* [PATCH AUTOSEL 4.19 01/14] lib/list_debug.c: Detect uninitialized lists
@ 2022-08-14 16:29 Sasha Levin
2022-08-14 16:29 ` [PATCH AUTOSEL 4.19 02/14] tty: serial: Fix refcount leak bug in ucc_uart.c Sasha Levin
` (12 more replies)
0 siblings, 13 replies; 14+ messages in thread
From: Sasha Levin @ 2022-08-14 16:29 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Guenter Roeck, Steven Rostedt, Andrew Morton, Sasha Levin,
thunder.leizhen
From: Guenter Roeck <linux@roeck-us.net>
[ Upstream commit 0cc011c576aaa4de505046f7a6c90933d7c749a9 ]
In some circumstances, attempts are made to add entries to or to remove
entries from an uninitialized list. A prime example is
amdgpu_bo_vm_destroy(): It is indirectly called from
ttm_bo_init_reserved() if that function fails, and tries to remove an
entry from a list. However, that list is only initialized in
amdgpu_bo_create_vm() after the call to ttm_bo_init_reserved() returned
success. This results in crashes such as
BUG: kernel NULL pointer dereference, address: 0000000000000000
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 0 P4D 0
Oops: 0000 [#1] PREEMPT SMP NOPTI
CPU: 1 PID: 1479 Comm: chrome Not tainted 5.10.110-15768-g29a72e65dae5
Hardware name: Google Grunt/Grunt, BIOS Google_Grunt.11031.149.0 07/15/2020
RIP: 0010:__list_del_entry_valid+0x26/0x7d
...
Call Trace:
amdgpu_bo_vm_destroy+0x48/0x8b
ttm_bo_init_reserved+0x1d7/0x1e0
amdgpu_bo_create+0x212/0x476
? amdgpu_bo_user_destroy+0x23/0x23
? kmem_cache_alloc+0x60/0x271
amdgpu_bo_create_vm+0x40/0x7d
amdgpu_vm_pt_create+0xe8/0x24b
...
Check if the list's prev and next pointers are NULL to catch such problems.
Link: https://lkml.kernel.org/r/20220531222951.92073-1-linux@roeck-us.net
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Cc: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
lib/list_debug.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/lib/list_debug.c b/lib/list_debug.c
index 5d5424b51b74..413daa72a3d8 100644
--- a/lib/list_debug.c
+++ b/lib/list_debug.c
@@ -20,7 +20,11 @@
bool __list_add_valid(struct list_head *new, struct list_head *prev,
struct list_head *next)
{
- if (CHECK_DATA_CORRUPTION(next->prev != prev,
+ if (CHECK_DATA_CORRUPTION(prev == NULL,
+ "list_add corruption. prev is NULL.\n") ||
+ CHECK_DATA_CORRUPTION(next == NULL,
+ "list_add corruption. next is NULL.\n") ||
+ CHECK_DATA_CORRUPTION(next->prev != prev,
"list_add corruption. next->prev should be prev (%px), but was %px. (next=%px).\n",
prev, next->prev, next) ||
CHECK_DATA_CORRUPTION(prev->next != next,
@@ -42,7 +46,11 @@ bool __list_del_entry_valid(struct list_head *entry)
prev = entry->prev;
next = entry->next;
- if (CHECK_DATA_CORRUPTION(next == LIST_POISON1,
+ if (CHECK_DATA_CORRUPTION(next == NULL,
+ "list_del corruption, %px->next is NULL\n", entry) ||
+ CHECK_DATA_CORRUPTION(prev == NULL,
+ "list_del corruption, %px->prev is NULL\n", entry) ||
+ CHECK_DATA_CORRUPTION(next == LIST_POISON1,
"list_del corruption, %px->next is LIST_POISON1 (%px)\n",
entry, LIST_POISON1) ||
CHECK_DATA_CORRUPTION(prev == LIST_POISON2,
--
2.35.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH AUTOSEL 4.19 02/14] tty: serial: Fix refcount leak bug in ucc_uart.c
2022-08-14 16:29 [PATCH AUTOSEL 4.19 01/14] lib/list_debug.c: Detect uninitialized lists Sasha Levin
@ 2022-08-14 16:29 ` Sasha Levin
2022-08-14 16:29 ` [PATCH AUTOSEL 4.19 03/14] vfio: Clear the caps->buf to NULL after free Sasha Levin
` (11 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: Sasha Levin @ 2022-08-14 16:29 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Liang He, Timur Tabi, Greg Kroah-Hartman, Sasha Levin, jirislaby,
linuxppc-dev, linux-serial
From: Liang He <windhl@126.com>
[ Upstream commit d24d7bb2cd947676f9b71fb944d045e09b8b282f ]
In soc_info(), of_find_node_by_type() will return a node pointer
with refcount incremented. We should use of_node_put() when it is
not used anymore.
Acked-by: Timur Tabi <timur@kernel.org>
Signed-off-by: Liang He <windhl@126.com>
Link: https://lore.kernel.org/r/20220618060850.4058525-1-windhl@126.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/ucc_uart.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/tty/serial/ucc_uart.c b/drivers/tty/serial/ucc_uart.c
index 2b6376e6e5ad..eb0d3f55235a 100644
--- a/drivers/tty/serial/ucc_uart.c
+++ b/drivers/tty/serial/ucc_uart.c
@@ -1141,6 +1141,8 @@ static unsigned int soc_info(unsigned int *rev_h, unsigned int *rev_l)
/* No compatible property, so try the name. */
soc_string = np->name;
+ of_node_put(np);
+
/* Extract the SOC number from the "PowerPC," string */
if ((sscanf(soc_string, "PowerPC,%u", &soc) != 1) || !soc)
return 0;
--
2.35.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH AUTOSEL 4.19 03/14] vfio: Clear the caps->buf to NULL after free
2022-08-14 16:29 [PATCH AUTOSEL 4.19 01/14] lib/list_debug.c: Detect uninitialized lists Sasha Levin
2022-08-14 16:29 ` [PATCH AUTOSEL 4.19 02/14] tty: serial: Fix refcount leak bug in ucc_uart.c Sasha Levin
@ 2022-08-14 16:29 ` Sasha Levin
2022-08-14 16:29 ` [PATCH AUTOSEL 4.19 04/14] mips: cavium-octeon: Fix missing of_node_put() in octeon2_usb_clocks_start Sasha Levin
` (10 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: Sasha Levin @ 2022-08-14 16:29 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Schspa Shi, Cornelia Huck, Alex Williamson, Sasha Levin, kvm
From: Schspa Shi <schspa@gmail.com>
[ Upstream commit 6641085e8d7b3f061911517f79a2a15a0a21b97b ]
On buffer resize failure, vfio_info_cap_add() will free the buffer,
report zero for the size, and return -ENOMEM. As additional
hardening, also clear the buffer pointer to prevent any chance of a
double free.
Signed-off-by: Schspa Shi <schspa@gmail.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Link: https://lore.kernel.org/r/20220629022948.55608-1-schspa@gmail.com
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/vfio/vfio.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/vfio/vfio.c b/drivers/vfio/vfio.c
index 7a386fb30bf1..0d146b45e0b4 100644
--- a/drivers/vfio/vfio.c
+++ b/drivers/vfio/vfio.c
@@ -1808,6 +1808,7 @@ struct vfio_info_cap_header *vfio_info_cap_add(struct vfio_info_cap *caps,
buf = krealloc(caps->buf, caps->size + size, GFP_KERNEL);
if (!buf) {
kfree(caps->buf);
+ caps->buf = NULL;
caps->size = 0;
return ERR_PTR(-ENOMEM);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH AUTOSEL 4.19 04/14] mips: cavium-octeon: Fix missing of_node_put() in octeon2_usb_clocks_start
2022-08-14 16:29 [PATCH AUTOSEL 4.19 01/14] lib/list_debug.c: Detect uninitialized lists Sasha Levin
2022-08-14 16:29 ` [PATCH AUTOSEL 4.19 02/14] tty: serial: Fix refcount leak bug in ucc_uart.c Sasha Levin
2022-08-14 16:29 ` [PATCH AUTOSEL 4.19 03/14] vfio: Clear the caps->buf to NULL after free Sasha Levin
@ 2022-08-14 16:29 ` Sasha Levin
2022-08-14 16:29 ` [PATCH AUTOSEL 4.19 05/14] riscv: mmap with PROT_WRITE but no PROT_READ is invalid Sasha Levin
` (9 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: Sasha Levin @ 2022-08-14 16:29 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Liang He, Thomas Bogendoerfer, Sasha Levin, ye.guojin, linux-mips
From: Liang He <windhl@126.com>
[ Upstream commit 7a9f743ceead60ed454c46fbc3085ee9a79cbebb ]
We should call of_node_put() for the reference 'uctl_node' returned by
of_get_parent() which will increase the refcount. Otherwise, there will
be a refcount leak bug.
Signed-off-by: Liang He <windhl@126.com>
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/mips/cavium-octeon/octeon-platform.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/mips/cavium-octeon/octeon-platform.c b/arch/mips/cavium-octeon/octeon-platform.c
index 4d83f5bc7211..54c8389decda 100644
--- a/arch/mips/cavium-octeon/octeon-platform.c
+++ b/arch/mips/cavium-octeon/octeon-platform.c
@@ -86,11 +86,12 @@ static void octeon2_usb_clocks_start(struct device *dev)
"refclk-frequency", &clock_rate);
if (i) {
dev_err(dev, "No UCTL \"refclk-frequency\"\n");
+ of_node_put(uctl_node);
goto exit;
}
i = of_property_read_string(uctl_node,
"refclk-type", &clock_type);
-
+ of_node_put(uctl_node);
if (!i && strcmp("crystal", clock_type) == 0)
is_crystal_clock = true;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH AUTOSEL 4.19 05/14] riscv: mmap with PROT_WRITE but no PROT_READ is invalid
2022-08-14 16:29 [PATCH AUTOSEL 4.19 01/14] lib/list_debug.c: Detect uninitialized lists Sasha Levin
` (2 preceding siblings ...)
2022-08-14 16:29 ` [PATCH AUTOSEL 4.19 04/14] mips: cavium-octeon: Fix missing of_node_put() in octeon2_usb_clocks_start Sasha Levin
@ 2022-08-14 16:29 ` Sasha Levin
2022-08-14 16:29 ` [PATCH AUTOSEL 4.19 06/14] RISC-V: Add fast call path of crash_kexec() Sasha Levin
` (8 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: Sasha Levin @ 2022-08-14 16:29 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Celeste Liu, xctan, dram, Ruizhe Pan, Palmer Dabbelt,
Sasha Levin, paul.walmsley, palmer, aou, guoren, linux-riscv
From: Celeste Liu <coelacanthus@outlook.com>
[ Upstream commit 2139619bcad7ac44cc8f6f749089120594056613 ]
As mentioned in Table 4.5 in RISC-V spec Volume 2 Section 4.3, write
but not read is "Reserved for future use.". For now, they are not valid.
In the current code, -wx is marked as invalid, but -w- is not marked
as invalid.
This patch refines that judgment.
Reported-by: xctan <xc-tan@outlook.com>
Co-developed-by: dram <dramforever@live.com>
Signed-off-by: dram <dramforever@live.com>
Co-developed-by: Ruizhe Pan <c141028@gmail.com>
Signed-off-by: Ruizhe Pan <c141028@gmail.com>
Signed-off-by: Celeste Liu <coelacanthus@outlook.com>
Link: https://lore.kernel.org/r/PH7PR14MB559464DBDD310E755F5B21E8CEDC9@PH7PR14MB5594.namprd14.prod.outlook.com
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/riscv/kernel/sys_riscv.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/arch/riscv/kernel/sys_riscv.c b/arch/riscv/kernel/sys_riscv.c
index db44da32701f..516aaa19daf2 100644
--- a/arch/riscv/kernel/sys_riscv.c
+++ b/arch/riscv/kernel/sys_riscv.c
@@ -26,9 +26,8 @@ static long riscv_sys_mmap(unsigned long addr, unsigned long len,
if (unlikely(offset & (~PAGE_MASK >> page_shift_offset)))
return -EINVAL;
- if ((prot & PROT_WRITE) && (prot & PROT_EXEC))
- if (unlikely(!(prot & PROT_READ)))
- return -EINVAL;
+ if (unlikely((prot & PROT_WRITE) && !(prot & PROT_READ)))
+ return -EINVAL;
return ksys_mmap_pgoff(addr, len, prot, flags, fd,
offset >> (PAGE_SHIFT - page_shift_offset));
--
2.35.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH AUTOSEL 4.19 06/14] RISC-V: Add fast call path of crash_kexec()
2022-08-14 16:29 [PATCH AUTOSEL 4.19 01/14] lib/list_debug.c: Detect uninitialized lists Sasha Levin
` (3 preceding siblings ...)
2022-08-14 16:29 ` [PATCH AUTOSEL 4.19 05/14] riscv: mmap with PROT_WRITE but no PROT_READ is invalid Sasha Levin
@ 2022-08-14 16:29 ` Sasha Levin
2022-08-14 16:29 ` [PATCH AUTOSEL 4.19 07/14] watchdog: export lockup_detector_reconfigure Sasha Levin
` (7 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: Sasha Levin @ 2022-08-14 16:29 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Xianting Tian, Guo Ren, Palmer Dabbelt, Sasha Levin,
paul.walmsley, palmer, aou, mpe, rmk+kernel, ebiederm, heiko,
wangkefeng.wang, linux-riscv
From: Xianting Tian <xianting.tian@linux.alibaba.com>
[ Upstream commit 3f1901110a89b0e2e13adb2ac8d1a7102879ea98 ]
Currently, almost all archs (x86, arm64, mips...) support fast call
of crash_kexec() when "regs && kexec_should_crash()" is true. But
RISC-V not, it can only enter crash system via panic(). However panic()
doesn't pass the regs of the real accident scene to crash_kexec(),
it caused we can't get accurate backtrace via gdb,
$ riscv64-linux-gnu-gdb vmlinux vmcore
Reading symbols from vmlinux...
[New LWP 95]
#0 console_unlock () at kernel/printk/printk.c:2557
2557 if (do_cond_resched)
(gdb) bt
#0 console_unlock () at kernel/printk/printk.c:2557
#1 0x0000000000000000 in ?? ()
With the patch we can get the accurate backtrace,
$ riscv64-linux-gnu-gdb vmlinux vmcore
Reading symbols from vmlinux...
[New LWP 95]
#0 0xffffffe00063a4e0 in test_thread (data=<optimized out>) at drivers/test_crash.c:81
81 *(int *)p = 0xdead;
(gdb)
(gdb) bt
#0 0xffffffe00064d5c0 in test_thread (data=<optimized out>) at drivers/test_crash.c:81
#1 0x0000000000000000 in ?? ()
Test code to produce NULL address dereference in test_crash.c,
void *p = NULL;
*(int *)p = 0xdead;
Reviewed-by: Guo Ren <guoren@kernel.org>
Tested-by: Xianting Tian <xianting.tian@linux.alibaba.com>
Signed-off-by: Xianting Tian <xianting.tian@linux.alibaba.com>
Link: https://lore.kernel.org/r/20220606082308.2883458-1-xianting.tian@linux.alibaba.com
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/riscv/kernel/traps.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/arch/riscv/kernel/traps.c b/arch/riscv/kernel/traps.c
index 24a9333dda2c..7c65750508f2 100644
--- a/arch/riscv/kernel/traps.c
+++ b/arch/riscv/kernel/traps.c
@@ -22,6 +22,7 @@
#include <linux/mm.h>
#include <linux/module.h>
#include <linux/irq.h>
+#include <linux/kexec.h>
#include <asm/processor.h>
#include <asm/ptrace.h>
@@ -50,6 +51,9 @@ void die(struct pt_regs *regs, const char *str)
ret = notify_die(DIE_OOPS, str, regs, 0, regs->scause, SIGSEGV);
+ if (regs && kexec_should_crash(current))
+ crash_kexec(regs);
+
bust_spinlocks(0);
add_taint(TAINT_DIE, LOCKDEP_NOW_UNRELIABLE);
spin_unlock_irq(&die_lock);
--
2.35.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH AUTOSEL 4.19 07/14] watchdog: export lockup_detector_reconfigure
2022-08-14 16:29 [PATCH AUTOSEL 4.19 01/14] lib/list_debug.c: Detect uninitialized lists Sasha Levin
` (4 preceding siblings ...)
2022-08-14 16:29 ` [PATCH AUTOSEL 4.19 06/14] RISC-V: Add fast call path of crash_kexec() Sasha Levin
@ 2022-08-14 16:29 ` Sasha Levin
2022-08-14 16:29 ` [PATCH AUTOSEL 4.19 08/14] ALSA: core: Add async signal helpers Sasha Levin
` (6 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: Sasha Levin @ 2022-08-14 16:29 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Laurent Dufour, Michael Ellerman, Sasha Levin, pmladek, akpm,
mcgrof, nixiaoming, pauld, linux, john.ogness, frederic
From: Laurent Dufour <ldufour@linux.ibm.com>
[ Upstream commit 7c56a8733d0a2a4be2438a7512566e5ce552fccf ]
In some circumstances it may be interesting to reconfigure the watchdog
from inside the kernel.
On PowerPC, this may helpful before and after a LPAR migration (LPM) is
initiated, because it implies some latencies, watchdog, and especially NMI
watchdog is expected to be triggered during this operation. Reconfiguring
the watchdog with a factor, would prevent it to happen too frequently
during LPM.
Rename lockup_detector_reconfigure() as __lockup_detector_reconfigure() and
create a new function lockup_detector_reconfigure() calling
__lockup_detector_reconfigure() under the protection of watchdog_mutex.
Signed-off-by: Laurent Dufour <ldufour@linux.ibm.com>
[mpe: Squash in build fix from Laurent, reported by Sachin]
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220713154729.80789-3-ldufour@linux.ibm.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/nmi.h | 2 ++
kernel/watchdog.c | 21 ++++++++++++++++-----
2 files changed, 18 insertions(+), 5 deletions(-)
diff --git a/include/linux/nmi.h b/include/linux/nmi.h
index 9003e29cde46..e972d1ae1ee6 100644
--- a/include/linux/nmi.h
+++ b/include/linux/nmi.h
@@ -122,6 +122,8 @@ int watchdog_nmi_probe(void);
int watchdog_nmi_enable(unsigned int cpu);
void watchdog_nmi_disable(unsigned int cpu);
+void lockup_detector_reconfigure(void);
+
/**
* touch_nmi_watchdog - restart NMI watchdog timeout.
*
diff --git a/kernel/watchdog.c b/kernel/watchdog.c
index 6d60701dc636..44096c4f4d60 100644
--- a/kernel/watchdog.c
+++ b/kernel/watchdog.c
@@ -561,7 +561,7 @@ int lockup_detector_offline_cpu(unsigned int cpu)
return 0;
}
-static void lockup_detector_reconfigure(void)
+static void __lockup_detector_reconfigure(void)
{
cpus_read_lock();
watchdog_nmi_stop();
@@ -581,6 +581,13 @@ static void lockup_detector_reconfigure(void)
__lockup_detector_cleanup();
}
+void lockup_detector_reconfigure(void)
+{
+ mutex_lock(&watchdog_mutex);
+ __lockup_detector_reconfigure();
+ mutex_unlock(&watchdog_mutex);
+}
+
/*
* Create the watchdog thread infrastructure and configure the detector(s).
*
@@ -601,13 +608,13 @@ static __init void lockup_detector_setup(void)
return;
mutex_lock(&watchdog_mutex);
- lockup_detector_reconfigure();
+ __lockup_detector_reconfigure();
softlockup_initialized = true;
mutex_unlock(&watchdog_mutex);
}
#else /* CONFIG_SOFTLOCKUP_DETECTOR */
-static void lockup_detector_reconfigure(void)
+static void __lockup_detector_reconfigure(void)
{
cpus_read_lock();
watchdog_nmi_stop();
@@ -615,9 +622,13 @@ static void lockup_detector_reconfigure(void)
watchdog_nmi_start();
cpus_read_unlock();
}
+void lockup_detector_reconfigure(void)
+{
+ __lockup_detector_reconfigure();
+}
static inline void lockup_detector_setup(void)
{
- lockup_detector_reconfigure();
+ __lockup_detector_reconfigure();
}
#endif /* !CONFIG_SOFTLOCKUP_DETECTOR */
@@ -657,7 +668,7 @@ static void proc_watchdog_update(void)
{
/* Remove impossible cpus to keep sysctl output clean. */
cpumask_and(&watchdog_cpumask, &watchdog_cpumask, cpu_possible_mask);
- lockup_detector_reconfigure();
+ __lockup_detector_reconfigure();
}
/*
--
2.35.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH AUTOSEL 4.19 08/14] ALSA: core: Add async signal helpers
2022-08-14 16:29 [PATCH AUTOSEL 4.19 01/14] lib/list_debug.c: Detect uninitialized lists Sasha Levin
` (5 preceding siblings ...)
2022-08-14 16:29 ` [PATCH AUTOSEL 4.19 07/14] watchdog: export lockup_detector_reconfigure Sasha Levin
@ 2022-08-14 16:29 ` Sasha Levin
2022-08-14 16:29 ` [PATCH AUTOSEL 4.19 09/14] ALSA: timer: Use deferred fasync helper Sasha Levin
` (5 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: Sasha Levin @ 2022-08-14 16:29 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: Takashi Iwai, Sasha Levin, perex, tiwai, alsa-devel
From: Takashi Iwai <tiwai@suse.de>
[ Upstream commit ef34a0ae7a2654bc9e58675e36898217fb2799d8 ]
Currently the call of kill_fasync() from an interrupt handler might
lead to potential spin deadlocks, as spotted by syzkaller.
Unfortunately, it's not so trivial to fix this lock chain as it's
involved with the tasklist_lock that is touched in allover places.
As a temporary workaround, this patch provides the way to defer the
async signal notification in a work. The new helper functions,
snd_fasync_helper() and snd_kill_faync() are replacements for
fasync_helper() and kill_fasync(), respectively. In addition,
snd_fasync_free() needs to be called at the destructor of the relevant
file object.
Link: https://lore.kernel.org/r/20220728125945.29533-2-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/sound/core.h | 8 ++++
sound/core/misc.c | 94 ++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 102 insertions(+)
diff --git a/include/sound/core.h b/include/sound/core.h
index 36a5934cf4b1..b5a8cc4d02cc 100644
--- a/include/sound/core.h
+++ b/include/sound/core.h
@@ -444,4 +444,12 @@ snd_pci_quirk_lookup_id(u16 vendor, u16 device,
}
#endif
+/* async signal helpers */
+struct snd_fasync;
+
+int snd_fasync_helper(int fd, struct file *file, int on,
+ struct snd_fasync **fasyncp);
+void snd_kill_fasync(struct snd_fasync *fasync, int signal, int poll);
+void snd_fasync_free(struct snd_fasync *fasync);
+
#endif /* __SOUND_CORE_H */
diff --git a/sound/core/misc.c b/sound/core/misc.c
index 0f818d593c9e..d100feba26b5 100644
--- a/sound/core/misc.c
+++ b/sound/core/misc.c
@@ -25,6 +25,7 @@
#include <linux/time.h>
#include <linux/slab.h>
#include <linux/ioport.h>
+#include <linux/fs.h>
#include <sound/core.h>
#ifdef CONFIG_SND_DEBUG
@@ -160,3 +161,96 @@ snd_pci_quirk_lookup(struct pci_dev *pci, const struct snd_pci_quirk *list)
}
EXPORT_SYMBOL(snd_pci_quirk_lookup);
#endif
+
+/*
+ * Deferred async signal helpers
+ *
+ * Below are a few helper functions to wrap the async signal handling
+ * in the deferred work. The main purpose is to avoid the messy deadlock
+ * around tasklist_lock and co at the kill_fasync() invocation.
+ * fasync_helper() and kill_fasync() are replaced with snd_fasync_helper()
+ * and snd_kill_fasync(), respectively. In addition, snd_fasync_free() has
+ * to be called at releasing the relevant file object.
+ */
+struct snd_fasync {
+ struct fasync_struct *fasync;
+ int signal;
+ int poll;
+ int on;
+ struct list_head list;
+};
+
+static DEFINE_SPINLOCK(snd_fasync_lock);
+static LIST_HEAD(snd_fasync_list);
+
+static void snd_fasync_work_fn(struct work_struct *work)
+{
+ struct snd_fasync *fasync;
+
+ spin_lock_irq(&snd_fasync_lock);
+ while (!list_empty(&snd_fasync_list)) {
+ fasync = list_first_entry(&snd_fasync_list, struct snd_fasync, list);
+ list_del_init(&fasync->list);
+ spin_unlock_irq(&snd_fasync_lock);
+ if (fasync->on)
+ kill_fasync(&fasync->fasync, fasync->signal, fasync->poll);
+ spin_lock_irq(&snd_fasync_lock);
+ }
+ spin_unlock_irq(&snd_fasync_lock);
+}
+
+static DECLARE_WORK(snd_fasync_work, snd_fasync_work_fn);
+
+int snd_fasync_helper(int fd, struct file *file, int on,
+ struct snd_fasync **fasyncp)
+{
+ struct snd_fasync *fasync = NULL;
+
+ if (on) {
+ fasync = kzalloc(sizeof(*fasync), GFP_KERNEL);
+ if (!fasync)
+ return -ENOMEM;
+ INIT_LIST_HEAD(&fasync->list);
+ }
+
+ spin_lock_irq(&snd_fasync_lock);
+ if (*fasyncp) {
+ kfree(fasync);
+ fasync = *fasyncp;
+ } else {
+ if (!fasync) {
+ spin_unlock_irq(&snd_fasync_lock);
+ return 0;
+ }
+ *fasyncp = fasync;
+ }
+ fasync->on = on;
+ spin_unlock_irq(&snd_fasync_lock);
+ return fasync_helper(fd, file, on, &fasync->fasync);
+}
+EXPORT_SYMBOL_GPL(snd_fasync_helper);
+
+void snd_kill_fasync(struct snd_fasync *fasync, int signal, int poll)
+{
+ unsigned long flags;
+
+ if (!fasync || !fasync->on)
+ return;
+ spin_lock_irqsave(&snd_fasync_lock, flags);
+ fasync->signal = signal;
+ fasync->poll = poll;
+ list_move(&fasync->list, &snd_fasync_list);
+ schedule_work(&snd_fasync_work);
+ spin_unlock_irqrestore(&snd_fasync_lock, flags);
+}
+EXPORT_SYMBOL_GPL(snd_kill_fasync);
+
+void snd_fasync_free(struct snd_fasync *fasync)
+{
+ if (!fasync)
+ return;
+ fasync->on = 0;
+ flush_work(&snd_fasync_work);
+ kfree(fasync);
+}
+EXPORT_SYMBOL_GPL(snd_fasync_free);
--
2.35.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH AUTOSEL 4.19 09/14] ALSA: timer: Use deferred fasync helper
2022-08-14 16:29 [PATCH AUTOSEL 4.19 01/14] lib/list_debug.c: Detect uninitialized lists Sasha Levin
` (6 preceding siblings ...)
2022-08-14 16:29 ` [PATCH AUTOSEL 4.19 08/14] ALSA: core: Add async signal helpers Sasha Levin
@ 2022-08-14 16:29 ` Sasha Levin
2022-08-14 16:29 ` [PATCH AUTOSEL 4.19 10/14] f2fs: fix to avoid use f2fs_bug_on() in f2fs_new_node_page() Sasha Levin
` (4 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: Sasha Levin @ 2022-08-14 16:29 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Takashi Iwai, syzbot+1ee0910eca9c94f71f25,
syzbot+49b10793b867871ee26f, syzbot+8285e973a41b5aa68902,
Sasha Levin, perex, tiwai, wangwensheng4, alsa-devel
From: Takashi Iwai <tiwai@suse.de>
[ Upstream commit 95cc637c1afd83fb7dd3d7c8a53710488f4caf9c ]
For avoiding the potential deadlock via kill_fasync() call, use the
new fasync helpers to defer the invocation from PCI API. Note that
it's merely a workaround.
Reported-by: syzbot+1ee0910eca9c94f71f25@syzkaller.appspotmail.com
Reported-by: syzbot+49b10793b867871ee26f@syzkaller.appspotmail.com
Reported-by: syzbot+8285e973a41b5aa68902@syzkaller.appspotmail.com
Link: https://lore.kernel.org/r/20220728125945.29533-3-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/core/timer.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/sound/core/timer.c b/sound/core/timer.c
index 4920ec4f4594..f0e8b98f346e 100644
--- a/sound/core/timer.c
+++ b/sound/core/timer.c
@@ -75,7 +75,7 @@ struct snd_timer_user {
unsigned int filter;
struct timespec tstamp; /* trigger tstamp */
wait_queue_head_t qchange_sleep;
- struct fasync_struct *fasync;
+ struct snd_fasync *fasync;
struct mutex ioctl_lock;
};
@@ -1306,7 +1306,7 @@ static void snd_timer_user_interrupt(struct snd_timer_instance *timeri,
}
__wake:
spin_unlock(&tu->qlock);
- kill_fasync(&tu->fasync, SIGIO, POLL_IN);
+ snd_kill_fasync(tu->fasync, SIGIO, POLL_IN);
wake_up(&tu->qchange_sleep);
}
@@ -1343,7 +1343,7 @@ static void snd_timer_user_ccallback(struct snd_timer_instance *timeri,
spin_lock_irqsave(&tu->qlock, flags);
snd_timer_user_append_to_tqueue(tu, &r1);
spin_unlock_irqrestore(&tu->qlock, flags);
- kill_fasync(&tu->fasync, SIGIO, POLL_IN);
+ snd_kill_fasync(tu->fasync, SIGIO, POLL_IN);
wake_up(&tu->qchange_sleep);
}
@@ -1410,7 +1410,7 @@ static void snd_timer_user_tinterrupt(struct snd_timer_instance *timeri,
spin_unlock(&tu->qlock);
if (append == 0)
return;
- kill_fasync(&tu->fasync, SIGIO, POLL_IN);
+ snd_kill_fasync(tu->fasync, SIGIO, POLL_IN);
wake_up(&tu->qchange_sleep);
}
@@ -1476,6 +1476,7 @@ static int snd_timer_user_release(struct inode *inode, struct file *file)
if (tu->timeri)
snd_timer_close(tu->timeri);
mutex_unlock(&tu->ioctl_lock);
+ snd_fasync_free(tu->fasync);
kfree(tu->queue);
kfree(tu->tqueue);
kfree(tu);
@@ -2027,7 +2028,7 @@ static int snd_timer_user_fasync(int fd, struct file * file, int on)
struct snd_timer_user *tu;
tu = file->private_data;
- return fasync_helper(fd, file, on, &tu->fasync);
+ return snd_fasync_helper(fd, file, on, &tu->fasync);
}
static ssize_t snd_timer_user_read(struct file *file, char __user *buffer,
--
2.35.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH AUTOSEL 4.19 10/14] f2fs: fix to avoid use f2fs_bug_on() in f2fs_new_node_page()
2022-08-14 16:29 [PATCH AUTOSEL 4.19 01/14] lib/list_debug.c: Detect uninitialized lists Sasha Levin
` (7 preceding siblings ...)
2022-08-14 16:29 ` [PATCH AUTOSEL 4.19 09/14] ALSA: timer: Use deferred fasync helper Sasha Levin
@ 2022-08-14 16:29 ` Sasha Levin
2022-08-14 16:29 ` [PATCH AUTOSEL 4.19 11/14] smb3: check xattr value length earlier Sasha Levin
` (3 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: Sasha Levin @ 2022-08-14 16:29 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Chao Yu, Dipanjan Das, Jaegeuk Kim, Sasha Levin, chao, linux-f2fs-devel
From: Chao Yu <chao.yu@oppo.com>
[ Upstream commit 141170b759e03958f296033bb7001be62d1d363b ]
As Dipanjan Das <mail.dipanjan.das@gmail.com> reported, syzkaller
found a f2fs bug as below:
RIP: 0010:f2fs_new_node_page+0x19ac/0x1fc0 fs/f2fs/node.c:1295
Call Trace:
write_all_xattrs fs/f2fs/xattr.c:487 [inline]
__f2fs_setxattr+0xe76/0x2e10 fs/f2fs/xattr.c:743
f2fs_setxattr+0x233/0xab0 fs/f2fs/xattr.c:790
f2fs_xattr_generic_set+0x133/0x170 fs/f2fs/xattr.c:86
__vfs_setxattr+0x115/0x180 fs/xattr.c:182
__vfs_setxattr_noperm+0x125/0x5f0 fs/xattr.c:216
__vfs_setxattr_locked+0x1cf/0x260 fs/xattr.c:277
vfs_setxattr+0x13f/0x330 fs/xattr.c:303
setxattr+0x146/0x160 fs/xattr.c:611
path_setxattr+0x1a7/0x1d0 fs/xattr.c:630
__do_sys_lsetxattr fs/xattr.c:653 [inline]
__se_sys_lsetxattr fs/xattr.c:649 [inline]
__x64_sys_lsetxattr+0xbd/0x150 fs/xattr.c:649
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x46/0xb0
NAT entry and nat bitmap can be inconsistent, e.g. one nid is free
in nat bitmap, and blkaddr in its NAT entry is not NULL_ADDR, it
may trigger BUG_ON() in f2fs_new_node_page(), fix it.
Reported-by: Dipanjan Das <mail.dipanjan.das@gmail.com>
Signed-off-by: Chao Yu <chao.yu@oppo.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/f2fs/node.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/fs/f2fs/node.c b/fs/f2fs/node.c
index ff3f97ba1a55..2c28f488ac2f 100644
--- a/fs/f2fs/node.c
+++ b/fs/f2fs/node.c
@@ -1232,7 +1232,11 @@ struct page *f2fs_new_node_page(struct dnode_of_data *dn, unsigned int ofs)
dec_valid_node_count(sbi, dn->inode, !ofs);
goto fail;
}
- f2fs_bug_on(sbi, new_ni.blk_addr != NULL_ADDR);
+ if (unlikely(new_ni.blk_addr != NULL_ADDR)) {
+ err = -EFSCORRUPTED;
+ set_sbi_flag(sbi, SBI_NEED_FSCK);
+ goto fail;
+ }
#endif
new_ni.nid = dn->nid;
new_ni.ino = dn->inode->i_ino;
--
2.35.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH AUTOSEL 4.19 11/14] smb3: check xattr value length earlier
2022-08-14 16:29 [PATCH AUTOSEL 4.19 01/14] lib/list_debug.c: Detect uninitialized lists Sasha Levin
` (8 preceding siblings ...)
2022-08-14 16:29 ` [PATCH AUTOSEL 4.19 10/14] f2fs: fix to avoid use f2fs_bug_on() in f2fs_new_node_page() Sasha Levin
@ 2022-08-14 16:29 ` Sasha Levin
2022-08-14 16:29 ` [PATCH AUTOSEL 4.19 12/14] powerpc/64: Init jump labels before parse_early_param() Sasha Levin
` (2 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: Sasha Levin @ 2022-08-14 16:29 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Steve French, Ronnie Sahlberg, Sasha Levin, sfrench, linux-cifs,
samba-technical
From: Steve French <stfrench@microsoft.com>
[ Upstream commit 5fa2cffba0b82336a2244d941322eb1627ff787b ]
Coverity complains about assigning a pointer based on
value length before checking that value length goes
beyond the end of the SMB. Although this is even more
unlikely as value length is a single byte, and the
pointer is not dereferenced until laterm, it is clearer
to check the lengths first.
Addresses-Coverity: 1467704 ("Speculative execution data leak")
Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/cifs/smb2ops.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c
index cc34a28aecbc..f906984eb25b 100644
--- a/fs/cifs/smb2ops.c
+++ b/fs/cifs/smb2ops.c
@@ -762,9 +762,7 @@ move_smb2_ea_to_cifs(char *dst, size_t dst_size,
size_t name_len, value_len, user_name_len;
while (src_size > 0) {
- name = &src->ea_data[0];
name_len = (size_t)src->ea_name_length;
- value = &src->ea_data[src->ea_name_length + 1];
value_len = (size_t)le16_to_cpu(src->ea_value_length);
if (name_len == 0) {
@@ -777,6 +775,9 @@ move_smb2_ea_to_cifs(char *dst, size_t dst_size,
goto out;
}
+ name = &src->ea_data[0];
+ value = &src->ea_data[src->ea_name_length + 1];
+
if (ea_name) {
if (ea_name_len == name_len &&
memcmp(ea_name, name, name_len) == 0) {
--
2.35.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH AUTOSEL 4.19 12/14] powerpc/64: Init jump labels before parse_early_param()
2022-08-14 16:29 [PATCH AUTOSEL 4.19 01/14] lib/list_debug.c: Detect uninitialized lists Sasha Levin
` (9 preceding siblings ...)
2022-08-14 16:29 ` [PATCH AUTOSEL 4.19 11/14] smb3: check xattr value length earlier Sasha Levin
@ 2022-08-14 16:29 ` Sasha Levin
2022-08-14 16:29 ` [PATCH AUTOSEL 4.19 13/14] video: fbdev: i740fb: Check the argument of i740_calc_vclk() Sasha Levin
2022-08-14 16:29 ` [PATCH AUTOSEL 4.19 14/14] MIPS: tlbex: Explicitly compare _PAGE_NO_EXEC against 0 Sasha Levin
12 siblings, 0 replies; 14+ messages in thread
From: Sasha Levin @ 2022-08-14 16:29 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Zhouyi Zhou, Michael Ellerman, Sasha Levin, frank.rowand, robh,
adobriyan, masahiroy, npiggin, christophe.leroy, clg, nick.child,
linuxppc-dev
From: Zhouyi Zhou <zhouzhouyi@gmail.com>
[ Upstream commit ca829e05d3d4f728810cc5e4b468d9ebc7745eb3 ]
On 64-bit, calling jump_label_init() in setup_feature_keys() is too
late because static keys may be used in subroutines of
parse_early_param() which is again subroutine of early_init_devtree().
For example booting with "threadirqs":
static_key_enable_cpuslocked(): static key '0xc000000002953260' used before call to jump_label_init()
WARNING: CPU: 0 PID: 0 at kernel/jump_label.c:166 static_key_enable_cpuslocked+0xfc/0x120
...
NIP static_key_enable_cpuslocked+0xfc/0x120
LR static_key_enable_cpuslocked+0xf8/0x120
Call Trace:
static_key_enable_cpuslocked+0xf8/0x120 (unreliable)
static_key_enable+0x30/0x50
setup_forced_irqthreads+0x28/0x40
do_early_param+0xa0/0x108
parse_args+0x290/0x4e0
parse_early_options+0x48/0x5c
parse_early_param+0x58/0x84
early_init_devtree+0xd4/0x518
early_setup+0xb4/0x214
So call jump_label_init() just before parse_early_param() in
early_init_devtree().
Suggested-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Zhouyi Zhou <zhouzhouyi@gmail.com>
[mpe: Add call trace to change log and minor wording edits.]
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220726015747.11754-1-zhouzhouyi@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/kernel/prom.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/arch/powerpc/kernel/prom.c b/arch/powerpc/kernel/prom.c
index f8c49e5d4bd3..c57aeb9f031c 100644
--- a/arch/powerpc/kernel/prom.c
+++ b/arch/powerpc/kernel/prom.c
@@ -737,6 +737,13 @@ void __init early_init_devtree(void *params)
of_scan_flat_dt(early_init_dt_scan_root, NULL);
of_scan_flat_dt(early_init_dt_scan_memory_ppc, NULL);
+ /*
+ * As generic code authors expect to be able to use static keys
+ * in early_param() handlers, we initialize the static keys just
+ * before parsing early params (it's fine to call jump_label_init()
+ * more than once).
+ */
+ jump_label_init();
parse_early_param();
/* make sure we've parsed cmdline for mem= before this */
--
2.35.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH AUTOSEL 4.19 13/14] video: fbdev: i740fb: Check the argument of i740_calc_vclk()
2022-08-14 16:29 [PATCH AUTOSEL 4.19 01/14] lib/list_debug.c: Detect uninitialized lists Sasha Levin
` (10 preceding siblings ...)
2022-08-14 16:29 ` [PATCH AUTOSEL 4.19 12/14] powerpc/64: Init jump labels before parse_early_param() Sasha Levin
@ 2022-08-14 16:29 ` Sasha Levin
2022-08-14 16:29 ` [PATCH AUTOSEL 4.19 14/14] MIPS: tlbex: Explicitly compare _PAGE_NO_EXEC against 0 Sasha Levin
12 siblings, 0 replies; 14+ messages in thread
From: Sasha Levin @ 2022-08-14 16:29 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Zheyu Ma, Helge Deller, Sasha Levin, linux, linux-fbdev, dri-devel
From: Zheyu Ma <zheyuma97@gmail.com>
[ Upstream commit 40bf722f8064f50200b8c4f8946cd625b441dda9 ]
Since the user can control the arguments of the ioctl() from the user
space, under special arguments that may result in a divide-by-zero bug.
If the user provides an improper 'pixclock' value that makes the argumet
of i740_calc_vclk() less than 'I740_RFREQ_FIX', it will cause a
divide-by-zero bug in:
drivers/video/fbdev/i740fb.c:353 p_best = min(15, ilog2(I740_MAX_VCO_FREQ / (freq / I740_RFREQ_FIX)));
The following log can reveal it:
divide error: 0000 [#1] PREEMPT SMP KASAN PTI
RIP: 0010:i740_calc_vclk drivers/video/fbdev/i740fb.c:353 [inline]
RIP: 0010:i740fb_decode_var drivers/video/fbdev/i740fb.c:646 [inline]
RIP: 0010:i740fb_set_par+0x163f/0x3b70 drivers/video/fbdev/i740fb.c:742
Call Trace:
fb_set_var+0x604/0xeb0 drivers/video/fbdev/core/fbmem.c:1034
do_fb_ioctl+0x234/0x670 drivers/video/fbdev/core/fbmem.c:1110
fb_ioctl+0xdd/0x130 drivers/video/fbdev/core/fbmem.c:1189
Fix this by checking the argument of i740_calc_vclk() first.
Signed-off-by: Zheyu Ma <zheyuma97@gmail.com>
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/video/fbdev/i740fb.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/drivers/video/fbdev/i740fb.c b/drivers/video/fbdev/i740fb.c
index f6d7b04d6dff..bdbafff4529f 100644
--- a/drivers/video/fbdev/i740fb.c
+++ b/drivers/video/fbdev/i740fb.c
@@ -399,7 +399,7 @@ static int i740fb_decode_var(const struct fb_var_screeninfo *var,
u32 xres, right, hslen, left, xtotal;
u32 yres, lower, vslen, upper, ytotal;
u32 vxres, xoffset, vyres, yoffset;
- u32 bpp, base, dacspeed24, mem;
+ u32 bpp, base, dacspeed24, mem, freq;
u8 r7;
int i;
@@ -642,7 +642,12 @@ static int i740fb_decode_var(const struct fb_var_screeninfo *var,
par->atc[VGA_ATC_OVERSCAN] = 0;
/* Calculate VCLK that most closely matches the requested dot clock */
- i740_calc_vclk((((u32)1e9) / var->pixclock) * (u32)(1e3), par);
+ freq = (((u32)1e9) / var->pixclock) * (u32)(1e3);
+ if (freq < I740_RFREQ_FIX) {
+ fb_dbg(info, "invalid pixclock\n");
+ freq = I740_RFREQ_FIX;
+ }
+ i740_calc_vclk(freq, par);
/* Since we program the clocks ourselves, always use VCLK2. */
par->misc |= 0x0C;
--
2.35.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH AUTOSEL 4.19 14/14] MIPS: tlbex: Explicitly compare _PAGE_NO_EXEC against 0
2022-08-14 16:29 [PATCH AUTOSEL 4.19 01/14] lib/list_debug.c: Detect uninitialized lists Sasha Levin
` (11 preceding siblings ...)
2022-08-14 16:29 ` [PATCH AUTOSEL 4.19 13/14] video: fbdev: i740fb: Check the argument of i740_calc_vclk() Sasha Levin
@ 2022-08-14 16:29 ` Sasha Levin
12 siblings, 0 replies; 14+ messages in thread
From: Sasha Levin @ 2022-08-14 16:29 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Nathan Chancellor, Sudip Mukherjee, Thomas Bogendoerfer,
Sasha Levin, ndesaulniers, macro, linux-mips, llvm
From: Nathan Chancellor <nathan@kernel.org>
[ Upstream commit 74de14fe05dd6b151d73cb0c73c8ec874cbdcde6 ]
When CONFIG_XPA is enabled, Clang warns:
arch/mips/mm/tlbex.c:629:24: error: converting the result of '<<' to a boolean; did you mean '(1 << _PAGE_NO_EXEC_SHIFT) != 0'? [-Werror,-Wint-in-bool-context]
if (cpu_has_rixi && !!_PAGE_NO_EXEC) {
^
arch/mips/include/asm/pgtable-bits.h:174:28: note: expanded from macro '_PAGE_NO_EXEC'
# define _PAGE_NO_EXEC (1 << _PAGE_NO_EXEC_SHIFT)
^
arch/mips/mm/tlbex.c:2568:24: error: converting the result of '<<' to a boolean; did you mean '(1 << _PAGE_NO_EXEC_SHIFT) != 0'? [-Werror,-Wint-in-bool-context]
if (!cpu_has_rixi || !_PAGE_NO_EXEC) {
^
arch/mips/include/asm/pgtable-bits.h:174:28: note: expanded from macro '_PAGE_NO_EXEC'
# define _PAGE_NO_EXEC (1 << _PAGE_NO_EXEC_SHIFT)
^
2 errors generated.
_PAGE_NO_EXEC can be '0' or '1 << _PAGE_NO_EXEC_SHIFT' depending on the
build and runtime configuration, which is what the negation operators
are trying to convey. To silence the warning, explicitly compare against
0 so the result of the '<<' operator is not implicitly converted to a
boolean.
According to its documentation, GCC enables -Wint-in-bool-context with
-Wall but this warning is not visible when building the same
configuration with GCC. It appears GCC only warns when compiling C++,
not C, although the documentation makes no note of this:
https://godbolt.org/z/x39q3brxf
Reported-by: Sudip Mukherjee (Codethink) <sudipm.mukherjee@gmail.com>
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/mips/mm/tlbex.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/mips/mm/tlbex.c b/arch/mips/mm/tlbex.c
index 620abc968624..a97b3e5a1c00 100644
--- a/arch/mips/mm/tlbex.c
+++ b/arch/mips/mm/tlbex.c
@@ -630,7 +630,7 @@ static __maybe_unused void build_convert_pte_to_entrylo(u32 **p,
return;
}
- if (cpu_has_rixi && !!_PAGE_NO_EXEC) {
+ if (cpu_has_rixi && _PAGE_NO_EXEC != 0) {
if (fill_includes_sw_bits) {
UASM_i_ROTR(p, reg, reg, ilog2(_PAGE_GLOBAL));
} else {
@@ -2559,7 +2559,7 @@ static void check_pabits(void)
unsigned long entry;
unsigned pabits, fillbits;
- if (!cpu_has_rixi || !_PAGE_NO_EXEC) {
+ if (!cpu_has_rixi || _PAGE_NO_EXEC == 0) {
/*
* We'll only be making use of the fact that we can rotate bits
* into the fill if the CPU supports RIXI, so don't bother
--
2.35.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
end of thread, other threads:[~2022-08-14 16:42 UTC | newest]
Thread overview: 14+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-08-14 16:29 [PATCH AUTOSEL 4.19 01/14] lib/list_debug.c: Detect uninitialized lists Sasha Levin
2022-08-14 16:29 ` [PATCH AUTOSEL 4.19 02/14] tty: serial: Fix refcount leak bug in ucc_uart.c Sasha Levin
2022-08-14 16:29 ` [PATCH AUTOSEL 4.19 03/14] vfio: Clear the caps->buf to NULL after free Sasha Levin
2022-08-14 16:29 ` [PATCH AUTOSEL 4.19 04/14] mips: cavium-octeon: Fix missing of_node_put() in octeon2_usb_clocks_start Sasha Levin
2022-08-14 16:29 ` [PATCH AUTOSEL 4.19 05/14] riscv: mmap with PROT_WRITE but no PROT_READ is invalid Sasha Levin
2022-08-14 16:29 ` [PATCH AUTOSEL 4.19 06/14] RISC-V: Add fast call path of crash_kexec() Sasha Levin
2022-08-14 16:29 ` [PATCH AUTOSEL 4.19 07/14] watchdog: export lockup_detector_reconfigure Sasha Levin
2022-08-14 16:29 ` [PATCH AUTOSEL 4.19 08/14] ALSA: core: Add async signal helpers Sasha Levin
2022-08-14 16:29 ` [PATCH AUTOSEL 4.19 09/14] ALSA: timer: Use deferred fasync helper Sasha Levin
2022-08-14 16:29 ` [PATCH AUTOSEL 4.19 10/14] f2fs: fix to avoid use f2fs_bug_on() in f2fs_new_node_page() Sasha Levin
2022-08-14 16:29 ` [PATCH AUTOSEL 4.19 11/14] smb3: check xattr value length earlier Sasha Levin
2022-08-14 16:29 ` [PATCH AUTOSEL 4.19 12/14] powerpc/64: Init jump labels before parse_early_param() Sasha Levin
2022-08-14 16:29 ` [PATCH AUTOSEL 4.19 13/14] video: fbdev: i740fb: Check the argument of i740_calc_vclk() Sasha Levin
2022-08-14 16:29 ` [PATCH AUTOSEL 4.19 14/14] MIPS: tlbex: Explicitly compare _PAGE_NO_EXEC against 0 Sasha Levin
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).