From: Sasha Levin Date: Sat, 7 Jan 2023 17:15:52 +0000 (-0500) Subject: Fixes for 4.19 X-Git-Tag: v5.15.87~52 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d10e968b7e2b8903c523ac3ef775b086b8ed1d58;p=thirdparty%2Fkernel%2Fstable-queue.git Fixes for 4.19 Signed-off-by: Sasha Levin --- diff --git a/queue-4.19/btrfs-replace-strncpy-with-strscpy.patch b/queue-4.19/btrfs-replace-strncpy-with-strscpy.patch new file mode 100644 index 00000000000..2179165b4dd --- /dev/null +++ b/queue-4.19/btrfs-replace-strncpy-with-strscpy.patch @@ -0,0 +1,63 @@ +From 04d8a1bbd7433b32bb4a2940287d699ada8d2e66 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 4 Jan 2023 11:14:45 -0500 +Subject: btrfs: replace strncpy() with strscpy() + +[ Upstream commit 63d5429f68a3d4c4aa27e65a05196c17f86c41d6 ] + +Using strncpy() on NUL-terminated strings are deprecated. To avoid +possible forming of non-terminated string strscpy() should be used. + +Found by Linux Verification Center (linuxtesting.org) with SVACE. + +CC: stable@vger.kernel.org # 4.9+ +Signed-off-by: Artem Chernyshev +Reviewed-by: David Sterba +Signed-off-by: David Sterba +Signed-off-by: Sasha Levin +--- + fs/btrfs/ioctl.c | 9 +++------ + fs/btrfs/rcu-string.h | 6 +++++- + 2 files changed, 8 insertions(+), 7 deletions(-) + +diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c +index 752b5d265284..4f2513388567 100644 +--- a/fs/btrfs/ioctl.c ++++ b/fs/btrfs/ioctl.c +@@ -3234,13 +3234,10 @@ static long btrfs_ioctl_dev_info(struct btrfs_fs_info *fs_info, + di_args->bytes_used = btrfs_device_get_bytes_used(dev); + di_args->total_bytes = btrfs_device_get_total_bytes(dev); + memcpy(di_args->uuid, dev->uuid, sizeof(di_args->uuid)); +- if (dev->name) { +- strncpy(di_args->path, rcu_str_deref(dev->name), +- sizeof(di_args->path) - 1); +- di_args->path[sizeof(di_args->path) - 1] = 0; +- } else { ++ if (dev->name) ++ strscpy(di_args->path, rcu_str_deref(dev->name), sizeof(di_args->path)); ++ else + di_args->path[0] = '\0'; +- } + + out: + rcu_read_unlock(); +diff --git a/fs/btrfs/rcu-string.h b/fs/btrfs/rcu-string.h +index a97dc74a4d3d..02f15321cecc 100644 +--- a/fs/btrfs/rcu-string.h ++++ b/fs/btrfs/rcu-string.h +@@ -18,7 +18,11 @@ static inline struct rcu_string *rcu_string_strdup(const char *src, gfp_t mask) + (len * sizeof(char)), mask); + if (!ret) + return ret; +- strncpy(ret->str, src, len); ++ /* Warn if the source got unexpectedly truncated. */ ++ if (WARN_ON(strscpy(ret->str, src, len) < 0)) { ++ kfree(ret); ++ return NULL; ++ } + return ret; + } + +-- +2.35.1 + diff --git a/queue-4.19/btrfs-send-avoid-unnecessary-backref-lookups-when-fi.patch b/queue-4.19/btrfs-send-avoid-unnecessary-backref-lookups-when-fi.patch new file mode 100644 index 00000000000..ba482b28e65 --- /dev/null +++ b/queue-4.19/btrfs-send-avoid-unnecessary-backref-lookups-when-fi.patch @@ -0,0 +1,107 @@ +From d2685359f36d8f2468fd98c915db59231997cd89 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 1 Nov 2022 16:15:44 +0000 +Subject: btrfs: send: avoid unnecessary backref lookups when finding clone + source + +From: Filipe Manana + +[ Upstream commit 22a3c0ac8ed0043af209a15928ae4c4855b0a4c4 ] + +At find_extent_clone(), unless we are given an inline extent, a file +extent item that represents hole or an extent that starts beyond the +i_size, we always do backref walking to look for clone sources, unless +if we have more than SEND_MAX_EXTENT_REFS (64) known references on the +extent. + +However if we know we only have one reference in the extent item and only +one clone source (the send root), then it's pointless to do the backref +walking to search for clone sources, as we can't clone from any other +root. So skip the backref walking in that case. + +The following test was run on a non-debug kernel (Debian's default kernel +config): + + $ cat test.sh + #!/bin/bash + + DEV=/dev/sdi + MNT=/mnt/sdi + + mkfs.btrfs -f $DEV + mount $DEV $MNT + + # Create an extent tree that's not too small and none of the + # extents is shared. + for ((i = 1; i <= 50000; i++)); do + xfs_io -f -c "pwrite 0 4K" $MNT/file_$i > /dev/null + echo -ne "\r$i files created..." + done + echo + + btrfs subvolume snapshot -r $MNT $MNT/snap + + start=$(date +%s%N) + btrfs send $MNT/snap > /dev/null + end=$(date +%s%N) + + dur=$(( (end - start) / 1000000 )) + echo -e "\nsend took $dur milliseconds" + + umount $MNT + +Before this change: + + send took 5389 milliseconds + +After this change: + + send took 4519 milliseconds (-16.1%) + +Signed-off-by: Filipe Manana +Signed-off-by: David Sterba +Stable-dep-of: 63d5429f68a3 ("btrfs: replace strncpy() with strscpy()") +Signed-off-by: Sasha Levin +--- + fs/btrfs/send.c | 11 ++++++++++- + 1 file changed, 10 insertions(+), 1 deletion(-) + +diff --git a/fs/btrfs/send.c b/fs/btrfs/send.c +index eb2f8e84ffc9..80d248e88761 100644 +--- a/fs/btrfs/send.c ++++ b/fs/btrfs/send.c +@@ -1306,6 +1306,7 @@ static int find_extent_clone(struct send_ctx *sctx, + u64 disk_byte; + u64 num_bytes; + u64 extent_item_pos; ++ u64 extent_refs; + u64 flags = 0; + struct btrfs_file_extent_item *fi; + struct extent_buffer *eb = path->nodes[0]; +@@ -1373,14 +1374,22 @@ static int find_extent_clone(struct send_ctx *sctx, + + ei = btrfs_item_ptr(tmp_path->nodes[0], tmp_path->slots[0], + struct btrfs_extent_item); ++ extent_refs = btrfs_extent_refs(tmp_path->nodes[0], ei); + /* + * Backreference walking (iterate_extent_inodes() below) is currently + * too expensive when an extent has a large number of references, both + * in time spent and used memory. So for now just fallback to write + * operations instead of clone operations when an extent has more than + * a certain amount of references. ++ * ++ * Also, if we have only one reference and only the send root as a clone ++ * source - meaning no clone roots were given in the struct ++ * btrfs_ioctl_send_args passed to the send ioctl - then it's our ++ * reference and there's no point in doing backref walking which is ++ * expensive, so exit early. + */ +- if (btrfs_extent_refs(tmp_path->nodes[0], ei) > SEND_MAX_EXTENT_REFS) { ++ if ((extent_refs == 1 && sctx->clone_roots_cnt == 1) || ++ extent_refs > SEND_MAX_EXTENT_REFS) { + ret = -ENOENT; + goto out; + } +-- +2.35.1 + diff --git a/queue-4.19/media-s5p-mfc-clear-workbit-to-handle-error-conditio.patch b/queue-4.19/media-s5p-mfc-clear-workbit-to-handle-error-conditio.patch new file mode 100644 index 00000000000..ca5bd0d6d85 --- /dev/null +++ b/queue-4.19/media-s5p-mfc-clear-workbit-to-handle-error-conditio.patch @@ -0,0 +1,43 @@ +From ac9f434bfefa980fb11e05791cb7c51e0262218e Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 7 Sep 2022 16:02:26 +0530 +Subject: media: s5p-mfc: Clear workbit to handle error condition + +From: Smitha T Murthy + +[ Upstream commit d3f3c2fe54e30b0636496d842ffbb5ad3a547f9b ] + +During error on CLOSE_INSTANCE command, ctx_work_bits was not getting +cleared. During consequent mfc execution NULL pointer dereferencing of +this context led to kernel panic. This patch fixes this issue by making +sure to clear ctx_work_bits always. + +Fixes: 818cd91ab8c6 ("[media] s5p-mfc: Extract open/close MFC instance commands") +Cc: stable@vger.kernel.org +Cc: linux-fsd@tesla.com +Signed-off-by: Smitha T Murthy +Signed-off-by: Hans Verkuil +Signed-off-by: Sasha Levin +--- + drivers/media/platform/s5p-mfc/s5p_mfc_ctrl.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/drivers/media/platform/s5p-mfc/s5p_mfc_ctrl.c b/drivers/media/platform/s5p-mfc/s5p_mfc_ctrl.c +index ee7b15b335e0..31bbf1cc5388 100644 +--- a/drivers/media/platform/s5p-mfc/s5p_mfc_ctrl.c ++++ b/drivers/media/platform/s5p-mfc/s5p_mfc_ctrl.c +@@ -472,8 +472,10 @@ void s5p_mfc_close_mfc_inst(struct s5p_mfc_dev *dev, struct s5p_mfc_ctx *ctx) + s5p_mfc_hw_call(dev->mfc_ops, try_run, dev); + /* Wait until instance is returned or timeout occurred */ + if (s5p_mfc_wait_for_done_ctx(ctx, +- S5P_MFC_R2H_CMD_CLOSE_INSTANCE_RET, 0)) ++ S5P_MFC_R2H_CMD_CLOSE_INSTANCE_RET, 0)){ ++ clear_work_bit_irqsave(ctx); + mfc_err("Err returning instance\n"); ++ } + + /* Free resources */ + s5p_mfc_hw_call(dev->mfc_ops, release_codec_buffers, ctx); +-- +2.35.1 + diff --git a/queue-4.19/media-s5p-mfc-fix-in-register-read-and-write-for-h26.patch b/queue-4.19/media-s5p-mfc-fix-in-register-read-and-write-for-h26.patch new file mode 100644 index 00000000000..99babe8b912 --- /dev/null +++ b/queue-4.19/media-s5p-mfc-fix-in-register-read-and-write-for-h26.patch @@ -0,0 +1,85 @@ +From 9220e71c8b3755b419983e33bc8c702ed8b6e4c3 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 7 Sep 2022 16:02:25 +0530 +Subject: media: s5p-mfc: Fix in register read and write for H264 + +From: Smitha T Murthy + +[ Upstream commit 06710cd5d2436135046898d7e4b9408c8bb99446 ] + +Few of the H264 encoder registers written were not getting reflected +since the read values were not stored and getting overwritten. + +Fixes: 6a9c6f681257 ("[media] s5p-mfc: Add variants to access mfc registers") + +Cc: stable@vger.kernel.org +Cc: linux-fsd@tesla.com +Signed-off-by: Smitha T Murthy +Signed-off-by: Hans Verkuil +Signed-off-by: Sasha Levin +--- + drivers/media/platform/s5p-mfc/s5p_mfc_opr_v6.c | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +diff --git a/drivers/media/platform/s5p-mfc/s5p_mfc_opr_v6.c b/drivers/media/platform/s5p-mfc/s5p_mfc_opr_v6.c +index 7c629be43205..1171b76df036 100644 +--- a/drivers/media/platform/s5p-mfc/s5p_mfc_opr_v6.c ++++ b/drivers/media/platform/s5p-mfc/s5p_mfc_opr_v6.c +@@ -1063,7 +1063,7 @@ static int s5p_mfc_set_enc_params_h264(struct s5p_mfc_ctx *ctx) + } + + /* aspect ratio VUI */ +- readl(mfc_regs->e_h264_options); ++ reg = readl(mfc_regs->e_h264_options); + reg &= ~(0x1 << 5); + reg |= ((p_h264->vui_sar & 0x1) << 5); + writel(reg, mfc_regs->e_h264_options); +@@ -1086,7 +1086,7 @@ static int s5p_mfc_set_enc_params_h264(struct s5p_mfc_ctx *ctx) + + /* intra picture period for H.264 open GOP */ + /* control */ +- readl(mfc_regs->e_h264_options); ++ reg = readl(mfc_regs->e_h264_options); + reg &= ~(0x1 << 4); + reg |= ((p_h264->open_gop & 0x1) << 4); + writel(reg, mfc_regs->e_h264_options); +@@ -1100,23 +1100,23 @@ static int s5p_mfc_set_enc_params_h264(struct s5p_mfc_ctx *ctx) + } + + /* 'WEIGHTED_BI_PREDICTION' for B is disable */ +- readl(mfc_regs->e_h264_options); ++ reg = readl(mfc_regs->e_h264_options); + reg &= ~(0x3 << 9); + writel(reg, mfc_regs->e_h264_options); + + /* 'CONSTRAINED_INTRA_PRED_ENABLE' is disable */ +- readl(mfc_regs->e_h264_options); ++ reg = readl(mfc_regs->e_h264_options); + reg &= ~(0x1 << 14); + writel(reg, mfc_regs->e_h264_options); + + /* ASO */ +- readl(mfc_regs->e_h264_options); ++ reg = readl(mfc_regs->e_h264_options); + reg &= ~(0x1 << 6); + reg |= ((p_h264->aso & 0x1) << 6); + writel(reg, mfc_regs->e_h264_options); + + /* hier qp enable */ +- readl(mfc_regs->e_h264_options); ++ reg = readl(mfc_regs->e_h264_options); + reg &= ~(0x1 << 8); + reg |= ((p_h264->open_gop & 0x1) << 8); + writel(reg, mfc_regs->e_h264_options); +@@ -1137,7 +1137,7 @@ static int s5p_mfc_set_enc_params_h264(struct s5p_mfc_ctx *ctx) + writel(reg, mfc_regs->e_h264_num_t_layer); + + /* frame packing SEI generation */ +- readl(mfc_regs->e_h264_options); ++ reg = readl(mfc_regs->e_h264_options); + reg &= ~(0x1 << 25); + reg |= ((p_h264->sei_frame_packing & 0x1) << 25); + writel(reg, mfc_regs->e_h264_options); +-- +2.35.1 + diff --git a/queue-4.19/media-s5p-mfc-fix-to-handle-reference-queue-during-f.patch b/queue-4.19/media-s5p-mfc-fix-to-handle-reference-queue-during-f.patch new file mode 100644 index 00000000000..d78c984f069 --- /dev/null +++ b/queue-4.19/media-s5p-mfc-fix-to-handle-reference-queue-during-f.patch @@ -0,0 +1,67 @@ +From 59ea515c99d1aa3f35fb91df7c48857851566ade Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 7 Sep 2022 16:02:27 +0530 +Subject: media: s5p-mfc: Fix to handle reference queue during finishing + +From: Smitha T Murthy + +[ Upstream commit d8a46bc4e1e0446459daa77c4ce14218d32dacf9 ] + +On receiving last buffer driver puts MFC to MFCINST_FINISHING state which +in turn skips transferring of frame from SRC to REF queue. This causes +driver to stop MFC encoding and last frame is lost. + +This patch guarantees safe handling of frames during MFCINST_FINISHING and +correct clearing of workbit to avoid early stopping of encoding. + +Fixes: af9357467810 ("[media] MFC: Add MFC 5.1 V4L2 driver") + +Cc: stable@vger.kernel.org +Cc: linux-fsd@tesla.com +Signed-off-by: Smitha T Murthy +Signed-off-by: Hans Verkuil +Signed-off-by: Sasha Levin +--- + drivers/media/platform/s5p-mfc/s5p_mfc_enc.c | 12 ++++++++++-- + 1 file changed, 10 insertions(+), 2 deletions(-) + +diff --git a/drivers/media/platform/s5p-mfc/s5p_mfc_enc.c b/drivers/media/platform/s5p-mfc/s5p_mfc_enc.c +index 3ad4f5073002..cc8d101eb2b0 100644 +--- a/drivers/media/platform/s5p-mfc/s5p_mfc_enc.c ++++ b/drivers/media/platform/s5p-mfc/s5p_mfc_enc.c +@@ -1224,6 +1224,7 @@ static int enc_post_frame_start(struct s5p_mfc_ctx *ctx) + unsigned long mb_y_addr, mb_c_addr; + int slice_type; + unsigned int strm_size; ++ bool src_ready; + + slice_type = s5p_mfc_hw_call(dev->mfc_ops, get_enc_slice_type, dev); + strm_size = s5p_mfc_hw_call(dev->mfc_ops, get_enc_strm_size, dev); +@@ -1263,7 +1264,8 @@ static int enc_post_frame_start(struct s5p_mfc_ctx *ctx) + } + } + } +- if ((ctx->src_queue_cnt > 0) && (ctx->state == MFCINST_RUNNING)) { ++ if (ctx->src_queue_cnt > 0 && (ctx->state == MFCINST_RUNNING || ++ ctx->state == MFCINST_FINISHING)) { + mb_entry = list_entry(ctx->src_queue.next, struct s5p_mfc_buf, + list); + if (mb_entry->flags & MFC_BUF_FLAG_USED) { +@@ -1294,7 +1296,13 @@ static int enc_post_frame_start(struct s5p_mfc_ctx *ctx) + vb2_set_plane_payload(&mb_entry->b->vb2_buf, 0, strm_size); + vb2_buffer_done(&mb_entry->b->vb2_buf, VB2_BUF_STATE_DONE); + } +- if ((ctx->src_queue_cnt == 0) || (ctx->dst_queue_cnt == 0)) ++ ++ src_ready = true; ++ if (ctx->state == MFCINST_RUNNING && ctx->src_queue_cnt == 0) ++ src_ready = false; ++ if (ctx->state == MFCINST_FINISHING && ctx->ref_queue_cnt == 0) ++ src_ready = false; ++ if (!src_ready || ctx->dst_queue_cnt == 0) + clear_work_bit(ctx); + + return 0; +-- +2.35.1 + diff --git a/queue-4.19/series b/queue-4.19/series index 5f1827135a9..00592d24c13 100644 --- a/queue-4.19/series +++ b/queue-4.19/series @@ -418,3 +418,8 @@ ext4-initialize-quota-before-expanding-inode-in-setproject-ioctl.patch ext4-avoid-unaccounted-block-allocation-when-expanding-inode.patch ext4-allocate-extended-attribute-value-in-vmalloc-area.patch drm-amdgpu-make-display-pinning-more-flexible-v2.patch +btrfs-send-avoid-unnecessary-backref-lookups-when-fi.patch +btrfs-replace-strncpy-with-strscpy.patch +media-s5p-mfc-fix-to-handle-reference-queue-during-f.patch +media-s5p-mfc-clear-workbit-to-handle-error-conditio.patch +media-s5p-mfc-fix-in-register-read-and-write-for-h26.patch