From: Sasha Levin Date: Mon, 20 Jun 2022 07:16:29 +0000 (-0400) Subject: Fixes for 5.15 X-Git-Tag: v5.4.200~52 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2a2b28f766e4175357b4e3127f7188cbcdb32a35;p=thirdparty%2Fkernel%2Fstable-queue.git Fixes for 5.15 Signed-off-by: Sasha Levin --- diff --git a/queue-5.15/faddr2line-fix-overlapping-text-section-failures-the.patch b/queue-5.15/faddr2line-fix-overlapping-text-section-failures-the.patch new file mode 100644 index 00000000000..948c10741f9 --- /dev/null +++ b/queue-5.15/faddr2line-fix-overlapping-text-section-failures-the.patch @@ -0,0 +1,139 @@ +From 84be80ccdf583bea3d1f28624e8c5ac7d726a77f Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 1 Jun 2022 17:42:22 -0700 +Subject: faddr2line: Fix overlapping text section failures, the sequel + +From: Josh Poimboeuf + +[ Upstream commit dcea997beed694cbd8705100ca1a6eb0d886de69 ] + +If a function lives in a section other than .text, but .text also exists +in the object, faddr2line may wrongly assume .text. This can result in +comically wrong output. For example: + + $ scripts/faddr2line vmlinux.o enter_from_user_mode+0x1c + enter_from_user_mode+0x1c/0x30: + find_next_bit at /home/jpoimboe/git/linux/./include/linux/find.h:40 + (inlined by) perf_clear_dirty_counters at /home/jpoimboe/git/linux/arch/x86/events/core.c:2504 + +Fix it by passing the section name to addr2line, unless the object file +is vmlinux, in which case the symbol table uses absolute addresses. + +Fixes: 1d1a0e7c5100 ("scripts/faddr2line: Fix overlapping text section failures") +Reported-by: Peter Zijlstra +Signed-off-by: Josh Poimboeuf +Link: https://lore.kernel.org/r/7d25bc1408bd3a750ac26e60d2f2815a5f4a8363.1654130536.git.jpoimboe@kernel.org +Signed-off-by: Sasha Levin +--- + scripts/faddr2line | 45 ++++++++++++++++++++++++++++++++++----------- + 1 file changed, 34 insertions(+), 11 deletions(-) + +diff --git a/scripts/faddr2line b/scripts/faddr2line +index 0e6268d59883..94ed98dd899f 100755 +--- a/scripts/faddr2line ++++ b/scripts/faddr2line +@@ -95,17 +95,25 @@ __faddr2line() { + local print_warnings=$4 + + local sym_name=${func_addr%+*} +- local offset=${func_addr#*+} +- offset=${offset%/*} ++ local func_offset=${func_addr#*+} ++ func_offset=${func_offset%/*} + local user_size= ++ local file_type ++ local is_vmlinux=0 + [[ $func_addr =~ "/" ]] && user_size=${func_addr#*/} + +- if [[ -z $sym_name ]] || [[ -z $offset ]] || [[ $sym_name = $func_addr ]]; then ++ if [[ -z $sym_name ]] || [[ -z $func_offset ]] || [[ $sym_name = $func_addr ]]; then + warn "bad func+offset $func_addr" + DONE=1 + return + fi + ++ # vmlinux uses absolute addresses in the section table rather than ++ # section offsets. ++ local file_type=$(${READELF} --file-header $objfile | ++ ${AWK} '$1 == "Type:" { print $2; exit }') ++ [[ $file_type = "EXEC" ]] && is_vmlinux=1 ++ + # Go through each of the object's symbols which match the func name. + # In rare cases there might be duplicates, in which case we print all + # matches. +@@ -114,9 +122,11 @@ __faddr2line() { + local sym_addr=0x${fields[1]} + local sym_elf_size=${fields[2]} + local sym_sec=${fields[6]} ++ local sec_size ++ local sec_name + + # Get the section size: +- local sec_size=$(${READELF} --section-headers --wide $objfile | ++ sec_size=$(${READELF} --section-headers --wide $objfile | + sed 's/\[ /\[/' | + ${AWK} -v sec=$sym_sec '$1 == "[" sec "]" { print "0x" $6; exit }') + +@@ -126,6 +136,17 @@ __faddr2line() { + return + fi + ++ # Get the section name: ++ sec_name=$(${READELF} --section-headers --wide $objfile | ++ sed 's/\[ /\[/' | ++ ${AWK} -v sec=$sym_sec '$1 == "[" sec "]" { print $2; exit }') ++ ++ if [[ -z $sec_name ]]; then ++ warn "bad section name: section: $sym_sec" ++ DONE=1 ++ return ++ fi ++ + # Calculate the symbol size. + # + # Unfortunately we can't use the ELF size, because kallsyms +@@ -174,10 +195,10 @@ __faddr2line() { + + sym_size=0x$(printf %x $sym_size) + +- # Calculate the section address from user-supplied offset: +- local addr=$(($sym_addr + $offset)) ++ # Calculate the address from user-supplied offset: ++ local addr=$(($sym_addr + $func_offset)) + if [[ -z $addr ]] || [[ $addr = 0 ]]; then +- warn "bad address: $sym_addr + $offset" ++ warn "bad address: $sym_addr + $func_offset" + DONE=1 + return + fi +@@ -191,9 +212,9 @@ __faddr2line() { + fi + + # Make sure the provided offset is within the symbol's range: +- if [[ $offset -gt $sym_size ]]; then ++ if [[ $func_offset -gt $sym_size ]]; then + [[ $print_warnings = 1 ]] && +- echo "skipping $sym_name address at $addr due to size mismatch ($offset > $sym_size)" ++ echo "skipping $sym_name address at $addr due to size mismatch ($func_offset > $sym_size)" + continue + fi + +@@ -202,11 +223,13 @@ __faddr2line() { + [[ $FIRST = 0 ]] && echo + FIRST=0 + +- echo "$sym_name+$offset/$sym_size:" ++ echo "$sym_name+$func_offset/$sym_size:" + + # Pass section address to addr2line and strip absolute paths + # from the output: +- local output=$(${ADDR2LINE} -fpie $objfile $addr | sed "s; $dir_prefix\(\./\)*; ;") ++ local args="--functions --pretty-print --inlines --exe=$objfile" ++ [[ $is_vmlinux = 0 ]] && args="$args --section=$sec_name" ++ local output=$(${ADDR2LINE} $args $addr | sed "s; $dir_prefix\(\./\)*; ;") + [[ -z $output ]] && continue + + # Default output (non --list): +-- +2.35.1 + diff --git a/queue-5.15/i2c-designware-use-standard-optional-ref-clock-imple.patch b/queue-5.15/i2c-designware-use-standard-optional-ref-clock-imple.patch new file mode 100644 index 00000000000..74cac69c2c2 --- /dev/null +++ b/queue-5.15/i2c-designware-use-standard-optional-ref-clock-imple.patch @@ -0,0 +1,80 @@ +From 881b99762be89e9d1620ad90d665ee5e94b61ba2 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 10 Jun 2022 10:42:33 +0300 +Subject: i2c: designware: Use standard optional ref clock implementation + +From: Serge Semin + +[ Upstream commit 27071b5cbca59d8e8f8750c199a6cbf8c9799963 ] + +Even though the DW I2C controller reference clock source is requested by +the method devm_clk_get() with non-optional clock requirement the way the +clock handler is used afterwards has a pure optional clock semantic +(though in some circumstances we can get a warning about the clock missing +printed in the system console). There is no point in reimplementing that +functionality seeing the kernel clock framework already supports the +optional interface from scratch. Thus let's convert the platform driver to +using it. + +Note by providing this commit we get to fix two problems. The first one +was introduced in commit c62ebb3d5f0d ("i2c: designware: Add support for +an interface clock"). It causes not having the interface clock (pclk) +enabled/disabled in case if the reference clock isn't provided. The second +problem was first introduced in commit b33af11de236 ("i2c: designware: Do +not require clock when SSCN and FFCN are provided"). Since that +modification the deferred probe procedure has been unsupported in case if +the interface clock isn't ready. + +Fixes: c62ebb3d5f0d ("i2c: designware: Add support for an interface clock") +Fixes: b33af11de236 ("i2c: designware: Do not require clock when SSCN and FFCN are provided") +Signed-off-by: Serge Semin +Reviewed-by: Andy Shevchenko +Acked-by: Jarkko Nikula +Signed-off-by: Wolfram Sang +Signed-off-by: Sasha Levin +--- + drivers/i2c/busses/i2c-designware-common.c | 3 --- + drivers/i2c/busses/i2c-designware-platdrv.c | 13 +++++++++++-- + 2 files changed, 11 insertions(+), 5 deletions(-) + +diff --git a/drivers/i2c/busses/i2c-designware-common.c b/drivers/i2c/busses/i2c-designware-common.c +index bf2a4920638a..a1100e37626e 100644 +--- a/drivers/i2c/busses/i2c-designware-common.c ++++ b/drivers/i2c/busses/i2c-designware-common.c +@@ -477,9 +477,6 @@ int i2c_dw_prepare_clk(struct dw_i2c_dev *dev, bool prepare) + { + int ret; + +- if (IS_ERR(dev->clk)) +- return PTR_ERR(dev->clk); +- + if (prepare) { + /* Optional interface clock */ + ret = clk_prepare_enable(dev->pclk); +diff --git a/drivers/i2c/busses/i2c-designware-platdrv.c b/drivers/i2c/busses/i2c-designware-platdrv.c +index 21113665ddea..718bebe4fb87 100644 +--- a/drivers/i2c/busses/i2c-designware-platdrv.c ++++ b/drivers/i2c/busses/i2c-designware-platdrv.c +@@ -262,8 +262,17 @@ static int dw_i2c_plat_probe(struct platform_device *pdev) + goto exit_reset; + } + +- dev->clk = devm_clk_get(&pdev->dev, NULL); +- if (!i2c_dw_prepare_clk(dev, true)) { ++ dev->clk = devm_clk_get_optional(&pdev->dev, NULL); ++ if (IS_ERR(dev->clk)) { ++ ret = PTR_ERR(dev->clk); ++ goto exit_reset; ++ } ++ ++ ret = i2c_dw_prepare_clk(dev, true); ++ if (ret) ++ goto exit_reset; ++ ++ if (dev->clk) { + u64 clk_khz; + + dev->get_clk_rate_khz = i2c_dw_get_clk_rate_khz; +-- +2.35.1 + diff --git a/queue-5.15/i2c-npcm7xx-add-check-for-platform_driver_register.patch b/queue-5.15/i2c-npcm7xx-add-check-for-platform_driver_register.patch new file mode 100644 index 00000000000..e33468b440a --- /dev/null +++ b/queue-5.15/i2c-npcm7xx-add-check-for-platform_driver_register.patch @@ -0,0 +1,39 @@ +From a62f30ba52c2d19177ea80a70f72dc92d5dc4bc1 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 26 May 2022 17:41:00 +0800 +Subject: i2c: npcm7xx: Add check for platform_driver_register + +From: Jiasheng Jiang + +[ Upstream commit 6ba12b56b9b844b83ed54fb7ed59fb0eb41e4045 ] + +As platform_driver_register() could fail, it should be better +to deal with the return value in order to maintain the code +consisitency. + +Fixes: 56a1485b102e ("i2c: npcm7xx: Add Nuvoton NPCM I2C controller driver") +Signed-off-by: Jiasheng Jiang +Acked-by: Tali Perry +Signed-off-by: Wolfram Sang +Signed-off-by: Sasha Levin +--- + drivers/i2c/busses/i2c-npcm7xx.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/drivers/i2c/busses/i2c-npcm7xx.c b/drivers/i2c/busses/i2c-npcm7xx.c +index 20a2f903b7f6..d9ac62c1ac25 100644 +--- a/drivers/i2c/busses/i2c-npcm7xx.c ++++ b/drivers/i2c/busses/i2c-npcm7xx.c +@@ -2369,8 +2369,7 @@ static struct platform_driver npcm_i2c_bus_driver = { + static int __init npcm_i2c_init(void) + { + npcm_i2c_debugfs_dir = debugfs_create_dir("npcm_i2c", NULL); +- platform_driver_register(&npcm_i2c_bus_driver); +- return 0; ++ return platform_driver_register(&npcm_i2c_bus_driver); + } + module_init(npcm_i2c_init); + +-- +2.35.1 + diff --git a/queue-5.15/irqchip-gic-realview-fix-refcount-leak-in-realview_g.patch b/queue-5.15/irqchip-gic-realview-fix-refcount-leak-in-realview_g.patch new file mode 100644 index 00000000000..98c3d483eee --- /dev/null +++ b/queue-5.15/irqchip-gic-realview-fix-refcount-leak-in-realview_g.patch @@ -0,0 +1,37 @@ +From f463926dbc4471bbf57619c52a669f85353ef7ca Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 1 Jun 2022 12:09:25 +0400 +Subject: irqchip/gic/realview: Fix refcount leak in realview_gic_of_init + +From: Miaoqian Lin + +[ Upstream commit f4b98e314888cc51486421bcf6d52852452ea48b ] + +of_find_matching_node_and_match() returns a node pointer with refcount +incremented, we should use of_node_put() on it when not need anymore. +Add missing of_node_put() to avoid refcount leak. + +Fixes: 82b0a434b436 ("irqchip/gic/realview: Support more RealView DCC variants") +Signed-off-by: Miaoqian Lin +Signed-off-by: Marc Zyngier +Link: https://lore.kernel.org/r/20220601080930.31005-2-linmq006@gmail.com +Signed-off-by: Sasha Levin +--- + drivers/irqchip/irq-gic-realview.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/irqchip/irq-gic-realview.c b/drivers/irqchip/irq-gic-realview.c +index b4c1924f0255..38fab02ffe9d 100644 +--- a/drivers/irqchip/irq-gic-realview.c ++++ b/drivers/irqchip/irq-gic-realview.c +@@ -57,6 +57,7 @@ realview_gic_of_init(struct device_node *node, struct device_node *parent) + + /* The PB11MPCore GIC needs to be configured in the syscon */ + map = syscon_node_to_regmap(np); ++ of_node_put(np); + if (!IS_ERR(map)) { + /* new irq mode with no DCC */ + regmap_write(map, REALVIEW_SYS_LOCK_OFFSET, +-- +2.35.1 + diff --git a/queue-5.15/irqchip-gic-v3-fix-error-handling-in-gic_populate_pp.patch b/queue-5.15/irqchip-gic-v3-fix-error-handling-in-gic_populate_pp.patch new file mode 100644 index 00000000000..2440e1c05f3 --- /dev/null +++ b/queue-5.15/irqchip-gic-v3-fix-error-handling-in-gic_populate_pp.patch @@ -0,0 +1,39 @@ +From 713aa03b84bfdc0d812ca401d3d6d91903a3b5d7 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 1 Jun 2022 12:09:28 +0400 +Subject: irqchip/gic-v3: Fix error handling in gic_populate_ppi_partitions + +From: Miaoqian Lin + +[ Upstream commit ec8401a429ffee34ccf38cebf3443f8d5ae6cb0d ] + +of_get_child_by_name() returns a node pointer with refcount +incremented, we should use of_node_put() on it when not need anymore. +When kcalloc fails, it missing of_node_put() and results in refcount +leak. Fix this by goto out_put_node label. + +Fixes: 52085d3f2028 ("irqchip/gic-v3: Dynamically allocate PPI partition descriptors") +Signed-off-by: Miaoqian Lin +Signed-off-by: Marc Zyngier +Link: https://lore.kernel.org/r/20220601080930.31005-5-linmq006@gmail.com +Signed-off-by: Sasha Levin +--- + drivers/irqchip/irq-gic-v3.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/irqchip/irq-gic-v3.c b/drivers/irqchip/irq-gic-v3.c +index 1269284461da..867a45aa0698 100644 +--- a/drivers/irqchip/irq-gic-v3.c ++++ b/drivers/irqchip/irq-gic-v3.c +@@ -1864,7 +1864,7 @@ static void __init gic_populate_ppi_partitions(struct device_node *gic_node) + + gic_data.ppi_descs = kcalloc(gic_data.ppi_nr, sizeof(*gic_data.ppi_descs), GFP_KERNEL); + if (!gic_data.ppi_descs) +- return; ++ goto out_put_node; + + nr_parts = of_get_child_count(parts_node); + +-- +2.35.1 + diff --git a/queue-5.15/irqchip-gic-v3-fix-refcount-leak-in-gic_populate_ppi.patch b/queue-5.15/irqchip-gic-v3-fix-refcount-leak-in-gic_populate_ppi.patch new file mode 100644 index 00000000000..2bdf812125a --- /dev/null +++ b/queue-5.15/irqchip-gic-v3-fix-refcount-leak-in-gic_populate_ppi.patch @@ -0,0 +1,46 @@ +From cbb3455ea7690e643ef2d54a5f7463f12c6fa32d Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 1 Jun 2022 12:09:29 +0400 +Subject: irqchip/gic-v3: Fix refcount leak in gic_populate_ppi_partitions + +From: Miaoqian Lin + +[ Upstream commit fa1ad9d4cc47ca2470cd904ad4519f05d7e43a2b ] + +of_find_node_by_phandle() returns a node pointer with refcount +incremented, we should use of_node_put() on it when not need anymore. +Add missing of_node_put() to avoid refcount leak. + +Fixes: e3825ba1af3a ("irqchip/gic-v3: Add support for partitioned PPIs") +Signed-off-by: Miaoqian Lin +Signed-off-by: Marc Zyngier +Link: https://lore.kernel.org/r/20220601080930.31005-6-linmq006@gmail.com +Signed-off-by: Sasha Levin +--- + drivers/irqchip/irq-gic-v3.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/drivers/irqchip/irq-gic-v3.c b/drivers/irqchip/irq-gic-v3.c +index 867a45aa0698..fd4fb1b35787 100644 +--- a/drivers/irqchip/irq-gic-v3.c ++++ b/drivers/irqchip/irq-gic-v3.c +@@ -1905,12 +1905,15 @@ static void __init gic_populate_ppi_partitions(struct device_node *gic_node) + continue; + + cpu = of_cpu_node_to_id(cpu_node); +- if (WARN_ON(cpu < 0)) ++ if (WARN_ON(cpu < 0)) { ++ of_node_put(cpu_node); + continue; ++ } + + pr_cont("%pOF[%d] ", cpu_node, cpu); + + cpumask_set_cpu(cpu, &part->mask); ++ of_node_put(cpu_node); + } + + pr_cont("}\n"); +-- +2.35.1 + diff --git a/queue-5.15/irqchip-realtek-rtl-fix-refcount-leak-in-map_interru.patch b/queue-5.15/irqchip-realtek-rtl-fix-refcount-leak-in-map_interru.patch new file mode 100644 index 00000000000..82cf7962edc --- /dev/null +++ b/queue-5.15/irqchip-realtek-rtl-fix-refcount-leak-in-map_interru.patch @@ -0,0 +1,42 @@ +From 0c40a7596967a97d8c1c1400fab1bcbf3b1e8117 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 1 Jun 2022 12:09:30 +0400 +Subject: irqchip/realtek-rtl: Fix refcount leak in map_interrupts + +From: Miaoqian Lin + +[ Upstream commit eff4780f83d0ae3e5b6c02ff5d999dc4c1c5c8ce ] + +of_find_node_by_phandle() returns a node pointer with refcount +incremented, we should use of_node_put() on it when not need anymore. +This function doesn't call of_node_put() in error path. +Call of_node_put() directly after of_property_read_u32() to cover +both normal path and error path. + +Fixes: 9f3a0f34b84a ("irqchip: Add support for Realtek RTL838x/RTL839x interrupt controller") +Signed-off-by: Miaoqian Lin +Signed-off-by: Marc Zyngier +Link: https://lore.kernel.org/r/20220601080930.31005-7-linmq006@gmail.com +Signed-off-by: Sasha Levin +--- + drivers/irqchip/irq-realtek-rtl.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/irqchip/irq-realtek-rtl.c b/drivers/irqchip/irq-realtek-rtl.c +index 50a56820c99b..56bf502d9c67 100644 +--- a/drivers/irqchip/irq-realtek-rtl.c ++++ b/drivers/irqchip/irq-realtek-rtl.c +@@ -134,9 +134,9 @@ static int __init map_interrupts(struct device_node *node, struct irq_domain *do + if (!cpu_ictl) + return -EINVAL; + ret = of_property_read_u32(cpu_ictl, "#interrupt-cells", &tmp); ++ of_node_put(cpu_ictl); + if (ret || tmp != 1) + return -EINVAL; +- of_node_put(cpu_ictl); + + cpu_int = be32_to_cpup(imap + 2); + if (cpu_int > 7 || cpu_int < 2) +-- +2.35.1 + diff --git a/queue-5.15/sched-fix-balance_push-vs-__sched_setscheduler.patch b/queue-5.15/sched-fix-balance_push-vs-__sched_setscheduler.patch new file mode 100644 index 00000000000..0f4341ec761 --- /dev/null +++ b/queue-5.15/sched-fix-balance_push-vs-__sched_setscheduler.patch @@ -0,0 +1,120 @@ +From d935f455da2234704490135cb1ecabd9f5eb6883 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 7 Jun 2022 22:41:55 +0200 +Subject: sched: Fix balance_push() vs __sched_setscheduler() + +From: Peter Zijlstra + +[ Upstream commit 04193d590b390ec7a0592630f46d559ec6564ba1 ] + +The purpose of balance_push() is to act as a filter on task selection +in the case of CPU hotplug, specifically when taking the CPU out. + +It does this by (ab)using the balance callback infrastructure, with +the express purpose of keeping all the unlikely/odd cases in a single +place. + +In order to serve its purpose, the balance_push_callback needs to be +(exclusively) on the callback list at all times (noting that the +callback always places itself back on the list the moment it runs, +also noting that when the CPU goes down, regular balancing concerns +are moot, so ignoring them is fine). + +And here-in lies the problem, __sched_setscheduler()'s use of +splice_balance_callbacks() takes the callbacks off the list across a +lock-break, making it possible for, an interleaving, __schedule() to +see an empty list and not get filtered. + +Fixes: ae7927023243 ("sched: Optimize finish_lock_switch()") +Reported-by: Jing-Ting Wu +Signed-off-by: Peter Zijlstra (Intel) +Tested-by: Jing-Ting Wu +Link: https://lkml.kernel.org/r/20220519134706.GH2578@worktop.programming.kicks-ass.net +Signed-off-by: Sasha Levin +--- + kernel/sched/core.c | 36 +++++++++++++++++++++++++++++++++--- + kernel/sched/sched.h | 5 +++++ + 2 files changed, 38 insertions(+), 3 deletions(-) + +diff --git a/kernel/sched/core.c b/kernel/sched/core.c +index 838623b68031..b89ca5c83143 100644 +--- a/kernel/sched/core.c ++++ b/kernel/sched/core.c +@@ -4630,25 +4630,55 @@ static void do_balance_callbacks(struct rq *rq, struct callback_head *head) + + static void balance_push(struct rq *rq); + ++/* ++ * balance_push_callback is a right abuse of the callback interface and plays ++ * by significantly different rules. ++ * ++ * Where the normal balance_callback's purpose is to be ran in the same context ++ * that queued it (only later, when it's safe to drop rq->lock again), ++ * balance_push_callback is specifically targeted at __schedule(). ++ * ++ * This abuse is tolerated because it places all the unlikely/odd cases behind ++ * a single test, namely: rq->balance_callback == NULL. ++ */ + struct callback_head balance_push_callback = { + .next = NULL, + .func = (void (*)(struct callback_head *))balance_push, + }; + +-static inline struct callback_head *splice_balance_callbacks(struct rq *rq) ++static inline struct callback_head * ++__splice_balance_callbacks(struct rq *rq, bool split) + { + struct callback_head *head = rq->balance_callback; + ++ if (likely(!head)) ++ return NULL; ++ + lockdep_assert_rq_held(rq); +- if (head) ++ /* ++ * Must not take balance_push_callback off the list when ++ * splice_balance_callbacks() and balance_callbacks() are not ++ * in the same rq->lock section. ++ * ++ * In that case it would be possible for __schedule() to interleave ++ * and observe the list empty. ++ */ ++ if (split && head == &balance_push_callback) ++ head = NULL; ++ else + rq->balance_callback = NULL; + + return head; + } + ++static inline struct callback_head *splice_balance_callbacks(struct rq *rq) ++{ ++ return __splice_balance_callbacks(rq, true); ++} ++ + static void __balance_callbacks(struct rq *rq) + { +- do_balance_callbacks(rq, splice_balance_callbacks(rq)); ++ do_balance_callbacks(rq, __splice_balance_callbacks(rq, false)); + } + + static inline void balance_callbacks(struct rq *rq, struct callback_head *head) +diff --git a/kernel/sched/sched.h b/kernel/sched/sched.h +index f386c6c2b198..fe8be2f8a47d 100644 +--- a/kernel/sched/sched.h ++++ b/kernel/sched/sched.h +@@ -1718,6 +1718,11 @@ queue_balance_callback(struct rq *rq, + { + lockdep_assert_rq_held(rq); + ++ /* ++ * Don't (re)queue an already queued item; nor queue anything when ++ * balance_push() is active, see the comment with ++ * balance_push_callback. ++ */ + if (unlikely(head->next || rq->balance_callback == &balance_push_callback)) + return; + +-- +2.35.1 + diff --git a/queue-5.15/series b/queue-5.15/series index d00cdeae82c..e658bb49fb3 100644 --- a/queue-5.15/series +++ b/queue-5.15/series @@ -70,3 +70,11 @@ arm64-ftrace-consistently-handle-plts.patch certs-blacklist_hashes.c-fix-const-confusion-in-cert.patch init-initialize-noop_backing_dev_info-early.patch block-fix-handling-of-offline-queues-in-blk_mq_alloc.patch +faddr2line-fix-overlapping-text-section-failures-the.patch +i2c-npcm7xx-add-check-for-platform_driver_register.patch +irqchip-gic-realview-fix-refcount-leak-in-realview_g.patch +irqchip-gic-v3-fix-error-handling-in-gic_populate_pp.patch +irqchip-gic-v3-fix-refcount-leak-in-gic_populate_ppi.patch +irqchip-realtek-rtl-fix-refcount-leak-in-map_interru.patch +sched-fix-balance_push-vs-__sched_setscheduler.patch +i2c-designware-use-standard-optional-ref-clock-imple.patch