From 5b8b89142979f4cc83c4d0790328dac2d0ccf3b4 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Tue, 1 Oct 2024 09:31:25 +0200 Subject: [PATCH] 6.11-stable patches added patches: drm-amd-display-add-dsc-debug-log.patch drm-amd-display-fix-synaptics-cascaded-panamera-dsc-determination.patch drm-amdgpu-display-fix-a-mistake-in-revert-commit.patch fuse-use-exclusive-lock-when-fuse_i_cache_io_mode-is-set.patch io_uring-check-for-presence-of-task_work-rather-than-tif_notify_signal.patch io_uring-rw-treat-eopnotsupp-for-iocb_nowait-like-eagain.patch io_uring-sqpoll-do-not-allow-pinning-outside-of-cpuset.patch mm-call-the-security_mmap_file-lsm-hook-in-remap_file_pages.patch mm-migrate-annotate-data-race-in-migrate_folio_unmap.patch --- .../drm-amd-display-add-dsc-debug-log.patch | 515 ++++++++++++++++++ ...-cascaded-panamera-dsc-determination.patch | 34 ++ ...splay-fix-a-mistake-in-revert-commit.patch | 36 ++ ...ock-when-fuse_i_cache_io_mode-is-set.patch | 34 ++ ...k_work-rather-than-tif_notify_signal.patch | 66 +++ ...pnotsupp-for-iocb_nowait-like-eagain.patch | 46 ++ ...-not-allow-pinning-outside-of-cpuset.patch | 57 ++ ...ap_file-lsm-hook-in-remap_file_pages.patch | 77 +++ ...ate-data-race-in-migrate_folio_unmap.patch | 92 ++++ queue-6.11/series | 9 + 10 files changed, 966 insertions(+) create mode 100644 queue-6.11/drm-amd-display-add-dsc-debug-log.patch create mode 100644 queue-6.11/drm-amd-display-fix-synaptics-cascaded-panamera-dsc-determination.patch create mode 100644 queue-6.11/drm-amdgpu-display-fix-a-mistake-in-revert-commit.patch create mode 100644 queue-6.11/fuse-use-exclusive-lock-when-fuse_i_cache_io_mode-is-set.patch create mode 100644 queue-6.11/io_uring-check-for-presence-of-task_work-rather-than-tif_notify_signal.patch create mode 100644 queue-6.11/io_uring-rw-treat-eopnotsupp-for-iocb_nowait-like-eagain.patch create mode 100644 queue-6.11/io_uring-sqpoll-do-not-allow-pinning-outside-of-cpuset.patch create mode 100644 queue-6.11/mm-call-the-security_mmap_file-lsm-hook-in-remap_file_pages.patch create mode 100644 queue-6.11/mm-migrate-annotate-data-race-in-migrate_folio_unmap.patch diff --git a/queue-6.11/drm-amd-display-add-dsc-debug-log.patch b/queue-6.11/drm-amd-display-add-dsc-debug-log.patch new file mode 100644 index 00000000000..aa5bae9d8e2 --- /dev/null +++ b/queue-6.11/drm-amd-display-add-dsc-debug-log.patch @@ -0,0 +1,515 @@ +From 3715112c1b35036039e8c4f75868a0b56a71a51d Mon Sep 17 00:00:00 2001 +From: Fangzhi Zuo +Date: Fri, 2 Aug 2024 15:03:39 -0400 +Subject: drm/amd/display: Add DSC Debug Log + +From: Fangzhi Zuo + +commit 3715112c1b35036039e8c4f75868a0b56a71a51d upstream. + +Add DSC log in each critical routines to facilitate debugging. + +Reviewed-by: Rodrigo Siqueira +Signed-off-by: Fangzhi Zuo +Signed-off-by: Zaeem Mohamed +Tested-by: Daniel Wheeler +Signed-off-by: Alex Deucher +Cc: Mario Limonciello +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 9 + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c | 18 - + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 131 +++++++++--- + 3 files changed, 119 insertions(+), 39 deletions(-) + +--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c ++++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c +@@ -6484,7 +6484,8 @@ static void apply_dsc_policy_for_stream( + dc_link_get_highest_encoding_format(aconnector->dc_link), + &stream->timing.dsc_cfg)) { + stream->timing.flags.DSC = 1; +- DRM_DEBUG_DRIVER("%s: [%s] DSC is selected from SST RX\n", __func__, drm_connector->name); ++ DRM_DEBUG_DRIVER("%s: SST_DSC [%s] DSC is selected from SST RX\n", ++ __func__, drm_connector->name); + } + } else if (sink->link->dpcd_caps.dongle_type == DISPLAY_DONGLE_DP_HDMI_CONVERTER) { + timing_bw_in_kbps = dc_bandwidth_in_kbps_from_timing(&stream->timing, +@@ -6503,7 +6504,7 @@ static void apply_dsc_policy_for_stream( + dc_link_get_highest_encoding_format(aconnector->dc_link), + &stream->timing.dsc_cfg)) { + stream->timing.flags.DSC = 1; +- DRM_DEBUG_DRIVER("%s: [%s] DSC is selected from DP-HDMI PCON\n", ++ DRM_DEBUG_DRIVER("%s: SST_DSC [%s] DSC is selected from DP-HDMI PCON\n", + __func__, drm_connector->name); + } + } +@@ -11664,7 +11665,7 @@ static int amdgpu_dm_atomic_check(struct + if (dc_resource_is_dsc_encoding_supported(dc)) { + ret = compute_mst_dsc_configs_for_state(state, dm_state->context, vars); + if (ret) { +- drm_dbg_atomic(dev, "compute_mst_dsc_configs_for_state() failed\n"); ++ drm_dbg_atomic(dev, "MST_DSC compute_mst_dsc_configs_for_state() failed\n"); + ret = -EINVAL; + goto fail; + } +@@ -11685,7 +11686,7 @@ static int amdgpu_dm_atomic_check(struct + */ + ret = drm_dp_mst_atomic_check(state); + if (ret) { +- drm_dbg_atomic(dev, "drm_dp_mst_atomic_check() failed\n"); ++ drm_dbg_atomic(dev, "MST drm_dp_mst_atomic_check() failed\n"); + goto fail; + } + status = dc_validate_global_state(dc, dm_state->context, true); +--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c ++++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c +@@ -759,7 +759,7 @@ static uint8_t write_dsc_enable_synaptic + uint8_t ret = 0; + + drm_dbg_dp(aux->drm_dev, +- "Configure DSC to non-virtual dpcd synaptics\n"); ++ "MST_DSC Configure DSC to non-virtual dpcd synaptics\n"); + + if (enable) { + /* When DSC is enabled on previous boot and reboot with the hub, +@@ -772,7 +772,7 @@ static uint8_t write_dsc_enable_synaptic + apply_synaptics_fifo_reset_wa(aux); + + ret = drm_dp_dpcd_write(aux, DP_DSC_ENABLE, &enable, 1); +- DRM_INFO("Send DSC enable to synaptics\n"); ++ DRM_INFO("MST_DSC Send DSC enable to synaptics\n"); + + } else { + /* Synaptics hub not support virtual dpcd, +@@ -781,7 +781,7 @@ static uint8_t write_dsc_enable_synaptic + */ + if (!stream->link->link_status.link_active) { + ret = drm_dp_dpcd_write(aux, DP_DSC_ENABLE, &enable, 1); +- DRM_INFO("Send DSC disable to synaptics\n"); ++ DRM_INFO("MST_DSC Send DSC disable to synaptics\n"); + } + } + +@@ -823,14 +823,14 @@ bool dm_helpers_dp_write_dsc_enable( + DP_DSC_ENABLE, + &enable_passthrough, 1); + drm_dbg_dp(dev, +- "Sent DSC pass-through enable to virtual dpcd port, ret = %u\n", ++ "MST_DSC Sent DSC pass-through enable to virtual dpcd port, ret = %u\n", + ret); + } + + ret = drm_dp_dpcd_write(aconnector->dsc_aux, + DP_DSC_ENABLE, &enable_dsc, 1); + drm_dbg_dp(dev, +- "Sent DSC decoding enable to %s port, ret = %u\n", ++ "MST_DSC Sent DSC decoding enable to %s port, ret = %u\n", + (port->passthrough_aux) ? "remote RX" : + "virtual dpcd", + ret); +@@ -838,7 +838,7 @@ bool dm_helpers_dp_write_dsc_enable( + ret = drm_dp_dpcd_write(aconnector->dsc_aux, + DP_DSC_ENABLE, &enable_dsc, 1); + drm_dbg_dp(dev, +- "Sent DSC decoding disable to %s port, ret = %u\n", ++ "MST_DSC Sent DSC decoding disable to %s port, ret = %u\n", + (port->passthrough_aux) ? "remote RX" : + "virtual dpcd", + ret); +@@ -848,7 +848,7 @@ bool dm_helpers_dp_write_dsc_enable( + DP_DSC_ENABLE, + &enable_passthrough, 1); + drm_dbg_dp(dev, +- "Sent DSC pass-through disable to virtual dpcd port, ret = %u\n", ++ "MST_DSC Sent DSC pass-through disable to virtual dpcd port, ret = %u\n", + ret); + } + } +@@ -858,12 +858,12 @@ bool dm_helpers_dp_write_dsc_enable( + if (stream->sink->link->dpcd_caps.dongle_type == DISPLAY_DONGLE_NONE) { + ret = dm_helpers_dp_write_dpcd(ctx, stream->link, DP_DSC_ENABLE, &enable_dsc, 1); + drm_dbg_dp(dev, +- "Send DSC %s to SST RX\n", ++ "SST_DSC Send DSC %s to SST RX\n", + enable_dsc ? "enable" : "disable"); + } else if (stream->sink->link->dpcd_caps.dongle_type == DISPLAY_DONGLE_DP_HDMI_CONVERTER) { + ret = dm_helpers_dp_write_dpcd(ctx, stream->link, DP_DSC_ENABLE, &enable_dsc, 1); + drm_dbg_dp(dev, +- "Send DSC %s to DP-HDMI PCON\n", ++ "SST_DSC Send DSC %s to DP-HDMI PCON\n", + enable_dsc ? "enable" : "disable"); + } + } +--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c ++++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c +@@ -578,6 +578,8 @@ dm_dp_add_mst_connector(struct drm_dp_ms + if (!aconnector) + return NULL; + ++ DRM_DEBUG_DRIVER("%s: Create aconnector 0x%p for port 0x%p\n", __func__, aconnector, port); ++ + connector = &aconnector->base; + aconnector->mst_output_port = port; + aconnector->mst_root = master; +@@ -872,11 +874,11 @@ static void set_dsc_configs_from_fairnes + if (params[i].sink) { + if (params[i].sink->sink_signal != SIGNAL_TYPE_VIRTUAL && + params[i].sink->sink_signal != SIGNAL_TYPE_NONE) +- DRM_DEBUG_DRIVER("%s i=%d dispname=%s\n", __func__, i, ++ DRM_DEBUG_DRIVER("MST_DSC %s i=%d dispname=%s\n", __func__, i, + params[i].sink->edid_caps.display_name); + } + +- DRM_DEBUG_DRIVER("dsc=%d bits_per_pixel=%d pbn=%d\n", ++ DRM_DEBUG_DRIVER("MST_DSC dsc=%d bits_per_pixel=%d pbn=%d\n", + params[i].timing->flags.DSC, + params[i].timing->dsc_cfg.bits_per_pixel, + vars[i + k].pbn); +@@ -1054,6 +1056,7 @@ static int try_disable_dsc(struct drm_at + if (next_index == -1) + break; + ++ DRM_DEBUG_DRIVER("MST_DSC index #%d, try no compression\n", next_index); + vars[next_index].pbn = kbps_to_peak_pbn(params[next_index].bw_range.stream_kbps, fec_overhead_multiplier_x1000); + ret = drm_dp_atomic_find_time_slots(state, + params[next_index].port->mgr, +@@ -1064,9 +1067,11 @@ static int try_disable_dsc(struct drm_at + + ret = drm_dp_mst_atomic_check(state); + if (ret == 0) { ++ DRM_DEBUG_DRIVER("MST_DSC index #%d, greedily disable dsc\n", next_index); + vars[next_index].dsc_enabled = false; + vars[next_index].bpp_x16 = 0; + } else { ++ DRM_DEBUG_DRIVER("MST_DSC index #%d, restore minimum compression\n", next_index); + vars[next_index].pbn = kbps_to_peak_pbn(params[next_index].bw_range.stream_kbps, fec_overhead_multiplier_x1000); + ret = drm_dp_atomic_find_time_slots(state, + params[next_index].port->mgr, +@@ -1082,6 +1087,15 @@ static int try_disable_dsc(struct drm_at + return 0; + } + ++static void log_dsc_params(int count, struct dsc_mst_fairness_vars *vars, int k) ++{ ++ int i; ++ ++ for (i = 0; i < count; i++) ++ DRM_DEBUG_DRIVER("MST_DSC DSC params: stream #%d --- dsc_enabled = %d, bpp_x16 = %d, pbn = %d\n", ++ i, vars[i + k].dsc_enabled, vars[i + k].bpp_x16, vars[i + k].pbn); ++} ++ + static int compute_mst_dsc_configs_for_link(struct drm_atomic_state *state, + struct dc_state *dc_state, + struct dc_link *dc_link, +@@ -1104,6 +1118,7 @@ static int compute_mst_dsc_configs_for_l + return PTR_ERR(mst_state); + + /* Set up params */ ++ DRM_DEBUG_DRIVER("%s: MST_DSC Set up params for %d streams\n", __func__, dc_state->stream_count); + for (i = 0; i < dc_state->stream_count; i++) { + struct dc_dsc_policy dsc_policy = {0}; + +@@ -1145,6 +1160,9 @@ static int compute_mst_dsc_configs_for_l + params[count].bw_range.stream_kbps = dc_bandwidth_in_kbps_from_timing(&stream->timing, + dc_link_get_highest_encoding_format(dc_link)); + ++ DRM_DEBUG_DRIVER("MST_DSC #%d stream 0x%p - max_kbps = %u, min_kbps = %u, uncompressed_kbps = %u\n", ++ count, stream, params[count].bw_range.max_kbps, params[count].bw_range.min_kbps, ++ params[count].bw_range.stream_kbps); + count++; + } + +@@ -1159,6 +1177,7 @@ static int compute_mst_dsc_configs_for_l + *link_vars_start_index += count; + + /* Try no compression */ ++ DRM_DEBUG_DRIVER("MST_DSC Try no compression\n"); + for (i = 0; i < count; i++) { + vars[i + k].aconnector = params[i].aconnector; + vars[i + k].pbn = kbps_to_peak_pbn(params[i].bw_range.stream_kbps, fec_overhead_multiplier_x1000); +@@ -1177,7 +1196,10 @@ static int compute_mst_dsc_configs_for_l + return ret; + } + ++ log_dsc_params(count, vars, k); ++ + /* Try max compression */ ++ DRM_DEBUG_DRIVER("MST_DSC Try max compression\n"); + for (i = 0; i < count; i++) { + if (params[i].compression_possible && params[i].clock_force_enable != DSC_CLK_FORCE_DISABLE) { + vars[i + k].pbn = kbps_to_peak_pbn(params[i].bw_range.min_kbps, fec_overhead_multiplier_x1000); +@@ -1201,14 +1223,26 @@ static int compute_mst_dsc_configs_for_l + if (ret != 0) + return ret; + ++ log_dsc_params(count, vars, k); ++ + /* Optimize degree of compression */ ++ DRM_DEBUG_DRIVER("MST_DSC Try optimize compression\n"); + ret = increase_dsc_bpp(state, mst_state, dc_link, params, vars, count, k); +- if (ret < 0) ++ if (ret < 0) { ++ DRM_DEBUG_DRIVER("MST_DSC Failed to optimize compression\n"); + return ret; ++ } + ++ log_dsc_params(count, vars, k); ++ ++ DRM_DEBUG_DRIVER("MST_DSC Try disable compression\n"); + ret = try_disable_dsc(state, dc_link, params, vars, count, k); +- if (ret < 0) ++ if (ret < 0) { ++ DRM_DEBUG_DRIVER("MST_DSC Failed to disable compression\n"); + return ret; ++ } ++ ++ log_dsc_params(count, vars, k); + + set_dsc_configs_from_fairness_vars(params, vars, count, k); + +@@ -1230,17 +1264,19 @@ static bool is_dsc_need_re_compute( + + /* only check phy used by dsc mst branch */ + if (dc_link->type != dc_connection_mst_branch) +- return false; ++ goto out; + + /* add a check for older MST DSC with no virtual DPCDs */ + if (needs_dsc_aux_workaround(dc_link) && + (!(dc_link->dpcd_caps.dsc_caps.dsc_basic_caps.fields.dsc_support.DSC_SUPPORT || + dc_link->dpcd_caps.dsc_caps.dsc_basic_caps.fields.dsc_support.DSC_PASSTHROUGH_SUPPORT))) +- return false; ++ goto out; + + for (i = 0; i < MAX_PIPES; i++) + stream_on_link[i] = NULL; + ++ DRM_DEBUG_DRIVER("%s: MST_DSC check on %d streams in new dc_state\n", __func__, dc_state->stream_count); ++ + /* check if there is mode change in new request */ + for (i = 0; i < dc_state->stream_count; i++) { + struct drm_crtc_state *new_crtc_state; +@@ -1250,6 +1286,8 @@ static bool is_dsc_need_re_compute( + if (!stream) + continue; + ++ DRM_DEBUG_DRIVER("%s:%d MST_DSC checking #%d stream 0x%p\n", __func__, __LINE__, i, stream); ++ + /* check if stream using the same link for mst */ + if (stream->link != dc_link) + continue; +@@ -1262,8 +1300,11 @@ static bool is_dsc_need_re_compute( + new_stream_on_link_num++; + + new_conn_state = drm_atomic_get_new_connector_state(state, &aconnector->base); +- if (!new_conn_state) ++ if (!new_conn_state) { ++ DRM_DEBUG_DRIVER("%s:%d MST_DSC no new_conn_state for stream 0x%p, aconnector 0x%p\n", ++ __func__, __LINE__, stream, aconnector); + continue; ++ } + + if (IS_ERR(new_conn_state)) + continue; +@@ -1272,21 +1313,36 @@ static bool is_dsc_need_re_compute( + continue; + + new_crtc_state = drm_atomic_get_new_crtc_state(state, new_conn_state->crtc); +- if (!new_crtc_state) ++ if (!new_crtc_state) { ++ DRM_DEBUG_DRIVER("%s:%d MST_DSC no new_crtc_state for crtc of stream 0x%p, aconnector 0x%p\n", ++ __func__, __LINE__, stream, aconnector); + continue; ++ } + + if (IS_ERR(new_crtc_state)) + continue; + + if (new_crtc_state->enable && new_crtc_state->active) { + if (new_crtc_state->mode_changed || new_crtc_state->active_changed || +- new_crtc_state->connectors_changed) +- return true; ++ new_crtc_state->connectors_changed) { ++ DRM_DEBUG_DRIVER("%s:%d MST_DSC dsc recompte required." ++ "stream 0x%p in new dc_state\n", ++ __func__, __LINE__, stream); ++ is_dsc_need_re_compute = true; ++ goto out; ++ } + } + } + +- if (new_stream_on_link_num == 0) +- return false; ++ if (new_stream_on_link_num == 0) { ++ DRM_DEBUG_DRIVER("%s:%d MST_DSC no mode change request for streams in new dc_state\n", ++ __func__, __LINE__); ++ is_dsc_need_re_compute = false; ++ goto out; ++ } ++ ++ DRM_DEBUG_DRIVER("%s: MST_DSC check on %d streams in current dc_state\n", ++ __func__, dc->current_state->stream_count); + + /* check current_state if there stream on link but it is not in + * new request state +@@ -1310,11 +1366,18 @@ static bool is_dsc_need_re_compute( + + if (j == new_stream_on_link_num) { + /* not in new state */ ++ DRM_DEBUG_DRIVER("%s:%d MST_DSC dsc recompute required." ++ "stream 0x%p in current dc_state but not in new dc_state\n", ++ __func__, __LINE__, stream); + is_dsc_need_re_compute = true; + break; + } + } + ++out: ++ DRM_DEBUG_DRIVER("%s: MST_DSC dsc recompute %s\n", ++ __func__, is_dsc_need_re_compute ? "required" : "not required"); ++ + return is_dsc_need_re_compute; + } + +@@ -1343,6 +1406,9 @@ int compute_mst_dsc_configs_for_state(st + + aconnector = (struct amdgpu_dm_connector *)stream->dm_stream_context; + ++ DRM_DEBUG_DRIVER("%s: MST_DSC compute mst dsc configs for stream 0x%p, aconnector 0x%p\n", ++ __func__, stream, aconnector); ++ + if (!aconnector || !aconnector->dc_sink || !aconnector->mst_output_port) + continue; + +@@ -1375,8 +1441,11 @@ int compute_mst_dsc_configs_for_state(st + stream = dc_state->streams[i]; + + if (stream->timing.flags.DSC == 1) +- if (dc_stream_add_dsc_to_resource(stream->ctx->dc, dc_state, stream) != DC_OK) ++ if (dc_stream_add_dsc_to_resource(stream->ctx->dc, dc_state, stream) != DC_OK) { ++ DRM_DEBUG_DRIVER("%s:%d MST_DSC Failed to request dsc hw resource for stream 0x%p\n", ++ __func__, __LINE__, stream); + return -EINVAL; ++ } + } + + return ret; +@@ -1405,6 +1474,9 @@ static int pre_compute_mst_dsc_configs_f + + aconnector = (struct amdgpu_dm_connector *)stream->dm_stream_context; + ++ DRM_DEBUG_DRIVER("MST_DSC pre compute mst dsc configs for #%d stream 0x%p, aconnector 0x%p\n", ++ i, stream, aconnector); ++ + if (!aconnector || !aconnector->dc_sink || !aconnector->mst_output_port) + continue; + +@@ -1494,12 +1566,12 @@ int pre_validate_dsc(struct drm_atomic_s + int ret = 0; + + if (!is_dsc_precompute_needed(state)) { +- DRM_INFO_ONCE("DSC precompute is not needed.\n"); ++ DRM_INFO_ONCE("%s:%d MST_DSC dsc precompute is not needed\n", __func__, __LINE__); + return 0; + } + ret = dm_atomic_get_state(state, dm_state_ptr); + if (ret != 0) { +- DRM_INFO_ONCE("dm_atomic_get_state() failed\n"); ++ DRM_INFO_ONCE("%s:%d MST_DSC dm_atomic_get_state() failed\n", __func__, __LINE__); + return ret; + } + dm_state = *dm_state_ptr; +@@ -1553,7 +1625,8 @@ int pre_validate_dsc(struct drm_atomic_s + + ret = pre_compute_mst_dsc_configs_for_state(state, local_dc_state, vars); + if (ret != 0) { +- DRM_INFO_ONCE("pre_compute_mst_dsc_configs_for_state() failed\n"); ++ DRM_INFO_ONCE("%s:%d MST_DSC dsc pre_compute_mst_dsc_configs_for_state() failed\n", ++ __func__, __LINE__); + ret = -EINVAL; + goto clean_exit; + } +@@ -1567,12 +1640,15 @@ int pre_validate_dsc(struct drm_atomic_s + + if (local_dc_state->streams[i] && + dc_is_timing_changed(stream, local_dc_state->streams[i])) { +- DRM_INFO_ONCE("crtc[%d] needs mode_changed\n", i); ++ DRM_INFO_ONCE("%s:%d MST_DSC crtc[%d] needs mode_change\n", __func__, __LINE__, i); + } else { + int ind = find_crtc_index_in_state_by_stream(state, stream); + +- if (ind >= 0) ++ if (ind >= 0) { ++ DRM_INFO_ONCE("%s:%d MST_DSC no mode changed for stream 0x%p\n", ++ __func__, __LINE__, stream); + state->crtcs[ind].new_state->mode_changed = 0; ++ } + } + } + clean_exit: +@@ -1697,7 +1773,7 @@ enum dc_status dm_dp_mst_is_port_support + end_to_end_bw_in_kbps = min(root_link_bw_in_kbps, virtual_channel_bw_in_kbps); + + if (stream_kbps <= end_to_end_bw_in_kbps) { +- DRM_DEBUG_DRIVER("No DSC needed. End-to-end bw sufficient."); ++ DRM_DEBUG_DRIVER("MST_DSC no dsc required. End-to-end bw sufficient\n"); + return DC_OK; + } + +@@ -1710,7 +1786,8 @@ enum dc_status dm_dp_mst_is_port_support + /*capable of dsc passthough. dsc bitstream along the entire path*/ + if (aconnector->mst_output_port->passthrough_aux) { + if (bw_range.min_kbps > end_to_end_bw_in_kbps) { +- DRM_DEBUG_DRIVER("DSC passthrough. Max dsc compression can't fit into end-to-end bw\n"); ++ DRM_DEBUG_DRIVER("MST_DSC dsc passthrough and decode at endpoint" ++ "Max dsc compression bw can't fit into end-to-end bw\n"); + return DC_FAIL_BANDWIDTH_VALIDATE; + } + } else { +@@ -1721,7 +1798,8 @@ enum dc_status dm_dp_mst_is_port_support + /*Get last DP link BW capability*/ + if (dp_get_link_current_set_bw(&aconnector->mst_output_port->aux, &end_link_bw)) { + if (stream_kbps > end_link_bw) { +- DRM_DEBUG_DRIVER("DSC decode at last link. Mode required bw can't fit into available bw\n"); ++ DRM_DEBUG_DRIVER("MST_DSC dsc decode at last link." ++ "Mode required bw can't fit into last link\n"); + return DC_FAIL_BANDWIDTH_VALIDATE; + } + } +@@ -1734,7 +1812,8 @@ enum dc_status dm_dp_mst_is_port_support + virtual_channel_bw_in_kbps = kbps_from_pbn(immediate_upstream_port->full_pbn); + virtual_channel_bw_in_kbps = min(root_link_bw_in_kbps, virtual_channel_bw_in_kbps); + if (bw_range.min_kbps > virtual_channel_bw_in_kbps) { +- DRM_DEBUG_DRIVER("DSC decode at last link. Max dsc compression can't fit into MST available bw\n"); ++ DRM_DEBUG_DRIVER("MST_DSC dsc decode at last link." ++ "Max dsc compression can't fit into MST available bw\n"); + return DC_FAIL_BANDWIDTH_VALIDATE; + } + } +@@ -1751,9 +1830,9 @@ enum dc_status dm_dp_mst_is_port_support + dc_link_get_highest_encoding_format(stream->link), + &stream->timing.dsc_cfg)) { + stream->timing.flags.DSC = 1; +- DRM_DEBUG_DRIVER("Require dsc and dsc config found\n"); ++ DRM_DEBUG_DRIVER("MST_DSC require dsc and dsc config found\n"); + } else { +- DRM_DEBUG_DRIVER("Require dsc but can't find appropriate dsc config\n"); ++ DRM_DEBUG_DRIVER("MST_DSC require dsc but can't find appropriate dsc config\n"); + return DC_FAIL_BANDWIDTH_VALIDATE; + } + +@@ -1775,11 +1854,11 @@ enum dc_status dm_dp_mst_is_port_support + + if (branch_max_throughput_mps != 0 && + ((stream->timing.pix_clk_100hz / 10) > branch_max_throughput_mps * 1000)) { +- DRM_DEBUG_DRIVER("DSC is required but max throughput mps fails"); ++ DRM_DEBUG_DRIVER("MST_DSC require dsc but max throughput mps fails\n"); + return DC_FAIL_BANDWIDTH_VALIDATE; + } + } else { +- DRM_DEBUG_DRIVER("DSC is required but can't find common dsc config."); ++ DRM_DEBUG_DRIVER("MST_DSC require dsc but can't find common dsc config\n"); + return DC_FAIL_BANDWIDTH_VALIDATE; + } + #endif diff --git a/queue-6.11/drm-amd-display-fix-synaptics-cascaded-panamera-dsc-determination.patch b/queue-6.11/drm-amd-display-fix-synaptics-cascaded-panamera-dsc-determination.patch new file mode 100644 index 00000000000..a24a2407666 --- /dev/null +++ b/queue-6.11/drm-amd-display-fix-synaptics-cascaded-panamera-dsc-determination.patch @@ -0,0 +1,34 @@ +From 4437936c6b696b98f3fe1d8679a2788c41b4df77 Mon Sep 17 00:00:00 2001 +From: Fangzhi Zuo +Date: Mon, 12 Aug 2024 12:13:44 -0400 +Subject: drm/amd/display: Fix Synaptics Cascaded Panamera DSC Determination + +From: Fangzhi Zuo + +commit 4437936c6b696b98f3fe1d8679a2788c41b4df77 upstream. + +Synaptics Cascaded Panamera topology needs to unconditionally +acquire root aux for dsc decoding. + +Reviewed-by: Roman Li +Signed-off-by: Fangzhi Zuo +Signed-off-by: Zaeem Mohamed +Tested-by: Daniel Wheeler +Signed-off-by: Alex Deucher +Cc: Mario Limonciello +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c ++++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c +@@ -253,7 +253,7 @@ static bool validate_dsc_caps_on_connect + aconnector->dsc_aux = &aconnector->mst_root->dm_dp_aux.aux; + + /* synaptics cascaded MST hub case */ +- if (!aconnector->dsc_aux && is_synaptics_cascaded_panamera(aconnector->dc_link, port)) ++ if (is_synaptics_cascaded_panamera(aconnector->dc_link, port)) + aconnector->dsc_aux = port->mgr->aux; + + if (!aconnector->dsc_aux) diff --git a/queue-6.11/drm-amdgpu-display-fix-a-mistake-in-revert-commit.patch b/queue-6.11/drm-amdgpu-display-fix-a-mistake-in-revert-commit.patch new file mode 100644 index 00000000000..12abddc9cc4 --- /dev/null +++ b/queue-6.11/drm-amdgpu-display-fix-a-mistake-in-revert-commit.patch @@ -0,0 +1,36 @@ +From 7745a1dee0a687044888179e6e7fcd6d704992a9 Mon Sep 17 00:00:00 2001 +From: Fangzhi Zuo +Date: Tue, 27 Aug 2024 16:08:13 -0400 +Subject: drm/amdgpu/display: Fix a mistake in revert commit + +From: Fangzhi Zuo + +commit 7745a1dee0a687044888179e6e7fcd6d704992a9 upstream. + +[why] +It is to fix in try_disable_dsc() due to misrevert of +commit 338567d17627 ("drm/amd/display: Fix MST BW calculation Regression") + +[How] +Fix restoring minimum compression bw by 'max_kbps', instead of native bw 'stream_kbps' + +Signed-off-by: Fangzhi Zuo +Reviewed-by: Aurabindo Pillai +Signed-off-by: Alex Deucher +Cc: Mario Limonciello +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c ++++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c +@@ -1072,7 +1072,7 @@ static int try_disable_dsc(struct drm_at + vars[next_index].bpp_x16 = 0; + } else { + DRM_DEBUG_DRIVER("MST_DSC index #%d, restore minimum compression\n", next_index); +- vars[next_index].pbn = kbps_to_peak_pbn(params[next_index].bw_range.stream_kbps, fec_overhead_multiplier_x1000); ++ vars[next_index].pbn = kbps_to_peak_pbn(params[next_index].bw_range.max_kbps, fec_overhead_multiplier_x1000); + ret = drm_dp_atomic_find_time_slots(state, + params[next_index].port->mgr, + params[next_index].port, diff --git a/queue-6.11/fuse-use-exclusive-lock-when-fuse_i_cache_io_mode-is-set.patch b/queue-6.11/fuse-use-exclusive-lock-when-fuse_i_cache_io_mode-is-set.patch new file mode 100644 index 00000000000..6546a82bfed --- /dev/null +++ b/queue-6.11/fuse-use-exclusive-lock-when-fuse_i_cache_io_mode-is-set.patch @@ -0,0 +1,34 @@ +From 2f3d8ff457982f4055fe8f7bf19d3821ba22c376 Mon Sep 17 00:00:00 2001 +From: yangyun +Date: Sat, 14 Sep 2024 16:51:31 +0800 +Subject: fuse: use exclusive lock when FUSE_I_CACHE_IO_MODE is set + +From: yangyun + +commit 2f3d8ff457982f4055fe8f7bf19d3821ba22c376 upstream. + +This may be a typo. The comment has said shared locks are +not allowed when this bit is set. If using shared lock, the +wait in `fuse_file_cached_io_open` may be forever. + +Fixes: 205c1d802683 ("fuse: allow parallel dio writes with FUSE_DIRECT_IO_ALLOW_MMAP") +CC: stable@vger.kernel.org # v6.9 +Signed-off-by: yangyun +Reviewed-by: Bernd Schubert +Signed-off-by: Miklos Szeredi +Signed-off-by: Greg Kroah-Hartman +--- + fs/fuse/file.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/fuse/file.c ++++ b/fs/fuse/file.c +@@ -1345,7 +1345,7 @@ static bool fuse_dio_wr_exclusive_lock(s + + /* shared locks are not allowed with parallel page cache IO */ + if (test_bit(FUSE_I_CACHE_IO_MODE, &fi->state)) +- return false; ++ return true; + + /* Parallel dio beyond EOF is not supported, at least for now. */ + if (fuse_io_past_eof(iocb, from)) diff --git a/queue-6.11/io_uring-check-for-presence-of-task_work-rather-than-tif_notify_signal.patch b/queue-6.11/io_uring-check-for-presence-of-task_work-rather-than-tif_notify_signal.patch new file mode 100644 index 00000000000..55ee0f5d6f7 --- /dev/null +++ b/queue-6.11/io_uring-check-for-presence-of-task_work-rather-than-tif_notify_signal.patch @@ -0,0 +1,66 @@ +From 04beb6e0e08c30c6f845f50afb7d7953603d7a6f Mon Sep 17 00:00:00 2001 +From: Jens Axboe +Date: Wed, 18 Sep 2024 11:58:19 -0600 +Subject: io_uring: check for presence of task_work rather than TIF_NOTIFY_SIGNAL + +From: Jens Axboe + +commit 04beb6e0e08c30c6f845f50afb7d7953603d7a6f upstream. + +If some part of the kernel adds task_work that needs executing, in terms +of signaling it'll generally use TWA_SIGNAL or TWA_RESUME. Those two +directly translate to TIF_NOTIFY_SIGNAL or TIF_NOTIFY_RESUME, and can +be used for a variety of use case outside of task_work. + +However, io_cqring_wait_schedule() only tests explicitly for +TIF_NOTIFY_SIGNAL. This means it can miss if task_work got added for +the task, but used a different kind of signaling mechanism (or none at +all). Normally this doesn't matter as any task_work will be run once +the task exits to userspace, except if: + +1) The ring is setup with DEFER_TASKRUN +2) The local work item may generate normal task_work + +For condition 2, this can happen when closing a file and it's the final +put of that file, for example. This can cause stalls where a task is +waiting to make progress inside io_cqring_wait(), but there's nothing else +that will wake it up. Hence change the "should we schedule or loop around" +check to check for the presence of task_work explicitly, rather than just +TIF_NOTIFY_SIGNAL as the mechanism. While in there, also change the +ordering of what type of task_work first in terms of ordering, to both +make it consistent with other task_work runs in io_uring, but also to +better handle the case of defer task_work generating normal task_work, +like in the above example. + +Reported-by: Jan Hendrik Farr +Link: https://github.com/axboe/liburing/issues/1235 +Cc: stable@vger.kernel.org +Fixes: 846072f16eed ("io_uring: mimimise io_cqring_wait_schedule") +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman +--- + io_uring/io_uring.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/io_uring/io_uring.c ++++ b/io_uring/io_uring.c +@@ -2360,7 +2360,7 @@ static inline int io_cqring_wait_schedul + return 1; + if (unlikely(!llist_empty(&ctx->work_llist))) + return 1; +- if (unlikely(test_thread_flag(TIF_NOTIFY_SIGNAL))) ++ if (unlikely(task_work_pending(current))) + return 1; + if (unlikely(task_sigpending(current))) + return -EINTR; +@@ -2463,9 +2463,9 @@ static int io_cqring_wait(struct io_ring + * If we got woken because of task_work being processed, run it + * now rather than let the caller do another wait loop. + */ +- io_run_task_work(); + if (!llist_empty(&ctx->work_llist)) + io_run_local_work(ctx, nr_wait); ++ io_run_task_work(); + + /* + * Non-local task_work will be run on exit to userspace, but diff --git a/queue-6.11/io_uring-rw-treat-eopnotsupp-for-iocb_nowait-like-eagain.patch b/queue-6.11/io_uring-rw-treat-eopnotsupp-for-iocb_nowait-like-eagain.patch new file mode 100644 index 00000000000..ff841e73808 --- /dev/null +++ b/queue-6.11/io_uring-rw-treat-eopnotsupp-for-iocb_nowait-like-eagain.patch @@ -0,0 +1,46 @@ +From c0a9d496e0fece67db777bd48550376cf2960c47 Mon Sep 17 00:00:00 2001 +From: Jens Axboe +Date: Tue, 10 Sep 2024 08:30:57 -0600 +Subject: io_uring/rw: treat -EOPNOTSUPP for IOCB_NOWAIT like -EAGAIN + +From: Jens Axboe + +commit c0a9d496e0fece67db777bd48550376cf2960c47 upstream. + +Some file systems, ocfs2 in this case, will return -EOPNOTSUPP for +an IOCB_NOWAIT read/write attempt. While this can be argued to be +correct, the usual return value for something that requires blocking +issue is -EAGAIN. + +A refactoring io_uring commit dropped calling kiocb_done() for +negative return values, which is otherwise where we already do that +transformation. To ensure we catch it in both spots, check it in +__io_read() itself as well. + +Reported-by: Robert Sander +Link: https://fosstodon.org/@gurubert@mastodon.gurubert.de/113112431889638440 +Cc: stable@vger.kernel.org +Fixes: a08d195b586a ("io_uring/rw: split io_read() into a helper") +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman +--- + io_uring/rw.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +--- a/io_uring/rw.c ++++ b/io_uring/rw.c +@@ -855,6 +855,14 @@ static int __io_read(struct io_kiocb *re + + ret = io_iter_do_read(rw, &io->iter); + ++ /* ++ * Some file systems like to return -EOPNOTSUPP for an IOCB_NOWAIT ++ * issue, even though they should be returning -EAGAIN. To be safe, ++ * retry from blocking context for either. ++ */ ++ if (ret == -EOPNOTSUPP && force_nonblock) ++ ret = -EAGAIN; ++ + if (ret == -EAGAIN || (req->flags & REQ_F_REISSUE)) { + req->flags &= ~REQ_F_REISSUE; + /* If we can poll, just do that. */ diff --git a/queue-6.11/io_uring-sqpoll-do-not-allow-pinning-outside-of-cpuset.patch b/queue-6.11/io_uring-sqpoll-do-not-allow-pinning-outside-of-cpuset.patch new file mode 100644 index 00000000000..e7dc4ab4827 --- /dev/null +++ b/queue-6.11/io_uring-sqpoll-do-not-allow-pinning-outside-of-cpuset.patch @@ -0,0 +1,57 @@ +From f011c9cf04c06f16b24f583d313d3c012e589e50 Mon Sep 17 00:00:00 2001 +From: Felix Moessbauer +Date: Mon, 9 Sep 2024 17:00:36 +0200 +Subject: io_uring/sqpoll: do not allow pinning outside of cpuset + +From: Felix Moessbauer + +commit f011c9cf04c06f16b24f583d313d3c012e589e50 upstream. + +The submit queue polling threads are userland threads that just never +exit to the userland. When creating the thread with IORING_SETUP_SQ_AFF, +the affinity of the poller thread is set to the cpu specified in +sq_thread_cpu. However, this CPU can be outside of the cpuset defined +by the cgroup cpuset controller. This violates the rules defined by the +cpuset controller and is a potential issue for realtime applications. + +In b7ed6d8ffd6 we fixed the default affinity of the poller thread, in +case no explicit pinning is required by inheriting the one of the +creating task. In case of explicit pinning, the check is more +complicated, as also a cpu outside of the parent cpumask is allowed. +We implemented this by using cpuset_cpus_allowed (that has support for +cgroup cpusets) and testing if the requested cpu is in the set. + +Fixes: 37d1e2e3642e ("io_uring: move SQPOLL thread io-wq forked worker") +Cc: stable@vger.kernel.org # 6.1+ +Signed-off-by: Felix Moessbauer +Link: https://lore.kernel.org/r/20240909150036.55921-1-felix.moessbauer@siemens.com +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman +--- + io_uring/sqpoll.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +--- a/io_uring/sqpoll.c ++++ b/io_uring/sqpoll.c +@@ -10,6 +10,7 @@ + #include + #include + #include ++#include + #include + + #include +@@ -460,10 +461,12 @@ __cold int io_sq_offload_create(struct i + return 0; + + if (p->flags & IORING_SETUP_SQ_AFF) { ++ struct cpumask allowed_mask; + int cpu = p->sq_thread_cpu; + + ret = -EINVAL; +- if (cpu >= nr_cpu_ids || !cpu_online(cpu)) ++ cpuset_cpus_allowed(current, &allowed_mask); ++ if (!cpumask_test_cpu(cpu, &allowed_mask)) + goto err_sqpoll; + sqd->sq_cpu = cpu; + } else { diff --git a/queue-6.11/mm-call-the-security_mmap_file-lsm-hook-in-remap_file_pages.patch b/queue-6.11/mm-call-the-security_mmap_file-lsm-hook-in-remap_file_pages.patch new file mode 100644 index 00000000000..e78b0eac0a6 --- /dev/null +++ b/queue-6.11/mm-call-the-security_mmap_file-lsm-hook-in-remap_file_pages.patch @@ -0,0 +1,77 @@ +From ea7e2d5e49c05e5db1922387b09ca74aa40f46e2 Mon Sep 17 00:00:00 2001 +From: Shu Han +Date: Tue, 17 Sep 2024 17:41:04 +0800 +Subject: mm: call the security_mmap_file() LSM hook in remap_file_pages() + +From: Shu Han + +commit ea7e2d5e49c05e5db1922387b09ca74aa40f46e2 upstream. + +The remap_file_pages syscall handler calls do_mmap() directly, which +doesn't contain the LSM security check. And if the process has called +personality(READ_IMPLIES_EXEC) before and remap_file_pages() is called for +RW pages, this will actually result in remapping the pages to RWX, +bypassing a W^X policy enforced by SELinux. + +So we should check prot by security_mmap_file LSM hook in the +remap_file_pages syscall handler before do_mmap() is called. Otherwise, it +potentially permits an attacker to bypass a W^X policy enforced by +SELinux. + +The bypass is similar to CVE-2016-10044, which bypass the same thing via +AIO and can be found in [1]. + +The PoC: + +$ cat > test.c + +int main(void) { + size_t pagesz = sysconf(_SC_PAGE_SIZE); + int mfd = syscall(SYS_memfd_create, "test", 0); + const char *buf = mmap(NULL, 4 * pagesz, PROT_READ | PROT_WRITE, + MAP_SHARED, mfd, 0); + unsigned int old = syscall(SYS_personality, 0xffffffff); + syscall(SYS_personality, READ_IMPLIES_EXEC | old); + syscall(SYS_remap_file_pages, buf, pagesz, 0, 2, 0); + syscall(SYS_personality, old); + // show the RWX page exists even if W^X policy is enforced + int fd = open("/proc/self/maps", O_RDONLY); + unsigned char buf2[1024]; + while (1) { + int ret = read(fd, buf2, 1024); + if (ret <= 0) break; + write(1, buf2, ret); + } + close(fd); +} + +$ gcc test.c -o test +$ ./test | grep rwx +7f1836c34000-7f1836c35000 rwxs 00002000 00:01 2050 /memfd:test (deleted) + +Link: https://project-zero.issues.chromium.org/issues/42452389 [1] +Cc: stable@vger.kernel.org +Signed-off-by: Shu Han +Acked-by: Stephen Smalley +[PM: subject line tweaks] +Signed-off-by: Paul Moore +Signed-off-by: Greg Kroah-Hartman +--- + mm/mmap.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/mm/mmap.c ++++ b/mm/mmap.c +@@ -3198,8 +3198,12 @@ SYSCALL_DEFINE5(remap_file_pages, unsign + flags |= MAP_LOCKED; + + file = get_file(vma->vm_file); ++ ret = security_mmap_file(vma->vm_file, prot, flags); ++ if (ret) ++ goto out_fput; + ret = do_mmap(vma->vm_file, start, size, + prot, flags, 0, pgoff, &populate, NULL); ++out_fput: + fput(file); + out: + mmap_write_unlock(mm); diff --git a/queue-6.11/mm-migrate-annotate-data-race-in-migrate_folio_unmap.patch b/queue-6.11/mm-migrate-annotate-data-race-in-migrate_folio_unmap.patch new file mode 100644 index 00000000000..7513a4356b8 --- /dev/null +++ b/queue-6.11/mm-migrate-annotate-data-race-in-migrate_folio_unmap.patch @@ -0,0 +1,92 @@ +From 8001070cfbec5cd4ea00b8b48ea51df91122f265 Mon Sep 17 00:00:00 2001 +From: Jeongjun Park +Date: Tue, 24 Sep 2024 22:00:53 +0900 +Subject: mm: migrate: annotate data-race in migrate_folio_unmap() + +From: Jeongjun Park + +commit 8001070cfbec5cd4ea00b8b48ea51df91122f265 upstream. + +I found a report from syzbot [1] + +This report shows that the value can be changed, but in reality, the +value of __folio_set_movable() cannot be changed because it holds the +folio refcount. + +Therefore, it is appropriate to add an annotate to make KCSAN +ignore that data-race. + +[1] + +================================================================== +BUG: KCSAN: data-race in __filemap_remove_folio / migrate_pages_batch + +write to 0xffffea0004b81dd8 of 8 bytes by task 6348 on cpu 0: + page_cache_delete mm/filemap.c:153 [inline] + __filemap_remove_folio+0x1ac/0x2c0 mm/filemap.c:233 + filemap_remove_folio+0x6b/0x1f0 mm/filemap.c:265 + truncate_inode_folio+0x42/0x50 mm/truncate.c:178 + shmem_undo_range+0x25b/0xa70 mm/shmem.c:1028 + shmem_truncate_range mm/shmem.c:1144 [inline] + shmem_evict_inode+0x14d/0x530 mm/shmem.c:1272 + evict+0x2f0/0x580 fs/inode.c:731 + iput_final fs/inode.c:1883 [inline] + iput+0x42a/0x5b0 fs/inode.c:1909 + dentry_unlink_inode+0x24f/0x260 fs/dcache.c:412 + __dentry_kill+0x18b/0x4c0 fs/dcache.c:615 + dput+0x5c/0xd0 fs/dcache.c:857 + __fput+0x3fb/0x6d0 fs/file_table.c:439 + ____fput+0x1c/0x30 fs/file_table.c:459 + task_work_run+0x13a/0x1a0 kernel/task_work.c:228 + resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] + exit_to_user_mode_loop kernel/entry/common.c:114 [inline] + exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline] + __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] + syscall_exit_to_user_mode+0xbe/0x130 kernel/entry/common.c:218 + do_syscall_64+0xd6/0x1c0 arch/x86/entry/common.c:89 + entry_SYSCALL_64_after_hwframe+0x77/0x7f + +read to 0xffffea0004b81dd8 of 8 bytes by task 6342 on cpu 1: + __folio_test_movable include/linux/page-flags.h:699 [inline] + migrate_folio_unmap mm/migrate.c:1199 [inline] + migrate_pages_batch+0x24c/0x1940 mm/migrate.c:1797 + migrate_pages_sync mm/migrate.c:1963 [inline] + migrate_pages+0xff1/0x1820 mm/migrate.c:2072 + do_mbind mm/mempolicy.c:1390 [inline] + kernel_mbind mm/mempolicy.c:1533 [inline] + __do_sys_mbind mm/mempolicy.c:1607 [inline] + __se_sys_mbind+0xf76/0x1160 mm/mempolicy.c:1603 + __x64_sys_mbind+0x78/0x90 mm/mempolicy.c:1603 + x64_sys_call+0x2b4d/0x2d60 arch/x86/include/generated/asm/syscalls_64.h:238 + do_syscall_x64 arch/x86/entry/common.c:52 [inline] + do_syscall_64+0xc9/0x1c0 arch/x86/entry/common.c:83 + entry_SYSCALL_64_after_hwframe+0x77/0x7f + +value changed: 0xffff888127601078 -> 0x0000000000000000 + +Link: https://lkml.kernel.org/r/20240924130053.107490-1-aha310510@gmail.com +Fixes: 7e2a5e5ab217 ("mm: migrate: use __folio_test_movable()") +Signed-off-by: Jeongjun Park +Reported-by: syzbot +Acked-by: David Hildenbrand +Cc: Kefeng Wang +Cc: Matthew Wilcox +Cc: Zi Yan +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman +--- + mm/migrate.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/mm/migrate.c ++++ b/mm/migrate.c +@@ -1118,7 +1118,7 @@ static int migrate_folio_unmap(new_folio + int rc = -EAGAIN; + int old_page_state = 0; + struct anon_vma *anon_vma = NULL; +- bool is_lru = !__folio_test_movable(src); ++ bool is_lru = data_race(!__folio_test_movable(src)); + bool locked = false; + bool dst_locked = false; + diff --git a/queue-6.11/series b/queue-6.11/series index cf4187248e1..3bf0d4764ec 100644 --- a/queue-6.11/series +++ b/queue-6.11/series @@ -506,3 +506,12 @@ netfilter-ctnetlink-compile-ctnetlink_label_size-wit.patch netfilter-nf_tables-use-rcu-chain-hook-list-iterator.patch netfilter-nf_tables-missing-objects-with-no-memcg-ac.patch selftests-netfilter-avoid-hanging-ipvs.sh.patch +io_uring-sqpoll-do-not-allow-pinning-outside-of-cpuset.patch +io_uring-rw-treat-eopnotsupp-for-iocb_nowait-like-eagain.patch +io_uring-check-for-presence-of-task_work-rather-than-tif_notify_signal.patch +fuse-use-exclusive-lock-when-fuse_i_cache_io_mode-is-set.patch +mm-migrate-annotate-data-race-in-migrate_folio_unmap.patch +mm-call-the-security_mmap_file-lsm-hook-in-remap_file_pages.patch +drm-amd-display-fix-synaptics-cascaded-panamera-dsc-determination.patch +drm-amd-display-add-dsc-debug-log.patch +drm-amdgpu-display-fix-a-mistake-in-revert-commit.patch -- 2.47.3