mirror of
https://github.com/hardkernel/linux.git
synced 2026-06-05 18:41:58 +09:00
25641a61baec9f44dc9276483b791a4944a98593
1162545 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Seiya Wang
|
25641a61ba |
ANDROID: GKI: Update symbol list for mtk
2 function symbol(s) added 'int devm_rproc_add(struct device*, struct rproc*)' 'struct rproc* devm_rproc_alloc(struct device*, const char*, const struct rproc_ops*, const char*, int)' Bug: 361691226 Change-Id: Ifc5f86d8443f0495dd576c654b9fd9936bd449f7 Signed-off-by: Seiya Wang <seiya.wang@mediatek.com> |
||
|
Will Deacon
|
82b9eb64eb |
FROMGIT: KVM: arm64: Ensure TLBI uses correct VMID after changing context
When the target context passed to enter_vmid_context() matches the current running context, the function returns early without manipulating the registers of the stage-2 MMU. This can result in a stale VMID due to the lack of an ISB instruction in exit_vmid_context() after writing the VTTBR when ARM64_WORKAROUND_SPECULATIVE_AT is not enabled. For example, with pKVM enabled: // Initially running in host context enter_vmid_context(guest); -> __load_stage2(guest); isb // Writes VTCR & VTTBR exit_vmid_context(guest); -> __load_stage2(host); // Restores VTCR & VTTBR enter_vmid_context(host); -> Returns early as we're already in host context tlbi vmalls12e1is // !!! Can use the stale VMID as we // haven't performed context // synchronisation since restoring // VTTBR.VMID Add an unconditional ISB instruction to exit_vmid_context() after restoring the VTTBR. This already existed for the ARM64_WORKAROUND_SPECULATIVE_AT path, so we can simply hoist that onto the common path. Cc: Marc Zyngier <maz@kernel.org> Cc: Oliver Upton <oliver.upton@linux.dev> Cc: Fuad Tabba <tabba@google.com> Fixes: 58f3b0fc3b87 ("KVM: arm64: Support TLB invalidation in guest context") Signed-off-by: Will Deacon <will@kernel.org> Link: https://lore.kernel.org/r/20240814123429.20457-3-will@kernel.org Signed-off-by: Marc Zyngier <maz@kernel.org> (cherry picked from commit ed49fe5a6fb9c1a1bbbf4b5b648c7d34a756cb6d kvmarm/next) Bug: 311571169 Signed-off-by: Will Deacon <willdeacon@google.com> Change-Id: I1612ebdc5625e44694897f2c5b26fe38cdaa3179 |
||
|
Will Deacon
|
9920d2584e |
FROMGIT: KVM: arm64: Invalidate EL1&0 TLB entries for all VMIDs in nvhe hyp init
When initialising the nVHE hypervisor, we invalidate potentially stale
TLB entries for the EL1&0 regime using a 'vmalls12e1' invalidation.
However, this invalidation operation applies only to the active VMID
and therefore we could proceed with stale TLB entries for other VMIDs.
Replace the operation with an 'alle1' which applies to all entries for
the EL1&0 regime, regardless of the VMID.
Cc: Marc Zyngier <maz@kernel.org>
Cc: Oliver Upton <oliver.upton@linux.dev>
Fixes:
|
||
|
Will Deacon
|
1a48a88fcb |
FROMGIT: BACKPORT: KVM: arm64: Don't pass a TLBI level hint when zapping table entries
commit 36e008323926036650299cfbb2dca704c7aba849 upstream. The TLBI level hints are for leaf entries only, so take care not to pass them incorrectly after clearing a table entry. Cc: Gavin Shan <gshan@redhat.com> Cc: Marc Zyngier <maz@kernel.org> Cc: Quentin Perret <qperret@google.com> Fixes: |
||
|
Greg Kroah-Hartman
|
02fcfc12fc |
Merge tag 'android14-6.1.93_r00' into android14-6.1
This merges up to the 6.1.93 LTS release into android14-6.1. Included in here are the following commits: * |
||
|
Rick Yiu
|
42515e9246 |
ANDROID: sched: Add android_vh_set_task_comm
Vendor may have specific actions after task renamed. Bug: 357956265 Change-Id: I78263dc023af6fd1ee2db03eee4ccb3ca3ebb278 Signed-off-by: Rick Yiu <rickyiu@google.com> |
||
|
John Stultz
|
0f23336b97 |
BACKPORT: UPSTREAM: sched: Move psi_account_irqtime() out of update_rq_clock_task() hotpath
It was reported that in moving to 6.1, a larger then 10%
regression was seen in the performance of
clock_gettime(CLOCK_THREAD_CPUTIME_ID,...).
Using a simple reproducer, I found:
5.10:
100000000 calls in 24345994193 ns => 243.460 ns per call
100000000 calls in 24288172050 ns => 242.882 ns per call
100000000 calls in 24289135225 ns => 242.891 ns per call
6.1:
100000000 calls in 28248646742 ns => 282.486 ns per call
100000000 calls in 28227055067 ns => 282.271 ns per call
100000000 calls in 28177471287 ns => 281.775 ns per call
The cause of this was finally narrowed down to the addition of
psi_account_irqtime() in update_rq_clock_task(), in commit
|
||
|
Carlos Llamas
|
370ea8bc2e |
FROMLIST: binder: fix UAF caused by offsets overwrite
Binder objects are processed and copied individually into the target
buffer during transactions. Any raw data in-between these objects is
copied as well. However, this raw data copy lacks an out-of-bounds
check. If the raw data exceeds the data section size then the copy
overwrites the offsets section. This eventually triggers an error that
attempts to unwind the processed objects. However, at this point the
offsets used to index these objects are now corrupted.
Unwinding with corrupted offsets can result in decrements of arbitrary
nodes and lead to their premature release. Other users of such nodes are
left with a dangling pointer triggering a use-after-free. This issue is
made evident by the following KASAN report (trimmed):
==================================================================
BUG: KASAN: slab-use-after-free in _raw_spin_lock+0xe4/0x19c
Write of size 4 at addr ffff47fc91598f04 by task binder-util/743
CPU: 9 UID: 0 PID: 743 Comm: binder-util Not tainted 6.11.0-rc4 #1
Hardware name: linux,dummy-virt (DT)
Call trace:
_raw_spin_lock+0xe4/0x19c
binder_free_buf+0x128/0x434
binder_thread_write+0x8a4/0x3260
binder_ioctl+0x18f0/0x258c
[...]
Allocated by task 743:
__kmalloc_cache_noprof+0x110/0x270
binder_new_node+0x50/0x700
binder_transaction+0x413c/0x6da8
binder_thread_write+0x978/0x3260
binder_ioctl+0x18f0/0x258c
[...]
Freed by task 745:
kfree+0xbc/0x208
binder_thread_read+0x1c5c/0x37d4
binder_ioctl+0x16d8/0x258c
[...]
==================================================================
To avoid this issue, let's check that the raw data copy is within the
boundaries of the data section.
Fixes:
|
||
|
Carlos Llamas
|
f8f9a197f4 |
ANDROID: binder: fix KMI-break due to proc->dmap
Add 'struct binder_proc_wrap' to support the addition of new members in
'struct binder_proc' without breaking the KMI. In this case, proc->dmap
was backported from upstream and needs to be migrated into this wrapper.
Avoids the following KMI issue:
function symbol 'int __traceiter_binder_transaction_received(void*, struct binder_transaction*)' changed
CRC changed from 0x74e9c98b to 0x7af6cf5a
type 'struct binder_proc' changed
byte size changed from 584 to 600
member 'struct dbitmap dmap' was added
16 members ('struct list_head todo' .. 'u64 android_oem_data1') changed
offset changed by 128
Bug: 298520209
Change-Id: Icbbee14a8f16d0881faf8d5673582e785f98e8cf
Signed-off-by: Carlos Llamas <cmllamas@google.com>
(cherry picked from commit af55892f201c8f709725d75d306b1cdd20984b97)
[cmllamas: merge binder_proc_wrap_entry() with new proc_wrapper()]
Signed-off-by: Carlos Llamas <cmllamas@google.com>
|
||
|
Carlos Llamas
|
a55053f3a8 |
UPSTREAM: binder: fix descriptor lookup for context manager
In commit 15d9da3f818c ("binder: use bitmap for faster descriptor
lookup"), it was incorrectly assumed that references to the context
manager node should always get descriptor zero assigned to them.
However, if the context manager dies and a new process takes its place,
then assigning descriptor zero to the new context manager might lead to
collisions, as there could still be references to the older node. This
issue was reported by syzbot with the following trace:
kernel BUG at drivers/android/binder.c:1173!
Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 447 Comm: binder-util Not tainted 6.10.0-rc6-00348-g31643d84b8c3 #10
Hardware name: linux,dummy-virt (DT)
pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : binder_inc_ref_for_node+0x500/0x544
lr : binder_inc_ref_for_node+0x1e4/0x544
sp : ffff80008112b940
x29: ffff80008112b940 x28: ffff0e0e40310780 x27: 0000000000000000
x26: 0000000000000001 x25: ffff0e0e40310738 x24: ffff0e0e4089ba34
x23: ffff0e0e40310b00 x22: ffff80008112bb50 x21: ffffaf7b8f246970
x20: ffffaf7b8f773f08 x19: ffff0e0e4089b800 x18: 0000000000000000
x17: 0000000000000000 x16: 0000000000000000 x15: 000000002de4aa60
x14: 0000000000000000 x13: 2de4acf000000000 x12: 0000000000000020
x11: 0000000000000018 x10: 0000000000000020 x9 : ffffaf7b90601000
x8 : ffff0e0e48739140 x7 : 0000000000000000 x6 : 000000000000003f
x5 : ffff0e0e40310b28 x4 : 0000000000000000 x3 : ffff0e0e40310720
x2 : ffff0e0e40310728 x1 : 0000000000000000 x0 : ffff0e0e40310710
Call trace:
binder_inc_ref_for_node+0x500/0x544
binder_transaction+0xf68/0x2620
binder_thread_write+0x5bc/0x139c
binder_ioctl+0xef4/0x10c8
[...]
This patch adds back the previous behavior of assigning the next
non-zero descriptor if references to previous context managers still
exist. It amends both strategies, the newer dbitmap code and also the
legacy slow_desc_lookup_olocked(), by allowing them to start looking
for available descriptors at a given offset.
Fixes: 15d9da3f818c ("binder: use bitmap for faster descriptor lookup")
Cc: stable@vger.kernel.org
Reported-and-tested-by: syzbot+3dae065ca76952a67257@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/all/000000000000c1c0a0061d1e6979@google.com/
Reviewed-by: Alice Ryhl <aliceryhl@google.com>
Signed-off-by: Carlos Llamas <cmllamas@google.com>
Link: https://lore.kernel.org/r/20240722150512.4192473-1-cmllamas@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Bug: 298520209
Change-Id: I5b888c138163eff263239ebcc85c59cd7f26d64f
(cherry picked from commit 11512c197d387b59569d3a93af93de204d3bdaa6)
Signed-off-by: Carlos Llamas <cmllamas@google.com>
|
||
|
Carlos Llamas
|
c5f1e68340 |
BACKPORT: binder: use bitmap for faster descriptor lookup
When creating new binder references, the driver assigns a descriptor id that is shared with userspace. Regrettably, the driver needs to keep the descriptors small enough to accommodate userspace potentially using them as Vector indexes. Currently, the driver performs a linear search on the rb-tree of references to find the smallest available descriptor id. This approach, however, scales poorly as the number of references grows. This patch introduces the usage of bitmaps to boost the performance of descriptor assignments. This optimization results in notable performance gains, particularly in processes with a large number of references. The following benchmark with 100,000 references showcases the difference in latency between the dbitmap implementation and the legacy approach: [ 587.145098] get_ref_desc_olocked: 15us (dbitmap on) [ 602.788623] get_ref_desc_olocked: 47343us (dbitmap off) Note the bitmap size is dynamically adjusted in line with the number of references, ensuring efficient memory usage. In cases where growing the bitmap is not possible, the driver falls back to the slow legacy method. A previous attempt to solve this issue was proposed in [1]. However, such method involved adding new ioctls which isn't great, plus older userspace code would not have benefited from the optimizations either. Link: https://lore.kernel.org/all/20240417191418.1341988-1-cmllamas@google.com/ [1] Cc: Tim Murray <timmurray@google.com> Cc: Arve Hjønnevåg <arve@android.com> Cc: Alice Ryhl <aliceryhl@google.com> Cc: Martijn Coenen <maco@android.com> Cc: Todd Kjos <tkjos@android.com> Cc: John Stultz <jstultz@google.com> Cc: Steven Moreland <smoreland@google.com> Suggested-by: Nick Chen <chenjia3@oppo.com> Reviewed-by: Alice Ryhl <aliceryhl@google.com> Signed-off-by: Carlos Llamas <cmllamas@google.com> Link: https://lore.kernel.org/r/20240612042535.1556708-1-cmllamas@google.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Bug: 298520209 Change-Id: Iaf32794ab7786c603706f6806cabec9d031559a2 (cherry picked from commit 15d9da3f818cae676f822a04407d3c17b53357d2) [cmllamas: fixed trivial conflicts with KMI work-around] Signed-off-by: Carlos Llamas <cmllamas@google.com> |
||
|
Peter Zijlstra
|
514bdc80b9 |
UPSTREAM: perf/core: Fix potential NULL deref
Smatch is awesome. BUG: 361274701 (cherry picked from commit |
||
|
Peter Wang
|
faf32723dc |
BACKPORT: scsi: ufs: core: Fix ufshcd_abort_one racing issue
When ufshcd_abort_one is racing with the completion ISR, the completed tag
of the request's mq_hctx pointer will be set to NULL by ISR. Return
success when request is completed by ISR because ufshcd_abort_one does not
need to do anything.
The racing flow is:
Thread A
ufshcd_err_handler step 1
...
ufshcd_abort_one
ufshcd_try_to_abort_task
ufshcd_cmd_inflight(true) step 3
ufshcd_mcq_req_to_hwq
blk_mq_unique_tag
rq->mq_hctx->queue_num step 5
Thread B
ufs_mtk_mcq_intr(cq complete ISR) step 2
scsi_done
...
__blk_mq_free_request
rq->mq_hctx = NULL; step 4
Below is KE back trace.
ufshcd_try_to_abort_task: cmd at tag 41 not pending in the device.
ufshcd_try_to_abort_task: cmd at tag=41 is cleared.
Aborting tag 41 / CDB 0x28 succeeded
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000194
pc : [0xffffffddd7a79bf8] blk_mq_unique_tag+0x8/0x14
lr : [0xffffffddd6155b84] ufshcd_mcq_req_to_hwq+0x1c/0x40 [ufs_mediatek_mod_ise]
do_mem_abort+0x58/0x118
el1_abort+0x3c/0x5c
el1h_64_sync_handler+0x54/0x90
el1h_64_sync+0x68/0x6c
blk_mq_unique_tag+0x8/0x14
ufshcd_err_handler+0xae4/0xfa8 [ufs_mediatek_mod_ise]
process_one_work+0x208/0x4fc
worker_thread+0x228/0x438
kthread+0x104/0x1d4
ret_from_fork+0x10/0x20
Bug: 361140026
Fixes: 93e6c0e19d5b ("scsi: ufs: core: Clear cmd if abort succeeds in MCQ mode")
Suggested-by: Bart Van Assche <bvanassche@acm.org>
Change-Id: I42f9b93dae33eac8cf41ac3085858b6adf0ee9ee
Signed-off-by: Peter Wang <peter.wang@mediatek.com>
Link: https://lore.kernel.org/r/20240628070030.30929-3-peter.wang@mediatek.com
Reviewed-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
(cherry picked from commit 74736103fb4123c71bf11fb7a6abe7c884c5269e)
[ Resolved minor conflict in drivers/ufs/core/ufshcd.c ]
|
||
|
Peter Wang
|
4d735ca7bb |
BACKPORT: scsi: ufs: core: Fix ufshcd_clear_cmd racing issue
When ufshcd_clear_cmd is racing with the completion ISR, the completed tag
of the request's mq_hctx pointer will be set to NULL by the ISR. And
ufshcd_clear_cmd's call to ufshcd_mcq_req_to_hwq will get NULL pointer KE.
Return success when the request is completed by ISR because sq does not
need cleanup.
The racing flow is:
Thread A
ufshcd_err_handler step 1
ufshcd_try_to_abort_task
ufshcd_cmd_inflight(true) step 3
ufshcd_clear_cmd
...
ufshcd_mcq_req_to_hwq
blk_mq_unique_tag
rq->mq_hctx->queue_num step 5
Thread B
ufs_mtk_mcq_intr(cq complete ISR) step 2
scsi_done
...
__blk_mq_free_request
rq->mq_hctx = NULL; step 4
Below is KE back trace:
ufshcd_try_to_abort_task: cmd pending in the device. tag = 6
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000194
pc : [0xffffffd589679bf8] blk_mq_unique_tag+0x8/0x14
lr : [0xffffffd5862f95b4] ufshcd_mcq_sq_cleanup+0x6c/0x1cc [ufs_mediatek_mod_ise]
Workqueue: ufs_eh_wq_0 ufshcd_err_handler [ufs_mediatek_mod_ise]
Call trace:
dump_backtrace+0xf8/0x148
show_stack+0x18/0x24
dump_stack_lvl+0x60/0x7c
dump_stack+0x18/0x3c
mrdump_common_die+0x24c/0x398 [mrdump]
ipanic_die+0x20/0x34 [mrdump]
notify_die+0x80/0xd8
die+0x94/0x2b8
__do_kernel_fault+0x264/0x298
do_page_fault+0xa4/0x4b8
do_translation_fault+0x38/0x54
do_mem_abort+0x58/0x118
el1_abort+0x3c/0x5c
el1h_64_sync_handler+0x54/0x90
el1h_64_sync+0x68/0x6c
blk_mq_unique_tag+0x8/0x14
ufshcd_clear_cmd+0x34/0x118 [ufs_mediatek_mod_ise]
ufshcd_try_to_abort_task+0x2c8/0x5b4 [ufs_mediatek_mod_ise]
ufshcd_err_handler+0xa7c/0xfa8 [ufs_mediatek_mod_ise]
process_one_work+0x208/0x4fc
worker_thread+0x228/0x438
kthread+0x104/0x1d4
ret_from_fork+0x10/0x20
Bug: 361140026
Fixes:
|
||
|
Dongli Zhang
|
edca080b95 |
BACKPORT: genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline
The absence of IRQD_MOVE_PCNTXT prevents immediate effectiveness of
interrupt affinity reconfiguration via procfs. Instead, the change is
deferred until the next instance of the interrupt being triggered on the
original CPU.
When the interrupt next triggers on the original CPU, the new affinity is
enforced within __irq_move_irq(). A vector is allocated from the new CPU,
but the old vector on the original CPU remains and is not immediately
reclaimed. Instead, apicd->move_in_progress is flagged, and the reclaiming
process is delayed until the next trigger of the interrupt on the new CPU.
Upon the subsequent triggering of the interrupt on the new CPU,
irq_complete_move() adds a task to the old CPU's vector_cleanup list if it
remains online. Subsequently, the timer on the old CPU iterates over its
vector_cleanup list, reclaiming old vectors.
However, a rare scenario arises if the old CPU is outgoing before the
interrupt triggers again on the new CPU.
In that case irq_force_complete_move() is not invoked on the outgoing CPU
to reclaim the old apicd->prev_vector because the interrupt isn't currently
affine to the outgoing CPU, and irq_needs_fixup() returns false. Even
though __vector_schedule_cleanup() is later called on the new CPU, it
doesn't reclaim apicd->prev_vector; instead, it simply resets both
apicd->move_in_progress and apicd->prev_vector to 0.
As a result, the vector remains unreclaimed in vector_matrix, leading to a
CPU vector leak.
To address this issue, move the invocation of irq_force_complete_move()
before the irq_needs_fixup() call to reclaim apicd->prev_vector, if the
interrupt is currently or used to be affine to the outgoing CPU.
Additionally, reclaim the vector in __vector_schedule_cleanup() as well,
following a warning message, although theoretically it should never see
apicd->move_in_progress with apicd->prev_cpu pointing to an offline CPU.
Fixes:
|
||
|
Dongli Zhang
|
a339e02cde |
UPSTREAM: genirq/cpuhotplug: Retry with cpu_online_mask when migration fails
When a CPU goes offline, the interrupts affine to that CPU are re-configured. Managed interrupts undergo either migration to other CPUs or shutdown if all CPUs listed in the affinity are offline. The migration of managed interrupts is guaranteed on x86 because there are interrupt vectors reserved. Regular interrupts are migrated to a still online CPU in the affinity mask or if there is no online CPU to any online CPU. This works as long as the still online CPUs in the affinity mask have interrupt vectors available, but in case that none of those CPUs has a vector available the migration fails and the device interrupt becomes stale. This is not any different from the case where the affinity mask does not contain any online CPU, but there is no fallback operation for this. Instead of giving up, retry the migration attempt with the online CPU mask if the interrupt is not managed, as managed interrupts cannot be affected by this problem. Signed-off-by: Dongli Zhang <dongli.zhang@oracle.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Link: https://lore.kernel.org/r/20240423073413.79625-1-dongli.zhang@oracle.com Bug: 359158960 Change-Id: I3e8acfe0598b0cb94389115d680d2216833d6a0c (cherry picked from commit 88d724e2301a69c1ab805cd74fc27aa36ae529e0) Signed-off-by: Bart Van Assche <bvanassche@google.com> |
||
|
David Stevens
|
bd59305571 |
UPSTREAM: genirq/cpuhotplug: Skip suspended interrupts when restoring affinity
irq_restore_affinity_of_irq() restarts managed interrupts unconditionally when the first CPU in the affinity mask comes online. That's correct during normal hotplug operations, but not when resuming from S3 because the drivers are not resumed yet and interrupt delivery is not expected by them. Skip the startup of suspended interrupts and let resume_device_irqs() deal with restoring them. This ensures that irqs are not delivered to drivers during the noirq phase of resuming from S3, after non-boot CPUs are brought back online. Signed-off-by: David Stevens <stevensd@chromium.org> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Link: https://lore.kernel.org/r/20240424090341.72236-1-stevensd@chromium.org Bug: 359158960 Change-Id: Ie5610f7dffe05a141e6db1a8b6b067845c910b4a (cherry picked from commit a60dd06af674d3bb76b40da5d722e4a0ecefe650) Signed-off-by: Bart Van Assche <bvanassche@google.com> |
||
|
Andrew Halaney
|
d6a513a784 |
UPSTREAM: scsi: ufs: core: Perform read back after writing UTP_TASK_REQ_LIST_BASE_H
Currently, the UTP_TASK_REQ_LIST_BASE_L/UTP_TASK_REQ_LIST_BASE_H regs are
written to and then completed with an mb().
mb() ensures that the write completes, but completion doesn't mean that it
isn't stored in a buffer somewhere. The recommendation for ensuring these
bits have taken effect on the device is to perform a read back to force it
to make it all the way to the device. This is documented in device-io.rst
and a talk by Will Deacon on this can be seen over here:
https://youtu.be/i6DayghhA8Q?si=MiyxB5cKJXSaoc01&t=1678
Let's do that to ensure the bits hit the device. Because the mb()'s purpose
wasn't to add extra ordering (on top of the ordering guaranteed by
writel()/readl()), it can safely be removed.
Bug: 254441685
Fixes:
|
||
|
Ryan Roberts
|
64b0e0b285 |
UPSTREAM: mm/userfaultfd: UFFDIO_MOVE implementation should use ptep_get()
Commit
|
||
|
Wenjie Qi
|
5fc3f5b48a |
UPSTREAM: f2fs: fix NULL pointer dereference in f2fs_submit_page_write()
BUG: kernel NULL pointer dereference, address: 0000000000000014
RIP: 0010:f2fs_submit_page_write+0x6cf/0x780 [f2fs]
Call Trace:
<TASK>
? show_regs+0x6e/0x80
? __die+0x29/0x70
? page_fault_oops+0x154/0x4a0
? prb_read_valid+0x20/0x30
? __irq_work_queue_local+0x39/0xd0
? irq_work_queue+0x36/0x70
? do_user_addr_fault+0x314/0x6c0
? exc_page_fault+0x7d/0x190
? asm_exc_page_fault+0x2b/0x30
? f2fs_submit_page_write+0x6cf/0x780 [f2fs]
? f2fs_submit_page_write+0x736/0x780 [f2fs]
do_write_page+0x50/0x170 [f2fs]
f2fs_outplace_write_data+0x61/0xb0 [f2fs]
f2fs_do_write_data_page+0x3f8/0x660 [f2fs]
f2fs_write_single_data_page+0x5bb/0x7a0 [f2fs]
f2fs_write_cache_pages+0x3da/0xbe0 [f2fs]
...
It is possible that other threads have added this fio to io->bio
and submitted the io->bio before entering f2fs_submit_page_write().
At this point io->bio = NULL.
If is_end_zone_blkaddr(sbi, fio->new_blkaddr) of this fio is true,
then an NULL pointer dereference error occurs at bio_get(io->bio).
The original code for determining zone end was after "out:",
which would have missed some fio who is zone end. I've moved
this code before "skip:" to make sure it's done for each fio.
Bug: 254441685
Fixes:
|
||
|
Chao Yu
|
a8e77a7072 |
UPSTREAM: f2fs: zone: fix to wait completion of last bio in zone correctly
It needs to check last zone_pending_bio and wait IO completion before
traverse next fio in io->io_list, otherwise, bio in next zone may be
submitted before all IO completion in current zone.
Bug: 254441685
Fixes:
|
||
|
Ashish Mhetre
|
66e0c14580 |
UPSTREAM: iommu: Don't reserve 0-length IOVA region
When the bootloader/firmware doesn't setup the framebuffers, their
address and size are 0 in "iommu-addresses" property. If IOVA region is
reserved with 0 length, then it ends up corrupting the IOVA rbtree with
an entry which has pfn_hi < pfn_lo.
If we intend to use display driver in kernel without framebuffer then
it's causing the display IOMMU mappings to fail as entire valid IOVA
space is reserved when address and length are passed as 0.
An ideal solution would be firmware removing the "iommu-addresses"
property and corresponding "memory-region" if display is not present.
But the kernel should be able to handle this by checking for size of
IOVA region and skipping the IOVA reservation if size is 0. Also, add
a warning if firmware is requesting 0-length IOVA region reservation.
Bug: 254441685
Fixes:
|
||
|
Daniel Mentz
|
793280fe93 |
UPSTREAM: iommu: Fix printk arg in of_iommu_get_resv_regions()
The variable phys is defined as (struct resource *) which aligns with
the printk format specifier %pr. Taking the address of it results in a
value of type (struct resource **) which is incompatible with the format
specifier %pr. Therefore, remove the address of operator (&).
Bug: 254441685
Fixes:
|
||
|
Laurentiu Tudor
|
f3d71968c1 |
UPSTREAM: iommu: Map reserved memory as cacheable if device is coherent
Check if the device is marked as DMA coherent in the DT and if so,
map its reserved memory as cacheable in the IOMMU.
This fixes the recently added IOMMU reserved memory support which
uses IOMMU_RESV_DIRECT without properly building the PROT for the
mapping.
Bug: 254441685
Fixes:
|
||
|
Jens Axboe
|
7d59065aa4 |
BACKPORT: io_uring/fdinfo: remove need for sqpoll lock for thread/pid retrieval
A previous commit added a trylock for getting the SQPOLL thread info via
fdinfo, but this introduced a regression where we often fail to get it if
the thread is busy. For that case, we end up not printing the current CPU
and PID info.
Rather than rely on this lock, just print the pid we already stored in
the io_sq_data struct, and ensure we update the current CPU every time
we've slept or potentially rescheduled. The latter won't potentially be
100% accurate, but that wasn't the case before either as the task can
get migrated at any time unless it has been pinned at creation time.
We retain keeping the io_sq_data dereference inside the ctx->uring_lock,
as it has always been, as destruction of the thread and data happen below
that. We could make this RCU safe, but there's little point in doing that.
With this, we always print the last valid information we had, rather than
have spurious outputs with missing information.
Bug: 254441685
Fixes:
|
||
|
Johannes Berg
|
30c4764908 |
UPSTREAM: wifi: cfg80211: fix assoc response warning on failed links
The warning here shouldn't be done before we even set the bss field (or should've used the input data). Move the assignment before the warning to fix it. We noticed this now because of Wen's bugfix, where the bug fixed there had previously hidden this other bug. Bug: 254441685 Fixes: |
||
|
Badhri Jagan Sridharan
|
7f2d1a477c |
UPSTREAM: usb: typec: tcpm: Add additional checks for contaminant
When transitioning from SNK_DEBOUNCED to unattached, its worthwhile to
check for contaminant to mitigate wakeups.
```
[81334.219571] Start toggling
[81334.228220] CC1: 0 -> 0, CC2: 0 -> 0 [state TOGGLING, polarity 0, disconnected]
[81334.305147] CC1: 0 -> 0, CC2: 0 -> 3 [state TOGGLING, polarity 0, connected]
[81334.305162] state change TOGGLING -> SNK_ATTACH_WAIT [rev3 NONE_AMS]
[81334.305187] pending state change SNK_ATTACH_WAIT -> SNK_DEBOUNCED @ 170 ms [rev3 NONE_AMS]
[81334.475515] state change SNK_ATTACH_WAIT -> SNK_DEBOUNCED [delayed 170 ms]
[81334.486480] CC1: 0 -> 0, CC2: 3 -> 0 [state SNK_DEBOUNCED, polarity 0, disconnected]
[81334.486495] state change SNK_DEBOUNCED -> SNK_DEBOUNCED [rev3 NONE_AMS]
[81334.486515] pending state change SNK_DEBOUNCED -> SNK_UNATTACHED @ 20 ms [rev3 NONE_AMS]
[81334.506621] state change SNK_DEBOUNCED -> SNK_UNATTACHED [delayed 20 ms]
[81334.506640] Start toggling
[81334.516972] CC1: 0 -> 0, CC2: 0 -> 0 [state TOGGLING, polarity 0, disconnected]
[81334.592759] CC1: 0 -> 0, CC2: 0 -> 3 [state TOGGLING, polarity 0, connected]
[81334.592773] state change TOGGLING -> SNK_ATTACH_WAIT [rev3 NONE_AMS]
[81334.592792] pending state change SNK_ATTACH_WAIT -> SNK_DEBOUNCED @ 170 ms [rev3 NONE_AMS]
[81334.762940] state change SNK_ATTACH_WAIT -> SNK_DEBOUNCED [delayed 170 ms]
[81334.773557] CC1: 0 -> 0, CC2: 3 -> 0 [state SNK_DEBOUNCED, polarity 0, disconnected]
[81334.773570] state change SNK_DEBOUNCED -> SNK_DEBOUNCED [rev3 NONE_AMS]
[81334.773588] pending state change SNK_DEBOUNCED -> SNK_UNATTACHED @ 20 ms [rev3 NONE_AMS]
[81334.793672] state change SNK_DEBOUNCED -> SNK_UNATTACHED [delayed 20 ms]
[81334.793681] Start toggling
[81334.801840] CC1: 0 -> 0, CC2: 0 -> 0 [state TOGGLING, polarity 0, disconnected]
[81334.878655] CC1: 0 -> 0, CC2: 0 -> 3 [state TOGGLING, polarity 0, connected]
[81334.878672] state change TOGGLING -> SNK_ATTACH_WAIT [rev3 NONE_AMS]
[81334.878696] pending state change SNK_ATTACH_WAIT -> SNK_DEBOUNCED @ 170 ms [rev3 NONE_AMS]
[81335.048968] state change SNK_ATTACH_WAIT -> SNK_DEBOUNCED [delayed 170 ms]
[81335.060684] CC1: 0 -> 0, CC2: 3 -> 0 [state SNK_DEBOUNCED, polarity 0, disconnected]
[81335.060754] state change SNK_DEBOUNCED -> SNK_DEBOUNCED [rev3 NONE_AMS]
[81335.060775] pending state change SNK_DEBOUNCED -> SNK_UNATTACHED @ 20 ms [rev3 NONE_AMS]
[81335.080884] state change SNK_DEBOUNCED -> SNK_UNATTACHED [delayed 20 ms]
[81335.080900] Start toggling
```
Bug: 254441685
Cc: stable@vger.kernel.org
Fixes:
|
||
|
Xiu Jianfeng
|
8dabbe8363 |
UPSTREAM: mm: remove duplicated vma->vm_flags check when expanding stack
expand_upwards() and expand_downwards() will return -EFAULT if VM_GROWSUP
or VM_GROWSDOWN is not correctly set in vma->vm_flags, however in
!CONFIG_STACK_GROWSUP case, expand_stack_locked() returns -EINVAL first if
!(vma->vm_flags & VM_GROWSDOWN) before calling expand_downwards(), to keep
the consistency with CONFIG_STACK_GROWSUP case, remove this check.
The usages of this function are as below:
A:fs/exec.c
ret = expand_stack_locked(vma, stack_base);
if (ret)
ret = -EFAULT;
or
B:mm/memory.c mm/mmap.c
if (expand_stack_locked(vma, addr))
return NULL;
which means the return value will not propagate to other places, so I
believe there is no user-visible effects of this change, and it's
unnecessary to backport to earlier versions.
Bug: 254441685
Link: https://lkml.kernel.org/r/20230906103312.645712-1-xiujianfeng@huaweicloud.com
Fixes:
|
||
|
Minchan Kim
|
ab384f79d4 |
ANDROID: Update the ABI symbol list
Adding the following symbols: - bitmap_find_free_region - bitmap_release_region - of_graph_get_endpoint_by_regs - __traceiter_android_rvh_mapping_shrinkable - __traceiter_android_rvh_util_est_update - __tracepoint_android_rvh_mapping_shrinkable - __tracepoint_android_rvh_util_est_update Bug: 347958166 Change-Id: I4feadf95bf24da1a1554a828e181d4ec65cc9a32 Signed-off-by: Minchan Kim <minchan@google.com> |
||
|
Minchan Kim
|
bbf690e531 |
ANDROID: add vendor hook for mapping_shrinkable
To control inode memory reclaim, add restricted vendor hook. Bug: 347958166 Change-Id: Iefb9ef66c9fd5abae99adb1200263e4642f991cc Signed-off-by: Minchan Kim <minchan@google.com> |
||
|
Bart Van Assche
|
660e1a2695 |
FROMLIST: sd: Retry START STOP UNIT commands
During system resume, sd_start_stop_device() submits a START STOP UNIT command to the SCSI device that is being resumed. That command is not retried in case of a unit attention and hence may fail. An example: [16575.983359] sd 0:0:0:3: [sdd] Starting disk [16575.983693] sd 0:0:0:3: [sdd] Start/Stop Unit failed: Result: hostbyte=0x00 driverbyte=DRIVER_OK [16575.983712] sd 0:0:0:3: [sdd] Sense Key : 0x6 [16575.983730] sd 0:0:0:3: [sdd] ASC=0x29 ASCQ=0x0 [16575.983738] sd 0:0:0:3: PM: dpm_run_callback(): scsi_bus_resume+0x0/0xa0 returns -5 [16575.983783] sd 0:0:0:3: PM: failed to resume async: error -5 Make the SCSI core retry the START STOP UNIT command if a retryable error is encountered. Cc: Damien Le Moal <dlemoal@kernel.org> Cc: Mike Christie <michael.christie@oracle.com> Change-Id: Ic8e0859c4455d93fcabee42f1598858571f5f3d1 Signed-off-by: Bart Van Assche <bvanassche@acm.org> Bug: 348341595 Link: https://lore.kernel.org/linux-scsi/yq17ccp1i4b.fsf@ca-mkp.ca.oracle.com/T/#m52a26a50649b1d537cb129e5653f723509d6bde7 Signed-off-by: Bart Van Assche <bvanassche@google.com> |
||
|
Bart Van Assche
|
4ab8dafa79 |
FROMLIST: scsi: core: Retry passthrough commands if SCMD_RETRY_PASSTHROUGH is set
The SCSI core does not retry passthrough commands even if the SCSI device reports a retryable unit attention condition. Support retrying in this case by introducing the SCMD_RETRY_PASSTHROUGH flag. Cc: Damien Le Moal <dlemoal@kernel.org> Cc: Mike Christie <michael.christie@oracle.com> Signed-off-by: Bart Van Assche <bvanassche@acm.org> Signed-off-by: Bart Van Assche <bvanassche@google.com> Bug: 348341595 Link: https://lore.kernel.org/linux-scsi/yq17ccp1i4b.fsf@ca-mkp.ca.oracle.com/T/#mfdb1a3a0d6d4803afe1098bdafc12fd4168e30e0 Change-Id: I44092a0d8853fd61bf619e5bae6d65eaaddad780 Signed-off-by: Bart Van Assche <bvanassche@google.com> |
||
|
Seiya Wang
|
8288de8306 |
ANDROID: GKI: Update symbol list for mtk
1 function symbol(s) added 'struct snd_kcontrol* snd_soc_cnew(const struct snd_kcontrol_new*, void*, const char*, const char*)' Bug: 359437271 Signed-off-by: Seiya Wang <seiya.wang@mediatek.com> Change-Id: I53d2771c95cabfc6931a83eb43e1499b9de8bc8b |
||
|
Greg Kroah-Hartman
|
9d37e2aae7 |
ANDROID: add __module_get to db854c symbol list.
In commit |
||
|
Greg Kroah-Hartman
|
5ccfb1bf19 |
Revert "drm/mipi-dsi: use correct return type for the DSC functions"
This reverts commit
|
||
|
Greg Kroah-Hartman
|
d201efdaa4 |
Revert "media: cec: core: avoid recursive cec_claim_log_addrs"
This reverts commit
|
||
|
Greg Kroah-Hartman
|
dcb51feb27 |
Revert "Bluetooth: compute LE flow credits based on recvbuf space"
This reverts commit
|
||
|
Greg Kroah-Hartman
|
a4d90a8f3c |
Merge 6.1.93 into android14-6.1-lts
Changes in 6.1.93
SUNRPC: Fix loop termination condition in gss_free_in_token_pages()
x86/tsc: Trust initial offset in architectural TSC-adjust MSRs
ftrace: Fix possible use-after-free issue in ftrace_location()
tty: n_gsm: fix possible out-of-bounds in gsm0_receive()
tty: n_gsm: fix missing receive state reset after mode switch
speakup: Fix sizeof() vs ARRAY_SIZE() bug
serial: 8250_bcm7271: use default_mux_rate if possible
serial: 8520_mtk: Set RTS on shutdown for Rx in-band wakeup
io_uring: fail NOP if non-zero op flags is passed in
Revert "r8169: don't try to disable interrupts if NAPI is, scheduled already"
r8169: Fix possible ring buffer corruption on fragmented Tx packets.
ring-buffer: Fix a race between readers and resize checks
tools/latency-collector: Fix -Wformat-security compile warns
tools/nolibc/stdlib: fix memory error in realloc()
net: smc91x: Fix m68k kernel compilation for ColdFire CPU
nilfs2: fix unexpected freezing of nilfs_segctor_sync()
nilfs2: fix potential hang in nilfs_detach_log_writer()
fs/ntfs3: Remove max link count info display during driver init
fs/ntfs3: Taking DOS names into account during link counting
fs/ntfs3: Fix case when index is reused during tree transformation
fs/ntfs3: Break dir enumeration if directory contents error
ksmbd: avoid to send duplicate oplock break notifications
ksmbd: ignore trailing slashes in share paths
ALSA: hda/realtek: fix mute/micmute LEDs don't work for ProBook 440/460 G11.
ALSA: core: Fix NULL module pointer assignment at card init
ALSA: Fix deadlocks with kctl removals at disconnection
KEYS: asymmetric: Add missing dependencies of FIPS_SIGNATURE_SELFTEST
wifi: mac80211: don't use rate mask for scanning
wifi: mac80211: ensure beacon is non-S1G prior to extracting the beacon timestamp field
wifi: cfg80211: fix the order of arguments for trace events of the tx_rx_evt class
dt-bindings: rockchip: grf: Add missing type to 'pcie-phy' node
net: usb: qmi_wwan: add Telit FN920C04 compositions
drm/amd/display: Set color_mgmt_changed to true on unsuspend
drm/amdgpu: Update BO eviction priorities
drm/amdgpu: Fix the ring buffer size for queue VM flush
drm/amdgpu/mes: fix use-after-free issue
LoongArch: Lately init pmu after smp is online
selftests: sud_test: return correct emulated syscall value on RISC-V
sched/isolation: Fix boot crash when maxcpus < first housekeeping CPU
ASoC: Intel: bytcr_rt5640: Apply Asus T100TA quirk to Asus T100TAM too
regulator: irq_helpers: duplicate IRQ name
ASoC: rt5645: Fix the electric noise due to the CBJ contacts floating
ASoC: dt-bindings: rt5645: add cbj sleeve gpio property
regulator: vqmmc-ipq4019: fix module autoloading
ASoC: rt715: add vendor clear control register
ASoC: rt715-sdca: volume step modification
KVM: selftests: Add test for uaccesses to non-existent vgic-v2 CPUIF
x86/efistub: Omit physical KASLR when memory reservations exist
efi: libstub: only free priv.runtime_map when allocated
KVM: x86: Don't advertise guest.MAXPHYADDR as host.MAXPHYADDR in CPUID
genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline
fpga: dfl-pci: add PCI subdevice ID for Intel D5005 card
softirq: Fix suspicious RCU usage in __do_softirq()
ASoC: da7219-aad: fix usage of device_get_named_child_node()
ALSA: hda: intel-dsp-config: harden I2C/I2S codec detection
drm/amd/display: Add dtbclk access to dcn315
drm/amd/display: Add VCO speed parameter for DCN31 FPU
drm/amdkfd: Flush the process wq before creating a kfd_process
x86/mm: Remove broken vsyscall emulation code from the page fault code
nvme: find numa distance only if controller has valid numa id
nvmet-auth: return the error code to the nvmet_auth_host_hash() callers
nvmet-auth: replace pr_debug() with pr_err() to report an error.
nvmet-tcp: fix possible memory leak when tearing down a controller
nvmet: fix nvme status code when namespace is disabled
epoll: be better about file lifetimes
nvmet: prevent sprintf() overflow in nvmet_subsys_nsid_exists()
openpromfs: finish conversion to the new mount API
crypto: bcm - Fix pointer arithmetic
mm/slub, kunit: Use inverted data to corrupt kmem cache
firmware: raspberrypi: Use correct device for DMA mappings
ecryptfs: Fix buffer size for tag 66 packet
nilfs2: fix out-of-range warning
parisc: add missing export of __cmpxchg_u8()
crypto: ccp - drop platform ifdef checks
crypto: x86/nh-avx2 - add missing vzeroupper
crypto: x86/sha256-avx2 - add missing vzeroupper
crypto: x86/sha512-avx2 - add missing vzeroupper
s390/cio: fix tracepoint subchannel type field
io_uring: don't use TIF_NOTIFY_SIGNAL to test for availability of task_work
io_uring: use the right type for work_llist empty check
rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow
rcu: Fix buffer overflow in print_cpu_stall_info()
ARM: configs: sunxi: Enable DRM_DW_HDMI
jffs2: prevent xattr node from overflowing the eraseblock
soc: mediatek: cmdq: Fix typo of CMDQ_JUMP_RELATIVE
null_blk: Fix missing mutex_destroy() at module removal
md: fix resync softlockup when bitmap size is less than array size
block: open code __blk_account_io_start()
block: open code __blk_account_io_done()
block: support to account io_ticks precisely
wifi: ath10k: poll service ready message before failing
wifi: brcmfmac: pcie: handle randbuf allocation failure
wifi: ath11k: don't force enable power save on non-running vdevs
bpftool: Fix missing pids during link show
x86/boot: Ignore relocations in .notes sections in walk_relocs() too
sched/fair: Add EAS checks before updating root_domain::overutilized
ACPI: Fix Generic Initiator Affinity _OSC bit
qed: avoid truncating work queue length
net/mlx5e: Fail with messages when params are not valid for XSK
mlx5: stop warning for 64KB pages
bitops: add missing prototype check
wifi: carl9170: re-fix fortified-memset warning
bpf: Pack struct bpf_fib_lookup
scsi: ufs: qcom: Perform read back after writing reset bit
scsi: ufs: qcom: Perform read back after writing REG_UFS_SYS1CLK_1US
scsi: ufs: ufs-qcom: Fix the Qcom register name for offset 0xD0
scsi: ufs: ufs-qcom: Clear qunipro_g4_sel for HW version major 5
scsi: ufs: qcom: Perform read back after writing unipro mode
scsi: ufs: qcom: Perform read back after writing CGC enable
scsi: ufs: cdns-pltfrm: Perform read back after writing HCLKDIV
scsi: ufs: core: Perform read back after disabling interrupts
scsi: ufs: core: Perform read back after disabling UIC_COMMAND_COMPL
ACPI: LPSS: Advertise number of chip selects via property
irqchip/alpine-msi: Fix off-by-one in allocation error path
irqchip/loongson-pch-msi: Fix off-by-one on allocation error path
ACPI: disable -Wstringop-truncation
gfs2: Don't forget to complete delayed withdraw
gfs2: Fix "ignore unlock failures after withdraw"
x86/boot/64: Clear most of CR4 in startup_64(), except PAE, MCE and LA57
selftests/bpf: Fix umount cgroup2 error in test_sockmap
cpufreq: exit() callback is optional
x86/pat: Introduce lookup_address_in_pgd_attr()
x86/pat: Restructure _lookup_address_cpa()
x86/pat: Fix W^X violation false-positives when running as Xen PV guest
net: export inet_lookup_reuseport and inet6_lookup_reuseport
net: remove duplicate reuseport_lookup functions
udp: Avoid call to compute_score on multiple sites
cppc_cpufreq: Fix possible null pointer dereference
scsi: libsas: Fix the failure of adding phy with zero-address to port
scsi: hpsa: Fix allocation size for Scsi_Host private data
x86/purgatory: Switch to the position-independent small code model
thermal/drivers/tsens: Fix null pointer dereference
wifi: ath10k: Fix an error code problem in ath10k_dbg_sta_write_peer_debug_trigger()
selftests/bpf: Fix a fd leak in error paths in open_netns
wifi: ath10k: populate board data for WCN3990
net: dsa: mv88e6xxx: Add support for model-specific pre- and post-reset handlers
net: dsa: mv88e6xxx: Avoid EEPROM timeout without EEPROM on 88E6250-family switches
tcp: avoid premature drops in tcp_add_backlog()
pwm: sti: Convert to platform remove callback returning void
pwm: sti: Prepare removing pwm_chip from driver data
pwm: sti: Simplify probe function using devm functions
drivers/perf: hisi_pcie: Fix out-of-bound access when valid event group
drivers/perf: hisi: hns3: Fix out-of-bound access when valid event group
drivers/perf: hisi: hns3: Actually use devm_add_action_or_reset()
net: give more chances to rcu in netdev_wait_allrefs_any()
macintosh/via-macii: Fix "BUG: sleeping function called from invalid context"
wifi: carl9170: add a proper sanity check for endpoints
wifi: ar5523: enable proper endpoint verification
sh: kprobes: Merge arch_copy_kprobe() into arch_prepare_kprobe()
Revert "sh: Handle calling csum_partial with misaligned data"
wifi: mt76: mt7603: add wpdma tx eof flag for PSE client reset
libbpf: Fix error message in attach_kprobe_multi
selftests/binderfs: use the Makefile's rules, not Make's implicit rules
selftests/resctrl: fix clang build failure: use LOCAL_HDRS
selftests: default to host arch for LLVM builds
kunit: Fix kthread reference
HID: intel-ish-hid: ipc: Add check for pci_alloc_irq_vectors
scsi: bfa: Ensure the copied buf is NUL terminated
scsi: qedf: Ensure the copied buf is NUL terminated
scsi: qla2xxx: Fix debugfs output for fw_resource_count
kernel/numa.c: Move logging out of numa.h
x86/numa: Fix SRAT lookup of CFMWS ranges with numa_fill_memblks()
wifi: mwl8k: initialize cmd->addr[] properly
HID: amd_sfh: Handle "no sensors" in PM operations
usb: aqc111: stop lying about skb->truesize
net: usb: sr9700: stop lying about skb->truesize
m68k: Fix spinlock race in kernel thread creation
m68k: mac: Fix reboot hang on Mac IIci
net: ipv6: fix wrong start position when receive hop-by-hop fragment
eth: sungem: remove .ndo_poll_controller to avoid deadlocks
selftests: net: move amt to socat for better compatibility
net: ethernet: cortina: Locking fixes
af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg
net: usb: smsc95xx: stop lying about skb->truesize
net: openvswitch: fix overwriting ct original tuple for ICMPv6
ipv6: sr: add missing seg6_local_exit
ipv6: sr: fix incorrect unregister order
ipv6: sr: fix invalid unregister error path
net/mlx5: Add a timeout to acquire the command queue semaphore
net/mlx5: Discard command completions in internal error
s390/bpf: Emit a barrier for BPF_FETCH instructions
riscv, bpf: make some atomic operations fully ordered
ax25: Use kernel universal linked list to implement ax25_dev_list
ax25: Fix reference count leak issues of ax25_dev
ax25: Fix reference count leak issue of net_device
mptcp: SO_KEEPALIVE: fix getsockopt support
Bluetooth: Consolidate code around sk_alloc into a helper function
Bluetooth: compute LE flow credits based on recvbuf space
Bluetooth: qca: Fix error code in qca_read_fw_build_info()
drm/bridge: Fix improper bridge init order with pre_enable_prev_first
printk: Let no_printk() use _printk()
dev_printk: Add and use dev_no_printk()
drm/lcdif: Do not disable clocks on already suspended hardware
drm/panel-samsung-atna33xc20: Use ktime_get_boottime for delays
drm/dp: Don't attempt AUX transfers when eDP panels are not powered
drm/panel: atna33xc20: Fix unbalanced regulator in the case HPD doesn't assert
drm/amd/display: Fix potential index out of bounds in color transformation function
ASoC: Intel: Disable route checks for Skylake boards
ASoC: Intel: avs: ssm4567: Do not ignore route checks
mtd: core: Report error if first mtd_otp_size() call fails in mtd_otp_nvmem_add()
mtd: rawnand: hynix: fixed typo
fbdev: shmobile: fix snprintf truncation
ASoC: kirkwood: Fix potential NULL dereference
drm/meson: vclk: fix calculation of 59.94 fractional rates
drm/mediatek: Add 0 size check to mtk_drm_gem_obj
powerpc/fsl-soc: hide unused const variable
fbdev: sisfb: hide unused variables
ASoC: Intel: avs: Fix ASRC module initialization
ASoC: Intel: avs: Fix potential integer overflow
media: ngene: Add dvb_ca_en50221_init return value check
media: rcar-vin: work around -Wenum-compare-conditional warning
media: radio-shark2: Avoid led_names truncations
drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference
drm/msm/dp: allow voltage swing / pre emphasis of 3
drm/msm/dp: Return IRQ_NONE for unhandled interrupts
drm/msm/dp: Avoid a long timeout for AUX transfer if nothing connected
media: ipu3-cio2: Request IRQ earlier
media: dt-bindings: ovti,ov2680: Fix the power supply names
fbdev: sh7760fb: allow modular build
media: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries
drm/arm/malidp: fix a possible null pointer dereference
drm: vc4: Fix possible null pointer dereference
ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value
drm/bridge: anx7625: Don't log an error when DSI host can't be found
drm/bridge: icn6211: Don't log an error when DSI host can't be found
drm/bridge: lt8912b: Don't log an error when DSI host can't be found
drm/bridge: lt9611: Don't log an error when DSI host can't be found
drm/bridge: lt9611uxc: Don't log an error when DSI host can't be found
drm/bridge: tc358775: Don't log an error when DSI host can't be found
drm/bridge: dpc3433: Don't log an error when DSI host can't be found
drm/panel: novatek-nt35950: Don't log an error when DSI host can't be found
drm/panel: simple: Add missing Innolux G121X1-L03 format, flags, connector
drm/mipi-dsi: use correct return type for the DSC functions
drm/rockchip: vop2: Do not divide height twice for YUV
clk: samsung: exynosautov9: fix wrong pll clock id value
RDMA/mlx5: Adding remote atomic access flag to updatable flags
RDMA/hns: Fix return value in hns_roce_map_mr_sg
RDMA/hns: Fix deadlock on SRQ async events.
RDMA/hns: Fix UAF for cq async event
RDMA/hns: Fix GMV table pagesize
RDMA/hns: Use complete parentheses in macros
RDMA/hns: Modify the print level of CQE error
clk: mediatek: mt8365-mm: fix DPI0 parent
clk: rs9: fix wrong default value for clock amplitude
RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt
RDMA/rxe: Replace pr_xxx by rxe_dbg_xxx in rxe_net.c
RDMA/rxe: Fix incorrect rxe_put in error path
IB/mlx5: Use __iowrite64_copy() for write combining stores
clk: renesas: r8a779a0: Fix CANFD parent clock
clk: renesas: r9a07g043: Add clock and reset entry for PLIC
lib/test_hmm.c: handle src_pfns and dst_pfns allocation failure
clk: qcom: dispcc-sm8450: fix DisplayPort clocks
clk: qcom: dispcc-sm6350: fix DisplayPort clocks
clk: qcom: mmcc-msm8998: fix venus clock issue
x86/insn: Fix PUSH instruction in x86 instruction decoder opcode map
x86/insn: Add VEX versions of VPDPBUSD, VPDPBUSDS, VPDPWSSD and VPDPWSSDS
ext4: avoid excessive credit estimate in ext4_tmpfile()
virt: acrn: stop using follow_pfn
drivers/virt/acrn: fix PFNMAP PTE checks in acrn_vm_ram_map()
sunrpc: removed redundant procp check
ext4: simplify calculation of blkoff in ext4_mb_new_blocks_simple
ext4: fix unit mismatch in ext4_mb_new_blocks_simple
ext4: try all groups in ext4_mb_new_blocks_simple
ext4: remove unused parameter from ext4_mb_new_blocks_simple()
ext4: fix potential unnitialized variable
SUNRPC: Fix gss_free_in_token_pages()
selftests/kcmp: remove unused open mode
RDMA/IPoIB: Fix format truncation compilation errors
net: add pskb_may_pull_reason() helper
net: bridge: xmit: make sure we have at least eth header len bytes
selftests: net: bridge: increase IGMP/MLD exclude timeout membership interval
net: bridge: mst: fix vlan use-after-free
net: qrtr: ns: Fix module refcnt
netrom: fix possible dead-lock in nr_rt_ioctl()
af_packet: do not call packet_read_pending() from tpacket_destruct_skb()
sched/fair: Allow disabling sched_balance_newidle with sched_relax_domain_level
sched/core: Fix incorrect initialization of the 'burst' parameter in cpu_max_write()
scsi: ufs: ufs-qcom: Clear qunipro_g4_sel for HW major version > 5
perf record: Delete session after stopping sideband thread
perf probe: Add missing libgen.h header needed for using basename()
iio: core: Leave private pointer NULL when no private data supplied
greybus: lights: check return of get_channel_from_mode
f2fs: multidev: fix to recognize valid zero block address
f2fs: fix to wait on page writeback in __clone_blkaddrs()
counter: linux/counter.h: fix Excess kernel-doc description warning
perf annotate: Get rid of duplicate --group option item
soundwire: cadence: fix invalid PDI offset
dmaengine: idma64: Add check for dma_set_max_seg_size
firmware: dmi-id: add a release callback function
serial: max3100: Lock port->lock when calling uart_handle_cts_change()
serial: max3100: Update uart_driver_registered on driver removal
serial: max3100: Fix bitwise types
greybus: arche-ctrl: move device table to its right location
PCI: tegra194: Fix probe path for Endpoint mode
serial: sc16is7xx: add proper sched.h include for sched_set_fifo()
interconnect: qcom: qcm2290: Fix mas_snoc_bimc QoS port assignment
arm64: dts: meson: fix S4 power-controller node
perf test: Add -w/--workload option
perf test: Add 'thloop' test workload
perf test: Add 'leafloop' test workload
perf test: Add 'sqrtloop' test workload
perf test: Add 'brstack' test workload
perf test: Add 'datasym' test workload
perf tests: Make "test data symbol" more robust on Neoverse N1
dt-bindings: PCI: rcar-pci-host: Add optional regulators
dt-bindings: PCI: rcar-pci-host: Add missing IOMMU properties
f2fs: compress: fix to relocate check condition in f2fs_{release,reserve}_compress_blocks()
f2fs: compress: fix to relocate check condition in f2fs_ioc_{,de}compress_file()
f2fs: fix typos in comments
f2fs: fix to relocate check condition in f2fs_fallocate()
f2fs: fix to check pinfile flag in f2fs_move_file_range()
iio: adc: stm32: Fixing err code to not indicate success
coresight: etm4x: Fix unbalanced pm_runtime_enable()
perf docs: Document bpf event modifier
iio: pressure: dps310: support negative temperature values
coresight: etm4x: Do not hardcode IOMEM access for register restore
coresight: etm4x: Do not save/restore Data trace control registers
coresight: etm4x: Safe access for TRCQCLTR
coresight: etm4x: Fix access to resource selector registers
fpga: region: add owner module and take its refcount
microblaze: Remove gcc flag for non existing early_printk.c file
microblaze: Remove early printk call from cpuinfo-static.c
perf intel-pt: Fix unassigned instruction op (discovered by MemorySanitizer)
ovl: remove upper umask handling from ovl_create_upper()
VMCI: Fix an error handling path in vmci_guest_probe_device()
dt-bindings: pinctrl: mediatek: mt7622: fix array properties
watchdog: bd9576: Drop "always-running" property
watchdog: sa1100: Fix PTR_ERR_OR_ZERO() vs NULL check in sa1100dog_probe()
usb: gadget: u_audio: Fix race condition use of controls after free during gadget unbind.
usb: gadget: u_audio: Clear uac pointer when freed.
stm class: Fix a double free in stm_register_device()
ppdev: Remove usage of the deprecated ida_simple_xx() API
ppdev: Add an error check in register_device
perf bench internals inject-build-id: Fix trap divide when collecting just one DSO
perf ui browser: Don't save pointer to stack memory
extcon: max8997: select IRQ_DOMAIN instead of depending on it
PCI/EDR: Align EDR_PORT_DPC_ENABLE_DSM with PCI Firmware r3.3
PCI/EDR: Align EDR_PORT_LOCATE_DSM with PCI Firmware r3.3
perf ui browser: Avoid SEGV on title
perf report: Avoid SEGV in report__setup_sample_type()
f2fs: compress: fix to update i_compr_blocks correctly
f2fs: compress: fix to cover {reserve,release}_compress_blocks() w/ cp_rwsem lock
f2fs: fix to release node block count in error path of f2fs_new_node_page()
f2fs: compress: don't allow unaligned truncation on released compress inode
serial: sh-sci: protect invalidating RXDMA on shutdown
libsubcmd: Fix parse-options memory leak
perf daemon: Fix file leak in daemon_session__control
f2fs: fix to add missing iput() in gc_data_segment()
perf stat: Don't display metric header for non-leader uncore events
LoongArch: Fix callchain parse error with kernel tracepoint events again
s390/vdso: filter out mno-pic-data-is-text-relative cflag
s390/vdso64: filter out munaligned-symbols flag for vdso
s390/vdso: Generate unwind information for C modules
s390/vdso: Use standard stack frame layout
s390/ipl: Fix incorrect initialization of len fields in nvme reipl block
s390/ipl: Fix incorrect initialization of nvme dump block
s390/boot: Remove alt_stfle_fac_list from decompressor
Input: ims-pcu - fix printf string overflow
Input: ioc3kbd - convert to platform remove callback returning void
Input: ioc3kbd - add device table
mmc: sdhci_am654: Add tuning algorithm for delay chain
mmc: sdhci_am654: Write ITAPDLY for DDR52 timing
mmc: sdhci_am654: Drop lookup for deprecated ti,otap-del-sel
mmc: sdhci_am654: Add OTAP/ITAP delay enable
mmc: sdhci_am654: Add ITAPDLYSEL in sdhci_j721e_4bit_set_clock
mmc: sdhci_am654: Fix ITAPDLY for HS400 timing
Input: pm8xxx-vibrator - correct VIB_MAX_LEVELS calculation
drm/msm/dsi: Print dual-DSI-adjusted pclk instead of original mode pclk
drm/msm/dpu: Always flush the slave INTF on the CTL
drm/mediatek: dp: Move PHY registration to new function
drm/mediatek: dp: Add support for embedded DisplayPort aux-bus
drm/mediatek: dp: Fix mtk_dp_aux_transfer return value
um: Fix return value in ubd_init()
um: Add winch to winch_handlers before registering winch IRQ
um: vector: fix bpfflash parameter evaluation
fs/ntfs3: Use 64 bit variable to avoid 32 bit overflow
fs/ntfs3: Use variable length array instead of fixed size
drm/bridge: tc358775: fix support for jeida-18 and jeida-24
media: stk1160: fix bounds checking in stk1160_copy_video()
scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy()
Input: cyapa - add missing input core locking to suspend/resume functions
media: flexcop-usb: fix sanity check of bNumEndpoints
powerpc/pseries: Add failure related checks for h_get_mpp and h_get_ppp
um: Fix the -Wmissing-prototypes warning for __switch_mm
um: Fix the -Wmissing-prototypes warning for get_thread_reg
um: Fix the declaration of kasan_map_memory
media: sunxi: a83-mips-csi2: also select GENERIC_PHY
media: cec: cec-adap: always cancel work in cec_transmit_msg_fh
media: cec: cec-api: add locking in cec_release()
media: cec: core: avoid recursive cec_claim_log_addrs
media: cec: core: avoid confusing "transmit timed out" message
Revert "drm/bridge: ti-sn65dsi83: Fix enable error path"
drm/msm: Enable clamp_to_idle for 7c3
drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails
null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION()
ALSA: hda/cs_dsp_ctl: Use private_free for control cleanup
ASoC: mediatek: mt8192: fix register configuration for tdm
regulator: bd71828: Don't overwrite runtime voltages
perf/arm-dmc620: Fix lockdep assert in ->event_init()
x86/kconfig: Select ARCH_WANT_FRAME_POINTERS again when UNWINDER_FRAME_POINTER=y
net: Always descend into dsa/ folder with CONFIG_NET_DSA enabled
ipv6: sr: fix missing sk_buff release in seg6_input_core
selftests: net: kill smcrouted in the cleanup logic in amt.sh
nfc: nci: Fix uninit-value in nci_rx_work
ASoC: tas2552: Add TX path for capturing AUDIO-OUT data
NFSv4: Fixup smatch warning for ambiguous return
nfs: keep server info for remounts
sunrpc: fix NFSACL RPC retry on soft mount
rpcrdma: fix handling for RDMA_CM_EVENT_DEVICE_REMOVAL
af_unix: Update unix_sk(sk)->oob_skb under sk_receive_queue lock.
ipv6: sr: fix memleak in seg6_hmac_init_algo
tcp: Fix shift-out-of-bounds in dctcp_update_alpha().
pNFS/filelayout: fixup pNfs allocation modes
openvswitch: Set the skbuff pkt_type for proper pmtud support.
arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY
rv: Update rv_en(dis)able_monitor doc to match kernel-doc
virtio: delete vq in vp_find_vqs_msix() when request_irq() fails
riscv: stacktrace: Make walk_stackframe cross pt_regs frame
riscv: stacktrace: fixed walk_stackframe()
Revert "ixgbe: Manual AN-37 for troublesome link partners for X550 SFI"
net: fec: avoid lock evasion when reading pps_enable
tls: fix missing memory barrier in tls_init
inet: factor out locked section of inet_accept() in a new helper
net: relax socket state check at accept time.
nfc: nci: Fix kcov check in nci_rx_work()
nfc: nci: Fix handling of zero-length payload packets in nci_rx_work()
drivers/xen: Improve the late XenStore init protocol
ice: Interpret .set_channels() input differently
netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu()
netfilter: nft_payload: restore vlan q-in-q match support
spi: Don't mark message DMA mapped when no transfer in it is
dma-mapping: benchmark: fix node id validation
dma-mapping: benchmark: handle NUMA_NO_NODE correctly
nvmet: fix ns enable/disable possible hang
net: phy: micrel: set soft_reset callback to genphy_soft_reset for KSZ8061
net/mlx5: Lag, do bond only if slaves agree on roce state
net/mlx5e: Fix IPsec tunnel mode offload feature check
net/mlx5e: Use rx_missed_errors instead of rx_dropped for reporting buffer exhaustion
net/mlx5e: Fix UDP GSO for encapsulated packets
dma-buf/sw-sync: don't enable IRQ from sync_print_obj()
bpf: Fix potential integer overflow in resolve_btfids
ALSA: jack: Use guard() for locking
ALSA: core: Remove debugfs at disconnection
ALSA: hda/realtek: Add quirk for ASUS ROG G634Z
ALSA: hda/realtek: Amend G634 quirk to enable rear speakers
ALSA: hda/realtek: Adjust G814JZR to use SPI init for amp
enic: Validate length of nl attributes in enic_set_vf_port
af_unix: Read sk->sk_hash under bindlock during bind().
net: usb: smsc95xx: fix changing LED_SEL bit value updated from EEPROM
bpf: Allow delete from sockmap/sockhash only if update is allowed
net:fec: Add fec_enet_deinit()
ice: fix accounting if a VLAN already exists
netfilter: nft_payload: move struct nft_payload_set definition where it belongs
netfilter: nft_payload: rebuild vlan header when needed
netfilter: nft_payload: rebuild vlan header on h_proto access
netfilter: nft_payload: skbuff vlan metadata mangle support
netfilter: tproxy: bail out if IP has been disabled on the device
netfilter: nft_fib: allow from forward/input without iif selector
kconfig: fix comparison to constant symbols, 'm', 'n'
drm/i915/guc: avoid FIELD_PREP warning
spi: stm32: Don't warn about spurious interrupts
net: dsa: microchip: fix RGMII error in KSZ DSA driver
net: ena: Add dynamic recycling mechanism for rx buffers
net: ena: Reduce lines with longer column width boundary
net: ena: Fix redundant device NUMA node override
ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound
powerpc/pseries/lparcfg: drop error message from guest name lookup
hwmon: (shtc1) Fix property misspelling
riscv: prevent pt_regs corruption for secondary idle threads
ALSA: timer: Set lower bound of start tick time
net: ena: Fix DMA syncing in XDP path when SWIOTLB is on
Linux 6.1.93
Change-Id: I15fdbacdaee5a6d68347a7fd5218929488d594af
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Vamsidhar reddy Gaddam
|
79436849ef |
ANDROID: Update the ABI symbol list
Adding the following symbols: - vm_unmapped_area Bug: 344489121 Change-Id: I1798b662e81283e1f8e8f2091e5e4b6d2d4fe2c0 Signed-off-by: Vamsidhar reddy Gaddam <gvamsi@google.com> |
||
|
Sukjin Kong
|
be8ff39d2e |
ANDROID: GKI: add symbol list for telechips
Add symbol list file abi_gki_aarch64_telechips INFO: 18 function symbol(s) added 'int devm_clk_hw_register_clkdev(struct device*, struct clk_hw*, const char*, const char*)' 'struct fwnode_handle* fwnode_get_next_parent(struct fwnode_handle*)' 'struct fwnode_handle* fwnode_get_parent(const struct fwnode_handle*)' 'int linear_range_get_value_array(const struct linear_range*, int, unsigned int, unsigned int*)' 'int media_device_register_entity(struct media_device*, struct media_entity*)' 'struct media_link* media_entity_find_link(struct media_pad*, struct media_pad*)' 'void* of_fdt_unflatten_tree(const unsigned long*, struct device_node*, struct device_node**)' 'int regmap_irq_chip_get_base(struct regmap_irq_chip_data*)' 'int regulator_mode_to_status(unsigned int)' 'int regulator_set_soft_start_regmap(struct regulator_dev*)' 'int snd_pcm_hw_constraint_pow2(struct snd_pcm_runtime*, unsigned int, snd_pcm_hw_param_t)' 'int snd_soc_dai_set_clkdiv(struct snd_soc_dai*, int, int)' 'void symbol_put_addr(void*)' 'int trace_define_field(struct trace_event_call*, const char*, const char*, int, int, int, int)' 'int uart_parse_earlycon(char*, unsigned char*, resource_size_t*, char**)' 'int v4l2_fill_pixfmt_mp(struct v4l2_pix_format_mplane*, u32, u32, u32)' 'int vfs_fsync(struct file*, int)' 'int vsscanf(const char*, const char*, va_list)' 1 variable symbol(s) added 'const struct kernel_param_ops param_ops_short' Bug: 358151308 Signed-off-by: Sukjin Kong <sj.kong@telechips.com> Change-Id: I13cefc3999f4e8a0b748c126cb179ac5f6c61e22 |
||
|
Peter Wang
|
7003f6b36a |
UPSTREAM: ufs: core: bypass quick recovery if need force reset
If force_reset is true, bypass quick recovery. This will shorten error recovery time. Bug: 356536706 Change-Id: I86ce0e8ac79b61e203a8fdad5369d540ae873cc0 Signed-off-by: Peter Wang <peter.wang@mediatek.com> Link: https://lore.kernel.org/r/20240712094506.11284-1-peter.wang@mediatek.com Reviewed-by: Bean Huo <beanhuo@micron.com> Reviewed-by: Bart Van Assche <bvanassche@acm.org> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> (cherry picked from commit 022587d8aec3da1d1698ddae9fb8cfe35f3ad49c) |
||
|
nischaljain
|
99d09135c4 |
ANDROID: Update the ABI symbol list
Adding the `devfreq_get_devfreq_by_phandle` symbol. Bug: 336947817 Change-Id: I5db1e6c7ba5a845f2116aa0e5438e7f8fece4a65 Signed-off-by: nischaljain <nischaljain@google.com> |
||
|
Petr Pavlu
|
1bb38f7865 |
UPSTREAM: ring-buffer: Fix a race between readers and resize checks
The reader code in rb_get_reader_page() swaps a new reader page into the
ring buffer by doing cmpxchg on old->list.prev->next to point it to the
new page. Following that, if the operation is successful,
old->list.next->prev gets updated too. This means the underlying
doubly-linked list is temporarily inconsistent, page->prev->next or
page->next->prev might not be equal back to page for some page in the
ring buffer.
The resize operation in ring_buffer_resize() can be invoked in parallel.
It calls rb_check_pages() which can detect the described inconsistency
and stop further tracing:
[ 190.271762] ------------[ cut here ]------------
[ 190.271771] WARNING: CPU: 1 PID: 6186 at kernel/trace/ring_buffer.c:1467 rb_check_pages.isra.0+0x6a/0xa0
[ 190.271789] Modules linked in: [...]
[ 190.271991] Unloaded tainted modules: intel_uncore_frequency(E):1 skx_edac(E):1
[ 190.272002] CPU: 1 PID: 6186 Comm: cmd.sh Kdump: loaded Tainted: G E 6.9.0-rc6-default #5 158d3e1e6d0b091c34c3b96bfd99a1c58306d79f
[ 190.272011] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.0-0-gd239552c-rebuilt.opensuse.org 04/01/2014
[ 190.272015] RIP: 0010:rb_check_pages.isra.0+0x6a/0xa0
[ 190.272023] Code: [...]
[ 190.272028] RSP: 0018:ffff9c37463abb70 EFLAGS: 00010206
[ 190.272034] RAX: ffff8eba04b6cb80 RBX: 0000000000000007 RCX: ffff8eba01f13d80
[ 190.272038] RDX: ffff8eba01f130c0 RSI: ffff8eba04b6cd00 RDI: ffff8eba0004c700
[ 190.272042] RBP: ffff8eba0004c700 R08: 0000000000010002 R09: 0000000000000000
[ 190.272045] R10: 00000000ffff7f52 R11: ffff8eba7f600000 R12: ffff8eba0004c720
[ 190.272049] R13: ffff8eba00223a00 R14: 0000000000000008 R15: ffff8eba067a8000
[ 190.272053] FS: 00007f1bd64752c0(0000) GS:ffff8eba7f680000(0000) knlGS:0000000000000000
[ 190.272057] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 190.272061] CR2: 00007f1bd6662590 CR3: 000000010291e001 CR4: 0000000000370ef0
[ 190.272070] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 190.272073] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 190.272077] Call Trace:
[ 190.272098] <TASK>
[ 190.272189] ring_buffer_resize+0x2ab/0x460
[ 190.272199] __tracing_resize_ring_buffer.part.0+0x23/0xa0
[ 190.272206] tracing_resize_ring_buffer+0x65/0x90
[ 190.272216] tracing_entries_write+0x74/0xc0
[ 190.272225] vfs_write+0xf5/0x420
[ 190.272248] ksys_write+0x67/0xe0
[ 190.272256] do_syscall_64+0x82/0x170
[ 190.272363] entry_SYSCALL_64_after_hwframe+0x76/0x7e
[ 190.272373] RIP: 0033:0x7f1bd657d263
[ 190.272381] Code: [...]
[ 190.272385] RSP: 002b:00007ffe72b643f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 190.272391] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f1bd657d263
[ 190.272395] RDX: 0000000000000002 RSI: 0000555a6eb538e0 RDI: 0000000000000001
[ 190.272398] RBP: 0000555a6eb538e0 R08: 000000000000000a R09: 0000000000000000
[ 190.272401] R10: 0000555a6eb55190 R11: 0000000000000246 R12: 00007f1bd6662500
[ 190.272404] R13: 0000000000000002 R14: 00007f1bd6667c00 R15: 0000000000000002
[ 190.272412] </TASK>
[ 190.272414] ---[ end trace 0000000000000000 ]---
Note that ring_buffer_resize() calls rb_check_pages() only if the parent
trace_buffer has recording disabled. Recent commit d78ab792705c
("tracing: Stop current tracer when resizing buffer") causes that it is
now always the case which makes it more likely to experience this issue.
The window to hit this race is nonetheless very small. To help
reproducing it, one can add a delay loop in rb_get_reader_page():
ret = rb_head_page_replace(reader, cpu_buffer->reader_page);
if (!ret)
goto spin;
for (unsigned i = 0; i < 1U << 26; i++) /* inserted delay loop */
__asm__ __volatile__ ("" : : : "memory");
rb_list_head(reader->list.next)->prev = &cpu_buffer->reader_page->list;
.. and then run the following commands on the target system:
echo 1 > /sys/kernel/tracing/events/sched/sched_switch/enable
while true; do
echo 16 > /sys/kernel/tracing/buffer_size_kb; sleep 0.1
echo 8 > /sys/kernel/tracing/buffer_size_kb; sleep 0.1
done &
while true; do
for i in /sys/kernel/tracing/per_cpu/*; do
timeout 0.1 cat $i/trace_pipe; sleep 0.2
done
done
To fix the problem, make sure ring_buffer_resize() doesn't invoke
rb_check_pages() concurrently with a reader operating on the same
ring_buffer_per_cpu by taking its cpu_buffer->reader_lock.
Link: https://lore.kernel.org/linux-trace-kernel/20240517134008.24529-3-petr.pavlu@suse.com
Cc: stable@vger.kernel.org
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Fixes:
|
||
|
Paul Menzel
|
37391192a9 |
UPSTREAM: lib/build_OID_registry: avoid non-destructive substitution for Perl < 5.13.2 compat
On a system with Perl 5.12.1, commit 5ef6dc08cfde
("lib/build_OID_registry: don't mention the full path of the script in
output") causes the build to fail with the error below.
Bareword found where operator expected at ./lib/build_OID_registry line 41, near "s#^\Q$abs_srctree/\E##r"
syntax error at ./lib/build_OID_registry line 41, near "s#^\Q$abs_srctree/\E##r"
Execution of ./lib/build_OID_registry aborted due to compilation errors.
make[3]: *** [lib/Makefile:352: lib/oid_registry_data.c] Error 255
Ahmad Fatoum analyzed that non-destructive substitution is only supported since
Perl 5.13.2. Instead of dropping `r` and having the side effect of modifying
`$0`, introduce a dedicated variable to support older Perl versions.
Link: https://lkml.kernel.org/r/20240702223512.8329-2-pmenzel@molgen.mpg.de
Link: https://lkml.kernel.org/r/20240701155802.75152-1-pmenzel@molgen.mpg.de
Fixes: 5ef6dc08cfde ("lib/build_OID_registry: don't mention the full path of the script in output")
Link: https://lore.kernel.org/all/259f7a87-2692-480e-9073-1c1c35b52f67@molgen.mpg.de/
Signed-off-by: Paul Menzel <pmenzel@molgen.mpg.de>
Suggested-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Cc: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Cc: Nicolas Schier <nicolas@fjasle.eu>
Cc: Masahiro Yamada <masahiroy@kernel.org>
Cc: Ahmad Fatoum <a.fatoum@pengutronix.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Bug: 346559442
Bug: 347759457
Change-Id: I367a4d22f3c27c8912703d061360e5aa2c7a5642
(cherry picked from commit 2fe29fe945637b9834c5569fbb1c9d4f881d8263)
Signed-off-by: Giuliano Procida <gprocida@google.com>
|
||
|
Uwe Kleine-König
|
c0cf9ce611 |
UPSTREAM: lib/build_OID_registry: don't mention the full path of the script in output
This change strips the full path of the script generating lib/oid_registry_data.c to just lib/build_OID_registry. The motivation for this change is Yocto emitting a build warning File /usr/src/debug/linux-lxatac/6.7-r0/lib/oid_registry_data.c in package linux-lxatac-src contains reference to TMPDIR [buildpaths] So this change brings us one step closer to make the build result reproducible independent of the build path. Link: https://lkml.kernel.org/r/20240313211957.884561-2-u.kleine-koenig@pengutronix.de Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de> Cc: Masahiro Yamada <masahiroy@kernel.org> Reviewed-by: Nicolas Schier <nicolas@fjasle.eu> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Bug: 346559442 Bug: 347759457 Change-Id: I09c19f26fd33ed95106174cd2f2fc7217ba99f34 (cherry picked from commit 5ef6dc08cfde240b8c748733759185646e654570) Signed-off-by: Giuliano Procida <gprocida@google.com> |
||
|
Ajit Singh Raghav
|
6aafd06a46 |
ANDROID: GKI: Add symbol list for exynosauto
netdev_master_upper_dev_get nla_append These symbols are required to use WIFI BCM driver. Following functions are added in STG file through abi_update 1 function symbol(s) added 'struct net_device* netdev_master_upper_dev_get(struct net_device*)' Bug: 357016601 Change-Id: Iff752b54d88258f2d61fab397da1104145c9297f Signed-off-by: Ajit Singh Raghav <ajit.raghav@samsung.com> |
||
|
Gao Xiang
|
4ac7f55b98 |
UPSTREAM: erofs: fix race in z_erofs_get_gbuf()
In z_erofs_get_gbuf(), the current task may be migrated to another CPU between `z_erofs_gbuf_id()` and `spin_lock(&gbuf->lock)`. Therefore, z_erofs_put_gbuf() will trigger the following issue which was found by stress test: <2>[772156.434168] kernel BUG at fs/erofs/zutil.c:58! .. <4>[772156.435007] <4>[772156.439237] CPU: 0 PID: 3078 Comm: stress Kdump: loaded Tainted: G E 6.10.0-rc7+ #2 <4>[772156.439239] Hardware name: Alibaba Cloud Alibaba Cloud ECS, BIOS 1.0.0 01/01/2017 <4>[772156.439241] pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) <4>[772156.439243] pc : z_erofs_put_gbuf+0x64/0x70 [erofs] <4>[772156.439252] lr : z_erofs_lz4_decompress+0x600/0x6a0 [erofs] .. <6>[772156.445958] stress (3127): drop_caches: 1 <4>[772156.446120] Call trace: <4>[772156.446121] z_erofs_put_gbuf+0x64/0x70 [erofs] <4>[772156.446761] z_erofs_lz4_decompress+0x600/0x6a0 [erofs] <4>[772156.446897] z_erofs_decompress_queue+0x740/0xa10 [erofs] <4>[772156.447036] z_erofs_runqueue+0x428/0x8c0 [erofs] <4>[772156.447160] z_erofs_readahead+0x224/0x390 [erofs] .. Bug: 356412494 Fixes: f36f3010f676 ("erofs: rename per-CPU buffers to global buffer pool and make it configurable") Cc: <stable@vger.kernel.org> # 6.10+ Reviewed-by: Chunhai Guo <guochunhai@vivo.com> Reviewed-by: Sandeep Dhavale <dhavale@google.com> Reviewed-by: Chao Yu <chao@kernel.org> Change-Id: Ic4924c6c14ee27af6f3c89ea5c562493b3c112a4 Signed-off-by: Gao Xiang <hsiangkao@linux.alibaba.com> Link: https://lore.kernel.org/r/20240722035110.3456740-1-hsiangkao@linux.alibaba.com (cherry picked from commit 7dc5537c3f8be87e005f0844a7626c987914f8fd) Signed-off-by: Sandeep Dhavale <dhavale@google.com> |
||
|
Richard Fung
|
055518d9f3 |
ANDROID: fuse: Skip canonical path logic if ENOSYS
Not all FUSE servers have implemented canonical_path such as virtiofs. This patch makes it so they go through the same logic as other filesystems that don't have canonical path implemented. Bug: 330136711 Test: ./cts-tradefed run commandAndExit cts -m CtsIncidentHostTestCases -t com.android.server.cts.ErrorsTest#testTombstone Change-Id: I35f19bd1a12420015128ac9bc2662b9bd252a612 Signed-off-by: Richard Fung <richardfung@google.com> (cherry picked from commit 4b0be62caf6923eac6acdb5a44eb03688e6f9dc5) |
||
|
Tiffany Yang
|
a112c9c24c |
ANDROID: fsnotify: Do not notify lower fs of open when ENOSYS
Even though FUSE supports d_canonical_path, the underlying server may not implement the operation. In that case, follow the same logic for filesystems that do not have the canonical path operation instead of returning early from fsnotify_file with an error. Bug: 326995824 Test: cts-tradefed run commandAndExit cts -m CtsOsTestCases -t android.os.cts.FileObserverTest Change-Id: Iae618d4159222b06467b9a0bbb67fb67885aa65e Signed-off-by: Tiffany Yang <ynaffit@google.com> (cherry picked from commit 61d32e739d27dd35353a22804023f099b383df3b) |
||
|
Charan Teja Kalla
|
7d0a1d6b86 |
ANDROID: mm: madvise: Avoid counting swap entry references for migration entries
Race between the madvise(PAGEOUT) and migration caused by page offline
can make the swp_swapcount()->_swap_info_get emitting the "Bad swap file
entry " message because it is trying to get the info on the migration
entry. Add check if it is a migration entry.
Bug: 356032508
Fixes:
|