* [PATCH AUTOSEL 5.4 02/16] tty: serial: Fix refcount leak bug in ucc_uart.c
2022-08-14 16:28 [PATCH AUTOSEL 5.4 01/16] lib/list_debug.c: Detect uninitialized lists Sasha Levin
@ 2022-08-14 16:28 ` Sasha Levin
2022-08-14 16:28 ` [PATCH AUTOSEL 5.4 03/16] vfio: Clear the caps->buf to NULL after free Sasha Levin
` (13 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: Sasha Levin @ 2022-08-14 16:28 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Liang He, Timur Tabi, Greg Kroah-Hartman, Sasha Levin, jirislaby,
linuxppc-dev, linux-serial
From: Liang He <windhl@126.com>
[ Upstream commit d24d7bb2cd947676f9b71fb944d045e09b8b282f ]
In soc_info(), of_find_node_by_type() will return a node pointer
with refcount incremented. We should use of_node_put() when it is
not used anymore.
Acked-by: Timur Tabi <timur@kernel.org>
Signed-off-by: Liang He <windhl@126.com>
Link: https://lore.kernel.org/r/20220618060850.4058525-1-windhl@126.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/ucc_uart.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/tty/serial/ucc_uart.c b/drivers/tty/serial/ucc_uart.c
index a0555ae2b1ef..181d55e0c60f 100644
--- a/drivers/tty/serial/ucc_uart.c
+++ b/drivers/tty/serial/ucc_uart.c
@@ -1141,6 +1141,8 @@ static unsigned int soc_info(unsigned int *rev_h, unsigned int *rev_l)
/* No compatible property, so try the name. */
soc_string = np->name;
+ of_node_put(np);
+
/* Extract the SOC number from the "PowerPC," string */
if ((sscanf(soc_string, "PowerPC,%u", &soc) != 1) || !soc)
return 0;
--
2.35.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [PATCH AUTOSEL 5.4 03/16] vfio: Clear the caps->buf to NULL after free
2022-08-14 16:28 [PATCH AUTOSEL 5.4 01/16] lib/list_debug.c: Detect uninitialized lists Sasha Levin
2022-08-14 16:28 ` [PATCH AUTOSEL 5.4 02/16] tty: serial: Fix refcount leak bug in ucc_uart.c Sasha Levin
@ 2022-08-14 16:28 ` Sasha Levin
2022-08-14 16:28 ` [PATCH AUTOSEL 5.4 04/16] mips: cavium-octeon: Fix missing of_node_put() in octeon2_usb_clocks_start Sasha Levin
` (12 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: Sasha Levin @ 2022-08-14 16:28 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Schspa Shi, Cornelia Huck, Alex Williamson, Sasha Levin, kvm
From: Schspa Shi <schspa@gmail.com>
[ Upstream commit 6641085e8d7b3f061911517f79a2a15a0a21b97b ]
On buffer resize failure, vfio_info_cap_add() will free the buffer,
report zero for the size, and return -ENOMEM. As additional
hardening, also clear the buffer pointer to prevent any chance of a
double free.
Signed-off-by: Schspa Shi <schspa@gmail.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Link: https://lore.kernel.org/r/20220629022948.55608-1-schspa@gmail.com
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/vfio/vfio.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/vfio/vfio.c b/drivers/vfio/vfio.c
index 388597930b64..efd3782ead97 100644
--- a/drivers/vfio/vfio.c
+++ b/drivers/vfio/vfio.c
@@ -1802,6 +1802,7 @@ struct vfio_info_cap_header *vfio_info_cap_add(struct vfio_info_cap *caps,
buf = krealloc(caps->buf, caps->size + size, GFP_KERNEL);
if (!buf) {
kfree(caps->buf);
+ caps->buf = NULL;
caps->size = 0;
return ERR_PTR(-ENOMEM);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [PATCH AUTOSEL 5.4 04/16] mips: cavium-octeon: Fix missing of_node_put() in octeon2_usb_clocks_start
2022-08-14 16:28 [PATCH AUTOSEL 5.4 01/16] lib/list_debug.c: Detect uninitialized lists Sasha Levin
2022-08-14 16:28 ` [PATCH AUTOSEL 5.4 02/16] tty: serial: Fix refcount leak bug in ucc_uart.c Sasha Levin
2022-08-14 16:28 ` [PATCH AUTOSEL 5.4 03/16] vfio: Clear the caps->buf to NULL after free Sasha Levin
@ 2022-08-14 16:28 ` Sasha Levin
2022-08-14 16:28 ` [PATCH AUTOSEL 5.4 05/16] riscv: dts: sifive: Add fu540 topology information Sasha Levin
` (11 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: Sasha Levin @ 2022-08-14 16:28 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Liang He, Thomas Bogendoerfer, Sasha Levin, ye.guojin, linux-mips
From: Liang He <windhl@126.com>
[ Upstream commit 7a9f743ceead60ed454c46fbc3085ee9a79cbebb ]
We should call of_node_put() for the reference 'uctl_node' returned by
of_get_parent() which will increase the refcount. Otherwise, there will
be a refcount leak bug.
Signed-off-by: Liang He <windhl@126.com>
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/mips/cavium-octeon/octeon-platform.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/mips/cavium-octeon/octeon-platform.c b/arch/mips/cavium-octeon/octeon-platform.c
index c214fe4e678b..04bc34714727 100644
--- a/arch/mips/cavium-octeon/octeon-platform.c
+++ b/arch/mips/cavium-octeon/octeon-platform.c
@@ -86,11 +86,12 @@ static void octeon2_usb_clocks_start(struct device *dev)
"refclk-frequency", &clock_rate);
if (i) {
dev_err(dev, "No UCTL \"refclk-frequency\"\n");
+ of_node_put(uctl_node);
goto exit;
}
i = of_property_read_string(uctl_node,
"refclk-type", &clock_type);
-
+ of_node_put(uctl_node);
if (!i && strcmp("crystal", clock_type) == 0)
is_crystal_clock = true;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [PATCH AUTOSEL 5.4 05/16] riscv: dts: sifive: Add fu540 topology information
2022-08-14 16:28 [PATCH AUTOSEL 5.4 01/16] lib/list_debug.c: Detect uninitialized lists Sasha Levin
` (2 preceding siblings ...)
2022-08-14 16:28 ` [PATCH AUTOSEL 5.4 04/16] mips: cavium-octeon: Fix missing of_node_put() in octeon2_usb_clocks_start Sasha Levin
@ 2022-08-14 16:28 ` Sasha Levin
2022-08-14 16:28 ` [PATCH AUTOSEL 5.4 06/16] riscv: mmap with PROT_WRITE but no PROT_READ is invalid Sasha Levin
` (10 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: Sasha Levin @ 2022-08-14 16:28 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Conor Dooley, Brice Goglin, Palmer Dabbelt, Sasha Levin, robh+dt,
krzysztof.kozlowski+dt, palmer, paul.walmsley, aou, geert,
zong.li, bmeng.cn, devicetree, linux-riscv
From: Conor Dooley <conor.dooley@microchip.com>
[ Upstream commit af8f260abc608c06e4466a282b53f1e2dc09f042 ]
The fu540 has no cpu-map node, so tools like hwloc cannot correctly
parse the topology. Add the node using the existing node labels.
Reported-by: Brice Goglin <Brice.Goglin@inria.fr>
Link: https://github.com/open-mpi/hwloc/issues/536
Signed-off-by: Conor Dooley <conor.dooley@microchip.com>
Link: https://lore.kernel.org/r/20220705190435.1790466-3-mail@conchuod.ie
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/riscv/boot/dts/sifive/fu540-c000.dtsi | 24 ++++++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/arch/riscv/boot/dts/sifive/fu540-c000.dtsi b/arch/riscv/boot/dts/sifive/fu540-c000.dtsi
index afa43c7ea369..0e4514f32576 100644
--- a/arch/riscv/boot/dts/sifive/fu540-c000.dtsi
+++ b/arch/riscv/boot/dts/sifive/fu540-c000.dtsi
@@ -129,6 +129,30 @@ cpu4_intc: interrupt-controller {
interrupt-controller;
};
};
+
+ cpu-map {
+ cluster0 {
+ core0 {
+ cpu = <&cpu0>;
+ };
+
+ core1 {
+ cpu = <&cpu1>;
+ };
+
+ core2 {
+ cpu = <&cpu2>;
+ };
+
+ core3 {
+ cpu = <&cpu3>;
+ };
+
+ core4 {
+ cpu = <&cpu4>;
+ };
+ };
+ };
};
soc {
#address-cells = <2>;
--
2.35.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [PATCH AUTOSEL 5.4 06/16] riscv: mmap with PROT_WRITE but no PROT_READ is invalid
2022-08-14 16:28 [PATCH AUTOSEL 5.4 01/16] lib/list_debug.c: Detect uninitialized lists Sasha Levin
` (3 preceding siblings ...)
2022-08-14 16:28 ` [PATCH AUTOSEL 5.4 05/16] riscv: dts: sifive: Add fu540 topology information Sasha Levin
@ 2022-08-14 16:28 ` Sasha Levin
2022-08-14 16:28 ` [PATCH AUTOSEL 5.4 07/16] RISC-V: Add fast call path of crash_kexec() Sasha Levin
` (9 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: Sasha Levin @ 2022-08-14 16:28 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Celeste Liu, xctan, dram, Ruizhe Pan, Palmer Dabbelt,
Sasha Levin, paul.walmsley, palmer, aou, guoren, arnd,
linux-riscv
From: Celeste Liu <coelacanthus@outlook.com>
[ Upstream commit 2139619bcad7ac44cc8f6f749089120594056613 ]
As mentioned in Table 4.5 in RISC-V spec Volume 2 Section 4.3, write
but not read is "Reserved for future use.". For now, they are not valid.
In the current code, -wx is marked as invalid, but -w- is not marked
as invalid.
This patch refines that judgment.
Reported-by: xctan <xc-tan@outlook.com>
Co-developed-by: dram <dramforever@live.com>
Signed-off-by: dram <dramforever@live.com>
Co-developed-by: Ruizhe Pan <c141028@gmail.com>
Signed-off-by: Ruizhe Pan <c141028@gmail.com>
Signed-off-by: Celeste Liu <coelacanthus@outlook.com>
Link: https://lore.kernel.org/r/PH7PR14MB559464DBDD310E755F5B21E8CEDC9@PH7PR14MB5594.namprd14.prod.outlook.com
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/riscv/kernel/sys_riscv.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/arch/riscv/kernel/sys_riscv.c b/arch/riscv/kernel/sys_riscv.c
index 12f8a7fce78b..8a7880b9c433 100644
--- a/arch/riscv/kernel/sys_riscv.c
+++ b/arch/riscv/kernel/sys_riscv.c
@@ -18,9 +18,8 @@ static long riscv_sys_mmap(unsigned long addr, unsigned long len,
if (unlikely(offset & (~PAGE_MASK >> page_shift_offset)))
return -EINVAL;
- if ((prot & PROT_WRITE) && (prot & PROT_EXEC))
- if (unlikely(!(prot & PROT_READ)))
- return -EINVAL;
+ if (unlikely((prot & PROT_WRITE) && !(prot & PROT_READ)))
+ return -EINVAL;
return ksys_mmap_pgoff(addr, len, prot, flags, fd,
offset >> (PAGE_SHIFT - page_shift_offset));
--
2.35.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [PATCH AUTOSEL 5.4 07/16] RISC-V: Add fast call path of crash_kexec()
2022-08-14 16:28 [PATCH AUTOSEL 5.4 01/16] lib/list_debug.c: Detect uninitialized lists Sasha Levin
` (4 preceding siblings ...)
2022-08-14 16:28 ` [PATCH AUTOSEL 5.4 06/16] riscv: mmap with PROT_WRITE but no PROT_READ is invalid Sasha Levin
@ 2022-08-14 16:28 ` Sasha Levin
2022-08-14 16:28 ` [PATCH AUTOSEL 5.4 08/16] watchdog: export lockup_detector_reconfigure Sasha Levin
` (8 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: Sasha Levin @ 2022-08-14 16:28 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Xianting Tian, Guo Ren, Palmer Dabbelt, Sasha Levin,
paul.walmsley, palmer, aou, heiko, ebiederm, akpm,
wangkefeng.wang, linux-riscv
From: Xianting Tian <xianting.tian@linux.alibaba.com>
[ Upstream commit 3f1901110a89b0e2e13adb2ac8d1a7102879ea98 ]
Currently, almost all archs (x86, arm64, mips...) support fast call
of crash_kexec() when "regs && kexec_should_crash()" is true. But
RISC-V not, it can only enter crash system via panic(). However panic()
doesn't pass the regs of the real accident scene to crash_kexec(),
it caused we can't get accurate backtrace via gdb,
$ riscv64-linux-gnu-gdb vmlinux vmcore
Reading symbols from vmlinux...
[New LWP 95]
#0 console_unlock () at kernel/printk/printk.c:2557
2557 if (do_cond_resched)
(gdb) bt
#0 console_unlock () at kernel/printk/printk.c:2557
#1 0x0000000000000000 in ?? ()
With the patch we can get the accurate backtrace,
$ riscv64-linux-gnu-gdb vmlinux vmcore
Reading symbols from vmlinux...
[New LWP 95]
#0 0xffffffe00063a4e0 in test_thread (data=<optimized out>) at drivers/test_crash.c:81
81 *(int *)p = 0xdead;
(gdb)
(gdb) bt
#0 0xffffffe00064d5c0 in test_thread (data=<optimized out>) at drivers/test_crash.c:81
#1 0x0000000000000000 in ?? ()
Test code to produce NULL address dereference in test_crash.c,
void *p = NULL;
*(int *)p = 0xdead;
Reviewed-by: Guo Ren <guoren@kernel.org>
Tested-by: Xianting Tian <xianting.tian@linux.alibaba.com>
Signed-off-by: Xianting Tian <xianting.tian@linux.alibaba.com>
Link: https://lore.kernel.org/r/20220606082308.2883458-1-xianting.tian@linux.alibaba.com
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/riscv/kernel/traps.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/arch/riscv/kernel/traps.c b/arch/riscv/kernel/traps.c
index 473de3ae8bb7..ae462037910b 100644
--- a/arch/riscv/kernel/traps.c
+++ b/arch/riscv/kernel/traps.c
@@ -15,6 +15,7 @@
#include <linux/mm.h>
#include <linux/module.h>
#include <linux/irq.h>
+#include <linux/kexec.h>
#include <asm/processor.h>
#include <asm/ptrace.h>
@@ -43,6 +44,9 @@ void die(struct pt_regs *regs, const char *str)
ret = notify_die(DIE_OOPS, str, regs, 0, regs->scause, SIGSEGV);
+ if (regs && kexec_should_crash(current))
+ crash_kexec(regs);
+
bust_spinlocks(0);
add_taint(TAINT_DIE, LOCKDEP_NOW_UNRELIABLE);
spin_unlock_irq(&die_lock);
--
2.35.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [PATCH AUTOSEL 5.4 08/16] watchdog: export lockup_detector_reconfigure
2022-08-14 16:28 [PATCH AUTOSEL 5.4 01/16] lib/list_debug.c: Detect uninitialized lists Sasha Levin
` (5 preceding siblings ...)
2022-08-14 16:28 ` [PATCH AUTOSEL 5.4 07/16] RISC-V: Add fast call path of crash_kexec() Sasha Levin
@ 2022-08-14 16:28 ` Sasha Levin
2022-08-14 16:28 ` [PATCH AUTOSEL 5.4 09/16] powerpc/32: Don't always pass -mcpu=powerpc to the compiler Sasha Levin
` (7 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: Sasha Levin @ 2022-08-14 16:28 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Laurent Dufour, Michael Ellerman, Sasha Levin, pmladek, akpm,
juri.lelli, peterz, mcgrof, nixiaoming, frederic, john.ogness,
linux
From: Laurent Dufour <ldufour@linux.ibm.com>
[ Upstream commit 7c56a8733d0a2a4be2438a7512566e5ce552fccf ]
In some circumstances it may be interesting to reconfigure the watchdog
from inside the kernel.
On PowerPC, this may helpful before and after a LPAR migration (LPM) is
initiated, because it implies some latencies, watchdog, and especially NMI
watchdog is expected to be triggered during this operation. Reconfiguring
the watchdog with a factor, would prevent it to happen too frequently
during LPM.
Rename lockup_detector_reconfigure() as __lockup_detector_reconfigure() and
create a new function lockup_detector_reconfigure() calling
__lockup_detector_reconfigure() under the protection of watchdog_mutex.
Signed-off-by: Laurent Dufour <ldufour@linux.ibm.com>
[mpe: Squash in build fix from Laurent, reported by Sachin]
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220713154729.80789-3-ldufour@linux.ibm.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/nmi.h | 2 ++
kernel/watchdog.c | 21 ++++++++++++++++-----
2 files changed, 18 insertions(+), 5 deletions(-)
diff --git a/include/linux/nmi.h b/include/linux/nmi.h
index 9003e29cde46..e972d1ae1ee6 100644
--- a/include/linux/nmi.h
+++ b/include/linux/nmi.h
@@ -122,6 +122,8 @@ int watchdog_nmi_probe(void);
int watchdog_nmi_enable(unsigned int cpu);
void watchdog_nmi_disable(unsigned int cpu);
+void lockup_detector_reconfigure(void);
+
/**
* touch_nmi_watchdog - restart NMI watchdog timeout.
*
diff --git a/kernel/watchdog.c b/kernel/watchdog.c
index cbd3cf503c90..a3d0e928305c 100644
--- a/kernel/watchdog.c
+++ b/kernel/watchdog.c
@@ -568,7 +568,7 @@ int lockup_detector_offline_cpu(unsigned int cpu)
return 0;
}
-static void lockup_detector_reconfigure(void)
+static void __lockup_detector_reconfigure(void)
{
cpus_read_lock();
watchdog_nmi_stop();
@@ -588,6 +588,13 @@ static void lockup_detector_reconfigure(void)
__lockup_detector_cleanup();
}
+void lockup_detector_reconfigure(void)
+{
+ mutex_lock(&watchdog_mutex);
+ __lockup_detector_reconfigure();
+ mutex_unlock(&watchdog_mutex);
+}
+
/*
* Create the watchdog thread infrastructure and configure the detector(s).
*
@@ -608,13 +615,13 @@ static __init void lockup_detector_setup(void)
return;
mutex_lock(&watchdog_mutex);
- lockup_detector_reconfigure();
+ __lockup_detector_reconfigure();
softlockup_initialized = true;
mutex_unlock(&watchdog_mutex);
}
#else /* CONFIG_SOFTLOCKUP_DETECTOR */
-static void lockup_detector_reconfigure(void)
+static void __lockup_detector_reconfigure(void)
{
cpus_read_lock();
watchdog_nmi_stop();
@@ -622,9 +629,13 @@ static void lockup_detector_reconfigure(void)
watchdog_nmi_start();
cpus_read_unlock();
}
+void lockup_detector_reconfigure(void)
+{
+ __lockup_detector_reconfigure();
+}
static inline void lockup_detector_setup(void)
{
- lockup_detector_reconfigure();
+ __lockup_detector_reconfigure();
}
#endif /* !CONFIG_SOFTLOCKUP_DETECTOR */
@@ -664,7 +675,7 @@ static void proc_watchdog_update(void)
{
/* Remove impossible cpus to keep sysctl output clean. */
cpumask_and(&watchdog_cpumask, &watchdog_cpumask, cpu_possible_mask);
- lockup_detector_reconfigure();
+ __lockup_detector_reconfigure();
}
/*
--
2.35.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [PATCH AUTOSEL 5.4 09/16] powerpc/32: Don't always pass -mcpu=powerpc to the compiler
2022-08-14 16:28 [PATCH AUTOSEL 5.4 01/16] lib/list_debug.c: Detect uninitialized lists Sasha Levin
` (6 preceding siblings ...)
2022-08-14 16:28 ` [PATCH AUTOSEL 5.4 08/16] watchdog: export lockup_detector_reconfigure Sasha Levin
@ 2022-08-14 16:28 ` Sasha Levin
2022-08-14 16:28 ` [PATCH AUTOSEL 5.4 10/16] ALSA: core: Add async signal helpers Sasha Levin
` (6 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: Sasha Levin @ 2022-08-14 16:28 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Christophe Leroy, Pali Rohár, Arnd Bergmann,
Segher Boessenkool, Michael Ellerman, Sasha Levin, npiggin, dja,
lukas.bulwahn, linuxppc-dev
From: Christophe Leroy <christophe.leroy@csgroup.eu>
[ Upstream commit 446cda1b21d9a6b3697fe399c6a3a00ff4a285f5 ]
Since commit 4bf4f42a2feb ("powerpc/kbuild: Set default generic
machine type for 32-bit compile"), when building a 32 bits kernel
with a bi-arch version of GCC, or when building a book3s/32 kernel,
the option -mcpu=powerpc is passed to GCC at all time, relying on it
being eventually overriden by a subsequent -mcpu=xxxx.
But when building the same kernel with a 32 bits only version of GCC,
that is not done, relying on gcc being built with the expected default
CPU.
This logic has two problems. First, it is a bit fragile to rely on
whether the GCC version is bi-arch or not, because today we can have
bi-arch versions of GCC configured with a 32 bits default. Second,
there are some versions of GCC which don't support -mcpu=powerpc,
for instance for e500 SPE-only versions.
So, stop relying on this approximative logic and allow the user to
decide whether he/she wants to use the toolchain's default CPU or if
he/she wants to set one, and allow only possible CPUs based on the
selected target.
Reported-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Tested-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Segher Boessenkool <segher@kernel.crashing.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/d4df724691351531bf46d685d654689e5dfa0d74.1657549153.git.christophe.leroy@csgroup.eu
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/Makefile | 26 +-------------------------
arch/powerpc/platforms/Kconfig.cputype | 21 ++++++++++++++++++---
2 files changed, 19 insertions(+), 28 deletions(-)
diff --git a/arch/powerpc/Makefile b/arch/powerpc/Makefile
index b9d2fcf030d0..eedd114a017c 100644
--- a/arch/powerpc/Makefile
+++ b/arch/powerpc/Makefile
@@ -17,23 +17,6 @@ HAS_BIARCH := $(call cc-option-yn, -m32)
# Set default 32 bits cross compilers for vdso and boot wrapper
CROSS32_COMPILE ?=
-ifeq ($(HAS_BIARCH),y)
-ifeq ($(CROSS32_COMPILE),)
-ifdef CONFIG_PPC32
-# These options will be overridden by any -mcpu option that the CPU
-# or platform code sets later on the command line, but they are needed
-# to set a sane 32-bit cpu target for the 64-bit cross compiler which
-# may default to the wrong ISA.
-KBUILD_CFLAGS += -mcpu=powerpc
-KBUILD_AFLAGS += -mcpu=powerpc
-endif
-endif
-endif
-
-ifdef CONFIG_PPC_BOOK3S_32
-KBUILD_CFLAGS += -mcpu=powerpc
-endif
-
# If we're on a ppc/ppc64/ppc64le machine use that defconfig, otherwise just use
# ppc64_defconfig because we have nothing better to go on.
uname := $(shell uname -m)
@@ -192,6 +175,7 @@ endif
endif
CFLAGS-$(CONFIG_TARGET_CPU_BOOL) += $(call cc-option,-mcpu=$(CONFIG_TARGET_CPU))
+AFLAGS-$(CONFIG_TARGET_CPU_BOOL) += $(call cc-option,-mcpu=$(CONFIG_TARGET_CPU))
# Altivec option not allowed with e500mc64 in GCC.
ifdef CONFIG_ALTIVEC
@@ -202,14 +186,6 @@ endif
CFLAGS-$(CONFIG_E5500_CPU) += $(E5500_CPU)
CFLAGS-$(CONFIG_E6500_CPU) += $(call cc-option,-mcpu=e6500,$(E5500_CPU))
-ifdef CONFIG_PPC32
-ifdef CONFIG_PPC_E500MC
-CFLAGS-y += $(call cc-option,-mcpu=e500mc,-mcpu=powerpc)
-else
-CFLAGS-$(CONFIG_E500) += $(call cc-option,-mcpu=8540 -msoft-float,-mcpu=powerpc)
-endif
-endif
-
asinstr := $(call as-instr,lis 9$(comma)foo@high,-DHAVE_AS_ATHIGH=1)
KBUILD_CPPFLAGS += -I $(srctree)/arch/$(ARCH) $(asinstr)
diff --git a/arch/powerpc/platforms/Kconfig.cputype b/arch/powerpc/platforms/Kconfig.cputype
index f0330ce498d1..cfac99a63505 100644
--- a/arch/powerpc/platforms/Kconfig.cputype
+++ b/arch/powerpc/platforms/Kconfig.cputype
@@ -118,9 +118,9 @@ config GENERIC_CPU
depends on PPC64 && CPU_LITTLE_ENDIAN
select ARCH_HAS_FAST_MULTIPLIER
-config GENERIC_CPU
+config POWERPC_CPU
bool "Generic 32 bits powerpc"
- depends on PPC32 && !PPC_8xx
+ depends on PPC32 && !PPC_8xx && !PPC_85xx
config CELL_CPU
bool "Cell Broadband Engine"
@@ -174,11 +174,23 @@ config G4_CPU
depends on PPC_BOOK3S_32
select ALTIVEC
+config E500_CPU
+ bool "e500 (8540)"
+ depends on PPC_85xx && !PPC_E500MC
+
+config E500MC_CPU
+ bool "e500mc"
+ depends on PPC_85xx && PPC_E500MC
+
+config TOOLCHAIN_DEFAULT_CPU
+ bool "Rely on the toolchain's implicit default CPU"
+ depends on PPC32
+
endchoice
config TARGET_CPU_BOOL
bool
- default !GENERIC_CPU
+ default !GENERIC_CPU && !TOOLCHAIN_DEFAULT_CPU
config TARGET_CPU
string
@@ -193,6 +205,9 @@ config TARGET_CPU
default "e300c2" if E300C2_CPU
default "e300c3" if E300C3_CPU
default "G4" if G4_CPU
+ default "8540" if E500_CPU
+ default "e500mc" if E500MC_CPU
+ default "powerpc" if POWERPC_CPU
config PPC_BOOK3S
def_bool y
--
2.35.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [PATCH AUTOSEL 5.4 10/16] ALSA: core: Add async signal helpers
2022-08-14 16:28 [PATCH AUTOSEL 5.4 01/16] lib/list_debug.c: Detect uninitialized lists Sasha Levin
` (7 preceding siblings ...)
2022-08-14 16:28 ` [PATCH AUTOSEL 5.4 09/16] powerpc/32: Don't always pass -mcpu=powerpc to the compiler Sasha Levin
@ 2022-08-14 16:28 ` Sasha Levin
2022-08-14 16:28 ` [PATCH AUTOSEL 5.4 11/16] ALSA: timer: Use deferred fasync helper Sasha Levin
` (5 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: Sasha Levin @ 2022-08-14 16:28 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: Takashi Iwai, Sasha Levin, perex, tiwai, alsa-devel
From: Takashi Iwai <tiwai@suse.de>
[ Upstream commit ef34a0ae7a2654bc9e58675e36898217fb2799d8 ]
Currently the call of kill_fasync() from an interrupt handler might
lead to potential spin deadlocks, as spotted by syzkaller.
Unfortunately, it's not so trivial to fix this lock chain as it's
involved with the tasklist_lock that is touched in allover places.
As a temporary workaround, this patch provides the way to defer the
async signal notification in a work. The new helper functions,
snd_fasync_helper() and snd_kill_faync() are replacements for
fasync_helper() and kill_fasync(), respectively. In addition,
snd_fasync_free() needs to be called at the destructor of the relevant
file object.
Link: https://lore.kernel.org/r/20220728125945.29533-2-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/sound/core.h | 8 ++++
sound/core/misc.c | 94 ++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 102 insertions(+)
diff --git a/include/sound/core.h b/include/sound/core.h
index ee238f100f73..8a80121811d9 100644
--- a/include/sound/core.h
+++ b/include/sound/core.h
@@ -440,4 +440,12 @@ snd_pci_quirk_lookup_id(u16 vendor, u16 device,
}
#endif
+/* async signal helpers */
+struct snd_fasync;
+
+int snd_fasync_helper(int fd, struct file *file, int on,
+ struct snd_fasync **fasyncp);
+void snd_kill_fasync(struct snd_fasync *fasync, int signal, int poll);
+void snd_fasync_free(struct snd_fasync *fasync);
+
#endif /* __SOUND_CORE_H */
diff --git a/sound/core/misc.c b/sound/core/misc.c
index 3579dd7a161f..c3f3d94b5197 100644
--- a/sound/core/misc.c
+++ b/sound/core/misc.c
@@ -10,6 +10,7 @@
#include <linux/time.h>
#include <linux/slab.h>
#include <linux/ioport.h>
+#include <linux/fs.h>
#include <sound/core.h>
#ifdef CONFIG_SND_DEBUG
@@ -145,3 +146,96 @@ snd_pci_quirk_lookup(struct pci_dev *pci, const struct snd_pci_quirk *list)
}
EXPORT_SYMBOL(snd_pci_quirk_lookup);
#endif
+
+/*
+ * Deferred async signal helpers
+ *
+ * Below are a few helper functions to wrap the async signal handling
+ * in the deferred work. The main purpose is to avoid the messy deadlock
+ * around tasklist_lock and co at the kill_fasync() invocation.
+ * fasync_helper() and kill_fasync() are replaced with snd_fasync_helper()
+ * and snd_kill_fasync(), respectively. In addition, snd_fasync_free() has
+ * to be called at releasing the relevant file object.
+ */
+struct snd_fasync {
+ struct fasync_struct *fasync;
+ int signal;
+ int poll;
+ int on;
+ struct list_head list;
+};
+
+static DEFINE_SPINLOCK(snd_fasync_lock);
+static LIST_HEAD(snd_fasync_list);
+
+static void snd_fasync_work_fn(struct work_struct *work)
+{
+ struct snd_fasync *fasync;
+
+ spin_lock_irq(&snd_fasync_lock);
+ while (!list_empty(&snd_fasync_list)) {
+ fasync = list_first_entry(&snd_fasync_list, struct snd_fasync, list);
+ list_del_init(&fasync->list);
+ spin_unlock_irq(&snd_fasync_lock);
+ if (fasync->on)
+ kill_fasync(&fasync->fasync, fasync->signal, fasync->poll);
+ spin_lock_irq(&snd_fasync_lock);
+ }
+ spin_unlock_irq(&snd_fasync_lock);
+}
+
+static DECLARE_WORK(snd_fasync_work, snd_fasync_work_fn);
+
+int snd_fasync_helper(int fd, struct file *file, int on,
+ struct snd_fasync **fasyncp)
+{
+ struct snd_fasync *fasync = NULL;
+
+ if (on) {
+ fasync = kzalloc(sizeof(*fasync), GFP_KERNEL);
+ if (!fasync)
+ return -ENOMEM;
+ INIT_LIST_HEAD(&fasync->list);
+ }
+
+ spin_lock_irq(&snd_fasync_lock);
+ if (*fasyncp) {
+ kfree(fasync);
+ fasync = *fasyncp;
+ } else {
+ if (!fasync) {
+ spin_unlock_irq(&snd_fasync_lock);
+ return 0;
+ }
+ *fasyncp = fasync;
+ }
+ fasync->on = on;
+ spin_unlock_irq(&snd_fasync_lock);
+ return fasync_helper(fd, file, on, &fasync->fasync);
+}
+EXPORT_SYMBOL_GPL(snd_fasync_helper);
+
+void snd_kill_fasync(struct snd_fasync *fasync, int signal, int poll)
+{
+ unsigned long flags;
+
+ if (!fasync || !fasync->on)
+ return;
+ spin_lock_irqsave(&snd_fasync_lock, flags);
+ fasync->signal = signal;
+ fasync->poll = poll;
+ list_move(&fasync->list, &snd_fasync_list);
+ schedule_work(&snd_fasync_work);
+ spin_unlock_irqrestore(&snd_fasync_lock, flags);
+}
+EXPORT_SYMBOL_GPL(snd_kill_fasync);
+
+void snd_fasync_free(struct snd_fasync *fasync)
+{
+ if (!fasync)
+ return;
+ fasync->on = 0;
+ flush_work(&snd_fasync_work);
+ kfree(fasync);
+}
+EXPORT_SYMBOL_GPL(snd_fasync_free);
--
2.35.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [PATCH AUTOSEL 5.4 11/16] ALSA: timer: Use deferred fasync helper
2022-08-14 16:28 [PATCH AUTOSEL 5.4 01/16] lib/list_debug.c: Detect uninitialized lists Sasha Levin
` (8 preceding siblings ...)
2022-08-14 16:28 ` [PATCH AUTOSEL 5.4 10/16] ALSA: core: Add async signal helpers Sasha Levin
@ 2022-08-14 16:28 ` Sasha Levin
2022-08-14 16:28 ` [PATCH AUTOSEL 5.4 12/16] f2fs: fix to avoid use f2fs_bug_on() in f2fs_new_node_page() Sasha Levin
` (4 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: Sasha Levin @ 2022-08-14 16:28 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Takashi Iwai, syzbot+1ee0910eca9c94f71f25,
syzbot+49b10793b867871ee26f, syzbot+8285e973a41b5aa68902,
Sasha Levin, perex, tiwai, wangwensheng4, alsa-devel
From: Takashi Iwai <tiwai@suse.de>
[ Upstream commit 95cc637c1afd83fb7dd3d7c8a53710488f4caf9c ]
For avoiding the potential deadlock via kill_fasync() call, use the
new fasync helpers to defer the invocation from PCI API. Note that
it's merely a workaround.
Reported-by: syzbot+1ee0910eca9c94f71f25@syzkaller.appspotmail.com
Reported-by: syzbot+49b10793b867871ee26f@syzkaller.appspotmail.com
Reported-by: syzbot+8285e973a41b5aa68902@syzkaller.appspotmail.com
Link: https://lore.kernel.org/r/20220728125945.29533-3-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/core/timer.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/sound/core/timer.c b/sound/core/timer.c
index d684aa4150aa..420cc07a7f88 100644
--- a/sound/core/timer.c
+++ b/sound/core/timer.c
@@ -61,7 +61,7 @@ struct snd_timer_user {
unsigned int filter;
struct timespec tstamp; /* trigger tstamp */
wait_queue_head_t qchange_sleep;
- struct fasync_struct *fasync;
+ struct snd_fasync *fasync;
struct mutex ioctl_lock;
};
@@ -1317,7 +1317,7 @@ static void snd_timer_user_interrupt(struct snd_timer_instance *timeri,
}
__wake:
spin_unlock(&tu->qlock);
- kill_fasync(&tu->fasync, SIGIO, POLL_IN);
+ snd_kill_fasync(tu->fasync, SIGIO, POLL_IN);
wake_up(&tu->qchange_sleep);
}
@@ -1354,7 +1354,7 @@ static void snd_timer_user_ccallback(struct snd_timer_instance *timeri,
spin_lock_irqsave(&tu->qlock, flags);
snd_timer_user_append_to_tqueue(tu, &r1);
spin_unlock_irqrestore(&tu->qlock, flags);
- kill_fasync(&tu->fasync, SIGIO, POLL_IN);
+ snd_kill_fasync(tu->fasync, SIGIO, POLL_IN);
wake_up(&tu->qchange_sleep);
}
@@ -1421,7 +1421,7 @@ static void snd_timer_user_tinterrupt(struct snd_timer_instance *timeri,
spin_unlock(&tu->qlock);
if (append == 0)
return;
- kill_fasync(&tu->fasync, SIGIO, POLL_IN);
+ snd_kill_fasync(tu->fasync, SIGIO, POLL_IN);
wake_up(&tu->qchange_sleep);
}
@@ -1487,6 +1487,7 @@ static int snd_timer_user_release(struct inode *inode, struct file *file)
if (tu->timeri)
snd_timer_close(tu->timeri);
mutex_unlock(&tu->ioctl_lock);
+ snd_fasync_free(tu->fasync);
kfree(tu->queue);
kfree(tu->tqueue);
kfree(tu);
@@ -2050,7 +2051,7 @@ static int snd_timer_user_fasync(int fd, struct file * file, int on)
struct snd_timer_user *tu;
tu = file->private_data;
- return fasync_helper(fd, file, on, &tu->fasync);
+ return snd_fasync_helper(fd, file, on, &tu->fasync);
}
static ssize_t snd_timer_user_read(struct file *file, char __user *buffer,
--
2.35.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [PATCH AUTOSEL 5.4 12/16] f2fs: fix to avoid use f2fs_bug_on() in f2fs_new_node_page()
2022-08-14 16:28 [PATCH AUTOSEL 5.4 01/16] lib/list_debug.c: Detect uninitialized lists Sasha Levin
` (9 preceding siblings ...)
2022-08-14 16:28 ` [PATCH AUTOSEL 5.4 11/16] ALSA: timer: Use deferred fasync helper Sasha Levin
@ 2022-08-14 16:28 ` Sasha Levin
2022-08-14 16:28 ` [PATCH AUTOSEL 5.4 13/16] smb3: check xattr value length earlier Sasha Levin
` (3 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: Sasha Levin @ 2022-08-14 16:28 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Chao Yu, Dipanjan Das, Jaegeuk Kim, Sasha Levin, chao, linux-f2fs-devel
From: Chao Yu <chao.yu@oppo.com>
[ Upstream commit 141170b759e03958f296033bb7001be62d1d363b ]
As Dipanjan Das <mail.dipanjan.das@gmail.com> reported, syzkaller
found a f2fs bug as below:
RIP: 0010:f2fs_new_node_page+0x19ac/0x1fc0 fs/f2fs/node.c:1295
Call Trace:
write_all_xattrs fs/f2fs/xattr.c:487 [inline]
__f2fs_setxattr+0xe76/0x2e10 fs/f2fs/xattr.c:743
f2fs_setxattr+0x233/0xab0 fs/f2fs/xattr.c:790
f2fs_xattr_generic_set+0x133/0x170 fs/f2fs/xattr.c:86
__vfs_setxattr+0x115/0x180 fs/xattr.c:182
__vfs_setxattr_noperm+0x125/0x5f0 fs/xattr.c:216
__vfs_setxattr_locked+0x1cf/0x260 fs/xattr.c:277
vfs_setxattr+0x13f/0x330 fs/xattr.c:303
setxattr+0x146/0x160 fs/xattr.c:611
path_setxattr+0x1a7/0x1d0 fs/xattr.c:630
__do_sys_lsetxattr fs/xattr.c:653 [inline]
__se_sys_lsetxattr fs/xattr.c:649 [inline]
__x64_sys_lsetxattr+0xbd/0x150 fs/xattr.c:649
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x46/0xb0
NAT entry and nat bitmap can be inconsistent, e.g. one nid is free
in nat bitmap, and blkaddr in its NAT entry is not NULL_ADDR, it
may trigger BUG_ON() in f2fs_new_node_page(), fix it.
Reported-by: Dipanjan Das <mail.dipanjan.das@gmail.com>
Signed-off-by: Chao Yu <chao.yu@oppo.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/f2fs/node.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/fs/f2fs/node.c b/fs/f2fs/node.c
index 3dc7cc3d6ac6..b080d5c58f6c 100644
--- a/fs/f2fs/node.c
+++ b/fs/f2fs/node.c
@@ -1240,7 +1240,11 @@ struct page *f2fs_new_node_page(struct dnode_of_data *dn, unsigned int ofs)
dec_valid_node_count(sbi, dn->inode, !ofs);
goto fail;
}
- f2fs_bug_on(sbi, new_ni.blk_addr != NULL_ADDR);
+ if (unlikely(new_ni.blk_addr != NULL_ADDR)) {
+ err = -EFSCORRUPTED;
+ set_sbi_flag(sbi, SBI_NEED_FSCK);
+ goto fail;
+ }
#endif
new_ni.nid = dn->nid;
new_ni.ino = dn->inode->i_ino;
--
2.35.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [PATCH AUTOSEL 5.4 13/16] smb3: check xattr value length earlier
2022-08-14 16:28 [PATCH AUTOSEL 5.4 01/16] lib/list_debug.c: Detect uninitialized lists Sasha Levin
` (10 preceding siblings ...)
2022-08-14 16:28 ` [PATCH AUTOSEL 5.4 12/16] f2fs: fix to avoid use f2fs_bug_on() in f2fs_new_node_page() Sasha Levin
@ 2022-08-14 16:28 ` Sasha Levin
2022-08-14 16:28 ` [PATCH AUTOSEL 5.4 14/16] powerpc/64: Init jump labels before parse_early_param() Sasha Levin
` (2 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: Sasha Levin @ 2022-08-14 16:28 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Steve French, Ronnie Sahlberg, Sasha Levin, sfrench, linux-cifs,
samba-technical
From: Steve French <stfrench@microsoft.com>
[ Upstream commit 5fa2cffba0b82336a2244d941322eb1627ff787b ]
Coverity complains about assigning a pointer based on
value length before checking that value length goes
beyond the end of the SMB. Although this is even more
unlikely as value length is a single byte, and the
pointer is not dereferenced until laterm, it is clearer
to check the lengths first.
Addresses-Coverity: 1467704 ("Speculative execution data leak")
Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/cifs/smb2ops.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c
index 57164563eec6..6ae281cff0d5 100644
--- a/fs/cifs/smb2ops.c
+++ b/fs/cifs/smb2ops.c
@@ -960,9 +960,7 @@ move_smb2_ea_to_cifs(char *dst, size_t dst_size,
size_t name_len, value_len, user_name_len;
while (src_size > 0) {
- name = &src->ea_data[0];
name_len = (size_t)src->ea_name_length;
- value = &src->ea_data[src->ea_name_length + 1];
value_len = (size_t)le16_to_cpu(src->ea_value_length);
if (name_len == 0)
@@ -974,6 +972,9 @@ move_smb2_ea_to_cifs(char *dst, size_t dst_size,
goto out;
}
+ name = &src->ea_data[0];
+ value = &src->ea_data[src->ea_name_length + 1];
+
if (ea_name) {
if (ea_name_len == name_len &&
memcmp(ea_name, name, name_len) == 0) {
--
2.35.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [PATCH AUTOSEL 5.4 14/16] powerpc/64: Init jump labels before parse_early_param()
2022-08-14 16:28 [PATCH AUTOSEL 5.4 01/16] lib/list_debug.c: Detect uninitialized lists Sasha Levin
` (11 preceding siblings ...)
2022-08-14 16:28 ` [PATCH AUTOSEL 5.4 13/16] smb3: check xattr value length earlier Sasha Levin
@ 2022-08-14 16:28 ` Sasha Levin
2022-08-14 16:28 ` [PATCH AUTOSEL 5.4 15/16] video: fbdev: i740fb: Check the argument of i740_calc_vclk() Sasha Levin
2022-08-14 16:28 ` [PATCH AUTOSEL 5.4 16/16] MIPS: tlbex: Explicitly compare _PAGE_NO_EXEC against 0 Sasha Levin
14 siblings, 0 replies; 16+ messages in thread
From: Sasha Levin @ 2022-08-14 16:28 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Zhouyi Zhou, Michael Ellerman, Sasha Levin, frank.rowand, robh,
masahiroy, christophe.leroy, nick.child, clg, linuxppc-dev
From: Zhouyi Zhou <zhouzhouyi@gmail.com>
[ Upstream commit ca829e05d3d4f728810cc5e4b468d9ebc7745eb3 ]
On 64-bit, calling jump_label_init() in setup_feature_keys() is too
late because static keys may be used in subroutines of
parse_early_param() which is again subroutine of early_init_devtree().
For example booting with "threadirqs":
static_key_enable_cpuslocked(): static key '0xc000000002953260' used before call to jump_label_init()
WARNING: CPU: 0 PID: 0 at kernel/jump_label.c:166 static_key_enable_cpuslocked+0xfc/0x120
...
NIP static_key_enable_cpuslocked+0xfc/0x120
LR static_key_enable_cpuslocked+0xf8/0x120
Call Trace:
static_key_enable_cpuslocked+0xf8/0x120 (unreliable)
static_key_enable+0x30/0x50
setup_forced_irqthreads+0x28/0x40
do_early_param+0xa0/0x108
parse_args+0x290/0x4e0
parse_early_options+0x48/0x5c
parse_early_param+0x58/0x84
early_init_devtree+0xd4/0x518
early_setup+0xb4/0x214
So call jump_label_init() just before parse_early_param() in
early_init_devtree().
Suggested-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Zhouyi Zhou <zhouzhouyi@gmail.com>
[mpe: Add call trace to change log and minor wording edits.]
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220726015747.11754-1-zhouzhouyi@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/kernel/prom.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/arch/powerpc/kernel/prom.c b/arch/powerpc/kernel/prom.c
index 537142b877b8..d1ba17501343 100644
--- a/arch/powerpc/kernel/prom.c
+++ b/arch/powerpc/kernel/prom.c
@@ -740,6 +740,13 @@ void __init early_init_devtree(void *params)
of_scan_flat_dt(early_init_dt_scan_root, NULL);
of_scan_flat_dt(early_init_dt_scan_memory_ppc, NULL);
+ /*
+ * As generic code authors expect to be able to use static keys
+ * in early_param() handlers, we initialize the static keys just
+ * before parsing early params (it's fine to call jump_label_init()
+ * more than once).
+ */
+ jump_label_init();
parse_early_param();
/* make sure we've parsed cmdline for mem= before this */
--
2.35.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [PATCH AUTOSEL 5.4 15/16] video: fbdev: i740fb: Check the argument of i740_calc_vclk()
2022-08-14 16:28 [PATCH AUTOSEL 5.4 01/16] lib/list_debug.c: Detect uninitialized lists Sasha Levin
` (12 preceding siblings ...)
2022-08-14 16:28 ` [PATCH AUTOSEL 5.4 14/16] powerpc/64: Init jump labels before parse_early_param() Sasha Levin
@ 2022-08-14 16:28 ` Sasha Levin
2022-08-14 16:28 ` [PATCH AUTOSEL 5.4 16/16] MIPS: tlbex: Explicitly compare _PAGE_NO_EXEC against 0 Sasha Levin
14 siblings, 0 replies; 16+ messages in thread
From: Sasha Levin @ 2022-08-14 16:28 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Zheyu Ma, Helge Deller, Sasha Levin, linux, linux-fbdev, dri-devel
From: Zheyu Ma <zheyuma97@gmail.com>
[ Upstream commit 40bf722f8064f50200b8c4f8946cd625b441dda9 ]
Since the user can control the arguments of the ioctl() from the user
space, under special arguments that may result in a divide-by-zero bug.
If the user provides an improper 'pixclock' value that makes the argumet
of i740_calc_vclk() less than 'I740_RFREQ_FIX', it will cause a
divide-by-zero bug in:
drivers/video/fbdev/i740fb.c:353 p_best = min(15, ilog2(I740_MAX_VCO_FREQ / (freq / I740_RFREQ_FIX)));
The following log can reveal it:
divide error: 0000 [#1] PREEMPT SMP KASAN PTI
RIP: 0010:i740_calc_vclk drivers/video/fbdev/i740fb.c:353 [inline]
RIP: 0010:i740fb_decode_var drivers/video/fbdev/i740fb.c:646 [inline]
RIP: 0010:i740fb_set_par+0x163f/0x3b70 drivers/video/fbdev/i740fb.c:742
Call Trace:
fb_set_var+0x604/0xeb0 drivers/video/fbdev/core/fbmem.c:1034
do_fb_ioctl+0x234/0x670 drivers/video/fbdev/core/fbmem.c:1110
fb_ioctl+0xdd/0x130 drivers/video/fbdev/core/fbmem.c:1189
Fix this by checking the argument of i740_calc_vclk() first.
Signed-off-by: Zheyu Ma <zheyuma97@gmail.com>
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/video/fbdev/i740fb.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/drivers/video/fbdev/i740fb.c b/drivers/video/fbdev/i740fb.c
index 347cf8babc3e..1434eb0220e7 100644
--- a/drivers/video/fbdev/i740fb.c
+++ b/drivers/video/fbdev/i740fb.c
@@ -400,7 +400,7 @@ static int i740fb_decode_var(const struct fb_var_screeninfo *var,
u32 xres, right, hslen, left, xtotal;
u32 yres, lower, vslen, upper, ytotal;
u32 vxres, xoffset, vyres, yoffset;
- u32 bpp, base, dacspeed24, mem;
+ u32 bpp, base, dacspeed24, mem, freq;
u8 r7;
int i;
@@ -643,7 +643,12 @@ static int i740fb_decode_var(const struct fb_var_screeninfo *var,
par->atc[VGA_ATC_OVERSCAN] = 0;
/* Calculate VCLK that most closely matches the requested dot clock */
- i740_calc_vclk((((u32)1e9) / var->pixclock) * (u32)(1e3), par);
+ freq = (((u32)1e9) / var->pixclock) * (u32)(1e3);
+ if (freq < I740_RFREQ_FIX) {
+ fb_dbg(info, "invalid pixclock\n");
+ freq = I740_RFREQ_FIX;
+ }
+ i740_calc_vclk(freq, par);
/* Since we program the clocks ourselves, always use VCLK2. */
par->misc |= 0x0C;
--
2.35.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [PATCH AUTOSEL 5.4 16/16] MIPS: tlbex: Explicitly compare _PAGE_NO_EXEC against 0
2022-08-14 16:28 [PATCH AUTOSEL 5.4 01/16] lib/list_debug.c: Detect uninitialized lists Sasha Levin
` (13 preceding siblings ...)
2022-08-14 16:28 ` [PATCH AUTOSEL 5.4 15/16] video: fbdev: i740fb: Check the argument of i740_calc_vclk() Sasha Levin
@ 2022-08-14 16:28 ` Sasha Levin
14 siblings, 0 replies; 16+ messages in thread
From: Sasha Levin @ 2022-08-14 16:28 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Nathan Chancellor, Sudip Mukherjee, Thomas Bogendoerfer,
Sasha Levin, ndesaulniers, macro, linux-mips, llvm
From: Nathan Chancellor <nathan@kernel.org>
[ Upstream commit 74de14fe05dd6b151d73cb0c73c8ec874cbdcde6 ]
When CONFIG_XPA is enabled, Clang warns:
arch/mips/mm/tlbex.c:629:24: error: converting the result of '<<' to a boolean; did you mean '(1 << _PAGE_NO_EXEC_SHIFT) != 0'? [-Werror,-Wint-in-bool-context]
if (cpu_has_rixi && !!_PAGE_NO_EXEC) {
^
arch/mips/include/asm/pgtable-bits.h:174:28: note: expanded from macro '_PAGE_NO_EXEC'
# define _PAGE_NO_EXEC (1 << _PAGE_NO_EXEC_SHIFT)
^
arch/mips/mm/tlbex.c:2568:24: error: converting the result of '<<' to a boolean; did you mean '(1 << _PAGE_NO_EXEC_SHIFT) != 0'? [-Werror,-Wint-in-bool-context]
if (!cpu_has_rixi || !_PAGE_NO_EXEC) {
^
arch/mips/include/asm/pgtable-bits.h:174:28: note: expanded from macro '_PAGE_NO_EXEC'
# define _PAGE_NO_EXEC (1 << _PAGE_NO_EXEC_SHIFT)
^
2 errors generated.
_PAGE_NO_EXEC can be '0' or '1 << _PAGE_NO_EXEC_SHIFT' depending on the
build and runtime configuration, which is what the negation operators
are trying to convey. To silence the warning, explicitly compare against
0 so the result of the '<<' operator is not implicitly converted to a
boolean.
According to its documentation, GCC enables -Wint-in-bool-context with
-Wall but this warning is not visible when building the same
configuration with GCC. It appears GCC only warns when compiling C++,
not C, although the documentation makes no note of this:
https://godbolt.org/z/x39q3brxf
Reported-by: Sudip Mukherjee (Codethink) <sudipm.mukherjee@gmail.com>
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/mips/mm/tlbex.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/mips/mm/tlbex.c b/arch/mips/mm/tlbex.c
index 547d813ead48..061dc5c97d5a 100644
--- a/arch/mips/mm/tlbex.c
+++ b/arch/mips/mm/tlbex.c
@@ -629,7 +629,7 @@ static __maybe_unused void build_convert_pte_to_entrylo(u32 **p,
return;
}
- if (cpu_has_rixi && !!_PAGE_NO_EXEC) {
+ if (cpu_has_rixi && _PAGE_NO_EXEC != 0) {
if (fill_includes_sw_bits) {
UASM_i_ROTR(p, reg, reg, ilog2(_PAGE_GLOBAL));
} else {
@@ -2568,7 +2568,7 @@ static void check_pabits(void)
unsigned long entry;
unsigned pabits, fillbits;
- if (!cpu_has_rixi || !_PAGE_NO_EXEC) {
+ if (!cpu_has_rixi || _PAGE_NO_EXEC == 0) {
/*
* We'll only be making use of the fact that we can rotate bits
* into the fill if the CPU supports RIXI, so don't bother
--
2.35.1
^ permalink raw reply related [flat|nested] 16+ messages in thread