- Linux-stable-mirror - lists.linaro.org

[PATCH wireless] wifi: iwlwifi: mvm: fix 6 GHz scan construction

by Johannes Berg

From: Johannes Berg <johannes.berg(a)intel.com> If more than 255 colocated APs exist for the set of all APs found during 2.5/5 GHz scanning, then the 6 GHz scan construction will loop forever since the loop variable has type u8, which can never reach the number found when that's bigger than 255, and is stored in a u32 variable. Also move it into the loops to have a smaller scope. Using a u32 there is fine, we limit the number of APs in the scan list and each has a limit on the number of RNR entries due to the frame size. With a limit of 1000 scan results, a frame size upper bound of 4096 (really it's more like ~2300) and a TBTT entry size of at least 11, we get an upper bound for the number of ~372k, well in the bounds of a u32. Cc: stable(a)vger.kernel.org Fixes: eae94cf82d74 ("iwlwifi: mvm: add support for 6GHz") Closes: https://bugzilla.kernel.org/show_bug.cgi?id=219375 Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> --- drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/scan.c b/drivers/net/wireless/intel/iwlwifi/mvm/scan.c index 3ce9150213a7..ddcbd80a49fb 100644 --- a/drivers/net/wireless/intel/iwlwifi/mvm/scan.c +++ b/drivers/net/wireless/intel/iwlwifi/mvm/scan.c @@ -1774,7 +1774,7 @@ iwl_mvm_umac_scan_cfg_channels_v7_6g(struct iwl_mvm *mvm, &cp->channel_config[ch_cnt]; u32 s_ssid_bitmap = 0, bssid_bitmap = 0, flags = 0; - u8 j, k, n_s_ssids = 0, n_bssids = 0; + u8 k, n_s_ssids = 0, n_bssids = 0; u8 max_s_ssids, max_bssids; bool force_passive = false, found = false, allow_passive = true, unsolicited_probe_on_chan = false, psc_no_listen = false; @@ -1799,7 +1799,7 @@ iwl_mvm_umac_scan_cfg_channels_v7_6g(struct iwl_mvm *mvm, cfg->v5.iter_count = 1; cfg->v5.iter_interval = 0; - for (j = 0; j < params->n_6ghz_params; j++) { + for (u32 j = 0; j < params->n_6ghz_params; j++) { s8 tmp_psd_20; if (!(scan_6ghz_params[j].channel_idx == i)) @@ -1873,7 +1873,7 @@ iwl_mvm_umac_scan_cfg_channels_v7_6g(struct iwl_mvm *mvm, * SSID. * TODO: improve this logic */ - for (j = 0; j < params->n_6ghz_params; j++) { + for (u32 j = 0; j < params->n_6ghz_params; j++) { if (!(scan_6ghz_params[j].channel_idx == i)) continue; -- 2.47.0

4 months, 1 week

1
0
0 0

[PATCH 6.11 000/135] 6.11.5-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.11.5 release. There are 135 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 23 Oct 2024 10:22:25 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.11.5-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.11.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.11.5-rc1 Vasiliy Kovalev <kovalev(a)altlinux.org> ALSA: hda/conexant - Use cached pin control for Node 0x1d on HP EliteOne 1000 G2 Chris Li <chrisl(a)kernel.org> mm: vmscan.c: fix OOM on swap stress test Johan Hovold <johan+linaro(a)kernel.org> serial: qcom-geni: fix receiver enable Johan Hovold <johan+linaro(a)kernel.org> serial: qcom-geni: fix dma rx cancellation Johan Hovold <johan+linaro(a)kernel.org> serial: qcom-geni: fix shutdown race Johan Hovold <johan+linaro(a)kernel.org> serial: qcom-geni: revert broken hibernation support Johan Hovold <johan+linaro(a)kernel.org> serial: qcom-geni: fix polled console initialisation Charlie Jenkins <charlie(a)rivosinc.com> irqchip/sifive-plic: Return error code on failure Nam Cao <namcao(a)linutronix.de> irqchip/sifive-plic: Unmask interrupt in plic_irq_enable() Marc Zyngier <maz(a)kernel.org> irqchip/gic-v4: Don't allow a VMOVP on a dying VPE Ma Ke <make24(a)iscas.ac.cn> pinctrl: apple: check devm_kasprintf() returned value Ma Ke <make24(a)iscas.ac.cn> pinctrl: stm32: check devm_kasprintf() returned value Sergey Matsievskiy <matsievskiysv(a)gmail.com> pinctrl: ocelot: fix system hang on level based interrupts Javier Carrasco <javier.carrasco.cruz(a)gmail.com> pinctrl: intel: platform: fix error path in device_for_each_child_node() Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com> pinctrl: nuvoton: fix a double free in ma35_pinctrl_dt_node_to_map_func() Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bugs: Use code segment selector for VERW operand Longlong Xia <xialonglong(a)kylinos.cn> tty: n_gsm: Fix use-after-free in gsm_cleanup_mux Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/entry_32: Clear CPU buffers after register restore in NMI return Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/entry_32: Do not clobber user EFLAGS.ZF John Allen <john.allen(a)amd.com> x86/CPU/AMD: Only apply Zenbleed fix for Zen2 during late microcode load Zhang Rui <rui.zhang(a)intel.com> x86/apic: Always explicitly disarm TSC-deadline timer Nathan Chancellor <nathan(a)kernel.org> x86/resctrl: Annotate get_mem_config() functions as __init Takashi Iwai <tiwai(a)suse.de> parport: Proper fix for array out-of-bounds access Marek Vasut <marex(a)denx.de> serial: imx: Update mctrl old_status on RTSD interrupt Heiko Thiery <heiko.thiery(a)gmail.com> misc: microchip: pci1xxxx: add support for NVMEM_DEVID_AUTO for OTP device Heiko Thiery <heiko.thiery(a)gmail.com> misc: microchip: pci1xxxx: add support for NVMEM_DEVID_AUTO for EEPROM device Roger Quadros <rogerq(a)kernel.org> usb: dwc3: core: Fix system suspend on TI AM62 platforms Prashanth K <quic_prashk(a)quicinc.com> usb: dwc3: Wait for EndXfer completion before restoring GUSB2PHYCFG Kevin Groeneveld <kgroeneveld(a)lenbrook.com> usb: gadget: f_uac2: fix return value for UAC2_ATTRIBUTE_STRING store Alan Stern <stern(a)rowland.harvard.edu> USB: gadget: dummy-hcd: Fix "task hung" problem Jonathan Marek <jonathan(a)marek.ca> usb: typec: qcom-pmic-typec: fix sink status being overwritten with RP_DEF Daniele Palmas <dnlplm(a)gmail.com> USB: serial: option: add Telit FN920C04 MBIM compositions Benjamin B. Frost <benjamin(a)geanix.com> USB: serial: option: add support for Quectel EG916Q-GL Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Mitigate failed set dequeue pointer commands Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Fix incorrect stream context type macro Henry Lin <henryl(a)nvidia.com> xhci: tegra: fix checked USB2 port number Jeongjun Park <aha310510(a)gmail.com> vt: prevent kernel-infoleak in con_font_get() Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: btusb: Fix regression with fake CSR controllers 0a12:0001 Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: btusb: Fix not being able to reconnect after suspend Aaron Thompson <dev(a)aaront.org> Bluetooth: ISO: Fix multiple init when debugfs is disabled Aaron Thompson <dev(a)aaront.org> Bluetooth: Remove debugfs directory on module init failure Aaron Thompson <dev(a)aaront.org> Bluetooth: Call iso_exit() on module unload Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: accel: kx022a: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: adc: ad7944: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: resolver: ad2s1210: add missing select (TRIGGERED_)BUFFER in Kconfig Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: adc: ti-ads124s08: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: adc: ti-lmp92064: add missing select REGMAP_SPI in Kconfig Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: adc: ti-lmp92064: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: dac: ad3552r: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: proximity: mb1232: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: dac: ad5766: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: pressure: bm1390: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: resolver: ad2s1210 add missing select REGMAP in Kconfig Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: magnetometer: af8133j: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: light: bu27008: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: chemical: ens160: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: frequency: adf4377: add missing select REMAP_SPI in Kconfig Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: amplifiers: ada4250: add missing select REGMAP_SPI in Kconfig Emil Gedenryd <emil.gedenryd(a)axis.com> iio: light: opt3001: add missing full-scale range value Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: light: veml6030: fix IIO device retrieval from embedded device Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: light: veml6030: fix ALS sensor resolution Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> iio: hid-sensors: Fix an error handling path in _hid_sensor_set_report_latency() Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: adc: ti-ads8688: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: dac: stm32-dac-core: add missing select REGMAP_MMIO in Kconfig Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: dac: ltc1660: add missing select REGMAP_SPI in Kconfig Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: dac: ad5770r: add missing select REGMAP_SPI in Kconfig Mohammed Anees <pvmohammedanees2003(a)gmail.com> drm/amdgpu: prevent BO_HANDLES error from being overwritten Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/swsmu: Only force workload setup on init Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/smu13: always apply the powersave optimization Michael Chen <michael.chen(a)amd.com> drm/amdgpu/mes: fix issue of writing to the same log buffer from 2 MES pipes Nikolay Kuratov <kniv(a)yandex-team.ru> drm/vmwgfx: Handle surface check failure correctly Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Cleanup kms setup without 3d Nirmoy Das <nirmoy.das(a)intel.com> drm/xe/ufence: ufence can be signaled right after wait_woken Matthew Auld <matthew.auld(a)intel.com> drm/xe/xe_sync: initialise ufence.signalled Imre Deak <imre.deak(a)intel.com> drm/i915/dp_mst: Don't require DSC hblank quirk for a non-DSC compatible mode Imre Deak <imre.deak(a)intel.com> drm/i915/dp_mst: Handle error during DSC BW overhead/slice calculation Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/radeon: Fix encoder->possible_clones Peter Wang <peter.wang(a)mediatek.com> scsi: ufs: core: Requeue aborted request Peter Wang <peter.wang(a)mediatek.com> scsi: ufs: core: Fix the issue of ICU failure Seunghwan Baek <sh8267.baek(a)samsung.com> scsi: ufs: core: Set SDEV_OFFLINE when UFS is shut down Ranjan Kumar <ranjan.kumar(a)broadcom.com> scsi: mpi3mr: Validate SAS port assignments John Edwards <uejji(a)uejji.net> Input: xpad - add support for MSI Claw A1M Yun Lu <luyun(a)kylinos.cn> selftest: hid: add the missing tests directory Jens Axboe <axboe(a)kernel.dk> io_uring/sqpoll: ensure task state is TASK_RUNNING when running task_work Ming Lei <ming.lei(a)redhat.com> ublk: don't allow user copy for unprivileged device Ming Lei <ming.lei(a)redhat.com> blk-mq: setup queue ->tag_set before initializing hctx Jens Axboe <axboe(a)kernel.dk> io_uring/sqpoll: close race on waiting for sqring entries Omar Sandoval <osandov(a)fb.com> blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race Stefan Kerkmann <s.kerkmann(a)pengutronix.de> Input: xpad - add support for 8BitDo Ultimate 2C Wireless Controller Steven Rostedt <rostedt(a)goodmis.org> fgraph: Use CPU hotplug mechanism to initialize idle shadow stacks Johannes Wikner <kwikner(a)ethz.ch> x86/bugs: Do not use UNTRAIN_RET with IBPB on entry Johannes Wikner <kwikner(a)ethz.ch> x86/bugs: Skip RSB fill at VMEXIT Johannes Wikner <kwikner(a)ethz.ch> x86/entry: Have entry_ibpb() invalidate return predictions Johannes Wikner <kwikner(a)ethz.ch> x86/cpufeatures: Add a IBPB_NO_RET BUG flag Jim Mattson <jmattson(a)google.com> x86/cpufeatures: Define X86_FEATURE_AMD_IBPB_RET Michael Mueller <mimu(a)linux.ibm.com> KVM: s390: Change virtual to physical address access in diag 0x258 handler Nico Boehr <nrb(a)linux.ibm.com> KVM: s390: gaccess: Check if guest address is in memslot Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> s390/sclp_vt220: Convert newlines to CRLF instead of LFCR Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> s390/sclp: Deactivate sclp after all its users Lu Baolu <baolu.lu(a)linux.intel.com> iommu/vt-d: Fix incorrect pci_for_each_dma_alias() for non-PCI devices Paolo Abeni <pabeni(a)redhat.com> mptcp: prevent MPC handshake on port-based signal endpoints Csókás, Bence <csokas.bence(a)prolan.hu> net: fec: Remove duplicated code Csókás, Bence <csokas.bence(a)prolan.hu> net: fec: Move `fec_ptp_read()` to the top of the file Paolo Abeni <pabeni(a)redhat.com> tcp: fix mptcp DSS corruption due to large pmtu xmit Jinjie Ruan <ruanjinjie(a)huawei.com> mm/damon/tests/sysfs-kunit.h: fix memory leak in damon_sysfs_test_add_targets() Liu Shixin <liushixin2(a)huawei.com> mm/swapfile: skip HugeTLB pages for unuse_vma Wei Xu <weixugc(a)google.com> mm/mglru: only clear kswapd_failures if reclaimable Yang Shi <yang(a)os.amperecomputing.com> mm: khugepaged: fix the arguments order in khugepaged_collapse_file trace point Jann Horn <jannh(a)google.com> mm/mremap: fix move_normal_pmd/retract_page_tables race Edward Liaw <edliaw(a)google.com> selftests/mm: fix deadlock for fork after pthread_create on ARM Edward Liaw <edliaw(a)google.com> selftests/mm: replace atomic_bool with pthread_barrier_t Florian Westphal <fw(a)strlen.de> lib: alloc_tag_module_unload must wait for pending kfree_rcu calls OGAWA Hirofumi <hirofumi(a)mail.parknet.co.jp> fat: fix uninitialized variable Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: propagate directory read errors from nilfs_find_entry() Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> maple_tree: correct tree corruption on spanning store Paolo Abeni <pabeni(a)redhat.com> selftests: mptcp: join: test for prohibited MPC to port-based endp Jinjie Ruan <ruanjinjie(a)huawei.com> net: microchip: vcap api: Fix memory leaks in vcap_api_encode_rule_test() Oleksij Rempel <o.rempel(a)pengutronix.de> net: macb: Avoid 20s boot delay by skipping MDIO bus registration for fixed-link PHY Mark Rutland <mark.rutland(a)arm.com> arm64: probes: Fix uprobes for big-endian kernels Mark Rutland <mark.rutland(a)arm.com> arm64: probes: Fix simulate_ldr*_literal() Mark Rutland <mark.rutland(a)arm.com> arm64: probes: Remove broken LDR (literal) uprobe support Josua Mayer <josua(a)solid-run.com> arm64: dts: marvell: cn9130-sr-som: fix cp0 mdio pin numbers Jakub Sitnicki <jakub(a)cloudflare.com> udp: Compute L4 checksum as usual when not segmenting the skb Jinjie Ruan <ruanjinjie(a)huawei.com> posix-clock: Fix missing timespec64 check in pc_clock_settime() Wei Fang <wei.fang(a)nxp.com> net: enetc: add missing static descriptor and inline keyword Wei Fang <wei.fang(a)nxp.com> net: enetc: disable NAPI after all rings are disabled Wei Fang <wei.fang(a)nxp.com> net: enetc: disable Tx BD rings after they are empty Wei Fang <wei.fang(a)nxp.com> net: enetc: block concurrent XDP transmissions during ring reconfiguration Wei Fang <wei.fang(a)nxp.com> net: enetc: remove xdp_drops statistic from enetc_xdp_drop() Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow Vasiliy Kovalev <kovalev(a)altlinux.org> ALSA: hda/conexant - Fix audio routing for HP EliteOne 1000 G2 Zhu Jun <zhujun2(a)cmss.chinamobile.com> ALSA: scarlett2: Add error check after retrieving PEQ filter values Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix user-after-free from session log off Roi Martin <jroi.martin(a)gmail.com> btrfs: fix uninitialized pointer free on read_alloc_one_name() error Roi Martin <jroi.martin(a)gmail.com> btrfs: fix uninitialized pointer free in add_inode_ref() ------------- Diffstat: Makefile | 4 +- arch/arm64/boot/dts/marvell/cn9130-sr-som.dtsi | 2 +- arch/arm64/include/asm/uprobes.h | 8 +- arch/arm64/kernel/probes/decode-insn.c | 16 ++- arch/arm64/kernel/probes/simulate-insn.c | 18 ++-- arch/arm64/kernel/probes/uprobes.c | 4 +- arch/s390/kvm/diag.c | 2 +- arch/s390/kvm/gaccess.c | 4 + arch/s390/kvm/gaccess.h | 14 +-- arch/x86/entry/entry.S | 5 + arch/x86/entry/entry_32.S | 6 +- arch/x86/include/asm/cpufeatures.h | 4 +- arch/x86/include/asm/nospec-branch.h | 11 +- arch/x86/kernel/apic/apic.c | 14 ++- arch/x86/kernel/cpu/amd.c | 3 +- arch/x86/kernel/cpu/bugs.c | 32 ++++++ arch/x86/kernel/cpu/common.c | 3 + arch/x86/kernel/cpu/resctrl/core.c | 4 +- block/blk-mq.c | 8 +- block/blk-rq-qos.c | 2 +- drivers/block/ublk_drv.c | 11 +- drivers/bluetooth/btusb.c | 27 ++--- drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 2 +- drivers/gpu/drm/amd/amdgpu/mes_v12_0.c | 4 +- drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 6 +- .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c | 22 ++-- drivers/gpu/drm/i915/display/intel_dp_mst.c | 40 +++++-- drivers/gpu/drm/radeon/radeon_encoders.c | 2 +- drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 30 +----- drivers/gpu/drm/vmwgfx/vmwgfx_surface.c | 9 +- drivers/gpu/drm/xe/xe_sync.c | 2 +- drivers/gpu/drm/xe/xe_wait_user_fence.c | 3 - drivers/iio/accel/Kconfig | 2 + drivers/iio/adc/Kconfig | 9 ++ drivers/iio/amplifiers/Kconfig | 1 + drivers/iio/chemical/Kconfig | 2 + .../iio/common/hid-sensors/hid-sensor-trigger.c | 2 +- drivers/iio/dac/Kconfig | 7 ++ drivers/iio/frequency/Kconfig | 1 + drivers/iio/light/Kconfig | 2 + drivers/iio/light/opt3001.c | 4 + drivers/iio/light/veml6030.c | 5 +- drivers/iio/magnetometer/Kconfig | 2 + drivers/iio/pressure/Kconfig | 3 + drivers/iio/proximity/Kconfig | 2 + drivers/iio/resolver/Kconfig | 3 + drivers/input/joystick/xpad.c | 3 + drivers/iommu/intel/iommu.c | 4 +- drivers/irqchip/irq-gic-v3-its.c | 18 ++-- drivers/irqchip/irq-sifive-plic.c | 29 ++--- drivers/misc/mchp_pci1xxxx/mchp_pci1xxxx_otpe2p.c | 2 + drivers/net/ethernet/cadence/macb_main.c | 14 ++- drivers/net/ethernet/freescale/enetc/enetc.c | 56 +++++++--- drivers/net/ethernet/freescale/enetc/enetc.h | 1 + drivers/net/ethernet/freescale/fec_ptp.c | 58 +++++----- .../net/ethernet/microchip/vcap/vcap_api_kunit.c | 2 + drivers/parport/procfs.c | 22 ++-- drivers/pinctrl/intel/pinctrl-intel-platform.c | 3 +- drivers/pinctrl/nuvoton/pinctrl-ma35.c | 2 +- drivers/pinctrl/pinctrl-apple-gpio.c | 3 + drivers/pinctrl/pinctrl-ocelot.c | 8 +- drivers/pinctrl/stm32/pinctrl-stm32.c | 9 +- drivers/s390/char/sclp.c | 3 +- drivers/s390/char/sclp_vt220.c | 4 +- drivers/scsi/mpi3mr/mpi3mr.h | 4 +- drivers/scsi/mpi3mr/mpi3mr_transport.c | 42 +++++--- drivers/tty/n_gsm.c | 2 + drivers/tty/serial/imx.c | 15 +++ drivers/tty/serial/qcom_geni_serial.c | 91 ++++++++-------- drivers/tty/vt/vt.c | 2 +- drivers/ufs/core/ufs-mcq.c | 15 +-- drivers/ufs/core/ufshcd.c | 24 ++--- drivers/usb/dwc3/core.c | 19 ++++ drivers/usb/dwc3/core.h | 3 + drivers/usb/dwc3/gadget.c | 10 +- drivers/usb/gadget/function/f_uac2.c | 6 +- drivers/usb/gadget/udc/dummy_hcd.c | 20 +++- drivers/usb/host/xhci-ring.c | 2 +- drivers/usb/host/xhci-tegra.c | 2 +- drivers/usb/host/xhci.h | 2 +- drivers/usb/serial/option.c | 8 ++ drivers/usb/typec/tcpm/qcom/qcom_pmic_typec_port.c | 1 - fs/btrfs/tree-log.c | 6 +- fs/fat/namei_vfat.c | 2 +- fs/nilfs2/dir.c | 48 +++++---- fs/nilfs2/namei.c | 39 ++++--- fs/nilfs2/nilfs.h | 2 +- fs/smb/server/mgmt/user_session.c | 26 ++++- fs/smb/server/mgmt/user_session.h | 4 + fs/smb/server/server.c | 2 + fs/smb/server/smb2pdu.c | 8 +- include/linux/fsl/enetc_mdio.h | 3 +- include/linux/irqchip/arm-gic-v4.h | 4 +- include/trace/events/huge_memory.h | 4 +- include/uapi/linux/ublk_cmd.h | 8 +- io_uring/io_uring.h | 10 +- kernel/time/posix-clock.c | 3 + kernel/trace/fgraph.c | 28 +++-- lib/codetag.c | 3 + lib/maple_tree.c | 12 +-- mm/damon/sysfs-test.h | 1 + mm/khugepaged.c | 2 +- mm/mremap.c | 11 +- mm/swapfile.c | 2 +- mm/vmscan.c | 6 +- net/bluetooth/af_bluetooth.c | 3 + net/bluetooth/iso.c | 6 +- net/ipv4/tcp_output.c | 4 +- net/ipv4/udp.c | 4 +- net/ipv6/udp.c | 4 +- net/mptcp/mib.c | 1 + net/mptcp/mib.h | 1 + net/mptcp/pm_netlink.c | 3 +- net/mptcp/protocol.h | 1 + net/mptcp/subflow.c | 11 ++ sound/pci/hda/patch_conexant.c | 19 ++++ sound/usb/mixer_scarlett2.c | 2 + tools/testing/selftests/hid/Makefile | 1 + tools/testing/selftests/mm/uffd-common.c | 5 +- tools/testing/selftests/mm/uffd-common.h | 3 +- tools/testing/selftests/mm/uffd-unit-tests.c | 21 ++-- tools/testing/selftests/net/mptcp/mptcp_join.sh | 117 +++++++++++++++------ 122 files changed, 863 insertions(+), 453 deletions(-)

4 months, 1 week

15
154
0 0

Re: Patch "xhci: dbgtty: remove kfifo_out() wrapper" has been added to the 6.11-stable tree

by Jiri Slaby

On 22. 10. 24, 19:45, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > xhci: dbgtty: remove kfifo_out() wrapper This is a cleanup, not needed in stable. -- js suse labs

4 months, 1 week

1
0
0 0

[PATCH 04/16] Revert "drm/amd/display: update DML2 policy EnhancedPrefetchScheduleAccelerationFinal DCN35"

by Tom Chung

From: Ovidiu Bunea <Ovidiu.Bunea(a)amd.com> This reverts commit db88df35a509 ("drm/amd/display: update DML2 policy EnhancedPrefetchScheduleAccelerationFinal DCN35") [why & how] The offending commit exposes a hang with lid close/open behavior. Both issues seem to be related to ODM 2:1 mode switching, so there is another issue generic to that sequence that needs to be investigated. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> Signed-off-by: Ovidiu Bunea <Ovidiu.Bunea(a)amd.com> Signed-off-by: Tom Chung <chiahsuan.chung(a)amd.com> --- drivers/gpu/drm/amd/display/dc/dml2/dml2_policy.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/gpu/drm/amd/display/dc/dml2/dml2_policy.c b/drivers/gpu/drm/amd/display/dc/dml2/dml2_policy.c index 11c904ae2958..c4c52173ef22 100644 --- a/drivers/gpu/drm/amd/display/dc/dml2/dml2_policy.c +++ b/drivers/gpu/drm/amd/display/dc/dml2/dml2_policy.c @@ -303,6 +303,7 @@ void build_unoptimized_policy_settings(enum dml_project_id project, struct dml_m if (project == dml_project_dcn35 || project == dml_project_dcn351) { policy->DCCProgrammingAssumesScanDirectionUnknownFinal = false; + policy->EnhancedPrefetchScheduleAccelerationFinal = 0; policy->AllowForPStateChangeOrStutterInVBlankFinal = dml_prefetch_support_uclk_fclk_and_stutter_if_possible; /*new*/ policy->UseOnlyMaxPrefetchModes = 1; } -- 2.34.1

4 months, 1 week

1
0
0 0

[PATCH] clk: qcom: gcc-qcs404: fix initial rate of GPLL3

by Gabor Juhos

The comment before the config of the GPLL3 PLL says that the PLL should run at 930 MHz. In contrary to this, calculating the frequency from the current configuration values by using 19.2 MHz as input frequency defined in 'qcs404.dtsi', it gives 921.6 MHz: $ xo=19200000; l=48; alpha=0x0; alpha_hi=0x0 $ echo "$xo * ($((l)) + $(((alpha_hi << 32 | alpha) >> 8)) / 2^32)" | bc -l 921600000.00000000000000000000 Set 'alpha_hi' in the configuration to a value used in downstream kernels [1][2] in order to get the correct output rate: $ xo=19200000; l=48; alpha=0x0; alpha_hi=0x70 $ echo "$xo * ($((l)) + $(((alpha_hi << 32 | alpha) >> 8)) / 2^32)" | bc -l 930000000.00000000000000000000 The change is based on static code analysis, compile tested only. [1] https://git.codelinaro.org/clo/la/kernel/msm-5.4/-/blob/kernel.lnx.5.4.r56-… [2} https://git.codelinaro.org/clo/la/kernel/msm-5.15/-/blob/kernel.lnx.5.15.r4… Cc: stable(a)vger.kernel.org Fixes: 652f1813c113 ("clk: qcom: gcc: Add global clock controller driver for QCS404") Signed-off-by: Gabor Juhos <j4g8y7(a)gmail.com> --- Note: due to a bug in the clk_alpha_pll_configure() function, the following patch is also needed in order for this fix to take effect: https://lore.kernel.org/all/20241019-qcs615-mm-clockcontroller-v1-1-4cfb96d… --- drivers/clk/qcom/gcc-qcs404.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/clk/qcom/gcc-qcs404.c b/drivers/clk/qcom/gcc-qcs404.c index c3cfd572e7c1e0a987519be2cb2050c9bc7992c7..5ca003c9bfba89bee2e626b3c35936452cc02765 100644 --- a/drivers/clk/qcom/gcc-qcs404.c +++ b/drivers/clk/qcom/gcc-qcs404.c @@ -131,6 +131,7 @@ static struct clk_alpha_pll gpll1_out_main = { /* 930MHz configuration */ static const struct alpha_pll_config gpll3_config = { .l = 48, + .alpha_hi = 0x70, .alpha = 0x0, .alpha_en_mask = BIT(24), .post_div_mask = 0xf << 8, --- base-commit: 03dc72319cee7d0dfefee9ae7041b67732f6b8cd change-id: 20241021-fix-gcc-qcs404-gpll3-f314335c8ecf Best regards, -- Gabor Juhos <j4g8y7(a)gmail.com>

4 months, 1 week

3
3
0 0

[PATCH 5.10] block, bfq: fix procress reference leakage for bfqq in merge chain

by Yu Kuai

From: Yu Kuai <yukuai3(a)huawei.com> [ Upstream commit 73aeab373557fa6ee4ae0b742c6211ccd9859280 ] Original state: Process 1 Process 2 Process 3 Process 4 (BIC1) (BIC2) (BIC3) (BIC4) Λ | | | \--------------\ \-------------\ \-------------\| V V V bfqq1--------->bfqq2---------->bfqq3----------->bfqq4 ref 0 1 2 4 After commit 0e456dba86c7 ("block, bfq: choose the last bfqq from merge chain in bfq_setup_cooperator()"), if P1 issues a new IO: Without the patch: Process 1 Process 2 Process 3 Process 4 (BIC1) (BIC2) (BIC3) (BIC4) Λ | | | \------------------------------\ \-------------\| V V bfqq1--------->bfqq2---------->bfqq3----------->bfqq4 ref 0 0 2 4 bfqq3 will be used to handle IO from P1, this is not expected, IO should be redirected to bfqq4; With the patch: ------------------------------------------- | | Process 1 Process 2 Process 3 | Process 4 (BIC1) (BIC2) (BIC3) | (BIC4) | | | | \-------------\ \-------------\| V V bfqq1--------->bfqq2---------->bfqq3----------->bfqq4 ref 0 0 2 4 IO is redirected to bfqq4, however, procress reference of bfqq3 is still 2, while there is only P2 using it. Fix the problem by calling bfq_merge_bfqqs() for each bfqq in the merge chain. Also change bfqq_merge_bfqqs() to return new_bfqq to simplify code. Fixes: 0e456dba86c7 ("block, bfq: choose the last bfqq from merge chain in bfq_setup_cooperator()") Signed-off-by: Yu Kuai <yukuai3(a)huawei.com> Link: https://lore.kernel.org/r/20240909134154.954924-3-yukuai1@huaweicloud.com Signed-off-by: Jens Axboe <axboe(a)kernel.dk> --- block/bfq-iosched.c | 33 ++++++++++++++++----------------- 1 file changed, 16 insertions(+), 17 deletions(-) diff --git a/block/bfq-iosched.c b/block/bfq-iosched.c index 515e3c1a5475..c1600e3ac333 100644 --- a/block/bfq-iosched.c +++ b/block/bfq-iosched.c @@ -2774,10 +2774,12 @@ void bfq_release_process_ref(struct bfq_data *bfqd, struct bfq_queue *bfqq) bfq_put_queue(bfqq); } -static void -bfq_merge_bfqqs(struct bfq_data *bfqd, struct bfq_io_cq *bic, - struct bfq_queue *bfqq, struct bfq_queue *new_bfqq) +static struct bfq_queue *bfq_merge_bfqqs(struct bfq_data *bfqd, + struct bfq_io_cq *bic, + struct bfq_queue *bfqq) { + struct bfq_queue *new_bfqq = bfqq->new_bfqq; + bfq_log_bfqq(bfqd, bfqq, "merging with queue %lu", (unsigned long)new_bfqq->pid); /* Save weight raising and idle window of the merged queues */ @@ -2845,6 +2847,8 @@ bfq_merge_bfqqs(struct bfq_data *bfqd, struct bfq_io_cq *bic, new_bfqq->pid = -1; bfqq->bic = NULL; bfq_release_process_ref(bfqd, bfqq); + + return new_bfqq; } static bool bfq_allow_bio_merge(struct request_queue *q, struct request *rq, @@ -2880,14 +2884,8 @@ static bool bfq_allow_bio_merge(struct request_queue *q, struct request *rq, * fulfilled, i.e., bic can be redirected to new_bfqq * and bfqq can be put. */ - bfq_merge_bfqqs(bfqd, bfqd->bio_bic, bfqq, - new_bfqq); - /* - * If we get here, bio will be queued into new_queue, - * so use new_bfqq to decide whether bio and rq can be - * merged. - */ - bfqq = new_bfqq; + while (bfqq != new_bfqq) + bfqq = bfq_merge_bfqqs(bfqd, bfqd->bio_bic, bfqq); /* * Change also bqfd->bio_bfqq, as @@ -5444,6 +5442,7 @@ static bool __bfq_insert_request(struct bfq_data *bfqd, struct request *rq) bool waiting, idle_timer_disabled = false; if (new_bfqq) { + struct bfq_queue *old_bfqq = bfqq; /* * Release the request's reference to the old bfqq * and make sure one is taken to the shared queue. @@ -5459,18 +5458,18 @@ static bool __bfq_insert_request(struct bfq_data *bfqd, struct request *rq) * then complete the merge and redirect it to * new_bfqq. */ - if (bic_to_bfqq(RQ_BIC(rq), 1) == bfqq) - bfq_merge_bfqqs(bfqd, RQ_BIC(rq), - bfqq, new_bfqq); + if (bic_to_bfqq(RQ_BIC(rq), 1) == bfqq) { + while (bfqq != new_bfqq) + bfqq = bfq_merge_bfqqs(bfqd, RQ_BIC(rq), bfqq); + } - bfq_clear_bfqq_just_created(bfqq); + bfq_clear_bfqq_just_created(old_bfqq); /* * rq is about to be enqueued into new_bfqq, * release rq reference on bfqq */ - bfq_put_queue(bfqq); + bfq_put_queue(old_bfqq); rq->elv.priv[1] = new_bfqq; - bfqq = new_bfqq; } bfq_update_io_thinktime(bfqd, bfqq); -- 2.39.2

4 months, 1 week

1
0
0 0

[PATCH 5.15] block, bfq: fix procress reference leakage for bfqq in merge chain

by Yu Kuai

From: Yu Kuai <yukuai3(a)huawei.com> [ Upstream commit 73aeab373557fa6ee4ae0b742c6211ccd9859280 ] Original state: Process 1 Process 2 Process 3 Process 4 (BIC1) (BIC2) (BIC3) (BIC4) Λ | | | \--------------\ \-------------\ \-------------\| V V V bfqq1--------->bfqq2---------->bfqq3----------->bfqq4 ref 0 1 2 4 After commit 0e456dba86c7 ("block, bfq: choose the last bfqq from merge chain in bfq_setup_cooperator()"), if P1 issues a new IO: Without the patch: Process 1 Process 2 Process 3 Process 4 (BIC1) (BIC2) (BIC3) (BIC4) Λ | | | \------------------------------\ \-------------\| V V bfqq1--------->bfqq2---------->bfqq3----------->bfqq4 ref 0 0 2 4 bfqq3 will be used to handle IO from P1, this is not expected, IO should be redirected to bfqq4; With the patch: ------------------------------------------- | | Process 1 Process 2 Process 3 | Process 4 (BIC1) (BIC2) (BIC3) | (BIC4) | | | | \-------------\ \-------------\| V V bfqq1--------->bfqq2---------->bfqq3----------->bfqq4 ref 0 0 2 4 IO is redirected to bfqq4, however, procress reference of bfqq3 is still 2, while there is only P2 using it. Fix the problem by calling bfq_merge_bfqqs() for each bfqq in the merge chain. Also change bfqq_merge_bfqqs() to return new_bfqq to simplify code. Fixes: 0e456dba86c7 ("block, bfq: choose the last bfqq from merge chain in bfq_setup_cooperator()") Signed-off-by: Yu Kuai <yukuai3(a)huawei.com> Link: https://lore.kernel.org/r/20240909134154.954924-3-yukuai1@huaweicloud.com Signed-off-by: Jens Axboe <axboe(a)kernel.dk> --- block/bfq-iosched.c | 37 +++++++++++++++++-------------------- 1 file changed, 17 insertions(+), 20 deletions(-) diff --git a/block/bfq-iosched.c b/block/bfq-iosched.c index b0bdb5197530..c985c944fa65 100644 --- a/block/bfq-iosched.c +++ b/block/bfq-iosched.c @@ -2981,10 +2981,12 @@ void bfq_release_process_ref(struct bfq_data *bfqd, struct bfq_queue *bfqq) bfq_put_queue(bfqq); } -static void -bfq_merge_bfqqs(struct bfq_data *bfqd, struct bfq_io_cq *bic, - struct bfq_queue *bfqq, struct bfq_queue *new_bfqq) +static struct bfq_queue *bfq_merge_bfqqs(struct bfq_data *bfqd, + struct bfq_io_cq *bic, + struct bfq_queue *bfqq) { + struct bfq_queue *new_bfqq = bfqq->new_bfqq; + bfq_log_bfqq(bfqd, bfqq, "merging with queue %lu", (unsigned long)new_bfqq->pid); /* Save weight raising and idle window of the merged queues */ @@ -3078,6 +3080,8 @@ bfq_merge_bfqqs(struct bfq_data *bfqd, struct bfq_io_cq *bic, bfq_reassign_last_bfqq(bfqq, new_bfqq); bfq_release_process_ref(bfqd, bfqq); + + return new_bfqq; } static bool bfq_allow_bio_merge(struct request_queue *q, struct request *rq, @@ -3113,14 +3117,8 @@ static bool bfq_allow_bio_merge(struct request_queue *q, struct request *rq, * fulfilled, i.e., bic can be redirected to new_bfqq * and bfqq can be put. */ - bfq_merge_bfqqs(bfqd, bfqd->bio_bic, bfqq, - new_bfqq); - /* - * If we get here, bio will be queued into new_queue, - * so use new_bfqq to decide whether bio and rq can be - * merged. - */ - bfqq = new_bfqq; + while (bfqq != new_bfqq) + bfqq = bfq_merge_bfqqs(bfqd, bfqd->bio_bic, bfqq); /* * Change also bqfd->bio_bfqq, as @@ -5482,9 +5480,7 @@ bfq_do_early_stable_merge(struct bfq_data *bfqd, struct bfq_queue *bfqq, * state before killing it. */ bfqq->bic = bic; - bfq_merge_bfqqs(bfqd, bic, bfqq, new_bfqq); - - return new_bfqq; + return bfq_merge_bfqqs(bfqd, bic, bfqq); } /* @@ -5916,6 +5912,7 @@ static bool __bfq_insert_request(struct bfq_data *bfqd, struct request *rq) bool waiting, idle_timer_disabled = false; if (new_bfqq) { + struct bfq_queue *old_bfqq = bfqq; /* * Release the request's reference to the old bfqq * and make sure one is taken to the shared queue. @@ -5931,18 +5928,18 @@ static bool __bfq_insert_request(struct bfq_data *bfqd, struct request *rq) * then complete the merge and redirect it to * new_bfqq. */ - if (bic_to_bfqq(RQ_BIC(rq), 1) == bfqq) - bfq_merge_bfqqs(bfqd, RQ_BIC(rq), - bfqq, new_bfqq); + if (bic_to_bfqq(RQ_BIC(rq), 1) == bfqq) { + while (bfqq != new_bfqq) + bfqq = bfq_merge_bfqqs(bfqd, RQ_BIC(rq), bfqq); + } - bfq_clear_bfqq_just_created(bfqq); + bfq_clear_bfqq_just_created(old_bfqq); /* * rq is about to be enqueued into new_bfqq, * release rq reference on bfqq */ - bfq_put_queue(bfqq); + bfq_put_queue(old_bfqq); rq->elv.priv[1] = new_bfqq; - bfqq = new_bfqq; } bfq_update_io_thinktime(bfqd, bfqq); -- 2.39.2

4 months, 1 week

1
0
0 0

[PATCH 6.1] block, bfq: fix procress reference leakage for bfqq in merge chain

by Yu Kuai

From: Yu Kuai <yukuai3(a)huawei.com> [ Upstream commit 73aeab373557fa6ee4ae0b742c6211ccd9859280 ] Original state: Process 1 Process 2 Process 3 Process 4 (BIC1) (BIC2) (BIC3) (BIC4) Λ | | | \--------------\ \-------------\ \-------------\| V V V bfqq1--------->bfqq2---------->bfqq3----------->bfqq4 ref 0 1 2 4 After commit 0e456dba86c7 ("block, bfq: choose the last bfqq from merge chain in bfq_setup_cooperator()"), if P1 issues a new IO: Without the patch: Process 1 Process 2 Process 3 Process 4 (BIC1) (BIC2) (BIC3) (BIC4) Λ | | | \------------------------------\ \-------------\| V V bfqq1--------->bfqq2---------->bfqq3----------->bfqq4 ref 0 0 2 4 bfqq3 will be used to handle IO from P1, this is not expected, IO should be redirected to bfqq4; With the patch: ------------------------------------------- | | Process 1 Process 2 Process 3 | Process 4 (BIC1) (BIC2) (BIC3) | (BIC4) | | | | \-------------\ \-------------\| V V bfqq1--------->bfqq2---------->bfqq3----------->bfqq4 ref 0 0 2 4 IO is redirected to bfqq4, however, procress reference of bfqq3 is still 2, while there is only P2 using it. Fix the problem by calling bfq_merge_bfqqs() for each bfqq in the merge chain. Also change bfqq_merge_bfqqs() to return new_bfqq to simplify code. Fixes: 0e456dba86c7 ("block, bfq: choose the last bfqq from merge chain in bfq_setup_cooperator()") Signed-off-by: Yu Kuai <yukuai3(a)huawei.com> Link: https://lore.kernel.org/r/20240909134154.954924-3-yukuai1@huaweicloud.com Signed-off-by: Jens Axboe <axboe(a)kernel.dk> --- block/bfq-iosched.c | 37 +++++++++++++++++-------------------- 1 file changed, 17 insertions(+), 20 deletions(-) diff --git a/block/bfq-iosched.c b/block/bfq-iosched.c index bfce6343a577..8e797782cfe3 100644 --- a/block/bfq-iosched.c +++ b/block/bfq-iosched.c @@ -3117,10 +3117,12 @@ void bfq_release_process_ref(struct bfq_data *bfqd, struct bfq_queue *bfqq) bfq_put_queue(bfqq); } -static void -bfq_merge_bfqqs(struct bfq_data *bfqd, struct bfq_io_cq *bic, - struct bfq_queue *bfqq, struct bfq_queue *new_bfqq) +static struct bfq_queue *bfq_merge_bfqqs(struct bfq_data *bfqd, + struct bfq_io_cq *bic, + struct bfq_queue *bfqq) { + struct bfq_queue *new_bfqq = bfqq->new_bfqq; + bfq_log_bfqq(bfqd, bfqq, "merging with queue %lu", (unsigned long)new_bfqq->pid); /* Save weight raising and idle window of the merged queues */ @@ -3214,6 +3216,8 @@ bfq_merge_bfqqs(struct bfq_data *bfqd, struct bfq_io_cq *bic, bfq_reassign_last_bfqq(bfqq, new_bfqq); bfq_release_process_ref(bfqd, bfqq); + + return new_bfqq; } static bool bfq_allow_bio_merge(struct request_queue *q, struct request *rq, @@ -3249,14 +3253,8 @@ static bool bfq_allow_bio_merge(struct request_queue *q, struct request *rq, * fulfilled, i.e., bic can be redirected to new_bfqq * and bfqq can be put. */ - bfq_merge_bfqqs(bfqd, bfqd->bio_bic, bfqq, - new_bfqq); - /* - * If we get here, bio will be queued into new_queue, - * so use new_bfqq to decide whether bio and rq can be - * merged. - */ - bfqq = new_bfqq; + while (bfqq != new_bfqq) + bfqq = bfq_merge_bfqqs(bfqd, bfqd->bio_bic, bfqq); /* * Change also bqfd->bio_bfqq, as @@ -5616,9 +5614,7 @@ bfq_do_early_stable_merge(struct bfq_data *bfqd, struct bfq_queue *bfqq, * state before killing it. */ bfqq->bic = bic; - bfq_merge_bfqqs(bfqd, bic, bfqq, new_bfqq); - - return new_bfqq; + return bfq_merge_bfqqs(bfqd, bic, bfqq); } /* @@ -6066,6 +6062,7 @@ static bool __bfq_insert_request(struct bfq_data *bfqd, struct request *rq) bool waiting, idle_timer_disabled = false; if (new_bfqq) { + struct bfq_queue *old_bfqq = bfqq; /* * Release the request's reference to the old bfqq * and make sure one is taken to the shared queue. @@ -6081,18 +6078,18 @@ static bool __bfq_insert_request(struct bfq_data *bfqd, struct request *rq) * then complete the merge and redirect it to * new_bfqq. */ - if (bic_to_bfqq(RQ_BIC(rq), 1) == bfqq) - bfq_merge_bfqqs(bfqd, RQ_BIC(rq), - bfqq, new_bfqq); + if (bic_to_bfqq(RQ_BIC(rq), 1) == bfqq) { + while (bfqq != new_bfqq) + bfqq = bfq_merge_bfqqs(bfqd, RQ_BIC(rq), bfqq); + } - bfq_clear_bfqq_just_created(bfqq); + bfq_clear_bfqq_just_created(old_bfqq); /* * rq is about to be enqueued into new_bfqq, * release rq reference on bfqq */ - bfq_put_queue(bfqq); + bfq_put_queue(old_bfqq); rq->elv.priv[1] = new_bfqq; - bfqq = new_bfqq; } bfq_update_io_thinktime(bfqd, bfqq); -- 2.39.2

4 months, 1 week

1
0
0 0

[PATCH OLK-6.6 3/3] LoongArch: Define __ARCH_WANT_NEW_STAT in unistd.h

by Hongchen Zhang

From: Huacai Chen <chenhuacai(a)loongson.cn> mainline inclusion from mainline-v6.11-rc1 commit 7697a0fe0154468f5df35c23ebd7aa48994c2cdc category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/IAZ33N CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… ---------------------------------------------------------------------- Chromium sandbox apparently wants to deny statx [1] so it could properly inspect arguments after the sandboxed process later falls back to fstat. Because there's currently not a "fd-only" version of statx, so that the sandbox has no way to ensure the path argument is empty without being able to peek into the sandboxed process's memory. For architectures able to do newfstatat though, glibc falls back to newfstatat after getting -ENOSYS for statx, then the respective SIGSYS handler [2] takes care of inspecting the path argument, transforming allowed newfstatat's into fstat instead which is allowed and has the same type of return value. But, as LoongArch is the first architecture to not have fstat nor newfstatat, the LoongArch glibc does not attempt falling back at all when it gets -ENOSYS for statx -- and you see the problem there! Actually, back when the LoongArch port was under review, people were aware of the same problem with sandboxing clone3 [3], so clone was eventually kept. Unfortunately it seemed at that time no one had noticed statx, so besides restoring fstat/newfstatat to LoongArch uapi (and postponing the problem further), it seems inevitable that we would need to tackle seccomp deep argument inspection. However, this is obviously a decision that shouldn't be taken lightly, so we just restore fstat/newfstatat by defining __ARCH_WANT_NEW_STAT in unistd.h. This is the simplest solution for now, and so we hope the community will tackle the long-standing problem of seccomp deep argument inspection in the future [4][5]. Also add "newstat" to syscall_abis_64 in Makefile.syscalls due to upstream asm-generic changes. More infomation please reading this thread [6]. [1] https://chromium-review.googlesource.com/c/chromium/src/+/2823150 [2] https://chromium.googlesource.com/chromium/src/sandbox/+/c085b51940bd/linux… [3] https://lore.kernel.org/linux-arch/20220511211231.GG7074@brightrain.aerifal… [4] https://lwn.net/Articles/799557/ [5] https://lpc.events/event/4/contributions/560/attachments/397/640/deep-arg-i… [6] https://lore.kernel.org/loongarch/20240226-granit-seilschaft-eccc2433014d@b… Cc: stable(a)vger.kernel.org Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> --- arch/loongarch/include/asm/unistd.h | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/loongarch/include/asm/unistd.h b/arch/loongarch/include/asm/unistd.h index cfddb0116a8c..f1d2b7e5c062 100644 --- a/arch/loongarch/include/asm/unistd.h +++ b/arch/loongarch/include/asm/unistd.h @@ -8,4 +8,5 @@ #include <uapi/asm/unistd.h> +#define __ARCH_WANT_NEW_STAT #define NR_syscalls (__NR_syscalls) -- 2.33.0

4 months, 1 week

1
0
0 0

[PATCH] mm: avoid unconditional one-tick sleep when swapcache_prepare fails

by Barry Song

From: Barry Song <v-songbaohua(a)oppo.com> Commit 13ddaf26be32 ("mm/swap: fix race when skipping swapcache") introduced an unconditional one-tick sleep when `swapcache_prepare()` fails, which has led to reports of UI stuttering on latency-sensitive Android devices. To address this, we can use a waitqueue to wake up tasks that fail `swapcache_prepare()` sooner, instead of always sleeping for a full tick. While tasks may occasionally be woken by an unrelated `do_swap_page()`, this method is preferable to two scenarios: rapid re-entry into page faults, which can cause livelocks, and multiple millisecond sleeps, which visibly degrade user experience. Oven's testing shows that a single waitqueue resolves the UI stuttering issue. If a 'thundering herd' problem becomes apparent later, a waitqueue hash similar to `folio_wait_table[PAGE_WAIT_TABLE_SIZE]` for page bit locks can be introduced. Fixes: 13ddaf26be32 ("mm/swap: fix race when skipping swapcache") Cc: Kairui Song <kasong(a)tencent.com> Cc: "Huang, Ying" <ying.huang(a)intel.com> Cc: Yu Zhao <yuzhao(a)google.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Chris Li <chrisl(a)kernel.org> Cc: Hugh Dickins <hughd(a)google.com> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Minchan Kim <minchan(a)kernel.org> Cc: Yosry Ahmed <yosryahmed(a)google.com> Cc: SeongJae Park <sj(a)kernel.org> Cc: Kalesh Singh <kaleshsingh(a)google.com> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: <stable(a)vger.kernel.org> Reported-by: Oven Liyang <liyangouwen1(a)oppo.com> Tested-by: Oven Liyang <liyangouwen1(a)oppo.com> Signed-off-by: Barry Song <v-songbaohua(a)oppo.com> --- mm/memory.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/mm/memory.c b/mm/memory.c index 2366578015ad..6913174f7f41 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -4192,6 +4192,8 @@ static struct folio *alloc_swap_folio(struct vm_fault *vmf) } #endif /* CONFIG_TRANSPARENT_HUGEPAGE */ +static DECLARE_WAIT_QUEUE_HEAD(swapcache_wq); + /* * We enter with non-exclusive mmap_lock (to exclude vma changes, * but allow concurrent faults), and pte mapped but not yet locked. @@ -4204,6 +4206,7 @@ vm_fault_t do_swap_page(struct vm_fault *vmf) { struct vm_area_struct *vma = vmf->vma; struct folio *swapcache, *folio = NULL; + DECLARE_WAITQUEUE(wait, current); struct page *page; struct swap_info_struct *si = NULL; rmap_t rmap_flags = RMAP_NONE; @@ -4302,7 +4305,9 @@ vm_fault_t do_swap_page(struct vm_fault *vmf) * Relax a bit to prevent rapid * repeated page faults. */ + add_wait_queue(&swapcache_wq, &wait); schedule_timeout_uninterruptible(1); + remove_wait_queue(&swapcache_wq, &wait); goto out_page; } need_clear_cache = true; @@ -4609,8 +4614,10 @@ vm_fault_t do_swap_page(struct vm_fault *vmf) pte_unmap_unlock(vmf->pte, vmf->ptl); out: /* Clear the swap cache pin for direct swapin after PTL unlock */ - if (need_clear_cache) + if (need_clear_cache) { swapcache_clear(si, entry, nr_pages); + wake_up(&swapcache_wq); + } if (si) put_swap_device(si); return ret; @@ -4625,8 +4632,10 @@ vm_fault_t do_swap_page(struct vm_fault *vmf) folio_unlock(swapcache); folio_put(swapcache); } - if (need_clear_cache) + if (need_clear_cache) { swapcache_clear(si, entry, nr_pages); + wake_up(&swapcache_wq); + } if (si) put_swap_device(si); return ret; -- 2.34.1

4 months, 1 week

4
20
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror