- Linux-stable-mirror - lists.linaro.org

[PATCH v1 1/1] x86/fred/signal: Prevent single-step upon ERETU completion

by Xin Li (Intel)

From: Xin Li <xin(a)zytor.com> Clear the software event flag in the augmented SS to prevent infinite SIGTRAP handler loop if TF is used without an external debugger. Following is a typical single-stepping flow for a user process: 1) The user process is prepared for single-stepping by setting RFLAGS.TF = 1. 2) When any instruction in user space completes, a #DB is triggered. 3) The kernel handles the #DB and returns to user space, invoking the SIGTRAP handler with RFLAGS.TF = 0. 4) After the SIGTRAP handler finishes, the user process performs a sigreturn syscall, restoring the original state, including RFLAGS.TF = 1. 5) Goto step 2. According to the FRED specification: A) Bit 17 in the augmented SS is designated as the software event flag, which is set to 1 for FRED event delivery of SYSCALL, SYSENTER, or INT n. B) If bit 17 of the augmented SS is 1 and ERETU would result in RFLAGS.TF = 1, a single-step trap will be pending upon completion of ERETU. In step 4) above, the software event flag is set upon the sigreturn syscall, and its corresponding ERETU would restore RFLAGS.TF = 1. This combination causes a pending single-step trap upon completion of ERETU. Therefore, another #DB is triggered before any user space instruction is executed, which leads to an infinite loop in which the SIGTRAP handler keeps being invoked on the same user space IP. Suggested-by: H. Peter Anvin (Intel) <hpa(a)zytor.com> Signed-off-by: Xin Li (Intel) <xin(a)zytor.com> Cc: stable(a)vger.kernel.org --- arch/x86/include/asm/sighandling.h | 20 ++++++++++++++++++++ arch/x86/kernel/signal_32.c | 4 ++++ arch/x86/kernel/signal_64.c | 4 ++++ 3 files changed, 28 insertions(+) diff --git a/arch/x86/include/asm/sighandling.h b/arch/x86/include/asm/sighandling.h index e770c4fc47f4..ecb0411fe88c 100644 --- a/arch/x86/include/asm/sighandling.h +++ b/arch/x86/include/asm/sighandling.h @@ -24,4 +24,24 @@ int ia32_setup_rt_frame(struct ksignal *ksig, struct pt_regs *regs); int x64_setup_rt_frame(struct ksignal *ksig, struct pt_regs *regs); int x32_setup_rt_frame(struct ksignal *ksig, struct pt_regs *regs); +/* + * To prevent infinite SIGTRAP handler loop if TF is used without an external + * debugger, clear the software event flag in the augmented SS, ensuring no + * single-step trap is pending upon ERETU completion. + * + * Note, this function should be called in sigreturn() before the original state + * is restored to make sure the TF is read from the entry frame. + */ +static __always_inline void prevent_single_step_upon_eretu(struct pt_regs *regs) +{ + /* + * If the trap flag (TF) is set, i.e., the sigreturn() SYSCALL instruction + * is being single-stepped, do not clear the software event flag in the + * augmented SS, thus a debugger won't skip over the following instruction. + */ + if (IS_ENABLED(CONFIG_X86_FRED) && cpu_feature_enabled(X86_FEATURE_FRED) && + !(regs->flags & X86_EFLAGS_TF)) + regs->fred_ss.swevent = 0; +} + #endif /* _ASM_X86_SIGHANDLING_H */ diff --git a/arch/x86/kernel/signal_32.c b/arch/x86/kernel/signal_32.c index 98123ff10506..42bbc42bd350 100644 --- a/arch/x86/kernel/signal_32.c +++ b/arch/x86/kernel/signal_32.c @@ -152,6 +152,8 @@ SYSCALL32_DEFINE0(sigreturn) struct sigframe_ia32 __user *frame = (struct sigframe_ia32 __user *)(regs->sp-8); sigset_t set; + prevent_single_step_upon_eretu(regs); + if (!access_ok(frame, sizeof(*frame))) goto badframe; if (__get_user(set.sig[0], &frame->sc.oldmask) @@ -175,6 +177,8 @@ SYSCALL32_DEFINE0(rt_sigreturn) struct rt_sigframe_ia32 __user *frame; sigset_t set; + prevent_single_step_upon_eretu(regs); + frame = (struct rt_sigframe_ia32 __user *)(regs->sp - 4); if (!access_ok(frame, sizeof(*frame))) diff --git a/arch/x86/kernel/signal_64.c b/arch/x86/kernel/signal_64.c index ee9453891901..d483b585c6c6 100644 --- a/arch/x86/kernel/signal_64.c +++ b/arch/x86/kernel/signal_64.c @@ -250,6 +250,8 @@ SYSCALL_DEFINE0(rt_sigreturn) sigset_t set; unsigned long uc_flags; + prevent_single_step_upon_eretu(regs); + frame = (struct rt_sigframe __user *)(regs->sp - sizeof(long)); if (!access_ok(frame, sizeof(*frame))) goto badframe; @@ -366,6 +368,8 @@ COMPAT_SYSCALL_DEFINE0(x32_rt_sigreturn) sigset_t set; unsigned long uc_flags; + prevent_single_step_upon_eretu(regs); + frame = (struct rt_sigframe_x32 __user *)(regs->sp - 8); if (!access_ok(frame, sizeof(*frame))) base-commit: 6a7c3c2606105a41dde81002c0037420bc1ddf00 -- 2.49.0

4 months

6
8
0 0

[PATCH v3 1/1] x86/fred/signal: Prevent single-step upon ERETU completion

by Xin Li (Intel)

From: Xin Li <xin(a)zytor.com> Clear the software event flag in the augmented SS to prevent infinite SIGTRAP handler loop if TF is used without an external debugger. Following is a typical single-stepping flow for a user process: 1) The user process is prepared for single-stepping by setting RFLAGS.TF = 1. 2) When any instruction in user space completes, a #DB is triggered. 3) The kernel handles the #DB and returns to user space, invoking the SIGTRAP handler with RFLAGS.TF = 0. 4) After the SIGTRAP handler finishes, the user process performs a sigreturn syscall, restoring the original state, including RFLAGS.TF = 1. 5) Goto step 2. According to the FRED specification: A) Bit 17 in the augmented SS is designated as the software event flag, which is set to 1 for FRED event delivery of SYSCALL, SYSENTER, or INT n. B) If bit 17 of the augmented SS is 1 and ERETU would result in RFLAGS.TF = 1, a single-step trap will be pending upon completion of ERETU. In step 4) above, the software event flag is set upon the sigreturn syscall, and its corresponding ERETU would restore RFLAGS.TF = 1. This combination causes a pending single-step trap upon completion of ERETU. Therefore, another #DB is triggered before any user space instruction is executed, which leads to an infinite loop in which the SIGTRAP handler keeps being invoked on the same user space IP. Suggested-by: H. Peter Anvin (Intel) <hpa(a)zytor.com> Signed-off-by: Xin Li (Intel) <xin(a)zytor.com> Cc: stable(a)vger.kernel.org --- Change in v3: *) Use "#ifdef CONFIG_X86_FRED" instead of IS_ENABLED(CONFIG_X86_FRED) (Intel LKP). Change in v2: *) Remove the check cpu_feature_enabled(X86_FEATURE_FRED), because regs->fred_ss.swevent will always be 0 otherwise (H. Peter Anvin). --- arch/x86/include/asm/sighandling.h | 21 +++++++++++++++++++++ arch/x86/kernel/signal_32.c | 4 ++++ arch/x86/kernel/signal_64.c | 4 ++++ 3 files changed, 29 insertions(+) diff --git a/arch/x86/include/asm/sighandling.h b/arch/x86/include/asm/sighandling.h index e770c4fc47f4..530eecc371fc 100644 --- a/arch/x86/include/asm/sighandling.h +++ b/arch/x86/include/asm/sighandling.h @@ -24,4 +24,25 @@ int ia32_setup_rt_frame(struct ksignal *ksig, struct pt_regs *regs); int x64_setup_rt_frame(struct ksignal *ksig, struct pt_regs *regs); int x32_setup_rt_frame(struct ksignal *ksig, struct pt_regs *regs); +/* + * To prevent infinite SIGTRAP handler loop if TF is used without an external + * debugger, clear the software event flag in the augmented SS, ensuring no + * single-step trap is pending upon ERETU completion. + * + * Note, this function should be called in sigreturn() before the original state + * is restored to make sure the TF is read from the entry frame. + */ +static __always_inline void prevent_single_step_upon_eretu(struct pt_regs *regs) +{ + /* + * If the trap flag (TF) is set, i.e., the sigreturn() SYSCALL instruction + * is being single-stepped, do not clear the software event flag in the + * augmented SS, thus a debugger won't skip over the following instruction. + */ +#ifdef CONFIG_X86_FRED + if (!(regs->flags & X86_EFLAGS_TF)) + regs->fred_ss.swevent = 0; +#endif +} + #endif /* _ASM_X86_SIGHANDLING_H */ diff --git a/arch/x86/kernel/signal_32.c b/arch/x86/kernel/signal_32.c index 98123ff10506..42bbc42bd350 100644 --- a/arch/x86/kernel/signal_32.c +++ b/arch/x86/kernel/signal_32.c @@ -152,6 +152,8 @@ SYSCALL32_DEFINE0(sigreturn) struct sigframe_ia32 __user *frame = (struct sigframe_ia32 __user *)(regs->sp-8); sigset_t set; + prevent_single_step_upon_eretu(regs); + if (!access_ok(frame, sizeof(*frame))) goto badframe; if (__get_user(set.sig[0], &frame->sc.oldmask) @@ -175,6 +177,8 @@ SYSCALL32_DEFINE0(rt_sigreturn) struct rt_sigframe_ia32 __user *frame; sigset_t set; + prevent_single_step_upon_eretu(regs); + frame = (struct rt_sigframe_ia32 __user *)(regs->sp - 4); if (!access_ok(frame, sizeof(*frame))) diff --git a/arch/x86/kernel/signal_64.c b/arch/x86/kernel/signal_64.c index ee9453891901..d483b585c6c6 100644 --- a/arch/x86/kernel/signal_64.c +++ b/arch/x86/kernel/signal_64.c @@ -250,6 +250,8 @@ SYSCALL_DEFINE0(rt_sigreturn) sigset_t set; unsigned long uc_flags; + prevent_single_step_upon_eretu(regs); + frame = (struct rt_sigframe __user *)(regs->sp - sizeof(long)); if (!access_ok(frame, sizeof(*frame))) goto badframe; @@ -366,6 +368,8 @@ COMPAT_SYSCALL_DEFINE0(x32_rt_sigreturn) sigset_t set; unsigned long uc_flags; + prevent_single_step_upon_eretu(regs); + frame = (struct rt_sigframe_x32 __user *)(regs->sp - 8); if (!access_ok(frame, sizeof(*frame))) base-commit: 6a7c3c2606105a41dde81002c0037420bc1ddf00 -- 2.49.0

4 months

1
0
0 0

Re: Patch "btrfs: allow buffered write to avoid full page read if it's block aligned" has been added to the 6.14-stable tree

by Qu Wenruo

在 2025/5/23 06:35, Sasha Levin 写道: > This is a note to let you know that I've just added the patch titled > > btrfs: allow buffered write to avoid full page read if it's block aligned > > to the 6.14-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > btrfs-allow-buffered-write-to-avoid-full-page-read-i.patch > and it can be found in the queue-6.14 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. Please drop this patch from all stable branches. Although this patch mentions a failure in fstests, it acts more like an optimization for btrfs. Furthermore it relies quite some patches that may not be in stable kernels. Without all the dependency, this can lead to data corruption. Please drop this one from all stable kernels. Thanks, Qu > > > > commit de0860d610aaaee77a8c5c713c41fea584ac83b3 > Author: Qu Wenruo <wqu(a)suse.com> > Date: Wed Oct 30 17:04:02 2024 +1030 > > btrfs: allow buffered write to avoid full page read if it's block aligned > > [ Upstream commit 0d31ca6584f21821c708752d379871b9fce2dc48 ] > > [BUG] > Since the support of block size (sector size) < page size for btrfs, > test case generic/563 fails with 4K block size and 64K page size: > > --- tests/generic/563.out 2024-04-25 18:13:45.178550333 +0930 > +++ /home/adam/xfstests-dev/results//generic/563.out.bad 2024-09-30 09:09:16.155312379 +0930 > @@ -3,7 +3,8 @@ > read is in range > write is in range > write -> read/write > -read is in range > +read has value of 8388608 > +read is NOT in range -33792 .. 33792 > write is in range > ... > > [CAUSE] > The test case creates a 8MiB file, then does buffered write into the 8MiB > using 4K block size, to overwrite the whole file. > > On 4K page sized systems, since the write range covers the full block and > page, btrfs will not bother reading the page, just like what XFS and EXT4 > do. > > But on 64K page sized systems, although the 4K sized write is still block > aligned, it's not page aligned anymore, thus btrfs will read the full > page, which will be accounted by cgroup and fail the test. > > As the test case itself expects such 4K block aligned write should not > trigger any read. > > Such expected behavior is an optimization to reduce folio reads when > possible, and unfortunately btrfs does not implement such optimization. > > [FIX] > To skip the full page read, we need to do the following modification: > > - Do not trigger full page read as long as the buffered write is block > aligned > This is pretty simple by modifying the check inside > prepare_uptodate_page(). > > - Skip already uptodate blocks during full page read > Or we can lead to the following data corruption: > > 0 32K 64K > |///////| | > > Where the file range [0, 32K) is dirtied by buffered write, the > remaining range [32K, 64K) is not. > > When reading the full page, since [0,32K) is only dirtied but not > written back, there is no data extent map for it, but a hole covering > [0, 64k). > > If we continue reading the full page range [0, 64K), the dirtied range > will be filled with 0 (since there is only a hole covering the whole > range). > This causes the dirtied range to get lost. > > With this optimization, btrfs can pass generic/563 even if the page size > is larger than fs block size. > > Reviewed-by: Filipe Manana <fdmanana(a)suse.com> > Signed-off-by: Qu Wenruo <wqu(a)suse.com> > Signed-off-by: David Sterba <dsterba(a)suse.com> > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c > index 06922529f19dc..13b5359ea1b77 100644 > --- a/fs/btrfs/extent_io.c > +++ b/fs/btrfs/extent_io.c > @@ -974,6 +974,10 @@ static int btrfs_do_readpage(struct folio *folio, struct extent_map **em_cached, > end_folio_read(folio, true, cur, iosize); > break; > } > + if (btrfs_folio_test_uptodate(fs_info, folio, cur, blocksize)) { > + end_folio_read(folio, true, cur, blocksize); > + continue; > + } > em = get_extent_map(BTRFS_I(inode), folio, cur, end - cur + 1, em_cached); > if (IS_ERR(em)) { > end_folio_read(folio, false, cur, end + 1 - cur); > diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c > index cd4e40a719186..61ad1a79e5698 100644 > --- a/fs/btrfs/file.c > +++ b/fs/btrfs/file.c > @@ -804,14 +804,15 @@ static int prepare_uptodate_folio(struct inode *inode, struct folio *folio, u64 > { > u64 clamp_start = max_t(u64, pos, folio_pos(folio)); > u64 clamp_end = min_t(u64, pos + len, folio_pos(folio) + folio_size(folio)); > + const u32 blocksize = inode_to_fs_info(inode)->sectorsize; > int ret = 0; > > if (folio_test_uptodate(folio)) > return 0; > > if (!force_uptodate && > - IS_ALIGNED(clamp_start, PAGE_SIZE) && > - IS_ALIGNED(clamp_end, PAGE_SIZE)) > + IS_ALIGNED(clamp_start, blocksize) && > + IS_ALIGNED(clamp_end, blocksize)) > return 0; > > ret = btrfs_read_folio(NULL, folio);

4 months

2
1
0 0

[PATCH v4] net/mlx5: Add error handling in mlx5_query_nic_vport_node_guid()

by Wentao Liang

The function mlx5_query_nic_vport_node_guid() calls the function mlx5_query_nic_vport_context() but does not check its return value. A proper implementation can be found in mlx5_nic_vport_query_local_lb(). Add error handling for mlx5_query_nic_vport_context(). If it fails, free the out buffer via kvfree() and return error code. Fixes: 9efa75254593 ("net/mlx5_core: Introduce access functions to query vport RoCE fields") Cc: stable(a)vger.kernel.org # v4.5 Target: net Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- v4: Fix code error. v3: Explicitly mention target branch. Change improper code. v2: Remove redundant reassignment. Fix typo error. drivers/net/ethernet/mellanox/mlx5/core/vport.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/drivers/net/ethernet/mellanox/mlx5/core/vport.c b/drivers/net/ethernet/mellanox/mlx5/core/vport.c index 0d5f750faa45..c34cd9a1a79b 100644 --- a/drivers/net/ethernet/mellanox/mlx5/core/vport.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/vport.c @@ -465,19 +465,22 @@ int mlx5_query_nic_vport_node_guid(struct mlx5_core_dev *mdev, u64 *node_guid) { u32 *out; int outlen = MLX5_ST_SZ_BYTES(query_nic_vport_context_out); + int err; out = kvzalloc(outlen, GFP_KERNEL); if (!out) return -ENOMEM; - mlx5_query_nic_vport_context(mdev, 0, out); + err = mlx5_query_nic_vport_context(mdev, 0, out); + if (err) + goto out; *node_guid = MLX5_GET64(query_nic_vport_context_out, out, nic_vport_context.node_guid); - +out: kvfree(out); - return 0; + return err; } EXPORT_SYMBOL_GPL(mlx5_query_nic_vport_node_guid); -- 2.42.0.windows.2

4 months

2
1
0 0

[PATCH 1/2] block: Make __submit_bio_noacct() preserve the bio submission order

by Bart Van Assche

submit_bio() may be called recursively. To limit the stack depth, recursive calls result in bios being added to a list (current->bio_list). __submit_bio_noacct() sets up that list and maintains two lists with requests: * bio_list_on_stack[0] is the list with bios submitted by recursive submit_bio() calls from inside the latest __submit_bio() call. * bio_list_on_stack[1] is the list with bios submitted by recursive submit_bio() calls from inside previous __submit_bio() calls. Make sure that bios are submitted to lower devices in the order these have been submitted by submit_bio() by adding new bios at the end of the list instead of at the front. This patch fixes unaligned write errors that I encountered with F2FS submitting zoned writes to a dm driver stacked on top of a zoned UFS device. Cc: Christoph Hellwig <hch(a)lst.de> Cc: Damien Le Moal <dlemoal(a)kernel.org> Cc: Yu Kuai <yukuai1(a)huaweicloud.com> Cc: Ming Lei <ming.lei(a)redhat.com> Cc: stable(a)vger.kernel.org Signed-off-by: Bart Van Assche <bvanassche(a)acm.org> --- block/blk-core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/block/blk-core.c b/block/blk-core.c index b862c66018f2..4b728fa1c138 100644 --- a/block/blk-core.c +++ b/block/blk-core.c @@ -704,9 +704,9 @@ static void __submit_bio_noacct(struct bio *bio) /* * Now assemble so we handle the lowest level first. */ + bio_list_on_stack[0] = bio_list_on_stack[1]; bio_list_merge(&bio_list_on_stack[0], &lower); bio_list_merge(&bio_list_on_stack[0], &same); - bio_list_merge(&bio_list_on_stack[0], &bio_list_on_stack[1]); } while ((bio = bio_list_pop(&bio_list_on_stack[0]))); current->bio_list = NULL;

4 months

3
9
0 0

Re: Patch "f2fs: defer readonly check vs norecovery" has been added to the 6.14-stable tree

by Eric Sandeen

On 5/22/25 4:10 PM, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > f2fs: defer readonly check vs norecovery > > to the 6.14-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > f2fs-defer-readonly-check-vs-norecovery.patch > and it can be found in the queue-6.14 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. I already replied to the AUTOSEL email on 5/5 saying that this is not a bug fix and should not be in the stable tree, but here we are. > commit 442e4090bb78d5dce4506a591214ce2447d6ea50 > Author: Eric Sandeen <sandeen(a)redhat.com> > Date: Mon Mar 3 11:12:17 2025 -0600 > > f2fs: defer readonly check vs norecovery > > [ Upstream commit 9cca49875997a1a7e92800a828a62bacb0f577b9 ] > > Defer the readonly-vs-norecovery check until after option parsing is done > so that option parsing does not require an active superblock for the test. > Add a helpful message, while we're at it. > > (I think could be moved back into parsing after we switch to the new mount > API if desired, as the fs context will have RO state available.) > > Signed-off-by: Eric Sandeen <sandeen(a)redhat.com> > Reviewed-by: Chao Yu <chao(a)kernel.org> > Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c > index b8a0e925a4011..d3b04a589b525 100644 > --- a/fs/f2fs/super.c > +++ b/fs/f2fs/super.c > @@ -728,10 +728,8 @@ static int parse_options(struct super_block *sb, char *options, bool is_remount) > set_opt(sbi, DISABLE_ROLL_FORWARD); > break; > case Opt_norecovery: > - /* this option mounts f2fs with ro */ > + /* requires ro mount, checked in f2fs_default_check */ > set_opt(sbi, NORECOVERY); > - if (!f2fs_readonly(sb)) > - return -EINVAL; > break; > case Opt_discard: > if (!f2fs_hw_support_discard(sbi)) { > @@ -1418,6 +1416,12 @@ static int parse_options(struct super_block *sb, char *options, bool is_remount) > f2fs_err(sbi, "Allow to mount readonly mode only"); > return -EROFS; > } > + > + if (test_opt(sbi, NORECOVERY) && !f2fs_readonly(sbi->sb)) { > + f2fs_err(sbi, "norecovery requires readonly mount"); > + return -EINVAL; > + } > + > return 0; > } > >

4 months

1
0
0 0

Re: [PATCH 6.6 005/568] md: fix deadlock between mddev_suspend and flush bio

by Andrew Kanner

> [...] > > Additionally, the only difference between fixing the issue and before is > that there is no return error handling of make_request(). But after > previous patch cleaned md_write_start(), make_requst() only return error > in raid5_make_request() by dm-raid, see commit 41425f96d7aa ("dm-raid456, > md/raid456: fix a deadlock for dm-raid456 while io concurrent with > reshape)". Since dm always splits data and flush operation into two > separate io, io size of flush submitted by dm always is 0, make_request() > will not be called in md_submit_flush_data(). To prevent future > modifications from introducing issues, add WARN_ON to ensure > make_request() no error is returned in this context. > > [...] > @@ -560,8 +552,20 @@ static void md_submit_flush_data(struct work_struct *ws) > bio_endio(bio); > } else { > bio->bi_opf &= ~REQ_PREFLUSH; > - md_handle_request(mddev, bio); > + > + /* > + * make_requst() will never return error here, it only > + * returns error in raid5_make_request() by dm-raid. > + * Since dm always splits data and flush operation into > + * two separate io, io size of flush submitted by dm > + * always is 0, make_request() will not be called here. > + */ > + if (WARN_ON_ONCE(!mddev->pers->make_request(mddev, bio))) > + bio_io_error(bio);; > } Hello, It looks we can hit this WARN_ON_ONCE() after which rootfs is switching to read-only: May 20 15:13:35 hostname kernel: WARNING: CPU: 35 PID: 1517323 at drivers/md/md.c:621 md_submit_flush_data+0x9b/0xe0 ... May 20 15:13:35 hostname kernel: XFS (md125): log I/O error -5 May 20 15:13:35 hostname kernel: XFS (md125): Filesystem has been shut down due to log error (0x2). May 20 15:13:35 hostname kernel: XFS (md125): Please unmount the filesystem and rectify the problem(s). Can you double check if the following regression is actual? Since both stable/linux-6.1.y and stable/linux-6.6.y branches don't have b75197e86e6d ("md: Remove flush handling") there is a minor issue with this backport. Statement "previous patch cleaned md_write_start(), make_requst() only return error in raid5_make_request() by dm-raid" will not work for both branches since 03e792eaf18e ("md: change the return value type of md_write_start to void") was not backported. So we should either backport it, or do error handling, not the WARN_ON_ONCE(). -- Andrew Kanner

4 months

1
0
0 0

Re: Patch "dm vdo vio-pool: allow variable-sized metadata vios" has been added to the 6.12-stable tree

by Matthew Sakai

On 5/22/25 6:31 PM, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > dm vdo vio-pool: allow variable-sized metadata vios > > to the 6.12-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > dm-vdo-vio-pool-allow-variable-sized-metadata-vios.patch > and it can be found in the queue-6.12 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. There is no reason to pull this patch into 6.12 since there are no features in 6.12 that would use it. Matt > > commit ac663217ac4eeab508db348a67511d45ccd9846f > Author: Ken Raeburn <raeburn(a)redhat.com> > Date: Fri Jan 31 21:18:05 2025 -0500 > > dm vdo vio-pool: allow variable-sized metadata vios > > [ Upstream commit f979da512553a41a657f2c1198277e84d66f8ce3 ] > > With larger-sized metadata vio pools, vdo will sometimes need to > issue I/O with a smaller size than the allocated size. Since > vio_reset_bio is where the bvec array and I/O size are initialized, > this reset interface must now specify what I/O size to use. > > Signed-off-by: Ken Raeburn <raeburn(a)redhat.com> > Signed-off-by: Matthew Sakai <msakai(a)redhat.com> > Signed-off-by: Mikulas Patocka <mpatocka(a)redhat.com> > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/drivers/md/dm-vdo/io-submitter.c b/drivers/md/dm-vdo/io-submitter.c > index ab62abe18827b..a664be89c15d7 100644 > --- a/drivers/md/dm-vdo/io-submitter.c > +++ b/drivers/md/dm-vdo/io-submitter.c > @@ -327,6 +327,7 @@ void vdo_submit_data_vio(struct data_vio *data_vio) > * @error_handler: the handler for submission or I/O errors (may be NULL) > * @operation: the type of I/O to perform > * @data: the buffer to read or write (may be NULL) > + * @size: the I/O amount in bytes > * > * The vio is enqueued on a vdo bio queue so that bio submission (which may block) does not block > * other vdo threads. > @@ -338,7 +339,7 @@ void vdo_submit_data_vio(struct data_vio *data_vio) > */ > void __submit_metadata_vio(struct vio *vio, physical_block_number_t physical, > bio_end_io_t callback, vdo_action_fn error_handler, > - blk_opf_t operation, char *data) > + blk_opf_t operation, char *data, int size) > { > int result; > struct vdo_completion *completion = &vio->completion; > @@ -349,7 +350,8 @@ void __submit_metadata_vio(struct vio *vio, physical_block_number_t physical, > > vdo_reset_completion(completion); > completion->error_handler = error_handler; > - result = vio_reset_bio(vio, data, callback, operation | REQ_META, physical); > + result = vio_reset_bio_with_size(vio, data, size, callback, operation | REQ_META, > + physical); > if (result != VDO_SUCCESS) { > continue_vio(vio, result); > return; > diff --git a/drivers/md/dm-vdo/io-submitter.h b/drivers/md/dm-vdo/io-submitter.h > index 80748699496f2..3088f11055fdd 100644 > --- a/drivers/md/dm-vdo/io-submitter.h > +++ b/drivers/md/dm-vdo/io-submitter.h > @@ -8,6 +8,7 @@ > > #include <linux/bio.h> > > +#include "constants.h" > #include "types.h" > > struct io_submitter; > @@ -26,14 +27,25 @@ void vdo_submit_data_vio(struct data_vio *data_vio); > > void __submit_metadata_vio(struct vio *vio, physical_block_number_t physical, > bio_end_io_t callback, vdo_action_fn error_handler, > - blk_opf_t operation, char *data); > + blk_opf_t operation, char *data, int size); > > static inline void vdo_submit_metadata_vio(struct vio *vio, physical_block_number_t physical, > bio_end_io_t callback, vdo_action_fn error_handler, > blk_opf_t operation) > { > __submit_metadata_vio(vio, physical, callback, error_handler, > - operation, vio->data); > + operation, vio->data, vio->block_count * VDO_BLOCK_SIZE); > +} > + > +static inline void vdo_submit_metadata_vio_with_size(struct vio *vio, > + physical_block_number_t physical, > + bio_end_io_t callback, > + vdo_action_fn error_handler, > + blk_opf_t operation, > + int size) > +{ > + __submit_metadata_vio(vio, physical, callback, error_handler, > + operation, vio->data, size); > } > > static inline void vdo_submit_flush_vio(struct vio *vio, bio_end_io_t callback, > @@ -41,7 +53,7 @@ static inline void vdo_submit_flush_vio(struct vio *vio, bio_end_io_t callback, > { > /* FIXME: Can we just use REQ_OP_FLUSH? */ > __submit_metadata_vio(vio, 0, callback, error_handler, > - REQ_OP_WRITE | REQ_PREFLUSH, NULL); > + REQ_OP_WRITE | REQ_PREFLUSH, NULL, 0); > } > > #endif /* VDO_IO_SUBMITTER_H */ > diff --git a/drivers/md/dm-vdo/types.h b/drivers/md/dm-vdo/types.h > index dbe892b10f265..cdf36e7d77021 100644 > --- a/drivers/md/dm-vdo/types.h > +++ b/drivers/md/dm-vdo/types.h > @@ -376,6 +376,9 @@ struct vio { > /* The size of this vio in blocks */ > unsigned int block_count; > > + /* The amount of data to be read or written, in bytes */ > + unsigned int io_size; > + > /* The data being read or written. */ > char *data; > > diff --git a/drivers/md/dm-vdo/vio.c b/drivers/md/dm-vdo/vio.c > index b291578f726f5..7c417c1af4516 100644 > --- a/drivers/md/dm-vdo/vio.c > +++ b/drivers/md/dm-vdo/vio.c > @@ -188,14 +188,23 @@ void vdo_set_bio_properties(struct bio *bio, struct vio *vio, bio_end_io_t callb > > /* > * Prepares the bio to perform IO with the specified buffer. May only be used on a VDO-allocated > - * bio, as it assumes the bio wraps a 4k buffer that is 4k aligned, but there does not have to be a > - * vio associated with the bio. > + * bio, as it assumes the bio wraps a 4k-multiple buffer that is 4k aligned, but there does not > + * have to be a vio associated with the bio. > */ > int vio_reset_bio(struct vio *vio, char *data, bio_end_io_t callback, > blk_opf_t bi_opf, physical_block_number_t pbn) > { > - int bvec_count, offset, len, i; > + return vio_reset_bio_with_size(vio, data, vio->block_count * VDO_BLOCK_SIZE, > + callback, bi_opf, pbn); > +} > + > +int vio_reset_bio_with_size(struct vio *vio, char *data, int size, bio_end_io_t callback, > + blk_opf_t bi_opf, physical_block_number_t pbn) > +{ > + int bvec_count, offset, i; > struct bio *bio = vio->bio; > + int vio_size = vio->block_count * VDO_BLOCK_SIZE; > + int remaining; > > bio_reset(bio, bio->bi_bdev, bi_opf); > vdo_set_bio_properties(bio, vio, callback, bi_opf, pbn); > @@ -204,22 +213,21 @@ int vio_reset_bio(struct vio *vio, char *data, bio_end_io_t callback, > > bio->bi_io_vec = bio->bi_inline_vecs; > bio->bi_max_vecs = vio->block_count + 1; > - len = VDO_BLOCK_SIZE * vio->block_count; > + if (VDO_ASSERT(size <= vio_size, "specified size %d is not greater than allocated %d", > + size, vio_size) != VDO_SUCCESS) > + size = vio_size; > + vio->io_size = size; > offset = offset_in_page(data); > - bvec_count = DIV_ROUND_UP(offset + len, PAGE_SIZE); > + bvec_count = DIV_ROUND_UP(offset + size, PAGE_SIZE); > + remaining = size; > > - /* > - * If we knew that data was always on one page, or contiguous pages, we wouldn't need the > - * loop. But if we're using vmalloc, it's not impossible that the data is in different > - * pages that can't be merged in bio_add_page... > - */ > - for (i = 0; (i < bvec_count) && (len > 0); i++) { > + for (i = 0; (i < bvec_count) && (remaining > 0); i++) { > struct page *page; > int bytes_added; > int bytes = PAGE_SIZE - offset; > > - if (bytes > len) > - bytes = len; > + if (bytes > remaining) > + bytes = remaining; > > page = is_vmalloc_addr(data) ? vmalloc_to_page(data) : virt_to_page(data); > bytes_added = bio_add_page(bio, page, bytes, offset); > @@ -231,7 +239,7 @@ int vio_reset_bio(struct vio *vio, char *data, bio_end_io_t callback, > } > > data += bytes; > - len -= bytes; > + remaining -= bytes; > offset = 0; > } > > diff --git a/drivers/md/dm-vdo/vio.h b/drivers/md/dm-vdo/vio.h > index 3490e9f59b04a..74e8fd7c8c029 100644 > --- a/drivers/md/dm-vdo/vio.h > +++ b/drivers/md/dm-vdo/vio.h > @@ -123,6 +123,8 @@ void vdo_set_bio_properties(struct bio *bio, struct vio *vio, bio_end_io_t callb > > int vio_reset_bio(struct vio *vio, char *data, bio_end_io_t callback, > blk_opf_t bi_opf, physical_block_number_t pbn); > +int vio_reset_bio_with_size(struct vio *vio, char *data, int size, bio_end_io_t callback, > + blk_opf_t bi_opf, physical_block_number_t pbn); > > void update_vio_error_stats(struct vio *vio, const char *format, ...) > __printf(2, 3); >

4 months

1
0
0 0

Re: Patch "btrfs: prevent inline data extents read from touching blocks beyond its range" has been added to the 6.12-stable tree

by Qu Wenruo

在 2025/5/23 07:31, Sasha Levin 写道: > This is a note to let you know that I've just added the patch titled > > btrfs: prevent inline data extents read from touching blocks beyond its range > > to the 6.12-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > btrfs-prevent-inline-data-extents-read-from-touching.patch > and it can be found in the queue-6.12 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. Please drop this one from all stable trees. Although the patch won't cause any behavior change, the main reason for this patch is to prepare for the subpage optimization (and future large folios support). Thanks, Qu > > > > commit 98504dd74a2688ff63dba6bf1d9f8abc7f0b322e > Author: Qu Wenruo <wqu(a)suse.com> > Date: Fri Nov 15 19:15:34 2024 +1030 > > btrfs: prevent inline data extents read from touching blocks beyond its range > > [ Upstream commit 1a5b5668d711d3d1ef447446beab920826decec3 ] > > Currently reading an inline data extent will zero out the remaining > range in the page. > > This is not yet causing problems even for block size < page size > (subpage) cases because: > > 1) An inline data extent always starts at file offset 0 > Meaning at page read, we always read the inline extent first, before > any other blocks in the page. Then later blocks are properly read out > and re-fill the zeroed out ranges. > > 2) Currently btrfs will read out the whole page if a buffered write is > not page aligned > So a page is either fully uptodate at buffered write time (covers the > whole page), or we will read out the whole page first. > Meaning there is nothing to lose for such an inline extent read. > > But it's still not ideal: > > - We're zeroing out the page twice > Once done by read_inline_extent()/uncompress_inline(), once done by > btrfs_do_readpage() for ranges beyond i_size. > > - We're touching blocks that don't belong to the inline extent > In the incoming patches, we can have a partial uptodate folio, of > which some dirty blocks can exist while the page is not fully uptodate: > > The page size is 16K and block size is 4K: > > 0 4K 8K 12K 16K > | | |/////////| | > > And range [8K, 12K) is dirtied by a buffered write, the remaining > blocks are not uptodate. > > If range [0, 4K) contains an inline data extent, and we try to read > the whole page, the current behavior will overwrite range [8K, 12K) > with zero and cause data loss. > > So to make the behavior more consistent and in preparation for future > changes, limit the inline data extents read to only zero out the range > inside the first block, not the whole page. > > Reviewed-by: Filipe Manana <fdmanana(a)suse.com> > Signed-off-by: Qu Wenruo <wqu(a)suse.com> > Signed-off-by: David Sterba <dsterba(a)suse.com> > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c > index 0da2611fb9c85..ee8c18d298758 100644 > --- a/fs/btrfs/inode.c > +++ b/fs/btrfs/inode.c > @@ -6825,6 +6825,7 @@ static noinline int uncompress_inline(struct btrfs_path *path, > { > int ret; > struct extent_buffer *leaf = path->nodes[0]; > + const u32 blocksize = leaf->fs_info->sectorsize; > char *tmp; > size_t max_size; > unsigned long inline_size; > @@ -6841,7 +6842,7 @@ static noinline int uncompress_inline(struct btrfs_path *path, > > read_extent_buffer(leaf, tmp, ptr, inline_size); > > - max_size = min_t(unsigned long, PAGE_SIZE, max_size); > + max_size = min_t(unsigned long, blocksize, max_size); > ret = btrfs_decompress(compress_type, tmp, folio, 0, inline_size, > max_size); > > @@ -6853,8 +6854,8 @@ static noinline int uncompress_inline(struct btrfs_path *path, > * cover that region here. > */ > > - if (max_size < PAGE_SIZE) > - folio_zero_range(folio, max_size, PAGE_SIZE - max_size); > + if (max_size < blocksize) > + folio_zero_range(folio, max_size, blocksize - max_size); > kfree(tmp); > return ret; > } > @@ -6862,6 +6863,7 @@ static noinline int uncompress_inline(struct btrfs_path *path, > static int read_inline_extent(struct btrfs_inode *inode, struct btrfs_path *path, > struct folio *folio) > { > + const u32 blocksize = path->nodes[0]->fs_info->sectorsize; > struct btrfs_file_extent_item *fi; > void *kaddr; > size_t copy_size; > @@ -6876,14 +6878,14 @@ static int read_inline_extent(struct btrfs_inode *inode, struct btrfs_path *path > if (btrfs_file_extent_compression(path->nodes[0], fi) != BTRFS_COMPRESS_NONE) > return uncompress_inline(path, folio, fi); > > - copy_size = min_t(u64, PAGE_SIZE, > + copy_size = min_t(u64, blocksize, > btrfs_file_extent_ram_bytes(path->nodes[0], fi)); > kaddr = kmap_local_folio(folio, 0); > read_extent_buffer(path->nodes[0], kaddr, > btrfs_file_extent_inline_start(fi), copy_size); > kunmap_local(kaddr); > - if (copy_size < PAGE_SIZE) > - folio_zero_range(folio, copy_size, PAGE_SIZE - copy_size); > + if (copy_size < blocksize) > + folio_zero_range(folio, copy_size, blocksize - copy_size); > return 0; > } >

4 months

1
0
0 0

+ mm-hugetlb-fix-kernel-null-pointer-dereference-when-replacing-free-hugetlb-folios.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/hugetlb: fix kernel NULL pointer dereference when replacing free hugetlb folios has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-hugetlb-fix-kernel-null-pointer-dereference-when-replacing-free-hugetlb-folios.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Ge Yang <yangge1116(a)126.com> Subject: mm/hugetlb: fix kernel NULL pointer dereference when replacing free hugetlb folios Date: Thu, 22 May 2025 11:22:17 +0800 A kernel crash was observed when replacing free hugetlb folios: BUG: kernel NULL pointer dereference, address: 0000000000000028 PGD 0 P4D 0 Oops: Oops: 0000 [#1] SMP NOPTI CPU: 28 UID: 0 PID: 29639 Comm: test_cma.sh Tainted 6.15.0-rc6-zp #41 PREEMPT(voluntary) RIP: 0010:alloc_and_dissolve_hugetlb_folio+0x1d/0x1f0 RSP: 0018:ffffc9000b30fa90 EFLAGS: 00010286 RAX: 0000000000000000 RBX: 0000000000342cca RCX: ffffea0043000000 RDX: ffffc9000b30fb08 RSI: ffffea0043000000 RDI: 0000000000000000 RBP: ffffc9000b30fb20 R08: 0000000000001000 R09: 0000000000000000 R10: ffff88886f92eb00 R11: 0000000000000000 R12: ffffea0043000000 R13: 0000000000000000 R14: 00000000010c0200 R15: 0000000000000004 FS: 00007fcda5f14740(0000) GS:ffff8888ec1d8000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000028 CR3: 0000000391402000 CR4: 0000000000350ef0 Call Trace: <TASK> replace_free_hugepage_folios+0xb6/0x100 alloc_contig_range_noprof+0x18a/0x590 ? srso_return_thunk+0x5/0x5f ? down_read+0x12/0xa0 ? srso_return_thunk+0x5/0x5f cma_range_alloc.constprop.0+0x131/0x290 __cma_alloc+0xcf/0x2c0 cma_alloc_write+0x43/0xb0 simple_attr_write_xsigned.constprop.0.isra.0+0xb2/0x110 debugfs_attr_write+0x46/0x70 full_proxy_write+0x62/0xa0 vfs_write+0xf8/0x420 ? srso_return_thunk+0x5/0x5f ? filp_flush+0x86/0xa0 ? srso_return_thunk+0x5/0x5f ? filp_close+0x1f/0x30 ? srso_return_thunk+0x5/0x5f ? do_dup2+0xaf/0x160 ? srso_return_thunk+0x5/0x5f ksys_write+0x65/0xe0 do_syscall_64+0x64/0x170 entry_SYSCALL_64_after_hwframe+0x76/0x7e There is a potential race between __update_and_free_hugetlb_folio() and replace_free_hugepage_folios(): CPU1 CPU2 __update_and_free_hugetlb_folio replace_free_hugepage_folios folio_test_hugetlb(folio) -- It's still hugetlb folio. __folio_clear_hugetlb(folio) hugetlb_free_folio(folio) h = folio_hstate(folio) -- Here, h is NULL pointer When the above race condition occurs, folio_hstate(folio) returns NULL, and subsequent access to this NULL pointer will cause the system to crash. To resolve this issue, execute folio_hstate(folio) under the protection of the hugetlb_lock lock, ensuring that folio_hstate(folio) does not return NULL. Link: https://lkml.kernel.org/r/1747884137-26685-1-git-send-email-yangge1116@126.… Fixes: 04f13d241b8b ("mm: replace free hugepage folios after migration") Signed-off-by: Ge Yang <yangge1116(a)126.com> Reviewed-by: Muchun Song <muchun.song(a)linux.dev> Reviewed-by: Oscar Salvador <osalvador(a)suse.de> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Barry Song <21cnbao(a)gmail.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/hugetlb.c | 8 ++++++++ 1 file changed, 8 insertions(+) --- a/mm/hugetlb.c~mm-hugetlb-fix-kernel-null-pointer-dereference-when-replacing-free-hugetlb-folios +++ a/mm/hugetlb.c @@ -2949,12 +2949,20 @@ int replace_free_hugepage_folios(unsigne while (start_pfn < end_pfn) { folio = pfn_folio(start_pfn); + + /* + * The folio might have been dissolved from under our feet, so make sure + * to carefully check the state under the lock. + */ + spin_lock_irq(&hugetlb_lock); if (folio_test_hugetlb(folio)) { h = folio_hstate(folio); } else { + spin_unlock_irq(&hugetlb_lock); start_pfn++; continue; } + spin_unlock_irq(&hugetlb_lock); if (!folio_ref_count(folio)) { ret = alloc_and_dissolve_hugetlb_folio(h, folio, _ Patches currently in -mm which might be from yangge1116(a)126.com are mm-hugetlb-fix-kernel-null-pointer-dereference-when-replacing-free-hugetlb-folios.patch

4 months

1
0
0 0

Re: Patch "dm vdo vio-pool: allow variable-sized metadata vios" has been added to the 6.14-stable tree

by Matthew Sakai

On 5/22/25 5:44 PM, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > dm vdo vio-pool: allow variable-sized metadata vios > > to the 6.14-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > dm-vdo-vio-pool-allow-variable-sized-metadata-vios.patch > and it can be found in the queue-6.14 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > This patch should probably not get added to 6.14 or any earlier stable tree. It implements an interface for a new feature added in in 6.15, but without backporting that feature, nothing will use the new interface so this patch is unnecessary. Thanks, Matt > > commit 921200c5e2f6a07ad93419d800d6a1a2fbf7abc7 > Author: Ken Raeburn <raeburn(a)redhat.com> > Date: Fri Jan 31 21:18:05 2025 -0500 > > dm vdo vio-pool: allow variable-sized metadata vios > > [ Upstream commit f979da512553a41a657f2c1198277e84d66f8ce3 ] > > With larger-sized metadata vio pools, vdo will sometimes need to > issue I/O with a smaller size than the allocated size. Since > vio_reset_bio is where the bvec array and I/O size are initialized, > this reset interface must now specify what I/O size to use. > > Signed-off-by: Ken Raeburn <raeburn(a)redhat.com> > Signed-off-by: Matthew Sakai <msakai(a)redhat.com> > Signed-off-by: Mikulas Patocka <mpatocka(a)redhat.com> > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/drivers/md/dm-vdo/io-submitter.c b/drivers/md/dm-vdo/io-submitter.c > index 421e5436c32c9..11d47770b54d2 100644 > --- a/drivers/md/dm-vdo/io-submitter.c > +++ b/drivers/md/dm-vdo/io-submitter.c > @@ -327,6 +327,7 @@ void vdo_submit_data_vio(struct data_vio *data_vio) > * @error_handler: the handler for submission or I/O errors (may be NULL) > * @operation: the type of I/O to perform > * @data: the buffer to read or write (may be NULL) > + * @size: the I/O amount in bytes > * > * The vio is enqueued on a vdo bio queue so that bio submission (which may block) does not block > * other vdo threads. > @@ -338,7 +339,7 @@ void vdo_submit_data_vio(struct data_vio *data_vio) > */ > void __submit_metadata_vio(struct vio *vio, physical_block_number_t physical, > bio_end_io_t callback, vdo_action_fn error_handler, > - blk_opf_t operation, char *data) > + blk_opf_t operation, char *data, int size) > { > int result; > struct vdo_completion *completion = &vio->completion; > @@ -349,7 +350,8 @@ void __submit_metadata_vio(struct vio *vio, physical_block_number_t physical, > > vdo_reset_completion(completion); > completion->error_handler = error_handler; > - result = vio_reset_bio(vio, data, callback, operation | REQ_META, physical); > + result = vio_reset_bio_with_size(vio, data, size, callback, operation | REQ_META, > + physical); > if (result != VDO_SUCCESS) { > continue_vio(vio, result); > return; > diff --git a/drivers/md/dm-vdo/io-submitter.h b/drivers/md/dm-vdo/io-submitter.h > index 80748699496f2..3088f11055fdd 100644 > --- a/drivers/md/dm-vdo/io-submitter.h > +++ b/drivers/md/dm-vdo/io-submitter.h > @@ -8,6 +8,7 @@ > > #include <linux/bio.h> > > +#include "constants.h" > #include "types.h" > > struct io_submitter; > @@ -26,14 +27,25 @@ void vdo_submit_data_vio(struct data_vio *data_vio); > > void __submit_metadata_vio(struct vio *vio, physical_block_number_t physical, > bio_end_io_t callback, vdo_action_fn error_handler, > - blk_opf_t operation, char *data); > + blk_opf_t operation, char *data, int size); > > static inline void vdo_submit_metadata_vio(struct vio *vio, physical_block_number_t physical, > bio_end_io_t callback, vdo_action_fn error_handler, > blk_opf_t operation) > { > __submit_metadata_vio(vio, physical, callback, error_handler, > - operation, vio->data); > + operation, vio->data, vio->block_count * VDO_BLOCK_SIZE); > +} > + > +static inline void vdo_submit_metadata_vio_with_size(struct vio *vio, > + physical_block_number_t physical, > + bio_end_io_t callback, > + vdo_action_fn error_handler, > + blk_opf_t operation, > + int size) > +{ > + __submit_metadata_vio(vio, physical, callback, error_handler, > + operation, vio->data, size); > } > > static inline void vdo_submit_flush_vio(struct vio *vio, bio_end_io_t callback, > @@ -41,7 +53,7 @@ static inline void vdo_submit_flush_vio(struct vio *vio, bio_end_io_t callback, > { > /* FIXME: Can we just use REQ_OP_FLUSH? */ > __submit_metadata_vio(vio, 0, callback, error_handler, > - REQ_OP_WRITE | REQ_PREFLUSH, NULL); > + REQ_OP_WRITE | REQ_PREFLUSH, NULL, 0); > } > > #endif /* VDO_IO_SUBMITTER_H */ > diff --git a/drivers/md/dm-vdo/types.h b/drivers/md/dm-vdo/types.h > index dbe892b10f265..cdf36e7d77021 100644 > --- a/drivers/md/dm-vdo/types.h > +++ b/drivers/md/dm-vdo/types.h > @@ -376,6 +376,9 @@ struct vio { > /* The size of this vio in blocks */ > unsigned int block_count; > > + /* The amount of data to be read or written, in bytes */ > + unsigned int io_size; > + > /* The data being read or written. */ > char *data; > > diff --git a/drivers/md/dm-vdo/vio.c b/drivers/md/dm-vdo/vio.c > index e710f3c5a972d..725d87ecf2150 100644 > --- a/drivers/md/dm-vdo/vio.c > +++ b/drivers/md/dm-vdo/vio.c > @@ -188,14 +188,23 @@ void vdo_set_bio_properties(struct bio *bio, struct vio *vio, bio_end_io_t callb > > /* > * Prepares the bio to perform IO with the specified buffer. May only be used on a VDO-allocated > - * bio, as it assumes the bio wraps a 4k buffer that is 4k aligned, but there does not have to be a > - * vio associated with the bio. > + * bio, as it assumes the bio wraps a 4k-multiple buffer that is 4k aligned, but there does not > + * have to be a vio associated with the bio. > */ > int vio_reset_bio(struct vio *vio, char *data, bio_end_io_t callback, > blk_opf_t bi_opf, physical_block_number_t pbn) > { > - int bvec_count, offset, len, i; > + return vio_reset_bio_with_size(vio, data, vio->block_count * VDO_BLOCK_SIZE, > + callback, bi_opf, pbn); > +} > + > +int vio_reset_bio_with_size(struct vio *vio, char *data, int size, bio_end_io_t callback, > + blk_opf_t bi_opf, physical_block_number_t pbn) > +{ > + int bvec_count, offset, i; > struct bio *bio = vio->bio; > + int vio_size = vio->block_count * VDO_BLOCK_SIZE; > + int remaining; > > bio_reset(bio, bio->bi_bdev, bi_opf); > vdo_set_bio_properties(bio, vio, callback, bi_opf, pbn); > @@ -205,22 +214,21 @@ int vio_reset_bio(struct vio *vio, char *data, bio_end_io_t callback, > bio->bi_ioprio = 0; > bio->bi_io_vec = bio->bi_inline_vecs; > bio->bi_max_vecs = vio->block_count + 1; > - len = VDO_BLOCK_SIZE * vio->block_count; > + if (VDO_ASSERT(size <= vio_size, "specified size %d is not greater than allocated %d", > + size, vio_size) != VDO_SUCCESS) > + size = vio_size; > + vio->io_size = size; > offset = offset_in_page(data); > - bvec_count = DIV_ROUND_UP(offset + len, PAGE_SIZE); > + bvec_count = DIV_ROUND_UP(offset + size, PAGE_SIZE); > + remaining = size; > > - /* > - * If we knew that data was always on one page, or contiguous pages, we wouldn't need the > - * loop. But if we're using vmalloc, it's not impossible that the data is in different > - * pages that can't be merged in bio_add_page... > - */ > - for (i = 0; (i < bvec_count) && (len > 0); i++) { > + for (i = 0; (i < bvec_count) && (remaining > 0); i++) { > struct page *page; > int bytes_added; > int bytes = PAGE_SIZE - offset; > > - if (bytes > len) > - bytes = len; > + if (bytes > remaining) > + bytes = remaining; > > page = is_vmalloc_addr(data) ? vmalloc_to_page(data) : virt_to_page(data); > bytes_added = bio_add_page(bio, page, bytes, offset); > @@ -232,7 +240,7 @@ int vio_reset_bio(struct vio *vio, char *data, bio_end_io_t callback, > } > > data += bytes; > - len -= bytes; > + remaining -= bytes; > offset = 0; > } > > diff --git a/drivers/md/dm-vdo/vio.h b/drivers/md/dm-vdo/vio.h > index 3490e9f59b04a..74e8fd7c8c029 100644 > --- a/drivers/md/dm-vdo/vio.h > +++ b/drivers/md/dm-vdo/vio.h > @@ -123,6 +123,8 @@ void vdo_set_bio_properties(struct bio *bio, struct vio *vio, bio_end_io_t callb > > int vio_reset_bio(struct vio *vio, char *data, bio_end_io_t callback, > blk_opf_t bi_opf, physical_block_number_t pbn); > +int vio_reset_bio_with_size(struct vio *vio, char *data, int size, bio_end_io_t callback, > + blk_opf_t bi_opf, physical_block_number_t pbn); > > void update_vio_error_stats(struct vio *vio, const char *format, ...) > __printf(2, 3); >

4 months

1
0
0 0

+ mm-swap-fix-potensial-buffer-overflow-in-setup_clusters.patch added to mm-new branch

by Andrew Morton

The patch titled Subject: mm: swap: fix potensial buffer overflow in setup_clusters() has been added to the -mm mm-new branch. Its filename is mm-swap-fix-potensial-buffer-overflow-in-setup_clusters.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-new branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Note, mm-new is a provisional staging ground for work-in-progress patches, and acceptance into mm-new is a notification for others take notice and to finish up reviews. Please do not hesitate to respond to review feedback and post updated versions to replace or incrementally fixup patches in mm-new. Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Kemeng Shi <shikemeng(a)huaweicloud.com> Subject: mm: swap: fix potensial buffer overflow in setup_clusters() Date: Thu, 22 May 2025 20:25:53 +0800 In setup_swap_map(), we only ensure badpages are in range (0, last_page]. As maxpages might be < last_page, setup_clusters() will encounter a buffer overflow when a badpage is >= maxpages. Only call inc_cluster_info_page() for badpage which is < maxpages to fix the issue. Link: https://lkml.kernel.org/r/20250522122554.12209-4-shikemeng@huaweicloud.com Fixes: b843786b0bd01 ("mm: swapfile: fix SSD detection with swapfile on btrfs") Signed-off-by: Kemeng Shi <shikemeng(a)huaweicloud.com> Cc: <stable(a)vger.kernel.org> Cc: Baoquan He <bhe(a)redhat.com> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Kairui Song <kasong(a)tencent.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/swapfile.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) --- a/mm/swapfile.c~mm-swap-fix-potensial-buffer-overflow-in-setup_clusters +++ a/mm/swapfile.c @@ -3208,9 +3208,13 @@ static struct swap_cluster_info *setup_c * and the EOF part of the last cluster. */ inc_cluster_info_page(si, cluster_info, 0); - for (i = 0; i < swap_header->info.nr_badpages; i++) - inc_cluster_info_page(si, cluster_info, - swap_header->info.badpages[i]); + for (i = 0; i < swap_header->info.nr_badpages; i++) { + unsigned int page_nr = swap_header->info.badpages[i]; + + if (page_nr >= maxpages) + continue; + inc_cluster_info_page(si, cluster_info, page_nr); + } for (i = maxpages; i < round_up(maxpages, SWAPFILE_CLUSTER); i++) inc_cluster_info_page(si, cluster_info, i); _ Patches currently in -mm which might be from shikemeng(a)huaweicloud.com are mm-shmem-avoid-unpaired-folio_unlock-in-shmem_swapin_folio.patch mm-shmem-add-missing-shmem_unacct_size-in-__shmem_file_setup.patch mm-shmem-fix-potential-dead-loop-in-shmem_unuse.patch mm-shmem-only-remove-inode-from-swaplist-when-its-swapped-page-count-is-0.patch mm-shmem-remove-unneeded-xa_is_value-check-in-shmem_unuse_swap_entries.patch mm-swap-move-nr_swap_pages-counter-decrement-from-folio_alloc_swap-to-swap_range_alloc.patch mm-swap-correctly-use-maxpages-in-swapon-syscall-to-avoid-potensial-deadloop.patch mm-swap-fix-potensial-buffer-overflow-in-setup_clusters.patch mm-swap-remove-stale-comment-stale-comment-in-cluster_alloc_swap_entry.patch

4 months

1
0
0 0

+ mm-swap-correctly-use-maxpages-in-swapon-syscall-to-avoid-potensial-deadloop.patch added to mm-new branch

by Andrew Morton

The patch titled Subject: mm: swap: correctly use maxpages in swapon syscall to avoid potensial deadloop has been added to the -mm mm-new branch. Its filename is mm-swap-correctly-use-maxpages-in-swapon-syscall-to-avoid-potensial-deadloop.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-new branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Note, mm-new is a provisional staging ground for work-in-progress patches, and acceptance into mm-new is a notification for others take notice and to finish up reviews. Please do not hesitate to respond to review feedback and post updated versions to replace or incrementally fixup patches in mm-new. Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Kemeng Shi <shikemeng(a)huaweicloud.com> Subject: mm: swap: correctly use maxpages in swapon syscall to avoid potensial deadloop Date: Thu, 22 May 2025 20:25:52 +0800 We use maxpages from read_swap_header() to initialize swap_info_struct, however the maxpages might be reduced in setup_swap_extents() and the si->max is assigned with the reduced maxpages from the setup_swap_extents(). Obviously, this could lead to memory waste as we allocated memory based on larger maxpages, besides, this could lead to a potensial deadloop as following: 1) When calling setup_clusters() with larger maxpages, unavailable pages within range [si->max, larger maxpages) are not accounted with inc_cluster_info_page(). As a result, these pages are assumed available but can not be allocated. The cluster contains these pages can be moved to frag_clusters list after it's all available pages were allocated. 2) When the cluster mentioned in 1) is the only cluster in frag_clusters list, cluster_alloc_swap_entry() assume order 0 allocation will never failed and will enter a deadloop by keep trying to allocate page from the only cluster in frag_clusters which contains no actually available page. Call setup_swap_extents() to get the final maxpages before swap_info_struct initialization to fix the issue. Link: https://lkml.kernel.org/r/20250522122554.12209-3-shikemeng@huaweicloud.com Fixes: 661383c6111a3 ("mm: swap: relaim the cached parts that got scanned") Signed-off-by: Kemeng Shi <shikemeng(a)huaweicloud.com> Cc: <stable(a)vger.kernel.org> Cc: Baoquan He <bhe(a)redhat.com> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Kairui Song <kasong(a)tencent.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/swapfile.c | 47 ++++++++++++++++++++--------------------------- 1 file changed, 20 insertions(+), 27 deletions(-) --- a/mm/swapfile.c~mm-swap-correctly-use-maxpages-in-swapon-syscall-to-avoid-potensial-deadloop +++ a/mm/swapfile.c @@ -3141,43 +3141,30 @@ static unsigned long read_swap_header(st return maxpages; } -static int setup_swap_map_and_extents(struct swap_info_struct *si, - union swap_header *swap_header, - unsigned char *swap_map, - unsigned long maxpages, - sector_t *span) +static int setup_swap_map(struct swap_info_struct *si, + union swap_header *swap_header, + unsigned char *swap_map, + unsigned long maxpages) { - unsigned int nr_good_pages; unsigned long i; - int nr_extents; - - nr_good_pages = maxpages - 1; /* omit header page */ + swap_map[0] = SWAP_MAP_BAD; /* omit header page */ for (i = 0; i < swap_header->info.nr_badpages; i++) { unsigned int page_nr = swap_header->info.badpages[i]; if (page_nr == 0 || page_nr > swap_header->info.last_page) return -EINVAL; if (page_nr < maxpages) { swap_map[page_nr] = SWAP_MAP_BAD; - nr_good_pages--; + si->pages--; } } - if (nr_good_pages) { - swap_map[0] = SWAP_MAP_BAD; - si->max = maxpages; - si->pages = nr_good_pages; - nr_extents = setup_swap_extents(si, span); - if (nr_extents < 0) - return nr_extents; - nr_good_pages = si->pages; - } - if (!nr_good_pages) { + if (!si->pages) { pr_warn("Empty swap-file\n"); return -EINVAL; } - return nr_extents; + return 0; } #define SWAP_CLUSTER_INFO_COLS \ @@ -3217,7 +3204,7 @@ static struct swap_cluster_info *setup_c * Mark unusable pages as unavailable. The clusters aren't * marked free yet, so no list operations are involved yet. * - * See setup_swap_map_and_extents(): header page, bad pages, + * See setup_swap_map(): header page, bad pages, * and the EOF part of the last cluster. */ inc_cluster_info_page(si, cluster_info, 0); @@ -3354,6 +3341,15 @@ SYSCALL_DEFINE2(swapon, const char __use goto bad_swap_unlock_inode; } + si->max = maxpages; + si->pages = maxpages - 1; + nr_extents = setup_swap_extents(si, &span); + if (nr_extents < 0) { + error = nr_extents; + goto bad_swap_unlock_inode; + } + maxpages = si->max; + /* OK, set up the swap map and apply the bad block list */ swap_map = vzalloc(maxpages); if (!swap_map) { @@ -3365,12 +3361,9 @@ SYSCALL_DEFINE2(swapon, const char __use if (error) goto bad_swap_unlock_inode; - nr_extents = setup_swap_map_and_extents(si, swap_header, swap_map, - maxpages, &span); - if (unlikely(nr_extents < 0)) { - error = nr_extents; + error = setup_swap_map(si, swap_header, swap_map, maxpages); + if (error) goto bad_swap_unlock_inode; - } /* * Use kvmalloc_array instead of bitmap_zalloc as the allocation order might _ Patches currently in -mm which might be from shikemeng(a)huaweicloud.com are mm-shmem-avoid-unpaired-folio_unlock-in-shmem_swapin_folio.patch mm-shmem-add-missing-shmem_unacct_size-in-__shmem_file_setup.patch mm-shmem-fix-potential-dead-loop-in-shmem_unuse.patch mm-shmem-only-remove-inode-from-swaplist-when-its-swapped-page-count-is-0.patch mm-shmem-remove-unneeded-xa_is_value-check-in-shmem_unuse_swap_entries.patch mm-swap-move-nr_swap_pages-counter-decrement-from-folio_alloc_swap-to-swap_range_alloc.patch mm-swap-correctly-use-maxpages-in-swapon-syscall-to-avoid-potensial-deadloop.patch mm-swap-fix-potensial-buffer-overflow-in-setup_clusters.patch mm-swap-remove-stale-comment-stale-comment-in-cluster_alloc_swap_entry.patch

4 months

1
0
0 0

+ mm-swap-move-nr_swap_pages-counter-decrement-from-folio_alloc_swap-to-swap_range_alloc.patch added to mm-new branch

by Andrew Morton

The patch titled Subject: mm: swap: move nr_swap_pages counter decrement from folio_alloc_swap() to swap_range_alloc() has been added to the -mm mm-new branch. Its filename is mm-swap-move-nr_swap_pages-counter-decrement-from-folio_alloc_swap-to-swap_range_alloc.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-new branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Note, mm-new is a provisional staging ground for work-in-progress patches, and acceptance into mm-new is a notification for others take notice and to finish up reviews. Please do not hesitate to respond to review feedback and post updated versions to replace or incrementally fixup patches in mm-new. Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Kemeng Shi <shikemeng(a)huaweicloud.com> Subject: mm: swap: move nr_swap_pages counter decrement from folio_alloc_swap() to swap_range_alloc() Date: Thu, 22 May 2025 20:25:51 +0800 Patch series "Some randome fixes and cleanups to swapfile". Patch 0-3 are some random fixes. Patch 4 is a cleanup. More details can be found in respective patches. This patch (of 4): When folio_alloc_swap() encounters a failure in either mem_cgroup_try_charge_swap() or add_to_swap_cache(), nr_swap_pages counter is not decremented for allocated entry. However, the following put_swap_folio() will increase nr_swap_pages counter unpairly and lead to an imbalance. Move nr_swap_pages decrement from folio_alloc_swap() to swap_range_alloc() to pair the nr_swap_pages counting. Link: https://lkml.kernel.org/r/20250522122554.12209-1-shikemeng@huaweicloud.com Link: https://lkml.kernel.org/r/20250522122554.12209-2-shikemeng@huaweicloud.com Fixes: 0ff67f990bd45 ("mm, swap: remove swap slot cache") Signed-off-by: Kemeng Shi <shikemeng(a)huaweicloud.com> Reviewed-by: Kairui Song <kasong(a)tencent.com> Cc: Baoquan He <bhe(a)redhat.com> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/swapfile.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/mm/swapfile.c~mm-swap-move-nr_swap_pages-counter-decrement-from-folio_alloc_swap-to-swap_range_alloc +++ a/mm/swapfile.c @@ -1115,6 +1115,7 @@ static void swap_range_alloc(struct swap if (vm_swap_full()) schedule_work(&si->reclaim_work); } + atomic_long_sub(nr_entries, &nr_swap_pages); } static void swap_range_free(struct swap_info_struct *si, unsigned long offset, @@ -1313,7 +1314,6 @@ int folio_alloc_swap(struct folio *folio if (add_to_swap_cache(folio, entry, gfp | __GFP_NOMEMALLOC, NULL)) goto out_free; - atomic_long_sub(size, &nr_swap_pages); return 0; out_free: _ Patches currently in -mm which might be from shikemeng(a)huaweicloud.com are mm-shmem-avoid-unpaired-folio_unlock-in-shmem_swapin_folio.patch mm-shmem-add-missing-shmem_unacct_size-in-__shmem_file_setup.patch mm-shmem-fix-potential-dead-loop-in-shmem_unuse.patch mm-shmem-only-remove-inode-from-swaplist-when-its-swapped-page-count-is-0.patch mm-shmem-remove-unneeded-xa_is_value-check-in-shmem_unuse_swap_entries.patch mm-swap-move-nr_swap_pages-counter-decrement-from-folio_alloc_swap-to-swap_range_alloc.patch mm-swap-correctly-use-maxpages-in-swapon-syscall-to-avoid-potensial-deadloop.patch mm-swap-fix-potensial-buffer-overflow-in-setup_clusters.patch mm-swap-remove-stale-comment-stale-comment-in-cluster_alloc_swap_entry.patch

4 months

1
0
0 0

Re: Patch "btrfs: prevent inline data extents read from touching blocks beyond its range" has been added to the 6.14-stable tree

by Qu Wenruo

在 2025/5/23 06:35, Sasha Levin 写道: > This is a note to let you know that I've just added the patch titled > > btrfs: prevent inline data extents read from touching blocks beyond its range > > to the 6.14-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > btrfs-prevent-inline-data-extents-read-from-touching.patch > and it can be found in the queue-6.14 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. Please drop this patch. This is again a preparation patch for larger folios support of btrfs, and the optimization to dirty a block without reading the full page. This patch alone doesn't cause any difference for older kernels and should not be backported. Thanks, Qu > > > > commit 6a2d904623a8d1711b6b5065845d52cb3f2be60a > Author: Qu Wenruo <wqu(a)suse.com> > Date: Fri Nov 15 19:15:34 2024 +1030 > > btrfs: prevent inline data extents read from touching blocks beyond its range > > [ Upstream commit 1a5b5668d711d3d1ef447446beab920826decec3 ] > > Currently reading an inline data extent will zero out the remaining > range in the page. > > This is not yet causing problems even for block size < page size > (subpage) cases because: > > 1) An inline data extent always starts at file offset 0 > Meaning at page read, we always read the inline extent first, before > any other blocks in the page. Then later blocks are properly read out > and re-fill the zeroed out ranges. > > 2) Currently btrfs will read out the whole page if a buffered write is > not page aligned > So a page is either fully uptodate at buffered write time (covers the > whole page), or we will read out the whole page first. > Meaning there is nothing to lose for such an inline extent read. > > But it's still not ideal: > > - We're zeroing out the page twice > Once done by read_inline_extent()/uncompress_inline(), once done by > btrfs_do_readpage() for ranges beyond i_size. > > - We're touching blocks that don't belong to the inline extent > In the incoming patches, we can have a partial uptodate folio, of > which some dirty blocks can exist while the page is not fully uptodate: > > The page size is 16K and block size is 4K: > > 0 4K 8K 12K 16K > | | |/////////| | > > And range [8K, 12K) is dirtied by a buffered write, the remaining > blocks are not uptodate. > > If range [0, 4K) contains an inline data extent, and we try to read > the whole page, the current behavior will overwrite range [8K, 12K) > with zero and cause data loss. > > So to make the behavior more consistent and in preparation for future > changes, limit the inline data extents read to only zero out the range > inside the first block, not the whole page. > > Reviewed-by: Filipe Manana <fdmanana(a)suse.com> > Signed-off-by: Qu Wenruo <wqu(a)suse.com> > Signed-off-by: David Sterba <dsterba(a)suse.com> > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c > index 9a648fb130230..a7136311a13c6 100644 > --- a/fs/btrfs/inode.c > +++ b/fs/btrfs/inode.c > @@ -6779,6 +6779,7 @@ static noinline int uncompress_inline(struct btrfs_path *path, > { > int ret; > struct extent_buffer *leaf = path->nodes[0]; > + const u32 blocksize = leaf->fs_info->sectorsize; > char *tmp; > size_t max_size; > unsigned long inline_size; > @@ -6795,7 +6796,7 @@ static noinline int uncompress_inline(struct btrfs_path *path, > > read_extent_buffer(leaf, tmp, ptr, inline_size); > > - max_size = min_t(unsigned long, PAGE_SIZE, max_size); > + max_size = min_t(unsigned long, blocksize, max_size); > ret = btrfs_decompress(compress_type, tmp, folio, 0, inline_size, > max_size); > > @@ -6807,14 +6808,15 @@ static noinline int uncompress_inline(struct btrfs_path *path, > * cover that region here. > */ > > - if (max_size < PAGE_SIZE) > - folio_zero_range(folio, max_size, PAGE_SIZE - max_size); > + if (max_size < blocksize) > + folio_zero_range(folio, max_size, blocksize - max_size); > kfree(tmp); > return ret; > } > > static int read_inline_extent(struct btrfs_path *path, struct folio *folio) > { > + const u32 blocksize = path->nodes[0]->fs_info->sectorsize; > struct btrfs_file_extent_item *fi; > void *kaddr; > size_t copy_size; > @@ -6829,14 +6831,14 @@ static int read_inline_extent(struct btrfs_path *path, struct folio *folio) > if (btrfs_file_extent_compression(path->nodes[0], fi) != BTRFS_COMPRESS_NONE) > return uncompress_inline(path, folio, fi); > > - copy_size = min_t(u64, PAGE_SIZE, > + copy_size = min_t(u64, blocksize, > btrfs_file_extent_ram_bytes(path->nodes[0], fi)); > kaddr = kmap_local_folio(folio, 0); > read_extent_buffer(path->nodes[0], kaddr, > btrfs_file_extent_inline_start(fi), copy_size); > kunmap_local(kaddr); > - if (copy_size < PAGE_SIZE) > - folio_zero_range(folio, copy_size, PAGE_SIZE - copy_size); > + if (copy_size < blocksize) > + folio_zero_range(folio, copy_size, blocksize - copy_size); > return 0; > } >

4 months

1
0
0 0

Re: Patch "btrfs: properly limit inline data extent according to block size" has been added to the 6.14-stable tree

by Qu Wenruo

在 2025/5/23 06:35, Sasha Levin 写道: > This is a note to let you know that I've just added the patch titled > > btrfs: properly limit inline data extent according to block size > > to the 6.14-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > btrfs-properly-limit-inline-data-extent-according-to.patch > and it can be found in the queue-6.14 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. Please drop this patch. This is mostly for the incoming large folios support for btrfs. For older kernels this patch will not cause any behavior change. Thanks, Qu> > > > commit ec02842137bdccb74ed331a1b0a335ee22eb179c > Author: Qu Wenruo <wqu(a)suse.com> > Date: Tue Feb 25 14:30:44 2025 +1030 > > btrfs: properly limit inline data extent according to block size > > [ Upstream commit 23019d3e6617a8ec99a8d2f5947aa3dd8a74a1b8 ] > > Btrfs utilizes inline data extent for the following cases: > > - Regular small files > - Symlinks > > And "btrfs check" detects any file extents that are too large as an > error. > > It's not a problem for 4K block size, but for the incoming smaller > block sizes (2K), it can cause problems due to bad limits: > > - Non-compressed inline data extents > We do not allow a non-compressed inline data extent to be as large as > block size. > > - Symlinks > Currently the only real limit on symlinks are 4K, which can be larger > than 2K block size. > > These will result btrfs-check to report too large file extents. > > Fix it by adding proper size checks for the above cases. > > Signed-off-by: Qu Wenruo <wqu(a)suse.com> > Reviewed-by: David Sterba <dsterba(a)suse.com> > Signed-off-by: David Sterba <dsterba(a)suse.com> > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c > index a06fca7934d55..9a648fb130230 100644 > --- a/fs/btrfs/inode.c > +++ b/fs/btrfs/inode.c > @@ -583,6 +583,10 @@ static bool can_cow_file_range_inline(struct btrfs_inode *inode, > if (size > fs_info->sectorsize) > return false; > > + /* We do not allow a non-compressed extent to be as large as block size. */ > + if (data_len >= fs_info->sectorsize) > + return false; > + > /* We cannot exceed the maximum inline data size. */ > if (data_len > BTRFS_MAX_INLINE_DATA_SIZE(fs_info)) > return false; > @@ -8671,7 +8675,12 @@ static int btrfs_symlink(struct mnt_idmap *idmap, struct inode *dir, > struct extent_buffer *leaf; > > name_len = strlen(symname); > - if (name_len > BTRFS_MAX_INLINE_DATA_SIZE(fs_info)) > + /* > + * Symlinks utilize uncompressed inline extent data, which should not > + * reach block size. > + */ > + if (name_len > BTRFS_MAX_INLINE_DATA_SIZE(fs_info) || > + name_len >= fs_info->sectorsize) > return -ENAMETOOLONG; > > inode = new_inode(dir->i_sb);

4 months

1
0
0 0

[PATCH v1] Revert "usb: xhci: Implement xhci_handshake_check_state() helper"

by Roy Luo

This reverts commit 6ccb83d6c4972ebe6ae49de5eba051de3638362c. Commit 6ccb83d6c497 ("usb: xhci: Implement xhci_handshake_check_state() helper") was introduced to workaround watchdog timeout issues on some platforms, allowing xhci_reset() to bail out early without waiting for the reset to complete. Skipping the xhci handshake during a reset is a dangerous move. The xhci specification explicitly states that certain registers cannot be accessed during reset in section 5.4.1 USB Command Register (USBCMD), Host Controller Reset (HCRST) field: "This bit is cleared to '0' by the Host Controller when the reset process is complete. Software cannot terminate the reset process early by writinga '0' to this bit and shall not write any xHC Operational or Runtime registers until while HCRST is '1'." This behavior causes a regression on SNPS DWC3 USB controller with dual-role capability. When the DWC3 controller exits host mode and removes xhci while a reset is still in progress, and then tries to configure its hardware for device mode, the ongoing reset leads to register access issues; specifically, all register reads returns 0. These issues extend beyond the xhci register space (which is expected during a reset) and affect the entire DWC3 IP block, causing the DWC3 device mode to malfunction. Cc: stable(a)vger.kernel.org Fixes: 6ccb83d6c497 ("usb: xhci: Implement xhci_handshake_check_state() helper") Signed-off-by: Roy Luo <royluo(a)google.com> --- Changes in v1: - Link to previous patchset: https://lore.kernel.org/r/20250515185227.1507363-1-royluo@google.com/ --- drivers/usb/host/xhci-ring.c | 5 ++--- drivers/usb/host/xhci.c | 26 +------------------------- drivers/usb/host/xhci.h | 2 -- 3 files changed, 3 insertions(+), 30 deletions(-) diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c index 423bf3649570..b720e04ce7d8 100644 --- a/drivers/usb/host/xhci-ring.c +++ b/drivers/usb/host/xhci-ring.c @@ -518,9 +518,8 @@ static int xhci_abort_cmd_ring(struct xhci_hcd *xhci, unsigned long flags) * In the future we should distinguish between -ENODEV and -ETIMEDOUT * and try to recover a -ETIMEDOUT with a host controller reset. */ - ret = xhci_handshake_check_state(xhci, &xhci->op_regs->cmd_ring, - CMD_RING_RUNNING, 0, 5 * 1000 * 1000, - XHCI_STATE_REMOVING); + ret = xhci_handshake(&xhci->op_regs->cmd_ring, + CMD_RING_RUNNING, 0, 5 * 1000 * 1000); if (ret < 0) { xhci_err(xhci, "Abort failed to stop command ring: %d\n", ret); xhci_halt(xhci); diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c index 90eb491267b5..472c4b6ae59e 100644 --- a/drivers/usb/host/xhci.c +++ b/drivers/usb/host/xhci.c @@ -83,29 +83,6 @@ int xhci_handshake(void __iomem *ptr, u32 mask, u32 done, u64 timeout_us) return ret; } -/* - * xhci_handshake_check_state - same as xhci_handshake but takes an additional - * exit_state parameter, and bails out with an error immediately when xhc_state - * has exit_state flag set. - */ -int xhci_handshake_check_state(struct xhci_hcd *xhci, void __iomem *ptr, - u32 mask, u32 done, int usec, unsigned int exit_state) -{ - u32 result; - int ret; - - ret = readl_poll_timeout_atomic(ptr, result, - (result & mask) == done || - result == U32_MAX || - xhci->xhc_state & exit_state, - 1, usec); - - if (result == U32_MAX || xhci->xhc_state & exit_state) - return -ENODEV; - - return ret; -} - /* * Disable interrupts and begin the xHCI halting process. */ @@ -226,8 +203,7 @@ int xhci_reset(struct xhci_hcd *xhci, u64 timeout_us) if (xhci->quirks & XHCI_INTEL_HOST) udelay(1000); - ret = xhci_handshake_check_state(xhci, &xhci->op_regs->command, - CMD_RESET, 0, timeout_us, XHCI_STATE_REMOVING); + ret = xhci_handshake(&xhci->op_regs->command, CMD_RESET, 0, timeout_us); if (ret) return ret; diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h index 242ab9fbc8ae..5e698561b96d 100644 --- a/drivers/usb/host/xhci.h +++ b/drivers/usb/host/xhci.h @@ -1855,8 +1855,6 @@ void xhci_remove_secondary_interrupter(struct usb_hcd /* xHCI host controller glue */ typedef void (*xhci_get_quirks_t)(struct device *, struct xhci_hcd *); int xhci_handshake(void __iomem *ptr, u32 mask, u32 done, u64 timeout_us); -int xhci_handshake_check_state(struct xhci_hcd *xhci, void __iomem *ptr, - u32 mask, u32 done, int usec, unsigned int exit_state); void xhci_quiesce(struct xhci_hcd *xhci); int xhci_halt(struct xhci_hcd *xhci); int xhci_start(struct xhci_hcd *xhci); base-commit: 172a9d94339cea832d89630b89d314e41d622bd8 -- 2.49.0.1112.g889b7c5bd8-goog

4 months

5
8
0 0

[PATCH v1 2/2] Revert "usb: xhci: Implement xhci_handshake_check_state() helper"

by Roy Luo

This reverts commit 6ccb83d6c4972ebe6ae49de5eba051de3638362c. Commit 6ccb83d6c497 ("usb: xhci: Implement xhci_handshake_check_state() helper") was introduced to workaround watchdog timeout issues on some platforms, allowing xhci_reset() to bail out early without waiting for the reset to complete. Skipping the xhci handshake during a reset is a dangerous move. The xhci specification explicitly states that certain registers cannot be accessed during reset in section 5.4.1 USB Command Register (USBCMD), Host Controller Reset (HCRST) field: "This bit is cleared to '0' by the Host Controller when the reset process is complete. Software cannot terminate the reset process early by writinga '0' to this bit and shall not write any xHC Operational or Runtime registers until while HCRST is '1'." This behavior causes a regression on SNPS DWC3 USB controller with dual-role capability. When the DWC3 controller exits host mode and removes xhci while a reset is still in progress, and then tries to configure its hardware for device mode, the ongoing reset leads to register access issues; specifically, all register reads returns 0. These issues extend beyond the xhci register space (which is expected during a reset) and affect the entire DWC3 IP block, causing the DWC3 device mode to malfunction. Cc: stable(a)vger.kernel.org Fixes: 6ccb83d6c497 ("usb: xhci: Implement xhci_handshake_check_state() helper") Signed-off-by: Roy Luo <royluo(a)google.com> --- drivers/usb/host/xhci-ring.c | 5 ++--- drivers/usb/host/xhci.c | 26 +------------------------- drivers/usb/host/xhci.h | 2 -- 3 files changed, 3 insertions(+), 30 deletions(-) diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c index 423bf3649570..b720e04ce7d8 100644 --- a/drivers/usb/host/xhci-ring.c +++ b/drivers/usb/host/xhci-ring.c @@ -518,9 +518,8 @@ static int xhci_abort_cmd_ring(struct xhci_hcd *xhci, unsigned long flags) * In the future we should distinguish between -ENODEV and -ETIMEDOUT * and try to recover a -ETIMEDOUT with a host controller reset. */ - ret = xhci_handshake_check_state(xhci, &xhci->op_regs->cmd_ring, - CMD_RING_RUNNING, 0, 5 * 1000 * 1000, - XHCI_STATE_REMOVING); + ret = xhci_handshake(&xhci->op_regs->cmd_ring, + CMD_RING_RUNNING, 0, 5 * 1000 * 1000); if (ret < 0) { xhci_err(xhci, "Abort failed to stop command ring: %d\n", ret); xhci_halt(xhci); diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c index 244b12eafd95..cb9f35acb1f9 100644 --- a/drivers/usb/host/xhci.c +++ b/drivers/usb/host/xhci.c @@ -83,29 +83,6 @@ int xhci_handshake(void __iomem *ptr, u32 mask, u32 done, u64 timeout_us) return ret; } -/* - * xhci_handshake_check_state - same as xhci_handshake but takes an additional - * exit_state parameter, and bails out with an error immediately when xhc_state - * has exit_state flag set. - */ -int xhci_handshake_check_state(struct xhci_hcd *xhci, void __iomem *ptr, - u32 mask, u32 done, int usec, unsigned int exit_state) -{ - u32 result; - int ret; - - ret = readl_poll_timeout_atomic(ptr, result, - (result & mask) == done || - result == U32_MAX || - xhci->xhc_state & exit_state, - 1, usec); - - if (result == U32_MAX || xhci->xhc_state & exit_state) - return -ENODEV; - - return ret; -} - /* * Disable interrupts and begin the xHCI halting process. */ @@ -226,8 +203,7 @@ int xhci_reset(struct xhci_hcd *xhci, u64 timeout_us) if (xhci->quirks & XHCI_INTEL_HOST) udelay(1000); - ret = xhci_handshake_check_state(xhci, &xhci->op_regs->command, - CMD_RESET, 0, timeout_us, XHCI_STATE_REMOVING); + ret = xhci_handshake(&xhci->op_regs->command, CMD_RESET, 0, timeout_us); if (ret) return ret; diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h index 242ab9fbc8ae..5e698561b96d 100644 --- a/drivers/usb/host/xhci.h +++ b/drivers/usb/host/xhci.h @@ -1855,8 +1855,6 @@ void xhci_remove_secondary_interrupter(struct usb_hcd /* xHCI host controller glue */ typedef void (*xhci_get_quirks_t)(struct device *, struct xhci_hcd *); int xhci_handshake(void __iomem *ptr, u32 mask, u32 done, u64 timeout_us); -int xhci_handshake_check_state(struct xhci_hcd *xhci, void __iomem *ptr, - u32 mask, u32 done, int usec, unsigned int exit_state); void xhci_quiesce(struct xhci_hcd *xhci); int xhci_halt(struct xhci_hcd *xhci); int xhci_start(struct xhci_hcd *xhci); -- 2.49.0.1204.g71687c7c1d-goog

4 months

1
0
0 0

[PATCH v3] net/mlx5: Add error handling in mlx5_query_nic_vport_node_guid()

by Wentao Liang

The function mlx5_query_nic_vport_node_guid() calls the function mlx5_query_nic_vport_context() but does not check its return value. A proper implementation can be found in mlx5_nic_vport_query_local_lb(). Add error handling for mlx5_query_nic_vport_context(). If it fails, free the out buffer via kvfree() and return error code. Fixes: 9efa75254593 ("net/mlx5_core: Introduce access functions to query vport RoCE fields") Cc: stable(a)vger.kernel.org # v4.5 Target: net Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- v3: Explicitly mention target branch. Change improper code. v2: Remove redundant reassignment. Fix typo error. drivers/net/ethernet/mellanox/mlx5/core/vport.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/drivers/net/ethernet/mellanox/mlx5/core/vport.c b/drivers/net/ethernet/mellanox/mlx5/core/vport.c index 0d5f750faa45..66e44905c1f0 100644 --- a/drivers/net/ethernet/mellanox/mlx5/core/vport.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/vport.c @@ -465,19 +465,22 @@ int mlx5_query_nic_vport_node_guid(struct mlx5_core_dev *mdev, u64 *node_guid) { u32 *out; int outlen = MLX5_ST_SZ_BYTES(query_nic_vport_context_out); + int err; out = kvzalloc(outlen, GFP_KERNEL); if (!out) return -ENOMEM; - mlx5_query_nic_vport_context(mdev, 0, out); + ret = mlx5_query_nic_vport_context(mdev, 0, out); + if (err) + goto out; *node_guid = MLX5_GET64(query_nic_vport_context_out, out, nic_vport_context.node_guid); - +out: kvfree(out); - return 0; + return err; } EXPORT_SYMBOL_GPL(mlx5_query_nic_vport_node_guid); -- 2.42.0.windows.2

4 months

3
2
0 0

[PATCH] remoteproc: mediatek: Add SCP watchdog handler in IRQ processing

by Wentao Liang

In mt8195_scp_c1_irq_handler(), only the IPC interrupt bit (MT8192_SCP_IPC_INT_BIT) was checked., but does not handle when this bit is not set. This could lead to unhandled watchdog events. This could lead to unhandled watchdog events. A proper implementation can be found in mt8183_scp_irq_handler(). Add a new branch to handle SCP watchdog events when the IPC interrupt bit is not set. Fixes: 6a1c9aaf04eb ("remoteproc: mediatek: Add MT8195 SCP core 1 operations") Cc: stable(a)vger.kernel.org # v6.7 Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- drivers/remoteproc/mtk_scp.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/remoteproc/mtk_scp.c b/drivers/remoteproc/mtk_scp.c index 0f4a7065d0bd..316e8c98a503 100644 --- a/drivers/remoteproc/mtk_scp.c +++ b/drivers/remoteproc/mtk_scp.c @@ -273,6 +273,8 @@ static void mt8195_scp_c1_irq_handler(struct mtk_scp *scp) if (scp_to_host & MT8192_SCP_IPC_INT_BIT) scp_ipi_handler(scp); + else + scp_wdt_handler(scp, scp_to_host); writel(scp_to_host, scp->cluster->reg_base + MT8195_SSHUB2APMCU_IPC_CLR); } -- 2.42.0.windows.2

4 months

3
2
0 0

[PATCH v6 6/7] media: mt9m114: Fix deadlock in get_frame_interval/set_frame_interval

by Mathis Foerst

Getting / Setting the frame interval using the V4L2 subdev pad ops get_frame_interval/set_frame_interval causes a deadlock, as the subdev state is locked in the [1] but also in the driver itself. In [2] it's described that the caller is responsible to acquire and release the lock in this case. Therefore, acquiring the lock in the driver is wrong. Remove the lock acquisitions/releases from mt9m114_ifp_get_frame_interval() and mt9m114_ifp_set_frame_interval(). [1] drivers/media/v4l2-core/v4l2-subdev.c - line 1129 [2] Documentation/driver-api/media/v4l2-subdev.rst Fixes: 24d756e914fc ("media: i2c: Add driver for onsemi MT9M114 camera sensor") Cc: stable(a)vger.kernel.org Signed-off-by: Mathis Foerst <mathis.foerst(a)mt.com> Reviewed-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> --- drivers/media/i2c/mt9m114.c | 8 -------- 1 file changed, 8 deletions(-) diff --git a/drivers/media/i2c/mt9m114.c b/drivers/media/i2c/mt9m114.c index e909c1227e51..9ff46c72dbc1 100644 --- a/drivers/media/i2c/mt9m114.c +++ b/drivers/media/i2c/mt9m114.c @@ -1652,13 +1652,9 @@ static int mt9m114_ifp_get_frame_interval(struct v4l2_subdev *sd, if (interval->which != V4L2_SUBDEV_FORMAT_ACTIVE) return -EINVAL; - mutex_lock(sensor->ifp.hdl.lock); - ival->numerator = 1; ival->denominator = sensor->ifp.frame_rate; - mutex_unlock(sensor->ifp.hdl.lock); - return 0; } @@ -1677,8 +1673,6 @@ static int mt9m114_ifp_set_frame_interval(struct v4l2_subdev *sd, if (interval->which != V4L2_SUBDEV_FORMAT_ACTIVE) return -EINVAL; - mutex_lock(sensor->ifp.hdl.lock); - if (ival->numerator != 0 && ival->denominator != 0) sensor->ifp.frame_rate = min_t(unsigned int, ival->denominator / ival->numerator, @@ -1692,8 +1686,6 @@ static int mt9m114_ifp_set_frame_interval(struct v4l2_subdev *sd, if (sensor->streaming) ret = mt9m114_set_frame_rate(sensor); - mutex_unlock(sensor->ifp.hdl.lock); - return ret; } -- 2.34.1

4 months

1
0
0 0

[PATCH v5 6/7] media: mt9m114: Fix deadlock in get_frame_interval/set_frame_interval

by Mathis Foerst

Getting / Setting the frame interval using the V4L2 subdev pad ops get_frame_interval/set_frame_interval causes a deadlock, as the subdev state is locked in the [1] but also in the driver itself. In [2] it's described that the caller is responsible to acquire and release the lock in this case. Therefore, acquiring the lock in the driver is wrong. Remove the lock acquisitions/releases from mt9m114_ifp_get_frame_interval() and mt9m114_ifp_set_frame_interval(). [1] drivers/media/v4l2-core/v4l2-subdev.c - line 1129 [2] Documentation/driver-api/media/v4l2-subdev.rst Fixes: 24d756e914fc ("media: i2c: Add driver for onsemi MT9M114 camera sensor") Cc: stable(a)vger.kernel.org Signed-off-by: Mathis Foerst <mathis.foerst(a)mt.com> --- drivers/media/i2c/mt9m114.c | 8 -------- 1 file changed, 8 deletions(-) diff --git a/drivers/media/i2c/mt9m114.c b/drivers/media/i2c/mt9m114.c index e909c1227e51..9ff46c72dbc1 100644 --- a/drivers/media/i2c/mt9m114.c +++ b/drivers/media/i2c/mt9m114.c @@ -1652,13 +1652,9 @@ static int mt9m114_ifp_get_frame_interval(struct v4l2_subdev *sd, if (interval->which != V4L2_SUBDEV_FORMAT_ACTIVE) return -EINVAL; - mutex_lock(sensor->ifp.hdl.lock); - ival->numerator = 1; ival->denominator = sensor->ifp.frame_rate; - mutex_unlock(sensor->ifp.hdl.lock); - return 0; } @@ -1677,8 +1673,6 @@ static int mt9m114_ifp_set_frame_interval(struct v4l2_subdev *sd, if (interval->which != V4L2_SUBDEV_FORMAT_ACTIVE) return -EINVAL; - mutex_lock(sensor->ifp.hdl.lock); - if (ival->numerator != 0 && ival->denominator != 0) sensor->ifp.frame_rate = min_t(unsigned int, ival->denominator / ival->numerator, @@ -1692,8 +1686,6 @@ static int mt9m114_ifp_set_frame_interval(struct v4l2_subdev *sd, if (sensor->streaming) ret = mt9m114_set_frame_rate(sensor); - mutex_unlock(sensor->ifp.hdl.lock); - return ret; } -- 2.34.1

4 months

1
0
0 0

patch "iio: adc: ti-ads1298: Kconfig: add kfifo dependency to fix module" added to char-misc-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: adc: ti-ads1298: Kconfig: add kfifo dependency to fix module to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. From 3c5dfea39a245b2dad869db24e2830aa299b1cf2 Mon Sep 17 00:00:00 2001 From: Arthur-Prince <r2.arthur.prince(a)gmail.com> Date: Wed, 30 Apr 2025 16:07:37 -0300 Subject: iio: adc: ti-ads1298: Kconfig: add kfifo dependency to fix module build MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add dependency to Kconfig’s ti-ads1298 because compiling it as a module failed with an undefined kfifo symbol. Fixes: 00ef7708fa60 ("iio: adc: ti-ads1298: Add driver") Signed-off-by: Arthur-Prince <r2.arthur.prince(a)gmail.com> Co-developed-by: Mariana Valério <mariana.valerio2(a)hotmail.com> Signed-off-by: Mariana Valério <mariana.valerio2(a)hotmail.com> Link: https://patch.msgid.link/20250430191131.120831-1-r2.arthur.prince@gmail.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/adc/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/iio/adc/Kconfig b/drivers/iio/adc/Kconfig index ad06cf556785..0fe6601e59ed 100644 --- a/drivers/iio/adc/Kconfig +++ b/drivers/iio/adc/Kconfig @@ -1562,6 +1562,7 @@ config TI_ADS1298 tristate "Texas Instruments ADS1298" depends on SPI select IIO_BUFFER + select IIO_KFIFO_BUF help If you say yes here you get support for Texas Instruments ADS1298 medical ADC chips -- 2.49.0

4 months

1
0
0 0

patch "iio: adc: ti-ads1298: Kconfig: add kfifo dependency to fix module" added to char-misc-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: adc: ti-ads1298: Kconfig: add kfifo dependency to fix module to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the char-misc-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. From 3c5dfea39a245b2dad869db24e2830aa299b1cf2 Mon Sep 17 00:00:00 2001 From: Arthur-Prince <r2.arthur.prince(a)gmail.com> Date: Wed, 30 Apr 2025 16:07:37 -0300 Subject: iio: adc: ti-ads1298: Kconfig: add kfifo dependency to fix module build MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add dependency to Kconfig’s ti-ads1298 because compiling it as a module failed with an undefined kfifo symbol. Fixes: 00ef7708fa60 ("iio: adc: ti-ads1298: Add driver") Signed-off-by: Arthur-Prince <r2.arthur.prince(a)gmail.com> Co-developed-by: Mariana Valério <mariana.valerio2(a)hotmail.com> Signed-off-by: Mariana Valério <mariana.valerio2(a)hotmail.com> Link: https://patch.msgid.link/20250430191131.120831-1-r2.arthur.prince@gmail.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/adc/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/iio/adc/Kconfig b/drivers/iio/adc/Kconfig index ad06cf556785..0fe6601e59ed 100644 --- a/drivers/iio/adc/Kconfig +++ b/drivers/iio/adc/Kconfig @@ -1562,6 +1562,7 @@ config TI_ADS1298 tristate "Texas Instruments ADS1298" depends on SPI select IIO_BUFFER + select IIO_KFIFO_BUF help If you say yes here you get support for Texas Instruments ADS1298 medical ADC chips -- 2.49.0

4 months

1
0
0 0

Linux 6.14.8

by Greg Kroah-Hartman

I'm announcing the release of the 6.14.8 kernel. All users of the 6.14 kernel series must upgrade. The updated 6.14.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.14.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/netlink/specs/tc.yaml | 10 MAINTAINERS | 6 Makefile | 3 arch/arm64/boot/dts/amlogic/meson-g12b-dreambox.dtsi | 4 arch/arm64/boot/dts/freescale/imx8mp-var-som.dtsi | 12 arch/arm64/boot/dts/rockchip/rk3576-armsom-sige5.dts | 2 arch/arm64/boot/dts/rockchip/rk3588-friendlyelec-cm3588.dtsi | 4 arch/arm64/boot/dts/rockchip/rk3588-turing-rk1.dtsi | 2 arch/arm64/boot/dts/rockchip/rk3588j.dtsi | 53 -- arch/loongarch/include/asm/ptrace.h | 2 arch/loongarch/include/asm/uprobes.h | 1 arch/loongarch/kernel/genex.S | 7 arch/loongarch/kernel/kfpu.c | 22 arch/loongarch/kernel/time.c | 2 arch/loongarch/kernel/uprobes.c | 11 arch/loongarch/power/hibernate.c | 3 arch/riscv/boot/dts/sophgo/cv18xx.dtsi | 2 arch/x86/coco/sev/core.c | 255 +++++++---- arch/x86/include/asm/amd_nb.h | 1 arch/x86/include/asm/amd_node.h | 13 arch/x86/kernel/amd_nb.c | 1 arch/x86/kernel/amd_node.c | 9 block/bio.c | 2 drivers/accel/ivpu/ivpu_drv.c | 39 - drivers/accel/ivpu/ivpu_drv.h | 5 drivers/accel/ivpu/ivpu_hw.c | 5 drivers/accel/ivpu/ivpu_hw.h | 9 drivers/accel/ivpu/ivpu_hw_btrs.c | 3 drivers/accel/ivpu/ivpu_ipc.c | 7 drivers/accel/ivpu/ivpu_ipc.h | 2 drivers/accel/ivpu/ivpu_job.c | 15 drivers/accel/ivpu/ivpu_job.h | 2 drivers/accel/ivpu/ivpu_mmu.c | 109 +++- drivers/accel/ivpu/ivpu_mmu.h | 2 drivers/accel/ivpu/ivpu_mmu_context.c | 13 drivers/accel/ivpu/ivpu_mmu_context.h | 2 drivers/accel/ivpu/ivpu_pm.c | 3 drivers/accel/ivpu/ivpu_pm.h | 2 drivers/acpi/pptt.c | 11 drivers/block/ublk_drv.c | 2 drivers/char/tpm/tpm2-sessions.c | 20 drivers/char/tpm/tpm_tis_core.h | 2 drivers/dma-buf/dma-resv.c | 5 drivers/dma/dmatest.c | 6 drivers/dma/idxd/init.c | 159 ++++-- drivers/dma/ti/k3-udma.c | 10 drivers/gpio/gpio-pca953x.c | 6 drivers/gpu/drm/amd/amdgpu/amdgpu_csa.c | 2 drivers/gpu/drm/amd/amdgpu/gmc_v11_0.c | 12 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 3 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 16 drivers/gpu/drm/amd/display/dc/dpp/dcn401/dcn401_dpp_cm.c | 5 drivers/gpu/drm/amd/display/dc/hwss/dcn401/dcn401_hwseq.c | 6 drivers/gpu/drm/meson/meson_encoder_hdmi.c | 4 drivers/gpu/drm/tiny/panel-mipi-dbi.c | 5 drivers/gpu/drm/xe/instructions/xe_mi_commands.h | 4 drivers/gpu/drm/xe/xe_gsc.c | 22 drivers/gpu/drm/xe/xe_gsc.h | 1 drivers/gpu/drm/xe/xe_gsc_proxy.c | 11 drivers/gpu/drm/xe/xe_gsc_proxy.h | 1 drivers/gpu/drm/xe/xe_gt.c | 2 drivers/gpu/drm/xe/xe_lrc.c | 2 drivers/gpu/drm/xe/xe_ring_ops.c | 7 drivers/gpu/drm/xe/xe_uc.c | 8 drivers/gpu/drm/xe/xe_uc.h | 1 drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_init.c | 7 drivers/hid/bpf/hid_bpf_dispatch.c | 9 drivers/hid/hid-thrustmaster.c | 1 drivers/hid/hid-uclogic-core.c | 7 drivers/hv/channel.c | 65 -- drivers/i2c/busses/i2c-designware-pcidrv.c | 4 drivers/iio/adc/ad7606.c | 154 +++++- drivers/iio/adc/ad7606.h | 37 + drivers/iio/adc/ad7606_spi.c | 137 ----- drivers/infiniband/core/device.c | 6 drivers/infiniband/sw/rxe/rxe_cq.c | 5 drivers/net/dsa/b53/b53_common.c | 33 + drivers/net/dsa/b53/b53_regs.h | 14 drivers/net/dsa/microchip/ksz_common.c | 135 ++++- drivers/net/dsa/sja1105/sja1105_main.c | 6 drivers/net/ethernet/cadence/macb_main.c | 19 drivers/net/ethernet/engleder/tsnep_main.c | 30 - drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 5 drivers/net/ethernet/marvell/octeontx2/nic/cn10k_macsec.c | 3 drivers/net/ethernet/marvell/octeontx2/nic/otx2_common.h | 1 drivers/net/ethernet/marvell/octeontx2/nic/otx2_devlink.c | 1 drivers/net/ethernet/marvell/octeontx2/nic/otx2_ethtool.c | 10 drivers/net/ethernet/marvell/octeontx2/nic/otx2_flows.c | 3 drivers/net/ethernet/mediatek/mtk_eth_soc.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 4 drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c | 3 drivers/net/ethernet/qlogic/qede/qede_main.c | 2 drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov_common.c | 7 drivers/net/hyperv/hyperv_net.h | 13 drivers/net/hyperv/netvsc.c | 57 ++ drivers/net/hyperv/netvsc_drv.c | 62 -- drivers/net/hyperv/rndis_filter.c | 24 - drivers/net/phy/micrel.c | 7 drivers/net/wireless/mediatek/mt76/dma.c | 1 drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 4 drivers/nvme/host/pci.c | 4 drivers/phy/renesas/phy-rcar-gen3-usb2.c | 40 - drivers/phy/tegra/xusb-tegra186.c | 46 + drivers/phy/tegra/xusb.c | 8 drivers/platform/x86/amd/hsmp/Kconfig | 2 drivers/platform/x86/amd/hsmp/acpi.c | 10 drivers/platform/x86/amd/hsmp/hsmp.c | 1 drivers/platform/x86/amd/hsmp/hsmp.h | 4 drivers/platform/x86/amd/hsmp/plat.c | 42 - drivers/platform/x86/amd/pmc/pmc-quirks.c | 7 drivers/platform/x86/amd/pmf/tee-if.c | 23 drivers/platform/x86/asus-wmi.c | 3 drivers/regulator/max20086-regulator.c | 7 drivers/scsi/sd_zbc.c | 6 drivers/scsi/storvsc_drv.c | 1 drivers/spi/spi-loopback-test.c | 2 drivers/spi/spi-tegra114.c | 6 drivers/usb/gadget/function/f_midi2.c | 2 fs/binfmt_elf.c | 71 ++- fs/btrfs/discard.c | 17 fs/btrfs/fs.h | 1 fs/btrfs/inode.c | 7 fs/btrfs/super.c | 4 fs/eventpoll.c | 7 fs/nfs/localio.c | 2 fs/nfs/nfs4proc.c | 9 fs/nfs/pnfs.c | 9 fs/smb/client/smb2pdu.c | 2 fs/udf/truncate.c | 2 fs/xattr.c | 24 + include/linux/bio.h | 1 include/linux/hyperv.h | 7 include/linux/micrel_phy.h | 1 include/linux/tpm.h | 21 include/net/sch_generic.h | 15 include/sound/ump_msg.h | 4 io_uring/fdinfo.c | 48 +- io_uring/memmap.c | 2 io_uring/uring_cmd.c | 5 kernel/cgroup/cpuset.c | 6 kernel/sched/ext.c | 6 kernel/trace/fprobe.c | 3 kernel/trace/ring_buffer.c | 8 kernel/trace/trace_dynevent.c | 16 kernel/trace/trace_dynevent.h | 1 kernel/trace/trace_events_trigger.c | 2 kernel/trace/trace_functions.c | 6 kernel/trace/trace_kprobe.c | 2 kernel/trace/trace_probe.c | 9 kernel/trace/trace_uprobe.c | 2 mm/hugetlb.c | 28 - mm/page_alloc.c | 23 mm/userfaultfd.c | 12 net/bluetooth/mgmt.c | 9 net/mac80211/main.c | 6 net/mctp/device.c | 17 net/mctp/route.c | 4 net/sched/sch_codel.c | 2 net/sched/sch_fq.c | 2 net/sched/sch_fq_codel.c | 2 net/sched/sch_fq_pie.c | 2 net/sched/sch_hhf.c | 2 net/sched/sch_pie.c | 2 net/tls/tls_strp.c | 3 samples/ftrace/sample-trace-array.c | 2 scripts/Makefile.extrawarn | 12 sound/core/seq/seq_clientmgr.c | 52 +- sound/core/seq/seq_ump_convert.c | 18 sound/core/seq/seq_ump_convert.h | 1 sound/pci/es1968.c | 6 sound/sh/Kconfig | 2 sound/usb/quirks.c | 4 tools/net/ynl/pyynl/ethtool.py | 22 tools/perf/arch/loongarch/include/syscall_table.h | 2 tools/testing/selftests/drivers/net/hw/ncdevmem.c | 55 -- tools/testing/vsock/vsock_test.c | 28 - 176 files changed, 1681 insertions(+), 1027 deletions(-) Aaron Kling (1): spi: tegra114: Use value to check for invalid delays Abdun Nihaal (1): qlcnic: fix memory leak in qlcnic_sriov_channel_cfg_cmd() Alexey Makhalov (1): MAINTAINERS: Update Alexey Makhalov's email address Andrew Jeffery (1): net: mctp: Ensure keys maintain only one ref to corresponding dev Ashish Kalra (2): x86/sev: Do not touch VMSA pages during SNP guest memory kdump x86/sev: Make sure pages are not skipped during kdump Barry Song (1): mm: userfaultfd: correct dirty flags set for both present and swap pte Bo-Cun Chen (1): net: ethernet: mtk_eth_soc: fix typo for declaration MT7988 ESW capability Boris Burkov (1): btrfs: fix folio leak in submit_one_async_extent() Breno Leitao (1): tracing: fprobe: Fix RCU warning message in list traversal Carolina Jubran (1): net/mlx5e: Disable MACsec offload for uplink representor profile Christian Heusel (1): ALSA: usb-audio: Add sample rate quirk for Audioengine D1 Christian Hewitt (1): arm64: dts: amlogic: dreambox: fix missing clkc_audio node Christophe JAILLET (1): i2c: designware: Fix an error handling path in i2c_dw_pci_probe() Claudiu Beznea (2): phy: renesas: rcar-gen3-usb2: Fix role detection on unbind/bind phy: renesas: rcar-gen3-usb2: Set timing registers only once Cong Wang (1): net_sched: Flush gso_skb list too during ->change() Cosmin Ratiu (1): tests/ncdevmem: Fix double-free of queue array Cosmin Tanislav (1): regulator: max20086: fix invalid memory access Dan Carpenter (1): phy: tegra: xusb: remove a stray unlock Daniele Ceraolo Spurio (1): drm/xe/gsc: do not flush the GSC worker from the reset path David Lechner (1): iio: adc: ad7606: check for NULL before calling sw_mode_config() Dragan Simic (1): arm64: dts: rockchip: Remove overdrive-mode OPPs from RK3588J SoC dtsi Emanuele Ghidoli (1): gpio: pca953x: fix IRQ storm on system wake up Fabio Estevam (1): drm/tiny: panel-mipi-dbi: Use drm_client_setup_with_fourcc() Fedor Pchelkin (1): wifi: mt76: disable napi on driver removal Filipe Manana (1): btrfs: fix discard worker infinite loop after disabling discard Geert Uytterhoeven (2): spi: loopback-test: Do not split 1024-byte hexdumps ALSA: sh: SND_AICA should depend on SH_DMA_API Gerhard Engleder (1): tsnep: fix timestamping with a stacked DSA driver Greg Kroah-Hartman (1): Linux 6.14.8 Guillaume Stols (2): iio: adc: ad7606: move the software mode configuration iio: adc: ad7606: move software functions into common file Hangbin Liu (1): tools/net/ynl: ethtool: fix crash when Hardware Clock info is missing Hans de Goede (1): platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection Hariprasad Kelam (2): octeontx2-pf: Fix ethtool support for SDP representors octeontx2-af: Fix CGX Receive counters Henry Martin (1): HID: uclogic: Add NULL check in uclogic_input_configured() Himanshu Bhavani (1): arm64: dts: imx8mp-var-som: Fix LDO5 shutdown causing SD card timeout Huacai Chen (3): LoongArch: Move __arch_cpu_idle() to .cpuidle.text section LoongArch: Save and restore CSR.CNTC for hibernation LoongArch: Fix MAX_REG_OFFSET calculation Hyejeong Choi (1): dma-buf: insert memory barrier before updating num_fences I Hsin Cheng (1): drm/meson: Use 1000ULL when operating with mode->clock Ido Schimmel (1): mlxsw: spectrum_router: Fix use-after-free when deleting GRE net devices Jakub Kicinski (2): netlink: specs: tc: fix a couple of attribute names netlink: specs: tc: all actions are indexed arrays Jan Kara (1): udf: Make sure i_lenExtents is uptodate on inode eviction Jarkko Sakkinen (1): tpm: Mask TPM RC in tpm2_start_auth_session() Jens Axboe (2): io_uring/fdinfo: grab ctx->uring_lock around io_uring_show_fdinfo() io_uring/memmap: don't use page_address() on a highmem page Jeremy Linton (1): ACPI: PPTT: Fix processor subtable walk Jethro Donaldson (1): smb: client: fix memory leak during error handling for POSIX mkdir Jonas Gorski (1): net: dsa: b53: prevent standalone from trying to forward to other ports Karol Wachowski (4): accel/ivpu: Dump only first MMU fault from single context accel/ivpu: Move parts of MMU event IRQ handling to thread handler accel/ivpu: Fix missing MMU events from reserved SSID accel/ivpu: Fix missing MMU events if file_priv is unbound Kees Cook (3): binfmt_elf: Move brk for static PIE even if ASLR disabled nvme-pci: make nvme_pci_npages_prp() __always_inline wifi: mac80211: Set n_channels after allocating struct cfg80211_scan_request Keith Busch (1): nvme-pci: acquire cq_poll_lock in nvme_poll_irqdisable Kirill A. Shutemov (1): mm/page_alloc: fix race condition in unaccepted memory handling Konstantin Shkolnyy (1): vsock/test: Fix occasional failure in SIOCOUTQ tests Kyoji Ogasawara (1): btrfs: add back warning for mount option commit values exceeding 300 Li Lingfeng (1): nfs: handle failure of nfs_get_lock_context in unlock path Luiz Augusto von Dentz (1): Bluetooth: MGMT: Fix MGMT_OP_ADD_DEVICE invalid device flags Ma Ke (1): phy: Fix error handling in tegra_xusb_port_init Maciej Falkowski (2): accel/ivpu: Use workqueue for IRQ handling accel/ivpu: Flush pending jobs of device's workqueues Mario Limonciello (3): drivers/platform/x86/amd: pmf: Check for invalid sideloaded Smart PC Policies drivers/platform/x86/amd: pmf: Check for invalid Smart PC Policies HID: amd_sfh: Fix SRA sensor when it's the only sensor Masami Hiramatsu (Google) (1): tracing: probes: Fix a possible race in trace_probe_log APIs Mathieu Othacehe (1): net: cadence: macb: Fix a possible deadlock in macb_halt_tx. Matt Johnston (1): net: mctp: Don't access ifa_index when missing Max Kellermann (1): fs/eventpoll: fix endless busy loop after timeout has expired Melissa Wen (2): drm/amd/display: Fix null check of pipe_ctx->plane_state for update_dchubp_dpp Revert "drm/amd/display: Hardware cursor changes color when switched to software cursor" Michael Kelley (5): hv_netvsc: Use vmbus_sendpacket_mpb_desc() to send VMBus messages hv_netvsc: Preserve contiguous PFN grouping in the page buffer array hv_netvsc: Remove rmsg_pgcnt Drivers: hv: Allow vmbus_sendpacket_mpb_desc() to create multiple ranges Drivers: hv: vmbus: Remove vmbus_sendpacket_pagebuffer() Michal Suchanek (1): tpm: tis: Double the timeout B to 4s Ming Lei (1): ublk: fix dead loop when canceling io command Ming Yen Hsieh (1): wifi: mt76: mt7925: fix missing hdr_trans_tlv command for broadcast wtbl Nathan Chancellor (2): kbuild: Disable -Wdefault-const-init-unsafe net: qede: Initialize qede_ll_ops with designated initializer Nathan Lynch (1): dmaengine: Revert "dmaengine: dmatest: Fix dmatest waiting less when interrupted" Nicolas Chauvet (1): ALSA: usb-audio: Add sample rate quirk for Microdia JP001 USB Camera Nicolas Frattaroli (1): arm64: dts: rockchip: fix Sige5 RTC interrupt pin Oleksij Rempel (2): net: dsa: microchip: let phylink manage PHY EEE configuration on KSZ switches net: phy: micrel: remove KSZ9477 EEE quirks now handled by phylink Pengtao He (1): net/tls: fix kernel panic when alloc_page failed Philip Yang (1): drm/amdgpu: csa unmap use uninterruptible lock Qasim Ijaz (1): HID: thrustmaster: fix memory leak in thrustmaster_interrupts() Ronald Wahl (1): dmaengine: ti: k3-udma: Add missing locking Rong Zhang (1): HID: bpf: abort dispatch if device destroyed Runhua He (1): platform/x86/amd/pmc: Declare quirk_spurious_8042 for MECHREVO Wujie 14XA (GX4HRXL) Sam Edwards (1): arm64: dts: rockchip: Allow Turing RK1 cooling fan to spin down Shuai Xue (9): dmaengine: idxd: fix memory leak in error handling path of idxd_setup_wqs dmaengine: idxd: fix memory leak in error handling path of idxd_setup_engines dmaengine: idxd: fix memory leak in error handling path of idxd_setup_groups dmaengine: idxd: Add missing cleanup for early error out in idxd_setup_internals dmaengine: idxd: Add missing cleanups in cleanup internals dmaengine: idxd: Add missing idxd cleanup to fix memory leak in remove call dmaengine: idxd: fix memory leak in error handling path of idxd_alloc dmaengine: idxd: fix memory leak in error handling path of idxd_pci_probe dmaengine: idxd: Refactor remove call with idxd_cleanup() helper Stephen Smalley (1): fs/xattr.c: fix simple_xattr_list to always include security.* xattrs Steve Siwinski (1): scsi: sd_zbc: block: Respect bio vector limits for REPORT ZONES buffer Steven Rostedt (2): tracing: samples: Initialize trace_array_printk() with the correct function ring-buffer: Fix persistent buffer when commit page is the reader page Subbaraya Sundeep (2): octeontx2-pf: macsec: Fix incorrect max transmit size in TX secy octeontx2-pf: Do not reallocate all ntuple filters Suma Hegde (1): platform/x86/amd/hsmp: Make amd_hsmp and hsmp_acpi as mutually exclusive drivers Takashi Iwai (2): ALSA: seq: Fix delivery of UMP events to group ports ALSA: ump: Fix a typo of snd_ump_stream_msg_device_info Tejun Heo (1): sched_ext: bpf_iter_scx_dsq_new() should always initialize iterator Thomas Weißschuh (1): Revert "kbuild, rust: use -fremap-path-prefix to make paths relative" Tianyang Zhang (1): LoongArch: Prevent cond_resched() occurring within kernel-fpu Tiezhu Yang (3): LoongArch: uprobes: Remove user_{en,dis}able_single_step() LoongArch: uprobes: Remove redundant code about resume_era perf tools: Fix build error for LoongArch Tim Huang (1): drm/amdgpu: fix incorrect MALL size for GFX1151 Tom Vincent (1): arm64: dts: rockchip: Assign RT5616 MCLK rate on rk3588-friendlyelec-cm3588 Trond Myklebust (2): NFS/localio: Fix a race in nfs_local_open_fh() NFSv4/pnfs: Reset the layout state after a layoutreturn Umesh Nerlige Ramappa (1): drm/xe: Save CTX_TIMESTAMP mmio value instead of LRC value Vladimir Oltean (1): net: dsa: sja1105: discard incoming frames in BR_STATE_LISTENING Waiman Long (1): cgroup/cpuset: Extend kthread_is_per_cpu() check to all PF_NO_SETAFFINITY tasks Wayne Chang (1): phy: tegra: xusb: Use a bitmask for UTMI pad power state tracking Wayne Lin (2): drm/amd/display: Correct the reply value when AUX write incomplete drm/amd/display: Avoid flooding unnecessary info messages Wentao Liang (1): ALSA: es1968: Add error handling for snd_pcm_hw_constraint_pow2() Wupeng Ma (1): mm: hugetlb: fix incorrect fallback for subpool Yazen Ghannam (1): x86/amd_node, platform/x86/amd/hsmp: Have HSMP use SMN through AMD_NODE Yemike Abhilash Chandra (1): dmaengine: ti: k3-udma: Use cap_mask directly from dma_device structure instead of a local copy Ze Huang (1): riscv: dts: sophgo: fix DMA data-width configuration for CV18xx Zhu Yanjun (2): RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug RDMA/core: Fix "KASAN: slab-use-after-free Read in ib_register_device" problem hexue (1): io_uring/uring_cmd: fix hybrid polling initialization issue pengdonglin (2): ftrace: Fix preemption accounting for stacktrace trigger command ftrace: Fix preemption accounting for stacktrace filter command

4 months

1
1
0 0

Linux 6.6.92

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.92 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm64/net/bpf_jit_comp.c | 12 arch/loongarch/Makefile | 2 arch/loongarch/include/asm/ptrace.h | 2 arch/loongarch/include/asm/uprobes.h | 1 arch/loongarch/kernel/kfpu.c | 22 arch/loongarch/kernel/time.c | 2 arch/loongarch/kernel/uprobes.c | 11 arch/loongarch/power/hibernate.c | 3 arch/x86/kernel/alternative.c | 17 arch/x86/kvm/smm.c | 1 arch/x86/kvm/svm/svm.c | 19 block/bio.c | 2 drivers/acpi/pptt.c | 11 drivers/bluetooth/btnxpuart.c | 6 drivers/char/tpm/tpm_tis_core.h | 2 drivers/dma-buf/dma-resv.c | 5 drivers/dma/dmatest.c | 6 drivers/dma/idxd/init.c | 159 ++++-- drivers/dma/ti/k3-udma.c | 10 drivers/firmware/arm_scmi/Kconfig | 14 drivers/firmware/arm_scmi/common.h | 35 + drivers/firmware/arm_scmi/driver.c | 89 +++ drivers/firmware/arm_scmi/mailbox.c | 3 drivers/gpu/drm/amd/amdgpu/amdgpu.h | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 51 ++ drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 11 drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c | 29 + drivers/gpu/drm/amd/amdgpu/amdgpu_virt.h | 3 drivers/gpu/drm/amd/amdgpu/mxgpu_ai.c | 2 drivers/gpu/drm/amd/amdgpu/mxgpu_nv.c | 2 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 3 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 16 drivers/hid/hid-thrustmaster.c | 1 drivers/hid/hid-uclogic-core.c | 7 drivers/hv/channel.c | 65 -- drivers/iio/adc/ad7266.c | 2 drivers/iio/adc/ad7768-1.c | 2 drivers/iio/chemical/sps30.c | 2 drivers/infiniband/sw/rxe/rxe_cq.c | 5 drivers/net/dsa/sja1105/sja1105_main.c | 6 drivers/net/ethernet/cadence/macb_main.c | 19 drivers/net/ethernet/engleder/tsnep_hw.h | 2 drivers/net/ethernet/engleder/tsnep_main.c | 131 ++++- drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 5 drivers/net/ethernet/marvell/octeontx2/nic/cn10k_macsec.c | 3 drivers/net/ethernet/mediatek/mtk_eth_soc.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 4 drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c | 3 drivers/net/ethernet/qlogic/qede/qede_main.c | 2 drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov_common.c | 7 drivers/net/hyperv/hyperv_net.h | 13 drivers/net/hyperv/netvsc.c | 57 ++ drivers/net/hyperv/netvsc_drv.c | 62 -- drivers/net/hyperv/rndis_filter.c | 24 - drivers/net/wireless/mediatek/mt76/dma.c | 1 drivers/nvme/host/pci.c | 4 drivers/phy/renesas/phy-rcar-gen3-usb2.c | 40 - drivers/phy/tegra/xusb-tegra186.c | 46 +- drivers/phy/tegra/xusb.c | 8 drivers/platform/x86/amd/pmc/pmc-quirks.c | 7 drivers/platform/x86/asus-wmi.c | 3 drivers/regulator/max20086-regulator.c | 7 drivers/scsi/sd_zbc.c | 6 drivers/scsi/storvsc_drv.c | 1 drivers/spi/spi-loopback-test.c | 2 drivers/spi/spi-tegra114.c | 6 drivers/usb/gadget/function/f_midi2.c | 2 drivers/usb/typec/ucsi/displayport.c | 19 drivers/usb/typec/ucsi/ucsi.c | 34 + drivers/usb/typec/ucsi/ucsi.h | 2 fs/binfmt_elf.c | 273 ++++++------ fs/btrfs/extent-tree.c | 25 - fs/nfs/nfs4proc.c | 9 fs/nfs/pnfs.c | 9 fs/smb/client/smb2pdu.c | 2 fs/udf/truncate.c | 2 fs/xattr.c | 24 + include/linux/bio.h | 1 include/linux/hyperv.h | 7 include/linux/tpm.h | 2 include/net/sch_generic.h | 15 include/sound/ump_msg.h | 4 kernel/cgroup/cpuset.c | 6 kernel/trace/trace_dynevent.c | 16 kernel/trace/trace_dynevent.h | 1 kernel/trace/trace_events_trigger.c | 2 kernel/trace/trace_functions.c | 6 kernel/trace/trace_kprobe.c | 2 kernel/trace/trace_probe.c | 9 kernel/trace/trace_uprobe.c | 2 mm/memblock.c | 9 mm/memory_hotplug.c | 6 mm/migrate.c | 16 mm/page_alloc.c | 27 - net/bluetooth/mgmt.c | 9 net/mac80211/main.c | 6 net/mctp/device.c | 65 +- net/mctp/route.c | 4 net/sched/sch_codel.c | 2 net/sched/sch_fq.c | 2 net/sched/sch_fq_codel.c | 2 net/sched/sch_fq_pie.c | 2 net/sched/sch_hhf.c | 2 net/sched/sch_pie.c | 2 net/sctp/sysctl.c | 4 net/tls/tls_strp.c | 3 samples/ftrace/sample-trace-array.c | 2 sound/core/seq/seq_clientmgr.c | 52 +- sound/core/seq/seq_ump_convert.c | 18 sound/core/seq/seq_ump_convert.h | 1 sound/pci/es1968.c | 6 sound/sh/Kconfig | 2 sound/usb/quirks.c | 4 tools/net/ynl/ethtool.py | 29 + tools/testing/selftests/exec/Makefile | 19 tools/testing/selftests/exec/load_address.c | 83 ++- tools/testing/selftests/mm/compaction_test.c | 19 118 files changed, 1290 insertions(+), 689 deletions(-) Aaron Kling (1): spi: tegra114: Use value to check for invalid delays Abdun Nihaal (1): qlcnic: fix memory leak in qlcnic_sriov_channel_cfg_cmd() Alex Deucher (2): Revert "drm/amd: Stop evicting resources on APUs in suspend" drm/amdgpu: fix pm notifier handling Andrei Kuchynski (1): usb: typec: ucsi: displayport: Fix deadlock Andrew Jeffery (1): net: mctp: Ensure keys maintain only one ref to corresponding dev Bo-Cun Chen (1): net: ethernet: mtk_eth_soc: fix typo for declaration MT7988 ESW capability Carolina Jubran (1): net/mlx5e: Disable MACsec offload for uplink representor profile Christian Heusel (1): ALSA: usb-audio: Add sample rate quirk for Audioengine D1 Claudiu Beznea (2): phy: renesas: rcar-gen3-usb2: Fix role detection on unbind/bind phy: renesas: rcar-gen3-usb2: Set timing registers only once Cong Wang (1): net_sched: Flush gso_skb list too during ->change() Cosmin Tanislav (1): regulator: max20086: fix invalid memory access Cristian Marussi (3): firmware: arm_scmi: Add helper to trace bad messages firmware: arm_scmi: Add message dump traces for bad and unexpected replies firmware: arm_scmi: Fix timeout checks on polling path Dan Carpenter (1): phy: tegra: xusb: remove a stray unlock David Lechner (1): iio: chemical: sps30: use aligned_s64 for timestamp Eric Dumazet (2): mctp: no longer rely on net->dev_index_head[] sctp: add mutual exclusion in proc_sctp_do_udp_port() Eric W. Biederman (1): binfmt_elf: Support segments with 0 filesz and misaligned starts Fedor Pchelkin (1): wifi: mt76: disable napi on driver removal Feng Tang (1): selftests/mm: compaction_test: support platform with huge mount of memory Filipe Manana (1): btrfs: don't BUG_ON() when 0 reference count at btrfs_lookup_extent_info() Geert Uytterhoeven (2): spi: loopback-test: Do not split 1024-byte hexdumps ALSA: sh: SND_AICA should depend on SH_DMA_API Gerhard Engleder (2): tsnep: Inline small fragments within TX descriptor tsnep: fix timestamping with a stacked DSA driver Greg Kroah-Hartman (1): Linux 6.6.92 Hangbin Liu (1): tools/net/ynl: ethtool: fix crash when Hardware Clock info is missing Hans de Goede (1): platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection Hariprasad Kelam (1): octeontx2-af: Fix CGX Receive counters Henry Martin (1): HID: uclogic: Add NULL check in uclogic_input_configured() Huacai Chen (3): LoongArch: Save and restore CSR.CNTC for hibernation LoongArch: Fix MAX_REG_OFFSET calculation LoongArch: Explicitly specify code model in Makefile Hyejeong Choi (1): dma-buf: insert memory barrier before updating num_fences Ido Schimmel (1): mlxsw: spectrum_router: Fix use-after-free when deleting GRE net devices Jan Kara (1): udf: Make sure i_lenExtents is uptodate on inode eviction Jeremy Linton (1): ACPI: PPTT: Fix processor subtable walk Jethro Donaldson (1): smb: client: fix memory leak during error handling for POSIX mkdir Jonathan Cameron (2): iio: adc: ad7266: Fix potential timestamp alignment issue. iio: adc: ad7768-1: Fix insufficient alignment of timestamp. Kees Cook (8): binfmt_elf: elf_bss no longer used by load_elf_binary() binfmt_elf: Leave a gap between .bss and brk selftests/exec: Build both static and non-static load_address tests binfmt_elf: Calculate total_size earlier binfmt_elf: Honor PT_LOAD alignment for static PIE binfmt_elf: Move brk for static PIE even if ASLR disabled nvme-pci: make nvme_pci_npages_prp() __always_inline wifi: mac80211: Set n_channels after allocating struct cfg80211_scan_request Keith Busch (1): nvme-pci: acquire cq_poll_lock in nvme_poll_irqdisable Kirill A. Shutemov (1): mm/page_alloc: fix race condition in unaccepted memory handling Li Lingfeng (1): nfs: handle failure of nfs_get_lock_context in unlock path Luiz Augusto von Dentz (1): Bluetooth: MGMT: Fix MGMT_OP_ADD_DEVICE invalid device flags Luke Parkin (2): firmware: arm_scmi: Add support for debug metrics at the interface firmware: arm_scmi: Track basic SCMI communication debug metrics Ma Jun (1): drm/amdgpu: Fix the runtime resume failure issue Ma Ke (1): phy: Fix error handling in tegra_xusb_port_init Ma Wupeng (1): hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio Mario Limonciello (2): drm/amd: Stop evicting resources on APUs in suspend drm/amd: Add Suspend/Hibernate notification callback support Masami Hiramatsu (Google) (1): tracing: probes: Fix a possible race in trace_probe_log APIs Mathieu Othacehe (1): net: cadence: macb: Fix a possible deadlock in macb_halt_tx. Matt Johnston (1): net: mctp: Don't access ifa_index when missing Michael Kelley (5): hv_netvsc: Use vmbus_sendpacket_mpb_desc() to send VMBus messages hv_netvsc: Preserve contiguous PFN grouping in the page buffer array hv_netvsc: Remove rmsg_pgcnt Drivers: hv: Allow vmbus_sendpacket_mpb_desc() to create multiple ranges Drivers: hv: vmbus: Remove vmbus_sendpacket_pagebuffer() Michal Suchanek (1): tpm: tis: Double the timeout B to 4s Mikhail Lobanov (1): KVM: SVM: Forcibly leave SMM mode on SHUTDOWN interception Muhammad Usama Anjum (1): selftests/exec: load_address: conform test to TAP format output Nathan Chancellor (1): net: qede: Initialize qede_ll_ops with designated initializer Nathan Lynch (1): dmaengine: Revert "dmaengine: dmatest: Fix dmatest waiting less when interrupted" Neeraj Sanjay Kale (1): Bluetooth: btnxpuart: Fix kernel panic during FW release Nicolas Chauvet (1): ALSA: usb-audio: Add sample rate quirk for Microdia JP001 USB Camera Pawan Gupta (1): x86/its: Fix build error for its_static_thunk() Pengtao He (1): net/tls: fix kernel panic when alloc_page failed Peter Collingbourne (1): bpf, arm64: Fix address emission with tag-based KASAN enabled Peter Gonda (1): KVM: SVM: Update SEV-ES shutdown intercepts with more metadata Puranjay Mohan (1): bpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG Qasim Ijaz (1): HID: thrustmaster: fix memory leak in thrustmaster_interrupts() Rahul Rameshbabu (1): tools: ynl: ethtool.py: Output timestamping statistics from tsinfo-get operation Ronald Wahl (1): dmaengine: ti: k3-udma: Add missing locking Runhua He (1): platform/x86/amd/pmc: Declare quirk_spurious_8042 for MECHREVO Wujie 14XA (GX4HRXL) Shuai Xue (9): dmaengine: idxd: fix memory leak in error handling path of idxd_setup_wqs dmaengine: idxd: fix memory leak in error handling path of idxd_setup_engines dmaengine: idxd: fix memory leak in error handling path of idxd_setup_groups dmaengine: idxd: Add missing cleanup for early error out in idxd_setup_internals dmaengine: idxd: Add missing cleanups in cleanup internals dmaengine: idxd: Add missing idxd cleanup to fix memory leak in remove call dmaengine: idxd: fix memory leak in error handling path of idxd_alloc dmaengine: idxd: fix memory leak in error handling path of idxd_pci_probe dmaengine: idxd: Refactor remove call with idxd_cleanup() helper Stephen Smalley (1): fs/xattr.c: fix simple_xattr_list to always include security.* xattrs Steve Siwinski (1): scsi: sd_zbc: block: Respect bio vector limits for REPORT ZONES buffer Steven Rostedt (1): tracing: samples: Initialize trace_array_printk() with the correct function Subbaraya Sundeep (1): octeontx2-pf: macsec: Fix incorrect max transmit size in TX secy Takashi Iwai (2): ALSA: seq: Fix delivery of UMP events to group ports ALSA: ump: Fix a typo of snd_ump_stream_msg_device_info Tianyang Zhang (1): LoongArch: Prevent cond_resched() occurring within kernel-fpu Tiezhu Yang (2): LoongArch: uprobes: Remove user_{en,dis}able_single_step() LoongArch: uprobes: Remove redundant code about resume_era Tom Lendacky (1): memblock: Accept allocated memory before use in memblock_double_array() Trond Myklebust (1): NFSv4/pnfs: Reset the layout state after a layoutreturn Vladimir Oltean (1): net: dsa: sja1105: discard incoming frames in BR_STATE_LISTENING Waiman Long (1): cgroup/cpuset: Extend kthread_is_per_cpu() check to all PF_NO_SETAFFINITY tasks Wayne Chang (1): phy: tegra: xusb: Use a bitmask for UTMI pad power state tracking Wayne Lin (2): drm/amd/display: Correct the reply value when AUX write incomplete drm/amd/display: Avoid flooding unnecessary info messages Wentao Liang (1): ALSA: es1968: Add error handling for snd_pcm_hw_constraint_pow2() Yemike Abhilash Chandra (1): dmaengine: ti: k3-udma: Use cap_mask directly from dma_device structure instead of a local copy Zhigang Luo (1): drm/amdgpu: trigger flr_work if reading pf2vf data failed Zhu Yanjun (1): RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug Zi Yan (1): mm/migrate: correct nr_failed in migrate_pages_sync() pengdonglin (2): ftrace: Fix preemption accounting for stacktrace trigger command ftrace: Fix preemption accounting for stacktrace filter command

4 months

1
1
0 0

Linux 6.12.30

by Greg Kroah-Hartman

I'm announcing the release of the 6.12.30 kernel. All users of the 6.12 kernel series must upgrade. The updated 6.12.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.12.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/netlink/specs/tc.yaml | 10 MAINTAINERS | 6 Makefile | 2 arch/arm64/boot/dts/amlogic/meson-g12b-dreambox.dtsi | 4 arch/arm64/boot/dts/freescale/imx8mp-var-som.dtsi | 12 arch/arm64/boot/dts/rockchip/rk3588-friendlyelec-cm3588.dtsi | 4 arch/arm64/boot/dts/rockchip/rk3588j.dtsi | 53 - arch/loongarch/include/asm/ptrace.h | 2 arch/loongarch/include/asm/uprobes.h | 1 arch/loongarch/kernel/genex.S | 7 arch/loongarch/kernel/kfpu.c | 22 arch/loongarch/kernel/time.c | 2 arch/loongarch/kernel/uprobes.c | 11 arch/loongarch/power/hibernate.c | 3 arch/riscv/boot/dts/sophgo/cv18xx.dtsi | 2 arch/x86/kvm/mmu/mmu.c | 75 +- block/bio.c | 2 drivers/accel/ivpu/ivpu_debugfs.c | 2 drivers/accel/ivpu/ivpu_fw.c | 4 drivers/accel/ivpu/ivpu_fw_log.c | 113 ++- drivers/accel/ivpu/ivpu_fw_log.h | 9 drivers/accel/ivpu/ivpu_pm.c | 1 drivers/acpi/pptt.c | 11 drivers/bluetooth/btnxpuart.c | 6 drivers/char/tpm/tpm2-sessions.c | 20 drivers/char/tpm/tpm_tis_core.h | 2 drivers/dma-buf/dma-resv.c | 5 drivers/dma/dmatest.c | 6 drivers/dma/idxd/init.c | 159 +++- drivers/dma/ti/k3-udma.c | 10 drivers/gpio/gpio-pca953x.c | 6 drivers/gpu/drm/amd/amdgpu/amdgpu.h | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c | 18 drivers/gpu/drm/amd/amdgpu/amdgpu_csa.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 47 + drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 11 drivers/gpu/drm/amd/amdgpu/gmc_v11_0.c | 12 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 3 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 16 drivers/gpu/drm/amd/display/dc/dpp/dcn401/dcn401_dpp_cm.c | 5 drivers/gpu/drm/drm_fbdev_dma.c | 60 + drivers/gpu/drm/tiny/Kconfig | 1 drivers/gpu/drm/tiny/panel-mipi-dbi.c | 7 drivers/gpu/drm/xe/instructions/xe_mi_commands.h | 4 drivers/gpu/drm/xe/xe_gsc.c | 22 drivers/gpu/drm/xe/xe_gsc.h | 1 drivers/gpu/drm/xe/xe_gsc_proxy.c | 11 drivers/gpu/drm/xe/xe_gsc_proxy.h | 1 drivers/gpu/drm/xe/xe_gt.c | 2 drivers/gpu/drm/xe/xe_lrc.c | 2 drivers/gpu/drm/xe/xe_ring_ops.c | 7 drivers/gpu/drm/xe/xe_uc.c | 8 drivers/gpu/drm/xe/xe_uc.h | 1 drivers/hid/bpf/hid_bpf_dispatch.c | 9 drivers/hid/hid-thrustmaster.c | 1 drivers/hid/hid-uclogic-core.c | 7 drivers/hv/channel.c | 65 - drivers/hv/hyperv_vmbus.h | 6 drivers/hv/vmbus_drv.c | 100 ++ drivers/iio/adc/ad7266.c | 2 drivers/iio/adc/ad7768-1.c | 2 drivers/iio/chemical/pms7003.c | 5 drivers/iio/chemical/sps30.c | 2 drivers/iio/light/opt3001.c | 5 drivers/iio/pressure/mprls0025pa.h | 17 drivers/infiniband/core/device.c | 6 drivers/infiniband/sw/rxe/rxe_cq.c | 5 drivers/net/dsa/b53/b53_common.c | 33 drivers/net/dsa/b53/b53_regs.h | 14 drivers/net/dsa/sja1105/sja1105_main.c | 6 drivers/net/ethernet/cadence/macb_main.c | 19 drivers/net/ethernet/engleder/tsnep_main.c | 30 drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 5 drivers/net/ethernet/marvell/octeontx2/nic/cn10k_macsec.c | 3 drivers/net/ethernet/marvell/octeontx2/nic/otx2_common.h | 1 drivers/net/ethernet/marvell/octeontx2/nic/otx2_devlink.c | 1 drivers/net/ethernet/marvell/octeontx2/nic/otx2_flows.c | 3 drivers/net/ethernet/mediatek/mtk_eth_soc.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 4 drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c | 3 drivers/net/ethernet/qlogic/qede/qede_main.c | 2 drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov_common.c | 7 drivers/net/hyperv/hyperv_net.h | 13 drivers/net/hyperv/netvsc.c | 57 + drivers/net/hyperv/netvsc_drv.c | 62 - drivers/net/hyperv/rndis_filter.c | 24 drivers/net/virtio_net.c | 5 drivers/net/wireless/mediatek/mt76/dma.c | 1 drivers/nvme/host/pci.c | 4 drivers/phy/renesas/phy-rcar-gen3-usb2.c | 40 - drivers/phy/tegra/xusb-tegra186.c | 46 - drivers/phy/tegra/xusb.c | 8 drivers/platform/x86/amd/pmc/pmc-quirks.c | 7 drivers/platform/x86/amd/pmf/tee-if.c | 23 drivers/platform/x86/asus-wmi.c | 3 drivers/regulator/max20086-regulator.c | 7 drivers/scsi/sd_zbc.c | 6 drivers/scsi/storvsc_drv.c | 1 drivers/spi/spi-loopback-test.c | 2 drivers/spi/spi-tegra114.c | 6 drivers/uio/uio_hv_generic.c | 39 - drivers/usb/gadget/function/f_midi2.c | 2 drivers/usb/host/xhci-dbgcap.c | 21 drivers/usb/host/xhci-dbgcap.h | 3 drivers/usb/typec/ucsi/displayport.c | 19 drivers/usb/typec/ucsi/ucsi.c | 34 drivers/usb/typec/ucsi/ucsi.h | 2 drivers/virtio/virtio_ring.c | 6 fs/binfmt_elf.c | 71 + fs/btrfs/discard.c | 17 fs/btrfs/fs.h | 1 fs/btrfs/inode.c | 7 fs/btrfs/super.c | 4 fs/nfs/nfs4proc.c | 9 fs/nfs/pnfs.c | 9 fs/smb/client/cifs_spnego.c | 16 fs/smb/client/cifsfs.c | 25 fs/smb/client/cifsglob.h | 7 fs/smb/client/connect.c | 20 fs/smb/client/fs_context.c | 39 + fs/smb/client/fs_context.h | 10 fs/smb/client/smb2pdu.c | 2 fs/udf/truncate.c | 2 fs/xattr.c | 24 include/drm/drm_fbdev_dma.h | 12 include/linux/bio.h | 1 include/linux/hyperv.h | 13 include/linux/kvm_host.h | 6 include/linux/tpm.h | 21 include/linux/virtio.h | 3 include/net/sch_generic.h | 15 include/sound/ump_msg.h | 4 kernel/cgroup/cpuset.c | 6 kernel/sched/ext.c | 6 kernel/trace/ring_buffer.c | 8 kernel/trace/trace_dynevent.c | 16 kernel/trace/trace_dynevent.h | 1 kernel/trace/trace_events_trigger.c | 2 kernel/trace/trace_functions.c | 6 kernel/trace/trace_kprobe.c | 2 kernel/trace/trace_probe.c | 9 kernel/trace/trace_uprobe.c | 2 mm/page_alloc.c | 23 mm/userfaultfd.c | 12 net/bluetooth/mgmt.c | 9 net/mac80211/main.c | 6 net/mctp/device.c | 65 - net/mctp/route.c | 4 net/sched/sch_codel.c | 2 net/sched/sch_fq.c | 2 net/sched/sch_fq_codel.c | 2 net/sched/sch_fq_pie.c | 2 net/sched/sch_hhf.c | 2 net/sched/sch_pie.c | 2 net/tls/tls_strp.c | 3 samples/ftrace/sample-trace-array.c | 2 scripts/Makefile.extrawarn | 12 sound/core/seq/seq_clientmgr.c | 52 - sound/core/seq/seq_ump_convert.c | 18 sound/core/seq/seq_ump_convert.h | 1 sound/pci/es1968.c | 6 sound/sh/Kconfig | 2 sound/usb/quirks.c | 4 tools/net/ynl/ethtool.py | 22 tools/testing/selftests/net/ncdevmem.c | 394 ++++++----- tools/testing/vsock/vsock_test.c | 28 virt/kvm/guest_memfd.c | 2 virt/kvm/kvm_main.c | 14 168 files changed, 1803 insertions(+), 906 deletions(-) Aaron Kling (1): spi: tegra114: Use value to check for invalid delays Abdun Nihaal (1): qlcnic: fix memory leak in qlcnic_sriov_channel_cfg_cmd() Alex Deucher (2): Revert "drm/amd: Stop evicting resources on APUs in suspend" drm/amdgpu: fix pm notifier handling Alexey Makhalov (1): MAINTAINERS: Update Alexey Makhalov's email address Andrei Kuchynski (1): usb: typec: ucsi: displayport: Fix deadlock Andrew Jeffery (1): net: mctp: Ensure keys maintain only one ref to corresponding dev Barry Song (1): mm: userfaultfd: correct dirty flags set for both present and swap pte Bo-Cun Chen (1): net: ethernet: mtk_eth_soc: fix typo for declaration MT7988 ESW capability Boris Burkov (1): btrfs: fix folio leak in submit_one_async_extent() Carolina Jubran (1): net/mlx5e: Disable MACsec offload for uplink representor profile Christian Heusel (1): ALSA: usb-audio: Add sample rate quirk for Audioengine D1 Christian Hewitt (1): arm64: dts: amlogic: dreambox: fix missing clkc_audio node Claudiu Beznea (2): phy: renesas: rcar-gen3-usb2: Fix role detection on unbind/bind phy: renesas: rcar-gen3-usb2: Set timing registers only once Cong Wang (1): net_sched: Flush gso_skb list too during ->change() Cosmin Ratiu (1): tests/ncdevmem: Fix double-free of queue array Cosmin Tanislav (1): regulator: max20086: fix invalid memory access Dan Carpenter (1): phy: tegra: xusb: remove a stray unlock Daniele Ceraolo Spurio (1): drm/xe/gsc: do not flush the GSC worker from the reset path David Lechner (3): iio: chemical: pms7003: use aligned_s64 for timestamp iio: pressure: mprls0025pa: use aligned_s64 for timestamp iio: chemical: sps30: use aligned_s64 for timestamp Dragan Simic (1): arm64: dts: rockchip: Remove overdrive-mode OPPs from RK3588J SoC dtsi Emanuele Ghidoli (1): gpio: pca953x: fix IRQ storm on system wake up Eric Dumazet (1): mctp: no longer rely on net->dev_index_head[] Fabio Estevam (1): drm/tiny: panel-mipi-dbi: Use drm_client_setup_with_fourcc() Fedor Pchelkin (1): wifi: mt76: disable napi on driver removal Filipe Manana (1): btrfs: fix discard worker infinite loop after disabling discard Geert Uytterhoeven (2): spi: loopback-test: Do not split 1024-byte hexdumps ALSA: sh: SND_AICA should depend on SH_DMA_API Gerhard Engleder (1): tsnep: fix timestamping with a stacked DSA driver Greg Kroah-Hartman (1): Linux 6.12.30 Hangbin Liu (1): tools/net/ynl: ethtool: fix crash when Hardware Clock info is missing Hans de Goede (1): platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection Hariprasad Kelam (1): octeontx2-af: Fix CGX Receive counters Henry Martin (1): HID: uclogic: Add NULL check in uclogic_input_configured() Himanshu Bhavani (1): arm64: dts: imx8mp-var-som: Fix LDO5 shutdown causing SD card timeout Huacai Chen (3): LoongArch: Move __arch_cpu_idle() to .cpuidle.text section LoongArch: Save and restore CSR.CNTC for hibernation LoongArch: Fix MAX_REG_OFFSET calculation Hyejeong Choi (1): dma-buf: insert memory barrier before updating num_fences Ido Schimmel (1): mlxsw: spectrum_router: Fix use-after-free when deleting GRE net devices Isaku Yamahata (1): KVM: Add member to struct kvm_gfn_range to indicate private/shared Jacek Lawrynowicz (3): accel/ivpu: Rename ivpu_log_level to fw_log_level accel/ivpu: Refactor functions in ivpu_fw_log.c accel/ivpu: Fix fw log printing Jakub Kicinski (2): netlink: specs: tc: fix a couple of attribute names netlink: specs: tc: all actions are indexed arrays Jan Kara (1): udf: Make sure i_lenExtents is uptodate on inode eviction Jarkko Sakkinen (1): tpm: Mask TPM RC in tpm2_start_auth_session() Jeremy Linton (1): ACPI: PPTT: Fix processor subtable walk Jethro Donaldson (1): smb: client: fix memory leak during error handling for POSIX mkdir Jonas Gorski (1): net: dsa: b53: prevent standalone from trying to forward to other ports Jonathan Cameron (2): iio: adc: ad7266: Fix potential timestamp alignment issue. iio: adc: ad7768-1: Fix insufficient alignment of timestamp. Kees Cook (3): binfmt_elf: Move brk for static PIE even if ASLR disabled nvme-pci: make nvme_pci_npages_prp() __always_inline wifi: mac80211: Set n_channels after allocating struct cfg80211_scan_request Keith Busch (1): nvme-pci: acquire cq_poll_lock in nvme_poll_irqdisable Kirill A. Shutemov (1): mm/page_alloc: fix race condition in unaccepted memory handling Koichiro Den (2): virtio_ring: add a func argument 'recycle_done' to virtqueue_reset() virtio_net: ensure netdev_tx_reset_queue is called on bind xsk for tx Konstantin Shkolnyy (1): vsock/test: Fix occasional failure in SIOCOUTQ tests Kyoji Ogasawara (1): btrfs: add back warning for mount option commit values exceeding 300 Li Lingfeng (1): nfs: handle failure of nfs_get_lock_context in unlock path Luca Ceresoli (1): iio: light: opt3001: fix deadlock due to concurrent flag access Luiz Augusto von Dentz (1): Bluetooth: MGMT: Fix MGMT_OP_ADD_DEVICE invalid device flags Ma Ke (1): phy: Fix error handling in tegra_xusb_port_init Mario Limonciello (3): drivers/platform/x86/amd: pmf: Check for invalid sideloaded Smart PC Policies drivers/platform/x86/amd: pmf: Check for invalid Smart PC Policies drm/amd: Add Suspend/Hibernate notification callback support Masami Hiramatsu (Google) (1): tracing: probes: Fix a possible race in trace_probe_log APIs Mathias Nyman (2): xhci: dbc: Improve performance by removing delay in transfer event polling. xhci: dbc: Avoid event polling busyloop if pending rx transfers are inactive. Mathieu Othacehe (1): net: cadence: macb: Fix a possible deadlock in macb_halt_tx. Matt Johnston (1): net: mctp: Don't access ifa_index when missing Melissa Wen (1): Revert "drm/amd/display: Hardware cursor changes color when switched to software cursor" Michael Kelley (5): hv_netvsc: Use vmbus_sendpacket_mpb_desc() to send VMBus messages hv_netvsc: Preserve contiguous PFN grouping in the page buffer array hv_netvsc: Remove rmsg_pgcnt Drivers: hv: Allow vmbus_sendpacket_mpb_desc() to create multiple ranges Drivers: hv: vmbus: Remove vmbus_sendpacket_pagebuffer() Michal Suchanek (1): tpm: tis: Double the timeout B to 4s Naman Jain (1): uio_hv_generic: Fix sysfs creation path for ring buffer Nathan Chancellor (2): kbuild: Disable -Wdefault-const-init-unsafe net: qede: Initialize qede_ll_ops with designated initializer Nathan Lynch (1): dmaengine: Revert "dmaengine: dmatest: Fix dmatest waiting less when interrupted" Neeraj Sanjay Kale (1): Bluetooth: btnxpuart: Fix kernel panic during FW release Nicolas Chauvet (1): ALSA: usb-audio: Add sample rate quirk for Microdia JP001 USB Camera Pengtao He (1): net/tls: fix kernel panic when alloc_page failed Philip Yang (1): drm/amdgpu: csa unmap use uninterruptible lock Qasim Ijaz (1): HID: thrustmaster: fix memory leak in thrustmaster_interrupts() Ritvik Budhiraja (1): CIFS: New mount option for cifs.upcall namespace resolution Ronald Wahl (1): dmaengine: ti: k3-udma: Add missing locking Rong Zhang (1): HID: bpf: abort dispatch if device destroyed Runhua He (1): platform/x86/amd/pmc: Declare quirk_spurious_8042 for MECHREVO Wujie 14XA (GX4HRXL) Sean Christopherson (1): KVM: x86/mmu: Prevent installing hugepages when mem attributes are changing Shuai Xue (9): dmaengine: idxd: fix memory leak in error handling path of idxd_setup_wqs dmaengine: idxd: fix memory leak in error handling path of idxd_setup_engines dmaengine: idxd: fix memory leak in error handling path of idxd_setup_groups dmaengine: idxd: Add missing cleanup for early error out in idxd_setup_internals dmaengine: idxd: Add missing cleanups in cleanup internals dmaengine: idxd: Add missing idxd cleanup to fix memory leak in remove call dmaengine: idxd: fix memory leak in error handling path of idxd_alloc dmaengine: idxd: fix memory leak in error handling path of idxd_pci_probe dmaengine: idxd: Refactor remove call with idxd_cleanup() helper Stanislav Fomichev (5): selftests: ncdevmem: Redirect all non-payload output to stderr selftests: ncdevmem: Separate out dmabuf provider selftests: ncdevmem: Unify error handling selftests: ncdevmem: Make client_ip optional selftests: ncdevmem: Switch to AF_INET6 Stephen Smalley (1): fs/xattr.c: fix simple_xattr_list to always include security.* xattrs Steve Siwinski (1): scsi: sd_zbc: block: Respect bio vector limits for REPORT ZONES buffer Steven Rostedt (2): tracing: samples: Initialize trace_array_printk() with the correct function ring-buffer: Fix persistent buffer when commit page is the reader page Subbaraya Sundeep (2): octeontx2-pf: macsec: Fix incorrect max transmit size in TX secy octeontx2-pf: Do not reallocate all ntuple filters Takashi Iwai (2): ALSA: seq: Fix delivery of UMP events to group ports ALSA: ump: Fix a typo of snd_ump_stream_msg_device_info Tejun Heo (1): sched_ext: bpf_iter_scx_dsq_new() should always initialize iterator Thomas Zimmermann (2): drm/fbdev-dma: Support struct drm_driver.fbdev_probe drm/panel-mipi-dbi: Run DRM default client setup Tianyang Zhang (1): LoongArch: Prevent cond_resched() occurring within kernel-fpu Tiezhu Yang (2): LoongArch: uprobes: Remove user_{en,dis}able_single_step() LoongArch: uprobes: Remove redundant code about resume_era Tim Huang (1): drm/amdgpu: fix incorrect MALL size for GFX1151 Tom Vincent (1): arm64: dts: rockchip: Assign RT5616 MCLK rate on rk3588-friendlyelec-cm3588 Tomasz Rusinowicz (1): accel/ivpu: Reset fw log on cold boot Trond Myklebust (1): NFSv4/pnfs: Reset the layout state after a layoutreturn Umesh Nerlige Ramappa (1): drm/xe: Save CTX_TIMESTAMP mmio value instead of LRC value Vladimir Oltean (1): net: dsa: sja1105: discard incoming frames in BR_STATE_LISTENING Waiman Long (1): cgroup/cpuset: Extend kthread_is_per_cpu() check to all PF_NO_SETAFFINITY tasks Wayne Chang (1): phy: tegra: xusb: Use a bitmask for UTMI pad power state tracking Wayne Lin (2): drm/amd/display: Correct the reply value when AUX write incomplete drm/amd/display: Avoid flooding unnecessary info messages Wentao Liang (1): ALSA: es1968: Add error handling for snd_pcm_hw_constraint_pow2() Yemike Abhilash Chandra (1): dmaengine: ti: k3-udma: Use cap_mask directly from dma_device structure instead of a local copy Ze Huang (1): riscv: dts: sophgo: fix DMA data-width configuration for CV18xx Zhu Yanjun (2): RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug RDMA/core: Fix "KASAN: slab-use-after-free Read in ib_register_device" problem pengdonglin (2): ftrace: Fix preemption accounting for stacktrace trigger command ftrace: Fix preemption accounting for stacktrace filter command

4 months

1
1
0 0

Linux 6.1.140

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.140 kernel. All users of the 6.1 kernel series must upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm64/kernel/fpsimd.c | 6 arch/arm64/net/bpf_jit_comp.c | 12 arch/loongarch/Makefile | 2 arch/loongarch/include/asm/ptrace.h | 2 arch/riscv/include/asm/page.h | 1 arch/riscv/include/asm/pgtable.h | 2 arch/riscv/mm/init.c | 17 arch/x86/kernel/ftrace.c | 2 arch/x86/kernel/kprobes/core.c | 1 arch/x86/kernel/module.c | 9 block/bio.c | 2 drivers/acpi/pptt.c | 11 drivers/char/tpm/tpm_tis_core.h | 2 drivers/clocksource/i8253.c | 4 drivers/dma-buf/dma-resv.c | 5 drivers/dma/dmatest.c | 6 drivers/dma/idxd/init.c | 145 ++++-- drivers/dma/ti/k3-udma.c | 10 drivers/gpu/drm/amd/amdgpu/amdgpu.h | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 51 +- drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 11 drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c | 29 + drivers/gpu/drm/amd/amdgpu/amdgpu_virt.h | 3 drivers/gpu/drm/amd/amdgpu/mxgpu_ai.c | 2 drivers/gpu/drm/amd/amdgpu/mxgpu_nv.c | 2 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 3 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 16 drivers/hid/hid-thrustmaster.c | 1 drivers/hid/hid-uclogic-core.c | 7 drivers/hv/channel.c | 65 -- drivers/iio/adc/ad7266.c | 2 drivers/iio/adc/ad7768-1.c | 2 drivers/iio/chemical/sps30.c | 2 drivers/infiniband/sw/rxe/rxe_cq.c | 5 drivers/net/dsa/sja1105/sja1105_main.c | 6 drivers/net/ethernet/broadcom/bnxt/bnxt.c | 10 drivers/net/ethernet/cadence/macb_main.c | 19 drivers/net/ethernet/marvell/octeontx2/nic/cn10k_macsec.c | 3 drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 4 drivers/net/ethernet/qlogic/qede/qede_main.c | 2 drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov_common.c | 7 drivers/net/hyperv/hyperv_net.h | 13 drivers/net/hyperv/netvsc.c | 57 ++ drivers/net/hyperv/netvsc_drv.c | 62 -- drivers/net/hyperv/rndis_filter.c | 24 - drivers/net/wireless/mediatek/mt76/dma.c | 1 drivers/nvme/host/pci.c | 4 drivers/phy/renesas/phy-rcar-gen3-usb2.c | 40 - drivers/phy/tegra/xusb.c | 8 drivers/platform/x86/amd/pmc.c | 8 drivers/platform/x86/asus-wmi.c | 3 drivers/regulator/max20086-regulator.c | 7 drivers/scsi/sd_zbc.c | 6 drivers/scsi/storvsc_drv.c | 1 drivers/spi/spi-cadence-quadspi.c | 6 drivers/spi/spi-loopback-test.c | 2 drivers/usb/typec/altmodes/displayport.c | 18 drivers/usb/typec/ucsi/displayport.c | 19 drivers/usb/typec/ucsi/ucsi.c | 34 + drivers/usb/typec/ucsi/ucsi.h | 3 drivers/usb/typec/ucsi/ucsi_ccg.c | 5 fs/binfmt_elf.c | 285 ++++++------ fs/binfmt_elf_fdpic.c | 2 fs/btrfs/discard.c | 17 fs/btrfs/extent-tree.c | 25 - fs/exec.c | 2 fs/nfs/nfs4proc.c | 9 fs/nfs/pnfs.c | 9 fs/smb/client/smb2pdu.c | 2 include/linux/bio.h | 1 include/linux/hyperv.h | 7 include/linux/tpm.h | 2 include/net/netfilter/nf_tables.h | 3 include/net/sch_generic.h | 15 include/uapi/linux/elf.h | 2 kernel/trace/trace_dynevent.c | 16 kernel/trace/trace_dynevent.h | 1 kernel/trace/trace_events_trigger.c | 2 kernel/trace/trace_functions.c | 6 kernel/trace/trace_kprobe.c | 2 kernel/trace/trace_probe.c | 9 kernel/trace/trace_uprobe.c | 2 mm/memory_hotplug.c | 6 mm/migrate.c | 8 net/ipv4/ip_output.c | 3 net/ipv4/raw.c | 3 net/ipv6/ip6_output.c | 3 net/mctp/route.c | 4 net/netfilter/nf_tables_api.c | 54 +- net/netfilter/nft_immediate.c | 2 net/sched/sch_codel.c | 2 net/sched/sch_fq.c | 2 net/sched/sch_fq_codel.c | 2 net/sched/sch_fq_pie.c | 2 net/sched/sch_hhf.c | 2 net/sched/sch_pie.c | 2 net/sctp/sysctl.c | 4 net/tls/tls_strp.c | 3 samples/ftrace/sample-trace-array.c | 2 sound/pci/es1968.c | 6 sound/sh/Kconfig | 2 sound/usb/quirks.c | 4 tools/testing/selftests/exec/Makefile | 19 tools/testing/selftests/exec/load_address.c | 83 ++- tools/testing/selftests/vm/compaction_test.c | 19 106 files changed, 938 insertions(+), 533 deletions(-) Abdun Nihaal (1): qlcnic: fix memory leak in qlcnic_sriov_channel_cfg_cmd() Alex Deucher (2): Revert "drm/amd: Stop evicting resources on APUs in suspend" drm/amdgpu: fix pm notifier handling Andrei Kuchynski (1): usb: typec: ucsi: displayport: Fix deadlock Andrew Jeffery (1): net: mctp: Ensure keys maintain only one ref to corresponding dev Byungchul Park (1): mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone index Carolina Jubran (1): net/mlx5e: Disable MACsec offload for uplink representor profile Christian Heusel (1): ALSA: usb-audio: Add sample rate quirk for Audioengine D1 Claudiu Beznea (2): phy: renesas: rcar-gen3-usb2: Fix role detection on unbind/bind phy: renesas: rcar-gen3-usb2: Set timing registers only once Cong Wang (1): net_sched: Flush gso_skb list too during ->change() Cosmin Tanislav (1): regulator: max20086: fix invalid memory access Dan Carpenter (1): usb: typec: fix potential array underflow in ucsi_ccg_sync_control() David Lechner (1): iio: chemical: sps30: use aligned_s64 for timestamp Eric Dumazet (1): sctp: add mutual exclusion in proc_sctp_do_udp_port() Eric W. Biederman (1): binfmt_elf: Support segments with 0 filesz and misaligned starts Fedor Pchelkin (1): wifi: mt76: disable napi on driver removal Feng Tang (1): selftests/mm: compaction_test: support platform with huge mount of memory Filipe Manana (2): btrfs: fix discard worker infinite loop after disabling discard btrfs: don't BUG_ON() when 0 reference count at btrfs_lookup_extent_info() Florian Westphal (2): netfilter: nf_tables: pass nft_chain to destroy function, not nft_ctx netfilter: nf_tables: do not defer rule destruction via call_rcu GONG Ruiqi (1): usb: typec: fix pm usage counter imbalance in ucsi_ccg_sync_control() Geert Uytterhoeven (2): spi: loopback-test: Do not split 1024-byte hexdumps ALSA: sh: SND_AICA should depend on SH_DMA_API Greg Kroah-Hartman (1): Linux 6.1.140 Hans de Goede (1): platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection Henry Martin (1): HID: uclogic: Add NULL check in uclogic_input_configured() Huacai Chen (2): LoongArch: Fix MAX_REG_OFFSET calculation LoongArch: Explicitly specify code model in Makefile Hyejeong Choi (1): dma-buf: insert memory barrier before updating num_fences Jeremy Linton (1): ACPI: PPTT: Fix processor subtable walk Jethro Donaldson (1): smb: client: fix memory leak during error handling for POSIX mkdir Jonathan Cameron (2): iio: adc: ad7266: Fix potential timestamp alignment issue. iio: adc: ad7768-1: Fix insufficient alignment of timestamp. Kees Cook (8): binfmt: Fix whitespace issues binfmt_elf: elf_bss no longer used by load_elf_binary() binfmt_elf: Leave a gap between .bss and brk selftests/exec: Build both static and non-static load_address tests binfmt_elf: Calculate total_size earlier binfmt_elf: Honor PT_LOAD alignment for static PIE binfmt_elf: Move brk for static PIE even if ASLR disabled nvme-pci: make nvme_pci_npages_prp() __always_inline Keith Busch (1): nvme-pci: acquire cq_poll_lock in nvme_poll_irqdisable Li Lingfeng (1): nfs: handle failure of nfs_get_lock_context in unlock path Ma Jun (1): drm/amdgpu: Fix the runtime resume failure issue Ma Ke (1): phy: Fix error handling in tegra_xusb_port_init Ma Wupeng (1): hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio Maciej S. Szmigiero (1): platform/x86/amd/pmc: Only disable IRQ1 wakeup where i8042 actually enabled it Mario Limonciello (2): drm/amd: Stop evicting resources on APUs in suspend drm/amd: Add Suspend/Hibernate notification callback support Mark Brown (1): arm64/sme: Always exit sme_alloc() early with existing storage Masami Hiramatsu (Google) (1): tracing: probes: Fix a possible race in trace_probe_log APIs Mathieu Othacehe (1): net: cadence: macb: Fix a possible deadlock in macb_halt_tx. Michael Kelley (5): hv_netvsc: Use vmbus_sendpacket_mpb_desc() to send VMBus messages hv_netvsc: Preserve contiguous PFN grouping in the page buffer array hv_netvsc: Remove rmsg_pgcnt Drivers: hv: Allow vmbus_sendpacket_mpb_desc() to create multiple ranges Drivers: hv: vmbus: Remove vmbus_sendpacket_pagebuffer() Michal Suchanek (1): tpm: tis: Double the timeout B to 4s Muhammad Usama Anjum (1): selftests/exec: load_address: conform test to TAP format output Nathan Chancellor (1): net: qede: Initialize qede_ll_ops with designated initializer Nathan Lynch (1): dmaengine: Revert "dmaengine: dmatest: Fix dmatest waiting less when interrupted" Nicolas Chauvet (1): ALSA: usb-audio: Add sample rate quirk for Microdia JP001 USB Camera Pablo Neira Ayuso (1): netfilter: nf_tables: wait for rcu grace period on net_device removal Pengtao He (1): net/tls: fix kernel panic when alloc_page failed Peter Collingbourne (1): bpf, arm64: Fix address emission with tag-based KASAN enabled Puranjay Mohan (1): bpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG Qasim Ijaz (1): HID: thrustmaster: fix memory leak in thrustmaster_interrupts() RD Babiera (1): usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group Ronald Wahl (1): dmaengine: ti: k3-udma: Add missing locking Sebastian Andrzej Siewior (1): clocksource/i8253: Use raw_spinlock_irqsave() in clockevent_i8253_disable() Shigeru Yoshida (2): ipv6: Fix potential uninit-value access in __ip6_make_skb() ipv4: Fix uninit-value access in __ip_make_skb() Shravya KN (1): bnxt_en: Fix receive ring space parameters when XDP is active Shuai Xue (8): dmaengine: idxd: fix memory leak in error handling path of idxd_setup_wqs dmaengine: idxd: fix memory leak in error handling path of idxd_setup_engines dmaengine: idxd: fix memory leak in error handling path of idxd_setup_groups dmaengine: idxd: Add missing cleanup for early error out in idxd_setup_internals dmaengine: idxd: Add missing cleanups in cleanup internals dmaengine: idxd: Add missing idxd cleanup to fix memory leak in remove call dmaengine: idxd: fix memory leak in error handling path of idxd_alloc dmaengine: idxd: fix memory leak in error handling path of idxd_pci_probe Steve Siwinski (1): scsi: sd_zbc: block: Respect bio vector limits for REPORT ZONES buffer Steven Rostedt (1): tracing: samples: Initialize trace_array_printk() with the correct function Subbaraya Sundeep (1): octeontx2-pf: macsec: Fix incorrect max transmit size in TX secy Thomas Gleixner (1): x86/modules: Set VM_FLUSH_RESET_PERMS in module_alloc() Théo Lebrun (1): spi: cadence-qspi: fix pointer reference in runtime PM hooks Trond Myklebust (1): NFSv4/pnfs: Reset the layout state after a layoutreturn Vladimir Oltean (1): net: dsa: sja1105: discard incoming frames in BR_STATE_LISTENING Wayne Lin (2): drm/amd/display: Correct the reply value when AUX write incomplete drm/amd/display: Avoid flooding unnecessary info messages Wentao Liang (1): ALSA: es1968: Add error handling for snd_pcm_hw_constraint_pow2() Xu Lu (1): riscv: mm: Fix the out of bound issue of vmemmap address Yemike Abhilash Chandra (1): dmaengine: ti: k3-udma: Use cap_mask directly from dma_device structure instead of a local copy Zhigang Luo (1): drm/amdgpu: trigger flr_work if reading pf2vf data failed Zhu Yanjun (1): RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug pengdonglin (2): ftrace: Fix preemption accounting for stacktrace trigger command ftrace: Fix preemption accounting for stacktrace filter command

4 months

1
1
0 0

Linux 5.15.184

by Greg Kroah-Hartman

I'm announcing the release of the 5.15.184 kernel. All users of the 5.15 kernel series must upgrade. The updated 5.15.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.15.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/ABI/testing/sysfs-devices-system-cpu | 1 Documentation/admin-guide/hw-vuln/index.rst | 1 Documentation/admin-guide/hw-vuln/indirect-target-selection.rst | 156 ++++++ Documentation/admin-guide/kernel-parameters.txt | 15 Makefile | 2 arch/x86/Kconfig | 11 arch/x86/entry/entry_64.S | 20 arch/x86/include/asm/alternative.h | 32 + arch/x86/include/asm/cpufeatures.h | 3 arch/x86/include/asm/msr-index.h | 8 arch/x86/include/asm/nospec-branch.h | 57 +- arch/x86/kernel/alternative.c | 243 +++++++++- arch/x86/kernel/cpu/bugs.c | 139 +++++ arch/x86/kernel/cpu/common.c | 63 ++ arch/x86/kernel/ftrace.c | 4 arch/x86/kernel/kprobes/core.c | 1 arch/x86/kernel/module.c | 15 arch/x86/kernel/static_call.c | 2 arch/x86/kernel/vmlinux.lds.S | 10 arch/x86/kvm/x86.c | 4 arch/x86/lib/retpoline.S | 39 + arch/x86/net/bpf_jit_comp.c | 8 block/fops.c | 5 drivers/acpi/pptt.c | 11 drivers/base/cpu.c | 8 drivers/clocksource/i8253.c | 6 drivers/dma/dmatest.c | 6 drivers/dma/idxd/init.c | 8 drivers/dma/ti/k3-udma.c | 10 drivers/iio/adc/ad7768-1.c | 2 drivers/iio/chemical/sps30.c | 2 drivers/infiniband/sw/rxe/rxe_cq.c | 5 drivers/net/dsa/sja1105/sja1105_main.c | 6 drivers/net/ethernet/cadence/macb_main.c | 19 drivers/net/ethernet/intel/ice/ice_arfs.c | 9 drivers/net/ethernet/intel/ice/ice_lib.c | 5 drivers/net/ethernet/intel/ice/ice_main.c | 20 drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov_common.c | 7 drivers/net/wireless/mediatek/mt76/dma.c | 1 drivers/phy/renesas/phy-rcar-gen3-usb2.c | 7 drivers/phy/tegra/xusb.c | 8 drivers/platform/x86/asus-wmi.c | 3 drivers/spi/spi-loopback-test.c | 2 drivers/usb/typec/altmodes/displayport.c | 18 drivers/usb/typec/ucsi/displayport.c | 19 drivers/usb/typec/ucsi/ucsi.c | 34 + drivers/usb/typec/ucsi/ucsi.h | 3 drivers/usb/typec/ucsi/ucsi_ccg.c | 5 fs/btrfs/discard.c | 17 fs/btrfs/extent-tree.c | 25 - fs/btrfs/extent_io.c | 15 fs/nfs/nfs4proc.c | 9 fs/nfs/pnfs.c | 9 include/linux/cpu.h | 2 include/linux/module.h | 5 include/net/netfilter/nf_tables.h | 2 include/net/sch_generic.h | 15 kernel/trace/trace_dynevent.c | 16 kernel/trace/trace_dynevent.h | 1 kernel/trace/trace_events_trigger.c | 2 kernel/trace/trace_functions.c | 6 kernel/trace/trace_kprobe.c | 2 kernel/trace/trace_probe.c | 9 kernel/trace/trace_uprobe.c | 2 net/netfilter/nf_tables_api.c | 54 +- net/netfilter/nft_immediate.c | 2 net/sched/sch_codel.c | 2 net/sched/sch_fq.c | 2 net/sched/sch_fq_codel.c | 2 net/sched/sch_fq_pie.c | 2 net/sched/sch_hhf.c | 2 net/sched/sch_pie.c | 2 net/sctp/sysctl.c | 4 samples/ftrace/sample-trace-array.c | 2 sound/pci/es1968.c | 6 sound/sh/Kconfig | 2 sound/usb/quirks.c | 4 tools/testing/selftests/vm/compaction_test.c | 19 78 files changed, 1115 insertions(+), 190 deletions(-) Abdun Nihaal (1): qlcnic: fix memory leak in qlcnic_sriov_channel_cfg_cmd() Alexander Lobakin (1): ice: arfs: fix use-after-free when freeing @rx_cpu_rmap Andrei Kuchynski (1): usb: typec: ucsi: displayport: Fix deadlock Borislav Petkov (AMD) (1): x86/alternative: Optimize returns patching Christian Heusel (1): ALSA: usb-audio: Add sample rate quirk for Audioengine D1 Claudiu Beznea (1): phy: renesas: rcar-gen3-usb2: Set timing registers only once Cong Wang (1): net_sched: Flush gso_skb list too during ->change() Dan Carpenter (1): usb: typec: fix potential array underflow in ucsi_ccg_sync_control() David Lechner (1): iio: chemical: sps30: use aligned_s64 for timestamp Eric Biggers (1): x86/its: Fix build errors when CONFIG_MODULES=n Eric Dumazet (1): sctp: add mutual exclusion in proc_sctp_do_udp_port() Fedor Pchelkin (1): wifi: mt76: disable napi on driver removal Feng Tang (1): selftests/mm: compaction_test: support platform with huge mount of memory Fengnan Chang (1): block: fix direct io NOWAIT flag not work Filipe Manana (2): btrfs: fix discard worker infinite loop after disabling discard btrfs: don't BUG_ON() when 0 reference count at btrfs_lookup_extent_info() Florian Westphal (2): netfilter: nf_tables: pass nft_chain to destroy function, not nft_ctx netfilter: nf_tables: do not defer rule destruction via call_rcu GONG Ruiqi (1): usb: typec: fix pm usage counter imbalance in ucsi_ccg_sync_control() Geert Uytterhoeven (2): spi: loopback-test: Do not split 1024-byte hexdumps ALSA: sh: SND_AICA should depend on SH_DMA_API Greg Kroah-Hartman (1): Linux 5.15.184 Hans de Goede (1): platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection Jeremy Linton (1): ACPI: PPTT: Fix processor subtable walk Jonathan Cameron (1): iio: adc: ad7768-1: Fix insufficient alignment of timestamp. Josef Bacik (1): btrfs: do not clean up repair bio if submit fails Josh Poimboeuf (1): x86/alternatives: Remove faulty optimization Li Lingfeng (1): nfs: handle failure of nfs_get_lock_context in unlock path Ma Ke (1): phy: Fix error handling in tegra_xusb_port_init Masami Hiramatsu (Google) (1): tracing: probes: Fix a possible race in trace_probe_log APIs Mathieu Othacehe (1): net: cadence: macb: Fix a possible deadlock in macb_halt_tx. Nathan Lynch (1): dmaengine: Revert "dmaengine: dmatest: Fix dmatest waiting less when interrupted" Nicolas Chauvet (1): ALSA: usb-audio: Add sample rate quirk for Microdia JP001 USB Camera Pablo Neira Ayuso (1): netfilter: nf_tables: wait for rcu grace period on net_device removal Pawan Gupta (10): x86/speculation: Simplify and make CALL_NOSPEC consistent x86/speculation: Add a conditional CS prefix to CALL_NOSPEC x86/speculation: Remove the extra #ifdef around CALL_NOSPEC Documentation: x86/bugs/its: Add ITS documentation x86/its: Enumerate Indirect Target Selection (ITS) bug x86/its: Add support for ITS-safe indirect thunk x86/its: Add support for ITS-safe return thunk x86/its: Enable Indirect Target Selection mitigation x86/its: Add "vmexit" option to skip mitigation on some CPUs x86/its: Align RETs in BHB clear sequence to avoid thunking Peter Zijlstra (3): x86,nospec: Simplify {JMP,CALL}_NOSPEC x86/its: Use dynamic thunks for indirect branches x86/its: FineIBT-paranoid vs ITS RD Babiera (1): usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group Ronald Wahl (1): dmaengine: ti: k3-udma: Add missing locking Sebastian Andrzej Siewior (1): clocksource/i8253: Use raw_spinlock_irqsave() in clockevent_i8253_disable() Shuai Xue (2): dmaengine: idxd: fix memory leak in error handling path of idxd_setup_engines dmaengine: idxd: fix memory leak in error handling path of idxd_setup_groups Steven Rostedt (1): tracing: samples: Initialize trace_array_printk() with the correct function Thomas Gleixner (1): x86/modules: Set VM_FLUSH_RESET_PERMS in module_alloc() Trond Myklebust (1): NFSv4/pnfs: Reset the layout state after a layoutreturn Vladimir Oltean (1): net: dsa: sja1105: discard incoming frames in BR_STATE_LISTENING Wentao Liang (1): ALSA: es1968: Add error handling for snd_pcm_hw_constraint_pow2() Yemike Abhilash Chandra (1): dmaengine: ti: k3-udma: Use cap_mask directly from dma_device structure instead of a local copy Zhu Yanjun (1): RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug pengdonglin (2): ftrace: Fix preemption accounting for stacktrace trigger command ftrace: Fix preemption accounting for stacktrace filter command

4 months

1
1
0 0

[PATCH 6.1 0/1] Oopses on module unload seen on 6.1.y

by Fedor Pchelkin

Hi, commit 959cadf09dbae7b304f03e039b8d8e13c529e2dd Author: Peter Zijlstra <peterz(a)infradead.org> Date: Mon Oct 14 10:05:48 2024 -0700 x86/its: Use dynamic thunks for indirect branches commit 872df34d7c51a79523820ea6a14860398c639b87 upstream. was ported at v6.1.139 and leads to kernel crashes there after module unload operations. Example trace: BUG: unable to handle page fault for address: ffff8fcb47dd4000 #PF: supervisor write access in kernel mode #PF: error_code(0x0003) - permissions violation PGD 34801067 P4D 34801067 PUD 100148063 PMD 107dd5063 PTE 8000000107dd4161 Oops: 0003 [#1] PREEMPT SMP NOPTI CPU: 3 PID: 378 Comm: modprobe Not tainted 6.1.139-01446-g753bd4a5f9a9 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 RIP: 0010:__change_page_attr_set_clr+0x49d/0x1280 Call Trace: <TASK> ? free_unref_page_prepare+0x80/0x4b0 set_direct_map_invalid_noflush+0x6e/0xa0 __vunmap+0x18c/0x3e0 __vfree+0x21/0xb0 vfree+0x2b/0x90 module_memfree+0x1b/0x50 free_module+0x17c/0x250 __do_sys_delete_module+0x337/0x4b0 __x64_sys_delete_module+0x15/0x30 x64_sys_call+0x3f9a/0x43a0 do_syscall_64+0x33/0x80 entry_SYSCALL_64_after_hwframe+0x6e/0xd8 RIP: 0033:0x7f70755c0807 </TASK> Modules linked in: dm_multipath scsi_dh_rdac scsi_dh_emc scsi_dh_alua [last unloaded: scsi_debug] As mentioned in the blamed patch comment describing the backport adaptations: [ pawan: CONFIG_EXECMEM and CONFIG_EXECMEM_ROX are not supported on backport kernel, made changes to use module_alloc() and set_memory_*() for dynamic thunks. ] module_alloc/module_memfree in conjunction with memory protection routines were used. The allocated memory is vmalloc-based, and it ends up being ROX upon release inside its_free_mod(). Freeing of special permissioned memory in vmalloc requires its own handling. VM_FLUSH_RESET_PERMS flag was introduced for these purposes. In-kernel users dealing with the stuff had to care about this explicitly before commit 4c4eb3ecc91f ("x86/modules: Set VM_FLUSH_RESET_PERMS in module_alloc()"). More recent kernels starting from 6.2 have the commit and are not affected. So port it as a followup for ITS mitigation 6.1-series to fix the aforementioned failures. The problem concerns 5.15-series (currently in stable-queue) as well. It needs its own patch to apply cleanly. Will send it shortly, too. Found by Linux Verification Center (linuxtesting.org). Thomas Gleixner (1): x86/modules: Set VM_FLUSH_RESET_PERMS in module_alloc() arch/x86/kernel/ftrace.c | 2 -- arch/x86/kernel/kprobes/core.c | 1 - arch/x86/kernel/module.c | 9 +++++---- 3 files changed, 5 insertions(+), 7 deletions(-) -- 2.49.0

4 months

2
2
0 0

[PATCH net 1/4] can: kvaser_pciefd: Force IRQ edge in case of nested IRQ

by Marc Kleine-Budde

From: Axel Forsman <axfo(a)kvaser.com> Avoid the driver missing IRQs by temporarily masking IRQs in the ISR to enforce an edge even if a different IRQ is signalled before handled IRQs are cleared. Fixes: 48f827d4f48f ("can: kvaser_pciefd: Move reset of DMA RX buffers to the end of the ISR") Cc: stable(a)vger.kernel.org Signed-off-by: Axel Forsman <axfo(a)kvaser.com> Tested-by: Jimmy Assarsson <extja(a)kvaser.com> Reviewed-by: Jimmy Assarsson <extja(a)kvaser.com> Link: https://patch.msgid.link/20250520114332.8961-2-axfo@kvaser.com Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> --- drivers/net/can/kvaser_pciefd.c | 83 ++++++++++++++++----------------- 1 file changed, 39 insertions(+), 44 deletions(-) diff --git a/drivers/net/can/kvaser_pciefd.c b/drivers/net/can/kvaser_pciefd.c index cf0d51805272..9cc9176c2058 100644 --- a/drivers/net/can/kvaser_pciefd.c +++ b/drivers/net/can/kvaser_pciefd.c @@ -1646,24 +1646,28 @@ static int kvaser_pciefd_read_buffer(struct kvaser_pciefd *pcie, int dma_buf) return res; } -static u32 kvaser_pciefd_receive_irq(struct kvaser_pciefd *pcie) +static void kvaser_pciefd_receive_irq(struct kvaser_pciefd *pcie) { + void __iomem *srb_cmd_reg = KVASER_PCIEFD_SRB_ADDR(pcie) + KVASER_PCIEFD_SRB_CMD_REG; u32 irq = ioread32(KVASER_PCIEFD_SRB_ADDR(pcie) + KVASER_PCIEFD_SRB_IRQ_REG); - if (irq & KVASER_PCIEFD_SRB_IRQ_DPD0) - kvaser_pciefd_read_buffer(pcie, 0); + iowrite32(irq, KVASER_PCIEFD_SRB_ADDR(pcie) + KVASER_PCIEFD_SRB_IRQ_REG); - if (irq & KVASER_PCIEFD_SRB_IRQ_DPD1) + if (irq & KVASER_PCIEFD_SRB_IRQ_DPD0) { + kvaser_pciefd_read_buffer(pcie, 0); + iowrite32(KVASER_PCIEFD_SRB_CMD_RDB0, srb_cmd_reg); /* Rearm buffer */ + } + + if (irq & KVASER_PCIEFD_SRB_IRQ_DPD1) { kvaser_pciefd_read_buffer(pcie, 1); + iowrite32(KVASER_PCIEFD_SRB_CMD_RDB1, srb_cmd_reg); /* Rearm buffer */ + } if (unlikely(irq & KVASER_PCIEFD_SRB_IRQ_DOF0 || irq & KVASER_PCIEFD_SRB_IRQ_DOF1 || irq & KVASER_PCIEFD_SRB_IRQ_DUF0 || irq & KVASER_PCIEFD_SRB_IRQ_DUF1)) dev_err(&pcie->pci->dev, "DMA IRQ error 0x%08X\n", irq); - - iowrite32(irq, KVASER_PCIEFD_SRB_ADDR(pcie) + KVASER_PCIEFD_SRB_IRQ_REG); - return irq; } static void kvaser_pciefd_transmit_irq(struct kvaser_pciefd_can *can) @@ -1691,29 +1695,22 @@ static irqreturn_t kvaser_pciefd_irq_handler(int irq, void *dev) struct kvaser_pciefd *pcie = (struct kvaser_pciefd *)dev; const struct kvaser_pciefd_irq_mask *irq_mask = pcie->driver_data->irq_mask; u32 pci_irq = ioread32(KVASER_PCIEFD_PCI_IRQ_ADDR(pcie)); - u32 srb_irq = 0; - u32 srb_release = 0; int i; if (!(pci_irq & irq_mask->all)) return IRQ_NONE; + iowrite32(0, KVASER_PCIEFD_PCI_IEN_ADDR(pcie)); + if (pci_irq & irq_mask->kcan_rx0) - srb_irq = kvaser_pciefd_receive_irq(pcie); + kvaser_pciefd_receive_irq(pcie); for (i = 0; i < pcie->nr_channels; i++) { if (pci_irq & irq_mask->kcan_tx[i]) kvaser_pciefd_transmit_irq(pcie->can[i]); } - if (srb_irq & KVASER_PCIEFD_SRB_IRQ_DPD0) - srb_release |= KVASER_PCIEFD_SRB_CMD_RDB0; - - if (srb_irq & KVASER_PCIEFD_SRB_IRQ_DPD1) - srb_release |= KVASER_PCIEFD_SRB_CMD_RDB1; - - if (srb_release) - iowrite32(srb_release, KVASER_PCIEFD_SRB_ADDR(pcie) + KVASER_PCIEFD_SRB_CMD_REG); + iowrite32(irq_mask->all, KVASER_PCIEFD_PCI_IEN_ADDR(pcie)); return IRQ_HANDLED; } @@ -1733,13 +1730,22 @@ static void kvaser_pciefd_teardown_can_ctrls(struct kvaser_pciefd *pcie) } } +static void kvaser_pciefd_disable_irq_srcs(struct kvaser_pciefd *pcie) +{ + unsigned int i; + + /* Masking PCI_IRQ is insufficient as running ISR will unmask it */ + iowrite32(0, KVASER_PCIEFD_SRB_ADDR(pcie) + KVASER_PCIEFD_SRB_IEN_REG); + for (i = 0; i < pcie->nr_channels; ++i) + iowrite32(0, pcie->can[i]->reg_base + KVASER_PCIEFD_KCAN_IEN_REG); +} + static int kvaser_pciefd_probe(struct pci_dev *pdev, const struct pci_device_id *id) { int ret; struct kvaser_pciefd *pcie; const struct kvaser_pciefd_irq_mask *irq_mask; - void __iomem *irq_en_base; pcie = devm_kzalloc(&pdev->dev, sizeof(*pcie), GFP_KERNEL); if (!pcie) @@ -1805,8 +1811,7 @@ static int kvaser_pciefd_probe(struct pci_dev *pdev, KVASER_PCIEFD_SRB_ADDR(pcie) + KVASER_PCIEFD_SRB_IEN_REG); /* Enable PCI interrupts */ - irq_en_base = KVASER_PCIEFD_PCI_IEN_ADDR(pcie); - iowrite32(irq_mask->all, irq_en_base); + iowrite32(irq_mask->all, KVASER_PCIEFD_PCI_IEN_ADDR(pcie)); /* Ready the DMA buffers */ iowrite32(KVASER_PCIEFD_SRB_CMD_RDB0, KVASER_PCIEFD_SRB_ADDR(pcie) + KVASER_PCIEFD_SRB_CMD_REG); @@ -1820,8 +1825,7 @@ static int kvaser_pciefd_probe(struct pci_dev *pdev, return 0; err_free_irq: - /* Disable PCI interrupts */ - iowrite32(0, irq_en_base); + kvaser_pciefd_disable_irq_srcs(pcie); free_irq(pcie->pci->irq, pcie); err_pci_free_irq_vectors: @@ -1844,35 +1848,26 @@ static int kvaser_pciefd_probe(struct pci_dev *pdev, return ret; } -static void kvaser_pciefd_remove_all_ctrls(struct kvaser_pciefd *pcie) -{ - int i; - - for (i = 0; i < pcie->nr_channels; i++) { - struct kvaser_pciefd_can *can = pcie->can[i]; - - if (can) { - iowrite32(0, can->reg_base + KVASER_PCIEFD_KCAN_IEN_REG); - unregister_candev(can->can.dev); - timer_delete(&can->bec_poll_timer); - kvaser_pciefd_pwm_stop(can); - free_candev(can->can.dev); - } - } -} - static void kvaser_pciefd_remove(struct pci_dev *pdev) { struct kvaser_pciefd *pcie = pci_get_drvdata(pdev); + unsigned int i; - kvaser_pciefd_remove_all_ctrls(pcie); + for (i = 0; i < pcie->nr_channels; ++i) { + struct kvaser_pciefd_can *can = pcie->can[i]; - /* Disable interrupts */ - iowrite32(0, KVASER_PCIEFD_SRB_ADDR(pcie) + KVASER_PCIEFD_SRB_CTRL_REG); - iowrite32(0, KVASER_PCIEFD_PCI_IEN_ADDR(pcie)); + unregister_candev(can->can.dev); + timer_delete(&can->bec_poll_timer); + kvaser_pciefd_pwm_stop(can); + } + kvaser_pciefd_disable_irq_srcs(pcie); free_irq(pcie->pci->irq, pcie); pci_free_irq_vectors(pcie->pci); + + for (i = 0; i < pcie->nr_channels; ++i) + free_candev(pcie->can[i]->can.dev); + pci_iounmap(pdev, pcie->reg_base); pci_release_regions(pdev); pci_disable_device(pdev); base-commit: 9e89db3d847f2d66d2799c5533d00aebee2be4d1 -- 2.47.2

4 months

2
1
0 0

[PATCH v2 1/2] drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1

by Ville Syrjala

From: Ville Syrjälä <ville.syrjala(a)linux.intel.com> The intel-media-driver is currently broken on DG1 because it uses EXEC_CAPTURE with recovarable contexts. Relax the check to allow that. I've also submitted a fix for the intel-media-driver: https://github.com/intel/media-driver/pull/1920 Cc: stable(a)vger.kernel.org Cc: Matthew Auld <matthew.auld(a)intel.com> Cc: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> Testcase: igt/gem_exec_capture/capture-invisible Fixes: 71b1669ea9bd ("drm/i915/uapi: tweak error capture on recoverable contexts") Reviewed-by: Andi Shyti <andi.shyti(a)linux.intel.com> Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> --- drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c b/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c index ca7e9216934a..ea9d5063ce78 100644 --- a/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c +++ b/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c @@ -2013,7 +2013,7 @@ static int eb_capture_stage(struct i915_execbuffer *eb) continue; if (i915_gem_context_is_recoverable(eb->gem_context) && - (IS_DGFX(eb->i915) || GRAPHICS_VER_FULL(eb->i915) > IP_VER(12, 0))) + GRAPHICS_VER_FULL(eb->i915) > IP_VER(12, 10)) return -EINVAL; for_each_batch_create_order(eb, j) { -- 2.49.0

4 months

4
4
0 0

[PATCH v3] usb: hub: lack of clearing xHC resources

by Pawel Laszczak

The xHC resources allocated for USB devices are not released in correct order after resuming in case when while suspend device was reconnected. This issue has been detected during the fallowing scenario: - connect hub HS to root port - connect LS/FS device to hub port - wait for enumeration to finish - force host to suspend - reconnect hub attached to root port - wake host For this scenario during enumeration of USB LS/FS device the Cadence xHC reports completion error code for xHC commands because the xHC resources used for devices has not been properly released. XHCI specification doesn't mention that device can be reset in any order so, we should not treat this issue as Cadence xHC controller bug. Similar as during disconnecting in this case the device resources should be cleared starting form the last usb device in tree toward the root hub. To fix this issue usbcore driver should call hcd->driver->reset_device for all USB devices connected to hub which was reconnected while suspending. Fixes: 3d82904559f4 ("usb: cdnsp: cdns3 Add main part of Cadence USBSSP DRD Driver") cc: <stable(a)vger.kernel.org> Signed-off-by: Pawel Laszczak <pawell(a)cadence.com> --- Changelog: v3: - Changed patch title - Corrected typo - Moved hub_hc_release_resources above mutex_lock(hcd->address0_mutex) v2: - Replaced disconnection procedure with releasing only the xHC resources drivers/usb/core/hub.c | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c index a76bb50b6202..dcba4281ea48 100644 --- a/drivers/usb/core/hub.c +++ b/drivers/usb/core/hub.c @@ -6065,6 +6065,36 @@ void usb_hub_cleanup(void) usb_deregister(&hub_driver); } /* usb_hub_cleanup() */ +/** + * hub_hc_release_resources - clear resources used by host controller + * @udev: pointer to device being released + * + * Context: task context, might sleep + * + * Function releases the host controller resources in correct order before + * making any operation on resuming usb device. The host controller resources + * allocated for devices in tree should be released starting from the last + * usb device in tree toward the root hub. This function is used only during + * resuming device when usb device require reinitialization – that is, when + * flag udev->reset_resume is set. + * + * This call is synchronous, and may not be used in an interrupt context. + */ +static void hub_hc_release_resources(struct usb_device *udev) +{ + struct usb_hub *hub = usb_hub_to_struct_hub(udev); + struct usb_hcd *hcd = bus_to_hcd(udev->bus); + int i; + + /* Release up resources for all children before this device */ + for (i = 0; i < udev->maxchild; i++) + if (hub->ports[i]->child) + hub_hc_release_resources(hub->ports[i]->child); + + if (hcd->driver->reset_device) + hcd->driver->reset_device(hcd, udev); +} + /** * usb_reset_and_verify_device - perform a USB port reset to reinitialize a device * @udev: device to reset (not in SUSPENDED or NOTATTACHED state) @@ -6129,6 +6159,9 @@ static int usb_reset_and_verify_device(struct usb_device *udev) bos = udev->bos; udev->bos = NULL; + if (udev->reset_resume) + hub_hc_release_resources(udev); + mutex_lock(hcd->address0_mutex); for (i = 0; i < PORT_INIT_TRIES; ++i) { -- 2.43.0

4 months

4
5
0 0

[PATCH 3/4 v3] crypto: octeontx2: Fix address alignment on CN10K A0/A1 and OcteonTX2

by Bharat Bhushan

octeontx2 crypto driver allocates memory using kmalloc/kzalloc, and uses this memory for dma (does dma_map_single()). It assumes that kmalloc/kzalloc will return 128-byte aligned address. But kmalloc/kzalloc returns 8-byte aligned address after below changes: "9382bc44b5f5 arm64: allow kmalloc() caches aligned to the smaller cache_line_size() Memory allocated are used for following purpose: - Input data or scatter list address - 8-Byte alignment - Output data or gather list address - 8-Byte alignment - Completion address - 32-Byte alignment. This patch ensures all addresses are aligned as mentioned above. Signed-off-by: Bharat Bhushan <bbhushan2(a)marvell.com> Cc: <stable(a)vger.kernel.org> #v6.5+ --- v2->v3: - Align DMA memory to ARCH_DMA_MINALIGN as that is mapped as bidirectional v1->v2: - Fixed memory padding size calculation as per review comment .../marvell/octeontx2/otx2_cpt_reqmgr.h | 63 ++++++++++++++----- 1 file changed, 48 insertions(+), 15 deletions(-) diff --git a/drivers/crypto/marvell/octeontx2/otx2_cpt_reqmgr.h b/drivers/crypto/marvell/octeontx2/otx2_cpt_reqmgr.h index e27e849b01df..204a31755710 100644 --- a/drivers/crypto/marvell/octeontx2/otx2_cpt_reqmgr.h +++ b/drivers/crypto/marvell/octeontx2/otx2_cpt_reqmgr.h @@ -34,6 +34,9 @@ #define SG_COMP_2 2 #define SG_COMP_1 1 +#define OTX2_CPT_DPTR_RPTR_ALIGN 8 +#define OTX2_CPT_RES_ADDR_ALIGN 32 + union otx2_cpt_opcode { u16 flags; struct { @@ -417,10 +420,9 @@ static inline struct otx2_cpt_inst_info * otx2_sg_info_create(struct pci_dev *pdev, struct otx2_cpt_req_info *req, gfp_t gfp) { - int align = OTX2_CPT_DMA_MINALIGN; struct otx2_cpt_inst_info *info; - u32 dlen, align_dlen, info_len; - u16 g_sz_bytes, s_sz_bytes; + u32 dlen, info_len; + u16 g_len, s_len; u32 total_mem_len; if (unlikely(req->in_cnt > OTX2_CPT_MAX_SG_IN_CNT || @@ -429,22 +431,51 @@ otx2_sg_info_create(struct pci_dev *pdev, struct otx2_cpt_req_info *req, return NULL; } - g_sz_bytes = ((req->in_cnt + 3) / 4) * - sizeof(struct otx2_cpt_sglist_component); - s_sz_bytes = ((req->out_cnt + 3) / 4) * - sizeof(struct otx2_cpt_sglist_component); + /* Allocate memory to meet below alignment requirement: + * ---------------------------------- + * | struct otx2_cpt_inst_info | + * | (No alignment required) | + * | -----------------------------| + * | | padding for 8B alignment | + * |----------------------------------| + * | SG List Gather/Input memory | + * | Length = multiple of 32Bytes | + * | Alignment = 8Byte | + * |----------------------------------| + * | SG List Scatter/Output memory | + * | Length = multiple of 32Bytes | + * | Alignment = 8Byte | + * | (padding for below alignment) | + * | -----------------------------| + * | | padding for 32B alignment | + * |----------------------------------| + * | Result response memory | + * ---------------------------------- + */ - dlen = g_sz_bytes + s_sz_bytes + SG_LIST_HDR_SIZE; - align_dlen = ALIGN(dlen, align); - info_len = ALIGN(sizeof(*info), align); - total_mem_len = align_dlen + info_len + sizeof(union otx2_cpt_res_s); + info_len = sizeof(*info); + + g_len = ((req->in_cnt + 3) / 4) * + sizeof(struct otx2_cpt_sglist_component); + s_len = ((req->out_cnt + 3) / 4) * + sizeof(struct otx2_cpt_sglist_component); + + dlen = g_len + s_len + SG_LIST_HDR_SIZE; + + /* Allocate extra memory for SG and response address alignment */ + total_mem_len = ALIGN(info_len, ARCH_DMA_MINALIGN) + dlen; + total_mem_len = ALIGN(total_mem_len, OTX2_CPT_DPTR_RPTR_ALIGN); + total_mem_len += (OTX2_CPT_RES_ADDR_ALIGN - 1) & + ~(OTX2_CPT_DPTR_RPTR_ALIGN - 1); + total_mem_len += sizeof(union otx2_cpt_res_s); info = kzalloc(total_mem_len, gfp); if (unlikely(!info)) return NULL; info->dlen = dlen; - info->in_buffer = (u8 *)info + info_len; + info->in_buffer = PTR_ALIGN((u8 *)info + info_len, ARCH_DMA_MINALIGN); + info->out_buffer = info->in_buffer + SG_LIST_HDR_SIZE + g_len; ((u16 *)info->in_buffer)[0] = req->out_cnt; ((u16 *)info->in_buffer)[1] = req->in_cnt; @@ -460,7 +491,7 @@ otx2_sg_info_create(struct pci_dev *pdev, struct otx2_cpt_req_info *req, } if (setup_sgio_components(pdev, req->out, req->out_cnt, - &info->in_buffer[8 + g_sz_bytes])) { + info->out_buffer)) { dev_err(&pdev->dev, "Failed to setup scatter list\n"); goto destroy_info; } @@ -476,8 +507,10 @@ otx2_sg_info_create(struct pci_dev *pdev, struct otx2_cpt_req_info *req, * Get buffer for union otx2_cpt_res_s response * structure and its physical address */ - info->completion_addr = info->in_buffer + align_dlen; - info->comp_baddr = info->dptr_baddr + align_dlen; + info->completion_addr = PTR_ALIGN((info->in_buffer + dlen), + OTX2_CPT_RES_ADDR_ALIGN); + info->comp_baddr = ALIGN((info->dptr_baddr + dlen), + OTX2_CPT_RES_ADDR_ALIGN); return info; -- 2.34.1

4 months

3
2
0 0

[PATCH 4/4 v4] crypto: octeontx2: Fix address alignment on CN10KB and CN10KA-B0

by Bharat Bhushan

octeontx2 crypto driver allocates memory using kmalloc/kzalloc, and uses this memory for dma (does dma_map_single()). It assumes that kmalloc/kzalloc will return 128-byte aligned address. But kmalloc/kzalloc returns 8-byte aligned address after below changes: "9382bc44b5f5 arm64: allow kmalloc() caches aligned to the smaller cache_line_size() Memory allocated are used for following purpose: - Input data or scatter list address - 8-Byte alignment - Output data or gather list address - 8-Byte alignment - Completion address - 32-Byte alignment. This patch ensures all addresses are aligned as mentioned above. Signed-off-by: Bharat Bhushan <bbhushan2(a)marvell.com> Cc: <stable(a)vger.kernel.org> # v6.8+ --- v3->v4: - Again fixed memory size calculation as per review comment v2->v3: - Align DMA memory to ARCH_DMA_MINALIGN as that is mapped as bidirectional v1->v2: - Fixed memory padding size calculation as per review comment .../marvell/octeontx2/otx2_cpt_reqmgr.h | 59 ++++++++++++++----- 1 file changed, 44 insertions(+), 15 deletions(-) diff --git a/drivers/crypto/marvell/octeontx2/otx2_cpt_reqmgr.h b/drivers/crypto/marvell/octeontx2/otx2_cpt_reqmgr.h index 98de93851ba1..90a031421aac 100644 --- a/drivers/crypto/marvell/octeontx2/otx2_cpt_reqmgr.h +++ b/drivers/crypto/marvell/octeontx2/otx2_cpt_reqmgr.h @@ -350,22 +350,48 @@ static inline struct otx2_cpt_inst_info * cn10k_sgv2_info_create(struct pci_dev *pdev, struct otx2_cpt_req_info *req, gfp_t gfp) { - u32 dlen = 0, g_len, sg_len, info_len; - int align = OTX2_CPT_DMA_MINALIGN; + u32 dlen = 0, g_len, s_len, sg_len, info_len; struct otx2_cpt_inst_info *info; - u16 g_sz_bytes, s_sz_bytes; u32 total_mem_len; int i; - g_sz_bytes = ((req->in_cnt + 2) / 3) * - sizeof(struct cn10kb_cpt_sglist_component); - s_sz_bytes = ((req->out_cnt + 2) / 3) * - sizeof(struct cn10kb_cpt_sglist_component); + /* Allocate memory to meet below alignment requirement: + * ------------------------------------ + * | struct otx2_cpt_inst_info | + * | (No alignment required) | + * | --------------------------------| + * | | padding for ARCH_DMA_MINALIGN | + * | | alignment | + * |------------------------------------| + * | SG List Gather/Input memory | + * | Length = multiple of 32Bytes | + * | Alignment = 8Byte | + * |---------------------------------- | + * | SG List Scatter/Output memory | + * | Length = multiple of 32Bytes | + * | Alignment = 8Byte | + * | -------------------------------| + * | | padding for 32B alignment | + * |------------------------------------| + * | Result response memory | + * | Alignment = 32Byte | + * ------------------------------------ + */ + + info_len = sizeof(*info); + + g_len = ((req->in_cnt + 2) / 3) * + sizeof(struct cn10kb_cpt_sglist_component); + s_len = ((req->out_cnt + 2) / 3) * + sizeof(struct cn10kb_cpt_sglist_component); + sg_len = g_len + s_len; - g_len = ALIGN(g_sz_bytes, align); - sg_len = ALIGN(g_len + s_sz_bytes, align); - info_len = ALIGN(sizeof(*info), align); - total_mem_len = sg_len + info_len + sizeof(union otx2_cpt_res_s); + /* Allocate extra memory for SG and response address alignment */ + total_mem_len = ALIGN(info_len, OTX2_CPT_DPTR_RPTR_ALIGN); + total_mem_len += (ARCH_DMA_MINALIGN - 1) & + ~(OTX2_CPT_DPTR_RPTR_ALIGN - 1); + total_mem_len += ALIGN(sg_len, OTX2_CPT_RES_ADDR_ALIGN); + total_mem_len += sizeof(union otx2_cpt_res_s); info = kzalloc(total_mem_len, gfp); if (unlikely(!info)) @@ -375,7 +401,8 @@ cn10k_sgv2_info_create(struct pci_dev *pdev, struct otx2_cpt_req_info *req, dlen += req->in[i].size; info->dlen = dlen; - info->in_buffer = (u8 *)info + info_len; + info->in_buffer = PTR_ALIGN((u8 *)info + info_len, ARCH_DMA_MINALIGN); + info->out_buffer = info->in_buffer + g_len; info->gthr_sz = req->in_cnt; info->sctr_sz = req->out_cnt; @@ -387,7 +414,7 @@ cn10k_sgv2_info_create(struct pci_dev *pdev, struct otx2_cpt_req_info *req, } if (sgv2io_components_setup(pdev, req->out, req->out_cnt, - &info->in_buffer[g_len])) { + info->out_buffer)) { dev_err(&pdev->dev, "Failed to setup scatter list\n"); goto destroy_info; } @@ -404,8 +431,10 @@ cn10k_sgv2_info_create(struct pci_dev *pdev, struct otx2_cpt_req_info *req, * Get buffer for union otx2_cpt_res_s response * structure and its physical address */ - info->completion_addr = info->in_buffer + sg_len; - info->comp_baddr = info->dptr_baddr + sg_len; + info->completion_addr = PTR_ALIGN((info->in_buffer + sg_len), + OTX2_CPT_RES_ADDR_ALIGN); + info->comp_baddr = ALIGN((info->dptr_baddr + sg_len), + OTX2_CPT_RES_ADDR_ALIGN); return info; -- 2.34.1

4 months

1
0
0 0

[PATCH 3/4 v4] crypto: octeontx2: Fix address alignment on CN10K A0/A1 and OcteonTX2

by Bharat Bhushan

octeontx2 crypto driver allocates memory using kmalloc/kzalloc, and uses this memory for dma (does dma_map_single()). It assumes that kmalloc/kzalloc will return 128-byte aligned address. But kmalloc/kzalloc returns 8-byte aligned address after below changes: "9382bc44b5f5 arm64: allow kmalloc() caches aligned to the smaller cache_line_size() Memory allocated are used for following purpose: - Input data or scatter list address - 8-Byte alignment - Output data or gather list address - 8-Byte alignment - Completion address - 32-Byte alignment. This patch ensures all addresses are aligned as mentioned above. Signed-off-by: Bharat Bhushan <bbhushan2(a)marvell.com> Cc: <stable(a)vger.kernel.org> # v6.5+ --- v3->v4: - Again fixed memory size calculation as per review comment v2->v3: - Align DMA memory to ARCH_DMA_MINALIGN as that is mapped as bidirectional v1->v2: - Fixed memory padding size calculation as per review comment .../marvell/octeontx2/otx2_cpt_reqmgr.h | 66 ++++++++++++++----- 1 file changed, 51 insertions(+), 15 deletions(-) diff --git a/drivers/crypto/marvell/octeontx2/otx2_cpt_reqmgr.h b/drivers/crypto/marvell/octeontx2/otx2_cpt_reqmgr.h index e27e849b01df..98de93851ba1 100644 --- a/drivers/crypto/marvell/octeontx2/otx2_cpt_reqmgr.h +++ b/drivers/crypto/marvell/octeontx2/otx2_cpt_reqmgr.h @@ -34,6 +34,9 @@ #define SG_COMP_2 2 #define SG_COMP_1 1 +#define OTX2_CPT_DPTR_RPTR_ALIGN 8 +#define OTX2_CPT_RES_ADDR_ALIGN 32 + union otx2_cpt_opcode { u16 flags; struct { @@ -417,10 +420,9 @@ static inline struct otx2_cpt_inst_info * otx2_sg_info_create(struct pci_dev *pdev, struct otx2_cpt_req_info *req, gfp_t gfp) { - int align = OTX2_CPT_DMA_MINALIGN; struct otx2_cpt_inst_info *info; - u32 dlen, align_dlen, info_len; - u16 g_sz_bytes, s_sz_bytes; + u32 dlen, info_len; + u16 g_len, s_len; u32 total_mem_len; if (unlikely(req->in_cnt > OTX2_CPT_MAX_SG_IN_CNT || @@ -429,22 +431,54 @@ otx2_sg_info_create(struct pci_dev *pdev, struct otx2_cpt_req_info *req, return NULL; } - g_sz_bytes = ((req->in_cnt + 3) / 4) * - sizeof(struct otx2_cpt_sglist_component); - s_sz_bytes = ((req->out_cnt + 3) / 4) * - sizeof(struct otx2_cpt_sglist_component); + /* Allocate memory to meet below alignment requirement: + * ------------------------------------ + * | struct otx2_cpt_inst_info | + * | (No alignment required) | + * | --------------------------------| + * | | padding for ARCH_DMA_MINALIGN | + * | | alignment | + * |------------------------------------| + * | SG List Header of 8 Byte | + * |------------------------------------| + * | SG List Gather/Input memory | + * | Length = multiple of 32Bytes | + * | Alignment = 8Byte | + * |---------------------------------- | + * | SG List Scatter/Output memory | + * | Length = multiple of 32Bytes | + * | Alignment = 8Byte | + * | -------------------------------| + * | | padding for 32B alignment | + * |------------------------------------| + * | Result response memory | + * | Alignment = 32Byte | + * ------------------------------------ + */ - dlen = g_sz_bytes + s_sz_bytes + SG_LIST_HDR_SIZE; - align_dlen = ALIGN(dlen, align); - info_len = ALIGN(sizeof(*info), align); - total_mem_len = align_dlen + info_len + sizeof(union otx2_cpt_res_s); + info_len = sizeof(*info); + + g_len = ((req->in_cnt + 3) / 4) * + sizeof(struct otx2_cpt_sglist_component); + s_len = ((req->out_cnt + 3) / 4) * + sizeof(struct otx2_cpt_sglist_component); + + dlen = g_len + s_len + SG_LIST_HDR_SIZE; + + /* Allocate extra memory for SG and response address alignment */ + total_mem_len = ALIGN(info_len, OTX2_CPT_DPTR_RPTR_ALIGN); + total_mem_len += (ARCH_DMA_MINALIGN - 1) & + ~(OTX2_CPT_DPTR_RPTR_ALIGN - 1); + total_mem_len += ALIGN(dlen, OTX2_CPT_RES_ADDR_ALIGN); + total_mem_len += sizeof(union otx2_cpt_res_s); info = kzalloc(total_mem_len, gfp); if (unlikely(!info)) return NULL; info->dlen = dlen; - info->in_buffer = (u8 *)info + info_len; + info->in_buffer = PTR_ALIGN((u8 *)info + info_len, ARCH_DMA_MINALIGN); + info->out_buffer = info->in_buffer + SG_LIST_HDR_SIZE + g_len; ((u16 *)info->in_buffer)[0] = req->out_cnt; ((u16 *)info->in_buffer)[1] = req->in_cnt; @@ -460,7 +494,7 @@ otx2_sg_info_create(struct pci_dev *pdev, struct otx2_cpt_req_info *req, } if (setup_sgio_components(pdev, req->out, req->out_cnt, - &info->in_buffer[8 + g_sz_bytes])) { + info->out_buffer)) { dev_err(&pdev->dev, "Failed to setup scatter list\n"); goto destroy_info; } @@ -476,8 +510,10 @@ otx2_sg_info_create(struct pci_dev *pdev, struct otx2_cpt_req_info *req, * Get buffer for union otx2_cpt_res_s response * structure and its physical address */ - info->completion_addr = info->in_buffer + align_dlen; - info->comp_baddr = info->dptr_baddr + align_dlen; + info->completion_addr = PTR_ALIGN((info->in_buffer + dlen), + OTX2_CPT_RES_ADDR_ALIGN); + info->comp_baddr = ALIGN((info->dptr_baddr + dlen), + OTX2_CPT_RES_ADDR_ALIGN); return info; -- 2.34.1

4 months

1
0
0 0

[PATCH 2/4 v4] crypto: octeontx2: Fix address alignment issue on ucode loading

by Bharat Bhushan

octeontx2 crypto driver allocates memory using kmalloc/kzalloc, and uses this memory for dma (does dma_map_single()). It assumes that kmalloc/kzalloc will return 128-byte aligned address. But kmalloc/kzalloc returns 8-byte aligned address after below changes: "9382bc44b5f5 arm64: allow kmalloc() caches aligned to the smaller cache_line_size()" Completion address should be 32-Byte alignment when loading microcode. Signed-off-by: Bharat Bhushan <bbhushan2(a)marvell.com> Cc: <stable(a)vger.kernel.org> # v6.5+ --- v2->v3: - Align DMA memory to ARCH_DMA_MINALIGN as that is mapped as bidirectional .../marvell/octeontx2/otx2_cptpf_ucode.c | 35 +++++++++++-------- 1 file changed, 21 insertions(+), 14 deletions(-) diff --git a/drivers/crypto/marvell/octeontx2/otx2_cptpf_ucode.c b/drivers/crypto/marvell/octeontx2/otx2_cptpf_ucode.c index 3a818ac89295..88f0f72a4462 100644 --- a/drivers/crypto/marvell/octeontx2/otx2_cptpf_ucode.c +++ b/drivers/crypto/marvell/octeontx2/otx2_cptpf_ucode.c @@ -1491,12 +1491,13 @@ int otx2_cpt_discover_eng_capabilities(struct otx2_cptpf_dev *cptpf) union otx2_cpt_opcode opcode; union otx2_cpt_res_s *result; union otx2_cpt_inst_s inst; + dma_addr_t result_baddr; dma_addr_t rptr_baddr; struct pci_dev *pdev; - u32 len, compl_rlen; int timeout = 10000; + void *base, *rptr; int ret, etype; - void *rptr; + u32 len; /* * We don't get capabilities if it was already done @@ -1521,22 +1522,28 @@ int otx2_cpt_discover_eng_capabilities(struct otx2_cptpf_dev *cptpf) if (ret) goto delete_grps; - compl_rlen = ALIGN(sizeof(union otx2_cpt_res_s), OTX2_CPT_DMA_MINALIGN); - len = compl_rlen + LOADFVC_RLEN; + /* Allocate extra memory for "rptr" and "result" pointer alignment */ + len = LOADFVC_RLEN + ARCH_DMA_MINALIGN + + sizeof(union otx2_cpt_res_s) + OTX2_CPT_RES_ADDR_ALIGN; - result = kzalloc(len, GFP_KERNEL); - if (!result) { + base = kzalloc(len, GFP_KERNEL); + if (!base) { ret = -ENOMEM; goto lf_cleanup; } - rptr_baddr = dma_map_single(&pdev->dev, (void *)result, len, - DMA_BIDIRECTIONAL); + + rptr = PTR_ALIGN(base, ARCH_DMA_MINALIGN); + rptr_baddr = dma_map_single(&pdev->dev, rptr, len, DMA_BIDIRECTIONAL); if (dma_mapping_error(&pdev->dev, rptr_baddr)) { dev_err(&pdev->dev, "DMA mapping failed\n"); ret = -EFAULT; - goto free_result; + goto free_rptr; } - rptr = (u8 *)result + compl_rlen; + + result = (union otx2_cpt_res_s *)PTR_ALIGN(rptr + LOADFVC_RLEN, + OTX2_CPT_RES_ADDR_ALIGN); + result_baddr = ALIGN(rptr_baddr + LOADFVC_RLEN, + OTX2_CPT_RES_ADDR_ALIGN); /* Fill in the command */ opcode.s.major = LOADFVC_MAJOR_OP; @@ -1548,14 +1555,14 @@ int otx2_cpt_discover_eng_capabilities(struct otx2_cptpf_dev *cptpf) /* 64-bit swap for microcode data reads, not needed for addresses */ cpu_to_be64s(&iq_cmd.cmd.u); iq_cmd.dptr = 0; - iq_cmd.rptr = rptr_baddr + compl_rlen; + iq_cmd.rptr = rptr_baddr; iq_cmd.cptr.u = 0; for (etype = 1; etype < OTX2_CPT_MAX_ENG_TYPES; etype++) { result->s.compcode = OTX2_CPT_COMPLETION_CODE_INIT; iq_cmd.cptr.s.grp = otx2_cpt_get_eng_grp(&cptpf->eng_grps, etype); - otx2_cpt_fill_inst(&inst, &iq_cmd, rptr_baddr); + otx2_cpt_fill_inst(&inst, &iq_cmd, result_baddr); lfs->ops->send_cmd(&inst, 1, &cptpf->lfs.lf[0]); timeout = 10000; @@ -1578,8 +1585,8 @@ int otx2_cpt_discover_eng_capabilities(struct otx2_cptpf_dev *cptpf) error_no_response: dma_unmap_single(&pdev->dev, rptr_baddr, len, DMA_BIDIRECTIONAL); -free_result: - kfree(result); +free_rptr: + kfree(base); lf_cleanup: otx2_cptlf_shutdown(lfs); delete_grps: -- 2.34.1

4 months

1
0
0 0

[PATCH] objtool/rust: relax slice condition to cover more `noreturn` Rust functions

by Miguel Ojeda

Developers are indeed hitting other of the `noreturn` slice symbols in Nova [1], thus relax the last check in the list so that we catch all of them, i.e. *_4core5slice5index22slice_index_order_fail *_4core5slice5index24slice_end_index_len_fail *_4core5slice5index26slice_start_index_len_fail *_4core5slice5index29slice_end_index_overflow_fail *_4core5slice5index31slice_start_index_overflow_fail These all exist since at least Rust 1.78.0, thus backport it too. See commit 56d680dd23c3 ("objtool/rust: list `noreturn` Rust functions") for more details. Cc: stable(a)vger.kernel.org # Needed in 6.12.y and later. Cc: John Hubbard <jhubbard(a)nvidia.com> Cc: Timur Tabi <ttabi(a)nvidia.com> Cc: Kane York <kanepyork(a)gmail.com> Cc: Josh Poimboeuf <jpoimboe(a)kernel.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Reported-by: Joel Fernandes <joelagnelf(a)nvidia.com> Link: https://lore.kernel.org/rust-for-linux/20250513180757.GA1295002@joelnvbox/ [1] Signed-off-by: Miguel Ojeda <ojeda(a)kernel.org> --- I tested it with the Timur's `alex` branch, but a Tested-by is appreciated. Thanks! tools/objtool/check.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tools/objtool/check.c b/tools/objtool/check.c index b21b12ec88d9..f23bdda737aa 100644 --- a/tools/objtool/check.c +++ b/tools/objtool/check.c @@ -230,7 +230,8 @@ static bool is_rust_noreturn(const struct symbol *func) str_ends_with(func->name, "_7___rustc17rust_begin_unwind") || strstr(func->name, "_4core9panicking13assert_failed") || strstr(func->name, "_4core9panicking11panic_const24panic_const_") || - (strstr(func->name, "_4core5slice5index24slice_") && + (strstr(func->name, "_4core5slice5index") && + strstr(func->name, "slice_") && str_ends_with(func->name, "_fail")); } base-commit: a5806cd506af5a7c19bcd596e4708b5c464bfd21 -- 2.49.0

4 months

3
2
0 0

[PATCH 5.10.y/5.15.y] ELF: fix kernel.randomize_va_space double read

by Feng Liu

From: Alexey Dobriyan <adobriyan(a)gmail.com> [ Upstream commit 2a97388a807b6ab5538aa8f8537b2463c6988bd2 ] ELF loader uses "randomize_va_space" twice. It is sysctl and can change at any moment, so 2 loads could see 2 different values in theory with unpredictable consequences. Issue exactly one load for consistent value across one exec. Signed-off-by: Alexey Dobriyan <adobriyan(a)gmail.com> Link: https://lore.kernel.org/r/3329905c-7eb8-400a-8f0a-d87cff979b5b@p183 Signed-off-by: Kees Cook <kees(a)kernel.org> Signed-off-by: Feng Liu <Feng.Liu3(a)windriver.com> Signed-off-by: He Zhe <Zhe.He(a)windriver.com> --- Verified the build test. --- fs/binfmt_elf.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c index 11dc833ca2c4..a1f0dff2f818 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -1008,7 +1008,8 @@ static int load_elf_binary(struct linux_binprm *bprm) if (elf_read_implies_exec(*elf_ex, executable_stack)) current->personality |= READ_IMPLIES_EXEC; - if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space) + const int snapshot_randomize_va_space = READ_ONCE(randomize_va_space); + if (!(current->personality & ADDR_NO_RANDOMIZE) && snapshot_randomize_va_space) current->flags |= PF_RANDOMIZE; setup_new_exec(bprm); @@ -1278,7 +1279,7 @@ static int load_elf_binary(struct linux_binprm *bprm) mm->end_data = end_data; mm->start_stack = bprm->p; - if ((current->flags & PF_RANDOMIZE) && (randomize_va_space > 1)) { + if ((current->flags & PF_RANDOMIZE) && (snapshot_randomize_va_space > 1)) { /* * For architectures with ELF randomization, when executing * a loader directly (i.e. no interpreter listed in ELF -- 2.34.1

4 months

4
7
0 0

[PATCH] iio: common: st_sensors: Fix use of uninitialize device structs

by Maud Spierings via B4 Relay

From: Maud Spierings <maudspierings(a)gocontroll.com> Throughout the various probe functions &indio_dev->dev is used before it is initialized. This caused a kernel panic in st_sensors_power_enable when the call to devm_regulator_bulk_get_enable() fails and then calls dev_err_probe() with the uninitialized device. This seems to only cause a panic with dev_err_probe(), dev_err, dev_warn and dev_info don't seem to cause a panic, but are fixed as well. --- When I search for general &indio_dev->dev usage, I see quite a lot more hits, but I am not sure if there are issues with those too. This issue has existed for a long time it seems and therefore it is nearly impossible to find a proper fixes tag. I would love to see it at least backported to 6.12 as that is where I encountered it, and I believe the patch should apply without conflicts. The investigation into this issue can be found in this thread [1] [1]: https://lore.kernel.org/all/AM7P189MB100986A83D2F28AF3FFAF976E39EA@AM7P189M… Signed-off-by: Maud Spierings <maudspierings(a)gocontroll.com> --- drivers/iio/accel/st_accel_core.c | 10 +++---- drivers/iio/common/st_sensors/st_sensors_core.c | 35 +++++++++++----------- drivers/iio/common/st_sensors/st_sensors_trigger.c | 18 +++++------ 3 files changed, 31 insertions(+), 32 deletions(-) diff --git a/drivers/iio/accel/st_accel_core.c b/drivers/iio/accel/st_accel_core.c index 99cb661fabb2d9cc1943fa8d0a6f3becb71126e6..a7961c610ed203d039bbf298c8883031a578fb0b 100644 --- a/drivers/iio/accel/st_accel_core.c +++ b/drivers/iio/accel/st_accel_core.c @@ -1353,6 +1353,7 @@ static int apply_acpi_orientation(struct iio_dev *indio_dev) union acpi_object *ont; union acpi_object *elements; acpi_status status; + struct device *parent = indio_dev->dev.parent; int ret = -EINVAL; unsigned int val; int i, j; @@ -1371,7 +1372,7 @@ static int apply_acpi_orientation(struct iio_dev *indio_dev) }; - adev = ACPI_COMPANION(indio_dev->dev.parent); + adev = ACPI_COMPANION(parent); if (!adev) return -ENXIO; @@ -1380,8 +1381,7 @@ static int apply_acpi_orientation(struct iio_dev *indio_dev) if (status == AE_NOT_FOUND) { return -ENXIO; } else if (ACPI_FAILURE(status)) { - dev_warn(&indio_dev->dev, "failed to execute _ONT: %d\n", - status); + dev_warn(parent, "failed to execute _ONT: %d\n", status); return status; } @@ -1457,12 +1457,12 @@ static int apply_acpi_orientation(struct iio_dev *indio_dev) } ret = 0; - dev_info(&indio_dev->dev, "computed mount matrix from ACPI\n"); + dev_info(parent, "computed mount matrix from ACPI\n"); out: kfree(buffer.pointer); if (ret) - dev_dbg(&indio_dev->dev, + dev_dbg(parent, "failed to apply ACPI orientation data: %d\n", ret); return ret; diff --git a/drivers/iio/common/st_sensors/st_sensors_core.c b/drivers/iio/common/st_sensors/st_sensors_core.c index 8ce1dccfea4f5aaff45d3d40f6542323dd1f0b09..11cbf561b16d41f429745abb516c137cfbb302bb 100644 --- a/drivers/iio/common/st_sensors/st_sensors_core.c +++ b/drivers/iio/common/st_sensors/st_sensors_core.c @@ -154,7 +154,7 @@ static int st_sensors_set_fullscale(struct iio_dev *indio_dev, unsigned int fs) return err; st_accel_set_fullscale_error: - dev_err(&indio_dev->dev, "failed to set new fullscale.\n"); + dev_err(indio_dev->dev.parent, "failed to set new fullscale.\n"); return err; } @@ -231,7 +231,7 @@ int st_sensors_power_enable(struct iio_dev *indio_dev) ARRAY_SIZE(regulator_names), regulator_names); if (err) - return dev_err_probe(&indio_dev->dev, err, + return dev_err_probe(parent, err, "unable to enable supplies\n"); return 0; @@ -241,13 +241,14 @@ EXPORT_SYMBOL_NS(st_sensors_power_enable, "IIO_ST_SENSORS"); static int st_sensors_set_drdy_int_pin(struct iio_dev *indio_dev, struct st_sensors_platform_data *pdata) { + struct device *parent = indio_dev->dev.parent; struct st_sensor_data *sdata = iio_priv(indio_dev); /* Sensor does not support interrupts */ if (!sdata->sensor_settings->drdy_irq.int1.addr && !sdata->sensor_settings->drdy_irq.int2.addr) { if (pdata->drdy_int_pin) - dev_info(&indio_dev->dev, + dev_info(parent, "DRDY on pin INT%d specified, but sensor does not support interrupts\n", pdata->drdy_int_pin); return 0; @@ -256,29 +257,27 @@ static int st_sensors_set_drdy_int_pin(struct iio_dev *indio_dev, switch (pdata->drdy_int_pin) { case 1: if (!sdata->sensor_settings->drdy_irq.int1.mask) { - dev_err(&indio_dev->dev, - "DRDY on INT1 not available.\n"); + dev_err(parent, "DRDY on INT1 not available.\n"); return -EINVAL; } sdata->drdy_int_pin = 1; break; case 2: if (!sdata->sensor_settings->drdy_irq.int2.mask) { - dev_err(&indio_dev->dev, - "DRDY on INT2 not available.\n"); + dev_err(parent, "DRDY on INT2 not available.\n"); return -EINVAL; } sdata->drdy_int_pin = 2; break; default: - dev_err(&indio_dev->dev, "DRDY on pdata not valid.\n"); + dev_err(parent, "DRDY on pdata not valid.\n"); return -EINVAL; } if (pdata->open_drain) { if (!sdata->sensor_settings->drdy_irq.int1.addr_od && !sdata->sensor_settings->drdy_irq.int2.addr_od) - dev_err(&indio_dev->dev, + dev_err(parent, "open drain requested but unsupported.\n"); else sdata->int_pin_open_drain = true; @@ -336,6 +335,7 @@ EXPORT_SYMBOL_NS(st_sensors_dev_name_probe, "IIO_ST_SENSORS"); int st_sensors_init_sensor(struct iio_dev *indio_dev, struct st_sensors_platform_data *pdata) { + struct device *parent = indio_dev->dev.parent; struct st_sensor_data *sdata = iio_priv(indio_dev); struct st_sensors_platform_data *of_pdata; int err = 0; @@ -343,7 +343,7 @@ int st_sensors_init_sensor(struct iio_dev *indio_dev, mutex_init(&sdata->odr_lock); /* If OF/DT pdata exists, it will take precedence of anything else */ - of_pdata = st_sensors_dev_probe(indio_dev->dev.parent, pdata); + of_pdata = st_sensors_dev_probe(parent, pdata); if (IS_ERR(of_pdata)) return PTR_ERR(of_pdata); if (of_pdata) @@ -370,7 +370,7 @@ int st_sensors_init_sensor(struct iio_dev *indio_dev, if (err < 0) return err; } else - dev_info(&indio_dev->dev, "Full-scale not possible\n"); + dev_info(parent, "Full-scale not possible\n"); err = st_sensors_set_odr(indio_dev, sdata->odr); if (err < 0) @@ -405,7 +405,7 @@ int st_sensors_init_sensor(struct iio_dev *indio_dev, mask = sdata->sensor_settings->drdy_irq.int2.mask_od; } - dev_info(&indio_dev->dev, + dev_info(parent, "set interrupt line to open drain mode on pin %d\n", sdata->drdy_int_pin); err = st_sensors_write_data_with_mask(indio_dev, addr, @@ -593,21 +593,20 @@ EXPORT_SYMBOL_NS(st_sensors_get_settings_index, "IIO_ST_SENSORS"); int st_sensors_verify_id(struct iio_dev *indio_dev) { struct st_sensor_data *sdata = iio_priv(indio_dev); + struct device *parent = indio_dev->dev.parent; int wai, err; if (sdata->sensor_settings->wai_addr) { err = regmap_read(sdata->regmap, sdata->sensor_settings->wai_addr, &wai); if (err < 0) { - dev_err(&indio_dev->dev, - "failed to read Who-Am-I register.\n"); - return err; + return dev_err_probe(parent, err, + "failed to read Who-Am-I register.\n"); } if (sdata->sensor_settings->wai != wai) { - dev_warn(&indio_dev->dev, - "%s: WhoAmI mismatch (0x%x).\n", - indio_dev->name, wai); + dev_warn(parent, "%s: WhoAmI mismatch (0x%x).\n", + indio_dev->name, wai); } } diff --git a/drivers/iio/common/st_sensors/st_sensors_trigger.c b/drivers/iio/common/st_sensors/st_sensors_trigger.c index 9d4bf822a15dfcdd6c2835f6b9d7698cd3cb0b08..32c3278968089699dff5329e943d92b151b55fdf 100644 --- a/drivers/iio/common/st_sensors/st_sensors_trigger.c +++ b/drivers/iio/common/st_sensors/st_sensors_trigger.c @@ -127,7 +127,7 @@ int st_sensors_allocate_trigger(struct iio_dev *indio_dev, sdata->trig = devm_iio_trigger_alloc(parent, "%s-trigger", indio_dev->name); if (sdata->trig == NULL) { - dev_err(&indio_dev->dev, "failed to allocate iio trigger.\n"); + dev_err(parent, "failed to allocate iio trigger.\n"); return -ENOMEM; } @@ -143,7 +143,7 @@ int st_sensors_allocate_trigger(struct iio_dev *indio_dev, case IRQF_TRIGGER_FALLING: case IRQF_TRIGGER_LOW: if (!sdata->sensor_settings->drdy_irq.addr_ihl) { - dev_err(&indio_dev->dev, + dev_err(parent, "falling/low specified for IRQ but hardware supports only rising/high: will request rising/high\n"); if (irq_trig == IRQF_TRIGGER_FALLING) irq_trig = IRQF_TRIGGER_RISING; @@ -156,21 +156,21 @@ int st_sensors_allocate_trigger(struct iio_dev *indio_dev, sdata->sensor_settings->drdy_irq.mask_ihl, 1); if (err < 0) return err; - dev_info(&indio_dev->dev, + dev_info(parent, "interrupts on the falling edge or active low level\n"); } break; case IRQF_TRIGGER_RISING: - dev_info(&indio_dev->dev, + dev_info(parent, "interrupts on the rising edge\n"); break; case IRQF_TRIGGER_HIGH: - dev_info(&indio_dev->dev, + dev_info(parent, "interrupts active high level\n"); break; default: /* This is the most preferred mode, if possible */ - dev_err(&indio_dev->dev, + dev_err(parent, "unsupported IRQ trigger specified (%lx), enforce rising edge\n", irq_trig); irq_trig = IRQF_TRIGGER_RISING; } @@ -179,7 +179,7 @@ int st_sensors_allocate_trigger(struct iio_dev *indio_dev, if (irq_trig == IRQF_TRIGGER_FALLING || irq_trig == IRQF_TRIGGER_RISING) { if (!sdata->sensor_settings->drdy_irq.stat_drdy.addr) { - dev_err(&indio_dev->dev, + dev_err(parent, "edge IRQ not supported w/o stat register.\n"); return -EOPNOTSUPP; } @@ -214,13 +214,13 @@ int st_sensors_allocate_trigger(struct iio_dev *indio_dev, sdata->trig->name, sdata->trig); if (err) { - dev_err(&indio_dev->dev, "failed to request trigger IRQ.\n"); + dev_err(parent, "failed to request trigger IRQ.\n"); return err; } err = devm_iio_trigger_register(parent, sdata->trig); if (err < 0) { - dev_err(&indio_dev->dev, "failed to register iio trigger.\n"); + dev_err(parent, "failed to register iio trigger.\n"); return err; } indio_dev->trig = iio_trigger_get(sdata->trig); --- base-commit: 7bac2c97af4078d7a627500c9bcdd5b033f97718 change-id: 20250522-st_iio_fix-1c58fdd4d420 Best regards, -- Maud Spierings <maudspierings(a)gocontroll.com>

4 months

2
1
0 0

[PATCH 5.15 1/1] ocfs2: fix deadlock in ocfs2_get_system_file_inode

by Dmitriy Privalov

From: Mohammed Anees <pvmohammedanees2003(a)gmail.com> commit 7bf1823e010e8db2fb649c790bd1b449a75f52d8 upstream. syzbot has found a possible deadlock in ocfs2_get_system_file_inode [1]. The scenario is depicted here, CPU0 CPU1 lock(&ocfs2_file_ip_alloc_sem_key); lock(&osb->system_file_mutex); lock(&ocfs2_file_ip_alloc_sem_key); lock(&osb->system_file_mutex); The function calls which could lead to this are: CPU0 ocfs2_mknod - lock(&ocfs2_file_ip_alloc_sem_key); . . . ocfs2_get_system_file_inode - lock(&osb->system_file_mutex); CPU1 - ocfs2_fill_super - lock(&osb->system_file_mutex); . . . ocfs2_read_virt_blocks - lock(&ocfs2_file_ip_alloc_sem_key); This issue can be resolved by making the down_read -> down_read_try in the ocfs2_read_virt_blocks. [1] https://syzkaller.appspot.com/bug?extid=e0055ea09f1f5e6fabdd Link: https://lkml.kernel.org/r/20240924093257.7181-1-pvmohammedanees2003@gmail.c… Signed-off-by: Mohammed Anees <pvmohammedanees2003(a)gmail.com> Reviewed-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Reported-by: <syzbot+e0055ea09f1f5e6fabdd(a)syzkaller.appspotmail.com> Closes: https://syzkaller.appspot.com/bug?extid=e0055ea09f1f5e6fabdd Tested-by: syzbot+e0055ea09f1f5e6fabdd(a)syzkaller.appspotmail.com Cc: Mark Fasheh <mark(a)fasheh.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Changwei Ge <gechangwei(a)live.cn> Cc: Gang He <ghe(a)suse.com> Cc: Jun Piao <piaojun(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Dmitriy Privalov <d.privalov(a)omp.ru> --- fs/ocfs2/extent_map.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/fs/ocfs2/extent_map.c b/fs/ocfs2/extent_map.c index 70a768b623cf..f7672472fa82 100644 --- a/fs/ocfs2/extent_map.c +++ b/fs/ocfs2/extent_map.c @@ -973,7 +973,13 @@ int ocfs2_read_virt_blocks(struct inode *inode, u64 v_block, int nr, } while (done < nr) { - down_read(&OCFS2_I(inode)->ip_alloc_sem); + if (!down_read_trylock(&OCFS2_I(inode)->ip_alloc_sem)) { + rc = -EAGAIN; + mlog(ML_ERROR, + "Inode #%llu ip_alloc_sem is temporarily unavailable\n", + (unsigned long long)OCFS2_I(inode)->ip_blkno); + break; + } rc = ocfs2_extent_map_get_blocks(inode, v_block + done, &p_block, &p_count, NULL); up_read(&OCFS2_I(inode)->ip_alloc_sem); -- 2.34.1

4 months

1
0
0 0

[PATCH] ASoC: qcom: sdm845: Add error handling in sdm845_slim_snd_hw_params()

by Wentao Liang

The function sdm845_slim_snd_hw_params() calls the functuion snd_soc_dai_set_channel_map() but does not check its return value. A proper implementation can be found in msm_snd_hw_params(). Add error handling for snd_soc_dai_set_channel_map(). If the function fails and it is not a unsupported error, return the error code immediately. Fixes: 5caf64c633a3 ("ASoC: qcom: sdm845: add support to DB845c and Lenovo Yoga") Cc: stable(a)vger.kernel.org # v5.6 Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- sound/soc/qcom/sdm845.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/sound/soc/qcom/sdm845.c b/sound/soc/qcom/sdm845.c index a479d7e5b7fb..314ff68506d9 100644 --- a/sound/soc/qcom/sdm845.c +++ b/sound/soc/qcom/sdm845.c @@ -91,6 +91,10 @@ static int sdm845_slim_snd_hw_params(struct snd_pcm_substream *substream, else ret = snd_soc_dai_set_channel_map(cpu_dai, tx_ch_cnt, tx_ch, 0, NULL); + if (ret != 0 && ret != -ENOTSUPP) { + dev_err(rtd->dev, "failed to set cpu chan map, err:%d\n", ret); + return ret; + } } return 0; -- 2.42.0.windows.2

4 months

3
2
0 0

Re: Panic with a lis2dw12 accelerometer

by Maud Spierings

On 5/21/25 11:48, Maud Spierings wrote: > On 5/21/25 11:29, Christian Heusel wrote: >> On 25/05/21 10:53AM, Maud Spierings wrote: >>> I've just experienced an Issue that I think may be a regression. >>> >>> I'm enabling a device which incorporates a lis2dw12 accelerometer, >>> currently >>> I am running 6.12 lts, so 6.12.29 as of typing this message. >> >> Could you check whether the latest mainline release (at the time this is >> v6.15-rc7) is also affected? If that's not the case the bug might >> already be fixed ^_^ > > Unfortunately doesn't seem to be the case, still gets the panic. I also > tried 6.12(.0), but that also has the panic, so it is definitely older > than this lts. > >> Also as you said that this is a regression, what is the last revision >> that the accelerometer worked with? > > Thats a difficult one to pin down, I'm moving from the nxp vendor kernel > to mainline, the last working one that I know sure is 5.10.72 of that > vendor kernel. I did some more digging and the latest lts it seems to work with is 6.1.139, 6.6.91 also crashes. So it seems to be a very old regression. >>> This is where my ability to fix thing fizzles out and so here I am >>> asking >>> for assistance. >>> >>> Kind regards, >>> Maud >> >> Cheers, >> Chris >

4 months

3
4
0 0

RE: [PATCH v6] virtio_blk: Fix disk deletion hang on device surprise removal

by Parav Pandit

> From: Parav Pandit <parav(a)nvidia.com> > Sent: Thursday, May 22, 2025 1:19 PM > To: Max Gurtovoy <mgurtovoy(a)nvidia.com>; Israel Rukshin > <israelr(a)nvidia.com> > Cc: Parav Pandit <parav(a)nvidia.com>; stable(a)vger.kernel.org; NBU-Contact- > Li Rongqing (EXTERNAL) <lirongqing(a)baidu.com> > Subject: [PATCH v6] virtio_blk: Fix disk deletion hang on device surprise > removal > > When the PCI device is surprise removed, requests may not complete the > device as the VQ is marked as broken. Due to this, the disk deletion hangs. > > Fix it by aborting the requests when the VQ is broken. > > With this fix now fio completes swiftly. > An alternative of IO timeout has been considered, however when the driver > knows about unresponsive block device, swiftly clearing them enables users > and upper layers to react quickly. > > Verified with multiple device unplug iterations with pending requests in virtio > used ring and some pending with the device. > > Fixes: 43bb40c5b926 ("virtio_pci: Support surprise removal of virtio pci > device") > Cc: stable(a)vger.kernel.org > Reported-by: Li RongQing <lirongqing(a)baidu.com> > Closes: > https://lore.kernel.org/virtualization/c45dd68698cd47238c55fb73ca9b4741 > @baidu.com/ > Signed-off-by: Parav Pandit <parav(a)nvidia.com> > This is an internal patch, which got CCed to stable by mistake. Please ignore this patch for stable kernels. It is still under internal review. I am sorry for the noise. > --- > v1->v2: (internal v5->v6): > - Addressed comments from Stephan > - fixed spelling to 'waiting' > v1->v2: (internal v4->v5): > - Addressed comments from MST > - removed the vq broken check in queue_rq(s) > --- > drivers/block/virtio_blk.c | 85 > ++++++++++++++++++++++++++++++++++++++ > 1 file changed, 85 insertions(+) > > diff --git a/drivers/block/virtio_blk.c b/drivers/block/virtio_blk.c index > 7cffea01d868..04f24ec20405 100644 > --- a/drivers/block/virtio_blk.c > +++ b/drivers/block/virtio_blk.c > @@ -1554,6 +1554,89 @@ static int virtblk_probe(struct virtio_device *vdev) > return err; > } > > +static bool virtblk_request_cancel(struct request *rq, void *data) { > + struct virtblk_req *vbr = blk_mq_rq_to_pdu(rq); > + struct virtio_blk *vblk = data; > + struct virtio_blk_vq *vq; > + unsigned long flags; > + > + vq = &vblk->vqs[rq->mq_hctx->queue_num]; > + > + spin_lock_irqsave(&vq->lock, flags); > + > + vbr->in_hdr.status = VIRTIO_BLK_S_IOERR; > + if (blk_mq_request_started(rq) && !blk_mq_request_completed(rq)) > + blk_mq_complete_request(rq); > + > + spin_unlock_irqrestore(&vq->lock, flags); > + return true; > +} > + > +static void virtblk_broken_device_cleanup(struct virtio_blk *vblk) { > + struct request_queue *q = vblk->disk->queue; > + > + return; > + > + if (!virtqueue_is_broken(vblk->vqs[0].vq)) > + return; > + > + /* Start freezing the queue, so that new requests keeps waiting at the > + * door of bio_queue_enter(). We cannot fully freeze the queue > because > + * freezed queue is an empty queue and there are pending requests, > so > + * only start freezing it. > + */ > + blk_freeze_queue_start(q); > + > + /* When quiescing completes, all ongoing dispatches have completed > + * and no new dispatch will happen towards the driver. > + * This ensures that later when cancel is attempted, then are not > + * getting processed by the queue_rq() or queue_rqs() handlers. > + */ > + blk_mq_quiesce_queue(q); > + > + /* > + * Synchronize with any ongoing VQ callbacks, effectively quiescing > + * the device and preventing it from completing further requests > + * to the block layer. Any outstanding, incomplete requests will be > + * completed by virtblk_request_cancel(). > + */ > + virtio_synchronize_cbs(vblk->vdev); > + > + /* At this point, no new requests can enter the queue_rq() and > + * completion routine will not complete any new requests either for > the > + * broken vq. Hence, it is safe to cancel all requests which are > + * started. > + */ > + blk_mq_tagset_busy_iter(&vblk->tag_set, virtblk_request_cancel, > vblk); > + blk_mq_tagset_wait_completed_request(&vblk->tag_set); > + > + /* All pending requests are cleaned up. Time to resume so that disk > + * deletion can be smooth. Start the HW queues so that when queue is > + * unquiesced requests can again enter the driver. > + */ > + blk_mq_start_stopped_hw_queues(q, true); > + > + /* Unquiescing will trigger dispatching any pending requests to the > + * driver which has crossed bio_queue_enter() to the driver. > + */ > + blk_mq_unquiesce_queue(q); > + > + /* Wait for all pending dispatches to terminate which may have been > + * initiated after unquiescing. > + */ > + blk_mq_freeze_queue_wait(q); > + > + /* Mark the disk dead so that once queue unfreeze, the requests > + * waiting at the door of bio_queue_enter() can be aborted right away. > + */ > + blk_mark_disk_dead(vblk->disk); > + > + /* Unfreeze the queue so that any waiting requests will be aborted. */ > + blk_mq_unfreeze_queue_nomemrestore(q); > +} > + > static void virtblk_remove(struct virtio_device *vdev) { > struct virtio_blk *vblk = vdev->priv; > @@ -1561,6 +1644,8 @@ static void virtblk_remove(struct virtio_device > *vdev) > /* Make sure no work handler is accessing the device. */ > flush_work(&vblk->config_work); > > + virtblk_broken_device_cleanup(vblk); > + > del_gendisk(vblk->disk); > blk_mq_free_tag_set(&vblk->tag_set); > > -- > 2.34.1

4 months

1
0
0 0

[PATCH net 4/4] can: slcan: allow reception of short error messages

by Marc Kleine-Budde

From: Carlos Sanchez <carlossanchez(a)geotab.com> Allows slcan to receive short messages (typically errors) from the serial interface. When error support was added to slcan protocol in b32ff4668544e1333b694fcc7812b2d7397b4d6a ("can: slcan: extend the protocol with error info") the minimum valid message size changed from 5 (minimum standard can frame tIII0) to 3 ("e1a" is a valid protocol message, it is one of the examples given in the comments for slcan_bump_err() ), but the check for minimum message length prodicating all decoding was not adjusted. This makes short error messages discarded and error frames not being generated. This patch changes the minimum length to the new minimum (3 characters, excluding terminator, is now a valid message). Signed-off-by: Carlos Sanchez <carlossanchez(a)geotab.com> Fixes: b32ff4668544 ("can: slcan: extend the protocol with error info") Reviewed-by: Vincent Mailhol <mailhol.vincent(a)wanadoo.fr> Link: https://patch.msgid.link/20250520102305.1097494-1-carlossanchez@geotab.com Cc: stable(a)vger.kernel.org Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> --- drivers/net/can/slcan/slcan-core.c | 26 ++++++++++++++++++++------ 1 file changed, 20 insertions(+), 6 deletions(-) diff --git a/drivers/net/can/slcan/slcan-core.c b/drivers/net/can/slcan/slcan-core.c index 24c6622d36bd..58ff2ec1d975 100644 --- a/drivers/net/can/slcan/slcan-core.c +++ b/drivers/net/can/slcan/slcan-core.c @@ -71,12 +71,21 @@ MODULE_AUTHOR("Dario Binacchi <dario.binacchi(a)amarulasolutions.com>"); #define SLCAN_CMD_LEN 1 #define SLCAN_SFF_ID_LEN 3 #define SLCAN_EFF_ID_LEN 8 +#define SLCAN_DATA_LENGTH_LEN 1 +#define SLCAN_ERROR_LEN 1 #define SLCAN_STATE_LEN 1 #define SLCAN_STATE_BE_RXCNT_LEN 3 #define SLCAN_STATE_BE_TXCNT_LEN 3 -#define SLCAN_STATE_FRAME_LEN (1 + SLCAN_CMD_LEN + \ - SLCAN_STATE_BE_RXCNT_LEN + \ - SLCAN_STATE_BE_TXCNT_LEN) +#define SLCAN_STATE_MSG_LEN (SLCAN_CMD_LEN + \ + SLCAN_STATE_LEN + \ + SLCAN_STATE_BE_RXCNT_LEN + \ + SLCAN_STATE_BE_TXCNT_LEN) +#define SLCAN_ERROR_MSG_LEN_MIN (SLCAN_CMD_LEN + \ + SLCAN_ERROR_LEN + \ + SLCAN_DATA_LENGTH_LEN) +#define SLCAN_FRAME_MSG_LEN_MIN (SLCAN_CMD_LEN + \ + SLCAN_SFF_ID_LEN + \ + SLCAN_DATA_LENGTH_LEN) struct slcan { struct can_priv can; @@ -176,6 +185,9 @@ static void slcan_bump_frame(struct slcan *sl) u32 tmpid; char *cmd = sl->rbuff; + if (sl->rcount < SLCAN_FRAME_MSG_LEN_MIN) + return; + skb = alloc_can_skb(sl->dev, &cf); if (unlikely(!skb)) { sl->dev->stats.rx_dropped++; @@ -281,7 +293,7 @@ static void slcan_bump_state(struct slcan *sl) return; } - if (state == sl->can.state || sl->rcount < SLCAN_STATE_FRAME_LEN) + if (state == sl->can.state || sl->rcount != SLCAN_STATE_MSG_LEN) return; cmd += SLCAN_STATE_BE_RXCNT_LEN + SLCAN_CMD_LEN + 1; @@ -328,6 +340,9 @@ static void slcan_bump_err(struct slcan *sl) bool rx_errors = false, tx_errors = false, rx_over_errors = false; int i, len; + if (sl->rcount < SLCAN_ERROR_MSG_LEN_MIN) + return; + /* get len from sanitized ASCII value */ len = cmd[1]; if (len >= '0' && len < '9') @@ -456,8 +471,7 @@ static void slcan_bump(struct slcan *sl) static void slcan_unesc(struct slcan *sl, unsigned char s) { if ((s == '\r') || (s == '\a')) { /* CR or BEL ends the pdu */ - if (!test_and_clear_bit(SLF_ERROR, &sl->flags) && - sl->rcount > 4) + if (!test_and_clear_bit(SLF_ERROR, &sl->flags)) slcan_bump(sl); sl->rcount = 0; -- 2.47.2

4 months

1
0
0 0

[PATCH net 3/4] can: kvaser_pciefd: Continue parsing DMA buf after dropped RX

by Marc Kleine-Budde

From: Axel Forsman <axfo(a)kvaser.com> Going bus-off on a channel doing RX could result in dropped packets. As netif_running() gets cleared before the channel abort procedure, the handling of any last RDATA packets would see netif_rx() return non-zero to signal a dropped packet. kvaser_pciefd_read_buffer() dealt with this "error" by breaking out of processing the remaining DMA RX buffer. Only return an error from kvaser_pciefd_read_buffer() due to packet corruption, otherwise handle it internally. Cc: stable(a)vger.kernel.org Signed-off-by: Axel Forsman <axfo(a)kvaser.com> Tested-by: Jimmy Assarsson <extja(a)kvaser.com> Reviewed-by: Jimmy Assarsson <extja(a)kvaser.com> Link: https://patch.msgid.link/20250520114332.8961-4-axfo@kvaser.com Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> --- drivers/net/can/kvaser_pciefd.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/drivers/net/can/kvaser_pciefd.c b/drivers/net/can/kvaser_pciefd.c index a61cbade96d9..f6921368cd14 100644 --- a/drivers/net/can/kvaser_pciefd.c +++ b/drivers/net/can/kvaser_pciefd.c @@ -1209,7 +1209,7 @@ static int kvaser_pciefd_handle_data_packet(struct kvaser_pciefd *pcie, skb = alloc_canfd_skb(priv->dev, &cf); if (!skb) { priv->dev->stats.rx_dropped++; - return -ENOMEM; + return 0; } cf->len = can_fd_dlc2len(dlc); @@ -1221,7 +1221,7 @@ static int kvaser_pciefd_handle_data_packet(struct kvaser_pciefd *pcie, skb = alloc_can_skb(priv->dev, (struct can_frame **)&cf); if (!skb) { priv->dev->stats.rx_dropped++; - return -ENOMEM; + return 0; } can_frame_set_cc_len((struct can_frame *)cf, dlc, priv->ctrlmode); } @@ -1239,7 +1239,9 @@ static int kvaser_pciefd_handle_data_packet(struct kvaser_pciefd *pcie, priv->dev->stats.rx_packets++; kvaser_pciefd_set_skb_timestamp(pcie, skb, p->timestamp); - return netif_rx(skb); + netif_rx(skb); + + return 0; } static void kvaser_pciefd_change_state(struct kvaser_pciefd_can *can, -- 2.47.2

4 months

1
0
0 0

[PATCH net 2/4] can: kvaser_pciefd: Fix echo_skb race

by Marc Kleine-Budde

From: Axel Forsman <axfo(a)kvaser.com> The functions kvaser_pciefd_start_xmit() and kvaser_pciefd_handle_ack_packet() raced to stop/wake TX queues and get/put echo skbs, as kvaser_pciefd_can->echo_lock was only ever taken when transmitting and KCAN_TX_NR_PACKETS_CURRENT gets decremented prior to handling of ACKs. E.g., this caused the following error: can_put_echo_skb: BUG! echo_skb 5 is occupied! Instead, use the synchronization helpers in netdev_queues.h. As those piggyback on BQL barriers, start updating in-flight packets and bytes counts as well. Cc: stable(a)vger.kernel.org Signed-off-by: Axel Forsman <axfo(a)kvaser.com> Tested-by: Jimmy Assarsson <extja(a)kvaser.com> Reviewed-by: Jimmy Assarsson <extja(a)kvaser.com> Link: https://patch.msgid.link/20250520114332.8961-3-axfo@kvaser.com Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> --- drivers/net/can/kvaser_pciefd.c | 93 +++++++++++++++++++++------------ 1 file changed, 59 insertions(+), 34 deletions(-) diff --git a/drivers/net/can/kvaser_pciefd.c b/drivers/net/can/kvaser_pciefd.c index 9cc9176c2058..a61cbade96d9 100644 --- a/drivers/net/can/kvaser_pciefd.c +++ b/drivers/net/can/kvaser_pciefd.c @@ -16,6 +16,7 @@ #include <linux/netdevice.h> #include <linux/pci.h> #include <linux/timer.h> +#include <net/netdev_queues.h> MODULE_LICENSE("Dual BSD/GPL"); MODULE_AUTHOR("Kvaser AB <support(a)kvaser.com>"); @@ -410,10 +411,13 @@ struct kvaser_pciefd_can { void __iomem *reg_base; struct can_berr_counter bec; u8 cmd_seq; + u8 tx_max_count; + u8 tx_idx; + u8 ack_idx; int err_rep_cnt; - int echo_idx; + unsigned int completed_tx_pkts; + unsigned int completed_tx_bytes; spinlock_t lock; /* Locks sensitive registers (e.g. MODE) */ - spinlock_t echo_lock; /* Locks the message echo buffer */ struct timer_list bec_poll_timer; struct completion start_comp, flush_comp; }; @@ -714,6 +718,9 @@ static int kvaser_pciefd_open(struct net_device *netdev) int ret; struct kvaser_pciefd_can *can = netdev_priv(netdev); + can->tx_idx = 0; + can->ack_idx = 0; + ret = open_candev(netdev); if (ret) return ret; @@ -745,21 +752,26 @@ static int kvaser_pciefd_stop(struct net_device *netdev) timer_delete(&can->bec_poll_timer); } can->can.state = CAN_STATE_STOPPED; + netdev_reset_queue(netdev); close_candev(netdev); return ret; } +static unsigned int kvaser_pciefd_tx_avail(const struct kvaser_pciefd_can *can) +{ + return can->tx_max_count - (READ_ONCE(can->tx_idx) - READ_ONCE(can->ack_idx)); +} + static int kvaser_pciefd_prepare_tx_packet(struct kvaser_pciefd_tx_packet *p, - struct kvaser_pciefd_can *can, + struct can_priv *can, u8 seq, struct sk_buff *skb) { struct canfd_frame *cf = (struct canfd_frame *)skb->data; int packet_size; - int seq = can->echo_idx; memset(p, 0, sizeof(*p)); - if (can->can.ctrlmode & CAN_CTRLMODE_ONE_SHOT) + if (can->ctrlmode & CAN_CTRLMODE_ONE_SHOT) p->header[1] |= KVASER_PCIEFD_TPACKET_SMS; if (cf->can_id & CAN_RTR_FLAG) @@ -782,7 +794,7 @@ static int kvaser_pciefd_prepare_tx_packet(struct kvaser_pciefd_tx_packet *p, } else { p->header[1] |= FIELD_PREP(KVASER_PCIEFD_RPACKET_DLC_MASK, - can_get_cc_dlc((struct can_frame *)cf, can->can.ctrlmode)); + can_get_cc_dlc((struct can_frame *)cf, can->ctrlmode)); } p->header[1] |= FIELD_PREP(KVASER_PCIEFD_PACKET_SEQ_MASK, seq); @@ -797,22 +809,24 @@ static netdev_tx_t kvaser_pciefd_start_xmit(struct sk_buff *skb, struct net_device *netdev) { struct kvaser_pciefd_can *can = netdev_priv(netdev); - unsigned long irq_flags; struct kvaser_pciefd_tx_packet packet; + unsigned int seq = can->tx_idx & (can->can.echo_skb_max - 1); + unsigned int frame_len; int nr_words; - u8 count; if (can_dev_dropped_skb(netdev, skb)) return NETDEV_TX_OK; + if (!netif_subqueue_maybe_stop(netdev, 0, kvaser_pciefd_tx_avail(can), 1, 1)) + return NETDEV_TX_BUSY; - nr_words = kvaser_pciefd_prepare_tx_packet(&packet, can, skb); + nr_words = kvaser_pciefd_prepare_tx_packet(&packet, &can->can, seq, skb); - spin_lock_irqsave(&can->echo_lock, irq_flags); /* Prepare and save echo skb in internal slot */ - can_put_echo_skb(skb, netdev, can->echo_idx, 0); - - /* Move echo index to the next slot */ - can->echo_idx = (can->echo_idx + 1) % can->can.echo_skb_max; + WRITE_ONCE(can->can.echo_skb[seq], NULL); + frame_len = can_skb_get_frame_len(skb); + can_put_echo_skb(skb, netdev, seq, frame_len); + netdev_sent_queue(netdev, frame_len); + WRITE_ONCE(can->tx_idx, can->tx_idx + 1); /* Write header to fifo */ iowrite32(packet.header[0], @@ -836,14 +850,7 @@ static netdev_tx_t kvaser_pciefd_start_xmit(struct sk_buff *skb, KVASER_PCIEFD_KCAN_FIFO_LAST_REG); } - count = FIELD_GET(KVASER_PCIEFD_KCAN_TX_NR_PACKETS_CURRENT_MASK, - ioread32(can->reg_base + KVASER_PCIEFD_KCAN_TX_NR_PACKETS_REG)); - /* No room for a new message, stop the queue until at least one - * successful transmit - */ - if (count >= can->can.echo_skb_max || can->can.echo_skb[can->echo_idx]) - netif_stop_queue(netdev); - spin_unlock_irqrestore(&can->echo_lock, irq_flags); + netif_subqueue_maybe_stop(netdev, 0, kvaser_pciefd_tx_avail(can), 1, 1); return NETDEV_TX_OK; } @@ -970,6 +977,8 @@ static int kvaser_pciefd_setup_can_ctrls(struct kvaser_pciefd *pcie) can->kv_pcie = pcie; can->cmd_seq = 0; can->err_rep_cnt = 0; + can->completed_tx_pkts = 0; + can->completed_tx_bytes = 0; can->bec.txerr = 0; can->bec.rxerr = 0; @@ -983,11 +992,10 @@ static int kvaser_pciefd_setup_can_ctrls(struct kvaser_pciefd *pcie) tx_nr_packets_max = FIELD_GET(KVASER_PCIEFD_KCAN_TX_NR_PACKETS_MAX_MASK, ioread32(can->reg_base + KVASER_PCIEFD_KCAN_TX_NR_PACKETS_REG)); + can->tx_max_count = min(KVASER_PCIEFD_CAN_TX_MAX_COUNT, tx_nr_packets_max - 1); can->can.clock.freq = pcie->freq; - can->can.echo_skb_max = min(KVASER_PCIEFD_CAN_TX_MAX_COUNT, tx_nr_packets_max - 1); - can->echo_idx = 0; - spin_lock_init(&can->echo_lock); + can->can.echo_skb_max = roundup_pow_of_two(can->tx_max_count); spin_lock_init(&can->lock); can->can.bittiming_const = &kvaser_pciefd_bittiming_const; @@ -1510,19 +1518,21 @@ static int kvaser_pciefd_handle_ack_packet(struct kvaser_pciefd *pcie, netdev_dbg(can->can.dev, "Packet was flushed\n"); } else { int echo_idx = FIELD_GET(KVASER_PCIEFD_PACKET_SEQ_MASK, p->header[0]); - int len; - u8 count; + unsigned int len, frame_len = 0; struct sk_buff *skb; + if (echo_idx != (can->ack_idx & (can->can.echo_skb_max - 1))) + return 0; skb = can->can.echo_skb[echo_idx]; - if (skb) - kvaser_pciefd_set_skb_timestamp(pcie, skb, p->timestamp); - len = can_get_echo_skb(can->can.dev, echo_idx, NULL); - count = FIELD_GET(KVASER_PCIEFD_KCAN_TX_NR_PACKETS_CURRENT_MASK, - ioread32(can->reg_base + KVASER_PCIEFD_KCAN_TX_NR_PACKETS_REG)); + if (!skb) + return 0; + kvaser_pciefd_set_skb_timestamp(pcie, skb, p->timestamp); + len = can_get_echo_skb(can->can.dev, echo_idx, &frame_len); - if (count < can->can.echo_skb_max && netif_queue_stopped(can->can.dev)) - netif_wake_queue(can->can.dev); + /* Pairs with barrier in kvaser_pciefd_start_xmit() */ + smp_store_release(&can->ack_idx, can->ack_idx + 1); + can->completed_tx_pkts++; + can->completed_tx_bytes += frame_len; if (!one_shot_fail) { can->can.dev->stats.tx_bytes += len; @@ -1638,11 +1648,26 @@ static int kvaser_pciefd_read_buffer(struct kvaser_pciefd *pcie, int dma_buf) { int pos = 0; int res = 0; + unsigned int i; do { res = kvaser_pciefd_read_packet(pcie, &pos, dma_buf); } while (!res && pos > 0 && pos < KVASER_PCIEFD_DMA_SIZE); + /* Report ACKs in this buffer to BQL en masse for correct periods */ + for (i = 0; i < pcie->nr_channels; ++i) { + struct kvaser_pciefd_can *can = pcie->can[i]; + + if (!can->completed_tx_pkts) + continue; + netif_subqueue_completed_wake(can->can.dev, 0, + can->completed_tx_pkts, + can->completed_tx_bytes, + kvaser_pciefd_tx_avail(can), 1); + can->completed_tx_pkts = 0; + can->completed_tx_bytes = 0; + } + return res; } -- 2.47.2

4 months

1
0
0 0

[PATCH 5.10 1/1] ocfs2: fix deadlock in ocfs2_get_system_file_inode

by Dmitriy Privalov

From: Mohammed Anees <pvmohammedanees2003(a)gmail.com> commit 7bf1823e010e8db2fb649c790bd1b449a75f52d8 upstream. syzbot has found a possible deadlock in ocfs2_get_system_file_inode [1]. The scenario is depicted here, CPU0 CPU1 lock(&ocfs2_file_ip_alloc_sem_key); lock(&osb->system_file_mutex); lock(&ocfs2_file_ip_alloc_sem_key); lock(&osb->system_file_mutex); The function calls which could lead to this are: CPU0 ocfs2_mknod - lock(&ocfs2_file_ip_alloc_sem_key); . . . ocfs2_get_system_file_inode - lock(&osb->system_file_mutex); CPU1 - ocfs2_fill_super - lock(&osb->system_file_mutex); . . . ocfs2_read_virt_blocks - lock(&ocfs2_file_ip_alloc_sem_key); This issue can be resolved by making the down_read -> down_read_try in the ocfs2_read_virt_blocks. [1] https://syzkaller.appspot.com/bug?extid=e0055ea09f1f5e6fabdd Link: https://lkml.kernel.org/r/20240924093257.7181-1-pvmohammedanees2003@gmail.c… Signed-off-by: Mohammed Anees <pvmohammedanees2003(a)gmail.com> Reviewed-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Reported-by: <syzbot+e0055ea09f1f5e6fabdd(a)syzkaller.appspotmail.com> Closes: https://syzkaller.appspot.com/bug?extid=e0055ea09f1f5e6fabdd Tested-by: syzbot+e0055ea09f1f5e6fabdd(a)syzkaller.appspotmail.com Cc: Mark Fasheh <mark(a)fasheh.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Changwei Ge <gechangwei(a)live.cn> Cc: Gang He <ghe(a)suse.com> Cc: Jun Piao <piaojun(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Dmitriy Privalov <d.privalov(a)omp.ru> --- fs/ocfs2/extent_map.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/fs/ocfs2/extent_map.c b/fs/ocfs2/extent_map.c index 70a768b623cf..f7672472fa82 100644 --- a/fs/ocfs2/extent_map.c +++ b/fs/ocfs2/extent_map.c @@ -973,7 +973,13 @@ int ocfs2_read_virt_blocks(struct inode *inode, u64 v_block, int nr, } while (done < nr) { - down_read(&OCFS2_I(inode)->ip_alloc_sem); + if (!down_read_trylock(&OCFS2_I(inode)->ip_alloc_sem)) { + rc = -EAGAIN; + mlog(ML_ERROR, + "Inode #%llu ip_alloc_sem is temporarily unavailable\n", + (unsigned long long)OCFS2_I(inode)->ip_blkno); + break; + } rc = ocfs2_extent_map_get_blocks(inode, v_block + done, &p_block, &p_count, NULL); up_read(&OCFS2_I(inode)->ip_alloc_sem); -- 2.34.1

4 months

1
0
0 0

[PATCH 1/2] drm/amdgpu/vcn4.0.5: split code along instances

by Eric Naim

From: Alex Deucher <alexander.deucher(a)amd.com> commit ecc9ab4e924b7eb9e2c4a668162aaa1d9d60d08c upstream Split the code on a per instance basis. This will allow us to use the per instance functions in the future to handle more things per instance. v2: squash in fix for stop() from Boyuan Reviewed-by: Boyuan Zhang <Boyuan.Zhang(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Tested-by: Eric Naim <dnaim(a)cachyos.org> Signed-off-by: Eric Naim <dnaim(a)cachyos.org> --- drivers/gpu/drm/amd/amdgpu/vcn_v4_0_5.c | 444 ++++++++++++------------ 1 file changed, 220 insertions(+), 224 deletions(-) diff --git a/drivers/gpu/drm/amd/amdgpu/vcn_v4_0_5.c b/drivers/gpu/drm/amd/amdgpu/vcn_v4_0_5.c index d2dfdb141b24..9f9a9bf8dab9 100644 --- a/drivers/gpu/drm/amd/amdgpu/vcn_v4_0_5.c +++ b/drivers/gpu/drm/amd/amdgpu/vcn_v4_0_5.c @@ -991,183 +991,178 @@ static int vcn_v4_0_5_start_dpg_mode(struct amdgpu_device *adev, int inst_idx, b * vcn_v4_0_5_start - VCN start * * @adev: amdgpu_device pointer + * @i: instance to start * * Start VCN block */ -static int vcn_v4_0_5_start(struct amdgpu_device *adev) +static int vcn_v4_0_5_start(struct amdgpu_device *adev, int i) { volatile struct amdgpu_vcn4_fw_shared *fw_shared; struct amdgpu_ring *ring; uint32_t tmp; - int i, j, k, r; + int j, k, r; - for (i = 0; i < adev->vcn.num_vcn_inst; ++i) { - if (adev->pm.dpm_enabled) - amdgpu_dpm_enable_vcn(adev, true, i); - } + if (adev->vcn.harvest_config & (1 << i)) + return 0; - for (i = 0; i < adev->vcn.num_vcn_inst; ++i) { - if (adev->vcn.harvest_config & (1 << i)) - continue; + if (adev->pm.dpm_enabled) + amdgpu_dpm_enable_vcn(adev, true, i); - fw_shared = adev->vcn.inst[i].fw_shared.cpu_addr; + fw_shared = adev->vcn.inst[i].fw_shared.cpu_addr; - if (adev->pg_flags & AMD_PG_SUPPORT_VCN_DPG) { - r = vcn_v4_0_5_start_dpg_mode(adev, i, adev->vcn.indirect_sram); - continue; - } + if (adev->pg_flags & AMD_PG_SUPPORT_VCN_DPG) + return vcn_v4_0_5_start_dpg_mode(adev, i, adev->vcn.indirect_sram); - /* disable VCN power gating */ - vcn_v4_0_5_disable_static_power_gating(adev, i); - - /* set VCN status busy */ - tmp = RREG32_SOC15(VCN, i, regUVD_STATUS) | UVD_STATUS__UVD_BUSY; - WREG32_SOC15(VCN, i, regUVD_STATUS, tmp); - - /*SW clock gating */ - vcn_v4_0_5_disable_clock_gating(adev, i); - - /* enable VCPU clock */ - WREG32_P(SOC15_REG_OFFSET(VCN, i, regUVD_VCPU_CNTL), - UVD_VCPU_CNTL__CLK_EN_MASK, ~UVD_VCPU_CNTL__CLK_EN_MASK); - - /* disable master interrupt */ - WREG32_P(SOC15_REG_OFFSET(VCN, i, regUVD_MASTINT_EN), 0, - ~UVD_MASTINT_EN__VCPU_EN_MASK); - - /* enable LMI MC and UMC channels */ - WREG32_P(SOC15_REG_OFFSET(VCN, i, regUVD_LMI_CTRL2), 0, - ~UVD_LMI_CTRL2__STALL_ARB_UMC_MASK); - - tmp = RREG32_SOC15(VCN, i, regUVD_SOFT_RESET); - tmp &= ~UVD_SOFT_RESET__LMI_SOFT_RESET_MASK; - tmp &= ~UVD_SOFT_RESET__LMI_UMC_SOFT_RESET_MASK; - WREG32_SOC15(VCN, i, regUVD_SOFT_RESET, tmp); - - /* setup regUVD_LMI_CTRL */ - tmp = RREG32_SOC15(VCN, i, regUVD_LMI_CTRL); - WREG32_SOC15(VCN, i, regUVD_LMI_CTRL, tmp | - UVD_LMI_CTRL__WRITE_CLEAN_TIMER_EN_MASK | - UVD_LMI_CTRL__MASK_MC_URGENT_MASK | - UVD_LMI_CTRL__DATA_COHERENCY_EN_MASK | - UVD_LMI_CTRL__VCPU_DATA_COHERENCY_EN_MASK); - - /* setup regUVD_MPC_CNTL */ - tmp = RREG32_SOC15(VCN, i, regUVD_MPC_CNTL); - tmp &= ~UVD_MPC_CNTL__REPLACEMENT_MODE_MASK; - tmp |= 0x2 << UVD_MPC_CNTL__REPLACEMENT_MODE__SHIFT; - WREG32_SOC15(VCN, i, regUVD_MPC_CNTL, tmp); - - /* setup UVD_MPC_SET_MUXA0 */ - WREG32_SOC15(VCN, i, regUVD_MPC_SET_MUXA0, - ((0x1 << UVD_MPC_SET_MUXA0__VARA_1__SHIFT) | - (0x2 << UVD_MPC_SET_MUXA0__VARA_2__SHIFT) | - (0x3 << UVD_MPC_SET_MUXA0__VARA_3__SHIFT) | - (0x4 << UVD_MPC_SET_MUXA0__VARA_4__SHIFT))); - - /* setup UVD_MPC_SET_MUXB0 */ - WREG32_SOC15(VCN, i, regUVD_MPC_SET_MUXB0, - ((0x1 << UVD_MPC_SET_MUXB0__VARB_1__SHIFT) | - (0x2 << UVD_MPC_SET_MUXB0__VARB_2__SHIFT) | - (0x3 << UVD_MPC_SET_MUXB0__VARB_3__SHIFT) | - (0x4 << UVD_MPC_SET_MUXB0__VARB_4__SHIFT))); - - /* setup UVD_MPC_SET_MUX */ - WREG32_SOC15(VCN, i, regUVD_MPC_SET_MUX, - ((0x0 << UVD_MPC_SET_MUX__SET_0__SHIFT) | - (0x1 << UVD_MPC_SET_MUX__SET_1__SHIFT) | - (0x2 << UVD_MPC_SET_MUX__SET_2__SHIFT))); - - vcn_v4_0_5_mc_resume(adev, i); - - /* VCN global tiling registers */ - WREG32_SOC15(VCN, i, regUVD_GFX10_ADDR_CONFIG, - adev->gfx.config.gb_addr_config); - - /* unblock VCPU register access */ - WREG32_P(SOC15_REG_OFFSET(VCN, i, regUVD_RB_ARB_CTRL), 0, - ~UVD_RB_ARB_CTRL__VCPU_DIS_MASK); - - /* release VCPU reset to boot */ - WREG32_P(SOC15_REG_OFFSET(VCN, i, regUVD_VCPU_CNTL), 0, - ~UVD_VCPU_CNTL__BLK_RST_MASK); - - for (j = 0; j < 10; ++j) { - uint32_t status; - - for (k = 0; k < 100; ++k) { - status = RREG32_SOC15(VCN, i, regUVD_STATUS); - if (status & 2) - break; - mdelay(10); - if (amdgpu_emu_mode == 1) - msleep(1); - } + /* disable VCN power gating */ + vcn_v4_0_5_disable_static_power_gating(adev, i); + + /* set VCN status busy */ + tmp = RREG32_SOC15(VCN, i, regUVD_STATUS) | UVD_STATUS__UVD_BUSY; + WREG32_SOC15(VCN, i, regUVD_STATUS, tmp); - if (amdgpu_emu_mode == 1) { - r = -1; - if (status & 2) { - r = 0; - break; - } - } else { + /* SW clock gating */ + vcn_v4_0_5_disable_clock_gating(adev, i); + + /* enable VCPU clock */ + WREG32_P(SOC15_REG_OFFSET(VCN, i, regUVD_VCPU_CNTL), + UVD_VCPU_CNTL__CLK_EN_MASK, ~UVD_VCPU_CNTL__CLK_EN_MASK); + + /* disable master interrupt */ + WREG32_P(SOC15_REG_OFFSET(VCN, i, regUVD_MASTINT_EN), 0, + ~UVD_MASTINT_EN__VCPU_EN_MASK); + + /* enable LMI MC and UMC channels */ + WREG32_P(SOC15_REG_OFFSET(VCN, i, regUVD_LMI_CTRL2), 0, + ~UVD_LMI_CTRL2__STALL_ARB_UMC_MASK); + + tmp = RREG32_SOC15(VCN, i, regUVD_SOFT_RESET); + tmp &= ~UVD_SOFT_RESET__LMI_SOFT_RESET_MASK; + tmp &= ~UVD_SOFT_RESET__LMI_UMC_SOFT_RESET_MASK; + WREG32_SOC15(VCN, i, regUVD_SOFT_RESET, tmp); + + /* setup regUVD_LMI_CTRL */ + tmp = RREG32_SOC15(VCN, i, regUVD_LMI_CTRL); + WREG32_SOC15(VCN, i, regUVD_LMI_CTRL, tmp | + UVD_LMI_CTRL__WRITE_CLEAN_TIMER_EN_MASK | + UVD_LMI_CTRL__MASK_MC_URGENT_MASK | + UVD_LMI_CTRL__DATA_COHERENCY_EN_MASK | + UVD_LMI_CTRL__VCPU_DATA_COHERENCY_EN_MASK); + + /* setup regUVD_MPC_CNTL */ + tmp = RREG32_SOC15(VCN, i, regUVD_MPC_CNTL); + tmp &= ~UVD_MPC_CNTL__REPLACEMENT_MODE_MASK; + tmp |= 0x2 << UVD_MPC_CNTL__REPLACEMENT_MODE__SHIFT; + WREG32_SOC15(VCN, i, regUVD_MPC_CNTL, tmp); + + /* setup UVD_MPC_SET_MUXA0 */ + WREG32_SOC15(VCN, i, regUVD_MPC_SET_MUXA0, + ((0x1 << UVD_MPC_SET_MUXA0__VARA_1__SHIFT) | + (0x2 << UVD_MPC_SET_MUXA0__VARA_2__SHIFT) | + (0x3 << UVD_MPC_SET_MUXA0__VARA_3__SHIFT) | + (0x4 << UVD_MPC_SET_MUXA0__VARA_4__SHIFT))); + + /* setup UVD_MPC_SET_MUXB0 */ + WREG32_SOC15(VCN, i, regUVD_MPC_SET_MUXB0, + ((0x1 << UVD_MPC_SET_MUXB0__VARB_1__SHIFT) | + (0x2 << UVD_MPC_SET_MUXB0__VARB_2__SHIFT) | + (0x3 << UVD_MPC_SET_MUXB0__VARB_3__SHIFT) | + (0x4 << UVD_MPC_SET_MUXB0__VARB_4__SHIFT))); + + /* setup UVD_MPC_SET_MUX */ + WREG32_SOC15(VCN, i, regUVD_MPC_SET_MUX, + ((0x0 << UVD_MPC_SET_MUX__SET_0__SHIFT) | + (0x1 << UVD_MPC_SET_MUX__SET_1__SHIFT) | + (0x2 << UVD_MPC_SET_MUX__SET_2__SHIFT))); + + vcn_v4_0_5_mc_resume(adev, i); + + /* VCN global tiling registers */ + WREG32_SOC15(VCN, i, regUVD_GFX10_ADDR_CONFIG, + adev->gfx.config.gb_addr_config); + + /* unblock VCPU register access */ + WREG32_P(SOC15_REG_OFFSET(VCN, i, regUVD_RB_ARB_CTRL), 0, + ~UVD_RB_ARB_CTRL__VCPU_DIS_MASK); + + /* release VCPU reset to boot */ + WREG32_P(SOC15_REG_OFFSET(VCN, i, regUVD_VCPU_CNTL), 0, + ~UVD_VCPU_CNTL__BLK_RST_MASK); + + for (j = 0; j < 10; ++j) { + uint32_t status; + + for (k = 0; k < 100; ++k) { + status = RREG32_SOC15(VCN, i, regUVD_STATUS); + if (status & 2) + break; + mdelay(10); + if (amdgpu_emu_mode == 1) + msleep(1); + } + + if (amdgpu_emu_mode == 1) { + r = -1; + if (status & 2) { r = 0; - if (status & 2) - break; - - dev_err(adev->dev, - "VCN[%d] is not responding, trying to reset VCPU!!!\n", i); - WREG32_P(SOC15_REG_OFFSET(VCN, i, regUVD_VCPU_CNTL), - UVD_VCPU_CNTL__BLK_RST_MASK, - ~UVD_VCPU_CNTL__BLK_RST_MASK); - mdelay(10); - WREG32_P(SOC15_REG_OFFSET(VCN, i, regUVD_VCPU_CNTL), 0, - ~UVD_VCPU_CNTL__BLK_RST_MASK); - - mdelay(10); - r = -1; + break; } + } else { + r = 0; + if (status & 2) + break; + + dev_err(adev->dev, + "VCN[%d] is not responding, trying to reset VCPU!!!\n", i); + WREG32_P(SOC15_REG_OFFSET(VCN, i, regUVD_VCPU_CNTL), + UVD_VCPU_CNTL__BLK_RST_MASK, + ~UVD_VCPU_CNTL__BLK_RST_MASK); + mdelay(10); + WREG32_P(SOC15_REG_OFFSET(VCN, i, regUVD_VCPU_CNTL), 0, + ~UVD_VCPU_CNTL__BLK_RST_MASK); + + mdelay(10); + r = -1; } + } - if (r) { - dev_err(adev->dev, "VCN[%d] is not responding, giving up!!!\n", i); - return r; - } + if (r) { + dev_err(adev->dev, "VCN[%d] is not responding, giving up!!!\n", i); + return r; + } - /* enable master interrupt */ - WREG32_P(SOC15_REG_OFFSET(VCN, i, regUVD_MASTINT_EN), - UVD_MASTINT_EN__VCPU_EN_MASK, - ~UVD_MASTINT_EN__VCPU_EN_MASK); + /* enable master interrupt */ + WREG32_P(SOC15_REG_OFFSET(VCN, i, regUVD_MASTINT_EN), + UVD_MASTINT_EN__VCPU_EN_MASK, + ~UVD_MASTINT_EN__VCPU_EN_MASK); - /* clear the busy bit of VCN_STATUS */ - WREG32_P(SOC15_REG_OFFSET(VCN, i, regUVD_STATUS), 0, - ~(2 << UVD_STATUS__VCPU_REPORT__SHIFT)); + /* clear the busy bit of VCN_STATUS */ + WREG32_P(SOC15_REG_OFFSET(VCN, i, regUVD_STATUS), 0, + ~(2 << UVD_STATUS__VCPU_REPORT__SHIFT)); - ring = &adev->vcn.inst[i].ring_enc[0]; - WREG32_SOC15(VCN, i, regVCN_RB1_DB_CTRL, - ring->doorbell_index << VCN_RB1_DB_CTRL__OFFSET__SHIFT | - VCN_RB1_DB_CTRL__EN_MASK); - - WREG32_SOC15(VCN, i, regUVD_RB_BASE_LO, ring->gpu_addr); - WREG32_SOC15(VCN, i, regUVD_RB_BASE_HI, upper_32_bits(ring->gpu_addr)); - WREG32_SOC15(VCN, i, regUVD_RB_SIZE, ring->ring_size / 4); - - tmp = RREG32_SOC15(VCN, i, regVCN_RB_ENABLE); - tmp &= ~(VCN_RB_ENABLE__RB1_EN_MASK); - WREG32_SOC15(VCN, i, regVCN_RB_ENABLE, tmp); - fw_shared->sq.queue_mode |= FW_QUEUE_RING_RESET; - WREG32_SOC15(VCN, i, regUVD_RB_RPTR, 0); - WREG32_SOC15(VCN, i, regUVD_RB_WPTR, 0); - - tmp = RREG32_SOC15(VCN, i, regUVD_RB_RPTR); - WREG32_SOC15(VCN, i, regUVD_RB_WPTR, tmp); - ring->wptr = RREG32_SOC15(VCN, i, regUVD_RB_WPTR); - - tmp = RREG32_SOC15(VCN, i, regVCN_RB_ENABLE); - tmp |= VCN_RB_ENABLE__RB1_EN_MASK; - WREG32_SOC15(VCN, i, regVCN_RB_ENABLE, tmp); - fw_shared->sq.queue_mode &= ~(FW_QUEUE_RING_RESET | FW_QUEUE_DPG_HOLD_OFF); - } + ring = &adev->vcn.inst[i].ring_enc[0]; + WREG32_SOC15(VCN, i, regVCN_RB1_DB_CTRL, + ring->doorbell_index << VCN_RB1_DB_CTRL__OFFSET__SHIFT | + VCN_RB1_DB_CTRL__EN_MASK); + + WREG32_SOC15(VCN, i, regUVD_RB_BASE_LO, ring->gpu_addr); + WREG32_SOC15(VCN, i, regUVD_RB_BASE_HI, upper_32_bits(ring->gpu_addr)); + WREG32_SOC15(VCN, i, regUVD_RB_SIZE, ring->ring_size / 4); + + tmp = RREG32_SOC15(VCN, i, regVCN_RB_ENABLE); + tmp &= ~(VCN_RB_ENABLE__RB1_EN_MASK); + WREG32_SOC15(VCN, i, regVCN_RB_ENABLE, tmp); + fw_shared->sq.queue_mode |= FW_QUEUE_RING_RESET; + WREG32_SOC15(VCN, i, regUVD_RB_RPTR, 0); + WREG32_SOC15(VCN, i, regUVD_RB_WPTR, 0); + + tmp = RREG32_SOC15(VCN, i, regUVD_RB_RPTR); + WREG32_SOC15(VCN, i, regUVD_RB_WPTR, tmp); + ring->wptr = RREG32_SOC15(VCN, i, regUVD_RB_WPTR); + + tmp = RREG32_SOC15(VCN, i, regVCN_RB_ENABLE); + tmp |= VCN_RB_ENABLE__RB1_EN_MASK; + WREG32_SOC15(VCN, i, regVCN_RB_ENABLE, tmp); + fw_shared->sq.queue_mode &= ~(FW_QUEUE_RING_RESET | FW_QUEUE_DPG_HOLD_OFF); return 0; } @@ -1204,88 +1199,87 @@ static void vcn_v4_0_5_stop_dpg_mode(struct amdgpu_device *adev, int inst_idx) * vcn_v4_0_5_stop - VCN stop * * @adev: amdgpu_device pointer + * @i: instance to stop * * Stop VCN block */ -static int vcn_v4_0_5_stop(struct amdgpu_device *adev) +static int vcn_v4_0_5_stop(struct amdgpu_device *adev, int i) { volatile struct amdgpu_vcn4_fw_shared *fw_shared; uint32_t tmp; - int i, r = 0; + int r = 0; - for (i = 0; i < adev->vcn.num_vcn_inst; ++i) { - if (adev->vcn.harvest_config & (1 << i)) - continue; - - fw_shared = adev->vcn.inst[i].fw_shared.cpu_addr; - fw_shared->sq.queue_mode |= FW_QUEUE_DPG_HOLD_OFF; + if (adev->vcn.harvest_config & (1 << i)) + return 0; - if (adev->pg_flags & AMD_PG_SUPPORT_VCN_DPG) { - vcn_v4_0_5_stop_dpg_mode(adev, i); - continue; - } + fw_shared = adev->vcn.inst[i].fw_shared.cpu_addr; + fw_shared->sq.queue_mode |= FW_QUEUE_DPG_HOLD_OFF; - /* wait for vcn idle */ - r = SOC15_WAIT_ON_RREG(VCN, i, regUVD_STATUS, UVD_STATUS__IDLE, 0x7); - if (r) - return r; + if (adev->pg_flags & AMD_PG_SUPPORT_VCN_DPG) { + vcn_v4_0_5_stop_dpg_mode(adev, i); + r = 0; + goto done; + } - tmp = UVD_LMI_STATUS__VCPU_LMI_WRITE_CLEAN_MASK | - UVD_LMI_STATUS__READ_CLEAN_MASK | - UVD_LMI_STATUS__WRITE_CLEAN_MASK | - UVD_LMI_STATUS__WRITE_CLEAN_RAW_MASK; - r = SOC15_WAIT_ON_RREG(VCN, i, regUVD_LMI_STATUS, tmp, tmp); - if (r) - return r; + /* wait for vcn idle */ + r = SOC15_WAIT_ON_RREG(VCN, i, regUVD_STATUS, UVD_STATUS__IDLE, 0x7); + if (r) + goto done; - /* disable LMI UMC channel */ - tmp = RREG32_SOC15(VCN, i, regUVD_LMI_CTRL2); - tmp |= UVD_LMI_CTRL2__STALL_ARB_UMC_MASK; - WREG32_SOC15(VCN, i, regUVD_LMI_CTRL2, tmp); - tmp = UVD_LMI_STATUS__UMC_READ_CLEAN_RAW_MASK | - UVD_LMI_STATUS__UMC_WRITE_CLEAN_RAW_MASK; - r = SOC15_WAIT_ON_RREG(VCN, i, regUVD_LMI_STATUS, tmp, tmp); - if (r) - return r; + tmp = UVD_LMI_STATUS__VCPU_LMI_WRITE_CLEAN_MASK | + UVD_LMI_STATUS__READ_CLEAN_MASK | + UVD_LMI_STATUS__WRITE_CLEAN_MASK | + UVD_LMI_STATUS__WRITE_CLEAN_RAW_MASK; + r = SOC15_WAIT_ON_RREG(VCN, i, regUVD_LMI_STATUS, tmp, tmp); + if (r) + goto done; + + /* disable LMI UMC channel */ + tmp = RREG32_SOC15(VCN, i, regUVD_LMI_CTRL2); + tmp |= UVD_LMI_CTRL2__STALL_ARB_UMC_MASK; + WREG32_SOC15(VCN, i, regUVD_LMI_CTRL2, tmp); + tmp = UVD_LMI_STATUS__UMC_READ_CLEAN_RAW_MASK | + UVD_LMI_STATUS__UMC_WRITE_CLEAN_RAW_MASK; + r = SOC15_WAIT_ON_RREG(VCN, i, regUVD_LMI_STATUS, tmp, tmp); + if (r) + goto done; - /* block VCPU register access */ - WREG32_P(SOC15_REG_OFFSET(VCN, i, regUVD_RB_ARB_CTRL), - UVD_RB_ARB_CTRL__VCPU_DIS_MASK, - ~UVD_RB_ARB_CTRL__VCPU_DIS_MASK); + /* block VCPU register access */ + WREG32_P(SOC15_REG_OFFSET(VCN, i, regUVD_RB_ARB_CTRL), + UVD_RB_ARB_CTRL__VCPU_DIS_MASK, + ~UVD_RB_ARB_CTRL__VCPU_DIS_MASK); - /* reset VCPU */ - WREG32_P(SOC15_REG_OFFSET(VCN, i, regUVD_VCPU_CNTL), - UVD_VCPU_CNTL__BLK_RST_MASK, - ~UVD_VCPU_CNTL__BLK_RST_MASK); + /* reset VCPU */ + WREG32_P(SOC15_REG_OFFSET(VCN, i, regUVD_VCPU_CNTL), + UVD_VCPU_CNTL__BLK_RST_MASK, + ~UVD_VCPU_CNTL__BLK_RST_MASK); - /* disable VCPU clock */ - WREG32_P(SOC15_REG_OFFSET(VCN, i, regUVD_VCPU_CNTL), 0, - ~(UVD_VCPU_CNTL__CLK_EN_MASK)); + /* disable VCPU clock */ + WREG32_P(SOC15_REG_OFFSET(VCN, i, regUVD_VCPU_CNTL), 0, + ~(UVD_VCPU_CNTL__CLK_EN_MASK)); - /* apply soft reset */ - tmp = RREG32_SOC15(VCN, i, regUVD_SOFT_RESET); - tmp |= UVD_SOFT_RESET__LMI_UMC_SOFT_RESET_MASK; - WREG32_SOC15(VCN, i, regUVD_SOFT_RESET, tmp); - tmp = RREG32_SOC15(VCN, i, regUVD_SOFT_RESET); - tmp |= UVD_SOFT_RESET__LMI_SOFT_RESET_MASK; - WREG32_SOC15(VCN, i, regUVD_SOFT_RESET, tmp); + /* apply soft reset */ + tmp = RREG32_SOC15(VCN, i, regUVD_SOFT_RESET); + tmp |= UVD_SOFT_RESET__LMI_UMC_SOFT_RESET_MASK; + WREG32_SOC15(VCN, i, regUVD_SOFT_RESET, tmp); + tmp = RREG32_SOC15(VCN, i, regUVD_SOFT_RESET); + tmp |= UVD_SOFT_RESET__LMI_SOFT_RESET_MASK; + WREG32_SOC15(VCN, i, regUVD_SOFT_RESET, tmp); - /* clear status */ - WREG32_SOC15(VCN, i, regUVD_STATUS, 0); + /* clear status */ + WREG32_SOC15(VCN, i, regUVD_STATUS, 0); - /* apply HW clock gating */ - vcn_v4_0_5_enable_clock_gating(adev, i); + /* apply HW clock gating */ + vcn_v4_0_5_enable_clock_gating(adev, i); - /* enable VCN power gating */ - vcn_v4_0_5_enable_static_power_gating(adev, i); - } + /* enable VCN power gating */ + vcn_v4_0_5_enable_static_power_gating(adev, i); - for (i = 0; i < adev->vcn.num_vcn_inst; ++i) { - if (adev->pm.dpm_enabled) - amdgpu_dpm_enable_vcn(adev, false, i); - } +done: + if (adev->pm.dpm_enabled) + amdgpu_dpm_enable_vcn(adev, false, i); - return 0; + return r; } /** @@ -1537,15 +1531,17 @@ static int vcn_v4_0_5_set_powergating_state(struct amdgpu_ip_block *ip_block, enum amd_powergating_state state) { struct amdgpu_device *adev = ip_block->adev; - int ret; + int ret = 0, i; if (state == adev->vcn.cur_state) return 0; - if (state == AMD_PG_STATE_GATE) - ret = vcn_v4_0_5_stop(adev); - else - ret = vcn_v4_0_5_start(adev); + for (i = 0; i < adev->vcn.num_vcn_inst; ++i) { + if (state == AMD_PG_STATE_GATE) + ret |= vcn_v4_0_5_stop(adev, i); + else + ret |= vcn_v4_0_5_start(adev, i); + } if (!ret) adev->vcn.cur_state = state; -- 2.49.0

4 months

2
3
0 0

Regression between 6.1.135 and 6.1.139, possibly related to ITS mitigations

by Moritz Mühlenhoff

Hi, I'd like to report a regression which seems related to the latest ITS mitigations in Linux 6.1.x: The server in question is a Supermicro SYS-120C-TN10R with a "Intel(R) Xeon(R) Silver 4310 CPU @ 2.10GHz" CPU, running Debian Bookworm. The full output of /proc/cpuinfo is attached as cpuinfo.txt In addition to the kernel changes between 6.1.135 and 6.1.139 there is also some additional invariant, namely the Intel microcode loaded at early boot: On Linux 6.1.135 every works fine with both the 20250211 and 20250512 microcode releases (kern.log is attached as 6.1.135-feb-microcode.log and 6.1.135-may-microcode.log) With 6.1.139 and the February microcode, oopses appear related to clear_bhb_loop() (which may be related to "x86/its: Align RETs in BHB clear sequence to avoid thunking"?). This is captured in 6.1.139-feb-microcode.log. With 6.1.139 and the May microcode, the system mostly crashes on bootup (in my tests it crashed in three out of four attempts). I've captured both the crash (6.1.139-may-microcode-crash.log) and a working boot (6.1.139-may-microcode-noncrash.log). If you need any additional information, please let me know! Cheers, Moritz

4 months

3
3
0 0

[PATCH v4 rc] iommu: Skip PASID validation for devices without PASID capability

by Tushar Dave

Generally PASID support requires ACS settings that usually create single device groups, but there are some niche cases where we can get multi-device groups and still have working PASID support. The primary issue is that PCI switches are not required to treat PASID tagged TLPs specially so appropriate ACS settings are required to route all TLPs to the host bridge if PASID is going to work properly. pci_enable_pasid() does check that each device that will use PASID has the proper ACS settings to achieve this routing. However, no-PASID devices can be combined with PASID capable devices within the same topology using non-uniform ACS settings. In this case the no-PASID devices may not have strict route to host ACS flags and end up being grouped with the PASID devices. This configuration fails to allow use of the PASID within the iommu core code which wrongly checks if the no-PASID device supports PASID. Fix this by ignoring no-PASID devices during the PASID validation. They will never issue a PASID TLP anyhow so they can be ignored. Fixes: c404f55c26fc ("iommu: Validate the PASID in iommu_attach_device_pasid()") Cc: stable(a)vger.kernel.org Signed-off-by: Tushar Dave <tdave(a)nvidia.com> --- changes in v4: - rebase to 6.15-rc7 drivers/iommu/iommu.c | 43 ++++++++++++++++++++++++++++--------------- 1 file changed, 28 insertions(+), 15 deletions(-) diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c index 4f91a740c15f..9d728800a862 100644 --- a/drivers/iommu/iommu.c +++ b/drivers/iommu/iommu.c @@ -3366,10 +3366,12 @@ static int __iommu_set_group_pasid(struct iommu_domain *domain, int ret; for_each_group_device(group, device) { - ret = domain->ops->set_dev_pasid(domain, device->dev, - pasid, old); - if (ret) - goto err_revert; + if (device->dev->iommu->max_pasids > 0) { + ret = domain->ops->set_dev_pasid(domain, device->dev, + pasid, old); + if (ret) + goto err_revert; + } } return 0; @@ -3379,15 +3381,18 @@ static int __iommu_set_group_pasid(struct iommu_domain *domain, for_each_group_device(group, device) { if (device == last_gdev) break; - /* - * If no old domain, undo the succeeded devices/pasid. - * Otherwise, rollback the succeeded devices/pasid to the old - * domain. And it is a driver bug to fail attaching with a - * previously good domain. - */ - if (!old || WARN_ON(old->ops->set_dev_pasid(old, device->dev, + if (device->dev->iommu->max_pasids > 0) { + /* + * If no old domain, undo the succeeded devices/pasid. + * Otherwise, rollback the succeeded devices/pasid to + * the old domain. And it is a driver bug to fail + * attaching with a previously good domain. + */ + if (!old || + WARN_ON(old->ops->set_dev_pasid(old, device->dev, pasid, domain))) - iommu_remove_dev_pasid(device->dev, pasid, domain); + iommu_remove_dev_pasid(device->dev, pasid, domain); + } } return ret; } @@ -3398,8 +3403,10 @@ static void __iommu_remove_group_pasid(struct iommu_group *group, { struct group_device *device; - for_each_group_device(group, device) - iommu_remove_dev_pasid(device->dev, pasid, domain); + for_each_group_device(group, device) { + if (device->dev->iommu->max_pasids > 0) + iommu_remove_dev_pasid(device->dev, pasid, domain); + } } /* @@ -3440,7 +3447,13 @@ int iommu_attach_device_pasid(struct iommu_domain *domain, mutex_lock(&group->mutex); for_each_group_device(group, device) { - if (pasid >= device->dev->iommu->max_pasids) { + /* + * Skip PASID validation for devices without PASID support + * (max_pasids = 0). These devices cannot issue transactions + * with PASID, so they don't affect group's PASID usage. + */ + if ((device->dev->iommu->max_pasids > 0) && + (pasid >= device->dev->iommu->max_pasids)) { ret = -EINVAL; goto out_unlock; } -- 2.34.1

4 months

4
3
0 0

6.12.29: amdgpu-related "fail"-messages during boot; bisected

by Rainer Fiebig

Hi! After updating to linux-6.12.29, I see lots of "fail"-messages during boot: May 19 23:39:09 LUX kernel: [ 4.819552] amdgpu 0000:30:00.0: amdgpu: [drm] amdgpu: DP AUX transfer fail:4 Bisecting for drivers/gpu/drm/amd had this result: > git bisect bad 2d63e66f7ba7b88b87e72155a33b970c81cf4664 is the first bad commit commit 2d63e66f7ba7b88b87e72155a33b970c81cf4664 (HEAD) Author: Wayne Lin <Wayne.Lin(a)amd.com> Date: Sun Apr 20 19:22:14 2025 +0800 drm/amd/display: Fix wrong handling for AUX_DEFER case commit 65924ec69b29296845c7f628112353438e63ea56 upstream. The system (Ryzen 3 5600G, latest BIOS) is stable so far but the error-messages are not nice to see. Thanks. Rainer Fiebig -- The truth always turns out to be simpler than you thought. Richard Feynman

4 months

3
3
0 0

[PATCH v2] mm/hugetlb: fix a deadlock with pagecache_folio and hugetlb_fault_mutex_table

by Gavin Guo

The patch fixes a deadlock which can be triggered by an internal syzkaller [1] reproducer and captured by bpftrace script [2] and its log [3] in this scenario: Process 1 Process 2 --- --- hugetlb_fault mutex_lock(B) // take B filemap_lock_hugetlb_folio filemap_lock_folio __filemap_get_folio folio_lock(A) // take A hugetlb_wp mutex_unlock(B) // release B ... hugetlb_fault ... mutex_lock(B) // take B filemap_lock_hugetlb_folio filemap_lock_folio __filemap_get_folio folio_lock(A) // blocked unmap_ref_private ... mutex_lock(B) // retake and blocked This is a ABBA deadlock involving two locks: - Lock A: pagecache_folio lock - Lock B: hugetlb_fault_mutex_table lock The deadlock occurs between two processes as follows: 1. The first process (let’s call it Process 1) is handling a copy-on-write (COW) operation on a hugepage via hugetlb_wp. Due to insufficient reserved hugetlb pages, Process 1, owner of the reserved hugetlb page, attempts to unmap a hugepage owned by another process (non-owner) to satisfy the reservation. Before unmapping, Process 1 acquires lock B (hugetlb_fault_mutex_table lock) and then lock A (pagecache_folio lock). To proceed with the unmap, it releases Lock B but retains Lock A. After the unmap, Process 1 tries to reacquire Lock B. However, at this point, Lock B has already been acquired by another process. 2. The second process (Process 2) enters the hugetlb_fault handler during the unmap operation. It successfully acquires Lock B (hugetlb_fault_mutex_table lock) that was just released by Process 1, but then attempts to acquire Lock A (pagecache_folio lock), which is still held by Process 1. As a result, Process 1 (holding Lock A) is blocked waiting for Lock B (held by Process 2), while Process 2 (holding Lock B) is blocked waiting for Lock A (held by Process 1), constructing a ABBA deadlock scenario. The error message: INFO: task repro_20250402_:13229 blocked for more than 64 seconds. Not tainted 6.15.0-rc3+ #24 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:repro_20250402_ state:D stack:25856 pid:13229 tgid:13228 ppid:3513 task_flags:0x400040 flags:0x00004006 Call Trace: <TASK> __schedule+0x1755/0x4f50 schedule+0x158/0x330 schedule_preempt_disabled+0x15/0x30 __mutex_lock+0x75f/0xeb0 hugetlb_wp+0xf88/0x3440 hugetlb_fault+0x14c8/0x2c30 trace_clock_x86_tsc+0x20/0x20 do_user_addr_fault+0x61d/0x1490 exc_page_fault+0x64/0x100 asm_exc_page_fault+0x26/0x30 RIP: 0010:__put_user_4+0xd/0x20 copy_process+0x1f4a/0x3d60 kernel_clone+0x210/0x8f0 __x64_sys_clone+0x18d/0x1f0 do_syscall_64+0x6a/0x120 entry_SYSCALL_64_after_hwframe+0x76/0x7e RIP: 0033:0x41b26d </TASK> INFO: task repro_20250402_:13229 is blocked on a mutex likely owned by task repro_20250402_:13250. task:repro_20250402_ state:D stack:28288 pid:13250 tgid:13228 ppid:3513 task_flags:0x400040 flags:0x00000006 Call Trace: <TASK> __schedule+0x1755/0x4f50 schedule+0x158/0x330 io_schedule+0x92/0x110 folio_wait_bit_common+0x69a/0xba0 __filemap_get_folio+0x154/0xb70 hugetlb_fault+0xa50/0x2c30 trace_clock_x86_tsc+0x20/0x20 do_user_addr_fault+0xace/0x1490 exc_page_fault+0x64/0x100 asm_exc_page_fault+0x26/0x30 RIP: 0033:0x402619 </TASK> INFO: task repro_20250402_:13250 blocked for more than 65 seconds. Not tainted 6.15.0-rc3+ #24 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:repro_20250402_ state:D stack:28288 pid:13250 tgid:13228 ppid:3513 task_flags:0x400040 flags:0x00000006 Call Trace: <TASK> __schedule+0x1755/0x4f50 schedule+0x158/0x330 io_schedule+0x92/0x110 folio_wait_bit_common+0x69a/0xba0 __filemap_get_folio+0x154/0xb70 hugetlb_fault+0xa50/0x2c30 trace_clock_x86_tsc+0x20/0x20 do_user_addr_fault+0xace/0x1490 exc_page_fault+0x64/0x100 asm_exc_page_fault+0x26/0x30 RIP: 0033:0x402619 </TASK> Showing all locks held in the system: 1 lock held by khungtaskd/35: #0: ffffffff879a7440 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x30/0x180 2 locks held by repro_20250402_/13229: #0: ffff888017d801e0 (&mm->mmap_lock){++++}-{4:4}, at: lock_mm_and_find_vma+0x37/0x300 #1: ffff888000fec848 (&hugetlb_fault_mutex_table[i]){+.+.}-{4:4}, at: hugetlb_wp+0xf88/0x3440 3 locks held by repro_20250402_/13250: #0: ffff8880177f3d08 (vm_lock){++++}-{0:0}, at: do_user_addr_fault+0x41b/0x1490 #1: ffff888000fec848 (&hugetlb_fault_mutex_table[i]){+.+.}-{4:4}, at: hugetlb_fault+0x3b8/0x2c30 #2: ffff8880129500e8 (&resv_map->rw_sema){++++}-{4:4}, at: hugetlb_fault+0x494/0x2c30 Link: https://drive.google.com/file/d/1DVRnIW-vSayU5J1re9Ct_br3jJQU6Vpb/view?usp=… [1] Link: https://github.com/bboymimi/bpftracer/blob/master/scripts/hugetlb_lock_debu… [2] Link: https://drive.google.com/file/d/1bWq2-8o-BJAuhoHWX7zAhI6ggfhVzQUI/view?usp=… [3] Fixes: 40549ba8f8e0 ("hugetlb: use new vma_lock for pmd sharing synchronization") Cc: stable(a)vger.kernel.org Cc: Hugh Dickins <hughd(a)google.com> Cc: Florent Revest <revest(a)google.com> Cc: Gavin Shan <gshan(a)redhat.com> Suggested-by: Oscar Salvador <osalvador(a)suse.de> Signed-off-by: Gavin Guo <gavinguo(a)igalia.com> --- V1 -> V2 Suggested-by Oscar Salvador: - Use folio_test_locked to replace the unnecessary parameter passing. mm/hugetlb.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 7ae38bfb9096..ed501f134eff 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -6226,6 +6226,12 @@ static vm_fault_t hugetlb_wp(struct folio *pagecache_folio, u32 hash; folio_put(old_folio); + /* + * The pagecache_folio needs to be unlocked to avoid + * deadlock when the child unmaps the folio. + */ + if (pagecache_folio) + folio_unlock(pagecache_folio); /* * Drop hugetlb_fault_mutex and vma_lock before * unmapping. unmapping needs to hold vma_lock @@ -6823,8 +6829,13 @@ vm_fault_t hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, out_ptl: spin_unlock(vmf.ptl); + /* + * hugetlb_wp() might have already unlocked pagecache_folio, so + * skip it if that is the case. + */ if (pagecache_folio) { - folio_unlock(pagecache_folio); + if (folio_test_locked(pagecache_folio)) + folio_unlock(pagecache_folio); folio_put(pagecache_folio); } out_mutex: base-commit: 4a95bc121ccdaee04c4d72f84dbfa6b880a514b6 -- 2.43.0

4 months

3
6
0 0

[PATCH] tty: serial: 8250_omap: fix TX with DMA for am33xx

by Jiri Slaby (SUSE)

Commit 1788cf6a91d9 ("tty: serial: switch from circ_buf to kfifo") introduced an error in the TX DMA handling for 8250_omap. When the OMAP_DMA_TX_KICK flag is set, the "skip_byte" is pulled from the kfifo and emitted directly in order to start the DMA. While the kfifo is updated, dma->tx_size is not decreased. This leads to uart_xmit_advance() called in omap_8250_dma_tx_complete() advancing the kfifo by one too much. In practice, transmitting N bytes has been seen to result in the last N-1 bytes being sent repeatedly. This change fixes the problem by moving all of the dma setup after the OMAP_DMA_TX_KICK handling and using kfifo_len() instead of the DMA size for the 4-byte cutoff check. This slightly changes the behaviour at buffer wraparound, but it still transmits the correct bytes somehow. Now, the "skip_byte" would no longer be accounted to the stats. As previously, dma->tx_size included also this skip byte, up->icount.tx was updated by aforementioned uart_xmit_advance() in omap_8250_dma_tx_complete(). Fix this by using the uart_fifo_out() helper instead of bare kfifo_get(). Based on patch by Mans Rullgard <mans(a)mansr.com> Fixes: 1788cf6a91d9 ("tty: serial: switch from circ_buf to kfifo") Reported-by: Mans Rullgard <mans(a)mansr.com> Cc: stable(a)vger.kernel.org --- The same as for the original patch, I would appreaciate if someone actually tests this one on a real HW too. A patch to optimize the driver to use 2 sgls is still welcome. I will not add it without actually having the HW. --- drivers/tty/serial/8250/8250_omap.c | 25 ++++++++++--------------- 1 file changed, 10 insertions(+), 15 deletions(-) diff --git a/drivers/tty/serial/8250/8250_omap.c b/drivers/tty/serial/8250/8250_omap.c index c9b1c689a045..bb23afdd63f2 100644 --- a/drivers/tty/serial/8250/8250_omap.c +++ b/drivers/tty/serial/8250/8250_omap.c @@ -1151,16 +1151,6 @@ static int omap_8250_tx_dma(struct uart_8250_port *p) return 0; } - sg_init_table(&sg, 1); - ret = kfifo_dma_out_prepare_mapped(&tport->xmit_fifo, &sg, 1, - UART_XMIT_SIZE, dma->tx_addr); - if (ret != 1) { - serial8250_clear_THRI(p); - return 0; - } - - dma->tx_size = sg_dma_len(&sg); - if (priv->habit & OMAP_DMA_TX_KICK) { unsigned char c; u8 tx_lvl; @@ -1185,18 +1175,22 @@ static int omap_8250_tx_dma(struct uart_8250_port *p) ret = -EBUSY; goto err; } - if (dma->tx_size < 4) { + if (kfifo_len(&tport->xmit_fifo) < 4) { ret = -EINVAL; goto err; } - if (!kfifo_get(&tport->xmit_fifo, &c)) { + if (!uart_fifo_out(&p->port, &c, 1)) { ret = -EINVAL; goto err; } skip_byte = c; - /* now we need to recompute due to kfifo_get */ - kfifo_dma_out_prepare_mapped(&tport->xmit_fifo, &sg, 1, - UART_XMIT_SIZE, dma->tx_addr); + } + + sg_init_table(&sg, 1); + ret = kfifo_dma_out_prepare_mapped(&tport->xmit_fifo, &sg, 1, UART_XMIT_SIZE, dma->tx_addr); + if (ret != 1) { + ret = -EINVAL; + goto err; } desc = dmaengine_prep_slave_sg(dma->txchan, &sg, 1, DMA_MEM_TO_DEV, @@ -1206,6 +1200,7 @@ static int omap_8250_tx_dma(struct uart_8250_port *p) goto err; } + dma->tx_size = sg_dma_len(&sg); dma->tx_running = 1; desc->callback = omap_8250_dma_tx_complete; -- 2.49.0

4 months

4
6
0 0

[PATCH v2] tty: serial: 8250_omap: fix TX with DMA for am33xx

by Jiri Slaby (SUSE)

Commit 1788cf6a91d9 ("tty: serial: switch from circ_buf to kfifo") introduced an error in the TX DMA handling for 8250_omap. When the OMAP_DMA_TX_KICK flag is set, the "skip_byte" is pulled from the kfifo and emitted directly in order to start the DMA. While the kfifo is updated, dma->tx_size is not decreased. This leads to uart_xmit_advance() called in omap_8250_dma_tx_complete() advancing the kfifo by one too much. In practice, transmitting N bytes has been seen to result in the last N-1 bytes being sent repeatedly. This change fixes the problem by moving all of the dma setup after the OMAP_DMA_TX_KICK handling and using kfifo_len() instead of the DMA size for the 4-byte cutoff check. This slightly changes the behaviour at buffer wraparound, but it still transmits the correct bytes somehow. Now, the "skip_byte" would no longer be accounted to the stats. As previously, dma->tx_size included also this skip byte, up->icount.tx was updated by aforementioned uart_xmit_advance() in omap_8250_dma_tx_complete(). Fix this by using the uart_fifo_out() helper instead of bare kfifo_get(). Based on patch by Mans Rullgard <mans(a)mansr.com> Signed-off-by: Jiri Slaby (SUSE) <jirislaby(a)kernel.org> Fixes: 1788cf6a91d9 ("tty: serial: switch from circ_buf to kfifo") Link: https://lore.kernel.org/all/20250506150748.3162-1-mans@mansr.com/ Reported-by: Mans Rullgard <mans(a)mansr.com> Cc: stable(a)vger.kernel.org --- [v2] S-O-B added --- drivers/tty/serial/8250/8250_omap.c | 25 ++++++++++--------------- 1 file changed, 10 insertions(+), 15 deletions(-) diff --git a/drivers/tty/serial/8250/8250_omap.c b/drivers/tty/serial/8250/8250_omap.c index 2a0ce11f405d..72ae08d6204f 100644 --- a/drivers/tty/serial/8250/8250_omap.c +++ b/drivers/tty/serial/8250/8250_omap.c @@ -1173,16 +1173,6 @@ static int omap_8250_tx_dma(struct uart_8250_port *p) return 0; } - sg_init_table(&sg, 1); - ret = kfifo_dma_out_prepare_mapped(&tport->xmit_fifo, &sg, 1, - UART_XMIT_SIZE, dma->tx_addr); - if (ret != 1) { - serial8250_clear_THRI(p); - return 0; - } - - dma->tx_size = sg_dma_len(&sg); - if (priv->habit & OMAP_DMA_TX_KICK) { unsigned char c; u8 tx_lvl; @@ -1207,18 +1197,22 @@ static int omap_8250_tx_dma(struct uart_8250_port *p) ret = -EBUSY; goto err; } - if (dma->tx_size < 4) { + if (kfifo_len(&tport->xmit_fifo) < 4) { ret = -EINVAL; goto err; } - if (!kfifo_get(&tport->xmit_fifo, &c)) { + if (!uart_fifo_out(&p->port, &c, 1)) { ret = -EINVAL; goto err; } skip_byte = c; - /* now we need to recompute due to kfifo_get */ - kfifo_dma_out_prepare_mapped(&tport->xmit_fifo, &sg, 1, - UART_XMIT_SIZE, dma->tx_addr); + } + + sg_init_table(&sg, 1); + ret = kfifo_dma_out_prepare_mapped(&tport->xmit_fifo, &sg, 1, UART_XMIT_SIZE, dma->tx_addr); + if (ret != 1) { + ret = -EINVAL; + goto err; } desc = dmaengine_prep_slave_sg(dma->txchan, &sg, 1, DMA_MEM_TO_DEV, @@ -1228,6 +1222,7 @@ static int omap_8250_tx_dma(struct uart_8250_port *p) goto err; } + dma->tx_size = sg_dma_len(&sg); dma->tx_running = 1; desc->callback = omap_8250_dma_tx_complete; -- 2.49.0

4 months

1
0
0 0

[PATCH 6.1 00/97] 6.1.140-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.140 release. There are 97 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 22 May 2025 12:57:37 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.140-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.140-rc1 Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: fix pm notifier handling Théo Lebrun <theo.lebrun(a)bootlin.com> spi: cadence-qspi: fix pointer reference in runtime PM hooks Shigeru Yoshida <syoshida(a)redhat.com> ipv4: Fix uninit-value access in __ip_make_skb() Shigeru Yoshida <syoshida(a)redhat.com> ipv6: Fix potential uninit-value access in __ip6_make_skb() Shravya KN <shravya.k-n(a)broadcom.com> bnxt_en: Fix receive ring space parameters when XDP is active Maciej S. Szmigiero <mail(a)maciej.szmigiero.name> platform/x86/amd/pmc: Only disable IRQ1 wakeup where i8042 actually enabled it Mark Brown <broonie(a)kernel.org> arm64/sme: Always exit sme_alloc() early with existing storage Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: do not defer rule destruction via call_rcu Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: wait for rcu grace period on net_device removal Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: pass nft_chain to destroy function, not nft_ctx Filipe Manana <fdmanana(a)suse.com> btrfs: don't BUG_ON() when 0 reference count at btrfs_lookup_extent_info() Eric Dumazet <edumazet(a)google.com> sctp: add mutual exclusion in proc_sctp_do_udp_port() Ma Wupeng <mawupeng1(a)huawei.com> hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Explicitly specify code model in Makefile Peter Collingbourne <pcc(a)google.com> bpf, arm64: Fix address emission with tag-based KASAN enabled Puranjay Mohan <puranjay(a)kernel.org> bpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG Xu Lu <luxu.kernel(a)bytedance.com> riscv: mm: Fix the out of bound issue of vmemmap address Byungchul Park <byungchul(a)sk.com> mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone index Feng Tang <feng.tang(a)linux.alibaba.com> selftests/mm: compaction_test: support platform with huge mount of memory GONG Ruiqi <gongruiqi1(a)huawei.com> usb: typec: fix pm usage counter imbalance in ucsi_ccg_sync_control() Dan Carpenter <dan.carpenter(a)linaro.org> usb: typec: fix potential array underflow in ucsi_ccg_sync_control() RD Babiera <rdbabiera(a)google.com> usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group Andrei Kuchynski <akuchynski(a)chromium.org> usb: typec: ucsi: displayport: Fix deadlock Shuai Xue <xueshuai(a)linux.alibaba.com> dmaengine: idxd: fix memory leak in error handling path of idxd_pci_probe Shuai Xue <xueshuai(a)linux.alibaba.com> dmaengine: idxd: fix memory leak in error handling path of idxd_alloc Shuai Xue <xueshuai(a)linux.alibaba.com> dmaengine: idxd: Add missing idxd cleanup to fix memory leak in remove call Shuai Xue <xueshuai(a)linux.alibaba.com> dmaengine: idxd: Add missing cleanups in cleanup internals Shuai Xue <xueshuai(a)linux.alibaba.com> dmaengine: idxd: Add missing cleanup for early error out in idxd_setup_internals Shuai Xue <xueshuai(a)linux.alibaba.com> dmaengine: idxd: fix memory leak in error handling path of idxd_setup_groups Shuai Xue <xueshuai(a)linux.alibaba.com> dmaengine: idxd: fix memory leak in error handling path of idxd_setup_engines Shuai Xue <xueshuai(a)linux.alibaba.com> dmaengine: idxd: fix memory leak in error handling path of idxd_setup_wqs Yemike Abhilash Chandra <y-abhilashchandra(a)ti.com> dmaengine: ti: k3-udma: Use cap_mask directly from dma_device structure instead of a local copy Ronald Wahl <ronald.wahl(a)legrand.com> dmaengine: ti: k3-udma: Add missing locking Nathan Chancellor <nathan(a)kernel.org> net: qede: Initialize qede_ll_ops with designated initializer Fedor Pchelkin <pchelkin(a)ispras.ru> wifi: mt76: disable napi on driver removal Jethro Donaldson <devel(a)jro.nz> smb: client: fix memory leak during error handling for POSIX mkdir Steve Siwinski <ssiwinski(a)atto.com> scsi: sd_zbc: block: Respect bio vector limits for REPORT ZONES buffer Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> phy: renesas: rcar-gen3-usb2: Set timing registers only once Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> phy: renesas: rcar-gen3-usb2: Fix role detection on unbind/bind Ma Ke <make24(a)iscas.ac.cn> phy: Fix error handling in tegra_xusb_port_init Steven Rostedt <rostedt(a)goodmis.org> tracing: samples: Initialize trace_array_printk() with the correct function pengdonglin <pengdonglin(a)xiaomi.com> ftrace: Fix preemption accounting for stacktrace filter command pengdonglin <pengdonglin(a)xiaomi.com> ftrace: Fix preemption accounting for stacktrace trigger command Michael Kelley <mhklinux(a)outlook.com> Drivers: hv: vmbus: Remove vmbus_sendpacket_pagebuffer() Michael Kelley <mhklinux(a)outlook.com> Drivers: hv: Allow vmbus_sendpacket_mpb_desc() to create multiple ranges Michael Kelley <mhklinux(a)outlook.com> hv_netvsc: Remove rmsg_pgcnt Michael Kelley <mhklinux(a)outlook.com> hv_netvsc: Preserve contiguous PFN grouping in the page buffer array Michael Kelley <mhklinux(a)outlook.com> hv_netvsc: Use vmbus_sendpacket_mpb_desc() to send VMBus messages Hyejeong Choi <hjeong.choi(a)samsung.com> dma-buf: insert memory barrier before updating num_fences Nicolas Chauvet <kwizart(a)gmail.com> ALSA: usb-audio: Add sample rate quirk for Microdia JP001 USB Camera Christian Heusel <christian(a)heusel.eu> ALSA: usb-audio: Add sample rate quirk for Audioengine D1 Wentao Liang <vulab(a)iscas.ac.cn> ALSA: es1968: Add error handling for snd_pcm_hw_constraint_pow2() Jeremy Linton <jeremy.linton(a)arm.com> ACPI: PPTT: Fix processor subtable walk Wayne Lin <Wayne.Lin(a)amd.com> drm/amd/display: Avoid flooding unnecessary info messages Wayne Lin <Wayne.Lin(a)amd.com> drm/amd/display: Correct the reply value when AUX write incomplete Filipe Manana <fdmanana(a)suse.com> btrfs: fix discard worker infinite loop after disabling discard Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Fix MAX_REG_OFFSET calculation Nathan Lynch <nathan.lynch(a)amd.com> dmaengine: Revert "dmaengine: dmatest: Fix dmatest waiting less when interrupted" Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4/pnfs: Reset the layout state after a layoutreturn Pengtao He <hept.hept.hept(a)gmail.com> net/tls: fix kernel panic when alloc_page failed Subbaraya Sundeep <sbhatta(a)marvell.com> octeontx2-pf: macsec: Fix incorrect max transmit size in TX secy Cosmin Tanislav <demonsingur(a)gmail.com> regulator: max20086: fix invalid memory access Abdun Nihaal <abdun.nihaal(a)gmail.com> qlcnic: fix memory leak in qlcnic_sriov_channel_cfg_cmd() Carolina Jubran <cjubran(a)nvidia.com> net/mlx5e: Disable MACsec offload for uplink representor profile Geert Uytterhoeven <geert+renesas(a)glider.be> ALSA: sh: SND_AICA should depend on SH_DMA_API Keith Busch <kbusch(a)kernel.org> nvme-pci: acquire cq_poll_lock in nvme_poll_irqdisable Kees Cook <kees(a)kernel.org> nvme-pci: make nvme_pci_npages_prp() __always_inline Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: sja1105: discard incoming frames in BR_STATE_LISTENING Mathieu Othacehe <othacehe(a)gnu.org> net: cadence: macb: Fix a possible deadlock in macb_halt_tx. Andrew Jeffery <andrew(a)codeconstruct.com.au> net: mctp: Ensure keys maintain only one ref to corresponding dev Cong Wang <xiyou.wangcong(a)gmail.com> net_sched: Flush gso_skb list too during ->change() Geert Uytterhoeven <geert+renesas(a)glider.be> spi: loopback-test: Do not split 1024-byte hexdumps Li Lingfeng <lilingfeng3(a)huawei.com> nfs: handle failure of nfs_get_lock_context in unlock path Henry Martin <bsdhenrymartin(a)gmail.com> HID: uclogic: Add NULL check in uclogic_input_configured() Qasim Ijaz <qasdev00(a)gmail.com> HID: thrustmaster: fix memory leak in thrustmaster_interrupts() Zhu Yanjun <yanjun.zhu(a)linux.dev> RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> clocksource/i8253: Use raw_spinlock_irqsave() in clockevent_i8253_disable() David Lechner <dlechner(a)baylibre.com> iio: chemical: sps30: use aligned_s64 for timestamp Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: adc: ad7768-1: Fix insufficient alignment of timestamp. Alex Deucher <alexander.deucher(a)amd.com> Revert "drm/amd: Stop evicting resources on APUs in suspend" Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Add Suspend/Hibernate notification callback support Zhigang Luo <Zhigang.Luo(a)amd.com> drm/amdgpu: trigger flr_work if reading pf2vf data failed Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Fix the runtime resume failure issue Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Stop evicting resources on APUs in suspend Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: adc: ad7266: Fix potential timestamp alignment issue. Michal Suchanek <msuchanek(a)suse.de> tpm: tis: Double the timeout B to 4s Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing: probes: Fix a possible race in trace_probe_log APIs Hans de Goede <hdegoede(a)redhat.com> platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection Kees Cook <kees(a)kernel.org> binfmt_elf: Move brk for static PIE even if ASLR disabled Kees Cook <kees(a)kernel.org> binfmt_elf: Honor PT_LOAD alignment for static PIE Kees Cook <kees(a)kernel.org> binfmt_elf: Calculate total_size earlier Kees Cook <kees(a)kernel.org> selftests/exec: Build both static and non-static load_address tests Kees Cook <keescook(a)chromium.org> binfmt_elf: Leave a gap between .bss and brk Muhammad Usama Anjum <usama.anjum(a)collabora.com> selftests/exec: load_address: conform test to TAP format output Kees Cook <keescook(a)chromium.org> binfmt_elf: elf_bss no longer used by load_elf_binary() Eric W. Biederman <ebiederm(a)xmission.com> binfmt_elf: Support segments with 0 filesz and misaligned starts Kees Cook <keescook(a)chromium.org> binfmt: Fix whitespace issues ------------- Diffstat: Makefile | 4 +- arch/arm64/kernel/fpsimd.c | 6 +- arch/arm64/net/bpf_jit_comp.c | 12 +- arch/loongarch/Makefile | 2 +- arch/loongarch/include/asm/ptrace.h | 2 +- arch/riscv/include/asm/page.h | 1 + arch/riscv/include/asm/pgtable.h | 2 +- arch/riscv/mm/init.c | 17 +- block/bio.c | 2 +- drivers/acpi/pptt.c | 11 +- drivers/char/tpm/tpm_tis_core.h | 2 +- drivers/clocksource/i8253.c | 4 +- drivers/dma-buf/dma-resv.c | 5 +- drivers/dma/dmatest.c | 6 +- drivers/dma/idxd/init.c | 145 +++++++--- drivers/dma/ti/k3-udma.c | 10 +- drivers/gpu/drm/amd/amdgpu/amdgpu.h | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 51 +++- drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 11 +- drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c | 29 +- drivers/gpu/drm/amd/amdgpu/amdgpu_virt.h | 3 + drivers/gpu/drm/amd/amdgpu/mxgpu_ai.c | 2 + drivers/gpu/drm/amd/amdgpu/mxgpu_nv.c | 2 + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 3 +- .../amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 16 +- drivers/hid/hid-thrustmaster.c | 1 + drivers/hid/hid-uclogic-core.c | 7 +- drivers/hv/channel.c | 65 +---- drivers/iio/adc/ad7266.c | 2 +- drivers/iio/adc/ad7768-1.c | 2 +- drivers/iio/chemical/sps30.c | 2 +- drivers/infiniband/sw/rxe/rxe_cq.c | 5 +- drivers/net/dsa/sja1105/sja1105_main.c | 6 +- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 10 +- drivers/net/ethernet/cadence/macb_main.c | 19 +- .../ethernet/marvell/octeontx2/nic/cn10k_macsec.c | 3 +- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 4 + drivers/net/ethernet/qlogic/qede/qede_main.c | 2 +- .../ethernet/qlogic/qlcnic/qlcnic_sriov_common.c | 7 +- drivers/net/hyperv/hyperv_net.h | 13 +- drivers/net/hyperv/netvsc.c | 57 +++- drivers/net/hyperv/netvsc_drv.c | 62 +---- drivers/net/hyperv/rndis_filter.c | 24 +- drivers/net/wireless/mediatek/mt76/dma.c | 1 + drivers/nvme/host/pci.c | 4 +- drivers/phy/renesas/phy-rcar-gen3-usb2.c | 38 ++- drivers/phy/tegra/xusb.c | 8 +- drivers/platform/x86/amd/pmc.c | 8 +- drivers/platform/x86/asus-wmi.c | 3 +- drivers/regulator/max20086-regulator.c | 7 +- drivers/scsi/sd_zbc.c | 6 +- drivers/scsi/storvsc_drv.c | 1 + drivers/spi/spi-cadence-quadspi.c | 6 +- drivers/spi/spi-loopback-test.c | 2 +- drivers/usb/typec/altmodes/displayport.c | 18 +- drivers/usb/typec/ucsi/displayport.c | 19 +- drivers/usb/typec/ucsi/ucsi.c | 34 +++ drivers/usb/typec/ucsi/ucsi.h | 3 + drivers/usb/typec/ucsi/ucsi_ccg.c | 5 + fs/binfmt_elf.c | 293 ++++++++++++--------- fs/binfmt_elf_fdpic.c | 2 +- fs/btrfs/discard.c | 17 +- fs/btrfs/extent-tree.c | 25 +- fs/exec.c | 2 +- fs/nfs/nfs4proc.c | 9 +- fs/nfs/pnfs.c | 9 + fs/smb/client/smb2pdu.c | 2 +- include/linux/bio.h | 1 + include/linux/hyperv.h | 7 - include/linux/tpm.h | 2 +- include/net/netfilter/nf_tables.h | 3 +- include/net/sch_generic.h | 15 ++ include/uapi/linux/elf.h | 2 +- kernel/trace/trace_dynevent.c | 16 +- kernel/trace/trace_dynevent.h | 1 + kernel/trace/trace_events_trigger.c | 2 +- kernel/trace/trace_functions.c | 6 +- kernel/trace/trace_kprobe.c | 2 +- kernel/trace/trace_probe.c | 9 + kernel/trace/trace_uprobe.c | 2 +- mm/memory_hotplug.c | 6 +- mm/migrate.c | 8 + net/ipv4/ip_output.c | 3 +- net/ipv4/raw.c | 3 + net/ipv6/ip6_output.c | 3 +- net/mctp/route.c | 4 +- net/netfilter/nf_tables_api.c | 54 ++-- net/netfilter/nft_immediate.c | 2 +- net/sched/sch_codel.c | 2 +- net/sched/sch_fq.c | 2 +- net/sched/sch_fq_codel.c | 2 +- net/sched/sch_fq_pie.c | 2 +- net/sched/sch_hhf.c | 2 +- net/sched/sch_pie.c | 2 +- net/sctp/sysctl.c | 4 + net/tls/tls_strp.c | 3 +- samples/ftrace/sample-trace-array.c | 2 +- sound/pci/es1968.c | 6 +- sound/sh/Kconfig | 2 +- sound/usb/quirks.c | 4 + tools/testing/selftests/exec/Makefile | 19 +- tools/testing/selftests/exec/load_address.c | 83 ++++-- tools/testing/selftests/vm/compaction_test.c | 19 +- 103 files changed, 937 insertions(+), 530 deletions(-)

4 months

10
106
0 0

[PATCH 6.6 000/117] 6.6.92-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.92 release. There are 117 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 22 May 2025 12:57:37 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.92-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.92-rc1 Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: fix pm notifier handling Dan Carpenter <dan.carpenter(a)linaro.org> phy: tegra: xusb: remove a stray unlock Filipe Manana <fdmanana(a)suse.com> btrfs: don't BUG_ON() when 0 reference count at btrfs_lookup_extent_info() Eric Dumazet <edumazet(a)google.com> sctp: add mutual exclusion in proc_sctp_do_udp_port() Ma Wupeng <mawupeng1(a)huawei.com> hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio Tom Lendacky <thomas.lendacky(a)amd.com> memblock: Accept allocated memory before use in memblock_double_array() Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Explicitly specify code model in Makefile Peter Collingbourne <pcc(a)google.com> bpf, arm64: Fix address emission with tag-based KASAN enabled Puranjay Mohan <puranjay(a)kernel.org> bpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG Zi Yan <ziy(a)nvidia.com> mm/migrate: correct nr_failed in migrate_pages_sync() Feng Tang <feng.tang(a)linux.alibaba.com> selftests/mm: compaction_test: support platform with huge mount of memory Andrei Kuchynski <akuchynski(a)chromium.org> usb: typec: ucsi: displayport: Fix deadlock Neeraj Sanjay Kale <neeraj.sanjaykale(a)nxp.com> Bluetooth: btnxpuart: Fix kernel panic during FW release Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> mm/page_alloc: fix race condition in unaccepted memory handling Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/its: Fix build error for its_static_thunk() Shuai Xue <xueshuai(a)linux.alibaba.com> dmaengine: idxd: Refactor remove call with idxd_cleanup() helper Shuai Xue <xueshuai(a)linux.alibaba.com> dmaengine: idxd: fix memory leak in error handling path of idxd_pci_probe Shuai Xue <xueshuai(a)linux.alibaba.com> dmaengine: idxd: fix memory leak in error handling path of idxd_alloc Shuai Xue <xueshuai(a)linux.alibaba.com> dmaengine: idxd: Add missing idxd cleanup to fix memory leak in remove call Shuai Xue <xueshuai(a)linux.alibaba.com> dmaengine: idxd: Add missing cleanups in cleanup internals Shuai Xue <xueshuai(a)linux.alibaba.com> dmaengine: idxd: Add missing cleanup for early error out in idxd_setup_internals Shuai Xue <xueshuai(a)linux.alibaba.com> dmaengine: idxd: fix memory leak in error handling path of idxd_setup_groups Shuai Xue <xueshuai(a)linux.alibaba.com> dmaengine: idxd: fix memory leak in error handling path of idxd_setup_engines Shuai Xue <xueshuai(a)linux.alibaba.com> dmaengine: idxd: fix memory leak in error handling path of idxd_setup_wqs Yemike Abhilash Chandra <y-abhilashchandra(a)ti.com> dmaengine: ti: k3-udma: Use cap_mask directly from dma_device structure instead of a local copy Ronald Wahl <ronald.wahl(a)legrand.com> dmaengine: ti: k3-udma: Add missing locking Nathan Chancellor <nathan(a)kernel.org> net: qede: Initialize qede_ll_ops with designated initializer Fedor Pchelkin <pchelkin(a)ispras.ru> wifi: mt76: disable napi on driver removal Aaron Kling <webgeek1234(a)gmail.com> spi: tegra114: Use value to check for invalid delays Jethro Donaldson <devel(a)jro.nz> smb: client: fix memory leak during error handling for POSIX mkdir Steve Siwinski <ssiwinski(a)atto.com> scsi: sd_zbc: block: Respect bio vector limits for REPORT ZONES buffer Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> phy: renesas: rcar-gen3-usb2: Set timing registers only once Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> phy: renesas: rcar-gen3-usb2: Fix role detection on unbind/bind Ma Ke <make24(a)iscas.ac.cn> phy: Fix error handling in tegra_xusb_port_init Wayne Chang <waynec(a)nvidia.com> phy: tegra: xusb: Use a bitmask for UTMI pad power state tracking Steven Rostedt <rostedt(a)goodmis.org> tracing: samples: Initialize trace_array_printk() with the correct function pengdonglin <pengdonglin(a)xiaomi.com> ftrace: Fix preemption accounting for stacktrace filter command pengdonglin <pengdonglin(a)xiaomi.com> ftrace: Fix preemption accounting for stacktrace trigger command Michael Kelley <mhklinux(a)outlook.com> Drivers: hv: vmbus: Remove vmbus_sendpacket_pagebuffer() Michael Kelley <mhklinux(a)outlook.com> Drivers: hv: Allow vmbus_sendpacket_mpb_desc() to create multiple ranges Michael Kelley <mhklinux(a)outlook.com> hv_netvsc: Remove rmsg_pgcnt Michael Kelley <mhklinux(a)outlook.com> hv_netvsc: Preserve contiguous PFN grouping in the page buffer array Michael Kelley <mhklinux(a)outlook.com> hv_netvsc: Use vmbus_sendpacket_mpb_desc() to send VMBus messages Hyejeong Choi <hjeong.choi(a)samsung.com> dma-buf: insert memory barrier before updating num_fences Nicolas Chauvet <kwizart(a)gmail.com> ALSA: usb-audio: Add sample rate quirk for Microdia JP001 USB Camera Christian Heusel <christian(a)heusel.eu> ALSA: usb-audio: Add sample rate quirk for Audioengine D1 Wentao Liang <vulab(a)iscas.ac.cn> ALSA: es1968: Add error handling for snd_pcm_hw_constraint_pow2() Jeremy Linton <jeremy.linton(a)arm.com> ACPI: PPTT: Fix processor subtable walk Wayne Lin <Wayne.Lin(a)amd.com> drm/amd/display: Avoid flooding unnecessary info messages Wayne Lin <Wayne.Lin(a)amd.com> drm/amd/display: Correct the reply value when AUX write incomplete Tiezhu Yang <yangtiezhu(a)loongson.cn> LoongArch: uprobes: Remove redundant code about resume_era Tiezhu Yang <yangtiezhu(a)loongson.cn> LoongArch: uprobes: Remove user_{en,dis}able_single_step() Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Fix MAX_REG_OFFSET calculation Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Save and restore CSR.CNTC for hibernation Tianyang Zhang <zhangtianyang(a)loongson.cn> LoongArch: Prevent cond_resched() occurring within kernel-fpu Jan Kara <jack(a)suse.cz> udf: Make sure i_lenExtents is uptodate on inode eviction Nathan Lynch <nathan.lynch(a)amd.com> dmaengine: Revert "dmaengine: dmatest: Fix dmatest waiting less when interrupted" Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4/pnfs: Reset the layout state after a layoutreturn Gerhard Engleder <gerhard(a)engleder-embedded.com> tsnep: fix timestamping with a stacked DSA driver Gerhard Engleder <gerhard(a)engleder-embedded.com> tsnep: Inline small fragments within TX descriptor Pengtao He <hept.hept.hept(a)gmail.com> net/tls: fix kernel panic when alloc_page failed Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_router: Fix use-after-free when deleting GRE net devices Kees Cook <kees(a)kernel.org> wifi: mac80211: Set n_channels after allocating struct cfg80211_scan_request Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-af: Fix CGX Receive counters Bo-Cun Chen <bc-bocun.chen(a)mediatek.com> net: ethernet: mtk_eth_soc: fix typo for declaration MT7988 ESW capability Subbaraya Sundeep <sbhatta(a)marvell.com> octeontx2-pf: macsec: Fix incorrect max transmit size in TX secy Cosmin Tanislav <demonsingur(a)gmail.com> regulator: max20086: fix invalid memory access Abdun Nihaal <abdun.nihaal(a)gmail.com> qlcnic: fix memory leak in qlcnic_sriov_channel_cfg_cmd() Carolina Jubran <cjubran(a)nvidia.com> net/mlx5e: Disable MACsec offload for uplink representor profile Geert Uytterhoeven <geert+renesas(a)glider.be> ALSA: sh: SND_AICA should depend on SH_DMA_API Keith Busch <kbusch(a)kernel.org> nvme-pci: acquire cq_poll_lock in nvme_poll_irqdisable Kees Cook <kees(a)kernel.org> nvme-pci: make nvme_pci_npages_prp() __always_inline Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: sja1105: discard incoming frames in BR_STATE_LISTENING Mathieu Othacehe <othacehe(a)gnu.org> net: cadence: macb: Fix a possible deadlock in macb_halt_tx. Takashi Iwai <tiwai(a)suse.de> ALSA: ump: Fix a typo of snd_ump_stream_msg_device_info Takashi Iwai <tiwai(a)suse.de> ALSA: seq: Fix delivery of UMP events to group ports Andrew Jeffery <andrew(a)codeconstruct.com.au> net: mctp: Ensure keys maintain only one ref to corresponding dev Matt Johnston <matt(a)codeconstruct.com.au> net: mctp: Don't access ifa_index when missing Eric Dumazet <edumazet(a)google.com> mctp: no longer rely on net->dev_index_head[] Hangbin Liu <liuhangbin(a)gmail.com> tools/net/ynl: ethtool: fix crash when Hardware Clock info is missing Rahul Rameshbabu <rrameshbabu(a)nvidia.com> tools: ynl: ethtool.py: Output timestamping statistics from tsinfo-get operation Cong Wang <xiyou.wangcong(a)gmail.com> net_sched: Flush gso_skb list too during ->change() Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: MGMT: Fix MGMT_OP_ADD_DEVICE invalid device flags Geert Uytterhoeven <geert+renesas(a)glider.be> spi: loopback-test: Do not split 1024-byte hexdumps Li Lingfeng <lilingfeng3(a)huawei.com> nfs: handle failure of nfs_get_lock_context in unlock path Henry Martin <bsdhenrymartin(a)gmail.com> HID: uclogic: Add NULL check in uclogic_input_configured() Qasim Ijaz <qasdev00(a)gmail.com> HID: thrustmaster: fix memory leak in thrustmaster_interrupts() Zhu Yanjun <yanjun.zhu(a)linux.dev> RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug David Lechner <dlechner(a)baylibre.com> iio: chemical: sps30: use aligned_s64 for timestamp Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: adc: ad7768-1: Fix insufficient alignment of timestamp. Alex Deucher <alexander.deucher(a)amd.com> Revert "drm/amd: Stop evicting resources on APUs in suspend" Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Add Suspend/Hibernate notification callback support Zhigang Luo <Zhigang.Luo(a)amd.com> drm/amdgpu: trigger flr_work if reading pf2vf data failed Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Fix the runtime resume failure issue Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Stop evicting resources on APUs in suspend Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: adc: ad7266: Fix potential timestamp alignment issue. Mikhail Lobanov <m.lobanov(a)rosa.ru> KVM: SVM: Forcibly leave SMM mode on SHUTDOWN interception Peter Gonda <pgonda(a)google.com> KVM: SVM: Update SEV-ES shutdown intercepts with more metadata Cristian Marussi <cristian.marussi(a)arm.com> firmware: arm_scmi: Fix timeout checks on polling path Luke Parkin <luke.parkin(a)arm.com> firmware: arm_scmi: Track basic SCMI communication debug metrics Luke Parkin <luke.parkin(a)arm.com> firmware: arm_scmi: Add support for debug metrics at the interface Cristian Marussi <cristian.marussi(a)arm.com> firmware: arm_scmi: Add message dump traces for bad and unexpected replies Cristian Marussi <cristian.marussi(a)arm.com> firmware: arm_scmi: Add helper to trace bad messages Michal Suchanek <msuchanek(a)suse.de> tpm: tis: Double the timeout B to 4s Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing: probes: Fix a possible race in trace_probe_log APIs Waiman Long <longman(a)redhat.com> cgroup/cpuset: Extend kthread_is_per_cpu() check to all PF_NO_SETAFFINITY tasks Hans de Goede <hdegoede(a)redhat.com> platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection Runhua He <hua(a)aosc.io> platform/x86/amd/pmc: Declare quirk_spurious_8042 for MECHREVO Wujie 14XA (GX4HRXL) Kees Cook <kees(a)kernel.org> binfmt_elf: Move brk for static PIE even if ASLR disabled Kees Cook <kees(a)kernel.org> binfmt_elf: Honor PT_LOAD alignment for static PIE Kees Cook <kees(a)kernel.org> binfmt_elf: Calculate total_size earlier Kees Cook <kees(a)kernel.org> selftests/exec: Build both static and non-static load_address tests Kees Cook <keescook(a)chromium.org> binfmt_elf: Leave a gap between .bss and brk Muhammad Usama Anjum <usama.anjum(a)collabora.com> selftests/exec: load_address: conform test to TAP format output Kees Cook <keescook(a)chromium.org> binfmt_elf: elf_bss no longer used by load_elf_binary() Eric W. Biederman <ebiederm(a)xmission.com> binfmt_elf: Support segments with 0 filesz and misaligned starts Stephen Smalley <stephen.smalley.work(a)gmail.com> fs/xattr.c: fix simple_xattr_list to always include security.* xattrs ------------- Diffstat: Makefile | 4 +- arch/arm64/net/bpf_jit_comp.c | 12 +- arch/loongarch/Makefile | 2 +- arch/loongarch/include/asm/ptrace.h | 2 +- arch/loongarch/include/asm/uprobes.h | 1 - arch/loongarch/kernel/kfpu.c | 22 +- arch/loongarch/kernel/time.c | 2 +- arch/loongarch/kernel/uprobes.c | 11 +- arch/loongarch/power/hibernate.c | 3 + arch/x86/kernel/alternative.c | 17 +- arch/x86/kvm/smm.c | 1 + arch/x86/kvm/svm/svm.c | 19 +- block/bio.c | 2 +- drivers/acpi/pptt.c | 11 +- drivers/bluetooth/btnxpuart.c | 6 +- drivers/char/tpm/tpm_tis_core.h | 2 +- drivers/dma-buf/dma-resv.c | 5 +- drivers/dma/dmatest.c | 6 +- drivers/dma/idxd/init.c | 159 ++++++++---- drivers/dma/ti/k3-udma.c | 10 +- drivers/firmware/arm_scmi/Kconfig | 14 + drivers/firmware/arm_scmi/common.h | 35 +++ drivers/firmware/arm_scmi/driver.c | 89 ++++++- drivers/firmware/arm_scmi/mailbox.c | 3 + drivers/gpu/drm/amd/amdgpu/amdgpu.h | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 51 +++- drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 11 +- drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c | 29 ++- drivers/gpu/drm/amd/amdgpu/amdgpu_virt.h | 3 + drivers/gpu/drm/amd/amdgpu/mxgpu_ai.c | 2 + drivers/gpu/drm/amd/amdgpu/mxgpu_nv.c | 2 + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 3 +- .../amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 16 +- drivers/hid/hid-thrustmaster.c | 1 + drivers/hid/hid-uclogic-core.c | 7 +- drivers/hv/channel.c | 65 +---- drivers/iio/adc/ad7266.c | 2 +- drivers/iio/adc/ad7768-1.c | 2 +- drivers/iio/chemical/sps30.c | 2 +- drivers/infiniband/sw/rxe/rxe_cq.c | 5 +- drivers/net/dsa/sja1105/sja1105_main.c | 6 +- drivers/net/ethernet/cadence/macb_main.c | 19 +- drivers/net/ethernet/engleder/tsnep_hw.h | 2 + drivers/net/ethernet/engleder/tsnep_main.c | 131 +++++++--- drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 5 + .../ethernet/marvell/octeontx2/nic/cn10k_macsec.c | 3 +- drivers/net/ethernet/mediatek/mtk_eth_soc.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 4 + .../net/ethernet/mellanox/mlxsw/spectrum_router.c | 3 + drivers/net/ethernet/qlogic/qede/qede_main.c | 2 +- .../ethernet/qlogic/qlcnic/qlcnic_sriov_common.c | 7 +- drivers/net/hyperv/hyperv_net.h | 13 +- drivers/net/hyperv/netvsc.c | 57 ++++- drivers/net/hyperv/netvsc_drv.c | 62 +---- drivers/net/hyperv/rndis_filter.c | 24 +- drivers/net/wireless/mediatek/mt76/dma.c | 1 + drivers/nvme/host/pci.c | 4 +- drivers/phy/renesas/phy-rcar-gen3-usb2.c | 38 ++- drivers/phy/tegra/xusb-tegra186.c | 46 ++-- drivers/phy/tegra/xusb.c | 8 +- drivers/platform/x86/amd/pmc/pmc-quirks.c | 7 + drivers/platform/x86/asus-wmi.c | 3 +- drivers/regulator/max20086-regulator.c | 7 +- drivers/scsi/sd_zbc.c | 6 +- drivers/scsi/storvsc_drv.c | 1 + drivers/spi/spi-loopback-test.c | 2 +- drivers/spi/spi-tegra114.c | 6 +- drivers/usb/gadget/function/f_midi2.c | 2 +- drivers/usb/typec/ucsi/displayport.c | 19 +- drivers/usb/typec/ucsi/ucsi.c | 34 +++ drivers/usb/typec/ucsi/ucsi.h | 2 + fs/binfmt_elf.c | 281 ++++++++++++--------- fs/btrfs/extent-tree.c | 25 +- fs/nfs/nfs4proc.c | 9 +- fs/nfs/pnfs.c | 9 + fs/smb/client/smb2pdu.c | 2 +- fs/udf/truncate.c | 2 +- fs/xattr.c | 24 ++ include/linux/bio.h | 1 + include/linux/hyperv.h | 7 - include/linux/tpm.h | 2 +- include/net/sch_generic.h | 15 ++ include/sound/ump_msg.h | 4 +- kernel/cgroup/cpuset.c | 6 +- kernel/trace/trace_dynevent.c | 16 +- kernel/trace/trace_dynevent.h | 1 + kernel/trace/trace_events_trigger.c | 2 +- kernel/trace/trace_functions.c | 6 +- kernel/trace/trace_kprobe.c | 2 +- kernel/trace/trace_probe.c | 9 + kernel/trace/trace_uprobe.c | 2 +- mm/memblock.c | 9 +- mm/memory_hotplug.c | 6 +- mm/migrate.c | 16 +- mm/page_alloc.c | 27 -- net/bluetooth/mgmt.c | 9 +- net/mac80211/main.c | 6 +- net/mctp/device.c | 65 +++-- net/mctp/route.c | 4 +- net/sched/sch_codel.c | 2 +- net/sched/sch_fq.c | 2 +- net/sched/sch_fq_codel.c | 2 +- net/sched/sch_fq_pie.c | 2 +- net/sched/sch_hhf.c | 2 +- net/sched/sch_pie.c | 2 +- net/sctp/sysctl.c | 4 + net/tls/tls_strp.c | 3 +- samples/ftrace/sample-trace-array.c | 2 +- sound/core/seq/seq_clientmgr.c | 52 ++-- sound/core/seq/seq_ump_convert.c | 18 ++ sound/core/seq/seq_ump_convert.h | 1 + sound/pci/es1968.c | 6 +- sound/sh/Kconfig | 2 +- sound/usb/quirks.c | 4 + tools/net/ynl/ethtool.py | 29 ++- tools/testing/selftests/exec/Makefile | 19 +- tools/testing/selftests/exec/load_address.c | 83 ++++-- tools/testing/selftests/mm/compaction_test.c | 19 +- 118 files changed, 1294 insertions(+), 693 deletions(-)

4 months

10
126
0 0

[PATCH 6.12 000/143] 6.12.30-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.12.30 release. There are 143 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 22 May 2025 12:57:37 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.12.30-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.12.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.12.30-rc1 Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: fix pm notifier handling Dan Carpenter <dan.carpenter(a)linaro.org> phy: tegra: xusb: remove a stray unlock Andrei Kuchynski <akuchynski(a)chromium.org> usb: typec: ucsi: displayport: Fix deadlock Fabio Estevam <festevam(a)denx.de> drm/tiny: panel-mipi-dbi: Use drm_client_setup_with_fourcc() Thomas Zimmermann <tzimmermann(a)suse.de> drm/panel-mipi-dbi: Run DRM default client setup Thomas Zimmermann <tzimmermann(a)suse.de> drm/fbdev-dma: Support struct drm_driver.fbdev_probe Neeraj Sanjay Kale <neeraj.sanjaykale(a)nxp.com> Bluetooth: btnxpuart: Fix kernel panic during FW release Luca Ceresoli <luca.ceresoli(a)bootlin.com> iio: light: opt3001: fix deadlock due to concurrent flag access Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Fix fw log printing Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Refactor functions in ivpu_fw_log.c Tomasz Rusinowicz <tomasz.rusinowicz(a)intel.com> accel/ivpu: Reset fw log on cold boot Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Rename ivpu_log_level to fw_log_level Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> mm/page_alloc: fix race condition in unaccepted memory handling Daniele Ceraolo Spurio <daniele.ceraolospurio(a)intel.com> drm/xe/gsc: do not flush the GSC worker from the reset path Ritvik Budhiraja <rbudhiraja(a)microsoft.com> CIFS: New mount option for cifs.upcall namespace resolution Shuai Xue <xueshuai(a)linux.alibaba.com> dmaengine: idxd: Refactor remove call with idxd_cleanup() helper Shuai Xue <xueshuai(a)linux.alibaba.com> dmaengine: idxd: fix memory leak in error handling path of idxd_pci_probe Shuai Xue <xueshuai(a)linux.alibaba.com> dmaengine: idxd: fix memory leak in error handling path of idxd_alloc Shuai Xue <xueshuai(a)linux.alibaba.com> dmaengine: idxd: Add missing idxd cleanup to fix memory leak in remove call Shuai Xue <xueshuai(a)linux.alibaba.com> dmaengine: idxd: Add missing cleanups in cleanup internals Shuai Xue <xueshuai(a)linux.alibaba.com> dmaengine: idxd: Add missing cleanup for early error out in idxd_setup_internals Shuai Xue <xueshuai(a)linux.alibaba.com> dmaengine: idxd: fix memory leak in error handling path of idxd_setup_groups Shuai Xue <xueshuai(a)linux.alibaba.com> dmaengine: idxd: fix memory leak in error handling path of idxd_setup_engines Shuai Xue <xueshuai(a)linux.alibaba.com> dmaengine: idxd: fix memory leak in error handling path of idxd_setup_wqs Yemike Abhilash Chandra <y-abhilashchandra(a)ti.com> dmaengine: ti: k3-udma: Use cap_mask directly from dma_device structure instead of a local copy Ronald Wahl <ronald.wahl(a)legrand.com> dmaengine: ti: k3-udma: Add missing locking Barry Song <baohua(a)kernel.org> mm: userfaultfd: correct dirty flags set for both present and swap pte Nathan Chancellor <nathan(a)kernel.org> net: qede: Initialize qede_ll_ops with designated initializer Steven Rostedt <rostedt(a)goodmis.org> ring-buffer: Fix persistent buffer when commit page is the reader page Fedor Pchelkin <pchelkin(a)ispras.ru> wifi: mt76: disable napi on driver removal Jarkko Sakkinen <jarkko(a)kernel.org> tpm: Mask TPM RC in tpm2_start_auth_session() Aaron Kling <webgeek1234(a)gmail.com> spi: tegra114: Use value to check for invalid delays Jethro Donaldson <devel(a)jro.nz> smb: client: fix memory leak during error handling for POSIX mkdir Steve Siwinski <ssiwinski(a)atto.com> scsi: sd_zbc: block: Respect bio vector limits for REPORT ZONES buffer Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> phy: renesas: rcar-gen3-usb2: Set timing registers only once Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> phy: renesas: rcar-gen3-usb2: Fix role detection on unbind/bind Ma Ke <make24(a)iscas.ac.cn> phy: Fix error handling in tegra_xusb_port_init Wayne Chang <waynec(a)nvidia.com> phy: tegra: xusb: Use a bitmask for UTMI pad power state tracking Steven Rostedt <rostedt(a)goodmis.org> tracing: samples: Initialize trace_array_printk() with the correct function pengdonglin <pengdonglin(a)xiaomi.com> ftrace: Fix preemption accounting for stacktrace filter command pengdonglin <pengdonglin(a)xiaomi.com> ftrace: Fix preemption accounting for stacktrace trigger command Nathan Chancellor <nathan(a)kernel.org> kbuild: Disable -Wdefault-const-init-unsafe Michael Kelley <mhklinux(a)outlook.com> Drivers: hv: vmbus: Remove vmbus_sendpacket_pagebuffer() Michael Kelley <mhklinux(a)outlook.com> Drivers: hv: Allow vmbus_sendpacket_mpb_desc() to create multiple ranges Dragan Simic <dsimic(a)manjaro.org> arm64: dts: rockchip: Remove overdrive-mode OPPs from RK3588J SoC dtsi Christian Hewitt <christianshewitt(a)gmail.com> arm64: dts: amlogic: dreambox: fix missing clkc_audio node Michael Kelley <mhklinux(a)outlook.com> hv_netvsc: Remove rmsg_pgcnt Michael Kelley <mhklinux(a)outlook.com> hv_netvsc: Preserve contiguous PFN grouping in the page buffer array Michael Kelley <mhklinux(a)outlook.com> hv_netvsc: Use vmbus_sendpacket_mpb_desc() to send VMBus messages Hyejeong Choi <hjeong.choi(a)samsung.com> dma-buf: insert memory barrier before updating num_fences Nicolas Chauvet <kwizart(a)gmail.com> ALSA: usb-audio: Add sample rate quirk for Microdia JP001 USB Camera Christian Heusel <christian(a)heusel.eu> ALSA: usb-audio: Add sample rate quirk for Audioengine D1 Wentao Liang <vulab(a)iscas.ac.cn> ALSA: es1968: Add error handling for snd_pcm_hw_constraint_pow2() Jeremy Linton <jeremy.linton(a)arm.com> ACPI: PPTT: Fix processor subtable walk Emanuele Ghidoli <emanuele.ghidoli(a)toradex.com> gpio: pca953x: fix IRQ storm on system wake up Alexey Makhalov <alexey.makhalov(a)broadcom.com> MAINTAINERS: Update Alexey Makhalov's email address Wayne Lin <Wayne.Lin(a)amd.com> drm/amd/display: Avoid flooding unnecessary info messages Wayne Lin <Wayne.Lin(a)amd.com> drm/amd/display: Correct the reply value when AUX write incomplete Philip Yang <Philip.Yang(a)amd.com> drm/amdgpu: csa unmap use uninterruptible lock Tim Huang <tim.huang(a)amd.com> drm/amdgpu: fix incorrect MALL size for GFX1151 David (Ming Qiang) Wu <David.Wu3(a)amd.com> drm/amdgpu: read back register after written for VCN v4.0.5 Melissa Wen <mwen(a)igalia.com> Revert "drm/amd/display: Hardware cursor changes color when switched to software cursor" Kyoji Ogasawara <sawara04.o(a)gmail.com> btrfs: add back warning for mount option commit values exceeding 300 Boris Burkov <boris(a)bur.io> btrfs: fix folio leak in submit_one_async_extent() Filipe Manana <fdmanana(a)suse.com> btrfs: fix discard worker infinite loop after disabling discard Tiezhu Yang <yangtiezhu(a)loongson.cn> LoongArch: uprobes: Remove redundant code about resume_era Tiezhu Yang <yangtiezhu(a)loongson.cn> LoongArch: uprobes: Remove user_{en,dis}able_single_step() Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Fix MAX_REG_OFFSET calculation Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Save and restore CSR.CNTC for hibernation Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Move __arch_cpu_idle() to .cpuidle.text section Tianyang Zhang <zhangtianyang(a)loongson.cn> LoongArch: Prevent cond_resched() occurring within kernel-fpu Rong Zhang <i(a)rong.moe> HID: bpf: abort dispatch if device destroyed Jan Kara <jack(a)suse.cz> udf: Make sure i_lenExtents is uptodate on inode eviction Tejun Heo <tj(a)kernel.org> sched_ext: bpf_iter_scx_dsq_new() should always initialize iterator Nathan Lynch <nathan.lynch(a)amd.com> dmaengine: Revert "dmaengine: dmatest: Fix dmatest waiting less when interrupted" Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4/pnfs: Reset the layout state after a layoutreturn Gerhard Engleder <gerhard(a)engleder-embedded.com> tsnep: fix timestamping with a stacked DSA driver Pengtao He <hept.hept.hept(a)gmail.com> net/tls: fix kernel panic when alloc_page failed Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_router: Fix use-after-free when deleting GRE net devices Kees Cook <kees(a)kernel.org> wifi: mac80211: Set n_channels after allocating struct cfg80211_scan_request Subbaraya Sundeep <sbhatta(a)marvell.com> octeontx2-pf: Do not reallocate all ntuple filters Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-af: Fix CGX Receive counters Bo-Cun Chen <bc-bocun.chen(a)mediatek.com> net: ethernet: mtk_eth_soc: fix typo for declaration MT7988 ESW capability Subbaraya Sundeep <sbhatta(a)marvell.com> octeontx2-pf: macsec: Fix incorrect max transmit size in TX secy Jakub Kicinski <kuba(a)kernel.org> netlink: specs: tc: all actions are indexed arrays Jakub Kicinski <kuba(a)kernel.org> netlink: specs: tc: fix a couple of attribute names Umesh Nerlige Ramappa <umesh.nerlige.ramappa(a)intel.com> drm/xe: Save CTX_TIMESTAMP mmio value instead of LRC value Cosmin Tanislav <demonsingur(a)gmail.com> regulator: max20086: fix invalid memory access Abdun Nihaal <abdun.nihaal(a)gmail.com> qlcnic: fix memory leak in qlcnic_sriov_channel_cfg_cmd() Carolina Jubran <cjubran(a)nvidia.com> net/mlx5e: Disable MACsec offload for uplink representor profile Konstantin Shkolnyy <kshk(a)linux.ibm.com> vsock/test: Fix occasional failure in SIOCOUTQ tests Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: prevent standalone from trying to forward to other ports Geert Uytterhoeven <geert+renesas(a)glider.be> ALSA: sh: SND_AICA should depend on SH_DMA_API Keith Busch <kbusch(a)kernel.org> nvme-pci: acquire cq_poll_lock in nvme_poll_irqdisable Kees Cook <kees(a)kernel.org> nvme-pci: make nvme_pci_npages_prp() __always_inline Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: sja1105: discard incoming frames in BR_STATE_LISTENING Mathieu Othacehe <m.othacehe(a)gmail.com> net: cadence: macb: Fix a possible deadlock in macb_halt_tx. Takashi Iwai <tiwai(a)suse.de> ALSA: ump: Fix a typo of snd_ump_stream_msg_device_info Takashi Iwai <tiwai(a)suse.de> ALSA: seq: Fix delivery of UMP events to group ports Andrew Jeffery <andrew(a)codeconstruct.com.au> net: mctp: Ensure keys maintain only one ref to corresponding dev Cosmin Ratiu <cratiu(a)nvidia.com> tests/ncdevmem: Fix double-free of queue array Stanislav Fomichev <sdf(a)fomichev.me> selftests: ncdevmem: Switch to AF_INET6 Stanislav Fomichev <sdf(a)fomichev.me> selftests: ncdevmem: Make client_ip optional Stanislav Fomichev <sdf(a)fomichev.me> selftests: ncdevmem: Unify error handling Stanislav Fomichev <sdf(a)fomichev.me> selftests: ncdevmem: Separate out dmabuf provider Stanislav Fomichev <sdf(a)fomichev.me> selftests: ncdevmem: Redirect all non-payload output to stderr Matt Johnston <matt(a)codeconstruct.com.au> net: mctp: Don't access ifa_index when missing Eric Dumazet <edumazet(a)google.com> mctp: no longer rely on net->dev_index_head[] Hangbin Liu <liuhangbin(a)gmail.com> tools/net/ynl: ethtool: fix crash when Hardware Clock info is missing Cong Wang <xiyou.wangcong(a)gmail.com> net_sched: Flush gso_skb list too during ->change() Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: MGMT: Fix MGMT_OP_ADD_DEVICE invalid device flags Zhu Yanjun <yanjun.zhu(a)linux.dev> RDMA/core: Fix "KASAN: slab-use-after-free Read in ib_register_device" problem Geert Uytterhoeven <geert+renesas(a)glider.be> spi: loopback-test: Do not split 1024-byte hexdumps Li Lingfeng <lilingfeng3(a)huawei.com> nfs: handle failure of nfs_get_lock_context in unlock path Henry Martin <bsdhenrymartin(a)gmail.com> HID: uclogic: Add NULL check in uclogic_input_configured() Qasim Ijaz <qasdev00(a)gmail.com> HID: thrustmaster: fix memory leak in thrustmaster_interrupts() Zhu Yanjun <yanjun.zhu(a)linux.dev> RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug Koichiro Den <koichiro.den(a)canonical.com> virtio_net: ensure netdev_tx_reset_queue is called on bind xsk for tx Koichiro Den <koichiro.den(a)canonical.com> virtio_ring: add a func argument 'recycle_done' to virtqueue_reset() David Lechner <dlechner(a)baylibre.com> iio: chemical: sps30: use aligned_s64 for timestamp Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: adc: ad7768-1: Fix insufficient alignment of timestamp. Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: Avoid event polling busyloop if pending rx transfers are inactive. Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: Improve performance by removing delay in transfer event polling. Alex Deucher <alexander.deucher(a)amd.com> Revert "drm/amd: Stop evicting resources on APUs in suspend" Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Add Suspend/Hibernate notification callback support David Lechner <dlechner(a)baylibre.com> iio: pressure: mprls0025pa: use aligned_s64 for timestamp David Lechner <dlechner(a)baylibre.com> iio: chemical: pms7003: use aligned_s64 for timestamp Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: adc: ad7266: Fix potential timestamp alignment issue. Sean Christopherson <seanjc(a)google.com> KVM: x86/mmu: Prevent installing hugepages when mem attributes are changing Isaku Yamahata <isaku.yamahata(a)intel.com> KVM: Add member to struct kvm_gfn_range to indicate private/shared Naman Jain <namjain(a)linux.microsoft.com> uio_hv_generic: Fix sysfs creation path for ring buffer Michal Suchanek <msuchanek(a)suse.de> tpm: tis: Double the timeout B to 4s Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing: probes: Fix a possible race in trace_probe_log APIs Waiman Long <longman(a)redhat.com> cgroup/cpuset: Extend kthread_is_per_cpu() check to all PF_NO_SETAFFINITY tasks Himanshu Bhavani <himanshu.bhavani(a)siliconsignals.io> arm64: dts: imx8mp-var-som: Fix LDO5 shutdown causing SD card timeout Hans de Goede <hdegoede(a)redhat.com> platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection Runhua He <hua(a)aosc.io> platform/x86/amd/pmc: Declare quirk_spurious_8042 for MECHREVO Wujie 14XA (GX4HRXL) Kees Cook <kees(a)kernel.org> binfmt_elf: Move brk for static PIE even if ASLR disabled Ze Huang <huangze(a)whut.edu.cn> riscv: dts: sophgo: fix DMA data-width configuration for CV18xx Mario Limonciello <mario.limonciello(a)amd.com> drivers/platform/x86/amd: pmf: Check for invalid Smart PC Policies Mario Limonciello <mario.limonciello(a)amd.com> drivers/platform/x86/amd: pmf: Check for invalid sideloaded Smart PC Policies Stephen Smalley <stephen.smalley.work(a)gmail.com> fs/xattr.c: fix simple_xattr_list to always include security.* xattrs Tom Vincent <linux(a)tlvince.com> arm64: dts: rockchip: Assign RT5616 MCLK rate on rk3588-friendlyelec-cm3588 ------------- Diffstat: Documentation/netlink/specs/tc.yaml | 10 +- MAINTAINERS | 6 +- Makefile | 4 +- .../boot/dts/amlogic/meson-g12b-dreambox.dtsi | 4 + arch/arm64/boot/dts/freescale/imx8mp-var-som.dtsi | 12 +- .../dts/rockchip/rk3588-friendlyelec-cm3588.dtsi | 4 + arch/arm64/boot/dts/rockchip/rk3588j.dtsi | 53 +-- arch/loongarch/include/asm/ptrace.h | 2 +- arch/loongarch/include/asm/uprobes.h | 1 - arch/loongarch/kernel/genex.S | 7 +- arch/loongarch/kernel/kfpu.c | 22 +- arch/loongarch/kernel/time.c | 2 +- arch/loongarch/kernel/uprobes.c | 11 +- arch/loongarch/power/hibernate.c | 3 + arch/riscv/boot/dts/sophgo/cv18xx.dtsi | 2 +- arch/x86/kvm/mmu/mmu.c | 83 ++++- block/bio.c | 2 +- drivers/accel/ivpu/ivpu_debugfs.c | 2 +- drivers/accel/ivpu/ivpu_fw.c | 4 +- drivers/accel/ivpu/ivpu_fw_log.c | 119 +++--- drivers/accel/ivpu/ivpu_fw_log.h | 9 +- drivers/accel/ivpu/ivpu_pm.c | 1 + drivers/acpi/pptt.c | 11 +- drivers/bluetooth/btnxpuart.c | 6 +- drivers/char/tpm/tpm2-sessions.c | 20 +- drivers/char/tpm/tpm_tis_core.h | 2 +- drivers/dma-buf/dma-resv.c | 5 +- drivers/dma/dmatest.c | 6 +- drivers/dma/idxd/init.c | 159 +++++--- drivers/dma/ti/k3-udma.c | 10 +- drivers/gpio/gpio-pca953x.c | 6 + drivers/gpu/drm/amd/amdgpu/amdgpu.h | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c | 18 - drivers/gpu/drm/amd/amdgpu/amdgpu_csa.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 47 ++- drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 11 +- drivers/gpu/drm/amd/amdgpu/gmc_v11_0.c | 12 + drivers/gpu/drm/amd/amdgpu/vcn_v4_0_5.c | 8 + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 3 +- .../amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 16 +- .../drm/amd/display/dc/dpp/dcn401/dcn401_dpp_cm.c | 5 +- drivers/gpu/drm/drm_fbdev_dma.c | 60 +-- drivers/gpu/drm/tiny/Kconfig | 1 + drivers/gpu/drm/tiny/panel-mipi-dbi.c | 7 +- drivers/gpu/drm/xe/instructions/xe_mi_commands.h | 4 + drivers/gpu/drm/xe/xe_gsc.c | 22 ++ drivers/gpu/drm/xe/xe_gsc.h | 1 + drivers/gpu/drm/xe/xe_gsc_proxy.c | 11 + drivers/gpu/drm/xe/xe_gsc_proxy.h | 1 + drivers/gpu/drm/xe/xe_gt.c | 2 +- drivers/gpu/drm/xe/xe_lrc.c | 2 +- drivers/gpu/drm/xe/xe_ring_ops.c | 7 +- drivers/gpu/drm/xe/xe_uc.c | 8 +- drivers/gpu/drm/xe/xe_uc.h | 1 + drivers/hid/bpf/hid_bpf_dispatch.c | 9 + drivers/hid/hid-thrustmaster.c | 1 + drivers/hid/hid-uclogic-core.c | 7 +- drivers/hv/channel.c | 65 +--- drivers/hv/hyperv_vmbus.h | 6 + drivers/hv/vmbus_drv.c | 100 ++++- drivers/iio/adc/ad7266.c | 2 +- drivers/iio/adc/ad7768-1.c | 2 +- drivers/iio/chemical/pms7003.c | 5 +- drivers/iio/chemical/sps30.c | 2 +- drivers/iio/light/opt3001.c | 5 +- drivers/iio/pressure/mprls0025pa.h | 17 +- drivers/infiniband/core/device.c | 6 +- drivers/infiniband/sw/rxe/rxe_cq.c | 5 +- drivers/net/dsa/b53/b53_common.c | 33 ++ drivers/net/dsa/b53/b53_regs.h | 14 + drivers/net/dsa/sja1105/sja1105_main.c | 6 +- drivers/net/ethernet/cadence/macb_main.c | 19 +- drivers/net/ethernet/engleder/tsnep_main.c | 30 +- drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 5 + .../ethernet/marvell/octeontx2/nic/cn10k_macsec.c | 3 +- .../ethernet/marvell/octeontx2/nic/otx2_common.h | 1 + .../ethernet/marvell/octeontx2/nic/otx2_devlink.c | 1 + .../ethernet/marvell/octeontx2/nic/otx2_flows.c | 3 +- drivers/net/ethernet/mediatek/mtk_eth_soc.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 4 + .../net/ethernet/mellanox/mlxsw/spectrum_router.c | 3 + drivers/net/ethernet/qlogic/qede/qede_main.c | 2 +- .../ethernet/qlogic/qlcnic/qlcnic_sriov_common.c | 7 +- drivers/net/hyperv/hyperv_net.h | 13 +- drivers/net/hyperv/netvsc.c | 57 ++- drivers/net/hyperv/netvsc_drv.c | 62 +--- drivers/net/hyperv/rndis_filter.c | 24 +- drivers/net/virtio_net.c | 5 +- drivers/net/wireless/mediatek/mt76/dma.c | 1 + drivers/nvme/host/pci.c | 4 +- drivers/phy/renesas/phy-rcar-gen3-usb2.c | 38 +- drivers/phy/tegra/xusb-tegra186.c | 46 ++- drivers/phy/tegra/xusb.c | 8 +- drivers/platform/x86/amd/pmc/pmc-quirks.c | 7 + drivers/platform/x86/amd/pmf/tee-if.c | 23 +- drivers/platform/x86/asus-wmi.c | 3 +- drivers/regulator/max20086-regulator.c | 7 +- drivers/scsi/sd_zbc.c | 6 +- drivers/scsi/storvsc_drv.c | 1 + drivers/spi/spi-loopback-test.c | 2 +- drivers/spi/spi-tegra114.c | 6 +- drivers/uio/uio_hv_generic.c | 39 +- drivers/usb/gadget/function/f_midi2.c | 2 +- drivers/usb/host/xhci-dbgcap.c | 21 +- drivers/usb/host/xhci-dbgcap.h | 3 + drivers/usb/typec/ucsi/displayport.c | 19 +- drivers/usb/typec/ucsi/ucsi.c | 34 ++ drivers/usb/typec/ucsi/ucsi.h | 2 + drivers/virtio/virtio_ring.c | 6 +- fs/binfmt_elf.c | 71 ++-- fs/btrfs/discard.c | 17 +- fs/btrfs/fs.h | 1 + fs/btrfs/inode.c | 7 + fs/btrfs/super.c | 4 + fs/nfs/nfs4proc.c | 9 +- fs/nfs/pnfs.c | 9 + fs/smb/client/cifs_spnego.c | 16 + fs/smb/client/cifsfs.c | 25 ++ fs/smb/client/cifsglob.h | 7 + fs/smb/client/connect.c | 20 + fs/smb/client/fs_context.c | 39 ++ fs/smb/client/fs_context.h | 10 + fs/smb/client/smb2pdu.c | 2 +- fs/udf/truncate.c | 2 +- fs/xattr.c | 24 ++ include/drm/drm_fbdev_dma.h | 12 + include/linux/bio.h | 1 + include/linux/hyperv.h | 13 +- include/linux/kvm_host.h | 6 + include/linux/tpm.h | 21 +- include/linux/virtio.h | 3 +- include/net/sch_generic.h | 15 + include/sound/ump_msg.h | 4 +- kernel/cgroup/cpuset.c | 6 +- kernel/sched/ext.c | 6 + kernel/trace/ring_buffer.c | 8 +- kernel/trace/trace_dynevent.c | 16 +- kernel/trace/trace_dynevent.h | 1 + kernel/trace/trace_events_trigger.c | 2 +- kernel/trace/trace_functions.c | 6 +- kernel/trace/trace_kprobe.c | 2 +- kernel/trace/trace_probe.c | 9 + kernel/trace/trace_uprobe.c | 2 +- mm/page_alloc.c | 23 -- mm/userfaultfd.c | 12 +- net/bluetooth/mgmt.c | 9 +- net/mac80211/main.c | 6 +- net/mctp/device.c | 65 ++-- net/mctp/route.c | 4 +- net/sched/sch_codel.c | 2 +- net/sched/sch_fq.c | 2 +- net/sched/sch_fq_codel.c | 2 +- net/sched/sch_fq_pie.c | 2 +- net/sched/sch_hhf.c | 2 +- net/sched/sch_pie.c | 2 +- net/tls/tls_strp.c | 3 +- samples/ftrace/sample-trace-array.c | 2 +- scripts/Makefile.extrawarn | 12 + sound/core/seq/seq_clientmgr.c | 52 ++- sound/core/seq/seq_ump_convert.c | 18 + sound/core/seq/seq_ump_convert.h | 1 + sound/pci/es1968.c | 6 +- sound/sh/Kconfig | 2 +- sound/usb/quirks.c | 4 + tools/net/ynl/ethtool.py | 22 +- tools/testing/selftests/net/ncdevmem.c | 404 ++++++++++++--------- tools/testing/vsock/vsock_test.c | 28 +- virt/kvm/guest_memfd.c | 2 + virt/kvm/kvm_main.c | 14 + 169 files changed, 1823 insertions(+), 918 deletions(-)

4 months

13
155
0 0

[PATCH 6.14 000/145] 6.14.8-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.14.8 release. There are 145 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 22 May 2025 12:57:37 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.14.8-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.14.8-rc1 Dan Carpenter <dan.carpenter(a)linaro.org> phy: tegra: xusb: remove a stray unlock Tiezhu Yang <yangtiezhu(a)loongson.cn> perf tools: Fix build error for LoongArch Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> mm/page_alloc: fix race condition in unaccepted memory handling Daniele Ceraolo Spurio <daniele.ceraolospurio(a)intel.com> drm/xe/gsc: do not flush the GSC worker from the reset path Maciej Falkowski <maciej.falkowski(a)linux.intel.com> accel/ivpu: Flush pending jobs of device's workqueues Karol Wachowski <karol.wachowski(a)intel.com> accel/ivpu: Fix missing MMU events if file_priv is unbound Karol Wachowski <karol.wachowski(a)intel.com> accel/ivpu: Fix missing MMU events from reserved SSID Karol Wachowski <karol.wachowski(a)intel.com> accel/ivpu: Move parts of MMU event IRQ handling to thread handler Karol Wachowski <karol.wachowski(a)intel.com> accel/ivpu: Dump only first MMU fault from single context Maciej Falkowski <maciej.falkowski(a)linux.intel.com> accel/ivpu: Use workqueue for IRQ handling Shuai Xue <xueshuai(a)linux.alibaba.com> dmaengine: idxd: Refactor remove call with idxd_cleanup() helper Shuai Xue <xueshuai(a)linux.alibaba.com> dmaengine: idxd: fix memory leak in error handling path of idxd_pci_probe Shuai Xue <xueshuai(a)linux.alibaba.com> dmaengine: idxd: fix memory leak in error handling path of idxd_alloc Shuai Xue <xueshuai(a)linux.alibaba.com> dmaengine: idxd: Add missing idxd cleanup to fix memory leak in remove call Shuai Xue <xueshuai(a)linux.alibaba.com> dmaengine: idxd: Add missing cleanups in cleanup internals Shuai Xue <xueshuai(a)linux.alibaba.com> dmaengine: idxd: Add missing cleanup for early error out in idxd_setup_internals Shuai Xue <xueshuai(a)linux.alibaba.com> dmaengine: idxd: fix memory leak in error handling path of idxd_setup_groups Shuai Xue <xueshuai(a)linux.alibaba.com> dmaengine: idxd: fix memory leak in error handling path of idxd_setup_engines Shuai Xue <xueshuai(a)linux.alibaba.com> dmaengine: idxd: fix memory leak in error handling path of idxd_setup_wqs Yemike Abhilash Chandra <y-abhilashchandra(a)ti.com> dmaengine: ti: k3-udma: Use cap_mask directly from dma_device structure instead of a local copy Ronald Wahl <ronald.wahl(a)legrand.com> dmaengine: ti: k3-udma: Add missing locking Barry Song <baohua(a)kernel.org> mm: userfaultfd: correct dirty flags set for both present and swap pte Wupeng Ma <mawupeng1(a)huawei.com> mm: hugetlb: fix incorrect fallback for subpool hexue <xue01.he(a)samsung.com> io_uring/uring_cmd: fix hybrid polling initialization issue Jens Axboe <axboe(a)kernel.dk> io_uring/memmap: don't use page_address() on a highmem page Nathan Chancellor <nathan(a)kernel.org> net: qede: Initialize qede_ll_ops with designated initializer Steven Rostedt <rostedt(a)goodmis.org> ring-buffer: Fix persistent buffer when commit page is the reader page Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: fix missing hdr_trans_tlv command for broadcast wtbl Fedor Pchelkin <pchelkin(a)ispras.ru> wifi: mt76: disable napi on driver removal Jarkko Sakkinen <jarkko(a)kernel.org> tpm: Mask TPM RC in tpm2_start_auth_session() Aaron Kling <webgeek1234(a)gmail.com> spi: tegra114: Use value to check for invalid delays Jethro Donaldson <devel(a)jro.nz> smb: client: fix memory leak during error handling for POSIX mkdir Steve Siwinski <ssiwinski(a)atto.com> scsi: sd_zbc: block: Respect bio vector limits for REPORT ZONES buffer Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> phy: renesas: rcar-gen3-usb2: Set timing registers only once Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> phy: renesas: rcar-gen3-usb2: Fix role detection on unbind/bind Oleksij Rempel <o.rempel(a)pengutronix.de> net: phy: micrel: remove KSZ9477 EEE quirks now handled by phylink Oleksij Rempel <o.rempel(a)pengutronix.de> net: dsa: microchip: let phylink manage PHY EEE configuration on KSZ switches Ma Ke <make24(a)iscas.ac.cn> phy: Fix error handling in tegra_xusb_port_init Wayne Chang <waynec(a)nvidia.com> phy: tegra: xusb: Use a bitmask for UTMI pad power state tracking Steven Rostedt <rostedt(a)goodmis.org> tracing: samples: Initialize trace_array_printk() with the correct function Ashish Kalra <ashish.kalra(a)amd.com> x86/sev: Make sure pages are not skipped during kdump Ashish Kalra <ashish.kalra(a)amd.com> x86/sev: Do not touch VMSA pages during SNP guest memory kdump pengdonglin <pengdonglin(a)xiaomi.com> ftrace: Fix preemption accounting for stacktrace filter command pengdonglin <pengdonglin(a)xiaomi.com> ftrace: Fix preemption accounting for stacktrace trigger command Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> i2c: designware: Fix an error handling path in i2c_dw_pci_probe() Nathan Chancellor <nathan(a)kernel.org> kbuild: Disable -Wdefault-const-init-unsafe Michael Kelley <mhklinux(a)outlook.com> Drivers: hv: vmbus: Remove vmbus_sendpacket_pagebuffer() Michael Kelley <mhklinux(a)outlook.com> Drivers: hv: Allow vmbus_sendpacket_mpb_desc() to create multiple ranges Michael Kelley <mhklinux(a)outlook.com> hv_netvsc: Remove rmsg_pgcnt Michael Kelley <mhklinux(a)outlook.com> hv_netvsc: Preserve contiguous PFN grouping in the page buffer array Michael Kelley <mhklinux(a)outlook.com> hv_netvsc: Use vmbus_sendpacket_mpb_desc() to send VMBus messages Dragan Simic <dsimic(a)manjaro.org> arm64: dts: rockchip: Remove overdrive-mode OPPs from RK3588J SoC dtsi Sam Edwards <cfsworks(a)gmail.com> arm64: dts: rockchip: Allow Turing RK1 cooling fan to spin down Christian Hewitt <christianshewitt(a)gmail.com> arm64: dts: amlogic: dreambox: fix missing clkc_audio node Hyejeong Choi <hjeong.choi(a)samsung.com> dma-buf: insert memory barrier before updating num_fences Nicolas Chauvet <kwizart(a)gmail.com> ALSA: usb-audio: Add sample rate quirk for Microdia JP001 USB Camera Christian Heusel <christian(a)heusel.eu> ALSA: usb-audio: Add sample rate quirk for Audioengine D1 Wentao Liang <vulab(a)iscas.ac.cn> ALSA: es1968: Add error handling for snd_pcm_hw_constraint_pow2() Jeremy Linton <jeremy.linton(a)arm.com> ACPI: PPTT: Fix processor subtable walk Emanuele Ghidoli <emanuele.ghidoli(a)toradex.com> gpio: pca953x: fix IRQ storm on system wake up Alexey Makhalov <alexey.makhalov(a)broadcom.com> MAINTAINERS: Update Alexey Makhalov's email address Wayne Lin <Wayne.Lin(a)amd.com> drm/amd/display: Avoid flooding unnecessary info messages Wayne Lin <Wayne.Lin(a)amd.com> drm/amd/display: Correct the reply value when AUX write incomplete Philip Yang <Philip.Yang(a)amd.com> drm/amdgpu: csa unmap use uninterruptible lock Tim Huang <tim.huang(a)amd.com> drm/amdgpu: fix incorrect MALL size for GFX1151 David (Ming Qiang) Wu <David.Wu3(a)amd.com> drm/amdgpu: read back register after written for VCN v4.0.5 Fabio Estevam <festevam(a)denx.de> drm/tiny: panel-mipi-dbi: Use drm_client_setup_with_fourcc() Melissa Wen <mwen(a)igalia.com> Revert "drm/amd/display: Hardware cursor changes color when switched to software cursor" Kyoji Ogasawara <sawara04.o(a)gmail.com> btrfs: add back warning for mount option commit values exceeding 300 Boris Burkov <boris(a)bur.io> btrfs: fix folio leak in submit_one_async_extent() Filipe Manana <fdmanana(a)suse.com> btrfs: fix discard worker infinite loop after disabling discard Tiezhu Yang <yangtiezhu(a)loongson.cn> LoongArch: uprobes: Remove redundant code about resume_era Tiezhu Yang <yangtiezhu(a)loongson.cn> LoongArch: uprobes: Remove user_{en,dis}able_single_step() Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Fix MAX_REG_OFFSET calculation Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Save and restore CSR.CNTC for hibernation Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Move __arch_cpu_idle() to .cpuidle.text section Tianyang Zhang <zhangtianyang(a)loongson.cn> LoongArch: Prevent cond_resched() occurring within kernel-fpu Mario Limonciello <mario.limonciello(a)amd.com> HID: amd_sfh: Fix SRA sensor when it's the only sensor Rong Zhang <i(a)rong.moe> HID: bpf: abort dispatch if device destroyed Max Kellermann <max.kellermann(a)ionos.com> fs/eventpoll: fix endless busy loop after timeout has expired Jan Kara <jack(a)suse.cz> udf: Make sure i_lenExtents is uptodate on inode eviction Tejun Heo <tj(a)kernel.org> sched_ext: bpf_iter_scx_dsq_new() should always initialize iterator Thomas Weißschuh <linux(a)weissschuh.net> Revert "kbuild, rust: use -fremap-path-prefix to make paths relative" Nathan Lynch <nathan.lynch(a)amd.com> dmaengine: Revert "dmaengine: dmatest: Fix dmatest waiting less when interrupted" Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4/pnfs: Reset the layout state after a layoutreturn Ming Lei <ming.lei(a)redhat.com> ublk: fix dead loop when canceling io command Gerhard Engleder <gerhard(a)engleder-embedded.com> tsnep: fix timestamping with a stacked DSA driver Pengtao He <hept.hept.hept(a)gmail.com> net/tls: fix kernel panic when alloc_page failed Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_router: Fix use-after-free when deleting GRE net devices Kees Cook <kees(a)kernel.org> wifi: mac80211: Set n_channels after allocating struct cfg80211_scan_request Subbaraya Sundeep <sbhatta(a)marvell.com> octeontx2-pf: Do not reallocate all ntuple filters Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-af: Fix CGX Receive counters Bo-Cun Chen <bc-bocun.chen(a)mediatek.com> net: ethernet: mtk_eth_soc: fix typo for declaration MT7988 ESW capability Subbaraya Sundeep <sbhatta(a)marvell.com> octeontx2-pf: macsec: Fix incorrect max transmit size in TX secy Jakub Kicinski <kuba(a)kernel.org> netlink: specs: tc: all actions are indexed arrays Jakub Kicinski <kuba(a)kernel.org> netlink: specs: tc: fix a couple of attribute names Umesh Nerlige Ramappa <umesh.nerlige.ramappa(a)intel.com> drm/xe: Save CTX_TIMESTAMP mmio value instead of LRC value Jens Axboe <axboe(a)kernel.dk> io_uring/fdinfo: grab ctx->uring_lock around io_uring_show_fdinfo() Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-pf: Fix ethtool support for SDP representors Cosmin Tanislav <demonsingur(a)gmail.com> regulator: max20086: fix invalid memory access Abdun Nihaal <abdun.nihaal(a)gmail.com> qlcnic: fix memory leak in qlcnic_sriov_channel_cfg_cmd() Carolina Jubran <cjubran(a)nvidia.com> net/mlx5e: Disable MACsec offload for uplink representor profile Konstantin Shkolnyy <kshk(a)linux.ibm.com> vsock/test: Fix occasional failure in SIOCOUTQ tests Melissa Wen <mwen(a)igalia.com> drm/amd/display: Fix null check of pipe_ctx->plane_state for update_dchubp_dpp Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: prevent standalone from trying to forward to other ports Geert Uytterhoeven <geert+renesas(a)glider.be> ALSA: sh: SND_AICA should depend on SH_DMA_API Keith Busch <kbusch(a)kernel.org> nvme-pci: acquire cq_poll_lock in nvme_poll_irqdisable Kees Cook <kees(a)kernel.org> nvme-pci: make nvme_pci_npages_prp() __always_inline Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: sja1105: discard incoming frames in BR_STATE_LISTENING Mathieu Othacehe <othacehe(a)gnu.org> net: cadence: macb: Fix a possible deadlock in macb_halt_tx. Takashi Iwai <tiwai(a)suse.de> ALSA: ump: Fix a typo of snd_ump_stream_msg_device_info Takashi Iwai <tiwai(a)suse.de> ALSA: seq: Fix delivery of UMP events to group ports Andrew Jeffery <andrew(a)codeconstruct.com.au> net: mctp: Ensure keys maintain only one ref to corresponding dev Cosmin Ratiu <cratiu(a)nvidia.com> tests/ncdevmem: Fix double-free of queue array Matt Johnston <matt(a)codeconstruct.com.au> net: mctp: Don't access ifa_index when missing Hangbin Liu <liuhangbin(a)gmail.com> tools/net/ynl: ethtool: fix crash when Hardware Clock info is missing I Hsin Cheng <richard120310(a)gmail.com> drm/meson: Use 1000ULL when operating with mode->clock Cong Wang <xiyou.wangcong(a)gmail.com> net_sched: Flush gso_skb list too during ->change() Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: MGMT: Fix MGMT_OP_ADD_DEVICE invalid device flags Zhu Yanjun <yanjun.zhu(a)linux.dev> RDMA/core: Fix "KASAN: slab-use-after-free Read in ib_register_device" problem Geert Uytterhoeven <geert+renesas(a)glider.be> spi: loopback-test: Do not split 1024-byte hexdumps Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS/localio: Fix a race in nfs_local_open_fh() Li Lingfeng <lilingfeng3(a)huawei.com> nfs: handle failure of nfs_get_lock_context in unlock path Henry Martin <bsdhenrymartin(a)gmail.com> HID: uclogic: Add NULL check in uclogic_input_configured() Qasim Ijaz <qasdev00(a)gmail.com> HID: thrustmaster: fix memory leak in thrustmaster_interrupts() Zhu Yanjun <yanjun.zhu(a)linux.dev> RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug David Lechner <dlechner(a)baylibre.com> iio: adc: ad7606: check for NULL before calling sw_mode_config() Guillaume Stols <gstols(a)baylibre.com> iio: adc: ad7606: move software functions into common file Guillaume Stols <gstols(a)baylibre.com> iio: adc: ad7606: move the software mode configuration Michal Suchanek <msuchanek(a)suse.de> tpm: tis: Double the timeout B to 4s Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing: probes: Fix a possible race in trace_probe_log APIs Breno Leitao <leitao(a)debian.org> tracing: fprobe: Fix RCU warning message in list traversal Waiman Long <longman(a)redhat.com> cgroup/cpuset: Extend kthread_is_per_cpu() check to all PF_NO_SETAFFINITY tasks Himanshu Bhavani <himanshu.bhavani(a)siliconsignals.io> arm64: dts: imx8mp-var-som: Fix LDO5 shutdown causing SD card timeout Hans de Goede <hdegoede(a)redhat.com> platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection Runhua He <hua(a)aosc.io> platform/x86/amd/pmc: Declare quirk_spurious_8042 for MECHREVO Wujie 14XA (GX4HRXL) Kees Cook <kees(a)kernel.org> binfmt_elf: Move brk for static PIE even if ASLR disabled Ze Huang <huangze(a)whut.edu.cn> riscv: dts: sophgo: fix DMA data-width configuration for CV18xx Nicolas Frattaroli <nicolas.frattaroli(a)collabora.com> arm64: dts: rockchip: fix Sige5 RTC interrupt pin Suma Hegde <suma.hegde(a)amd.com> platform/x86/amd/hsmp: Make amd_hsmp and hsmp_acpi as mutually exclusive drivers Yazen Ghannam <yazen.ghannam(a)amd.com> x86/amd_node, platform/x86/amd/hsmp: Have HSMP use SMN through AMD_NODE Mario Limonciello <mario.limonciello(a)amd.com> drivers/platform/x86/amd: pmf: Check for invalid Smart PC Policies Mario Limonciello <mario.limonciello(a)amd.com> drivers/platform/x86/amd: pmf: Check for invalid sideloaded Smart PC Policies Stephen Smalley <stephen.smalley.work(a)gmail.com> fs/xattr.c: fix simple_xattr_list to always include security.* xattrs Tom Vincent <linux(a)tlvince.com> arm64: dts: rockchip: Assign RT5616 MCLK rate on rk3588-friendlyelec-cm3588 ------------- Diffstat: Documentation/netlink/specs/tc.yaml | 10 +- MAINTAINERS | 6 +- Makefile | 5 +- .../boot/dts/amlogic/meson-g12b-dreambox.dtsi | 4 + arch/arm64/boot/dts/freescale/imx8mp-var-som.dtsi | 12 +- .../boot/dts/rockchip/rk3576-armsom-sige5.dts | 2 +- .../dts/rockchip/rk3588-friendlyelec-cm3588.dtsi | 4 + .../arm64/boot/dts/rockchip/rk3588-turing-rk1.dtsi | 2 + arch/arm64/boot/dts/rockchip/rk3588j.dtsi | 53 ++--- arch/loongarch/include/asm/ptrace.h | 2 +- arch/loongarch/include/asm/uprobes.h | 1 - arch/loongarch/kernel/genex.S | 7 +- arch/loongarch/kernel/kfpu.c | 22 +- arch/loongarch/kernel/time.c | 2 +- arch/loongarch/kernel/uprobes.c | 11 +- arch/loongarch/power/hibernate.c | 3 + arch/riscv/boot/dts/sophgo/cv18xx.dtsi | 2 +- arch/x86/coco/sev/core.c | 255 +++++++++++++-------- arch/x86/include/asm/amd_nb.h | 1 - arch/x86/include/asm/amd_node.h | 13 ++ arch/x86/kernel/amd_nb.c | 1 - arch/x86/kernel/amd_node.c | 9 + block/bio.c | 2 +- drivers/accel/ivpu/ivpu_drv.c | 39 +--- drivers/accel/ivpu/ivpu_drv.h | 5 +- drivers/accel/ivpu/ivpu_hw.c | 5 - drivers/accel/ivpu/ivpu_hw.h | 9 - drivers/accel/ivpu/ivpu_hw_btrs.c | 3 +- drivers/accel/ivpu/ivpu_ipc.c | 7 +- drivers/accel/ivpu/ivpu_ipc.h | 2 +- drivers/accel/ivpu/ivpu_job.c | 15 +- drivers/accel/ivpu/ivpu_job.h | 2 +- drivers/accel/ivpu/ivpu_mmu.c | 109 +++++++-- drivers/accel/ivpu/ivpu_mmu.h | 2 + drivers/accel/ivpu/ivpu_mmu_context.c | 13 -- drivers/accel/ivpu/ivpu_mmu_context.h | 2 - drivers/accel/ivpu/ivpu_pm.c | 3 +- drivers/accel/ivpu/ivpu_pm.h | 2 +- drivers/acpi/pptt.c | 11 +- drivers/block/ublk_drv.c | 2 +- drivers/char/tpm/tpm2-sessions.c | 20 +- drivers/char/tpm/tpm_tis_core.h | 2 +- drivers/dma-buf/dma-resv.c | 5 +- drivers/dma/dmatest.c | 6 +- drivers/dma/idxd/init.c | 159 +++++++++---- drivers/dma/ti/k3-udma.c | 10 +- drivers/gpio/gpio-pca953x.c | 6 + drivers/gpu/drm/amd/amdgpu/amdgpu_csa.c | 2 +- drivers/gpu/drm/amd/amdgpu/gmc_v11_0.c | 12 + drivers/gpu/drm/amd/amdgpu/vcn_v4_0_5.c | 8 + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 3 +- .../amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 16 +- .../drm/amd/display/dc/dpp/dcn401/dcn401_dpp_cm.c | 5 +- .../drm/amd/display/dc/hwss/dcn401/dcn401_hwseq.c | 6 +- drivers/gpu/drm/meson/meson_encoder_hdmi.c | 4 +- drivers/gpu/drm/tiny/panel-mipi-dbi.c | 5 +- drivers/gpu/drm/xe/instructions/xe_mi_commands.h | 4 + drivers/gpu/drm/xe/xe_gsc.c | 22 ++ drivers/gpu/drm/xe/xe_gsc.h | 1 + drivers/gpu/drm/xe/xe_gsc_proxy.c | 11 + drivers/gpu/drm/xe/xe_gsc_proxy.h | 1 + drivers/gpu/drm/xe/xe_gt.c | 2 +- drivers/gpu/drm/xe/xe_lrc.c | 2 +- drivers/gpu/drm/xe/xe_ring_ops.c | 7 +- drivers/gpu/drm/xe/xe_uc.c | 8 +- drivers/gpu/drm/xe/xe_uc.h | 1 + drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_init.c | 7 +- drivers/hid/bpf/hid_bpf_dispatch.c | 9 + drivers/hid/hid-thrustmaster.c | 1 + drivers/hid/hid-uclogic-core.c | 7 +- drivers/hv/channel.c | 65 +----- drivers/i2c/busses/i2c-designware-pcidrv.c | 4 +- drivers/iio/adc/ad7606.c | 154 +++++++++++-- drivers/iio/adc/ad7606.h | 37 ++- drivers/iio/adc/ad7606_spi.c | 137 +---------- drivers/infiniband/core/device.c | 6 +- drivers/infiniband/sw/rxe/rxe_cq.c | 5 +- drivers/net/dsa/b53/b53_common.c | 33 +++ drivers/net/dsa/b53/b53_regs.h | 14 ++ drivers/net/dsa/microchip/ksz_common.c | 137 ++++++++--- drivers/net/dsa/sja1105/sja1105_main.c | 6 +- drivers/net/ethernet/cadence/macb_main.c | 19 +- drivers/net/ethernet/engleder/tsnep_main.c | 30 ++- drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 5 + .../ethernet/marvell/octeontx2/nic/cn10k_macsec.c | 3 +- .../ethernet/marvell/octeontx2/nic/otx2_common.h | 1 + .../ethernet/marvell/octeontx2/nic/otx2_devlink.c | 1 + .../ethernet/marvell/octeontx2/nic/otx2_ethtool.c | 10 +- .../ethernet/marvell/octeontx2/nic/otx2_flows.c | 3 +- drivers/net/ethernet/mediatek/mtk_eth_soc.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 4 + .../net/ethernet/mellanox/mlxsw/spectrum_router.c | 3 + drivers/net/ethernet/qlogic/qede/qede_main.c | 2 +- .../ethernet/qlogic/qlcnic/qlcnic_sriov_common.c | 7 +- drivers/net/hyperv/hyperv_net.h | 13 +- drivers/net/hyperv/netvsc.c | 57 ++++- drivers/net/hyperv/netvsc_drv.c | 62 ++--- drivers/net/hyperv/rndis_filter.c | 24 +- drivers/net/phy/micrel.c | 7 - drivers/net/wireless/mediatek/mt76/dma.c | 1 + drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 4 +- drivers/nvme/host/pci.c | 4 +- drivers/phy/renesas/phy-rcar-gen3-usb2.c | 38 ++- drivers/phy/tegra/xusb-tegra186.c | 46 ++-- drivers/phy/tegra/xusb.c | 8 +- drivers/platform/x86/amd/hsmp/Kconfig | 2 +- drivers/platform/x86/amd/hsmp/acpi.c | 10 +- drivers/platform/x86/amd/hsmp/hsmp.c | 1 - drivers/platform/x86/amd/hsmp/hsmp.h | 4 +- drivers/platform/x86/amd/hsmp/plat.c | 42 ++-- drivers/platform/x86/amd/pmc/pmc-quirks.c | 7 + drivers/platform/x86/amd/pmf/tee-if.c | 23 +- drivers/platform/x86/asus-wmi.c | 3 +- drivers/regulator/max20086-regulator.c | 7 +- drivers/scsi/sd_zbc.c | 6 +- drivers/scsi/storvsc_drv.c | 1 + drivers/spi/spi-loopback-test.c | 2 +- drivers/spi/spi-tegra114.c | 6 +- drivers/usb/gadget/function/f_midi2.c | 2 +- fs/binfmt_elf.c | 71 ++++-- fs/btrfs/discard.c | 17 +- fs/btrfs/fs.h | 1 + fs/btrfs/inode.c | 7 + fs/btrfs/super.c | 4 + fs/eventpoll.c | 7 +- fs/nfs/localio.c | 2 +- fs/nfs/nfs4proc.c | 9 +- fs/nfs/pnfs.c | 9 + fs/smb/client/smb2pdu.c | 2 +- fs/udf/truncate.c | 2 +- fs/xattr.c | 24 ++ include/linux/bio.h | 1 + include/linux/hyperv.h | 7 - include/linux/micrel_phy.h | 1 - include/linux/tpm.h | 21 +- include/net/sch_generic.h | 15 ++ include/sound/ump_msg.h | 4 +- io_uring/fdinfo.c | 48 ++-- io_uring/memmap.c | 2 +- io_uring/uring_cmd.c | 5 + kernel/cgroup/cpuset.c | 6 +- kernel/sched/ext.c | 6 + kernel/trace/fprobe.c | 3 +- kernel/trace/ring_buffer.c | 8 +- kernel/trace/trace_dynevent.c | 16 +- kernel/trace/trace_dynevent.h | 1 + kernel/trace/trace_events_trigger.c | 2 +- kernel/trace/trace_functions.c | 6 +- kernel/trace/trace_kprobe.c | 2 +- kernel/trace/trace_probe.c | 9 + kernel/trace/trace_uprobe.c | 2 +- mm/hugetlb.c | 28 ++- mm/page_alloc.c | 23 -- mm/userfaultfd.c | 12 +- net/bluetooth/mgmt.c | 9 +- net/mac80211/main.c | 6 +- net/mctp/device.c | 15 +- net/mctp/route.c | 4 +- net/sched/sch_codel.c | 2 +- net/sched/sch_fq.c | 2 +- net/sched/sch_fq_codel.c | 2 +- net/sched/sch_fq_pie.c | 2 +- net/sched/sch_hhf.c | 2 +- net/sched/sch_pie.c | 2 +- net/tls/tls_strp.c | 3 +- samples/ftrace/sample-trace-array.c | 2 +- scripts/Makefile.extrawarn | 12 + sound/core/seq/seq_clientmgr.c | 52 +++-- sound/core/seq/seq_ump_convert.c | 18 ++ sound/core/seq/seq_ump_convert.h | 1 + sound/pci/es1968.c | 6 +- sound/sh/Kconfig | 2 +- sound/usb/quirks.c | 4 + tools/net/ynl/pyynl/ethtool.py | 22 +- tools/perf/arch/loongarch/include/syscall_table.h | 2 +- tools/testing/selftests/drivers/net/hw/ncdevmem.c | 55 ++--- tools/testing/vsock/vsock_test.c | 28 ++- 177 files changed, 1689 insertions(+), 1027 deletions(-)

4 months

16
165
0 0

[PATCH 5.10 0/5] kernfs: backport locking and concurrency improvement

by Qingfang Deng

KCSAN reports concurrent accesses to inode->i_mode: ================================================================== BUG: KCSAN: data-race in generic_permission / kernfs_iop_permission write to 0xffffffe001129590 of 2 bytes by task 2477 on cpu 1: kernfs_iop_permission+0x72/0x1a0 link_path_walk.part.0.constprop.0+0x348/0x420 path_openat+0xee/0x10f0 do_filp_open+0xaa/0x160 do_sys_openat2+0x252/0x380 sys_openat+0x4c/0xa0 ret_from_syscall+0x0/0x2 read to 0xffffffe001129590 of 2 bytes by task 3902 on cpu 3: generic_permission+0x26/0x120 kernfs_iop_permission+0x150/0x1a0 link_path_walk.part.0.constprop.0+0x348/0x420 path_lookupat+0x58/0x280 filename_lookup+0xae/0x1f0 user_path_at_empty+0x3a/0x70 vfs_statx+0x82/0x170 __do_sys_newfstatat+0x36/0x70 sys_newfstatat+0x2e/0x50 ret_from_syscall+0x0/0x2 Reported by Kernel Concurrency Sanitizer on: CPU: 3 PID: 3902 Comm: ls Not tainted 5.10.104+ #0 ================================================================== kernfs_iop_permission+0x72/0x1a0: kernfs_refresh_inode at fs/kernfs/inode.c:174 169 170 static void kernfs_refresh_inode(struct kernfs_node *kn, struct inode *inode) 171 { 172 struct kernfs_iattrs *attrs = kn->iattr; 173 >174< inode->i_mode = kn->mode; 175 if (attrs) 176 /* 177 * kernfs_node has non-default attributes get them from 178 * persistent copy in kernfs_node. 179 */ (inlined by) kernfs_iop_permission at fs/kernfs/inode.c:285 280 return -ECHILD; 281 282 kn = inode->i_private; 283 284 mutex_lock(&kernfs_mutex); >285< kernfs_refresh_inode(kn, inode); 286 mutex_unlock(&kernfs_mutex); 287 288 return generic_permission(inode, mask); 289 } 290 generic_permission+0x26/0x120: acl_permission_check at fs/namei.c:298 293 * Note that the POSIX ACL check cares about the MAY_NOT_BLOCK bit, 294 * for RCU walking. 295 */ 296 static int acl_permission_check(struct inode *inode, int mask) 297 { >298< unsigned int mode = inode->i_mode; 299 300 /* Are we the owner? If so, ACL's don't matter */ 301 if (likely(uid_eq(current_fsuid(), inode->i_uid))) { 302 mask &= 7; 303 mode >>= 6; (inlined by) generic_permission at fs/namei.c:353 348 int ret; 349 350 /* 351 * Do the basic permission checks. 352 */ >353< ret = acl_permission_check(inode, mask); 354 if (ret != -EACCES) 355 return ret; 356 357 if (S_ISDIR(inode->i_mode)) { 358 /* DACs are overridable for directories */ Backport the series from 5.15 to fix the concurrency bug. https://lore.kernel.org/all/162642752894.63632.5596341704463755308.stgit@we… Ian Kent (5): kernfs: add a revision to identify directory node changes kernfs: use VFS negative dentry caching kernfs: switch kernfs to use an rwsem kernfs: use i_lock to protect concurrent inode updates kernfs: dont call d_splice_alias() under kernfs node lock fs/kernfs/dir.c | 153 ++++++++++++++++++++---------------- fs/kernfs/file.c | 4 +- fs/kernfs/inode.c | 26 +++--- fs/kernfs/kernfs-internal.h | 24 +++++- fs/kernfs/mount.c | 12 +-- fs/kernfs/symlink.c | 4 +- include/linux/kernfs.h | 7 +- 7 files changed, 138 insertions(+), 92 deletions(-) -- 2.43.0

4 months

4
14
0 0

[PATCH 5.10.y] sched/deadline: Fix warning in migrate_enable for boosted tasks

by bin.lan.cn＠windriver.com

From: Wander Lairson Costa <wander(a)redhat.com> [ Upstream commit 0664e2c311b9fa43b33e3e81429cd0c2d7f9c638 ] When running the following command: while true; do stress-ng --cyclic 30 --timeout 30s --minimize --quiet done a warning is eventually triggered: WARNING: CPU: 43 PID: 2848 at kernel/sched/deadline.c:794 setup_new_dl_entity+0x13e/0x180 ... Call Trace: <TASK> ? show_trace_log_lvl+0x1c4/0x2df ? enqueue_dl_entity+0x631/0x6e0 ? setup_new_dl_entity+0x13e/0x180 ? __warn+0x7e/0xd0 ? report_bug+0x11a/0x1a0 ? handle_bug+0x3c/0x70 ? exc_invalid_op+0x14/0x70 ? asm_exc_invalid_op+0x16/0x20 enqueue_dl_entity+0x631/0x6e0 enqueue_task_dl+0x7d/0x120 __do_set_cpus_allowed+0xe3/0x280 __set_cpus_allowed_ptr_locked+0x140/0x1d0 __set_cpus_allowed_ptr+0x54/0xa0 migrate_enable+0x7e/0x150 rt_spin_unlock+0x1c/0x90 group_send_sig_info+0xf7/0x1a0 ? kill_pid_info+0x1f/0x1d0 kill_pid_info+0x78/0x1d0 kill_proc_info+0x5b/0x110 __x64_sys_kill+0x93/0xc0 do_syscall_64+0x5c/0xf0 entry_SYSCALL_64_after_hwframe+0x6e/0x76 RIP: 0033:0x7f0dab31f92b This warning occurs because set_cpus_allowed dequeues and enqueues tasks with the ENQUEUE_RESTORE flag set. If the task is boosted, the warning is triggered. A boosted task already had its parameters set by rt_mutex_setprio, and a new call to setup_new_dl_entity is unnecessary, hence the WARN_ON call. Check if we are requeueing a boosted task and avoid calling setup_new_dl_entity if that's the case. Fixes: 295d6d5e3736 ("sched/deadline: Fix switching to -deadline") Signed-off-by: Wander Lairson Costa <wander(a)redhat.com> Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Acked-by: Juri Lelli <juri.lelli(a)redhat.com> Link: https://lore.kernel.org/r/20240724142253.27145-2-wander@redhat.com [Minor context change fixed.] Signed-off-by: Bin Lan <bin.lan.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Build test passed. --- kernel/sched/deadline.c | 1 + 1 file changed, 1 insertion(+) diff --git a/kernel/sched/deadline.c b/kernel/sched/deadline.c index 6548bd90c5c3..e2ff343d1c42 100644 --- a/kernel/sched/deadline.c +++ b/kernel/sched/deadline.c @@ -1516,6 +1516,7 @@ enqueue_dl_entity(struct sched_dl_entity *dl_se, int flags) } else if (flags & ENQUEUE_REPLENISH) { replenish_dl_entity(dl_se); } else if ((flags & ENQUEUE_RESTORE) && + !is_dl_boosted(dl_se) && dl_time_before(dl_se->deadline, rq_clock(rq_of_dl_rq(dl_rq_of_se(dl_se))))) { setup_new_dl_entity(dl_se); -- 2.34.1

4 months

3
2
0 0

[PATCH 5.15.y v3 0/1] Manual Backport of 099606a7b2d5 to 5.15

by Harshvardhan Jha

The patch 099606a7b2d5 didn't cleanly apply to 5.15 due to the significant difference in codebases. I've tried to manually bring it back to 5.15 via some minor conflict resolution but also invoking the newly introduced API using inverted logic as the conditional statements present in 5.15 are the opposite of those in 6.1 xen/swiotlib. v2 of this patch was added and dropped due to some issues in testing. However, after further verification this version seems to be right as is. I kindly request Juergen's ack specifically before this is added to stable queue as this patch differs quite significantly compared to the original. Changes in v2: Include correct upstream SHA in the commit message Changes in v3: Patch remains the same, however further verification and testing was done. Harshvardhan Jha (1): xen/swiotlb: relax alignment requirements drivers/xen/swiotlb-xen.c | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) -- 2.47.1

4 months

2
2
0 0

[PATCH 6.1.y] sched/deadline: Fix warning in migrate_enable for boosted tasks

by bin.lan.cn＠windriver.com

From: Wander Lairson Costa <wander(a)redhat.com> [ Upstream commit 0664e2c311b9fa43b33e3e81429cd0c2d7f9c638 ] When running the following command: while true; do stress-ng --cyclic 30 --timeout 30s --minimize --quiet done a warning is eventually triggered: WARNING: CPU: 43 PID: 2848 at kernel/sched/deadline.c:794 setup_new_dl_entity+0x13e/0x180 ... Call Trace: <TASK> ? show_trace_log_lvl+0x1c4/0x2df ? enqueue_dl_entity+0x631/0x6e0 ? setup_new_dl_entity+0x13e/0x180 ? __warn+0x7e/0xd0 ? report_bug+0x11a/0x1a0 ? handle_bug+0x3c/0x70 ? exc_invalid_op+0x14/0x70 ? asm_exc_invalid_op+0x16/0x20 enqueue_dl_entity+0x631/0x6e0 enqueue_task_dl+0x7d/0x120 __do_set_cpus_allowed+0xe3/0x280 __set_cpus_allowed_ptr_locked+0x140/0x1d0 __set_cpus_allowed_ptr+0x54/0xa0 migrate_enable+0x7e/0x150 rt_spin_unlock+0x1c/0x90 group_send_sig_info+0xf7/0x1a0 ? kill_pid_info+0x1f/0x1d0 kill_pid_info+0x78/0x1d0 kill_proc_info+0x5b/0x110 __x64_sys_kill+0x93/0xc0 do_syscall_64+0x5c/0xf0 entry_SYSCALL_64_after_hwframe+0x6e/0x76 RIP: 0033:0x7f0dab31f92b This warning occurs because set_cpus_allowed dequeues and enqueues tasks with the ENQUEUE_RESTORE flag set. If the task is boosted, the warning is triggered. A boosted task already had its parameters set by rt_mutex_setprio, and a new call to setup_new_dl_entity is unnecessary, hence the WARN_ON call. Check if we are requeueing a boosted task and avoid calling setup_new_dl_entity if that's the case. Fixes: 295d6d5e3736 ("sched/deadline: Fix switching to -deadline") Signed-off-by: Wander Lairson Costa <wander(a)redhat.com> Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Acked-by: Juri Lelli <juri.lelli(a)redhat.com> Link: https://lore.kernel.org/r/20240724142253.27145-2-wander@redhat.com [Minor context change fixed.] Signed-off-by: Bin Lan <bin.lan.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Build test passed. --- kernel/sched/deadline.c | 1 + 1 file changed, 1 insertion(+) diff --git a/kernel/sched/deadline.c b/kernel/sched/deadline.c index 7f378fa0b6ed..e1371227a3bf 100644 --- a/kernel/sched/deadline.c +++ b/kernel/sched/deadline.c @@ -1656,6 +1656,7 @@ enqueue_dl_entity(struct sched_dl_entity *dl_se, int flags) } else if (flags & ENQUEUE_REPLENISH) { replenish_dl_entity(dl_se); } else if ((flags & ENQUEUE_RESTORE) && + !is_dl_boosted(dl_se) && dl_time_before(dl_se->deadline, rq_clock(rq_of_dl_rq(dl_rq_of_se(dl_se))))) { setup_new_dl_entity(dl_se); -- 2.34.1

4 months

2
1
0 0

[PATCH 5.15.y] sched/deadline: Fix warning in migrate_enable for boosted tasks

by bin.lan.cn＠windriver.com

From: Wander Lairson Costa <wander(a)redhat.com> [ Upstream commit 0664e2c311b9fa43b33e3e81429cd0c2d7f9c638 ] When running the following command: while true; do stress-ng --cyclic 30 --timeout 30s --minimize --quiet done a warning is eventually triggered: WARNING: CPU: 43 PID: 2848 at kernel/sched/deadline.c:794 setup_new_dl_entity+0x13e/0x180 ... Call Trace: <TASK> ? show_trace_log_lvl+0x1c4/0x2df ? enqueue_dl_entity+0x631/0x6e0 ? setup_new_dl_entity+0x13e/0x180 ? __warn+0x7e/0xd0 ? report_bug+0x11a/0x1a0 ? handle_bug+0x3c/0x70 ? exc_invalid_op+0x14/0x70 ? asm_exc_invalid_op+0x16/0x20 enqueue_dl_entity+0x631/0x6e0 enqueue_task_dl+0x7d/0x120 __do_set_cpus_allowed+0xe3/0x280 __set_cpus_allowed_ptr_locked+0x140/0x1d0 __set_cpus_allowed_ptr+0x54/0xa0 migrate_enable+0x7e/0x150 rt_spin_unlock+0x1c/0x90 group_send_sig_info+0xf7/0x1a0 ? kill_pid_info+0x1f/0x1d0 kill_pid_info+0x78/0x1d0 kill_proc_info+0x5b/0x110 __x64_sys_kill+0x93/0xc0 do_syscall_64+0x5c/0xf0 entry_SYSCALL_64_after_hwframe+0x6e/0x76 RIP: 0033:0x7f0dab31f92b This warning occurs because set_cpus_allowed dequeues and enqueues tasks with the ENQUEUE_RESTORE flag set. If the task is boosted, the warning is triggered. A boosted task already had its parameters set by rt_mutex_setprio, and a new call to setup_new_dl_entity is unnecessary, hence the WARN_ON call. Check if we are requeueing a boosted task and avoid calling setup_new_dl_entity if that's the case. Fixes: 295d6d5e3736 ("sched/deadline: Fix switching to -deadline") Signed-off-by: Wander Lairson Costa <wander(a)redhat.com> Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Acked-by: Juri Lelli <juri.lelli(a)redhat.com> Link: https://lore.kernel.org/r/20240724142253.27145-2-wander@redhat.com [Minor context change fixed.] Signed-off-by: Bin Lan <bin.lan.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Build test passed. --- kernel/sched/deadline.c | 1 + 1 file changed, 1 insertion(+) diff --git a/kernel/sched/deadline.c b/kernel/sched/deadline.c index 66eb68c59f0b..5bb8915b1ca4 100644 --- a/kernel/sched/deadline.c +++ b/kernel/sched/deadline.c @@ -1514,6 +1514,7 @@ enqueue_dl_entity(struct sched_dl_entity *dl_se, int flags) } else if (flags & ENQUEUE_REPLENISH) { replenish_dl_entity(dl_se); } else if ((flags & ENQUEUE_RESTORE) && + !is_dl_boosted(dl_se) && dl_time_before(dl_se->deadline, rq_clock(rq_of_dl_rq(dl_rq_of_se(dl_se))))) { setup_new_dl_entity(dl_se); -- 2.34.1

4 months

2
1
0 0

FAILED: patch "[PATCH] gpio: pca953x: fix IRQ storm on system wake up" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 3e38f946062b4845961ab86b726651b4457b2af8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051941-gloomily-occupy-87f2@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3e38f946062b4845961ab86b726651b4457b2af8 Mon Sep 17 00:00:00 2001 From: Emanuele Ghidoli <emanuele.ghidoli(a)toradex.com> Date: Mon, 12 May 2025 11:54:41 +0200 Subject: [PATCH] gpio: pca953x: fix IRQ storm on system wake up If an input changes state during wake-up and is used as an interrupt source, the IRQ handler reads the volatile input register to clear the interrupt mask and deassert the IRQ line. However, the IRQ handler is triggered before access to the register is granted, causing the read operation to fail. As a result, the IRQ handler enters a loop, repeatedly printing the "failed reading register" message, until `pca953x_resume()` is eventually called, which restores the driver context and enables access to registers. Fix by disabling the IRQ line before entering suspend mode, and re-enabling it after the driver context is restored in `pca953x_resume()`. An IRQ can be disabled with disable_irq() and still wake the system as long as the IRQ has wake enabled, so the wake-up functionality is preserved. Fixes: b76574300504 ("gpio: pca953x: Restore registers after suspend/resume cycle") Cc: stable(a)vger.kernel.org Signed-off-by: Emanuele Ghidoli <emanuele.ghidoli(a)toradex.com> Signed-off-by: Francesco Dolcini <francesco.dolcini(a)toradex.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Tested-by: Geert Uytterhoeven <geert+renesas(a)glider.be> Link: https://lore.kernel.org/r/20250512095441.31645-1-francesco@dolcini.it Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> diff --git a/drivers/gpio/gpio-pca953x.c b/drivers/gpio/gpio-pca953x.c index 442435ded020..13cc120cf11f 100644 --- a/drivers/gpio/gpio-pca953x.c +++ b/drivers/gpio/gpio-pca953x.c @@ -1204,6 +1204,8 @@ static int pca953x_restore_context(struct pca953x_chip *chip) guard(mutex)(&chip->i2c_lock); + if (chip->client->irq > 0) + enable_irq(chip->client->irq); regcache_cache_only(chip->regmap, false); regcache_mark_dirty(chip->regmap); ret = pca953x_regcache_sync(chip); @@ -1216,6 +1218,10 @@ static int pca953x_restore_context(struct pca953x_chip *chip) static void pca953x_save_context(struct pca953x_chip *chip) { guard(mutex)(&chip->i2c_lock); + + /* Disable IRQ to prevent early triggering while regmap "cache only" is on */ + if (chip->client->irq > 0) + disable_irq(chip->client->irq); regcache_cache_only(chip->regmap, true); }

4 months

3
2
0 0

FAILED: patch "[PATCH] hrtimers: Force migrate away hrtimers queued after" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 53dac345395c0d2493cbc2f4c85fe38aef5b63f5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021052-avenging-aflutter-192c@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 53dac345395c0d2493cbc2f4c85fe38aef5b63f5 Mon Sep 17 00:00:00 2001 From: Frederic Weisbecker <frederic(a)kernel.org> Date: Sat, 18 Jan 2025 00:24:33 +0100 Subject: [PATCH] hrtimers: Force migrate away hrtimers queued after CPUHP_AP_HRTIMERS_DYING hrtimers are migrated away from the dying CPU to any online target at the CPUHP_AP_HRTIMERS_DYING stage in order not to delay bandwidth timers handling tasks involved in the CPU hotplug forward progress. However wakeups can still be performed by the outgoing CPU after CPUHP_AP_HRTIMERS_DYING. Those can result again in bandwidth timers being armed. Depending on several considerations (crystal ball power management based election, earliest timer already enqueued, timer migration enabled or not), the target may eventually be the current CPU even if offline. If that happens, the timer is eventually ignored. The most notable example is RCU which had to deal with each and every of those wake-ups by deferring them to an online CPU, along with related workarounds: _ e787644caf76 (rcu: Defer RCU kthreads wakeup when CPU is dying) _ 9139f93209d1 (rcu/nocb: Fix RT throttling hrtimer armed from offline CPU) _ f7345ccc62a4 (rcu/nocb: Fix rcuog wake-up from offline softirq) The problem isn't confined to RCU though as the stop machine kthread (which runs CPUHP_AP_HRTIMERS_DYING) reports its completion at the end of its work through cpu_stop_signal_done() and performs a wake up that eventually arms the deadline server timer: WARNING: CPU: 94 PID: 588 at kernel/time/hrtimer.c:1086 hrtimer_start_range_ns+0x289/0x2d0 CPU: 94 UID: 0 PID: 588 Comm: migration/94 Not tainted Stopper: multi_cpu_stop+0x0/0x120 <- stop_machine_cpuslocked+0x66/0xc0 RIP: 0010:hrtimer_start_range_ns+0x289/0x2d0 Call Trace: <TASK> start_dl_timer enqueue_dl_entity dl_server_start enqueue_task_fair enqueue_task ttwu_do_activate try_to_wake_up complete cpu_stopper_thread Instead of providing yet another bandaid to work around the situation, fix it in the hrtimers infrastructure instead: always migrate away a timer to an online target whenever it is enqueued from an offline CPU. This will also allow to revert all the above RCU disgraceful hacks. Fixes: 5c0930ccaad5 ("hrtimers: Push pending hrtimers away from outgoing CPU earlier") Reported-by: Vlad Poenaru <vlad.wing(a)gmail.com> Reported-by: Usama Arif <usamaarif642(a)gmail.com> Signed-off-by: Frederic Weisbecker <frederic(a)kernel.org> Signed-off-by: Paul E. McKenney <paulmck(a)kernel.org> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org Tested-by: Paul E. McKenney <paulmck(a)kernel.org> Link: https://lore.kernel.org/all/20250117232433.24027-1-frederic@kernel.org Closes: 20241213203739.1519801-1-usamaarif642(a)gmail.com diff --git a/include/linux/hrtimer_defs.h b/include/linux/hrtimer_defs.h index c3b4b7ed7c16..84a5045f80f3 100644 --- a/include/linux/hrtimer_defs.h +++ b/include/linux/hrtimer_defs.h @@ -125,6 +125,7 @@ struct hrtimer_cpu_base { ktime_t softirq_expires_next; struct hrtimer *softirq_next_timer; struct hrtimer_clock_base clock_base[HRTIMER_MAX_CLOCK_BASES]; + call_single_data_t csd; } ____cacheline_aligned; diff --git a/kernel/time/hrtimer.c b/kernel/time/hrtimer.c index 4fb81f8c6f1c..deb1aa32814e 100644 --- a/kernel/time/hrtimer.c +++ b/kernel/time/hrtimer.c @@ -58,6 +58,8 @@ #define HRTIMER_ACTIVE_SOFT (HRTIMER_ACTIVE_HARD << MASK_SHIFT) #define HRTIMER_ACTIVE_ALL (HRTIMER_ACTIVE_SOFT | HRTIMER_ACTIVE_HARD) +static void retrigger_next_event(void *arg); + /* * The timer bases: * @@ -111,7 +113,8 @@ DEFINE_PER_CPU(struct hrtimer_cpu_base, hrtimer_bases) = .clockid = CLOCK_TAI, .get_time = &ktime_get_clocktai, }, - } + }, + .csd = CSD_INIT(retrigger_next_event, NULL) }; static const int hrtimer_clock_to_base_table[MAX_CLOCKS] = { @@ -124,6 +127,14 @@ static const int hrtimer_clock_to_base_table[MAX_CLOCKS] = { [CLOCK_TAI] = HRTIMER_BASE_TAI, }; +static inline bool hrtimer_base_is_online(struct hrtimer_cpu_base *base) +{ + if (!IS_ENABLED(CONFIG_HOTPLUG_CPU)) + return true; + else + return likely(base->online); +} + /* * Functions and macros which are different for UP/SMP systems are kept in a * single place @@ -178,27 +189,54 @@ struct hrtimer_clock_base *lock_hrtimer_base(const struct hrtimer *timer, } /* - * We do not migrate the timer when it is expiring before the next - * event on the target cpu. When high resolution is enabled, we cannot - * reprogram the target cpu hardware and we would cause it to fire - * late. To keep it simple, we handle the high resolution enabled and - * disabled case similar. + * Check if the elected target is suitable considering its next + * event and the hotplug state of the current CPU. + * + * If the elected target is remote and its next event is after the timer + * to queue, then a remote reprogram is necessary. However there is no + * guarantee the IPI handling the operation would arrive in time to meet + * the high resolution deadline. In this case the local CPU becomes a + * preferred target, unless it is offline. + * + * High and low resolution modes are handled the same way for simplicity. * * Called with cpu_base->lock of target cpu held. */ -static int -hrtimer_check_target(struct hrtimer *timer, struct hrtimer_clock_base *new_base) +static bool hrtimer_suitable_target(struct hrtimer *timer, struct hrtimer_clock_base *new_base, + struct hrtimer_cpu_base *new_cpu_base, + struct hrtimer_cpu_base *this_cpu_base) { ktime_t expires; + /* + * The local CPU clockevent can be reprogrammed. Also get_target_base() + * guarantees it is online. + */ + if (new_cpu_base == this_cpu_base) + return true; + + /* + * The offline local CPU can't be the default target if the + * next remote target event is after this timer. Keep the + * elected new base. An IPI will we issued to reprogram + * it as a last resort. + */ + if (!hrtimer_base_is_online(this_cpu_base)) + return true; + expires = ktime_sub(hrtimer_get_expires(timer), new_base->offset); - return expires < new_base->cpu_base->expires_next; + + return expires >= new_base->cpu_base->expires_next; } -static inline -struct hrtimer_cpu_base *get_target_base(struct hrtimer_cpu_base *base, - int pinned) +static inline struct hrtimer_cpu_base *get_target_base(struct hrtimer_cpu_base *base, int pinned) { + if (!hrtimer_base_is_online(base)) { + int cpu = cpumask_any_and(cpu_online_mask, housekeeping_cpumask(HK_TYPE_TIMER)); + + return &per_cpu(hrtimer_bases, cpu); + } + #if defined(CONFIG_SMP) && defined(CONFIG_NO_HZ_COMMON) if (static_branch_likely(&timers_migration_enabled) && !pinned) return &per_cpu(hrtimer_bases, get_nohz_timer_target()); @@ -249,8 +287,8 @@ switch_hrtimer_base(struct hrtimer *timer, struct hrtimer_clock_base *base, raw_spin_unlock(&base->cpu_base->lock); raw_spin_lock(&new_base->cpu_base->lock); - if (new_cpu_base != this_cpu_base && - hrtimer_check_target(timer, new_base)) { + if (!hrtimer_suitable_target(timer, new_base, new_cpu_base, + this_cpu_base)) { raw_spin_unlock(&new_base->cpu_base->lock); raw_spin_lock(&base->cpu_base->lock); new_cpu_base = this_cpu_base; @@ -259,8 +297,7 @@ switch_hrtimer_base(struct hrtimer *timer, struct hrtimer_clock_base *base, } WRITE_ONCE(timer->base, new_base); } else { - if (new_cpu_base != this_cpu_base && - hrtimer_check_target(timer, new_base)) { + if (!hrtimer_suitable_target(timer, new_base, new_cpu_base, this_cpu_base)) { new_cpu_base = this_cpu_base; goto again; } @@ -706,8 +743,6 @@ static inline int hrtimer_is_hres_enabled(void) return hrtimer_hres_enabled; } -static void retrigger_next_event(void *arg); - /* * Switch to high resolution mode */ @@ -1195,6 +1230,7 @@ static int __hrtimer_start_range_ns(struct hrtimer *timer, ktime_t tim, u64 delta_ns, const enum hrtimer_mode mode, struct hrtimer_clock_base *base) { + struct hrtimer_cpu_base *this_cpu_base = this_cpu_ptr(&hrtimer_bases); struct hrtimer_clock_base *new_base; bool force_local, first; @@ -1206,9 +1242,15 @@ static int __hrtimer_start_range_ns(struct hrtimer *timer, ktime_t tim, * and enforce reprogramming after it is queued no matter whether * it is the new first expiring timer again or not. */ - force_local = base->cpu_base == this_cpu_ptr(&hrtimer_bases); + force_local = base->cpu_base == this_cpu_base; force_local &= base->cpu_base->next_timer == timer; + /* + * Don't force local queuing if this enqueue happens on a unplugged + * CPU after hrtimer_cpu_dying() has been invoked. + */ + force_local &= this_cpu_base->online; + /* * Remove an active timer from the queue. In case it is not queued * on the current CPU, make sure that remove_hrtimer() updates the @@ -1238,8 +1280,27 @@ static int __hrtimer_start_range_ns(struct hrtimer *timer, ktime_t tim, } first = enqueue_hrtimer(timer, new_base, mode); - if (!force_local) - return first; + if (!force_local) { + /* + * If the current CPU base is online, then the timer is + * never queued on a remote CPU if it would be the first + * expiring timer there. + */ + if (hrtimer_base_is_online(this_cpu_base)) + return first; + + /* + * Timer was enqueued remote because the current base is + * already offline. If the timer is the first to expire, + * kick the remote CPU to reprogram the clock event. + */ + if (first) { + struct hrtimer_cpu_base *new_cpu_base = new_base->cpu_base; + + smp_call_function_single_async(new_cpu_base->cpu, &new_cpu_base->csd); + } + return 0; + } /* * Timer was forced to stay on the current CPU to avoid

4 months

3
2
0 0

FAILED: patch "[PATCH] hrtimers: Force migrate away hrtimers queued after" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 53dac345395c0d2493cbc2f4c85fe38aef5b63f5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021053-unranked-silt-0282@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 53dac345395c0d2493cbc2f4c85fe38aef5b63f5 Mon Sep 17 00:00:00 2001 From: Frederic Weisbecker <frederic(a)kernel.org> Date: Sat, 18 Jan 2025 00:24:33 +0100 Subject: [PATCH] hrtimers: Force migrate away hrtimers queued after CPUHP_AP_HRTIMERS_DYING hrtimers are migrated away from the dying CPU to any online target at the CPUHP_AP_HRTIMERS_DYING stage in order not to delay bandwidth timers handling tasks involved in the CPU hotplug forward progress. However wakeups can still be performed by the outgoing CPU after CPUHP_AP_HRTIMERS_DYING. Those can result again in bandwidth timers being armed. Depending on several considerations (crystal ball power management based election, earliest timer already enqueued, timer migration enabled or not), the target may eventually be the current CPU even if offline. If that happens, the timer is eventually ignored. The most notable example is RCU which had to deal with each and every of those wake-ups by deferring them to an online CPU, along with related workarounds: _ e787644caf76 (rcu: Defer RCU kthreads wakeup when CPU is dying) _ 9139f93209d1 (rcu/nocb: Fix RT throttling hrtimer armed from offline CPU) _ f7345ccc62a4 (rcu/nocb: Fix rcuog wake-up from offline softirq) The problem isn't confined to RCU though as the stop machine kthread (which runs CPUHP_AP_HRTIMERS_DYING) reports its completion at the end of its work through cpu_stop_signal_done() and performs a wake up that eventually arms the deadline server timer: WARNING: CPU: 94 PID: 588 at kernel/time/hrtimer.c:1086 hrtimer_start_range_ns+0x289/0x2d0 CPU: 94 UID: 0 PID: 588 Comm: migration/94 Not tainted Stopper: multi_cpu_stop+0x0/0x120 <- stop_machine_cpuslocked+0x66/0xc0 RIP: 0010:hrtimer_start_range_ns+0x289/0x2d0 Call Trace: <TASK> start_dl_timer enqueue_dl_entity dl_server_start enqueue_task_fair enqueue_task ttwu_do_activate try_to_wake_up complete cpu_stopper_thread Instead of providing yet another bandaid to work around the situation, fix it in the hrtimers infrastructure instead: always migrate away a timer to an online target whenever it is enqueued from an offline CPU. This will also allow to revert all the above RCU disgraceful hacks. Fixes: 5c0930ccaad5 ("hrtimers: Push pending hrtimers away from outgoing CPU earlier") Reported-by: Vlad Poenaru <vlad.wing(a)gmail.com> Reported-by: Usama Arif <usamaarif642(a)gmail.com> Signed-off-by: Frederic Weisbecker <frederic(a)kernel.org> Signed-off-by: Paul E. McKenney <paulmck(a)kernel.org> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org Tested-by: Paul E. McKenney <paulmck(a)kernel.org> Link: https://lore.kernel.org/all/20250117232433.24027-1-frederic@kernel.org Closes: 20241213203739.1519801-1-usamaarif642(a)gmail.com diff --git a/include/linux/hrtimer_defs.h b/include/linux/hrtimer_defs.h index c3b4b7ed7c16..84a5045f80f3 100644 --- a/include/linux/hrtimer_defs.h +++ b/include/linux/hrtimer_defs.h @@ -125,6 +125,7 @@ struct hrtimer_cpu_base { ktime_t softirq_expires_next; struct hrtimer *softirq_next_timer; struct hrtimer_clock_base clock_base[HRTIMER_MAX_CLOCK_BASES]; + call_single_data_t csd; } ____cacheline_aligned; diff --git a/kernel/time/hrtimer.c b/kernel/time/hrtimer.c index 4fb81f8c6f1c..deb1aa32814e 100644 --- a/kernel/time/hrtimer.c +++ b/kernel/time/hrtimer.c @@ -58,6 +58,8 @@ #define HRTIMER_ACTIVE_SOFT (HRTIMER_ACTIVE_HARD << MASK_SHIFT) #define HRTIMER_ACTIVE_ALL (HRTIMER_ACTIVE_SOFT | HRTIMER_ACTIVE_HARD) +static void retrigger_next_event(void *arg); + /* * The timer bases: * @@ -111,7 +113,8 @@ DEFINE_PER_CPU(struct hrtimer_cpu_base, hrtimer_bases) = .clockid = CLOCK_TAI, .get_time = &ktime_get_clocktai, }, - } + }, + .csd = CSD_INIT(retrigger_next_event, NULL) }; static const int hrtimer_clock_to_base_table[MAX_CLOCKS] = { @@ -124,6 +127,14 @@ static const int hrtimer_clock_to_base_table[MAX_CLOCKS] = { [CLOCK_TAI] = HRTIMER_BASE_TAI, }; +static inline bool hrtimer_base_is_online(struct hrtimer_cpu_base *base) +{ + if (!IS_ENABLED(CONFIG_HOTPLUG_CPU)) + return true; + else + return likely(base->online); +} + /* * Functions and macros which are different for UP/SMP systems are kept in a * single place @@ -178,27 +189,54 @@ struct hrtimer_clock_base *lock_hrtimer_base(const struct hrtimer *timer, } /* - * We do not migrate the timer when it is expiring before the next - * event on the target cpu. When high resolution is enabled, we cannot - * reprogram the target cpu hardware and we would cause it to fire - * late. To keep it simple, we handle the high resolution enabled and - * disabled case similar. + * Check if the elected target is suitable considering its next + * event and the hotplug state of the current CPU. + * + * If the elected target is remote and its next event is after the timer + * to queue, then a remote reprogram is necessary. However there is no + * guarantee the IPI handling the operation would arrive in time to meet + * the high resolution deadline. In this case the local CPU becomes a + * preferred target, unless it is offline. + * + * High and low resolution modes are handled the same way for simplicity. * * Called with cpu_base->lock of target cpu held. */ -static int -hrtimer_check_target(struct hrtimer *timer, struct hrtimer_clock_base *new_base) +static bool hrtimer_suitable_target(struct hrtimer *timer, struct hrtimer_clock_base *new_base, + struct hrtimer_cpu_base *new_cpu_base, + struct hrtimer_cpu_base *this_cpu_base) { ktime_t expires; + /* + * The local CPU clockevent can be reprogrammed. Also get_target_base() + * guarantees it is online. + */ + if (new_cpu_base == this_cpu_base) + return true; + + /* + * The offline local CPU can't be the default target if the + * next remote target event is after this timer. Keep the + * elected new base. An IPI will we issued to reprogram + * it as a last resort. + */ + if (!hrtimer_base_is_online(this_cpu_base)) + return true; + expires = ktime_sub(hrtimer_get_expires(timer), new_base->offset); - return expires < new_base->cpu_base->expires_next; + + return expires >= new_base->cpu_base->expires_next; } -static inline -struct hrtimer_cpu_base *get_target_base(struct hrtimer_cpu_base *base, - int pinned) +static inline struct hrtimer_cpu_base *get_target_base(struct hrtimer_cpu_base *base, int pinned) { + if (!hrtimer_base_is_online(base)) { + int cpu = cpumask_any_and(cpu_online_mask, housekeeping_cpumask(HK_TYPE_TIMER)); + + return &per_cpu(hrtimer_bases, cpu); + } + #if defined(CONFIG_SMP) && defined(CONFIG_NO_HZ_COMMON) if (static_branch_likely(&timers_migration_enabled) && !pinned) return &per_cpu(hrtimer_bases, get_nohz_timer_target()); @@ -249,8 +287,8 @@ switch_hrtimer_base(struct hrtimer *timer, struct hrtimer_clock_base *base, raw_spin_unlock(&base->cpu_base->lock); raw_spin_lock(&new_base->cpu_base->lock); - if (new_cpu_base != this_cpu_base && - hrtimer_check_target(timer, new_base)) { + if (!hrtimer_suitable_target(timer, new_base, new_cpu_base, + this_cpu_base)) { raw_spin_unlock(&new_base->cpu_base->lock); raw_spin_lock(&base->cpu_base->lock); new_cpu_base = this_cpu_base; @@ -259,8 +297,7 @@ switch_hrtimer_base(struct hrtimer *timer, struct hrtimer_clock_base *base, } WRITE_ONCE(timer->base, new_base); } else { - if (new_cpu_base != this_cpu_base && - hrtimer_check_target(timer, new_base)) { + if (!hrtimer_suitable_target(timer, new_base, new_cpu_base, this_cpu_base)) { new_cpu_base = this_cpu_base; goto again; } @@ -706,8 +743,6 @@ static inline int hrtimer_is_hres_enabled(void) return hrtimer_hres_enabled; } -static void retrigger_next_event(void *arg); - /* * Switch to high resolution mode */ @@ -1195,6 +1230,7 @@ static int __hrtimer_start_range_ns(struct hrtimer *timer, ktime_t tim, u64 delta_ns, const enum hrtimer_mode mode, struct hrtimer_clock_base *base) { + struct hrtimer_cpu_base *this_cpu_base = this_cpu_ptr(&hrtimer_bases); struct hrtimer_clock_base *new_base; bool force_local, first; @@ -1206,9 +1242,15 @@ static int __hrtimer_start_range_ns(struct hrtimer *timer, ktime_t tim, * and enforce reprogramming after it is queued no matter whether * it is the new first expiring timer again or not. */ - force_local = base->cpu_base == this_cpu_ptr(&hrtimer_bases); + force_local = base->cpu_base == this_cpu_base; force_local &= base->cpu_base->next_timer == timer; + /* + * Don't force local queuing if this enqueue happens on a unplugged + * CPU after hrtimer_cpu_dying() has been invoked. + */ + force_local &= this_cpu_base->online; + /* * Remove an active timer from the queue. In case it is not queued * on the current CPU, make sure that remove_hrtimer() updates the @@ -1238,8 +1280,27 @@ static int __hrtimer_start_range_ns(struct hrtimer *timer, ktime_t tim, } first = enqueue_hrtimer(timer, new_base, mode); - if (!force_local) - return first; + if (!force_local) { + /* + * If the current CPU base is online, then the timer is + * never queued on a remote CPU if it would be the first + * expiring timer there. + */ + if (hrtimer_base_is_online(this_cpu_base)) + return first; + + /* + * Timer was enqueued remote because the current base is + * already offline. If the timer is the first to expire, + * kick the remote CPU to reprogram the clock event. + */ + if (first) { + struct hrtimer_cpu_base *new_cpu_base = new_base->cpu_base; + + smp_call_function_single_async(new_cpu_base->cpu, &new_cpu_base->csd); + } + return 0; + } /* * Timer was forced to stay on the current CPU to avoid

4 months

5
6
0 0

FAILED: patch "[PATCH] btrfs: check folio mapping after unlock in" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 3e74859ee35edc33a022c3f3971df066ea0ca6b9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024123045-parka-sublet-a95d@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3e74859ee35edc33a022c3f3971df066ea0ca6b9 Mon Sep 17 00:00:00 2001 From: Boris Burkov <boris(a)bur.io> Date: Fri, 13 Dec 2024 12:22:32 -0800 Subject: [PATCH] btrfs: check folio mapping after unlock in relocate_one_folio() When we call btrfs_read_folio() to bring a folio uptodate, we unlock the folio. The result of that is that a different thread can modify the mapping (like remove it with invalidate) before we call folio_lock(). This results in an invalid page and we need to try again. In particular, if we are relocating concurrently with aborting a transaction, this can result in a crash like the following: BUG: kernel NULL pointer dereference, address: 0000000000000000 PGD 0 P4D 0 Oops: 0000 [#1] SMP CPU: 76 PID: 1411631 Comm: kworker/u322:5 Workqueue: events_unbound btrfs_reclaim_bgs_work RIP: 0010:set_page_extent_mapped+0x20/0xb0 RSP: 0018:ffffc900516a7be8 EFLAGS: 00010246 RAX: ffffea009e851d08 RBX: ffffea009e0b1880 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffc900516a7b90 RDI: ffffea009e0b1880 RBP: 0000000003573000 R08: 0000000000000001 R09: ffff88c07fd2f3f0 R10: 0000000000000000 R11: 0000194754b575be R12: 0000000003572000 R13: 0000000003572fff R14: 0000000000100cca R15: 0000000005582fff FS: 0000000000000000(0000) GS:ffff88c07fd00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 000000407d00f002 CR4: 00000000007706f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> ? __die+0x78/0xc0 ? page_fault_oops+0x2a8/0x3a0 ? __switch_to+0x133/0x530 ? wq_worker_running+0xa/0x40 ? exc_page_fault+0x63/0x130 ? asm_exc_page_fault+0x22/0x30 ? set_page_extent_mapped+0x20/0xb0 relocate_file_extent_cluster+0x1a7/0x940 relocate_data_extent+0xaf/0x120 relocate_block_group+0x20f/0x480 btrfs_relocate_block_group+0x152/0x320 btrfs_relocate_chunk+0x3d/0x120 btrfs_reclaim_bgs_work+0x2ae/0x4e0 process_scheduled_works+0x184/0x370 worker_thread+0xc6/0x3e0 ? blk_add_timer+0xb0/0xb0 kthread+0xae/0xe0 ? flush_tlb_kernel_range+0x90/0x90 ret_from_fork+0x2f/0x40 ? flush_tlb_kernel_range+0x90/0x90 ret_from_fork_asm+0x11/0x20 </TASK> This occurs because cleanup_one_transaction() calls destroy_delalloc_inodes() which calls invalidate_inode_pages2() which takes the folio_lock before setting mapping to NULL. We fail to check this, and subsequently call set_extent_mapping(), which assumes that mapping != NULL (in fact it asserts that in debug mode) Note that the "fixes" patch here is not the one that introduced the race (the very first iteration of this code from 2009) but a more recent change that made this particular crash happen in practice. Fixes: e7f1326cc24e ("btrfs: set page extent mapped after read_folio in relocate_one_page") CC: stable(a)vger.kernel.org # 6.1+ Reviewed-by: Qu Wenruo <wqu(a)suse.com> Signed-off-by: Boris Burkov <boris(a)bur.io> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/relocation.c b/fs/btrfs/relocation.c index bf267bdfa8f8..db8b42f674b7 100644 --- a/fs/btrfs/relocation.c +++ b/fs/btrfs/relocation.c @@ -2902,6 +2902,7 @@ static int relocate_one_folio(struct reloc_control *rc, const bool use_rst = btrfs_need_stripe_tree_update(fs_info, rc->block_group->flags); ASSERT(index <= last_index); +again: folio = filemap_lock_folio(inode->i_mapping, index); if (IS_ERR(folio)) { @@ -2937,6 +2938,11 @@ static int relocate_one_folio(struct reloc_control *rc, ret = -EIO; goto release_folio; } + if (folio->mapping != inode->i_mapping) { + folio_unlock(folio); + folio_put(folio); + goto again; + } } /*

4 months

4
5
0 0

FAILED: patch "[PATCH] btrfs: check folio mapping after unlock in" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 3e74859ee35edc33a022c3f3971df066ea0ca6b9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024123042-limelight-doily-8703@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3e74859ee35edc33a022c3f3971df066ea0ca6b9 Mon Sep 17 00:00:00 2001 From: Boris Burkov <boris(a)bur.io> Date: Fri, 13 Dec 2024 12:22:32 -0800 Subject: [PATCH] btrfs: check folio mapping after unlock in relocate_one_folio() When we call btrfs_read_folio() to bring a folio uptodate, we unlock the folio. The result of that is that a different thread can modify the mapping (like remove it with invalidate) before we call folio_lock(). This results in an invalid page and we need to try again. In particular, if we are relocating concurrently with aborting a transaction, this can result in a crash like the following: BUG: kernel NULL pointer dereference, address: 0000000000000000 PGD 0 P4D 0 Oops: 0000 [#1] SMP CPU: 76 PID: 1411631 Comm: kworker/u322:5 Workqueue: events_unbound btrfs_reclaim_bgs_work RIP: 0010:set_page_extent_mapped+0x20/0xb0 RSP: 0018:ffffc900516a7be8 EFLAGS: 00010246 RAX: ffffea009e851d08 RBX: ffffea009e0b1880 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffc900516a7b90 RDI: ffffea009e0b1880 RBP: 0000000003573000 R08: 0000000000000001 R09: ffff88c07fd2f3f0 R10: 0000000000000000 R11: 0000194754b575be R12: 0000000003572000 R13: 0000000003572fff R14: 0000000000100cca R15: 0000000005582fff FS: 0000000000000000(0000) GS:ffff88c07fd00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 000000407d00f002 CR4: 00000000007706f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> ? __die+0x78/0xc0 ? page_fault_oops+0x2a8/0x3a0 ? __switch_to+0x133/0x530 ? wq_worker_running+0xa/0x40 ? exc_page_fault+0x63/0x130 ? asm_exc_page_fault+0x22/0x30 ? set_page_extent_mapped+0x20/0xb0 relocate_file_extent_cluster+0x1a7/0x940 relocate_data_extent+0xaf/0x120 relocate_block_group+0x20f/0x480 btrfs_relocate_block_group+0x152/0x320 btrfs_relocate_chunk+0x3d/0x120 btrfs_reclaim_bgs_work+0x2ae/0x4e0 process_scheduled_works+0x184/0x370 worker_thread+0xc6/0x3e0 ? blk_add_timer+0xb0/0xb0 kthread+0xae/0xe0 ? flush_tlb_kernel_range+0x90/0x90 ret_from_fork+0x2f/0x40 ? flush_tlb_kernel_range+0x90/0x90 ret_from_fork_asm+0x11/0x20 </TASK> This occurs because cleanup_one_transaction() calls destroy_delalloc_inodes() which calls invalidate_inode_pages2() which takes the folio_lock before setting mapping to NULL. We fail to check this, and subsequently call set_extent_mapping(), which assumes that mapping != NULL (in fact it asserts that in debug mode) Note that the "fixes" patch here is not the one that introduced the race (the very first iteration of this code from 2009) but a more recent change that made this particular crash happen in practice. Fixes: e7f1326cc24e ("btrfs: set page extent mapped after read_folio in relocate_one_page") CC: stable(a)vger.kernel.org # 6.1+ Reviewed-by: Qu Wenruo <wqu(a)suse.com> Signed-off-by: Boris Burkov <boris(a)bur.io> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/relocation.c b/fs/btrfs/relocation.c index bf267bdfa8f8..db8b42f674b7 100644 --- a/fs/btrfs/relocation.c +++ b/fs/btrfs/relocation.c @@ -2902,6 +2902,7 @@ static int relocate_one_folio(struct reloc_control *rc, const bool use_rst = btrfs_need_stripe_tree_update(fs_info, rc->block_group->flags); ASSERT(index <= last_index); +again: folio = filemap_lock_folio(inode->i_mapping, index); if (IS_ERR(folio)) { @@ -2937,6 +2938,11 @@ static int relocate_one_folio(struct reloc_control *rc, ret = -EIO; goto release_folio; } + if (folio->mapping != inode->i_mapping) { + folio_unlock(folio); + folio_put(folio); + goto again; + } } /*

4 months

3
2
0 0

RE: Drive Results for MRO & Air Charter with Targeted Contact Solutions

by Jessica Garcia

Hi , Circling back to see if you had any questions about my earlier email. Feel free to share your target industries and job titles, and I'll provide the relevant pricing and volume information. Regards, Jessica Marketing Manager Campaign Data Leads., Please respond with an Remove if you don't wish to receive further emails. -----Original Message----- From: Jessica Garcia Subject: Drive Results for MRO & Air Charter with Targeted Contact Solutions Hi , I'm offering a resource that connects aviation outreach with data-backed direction. We provide a current and verified list of contacts, tailored specifically for your industry. (i) High-Net-Worth Individuals (HNWI) seeking seamless luxury travel and private charters (ii) MRO Professionals focused on enhancing maintenance and procurement strategies (iii) Executive Assistants managing the travel needs of high-ranking executives For businesses offering aviation products, maintenance services, or charter flights, these contacts are ideal for your campaign. Please let me know if you'd like to explore the lead counts and their pricing structure. Regards, Jessica Marketing Manager Campaign Data Leads., Please respond with an Remove if you don't wish to receive further emails.

4 months

1
0
0 0

[to-be-updated] mm-hugetlb-fix-a-deadlock-with-pagecache_folio-and-hugetlb_fault_mutex_table.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/hugetlb: fix a deadlock with pagecache_folio and hugetlb_fault_mutex_table has been removed from the -mm tree. Its filename was mm-hugetlb-fix-a-deadlock-with-pagecache_folio-and-hugetlb_fault_mutex_table.patch This patch was dropped because an updated version will be issued ------------------------------------------------------ From: Gavin Guo <gavinguo(a)igalia.com> Subject: mm/hugetlb: fix a deadlock with pagecache_folio and hugetlb_fault_mutex_table Date: Tue, 13 May 2025 17:34:48 +0800 Fix a deadlock which can be triggered by an internal syzkaller [1] reproducer and captured by bpftrace script [2] and its log [3] in this scenario: Process 1 Process 2 --- --- hugetlb_fault mutex_lock(B) // take B filemap_lock_hugetlb_folio filemap_lock_folio __filemap_get_folio folio_lock(A) // take A hugetlb_wp mutex_unlock(B) // release B ... hugetlb_fault ... mutex_lock(B) // take B filemap_lock_hugetlb_folio filemap_lock_folio __filemap_get_folio folio_lock(A) // blocked unmap_ref_private ... mutex_lock(B) // retake and blocked This is a ABBA deadlock involving two locks: - Lock A: pagecache_folio lock - Lock B: hugetlb_fault_mutex_table lock The deadlock occurs between two processes as follows: 1. The first process (let's call it Process 1) is handling a copy-on-write (COW) operation on a hugepage via hugetlb_wp. Due to insufficient reserved hugetlb pages, Process 1, owner of the reserved hugetlb page, attempts to unmap a hugepage owned by another process (non-owner) to satisfy the reservation. Before unmapping, Process 1 acquires lock B (hugetlb_fault_mutex_table lock) and then lock A (pagecache_folio lock). To proceed with the unmap, it releases Lock B but retains Lock A. After the unmap, Process 1 tries to reacquire Lock B. However, at this point, Lock B has already been acquired by another process. 2. The second process (Process 2) enters the hugetlb_fault handler during the unmap operation. It successfully acquires Lock B (hugetlb_fault_mutex_table lock) that was just released by Process 1, but then attempts to acquire Lock A (pagecache_folio lock), which is still held by Process 1. As a result, Process 1 (holding Lock A) is blocked waiting for Lock B (held by Process 2), while Process 2 (holding Lock B) is blocked waiting for Lock A (held by Process 1), constructing a ABBA deadlock scenario. The solution here is to unlock the pagecache_folio and provide the pagecache_folio_unlocked variable to the caller to have the visibility over the pagecache_folio status for subsequent handling. The error message: INFO: task repro_20250402_:13229 blocked for more than 64 seconds. Not tainted 6.15.0-rc3+ #24 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:repro_20250402_ state:D stack:25856 pid:13229 tgid:13228 ppid:3513 task_flags:0x400040 flags:0x00004006 Call Trace: <TASK> __schedule+0x1755/0x4f50 schedule+0x158/0x330 schedule_preempt_disabled+0x15/0x30 __mutex_lock+0x75f/0xeb0 hugetlb_wp+0xf88/0x3440 hugetlb_fault+0x14c8/0x2c30 trace_clock_x86_tsc+0x20/0x20 do_user_addr_fault+0x61d/0x1490 exc_page_fault+0x64/0x100 asm_exc_page_fault+0x26/0x30 RIP: 0010:__put_user_4+0xd/0x20 copy_process+0x1f4a/0x3d60 kernel_clone+0x210/0x8f0 __x64_sys_clone+0x18d/0x1f0 do_syscall_64+0x6a/0x120 entry_SYSCALL_64_after_hwframe+0x76/0x7e RIP: 0033:0x41b26d </TASK> INFO: task repro_20250402_:13229 is blocked on a mutex likely owned by task repro_20250402_:13250. task:repro_20250402_ state:D stack:28288 pid:13250 tgid:13228 ppid:3513 task_flags:0x400040 flags:0x00000006 Call Trace: <TASK> __schedule+0x1755/0x4f50 schedule+0x158/0x330 io_schedule+0x92/0x110 folio_wait_bit_common+0x69a/0xba0 __filemap_get_folio+0x154/0xb70 hugetlb_fault+0xa50/0x2c30 trace_clock_x86_tsc+0x20/0x20 do_user_addr_fault+0xace/0x1490 exc_page_fault+0x64/0x100 asm_exc_page_fault+0x26/0x30 RIP: 0033:0x402619 </TASK> INFO: task repro_20250402_:13250 blocked for more than 65 seconds. Not tainted 6.15.0-rc3+ #24 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:repro_20250402_ state:D stack:28288 pid:13250 tgid:13228 ppid:3513 task_flags:0x400040 flags:0x00000006 Call Trace: <TASK> __schedule+0x1755/0x4f50 schedule+0x158/0x330 io_schedule+0x92/0x110 folio_wait_bit_common+0x69a/0xba0 __filemap_get_folio+0x154/0xb70 hugetlb_fault+0xa50/0x2c30 trace_clock_x86_tsc+0x20/0x20 do_user_addr_fault+0xace/0x1490 exc_page_fault+0x64/0x100 asm_exc_page_fault+0x26/0x30 RIP: 0033:0x402619 </TASK> Showing all locks held in the system: 1 lock held by khungtaskd/35: #0: ffffffff879a7440 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x30/0x180 2 locks held by repro_20250402_/13229: #0: ffff888017d801e0 (&mm->mmap_lock){++++}-{4:4}, at: lock_mm_and_find_vma+0x37/0x300 #1: ffff888000fec848 (&hugetlb_fault_mutex_table[i]){+.+.}-{4:4}, at: hugetlb_wp+0xf88/0x3440 3 locks held by repro_20250402_/13250: #0: ffff8880177f3d08 (vm_lock){++++}-{0:0}, at: do_user_addr_fault+0x41b/0x1490 #1: ffff888000fec848 (&hugetlb_fault_mutex_table[i]){+.+.}-{4:4}, at: hugetlb_fault+0x3b8/0x2c30 #2: ffff8880129500e8 (&resv_map->rw_sema){++++}-{4:4}, at: hugetlb_fault+0x494/0x2c30 Link: https://drive.google.com/file/d/1DVRnIW-vSayU5J1re9Ct_br3jJQU6Vpb/view?usp=… [1] Link: https://github.com/bboymimi/bpftracer/blob/master/scripts/hugetlb_lock_debu… [2] Link: https://drive.google.com/file/d/1bWq2-8o-BJAuhoHWX7zAhI6ggfhVzQUI/view?usp=… [3] Link: https://lkml.kernel.org/r/20250513093448.592150-1-gavinguo@igalia.com Fixes: 40549ba8f8e0 ("hugetlb: use new vma_lock for pmd sharing synchronization") Signed-off-by: Gavin Guo <gavinguo(a)igalia.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Florent Revest <revest(a)google.com> Cc: Gavin Shan <gshan(a)redhat.com> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: Oscar Salvador <osalvador(a)suse.de> Cc: Byungchul Park <byungchul(a)sk.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/hugetlb.c | 33 ++++++++++++++++++++++++++++----- 1 file changed, 28 insertions(+), 5 deletions(-) --- a/mm/hugetlb.c~mm-hugetlb-fix-a-deadlock-with-pagecache_folio-and-hugetlb_fault_mutex_table +++ a/mm/hugetlb.c @@ -6131,7 +6131,8 @@ static void unmap_ref_private(struct mm_ * Keep the pte_same checks anyway to make transition from the mutex easier. */ static vm_fault_t hugetlb_wp(struct folio *pagecache_folio, - struct vm_fault *vmf) + struct vm_fault *vmf, + bool *pagecache_folio_unlocked) { struct vm_area_struct *vma = vmf->vma; struct mm_struct *mm = vma->vm_mm; @@ -6229,6 +6230,22 @@ retry_avoidcopy: folio_put(old_folio); /* + * The pagecache_folio needs to be unlocked to avoid + * deadlock and we won't re-lock it in hugetlb_wp(). The + * pagecache_folio could be truncated after being + * unlocked. So its state should not be relied + * subsequently. + * + * Setting *pagecache_folio_unlocked to true allows the + * caller to handle any necessary logic related to the + * folio's unlocked state. + */ + if (pagecache_folio) { + folio_unlock(pagecache_folio); + if (pagecache_folio_unlocked) + *pagecache_folio_unlocked = true; + } + /* * Drop hugetlb_fault_mutex and vma_lock before * unmapping. unmapping needs to hold vma_lock * in write mode. Dropping vma_lock in read mode @@ -6581,7 +6598,7 @@ static vm_fault_t hugetlb_no_page(struct hugetlb_count_add(pages_per_huge_page(h), mm); if ((vmf->flags & FAULT_FLAG_WRITE) && !(vma->vm_flags & VM_SHARED)) { /* Optimization, do the COW without a second fault */ - ret = hugetlb_wp(folio, vmf); + ret = hugetlb_wp(folio, vmf, NULL); } spin_unlock(vmf->ptl); @@ -6653,6 +6670,7 @@ vm_fault_t hugetlb_fault(struct mm_struc struct hstate *h = hstate_vma(vma); struct address_space *mapping; int need_wait_lock = 0; + bool pagecache_folio_unlocked = false; struct vm_fault vmf = { .vma = vma, .address = address & huge_page_mask(h), @@ -6807,7 +6825,8 @@ vm_fault_t hugetlb_fault(struct mm_struc if (flags & (FAULT_FLAG_WRITE|FAULT_FLAG_UNSHARE)) { if (!huge_pte_write(vmf.orig_pte)) { - ret = hugetlb_wp(pagecache_folio, &vmf); + ret = hugetlb_wp(pagecache_folio, &vmf, + &pagecache_folio_unlocked); goto out_put_page; } else if (likely(flags & FAULT_FLAG_WRITE)) { vmf.orig_pte = huge_pte_mkdirty(vmf.orig_pte); @@ -6824,10 +6843,14 @@ out_put_page: out_ptl: spin_unlock(vmf.ptl); - if (pagecache_folio) { + /* + * If the pagecache_folio is unlocked in hugetlb_wp(), we skip + * folio_unlock() here. + */ + if (pagecache_folio && !pagecache_folio_unlocked) folio_unlock(pagecache_folio); + if (pagecache_folio) folio_put(pagecache_folio); - } out_mutex: hugetlb_vma_unlock_read(vma); _ Patches currently in -mm which might be from gavinguo(a)igalia.com are

4 months

1
0
0 0

[PATCH 1/1] alloc_tag: handle module codetag load errors as module load failures

by Suren Baghdasaryan

Failures inside codetag_load_module() are currently ignored. As a result an error there would not cause a module load failure and freeing of the associated resources. Correct this behavior by propagating the error code to the caller and handling possible errors. With this change, error to allocate percpu counters, which happens at this stage, will not be ignored and will cause a module load failure and freeing of resources. With this change we also do not need to disable memory allocation profiling when this error happens, instead we fail to load the module. Fixes: 10075262888b ("alloc_tag: allocate percpu counters for module tags dynamically") Reported-by: Casey Chen <cachen(a)purestorage.com> Closes: https://lore.kernel.org/all/20250520231620.15259-1-cachen@purestorage.com/ Signed-off-by: Suren Baghdasaryan <surenb(a)google.com> Cc: stable(a)vger.kernel.org --- include/linux/codetag.h | 8 ++++---- kernel/module/main.c | 5 +++-- lib/alloc_tag.c | 12 +++++++----- lib/codetag.c | 34 +++++++++++++++++++++++++--------- 4 files changed, 39 insertions(+), 20 deletions(-) diff --git a/include/linux/codetag.h b/include/linux/codetag.h index 0ee4c21c6dbc..5f2b9a1f722c 100644 --- a/include/linux/codetag.h +++ b/include/linux/codetag.h @@ -36,8 +36,8 @@ union codetag_ref { struct codetag_type_desc { const char *section; size_t tag_size; - void (*module_load)(struct module *mod, - struct codetag *start, struct codetag *end); + int (*module_load)(struct module *mod, + struct codetag *start, struct codetag *end); void (*module_unload)(struct module *mod, struct codetag *start, struct codetag *end); #ifdef CONFIG_MODULES @@ -89,7 +89,7 @@ void *codetag_alloc_module_section(struct module *mod, const char *name, unsigned long align); void codetag_free_module_sections(struct module *mod); void codetag_module_replaced(struct module *mod, struct module *new_mod); -void codetag_load_module(struct module *mod); +int codetag_load_module(struct module *mod); void codetag_unload_module(struct module *mod); #else /* defined(CONFIG_CODE_TAGGING) && defined(CONFIG_MODULES) */ @@ -103,7 +103,7 @@ codetag_alloc_module_section(struct module *mod, const char *name, unsigned long align) { return NULL; } static inline void codetag_free_module_sections(struct module *mod) {} static inline void codetag_module_replaced(struct module *mod, struct module *new_mod) {} -static inline void codetag_load_module(struct module *mod) {} +static inline int codetag_load_module(struct module *mod) { return 0; } static inline void codetag_unload_module(struct module *mod) {} #endif /* defined(CONFIG_CODE_TAGGING) && defined(CONFIG_MODULES) */ diff --git a/kernel/module/main.c b/kernel/module/main.c index 5c6ab20240a6..9861c2ac5fd5 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -3399,11 +3399,12 @@ static int load_module(struct load_info *info, const char __user *uargs, goto sysfs_cleanup; } + if (codetag_load_module(mod)) + goto sysfs_cleanup; + /* Get rid of temporary copy. */ free_copy(info, flags); - codetag_load_module(mod); - /* Done! */ trace_module_load(mod); diff --git a/lib/alloc_tag.c b/lib/alloc_tag.c index 45dae7da70e1..d48b80f3f007 100644 --- a/lib/alloc_tag.c +++ b/lib/alloc_tag.c @@ -607,15 +607,16 @@ static void release_module_tags(struct module *mod, bool used) mas_unlock(&mas); } -static void load_module(struct module *mod, struct codetag *start, struct codetag *stop) +static int load_module(struct module *mod, struct codetag *start, struct codetag *stop) { /* Allocate module alloc_tag percpu counters */ struct alloc_tag *start_tag; struct alloc_tag *stop_tag; struct alloc_tag *tag; + /* percpu counters for core allocations are already statically allocated */ if (!mod) - return; + return 0; start_tag = ct_to_alloc_tag(start); stop_tag = ct_to_alloc_tag(stop); @@ -627,12 +628,13 @@ static void load_module(struct module *mod, struct codetag *start, struct codeta free_percpu(tag->counters); tag->counters = NULL; } - shutdown_mem_profiling(true); - pr_err("Failed to allocate memory for allocation tag percpu counters in the module %s. Memory allocation profiling is disabled!\n", + pr_err("Failed to allocate memory for allocation tag percpu counters in the module %s\n", mod->name); - break; + return -ENOMEM; } } + + return 0; } static void replace_module(struct module *mod, struct module *new_mod) diff --git a/lib/codetag.c b/lib/codetag.c index de332e98d6f5..650d54d7e14d 100644 --- a/lib/codetag.c +++ b/lib/codetag.c @@ -167,6 +167,7 @@ static int codetag_module_init(struct codetag_type *cttype, struct module *mod) { struct codetag_range range; struct codetag_module *cmod; + int mod_id; int err; range = get_section_range(mod, cttype->desc.section); @@ -190,11 +191,20 @@ static int codetag_module_init(struct codetag_type *cttype, struct module *mod) cmod->range = range; down_write(&cttype->mod_lock); - err = idr_alloc(&cttype->mod_idr, cmod, 0, 0, GFP_KERNEL); - if (err >= 0) { - cttype->count += range_size(cttype, &range); - if (cttype->desc.module_load) - cttype->desc.module_load(mod, range.start, range.stop); + mod_id = idr_alloc(&cttype->mod_idr, cmod, 0, 0, GFP_KERNEL); + if (mod_id >= 0) { + if (cttype->desc.module_load) { + err = cttype->desc.module_load(mod, range.start, range.stop); + if (!err) + cttype->count += range_size(cttype, &range); + else + idr_remove(&cttype->mod_idr, mod_id); + } else { + cttype->count += range_size(cttype, &range); + err = 0; + } + } else { + err = mod_id; } up_write(&cttype->mod_lock); @@ -295,17 +305,23 @@ void codetag_module_replaced(struct module *mod, struct module *new_mod) mutex_unlock(&codetag_lock); } -void codetag_load_module(struct module *mod) +int codetag_load_module(struct module *mod) { struct codetag_type *cttype; + int ret = 0; if (!mod) - return; + return 0; mutex_lock(&codetag_lock); - list_for_each_entry(cttype, &codetag_types, link) - codetag_module_init(cttype, mod); + list_for_each_entry(cttype, &codetag_types, link) { + ret = codetag_module_init(cttype, mod); + if (ret) + break; + } mutex_unlock(&codetag_lock); + + return ret; } void codetag_unload_module(struct module *mod) base-commit: 9f3e87f6c8d4b28b96eb8bddb22d3ba4b846e10b -- 2.49.0.1112.g889b7c5bd8-goog

4 months

2
2
0 0

[PATCH v2 1/2] SUNRPC: Prevent hang on NFS mount with xprtsec=[m]tls

by cel＠kernel.org

From: Chuck Lever <chuck.lever(a)oracle.com> Engineers at Hammerspace noticed that sometimes mounting with "xprtsec=tls" hangs for a minute or so, and then times out, even when the NFS server is reachable and responsive. kTLS shuts off data_ready callbacks if strp->msg_ready is set to mitigate data_ready callbacks when a full TLS record is not yet ready to be read from the socket. Normally msg_ready is clear when the first TLS record arrives on a socket. However, I observed that sometimes tls_setsockopt() sets strp->msg_ready, and that prevents forward progress because tls_data_ready() becomes a no-op. Moreover, Jakub says: "If there's a full record queued at the time when [tlshd] passes the socket back to the kernel, it's up to the reader to read the already queued data out." So SunRPC cannot expect a data_ready call when ingress data is already waiting. Add an explicit poll after SunRPC's upper transport is set up to pick up any data that arrived after the TLS handshake but before transport set-up is complete. Reported-by: Steve Sears <sjs(a)hammerspace.com> Suggested-by: Jakub Kacinski <kuba(a)kernel.org> Fixes: 75eb6af7acdf ("SUNRPC: Add a TCP-with-TLS RPC transport class") Tested-by: Mike Snitzer <snitzer(a)kernel.org> Reviewed-by: Mike Snitzer <snitzer(a)kernel.org> Cc: stable(a)vger.kernel.org Signed-off-by: Chuck Lever <chuck.lever(a)oracle.com> --- net/sunrpc/xprtsock.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/net/sunrpc/xprtsock.c b/net/sunrpc/xprtsock.c index 83cc095846d3..4b10ecf4c265 100644 --- a/net/sunrpc/xprtsock.c +++ b/net/sunrpc/xprtsock.c @@ -2740,6 +2740,11 @@ static void xs_tcp_tls_setup_socket(struct work_struct *work) } rpc_shutdown_client(lower_clnt); + /* Check for ingress data that arrived before the socket's + * ->data_ready callback was set up. + */ + xs_poll_check_readable(upper_transport); + out_unlock: current_restore_flags(pflags, PF_MEMALLOC); upper_transport->clnt = NULL; -- 2.49.0

4 months

1
0
0 0

+ alloc_tag-handle-module-codetag-load-errors-as-module-load-failures.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: alloc_tag: handle module codetag load errors as module load failures has been added to the -mm mm-hotfixes-unstable branch. Its filename is alloc_tag-handle-module-codetag-load-errors-as-module-load-failures.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Suren Baghdasaryan <surenb(a)google.com> Subject: alloc_tag: handle module codetag load errors as module load failures Date: Wed, 21 May 2025 09:06:02 -0700 Failures inside codetag_load_module() are currently ignored. As a result an error there would not cause a module load failure and freeing of the associated resources. Correct this behavior by propagating the error code to the caller and handling possible errors. With this change, error to allocate percpu counters, which happens at this stage, will not be ignored and will cause a module load failure and freeing of resources. With this change we also do not need to disable memory allocation profiling when this error happens, instead we fail to load the module. Link: https://lkml.kernel.org/r/20250521160602.1940771-1-surenb@google.com Fixes: 10075262888b ("alloc_tag: allocate percpu counters for module tags dynamically") Signed-off-by: Suren Baghdasaryan <surenb(a)google.com> Reported-by: Casey Chen <cachen(a)purestorage.com> Closes: https://lore.kernel.org/all/20250520231620.15259-1-cachen@purestorage.com/ Cc: Daniel Gomez <da.gomez(a)samsung.com> Cc: David Wang <00107082(a)163.com> Cc: Kent Overstreet <kent.overstreet(a)linux.dev> Cc: Luis Chamberalin <mcgrof(a)kernel.org> Cc: Petr Pavlu <petr.pavlu(a)suse.com> Cc: Sami Tolvanen <samitolvanen(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/codetag.h | 8 ++++---- kernel/module/main.c | 5 +++-- lib/alloc_tag.c | 12 +++++++----- lib/codetag.c | 34 +++++++++++++++++++++++++--------- 4 files changed, 39 insertions(+), 20 deletions(-) --- a/include/linux/codetag.h~alloc_tag-handle-module-codetag-load-errors-as-module-load-failures +++ a/include/linux/codetag.h @@ -36,8 +36,8 @@ union codetag_ref { struct codetag_type_desc { const char *section; size_t tag_size; - void (*module_load)(struct module *mod, - struct codetag *start, struct codetag *end); + int (*module_load)(struct module *mod, + struct codetag *start, struct codetag *end); void (*module_unload)(struct module *mod, struct codetag *start, struct codetag *end); #ifdef CONFIG_MODULES @@ -89,7 +89,7 @@ void *codetag_alloc_module_section(struc unsigned long align); void codetag_free_module_sections(struct module *mod); void codetag_module_replaced(struct module *mod, struct module *new_mod); -void codetag_load_module(struct module *mod); +int codetag_load_module(struct module *mod); void codetag_unload_module(struct module *mod); #else /* defined(CONFIG_CODE_TAGGING) && defined(CONFIG_MODULES) */ @@ -103,7 +103,7 @@ codetag_alloc_module_section(struct modu unsigned long align) { return NULL; } static inline void codetag_free_module_sections(struct module *mod) {} static inline void codetag_module_replaced(struct module *mod, struct module *new_mod) {} -static inline void codetag_load_module(struct module *mod) {} +static inline int codetag_load_module(struct module *mod) { return 0; } static inline void codetag_unload_module(struct module *mod) {} #endif /* defined(CONFIG_CODE_TAGGING) && defined(CONFIG_MODULES) */ --- a/kernel/module/main.c~alloc_tag-handle-module-codetag-load-errors-as-module-load-failures +++ a/kernel/module/main.c @@ -3399,11 +3399,12 @@ static int load_module(struct load_info goto sysfs_cleanup; } + if (codetag_load_module(mod)) + goto sysfs_cleanup; + /* Get rid of temporary copy. */ free_copy(info, flags); - codetag_load_module(mod); - /* Done! */ trace_module_load(mod); --- a/lib/alloc_tag.c~alloc_tag-handle-module-codetag-load-errors-as-module-load-failures +++ a/lib/alloc_tag.c @@ -618,15 +618,16 @@ out: mas_unlock(&mas); } -static void load_module(struct module *mod, struct codetag *start, struct codetag *stop) +static int load_module(struct module *mod, struct codetag *start, struct codetag *stop) { /* Allocate module alloc_tag percpu counters */ struct alloc_tag *start_tag; struct alloc_tag *stop_tag; struct alloc_tag *tag; + /* percpu counters for core allocations are already statically allocated */ if (!mod) - return; + return 0; start_tag = ct_to_alloc_tag(start); stop_tag = ct_to_alloc_tag(stop); @@ -638,12 +639,13 @@ static void load_module(struct module *m free_percpu(tag->counters); tag->counters = NULL; } - shutdown_mem_profiling(true); - pr_err("Failed to allocate memory for allocation tag percpu counters in the module %s. Memory allocation profiling is disabled!\n", + pr_err("Failed to allocate memory for allocation tag percpu counters in the module %s\n", mod->name); - break; + return -ENOMEM; } } + + return 0; } static void replace_module(struct module *mod, struct module *new_mod) --- a/lib/codetag.c~alloc_tag-handle-module-codetag-load-errors-as-module-load-failures +++ a/lib/codetag.c @@ -167,6 +167,7 @@ static int codetag_module_init(struct co { struct codetag_range range; struct codetag_module *cmod; + int mod_id; int err; range = get_section_range(mod, cttype->desc.section); @@ -190,11 +191,20 @@ static int codetag_module_init(struct co cmod->range = range; down_write(&cttype->mod_lock); - err = idr_alloc(&cttype->mod_idr, cmod, 0, 0, GFP_KERNEL); - if (err >= 0) { - cttype->count += range_size(cttype, &range); - if (cttype->desc.module_load) - cttype->desc.module_load(mod, range.start, range.stop); + mod_id = idr_alloc(&cttype->mod_idr, cmod, 0, 0, GFP_KERNEL); + if (mod_id >= 0) { + if (cttype->desc.module_load) { + err = cttype->desc.module_load(mod, range.start, range.stop); + if (!err) + cttype->count += range_size(cttype, &range); + else + idr_remove(&cttype->mod_idr, mod_id); + } else { + cttype->count += range_size(cttype, &range); + err = 0; + } + } else { + err = mod_id; } up_write(&cttype->mod_lock); @@ -295,17 +305,23 @@ void codetag_module_replaced(struct modu mutex_unlock(&codetag_lock); } -void codetag_load_module(struct module *mod) +int codetag_load_module(struct module *mod) { struct codetag_type *cttype; + int ret = 0; if (!mod) - return; + return 0; mutex_lock(&codetag_lock); - list_for_each_entry(cttype, &codetag_types, link) - codetag_module_init(cttype, mod); + list_for_each_entry(cttype, &codetag_types, link) { + ret = codetag_module_init(cttype, mod); + if (ret) + break; + } mutex_unlock(&codetag_lock); + + return ret; } void codetag_unload_module(struct module *mod) _ Patches currently in -mm which might be from surenb(a)google.com are alloc_tag-allocate-percpu-counters-for-module-tags-dynamically.patch alloc_tag-handle-module-codetag-load-errors-as-module-load-failures.patch

4 months

1
0
0 0

dot files in cifs mounted share

by bd730c5053df9efb

Hi! I upgraded the stock kernel on my slackware machine from 5.15.161 to 6.12.16 and I realized that I was not being able to create dot files in a cifs mounted volume. I just updated the kernel to 6.12.29 and I find the same behavior. The share is exported from a samba machine whose smb.conf file is the following (redacted for privacy) [global] security = ADS workgroup = ADDOMAIN realm = ADDOMAIN.COM username map = /etc/samba/user.map kerberos method = secrets and keytab winbind refresh tickets = Yes winbind expand groups = 2 winbind offline logon = Yes # winbind enum users = Yes # winbind enum groups = Yes dedicated keytab file = /etc/krb5.keytab idmap config * : backend = tdb idmap config * : range = 3000-7999 idmap config addomain:backend = ad idmap config addomain:schema_mode = rfc2307 idmap config addomain:range = 10000-999999 idmap config addomain:unix_nss_info = Yes vfs objects = acl_xattr map acl inherit = Yes store dos attributes = Yes printing = CUPS log level = 1 auth:3 auth_audit:3 auth_json_audit:3 rpc_server:spoolss = external rpc_daemon:spoolssd = fork spoolssd:prefork_min_children = 5 spoolssd:prefork_max_children = 25 spoolssd:prefork_spawn_rate = 5 spoolssd:prefork_max_allowed_clients = 100 spoolssd:prefork_child_min_life = 60 ntlm auth = mschapv2-and-ntlmv2-only [printers] path = /var/spool/samba printable = Yes [print$] path = /srv/samba/printer_drivers read only = No [users] path = /home/users read only = No [Publicas] path = /home/shares/publicas read only = No The client is succesfully joined to the domain and the shares are mounted with the following parameters (redacted for privacy) //fileserver.addomain.com/Users/username on /home/username/.Documents type cifs (rw,relatime,vers=3.1.1,cache=strict,username=username,domain=ADDOMAIN,uid=11002,forceuid,gid=10513,forcegid,addr=192.168.25.6,file_mode=0755,dir_mode=0755,soft,nounix,serverino,mapposix,reparse=nfs,rsize=4194304,wsize=4194304,bsize=1048576,retrans=1,echo_interval=60,actimeo=1,closetimeo=1) //fileserver.addomain.com/Publicas on /home/username/Public type cifs (rw,relatime,vers=3.1.1,cache=strict,username=username,domain=ADDOMAIN,uid=11002,forceuid,gid=10513,forcegid,addr=192.168.25.6,file_mode=0755,dir_mode=0755,soft,nounix,serverino,mapposix,reparse=nfs,rsize=4194304,wsize=4194304,bsize=1048576,retrans=1,echo_interval=60,actimeo=1,closetimeo=1) If I issue the following command cd /home/username/.Documents/ touch .foo.bar (this file doesn't exist on the volume) I get the following error "touch: cannot touch '.foo.bar': Permission denied" When I increase the debug by issuing the following command all echo 7 > /proc/fs/cifs/cifsFYI All I get in dmesg is [ 2702.654271] CIFS: Status code returned 0xc0000034 STATUS_OBJECT_NAME_NOT_FOUND However the even weirder part is that on the "Publicas" volume I have no such issue cd /home/username/Public/ touch ./.foo.bar ls -alt -rwxr-xr-x 1 ADDOMAIN\username ADDOMAIN\domain users 0 may 21 14:57 .foo.bar If I boot back 5.15.161 I have no such problem. Thanks in advance! Best regards, Dave.

4 months

1
0
0 0

[PATCH] mmc: core: sd: Apply BROKEN_SD_DISCARD quirk earlier

by Avri Altman

Move the BROKEN_SD_DISCARD quirk for certain SanDisk SD cards from the `mmc_blk_fixups[]` to `mmc_sd_fixups[]`. This ensures the quirk is applied earlier in the device initialization process, aligning with the reasoning in [1]. Applying the quirk sooner prevents the kernel from incorrectly enabling discard support on affected cards during initial setup. [1] https://lore.kernel.org/all/20240820230631.GA436523@sony.com Fixes: 07d2872bf4c8 ("mmc: core: Add SD card quirk for broken discard") Signed-off-by: Avri Altman <avri.altman(a)sandisk.com> Cc: stable(a)vger.kernel.org --- drivers/mmc/core/quirks.h | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/drivers/mmc/core/quirks.h b/drivers/mmc/core/quirks.h index 7f893bafaa60..c417ed34c057 100644 --- a/drivers/mmc/core/quirks.h +++ b/drivers/mmc/core/quirks.h @@ -44,6 +44,12 @@ static const struct mmc_fixup __maybe_unused mmc_sd_fixups[] = { 0, -1ull, SDIO_ANY_ID, SDIO_ANY_ID, add_quirk_sd, MMC_QUIRK_NO_UHS_DDR50_TUNING, EXT_CSD_REV_ANY), + /* + * Some SD cards reports discard support while they don't + */ + MMC_FIXUP(CID_NAME_ANY, CID_MANFID_SANDISK_SD, 0x5344, add_quirk_sd, + MMC_QUIRK_BROKEN_SD_DISCARD), + END_FIXUP }; @@ -147,12 +153,6 @@ static const struct mmc_fixup __maybe_unused mmc_blk_fixups[] = { MMC_FIXUP("M62704", CID_MANFID_KINGSTON, 0x0100, add_quirk_mmc, MMC_QUIRK_TRIM_BROKEN), - /* - * Some SD cards reports discard support while they don't - */ - MMC_FIXUP(CID_NAME_ANY, CID_MANFID_SANDISK_SD, 0x5344, add_quirk_sd, - MMC_QUIRK_BROKEN_SD_DISCARD), - END_FIXUP }; -- 2.25.1

4 months

3
2
0 0

[PATCH 5.15 0/1] Oopses on module unload seen on 5.15-rc

by Fedor Pchelkin

A followup to the similar patch sent to 6.1.y: https://lore.kernel.org/stable/20250521165909.834545-1-pchelkin@ispras.ru/ commit 959cadf09dbae7b304f03e039b8d8e13c529e2dd Author: Peter Zijlstra <peterz(a)infradead.org> Date: Mon Oct 14 10:05:48 2024 -0700 x86/its: Use dynamic thunks for indirect branches commit 872df34d7c51a79523820ea6a14860398c639b87 upstream. being ported to 5.15.y would lead to kernel crashes there after module unload operations. As mentioned in the blamed patch comment describing the backport adaptations: [ pawan: CONFIG_EXECMEM and CONFIG_EXECMEM_ROX are not supported on backport kernel, made changes to use module_alloc() and set_memory_*() for dynamic thunks. ] module_alloc/module_memfree in conjunction with memory protection routines were used. The allocated memory is vmalloc-based, and it ends up being ROX upon release inside its_free_mod(). Freeing of special permissioned memory in vmalloc requires its own handling. VM_FLUSH_RESET_PERMS flag was introduced for these purposes. In-kernel users dealing with the stuff had to care about this explicitly before commit 4c4eb3ecc91f ("x86/modules: Set VM_FLUSH_RESET_PERMS in module_alloc()"). It fixes the current problem. More recent kernels starting from 6.2 have the commit and are not affected. Found by Linux Verification Center (linuxtesting.org). Thomas Gleixner (1): x86/modules: Set VM_FLUSH_RESET_PERMS in module_alloc() arch/x86/kernel/ftrace.c | 2 -- arch/x86/kernel/kprobes/core.c | 1 - arch/x86/kernel/module.c | 9 +++++---- 3 files changed, 5 insertions(+), 7 deletions(-) -- 2.49.0

4 months

1
1
0 0

Re: [PATCH v1] virtio_blk: Fix disk deletion hang on device surprise removal

by Michael S. Tsirkin

On Wed, May 21, 2025 at 06:37:41AM +0000, Parav Pandit wrote: > When the PCI device is surprise removed, requests may not complete > the device as the VQ is marked as broken. Due to this, the disk > deletion hangs. > > Fix it by aborting the requests when the VQ is broken. > > With this fix now fio completes swiftly. > An alternative of IO timeout has been considered, however > when the driver knows about unresponsive block device, swiftly clearing > them enables users and upper layers to react quickly. > > Verified with multiple device unplug iterations with pending requests in > virtio used ring and some pending with the device. > > Fixes: 43bb40c5b926 ("virtio_pci: Support surprise removal of virtio pci device") > Cc: stable(a)vger.kernel.org > Reported-by: lirongqing(a)baidu.com > Closes: https://lore.kernel.org/virtualization/c45dd68698cd47238c55fb73ca9b4741@bai… > Reviewed-by: Max Gurtovoy <mgurtovoy(a)nvidia.com> > Reviewed-by: Israel Rukshin <israelr(a)nvidia.com> > Signed-off-by: Parav Pandit <parav(a)nvidia.com> > --- > changelog: > v0->v1: > - Fixed comments from Stefan to rename a cleanup function > - Improved logic for handling any outstanding requests > in bio layer > - improved cancel callback to sync with ongoing done() thanks for the patch! questions: > --- > drivers/block/virtio_blk.c | 95 ++++++++++++++++++++++++++++++++++++++ > 1 file changed, 95 insertions(+) > > diff --git a/drivers/block/virtio_blk.c b/drivers/block/virtio_blk.c > index 7cffea01d868..5212afdbd3c7 100644 > --- a/drivers/block/virtio_blk.c > +++ b/drivers/block/virtio_blk.c > @@ -435,6 +435,13 @@ static blk_status_t virtio_queue_rq(struct blk_mq_hw_ctx *hctx, > blk_status_t status; > int err; > > + /* Immediately fail all incoming requests if the vq is broken. > + * Once the queue is unquiesced, upper block layer flushes any pending > + * queued requests; fail them right away. > + */ > + if (unlikely(virtqueue_is_broken(vblk->vqs[qid].vq))) > + return BLK_STS_IOERR; > + > status = virtblk_prep_rq(hctx, vblk, req, vbr); > if (unlikely(status)) > return status; just below this: spin_lock_irqsave(&vblk->vqs[qid].lock, flags); err = virtblk_add_req(vblk->vqs[qid].vq, vbr); if (err) { and virtblk_add_req calls virtqueue_add_sgs, so it will fail on a broken vq. Why do we need to check it one extra time here? > @@ -508,6 +515,11 @@ static void virtio_queue_rqs(struct rq_list *rqlist) > while ((req = rq_list_pop(rqlist))) { > struct virtio_blk_vq *this_vq = get_virtio_blk_vq(req->mq_hctx); > > + if (unlikely(virtqueue_is_broken(this_vq->vq))) { > + rq_list_add_tail(&requeue_list, req); > + continue; > + } > + > if (vq && vq != this_vq) > virtblk_add_req_batch(vq, &submit_list); > vq = this_vq; similarly > @@ -1554,6 +1566,87 @@ static int virtblk_probe(struct virtio_device *vdev) > return err; > } > > +static bool virtblk_request_cancel(struct request *rq, void *data) > +{ > + struct virtblk_req *vbr = blk_mq_rq_to_pdu(rq); > + struct virtio_blk *vblk = data; > + struct virtio_blk_vq *vq; > + unsigned long flags; > + > + vq = &vblk->vqs[rq->mq_hctx->queue_num]; > + > + spin_lock_irqsave(&vq->lock, flags); > + > + vbr->in_hdr.status = VIRTIO_BLK_S_IOERR; > + if (blk_mq_request_started(rq) && !blk_mq_request_completed(rq)) > + blk_mq_complete_request(rq); > + > + spin_unlock_irqrestore(&vq->lock, flags); > + return true; > +} > + > +static void virtblk_broken_device_cleanup(struct virtio_blk *vblk) > +{ > + struct request_queue *q = vblk->disk->queue; > + > + if (!virtqueue_is_broken(vblk->vqs[0].vq)) > + return; > + > + /* Start freezing the queue, so that new requests keeps waitng at the > + * door of bio_queue_enter(). We cannot fully freeze the queue because > + * freezed queue is an empty queue and there are pending requests, so > + * only start freezing it. > + */ > + blk_freeze_queue_start(q); > + > + /* When quiescing completes, all ongoing dispatches have completed > + * and no new dispatch will happen towards the driver. > + * This ensures that later when cancel is attempted, then are not > + * getting processed by the queue_rq() or queue_rqs() handlers. > + */ > + blk_mq_quiesce_queue(q); > + > + /* > + * Synchronize with any ongoing VQ callbacks, effectively quiescing > + * the device and preventing it from completing further requests > + * to the block layer. Any outstanding, incomplete requests will be > + * completed by virtblk_request_cancel(). > + */ > + virtio_synchronize_cbs(vblk->vdev); > + > + /* At this point, no new requests can enter the queue_rq() and > + * completion routine will not complete any new requests either for the > + * broken vq. Hence, it is safe to cancel all requests which are > + * started. > + */ > + blk_mq_tagset_busy_iter(&vblk->tag_set, virtblk_request_cancel, vblk); > + blk_mq_tagset_wait_completed_request(&vblk->tag_set); > + > + /* All pending requests are cleaned up. Time to resume so that disk > + * deletion can be smooth. Start the HW queues so that when queue is > + * unquiesced requests can again enter the driver. > + */ > + blk_mq_start_stopped_hw_queues(q, true); > + > + /* Unquiescing will trigger dispatching any pending requests to the > + * driver which has crossed bio_queue_enter() to the driver. > + */ > + blk_mq_unquiesce_queue(q); > + > + /* Wait for all pending dispatches to terminate which may have been > + * initiated after unquiescing. > + */ > + blk_mq_freeze_queue_wait(q); > + > + /* Mark the disk dead so that once queue unfreeze, the requests > + * waiting at the door of bio_queue_enter() can be aborted right away. > + */ > + blk_mark_disk_dead(vblk->disk); > + > + /* Unfreeze the queue so that any waiting requests will be aborted. */ > + blk_mq_unfreeze_queue_nomemrestore(q); > +} > + > static void virtblk_remove(struct virtio_device *vdev) > { > struct virtio_blk *vblk = vdev->priv; > @@ -1561,6 +1654,8 @@ static void virtblk_remove(struct virtio_device *vdev) > /* Make sure no work handler is accessing the device. */ > flush_work(&vblk->config_work); > > + virtblk_broken_device_cleanup(vblk); > + > del_gendisk(vblk->disk); > blk_mq_free_tag_set(&vblk->tag_set); > > -- > 2.34.1

4 months

2
8
0 0

FAILED: patch "[PATCH] drm/amdgpu: read back register after written for VCN v4.0.5" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x ee7360fc27d6045510f8fe459b5649b2af27811a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025052140-handsaw-train-2343@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ee7360fc27d6045510f8fe459b5649b2af27811a Mon Sep 17 00:00:00 2001 From: "David (Ming Qiang) Wu" <David.Wu3(a)amd.com> Date: Mon, 12 May 2025 15:14:43 -0400 Subject: [PATCH] drm/amdgpu: read back register after written for VCN v4.0.5 On VCN v4.0.5 there is a race condition where the WPTR is not updated after starting from idle when doorbell is used. Adding register read-back after written at function end is to ensure all register writes are done before they can be used. Closes: https://gitlab.freedesktop.org/mesa/mesa/-/issues/12528 Signed-off-by: David (Ming Qiang) Wu <David.Wu3(a)amd.com> Reviewed-by: Mario Limonciello <mario.limonciello(a)amd.com> Tested-by: Mario Limonciello <mario.limonciello(a)amd.com> Reviewed-by: Alex Deucher <alexander.deucher(a)amd.com> Reviewed-by: Ruijing Dong <ruijing.dong(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> (cherry picked from commit 07c9db090b86e5211188e1b351303fbc673378cf) Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/amdgpu/vcn_v4_0_5.c b/drivers/gpu/drm/amd/amdgpu/vcn_v4_0_5.c index a1171e6152ed..f11df9c2ec13 100644 --- a/drivers/gpu/drm/amd/amdgpu/vcn_v4_0_5.c +++ b/drivers/gpu/drm/amd/amdgpu/vcn_v4_0_5.c @@ -1023,6 +1023,10 @@ static int vcn_v4_0_5_start_dpg_mode(struct amdgpu_vcn_inst *vinst, ring->doorbell_index << VCN_RB1_DB_CTRL__OFFSET__SHIFT | VCN_RB1_DB_CTRL__EN_MASK); + /* Keeping one read-back to ensure all register writes are done, otherwise + * it may introduce race conditions */ + RREG32_SOC15(VCN, inst_idx, regVCN_RB1_DB_CTRL); + return 0; } @@ -1205,6 +1209,10 @@ static int vcn_v4_0_5_start(struct amdgpu_vcn_inst *vinst) WREG32_SOC15(VCN, i, regVCN_RB_ENABLE, tmp); fw_shared->sq.queue_mode &= ~(FW_QUEUE_RING_RESET | FW_QUEUE_DPG_HOLD_OFF); + /* Keeping one read-back to ensure all register writes are done, otherwise + * it may introduce race conditions */ + RREG32_SOC15(VCN, i, regVCN_RB_ENABLE); + return 0; }

4 months

1
0
0 0

FAILED: patch "[PATCH] drm/amdgpu: read back register after written for VCN v4.0.5" failed to apply to 6.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.14.y git checkout FETCH_HEAD git cherry-pick -x ee7360fc27d6045510f8fe459b5649b2af27811a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025052139-turkey-gumminess-1680@gregkh' --subject-prefix 'PATCH 6.14.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ee7360fc27d6045510f8fe459b5649b2af27811a Mon Sep 17 00:00:00 2001 From: "David (Ming Qiang) Wu" <David.Wu3(a)amd.com> Date: Mon, 12 May 2025 15:14:43 -0400 Subject: [PATCH] drm/amdgpu: read back register after written for VCN v4.0.5 On VCN v4.0.5 there is a race condition where the WPTR is not updated after starting from idle when doorbell is used. Adding register read-back after written at function end is to ensure all register writes are done before they can be used. Closes: https://gitlab.freedesktop.org/mesa/mesa/-/issues/12528 Signed-off-by: David (Ming Qiang) Wu <David.Wu3(a)amd.com> Reviewed-by: Mario Limonciello <mario.limonciello(a)amd.com> Tested-by: Mario Limonciello <mario.limonciello(a)amd.com> Reviewed-by: Alex Deucher <alexander.deucher(a)amd.com> Reviewed-by: Ruijing Dong <ruijing.dong(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> (cherry picked from commit 07c9db090b86e5211188e1b351303fbc673378cf) Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/amdgpu/vcn_v4_0_5.c b/drivers/gpu/drm/amd/amdgpu/vcn_v4_0_5.c index a1171e6152ed..f11df9c2ec13 100644 --- a/drivers/gpu/drm/amd/amdgpu/vcn_v4_0_5.c +++ b/drivers/gpu/drm/amd/amdgpu/vcn_v4_0_5.c @@ -1023,6 +1023,10 @@ static int vcn_v4_0_5_start_dpg_mode(struct amdgpu_vcn_inst *vinst, ring->doorbell_index << VCN_RB1_DB_CTRL__OFFSET__SHIFT | VCN_RB1_DB_CTRL__EN_MASK); + /* Keeping one read-back to ensure all register writes are done, otherwise + * it may introduce race conditions */ + RREG32_SOC15(VCN, inst_idx, regVCN_RB1_DB_CTRL); + return 0; } @@ -1205,6 +1209,10 @@ static int vcn_v4_0_5_start(struct amdgpu_vcn_inst *vinst) WREG32_SOC15(VCN, i, regVCN_RB_ENABLE, tmp); fw_shared->sq.queue_mode &= ~(FW_QUEUE_RING_RESET | FW_QUEUE_DPG_HOLD_OFF); + /* Keeping one read-back to ensure all register writes are done, otherwise + * it may introduce race conditions */ + RREG32_SOC15(VCN, i, regVCN_RB_ENABLE); + return 0; }

4 months

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Defer BW-optimization-blocked DRR" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 874697e127931bf50a37ce9d96ee80f3a08a0c38 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051956-disdain-foyer-a53c@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 874697e127931bf50a37ce9d96ee80f3a08a0c38 Mon Sep 17 00:00:00 2001 From: John Olender <john.olender(a)gmail.com> Date: Wed, 16 Apr 2025 02:54:26 -0400 Subject: [PATCH] drm/amd/display: Defer BW-optimization-blocked DRR adjustments [Why & How] Instead of dropping DRR updates, defer them. This fixes issues where monitor continues to see incorrect refresh rate after VRR was turned off by userspace. Fixes: 32953485c558 ("drm/amd/display: Do not update DRR while BW optimizations pending") Link: https://gitlab.freedesktop.org/drm/amd/-/issues/3546 Reviewed-by: Sun peng Li <sunpeng.li(a)amd.com> Signed-off-by: John Olender <john.olender(a)gmail.com> Signed-off-by: Aurabindo Pillai <aurabindo.pillai(a)amd.com> Signed-off-by: Ray Wu <ray.wu(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> (cherry picked from commit 53761b7ecd83e6fbb9f2206f8c980a6aa308c844) Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c index 1525c408d452..cc01b9c68b47 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c @@ -372,6 +372,8 @@ get_crtc_by_otg_inst(struct amdgpu_device *adev, static inline bool is_dc_timing_adjust_needed(struct dm_crtc_state *old_state, struct dm_crtc_state *new_state) { + if (new_state->stream->adjust.timing_adjust_pending) + return true; if (new_state->freesync_config.state == VRR_STATE_ACTIVE_FIXED) return true; else if (amdgpu_dm_crtc_vrr_active(old_state) != amdgpu_dm_crtc_vrr_active(new_state)) diff --git a/drivers/gpu/drm/amd/display/dc/core/dc.c b/drivers/gpu/drm/amd/display/dc/core/dc.c index 28d1353f403d..ba4ce8a63158 100644 --- a/drivers/gpu/drm/amd/display/dc/core/dc.c +++ b/drivers/gpu/drm/amd/display/dc/core/dc.c @@ -439,9 +439,12 @@ bool dc_stream_adjust_vmin_vmax(struct dc *dc, * Don't adjust DRR while there's bandwidth optimizations pending to * avoid conflicting with firmware updates. */ - if (dc->ctx->dce_version > DCE_VERSION_MAX) - if (dc->optimized_required || dc->wm_optimized_required) + if (dc->ctx->dce_version > DCE_VERSION_MAX) { + if (dc->optimized_required || dc->wm_optimized_required) { + stream->adjust.timing_adjust_pending = true; return false; + } + } dc_exit_ips_for_hw_access(dc); @@ -3168,7 +3171,8 @@ static void copy_stream_update_to_stream(struct dc *dc, if (update->crtc_timing_adjust) { if (stream->adjust.v_total_min != update->crtc_timing_adjust->v_total_min || - stream->adjust.v_total_max != update->crtc_timing_adjust->v_total_max) + stream->adjust.v_total_max != update->crtc_timing_adjust->v_total_max || + stream->adjust.timing_adjust_pending) update->crtc_timing_adjust->timing_adjust_pending = true; stream->adjust = *update->crtc_timing_adjust; update->crtc_timing_adjust->timing_adjust_pending = false;

4 months

2
1
0 0

Random Crashes in Linux Kernel 6.1.139 on Intel Cascadelake/Icelake Due to ITS Mitigation

by Jinpu Wang

Hi Folks, Bug Description: When running Linux kernel version 6.1.139 on Intel Cascadelake/Icelake processors, systems experience random crashes related to mitigation. These crashes do not occur when booted with indirect_target_selection=off or when using kernel version 6.12.29. The crashes manifest as page faults leading to a kernel panic. System Details: Kernel Version: 6.1.139 or 6.1.118 with the ITS migration patches from 6.1.139 Hardware: Intel Cascadelake/Icelake Steps to Reproduce: Boot a system with Intel Cascadelake/Icelake processors using Linux kernel 6.1.139. Allow the system to run standard operations; crashes appear randomly. Notice that crashes do not occur when booted with indirect_target_selection=off. also works fine on Intel servers with Broadwell or Skylake CPU linux kernel 6.1.139 crash due to its mitigation on Intel Cascadelake/Icelake, the crash seems random, eg I've seen crashing like below: May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.207823] BUG: unable to handle page fault for address: ff1ac0d89d45f8c0 May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.212762] #PF: supervisor write access in kernel mode May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.217741] #PF: error_code(0x0003) - permissions violation May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.222708] PGD 5341c01067 P4D 5341c02067 PUD 211835063 PMD 21d44f063 PTE 800000021d45f161 May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.227831] Oops: 0003 [#1] PREEMPT SMP May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.233002] CPU: 12 PID: 0 Comm: swapper/12 Kdump: loaded Tainted: G O 6.1.139-pserver #6.1.139-1+feature+linux+6.1.y+20250521.1015+45a526cf~deb12 May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.244731] Hardware name: Dell Inc. PowerEdge R650/0PYXKY, BIOS 1.9.2 11/17/2022 May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.250583] RIP: 0010:__build_skb_around+0x79/0xc0 May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.256492] Code: 00 00 00 00 89 85 bc 00 00 00 66 89 95 b6 00 00 00 66 89 8d b2 00 00 00 65 8b 15 c2 5b 90 48 48 8d 34 03 66 89 95 a0 00 00 00 <48> c7 06 00 00 00 00 48 c7 46 08 00 00 00 00 48 c7 46 10 00 00 00 May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.269200] RSP: 0018:ff409de44cdf4d28 EFLAGS: 00010206 May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.275492] RAX: 00000000000006c0 RBX: ff1ac0d89d45f200 RCX: 00000000ffffffff May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.281987] RDX: 000000000000000c RSI: ff1ac0d89d45f8c0 RDI: ff1ac0d7886a8000 May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.288943] RBP: ff1ac0d7886a8000 R08: 0000000000000006 R09: ff1ac11708ffc0b8 May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.295838] R10: ffffffffb86060c0 R11: ff1ac0d8c02d7000 R12: ff1ac0d89d45f200 May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.302796] R13: ff1ac0d839a20000 R14: ff1ac0d89d1241d0 R15: 0000000000000000 May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.309496] FS: 0000000000000000(0000) GS:ff1ac116fef80000(0000) knlGS:0000000000000000 May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.315978] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.322411] CR2: ff1ac0d89d45f8c0 CR3: 000000534060a005 CR4: 0000000000771ee0 May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.329030] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.336289] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.343624] PKRU: 55555554 May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.350175] Call Trace: May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.356777] <IRQ> May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.363585] build_skb+0x41/0xe0 May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.370198] mlx5e_skb_from_cqe_nonlinear+0x20a/0x3b0 [mlx5_core] May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.377107] mlx5i_handle_rx_cqe+0x311/0x450 [mlx5_core] May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.384273] mlx5e_poll_rx_cq+0x437/0x450 [mlx5_core] May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.392409] mlx5e_napi_poll+0xe4/0x710 [mlx5_core] May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.399293] __napi_poll+0x28/0x160 May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.406107] net_rx_action+0x29c/0x2f0 May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.412790] handle_softirqs+0xcf/0x270 May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.419895] irq_exit_rcu+0x85/0xb0 May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.427245] common_interrupt+0x82/0xa0 May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.434181] </IRQ> May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.442032] <TASK> May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.448577] asm_common_interrupt+0x22/0x40 May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.455431] RIP: 0010:cpuidle_enter_state+0xd8/0x420 and below: kern.alert: May 21 05:59:31 ps404a-1 kernel: [ 35.775609] #PF: error_code(0x0003) - permissions violation kern.info: May 21 05:59:31 ps404a-1 kernel: [ 35.775740] PGD 251ac01067 P4D 251ac01067 PUD 1b17dd063 PMD 6098b1f063 PTE 8000000153faf161 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.775910] Oops: 0003 [#1] PREEMPT SMP kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.776036] CPU: 54 PID: 3109 Comm: (spawn) Tainted: G O 6.1.118-pserver #6.1.118-9+develop+20250520.1233+48c89f78~deb 12 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.776218] Hardware name: RAUSCH CoreVPS-Gen2-STG/X11DDW-NT, BIOS 3.3 02/21/2020 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.776382] RIP: 0010:__tlb_remove_page_size+0x64/0x90 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.776515] Code: c3 cc cc cc cc 83 7f 1c 13 74 39 31 f6 bf 00 28 00 00 e8 3f 27 01 00 48 85 c0 74 28 48 b9 00 00 00 00 fe 01 00 00 83 43 1c 01 <48> c7 00 00 00 00 00 48 89 48 08 48 8b 53 20 48 89 02 48 89 43 20 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.776746] RSP: 0018:ffffb15a5d563a70 EFLAGS: 00010202 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.776876] RAX: ffff8ad4d3faf000 RBX: ffffb15a5d563c88 RCX: 000001fe00000000 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.777013] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8b3240b317c0 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.777149] RBP: 000055a0e8f5f000 R08: 0000000000000100 R09: 000055a0e9011fff kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.777285] R10: ffffb15a5d563a08 R11: 0000000000000025 R12: ffffeff344443300 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.777421] R13: ffffb15a5d563b90 R14: ffff8ad50c2faaf8 R15: 00000001110cc025 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.777557] FS: 0000000000000000(0000) GS:ffff8b3240b00000(0000) knlGS:0000000000000000 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.777724] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.777855] CR2: ffff8ad4d3faf000 CR3: 000000018c2f8002 CR4: 00000000007706e0 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.777991] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.778126] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.778262] PKRU: 55555554 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.778382] Call Trace: kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.778502] <TASK> kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.778621] ? __die_body.cold+0x1a/0x1f kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.778749] ? page_fault_oops+0x15a/0x2b0 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.778875] ? search_module_extables+0x15/0x60 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.779004] ? search_bpf_extables+0x5b/0x80 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.779150] ? exc_page_fault+0x8d/0x120 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.779277] ? asm_exc_page_fault+0x22/0x30 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.779536] unmap_page_range+0x8f0/0x1370 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.779667] unmap_vmas+0xea/0x180 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.779794] exit_mmap+0xcb/0x2e0 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.779919] __mmput+0x3d/0x110 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.780045] begin_new_exec+0x46f/0xaf0 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.780173] ? load_elf_phdrs+0x6c/0xc0 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.780312] load_elf_binary+0x2c2/0x1750 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.780438] ? __kernel_read+0x195/0x290 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.780564] bprm_execve+0x27f/0x650 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.780689] do_execveat_common.isra.0+0x1ad/0x220 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.780818] __x64_sys_execve+0x32/0x40 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.780944] do_syscall_64+0x34/0x80 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.781070] entry_SYSCALL_64_after_hwframe+0x6e/0xd8 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.781200] RIP: 0033:0x7f1d66e70ad7 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.781325] Code: Unable to access opcode bytes at 0x7f1d66e70aad. kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.789385] RSP: 002b:00007ffceeb31338 EFLAGS: 00000206 ORIG_RAX: 000000000000003b kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.789552] RAX: ffffffffffffffda RBX: 000055a11a55e4b0 RCX: 00007f1d66e70ad7 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.789688] RDX: 000055a11a50f200 RSI: 000055a11a6c2d60 RDI: 000055a11a5748c0 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.789825] RBP: 00007ffceeb31570 R08: 0000000000000007 R09: 000055a11a6b1fa0 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.789962] R10: 0000000000000000 R11: 0000000000000206 R12: 00007ffceeb35570 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.790098] R13: 000000000aba9500 R14: 00007ffceeb313b0 R15: 000055a11a6c2d60 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.790237] </TASK> kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.790367] Modules linked in: mei watchdog led_class pcc_cpufreq(-) dca acpi_pad button andbd_shared(O+) 8021q garp stp mrp llc dm_mod dax fuse ip_tables x_tables autofs4 loop raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 linear md_mod mlx5_core i2c_i801 crc32c_intel xhci_pci mlxfw i2c_smbus i40e lpc_ich i2c_core mfd_core xhci_hcd kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.790742] CR2: ffff8ad4d3faf000 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.790864] ---[ end trace 0000000000000000 ]--- kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 36.457953] RIP: 0010:__tlb_remove_page_size+0x64/0x90 Any idea what went wrong and how to fix it? Thanks! Jinpu Wang

4 months

1
0
0 0

[PATCH 0/2] usb: usbtmc: Fix read/get_stb and timeout in get_stb

by Dave Penkler

Patch 1: Fixes a regression introduced by a previous commit where the changed return value of usbtmc_get_stb caused usbtmc488_ioctl_read_stb and the USBTMC_IOCTL_GET_STB ioctl to fail. Patch 2: Fixes the units of the timeout value passed to wait_event_interruptible_timeout in usbtmc_get_stb. Dave Penkler (2): usb: usbtmc: Fix read_stb function and get_stb ioctl usb: usbtmc: Fix timeout value in get_stb drivers/usb/class/usbtmc.c | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) -- 2.49.0

4 months

1
3
0 0

patch "iio: adc: ad7944: mask high bits on direct read" added to char-misc-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: adc: ad7944: mask high bits on direct read to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. From 7cdfbc0113d087348b8e65dd79276d0f57b89a10 Mon Sep 17 00:00:00 2001 From: David Lechner <dlechner(a)baylibre.com> Date: Mon, 5 May 2025 13:28:40 -0500 Subject: iio: adc: ad7944: mask high bits on direct read MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Apply a mask to the raw value received over the SPI bus for unsigned direct reads. As we found recently, SPI controllers may not set unused bits to 0 when reading with bits_per_word != {8,16,32}. The ad7944 uses bits_per_word of 14 and 18, so we need to mask the value to be sure we returning the correct value to userspace during a direct read. Fixes: d1efcf8871db ("iio: adc: ad7944: add driver for AD7944/AD7985/AD7986") Signed-off-by: David Lechner <dlechner(a)baylibre.com> Reviewed-by: Nuno Sá <nuno.sa(a)analog.com> Link: https://patch.msgid.link/20250505-iio-adc-ad7944-max-high-bits-on-direct-re… Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/adc/ad7944.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/iio/adc/ad7944.c b/drivers/iio/adc/ad7944.c index 2f949fe55873..37a137bd8357 100644 --- a/drivers/iio/adc/ad7944.c +++ b/drivers/iio/adc/ad7944.c @@ -377,6 +377,8 @@ static int ad7944_single_conversion(struct ad7944_adc *adc, if (chan->scan_type.sign == 's') *val = sign_extend32(*val, chan->scan_type.realbits - 1); + else + *val &= GENMASK(chan->scan_type.realbits - 1, 0); return IIO_VAL_INT; } -- 2.49.0

4 months

1
0
0 0

patch "iio: imu: inv_icm42600: Fix temperature calculation" added to char-misc-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: imu: inv_icm42600: Fix temperature calculation to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. From e2f820014239df9360064079ae93f838ff3b7f8c Mon Sep 17 00:00:00 2001 From: Sean Nyekjaer <sean(a)geanix.com> Date: Fri, 2 May 2025 11:37:26 +0200 Subject: iio: imu: inv_icm42600: Fix temperature calculation >From the documentation: "offset to be added to <type>[Y]_raw prior toscaling by <type>[Y]_scale" Offset should be applied before multiplying scale, so divide offset by scale to make this correct. Fixes: bc3eb0207fb5 ("iio: imu: inv_icm42600: add temperature sensor support") Signed-off-by: Sean Nyekjaer <sean(a)geanix.com> Acked-by: Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> Link: https://patch.msgid.link/20250502-imu-v1-1-129b8391a4e3@geanix.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c b/drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c index 213cce1c3111..91f0f381082b 100644 --- a/drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c +++ b/drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c @@ -67,16 +67,18 @@ int inv_icm42600_temp_read_raw(struct iio_dev *indio_dev, return IIO_VAL_INT; /* * T°C = (temp / 132.48) + 25 - * Tm°C = 1000 * ((temp * 100 / 13248) + 25) + * Tm°C = 1000 * ((temp / 132.48) + 25) + * Tm°C = 7.548309 * temp + 25000 + * Tm°C = (temp + 3312) * 7.548309 * scale: 100000 / 13248 ~= 7.548309 - * offset: 25000 + * offset: 3312 */ case IIO_CHAN_INFO_SCALE: *val = 7; *val2 = 548309; return IIO_VAL_INT_PLUS_MICRO; case IIO_CHAN_INFO_OFFSET: - *val = 25000; + *val = 3312; return IIO_VAL_INT; default: return -EINVAL; -- 2.49.0

4 months

1
0
0 0

patch "iio: adc: ad7606_spi: fix reg write value mask" added to char-misc-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: adc: ad7606_spi: fix reg write value mask to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. From 89944d88f8795c6c89b9514cb365998145511cd4 Mon Sep 17 00:00:00 2001 From: David Lechner <dlechner(a)baylibre.com> Date: Mon, 28 Apr 2025 20:55:34 -0500 Subject: iio: adc: ad7606_spi: fix reg write value mask Fix incorrect value mask for register write. Register values are 8-bit, not 9. If this function was called with a value > 0xFF and an even addr, it would cause writing to the next register. Fixes: f2a22e1e172f ("iio: adc: ad7606: Add support for software mode for ad7616") Signed-off-by: David Lechner <dlechner(a)baylibre.com> Reviewed-by: Angelo Dureghello <adureghello(a)baylibre.com> Link: https://patch.msgid.link/20250428-iio-adc-ad7606_spi-fix-write-value-mask-v… Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/adc/ad7606_spi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/iio/adc/ad7606_spi.c b/drivers/iio/adc/ad7606_spi.c index 179115e90988..b37458ce3c70 100644 --- a/drivers/iio/adc/ad7606_spi.c +++ b/drivers/iio/adc/ad7606_spi.c @@ -155,7 +155,7 @@ static int ad7606_spi_reg_write(struct ad7606_state *st, struct spi_device *spi = to_spi_device(st->dev); st->d16[0] = cpu_to_be16((st->bops->rd_wr_cmd(addr, 1) << 8) | - (val & 0x1FF)); + (val & 0xFF)); return spi_write(spi, &st->d16[0], sizeof(st->d16[0])); } -- 2.49.0

4 months

1
0
0 0

patch "iio: adc: ad7606: fix raw read for 18-bit chips" added to char-misc-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: adc: ad7606: fix raw read for 18-bit chips to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. From 3f5fd1717ae9497215f22aa748fc2c09df88b0e3 Mon Sep 17 00:00:00 2001 From: David Lechner <dlechner(a)baylibre.com> Date: Fri, 2 May 2025 10:04:30 -0500 Subject: iio: adc: ad7606: fix raw read for 18-bit chips Fix 18-bit raw read for 18-bit chips by applying a mask to the value we receive from the SPI controller. SPI controllers either return 1, 2 or 4 bytes per word depending on the bits_per_word. For 16-bit chips, there was no problem since they raw data fit exactly in the 2 bytes received from the SPI controller. But now that we have 18-bit chips and we are using bits_per_word = 18, we cannot assume that the extra bits in the 32-bit word are always zero. In fact, with the AXI SPI Engine controller, these bits are not always zero which caused the raw values to read 10s of 1000s of volts instead of the correct value. Therefore, we need to mask the value we receive from the SPI controller to ensure that only the 18 bits of real data are used. Fixes: f3838e934dff ("iio: adc: ad7606: add support for AD7606C-{16,18} parts") Signed-off-by: David Lechner <dlechner(a)baylibre.com> Link: https://patch.msgid.link/20250502-iio-adc-ad7606-fix-raw-read-for-18-bit-ch… Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/adc/ad7606.c | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/drivers/iio/adc/ad7606.c b/drivers/iio/adc/ad7606.c index 703556eb7257..8ed65a35b486 100644 --- a/drivers/iio/adc/ad7606.c +++ b/drivers/iio/adc/ad7606.c @@ -727,17 +727,16 @@ static int ad7606_scan_direct(struct iio_dev *indio_dev, unsigned int ch, goto error_ret; chan = &indio_dev->channels[ch + 1]; - if (chan->scan_type.sign == 'u') { - if (realbits > 16) - *val = st->data.buf32[ch]; - else - *val = st->data.buf16[ch]; - } else { - if (realbits > 16) - *val = sign_extend32(st->data.buf32[ch], realbits - 1); - else - *val = sign_extend32(st->data.buf16[ch], realbits - 1); - } + + if (realbits > 16) + *val = st->data.buf32[ch]; + else + *val = st->data.buf16[ch]; + + *val &= GENMASK(realbits - 1, 0); + + if (chan->scan_type.sign == 's') + *val = sign_extend32(*val, realbits - 1); error_ret: if (!st->gpio_convst) { -- 2.49.0

4 months

1
0
0 0

patch "iio: adc: ad7173: fix compiling without gpiolib" added to char-misc-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: adc: ad7173: fix compiling without gpiolib to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. From c553aa1b03719400a30d9387477190d4743fc1de Mon Sep 17 00:00:00 2001 From: David Lechner <dlechner(a)baylibre.com> Date: Tue, 22 Apr 2025 15:12:27 -0500 Subject: iio: adc: ad7173: fix compiling without gpiolib Fix compiling the ad7173 driver when CONFIG_GPIOLIB is not set by selecting GPIOLIB to be always enabled and remove the #if. Commit 031bdc8aee01 ("iio: adc: ad7173: add calibration support") placed unrelated code in the middle of the #if IS_ENABLED(CONFIG_GPIOLIB) block which caused the reported compile error. However, later commit 7530ed2aaa3f ("iio: adc: ad7173: add openwire detection support for single conversions") makes use of the gpio regmap even when we aren't providing gpio controller support. So it makes more sense to always enable GPIOLIB rather than trying to make it optional. Reported-by: kernel test robot <lkp(a)intel.com> Closes: https://lore.kernel.org/oe-kbuild-all/202504220824.HVrTVov1-lkp@intel.com/ Fixes: 031bdc8aee01 ("iio: adc: ad7173: add calibration support") Signed-off-by: David Lechner <dlechner(a)baylibre.com> Link: https://patch.msgid.link/20250422-iio-adc-ad7173-fix-compile-without-gpioli… Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/adc/Kconfig | 5 +++-- drivers/iio/adc/ad7173.c | 15 +-------------- 2 files changed, 4 insertions(+), 16 deletions(-) diff --git a/drivers/iio/adc/Kconfig b/drivers/iio/adc/Kconfig index 6529df1a498c..ba746754a816 100644 --- a/drivers/iio/adc/Kconfig +++ b/drivers/iio/adc/Kconfig @@ -129,8 +129,9 @@ config AD7173 tristate "Analog Devices AD7173 driver" depends on SPI_MASTER select AD_SIGMA_DELTA - select GPIO_REGMAP if GPIOLIB - select REGMAP_SPI if GPIOLIB + select GPIOLIB + select GPIO_REGMAP + select REGMAP_SPI help Say yes here to build support for Analog Devices AD7173 and similar ADC Currently supported models: diff --git a/drivers/iio/adc/ad7173.c b/drivers/iio/adc/ad7173.c index 69de5886474c..b3e6bd2a55d7 100644 --- a/drivers/iio/adc/ad7173.c +++ b/drivers/iio/adc/ad7173.c @@ -230,10 +230,8 @@ struct ad7173_state { unsigned long long *config_cnts; struct clk *ext_clk; struct clk_hw int_clk_hw; -#if IS_ENABLED(CONFIG_GPIOLIB) struct regmap *reg_gpiocon_regmap; struct gpio_regmap *gpio_regmap; -#endif }; static unsigned int ad4115_sinc5_data_rates[] = { @@ -288,8 +286,6 @@ static const char *const ad7173_clk_sel[] = { "ext-clk", "xtal" }; -#if IS_ENABLED(CONFIG_GPIOLIB) - static const struct regmap_range ad7173_range_gpio[] = { regmap_reg_range(AD7173_REG_GPIO, AD7173_REG_GPIO), }; @@ -543,12 +539,6 @@ static int ad7173_gpio_init(struct ad7173_state *st) return 0; } -#else -static int ad7173_gpio_init(struct ad7173_state *st) -{ - return 0; -} -#endif /* CONFIG_GPIOLIB */ static struct ad7173_state *ad_sigma_delta_to_ad7173(struct ad_sigma_delta *sd) { @@ -1797,10 +1787,7 @@ static int ad7173_probe(struct spi_device *spi) if (ret) return ret; - if (IS_ENABLED(CONFIG_GPIOLIB)) - return ad7173_gpio_init(st); - - return 0; + return ad7173_gpio_init(st); } static const struct of_device_id ad7173_of_match[] = { -- 2.49.0

4 months

1
0
0 0

patch "iio: adc: ad7944: mask high bits on direct read" added to char-misc-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: adc: ad7944: mask high bits on direct read to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the char-misc-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. From 7cdfbc0113d087348b8e65dd79276d0f57b89a10 Mon Sep 17 00:00:00 2001 From: David Lechner <dlechner(a)baylibre.com> Date: Mon, 5 May 2025 13:28:40 -0500 Subject: iio: adc: ad7944: mask high bits on direct read MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Apply a mask to the raw value received over the SPI bus for unsigned direct reads. As we found recently, SPI controllers may not set unused bits to 0 when reading with bits_per_word != {8,16,32}. The ad7944 uses bits_per_word of 14 and 18, so we need to mask the value to be sure we returning the correct value to userspace during a direct read. Fixes: d1efcf8871db ("iio: adc: ad7944: add driver for AD7944/AD7985/AD7986") Signed-off-by: David Lechner <dlechner(a)baylibre.com> Reviewed-by: Nuno Sá <nuno.sa(a)analog.com> Link: https://patch.msgid.link/20250505-iio-adc-ad7944-max-high-bits-on-direct-re… Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/adc/ad7944.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/iio/adc/ad7944.c b/drivers/iio/adc/ad7944.c index 2f949fe55873..37a137bd8357 100644 --- a/drivers/iio/adc/ad7944.c +++ b/drivers/iio/adc/ad7944.c @@ -377,6 +377,8 @@ static int ad7944_single_conversion(struct ad7944_adc *adc, if (chan->scan_type.sign == 's') *val = sign_extend32(*val, chan->scan_type.realbits - 1); + else + *val &= GENMASK(chan->scan_type.realbits - 1, 0); return IIO_VAL_INT; } -- 2.49.0

4 months

1
0
0 0

patch "iio: imu: inv_icm42600: Fix temperature calculation" added to char-misc-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: imu: inv_icm42600: Fix temperature calculation to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the char-misc-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. From e2f820014239df9360064079ae93f838ff3b7f8c Mon Sep 17 00:00:00 2001 From: Sean Nyekjaer <sean(a)geanix.com> Date: Fri, 2 May 2025 11:37:26 +0200 Subject: iio: imu: inv_icm42600: Fix temperature calculation >From the documentation: "offset to be added to <type>[Y]_raw prior toscaling by <type>[Y]_scale" Offset should be applied before multiplying scale, so divide offset by scale to make this correct. Fixes: bc3eb0207fb5 ("iio: imu: inv_icm42600: add temperature sensor support") Signed-off-by: Sean Nyekjaer <sean(a)geanix.com> Acked-by: Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> Link: https://patch.msgid.link/20250502-imu-v1-1-129b8391a4e3@geanix.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c b/drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c index 213cce1c3111..91f0f381082b 100644 --- a/drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c +++ b/drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c @@ -67,16 +67,18 @@ int inv_icm42600_temp_read_raw(struct iio_dev *indio_dev, return IIO_VAL_INT; /* * T°C = (temp / 132.48) + 25 - * Tm°C = 1000 * ((temp * 100 / 13248) + 25) + * Tm°C = 1000 * ((temp / 132.48) + 25) + * Tm°C = 7.548309 * temp + 25000 + * Tm°C = (temp + 3312) * 7.548309 * scale: 100000 / 13248 ~= 7.548309 - * offset: 25000 + * offset: 3312 */ case IIO_CHAN_INFO_SCALE: *val = 7; *val2 = 548309; return IIO_VAL_INT_PLUS_MICRO; case IIO_CHAN_INFO_OFFSET: - *val = 25000; + *val = 3312; return IIO_VAL_INT; default: return -EINVAL; -- 2.49.0

4 months

1
0
0 0

patch "iio: adc: ad7606: fix raw read for 18-bit chips" added to char-misc-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: adc: ad7606: fix raw read for 18-bit chips to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the char-misc-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. From 3f5fd1717ae9497215f22aa748fc2c09df88b0e3 Mon Sep 17 00:00:00 2001 From: David Lechner <dlechner(a)baylibre.com> Date: Fri, 2 May 2025 10:04:30 -0500 Subject: iio: adc: ad7606: fix raw read for 18-bit chips Fix 18-bit raw read for 18-bit chips by applying a mask to the value we receive from the SPI controller. SPI controllers either return 1, 2 or 4 bytes per word depending on the bits_per_word. For 16-bit chips, there was no problem since they raw data fit exactly in the 2 bytes received from the SPI controller. But now that we have 18-bit chips and we are using bits_per_word = 18, we cannot assume that the extra bits in the 32-bit word are always zero. In fact, with the AXI SPI Engine controller, these bits are not always zero which caused the raw values to read 10s of 1000s of volts instead of the correct value. Therefore, we need to mask the value we receive from the SPI controller to ensure that only the 18 bits of real data are used. Fixes: f3838e934dff ("iio: adc: ad7606: add support for AD7606C-{16,18} parts") Signed-off-by: David Lechner <dlechner(a)baylibre.com> Link: https://patch.msgid.link/20250502-iio-adc-ad7606-fix-raw-read-for-18-bit-ch… Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/adc/ad7606.c | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/drivers/iio/adc/ad7606.c b/drivers/iio/adc/ad7606.c index 703556eb7257..8ed65a35b486 100644 --- a/drivers/iio/adc/ad7606.c +++ b/drivers/iio/adc/ad7606.c @@ -727,17 +727,16 @@ static int ad7606_scan_direct(struct iio_dev *indio_dev, unsigned int ch, goto error_ret; chan = &indio_dev->channels[ch + 1]; - if (chan->scan_type.sign == 'u') { - if (realbits > 16) - *val = st->data.buf32[ch]; - else - *val = st->data.buf16[ch]; - } else { - if (realbits > 16) - *val = sign_extend32(st->data.buf32[ch], realbits - 1); - else - *val = sign_extend32(st->data.buf16[ch], realbits - 1); - } + + if (realbits > 16) + *val = st->data.buf32[ch]; + else + *val = st->data.buf16[ch]; + + *val &= GENMASK(realbits - 1, 0); + + if (chan->scan_type.sign == 's') + *val = sign_extend32(*val, realbits - 1); error_ret: if (!st->gpio_convst) { -- 2.49.0

4 months

1
0
0 0

patch "iio: adc: ad7606_spi: fix reg write value mask" added to char-misc-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: adc: ad7606_spi: fix reg write value mask to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the char-misc-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. From 89944d88f8795c6c89b9514cb365998145511cd4 Mon Sep 17 00:00:00 2001 From: David Lechner <dlechner(a)baylibre.com> Date: Mon, 28 Apr 2025 20:55:34 -0500 Subject: iio: adc: ad7606_spi: fix reg write value mask Fix incorrect value mask for register write. Register values are 8-bit, not 9. If this function was called with a value > 0xFF and an even addr, it would cause writing to the next register. Fixes: f2a22e1e172f ("iio: adc: ad7606: Add support for software mode for ad7616") Signed-off-by: David Lechner <dlechner(a)baylibre.com> Reviewed-by: Angelo Dureghello <adureghello(a)baylibre.com> Link: https://patch.msgid.link/20250428-iio-adc-ad7606_spi-fix-write-value-mask-v… Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/adc/ad7606_spi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/iio/adc/ad7606_spi.c b/drivers/iio/adc/ad7606_spi.c index 179115e90988..b37458ce3c70 100644 --- a/drivers/iio/adc/ad7606_spi.c +++ b/drivers/iio/adc/ad7606_spi.c @@ -155,7 +155,7 @@ static int ad7606_spi_reg_write(struct ad7606_state *st, struct spi_device *spi = to_spi_device(st->dev); st->d16[0] = cpu_to_be16((st->bops->rd_wr_cmd(addr, 1) << 8) | - (val & 0x1FF)); + (val & 0xFF)); return spi_write(spi, &st->d16[0], sizeof(st->d16[0])); } -- 2.49.0

4 months

1
0
0 0

patch "iio: adc: ad7173: fix compiling without gpiolib" added to char-misc-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: adc: ad7173: fix compiling without gpiolib to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the char-misc-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. From c553aa1b03719400a30d9387477190d4743fc1de Mon Sep 17 00:00:00 2001 From: David Lechner <dlechner(a)baylibre.com> Date: Tue, 22 Apr 2025 15:12:27 -0500 Subject: iio: adc: ad7173: fix compiling without gpiolib Fix compiling the ad7173 driver when CONFIG_GPIOLIB is not set by selecting GPIOLIB to be always enabled and remove the #if. Commit 031bdc8aee01 ("iio: adc: ad7173: add calibration support") placed unrelated code in the middle of the #if IS_ENABLED(CONFIG_GPIOLIB) block which caused the reported compile error. However, later commit 7530ed2aaa3f ("iio: adc: ad7173: add openwire detection support for single conversions") makes use of the gpio regmap even when we aren't providing gpio controller support. So it makes more sense to always enable GPIOLIB rather than trying to make it optional. Reported-by: kernel test robot <lkp(a)intel.com> Closes: https://lore.kernel.org/oe-kbuild-all/202504220824.HVrTVov1-lkp@intel.com/ Fixes: 031bdc8aee01 ("iio: adc: ad7173: add calibration support") Signed-off-by: David Lechner <dlechner(a)baylibre.com> Link: https://patch.msgid.link/20250422-iio-adc-ad7173-fix-compile-without-gpioli… Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/adc/Kconfig | 5 +++-- drivers/iio/adc/ad7173.c | 15 +-------------- 2 files changed, 4 insertions(+), 16 deletions(-) diff --git a/drivers/iio/adc/Kconfig b/drivers/iio/adc/Kconfig index 6529df1a498c..ba746754a816 100644 --- a/drivers/iio/adc/Kconfig +++ b/drivers/iio/adc/Kconfig @@ -129,8 +129,9 @@ config AD7173 tristate "Analog Devices AD7173 driver" depends on SPI_MASTER select AD_SIGMA_DELTA - select GPIO_REGMAP if GPIOLIB - select REGMAP_SPI if GPIOLIB + select GPIOLIB + select GPIO_REGMAP + select REGMAP_SPI help Say yes here to build support for Analog Devices AD7173 and similar ADC Currently supported models: diff --git a/drivers/iio/adc/ad7173.c b/drivers/iio/adc/ad7173.c index 69de5886474c..b3e6bd2a55d7 100644 --- a/drivers/iio/adc/ad7173.c +++ b/drivers/iio/adc/ad7173.c @@ -230,10 +230,8 @@ struct ad7173_state { unsigned long long *config_cnts; struct clk *ext_clk; struct clk_hw int_clk_hw; -#if IS_ENABLED(CONFIG_GPIOLIB) struct regmap *reg_gpiocon_regmap; struct gpio_regmap *gpio_regmap; -#endif }; static unsigned int ad4115_sinc5_data_rates[] = { @@ -288,8 +286,6 @@ static const char *const ad7173_clk_sel[] = { "ext-clk", "xtal" }; -#if IS_ENABLED(CONFIG_GPIOLIB) - static const struct regmap_range ad7173_range_gpio[] = { regmap_reg_range(AD7173_REG_GPIO, AD7173_REG_GPIO), }; @@ -543,12 +539,6 @@ static int ad7173_gpio_init(struct ad7173_state *st) return 0; } -#else -static int ad7173_gpio_init(struct ad7173_state *st) -{ - return 0; -} -#endif /* CONFIG_GPIOLIB */ static struct ad7173_state *ad_sigma_delta_to_ad7173(struct ad_sigma_delta *sd) { @@ -1797,10 +1787,7 @@ static int ad7173_probe(struct spi_device *spi) if (ret) return ret; - if (IS_ENABLED(CONFIG_GPIOLIB)) - return ad7173_gpio_init(st); - - return 0; + return ad7173_gpio_init(st); } static const struct of_device_id ad7173_of_match[] = { -- 2.49.0

4 months

1
0
0 0

[PATCH v 3] usb: dwc2: gadget: Fix enter to hibernation for UTMI+ PHY

by Minas Harutyunyan

For UTMI+ PHY, according to programming guide, first should be set PMUACTV bit then STOPPCLK bit. Otherwise, when the device issues Remote Wakeup, then host notices disconnect instead. For ULPI PHY, above mentioned bits must be set in reversed order: STOPPCLK then PMUACTV. Fixes: 4483ef3c1685 ("usb: dwc2: Add hibernation updates for ULPI PHY") Cc: stable(a)vger.kernel.org Reported-by: Tomasz Mon <tomasz.mon(a)nordicsemi.no> Signed-off-by: Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> --- Changes in v3: - Rebased on top of 6.15-rc4 Changes in v2: - Added Cc: stable(a)vger.kernel.org drivers/usb/dwc2/gadget.c | 37 +++++++++++++++++++++++++------------ 1 file changed, 25 insertions(+), 12 deletions(-) diff --git a/drivers/usb/dwc2/gadget.c b/drivers/usb/dwc2/gadget.c index 300ea4969f0c..b817002bdee0 100644 --- a/drivers/usb/dwc2/gadget.c +++ b/drivers/usb/dwc2/gadget.c @@ -5383,20 +5383,33 @@ int dwc2_gadget_enter_hibernation(struct dwc2_hsotg *hsotg) if (gusbcfg & GUSBCFG_ULPI_UTMI_SEL) { /* ULPI interface */ gpwrdn |= GPWRDN_ULPI_LATCH_EN_DURING_HIB_ENTRY; - } - dwc2_writel(hsotg, gpwrdn, GPWRDN); - udelay(10); + dwc2_writel(hsotg, gpwrdn, GPWRDN); + udelay(10); - /* Suspend the Phy Clock */ - pcgcctl = dwc2_readl(hsotg, PCGCTL); - pcgcctl |= PCGCTL_STOPPCLK; - dwc2_writel(hsotg, pcgcctl, PCGCTL); - udelay(10); + pcgcctl = dwc2_readl(hsotg, PCGCTL); + pcgcctl |= PCGCTL_STOPPCLK; + dwc2_writel(hsotg, pcgcctl, PCGCTL); + udelay(10); - gpwrdn = dwc2_readl(hsotg, GPWRDN); - gpwrdn |= GPWRDN_PMUACTV; - dwc2_writel(hsotg, gpwrdn, GPWRDN); - udelay(10); + gpwrdn = dwc2_readl(hsotg, GPWRDN); + gpwrdn |= GPWRDN_PMUACTV; + dwc2_writel(hsotg, gpwrdn, GPWRDN); + udelay(10); + } else { + /* UTMI+ Interface */ + dwc2_writel(hsotg, gpwrdn, GPWRDN); + udelay(10); + + gpwrdn = dwc2_readl(hsotg, GPWRDN); + gpwrdn |= GPWRDN_PMUACTV; + dwc2_writel(hsotg, gpwrdn, GPWRDN); + udelay(10); + + pcgcctl = dwc2_readl(hsotg, PCGCTL); + pcgcctl |= PCGCTL_STOPPCLK; + dwc2_writel(hsotg, pcgcctl, PCGCTL); + udelay(10); + } /* Set flag to indicate that we are in hibernation */ hsotg->hibernated = 1; base-commit: b4432656b36e5cc1d50a1f2dc15357543add530e -- 2.41.0

4 months

2
1
0 0

[PATCH v2] usb: typec: tcpm: apply vbus before data bringup in tcpm_src_attach

by RD Babiera

This patch fixes Type-C compliance test TD 4.7.6 - Try.SNK DRP Connect SNKAS. tVbusON has a limit of 275ms when entering SRC_ATTACHED. Compliance testers can interpret the TryWait.Src to Attached.Src transition after Try.Snk as being in Attached.Src the entire time, so ~170ms is lost to the debounce timer. Setting the data role can be a costly operation in host mode, and when completed after 100ms can cause Type-C compliance test check TD 4.7.5.V.4 to fail. Turn VBUS on before tcpm_set_roles to meet timing requirement. Fixes: f0690a25a140 ("staging: typec: USB Type-C Port Manager (tcpm)") Cc: stable(a)vger.kernel.org Signed-off-by: RD Babiera <rdbabiera(a)google.com> Reviewed-by: Badhri Jagan Sridharan <badhri(a)google.com> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> --- Changes since v1: * Rebased on top of usb-linus for v6.15 --- drivers/usb/typec/tcpm/tcpm.c | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index 8adf6f954633..05c62a1673af 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -4353,16 +4353,6 @@ static int tcpm_src_attach(struct tcpm_port *port) tcpm_enable_auto_vbus_discharge(port, true); - ret = tcpm_set_roles(port, true, TYPEC_SOURCE, tcpm_data_role_for_source(port)); - if (ret < 0) - return ret; - - if (port->pd_supported) { - ret = port->tcpc->set_pd_rx(port->tcpc, true); - if (ret < 0) - goto out_disable_mux; - } - /* * USB Type-C specification, version 1.2, * chapter 4.5.2.2.8.1 (Attached.SRC Requirements) @@ -4372,12 +4362,22 @@ static int tcpm_src_attach(struct tcpm_port *port) (polarity == TYPEC_POLARITY_CC2 && port->cc1 == TYPEC_CC_RA)) { ret = tcpm_set_vconn(port, true); if (ret < 0) - goto out_disable_pd; + return ret; } ret = tcpm_set_vbus(port, true); if (ret < 0) goto out_disable_vconn; + + ret = tcpm_set_roles(port, true, TYPEC_SOURCE, tcpm_data_role_for_source(port)); + if (ret < 0) + goto out_disable_vbus; + + if (port->pd_supported) { + ret = port->tcpc->set_pd_rx(port->tcpc, true); + if (ret < 0) + goto out_disable_mux; + } port->pd_capable = false; @@ -4389,14 +4389,14 @@ static int tcpm_src_attach(struct tcpm_port *port) return 0; -out_disable_vconn: - tcpm_set_vconn(port, false); -out_disable_pd: - if (port->pd_supported) - port->tcpc->set_pd_rx(port->tcpc, false); out_disable_mux: tcpm_mux_set(port, TYPEC_STATE_SAFE, USB_ROLE_NONE, TYPEC_ORIENTATION_NONE); +out_disable_vbus: + tcpm_set_vbus(port, false); +out_disable_vconn: + tcpm_set_vconn(port, false); + return ret; } base-commit: 82f2b0b97b36ee3fcddf0f0780a9a0825d52fec3 -- 2.49.0.1045.g170613ef41-goog

4 months

2
1
0 0

[PATCH] usb: gadget: udc: renesas_usb3: Add null pointer check in usb3_irq_epc_pipe0_setup()

by Wentao Liang

The function usb3_irq_epc_pipe0_setup() calls the function usb3_get_request(), but does not check its return value which is a null pointer if the function fails. This can result in a null pointer dereference. Add a null pointer check for usb3_get_request() to avoid null pointer dereference when the function fails. Fixes: 746bfe63bba3 ("usb: gadget: renesas_usb3: add support for Renesas USB3.0 peripheral controller") Cc: stable(a)vger.kernel.org # v4.5 Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- drivers/usb/gadget/udc/renesas_usb3.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/usb/gadget/udc/renesas_usb3.c b/drivers/usb/gadget/udc/renesas_usb3.c index fce5c41d9f29..51f2dd8cbf91 100644 --- a/drivers/usb/gadget/udc/renesas_usb3.c +++ b/drivers/usb/gadget/udc/renesas_usb3.c @@ -1920,11 +1920,13 @@ static void usb3_irq_epc_pipe0_setup(struct renesas_usb3 *usb3) { struct usb_ctrlrequest ctrl; struct renesas_usb3_ep *usb3_ep = usb3_get_ep(usb3, 0); + struct renesas_usb3_request *usb3_req = usb3_get_request(usb3_ep); /* Call giveback function if previous transfer is not completed */ + if (!usb3_req) + return; if (usb3_ep->started) - usb3_request_done(usb3_ep, usb3_get_request(usb3_ep), - -ECONNRESET); + usb3_request_done(usb3_ep, usb3_req, -ECONNRESET); usb3_p0_con_clear_buffer(usb3); usb3_get_setup_data(usb3, &ctrl); -- 2.42.0.windows.2

4 months

2
1
0 0

[PATCH 4/4 v3] crypto: octeontx2: Fix address alignment on CN10KB and CN10KA-B0

by Bharat Bhushan

octeontx2 crypto driver allocates memory using kmalloc/kzalloc, and uses this memory for dma (does dma_map_single()). It assumes that kmalloc/kzalloc will return 128-byte aligned address. But kmalloc/kzalloc returns 8-byte aligned address after below changes: "9382bc44b5f5 arm64: allow kmalloc() caches aligned to the smaller cache_line_size() Memory allocated are used for following purpose: - Input data or scatter list address - 8-Byte alignment - Output data or gather list address - 8-Byte alignment - Completion address - 32-Byte alignment. This patch ensures all addresses are aligned as mentioned above. Signed-off-by: Bharat Bhushan <bbhushan2(a)marvell.com> Cc: <stable(a)vger.kernel.org> #v6.8+ --- v2->v3: - Align DMA memory to ARCH_DMA_MINALIGN as that is mapped as bidirectional v1->v2: - Fixed memory padding size calculation as per review comment .../marvell/octeontx2/otx2_cpt_reqmgr.h | 58 ++++++++++++++----- 1 file changed, 43 insertions(+), 15 deletions(-) diff --git a/drivers/crypto/marvell/octeontx2/otx2_cpt_reqmgr.h b/drivers/crypto/marvell/octeontx2/otx2_cpt_reqmgr.h index 204a31755710..8e95036e91d9 100644 --- a/drivers/crypto/marvell/octeontx2/otx2_cpt_reqmgr.h +++ b/drivers/crypto/marvell/octeontx2/otx2_cpt_reqmgr.h @@ -350,22 +350,47 @@ static inline struct otx2_cpt_inst_info * cn10k_sgv2_info_create(struct pci_dev *pdev, struct otx2_cpt_req_info *req, gfp_t gfp) { - u32 dlen = 0, g_len, sg_len, info_len; - int align = OTX2_CPT_DMA_MINALIGN; + u32 dlen = 0, g_len, s_len, sg_len, info_len; struct otx2_cpt_inst_info *info; - u16 g_sz_bytes, s_sz_bytes; u32 total_mem_len; int i; - g_sz_bytes = ((req->in_cnt + 2) / 3) * - sizeof(struct cn10kb_cpt_sglist_component); - s_sz_bytes = ((req->out_cnt + 2) / 3) * - sizeof(struct cn10kb_cpt_sglist_component); + /* Allocate memory to meet below alignment requirement: + * ---------------------------------- + * | struct otx2_cpt_inst_info | + * | (No alignment required) | + * | -----------------------------| + * | | padding for 8B alignment | + * |----------------------------------| + * | SG List Gather/Input memory | + * | Length = multiple of 32Bytes | + * | Alignment = 8Byte | + * |----------------------------------| + * | SG List Scatter/Output memory | + * | Length = multiple of 32Bytes | + * | Alignment = 8Byte | + * | (padding for below alignment) | + * | -----------------------------| + * | | padding for 32B alignment | + * |----------------------------------| + * | Result response memory | + * ---------------------------------- + */ + + info_len = sizeof(*info); + + g_len = ((req->in_cnt + 2) / 3) * + sizeof(struct cn10kb_cpt_sglist_component); + s_len = ((req->out_cnt + 2) / 3) * + sizeof(struct cn10kb_cpt_sglist_component); + sg_len = g_len + s_len; - g_len = ALIGN(g_sz_bytes, align); - sg_len = ALIGN(g_len + s_sz_bytes, align); - info_len = ALIGN(sizeof(*info), align); - total_mem_len = sg_len + info_len + sizeof(union otx2_cpt_res_s); + /* Allocate extra memory for SG and response address alignment */ + total_mem_len = ALIGN(info_len, ARCH_DMA_MINALIGN) + sg_len; + total_mem_len = ALIGN(total_mem_len, OTX2_CPT_DPTR_RPTR_ALIGN); + total_mem_len += (OTX2_CPT_RES_ADDR_ALIGN - 1) & + ~(OTX2_CPT_DPTR_RPTR_ALIGN - 1); + total_mem_len += sizeof(union otx2_cpt_res_s); info = kzalloc(total_mem_len, gfp); if (unlikely(!info)) @@ -375,7 +400,8 @@ cn10k_sgv2_info_create(struct pci_dev *pdev, struct otx2_cpt_req_info *req, dlen += req->in[i].size; info->dlen = dlen; - info->in_buffer = (u8 *)info + info_len; + info->in_buffer = PTR_ALIGN((u8 *)info + info_len, ARCH_DMA_MINALIGN); + info->out_buffer = info->in_buffer + g_len; info->gthr_sz = req->in_cnt; info->sctr_sz = req->out_cnt; @@ -387,7 +413,7 @@ cn10k_sgv2_info_create(struct pci_dev *pdev, struct otx2_cpt_req_info *req, } if (sgv2io_components_setup(pdev, req->out, req->out_cnt, - &info->in_buffer[g_len])) { + info->out_buffer)) { dev_err(&pdev->dev, "Failed to setup scatter list\n"); goto destroy_info; } @@ -404,8 +430,10 @@ cn10k_sgv2_info_create(struct pci_dev *pdev, struct otx2_cpt_req_info *req, * Get buffer for union otx2_cpt_res_s response * structure and its physical address */ - info->completion_addr = info->in_buffer + sg_len; - info->comp_baddr = info->dptr_baddr + sg_len; + info->completion_addr = PTR_ALIGN((info->in_buffer + sg_len), + OTX2_CPT_RES_ADDR_ALIGN); + info->comp_baddr = ALIGN((info->dptr_baddr + sg_len), + OTX2_CPT_RES_ADDR_ALIGN); return info; -- 2.34.1

4 months

1
0
0 0

Panic with a lis2dw12 accelerometer

by Maud Spierings

I've just experienced an Issue that I think may be a regression. I'm enabling a device which incorporates a lis2dw12 accelerometer, currently I am running 6.12 lts, so 6.12.29 as of typing this message. My first issue is a Panic: [ 0.281814] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000c0 [ 0.290626] Mem abort info: [ 0.293465] ESR = 0x0000000096000004 [ 0.297230] EC = 0x25: DABT (current EL), IL = 32 bits [ 0.302558] SET = 0, FnV = 0 [ 0.305619] EA = 0, S1PTW = 0 [ 0.308766] FSC = 0x04: level 0 translation fault [ 0.313649] Data abort info: [ 0.316534] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 [ 0.322032] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 0.327093] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 0.332413] [00000000000000c0] user address but active_mm is swapper [ 0.338774] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP [ 0.345044] Modules linked in: [ 0.348106] CPU: 2 UID: 0 PID: 43 Comm: kworker/u16:1 Not tainted 6.12.28-00054-gf24728d836e5 #13 [ 0.356983] Hardware name: GOcontroll Moduline Mini (DT) [ 0.362297] Workqueue: events_unbound deferred_probe_work_func [ 0.368143] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 0.375109] pc : device_set_deferred_probe_reason+0x58/0x84 [ 0.380686] lr : device_set_deferred_probe_reason+0x50/0x84 [ 0.386262] sp : ffff8000816d34d0 [ 0.389577] x29: ffff8000816d34d0 x28: ffff000004099d08 x27: ffff0000040998f0 [ 0.396724] x26: 0000000030a40000 x25: ffff000004099be4 x24: ffff00003fdf2758 [ 0.403870] x23: 000000000000000f x22: ffff8000816d3508 x21: ffff000000260a20 [ 0.411017] x20: ffff00000409a808 x19: ffff800081299db8 x18: ffffffffffffffff [ 0.418163] x17: 00007fff7e57efff x16: ffff8000815ad000 x15: ffff0000002617da [ 0.425309] x14: 0000000000000001 x13: 0a7365696c707075 x12: 7320656c62616e65 [ 0.432454] x11: 0000000669b8cb4b x10: 0000000000000020 x9 : ffff8000816d3590 [ 0.439599] x8 : ffff8000816d3590 x7 : 0000000000000000 x6 : ffff800080fe16a6 [ 0.446745] x5 : ffff000000260a3f x4 : ffff800080fc3912 x3 : 0000000000000000 [ 0.453890] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff000000260a20 [ 0.461037] Call trace: [ 0.463485] device_set_deferred_probe_reason+0x58/0x84 [ 0.468715] dev_err_probe+0xa0/0xec [ 0.472296] st_sensors_power_enable+0x50/0x60 [ 0.476748] st_accel_i2c_probe+0x70/0xe0 [ 0.480763] i2c_device_probe+0xfc/0x2d8 [ 0.484692] really_probe+0xc0/0x394 [ 0.488271] __driver_probe_device+0x7c/0x14c [ 0.492631] driver_probe_device+0x3c/0x120 [ 0.496818] __device_attach_driver+0xbc/0x160 [ 0.501265] bus_for_each_drv+0x88/0xe8 [ 0.505108] __device_attach+0xa0/0x1b4 [ 0.508949] device_initial_probe+0x14/0x20 [ 0.513135] bus_probe_device+0xb0/0xbc [ 0.516974] device_add+0x594/0x7a4 [ 0.520469] device_register+0x20/0x3c [ 0.524224] i2c_new_client_device+0x19c/0x3d0 [ 0.528671] of_i2c_register_device+0xd4/0xfc [ 0.533033] of_i2c_register_devices+0x6c/0x140 [ 0.537568] i2c_register_adapter+0x1f4/0x728 [ 0.541929] __i2c_add_numbered_adapter+0x58/0xa8 [ 0.546637] i2c_add_adapter+0xa0/0xd0 [ 0.550389] i2c_add_numbered_adapter+0x2c/0x38 [ 0.554924] i2c_imx_probe+0x2b0/0x6d4 [ 0.558679] platform_probe+0x68/0xdc [ 0.562347] really_probe+0xc0/0x394 [ 0.565926] __driver_probe_device+0x7c/0x14c [ 0.570286] driver_probe_device+0x3c/0x120 [ 0.574473] __device_attach_driver+0xbc/0x160 [ 0.578920] bus_for_each_drv+0x88/0xe8 [ 0.582763] __device_attach+0xa0/0x1b4 [ 0.586602] device_initial_probe+0x14/0x20 [ 0.590790] bus_probe_device+0xb0/0xbc [ 0.594628] deferred_probe_work_func+0xb8/0x11c [ 0.599250] process_one_work+0x180/0x2dc [ 0.603265] worker_thread+0x2c0/0x3e0 [ 0.607017] kthread+0x110/0x120 [ 0.610252] ret_from_fork+0x10/0x20 [ 0.613836] Code: 911a8021 97f9326d f9402681 aa0003f5 (f9406020) [ 0.619931] ---[ end trace 0000000000000000 ]--- [ 0.624551] Kernel panic - not syncing: Oops: Fatal exception [ 0.630299] SMP: stopping secondary CPUs [ 0.634543] Kernel Offset: disabled [ 0.638032] CPU features: 0x00,00000080,00200000,4200420b [ 0.643433] Memory Limit: none It seems that indio_dev->dev is not initialized in st_sensors_power_enable(), this causes an issue when devm_regulator_bulk_get_enable() fails and then calls dev_err_probe with an uninitialized device. To fix this I added: indio_dev->dev = client->dev; just before the call to st_sensors_power_enable() in drivers/iio/accel/st_accel_i2c.c This fixed the kernel panic but showed another issue: 0.440413] sysfs: cannot create duplicate filename '/devices/platform/soc(a)0/30800000.bus/30a40000.i2c/i2c-2/2-0018' [ 0.440422] CPU: 0 UID: 0 PID: 43 Comm: kworker/u16:1 Not tainted 6.12.29+ #6 [ 0.440430] Hardware name: GOcontroll Moduline Mini (DT) [ 0.440435] Workqueue: events_unbound deferred_probe_work_func [ 0.440449] Call trace: [ 0.440452] dump_backtrace+0xd0/0x120 [ 0.440462] show_stack+0x18/0x24 [ 0.440469] dump_stack_lvl+0x60/0x80 [ 0.440478] dump_stack+0x18/0x24 [ 0.440483] sysfs_warn_dup+0x64/0x80 [ 0.440491] sysfs_create_dir_ns+0xf4/0x120 [ 0.440496] kobject_add_internal+0xb4/0x2d0 [ 0.440504] kobject_add+0x9c/0x108 [ 0.440511] device_add+0xb0/0x7a4 [ 0.440519] cdev_device_add+0x50/0xbc [ 0.440525] __iio_device_register+0x718/0x924 [ 0.440535] __devm_iio_device_register+0x28/0x8c [ 0.440542] st_accel_common_probe+0xd4/0xf0 [ 0.440550] st_accel_i2c_probe+0xa0/0xe0 [ 0.440556] i2c_device_probe+0xfc/0x2d8 [ 0.440563] really_probe+0xc0/0x394 [ 0.440568] __driver_probe_device+0x7c/0x14c [ 0.440573] driver_probe_device+0x3c/0x120 [ 0.440578] __device_attach_driver+0xbc/0x160 [ 0.440583] bus_for_each_drv+0x88/0xe8 [ 0.440590] __device_attach+0xa0/0x1b4 [ 0.440595] device_initial_probe+0x14/0x20 [ 0.440601] bus_probe_device+0xb0/0xbc [ 0.440605] deferred_probe_work_func+0xb8/0x11c [ 0.440610] process_one_work+0x180/0x2dc [ 0.440616] worker_thread+0x2c0/0x3e0 [ 0.440621] kthread+0x110/0x120 [ 0.440628] ret_from_fork+0x10/0x20 [ 0.440636] kobject: kobject_add_internal failed for 2-0018 with -EEXIST, don't try to register things with the same name in the same directory. [ 0.453688] st-accel-i2c 2-0018: probe with driver st-accel-i2c failed with error -17 In /sys/bus/i2c/devices I can indeed see 2-0018 present, but it doesn't show up on the iio bus (/sys/bus/iio/devices), so I am guessing somewhere in the driver it registers it before it should, and then again when it should. This is where my ability to fix thing fizzles out and so here I am asking for assistance. Kind regards, Maud

4 months

2
2
0 0

[PATCH] drm/xe/svm: Fix regression disallowing 64K SVM migration

by Maarten Lankhorst

When changing the condition from >= SZ_64K, it was changed to <= SZ_64K. This disallows migration of 64K, which is the exact minimum allowed. Closes: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/5057 Fixes: a9ac0fa455b0 ("drm/xe: Strict migration policy for atomic SVM faults") Cc: stable(a)vger.kernel.org Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: Himal Prasad Ghimiray <himal.prasad.ghimiray(a)intel.com> Signed-off-by: Maarten Lankhorst <dev(a)lankhorst.se> --- drivers/gpu/drm/xe/xe_svm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/xe/xe_svm.c b/drivers/gpu/drm/xe/xe_svm.c index 4432685936ed4..a7386334d48c4 100644 --- a/drivers/gpu/drm/xe/xe_svm.c +++ b/drivers/gpu/drm/xe/xe_svm.c @@ -820,7 +820,7 @@ bool xe_svm_range_needs_migrate_to_vram(struct xe_svm_range *range, struct xe_vm return false; } - if (preferred_region_is_vram && range_size <= SZ_64K && !supports_4K_migration(vm->xe)) { + if (preferred_region_is_vram && range_size < SZ_64K && !supports_4K_migration(vm->xe)) { drm_warn(&vm->xe->drm, "Platform doesn't support SZ_4K range migration\n"); return false; } -- 2.45.2

4 months

2
1
0 0

[PATCH net] hv_netvsc: fix potential deadlock in netvsc_vf_setxdp()

by Saurabh Sengar

The MANA driver's probe registers netdevice via the following call chain: mana_probe() register_netdev() register_netdevice() register_netdevice() calls notifier callback for netvsc driver, holding the netdev mutex via netdev_lock_ops(). Further this netvsc notifier callback end up attempting to acquire the same lock again in dev_xdp_propagate() leading to deadlock. netvsc_netdev_event() netvsc_vf_setxdp() dev_xdp_propagate() This deadlock was not observed so far because net_shaper_ops was never set and this lock in noop in this case. Fix this by using netif_xdp_propagate instead of dev_xdp_propagate to avoid recursive locking in this path. This issue has not observed so far because net_shaper_ops was unset, making the lock path effectively a no-op. To prevent recursive locking and avoid this deadlock, replace dev_xdp_propagate() with netif_xdp_propagate(), which does not acquire the lock again. Also, clean up the unregistration path by removing unnecessary call to netvsc_vf_setxdp(), since unregister_netdevice_many_notify() already performs this cleanup via dev_xdp_uninstall. Fixes: 97246d6d21c2 ("net: hold netdev instance lock during ndo_bpf") Cc: stable(a)vger.kernel.org Signed-off-by: Saurabh Sengar <ssengar(a)linux.microsoft.com> --- drivers/net/hyperv/netvsc_bpf.c | 2 +- drivers/net/hyperv/netvsc_drv.c | 2 -- net/core/dev.c | 1 + 3 files changed, 2 insertions(+), 3 deletions(-) diff --git a/drivers/net/hyperv/netvsc_bpf.c b/drivers/net/hyperv/netvsc_bpf.c index e01c5997a551..1dd3755d9e6d 100644 --- a/drivers/net/hyperv/netvsc_bpf.c +++ b/drivers/net/hyperv/netvsc_bpf.c @@ -183,7 +183,7 @@ int netvsc_vf_setxdp(struct net_device *vf_netdev, struct bpf_prog *prog) xdp.command = XDP_SETUP_PROG; xdp.prog = prog; - ret = dev_xdp_propagate(vf_netdev, &xdp); + ret = netif_xdp_propagate(vf_netdev, &xdp); if (ret && prog) bpf_prog_put(prog); diff --git a/drivers/net/hyperv/netvsc_drv.c b/drivers/net/hyperv/netvsc_drv.c index d8b169ac0343..ee3aaf9c10e6 100644 --- a/drivers/net/hyperv/netvsc_drv.c +++ b/drivers/net/hyperv/netvsc_drv.c @@ -2462,8 +2462,6 @@ static int netvsc_unregister_vf(struct net_device *vf_netdev) netdev_info(ndev, "VF unregistering: %s\n", vf_netdev->name); - netvsc_vf_setxdp(vf_netdev, NULL); - reinit_completion(&net_device_ctx->vf_add); netdev_rx_handler_unregister(vf_netdev); netdev_upper_dev_unlink(vf_netdev, ndev); diff --git a/net/core/dev.c b/net/core/dev.c index fccf2167b235..8c6c9d7fba26 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -9953,6 +9953,7 @@ int netif_xdp_propagate(struct net_device *dev, struct netdev_bpf *bpf) return dev->netdev_ops->ndo_bpf(dev, bpf); } +EXPORT_SYMBOL_GPL(netif_xdp_propagate); u32 dev_xdp_prog_id(struct net_device *dev, enum bpf_xdp_mode mode) { -- 2.43.0

4 months

4
3
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror