From: Greg Kroah-Hartman Date: Mon, 24 Oct 2022 11:19:09 +0000 (+0200) Subject: 6.0-stable patches X-Git-Tag: v6.0.4~8 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d10106d0f1e2cbbd13eda3b8882fd7a7d0848d7b;p=thirdparty%2Fkernel%2Fstable-queue.git 6.0-stable patches added patches: dm-clone-fix-typo-in-block_device-format-specifier.patch drm-amd-pm-add-smu-ip-v13.0.4-if-version-define-to-v7.patch drm-amd-pm-disable-cstate-feature-for-gpu-reset-scenario.patch drm-amd-pm-fulfill-smu13.0.0-cstate-control-interface.patch drm-amd-pm-fulfill-smu13.0.7-cstate-control-interface.patch drm-amd-pm-update-smu-ip-v13.0.4-driver-interface-version.patch efi-efivars-fix-variable-writes-without-query_variable_store.patch efi-ssdt-don-t-free-memory-if-acpi-table-was-loaded-successfully.patch gcov-support-gcc-12.1-and-newer-compilers.patch hid-playstation-add-initial-dualsense-edge-controller-support.patch hid-playstation-stop-dualsense-output-work-on-remove.patch io-wq-fix-memory-leak-in-worker-creation.patch io_uring-net-fail-zc-send-when-unsupported-by-socket.patch mm-huge_memory-do-not-clobber-swp_entry_t-during-thp-split.patch net-flag-sockets-supporting-msghdr-originated-zerocopy.patch --- diff --git a/queue-6.0/dm-clone-fix-typo-in-block_device-format-specifier.patch b/queue-6.0/dm-clone-fix-typo-in-block_device-format-specifier.patch new file mode 100644 index 00000000000..662f1e2babe --- /dev/null +++ b/queue-6.0/dm-clone-fix-typo-in-block_device-format-specifier.patch @@ -0,0 +1,36 @@ +From 5434ee8d28575b2e784bd5b4dbfc912e5da90759 Mon Sep 17 00:00:00 2001 +From: Nikos Tsironis +Date: Thu, 29 Sep 2022 17:11:48 +0300 +Subject: dm clone: Fix typo in block_device format specifier + +From: Nikos Tsironis + +commit 5434ee8d28575b2e784bd5b4dbfc912e5da90759 upstream. + +Use %pg for printing the block device name, instead of %pd. + +Fixes: 385411ffba0c ("dm: stop using bdevname") +Cc: stable@vger.kernel.org # v5.18+ +Signed-off-by: Nikos Tsironis +Signed-off-by: Mike Snitzer +Signed-off-by: Greg Kroah-Hartman +--- + drivers/md/dm-clone-target.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/md/dm-clone-target.c b/drivers/md/dm-clone-target.c +index 811b0a5379d0..2f1cc66d2641 100644 +--- a/drivers/md/dm-clone-target.c ++++ b/drivers/md/dm-clone-target.c +@@ -2035,7 +2035,7 @@ static void disable_passdown_if_not_supported(struct clone *clone) + reason = "max discard sectors smaller than a region"; + + if (reason) { +- DMWARN("Destination device (%pd) %s: Disabling discard passdown.", ++ DMWARN("Destination device (%pg) %s: Disabling discard passdown.", + dest_dev, reason); + clear_bit(DM_CLONE_DISCARD_PASSDOWN, &clone->flags); + } +-- +2.38.1 + diff --git a/queue-6.0/drm-amd-pm-add-smu-ip-v13.0.4-if-version-define-to-v7.patch b/queue-6.0/drm-amd-pm-add-smu-ip-v13.0.4-if-version-define-to-v7.patch new file mode 100644 index 00000000000..de38b3d3718 --- /dev/null +++ b/queue-6.0/drm-amd-pm-add-smu-ip-v13.0.4-if-version-define-to-v7.patch @@ -0,0 +1,33 @@ +From 31c261a7ffb8d5bba8144e2d43db304f2bc7e81a Mon Sep 17 00:00:00 2001 +From: Tim Huang +Date: Thu, 29 Sep 2022 15:06:47 +0800 +Subject: drm/amd/pm: add SMU IP v13.0.4 IF version define to V7 + +From: Tim Huang + +commit 31c261a7ffb8d5bba8144e2d43db304f2bc7e81a upstream. + +The pmfw has changed the driver interface version, so keep same with the +fw. + +Signed-off-by: Tim Huang +Reviewed-by: Mario Limonciello +Signed-off-by: Alex Deucher +Cc: stable@vger.kernel.org # 6.0.x +Signed-off-by: Alex Deucher +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpu/drm/amd/pm/swsmu/inc/smu_v13_0.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/gpu/drm/amd/pm/swsmu/inc/smu_v13_0.h ++++ b/drivers/gpu/drm/amd/pm/swsmu/inc/smu_v13_0.h +@@ -28,7 +28,7 @@ + #define SMU13_DRIVER_IF_VERSION_INV 0xFFFFFFFF + #define SMU13_DRIVER_IF_VERSION_YELLOW_CARP 0x04 + #define SMU13_DRIVER_IF_VERSION_ALDE 0x08 +-#define SMU13_DRIVER_IF_VERSION_SMU_V13_0_4 0x05 ++#define SMU13_DRIVER_IF_VERSION_SMU_V13_0_4 0x07 + #define SMU13_DRIVER_IF_VERSION_SMU_V13_0_5 0x04 + #define SMU13_DRIVER_IF_VERSION_SMU_V13_0_0 0x30 + #define SMU13_DRIVER_IF_VERSION_SMU_V13_0_7 0x2C diff --git a/queue-6.0/drm-amd-pm-disable-cstate-feature-for-gpu-reset-scenario.patch b/queue-6.0/drm-amd-pm-disable-cstate-feature-for-gpu-reset-scenario.patch new file mode 100644 index 00000000000..184c9b2bb4d --- /dev/null +++ b/queue-6.0/drm-amd-pm-disable-cstate-feature-for-gpu-reset-scenario.patch @@ -0,0 +1,80 @@ +From 3059cd8c5f797ad83d2b194ae66339f5c007ca43 Mon Sep 17 00:00:00 2001 +From: Evan Quan +Date: Thu, 29 Sep 2022 10:50:44 +0800 +Subject: drm/amd/pm: disable cstate feature for gpu reset scenario + +From: Evan Quan + +commit 3059cd8c5f797ad83d2b194ae66339f5c007ca43 upstream. + +Suggested by PMFW team and same as what did for gfxoff feature. +This can address some Mode1Reset failures observed on SMU13.0.0. + +Signed-off-by: Evan Quan +Reviewed-by: Hawking Zhang +Reviewed-by: Lijo Lazar +Signed-off-by: Alex Deucher +Cc: stable@vger.kernel.org # 6.0.x +Signed-off-by: Alex Deucher +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 8 ++++++++ + drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c | 8 ++++++++ + drivers/gpu/drm/amd/pm/swsmu/smu13/aldebaran_ppt.c | 9 +++++++++ + 3 files changed, 25 insertions(+) + +--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c ++++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c +@@ -2926,6 +2926,14 @@ static int amdgpu_device_ip_suspend_phas + amdgpu_device_set_pg_state(adev, AMD_PG_STATE_UNGATE); + amdgpu_device_set_cg_state(adev, AMD_CG_STATE_UNGATE); + ++ /* ++ * Per PMFW team's suggestion, driver needs to handle gfxoff ++ * and df cstate features disablement for gpu reset(e.g. Mode1Reset) ++ * scenario. Add the missing df cstate disablement here. ++ */ ++ if (amdgpu_dpm_set_df_cstate(adev, DF_CSTATE_DISALLOW)) ++ dev_warn(adev->dev, "Failed to disallow df cstate"); ++ + for (i = adev->num_ip_blocks - 1; i >= 0; i--) { + if (!adev->ip_blocks[i].status.valid) + continue; +--- a/drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c ++++ b/drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c +@@ -2242,9 +2242,17 @@ static void arcturus_get_unique_id(struc + static int arcturus_set_df_cstate(struct smu_context *smu, + enum pp_df_cstate state) + { ++ struct amdgpu_device *adev = smu->adev; + uint32_t smu_version; + int ret; + ++ /* ++ * Arcturus does not need the cstate disablement ++ * prerequisite for gpu reset. ++ */ ++ if (amdgpu_in_reset(adev) || adev->in_suspend) ++ return 0; ++ + ret = smu_cmn_get_smc_version(smu, NULL, &smu_version); + if (ret) { + dev_err(smu->adev->dev, "Failed to get smu version!\n"); +--- a/drivers/gpu/drm/amd/pm/swsmu/smu13/aldebaran_ppt.c ++++ b/drivers/gpu/drm/amd/pm/swsmu/smu13/aldebaran_ppt.c +@@ -1640,6 +1640,15 @@ static bool aldebaran_is_baco_supported( + static int aldebaran_set_df_cstate(struct smu_context *smu, + enum pp_df_cstate state) + { ++ struct amdgpu_device *adev = smu->adev; ++ ++ /* ++ * Aldebaran does not need the cstate disablement ++ * prerequisite for gpu reset. ++ */ ++ if (amdgpu_in_reset(adev) || adev->in_suspend) ++ return 0; ++ + return smu_cmn_send_smc_msg_with_param(smu, SMU_MSG_DFCstateControl, state, NULL); + } + diff --git a/queue-6.0/drm-amd-pm-fulfill-smu13.0.0-cstate-control-interface.patch b/queue-6.0/drm-amd-pm-fulfill-smu13.0.0-cstate-control-interface.patch new file mode 100644 index 00000000000..ce032655071 --- /dev/null +++ b/queue-6.0/drm-amd-pm-fulfill-smu13.0.0-cstate-control-interface.patch @@ -0,0 +1,56 @@ +From 528c0e66e0c01a8c078d2d94431db80f9c75d2a0 Mon Sep 17 00:00:00 2001 +From: Evan Quan +Date: Thu, 29 Sep 2022 10:24:51 +0800 +Subject: drm/amd/pm: fulfill SMU13.0.0 cstate control interface + +From: Evan Quan + +commit 528c0e66e0c01a8c078d2d94431db80f9c75d2a0 upstream. + +Fulfill the functionality for cstate control. + +Signed-off-by: Evan Quan +Reviewed-by: Hawking Zhang +Reviewed-by: Lijo Lazar +Signed-off-by: Alex Deucher +Cc: stable@vger.kernel.org # 6.0.x +Signed-off-by: Alex Deucher +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +--- a/drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c ++++ b/drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c +@@ -119,6 +119,7 @@ static struct cmn2asic_msg_mapping smu_v + MSG_MAP(NotifyPowerSource, PPSMC_MSG_NotifyPowerSource, 0), + MSG_MAP(Mode1Reset, PPSMC_MSG_Mode1Reset, 0), + MSG_MAP(PrepareMp1ForUnload, PPSMC_MSG_PrepareMp1ForUnload, 0), ++ MSG_MAP(DFCstateControl, PPSMC_MSG_SetExternalClientDfCstateAllow, 0), + }; + + static struct cmn2asic_mapping smu_v13_0_0_clk_map[SMU_CLK_COUNT] = { +@@ -1753,6 +1754,15 @@ static int smu_v13_0_0_set_mp1_state(str + return ret; + } + ++static int smu_v13_0_0_set_df_cstate(struct smu_context *smu, ++ enum pp_df_cstate state) ++{ ++ return smu_cmn_send_smc_msg_with_param(smu, ++ SMU_MSG_DFCstateControl, ++ state, ++ NULL); ++} ++ + static const struct pptable_funcs smu_v13_0_0_ppt_funcs = { + .get_allowed_feature_mask = smu_v13_0_0_get_allowed_feature_mask, + .set_default_dpm_table = smu_v13_0_0_set_default_dpm_table, +@@ -1822,6 +1832,7 @@ static const struct pptable_funcs smu_v1 + .mode1_reset_is_support = smu_v13_0_0_is_mode1_reset_supported, + .mode1_reset = smu_v13_0_mode1_reset, + .set_mp1_state = smu_v13_0_0_set_mp1_state, ++ .set_df_cstate = smu_v13_0_0_set_df_cstate, + }; + + void smu_v13_0_0_set_ppt_funcs(struct smu_context *smu) diff --git a/queue-6.0/drm-amd-pm-fulfill-smu13.0.7-cstate-control-interface.patch b/queue-6.0/drm-amd-pm-fulfill-smu13.0.7-cstate-control-interface.patch new file mode 100644 index 00000000000..58cec182baf --- /dev/null +++ b/queue-6.0/drm-amd-pm-fulfill-smu13.0.7-cstate-control-interface.patch @@ -0,0 +1,57 @@ +From ba2f09960e75accf757ed12b4ef61409dcc97df8 Mon Sep 17 00:00:00 2001 +From: Evan Quan +Date: Thu, 29 Sep 2022 10:30:01 +0800 +Subject: drm/amd/pm: fulfill SMU13.0.7 cstate control interface + +From: Evan Quan + +commit ba2f09960e75accf757ed12b4ef61409dcc97df8 upstream. + +Fulfill the functionality for cstate control. + +Signed-off-by: Evan Quan +Reviewed-by: Hawking Zhang +Reviewed-by: Lijo Lazar +Signed-off-by: Alex Deucher +Cc: stable@vger.kernel.org # 6.0.x +Signed-off-by: Alex Deucher +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_7_ppt.c | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +--- a/drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_7_ppt.c ++++ b/drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_7_ppt.c +@@ -121,6 +121,7 @@ static struct cmn2asic_msg_mapping smu_v + MSG_MAP(Mode1Reset, PPSMC_MSG_Mode1Reset, 0), + MSG_MAP(PrepareMp1ForUnload, PPSMC_MSG_PrepareMp1ForUnload, 0), + MSG_MAP(SetMGpuFanBoostLimitRpm, PPSMC_MSG_SetMGpuFanBoostLimitRpm, 0), ++ MSG_MAP(DFCstateControl, PPSMC_MSG_SetExternalClientDfCstateAllow, 0), + }; + + static struct cmn2asic_mapping smu_v13_0_7_clk_map[SMU_CLK_COUNT] = { +@@ -1587,6 +1588,16 @@ static bool smu_v13_0_7_is_mode1_reset_s + + return true; + } ++ ++static int smu_v13_0_7_set_df_cstate(struct smu_context *smu, ++ enum pp_df_cstate state) ++{ ++ return smu_cmn_send_smc_msg_with_param(smu, ++ SMU_MSG_DFCstateControl, ++ state, ++ NULL); ++} ++ + static const struct pptable_funcs smu_v13_0_7_ppt_funcs = { + .get_allowed_feature_mask = smu_v13_0_7_get_allowed_feature_mask, + .set_default_dpm_table = smu_v13_0_7_set_default_dpm_table, +@@ -1649,6 +1660,7 @@ static const struct pptable_funcs smu_v1 + .mode1_reset_is_support = smu_v13_0_7_is_mode1_reset_supported, + .mode1_reset = smu_v13_0_mode1_reset, + .set_mp1_state = smu_v13_0_7_set_mp1_state, ++ .set_df_cstate = smu_v13_0_7_set_df_cstate, + }; + + void smu_v13_0_7_set_ppt_funcs(struct smu_context *smu) diff --git a/queue-6.0/drm-amd-pm-update-smu-ip-v13.0.4-driver-interface-version.patch b/queue-6.0/drm-amd-pm-update-smu-ip-v13.0.4-driver-interface-version.patch new file mode 100644 index 00000000000..4744f5b1f2a --- /dev/null +++ b/queue-6.0/drm-amd-pm-update-smu-ip-v13.0.4-driver-interface-version.patch @@ -0,0 +1,62 @@ +From 853fdb49160e9c30674fd8e4a2eabc06bf70b13a Mon Sep 17 00:00:00 2001 +From: Tim Huang +Date: Thu, 29 Sep 2022 14:39:21 +0800 +Subject: drm/amd/pm: update SMU IP v13.0.4 driver interface version + +From: Tim Huang + +commit 853fdb49160e9c30674fd8e4a2eabc06bf70b13a upstream. + +Update the SMU driver interface version to V7. + +Signed-off-by: Tim Huang +Reviewed-by: Mario Limonciello +Signed-off-by: Alex Deucher +Cc: stable@vger.kernel.org # 6.0.x +Signed-off-by: Alex Deucher +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpu/drm/amd/pm/swsmu/inc/pmfw_if/smu13_driver_if_v13_0_4.h | 17 ++++++++-- + 1 file changed, 15 insertions(+), 2 deletions(-) + +--- a/drivers/gpu/drm/amd/pm/swsmu/inc/pmfw_if/smu13_driver_if_v13_0_4.h ++++ b/drivers/gpu/drm/amd/pm/swsmu/inc/pmfw_if/smu13_driver_if_v13_0_4.h +@@ -27,7 +27,7 @@ + // *** IMPORTANT *** + // SMU TEAM: Always increment the interface version if + // any structure is changed in this file +-#define PMFW_DRIVER_IF_VERSION 5 ++#define PMFW_DRIVER_IF_VERSION 7 + + typedef struct { + int32_t value; +@@ -163,8 +163,8 @@ typedef struct { + uint16_t DclkFrequency; //[MHz] + uint16_t MemclkFrequency; //[MHz] + uint16_t spare; //[centi] +- uint16_t UvdActivity; //[centi] + uint16_t GfxActivity; //[centi] ++ uint16_t UvdActivity; //[centi] + + uint16_t Voltage[2]; //[mV] indices: VDDCR_VDD, VDDCR_SOC + uint16_t Current[2]; //[mA] indices: VDDCR_VDD, VDDCR_SOC +@@ -199,6 +199,19 @@ typedef struct { + uint16_t DeviceState; + uint16_t CurTemp; //[centi-Celsius] + uint16_t spare2; ++ ++ uint16_t AverageGfxclkFrequency; ++ uint16_t AverageFclkFrequency; ++ uint16_t AverageGfxActivity; ++ uint16_t AverageSocclkFrequency; ++ uint16_t AverageVclkFrequency; ++ uint16_t AverageVcnActivity; ++ uint16_t AverageDRAMReads; //Filtered DF Bandwidth::DRAM Reads ++ uint16_t AverageDRAMWrites; //Filtered DF Bandwidth::DRAM Writes ++ uint16_t AverageSocketPower; //Filtered value of CurrentSocketPower ++ uint16_t AverageCorePower; //Filtered of [sum of CorePower[8]]) ++ uint16_t AverageCoreC0Residency[8]; //Filtered of [average C0 residency % per core] ++ uint32_t MetricsCounter; //Counts the # of metrics table parameter reads per update to the metrics table, i.e. if the metrics table update happens every 1 second, this value could be up to 1000 if the smu collected metrics data every cycle, or as low as 0 if the smu was asleep the whole time. Reset to 0 after writing. + } SmuMetrics_t; + + typedef struct { diff --git a/queue-6.0/efi-efivars-fix-variable-writes-without-query_variable_store.patch b/queue-6.0/efi-efivars-fix-variable-writes-without-query_variable_store.patch new file mode 100644 index 00000000000..02fa59432da --- /dev/null +++ b/queue-6.0/efi-efivars-fix-variable-writes-without-query_variable_store.patch @@ -0,0 +1,117 @@ +From 8a254d90a77580244ec57e82bca7eb65656cc167 Mon Sep 17 00:00:00 2001 +From: Ard Biesheuvel +Date: Wed, 19 Oct 2022 23:29:58 +0200 +Subject: efi: efivars: Fix variable writes without query_variable_store() + +From: Ard Biesheuvel + +commit 8a254d90a77580244ec57e82bca7eb65656cc167 upstream. + +Commit bbc6d2c6ef22 ("efi: vars: Switch to new wrapper layer") +refactored the efivars layer so that the 'business logic' related to +which UEFI variables affect the boot flow in which way could be moved +out of it, and into the efivarfs driver. + +This inadvertently broke setting variables on firmware implementations +that lack the QueryVariableInfo() boot service, because we no longer +tolerate a EFI_UNSUPPORTED result from check_var_size() when calling +efivar_entry_set_get_size(), which now ends up calling check_var_size() +a second time inadvertently. + +If QueryVariableInfo() is missing, we support writes of up to 64k - +let's move that logic into check_var_size(), and drop the redundant +call. + +Cc: # v6.0 +Fixes: bbc6d2c6ef22 ("efi: vars: Switch to new wrapper layer") +Signed-off-by: Ard Biesheuvel +Signed-off-by: Greg Kroah-Hartman +--- + drivers/firmware/efi/vars.c | 10 +++++----- + fs/efivarfs/vars.c | 16 ---------------- + include/linux/efi.h | 3 --- + 3 files changed, 5 insertions(+), 24 deletions(-) + +--- a/drivers/firmware/efi/vars.c ++++ b/drivers/firmware/efi/vars.c +@@ -7,6 +7,7 @@ + */ + + #include ++#include + #include + #include + #include +@@ -20,19 +21,19 @@ static struct efivars *__efivars; + + static DEFINE_SEMAPHORE(efivars_lock); + +-efi_status_t check_var_size(u32 attributes, unsigned long size) ++static efi_status_t check_var_size(u32 attributes, unsigned long size) + { + const struct efivar_operations *fops; + + fops = __efivars->ops; + + if (!fops->query_variable_store) +- return EFI_UNSUPPORTED; ++ return (size <= SZ_64K) ? EFI_SUCCESS : EFI_OUT_OF_RESOURCES; + + return fops->query_variable_store(attributes, size, false); + } +-EXPORT_SYMBOL_NS_GPL(check_var_size, EFIVAR); + ++static + efi_status_t check_var_size_nonblocking(u32 attributes, unsigned long size) + { + const struct efivar_operations *fops; +@@ -40,11 +41,10 @@ efi_status_t check_var_size_nonblocking( + fops = __efivars->ops; + + if (!fops->query_variable_store) +- return EFI_UNSUPPORTED; ++ return (size <= SZ_64K) ? EFI_SUCCESS : EFI_OUT_OF_RESOURCES; + + return fops->query_variable_store(attributes, size, true); + } +-EXPORT_SYMBOL_NS_GPL(check_var_size_nonblocking, EFIVAR); + + /** + * efivars_kobject - get the kobject for the registered efivars +--- a/fs/efivarfs/vars.c ++++ b/fs/efivarfs/vars.c +@@ -651,22 +651,6 @@ int efivar_entry_set_get_size(struct efi + if (err) + return err; + +- /* +- * Ensure that the available space hasn't shrunk below the safe level +- */ +- status = check_var_size(attributes, *size + ucs2_strsize(name, 1024)); +- if (status != EFI_SUCCESS) { +- if (status != EFI_UNSUPPORTED) { +- err = efi_status_to_err(status); +- goto out; +- } +- +- if (*size > 65536) { +- err = -ENOSPC; +- goto out; +- } +- } +- + status = efivar_set_variable_locked(name, vendor, attributes, *size, + data, false); + if (status != EFI_SUCCESS) { +--- a/include/linux/efi.h ++++ b/include/linux/efi.h +@@ -1055,9 +1055,6 @@ efi_status_t efivar_set_variable_locked( + efi_status_t efivar_set_variable(efi_char16_t *name, efi_guid_t *vendor, + u32 attr, unsigned long data_size, void *data); + +-efi_status_t check_var_size(u32 attributes, unsigned long size); +-efi_status_t check_var_size_nonblocking(u32 attributes, unsigned long size); +- + #if IS_ENABLED(CONFIG_EFI_CAPSULE_LOADER) + extern bool efi_capsule_pending(int *reset_type); + diff --git a/queue-6.0/efi-ssdt-don-t-free-memory-if-acpi-table-was-loaded-successfully.patch b/queue-6.0/efi-ssdt-don-t-free-memory-if-acpi-table-was-loaded-successfully.patch new file mode 100644 index 00000000000..b1517782689 --- /dev/null +++ b/queue-6.0/efi-ssdt-don-t-free-memory-if-acpi-table-was-loaded-successfully.patch @@ -0,0 +1,41 @@ +From 4b017e59f01097f19b938f6dc4dc2c4720701610 Mon Sep 17 00:00:00 2001 +From: Ard Biesheuvel +Date: Fri, 14 Oct 2022 12:25:52 +0200 +Subject: efi: ssdt: Don't free memory if ACPI table was loaded successfully +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Ard Biesheuvel + +commit 4b017e59f01097f19b938f6dc4dc2c4720701610 upstream. + +Amadeusz reports KASAN use-after-free errors introduced by commit +3881ee0b1edc ("efi: avoid efivars layer when loading SSDTs from +variables"). The problem appears to be that the memory that holds the +new ACPI table is now freed unconditionally, instead of only when the +ACPI core reported a failure to load the table. + +So let's fix this, by omitting the kfree() on success. + +Cc: # v6.0 +Link: https://lore.kernel.org/all/a101a10a-4fbb-5fae-2e3c-76cf96ed8fbd@linux.intel.com/ +Fixes: 3881ee0b1edc ("efi: avoid efivars layer when loading SSDTs from variables") +Reported-by: Amadeusz Sławiński +Signed-off-by: Ard Biesheuvel +Signed-off-by: Greg Kroah-Hartman +--- + drivers/firmware/efi/efi.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/drivers/firmware/efi/efi.c ++++ b/drivers/firmware/efi/efi.c +@@ -269,6 +269,8 @@ static __init int efivar_ssdt_load(void) + acpi_status ret = acpi_load_table(data, NULL); + if (ret) + pr_err("failed to load table: %u\n", ret); ++ else ++ continue; + } else { + pr_err("failed to get var data: 0x%lx\n", status); + } diff --git a/queue-6.0/gcov-support-gcc-12.1-and-newer-compilers.patch b/queue-6.0/gcov-support-gcc-12.1-and-newer-compilers.patch new file mode 100644 index 00000000000..45f3838c6da --- /dev/null +++ b/queue-6.0/gcov-support-gcc-12.1-and-newer-compilers.patch @@ -0,0 +1,80 @@ +From 977ef30a7d888eeb52fb6908f99080f33e5309a8 Mon Sep 17 00:00:00 2001 +From: Martin Liska +Date: Thu, 13 Oct 2022 09:40:59 +0200 +Subject: gcov: support GCC 12.1 and newer compilers + +From: Martin Liska + +commit 977ef30a7d888eeb52fb6908f99080f33e5309a8 upstream. + +Starting with GCC 12.1, the created .gcda format can't be read by gcov +tool. There are 2 significant changes to the .gcda file format that +need to be supported: + +a) [gcov: Use system IO buffering] + (23eb66d1d46a34cb28c4acbdf8a1deb80a7c5a05) changed that all sizes in + the format are in bytes and not in words (4B) + +b) [gcov: make profile merging smarter] + (72e0c742bd01f8e7e6dcca64042b9ad7e75979de) add a new checksum to the + file header. + +Tested with GCC 7.5, 10.4, 12.2 and the current master. + +Link: https://lkml.kernel.org/r/624bda92-f307-30e9-9aaa-8cc678b2dfb2@suse.cz +Signed-off-by: Martin Liska +Tested-by: Peter Oberparleiter +Reviewed-by: Peter Oberparleiter +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman +--- + kernel/gcov/gcc_4_7.c | 18 ++++++++++++++++-- + 1 file changed, 16 insertions(+), 2 deletions(-) + +--- a/kernel/gcov/gcc_4_7.c ++++ b/kernel/gcov/gcc_4_7.c +@@ -30,6 +30,13 @@ + + #define GCOV_TAG_FUNCTION_LENGTH 3 + ++/* Since GCC 12.1 sizes are in BYTES and not in WORDS (4B). */ ++#if (__GNUC__ >= 12) ++#define GCOV_UNIT_SIZE 4 ++#else ++#define GCOV_UNIT_SIZE 1 ++#endif ++ + static struct gcov_info *gcov_info_head; + + /** +@@ -383,12 +390,18 @@ size_t convert_to_gcda(char *buffer, str + pos += store_gcov_u32(buffer, pos, info->version); + pos += store_gcov_u32(buffer, pos, info->stamp); + ++#if (__GNUC__ >= 12) ++ /* Use zero as checksum of the compilation unit. */ ++ pos += store_gcov_u32(buffer, pos, 0); ++#endif ++ + for (fi_idx = 0; fi_idx < info->n_functions; fi_idx++) { + fi_ptr = info->functions[fi_idx]; + + /* Function record. */ + pos += store_gcov_u32(buffer, pos, GCOV_TAG_FUNCTION); +- pos += store_gcov_u32(buffer, pos, GCOV_TAG_FUNCTION_LENGTH); ++ pos += store_gcov_u32(buffer, pos, ++ GCOV_TAG_FUNCTION_LENGTH * GCOV_UNIT_SIZE); + pos += store_gcov_u32(buffer, pos, fi_ptr->ident); + pos += store_gcov_u32(buffer, pos, fi_ptr->lineno_checksum); + pos += store_gcov_u32(buffer, pos, fi_ptr->cfg_checksum); +@@ -402,7 +415,8 @@ size_t convert_to_gcda(char *buffer, str + /* Counter record. */ + pos += store_gcov_u32(buffer, pos, + GCOV_TAG_FOR_COUNTER(ct_idx)); +- pos += store_gcov_u32(buffer, pos, ci_ptr->num * 2); ++ pos += store_gcov_u32(buffer, pos, ++ ci_ptr->num * 2 * GCOV_UNIT_SIZE); + + for (cv_idx = 0; cv_idx < ci_ptr->num; cv_idx++) { + pos += store_gcov_u64(buffer, pos, diff --git a/queue-6.0/hid-playstation-add-initial-dualsense-edge-controller-support.patch b/queue-6.0/hid-playstation-add-initial-dualsense-edge-controller-support.patch new file mode 100644 index 00000000000..e025cc78fbd --- /dev/null +++ b/queue-6.0/hid-playstation-add-initial-dualsense-edge-controller-support.patch @@ -0,0 +1,54 @@ +From b8a968efab301743fd659b5649c5d7d3e30e63a6 Mon Sep 17 00:00:00 2001 +From: Roderick Colenbrander +Date: Mon, 10 Oct 2022 14:23:12 -0700 +Subject: HID: playstation: add initial DualSense Edge controller support + +From: Roderick Colenbrander + +commit b8a968efab301743fd659b5649c5d7d3e30e63a6 upstream. + +Provide initial support for the DualSense Edge controller. The brings +support up to the level of the original DualSense, but won't yet provide +support for new features (e.g. reprogrammable buttons). + +Signed-off-by: Roderick Colenbrander +CC: stable@vger.kernel.org +Signed-off-by: Benjamin Tissoires +Link: https://lore.kernel.org/r/20221010212313.78275-3-roderick.colenbrander@sony.com +Signed-off-by: Greg Kroah-Hartman +--- + drivers/hid/hid-ids.h | 1 + + drivers/hid/hid-playstation.c | 5 ++++- + 2 files changed, 5 insertions(+), 1 deletion(-) + +--- a/drivers/hid/hid-ids.h ++++ b/drivers/hid/hid-ids.h +@@ -1142,6 +1142,7 @@ + #define USB_DEVICE_ID_SONY_PS4_CONTROLLER_2 0x09cc + #define USB_DEVICE_ID_SONY_PS4_CONTROLLER_DONGLE 0x0ba0 + #define USB_DEVICE_ID_SONY_PS5_CONTROLLER 0x0ce6 ++#define USB_DEVICE_ID_SONY_PS5_CONTROLLER_2 0x0df2 + #define USB_DEVICE_ID_SONY_MOTION_CONTROLLER 0x03d5 + #define USB_DEVICE_ID_SONY_NAVIGATION_CONTROLLER 0x042f + #define USB_DEVICE_ID_SONY_BUZZ_CONTROLLER 0x0002 +--- a/drivers/hid/hid-playstation.c ++++ b/drivers/hid/hid-playstation.c +@@ -1467,7 +1467,8 @@ static int ps_probe(struct hid_device *h + goto err_stop; + } + +- if (hdev->product == USB_DEVICE_ID_SONY_PS5_CONTROLLER) { ++ if (hdev->product == USB_DEVICE_ID_SONY_PS5_CONTROLLER || ++ hdev->product == USB_DEVICE_ID_SONY_PS5_CONTROLLER_2) { + dev = dualsense_create(hdev); + if (IS_ERR(dev)) { + hid_err(hdev, "Failed to create dualsense.\n"); +@@ -1508,6 +1509,8 @@ static void ps_remove(struct hid_device + static const struct hid_device_id ps_devices[] = { + { HID_BLUETOOTH_DEVICE(USB_VENDOR_ID_SONY, USB_DEVICE_ID_SONY_PS5_CONTROLLER) }, + { HID_USB_DEVICE(USB_VENDOR_ID_SONY, USB_DEVICE_ID_SONY_PS5_CONTROLLER) }, ++ { HID_BLUETOOTH_DEVICE(USB_VENDOR_ID_SONY, USB_DEVICE_ID_SONY_PS5_CONTROLLER_2) }, ++ { HID_USB_DEVICE(USB_VENDOR_ID_SONY, USB_DEVICE_ID_SONY_PS5_CONTROLLER_2) }, + { } + }; + MODULE_DEVICE_TABLE(hid, ps_devices); diff --git a/queue-6.0/hid-playstation-stop-dualsense-output-work-on-remove.patch b/queue-6.0/hid-playstation-stop-dualsense-output-work-on-remove.patch new file mode 100644 index 00000000000..b75ce37950d --- /dev/null +++ b/queue-6.0/hid-playstation-stop-dualsense-output-work-on-remove.patch @@ -0,0 +1,153 @@ +From 182934a1e93b17f4edf71f4fcc8d19b19a6fe67a Mon Sep 17 00:00:00 2001 +From: Roderick Colenbrander +Date: Mon, 10 Oct 2022 14:23:11 -0700 +Subject: HID: playstation: stop DualSense output work on remove. + +From: Roderick Colenbrander + +commit 182934a1e93b17f4edf71f4fcc8d19b19a6fe67a upstream. + +Ensure we don't schedule any new output work on removal and wait +for any existing work to complete. If we don't do this e.g. rumble +work can get queued during deletion and we trigger a kernel crash. + +Signed-off-by: Roderick Colenbrander +CC: stable@vger.kernel.org +Signed-off-by: Benjamin Tissoires +Link: https://lore.kernel.org/r/20221010212313.78275-2-roderick.colenbrander@sony.com +Signed-off-by: Greg Kroah-Hartman +--- + drivers/hid/hid-playstation.c | 41 ++++++++++++++++++++++++++++++++++++----- + 1 file changed, 36 insertions(+), 5 deletions(-) + +--- a/drivers/hid/hid-playstation.c ++++ b/drivers/hid/hid-playstation.c +@@ -46,6 +46,7 @@ struct ps_device { + uint32_t fw_version; + + int (*parse_report)(struct ps_device *dev, struct hid_report *report, u8 *data, int size); ++ void (*remove)(struct ps_device *dev); + }; + + /* Calibration data for playstation motion sensors. */ +@@ -174,6 +175,7 @@ struct dualsense { + struct led_classdev player_leds[5]; + + struct work_struct output_worker; ++ bool output_worker_initialized; + void *output_report_dmabuf; + uint8_t output_seq; /* Sequence number for output report. */ + }; +@@ -299,6 +301,7 @@ static const struct {int x; int y; } ps_ + {0, 0}, + }; + ++static inline void dualsense_schedule_work(struct dualsense *ds); + static void dualsense_set_lightbar(struct dualsense *ds, uint8_t red, uint8_t green, uint8_t blue); + + /* +@@ -792,6 +795,7 @@ err_free: + return ret; + } + ++ + static int dualsense_get_firmware_info(struct dualsense *ds) + { + uint8_t *buf; +@@ -881,7 +885,7 @@ static int dualsense_player_led_set_brig + ds->update_player_leds = true; + spin_unlock_irqrestore(&ds->base.lock, flags); + +- schedule_work(&ds->output_worker); ++ dualsense_schedule_work(ds); + + return 0; + } +@@ -925,6 +929,16 @@ static void dualsense_init_output_report + } + } + ++static inline void dualsense_schedule_work(struct dualsense *ds) ++{ ++ unsigned long flags; ++ ++ spin_lock_irqsave(&ds->base.lock, flags); ++ if (ds->output_worker_initialized) ++ schedule_work(&ds->output_worker); ++ spin_unlock_irqrestore(&ds->base.lock, flags); ++} ++ + /* + * Helper function to send DualSense output reports. Applies a CRC at the end of a report + * for Bluetooth reports. +@@ -1085,7 +1099,7 @@ static int dualsense_parse_report(struct + spin_unlock_irqrestore(&ps_dev->lock, flags); + + /* Schedule updating of microphone state at hardware level. */ +- schedule_work(&ds->output_worker); ++ dualsense_schedule_work(ds); + } + ds->last_btn_mic_state = btn_mic_state; + +@@ -1200,10 +1214,22 @@ static int dualsense_play_effect(struct + ds->motor_right = effect->u.rumble.weak_magnitude / 256; + spin_unlock_irqrestore(&ds->base.lock, flags); + +- schedule_work(&ds->output_worker); ++ dualsense_schedule_work(ds); + return 0; + } + ++static void dualsense_remove(struct ps_device *ps_dev) ++{ ++ struct dualsense *ds = container_of(ps_dev, struct dualsense, base); ++ unsigned long flags; ++ ++ spin_lock_irqsave(&ds->base.lock, flags); ++ ds->output_worker_initialized = false; ++ spin_unlock_irqrestore(&ds->base.lock, flags); ++ ++ cancel_work_sync(&ds->output_worker); ++} ++ + static int dualsense_reset_leds(struct dualsense *ds) + { + struct dualsense_output_report report; +@@ -1240,7 +1266,7 @@ static void dualsense_set_lightbar(struc + ds->lightbar_blue = blue; + spin_unlock_irqrestore(&ds->base.lock, flags); + +- schedule_work(&ds->output_worker); ++ dualsense_schedule_work(ds); + } + + static void dualsense_set_player_leds(struct dualsense *ds) +@@ -1263,7 +1289,7 @@ static void dualsense_set_player_leds(st + + ds->update_player_leds = true; + ds->player_leds_state = player_ids[player_id]; +- schedule_work(&ds->output_worker); ++ dualsense_schedule_work(ds); + } + + static struct ps_device *dualsense_create(struct hid_device *hdev) +@@ -1302,7 +1328,9 @@ static struct ps_device *dualsense_creat + ps_dev->battery_capacity = 100; /* initial value until parse_report. */ + ps_dev->battery_status = POWER_SUPPLY_STATUS_UNKNOWN; + ps_dev->parse_report = dualsense_parse_report; ++ ps_dev->remove = dualsense_remove; + INIT_WORK(&ds->output_worker, dualsense_output_worker); ++ ds->output_worker_initialized = true; + hid_set_drvdata(hdev, ds); + + max_output_report_size = sizeof(struct dualsense_output_report_bt); +@@ -1470,6 +1498,9 @@ static void ps_remove(struct hid_device + ps_devices_list_remove(dev); + ps_device_release_player_id(dev); + ++ if (dev->remove) ++ dev->remove(dev); ++ + hid_hw_close(hdev); + hid_hw_stop(hdev); + } diff --git a/queue-6.0/io-wq-fix-memory-leak-in-worker-creation.patch b/queue-6.0/io-wq-fix-memory-leak-in-worker-creation.patch new file mode 100644 index 00000000000..8c1e19846e4 --- /dev/null +++ b/queue-6.0/io-wq-fix-memory-leak-in-worker-creation.patch @@ -0,0 +1,55 @@ +From 996d3efeb091c503afd3ee6b5e20eabf446fd955 Mon Sep 17 00:00:00 2001 +From: Rafael Mendonca +Date: Wed, 19 Oct 2022 22:47:09 -0300 +Subject: io-wq: Fix memory leak in worker creation + +From: Rafael Mendonca + +commit 996d3efeb091c503afd3ee6b5e20eabf446fd955 upstream. + +If the CPU mask allocation for a node fails, then the memory allocated for +the 'io_wqe' struct of the current node doesn't get freed on the error +handling path, since it has not yet been added to the 'wqes' array. + +This was spotted when fuzzing v6.1-rc1 with Syzkaller: +BUG: memory leak +unreferenced object 0xffff8880093d5000 (size 1024): + comm "syz-executor.2", pid 7701, jiffies 4295048595 (age 13.900s) + hex dump (first 32 bytes): + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + backtrace: + [<00000000cb463369>] __kmem_cache_alloc_node+0x18e/0x720 + [<00000000147a3f9c>] kmalloc_node_trace+0x2a/0x130 + [<000000004e107011>] io_wq_create+0x7b9/0xdc0 + [<00000000c38b2018>] io_uring_alloc_task_context+0x31e/0x59d + [<00000000867399da>] __io_uring_add_tctx_node.cold+0x19/0x1ba + [<000000007e0e7a79>] io_uring_setup.cold+0x1b80/0x1dce + [<00000000b545e9f6>] __x64_sys_io_uring_setup+0x5d/0x80 + [<000000008a8a7508>] do_syscall_64+0x5d/0x90 + [<000000004ac08bec>] entry_SYSCALL_64_after_hwframe+0x63/0xcd + +Fixes: 0e03496d1967 ("io-wq: use private CPU mask") +Cc: stable@vger.kernel.org +Signed-off-by: Rafael Mendonca +Link: https://lore.kernel.org/r/20221020014710.902201-1-rafaelmendsr@gmail.com +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman +--- + io_uring/io-wq.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/io_uring/io-wq.c ++++ b/io_uring/io-wq.c +@@ -1164,10 +1164,10 @@ struct io_wq *io_wq_create(unsigned boun + wqe = kzalloc_node(sizeof(struct io_wqe), GFP_KERNEL, alloc_node); + if (!wqe) + goto err; ++ wq->wqes[node] = wqe; + if (!alloc_cpumask_var(&wqe->cpu_mask, GFP_KERNEL)) + goto err; + cpumask_copy(wqe->cpu_mask, cpumask_of_node(node)); +- wq->wqes[node] = wqe; + wqe->node = alloc_node; + wqe->acct[IO_WQ_ACCT_BOUND].max_workers = bounded; + wqe->acct[IO_WQ_ACCT_UNBOUND].max_workers = diff --git a/queue-6.0/io_uring-net-fail-zc-send-when-unsupported-by-socket.patch b/queue-6.0/io_uring-net-fail-zc-send-when-unsupported-by-socket.patch new file mode 100644 index 00000000000..46471494c4a --- /dev/null +++ b/queue-6.0/io_uring-net-fail-zc-send-when-unsupported-by-socket.patch @@ -0,0 +1,33 @@ +From edf81438799ccead7122948446d7e44b083e788d Mon Sep 17 00:00:00 2001 +From: Pavel Begunkov +Date: Fri, 21 Oct 2022 11:16:40 +0100 +Subject: io_uring/net: fail zc send when unsupported by socket + +From: Pavel Begunkov + +commit edf81438799ccead7122948446d7e44b083e788d upstream. + +If a protocol doesn't support zerocopy it will silently fall back to +copying. This type of behaviour has always been a source of troubles +so it's better to fail such requests instead. + +Cc: # 6.0 +Signed-off-by: Pavel Begunkov +Link: https://lore.kernel.org/r/2db3c7f16bb6efab4b04569cd16e6242b40c5cb3.1666346426.git.asml.silence@gmail.com +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman +--- + io_uring/net.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/io_uring/net.c ++++ b/io_uring/net.c +@@ -1001,6 +1001,8 @@ int io_send_zc(struct io_kiocb *req, uns + sock = sock_from_file(req->file); + if (unlikely(!sock)) + return -ENOTSOCK; ++ if (!test_bit(SOCK_SUPPORT_ZC, &sock->flags)) ++ return -EOPNOTSUPP; + + msg.msg_name = NULL; + msg.msg_control = NULL; diff --git a/queue-6.0/mm-huge_memory-do-not-clobber-swp_entry_t-during-thp-split.patch b/queue-6.0/mm-huge_memory-do-not-clobber-swp_entry_t-during-thp-split.patch new file mode 100644 index 00000000000..d6381a5ec1e --- /dev/null +++ b/queue-6.0/mm-huge_memory-do-not-clobber-swp_entry_t-during-thp-split.patch @@ -0,0 +1,115 @@ +From 71e2d666ef85d51834d658830f823560c402b8b6 Mon Sep 17 00:00:00 2001 +From: Mel Gorman +Date: Wed, 19 Oct 2022 14:41:56 +0100 +Subject: mm/huge_memory: do not clobber swp_entry_t during THP split + +From: Mel Gorman + +commit 71e2d666ef85d51834d658830f823560c402b8b6 upstream. + +The following has been observed when running stressng mmap since commit +b653db77350c ("mm: Clear page->private when splitting or migrating a page") + + watchdog: BUG: soft lockup - CPU#75 stuck for 26s! [stress-ng:9546] + CPU: 75 PID: 9546 Comm: stress-ng Tainted: G E 6.0.0-revert-b653db77-fix+ #29 0357d79b60fb09775f678e4f3f64ef0579ad1374 + Hardware name: SGI.COM C2112-4GP3/X10DRT-P-Series, BIOS 2.0a 05/09/2016 + RIP: 0010:xas_descend+0x28/0x80 + Code: cc cc 0f b6 0e 48 8b 57 08 48 d3 ea 83 e2 3f 89 d0 48 83 c0 04 48 8b 44 c6 08 48 89 77 18 48 89 c1 83 e1 03 48 83 f9 02 75 08 <48> 3d fd 00 00 00 76 08 88 57 12 c3 cc cc cc cc 48 c1 e8 02 89 c2 + RSP: 0018:ffffbbf02a2236a8 EFLAGS: 00000246 + RAX: ffff9cab7d6a0002 RBX: ffffe04b0af88040 RCX: 0000000000000002 + RDX: 0000000000000030 RSI: ffff9cab60509b60 RDI: ffffbbf02a2236c0 + RBP: 0000000000000000 R08: ffff9cab60509b60 R09: ffffbbf02a2236c0 + R10: 0000000000000001 R11: ffffbbf02a223698 R12: 0000000000000000 + R13: ffff9cab4e28da80 R14: 0000000000039c01 R15: ffff9cab4e28da88 + FS: 00007fab89b85e40(0000) GS:ffff9cea3fcc0000(0000) knlGS:0000000000000000 + CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 + CR2: 00007fab84e00000 CR3: 00000040b73a4003 CR4: 00000000003706e0 + DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 + DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 + Call Trace: + + xas_load+0x3a/0x50 + __filemap_get_folio+0x80/0x370 + ? put_swap_page+0x163/0x360 + pagecache_get_page+0x13/0x90 + __try_to_reclaim_swap+0x50/0x190 + scan_swap_map_slots+0x31e/0x670 + get_swap_pages+0x226/0x3c0 + folio_alloc_swap+0x1cc/0x240 + add_to_swap+0x14/0x70 + shrink_page_list+0x968/0xbc0 + reclaim_page_list+0x70/0xf0 + reclaim_pages+0xdd/0x120 + madvise_cold_or_pageout_pte_range+0x814/0xf30 + walk_pgd_range+0x637/0xa30 + __walk_page_range+0x142/0x170 + walk_page_range+0x146/0x170 + madvise_pageout+0xb7/0x280 + ? asm_common_interrupt+0x22/0x40 + madvise_vma_behavior+0x3b7/0xac0 + ? find_vma+0x4a/0x70 + ? find_vma+0x64/0x70 + ? madvise_vma_anon_name+0x40/0x40 + madvise_walk_vmas+0xa6/0x130 + do_madvise+0x2f4/0x360 + __x64_sys_madvise+0x26/0x30 + do_syscall_64+0x5b/0x80 + ? do_syscall_64+0x67/0x80 + ? syscall_exit_to_user_mode+0x17/0x40 + ? do_syscall_64+0x67/0x80 + ? syscall_exit_to_user_mode+0x17/0x40 + ? do_syscall_64+0x67/0x80 + ? do_syscall_64+0x67/0x80 + ? common_interrupt+0x8b/0xa0 + entry_SYSCALL_64_after_hwframe+0x63/0xcd + +The problem can be reproduced with the mmtests config +config-workload-stressng-mmap. It does not always happen and when it +triggers is variable but it has happened on multiple machines. + +The intent of commit b653db77350c patch was to avoid the case where +PG_private is clear but folio->private is not-NULL. However, THP tail +pages uses page->private for "swp_entry_t if folio_test_swapcache()" as +stated in the documentation for struct folio. This patch only clobbers +page->private for tail pages if the head page was not in swapcache and +warns once if page->private had an unexpected value. + +Link: https://lkml.kernel.org/r/20221019134156.zjyyn5aownakvztf@techsingularity.net +Fixes: b653db77350c ("mm: Clear page->private when splitting or migrating a page") +Signed-off-by: Mel Gorman +Cc: Matthew Wilcox (Oracle) +Cc: Mel Gorman +Cc: Yang Shi +Cc: Brian Foster +Cc: Dan Streetman +Cc: Miaohe Lin +Cc: Oleksandr Natalenko +Cc: Seth Jennings +Cc: Vitaly Wool +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman +--- + mm/huge_memory.c | 11 ++++++++++- + 1 file changed, 10 insertions(+), 1 deletion(-) + +--- a/mm/huge_memory.c ++++ b/mm/huge_memory.c +@@ -2445,7 +2445,16 @@ static void __split_huge_page_tail(struc + page_tail); + page_tail->mapping = head->mapping; + page_tail->index = head->index + tail; +- page_tail->private = 0; ++ ++ /* ++ * page->private should not be set in tail pages with the exception ++ * of swap cache pages that store the swp_entry_t in tail pages. ++ * Fix up and warn once if private is unexpectedly set. ++ */ ++ if (!folio_test_swapcache(page_folio(head))) { ++ VM_WARN_ON_ONCE_PAGE(page_tail->private != 0, head); ++ page_tail->private = 0; ++ } + + /* Page flags must be visible before we make the page non-compound. */ + smp_wmb(); diff --git a/queue-6.0/net-flag-sockets-supporting-msghdr-originated-zerocopy.patch b/queue-6.0/net-flag-sockets-supporting-msghdr-originated-zerocopy.patch new file mode 100644 index 00000000000..a8b126c6ac7 --- /dev/null +++ b/queue-6.0/net-flag-sockets-supporting-msghdr-originated-zerocopy.patch @@ -0,0 +1,55 @@ +From e993ffe3da4bcddea0536b03be1031bf35cd8d85 Mon Sep 17 00:00:00 2001 +From: Pavel Begunkov +Date: Fri, 21 Oct 2022 11:16:39 +0100 +Subject: net: flag sockets supporting msghdr originated zerocopy + +From: Pavel Begunkov + +commit e993ffe3da4bcddea0536b03be1031bf35cd8d85 upstream. + +We need an efficient way in io_uring to check whether a socket supports +zerocopy with msghdr provided ubuf_info. Add a new flag into the struct +socket flags fields. + +Cc: # 6.0 +Signed-off-by: Pavel Begunkov +Acked-by: Jakub Kicinski +Link: https://lore.kernel.org/r/3dafafab822b1c66308bb58a0ac738b1e3f53f74.1666346426.git.asml.silence@gmail.com +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman +--- + include/linux/net.h | 1 + + net/ipv4/tcp.c | 1 + + net/ipv4/udp.c | 1 + + 3 files changed, 3 insertions(+) + +--- a/include/linux/net.h ++++ b/include/linux/net.h +@@ -41,6 +41,7 @@ struct net; + #define SOCK_NOSPACE 2 + #define SOCK_PASSCRED 3 + #define SOCK_PASSSEC 4 ++#define SOCK_SUPPORT_ZC 5 + + #ifndef ARCH_HAS_SOCKET_TYPES + /** +--- a/net/ipv4/tcp.c ++++ b/net/ipv4/tcp.c +@@ -457,6 +457,7 @@ void tcp_init_sock(struct sock *sk) + WRITE_ONCE(sk->sk_sndbuf, READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_wmem[1])); + WRITE_ONCE(sk->sk_rcvbuf, READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_rmem[1])); + ++ set_bit(SOCK_SUPPORT_ZC, &sk->sk_socket->flags); + sk_sockets_allocated_inc(sk); + } + EXPORT_SYMBOL(tcp_init_sock); +--- a/net/ipv4/udp.c ++++ b/net/ipv4/udp.c +@@ -1620,6 +1620,7 @@ int udp_init_sock(struct sock *sk) + { + skb_queue_head_init(&udp_sk(sk)->reader_queue); + sk->sk_destruct = udp_destruct_sock; ++ set_bit(SOCK_SUPPORT_ZC, &sk->sk_socket->flags); + return 0; + } + EXPORT_SYMBOL_GPL(udp_init_sock); diff --git a/queue-6.0/series b/queue-6.0/series index 8ea6de17c92..2147608ddb6 100644 --- a/queue-6.0/series +++ b/queue-6.0/series @@ -2,3 +2,18 @@ drm-i915-bios-validate-fp_timing-terminator-presence.patch drm-i915-bios-use-hardcoded-fp_timing-size-for-generating-lfp-data-pointers.patch pinctrl-amd-change-dev_warn-to-dev_dbg-for-additional-feature-support.patch thermal-intel_powerclamp-use-first-online-cpu-as-control_cpu.patch +io_uring-net-fail-zc-send-when-unsupported-by-socket.patch +hid-playstation-stop-dualsense-output-work-on-remove.patch +hid-playstation-add-initial-dualsense-edge-controller-support.patch +net-flag-sockets-supporting-msghdr-originated-zerocopy.patch +drm-amd-pm-fulfill-smu13.0.7-cstate-control-interface.patch +drm-amd-pm-add-smu-ip-v13.0.4-if-version-define-to-v7.patch +drm-amd-pm-disable-cstate-feature-for-gpu-reset-scenario.patch +drm-amd-pm-fulfill-smu13.0.0-cstate-control-interface.patch +drm-amd-pm-update-smu-ip-v13.0.4-driver-interface-version.patch +dm-clone-fix-typo-in-block_device-format-specifier.patch +efi-efivars-fix-variable-writes-without-query_variable_store.patch +efi-ssdt-don-t-free-memory-if-acpi-table-was-loaded-successfully.patch +gcov-support-gcc-12.1-and-newer-compilers.patch +io-wq-fix-memory-leak-in-worker-creation.patch +mm-huge_memory-do-not-clobber-swp_entry_t-during-thp-split.patch