- Linux-stable-mirror - lists.linaro.org

FAILED: patch "[PATCH] can: gs_usb: fix time stamp counter initialization" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 5886e4d5ecec3e22844efed90b2dd383ef804b3a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023072302-hasty-mocker-848a@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 5886e4d5ecec ("can: gs_usb: fix time stamp counter initialization") 2603be9e8167 ("can: gs_usb: gs_can_open(): improve error handling") 56c56a309e79 ("can: gs_usb: remove gs_can::iface") 0c9f92a4b795 ("can: gs_usb: add support for reading error counters") 2f3cdad1c616 ("can: gs_usb: add ability to enable / disable berr reporting") ac3f25824e4f ("can: gs_usb: gs_can_open(): merge setting of timestamp flags and init") f6adf410f70b ("can: gs_usb: gs_can_open(): sort checks for ctrlmode") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5886e4d5ecec3e22844efed90b2dd383ef804b3a Mon Sep 17 00:00:00 2001 From: Marc Kleine-Budde <mkl(a)pengutronix.de> Date: Fri, 7 Jul 2023 18:44:23 +0200 Subject: [PATCH] can: gs_usb: fix time stamp counter initialization If the gs_usb device driver is unloaded (or unbound) before the interface is shut down, the USB stack first calls the struct usb_driver::disconnect and then the struct net_device_ops::ndo_stop callback. In gs_usb_disconnect() all pending bulk URBs are killed, i.e. no more RX'ed CAN frames are send from the USB device to the host. Later in gs_can_close() a reset control message is send to each CAN channel to remove the controller from the CAN bus. In this race window the USB device can still receive CAN frames from the bus and internally queue them to be send to the host. At least in the current version of the candlelight firmware, the queue of received CAN frames is not emptied during the reset command. After loading (or binding) the gs_usb driver, new URBs are submitted during the struct net_device_ops::ndo_open callback and the candlelight firmware starts sending its already queued CAN frames to the host. However, this scenario was not considered when implementing the hardware timestamp function. The cycle counter/time counter infrastructure is set up (gs_usb_timestamp_init()) after the USBs are submitted, resulting in a NULL pointer dereference if timecounter_cyc2time() (via the call chain: gs_usb_receive_bulk_callback() -> gs_usb_set_timestamp() -> gs_usb_skb_set_timestamp()) is called too early. Move the gs_usb_timestamp_init() function before the URBs are submitted to fix this problem. For a comprehensive solution, we need to consider gs_usb devices with more than 1 channel. The cycle counter/time counter infrastructure is setup per channel, but the RX URBs are per device. Once gs_can_open() of _a_ channel has been called, and URBs have been submitted, the gs_usb_receive_bulk_callback() can be called for _all_ available channels, even for channels that are not running, yet. As cycle counter/time counter has not set up, this will again lead to a NULL pointer dereference. Convert the cycle counter/time counter from a "per channel" to a "per device" functionality. Also set it up, before submitting any URBs to the device. Further in gs_usb_receive_bulk_callback(), don't process any URBs for not started CAN channels, only resubmit the URB. Fixes: 45dfa45f52e6 ("can: gs_usb: add RX and TX hardware timestamp support") Closes: https://github.com/candle-usb/candleLight_fw/issues/137#issuecomment-162353… Cc: stable(a)vger.kernel.org Cc: John Whittington <git(a)jbrengineering.co.uk> Link: https://lore.kernel.org/all/20230716-gs_usb-fix-time-stamp-counter-v1-2-901… Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> diff --git a/drivers/net/can/usb/gs_usb.c b/drivers/net/can/usb/gs_usb.c index 85b7b59c8426..f418066569fc 100644 --- a/drivers/net/can/usb/gs_usb.c +++ b/drivers/net/can/usb/gs_usb.c @@ -303,12 +303,6 @@ struct gs_can { struct can_bittiming_const bt_const, data_bt_const; unsigned int channel; /* channel number */ - /* time counter for hardware timestamps */ - struct cyclecounter cc; - struct timecounter tc; - spinlock_t tc_lock; /* spinlock to guard access tc->cycle_last */ - struct delayed_work timestamp; - u32 feature; unsigned int hf_size_tx; @@ -325,6 +319,13 @@ struct gs_usb { struct gs_can *canch[GS_MAX_INTF]; struct usb_anchor rx_submitted; struct usb_device *udev; + + /* time counter for hardware timestamps */ + struct cyclecounter cc; + struct timecounter tc; + spinlock_t tc_lock; /* spinlock to guard access tc->cycle_last */ + struct delayed_work timestamp; + unsigned int hf_size_rx; u8 active_channels; }; @@ -388,15 +389,15 @@ static int gs_cmd_reset(struct gs_can *dev) GFP_KERNEL); } -static inline int gs_usb_get_timestamp(const struct gs_can *dev, +static inline int gs_usb_get_timestamp(const struct gs_usb *parent, u32 *timestamp_p) { __le32 timestamp; int rc; - rc = usb_control_msg_recv(dev->udev, 0, GS_USB_BREQ_TIMESTAMP, + rc = usb_control_msg_recv(parent->udev, 0, GS_USB_BREQ_TIMESTAMP, USB_DIR_IN | USB_TYPE_VENDOR | USB_RECIP_INTERFACE, - dev->channel, 0, + 0, 0, &timestamp, sizeof(timestamp), USB_CTRL_GET_TIMEOUT, GFP_KERNEL); @@ -410,20 +411,20 @@ static inline int gs_usb_get_timestamp(const struct gs_can *dev, static u64 gs_usb_timestamp_read(const struct cyclecounter *cc) __must_hold(&dev->tc_lock) { - struct gs_can *dev = container_of(cc, struct gs_can, cc); + struct gs_usb *parent = container_of(cc, struct gs_usb, cc); u32 timestamp = 0; int err; - lockdep_assert_held(&dev->tc_lock); + lockdep_assert_held(&parent->tc_lock); /* drop lock for synchronous USB transfer */ - spin_unlock_bh(&dev->tc_lock); - err = gs_usb_get_timestamp(dev, &timestamp); - spin_lock_bh(&dev->tc_lock); + spin_unlock_bh(&parent->tc_lock); + err = gs_usb_get_timestamp(parent, &timestamp); + spin_lock_bh(&parent->tc_lock); if (err) - netdev_err(dev->netdev, - "Error %d while reading timestamp. HW timestamps may be inaccurate.", - err); + dev_err(&parent->udev->dev, + "Error %d while reading timestamp. HW timestamps may be inaccurate.", + err); return timestamp; } @@ -431,14 +432,14 @@ static u64 gs_usb_timestamp_read(const struct cyclecounter *cc) __must_hold(&dev static void gs_usb_timestamp_work(struct work_struct *work) { struct delayed_work *delayed_work = to_delayed_work(work); - struct gs_can *dev; + struct gs_usb *parent; - dev = container_of(delayed_work, struct gs_can, timestamp); - spin_lock_bh(&dev->tc_lock); - timecounter_read(&dev->tc); - spin_unlock_bh(&dev->tc_lock); + parent = container_of(delayed_work, struct gs_usb, timestamp); + spin_lock_bh(&parent->tc_lock); + timecounter_read(&parent->tc); + spin_unlock_bh(&parent->tc_lock); - schedule_delayed_work(&dev->timestamp, + schedule_delayed_work(&parent->timestamp, GS_USB_TIMESTAMP_WORK_DELAY_SEC * HZ); } @@ -446,37 +447,38 @@ static void gs_usb_skb_set_timestamp(struct gs_can *dev, struct sk_buff *skb, u32 timestamp) { struct skb_shared_hwtstamps *hwtstamps = skb_hwtstamps(skb); + struct gs_usb *parent = dev->parent; u64 ns; - spin_lock_bh(&dev->tc_lock); - ns = timecounter_cyc2time(&dev->tc, timestamp); - spin_unlock_bh(&dev->tc_lock); + spin_lock_bh(&parent->tc_lock); + ns = timecounter_cyc2time(&parent->tc, timestamp); + spin_unlock_bh(&parent->tc_lock); hwtstamps->hwtstamp = ns_to_ktime(ns); } -static void gs_usb_timestamp_init(struct gs_can *dev) +static void gs_usb_timestamp_init(struct gs_usb *parent) { - struct cyclecounter *cc = &dev->cc; + struct cyclecounter *cc = &parent->cc; cc->read = gs_usb_timestamp_read; cc->mask = CYCLECOUNTER_MASK(32); cc->shift = 32 - bits_per(NSEC_PER_SEC / GS_USB_TIMESTAMP_TIMER_HZ); cc->mult = clocksource_hz2mult(GS_USB_TIMESTAMP_TIMER_HZ, cc->shift); - spin_lock_init(&dev->tc_lock); - spin_lock_bh(&dev->tc_lock); - timecounter_init(&dev->tc, &dev->cc, ktime_get_real_ns()); - spin_unlock_bh(&dev->tc_lock); + spin_lock_init(&parent->tc_lock); + spin_lock_bh(&parent->tc_lock); + timecounter_init(&parent->tc, &parent->cc, ktime_get_real_ns()); + spin_unlock_bh(&parent->tc_lock); - INIT_DELAYED_WORK(&dev->timestamp, gs_usb_timestamp_work); - schedule_delayed_work(&dev->timestamp, + INIT_DELAYED_WORK(&parent->timestamp, gs_usb_timestamp_work); + schedule_delayed_work(&parent->timestamp, GS_USB_TIMESTAMP_WORK_DELAY_SEC * HZ); } -static void gs_usb_timestamp_stop(struct gs_can *dev) +static void gs_usb_timestamp_stop(struct gs_usb *parent) { - cancel_delayed_work_sync(&dev->timestamp); + cancel_delayed_work_sync(&parent->timestamp); } static void gs_update_state(struct gs_can *dev, struct can_frame *cf) @@ -560,6 +562,9 @@ static void gs_usb_receive_bulk_callback(struct urb *urb) if (!netif_device_present(netdev)) return; + if (!netif_running(netdev)) + goto resubmit_urb; + if (hf->echo_id == -1) { /* normal rx */ if (hf->flags & GS_CAN_FLAG_FD) { skb = alloc_canfd_skb(dev->netdev, &cfd); @@ -856,6 +861,9 @@ static int gs_can_open(struct net_device *netdev) } if (!parent->active_channels) { + if (dev->feature & GS_CAN_FEATURE_HW_TIMESTAMP) + gs_usb_timestamp_init(parent); + for (i = 0; i < GS_MAX_RX_URBS; i++) { u8 *buf; @@ -926,13 +934,9 @@ static int gs_can_open(struct net_device *netdev) flags |= GS_CAN_MODE_FD; /* if hardware supports timestamps, enable it */ - if (dev->feature & GS_CAN_FEATURE_HW_TIMESTAMP) { + if (dev->feature & GS_CAN_FEATURE_HW_TIMESTAMP) flags |= GS_CAN_MODE_HW_TIMESTAMP; - /* start polling timestamp */ - gs_usb_timestamp_init(dev); - } - /* finally start device */ dev->can.state = CAN_STATE_ERROR_ACTIVE; dm.flags = cpu_to_le32(flags); @@ -942,8 +946,6 @@ static int gs_can_open(struct net_device *netdev) GFP_KERNEL); if (rc) { netdev_err(netdev, "Couldn't start device (err=%d)\n", rc); - if (dev->feature & GS_CAN_FEATURE_HW_TIMESTAMP) - gs_usb_timestamp_stop(dev); dev->can.state = CAN_STATE_STOPPED; goto out_usb_kill_anchored_urbs; @@ -960,9 +962,13 @@ static int gs_can_open(struct net_device *netdev) out_usb_free_urb: usb_free_urb(urb); out_usb_kill_anchored_urbs: - if (!parent->active_channels) + if (!parent->active_channels) { usb_kill_anchored_urbs(&dev->tx_submitted); + if (dev->feature & GS_CAN_FEATURE_HW_TIMESTAMP) + gs_usb_timestamp_stop(parent); + } + close_candev(netdev); return rc; @@ -1011,14 +1017,13 @@ static int gs_can_close(struct net_device *netdev) netif_stop_queue(netdev); - /* stop polling timestamp */ - if (dev->feature & GS_CAN_FEATURE_HW_TIMESTAMP) - gs_usb_timestamp_stop(dev); - /* Stop polling */ parent->active_channels--; if (!parent->active_channels) { usb_kill_anchored_urbs(&parent->rx_submitted); + + if (dev->feature & GS_CAN_FEATURE_HW_TIMESTAMP) + gs_usb_timestamp_stop(parent); } /* Stop sending URBs */

2 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] can: gs_usb: gs_can_open(): improve error handling" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.14.y git checkout FETCH_HEAD git cherry-pick -x 2603be9e8167ddc7bea95dcfab9ffc33414215aa # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023072354-hungrily-ancient-3409@gregkh' --subject-prefix 'PATCH 4.14.y' HEAD^.. Possible dependencies: 2603be9e8167 ("can: gs_usb: gs_can_open(): improve error handling") 62f102c0d156 ("can: gs_usb: remove dma allocations") 5440428b3da6 ("can: gs_usb: gs_can_open(): fix race dev->can.state condition") 2bda24ef95c0 ("can: gs_usb: gs_usb_open/close(): fix memory leak") c359931d2545 ("can: gs_usb: use union and FLEX_ARRAY for data in struct gs_host_frame") 5374d083117c ("can: gs_usb: gs_usb_probe(): introduce udev and make use of it") c1ee72690cdd ("can: gs_usb: rewrap usb_control_msg() and usb_fill_bulk_urb()") 035b0fcf0270 ("can: gs_usb: change active_channels's type from atomic_t to u8") 108194666a3f ("can: gs_usb: use %u to print unsigned values") 5c39f26e67c9 ("Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2603be9e8167ddc7bea95dcfab9ffc33414215aa Mon Sep 17 00:00:00 2001 From: Marc Kleine-Budde <mkl(a)pengutronix.de> Date: Fri, 7 Jul 2023 13:43:10 +0200 Subject: [PATCH] can: gs_usb: gs_can_open(): improve error handling The gs_usb driver handles USB devices with more than 1 CAN channel. The RX path for all channels share the same bulk endpoint (the transmitted bulk data encodes the channel number). These per-device resources are allocated and submitted by the first opened channel. During this allocation, the resources are either released immediately in case of a failure or the URBs are anchored. All anchored URBs are finally killed with gs_usb_disconnect(). Currently, gs_can_open() returns with an error if the allocation of a URB or a buffer fails. However, if usb_submit_urb() fails, the driver continues with the URBs submitted so far, even if no URBs were successfully submitted. Treat every error as fatal and free all allocated resources immediately. Switch to goto-style error handling, to prepare the driver for more per-device resource allocation. Cc: stable(a)vger.kernel.org Cc: John Whittington <git(a)jbrengineering.co.uk> Link: https://lore.kernel.org/all/20230716-gs_usb-fix-time-stamp-counter-v1-1-901… Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> diff --git a/drivers/net/can/usb/gs_usb.c b/drivers/net/can/usb/gs_usb.c index d476c2884008..85b7b59c8426 100644 --- a/drivers/net/can/usb/gs_usb.c +++ b/drivers/net/can/usb/gs_usb.c @@ -833,6 +833,7 @@ static int gs_can_open(struct net_device *netdev) .mode = cpu_to_le32(GS_CAN_MODE_START), }; struct gs_host_frame *hf; + struct urb *urb = NULL; u32 ctrlmode; u32 flags = 0; int rc, i; @@ -856,13 +857,14 @@ static int gs_can_open(struct net_device *netdev) if (!parent->active_channels) { for (i = 0; i < GS_MAX_RX_URBS; i++) { - struct urb *urb; u8 *buf; /* alloc rx urb */ urb = usb_alloc_urb(0, GFP_KERNEL); - if (!urb) - return -ENOMEM; + if (!urb) { + rc = -ENOMEM; + goto out_usb_kill_anchored_urbs; + } /* alloc rx buffer */ buf = kmalloc(dev->parent->hf_size_rx, @@ -870,8 +872,8 @@ static int gs_can_open(struct net_device *netdev) if (!buf) { netdev_err(netdev, "No memory left for USB buffer\n"); - usb_free_urb(urb); - return -ENOMEM; + rc = -ENOMEM; + goto out_usb_free_urb; } /* fill, anchor, and submit rx urb */ @@ -894,9 +896,7 @@ static int gs_can_open(struct net_device *netdev) netdev_err(netdev, "usb_submit failed (err=%d)\n", rc); - usb_unanchor_urb(urb); - usb_free_urb(urb); - break; + goto out_usb_unanchor_urb; } /* Drop reference, @@ -945,7 +945,8 @@ static int gs_can_open(struct net_device *netdev) if (dev->feature & GS_CAN_FEATURE_HW_TIMESTAMP) gs_usb_timestamp_stop(dev); dev->can.state = CAN_STATE_STOPPED; - return rc; + + goto out_usb_kill_anchored_urbs; } parent->active_channels++; @@ -953,6 +954,18 @@ static int gs_can_open(struct net_device *netdev) netif_start_queue(netdev); return 0; + +out_usb_unanchor_urb: + usb_unanchor_urb(urb); +out_usb_free_urb: + usb_free_urb(urb); +out_usb_kill_anchored_urbs: + if (!parent->active_channels) + usb_kill_anchored_urbs(&dev->tx_submitted); + + close_candev(netdev); + + return rc; } static int gs_usb_get_state(const struct net_device *netdev,

2 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] can: gs_usb: gs_can_open(): improve error handling" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 2603be9e8167ddc7bea95dcfab9ffc33414215aa # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023072353-gummy-prowess-7c23@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 2603be9e8167 ("can: gs_usb: gs_can_open(): improve error handling") 62f102c0d156 ("can: gs_usb: remove dma allocations") 5440428b3da6 ("can: gs_usb: gs_can_open(): fix race dev->can.state condition") 2bda24ef95c0 ("can: gs_usb: gs_usb_open/close(): fix memory leak") c359931d2545 ("can: gs_usb: use union and FLEX_ARRAY for data in struct gs_host_frame") 5374d083117c ("can: gs_usb: gs_usb_probe(): introduce udev and make use of it") c1ee72690cdd ("can: gs_usb: rewrap usb_control_msg() and usb_fill_bulk_urb()") 035b0fcf0270 ("can: gs_usb: change active_channels's type from atomic_t to u8") 108194666a3f ("can: gs_usb: use %u to print unsigned values") 5c39f26e67c9 ("Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2603be9e8167ddc7bea95dcfab9ffc33414215aa Mon Sep 17 00:00:00 2001 From: Marc Kleine-Budde <mkl(a)pengutronix.de> Date: Fri, 7 Jul 2023 13:43:10 +0200 Subject: [PATCH] can: gs_usb: gs_can_open(): improve error handling The gs_usb driver handles USB devices with more than 1 CAN channel. The RX path for all channels share the same bulk endpoint (the transmitted bulk data encodes the channel number). These per-device resources are allocated and submitted by the first opened channel. During this allocation, the resources are either released immediately in case of a failure or the URBs are anchored. All anchored URBs are finally killed with gs_usb_disconnect(). Currently, gs_can_open() returns with an error if the allocation of a URB or a buffer fails. However, if usb_submit_urb() fails, the driver continues with the URBs submitted so far, even if no URBs were successfully submitted. Treat every error as fatal and free all allocated resources immediately. Switch to goto-style error handling, to prepare the driver for more per-device resource allocation. Cc: stable(a)vger.kernel.org Cc: John Whittington <git(a)jbrengineering.co.uk> Link: https://lore.kernel.org/all/20230716-gs_usb-fix-time-stamp-counter-v1-1-901… Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> diff --git a/drivers/net/can/usb/gs_usb.c b/drivers/net/can/usb/gs_usb.c index d476c2884008..85b7b59c8426 100644 --- a/drivers/net/can/usb/gs_usb.c +++ b/drivers/net/can/usb/gs_usb.c @@ -833,6 +833,7 @@ static int gs_can_open(struct net_device *netdev) .mode = cpu_to_le32(GS_CAN_MODE_START), }; struct gs_host_frame *hf; + struct urb *urb = NULL; u32 ctrlmode; u32 flags = 0; int rc, i; @@ -856,13 +857,14 @@ static int gs_can_open(struct net_device *netdev) if (!parent->active_channels) { for (i = 0; i < GS_MAX_RX_URBS; i++) { - struct urb *urb; u8 *buf; /* alloc rx urb */ urb = usb_alloc_urb(0, GFP_KERNEL); - if (!urb) - return -ENOMEM; + if (!urb) { + rc = -ENOMEM; + goto out_usb_kill_anchored_urbs; + } /* alloc rx buffer */ buf = kmalloc(dev->parent->hf_size_rx, @@ -870,8 +872,8 @@ static int gs_can_open(struct net_device *netdev) if (!buf) { netdev_err(netdev, "No memory left for USB buffer\n"); - usb_free_urb(urb); - return -ENOMEM; + rc = -ENOMEM; + goto out_usb_free_urb; } /* fill, anchor, and submit rx urb */ @@ -894,9 +896,7 @@ static int gs_can_open(struct net_device *netdev) netdev_err(netdev, "usb_submit failed (err=%d)\n", rc); - usb_unanchor_urb(urb); - usb_free_urb(urb); - break; + goto out_usb_unanchor_urb; } /* Drop reference, @@ -945,7 +945,8 @@ static int gs_can_open(struct net_device *netdev) if (dev->feature & GS_CAN_FEATURE_HW_TIMESTAMP) gs_usb_timestamp_stop(dev); dev->can.state = CAN_STATE_STOPPED; - return rc; + + goto out_usb_kill_anchored_urbs; } parent->active_channels++; @@ -953,6 +954,18 @@ static int gs_can_open(struct net_device *netdev) netif_start_queue(netdev); return 0; + +out_usb_unanchor_urb: + usb_unanchor_urb(urb); +out_usb_free_urb: + usb_free_urb(urb); +out_usb_kill_anchored_urbs: + if (!parent->active_channels) + usb_kill_anchored_urbs(&dev->tx_submitted); + + close_candev(netdev); + + return rc; } static int gs_usb_get_state(const struct net_device *netdev,

2 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] can: gs_usb: gs_can_open(): improve error handling" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 2603be9e8167ddc7bea95dcfab9ffc33414215aa # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023072351-brethren-premiere-da35@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 2603be9e8167 ("can: gs_usb: gs_can_open(): improve error handling") 62f102c0d156 ("can: gs_usb: remove dma allocations") 5440428b3da6 ("can: gs_usb: gs_can_open(): fix race dev->can.state condition") 2bda24ef95c0 ("can: gs_usb: gs_usb_open/close(): fix memory leak") c359931d2545 ("can: gs_usb: use union and FLEX_ARRAY for data in struct gs_host_frame") 5374d083117c ("can: gs_usb: gs_usb_probe(): introduce udev and make use of it") c1ee72690cdd ("can: gs_usb: rewrap usb_control_msg() and usb_fill_bulk_urb()") 035b0fcf0270 ("can: gs_usb: change active_channels's type from atomic_t to u8") 108194666a3f ("can: gs_usb: use %u to print unsigned values") 5c39f26e67c9 ("Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2603be9e8167ddc7bea95dcfab9ffc33414215aa Mon Sep 17 00:00:00 2001 From: Marc Kleine-Budde <mkl(a)pengutronix.de> Date: Fri, 7 Jul 2023 13:43:10 +0200 Subject: [PATCH] can: gs_usb: gs_can_open(): improve error handling The gs_usb driver handles USB devices with more than 1 CAN channel. The RX path for all channels share the same bulk endpoint (the transmitted bulk data encodes the channel number). These per-device resources are allocated and submitted by the first opened channel. During this allocation, the resources are either released immediately in case of a failure or the URBs are anchored. All anchored URBs are finally killed with gs_usb_disconnect(). Currently, gs_can_open() returns with an error if the allocation of a URB or a buffer fails. However, if usb_submit_urb() fails, the driver continues with the URBs submitted so far, even if no URBs were successfully submitted. Treat every error as fatal and free all allocated resources immediately. Switch to goto-style error handling, to prepare the driver for more per-device resource allocation. Cc: stable(a)vger.kernel.org Cc: John Whittington <git(a)jbrengineering.co.uk> Link: https://lore.kernel.org/all/20230716-gs_usb-fix-time-stamp-counter-v1-1-901… Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> diff --git a/drivers/net/can/usb/gs_usb.c b/drivers/net/can/usb/gs_usb.c index d476c2884008..85b7b59c8426 100644 --- a/drivers/net/can/usb/gs_usb.c +++ b/drivers/net/can/usb/gs_usb.c @@ -833,6 +833,7 @@ static int gs_can_open(struct net_device *netdev) .mode = cpu_to_le32(GS_CAN_MODE_START), }; struct gs_host_frame *hf; + struct urb *urb = NULL; u32 ctrlmode; u32 flags = 0; int rc, i; @@ -856,13 +857,14 @@ static int gs_can_open(struct net_device *netdev) if (!parent->active_channels) { for (i = 0; i < GS_MAX_RX_URBS; i++) { - struct urb *urb; u8 *buf; /* alloc rx urb */ urb = usb_alloc_urb(0, GFP_KERNEL); - if (!urb) - return -ENOMEM; + if (!urb) { + rc = -ENOMEM; + goto out_usb_kill_anchored_urbs; + } /* alloc rx buffer */ buf = kmalloc(dev->parent->hf_size_rx, @@ -870,8 +872,8 @@ static int gs_can_open(struct net_device *netdev) if (!buf) { netdev_err(netdev, "No memory left for USB buffer\n"); - usb_free_urb(urb); - return -ENOMEM; + rc = -ENOMEM; + goto out_usb_free_urb; } /* fill, anchor, and submit rx urb */ @@ -894,9 +896,7 @@ static int gs_can_open(struct net_device *netdev) netdev_err(netdev, "usb_submit failed (err=%d)\n", rc); - usb_unanchor_urb(urb); - usb_free_urb(urb); - break; + goto out_usb_unanchor_urb; } /* Drop reference, @@ -945,7 +945,8 @@ static int gs_can_open(struct net_device *netdev) if (dev->feature & GS_CAN_FEATURE_HW_TIMESTAMP) gs_usb_timestamp_stop(dev); dev->can.state = CAN_STATE_STOPPED; - return rc; + + goto out_usb_kill_anchored_urbs; } parent->active_channels++; @@ -953,6 +954,18 @@ static int gs_can_open(struct net_device *netdev) netif_start_queue(netdev); return 0; + +out_usb_unanchor_urb: + usb_unanchor_urb(urb); +out_usb_free_urb: + usb_free_urb(urb); +out_usb_kill_anchored_urbs: + if (!parent->active_channels) + usb_kill_anchored_urbs(&dev->tx_submitted); + + close_candev(netdev); + + return rc; } static int gs_usb_get_state(const struct net_device *netdev,

2 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] can: gs_usb: gs_can_open(): improve error handling" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 2603be9e8167ddc7bea95dcfab9ffc33414215aa # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023072350-remorse-graduate-cd73@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 2603be9e8167 ("can: gs_usb: gs_can_open(): improve error handling") 62f102c0d156 ("can: gs_usb: remove dma allocations") 5440428b3da6 ("can: gs_usb: gs_can_open(): fix race dev->can.state condition") 2bda24ef95c0 ("can: gs_usb: gs_usb_open/close(): fix memory leak") c359931d2545 ("can: gs_usb: use union and FLEX_ARRAY for data in struct gs_host_frame") 5374d083117c ("can: gs_usb: gs_usb_probe(): introduce udev and make use of it") c1ee72690cdd ("can: gs_usb: rewrap usb_control_msg() and usb_fill_bulk_urb()") 035b0fcf0270 ("can: gs_usb: change active_channels's type from atomic_t to u8") 108194666a3f ("can: gs_usb: use %u to print unsigned values") 5c39f26e67c9 ("Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2603be9e8167ddc7bea95dcfab9ffc33414215aa Mon Sep 17 00:00:00 2001 From: Marc Kleine-Budde <mkl(a)pengutronix.de> Date: Fri, 7 Jul 2023 13:43:10 +0200 Subject: [PATCH] can: gs_usb: gs_can_open(): improve error handling The gs_usb driver handles USB devices with more than 1 CAN channel. The RX path for all channels share the same bulk endpoint (the transmitted bulk data encodes the channel number). These per-device resources are allocated and submitted by the first opened channel. During this allocation, the resources are either released immediately in case of a failure or the URBs are anchored. All anchored URBs are finally killed with gs_usb_disconnect(). Currently, gs_can_open() returns with an error if the allocation of a URB or a buffer fails. However, if usb_submit_urb() fails, the driver continues with the URBs submitted so far, even if no URBs were successfully submitted. Treat every error as fatal and free all allocated resources immediately. Switch to goto-style error handling, to prepare the driver for more per-device resource allocation. Cc: stable(a)vger.kernel.org Cc: John Whittington <git(a)jbrengineering.co.uk> Link: https://lore.kernel.org/all/20230716-gs_usb-fix-time-stamp-counter-v1-1-901… Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> diff --git a/drivers/net/can/usb/gs_usb.c b/drivers/net/can/usb/gs_usb.c index d476c2884008..85b7b59c8426 100644 --- a/drivers/net/can/usb/gs_usb.c +++ b/drivers/net/can/usb/gs_usb.c @@ -833,6 +833,7 @@ static int gs_can_open(struct net_device *netdev) .mode = cpu_to_le32(GS_CAN_MODE_START), }; struct gs_host_frame *hf; + struct urb *urb = NULL; u32 ctrlmode; u32 flags = 0; int rc, i; @@ -856,13 +857,14 @@ static int gs_can_open(struct net_device *netdev) if (!parent->active_channels) { for (i = 0; i < GS_MAX_RX_URBS; i++) { - struct urb *urb; u8 *buf; /* alloc rx urb */ urb = usb_alloc_urb(0, GFP_KERNEL); - if (!urb) - return -ENOMEM; + if (!urb) { + rc = -ENOMEM; + goto out_usb_kill_anchored_urbs; + } /* alloc rx buffer */ buf = kmalloc(dev->parent->hf_size_rx, @@ -870,8 +872,8 @@ static int gs_can_open(struct net_device *netdev) if (!buf) { netdev_err(netdev, "No memory left for USB buffer\n"); - usb_free_urb(urb); - return -ENOMEM; + rc = -ENOMEM; + goto out_usb_free_urb; } /* fill, anchor, and submit rx urb */ @@ -894,9 +896,7 @@ static int gs_can_open(struct net_device *netdev) netdev_err(netdev, "usb_submit failed (err=%d)\n", rc); - usb_unanchor_urb(urb); - usb_free_urb(urb); - break; + goto out_usb_unanchor_urb; } /* Drop reference, @@ -945,7 +945,8 @@ static int gs_can_open(struct net_device *netdev) if (dev->feature & GS_CAN_FEATURE_HW_TIMESTAMP) gs_usb_timestamp_stop(dev); dev->can.state = CAN_STATE_STOPPED; - return rc; + + goto out_usb_kill_anchored_urbs; } parent->active_channels++; @@ -953,6 +954,18 @@ static int gs_can_open(struct net_device *netdev) netif_start_queue(netdev); return 0; + +out_usb_unanchor_urb: + usb_unanchor_urb(urb); +out_usb_free_urb: + usb_free_urb(urb); +out_usb_kill_anchored_urbs: + if (!parent->active_channels) + usb_kill_anchored_urbs(&dev->tx_submitted); + + close_candev(netdev); + + return rc; } static int gs_usb_get_state(const struct net_device *netdev,

2 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] can: gs_usb: gs_can_open(): improve error handling" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 2603be9e8167ddc7bea95dcfab9ffc33414215aa # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023072349-capricorn-donor-f895@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 2603be9e8167 ("can: gs_usb: gs_can_open(): improve error handling") 62f102c0d156 ("can: gs_usb: remove dma allocations") 5440428b3da6 ("can: gs_usb: gs_can_open(): fix race dev->can.state condition") 2bda24ef95c0 ("can: gs_usb: gs_usb_open/close(): fix memory leak") c359931d2545 ("can: gs_usb: use union and FLEX_ARRAY for data in struct gs_host_frame") 5374d083117c ("can: gs_usb: gs_usb_probe(): introduce udev and make use of it") c1ee72690cdd ("can: gs_usb: rewrap usb_control_msg() and usb_fill_bulk_urb()") 035b0fcf0270 ("can: gs_usb: change active_channels's type from atomic_t to u8") 108194666a3f ("can: gs_usb: use %u to print unsigned values") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2603be9e8167ddc7bea95dcfab9ffc33414215aa Mon Sep 17 00:00:00 2001 From: Marc Kleine-Budde <mkl(a)pengutronix.de> Date: Fri, 7 Jul 2023 13:43:10 +0200 Subject: [PATCH] can: gs_usb: gs_can_open(): improve error handling The gs_usb driver handles USB devices with more than 1 CAN channel. The RX path for all channels share the same bulk endpoint (the transmitted bulk data encodes the channel number). These per-device resources are allocated and submitted by the first opened channel. During this allocation, the resources are either released immediately in case of a failure or the URBs are anchored. All anchored URBs are finally killed with gs_usb_disconnect(). Currently, gs_can_open() returns with an error if the allocation of a URB or a buffer fails. However, if usb_submit_urb() fails, the driver continues with the URBs submitted so far, even if no URBs were successfully submitted. Treat every error as fatal and free all allocated resources immediately. Switch to goto-style error handling, to prepare the driver for more per-device resource allocation. Cc: stable(a)vger.kernel.org Cc: John Whittington <git(a)jbrengineering.co.uk> Link: https://lore.kernel.org/all/20230716-gs_usb-fix-time-stamp-counter-v1-1-901… Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> diff --git a/drivers/net/can/usb/gs_usb.c b/drivers/net/can/usb/gs_usb.c index d476c2884008..85b7b59c8426 100644 --- a/drivers/net/can/usb/gs_usb.c +++ b/drivers/net/can/usb/gs_usb.c @@ -833,6 +833,7 @@ static int gs_can_open(struct net_device *netdev) .mode = cpu_to_le32(GS_CAN_MODE_START), }; struct gs_host_frame *hf; + struct urb *urb = NULL; u32 ctrlmode; u32 flags = 0; int rc, i; @@ -856,13 +857,14 @@ static int gs_can_open(struct net_device *netdev) if (!parent->active_channels) { for (i = 0; i < GS_MAX_RX_URBS; i++) { - struct urb *urb; u8 *buf; /* alloc rx urb */ urb = usb_alloc_urb(0, GFP_KERNEL); - if (!urb) - return -ENOMEM; + if (!urb) { + rc = -ENOMEM; + goto out_usb_kill_anchored_urbs; + } /* alloc rx buffer */ buf = kmalloc(dev->parent->hf_size_rx, @@ -870,8 +872,8 @@ static int gs_can_open(struct net_device *netdev) if (!buf) { netdev_err(netdev, "No memory left for USB buffer\n"); - usb_free_urb(urb); - return -ENOMEM; + rc = -ENOMEM; + goto out_usb_free_urb; } /* fill, anchor, and submit rx urb */ @@ -894,9 +896,7 @@ static int gs_can_open(struct net_device *netdev) netdev_err(netdev, "usb_submit failed (err=%d)\n", rc); - usb_unanchor_urb(urb); - usb_free_urb(urb); - break; + goto out_usb_unanchor_urb; } /* Drop reference, @@ -945,7 +945,8 @@ static int gs_can_open(struct net_device *netdev) if (dev->feature & GS_CAN_FEATURE_HW_TIMESTAMP) gs_usb_timestamp_stop(dev); dev->can.state = CAN_STATE_STOPPED; - return rc; + + goto out_usb_kill_anchored_urbs; } parent->active_channels++; @@ -953,6 +954,18 @@ static int gs_can_open(struct net_device *netdev) netif_start_queue(netdev); return 0; + +out_usb_unanchor_urb: + usb_unanchor_urb(urb); +out_usb_free_urb: + usb_free_urb(urb); +out_usb_kill_anchored_urbs: + if (!parent->active_channels) + usb_kill_anchored_urbs(&dev->tx_submitted); + + close_candev(netdev); + + return rc; } static int gs_usb_get_state(const struct net_device *netdev,

2 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] can: mcp251xfd: __mcp251xfd_chip_set_mode(): increase poll" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 9efa1a5407e81265ea502cab83be4de503decc49 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023072314-spent-tamper-2f00@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 9efa1a5407e8 ("can: mcp251xfd: __mcp251xfd_chip_set_mode(): increase poll timeout") c9e6b80dfd48 ("can: mcp251xfd: update macros describing ring, FIFO and RAM layout") 0a1f2e6502a1 ("can: mcp251xfd: ring: prepare support for runtime configurable RX/TX ring parameters") aada74220f00 ("can: mcp251xfd: mcp251xfd_priv: introduce macros specifying the number of supported TEF/RX/TX rings") 62713f0d9a38 ("can: mcp251xfd: ring: change order of TX and RX FIFOs") 617283b9c4db ("can: mcp251xfd: ring: prepare to change order of TX and RX FIFOs") d2d5397fcae1 ("can: mcp251xfd: mcp251xfd_ring_init(): split ring_init into separate functions") c912f19ee382 ("can: mcp251xfd: introduce struct mcp251xfd_tx_ring::nr and ::fifo_nr and make use of it") 2a68dd8663ea ("can: mcp251xfd: add support for internal PLL") e39ea1360ca7 ("can: mcp251xfd: mcp251xfd_chip_clock_init(): prepare for PLL support, wait for OSC ready") a10fd91e42e8 ("can: mcp251xfd: __mcp251xfd_chip_set_mode(): prepare for PLL support: improve error handling and diagnostics") 14193ea2bfee ("can: mcp251xfd: mcp251xfd_chip_timestamp_init(): factor out into separate function") 1ba3690fa2c6 ("can: mcp251xfd: mcp251xfd_chip_sleep(): introduce function to bring chip into sleep mode") 3044a4f271d2 ("can: mcp251xfd: introduce and make use of mcp251xfd_is_fd_mode()") 55bc37c85587 ("can: mcp251xfd: move ring init into separate function") 335c818c5a7a ("can: mcp251xfd: move chip FIFO init into separate file") 1e846c7aeb06 ("can: mcp251xfd: move TEF handling into separate file") 319fdbc9433c ("can: mcp251xfd: move RX handling into separate file") cae9071bc5ea ("can: mcp251xfd: mcp251xfd.h: sort function prototypes") 99e7cc3b3f85 ("can: mcp251xfd: mcp251xfd_tef_obj_read(): fix typo in error message") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9efa1a5407e81265ea502cab83be4de503decc49 Mon Sep 17 00:00:00 2001 From: Fedor Ross <fedor.ross(a)ifm.com> Date: Thu, 4 May 2023 21:50:59 +0200 Subject: [PATCH] can: mcp251xfd: __mcp251xfd_chip_set_mode(): increase poll timeout The mcp251xfd controller needs an idle bus to enter 'Normal CAN 2.0 mode' or . The maximum length of a CAN frame is 736 bits (64 data bytes, CAN-FD, EFF mode, worst case bit stuffing and interframe spacing). For low bit rates like 10 kbit/s the arbitrarily chosen MCP251XFD_POLL_TIMEOUT_US of 1 ms is too small. Otherwise during polling for the CAN controller to enter 'Normal CAN 2.0 mode' the timeout limit is exceeded and the configuration fails with: | $ ip link set dev can1 up type can bitrate 10000 | [ 731.911072] mcp251xfd spi2.1 can1: Controller failed to enter mode CAN 2.0 Mode (6) and stays in Configuration Mode (4) (con=0x068b0760, osc=0x00000468). | [ 731.927192] mcp251xfd spi2.1 can1: CRC read error at address 0x0e0c (length=4, data=00 00 00 00, CRC=0x0000) retrying. | [ 731.938101] A link change request failed with some changes committed already. Interface can1 may have been left with an inconsistent configuration, please check. | RTNETLINK answers: Connection timed out Make MCP251XFD_POLL_TIMEOUT_US timeout calculation dynamic. Use maximum of 1ms and bit time of 1 full 64 data bytes CAN-FD frame in EFF mode, worst case bit stuffing and interframe spacing at the current bit rate. For easier backporting define the macro MCP251XFD_FRAME_LEN_MAX_BITS that holds the max frame length in bits, which is 736. This can be replaced by can_frame_bits(true, true, true, true, CANFD_MAX_DLEN) in a cleanup patch later. Fixes: 55e5b97f003e8 ("can: mcp25xxfd: add driver for Microchip MCP25xxFD SPI CAN") Signed-off-by: Fedor Ross <fedor.ross(a)ifm.com> Signed-off-by: Marek Vasut <marex(a)denx.de> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/all/20230717-mcp251xfd-fix-increase-poll-timeout-v5… Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> diff --git a/drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c b/drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c index 68df6d4641b5..eebf967f4711 100644 --- a/drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c +++ b/drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c @@ -227,6 +227,8 @@ static int __mcp251xfd_chip_set_mode(const struct mcp251xfd_priv *priv, const u8 mode_req, bool nowait) { + const struct can_bittiming *bt = &priv->can.bittiming; + unsigned long timeout_us = MCP251XFD_POLL_TIMEOUT_US; u32 con = 0, con_reqop, osc = 0; u8 mode; int err; @@ -246,12 +248,16 @@ __mcp251xfd_chip_set_mode(const struct mcp251xfd_priv *priv, if (mode_req == MCP251XFD_REG_CON_MODE_SLEEP || nowait) return 0; + if (bt->bitrate) + timeout_us = max_t(unsigned long, timeout_us, + MCP251XFD_FRAME_LEN_MAX_BITS * USEC_PER_SEC / + bt->bitrate); + err = regmap_read_poll_timeout(priv->map_reg, MCP251XFD_REG_CON, con, !mcp251xfd_reg_invalid(con) && FIELD_GET(MCP251XFD_REG_CON_OPMOD_MASK, con) == mode_req, - MCP251XFD_POLL_SLEEP_US, - MCP251XFD_POLL_TIMEOUT_US); + MCP251XFD_POLL_SLEEP_US, timeout_us); if (err != -ETIMEDOUT && err != -EBADMSG) return err; diff --git a/drivers/net/can/spi/mcp251xfd/mcp251xfd.h b/drivers/net/can/spi/mcp251xfd/mcp251xfd.h index 7024ff0cc2c0..24510b3b8020 100644 --- a/drivers/net/can/spi/mcp251xfd/mcp251xfd.h +++ b/drivers/net/can/spi/mcp251xfd/mcp251xfd.h @@ -387,6 +387,7 @@ static_assert(MCP251XFD_TIMESTAMP_WORK_DELAY_SEC < #define MCP251XFD_OSC_STAB_TIMEOUT_US (10 * MCP251XFD_OSC_STAB_SLEEP_US) #define MCP251XFD_POLL_SLEEP_US (10) #define MCP251XFD_POLL_TIMEOUT_US (USEC_PER_MSEC) +#define MCP251XFD_FRAME_LEN_MAX_BITS (736) /* Misc */ #define MCP251XFD_NAPI_WEIGHT 32

2 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] can: mcp251xfd: __mcp251xfd_chip_set_mode(): increase poll" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 9efa1a5407e81265ea502cab83be4de503decc49 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023072312-thaw-tug-693d@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 9efa1a5407e8 ("can: mcp251xfd: __mcp251xfd_chip_set_mode(): increase poll timeout") c9e6b80dfd48 ("can: mcp251xfd: update macros describing ring, FIFO and RAM layout") 0a1f2e6502a1 ("can: mcp251xfd: ring: prepare support for runtime configurable RX/TX ring parameters") aada74220f00 ("can: mcp251xfd: mcp251xfd_priv: introduce macros specifying the number of supported TEF/RX/TX rings") 62713f0d9a38 ("can: mcp251xfd: ring: change order of TX and RX FIFOs") 617283b9c4db ("can: mcp251xfd: ring: prepare to change order of TX and RX FIFOs") d2d5397fcae1 ("can: mcp251xfd: mcp251xfd_ring_init(): split ring_init into separate functions") c912f19ee382 ("can: mcp251xfd: introduce struct mcp251xfd_tx_ring::nr and ::fifo_nr and make use of it") 2a68dd8663ea ("can: mcp251xfd: add support for internal PLL") e39ea1360ca7 ("can: mcp251xfd: mcp251xfd_chip_clock_init(): prepare for PLL support, wait for OSC ready") a10fd91e42e8 ("can: mcp251xfd: __mcp251xfd_chip_set_mode(): prepare for PLL support: improve error handling and diagnostics") 14193ea2bfee ("can: mcp251xfd: mcp251xfd_chip_timestamp_init(): factor out into separate function") 1ba3690fa2c6 ("can: mcp251xfd: mcp251xfd_chip_sleep(): introduce function to bring chip into sleep mode") 3044a4f271d2 ("can: mcp251xfd: introduce and make use of mcp251xfd_is_fd_mode()") 55bc37c85587 ("can: mcp251xfd: move ring init into separate function") 335c818c5a7a ("can: mcp251xfd: move chip FIFO init into separate file") 1e846c7aeb06 ("can: mcp251xfd: move TEF handling into separate file") 319fdbc9433c ("can: mcp251xfd: move RX handling into separate file") cae9071bc5ea ("can: mcp251xfd: mcp251xfd.h: sort function prototypes") 99e7cc3b3f85 ("can: mcp251xfd: mcp251xfd_tef_obj_read(): fix typo in error message") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9efa1a5407e81265ea502cab83be4de503decc49 Mon Sep 17 00:00:00 2001 From: Fedor Ross <fedor.ross(a)ifm.com> Date: Thu, 4 May 2023 21:50:59 +0200 Subject: [PATCH] can: mcp251xfd: __mcp251xfd_chip_set_mode(): increase poll timeout The mcp251xfd controller needs an idle bus to enter 'Normal CAN 2.0 mode' or . The maximum length of a CAN frame is 736 bits (64 data bytes, CAN-FD, EFF mode, worst case bit stuffing and interframe spacing). For low bit rates like 10 kbit/s the arbitrarily chosen MCP251XFD_POLL_TIMEOUT_US of 1 ms is too small. Otherwise during polling for the CAN controller to enter 'Normal CAN 2.0 mode' the timeout limit is exceeded and the configuration fails with: | $ ip link set dev can1 up type can bitrate 10000 | [ 731.911072] mcp251xfd spi2.1 can1: Controller failed to enter mode CAN 2.0 Mode (6) and stays in Configuration Mode (4) (con=0x068b0760, osc=0x00000468). | [ 731.927192] mcp251xfd spi2.1 can1: CRC read error at address 0x0e0c (length=4, data=00 00 00 00, CRC=0x0000) retrying. | [ 731.938101] A link change request failed with some changes committed already. Interface can1 may have been left with an inconsistent configuration, please check. | RTNETLINK answers: Connection timed out Make MCP251XFD_POLL_TIMEOUT_US timeout calculation dynamic. Use maximum of 1ms and bit time of 1 full 64 data bytes CAN-FD frame in EFF mode, worst case bit stuffing and interframe spacing at the current bit rate. For easier backporting define the macro MCP251XFD_FRAME_LEN_MAX_BITS that holds the max frame length in bits, which is 736. This can be replaced by can_frame_bits(true, true, true, true, CANFD_MAX_DLEN) in a cleanup patch later. Fixes: 55e5b97f003e8 ("can: mcp25xxfd: add driver for Microchip MCP25xxFD SPI CAN") Signed-off-by: Fedor Ross <fedor.ross(a)ifm.com> Signed-off-by: Marek Vasut <marex(a)denx.de> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/all/20230717-mcp251xfd-fix-increase-poll-timeout-v5… Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> diff --git a/drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c b/drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c index 68df6d4641b5..eebf967f4711 100644 --- a/drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c +++ b/drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c @@ -227,6 +227,8 @@ static int __mcp251xfd_chip_set_mode(const struct mcp251xfd_priv *priv, const u8 mode_req, bool nowait) { + const struct can_bittiming *bt = &priv->can.bittiming; + unsigned long timeout_us = MCP251XFD_POLL_TIMEOUT_US; u32 con = 0, con_reqop, osc = 0; u8 mode; int err; @@ -246,12 +248,16 @@ __mcp251xfd_chip_set_mode(const struct mcp251xfd_priv *priv, if (mode_req == MCP251XFD_REG_CON_MODE_SLEEP || nowait) return 0; + if (bt->bitrate) + timeout_us = max_t(unsigned long, timeout_us, + MCP251XFD_FRAME_LEN_MAX_BITS * USEC_PER_SEC / + bt->bitrate); + err = regmap_read_poll_timeout(priv->map_reg, MCP251XFD_REG_CON, con, !mcp251xfd_reg_invalid(con) && FIELD_GET(MCP251XFD_REG_CON_OPMOD_MASK, con) == mode_req, - MCP251XFD_POLL_SLEEP_US, - MCP251XFD_POLL_TIMEOUT_US); + MCP251XFD_POLL_SLEEP_US, timeout_us); if (err != -ETIMEDOUT && err != -EBADMSG) return err; diff --git a/drivers/net/can/spi/mcp251xfd/mcp251xfd.h b/drivers/net/can/spi/mcp251xfd/mcp251xfd.h index 7024ff0cc2c0..24510b3b8020 100644 --- a/drivers/net/can/spi/mcp251xfd/mcp251xfd.h +++ b/drivers/net/can/spi/mcp251xfd/mcp251xfd.h @@ -387,6 +387,7 @@ static_assert(MCP251XFD_TIMESTAMP_WORK_DELAY_SEC < #define MCP251XFD_OSC_STAB_TIMEOUT_US (10 * MCP251XFD_OSC_STAB_SLEEP_US) #define MCP251XFD_POLL_SLEEP_US (10) #define MCP251XFD_POLL_TIMEOUT_US (USEC_PER_MSEC) +#define MCP251XFD_FRAME_LEN_MAX_BITS (736) /* Misc */ #define MCP251XFD_NAPI_WEIGHT 32

2 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] can: raw: fix receiver memory leak" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.14.y git checkout FETCH_HEAD git cherry-pick -x ee8b94c8510ce64afe0b87ef548d23e00915fb10 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023072300-collision-chaste-2707@gregkh' --subject-prefix 'PATCH 4.14.y' HEAD^.. Possible dependencies: ee8b94c8510c ("can: raw: fix receiver memory leak") 1160dfa178eb ("net: Remove redundant if statements") 54f93336d000 ("can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF") e032f7c9c7ce ("net/packet: annotate accesses to po->ifindex") c7d2ef5dd4b0 ("net/packet: annotate accesses to po->bind") 8d0caedb7596 ("can: bcm/raw/isotp: use per module netdevice notifier") d329ea5bd884 ("icmp: add response to RFC 8335 PROBE messages") eeff3000f240 ("netfilter: flowtable: add offload support for xmit path types") 3d453f53c786 ("net/smc: Add diagnostic information to smc ib-device") ddc992866f13 ("net/smc: Add link counters for IB device ports") e057dd3fc20f ("can: add ISO 15765-2:2016 transport protocol") 5855357cd40e ("drop_monitor: Prepare probe functions for devlink tracepoint") 6a54dde843f7 ("can: raw: fix indention") 504776be46cb ("nl80211: Simplify error handling path in 'nl80211_trigger_scan()'") 63673597cca9 ("net/smc: protect smc ib device initialization") 92f3cb0e11dd ("net/smc: fix sleep bug in smc_pnet_find_roce_resource()") 242b23319809 ("Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ee8b94c8510ce64afe0b87ef548d23e00915fb10 Mon Sep 17 00:00:00 2001 From: Ziyang Xuan <william.xuanziyang(a)huawei.com> Date: Tue, 11 Jul 2023 09:17:37 +0800 Subject: [PATCH] can: raw: fix receiver memory leak Got kmemleak errors with the following ltp can_filter testcase: for ((i=1; i<=100; i++)) do ./can_filter & sleep 0.1 done ============================================================== [<00000000db4a4943>] can_rx_register+0x147/0x360 [can] [<00000000a289549d>] raw_setsockopt+0x5ef/0x853 [can_raw] [<000000006d3d9ebd>] __sys_setsockopt+0x173/0x2c0 [<00000000407dbfec>] __x64_sys_setsockopt+0x61/0x70 [<00000000fd468496>] do_syscall_64+0x33/0x40 [<00000000b7e47d51>] entry_SYSCALL_64_after_hwframe+0x61/0xc6 It's a bug in the concurrent scenario of unregister_netdevice_many() and raw_release() as following: cpu0 cpu1 unregister_netdevice_many(can_dev) unlist_netdevice(can_dev) // dev_get_by_index() return NULL after this net_set_todo(can_dev) raw_release(can_socket) dev = dev_get_by_index(, ro->ifindex); // dev == NULL if (dev) { // receivers in dev_rcv_lists not free because dev is NULL raw_disable_allfilters(, dev, ); dev_put(dev); } ... ro->bound = 0; ... call_netdevice_notifiers(NETDEV_UNREGISTER, ) raw_notify(, NETDEV_UNREGISTER, ) if (ro->bound) // invalid because ro->bound has been set 0 raw_disable_allfilters(, dev, ); // receivers in dev_rcv_lists will never be freed Add a net_device pointer member in struct raw_sock to record bound can_dev, and use rtnl_lock to serialize raw_socket members between raw_bind(), raw_release(), raw_setsockopt() and raw_notify(). Use ro->dev to decide whether to free receivers in dev_rcv_lists. Fixes: 8d0caedb7596 ("can: bcm/raw/isotp: use per module netdevice notifier") Reviewed-by: Oliver Hartkopp <socketcan(a)hartkopp.net> Acked-by: Oliver Hartkopp <socketcan(a)hartkopp.net> Signed-off-by: Ziyang Xuan <william.xuanziyang(a)huawei.com> Link: https://lore.kernel.org/all/20230711011737.1969582-1-william.xuanziyang@hua… Cc: stable(a)vger.kernel.org Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> diff --git a/net/can/raw.c b/net/can/raw.c index 15c79b079184..2302e4882967 100644 --- a/net/can/raw.c +++ b/net/can/raw.c @@ -84,6 +84,7 @@ struct raw_sock { struct sock sk; int bound; int ifindex; + struct net_device *dev; struct list_head notifier; int loopback; int recv_own_msgs; @@ -277,7 +278,7 @@ static void raw_notify(struct raw_sock *ro, unsigned long msg, if (!net_eq(dev_net(dev), sock_net(sk))) return; - if (ro->ifindex != dev->ifindex) + if (ro->dev != dev) return; switch (msg) { @@ -292,6 +293,7 @@ static void raw_notify(struct raw_sock *ro, unsigned long msg, ro->ifindex = 0; ro->bound = 0; + ro->dev = NULL; ro->count = 0; release_sock(sk); @@ -337,6 +339,7 @@ static int raw_init(struct sock *sk) ro->bound = 0; ro->ifindex = 0; + ro->dev = NULL; /* set default filter to single entry dfilter */ ro->dfilter.can_id = 0; @@ -385,19 +388,13 @@ static int raw_release(struct socket *sock) lock_sock(sk); + rtnl_lock(); /* remove current filters & unregister */ if (ro->bound) { - if (ro->ifindex) { - struct net_device *dev; - - dev = dev_get_by_index(sock_net(sk), ro->ifindex); - if (dev) { - raw_disable_allfilters(dev_net(dev), dev, sk); - dev_put(dev); - } - } else { + if (ro->dev) + raw_disable_allfilters(dev_net(ro->dev), ro->dev, sk); + else raw_disable_allfilters(sock_net(sk), NULL, sk); - } } if (ro->count > 1) @@ -405,8 +402,10 @@ static int raw_release(struct socket *sock) ro->ifindex = 0; ro->bound = 0; + ro->dev = NULL; ro->count = 0; free_percpu(ro->uniq); + rtnl_unlock(); sock_orphan(sk); sock->sk = NULL; @@ -422,6 +421,7 @@ static int raw_bind(struct socket *sock, struct sockaddr *uaddr, int len) struct sockaddr_can *addr = (struct sockaddr_can *)uaddr; struct sock *sk = sock->sk; struct raw_sock *ro = raw_sk(sk); + struct net_device *dev = NULL; int ifindex; int err = 0; int notify_enetdown = 0; @@ -431,14 +431,13 @@ static int raw_bind(struct socket *sock, struct sockaddr *uaddr, int len) if (addr->can_family != AF_CAN) return -EINVAL; + rtnl_lock(); lock_sock(sk); if (ro->bound && addr->can_ifindex == ro->ifindex) goto out; if (addr->can_ifindex) { - struct net_device *dev; - dev = dev_get_by_index(sock_net(sk), addr->can_ifindex); if (!dev) { err = -ENODEV; @@ -467,26 +466,20 @@ static int raw_bind(struct socket *sock, struct sockaddr *uaddr, int len) if (!err) { if (ro->bound) { /* unregister old filters */ - if (ro->ifindex) { - struct net_device *dev; - - dev = dev_get_by_index(sock_net(sk), - ro->ifindex); - if (dev) { - raw_disable_allfilters(dev_net(dev), - dev, sk); - dev_put(dev); - } - } else { + if (ro->dev) + raw_disable_allfilters(dev_net(ro->dev), + ro->dev, sk); + else raw_disable_allfilters(sock_net(sk), NULL, sk); - } } ro->ifindex = ifindex; ro->bound = 1; + ro->dev = dev; } out: release_sock(sk); + rtnl_unlock(); if (notify_enetdown) { sk->sk_err = ENETDOWN; @@ -553,9 +546,9 @@ static int raw_setsockopt(struct socket *sock, int level, int optname, rtnl_lock(); lock_sock(sk); - if (ro->bound && ro->ifindex) { - dev = dev_get_by_index(sock_net(sk), ro->ifindex); - if (!dev) { + dev = ro->dev; + if (ro->bound && dev) { + if (dev->reg_state != NETREG_REGISTERED) { if (count > 1) kfree(filter); err = -ENODEV; @@ -596,7 +589,6 @@ static int raw_setsockopt(struct socket *sock, int level, int optname, ro->count = count; out_fil: - dev_put(dev); release_sock(sk); rtnl_unlock(); @@ -614,9 +606,9 @@ static int raw_setsockopt(struct socket *sock, int level, int optname, rtnl_lock(); lock_sock(sk); - if (ro->bound && ro->ifindex) { - dev = dev_get_by_index(sock_net(sk), ro->ifindex); - if (!dev) { + dev = ro->dev; + if (ro->bound && dev) { + if (dev->reg_state != NETREG_REGISTERED) { err = -ENODEV; goto out_err; } @@ -640,7 +632,6 @@ static int raw_setsockopt(struct socket *sock, int level, int optname, ro->err_mask = err_mask; out_err: - dev_put(dev); release_sock(sk); rtnl_unlock();

2 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] can: raw: fix receiver memory leak" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x ee8b94c8510ce64afe0b87ef548d23e00915fb10 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023072358-stifling-revenue-3a94@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: ee8b94c8510c ("can: raw: fix receiver memory leak") 1160dfa178eb ("net: Remove redundant if statements") 54f93336d000 ("can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF") e032f7c9c7ce ("net/packet: annotate accesses to po->ifindex") c7d2ef5dd4b0 ("net/packet: annotate accesses to po->bind") 8d0caedb7596 ("can: bcm/raw/isotp: use per module netdevice notifier") d329ea5bd884 ("icmp: add response to RFC 8335 PROBE messages") eeff3000f240 ("netfilter: flowtable: add offload support for xmit path types") 3d453f53c786 ("net/smc: Add diagnostic information to smc ib-device") ddc992866f13 ("net/smc: Add link counters for IB device ports") e057dd3fc20f ("can: add ISO 15765-2:2016 transport protocol") 5855357cd40e ("drop_monitor: Prepare probe functions for devlink tracepoint") 6a54dde843f7 ("can: raw: fix indention") 504776be46cb ("nl80211: Simplify error handling path in 'nl80211_trigger_scan()'") 63673597cca9 ("net/smc: protect smc ib device initialization") 92f3cb0e11dd ("net/smc: fix sleep bug in smc_pnet_find_roce_resource()") 242b23319809 ("Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ee8b94c8510ce64afe0b87ef548d23e00915fb10 Mon Sep 17 00:00:00 2001 From: Ziyang Xuan <william.xuanziyang(a)huawei.com> Date: Tue, 11 Jul 2023 09:17:37 +0800 Subject: [PATCH] can: raw: fix receiver memory leak Got kmemleak errors with the following ltp can_filter testcase: for ((i=1; i<=100; i++)) do ./can_filter & sleep 0.1 done ============================================================== [<00000000db4a4943>] can_rx_register+0x147/0x360 [can] [<00000000a289549d>] raw_setsockopt+0x5ef/0x853 [can_raw] [<000000006d3d9ebd>] __sys_setsockopt+0x173/0x2c0 [<00000000407dbfec>] __x64_sys_setsockopt+0x61/0x70 [<00000000fd468496>] do_syscall_64+0x33/0x40 [<00000000b7e47d51>] entry_SYSCALL_64_after_hwframe+0x61/0xc6 It's a bug in the concurrent scenario of unregister_netdevice_many() and raw_release() as following: cpu0 cpu1 unregister_netdevice_many(can_dev) unlist_netdevice(can_dev) // dev_get_by_index() return NULL after this net_set_todo(can_dev) raw_release(can_socket) dev = dev_get_by_index(, ro->ifindex); // dev == NULL if (dev) { // receivers in dev_rcv_lists not free because dev is NULL raw_disable_allfilters(, dev, ); dev_put(dev); } ... ro->bound = 0; ... call_netdevice_notifiers(NETDEV_UNREGISTER, ) raw_notify(, NETDEV_UNREGISTER, ) if (ro->bound) // invalid because ro->bound has been set 0 raw_disable_allfilters(, dev, ); // receivers in dev_rcv_lists will never be freed Add a net_device pointer member in struct raw_sock to record bound can_dev, and use rtnl_lock to serialize raw_socket members between raw_bind(), raw_release(), raw_setsockopt() and raw_notify(). Use ro->dev to decide whether to free receivers in dev_rcv_lists. Fixes: 8d0caedb7596 ("can: bcm/raw/isotp: use per module netdevice notifier") Reviewed-by: Oliver Hartkopp <socketcan(a)hartkopp.net> Acked-by: Oliver Hartkopp <socketcan(a)hartkopp.net> Signed-off-by: Ziyang Xuan <william.xuanziyang(a)huawei.com> Link: https://lore.kernel.org/all/20230711011737.1969582-1-william.xuanziyang@hua… Cc: stable(a)vger.kernel.org Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> diff --git a/net/can/raw.c b/net/can/raw.c index 15c79b079184..2302e4882967 100644 --- a/net/can/raw.c +++ b/net/can/raw.c @@ -84,6 +84,7 @@ struct raw_sock { struct sock sk; int bound; int ifindex; + struct net_device *dev; struct list_head notifier; int loopback; int recv_own_msgs; @@ -277,7 +278,7 @@ static void raw_notify(struct raw_sock *ro, unsigned long msg, if (!net_eq(dev_net(dev), sock_net(sk))) return; - if (ro->ifindex != dev->ifindex) + if (ro->dev != dev) return; switch (msg) { @@ -292,6 +293,7 @@ static void raw_notify(struct raw_sock *ro, unsigned long msg, ro->ifindex = 0; ro->bound = 0; + ro->dev = NULL; ro->count = 0; release_sock(sk); @@ -337,6 +339,7 @@ static int raw_init(struct sock *sk) ro->bound = 0; ro->ifindex = 0; + ro->dev = NULL; /* set default filter to single entry dfilter */ ro->dfilter.can_id = 0; @@ -385,19 +388,13 @@ static int raw_release(struct socket *sock) lock_sock(sk); + rtnl_lock(); /* remove current filters & unregister */ if (ro->bound) { - if (ro->ifindex) { - struct net_device *dev; - - dev = dev_get_by_index(sock_net(sk), ro->ifindex); - if (dev) { - raw_disable_allfilters(dev_net(dev), dev, sk); - dev_put(dev); - } - } else { + if (ro->dev) + raw_disable_allfilters(dev_net(ro->dev), ro->dev, sk); + else raw_disable_allfilters(sock_net(sk), NULL, sk); - } } if (ro->count > 1) @@ -405,8 +402,10 @@ static int raw_release(struct socket *sock) ro->ifindex = 0; ro->bound = 0; + ro->dev = NULL; ro->count = 0; free_percpu(ro->uniq); + rtnl_unlock(); sock_orphan(sk); sock->sk = NULL; @@ -422,6 +421,7 @@ static int raw_bind(struct socket *sock, struct sockaddr *uaddr, int len) struct sockaddr_can *addr = (struct sockaddr_can *)uaddr; struct sock *sk = sock->sk; struct raw_sock *ro = raw_sk(sk); + struct net_device *dev = NULL; int ifindex; int err = 0; int notify_enetdown = 0; @@ -431,14 +431,13 @@ static int raw_bind(struct socket *sock, struct sockaddr *uaddr, int len) if (addr->can_family != AF_CAN) return -EINVAL; + rtnl_lock(); lock_sock(sk); if (ro->bound && addr->can_ifindex == ro->ifindex) goto out; if (addr->can_ifindex) { - struct net_device *dev; - dev = dev_get_by_index(sock_net(sk), addr->can_ifindex); if (!dev) { err = -ENODEV; @@ -467,26 +466,20 @@ static int raw_bind(struct socket *sock, struct sockaddr *uaddr, int len) if (!err) { if (ro->bound) { /* unregister old filters */ - if (ro->ifindex) { - struct net_device *dev; - - dev = dev_get_by_index(sock_net(sk), - ro->ifindex); - if (dev) { - raw_disable_allfilters(dev_net(dev), - dev, sk); - dev_put(dev); - } - } else { + if (ro->dev) + raw_disable_allfilters(dev_net(ro->dev), + ro->dev, sk); + else raw_disable_allfilters(sock_net(sk), NULL, sk); - } } ro->ifindex = ifindex; ro->bound = 1; + ro->dev = dev; } out: release_sock(sk); + rtnl_unlock(); if (notify_enetdown) { sk->sk_err = ENETDOWN; @@ -553,9 +546,9 @@ static int raw_setsockopt(struct socket *sock, int level, int optname, rtnl_lock(); lock_sock(sk); - if (ro->bound && ro->ifindex) { - dev = dev_get_by_index(sock_net(sk), ro->ifindex); - if (!dev) { + dev = ro->dev; + if (ro->bound && dev) { + if (dev->reg_state != NETREG_REGISTERED) { if (count > 1) kfree(filter); err = -ENODEV; @@ -596,7 +589,6 @@ static int raw_setsockopt(struct socket *sock, int level, int optname, ro->count = count; out_fil: - dev_put(dev); release_sock(sk); rtnl_unlock(); @@ -614,9 +606,9 @@ static int raw_setsockopt(struct socket *sock, int level, int optname, rtnl_lock(); lock_sock(sk); - if (ro->bound && ro->ifindex) { - dev = dev_get_by_index(sock_net(sk), ro->ifindex); - if (!dev) { + dev = ro->dev; + if (ro->bound && dev) { + if (dev->reg_state != NETREG_REGISTERED) { err = -ENODEV; goto out_err; } @@ -640,7 +632,6 @@ static int raw_setsockopt(struct socket *sock, int level, int optname, ro->err_mask = err_mask; out_err: - dev_put(dev); release_sock(sk); rtnl_unlock();

2 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] can: raw: fix receiver memory leak" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x ee8b94c8510ce64afe0b87ef548d23e00915fb10 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023072356-marlin-untrue-8b08@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: ee8b94c8510c ("can: raw: fix receiver memory leak") 1160dfa178eb ("net: Remove redundant if statements") 54f93336d000 ("can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF") e032f7c9c7ce ("net/packet: annotate accesses to po->ifindex") c7d2ef5dd4b0 ("net/packet: annotate accesses to po->bind") 8d0caedb7596 ("can: bcm/raw/isotp: use per module netdevice notifier") d329ea5bd884 ("icmp: add response to RFC 8335 PROBE messages") eeff3000f240 ("netfilter: flowtable: add offload support for xmit path types") 3d453f53c786 ("net/smc: Add diagnostic information to smc ib-device") ddc992866f13 ("net/smc: Add link counters for IB device ports") e057dd3fc20f ("can: add ISO 15765-2:2016 transport protocol") 5855357cd40e ("drop_monitor: Prepare probe functions for devlink tracepoint") 6a54dde843f7 ("can: raw: fix indention") 504776be46cb ("nl80211: Simplify error handling path in 'nl80211_trigger_scan()'") 63673597cca9 ("net/smc: protect smc ib device initialization") 92f3cb0e11dd ("net/smc: fix sleep bug in smc_pnet_find_roce_resource()") 242b23319809 ("Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ee8b94c8510ce64afe0b87ef548d23e00915fb10 Mon Sep 17 00:00:00 2001 From: Ziyang Xuan <william.xuanziyang(a)huawei.com> Date: Tue, 11 Jul 2023 09:17:37 +0800 Subject: [PATCH] can: raw: fix receiver memory leak Got kmemleak errors with the following ltp can_filter testcase: for ((i=1; i<=100; i++)) do ./can_filter & sleep 0.1 done ============================================================== [<00000000db4a4943>] can_rx_register+0x147/0x360 [can] [<00000000a289549d>] raw_setsockopt+0x5ef/0x853 [can_raw] [<000000006d3d9ebd>] __sys_setsockopt+0x173/0x2c0 [<00000000407dbfec>] __x64_sys_setsockopt+0x61/0x70 [<00000000fd468496>] do_syscall_64+0x33/0x40 [<00000000b7e47d51>] entry_SYSCALL_64_after_hwframe+0x61/0xc6 It's a bug in the concurrent scenario of unregister_netdevice_many() and raw_release() as following: cpu0 cpu1 unregister_netdevice_many(can_dev) unlist_netdevice(can_dev) // dev_get_by_index() return NULL after this net_set_todo(can_dev) raw_release(can_socket) dev = dev_get_by_index(, ro->ifindex); // dev == NULL if (dev) { // receivers in dev_rcv_lists not free because dev is NULL raw_disable_allfilters(, dev, ); dev_put(dev); } ... ro->bound = 0; ... call_netdevice_notifiers(NETDEV_UNREGISTER, ) raw_notify(, NETDEV_UNREGISTER, ) if (ro->bound) // invalid because ro->bound has been set 0 raw_disable_allfilters(, dev, ); // receivers in dev_rcv_lists will never be freed Add a net_device pointer member in struct raw_sock to record bound can_dev, and use rtnl_lock to serialize raw_socket members between raw_bind(), raw_release(), raw_setsockopt() and raw_notify(). Use ro->dev to decide whether to free receivers in dev_rcv_lists. Fixes: 8d0caedb7596 ("can: bcm/raw/isotp: use per module netdevice notifier") Reviewed-by: Oliver Hartkopp <socketcan(a)hartkopp.net> Acked-by: Oliver Hartkopp <socketcan(a)hartkopp.net> Signed-off-by: Ziyang Xuan <william.xuanziyang(a)huawei.com> Link: https://lore.kernel.org/all/20230711011737.1969582-1-william.xuanziyang@hua… Cc: stable(a)vger.kernel.org Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> diff --git a/net/can/raw.c b/net/can/raw.c index 15c79b079184..2302e4882967 100644 --- a/net/can/raw.c +++ b/net/can/raw.c @@ -84,6 +84,7 @@ struct raw_sock { struct sock sk; int bound; int ifindex; + struct net_device *dev; struct list_head notifier; int loopback; int recv_own_msgs; @@ -277,7 +278,7 @@ static void raw_notify(struct raw_sock *ro, unsigned long msg, if (!net_eq(dev_net(dev), sock_net(sk))) return; - if (ro->ifindex != dev->ifindex) + if (ro->dev != dev) return; switch (msg) { @@ -292,6 +293,7 @@ static void raw_notify(struct raw_sock *ro, unsigned long msg, ro->ifindex = 0; ro->bound = 0; + ro->dev = NULL; ro->count = 0; release_sock(sk); @@ -337,6 +339,7 @@ static int raw_init(struct sock *sk) ro->bound = 0; ro->ifindex = 0; + ro->dev = NULL; /* set default filter to single entry dfilter */ ro->dfilter.can_id = 0; @@ -385,19 +388,13 @@ static int raw_release(struct socket *sock) lock_sock(sk); + rtnl_lock(); /* remove current filters & unregister */ if (ro->bound) { - if (ro->ifindex) { - struct net_device *dev; - - dev = dev_get_by_index(sock_net(sk), ro->ifindex); - if (dev) { - raw_disable_allfilters(dev_net(dev), dev, sk); - dev_put(dev); - } - } else { + if (ro->dev) + raw_disable_allfilters(dev_net(ro->dev), ro->dev, sk); + else raw_disable_allfilters(sock_net(sk), NULL, sk); - } } if (ro->count > 1) @@ -405,8 +402,10 @@ static int raw_release(struct socket *sock) ro->ifindex = 0; ro->bound = 0; + ro->dev = NULL; ro->count = 0; free_percpu(ro->uniq); + rtnl_unlock(); sock_orphan(sk); sock->sk = NULL; @@ -422,6 +421,7 @@ static int raw_bind(struct socket *sock, struct sockaddr *uaddr, int len) struct sockaddr_can *addr = (struct sockaddr_can *)uaddr; struct sock *sk = sock->sk; struct raw_sock *ro = raw_sk(sk); + struct net_device *dev = NULL; int ifindex; int err = 0; int notify_enetdown = 0; @@ -431,14 +431,13 @@ static int raw_bind(struct socket *sock, struct sockaddr *uaddr, int len) if (addr->can_family != AF_CAN) return -EINVAL; + rtnl_lock(); lock_sock(sk); if (ro->bound && addr->can_ifindex == ro->ifindex) goto out; if (addr->can_ifindex) { - struct net_device *dev; - dev = dev_get_by_index(sock_net(sk), addr->can_ifindex); if (!dev) { err = -ENODEV; @@ -467,26 +466,20 @@ static int raw_bind(struct socket *sock, struct sockaddr *uaddr, int len) if (!err) { if (ro->bound) { /* unregister old filters */ - if (ro->ifindex) { - struct net_device *dev; - - dev = dev_get_by_index(sock_net(sk), - ro->ifindex); - if (dev) { - raw_disable_allfilters(dev_net(dev), - dev, sk); - dev_put(dev); - } - } else { + if (ro->dev) + raw_disable_allfilters(dev_net(ro->dev), + ro->dev, sk); + else raw_disable_allfilters(sock_net(sk), NULL, sk); - } } ro->ifindex = ifindex; ro->bound = 1; + ro->dev = dev; } out: release_sock(sk); + rtnl_unlock(); if (notify_enetdown) { sk->sk_err = ENETDOWN; @@ -553,9 +546,9 @@ static int raw_setsockopt(struct socket *sock, int level, int optname, rtnl_lock(); lock_sock(sk); - if (ro->bound && ro->ifindex) { - dev = dev_get_by_index(sock_net(sk), ro->ifindex); - if (!dev) { + dev = ro->dev; + if (ro->bound && dev) { + if (dev->reg_state != NETREG_REGISTERED) { if (count > 1) kfree(filter); err = -ENODEV; @@ -596,7 +589,6 @@ static int raw_setsockopt(struct socket *sock, int level, int optname, ro->count = count; out_fil: - dev_put(dev); release_sock(sk); rtnl_unlock(); @@ -614,9 +606,9 @@ static int raw_setsockopt(struct socket *sock, int level, int optname, rtnl_lock(); lock_sock(sk); - if (ro->bound && ro->ifindex) { - dev = dev_get_by_index(sock_net(sk), ro->ifindex); - if (!dev) { + dev = ro->dev; + if (ro->bound && dev) { + if (dev->reg_state != NETREG_REGISTERED) { err = -ENODEV; goto out_err; } @@ -640,7 +632,6 @@ static int raw_setsockopt(struct socket *sock, int level, int optname, ro->err_mask = err_mask; out_err: - dev_put(dev); release_sock(sk); rtnl_unlock();

2 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] can: raw: fix receiver memory leak" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x ee8b94c8510ce64afe0b87ef548d23e00915fb10 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023072355-alongside-hatchet-2655@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: ee8b94c8510c ("can: raw: fix receiver memory leak") 1160dfa178eb ("net: Remove redundant if statements") 54f93336d000 ("can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF") e032f7c9c7ce ("net/packet: annotate accesses to po->ifindex") c7d2ef5dd4b0 ("net/packet: annotate accesses to po->bind") 8d0caedb7596 ("can: bcm/raw/isotp: use per module netdevice notifier") d329ea5bd884 ("icmp: add response to RFC 8335 PROBE messages") eeff3000f240 ("netfilter: flowtable: add offload support for xmit path types") 3d453f53c786 ("net/smc: Add diagnostic information to smc ib-device") ddc992866f13 ("net/smc: Add link counters for IB device ports") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ee8b94c8510ce64afe0b87ef548d23e00915fb10 Mon Sep 17 00:00:00 2001 From: Ziyang Xuan <william.xuanziyang(a)huawei.com> Date: Tue, 11 Jul 2023 09:17:37 +0800 Subject: [PATCH] can: raw: fix receiver memory leak Got kmemleak errors with the following ltp can_filter testcase: for ((i=1; i<=100; i++)) do ./can_filter & sleep 0.1 done ============================================================== [<00000000db4a4943>] can_rx_register+0x147/0x360 [can] [<00000000a289549d>] raw_setsockopt+0x5ef/0x853 [can_raw] [<000000006d3d9ebd>] __sys_setsockopt+0x173/0x2c0 [<00000000407dbfec>] __x64_sys_setsockopt+0x61/0x70 [<00000000fd468496>] do_syscall_64+0x33/0x40 [<00000000b7e47d51>] entry_SYSCALL_64_after_hwframe+0x61/0xc6 It's a bug in the concurrent scenario of unregister_netdevice_many() and raw_release() as following: cpu0 cpu1 unregister_netdevice_many(can_dev) unlist_netdevice(can_dev) // dev_get_by_index() return NULL after this net_set_todo(can_dev) raw_release(can_socket) dev = dev_get_by_index(, ro->ifindex); // dev == NULL if (dev) { // receivers in dev_rcv_lists not free because dev is NULL raw_disable_allfilters(, dev, ); dev_put(dev); } ... ro->bound = 0; ... call_netdevice_notifiers(NETDEV_UNREGISTER, ) raw_notify(, NETDEV_UNREGISTER, ) if (ro->bound) // invalid because ro->bound has been set 0 raw_disable_allfilters(, dev, ); // receivers in dev_rcv_lists will never be freed Add a net_device pointer member in struct raw_sock to record bound can_dev, and use rtnl_lock to serialize raw_socket members between raw_bind(), raw_release(), raw_setsockopt() and raw_notify(). Use ro->dev to decide whether to free receivers in dev_rcv_lists. Fixes: 8d0caedb7596 ("can: bcm/raw/isotp: use per module netdevice notifier") Reviewed-by: Oliver Hartkopp <socketcan(a)hartkopp.net> Acked-by: Oliver Hartkopp <socketcan(a)hartkopp.net> Signed-off-by: Ziyang Xuan <william.xuanziyang(a)huawei.com> Link: https://lore.kernel.org/all/20230711011737.1969582-1-william.xuanziyang@hua… Cc: stable(a)vger.kernel.org Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> diff --git a/net/can/raw.c b/net/can/raw.c index 15c79b079184..2302e4882967 100644 --- a/net/can/raw.c +++ b/net/can/raw.c @@ -84,6 +84,7 @@ struct raw_sock { struct sock sk; int bound; int ifindex; + struct net_device *dev; struct list_head notifier; int loopback; int recv_own_msgs; @@ -277,7 +278,7 @@ static void raw_notify(struct raw_sock *ro, unsigned long msg, if (!net_eq(dev_net(dev), sock_net(sk))) return; - if (ro->ifindex != dev->ifindex) + if (ro->dev != dev) return; switch (msg) { @@ -292,6 +293,7 @@ static void raw_notify(struct raw_sock *ro, unsigned long msg, ro->ifindex = 0; ro->bound = 0; + ro->dev = NULL; ro->count = 0; release_sock(sk); @@ -337,6 +339,7 @@ static int raw_init(struct sock *sk) ro->bound = 0; ro->ifindex = 0; + ro->dev = NULL; /* set default filter to single entry dfilter */ ro->dfilter.can_id = 0; @@ -385,19 +388,13 @@ static int raw_release(struct socket *sock) lock_sock(sk); + rtnl_lock(); /* remove current filters & unregister */ if (ro->bound) { - if (ro->ifindex) { - struct net_device *dev; - - dev = dev_get_by_index(sock_net(sk), ro->ifindex); - if (dev) { - raw_disable_allfilters(dev_net(dev), dev, sk); - dev_put(dev); - } - } else { + if (ro->dev) + raw_disable_allfilters(dev_net(ro->dev), ro->dev, sk); + else raw_disable_allfilters(sock_net(sk), NULL, sk); - } } if (ro->count > 1) @@ -405,8 +402,10 @@ static int raw_release(struct socket *sock) ro->ifindex = 0; ro->bound = 0; + ro->dev = NULL; ro->count = 0; free_percpu(ro->uniq); + rtnl_unlock(); sock_orphan(sk); sock->sk = NULL; @@ -422,6 +421,7 @@ static int raw_bind(struct socket *sock, struct sockaddr *uaddr, int len) struct sockaddr_can *addr = (struct sockaddr_can *)uaddr; struct sock *sk = sock->sk; struct raw_sock *ro = raw_sk(sk); + struct net_device *dev = NULL; int ifindex; int err = 0; int notify_enetdown = 0; @@ -431,14 +431,13 @@ static int raw_bind(struct socket *sock, struct sockaddr *uaddr, int len) if (addr->can_family != AF_CAN) return -EINVAL; + rtnl_lock(); lock_sock(sk); if (ro->bound && addr->can_ifindex == ro->ifindex) goto out; if (addr->can_ifindex) { - struct net_device *dev; - dev = dev_get_by_index(sock_net(sk), addr->can_ifindex); if (!dev) { err = -ENODEV; @@ -467,26 +466,20 @@ static int raw_bind(struct socket *sock, struct sockaddr *uaddr, int len) if (!err) { if (ro->bound) { /* unregister old filters */ - if (ro->ifindex) { - struct net_device *dev; - - dev = dev_get_by_index(sock_net(sk), - ro->ifindex); - if (dev) { - raw_disable_allfilters(dev_net(dev), - dev, sk); - dev_put(dev); - } - } else { + if (ro->dev) + raw_disable_allfilters(dev_net(ro->dev), + ro->dev, sk); + else raw_disable_allfilters(sock_net(sk), NULL, sk); - } } ro->ifindex = ifindex; ro->bound = 1; + ro->dev = dev; } out: release_sock(sk); + rtnl_unlock(); if (notify_enetdown) { sk->sk_err = ENETDOWN; @@ -553,9 +546,9 @@ static int raw_setsockopt(struct socket *sock, int level, int optname, rtnl_lock(); lock_sock(sk); - if (ro->bound && ro->ifindex) { - dev = dev_get_by_index(sock_net(sk), ro->ifindex); - if (!dev) { + dev = ro->dev; + if (ro->bound && dev) { + if (dev->reg_state != NETREG_REGISTERED) { if (count > 1) kfree(filter); err = -ENODEV; @@ -596,7 +589,6 @@ static int raw_setsockopt(struct socket *sock, int level, int optname, ro->count = count; out_fil: - dev_put(dev); release_sock(sk); rtnl_unlock(); @@ -614,9 +606,9 @@ static int raw_setsockopt(struct socket *sock, int level, int optname, rtnl_lock(); lock_sock(sk); - if (ro->bound && ro->ifindex) { - dev = dev_get_by_index(sock_net(sk), ro->ifindex); - if (!dev) { + dev = ro->dev; + if (ro->bound && dev) { + if (dev->reg_state != NETREG_REGISTERED) { err = -ENODEV; goto out_err; } @@ -640,7 +632,6 @@ static int raw_setsockopt(struct socket *sock, int level, int optname, ro->err_mask = err_mask; out_err: - dev_put(dev); release_sock(sk); rtnl_unlock();

2 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: fix use-after-free of new block group that became" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 0657b20c5a76c938612f8409735a8830d257866e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023072320-veal-canopy-e2f5@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 0657b20c5a76 ("btrfs: fix use-after-free of new block group that became unused") a9f189716cf1 ("btrfs: move out now unused BG from the reclaim list") 961f5b8bf48a ("btrfs: convert btrfs_block_group::seq_zone to runtime flag") 0d7764ff58b4 ("btrfs: convert btrfs_block_group::needs_free_space to runtime flag") 3349b57fd47b ("btrfs: convert block group bit field to use bit helpers") 9d4b0a129a0d ("btrfs: simplify arguments of btrfs_update_space_info and rename") 6ca64ac27631 ("btrfs: zoned: fix mounting with conventional zones") ced8ecf026fd ("btrfs: fix space cache corruption and potential double allocations") b09315139136 ("btrfs: zoned: activate metadata block group on flush_space") 6a921de58992 ("btrfs: zoned: introduce space_info->active_total_bytes") 393f646e34c1 ("btrfs: zoned: finish least available block group on data bg allocation") bb9950d3df71 ("btrfs: let can_allocate_chunk return error") f6fca3917b4d ("btrfs: store chunk size in space-info struct") b3a3b0255797 ("btrfs: zoned: drop optimization of zone finish") 343d8a30851c ("btrfs: zoned: prevent allocation from previous data relocation BG") 56fbb0a4e8b3 ("btrfs: zoned: properly finish block group on metadata write") d70cbdda75da ("btrfs: zoned: consolidate zone finish functions") 09022b14fafc ("btrfs: scrub: introduce dedicated helper to scrub simple-mirror based range") 416bd7e7af60 ("btrfs: scrub: introduce a helper to locate an extent item") 16b0c2581e3a ("btrfs: use a read/write lock for protecting the block groups tree") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0657b20c5a76c938612f8409735a8830d257866e Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Wed, 28 Jun 2023 17:13:37 +0100 Subject: [PATCH] btrfs: fix use-after-free of new block group that became unused If a task creates a new block group and that block group becomes unused before we finish its creation, at btrfs_create_pending_block_groups(), then when btrfs_mark_bg_unused() is called against the block group, we assume that the block group is currently in the list of block groups to reclaim, and we move it out of the list of new block groups and into the list of unused block groups. This has two consequences: 1) We move it out of the list of new block groups associated to the current transaction. So the block group creation is not finished and if we attempt to delete the bg because it's unused, we will not find the block group item in the extent tree (or the new block group tree), its device extent items in the device tree etc, resulting in the deletion to fail due to the missing items; 2) We don't increment the reference count on the block group when we move it to the list of unused block groups, because we assumed the block group was on the list of block groups to reclaim, and in that case it already has the correct reference count. However the block group was on the list of new block groups, in which case no extra reference was taken because it's local to the current task. This later results in doing an extra reference count decrement when removing the block group from the unused list, eventually leading the reference count to 0. This second case was caught when running generic/297 from fstests, which produced the following assertion failure and stack trace: [589.559] assertion failed: refcount_read(&block_group->refs) == 1, in fs/btrfs/block-group.c:4299 [589.559] ------------[ cut here ]------------ [589.559] kernel BUG at fs/btrfs/block-group.c:4299! [589.560] invalid opcode: 0000 [#1] PREEMPT SMP PTI [589.560] CPU: 8 PID: 2819134 Comm: umount Tainted: G W 6.4.0-rc6-btrfs-next-134+ #1 [589.560] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-0-gea1b7a073390-prebuilt.qemu.org 04/01/2014 [589.560] RIP: 0010:btrfs_free_block_groups+0x449/0x4a0 [btrfs] [589.561] Code: 68 62 da c0 (...) [589.561] RSP: 0018:ffffa55a8c3b3d98 EFLAGS: 00010246 [589.561] RAX: 0000000000000058 RBX: ffff8f030d7f2000 RCX: 0000000000000000 [589.562] RDX: 0000000000000000 RSI: ffffffff953f0878 RDI: 00000000ffffffff [589.562] RBP: ffff8f030d7f2088 R08: 0000000000000000 R09: ffffa55a8c3b3c50 [589.562] R10: 0000000000000001 R11: 0000000000000001 R12: ffff8f05850b4c00 [589.562] R13: ffff8f030d7f2090 R14: ffff8f05850b4cd8 R15: dead000000000100 [589.563] FS: 00007f497fd2e840(0000) GS:ffff8f09dfc00000(0000) knlGS:0000000000000000 [589.563] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [589.563] CR2: 00007f497ff8ec10 CR3: 0000000271472006 CR4: 0000000000370ee0 [589.563] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [589.564] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [589.564] Call Trace: [589.564] <TASK> [589.565] ? __die_body+0x1b/0x60 [589.565] ? die+0x39/0x60 [589.565] ? do_trap+0xeb/0x110 [589.565] ? btrfs_free_block_groups+0x449/0x4a0 [btrfs] [589.566] ? do_error_trap+0x6a/0x90 [589.566] ? btrfs_free_block_groups+0x449/0x4a0 [btrfs] [589.566] ? exc_invalid_op+0x4e/0x70 [589.566] ? btrfs_free_block_groups+0x449/0x4a0 [btrfs] [589.567] ? asm_exc_invalid_op+0x16/0x20 [589.567] ? btrfs_free_block_groups+0x449/0x4a0 [btrfs] [589.567] ? btrfs_free_block_groups+0x449/0x4a0 [btrfs] [589.567] close_ctree+0x35d/0x560 [btrfs] [589.568] ? fsnotify_sb_delete+0x13e/0x1d0 [589.568] ? dispose_list+0x3a/0x50 [589.568] ? evict_inodes+0x151/0x1a0 [589.568] generic_shutdown_super+0x73/0x1a0 [589.569] kill_anon_super+0x14/0x30 [589.569] btrfs_kill_super+0x12/0x20 [btrfs] [589.569] deactivate_locked_super+0x2e/0x70 [589.569] cleanup_mnt+0x104/0x160 [589.570] task_work_run+0x56/0x90 [589.570] exit_to_user_mode_prepare+0x160/0x170 [589.570] syscall_exit_to_user_mode+0x22/0x50 [589.570] ? __x64_sys_umount+0x12/0x20 [589.571] do_syscall_64+0x48/0x90 [589.571] entry_SYSCALL_64_after_hwframe+0x72/0xdc [589.571] RIP: 0033:0x7f497ff0a567 [589.571] Code: af 98 0e (...) [589.572] RSP: 002b:00007ffc98347358 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [589.572] RAX: 0000000000000000 RBX: 00007f49800b8264 RCX: 00007f497ff0a567 [589.572] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000557f558abfa0 [589.573] RBP: 0000557f558a6ba0 R08: 0000000000000000 R09: 00007ffc98346100 [589.573] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [589.573] R13: 0000557f558abfa0 R14: 0000557f558a6cb0 R15: 0000557f558a6dd0 [589.573] </TASK> [589.574] Modules linked in: dm_snapshot dm_thin_pool (...) [589.576] ---[ end trace 0000000000000000 ]--- Fix this by adding a runtime flag to the block group to tell that the block group is still in the list of new block groups, and therefore it should not be moved to the list of unused block groups, at btrfs_mark_bg_unused(), until the flag is cleared, when we finish the creation of the block group at btrfs_create_pending_block_groups(). Fixes: a9f189716cf1 ("btrfs: move out now unused BG from the reclaim list") CC: stable(a)vger.kernel.org # 5.15+ Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/block-group.c b/fs/btrfs/block-group.c index 6753524b146c..f53297726238 100644 --- a/fs/btrfs/block-group.c +++ b/fs/btrfs/block-group.c @@ -1640,13 +1640,14 @@ void btrfs_mark_bg_unused(struct btrfs_block_group *bg) { struct btrfs_fs_info *fs_info = bg->fs_info; - trace_btrfs_add_unused_block_group(bg); spin_lock(&fs_info->unused_bgs_lock); if (list_empty(&bg->bg_list)) { btrfs_get_block_group(bg); + trace_btrfs_add_unused_block_group(bg); list_add_tail(&bg->bg_list, &fs_info->unused_bgs); - } else { + } else if (!test_bit(BLOCK_GROUP_FLAG_NEW, &bg->runtime_flags)) { /* Pull out the block group from the reclaim_bgs list. */ + trace_btrfs_add_unused_block_group(bg); list_move_tail(&bg->bg_list, &fs_info->unused_bgs); } spin_unlock(&fs_info->unused_bgs_lock); @@ -2668,6 +2669,7 @@ void btrfs_create_pending_block_groups(struct btrfs_trans_handle *trans) next: btrfs_delayed_refs_rsv_release(fs_info, 1); list_del_init(&block_group->bg_list); + clear_bit(BLOCK_GROUP_FLAG_NEW, &block_group->runtime_flags); } btrfs_trans_release_chunk_metadata(trans); } @@ -2707,6 +2709,13 @@ struct btrfs_block_group *btrfs_make_block_group(struct btrfs_trans_handle *tran if (!cache) return ERR_PTR(-ENOMEM); + /* + * Mark it as new before adding it to the rbtree of block groups or any + * list, so that no other task finds it and calls btrfs_mark_bg_unused() + * before the new flag is set. + */ + set_bit(BLOCK_GROUP_FLAG_NEW, &cache->runtime_flags); + cache->length = size; set_free_space_tree_thresholds(cache); cache->flags = type; diff --git a/fs/btrfs/block-group.h b/fs/btrfs/block-group.h index f204addc3fe8..381c54a56417 100644 --- a/fs/btrfs/block-group.h +++ b/fs/btrfs/block-group.h @@ -70,6 +70,11 @@ enum btrfs_block_group_flags { BLOCK_GROUP_FLAG_NEEDS_FREE_SPACE, /* Indicate that the block group is placed on a sequential zone */ BLOCK_GROUP_FLAG_SEQUENTIAL_ZONE, + /* + * Indicate that block group is in the list of new block groups of a + * transaction. + */ + BLOCK_GROUP_FLAG_NEW, }; enum btrfs_caching_type {

2 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: fix use-after-free of new block group that became" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 0657b20c5a76c938612f8409735a8830d257866e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023072317-grandkid-uncommon-ca27@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 0657b20c5a76 ("btrfs: fix use-after-free of new block group that became unused") a9f189716cf1 ("btrfs: move out now unused BG from the reclaim list") 961f5b8bf48a ("btrfs: convert btrfs_block_group::seq_zone to runtime flag") 0d7764ff58b4 ("btrfs: convert btrfs_block_group::needs_free_space to runtime flag") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0657b20c5a76c938612f8409735a8830d257866e Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Wed, 28 Jun 2023 17:13:37 +0100 Subject: [PATCH] btrfs: fix use-after-free of new block group that became unused If a task creates a new block group and that block group becomes unused before we finish its creation, at btrfs_create_pending_block_groups(), then when btrfs_mark_bg_unused() is called against the block group, we assume that the block group is currently in the list of block groups to reclaim, and we move it out of the list of new block groups and into the list of unused block groups. This has two consequences: 1) We move it out of the list of new block groups associated to the current transaction. So the block group creation is not finished and if we attempt to delete the bg because it's unused, we will not find the block group item in the extent tree (or the new block group tree), its device extent items in the device tree etc, resulting in the deletion to fail due to the missing items; 2) We don't increment the reference count on the block group when we move it to the list of unused block groups, because we assumed the block group was on the list of block groups to reclaim, and in that case it already has the correct reference count. However the block group was on the list of new block groups, in which case no extra reference was taken because it's local to the current task. This later results in doing an extra reference count decrement when removing the block group from the unused list, eventually leading the reference count to 0. This second case was caught when running generic/297 from fstests, which produced the following assertion failure and stack trace: [589.559] assertion failed: refcount_read(&block_group->refs) == 1, in fs/btrfs/block-group.c:4299 [589.559] ------------[ cut here ]------------ [589.559] kernel BUG at fs/btrfs/block-group.c:4299! [589.560] invalid opcode: 0000 [#1] PREEMPT SMP PTI [589.560] CPU: 8 PID: 2819134 Comm: umount Tainted: G W 6.4.0-rc6-btrfs-next-134+ #1 [589.560] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-0-gea1b7a073390-prebuilt.qemu.org 04/01/2014 [589.560] RIP: 0010:btrfs_free_block_groups+0x449/0x4a0 [btrfs] [589.561] Code: 68 62 da c0 (...) [589.561] RSP: 0018:ffffa55a8c3b3d98 EFLAGS: 00010246 [589.561] RAX: 0000000000000058 RBX: ffff8f030d7f2000 RCX: 0000000000000000 [589.562] RDX: 0000000000000000 RSI: ffffffff953f0878 RDI: 00000000ffffffff [589.562] RBP: ffff8f030d7f2088 R08: 0000000000000000 R09: ffffa55a8c3b3c50 [589.562] R10: 0000000000000001 R11: 0000000000000001 R12: ffff8f05850b4c00 [589.562] R13: ffff8f030d7f2090 R14: ffff8f05850b4cd8 R15: dead000000000100 [589.563] FS: 00007f497fd2e840(0000) GS:ffff8f09dfc00000(0000) knlGS:0000000000000000 [589.563] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [589.563] CR2: 00007f497ff8ec10 CR3: 0000000271472006 CR4: 0000000000370ee0 [589.563] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [589.564] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [589.564] Call Trace: [589.564] <TASK> [589.565] ? __die_body+0x1b/0x60 [589.565] ? die+0x39/0x60 [589.565] ? do_trap+0xeb/0x110 [589.565] ? btrfs_free_block_groups+0x449/0x4a0 [btrfs] [589.566] ? do_error_trap+0x6a/0x90 [589.566] ? btrfs_free_block_groups+0x449/0x4a0 [btrfs] [589.566] ? exc_invalid_op+0x4e/0x70 [589.566] ? btrfs_free_block_groups+0x449/0x4a0 [btrfs] [589.567] ? asm_exc_invalid_op+0x16/0x20 [589.567] ? btrfs_free_block_groups+0x449/0x4a0 [btrfs] [589.567] ? btrfs_free_block_groups+0x449/0x4a0 [btrfs] [589.567] close_ctree+0x35d/0x560 [btrfs] [589.568] ? fsnotify_sb_delete+0x13e/0x1d0 [589.568] ? dispose_list+0x3a/0x50 [589.568] ? evict_inodes+0x151/0x1a0 [589.568] generic_shutdown_super+0x73/0x1a0 [589.569] kill_anon_super+0x14/0x30 [589.569] btrfs_kill_super+0x12/0x20 [btrfs] [589.569] deactivate_locked_super+0x2e/0x70 [589.569] cleanup_mnt+0x104/0x160 [589.570] task_work_run+0x56/0x90 [589.570] exit_to_user_mode_prepare+0x160/0x170 [589.570] syscall_exit_to_user_mode+0x22/0x50 [589.570] ? __x64_sys_umount+0x12/0x20 [589.571] do_syscall_64+0x48/0x90 [589.571] entry_SYSCALL_64_after_hwframe+0x72/0xdc [589.571] RIP: 0033:0x7f497ff0a567 [589.571] Code: af 98 0e (...) [589.572] RSP: 002b:00007ffc98347358 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [589.572] RAX: 0000000000000000 RBX: 00007f49800b8264 RCX: 00007f497ff0a567 [589.572] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000557f558abfa0 [589.573] RBP: 0000557f558a6ba0 R08: 0000000000000000 R09: 00007ffc98346100 [589.573] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [589.573] R13: 0000557f558abfa0 R14: 0000557f558a6cb0 R15: 0000557f558a6dd0 [589.573] </TASK> [589.574] Modules linked in: dm_snapshot dm_thin_pool (...) [589.576] ---[ end trace 0000000000000000 ]--- Fix this by adding a runtime flag to the block group to tell that the block group is still in the list of new block groups, and therefore it should not be moved to the list of unused block groups, at btrfs_mark_bg_unused(), until the flag is cleared, when we finish the creation of the block group at btrfs_create_pending_block_groups(). Fixes: a9f189716cf1 ("btrfs: move out now unused BG from the reclaim list") CC: stable(a)vger.kernel.org # 5.15+ Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/block-group.c b/fs/btrfs/block-group.c index 6753524b146c..f53297726238 100644 --- a/fs/btrfs/block-group.c +++ b/fs/btrfs/block-group.c @@ -1640,13 +1640,14 @@ void btrfs_mark_bg_unused(struct btrfs_block_group *bg) { struct btrfs_fs_info *fs_info = bg->fs_info; - trace_btrfs_add_unused_block_group(bg); spin_lock(&fs_info->unused_bgs_lock); if (list_empty(&bg->bg_list)) { btrfs_get_block_group(bg); + trace_btrfs_add_unused_block_group(bg); list_add_tail(&bg->bg_list, &fs_info->unused_bgs); - } else { + } else if (!test_bit(BLOCK_GROUP_FLAG_NEW, &bg->runtime_flags)) { /* Pull out the block group from the reclaim_bgs list. */ + trace_btrfs_add_unused_block_group(bg); list_move_tail(&bg->bg_list, &fs_info->unused_bgs); } spin_unlock(&fs_info->unused_bgs_lock); @@ -2668,6 +2669,7 @@ void btrfs_create_pending_block_groups(struct btrfs_trans_handle *trans) next: btrfs_delayed_refs_rsv_release(fs_info, 1); list_del_init(&block_group->bg_list); + clear_bit(BLOCK_GROUP_FLAG_NEW, &block_group->runtime_flags); } btrfs_trans_release_chunk_metadata(trans); } @@ -2707,6 +2709,13 @@ struct btrfs_block_group *btrfs_make_block_group(struct btrfs_trans_handle *tran if (!cache) return ERR_PTR(-ENOMEM); + /* + * Mark it as new before adding it to the rbtree of block groups or any + * list, so that no other task finds it and calls btrfs_mark_bg_unused() + * before the new flag is set. + */ + set_bit(BLOCK_GROUP_FLAG_NEW, &cache->runtime_flags); + cache->length = size; set_free_space_tree_thresholds(cache); cache->flags = type; diff --git a/fs/btrfs/block-group.h b/fs/btrfs/block-group.h index f204addc3fe8..381c54a56417 100644 --- a/fs/btrfs/block-group.h +++ b/fs/btrfs/block-group.h @@ -70,6 +70,11 @@ enum btrfs_block_group_flags { BLOCK_GROUP_FLAG_NEEDS_FREE_SPACE, /* Indicate that the block group is placed on a sequential zone */ BLOCK_GROUP_FLAG_SEQUENTIAL_ZONE, + /* + * Indicate that block group is in the list of new block groups of a + * transaction. + */ + BLOCK_GROUP_FLAG_NEW, }; enum btrfs_caching_type {

2 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: fix use-after-free of new block group that became" failed to apply to 6.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.4.y git checkout FETCH_HEAD git cherry-pick -x 0657b20c5a76c938612f8409735a8830d257866e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023072313-onshore-immunize-bd55@gregkh' --subject-prefix 'PATCH 6.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0657b20c5a76c938612f8409735a8830d257866e Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Wed, 28 Jun 2023 17:13:37 +0100 Subject: [PATCH] btrfs: fix use-after-free of new block group that became unused If a task creates a new block group and that block group becomes unused before we finish its creation, at btrfs_create_pending_block_groups(), then when btrfs_mark_bg_unused() is called against the block group, we assume that the block group is currently in the list of block groups to reclaim, and we move it out of the list of new block groups and into the list of unused block groups. This has two consequences: 1) We move it out of the list of new block groups associated to the current transaction. So the block group creation is not finished and if we attempt to delete the bg because it's unused, we will not find the block group item in the extent tree (or the new block group tree), its device extent items in the device tree etc, resulting in the deletion to fail due to the missing items; 2) We don't increment the reference count on the block group when we move it to the list of unused block groups, because we assumed the block group was on the list of block groups to reclaim, and in that case it already has the correct reference count. However the block group was on the list of new block groups, in which case no extra reference was taken because it's local to the current task. This later results in doing an extra reference count decrement when removing the block group from the unused list, eventually leading the reference count to 0. This second case was caught when running generic/297 from fstests, which produced the following assertion failure and stack trace: [589.559] assertion failed: refcount_read(&block_group->refs) == 1, in fs/btrfs/block-group.c:4299 [589.559] ------------[ cut here ]------------ [589.559] kernel BUG at fs/btrfs/block-group.c:4299! [589.560] invalid opcode: 0000 [#1] PREEMPT SMP PTI [589.560] CPU: 8 PID: 2819134 Comm: umount Tainted: G W 6.4.0-rc6-btrfs-next-134+ #1 [589.560] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-0-gea1b7a073390-prebuilt.qemu.org 04/01/2014 [589.560] RIP: 0010:btrfs_free_block_groups+0x449/0x4a0 [btrfs] [589.561] Code: 68 62 da c0 (...) [589.561] RSP: 0018:ffffa55a8c3b3d98 EFLAGS: 00010246 [589.561] RAX: 0000000000000058 RBX: ffff8f030d7f2000 RCX: 0000000000000000 [589.562] RDX: 0000000000000000 RSI: ffffffff953f0878 RDI: 00000000ffffffff [589.562] RBP: ffff8f030d7f2088 R08: 0000000000000000 R09: ffffa55a8c3b3c50 [589.562] R10: 0000000000000001 R11: 0000000000000001 R12: ffff8f05850b4c00 [589.562] R13: ffff8f030d7f2090 R14: ffff8f05850b4cd8 R15: dead000000000100 [589.563] FS: 00007f497fd2e840(0000) GS:ffff8f09dfc00000(0000) knlGS:0000000000000000 [589.563] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [589.563] CR2: 00007f497ff8ec10 CR3: 0000000271472006 CR4: 0000000000370ee0 [589.563] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [589.564] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [589.564] Call Trace: [589.564] <TASK> [589.565] ? __die_body+0x1b/0x60 [589.565] ? die+0x39/0x60 [589.565] ? do_trap+0xeb/0x110 [589.565] ? btrfs_free_block_groups+0x449/0x4a0 [btrfs] [589.566] ? do_error_trap+0x6a/0x90 [589.566] ? btrfs_free_block_groups+0x449/0x4a0 [btrfs] [589.566] ? exc_invalid_op+0x4e/0x70 [589.566] ? btrfs_free_block_groups+0x449/0x4a0 [btrfs] [589.567] ? asm_exc_invalid_op+0x16/0x20 [589.567] ? btrfs_free_block_groups+0x449/0x4a0 [btrfs] [589.567] ? btrfs_free_block_groups+0x449/0x4a0 [btrfs] [589.567] close_ctree+0x35d/0x560 [btrfs] [589.568] ? fsnotify_sb_delete+0x13e/0x1d0 [589.568] ? dispose_list+0x3a/0x50 [589.568] ? evict_inodes+0x151/0x1a0 [589.568] generic_shutdown_super+0x73/0x1a0 [589.569] kill_anon_super+0x14/0x30 [589.569] btrfs_kill_super+0x12/0x20 [btrfs] [589.569] deactivate_locked_super+0x2e/0x70 [589.569] cleanup_mnt+0x104/0x160 [589.570] task_work_run+0x56/0x90 [589.570] exit_to_user_mode_prepare+0x160/0x170 [589.570] syscall_exit_to_user_mode+0x22/0x50 [589.570] ? __x64_sys_umount+0x12/0x20 [589.571] do_syscall_64+0x48/0x90 [589.571] entry_SYSCALL_64_after_hwframe+0x72/0xdc [589.571] RIP: 0033:0x7f497ff0a567 [589.571] Code: af 98 0e (...) [589.572] RSP: 002b:00007ffc98347358 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [589.572] RAX: 0000000000000000 RBX: 00007f49800b8264 RCX: 00007f497ff0a567 [589.572] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000557f558abfa0 [589.573] RBP: 0000557f558a6ba0 R08: 0000000000000000 R09: 00007ffc98346100 [589.573] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [589.573] R13: 0000557f558abfa0 R14: 0000557f558a6cb0 R15: 0000557f558a6dd0 [589.573] </TASK> [589.574] Modules linked in: dm_snapshot dm_thin_pool (...) [589.576] ---[ end trace 0000000000000000 ]--- Fix this by adding a runtime flag to the block group to tell that the block group is still in the list of new block groups, and therefore it should not be moved to the list of unused block groups, at btrfs_mark_bg_unused(), until the flag is cleared, when we finish the creation of the block group at btrfs_create_pending_block_groups(). Fixes: a9f189716cf1 ("btrfs: move out now unused BG from the reclaim list") CC: stable(a)vger.kernel.org # 5.15+ Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/block-group.c b/fs/btrfs/block-group.c index 6753524b146c..f53297726238 100644 --- a/fs/btrfs/block-group.c +++ b/fs/btrfs/block-group.c @@ -1640,13 +1640,14 @@ void btrfs_mark_bg_unused(struct btrfs_block_group *bg) { struct btrfs_fs_info *fs_info = bg->fs_info; - trace_btrfs_add_unused_block_group(bg); spin_lock(&fs_info->unused_bgs_lock); if (list_empty(&bg->bg_list)) { btrfs_get_block_group(bg); + trace_btrfs_add_unused_block_group(bg); list_add_tail(&bg->bg_list, &fs_info->unused_bgs); - } else { + } else if (!test_bit(BLOCK_GROUP_FLAG_NEW, &bg->runtime_flags)) { /* Pull out the block group from the reclaim_bgs list. */ + trace_btrfs_add_unused_block_group(bg); list_move_tail(&bg->bg_list, &fs_info->unused_bgs); } spin_unlock(&fs_info->unused_bgs_lock); @@ -2668,6 +2669,7 @@ void btrfs_create_pending_block_groups(struct btrfs_trans_handle *trans) next: btrfs_delayed_refs_rsv_release(fs_info, 1); list_del_init(&block_group->bg_list); + clear_bit(BLOCK_GROUP_FLAG_NEW, &block_group->runtime_flags); } btrfs_trans_release_chunk_metadata(trans); } @@ -2707,6 +2709,13 @@ struct btrfs_block_group *btrfs_make_block_group(struct btrfs_trans_handle *tran if (!cache) return ERR_PTR(-ENOMEM); + /* + * Mark it as new before adding it to the rbtree of block groups or any + * list, so that no other task finds it and calls btrfs_mark_bg_unused() + * before the new flag is set. + */ + set_bit(BLOCK_GROUP_FLAG_NEW, &cache->runtime_flags); + cache->length = size; set_free_space_tree_thresholds(cache); cache->flags = type; diff --git a/fs/btrfs/block-group.h b/fs/btrfs/block-group.h index f204addc3fe8..381c54a56417 100644 --- a/fs/btrfs/block-group.h +++ b/fs/btrfs/block-group.h @@ -70,6 +70,11 @@ enum btrfs_block_group_flags { BLOCK_GROUP_FLAG_NEEDS_FREE_SPACE, /* Indicate that the block group is placed on a sequential zone */ BLOCK_GROUP_FLAG_SEQUENTIAL_ZONE, + /* + * Indicate that block group is in the list of new block groups of a + * transaction. + */ + BLOCK_GROUP_FLAG_NEW, }; enum btrfs_caching_type {

2 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] maple_tree: fix 32 bit mas_next testing" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 7a93c71a6714ca1a9c03d70432dac104b0cfb815 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023072304-prepay-unread-75ce@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 7a93c71a6714 ("maple_tree: fix 32 bit mas_next testing") eb2e817f38ca ("maple_tree: update testing code for mas_{next,prev,walk}") eaf9790d3bc6 ("maple_tree: add __init and __exit to test module") 4bd6dded6318 ("test_maple_tree: add more testing for mas_empty_area()") 5159d64b3354 ("test_maple_tree: test modifications while iterating") 7327e8111adb ("maple_tree: fix mas_empty_area_rev() lower bound validation") c5651b31f515 ("test_maple_tree: add test for mas_spanning_rebalance() on insufficient data") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7a93c71a6714ca1a9c03d70432dac104b0cfb815 Mon Sep 17 00:00:00 2001 From: "Liam R. Howlett" <Liam.Howlett(a)oracle.com> Date: Wed, 12 Jul 2023 13:39:15 -0400 Subject: [PATCH] maple_tree: fix 32 bit mas_next testing The test setup of mas_next is dependent on node entry size to create a 2 level tree, but the tests did not account for this in the expected value when shifting beyond the scope of the tree. Fix this by setting up the test to succeed depending on the node entries which is dependent on the 32/64 bit setup. Link: https://lkml.kernel.org/r/20230712173916.168805-1-Liam.Howlett@oracle.com Fixes: 120b116208a0 ("maple_tree: reorganize testing to restore module testing") Signed-off-by: Liam R. Howlett <Liam.Howlett(a)oracle.com> Reported-by: Geert Uytterhoeven <geert(a)linux-m68k.org> Closes: https://lore.kernel.org/linux-mm/CAMuHMdV4T53fOw7VPoBgPR7fP6RYqf=CBhD_y_vOg… Tested-by: Geert Uytterhoeven <geert(a)linux-m68k.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/lib/test_maple_tree.c b/lib/test_maple_tree.c index 9939be34e516..8d4c92cbdd0c 100644 --- a/lib/test_maple_tree.c +++ b/lib/test_maple_tree.c @@ -1898,13 +1898,16 @@ static noinline void __init next_prev_test(struct maple_tree *mt) 725}; static const unsigned long level2_32[] = { 1747, 2000, 1750, 1755, 1760, 1765}; + unsigned long last_index; if (MAPLE_32BIT) { nr_entries = 500; level2 = level2_32; + last_index = 0x138e; } else { nr_entries = 200; level2 = level2_64; + last_index = 0x7d6; } for (i = 0; i <= nr_entries; i++) @@ -2011,7 +2014,7 @@ static noinline void __init next_prev_test(struct maple_tree *mt) val = mas_next(&mas, ULONG_MAX); MT_BUG_ON(mt, val != NULL); - MT_BUG_ON(mt, mas.index != 0x7d6); + MT_BUG_ON(mt, mas.index != last_index); MT_BUG_ON(mt, mas.last != ULONG_MAX); val = mas_prev(&mas, 0);

2 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] maple_tree: fix 32 bit mas_next testing" failed to apply to 6.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.4.y git checkout FETCH_HEAD git cherry-pick -x 7a93c71a6714ca1a9c03d70432dac104b0cfb815 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023072303-possible-backwash-4c0f@gregkh' --subject-prefix 'PATCH 6.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7a93c71a6714ca1a9c03d70432dac104b0cfb815 Mon Sep 17 00:00:00 2001 From: "Liam R. Howlett" <Liam.Howlett(a)oracle.com> Date: Wed, 12 Jul 2023 13:39:15 -0400 Subject: [PATCH] maple_tree: fix 32 bit mas_next testing The test setup of mas_next is dependent on node entry size to create a 2 level tree, but the tests did not account for this in the expected value when shifting beyond the scope of the tree. Fix this by setting up the test to succeed depending on the node entries which is dependent on the 32/64 bit setup. Link: https://lkml.kernel.org/r/20230712173916.168805-1-Liam.Howlett@oracle.com Fixes: 120b116208a0 ("maple_tree: reorganize testing to restore module testing") Signed-off-by: Liam R. Howlett <Liam.Howlett(a)oracle.com> Reported-by: Geert Uytterhoeven <geert(a)linux-m68k.org> Closes: https://lore.kernel.org/linux-mm/CAMuHMdV4T53fOw7VPoBgPR7fP6RYqf=CBhD_y_vOg… Tested-by: Geert Uytterhoeven <geert(a)linux-m68k.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/lib/test_maple_tree.c b/lib/test_maple_tree.c index 9939be34e516..8d4c92cbdd0c 100644 --- a/lib/test_maple_tree.c +++ b/lib/test_maple_tree.c @@ -1898,13 +1898,16 @@ static noinline void __init next_prev_test(struct maple_tree *mt) 725}; static const unsigned long level2_32[] = { 1747, 2000, 1750, 1755, 1760, 1765}; + unsigned long last_index; if (MAPLE_32BIT) { nr_entries = 500; level2 = level2_32; + last_index = 0x138e; } else { nr_entries = 200; level2 = level2_64; + last_index = 0x7d6; } for (i = 0; i <= nr_entries; i++) @@ -2011,7 +2014,7 @@ static noinline void __init next_prev_test(struct maple_tree *mt) val = mas_next(&mas, ULONG_MAX); MT_BUG_ON(mt, val != NULL); - MT_BUG_ON(mt, mas.index != 0x7d6); + MT_BUG_ON(mt, mas.index != last_index); MT_BUG_ON(mt, mas.last != ULONG_MAX); val = mas_prev(&mas, 0);

2 years, 3 months

1
0
0 0

stable-rc/linux-4.14.y build: 195 builds: 5 failed, 190 passed, 3 errors, 25 warnings (v4.14.320)

by kernelci.org bot

stable-rc/linux-4.14.y build: 195 builds: 5 failed, 190 passed, 3 errors, 25 warnings (v4.14.320) Full Build Summary: https://kernelci.org/build/stable-rc/branch/linux-4.14.y/kernel/v4.14.320/ Tree: stable-rc Branch: linux-4.14.y Git Describe: v4.14.320 Git Commit: 60a6e3043cc8b918c989707a5eba5fd6830a08a4 Git URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git Built: 6 unique architectures Build Failures Detected: mips: db1xxx_defconfig: (gcc-10) FAIL gpr_defconfig: (gcc-10) FAIL ip27_defconfig: (gcc-10) FAIL ip28_defconfig: (gcc-10) FAIL mtx1_defconfig: (gcc-10) FAIL Errors and Warnings Detected: arc: arm64: arm: mini2440_defconfig (gcc-10): 1 warning omap1_defconfig (gcc-10): 1 warning s3c2410_defconfig (gcc-10): 1 warning i386: allnoconfig (gcc-10): 3 warnings i386_defconfig (gcc-10): 3 warnings tinyconfig (gcc-10): 3 warnings mips: db1xxx_defconfig (gcc-10): 1 error gpr_defconfig (gcc-10): 1 error malta_qemu_32r6_defconfig (gcc-10): 1 warning mtx1_defconfig (gcc-10): 1 error x86_64: allnoconfig (gcc-10): 3 warnings tinyconfig (gcc-10): 3 warnings x86_64_defconfig (gcc-10): 3 warnings x86_64_defconfig+x86-chromebook (gcc-10): 3 warnings Errors summary: 6 arch/mips/alchemy/common/dbdma.c:33:10: fatal error: linux/dma-map-ops.h: No such file or directory Warnings summary: 21 ld: warning: creating DT_TEXTREL in a PIE 12 ld: arch/x86/boot/compressed/head_64.o: warning: relocation in read-only section `.head.text' 12 Warning: synced file at 'tools/objtool/arch/x86/include/asm/insn.h' differs from latest kernel version at 'arch/x86/include/asm/insn.h' 9 ld: arch/x86/boot/compressed/head_32.o: warning: relocation in read-only section `.head.text' 9 arch/x86/entry/entry_32.S:480: Warning: no instruction mnemonic suffix given and no register operands; using default for `btr' 4 drivers/tty/serial/samsung.c:1790:34: warning: array ‘s3c24xx_uart_dt_match’ assumed to have one element 2 {standard input}:30: Warning: macro instruction expanded into multiple instructions 2 drivers/gpio/gpio-omap.c:1152:34: warning: array ‘omap_gpio_match’ assumed to have one element Section mismatches summary: 29 WARNING: modpost: Found 1 section mismatch(es). ================================================================================ Detailed per-defconfig build reports: -------------------------------------------------------------------------------- 32r2el_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- acs5k_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- acs5k_tiny_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- allnoconfig (x86_64, gcc-10) — PASS, 0 errors, 3 warnings, 0 section mismatches Warnings: Warning: synced file at 'tools/objtool/arch/x86/include/asm/insn.h' differs from latest kernel version at 'arch/x86/include/asm/insn.h' ld: arch/x86/boot/compressed/head_64.o: warning: relocation in read-only section `.head.text' ld: warning: creating DT_TEXTREL in a PIE -------------------------------------------------------------------------------- allnoconfig (i386, gcc-10) — PASS, 0 errors, 3 warnings, 0 section mismatches Warnings: arch/x86/entry/entry_32.S:480: Warning: no instruction mnemonic suffix given and no register operands; using default for `btr' ld: arch/x86/boot/compressed/head_32.o: warning: relocation in read-only section `.head.text' ld: warning: creating DT_TEXTREL in a PIE -------------------------------------------------------------------------------- allnoconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- allnoconfig (arc, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- am200epdkit_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ar7_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- aspeed_g4_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- aspeed_g5_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- assabet_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- at91_dt_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ath25_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ath79_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- axm55xx_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- axs103_defconfig (arc, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- axs103_smp_defconfig (arc, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- badge4_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- bcm2835_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- bcm47xx_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- bcm63xx_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- bigsur_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- bmips_be_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- bmips_stb_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- capcella_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- cavium_octeon_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- cerfcube_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ci20_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- cm_x2xx_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- cm_x300_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- cobalt_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- colibri_pxa270_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- colibri_pxa300_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- collie_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- corgi_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- davinci_all_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- db1xxx_defconfig (mips, gcc-10) — FAIL, 1 error, 0 warnings, 0 section mismatches Errors: arch/mips/alchemy/common/dbdma.c:33:10: fatal error: linux/dma-map-ops.h: No such file or directory -------------------------------------------------------------------------------- decstation_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- defconfig (arm64, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches Section mismatches: WARNING: modpost: Found 1 section mismatch(es). -------------------------------------------------------------------------------- defconfig+arm64-chromebook (arm64, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches Section mismatches: WARNING: modpost: Found 1 section mismatch(es). -------------------------------------------------------------------------------- dove_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- e55_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ebsa110_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- efm32_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- em_x270_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ep93xx_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches Section mismatches: WARNING: modpost: Found 1 section mismatch(es). -------------------------------------------------------------------------------- eseries_pxa_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- exynos_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ezx_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- footbridge_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- fuloong2e_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- gemini_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- gpr_defconfig (mips, gcc-10) — FAIL, 1 error, 0 warnings, 0 section mismatches Errors: arch/mips/alchemy/common/dbdma.c:33:10: fatal error: linux/dma-map-ops.h: No such file or directory -------------------------------------------------------------------------------- h3600_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- h5000_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- hackkit_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- haps_hs_defconfig (arc, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- haps_hs_smp_defconfig (arc, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- hisi_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- hsdk_defconfig (arc, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- i386_defconfig (i386, gcc-10) — PASS, 0 errors, 3 warnings, 0 section mismatches Warnings: arch/x86/entry/entry_32.S:480: Warning: no instruction mnemonic suffix given and no register operands; using default for `btr' ld: arch/x86/boot/compressed/head_32.o: warning: relocation in read-only section `.head.text' ld: warning: creating DT_TEXTREL in a PIE -------------------------------------------------------------------------------- imote2_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- imx_v4_v5_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- imx_v6_v7_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- integrator_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches Section mismatches: WARNING: modpost: Found 1 section mismatch(es). -------------------------------------------------------------------------------- iop13xx_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- iop32x_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- iop33x_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ip22_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ip27_defconfig (mips, gcc-10) — FAIL, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ip28_defconfig (mips, gcc-10) — FAIL, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ip32_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ixp4xx_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- jazz_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- jmr3927_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- jornada720_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- keystone_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ks8695_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- lart_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- lasat_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- lemote2f_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- loongson1b_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- loongson1c_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- loongson3_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- lpc18xx_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- lpc32xx_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- lpd270_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- lubbock_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- magician_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- mainstone_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- malta_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- malta_kvm_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- malta_kvm_guest_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- malta_qemu_32r6_defconfig (mips, gcc-10) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: {standard input}:30: Warning: macro instruction expanded into multiple instructions -------------------------------------------------------------------------------- maltaaprp_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- maltasmvp_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- maltasmvp_eva_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- maltaup_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- maltaup_xpa_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- markeins_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- mini2440_defconfig (arm, gcc-10) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/tty/serial/samsung.c:1790:34: warning: array ‘s3c24xx_uart_dt_match’ assumed to have one element -------------------------------------------------------------------------------- mips_paravirt_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- mmp2_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- moxart_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- mpc30x_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- mps2_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- msp71xx_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- mtx1_defconfig (mips, gcc-10) — FAIL, 1 error, 0 warnings, 0 section mismatches Errors: arch/mips/alchemy/common/dbdma.c:33:10: fatal error: linux/dma-map-ops.h: No such file or directory -------------------------------------------------------------------------------- multi_v4t_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- multi_v5_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches Section mismatches: WARNING: modpost: Found 1 section mismatch(es). -------------------------------------------------------------------------------- multi_v7_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- mvebu_v5_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- mvebu_v7_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- mxs_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- neponset_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- netwinder_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- netx_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches Section mismatches: WARNING: modpost: Found 1 section mismatch(es). -------------------------------------------------------------------------------- nhk8815_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches Section mismatches: WARNING: modpost: Found 1 section mismatch(es). -------------------------------------------------------------------------------- nlm_xlp_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- nlm_xlr_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- nsim_hs_defconfig (arc, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- nsim_hs_smp_defconfig (arc, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- nsimosci_hs_defconfig (arc, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- nsimosci_hs_smp_defconfig (arc, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- nuc910_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- nuc950_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- nuc960_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- omap1_defconfig (arm, gcc-10) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/gpio/gpio-omap.c:1152:34: warning: array ‘omap_gpio_match’ assumed to have one element -------------------------------------------------------------------------------- omap2plus_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- omega2p_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- orion5x_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- palmz72_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- pcm027_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- pic32mzda_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- pistachio_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- pleb_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- pnx8335_stb225_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- prima2_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- pxa168_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- pxa255-idp_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- pxa3xx_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- pxa910_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- pxa_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- qcom_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- qi_lb60_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- raumfeld_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- rb532_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- rbtx49xx_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- realview_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- rm200_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- rt305x_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- s3c2410_defconfig (arm, gcc-10) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/tty/serial/samsung.c:1790:34: warning: array ‘s3c24xx_uart_dt_match’ assumed to have one element -------------------------------------------------------------------------------- s3c6400_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches Section mismatches: WARNING: modpost: Found 1 section mismatch(es). -------------------------------------------------------------------------------- s5pv210_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches Section mismatches: WARNING: modpost: Found 1 section mismatch(es). -------------------------------------------------------------------------------- sama5_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- sb1250_swarm_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- shannon_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- shmobile_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- simpad_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- socfpga_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- spear13xx_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- spear3xx_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches Section mismatches: WARNING: modpost: Found 1 section mismatch(es). -------------------------------------------------------------------------------- spear6xx_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches Section mismatches: WARNING: modpost: Found 1 section mismatch(es). -------------------------------------------------------------------------------- spitz_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- stm32_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- sunxi_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- tango4_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- tb0219_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- tb0226_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- tb0287_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- tct_hammer_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- tegra_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- tinyconfig (arc, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- tinyconfig (x86_64, gcc-10) — PASS, 0 errors, 3 warnings, 0 section mismatches Warnings: Warning: synced file at 'tools/objtool/arch/x86/include/asm/insn.h' differs from latest kernel version at 'arch/x86/include/asm/insn.h' ld: arch/x86/boot/compressed/head_64.o: warning: relocation in read-only section `.head.text' ld: warning: creating DT_TEXTREL in a PIE -------------------------------------------------------------------------------- tinyconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- tinyconfig (i386, gcc-10) — PASS, 0 errors, 3 warnings, 0 section mismatches Warnings: arch/x86/entry/entry_32.S:480: Warning: no instruction mnemonic suffix given and no register operands; using default for `btr' ld: arch/x86/boot/compressed/head_32.o: warning: relocation in read-only section `.head.text' ld: warning: creating DT_TEXTREL in a PIE -------------------------------------------------------------------------------- trizeps4_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- u300_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches Section mismatches: WARNING: modpost: Found 1 section mismatch(es). -------------------------------------------------------------------------------- u8500_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- vdk_hs38_defconfig (arc, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- vdk_hs38_smp_defconfig (arc, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- versatile_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches Section mismatches: WARNING: modpost: Found 1 section mismatch(es). -------------------------------------------------------------------------------- vexpress_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- viper_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- vocore2_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- vt8500_v6_v7_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- workpad_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- x86_64_defconfig (x86_64, gcc-10) — PASS, 0 errors, 3 warnings, 0 section mismatches Warnings: Warning: synced file at 'tools/objtool/arch/x86/include/asm/insn.h' differs from latest kernel version at 'arch/x86/include/asm/insn.h' ld: arch/x86/boot/compressed/head_64.o: warning: relocation in read-only section `.head.text' ld: warning: creating DT_TEXTREL in a PIE -------------------------------------------------------------------------------- x86_64_defconfig+x86-chromebook (x86_64, gcc-10) — PASS, 0 errors, 3 warnings, 0 section mismatches Warnings: Warning: synced file at 'tools/objtool/arch/x86/include/asm/insn.h' differs from latest kernel version at 'arch/x86/include/asm/insn.h' ld: arch/x86/boot/compressed/head_64.o: warning: relocation in read-only section `.head.text' ld: warning: creating DT_TEXTREL in a PIE -------------------------------------------------------------------------------- xcep_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- xilfpga_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- zeus_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- zx_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches --- For more info write to <info(a)kernelci.org>

2 years, 3 months

1
0
0 0

stable-rc/linux-6.3.y build: 139 builds: 1 failed, 138 passed, 4 errors (v6.3.11)

by kernelci.org bot

stable-rc/linux-6.3.y build: 139 builds: 1 failed, 138 passed, 4 errors (v6.3.11) Full Build Summary: https://kernelci.org/build/stable-rc/branch/linux-6.3.y/kernel/v6.3.11/ Tree: stable-rc Branch: linux-6.3.y Git Describe: v6.3.11 Git Commit: 429cff33b400edd76fc4d5e470742812a44fbc91 Git URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git Built: 7 unique architectures Build Failure Detected: mips: decstation_64_defconfig: (gcc-10) FAIL Errors Detected: arc: arm64: arm: i386: mips: fuloong2e_defconfig (gcc-10): 1 error lemote2f_defconfig (gcc-10): 1 error loongson2k_defconfig (gcc-10): 1 error loongson3_defconfig (gcc-10): 1 error riscv: x86_64: Errors summary: 4 cc1: error: ‘-mloongson-mmi’ must be used with ‘-mhard-float’ ================================================================================ Detailed per-defconfig build reports: -------------------------------------------------------------------------------- 32r2el_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- allnoconfig (x86_64, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- allnoconfig (arc, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- allnoconfig (i386, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- am200epdkit_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ar7_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- aspeed_g4_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- aspeed_g5_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- assabet_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- at91_dt_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ath25_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ath79_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- axm55xx_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- axs103_defconfig (arc, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- axs103_smp_defconfig (arc, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- bcm2835_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- bcm47xx_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- bcm63xx_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- bigsur_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- bmips_be_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- bmips_stb_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- cavium_octeon_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ci20_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- cobalt_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- collie_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- cu1000-neo_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- cu1830-neo_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- davinci_all_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- db1xxx_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- decstation_64_defconfig (mips, gcc-10) — FAIL, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- decstation_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- decstation_r4k_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- defconfig (riscv, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- defconfig (arm64, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- defconfig+arm64-chromebook (arm64, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- exynos_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- footbridge_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- fuloong2e_defconfig (mips, gcc-10) — PASS, 1 error, 0 warnings, 0 section mismatches Errors: cc1: error: ‘-mloongson-mmi’ must be used with ‘-mhard-float’ -------------------------------------------------------------------------------- gcw0_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- gemini_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- gpr_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- h3600_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- haps_hs_defconfig (arc, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- haps_hs_smp_defconfig (arc, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- hisi_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- hsdk_defconfig (arc, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- i386_defconfig (i386, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- imx_v4_v5_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- imx_v6_v7_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- imxrt_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- integrator_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ip22_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ip27_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ip28_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ip32_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ixp4xx_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- jazz_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- jornada720_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- keystone_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- lemote2f_defconfig (mips, gcc-10) — PASS, 1 error, 0 warnings, 0 section mismatches Errors: cc1: error: ‘-mloongson-mmi’ must be used with ‘-mhard-float’ -------------------------------------------------------------------------------- loongson1b_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- loongson1c_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- loongson2k_defconfig (mips, gcc-10) — PASS, 1 error, 0 warnings, 0 section mismatches Errors: cc1: error: ‘-mloongson-mmi’ must be used with ‘-mhard-float’ -------------------------------------------------------------------------------- loongson3_defconfig (mips, gcc-10) — PASS, 1 error, 0 warnings, 0 section mismatches Errors: cc1: error: ‘-mloongson-mmi’ must be used with ‘-mhard-float’ -------------------------------------------------------------------------------- lpc18xx_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- lpc32xx_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- malta_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- malta_kvm_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- malta_qemu_32r6_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- maltaaprp_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- maltasmvp_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- maltasmvp_eva_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- maltaup_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- maltaup_xpa_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- milbeaut_m10v_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- mmp2_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- moxart_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- mps2_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- mtx1_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- multi_v4t_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- multi_v5_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- multi_v7_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- mvebu_v5_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- mvebu_v7_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- mxs_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- neponset_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- netwinder_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- nhk8815_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- nommu_k210_defconfig (riscv, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- nommu_k210_sdcard_defconfig (riscv, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- nsimosci_hs_defconfig (arc, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- nsimosci_hs_smp_defconfig (arc, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- omap2plus_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- omega2p_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- orion5x_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- oxnas_v6_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- pic32mzda_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- pxa168_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- pxa3xx_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- pxa910_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- pxa_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- qcom_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- qi_lb60_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- rb532_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- rbtx49xx_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- realview_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- rm200_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- rs90_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- rt305x_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- rv32_defconfig (riscv, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- s3c6400_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- s5pv210_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- sama5_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- sama7_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- sb1250_swarm_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- shmobile_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- socfpga_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- sp7021_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- spear13xx_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- spear3xx_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- spear6xx_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- spitz_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- stm32_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- sunxi_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- tegra_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- tinyconfig (arc, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- tinyconfig (i386, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- tinyconfig (x86_64, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- u8500_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- vdk_hs38_defconfig (arc, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- vdk_hs38_smp_defconfig (arc, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- versatile_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- vexpress_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- vf610m4_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- vocore2_defconfig (mips, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- vt8500_v6_v7_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- wpcm450_defconfig (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- x86_64_defconfig (x86_64, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- x86_64_defconfig+x86-chromebook (x86_64, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches --- For more info write to <info(a)kernelci.org>

2 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] io_uring: treat -EAGAIN for REQ_F_NOWAIT as final for io-wq" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x a9be202269580ca611c6cebac90eaf1795497800 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023072352-book-slab-df31@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: a9be20226958 ("io_uring: treat -EAGAIN for REQ_F_NOWAIT as final for io-wq") ed29b0b4fd83 ("io_uring: move to separate directory") d01905db14eb ("io_uring: clean iowq submit work cancellation") 255657d23704 ("io_uring: clean io_wq_submit_work()'s main loop") 90fa02883f06 ("io_uring: implement async hybrid mode for pollable requests") 3b44b3712c5b ("io_uring: split logic of force_nonblock") 9882131cd9de ("io_uring: kill io_wq_current_is_worker() in iopoll") 9983028e7660 ("io_uring: optimise req->ctx reloads") 5e49c973fc39 ("io_uring: clean up io_import_iovec") 51aac424aef9 ("io_uring: optimise io_import_iovec nonblock passing") c88598a92a58 ("io_uring: optimise read/write iov state storing") 538941e2681c ("io_uring: encapsulate rw state") d886e185a128 ("io_uring: control ->async_data with a REQ_F flag") 30d51dd4ad20 ("io_uring: clean up buffer select") ef05d9ebcc92 ("io_uring: kill off ->inflight_entry field") 6f33b0bc4ea4 ("io_uring: use slist for completion batching") c450178d9be9 ("io_uring: dedup CQE flushing non-empty checks") 4c928904ff77 ("block: move CONFIG_BLOCK guard to top Makefile") 14cfbb7a7856 ("io_uring: fix wrong condition to grab uring lock") 7df778be2f61 ("io_uring: make OP_CLOSE consistent with direct open") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a9be202269580ca611c6cebac90eaf1795497800 Mon Sep 17 00:00:00 2001 From: Jens Axboe <axboe(a)kernel.dk> Date: Thu, 20 Jul 2023 13:16:53 -0600 Subject: [PATCH] io_uring: treat -EAGAIN for REQ_F_NOWAIT as final for io-wq io-wq assumes that an issue is blocking, but it may not be if the request type has asked for a non-blocking attempt. If we get -EAGAIN for that case, then we need to treat it as a final result and not retry or arm poll for it. Cc: stable(a)vger.kernel.org # 5.10+ Link: https://github.com/axboe/liburing/issues/897 Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c index a9923676d16d..5e97235a82d6 100644 --- a/io_uring/io_uring.c +++ b/io_uring/io_uring.c @@ -1948,6 +1948,14 @@ void io_wq_submit_work(struct io_wq_work *work) ret = io_issue_sqe(req, issue_flags); if (ret != -EAGAIN) break; + + /* + * If REQ_F_NOWAIT is set, then don't wait or retry with + * poll. -EAGAIN is final for that case. + */ + if (req->flags & REQ_F_NOWAIT) + break; + /* * We can get EAGAIN for iopolled IO even though we're * forcing a sync submission from here, since we can't

2 years, 3 months

1
0
0 0

Linux 6.4.5

by Greg Kroah-Hartman

I'm announcing the release of the 6.4.5 kernel. All users of the 6.4 kernel series must upgrade. The updated 6.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.4.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/arm64/silicon-errata.rst | 3 Documentation/userspace-api/media/v4l/vidioc-subdev-g-routing.rst | 2 Makefile | 28 - arch/arm64/Kconfig | 19 arch/arm64/boot/dts/mediatek/mt7986a-bananapi-bpi-r3-nor.dtso | 7 arch/arm64/boot/dts/ti/k3-am68-sk-base-board.dts | 42 - arch/arm64/boot/dts/ti/k3-j721s2-common-proc-board.dts | 76 +- arch/arm64/boot/dts/ti/k3-j721s2-mcu-wakeup.dtsi | 29 + arch/arm64/kernel/cpu_errata.c | 7 arch/arm64/kernel/traps.c | 2 arch/arm64/kvm/hyp/pgtable.c | 14 arch/arm64/mm/fault.c | 2 arch/arm64/tools/cpucaps | 1 arch/mips/Makefile | 10 arch/mips/include/asm/cpu-features.h | 4 arch/mips/include/asm/kvm_host.h | 6 arch/mips/kernel/cpu-probe.c | 9 arch/mips/kvm/emulate.c | 22 arch/mips/kvm/mips.c | 16 arch/mips/kvm/stats.c | 4 arch/mips/kvm/trace.h | 8 arch/mips/kvm/vz.c | 20 arch/openrisc/include/uapi/asm/sigcontext.h | 6 arch/openrisc/kernel/signal.c | 4 arch/powerpc/Makefile | 8 arch/powerpc/kernel/security.c | 37 - arch/powerpc/mm/book3s64/hash_native.c | 13 arch/riscv/mm/init.c | 2 arch/riscv/net/bpf_jit.h | 6 arch/riscv/net/bpf_jit_core.c | 19 arch/s390/Makefile | 1 arch/x86/events/intel/core.c | 7 arch/xtensa/platforms/iss/network.c | 2 block/blk-crypto-profile.c | 12 drivers/accel/ivpu/ivpu_drv.h | 1 drivers/accel/ivpu/ivpu_hw_mtl.c | 20 drivers/base/regmap/regmap-irq.c | 2 drivers/bus/intel-ixp4xx-eb.c | 2 drivers/char/hw_random/imx-rngc.c | 6 drivers/char/tpm/tpm-chip.c | 7 drivers/char/tpm/tpm_crb.c | 19 drivers/char/tpm/tpm_tis.c | 25 drivers/char/tpm/tpm_tis_core.c | 103 +++ drivers/char/tpm/tpm_tis_core.h | 4 drivers/char/tpm/tpm_tis_i2c.c | 59 +- drivers/char/tpm/tpm_vtpm_proxy.c | 30 - drivers/firmware/stratix10-svc.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 12 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 64 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_crc.h | 2 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c | 26 + drivers/gpu/drm/amd/display/dc/core/dc.c | 3 drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c | 10 drivers/gpu/drm/amd/display/dc/dcn20/dcn20_hwseq.c | 11 drivers/gpu/drm/amd/display/dc/dcn32/dcn32_hwseq.c | 4 drivers/gpu/drm/amd/display/dc/dcn32/dcn32_optc.c | 2 drivers/gpu/drm/amd/display/dc/dcn32/dcn32_optc.h | 1 drivers/gpu/drm/amd/display/dc/dcn32/dcn32_resource.c | 2 drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c | 15 drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.h | 2 drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_irq_handler.c | 11 drivers/gpu/drm/amd/display/dmub/dmub_srv.h | 2 drivers/gpu/drm/amd/pm/swsmu/inc/smu_v13_0.h | 4 drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c | 2 drivers/gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c | 2 drivers/gpu/drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.c | 2 drivers/gpu/drm/amd/pm/swsmu/smu13/aldebaran_ppt.c | 2 drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0.c | 67 ++ drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c | 35 - drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_6_ppt.c | 2 drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_7_ppt.c | 33 - drivers/gpu/drm/bridge/synopsys/dw-hdmi.c | 9 drivers/gpu/drm/bridge/ti-sn65dsi86.c | 35 - drivers/gpu/drm/display/drm_dp_mst_topology.c | 54 +- drivers/gpu/drm/drm_atomic.c | 11 drivers/gpu/drm/drm_atomic_helper.c | 11 drivers/gpu/drm/drm_client.c | 21 drivers/gpu/drm/drm_fbdev_dma.c | 6 drivers/gpu/drm/drm_fbdev_generic.c | 4 drivers/gpu/drm/exynos/exynos_drm_fbdev.c | 4 drivers/gpu/drm/gma500/fbdev.c | 4 drivers/gpu/drm/i915/display/intel_display.c | 1 drivers/gpu/drm/i915/display/intel_dp.c | 7 drivers/gpu/drm/i915/gt/intel_gtt.c | 2 drivers/gpu/drm/msm/msm_fbdev.c | 4 drivers/gpu/drm/nouveau/dispnv50/disp.c | 12 drivers/gpu/drm/nouveau/nouveau_chan.c | 1 drivers/gpu/drm/nouveau/nouveau_chan.h | 1 drivers/gpu/drm/nouveau/nouveau_drm.c | 20 drivers/gpu/drm/nouveau/nvkm/engine/disp/g94.c | 1 drivers/gpu/drm/nouveau/nvkm/engine/disp/gt215.c | 2 drivers/gpu/drm/nouveau/nvkm/subdev/acr/base.c | 2 drivers/gpu/drm/omapdrm/omap_fbdev.c | 4 drivers/gpu/drm/panel/panel-simple.c | 2 drivers/gpu/drm/radeon/radeon_fbdev.c | 4 drivers/gpu/drm/rockchip/rockchip_drm_vop.c | 8 drivers/gpu/drm/tegra/fbdev.c | 4 drivers/gpu/drm/ttm/ttm_bo.c | 23 drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_desc.c | 30 - drivers/hid/hid-hyperv.c | 10 drivers/hid/hid-input.c | 7 drivers/iio/adc/meson_saradc.c | 2 drivers/md/dm-integrity.c | 4 drivers/md/dm-verity-loadpin.c | 3 drivers/md/raid0.c | 62 ++ drivers/md/raid0.h | 1 drivers/mfd/qcom-pm8008.c | 1 drivers/misc/fastrpc.c | 2 drivers/misc/pci_endpoint_test.c | 10 drivers/mtd/nand/raw/meson_nand.c | 4 drivers/net/dsa/hirschmann/hellcreek.c | 14 drivers/net/dsa/ocelot/felix.c | 6 drivers/net/dsa/ocelot/felix.h | 1 drivers/net/dsa/ocelot/felix_vsc9959.c | 28 - drivers/net/dsa/qca/qca8k-8xxx.c | 3 drivers/net/dsa/sja1105/sja1105_tas.c | 7 drivers/net/ethernet/amazon/ena/ena_com.c | 3 drivers/net/ethernet/broadcom/bgmac.c | 4 drivers/net/ethernet/broadcom/genet/bcmmii.c | 2 drivers/net/ethernet/engleder/tsnep_selftests.c | 12 drivers/net/ethernet/engleder/tsnep_tc.c | 4 drivers/net/ethernet/freescale/enetc/enetc_qos.c | 6 drivers/net/ethernet/freescale/fec.h | 17 drivers/net/ethernet/freescale/fec_main.c | 178 ++++-- drivers/net/ethernet/google/gve/gve_ethtool.c | 3 drivers/net/ethernet/intel/ice/ice_main.c | 23 drivers/net/ethernet/intel/ice/ice_tc_lib.c | 22 drivers/net/ethernet/intel/ice/ice_tc_lib.h | 1 drivers/net/ethernet/intel/igc/igc.h | 15 drivers/net/ethernet/intel/igc/igc_ethtool.c | 2 drivers/net/ethernet/intel/igc/igc_main.c | 158 +++++- drivers/net/ethernet/intel/igc/igc_ptp.c | 25 drivers/net/ethernet/intel/igc/igc_tsn.c | 68 +- drivers/net/ethernet/marvell/mvneta.c | 4 drivers/net/ethernet/marvell/octeontx2/af/ptp.c | 19 drivers/net/ethernet/marvell/octeontx2/af/rvu.c | 2 drivers/net/ethernet/marvell/octeontx2/af/rvu_nix.c | 11 drivers/net/ethernet/marvell/octeontx2/af/rvu_npc_hash.c | 23 drivers/net/ethernet/marvell/octeontx2/nic/otx2_flows.c | 8 drivers/net/ethernet/marvell/octeontx2/nic/otx2_tc.c | 15 drivers/net/ethernet/mellanox/mlx5/core/en/fs_tt_redirect.c | 6 drivers/net/ethernet/mellanox/mlx5/core/en/ptp.c | 6 drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c | 14 drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.h | 1 drivers/net/ethernet/mellanox/mlx5/core/en/xdp.c | 3 drivers/net/ethernet/mellanox/mlx5/core/en_accel/fs_tcp.c | 1 drivers/net/ethernet/mellanox/mlx5/core/en_rx.c | 44 - drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 6 drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 3 drivers/net/ethernet/mellanox/mlx5/core/thermal.c | 19 drivers/net/ethernet/microchip/Kconfig | 2 drivers/net/ethernet/microchip/lan743x_main.c | 21 drivers/net/ethernet/microchip/lan966x/lan966x_tc.c | 10 drivers/net/ethernet/mscc/ocelot_mm.c | 7 drivers/net/ethernet/netronome/nfp/nfp_net_common.c | 5 drivers/net/ethernet/pensando/ionic/ionic_lif.c | 5 drivers/net/ethernet/stmicro/stmmac/stmmac_tc.c | 7 drivers/net/ethernet/ti/am65-cpsw-qos.c | 11 drivers/net/ethernet/wangxun/txgbe/txgbe_hw.c | 3 drivers/net/netdevsim/dev.c | 9 drivers/net/phy/dp83td510.c | 23 drivers/net/wireless/cisco/airo.c | 5 drivers/net/wireless/realtek/rtw89/debug.c | 5 drivers/ntb/hw/amd/ntb_hw_amd.c | 7 drivers/ntb/hw/idt/ntb_hw_idt.c | 7 drivers/ntb/hw/intel/ntb_hw_gen1.c | 7 drivers/ntb/ntb_transport.c | 2 drivers/ntb/test/ntb_tool.c | 2 drivers/nvme/host/core.c | 36 + drivers/nvme/host/pci.c | 2 drivers/opp/core.c | 3 drivers/pci/controller/dwc/pcie-qcom.c | 2 drivers/pci/controller/pcie-rockchip-ep.c | 65 -- drivers/pci/controller/pcie-rockchip.c | 17 drivers/pci/controller/pcie-rockchip.h | 11 drivers/pci/endpoint/functions/pci-epf-test.c | 40 + drivers/pci/pci.c | 10 drivers/pci/probe.c | 4 drivers/pci/quirks.c | 2 drivers/perf/riscv_pmu.c | 3 drivers/pinctrl/pinctrl-amd.c | 103 +-- drivers/pinctrl/pinctrl-amd.h | 2 drivers/platform/x86/wmi.c | 22 drivers/pwm/pwm-meson.c | 28 - drivers/s390/crypto/zcrypt_msgtype6.c | 6 drivers/s390/net/ism_drv.c | 139 ++--- drivers/scsi/lpfc/lpfc_crtn.h | 1 drivers/scsi/lpfc/lpfc_els.c | 30 - drivers/scsi/lpfc/lpfc_hbadisc.c | 24 drivers/scsi/mpi3mr/mpi3mr_fw.c | 5 drivers/scsi/qla2xxx/qla_attr.c | 13 drivers/scsi/qla2xxx/qla_bsg.c | 6 drivers/scsi/qla2xxx/qla_def.h | 22 drivers/scsi/qla2xxx/qla_edif.c | 4 drivers/scsi/qla2xxx/qla_gbl.h | 2 drivers/scsi/qla2xxx/qla_init.c | 258 +++++++++- drivers/scsi/qla2xxx/qla_inline.h | 5 drivers/scsi/qla2xxx/qla_iocb.c | 38 + drivers/scsi/qla2xxx/qla_isr.c | 64 ++ drivers/scsi/qla2xxx/qla_nvme.c | 3 drivers/scsi/qla2xxx/qla_os.c | 133 ++--- drivers/soc/qcom/mdt_loader.c | 16 drivers/soundwire/qcom.c | 3 drivers/tty/n_tty.c | 25 drivers/tty/serial/8250/8250.h | 1 drivers/tty/serial/8250/8250_pci.c | 19 drivers/tty/serial/8250/8250_port.c | 11 drivers/tty/serial/atmel_serial.c | 4 drivers/tty/serial/imx.c | 18 drivers/tty/serial/samsung_tty.c | 14 drivers/ufs/host/Kconfig | 1 drivers/usb/host/xhci-mem.c | 39 + drivers/usb/host/xhci-pci.c | 12 drivers/usb/host/xhci.h | 2 drivers/xen/grant-dma-ops.c | 2 fs/ceph/addr.c | 85 ++- fs/ceph/caps.c | 9 fs/ceph/super.h | 13 fs/dlm/ast.c | 8 fs/dlm/lockspace.c | 12 fs/dlm/lockspace.h | 1 fs/dlm/lowcomms.c | 1 fs/dlm/midcomms.c | 3 fs/dlm/plock.c | 115 ++-- fs/erofs/inode.c | 3 fs/erofs/zdata.c | 4 fs/ext2/inode.c | 5 fs/ext4/indirect.c | 8 fs/ext4/inode.c | 10 fs/ext4/ioctl.c | 5 fs/ext4/mballoc.c | 17 fs/ext4/super.c | 31 - fs/f2fs/dir.c | 9 fs/f2fs/super.c | 30 - fs/f2fs/xattr.c | 6 fs/jfs/jfs_dmap.c | 6 fs/jfs/jfs_filsys.h | 2 fs/smb/client/cifs_dfs_ref.c | 20 fs/smb/client/cifsproto.h | 2 fs/smb/client/cifssmb.c | 2 fs/smb/client/dfs.c | 43 - fs/smb/client/file.c | 4 fs/smb/client/fs_context.c | 59 +- fs/smb/client/misc.c | 17 fs/smb/client/smb2transport.c | 7 fs/smb/server/smb2pdu.c | 109 ++-- include/drm/display/drm_dp_mst_helper.h | 7 include/linux/blk-crypto-profile.h | 1 include/linux/ism.h | 7 include/linux/kasan.h | 2 include/linux/nvme.h | 2 include/linux/rethook.h | 1 include/linux/serial_8250.h | 1 include/net/netfilter/nf_conntrack_tuple.h | 3 include/net/netfilter/nf_tables.h | 31 + include/net/pkt_sched.h | 9 include/soc/mscc/ocelot.h | 1 kernel/bpf/cpumap.c | 40 - kernel/bpf/verifier.c | 5 kernel/dma/swiotlb.c | 46 + kernel/power/qos.c | 9 kernel/trace/fprobe.c | 15 kernel/trace/ftrace.c | 45 + kernel/trace/rethook.c | 13 kernel/trace/ring_buffer.c | 24 kernel/trace/trace.c | 3 kernel/trace/trace.h | 2 kernel/trace/trace_eprobe.c | 18 kernel/trace/trace_events_hist.c | 8 kernel/trace/trace_events_user.c | 6 kernel/trace/trace_probe.c | 2 kernel/trace/trace_probe_kernel.h | 30 - kernel/trace/trace_probe_tmpl.h | 10 kernel/trace/trace_uprobe.c | 3 mm/kasan/common.c | 2 mm/kasan/generic.c | 73 +- mm/kasan/kasan.h | 171 +++--- mm/kasan/report.c | 17 mm/kasan/report_generic.c | 12 mm/kasan/report_hw_tags.c | 2 mm/kasan/report_sw_tags.c | 2 mm/kasan/shadow.c | 36 - mm/kasan/sw_tags.c | 20 mm/mmap.c | 9 mm/slab.h | 16 net/ceph/messenger_v2.c | 41 + net/core/net-traces.c | 2 net/core/skbuff.c | 5 net/core/xdp.c | 2 net/ipv6/addrconf.c | 3 net/ipv6/icmp.c | 5 net/ipv6/udp.c | 4 net/mptcp/protocol.c | 7 net/ncsi/ncsi-rsp.c | 93 --- net/netfilter/nf_conntrack_core.c | 20 net/netfilter/nf_tables_api.c | 163 +++--- net/netfilter/nft_flow_offload.c | 6 net/netfilter/nft_immediate.c | 8 net/netfilter/nft_objref.c | 8 net/sched/cls_flower.c | 10 net/sched/cls_fw.c | 10 net/sched/sch_qfq.c | 18 net/sched/sch_taprio.c | 4 samples/ftrace/ftrace-direct-too.c | 14 security/integrity/platform_certs/load_powerpc.c | 40 + tools/testing/selftests/net/mptcp/config | 1 tools/testing/selftests/net/mptcp/mptcp_connect.sh | 3 tools/testing/selftests/net/mptcp/mptcp_sockopt.sh | 29 - tools/testing/selftests/net/mptcp/pm_nl_ctl.c | 10 tools/testing/selftests/net/mptcp/userspace_pm.sh | 4 311 files changed, 3509 insertions(+), 1986 deletions(-) Adrián Larumbe (1): drm: bridge: dw_hdmi: fix connector access for scdc Alan Liu (1): drm/amd/display: Fix in secure display context creation Alexander Aring (8): fs: dlm: revert check required context while close fs: dlm: return positive pid value for F_GETLK fs: dlm: fix cleanup pending ops when interrupted fs: dlm: interrupt posix locks only when process is killed fs: dlm: make F_SETLK use unkillable wait_event fs: dlm: fix mismatch of plock results from userspace fs: dlm: clear pending bit when queue was empty fs: dlm: fix missing pending to false Alexander Sverdlin (2): tpm: tis_i2c: Limit read bursts to I2C_SMBUS_BLOCK_MAX (32) bytes tpm: tis_i2c: Limit write bursts to I2C_SMBUS_BLOCK_MAX (32) bytes Alvin Lee (1): drm/amd/display: Limit DCN32 8 channel or less parts to DPM1 for FPO Andrey Konovalov (2): kasan, slub: fix HW_TAGS zeroing with slub_debug kasan: fix type cast in memory_is_poisoned_n Andy Shevchenko (1): platform/x86: wmi: Break possible infinite loop when parsing GUID Ankit Kumar (1): nvme: fix the NVME_ID_NS_NVM_STS_MASK definition Aravindhan Gunasekaran (1): igc: Handle PPS start time programming for past time values Arnd Bergmann (3): HID: hyperv: avoid struct memcpy overrun warning kasan: add kasan_tag_mismatch prototype kasan: use internal prototypes matching gcc-13 builtins Arseniy Krasnov (1): mtd: rawnand: meson: fix unaligned DMA buffers handling Aurabindo Pillai (1): drm/amd/display: Add monitor specific edid quirk Austin Zheng (1): drm/amd/display: Remove Phantom Pipe Check When Calculating K1 and K2 Baokun Li (2): ext4: turn quotas off if mount failed after enabling quotas ext4: only update i_reserved_data_blocks on successful block allocation Basavaraj Natikar (2): HID: amd_sfh: Rename the float32 variable HID: amd_sfh: Fix for shift-out-of-bounds Beau Belgrave (1): tracing/user_events: Fix struct arg size match check Bharath SM (1): cifs: if deferred close is disabled then close files immediately Bikash Hazarika (2): scsi: qla2xxx: Fix potential NULL pointer dereference scsi: qla2xxx: Correct the index of array Björn Töpel (1): riscv, bpf: Fix inconsistent JIT image generation Brian Norris (2): drm/atomic: Allow vblank-enabled + self-refresh "disable" drm/rockchip: vop: Leave vblank enabled in self-refresh Chao Yu (2): f2fs: don't reset unchangable mount option in f2fs_remount() ext4: fix to check return value of freeze_bdev() in ext4_shutdown() Christian Hesse (2): tpm/tpm_tis: Disable interrupts for Framework Laptop Intel 12th gen tpm/tpm_tis: Disable interrupts for Framework Laptop Intel 13th gen Christian Marangi (1): soc: qcom: mdt_loader: Fix unconditional call to scm_pas_mem_setup Christoph Hellwig (1): nvme: don't reject probe due to duplicate IDs for single-ported PCIe devices Christophe JAILLET (3): tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk firmware: stratix10-svc: Fix a potential resource leak in svc_create_memory_pool() Chungkai Yang (1): PM: QoS: Restore support for default value on frequency QoS Chunhai Guo (2): erofs: avoid useless loops in z_erofs_pcluster_readmore() when reading beyond EOF erofs: avoid infinite loop in z_erofs_do_read_page() when reading beyond EOF Damien Le Moal (5): PCI: epf-test: Fix DMA transfer completion initialization PCI: epf-test: Fix DMA transfer completion detection PCI: rockchip: Set address alignment for endpoint mode misc: pci_endpoint_test: Free IRQs before removing the device misc: pci_endpoint_test: Re-init completion for every test Dan Carpenter (5): scsi: qla2xxx: Fix error code in qla2x00_start_sp() netdevsim: fix uninitialized data in nsim_dev_trap_fa_cookie_write() serial: atmel: don't enable IRQs prematurely scsi: qla2xxx: Fix end of loop test net: dsa: ocelot: unlock on error in vsc9959_qos_port_tas_set() Daniel Vetter (1): drm/atomic: Fix potential use-after-free in nonblocking commits David Woodhouse (1): mm/mmap: Fix error return in do_vmi_align_munmap() Dmitry Torokhov (1): HID: input: fix mapping for camera access keys Dmytro Laktyushkin (1): drm/amd/display: fix seamless odm transitions Douglas Anderson (1): drm/bridge: ti-sn65dsi86: Fix auxiliary bus lifetime Dragos Tatulea (2): net/mlx5e: RX, Fix flush and close release flow of regular rq for legacy rq net/mlx5e: RX, Fix page_pool page fragment tracking for XDP Ekansh Gupta (1): misc: fastrpc: Create fastrpc scalar with correct buffer count Eric Biggers (1): blk-crypto: use dynamic lock class for blk_crypto_profile::lock Eric Dumazet (1): udp6: fix udp6_ehashfn() typo Eric Lin (1): perf: RISC-V: Remove PERF_HES_STOPPED flag checking in riscv_pmu_start() Evan Quan (1): drm/amd/pm: share the code around SMU13 pcie parameters update Fabio Estevam (1): drm/panel: simple: Add connector_type for innolux_at043tn24 Florent Revest (1): samples: ftrace: Save required argument registers in sample trampolines Florian Bezdeka (1): tpm/tpm_tis: Disable interrupts for Lenovo L590 devices Florian Fainelli (1): net: bcmgenet: Ensure MDIO unregistration has clocks enabled Florian Kauer (6): igc: Rename qbv_enable to taprio_offload_enable igc: Do not enable taprio offload for invalid arguments igc: Handle already enabled taprio offload for basetime 0 igc: No strict mode in pure launchtime/CBS offload igc: Fix launchtime before start of cycle igc: Fix inserting of empty frame for launchtime Florian Westphal (1): netfilter: conntrack: don't fold port numbers into addresses before hashing Frank Wunderlich (1): arm64: dts: mt7986: use size of reserved partition for bl2 Geert Uytterhoeven (1): drm/fbdev-dma: Fix documented default preferred_bpp value George Stark (1): meson saradc: fix clock divider mask length Greg Kroah-Hartman (1): Linux 6.4.5 Gustavo A. R. Silva (1): smb: client: Fix -Wstringop-overflow issues Hamza Mahfooz (1): drm/amd/display: perform a bounds check before filling dirty rectangles Harald Freudenberger (1): s390/zcrypt: do not retry administrative requests Heiko Carstens (1): s390/decompressor: fix misaligned symbol build error Heiner Kallweit (2): pwm: meson: modify and simplify calculation in meson_pwm_get_state pwm: meson: fix handling of period/duty if greater than UINT_MAX Hersen Wu (1): drm/amd/display: edp do not add non-edid timings Huacai Chen (3): MIPS: Loongson: Fix cpu_probe_loongson() again MIPS: Loongson: Fix build error when make modules_install MIPS: KVM: Fix NULL pointer dereference Hui Li (1): tty: fix hang on tty device with no_room set Ido Schimmel (1): net/sched: flower: Ensure both minimum and maximum ports are specified Ilya Bakoulin (1): drm/amd/display: Fix 128b132b link loss handling Ilya Dryomov (1): libceph: harden msgr2.1 frame segment length checks Isaac J. Manjarres (1): regmap-irq: Fix out-of-bounds access when allocating config buffers Ivan Babrou (1): udp6: add a missing call into udp_fail_queue_rcv_skb tracepoint Ivan Mikhaylov (2): net/ncsi: make one oem_gma function for all mfr id net/ncsi: change from ndo_set_mac_address to dev_set_mac_address Jaegeuk Kim (1): f2fs: fix deadlock in i_xattr_sem and inode page lock Jarkko Sakkinen (1): tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation Jason Baron (1): md/raid0: add discard support for the 'original' layout Jerry Snitselaar (1): tpm: return false from tpm_amd_is_rng_defective on non-x86 platforms Jesper Dangaard Brouer (2): igc: Add igc_xdp_buff wrapper for xdp_buff in driver igc: Add XDP hints kfuncs for RX hash Jiaqing Zhao (1): Revert "8250: add support for ASIX devices with a FIFO bug" Jiasheng Jiang (2): NTB: ntb_tool: Add check for devm_kcalloc net: dsa: qca8k: Add check for skb_copy Jiawen Wu (1): net: txgbe: fix eeprom calculation error Jiaxun Yang (1): MIPS: cpu-features: Use boot_cpu_type for CPU type based features Jiri Olsa (1): fprobe: Release rethook after the ftrace_ops is unregistered Jisheng Zhang (1): riscv: mm: fix truncation warning on RV32 Johan Hovold (1): mfd: pm8008: Fix module autoloading Jonas Gorski (1): bus: ixp4xx: fix IXP4XX_EXP_T1_MASK Junfeng Guo (1): gve: Set default duplex configuration to full Justin Tee (1): scsi: lpfc: Fix double free in lpfc_cmpl_els_logo_acc() caused by lpfc_nlp_not_used() Karol Herbst (4): drm/nouveau/disp: fix HDMI on gt215+ drm/nouveau/disp/g94: enable HDMI drm/nouveau/acr: Abort loading ACR if no firmware was found drm/nouveau: bring back blit subchannel for pre nv50 GPUs Karol Wachowski (2): accel/ivpu: Fix VPU register access in irq disable accel/ivpu: Clear specific interrupt status bits on C0 Kemeng Shi (3): ext4: fix wrong unit use in ext4_mb_clear_bb ext4: get block from bh in ext4_free_blocks for fast commit replay ext4: fix wrong unit use in ext4_mb_new_blocks Klaus Kudielka (1): net: mvneta: fix txq_map in case of txq_number==1 Kornel Dulęba (1): pinctrl: amd: Detect and mask spurious interrupts Krister Johansen (1): net: ena: fix shift-out-of-bounds in exponential backoff Krzysztof Kozlowski (1): soundwire: qcom: fix storing port config out-of-bounds Kumar Kartikeya Dwivedi (1): bpf: Fix max stack depth check for async callbacks Kuniyuki Iwashima (1): icmp6: Fix null-ptr-deref of ip6_null_entry->rt6i_idev in icmp6_dev(). Larysa Zaremba (1): xdp: use trusted arguments in XDP hints kfuncs Leo Chen (1): drm/amd/display: disable seamless boot if force_odm_combine is enabled Lino Sanfilippo (1): tpm,tpm_tis: Disable interrupts after 1000 unhandled IRQs Lu Hongfei (1): net: dsa: Removed unneeded of_node_put in felix_parse_ports_node M A Ramdhan (1): net/sched: cls_fw: Fix improper refcount update leads to use-after-free Maher Sanalla (1): net/mlx5: Query hca_cap_2 only when supported Manish Rangankar (1): scsi: qla2xxx: Remove unused nvme_ls_waitq wait queue Manivannan Sadhasivam (1): PCI: qcom: Disable write access to read only registers for IP v2.3.3 Marek Vasut (1): drm/panel: simple: Add Powertip PH800480T013 drm_display_mode flags Mario Limonciello (11): pinctrl: amd: Detect internal GPIO0 debounce handling pinctrl: amd: Fix mistake in handling clearing pins at startup pinctrl: amd: Revert "pinctrl: amd: disable and mask interrupts on probe" pinctrl: amd: Only use special debounce behavior for GPIO 0 pinctrl: amd: Use amd_pinconf_set() for all config options pinctrl: amd: Drop pull up select configuration pinctrl: amd: Unify debounce handling into amd_pinconf_set() drm/amd: Disable PSR-SU on Parade 0803 TCON drm/amd/display: Correct `DMUB_FW_VERSION` macro drm/amd/pm: conditionally disable pcie lane/speed switching for SMU13 Revert "drm/amd: Disable PSR-SU on Parade 0803 TCON" Martin Fuzzey (1): tty: serial: imx: fix rs485 rx after tx Martin Kaiser (1): hwrng: imx-rngc - fix the timeout for init and self check Masahiro Yamada (1): kbuild: make modules_install copy modules.builtin(.modinfo) Masami Hiramatsu (Google) (6): fprobe: Ensure running fprobe_exit_handler() finished before calling rethook_free() tracing/probes: Fix to avoid double count of the string length on the array tracing/probes: Fix not to count error code to total length tracing/probes: Fix to update dynamic data counter if fetcharg uses it Revert "tracing: Add "(fault)" name injection to kernel probes" tracing/probes: Fix to record 0-length data_loc in fetch_store_string*() if fails Mateusz Stachyra (1): tracing: Fix null pointer dereference in tracing_err_log_open() Matthias Kaehlcke (1): dm: verity-loadpin: Add NULL pointer check for 'bdev' parameter Matthieu Baerts (7): selftests: mptcp: sockopt: use 'iptables-legacy' if available selftests: mptcp: connect: fail if nft supposed to work selftests: mptcp: sockopt: return error if wrong mark selftests: mptcp: userspace_pm: use correct server port selftests: mptcp: userspace_pm: report errors with 'remove' tests selftests: mptcp: depend on SYN_COOKIES selftests: mptcp: pm_nl_ctl: fix 32-bit support Max Filippov (1): xtensa: ISS: fix call to split_if_spec Michael Ellerman (2): powerpc/security: Fix Speculation_Store_Bypass reporting on Power10 powerpc/64s: Fix native_hpte_remove() to be irq-safe Mikulas Patocka (1): dm integrity: reduce vmalloc space footprint on 32-bit architectures Ming Lei (1): nvme-pci: fix DMA direction of unmapping integrity data Mohamed Khalfella (1): tracing/histograms: Add histograms to hist_vars if they have referenced variables Moritz Fischer (1): net: lan743x: Don't sleep in atomic context Muhammad Husaini Zulkifli (3): igc: Add condition for qbv_config_change_errors counter igc: Remove delay during TX ring configuration igc: Fix TX Hang issue when QBV Gate is closed Namhyung Kim (1): perf/x86: Fix lockdep warning in for_each_sibling_event() on SPR Namjae Jeon (2): ksmbd: add missing compound request handing in some commands ksmbd: fix out of bounds read in smb2_sess_setup Naveen N Rao (1): powerpc: Fail build if using recordmcount with binutils v2.37 Nayna Jain (1): security/integrity: fix pointer to ESL data and its size on pseries Niklas Schnelle (3): s390/ism: Fix locking for forwarding of IRQs and events to clients s390/ism: Fix and simplify add()/remove() callback handling s390/ism: Do not unregister clients with registered DMBs Nilesh Javali (3): scsi: qla2xxx: Array index may go out of bound scsi: qla2xxx: Avoid fcport pointer dereference scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport() Nitya Sunkad (1): ionic: remove WARN_ON to prevent panic_on_warn Oleksij Rempel (1): net: phy: dp83td510: fix kernel stall during netboot in DP83TD510E PHY driver Oliver Upton (1): arm64: errata: Mitigate Ampere1 erratum AC03_CPU_38 at stage-2 Ondrej Zary (1): PCI/PM: Avoid putting EloPOS E2/S2/H2 PCIe Ports in D3cold Pablo Neira Ayuso (1): netfilter: nf_tables: report use refcount overflow Paolo Abeni (3): net: prevent skb corruption on frag list segmentation mptcp: do not rely on implicit state check in mptcp_listen() mptcp: ensure subflow is unhashed before cleaning the backlog Paulo Alcantara (2): smb: client: improve DFS mount check smb: client: fix parsing of source mount option Pedro Tammela (3): net/sched: make psched_mtu() RTNL-less safe net/sched: sch_qfq: reintroduce lmax bound check for MTU net/sched: sch_qfq: account for stab overhead in qfq_enqueue Peter Ujfalusi (1): tpm: tpm_tis: Disable interrupts *only* for AEON UPX-i11 Petr Pavlu (1): xen/virtio: Fix NULL deref when a bridge of PCI root bus has no parent Petr Tesarik (2): swiotlb: always set the number of areas before allocating the pool swiotlb: reduce the number of areas to match actual memory pool size Prasad Koya (1): igc: set TP bit in 'supported' and 'advertising' fields of ethtool_link_ksettings Pu Lehui (1): bpf: cpumap: Fix memory leak in cpu_map_update_elem Quinn Tran (7): scsi: qla2xxx: Multi-que support for TMF scsi: qla2xxx: Fix task management cmd failure scsi: qla2xxx: Fix task management cmd fail due to unavailable resource scsi: qla2xxx: Fix hang in task management scsi: qla2xxx: Wait for io return on terminate rport scsi: qla2xxx: Fix mem access after free scsi: qla2xxx: Fix buffer overrun Rafał Miłecki (1): net: bgmac: postpone turning IRQs off to avoid SoC hangs Randy Dunlap (2): scsi: ufs: ufs-mediatek: Add dependency for RESET_CONTROLLER wifi: airo: avoid uninitialized warning in airo_get_rate() Ratheesh Kannoth (1): octeontx2-af: Promisc enable/disable through mbox Rick Wertenbroek (5): PCI: rockchip: Assert PCI Configuration Enable bit after probe PCI: rockchip: Write PCI Device ID to correct register PCI: rockchip: Add poll and timeout to wait for PHY PLLs to be locked PCI: rockchip: Fix legacy IRQ generation for RK3399 PCIe endpoint core PCI: rockchip: Use u32 variable to access 32-bit registers Ritesh Harjani (IBM) (1): ext2/dax: Fix ext2_setsize when len is page aligned Robin Murphy (1): PCI: Add function 1 DMA alias quirk for Marvell 88SE9235 Ross Lagerwall (1): PCI: Release resource invalidated by coalescing Saeed Mahameed (1): net/mlx5: Register a unique thermal zone per device Sai Krishna (1): octeontx2-af: Move validation of ptp pointer before its usage Sakari Ailus (1): media: uapi: Fix [GS]_ROUTING ACTIVE flag value Samuel Pitoiset (1): drm/amdgpu: fix clearing mappings for BOs that are always valid in VM Sathya Prakash (1): scsi: mpi3mr: Propagate sense data for admin queue SCSI I/O Shreyas Deodhar (1): scsi: qla2xxx: Pointer may be dereferenced Siddh Raman Pant (1): jfs: jfs_dmap: Validate db_l2nbperpage while mounting Simon Horman (1): net: lan743x: select FIXED_PHY Sinthu Raja (1): arm64: dts: ti: k3-j721s2: Fix wkup pinmux range Sridhar Samudrala (2): ice: Fix max_rate check while configuring TX rate limits ice: Fix tx queue rate limit when TCs are configured Stafford Horne (1): openrisc: Union fpcsr and oldmask in sigcontext to unbreak userspace ABI Stanislav Lisovskiy (1): drm/i915: Don't preserve dpll_hw_state for slave crtc in Bigjoiner Stephan Gerhold (1): opp: Fix use-after-free in lazy_opp_tables after probe deferral Suman Ghosh (1): octeontx2-pf: Add additional check for MCAM rules Sung-huai Wang (1): drm/amd/display: add a NULL pointer check Tan Tee Min (1): igc: Include the length/type field and VLAN tag in queueMaxSDU Theodore Ts'o (1): ext4: avoid updating the superblock on a r/o mount if not needed Thomas Bogendoerfer (1): MIPS: kvm: Fix build error with KVM_MIPS_DEBUG_COP0_COUNTERS enabled Thomas Hellström (2): drm/ttm: Don't leak a resource on eviction error drm/ttm: Don't leak a resource on swapout move error Thomas Zimmermann (1): drm/client: Send hotplug event after registering a client Tvrtko Ursulin (1): drm/i915: Fix one wrong caching mode enum usage Tzvetomir Stoyanov (VMware) (1): kernel/trace: Fix cleanup logic of enable_trace_eprobe Valentin David (1): tpm: Do not remap from ACPI resources again for Pluton TPM Vlad Buslov (1): net/mlx5e: Check for NOT_READY flag state after locking Vladimir Oltean (3): net: dsa: felix: make vsc9959_tas_guard_bands_update() visible to ocelot->ops net: mscc: ocelot: fix oversize frame dropping for preemptible TCs net/sched: taprio: replace tc_taprio_qopt_offload :: enable with a "cmd" enum Wayne Lin (1): drm/dp_mst: Clear MSG_RDY flag before sending new message Wei Fang (4): net: fec: remove useless fec_enet_reset_skb() net: fec: remove last_bdp from fec_enet_txq_xmit_frame() net: fec: recycle pages for transmitted XDP frames net: fec: increase the size of tx ring and update tx_wake_threshold Weitao Wang (3): xhci: Fix resume issue of some ZHAOXIN hosts xhci: Fix TRB prefetch issue of ZHAOXIN hosts xhci: Show ZHAOXIN xHCI root hub speed correctly Winston Wen (1): cifs: fix session state check in smb2_find_smb_ses Xin Yin (1): erofs: fix fsdax unavailability for chunk-based regular files Xiubo Li (3): ceph: add a dedicated private data for netfs rreq ceph: fix blindly expanding the readahead windows ceph: don't let check_caps skip sending responses for revoke msgs Yang Wang (1): drm/amd/pm: fix smu i2c data read risk Yang Yingliang (1): NTB: ntb_transport: fix possible memory leak while device_register() fails Yevgeny Kliteynik (1): net/mlx5e: TC, CT: Offload ct clear only once Yinjun Zhang (1): nfp: clean mc addresses in application firmware when closing port Yuan Can (3): ntb: idt: Fix error handling in idt_pci_driver_init() NTB: amd: Fix error handling in amd_ntb_pci_driver_init() ntb: intel: Fix error handling in intel_ntb_pci_driver_init() Ze Gao (1): fprobe: add unlock to match a succeeded ftrace_test_recursion_trylock Zhang Shurong (1): wifi: rtw89: debug: fix error code in rtw89_debug_priv_send_h2c_set() Zheng Yejian (3): tracing: Fix memory leak of iter->temp when reading trace_pipe ring-buffer: Fix deadloop issue on reading trace_pipe ftrace: Fix possible warning on checking all pages used in ftrace_process_locs() Zhengchao Shao (3): net/mlx5e: fix double free in mlx5e_destroy_flow_table net/mlx5e: fix memory leak in mlx5e_fs_tt_redirect_any_create net/mlx5e: fix memory leak in mlx5e_ptp_open Zhihao Cheng (1): ext4: Fix reusing stale buffer heads from last failed mounting Ziyang Xuan (1): ipv6/addrconf: fix a potential refcount underflow for idev gaba (1): drm/amdgpu: avoid restore process run into dead loop. sunliming (1): tracing/user_events: Fix incorrect return value for writing operation when events are disabled

2 years, 3 months

1
1
0 0

Linux 6.1.40

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.40 kernel. All users of the 6.1 kernel series must upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/admin-guide/device-mapper/dm-init.rst | 8 Makefile | 2 arch/mips/include/asm/kvm_host.h | 6 arch/mips/kernel/cpu-probe.c | 9 arch/mips/kvm/emulate.c | 22 - arch/mips/kvm/mips.c | 16 arch/mips/kvm/stats.c | 4 arch/mips/kvm/trace.h | 8 arch/mips/kvm/vz.c | 20 arch/powerpc/Makefile | 8 arch/powerpc/kernel/security.c | 37 - arch/powerpc/mm/book3s64/hash_native.c | 13 arch/riscv/mm/init.c | 2 arch/riscv/net/bpf_jit.h | 6 arch/riscv/net/bpf_jit_core.c | 19 arch/s390/Makefile | 1 arch/x86/events/intel/core.c | 7 arch/xtensa/platforms/iss/network.c | 2 block/blk-crypto-profile.c | 12 drivers/base/regmap/regmap-irq.c | 2 drivers/bus/intel-ixp4xx-eb.c | 2 drivers/char/hw_random/imx-rngc.c | 6 drivers/char/tpm/tpm-chip.c | 7 drivers/char/tpm/tpm_crb.c | 19 drivers/char/tpm/tpm_tis_i2c.c | 59 +- drivers/char/tpm/tpm_vtpm_proxy.c | 30 - drivers/firmware/stratix10-svc.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 12 drivers/gpu/drm/amd/amdgpu/nbio_v2_3.c | 11 drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c | 4 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 8 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c | 26 + drivers/gpu/drm/amd/display/dc/core/dc.c | 3 drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c | 10 drivers/gpu/drm/amd/display/dc/dcn20/dcn20_hwseq.c | 11 drivers/gpu/drm/amd/display/dc/dcn32/dcn32_hwseq.c | 4 drivers/gpu/drm/amd/display/dc/dcn32/dcn32_optc.c | 2 drivers/gpu/drm/amd/display/dc/dcn32/dcn32_optc.h | 1 drivers/gpu/drm/amd/display/dmub/dmub_srv.h | 2 drivers/gpu/drm/amd/pm/swsmu/inc/amdgpu_smu.h | 1 drivers/gpu/drm/amd/pm/swsmu/inc/smu_v13_0.h | 4 drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0.c | 98 ++++ drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c | 34 - drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_7_ppt.c | 34 - drivers/gpu/drm/bridge/ti-sn65dsi86.c | 35 + drivers/gpu/drm/drm_atomic.c | 11 drivers/gpu/drm/drm_atomic_helper.c | 11 drivers/gpu/drm/drm_client.c | 21 drivers/gpu/drm/drm_fb_helper.c | 4 drivers/gpu/drm/i915/display/intel_display.c | 1 drivers/gpu/drm/i915/gt/intel_gtt.c | 2 drivers/gpu/drm/panel/panel-simple.c | 2 drivers/gpu/drm/rockchip/rockchip_drm_vop.c | 8 drivers/gpu/drm/ttm/ttm_bo.c | 1 drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_desc.c | 30 + drivers/iio/adc/meson_saradc.c | 2 drivers/md/dm-init.c | 22 - drivers/md/dm-integrity.c | 4 drivers/md/dm-verity-loadpin.c | 3 drivers/md/raid0.c | 62 ++ drivers/md/raid0.h | 1 drivers/mfd/qcom-pm8008.c | 1 drivers/misc/fastrpc.c | 2 drivers/misc/pci_endpoint_test.c | 10 drivers/mtd/nand/raw/meson_nand.c | 4 drivers/net/dsa/qca/qca8k-8xxx.c | 3 drivers/net/ethernet/amazon/ena/ena_com.c | 3 drivers/net/ethernet/broadcom/bgmac.c | 4 drivers/net/ethernet/broadcom/genet/bcmmii.c | 2 drivers/net/ethernet/google/gve/gve_ethtool.c | 3 drivers/net/ethernet/intel/ice/ice_main.c | 16 drivers/net/ethernet/intel/igc/igc_ethtool.c | 2 drivers/net/ethernet/intel/igc/igc_main.c | 5 drivers/net/ethernet/intel/igc/igc_ptp.c | 25 + drivers/net/ethernet/marvell/mvneta.c | 4 drivers/net/ethernet/marvell/octeontx2/af/ptp.c | 19 drivers/net/ethernet/marvell/octeontx2/af/rvu.c | 2 drivers/net/ethernet/marvell/octeontx2/af/rvu_nix.c | 11 drivers/net/ethernet/marvell/octeontx2/af/rvu_npc_hash.c | 23 - drivers/net/ethernet/marvell/octeontx2/nic/otx2_flows.c | 8 drivers/net/ethernet/marvell/octeontx2/nic/otx2_tc.c | 15 drivers/net/ethernet/mellanox/mlx5/core/en/fs_tt_redirect.c | 6 drivers/net/ethernet/mellanox/mlx5/core/en/ptp.c | 6 drivers/net/ethernet/mellanox/mlx5/core/en_accel/fs_tcp.c | 1 drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 6 drivers/net/ethernet/microchip/lan743x_main.c | 21 drivers/net/ethernet/pensando/ionic/ionic_lif.c | 5 drivers/net/netdevsim/dev.c | 9 drivers/net/phy/dp83td510.c | 23 - drivers/net/wireless/cisco/airo.c | 5 drivers/net/wireless/realtek/rtw89/debug.c | 5 drivers/ntb/hw/amd/ntb_hw_amd.c | 7 drivers/ntb/hw/idt/ntb_hw_idt.c | 7 drivers/ntb/hw/intel/ntb_hw_gen1.c | 7 drivers/ntb/ntb_transport.c | 2 drivers/ntb/test/ntb_tool.c | 2 drivers/nvme/host/core.c | 36 + drivers/nvme/host/pci.c | 2 drivers/opp/core.c | 3 drivers/pci/controller/dwc/pcie-qcom.c | 2 drivers/pci/controller/pcie-rockchip-ep.c | 65 +-- drivers/pci/controller/pcie-rockchip.c | 17 drivers/pci/controller/pcie-rockchip.h | 11 drivers/pci/endpoint/functions/pci-epf-test.c | 40 + drivers/pci/pci.c | 10 drivers/pci/probe.c | 4 drivers/pci/quirks.c | 2 drivers/perf/riscv_pmu.c | 3 drivers/pinctrl/pinctrl-amd.c | 190 +++----- drivers/pinctrl/pinctrl-amd.h | 3 drivers/platform/x86/wmi.c | 22 - drivers/pwm/pwm-meson.c | 28 - drivers/s390/crypto/zcrypt_msgtype6.c | 6 drivers/scsi/lpfc/lpfc_crtn.h | 1 drivers/scsi/lpfc/lpfc_els.c | 30 - drivers/scsi/lpfc/lpfc_hbadisc.c | 24 - drivers/scsi/mpi3mr/mpi3mr_fw.c | 5 drivers/scsi/qla2xxx/qla_attr.c | 13 drivers/scsi/qla2xxx/qla_bsg.c | 6 drivers/scsi/qla2xxx/qla_def.h | 22 - drivers/scsi/qla2xxx/qla_edif.c | 4 drivers/scsi/qla2xxx/qla_gbl.h | 2 drivers/scsi/qla2xxx/qla_init.c | 258 +++++++++++- drivers/scsi/qla2xxx/qla_inline.h | 5 drivers/scsi/qla2xxx/qla_iocb.c | 38 + drivers/scsi/qla2xxx/qla_isr.c | 64 ++ drivers/scsi/qla2xxx/qla_nvme.c | 3 drivers/scsi/qla2xxx/qla_os.c | 133 +++--- drivers/soc/qcom/mdt_loader.c | 16 drivers/soundwire/qcom.c | 3 drivers/tty/serial/8250/8250.h | 1 drivers/tty/serial/8250/8250_pci.c | 19 drivers/tty/serial/8250/8250_port.c | 11 drivers/tty/serial/atmel_serial.c | 4 drivers/tty/serial/imx.c | 18 drivers/tty/serial/samsung_tty.c | 14 drivers/ufs/host/Kconfig | 1 drivers/usb/host/xhci-mem.c | 39 + drivers/usb/host/xhci-pci.c | 12 drivers/usb/host/xhci.h | 2 fs/ceph/addr.c | 85 +++ fs/ceph/caps.c | 9 fs/ceph/super.h | 13 fs/dlm/lockspace.c | 12 fs/dlm/lockspace.h | 1 fs/dlm/midcomms.c | 3 fs/dlm/plock.c | 115 +++-- fs/erofs/inode.c | 3 fs/erofs/zdata.c | 4 fs/ext2/inode.c | 5 fs/ext4/indirect.c | 8 fs/ext4/inode.c | 10 fs/ext4/ioctl.c | 5 fs/ext4/mballoc.c | 17 fs/ext4/super.c | 19 fs/f2fs/compress.c | 2 fs/f2fs/dir.c | 9 fs/f2fs/xattr.c | 6 fs/jfs/jfs_dmap.c | 6 fs/jfs/jfs_filsys.h | 2 fs/ntfs3/index.c | 84 +++ fs/ntfs3/inode.c | 18 fs/ntfs3/ntfs_fs.h | 4 fs/ntfs3/run.c | 7 fs/ntfs3/xattr.c | 109 +++-- fs/overlayfs/inode.c | 12 fs/overlayfs/overlayfs.h | 2 fs/overlayfs/util.c | 7 fs/smb/client/file.c | 4 fs/smb/client/smb2transport.c | 7 fs/smb/server/smb2pdu.c | 109 +++-- include/linux/blk-crypto-profile.h | 1 include/linux/nvme.h | 2 include/linux/rethook.h | 1 include/linux/serial_8250.h | 1 include/linux/workqueue.h | 15 include/net/pkt_sched.h | 2 kernel/bpf/cpumap.c | 40 + kernel/bpf/verifier.c | 5 kernel/dma/swiotlb.c | 110 +++-- kernel/power/qos.c | 9 kernel/trace/fprobe.c | 11 kernel/trace/ftrace.c | 45 +- kernel/trace/rethook.c | 13 kernel/trace/ring_buffer.c | 24 - kernel/trace/trace.c | 3 kernel/trace/trace_eprobe.c | 18 kernel/trace/trace_events_hist.c | 8 kernel/trace/trace_events_user.c | 6 kernel/trace/trace_probe_tmpl.h | 14 kernel/workqueue.c | 13 mm/kasan/kasan.h | 3 net/ceph/messenger_v2.c | 41 + net/core/skbuff.c | 5 net/ipv6/addrconf.c | 3 net/ipv6/icmp.c | 5 net/ipv6/udp.c | 2 net/ncsi/ncsi-rsp.c | 93 +--- net/sched/cls_flower.c | 10 net/sched/cls_fw.c | 10 net/sched/sch_qfq.c | 41 + samples/ftrace/ftrace-direct-too.c | 14 tools/testing/selftests/net/mptcp/config | 1 tools/testing/selftests/net/mptcp/mptcp_connect.sh | 3 tools/testing/selftests/net/mptcp/mptcp_sockopt.sh | 9 tools/testing/selftests/net/mptcp/pm_nl_ctl.c | 10 tools/testing/selftests/net/mptcp/userspace_pm.sh | 4 208 files changed, 2335 insertions(+), 1240 deletions(-) Alex Deucher (1): drm/amdgpu/sdma4: set align mask to 255 Alexander Aring (6): fs: dlm: revert check required context while close fs: dlm: return positive pid value for F_GETLK fs: dlm: fix cleanup pending ops when interrupted fs: dlm: interrupt posix locks only when process is killed fs: dlm: make F_SETLK use unkillable wait_event fs: dlm: fix mismatch of plock results from userspace Alexander Sverdlin (2): tpm: tis_i2c: Limit read bursts to I2C_SMBUS_BLOCK_MAX (32) bytes tpm: tis_i2c: Limit write bursts to I2C_SMBUS_BLOCK_MAX (32) bytes Alexey Kardashevskiy (1): swiotlb: reduce the swiotlb buffer size on allocation failure Andy Shevchenko (1): platform/x86: wmi: Break possible infinite loop when parsing GUID Ankit Kumar (1): nvme: fix the NVME_ID_NS_NVM_STS_MASK definition Aravindhan Gunasekaran (1): igc: Handle PPS start time programming for past time values Arnd Bergmann (1): kasan: add kasan_tag_mismatch prototype Arseniy Krasnov (1): mtd: rawnand: meson: fix unaligned DMA buffers handling Aurabindo Pillai (1): drm/amd/display: Add monitor specific edid quirk Austin Zheng (1): drm/amd/display: Remove Phantom Pipe Check When Calculating K1 and K2 Baokun Li (2): ext4: turn quotas off if mount failed after enabling quotas ext4: only update i_reserved_data_blocks on successful block allocation Basavaraj Natikar (3): HID: amd_sfh: Rename the float32 variable HID: amd_sfh: Fix for shift-out-of-bounds pinctrl: amd: Add Z-state wake control bits Beau Belgrave (1): tracing/user_events: Fix struct arg size match check Bharath SM (1): cifs: if deferred close is disabled then close files immediately Bikash Hazarika (2): scsi: qla2xxx: Fix potential NULL pointer dereference scsi: qla2xxx: Correct the index of array Björn Töpel (1): riscv, bpf: Fix inconsistent JIT image generation Brian Norris (2): drm/atomic: Allow vblank-enabled + self-refresh "disable" drm/rockchip: vop: Leave vblank enabled in self-refresh Chao Yu (1): ext4: fix to check return value of freeze_bdev() in ext4_shutdown() Christian Marangi (1): soc: qcom: mdt_loader: Fix unconditional call to scm_pas_mem_setup Christoph Hellwig (1): nvme: don't reject probe due to duplicate IDs for single-ported PCIe devices Christophe JAILLET (3): tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk firmware: stratix10-svc: Fix a potential resource leak in svc_create_memory_pool() Chungkai Yang (1): PM: QoS: Restore support for default value on frequency QoS Chunhai Guo (2): erofs: avoid useless loops in z_erofs_pcluster_readmore() when reading beyond EOF erofs: avoid infinite loop in z_erofs_do_read_page() when reading beyond EOF Damien Le Moal (5): PCI: epf-test: Fix DMA transfer completion initialization PCI: epf-test: Fix DMA transfer completion detection PCI: rockchip: Set address alignment for endpoint mode misc: pci_endpoint_test: Free IRQs before removing the device misc: pci_endpoint_test: Re-init completion for every test Dan Carpenter (4): scsi: qla2xxx: Fix error code in qla2x00_start_sp() netdevsim: fix uninitialized data in nsim_dev_trap_fa_cookie_write() serial: atmel: don't enable IRQs prematurely scsi: qla2xxx: Fix end of loop test Daniel Vetter (1): drm/atomic: Fix potential use-after-free in nonblocking commits Dmytro Laktyushkin (1): drm/amd/display: fix seamless odm transitions Douglas Anderson (1): drm/bridge: ti-sn65dsi86: Fix auxiliary bus lifetime Ekansh Gupta (1): misc: fastrpc: Create fastrpc scalar with correct buffer count Eric Biggers (1): blk-crypto: use dynamic lock class for blk_crypto_profile::lock Eric Dumazet (1): udp6: fix udp6_ehashfn() typo Eric Lin (1): perf: RISC-V: Remove PERF_HES_STOPPED flag checking in riscv_pmu_start() Evan Quan (2): drm/amd/pm: revise the ASPM settings for thunderbolt attached scenario drm/amd/pm: share the code around SMU13 pcie parameters update Fabio Estevam (1): drm/panel: simple: Add connector_type for innolux_at043tn24 Florent Revest (1): samples: ftrace: Save required argument registers in sample trampolines Florian Fainelli (1): net: bcmgenet: Ensure MDIO unregistration has clocks enabled Florian Kauer (2): igc: Fix launchtime before start of cycle igc: Fix inserting of empty frame for launchtime George Stark (1): meson saradc: fix clock divider mask length Greg Kroah-Hartman (1): Linux 6.1.40 Harald Freudenberger (1): s390/zcrypt: do not retry administrative requests Heiko Carstens (1): s390/decompressor: fix misaligned symbol build error Heiner Kallweit (2): pwm: meson: modify and simplify calculation in meson_pwm_get_state pwm: meson: fix handling of period/duty if greater than UINT_MAX Hersen Wu (1): drm/amd/display: edp do not add non-edid timings Huacai Chen (2): MIPS: Loongson: Fix cpu_probe_loongson() again MIPS: KVM: Fix NULL pointer dereference Ido Schimmel (1): net/sched: flower: Ensure both minimum and maximum ports are specified Ilya Dryomov (1): libceph: harden msgr2.1 frame segment length checks Isaac J. Manjarres (1): regmap-irq: Fix out-of-bounds access when allocating config buffers Ivan Mikhaylov (2): net/ncsi: make one oem_gma function for all mfr id net/ncsi: change from ndo_set_mac_address to dev_set_mac_address Jaegeuk Kim (2): f2fs: fix the wrong condition to determine atomic context f2fs: fix deadlock in i_xattr_sem and inode page lock Jarkko Sakkinen (1): tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation Jason Baron (1): md/raid0: add discard support for the 'original' layout Jerry Snitselaar (1): tpm: return false from tpm_amd_is_rng_defective on non-x86 platforms Jiaqing Zhao (1): Revert "8250: add support for ASIX devices with a FIFO bug" Jiasheng Jiang (2): NTB: ntb_tool: Add check for devm_kcalloc net: dsa: qca8k: Add check for skb_copy Jiri Olsa (1): fprobe: Release rethook after the ftrace_ops is unregistered Jisheng Zhang (1): riscv: mm: fix truncation warning on RV32 Johan Hovold (1): mfd: pm8008: Fix module autoloading Jonas Gorski (1): bus: ixp4xx: fix IXP4XX_EXP_T1_MASK Junfeng Guo (1): gve: Set default duplex configuration to full Justin Tee (1): scsi: lpfc: Fix double free in lpfc_cmpl_els_logo_acc() caused by lpfc_nlp_not_used() Kemeng Shi (3): ext4: fix wrong unit use in ext4_mb_clear_bb ext4: get block from bh in ext4_free_blocks for fast commit replay ext4: fix wrong unit use in ext4_mb_new_blocks Kenneth Feng (1): drm/amd/pm: add abnormal fan detection for smu 13.0.0 Klaus Kudielka (1): net: mvneta: fix txq_map in case of txq_number==1 Konstantin Komarov (1): fs/ntfs3: Check fields while reading Kornel Dulęba (1): pinctrl: amd: Detect and mask spurious interrupts Krister Johansen (1): net: ena: fix shift-out-of-bounds in exponential backoff Krzysztof Kozlowski (1): soundwire: qcom: fix storing port config out-of-bounds Kumar Kartikeya Dwivedi (1): bpf: Fix max stack depth check for async callbacks Kuniyuki Iwashima (1): icmp6: Fix null-ptr-deref of ip6_null_entry->rt6i_idev in icmp6_dev(). Leo Chen (1): drm/amd/display: disable seamless boot if force_odm_combine is enabled Linus Torvalds (1): workqueue: clean up WORK_* constant types, clarify masking Luben Tuikov (1): drm/amdgpu: Fix minmax warning M A Ramdhan (1): net/sched: cls_fw: Fix improper refcount update leads to use-after-free Manish Rangankar (1): scsi: qla2xxx: Remove unused nvme_ls_waitq wait queue Manivannan Sadhasivam (1): PCI: qcom: Disable write access to read only registers for IP v2.3.3 Marek Vasut (1): drm/panel: simple: Add Powertip PH800480T013 drm_display_mode flags Mario Limonciello (13): pinctrl: amd: Adjust debugfs output pinctrl: amd: Add fields for interrupt status and wake status pinctrl: amd: Detect internal GPIO0 debounce handling pinctrl: amd: Fix mistake in handling clearing pins at startup pinctrl: amd: Revert "pinctrl: amd: disable and mask interrupts on probe" pinctrl: amd: Only use special debounce behavior for GPIO 0 pinctrl: amd: Use amd_pinconf_set() for all config options pinctrl: amd: Drop pull up select configuration pinctrl: amd: Unify debounce handling into amd_pinconf_set() drm/amd: Disable PSR-SU on Parade 0803 TCON drm/amd/display: Correct `DMUB_FW_VERSION` macro drm/amd/pm: conditionally disable pcie lane/speed switching for SMU13 Revert "drm/amd: Disable PSR-SU on Parade 0803 TCON" Martin Fuzzey (1): tty: serial: imx: fix rs485 rx after tx Martin Kaiser (1): hwrng: imx-rngc - fix the timeout for init and self check Masami Hiramatsu (Google) (3): fprobe: Ensure running fprobe_exit_handler() finished before calling rethook_free() tracing/probes: Fix not to count error code to total length tracing/probes: Fix to update dynamic data counter if fetcharg uses it Mateusz Stachyra (1): tracing: Fix null pointer dereference in tracing_err_log_open() Matthias Kaehlcke (1): dm: verity-loadpin: Add NULL pointer check for 'bdev' parameter Matthieu Baerts (6): selftests: mptcp: connect: fail if nft supposed to work selftests: mptcp: sockopt: return error if wrong mark selftests: mptcp: userspace_pm: use correct server port selftests: mptcp: userspace_pm: report errors with 'remove' tests selftests: mptcp: depend on SYN_COOKIES selftests: mptcp: pm_nl_ctl: fix 32-bit support Max Filippov (1): xtensa: ISS: fix call to split_if_spec Michael Ellerman (2): powerpc/security: Fix Speculation_Store_Bypass reporting on Power10 powerpc/64s: Fix native_hpte_remove() to be irq-safe Mikulas Patocka (1): dm integrity: reduce vmalloc space footprint on 32-bit architectures Ming Lei (1): nvme-pci: fix DMA direction of unmapping integrity data Mohamed Khalfella (1): tracing/histograms: Add histograms to hist_vars if they have referenced variables Moritz Fischer (1): net: lan743x: Don't sleep in atomic context Muhammad Husaini Zulkifli (1): igc: Remove delay during TX ring configuration Namhyung Kim (1): perf/x86: Fix lockdep warning in for_each_sibling_event() on SPR Namjae Jeon (2): ksmbd: add missing compound request handing in some commands ksmbd: fix out of bounds read in smb2_sess_setup Naveen N Rao (1): powerpc: Fail build if using recordmcount with binutils v2.37 Nilesh Javali (3): scsi: qla2xxx: Array index may go out of bound scsi: qla2xxx: Avoid fcport pointer dereference scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport() Nitya Sunkad (1): ionic: remove WARN_ON to prevent panic_on_warn Oleksij Rempel (1): net: phy: dp83td510: fix kernel stall during netboot in DP83TD510E PHY driver Ondrej Zary (1): PCI/PM: Avoid putting EloPOS E2/S2/H2 PCIe Ports in D3cold Paolo Abeni (1): net: prevent skb corruption on frag list segmentation Pedro Tammela (4): net/sched: make psched_mtu() RTNL-less safe net/sched: sch_qfq: refactor parsing of netlink parameters net/sched: sch_qfq: account for stab overhead in qfq_enqueue net/sched: sch_qfq: reintroduce lmax bound check for MTU Peter Korsgaard (1): dm init: add dm-mod.waitfor to wait for asynchronously probed block devices Petr Tesarik (2): swiotlb: always set the number of areas before allocating the pool swiotlb: reduce the number of areas to match actual memory pool size Prasad Koya (1): igc: set TP bit in 'supported' and 'advertising' fields of ethtool_link_ksettings Pu Lehui (1): bpf: cpumap: Fix memory leak in cpu_map_update_elem Quinn Tran (7): scsi: qla2xxx: Multi-que support for TMF scsi: qla2xxx: Fix task management cmd failure scsi: qla2xxx: Fix task management cmd fail due to unavailable resource scsi: qla2xxx: Fix hang in task management scsi: qla2xxx: Wait for io return on terminate rport scsi: qla2xxx: Fix mem access after free scsi: qla2xxx: Fix buffer overrun Rafał Miłecki (1): net: bgmac: postpone turning IRQs off to avoid SoC hangs Randy Dunlap (3): scsi: ufs: ufs-mediatek: Add dependency for RESET_CONTROLLER wifi: airo: avoid uninitialized warning in airo_get_rate() swiotlb: mark swiotlb_memblock_alloc() as __init Ratheesh Kannoth (1): octeontx2-af: Promisc enable/disable through mbox Rick Wertenbroek (5): PCI: rockchip: Assert PCI Configuration Enable bit after probe PCI: rockchip: Write PCI Device ID to correct register PCI: rockchip: Add poll and timeout to wait for PHY PLLs to be locked PCI: rockchip: Fix legacy IRQ generation for RK3399 PCIe endpoint core PCI: rockchip: Use u32 variable to access 32-bit registers Ritesh Harjani (IBM) (1): ext2/dax: Fix ext2_setsize when len is page aligned Robin Murphy (1): PCI: Add function 1 DMA alias quirk for Marvell 88SE9235 Ross Lagerwall (1): PCI: Release resource invalidated by coalescing Sai Krishna (1): octeontx2-af: Move validation of ptp pointer before its usage Samuel Pitoiset (1): drm/amdgpu: fix clearing mappings for BOs that are always valid in VM Sathya Prakash (1): scsi: mpi3mr: Propagate sense data for admin queue SCSI I/O Shreyas Deodhar (1): scsi: qla2xxx: Pointer may be dereferenced Siddh Raman Pant (1): jfs: jfs_dmap: Validate db_l2nbperpage while mounting Sridhar Samudrala (1): ice: Fix max_rate check while configuring TX rate limits Stanislav Lisovskiy (1): drm/i915: Don't preserve dpll_hw_state for slave crtc in Bigjoiner Stephan Gerhold (1): opp: Fix use-after-free in lazy_opp_tables after probe deferral Suman Ghosh (1): octeontx2-pf: Add additional check for MCAM rules Sung-huai Wang (1): drm/amd/display: add a NULL pointer check Thomas Bogendoerfer (1): MIPS: kvm: Fix build error with KVM_MIPS_DEBUG_COP0_COUNTERS enabled Thomas Hellström (1): drm/ttm: Don't leak a resource on swapout move error Thomas Zimmermann (1): drm/client: Send hotplug event after registering a client Tvrtko Ursulin (1): drm/i915: Fix one wrong caching mode enum usage Tzvetomir Stoyanov (VMware) (1): kernel/trace: Fix cleanup logic of enable_trace_eprobe Valentin David (1): tpm: Do not remap from ACPI resources again for Pluton TPM Vlad Buslov (1): net/mlx5e: Check for NOT_READY flag state after locking Weitao Wang (3): xhci: Fix resume issue of some ZHAOXIN hosts xhci: Fix TRB prefetch issue of ZHAOXIN hosts xhci: Show ZHAOXIN xHCI root hub speed correctly Winston Wen (1): cifs: fix session state check in smb2_find_smb_ses Xin Yin (1): erofs: fix fsdax unavailability for chunk-based regular files Xiubo Li (3): ceph: add a dedicated private data for netfs rreq ceph: fix blindly expanding the readahead windows ceph: don't let check_caps skip sending responses for revoke msgs Yang Yingliang (1): NTB: ntb_transport: fix possible memory leak while device_register() fails Yuan Can (3): ntb: idt: Fix error handling in idt_pci_driver_init() NTB: amd: Fix error handling in amd_ntb_pci_driver_init() ntb: intel: Fix error handling in intel_ntb_pci_driver_init() Zhang Shurong (1): wifi: rtw89: debug: fix error code in rtw89_debug_priv_send_h2c_set() Zheng Yejian (3): tracing: Fix memory leak of iter->temp when reading trace_pipe ring-buffer: Fix deadloop issue on reading trace_pipe ftrace: Fix possible warning on checking all pages used in ftrace_process_locs() Zhengchao Shao (3): net/mlx5e: fix double free in mlx5e_destroy_flow_table net/mlx5e: fix memory leak in mlx5e_fs_tt_redirect_any_create net/mlx5e: fix memory leak in mlx5e_ptp_open Zhihao Cheng (3): ovl: let helper ovl_i_path_real() return the realinode ovl: fix null pointer dereference in ovl_get_acl_rcu() ext4: Fix reusing stale buffer heads from last failed mounting Ziyang Xuan (1): ipv6/addrconf: fix a potential refcount underflow for idev gaba (1): drm/amdgpu: avoid restore process run into dead loop. lyndonli (1): drm/amdgpu: add the fan abnormal detection feature sunliming (1): tracing/user_events: Fix incorrect return value for writing operation when events are disabled

2 years, 3 months

1
1
0 0

Linux 5.15.121

by Greg Kroah-Hartman

I'm announcing the release of the 5.15.121 kernel. All users of the 5.15 kernel series must upgrade. The updated 5.15.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.15.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/admin-guide/device-mapper/dm-init.rst | 8 Documentation/arm64/silicon-errata.rst | 4 Documentation/filesystems/autofs-mount-control.rst | 2 Documentation/filesystems/autofs.rst | 2 Documentation/filesystems/directory-locking.rst | 26 Documentation/networking/af_xdp.rst | 9 Makefile | 2 arch/arc/include/asm/linkage.h | 8 arch/arm/boot/dts/bcm53015-meraki-mr26.dts | 2 arch/arm/boot/dts/bcm53016-meraki-mr32.dts | 2 arch/arm/boot/dts/bcm5301x.dtsi | 1 arch/arm/boot/dts/iwg20d-q7-common.dtsi | 2 arch/arm/boot/dts/meson8.dtsi | 4 arch/arm/boot/dts/meson8b.dtsi | 4 arch/arm/boot/dts/omap3-gta04a5one.dts | 4 arch/arm/boot/dts/qcom-ipq4019-ap.dk04.1-c1.dts | 8 arch/arm/boot/dts/qcom-ipq4019-ap.dk04.1.dtsi | 10 arch/arm/boot/dts/qcom-ipq4019-ap.dk07.1.dtsi | 12 arch/arm/boot/dts/stm32mp15xx-dhcom-pdk2.dtsi | 11 arch/arm/boot/dts/stm32mp15xx-dhcor-avenger96.dtsi | 8 arch/arm/boot/dts/stm32mp15xx-dhcor-som.dtsi | 6 arch/arm/boot/dts/stm32mp15xx-dkx.dtsi | 2 arch/arm/include/asm/assembler.h | 17 arch/arm/include/asm/sync_bitops.h | 29 arch/arm/lib/bitops.h | 14 arch/arm/lib/testchangebit.S | 4 arch/arm/lib/testclearbit.S | 4 arch/arm/lib/testsetbit.S | 4 arch/arm/mach-ep93xx/timer-ep93xx.c | 3 arch/arm/mach-omap2/board-generic.c | 1 arch/arm/mach-orion5x/board-dt.c | 3 arch/arm/mach-orion5x/common.h | 6 arch/arm/probes/kprobes/checkers-common.c | 2 arch/arm/probes/kprobes/core.c | 2 arch/arm/probes/kprobes/opt-arm.c | 2 arch/arm/probes/kprobes/test-core.c | 2 arch/arm/probes/kprobes/test-core.h | 4 arch/arm64/Kconfig | 41 arch/arm64/boot/dts/mediatek/mt8183-kukui.dtsi | 4 arch/arm64/boot/dts/mediatek/mt8192.dtsi | 22 arch/arm64/boot/dts/microchip/sparx5.dtsi | 2 arch/arm64/boot/dts/microchip/sparx5_pcb_common.dtsi | 12 arch/arm64/boot/dts/qcom/apq8016-sbc.dts | 840 +++++++ arch/arm64/boot/dts/qcom/apq8016-sbc.dtsi | 826 ------- arch/arm64/boot/dts/qcom/apq8096-db820c.dts | 1070 +++++++++ arch/arm64/boot/dts/qcom/apq8096-db820c.dtsi | 1105 ---------- arch/arm64/boot/dts/qcom/apq8096-ifc6640.dts | 4 arch/arm64/boot/dts/qcom/msm8916-mtp.dts | 15 arch/arm64/boot/dts/qcom/msm8916-mtp.dtsi | 21 arch/arm64/boot/dts/qcom/msm8916.dtsi | 4 arch/arm64/boot/dts/qcom/msm8994.dtsi | 2 arch/arm64/boot/dts/qcom/msm8996-mtp.dts | 24 arch/arm64/boot/dts/qcom/msm8996-mtp.dtsi | 30 arch/arm64/boot/dts/qcom/msm8996.dtsi | 19 arch/arm64/boot/dts/qcom/sdm630.dtsi | 2 arch/arm64/boot/dts/qcom/sdm845.dtsi | 2 arch/arm64/boot/dts/qcom/sm8250-sony-xperia-edo.dtsi | 7 arch/arm64/boot/dts/renesas/ulcb-kf.dtsi | 3 arch/arm64/boot/dts/ti/k3-j7200-common-proc-board.dts | 28 arch/arm64/kernel/cpu_errata.c | 26 arch/arm64/tools/cpucaps | 1 arch/mips/include/asm/kvm_host.h | 6 arch/mips/kernel/cpu-probe.c | 9 arch/mips/kvm/emulate.c | 22 arch/mips/kvm/mips.c | 16 arch/mips/kvm/stats.c | 4 arch/mips/kvm/trace.h | 8 arch/mips/kvm/vz.c | 20 arch/powerpc/Kconfig.debug | 2 arch/powerpc/Makefile | 8 arch/powerpc/kernel/interrupt.c | 3 arch/powerpc/kernel/ppc_save_regs.S | 61 arch/powerpc/kernel/security.c | 37 arch/powerpc/kernel/signal_32.c | 15 arch/powerpc/mm/book3s64/radix_pgtable.c | 34 arch/powerpc/mm/init_64.c | 2 arch/powerpc/platforms/powernv/pci-sriov.c | 6 arch/powerpc/platforms/powernv/vas-window.c | 2 arch/powerpc/platforms/pseries/vas.c | 2 arch/riscv/kernel/probes/uprobes.c | 2 arch/riscv/mm/init.c | 6 arch/riscv/net/bpf_jit.h | 5 arch/riscv/net/bpf_jit_core.c | 15 arch/s390/Makefile | 1 arch/s390/kvm/diag.c | 8 arch/s390/kvm/kvm-s390.c | 4 arch/s390/kvm/vsie.c | 6 arch/sh/drivers/dma/dma-sh.c | 37 arch/sh/kernel/cpu/sh2/probe.c | 2 arch/um/Makefile | 2 arch/x86/events/amd/core.c | 2 arch/x86/events/amd/ibs.c | 53 arch/x86/include/asm/perf_event.h | 2 arch/x86/include/asm/pgtable_64.h | 4 arch/x86/kernel/cpu/resctrl/rdtgroup.c | 8 arch/xtensa/platforms/iss/network.c | 2 block/blk-iocost.c | 7 block/disk-events.c | 1 block/partitions/amiga.c | 104 drivers/base/power/domain.c | 6 drivers/bus/intel-ixp4xx-eb.c | 2 drivers/bus/ti-sysc.c | 4 drivers/char/hw_random/imx-rngc.c | 6 drivers/char/hw_random/st-rng.c | 21 drivers/char/hw_random/virtio-rng.c | 88 drivers/char/tpm/tpm_vtpm_proxy.c | 30 drivers/clk/clk-cdce925.c | 12 drivers/clk/clk-si5341.c | 38 drivers/clk/clk-versaclock5.c | 29 drivers/clk/clk.c | 1 drivers/clk/imx/clk-imx8mn.c | 8 drivers/clk/imx/clk-imx8mp.c | 24 drivers/clk/imx/clk-scu.c | 4 drivers/clk/keystone/sci-clk.c | 2 drivers/clk/qcom/camcc-sc7180.c | 19 drivers/clk/qcom/gcc-ipq6018.c | 34 drivers/clk/qcom/reset.c | 8 drivers/clk/qcom/reset.h | 2 drivers/clk/tegra/clk-tegra124-emc.c | 2 drivers/clk/ti/clkctrl.c | 7 drivers/clocksource/timer-cadence-ttc.c | 19 drivers/cpufreq/intel_pstate.c | 2 drivers/crypto/marvell/cesa/cipher.c | 2 drivers/crypto/nx/Makefile | 2 drivers/crypto/nx/nx.h | 4 drivers/crypto/qat/qat_common/adf_common_drv.h | 5 drivers/crypto/qat/qat_common/qat_algs.c | 23 drivers/crypto/qat/qat_common/qat_asym_algs.c | 53 drivers/crypto/qat/qat_common/qat_crypto.h | 5 drivers/dax/bus.c | 61 drivers/dax/dax-private.h | 4 drivers/dax/kmem.c | 2 drivers/extcon/extcon-usbc-tusb320.c | 5 drivers/extcon/extcon.c | 8 drivers/firmware/efi/libstub/efi-stub-helper.c | 7 drivers/firmware/stratix10-svc.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 28 drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v9.c | 13 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 2 drivers/gpu/drm/amd/display/dc/clk_mgr/dcn30/dcn30_clk_mgr_smu_msg.c | 3 drivers/gpu/drm/amd/display/dc/core/dc.c | 3 drivers/gpu/drm/amd/display/dmub/dmub_srv.h | 2 drivers/gpu/drm/bridge/tc358768.c | 93 drivers/gpu/drm/bridge/ti-sn65dsi86.c | 33 drivers/gpu/drm/drm_atomic.c | 11 drivers/gpu/drm/drm_atomic_helper.c | 11 drivers/gpu/drm/drm_gem_vram_helper.c | 6 drivers/gpu/drm/i915/display/intel_psr.c | 4 drivers/gpu/drm/i915/gt/intel_gtt.c | 2 drivers/gpu/drm/msm/adreno/a5xx_gpu.c | 3 drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c | 5 drivers/gpu/drm/msm/disp/dpu1/dpu_hw_catalog.c | 10 drivers/gpu/drm/msm/disp/dpu1/dpu_hw_catalog.h | 12 drivers/gpu/drm/msm/disp/dpu1/dpu_hw_intf.c | 8 drivers/gpu/drm/msm/dp/dp_display.c | 2 drivers/gpu/drm/msm/dsi/phy/dsi_phy_14nm.c | 3 drivers/gpu/drm/panel/panel-sharp-ls043t1le01.c | 11 drivers/gpu/drm/panel/panel-simple.c | 6 drivers/gpu/drm/radeon/ci_dpm.c | 28 drivers/gpu/drm/radeon/cypress_dpm.c | 8 drivers/gpu/drm/radeon/ni_dpm.c | 8 drivers/gpu/drm/radeon/rv740_dpm.c | 8 drivers/gpu/drm/rockchip/rockchip_drm_vop.c | 8 drivers/gpu/drm/sun4i/sun4i_tcon.c | 19 drivers/gpu/drm/ttm/ttm_bo.c | 1 drivers/hwmon/gsc-hwmon.c | 6 drivers/hwmon/pmbus/adm1275.c | 90 drivers/hwtracing/coresight/coresight-core.c | 9 drivers/i2c/busses/i2c-qup.c | 21 drivers/i2c/busses/i2c-xiic.c | 39 drivers/iio/accel/fxls8962af-core.c | 8 drivers/iio/adc/ad7192.c | 8 drivers/iio/adc/meson_saradc.c | 2 drivers/infiniband/hw/bnxt_re/main.c | 20 drivers/infiniband/hw/bnxt_re/qplib_fp.c | 40 drivers/infiniband/hw/bnxt_re/qplib_fp.h | 2 drivers/infiniband/hw/bnxt_re/qplib_rcfw.c | 46 drivers/infiniband/hw/bnxt_re/qplib_rcfw.h | 1 drivers/infiniband/hw/hfi1/ipoib_tx.c | 4 drivers/infiniband/hw/hfi1/mmu_rb.c | 101 drivers/infiniband/hw/hfi1/mmu_rb.h | 3 drivers/infiniband/hw/hfi1/sdma.c | 23 drivers/infiniband/hw/hfi1/sdma.h | 47 drivers/infiniband/hw/hfi1/sdma_txreq.h | 2 drivers/infiniband/hw/hfi1/user_sdma.c | 145 - drivers/infiniband/hw/hfi1/user_sdma.h | 1 drivers/infiniband/hw/hfi1/vnic_sdma.c | 4 drivers/infiniband/hw/hns/hns_roce_hem.c | 7 drivers/infiniband/hw/irdma/uk.c | 10 drivers/input/misc/adxl34x.c | 3 drivers/input/misc/drv260x.c | 1 drivers/irqchip/irq-jcore-aic.c | 7 drivers/leds/trigger/ledtrig-netdev.c | 3 drivers/mailbox/ti-msgmgr.c | 12 drivers/md/bcache/btree.c | 25 drivers/md/bcache/btree.h | 1 drivers/md/bcache/super.c | 4 drivers/md/bcache/writeback.c | 10 drivers/md/dm-init.c | 22 drivers/md/dm-integrity.c | 4 drivers/md/md-bitmap.c | 17 drivers/md/md.c | 9 drivers/md/raid0.c | 62 drivers/md/raid0.h | 1 drivers/md/raid10.c | 38 drivers/media/cec/i2c/Kconfig | 1 drivers/media/i2c/st-mipid02.c | 9 drivers/media/platform/qcom/venus/helpers.c | 4 drivers/media/usb/dvb-usb-v2/az6007.c | 3 drivers/media/usb/siano/smsusb.c | 3 drivers/memory/brcmstb_dpfe.c | 4 drivers/memstick/host/r592.c | 4 drivers/mfd/intel-lpss-acpi.c | 3 drivers/mfd/qcom-pm8008.c | 1 drivers/mfd/rt5033.c | 3 drivers/mfd/stmfx.c | 7 drivers/mfd/stmpe.c | 4 drivers/misc/fastrpc.c | 2 drivers/misc/pci_endpoint_test.c | 10 drivers/mmc/core/quirks.h | 14 drivers/mmc/host/mmci.c | 1 drivers/mmc/host/sdhci.c | 4 drivers/mtd/nand/raw/meson_nand.c | 4 drivers/net/bonding/bond_main.c | 2 drivers/net/dsa/vitesse-vsc73xx-core.c | 6 drivers/net/ethernet/amazon/ena/ena_com.c | 3 drivers/net/ethernet/broadcom/bgmac.c | 4 drivers/net/ethernet/broadcom/genet/bcmmii.c | 2 drivers/net/ethernet/broadcom/tg3.c | 1 drivers/net/ethernet/google/gve/gve_ethtool.c | 3 drivers/net/ethernet/ibm/ibmvnic.c | 9 drivers/net/ethernet/intel/igc/igc.h | 33 drivers/net/ethernet/intel/igc/igc_ethtool.c | 2 drivers/net/ethernet/intel/igc/igc_main.c | 45 drivers/net/ethernet/intel/igc/igc_ptp.c | 82 drivers/net/ethernet/marvell/mvneta.c | 4 drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 7 drivers/net/ethernet/marvell/octeontx2/af/rvu.h | 11 drivers/net/ethernet/marvell/octeontx2/af/rvu_cgx.c | 4 drivers/net/ethernet/marvell/octeontx2/nic/otx2_flows.c | 8 drivers/net/ethernet/marvell/octeontx2/nic/otx2_tc.c | 15 drivers/net/ethernet/mellanox/mlx5/core/en/ptp.c | 6 drivers/net/ethernet/mellanox/mlx5/core/en_accel/fs_tcp.c | 1 drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 6 drivers/net/ethernet/microchip/lan743x_main.c | 21 drivers/net/ethernet/pensando/ionic/ionic_lif.c | 5 drivers/net/ethernet/sfc/ef10.c | 13 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 6 drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 10 drivers/net/gtp.c | 2 drivers/net/ipvlan/ipvlan_core.c | 9 drivers/net/netdevsim/dev.c | 9 drivers/net/ppp/pptp.c | 31 drivers/net/wireguard/netlink.c | 14 drivers/net/wireguard/queueing.c | 1 drivers/net/wireguard/queueing.h | 25 drivers/net/wireguard/receive.c | 2 drivers/net/wireguard/send.c | 2 drivers/net/wireless/ath/ath9k/ar9003_hw.c | 27 drivers/net/wireless/ath/ath9k/htc_hst.c | 8 drivers/net/wireless/ath/ath9k/main.c | 11 drivers/net/wireless/ath/ath9k/wmi.c | 4 drivers/net/wireless/atmel/atmel_cs.c | 13 drivers/net/wireless/cisco/airo.c | 5 drivers/net/wireless/intel/iwlwifi/mvm/ops.c | 5 drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 9 drivers/net/wireless/intel/iwlwifi/pcie/rx.c | 12 drivers/net/wireless/intersil/orinoco/orinoco_cs.c | 13 drivers/net/wireless/intersil/orinoco/spectrum_cs.c | 13 drivers/net/wireless/marvell/mwifiex/scan.c | 6 drivers/net/wireless/microchip/wilc1000/hif.c | 8 drivers/net/wireless/ray_cs.c | 36 drivers/net/wireless/rsi/rsi_91x_sdio.c | 9 drivers/net/wireless/wl3501_cs.c | 19 drivers/ntb/hw/amd/ntb_hw_amd.c | 7 drivers/ntb/hw/idt/ntb_hw_idt.c | 7 drivers/ntb/hw/intel/ntb_hw_gen1.c | 7 drivers/ntb/ntb_transport.c | 2 drivers/ntb/test/ntb_tool.c | 2 drivers/nvme/host/pci.c | 30 drivers/nvmem/rmem.c | 1 drivers/opp/core.c | 3 drivers/pci/controller/cadence/pcie-cadence-host.c | 27 drivers/pci/controller/dwc/pcie-qcom.c | 2 drivers/pci/controller/pci-ftpci100.c | 14 drivers/pci/controller/pcie-rockchip-ep.c | 65 drivers/pci/controller/pcie-rockchip.c | 17 drivers/pci/controller/pcie-rockchip.h | 11 drivers/pci/controller/vmd.c | 8 drivers/pci/hotplug/pciehp_ctrl.c | 8 drivers/pci/pci.c | 10 drivers/pci/pcie/aspm.c | 21 drivers/pci/quirks.c | 2 drivers/perf/arm-cmn.c | 7 drivers/phy/tegra/xusb.c | 4 drivers/pinctrl/bcm/pinctrl-bcm2835.c | 6 drivers/pinctrl/intel/pinctrl-cherryview.c | 15 drivers/pinctrl/pinctrl-amd.c | 25 drivers/pinctrl/pinctrl-amd.h | 1 drivers/pinctrl/pinctrl-at91-pio4.c | 2 drivers/pinctrl/pinctrl-microchip-sgpio.c | 3 drivers/platform/x86/wmi.c | 64 drivers/powercap/Kconfig | 4 drivers/powercap/intel_rapl_msr.c | 1 drivers/pwm/pwm-ab8500.c | 2 drivers/pwm/pwm-imx-tpm.c | 7 drivers/pwm/pwm-mtk-disp.c | 13 drivers/pwm/sysfs.c | 17 drivers/regulator/core.c | 30 drivers/rtc/rtc-st-lpc.c | 2 drivers/s390/net/qeth_l3_sys.c | 2 drivers/scsi/3w-xxxx.c | 4 drivers/scsi/qedf/qedf_main.c | 3 drivers/scsi/qla2xxx/qla_attr.c | 13 drivers/scsi/qla2xxx/qla_bsg.c | 6 drivers/scsi/qla2xxx/qla_def.h | 1 drivers/scsi/qla2xxx/qla_edif.c | 4 drivers/scsi/qla2xxx/qla_init.c | 2 drivers/scsi/qla2xxx/qla_inline.h | 5 drivers/scsi/qla2xxx/qla_iocb.c | 5 drivers/scsi/qla2xxx/qla_nvme.c | 3 drivers/scsi/qla2xxx/qla_os.c | 3 drivers/soc/amlogic/meson-secure-pwrc.c | 2 drivers/soc/fsl/qe/Kconfig | 1 drivers/soundwire/qcom.c | 3 drivers/spi/spi-bcm-qspi.c | 10 drivers/spi/spi-dw-core.c | 5 drivers/spi/spi-geni-qcom.c | 2 drivers/staging/clocking-wizard/clk-xlnx-clock-wizard.c | 2 drivers/staging/media/atomisp/pci/atomisp_gmin_platform.c | 2 drivers/thermal/sun8i_thermal.c | 55 drivers/tty/serial/8250/8250.h | 1 drivers/tty/serial/8250/8250_omap.c | 25 drivers/tty/serial/8250/8250_pci.c | 19 drivers/tty/serial/8250/8250_port.c | 11 drivers/tty/serial/atmel_serial.c | 4 drivers/tty/serial/fsl_lpuart.c | 1 drivers/tty/serial/imx.c | 18 drivers/tty/serial/samsung_tty.c | 14 drivers/usb/core/devio.c | 2 drivers/usb/dwc2/platform.c | 18 drivers/usb/dwc3/dwc3-meson-g12a.c | 5 drivers/usb/dwc3/dwc3-qcom.c | 17 drivers/usb/dwc3/gadget.c | 4 drivers/usb/gadget/function/u_serial.c | 13 drivers/usb/host/xhci-mem.c | 39 drivers/usb/host/xhci-pci.c | 12 drivers/usb/host/xhci.h | 2 drivers/usb/phy/phy-tahvo.c | 2 drivers/usb/serial/option.c | 4 drivers/video/fbdev/omap/lcd_mipid.c | 6 drivers/w1/slaves/w1_therm.c | 31 drivers/w1/w1.c | 4 fs/btrfs/block-group.c | 36 fs/btrfs/ctree.c | 28 fs/btrfs/qgroup.c | 2 fs/ceph/caps.c | 9 fs/cifs/file.c | 25 fs/dlm/plock.c | 4 fs/erofs/inode.c | 5 fs/erofs/internal.h | 16 fs/erofs/super.c | 58 fs/erofs/xattr.c | 4 fs/erofs/zdata.c | 10 fs/erofs/zmap.c | 6 fs/ext4/indirect.c | 8 fs/ext4/inode.c | 10 fs/ext4/ioctl.c | 5 fs/ext4/mballoc.c | 17 fs/ext4/namei.c | 17 fs/ext4/super.c | 19 fs/f2fs/f2fs.h | 2 fs/f2fs/file.c | 2 fs/f2fs/gc.c | 21 fs/f2fs/namei.c | 16 fs/f2fs/node.c | 4 fs/fs_context.c | 3 fs/inode.c | 42 fs/internal.h | 2 fs/jffs2/build.c | 5 fs/jffs2/xattr.c | 13 fs/jffs2/xattr.h | 4 fs/jfs/jfs_dmap.c | 6 fs/jfs/jfs_filsys.h | 2 fs/kernfs/dir.c | 2 fs/ksmbd/server.c | 33 fs/ksmbd/smb2misc.c | 38 fs/ksmbd/smb2pdu.c | 44 fs/ksmbd/smb_common.c | 2 fs/namei.c | 25 fs/nfs/nfs4proc.c | 1 fs/nfsd/nfs4xdr.c | 2 fs/notify/fanotify/fanotify_user.c | 22 fs/ntfs3/index.c | 84 fs/ntfs3/inode.c | 18 fs/ntfs3/ntfs_fs.h | 4 fs/ntfs3/run.c | 7 fs/ntfs3/xattr.c | 112 - fs/overlayfs/copy_up.c | 2 fs/overlayfs/dir.c | 3 fs/overlayfs/export.c | 3 fs/overlayfs/inode.c | 10 fs/overlayfs/namei.c | 3 fs/overlayfs/overlayfs.h | 6 fs/overlayfs/super.c | 2 fs/overlayfs/util.c | 24 fs/pstore/ram_core.c | 2 fs/ramfs/inode.c | 2 include/acpi/acpi_bus.h | 3 include/crypto/internal/kpp.h | 6 include/linux/bootmem_info.h | 2 include/linux/can/length.h | 14 include/linux/netdevice.h | 9 include/linux/nmi.h | 2 include/linux/pci.h | 1 include/linux/pipe_fs_i.h | 4 include/linux/ramfs.h | 1 include/linux/serial_8250.h | 1 include/linux/workqueue.h | 15 include/net/netfilter/nf_tables.h | 5 include/net/pkt_sched.h | 2 include/net/sock.h | 1 include/trace/events/timer.h | 6 include/uapi/linux/affs_hardblocks.h | 68 include/uapi/linux/auto_dev-ioctl.h | 2 include/uapi/linux/videodev2.h | 2 io_uring/io_uring.c | 66 kernel/bpf/cgroup.c | 15 kernel/bpf/cpumap.c | 40 kernel/bpf/verifier.c | 5 kernel/kcsan/core.c | 2 kernel/kexec_core.c | 5 kernel/rcu/rcuscale.c | 212 - kernel/time/posix-timers.c | 43 kernel/trace/ftrace.c | 45 kernel/trace/ring_buffer.c | 24 kernel/trace/trace.c | 3 kernel/trace/trace_eprobe.c | 18 kernel/trace/trace_events_hist.c | 8 kernel/trace/trace_probe_tmpl.h | 14 kernel/watchdog_hld.c | 6 kernel/workqueue.c | 13 lib/test_firmware.c | 12 lib/ts_bm.c | 4 mm/damon/vaddr.c | 20 mm/shmem.c | 2 net/bridge/br_if.c | 5 net/ceph/messenger_v2.c | 41 net/core/filter.c | 131 - net/core/rtnetlink.c | 104 net/core/skbuff.c | 5 net/core/sock.c | 17 net/dsa/tag_sja1105.c | 4 net/ipv4/tcp_input.c | 12 net/ipv6/addrconf.c | 3 net/ipv6/icmp.c | 5 net/ipv6/udp.c | 2 net/netfilter/ipvs/Kconfig | 27 net/netfilter/ipvs/ip_vs_conn.c | 4 net/netfilter/nf_conntrack_helper.c | 4 net/netfilter/nf_conntrack_proto_dccp.c | 52 net/netfilter/nf_conntrack_sip.c | 2 net/netfilter/nf_tables_api.c | 158 + net/netfilter/nft_byteorder.c | 14 net/netfilter/nft_set_bitmap.c | 5 net/netfilter/nft_set_hash.c | 23 net/netfilter/nft_set_pipapo.c | 14 net/netfilter/nft_set_rbtree.c | 5 net/netlink/af_netlink.c | 5 net/netlink/diag.c | 7 net/nfc/llcp.h | 1 net/nfc/llcp_commands.c | 15 net/nfc/llcp_core.c | 49 net/nfc/llcp_sock.c | 21 net/nfc/netlink.c | 20 net/nfc/nfc.h | 1 net/sched/act_ipt.c | 27 net/sched/act_pedit.c | 1 net/sched/cls_flower.c | 10 net/sched/cls_fw.c | 10 net/sched/sch_qfq.c | 41 net/sctp/socket.c | 22 net/sunrpc/svcsock.c | 23 net/sunrpc/xprtrdma/svc_rdma_recvfrom.c | 12 net/wireless/scan.c | 213 + net/xdp/xsk.c | 5 samples/bpf/tcp_basertt_kern.c | 2 samples/ftrace/ftrace-direct-too.c | 14 scripts/Makefile.modfinal | 2 scripts/mod/modpost.c | 86 security/apparmor/policy_unpack.c | 9 security/integrity/evm/evm_crypto.c | 2 security/integrity/evm/evm_main.c | 4 security/integrity/iint.c | 15 security/integrity/ima/ima_modsig.c | 3 security/integrity/ima/ima_policy.c | 3 sound/core/jack.c | 15 sound/pci/ac97/ac97_codec.c | 4 sound/pci/hda/patch_realtek.c | 1 sound/soc/codecs/es8316.c | 23 sound/soc/fsl/imx-audmix.c | 9 sound/soc/mediatek/mt8173/mt8173-afe-pcm.c | 13 tools/bpf/bpftool/feature.c | 24 tools/lib/bpf/bpf_helpers.h | 15 tools/lib/bpf/btf_dump.c | 22 tools/perf/builtin-bench.c | 7 tools/perf/builtin-script.c | 16 tools/perf/tests/builtin-test.c | 3 tools/perf/util/dwarf-aux.c | 2 tools/testing/selftests/bpf/prog_tests/check_mtu.c | 2 tools/testing/selftests/net/mptcp/config | 1 tools/testing/selftests/net/mptcp/mptcp_sockopt.sh | 9 tools/testing/selftests/net/rtnetlink.sh | 1 tools/testing/selftests/rcutorture/configs/rcu/BUSTED-BOOST.boot | 2 tools/testing/selftests/rcutorture/configs/rcu/TREE03.boot | 2 tools/testing/selftests/vDSO/vdso_test_clock_getres.c | 4 tools/testing/selftests/wireguard/netns.sh | 30 518 files changed, 6689 insertions(+), 4479 deletions(-) Abhijeet Rastogi (1): ipvs: increase ip_vs_conn_tab_bits range for 64BIT Aditya Gupta (1): powerpc: update ppc_save_regs to save current r1 in pt_regs Alan Maguire (1): bpftool: JIT limited misreported as negative value on aarch64 Alexander Aring (1): fs: dlm: return positive pid value for F_GETLK Alexander Mikhalitsyn (1): sctp: add bpf_bypass_getsockopt proto callback Alexey Romanov (1): drivers: meson: secure-pwrc: always enable DMA domain Allen-KH Cheng (1): arm64: dts: mediatek: Add cpufreq nodes for MT8192 Amelie Delaunay (2): mfd: stmfx: Fix error path in stmfx_chip_init mfd: stmfx: Nullify stmfx->vdd in case of error Amir Goldstein (2): ovl: update of dentry revalidate flags after copy up fanotify: disallow mount/sb marks on kernel internal pseudo fs Amisha Patel (1): wifi: wilc1000: fix for absent RSN capabilities WFA testcase Andre Przywara (1): crypto: qat - replace get_current_node() with numa_node_id() Andres Freund (1): io_uring: Use io_schedule* in cqring wait Andrii Nakryiko (1): libbpf: fix offsetof() and container_of() to work with CO-RE Andy Shevchenko (6): wifi: ray_cs: Utilize strnlen() in parse_addr() wifi: ray_cs: Drop useless status variable in parse_addr() pinctrl: cherryview: Return correct value if pin in push-pull mode extcon: Fix kernel doc of property fields to avoid warnings extcon: Fix kernel doc of property capability fields to avoid warnings platform/x86: wmi: Break possible infinite loop when parsing GUID Aneesh Kumar K.V (2): powerpc/book3s64/mm: Fix DirectMap stats in /proc/meminfo powerpc/mm/dax: Fix the condition when checking if altmap vmemap can cross-boundary Anjaneyulu (1): wifi: iwlwifi: pcie: fix NULL pointer dereference in iwl_pcie_irq_rx_msix_handler() Aravindhan Gunasekaran (1): igc: Handle PPS start time programming for past time values Ard Biesheuvel (1): efi/libstub: Disable PCI DMA before grabbing the EFI memory map Arnaldo Carvalho de Melo (2): perf bench: Add missing setlocale() call to allow usage of %'d style formatting perf script: Fix allocation of evsel->priv related to per-event dump files Arnd Bergmann (11): fs: pipe: reveal missing function protoypes ARM: 9303/1: kprobes: avoid missing-declaration warnings memstick r592: make memstick_debug_get_tpc_name() static ARM: ep93xx: fix missing-prototype warnings ARM: omap2: fix missing tick_broadcast() prototype RDMA/irdma: avoid fortify-string warning in irdma_clr_wqes crypto: marvell/cesa - Fix type mismatch warning ksmbd: avoid field overflow warning usb: hide unused usbfs_notify_suspend/resume functions autofs: use flexible array in ioctl structure ARM: orion5x: fix d2net gpio initialization Arseniy Krasnov (1): mtd: rawnand: meson: fix unaligned DMA buffers handling Artur Rojek (1): sh: dma: Fix DMA channel offset calculation Aurabindo Pillai (1): drm/amd/display: Fix artifacting on eDP panels when engaging freesync video mode Baokun Li (2): ext4: turn quotas off if mount failed after enabling quotas ext4: only update i_reserved_data_blocks on successful block allocation Barnabás Pőcze (3): platform/x86: wmi: remove unnecessary argument platform/x86: wmi: use guid_t and guid_equal() platform/x86: wmi: move variables Bartosz Golaszewski (1): net: stmmac: fix double serdes powerdown Benjamin Berg (1): wifi: cfg80211: rewrite merging of inherited elements Bharath SM (1): SMB3: Do not send lease break acknowledgment if all file handles have been closed Bikash Hazarika (2): scsi: qla2xxx: Fix potential NULL pointer dereference scsi: qla2xxx: Correct the index of array Bjorn Andersson (2): arm64: dts: qcom: apq8016-sbc: Update modem and WiFi firmware path drm/msm/dp: Free resources after unregistering them Björn Töpel (1): riscv, bpf: Fix inconsistent JIT image generation Brendan Cunningham (1): IB/hfi1: Fix wrong mmu_node used for user SDMA packet after invalidate Brian Norris (2): drm/atomic: Allow vblank-enabled + self-refresh "disable" drm/rockchip: vop: Leave vblank enabled in self-refresh Cambda Zhu (1): ipvlan: Fix return value of ipvlan_queue_xmit() Chao Yu (3): f2fs: fix error path handling in truncate_dnode() f2fs: fix to avoid NULL pointer dereference f2fs_write_end_io() ext4: fix to check return value of freeze_bdev() in ext4_shutdown() Chengchang Tang (1): RDMA/hns: Fix hns_roce_table_get return value Chengfeng Ye (1): sctp: fix potential deadlock on &net->sctp.addr_wq_lock Chevron Li (1): mmc: sdhci: fix DMA configure compatibility issue when 64bit DMA mode is used. Chia-I Wu (1): amdgpu: validate offset_in_bo of drm_amdgpu_gem_va Christian Borntraeger (1): KVM: s390/diag: fix racy access of physical cpu number in diag 9c handler Christian Lamparter (1): ARM: dts: BCM5301X: fix duplex-full => full-duplex Christian Marangi (1): leds: trigger: netdev: Recheck NETDEV_LED_MODE_LINKUP on dev rename Christophe JAILLET (19): thermal/drivers/sun8i: Fix some error handling paths in sun8i_ths_probe() wifi: mwifiex: Fix the size of a memory allocation in mwifiex_ret_802_11_scan() wifi: orinoco: Fix an error handling path in spectrum_cs_probe() wifi: orinoco: Fix an error handling path in orinoco_cs_probe() wifi: atmel: Fix an error handling path in atmel_probe() wifi: wl3501_cs: Fix an error handling path in wl3501_probe() wifi: ray_cs: Fix an error handling path in ray_probe() IB/hfi1: Use bitmap_zalloc() when applicable fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe() pinctrl: bcm2835: Handle gpiochip_add_pin_range() errors usb: dwc2: Fix some error handling paths usb: dwc3: qcom: Release the correct resources in dwc3_qcom_remove() usb: dwc3: qcom: Fix an error handling path in dwc3_qcom_probe() usb: dwc3-meson-g12a: Fix an error handling path in dwc3_meson_g12a_probe() mfd: stmpe: Only disable the regulators if they are enabled rtc: st-lpc: Release some resources in st_rtc_probe() in case of error tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk firmware: stratix10-svc: Fix a potential resource leak in svc_create_memory_pool() Christophe Leroy (3): kcsan: Don't expect 64 bits atomic builtins from 32 bits architectures powerpc/interrupt: Don't read MSR from interrupt_exit_kernel_prepare() powerpc/signal32: Force inlining of __unsafe_save_user_regs() and save_tm_user_regs_unsafe() Chuck Lever (1): svcrdma: Prevent page release when nothing was received Chunhai Guo (1): erofs: avoid infinite loop in z_erofs_do_read_page() when reading beyond EOF Claudiu Beznea (11): clk: vc5: check memory returned by kasprintf() clk: cdce925: check return value of kasprintf() clk: si5341: return error if one synth clock registration fails clk: si5341: check return value of {devm_}kasprintf() clk: si5341: free unused memory on probe failure clk: keystone: sci-clk: check return value of kasprintf() clk: ti: clkctrl: check return value of kasprintf() ASoC: imx-audmix: check return value of devm_kasprintf() pinctrl: microchip-sgpio: check return value of devm_kasprintf() pinctrl: at91-pio4: check return value of devm_kasprintf() phy: tegra: xusb: check return value of devm_kzalloc() Colin Ian King (2): kselftest: vDSO: Fix accumulation of uninitialized ret when CLOCK_REALTIME is undefined powerpc/powernv/sriov: perform null check on iov before dereferencing iov Cristian Ciocaltea (2): ASoC: es8316: Increment max value for ALC Capture Target Volume control ASoC: es8316: Do not set rate constraints for unsupported MCLKs Dai Ngo (1): NFSD: add encoding of op_recall flag for write delegation Damian Muszynski (1): crypto: qat - use reference to structure in dma_map_single() Damien Le Moal (3): PCI: rockchip: Set address alignment for endpoint mode misc: pci_endpoint_test: Free IRQs before removing the device misc: pci_endpoint_test: Re-init completion for every test Dan Carpenter (9): clk: imx: scu: use _safe list iterator to avoid a use after free clk: clocking-wizard: Fix Oops in clk_wzrd_register_divider() modpost: fix off by one in is_executable_section() w1: fix loop in w1_fini() media: atomisp: gmin_platform: fix out_len in gmin_get_config_dsm_var() pwm: ab8500: Fix error code in probe() scsi: qla2xxx: Fix error code in qla2x00_start_sp() netdevsim: fix uninitialized data in nsim_dev_trap_fa_cookie_write() serial: atmel: don't enable IRQs prematurely Dan Williams (2): dax: Fix dax_mapping_release() use after free dax: Introduce alloc_dev_dax_id() Daniel Scally (1): media: i2c: Correct format propagation for st-mipid02 Daniel Vetter (1): drm/atomic: Fix potential use-after-free in nonblocking commits Daniil Dulov (2): drm/amdkfd: Fix potential deallocation of previously deallocated memory. media: usb: Check az6007_read() return value Danila Chernetsov (1): apparmor: fix missing error check for rhashtable_insert_fast Dario Binacchi (1): drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H Davide Tronchin (1): USB: serial: option: add LARA-R6 01B PIDs Demi Marie Obenour (1): block: increment diskseq on all media change events Ding Hui (2): PCI/ASPM: Disable ASPM on MFD function removal to avoid use-after-free SUNRPC: Fix UAF in svc_tcp_listen_data_ready() Dmitry Antipov (1): wifi: ath9k: convert msecs to jiffies where needed Dmitry Baryshkov (6): drm/panel: sharp-ls043t1le01: adjust mode settings drm/msm/dsi: don't allow enabling 14nm VCO with unprogrammed rate arm64: dts: qcom: apq8016-sbc: fix mpps state names drm/msm/a5xx: really check for A510 in a5xx_gpu_init drm/msm/dpu: do not enable color-management if DSPPs are not available drm/msm/dpu: correct MERGE_3D length Douglas Anderson (4): watchdog/perf: define dummy watchdog_update_hrtimer_threshold() on correct config watchdog/perf: more properly prevent false positives with turbo modes arm64: dts: mediatek: mt8183: Add mediatek,broken-save-restore-fw to kukui drm/bridge: ti-sn65dsi86: Fix auxiliary bus lifetime Duoming Zhou (1): media: usb: siano: Fix warning due to null work_func_t function pointer EJ Hsu (1): phy: tegra: xusb: Clear the driver reference in usb-phy dev Edward Cree (1): sfc: fix crash when reading stats while NIC is resetting Edwin Peer (1): rtnetlink: extend RTEXT_FILTER_SKIP_STATS to IFLA_VF_INFO Ekansh Gupta (1): misc: fastrpc: Create fastrpc scalar with correct buffer count Emmanuel Grumbach (1): iwlwifi: don't dump_stack() when we get an unexpected interrupt Eric Dumazet (5): netlink: fix potential deadlock in netlink_set_err() netlink: do not hard code device address lenth in fdb dumps bonding: do not assume skb mac_header is set tcp: annotate data races in __tcp_oow_rate_limited() udp6: fix udp6_ehashfn() typo Fabian Frederick (1): jffs2: reduce stack usage in jffs2_build_xattr_subsystem() Fabio Estevam (1): drm/panel: simple: Add connector_type for innolux_at043tn24 Fabrizio Lamarque (2): iio: adc: ad7192: Fix null ad7192_state pointer access iio: adc: ad7192: Fix internal/external clock selection Fancy Fang (1): pwm: imx-tpm: force 'real_period' to be zero in suspend Fedor Pchelkin (2): wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes Fei Shao (1): clk: Fix memory leak in devm_clk_notifier_register() Feng Mingxi (1): clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe Filipe Manana (4): btrfs: do not BUG_ON() on tree mod log failure at balance_level() btrfs: fix race when deleting quota root from the dirty cow roots list btrfs: fix extent buffer leak after tree mod log failure at split_node() btrfs: do not BUG_ON() on tree mod log failure at __btrfs_cow_block() Florent Revest (2): netfilter: conntrack: Avoid nf_ct_helper_hash uses after free samples: ftrace: Save required argument registers in sample trampolines Florian Fainelli (1): net: bcmgenet: Ensure MDIO unregistration has clocks enabled Florian Kauer (2): igc: Fix launchtime before start of cycle igc: Fix inserting of empty frame for launchtime Florian Westphal (2): netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one net/sched: act_ipt: add sanity checks on table name and hook locations Francesco Dolcini (9): drm/bridge: tc358768: always enable HS video mode drm/bridge: tc358768: fix PLL parameters computation drm/bridge: tc358768: fix PLL target frequency drm/bridge: tc358768: fix TCLK_ZEROCNT computation drm/bridge: tc358768: Add atomic_get_input_bus_fmts() implementation drm/bridge: tc358768: fix TCLK_TRAILCNT computation drm/bridge: tc358768: fix THS_ZEROCNT computation drm/bridge: tc358768: fix TXTAGOCNT computation drm/bridge: tc358768: fix THS_TRAILCNT computation Gao Xiang (2): erofs: decouple basic mount options from fs_context erofs: fix compact 4B support for 16k block size Geert Uytterhoeven (3): regulator: core: Fix more error checking for debugfs_create_dir() regulator: core: Streamline debugfs operations ARM: dts: iwg20d-q7-common: Fix backlight pwm specifier George Stark (1): meson saradc: fix clock divider mask length Gilad Sever (3): bpf: Factor out socket lookup functions for the TC hookpoint. bpf: Call __bpf_sk_lookup()/__bpf_skc_lookup() directly via TC hookpoint bpf: Fix bpf socket lookup from tc/xdp to respect socket VRF bindings Giovanni Cabiddu (1): crypto: qat - honor CRYPTO_TFM_REQ_MAY_SLEEP flag Greg Kroah-Hartman (2): Revert "usb: common: usb-conn-gpio: Set last role to unknown before initial detection" Linux 5.15.121 Guenter Roeck (1): hwmon: (pmbus/adm1275) Fix problems with temperature monitoring on ADM1272 Guillaume Nault (1): pptp: Fix fib lookup calls. Hao Luo (1): clk: imx: clk-imx8mn: fix memory leak in imx8mn_clocks_probe Hareshx Sankar Raj (2): crypto: qat - unmap buffer before free for DH crypto: qat - unmap buffers before free for RSA Hariprasad Kelam (3): octeontx2-af: Fix mapping for NIX block from CGX connection octeontx2-af: Add validation before accessing cgx and lmac octeontx-af: fix hardware timestamp configuration Heiko Carstens (1): s390/decompressor: fix misaligned symbol build error Herbert Xu (3): hwrng: virtio - Fix race on data_avail and actual data crypto: kpp - Add helper to set reqsize crypto: qat - Use helper to set reqsize Huacai Chen (2): MIPS: Loongson: Fix cpu_probe_loongson() again MIPS: KVM: Fix NULL pointer dereference Ido Schimmel (1): net/sched: flower: Ensure both minimum and maximum ports are specified Ilia.Gavrilov (1): netfilter: nf_conntrack_sip: fix the ct_sip_parse_numerical_param() return value. Ilya Dryomov (1): libceph: harden msgr2.1 frame segment length checks Ilya Maximets (1): xsk: Honor SO_BINDTODEVICE on bind Jakub Kicinski (1): wl3501_cs: use eth_hw_addr_set() James Clark (1): coresight: Fix loss of connection info when a module is unloaded Jan Kara (5): ext4: Remove ext4 locking of moved directory Revert "f2fs: fix potential corruption when moving a directory" fs: Establish locking order for unrelated directories fs: Lock moved directories fs: no need to check source Jarkko Sakkinen (1): tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation Jason A. Donenfeld (2): wireguard: queueing: use saner cpu selection wrapping wireguard: netlink: send staged packets when setting initial private key Jason Baron (1): md/raid0: add discard support for the 'original' layout Jens Axboe (3): io_uring: ensure IOPOLL locks around deferred work io_uring: wait interruptibly for request completions on exit io_uring: add reschedule point to handle_tw_list() Jeremy Sowden (1): lib/ts_bm: reset initial match offset for every block of text Jesper Dangaard Brouer (2): igc: Enable and fix RX hash usage by netstack selftests/bpf: Fix check_mtu using wrong variable type Jiaqing Zhao (1): Revert "8250: add support for ASIX devices with a FIFO bug" Jiasheng Jiang (3): pstore/ram: Add check for kstrdup mfd: intel-lpss: Add missing check for platform_get_resource NTB: ntb_tool: Add check for devm_kcalloc Jinhong Zhu (1): scsi: qedf: Fix NULL dereference in error handling Jisheng Zhang (1): riscv: mm: fix truncation warning on RV32 Johan Hovold (1): mfd: pm8008: Fix module autoloading Johannes Berg (2): wifi: iwlwifi: pull from TXQs with softirqs disabled wifi: iwlwifi: mvm: indicate HW decrypt for beacon protection John Ogness (2): serial: 8250: lock port for stop_rx() in omap8250_irq() serial: 8250: lock port for UART_IER access in omap8250_irq() John Paul Adrian Glaubitz (2): irqchip/jcore-aic: Fix missing allocation of IRQ descriptors sh: j2: Use ioremap() to translate device tree address into kernel memory Jonas Gorski (2): spi: bcm-qspi: return error if neither hif_mspi nor mspi is available bus: ixp4xx: fix IXP4XX_EXP_T1_MASK Jouni Högander (1): drm/i915/psr: Use hw.adjusted mode when calculating io/fast wake times Joy Chakraborty (1): spi: dw: Round of n_bytes to power of 2 Juergen Gross (1): x86/mm: Fix __swp_entry_to_pte() for Xen PV guests Junfeng Guo (1): gve: Set default duplex configuration to full Junyan Ye (1): PCI: ftpci100: Release the clock resources Kalesh AP (4): RDMA/bnxt_re: Fix to remove unnecessary return labels RDMA/bnxt_re: Use unique names while registering interrupts RDMA/bnxt_re: Remove a redundant check inside bnxt_re_update_gid RDMA/bnxt_re: Fix to remove an unnecessary log Kashyap Desai (2): RDMA/bnxt_re: wraparound mbox producer index RDMA/bnxt_re: Avoid calling wake_up threads from spin_lock context Keerthy (1): arm64: dts: ti: k3-j7200: Fix physical address of pin Kees Cook (1): um: Use HOST_DIR for mrproper Keith Busch (1): nvme-pci: remove nvme_queue from nvme_iod Kemeng Shi (3): ext4: fix wrong unit use in ext4_mb_clear_bb ext4: get block from bh in ext4_free_blocks for fast commit replay ext4: fix wrong unit use in ext4_mb_new_blocks Kiran K (1): ACPI: utils: Fix acpi_evaluate_dsm_typed() redefinition error Klaus Kudielka (1): net: mvneta: fix txq_map in case of txq_number==1 Konrad Dybcio (1): drm/msm/dpu: Set DPU_DATA_HCTL_EN for in INTF_SC7180_MASK Konstantin Komarov (1): fs/ntfs3: Check fields while reading Kornel Dulęba (1): pinctrl: amd: Detect and mask spurious interrupts Krishna Kurapati (1): usb: dwc3: gadget: Propagate core init errors to UDC during pullup Krister Johansen (1): net: ena: fix shift-out-of-bounds in exponential backoff Krzysztof Kozlowski (11): nfc: llcp: fix possible use of uninitialized variable in nfc_llcp_send_connect() nfc: llcp: simplify llcp_sock_connect() error paths arm64: dts: qcom: msm8916: correct camss unit address arm64: dts: qcom: msm8994: correct SPMI unit address arm64: dts: qcom: msm8996: correct camss unit address arm64: dts: qcom: sdm630: correct camss unit address arm64: dts: qcom: sdm845: correct camss unit address arm64: dts: qcom: apq8096: fix fixed regulator name property memory: brcmstb_dpfe: fix testing array offset after use ARM: dts: qcom: ipq4019: fix broken NAND controller properties override soundwire: qcom: fix storing port config out-of-bounds Kumar Kartikeya Dwivedi (1): bpf: Fix max stack depth check for async callbacks Kuniyuki Iwashima (3): gtp: Fix use-after-free in __gtp_encap_destroy(). netlink: Add __sock_i_ino() for __netlink_diag_dump(). icmp6: Fix null-ptr-deref of ip6_null_entry->rt6i_idev in icmp6_dev(). Laurent Vivier (4): hwrng: virtio - add an internal buffer hwrng: virtio - don't wait on cleanup hwrng: virtio - don't waste entropy hwrng: virtio - always add a pending request Li Nan (7): blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost md/raid10: check slab-out-of-bounds in md_bitmap_get_counter md/raid10: fix overflow of md/safe_mode_delay md/raid10: fix wrong setting of max_corr_read_errors md/raid10: fix null-ptr-deref of mreplace in raid10_sync_request md/raid10: fix io loss while replacement replace rdev md/raid10: fix the condition to call bio_end_io_acct() Li Yang (1): usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe() Li Zhijian (1): rcuscale: Always log error message Lin Ma (2): net: nfc: Fix use-after-free caused by nfc_llcp_find_local net/sched: act_pedit: Add size check for TCA_PEDIT_PARMS_EX Linus Torvalds (1): workqueue: clean up WORK_* constant types, clarify masking Liu Shixin (1): bootmem: remove the vmemmap pages from kmemleak in free_bootmem_page Luc Ma (1): drm/vram-helper: fix function names in vram helper doc Luca Weiss (1): Input: drv260x - sleep between polling GO bit M A Ramdhan (1): net/sched: cls_fw: Fix improper refcount update leads to use-after-free Manish Rangankar (1): scsi: qla2xxx: Remove unused nvme_ls_waitq wait queue Manivannan Sadhasivam (1): PCI: qcom: Disable write access to read only registers for IP v2.3.3 Mantas Pucka (1): clk: qcom: gcc-ipq6018: Use floor ops for sdcc clocks Marek Vasut (10): wifi: rsi: Do not configure WoWlan in shutdown hook if not enabled wifi: rsi: Do not set MMC_PM_KEEP_POWER in shutdown Input: adxl34x - do not hardcode interrupt trigger type ARM: dts: stm32: Move ethernet MAC EEPROM from SoM to carrier boards ARM: dts: stm32: Shorten the AV96 HDMI sound card name ARM: dts: stm32: Fix audio routing on STM32MP15xx DHCOM PDK2 media: videodev2.h: Fix struct v4l2_input tuner index comment pwm: sysfs: Do not apply state to already disabled PWMs i2c: xiic: Defer xiic_wakeup() and __xiic_start_xfer() in xiic_process() drm/panel: simple: Add Powertip PH800480T013 drm_display_mode flags Marijn Suijten (1): arm64: dts: qcom: sm8250-edo: Panel framebuffer is 2.5k instead of 4k Mario Limonciello (4): pinctrl: amd: Fix mistake in handling clearing pins at startup pinctrl: amd: Detect internal GPIO0 debounce handling pinctrl: amd: Only use special debounce behavior for GPIO 0 drm/amd/display: Correct `DMUB_FW_VERSION` macro Mark Rutland (1): locking/atomic: arm: fix sync ops Martin Blumenstingl (1): ARM: dts: meson8: correct uart_B and uart_C clock references Martin Fuzzey (1): tty: serial: imx: fix rs485 rx after tx Martin KaFai Lau (1): libbpf: btf_dump_type_data_check_overflow needs to consider BTF_MEMBER_BITFIELD_SIZE Martin Kaiser (2): hwrng: st - keep clock enabled while hwrng is registered hwrng: imx-rngc - fix the timeout for init and self check Masahiro Yamada (4): modpost: remove broken calculation of exception_table_entry size modpost: fix section mismatch message for R_ARM_ABS32 modpost: fix section mismatch message for R_ARM_{PC24,CALL,JUMP24} ARC: define ASM_NL and __ALIGN(_STR) outside #ifdef __ASSEMBLY__ guard Masami Hiramatsu (Google) (2): tracing/probes: Fix not to count error code to total length tracing/probes: Fix to update dynamic data counter if fetcharg uses it Mateusz Stachyra (1): tracing: Fix null pointer dereference in tracing_err_log_open() Matt Corallo (1): btrfs: add handling for RAID1C23/DUP to btrfs_reduce_alloc_profile Matthieu Baerts (2): selftests: mptcp: sockopt: return error if wrong mark selftests: mptcp: depend on SYN_COOKIES Max Filippov (1): xtensa: ISS: fix call to split_if_spec Maxim Kochetkov (1): net: axienet: Move reset before 64-bit DMA detection Michael Ellerman (1): powerpc/security: Fix Speculation_Store_Bypass reporting on Power10 Michael Schmitz (4): block: fix signed int overflow in Amiga partition support block: add overflow checks for Amiga partition support block: change all __u32 annotations to __be32 in affs_hardblocks.h block/partition: fix signedness issue for Amiga partitions Mikulas Patocka (1): dm integrity: reduce vmalloc space footprint on 32-bit architectures Ming Lei (1): nvme-pci: fix DMA direction of unmapping integrity data Mingzhe Zou (1): bcache: fixup btree_cache_wait list damage Mirsad Goran Todorovac (1): test_firmware: return ENOMEM instead of ENOSPC on failed memory allocation Mohamed Khalfella (1): tracing/histograms: Add histograms to hist_vars if they have referenced variables Moritz Fischer (1): net: lan743x: Don't sleep in atomic context Muchun Song (1): kernfs: fix missing kernfs_idr_lock to remove an ID from the IDR Muhammad Husaini Zulkifli (1): igc: Remove delay during TX ring configuration Namhyung Kim (1): perf dwarf-aux: Fix off-by-one in die_get_varname() Namjae Jeon (3): ksmbd: validate command payload size ksmbd: fix out-of-bound read in smb2_write ksmbd: validate session id and tree id in the compound request Naohiro Aota (3): btrfs: delete unused BGs while reclaiming BGs btrfs: bail out reclaim process if filesystem is read-only btrfs: reinsert BGs failed to reclaim Naveen N Rao (1): powerpc: Fail build if using recordmcount with binutils v2.37 Nicholas Kazlauskas (1): drm/amd/display: Explicitly specify update type per plane info change Nicholas Piggin (2): powerpc/64s: Fix VAS mm use after free powerpc: simplify ppc_save_regs Nick Child (1): ibmvnic: Do not reset dql stats on NON_FATAL err Nico Boehr (1): KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes Nikita Zhandarovich (3): PM: domains: fix integer overflow issues in genpd_parse_state() radeon: avoid double free in ci_dpm_init() drm/radeon: fix possible division-by-zero errors Nilesh Javali (3): scsi: qla2xxx: Array index may go out of bound scsi: qla2xxx: Avoid fcport pointer dereference scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport() Nirmal Patel (1): PCI: vmd: Reset VMD config register between soft reboots Nishanth Menon (1): mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0 Nitya Sunkad (1): ionic: remove WARN_ON to prevent panic_on_warn Nícolas F. R. A. Prado (1): arm64: dts: mediatek: mt8192: Fix CPUs capacity-dmips-mhz Olga Kornievskaia (1): NFSv4.1: freeze the session table upon receiving NFS4ERR_BADSESSION Olivier Moysan (1): ARM: dts: stm32: fix i2s endpoint format property for stm32mp15xx-dkx Ondrej Zary (1): PCI/PM: Avoid putting EloPOS E2/S2/H2 PCIe Ports in D3cold Pablo Neira Ayuso (2): netfilter: nf_tables: drop map element references from preparation phase netfilter: nf_tables: unbind non-anonymous set if rule construction fails Paolo Abeni (1): net: prevent skb corruption on frag list segmentation Paul E. McKenney (2): rcutorture: Correct name of use_softirq module parameter rcuscale: Move shutdown from wait_event() to wait_event_idle() Pawel Dembicki (1): net: dsa: vsc73xx: fix MTU configuration Pedro Tammela (4): net/sched: make psched_mtu() RTNL-less safe net/sched: sch_qfq: refactor parsing of netlink parameters net/sched: sch_qfq: account for stab overhead in qfq_enqueue net/sched: sch_qfq: reintroduce lmax bound check for MTU Pengcheng Yang (1): samples/bpf: Fix buffer overflow in tcp_basertt Peter Korsgaard (1): dm init: add dm-mod.waitfor to wait for asynchronously probed block devices Peter Seiderer (1): wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation Phil Elwell (1): nvmem: rmem: Use NVMEM_DEVID_AUTO Pierre Morel (1): KVM: s390: vsie: fix the length of APCB bitmap Potin Lai (1): hwmon: (adm1275) Allow setting sample averaging Prasad Koya (1): igc: set TP bit in 'supported' and 'advertising' fields of ethtool_link_ksettings Prashanth K (2): usb: gadget: u_serial: Add null pointer check in gserial_suspend usb: common: usb-conn-gpio: Set last role to unknown before initial detection Pu Lehui (2): bpf, riscv: Support riscv jit to provide bpf_line_info bpf: cpumap: Fix memory leak in cpu_map_update_elem Qiuxu Zhuo (2): rcu/rcuscale: Move rcu_scale_*() after kfree_scale_cleanup() rcu/rcuscale: Stop kfree_scale_thread thread(s) after unloading rcuscale Quinn Tran (2): scsi: qla2xxx: Wait for io return on terminate rport scsi: qla2xxx: Fix buffer overrun Rafał Miłecki (2): ARM: dts: BCM5301X: Drop "clock-names" from the SPI node net: bgmac: postpone turning IRQs off to avoid SoC hangs Ralph Boehme (1): ksmbd: use ksmbd_req_buf_next() in ksmbd_smb2_check_message() Randy Dunlap (5): soc/fsl/qe: fix usb.c build errors crypto: nx - fix build warnings when DEBUG_FS is not enabled media: cec: i2c: ch7322: also select REGMAP powerpc: allow PPC_EARLY_DEBUG_CPM only when SERIAL_CPM=y wifi: airo: avoid uninitialized warning in airo_get_rate() Ravi Bangoria (1): perf/ibs: Fix interface via core pmu events Remi Pommarel (1): wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key() Ricardo Ribalda Delgado (2): ASoC: mediatek: mt8173: Fix irq error path ASoC: mediatek: mt8173: Fix snd_soc_component_initialize error path Rick Wertenbroek (5): PCI: rockchip: Assert PCI Configuration Enable bit after probe PCI: rockchip: Write PCI Device ID to correct register PCI: rockchip: Add poll and timeout to wait for PHY PLLs to be locked PCI: rockchip: Fix legacy IRQ generation for RK3399 PCIe endpoint core PCI: rockchip: Use u32 variable to access 32-bit registers Rikard Falkeborn (1): media: venus: helpers: Fix ALIGN() of non power of two Robert Hancock (1): i2c: xiic: Don't try to handle more interrupt events after error Robert Marko (5): arm64: dts: microchip: sparx5: do not use PSCI on reference boards clk: qcom: reset: support resetting multiple bits clk: qcom: ipq6018: fix networking resets mmc: core: disable TRIM on Kingston EMMC04G-M627 mmc: core: disable TRIM on Micron MTFC4GACAJCN-1M Roberto Sassu (4): evm: Complete description of evm_inode_setattr() evm: Fix build warnings ima: Fix build warnings shmem: use ramfs_kill_sb() for kill_sb method of ramfs-based tmpfs Robin Murphy (2): perf/arm-cmn: Fix DTC reset PCI: Add function 1 DMA alias quirk for Marvell 88SE9235 Rongguang Wei (1): PCI: pciehp: Cancel bringup sequence if card is not present Ryan Roberts (1): mm/damon/ops-common: atomically test and clear young on ptes and pmds Sabrina Dubroca (1): selftests: rtnetlink: remove netdevsim device after ipsec offload test Sami Tolvanen (1): kbuild: Disable GCOV for *.mod.o Samuel Pitoiset (1): drm/amdgpu: fix clearing mappings for BOs that are always valid in VM Sean Nyekjaer (2): iio: accel: fxls8962af: errata bug only applicable for FXLS8962AF iio: accel: fxls8962af: fixup buffer scan element type Sebastian Andrzej Siewior (1): tracing/timer: Add missing hrtimer modes to decode_hrtimer_mode(). Selvin Xavier (1): RDMA/bnxt_re: Disable/kill tasklet only if it is enabled Shawn Wang (1): x86/resctrl: Only show tasks' pid in current pid namespace Sherry Sun (1): tty: serial: fsl_lpuart: add earlycon for imx8ulp platform Shreyas Deodhar (1): scsi: qla2xxx: Pointer may be dereferenced Shuai Jiang (1): i2c: qup: Add missing unwind goto in qup_i2c_probe() Shuijing Li (1): pwm: mtk_disp: Fix the disable flow of disp_pwm Siddh Raman Pant (1): jfs: jfs_dmap: Validate db_l2nbperpage while mounting Siddharth Vadapalli (1): PCI: cadence: Fix Gen2 Link Retraining process Sohaib Mohamed (1): perf bench: Use unbuffered output when pipe/tee'ing to a file Stanislav Fomichev (1): bpf: Don't EFAULT for {g,s}setsockopt with wrong optlen Stefan Wahren (1): w1: w1_therm: fix locking behavior in convert_t Stephan Gerhold (7): arm64: dts: qcom: apq8016-sbc: Clarify firmware-names arm64: dts: qcom: Drop unneeded extra device-specific includes arm64: dts: qcom: apq8016-sbc: Fix regulator constraints arm64: dts: qcom: apq8016-sbc: Fix 1.8V power rail on LS expansion clk: qcom: reset: Allow specifying custom reset delay mfd: rt5033: Drop rt5033-battery sub-device opp: Fix use-after-free in lazy_opp_tables after probe deferral Su Hui (1): ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer Sui Jingfeng (1): PCI: Add pci_clear_master() stub for non-CONFIG_PCI Suman Ghosh (1): octeontx2-pf: Add additional check for MCAM rules Suzuki K Poulose (1): arm64: errata: Add detection for TRBE overwrite in FILL mode Takashi Iwai (1): ALSA: jack: Fix mutex call in snd_jack_report() Taniya Das (1): clk: qcom: camcc-sc7180: Add parent dependency to all camera GDSCs Tarun Sahu (1): dax/kmem: Pass valid argument to memory_group_register_static Tero Kristo (1): cpufreq: intel_pstate: Fix energy_performance_preference for passive Thadeu Lima de Souza Cascardo (2): netfilter: nf_tables: do not ignore genmask when looking up chain by id netfilter: nf_tables: prevent OOB access in nft_byteorder_eval Thomas Bogendoerfer (1): MIPS: kvm: Fix build error with KVM_MIPS_DEBUG_COP0_COUNTERS enabled Thomas Gleixner (1): posix-timers: Prevent RT livelock in itimer_delete() Thomas Hellström (1): drm/ttm: Don't leak a resource on swapout move error Thomas Weißschuh (1): fs: avoid empty option when generating legacy mount string Thorsten Winkler (1): s390/qeth: Fix vipa deletion Tianjia Zhang (1): integrity: Fix possible multiple allocation in integrity_inode_get() Tiezhu Yang (1): riscv: uprobes: Restore thread.bad_cause Tim Harvey (1): hwmon: (gsc-hwmon) fix fan pwm temperature scaling Tobias Heider (1): Add MODULE_FIRMWARE() for FIRMWARE_TG357766. Tobias Klauser (1): bpf: Omit superfluous address family check in __bpf_skc_lookup Tony Lindgren (4): bus: ti-sysc: Fix dispc quirk masking bool variables ARM: dts: gta04: Move model property out of pinctrl node serial: 8250: omap: Fix freeing of resources on failed register serial: 8250_omap: Use force_suspend and resume for system suspend Tvrtko Ursulin (1): drm/i915: Fix one wrong caching mode enum usage Tzvetomir Stoyanov (VMware) (1): kernel/trace: Fix cleanup logic of enable_trace_eprobe Ulf Hansson (1): mmc: mmci: Set PROBE_PREFER_ASYNCHRONOUS Uwe Kleine-König (2): usb: dwc2: platform: Improve error reporting for problems during .remove() extcon: usbc-tusb320: Convert to i2c's .probe_new() Vijaya Krishna Nivarthi (1): spi: spi-geni-qcom: Correct CS_TOGGLE bit in SPI_TRANS_CFG Vincent Mailhol (1): can: length: fix bitstuffing count Vinicius Costa Gomes (1): igc: Fix race condition in PTP tx code Vinod Polimera (1): drm/msm/disp/dpu: get timing engine status from intf status register Vlad Buslov (1): net/mlx5e: Check for NOT_READY flag state after locking Vladimir Oltean (2): net: bridge: keep ports without IFF_UNICAST_FLT in BR_PROMISC mode net: dsa: tag_sja1105: fix MAC DA patching from meta frames Vladislav Efanov (1): usb: dwc3: qcom: Fix potential memory leak Weitao Wang (3): xhci: Fix resume issue of some ZHAOXIN hosts xhci: Fix TRB prefetch issue of ZHAOXIN hosts xhci: Show ZHAOXIN xHCI root hub speed correctly Werner Sembach (1): ALSA: hda/realtek: Add quirk for Clevo NPx0SNx Wesley Chalmers (1): drm/amd/display: Add logging for display MALL refresh setting Wolfram Sang (1): arm64: dts: renesas: ulcb-kf: Remove flow control for SCIF1 Woody Zhang (1): riscv: move memblock_allow_resize() after linear mapping is ready Xin Yin (1): erofs: fix fsdax unavailability for chunk-based regular files Xiubo Li (1): ceph: don't let check_caps skip sending responses for revoke msgs XuDong Liu (1): drm: sun4i_tcon: use devm_clk_get_enabled in `sun4i_tcon_init_clocks` Yang Yingliang (1): NTB: ntb_transport: fix possible memory leak while device_register() fails Yassine Oudjana (1): arm64: dts: qcom: db820c: Move blsp1_uart2 pin states to msm8996.dtsi Yuan Can (4): clk: tegra: tegra124-emc: Fix potential memory leak ntb: idt: Fix error handling in idt_pci_driver_init() NTB: amd: Fix error handling in amd_ntb_pci_driver_init() ntb: intel: Fix error handling in intel_ntb_pci_driver_init() Yuchen Yang (1): scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() Yuxing Liu (1): clk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe() Zeng Heng (1): ntfs: Fix panic about slab-out-of-bounds caused by ntfs_listxattr() Zhang Rui (1): powercap: RAPL: Fix CONFIG_IOSF_MBI dependency Zhen Lei (1): kexec: fix a memory leak in crash_shrink_memory() Zheng Wang (2): bcache: Remove unnecessary NULL point check in node allocations bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent Zheng Yejian (3): tracing: Fix memory leak of iter->temp when reading trace_pipe ring-buffer: Fix deadloop issue on reading trace_pipe ftrace: Fix possible warning on checking all pages used in ftrace_process_locs() Zhengchao Shao (2): net/mlx5e: fix double free in mlx5e_destroy_flow_table net/mlx5e: fix memory leak in mlx5e_ptp_open Zhihao Cheng (2): ovl: fix null pointer dereference in ovl_get_acl_rcu() ext4: Fix reusing stale buffer heads from last failed mounting Ziyang Xuan (1): ipv6/addrconf: fix a potential refcount underflow for idev gaba (1): drm/amdgpu: avoid restore process run into dead loop. hfdevel(a)gmx.net (1): ARM: dts: meson8b: correct uart_B and uart_C clock references

2 years, 3 months

1
1
0 0

FAILED: patch "[PATCH] ALSA: hda/realtek - remove 3k pull low procedure" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 69ea4c9d02b7947cdd612335a61cc1a02e544ccd # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023072308-sandbox-blemish-85a3@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 69ea4c9d02b7 ("ALSA: hda/realtek - remove 3k pull low procedure") f30741cded62 ("ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020") 5aec98913095 ("ALSA: hda/realtek - ALC236 headset MIC recording issue") 92666d45adcf ("ALSA: hda/realtek - Fixed Dell AIO wrong sound tone") 9e885770277d ("ALSA: hda/realtek - HP Headset Mic can't detect after boot") a0ccbc5319d5 ("ALSA: hda/realtek - Add supported mute Led for HP") 446b8185f0c3 ("ALSA: hda/realtek - Add supported for Lenovo ThinkPad Headset Button") ef9ce66fab95 ("ALSA: hda/realtek - Enable headphone for ASUS TM420") 8a8de09cb2ad ("ALSA: hda/realtek - Fixed HP headset Mic can't be detected") 08befca40026 ("ALSA: hda/realtek - Add mute Led support for HP Elitebook 845 G7") 13468bfa8c58 ("ALSA: hda/realtek - set mic to auto detect on a HP AIO machine") 3f7424905782 ("ALSA: hda/realtek - Couldn't detect Mic if booting with headset plugged") fc19d559b0d3 ("ALSA: hda/realtek - The Mic on a RedmiBook doesn't work") 23dc95868944 ("ALSA: hda/realtek: Add model alc298-samsung-headphone") e2d2fded6bdf ("ALSA: hda/realtek: Fix pin default on Intel NUC 8 Rugged") 3b5d1afd1f13 ("Merge branch 'for-next' into for-linus") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 69ea4c9d02b7947cdd612335a61cc1a02e544ccd Mon Sep 17 00:00:00 2001 From: Kailang Yang <kailang(a)realtek.com> Date: Thu, 13 Jul 2023 15:57:13 +0800 Subject: [PATCH] ALSA: hda/realtek - remove 3k pull low procedure This was the ALC283 depop procedure. Maybe this procedure wasn't suitable with new codec. So, let us remove it. But HP 15z-fc000 must do 3k pull low. If it reboot with plugged headset, it will have errors show don't find codec error messages. Run 3k pull low will solve issues. So, let AMD chipset will run this for workarround. Fixes: 5aec98913095 ("ALSA: hda/realtek - ALC236 headset MIC recording issue") Signed-off-by: Kailang Yang <kailang(a)realtek.com> Cc: <stable(a)vger.kernel.org> Reported-by: Joseph C. Sible <josephcsible(a)gmail.com> Closes: https://lore.kernel.org/r/CABpewhE4REgn9RJZduuEU6Z_ijXNeQWnrxO1tg70Gkw=F8qN… Link: https://lore.kernel.org/r/4678992299664babac4403d9978e7ba7@realtek.com Signed-off-by: Takashi Iwai <tiwai(a)suse.de> diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c index e2f8b608de82..afb4d82475b4 100644 --- a/sound/pci/hda/patch_realtek.c +++ b/sound/pci/hda/patch_realtek.c @@ -122,6 +122,7 @@ struct alc_spec { unsigned int ultra_low_power:1; unsigned int has_hs_key:1; unsigned int no_internal_mic_pin:1; + unsigned int en_3kpull_low:1; /* for PLL fix */ hda_nid_t pll_nid; @@ -3622,6 +3623,7 @@ static void alc256_shutup(struct hda_codec *codec) if (!hp_pin) hp_pin = 0x21; + alc_update_coefex_idx(codec, 0x57, 0x04, 0x0007, 0x1); /* Low power */ hp_pin_sense = snd_hda_jack_detect(codec, hp_pin); if (hp_pin_sense) @@ -3638,8 +3640,7 @@ static void alc256_shutup(struct hda_codec *codec) /* If disable 3k pulldown control for alc257, the Mic detection will not work correctly * when booting with headset plugged. So skip setting it for the codec alc257 */ - if (codec->core.vendor_id != 0x10ec0236 && - codec->core.vendor_id != 0x10ec0257) + if (spec->en_3kpull_low) alc_update_coef_idx(codec, 0x46, 0, 3 << 12); if (!spec->no_shutup_pins) @@ -10682,6 +10683,8 @@ static int patch_alc269(struct hda_codec *codec) spec->shutup = alc256_shutup; spec->init_hook = alc256_init; spec->gen.mixer_nid = 0; /* ALC256 does not have any loopback mixer path */ + if (codec->bus->pci->vendor == PCI_VENDOR_ID_AMD) + spec->en_3kpull_low = true; break; case 0x10ec0257: spec->codec_variant = ALC269_TYPE_ALC257;

2 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] ALSA: hda/realtek - remove 3k pull low procedure" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 69ea4c9d02b7947cdd612335a61cc1a02e544ccd # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023072307-usage-safely-2a32@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 69ea4c9d02b7 ("ALSA: hda/realtek - remove 3k pull low procedure") f30741cded62 ("ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020") 5aec98913095 ("ALSA: hda/realtek - ALC236 headset MIC recording issue") 92666d45adcf ("ALSA: hda/realtek - Fixed Dell AIO wrong sound tone") 9e885770277d ("ALSA: hda/realtek - HP Headset Mic can't detect after boot") a0ccbc5319d5 ("ALSA: hda/realtek - Add supported mute Led for HP") 446b8185f0c3 ("ALSA: hda/realtek - Add supported for Lenovo ThinkPad Headset Button") ef9ce66fab95 ("ALSA: hda/realtek - Enable headphone for ASUS TM420") 8a8de09cb2ad ("ALSA: hda/realtek - Fixed HP headset Mic can't be detected") 08befca40026 ("ALSA: hda/realtek - Add mute Led support for HP Elitebook 845 G7") 13468bfa8c58 ("ALSA: hda/realtek - set mic to auto detect on a HP AIO machine") 3f7424905782 ("ALSA: hda/realtek - Couldn't detect Mic if booting with headset plugged") fc19d559b0d3 ("ALSA: hda/realtek - The Mic on a RedmiBook doesn't work") 23dc95868944 ("ALSA: hda/realtek: Add model alc298-samsung-headphone") e2d2fded6bdf ("ALSA: hda/realtek: Fix pin default on Intel NUC 8 Rugged") 3b5d1afd1f13 ("Merge branch 'for-next' into for-linus") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 69ea4c9d02b7947cdd612335a61cc1a02e544ccd Mon Sep 17 00:00:00 2001 From: Kailang Yang <kailang(a)realtek.com> Date: Thu, 13 Jul 2023 15:57:13 +0800 Subject: [PATCH] ALSA: hda/realtek - remove 3k pull low procedure This was the ALC283 depop procedure. Maybe this procedure wasn't suitable with new codec. So, let us remove it. But HP 15z-fc000 must do 3k pull low. If it reboot with plugged headset, it will have errors show don't find codec error messages. Run 3k pull low will solve issues. So, let AMD chipset will run this for workarround. Fixes: 5aec98913095 ("ALSA: hda/realtek - ALC236 headset MIC recording issue") Signed-off-by: Kailang Yang <kailang(a)realtek.com> Cc: <stable(a)vger.kernel.org> Reported-by: Joseph C. Sible <josephcsible(a)gmail.com> Closes: https://lore.kernel.org/r/CABpewhE4REgn9RJZduuEU6Z_ijXNeQWnrxO1tg70Gkw=F8qN… Link: https://lore.kernel.org/r/4678992299664babac4403d9978e7ba7@realtek.com Signed-off-by: Takashi Iwai <tiwai(a)suse.de> diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c index e2f8b608de82..afb4d82475b4 100644 --- a/sound/pci/hda/patch_realtek.c +++ b/sound/pci/hda/patch_realtek.c @@ -122,6 +122,7 @@ struct alc_spec { unsigned int ultra_low_power:1; unsigned int has_hs_key:1; unsigned int no_internal_mic_pin:1; + unsigned int en_3kpull_low:1; /* for PLL fix */ hda_nid_t pll_nid; @@ -3622,6 +3623,7 @@ static void alc256_shutup(struct hda_codec *codec) if (!hp_pin) hp_pin = 0x21; + alc_update_coefex_idx(codec, 0x57, 0x04, 0x0007, 0x1); /* Low power */ hp_pin_sense = snd_hda_jack_detect(codec, hp_pin); if (hp_pin_sense) @@ -3638,8 +3640,7 @@ static void alc256_shutup(struct hda_codec *codec) /* If disable 3k pulldown control for alc257, the Mic detection will not work correctly * when booting with headset plugged. So skip setting it for the codec alc257 */ - if (codec->core.vendor_id != 0x10ec0236 && - codec->core.vendor_id != 0x10ec0257) + if (spec->en_3kpull_low) alc_update_coef_idx(codec, 0x46, 0, 3 << 12); if (!spec->no_shutup_pins) @@ -10682,6 +10683,8 @@ static int patch_alc269(struct hda_codec *codec) spec->shutup = alc256_shutup; spec->init_hook = alc256_init; spec->gen.mixer_nid = 0; /* ALC256 does not have any loopback mixer path */ + if (codec->bus->pci->vendor == PCI_VENDOR_ID_AMD) + spec->en_3kpull_low = true; break; case 0x10ec0257: spec->codec_variant = ALC269_TYPE_ALC257;

2 years, 3 months

1
0
0 0

[PATCH 6.4 000/292] 6.4.5-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.4.5 release. There are 292 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun, 23 Jul 2023 16:04:29 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.4.5-rc1.… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.4.5-rc1 Mario Limonciello <mario.limonciello(a)amd.com> Revert "drm/amd: Disable PSR-SU on Parade 0803 TCON" Thomas Bogendoerfer <tsbogend(a)alpha.franken.de> MIPS: kvm: Fix build error with KVM_MIPS_DEBUG_COP0_COUNTERS enabled Dan Carpenter <dan.carpenter(a)linaro.org> net: dsa: ocelot: unlock on error in vsc9959_qos_port_tas_set() Dan Carpenter <dan.carpenter(a)linaro.org> scsi: qla2xxx: Fix end of loop test Manish Rangankar <mrangankar(a)marvell.com> scsi: qla2xxx: Remove unused nvme_ls_waitq wait queue Shreyas Deodhar <sdeodhar(a)marvell.com> scsi: qla2xxx: Pointer may be dereferenced Bikash Hazarika <bhazarika(a)marvell.com> scsi: qla2xxx: Correct the index of array Nilesh Javali <njavali(a)marvell.com> scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport() Bikash Hazarika <bhazarika(a)marvell.com> scsi: qla2xxx: Fix potential NULL pointer dereference Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix buffer overrun Nilesh Javali <njavali(a)marvell.com> scsi: qla2xxx: Avoid fcport pointer dereference Nilesh Javali <njavali(a)marvell.com> scsi: qla2xxx: Array index may go out of bound Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix mem access after free Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Wait for io return on terminate rport Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix hang in task management Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix task management cmd fail due to unavailable resource Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix task management cmd failure Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Multi-que support for TMF Beau Belgrave <beaub(a)linux.microsoft.com> tracing/user_events: Fix struct arg size match check Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing/probes: Fix to record 0-length data_loc in fetch_store_string*() if fails Masami Hiramatsu (Google) <mhiramat(a)kernel.org> Revert "tracing: Add "(fault)" name injection to kernel probes" Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing/probes: Fix to update dynamic data counter if fetcharg uses it Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing/probes: Fix not to count error code to total length Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing/probes: Fix to avoid double count of the string length on the array Gustavo A. R. Silva <gustavoars(a)kernel.org> smb: client: Fix -Wstringop-overflow issues Matthieu Baerts <matthieu.baerts(a)tessares.net> selftests: mptcp: pm_nl_ctl: fix 32-bit support Matthieu Baerts <matthieu.baerts(a)tessares.net> selftests: mptcp: depend on SYN_COOKIES Matthieu Baerts <matthieu.baerts(a)tessares.net> selftests: mptcp: userspace_pm: report errors with 'remove' tests Matthieu Baerts <matthieu.baerts(a)tessares.net> selftests: mptcp: userspace_pm: use correct server port Matthieu Baerts <matthieu.baerts(a)tessares.net> selftests: mptcp: sockopt: return error if wrong mark Matthieu Baerts <matthieu.baerts(a)tessares.net> selftests: mptcp: connect: fail if nft supposed to work Matthieu Baerts <matthieu.baerts(a)tessares.net> selftests: mptcp: sockopt: use 'iptables-legacy' if available Paolo Abeni <pabeni(a)redhat.com> mptcp: ensure subflow is unhashed before cleaning the backlog Paolo Abeni <pabeni(a)redhat.com> mptcp: do not rely on implicit state check in mptcp_listen() Mateusz Stachyra <m.stachyra(a)samsung.com> tracing: Fix null pointer dereference in tracing_err_log_open() Masami Hiramatsu (Google) <mhiramat(a)kernel.org> fprobe: Ensure running fprobe_exit_handler() finished before calling rethook_free() Jiri Olsa <jolsa(a)kernel.org> fprobe: Release rethook after the ftrace_ops is unregistered Karol Wachowski <karol.wachowski(a)linux.intel.com> accel/ivpu: Clear specific interrupt status bits on C0 Karol Wachowski <karol.wachowski(a)linux.intel.com> accel/ivpu: Fix VPU register access in irq disable Heiner Kallweit <hkallweit1(a)gmail.com> pwm: meson: fix handling of period/duty if greater than UINT_MAX Heiner Kallweit <hkallweit1(a)gmail.com> pwm: meson: modify and simplify calculation in meson_pwm_get_state Chungkai Yang <Chung-kai.Yang(a)mediatek.com> PM: QoS: Restore support for default value on frequency QoS Namhyung Kim <namhyung(a)kernel.org> perf/x86: Fix lockdep warning in for_each_sibling_event() on SPR Max Filippov <jcmvbkbc(a)gmail.com> xtensa: ISS: fix call to split_if_spec Bharath SM <bharathsm(a)microsoft.com> cifs: if deferred close is disabled then close files immediately Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/pm: conditionally disable pcie lane/speed switching for SMU13 Evan Quan <evan.quan(a)amd.com> drm/amd/pm: share the code around SMU13 pcie parameters update Zheng Yejian <zhengyejian1(a)huawei.com> ftrace: Fix possible warning on checking all pages used in ftrace_process_locs() Zheng Yejian <zhengyejian1(a)huawei.com> ring-buffer: Fix deadloop issue on reading trace_pipe Krister Johansen <kjlx(a)templeofstupid.com> net: ena: fix shift-out-of-bounds in exponential backoff Isaac J. Manjarres <isaacmanjarres(a)google.com> regmap-irq: Fix out-of-bounds access when allocating config buffers Eric Lin <eric.lin(a)sifive.com> perf: RISC-V: Remove PERF_HES_STOPPED flag checking in riscv_pmu_start() Florent Revest <revest(a)chromium.org> samples: ftrace: Save required argument registers in sample trampolines Christoph Hellwig <hch(a)lst.de> nvme: don't reject probe due to duplicate IDs for single-ported PCIe devices Zheng Yejian <zhengyejian1(a)huawei.com> tracing: Fix memory leak of iter->temp when reading trace_pipe Mohamed Khalfella <mkhalfella(a)purestorage.com> tracing/histograms: Add histograms to hist_vars if they have referenced variables Matthias Kaehlcke <mka(a)chromium.org> dm: verity-loadpin: Add NULL pointer check for 'bdev' parameter Heiko Carstens <hca(a)linux.ibm.com> s390/decompressor: fix misaligned symbol build error Jonas Gorski <jonas.gorski(a)gmail.com> bus: ixp4xx: fix IXP4XX_EXP_T1_MASK Jiaqing Zhao <jiaqing.zhao(a)linux.intel.com> Revert "8250: add support for ASIX devices with a FIFO bug" Sakari Ailus <sakari.ailus(a)linux.intel.com> media: uapi: Fix [GS]_ROUTING ACTIVE flag value Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soundwire: qcom: fix storing port config out-of-bounds Stephan Gerhold <stephan.gerhold(a)kernkonzept.com> opp: Fix use-after-free in lazy_opp_tables after probe deferral George Stark <gnstark(a)sberdevices.ru> meson saradc: fix clock divider mask length Weitao Wang <WeitaoWang-oc(a)zhaoxin.com> xhci: Show ZHAOXIN xHCI root hub speed correctly Weitao Wang <WeitaoWang-oc(a)zhaoxin.com> xhci: Fix TRB prefetch issue of ZHAOXIN hosts Weitao Wang <WeitaoWang-oc(a)zhaoxin.com> xhci: Fix resume issue of some ZHAOXIN hosts Oliver Upton <oliver.upton(a)linux.dev> arm64: errata: Mitigate Ampere1 erratum AC03_CPU_38 at stage-2 Yinjun Zhang <yinjun.zhang(a)corigine.com> nfp: clean mc addresses in application firmware when closing port Xiubo Li <xiubli(a)redhat.com> ceph: don't let check_caps skip sending responses for revoke msgs Xiubo Li <xiubli(a)redhat.com> ceph: fix blindly expanding the readahead windows Xiubo Li <xiubli(a)redhat.com> ceph: add a dedicated private data for netfs rreq Ilya Dryomov <idryomov(a)gmail.com> libceph: harden msgr2.1 frame segment length checks Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> firmware: stratix10-svc: Fix a potential resource leak in svc_create_memory_pool() Hui Li <caelli(a)tencent.com> tty: fix hang on tty device with no_room set Martin Fuzzey <martin.fuzzey(a)flowbird.group> tty: serial: imx: fix rs485 rx after tx Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error Dan Carpenter <dan.carpenter(a)linaro.org> serial: atmel: don't enable IRQs prematurely Christian König <christian.koenig(a)amd.com> drm/ttm: never consider pinned BOs for eviction&swap Thomas Hellström <thomas.hellstrom(a)linux.intel.com> drm/ttm: Don't leak a resource on swapout move error Thomas Hellström <thomas.hellstrom(a)linux.intel.com> drm/ttm: Don't leak a resource on eviction error Yang Wang <kevinyang.wang(a)amd.com> drm/amd/pm: fix smu i2c data read risk gaba <gaba(a)amd.com> drm/amdgpu: avoid restore process run into dead loop. Aurabindo Pillai <aurabindo.pillai(a)amd.com> drm/amd/display: Add monitor specific edid quirk Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Correct `DMUB_FW_VERSION` macro Ilya Bakoulin <ilya.bakoulin(a)amd.com> drm/amd/display: Fix 128b132b link loss handling Sung-huai Wang <danny.wang(a)amd.com> drm/amd/display: add a NULL pointer check Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Disable PSR-SU on Parade 0803 TCON Samuel Pitoiset <samuel.pitoiset(a)gmail.com> drm/amdgpu: fix clearing mappings for BOs that are always valid in VM Leo Chen <sancchen(a)amd.com> drm/amd/display: disable seamless boot if force_odm_combine is enabled Austin Zheng <austin.zheng(a)amd.com> drm/amd/display: Remove Phantom Pipe Check When Calculating K1 and K2 Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: edp do not add non-edid timings Dmytro Laktyushkin <dmytro.laktyushkin(a)amd.com> drm/amd/display: fix seamless odm transitions Alan Liu <HaoPing.Liu(a)amd.com> drm/amd/display: Fix in secure display context creation Alvin Lee <Alvin.Lee2(a)amd.com> drm/amd/display: Limit DCN32 8 channel or less parts to DPM1 for FPO Wayne Lin <Wayne.Lin(a)amd.com> drm/dp_mst: Clear MSG_RDY flag before sending new message Brian Norris <briannorris(a)chromium.org> drm/rockchip: vop: Leave vblank enabled in self-refresh Brian Norris <briannorris(a)chromium.org> drm/atomic: Allow vblank-enabled + self-refresh "disable" Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Fix double free in lpfc_cmpl_els_logo_acc() caused by lpfc_nlp_not_used() Alexander Aring <aahringo(a)redhat.com> fs: dlm: fix missing pending to false Alexander Aring <aahringo(a)redhat.com> fs: dlm: clear pending bit when queue was empty Alexander Aring <aahringo(a)redhat.com> fs: dlm: fix mismatch of plock results from userspace Alexander Aring <aahringo(a)redhat.com> fs: dlm: make F_SETLK use unkillable wait_event Alexander Aring <aahringo(a)redhat.com> fs: dlm: interrupt posix locks only when process is killed Alexander Aring <aahringo(a)redhat.com> fs: dlm: fix cleanup pending ops when interrupted Alexander Aring <aahringo(a)redhat.com> fs: dlm: return positive pid value for F_GETLK Jason Baron <jbaron(a)akamai.com> md/raid0: add discard support for the 'original' layout Johan Hovold <johan+linaro(a)kernel.org> mfd: pm8008: Fix module autoloading Damien Le Moal <dlemoal(a)kernel.org> misc: pci_endpoint_test: Re-init completion for every test Damien Le Moal <dlemoal(a)kernel.org> misc: pci_endpoint_test: Free IRQs before removing the device Damien Le Moal <dlemoal(a)kernel.org> PCI: rockchip: Set address alignment for endpoint mode Rick Wertenbroek <rick.wertenbroek(a)gmail.com> PCI: rockchip: Use u32 variable to access 32-bit registers Rick Wertenbroek <rick.wertenbroek(a)gmail.com> PCI: rockchip: Fix legacy IRQ generation for RK3399 PCIe endpoint core Rick Wertenbroek <rick.wertenbroek(a)gmail.com> PCI: rockchip: Add poll and timeout to wait for PHY PLLs to be locked Rick Wertenbroek <rick.wertenbroek(a)gmail.com> PCI: rockchip: Write PCI Device ID to correct register Rick Wertenbroek <rick.wertenbroek(a)gmail.com> PCI: rockchip: Assert PCI Configuration Enable bit after probe Damien Le Moal <dlemoal(a)kernel.org> PCI: epf-test: Fix DMA transfer completion detection Damien Le Moal <dlemoal(a)kernel.org> PCI: epf-test: Fix DMA transfer completion initialization Manivannan Sadhasivam <mani(a)kernel.org> PCI: qcom: Disable write access to read only registers for IP v2.3.3 Igor Mammedov <imammedo(a)redhat.com> PCI: acpiphp: Reassign resources on bridge if necessary Robin Murphy <robin.murphy(a)arm.com> PCI: Add function 1 DMA alias quirk for Marvell 88SE9235 Ross Lagerwall <ross.lagerwall(a)citrix.com> PCI: Release resource invalidated by coalescing Ondrej Zary <linux(a)zary.sk> PCI/PM: Avoid putting EloPOS E2/S2/H2 PCIe Ports in D3cold Harald Freudenberger <freude(a)linux.ibm.com> s390/zcrypt: do not retry administrative requests Sathya Prakash <sathya.prakash(a)broadcom.com> scsi: mpi3mr: Propagate sense data for admin queue SCSI I/O Mikulas Patocka <mpatocka(a)redhat.com> dm integrity: reduce vmalloc space footprint on 32-bit architectures Martin Kaiser <martin(a)kaiser.cx> hwrng: imx-rngc - fix the timeout for init and self check Sinthu Raja <sinthu.raja(a)ti.com> arm64: dts: ti: k3-j721s2: Fix wkup pinmux range Frank Wunderlich <frank-w(a)public-files.de> arm64: dts: mt7986: use size of reserved partition for bl2 Siddh Raman Pant <code(a)siddh.me> jfs: jfs_dmap: Validate db_l2nbperpage while mounting Ritesh Harjani (IBM) <ritesh.list(a)gmail.com> ext2/dax: Fix ext2_setsize when len is page aligned Christian Marangi <ansuelsmth(a)gmail.com> soc: qcom: mdt_loader: Fix unconditional call to scm_pas_mem_setup David Woodhouse <dwmw(a)amazon.co.uk> mm/mmap: Fix error return in do_vmi_align_munmap() Alexander Aring <aahringo(a)redhat.com> fs: dlm: revert check required context while close Baokun Li <libaokun1(a)huawei.com> ext4: only update i_reserved_data_blocks on successful block allocation Baokun Li <libaokun1(a)huawei.com> ext4: turn quotas off if mount failed after enabling quotas Chao Yu <chao(a)kernel.org> ext4: fix to check return value of freeze_bdev() in ext4_shutdown() Theodore Ts'o <tytso(a)mit.edu> ext4: avoid updating the superblock on a r/o mount if not needed Kemeng Shi <shikemeng(a)huaweicloud.com> ext4: fix wrong unit use in ext4_mb_new_blocks Kemeng Shi <shikemeng(a)huaweicloud.com> ext4: get block from bh in ext4_free_blocks for fast commit replay Kemeng Shi <shikemeng(a)huaweicloud.com> ext4: fix wrong unit use in ext4_mb_clear_bb Zhihao Cheng <chengzhihao1(a)huawei.com> ext4: Fix reusing stale buffer heads from last failed mounting Huacai Chen <chenhuacai(a)kernel.org> MIPS: KVM: Fix NULL pointer dereference Huacai Chen <chenhuacai(a)kernel.org> MIPS: Loongson: Fix build error when make modules_install Huacai Chen <chenhuacai(a)kernel.org> MIPS: Loongson: Fix cpu_probe_loongson() again Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: cpu-features: Use boot_cpu_type for CPU type based features Hamza Mahfooz <hamza.mahfooz(a)amd.com> drm/amd/display: perform a bounds check before filling dirty rectangles Michael Ellerman <mpe(a)ellerman.id.au> powerpc/64s: Fix native_hpte_remove() to be irq-safe Michael Ellerman <mpe(a)ellerman.id.au> powerpc/security: Fix Speculation_Store_Bypass reporting on Power10 Ekansh Gupta <quic_ekangupt(a)quicinc.com> misc: fastrpc: Create fastrpc scalar with correct buffer count Naveen N Rao <naveen(a)kernel.org> powerpc: Fail build if using recordmcount with binutils v2.37 sunliming <sunliming(a)kylinos.cn> tracing/user_events: Fix incorrect return value for writing operation when events are disabled Andrey Konovalov <andreyknvl(a)gmail.com> kasan: fix type cast in memory_is_poisoned_n Andrey Konovalov <andreyknvl(a)gmail.com> kasan, slub: fix HW_TAGS zeroing with slub_debug Arnd Bergmann <arnd(a)arndb.de> kasan: use internal prototypes matching gcc-13 builtins Arnd Bergmann <arnd(a)arndb.de> kasan: add kasan_tag_mismatch prototype Oleksij Rempel <linux(a)rempel-privat.de> net: phy: dp83td510: fix kernel stall during netboot in DP83TD510E PHY driver Florian Fainelli <florian.fainelli(a)broadcom.com> net: bcmgenet: Ensure MDIO unregistration has clocks enabled Arseniy Krasnov <AVKrasnov(a)sberdevices.ru> mtd: rawnand: meson: fix unaligned DMA buffers handling Florian Bezdeka <florian(a)bezdeka.de> tpm/tpm_tis: Disable interrupts for Lenovo L590 devices Lino Sanfilippo <l.sanfilippo(a)kunbus.com> tpm,tpm_tis: Disable interrupts after 1000 unhandled IRQs Christian Hesse <mail(a)eworm.de> tpm/tpm_tis: Disable interrupts for Framework Laptop Intel 13th gen Jerry Snitselaar <jsnitsel(a)redhat.com> tpm: return false from tpm_amd_is_rng_defective on non-x86 platforms Alexander Sverdlin <alexander.sverdlin(a)siemens.com> tpm: tis_i2c: Limit write bursts to I2C_SMBUS_BLOCK_MAX (32) bytes Christian Hesse <mail(a)eworm.de> tpm/tpm_tis: Disable interrupts for Framework Laptop Intel 12th gen Alexander Sverdlin <alexander.sverdlin(a)siemens.com> tpm: tis_i2c: Limit read bursts to I2C_SMBUS_BLOCK_MAX (32) bytes Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> tpm: tpm_tis: Disable interrupts *only* for AEON UPX-i11 Jarkko Sakkinen <jarkko(a)kernel.org> tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation Valentin David <valentin.david(a)gmail.com> tpm: Do not remap from ACPI resources again for Pluton TPM Mario Limonciello <mario.limonciello(a)amd.com> pinctrl: amd: Unify debounce handling into amd_pinconf_set() Mario Limonciello <mario.limonciello(a)amd.com> pinctrl: amd: Drop pull up select configuration Mario Limonciello <mario.limonciello(a)amd.com> pinctrl: amd: Use amd_pinconf_set() for all config options Mario Limonciello <mario.limonciello(a)amd.com> pinctrl: amd: Only use special debounce behavior for GPIO 0 Mario Limonciello <mario.limonciello(a)amd.com> pinctrl: amd: Revert "pinctrl: amd: disable and mask interrupts on probe" Kornel Dulęba <korneld(a)chromium.org> pinctrl: amd: Detect and mask spurious interrupts Mario Limonciello <mario.limonciello(a)amd.com> pinctrl: amd: Fix mistake in handling clearing pins at startup Mario Limonciello <mario.limonciello(a)amd.com> pinctrl: amd: Detect internal GPIO0 debounce handling Masahiro Yamada <masahiroy(a)kernel.org> kbuild: make modules_install copy modules.builtin(.modinfo) Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: fix deadlock in i_xattr_sem and inode page lock Chao Yu <chao(a)kernel.org> f2fs: don't reset unchangable mount option in f2fs_remount() Thomas Zimmermann <tzimmermann(a)suse.de> drm/client: Send hotplug event after registering a client Paulo Alcantara <pc(a)manguebit.com> smb: client: fix parsing of source mount option Winston Wen <wentao(a)uniontech.com> cifs: fix session state check in smb2_find_smb_ses Paulo Alcantara <pc(a)manguebit.com> smb: client: improve DFS mount check Ming Lei <ming.lei(a)redhat.com> nvme-pci: fix DMA direction of unmapping integrity data Pedro Tammela <pctammela(a)mojatatu.com> net/sched: sch_qfq: account for stab overhead in qfq_enqueue Pedro Tammela <pctammela(a)mojatatu.com> net/sched: sch_qfq: reintroduce lmax bound check for MTU Zhang Shurong <zhang_shurong(a)foxmail.com> wifi: rtw89: debug: fix error code in rtw89_debug_priv_send_h2c_set() Jiawen Wu <jiawenwu(a)trustnetic.com> net: txgbe: fix eeprom calculation error Pedro Tammela <pctammela(a)mojatatu.com> net/sched: make psched_mtu() RTNL-less safe Karol Herbst <kherbst(a)redhat.com> drm/nouveau: bring back blit subchannel for pre nv50 GPUs Karol Herbst <kherbst(a)redhat.com> drm/nouveau/acr: Abort loading ACR if no firmware was found Dan Carpenter <dan.carpenter(a)linaro.org> netdevsim: fix uninitialized data in nsim_dev_trap_fa_cookie_write() Karol Herbst <kherbst(a)redhat.com> drm/nouveau/disp/g94: enable HDMI Karol Herbst <kherbst(a)redhat.com> drm/nouveau/disp: fix HDMI on gt215+ Jisheng Zhang <jszhang(a)kernel.org> riscv: mm: fix truncation warning on RV32 Ido Schimmel <idosch(a)nvidia.com> net/sched: flower: Ensure both minimum and maximum ports are specified Larysa Zaremba <larysa.zaremba(a)intel.com> xdp: use trusted arguments in XDP hints kfuncs Pu Lehui <pulehui(a)huawei.com> bpf: cpumap: Fix memory leak in cpu_map_update_elem Randy Dunlap <rdunlap(a)infradead.org> wifi: airo: avoid uninitialized warning in airo_get_rate() Xin Yin <yinxin.x(a)bytedance.com> erofs: fix fsdax unavailability for chunk-based regular files Chunhai Guo <guochunhai(a)vivo.com> erofs: avoid infinite loop in z_erofs_do_read_page() when reading beyond EOF Chunhai Guo <guochunhai(a)vivo.com> erofs: avoid useless loops in z_erofs_pcluster_readmore() when reading beyond EOF Suman Ghosh <sumang(a)marvell.com> octeontx2-pf: Add additional check for MCAM rules Lu Hongfei <luhongfei(a)vivo.com> net: dsa: Removed unneeded of_node_put in felix_parse_ports_node Tvrtko Ursulin <tvrtko.ursulin(a)intel.com> drm/i915: Fix one wrong caching mode enum usage Stanislav Lisovskiy <stanislav.lisovskiy(a)intel.com> drm/i915: Don't preserve dpll_hw_state for slave crtc in Bigjoiner Wei Fang <wei.fang(a)nxp.com> net: fec: increase the size of tx ring and update tx_wake_threshold Wei Fang <wei.fang(a)nxp.com> net: fec: recycle pages for transmitted XDP frames Wei Fang <wei.fang(a)nxp.com> net: fec: remove last_bdp from fec_enet_txq_xmit_frame() Wei Fang <wei.fang(a)nxp.com> net: fec: remove useless fec_enet_reset_skb() Björn Töpel <bjorn(a)rivosinc.com> riscv, bpf: Fix inconsistent JIT image generation Stafford Horne <shorne(a)gmail.com> openrisc: Union fpcsr and oldmask in sigcontext to unbreak userspace ABI Ankit Kumar <ankit.kumar(a)samsung.com> nvme: fix the NVME_ID_NS_NVM_STS_MASK definition Florian Kauer <florian.kauer(a)linutronix.de> igc: Fix inserting of empty frame for launchtime Florian Kauer <florian.kauer(a)linutronix.de> igc: Fix launchtime before start of cycle Florian Kauer <florian.kauer(a)linutronix.de> igc: No strict mode in pure launchtime/CBS offload Ze Gao <zegao2021(a)gmail.com> fprobe: add unlock to match a succeeded ftrace_test_recursion_trylock Tzvetomir Stoyanov (VMware) <tz.stoyanov(a)gmail.com> kernel/trace: Fix cleanup logic of enable_trace_eprobe Florian Kauer <florian.kauer(a)linutronix.de> igc: Handle already enabled taprio offload for basetime 0 Florian Kauer <florian.kauer(a)linutronix.de> igc: Do not enable taprio offload for invalid arguments Florian Kauer <florian.kauer(a)linutronix.de> igc: Rename qbv_enable to taprio_offload_enable Vladimir Oltean <vladimir.oltean(a)nxp.com> net/sched: taprio: replace tc_taprio_qopt_offload :: enable with a "cmd" enum Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> platform/x86: wmi: Break possible infinite loop when parsing GUID Peter Zijlstra <peterz(a)infradead.org> x86/fineibt: Poison ENDBR at +0 Jiasheng Jiang <jiasheng(a)iscas.ac.cn> net: dsa: qca8k: Add check for skb_copy Arnd Bergmann <arnd(a)arndb.de> HID: hyperv: avoid struct memcpy overrun warning Ziyang Xuan <william.xuanziyang(a)huawei.com> ipv6/addrconf: fix a potential refcount underflow for idev Jiasheng Jiang <jiasheng(a)iscas.ac.cn> NTB: ntb_tool: Add check for devm_kcalloc Yang Yingliang <yangyingliang(a)huawei.com> NTB: ntb_transport: fix possible memory leak while device_register() fails Yuan Can <yuancan(a)huawei.com> ntb: intel: Fix error handling in intel_ntb_pci_driver_init() Yuan Can <yuancan(a)huawei.com> NTB: amd: Fix error handling in amd_ntb_pci_driver_init() Yuan Can <yuancan(a)huawei.com> ntb: idt: Fix error handling in idt_pci_driver_init() Eric Dumazet <edumazet(a)google.com> udp6: fix udp6_ehashfn() typo Kuniyuki Iwashima <kuniyu(a)amazon.com> icmp6: Fix null-ptr-deref of ip6_null_entry->rt6i_idev in icmp6_dev(). Niklas Schnelle <schnelle(a)linux.ibm.com> s390/ism: Do not unregister clients with registered DMBs Niklas Schnelle <schnelle(a)linux.ibm.com> s390/ism: Fix and simplify add()/remove() callback handling Niklas Schnelle <schnelle(a)linux.ibm.com> s390/ism: Fix locking for forwarding of IRQs and events to clients Paolo Abeni <pabeni(a)redhat.com> net: prevent skb corruption on frag list segmentation Rafał Miłecki <rafal(a)milecki.pl> net: bgmac: postpone turning IRQs off to avoid SoC hangs Ivan Babrou <ivan(a)cloudflare.com> udp6: add a missing call into udp_fail_queue_rcv_skb tracepoint Nitya Sunkad <nitya.sunkad(a)amd.com> ionic: remove WARN_ON to prevent panic_on_warn Sai Krishna <saikrishnag(a)marvell.com> octeontx2-af: Move validation of ptp pointer before its usage Ratheesh Kannoth <rkannoth(a)marvell.com> octeontx2-af: Promisc enable/disable through mbox Geert Uytterhoeven <geert+renesas(a)glider.be> drm/fbdev-dma: Fix documented default preferred_bpp value Junfeng Guo <junfeng.guo(a)intel.com> gve: Set default duplex configuration to full M A Ramdhan <ramdhan(a)starlabs.sg> net/sched: cls_fw: Fix improper refcount update leads to use-after-free Vladimir Oltean <vladimir.oltean(a)nxp.com> net: mscc: ocelot: fix oversize frame dropping for preemptible TCs Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: felix: make vsc9959_tas_guard_bands_update() visible to ocelot->ops Klaus Kudielka <klaus.kudielka(a)gmail.com> net: mvneta: fix txq_map in case of txq_number==1 Kumar Kartikeya Dwivedi <memxor(a)gmail.com> bpf: Fix max stack depth check for async callbacks Randy Dunlap <rdunlap(a)infradead.org> scsi: ufs: ufs-mediatek: Add dependency for RESET_CONTROLLER Dan Carpenter <dan.carpenter(a)linaro.org> scsi: qla2xxx: Fix error code in qla2x00_start_sp() Eric Biggers <ebiggers(a)google.com> blk-crypto: use dynamic lock class for blk_crypto_profile::lock Aravindhan Gunasekaran <aravindhan.gunasekaran(a)intel.com> igc: Handle PPS start time programming for past time values Tan Tee Min <tee.min.tan(a)linux.intel.com> igc: Include the length/type field and VLAN tag in queueMaxSDU Prasad Koya <prasad(a)arista.com> igc: set TP bit in 'supported' and 'advertising' fields of ethtool_link_ksettings Dragos Tatulea <dtatulea(a)nvidia.com> net/mlx5e: RX, Fix page_pool page fragment tracking for XDP Maher Sanalla <msanalla(a)nvidia.com> net/mlx5: Query hca_cap_2 only when supported Yevgeny Kliteynik <kliteyn(a)nvidia.com> net/mlx5e: TC, CT: Offload ct clear only once Vlad Buslov <vladbu(a)nvidia.com> net/mlx5e: Check for NOT_READY flag state after locking Saeed Mahameed <saeedm(a)nvidia.com> net/mlx5: Register a unique thermal zone per device Dragos Tatulea <dtatulea(a)nvidia.com> net/mlx5e: RX, Fix flush and close release flow of regular rq for legacy rq Zhengchao Shao <shaozhengchao(a)huawei.com> net/mlx5e: fix memory leak in mlx5e_ptp_open Zhengchao Shao <shaozhengchao(a)huawei.com> net/mlx5e: fix memory leak in mlx5e_fs_tt_redirect_any_create Zhengchao Shao <shaozhengchao(a)huawei.com> net/mlx5e: fix double free in mlx5e_destroy_flow_table Muhammad Husaini Zulkifli <muhammad.husaini.zulkifli(a)intel.com> igc: Fix TX Hang issue when QBV Gate is closed Jesper Dangaard Brouer <brouer(a)redhat.com> igc: Add XDP hints kfuncs for RX hash Jesper Dangaard Brouer <brouer(a)redhat.com> igc: Add igc_xdp_buff wrapper for xdp_buff in driver Muhammad Husaini Zulkifli <muhammad.husaini.zulkifli(a)intel.com> igc: Remove delay during TX ring configuration Muhammad Husaini Zulkifli <muhammad.husaini.zulkifli(a)intel.com> igc: Add condition for qbv_config_change_errors counter Sridhar Samudrala <sridhar.samudrala(a)intel.com> ice: Fix tx queue rate limit when TCs are configured Sridhar Samudrala <sridhar.samudrala(a)intel.com> ice: Fix max_rate check while configuring TX rate limits Florian Westphal <fw(a)strlen.de> netfilter: conntrack: don't fold port numbers into addresses before hashing Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: report use refcount overflow Petr Pavlu <petr.pavlu(a)suse.com> xen/virtio: Fix NULL deref when a bridge of PCI root bus has no parent Marek Vasut <marex(a)denx.de> drm/panel: simple: Add Powertip PH800480T013 drm_display_mode flags Petr Tesarik <petr.tesarik.ext(a)huawei.com> swiotlb: reduce the number of areas to match actual memory pool size Petr Tesarik <petr.tesarik.ext(a)huawei.com> swiotlb: always set the number of areas before allocating the pool Douglas Anderson <dianders(a)chromium.org> drm/bridge: ti-sn65dsi86: Fix auxiliary bus lifetime Adrián Larumbe <adrian.larumbe(a)collabora.com> drm: bridge: dw_hdmi: fix connector access for scdc Fabio Estevam <festevam(a)denx.de> drm/panel: simple: Add connector_type for innolux_at043tn24 Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix out of bounds read in smb2_sess_setup Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: add missing compound request handing in some commands Simon Horman <horms(a)kernel.org> net: lan743x: select FIXED_PHY Moritz Fischer <moritzf(a)google.com> net: lan743x: Don't sleep in atomic context Basavaraj Natikar <Basavaraj.Natikar(a)amd.com> HID: amd_sfh: Fix for shift-out-of-bounds Basavaraj Natikar <Basavaraj.Natikar(a)amd.com> HID: amd_sfh: Rename the float32 variable Dmitry Torokhov <dmitry.torokhov(a)gmail.com> HID: input: fix mapping for camera access keys Nayna Jain <nayna(a)linux.ibm.com> security/integrity: fix pointer to ESL data and its size on pseries Ivan Mikhaylov <fr0st61te(a)gmail.com> net/ncsi: change from ndo_set_mac_address to dev_set_mac_address ------------- Diffstat: Documentation/arm64/silicon-errata.rst | 3 + .../media/v4l/vidioc-subdev-g-routing.rst | 2 +- Makefile | 30 ++- arch/arm64/Kconfig | 19 ++ .../dts/mediatek/mt7986a-bananapi-bpi-r3-nor.dtso | 7 +- arch/arm64/boot/dts/ti/k3-am68-sk-base-board.dts | 42 ++-- .../boot/dts/ti/k3-j721s2-common-proc-board.dts | 76 +++--- arch/arm64/boot/dts/ti/k3-j721s2-mcu-wakeup.dtsi | 29 ++- arch/arm64/kernel/cpu_errata.c | 7 + arch/arm64/kernel/traps.c | 2 +- arch/arm64/kvm/hyp/pgtable.c | 14 +- arch/arm64/mm/fault.c | 2 +- arch/arm64/tools/cpucaps | 1 + arch/mips/Makefile | 10 +- arch/mips/include/asm/cpu-features.h | 4 +- arch/mips/include/asm/kvm_host.h | 6 +- arch/mips/kernel/cpu-probe.c | 9 +- arch/mips/kvm/emulate.c | 22 +- arch/mips/kvm/mips.c | 16 +- arch/mips/kvm/stats.c | 4 +- arch/mips/kvm/trace.h | 8 +- arch/mips/kvm/vz.c | 20 +- arch/openrisc/include/uapi/asm/sigcontext.h | 6 +- arch/openrisc/kernel/signal.c | 4 +- arch/powerpc/Makefile | 8 + arch/powerpc/kernel/security.c | 37 +-- arch/powerpc/mm/book3s64/hash_native.c | 13 +- arch/riscv/mm/init.c | 2 +- arch/riscv/net/bpf_jit.h | 6 +- arch/riscv/net/bpf_jit_core.c | 19 +- arch/s390/Makefile | 1 + arch/x86/events/intel/core.c | 7 + arch/x86/kernel/alternative.c | 16 ++ arch/xtensa/platforms/iss/network.c | 2 +- block/blk-crypto-profile.c | 12 +- drivers/accel/ivpu/ivpu_drv.h | 1 + drivers/accel/ivpu/ivpu_hw_mtl.c | 20 +- drivers/base/regmap/regmap-irq.c | 2 +- drivers/bus/intel-ixp4xx-eb.c | 2 +- drivers/char/hw_random/imx-rngc.c | 6 +- drivers/char/tpm/tpm-chip.c | 7 + drivers/char/tpm/tpm_crb.c | 19 +- drivers/char/tpm/tpm_tis.c | 25 ++ drivers/char/tpm/tpm_tis_core.c | 103 ++++++-- drivers/char/tpm/tpm_tis_core.h | 4 + drivers/char/tpm/tpm_tis_i2c.c | 59 +++-- drivers/char/tpm/tpm_vtpm_proxy.c | 30 +-- drivers/firmware/stratix10-svc.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 3 + drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 12 + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 64 ++--- .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_crc.h | 2 +- .../drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c | 26 +++ drivers/gpu/drm/amd/display/dc/core/dc.c | 3 + .../drm/amd/display/dc/dce112/dce112_resource.c | 10 +- drivers/gpu/drm/amd/display/dc/dcn20/dcn20_hwseq.c | 11 + drivers/gpu/drm/amd/display/dc/dcn32/dcn32_hwseq.c | 4 - drivers/gpu/drm/amd/display/dc/dcn32/dcn32_optc.c | 2 +- drivers/gpu/drm/amd/display/dc/dcn32/dcn32_optc.h | 1 + .../gpu/drm/amd/display/dc/dcn32/dcn32_resource.c | 2 + .../gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c | 15 ++ .../gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.h | 2 + .../dc/link/protocols/link_dp_irq_handler.c | 11 +- drivers/gpu/drm/amd/display/dmub/dmub_srv.h | 2 +- drivers/gpu/drm/amd/pm/swsmu/inc/smu_v13_0.h | 4 + drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c | 2 +- drivers/gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c | 2 +- .../drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.c | 2 +- drivers/gpu/drm/amd/pm/swsmu/smu13/aldebaran_ppt.c | 2 +- drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0.c | 67 ++++++ .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c | 35 +-- .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_6_ppt.c | 2 +- .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_7_ppt.c | 33 +-- drivers/gpu/drm/bridge/synopsys/dw-hdmi.c | 9 +- drivers/gpu/drm/bridge/ti-sn65dsi86.c | 35 +-- drivers/gpu/drm/display/drm_dp_mst_topology.c | 54 ++++- drivers/gpu/drm/drm_atomic_helper.c | 11 +- drivers/gpu/drm/drm_client.c | 21 ++ drivers/gpu/drm/drm_fbdev_dma.c | 6 +- drivers/gpu/drm/drm_fbdev_generic.c | 4 - drivers/gpu/drm/exynos/exynos_drm_fbdev.c | 4 - drivers/gpu/drm/gma500/fbdev.c | 4 - drivers/gpu/drm/i915/display/intel_display.c | 1 - drivers/gpu/drm/i915/display/intel_dp.c | 7 +- drivers/gpu/drm/i915/gt/intel_gtt.c | 2 +- drivers/gpu/drm/msm/msm_fbdev.c | 4 - drivers/gpu/drm/nouveau/dispnv50/disp.c | 12 +- drivers/gpu/drm/nouveau/nouveau_chan.c | 1 + drivers/gpu/drm/nouveau/nouveau_chan.h | 1 + drivers/gpu/drm/nouveau/nouveau_drm.c | 20 +- drivers/gpu/drm/nouveau/nvkm/engine/disp/g94.c | 1 + drivers/gpu/drm/nouveau/nvkm/engine/disp/gt215.c | 2 +- drivers/gpu/drm/nouveau/nvkm/subdev/acr/base.c | 2 +- drivers/gpu/drm/omapdrm/omap_fbdev.c | 4 - drivers/gpu/drm/panel/panel-simple.c | 2 + drivers/gpu/drm/radeon/radeon_fbdev.c | 4 - drivers/gpu/drm/rockchip/rockchip_drm_vop.c | 8 +- drivers/gpu/drm/tegra/fbdev.c | 4 - drivers/gpu/drm/ttm/ttm_bo.c | 29 ++- drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_desc.c | 30 ++- drivers/hid/hid-hyperv.c | 10 +- drivers/hid/hid-input.c | 7 +- drivers/iio/adc/meson_saradc.c | 2 +- drivers/md/dm-integrity.c | 4 +- drivers/md/dm-verity-loadpin.c | 3 + drivers/md/raid0.c | 62 ++++- drivers/md/raid0.h | 1 + drivers/mfd/qcom-pm8008.c | 1 + drivers/misc/fastrpc.c | 2 +- drivers/misc/pci_endpoint_test.c | 10 +- drivers/mtd/nand/raw/meson_nand.c | 4 + drivers/net/dsa/hirschmann/hellcreek.c | 14 +- drivers/net/dsa/ocelot/felix.c | 6 +- drivers/net/dsa/ocelot/felix.h | 1 - drivers/net/dsa/ocelot/felix_vsc9959.c | 28 ++- drivers/net/dsa/qca/qca8k-8xxx.c | 3 + drivers/net/dsa/sja1105/sja1105_tas.c | 7 +- drivers/net/ethernet/amazon/ena/ena_com.c | 3 + drivers/net/ethernet/broadcom/bgmac.c | 4 +- drivers/net/ethernet/broadcom/genet/bcmmii.c | 2 + drivers/net/ethernet/engleder/tsnep_selftests.c | 12 +- drivers/net/ethernet/engleder/tsnep_tc.c | 4 +- drivers/net/ethernet/freescale/enetc/enetc_qos.c | 6 +- drivers/net/ethernet/freescale/fec.h | 17 +- drivers/net/ethernet/freescale/fec_main.c | 178 ++++++++------ drivers/net/ethernet/google/gve/gve_ethtool.c | 3 + drivers/net/ethernet/intel/ice/ice_main.c | 23 +- drivers/net/ethernet/intel/ice/ice_tc_lib.c | 22 +- drivers/net/ethernet/intel/ice/ice_tc_lib.h | 1 + drivers/net/ethernet/intel/igc/igc.h | 15 +- drivers/net/ethernet/intel/igc/igc_ethtool.c | 2 + drivers/net/ethernet/intel/igc/igc_main.c | 158 ++++++++++--- drivers/net/ethernet/intel/igc/igc_ptp.c | 25 +- drivers/net/ethernet/intel/igc/igc_tsn.c | 68 ++++-- drivers/net/ethernet/marvell/mvneta.c | 4 +- drivers/net/ethernet/marvell/octeontx2/af/ptp.c | 19 +- drivers/net/ethernet/marvell/octeontx2/af/rvu.c | 2 +- .../net/ethernet/marvell/octeontx2/af/rvu_nix.c | 11 +- .../ethernet/marvell/octeontx2/af/rvu_npc_hash.c | 23 +- .../ethernet/marvell/octeontx2/nic/otx2_flows.c | 8 + .../net/ethernet/marvell/octeontx2/nic/otx2_tc.c | 15 ++ .../mellanox/mlx5/core/en/fs_tt_redirect.c | 6 +- drivers/net/ethernet/mellanox/mlx5/core/en/ptp.c | 6 +- drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c | 14 +- drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.h | 1 + drivers/net/ethernet/mellanox/mlx5/core/en/xdp.c | 3 +- .../ethernet/mellanox/mlx5/core/en_accel/fs_tcp.c | 1 + drivers/net/ethernet/mellanox/mlx5/core/en_rx.c | 44 ++-- drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 6 +- drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 3 + drivers/net/ethernet/mellanox/mlx5/core/thermal.c | 19 +- drivers/net/ethernet/microchip/Kconfig | 2 +- drivers/net/ethernet/microchip/lan743x_main.c | 21 +- .../net/ethernet/microchip/lan966x/lan966x_tc.c | 10 +- drivers/net/ethernet/mscc/ocelot_mm.c | 7 +- .../net/ethernet/netronome/nfp/nfp_net_common.c | 5 + drivers/net/ethernet/pensando/ionic/ionic_lif.c | 5 - drivers/net/ethernet/stmicro/stmmac/stmmac_tc.c | 7 +- drivers/net/ethernet/ti/am65-cpsw-qos.c | 11 +- drivers/net/ethernet/wangxun/txgbe/txgbe_hw.c | 3 - drivers/net/netdevsim/dev.c | 9 +- drivers/net/phy/dp83td510.c | 23 +- drivers/net/wireless/cisco/airo.c | 5 +- drivers/net/wireless/realtek/rtw89/debug.c | 5 +- drivers/ntb/hw/amd/ntb_hw_amd.c | 7 +- drivers/ntb/hw/idt/ntb_hw_idt.c | 7 +- drivers/ntb/hw/intel/ntb_hw_gen1.c | 7 +- drivers/ntb/ntb_transport.c | 2 +- drivers/ntb/test/ntb_tool.c | 2 + drivers/nvme/host/core.c | 36 ++- drivers/nvme/host/pci.c | 2 +- drivers/opp/core.c | 3 + drivers/pci/controller/dwc/pcie-qcom.c | 2 + drivers/pci/controller/pcie-rockchip-ep.c | 65 ++---- drivers/pci/controller/pcie-rockchip.c | 17 ++ drivers/pci/controller/pcie-rockchip.h | 11 +- drivers/pci/endpoint/functions/pci-epf-test.c | 40 +++- drivers/pci/hotplug/acpiphp_glue.c | 5 +- drivers/pci/pci.c | 10 +- drivers/pci/probe.c | 4 +- drivers/pci/quirks.c | 2 + drivers/perf/riscv_pmu.c | 3 - drivers/pinctrl/pinctrl-amd.c | 103 +++----- drivers/pinctrl/pinctrl-amd.h | 2 +- drivers/platform/x86/wmi.c | 22 +- drivers/pwm/pwm-meson.c | 28 +-- drivers/s390/crypto/zcrypt_msgtype6.c | 6 + drivers/s390/net/ism_drv.c | 139 ++++++----- drivers/scsi/lpfc/lpfc_crtn.h | 1 - drivers/scsi/lpfc/lpfc_els.c | 30 +-- drivers/scsi/lpfc/lpfc_hbadisc.c | 24 +- drivers/scsi/mpi3mr/mpi3mr_fw.c | 5 + drivers/scsi/qla2xxx/qla_attr.c | 13 ++ drivers/scsi/qla2xxx/qla_bsg.c | 6 + drivers/scsi/qla2xxx/qla_def.h | 22 +- drivers/scsi/qla2xxx/qla_edif.c | 4 +- drivers/scsi/qla2xxx/qla_gbl.h | 2 +- drivers/scsi/qla2xxx/qla_init.c | 258 +++++++++++++++++++-- drivers/scsi/qla2xxx/qla_inline.h | 5 +- drivers/scsi/qla2xxx/qla_iocb.c | 38 ++- drivers/scsi/qla2xxx/qla_isr.c | 64 ++++- drivers/scsi/qla2xxx/qla_nvme.c | 3 - drivers/scsi/qla2xxx/qla_os.c | 133 ++++++----- drivers/soc/qcom/mdt_loader.c | 16 +- drivers/soundwire/qcom.c | 3 +- drivers/tty/n_tty.c | 25 +- drivers/tty/serial/8250/8250.h | 1 - drivers/tty/serial/8250/8250_pci.c | 19 -- drivers/tty/serial/8250/8250_port.c | 11 +- drivers/tty/serial/atmel_serial.c | 4 +- drivers/tty/serial/imx.c | 18 +- drivers/tty/serial/samsung_tty.c | 14 +- drivers/ufs/host/Kconfig | 1 + drivers/usb/host/xhci-mem.c | 39 +++- drivers/usb/host/xhci-pci.c | 12 + drivers/usb/host/xhci.h | 2 + drivers/xen/grant-dma-ops.c | 2 + fs/ceph/addr.c | 85 +++++-- fs/ceph/caps.c | 9 + fs/ceph/super.h | 13 ++ fs/dlm/ast.c | 8 +- fs/dlm/lockspace.c | 12 - fs/dlm/lockspace.h | 1 - fs/dlm/lowcomms.c | 1 + fs/dlm/midcomms.c | 3 - fs/dlm/plock.c | 115 +++++---- fs/erofs/inode.c | 3 +- fs/erofs/zdata.c | 4 +- fs/ext2/inode.c | 5 +- fs/ext4/indirect.c | 8 + fs/ext4/inode.c | 10 - fs/ext4/ioctl.c | 5 +- fs/ext4/mballoc.c | 17 +- fs/ext4/super.c | 31 ++- fs/f2fs/dir.c | 9 +- fs/f2fs/super.c | 30 ++- fs/f2fs/xattr.c | 6 +- fs/jfs/jfs_dmap.c | 6 + fs/jfs/jfs_filsys.h | 2 + fs/smb/client/cifs_dfs_ref.c | 20 +- fs/smb/client/cifsproto.h | 2 + fs/smb/client/cifssmb.c | 2 +- fs/smb/client/dfs.c | 43 +--- fs/smb/client/file.c | 4 +- fs/smb/client/fs_context.c | 59 ++++- fs/smb/client/misc.c | 17 +- fs/smb/client/smb2transport.c | 7 + fs/smb/server/smb2pdu.c | 109 +++++---- include/drm/display/drm_dp_mst_helper.h | 7 +- include/linux/blk-crypto-profile.h | 1 + include/linux/ism.h | 7 +- include/linux/kasan.h | 2 +- include/linux/nvme.h | 2 +- include/linux/rethook.h | 1 + include/linux/serial_8250.h | 1 - include/net/netfilter/nf_conntrack_tuple.h | 3 + include/net/netfilter/nf_tables.h | 31 ++- include/net/pkt_sched.h | 9 +- include/soc/mscc/ocelot.h | 1 + kernel/bpf/cpumap.c | 40 ++-- kernel/bpf/verifier.c | 5 +- kernel/dma/swiotlb.c | 46 +++- kernel/power/qos.c | 9 +- kernel/trace/fprobe.c | 15 +- kernel/trace/ftrace.c | 45 ++-- kernel/trace/rethook.c | 13 ++ kernel/trace/ring_buffer.c | 24 +- kernel/trace/trace.c | 3 +- kernel/trace/trace.h | 2 + kernel/trace/trace_eprobe.c | 18 +- kernel/trace/trace_events_hist.c | 8 +- kernel/trace/trace_events_user.c | 6 +- kernel/trace/trace_probe.c | 2 +- kernel/trace/trace_probe_kernel.h | 30 +-- kernel/trace/trace_probe_tmpl.h | 10 +- kernel/trace/trace_uprobe.c | 3 +- mm/kasan/common.c | 2 +- mm/kasan/generic.c | 73 +++--- mm/kasan/kasan.h | 171 +++++++------- mm/kasan/report.c | 17 +- mm/kasan/report_generic.c | 12 +- mm/kasan/report_hw_tags.c | 2 +- mm/kasan/report_sw_tags.c | 2 +- mm/kasan/shadow.c | 36 +-- mm/kasan/sw_tags.c | 20 +- mm/mmap.c | 9 +- mm/slab.h | 16 +- net/ceph/messenger_v2.c | 41 ++-- net/core/net-traces.c | 2 + net/core/skbuff.c | 5 + net/core/xdp.c | 2 +- net/ipv6/addrconf.c | 3 +- net/ipv6/icmp.c | 5 +- net/ipv6/udp.c | 4 +- net/mptcp/protocol.c | 7 +- net/ncsi/ncsi-rsp.c | 5 +- net/netfilter/nf_conntrack_core.c | 20 +- net/netfilter/nf_tables_api.c | 163 ++++++++----- net/netfilter/nft_flow_offload.c | 6 +- net/netfilter/nft_immediate.c | 8 +- net/netfilter/nft_objref.c | 8 +- net/sched/cls_flower.c | 10 + net/sched/cls_fw.c | 10 +- net/sched/sch_qfq.c | 18 +- net/sched/sch_taprio.c | 4 +- samples/ftrace/ftrace-direct-too.c | 14 +- security/integrity/platform_certs/load_powerpc.c | 40 ++-- tools/testing/selftests/net/mptcp/config | 1 + tools/testing/selftests/net/mptcp/mptcp_connect.sh | 3 + tools/testing/selftests/net/mptcp/mptcp_sockopt.sh | 29 +-- tools/testing/selftests/net/mptcp/pm_nl_ctl.c | 10 +- tools/testing/selftests/net/mptcp/userspace_pm.sh | 4 +- 312 files changed, 3504 insertions(+), 1921 deletions(-)

2 years, 3 months

14
305
0 0

[PATCH] x86/cpu: Enable STIBP if Automatic IBRS is enabled

by Kim Phillips

Unlike Intel's Enhanced IBRS feature, AMD's Automatic IBRS does not provide protection to processes running at CPL3/user mode [1]. Explicitly enable STIBP to protect against cross-thread CPL3 branch target injections on systems with Automatic IBRS enabled. Also update the relevant documentation. The first version of the original AutoIBRS patchseries enabled STIBP always-on, but it got dropped by mistake in v2 and on. [1] "AMD64 Architecture Programmer's Manual Volume 2: System Programming", Pub. 24593, rev. 3.41, June 2023, Part 1, Section 3.1.7 "Extended Feature Enable Register (EFER)" - accessible via Link. Reported-by: Tom Lendacky <thomas.lendacky(a)amd.com> Fixes: e7862eda309e ("x86/cpu: Support AMD Automatic IBRS") Link: https://bugzilla.kernel.org/attachment.cgi?id=304652 Signed-off-by: Kim Phillips <kim.phillips(a)amd.com> Cc: Borislav Petkov (AMD) <bp(a)alien8.de> Cc: Boris Ostrovsky <boris.ostrovsky(a)oracle.com> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: Joao Martins <joao.m.martins(a)oracle.com> Cc: Jonathan Corbet <corbet(a)lwn.net> Cc: Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> Cc: Paolo Bonzini <pbonzini(a)redhat.com> Cc: Sean Christopherson <seanjc(a)google.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: David Woodhouse <dwmw(a)amazon.co.uk> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Juergen Gross <jgross(a)suse.com> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Tony Luck <tony.luck(a)intel.com> Cc: Tom Lendacky <thomas.lendacky(a)amd.com> Cc: Alexey Kardashevskiy <aik(a)amd.com> Cc: kvm(a)vger.kernel.org Cc: linux-doc(a)vger.kernel.org Cc: x86(a)kernel.org Cc: linux-kernel(a)vger.kernel.org Cc: stable(a)vger.kernel.org --- Documentation/admin-guide/hw-vuln/spectre.rst | 11 +++++++---- arch/x86/kernel/cpu/bugs.c | 15 +++++++++------ 2 files changed, 16 insertions(+), 10 deletions(-) diff --git a/Documentation/admin-guide/hw-vuln/spectre.rst b/Documentation/admin-guide/hw-vuln/spectre.rst index 4d186f599d90..32a8893e5617 100644 --- a/Documentation/admin-guide/hw-vuln/spectre.rst +++ b/Documentation/admin-guide/hw-vuln/spectre.rst @@ -484,11 +484,14 @@ Spectre variant 2 Systems which support enhanced IBRS (eIBRS) enable IBRS protection once at boot, by setting the IBRS bit, and they're automatically protected against - Spectre v2 variant attacks, including cross-thread branch target injections - on SMT systems (STIBP). In other words, eIBRS enables STIBP too. + Spectre v2 variant attacks. - Legacy IBRS systems clear the IBRS bit on exit to userspace and - therefore explicitly enable STIBP for that + On Intel's enhanced IBRS systems, this includes cross-thread branch target + injections on SMT systems (STIBP). In other words, Intel eIBRS enables + STIBP, too. + + AMD Automatic IBRS does not protect userspace, and Legacy IBRS systems clear + the IBRS bit on exit to userspace, therefore both explicitly enable STIBP. The retpoline mitigation is turned on by default on vulnerable CPUs. It can be forced on or off by the administrator diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 9e2a91830f72..95507448e781 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -1150,19 +1150,21 @@ spectre_v2_user_select_mitigation(void) } /* - * If no STIBP, enhanced IBRS is enabled, or SMT impossible, STIBP + * If no STIBP, Intel enhanced IBRS is enabled, or SMT impossible, STIBP * is not required. * - * Enhanced IBRS also protects against cross-thread branch target + * Intel's Enhanced IBRS also protects against cross-thread branch target * injection in user-mode as the IBRS bit remains always set which * implicitly enables cross-thread protections. However, in legacy IBRS * mode, the IBRS bit is set only on kernel entry and cleared on return - * to userspace. This disables the implicit cross-thread protection, - * so allow for STIBP to be selected in that case. + * to userspace. AMD Automatic IBRS also does not protect userspace. + * These modes therefore disable the implicit cross-thread protection, + * so allow for STIBP to be selected in those cases. */ if (!boot_cpu_has(X86_FEATURE_STIBP) || !smt_possible || - spectre_v2_in_eibrs_mode(spectre_v2_enabled)) + (spectre_v2_in_eibrs_mode(spectre_v2_enabled) && + !boot_cpu_has(X86_FEATURE_AUTOIBRS))) return; /* @@ -2294,7 +2296,8 @@ static ssize_t mmio_stale_data_show_state(char *buf) static char *stibp_state(void) { - if (spectre_v2_in_eibrs_mode(spectre_v2_enabled)) + if (spectre_v2_in_eibrs_mode(spectre_v2_enabled) && + !boot_cpu_has(X86_FEATURE_AUTOIBRS)) return ""; switch (spectre_v2_user_stibp) { -- 2.34.1

2 years, 3 months

3
3
0 0

FAILED: patch "[PATCH] tracing/histograms: Add histograms to hist_vars if they have" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 6018b585e8c6fa7d85d4b38d9ce49a5b67be7078 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023072114-radiantly-gilled-72c0@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 6018b585e8c6 ("tracing/histograms: Add histograms to hist_vars if they have referenced variables") 7d18a10c3167 ("tracing: Refactor hist trigger action code") 036876fa5620 ("tracing: Have the historgram use the result of str_has_prefix() for len of prefix") 754481e6954c ("tracing: Use str_has_prefix() helper for histogram code") de40f033d4e8 ("tracing: Remove open-coding of hist trigger var_ref management") 2f31ed9308cc ("tracing: Change strlen to sizeof for hist trigger static strings") 0e2b81f7b52a ("tracing: Remove unneeded synth_event_mutex") 7bbab38d07f3 ("tracing: Use dyn_event framework for synthetic events") faacb361f271 ("tracing: Simplify creation and deletion of synthetic events") fc800a10be26 ("tracing: Lock event_mutex before synth_event_mutex") 343a9f35409b ("Merge tag 'trace-v4.20' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6018b585e8c6fa7d85d4b38d9ce49a5b67be7078 Mon Sep 17 00:00:00 2001 From: Mohamed Khalfella <mkhalfella(a)purestorage.com> Date: Wed, 12 Jul 2023 22:30:21 +0000 Subject: [PATCH] tracing/histograms: Add histograms to hist_vars if they have referenced variables Hist triggers can have referenced variables without having direct variables fields. This can be the case if referenced variables are added for trigger actions. In this case the newly added references will not have field variables. Not taking such referenced variables into consideration can result in a bug where it would be possible to remove hist trigger with variables being refenced. This will result in a bug that is easily reproducable like so $ cd /sys/kernel/tracing $ echo 'synthetic_sys_enter char[] comm; long id' >> synthetic_events $ echo 'hist:keys=common_pid.execname,id.syscall:vals=hitcount:comm=common_pid.execname' >> events/raw_syscalls/sys_enter/trigger $ echo 'hist:keys=common_pid.execname,id.syscall:onmatch(raw_syscalls.sys_enter).synthetic_sys_enter($comm, id)' >> events/raw_syscalls/sys_enter/trigger $ echo '!hist:keys=common_pid.execname,id.syscall:vals=hitcount:comm=common_pid.execname' >> events/raw_syscalls/sys_enter/trigger [ 100.263533] ================================================================== [ 100.264634] BUG: KASAN: slab-use-after-free in resolve_var_refs+0xc7/0x180 [ 100.265520] Read of size 8 at addr ffff88810375d0f0 by task bash/439 [ 100.266320] [ 100.266533] CPU: 2 PID: 439 Comm: bash Not tainted 6.5.0-rc1 #4 [ 100.267277] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-20220807_005459-localhost 04/01/2014 [ 100.268561] Call Trace: [ 100.268902] <TASK> [ 100.269189] dump_stack_lvl+0x4c/0x70 [ 100.269680] print_report+0xc5/0x600 [ 100.270165] ? resolve_var_refs+0xc7/0x180 [ 100.270697] ? kasan_complete_mode_report_info+0x80/0x1f0 [ 100.271389] ? resolve_var_refs+0xc7/0x180 [ 100.271913] kasan_report+0xbd/0x100 [ 100.272380] ? resolve_var_refs+0xc7/0x180 [ 100.272920] __asan_load8+0x71/0xa0 [ 100.273377] resolve_var_refs+0xc7/0x180 [ 100.273888] event_hist_trigger+0x749/0x860 [ 100.274505] ? kasan_save_stack+0x2a/0x50 [ 100.275024] ? kasan_set_track+0x29/0x40 [ 100.275536] ? __pfx_event_hist_trigger+0x10/0x10 [ 100.276138] ? ksys_write+0xd1/0x170 [ 100.276607] ? do_syscall_64+0x3c/0x90 [ 100.277099] ? entry_SYSCALL_64_after_hwframe+0x6e/0xd8 [ 100.277771] ? destroy_hist_data+0x446/0x470 [ 100.278324] ? event_hist_trigger_parse+0xa6c/0x3860 [ 100.278962] ? __pfx_event_hist_trigger_parse+0x10/0x10 [ 100.279627] ? __kasan_check_write+0x18/0x20 [ 100.280177] ? mutex_unlock+0x85/0xd0 [ 100.280660] ? __pfx_mutex_unlock+0x10/0x10 [ 100.281200] ? kfree+0x7b/0x120 [ 100.281619] ? ____kasan_slab_free+0x15d/0x1d0 [ 100.282197] ? event_trigger_write+0xac/0x100 [ 100.282764] ? __kasan_slab_free+0x16/0x20 [ 100.283293] ? __kmem_cache_free+0x153/0x2f0 [ 100.283844] ? sched_mm_cid_remote_clear+0xb1/0x250 [ 100.284550] ? __pfx_sched_mm_cid_remote_clear+0x10/0x10 [ 100.285221] ? event_trigger_write+0xbc/0x100 [ 100.285781] ? __kasan_check_read+0x15/0x20 [ 100.286321] ? __bitmap_weight+0x66/0xa0 [ 100.286833] ? _find_next_bit+0x46/0xe0 [ 100.287334] ? task_mm_cid_work+0x37f/0x450 [ 100.287872] event_triggers_call+0x84/0x150 [ 100.288408] trace_event_buffer_commit+0x339/0x430 [ 100.289073] ? ring_buffer_event_data+0x3f/0x60 [ 100.292189] trace_event_raw_event_sys_enter+0x8b/0xe0 [ 100.295434] syscall_trace_enter.constprop.0+0x18f/0x1b0 [ 100.298653] syscall_enter_from_user_mode+0x32/0x40 [ 100.301808] do_syscall_64+0x1a/0x90 [ 100.304748] entry_SYSCALL_64_after_hwframe+0x6e/0xd8 [ 100.307775] RIP: 0033:0x7f686c75c1cb [ 100.310617] Code: 73 01 c3 48 8b 0d 65 3c 10 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 21 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 35 3c 10 00 f7 d8 64 89 01 48 [ 100.317847] RSP: 002b:00007ffc60137a38 EFLAGS: 00000246 ORIG_RAX: 0000000000000021 [ 100.321200] RAX: ffffffffffffffda RBX: 000055f566469ea0 RCX: 00007f686c75c1cb [ 100.324631] RDX: 0000000000000001 RSI: 0000000000000001 RDI: 000000000000000a [ 100.328104] RBP: 00007ffc60137ac0 R08: 00007f686c818460 R09: 000000000000000a [ 100.331509] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000009 [ 100.334992] R13: 0000000000000007 R14: 000000000000000a R15: 0000000000000007 [ 100.338381] </TASK> We hit the bug because when second hist trigger has was created has_hist_vars() returned false because hist trigger did not have variables. As a result of that save_hist_vars() was not called to add the trigger to trace_array->hist_vars. Later on when we attempted to remove the first histogram find_any_var_ref() failed to detect it is being used because it did not find the second trigger in hist_vars list. With this change we wait until trigger actions are created so we can take into consideration if hist trigger has variable references. Also, now we check the return value of save_hist_vars() and fail trigger creation if save_hist_vars() fails. Link: https://lore.kernel.org/linux-trace-kernel/20230712223021.636335-1-mkhalfel… Cc: stable(a)vger.kernel.org Fixes: 067fe038e70f6 ("tracing: Add variable reference handling to hist triggers") Signed-off-by: Mohamed Khalfella <mkhalfella(a)purestorage.com> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> diff --git a/kernel/trace/trace_events_hist.c b/kernel/trace/trace_events_hist.c index b97d3ad832f1..c8c61381eba4 100644 --- a/kernel/trace/trace_events_hist.c +++ b/kernel/trace/trace_events_hist.c @@ -6663,13 +6663,15 @@ static int event_hist_trigger_parse(struct event_command *cmd_ops, if (get_named_trigger_data(trigger_data)) goto enable; - if (has_hist_vars(hist_data)) - save_hist_vars(hist_data); - ret = create_actions(hist_data); if (ret) goto out_unreg; + if (has_hist_vars(hist_data) || hist_data->n_var_refs) { + if (save_hist_vars(hist_data)) + goto out_unreg; + } + ret = tracing_map_init(hist_data->map); if (ret) goto out_unreg;

2 years, 3 months

3
3
0 0

Re: [PATCH 6.4 213/292] drm/ttm: never consider pinned BOs for eviction&swap

by Thomas Backlund

Den 2023-07-21 kl. 19:05, skrev Greg Kroah-Hartman: > From: Christian König <christian.koenig(a)amd.com> > > commit a2848d08742c8e8494675892c02c0d22acbe3cf8 upstream. > > There is a small window where we have already incremented the pin count > but not yet moved the bo from the lru to the pinned list. > > Signed-off-by: Christian König <christian.koenig(a)amd.com> > Reported-by: Pelloux-Prayer, Pierre-Eric <Pierre-eric.Pelloux-prayer(a)amd.com> > Tested-by: Pelloux-Prayer, Pierre-Eric <Pierre-eric.Pelloux-prayer(a)amd.com> > Acked-by: Alex Deucher <alexander.deucher(a)amd.com> > Cc: stable(a)vger.kernel.org > Link: https://patchwork.freedesktop.org/patch/msgid/20230707120826.3701-1-christi… > Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> > --- > drivers/gpu/drm/ttm/ttm_bo.c | 6 ++++++ > 1 file changed, 6 insertions(+) > > --- a/drivers/gpu/drm/ttm/ttm_bo.c > +++ b/drivers/gpu/drm/ttm/ttm_bo.c > @@ -517,6 +517,12 @@ static bool ttm_bo_evict_swapout_allowab > { > bool ret = false; > > + if (bo->pin_count) { > + *locked = false; > + *busy = false; > + return false; > + } > + > if (bo->base.resv == ctx->resv) { > dma_resv_assert_held(bo->base.resv); > if (ctx->allow_res_evict) > This one will trigger GPF and needs a follow-up fix that is not upstream yet: https://patchwork.freedesktop.org/patch/547897/ as reported on LKML in thread: [bug/bisected] commit a2848d08742c8e8494675892c02c0d22acbe3cf8 cause general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN NOPTI -- Thomas

2 years, 3 months

2
1
0 0

[PATCH v3 02/11] mtd: spi-nor: spansion: preserve CFR2V[7] when writing MEMLAT

by Tudor Ambarus

From: Takahiro Kuwano <Takahiro.Kuwano(a)infineon.com> CFR2V[7] is assigned to Flash's address mode (3- or 4-ybte) and must not be changed when writing MEMLAT (CFR2V[3:0]). CFR2V shall be used in a read, update, write back fashion. Fixes: c3266af101f2 ("mtd: spi-nor: spansion: add support for Cypress Semper flash") Signed-off-by: Takahiro Kuwano <Takahiro.Kuwano(a)infineon.com> Cc: stable(a)vger.kernel.org --- drivers/mtd/spi-nor/spansion.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/drivers/mtd/spi-nor/spansion.c b/drivers/mtd/spi-nor/spansion.c index 6b2532ed053c..6460d2247bdf 100644 --- a/drivers/mtd/spi-nor/spansion.c +++ b/drivers/mtd/spi-nor/spansion.c @@ -4,6 +4,7 @@ * Copyright (C) 2014, Freescale Semiconductor, Inc. */ +#include <linux/bitfield.h> #include <linux/device.h> #include <linux/mtd/spi-nor.h> @@ -28,6 +29,7 @@ #define SPINOR_REG_CYPRESS_CFR2 0x3 #define SPINOR_REG_CYPRESS_CFR2V \ (SPINOR_REG_CYPRESS_VREG + SPINOR_REG_CYPRESS_CFR2) +#define SPINOR_REG_CYPRESS_CFR2_MEMLAT_MASK GENMASK(3, 0) #define SPINOR_REG_CYPRESS_CFR2_MEMLAT_11_24 0xb #define SPINOR_REG_CYPRESS_CFR2_ADRBYT BIT(7) #define SPINOR_REG_CYPRESS_CFR3 0x4 @@ -161,8 +163,18 @@ static int cypress_nor_octal_dtr_en(struct spi_nor *nor) int ret; u8 addr_mode_nbytes = nor->params->addr_mode_nbytes; + op = (struct spi_mem_op) + CYPRESS_NOR_RD_ANY_REG_OP(addr_mode_nbytes, + SPINOR_REG_CYPRESS_CFR2V, 0, buf); + + ret = spi_nor_read_any_reg(nor, &op, nor->reg_proto); + if (ret) + return ret; + /* Use 24 dummy cycles for memory array reads. */ - *buf = SPINOR_REG_CYPRESS_CFR2_MEMLAT_11_24; + *buf &= ~SPINOR_REG_CYPRESS_CFR2_MEMLAT_MASK; + *buf |= FIELD_PREP(SPINOR_REG_CYPRESS_CFR2_MEMLAT_MASK, + SPINOR_REG_CYPRESS_CFR2_MEMLAT_11_24); op = (struct spi_mem_op) CYPRESS_NOR_WR_ANY_REG_OP(addr_mode_nbytes, SPINOR_REG_CYPRESS_CFR2V, 1, buf); -- 2.34.1

2 years, 3 months

1
0
0 0

[PATCH 1/6] arm64: dts: qcom: msm8953-vince: drop duplicated touschreen parent interrupt

by Krzysztof Kozlowski

Interrupts extended already define a parent interrupt controller: msm8953-xiaomi-vince.dtb: touchscreen@20: Unevaluated properties are not allowed ('interrupts-parent' was unexpected) Fixes: aa17e707e04a ("arm64: dts: qcom: msm8953: Add device tree for Xiaomi Redmi 5 Plus") Cc: <stable(a)vger.kernel.org> Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> --- arch/arm64/boot/dts/qcom/msm8953-xiaomi-vince.dts | 1 - 1 file changed, 1 deletion(-) diff --git a/arch/arm64/boot/dts/qcom/msm8953-xiaomi-vince.dts b/arch/arm64/boot/dts/qcom/msm8953-xiaomi-vince.dts index 0956c866d6cb..1a1d3f92a511 100644 --- a/arch/arm64/boot/dts/qcom/msm8953-xiaomi-vince.dts +++ b/arch/arm64/boot/dts/qcom/msm8953-xiaomi-vince.dts @@ -132,7 +132,6 @@ &i2c_3 { touchscreen@20 { reg = <0x20>; compatible = "syna,rmi4-i2c"; - interrupts-parent = <&tlmm>; interrupts-extended = <&tlmm 65 IRQ_TYPE_EDGE_FALLING>; #address-cells = <1>; -- 2.34.1

2 years, 3 months

3
5
0 0

[PATCH 5.15 00/96] 5.15.119-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.119 release. There are 96 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 28 Jun 2023 18:07:23 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.119-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.119-rc1 Clark Wang <xiaoning.wang(a)nxp.com> i2c: imx-lpi2c: fix type char overflow issue when calculating the clock cycle Dheeraj Kumar Srivastava <dheerajkumar.srivastava(a)amd.com> x86/apic: Fix kernel panic when booting with intremap=off and x2apic_phys Andrey Smetanin <asmetanin(a)yandex-team.ru> vhost_net: revert upend_idx only on retriable error Min Li <lm0963hack(a)gmail.com> drm/radeon: fix race condition UAF in radeon_gem_set_domain_ioctl Min Li <lm0963hack(a)gmail.com> drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl Inki Dae <inki.dae(a)samsung.com> drm/exynos: vidi: fix a wrong error return Linus Walleij <linus.walleij(a)linaro.org> ARM: dts: Fix erroneous ADS touchscreen polarities Alexander Gordeev <agordeev(a)linux.ibm.com> s390/purgatory: disable branch profiling Edson Juliano Drosdeck <edson.drosdeck(a)gmail.com> ASoC: nau8824: Add quirk to active-high jack-detect Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> soundwire: dmi-quirks: add new mapping for HP Spectre x360 Herve Codina <herve.codina(a)bootlin.com> ASoC: simple-card: Add missing of_node_put() in case of error Clark Wang <xiaoning.wang(a)nxp.com> spi: lpspi: disable lpspi module irq in DMA mode Vineeth Vijayan <vneethv(a)linux.ibm.com> s390/cio: unregister device when the only path is gone Hans de Goede <hdegoede(a)redhat.com> Input: soc_button_array - add invalid acpi_index DMI quirk handling Uday Shankar <ushankar(a)purestorage.com> nvme: double KA polling frequency to avoid KATO with TBKAS on Dan Carpenter <dan.carpenter(a)linaro.org> usb: gadget: udc: fix NULL dereference in remove() Osama Muhammad <osmtendev(a)gmail.com> nfcsim.c: Fix error checking for debugfs_create_dir Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: cec: core: don't set last_initiator if tx in progress Marc Zyngier <maz(a)kernel.org> arm64: Add missing Set/Way CMO encodings Denis Arefev <arefev(a)swemel.ru> HID: wacom: Add error check to wacom_parse_and_register() Maurizio Lombardi <mlombard(a)redhat.com> scsi: target: iscsi: Prevent login threads from racing between each other Jiasheng Jiang <jiasheng(a)iscas.ac.cn> gpio: sifive: add missing check for platform_get_irq Jiawen Wu <jiawenwu(a)trustnetic.com> gpiolib: Fix GPIO chip IRQ initialization restriction Marc Zyngier <maz(a)kernel.org> gpio: Allow per-parent interrupt data Eric Dumazet <edumazet(a)google.com> sch_netem: acquire qdisc lock in netem_change() Danielle Ratson <danieller(a)nvidia.com> selftests: forwarding: Fix race condition in mirror installation Florent Revest <revest(a)chromium.org> bpf/btf: Accept function names that contain dots Francesco Dolcini <francesco.dolcini(a)toradex.com> Revert "net: phy: dp83867: perform soft reset and retain established link" Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nfnetlink_osf: fix module autoload Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: disallow updates of anonymous sets Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject unbound chain set before commit phase Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject unbound anonymous set before commit phase Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: disallow element updates of bound anonymous sets Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_set_pipapo: .walk does not deal with generations Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: fix chain binding transaction logic Ross Lagerwall <ross.lagerwall(a)citrix.com> be2net: Extend xmit workaround to BE3 chip Arınç ÜNAL <arinc.unal(a)arinc9.com> net: dsa: mt7530: fix handling of BPDUs on MT7530 switch Arınç ÜNAL <arinc.unal(a)arinc9.com> net: dsa: mt7530: fix trapping frames on non-MT7621 SoC MT7530 switch Terin Stock <terin(a)cloudflare.com> ipvs: align inner_mac_header for encapsulation Sergey Shtylyov <s.shtylyov(a)omp.ru> mmc: usdhi60rol0: fix deferred probing Sergey Shtylyov <s.shtylyov(a)omp.ru> mmc: sh_mmcif: fix deferred probing Sergey Shtylyov <s.shtylyov(a)omp.ru> mmc: sdhci-acpi: fix deferred probing Sergey Shtylyov <s.shtylyov(a)omp.ru> mmc: owl: fix deferred probing Sergey Shtylyov <s.shtylyov(a)omp.ru> mmc: omap_hsmmc: fix deferred probing Sergey Shtylyov <s.shtylyov(a)omp.ru> mmc: omap: fix deferred probing Sergey Shtylyov <s.shtylyov(a)omp.ru> mmc: mvsdio: fix deferred probing Sergey Shtylyov <s.shtylyov(a)omp.ru> mmc: mtk-sd: fix deferred probing Stefan Wahren <stefan.wahren(a)i2se.com> net: qca_spi: Avoid high load if QCA7000 is not available Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> xfrm: Linearize the skb after offloading if needed. Magali Lemes <magali.lemes(a)canonical.com> selftests: net: fcnal-test: check if FIPS mode is enabled Maciej Żenczykowski <maze(a)google.com> xfrm: fix inbound ipv4/udp/esp packets to UDPv6 dualstack sockets Maxim Mikityanskiy <maxim(a)isovalent.com> bpf: Fix verifier id tracking of scalars on spill Eduard Zingerman <eddyz87(a)gmail.com> bpf: track immediate values written to stack by BPF_ST instruction Benedict Wong <benedictwong(a)google.com> xfrm: Ensure policies always checked on XFRM-I input path Eyal Birger <eyal.birger(a)gmail.com> xfrm: interface: rename xfrm_interface.c to xfrm_interface_core.c Benedict Wong <benedictwong(a)google.com> xfrm: Treat already-verified secpath entries as optional Chen Aotian <chenaotian2(a)163.com> ieee802154: hwsim: Fix possible memory leaks Sergey Shtylyov <s.shtylyov(a)omp.ru> mmc: meson-gx: fix deferred probing Roberto Sassu <roberto.sassu(a)huawei.com> memfd: check for non-NULL file_seals in memfd_create() syscall Lee Jones <lee(a)kernel.org> x86/mm: Avoid using set_pgd() outside of real PGD pages Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: prevent general protection fault in nilfs_clear_dirty_page() Jens Axboe <axboe(a)kernel.dk> io_uring/net: disable partial retries for recvmsg with cmsg Jens Axboe <axboe(a)kernel.dk> io_uring/net: clear msg_controllen on partial sendmsg retry Jens Axboe <axboe(a)kernel.dk> io_uring/net: save msghdr->msg_control for retries Rafael Aquini <aquini(a)redhat.com> writeback: fix dereferencing NULL mapping->host on writeback_page_template Russ Weight <russell.h.weight(a)intel.com> regmap: spi-avmm: Fix regmap_bus max_raw_write Teresa Remmet <t.remmet(a)phytec.de> regulator: pca9450: Fix LDO3OUT and LDO4OUT MASK Matthias May <matthias.may(a)westermo.com> ip_tunnels: allow VXLAN/GENEVE to inherit TOS/TTL from VLAN Christophe Kerello <christophe.kerello(a)foss.st.com> mmc: mmci: stm32: fix max busy timeout calculation Martin Hundebøll <martin(a)geanix.com> mmc: meson-gx: remove redundant mmc_request_done() call from irq context Stephan Gerhold <stephan(a)gerhold.net> mmc: sdhci-msm: Disable broken 64-bit DMA on MSM8916 Xiu Jianfeng <xiujianfeng(a)huawei.com> cgroup: Do not corrupt task iteration when rebinding subsystem Dexuan Cui <decui(a)microsoft.com> PCI: hv: Add a per-bus mutex state_lock Dexuan Cui <decui(a)microsoft.com> PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic Dexuan Cui <decui(a)microsoft.com> PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev Dexuan Cui <decui(a)microsoft.com> Revert "PCI: hv: Fix a timing issue which causes kdump to fail occasionally" Dexuan Cui <decui(a)microsoft.com> PCI: hv: Fix a race condition bug in hv_pci_query_relations() Michael Kelley <mikelley(a)microsoft.com> Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs Dexuan Cui <decui(a)microsoft.com> Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails Gavin Shan <gshan(a)redhat.com> KVM: Avoid illegal stage2 mapping on invalid memory slot Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> ACPI: sleep: Avoid breaking S3 wakeup due to might_sleep() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix buffer corruption due to concurrent device reads Matthieu Baerts <matthieu.baerts(a)tessares.net> selftests: mptcp: join: skip check if MIB counter not supported Matthieu Baerts <matthieu.baerts(a)tessares.net> selftests: mptcp: join: use 'iptables-legacy' if available Matthieu Baerts <matthieu.baerts(a)tessares.net> selftests: mptcp: pm nl: remove hardcoded default limits Shuah Khan <skhan(a)linuxfoundation.org> selftests/mount_setattr: fix redefine struct mount_attr build error Matthieu Baerts <matthieu.baerts(a)tessares.net> selftests: mptcp: lib: skip if not below kernel version Matthieu Baerts <matthieu.baerts(a)tessares.net> selftests: mptcp: lib: skip if missing symbol Thomas Gleixner <tglx(a)linutronix.de> tick/common: Align tick period during sched_timer setup Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com> drm/amd/display: Add wrapper to call planes and stream update Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com> drm/amd/display: Use dc_update_planes_and_stream Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com> drm/amd/display: Add minimal pipe split transition state Lino Sanfilippo <l.sanfilippo(a)kunbus.com> tpm, tpm_tis: Claim locality in interrupt handler Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Add tracing_reset_all_online_cpus_unlocked() function Tom Chung <chiahsuan.chung(a)amd.com> drm/amd/display: fix the system hang while disable PSR ------------- Diffstat: Makefile | 4 +- arch/arm/boot/dts/am57xx-cl-som-am57x.dts | 2 +- arch/arm/boot/dts/at91sam9261ek.dts | 2 +- arch/arm/boot/dts/imx7d-pico-hobbit.dts | 2 +- arch/arm/boot/dts/imx7d-sdb.dts | 2 +- arch/arm/boot/dts/omap3-cm-t3x.dtsi | 2 +- arch/arm/boot/dts/omap3-devkit8000-lcd-common.dtsi | 2 +- arch/arm/boot/dts/omap3-lilly-a83x.dtsi | 2 +- arch/arm/boot/dts/omap3-overo-common-lcd35.dtsi | 2 +- arch/arm/boot/dts/omap3-overo-common-lcd43.dtsi | 2 +- arch/arm/boot/dts/omap3-pandora-common.dtsi | 2 +- arch/arm/boot/dts/omap5-cm-t54.dts | 2 +- arch/arm64/include/asm/sysreg.h | 6 + arch/s390/purgatory/Makefile | 1 + arch/x86/kernel/apic/x2apic_phys.c | 5 +- arch/x86/mm/kaslr.c | 8 +- drivers/acpi/acpica/achware.h | 2 - drivers/acpi/sleep.c | 16 +- drivers/base/regmap/regmap-spi-avmm.c | 2 +- drivers/char/tpm/tpm_tis_core.c | 2 + drivers/gpio/gpio-sifive.c | 8 +- drivers/gpio/gpiolib.c | 17 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 72 ++++-- drivers/gpu/drm/amd/display/dc/core/dc.c | 277 +++++++++++++++++++++ drivers/gpu/drm/amd/display/dc/dc_stream.h | 20 +- drivers/gpu/drm/exynos/exynos_drm_g2d.c | 2 +- drivers/gpu/drm/exynos/exynos_drm_vidi.c | 2 - drivers/gpu/drm/radeon/radeon_gem.c | 4 +- drivers/hid/wacom_sys.c | 7 +- drivers/hv/channel_mgmt.c | 18 +- drivers/hv/vmbus_drv.c | 5 +- drivers/i2c/busses/i2c-imx-lpi2c.c | 4 +- drivers/input/misc/soc_button_array.c | 30 +++ drivers/media/cec/core/cec-adap.c | 3 +- drivers/mmc/host/meson-gx-mmc.c | 14 +- drivers/mmc/host/mmci.c | 3 +- drivers/mmc/host/mtk-sd.c | 2 +- drivers/mmc/host/mvsdio.c | 2 +- drivers/mmc/host/omap.c | 2 +- drivers/mmc/host/omap_hsmmc.c | 6 +- drivers/mmc/host/owl-mmc.c | 2 +- drivers/mmc/host/sdhci-acpi.c | 2 +- drivers/mmc/host/sdhci-msm.c | 3 + drivers/mmc/host/sh_mmcif.c | 2 +- drivers/mmc/host/usdhi6rol0.c | 6 +- drivers/net/dsa/mt7530.c | 16 +- drivers/net/ethernet/emulex/benet/be_main.c | 4 +- drivers/net/ethernet/qualcomm/qca_spi.c | 3 +- drivers/net/ieee802154/mac802154_hwsim.c | 6 +- drivers/net/phy/dp83867.c | 2 +- drivers/nfc/nfcsim.c | 4 - drivers/nvme/host/core.c | 18 +- drivers/pci/controller/pci-hyperv.c | 139 ++++++----- drivers/s390/cio/device.c | 5 +- drivers/soundwire/dmi-quirks.c | 7 + drivers/spi/spi-fsl-lpspi.c | 7 +- drivers/target/iscsi/iscsi_target_nego.c | 4 +- drivers/usb/gadget/udc/amd5536udc_pci.c | 3 + drivers/vhost/net.c | 11 +- fs/nilfs2/page.c | 10 +- fs/nilfs2/segbuf.c | 6 + fs/nilfs2/segment.c | 7 + fs/nilfs2/super.c | 25 +- include/acpi/acpixf.h | 1 + include/linux/gpio/driver.h | 19 +- include/linux/regulator/pca9450.h | 4 +- include/net/ip_tunnels.h | 12 +- include/net/netfilter/nf_tables.h | 26 +- include/net/xfrm.h | 1 + include/trace/events/writeback.h | 2 +- io_uring/io_uring.c | 15 +- kernel/bpf/btf.c | 20 +- kernel/bpf/verifier.c | 21 +- kernel/cgroup/cgroup.c | 20 +- kernel/time/tick-common.c | 13 +- kernel/time/tick-sched.c | 13 +- kernel/trace/trace.c | 11 +- kernel/trace/trace.h | 1 + kernel/trace/trace_events.c | 2 +- kernel/trace/trace_events_synth.c | 2 - mm/memfd.c | 3 +- net/ipv4/esp4_offload.c | 3 + net/ipv4/xfrm4_input.c | 1 + net/ipv6/esp6_offload.c | 3 + net/ipv6/xfrm6_input.c | 3 + net/netfilter/ipvs/ip_vs_xmit.c | 2 + net/netfilter/nf_tables_api.c | 183 +++++++++++--- net/netfilter/nfnetlink_osf.c | 1 + net/netfilter/nft_immediate.c | 90 ++++++- net/netfilter/nft_set_pipapo.c | 6 +- net/netfilter/xt_osf.c | 1 - net/sched/sch_netem.c | 8 +- net/xfrm/Makefile | 2 + net/xfrm/xfrm_input.c | 1 + .../{xfrm_interface.c => xfrm_interface_core.c} | 54 +++- net/xfrm/xfrm_policy.c | 12 + sound/soc/codecs/nau8824.c | 24 ++ sound/soc/generic/simple-card.c | 1 + .../bpf/verifier/bounds_mix_sign_unsign.c | 110 ++++---- .../selftests/mount_setattr/mount_setattr_test.c | 7 - tools/testing/selftests/net/fcnal-test.sh | 27 +- .../net/forwarding/mirror_gre_bridge_1d.sh | 4 + .../net/forwarding/mirror_gre_bridge_1q.sh | 4 + tools/testing/selftests/net/mptcp/config | 1 + tools/testing/selftests/net/mptcp/mptcp_join.sh | 181 ++++++++------ tools/testing/selftests/net/mptcp/mptcp_lib.sh | 64 +++++ tools/testing/selftests/net/mptcp/pm_netlink.sh | 12 +- virt/kvm/kvm_main.c | 20 +- 108 files changed, 1458 insertions(+), 411 deletions(-)

2 years, 3 months

7
103
0 0

stable-rc/linux-4.14.y baseline: 54 runs, 1 regressions (v4.14.320-125-g5cffa7b2aa8b)

by kernelci.org bot

stable-rc/linux-4.14.y baseline: 54 runs, 1 regressions (v4.14.320-125-g5cffa7b2aa8b) Regressions Summary ------------------- platform | arch | lab | compiler | defconfig | regressions -----------------+------+--------------+----------+--------------------+------------ meson8b-odroidc1 | arm | lab-baylibre | gcc-10 | multi_v7_defconfig | 1 Details: https://kernelci.org/test/job/stable-rc/branch/linux-4.14.y/kernel/v4.14.32… Test: baseline Tree: stable-rc Branch: linux-4.14.y Describe: v4.14.320-125-g5cffa7b2aa8b URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git SHA: 5cffa7b2aa8b04d9314eff634a714e0c6fc2b754 Test Regressions ---------------- platform | arch | lab | compiler | defconfig | regressions -----------------+------+--------------+----------+--------------------+------------ meson8b-odroidc1 | arm | lab-baylibre | gcc-10 | multi_v7_defconfig | 1 Details: https://kernelci.org/test/plan/id/64bad33d79bc67dcd68ace1c Results: 0 PASS, 1 FAIL, 0 SKIP Full config: multi_v7_defconfig Compiler: gcc-10 (arm-linux-gnueabihf-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable-rc/linux-4.14.y/v4.14.320-125-g5cffa7b… HTML log: https://storage.kernelci.org//stable-rc/linux-4.14.y/v4.14.320-125-g5cffa7b… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2023… * baseline.login: https://kernelci.org/test/case/id/64bad33d79bc67dcd68ace1d failing since 522 days (last pass: v4.14.266, first fail: v4.14.266-45-gce409501ca5f)

2 years, 3 months

1
0
0 0

stable-rc/linux-5.4.y baseline: 71 runs, 4 regressions (v5.4.249-278-g78f9a3d1c959)

by kernelci.org bot

stable-rc/linux-5.4.y baseline: 71 runs, 4 regressions (v5.4.249-278-g78f9a3d1c959) Regressions Summary ------------------- platform | arch | lab | compiler | defconfig | regressions -----------------------------+--------+---------------+----------+------------------------------+------------ cubietruck | arm | lab-baylibre | gcc-10 | multi_v7_defconfig | 1 hp-x360-12b-c...4020-octopus | x86_64 | lab-collabora | gcc-10 | x86_64_defcon...6-chromebook | 1 hp-x360-14-G1-sona | x86_64 | lab-collabora | gcc-10 | x86_64_defcon...6-chromebook | 1 sun8i-h3-libretech-all-h3-cc | arm | lab-baylibre | gcc-10 | multi_v7_defconfig | 1 Details: https://kernelci.org/test/job/stable-rc/branch/linux-5.4.y/kernel/v5.4.249-… Test: baseline Tree: stable-rc Branch: linux-5.4.y Describe: v5.4.249-278-g78f9a3d1c959 URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git SHA: 78f9a3d1c959657b597bceaaf963b5d918b642a4 Test Regressions ---------------- platform | arch | lab | compiler | defconfig | regressions -----------------------------+--------+---------------+----------+------------------------------+------------ cubietruck | arm | lab-baylibre | gcc-10 | multi_v7_defconfig | 1 Details: https://kernelci.org/test/plan/id/64bac744e07b51a54b8ace3e Results: 5 PASS, 1 FAIL, 1 SKIP Full config: multi_v7_defconfig Compiler: gcc-10 (arm-linux-gnueabihf-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable-rc/linux-5.4.y/v5.4.249-278-g78f9a3d1c… HTML log: https://storage.kernelci.org//stable-rc/linux-5.4.y/v5.4.249-278-g78f9a3d1c… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2023… * baseline.bootrr.deferred-probe-empty: https://kernelci.org/test/case/id/64bac744e07b51a54b8ace43 failing since 185 days (last pass: v5.4.226-68-g8c05f5e0777d, first fail: v5.4.228-659-gb3b34c474ec7) 2023-07-21T17:58:09.560743 <8>[ 9.857724] <LAVA_SIGNAL_ENDRUN 0_dmesg 3724054_1.5.2.4.1> 2023-07-21T17:58:09.673017 / # # 2023-07-21T17:58:09.776661 export SHELL=/bin/sh 2023-07-21T17:58:09.777867 # 2023-07-21T17:58:09.880172 / # export SHELL=/bin/sh. /lava-3724054/environment 2023-07-21T17:58:09.880581 2023-07-21T17:58:09.982108 / # . /lava-3724054/environment/lava-3724054/bin/lava-test-runner /lava-3724054/1 2023-07-21T17:58:09.984210 2023-07-21T17:58:09.989460 / # /lava-3724054/bin/lava-test-runner /lava-3724054/1 2023-07-21T17:58:10.033718 <3>[ 10.320221] Bluetooth: hci0: command 0xfc18 tx timeout ... (12 line(s) more) platform | arch | lab | compiler | defconfig | regressions -----------------------------+--------+---------------+----------+------------------------------+------------ hp-x360-12b-c...4020-octopus | x86_64 | lab-collabora | gcc-10 | x86_64_defcon...6-chromebook | 1 Details: https://kernelci.org/test/plan/id/64bac7125912a988998ace3c Results: 5 PASS, 1 FAIL, 1 SKIP Full config: x86_64_defconfig+x86-chromebook Compiler: gcc-10 (gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable-rc/linux-5.4.y/v5.4.249-278-g78f9a3d1c… HTML log: https://storage.kernelci.org//stable-rc/linux-5.4.y/v5.4.249-278-g78f9a3d1c… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2023… * baseline.bootrr.deferred-probe-empty: https://kernelci.org/test/case/id/64bac7125912a988998ace41 failing since 113 days (last pass: v5.4.238, first fail: v5.4.238) 2023-07-21T17:57:53.909927 + set<8>[ 10.271471] <LAVA_SIGNAL_ENDRUN 0_dmesg 11124173_1.4.2.3.1> 2023-07-21T17:57:53.910014 +x 2023-07-21T17:57:54.011151 / # 2023-07-21T17:57:54.111932 # #export SHELL=/bin/sh 2023-07-21T17:57:54.112151 2023-07-21T17:57:54.212643 / # export SHELL=/bin/sh. /lava-11124173/environment 2023-07-21T17:57:54.212864 2023-07-21T17:57:54.313390 / # . /lava-11124173/environment/lava-11124173/bin/lava-test-runner /lava-11124173/1 2023-07-21T17:57:54.313685 2023-07-21T17:57:54.318242 / # /lava-11124173/bin/lava-test-runner /lava-11124173/1 ... (12 line(s) more) platform | arch | lab | compiler | defconfig | regressions -----------------------------+--------+---------------+----------+------------------------------+------------ hp-x360-14-G1-sona | x86_64 | lab-collabora | gcc-10 | x86_64_defcon...6-chromebook | 1 Details: https://kernelci.org/test/plan/id/64bac7168ead1fecd68ace20 Results: 5 PASS, 1 FAIL, 1 SKIP Full config: x86_64_defconfig+x86-chromebook Compiler: gcc-10 (gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable-rc/linux-5.4.y/v5.4.249-278-g78f9a3d1c… HTML log: https://storage.kernelci.org//stable-rc/linux-5.4.y/v5.4.249-278-g78f9a3d1c… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2023… * baseline.bootrr.deferred-probe-empty: https://kernelci.org/test/case/id/64bac7168ead1fecd68ace25 failing since 113 days (last pass: v5.4.238, first fail: v5.4.238) 2023-07-21T17:57:25.808602 + set<8>[ 10.310535] <LAVA_SIGNAL_ENDRUN 0_dmesg 11124178_1.4.2.3.1> 2023-07-21T17:57:25.808700 +x 2023-07-21T17:57:25.910376 # 2023-07-21T17:57:26.011185 / # #export SHELL=/bin/sh 2023-07-21T17:57:26.011385 2023-07-21T17:57:26.111899 / # export SHELL=/bin/sh. /lava-11124178/environment 2023-07-21T17:57:26.112141 2023-07-21T17:57:26.212648 / # . /lava-11124178/environment/lava-11124178/bin/lava-test-runner /lava-11124178/1 2023-07-21T17:57:26.212956 2023-07-21T17:57:26.217865 / # /lava-11124178/bin/lava-test-runner /lava-11124178/1 ... (12 line(s) more) platform | arch | lab | compiler | defconfig | regressions -----------------------------+--------+---------------+----------+------------------------------+------------ sun8i-h3-libretech-all-h3-cc | arm | lab-baylibre | gcc-10 | multi_v7_defconfig | 1 Details: https://kernelci.org/test/plan/id/64bac70e66695f2e1f8ace41 Results: 5 PASS, 1 FAIL, 1 SKIP Full config: multi_v7_defconfig Compiler: gcc-10 (arm-linux-gnueabihf-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable-rc/linux-5.4.y/v5.4.249-278-g78f9a3d1c… HTML log: https://storage.kernelci.org//stable-rc/linux-5.4.y/v5.4.249-278-g78f9a3d1c… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2023… * baseline.bootrr.deferred-probe-empty: https://kernelci.org/test/case/id/64bac70e66695f2e1f8ace46 failing since 185 days (last pass: v5.4.227, first fail: v5.4.228-659-gb3b34c474ec7) 2023-07-21T17:57:18.665549 <8>[ 7.840801] <LAVA_SIGNAL_ENDRUN 0_dmesg 3724058_1.5.2.4.1> 2023-07-21T17:57:18.771325 / # # 2023-07-21T17:57:18.873165 export SHELL=/bin/sh 2023-07-21T17:57:18.873570 # 2023-07-21T17:57:18.975036 / # export SHELL=/bin/sh. /lava-3724058/environment 2023-07-21T17:57:18.975445 2023-07-21T17:57:19.076893 / # . /lava-3724058/environment/lava-3724058/bin/lava-test-runner /lava-3724058/1 2023-07-21T17:57:19.077663 2023-07-21T17:57:19.081916 / # /lava-3724058/bin/lava-test-runner /lava-3724058/1 2023-07-21T17:57:19.145997 + export 'TESTRUN_ID=1_bootrr' ... (11 line(s) more)

2 years, 3 months

1
0
0 0

RE

by Michele

Do you get my mail

2 years, 3 months

1
0
0 0

[PATCH 1/3] HID: wacom: remove the battery when the EKR is off

by Aaron Armstrong Skomra

From: Aaron Armstrong Skomra <aaron.skomra(a)wacom.com> Currently the EKR battery remains even after we stop getting information from the device. This can lead to a stale battery persisting indefinitely in userspace. The remote sends a heartbeat every 10 seconds. Delete the battery if we miss two heartbeats (after 21 seconds). Restore the battery once we see a heartbeat again. Signed-off-by: Aaron Skomra <skomra(a)gmail.com> Signed-off-by: Aaron Armstrong Skomra <aaron.skomra(a)wacom.com> Reviewed-by: Jason Gerecke <jason.gerecke(a)wacom.com> Fixes: 9f1015d45f62 ("HID: wacom: EKR: attach the power_supply on first connection") CC: stable(a)vger.kernel.org --- drivers/hid/wacom.h | 1 + drivers/hid/wacom_sys.c | 26 ++++++++++++++++++++++---- drivers/hid/wacom_wac.c | 1 + drivers/hid/wacom_wac.h | 1 + 4 files changed, 25 insertions(+), 4 deletions(-) diff --git a/drivers/hid/wacom.h b/drivers/hid/wacom.h index 4da50e19808e..166a76c9bcad 100644 --- a/drivers/hid/wacom.h +++ b/drivers/hid/wacom.h @@ -150,6 +150,7 @@ struct wacom_remote { struct input_dev *input; bool registered; struct wacom_battery battery; + ktime_t active_time; } remotes[WACOM_MAX_REMOTES]; }; diff --git a/drivers/hid/wacom_sys.c b/drivers/hid/wacom_sys.c index 76e5353aca0c..c82e82f21e43 100644 --- a/drivers/hid/wacom_sys.c +++ b/drivers/hid/wacom_sys.c @@ -2523,6 +2523,18 @@ static void wacom_wireless_work(struct work_struct *work) return; } +static void wacom_remote_destroy_battery(struct wacom *wacom, int index) +{ + struct wacom_remote *remote = wacom->remote; + + if (remote->remotes[index].battery.battery) { + devres_release_group(&wacom->hdev->dev, + &remote->remotes[index].battery.bat_desc); + remote->remotes[index].battery.battery = NULL; + remote->remotes[index].active_time = 0; + } +} + static void wacom_remote_destroy_one(struct wacom *wacom, unsigned int index) { struct wacom_remote *remote = wacom->remote; @@ -2537,9 +2549,7 @@ static void wacom_remote_destroy_one(struct wacom *wacom, unsigned int index) remote->remotes[i].registered = false; spin_unlock_irqrestore(&remote->remote_lock, flags); - if (remote->remotes[i].battery.battery) - devres_release_group(&wacom->hdev->dev, - &remote->remotes[i].battery.bat_desc); + wacom_remote_destroy_battery(wacom, i); if (remote->remotes[i].group.name) devres_release_group(&wacom->hdev->dev, @@ -2547,7 +2557,6 @@ static void wacom_remote_destroy_one(struct wacom *wacom, unsigned int index) remote->remotes[i].serial = 0; remote->remotes[i].group.name = NULL; - remote->remotes[i].battery.battery = NULL; wacom->led.groups[i].select = WACOM_STATUS_UNKNOWN; } } @@ -2632,6 +2641,9 @@ static int wacom_remote_attach_battery(struct wacom *wacom, int index) if (remote->remotes[index].battery.battery) return 0; + if (!remote->remotes[index].active_time) + return 0; + if (wacom->led.groups[index].select == WACOM_STATUS_UNKNOWN) return 0; @@ -2647,6 +2659,7 @@ static void wacom_remote_work(struct work_struct *work) { struct wacom *wacom = container_of(work, struct wacom, remote_work); struct wacom_remote *remote = wacom->remote; + ktime_t kt = ktime_get(); struct wacom_remote_data data; unsigned long flags; unsigned int count; @@ -2671,8 +2684,13 @@ static void wacom_remote_work(struct work_struct *work) for (i = 0; i < WACOM_MAX_REMOTES; i++) { serial = data.remote[i].serial; + if (data.remote[i].connected) { + if (kt - remote->remotes[i].active_time > WACOM_REMOTE_BATTERY_TIMEOUT + && remote->remotes[i].active_time != 0) + wacom_remote_destroy_battery(wacom, i); + if (remote->remotes[i].serial == serial) { wacom_remote_attach_battery(wacom, i); continue; diff --git a/drivers/hid/wacom_wac.c b/drivers/hid/wacom_wac.c index 174bf03908d7..6c056f8844e7 100644 --- a/drivers/hid/wacom_wac.c +++ b/drivers/hid/wacom_wac.c @@ -1134,6 +1134,7 @@ static int wacom_remote_irq(struct wacom_wac *wacom_wac, size_t len) if (index < 0 || !remote->remotes[index].registered) goto out; + remote->remotes[i].active_time = ktime_get(); input = remote->remotes[index].input; input_report_key(input, BTN_0, (data[9] & 0x01)); diff --git a/drivers/hid/wacom_wac.h b/drivers/hid/wacom_wac.h index ee21bb260f22..2e7cc5e7a0cb 100644 --- a/drivers/hid/wacom_wac.h +++ b/drivers/hid/wacom_wac.h @@ -13,6 +13,7 @@ #define WACOM_NAME_MAX 64 #define WACOM_MAX_REMOTES 5 #define WACOM_STATUS_UNKNOWN 255 +#define WACOM_REMOTE_BATTERY_TIMEOUT 21000000000ll /* packet length for individual models */ #define WACOM_PKGLEN_BBFUN 9 -- 2.34.1

2 years, 3 months

1
0
0 0

stable-rc/linux-6.1.y build: 5 builds: 0 failed, 5 passed, 1 warning (v6.1.39-224-ge54fe15e179b)

by kernelci.org bot

stable-rc/linux-6.1.y build: 5 builds: 0 failed, 5 passed, 1 warning (v6.1.39-224-ge54fe15e179b) Full Build Summary: https://kernelci.org/build/stable-rc/branch/linux-6.1.y/kernel/v6.1.39-224-… Tree: stable-rc Branch: linux-6.1.y Git Describe: v6.1.39-224-ge54fe15e179b Git Commit: e54fe15e179b2cc0f0587e2ef1549295ae7bc3be Git URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git Built: 5 unique architectures Warnings Detected: arc: i386: mips: 32r2el_defconfig (gcc-10): 1 warning riscv: x86_64: Warnings summary: 1 arch/mips/boot/dts/img/boston.dts:128.19-178.5: Warning (pci_device_reg): /pci@14000000/pci2_root@0,0,0: PCI unit address format error, expected "0,0" ================================================================================ Detailed per-defconfig build reports: -------------------------------------------------------------------------------- 32r2el_defconfig (mips, gcc-10) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: arch/mips/boot/dts/img/boston.dts:128.19-178.5: Warning (pci_device_reg): /pci@14000000/pci2_root@0,0,0: PCI unit address format error, expected "0,0" -------------------------------------------------------------------------------- haps_hs_smp_defconfig (arc, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- i386_defconfig (i386, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- rv32_defconfig (riscv, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- tinyconfig (x86_64, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches --- For more info write to <info(a)kernelci.org>

2 years, 3 months

1
0
0 0

stable-rc/linux-4.19.y build: 1 build: 1 failed, 0 passed (v4.19.288-188-g71e850d72cc5)

by kernelci.org bot

stable-rc/linux-4.19.y build: 1 build: 1 failed, 0 passed (v4.19.288-188-g71e850d72cc5) Full Build Summary: https://kernelci.org/build/stable-rc/branch/linux-4.19.y/kernel/v4.19.288-1… Tree: stable-rc Branch: linux-4.19.y Git Describe: v4.19.288-188-g71e850d72cc5 Git Commit: 71e850d72cc54c75316c30f51b1163a0da4f00e1 Git URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git Built: 1 unique architecture Build Failure Detected: riscv: tinyconfig: (gcc-10) FAIL ================================================================================ Detailed per-defconfig build reports: -------------------------------------------------------------------------------- tinyconfig (riscv, gcc-10) — FAIL, 0 errors, 0 warnings, 0 section mismatches --- For more info write to <info(a)kernelci.org>

2 years, 3 months

1
0
0 0

stable-rc/linux-5.10.y build: 2 builds: 0 failed, 2 passed, 1 warning (v5.10.186-441-g2f0e20469d5f)

by kernelci.org bot

stable-rc/linux-5.10.y build: 2 builds: 0 failed, 2 passed, 1 warning (v5.10.186-441-g2f0e20469d5f) Full Build Summary: https://kernelci.org/build/stable-rc/branch/linux-5.10.y/kernel/v5.10.186-4… Tree: stable-rc Branch: linux-5.10.y Git Describe: v5.10.186-441-g2f0e20469d5f Git Commit: 2f0e20469d5f1c35ef084c4c84db0fd7bbfb0d2d Git URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git Built: 2 unique architectures Warnings Detected: arc: arm: vexpress_defconfig (gcc-10): 1 warning Warnings summary: 1 fs/ext4/ioctl.c:634:7: warning: assignment to ‘int’ from ‘struct super_block *’ makes integer from pointer without a cast [-Wint-conversion] ================================================================================ Detailed per-defconfig build reports: -------------------------------------------------------------------------------- haps_hs_smp_defconfig (arc, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- vexpress_defconfig (arm, gcc-10) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: fs/ext4/ioctl.c:634:7: warning: assignment to ‘int’ from ‘struct super_block *’ makes integer from pointer without a cast [-Wint-conversion] --- For more info write to <info(a)kernelci.org>

2 years, 3 months

1
0
0 0

stable-rc/linux-4.14.y build: 6 builds: 0 failed, 6 passed, 18 warnings (v4.14.320-125-g5cffa7b2aa8b)

by kernelci.org bot

stable-rc/linux-4.14.y build: 6 builds: 0 failed, 6 passed, 18 warnings (v4.14.320-125-g5cffa7b2aa8b) Full Build Summary: https://kernelci.org/build/stable-rc/branch/linux-4.14.y/kernel/v4.14.320-1… Tree: stable-rc Branch: linux-4.14.y Git Describe: v4.14.320-125-g5cffa7b2aa8b Git Commit: 5cffa7b2aa8b04d9314eff634a714e0c6fc2b754 Git URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git Built: 3 unique architectures Warnings Detected: arm: multi_v7_defconfig (gcc-10): 1 warning vexpress_defconfig (gcc-10): 1 warning i386: allnoconfig (gcc-10): 3 warnings i386_defconfig (gcc-10): 4 warnings x86_64: allnoconfig (gcc-10): 3 warnings x86_64_defconfig (gcc-10): 6 warnings Warnings summary: 4 ld: warning: creating DT_TEXTREL in a PIE 4 fs/ext4/ioctl.c:523:7: warning: assignment to ‘int’ from ‘struct super_block *’ makes integer from pointer without a cast [-Wint-conversion] 2 ld: arch/x86/boot/compressed/head_64.o: warning: relocation in read-only section `.head.text' 2 ld: arch/x86/boot/compressed/head_32.o: warning: relocation in read-only section `.head.text' 2 arch/x86/entry/entry_32.S:480: Warning: no instruction mnemonic suffix given and no register operands; using default for `btr' 2 Warning: synced file at 'tools/objtool/arch/x86/include/asm/insn.h' differs from latest kernel version at 'arch/x86/include/asm/insn.h' 1 drivers/gpu/drm/drm_edid.o: warning: objtool: validate_displayid.constprop.0()+0x73: return with modified stack frame 1 drivers/gpu/drm/drm_edid.o: warning: objtool: validate_displayid.constprop.0()+0x0: stack state mismatch: cfa1=7+104 cfa2=7+8 ================================================================================ Detailed per-defconfig build reports: -------------------------------------------------------------------------------- allnoconfig (i386, gcc-10) — PASS, 0 errors, 3 warnings, 0 section mismatches Warnings: arch/x86/entry/entry_32.S:480: Warning: no instruction mnemonic suffix given and no register operands; using default for `btr' ld: arch/x86/boot/compressed/head_32.o: warning: relocation in read-only section `.head.text' ld: warning: creating DT_TEXTREL in a PIE -------------------------------------------------------------------------------- allnoconfig (x86_64, gcc-10) — PASS, 0 errors, 3 warnings, 0 section mismatches Warnings: Warning: synced file at 'tools/objtool/arch/x86/include/asm/insn.h' differs from latest kernel version at 'arch/x86/include/asm/insn.h' ld: arch/x86/boot/compressed/head_64.o: warning: relocation in read-only section `.head.text' ld: warning: creating DT_TEXTREL in a PIE -------------------------------------------------------------------------------- i386_defconfig (i386, gcc-10) — PASS, 0 errors, 4 warnings, 0 section mismatches Warnings: arch/x86/entry/entry_32.S:480: Warning: no instruction mnemonic suffix given and no register operands; using default for `btr' fs/ext4/ioctl.c:523:7: warning: assignment to ‘int’ from ‘struct super_block *’ makes integer from pointer without a cast [-Wint-conversion] ld: arch/x86/boot/compressed/head_32.o: warning: relocation in read-only section `.head.text' ld: warning: creating DT_TEXTREL in a PIE -------------------------------------------------------------------------------- multi_v7_defconfig (arm, gcc-10) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: fs/ext4/ioctl.c:523:7: warning: assignment to ‘int’ from ‘struct super_block *’ makes integer from pointer without a cast [-Wint-conversion] -------------------------------------------------------------------------------- vexpress_defconfig (arm, gcc-10) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: fs/ext4/ioctl.c:523:7: warning: assignment to ‘int’ from ‘struct super_block *’ makes integer from pointer without a cast [-Wint-conversion] -------------------------------------------------------------------------------- x86_64_defconfig (x86_64, gcc-10) — PASS, 0 errors, 6 warnings, 0 section mismatches Warnings: Warning: synced file at 'tools/objtool/arch/x86/include/asm/insn.h' differs from latest kernel version at 'arch/x86/include/asm/insn.h' fs/ext4/ioctl.c:523:7: warning: assignment to ‘int’ from ‘struct super_block *’ makes integer from pointer without a cast [-Wint-conversion] drivers/gpu/drm/drm_edid.o: warning: objtool: validate_displayid.constprop.0()+0x73: return with modified stack frame drivers/gpu/drm/drm_edid.o: warning: objtool: validate_displayid.constprop.0()+0x0: stack state mismatch: cfa1=7+104 cfa2=7+8 ld: arch/x86/boot/compressed/head_64.o: warning: relocation in read-only section `.head.text' ld: warning: creating DT_TEXTREL in a PIE --- For more info write to <info(a)kernelci.org>

2 years, 3 months

1
0
0 0

[PATCH 1/1] x86/hyperv: Disable IBT when hypercall page lacks ENDBR instruction

by Michael Kelley

On hardware that supports Indirect Branch Tracking (IBT), Hyper-V VMs with ConfigVersion 9.3 or later support IBT in the guest. However, current versions of Hyper-V have a bug in that there's not an ENDBR64 instruction at the beginning of the hypercall page. Since hypercalls are made with an indirect call to the hypercall page, all hypercall attempts fail with an exception and Linux panics. A Hyper-V fix is in progress to add ENDBR64. But guard against the Linux panic by clearing X86_FEATURE_IBT if the hypercall page doesn't start with ENDBR. The VM will boot and run without IBT. If future Linux 32-bit kernels were to support IBT, additional hypercall page hackery would be needed to make IBT work for such kernels in a Hyper-V VM. Cc: stable(a)vger.kernel.org Signed-off-by: Michael Kelley <mikelley(a)microsoft.com> --- arch/x86/hyperv/hv_init.c | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/arch/x86/hyperv/hv_init.c b/arch/x86/hyperv/hv_init.c index 6c04b52..5cbee24 100644 --- a/arch/x86/hyperv/hv_init.c +++ b/arch/x86/hyperv/hv_init.c @@ -14,6 +14,7 @@ #include <asm/apic.h> #include <asm/desc.h> #include <asm/sev.h> +#include <asm/ibt.h> #include <asm/hypervisor.h> #include <asm/hyperv-tlfs.h> #include <asm/mshyperv.h> @@ -472,6 +473,26 @@ void __init hyperv_init(void) } /* + * Some versions of Hyper-V that provide IBT in guest VMs have a bug + * in that there's no ENDBR64 instruction at the entry to the + * hypercall page. Because hypercalls are invoked via an indirect call + * to the hypercall page, all hypercall attempts fail when IBT is + * enabled, and Linux panics. For such buggy versions, disable IBT. + * + * Fixed versions of Hyper-V always provide ENDBR64 on the hypercall + * page, so if future Linux kernel versions enable IBT for 32-bit + * builds, additional hypercall page hackery will be required here + * to provide an ENDBR32. + */ +#ifdef CONFIG_X86_KERNEL_IBT + if (cpu_feature_enabled(X86_FEATURE_IBT) && + *(u32 *)hv_hypercall_pg != gen_endbr()) { + setup_clear_cpu_cap(X86_FEATURE_IBT); + pr_info("Hyper-V: Disabling IBT because of Hyper-V bug\n"); + } +#endif + + /* * hyperv_init() is called before LAPIC is initialized: see * apic_intr_mode_init() -> x86_platform.apic_post_init() and * apic_bsp_setup() -> setup_local_APIC(). The direct-mode STIMER -- 1.8.3.1

2 years, 3 months

4
8
0 0

stable-rc/linux-5.4.y build: 5 builds: 0 failed, 5 passed, 11 warnings (v5.4.249-278-g78f9a3d1c959)

by kernelci.org bot

stable-rc/linux-5.4.y build: 5 builds: 0 failed, 5 passed, 11 warnings (v5.4.249-278-g78f9a3d1c959) Full Build Summary: https://kernelci.org/build/stable-rc/branch/linux-5.4.y/kernel/v5.4.249-278… Tree: stable-rc Branch: linux-5.4.y Git Describe: v5.4.249-278-g78f9a3d1c959 Git Commit: 78f9a3d1c959657b597bceaaf963b5d918b642a4 Git URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git Built: 3 unique architectures Warnings Detected: arm: imx_v6_v7_defconfig (gcc-10): 1 warning multi_v7_defconfig (gcc-10): 1 warning i386: allnoconfig (gcc-10): 2 warnings tinyconfig (gcc-10): 2 warnings x86_64: x86_64_defconfig+x86-chromebook (gcc-10): 5 warnings Warnings summary: 3 ld: warning: creating DT_TEXTREL in a PIE 3 fs/ext4/ioctl.c:595:7: warning: assignment to ‘int’ from ‘struct super_block *’ makes integer from pointer without a cast [-Wint-conversion] 2 ld: arch/x86/boot/compressed/head_32.o: warning: relocation in read-only section `.head.text' 1 ld: arch/x86/boot/compressed/head_64.o: warning: relocation in read-only section `.head.text' 1 arch/x86/entry/entry_64.o: warning: objtool: If this is a retpoline, please patch it in with alternatives and annotate it with ANNOTATE_NOSPEC_ALTERNATIVE. 1 arch/x86/entry/entry_64.o: warning: objtool: .entry.text+0x1c1: unsupported intra-function call ================================================================================ Detailed per-defconfig build reports: -------------------------------------------------------------------------------- allnoconfig (i386, gcc-10) — PASS, 0 errors, 2 warnings, 0 section mismatches Warnings: ld: arch/x86/boot/compressed/head_32.o: warning: relocation in read-only section `.head.text' ld: warning: creating DT_TEXTREL in a PIE -------------------------------------------------------------------------------- imx_v6_v7_defconfig (arm, gcc-10) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: fs/ext4/ioctl.c:595:7: warning: assignment to ‘int’ from ‘struct super_block *’ makes integer from pointer without a cast [-Wint-conversion] -------------------------------------------------------------------------------- multi_v7_defconfig (arm, gcc-10) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: fs/ext4/ioctl.c:595:7: warning: assignment to ‘int’ from ‘struct super_block *’ makes integer from pointer without a cast [-Wint-conversion] -------------------------------------------------------------------------------- tinyconfig (i386, gcc-10) — PASS, 0 errors, 2 warnings, 0 section mismatches Warnings: ld: arch/x86/boot/compressed/head_32.o: warning: relocation in read-only section `.head.text' ld: warning: creating DT_TEXTREL in a PIE -------------------------------------------------------------------------------- x86_64_defconfig+x86-chromebook (x86_64, gcc-10) — PASS, 0 errors, 5 warnings, 0 section mismatches Warnings: arch/x86/entry/entry_64.o: warning: objtool: .entry.text+0x1c1: unsupported intra-function call arch/x86/entry/entry_64.o: warning: objtool: If this is a retpoline, please patch it in with alternatives and annotate it with ANNOTATE_NOSPEC_ALTERNATIVE. fs/ext4/ioctl.c:595:7: warning: assignment to ‘int’ from ‘struct super_block *’ makes integer from pointer without a cast [-Wint-conversion] ld: arch/x86/boot/compressed/head_64.o: warning: relocation in read-only section `.head.text' ld: warning: creating DT_TEXTREL in a PIE --- For more info write to <info(a)kernelci.org>

2 years, 3 months

1
0
0 0

stable-rc/linux-5.15.y build: 1 build: 0 failed, 1 passed (v5.15.120-533-g48958c96454b)

by kernelci.org bot

stable-rc/linux-5.15.y build: 1 build: 0 failed, 1 passed (v5.15.120-533-g48958c96454b) Full Build Summary: https://kernelci.org/build/stable-rc/branch/linux-5.15.y/kernel/v5.15.120-5… Tree: stable-rc Branch: linux-5.15.y Git Describe: v5.15.120-533-g48958c96454b Git Commit: 48958c96454b9acda1f1117b5206838864697de8 Git URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git Built: 1 unique architecture ================================================================================ Detailed per-defconfig build reports: -------------------------------------------------------------------------------- rv32_defconfig (riscv, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches --- For more info write to <info(a)kernelci.org>

2 years, 3 months

1
0
0 0

stable-rc/linux-5.15.y baseline: 33 runs, 7 regressions (v5.15.120-461-gf00f5bd44794)

by kernelci.org bot

stable-rc/linux-5.15.y baseline: 33 runs, 7 regressions (v5.15.120-461-gf00f5bd44794) Regressions Summary ------------------- platform | arch | lab | compiler | defconfig | regressions -----------------------------+--------+---------------+----------+------------------------------+------------ asus-C436FA-Flip-hatch | x86_64 | lab-collabora | gcc-10 | x86_64_defcon...6-chromebook | 1 asus-CM1400CXA-dalboz | x86_64 | lab-collabora | gcc-10 | x86_64_defcon...6-chromebook | 1 asus-cx9400-volteer | x86_64 | lab-collabora | gcc-10 | x86_64_defcon...6-chromebook | 1 hp-x360-12b-c...4020-octopus | x86_64 | lab-collabora | gcc-10 | x86_64_defcon...6-chromebook | 1 hp-x360-14-G1-sona | x86_64 | lab-collabora | gcc-10 | x86_64_defcon...6-chromebook | 1 hp-x360-14a-cb0001xx-zork | x86_64 | lab-collabora | gcc-10 | x86_64_defcon...6-chromebook | 1 lenovo-TPad-C13-Yoga-zork | x86_64 | lab-collabora | gcc-10 | x86_64_defcon...6-chromebook | 1 Details: https://kernelci.org/test/job/stable-rc/branch/linux-5.15.y/kernel/v5.15.12… Test: baseline Tree: stable-rc Branch: linux-5.15.y Describe: v5.15.120-461-gf00f5bd44794 URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git SHA: f00f5bd447944c43362d06c5029e5c78ae14d2da Test Regressions ---------------- platform | arch | lab | compiler | defconfig | regressions -----------------------------+--------+---------------+----------+------------------------------+------------ asus-C436FA-Flip-hatch | x86_64 | lab-collabora | gcc-10 | x86_64_defcon...6-chromebook | 1 Details: https://kernelci.org/test/plan/id/64ba8f317a999e3c3b8ace54 Results: 6 PASS, 1 FAIL, 0 SKIP Full config: x86_64_defconfig+x86-chromebook Compiler: gcc-10 (gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable-rc/linux-5.15.y/v5.15.120-461-gf00f5bd… HTML log: https://storage.kernelci.org//stable-rc/linux-5.15.y/v5.15.120-461-gf00f5bd… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2023… * baseline.bootrr.deferred-probe-empty: https://kernelci.org/test/case/id/64ba8f317a999e3c3b8ace59 failing since 114 days (last pass: v5.15.104, first fail: v5.15.104-147-gea115396267e) 2023-07-21T13:59:27.032849 <8>[ 11.073466] <LAVA_SIGNAL_ENDRUN 0_dmesg 11123367_1.4.2.3.1> 2023-07-21T13:59:27.036006 + set +x 2023-07-21T13:59:27.140267 / # # 2023-07-21T13:59:27.240973 export SHELL=/bin/sh 2023-07-21T13:59:27.241170 # 2023-07-21T13:59:27.341658 / # export SHELL=/bin/sh. /lava-11123367/environment 2023-07-21T13:59:27.341884 2023-07-21T13:59:27.442443 / # . /lava-11123367/environment/lava-11123367/bin/lava-test-runner /lava-11123367/1 2023-07-21T13:59:27.442756 2023-07-21T13:59:27.448224 / # /lava-11123367/bin/lava-test-runner /lava-11123367/1 ... (12 line(s) more) platform | arch | lab | compiler | defconfig | regressions -----------------------------+--------+---------------+----------+------------------------------+------------ asus-CM1400CXA-dalboz | x86_64 | lab-collabora | gcc-10 | x86_64_defcon...6-chromebook | 1 Details: https://kernelci.org/test/plan/id/64ba8f902851d814ea8ace33 Results: 6 PASS, 1 FAIL, 0 SKIP Full config: x86_64_defconfig+x86-chromebook Compiler: gcc-10 (gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable-rc/linux-5.15.y/v5.15.120-461-gf00f5bd… HTML log: https://storage.kernelci.org//stable-rc/linux-5.15.y/v5.15.120-461-gf00f5bd… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2023… * baseline.bootrr.deferred-probe-empty: https://kernelci.org/test/case/id/64ba8f902851d814ea8ace38 failing since 114 days (last pass: v5.15.104, first fail: v5.15.104-147-gea115396267e) 2023-07-21T14:00:33.394201 + set<8>[ 11.757933] <LAVA_SIGNAL_ENDRUN 0_dmesg 11123341_1.4.2.3.1> 2023-07-21T14:00:33.394316 +x 2023-07-21T14:00:33.499207 / # # 2023-07-21T14:00:33.599942 export SHELL=/bin/sh 2023-07-21T14:00:33.600202 # 2023-07-21T14:00:33.700765 / # export SHELL=/bin/sh. /lava-11123341/environment 2023-07-21T14:00:33.701019 2023-07-21T14:00:33.801600 / # . /lava-11123341/environment/lava-11123341/bin/lava-test-runner /lava-11123341/1 2023-07-21T14:00:33.801987 2023-07-21T14:00:33.806364 / # /lava-11123341/bin/lava-test-runner /lava-11123341/1 ... (12 line(s) more) platform | arch | lab | compiler | defconfig | regressions -----------------------------+--------+---------------+----------+------------------------------+------------ asus-cx9400-volteer | x86_64 | lab-collabora | gcc-10 | x86_64_defcon...6-chromebook | 1 Details: https://kernelci.org/test/plan/id/64ba8f3d3fc23de3248ace4e Results: 6 PASS, 1 FAIL, 0 SKIP Full config: x86_64_defconfig+x86-chromebook Compiler: gcc-10 (gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable-rc/linux-5.15.y/v5.15.120-461-gf00f5bd… HTML log: https://storage.kernelci.org//stable-rc/linux-5.15.y/v5.15.120-461-gf00f5bd… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2023… * baseline.bootrr.deferred-probe-empty: https://kernelci.org/test/case/id/64ba8f3d3fc23de3248ace53 failing since 114 days (last pass: v5.15.104, first fail: v5.15.104-147-gea115396267e) 2023-07-21T13:58:58.629509 <8>[ 10.973802] <LAVA_SIGNAL_ENDRUN 0_dmesg 11123327_1.4.2.3.1> 2023-07-21T13:58:58.632848 + set +x 2023-07-21T13:58:58.740233 /# 2023-07-21T13:58:58.843040 # #export SHELL=/bin/sh 2023-07-21T13:58:58.843821 2023-07-21T13:58:58.945332 / # export SHELL=/bin/sh. /lava-11123327/environment 2023-07-21T13:58:58.946170 2023-07-21T13:58:59.047766 / # . /lava-11123327/environment/lava-11123327/bin/lava-test-runner /lava-11123327/1 2023-07-21T13:58:59.049157 2023-07-21T13:58:59.054219 / # /lava-11123327/bin/lava-test-runner /lava-11123327/1 ... (12 line(s) more) platform | arch | lab | compiler | defconfig | regressions -----------------------------+--------+---------------+----------+------------------------------+------------ hp-x360-12b-c...4020-octopus | x86_64 | lab-collabora | gcc-10 | x86_64_defcon...6-chromebook | 1 Details: https://kernelci.org/test/plan/id/64ba9103465d46fc4d8ace25 Results: 6 PASS, 1 FAIL, 0 SKIP Full config: x86_64_defconfig+x86-chromebook Compiler: gcc-10 (gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable-rc/linux-5.15.y/v5.15.120-461-gf00f5bd… HTML log: https://storage.kernelci.org//stable-rc/linux-5.15.y/v5.15.120-461-gf00f5bd… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2023… * baseline.bootrr.deferred-probe-empty: https://kernelci.org/test/case/id/64ba9103465d46fc4d8ace2a failing since 114 days (last pass: v5.15.104, first fail: v5.15.104-147-gea115396267e) 2023-07-21T14:06:44.372438 + set +x 2023-07-21T14:06:44.379186 <8>[ 10.562859] <LAVA_SIGNAL_ENDRUN 0_dmesg 11123363_1.4.2.3.1> 2023-07-21T14:06:44.483487 / # # 2023-07-21T14:06:44.584095 export SHELL=/bin/sh 2023-07-21T14:06:44.584413 # 2023-07-21T14:06:44.684973 / # export SHELL=/bin/sh. /lava-11123363/environment 2023-07-21T14:06:44.685177 2023-07-21T14:06:44.785668 / # . /lava-11123363/environment/lava-11123363/bin/lava-test-runner /lava-11123363/1 2023-07-21T14:06:44.785956 2023-07-21T14:06:44.790300 / # /lava-11123363/bin/lava-test-runner /lava-11123363/1 ... (12 line(s) more) platform | arch | lab | compiler | defconfig | regressions -----------------------------+--------+---------------+----------+------------------------------+------------ hp-x360-14-G1-sona | x86_64 | lab-collabora | gcc-10 | x86_64_defcon...6-chromebook | 1 Details: https://kernelci.org/test/plan/id/64ba91d94dfd82d1158ace25 Results: 6 PASS, 1 FAIL, 0 SKIP Full config: x86_64_defconfig+x86-chromebook Compiler: gcc-10 (gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable-rc/linux-5.15.y/v5.15.120-461-gf00f5bd… HTML log: https://storage.kernelci.org//stable-rc/linux-5.15.y/v5.15.120-461-gf00f5bd… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2023… * baseline.bootrr.deferred-probe-empty: https://kernelci.org/test/case/id/64ba91d94dfd82d1158ace2a failing since 114 days (last pass: v5.15.104, first fail: v5.15.104-147-gea115396267e) 2023-07-21T14:10:11.773987 + set +x 2023-07-21T14:10:11.780802 <8>[ 10.737173] <LAVA_SIGNAL_ENDRUN 0_dmesg 11123351_1.4.2.3.1> 2023-07-21T14:10:11.883442 2023-07-21T14:10:11.984111 / # #export SHELL=/bin/sh 2023-07-21T14:10:11.984354 2023-07-21T14:10:12.084924 / # export SHELL=/bin/sh. /lava-11123351/environment 2023-07-21T14:10:12.085170 2023-07-21T14:10:12.185763 / # . /lava-11123351/environment/lava-11123351/bin/lava-test-runner /lava-11123351/1 2023-07-21T14:10:12.186132 2023-07-21T14:10:12.190656 / # /lava-11123351/bin/lava-test-runner /lava-11123351/1 ... (12 line(s) more) platform | arch | lab | compiler | defconfig | regressions -----------------------------+--------+---------------+----------+------------------------------+------------ hp-x360-14a-cb0001xx-zork | x86_64 | lab-collabora | gcc-10 | x86_64_defcon...6-chromebook | 1 Details: https://kernelci.org/test/plan/id/64ba8f30799f9eed128ace29 Results: 6 PASS, 1 FAIL, 0 SKIP Full config: x86_64_defconfig+x86-chromebook Compiler: gcc-10 (gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable-rc/linux-5.15.y/v5.15.120-461-gf00f5bd… HTML log: https://storage.kernelci.org//stable-rc/linux-5.15.y/v5.15.120-461-gf00f5bd… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2023… * baseline.bootrr.deferred-probe-empty: https://kernelci.org/test/case/id/64ba8f30799f9eed128ace2e failing since 114 days (last pass: v5.15.104, first fail: v5.15.104-147-gea115396267e) 2023-07-21T13:58:53.086390 + set +x<8>[ 11.844846] <LAVA_SIGNAL_ENDRUN 0_dmesg 11123324_1.4.2.3.1> 2023-07-21T13:58:53.086781 2023-07-21T13:58:53.193256 / # # 2023-07-21T13:58:53.295344 export SHELL=/bin/sh 2023-07-21T13:58:53.296053 # 2023-07-21T13:58:53.397407 / # export SHELL=/bin/sh. /lava-11123324/environment 2023-07-21T13:58:53.398062 2023-07-21T13:58:53.499432 / # . /lava-11123324/environment/lava-11123324/bin/lava-test-runner /lava-11123324/1 2023-07-21T13:58:53.499736 2023-07-21T13:58:53.504174 / # /lava-11123324/bin/lava-test-runner /lava-11123324/1 ... (12 line(s) more) platform | arch | lab | compiler | defconfig | regressions -----------------------------+--------+---------------+----------+------------------------------+------------ lenovo-TPad-C13-Yoga-zork | x86_64 | lab-collabora | gcc-10 | x86_64_defcon...6-chromebook | 1 Details: https://kernelci.org/test/plan/id/64ba8f2e799f9eed128ace1c Results: 6 PASS, 1 FAIL, 0 SKIP Full config: x86_64_defconfig+x86-chromebook Compiler: gcc-10 (gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable-rc/linux-5.15.y/v5.15.120-461-gf00f5bd… HTML log: https://storage.kernelci.org//stable-rc/linux-5.15.y/v5.15.120-461-gf00f5bd… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2023… * baseline.bootrr.deferred-probe-empty: https://kernelci.org/test/case/id/64ba8f2e799f9eed128ace21 failing since 114 days (last pass: v5.15.104, first fail: v5.15.104-147-gea115396267e) 2023-07-21T13:58:55.840613 + set<8>[ 12.872116] <LAVA_SIGNAL_ENDRUN 0_dmesg 11123325_1.4.2.3.1> 2023-07-21T13:58:55.840705 +x 2023-07-21T13:58:55.945417 / # # 2023-07-21T13:58:56.046211 export SHELL=/bin/sh 2023-07-21T13:58:56.046425 # 2023-07-21T13:58:56.146933 / # export SHELL=/bin/sh. /lava-11123325/environment 2023-07-21T13:58:56.147134 2023-07-21T13:58:56.247724 / # . /lava-11123325/environment/lava-11123325/bin/lava-test-runner /lava-11123325/1 2023-07-21T13:58:56.248148 2023-07-21T13:58:56.253382 / # /lava-11123325/bin/lava-test-runner /lava-11123325/1 ... (12 line(s) more)

2 years, 3 months

1
0
0 0

Re: [PATCH 6.4 000/292] 6.4.5-rc1 review

by Ronald Warsow

Hi Greg 6.4.5-rc1 compiles, boots and runs here on x86_64 (Intel Rocket Lake, i5-11400) Thanks Tested-by: Ronald Warsow <rwarsow(a)gmx.de>

2 years, 3 months

1
0
0 0

[RESEND PATCH v8 07/10] serial: sc16is7xx: fix bug when first setting GPIO direction

by Hugo Villeneuve

From: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> When configuring a pin as an output pin with a value of logic 0, we end up as having a value of logic 1 on the output pin. Setting a logic 0 a second time (or more) after that will correctly output a logic 0 on the output pin. By default, all GPIO pins are configured as inputs. When we enter sc16is7xx_gpio_direction_output() for the first time, we first set the desired value in IOSTATE, and then we configure the pin as an output. The datasheet states that writing to IOSTATE register will trigger a transfer of the value to the I/O pin configured as output, so if the pin is configured as an input, nothing will be transferred. Therefore, set the direction first in IODIR, and then set the desired value in IOSTATE. This is what is done in NXP application note AN10587. Fixes: dfeae619d781 ("serial: sc16is7xx") Cc: <stable(a)vger.kernel.org> Signed-off-by: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> Reviewed-by: Lech Perczak <lech.perczak(a)camlingroup.com> Tested-by: Lech Perczak <lech.perczak(a)camlingroup.com> --- drivers/tty/serial/sc16is7xx.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/drivers/tty/serial/sc16is7xx.c b/drivers/tty/serial/sc16is7xx.c index bc0a288f258d..07ae889db296 100644 --- a/drivers/tty/serial/sc16is7xx.c +++ b/drivers/tty/serial/sc16is7xx.c @@ -1342,9 +1342,18 @@ static int sc16is7xx_gpio_direction_output(struct gpio_chip *chip, state |= BIT(offset); else state &= ~BIT(offset); - sc16is7xx_port_write(port, SC16IS7XX_IOSTATE_REG, state); + + /* + * If we write IOSTATE first, and then IODIR, the output value is not + * transferred to the corresponding I/O pin. + * The datasheet states that each register bit will be transferred to + * the corresponding I/O pin programmed as output when writing to + * IOSTATE. Therefore, configure direction first with IODIR, and then + * set value after with IOSTATE. + */ sc16is7xx_port_update(port, SC16IS7XX_IODIR_REG, BIT(offset), BIT(offset)); + sc16is7xx_port_write(port, SC16IS7XX_IOSTATE_REG, state); return 0; } -- 2.30.2

2 years, 3 months

1
0
0 0

[RESEND PATCH v8 05/10] dt-bindings: sc16is7xx: Add property to change GPIO function

by Hugo Villeneuve

From: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> Some variants in this series of UART controllers have GPIO pins that are shared between GPIO and modem control lines. The pin mux mode (GPIO or modem control lines) can be set for each ports (channels) supported by the variant. This adds a property to the device tree to set the GPIO pin mux to modem control lines on selected ports if needed. Cc: <stable(a)vger.kernel.org> # 6.1.x Signed-off-by: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> Acked-by: Conor Dooley <conor.dooley(a)microchip.com> Reviewed-by: Lech Perczak <lech.perczak(a)camlingroup.com> --- .../bindings/serial/nxp,sc16is7xx.txt | 46 +++++++++++++++++++ 1 file changed, 46 insertions(+) diff --git a/Documentation/devicetree/bindings/serial/nxp,sc16is7xx.txt b/Documentation/devicetree/bindings/serial/nxp,sc16is7xx.txt index 0fa8e3e43bf8..1a7e4bff0456 100644 --- a/Documentation/devicetree/bindings/serial/nxp,sc16is7xx.txt +++ b/Documentation/devicetree/bindings/serial/nxp,sc16is7xx.txt @@ -23,6 +23,9 @@ Optional properties: 1 = active low. - irda-mode-ports: An array that lists the indices of the port that should operate in IrDA mode. +- nxp,modem-control-line-ports: An array that lists the indices of the port that + should have shared GPIO lines configured as + modem control lines. Example: sc16is750: sc16is750@51 { @@ -35,6 +38,26 @@ Example: #gpio-cells = <2>; }; + sc16is752: sc16is752@53 { + compatible = "nxp,sc16is752"; + reg = <0x53>; + clocks = <&clk20m>; + interrupt-parent = <&gpio3>; + interrupts = <7 IRQ_TYPE_EDGE_FALLING>; + nxp,modem-control-line-ports = <1>; /* Port 1 as modem control lines */ + gpio-controller; /* Port 0 as GPIOs */ + #gpio-cells = <2>; + }; + + sc16is752: sc16is752@54 { + compatible = "nxp,sc16is752"; + reg = <0x54>; + clocks = <&clk20m>; + interrupt-parent = <&gpio3>; + interrupts = <7 IRQ_TYPE_EDGE_FALLING>; + nxp,modem-control-line-ports = <0 1>; /* Ports 0 and 1 as modem control lines */ + }; + * spi as bus Required properties: @@ -59,6 +82,9 @@ Optional properties: 1 = active low. - irda-mode-ports: An array that lists the indices of the port that should operate in IrDA mode. +- nxp,modem-control-line-ports: An array that lists the indices of the port that + should have shared GPIO lines configured as + modem control lines. Example: sc16is750: sc16is750@0 { @@ -70,3 +96,23 @@ Example: gpio-controller; #gpio-cells = <2>; }; + + sc16is752: sc16is752@1 { + compatible = "nxp,sc16is752"; + reg = <1>; + clocks = <&clk20m>; + interrupt-parent = <&gpio3>; + interrupts = <7 IRQ_TYPE_EDGE_FALLING>; + nxp,modem-control-line-ports = <1>; /* Port 1 as modem control lines */ + gpio-controller; /* Port 0 as GPIOs */ + #gpio-cells = <2>; + }; + + sc16is752: sc16is752@2 { + compatible = "nxp,sc16is752"; + reg = <2>; + clocks = <&clk20m>; + interrupt-parent = <&gpio3>; + interrupts = <7 IRQ_TYPE_EDGE_FALLING>; + nxp,modem-control-line-ports = <0 1>; /* Ports 0 and 1 as modem control lines */ + }; -- 2.30.2

2 years, 3 months

1
0
0 0

[RESEND PATCH v8 04/10] serial: sc16is7xx: refactor GPIO controller registration

by Hugo Villeneuve

From: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> In preparation for upcoming patch "fix regression with GPIO configuration". To facilitate review and make code more modular. Cc: <stable(a)vger.kernel.org> # 6.1.x Signed-off-by: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> Reviewed-by: Lech Perczak <lech.perczak(a)camlingroup.com> Tested-by: Lech Perczak <lech.perczak(a)camlingroup.com> --- drivers/tty/serial/sc16is7xx.c | 40 ++++++++++++++++++++-------------- 1 file changed, 24 insertions(+), 16 deletions(-) diff --git a/drivers/tty/serial/sc16is7xx.c b/drivers/tty/serial/sc16is7xx.c index 32d43d00a583..5b0aeef9d534 100644 --- a/drivers/tty/serial/sc16is7xx.c +++ b/drivers/tty/serial/sc16is7xx.c @@ -332,6 +332,7 @@ struct sc16is7xx_one { struct sc16is7xx_port { const struct sc16is7xx_devtype *devtype; + struct device *dev; struct regmap *regmap; struct clk *clk; #ifdef CONFIG_GPIOLIB @@ -1349,6 +1350,25 @@ static int sc16is7xx_gpio_direction_output(struct gpio_chip *chip, return 0; } + +static int sc16is7xx_setup_gpio_chip(struct sc16is7xx_port *s) +{ + if (!s->devtype->nr_gpio) + return 0; + + s->gpio.owner = THIS_MODULE; + s->gpio.parent = s->dev; + s->gpio.label = dev_name(s->dev); + s->gpio.direction_input = sc16is7xx_gpio_direction_input; + s->gpio.get = sc16is7xx_gpio_get; + s->gpio.direction_output = sc16is7xx_gpio_direction_output; + s->gpio.set = sc16is7xx_gpio_set; + s->gpio.base = -1; + s->gpio.ngpio = s->devtype->nr_gpio; + s->gpio.can_sleep = 1; + + return gpiochip_add_data(&s->gpio, s); +} #endif static const struct serial_rs485 sc16is7xx_rs485_supported = { @@ -1412,6 +1432,7 @@ static int sc16is7xx_probe(struct device *dev, s->regmap = regmap; s->devtype = devtype; + s->dev = dev; dev_set_drvdata(dev, s); mutex_init(&s->efr_lock); @@ -1502,22 +1523,9 @@ static int sc16is7xx_probe(struct device *dev, } #ifdef CONFIG_GPIOLIB - if (devtype->nr_gpio) { - /* Setup GPIO cotroller */ - s->gpio.owner = THIS_MODULE; - s->gpio.parent = dev; - s->gpio.label = dev_name(dev); - s->gpio.direction_input = sc16is7xx_gpio_direction_input; - s->gpio.get = sc16is7xx_gpio_get; - s->gpio.direction_output = sc16is7xx_gpio_direction_output; - s->gpio.set = sc16is7xx_gpio_set; - s->gpio.base = -1; - s->gpio.ngpio = devtype->nr_gpio; - s->gpio.can_sleep = 1; - ret = gpiochip_add_data(&s->gpio, s); - if (ret) - goto out_ports; - } + ret = sc16is7xx_setup_gpio_chip(s); + if (ret) + goto out_ports; #endif /* -- 2.30.2

2 years, 3 months

1
0
0 0

[RESEND PATCH v8 02/10] serial: sc16is7xx: mark IOCONTROL register as volatile

by Hugo Villeneuve

From: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> Bit SRESET (3) is cleared when a reset operation is completed. Having the IOCONTROL register as non-volatile will always read SRESET as 1, which is incorrect. Also, if IOCONTROL register is not a volatile register, the upcoming patch "serial: sc16is7xx: fix regression with GPIO configuration" doesn't work when setting some shared GPIO lines as modem control lines. Therefore mark IOCONTROL register as a volatile register. Cc: <stable(a)vger.kernel.org> # 6.1.x Signed-off-by: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> Reviewed-by: Lech Perczak <lech.perczak(a)camlingroup.com> Tested-by: Lech Perczak <lech.perczak(a)camlingroup.com> --- drivers/tty/serial/sc16is7xx.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/tty/serial/sc16is7xx.c b/drivers/tty/serial/sc16is7xx.c index 8ae2afc76a9b..306ae512b38a 100644 --- a/drivers/tty/serial/sc16is7xx.c +++ b/drivers/tty/serial/sc16is7xx.c @@ -488,6 +488,7 @@ static bool sc16is7xx_regmap_volatile(struct device *dev, unsigned int reg) case SC16IS7XX_TXLVL_REG: case SC16IS7XX_RXLVL_REG: case SC16IS7XX_IOSTATE_REG: + case SC16IS7XX_IOCONTROL_REG: return true; default: break; -- 2.30.2

2 years, 3 months

1
0
0 0

[RESEND PATCH v8 01/10] serial: sc16is7xx: fix broken port 0 uart init

by Hugo Villeneuve

From: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> The sc16is7xx_config_rs485() function is called only for the second port (index 1, channel B), causing initialization problems for the first port. For the sc16is7xx driver, port->membase and port->mapbase are not set, and their default values are 0. And we set port->iobase to the device index. This means that when the first device is registered using the uart_add_one_port() function, the following values will be in the port structure: port->membase = 0 port->mapbase = 0 port->iobase = 0 Therefore, the function uart_configure_port() in serial_core.c will exit early because of the following check: /* * If there isn't a port here, don't do anything further. */ if (!port->iobase && !port->mapbase && !port->membase) return; Typically, I2C and SPI drivers do not set port->membase and port->mapbase. The max310x driver sets port->membase to ~0 (all ones). By implementing the same change in this driver, uart_configure_port() is now correctly executed for all ports. Fixes: dfeae619d781 ("serial: sc16is7xx") Cc: <stable(a)vger.kernel.org> # 6.1.x Signed-off-by: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> Reviewed-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> Reviewed-by: Lech Perczak <lech.perczak(a)camlingroup.com> Tested-by: Lech Perczak <lech.perczak(a)camlingroup.com> --- drivers/tty/serial/sc16is7xx.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/tty/serial/sc16is7xx.c b/drivers/tty/serial/sc16is7xx.c index 2e7e7c409cf2..8ae2afc76a9b 100644 --- a/drivers/tty/serial/sc16is7xx.c +++ b/drivers/tty/serial/sc16is7xx.c @@ -1436,6 +1436,7 @@ static int sc16is7xx_probe(struct device *dev, s->p[i].port.fifosize = SC16IS7XX_FIFO_SIZE; s->p[i].port.flags = UPF_FIXED_TYPE | UPF_LOW_LATENCY; s->p[i].port.iobase = i; + s->p[i].port.membase = (void __iomem *)~0; s->p[i].port.iotype = UPIO_PORT; s->p[i].port.uartclk = freq; s->p[i].port.rs485_config = sc16is7xx_config_rs485; -- 2.30.2

2 years, 3 months

1
0
0 0

stable-rc/linux-4.19.y baseline: 10 runs, 1 regressions (v4.19.288-158-g5299d5c89ca8)

by kernelci.org bot

stable-rc/linux-4.19.y baseline: 10 runs, 1 regressions (v4.19.288-158-g5299d5c89ca8) Regressions Summary ------------------- platform | arch | lab | compiler | defconfig | regressions --------------+------+-------------+----------+--------------------+------------ at91sam9g20ek | arm | lab-broonie | gcc-10 | multi_v5_defconfig | 1 Details: https://kernelci.org/test/job/stable-rc/branch/linux-4.19.y/kernel/v4.19.28… Test: baseline Tree: stable-rc Branch: linux-4.19.y Describe: v4.19.288-158-g5299d5c89ca8 URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git SHA: 5299d5c89ca823714738cf2e26456fdfde8bda91 Test Regressions ---------------- platform | arch | lab | compiler | defconfig | regressions --------------+------+-------------+----------+--------------------+------------ at91sam9g20ek | arm | lab-broonie | gcc-10 | multi_v5_defconfig | 1 Details: https://kernelci.org/test/plan/id/64ba7a2bff38d7920a8ace3f Results: 42 PASS, 9 FAIL, 1 SKIP Full config: multi_v5_defconfig Compiler: gcc-10 (arm-linux-gnueabihf-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable-rc/linux-4.19.y/v4.19.288-158-g5299d5c… HTML log: https://storage.kernelci.org//stable-rc/linux-4.19.y/v4.19.288-158-g5299d5c… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2023… * baseline.bootrr.deferred-probe-empty: https://kernelci.org/test/case/id/64ba7a2bff38d7920a8ace71 failing since 21 days (last pass: v4.19.287, first fail: v4.19.288-6-g9430a6475aa0) 2023-07-21T12:28:51.580685 + set +x 2023-07-21T12:28:51.585710 <8><LAVA_SIGNAL_ENDRUN 0_dmesg 4597_1.5.2.4.1> 2023-07-21T12:28:51.699601 / # # 2023-07-21T12:28:51.802624 export SHELL=/bin/sh 2023-07-21T12:28:51.803429 # 2023-07-21T12:28:51.905381 / # export SHELL=/bin/sh. /lava-4597/environment 2023-07-21T12:28:51.906191 2023-07-21T12:28:52.008212 / # . /lava-4597/environment/lava-4597/bin/lava-test-runner /lava-4597/1 2023-07-21T12:28:52.009566 2023-07-21T12:28:52.015916 / # /lava-4597/bin/lava-test-runner /lava-4597/1 ... (12 line(s) more)

2 years, 3 months

1
0
0 0

[PATCH v7 5/9] serial: sc16is7xx: fix regression with GPIO configuration

by Hugo Villeneuve

From: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> Commit 679875d1d880 ("sc16is7xx: Separate GPIOs from modem control lines") and commit 21144bab4f11 ("sc16is7xx: Handle modem status lines") changed the function of the GPIOs pins to act as modem control lines without any possibility of selecting GPIO function. As a consequence, applications that depends on GPIO lines configured by default as GPIO pins no longer work as expected. Also, the change to select modem control lines function was done only for channel A of dual UART variants (752/762). This was not documented in the log message. Allow to specify GPIO or modem control line function in the device tree, and for each of the ports (A or B). Do so by using the new device-tree property named "modem-control-line-ports" (property added in separate patch). When registering GPIO chip controller, mask-out GPIO pins declared as modem control lines according to this new "modem-control-line-ports" DT property. Boards that need to have GPIOS configured as modem control lines should add that property to their device tree. Here is a list of boards using the sc16is7xx driver in their device tree and that may need to be modified: arm64/boot/dts/freescale/fsl-ls1012a-frdm.dts mips/boot/dts/ingenic/cu1830-neo.dts mips/boot/dts/ingenic/cu1000-neo.dts Fixes: 679875d1d880 ("sc16is7xx: Separate GPIOs from modem control lines") Fixes: 21144bab4f11 ("sc16is7xx: Handle modem status lines") Cc: <stable(a)vger.kernel.org> # 6.1.x: 35210b22 dt-bindings: sc16is7xx: Add property to change GPIO function Cc: <stable(a)vger.kernel.org> # 6.1.x: 7d61ca47 serial: sc16is7xx: refactor GPIO controller registration Cc: <stable(a)vger.kernel.org> # 6.1.x: 322470ed serial: sc16is7xx: mark IOCONTROL register as volatile Cc: <stable(a)vger.kernel.org> # 6.1.x: a0077362 serial: sc16is7xx: fix broken port 0 uart init Cc: <stable(a)vger.kernel.org> # 6.1.x Signed-off-by: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> Reviewed-by: Andy Shevchenko <andy.shevchenko(a)gmail.com> --- drivers/tty/serial/sc16is7xx.c | 103 ++++++++++++++++++++++++++------- 1 file changed, 82 insertions(+), 21 deletions(-) diff --git a/drivers/tty/serial/sc16is7xx.c b/drivers/tty/serial/sc16is7xx.c index 7d50674d2d0e..edc83f5f6340 100644 --- a/drivers/tty/serial/sc16is7xx.c +++ b/drivers/tty/serial/sc16is7xx.c @@ -236,7 +236,8 @@ /* IOControl register bits (Only 750/760) */ #define SC16IS7XX_IOCONTROL_LATCH_BIT (1 << 0) /* Enable input latching */ -#define SC16IS7XX_IOCONTROL_MODEM_BIT (1 << 1) /* Enable GPIO[7:4] as modem pins */ +#define SC16IS7XX_IOCONTROL_MODEM_A_BIT (1 << 1) /* Enable GPIO[7:4] as modem A pins */ +#define SC16IS7XX_IOCONTROL_MODEM_B_BIT (1 << 2) /* Enable GPIO[3:0] as modem B pins */ #define SC16IS7XX_IOCONTROL_SRESET_BIT (1 << 3) /* Software Reset */ /* EFCR register bits */ @@ -301,12 +302,12 @@ /* Misc definitions */ #define SC16IS7XX_FIFO_SIZE (64) #define SC16IS7XX_REG_SHIFT 2 +#define SC16IS7XX_GPIOS_PER_BANK 4 struct sc16is7xx_devtype { char name[10]; int nr_gpio; int nr_uart; - int has_mctrl; }; #define SC16IS7XX_RECONF_MD (1 << 0) @@ -336,6 +337,7 @@ struct sc16is7xx_port { struct clk *clk; #ifdef CONFIG_GPIOLIB struct gpio_chip gpio; + unsigned long gpio_valid_mask; #endif unsigned char buf[SC16IS7XX_FIFO_SIZE]; struct kthread_worker kworker; @@ -447,35 +449,30 @@ static const struct sc16is7xx_devtype sc16is74x_devtype = { .name = "SC16IS74X", .nr_gpio = 0, .nr_uart = 1, - .has_mctrl = 0, }; static const struct sc16is7xx_devtype sc16is750_devtype = { .name = "SC16IS750", - .nr_gpio = 4, + .nr_gpio = 8, .nr_uart = 1, - .has_mctrl = 1, }; static const struct sc16is7xx_devtype sc16is752_devtype = { .name = "SC16IS752", - .nr_gpio = 0, + .nr_gpio = 8, .nr_uart = 2, - .has_mctrl = 1, }; static const struct sc16is7xx_devtype sc16is760_devtype = { .name = "SC16IS760", - .nr_gpio = 4, + .nr_gpio = 8, .nr_uart = 1, - .has_mctrl = 1, }; static const struct sc16is7xx_devtype sc16is762_devtype = { .name = "SC16IS762", - .nr_gpio = 0, + .nr_gpio = 8, .nr_uart = 2, - .has_mctrl = 1, }; static bool sc16is7xx_regmap_volatile(struct device *dev, unsigned int reg) @@ -1350,16 +1347,45 @@ static int sc16is7xx_gpio_direction_output(struct gpio_chip *chip, return 0; } -static int sc16is7xx_setup_gpio_chip(struct device *dev) +static int sc16is7xx_gpio_init_valid_mask(struct gpio_chip *chip, + unsigned long *valid_mask, + unsigned int ngpios) +{ + struct sc16is7xx_port *s = gpiochip_get_data(chip); + + *valid_mask = s->gpio_valid_mask; + + return 0; +} + +static int sc16is7xx_setup_gpio_chip(struct device *dev, u8 mctrl_mask) { struct sc16is7xx_port *s = dev_get_drvdata(dev); if (!s->devtype->nr_gpio) return 0; + switch (mctrl_mask) { + case 0: + s->gpio_valid_mask = GENMASK(7, 0); + break; + case SC16IS7XX_IOCONTROL_MODEM_A_BIT: + s->gpio_valid_mask = GENMASK(3, 0); + break; + case SC16IS7XX_IOCONTROL_MODEM_B_BIT: + s->gpio_valid_mask = GENMASK(7, 4); + break; + default: + break; + } + + if (s->gpio_valid_mask == 0) + return 0; + s->gpio.owner = THIS_MODULE; s->gpio.parent = dev; s->gpio.label = dev_name(dev); + s->gpio.init_valid_mask = sc16is7xx_gpio_init_valid_mask; s->gpio.direction_input = sc16is7xx_gpio_direction_input; s->gpio.get = sc16is7xx_gpio_get; s->gpio.direction_output = sc16is7xx_gpio_direction_output; @@ -1371,6 +1397,44 @@ static int sc16is7xx_setup_gpio_chip(struct device *dev) } #endif +static u8 sc16is7xx_setup_mctrl_ports(struct device *dev) +{ + struct sc16is7xx_port *s = dev_get_drvdata(dev); + int i; + int ret; + int count; + u32 mctrl_port[2]; + u8 mctrl_mask; + + count = device_property_count_u32(dev, "nxp,modem-control-line-ports"); + if (count < 0 || count > ARRAY_SIZE(mctrl_port)) + return 0; + + ret = device_property_read_u32_array(dev, "nxp,modem-control-line-ports", + mctrl_port, count); + if (ret) + return 0; + + mctrl_mask = 0; + + for (i = 0; i < count; i++) { + /* Use GPIO lines as modem control lines */ + if (mctrl_port[i] == 0) + mctrl_mask |= SC16IS7XX_IOCONTROL_MODEM_A_BIT; + else if (mctrl_port[i] == 1) + mctrl_mask |= SC16IS7XX_IOCONTROL_MODEM_B_BIT; + } + + if (mctrl_mask) + regmap_update_bits( + s->regmap, + SC16IS7XX_IOCONTROL_REG << SC16IS7XX_REG_SHIFT, + SC16IS7XX_IOCONTROL_MODEM_A_BIT | + SC16IS7XX_IOCONTROL_MODEM_B_BIT, mctrl_mask); + + return mctrl_mask; +} + static const struct serial_rs485 sc16is7xx_rs485_supported = { .flags = SER_RS485_ENABLED | SER_RS485_RTS_AFTER_SEND, .delay_rts_before_send = 1, @@ -1383,6 +1447,7 @@ static int sc16is7xx_probe(struct device *dev, { unsigned long freq = 0, *pfreq = dev_get_platdata(dev); unsigned int val; + u8 mctrl_mask; u32 uartclk = 0; int i, ret; struct sc16is7xx_port *s; @@ -1478,12 +1543,6 @@ static int sc16is7xx_probe(struct device *dev, SC16IS7XX_EFCR_RXDISABLE_BIT | SC16IS7XX_EFCR_TXDISABLE_BIT); - /* Use GPIO lines as modem status registers */ - if (devtype->has_mctrl) - sc16is7xx_port_write(&s->p[i].port, - SC16IS7XX_IOCONTROL_REG, - SC16IS7XX_IOCONTROL_MODEM_BIT); - /* Initialize kthread work structs */ kthread_init_work(&s->p[i].tx_work, sc16is7xx_tx_proc); kthread_init_work(&s->p[i].reg_work, sc16is7xx_reg_proc); @@ -1521,8 +1580,10 @@ static int sc16is7xx_probe(struct device *dev, s->p[u].irda_mode = true; } + mctrl_mask = sc16is7xx_setup_mctrl_ports(dev); + #ifdef CONFIG_GPIOLIB - ret = sc16is7xx_setup_gpio_chip(dev); + ret = sc16is7xx_setup_gpio_chip(dev, mctrl_mask); if (ret) goto out_thread; #endif @@ -1547,7 +1608,7 @@ static int sc16is7xx_probe(struct device *dev, return 0; #ifdef CONFIG_GPIOLIB - if (devtype->nr_gpio) + if (s->gpio_valid_mask) gpiochip_remove(&s->gpio); out_thread: @@ -1573,7 +1634,7 @@ static void sc16is7xx_remove(struct device *dev) int i; #ifdef CONFIG_GPIOLIB - if (s->devtype->nr_gpio) + if (s->gpio_valid_mask) gpiochip_remove(&s->gpio); #endif -- 2.30.2

2 years, 3 months

4
24
0 0

[PATCH AUTOSEL 6.4 01/12] platform/chrome: cros_ec: Report EC panic as uevent

by Sasha Levin

From: Rob Barnes <robbarnes(a)google.com> [ Upstream commit 2cbf475a04b2ae3d722bbe41742e5d874a027fc3 ] Create a uevent when an EC panic is detected. This will allow udev rules to trigger when a panic occurs. For example, a udev rule could be added to capture an EC coredump. This approach avoids the need to stuff all the processing into the driver. Signed-off-by: Rob Barnes <robbarnes(a)google.com> Reviewed-by: Prashant Malani <pmalani(a)chromium.org> Signed-off-by: Tzung-Bi Shih <tzungbi(a)kernel.org> Link: https://lore.kernel.org/r/20230509232624.3120347-1-robbarnes@google.com Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/platform/chrome/cros_ec_lpc.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/platform/chrome/cros_ec_lpc.c b/drivers/platform/chrome/cros_ec_lpc.c index 68bba0fcafab3..2b1ce3e1abf2e 100644 --- a/drivers/platform/chrome/cros_ec_lpc.c +++ b/drivers/platform/chrome/cros_ec_lpc.c @@ -16,6 +16,7 @@ #include <linux/delay.h> #include <linux/io.h> #include <linux/interrupt.h> +#include <linux/kobject.h> #include <linux/module.h> #include <linux/platform_data/cros_ec_commands.h> #include <linux/platform_data/cros_ec_proto.h> @@ -315,6 +316,7 @@ static int cros_ec_lpc_readmem(struct cros_ec_device *ec, unsigned int offset, static void cros_ec_lpc_acpi_notify(acpi_handle device, u32 value, void *data) { + static const char *env[] = { "ERROR=PANIC", NULL }; struct cros_ec_device *ec_dev = data; bool ec_has_more_events; int ret; @@ -324,6 +326,7 @@ static void cros_ec_lpc_acpi_notify(acpi_handle device, u32 value, void *data) if (value == ACPI_NOTIFY_CROS_EC_PANIC) { dev_emerg(ec_dev->dev, "CrOS EC Panic Reported. Shutdown is imminent!"); blocking_notifier_call_chain(&ec_dev->panic_notifier, 0, ec_dev); + kobject_uevent_env(&ec_dev->dev->kobj, KOBJ_CHANGE, (char **)env); /* Begin orderly shutdown. Force shutdown after 1 second. */ hw_protection_shutdown("CrOS EC Panic", 1000); /* Do not query for other events after a panic is reported */ -- 2.39.2

2 years, 3 months

6
22
0 0

[PATCH 5.10 0/1] RDMA/cma: Ensure rdma_addr_cancel() happens before issuing more requests

by Anton Gusev

Syzkaller reports use-after-free at addr_handler in 5.10 stable releases. The problem was fixed in upstream and backported into 5.14, but wasn't applied to 5.10 and lower versions due to a small merge conflict. This patch is a modified version that can be cleanly applied to 5.10 and 5.4 stable branches. Found by Linux Verification Center (linuxtesting.org) with Syzkaller.

2 years, 3 months

1
1
0 0

FAILED: patch "[PATCH] scsi: qla2xxx: Correct the index of array" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.14.y git checkout FETCH_HEAD git cherry-pick -x b1b9d3825df4c757d653d0b1df66f084835db9c3 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023072113-unveiling-lizard-c937@gregkh' --subject-prefix 'PATCH 4.14.y' HEAD^.. Possible dependencies: b1b9d3825df4 ("scsi: qla2xxx: Correct the index of array") 27258a577144 ("scsi: qla2xxx: Add a shadow variable to hold disc_state history of fcport") 58e39a2ce4be ("scsi: qla2xxx: Change discovery state before PLOGI") 983f127603fa ("scsi: qla2xxx: Retry PLOGI on FC-NVMe PRLI failure") c76ae845ea83 ("scsi: qla2xxx: Add error handling for PLOGI ELS passthrough") 84ed362ac40c ("scsi: qla2xxx: Dual FCP-NVMe target port support") f3f1938bb673 ("scsi: qla2xxx: Fix N2N link up fail") 7f2a398d59d6 ("scsi: qla2xxx: Fix N2N link reset") ce0ba496dccf ("scsi: qla2xxx: Fix stuck login session") 897def200421 ("scsi: qla2xxx: Inline the qla2x00_fcport_event_handler() function") 0184793df2e8 ("scsi: qla2xxx: Use tabs instead of spaces for indentation") a630bdc54f6d ("scsi: qla2xxx: Move qla2x00_set_fcport_state() from a .h into a .c file") bd432bb53cff ("scsi: qla2xxx: Leave a blank line after declarations") 2703eaaf4eae ("scsi: qla2xxx: Use tabs to indent code") a6a6d0589ac4 ("scsi: scsi_transport_fc: nvme: display FC-NVMe port roles") f8f97b0c5b7f ("scsi: qla2xxx: Cleanups for NVRAM/Flash read/write path") ecc89f25e225 ("scsi: qla2xxx: Add Device ID for ISP28XX") 24ef8f7eb5d0 ("scsi: qla2xxx: Fix routine qla27xx_dump_{mpi|ram}()") df617ffbbc5e ("scsi: qla2xxx: Add fw_attr and port_no SysFS node") 64f61d994483 ("scsi: qla2xxx: Add new FW dump template entry types") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b1b9d3825df4c757d653d0b1df66f084835db9c3 Mon Sep 17 00:00:00 2001 From: Bikash Hazarika <bhazarika(a)marvell.com> Date: Wed, 7 Jun 2023 17:08:42 +0530 Subject: [PATCH] scsi: qla2xxx: Correct the index of array Klocwork reported array 'port_dstate_str' of size 10 may use index value(s) 10..15. Add a fix to correct the index of array. Cc: stable(a)vger.kernel.org Signed-off-by: Bikash Hazarika <bhazarika(a)marvell.com> Signed-off-by: Nilesh Javali <njavali(a)marvell.com> Link: https://lore.kernel.org/r/20230607113843.37185-8-njavali@marvell.com Reviewed-by: Himanshu Madhani <himanshu.madhani(a)oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/scsi/qla2xxx/qla_inline.h b/drivers/scsi/qla2xxx/qla_inline.h index cce6e425c121..946a39504a35 100644 --- a/drivers/scsi/qla2xxx/qla_inline.h +++ b/drivers/scsi/qla2xxx/qla_inline.h @@ -109,11 +109,13 @@ qla2x00_set_fcport_disc_state(fc_port_t *fcport, int state) { int old_val; uint8_t shiftbits, mask; + uint8_t port_dstate_str_sz; /* This will have to change when the max no. of states > 16 */ shiftbits = 4; mask = (1 << shiftbits) - 1; + port_dstate_str_sz = sizeof(port_dstate_str) / sizeof(char *); fcport->disc_state = state; while (1) { old_val = atomic_read(&fcport->shadow_disc_state); @@ -121,7 +123,8 @@ qla2x00_set_fcport_disc_state(fc_port_t *fcport, int state) old_val, (old_val << shiftbits) | state)) { ql_dbg(ql_dbg_disc, fcport->vha, 0x2134, "FCPort %8phC disc_state transition: %s to %s - portid=%06x.\n", - fcport->port_name, port_dstate_str[old_val & mask], + fcport->port_name, (old_val & mask) < port_dstate_str_sz ? + port_dstate_str[old_val & mask] : "Unknown", port_dstate_str[state], fcport->d_id.b24); return; }

2 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] scsi: qla2xxx: Correct the index of array" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x b1b9d3825df4c757d653d0b1df66f084835db9c3 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023072112-plywood-delusion-dd8d@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: b1b9d3825df4 ("scsi: qla2xxx: Correct the index of array") 27258a577144 ("scsi: qla2xxx: Add a shadow variable to hold disc_state history of fcport") 58e39a2ce4be ("scsi: qla2xxx: Change discovery state before PLOGI") 983f127603fa ("scsi: qla2xxx: Retry PLOGI on FC-NVMe PRLI failure") c76ae845ea83 ("scsi: qla2xxx: Add error handling for PLOGI ELS passthrough") 84ed362ac40c ("scsi: qla2xxx: Dual FCP-NVMe target port support") f3f1938bb673 ("scsi: qla2xxx: Fix N2N link up fail") 7f2a398d59d6 ("scsi: qla2xxx: Fix N2N link reset") ce0ba496dccf ("scsi: qla2xxx: Fix stuck login session") 897def200421 ("scsi: qla2xxx: Inline the qla2x00_fcport_event_handler() function") 0184793df2e8 ("scsi: qla2xxx: Use tabs instead of spaces for indentation") a630bdc54f6d ("scsi: qla2xxx: Move qla2x00_set_fcport_state() from a .h into a .c file") bd432bb53cff ("scsi: qla2xxx: Leave a blank line after declarations") 2703eaaf4eae ("scsi: qla2xxx: Use tabs to indent code") a6a6d0589ac4 ("scsi: scsi_transport_fc: nvme: display FC-NVMe port roles") f8f97b0c5b7f ("scsi: qla2xxx: Cleanups for NVRAM/Flash read/write path") ecc89f25e225 ("scsi: qla2xxx: Add Device ID for ISP28XX") 24ef8f7eb5d0 ("scsi: qla2xxx: Fix routine qla27xx_dump_{mpi|ram}()") df617ffbbc5e ("scsi: qla2xxx: Add fw_attr and port_no SysFS node") 64f61d994483 ("scsi: qla2xxx: Add new FW dump template entry types") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b1b9d3825df4c757d653d0b1df66f084835db9c3 Mon Sep 17 00:00:00 2001 From: Bikash Hazarika <bhazarika(a)marvell.com> Date: Wed, 7 Jun 2023 17:08:42 +0530 Subject: [PATCH] scsi: qla2xxx: Correct the index of array Klocwork reported array 'port_dstate_str' of size 10 may use index value(s) 10..15. Add a fix to correct the index of array. Cc: stable(a)vger.kernel.org Signed-off-by: Bikash Hazarika <bhazarika(a)marvell.com> Signed-off-by: Nilesh Javali <njavali(a)marvell.com> Link: https://lore.kernel.org/r/20230607113843.37185-8-njavali@marvell.com Reviewed-by: Himanshu Madhani <himanshu.madhani(a)oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/scsi/qla2xxx/qla_inline.h b/drivers/scsi/qla2xxx/qla_inline.h index cce6e425c121..946a39504a35 100644 --- a/drivers/scsi/qla2xxx/qla_inline.h +++ b/drivers/scsi/qla2xxx/qla_inline.h @@ -109,11 +109,13 @@ qla2x00_set_fcport_disc_state(fc_port_t *fcport, int state) { int old_val; uint8_t shiftbits, mask; + uint8_t port_dstate_str_sz; /* This will have to change when the max no. of states > 16 */ shiftbits = 4; mask = (1 << shiftbits) - 1; + port_dstate_str_sz = sizeof(port_dstate_str) / sizeof(char *); fcport->disc_state = state; while (1) { old_val = atomic_read(&fcport->shadow_disc_state); @@ -121,7 +123,8 @@ qla2x00_set_fcport_disc_state(fc_port_t *fcport, int state) old_val, (old_val << shiftbits) | state)) { ql_dbg(ql_dbg_disc, fcport->vha, 0x2134, "FCPort %8phC disc_state transition: %s to %s - portid=%06x.\n", - fcport->port_name, port_dstate_str[old_val & mask], + fcport->port_name, (old_val & mask) < port_dstate_str_sz ? + port_dstate_str[old_val & mask] : "Unknown", port_dstate_str[state], fcport->d_id.b24); return; }

2 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] scsi: qla2xxx: Fix buffer overrun" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.14.y git checkout FETCH_HEAD git cherry-pick -x b68710a8094fdffe8dd4f7a82c82649f479bb453 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023072125-washbowl-subtitle-bab2@gregkh' --subject-prefix 'PATCH 4.14.y' HEAD^.. Possible dependencies: b68710a8094f ("scsi: qla2xxx: Fix buffer overrun") 44f5a37d1e3e ("scsi: qla2xxx: Fix buffer-buffer credit extraction error") 897d68eb816b ("scsi: qla2xxx: Fix WARN_ON in qla_nvme_register_hba") 9f2475fe7406 ("scsi: qla2xxx: SAN congestion management implementation") 62e9dd177732 ("scsi: qla2xxx: Change in PUREX to handle FPIN ELS requests") 818dbde78e0f ("Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b68710a8094fdffe8dd4f7a82c82649f479bb453 Mon Sep 17 00:00:00 2001 From: Quinn Tran <qutran(a)marvell.com> Date: Wed, 7 Jun 2023 17:08:40 +0530 Subject: [PATCH] scsi: qla2xxx: Fix buffer overrun Klocwork warning: Buffer Overflow - Array Index Out of Bounds Driver uses fc_els_flogi to calculate size of buffer. The actual buffer is nested inside of fc_els_flogi which is smaller. Replace structure name to allow proper size calculation. Cc: stable(a)vger.kernel.org Signed-off-by: Quinn Tran <qutran(a)marvell.com> Signed-off-by: Nilesh Javali <njavali(a)marvell.com> Link: https://lore.kernel.org/r/20230607113843.37185-6-njavali@marvell.com Reviewed-by: Himanshu Madhani <himanshu.madhani(a)oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/scsi/qla2xxx/qla_init.c b/drivers/scsi/qla2xxx/qla_init.c index 0df6eae7324e..b0225f6f3221 100644 --- a/drivers/scsi/qla2xxx/qla_init.c +++ b/drivers/scsi/qla2xxx/qla_init.c @@ -5549,7 +5549,7 @@ static void qla_get_login_template(scsi_qla_host_t *vha) __be32 *q; memset(ha->init_cb, 0, ha->init_cb_size); - sz = min_t(int, sizeof(struct fc_els_flogi), ha->init_cb_size); + sz = min_t(int, sizeof(struct fc_els_csp), ha->init_cb_size); rval = qla24xx_get_port_login_templ(vha, ha->init_cb_dma, ha->init_cb, sz); if (rval != QLA_SUCCESS) {

2 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] scsi: qla2xxx: Fix buffer overrun" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x b68710a8094fdffe8dd4f7a82c82649f479bb453 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023072124-cruelty-cruncher-7f60@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: b68710a8094f ("scsi: qla2xxx: Fix buffer overrun") 44f5a37d1e3e ("scsi: qla2xxx: Fix buffer-buffer credit extraction error") 897d68eb816b ("scsi: qla2xxx: Fix WARN_ON in qla_nvme_register_hba") 9f2475fe7406 ("scsi: qla2xxx: SAN congestion management implementation") 62e9dd177732 ("scsi: qla2xxx: Change in PUREX to handle FPIN ELS requests") 818dbde78e0f ("Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b68710a8094fdffe8dd4f7a82c82649f479bb453 Mon Sep 17 00:00:00 2001 From: Quinn Tran <qutran(a)marvell.com> Date: Wed, 7 Jun 2023 17:08:40 +0530 Subject: [PATCH] scsi: qla2xxx: Fix buffer overrun Klocwork warning: Buffer Overflow - Array Index Out of Bounds Driver uses fc_els_flogi to calculate size of buffer. The actual buffer is nested inside of fc_els_flogi which is smaller. Replace structure name to allow proper size calculation. Cc: stable(a)vger.kernel.org Signed-off-by: Quinn Tran <qutran(a)marvell.com> Signed-off-by: Nilesh Javali <njavali(a)marvell.com> Link: https://lore.kernel.org/r/20230607113843.37185-6-njavali@marvell.com Reviewed-by: Himanshu Madhani <himanshu.madhani(a)oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/scsi/qla2xxx/qla_init.c b/drivers/scsi/qla2xxx/qla_init.c index 0df6eae7324e..b0225f6f3221 100644 --- a/drivers/scsi/qla2xxx/qla_init.c +++ b/drivers/scsi/qla2xxx/qla_init.c @@ -5549,7 +5549,7 @@ static void qla_get_login_template(scsi_qla_host_t *vha) __be32 *q; memset(ha->init_cb, 0, ha->init_cb_size); - sz = min_t(int, sizeof(struct fc_els_flogi), ha->init_cb_size); + sz = min_t(int, sizeof(struct fc_els_csp), ha->init_cb_size); rval = qla24xx_get_port_login_templ(vha, ha->init_cb_dma, ha->init_cb, sz); if (rval != QLA_SUCCESS) {

2 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] scsi: qla2xxx: Fix buffer overrun" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x b68710a8094fdffe8dd4f7a82c82649f479bb453 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023072123-oink-gains-2382@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: b68710a8094f ("scsi: qla2xxx: Fix buffer overrun") 44f5a37d1e3e ("scsi: qla2xxx: Fix buffer-buffer credit extraction error") 897d68eb816b ("scsi: qla2xxx: Fix WARN_ON in qla_nvme_register_hba") 9f2475fe7406 ("scsi: qla2xxx: SAN congestion management implementation") 62e9dd177732 ("scsi: qla2xxx: Change in PUREX to handle FPIN ELS requests") 818dbde78e0f ("Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b68710a8094fdffe8dd4f7a82c82649f479bb453 Mon Sep 17 00:00:00 2001 From: Quinn Tran <qutran(a)marvell.com> Date: Wed, 7 Jun 2023 17:08:40 +0530 Subject: [PATCH] scsi: qla2xxx: Fix buffer overrun Klocwork warning: Buffer Overflow - Array Index Out of Bounds Driver uses fc_els_flogi to calculate size of buffer. The actual buffer is nested inside of fc_els_flogi which is smaller. Replace structure name to allow proper size calculation. Cc: stable(a)vger.kernel.org Signed-off-by: Quinn Tran <qutran(a)marvell.com> Signed-off-by: Nilesh Javali <njavali(a)marvell.com> Link: https://lore.kernel.org/r/20230607113843.37185-6-njavali@marvell.com Reviewed-by: Himanshu Madhani <himanshu.madhani(a)oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/scsi/qla2xxx/qla_init.c b/drivers/scsi/qla2xxx/qla_init.c index 0df6eae7324e..b0225f6f3221 100644 --- a/drivers/scsi/qla2xxx/qla_init.c +++ b/drivers/scsi/qla2xxx/qla_init.c @@ -5549,7 +5549,7 @@ static void qla_get_login_template(scsi_qla_host_t *vha) __be32 *q; memset(ha->init_cb, 0, ha->init_cb_size); - sz = min_t(int, sizeof(struct fc_els_flogi), ha->init_cb_size); + sz = min_t(int, sizeof(struct fc_els_csp), ha->init_cb_size); rval = qla24xx_get_port_login_templ(vha, ha->init_cb_dma, ha->init_cb, sz); if (rval != QLA_SUCCESS) {

2 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] scsi: qla2xxx: Avoid fcport pointer dereference" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.14.y git checkout FETCH_HEAD git cherry-pick -x 6b504d06976fe4a61cc05dedc68b84fadb397f77 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023072105-poking-wasp-4610@gregkh' --subject-prefix 'PATCH 4.14.y' HEAD^.. Possible dependencies: 6b504d06976f ("scsi: qla2xxx: Avoid fcport pointer dereference") e0fb8ce2bb9e ("scsi: qla2xxx: edif: Fix potential stuck session in sa update") 31e6cdbe0eae ("scsi: qla2xxx: Implement ref count for SRB") d4523bd6fd5d ("scsi: qla2xxx: Refactor asynchronous command initialization") 2cabf10dbbe3 ("scsi: qla2xxx: Fix hang on NVMe command timeouts") e3d2612f583b ("scsi: qla2xxx: Fix use after free in debug code") 9efea843a906 ("scsi: qla2xxx: edif: Add detection of secure device") dd30706e73b7 ("scsi: qla2xxx: edif: Add key update") fac2807946c1 ("scsi: qla2xxx: edif: Add extraction of auth_els from the wire") 84318a9f01ce ("scsi: qla2xxx: edif: Add send, receive, and accept for auth_els") 7878f22a2e03 ("scsi: qla2xxx: edif: Add getfcinfo and statistic bsgs") 7ebb336e45ef ("scsi: qla2xxx: edif: Add start + stop bsgs") d94d8158e184 ("scsi: qla2xxx: Add heartbeat check") f7a0ed479e66 ("scsi: qla2xxx: Fix crash in PCIe error handling") 2ce35c0821af ("scsi: qla2xxx: Fix use after free in bsg") 5777fef788a5 ("scsi: qla2xxx: Consolidate zio threshold setting for both FCP & NVMe") 960204ecca5e ("scsi: qla2xxx: Simplify if statement") a04658594399 ("scsi: qla2xxx: Wait for ABTS response on I/O timeouts for NVMe") dbf1f53cfd23 ("scsi: qla2xxx: Implementation to get and manage host, target stats and initiator port") 707531bc2626 ("scsi: qla2xxx: If fcport is undergoing deletion complete I/O with retry") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6b504d06976fe4a61cc05dedc68b84fadb397f77 Mon Sep 17 00:00:00 2001 From: Nilesh Javali <njavali(a)marvell.com> Date: Wed, 7 Jun 2023 17:08:38 +0530 Subject: [PATCH] scsi: qla2xxx: Avoid fcport pointer dereference Klocwork reported warning of NULL pointer may be dereferenced. The routine exits when sa_ctl is NULL and fcport is allocated after the exit call thus causing NULL fcport pointer to dereference at the time of exit. To avoid fcport pointer dereference, exit the routine when sa_ctl is NULL. Cc: stable(a)vger.kernel.org Signed-off-by: Nilesh Javali <njavali(a)marvell.com> Link: https://lore.kernel.org/r/20230607113843.37185-4-njavali@marvell.com Reviewed-by: Himanshu Madhani <himanshu.madhani(a)oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/scsi/qla2xxx/qla_edif.c b/drivers/scsi/qla2xxx/qla_edif.c index ec0e20255bd3..26e6b3e3af43 100644 --- a/drivers/scsi/qla2xxx/qla_edif.c +++ b/drivers/scsi/qla2xxx/qla_edif.c @@ -2361,8 +2361,8 @@ qla24xx_issue_sa_replace_iocb(scsi_qla_host_t *vha, struct qla_work_evt *e) if (!sa_ctl) { ql_dbg(ql_dbg_edif, vha, 0x70e6, "sa_ctl allocation failed\n"); - rval = -ENOMEM; - goto done; + rval = -ENOMEM; + return rval; } fcport = sa_ctl->fcport;

2 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] scsi: qla2xxx: Avoid fcport pointer dereference" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 6b504d06976fe4a61cc05dedc68b84fadb397f77 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023072104-brilliant-museum-198a@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 6b504d06976f ("scsi: qla2xxx: Avoid fcport pointer dereference") e0fb8ce2bb9e ("scsi: qla2xxx: edif: Fix potential stuck session in sa update") 31e6cdbe0eae ("scsi: qla2xxx: Implement ref count for SRB") d4523bd6fd5d ("scsi: qla2xxx: Refactor asynchronous command initialization") 2cabf10dbbe3 ("scsi: qla2xxx: Fix hang on NVMe command timeouts") e3d2612f583b ("scsi: qla2xxx: Fix use after free in debug code") 9efea843a906 ("scsi: qla2xxx: edif: Add detection of secure device") dd30706e73b7 ("scsi: qla2xxx: edif: Add key update") fac2807946c1 ("scsi: qla2xxx: edif: Add extraction of auth_els from the wire") 84318a9f01ce ("scsi: qla2xxx: edif: Add send, receive, and accept for auth_els") 7878f22a2e03 ("scsi: qla2xxx: edif: Add getfcinfo and statistic bsgs") 7ebb336e45ef ("scsi: qla2xxx: edif: Add start + stop bsgs") d94d8158e184 ("scsi: qla2xxx: Add heartbeat check") f7a0ed479e66 ("scsi: qla2xxx: Fix crash in PCIe error handling") 2ce35c0821af ("scsi: qla2xxx: Fix use after free in bsg") 5777fef788a5 ("scsi: qla2xxx: Consolidate zio threshold setting for both FCP & NVMe") 960204ecca5e ("scsi: qla2xxx: Simplify if statement") a04658594399 ("scsi: qla2xxx: Wait for ABTS response on I/O timeouts for NVMe") dbf1f53cfd23 ("scsi: qla2xxx: Implementation to get and manage host, target stats and initiator port") 707531bc2626 ("scsi: qla2xxx: If fcport is undergoing deletion complete I/O with retry") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6b504d06976fe4a61cc05dedc68b84fadb397f77 Mon Sep 17 00:00:00 2001 From: Nilesh Javali <njavali(a)marvell.com> Date: Wed, 7 Jun 2023 17:08:38 +0530 Subject: [PATCH] scsi: qla2xxx: Avoid fcport pointer dereference Klocwork reported warning of NULL pointer may be dereferenced. The routine exits when sa_ctl is NULL and fcport is allocated after the exit call thus causing NULL fcport pointer to dereference at the time of exit. To avoid fcport pointer dereference, exit the routine when sa_ctl is NULL. Cc: stable(a)vger.kernel.org Signed-off-by: Nilesh Javali <njavali(a)marvell.com> Link: https://lore.kernel.org/r/20230607113843.37185-4-njavali@marvell.com Reviewed-by: Himanshu Madhani <himanshu.madhani(a)oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/scsi/qla2xxx/qla_edif.c b/drivers/scsi/qla2xxx/qla_edif.c index ec0e20255bd3..26e6b3e3af43 100644 --- a/drivers/scsi/qla2xxx/qla_edif.c +++ b/drivers/scsi/qla2xxx/qla_edif.c @@ -2361,8 +2361,8 @@ qla24xx_issue_sa_replace_iocb(scsi_qla_host_t *vha, struct qla_work_evt *e) if (!sa_ctl) { ql_dbg(ql_dbg_edif, vha, 0x70e6, "sa_ctl allocation failed\n"); - rval = -ENOMEM; - goto done; + rval = -ENOMEM; + return rval; } fcport = sa_ctl->fcport;

2 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] scsi: qla2xxx: Avoid fcport pointer dereference" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 6b504d06976fe4a61cc05dedc68b84fadb397f77 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023072104-tidiness-facing-d23a@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 6b504d06976f ("scsi: qla2xxx: Avoid fcport pointer dereference") e0fb8ce2bb9e ("scsi: qla2xxx: edif: Fix potential stuck session in sa update") 31e6cdbe0eae ("scsi: qla2xxx: Implement ref count for SRB") d4523bd6fd5d ("scsi: qla2xxx: Refactor asynchronous command initialization") 2cabf10dbbe3 ("scsi: qla2xxx: Fix hang on NVMe command timeouts") e3d2612f583b ("scsi: qla2xxx: Fix use after free in debug code") 9efea843a906 ("scsi: qla2xxx: edif: Add detection of secure device") dd30706e73b7 ("scsi: qla2xxx: edif: Add key update") fac2807946c1 ("scsi: qla2xxx: edif: Add extraction of auth_els from the wire") 84318a9f01ce ("scsi: qla2xxx: edif: Add send, receive, and accept for auth_els") 7878f22a2e03 ("scsi: qla2xxx: edif: Add getfcinfo and statistic bsgs") 7ebb336e45ef ("scsi: qla2xxx: edif: Add start + stop bsgs") d94d8158e184 ("scsi: qla2xxx: Add heartbeat check") f7a0ed479e66 ("scsi: qla2xxx: Fix crash in PCIe error handling") 2ce35c0821af ("scsi: qla2xxx: Fix use after free in bsg") 5777fef788a5 ("scsi: qla2xxx: Consolidate zio threshold setting for both FCP & NVMe") 960204ecca5e ("scsi: qla2xxx: Simplify if statement") a04658594399 ("scsi: qla2xxx: Wait for ABTS response on I/O timeouts for NVMe") dbf1f53cfd23 ("scsi: qla2xxx: Implementation to get and manage host, target stats and initiator port") 707531bc2626 ("scsi: qla2xxx: If fcport is undergoing deletion complete I/O with retry") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6b504d06976fe4a61cc05dedc68b84fadb397f77 Mon Sep 17 00:00:00 2001 From: Nilesh Javali <njavali(a)marvell.com> Date: Wed, 7 Jun 2023 17:08:38 +0530 Subject: [PATCH] scsi: qla2xxx: Avoid fcport pointer dereference Klocwork reported warning of NULL pointer may be dereferenced. The routine exits when sa_ctl is NULL and fcport is allocated after the exit call thus causing NULL fcport pointer to dereference at the time of exit. To avoid fcport pointer dereference, exit the routine when sa_ctl is NULL. Cc: stable(a)vger.kernel.org Signed-off-by: Nilesh Javali <njavali(a)marvell.com> Link: https://lore.kernel.org/r/20230607113843.37185-4-njavali@marvell.com Reviewed-by: Himanshu Madhani <himanshu.madhani(a)oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/scsi/qla2xxx/qla_edif.c b/drivers/scsi/qla2xxx/qla_edif.c index ec0e20255bd3..26e6b3e3af43 100644 --- a/drivers/scsi/qla2xxx/qla_edif.c +++ b/drivers/scsi/qla2xxx/qla_edif.c @@ -2361,8 +2361,8 @@ qla24xx_issue_sa_replace_iocb(scsi_qla_host_t *vha, struct qla_work_evt *e) if (!sa_ctl) { ql_dbg(ql_dbg_edif, vha, 0x70e6, "sa_ctl allocation failed\n"); - rval = -ENOMEM; - goto done; + rval = -ENOMEM; + return rval; } fcport = sa_ctl->fcport;

2 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] scsi: qla2xxx: Avoid fcport pointer dereference" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 6b504d06976fe4a61cc05dedc68b84fadb397f77 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023072103-perceive-corrosive-fe47@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 6b504d06976f ("scsi: qla2xxx: Avoid fcport pointer dereference") e0fb8ce2bb9e ("scsi: qla2xxx: edif: Fix potential stuck session in sa update") 31e6cdbe0eae ("scsi: qla2xxx: Implement ref count for SRB") d4523bd6fd5d ("scsi: qla2xxx: Refactor asynchronous command initialization") 2cabf10dbbe3 ("scsi: qla2xxx: Fix hang on NVMe command timeouts") e3d2612f583b ("scsi: qla2xxx: Fix use after free in debug code") 9efea843a906 ("scsi: qla2xxx: edif: Add detection of secure device") dd30706e73b7 ("scsi: qla2xxx: edif: Add key update") fac2807946c1 ("scsi: qla2xxx: edif: Add extraction of auth_els from the wire") 84318a9f01ce ("scsi: qla2xxx: edif: Add send, receive, and accept for auth_els") 7878f22a2e03 ("scsi: qla2xxx: edif: Add getfcinfo and statistic bsgs") 7ebb336e45ef ("scsi: qla2xxx: edif: Add start + stop bsgs") d94d8158e184 ("scsi: qla2xxx: Add heartbeat check") f7a0ed479e66 ("scsi: qla2xxx: Fix crash in PCIe error handling") 2ce35c0821af ("scsi: qla2xxx: Fix use after free in bsg") 5777fef788a5 ("scsi: qla2xxx: Consolidate zio threshold setting for both FCP & NVMe") 960204ecca5e ("scsi: qla2xxx: Simplify if statement") a04658594399 ("scsi: qla2xxx: Wait for ABTS response on I/O timeouts for NVMe") dbf1f53cfd23 ("scsi: qla2xxx: Implementation to get and manage host, target stats and initiator port") 707531bc2626 ("scsi: qla2xxx: If fcport is undergoing deletion complete I/O with retry") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6b504d06976fe4a61cc05dedc68b84fadb397f77 Mon Sep 17 00:00:00 2001 From: Nilesh Javali <njavali(a)marvell.com> Date: Wed, 7 Jun 2023 17:08:38 +0530 Subject: [PATCH] scsi: qla2xxx: Avoid fcport pointer dereference Klocwork reported warning of NULL pointer may be dereferenced. The routine exits when sa_ctl is NULL and fcport is allocated after the exit call thus causing NULL fcport pointer to dereference at the time of exit. To avoid fcport pointer dereference, exit the routine when sa_ctl is NULL. Cc: stable(a)vger.kernel.org Signed-off-by: Nilesh Javali <njavali(a)marvell.com> Link: https://lore.kernel.org/r/20230607113843.37185-4-njavali@marvell.com Reviewed-by: Himanshu Madhani <himanshu.madhani(a)oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/scsi/qla2xxx/qla_edif.c b/drivers/scsi/qla2xxx/qla_edif.c index ec0e20255bd3..26e6b3e3af43 100644 --- a/drivers/scsi/qla2xxx/qla_edif.c +++ b/drivers/scsi/qla2xxx/qla_edif.c @@ -2361,8 +2361,8 @@ qla24xx_issue_sa_replace_iocb(scsi_qla_host_t *vha, struct qla_work_evt *e) if (!sa_ctl) { ql_dbg(ql_dbg_edif, vha, 0x70e6, "sa_ctl allocation failed\n"); - rval = -ENOMEM; - goto done; + rval = -ENOMEM; + return rval; } fcport = sa_ctl->fcport;

2 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] scsi: qla2xxx: Array index may go out of bound" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.14.y git checkout FETCH_HEAD git cherry-pick -x d721b591b95cf3f290f8a7cbe90aa2ee0368388d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023072141-freezable-tactical-2c4a@gregkh' --subject-prefix 'PATCH 4.14.y' HEAD^.. Possible dependencies: d721b591b95c ("scsi: qla2xxx: Array index may go out of bound") 250bd00923c7 ("scsi: qla2xxx: Fix inconsistent format argument type in qla_os.c") a4239945b8ad ("scsi: qla2xxx: Add switch command to simplify fabric discovery") 9cd883f07a54 ("scsi: qla2xxx: Fix session cleanup for N2N") 82abdcaf3ede ("scsi: qla2xxx: Allow target mode to accept PRLI in dual mode") 11aea16ab3f5 ("scsi: qla2xxx: Add ability to send PRLO") 9b3e0f4d4147 ("scsi: qla2xxx: Move work element processing out of DPC thread") f13515acdcb5 ("scsi: qla2xxx: Replace GPDB with async ADISC command") 2853192e154b ("scsi: qla2xxx: Use IOCB path to submit Control VP MBX command") 4005a995668b ("scsi: qla2xxx: Fix Relogin being triggered too fast") 5ef696aa9f3c ("scsi: qla2xxx: Relogin to target port on a cable swap") 414d9ff3f803 ("scsi: qla2xxx: Fix login state machine stuck at GPDB") 2d73ac6102d9 ("scsi: qla2xxx: Serialize GPNID for multiple RSCN") 25ad76b703d9 ("scsi: qla2xxx: Retry switch command on time out") a084fd68e1d2 ("scsi: qla2xxx: Fix re-login for Nport Handle in use") a01c77d2cbc4 ("scsi: qla2xxx: Move session delete to driver work queue") 2d57b5efda51 ("scsi: qla2xxx: Query FC4 type during RSCN processing") edd05de19759 ("scsi: qla2xxx: Changes to support N2N logins") c0c462c8a061 ("scsi: qla2xxx: Allow MBC_GET_PORT_DATABASE to query and save the port states") 08eb7f45de61 ("scsi: qla2xxx: Cocci spatch "pool_zalloc-simple"") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d721b591b95cf3f290f8a7cbe90aa2ee0368388d Mon Sep 17 00:00:00 2001 From: Nilesh Javali <njavali(a)marvell.com> Date: Wed, 7 Jun 2023 17:08:36 +0530 Subject: [PATCH] scsi: qla2xxx: Array index may go out of bound Klocwork reports array 'vha->host_str' of size 16 may use index value(s) 16..19. Use snprintf() instead of sprintf(). Cc: stable(a)vger.kernel.org Co-developed-by: Bikash Hazarika <bhazarika(a)marvell.com> Signed-off-by: Bikash Hazarika <bhazarika(a)marvell.com> Signed-off-by: Nilesh Javali <njavali(a)marvell.com> Link: https://lore.kernel.org/r/20230607113843.37185-2-njavali@marvell.com Reviewed-by: Himanshu Madhani <himanshu.madhani(a)oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c index bc89d3da8fd0..3bace9ea6288 100644 --- a/drivers/scsi/qla2xxx/qla_os.c +++ b/drivers/scsi/qla2xxx/qla_os.c @@ -5088,7 +5088,8 @@ struct scsi_qla_host *qla2x00_create_host(const struct scsi_host_template *sht, } INIT_DELAYED_WORK(&vha->scan.scan_work, qla_scan_work_fn); - sprintf(vha->host_str, "%s_%lu", QLA2XXX_DRIVER_NAME, vha->host_no); + snprintf(vha->host_str, sizeof(vha->host_str), "%s_%lu", + QLA2XXX_DRIVER_NAME, vha->host_no); ql_dbg(ql_dbg_init, vha, 0x0041, "Allocated the host=%p hw=%p vha=%p dev_name=%s", vha->host, vha->hw, vha,

2 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] scsi: qla2xxx: Array index may go out of bound" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x d721b591b95cf3f290f8a7cbe90aa2ee0368388d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023072140-dilute-stood-1935@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: d721b591b95c ("scsi: qla2xxx: Array index may go out of bound") 250bd00923c7 ("scsi: qla2xxx: Fix inconsistent format argument type in qla_os.c") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d721b591b95cf3f290f8a7cbe90aa2ee0368388d Mon Sep 17 00:00:00 2001 From: Nilesh Javali <njavali(a)marvell.com> Date: Wed, 7 Jun 2023 17:08:36 +0530 Subject: [PATCH] scsi: qla2xxx: Array index may go out of bound Klocwork reports array 'vha->host_str' of size 16 may use index value(s) 16..19. Use snprintf() instead of sprintf(). Cc: stable(a)vger.kernel.org Co-developed-by: Bikash Hazarika <bhazarika(a)marvell.com> Signed-off-by: Bikash Hazarika <bhazarika(a)marvell.com> Signed-off-by: Nilesh Javali <njavali(a)marvell.com> Link: https://lore.kernel.org/r/20230607113843.37185-2-njavali@marvell.com Reviewed-by: Himanshu Madhani <himanshu.madhani(a)oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c index bc89d3da8fd0..3bace9ea6288 100644 --- a/drivers/scsi/qla2xxx/qla_os.c +++ b/drivers/scsi/qla2xxx/qla_os.c @@ -5088,7 +5088,8 @@ struct scsi_qla_host *qla2x00_create_host(const struct scsi_host_template *sht, } INIT_DELAYED_WORK(&vha->scan.scan_work, qla_scan_work_fn); - sprintf(vha->host_str, "%s_%lu", QLA2XXX_DRIVER_NAME, vha->host_no); + snprintf(vha->host_str, sizeof(vha->host_str), "%s_%lu", + QLA2XXX_DRIVER_NAME, vha->host_no); ql_dbg(ql_dbg_init, vha, 0x0041, "Allocated the host=%p hw=%p vha=%p dev_name=%s", vha->host, vha->hw, vha,

2 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] scsi: qla2xxx: Array index may go out of bound" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x d721b591b95cf3f290f8a7cbe90aa2ee0368388d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023072139-seismic-unreached-ff9a@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: d721b591b95c ("scsi: qla2xxx: Array index may go out of bound") 250bd00923c7 ("scsi: qla2xxx: Fix inconsistent format argument type in qla_os.c") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d721b591b95cf3f290f8a7cbe90aa2ee0368388d Mon Sep 17 00:00:00 2001 From: Nilesh Javali <njavali(a)marvell.com> Date: Wed, 7 Jun 2023 17:08:36 +0530 Subject: [PATCH] scsi: qla2xxx: Array index may go out of bound Klocwork reports array 'vha->host_str' of size 16 may use index value(s) 16..19. Use snprintf() instead of sprintf(). Cc: stable(a)vger.kernel.org Co-developed-by: Bikash Hazarika <bhazarika(a)marvell.com> Signed-off-by: Bikash Hazarika <bhazarika(a)marvell.com> Signed-off-by: Nilesh Javali <njavali(a)marvell.com> Link: https://lore.kernel.org/r/20230607113843.37185-2-njavali@marvell.com Reviewed-by: Himanshu Madhani <himanshu.madhani(a)oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c index bc89d3da8fd0..3bace9ea6288 100644 --- a/drivers/scsi/qla2xxx/qla_os.c +++ b/drivers/scsi/qla2xxx/qla_os.c @@ -5088,7 +5088,8 @@ struct scsi_qla_host *qla2x00_create_host(const struct scsi_host_template *sht, } INIT_DELAYED_WORK(&vha->scan.scan_work, qla_scan_work_fn); - sprintf(vha->host_str, "%s_%lu", QLA2XXX_DRIVER_NAME, vha->host_no); + snprintf(vha->host_str, sizeof(vha->host_str), "%s_%lu", + QLA2XXX_DRIVER_NAME, vha->host_no); ql_dbg(ql_dbg_init, vha, 0x0041, "Allocated the host=%p hw=%p vha=%p dev_name=%s", vha->host, vha->hw, vha,

2 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] scsi: qla2xxx: Fix mem access after free" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.14.y git checkout FETCH_HEAD git cherry-pick -x b843adde8d490934d042fbe9e3e46697cb3a64d2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023072128-preteen-saggy-a80b@gregkh' --subject-prefix 'PATCH 4.14.y' HEAD^.. Possible dependencies: b843adde8d49 ("scsi: qla2xxx: Fix mem access after free") d3affdeb400f ("scsi: qla2xxx: Synchronize the IOCB count to be in order") c39587bc0aba ("scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts") 5597616333ea ("scsi: qla2xxx: Stop using the SCSI pointer") 79e30b884a01 ("scsi: qla2xxx: Call scsi_done() directly") e56b2234ab64 ("scsi: qla2xxx: Open-code qla2xxx_eh_target_reset()") 622299f16f33 ("scsi: qla2xxx: Simplify return value logic in qla2x00_get_sp_from_handle()") f45bca8c5052 ("scsi: qla2xxx: Fix double scsi_done for abort path") dd93b143706c ("scsi: qla2xxx: Fix a recently introduced kernel warning") 88263208dd23 ("scsi: qla2xxx: Complain if sp->done() is not called from the completion path") 85cffefa09e4 ("scsi: qla2xxx: Fix a race condition between aborting and completing a SCSI command") fcef08932db7 ("scsi: qla2xxx: Complain if waiting for pending commands times out") 8dd9593cc07a ("scsi: qla2xxx: Really fix qla2xxx_eh_abort()") 3a4b6cc73321 ("scsi: qla2xxx: Fix premature timer expiration") 7f4374e67b30 ("scsi: qla2xxx: Reject EH_{abort|device_reset|target_request}") ba6d10ab8014 ("Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b843adde8d490934d042fbe9e3e46697cb3a64d2 Mon Sep 17 00:00:00 2001 From: Quinn Tran <qutran(a)marvell.com> Date: Fri, 28 Apr 2023 00:53:37 -0700 Subject: [PATCH] scsi: qla2xxx: Fix mem access after free System crash, where driver is accessing scsi layer's memory (scsi_cmnd->device->host) to search for a well known internal pointer (vha). The scsi_cmnd was released back to upper layer which could be freed, but the driver is still accessing it. 7 [ffffa8e8d2c3f8d0] page_fault at ffffffff86c010fe [exception RIP: __qla2x00_eh_wait_for_pending_commands+240] RIP: ffffffffc0642350 RSP: ffffa8e8d2c3f988 RFLAGS: 00010286 RAX: 0000000000000165 RBX: 0000000000000002 RCX: 00000000000036d8 RDX: 0000000000000000 RSI: ffff9c5c56535188 RDI: 0000000000000286 RBP: ffff9c5bf7aa4a58 R8: ffff9c589aecdb70 R9: 00000000000003d1 R10: 0000000000000001 R11: 0000000000380000 R12: ffff9c5c5392bc78 R13: ffff9c57044ff5c0 R14: ffff9c56b5a3aa00 R15: 00000000000006db ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018 8 [ffffa8e8d2c3f9c8] qla2x00_eh_wait_for_pending_commands at ffffffffc0646dd5 [qla2xxx] 9 [ffffa8e8d2c3fa00] __qla2x00_async_tm_cmd at ffffffffc0658094 [qla2xxx] Remove access of freed memory. Currently the driver was checking to see if scsi_done was called by seeing if the sp->type has changed. Instead, check to see if the command has left the oustanding_cmds[] array as sign of scsi_done was called. Cc: stable(a)vger.kernel.org Signed-off-by: Quinn Tran <qutran(a)marvell.com> Signed-off-by: Nilesh Javali <njavali(a)marvell.com> Link: https://lore.kernel.org/r/20230428075339.32551-6-njavali@marvell.com Reviewed-by: Himanshu Madhani <himanshu.madhani(a)oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/scsi/qla2xxx/qla_isr.c b/drivers/scsi/qla2xxx/qla_isr.c index f3107508cf12..a07c010b0843 100644 --- a/drivers/scsi/qla2xxx/qla_isr.c +++ b/drivers/scsi/qla2xxx/qla_isr.c @@ -1862,9 +1862,9 @@ qla2x00_process_completed_request(struct scsi_qla_host *vha, } } -srb_t * -qla2x00_get_sp_from_handle(scsi_qla_host_t *vha, const char *func, - struct req_que *req, void *iocb) +static srb_t * +qla_get_sp_from_handle(scsi_qla_host_t *vha, const char *func, + struct req_que *req, void *iocb, u16 *ret_index) { struct qla_hw_data *ha = vha->hw; sts_entry_t *pkt = iocb; @@ -1899,12 +1899,25 @@ qla2x00_get_sp_from_handle(scsi_qla_host_t *vha, const char *func, return NULL; } - req->outstanding_cmds[index] = NULL; - + *ret_index = index; qla_put_fw_resources(sp->qpair, &sp->iores); return sp; } +srb_t * +qla2x00_get_sp_from_handle(scsi_qla_host_t *vha, const char *func, + struct req_que *req, void *iocb) +{ + uint16_t index; + srb_t *sp; + + sp = qla_get_sp_from_handle(vha, func, req, iocb, &index); + if (sp) + req->outstanding_cmds[index] = NULL; + + return sp; +} + static void qla2x00_mbx_iocb_entry(scsi_qla_host_t *vha, struct req_que *req, struct mbx_entry *mbx) @@ -3237,13 +3250,13 @@ qla2x00_status_entry(scsi_qla_host_t *vha, struct rsp_que *rsp, void *pkt) return; } - req->outstanding_cmds[handle] = NULL; cp = GET_CMD_SP(sp); if (cp == NULL) { ql_dbg(ql_dbg_io, vha, 0x3018, "Command already returned (0x%x/%p).\n", sts->handle, sp); + req->outstanding_cmds[handle] = NULL; return; } @@ -3514,6 +3527,9 @@ qla2x00_status_entry(scsi_qla_host_t *vha, struct rsp_que *rsp, void *pkt) if (rsp->status_srb == NULL) sp->done(sp, res); + + /* for io's, clearing of outstanding_cmds[handle] means scsi_done was called */ + req->outstanding_cmds[handle] = NULL; } /** @@ -3590,6 +3606,7 @@ qla2x00_error_entry(scsi_qla_host_t *vha, struct rsp_que *rsp, sts_entry_t *pkt) uint16_t que = MSW(pkt->handle); struct req_que *req = NULL; int res = DID_ERROR << 16; + u16 index; ql_dbg(ql_dbg_async, vha, 0x502a, "iocb type %xh with error status %xh, handle %xh, rspq id %d\n", @@ -3608,7 +3625,6 @@ qla2x00_error_entry(scsi_qla_host_t *vha, struct rsp_que *rsp, sts_entry_t *pkt) switch (pkt->entry_type) { case NOTIFY_ACK_TYPE: - case STATUS_TYPE: case STATUS_CONT_TYPE: case LOGINOUT_PORT_IOCB_TYPE: case CT_IOCB_TYPE: @@ -3628,6 +3644,14 @@ qla2x00_error_entry(scsi_qla_host_t *vha, struct rsp_que *rsp, sts_entry_t *pkt) case CTIO_TYPE7: case CTIO_CRC2: return 1; + case STATUS_TYPE: + sp = qla_get_sp_from_handle(vha, func, req, pkt, &index); + if (sp) { + sp->done(sp, res); + req->outstanding_cmds[index] = NULL; + return 0; + } + break; } fatal: ql_log(ql_log_warn, vha, 0x5030, diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c index 2fa695bf38b7..bc89d3da8fd0 100644 --- a/drivers/scsi/qla2xxx/qla_os.c +++ b/drivers/scsi/qla2xxx/qla_os.c @@ -1078,43 +1078,6 @@ qla2xxx_mqueuecommand(struct Scsi_Host *host, struct scsi_cmnd *cmd, return 0; } -/* - * qla2x00_eh_wait_on_command - * Waits for the command to be returned by the Firmware for some - * max time. - * - * Input: - * cmd = Scsi Command to wait on. - * - * Return: - * Completed in time : QLA_SUCCESS - * Did not complete in time : QLA_FUNCTION_FAILED - */ -static int -qla2x00_eh_wait_on_command(struct scsi_cmnd *cmd) -{ -#define ABORT_POLLING_PERIOD 1000 -#define ABORT_WAIT_ITER ((2 * 1000) / (ABORT_POLLING_PERIOD)) - unsigned long wait_iter = ABORT_WAIT_ITER; - scsi_qla_host_t *vha = shost_priv(cmd->device->host); - struct qla_hw_data *ha = vha->hw; - srb_t *sp = scsi_cmd_priv(cmd); - int ret = QLA_SUCCESS; - - if (unlikely(pci_channel_offline(ha->pdev)) || ha->flags.eeh_busy) { - ql_dbg(ql_dbg_taskm, vha, 0x8005, - "Return:eh_wait.\n"); - return ret; - } - - while (sp->type && wait_iter--) - msleep(ABORT_POLLING_PERIOD); - if (sp->type) - ret = QLA_FUNCTION_FAILED; - - return ret; -} - /* * qla2x00_wait_for_hba_online * Wait till the HBA is online after going through @@ -1365,6 +1328,9 @@ qla2xxx_eh_abort(struct scsi_cmnd *cmd) return ret; } +#define ABORT_POLLING_PERIOD 1000 +#define ABORT_WAIT_ITER ((2 * 1000) / (ABORT_POLLING_PERIOD)) + /* * Returns: QLA_SUCCESS or QLA_FUNCTION_FAILED. */ @@ -1378,41 +1344,73 @@ __qla2x00_eh_wait_for_pending_commands(struct qla_qpair *qpair, unsigned int t, struct req_que *req = qpair->req; srb_t *sp; struct scsi_cmnd *cmd; + unsigned long wait_iter = ABORT_WAIT_ITER; + bool found; + struct qla_hw_data *ha = vha->hw; status = QLA_SUCCESS; - spin_lock_irqsave(qpair->qp_lock_ptr, flags); - for (cnt = 1; status == QLA_SUCCESS && - cnt < req->num_outstanding_cmds; cnt++) { - sp = req->outstanding_cmds[cnt]; - if (!sp) - continue; - if (sp->type != SRB_SCSI_CMD) - continue; - if (vha->vp_idx != sp->vha->vp_idx) - continue; - match = 0; - cmd = GET_CMD_SP(sp); - switch (type) { - case WAIT_HOST: - match = 1; - break; - case WAIT_TARGET: - match = cmd->device->id == t; - break; - case WAIT_LUN: - match = (cmd->device->id == t && - cmd->device->lun == l); - break; - } - if (!match) - continue; + while (wait_iter--) { + found = false; - spin_unlock_irqrestore(qpair->qp_lock_ptr, flags); - status = qla2x00_eh_wait_on_command(cmd); spin_lock_irqsave(qpair->qp_lock_ptr, flags); + for (cnt = 1; cnt < req->num_outstanding_cmds; cnt++) { + sp = req->outstanding_cmds[cnt]; + if (!sp) + continue; + if (sp->type != SRB_SCSI_CMD) + continue; + if (vha->vp_idx != sp->vha->vp_idx) + continue; + match = 0; + cmd = GET_CMD_SP(sp); + switch (type) { + case WAIT_HOST: + match = 1; + break; + case WAIT_TARGET: + if (sp->fcport) + match = sp->fcport->d_id.b24 == t; + else + match = 0; + break; + case WAIT_LUN: + if (sp->fcport) + match = (sp->fcport->d_id.b24 == t && + cmd->device->lun == l); + else + match = 0; + break; + } + if (!match) + continue; + + spin_unlock_irqrestore(qpair->qp_lock_ptr, flags); + + if (unlikely(pci_channel_offline(ha->pdev)) || + ha->flags.eeh_busy) { + ql_dbg(ql_dbg_taskm, vha, 0x8005, + "Return:eh_wait.\n"); + return status; + } + + /* + * SRB_SCSI_CMD is still in the outstanding_cmds array. + * it means scsi_done has not called. Wait for it to + * clear from outstanding_cmds. + */ + msleep(ABORT_POLLING_PERIOD); + spin_lock_irqsave(qpair->qp_lock_ptr, flags); + found = true; + } + spin_unlock_irqrestore(qpair->qp_lock_ptr, flags); + + if (!found) + break; } - spin_unlock_irqrestore(qpair->qp_lock_ptr, flags); + + if (!wait_iter && found) + status = QLA_FUNCTION_FAILED; return status; }

2 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] scsi: qla2xxx: Fix mem access after free" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x b843adde8d490934d042fbe9e3e46697cb3a64d2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023072127-overhead-scorer-c4f4@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: b843adde8d49 ("scsi: qla2xxx: Fix mem access after free") d3affdeb400f ("scsi: qla2xxx: Synchronize the IOCB count to be in order") c39587bc0aba ("scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts") 5597616333ea ("scsi: qla2xxx: Stop using the SCSI pointer") 79e30b884a01 ("scsi: qla2xxx: Call scsi_done() directly") e56b2234ab64 ("scsi: qla2xxx: Open-code qla2xxx_eh_target_reset()") 622299f16f33 ("scsi: qla2xxx: Simplify return value logic in qla2x00_get_sp_from_handle()") f45bca8c5052 ("scsi: qla2xxx: Fix double scsi_done for abort path") dd93b143706c ("scsi: qla2xxx: Fix a recently introduced kernel warning") 88263208dd23 ("scsi: qla2xxx: Complain if sp->done() is not called from the completion path") 85cffefa09e4 ("scsi: qla2xxx: Fix a race condition between aborting and completing a SCSI command") fcef08932db7 ("scsi: qla2xxx: Complain if waiting for pending commands times out") 8dd9593cc07a ("scsi: qla2xxx: Really fix qla2xxx_eh_abort()") 3a4b6cc73321 ("scsi: qla2xxx: Fix premature timer expiration") 7f4374e67b30 ("scsi: qla2xxx: Reject EH_{abort|device_reset|target_request}") ba6d10ab8014 ("Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b843adde8d490934d042fbe9e3e46697cb3a64d2 Mon Sep 17 00:00:00 2001 From: Quinn Tran <qutran(a)marvell.com> Date: Fri, 28 Apr 2023 00:53:37 -0700 Subject: [PATCH] scsi: qla2xxx: Fix mem access after free System crash, where driver is accessing scsi layer's memory (scsi_cmnd->device->host) to search for a well known internal pointer (vha). The scsi_cmnd was released back to upper layer which could be freed, but the driver is still accessing it. 7 [ffffa8e8d2c3f8d0] page_fault at ffffffff86c010fe [exception RIP: __qla2x00_eh_wait_for_pending_commands+240] RIP: ffffffffc0642350 RSP: ffffa8e8d2c3f988 RFLAGS: 00010286 RAX: 0000000000000165 RBX: 0000000000000002 RCX: 00000000000036d8 RDX: 0000000000000000 RSI: ffff9c5c56535188 RDI: 0000000000000286 RBP: ffff9c5bf7aa4a58 R8: ffff9c589aecdb70 R9: 00000000000003d1 R10: 0000000000000001 R11: 0000000000380000 R12: ffff9c5c5392bc78 R13: ffff9c57044ff5c0 R14: ffff9c56b5a3aa00 R15: 00000000000006db ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018 8 [ffffa8e8d2c3f9c8] qla2x00_eh_wait_for_pending_commands at ffffffffc0646dd5 [qla2xxx] 9 [ffffa8e8d2c3fa00] __qla2x00_async_tm_cmd at ffffffffc0658094 [qla2xxx] Remove access of freed memory. Currently the driver was checking to see if scsi_done was called by seeing if the sp->type has changed. Instead, check to see if the command has left the oustanding_cmds[] array as sign of scsi_done was called. Cc: stable(a)vger.kernel.org Signed-off-by: Quinn Tran <qutran(a)marvell.com> Signed-off-by: Nilesh Javali <njavali(a)marvell.com> Link: https://lore.kernel.org/r/20230428075339.32551-6-njavali@marvell.com Reviewed-by: Himanshu Madhani <himanshu.madhani(a)oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/scsi/qla2xxx/qla_isr.c b/drivers/scsi/qla2xxx/qla_isr.c index f3107508cf12..a07c010b0843 100644 --- a/drivers/scsi/qla2xxx/qla_isr.c +++ b/drivers/scsi/qla2xxx/qla_isr.c @@ -1862,9 +1862,9 @@ qla2x00_process_completed_request(struct scsi_qla_host *vha, } } -srb_t * -qla2x00_get_sp_from_handle(scsi_qla_host_t *vha, const char *func, - struct req_que *req, void *iocb) +static srb_t * +qla_get_sp_from_handle(scsi_qla_host_t *vha, const char *func, + struct req_que *req, void *iocb, u16 *ret_index) { struct qla_hw_data *ha = vha->hw; sts_entry_t *pkt = iocb; @@ -1899,12 +1899,25 @@ qla2x00_get_sp_from_handle(scsi_qla_host_t *vha, const char *func, return NULL; } - req->outstanding_cmds[index] = NULL; - + *ret_index = index; qla_put_fw_resources(sp->qpair, &sp->iores); return sp; } +srb_t * +qla2x00_get_sp_from_handle(scsi_qla_host_t *vha, const char *func, + struct req_que *req, void *iocb) +{ + uint16_t index; + srb_t *sp; + + sp = qla_get_sp_from_handle(vha, func, req, iocb, &index); + if (sp) + req->outstanding_cmds[index] = NULL; + + return sp; +} + static void qla2x00_mbx_iocb_entry(scsi_qla_host_t *vha, struct req_que *req, struct mbx_entry *mbx) @@ -3237,13 +3250,13 @@ qla2x00_status_entry(scsi_qla_host_t *vha, struct rsp_que *rsp, void *pkt) return; } - req->outstanding_cmds[handle] = NULL; cp = GET_CMD_SP(sp); if (cp == NULL) { ql_dbg(ql_dbg_io, vha, 0x3018, "Command already returned (0x%x/%p).\n", sts->handle, sp); + req->outstanding_cmds[handle] = NULL; return; } @@ -3514,6 +3527,9 @@ qla2x00_status_entry(scsi_qla_host_t *vha, struct rsp_que *rsp, void *pkt) if (rsp->status_srb == NULL) sp->done(sp, res); + + /* for io's, clearing of outstanding_cmds[handle] means scsi_done was called */ + req->outstanding_cmds[handle] = NULL; } /** @@ -3590,6 +3606,7 @@ qla2x00_error_entry(scsi_qla_host_t *vha, struct rsp_que *rsp, sts_entry_t *pkt) uint16_t que = MSW(pkt->handle); struct req_que *req = NULL; int res = DID_ERROR << 16; + u16 index; ql_dbg(ql_dbg_async, vha, 0x502a, "iocb type %xh with error status %xh, handle %xh, rspq id %d\n", @@ -3608,7 +3625,6 @@ qla2x00_error_entry(scsi_qla_host_t *vha, struct rsp_que *rsp, sts_entry_t *pkt) switch (pkt->entry_type) { case NOTIFY_ACK_TYPE: - case STATUS_TYPE: case STATUS_CONT_TYPE: case LOGINOUT_PORT_IOCB_TYPE: case CT_IOCB_TYPE: @@ -3628,6 +3644,14 @@ qla2x00_error_entry(scsi_qla_host_t *vha, struct rsp_que *rsp, sts_entry_t *pkt) case CTIO_TYPE7: case CTIO_CRC2: return 1; + case STATUS_TYPE: + sp = qla_get_sp_from_handle(vha, func, req, pkt, &index); + if (sp) { + sp->done(sp, res); + req->outstanding_cmds[index] = NULL; + return 0; + } + break; } fatal: ql_log(ql_log_warn, vha, 0x5030, diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c index 2fa695bf38b7..bc89d3da8fd0 100644 --- a/drivers/scsi/qla2xxx/qla_os.c +++ b/drivers/scsi/qla2xxx/qla_os.c @@ -1078,43 +1078,6 @@ qla2xxx_mqueuecommand(struct Scsi_Host *host, struct scsi_cmnd *cmd, return 0; } -/* - * qla2x00_eh_wait_on_command - * Waits for the command to be returned by the Firmware for some - * max time. - * - * Input: - * cmd = Scsi Command to wait on. - * - * Return: - * Completed in time : QLA_SUCCESS - * Did not complete in time : QLA_FUNCTION_FAILED - */ -static int -qla2x00_eh_wait_on_command(struct scsi_cmnd *cmd) -{ -#define ABORT_POLLING_PERIOD 1000 -#define ABORT_WAIT_ITER ((2 * 1000) / (ABORT_POLLING_PERIOD)) - unsigned long wait_iter = ABORT_WAIT_ITER; - scsi_qla_host_t *vha = shost_priv(cmd->device->host); - struct qla_hw_data *ha = vha->hw; - srb_t *sp = scsi_cmd_priv(cmd); - int ret = QLA_SUCCESS; - - if (unlikely(pci_channel_offline(ha->pdev)) || ha->flags.eeh_busy) { - ql_dbg(ql_dbg_taskm, vha, 0x8005, - "Return:eh_wait.\n"); - return ret; - } - - while (sp->type && wait_iter--) - msleep(ABORT_POLLING_PERIOD); - if (sp->type) - ret = QLA_FUNCTION_FAILED; - - return ret; -} - /* * qla2x00_wait_for_hba_online * Wait till the HBA is online after going through @@ -1365,6 +1328,9 @@ qla2xxx_eh_abort(struct scsi_cmnd *cmd) return ret; } +#define ABORT_POLLING_PERIOD 1000 +#define ABORT_WAIT_ITER ((2 * 1000) / (ABORT_POLLING_PERIOD)) + /* * Returns: QLA_SUCCESS or QLA_FUNCTION_FAILED. */ @@ -1378,41 +1344,73 @@ __qla2x00_eh_wait_for_pending_commands(struct qla_qpair *qpair, unsigned int t, struct req_que *req = qpair->req; srb_t *sp; struct scsi_cmnd *cmd; + unsigned long wait_iter = ABORT_WAIT_ITER; + bool found; + struct qla_hw_data *ha = vha->hw; status = QLA_SUCCESS; - spin_lock_irqsave(qpair->qp_lock_ptr, flags); - for (cnt = 1; status == QLA_SUCCESS && - cnt < req->num_outstanding_cmds; cnt++) { - sp = req->outstanding_cmds[cnt]; - if (!sp) - continue; - if (sp->type != SRB_SCSI_CMD) - continue; - if (vha->vp_idx != sp->vha->vp_idx) - continue; - match = 0; - cmd = GET_CMD_SP(sp); - switch (type) { - case WAIT_HOST: - match = 1; - break; - case WAIT_TARGET: - match = cmd->device->id == t; - break; - case WAIT_LUN: - match = (cmd->device->id == t && - cmd->device->lun == l); - break; - } - if (!match) - continue; + while (wait_iter--) { + found = false; - spin_unlock_irqrestore(qpair->qp_lock_ptr, flags); - status = qla2x00_eh_wait_on_command(cmd); spin_lock_irqsave(qpair->qp_lock_ptr, flags); + for (cnt = 1; cnt < req->num_outstanding_cmds; cnt++) { + sp = req->outstanding_cmds[cnt]; + if (!sp) + continue; + if (sp->type != SRB_SCSI_CMD) + continue; + if (vha->vp_idx != sp->vha->vp_idx) + continue; + match = 0; + cmd = GET_CMD_SP(sp); + switch (type) { + case WAIT_HOST: + match = 1; + break; + case WAIT_TARGET: + if (sp->fcport) + match = sp->fcport->d_id.b24 == t; + else + match = 0; + break; + case WAIT_LUN: + if (sp->fcport) + match = (sp->fcport->d_id.b24 == t && + cmd->device->lun == l); + else + match = 0; + break; + } + if (!match) + continue; + + spin_unlock_irqrestore(qpair->qp_lock_ptr, flags); + + if (unlikely(pci_channel_offline(ha->pdev)) || + ha->flags.eeh_busy) { + ql_dbg(ql_dbg_taskm, vha, 0x8005, + "Return:eh_wait.\n"); + return status; + } + + /* + * SRB_SCSI_CMD is still in the outstanding_cmds array. + * it means scsi_done has not called. Wait for it to + * clear from outstanding_cmds. + */ + msleep(ABORT_POLLING_PERIOD); + spin_lock_irqsave(qpair->qp_lock_ptr, flags); + found = true; + } + spin_unlock_irqrestore(qpair->qp_lock_ptr, flags); + + if (!found) + break; } - spin_unlock_irqrestore(qpair->qp_lock_ptr, flags); + + if (!wait_iter && found) + status = QLA_FUNCTION_FAILED; return status; }

2 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] scsi: qla2xxx: Fix mem access after free" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x b843adde8d490934d042fbe9e3e46697cb3a64d2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023072125-educator-unroll-251d@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: b843adde8d49 ("scsi: qla2xxx: Fix mem access after free") d3affdeb400f ("scsi: qla2xxx: Synchronize the IOCB count to be in order") c39587bc0aba ("scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts") 5597616333ea ("scsi: qla2xxx: Stop using the SCSI pointer") 79e30b884a01 ("scsi: qla2xxx: Call scsi_done() directly") e56b2234ab64 ("scsi: qla2xxx: Open-code qla2xxx_eh_target_reset()") 622299f16f33 ("scsi: qla2xxx: Simplify return value logic in qla2x00_get_sp_from_handle()") f45bca8c5052 ("scsi: qla2xxx: Fix double scsi_done for abort path") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b843adde8d490934d042fbe9e3e46697cb3a64d2 Mon Sep 17 00:00:00 2001 From: Quinn Tran <qutran(a)marvell.com> Date: Fri, 28 Apr 2023 00:53:37 -0700 Subject: [PATCH] scsi: qla2xxx: Fix mem access after free System crash, where driver is accessing scsi layer's memory (scsi_cmnd->device->host) to search for a well known internal pointer (vha). The scsi_cmnd was released back to upper layer which could be freed, but the driver is still accessing it. 7 [ffffa8e8d2c3f8d0] page_fault at ffffffff86c010fe [exception RIP: __qla2x00_eh_wait_for_pending_commands+240] RIP: ffffffffc0642350 RSP: ffffa8e8d2c3f988 RFLAGS: 00010286 RAX: 0000000000000165 RBX: 0000000000000002 RCX: 00000000000036d8 RDX: 0000000000000000 RSI: ffff9c5c56535188 RDI: 0000000000000286 RBP: ffff9c5bf7aa4a58 R8: ffff9c589aecdb70 R9: 00000000000003d1 R10: 0000000000000001 R11: 0000000000380000 R12: ffff9c5c5392bc78 R13: ffff9c57044ff5c0 R14: ffff9c56b5a3aa00 R15: 00000000000006db ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018 8 [ffffa8e8d2c3f9c8] qla2x00_eh_wait_for_pending_commands at ffffffffc0646dd5 [qla2xxx] 9 [ffffa8e8d2c3fa00] __qla2x00_async_tm_cmd at ffffffffc0658094 [qla2xxx] Remove access of freed memory. Currently the driver was checking to see if scsi_done was called by seeing if the sp->type has changed. Instead, check to see if the command has left the oustanding_cmds[] array as sign of scsi_done was called. Cc: stable(a)vger.kernel.org Signed-off-by: Quinn Tran <qutran(a)marvell.com> Signed-off-by: Nilesh Javali <njavali(a)marvell.com> Link: https://lore.kernel.org/r/20230428075339.32551-6-njavali@marvell.com Reviewed-by: Himanshu Madhani <himanshu.madhani(a)oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/scsi/qla2xxx/qla_isr.c b/drivers/scsi/qla2xxx/qla_isr.c index f3107508cf12..a07c010b0843 100644 --- a/drivers/scsi/qla2xxx/qla_isr.c +++ b/drivers/scsi/qla2xxx/qla_isr.c @@ -1862,9 +1862,9 @@ qla2x00_process_completed_request(struct scsi_qla_host *vha, } } -srb_t * -qla2x00_get_sp_from_handle(scsi_qla_host_t *vha, const char *func, - struct req_que *req, void *iocb) +static srb_t * +qla_get_sp_from_handle(scsi_qla_host_t *vha, const char *func, + struct req_que *req, void *iocb, u16 *ret_index) { struct qla_hw_data *ha = vha->hw; sts_entry_t *pkt = iocb; @@ -1899,12 +1899,25 @@ qla2x00_get_sp_from_handle(scsi_qla_host_t *vha, const char *func, return NULL; } - req->outstanding_cmds[index] = NULL; - + *ret_index = index; qla_put_fw_resources(sp->qpair, &sp->iores); return sp; } +srb_t * +qla2x00_get_sp_from_handle(scsi_qla_host_t *vha, const char *func, + struct req_que *req, void *iocb) +{ + uint16_t index; + srb_t *sp; + + sp = qla_get_sp_from_handle(vha, func, req, iocb, &index); + if (sp) + req->outstanding_cmds[index] = NULL; + + return sp; +} + static void qla2x00_mbx_iocb_entry(scsi_qla_host_t *vha, struct req_que *req, struct mbx_entry *mbx) @@ -3237,13 +3250,13 @@ qla2x00_status_entry(scsi_qla_host_t *vha, struct rsp_que *rsp, void *pkt) return; } - req->outstanding_cmds[handle] = NULL; cp = GET_CMD_SP(sp); if (cp == NULL) { ql_dbg(ql_dbg_io, vha, 0x3018, "Command already returned (0x%x/%p).\n", sts->handle, sp); + req->outstanding_cmds[handle] = NULL; return; } @@ -3514,6 +3527,9 @@ qla2x00_status_entry(scsi_qla_host_t *vha, struct rsp_que *rsp, void *pkt) if (rsp->status_srb == NULL) sp->done(sp, res); + + /* for io's, clearing of outstanding_cmds[handle] means scsi_done was called */ + req->outstanding_cmds[handle] = NULL; } /** @@ -3590,6 +3606,7 @@ qla2x00_error_entry(scsi_qla_host_t *vha, struct rsp_que *rsp, sts_entry_t *pkt) uint16_t que = MSW(pkt->handle); struct req_que *req = NULL; int res = DID_ERROR << 16; + u16 index; ql_dbg(ql_dbg_async, vha, 0x502a, "iocb type %xh with error status %xh, handle %xh, rspq id %d\n", @@ -3608,7 +3625,6 @@ qla2x00_error_entry(scsi_qla_host_t *vha, struct rsp_que *rsp, sts_entry_t *pkt) switch (pkt->entry_type) { case NOTIFY_ACK_TYPE: - case STATUS_TYPE: case STATUS_CONT_TYPE: case LOGINOUT_PORT_IOCB_TYPE: case CT_IOCB_TYPE: @@ -3628,6 +3644,14 @@ qla2x00_error_entry(scsi_qla_host_t *vha, struct rsp_que *rsp, sts_entry_t *pkt) case CTIO_TYPE7: case CTIO_CRC2: return 1; + case STATUS_TYPE: + sp = qla_get_sp_from_handle(vha, func, req, pkt, &index); + if (sp) { + sp->done(sp, res); + req->outstanding_cmds[index] = NULL; + return 0; + } + break; } fatal: ql_log(ql_log_warn, vha, 0x5030, diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c index 2fa695bf38b7..bc89d3da8fd0 100644 --- a/drivers/scsi/qla2xxx/qla_os.c +++ b/drivers/scsi/qla2xxx/qla_os.c @@ -1078,43 +1078,6 @@ qla2xxx_mqueuecommand(struct Scsi_Host *host, struct scsi_cmnd *cmd, return 0; } -/* - * qla2x00_eh_wait_on_command - * Waits for the command to be returned by the Firmware for some - * max time. - * - * Input: - * cmd = Scsi Command to wait on. - * - * Return: - * Completed in time : QLA_SUCCESS - * Did not complete in time : QLA_FUNCTION_FAILED - */ -static int -qla2x00_eh_wait_on_command(struct scsi_cmnd *cmd) -{ -#define ABORT_POLLING_PERIOD 1000 -#define ABORT_WAIT_ITER ((2 * 1000) / (ABORT_POLLING_PERIOD)) - unsigned long wait_iter = ABORT_WAIT_ITER; - scsi_qla_host_t *vha = shost_priv(cmd->device->host); - struct qla_hw_data *ha = vha->hw; - srb_t *sp = scsi_cmd_priv(cmd); - int ret = QLA_SUCCESS; - - if (unlikely(pci_channel_offline(ha->pdev)) || ha->flags.eeh_busy) { - ql_dbg(ql_dbg_taskm, vha, 0x8005, - "Return:eh_wait.\n"); - return ret; - } - - while (sp->type && wait_iter--) - msleep(ABORT_POLLING_PERIOD); - if (sp->type) - ret = QLA_FUNCTION_FAILED; - - return ret; -} - /* * qla2x00_wait_for_hba_online * Wait till the HBA is online after going through @@ -1365,6 +1328,9 @@ qla2xxx_eh_abort(struct scsi_cmnd *cmd) return ret; } +#define ABORT_POLLING_PERIOD 1000 +#define ABORT_WAIT_ITER ((2 * 1000) / (ABORT_POLLING_PERIOD)) + /* * Returns: QLA_SUCCESS or QLA_FUNCTION_FAILED. */ @@ -1378,41 +1344,73 @@ __qla2x00_eh_wait_for_pending_commands(struct qla_qpair *qpair, unsigned int t, struct req_que *req = qpair->req; srb_t *sp; struct scsi_cmnd *cmd; + unsigned long wait_iter = ABORT_WAIT_ITER; + bool found; + struct qla_hw_data *ha = vha->hw; status = QLA_SUCCESS; - spin_lock_irqsave(qpair->qp_lock_ptr, flags); - for (cnt = 1; status == QLA_SUCCESS && - cnt < req->num_outstanding_cmds; cnt++) { - sp = req->outstanding_cmds[cnt]; - if (!sp) - continue; - if (sp->type != SRB_SCSI_CMD) - continue; - if (vha->vp_idx != sp->vha->vp_idx) - continue; - match = 0; - cmd = GET_CMD_SP(sp); - switch (type) { - case WAIT_HOST: - match = 1; - break; - case WAIT_TARGET: - match = cmd->device->id == t; - break; - case WAIT_LUN: - match = (cmd->device->id == t && - cmd->device->lun == l); - break; - } - if (!match) - continue; + while (wait_iter--) { + found = false; - spin_unlock_irqrestore(qpair->qp_lock_ptr, flags); - status = qla2x00_eh_wait_on_command(cmd); spin_lock_irqsave(qpair->qp_lock_ptr, flags); + for (cnt = 1; cnt < req->num_outstanding_cmds; cnt++) { + sp = req->outstanding_cmds[cnt]; + if (!sp) + continue; + if (sp->type != SRB_SCSI_CMD) + continue; + if (vha->vp_idx != sp->vha->vp_idx) + continue; + match = 0; + cmd = GET_CMD_SP(sp); + switch (type) { + case WAIT_HOST: + match = 1; + break; + case WAIT_TARGET: + if (sp->fcport) + match = sp->fcport->d_id.b24 == t; + else + match = 0; + break; + case WAIT_LUN: + if (sp->fcport) + match = (sp->fcport->d_id.b24 == t && + cmd->device->lun == l); + else + match = 0; + break; + } + if (!match) + continue; + + spin_unlock_irqrestore(qpair->qp_lock_ptr, flags); + + if (unlikely(pci_channel_offline(ha->pdev)) || + ha->flags.eeh_busy) { + ql_dbg(ql_dbg_taskm, vha, 0x8005, + "Return:eh_wait.\n"); + return status; + } + + /* + * SRB_SCSI_CMD is still in the outstanding_cmds array. + * it means scsi_done has not called. Wait for it to + * clear from outstanding_cmds. + */ + msleep(ABORT_POLLING_PERIOD); + spin_lock_irqsave(qpair->qp_lock_ptr, flags); + found = true; + } + spin_unlock_irqrestore(qpair->qp_lock_ptr, flags); + + if (!found) + break; } - spin_unlock_irqrestore(qpair->qp_lock_ptr, flags); + + if (!wait_iter && found) + status = QLA_FUNCTION_FAILED; return status; }

2 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] scsi: qla2xxx: Fix mem access after free" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x b843adde8d490934d042fbe9e3e46697cb3a64d2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023072119-suitable-agency-7576@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: b843adde8d49 ("scsi: qla2xxx: Fix mem access after free") d3affdeb400f ("scsi: qla2xxx: Synchronize the IOCB count to be in order") c39587bc0aba ("scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts") 5597616333ea ("scsi: qla2xxx: Stop using the SCSI pointer") 79e30b884a01 ("scsi: qla2xxx: Call scsi_done() directly") e56b2234ab64 ("scsi: qla2xxx: Open-code qla2xxx_eh_target_reset()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b843adde8d490934d042fbe9e3e46697cb3a64d2 Mon Sep 17 00:00:00 2001 From: Quinn Tran <qutran(a)marvell.com> Date: Fri, 28 Apr 2023 00:53:37 -0700 Subject: [PATCH] scsi: qla2xxx: Fix mem access after free System crash, where driver is accessing scsi layer's memory (scsi_cmnd->device->host) to search for a well known internal pointer (vha). The scsi_cmnd was released back to upper layer which could be freed, but the driver is still accessing it. 7 [ffffa8e8d2c3f8d0] page_fault at ffffffff86c010fe [exception RIP: __qla2x00_eh_wait_for_pending_commands+240] RIP: ffffffffc0642350 RSP: ffffa8e8d2c3f988 RFLAGS: 00010286 RAX: 0000000000000165 RBX: 0000000000000002 RCX: 00000000000036d8 RDX: 0000000000000000 RSI: ffff9c5c56535188 RDI: 0000000000000286 RBP: ffff9c5bf7aa4a58 R8: ffff9c589aecdb70 R9: 00000000000003d1 R10: 0000000000000001 R11: 0000000000380000 R12: ffff9c5c5392bc78 R13: ffff9c57044ff5c0 R14: ffff9c56b5a3aa00 R15: 00000000000006db ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018 8 [ffffa8e8d2c3f9c8] qla2x00_eh_wait_for_pending_commands at ffffffffc0646dd5 [qla2xxx] 9 [ffffa8e8d2c3fa00] __qla2x00_async_tm_cmd at ffffffffc0658094 [qla2xxx] Remove access of freed memory. Currently the driver was checking to see if scsi_done was called by seeing if the sp->type has changed. Instead, check to see if the command has left the oustanding_cmds[] array as sign of scsi_done was called. Cc: stable(a)vger.kernel.org Signed-off-by: Quinn Tran <qutran(a)marvell.com> Signed-off-by: Nilesh Javali <njavali(a)marvell.com> Link: https://lore.kernel.org/r/20230428075339.32551-6-njavali@marvell.com Reviewed-by: Himanshu Madhani <himanshu.madhani(a)oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/scsi/qla2xxx/qla_isr.c b/drivers/scsi/qla2xxx/qla_isr.c index f3107508cf12..a07c010b0843 100644 --- a/drivers/scsi/qla2xxx/qla_isr.c +++ b/drivers/scsi/qla2xxx/qla_isr.c @@ -1862,9 +1862,9 @@ qla2x00_process_completed_request(struct scsi_qla_host *vha, } } -srb_t * -qla2x00_get_sp_from_handle(scsi_qla_host_t *vha, const char *func, - struct req_que *req, void *iocb) +static srb_t * +qla_get_sp_from_handle(scsi_qla_host_t *vha, const char *func, + struct req_que *req, void *iocb, u16 *ret_index) { struct qla_hw_data *ha = vha->hw; sts_entry_t *pkt = iocb; @@ -1899,12 +1899,25 @@ qla2x00_get_sp_from_handle(scsi_qla_host_t *vha, const char *func, return NULL; } - req->outstanding_cmds[index] = NULL; - + *ret_index = index; qla_put_fw_resources(sp->qpair, &sp->iores); return sp; } +srb_t * +qla2x00_get_sp_from_handle(scsi_qla_host_t *vha, const char *func, + struct req_que *req, void *iocb) +{ + uint16_t index; + srb_t *sp; + + sp = qla_get_sp_from_handle(vha, func, req, iocb, &index); + if (sp) + req->outstanding_cmds[index] = NULL; + + return sp; +} + static void qla2x00_mbx_iocb_entry(scsi_qla_host_t *vha, struct req_que *req, struct mbx_entry *mbx) @@ -3237,13 +3250,13 @@ qla2x00_status_entry(scsi_qla_host_t *vha, struct rsp_que *rsp, void *pkt) return; } - req->outstanding_cmds[handle] = NULL; cp = GET_CMD_SP(sp); if (cp == NULL) { ql_dbg(ql_dbg_io, vha, 0x3018, "Command already returned (0x%x/%p).\n", sts->handle, sp); + req->outstanding_cmds[handle] = NULL; return; } @@ -3514,6 +3527,9 @@ qla2x00_status_entry(scsi_qla_host_t *vha, struct rsp_que *rsp, void *pkt) if (rsp->status_srb == NULL) sp->done(sp, res); + + /* for io's, clearing of outstanding_cmds[handle] means scsi_done was called */ + req->outstanding_cmds[handle] = NULL; } /** @@ -3590,6 +3606,7 @@ qla2x00_error_entry(scsi_qla_host_t *vha, struct rsp_que *rsp, sts_entry_t *pkt) uint16_t que = MSW(pkt->handle); struct req_que *req = NULL; int res = DID_ERROR << 16; + u16 index; ql_dbg(ql_dbg_async, vha, 0x502a, "iocb type %xh with error status %xh, handle %xh, rspq id %d\n", @@ -3608,7 +3625,6 @@ qla2x00_error_entry(scsi_qla_host_t *vha, struct rsp_que *rsp, sts_entry_t *pkt) switch (pkt->entry_type) { case NOTIFY_ACK_TYPE: - case STATUS_TYPE: case STATUS_CONT_TYPE: case LOGINOUT_PORT_IOCB_TYPE: case CT_IOCB_TYPE: @@ -3628,6 +3644,14 @@ qla2x00_error_entry(scsi_qla_host_t *vha, struct rsp_que *rsp, sts_entry_t *pkt) case CTIO_TYPE7: case CTIO_CRC2: return 1; + case STATUS_TYPE: + sp = qla_get_sp_from_handle(vha, func, req, pkt, &index); + if (sp) { + sp->done(sp, res); + req->outstanding_cmds[index] = NULL; + return 0; + } + break; } fatal: ql_log(ql_log_warn, vha, 0x5030, diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c index 2fa695bf38b7..bc89d3da8fd0 100644 --- a/drivers/scsi/qla2xxx/qla_os.c +++ b/drivers/scsi/qla2xxx/qla_os.c @@ -1078,43 +1078,6 @@ qla2xxx_mqueuecommand(struct Scsi_Host *host, struct scsi_cmnd *cmd, return 0; } -/* - * qla2x00_eh_wait_on_command - * Waits for the command to be returned by the Firmware for some - * max time. - * - * Input: - * cmd = Scsi Command to wait on. - * - * Return: - * Completed in time : QLA_SUCCESS - * Did not complete in time : QLA_FUNCTION_FAILED - */ -static int -qla2x00_eh_wait_on_command(struct scsi_cmnd *cmd) -{ -#define ABORT_POLLING_PERIOD 1000 -#define ABORT_WAIT_ITER ((2 * 1000) / (ABORT_POLLING_PERIOD)) - unsigned long wait_iter = ABORT_WAIT_ITER; - scsi_qla_host_t *vha = shost_priv(cmd->device->host); - struct qla_hw_data *ha = vha->hw; - srb_t *sp = scsi_cmd_priv(cmd); - int ret = QLA_SUCCESS; - - if (unlikely(pci_channel_offline(ha->pdev)) || ha->flags.eeh_busy) { - ql_dbg(ql_dbg_taskm, vha, 0x8005, - "Return:eh_wait.\n"); - return ret; - } - - while (sp->type && wait_iter--) - msleep(ABORT_POLLING_PERIOD); - if (sp->type) - ret = QLA_FUNCTION_FAILED; - - return ret; -} - /* * qla2x00_wait_for_hba_online * Wait till the HBA is online after going through @@ -1365,6 +1328,9 @@ qla2xxx_eh_abort(struct scsi_cmnd *cmd) return ret; } +#define ABORT_POLLING_PERIOD 1000 +#define ABORT_WAIT_ITER ((2 * 1000) / (ABORT_POLLING_PERIOD)) + /* * Returns: QLA_SUCCESS or QLA_FUNCTION_FAILED. */ @@ -1378,41 +1344,73 @@ __qla2x00_eh_wait_for_pending_commands(struct qla_qpair *qpair, unsigned int t, struct req_que *req = qpair->req; srb_t *sp; struct scsi_cmnd *cmd; + unsigned long wait_iter = ABORT_WAIT_ITER; + bool found; + struct qla_hw_data *ha = vha->hw; status = QLA_SUCCESS; - spin_lock_irqsave(qpair->qp_lock_ptr, flags); - for (cnt = 1; status == QLA_SUCCESS && - cnt < req->num_outstanding_cmds; cnt++) { - sp = req->outstanding_cmds[cnt]; - if (!sp) - continue; - if (sp->type != SRB_SCSI_CMD) - continue; - if (vha->vp_idx != sp->vha->vp_idx) - continue; - match = 0; - cmd = GET_CMD_SP(sp); - switch (type) { - case WAIT_HOST: - match = 1; - break; - case WAIT_TARGET: - match = cmd->device->id == t; - break; - case WAIT_LUN: - match = (cmd->device->id == t && - cmd->device->lun == l); - break; - } - if (!match) - continue; + while (wait_iter--) { + found = false; - spin_unlock_irqrestore(qpair->qp_lock_ptr, flags); - status = qla2x00_eh_wait_on_command(cmd); spin_lock_irqsave(qpair->qp_lock_ptr, flags); + for (cnt = 1; cnt < req->num_outstanding_cmds; cnt++) { + sp = req->outstanding_cmds[cnt]; + if (!sp) + continue; + if (sp->type != SRB_SCSI_CMD) + continue; + if (vha->vp_idx != sp->vha->vp_idx) + continue; + match = 0; + cmd = GET_CMD_SP(sp); + switch (type) { + case WAIT_HOST: + match = 1; + break; + case WAIT_TARGET: + if (sp->fcport) + match = sp->fcport->d_id.b24 == t; + else + match = 0; + break; + case WAIT_LUN: + if (sp->fcport) + match = (sp->fcport->d_id.b24 == t && + cmd->device->lun == l); + else + match = 0; + break; + } + if (!match) + continue; + + spin_unlock_irqrestore(qpair->qp_lock_ptr, flags); + + if (unlikely(pci_channel_offline(ha->pdev)) || + ha->flags.eeh_busy) { + ql_dbg(ql_dbg_taskm, vha, 0x8005, + "Return:eh_wait.\n"); + return status; + } + + /* + * SRB_SCSI_CMD is still in the outstanding_cmds array. + * it means scsi_done has not called. Wait for it to + * clear from outstanding_cmds. + */ + msleep(ABORT_POLLING_PERIOD); + spin_lock_irqsave(qpair->qp_lock_ptr, flags); + found = true; + } + spin_unlock_irqrestore(qpair->qp_lock_ptr, flags); + + if (!found) + break; } - spin_unlock_irqrestore(qpair->qp_lock_ptr, flags); + + if (!wait_iter && found) + status = QLA_FUNCTION_FAILED; return status; }

2 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] scsi: qla2xxx: Fix mem access after free" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x b843adde8d490934d042fbe9e3e46697cb3a64d2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023072118-elastic-legal-97b0@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: b843adde8d49 ("scsi: qla2xxx: Fix mem access after free") d3affdeb400f ("scsi: qla2xxx: Synchronize the IOCB count to be in order") c39587bc0aba ("scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts") 5597616333ea ("scsi: qla2xxx: Stop using the SCSI pointer") 79e30b884a01 ("scsi: qla2xxx: Call scsi_done() directly") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b843adde8d490934d042fbe9e3e46697cb3a64d2 Mon Sep 17 00:00:00 2001 From: Quinn Tran <qutran(a)marvell.com> Date: Fri, 28 Apr 2023 00:53:37 -0700 Subject: [PATCH] scsi: qla2xxx: Fix mem access after free System crash, where driver is accessing scsi layer's memory (scsi_cmnd->device->host) to search for a well known internal pointer (vha). The scsi_cmnd was released back to upper layer which could be freed, but the driver is still accessing it. 7 [ffffa8e8d2c3f8d0] page_fault at ffffffff86c010fe [exception RIP: __qla2x00_eh_wait_for_pending_commands+240] RIP: ffffffffc0642350 RSP: ffffa8e8d2c3f988 RFLAGS: 00010286 RAX: 0000000000000165 RBX: 0000000000000002 RCX: 00000000000036d8 RDX: 0000000000000000 RSI: ffff9c5c56535188 RDI: 0000000000000286 RBP: ffff9c5bf7aa4a58 R8: ffff9c589aecdb70 R9: 00000000000003d1 R10: 0000000000000001 R11: 0000000000380000 R12: ffff9c5c5392bc78 R13: ffff9c57044ff5c0 R14: ffff9c56b5a3aa00 R15: 00000000000006db ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018 8 [ffffa8e8d2c3f9c8] qla2x00_eh_wait_for_pending_commands at ffffffffc0646dd5 [qla2xxx] 9 [ffffa8e8d2c3fa00] __qla2x00_async_tm_cmd at ffffffffc0658094 [qla2xxx] Remove access of freed memory. Currently the driver was checking to see if scsi_done was called by seeing if the sp->type has changed. Instead, check to see if the command has left the oustanding_cmds[] array as sign of scsi_done was called. Cc: stable(a)vger.kernel.org Signed-off-by: Quinn Tran <qutran(a)marvell.com> Signed-off-by: Nilesh Javali <njavali(a)marvell.com> Link: https://lore.kernel.org/r/20230428075339.32551-6-njavali@marvell.com Reviewed-by: Himanshu Madhani <himanshu.madhani(a)oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/scsi/qla2xxx/qla_isr.c b/drivers/scsi/qla2xxx/qla_isr.c index f3107508cf12..a07c010b0843 100644 --- a/drivers/scsi/qla2xxx/qla_isr.c +++ b/drivers/scsi/qla2xxx/qla_isr.c @@ -1862,9 +1862,9 @@ qla2x00_process_completed_request(struct scsi_qla_host *vha, } } -srb_t * -qla2x00_get_sp_from_handle(scsi_qla_host_t *vha, const char *func, - struct req_que *req, void *iocb) +static srb_t * +qla_get_sp_from_handle(scsi_qla_host_t *vha, const char *func, + struct req_que *req, void *iocb, u16 *ret_index) { struct qla_hw_data *ha = vha->hw; sts_entry_t *pkt = iocb; @@ -1899,12 +1899,25 @@ qla2x00_get_sp_from_handle(scsi_qla_host_t *vha, const char *func, return NULL; } - req->outstanding_cmds[index] = NULL; - + *ret_index = index; qla_put_fw_resources(sp->qpair, &sp->iores); return sp; } +srb_t * +qla2x00_get_sp_from_handle(scsi_qla_host_t *vha, const char *func, + struct req_que *req, void *iocb) +{ + uint16_t index; + srb_t *sp; + + sp = qla_get_sp_from_handle(vha, func, req, iocb, &index); + if (sp) + req->outstanding_cmds[index] = NULL; + + return sp; +} + static void qla2x00_mbx_iocb_entry(scsi_qla_host_t *vha, struct req_que *req, struct mbx_entry *mbx) @@ -3237,13 +3250,13 @@ qla2x00_status_entry(scsi_qla_host_t *vha, struct rsp_que *rsp, void *pkt) return; } - req->outstanding_cmds[handle] = NULL; cp = GET_CMD_SP(sp); if (cp == NULL) { ql_dbg(ql_dbg_io, vha, 0x3018, "Command already returned (0x%x/%p).\n", sts->handle, sp); + req->outstanding_cmds[handle] = NULL; return; } @@ -3514,6 +3527,9 @@ qla2x00_status_entry(scsi_qla_host_t *vha, struct rsp_que *rsp, void *pkt) if (rsp->status_srb == NULL) sp->done(sp, res); + + /* for io's, clearing of outstanding_cmds[handle] means scsi_done was called */ + req->outstanding_cmds[handle] = NULL; } /** @@ -3590,6 +3606,7 @@ qla2x00_error_entry(scsi_qla_host_t *vha, struct rsp_que *rsp, sts_entry_t *pkt) uint16_t que = MSW(pkt->handle); struct req_que *req = NULL; int res = DID_ERROR << 16; + u16 index; ql_dbg(ql_dbg_async, vha, 0x502a, "iocb type %xh with error status %xh, handle %xh, rspq id %d\n", @@ -3608,7 +3625,6 @@ qla2x00_error_entry(scsi_qla_host_t *vha, struct rsp_que *rsp, sts_entry_t *pkt) switch (pkt->entry_type) { case NOTIFY_ACK_TYPE: - case STATUS_TYPE: case STATUS_CONT_TYPE: case LOGINOUT_PORT_IOCB_TYPE: case CT_IOCB_TYPE: @@ -3628,6 +3644,14 @@ qla2x00_error_entry(scsi_qla_host_t *vha, struct rsp_que *rsp, sts_entry_t *pkt) case CTIO_TYPE7: case CTIO_CRC2: return 1; + case STATUS_TYPE: + sp = qla_get_sp_from_handle(vha, func, req, pkt, &index); + if (sp) { + sp->done(sp, res); + req->outstanding_cmds[index] = NULL; + return 0; + } + break; } fatal: ql_log(ql_log_warn, vha, 0x5030, diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c index 2fa695bf38b7..bc89d3da8fd0 100644 --- a/drivers/scsi/qla2xxx/qla_os.c +++ b/drivers/scsi/qla2xxx/qla_os.c @@ -1078,43 +1078,6 @@ qla2xxx_mqueuecommand(struct Scsi_Host *host, struct scsi_cmnd *cmd, return 0; } -/* - * qla2x00_eh_wait_on_command - * Waits for the command to be returned by the Firmware for some - * max time. - * - * Input: - * cmd = Scsi Command to wait on. - * - * Return: - * Completed in time : QLA_SUCCESS - * Did not complete in time : QLA_FUNCTION_FAILED - */ -static int -qla2x00_eh_wait_on_command(struct scsi_cmnd *cmd) -{ -#define ABORT_POLLING_PERIOD 1000 -#define ABORT_WAIT_ITER ((2 * 1000) / (ABORT_POLLING_PERIOD)) - unsigned long wait_iter = ABORT_WAIT_ITER; - scsi_qla_host_t *vha = shost_priv(cmd->device->host); - struct qla_hw_data *ha = vha->hw; - srb_t *sp = scsi_cmd_priv(cmd); - int ret = QLA_SUCCESS; - - if (unlikely(pci_channel_offline(ha->pdev)) || ha->flags.eeh_busy) { - ql_dbg(ql_dbg_taskm, vha, 0x8005, - "Return:eh_wait.\n"); - return ret; - } - - while (sp->type && wait_iter--) - msleep(ABORT_POLLING_PERIOD); - if (sp->type) - ret = QLA_FUNCTION_FAILED; - - return ret; -} - /* * qla2x00_wait_for_hba_online * Wait till the HBA is online after going through @@ -1365,6 +1328,9 @@ qla2xxx_eh_abort(struct scsi_cmnd *cmd) return ret; } +#define ABORT_POLLING_PERIOD 1000 +#define ABORT_WAIT_ITER ((2 * 1000) / (ABORT_POLLING_PERIOD)) + /* * Returns: QLA_SUCCESS or QLA_FUNCTION_FAILED. */ @@ -1378,41 +1344,73 @@ __qla2x00_eh_wait_for_pending_commands(struct qla_qpair *qpair, unsigned int t, struct req_que *req = qpair->req; srb_t *sp; struct scsi_cmnd *cmd; + unsigned long wait_iter = ABORT_WAIT_ITER; + bool found; + struct qla_hw_data *ha = vha->hw; status = QLA_SUCCESS; - spin_lock_irqsave(qpair->qp_lock_ptr, flags); - for (cnt = 1; status == QLA_SUCCESS && - cnt < req->num_outstanding_cmds; cnt++) { - sp = req->outstanding_cmds[cnt]; - if (!sp) - continue; - if (sp->type != SRB_SCSI_CMD) - continue; - if (vha->vp_idx != sp->vha->vp_idx) - continue; - match = 0; - cmd = GET_CMD_SP(sp); - switch (type) { - case WAIT_HOST: - match = 1; - break; - case WAIT_TARGET: - match = cmd->device->id == t; - break; - case WAIT_LUN: - match = (cmd->device->id == t && - cmd->device->lun == l); - break; - } - if (!match) - continue; + while (wait_iter--) { + found = false; - spin_unlock_irqrestore(qpair->qp_lock_ptr, flags); - status = qla2x00_eh_wait_on_command(cmd); spin_lock_irqsave(qpair->qp_lock_ptr, flags); + for (cnt = 1; cnt < req->num_outstanding_cmds; cnt++) { + sp = req->outstanding_cmds[cnt]; + if (!sp) + continue; + if (sp->type != SRB_SCSI_CMD) + continue; + if (vha->vp_idx != sp->vha->vp_idx) + continue; + match = 0; + cmd = GET_CMD_SP(sp); + switch (type) { + case WAIT_HOST: + match = 1; + break; + case WAIT_TARGET: + if (sp->fcport) + match = sp->fcport->d_id.b24 == t; + else + match = 0; + break; + case WAIT_LUN: + if (sp->fcport) + match = (sp->fcport->d_id.b24 == t && + cmd->device->lun == l); + else + match = 0; + break; + } + if (!match) + continue; + + spin_unlock_irqrestore(qpair->qp_lock_ptr, flags); + + if (unlikely(pci_channel_offline(ha->pdev)) || + ha->flags.eeh_busy) { + ql_dbg(ql_dbg_taskm, vha, 0x8005, + "Return:eh_wait.\n"); + return status; + } + + /* + * SRB_SCSI_CMD is still in the outstanding_cmds array. + * it means scsi_done has not called. Wait for it to + * clear from outstanding_cmds. + */ + msleep(ABORT_POLLING_PERIOD); + spin_lock_irqsave(qpair->qp_lock_ptr, flags); + found = true; + } + spin_unlock_irqrestore(qpair->qp_lock_ptr, flags); + + if (!found) + break; } - spin_unlock_irqrestore(qpair->qp_lock_ptr, flags); + + if (!wait_iter && found) + status = QLA_FUNCTION_FAILED; return status; }

2 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] scsi: qla2xxx: Fix hang in task management" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.14.y git checkout FETCH_HEAD git cherry-pick -x 9ae615c5bfd37bd091772969b1153de5335ea986 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023072152-rescuer-activist-af55@gregkh' --subject-prefix 'PATCH 4.14.y' HEAD^.. Possible dependencies: 9ae615c5bfd3 ("scsi: qla2xxx: Fix hang in task management") 6a87679626b5 ("scsi: qla2xxx: Fix task management cmd fail due to unavailable resource") 9803fb5d2759 ("scsi: qla2xxx: Fix task management cmd failure") d90171dd0da5 ("scsi: qla2xxx: Multi-que support for TMF") 5f63a163ed2f ("scsi: qla2xxx: Fix exchange oversubscription for management commands") 41e5afe51f75 ("scsi: qla2xxx: Fix exchange oversubscription") 68ad83188d78 ("scsi: qla2xxx: Fix crash when I/O abort times out") 1b80addaae09 ("scsi: qla2xxx: Remove unused declarations for qla2xxx") f12d2d130efc ("scsi: qla2xxx: Add debug prints in the device remove path") 118b0c863c8f ("scsi: qla2xxx: Fix losing target when it reappears during delete") 63ab6cb582fa ("scsi: qla2xxx: edif: Fix I/O timeout due to over-subscription") c02aada06d19 ("scsi: qla2xxx: Fix hang due to session stuck") 31e6cdbe0eae ("scsi: qla2xxx: Implement ref count for SRB") d4523bd6fd5d ("scsi: qla2xxx: Refactor asynchronous command initialization") 91f6f5fbe87b ("scsi: qla2xxx: edif: Reduce connection thrash") bb2ca6b3f09a ("scsi: qla2xxx: Relogin during fabric disturbance") 7a8ff7d9854a ("scsi: qla2xxx: Fix NVMe session down detection") 2cabf10dbbe3 ("scsi: qla2xxx: Fix hang on NVMe command timeouts") 225479296c4f ("scsi: qla2xxx: edif: Reject AUTH ELS on session down") 44c57f205876 ("scsi: qla2xxx: Changes to support FCP2 Target") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9ae615c5bfd37bd091772969b1153de5335ea986 Mon Sep 17 00:00:00 2001 From: Quinn Tran <qutran(a)marvell.com> Date: Fri, 28 Apr 2023 00:53:36 -0700 Subject: [PATCH] scsi: qla2xxx: Fix hang in task management Task management command hangs where a side band chip reset failed to nudge the TMF from it's current send path. Add additional error check to block TMF from entering during chip reset and along the TMF path to cause it to bail out, skip over abort of marker. Cc: stable(a)vger.kernel.org Signed-off-by: Quinn Tran <qutran(a)marvell.com> Signed-off-by: Nilesh Javali <njavali(a)marvell.com> Link: https://lore.kernel.org/r/20230428075339.32551-5-njavali@marvell.com Reviewed-by: Himanshu Madhani <himanshu.madhani(a)oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/scsi/qla2xxx/qla_def.h b/drivers/scsi/qla2xxx/qla_def.h index e345ccbff807..dfee3b41bdf1 100644 --- a/drivers/scsi/qla2xxx/qla_def.h +++ b/drivers/scsi/qla2xxx/qla_def.h @@ -5515,4 +5515,8 @@ struct ql_vnd_tgt_stats_resp { _fp->disc_state, _fp->scan_state, _fp->loop_id, _fp->deleted, \ _fp->flags +#define TMF_NOT_READY(_fcport) \ + (!_fcport || IS_SESSION_DELETED(_fcport) || atomic_read(&_fcport->state) != FCS_ONLINE || \ + !_fcport->vha->hw->flags.fw_started) + #endif diff --git a/drivers/scsi/qla2xxx/qla_init.c b/drivers/scsi/qla2xxx/qla_init.c index 84841edcd1b5..0df6eae7324e 100644 --- a/drivers/scsi/qla2xxx/qla_init.c +++ b/drivers/scsi/qla2xxx/qla_init.c @@ -1996,6 +1996,11 @@ qla2x00_tmf_iocb_timeout(void *data) int rc, h; unsigned long flags; + if (sp->type == SRB_MARKER) { + complete(&tmf->u.tmf.comp); + return; + } + rc = qla24xx_async_abort_cmd(sp, false); if (rc) { spin_lock_irqsave(sp->qpair->qp_lock_ptr, flags); @@ -2023,6 +2028,7 @@ static void qla_marker_sp_done(srb_t *sp, int res) sp->handle, sp->fcport->d_id.b24, sp->u.iocb_cmd.u.tmf.flags, sp->u.iocb_cmd.u.tmf.lun, sp->qpair->id); + sp->u.iocb_cmd.u.tmf.data = res; complete(&tmf->u.tmf.comp); } @@ -2039,6 +2045,11 @@ static void qla_marker_sp_done(srb_t *sp, int res) } while (cnt); \ } +/** + * qla26xx_marker: send marker IOCB and wait for the completion of it. + * @arg: pointer to argument list. + * It is assume caller will provide an fcport pointer and modifier + */ static int qla26xx_marker(struct tmf_arg *arg) { @@ -2048,6 +2059,14 @@ qla26xx_marker(struct tmf_arg *arg) int rval = QLA_FUNCTION_FAILED; fc_port_t *fcport = arg->fcport; + if (TMF_NOT_READY(arg->fcport)) { + ql_dbg(ql_dbg_taskm, vha, 0x8039, + "FC port not ready for marker loop-id=%x portid=%06x modifier=%x lun=%lld qp=%d.\n", + fcport->loop_id, fcport->d_id.b24, + arg->modifier, arg->lun, arg->qpair->id); + return QLA_SUSPENDED; + } + /* ref: INIT */ sp = qla2xxx_get_qpair_sp(vha, arg->qpair, fcport, GFP_KERNEL); if (!sp) @@ -2074,11 +2093,19 @@ qla26xx_marker(struct tmf_arg *arg) if (rval != QLA_SUCCESS) { ql_log(ql_log_warn, vha, 0x8031, - "Marker IOCB failed (%x).\n", rval); + "Marker IOCB send failure (%x).\n", rval); goto done_free_sp; } wait_for_completion(&tm_iocb->u.tmf.comp); + rval = tm_iocb->u.tmf.data; + + if (rval != QLA_SUCCESS) { + ql_log(ql_log_warn, vha, 0x8019, + "Marker failed hdl=%x loop-id=%x portid=%06x modifier=%x lun=%lld qp=%d rval %d.\n", + sp->handle, fcport->loop_id, fcport->d_id.b24, + arg->modifier, arg->lun, sp->qpair->id, rval); + } done_free_sp: /* ref: INIT */ @@ -2091,6 +2118,8 @@ static void qla2x00_tmf_sp_done(srb_t *sp, int res) { struct srb_iocb *tmf = &sp->u.iocb_cmd; + if (res) + tmf->u.tmf.data = res; complete(&tmf->u.tmf.comp); } @@ -2104,6 +2133,14 @@ __qla2x00_async_tm_cmd(struct tmf_arg *arg) fc_port_t *fcport = arg->fcport; + if (TMF_NOT_READY(arg->fcport)) { + ql_dbg(ql_dbg_taskm, vha, 0x8032, + "FC port not ready for TM command loop-id=%x portid=%06x modifier=%x lun=%lld qp=%d.\n", + fcport->loop_id, fcport->d_id.b24, + arg->modifier, arg->lun, arg->qpair->id); + return QLA_SUSPENDED; + } + /* ref: INIT */ sp = qla2xxx_get_qpair_sp(vha, arg->qpair, fcport, GFP_KERNEL); if (!sp) @@ -2178,7 +2215,9 @@ int qla_get_tmf(fc_port_t *fcport) msleep(1); spin_lock_irqsave(&ha->tgt.sess_lock, flags); - if (fcport->deleted) { + if (TMF_NOT_READY(fcport)) { + ql_log(ql_log_warn, vha, 0x802c, + "Unable to acquire TM resource due to disruption.\n"); rc = EIO; break; } @@ -2204,7 +2243,10 @@ qla2x00_async_tm_cmd(fc_port_t *fcport, uint32_t flags, uint64_t lun, struct scsi_qla_host *vha = fcport->vha; struct qla_qpair *qpair; struct tmf_arg a; - int i, rval; + int i, rval = QLA_SUCCESS; + + if (TMF_NOT_READY(fcport)) + return QLA_SUSPENDED; a.vha = fcport->vha; a.fcport = fcport; @@ -2223,6 +2265,14 @@ qla2x00_async_tm_cmd(fc_port_t *fcport, uint32_t flags, uint64_t lun, qpair = vha->hw->queue_pair_map[i]; if (!qpair) continue; + + if (TMF_NOT_READY(fcport)) { + ql_log(ql_log_warn, vha, 0x8026, + "Unable to send TM due to disruption.\n"); + rval = QLA_SUSPENDED; + break; + } + a.qpair = qpair; a.flags = flags|TCF_NOTMCMD_TO_TARGET; rval = __qla2x00_async_tm_cmd(&a); @@ -2231,10 +2281,14 @@ qla2x00_async_tm_cmd(fc_port_t *fcport, uint32_t flags, uint64_t lun, } } + if (rval) + goto bailout; + a.qpair = vha->hw->base_qpair; a.flags = flags; rval = __qla2x00_async_tm_cmd(&a); +bailout: if (a.modifier == MK_SYNC_ID_LUN) qla_put_tmf(fcport);

2 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] scsi: qla2xxx: Fix hang in task management" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 9ae615c5bfd37bd091772969b1153de5335ea986 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023072151-obituary-jimmy-5eb3@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 9ae615c5bfd3 ("scsi: qla2xxx: Fix hang in task management") 6a87679626b5 ("scsi: qla2xxx: Fix task management cmd fail due to unavailable resource") 9803fb5d2759 ("scsi: qla2xxx: Fix task management cmd failure") d90171dd0da5 ("scsi: qla2xxx: Multi-que support for TMF") 5f63a163ed2f ("scsi: qla2xxx: Fix exchange oversubscription for management commands") 41e5afe51f75 ("scsi: qla2xxx: Fix exchange oversubscription") 68ad83188d78 ("scsi: qla2xxx: Fix crash when I/O abort times out") 1b80addaae09 ("scsi: qla2xxx: Remove unused declarations for qla2xxx") f12d2d130efc ("scsi: qla2xxx: Add debug prints in the device remove path") 118b0c863c8f ("scsi: qla2xxx: Fix losing target when it reappears during delete") 63ab6cb582fa ("scsi: qla2xxx: edif: Fix I/O timeout due to over-subscription") c02aada06d19 ("scsi: qla2xxx: Fix hang due to session stuck") 31e6cdbe0eae ("scsi: qla2xxx: Implement ref count for SRB") d4523bd6fd5d ("scsi: qla2xxx: Refactor asynchronous command initialization") 91f6f5fbe87b ("scsi: qla2xxx: edif: Reduce connection thrash") bb2ca6b3f09a ("scsi: qla2xxx: Relogin during fabric disturbance") 7a8ff7d9854a ("scsi: qla2xxx: Fix NVMe session down detection") 2cabf10dbbe3 ("scsi: qla2xxx: Fix hang on NVMe command timeouts") 225479296c4f ("scsi: qla2xxx: edif: Reject AUTH ELS on session down") 44c57f205876 ("scsi: qla2xxx: Changes to support FCP2 Target") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9ae615c5bfd37bd091772969b1153de5335ea986 Mon Sep 17 00:00:00 2001 From: Quinn Tran <qutran(a)marvell.com> Date: Fri, 28 Apr 2023 00:53:36 -0700 Subject: [PATCH] scsi: qla2xxx: Fix hang in task management Task management command hangs where a side band chip reset failed to nudge the TMF from it's current send path. Add additional error check to block TMF from entering during chip reset and along the TMF path to cause it to bail out, skip over abort of marker. Cc: stable(a)vger.kernel.org Signed-off-by: Quinn Tran <qutran(a)marvell.com> Signed-off-by: Nilesh Javali <njavali(a)marvell.com> Link: https://lore.kernel.org/r/20230428075339.32551-5-njavali@marvell.com Reviewed-by: Himanshu Madhani <himanshu.madhani(a)oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/scsi/qla2xxx/qla_def.h b/drivers/scsi/qla2xxx/qla_def.h index e345ccbff807..dfee3b41bdf1 100644 --- a/drivers/scsi/qla2xxx/qla_def.h +++ b/drivers/scsi/qla2xxx/qla_def.h @@ -5515,4 +5515,8 @@ struct ql_vnd_tgt_stats_resp { _fp->disc_state, _fp->scan_state, _fp->loop_id, _fp->deleted, \ _fp->flags +#define TMF_NOT_READY(_fcport) \ + (!_fcport || IS_SESSION_DELETED(_fcport) || atomic_read(&_fcport->state) != FCS_ONLINE || \ + !_fcport->vha->hw->flags.fw_started) + #endif diff --git a/drivers/scsi/qla2xxx/qla_init.c b/drivers/scsi/qla2xxx/qla_init.c index 84841edcd1b5..0df6eae7324e 100644 --- a/drivers/scsi/qla2xxx/qla_init.c +++ b/drivers/scsi/qla2xxx/qla_init.c @@ -1996,6 +1996,11 @@ qla2x00_tmf_iocb_timeout(void *data) int rc, h; unsigned long flags; + if (sp->type == SRB_MARKER) { + complete(&tmf->u.tmf.comp); + return; + } + rc = qla24xx_async_abort_cmd(sp, false); if (rc) { spin_lock_irqsave(sp->qpair->qp_lock_ptr, flags); @@ -2023,6 +2028,7 @@ static void qla_marker_sp_done(srb_t *sp, int res) sp->handle, sp->fcport->d_id.b24, sp->u.iocb_cmd.u.tmf.flags, sp->u.iocb_cmd.u.tmf.lun, sp->qpair->id); + sp->u.iocb_cmd.u.tmf.data = res; complete(&tmf->u.tmf.comp); } @@ -2039,6 +2045,11 @@ static void qla_marker_sp_done(srb_t *sp, int res) } while (cnt); \ } +/** + * qla26xx_marker: send marker IOCB and wait for the completion of it. + * @arg: pointer to argument list. + * It is assume caller will provide an fcport pointer and modifier + */ static int qla26xx_marker(struct tmf_arg *arg) { @@ -2048,6 +2059,14 @@ qla26xx_marker(struct tmf_arg *arg) int rval = QLA_FUNCTION_FAILED; fc_port_t *fcport = arg->fcport; + if (TMF_NOT_READY(arg->fcport)) { + ql_dbg(ql_dbg_taskm, vha, 0x8039, + "FC port not ready for marker loop-id=%x portid=%06x modifier=%x lun=%lld qp=%d.\n", + fcport->loop_id, fcport->d_id.b24, + arg->modifier, arg->lun, arg->qpair->id); + return QLA_SUSPENDED; + } + /* ref: INIT */ sp = qla2xxx_get_qpair_sp(vha, arg->qpair, fcport, GFP_KERNEL); if (!sp) @@ -2074,11 +2093,19 @@ qla26xx_marker(struct tmf_arg *arg) if (rval != QLA_SUCCESS) { ql_log(ql_log_warn, vha, 0x8031, - "Marker IOCB failed (%x).\n", rval); + "Marker IOCB send failure (%x).\n", rval); goto done_free_sp; } wait_for_completion(&tm_iocb->u.tmf.comp); + rval = tm_iocb->u.tmf.data; + + if (rval != QLA_SUCCESS) { + ql_log(ql_log_warn, vha, 0x8019, + "Marker failed hdl=%x loop-id=%x portid=%06x modifier=%x lun=%lld qp=%d rval %d.\n", + sp->handle, fcport->loop_id, fcport->d_id.b24, + arg->modifier, arg->lun, sp->qpair->id, rval); + } done_free_sp: /* ref: INIT */ @@ -2091,6 +2118,8 @@ static void qla2x00_tmf_sp_done(srb_t *sp, int res) { struct srb_iocb *tmf = &sp->u.iocb_cmd; + if (res) + tmf->u.tmf.data = res; complete(&tmf->u.tmf.comp); } @@ -2104,6 +2133,14 @@ __qla2x00_async_tm_cmd(struct tmf_arg *arg) fc_port_t *fcport = arg->fcport; + if (TMF_NOT_READY(arg->fcport)) { + ql_dbg(ql_dbg_taskm, vha, 0x8032, + "FC port not ready for TM command loop-id=%x portid=%06x modifier=%x lun=%lld qp=%d.\n", + fcport->loop_id, fcport->d_id.b24, + arg->modifier, arg->lun, arg->qpair->id); + return QLA_SUSPENDED; + } + /* ref: INIT */ sp = qla2xxx_get_qpair_sp(vha, arg->qpair, fcport, GFP_KERNEL); if (!sp) @@ -2178,7 +2215,9 @@ int qla_get_tmf(fc_port_t *fcport) msleep(1); spin_lock_irqsave(&ha->tgt.sess_lock, flags); - if (fcport->deleted) { + if (TMF_NOT_READY(fcport)) { + ql_log(ql_log_warn, vha, 0x802c, + "Unable to acquire TM resource due to disruption.\n"); rc = EIO; break; } @@ -2204,7 +2243,10 @@ qla2x00_async_tm_cmd(fc_port_t *fcport, uint32_t flags, uint64_t lun, struct scsi_qla_host *vha = fcport->vha; struct qla_qpair *qpair; struct tmf_arg a; - int i, rval; + int i, rval = QLA_SUCCESS; + + if (TMF_NOT_READY(fcport)) + return QLA_SUSPENDED; a.vha = fcport->vha; a.fcport = fcport; @@ -2223,6 +2265,14 @@ qla2x00_async_tm_cmd(fc_port_t *fcport, uint32_t flags, uint64_t lun, qpair = vha->hw->queue_pair_map[i]; if (!qpair) continue; + + if (TMF_NOT_READY(fcport)) { + ql_log(ql_log_warn, vha, 0x8026, + "Unable to send TM due to disruption.\n"); + rval = QLA_SUSPENDED; + break; + } + a.qpair = qpair; a.flags = flags|TCF_NOTMCMD_TO_TARGET; rval = __qla2x00_async_tm_cmd(&a); @@ -2231,10 +2281,14 @@ qla2x00_async_tm_cmd(fc_port_t *fcport, uint32_t flags, uint64_t lun, } } + if (rval) + goto bailout; + a.qpair = vha->hw->base_qpair; a.flags = flags; rval = __qla2x00_async_tm_cmd(&a); +bailout: if (a.modifier == MK_SYNC_ID_LUN) qla_put_tmf(fcport);

2 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] scsi: qla2xxx: Fix hang in task management" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 9ae615c5bfd37bd091772969b1153de5335ea986 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023072150-overdue-spectacle-7992@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 9ae615c5bfd3 ("scsi: qla2xxx: Fix hang in task management") 6a87679626b5 ("scsi: qla2xxx: Fix task management cmd fail due to unavailable resource") 9803fb5d2759 ("scsi: qla2xxx: Fix task management cmd failure") d90171dd0da5 ("scsi: qla2xxx: Multi-que support for TMF") 5f63a163ed2f ("scsi: qla2xxx: Fix exchange oversubscription for management commands") 41e5afe51f75 ("scsi: qla2xxx: Fix exchange oversubscription") 68ad83188d78 ("scsi: qla2xxx: Fix crash when I/O abort times out") 1b80addaae09 ("scsi: qla2xxx: Remove unused declarations for qla2xxx") f12d2d130efc ("scsi: qla2xxx: Add debug prints in the device remove path") 118b0c863c8f ("scsi: qla2xxx: Fix losing target when it reappears during delete") 63ab6cb582fa ("scsi: qla2xxx: edif: Fix I/O timeout due to over-subscription") c02aada06d19 ("scsi: qla2xxx: Fix hang due to session stuck") 31e6cdbe0eae ("scsi: qla2xxx: Implement ref count for SRB") d4523bd6fd5d ("scsi: qla2xxx: Refactor asynchronous command initialization") 91f6f5fbe87b ("scsi: qla2xxx: edif: Reduce connection thrash") bb2ca6b3f09a ("scsi: qla2xxx: Relogin during fabric disturbance") 7a8ff7d9854a ("scsi: qla2xxx: Fix NVMe session down detection") 2cabf10dbbe3 ("scsi: qla2xxx: Fix hang on NVMe command timeouts") 225479296c4f ("scsi: qla2xxx: edif: Reject AUTH ELS on session down") 44c57f205876 ("scsi: qla2xxx: Changes to support FCP2 Target") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9ae615c5bfd37bd091772969b1153de5335ea986 Mon Sep 17 00:00:00 2001 From: Quinn Tran <qutran(a)marvell.com> Date: Fri, 28 Apr 2023 00:53:36 -0700 Subject: [PATCH] scsi: qla2xxx: Fix hang in task management Task management command hangs where a side band chip reset failed to nudge the TMF from it's current send path. Add additional error check to block TMF from entering during chip reset and along the TMF path to cause it to bail out, skip over abort of marker. Cc: stable(a)vger.kernel.org Signed-off-by: Quinn Tran <qutran(a)marvell.com> Signed-off-by: Nilesh Javali <njavali(a)marvell.com> Link: https://lore.kernel.org/r/20230428075339.32551-5-njavali@marvell.com Reviewed-by: Himanshu Madhani <himanshu.madhani(a)oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/scsi/qla2xxx/qla_def.h b/drivers/scsi/qla2xxx/qla_def.h index e345ccbff807..dfee3b41bdf1 100644 --- a/drivers/scsi/qla2xxx/qla_def.h +++ b/drivers/scsi/qla2xxx/qla_def.h @@ -5515,4 +5515,8 @@ struct ql_vnd_tgt_stats_resp { _fp->disc_state, _fp->scan_state, _fp->loop_id, _fp->deleted, \ _fp->flags +#define TMF_NOT_READY(_fcport) \ + (!_fcport || IS_SESSION_DELETED(_fcport) || atomic_read(&_fcport->state) != FCS_ONLINE || \ + !_fcport->vha->hw->flags.fw_started) + #endif diff --git a/drivers/scsi/qla2xxx/qla_init.c b/drivers/scsi/qla2xxx/qla_init.c index 84841edcd1b5..0df6eae7324e 100644 --- a/drivers/scsi/qla2xxx/qla_init.c +++ b/drivers/scsi/qla2xxx/qla_init.c @@ -1996,6 +1996,11 @@ qla2x00_tmf_iocb_timeout(void *data) int rc, h; unsigned long flags; + if (sp->type == SRB_MARKER) { + complete(&tmf->u.tmf.comp); + return; + } + rc = qla24xx_async_abort_cmd(sp, false); if (rc) { spin_lock_irqsave(sp->qpair->qp_lock_ptr, flags); @@ -2023,6 +2028,7 @@ static void qla_marker_sp_done(srb_t *sp, int res) sp->handle, sp->fcport->d_id.b24, sp->u.iocb_cmd.u.tmf.flags, sp->u.iocb_cmd.u.tmf.lun, sp->qpair->id); + sp->u.iocb_cmd.u.tmf.data = res; complete(&tmf->u.tmf.comp); } @@ -2039,6 +2045,11 @@ static void qla_marker_sp_done(srb_t *sp, int res) } while (cnt); \ } +/** + * qla26xx_marker: send marker IOCB and wait for the completion of it. + * @arg: pointer to argument list. + * It is assume caller will provide an fcport pointer and modifier + */ static int qla26xx_marker(struct tmf_arg *arg) { @@ -2048,6 +2059,14 @@ qla26xx_marker(struct tmf_arg *arg) int rval = QLA_FUNCTION_FAILED; fc_port_t *fcport = arg->fcport; + if (TMF_NOT_READY(arg->fcport)) { + ql_dbg(ql_dbg_taskm, vha, 0x8039, + "FC port not ready for marker loop-id=%x portid=%06x modifier=%x lun=%lld qp=%d.\n", + fcport->loop_id, fcport->d_id.b24, + arg->modifier, arg->lun, arg->qpair->id); + return QLA_SUSPENDED; + } + /* ref: INIT */ sp = qla2xxx_get_qpair_sp(vha, arg->qpair, fcport, GFP_KERNEL); if (!sp) @@ -2074,11 +2093,19 @@ qla26xx_marker(struct tmf_arg *arg) if (rval != QLA_SUCCESS) { ql_log(ql_log_warn, vha, 0x8031, - "Marker IOCB failed (%x).\n", rval); + "Marker IOCB send failure (%x).\n", rval); goto done_free_sp; } wait_for_completion(&tm_iocb->u.tmf.comp); + rval = tm_iocb->u.tmf.data; + + if (rval != QLA_SUCCESS) { + ql_log(ql_log_warn, vha, 0x8019, + "Marker failed hdl=%x loop-id=%x portid=%06x modifier=%x lun=%lld qp=%d rval %d.\n", + sp->handle, fcport->loop_id, fcport->d_id.b24, + arg->modifier, arg->lun, sp->qpair->id, rval); + } done_free_sp: /* ref: INIT */ @@ -2091,6 +2118,8 @@ static void qla2x00_tmf_sp_done(srb_t *sp, int res) { struct srb_iocb *tmf = &sp->u.iocb_cmd; + if (res) + tmf->u.tmf.data = res; complete(&tmf->u.tmf.comp); } @@ -2104,6 +2133,14 @@ __qla2x00_async_tm_cmd(struct tmf_arg *arg) fc_port_t *fcport = arg->fcport; + if (TMF_NOT_READY(arg->fcport)) { + ql_dbg(ql_dbg_taskm, vha, 0x8032, + "FC port not ready for TM command loop-id=%x portid=%06x modifier=%x lun=%lld qp=%d.\n", + fcport->loop_id, fcport->d_id.b24, + arg->modifier, arg->lun, arg->qpair->id); + return QLA_SUSPENDED; + } + /* ref: INIT */ sp = qla2xxx_get_qpair_sp(vha, arg->qpair, fcport, GFP_KERNEL); if (!sp) @@ -2178,7 +2215,9 @@ int qla_get_tmf(fc_port_t *fcport) msleep(1); spin_lock_irqsave(&ha->tgt.sess_lock, flags); - if (fcport->deleted) { + if (TMF_NOT_READY(fcport)) { + ql_log(ql_log_warn, vha, 0x802c, + "Unable to acquire TM resource due to disruption.\n"); rc = EIO; break; } @@ -2204,7 +2243,10 @@ qla2x00_async_tm_cmd(fc_port_t *fcport, uint32_t flags, uint64_t lun, struct scsi_qla_host *vha = fcport->vha; struct qla_qpair *qpair; struct tmf_arg a; - int i, rval; + int i, rval = QLA_SUCCESS; + + if (TMF_NOT_READY(fcport)) + return QLA_SUSPENDED; a.vha = fcport->vha; a.fcport = fcport; @@ -2223,6 +2265,14 @@ qla2x00_async_tm_cmd(fc_port_t *fcport, uint32_t flags, uint64_t lun, qpair = vha->hw->queue_pair_map[i]; if (!qpair) continue; + + if (TMF_NOT_READY(fcport)) { + ql_log(ql_log_warn, vha, 0x8026, + "Unable to send TM due to disruption.\n"); + rval = QLA_SUSPENDED; + break; + } + a.qpair = qpair; a.flags = flags|TCF_NOTMCMD_TO_TARGET; rval = __qla2x00_async_tm_cmd(&a); @@ -2231,10 +2281,14 @@ qla2x00_async_tm_cmd(fc_port_t *fcport, uint32_t flags, uint64_t lun, } } + if (rval) + goto bailout; + a.qpair = vha->hw->base_qpair; a.flags = flags; rval = __qla2x00_async_tm_cmd(&a); +bailout: if (a.modifier == MK_SYNC_ID_LUN) qla_put_tmf(fcport);

2 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] scsi: qla2xxx: Fix hang in task management" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 9ae615c5bfd37bd091772969b1153de5335ea986 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023072148-easiness-jawed-2659@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 9ae615c5bfd3 ("scsi: qla2xxx: Fix hang in task management") 6a87679626b5 ("scsi: qla2xxx: Fix task management cmd fail due to unavailable resource") 9803fb5d2759 ("scsi: qla2xxx: Fix task management cmd failure") d90171dd0da5 ("scsi: qla2xxx: Multi-que support for TMF") 5f63a163ed2f ("scsi: qla2xxx: Fix exchange oversubscription for management commands") 41e5afe51f75 ("scsi: qla2xxx: Fix exchange oversubscription") 68ad83188d78 ("scsi: qla2xxx: Fix crash when I/O abort times out") 1b80addaae09 ("scsi: qla2xxx: Remove unused declarations for qla2xxx") f12d2d130efc ("scsi: qla2xxx: Add debug prints in the device remove path") 118b0c863c8f ("scsi: qla2xxx: Fix losing target when it reappears during delete") 63ab6cb582fa ("scsi: qla2xxx: edif: Fix I/O timeout due to over-subscription") c02aada06d19 ("scsi: qla2xxx: Fix hang due to session stuck") 31e6cdbe0eae ("scsi: qla2xxx: Implement ref count for SRB") d4523bd6fd5d ("scsi: qla2xxx: Refactor asynchronous command initialization") 91f6f5fbe87b ("scsi: qla2xxx: edif: Reduce connection thrash") bb2ca6b3f09a ("scsi: qla2xxx: Relogin during fabric disturbance") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9ae615c5bfd37bd091772969b1153de5335ea986 Mon Sep 17 00:00:00 2001 From: Quinn Tran <qutran(a)marvell.com> Date: Fri, 28 Apr 2023 00:53:36 -0700 Subject: [PATCH] scsi: qla2xxx: Fix hang in task management Task management command hangs where a side band chip reset failed to nudge the TMF from it's current send path. Add additional error check to block TMF from entering during chip reset and along the TMF path to cause it to bail out, skip over abort of marker. Cc: stable(a)vger.kernel.org Signed-off-by: Quinn Tran <qutran(a)marvell.com> Signed-off-by: Nilesh Javali <njavali(a)marvell.com> Link: https://lore.kernel.org/r/20230428075339.32551-5-njavali@marvell.com Reviewed-by: Himanshu Madhani <himanshu.madhani(a)oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/scsi/qla2xxx/qla_def.h b/drivers/scsi/qla2xxx/qla_def.h index e345ccbff807..dfee3b41bdf1 100644 --- a/drivers/scsi/qla2xxx/qla_def.h +++ b/drivers/scsi/qla2xxx/qla_def.h @@ -5515,4 +5515,8 @@ struct ql_vnd_tgt_stats_resp { _fp->disc_state, _fp->scan_state, _fp->loop_id, _fp->deleted, \ _fp->flags +#define TMF_NOT_READY(_fcport) \ + (!_fcport || IS_SESSION_DELETED(_fcport) || atomic_read(&_fcport->state) != FCS_ONLINE || \ + !_fcport->vha->hw->flags.fw_started) + #endif diff --git a/drivers/scsi/qla2xxx/qla_init.c b/drivers/scsi/qla2xxx/qla_init.c index 84841edcd1b5..0df6eae7324e 100644 --- a/drivers/scsi/qla2xxx/qla_init.c +++ b/drivers/scsi/qla2xxx/qla_init.c @@ -1996,6 +1996,11 @@ qla2x00_tmf_iocb_timeout(void *data) int rc, h; unsigned long flags; + if (sp->type == SRB_MARKER) { + complete(&tmf->u.tmf.comp); + return; + } + rc = qla24xx_async_abort_cmd(sp, false); if (rc) { spin_lock_irqsave(sp->qpair->qp_lock_ptr, flags); @@ -2023,6 +2028,7 @@ static void qla_marker_sp_done(srb_t *sp, int res) sp->handle, sp->fcport->d_id.b24, sp->u.iocb_cmd.u.tmf.flags, sp->u.iocb_cmd.u.tmf.lun, sp->qpair->id); + sp->u.iocb_cmd.u.tmf.data = res; complete(&tmf->u.tmf.comp); } @@ -2039,6 +2045,11 @@ static void qla_marker_sp_done(srb_t *sp, int res) } while (cnt); \ } +/** + * qla26xx_marker: send marker IOCB and wait for the completion of it. + * @arg: pointer to argument list. + * It is assume caller will provide an fcport pointer and modifier + */ static int qla26xx_marker(struct tmf_arg *arg) { @@ -2048,6 +2059,14 @@ qla26xx_marker(struct tmf_arg *arg) int rval = QLA_FUNCTION_FAILED; fc_port_t *fcport = arg->fcport; + if (TMF_NOT_READY(arg->fcport)) { + ql_dbg(ql_dbg_taskm, vha, 0x8039, + "FC port not ready for marker loop-id=%x portid=%06x modifier=%x lun=%lld qp=%d.\n", + fcport->loop_id, fcport->d_id.b24, + arg->modifier, arg->lun, arg->qpair->id); + return QLA_SUSPENDED; + } + /* ref: INIT */ sp = qla2xxx_get_qpair_sp(vha, arg->qpair, fcport, GFP_KERNEL); if (!sp) @@ -2074,11 +2093,19 @@ qla26xx_marker(struct tmf_arg *arg) if (rval != QLA_SUCCESS) { ql_log(ql_log_warn, vha, 0x8031, - "Marker IOCB failed (%x).\n", rval); + "Marker IOCB send failure (%x).\n", rval); goto done_free_sp; } wait_for_completion(&tm_iocb->u.tmf.comp); + rval = tm_iocb->u.tmf.data; + + if (rval != QLA_SUCCESS) { + ql_log(ql_log_warn, vha, 0x8019, + "Marker failed hdl=%x loop-id=%x portid=%06x modifier=%x lun=%lld qp=%d rval %d.\n", + sp->handle, fcport->loop_id, fcport->d_id.b24, + arg->modifier, arg->lun, sp->qpair->id, rval); + } done_free_sp: /* ref: INIT */ @@ -2091,6 +2118,8 @@ static void qla2x00_tmf_sp_done(srb_t *sp, int res) { struct srb_iocb *tmf = &sp->u.iocb_cmd; + if (res) + tmf->u.tmf.data = res; complete(&tmf->u.tmf.comp); } @@ -2104,6 +2133,14 @@ __qla2x00_async_tm_cmd(struct tmf_arg *arg) fc_port_t *fcport = arg->fcport; + if (TMF_NOT_READY(arg->fcport)) { + ql_dbg(ql_dbg_taskm, vha, 0x8032, + "FC port not ready for TM command loop-id=%x portid=%06x modifier=%x lun=%lld qp=%d.\n", + fcport->loop_id, fcport->d_id.b24, + arg->modifier, arg->lun, arg->qpair->id); + return QLA_SUSPENDED; + } + /* ref: INIT */ sp = qla2xxx_get_qpair_sp(vha, arg->qpair, fcport, GFP_KERNEL); if (!sp) @@ -2178,7 +2215,9 @@ int qla_get_tmf(fc_port_t *fcport) msleep(1); spin_lock_irqsave(&ha->tgt.sess_lock, flags); - if (fcport->deleted) { + if (TMF_NOT_READY(fcport)) { + ql_log(ql_log_warn, vha, 0x802c, + "Unable to acquire TM resource due to disruption.\n"); rc = EIO; break; } @@ -2204,7 +2243,10 @@ qla2x00_async_tm_cmd(fc_port_t *fcport, uint32_t flags, uint64_t lun, struct scsi_qla_host *vha = fcport->vha; struct qla_qpair *qpair; struct tmf_arg a; - int i, rval; + int i, rval = QLA_SUCCESS; + + if (TMF_NOT_READY(fcport)) + return QLA_SUSPENDED; a.vha = fcport->vha; a.fcport = fcport; @@ -2223,6 +2265,14 @@ qla2x00_async_tm_cmd(fc_port_t *fcport, uint32_t flags, uint64_t lun, qpair = vha->hw->queue_pair_map[i]; if (!qpair) continue; + + if (TMF_NOT_READY(fcport)) { + ql_log(ql_log_warn, vha, 0x8026, + "Unable to send TM due to disruption.\n"); + rval = QLA_SUSPENDED; + break; + } + a.qpair = qpair; a.flags = flags|TCF_NOTMCMD_TO_TARGET; rval = __qla2x00_async_tm_cmd(&a); @@ -2231,10 +2281,14 @@ qla2x00_async_tm_cmd(fc_port_t *fcport, uint32_t flags, uint64_t lun, } } + if (rval) + goto bailout; + a.qpair = vha->hw->base_qpair; a.flags = flags; rval = __qla2x00_async_tm_cmd(&a); +bailout: if (a.modifier == MK_SYNC_ID_LUN) qla_put_tmf(fcport);

2 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] scsi: qla2xxx: Fix hang in task management" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 9ae615c5bfd37bd091772969b1153de5335ea986 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023072149-profound-parish-b981@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 9ae615c5bfd3 ("scsi: qla2xxx: Fix hang in task management") 6a87679626b5 ("scsi: qla2xxx: Fix task management cmd fail due to unavailable resource") 9803fb5d2759 ("scsi: qla2xxx: Fix task management cmd failure") d90171dd0da5 ("scsi: qla2xxx: Multi-que support for TMF") 5f63a163ed2f ("scsi: qla2xxx: Fix exchange oversubscription for management commands") 41e5afe51f75 ("scsi: qla2xxx: Fix exchange oversubscription") 68ad83188d78 ("scsi: qla2xxx: Fix crash when I/O abort times out") 1b80addaae09 ("scsi: qla2xxx: Remove unused declarations for qla2xxx") f12d2d130efc ("scsi: qla2xxx: Add debug prints in the device remove path") 118b0c863c8f ("scsi: qla2xxx: Fix losing target when it reappears during delete") 63ab6cb582fa ("scsi: qla2xxx: edif: Fix I/O timeout due to over-subscription") c02aada06d19 ("scsi: qla2xxx: Fix hang due to session stuck") 31e6cdbe0eae ("scsi: qla2xxx: Implement ref count for SRB") d4523bd6fd5d ("scsi: qla2xxx: Refactor asynchronous command initialization") 91f6f5fbe87b ("scsi: qla2xxx: edif: Reduce connection thrash") bb2ca6b3f09a ("scsi: qla2xxx: Relogin during fabric disturbance") 7a8ff7d9854a ("scsi: qla2xxx: Fix NVMe session down detection") 2cabf10dbbe3 ("scsi: qla2xxx: Fix hang on NVMe command timeouts") 225479296c4f ("scsi: qla2xxx: edif: Reject AUTH ELS on session down") 44c57f205876 ("scsi: qla2xxx: Changes to support FCP2 Target") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9ae615c5bfd37bd091772969b1153de5335ea986 Mon Sep 17 00:00:00 2001 From: Quinn Tran <qutran(a)marvell.com> Date: Fri, 28 Apr 2023 00:53:36 -0700 Subject: [PATCH] scsi: qla2xxx: Fix hang in task management Task management command hangs where a side band chip reset failed to nudge the TMF from it's current send path. Add additional error check to block TMF from entering during chip reset and along the TMF path to cause it to bail out, skip over abort of marker. Cc: stable(a)vger.kernel.org Signed-off-by: Quinn Tran <qutran(a)marvell.com> Signed-off-by: Nilesh Javali <njavali(a)marvell.com> Link: https://lore.kernel.org/r/20230428075339.32551-5-njavali@marvell.com Reviewed-by: Himanshu Madhani <himanshu.madhani(a)oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/scsi/qla2xxx/qla_def.h b/drivers/scsi/qla2xxx/qla_def.h index e345ccbff807..dfee3b41bdf1 100644 --- a/drivers/scsi/qla2xxx/qla_def.h +++ b/drivers/scsi/qla2xxx/qla_def.h @@ -5515,4 +5515,8 @@ struct ql_vnd_tgt_stats_resp { _fp->disc_state, _fp->scan_state, _fp->loop_id, _fp->deleted, \ _fp->flags +#define TMF_NOT_READY(_fcport) \ + (!_fcport || IS_SESSION_DELETED(_fcport) || atomic_read(&_fcport->state) != FCS_ONLINE || \ + !_fcport->vha->hw->flags.fw_started) + #endif diff --git a/drivers/scsi/qla2xxx/qla_init.c b/drivers/scsi/qla2xxx/qla_init.c index 84841edcd1b5..0df6eae7324e 100644 --- a/drivers/scsi/qla2xxx/qla_init.c +++ b/drivers/scsi/qla2xxx/qla_init.c @@ -1996,6 +1996,11 @@ qla2x00_tmf_iocb_timeout(void *data) int rc, h; unsigned long flags; + if (sp->type == SRB_MARKER) { + complete(&tmf->u.tmf.comp); + return; + } + rc = qla24xx_async_abort_cmd(sp, false); if (rc) { spin_lock_irqsave(sp->qpair->qp_lock_ptr, flags); @@ -2023,6 +2028,7 @@ static void qla_marker_sp_done(srb_t *sp, int res) sp->handle, sp->fcport->d_id.b24, sp->u.iocb_cmd.u.tmf.flags, sp->u.iocb_cmd.u.tmf.lun, sp->qpair->id); + sp->u.iocb_cmd.u.tmf.data = res; complete(&tmf->u.tmf.comp); } @@ -2039,6 +2045,11 @@ static void qla_marker_sp_done(srb_t *sp, int res) } while (cnt); \ } +/** + * qla26xx_marker: send marker IOCB and wait for the completion of it. + * @arg: pointer to argument list. + * It is assume caller will provide an fcport pointer and modifier + */ static int qla26xx_marker(struct tmf_arg *arg) { @@ -2048,6 +2059,14 @@ qla26xx_marker(struct tmf_arg *arg) int rval = QLA_FUNCTION_FAILED; fc_port_t *fcport = arg->fcport; + if (TMF_NOT_READY(arg->fcport)) { + ql_dbg(ql_dbg_taskm, vha, 0x8039, + "FC port not ready for marker loop-id=%x portid=%06x modifier=%x lun=%lld qp=%d.\n", + fcport->loop_id, fcport->d_id.b24, + arg->modifier, arg->lun, arg->qpair->id); + return QLA_SUSPENDED; + } + /* ref: INIT */ sp = qla2xxx_get_qpair_sp(vha, arg->qpair, fcport, GFP_KERNEL); if (!sp) @@ -2074,11 +2093,19 @@ qla26xx_marker(struct tmf_arg *arg) if (rval != QLA_SUCCESS) { ql_log(ql_log_warn, vha, 0x8031, - "Marker IOCB failed (%x).\n", rval); + "Marker IOCB send failure (%x).\n", rval); goto done_free_sp; } wait_for_completion(&tm_iocb->u.tmf.comp); + rval = tm_iocb->u.tmf.data; + + if (rval != QLA_SUCCESS) { + ql_log(ql_log_warn, vha, 0x8019, + "Marker failed hdl=%x loop-id=%x portid=%06x modifier=%x lun=%lld qp=%d rval %d.\n", + sp->handle, fcport->loop_id, fcport->d_id.b24, + arg->modifier, arg->lun, sp->qpair->id, rval); + } done_free_sp: /* ref: INIT */ @@ -2091,6 +2118,8 @@ static void qla2x00_tmf_sp_done(srb_t *sp, int res) { struct srb_iocb *tmf = &sp->u.iocb_cmd; + if (res) + tmf->u.tmf.data = res; complete(&tmf->u.tmf.comp); } @@ -2104,6 +2133,14 @@ __qla2x00_async_tm_cmd(struct tmf_arg *arg) fc_port_t *fcport = arg->fcport; + if (TMF_NOT_READY(arg->fcport)) { + ql_dbg(ql_dbg_taskm, vha, 0x8032, + "FC port not ready for TM command loop-id=%x portid=%06x modifier=%x lun=%lld qp=%d.\n", + fcport->loop_id, fcport->d_id.b24, + arg->modifier, arg->lun, arg->qpair->id); + return QLA_SUSPENDED; + } + /* ref: INIT */ sp = qla2xxx_get_qpair_sp(vha, arg->qpair, fcport, GFP_KERNEL); if (!sp) @@ -2178,7 +2215,9 @@ int qla_get_tmf(fc_port_t *fcport) msleep(1); spin_lock_irqsave(&ha->tgt.sess_lock, flags); - if (fcport->deleted) { + if (TMF_NOT_READY(fcport)) { + ql_log(ql_log_warn, vha, 0x802c, + "Unable to acquire TM resource due to disruption.\n"); rc = EIO; break; } @@ -2204,7 +2243,10 @@ qla2x00_async_tm_cmd(fc_port_t *fcport, uint32_t flags, uint64_t lun, struct scsi_qla_host *vha = fcport->vha; struct qla_qpair *qpair; struct tmf_arg a; - int i, rval; + int i, rval = QLA_SUCCESS; + + if (TMF_NOT_READY(fcport)) + return QLA_SUSPENDED; a.vha = fcport->vha; a.fcport = fcport; @@ -2223,6 +2265,14 @@ qla2x00_async_tm_cmd(fc_port_t *fcport, uint32_t flags, uint64_t lun, qpair = vha->hw->queue_pair_map[i]; if (!qpair) continue; + + if (TMF_NOT_READY(fcport)) { + ql_log(ql_log_warn, vha, 0x8026, + "Unable to send TM due to disruption.\n"); + rval = QLA_SUSPENDED; + break; + } + a.qpair = qpair; a.flags = flags|TCF_NOTMCMD_TO_TARGET; rval = __qla2x00_async_tm_cmd(&a); @@ -2231,10 +2281,14 @@ qla2x00_async_tm_cmd(fc_port_t *fcport, uint32_t flags, uint64_t lun, } } + if (rval) + goto bailout; + a.qpair = vha->hw->base_qpair; a.flags = flags; rval = __qla2x00_async_tm_cmd(&a); +bailout: if (a.modifier == MK_SYNC_ID_LUN) qla_put_tmf(fcport);

2 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] scsi: qla2xxx: Fix task management cmd fail due to" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.14.y git checkout FETCH_HEAD git cherry-pick -x 6a87679626b51b53fbb6be417ad8eb083030b617 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023072137-fit-armless-e4a1@gregkh' --subject-prefix 'PATCH 4.14.y' HEAD^.. Possible dependencies: 6a87679626b5 ("scsi: qla2xxx: Fix task management cmd fail due to unavailable resource") 9803fb5d2759 ("scsi: qla2xxx: Fix task management cmd failure") d90171dd0da5 ("scsi: qla2xxx: Multi-que support for TMF") 5f63a163ed2f ("scsi: qla2xxx: Fix exchange oversubscription for management commands") 41e5afe51f75 ("scsi: qla2xxx: Fix exchange oversubscription") 68ad83188d78 ("scsi: qla2xxx: Fix crash when I/O abort times out") 1b80addaae09 ("scsi: qla2xxx: Remove unused declarations for qla2xxx") 63ab6cb582fa ("scsi: qla2xxx: edif: Fix I/O timeout due to over-subscription") 31e6cdbe0eae ("scsi: qla2xxx: Implement ref count for SRB") d4523bd6fd5d ("scsi: qla2xxx: Refactor asynchronous command initialization") 2cabf10dbbe3 ("scsi: qla2xxx: Fix hang on NVMe command timeouts") e3d2612f583b ("scsi: qla2xxx: Fix use after free in debug code") 44d018577f17 ("scsi: qla2xxx: edif: Add encryption to I/O path") 7a09e8d92c6d ("scsi: qla2xxx: edif: Add doorbell notification for app") 9efea843a906 ("scsi: qla2xxx: edif: Add detection of secure device") dd30706e73b7 ("scsi: qla2xxx: edif: Add key update") fac2807946c1 ("scsi: qla2xxx: edif: Add extraction of auth_els from the wire") 84318a9f01ce ("scsi: qla2xxx: edif: Add send, receive, and accept for auth_els") 7878f22a2e03 ("scsi: qla2xxx: edif: Add getfcinfo and statistic bsgs") 7ebb336e45ef ("scsi: qla2xxx: edif: Add start + stop bsgs") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6a87679626b51b53fbb6be417ad8eb083030b617 Mon Sep 17 00:00:00 2001 From: Quinn Tran <qutran(a)marvell.com> Date: Fri, 28 Apr 2023 00:53:35 -0700 Subject: [PATCH] scsi: qla2xxx: Fix task management cmd fail due to unavailable resource Task management command failed with status 2Ch which is a result of too many task management commands sent to the same target. Hence limit task management commands to 8 per target. Reported-by: kernel test robot <lkp(a)intel.com> Link: https://lore.kernel.org/oe-kbuild-all/202304271952.NKNmoFzv-lkp@intel.com/ Cc: stable(a)vger.kernel.org Signed-off-by: Quinn Tran <qutran(a)marvell.com> Signed-off-by: Nilesh Javali <njavali(a)marvell.com> Link: https://lore.kernel.org/r/20230428075339.32551-4-njavali@marvell.com Reviewed-by: Himanshu Madhani <himanshu.madhani(a)oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/scsi/qla2xxx/qla_def.h b/drivers/scsi/qla2xxx/qla_def.h index 02287205ca2e..e345ccbff807 100644 --- a/drivers/scsi/qla2xxx/qla_def.h +++ b/drivers/scsi/qla2xxx/qla_def.h @@ -2542,6 +2542,7 @@ enum rscn_addr_format { typedef struct fc_port { struct list_head list; struct scsi_qla_host *vha; + struct list_head tmf_pending; unsigned int conf_compl_supported:1; unsigned int deleted:2; @@ -2562,6 +2563,8 @@ typedef struct fc_port { unsigned int do_prli_nvme:1; uint8_t nvme_flag; + uint8_t active_tmf; +#define MAX_ACTIVE_TMF 8 uint8_t node_name[WWN_SIZE]; uint8_t port_name[WWN_SIZE]; diff --git a/drivers/scsi/qla2xxx/qla_init.c b/drivers/scsi/qla2xxx/qla_init.c index bc4600bd5765..84841edcd1b5 100644 --- a/drivers/scsi/qla2xxx/qla_init.c +++ b/drivers/scsi/qla2xxx/qla_init.c @@ -2149,6 +2149,54 @@ __qla2x00_async_tm_cmd(struct tmf_arg *arg) return rval; } +static void qla_put_tmf(fc_port_t *fcport) +{ + struct scsi_qla_host *vha = fcport->vha; + struct qla_hw_data *ha = vha->hw; + unsigned long flags; + + spin_lock_irqsave(&ha->tgt.sess_lock, flags); + fcport->active_tmf--; + spin_unlock_irqrestore(&ha->tgt.sess_lock, flags); +} + +static +int qla_get_tmf(fc_port_t *fcport) +{ + struct scsi_qla_host *vha = fcport->vha; + struct qla_hw_data *ha = vha->hw; + unsigned long flags; + int rc = 0; + LIST_HEAD(tmf_elem); + + spin_lock_irqsave(&ha->tgt.sess_lock, flags); + list_add_tail(&tmf_elem, &fcport->tmf_pending); + + while (fcport->active_tmf >= MAX_ACTIVE_TMF) { + spin_unlock_irqrestore(&ha->tgt.sess_lock, flags); + + msleep(1); + + spin_lock_irqsave(&ha->tgt.sess_lock, flags); + if (fcport->deleted) { + rc = EIO; + break; + } + if (fcport->active_tmf < MAX_ACTIVE_TMF && + list_is_first(&tmf_elem, &fcport->tmf_pending)) + break; + } + + list_del(&tmf_elem); + + if (!rc) + fcport->active_tmf++; + + spin_unlock_irqrestore(&ha->tgt.sess_lock, flags); + + return rc; +} + int qla2x00_async_tm_cmd(fc_port_t *fcport, uint32_t flags, uint64_t lun, uint32_t tag) @@ -2156,18 +2204,19 @@ qla2x00_async_tm_cmd(fc_port_t *fcport, uint32_t flags, uint64_t lun, struct scsi_qla_host *vha = fcport->vha; struct qla_qpair *qpair; struct tmf_arg a; - struct completion comp; int i, rval; - init_completion(&comp); a.vha = fcport->vha; a.fcport = fcport; a.lun = lun; - - if (flags & (TCF_LUN_RESET|TCF_ABORT_TASK_SET|TCF_CLEAR_TASK_SET|TCF_CLEAR_ACA)) + if (flags & (TCF_LUN_RESET|TCF_ABORT_TASK_SET|TCF_CLEAR_TASK_SET|TCF_CLEAR_ACA)) { a.modifier = MK_SYNC_ID_LUN; - else + + if (qla_get_tmf(fcport)) + return QLA_FUNCTION_FAILED; + } else { a.modifier = MK_SYNC_ID; + } if (vha->hw->mqenable) { for (i = 0; i < vha->hw->num_qpairs; i++) { @@ -2186,6 +2235,9 @@ qla2x00_async_tm_cmd(fc_port_t *fcport, uint32_t flags, uint64_t lun, a.flags = flags; rval = __qla2x00_async_tm_cmd(&a); + if (a.modifier == MK_SYNC_ID_LUN) + qla_put_tmf(fcport); + return rval; } @@ -5400,6 +5452,7 @@ qla2x00_alloc_fcport(scsi_qla_host_t *vha, gfp_t flags) INIT_WORK(&fcport->reg_work, qla_register_fcport_fn); INIT_LIST_HEAD(&fcport->gnl_entry); INIT_LIST_HEAD(&fcport->list); + INIT_LIST_HEAD(&fcport->tmf_pending); INIT_LIST_HEAD(&fcport->sess_cmd_list); spin_lock_init(&fcport->sess_cmd_lock);

2 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] scsi: qla2xxx: Fix task management cmd fail due to" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 6a87679626b51b53fbb6be417ad8eb083030b617 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023072136-twisted-uncoated-0034@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 6a87679626b5 ("scsi: qla2xxx: Fix task management cmd fail due to unavailable resource") 9803fb5d2759 ("scsi: qla2xxx: Fix task management cmd failure") d90171dd0da5 ("scsi: qla2xxx: Multi-que support for TMF") 5f63a163ed2f ("scsi: qla2xxx: Fix exchange oversubscription for management commands") 41e5afe51f75 ("scsi: qla2xxx: Fix exchange oversubscription") 68ad83188d78 ("scsi: qla2xxx: Fix crash when I/O abort times out") 1b80addaae09 ("scsi: qla2xxx: Remove unused declarations for qla2xxx") 63ab6cb582fa ("scsi: qla2xxx: edif: Fix I/O timeout due to over-subscription") 31e6cdbe0eae ("scsi: qla2xxx: Implement ref count for SRB") d4523bd6fd5d ("scsi: qla2xxx: Refactor asynchronous command initialization") 2cabf10dbbe3 ("scsi: qla2xxx: Fix hang on NVMe command timeouts") e3d2612f583b ("scsi: qla2xxx: Fix use after free in debug code") 44d018577f17 ("scsi: qla2xxx: edif: Add encryption to I/O path") 7a09e8d92c6d ("scsi: qla2xxx: edif: Add doorbell notification for app") 9efea843a906 ("scsi: qla2xxx: edif: Add detection of secure device") dd30706e73b7 ("scsi: qla2xxx: edif: Add key update") fac2807946c1 ("scsi: qla2xxx: edif: Add extraction of auth_els from the wire") 84318a9f01ce ("scsi: qla2xxx: edif: Add send, receive, and accept for auth_els") 7878f22a2e03 ("scsi: qla2xxx: edif: Add getfcinfo and statistic bsgs") 7ebb336e45ef ("scsi: qla2xxx: edif: Add start + stop bsgs") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6a87679626b51b53fbb6be417ad8eb083030b617 Mon Sep 17 00:00:00 2001 From: Quinn Tran <qutran(a)marvell.com> Date: Fri, 28 Apr 2023 00:53:35 -0700 Subject: [PATCH] scsi: qla2xxx: Fix task management cmd fail due to unavailable resource Task management command failed with status 2Ch which is a result of too many task management commands sent to the same target. Hence limit task management commands to 8 per target. Reported-by: kernel test robot <lkp(a)intel.com> Link: https://lore.kernel.org/oe-kbuild-all/202304271952.NKNmoFzv-lkp@intel.com/ Cc: stable(a)vger.kernel.org Signed-off-by: Quinn Tran <qutran(a)marvell.com> Signed-off-by: Nilesh Javali <njavali(a)marvell.com> Link: https://lore.kernel.org/r/20230428075339.32551-4-njavali@marvell.com Reviewed-by: Himanshu Madhani <himanshu.madhani(a)oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/scsi/qla2xxx/qla_def.h b/drivers/scsi/qla2xxx/qla_def.h index 02287205ca2e..e345ccbff807 100644 --- a/drivers/scsi/qla2xxx/qla_def.h +++ b/drivers/scsi/qla2xxx/qla_def.h @@ -2542,6 +2542,7 @@ enum rscn_addr_format { typedef struct fc_port { struct list_head list; struct scsi_qla_host *vha; + struct list_head tmf_pending; unsigned int conf_compl_supported:1; unsigned int deleted:2; @@ -2562,6 +2563,8 @@ typedef struct fc_port { unsigned int do_prli_nvme:1; uint8_t nvme_flag; + uint8_t active_tmf; +#define MAX_ACTIVE_TMF 8 uint8_t node_name[WWN_SIZE]; uint8_t port_name[WWN_SIZE]; diff --git a/drivers/scsi/qla2xxx/qla_init.c b/drivers/scsi/qla2xxx/qla_init.c index bc4600bd5765..84841edcd1b5 100644 --- a/drivers/scsi/qla2xxx/qla_init.c +++ b/drivers/scsi/qla2xxx/qla_init.c @@ -2149,6 +2149,54 @@ __qla2x00_async_tm_cmd(struct tmf_arg *arg) return rval; } +static void qla_put_tmf(fc_port_t *fcport) +{ + struct scsi_qla_host *vha = fcport->vha; + struct qla_hw_data *ha = vha->hw; + unsigned long flags; + + spin_lock_irqsave(&ha->tgt.sess_lock, flags); + fcport->active_tmf--; + spin_unlock_irqrestore(&ha->tgt.sess_lock, flags); +} + +static +int qla_get_tmf(fc_port_t *fcport) +{ + struct scsi_qla_host *vha = fcport->vha; + struct qla_hw_data *ha = vha->hw; + unsigned long flags; + int rc = 0; + LIST_HEAD(tmf_elem); + + spin_lock_irqsave(&ha->tgt.sess_lock, flags); + list_add_tail(&tmf_elem, &fcport->tmf_pending); + + while (fcport->active_tmf >= MAX_ACTIVE_TMF) { + spin_unlock_irqrestore(&ha->tgt.sess_lock, flags); + + msleep(1); + + spin_lock_irqsave(&ha->tgt.sess_lock, flags); + if (fcport->deleted) { + rc = EIO; + break; + } + if (fcport->active_tmf < MAX_ACTIVE_TMF && + list_is_first(&tmf_elem, &fcport->tmf_pending)) + break; + } + + list_del(&tmf_elem); + + if (!rc) + fcport->active_tmf++; + + spin_unlock_irqrestore(&ha->tgt.sess_lock, flags); + + return rc; +} + int qla2x00_async_tm_cmd(fc_port_t *fcport, uint32_t flags, uint64_t lun, uint32_t tag) @@ -2156,18 +2204,19 @@ qla2x00_async_tm_cmd(fc_port_t *fcport, uint32_t flags, uint64_t lun, struct scsi_qla_host *vha = fcport->vha; struct qla_qpair *qpair; struct tmf_arg a; - struct completion comp; int i, rval; - init_completion(&comp); a.vha = fcport->vha; a.fcport = fcport; a.lun = lun; - - if (flags & (TCF_LUN_RESET|TCF_ABORT_TASK_SET|TCF_CLEAR_TASK_SET|TCF_CLEAR_ACA)) + if (flags & (TCF_LUN_RESET|TCF_ABORT_TASK_SET|TCF_CLEAR_TASK_SET|TCF_CLEAR_ACA)) { a.modifier = MK_SYNC_ID_LUN; - else + + if (qla_get_tmf(fcport)) + return QLA_FUNCTION_FAILED; + } else { a.modifier = MK_SYNC_ID; + } if (vha->hw->mqenable) { for (i = 0; i < vha->hw->num_qpairs; i++) { @@ -2186,6 +2235,9 @@ qla2x00_async_tm_cmd(fc_port_t *fcport, uint32_t flags, uint64_t lun, a.flags = flags; rval = __qla2x00_async_tm_cmd(&a); + if (a.modifier == MK_SYNC_ID_LUN) + qla_put_tmf(fcport); + return rval; } @@ -5400,6 +5452,7 @@ qla2x00_alloc_fcport(scsi_qla_host_t *vha, gfp_t flags) INIT_WORK(&fcport->reg_work, qla_register_fcport_fn); INIT_LIST_HEAD(&fcport->gnl_entry); INIT_LIST_HEAD(&fcport->list); + INIT_LIST_HEAD(&fcport->tmf_pending); INIT_LIST_HEAD(&fcport->sess_cmd_list); spin_lock_init(&fcport->sess_cmd_lock);

2 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] scsi: qla2xxx: Fix task management cmd fail due to" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 6a87679626b51b53fbb6be417ad8eb083030b617 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023072135-sequel-suffering-e273@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 6a87679626b5 ("scsi: qla2xxx: Fix task management cmd fail due to unavailable resource") 9803fb5d2759 ("scsi: qla2xxx: Fix task management cmd failure") d90171dd0da5 ("scsi: qla2xxx: Multi-que support for TMF") 5f63a163ed2f ("scsi: qla2xxx: Fix exchange oversubscription for management commands") 41e5afe51f75 ("scsi: qla2xxx: Fix exchange oversubscription") 68ad83188d78 ("scsi: qla2xxx: Fix crash when I/O abort times out") 1b80addaae09 ("scsi: qla2xxx: Remove unused declarations for qla2xxx") 63ab6cb582fa ("scsi: qla2xxx: edif: Fix I/O timeout due to over-subscription") 31e6cdbe0eae ("scsi: qla2xxx: Implement ref count for SRB") d4523bd6fd5d ("scsi: qla2xxx: Refactor asynchronous command initialization") 2cabf10dbbe3 ("scsi: qla2xxx: Fix hang on NVMe command timeouts") e3d2612f583b ("scsi: qla2xxx: Fix use after free in debug code") 44d018577f17 ("scsi: qla2xxx: edif: Add encryption to I/O path") 7a09e8d92c6d ("scsi: qla2xxx: edif: Add doorbell notification for app") 9efea843a906 ("scsi: qla2xxx: edif: Add detection of secure device") dd30706e73b7 ("scsi: qla2xxx: edif: Add key update") fac2807946c1 ("scsi: qla2xxx: edif: Add extraction of auth_els from the wire") 84318a9f01ce ("scsi: qla2xxx: edif: Add send, receive, and accept for auth_els") 7878f22a2e03 ("scsi: qla2xxx: edif: Add getfcinfo and statistic bsgs") 7ebb336e45ef ("scsi: qla2xxx: edif: Add start + stop bsgs") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6a87679626b51b53fbb6be417ad8eb083030b617 Mon Sep 17 00:00:00 2001 From: Quinn Tran <qutran(a)marvell.com> Date: Fri, 28 Apr 2023 00:53:35 -0700 Subject: [PATCH] scsi: qla2xxx: Fix task management cmd fail due to unavailable resource Task management command failed with status 2Ch which is a result of too many task management commands sent to the same target. Hence limit task management commands to 8 per target. Reported-by: kernel test robot <lkp(a)intel.com> Link: https://lore.kernel.org/oe-kbuild-all/202304271952.NKNmoFzv-lkp@intel.com/ Cc: stable(a)vger.kernel.org Signed-off-by: Quinn Tran <qutran(a)marvell.com> Signed-off-by: Nilesh Javali <njavali(a)marvell.com> Link: https://lore.kernel.org/r/20230428075339.32551-4-njavali@marvell.com Reviewed-by: Himanshu Madhani <himanshu.madhani(a)oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/scsi/qla2xxx/qla_def.h b/drivers/scsi/qla2xxx/qla_def.h index 02287205ca2e..e345ccbff807 100644 --- a/drivers/scsi/qla2xxx/qla_def.h +++ b/drivers/scsi/qla2xxx/qla_def.h @@ -2542,6 +2542,7 @@ enum rscn_addr_format { typedef struct fc_port { struct list_head list; struct scsi_qla_host *vha; + struct list_head tmf_pending; unsigned int conf_compl_supported:1; unsigned int deleted:2; @@ -2562,6 +2563,8 @@ typedef struct fc_port { unsigned int do_prli_nvme:1; uint8_t nvme_flag; + uint8_t active_tmf; +#define MAX_ACTIVE_TMF 8 uint8_t node_name[WWN_SIZE]; uint8_t port_name[WWN_SIZE]; diff --git a/drivers/scsi/qla2xxx/qla_init.c b/drivers/scsi/qla2xxx/qla_init.c index bc4600bd5765..84841edcd1b5 100644 --- a/drivers/scsi/qla2xxx/qla_init.c +++ b/drivers/scsi/qla2xxx/qla_init.c @@ -2149,6 +2149,54 @@ __qla2x00_async_tm_cmd(struct tmf_arg *arg) return rval; } +static void qla_put_tmf(fc_port_t *fcport) +{ + struct scsi_qla_host *vha = fcport->vha; + struct qla_hw_data *ha = vha->hw; + unsigned long flags; + + spin_lock_irqsave(&ha->tgt.sess_lock, flags); + fcport->active_tmf--; + spin_unlock_irqrestore(&ha->tgt.sess_lock, flags); +} + +static +int qla_get_tmf(fc_port_t *fcport) +{ + struct scsi_qla_host *vha = fcport->vha; + struct qla_hw_data *ha = vha->hw; + unsigned long flags; + int rc = 0; + LIST_HEAD(tmf_elem); + + spin_lock_irqsave(&ha->tgt.sess_lock, flags); + list_add_tail(&tmf_elem, &fcport->tmf_pending); + + while (fcport->active_tmf >= MAX_ACTIVE_TMF) { + spin_unlock_irqrestore(&ha->tgt.sess_lock, flags); + + msleep(1); + + spin_lock_irqsave(&ha->tgt.sess_lock, flags); + if (fcport->deleted) { + rc = EIO; + break; + } + if (fcport->active_tmf < MAX_ACTIVE_TMF && + list_is_first(&tmf_elem, &fcport->tmf_pending)) + break; + } + + list_del(&tmf_elem); + + if (!rc) + fcport->active_tmf++; + + spin_unlock_irqrestore(&ha->tgt.sess_lock, flags); + + return rc; +} + int qla2x00_async_tm_cmd(fc_port_t *fcport, uint32_t flags, uint64_t lun, uint32_t tag) @@ -2156,18 +2204,19 @@ qla2x00_async_tm_cmd(fc_port_t *fcport, uint32_t flags, uint64_t lun, struct scsi_qla_host *vha = fcport->vha; struct qla_qpair *qpair; struct tmf_arg a; - struct completion comp; int i, rval; - init_completion(&comp); a.vha = fcport->vha; a.fcport = fcport; a.lun = lun; - - if (flags & (TCF_LUN_RESET|TCF_ABORT_TASK_SET|TCF_CLEAR_TASK_SET|TCF_CLEAR_ACA)) + if (flags & (TCF_LUN_RESET|TCF_ABORT_TASK_SET|TCF_CLEAR_TASK_SET|TCF_CLEAR_ACA)) { a.modifier = MK_SYNC_ID_LUN; - else + + if (qla_get_tmf(fcport)) + return QLA_FUNCTION_FAILED; + } else { a.modifier = MK_SYNC_ID; + } if (vha->hw->mqenable) { for (i = 0; i < vha->hw->num_qpairs; i++) { @@ -2186,6 +2235,9 @@ qla2x00_async_tm_cmd(fc_port_t *fcport, uint32_t flags, uint64_t lun, a.flags = flags; rval = __qla2x00_async_tm_cmd(&a); + if (a.modifier == MK_SYNC_ID_LUN) + qla_put_tmf(fcport); + return rval; } @@ -5400,6 +5452,7 @@ qla2x00_alloc_fcport(scsi_qla_host_t *vha, gfp_t flags) INIT_WORK(&fcport->reg_work, qla_register_fcport_fn); INIT_LIST_HEAD(&fcport->gnl_entry); INIT_LIST_HEAD(&fcport->list); + INIT_LIST_HEAD(&fcport->tmf_pending); INIT_LIST_HEAD(&fcport->sess_cmd_list); spin_lock_init(&fcport->sess_cmd_lock);

2 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] scsi: qla2xxx: Fix task management cmd fail due to" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 6a87679626b51b53fbb6be417ad8eb083030b617 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023072134-fiddling-barbecue-b038@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 6a87679626b5 ("scsi: qla2xxx: Fix task management cmd fail due to unavailable resource") 9803fb5d2759 ("scsi: qla2xxx: Fix task management cmd failure") d90171dd0da5 ("scsi: qla2xxx: Multi-que support for TMF") 5f63a163ed2f ("scsi: qla2xxx: Fix exchange oversubscription for management commands") 41e5afe51f75 ("scsi: qla2xxx: Fix exchange oversubscription") 68ad83188d78 ("scsi: qla2xxx: Fix crash when I/O abort times out") 1b80addaae09 ("scsi: qla2xxx: Remove unused declarations for qla2xxx") 63ab6cb582fa ("scsi: qla2xxx: edif: Fix I/O timeout due to over-subscription") 31e6cdbe0eae ("scsi: qla2xxx: Implement ref count for SRB") d4523bd6fd5d ("scsi: qla2xxx: Refactor asynchronous command initialization") 2cabf10dbbe3 ("scsi: qla2xxx: Fix hang on NVMe command timeouts") e3d2612f583b ("scsi: qla2xxx: Fix use after free in debug code") 44d018577f17 ("scsi: qla2xxx: edif: Add encryption to I/O path") 7a09e8d92c6d ("scsi: qla2xxx: edif: Add doorbell notification for app") 9efea843a906 ("scsi: qla2xxx: edif: Add detection of secure device") dd30706e73b7 ("scsi: qla2xxx: edif: Add key update") fac2807946c1 ("scsi: qla2xxx: edif: Add extraction of auth_els from the wire") 84318a9f01ce ("scsi: qla2xxx: edif: Add send, receive, and accept for auth_els") 7878f22a2e03 ("scsi: qla2xxx: edif: Add getfcinfo and statistic bsgs") 7ebb336e45ef ("scsi: qla2xxx: edif: Add start + stop bsgs") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6a87679626b51b53fbb6be417ad8eb083030b617 Mon Sep 17 00:00:00 2001 From: Quinn Tran <qutran(a)marvell.com> Date: Fri, 28 Apr 2023 00:53:35 -0700 Subject: [PATCH] scsi: qla2xxx: Fix task management cmd fail due to unavailable resource Task management command failed with status 2Ch which is a result of too many task management commands sent to the same target. Hence limit task management commands to 8 per target. Reported-by: kernel test robot <lkp(a)intel.com> Link: https://lore.kernel.org/oe-kbuild-all/202304271952.NKNmoFzv-lkp@intel.com/ Cc: stable(a)vger.kernel.org Signed-off-by: Quinn Tran <qutran(a)marvell.com> Signed-off-by: Nilesh Javali <njavali(a)marvell.com> Link: https://lore.kernel.org/r/20230428075339.32551-4-njavali@marvell.com Reviewed-by: Himanshu Madhani <himanshu.madhani(a)oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/scsi/qla2xxx/qla_def.h b/drivers/scsi/qla2xxx/qla_def.h index 02287205ca2e..e345ccbff807 100644 --- a/drivers/scsi/qla2xxx/qla_def.h +++ b/drivers/scsi/qla2xxx/qla_def.h @@ -2542,6 +2542,7 @@ enum rscn_addr_format { typedef struct fc_port { struct list_head list; struct scsi_qla_host *vha; + struct list_head tmf_pending; unsigned int conf_compl_supported:1; unsigned int deleted:2; @@ -2562,6 +2563,8 @@ typedef struct fc_port { unsigned int do_prli_nvme:1; uint8_t nvme_flag; + uint8_t active_tmf; +#define MAX_ACTIVE_TMF 8 uint8_t node_name[WWN_SIZE]; uint8_t port_name[WWN_SIZE]; diff --git a/drivers/scsi/qla2xxx/qla_init.c b/drivers/scsi/qla2xxx/qla_init.c index bc4600bd5765..84841edcd1b5 100644 --- a/drivers/scsi/qla2xxx/qla_init.c +++ b/drivers/scsi/qla2xxx/qla_init.c @@ -2149,6 +2149,54 @@ __qla2x00_async_tm_cmd(struct tmf_arg *arg) return rval; } +static void qla_put_tmf(fc_port_t *fcport) +{ + struct scsi_qla_host *vha = fcport->vha; + struct qla_hw_data *ha = vha->hw; + unsigned long flags; + + spin_lock_irqsave(&ha->tgt.sess_lock, flags); + fcport->active_tmf--; + spin_unlock_irqrestore(&ha->tgt.sess_lock, flags); +} + +static +int qla_get_tmf(fc_port_t *fcport) +{ + struct scsi_qla_host *vha = fcport->vha; + struct qla_hw_data *ha = vha->hw; + unsigned long flags; + int rc = 0; + LIST_HEAD(tmf_elem); + + spin_lock_irqsave(&ha->tgt.sess_lock, flags); + list_add_tail(&tmf_elem, &fcport->tmf_pending); + + while (fcport->active_tmf >= MAX_ACTIVE_TMF) { + spin_unlock_irqrestore(&ha->tgt.sess_lock, flags); + + msleep(1); + + spin_lock_irqsave(&ha->tgt.sess_lock, flags); + if (fcport->deleted) { + rc = EIO; + break; + } + if (fcport->active_tmf < MAX_ACTIVE_TMF && + list_is_first(&tmf_elem, &fcport->tmf_pending)) + break; + } + + list_del(&tmf_elem); + + if (!rc) + fcport->active_tmf++; + + spin_unlock_irqrestore(&ha->tgt.sess_lock, flags); + + return rc; +} + int qla2x00_async_tm_cmd(fc_port_t *fcport, uint32_t flags, uint64_t lun, uint32_t tag) @@ -2156,18 +2204,19 @@ qla2x00_async_tm_cmd(fc_port_t *fcport, uint32_t flags, uint64_t lun, struct scsi_qla_host *vha = fcport->vha; struct qla_qpair *qpair; struct tmf_arg a; - struct completion comp; int i, rval; - init_completion(&comp); a.vha = fcport->vha; a.fcport = fcport; a.lun = lun; - - if (flags & (TCF_LUN_RESET|TCF_ABORT_TASK_SET|TCF_CLEAR_TASK_SET|TCF_CLEAR_ACA)) + if (flags & (TCF_LUN_RESET|TCF_ABORT_TASK_SET|TCF_CLEAR_TASK_SET|TCF_CLEAR_ACA)) { a.modifier = MK_SYNC_ID_LUN; - else + + if (qla_get_tmf(fcport)) + return QLA_FUNCTION_FAILED; + } else { a.modifier = MK_SYNC_ID; + } if (vha->hw->mqenable) { for (i = 0; i < vha->hw->num_qpairs; i++) { @@ -2186,6 +2235,9 @@ qla2x00_async_tm_cmd(fc_port_t *fcport, uint32_t flags, uint64_t lun, a.flags = flags; rval = __qla2x00_async_tm_cmd(&a); + if (a.modifier == MK_SYNC_ID_LUN) + qla_put_tmf(fcport); + return rval; } @@ -5400,6 +5452,7 @@ qla2x00_alloc_fcport(scsi_qla_host_t *vha, gfp_t flags) INIT_WORK(&fcport->reg_work, qla_register_fcport_fn); INIT_LIST_HEAD(&fcport->gnl_entry); INIT_LIST_HEAD(&fcport->list); + INIT_LIST_HEAD(&fcport->tmf_pending); INIT_LIST_HEAD(&fcport->sess_cmd_list); spin_lock_init(&fcport->sess_cmd_lock);

2 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] scsi: qla2xxx: Fix task management cmd fail due to" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 6a87679626b51b53fbb6be417ad8eb083030b617 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023072133-cartel-depth-3014@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 6a87679626b5 ("scsi: qla2xxx: Fix task management cmd fail due to unavailable resource") 9803fb5d2759 ("scsi: qla2xxx: Fix task management cmd failure") d90171dd0da5 ("scsi: qla2xxx: Multi-que support for TMF") 5f63a163ed2f ("scsi: qla2xxx: Fix exchange oversubscription for management commands") 41e5afe51f75 ("scsi: qla2xxx: Fix exchange oversubscription") 68ad83188d78 ("scsi: qla2xxx: Fix crash when I/O abort times out") 1b80addaae09 ("scsi: qla2xxx: Remove unused declarations for qla2xxx") 63ab6cb582fa ("scsi: qla2xxx: edif: Fix I/O timeout due to over-subscription") 31e6cdbe0eae ("scsi: qla2xxx: Implement ref count for SRB") d4523bd6fd5d ("scsi: qla2xxx: Refactor asynchronous command initialization") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6a87679626b51b53fbb6be417ad8eb083030b617 Mon Sep 17 00:00:00 2001 From: Quinn Tran <qutran(a)marvell.com> Date: Fri, 28 Apr 2023 00:53:35 -0700 Subject: [PATCH] scsi: qla2xxx: Fix task management cmd fail due to unavailable resource Task management command failed with status 2Ch which is a result of too many task management commands sent to the same target. Hence limit task management commands to 8 per target. Reported-by: kernel test robot <lkp(a)intel.com> Link: https://lore.kernel.org/oe-kbuild-all/202304271952.NKNmoFzv-lkp@intel.com/ Cc: stable(a)vger.kernel.org Signed-off-by: Quinn Tran <qutran(a)marvell.com> Signed-off-by: Nilesh Javali <njavali(a)marvell.com> Link: https://lore.kernel.org/r/20230428075339.32551-4-njavali@marvell.com Reviewed-by: Himanshu Madhani <himanshu.madhani(a)oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/scsi/qla2xxx/qla_def.h b/drivers/scsi/qla2xxx/qla_def.h index 02287205ca2e..e345ccbff807 100644 --- a/drivers/scsi/qla2xxx/qla_def.h +++ b/drivers/scsi/qla2xxx/qla_def.h @@ -2542,6 +2542,7 @@ enum rscn_addr_format { typedef struct fc_port { struct list_head list; struct scsi_qla_host *vha; + struct list_head tmf_pending; unsigned int conf_compl_supported:1; unsigned int deleted:2; @@ -2562,6 +2563,8 @@ typedef struct fc_port { unsigned int do_prli_nvme:1; uint8_t nvme_flag; + uint8_t active_tmf; +#define MAX_ACTIVE_TMF 8 uint8_t node_name[WWN_SIZE]; uint8_t port_name[WWN_SIZE]; diff --git a/drivers/scsi/qla2xxx/qla_init.c b/drivers/scsi/qla2xxx/qla_init.c index bc4600bd5765..84841edcd1b5 100644 --- a/drivers/scsi/qla2xxx/qla_init.c +++ b/drivers/scsi/qla2xxx/qla_init.c @@ -2149,6 +2149,54 @@ __qla2x00_async_tm_cmd(struct tmf_arg *arg) return rval; } +static void qla_put_tmf(fc_port_t *fcport) +{ + struct scsi_qla_host *vha = fcport->vha; + struct qla_hw_data *ha = vha->hw; + unsigned long flags; + + spin_lock_irqsave(&ha->tgt.sess_lock, flags); + fcport->active_tmf--; + spin_unlock_irqrestore(&ha->tgt.sess_lock, flags); +} + +static +int qla_get_tmf(fc_port_t *fcport) +{ + struct scsi_qla_host *vha = fcport->vha; + struct qla_hw_data *ha = vha->hw; + unsigned long flags; + int rc = 0; + LIST_HEAD(tmf_elem); + + spin_lock_irqsave(&ha->tgt.sess_lock, flags); + list_add_tail(&tmf_elem, &fcport->tmf_pending); + + while (fcport->active_tmf >= MAX_ACTIVE_TMF) { + spin_unlock_irqrestore(&ha->tgt.sess_lock, flags); + + msleep(1); + + spin_lock_irqsave(&ha->tgt.sess_lock, flags); + if (fcport->deleted) { + rc = EIO; + break; + } + if (fcport->active_tmf < MAX_ACTIVE_TMF && + list_is_first(&tmf_elem, &fcport->tmf_pending)) + break; + } + + list_del(&tmf_elem); + + if (!rc) + fcport->active_tmf++; + + spin_unlock_irqrestore(&ha->tgt.sess_lock, flags); + + return rc; +} + int qla2x00_async_tm_cmd(fc_port_t *fcport, uint32_t flags, uint64_t lun, uint32_t tag) @@ -2156,18 +2204,19 @@ qla2x00_async_tm_cmd(fc_port_t *fcport, uint32_t flags, uint64_t lun, struct scsi_qla_host *vha = fcport->vha; struct qla_qpair *qpair; struct tmf_arg a; - struct completion comp; int i, rval; - init_completion(&comp); a.vha = fcport->vha; a.fcport = fcport; a.lun = lun; - - if (flags & (TCF_LUN_RESET|TCF_ABORT_TASK_SET|TCF_CLEAR_TASK_SET|TCF_CLEAR_ACA)) + if (flags & (TCF_LUN_RESET|TCF_ABORT_TASK_SET|TCF_CLEAR_TASK_SET|TCF_CLEAR_ACA)) { a.modifier = MK_SYNC_ID_LUN; - else + + if (qla_get_tmf(fcport)) + return QLA_FUNCTION_FAILED; + } else { a.modifier = MK_SYNC_ID; + } if (vha->hw->mqenable) { for (i = 0; i < vha->hw->num_qpairs; i++) { @@ -2186,6 +2235,9 @@ qla2x00_async_tm_cmd(fc_port_t *fcport, uint32_t flags, uint64_t lun, a.flags = flags; rval = __qla2x00_async_tm_cmd(&a); + if (a.modifier == MK_SYNC_ID_LUN) + qla_put_tmf(fcport); + return rval; } @@ -5400,6 +5452,7 @@ qla2x00_alloc_fcport(scsi_qla_host_t *vha, gfp_t flags) INIT_WORK(&fcport->reg_work, qla_register_fcport_fn); INIT_LIST_HEAD(&fcport->gnl_entry); INIT_LIST_HEAD(&fcport->list); + INIT_LIST_HEAD(&fcport->tmf_pending); INIT_LIST_HEAD(&fcport->sess_cmd_list); spin_lock_init(&fcport->sess_cmd_lock);

2 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] tracing/probes: Fix to record 0-length data_loc in" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 797311bce5c2ac90b8d65e357603cfd410d36ebb # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023072106-theme-headache-d3ba@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 797311bce5c2 ("tracing/probes: Fix to record 0-length data_loc in fetch_store_string*() if fails") 4ed8f337dee3 ("Revert "tracing: Add "(fault)" name injection to kernel probes"") e38e2c6a9efc ("tracing/probes: Fix to update dynamic data counter if fetcharg uses it") 00cf3d672a9d ("tracing: Allow synthetic events to pass around stacktraces") f1d3cbfaafc1 ("tracing: Move duplicate code of trace_kprobe/eprobe.c into header") 7491e2c44278 ("tracing: Add a probe that attaches to trace events") 8565a45d0858 ("tracing/probes: Have process_fetch_insn() take a void * instead of pt_regs") 007517a01995 ("tracing/probe: Change traceprobe_set_print_fmt() to take a type") 3b13911a2fd0 ("tracing: Synthetic event field_pos is an index not a boolean") bc87cf0a08d4 ("trace: Add a generic function to read/write u64 values from tracefs") d262271d0483 ("tracing/dynevent: Delegate parsing to create function") d4d704637d93 ("tracing: Add synthetic event error logging") 9bbb33291f8e ("tracing: Check that the synthetic event and field names are legal") 42d120e2dda5 ("tracing: Move is_good_name() from trace_probe.h to trace.h") 8db4d6bfbbf9 ("tracing: Change synthetic event string format to limit printed length") bd82631d7ccd ("tracing: Add support for dynamic strings to synthetic events") 8fbeb52a598c ("tracing: Fix parse_synth_field() error handling") 8b6ddd10d678 ("Merge tag 'trace-v5.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 797311bce5c2ac90b8d65e357603cfd410d36ebb Mon Sep 17 00:00:00 2001 From: "Masami Hiramatsu (Google)" <mhiramat(a)kernel.org> Date: Tue, 11 Jul 2023 23:16:07 +0900 Subject: [PATCH] tracing/probes: Fix to record 0-length data_loc in fetch_store_string*() if fails Fix to record 0-length data to data_loc in fetch_store_string*() if it fails to get the string data. Currently those expect that the data_loc is updated by store_trace_args() if it returns the error code. However, that does not work correctly if the argument is an array of strings. In that case, store_trace_args() only clears the first entry of the array (which may have no error) and leaves other entries. So it should be cleared by fetch_store_string*() itself. Also, 'dyndata' and 'maxlen' in store_trace_args() should be updated only if it is used (ret > 0 and argument is a dynamic data.) Link: https://lore.kernel.org/all/168908496683.123124.4761206188794205601.stgit@d… Fixes: 40b53b771806 ("tracing: probeevent: Add array type support") Cc: stable(a)vger.kernel.org Reviewed-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> Signed-off-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> diff --git a/kernel/trace/trace_probe_kernel.h b/kernel/trace/trace_probe_kernel.h index 6deae2ce34f8..bb723eefd7b7 100644 --- a/kernel/trace/trace_probe_kernel.h +++ b/kernel/trace/trace_probe_kernel.h @@ -37,6 +37,13 @@ fetch_store_strlen(unsigned long addr) return (ret < 0) ? ret : len; } +static nokprobe_inline void set_data_loc(int ret, void *dest, void *__dest, void *base) +{ + if (ret < 0) + ret = 0; + *(u32 *)dest = make_data_loc(ret, __dest - base); +} + /* * Fetch a null-terminated string from user. Caller MUST set *(u32 *)buf * with max length and relative data location. @@ -55,8 +62,7 @@ fetch_store_string_user(unsigned long addr, void *dest, void *base) __dest = get_loc_data(dest, base); ret = strncpy_from_user_nofault(__dest, uaddr, maxlen); - if (ret >= 0) - *(u32 *)dest = make_data_loc(ret, __dest - base); + set_data_loc(ret, dest, __dest, base); return ret; } @@ -87,8 +93,7 @@ fetch_store_string(unsigned long addr, void *dest, void *base) * probing. */ ret = strncpy_from_kernel_nofault(__dest, (void *)addr, maxlen); - if (ret >= 0) - *(u32 *)dest = make_data_loc(ret, __dest - base); + set_data_loc(ret, dest, __dest, base); return ret; } diff --git a/kernel/trace/trace_probe_tmpl.h b/kernel/trace/trace_probe_tmpl.h index 185da001f4c3..3935b347f874 100644 --- a/kernel/trace/trace_probe_tmpl.h +++ b/kernel/trace/trace_probe_tmpl.h @@ -267,13 +267,9 @@ store_trace_args(void *data, struct trace_probe *tp, void *rec, if (unlikely(arg->dynamic)) *dl = make_data_loc(maxlen, dyndata - base); ret = process_fetch_insn(arg->code, rec, dl, base); - if (arg->dynamic) { - if (unlikely(ret < 0)) { - *dl = make_data_loc(0, dyndata - base); - } else { - dyndata += ret; - maxlen -= ret; - } + if (arg->dynamic && likely(ret > 0)) { + dyndata += ret; + maxlen -= ret; } } } diff --git a/kernel/trace/trace_uprobe.c b/kernel/trace/trace_uprobe.c index 8b92e34ff0c8..7b47e9a2c010 100644 --- a/kernel/trace/trace_uprobe.c +++ b/kernel/trace/trace_uprobe.c @@ -170,7 +170,8 @@ fetch_store_string(unsigned long addr, void *dest, void *base) */ ret++; *(u32 *)dest = make_data_loc(ret, (void *)dst - base); - } + } else + *(u32 *)dest = make_data_loc(0, (void *)dst - base); return ret; }

2 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] tracing/probes: Fix to record 0-length data_loc in" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 797311bce5c2ac90b8d65e357603cfd410d36ebb # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023072105-drop-down-yearling-a66f@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 797311bce5c2 ("tracing/probes: Fix to record 0-length data_loc in fetch_store_string*() if fails") 4ed8f337dee3 ("Revert "tracing: Add "(fault)" name injection to kernel probes"") e38e2c6a9efc ("tracing/probes: Fix to update dynamic data counter if fetcharg uses it") 00cf3d672a9d ("tracing: Allow synthetic events to pass around stacktraces") f1d3cbfaafc1 ("tracing: Move duplicate code of trace_kprobe/eprobe.c into header") 7491e2c44278 ("tracing: Add a probe that attaches to trace events") 8565a45d0858 ("tracing/probes: Have process_fetch_insn() take a void * instead of pt_regs") 007517a01995 ("tracing/probe: Change traceprobe_set_print_fmt() to take a type") 3b13911a2fd0 ("tracing: Synthetic event field_pos is an index not a boolean") bc87cf0a08d4 ("trace: Add a generic function to read/write u64 values from tracefs") d262271d0483 ("tracing/dynevent: Delegate parsing to create function") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 797311bce5c2ac90b8d65e357603cfd410d36ebb Mon Sep 17 00:00:00 2001 From: "Masami Hiramatsu (Google)" <mhiramat(a)kernel.org> Date: Tue, 11 Jul 2023 23:16:07 +0900 Subject: [PATCH] tracing/probes: Fix to record 0-length data_loc in fetch_store_string*() if fails Fix to record 0-length data to data_loc in fetch_store_string*() if it fails to get the string data. Currently those expect that the data_loc is updated by store_trace_args() if it returns the error code. However, that does not work correctly if the argument is an array of strings. In that case, store_trace_args() only clears the first entry of the array (which may have no error) and leaves other entries. So it should be cleared by fetch_store_string*() itself. Also, 'dyndata' and 'maxlen' in store_trace_args() should be updated only if it is used (ret > 0 and argument is a dynamic data.) Link: https://lore.kernel.org/all/168908496683.123124.4761206188794205601.stgit@d… Fixes: 40b53b771806 ("tracing: probeevent: Add array type support") Cc: stable(a)vger.kernel.org Reviewed-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> Signed-off-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> diff --git a/kernel/trace/trace_probe_kernel.h b/kernel/trace/trace_probe_kernel.h index 6deae2ce34f8..bb723eefd7b7 100644 --- a/kernel/trace/trace_probe_kernel.h +++ b/kernel/trace/trace_probe_kernel.h @@ -37,6 +37,13 @@ fetch_store_strlen(unsigned long addr) return (ret < 0) ? ret : len; } +static nokprobe_inline void set_data_loc(int ret, void *dest, void *__dest, void *base) +{ + if (ret < 0) + ret = 0; + *(u32 *)dest = make_data_loc(ret, __dest - base); +} + /* * Fetch a null-terminated string from user. Caller MUST set *(u32 *)buf * with max length and relative data location. @@ -55,8 +62,7 @@ fetch_store_string_user(unsigned long addr, void *dest, void *base) __dest = get_loc_data(dest, base); ret = strncpy_from_user_nofault(__dest, uaddr, maxlen); - if (ret >= 0) - *(u32 *)dest = make_data_loc(ret, __dest - base); + set_data_loc(ret, dest, __dest, base); return ret; } @@ -87,8 +93,7 @@ fetch_store_string(unsigned long addr, void *dest, void *base) * probing. */ ret = strncpy_from_kernel_nofault(__dest, (void *)addr, maxlen); - if (ret >= 0) - *(u32 *)dest = make_data_loc(ret, __dest - base); + set_data_loc(ret, dest, __dest, base); return ret; } diff --git a/kernel/trace/trace_probe_tmpl.h b/kernel/trace/trace_probe_tmpl.h index 185da001f4c3..3935b347f874 100644 --- a/kernel/trace/trace_probe_tmpl.h +++ b/kernel/trace/trace_probe_tmpl.h @@ -267,13 +267,9 @@ store_trace_args(void *data, struct trace_probe *tp, void *rec, if (unlikely(arg->dynamic)) *dl = make_data_loc(maxlen, dyndata - base); ret = process_fetch_insn(arg->code, rec, dl, base); - if (arg->dynamic) { - if (unlikely(ret < 0)) { - *dl = make_data_loc(0, dyndata - base); - } else { - dyndata += ret; - maxlen -= ret; - } + if (arg->dynamic && likely(ret > 0)) { + dyndata += ret; + maxlen -= ret; } } } diff --git a/kernel/trace/trace_uprobe.c b/kernel/trace/trace_uprobe.c index 8b92e34ff0c8..7b47e9a2c010 100644 --- a/kernel/trace/trace_uprobe.c +++ b/kernel/trace/trace_uprobe.c @@ -170,7 +170,8 @@ fetch_store_string(unsigned long addr, void *dest, void *base) */ ret++; *(u32 *)dest = make_data_loc(ret, (void *)dst - base); - } + } else + *(u32 *)dest = make_data_loc(0, (void *)dst - base); return ret; }

2 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] tracing/probes: Fix to record 0-length data_loc in" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 797311bce5c2ac90b8d65e357603cfd410d36ebb # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023072104-epilepsy-remedial-bdd8@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 797311bce5c2 ("tracing/probes: Fix to record 0-length data_loc in fetch_store_string*() if fails") 4ed8f337dee3 ("Revert "tracing: Add "(fault)" name injection to kernel probes"") e38e2c6a9efc ("tracing/probes: Fix to update dynamic data counter if fetcharg uses it") 00cf3d672a9d ("tracing: Allow synthetic events to pass around stacktraces") f1d3cbfaafc1 ("tracing: Move duplicate code of trace_kprobe/eprobe.c into header") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 797311bce5c2ac90b8d65e357603cfd410d36ebb Mon Sep 17 00:00:00 2001 From: "Masami Hiramatsu (Google)" <mhiramat(a)kernel.org> Date: Tue, 11 Jul 2023 23:16:07 +0900 Subject: [PATCH] tracing/probes: Fix to record 0-length data_loc in fetch_store_string*() if fails Fix to record 0-length data to data_loc in fetch_store_string*() if it fails to get the string data. Currently those expect that the data_loc is updated by store_trace_args() if it returns the error code. However, that does not work correctly if the argument is an array of strings. In that case, store_trace_args() only clears the first entry of the array (which may have no error) and leaves other entries. So it should be cleared by fetch_store_string*() itself. Also, 'dyndata' and 'maxlen' in store_trace_args() should be updated only if it is used (ret > 0 and argument is a dynamic data.) Link: https://lore.kernel.org/all/168908496683.123124.4761206188794205601.stgit@d… Fixes: 40b53b771806 ("tracing: probeevent: Add array type support") Cc: stable(a)vger.kernel.org Reviewed-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> Signed-off-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> diff --git a/kernel/trace/trace_probe_kernel.h b/kernel/trace/trace_probe_kernel.h index 6deae2ce34f8..bb723eefd7b7 100644 --- a/kernel/trace/trace_probe_kernel.h +++ b/kernel/trace/trace_probe_kernel.h @@ -37,6 +37,13 @@ fetch_store_strlen(unsigned long addr) return (ret < 0) ? ret : len; } +static nokprobe_inline void set_data_loc(int ret, void *dest, void *__dest, void *base) +{ + if (ret < 0) + ret = 0; + *(u32 *)dest = make_data_loc(ret, __dest - base); +} + /* * Fetch a null-terminated string from user. Caller MUST set *(u32 *)buf * with max length and relative data location. @@ -55,8 +62,7 @@ fetch_store_string_user(unsigned long addr, void *dest, void *base) __dest = get_loc_data(dest, base); ret = strncpy_from_user_nofault(__dest, uaddr, maxlen); - if (ret >= 0) - *(u32 *)dest = make_data_loc(ret, __dest - base); + set_data_loc(ret, dest, __dest, base); return ret; } @@ -87,8 +93,7 @@ fetch_store_string(unsigned long addr, void *dest, void *base) * probing. */ ret = strncpy_from_kernel_nofault(__dest, (void *)addr, maxlen); - if (ret >= 0) - *(u32 *)dest = make_data_loc(ret, __dest - base); + set_data_loc(ret, dest, __dest, base); return ret; } diff --git a/kernel/trace/trace_probe_tmpl.h b/kernel/trace/trace_probe_tmpl.h index 185da001f4c3..3935b347f874 100644 --- a/kernel/trace/trace_probe_tmpl.h +++ b/kernel/trace/trace_probe_tmpl.h @@ -267,13 +267,9 @@ store_trace_args(void *data, struct trace_probe *tp, void *rec, if (unlikely(arg->dynamic)) *dl = make_data_loc(maxlen, dyndata - base); ret = process_fetch_insn(arg->code, rec, dl, base); - if (arg->dynamic) { - if (unlikely(ret < 0)) { - *dl = make_data_loc(0, dyndata - base); - } else { - dyndata += ret; - maxlen -= ret; - } + if (arg->dynamic && likely(ret > 0)) { + dyndata += ret; + maxlen -= ret; } } } diff --git a/kernel/trace/trace_uprobe.c b/kernel/trace/trace_uprobe.c index 8b92e34ff0c8..7b47e9a2c010 100644 --- a/kernel/trace/trace_uprobe.c +++ b/kernel/trace/trace_uprobe.c @@ -170,7 +170,8 @@ fetch_store_string(unsigned long addr, void *dest, void *base) */ ret++; *(u32 *)dest = make_data_loc(ret, (void *)dst - base); - } + } else + *(u32 *)dest = make_data_loc(0, (void *)dst - base); return ret; }

2 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] tracing/probes: Fix to record 0-length data_loc in" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 797311bce5c2ac90b8d65e357603cfd410d36ebb # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023072103-huff-flyable-0350@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 797311bce5c2 ("tracing/probes: Fix to record 0-length data_loc in fetch_store_string*() if fails") 4ed8f337dee3 ("Revert "tracing: Add "(fault)" name injection to kernel probes"") e38e2c6a9efc ("tracing/probes: Fix to update dynamic data counter if fetcharg uses it") 00cf3d672a9d ("tracing: Allow synthetic events to pass around stacktraces") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 797311bce5c2ac90b8d65e357603cfd410d36ebb Mon Sep 17 00:00:00 2001 From: "Masami Hiramatsu (Google)" <mhiramat(a)kernel.org> Date: Tue, 11 Jul 2023 23:16:07 +0900 Subject: [PATCH] tracing/probes: Fix to record 0-length data_loc in fetch_store_string*() if fails Fix to record 0-length data to data_loc in fetch_store_string*() if it fails to get the string data. Currently those expect that the data_loc is updated by store_trace_args() if it returns the error code. However, that does not work correctly if the argument is an array of strings. In that case, store_trace_args() only clears the first entry of the array (which may have no error) and leaves other entries. So it should be cleared by fetch_store_string*() itself. Also, 'dyndata' and 'maxlen' in store_trace_args() should be updated only if it is used (ret > 0 and argument is a dynamic data.) Link: https://lore.kernel.org/all/168908496683.123124.4761206188794205601.stgit@d… Fixes: 40b53b771806 ("tracing: probeevent: Add array type support") Cc: stable(a)vger.kernel.org Reviewed-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> Signed-off-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> diff --git a/kernel/trace/trace_probe_kernel.h b/kernel/trace/trace_probe_kernel.h index 6deae2ce34f8..bb723eefd7b7 100644 --- a/kernel/trace/trace_probe_kernel.h +++ b/kernel/trace/trace_probe_kernel.h @@ -37,6 +37,13 @@ fetch_store_strlen(unsigned long addr) return (ret < 0) ? ret : len; } +static nokprobe_inline void set_data_loc(int ret, void *dest, void *__dest, void *base) +{ + if (ret < 0) + ret = 0; + *(u32 *)dest = make_data_loc(ret, __dest - base); +} + /* * Fetch a null-terminated string from user. Caller MUST set *(u32 *)buf * with max length and relative data location. @@ -55,8 +62,7 @@ fetch_store_string_user(unsigned long addr, void *dest, void *base) __dest = get_loc_data(dest, base); ret = strncpy_from_user_nofault(__dest, uaddr, maxlen); - if (ret >= 0) - *(u32 *)dest = make_data_loc(ret, __dest - base); + set_data_loc(ret, dest, __dest, base); return ret; } @@ -87,8 +93,7 @@ fetch_store_string(unsigned long addr, void *dest, void *base) * probing. */ ret = strncpy_from_kernel_nofault(__dest, (void *)addr, maxlen); - if (ret >= 0) - *(u32 *)dest = make_data_loc(ret, __dest - base); + set_data_loc(ret, dest, __dest, base); return ret; } diff --git a/kernel/trace/trace_probe_tmpl.h b/kernel/trace/trace_probe_tmpl.h index 185da001f4c3..3935b347f874 100644 --- a/kernel/trace/trace_probe_tmpl.h +++ b/kernel/trace/trace_probe_tmpl.h @@ -267,13 +267,9 @@ store_trace_args(void *data, struct trace_probe *tp, void *rec, if (unlikely(arg->dynamic)) *dl = make_data_loc(maxlen, dyndata - base); ret = process_fetch_insn(arg->code, rec, dl, base); - if (arg->dynamic) { - if (unlikely(ret < 0)) { - *dl = make_data_loc(0, dyndata - base); - } else { - dyndata += ret; - maxlen -= ret; - } + if (arg->dynamic && likely(ret > 0)) { + dyndata += ret; + maxlen -= ret; } } } diff --git a/kernel/trace/trace_uprobe.c b/kernel/trace/trace_uprobe.c index 8b92e34ff0c8..7b47e9a2c010 100644 --- a/kernel/trace/trace_uprobe.c +++ b/kernel/trace/trace_uprobe.c @@ -170,7 +170,8 @@ fetch_store_string(unsigned long addr, void *dest, void *base) */ ret++; *(u32 *)dest = make_data_loc(ret, (void *)dst - base); - } + } else + *(u32 *)dest = make_data_loc(0, (void *)dst - base); return ret; }

2 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] Revert "tracing: Add "(fault)" name injection to kernel" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 4ed8f337dee32df71435689c19d22e4ee846e15a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023072147-whiny-untapped-a860@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 4ed8f337dee3 ("Revert "tracing: Add "(fault)" name injection to kernel probes"") 00cf3d672a9d ("tracing: Allow synthetic events to pass around stacktraces") f1d3cbfaafc1 ("tracing: Move duplicate code of trace_kprobe/eprobe.c into header") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4ed8f337dee32df71435689c19d22e4ee846e15a Mon Sep 17 00:00:00 2001 From: "Masami Hiramatsu (Google)" <mhiramat(a)kernel.org> Date: Tue, 11 Jul 2023 23:15:57 +0900 Subject: [PATCH] Revert "tracing: Add "(fault)" name injection to kernel probes" This reverts commit 2e9906f84fc7c99388bb7123ade167250d50f1c0. It was turned out that commit 2e9906f84fc7 ("tracing: Add "(fault)" name injection to kernel probes") did not work correctly and probe events still show just '(fault)' (instead of '"(fault)"'). Also, current '(fault)' is more explicit that it faulted. This also moves FAULT_STRING macro to trace.h so that synthetic event can keep using it, and uses it in trace_probe.c too. Link: https://lore.kernel.org/all/168908495772.123124.1250788051922100079.stgit@d… Link: https://lore.kernel.org/all/20230706230642.3793a593@rorschach.local.home/ Cc: stable(a)vger.kernel.org Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Tom Zanussi <zanussi(a)kernel.org> Signed-off-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> Reviewed-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> diff --git a/kernel/trace/trace.h b/kernel/trace/trace.h index 79bdefe9261b..eee1f3ca4749 100644 --- a/kernel/trace/trace.h +++ b/kernel/trace/trace.h @@ -113,6 +113,8 @@ enum trace_type { #define MEM_FAIL(condition, fmt, ...) \ DO_ONCE_LITE_IF(condition, pr_err, "ERROR: " fmt, ##__VA_ARGS__) +#define FAULT_STRING "(fault)" + #define HIST_STACKTRACE_DEPTH 16 #define HIST_STACKTRACE_SIZE (HIST_STACKTRACE_DEPTH * sizeof(unsigned long)) #define HIST_STACKTRACE_SKIP 5 diff --git a/kernel/trace/trace_probe.c b/kernel/trace/trace_probe.c index 2d2616678295..591399ddcee5 100644 --- a/kernel/trace/trace_probe.c +++ b/kernel/trace/trace_probe.c @@ -65,7 +65,7 @@ int PRINT_TYPE_FUNC_NAME(string)(struct trace_seq *s, void *data, void *ent) int len = *(u32 *)data >> 16; if (!len) - trace_seq_puts(s, "(fault)"); + trace_seq_puts(s, FAULT_STRING); else trace_seq_printf(s, "\"%s\"", (const char *)get_loc_data(data, ent)); diff --git a/kernel/trace/trace_probe_kernel.h b/kernel/trace/trace_probe_kernel.h index c4e1d4c03a85..6deae2ce34f8 100644 --- a/kernel/trace/trace_probe_kernel.h +++ b/kernel/trace/trace_probe_kernel.h @@ -2,8 +2,6 @@ #ifndef __TRACE_PROBE_KERNEL_H_ #define __TRACE_PROBE_KERNEL_H_ -#define FAULT_STRING "(fault)" - /* * This depends on trace_probe.h, but can not include it due to * the way trace_probe_tmpl.h is used by trace_kprobe.c and trace_eprobe.c. @@ -15,16 +13,8 @@ static nokprobe_inline int fetch_store_strlen_user(unsigned long addr) { const void __user *uaddr = (__force const void __user *)addr; - int ret; - ret = strnlen_user_nofault(uaddr, MAX_STRING_SIZE); - /* - * strnlen_user_nofault returns zero on fault, insert the - * FAULT_STRING when that occurs. - */ - if (ret <= 0) - return strlen(FAULT_STRING) + 1; - return ret; + return strnlen_user_nofault(uaddr, MAX_STRING_SIZE); } /* Return the length of string -- including null terminal byte */ @@ -44,18 +34,7 @@ fetch_store_strlen(unsigned long addr) len++; } while (c && ret == 0 && len < MAX_STRING_SIZE); - /* For faults, return enough to hold the FAULT_STRING */ - return (ret < 0) ? strlen(FAULT_STRING) + 1 : len; -} - -static nokprobe_inline void set_data_loc(int ret, void *dest, void *__dest, void *base, int len) -{ - if (ret >= 0) { - *(u32 *)dest = make_data_loc(ret, __dest - base); - } else { - strscpy(__dest, FAULT_STRING, len); - ret = strlen(__dest) + 1; - } + return (ret < 0) ? ret : len; } /* @@ -76,7 +55,8 @@ fetch_store_string_user(unsigned long addr, void *dest, void *base) __dest = get_loc_data(dest, base); ret = strncpy_from_user_nofault(__dest, uaddr, maxlen); - set_data_loc(ret, dest, __dest, base, maxlen); + if (ret >= 0) + *(u32 *)dest = make_data_loc(ret, __dest - base); return ret; } @@ -107,7 +87,8 @@ fetch_store_string(unsigned long addr, void *dest, void *base) * probing. */ ret = strncpy_from_kernel_nofault(__dest, (void *)addr, maxlen); - set_data_loc(ret, dest, __dest, base, maxlen); + if (ret >= 0) + *(u32 *)dest = make_data_loc(ret, __dest - base); return ret; }

2 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] Revert "tracing: Add "(fault)" name injection to kernel" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 4ed8f337dee32df71435689c19d22e4ee846e15a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023072146-thus-data-323d@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 4ed8f337dee3 ("Revert "tracing: Add "(fault)" name injection to kernel probes"") 00cf3d672a9d ("tracing: Allow synthetic events to pass around stacktraces") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4ed8f337dee32df71435689c19d22e4ee846e15a Mon Sep 17 00:00:00 2001 From: "Masami Hiramatsu (Google)" <mhiramat(a)kernel.org> Date: Tue, 11 Jul 2023 23:15:57 +0900 Subject: [PATCH] Revert "tracing: Add "(fault)" name injection to kernel probes" This reverts commit 2e9906f84fc7c99388bb7123ade167250d50f1c0. It was turned out that commit 2e9906f84fc7 ("tracing: Add "(fault)" name injection to kernel probes") did not work correctly and probe events still show just '(fault)' (instead of '"(fault)"'). Also, current '(fault)' is more explicit that it faulted. This also moves FAULT_STRING macro to trace.h so that synthetic event can keep using it, and uses it in trace_probe.c too. Link: https://lore.kernel.org/all/168908495772.123124.1250788051922100079.stgit@d… Link: https://lore.kernel.org/all/20230706230642.3793a593@rorschach.local.home/ Cc: stable(a)vger.kernel.org Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Tom Zanussi <zanussi(a)kernel.org> Signed-off-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> Reviewed-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> diff --git a/kernel/trace/trace.h b/kernel/trace/trace.h index 79bdefe9261b..eee1f3ca4749 100644 --- a/kernel/trace/trace.h +++ b/kernel/trace/trace.h @@ -113,6 +113,8 @@ enum trace_type { #define MEM_FAIL(condition, fmt, ...) \ DO_ONCE_LITE_IF(condition, pr_err, "ERROR: " fmt, ##__VA_ARGS__) +#define FAULT_STRING "(fault)" + #define HIST_STACKTRACE_DEPTH 16 #define HIST_STACKTRACE_SIZE (HIST_STACKTRACE_DEPTH * sizeof(unsigned long)) #define HIST_STACKTRACE_SKIP 5 diff --git a/kernel/trace/trace_probe.c b/kernel/trace/trace_probe.c index 2d2616678295..591399ddcee5 100644 --- a/kernel/trace/trace_probe.c +++ b/kernel/trace/trace_probe.c @@ -65,7 +65,7 @@ int PRINT_TYPE_FUNC_NAME(string)(struct trace_seq *s, void *data, void *ent) int len = *(u32 *)data >> 16; if (!len) - trace_seq_puts(s, "(fault)"); + trace_seq_puts(s, FAULT_STRING); else trace_seq_printf(s, "\"%s\"", (const char *)get_loc_data(data, ent)); diff --git a/kernel/trace/trace_probe_kernel.h b/kernel/trace/trace_probe_kernel.h index c4e1d4c03a85..6deae2ce34f8 100644 --- a/kernel/trace/trace_probe_kernel.h +++ b/kernel/trace/trace_probe_kernel.h @@ -2,8 +2,6 @@ #ifndef __TRACE_PROBE_KERNEL_H_ #define __TRACE_PROBE_KERNEL_H_ -#define FAULT_STRING "(fault)" - /* * This depends on trace_probe.h, but can not include it due to * the way trace_probe_tmpl.h is used by trace_kprobe.c and trace_eprobe.c. @@ -15,16 +13,8 @@ static nokprobe_inline int fetch_store_strlen_user(unsigned long addr) { const void __user *uaddr = (__force const void __user *)addr; - int ret; - ret = strnlen_user_nofault(uaddr, MAX_STRING_SIZE); - /* - * strnlen_user_nofault returns zero on fault, insert the - * FAULT_STRING when that occurs. - */ - if (ret <= 0) - return strlen(FAULT_STRING) + 1; - return ret; + return strnlen_user_nofault(uaddr, MAX_STRING_SIZE); } /* Return the length of string -- including null terminal byte */ @@ -44,18 +34,7 @@ fetch_store_strlen(unsigned long addr) len++; } while (c && ret == 0 && len < MAX_STRING_SIZE); - /* For faults, return enough to hold the FAULT_STRING */ - return (ret < 0) ? strlen(FAULT_STRING) + 1 : len; -} - -static nokprobe_inline void set_data_loc(int ret, void *dest, void *__dest, void *base, int len) -{ - if (ret >= 0) { - *(u32 *)dest = make_data_loc(ret, __dest - base); - } else { - strscpy(__dest, FAULT_STRING, len); - ret = strlen(__dest) + 1; - } + return (ret < 0) ? ret : len; } /* @@ -76,7 +55,8 @@ fetch_store_string_user(unsigned long addr, void *dest, void *base) __dest = get_loc_data(dest, base); ret = strncpy_from_user_nofault(__dest, uaddr, maxlen); - set_data_loc(ret, dest, __dest, base, maxlen); + if (ret >= 0) + *(u32 *)dest = make_data_loc(ret, __dest - base); return ret; } @@ -107,7 +87,8 @@ fetch_store_string(unsigned long addr, void *dest, void *base) * probing. */ ret = strncpy_from_kernel_nofault(__dest, (void *)addr, maxlen); - set_data_loc(ret, dest, __dest, base, maxlen); + if (ret >= 0) + *(u32 *)dest = make_data_loc(ret, __dest - base); return ret; }

2 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] tracing/probes: Fix to update dynamic data counter if" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x e38e2c6a9efc435f9de344b7c91f7697e01b47d5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023072114-brownnose-browbeat-6258@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: e38e2c6a9efc ("tracing/probes: Fix to update dynamic data counter if fetcharg uses it") 8565a45d0858 ("tracing/probes: Have process_fetch_insn() take a void * instead of pt_regs") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e38e2c6a9efc435f9de344b7c91f7697e01b47d5 Mon Sep 17 00:00:00 2001 From: "Masami Hiramatsu (Google)" <mhiramat(a)kernel.org> Date: Tue, 11 Jul 2023 23:15:48 +0900 Subject: [PATCH] tracing/probes: Fix to update dynamic data counter if fetcharg uses it Fix to update dynamic data counter ('dyndata') and max length ('maxlen') only if the fetcharg uses the dynamic data. Also get out arg->dynamic from unlikely(). This makes dynamic data address wrong if process_fetch_insn() returns error on !arg->dynamic case. Link: https://lore.kernel.org/all/168908494781.123124.8160245359962103684.stgit@d… Suggested-by: Steven Rostedt <rostedt(a)goodmis.org> Link: https://lore.kernel.org/all/20230710233400.5aaf024e@gandalf.local.home/ Fixes: 9178412ddf5a ("tracing: probeevent: Return consumed bytes of dynamic area") Cc: stable(a)vger.kernel.org Signed-off-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> Reviewed-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> diff --git a/kernel/trace/trace_probe_tmpl.h b/kernel/trace/trace_probe_tmpl.h index ed9d57c6b041..185da001f4c3 100644 --- a/kernel/trace/trace_probe_tmpl.h +++ b/kernel/trace/trace_probe_tmpl.h @@ -267,11 +267,13 @@ store_trace_args(void *data, struct trace_probe *tp, void *rec, if (unlikely(arg->dynamic)) *dl = make_data_loc(maxlen, dyndata - base); ret = process_fetch_insn(arg->code, rec, dl, base); - if (unlikely(ret < 0 && arg->dynamic)) { - *dl = make_data_loc(0, dyndata - base); - } else { - dyndata += ret; - maxlen -= ret; + if (arg->dynamic) { + if (unlikely(ret < 0)) { + *dl = make_data_loc(0, dyndata - base); + } else { + dyndata += ret; + maxlen -= ret; + } } } }

2 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] tracing/probes: Fix to update dynamic data counter if" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x e38e2c6a9efc435f9de344b7c91f7697e01b47d5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023072113-repave-bootleg-b466@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: e38e2c6a9efc ("tracing/probes: Fix to update dynamic data counter if fetcharg uses it") 8565a45d0858 ("tracing/probes: Have process_fetch_insn() take a void * instead of pt_regs") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e38e2c6a9efc435f9de344b7c91f7697e01b47d5 Mon Sep 17 00:00:00 2001 From: "Masami Hiramatsu (Google)" <mhiramat(a)kernel.org> Date: Tue, 11 Jul 2023 23:15:48 +0900 Subject: [PATCH] tracing/probes: Fix to update dynamic data counter if fetcharg uses it Fix to update dynamic data counter ('dyndata') and max length ('maxlen') only if the fetcharg uses the dynamic data. Also get out arg->dynamic from unlikely(). This makes dynamic data address wrong if process_fetch_insn() returns error on !arg->dynamic case. Link: https://lore.kernel.org/all/168908494781.123124.8160245359962103684.stgit@d… Suggested-by: Steven Rostedt <rostedt(a)goodmis.org> Link: https://lore.kernel.org/all/20230710233400.5aaf024e@gandalf.local.home/ Fixes: 9178412ddf5a ("tracing: probeevent: Return consumed bytes of dynamic area") Cc: stable(a)vger.kernel.org Signed-off-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> Reviewed-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> diff --git a/kernel/trace/trace_probe_tmpl.h b/kernel/trace/trace_probe_tmpl.h index ed9d57c6b041..185da001f4c3 100644 --- a/kernel/trace/trace_probe_tmpl.h +++ b/kernel/trace/trace_probe_tmpl.h @@ -267,11 +267,13 @@ store_trace_args(void *data, struct trace_probe *tp, void *rec, if (unlikely(arg->dynamic)) *dl = make_data_loc(maxlen, dyndata - base); ret = process_fetch_insn(arg->code, rec, dl, base); - if (unlikely(ret < 0 && arg->dynamic)) { - *dl = make_data_loc(0, dyndata - base); - } else { - dyndata += ret; - maxlen -= ret; + if (arg->dynamic) { + if (unlikely(ret < 0)) { + *dl = make_data_loc(0, dyndata - base); + } else { + dyndata += ret; + maxlen -= ret; + } } } }

2 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] tracing/probes: Fix to avoid double count of the string" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 66bcf65d6cf0ca6540e2341e88ee7ef02dbdda08 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023072141-stride-endorphin-a57a@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 66bcf65d6cf0 ("tracing/probes: Fix to avoid double count of the string length on the array") b26a124cbfa8 ("tracing/probes: Add symstr type for dynamic events") 7491e2c44278 ("tracing: Add a probe that attaches to trace events") 007517a01995 ("tracing/probe: Change traceprobe_set_print_fmt() to take a type") fcd9db51df8e ("tracing/probe: Have traceprobe_parse_probe_arg() take a const arg") bc87cf0a08d4 ("trace: Add a generic function to read/write u64 values from tracefs") d262271d0483 ("tracing/dynevent: Delegate parsing to create function") d4d704637d93 ("tracing: Add synthetic event error logging") 9bbb33291f8e ("tracing: Check that the synthetic event and field names are legal") 42d120e2dda5 ("tracing: Move is_good_name() from trace_probe.h to trace.h") bd82631d7ccd ("tracing: Add support for dynamic strings to synthetic events") 8fbeb52a598c ("tracing: Fix parse_synth_field() error handling") 3aa8fdc37d16 ("tracing/probe: Fix memleak in fetch_op_data operations") 726721a51838 ("tracing: Move synthetic events to a separate file") 1b94b3aed367 ("tracing: Check state.disabled in synth event trace functions") 91ad64a84e9e ("Merge tag 'trace-v5.6-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 66bcf65d6cf0ca6540e2341e88ee7ef02dbdda08 Mon Sep 17 00:00:00 2001 From: "Masami Hiramatsu (Google)" <mhiramat(a)kernel.org> Date: Tue, 11 Jul 2023 23:15:29 +0900 Subject: [PATCH] tracing/probes: Fix to avoid double count of the string length on the array If an array is specified with the ustring or symstr, the length of the strings are accumlated on both of 'ret' and 'total', which means the length is double counted. Just set the length to the 'ret' value for avoiding double counting. Link: https://lore.kernel.org/all/168908492917.123124.15076463491122036025.stgit@… Reported-by: Dan Carpenter <dan.carpenter(a)linaro.org> Closes: https://lore.kernel.org/all/8819b154-2ba1-43c3-98a2-cbde20892023@moroto.mou… Fixes: 88903c464321 ("tracing/probe: Add ustring type for user-space string") Cc: stable(a)vger.kernel.org Signed-off-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> Reviewed-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> diff --git a/kernel/trace/trace_probe_tmpl.h b/kernel/trace/trace_probe_tmpl.h index 00707630788d..4735c5cb76fa 100644 --- a/kernel/trace/trace_probe_tmpl.h +++ b/kernel/trace/trace_probe_tmpl.h @@ -156,11 +156,11 @@ process_fetch_insn_bottom(struct fetch_insn *code, unsigned long val, code++; goto array; case FETCH_OP_ST_USTRING: - ret += fetch_store_strlen_user(val + code->offset); + ret = fetch_store_strlen_user(val + code->offset); code++; goto array; case FETCH_OP_ST_SYMSTR: - ret += fetch_store_symstrlen(val + code->offset); + ret = fetch_store_symstrlen(val + code->offset); code++; goto array; default:

2 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] tracing/probes: Fix to avoid double count of the string" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 66bcf65d6cf0ca6540e2341e88ee7ef02dbdda08 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023072140-dropout-strep-a13c@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 66bcf65d6cf0 ("tracing/probes: Fix to avoid double count of the string length on the array") b26a124cbfa8 ("tracing/probes: Add symstr type for dynamic events") 7491e2c44278 ("tracing: Add a probe that attaches to trace events") 007517a01995 ("tracing/probe: Change traceprobe_set_print_fmt() to take a type") fcd9db51df8e ("tracing/probe: Have traceprobe_parse_probe_arg() take a const arg") bc87cf0a08d4 ("trace: Add a generic function to read/write u64 values from tracefs") d262271d0483 ("tracing/dynevent: Delegate parsing to create function") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 66bcf65d6cf0ca6540e2341e88ee7ef02dbdda08 Mon Sep 17 00:00:00 2001 From: "Masami Hiramatsu (Google)" <mhiramat(a)kernel.org> Date: Tue, 11 Jul 2023 23:15:29 +0900 Subject: [PATCH] tracing/probes: Fix to avoid double count of the string length on the array If an array is specified with the ustring or symstr, the length of the strings are accumlated on both of 'ret' and 'total', which means the length is double counted. Just set the length to the 'ret' value for avoiding double counting. Link: https://lore.kernel.org/all/168908492917.123124.15076463491122036025.stgit@… Reported-by: Dan Carpenter <dan.carpenter(a)linaro.org> Closes: https://lore.kernel.org/all/8819b154-2ba1-43c3-98a2-cbde20892023@moroto.mou… Fixes: 88903c464321 ("tracing/probe: Add ustring type for user-space string") Cc: stable(a)vger.kernel.org Signed-off-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> Reviewed-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> diff --git a/kernel/trace/trace_probe_tmpl.h b/kernel/trace/trace_probe_tmpl.h index 00707630788d..4735c5cb76fa 100644 --- a/kernel/trace/trace_probe_tmpl.h +++ b/kernel/trace/trace_probe_tmpl.h @@ -156,11 +156,11 @@ process_fetch_insn_bottom(struct fetch_insn *code, unsigned long val, code++; goto array; case FETCH_OP_ST_USTRING: - ret += fetch_store_strlen_user(val + code->offset); + ret = fetch_store_strlen_user(val + code->offset); code++; goto array; case FETCH_OP_ST_SYMSTR: - ret += fetch_store_symstrlen(val + code->offset); + ret = fetch_store_symstrlen(val + code->offset); code++; goto array; default:

2 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] tracing/probes: Fix to avoid double count of the string" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 66bcf65d6cf0ca6540e2341e88ee7ef02dbdda08 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023072139-those-ditch-4de2@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 66bcf65d6cf0 ("tracing/probes: Fix to avoid double count of the string length on the array") b26a124cbfa8 ("tracing/probes: Add symstr type for dynamic events") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 66bcf65d6cf0ca6540e2341e88ee7ef02dbdda08 Mon Sep 17 00:00:00 2001 From: "Masami Hiramatsu (Google)" <mhiramat(a)kernel.org> Date: Tue, 11 Jul 2023 23:15:29 +0900 Subject: [PATCH] tracing/probes: Fix to avoid double count of the string length on the array If an array is specified with the ustring or symstr, the length of the strings are accumlated on both of 'ret' and 'total', which means the length is double counted. Just set the length to the 'ret' value for avoiding double counting. Link: https://lore.kernel.org/all/168908492917.123124.15076463491122036025.stgit@… Reported-by: Dan Carpenter <dan.carpenter(a)linaro.org> Closes: https://lore.kernel.org/all/8819b154-2ba1-43c3-98a2-cbde20892023@moroto.mou… Fixes: 88903c464321 ("tracing/probe: Add ustring type for user-space string") Cc: stable(a)vger.kernel.org Signed-off-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> Reviewed-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> diff --git a/kernel/trace/trace_probe_tmpl.h b/kernel/trace/trace_probe_tmpl.h index 00707630788d..4735c5cb76fa 100644 --- a/kernel/trace/trace_probe_tmpl.h +++ b/kernel/trace/trace_probe_tmpl.h @@ -156,11 +156,11 @@ process_fetch_insn_bottom(struct fetch_insn *code, unsigned long val, code++; goto array; case FETCH_OP_ST_USTRING: - ret += fetch_store_strlen_user(val + code->offset); + ret = fetch_store_strlen_user(val + code->offset); code++; goto array; case FETCH_OP_ST_SYMSTR: - ret += fetch_store_symstrlen(val + code->offset); + ret = fetch_store_symstrlen(val + code->offset); code++; goto array; default:

2 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] tracing/probes: Fix to avoid double count of the string" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 66bcf65d6cf0ca6540e2341e88ee7ef02dbdda08 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023072138-nervous-shorten-9868@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 66bcf65d6cf0 ("tracing/probes: Fix to avoid double count of the string length on the array") b26a124cbfa8 ("tracing/probes: Add symstr type for dynamic events") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 66bcf65d6cf0ca6540e2341e88ee7ef02dbdda08 Mon Sep 17 00:00:00 2001 From: "Masami Hiramatsu (Google)" <mhiramat(a)kernel.org> Date: Tue, 11 Jul 2023 23:15:29 +0900 Subject: [PATCH] tracing/probes: Fix to avoid double count of the string length on the array If an array is specified with the ustring or symstr, the length of the strings are accumlated on both of 'ret' and 'total', which means the length is double counted. Just set the length to the 'ret' value for avoiding double counting. Link: https://lore.kernel.org/all/168908492917.123124.15076463491122036025.stgit@… Reported-by: Dan Carpenter <dan.carpenter(a)linaro.org> Closes: https://lore.kernel.org/all/8819b154-2ba1-43c3-98a2-cbde20892023@moroto.mou… Fixes: 88903c464321 ("tracing/probe: Add ustring type for user-space string") Cc: stable(a)vger.kernel.org Signed-off-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> Reviewed-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> diff --git a/kernel/trace/trace_probe_tmpl.h b/kernel/trace/trace_probe_tmpl.h index 00707630788d..4735c5cb76fa 100644 --- a/kernel/trace/trace_probe_tmpl.h +++ b/kernel/trace/trace_probe_tmpl.h @@ -156,11 +156,11 @@ process_fetch_insn_bottom(struct fetch_insn *code, unsigned long val, code++; goto array; case FETCH_OP_ST_USTRING: - ret += fetch_store_strlen_user(val + code->offset); + ret = fetch_store_strlen_user(val + code->offset); code++; goto array; case FETCH_OP_ST_SYMSTR: - ret += fetch_store_symstrlen(val + code->offset); + ret = fetch_store_symstrlen(val + code->offset); code++; goto array; default:

2 years, 3 months

1
0
0 0

[5.10, 5.15] New bpf kselftest failure

by Luiz Capitulino

Hi, The upstream commit below is backported to 5.10.186, 5.15.120 and 6.1.36: """ commit ecdf985d7615356b78241fdb159c091830ed0380 Author: Eduard Zingerman <eddyz87(a)gmail.com> Date: Wed Feb 15 01:20:27 2023 +0200 bpf: track immediate values written to stack by BPF_ST instruction """ This commit is causing the following bpf:test_verifier kselftest to fail: """ # #760/p precise: ST insn causing spi > allocated_stack FAIL """ Since this test didn't fail before ecdf985d76 backport, the question is if this is a test bug or if this commit introduced a regression. I haven't checked if this failure is present in latest Linus tree because I was unable to build & run the bpf kselftests in an older distro. Also, there some important details about running the bpf kselftests in 5.10 and 5.15: * On 5.10, bpf kselftest build is broken. The following upstream commit needs to be cherry-picked for it to build & run: """ commit 4237e9f4a96228ccc8a7abe5e4b30834323cd353 Author: Gilad Reti <gilad.reti(a)gmail.com> Date: Wed Jan 13 07:38:08 2021 +0200 selftests/bpf: Add verifier test for PTR_TO_MEM spill """ * On 5.15.120 there's one additional test that's failing, but I didn't debug this one: """ #150/p calls: trigger reg2btf_ids[reg→type] for reg→type > __BPF_REG_TYPE_MAX FAIL FAIL """ * On 5.11 onwards, building and running bpf tests is disabled by default by commit 7a6eb7c34a78498742b5f82543b7a68c1c443329, so I wonder if we want to backport this to 5.10 as well? Thanks! - Luiz

2 years, 3 months

3
13
0 0

FAILED: patch "[PATCH] pwm: meson: fix handling of period/duty if greater than" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 87a2cbf02d7701255f9fcca7e5bd864a7bb397cf # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023072133-plank-glorified-2d3f@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 87a2cbf02d77 ("pwm: meson: fix handling of period/duty if greater than UINT_MAX") 5f97f18feac9 ("pwm: meson: Simplify duplicated per-channel tracking") 437fb760d046 ("pwm: meson: Remove redundant assignment to variable fin_freq") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 87a2cbf02d7701255f9fcca7e5bd864a7bb397cf Mon Sep 17 00:00:00 2001 From: Heiner Kallweit <hkallweit1(a)gmail.com> Date: Wed, 24 May 2023 21:48:36 +0200 Subject: [PATCH] pwm: meson: fix handling of period/duty if greater than UINT_MAX MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit state->period/duty are of type u64, and if their value is greater than UINT_MAX, then the cast to uint will cause problems. Fix this by changing the type of the respective local variables to u64. Fixes: b79c3670e120 ("pwm: meson: Don't duplicate the polarity internally") Cc: stable(a)vger.kernel.org Suggested-by: Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> Reviewed-by: Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> Signed-off-by: Heiner Kallweit <hkallweit1(a)gmail.com> Signed-off-by: Thierry Reding <thierry.reding(a)gmail.com> diff --git a/drivers/pwm/pwm-meson.c b/drivers/pwm/pwm-meson.c index 3865538dd2d6..33107204a951 100644 --- a/drivers/pwm/pwm-meson.c +++ b/drivers/pwm/pwm-meson.c @@ -156,8 +156,9 @@ static int meson_pwm_calc(struct meson_pwm *meson, struct pwm_device *pwm, const struct pwm_state *state) { struct meson_pwm_channel *channel = &meson->channels[pwm->hwpwm]; - unsigned int duty, period, pre_div, cnt, duty_cnt; + unsigned int pre_div, cnt, duty_cnt; unsigned long fin_freq; + u64 duty, period; duty = state->duty_cycle; period = state->period; @@ -179,19 +180,19 @@ static int meson_pwm_calc(struct meson_pwm *meson, struct pwm_device *pwm, dev_dbg(meson->chip.dev, "fin_freq: %lu Hz\n", fin_freq); - pre_div = div64_u64(fin_freq * (u64)period, NSEC_PER_SEC * 0xffffLL); + pre_div = div64_u64(fin_freq * period, NSEC_PER_SEC * 0xffffLL); if (pre_div > MISC_CLK_DIV_MASK) { dev_err(meson->chip.dev, "unable to get period pre_div\n"); return -EINVAL; } - cnt = div64_u64(fin_freq * (u64)period, NSEC_PER_SEC * (pre_div + 1)); + cnt = div64_u64(fin_freq * period, NSEC_PER_SEC * (pre_div + 1)); if (cnt > 0xffff) { dev_err(meson->chip.dev, "unable to get period cnt\n"); return -EINVAL; } - dev_dbg(meson->chip.dev, "period=%u pre_div=%u cnt=%u\n", period, + dev_dbg(meson->chip.dev, "period=%llu pre_div=%u cnt=%u\n", period, pre_div, cnt); if (duty == period) { @@ -204,14 +205,13 @@ static int meson_pwm_calc(struct meson_pwm *meson, struct pwm_device *pwm, channel->lo = cnt; } else { /* Then check is we can have the duty with the same pre_div */ - duty_cnt = div64_u64(fin_freq * (u64)duty, - NSEC_PER_SEC * (pre_div + 1)); + duty_cnt = div64_u64(fin_freq * duty, NSEC_PER_SEC * (pre_div + 1)); if (duty_cnt > 0xffff) { dev_err(meson->chip.dev, "unable to get duty cycle\n"); return -EINVAL; } - dev_dbg(meson->chip.dev, "duty=%u pre_div=%u duty_cnt=%u\n", + dev_dbg(meson->chip.dev, "duty=%llu pre_div=%u duty_cnt=%u\n", duty, pre_div, duty_cnt); channel->pre_div = pre_div;

2 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] pwm: meson: fix handling of period/duty if greater than" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 87a2cbf02d7701255f9fcca7e5bd864a7bb397cf # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023072132-basket-kinetic-8fdf@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 87a2cbf02d77 ("pwm: meson: fix handling of period/duty if greater than UINT_MAX") 5f97f18feac9 ("pwm: meson: Simplify duplicated per-channel tracking") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 87a2cbf02d7701255f9fcca7e5bd864a7bb397cf Mon Sep 17 00:00:00 2001 From: Heiner Kallweit <hkallweit1(a)gmail.com> Date: Wed, 24 May 2023 21:48:36 +0200 Subject: [PATCH] pwm: meson: fix handling of period/duty if greater than UINT_MAX MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit state->period/duty are of type u64, and if their value is greater than UINT_MAX, then the cast to uint will cause problems. Fix this by changing the type of the respective local variables to u64. Fixes: b79c3670e120 ("pwm: meson: Don't duplicate the polarity internally") Cc: stable(a)vger.kernel.org Suggested-by: Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> Reviewed-by: Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> Signed-off-by: Heiner Kallweit <hkallweit1(a)gmail.com> Signed-off-by: Thierry Reding <thierry.reding(a)gmail.com> diff --git a/drivers/pwm/pwm-meson.c b/drivers/pwm/pwm-meson.c index 3865538dd2d6..33107204a951 100644 --- a/drivers/pwm/pwm-meson.c +++ b/drivers/pwm/pwm-meson.c @@ -156,8 +156,9 @@ static int meson_pwm_calc(struct meson_pwm *meson, struct pwm_device *pwm, const struct pwm_state *state) { struct meson_pwm_channel *channel = &meson->channels[pwm->hwpwm]; - unsigned int duty, period, pre_div, cnt, duty_cnt; + unsigned int pre_div, cnt, duty_cnt; unsigned long fin_freq; + u64 duty, period; duty = state->duty_cycle; period = state->period; @@ -179,19 +180,19 @@ static int meson_pwm_calc(struct meson_pwm *meson, struct pwm_device *pwm, dev_dbg(meson->chip.dev, "fin_freq: %lu Hz\n", fin_freq); - pre_div = div64_u64(fin_freq * (u64)period, NSEC_PER_SEC * 0xffffLL); + pre_div = div64_u64(fin_freq * period, NSEC_PER_SEC * 0xffffLL); if (pre_div > MISC_CLK_DIV_MASK) { dev_err(meson->chip.dev, "unable to get period pre_div\n"); return -EINVAL; } - cnt = div64_u64(fin_freq * (u64)period, NSEC_PER_SEC * (pre_div + 1)); + cnt = div64_u64(fin_freq * period, NSEC_PER_SEC * (pre_div + 1)); if (cnt > 0xffff) { dev_err(meson->chip.dev, "unable to get period cnt\n"); return -EINVAL; } - dev_dbg(meson->chip.dev, "period=%u pre_div=%u cnt=%u\n", period, + dev_dbg(meson->chip.dev, "period=%llu pre_div=%u cnt=%u\n", period, pre_div, cnt); if (duty == period) { @@ -204,14 +205,13 @@ static int meson_pwm_calc(struct meson_pwm *meson, struct pwm_device *pwm, channel->lo = cnt; } else { /* Then check is we can have the duty with the same pre_div */ - duty_cnt = div64_u64(fin_freq * (u64)duty, - NSEC_PER_SEC * (pre_div + 1)); + duty_cnt = div64_u64(fin_freq * duty, NSEC_PER_SEC * (pre_div + 1)); if (duty_cnt > 0xffff) { dev_err(meson->chip.dev, "unable to get duty cycle\n"); return -EINVAL; } - dev_dbg(meson->chip.dev, "duty=%u pre_div=%u duty_cnt=%u\n", + dev_dbg(meson->chip.dev, "duty=%llu pre_div=%u duty_cnt=%u\n", duty, pre_div, duty_cnt); channel->pre_div = pre_div;

2 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] pwm: meson: fix handling of period/duty if greater than" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 87a2cbf02d7701255f9fcca7e5bd864a7bb397cf # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023072131-widely-ploy-5798@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 87a2cbf02d77 ("pwm: meson: fix handling of period/duty if greater than UINT_MAX") 5f97f18feac9 ("pwm: meson: Simplify duplicated per-channel tracking") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 87a2cbf02d7701255f9fcca7e5bd864a7bb397cf Mon Sep 17 00:00:00 2001 From: Heiner Kallweit <hkallweit1(a)gmail.com> Date: Wed, 24 May 2023 21:48:36 +0200 Subject: [PATCH] pwm: meson: fix handling of period/duty if greater than UINT_MAX MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit state->period/duty are of type u64, and if their value is greater than UINT_MAX, then the cast to uint will cause problems. Fix this by changing the type of the respective local variables to u64. Fixes: b79c3670e120 ("pwm: meson: Don't duplicate the polarity internally") Cc: stable(a)vger.kernel.org Suggested-by: Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> Reviewed-by: Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> Signed-off-by: Heiner Kallweit <hkallweit1(a)gmail.com> Signed-off-by: Thierry Reding <thierry.reding(a)gmail.com> diff --git a/drivers/pwm/pwm-meson.c b/drivers/pwm/pwm-meson.c index 3865538dd2d6..33107204a951 100644 --- a/drivers/pwm/pwm-meson.c +++ b/drivers/pwm/pwm-meson.c @@ -156,8 +156,9 @@ static int meson_pwm_calc(struct meson_pwm *meson, struct pwm_device *pwm, const struct pwm_state *state) { struct meson_pwm_channel *channel = &meson->channels[pwm->hwpwm]; - unsigned int duty, period, pre_div, cnt, duty_cnt; + unsigned int pre_div, cnt, duty_cnt; unsigned long fin_freq; + u64 duty, period; duty = state->duty_cycle; period = state->period; @@ -179,19 +180,19 @@ static int meson_pwm_calc(struct meson_pwm *meson, struct pwm_device *pwm, dev_dbg(meson->chip.dev, "fin_freq: %lu Hz\n", fin_freq); - pre_div = div64_u64(fin_freq * (u64)period, NSEC_PER_SEC * 0xffffLL); + pre_div = div64_u64(fin_freq * period, NSEC_PER_SEC * 0xffffLL); if (pre_div > MISC_CLK_DIV_MASK) { dev_err(meson->chip.dev, "unable to get period pre_div\n"); return -EINVAL; } - cnt = div64_u64(fin_freq * (u64)period, NSEC_PER_SEC * (pre_div + 1)); + cnt = div64_u64(fin_freq * period, NSEC_PER_SEC * (pre_div + 1)); if (cnt > 0xffff) { dev_err(meson->chip.dev, "unable to get period cnt\n"); return -EINVAL; } - dev_dbg(meson->chip.dev, "period=%u pre_div=%u cnt=%u\n", period, + dev_dbg(meson->chip.dev, "period=%llu pre_div=%u cnt=%u\n", period, pre_div, cnt); if (duty == period) { @@ -204,14 +205,13 @@ static int meson_pwm_calc(struct meson_pwm *meson, struct pwm_device *pwm, channel->lo = cnt; } else { /* Then check is we can have the duty with the same pre_div */ - duty_cnt = div64_u64(fin_freq * (u64)duty, - NSEC_PER_SEC * (pre_div + 1)); + duty_cnt = div64_u64(fin_freq * duty, NSEC_PER_SEC * (pre_div + 1)); if (duty_cnt > 0xffff) { dev_err(meson->chip.dev, "unable to get duty cycle\n"); return -EINVAL; } - dev_dbg(meson->chip.dev, "duty=%u pre_div=%u duty_cnt=%u\n", + dev_dbg(meson->chip.dev, "duty=%llu pre_div=%u duty_cnt=%u\n", duty, pre_div, duty_cnt); channel->pre_div = pre_div;

2 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] pwm: meson: modify and simplify calculation in" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 6b9352f3f8a1a35faf0efc1ad1807ee303467796 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023072120-spectrum-handyman-51b8@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 6b9352f3f8a1 ("pwm: meson: modify and simplify calculation in meson_pwm_get_state") 6c452cff79f8 ("pwm: Make .get_state() callback return an error code") 8eca6b0a647a ("Merge tag 'pwm/for-5.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/thierry.reding/linux-pwm") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6b9352f3f8a1a35faf0efc1ad1807ee303467796 Mon Sep 17 00:00:00 2001 From: Heiner Kallweit <hkallweit1(a)gmail.com> Date: Wed, 24 May 2023 21:47:43 +0200 Subject: [PATCH] pwm: meson: modify and simplify calculation in meson_pwm_get_state MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit I don't see a reason why we should treat the case lo < hi differently and return 0 as period and duty_cycle. The current logic was added with c375bcbaabdb ("pwm: meson: Read the full hardware state in meson_pwm_get_state()"), Martin as original author doesn't remember why it was implemented this way back then. So let's handle it as normal use case and also remove the optimization for lo == 0. I think the improved readability is worth it. Fixes: c375bcbaabdb ("pwm: meson: Read the full hardware state in meson_pwm_get_state()") Reviewed-by: Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> Reviewed-by: Dmitry Rokosov <ddrokosov(a)sberdevices.ru> Acked-by: Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> Cc: stable(a)vger.kernel.org Signed-off-by: Heiner Kallweit <hkallweit1(a)gmail.com> Signed-off-by: Thierry Reding <thierry.reding(a)gmail.com> diff --git a/drivers/pwm/pwm-meson.c b/drivers/pwm/pwm-meson.c index 5732300eb004..3865538dd2d6 100644 --- a/drivers/pwm/pwm-meson.c +++ b/drivers/pwm/pwm-meson.c @@ -351,18 +351,8 @@ static int meson_pwm_get_state(struct pwm_chip *chip, struct pwm_device *pwm, channel->lo = FIELD_GET(PWM_LOW_MASK, value); channel->hi = FIELD_GET(PWM_HIGH_MASK, value); - if (channel->lo == 0) { - state->period = meson_pwm_cnt_to_ns(chip, pwm, channel->hi); - state->duty_cycle = state->period; - } else if (channel->lo >= channel->hi) { - state->period = meson_pwm_cnt_to_ns(chip, pwm, - channel->lo + channel->hi); - state->duty_cycle = meson_pwm_cnt_to_ns(chip, pwm, - channel->hi); - } else { - state->period = 0; - state->duty_cycle = 0; - } + state->period = meson_pwm_cnt_to_ns(chip, pwm, channel->lo + channel->hi); + state->duty_cycle = meson_pwm_cnt_to_ns(chip, pwm, channel->hi); state->polarity = PWM_POLARITY_NORMAL;

2 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] pwm: meson: modify and simplify calculation in" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 6b9352f3f8a1a35faf0efc1ad1807ee303467796 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023072119-angling-cryptic-51ea@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 6b9352f3f8a1 ("pwm: meson: modify and simplify calculation in meson_pwm_get_state") 6c452cff79f8 ("pwm: Make .get_state() callback return an error code") 8eca6b0a647a ("Merge tag 'pwm/for-5.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/thierry.reding/linux-pwm") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6b9352f3f8a1a35faf0efc1ad1807ee303467796 Mon Sep 17 00:00:00 2001 From: Heiner Kallweit <hkallweit1(a)gmail.com> Date: Wed, 24 May 2023 21:47:43 +0200 Subject: [PATCH] pwm: meson: modify and simplify calculation in meson_pwm_get_state MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit I don't see a reason why we should treat the case lo < hi differently and return 0 as period and duty_cycle. The current logic was added with c375bcbaabdb ("pwm: meson: Read the full hardware state in meson_pwm_get_state()"), Martin as original author doesn't remember why it was implemented this way back then. So let's handle it as normal use case and also remove the optimization for lo == 0. I think the improved readability is worth it. Fixes: c375bcbaabdb ("pwm: meson: Read the full hardware state in meson_pwm_get_state()") Reviewed-by: Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> Reviewed-by: Dmitry Rokosov <ddrokosov(a)sberdevices.ru> Acked-by: Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> Cc: stable(a)vger.kernel.org Signed-off-by: Heiner Kallweit <hkallweit1(a)gmail.com> Signed-off-by: Thierry Reding <thierry.reding(a)gmail.com> diff --git a/drivers/pwm/pwm-meson.c b/drivers/pwm/pwm-meson.c index 5732300eb004..3865538dd2d6 100644 --- a/drivers/pwm/pwm-meson.c +++ b/drivers/pwm/pwm-meson.c @@ -351,18 +351,8 @@ static int meson_pwm_get_state(struct pwm_chip *chip, struct pwm_device *pwm, channel->lo = FIELD_GET(PWM_LOW_MASK, value); channel->hi = FIELD_GET(PWM_HIGH_MASK, value); - if (channel->lo == 0) { - state->period = meson_pwm_cnt_to_ns(chip, pwm, channel->hi); - state->duty_cycle = state->period; - } else if (channel->lo >= channel->hi) { - state->period = meson_pwm_cnt_to_ns(chip, pwm, - channel->lo + channel->hi); - state->duty_cycle = meson_pwm_cnt_to_ns(chip, pwm, - channel->hi); - } else { - state->period = 0; - state->duty_cycle = 0; - } + state->period = meson_pwm_cnt_to_ns(chip, pwm, channel->lo + channel->hi); + state->duty_cycle = meson_pwm_cnt_to_ns(chip, pwm, channel->hi); state->polarity = PWM_POLARITY_NORMAL;

2 years, 3 months

1
0
0 0

FAILED: patch "[PATCH] pwm: meson: modify and simplify calculation in" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 6b9352f3f8a1a35faf0efc1ad1807ee303467796 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023072118-blah-tripod-7878@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 6b9352f3f8a1 ("pwm: meson: modify and simplify calculation in meson_pwm_get_state") 6c452cff79f8 ("pwm: Make .get_state() callback return an error code") 8eca6b0a647a ("Merge tag 'pwm/for-5.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/thierry.reding/linux-pwm") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6b9352f3f8a1a35faf0efc1ad1807ee303467796 Mon Sep 17 00:00:00 2001 From: Heiner Kallweit <hkallweit1(a)gmail.com> Date: Wed, 24 May 2023 21:47:43 +0200 Subject: [PATCH] pwm: meson: modify and simplify calculation in meson_pwm_get_state MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit I don't see a reason why we should treat the case lo < hi differently and return 0 as period and duty_cycle. The current logic was added with c375bcbaabdb ("pwm: meson: Read the full hardware state in meson_pwm_get_state()"), Martin as original author doesn't remember why it was implemented this way back then. So let's handle it as normal use case and also remove the optimization for lo == 0. I think the improved readability is worth it. Fixes: c375bcbaabdb ("pwm: meson: Read the full hardware state in meson_pwm_get_state()") Reviewed-by: Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> Reviewed-by: Dmitry Rokosov <ddrokosov(a)sberdevices.ru> Acked-by: Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> Cc: stable(a)vger.kernel.org Signed-off-by: Heiner Kallweit <hkallweit1(a)gmail.com> Signed-off-by: Thierry Reding <thierry.reding(a)gmail.com> diff --git a/drivers/pwm/pwm-meson.c b/drivers/pwm/pwm-meson.c index 5732300eb004..3865538dd2d6 100644 --- a/drivers/pwm/pwm-meson.c +++ b/drivers/pwm/pwm-meson.c @@ -351,18 +351,8 @@ static int meson_pwm_get_state(struct pwm_chip *chip, struct pwm_device *pwm, channel->lo = FIELD_GET(PWM_LOW_MASK, value); channel->hi = FIELD_GET(PWM_HIGH_MASK, value); - if (channel->lo == 0) { - state->period = meson_pwm_cnt_to_ns(chip, pwm, channel->hi); - state->duty_cycle = state->period; - } else if (channel->lo >= channel->hi) { - state->period = meson_pwm_cnt_to_ns(chip, pwm, - channel->lo + channel->hi); - state->duty_cycle = meson_pwm_cnt_to_ns(chip, pwm, - channel->hi); - } else { - state->period = 0; - state->duty_cycle = 0; - } + state->period = meson_pwm_cnt_to_ns(chip, pwm, channel->lo + channel->hi); + state->duty_cycle = meson_pwm_cnt_to_ns(chip, pwm, channel->hi); state->polarity = PWM_POLARITY_NORMAL;

2 years, 3 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror