp_info subflows 3 subflows 3 + + pm_nl_del_endpoint $ns1 99 10.0.1.1 + sleep 0.5 + chk_subflow_nr "after re-delete ID 0" 2 + chk_mptcp_info subflows 2 subflows 2 + + pm_nl_add_endpoint $ns1 10.0.1.1 id 88 flags signal + wait_mpj $ns2 + chk_subflow_nr "after re-re-add ID 0" 3 chk_mptcp_info subflows 3 subflows 3 mptcp_lib_kill_wait $tests_pid @@ -3727,19 +3737,19 @@ endpoint_tests() chk_evt_nr ns1 MPTCP_LIB_EVENT_ESTABLISHED 1 chk_evt_nr ns1 MPTCP_LIB_EVENT_ANNOUNCED 0 chk_evt_nr ns1 MPTCP_LIB_EVENT_REMOVED 0 - chk_evt_nr ns1 MPTCP_LIB_EVENT_SUB_ESTABLISHED 4 - chk_evt_nr ns1 MPTCP_LIB_EVENT_SUB_CLOSED 2 + chk_evt_nr ns1 MPTCP_LIB_EVENT_SUB_ESTABLISHED 5 + chk_evt_nr ns1 MPTCP_LIB_EVENT_SUB_CLOSED 3 chk_evt_nr ns2 MPTCP_LIB_EVENT_CREATED 1 chk_evt_nr ns2 MPTCP_LIB_EVENT_ESTABLISHED 1 - chk_evt_nr ns2 MPTCP_LIB_EVENT_ANNOUNCED 5 - chk_evt_nr ns2 MPTCP_LIB_EVENT_REMOVED 3 - chk_evt_nr ns2 MPTCP_LIB_EVENT_SUB_ESTABLISHED 4 - chk_evt_nr ns2 MPTCP_LIB_EVENT_SUB_CLOSED 2 + chk_evt_nr ns2 MPTCP_LIB_EVENT_ANNOUNCED 6 + chk_evt_nr ns2 MPTCP_LIB_EVENT_REMOVED 4 + chk_evt_nr ns2 MPTCP_LIB_EVENT_SUB_ESTABLISHED 5 + chk_evt_nr ns2 MPTCP_LIB_EVENT_SUB_CLOSED 3 - chk_join_nr 4 4 4 - chk_add_nr 5 5 - chk_rm_nr 3 2 invert + chk_join_nr 5 5 5 + chk_add_nr 6 6 + chk_rm_nr 4 3 invert fi # flush and re-add

1 year

2
1
0 0

FAILED: patch "[PATCH] selftests: mptcp: join: check re-re-adding ID 0 signal" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x f18fa2abf81099d822d842a107f8c9889c86043c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024083033-figure-spelling-0a00@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: f18fa2abf810 ("selftests: mptcp: join: check re-re-adding ID 0 signal") 20ccc7c5f7a3 ("selftests: mptcp: join: validate event numbers") d397d7246c11 ("selftests: mptcp: join: check re-re-adding ID 0 endp") 1c2326fcae4f ("selftests: mptcp: join: check re-adding init endp with != id") 5f94b08c0012 ("selftests: mptcp: join: check removing ID 0 endpoint") 65fb58afa341 ("selftests: mptcp: join: check re-using ID of closed subflow") a13d5aad4dd9 ("selftests: mptcp: join: check re-using ID of unused ADD_ADDR") b5e2fb832f48 ("selftests: mptcp: add explicit test case for remove/readd") 40061817d95b ("selftests: mptcp: join: fix dev in check_endpoint") 23a0485d1c04 ("selftests: mptcp: declare event macros in mptcp_lib") 35bc143a8514 ("selftests: mptcp: add mptcp_lib_events helper") 3a0f9bed3c28 ("selftests: mptcp: add mptcp_lib_ns_init/exit helpers") 3fb8c33ef4b9 ("selftests: mptcp: add mptcp_lib_check_tools helper") 7c2eac649054 ("selftests: mptcp: stop forcing iptables-legacy") 4cc5cc7ca052 ("selftests: mptcp: userspace pm get addr tests") 38f027fca1b7 ("selftests: mptcp: dump userspace addrs list") 2d0c1d27ea4e ("selftests: mptcp: add mptcp_lib_check_output helper") 9480f388a2ef ("selftests: mptcp: join: add ss mptcp support check") 7092dbee2328 ("selftests: mptcp: rm subflow with v4/v4mapped addr") 04b57c9e096a ("selftests: mptcp: join: stop transfer when check is done (part 2)") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f18fa2abf81099d822d842a107f8c9889c86043c Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Wed, 28 Aug 2024 08:14:38 +0200 Subject: [PATCH] selftests: mptcp: join: check re-re-adding ID 0 signal This test extends "delete re-add signal" to validate the previous commit: when the 'signal' endpoint linked to the initial subflow (ID 0) is re-added multiple times, it will re-send the ADD_ADDR with id 0. The client should still be able to re-create this subflow, even if the add_addr_accepted limit has been reached as this special address is not considered as a new address. The 'Fixes' tag here below is the same as the one from the previous commit: this patch here is not fixing anything wrong in the selftests, but it validates the previous fix for an issue introduced by this commit ID. Fixes: d0876b2284cf ("mptcp: add the incoming RM_ADDR support") Cc: stable(a)vger.kernel.org Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> diff --git a/tools/testing/selftests/net/mptcp/mptcp_join.sh b/tools/testing/selftests/net/mptcp/mptcp_join.sh index a8ea0fe200fb..a4762c49a878 100755 --- a/tools/testing/selftests/net/mptcp/mptcp_join.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_join.sh @@ -3688,7 +3688,7 @@ endpoint_tests() # broadcast IP: no packet for this address will be received on ns1 pm_nl_add_endpoint $ns1 224.0.0.1 id 2 flags signal pm_nl_add_endpoint $ns1 10.0.1.1 id 42 flags signal - test_linkfail=4 speed=20 \ + test_linkfail=4 speed=5 \ run_tests $ns1 $ns2 10.0.1.1 & local tests_pid=$! @@ -3717,7 +3717,17 @@ endpoint_tests() pm_nl_add_endpoint $ns1 10.0.1.1 id 99 flags signal wait_mpj $ns2 - chk_subflow_nr "after re-add" 3 + chk_subflow_nr "after re-add ID 0" 3 + chk_mptcp_info subflows 3 subflows 3 + + pm_nl_del_endpoint $ns1 99 10.0.1.1 + sleep 0.5 + chk_subflow_nr "after re-delete ID 0" 2 + chk_mptcp_info subflows 2 subflows 2 + + pm_nl_add_endpoint $ns1 10.0.1.1 id 88 flags signal + wait_mpj $ns2 + chk_subflow_nr "after re-re-add ID 0" 3 chk_mptcp_info subflows 3 subflows 3 mptcp_lib_kill_wait $tests_pid @@ -3727,19 +3737,19 @@ endpoint_tests() chk_evt_nr ns1 MPTCP_LIB_EVENT_ESTABLISHED 1 chk_evt_nr ns1 MPTCP_LIB_EVENT_ANNOUNCED 0 chk_evt_nr ns1 MPTCP_LIB_EVENT_REMOVED 0 - chk_evt_nr ns1 MPTCP_LIB_EVENT_SUB_ESTABLISHED 4 - chk_evt_nr ns1 MPTCP_LIB_EVENT_SUB_CLOSED 2 + chk_evt_nr ns1 MPTCP_LIB_EVENT_SUB_ESTABLISHED 5 + chk_evt_nr ns1 MPTCP_LIB_EVENT_SUB_CLOSED 3 chk_evt_nr ns2 MPTCP_LIB_EVENT_CREATED 1 chk_evt_nr ns2 MPTCP_LIB_EVENT_ESTABLISHED 1 - chk_evt_nr ns2 MPTCP_LIB_EVENT_ANNOUNCED 5 - chk_evt_nr ns2 MPTCP_LIB_EVENT_REMOVED 3 - chk_evt_nr ns2 MPTCP_LIB_EVENT_SUB_ESTABLISHED 4 - chk_evt_nr ns2 MPTCP_LIB_EVENT_SUB_CLOSED 2 + chk_evt_nr ns2 MPTCP_LIB_EVENT_ANNOUNCED 6 + chk_evt_nr ns2 MPTCP_LIB_EVENT_REMOVED 4 + chk_evt_nr ns2 MPTCP_LIB_EVENT_SUB_ESTABLISHED 5 + chk_evt_nr ns2 MPTCP_LIB_EVENT_SUB_CLOSED 3 - chk_join_nr 4 4 4 - chk_add_nr 5 5 - chk_rm_nr 3 2 invert + chk_join_nr 5 5 5 + chk_add_nr 6 6 + chk_rm_nr 4 3 invert fi # flush and re-add

1 year

2
1
0 0

FAILED: patch "[PATCH] selftests: mptcp: join: no extra msg if no counter" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 76a2d8394cc183df872adf04bf636eaf42746449 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024083034-chummy-removed-157c@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 76a2d8394cc1 ("selftests: mptcp: join: no extra msg if no counter") e7c42bf4d320 ("selftests: mptcp: use += operator to append strings") e3aae1098f10 ("selftests: mptcp: connect: fix shellcheck warnings") 61c131f5d4d2 ("selftests: mptcp: add mptcp_lib_get_counter") b850f2c7dd85 ("selftests: mptcp: add mptcp_lib_is_v6") bdbef0a6ff10 ("selftests: mptcp: add mptcp_lib_kill_wait") 757c828ce949 ("selftests: mptcp: update userspace pm test helpers") 80775412882e ("selftests: mptcp: add chk_subflows_total helper") 06848c0f341e ("selftests: mptcp: add evts_get_info helper") 629b35a225b0 ("selftests: mptcp: display simult in extra_msg") 9168ea02b898 ("selftests: mptcp: fix wait_rm_addr/sf parameters") 4d016ae42efb ("Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 76a2d8394cc183df872adf04bf636eaf42746449 Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Wed, 28 Aug 2024 08:14:31 +0200 Subject: [PATCH] selftests: mptcp: join: no extra msg if no counter The checksum and fail counters might not be available. Then no need to display an extra message with missing info. While at it, fix the indentation around, which is wrong since the same commit. Fixes: 47867f0a7e83 ("selftests: mptcp: join: skip check if MIB counter not supported") Cc: stable(a)vger.kernel.org Reviewed-by: Geliang Tang <geliang(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> diff --git a/tools/testing/selftests/net/mptcp/mptcp_join.sh b/tools/testing/selftests/net/mptcp/mptcp_join.sh index 75458ade32c7..a10714b6952f 100755 --- a/tools/testing/selftests/net/mptcp/mptcp_join.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_join.sh @@ -1112,26 +1112,26 @@ chk_csum_nr() print_check "sum" count=$(mptcp_lib_get_counter ${ns1} "MPTcpExtDataCsumErr") - if [ "$count" != "$csum_ns1" ]; then + if [ -n "$count" ] && [ "$count" != "$csum_ns1" ]; then extra_msg+=" ns1=$count" fi if [ -z "$count" ]; then print_skip elif { [ "$count" != $csum_ns1 ] && [ $allow_multi_errors_ns1 -eq 0 ]; } || - { [ "$count" -lt $csum_ns1 ] && [ $allow_multi_errors_ns1 -eq 1 ]; }; then + { [ "$count" -lt $csum_ns1 ] && [ $allow_multi_errors_ns1 -eq 1 ]; }; then fail_test "got $count data checksum error[s] expected $csum_ns1" else print_ok fi print_check "csum" count=$(mptcp_lib_get_counter ${ns2} "MPTcpExtDataCsumErr") - if [ "$count" != "$csum_ns2" ]; then + if [ -n "$count" ] && [ "$count" != "$csum_ns2" ]; then extra_msg+=" ns2=$count" fi if [ -z "$count" ]; then print_skip elif { [ "$count" != $csum_ns2 ] && [ $allow_multi_errors_ns2 -eq 0 ]; } || - { [ "$count" -lt $csum_ns2 ] && [ $allow_multi_errors_ns2 -eq 1 ]; }; then + { [ "$count" -lt $csum_ns2 ] && [ $allow_multi_errors_ns2 -eq 1 ]; }; then fail_test "got $count data checksum error[s] expected $csum_ns2" else print_ok @@ -1169,13 +1169,13 @@ chk_fail_nr() print_check "ftx" count=$(mptcp_lib_get_counter ${ns_tx} "MPTcpExtMPFailTx") - if [ "$count" != "$fail_tx" ]; then + if [ -n "$count" ] && [ "$count" != "$fail_tx" ]; then extra_msg+=",tx=$count" fi if [ -z "$count" ]; then print_skip elif { [ "$count" != "$fail_tx" ] && [ $allow_tx_lost -eq 0 ]; } || - { [ "$count" -gt "$fail_tx" ] && [ $allow_tx_lost -eq 1 ]; }; then + { [ "$count" -gt "$fail_tx" ] && [ $allow_tx_lost -eq 1 ]; }; then fail_test "got $count MP_FAIL[s] TX expected $fail_tx" else print_ok @@ -1183,13 +1183,13 @@ chk_fail_nr() print_check "failrx" count=$(mptcp_lib_get_counter ${ns_rx} "MPTcpExtMPFailRx") - if [ "$count" != "$fail_rx" ]; then + if [ -n "$count" ] && [ "$count" != "$fail_rx" ]; then extra_msg+=",rx=$count" fi if [ -z "$count" ]; then print_skip elif { [ "$count" != "$fail_rx" ] && [ $allow_rx_lost -eq 0 ]; } || - { [ "$count" -gt "$fail_rx" ] && [ $allow_rx_lost -eq 1 ]; }; then + { [ "$count" -gt "$fail_rx" ] && [ $allow_rx_lost -eq 1 ]; }; then fail_test "got $count MP_FAIL[s] RX expected $fail_rx" else print_ok

1 year

2
1
0 0

FAILED: patch "[PATCH] selftests: mptcp: join: no extra msg if no counter" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 76a2d8394cc183df872adf04bf636eaf42746449 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024083034-turret-available-e570@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 76a2d8394cc1 ("selftests: mptcp: join: no extra msg if no counter") e7c42bf4d320 ("selftests: mptcp: use += operator to append strings") e3aae1098f10 ("selftests: mptcp: connect: fix shellcheck warnings") 61c131f5d4d2 ("selftests: mptcp: add mptcp_lib_get_counter") b850f2c7dd85 ("selftests: mptcp: add mptcp_lib_is_v6") bdbef0a6ff10 ("selftests: mptcp: add mptcp_lib_kill_wait") 757c828ce949 ("selftests: mptcp: update userspace pm test helpers") 80775412882e ("selftests: mptcp: add chk_subflows_total helper") 06848c0f341e ("selftests: mptcp: add evts_get_info helper") 629b35a225b0 ("selftests: mptcp: display simult in extra_msg") 9168ea02b898 ("selftests: mptcp: fix wait_rm_addr/sf parameters") 4d016ae42efb ("Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 76a2d8394cc183df872adf04bf636eaf42746449 Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Wed, 28 Aug 2024 08:14:31 +0200 Subject: [PATCH] selftests: mptcp: join: no extra msg if no counter The checksum and fail counters might not be available. Then no need to display an extra message with missing info. While at it, fix the indentation around, which is wrong since the same commit. Fixes: 47867f0a7e83 ("selftests: mptcp: join: skip check if MIB counter not supported") Cc: stable(a)vger.kernel.org Reviewed-by: Geliang Tang <geliang(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> diff --git a/tools/testing/selftests/net/mptcp/mptcp_join.sh b/tools/testing/selftests/net/mptcp/mptcp_join.sh index 75458ade32c7..a10714b6952f 100755 --- a/tools/testing/selftests/net/mptcp/mptcp_join.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_join.sh @@ -1112,26 +1112,26 @@ chk_csum_nr() print_check "sum" count=$(mptcp_lib_get_counter ${ns1} "MPTcpExtDataCsumErr") - if [ "$count" != "$csum_ns1" ]; then + if [ -n "$count" ] && [ "$count" != "$csum_ns1" ]; then extra_msg+=" ns1=$count" fi if [ -z "$count" ]; then print_skip elif { [ "$count" != $csum_ns1 ] && [ $allow_multi_errors_ns1 -eq 0 ]; } || - { [ "$count" -lt $csum_ns1 ] && [ $allow_multi_errors_ns1 -eq 1 ]; }; then + { [ "$count" -lt $csum_ns1 ] && [ $allow_multi_errors_ns1 -eq 1 ]; }; then fail_test "got $count data checksum error[s] expected $csum_ns1" else print_ok fi print_check "csum" count=$(mptcp_lib_get_counter ${ns2} "MPTcpExtDataCsumErr") - if [ "$count" != "$csum_ns2" ]; then + if [ -n "$count" ] && [ "$count" != "$csum_ns2" ]; then extra_msg+=" ns2=$count" fi if [ -z "$count" ]; then print_skip elif { [ "$count" != $csum_ns2 ] && [ $allow_multi_errors_ns2 -eq 0 ]; } || - { [ "$count" -lt $csum_ns2 ] && [ $allow_multi_errors_ns2 -eq 1 ]; }; then + { [ "$count" -lt $csum_ns2 ] && [ $allow_multi_errors_ns2 -eq 1 ]; }; then fail_test "got $count data checksum error[s] expected $csum_ns2" else print_ok @@ -1169,13 +1169,13 @@ chk_fail_nr() print_check "ftx" count=$(mptcp_lib_get_counter ${ns_tx} "MPTcpExtMPFailTx") - if [ "$count" != "$fail_tx" ]; then + if [ -n "$count" ] && [ "$count" != "$fail_tx" ]; then extra_msg+=",tx=$count" fi if [ -z "$count" ]; then print_skip elif { [ "$count" != "$fail_tx" ] && [ $allow_tx_lost -eq 0 ]; } || - { [ "$count" -gt "$fail_tx" ] && [ $allow_tx_lost -eq 1 ]; }; then + { [ "$count" -gt "$fail_tx" ] && [ $allow_tx_lost -eq 1 ]; }; then fail_test "got $count MP_FAIL[s] TX expected $fail_tx" else print_ok @@ -1183,13 +1183,13 @@ chk_fail_nr() print_check "failrx" count=$(mptcp_lib_get_counter ${ns_rx} "MPTcpExtMPFailRx") - if [ "$count" != "$fail_rx" ]; then + if [ -n "$count" ] && [ "$count" != "$fail_rx" ]; then extra_msg+=",rx=$count" fi if [ -z "$count" ]; then print_skip elif { [ "$count" != "$fail_rx" ] && [ $allow_rx_lost -eq 0 ]; } || - { [ "$count" -gt "$fail_rx" ] && [ $allow_rx_lost -eq 1 ]; }; then + { [ "$count" -gt "$fail_rx" ] && [ $allow_rx_lost -eq 1 ]; }; then fail_test "got $count MP_FAIL[s] RX expected $fail_rx" else print_ok

1 year

2
1
0 0

FAILED: patch "[PATCH] selftests: mptcp: join: validate event numbers" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 20ccc7c5f7a3aa48092441a4b182f9f40418392e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024083027-jimmy-rural-27a5@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 20ccc7c5f7a3 ("selftests: mptcp: join: validate event numbers") d397d7246c11 ("selftests: mptcp: join: check re-re-adding ID 0 endp") 1c2326fcae4f ("selftests: mptcp: join: check re-adding init endp with != id") 5f94b08c0012 ("selftests: mptcp: join: check removing ID 0 endpoint") 65fb58afa341 ("selftests: mptcp: join: check re-using ID of closed subflow") a13d5aad4dd9 ("selftests: mptcp: join: check re-using ID of unused ADD_ADDR") b5e2fb832f48 ("selftests: mptcp: add explicit test case for remove/readd") 40061817d95b ("selftests: mptcp: join: fix dev in check_endpoint") 23a0485d1c04 ("selftests: mptcp: declare event macros in mptcp_lib") 35bc143a8514 ("selftests: mptcp: add mptcp_lib_events helper") 3a0f9bed3c28 ("selftests: mptcp: add mptcp_lib_ns_init/exit helpers") 3fb8c33ef4b9 ("selftests: mptcp: add mptcp_lib_check_tools helper") 7c2eac649054 ("selftests: mptcp: stop forcing iptables-legacy") 4cc5cc7ca052 ("selftests: mptcp: userspace pm get addr tests") 38f027fca1b7 ("selftests: mptcp: dump userspace addrs list") 2d0c1d27ea4e ("selftests: mptcp: add mptcp_lib_check_output helper") 9480f388a2ef ("selftests: mptcp: join: add ss mptcp support check") 7092dbee2328 ("selftests: mptcp: rm subflow with v4/v4mapped addr") 04b57c9e096a ("selftests: mptcp: join: stop transfer when check is done (part 2)") 9369777c2939 ("selftests: mptcp: add mptcp_lib_wait_local_port_listen") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 20ccc7c5f7a3aa48092441a4b182f9f40418392e Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Wed, 28 Aug 2024 08:14:36 +0200 Subject: [PATCH] selftests: mptcp: join: validate event numbers This test extends "delete and re-add" and "delete re-add signal" to validate the previous commit: the number of MPTCP events are checked to make sure there are no duplicated or unexpected ones. A new helper has been introduced to easily check these events. The missing events have been added to the lib. The 'Fixes' tag here below is the same as the one from the previous commit: this patch here is not fixing anything wrong in the selftests, but it validates the previous fix for an issue introduced by this commit ID. Fixes: b911c97c7dc7 ("mptcp: add netlink event support") Cc: stable(a)vger.kernel.org Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> diff --git a/tools/testing/selftests/net/mptcp/mptcp_join.sh b/tools/testing/selftests/net/mptcp/mptcp_join.sh index 965b614e4b16..a8ea0fe200fb 100755 --- a/tools/testing/selftests/net/mptcp/mptcp_join.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_join.sh @@ -420,12 +420,17 @@ reset_with_fail() fi } +start_events() +{ + mptcp_lib_events "${ns1}" "${evts_ns1}" evts_ns1_pid + mptcp_lib_events "${ns2}" "${evts_ns2}" evts_ns2_pid +} + reset_with_events() { reset "${1}" || return 1 - mptcp_lib_events "${ns1}" "${evts_ns1}" evts_ns1_pid - mptcp_lib_events "${ns2}" "${evts_ns2}" evts_ns2_pid + start_events } reset_with_tcp_filter() @@ -3333,6 +3338,36 @@ userspace_pm_chk_get_addr() fi } +# $1: ns ; $2: event type ; $3: count +chk_evt_nr() +{ + local ns=${1} + local evt_name="${2}" + local exp="${3}" + + local evts="${evts_ns1}" + local evt="${!evt_name}" + local count + + evt_name="${evt_name:16}" # without MPTCP_LIB_EVENT_ + [ "${ns}" == "ns2" ] && evts="${evts_ns2}" + + print_check "event ${ns} ${evt_name} (${exp})" + + if [[ "${evt_name}" = "LISTENER_"* ]] && + ! mptcp_lib_kallsyms_has "mptcp_event_pm_listener$"; then + print_skip "event not supported" + return + fi + + count=$(grep -cw "type:${evt}" "${evts}") + if [ "${count}" != "${exp}" ]; then + fail_test "got ${count} events, expected ${exp}" + else + print_ok + fi +} + userspace_tests() { # userspace pm type prevents add_addr @@ -3572,6 +3607,7 @@ endpoint_tests() if reset_with_tcp_filter "delete and re-add" ns2 10.0.3.2 REJECT OUTPUT && mptcp_lib_kallsyms_has "subflow_rebuild_header$"; then + start_events pm_nl_set_limits $ns1 0 3 pm_nl_set_limits $ns2 0 3 pm_nl_add_endpoint $ns2 10.0.1.2 id 1 dev ns2eth1 flags subflow @@ -3623,12 +3659,28 @@ endpoint_tests() mptcp_lib_kill_wait $tests_pid + kill_events_pids + chk_evt_nr ns1 MPTCP_LIB_EVENT_LISTENER_CREATED 1 + chk_evt_nr ns1 MPTCP_LIB_EVENT_CREATED 1 + chk_evt_nr ns1 MPTCP_LIB_EVENT_ESTABLISHED 1 + chk_evt_nr ns1 MPTCP_LIB_EVENT_ANNOUNCED 0 + chk_evt_nr ns1 MPTCP_LIB_EVENT_REMOVED 4 + chk_evt_nr ns1 MPTCP_LIB_EVENT_SUB_ESTABLISHED 6 + chk_evt_nr ns1 MPTCP_LIB_EVENT_SUB_CLOSED 4 + + chk_evt_nr ns2 MPTCP_LIB_EVENT_CREATED 1 + chk_evt_nr ns2 MPTCP_LIB_EVENT_ESTABLISHED 1 + chk_evt_nr ns2 MPTCP_LIB_EVENT_ANNOUNCED 0 + chk_evt_nr ns2 MPTCP_LIB_EVENT_REMOVED 0 + chk_evt_nr ns2 MPTCP_LIB_EVENT_SUB_ESTABLISHED 6 + chk_evt_nr ns2 MPTCP_LIB_EVENT_SUB_CLOSED 5 # one has been closed before estab + chk_join_nr 6 6 6 chk_rm_nr 4 4 fi # remove and re-add - if reset "delete re-add signal" && + if reset_with_events "delete re-add signal" && mptcp_lib_kallsyms_has "subflow_rebuild_header$"; then pm_nl_set_limits $ns1 0 3 pm_nl_set_limits $ns2 3 3 @@ -3669,6 +3721,22 @@ endpoint_tests() chk_mptcp_info subflows 3 subflows 3 mptcp_lib_kill_wait $tests_pid + kill_events_pids + chk_evt_nr ns1 MPTCP_LIB_EVENT_LISTENER_CREATED 1 + chk_evt_nr ns1 MPTCP_LIB_EVENT_CREATED 1 + chk_evt_nr ns1 MPTCP_LIB_EVENT_ESTABLISHED 1 + chk_evt_nr ns1 MPTCP_LIB_EVENT_ANNOUNCED 0 + chk_evt_nr ns1 MPTCP_LIB_EVENT_REMOVED 0 + chk_evt_nr ns1 MPTCP_LIB_EVENT_SUB_ESTABLISHED 4 + chk_evt_nr ns1 MPTCP_LIB_EVENT_SUB_CLOSED 2 + + chk_evt_nr ns2 MPTCP_LIB_EVENT_CREATED 1 + chk_evt_nr ns2 MPTCP_LIB_EVENT_ESTABLISHED 1 + chk_evt_nr ns2 MPTCP_LIB_EVENT_ANNOUNCED 5 + chk_evt_nr ns2 MPTCP_LIB_EVENT_REMOVED 3 + chk_evt_nr ns2 MPTCP_LIB_EVENT_SUB_ESTABLISHED 4 + chk_evt_nr ns2 MPTCP_LIB_EVENT_SUB_CLOSED 2 + chk_join_nr 4 4 4 chk_add_nr 5 5 chk_rm_nr 3 2 invert diff --git a/tools/testing/selftests/net/mptcp/mptcp_lib.sh b/tools/testing/selftests/net/mptcp/mptcp_lib.sh index 438280e68434..4578a331041e 100644 --- a/tools/testing/selftests/net/mptcp/mptcp_lib.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_lib.sh @@ -12,10 +12,14 @@ readonly KSFT_SKIP=4 readonly KSFT_TEST="${MPTCP_LIB_KSFT_TEST:-$(basename "${0}" .sh)}" # These variables are used in some selftests, read-only +declare -rx MPTCP_LIB_EVENT_CREATED=1 # MPTCP_EVENT_CREATED +declare -rx MPTCP_LIB_EVENT_ESTABLISHED=2 # MPTCP_EVENT_ESTABLISHED +declare -rx MPTCP_LIB_EVENT_CLOSED=3 # MPTCP_EVENT_CLOSED declare -rx MPTCP_LIB_EVENT_ANNOUNCED=6 # MPTCP_EVENT_ANNOUNCED declare -rx MPTCP_LIB_EVENT_REMOVED=7 # MPTCP_EVENT_REMOVED declare -rx MPTCP_LIB_EVENT_SUB_ESTABLISHED=10 # MPTCP_EVENT_SUB_ESTABLISHED declare -rx MPTCP_LIB_EVENT_SUB_CLOSED=11 # MPTCP_EVENT_SUB_CLOSED +declare -rx MPTCP_LIB_EVENT_SUB_PRIORITY=13 # MPTCP_EVENT_SUB_PRIORITY declare -rx MPTCP_LIB_EVENT_LISTENER_CREATED=15 # MPTCP_EVENT_LISTENER_CREATED declare -rx MPTCP_LIB_EVENT_LISTENER_CLOSED=16 # MPTCP_EVENT_LISTENER_CLOSED

1 year

2
1
0 0

FAILED: patch "[PATCH] selftests: mptcp: join: check re-using ID of unused ADD_ADDR" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x a13d5aad4dd9a309eecdc33cfd75045bd5f376a3 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024082629-tapping-motivator-444a@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: a13d5aad4dd9 ("selftests: mptcp: join: check re-using ID of unused ADD_ADDR") b5e2fb832f48 ("selftests: mptcp: add explicit test case for remove/readd") ae7bd9ccecc3 ("selftests: mptcp: join: option to execute specific tests") e59300ce3ff8 ("selftests: mptcp: join: reset failing links") 3afd0280e7d3 ("selftests: mptcp: join: define tests groups once") 3c082695e78b ("selftests: mptcp: drop msg argument of chk_csum_nr") 69c6ce7b6eca ("selftests: mptcp: add implicit endpoint test case") d045b9eb95a9 ("mptcp: introduce implicit endpoints") 6fa0174a7c86 ("mptcp: more careful RM_ADDR generation") f98c2bca7b2b ("selftests: mptcp: Rename wait function") 826d7bdca833 ("selftests: mptcp: join: allow running -cCi") 7d9bf018f907 ("selftests: mptcp: update output info of chk_rm_nr") 26516e10c433 ("selftests: mptcp: add more arguments for chk_join_nr") 8117dac3e7c3 ("selftests: mptcp: add invert check in check_transfer") 01542c9bf9ab ("selftests: mptcp: add fastclose testcase") cbfafac4cf8f ("selftests: mptcp: add extra_args in do_transfer") 922fd2b39e5a ("selftests: mptcp: add the MP_RST mibs check") e8e947ef50f6 ("selftests: mptcp: add the MP_FASTCLOSE mibs check") 9a0a93672c14 ("selftests: mptcp: adjust output alignment for more tests") aaa25a2fa796 ("Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a13d5aad4dd9a309eecdc33cfd75045bd5f376a3 Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Mon, 19 Aug 2024 21:45:20 +0200 Subject: [PATCH] selftests: mptcp: join: check re-using ID of unused ADD_ADDR This test extends "delete re-add signal" to validate the previous commit. An extra address is announced by the server, but this address cannot be used by the client. The result is that no subflow will be established to this address. Later, the server will delete this extra endpoint, and set a new one, with a valid address, but re-using the same ID. Before the previous commit, the server would not have been able to announce this new address. While at it, extra checks have been added to validate the expected numbers of MPJ, ADD_ADDR and RM_ADDR. The 'Fixes' tag here below is the same as the one from the previous commit: this patch here is not fixing anything wrong in the selftests, but it validates the previous fix for an issue introduced by this commit ID. Fixes: b6c08380860b ("mptcp: remove addr and subflow in PM netlink") Cc: stable(a)vger.kernel.org Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://patch.msgid.link/20240819-net-mptcp-pm-reusing-id-v1-2-38035d40de5b… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/tools/testing/selftests/net/mptcp/mptcp_join.sh b/tools/testing/selftests/net/mptcp/mptcp_join.sh index 9ea6d698e9d3..25077ccf31d2 100755 --- a/tools/testing/selftests/net/mptcp/mptcp_join.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_join.sh @@ -3601,9 +3601,11 @@ endpoint_tests() # remove and re-add if reset "delete re-add signal" && mptcp_lib_kallsyms_has "subflow_rebuild_header$"; then - pm_nl_set_limits $ns1 1 1 - pm_nl_set_limits $ns2 1 1 + pm_nl_set_limits $ns1 0 2 + pm_nl_set_limits $ns2 2 2 pm_nl_add_endpoint $ns1 10.0.2.1 id 1 flags signal + # broadcast IP: no packet for this address will be received on ns1 + pm_nl_add_endpoint $ns1 224.0.0.1 id 2 flags signal test_linkfail=4 speed=20 \ run_tests $ns1 $ns2 10.0.1.1 & local tests_pid=$! @@ -3615,15 +3617,21 @@ endpoint_tests() chk_mptcp_info subflows 1 subflows 1 pm_nl_del_endpoint $ns1 1 10.0.2.1 + pm_nl_del_endpoint $ns1 2 224.0.0.1 sleep 0.5 chk_subflow_nr "after delete" 1 chk_mptcp_info subflows 0 subflows 0 - pm_nl_add_endpoint $ns1 10.0.2.1 flags signal + pm_nl_add_endpoint $ns1 10.0.2.1 id 1 flags signal + pm_nl_add_endpoint $ns1 10.0.3.1 id 2 flags signal wait_mpj $ns2 - chk_subflow_nr "after re-add" 2 - chk_mptcp_info subflows 1 subflows 1 + chk_subflow_nr "after re-add" 3 + chk_mptcp_info subflows 2 subflows 2 mptcp_lib_kill_wait $tests_pid + + chk_join_nr 3 3 3 + chk_add_nr 4 4 + chk_rm_nr 2 1 invert fi }

1 year

2
1
0 0

FAILED: patch "[PATCH] selftests: mptcp: join: check re-using ID of unused ADD_ADDR" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x a13d5aad4dd9a309eecdc33cfd75045bd5f376a3 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024082628-stapling-dad-555c@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: a13d5aad4dd9 ("selftests: mptcp: join: check re-using ID of unused ADD_ADDR") b5e2fb832f48 ("selftests: mptcp: add explicit test case for remove/readd") ae7bd9ccecc3 ("selftests: mptcp: join: option to execute specific tests") e59300ce3ff8 ("selftests: mptcp: join: reset failing links") 3afd0280e7d3 ("selftests: mptcp: join: define tests groups once") 3c082695e78b ("selftests: mptcp: drop msg argument of chk_csum_nr") 69c6ce7b6eca ("selftests: mptcp: add implicit endpoint test case") d045b9eb95a9 ("mptcp: introduce implicit endpoints") 6fa0174a7c86 ("mptcp: more careful RM_ADDR generation") f98c2bca7b2b ("selftests: mptcp: Rename wait function") 826d7bdca833 ("selftests: mptcp: join: allow running -cCi") 7d9bf018f907 ("selftests: mptcp: update output info of chk_rm_nr") 26516e10c433 ("selftests: mptcp: add more arguments for chk_join_nr") 8117dac3e7c3 ("selftests: mptcp: add invert check in check_transfer") 01542c9bf9ab ("selftests: mptcp: add fastclose testcase") cbfafac4cf8f ("selftests: mptcp: add extra_args in do_transfer") 922fd2b39e5a ("selftests: mptcp: add the MP_RST mibs check") e8e947ef50f6 ("selftests: mptcp: add the MP_FASTCLOSE mibs check") 9a0a93672c14 ("selftests: mptcp: adjust output alignment for more tests") aaa25a2fa796 ("Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a13d5aad4dd9a309eecdc33cfd75045bd5f376a3 Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Mon, 19 Aug 2024 21:45:20 +0200 Subject: [PATCH] selftests: mptcp: join: check re-using ID of unused ADD_ADDR This test extends "delete re-add signal" to validate the previous commit. An extra address is announced by the server, but this address cannot be used by the client. The result is that no subflow will be established to this address. Later, the server will delete this extra endpoint, and set a new one, with a valid address, but re-using the same ID. Before the previous commit, the server would not have been able to announce this new address. While at it, extra checks have been added to validate the expected numbers of MPJ, ADD_ADDR and RM_ADDR. The 'Fixes' tag here below is the same as the one from the previous commit: this patch here is not fixing anything wrong in the selftests, but it validates the previous fix for an issue introduced by this commit ID. Fixes: b6c08380860b ("mptcp: remove addr and subflow in PM netlink") Cc: stable(a)vger.kernel.org Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://patch.msgid.link/20240819-net-mptcp-pm-reusing-id-v1-2-38035d40de5b… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/tools/testing/selftests/net/mptcp/mptcp_join.sh b/tools/testing/selftests/net/mptcp/mptcp_join.sh index 9ea6d698e9d3..25077ccf31d2 100755 --- a/tools/testing/selftests/net/mptcp/mptcp_join.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_join.sh @@ -3601,9 +3601,11 @@ endpoint_tests() # remove and re-add if reset "delete re-add signal" && mptcp_lib_kallsyms_has "subflow_rebuild_header$"; then - pm_nl_set_limits $ns1 1 1 - pm_nl_set_limits $ns2 1 1 + pm_nl_set_limits $ns1 0 2 + pm_nl_set_limits $ns2 2 2 pm_nl_add_endpoint $ns1 10.0.2.1 id 1 flags signal + # broadcast IP: no packet for this address will be received on ns1 + pm_nl_add_endpoint $ns1 224.0.0.1 id 2 flags signal test_linkfail=4 speed=20 \ run_tests $ns1 $ns2 10.0.1.1 & local tests_pid=$! @@ -3615,15 +3617,21 @@ endpoint_tests() chk_mptcp_info subflows 1 subflows 1 pm_nl_del_endpoint $ns1 1 10.0.2.1 + pm_nl_del_endpoint $ns1 2 224.0.0.1 sleep 0.5 chk_subflow_nr "after delete" 1 chk_mptcp_info subflows 0 subflows 0 - pm_nl_add_endpoint $ns1 10.0.2.1 flags signal + pm_nl_add_endpoint $ns1 10.0.2.1 id 1 flags signal + pm_nl_add_endpoint $ns1 10.0.3.1 id 2 flags signal wait_mpj $ns2 - chk_subflow_nr "after re-add" 2 - chk_mptcp_info subflows 1 subflows 1 + chk_subflow_nr "after re-add" 3 + chk_mptcp_info subflows 2 subflows 2 mptcp_lib_kill_wait $tests_pid + + chk_join_nr 3 3 3 + chk_add_nr 4 4 + chk_rm_nr 2 1 invert fi }

1 year

2
1
0 0

FAILED: patch "[PATCH] selftests: mptcp: join: test for flush/re-add endpoints" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x e06959e9eebdfea4654390f53b65cff57691872e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024082619-chair-irritable-03aa@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: e06959e9eebd ("selftests: mptcp: join: test for flush/re-add endpoints") b5e2fb832f48 ("selftests: mptcp: add explicit test case for remove/readd") ae7bd9ccecc3 ("selftests: mptcp: join: option to execute specific tests") e59300ce3ff8 ("selftests: mptcp: join: reset failing links") 3afd0280e7d3 ("selftests: mptcp: join: define tests groups once") 3c082695e78b ("selftests: mptcp: drop msg argument of chk_csum_nr") 69c6ce7b6eca ("selftests: mptcp: add implicit endpoint test case") d045b9eb95a9 ("mptcp: introduce implicit endpoints") 6fa0174a7c86 ("mptcp: more careful RM_ADDR generation") f98c2bca7b2b ("selftests: mptcp: Rename wait function") 826d7bdca833 ("selftests: mptcp: join: allow running -cCi") 7d9bf018f907 ("selftests: mptcp: update output info of chk_rm_nr") 26516e10c433 ("selftests: mptcp: add more arguments for chk_join_nr") 8117dac3e7c3 ("selftests: mptcp: add invert check in check_transfer") 01542c9bf9ab ("selftests: mptcp: add fastclose testcase") cbfafac4cf8f ("selftests: mptcp: add extra_args in do_transfer") 922fd2b39e5a ("selftests: mptcp: add the MP_RST mibs check") e8e947ef50f6 ("selftests: mptcp: add the MP_FASTCLOSE mibs check") 9a0a93672c14 ("selftests: mptcp: adjust output alignment for more tests") aaa25a2fa796 ("Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e06959e9eebdfea4654390f53b65cff57691872e Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Mon, 19 Aug 2024 21:45:24 +0200 Subject: [PATCH] selftests: mptcp: join: test for flush/re-add endpoints After having flushed endpoints that didn't cause the creation of new subflows, it is important to check endpoints can be re-created, re-using previously used IDs. Before the previous commit, the client would not have been able to re-create the subflow that was previously rejected. The 'Fixes' tag here below is the same as the one from the previous commit: this patch here is not fixing anything wrong in the selftests, but it validates the previous fix for an issue introduced by this commit ID. Fixes: 06faa2271034 ("mptcp: remove multi addresses and subflows in PM") Cc: stable(a)vger.kernel.org Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://patch.msgid.link/20240819-net-mptcp-pm-reusing-id-v1-6-38035d40de5b… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/tools/testing/selftests/net/mptcp/mptcp_join.sh b/tools/testing/selftests/net/mptcp/mptcp_join.sh index fbb0174145ad..f609c02c6123 100755 --- a/tools/testing/selftests/net/mptcp/mptcp_join.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_join.sh @@ -3651,6 +3651,36 @@ endpoint_tests() chk_rm_nr 2 1 invert fi + # flush and re-add + if reset_with_tcp_filter "flush re-add" ns2 10.0.3.2 REJECT OUTPUT && + mptcp_lib_kallsyms_has "subflow_rebuild_header$"; then + pm_nl_set_limits $ns1 0 2 + pm_nl_set_limits $ns2 1 2 + # broadcast IP: no packet for this address will be received on ns1 + pm_nl_add_endpoint $ns1 224.0.0.1 id 2 flags signal + pm_nl_add_endpoint $ns2 10.0.3.2 id 3 flags subflow + test_linkfail=4 speed=20 \ + run_tests $ns1 $ns2 10.0.1.1 & + local tests_pid=$! + + wait_attempt_fail $ns2 + chk_subflow_nr "before flush" 1 + chk_mptcp_info subflows 0 subflows 0 + + pm_nl_flush_endpoint $ns2 + pm_nl_flush_endpoint $ns1 + wait_rm_addr $ns2 0 + ip netns exec "${ns2}" ${iptables} -D OUTPUT -s "10.0.3.2" -p tcp -j REJECT + pm_nl_add_endpoint $ns2 10.0.3.2 id 3 flags subflow + wait_mpj $ns2 + pm_nl_add_endpoint $ns1 10.0.3.1 id 2 flags signal + wait_mpj $ns2 + mptcp_lib_kill_wait $tests_pid + + chk_join_nr 2 2 2 + chk_add_nr 2 2 + chk_rm_nr 1 0 invert + fi } # [$1: error message]

1 year

2
1
0 0

FAILED: patch "[PATCH] selftests: mptcp: join: check re-using ID of closed subflow" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 65fb58afa341ad68e71e5c4d816b407e6a683a66 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024082602-dimmed-relay-f039@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 65fb58afa341 ("selftests: mptcp: join: check re-using ID of closed subflow") 04b57c9e096a ("selftests: mptcp: join: stop transfer when check is done (part 2)") b9fb176081fb ("selftests: mptcp: userspace pm send RM_ADDR for ID 0") e3b47e460b4b ("selftests: mptcp: userspace pm remove initial subflow") e571fb09c893 ("selftests: mptcp: add speed env var") 4aadde088a58 ("selftests: mptcp: add fullmesh env var") 080b7f5733fd ("selftests: mptcp: add fastclose env var") 662aa22d7dcd ("selftests: mptcp: set all env vars as local ones") 9e9d176df8e9 ("selftests: mptcp: add pm_nl_set_endpoint helper") 1534f87ee0dc ("selftests: mptcp: drop sflags parameter") 595ef566a2ef ("selftests: mptcp: drop addr_nr_ns1/2 parameters") 0c93af1f8907 ("selftests: mptcp: drop test_linkfail parameter") be7e9786c915 ("selftests: mptcp: set FAILING_LINKS in run_tests") d7ced753aa85 ("selftests: mptcp: check subflow and addr infos") 4369c198e599 ("selftests: mptcp: test userspace pm out of transfer") 36c4127ae8dd ("selftests: mptcp: join: skip implicit tests if not supported") ae947bb2c253 ("selftests: mptcp: join: skip Fastclose tests if not supported") d4c81bbb8600 ("selftests: mptcp: join: support local endpoint being tracked or not") 4a0b866a3f7d ("selftests: mptcp: join: skip test if iptables/tc cmds fail") 0c4cd3f86a40 ("selftests: mptcp: join: use 'iptables-legacy' if available") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 65fb58afa341ad68e71e5c4d816b407e6a683a66 Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Mon, 19 Aug 2024 21:45:22 +0200 Subject: [PATCH] selftests: mptcp: join: check re-using ID of closed subflow This test extends "delete and re-add" to validate the previous commit. A new 'subflow' endpoint is added, but the subflow request will be rejected. The result is that no subflow will be established from this address. Later, the endpoint is removed and re-added after having cleared the firewall rule. Before the previous commit, the client would not have been able to create this new subflow. While at it, extra checks have been added to validate the expected numbers of MPJ and RM_ADDR. The 'Fixes' tag here below is the same as the one from the previous commit: this patch here is not fixing anything wrong in the selftests, but it validates the previous fix for an issue introduced by this commit ID. Fixes: b6c08380860b ("mptcp: remove addr and subflow in PM netlink") Cc: stable(a)vger.kernel.org Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://patch.msgid.link/20240819-net-mptcp-pm-reusing-id-v1-4-38035d40de5b… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/tools/testing/selftests/net/mptcp/mptcp_join.sh b/tools/testing/selftests/net/mptcp/mptcp_join.sh index 25077ccf31d2..fbb0174145ad 100755 --- a/tools/testing/selftests/net/mptcp/mptcp_join.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_join.sh @@ -436,9 +436,10 @@ reset_with_tcp_filter() local ns="${!1}" local src="${2}" local target="${3}" + local chain="${4:-INPUT}" if ! ip netns exec "${ns}" ${iptables} \ - -A INPUT \ + -A "${chain}" \ -s "${src}" \ -p tcp \ -j "${target}"; then @@ -3571,10 +3572,10 @@ endpoint_tests() mptcp_lib_kill_wait $tests_pid fi - if reset "delete and re-add" && + if reset_with_tcp_filter "delete and re-add" ns2 10.0.3.2 REJECT OUTPUT && mptcp_lib_kallsyms_has "subflow_rebuild_header$"; then - pm_nl_set_limits $ns1 1 1 - pm_nl_set_limits $ns2 1 1 + pm_nl_set_limits $ns1 0 2 + pm_nl_set_limits $ns2 0 2 pm_nl_add_endpoint $ns2 10.0.2.2 id 2 dev ns2eth2 flags subflow test_linkfail=4 speed=20 \ run_tests $ns1 $ns2 10.0.1.1 & @@ -3591,11 +3592,27 @@ endpoint_tests() chk_subflow_nr "after delete" 1 chk_mptcp_info subflows 0 subflows 0 - pm_nl_add_endpoint $ns2 10.0.2.2 dev ns2eth2 flags subflow + pm_nl_add_endpoint $ns2 10.0.2.2 id 2 dev ns2eth2 flags subflow wait_mpj $ns2 chk_subflow_nr "after re-add" 2 chk_mptcp_info subflows 1 subflows 1 + + pm_nl_add_endpoint $ns2 10.0.3.2 id 3 flags subflow + wait_attempt_fail $ns2 + chk_subflow_nr "after new reject" 2 + chk_mptcp_info subflows 1 subflows 1 + + ip netns exec "${ns2}" ${iptables} -D OUTPUT -s "10.0.3.2" -p tcp -j REJECT + pm_nl_del_endpoint $ns2 3 10.0.3.2 + pm_nl_add_endpoint $ns2 10.0.3.2 id 3 flags subflow + wait_mpj $ns2 + chk_subflow_nr "after no reject" 3 + chk_mptcp_info subflows 2 subflows 2 + mptcp_lib_kill_wait $tests_pid + + chk_join_nr 3 3 3 + chk_rm_nr 1 1 fi # remove and re-add

1 year

2
1
0 0

FAILED: patch "[PATCH] selftests: mptcp: join: check re-using ID of closed subflow" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 65fb58afa341ad68e71e5c4d816b407e6a683a66 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024082601-scurvy-decade-b887@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 65fb58afa341 ("selftests: mptcp: join: check re-using ID of closed subflow") 04b57c9e096a ("selftests: mptcp: join: stop transfer when check is done (part 2)") b9fb176081fb ("selftests: mptcp: userspace pm send RM_ADDR for ID 0") e3b47e460b4b ("selftests: mptcp: userspace pm remove initial subflow") e571fb09c893 ("selftests: mptcp: add speed env var") 4aadde088a58 ("selftests: mptcp: add fullmesh env var") 080b7f5733fd ("selftests: mptcp: add fastclose env var") 662aa22d7dcd ("selftests: mptcp: set all env vars as local ones") 9e9d176df8e9 ("selftests: mptcp: add pm_nl_set_endpoint helper") 1534f87ee0dc ("selftests: mptcp: drop sflags parameter") 595ef566a2ef ("selftests: mptcp: drop addr_nr_ns1/2 parameters") 0c93af1f8907 ("selftests: mptcp: drop test_linkfail parameter") be7e9786c915 ("selftests: mptcp: set FAILING_LINKS in run_tests") d7ced753aa85 ("selftests: mptcp: check subflow and addr infos") 4369c198e599 ("selftests: mptcp: test userspace pm out of transfer") 36c4127ae8dd ("selftests: mptcp: join: skip implicit tests if not supported") ae947bb2c253 ("selftests: mptcp: join: skip Fastclose tests if not supported") d4c81bbb8600 ("selftests: mptcp: join: support local endpoint being tracked or not") 4a0b866a3f7d ("selftests: mptcp: join: skip test if iptables/tc cmds fail") 0c4cd3f86a40 ("selftests: mptcp: join: use 'iptables-legacy' if available") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 65fb58afa341ad68e71e5c4d816b407e6a683a66 Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Mon, 19 Aug 2024 21:45:22 +0200 Subject: [PATCH] selftests: mptcp: join: check re-using ID of closed subflow This test extends "delete and re-add" to validate the previous commit. A new 'subflow' endpoint is added, but the subflow request will be rejected. The result is that no subflow will be established from this address. Later, the endpoint is removed and re-added after having cleared the firewall rule. Before the previous commit, the client would not have been able to create this new subflow. While at it, extra checks have been added to validate the expected numbers of MPJ and RM_ADDR. The 'Fixes' tag here below is the same as the one from the previous commit: this patch here is not fixing anything wrong in the selftests, but it validates the previous fix for an issue introduced by this commit ID. Fixes: b6c08380860b ("mptcp: remove addr and subflow in PM netlink") Cc: stable(a)vger.kernel.org Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://patch.msgid.link/20240819-net-mptcp-pm-reusing-id-v1-4-38035d40de5b… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/tools/testing/selftests/net/mptcp/mptcp_join.sh b/tools/testing/selftests/net/mptcp/mptcp_join.sh index 25077ccf31d2..fbb0174145ad 100755 --- a/tools/testing/selftests/net/mptcp/mptcp_join.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_join.sh @@ -436,9 +436,10 @@ reset_with_tcp_filter() local ns="${!1}" local src="${2}" local target="${3}" + local chain="${4:-INPUT}" if ! ip netns exec "${ns}" ${iptables} \ - -A INPUT \ + -A "${chain}" \ -s "${src}" \ -p tcp \ -j "${target}"; then @@ -3571,10 +3572,10 @@ endpoint_tests() mptcp_lib_kill_wait $tests_pid fi - if reset "delete and re-add" && + if reset_with_tcp_filter "delete and re-add" ns2 10.0.3.2 REJECT OUTPUT && mptcp_lib_kallsyms_has "subflow_rebuild_header$"; then - pm_nl_set_limits $ns1 1 1 - pm_nl_set_limits $ns2 1 1 + pm_nl_set_limits $ns1 0 2 + pm_nl_set_limits $ns2 0 2 pm_nl_add_endpoint $ns2 10.0.2.2 id 2 dev ns2eth2 flags subflow test_linkfail=4 speed=20 \ run_tests $ns1 $ns2 10.0.1.1 & @@ -3591,11 +3592,27 @@ endpoint_tests() chk_subflow_nr "after delete" 1 chk_mptcp_info subflows 0 subflows 0 - pm_nl_add_endpoint $ns2 10.0.2.2 dev ns2eth2 flags subflow + pm_nl_add_endpoint $ns2 10.0.2.2 id 2 dev ns2eth2 flags subflow wait_mpj $ns2 chk_subflow_nr "after re-add" 2 chk_mptcp_info subflows 1 subflows 1 + + pm_nl_add_endpoint $ns2 10.0.3.2 id 3 flags subflow + wait_attempt_fail $ns2 + chk_subflow_nr "after new reject" 2 + chk_mptcp_info subflows 1 subflows 1 + + ip netns exec "${ns2}" ${iptables} -D OUTPUT -s "10.0.3.2" -p tcp -j REJECT + pm_nl_del_endpoint $ns2 3 10.0.3.2 + pm_nl_add_endpoint $ns2 10.0.3.2 id 3 flags subflow + wait_mpj $ns2 + chk_subflow_nr "after no reject" 3 + chk_mptcp_info subflows 2 subflows 2 + mptcp_lib_kill_wait $tests_pid + + chk_join_nr 3 3 3 + chk_rm_nr 1 1 fi # remove and re-add

1 year

2
1
0 0

FAILED: patch "[PATCH] mptcp: pm: only mark 'subflow' endp as available" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 322ea3778965da72862cca2a0c50253aacf65fe6 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024082627-devotion-chewer-87af@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 322ea3778965 ("mptcp: pm: only mark 'subflow' endp as available") f448451aa62d ("mptcp: pm: remove mptcp_pm_remove_subflow()") ef34a6ea0cab ("mptcp: pm: re-using ID of unused flushed subflows") edd8b5d868a4 ("mptcp: pm: re-using ID of unused removed subflows") 4b317e0eb287 ("mptcp: fix NL PM announced address accounting") 6a09788c1a66 ("mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID") 9bbec87ecfe8 ("mptcp: unify pm get_local_id interfaces") dc886bce753c ("mptcp: export local_address") 8b1c94da1e48 ("mptcp: only send RM_ADDR in nl_cmd_remove") 3ad14f54bd74 ("mptcp: more accurate MPC endpoint tracking") c157bbe776b7 ("mptcp: allow the in kernel PM to set MPC subflow priority") 843b5e75efff ("mptcp: fix local endpoint accounting") d9a4594edabf ("mptcp: netlink: Add MPTCP_PM_CMD_REMOVE") 9ab4807c84a4 ("mptcp: netlink: Add MPTCP_PM_CMD_ANNOUNCE") 982f17ba1a25 ("mptcp: netlink: split mptcp_pm_parse_addr into two functions") 8b20137012d9 ("mptcp: read attributes of addr entries managed by userspace PMs") 4638de5aefe5 ("mptcp: handle local addrs announced by userspace PMs") 0530020a7c8f ("mptcp: track and update contiguous data status") 0348c690ed37 ("mptcp: add the fallback check") 1761fed25678 ("mptcp: don't send RST for single subflow") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 322ea3778965da72862cca2a0c50253aacf65fe6 Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Mon, 19 Aug 2024 21:45:26 +0200 Subject: [PATCH] mptcp: pm: only mark 'subflow' endp as available Adding the following warning ... WARN_ON_ONCE(msk->pm.local_addr_used == 0) ... before decrementing the local_addr_used counter helped to find a bug when running the "remove single address" subtest from the mptcp_join.sh selftests. Removing a 'signal' endpoint will trigger the removal of all subflows linked to this endpoint via mptcp_pm_nl_rm_addr_or_subflow() with rm_type == MPTCP_MIB_RMSUBFLOW. This will decrement the local_addr_used counter, which is wrong in this case because this counter is linked to 'subflow' endpoints, and here it is a 'signal' endpoint that is being removed. Now, the counter is decremented, only if the ID is being used outside of mptcp_pm_nl_rm_addr_or_subflow(), only for 'subflow' endpoints, and if the ID is not 0 -- local_addr_used is not taking into account these ones. This marking of the ID as being available, and the decrement is done no matter if a subflow using this ID is currently available, because the subflow could have been closed before. Fixes: 06faa2271034 ("mptcp: remove multi addresses and subflows in PM") Cc: stable(a)vger.kernel.org Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://patch.msgid.link/20240819-net-mptcp-pm-reusing-id-v1-8-38035d40de5b… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c index 44fc1c5959ac..4cf7cc851f80 100644 --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -833,10 +833,10 @@ static void mptcp_pm_nl_rm_addr_or_subflow(struct mptcp_sock *msk, if (rm_type == MPTCP_MIB_RMSUBFLOW) __MPTCP_INC_STATS(sock_net(sk), rm_type); } - if (rm_type == MPTCP_MIB_RMSUBFLOW) - __set_bit(rm_id ? rm_id : msk->mpc_endpoint_id, msk->pm.id_avail_bitmap); - else if (rm_type == MPTCP_MIB_RMADDR) + + if (rm_type == MPTCP_MIB_RMADDR) __MPTCP_INC_STATS(sock_net(sk), rm_type); + if (!removed) continue; @@ -846,8 +846,6 @@ static void mptcp_pm_nl_rm_addr_or_subflow(struct mptcp_sock *msk, if (rm_type == MPTCP_MIB_RMADDR) { msk->pm.add_addr_accepted--; WRITE_ONCE(msk->pm.accept_addr, true); - } else if (rm_type == MPTCP_MIB_RMSUBFLOW) { - msk->pm.local_addr_used--; } } } @@ -1441,6 +1439,14 @@ static bool mptcp_pm_remove_anno_addr(struct mptcp_sock *msk, return ret; } +static void __mark_subflow_endp_available(struct mptcp_sock *msk, u8 id) +{ + /* If it was marked as used, and not ID 0, decrement local_addr_used */ + if (!__test_and_set_bit(id ? : msk->mpc_endpoint_id, msk->pm.id_avail_bitmap) && + id && !WARN_ON_ONCE(msk->pm.local_addr_used == 0)) + msk->pm.local_addr_used--; +} + static int mptcp_nl_remove_subflow_and_signal_addr(struct net *net, const struct mptcp_pm_addr_entry *entry) { @@ -1474,11 +1480,11 @@ static int mptcp_nl_remove_subflow_and_signal_addr(struct net *net, spin_lock_bh(&msk->pm.lock); mptcp_pm_nl_rm_subflow_received(msk, &list); spin_unlock_bh(&msk->pm.lock); - } else if (entry->flags & MPTCP_PM_ADDR_FLAG_SUBFLOW) { - /* If the subflow has been used, but now closed */ + } + + if (entry->flags & MPTCP_PM_ADDR_FLAG_SUBFLOW) { spin_lock_bh(&msk->pm.lock); - if (!__test_and_set_bit(entry->addr.id, msk->pm.id_avail_bitmap)) - msk->pm.local_addr_used--; + __mark_subflow_endp_available(msk, list.ids[0]); spin_unlock_bh(&msk->pm.lock); } @@ -1516,6 +1522,7 @@ static int mptcp_nl_remove_id_zero_address(struct net *net, spin_lock_bh(&msk->pm.lock); mptcp_pm_remove_addr(msk, &list); mptcp_pm_nl_rm_subflow_received(msk, &list); + __mark_subflow_endp_available(msk, 0); spin_unlock_bh(&msk->pm.lock); release_sock(sk); @@ -1917,6 +1924,7 @@ static void mptcp_pm_nl_fullmesh(struct mptcp_sock *msk, spin_lock_bh(&msk->pm.lock); mptcp_pm_nl_rm_subflow_received(msk, &list); + __mark_subflow_endp_available(msk, list.ids[0]); mptcp_pm_create_subflow_or_signal_addr(msk); spin_unlock_bh(&msk->pm.lock); }

1 year

2
1
0 0

FAILED: patch "[PATCH] mptcp: pm: re-using ID of unused removed subflows" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x edd8b5d868a4d459f3065493001e293901af758d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024082613-gerbil-channel-c3e1@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: edd8b5d868a4 ("mptcp: pm: re-using ID of unused removed subflows") d045b9eb95a9 ("mptcp: introduce implicit endpoints") 33397b83eee6 ("selftests: mptcp: add backup with port testcase") 09f12c3ab7a5 ("mptcp: allow to use port and non-signal in set_flags") 6a0653b96f5d ("selftests: mptcp: add fullmesh setting tests") 327b9a94e2a8 ("selftests: mptcp: more stable join tests-cases") 6bb3ab4913e9 ("selftests: mptcp: add MP_FAIL mibs check") f444fea7896d ("Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From edd8b5d868a4d459f3065493001e293901af758d Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Mon, 19 Aug 2024 21:45:21 +0200 Subject: [PATCH] mptcp: pm: re-using ID of unused removed subflows If no subflow is attached to the 'subflow' endpoint that is being removed, the addr ID will not be marked as available again. Mark the linked ID as available when removing the 'subflow' endpoint if no subflow is attached to it. While at it, the local_addr_used counter is decremented if the ID was marked as being used to reflect the reality, but also to allow adding new endpoints after that. Fixes: b6c08380860b ("mptcp: remove addr and subflow in PM netlink") Cc: stable(a)vger.kernel.org Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://patch.msgid.link/20240819-net-mptcp-pm-reusing-id-v1-3-38035d40de5b… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c index 26f0329e16bb..8b232a210a06 100644 --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -1469,8 +1469,17 @@ static int mptcp_nl_remove_subflow_and_signal_addr(struct net *net, remove_subflow = lookup_subflow_by_saddr(&msk->conn_list, addr); mptcp_pm_remove_anno_addr(msk, addr, remove_subflow && !(entry->flags & MPTCP_PM_ADDR_FLAG_IMPLICIT)); - if (remove_subflow) + + if (remove_subflow) { mptcp_pm_remove_subflow(msk, &list); + } else if (entry->flags & MPTCP_PM_ADDR_FLAG_SUBFLOW) { + /* If the subflow has been used, but now closed */ + spin_lock_bh(&msk->pm.lock); + if (!__test_and_set_bit(entry->addr.id, msk->pm.id_avail_bitmap)) + msk->pm.local_addr_used--; + spin_unlock_bh(&msk->pm.lock); + } + release_sock(sk); next:

1 year

2
1
0 0

FAILED: patch "[PATCH] mptcp: pm: re-using ID of unused removed subflows" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x edd8b5d868a4d459f3065493001e293901af758d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024082612-hydrated-overdress-ea6a@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: edd8b5d868a4 ("mptcp: pm: re-using ID of unused removed subflows") d045b9eb95a9 ("mptcp: introduce implicit endpoints") 33397b83eee6 ("selftests: mptcp: add backup with port testcase") 09f12c3ab7a5 ("mptcp: allow to use port and non-signal in set_flags") 6a0653b96f5d ("selftests: mptcp: add fullmesh setting tests") 327b9a94e2a8 ("selftests: mptcp: more stable join tests-cases") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From edd8b5d868a4d459f3065493001e293901af758d Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Mon, 19 Aug 2024 21:45:21 +0200 Subject: [PATCH] mptcp: pm: re-using ID of unused removed subflows If no subflow is attached to the 'subflow' endpoint that is being removed, the addr ID will not be marked as available again. Mark the linked ID as available when removing the 'subflow' endpoint if no subflow is attached to it. While at it, the local_addr_used counter is decremented if the ID was marked as being used to reflect the reality, but also to allow adding new endpoints after that. Fixes: b6c08380860b ("mptcp: remove addr and subflow in PM netlink") Cc: stable(a)vger.kernel.org Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://patch.msgid.link/20240819-net-mptcp-pm-reusing-id-v1-3-38035d40de5b… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c index 26f0329e16bb..8b232a210a06 100644 --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -1469,8 +1469,17 @@ static int mptcp_nl_remove_subflow_and_signal_addr(struct net *net, remove_subflow = lookup_subflow_by_saddr(&msk->conn_list, addr); mptcp_pm_remove_anno_addr(msk, addr, remove_subflow && !(entry->flags & MPTCP_PM_ADDR_FLAG_IMPLICIT)); - if (remove_subflow) + + if (remove_subflow) { mptcp_pm_remove_subflow(msk, &list); + } else if (entry->flags & MPTCP_PM_ADDR_FLAG_SUBFLOW) { + /* If the subflow has been used, but now closed */ + spin_lock_bh(&msk->pm.lock); + if (!__test_and_set_bit(entry->addr.id, msk->pm.id_avail_bitmap)) + msk->pm.local_addr_used--; + spin_unlock_bh(&msk->pm.lock); + } + release_sock(sk); next:

1 year

2
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror