Catch up with changes made in android14-5.15, including new symbols to
track the ABI. Changes included here are the following:
* d83231efe4 ANDROID: 16K: Handle pad VMA splits and merges
* 19d6e7eb47 ANDROID: 16K: madvise_vma_pad_pages: Remove filemap_fault check
* ae44e8dac8 ANDROID: 16K: Only madvise padding from dynamic linker context
* ae67f18944 ANDROID: Enable CONFIG_LAZY_RCU in x86 gki_defconfig
* d38091b4ff ANDROID: Enable CONFIG_LAZY_RCU in arm64 gki_defconfig
* 37b02c190c FROMLIST: rcu: Provide a boot time parameter to control lazy RCU
* 4adb60810c ANDROID: rcu: Add a minimum time for marking boot as completed
* 16ea06fe44 UPSTREAM: rcu/kvfree: Move need_offload_krc() out of krcp->lock
* 5d1a3986c2 UPSTREAM: rcu/kfree: Fix kfree_rcu_shrink_count() return value
* 88587c1838 UPSTREAM: rcu/kvfree: Update KFREE_DRAIN_JIFFIES interval
* 5b47d8411d UPSTREAM: rcu/kvfree: Remove useless monitor_todo flag
* 84828604c7 UPSTREAM: scsi/scsi_error: Use call_rcu_hurry() instead of call_rcu()
* a4124a21b1 ANDROID: rxrpc: Use call_rcu_hurry() instead of call_rcu()
* 930bdc0924 UPSTREAM: net: devinet: Reduce refcount before grace period
* 706e751b33 UPSTREAM: rcu: Disable laziness if lazy-tracking says so
* 8568593719 UPSTREAM: rcu: Track laziness during boot and suspend
* f12c162eac UPSTREAM: net: Use call_rcu_hurry() for dst_release()
* ff22b562f0 UPSTREAM: percpu-refcount: Use call_rcu_hurry() for atomic switch
* a4cc1aa22d UPSTREAM: rcu/sync: Use call_rcu_hurry() instead of call_rcu
* 222a4cd66c UPSTREAM: rcu: Refactor code a bit in rcu_nocb_do_flush_bypass()
* f4abe7bb5f BACKPORT: rcu: Shrinker for lazy rcu
* e0297c38a5 BACKPORT: rcu: Make call_rcu() lazy to save power
* 276d33f21a UPSTREAM: rcu: Fix late wakeup when flush of bypass cblist happens
* 24e6758060 BACKPORT: rcu: Fix missing nocb gp wake on rcu_barrier()
* fb310d468a UPSTREAM: netfilter: nft_set_pipapo: do not free live element
* 444a497469 ANDROID: GKI: Update lenovo symbol list
* 978f805a2d ANDROID: GKI: Export css_task_iter_start()
* 0ae4f32634 FROMGIT: coresight: etm4x: Fix access to resource selector registers
* 8ba1802287 BACKPORT: FROMGIT: coresight: etm4x: Safe access for TRCQCLTR
* 6a08c9fb9d FROMGIT: coresight: etm4x: Do not save/restore Data trace control registers
* a02278f990 FROMGIT: coresight: etm4x: Do not hardcode IOMEM access for register restore
* e8e652b8c8 UPSTREAM: af_unix: Fix garbage collector racing against connect()
* 65e0a92c6d UPSTREAM: af_unix: Do not use atomic ops for unix_sk(sk)->inflight.
* 5725caa296 FROMLIST: scsi: ufs: Check for completion from the timeout handler
* 8563ce5895 BACKPORT: FROMLIST: scsi: ufs: Make the polling code report which command has been completed
* 0fcd7a1c7c BACKPORT: FROMLIST: scsi: ufs: Make ufshcd_poll() complain about unsupported arguments
* aa07d6b28d ANDROID: scsi: ufs: Unexport ufshcd_mcq_poll_cqe_nolock()
* 25ebc09178 ANDROID: mm: fix incorrect unlock mmap_lock for speculative swap fault
* 264477e0d8 ANDROID: Update the ABI symbol list
* 084d22016c ANDROID: 16K: Separate padding from ELF LOAD segment mappings
* 37ea0e8485 ANDROID: 16K: Exclude ELF padding for fault around range
* e7bff50b22 ANDROID: 16K: Use MADV_DONTNEED to save VMA padding pages.
* 38cccb9154 ANDROID: 16K: Introduce ELF padding representation for VMAs
* 9274c308d8 ANDROID: 16K: Introduce /sys/kernel/mm/pgsize_miration/enabled
* ceb8c595f8 UPSTREAM: netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path
* ea419cda5c UPSTREAM: netfilter: nf_tables: release batch on table validation from abort path
* 6b883cdac2 UPSTREAM: netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout
* f395ea0980 ANDROID: GKI: update mtktv symbol
* a5d03f57d6 UPSTREAM: netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain
* 0cf6fdfb0a UPSTREAM: HID: playstation: support updated DualSense rumble mode.
* e3da19b218 UPSTREAM: HID: playstation: stop DualSense output work on remove.
* 62085a0e6d UPSTREAM: HID: playstation: convert to use dev_groups
* adce8aae67 UPSTREAM: HID: playstation: fix return from dualsense_player_led_set_brightness()
* c996cb50e2 UPSTREAM: HID: playstation: expose DualSense player LEDs through LED class.
* f011142fea UPSTREAM: leds: add new LED_FUNCTION_PLAYER for player LEDs for game controllers.
* 19cbe31642 UPSTREAM: HID: playstation: expose DualSense lightbar through a multi-color LED.
* 3507c287a6 UPSTREAM: mm: update mark_victim tracepoints fields
* cd4da4b748 Revert "FROMGIT: mm: update mark_victim tracepoints fields"
* 948f42ca2b UPSTREAM: netfilter: nft_set_pipapo: release elements in clone only from destroy path
* 6a45518094 ANDROID: GKI: Update symbol list for Amlogic
* 3de9177e81 ANDROID: GKI: Update symbol list for lenovo
* 668dfb812d FROMLIST: binder: check offset alignment in binder_get_object()
* 3b3c1c80e8 ANDROID: GKI: Update the ABI symbol list
* f600c62d25 ANDROID: GKI: Update symbol list for Amlogic
* d154026d33 ANDROID: GKI: Update the ABI symbol list
* 5f12c91ab0 Merge tag 'android14-5.15.148_r00' into android14-5.15
* ec86765bae ANDROID: KVM: arm64: Fix TLB invalidation when coalescing into a block
* 5854f4c2af ANDROID: KVM: arm64: Fix missing trace event for nVHE dyn HVCs
* 865e6d9df1 UPSTREAM: netfilter: nf_tables: disallow timeout for anonymous sets
* 537e133918 UPSTREAM: arm64: Apply dynamic shadow call stack patching in two passes
* 96305e30e9 ANDROID: userfaultfd: abort uffdio ops if mmap_lock is contended
* 3673533a09 ANDROID: userfaultfd: add MMAP_TRYLOCK mode for COPY/ZEROPAGE
* 3fd32dc171 ANDROID: fix isolate_migratepages_range return value
* 483395b445 Revert "ANDROID: Add CONFIG_BLK_DEV_NULL_BLK=m to gki_defconfig"
* 7b301c7079 ANDROID: fips140 - fix integrity check by unapplying dynamic SCS
* b1f8c25026 ANDROID: fips140 - add option for debugging the integrity check
* 1225d7ed6c ANDROID: fuse-bpf: Fix readdir for getdents
* 37b83a89de BACKPORT: f2fs: split initial and dynamic conditions for extent_cache
* ac4797cea5 UPSTREAM: usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group
* 5aed5c3435 ANDROID: uid_sys_stat: fix data-error of cputime and io
* c3b70e94f1 UPSTREAM: usb: typec: class: fix typec_altmode_put_partner to put plugs
* 282bfc6c30 UPSTREAM: Revert "usb: typec: class: fix typec_altmode_put_partner to put plugs"
* 2390d58862 ANDROID: GKI: Update the ABI symbol list
* 0d0784d6b2 ANDROID: Update ABI for userfaultfd_ctx
* ee9964b308 ANDROID: userfaultfd: allow SPF for UFFD_FEATURE_SIGBUS on private+anon
* 9cef46f39e ANDROID: remove LTO check from build.config.gki.aarch64.fips140
* b74b4cbe62 Revert "interconnect: Fix locking for runpm vs reclaim"
* f115661832 Revert "interconnect: Teach lockdep about icc_bw_lock order"
* d96725ec1a BACKPORT: FROMGIT: PM: runtime: add tracepoint for runtime_status changes
* 4403e2517a UPSTREAM: netfilter: nft_set_rbtree: skip end interval element from gc
* 288abb8b19 ANDROID: PCI: dwc: Wait for the link only if it has been started
* ff1e211db6 ANDROID: null_blk: Support configuring the maximum segment size
* 0ffd03e67d ANDROID: scsi_debug: Support configuring the maximum segment size
* 3ef8e9009c ANDROID: block: Make sub_page_limit_queues available in debugfs
* bed88e7c4f ANDROID: block: Add support for filesystem requests and small segments
* e99e7de8a6 ANDROID: block: Support submitting passthrough requests with small segments
* 3f6018f1b6 ANDROID: block: Support configuring limits below the page size
* 025c278e84 ANDROID: block: Prepare for supporting sub-page limits
* f56ddffe05 ANDROID: block: Use pr_info() instead of printk(KERN_INFO ...)
Change-Id: I6834aac2be94f461b9f59baa696d5d130fc295d9
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
In commit 2a52590ac5 ("virtio-blk: Ensure no requests in virtqueues
before deleting vqs.") the virtio_blk driver adds calls to
blk_mq_freeze_queue and blk_mq_unfreeze_queue, so add them to the
virtual device symbol list so that that target will build properly.
Fixes: 2a52590ac5 ("virtio-blk: Ensure no requests in virtqueues before deleting vqs.")
Change-Id: Iaf7ef825414a5bc3db36cd9479acb0c1a7435e11
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
In some cases a VMA with padding representation may be split, and
therefore the padding flags must be updated accordingly.
There are 3 cases to handle:
Given:
| DDDDPPPP |
where:
- D represents 1 page of data;
- P represents 1 page of padding;
- | represents the boundaries (start/end) of the VMA
1) Split exactly at the padding boundary
| DDDDPPPP | --> | DDDD | PPPP |
- Remove padding flags from the first VMA.
- The second VMA is all padding
2) Split within the padding area
| DDDDPPPP | --> | DDDDPP | PP |
- Subtract the length of the second VMA from the first VMA's
padding.
- The second VMA is all padding, adjust its padding length (flags)
3) Split within the data area
| DDDDPPPP | --> | DD | DDPPPP |
- Remove padding flags from the first VMA.
- The second VMA is has the same padding as from before the split.
To simplify the semantics merging of padding VMAs is not allowed.
If a split produces a VMA that is entirely padding, show_[s]maps()
only outputs the padding VMA entry (as the data entry is of length 0).
Bug: 330117029
Bug: 327600007
Bug: 330767927
Bug: 328266487
Bug: 329803029
Change-Id: Ie2628ced5512e2c7f8af25fabae1f38730c8bb1a
Signed-off-by: Kalesh Singh <kaleshsingh@google.com>
Some file systems like F2FS use a custom filemap_fault ops. Remove this
check, as checking vm_file is sufficient.
Bug: 330117029
Bug: 327600007
Bug: 330767927
Bug: 328266487
Bug: 329803029
Change-Id: Id6a584d934f06650c0a95afd1823669fc77ba2c2
Signed-off-by: Kalesh Singh <kaleshsingh@google.com>
Only preform padding advise from the execution context on bionic's
dynamic linker. This ensures that madvise() doesn't have unwanted
side effects.
Also rearrange the order of fail checks in madvise_vma_pad_pages()
in order of ascending cost.
Bug: 330117029
Bug: 327600007
Bug: 330767927
Bug: 328266487
Bug: 329803029
Change-Id: I3e05b8780c6eda78007f86b613f8c11dd18ac28f
Signed-off-by: Kalesh Singh <kaleshsingh@google.com>
It is still disabled by default. Must specify
rcutree.android_enable_rcu_lazy and rcu_nocbs=all in boot time parameter
to actually enable it.
Bug: 258241771
Change-Id: Ic9e15b846d58ffa3d5dd81842c568da79352ff2d
Signed-off-by: Qais Yousef <qyousef@google.com>
It is still disabled by default. Must specify
rcutree.android_enable_rcu_lazy and rcu_nocbs=all in boot time parameter
to actually enable it.
Bug: 258241771
Change-Id: I11c920aa5edde2fc42ab54245cd198eb8cb47616
Signed-off-by: Qais Yousef <qyousef@google.com>
To allow more flexible arrangements while still provide a single kernel
for distros, provide a boot time parameter to enable/disable lazy RCU.
Specify:
rcutree.enable_rcu_lazy=[y|1|n|0]
Which also requires
rcu_nocbs=all
at boot time to enable/disable lazy RCU.
To disable it by default at build time when CONFIG_RCU_LAZY=y, the new
CONFIG_RCU_LAZY_DEFAULT_OFF can be used.
Bug: 258241771
Signed-off-by: Qais Yousef (Google) <qyousef@layalina.io>
Tested-by: Andrea Righi <andrea.righi@canonical.com>
Signed-off-by: Paul E. McKenney <paulmck@kernel.org>
Link: https://lore.kernel.org/lkml/20231203011252.233748-1-qyousef@layalina.io/
[Fix trivial conflicts rejecting newer code that doesn't exist on 5.15]
Signed-off-by: Qais Yousef <qyousef@google.com>
Change-Id: Ib5585ae717a2ba7749f2802101b785c4e5de8a90
On many systems, a great deal of boot (in userspace) happens after the
kernel thinks the boot has completed. It is difficult to determine if
the system has really booted from the kernel side. Some features like
lazy-RCU can risk slowing down boot time if, say, a callback has been
added that the boot synchronously depends on. Further expedited callbacks
can get unexpedited way earlier than it should be, thus slowing down
boot (as shown in the data below).
For these reasons, this commit adds a config option
'CONFIG_RCU_BOOT_END_DELAY' and a boot parameter rcupdate.boot_end_delay.
Userspace can also make RCU's view of the system as booted, by writing the
time in milliseconds to: /sys/module/rcupdate/parameters/android_rcu_boot_end_delay
Or even just writing a value of 0 to this sysfs node.
However, under no circumstance will the boot be allowed to end earlier
than just before init is launched.
The default value of CONFIG_RCU_BOOT_END_DELAY is chosen as 15s. This
suites ChromeOS and also a PREEMPT_RT system below very well, which need
no config or parameter changes, and just a simple application of this
patch. A system designer can also choose a specific value here to keep
RCU from marking boot completion. As noted earlier, RCU's perspective
of the system as booted will not be marker until at least
android_rcu_boot_end_delay milliseconds have passed or an update is made
via writing a small value (or 0) in milliseconds to:
/sys/module/rcupdate/parameters/android_rcu_boot_end_delay.
One side-effect of this patch is, there is a risk that a real-time workload
launched just after the kernel boots will suffer interruptions due to expedited
RCU, which previous ended just before init was launched. However, to mitigate
such an issue (however unlikely), the user should either tune
CONFIG_RCU_BOOT_END_DELAY to a smaller value than 15 seconds or write a value
of 0 to /sys/module/rcupdate/parameters/android_rcu_boot_end_delay, once userspace
boots, and before launching the real-time workload.
Qiuxu also noted impressive boot-time improvements with earlier version
of patch. An excerpt from the data he shared:
1) Testing environment:
OS : CentOS Stream 8 (non-RT OS)
Kernel : v6.2
Machine : Intel Cascade Lake server (2 sockets, each with 44 logical threads)
Qemu args : -cpu host -enable-kvm, -smp 88,threads=2,sockets=2, …
2) OS boot time definition:
The time from the start of the kernel boot to the shell command line
prompt is shown from the console. [ Different people may have
different OS boot time definitions. ]
3) Measurement method (very rough method):
A timer in the kernel periodically prints the boot time every 100ms.
As soon as the shell command line prompt is shown from the console,
we record the boot time printed by the timer, then the printed boot
time is the OS boot time.
4) Measured OS boot time (in seconds)
a) Measured 10 times w/o this patch:
8.7s, 8.4s, 8.6s, 8.2s, 9.0s, 8.7s, 8.8s, 9.3s, 8.8s, 8.3s
The average OS boot time was: ~8.7s
b) Measure 10 times w/ this patch:
8.5s, 8.2s, 7.6s, 8.2s, 8.7s, 8.2s, 7.8s, 8.2s, 9.3s, 8.4s
The average OS boot time was: ~8.3s.
(CHROMIUM tag rationale: Submitted upstream but got lots of pushback as
it may harm a PREEMPT_RT system -- the concern is VERY theoretical and
this improves things for ChromeOS. Plus we are not a PREEMPT_RT system.
So I am strongly suggesting this mostly simple change for ChromeOS.)
Bug: 258241771
Bug: 268129466
Test: boot
Tested-by: Qiuxu Zhuo <qiuxu.zhuo@intel.com>
Change-Id: Ibd262189d7f92dbcc57f1508efe90fcfba95a6cc
Signed-off-by: Joel Fernandes (Google) <joel@joelfernandes.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/third_party/kernel/+/4350228
Commit-Queue: Joel Fernandes <joelaf@google.com>
Commit-Queue: Vineeth Pillai <vineethrp@google.com>
Tested-by: Vineeth Pillai <vineethrp@google.com>
Tested-by: Joel Fernandes <joelaf@google.com>
Reviewed-by: Vineeth Pillai <vineethrp@google.com>
(cherry picked from commit 7968079ec77b320ee9d4115fe13048a8f7afbc02)
[Cherry picked from chromeos-5.15 tree. Minor tweaks to commit message
to match Android style. Prefix boot param with android_]
Signed-off-by: Qais Yousef <qyousef@google.com>
The need_offload_krc() function currently holds the krcp->lock in order
to safely check krcp->head. This commit removes the need for this lock
in that function by updating the krcp->head pointer using WRITE_ONCE()
macro so that readers can carry out lockless loads of that pointer.
Bug: 258241771
Signed-off-by: Uladzislau Rezki (Sony) <urezki@gmail.com>
Signed-off-by: Paul E. McKenney <paulmck@kernel.org>
(cherry picked from commit 8fc5494ad5)
Signed-off-by: Qais Yousef <qyousef@google.com>
Change-Id: Iddde5ec15e8574216abc95d8c64efa5c66868508
As per the comments in include/linux/shrinker.h, .count_objects callback
should return the number of freeable items, but if there are no objects
to free, SHRINK_EMPTY should be returned. The only time 0 is returned
should be when we are unable to determine the number of objects, or the
cache should be skipped for another reason.
Signed-off-by: Joel Fernandes (Google) <joel@joelfernandes.org>
Reviewed-by: Uladzislau Rezki (Sony) <urezki@gmail.com>
Signed-off-by: Paul E. McKenney <paulmck@kernel.org>
(cherry picked from commit 3826909635)
Bug: 258241771
Bug: 222463781
Test: CQ
Change-Id: I5cb380fceaccc85971a47773d9058f0ea044c6dd
Signed-off-by: Joel Fernandes <joelaf@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/third_party/kernel/+/4332178
Reviewed-by: Vineeth Pillai <vineethrp@google.com>
Reviewed-by: Sean Paul <sean@poorly.run>
(cherry picked from commit 3243f1e22bf915c9b805a96cc4a8cbc03ed5d7a8)
[Cherry picked from chromeos-5.15 tree. Minor tweaks to commit message
to match Android style]
Signed-off-by: Qais Yousef <qyousef@google.com>
Currently the monitor work is scheduled with a fixed interval of HZ/20,
which is roughly 50 milliseconds. The drawback of this approach is
low utilization of the 512 page slots in scenarios with infrequence
kvfree_rcu() calls. For example on an Android system:
<snip>
kworker/3:3-507 [003] .... 470.286305: rcu_invoke_kfree_bulk_callback: rcu_preempt bulk=0x00000000d0f0dde5 nr_records=6
kworker/6:1-76 [006] .... 470.416613: rcu_invoke_kfree_bulk_callback: rcu_preempt bulk=0x00000000ea0d6556 nr_records=1
kworker/6:1-76 [006] .... 470.416625: rcu_invoke_kfree_bulk_callback: rcu_preempt bulk=0x000000003e025849 nr_records=9
kworker/3:3-507 [003] .... 471.390000: rcu_invoke_kfree_bulk_callback: rcu_preempt bulk=0x00000000815a8713 nr_records=48
kworker/1:1-73 [001] .... 471.725785: rcu_invoke_kfree_bulk_callback: rcu_preempt bulk=0x00000000fda9bf20 nr_records=3
kworker/1:1-73 [001] .... 471.725833: rcu_invoke_kfree_bulk_callback: rcu_preempt bulk=0x00000000a425b67b nr_records=76
kworker/0:4-1411 [000] .... 472.085673: rcu_invoke_kfree_bulk_callback: rcu_preempt bulk=0x000000007996be9d nr_records=1
kworker/0:4-1411 [000] .... 472.085728: rcu_invoke_kfree_bulk_callback: rcu_preempt bulk=0x00000000d0f0dde5 nr_records=5
kworker/6:1-76 [006] .... 472.260340: rcu_invoke_kfree_bulk_callback: rcu_preempt bulk=0x0000000065630ee4 nr_records=102
<snip>
In many cases, out of 512 slots, fewer than 10 were actually used.
In order to improve batching and make utilization more efficient this
commit sets a drain interval to a fixed 5-seconds interval. Floods are
detected when a page fills quickly, and in that case, the reclaim work
is re-scheduled for the next scheduling-clock tick (jiffy).
After this change:
<snip>
kworker/7:1-371 [007] .... 5630.725708: rcu_invoke_kfree_bulk_callback: rcu_preempt bulk=0x000000005ab0ffb3 nr_records=121
kworker/7:1-371 [007] .... 5630.989702: rcu_invoke_kfree_bulk_callback: rcu_preempt bulk=0x0000000060c84761 nr_records=47
kworker/7:1-371 [007] .... 5630.989714: rcu_invoke_kfree_bulk_callback: rcu_preempt bulk=0x000000000babf308 nr_records=510
kworker/7:1-371 [007] .... 5631.553790: rcu_invoke_kfree_bulk_callback: rcu_preempt bulk=0x00000000bb7bd0ef nr_records=169
kworker/7:1-371 [007] .... 5631.553808: rcu_invoke_kfree_bulk_callback: rcu_preempt bulk=0x0000000044c78753 nr_records=510
kworker/5:6-9428 [005] .... 5631.746102: rcu_invoke_kfree_bulk_callback: rcu_preempt bulk=0x00000000d98519aa nr_records=123
kworker/4:7-9434 [004] .... 5632.001758: rcu_invoke_kfree_bulk_callback: rcu_preempt bulk=0x00000000526c9d44 nr_records=322
kworker/4:7-9434 [004] .... 5632.002073: rcu_invoke_kfree_bulk_callback: rcu_preempt bulk=0x000000002c6a8afa nr_records=185
kworker/7:1-371 [007] .... 5632.277515: rcu_invoke_kfree_bulk_callback: rcu_preempt bulk=0x000000007f4a962f nr_records=510
<snip>
Here, all but one of the cases, more than one hundreds slots were used,
representing an order-of-magnitude improvement.
Signed-off-by: Uladzislau Rezki (Sony) <urezki@gmail.com>
Signed-off-by: Paul E. McKenney <paulmck@kernel.org>
(cherry picked from commit 51824b780b)
Bug: 258241771
Bug: 222463781
Test: CQ
Change-Id: I4635ba0dbece4e029d5271ef3950b8eaa1ae5e81
Signed-off-by: Joel Fernandes <joelaf@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/third_party/kernel/+/4332177
Reviewed-by: Vineeth Pillai <vineethrp@google.com>
Reviewed-by: Sean Paul <sean@poorly.run>
(cherry picked from commit b1bf359877e084383be107bf0008d58d0a6b15e3)
[Conflict due to 71cf9c9835 adding a new
function in the same location.
Cherry picked from chromeos-5.15 tree. Minor tweaks to commit message
to match Android style]
Signed-off-by: Qais Yousef <qyousef@google.com>
monitor_todo is not needed as the work struct already tracks
if work is pending. Just use that to know if work is pending
using schedule_delayed_work() helper.
Signed-off-by: Joel Fernandes (Google) <joel@joelfernandes.org>
Signed-off-by: Uladzislau Rezki (Sony) <urezki@gmail.com>
Signed-off-by: Paul E. McKenney <paulmck@kernel.org>
Reviewed-by: Neeraj Upadhyay <quic_neeraju@quicinc.com>
(cherry picked from commit 82d26c36cc)
Bug: 258241771
Bug: 222463781
Test: CQ
Change-Id: I4c13f89da735a628a5030ab55a13e338b97da4b8
Signed-off-by: Joel Fernandes <joelaf@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/third_party/kernel/+/4332176
Reviewed-by: Sean Paul <sean@poorly.run>
Reviewed-by: Vineeth Pillai <vineethrp@google.com>
(cherry picked from commit bb867be28d6a70b36ff1d6563f794c489072ab7e)
[Minor conflict with 71cf9c9835 where it
added a new function in the same location.
Cherry picked from chromeos-5.15 tree. Minor tweaks to commit message
to match Android style]
Signed-off-by: Qais Yousef <qyousef@google.com>
Earlier commits in this series allow battery-powered systems to build
their kernels with the default-disabled CONFIG_RCU_LAZY=y Kconfig option.
This Kconfig option causes call_rcu() to delay its callbacks in order
to batch them. This means that a given RCU grace period covers more
callbacks, thus reducing the number of grace periods, in turn reducing
the amount of energy consumed, which increases battery lifetime which
can be a very good thing. This is not a subtle effect: In some important
use cases, the battery lifetime is increased by more than 10%.
This CONFIG_RCU_LAZY=y option is available only for CPUs that offload
callbacks, for example, CPUs mentioned in the rcu_nocbs kernel boot
parameter passed to kernels built with CONFIG_RCU_NOCB_CPU=y.
Delaying callbacks is normally not a problem because most callbacks do
nothing but free memory. If the system is short on memory, a shrinker
will kick all currently queued lazy callbacks out of their laziness,
thus freeing their memory in short order. Similarly, the rcu_barrier()
function, which blocks until all currently queued callbacks are invoked,
will also kick lazy callbacks, thus enabling rcu_barrier() to complete
in a timely manner.
However, there are some cases where laziness is not a good option.
For example, synchronize_rcu() invokes call_rcu(), and blocks until
the newly queued callback is invoked. It would not be a good for
synchronize_rcu() to block for ten seconds, even on an idle system.
Therefore, synchronize_rcu() invokes call_rcu_hurry() instead of
call_rcu(). The arrival of a non-lazy call_rcu_hurry() callback on a
given CPU kicks any lazy callbacks that might be already queued on that
CPU. After all, if there is going to be a grace period, all callbacks
might as well get full benefit from it.
Yes, this could be done the other way around by creating a
call_rcu_lazy(), but earlier experience with this approach and
feedback at the 2022 Linux Plumbers Conference shifted the approach
to call_rcu() being lazy with call_rcu_hurry() for the few places
where laziness is inappropriate.
And another call_rcu() instance that cannot be lazy is the one in the
scsi_eh_scmd_add() function. Leaving this instance lazy results in
unacceptably slow boot times.
Therefore, make scsi_eh_scmd_add() use call_rcu_hurry() in order to
revert to the old behavior.
[ paulmck: Apply s/call_rcu_flush/call_rcu_hurry/ feedback from Tejun Heo. ]
Bug: 258241771
Bug: 222463781
Test: CQ
Tested-by: Joel Fernandes (Google) <joel@joelfernandes.org>
Change-Id: I95bba865e582b0a12b1c09ba1f0bd4f897401c07
Signed-off-by: Uladzislau Rezki <urezki@gmail.com>
Signed-off-by: Joel Fernandes (Google) <joel@joelfernandes.org>
Cc: "James E.J. Bottomley" <jejb@linux.ibm.com>
Cc: <linux-scsi@vger.kernel.org>
Reviewed-by: Bart Van Assche <bvanassche@acm.org>
Acked-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Paul E. McKenney <paulmck@kernel.org>
(cherry picked from commit 54d87b0a0c)
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/third_party/kernel/+/4318056
Commit-Queue: Joel Fernandes <joelaf@google.com>
Reviewed-by: Sean Paul <sean@poorly.run>
Reviewed-by: Vineeth Pillai <vineethrp@google.com>
Tested-by: Joel Fernandes <joelaf@google.com>
(cherry picked from commit 5578f9ac27d25e3e57a5b9c4cf0346cfc5162994)
[Cherry picked from chromeos-5.15 tree. Minor tweaks to commit message
to match Android style]
Signed-off-by: Qais Yousef <qyousef@google.com>
Currently, the inetdev_destroy() function waits for an RCU grace period
before decrementing the refcount and freeing memory. This causes a delay
with a new RCU configuration that tries to save power, which results in the
network interface disappearing later than expected. The resulting delay
causes test failures on ChromeOS.
Refactor the code such that the refcount is freed before the grace period
and memory is freed after. With this a ChromeOS network test passes that
does 'ip netns del' and polls for an interface disappearing, now passes.
Bug: 258241771
Bug: 222463781
Test: CQ
Reported-by: Joel Fernandes (Google) <joel@joelfernandes.org>
Change-Id: I98b13c5a8fb9696c1111219d774cf91c8b14b4c5
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Joel Fernandes (Google) <joel@joelfernandes.org>
Cc: David Ahern <dsahern@kernel.org>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>
Cc: Jakub Kicinski <kuba@kernel.org>
Cc: Paolo Abeni <pabeni@redhat.com>
Cc: <netdev@vger.kernel.org>
Signed-off-by: Paul E. McKenney <paulmck@kernel.org>
(cherry picked from commit 9d40c84cf5)
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/third_party/kernel/+/4318054
Tested-by: Joel Fernandes <joelaf@google.com>
Reviewed-by: Vineeth Pillai <vineethrp@google.com>
Commit-Queue: Joel Fernandes <joelaf@google.com>
Reviewed-by: Sean Paul <sean@poorly.run>
(cherry picked from commit 3c0f4bb182d6b0be5424947b53019e92bea8b38c)
[Cherry picked from chromeos-5.15 tree. Minor tweaks to commit message
to match Android style]
Signed-off-by: Qais Yousef <qyousef@google.com>
During suspend, we see failures to suspend 1 in 300-500 suspends.
Looking closer, it appears that asynchronous RCU callbacks are being
queued as lazy even though synchronous callbacks are expedited. These
delays appear to not be very welcome by the suspend/resume code as
evidenced by these occasional suspend failures.
This commit modifies call_rcu() to check if rcu_async_should_hurry(),
which will return true if we are in suspend or in-kernel boot.
[ paulmck: Alphabetize local variables. ]
Ignoring the lazy hint makes the 3000 suspend/resume cycles pass
reliably on a 12th gen 12-core Intel CPU, and there is some evidence
that it also slightly speeds up boot performance.
Bug: 258241771
Bug: 222463781
Test: CQ
Fixes: 3cb278e73b ("rcu: Make call_rcu() lazy to save power")
Change-Id: I4cfe6f43de8bae9a6c034831c79d9773199d6d29
Signed-off-by: Joel Fernandes (Google) <joel@joelfernandes.org>
Signed-off-by: Paul E. McKenney <paulmck@kernel.org>
(cherry picked from commit cf7066b97e)
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/third_party/kernel/+/4318052
Reviewed-by: Sean Paul <sean@poorly.run>
Reviewed-by: Vineeth Pillai <vineethrp@google.com>
Tested-by: Joel Fernandes <joelaf@google.com>
Commit-Queue: Joel Fernandes <joelaf@google.com>
(cherry picked from commit e59686da91b689d3771a09f3eae37db5f40d3f75)
[Cherry picked from chromeos-5.15 tree. Minor tweaks to commit message
to match Android style]
Signed-off-by: Qais Yousef <qyousef@google.com>
Boot and suspend/resume should not be slowed down in kernels built with
CONFIG_RCU_LAZY=y. In particular, suspend can sometimes fail in such
kernels.
This commit therefore adds rcu_async_hurry(), rcu_async_relax(), and
rcu_async_should_hurry() functions that track whether or not either
a boot or a suspend/resume operation is in progress. This will
enable a later commit to refrain from laziness during those times.
Export rcu_async_should_hurry(), rcu_async_hurry(), and rcu_async_relax()
for later use by rcutorture.
[ paulmck: Apply feedback from Steve Rostedt. ]
Bug: 258241771
Bug: 222463781
Test: CQ
Fixes: 3cb278e73b ("rcu: Make call_rcu() lazy to save power")
Change-Id: Ieb2f2d484a33cfbd71f71c8e3dbcfc05cd7efe8c
Signed-off-by: Joel Fernandes (Google) <joel@joelfernandes.org>
Signed-off-by: Paul E. McKenney <paulmck@kernel.org>
(cherry picked from commit 6efdda8bec)
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/third_party/kernel/+/4318051
Reviewed-by: Vineeth Pillai <vineethrp@google.com>
Reviewed-by: Sean Paul <sean@poorly.run>
Tested-by: Joel Fernandes <joelaf@google.com>
Commit-Queue: Joel Fernandes <joelaf@google.com>
(cherry picked from commit 8bc7efc64c84da753f2174a7071c8f1a7823d2bb)
[Cherry picked from chromeos-5.15 tree. Minor tweaks to commit message
to match Android style]
Signed-off-by: Qais Yousef <qyousef@google.com>
In a networking test on ChromeOS, kernels built with the new
CONFIG_RCU_LAZY=y Kconfig option fail a networking test in the teardown
phase.
This failure may be reproduced as follows: ip netns del <name>
The CONFIG_RCU_LAZY=y Kconfig option was introduced by earlier commits
in this series for the benefit of certain battery-powered systems.
This Kconfig option causes call_rcu() to delay its callbacks in order
to batch them. This means that a given RCU grace period covers more
callbacks, thus reducing the number of grace periods, in turn reducing
the amount of energy consumed, which increases battery lifetime which
can be a very good thing. This is not a subtle effect: In some important
use cases, the battery lifetime is increased by more than 10%.
This CONFIG_RCU_LAZY=y option is available only for CPUs that offload
callbacks, for example, CPUs mentioned in the rcu_nocbs kernel boot
parameter passed to kernels built with CONFIG_RCU_NOCB_CPU=y.
Delaying callbacks is normally not a problem because most callbacks do
nothing but free memory. If the system is short on memory, a shrinker
will kick all currently queued lazy callbacks out of their laziness,
thus freeing their memory in short order. Similarly, the rcu_barrier()
function, which blocks until all currently queued callbacks are invoked,
will also kick lazy callbacks, thus enabling rcu_barrier() to complete
in a timely manner.
However, there are some cases where laziness is not a good option.
For example, synchronize_rcu() invokes call_rcu(), and blocks until
the newly queued callback is invoked. It would not be a good for
synchronize_rcu() to block for ten seconds, even on an idle system.
Therefore, synchronize_rcu() invokes call_rcu_hurry() instead of
call_rcu(). The arrival of a non-lazy call_rcu_hurry() callback on a
given CPU kicks any lazy callbacks that might be already queued on that
CPU. After all, if there is going to be a grace period, all callbacks
might as well get full benefit from it.
Yes, this could be done the other way around by creating a
call_rcu_lazy(), but earlier experience with this approach and
feedback at the 2022 Linux Plumbers Conference shifted the approach
to call_rcu() being lazy with call_rcu_hurry() for the few places
where laziness is inappropriate.
Returning to the test failure, use of ftrace showed that this failure
cause caused by the aadded delays due to this new lazy behavior of
call_rcu() in kernels built with CONFIG_RCU_LAZY=y.
Therefore, make dst_release() use call_rcu_hurry() in order to revert
to the old test-failure-free behavior.
[ paulmck: Apply s/call_rcu_flush/call_rcu_hurry/ feedback from Tejun Heo. ]
Bug: 258241771
Bug: 222463781
Test: CQ
Change-Id: Ifd64083bd210a9dfe94c179152f27d310c179507
Signed-off-by: Joel Fernandes (Google) <joel@joelfernandes.org>
Cc: David Ahern <dsahern@kernel.org>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>
Cc: Jakub Kicinski <kuba@kernel.org>
Cc: Paolo Abeni <pabeni@redhat.com>
Cc: <netdev@vger.kernel.org>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Paul E. McKenney <paulmck@kernel.org>
(cherry picked from commit 483c26ff63)
Signed-off-by: Joel Fernandes <joelaf@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/third_party/kernel/+/4318050
Reviewed-by: Sean Paul <sean@poorly.run>
Reviewed-by: Vineeth Pillai <vineethrp@google.com>
(cherry picked from commit e0886387489fed8a60e7e0f107b95fb9c0241930)
[Cherry picked from chromeos-5.15 tree. Minor tweaks to commit message
to match Android style]
Signed-off-by: Qais Yousef <qyousef@google.com>
Earlier commits in this series allow battery-powered systems to build
their kernels with the default-disabled CONFIG_RCU_LAZY=y Kconfig option.
This Kconfig option causes call_rcu() to delay its callbacks in order to
batch callbacks. This means that a given RCU grace period covers more
callbacks, thus reducing the number of grace periods, in turn reducing
the amount of energy consumed, which increases battery lifetime which
can be a very good thing. This is not a subtle effect: In some important
use cases, the battery lifetime is increased by more than 10%.
This CONFIG_RCU_LAZY=y option is available only for CPUs that offload
callbacks, for example, CPUs mentioned in the rcu_nocbs kernel boot
parameter passed to kernels built with CONFIG_RCU_NOCB_CPU=y.
Delaying callbacks is normally not a problem because most callbacks do
nothing but free memory. If the system is short on memory, a shrinker
will kick all currently queued lazy callbacks out of their laziness,
thus freeing their memory in short order. Similarly, the rcu_barrier()
function, which blocks until all currently queued callbacks are invoked,
will also kick lazy callbacks, thus enabling rcu_barrier() to complete
in a timely manner.
However, there are some cases where laziness is not a good option.
For example, synchronize_rcu() invokes call_rcu(), and blocks until
the newly queued callback is invoked. It would not be a good for
synchronize_rcu() to block for ten seconds, even on an idle system.
Therefore, synchronize_rcu() invokes call_rcu_hurry() instead of
call_rcu(). The arrival of a non-lazy call_rcu_hurry() callback on a
given CPU kicks any lazy callbacks that might be already queued on that
CPU. After all, if there is going to be a grace period, all callbacks
might as well get full benefit from it.
Yes, this could be done the other way around by creating a
call_rcu_lazy(), but earlier experience with this approach and
feedback at the 2022 Linux Plumbers Conference shifted the approach
to call_rcu() being lazy with call_rcu_hurry() for the few places
where laziness is inappropriate.
And another call_rcu() instance that cannot be lazy is the one on the
percpu refcounter's "per-CPU to atomic switch" code path, which
uses RCU when switching to atomic mode. The enqueued callback
wakes up waiters waiting in the percpu_ref_switch_waitq. Allowing
this callback to be lazy would result in unacceptable slowdowns for
users of per-CPU refcounts, such as blk_pre_runtime_suspend().
Therefore, make __percpu_ref_switch_to_atomic() use call_rcu_hurry()
in order to revert to the old behavior.
[ paulmck: Apply s/call_rcu_flush/call_rcu_hurry/ feedback from Tejun Heo. ]
Bug: 258241771
Bug: 222463781
Test: CQ
Change-Id: Icc325f69d0df1a37b6f1de02a284e1fabf20e366
Signed-off-by: Joel Fernandes (Google) <joel@joelfernandes.org>
Acked-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Paul E. McKenney <paulmck@kernel.org>
Cc: Dennis Zhou <dennis@kernel.org>
Cc: Christoph Lameter <cl@linux.com>
Cc: <linux-mm@kvack.org>
(cherry picked from commit 343a72e5e3)
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/third_party/kernel/+/4318049
Reviewed-by: Vineeth Pillai <vineethrp@google.com>
Reviewed-by: Sean Paul <sean@poorly.run>
Tested-by: Joel Fernandes <joelaf@google.com>
Commit-Queue: Joel Fernandes <joelaf@google.com>
(cherry picked from commit dfd536f499642cd18679cc64c79a8fb275137f45)
[Cherry picked from chromeos-5.15 tree. Minor tweaks to commit message
to match Android style]
Signed-off-by: Qais Yousef <qyousef@google.com>
call_rcu() changes to save power will slow down rcu sync. Use the
call_rcu_hurry() API instead which reverts to the old behavior.
[ paulmck: Apply s/call_rcu_flush/call_rcu_hurry/ feedback from Tejun Heo. ]
Bug: 258241771
Bug: 222463781
Test: CQ
Change-Id: I5123ba52f47676305dbcfa1233bf3b41f140766c
Signed-off-by: Joel Fernandes (Google) <joel@joelfernandes.org>
Signed-off-by: Paul E. McKenney <paulmck@kernel.org>
(cherry picked from commit 7651d6b250)
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/third_party/kernel/+/4318048
Reviewed-by: Sean Paul <sean@poorly.run>
Commit-Queue: Joel Fernandes <joelaf@google.com>
Reviewed-by: Vineeth Pillai <vineethrp@google.com>
Tested-by: Joel Fernandes <joelaf@google.com>
(cherry picked from commit 183fce4e1bfbbae1266ec90c6bb871b51d7af81c)
[Cherry picked from chromeos-5.15 tree. Minor tweaks to commit message
to match Android style]
Signed-off-by: Qais Yousef <qyousef@google.com>
The shrinker is used to speed up the free'ing of memory potentially held
by RCU lazy callbacks. RCU kernel module test cases show this to be
effective. Test is introduced in a later patch.
[Joel: register_shrinker() argument list change.]
Bug: 258241771
Bug: 222463781
Test: CQ
Change-Id: I6a73a9dae79ff35feca37abe2663e55a0f46dda8
Signed-off-by: Vineeth Pillai <vineeth@bitbyteword.org>
Signed-off-by: Joel Fernandes (Google) <joel@joelfernandes.org>
Signed-off-by: Paul E. McKenney <paulmck@kernel.org>
(cherry picked from commit c945b4da7a)
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/third_party/kernel/+/4318046
Tested-by: Joel Fernandes <joelaf@google.com>
Reviewed-by: Vineeth Pillai <vineethrp@google.com>
Commit-Queue: Joel Fernandes <joelaf@google.com>
(cherry picked from commit 2cf50ca2e7c3bc08f5182fc517a89a65e8dca7e3)
[Cherry picked from chromeos-5.15 tree. Minor tweaks to commit message
to match Android style]
Signed-off-by: Qais Yousef <qyousef@google.com>
Implement timer-based RCU callback batching (also known as lazy
callbacks). With this we save about 5-10% of power consumed due
to RCU requests that happen when system is lightly loaded or idle.
By default, all async callbacks (queued via call_rcu) are marked
lazy. An alternate API call_rcu_hurry() is provided for the few users,
for example synchronize_rcu(), that need the old behavior.
The batch is flushed whenever a certain amount of time has passed, or
the batch on a particular CPU grows too big. Also memory pressure will
flush it in a future patch.
To handle several corner cases automagically (such as rcu_barrier() and
hotplug), we re-use bypass lists which were originally introduced to
address lock contention, to handle lazy CBs as well. The bypass list
length has the lazy CB length included in it. A separate lazy CB length
counter is also introduced to keep track of the number of lazy CBs.
[ paulmck: Fix formatting of inline call_rcu_lazy() definition. ]
[ paulmck: Apply Zqiang feedback. ]
[ paulmck: Apply s/call_rcu_flush/call_rcu_hurry/ feedback from Tejun Heo. ]
[ joelaf: Small changes for 5.15 backport. ]
Suggested-by: Paul McKenney <paulmck@kernel.org>
Acked-by: Frederic Weisbecker <frederic@kernel.org>
Signed-off-by: Joel Fernandes (Google) <joel@joelfernandes.org>
Signed-off-by: Paul E. McKenney <paulmck@kernel.org>
Bug: 258241771
Bug: 222463781
Test: CQ
(cherry picked from commit 3cb278e73bhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master)
Change-Id: I557d5af2a5d317bd66e9ec55ed40822bb5c54390
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/third_party/kernel/+/4318045
Reviewed-by: Vineeth Pillai <vineethrp@google.com>
Commit-Queue: Joel Fernandes <joelaf@google.com>
Tested-by: Joel Fernandes <joelaf@google.com>
(cherry picked from commit b30e520b9da88a5de115ed5b2c1b2aa89de9e214)
[Cherry picked from chromeos-5.15 tree. Minor tweaks to commit message
to match Android style]
Signed-off-by: Qais Yousef <qyousef@google.com>
When the bypass cblist gets too big or its timeout has occurred, it is
flushed into the main cblist. However, the bypass timer is still running
and the behavior is that it would eventually expire and wake the GP
thread.
Since we are going to use the bypass cblist for lazy CBs, do the wakeup
soon as the flush for "too big or too long" bypass list happens.
Otherwise, long delays can happen for callbacks which get promoted from
lazy to non-lazy.
This is a good thing to do anyway (regardless of future lazy patches),
since it makes the behavior consistent with behavior of other code paths
where flushing into the ->cblist makes the GP kthread into a
non-sleeping state quickly.
[ Frederic Weisbecker: Changes to avoid unnecessary GP-thread wakeups plus
comment changes. ]
Reviewed-by: Frederic Weisbecker <frederic@kernel.org>
Signed-off-by: Joel Fernandes (Google) <joel@joelfernandes.org>
Signed-off-by: Paul E. McKenney <paulmck@kernel.org>
(cherry picked from commit b50606f35f)
Bug: 258241771
Bug: 222463781
Test: powerIdle lab tests.
Change-Id: If8da96d7ba6ed90a2a70f7d56f7bb03af44fd649
Signed-off-by: Joel Fernandes <joelaf@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/third_party/kernel/+/4065239
Reviewed-by: Vineeth Pillai <vineethrp@google.com>
(cherry picked from commit 75db04e1eed1756a4ee5fb87ef8dd494d19bf53f)
[Cherry picked from chromeos-5.15 tree. Minor tweaks to commit message
to match Android style]
Signed-off-by: Qais Yousef <qyousef@google.com>
In preparation for RCU lazy changes, wake up the RCU nocb gp thread if
needed after an entrain. This change prevents the RCU barrier callback
from waiting in the queue for several seconds before the lazy callbacks
in front of it are serviced.
Reported-by: Joel Fernandes (Google) <joel@joelfernandes.org>
Signed-off-by: Frederic Weisbecker <frederic@kernel.org>
Signed-off-by: Joel Fernandes (Google) <joel@joelfernandes.org>
Signed-off-by: Paul E. McKenney <paulmck@kernel.org>
(cherry picked from commit b8f7aca3f0https://git.kernel.org/pub/scm/linux/kernel/git/paulmck/linux-rcu.git rcu/next)
(Backport:
Conflicts:
kernel/rcu/tree.c
Due to missing 'rcu: Rework rcu_barrier() and callback-migration logic'
Chose not to backport that.)
Bug: 258241771
Bug: 222463781
Test: CQ
Change-Id: Ib55c5886764b74df22531eca35f076ef7acc08dd
Signed-off-by: Joel Fernandes <joelaf@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/third_party/kernel/+/4062165
Reviewed-by: Vineeth Pillai <vineethrp@google.com>
(cherry picked from commit fc6e55ea65dca9cc52bda6081341f3fcc87f6ee7)
[Cherry picked from chromeos-5.15 tree. Minor tweaks to commit message
to match Android style]
Signed-off-by: Qais Yousef <qyousef@google.com>
[ Upstream commit 3cfc9ec039af60dbd8965ae085b2c2ccdcfbe1cc ]
Pablo reports a crash with large batches of elements with a
back-to-back add/remove pattern. Quoting Pablo:
add_elem("00000000") timeout 100 ms
...
add_elem("0000000X") timeout 100 ms
del_elem("0000000X") <---------------- delete one that was just added
...
add_elem("00005000") timeout 100 ms
1) nft_pipapo_remove() removes element 0000000X
Then, KASAN shows a splat.
Looking at the remove function there is a chance that we will drop a
rule that maps to a non-deactivated element.
Removal happens in two steps, first we do a lookup for key k and return the
to-be-removed element and mark it as inactive in the next generation.
Then, in a second step, the element gets removed from the set/map.
The _remove function does not work correctly if we have more than one
element that share the same key.
This can happen if we insert an element into a set when the set already
holds an element with same key, but the element mapping to the existing
key has timed out or is not active in the next generation.
In such case its possible that removal will unmap the wrong element.
If this happens, we will leak the non-deactivated element, it becomes
unreachable.
The element that got deactivated (and will be freed later) will
remain reachable in the set data structure, this can result in
a crash when such an element is retrieved during lookup (stale
pointer).
Add a check that the fully matching key does in fact map to the element
that we have marked as inactive in the deactivation step.
If not, we need to continue searching.
Add a bug/warn trap at the end of the function as well, the remove
function must not ever be called with an invisible/unreachable/non-existent
element.
v2: avoid uneeded temporary variable (Stefano)
Bug: 336735501
Fixes: 3c4287f620 ("nf_tables: Add set type for arbitrary concatenation of ranges")
Reported-by: Pablo Neira Ayuso <pablo@netfilter.org>
Reviewed-by: Stefano Brivio <sbrivio@redhat.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit ebf7c9746f)
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: Ic9a48ac9ac0f9960fea9e066d9a0a9fb93f7b633
Export css_task_iter_start() and css_task_iter_next() and
css_task_iter_end() inorder to support task iteration in a cgroup in
vendor modules.
Bug: 336967294
Change-Id: Id93963ddd30ab02c7a4d5086f19d15310e4eda14
Signed-off-by: seanwang1 <seanwang1@lenovo.com>
This reverts commit 4d3b2bd995 which is
commit b5f0de6df6 upstream.
It breaks the Android kernel abi and can be brought back in the future
in an abi-safe way if it is really needed. It's not a "real" break, and
we can work around it, but this really does not affect Android systems,
so it's safe to drop for now.
Bug: 161946584
Change-Id: Id2666dca715b44594f71e291a4c01e5b5a0e88d9
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
This reverts commit 97eaa2955d which is
commit a7d6027790acea24446ddd6632d394096c0f4667 upstream.
It breaks the Android kernel abi and can be brought back in the future
in an abi-safe way if it is really needed.
Bug: 161946584
Change-Id: I05947b1018c5e28cdcb891edddf72163a2a0666a
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
This reverts commit ef982fc410 which is
commit 1c9be13846c0b2abc2480602f8ef421360e1ad9e upstream.
It breaks the Android kernel abi and can be brought back in the future
in an abi-safe way if it is really needed. It's not a "real" break, and
we can work around it, but this really does not affect Android systems,
so it's safe to drop for now.
Bug: 161946584
Change-Id: Ica8f15560c09d1077c4177fb7710c5a24a563360
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
This reverts commit 256c3e6192 which is
commit b787a3e781759026a6212736ef8e52cf83d1821a upstream.
It breaks the Android kernel abi and can be brought back in the future
in an abi-safe way if it is really needed. It's not a "real" break, and
we can work around it, but this really does not affect Android systems,
so it's safe to drop for now.
Bug: 161946584
Change-Id: I46a8368cbf844a05ee18cfdfa33b1b8f50b529ef
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit 47d8ac011fe1c9251070e1bd64cb10b48193ec51 ]
Garbage collector does not take into account the risk of embryo getting
enqueued during the garbage collection. If such embryo has a peer that
carries SCM_RIGHTS, two consecutive passes of scan_children() may see a
different set of children. Leading to an incorrectly elevated inflight
count, and then a dangling pointer within the gc_inflight_list.
sockets are AF_UNIX/SOCK_STREAM
S is an unconnected socket
L is a listening in-flight socket bound to addr, not in fdtable
V's fd will be passed via sendmsg(), gets inflight count bumped
connect(S, addr) sendmsg(S, [V]); close(V) __unix_gc()
---------------- ------------------------- -----------
NS = unix_create1()
skb1 = sock_wmalloc(NS)
L = unix_find_other(addr)
unix_state_lock(L)
unix_peer(S) = NS
// V count=1 inflight=0
NS = unix_peer(S)
skb2 = sock_alloc()
skb_queue_tail(NS, skb2[V])
// V became in-flight
// V count=2 inflight=1
close(V)
// V count=1 inflight=1
// GC candidate condition met
for u in gc_inflight_list:
if (total_refs == inflight_refs)
add u to gc_candidates
// gc_candidates={L, V}
for u in gc_candidates:
scan_children(u, dec_inflight)
// embryo (skb1) was not
// reachable from L yet, so V's
// inflight remains unchanged
__skb_queue_tail(L, skb1)
unix_state_unlock(L)
for u in gc_candidates:
if (u.inflight)
scan_children(u, inc_inflight_move_tail)
// V count=1 inflight=2 (!)
If there is a GC-candidate listening socket, lock/unlock its state. This
makes GC wait until the end of any ongoing connect() to that socket. After
flipping the lock, a possibly SCM-laden embryo is already enqueued. And if
there is another embryo coming, it can not possibly carry SCM_RIGHTS. At
this point, unix_inflight() can not happen because unix_gc_lock is already
taken. Inflight graph remains unaffected.
Bug: 336226035
Fixes: 1fd05ba5a2 ("[AF_UNIX]: Rewrite garbage collector, fixes race.")
Signed-off-by: Michal Luczaj <mhal@rbox.co>
Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Link: https://lore.kernel.org/r/20240409201047.1032217-1-mhal@rbox.co
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit 507cc232ff)
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: If321f78b8b3220f5a1caea4b5e9450f1235b0770
[ Upstream commit 97af84a6bba2ab2b9c704c08e67de3b5ea551bb2 ]
When touching unix_sk(sk)->inflight, we are always under
spin_lock(&unix_gc_lock).
Let's convert unix_sk(sk)->inflight to the normal unsigned long.
Bug: 336226035
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Link: https://lore.kernel.org/r/20240123170856.41348-3-kuniyu@amazon.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Stable-dep-of: 47d8ac011fe1 ("af_unix: Fix garbage collector racing against connect()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit 301fdbaa0b)
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: I0d965d5f2a863d798c06de9f21d0467f256b538e
This reverts commit 7d6e8d7ee1 which is
commit b8adb69a7d29c2d33eb327bca66476fb6066516b upstream.
It breaks the Android kernel abi and can be brought back in the future
in an abi-safe way if it is really needed.
Bug: 161946584
Change-Id: I8d0ac023a1d1b06f07cdacdb5f60fb52e7ad782e
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
This reverts commit ea6c19c736 which is
commit faaae0190d upstream.
It breaks the Android kernel abi and can be brought back in the future
in an abi-safe way if it is really needed.
Bug: 161946584
Change-Id: Id29f82e491e7bf665c17098a55fcaafd73ac82ba
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
This reverts commit 63f0e79cf3 which is
commit 2996e9fc00 upstream.
It breaks the Android kernel abi and can be brought back in the future
in an abi-safe way if it is really needed.
Bug: 161946584
Change-Id: I6125aa8ecec382d632291bf144e02bdc700c7228
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
This reverts commit a99c8f1abe which is
commit a909d629ae upstream.
It breaks the Android kernel abi and can be brought back in the future
in an abi-safe way if it is really needed.
Bug: 161946584
Change-Id: Ic40510cd8c94739404a7e3c2532fa460bf7f7fb4
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
This reverts commit 8af9de2a5b which is
commit 0e6275452c upstream.
It breaks the Android kernel abi and can be brought back in the future
in an abi-safe way if it is really needed.
Bug: 161946584
Change-Id: I460623476ce9205201b40cd2914636abcb91d5d3
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
This reverts commit 8839d5728b which is
commit b0425784b9 upstream.
It breaks the Android kernel abi and can be brought back in the future
in an abi-safe way if it is really needed.
Bug: 161946584
Change-Id: Ide05d2a4d0c7ae90c91a8181beb86ced919d74b5
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
This reverts commit 6538b6d13c which is
commit d7cdfc319b upstream.
It breaks the Android kernel abi and can be brought back in the future
in an abi-safe way if it is really needed.
Bug: 161946584
Change-Id: Idab0edccdf4d6b57fddcca069ad44a8381befa48
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
This reverts commit ef535e0315 which is
commit 8ce8849dd1 upstream.
It breaks the Android kernel abi and can be brought back in the future
in an abi-safe way if it is really needed.
Bug: 161946584
Change-Id: Icdf91cda9a996fef8c8f5413b1b406a5fa936afb
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Changes in 5.15.150
net/sched: Retire CBQ qdisc
net/sched: Retire ATM qdisc
net/sched: Retire dsmark qdisc
smb: client: fix OOB in receive_encrypted_standard()
smb: client: fix potential OOBs in smb2_parse_contexts()
smb: client: fix parsing of SMB3.1.1 POSIX create context
sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset
PCI: dwc: Fix a 64bit bug in dw_pcie_ep_raise_msix_irq()
bpf: Merge printk and seq_printf VARARG max macros
bpf: Add struct for bin_args arg in bpf_bprintf_prepare
bpf: Do cleanup in bpf_bprintf_cleanup only when needed
bpf: Remove trace_printk_lock
userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb
zonefs: Improve error handling
x86/fpu: Stop relying on userspace for info to fault in xsave buffer
sched/rt: Fix sysctl_sched_rr_timeslice intial value
sched/rt: Disallow writing invalid values to sched_rt_period_us
scsi: target: core: Add TMF to tmr_list handling
dmaengine: shdma: increase size of 'dev_id'
dmaengine: fsl-qdma: increase size of 'irq_name'
wifi: cfg80211: fix missing interfaces when dumping
wifi: mac80211: fix race condition on enabling fast-xmit
fbdev: savage: Error out if pixclock equals zero
fbdev: sis: Error out if pixclock equals zero
spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected
ahci: asm1166: correct count of reported ports
ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers
MIPS: reserve exception vector space ONLY ONCE
platform/x86: touchscreen_dmi: Add info for the TECLAST X16 Plus tablet
ext4: avoid dividing by 0 in mb_update_avg_fragment_size() when block bitmap corrupt
ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found()
ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal()
dmaengine: ti: edma: Add some null pointer checks to the edma_probe
regulator: pwm-regulator: Add validity checks in continuous .get_voltage
nvmet-tcp: fix nvme tcp ida memory leak
ALSA: usb-audio: Check presence of valid altsetting control
ASoC: sunxi: sun4i-spdif: Add support for Allwinner H616
spi: sh-msiof: avoid integer overflow in constants
Input: xpad - add Lenovo Legion Go controllers
netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in sctp_new
ALSA: usb-audio: Ignore clock selector errors for single connection
nvme-fc: do not wait in vain when unloading module
nvmet-fcloop: swap the list_add_tail arguments
nvmet-fc: release reference on target port
nvmet-fc: defer cleanup using RCU properly
nvmet-fc: hold reference on hostport match
nvmet-fc: abort command when there is no binding
nvmet-fc: avoid deadlock on delete association path
nvmet-fc: take ref count on tgtport before delete assoc
ext4: correct the hole length returned by ext4_map_blocks()
Input: i8042 - add Fujitsu Lifebook U728 to i8042 quirk table
fs/ntfs3: Modified fix directory element type detection
fs/ntfs3: Improve ntfs_dir_count
fs/ntfs3: Correct hard links updating when dealing with DOS names
fs/ntfs3: Print warning while fixing hard links count
fs/ntfs3: Fix detected field-spanning write (size 8) of single field "le->name"
fs/ntfs3: Add NULL ptr dereference checking at the end of attr_allocate_frame()
fs/ntfs3: Disable ATTR_LIST_ENTRY size check
fs/ntfs3: use non-movable memory for ntfs3 MFT buffer cache
fs/ntfs3: Prevent generic message "attempt to access beyond end of device"
fs/ntfs3: Correct function is_rst_area_valid
fs/ntfs3: Update inode->i_size after success write into compressed file
fs/ntfs3: Fix oob in ntfs_listxattr
wifi: mac80211: adding missing drv_mgd_complete_tx() call
efi: runtime: Fix potential overflow of soft-reserved region size
efi: Don't add memblocks for soft-reserved memory
hwmon: (coretemp) Enlarge per package core count limit
scsi: lpfc: Use unsigned type for num_sge
firewire: core: send bus reset promptly on gap count error
drm/amdgpu: skip to program GFXDEC registers for suspend abort
drm/amdgpu: reset gpu for s3 suspend abort case
virtio-blk: Ensure no requests in virtqueues before deleting vqs.
pmdomain: mediatek: fix race conditions with genpd
ksmbd: free aux buffer if ksmbd_iov_pin_rsp_read fails
pmdomain: renesas: r8a77980-sysc: CR7 must be always on
erofs: fix lz4 inplace decompression
IB/hfi1: Fix sdma.h tx->num_descs off-by-one error
drm/ttm: Fix an invalid freeing on already freed page in error path
dm-crypt: don't modify the data when using authenticated encryption
platform/x86: intel-vbtn: Stop calling "VBDL" from notify_handler
platform/x86: touchscreen_dmi: Allow partial (prefix) matches for ACPI names
KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler
KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table()
gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp()
PCI/MSI: Prevent MSI hardware interrupt number truncation
l2tp: pass correct message length to ip6_append_data
ARM: ep93xx: Add terminator to gpiod_lookup_table
Revert "x86/ftrace: Use alternative RET encoding"
x86/text-patching: Make text_gen_insn() play nice with ANNOTATE_NOENDBR
x86/ibt,paravirt: Use text_gen_insn() for paravirt_patch()
x86/ftrace: Use alternative RET encoding
x86/returnthunk: Allow different return thunks
Revert "x86/alternative: Make custom return thunk unconditional"
x86/alternative: Make custom return thunk unconditional
serial: amba-pl011: Fix DMA transmission in RS485 mode
usb: dwc3: gadget: Don't disconnect if not started
usb: cdnsp: blocked some cdns3 specific code
usb: cdnsp: fixed issue with incorrect detecting CDNSP family controllers
usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable()
usb: cdns3: fix memory double free when handle zero packet
usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs
usb: roles: fix NULL pointer issue when put module's reference
usb: roles: don't get/set_role() when usb_role_switch is unregistered
mptcp: fix lockless access in subflow ULP diag
clk: imx: imx8mp: add shared clk gate for usb suspend clk
clk: qcom: gcc-qcs404: disable gpll[04]_out_aux parents
clk: qcom: gcc-qcs404: fix names of the DSI clocks used as parents
mtd: rawnand: sunxi: Fix the size of the last OOB region
RISC-V: fix funct4 definition for c.jalr in parse_asm.h
Input: iqs269a - drop unused device node references
Input: iqs269a - configure device with a single block write
Input: iqs269a - increase interrupt handler return delay
clk: renesas: cpg-mssr: Fix use after free if cpg_mssr_common_init() failed
Input: ads7846 - don't report pressure for ads7845
clk: renesas: cpg-mssr: Remove superfluous check in resume code
clk: imx: avoid memory leak
Input: ads7846 - always set last command to PWRDOWN
Input: ads7846 - don't check penirq immediately for 7845
powerpc/powernv/ioda: Skip unallocated resources when mapping to PE
clk: qcom: gpucc-sc7180: fix clk_dis_wait being programmed for CX GDSC
clk: qcom: gpucc-sdm845: fix clk_dis_wait being programmed for CX GDSC
clk: Honor CLK_OPS_PARENT_ENABLE in clk_core_is_enabled()
powerpc/pseries/lparcfg: add missing RTAS retry status handling
powerpc/perf/hv-24x7: add missing RTAS retry status handling
powerpc/pseries/lpar: add missing RTAS retry status handling
MIPS: SMP-CPS: fix build error when HOTPLUG_CPU not set
MIPS: vpe-mt: drop physical_memsize
vdpa/mlx5: Don't clear mr struct on destroy MR
selftests: net: vrf-xfrm-tests: change authentication and encryption algos
ARM: dts: BCM53573: Drop nonexistent #usb-cells
RDMA/siw: Balance the reference of cep->kref in the error path
RDMA/siw: Correct wrong debug message
clk: linux/clk-provider.h: fix kernel-doc warnings and typos
platform/x86: asus-wmi: Document the dgpu_disable sysfs attribute
acpi: property: Let args be NULL in __acpi_node_get_property_reference
ARM: dts: BCM53573: Drop nonexistent "default-off" LED trigger
tools headers UAPI: Sync linux/fscrypt.h with the kernel sources
perf beauty: Update copy of linux/socket.h with the kernel sources
tools/virtio: fix build
drm/amdgpu: init iommu after amdkfd device init
f2fs: don't set GC_FAILURE_PIN for background GC
f2fs: write checkpoint during FG_GC
drm/i915/dg1: Update DMC_DEBUG3 register
kernel/sched: Remove dl_boosted flag comment
cifs: remove useless parameter 'is_fsctl' from SMB2_ioctl()
serial: 8250: Remove serial_rs485 sanitization from em485
clk: imx8mp: Add DISP2 pixel clock
clk: imx8mp: add clkout1/2 support
dt-bindings: clocks: imx8mp: Add ID for usb suspend clock
net: ethernet: ti: add missing of_node_put before return
powerpc/rtas: make all exports GPL
powerpc/rtas: ensure 4KB alignment for rtas_data_buf
powerpc/eeh: Small refactor of eeh_handle_normal_event()
powerpc/eeh: Set channel state after notifying the drivers
PM: core: Redefine pm_ptr() macro
PM: core: Add new *_PM_OPS macros, deprecate old ones
mmc: jz4740: Use the new PM macros
mmc: mxc: Use the new PM macros
PM: core: Remove static qualifier in DEFINE_SIMPLE_DEV_PM_OPS macro
Input: iqs269a - switch to DEFINE_SIMPLE_DEV_PM_OPS() and pm_sleep_ptr()
Input: iqs269a - do not poll during suspend or resume
Input: iqs269a - do not poll during ATI
net/sched: Refactor qdisc_graft() for ingress and clsact Qdiscs
netfilter: nf_tables: add rescheduling points during loop detection walks
debugobjects: Recheck debug_objects_enabled before reporting
nbd: Add the maximum limit of allocated index in nbd_dev_add
md: fix data corruption for raid456 when reshape restart while grow up
md/raid10: prevent soft lockup while flush writes
posix-timers: Ensure timer ID search-loop limit is valid
btrfs: add xxhash to fast checksum implementations
ACPI: button: Add lid disable DMI quirk for Nextbook Ares 8A
ACPI: video: Add backlight=native DMI quirk for Apple iMac11,3
ACPI: video: Add backlight=native DMI quirk for Lenovo ThinkPad X131e (3371 AMD version)
arm64: set __exception_irq_entry with __irq_entry as a default
arm64: mm: fix VA-range sanity check
sched/fair: Don't balance task to its current running CPU
wifi: ath11k: fix registration of 6Ghz-only phy without the full channel range
bpf: Address KCSAN report on bpf_lru_list
devlink: report devlink_port_type_warn source device
wifi: wext-core: Fix -Wstringop-overflow warning in ioctl_standard_iw_point()
igb: Fix igb_down hung on surprise removal
wifi: iwlwifi: mvm: avoid baid size integer overflow
exfat: support dynamic allocate bh for exfat_entry_set_cache
arm64: dts: rockchip: fix regulator name on rk3399-rock-4
arm64: dts: rockchip: add ES8316 codec for ROCK Pi 4
arm64: dts: rockchip: add SPDIF node for ROCK Pi 4
ARM: dts: BCM53573: Describe on-SoC BCM53125 rev 4 switch
ACPI: video: Add backlight=native DMI quirk for Apple iMac12,1 and iMac12,2
ACPI: resource: Add ASUS model S5402ZA to quirks
ACPI: resource: Skip IRQ override on Asus Vivobook S5602ZA
ACPI: resource: Add Asus ExpertBook B2502 to Asus quirks
ACPI: resource: Skip IRQ override on Asus Expertbook B2402CBA
ACPI: resource: Skip IRQ override on ASUS ExpertBook B1502CBA
xhci: cleanup xhci_hub_control port references
xhci: move port specific items such as state completions to port structure
xhci: rename resume_done to resume_timestamp
xhci: clear usb2 resume related variables in one place.
xhci: decouple usb2 port resume and get_port_status request handling
xhci: track port suspend state correctly in unsuccessful resume cases
cifs: add a warning when the in-flight count goes negative
IB/hfi1: Fix a memleak in init_credit_return
RDMA/bnxt_re: Return error for SRQ resize
RDMA/irdma: Fix KASAN issue with tasklet
RDMA/irdma: Validate max_send_wr and max_recv_wr
RDMA/irdma: Set the CQ read threshold for GEN 1
RDMA/irdma: Add AE for too many RNRS
RDMA/srpt: Support specifying the srpt_service_guid parameter
RDMA/qedr: Fix qedr_create_user_qp error flow
arm64: dts: rockchip: set num-cs property for spi on px30
RDMA/srpt: fix function pointer cast warnings
bpf, scripts: Correct GPL license name
scsi: jazz_esp: Only build if SCSI core is builtin
nouveau: fix function cast warnings
net: stmmac: Fix incorrect dereference in interrupt handlers
ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid
ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid
ata: libahci_platform: Convert to using devm bulk clocks API
ata: libahci_platform: Introduce reset assertion/deassertion methods
ata: ahci_ceva: fix error handling for Xilinx GT PHY support
bpf: Fix racing between bpf_timer_cancel_and_free and bpf_timer_cancel
afs: Increase buffer size in afs_update_volume_status()
ipv6: sr: fix possible use-after-free and null-ptr-deref
packet: move from strlcpy with unused retval to strscpy
net: dev: Convert sa_data to flexible array in struct sockaddr
drm/nouveau/instmem: fix uninitialized_var.cocci warning
octeontx2-af: Consider the action set by PF
s390: use the correct count for __iowrite64_copy()
tls: rx: jump to a more appropriate label
tls: rx: drop pointless else after goto
tls: stop recv() if initial process_rx_list gave us non-DATA
netfilter: nf_tables: set dormant flag on hook register failure
netfilter: flowtable: simplify route logic
netfilter: nft_flow_offload: reset dst in route object after setting up flow
netfilter: nft_flow_offload: release dst in case direct xmit path is used
drm/syncobj: call drm_syncobj_fence_add_wait when WAIT_AVAILABLE flag is set
drm/amd/display: Fix memory leak in dm_sw_fini()
i2c: imx: Add timer for handling the stop condition
i2c: imx: when being a target, mark the last read as processed
cifs: fix mid leak during reconnection after timeout threshold
fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio
arp: Prevent overflow in arp_req_get().
netfilter: nf_tables: fix scheduling-while-atomic splat
ext4: regenerate buddy after block freeing failed if under fc replay
ext4: avoid bb_free and bb_fragments inconsistency in mb_free_blocks()
netfilter: nf_tables: can't schedule in nft_chain_validate
r8169: use new PM macros
Linux 5.15.150
Change-Id: I06c2e83ba84b59d0a35cf9fcaad15d0ab5276832
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
If ufshcd_abort() returns SUCCESS for an already completed command then
that command is completed twice. This results in a crash. Prevent this by
checking whether a command has completed without completion interrupt from
the timeout handler. This CL fixes the following kernel crash:
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000
Call trace:
dma_direct_map_sg+0x70/0x274
scsi_dma_map+0x84/0x124
ufshcd_queuecommand+0x3fc/0x880
scsi_queue_rq+0x7d0/0x111c
blk_mq_dispatch_rq_list+0x440/0xebc
blk_mq_do_dispatch_sched+0x5a4/0x6b8
__blk_mq_sched_dispatch_requests+0x150/0x220
__blk_mq_run_hw_queue+0xf0/0x218
__blk_mq_delay_run_hw_queue+0x8c/0x18c
blk_mq_run_hw_queue+0x1a4/0x360
blk_mq_sched_insert_requests+0x130/0x334
blk_mq_flush_plug_list+0x138/0x234
blk_flush_plug_list+0x118/0x164
blk_finish_plug()
read_pages+0x38c/0x408
page_cache_ra_unbounded+0x230/0x2f8
do_sync_mmap_readahead+0x1a4/0x208
filemap_fault+0x27c/0x8f4
f2fs_filemap_fault+0x28/0xfc
__do_fault+0xc4/0x208
handle_pte_fault+0x290/0xe04
do_handle_mm_fault+0x52c/0x858
do_page_fault+0x5dc/0x798
do_translation_fault+0x40/0x54
do_mem_abort+0x60/0x134
el0_da+0x40/0xb8
el0t_64_sync_handler+0xc4/0xe4
el0t_64_sync+0x1b4/0x1b8
Bug: 312786487
Bug: 326329246
Bug: 333069246
Bug: 333317508
Link: https://lore.kernel.org/linux-scsi/20240416171357.1062583-1-bvanassche@acm.org/T/#mbfa6b7a56e07c792ddca7801fb8900f8370d4731
Change-Id: I48e93516d2aae3b2ad62b0b51144e8e2e39d7476
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Bart Van Assche <bvanassche@google.com>
