--- /dev/null
+From 052a45c1cb1b32f05dd63a295d65496d8b403283 Mon Sep 17 00:00:00 2001
+From: Suren Baghdasaryan <surenb@google.com>
+Date: Wed, 28 Aug 2024 16:15:36 -0700
+Subject: alloc_tag: fix allocation tag reporting when CONFIG_MODULES=n
+
+From: Suren Baghdasaryan <surenb@google.com>
+
+commit 052a45c1cb1b32f05dd63a295d65496d8b403283 upstream.
+
+codetag_module_init() is used to initialize sections containing allocation
+tags. This function is used to initialize module sections as well as core
+kernel sections, in which case the module parameter is set to NULL. This
+function has to be called even when CONFIG_MODULES=n to initialize core
+kernel allocation tag sections. When CONFIG_MODULES=n, this function is a
+NOP, which is wrong. This leads to /proc/allocinfo reported as empty.
+Fix this by making it independent of CONFIG_MODULES.
+
+Link: https://lkml.kernel.org/r/20240828231536.1770519-1-surenb@google.com
+Fixes: 916cc5167cc6 ("lib: code tagging framework")
+Signed-off-by: Suren Baghdasaryan <surenb@google.com>
+Cc: David Hildenbrand <david@redhat.com>
+Cc: Kees Cook <keescook@chromium.org>
+Cc: Kent Overstreet <kent.overstreet@linux.dev>
+Cc: Pasha Tatashin <pasha.tatashin@soleen.com>
+Cc: Sourav Panda <souravpanda@google.com>
+Cc: Vlastimil Babka <vbabka@suse.cz>
+Cc: <stable@vger.kernel.org> [6.10+]
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ lib/codetag.c | 17 +++++++++++------
+ 1 file changed, 11 insertions(+), 6 deletions(-)
+
+diff --git a/lib/codetag.c b/lib/codetag.c
+index 5ace625f2328..afa8a2d4f317 100644
+--- a/lib/codetag.c
++++ b/lib/codetag.c
+@@ -125,7 +125,6 @@ static inline size_t range_size(const struct codetag_type *cttype,
+ cttype->desc.tag_size;
+ }
+
+-#ifdef CONFIG_MODULES
+ static void *get_symbol(struct module *mod, const char *prefix, const char *name)
+ {
+ DECLARE_SEQ_BUF(sb, KSYM_NAME_LEN);
+@@ -155,6 +154,15 @@ static struct codetag_range get_section_range(struct module *mod,
+ };
+ }
+
++static const char *get_mod_name(__maybe_unused struct module *mod)
++{
++#ifdef CONFIG_MODULES
++ if (mod)
++ return mod->name;
++#endif
++ return "(built-in)";
++}
++
+ static int codetag_module_init(struct codetag_type *cttype, struct module *mod)
+ {
+ struct codetag_range range;
+@@ -164,8 +172,7 @@ static int codetag_module_init(struct codetag_type *cttype, struct module *mod)
+ range = get_section_range(mod, cttype->desc.section);
+ if (!range.start || !range.stop) {
+ pr_warn("Failed to load code tags of type %s from the module %s\n",
+- cttype->desc.section,
+- mod ? mod->name : "(built-in)");
++ cttype->desc.section, get_mod_name(mod));
+ return -EINVAL;
+ }
+
+@@ -199,6 +206,7 @@ static int codetag_module_init(struct codetag_type *cttype, struct module *mod)
+ return 0;
+ }
+
++#ifdef CONFIG_MODULES
+ void codetag_load_module(struct module *mod)
+ {
+ struct codetag_type *cttype;
+@@ -248,9 +256,6 @@ bool codetag_unload_module(struct module *mod)
+
+ return unload_ok;
+ }
+-
+-#else /* CONFIG_MODULES */
+-static int codetag_module_init(struct codetag_type *cttype, struct module *mod) { return 0; }
+ #endif /* CONFIG_MODULES */
+
+ struct codetag_type *
+--
+2.46.0
+
--- /dev/null
+From 7dd9c26bd6cf679bcfdef01a8659791aa6487a29 Mon Sep 17 00:00:00 2001
+From: Simon Arlott <simon@octiron.net>
+Date: Thu, 22 Aug 2024 08:25:07 +0100
+Subject: can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open
+
+From: Simon Arlott <simon@octiron.net>
+
+commit 7dd9c26bd6cf679bcfdef01a8659791aa6487a29 upstream.
+
+The mcp251x_hw_wake() function is called with the mpc_lock mutex held and
+disables the interrupt handler so that no interrupts can be processed while
+waking the device. If an interrupt has already occurred then waiting for
+the interrupt handler to complete will deadlock because it will be trying
+to acquire the same mutex.
+
+CPU0 CPU1
+---- ----
+mcp251x_open()
+ mutex_lock(&priv->mcp_lock)
+ request_threaded_irq()
+ <interrupt>
+ mcp251x_can_ist()
+ mutex_lock(&priv->mcp_lock)
+ mcp251x_hw_wake()
+ disable_irq() <-- deadlock
+
+Use disable_irq_nosync() instead because the interrupt handler does
+everything while holding the mutex so it doesn't matter if it's still
+running.
+
+Fixes: 8ce8c0abcba3 ("can: mcp251x: only reset hardware as required")
+Signed-off-by: Simon Arlott <simon@octiron.net>
+Reviewed-by: Przemek Kitszel <przemyslaw.kitszel@intel.com>
+Cc: stable@vger.kernel.org
+Link: https://lore.kernel.org/all/4fc08687-1d80-43fe-9f0d-8ef8475e75f6@0882a8b5-c6c3-11e9-b005-00805fc181fe.uuid.home.arpa
+Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/can/spi/mcp251x.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/net/can/spi/mcp251x.c
++++ b/drivers/net/can/spi/mcp251x.c
+@@ -753,7 +753,7 @@ static int mcp251x_hw_wake(struct spi_de
+ int ret;
+
+ /* Force wakeup interrupt to wake device, but don't execute IST */
+- disable_irq(spi->irq);
++ disable_irq_nosync(spi->irq);
+ mcp251x_write_2regs(spi, CANINTE, CANINTE_WAKIE, CANINTF_WAKIF);
+
+ /* Wait for oscillator startup timer after wake up */
--- /dev/null
+From 2c4553e6c485a96b5d86989eb9654bf20e51e6dd Mon Sep 17 00:00:00 2001
+From: Satya Priya Kakitapalli <quic_skakitap@quicinc.com>
+Date: Wed, 31 Jul 2024 11:59:09 +0530
+Subject: clk: qcom: clk-alpha-pll: Fix the pll post div mask
+
+From: Satya Priya Kakitapalli <quic_skakitap@quicinc.com>
+
+commit 2c4553e6c485a96b5d86989eb9654bf20e51e6dd upstream.
+
+The PLL_POST_DIV_MASK should be 0 to (width - 1) bits. Fix it.
+
+Fixes: 1c3541145cbf ("clk: qcom: support for 2 bit PLL post divider")
+Cc: stable@vger.kernel.org
+Reviewed-by: Konrad Dybcio <konrad.dybcio@linaro.org>
+Signed-off-by: Satya Priya Kakitapalli <quic_skakitap@quicinc.com>
+Link: https://lore.kernel.org/r/20240731062916.2680823-2-quic_skakitap@quicinc.com
+Signed-off-by: Bjorn Andersson <andersson@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/clk/qcom/clk-alpha-pll.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/clk/qcom/clk-alpha-pll.c
++++ b/drivers/clk/qcom/clk-alpha-pll.c
+@@ -40,7 +40,7 @@
+
+ #define PLL_USER_CTL(p) ((p)->offset + (p)->regs[PLL_OFF_USER_CTL])
+ # define PLL_POST_DIV_SHIFT 8
+-# define PLL_POST_DIV_MASK(p) GENMASK((p)->width, 0)
++# define PLL_POST_DIV_MASK(p) GENMASK((p)->width - 1, 0)
+ # define PLL_ALPHA_EN BIT(24)
+ # define PLL_ALPHA_MODE BIT(25)
+ # define PLL_VCO_SHIFT 20
--- /dev/null
+From 4ad1ed6ef27cab94888bb3c740c14042d5c0dff2 Mon Sep 17 00:00:00 2001
+From: Satya Priya Kakitapalli <quic_skakitap@quicinc.com>
+Date: Wed, 31 Jul 2024 11:59:10 +0530
+Subject: clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API
+
+From: Satya Priya Kakitapalli <quic_skakitap@quicinc.com>
+
+commit 4ad1ed6ef27cab94888bb3c740c14042d5c0dff2 upstream.
+
+Correct the pll postdiv shift used in clk_trion_pll_postdiv_set_rate
+API. The shift value is not same for different types of plls and
+should be taken from the pll's .post_div_shift member.
+
+Fixes: 548a909597d5 ("clk: qcom: clk-alpha-pll: Add support for Trion PLLs")
+Cc: stable@vger.kernel.org
+Signed-off-by: Satya Priya Kakitapalli <quic_skakitap@quicinc.com>
+Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
+Link: https://lore.kernel.org/r/20240731062916.2680823-3-quic_skakitap@quicinc.com
+Signed-off-by: Bjorn Andersson <andersson@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/clk/qcom/clk-alpha-pll.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/clk/qcom/clk-alpha-pll.c
++++ b/drivers/clk/qcom/clk-alpha-pll.c
+@@ -1505,8 +1505,8 @@ clk_trion_pll_postdiv_set_rate(struct cl
+ }
+
+ return regmap_update_bits(regmap, PLL_USER_CTL(pll),
+- PLL_POST_DIV_MASK(pll) << PLL_POST_DIV_SHIFT,
+- val << PLL_POST_DIV_SHIFT);
++ PLL_POST_DIV_MASK(pll) << pll->post_div_shift,
++ val << pll->post_div_shift);
+ }
+
+ const struct clk_ops clk_alpha_pll_postdiv_trion_ops = {
--- /dev/null
+From 85e8ee59dfde1a7b847fbed0778391392cd985cb Mon Sep 17 00:00:00 2001
+From: Satya Priya Kakitapalli <quic_skakitap@quicinc.com>
+Date: Wed, 31 Jul 2024 11:59:11 +0530
+Subject: clk: qcom: clk-alpha-pll: Fix zonda set_rate failure when PLL is disabled
+
+From: Satya Priya Kakitapalli <quic_skakitap@quicinc.com>
+
+commit 85e8ee59dfde1a7b847fbed0778391392cd985cb upstream.
+
+Currently, clk_zonda_pll_set_rate polls for the PLL to lock even if the
+PLL is disabled. However, if the PLL is disabled then LOCK_DET will
+never assert and we'll return an error. There is no reason to poll
+LOCK_DET if the PLL is already disabled, so skip polling in this case.
+
+Fixes: f21b6bfecc27 ("clk: qcom: clk-alpha-pll: add support for zonda pll")
+Cc: stable@vger.kernel.org
+Signed-off-by: Satya Priya Kakitapalli <quic_skakitap@quicinc.com>
+Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
+Link: https://lore.kernel.org/r/20240731062916.2680823-4-quic_skakitap@quicinc.com
+Signed-off-by: Bjorn Andersson <andersson@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/clk/qcom/clk-alpha-pll.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/drivers/clk/qcom/clk-alpha-pll.c
++++ b/drivers/clk/qcom/clk-alpha-pll.c
+@@ -2089,6 +2089,9 @@ static int clk_zonda_pll_set_rate(struct
+ regmap_write(pll->clkr.regmap, PLL_ALPHA_VAL(pll), a);
+ regmap_write(pll->clkr.regmap, PLL_L_VAL(pll), l);
+
++ if (!clk_hw_is_enabled(hw))
++ return 0;
++
+ /* Wait before polling for the frequency latch */
+ udelay(5);
+
--- /dev/null
+From f4973130d255dd4811006f5822d4fa4d0de9d712 Mon Sep 17 00:00:00 2001
+From: Satya Priya Kakitapalli <quic_skakitap@quicinc.com>
+Date: Wed, 31 Jul 2024 11:59:12 +0530
+Subject: clk: qcom: clk-alpha-pll: Update set_rate for Zonda PLL
+
+From: Satya Priya Kakitapalli <quic_skakitap@quicinc.com>
+
+commit f4973130d255dd4811006f5822d4fa4d0de9d712 upstream.
+
+The Zonda PLL has a 16 bit signed alpha and in the cases where the alpha
+value is greater than 0.5, the L value needs to be adjusted accordingly.
+Thus update the logic to handle the signed alpha val.
+
+Fixes: f21b6bfecc27 ("clk: qcom: clk-alpha-pll: add support for zonda pll")
+Cc: stable@vger.kernel.org
+Signed-off-by: Satya Priya Kakitapalli <quic_skakitap@quicinc.com>
+Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
+Link: https://lore.kernel.org/r/20240731062916.2680823-5-quic_skakitap@quicinc.com
+Signed-off-by: Bjorn Andersson <andersson@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/clk/qcom/clk-alpha-pll.c | 16 ++++++++++++++++
+ 1 file changed, 16 insertions(+)
+
+--- a/drivers/clk/qcom/clk-alpha-pll.c
++++ b/drivers/clk/qcom/clk-alpha-pll.c
+@@ -41,6 +41,7 @@
+ #define PLL_USER_CTL(p) ((p)->offset + (p)->regs[PLL_OFF_USER_CTL])
+ # define PLL_POST_DIV_SHIFT 8
+ # define PLL_POST_DIV_MASK(p) GENMASK((p)->width - 1, 0)
++# define PLL_ALPHA_MSB BIT(15)
+ # define PLL_ALPHA_EN BIT(24)
+ # define PLL_ALPHA_MODE BIT(25)
+ # define PLL_VCO_SHIFT 20
+@@ -2070,6 +2071,18 @@ static void clk_zonda_pll_disable(struct
+ regmap_write(regmap, PLL_OPMODE(pll), 0x0);
+ }
+
++static void zonda_pll_adjust_l_val(unsigned long rate, unsigned long prate, u32 *l)
++{
++ u64 remainder, quotient;
++
++ quotient = rate;
++ remainder = do_div(quotient, prate);
++ *l = quotient;
++
++ if ((remainder * 2) / prate)
++ *l = *l + 1;
++}
++
+ static int clk_zonda_pll_set_rate(struct clk_hw *hw, unsigned long rate,
+ unsigned long prate)
+ {
+@@ -2086,6 +2099,9 @@ static int clk_zonda_pll_set_rate(struct
+ if (ret < 0)
+ return ret;
+
++ if (a & PLL_ALPHA_MSB)
++ zonda_pll_adjust_l_val(rate, prate, &l);
++
+ regmap_write(pll->clkr.regmap, PLL_ALPHA_VAL(pll), a);
+ regmap_write(pll->clkr.regmap, PLL_L_VAL(pll), l);
+
--- /dev/null
+From 538d5477b25289ac5d46ca37b9e5b4d685cbe019 Mon Sep 17 00:00:00 2001
+From: Xingyu Wu <xingyu.wu@starfivetech.com>
+Date: Mon, 26 Aug 2024 16:04:29 +0800
+Subject: clk: starfive: jh7110-sys: Add notifier for PLL0 clock
+
+From: Xingyu Wu <xingyu.wu@starfivetech.com>
+
+commit 538d5477b25289ac5d46ca37b9e5b4d685cbe019 upstream.
+
+Add notifier function for PLL0 clock. In the function, the cpu_root clock
+should be operated by saving its current parent and setting a new safe
+parent (osc clock) before setting the PLL0 clock rate. After setting PLL0
+rate, it should be switched back to the original parent clock.
+
+Fixes: e2c510d6d630 ("riscv: dts: starfive: Add cpu scaling for JH7110 SoC")
+Cc: stable@vger.kernel.org
+Reviewed-by: Emil Renner Berthing <emil.renner.berthing@canonical.com>
+Signed-off-by: Xingyu Wu <xingyu.wu@starfivetech.com>
+Link: https://lore.kernel.org/r/20240826080430.179788-2-xingyu.wu@starfivetech.com
+Reviewed-by: Hal Feng <hal.feng@starfivetech.com>
+Tested-by: Michael Jeanson <mjeanson@efficios.com>
+Signed-off-by: Stephen Boyd <sboyd@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/clk/starfive/clk-starfive-jh7110-sys.c | 31 ++++++++++++++++++++++++-
+ drivers/clk/starfive/clk-starfive-jh71x0.h | 2 +
+ 2 files changed, 32 insertions(+), 1 deletion(-)
+
+--- a/drivers/clk/starfive/clk-starfive-jh7110-sys.c
++++ b/drivers/clk/starfive/clk-starfive-jh7110-sys.c
+@@ -385,6 +385,32 @@ int jh7110_reset_controller_register(str
+ }
+ EXPORT_SYMBOL_GPL(jh7110_reset_controller_register);
+
++/*
++ * This clock notifier is called when the rate of PLL0 clock is to be changed.
++ * The cpu_root clock should save the curent parent clock and switch its parent
++ * clock to osc before PLL0 rate will be changed. Then switch its parent clock
++ * back after the PLL0 rate is completed.
++ */
++static int jh7110_pll0_clk_notifier_cb(struct notifier_block *nb,
++ unsigned long action, void *data)
++{
++ struct jh71x0_clk_priv *priv = container_of(nb, struct jh71x0_clk_priv, pll_clk_nb);
++ struct clk *cpu_root = priv->reg[JH7110_SYSCLK_CPU_ROOT].hw.clk;
++ int ret = 0;
++
++ if (action == PRE_RATE_CHANGE) {
++ struct clk *osc = clk_get(priv->dev, "osc");
++
++ priv->original_clk = clk_get_parent(cpu_root);
++ ret = clk_set_parent(cpu_root, osc);
++ clk_put(osc);
++ } else if (action == POST_RATE_CHANGE) {
++ ret = clk_set_parent(cpu_root, priv->original_clk);
++ }
++
++ return notifier_from_errno(ret);
++}
++
+ static int __init jh7110_syscrg_probe(struct platform_device *pdev)
+ {
+ struct jh71x0_clk_priv *priv;
+@@ -413,7 +439,10 @@ static int __init jh7110_syscrg_probe(st
+ if (IS_ERR(priv->pll[0]))
+ return PTR_ERR(priv->pll[0]);
+ } else {
+- clk_put(pllclk);
++ priv->pll_clk_nb.notifier_call = jh7110_pll0_clk_notifier_cb;
++ ret = clk_notifier_register(pllclk, &priv->pll_clk_nb);
++ if (ret)
++ return ret;
+ priv->pll[0] = NULL;
+ }
+
+--- a/drivers/clk/starfive/clk-starfive-jh71x0.h
++++ b/drivers/clk/starfive/clk-starfive-jh71x0.h
+@@ -114,6 +114,8 @@ struct jh71x0_clk_priv {
+ spinlock_t rmw_lock;
+ struct device *dev;
+ void __iomem *base;
++ struct clk *original_clk;
++ struct notifier_block pll_clk_nb;
+ struct clk_hw *pll[3];
+ struct jh71x0_clk reg[];
+ };
--- /dev/null
+From 5e9784e997620af7c1399029282f5d6964b41942 Mon Sep 17 00:00:00 2001
+From: Hao Ge <gehao@kylinos.cn>
+Date: Mon, 26 Aug 2024 00:36:49 +0800
+Subject: codetag: debug: mark codetags for poisoned page as empty
+
+From: Hao Ge <gehao@kylinos.cn>
+
+commit 5e9784e997620af7c1399029282f5d6964b41942 upstream.
+
+When PG_hwpoison pages are freed they are treated differently in
+free_pages_prepare() and instead of being released they are isolated.
+
+Page allocation tag counters are decremented at this point since the page
+is considered not in use. Later on when such pages are released by
+unpoison_memory(), the allocation tag counters will be decremented again
+and the following warning gets reported:
+
+[ 113.930443][ T3282] ------------[ cut here ]------------
+[ 113.931105][ T3282] alloc_tag was not set
+[ 113.931576][ T3282] WARNING: CPU: 2 PID: 3282 at ./include/linux/alloc_tag.h:130 pgalloc_tag_sub.part.66+0x154/0x164
+[ 113.932866][ T3282] Modules linked in: hwpoison_inject fuse ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 ipt_REJECT nf_reject_ipv4 xt_conntrack ebtable_nat ebtable_broute ip6table_nat ip6table_man4
+[ 113.941638][ T3282] CPU: 2 UID: 0 PID: 3282 Comm: madvise11 Kdump: loaded Tainted: G W 6.11.0-rc4-dirty #18
+[ 113.943003][ T3282] Tainted: [W]=WARN
+[ 113.943453][ T3282] Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022
+[ 113.944378][ T3282] pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
+[ 113.945319][ T3282] pc : pgalloc_tag_sub.part.66+0x154/0x164
+[ 113.946016][ T3282] lr : pgalloc_tag_sub.part.66+0x154/0x164
+[ 113.946706][ T3282] sp : ffff800087093a10
+[ 113.947197][ T3282] x29: ffff800087093a10 x28: ffff0000d7a9d400 x27: ffff80008249f0a0
+[ 113.948165][ T3282] x26: 0000000000000000 x25: ffff80008249f2b0 x24: 0000000000000000
+[ 113.949134][ T3282] x23: 0000000000000001 x22: 0000000000000001 x21: 0000000000000000
+[ 113.950597][ T3282] x20: ffff0000c08fcad8 x19: ffff80008251e000 x18: ffffffffffffffff
+[ 113.952207][ T3282] x17: 0000000000000000 x16: 0000000000000000 x15: ffff800081746210
+[ 113.953161][ T3282] x14: 0000000000000000 x13: 205d323832335420 x12: 5b5d353031313339
+[ 113.954120][ T3282] x11: ffff800087093500 x10: 000000000000005d x9 : 00000000ffffffd0
+[ 113.955078][ T3282] x8 : 7f7f7f7f7f7f7f7f x7 : ffff80008236ba90 x6 : c0000000ffff7fff
+[ 113.956036][ T3282] x5 : ffff000b34bf4dc8 x4 : ffff8000820aba90 x3 : 0000000000000001
+[ 113.956994][ T3282] x2 : ffff800ab320f000 x1 : 841d1e35ac932e00 x0 : 0000000000000000
+[ 113.957962][ T3282] Call trace:
+[ 113.958350][ T3282] pgalloc_tag_sub.part.66+0x154/0x164
+[ 113.959000][ T3282] pgalloc_tag_sub+0x14/0x1c
+[ 113.959539][ T3282] free_unref_page+0xf4/0x4b8
+[ 113.960096][ T3282] __folio_put+0xd4/0x120
+[ 113.960614][ T3282] folio_put+0x24/0x50
+[ 113.961103][ T3282] unpoison_memory+0x4f0/0x5b0
+[ 113.961678][ T3282] hwpoison_unpoison+0x30/0x48 [hwpoison_inject]
+[ 113.962436][ T3282] simple_attr_write_xsigned.isra.34+0xec/0x1cc
+[ 113.963183][ T3282] simple_attr_write+0x38/0x48
+[ 113.963750][ T3282] debugfs_attr_write+0x54/0x80
+[ 113.964330][ T3282] full_proxy_write+0x68/0x98
+[ 113.964880][ T3282] vfs_write+0xdc/0x4d0
+[ 113.965372][ T3282] ksys_write+0x78/0x100
+[ 113.965875][ T3282] __arm64_sys_write+0x24/0x30
+[ 113.966440][ T3282] invoke_syscall+0x7c/0x104
+[ 113.966984][ T3282] el0_svc_common.constprop.1+0x88/0x104
+[ 113.967652][ T3282] do_el0_svc+0x2c/0x38
+[ 113.968893][ T3282] el0_svc+0x3c/0x1b8
+[ 113.969379][ T3282] el0t_64_sync_handler+0x98/0xbc
+[ 113.969980][ T3282] el0t_64_sync+0x19c/0x1a0
+[ 113.970511][ T3282] ---[ end trace 0000000000000000 ]---
+
+To fix this, clear the page tag reference after the page got isolated
+and accounted for.
+
+Link: https://lkml.kernel.org/r/20240825163649.33294-1-hao.ge@linux.dev
+Fixes: d224eb0287fb ("codetag: debug: mark codetags for reserved pages as empty")
+Signed-off-by: Hao Ge <gehao@kylinos.cn>
+Reviewed-by: Miaohe Lin <linmiaohe@huawei.com>
+Acked-by: Suren Baghdasaryan <surenb@google.com>
+Cc: David Hildenbrand <david@redhat.com>
+Cc: Hao Ge <gehao@kylinos.cn>
+Cc: Kent Overstreet <kent.overstreet@linux.dev>
+Cc: Naoya Horiguchi <nao.horiguchi@gmail.com>
+Cc: Pasha Tatashin <pasha.tatashin@soleen.com>
+Cc: <stable@vger.kernel.org> [6.10+]
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ mm/page_alloc.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+--- a/mm/page_alloc.c
++++ b/mm/page_alloc.c
+@@ -1053,6 +1053,13 @@ __always_inline bool free_pages_prepare(
+ reset_page_owner(page, order);
+ page_table_check_free(page, order);
+ pgalloc_tag_sub(page, 1 << order);
++
++ /*
++ * The page is isolated and accounted for.
++ * Mark the codetag as empty to avoid accounting error
++ * when the page is freed by unpoison_memory().
++ */
++ clear_page_tag_ref(page);
+ return false;
+ }
+
--- /dev/null
+From 6dacd79d28842ff01f18b4900d897741aac5999e Mon Sep 17 00:00:00 2001
+From: Petr Tesarik <ptesarik@suse.com>
+Date: Mon, 5 Aug 2024 17:07:50 +0200
+Subject: kexec_file: fix elfcorehdr digest exclusion when CONFIG_CRASH_HOTPLUG=y
+
+From: Petr Tesarik <ptesarik@suse.com>
+
+commit 6dacd79d28842ff01f18b4900d897741aac5999e upstream.
+
+Fix the condition to exclude the elfcorehdr segment from the SHA digest
+calculation.
+
+The j iterator is an index into the output sha_regions[] array, not into
+the input image->segment[] array. Once it reaches
+image->elfcorehdr_index, all subsequent segments are excluded. Besides,
+if the purgatory segment precedes the elfcorehdr segment, the elfcorehdr
+may be wrongly included in the calculation.
+
+Link: https://lkml.kernel.org/r/20240805150750.170739-1-petr.tesarik@suse.com
+Fixes: f7cc804a9fd4 ("kexec: exclude elfcorehdr from the segment digest")
+Signed-off-by: Petr Tesarik <ptesarik@suse.com>
+Acked-by: Baoquan He <bhe@redhat.com>
+Cc: Eric Biederman <ebiederm@xmission.com>
+Cc: Hari Bathini <hbathini@linux.ibm.com>
+Cc: Sourabh Jain <sourabhjain@linux.ibm.com>
+Cc: Eric DeVolder <eric_devolder@yahoo.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ kernel/kexec_file.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/kernel/kexec_file.c
++++ b/kernel/kexec_file.c
+@@ -752,7 +752,7 @@ static int kexec_calculate_store_digests
+
+ #ifdef CONFIG_CRASH_HOTPLUG
+ /* Exclude elfcorehdr segment to allow future changes via hotplug */
+- if (j == image->elfcorehdr_index)
++ if (i == image->elfcorehdr_index)
+ continue;
+ #endif
+
--- /dev/null
+From f806de88d8f7f8191afd0fd9b94db4cd058e7d4f Mon Sep 17 00:00:00 2001
+From: "Liam R. Howlett" <Liam.Howlett@Oracle.com>
+Date: Tue, 20 Aug 2024 13:54:17 -0400
+Subject: maple_tree: remove rcu_read_lock() from mt_validate()
+
+From: Liam R. Howlett <Liam.Howlett@Oracle.com>
+
+commit f806de88d8f7f8191afd0fd9b94db4cd058e7d4f upstream.
+
+The write lock should be held when validating the tree to avoid updates
+racing with checks. Holding the rcu read lock during a large tree
+validation may also cause a prolonged rcu read window and "rcu_preempt
+detected stalls" warnings.
+
+Link: https://lore.kernel.org/all/0000000000001d12d4062005aea1@google.com/
+Link: https://lkml.kernel.org/r/20240820175417.2782532-1-Liam.Howlett@oracle.com
+Fixes: 54a611b60590 ("Maple Tree: add new data structure")
+Signed-off-by: Liam R. Howlett <Liam.Howlett@Oracle.com>
+Reported-by: syzbot+036af2f0c7338a33b0cd@syzkaller.appspotmail.com
+Cc: Hillf Danton <hdanton@sina.com>
+Cc: Matthew Wilcox <willy@infradead.org>
+Cc: "Paul E. McKenney" <paulmck@kernel.org>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ lib/maple_tree.c | 7 ++-----
+ 1 file changed, 2 insertions(+), 5 deletions(-)
+
+--- a/lib/maple_tree.c
++++ b/lib/maple_tree.c
+@@ -7569,14 +7569,14 @@ static void mt_validate_nulls(struct map
+ * 2. The gap is correctly set in the parents
+ */
+ void mt_validate(struct maple_tree *mt)
++ __must_hold(mas->tree->ma_lock)
+ {
+ unsigned char end;
+
+ MA_STATE(mas, mt, 0, 0);
+- rcu_read_lock();
+ mas_start(&mas);
+ if (!mas_is_active(&mas))
+- goto done;
++ return;
+
+ while (!mte_is_leaf(mas.node))
+ mas_descend(&mas);
+@@ -7597,9 +7597,6 @@ void mt_validate(struct maple_tree *mt)
+ mas_dfs_postorder(&mas, ULONG_MAX);
+ }
+ mt_validate_nulls(mt);
+-done:
+- rcu_read_unlock();
+-
+ }
+ EXPORT_SYMBOL_GPL(mt_validate);
+
--- /dev/null
+From ab7ca09520e9c41c219a4427fe0dae24024bfe7f Mon Sep 17 00:00:00 2001
+From: Hao Ge <gehao@kylinos.cn>
+Date: Fri, 16 Aug 2024 09:33:36 +0800
+Subject: mm/slub: add check for s->flags in the alloc_tagging_slab_free_hook
+
+From: Hao Ge <gehao@kylinos.cn>
+
+commit ab7ca09520e9c41c219a4427fe0dae24024bfe7f upstream.
+
+When enable CONFIG_MEMCG & CONFIG_KFENCE & CONFIG_KMEMLEAK, the following
+warning always occurs,This is because the following call stack occurred:
+mem_pool_alloc
+ kmem_cache_alloc_noprof
+ slab_alloc_node
+ kfence_alloc
+
+Once the kfence allocation is successful,slab->obj_exts will not be empty,
+because it has already been assigned a value in kfence_init_pool.
+
+Since in the prepare_slab_obj_exts_hook function,we perform a check for
+s->flags & (SLAB_NO_OBJ_EXT | SLAB_NOLEAKTRACE),the alloc_tag_add function
+will not be called as a result.Therefore,ref->ct remains NULL.
+
+However,when we call mem_pool_free,since obj_ext is not empty, it
+eventually leads to the alloc_tag_sub scenario being invoked. This is
+where the warning occurs.
+
+So we should add corresponding checks in the alloc_tagging_slab_free_hook.
+For __GFP_NO_OBJ_EXT case,I didn't see the specific case where it's using
+kfence,so I won't add the corresponding check in
+alloc_tagging_slab_free_hook for now.
+
+[ 3.734349] ------------[ cut here ]------------
+[ 3.734807] alloc_tag was not set
+[ 3.735129] WARNING: CPU: 4 PID: 40 at ./include/linux/alloc_tag.h:130 kmem_cache_free+0x444/0x574
+[ 3.735866] Modules linked in: autofs4
+[ 3.736211] CPU: 4 UID: 0 PID: 40 Comm: ksoftirqd/4 Tainted: G W 6.11.0-rc3-dirty #1
+[ 3.736969] Tainted: [W]=WARN
+[ 3.737258] Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022
+[ 3.737875] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
+[ 3.738501] pc : kmem_cache_free+0x444/0x574
+[ 3.738951] lr : kmem_cache_free+0x444/0x574
+[ 3.739361] sp : ffff80008357bb60
+[ 3.739693] x29: ffff80008357bb70 x28: 0000000000000000 x27: 0000000000000000
+[ 3.740338] x26: ffff80008207f000 x25: ffff000b2eb2fd60 x24: ffff0000c0005700
+[ 3.740982] x23: ffff8000804229e4 x22: ffff800082080000 x21: ffff800081756000
+[ 3.741630] x20: fffffd7ff8253360 x19: 00000000000000a8 x18: ffffffffffffffff
+[ 3.742274] x17: ffff800ab327f000 x16: ffff800083398000 x15: ffff800081756df0
+[ 3.742919] x14: 0000000000000000 x13: 205d344320202020 x12: 5b5d373038343337
+[ 3.743560] x11: ffff80008357b650 x10: 000000000000005d x9 : 00000000ffffffd0
+[ 3.744231] x8 : 7f7f7f7f7f7f7f7f x7 : ffff80008237bad0 x6 : c0000000ffff7fff
+[ 3.744907] x5 : ffff80008237ba78 x4 : ffff8000820bbad0 x3 : 0000000000000001
+[ 3.745580] x2 : 68d66547c09f7800 x1 : 68d66547c09f7800 x0 : 0000000000000000
+[ 3.746255] Call trace:
+[ 3.746530] kmem_cache_free+0x444/0x574
+[ 3.746931] mem_pool_free+0x44/0xf4
+[ 3.747306] free_object_rcu+0xc8/0xdc
+[ 3.747693] rcu_do_batch+0x234/0x8a4
+[ 3.748075] rcu_core+0x230/0x3e4
+[ 3.748424] rcu_core_si+0x14/0x1c
+[ 3.748780] handle_softirqs+0x134/0x378
+[ 3.749189] run_ksoftirqd+0x70/0x9c
+[ 3.749560] smpboot_thread_fn+0x148/0x22c
+[ 3.749978] kthread+0x10c/0x118
+[ 3.750323] ret_from_fork+0x10/0x20
+[ 3.750696] ---[ end trace 0000000000000000 ]---
+
+Link: https://lkml.kernel.org/r/20240816013336.17505-1-hao.ge@linux.dev
+Fixes: 4b8736964640 ("mm/slab: add allocation accounting into slab allocation and free paths")
+Signed-off-by: Hao Ge <gehao@kylinos.cn>
+Cc: Christoph Lameter <cl@linux.com>
+Cc: David Rientjes <rientjes@google.com>
+Cc: Hyeonggon Yoo <42.hyeyoo@gmail.com>
+Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
+Cc: Kees Cook <kees@kernel.org>
+Cc: Kent Overstreet <kent.overstreet@linux.dev>
+Cc: Pekka Enberg <penberg@kernel.org>
+Cc: Roman Gushchin <roman.gushchin@linux.dev>
+Cc: Suren Baghdasaryan <surenb@google.com>
+Cc: Vlastimil Babka <vbabka@suse.cz>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ mm/slub.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/mm/slub.c
++++ b/mm/slub.c
+@@ -2044,6 +2044,10 @@ alloc_tagging_slab_free_hook(struct kmem
+ if (!mem_alloc_profiling_enabled())
+ return;
+
++ /* slab->obj_exts might not be NULL if it was created for MEMCG accounting. */
++ if (s->flags & (SLAB_NO_OBJ_EXT | SLAB_NOLEAKTRACE))
++ return;
++
+ obj_exts = slab_obj_exts(slab);
+ if (!obj_exts)
+ return;
--- /dev/null
+From 3e3de7947c751509027d26b679ecd243bc9db255 Mon Sep 17 00:00:00 2001
+From: Will Deacon <will@kernel.org>
+Date: Mon, 12 Aug 2024 18:16:06 +0100
+Subject: mm: vmalloc: ensure vmap_block is initialised before adding to queue
+
+From: Will Deacon <will@kernel.org>
+
+commit 3e3de7947c751509027d26b679ecd243bc9db255 upstream.
+
+Commit 8c61291fd850 ("mm: fix incorrect vbq reference in
+purge_fragmented_block") extended the 'vmap_block' structure to contain a
+'cpu' field which is set at allocation time to the id of the initialising
+CPU.
+
+When a new 'vmap_block' is being instantiated by new_vmap_block(), the
+partially initialised structure is added to the local 'vmap_block_queue'
+xarray before the 'cpu' field has been initialised. If another CPU is
+concurrently walking the xarray (e.g. via vm_unmap_aliases()), then it
+may perform an out-of-bounds access to the remote queue thanks to an
+uninitialised index.
+
+This has been observed as UBSAN errors in Android:
+
+ | Internal error: UBSAN: array index out of bounds: 00000000f2005512 [#1] PREEMPT SMP
+ |
+ | Call trace:
+ | purge_fragmented_block+0x204/0x21c
+ | _vm_unmap_aliases+0x170/0x378
+ | vm_unmap_aliases+0x1c/0x28
+ | change_memory_common+0x1dc/0x26c
+ | set_memory_ro+0x18/0x24
+ | module_enable_ro+0x98/0x238
+ | do_init_module+0x1b0/0x310
+
+Move the initialisation of 'vb->cpu' in new_vmap_block() ahead of the
+addition to the xarray.
+
+Link: https://lkml.kernel.org/r/20240812171606.17486-1-will@kernel.org
+Fixes: 8c61291fd850 ("mm: fix incorrect vbq reference in purge_fragmented_block")
+Signed-off-by: Will Deacon <will@kernel.org>
+Reviewed-by: Baoquan He <bhe@redhat.com>
+Reviewed-by: Uladzislau Rezki (Sony) <urezki@gmail.com>
+Cc: Zhaoyang Huang <zhaoyang.huang@unisoc.com>
+Cc: Hailong.Liu <hailong.liu@oppo.com>
+Cc: Christoph Hellwig <hch@infradead.org>
+Cc: Lorenzo Stoakes <lstoakes@gmail.com>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ mm/vmalloc.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/mm/vmalloc.c
++++ b/mm/vmalloc.c
+@@ -2628,6 +2628,7 @@ static void *new_vmap_block(unsigned int
+ vb->dirty_max = 0;
+ bitmap_set(vb->used_map, 0, (1UL << order));
+ INIT_LIST_HEAD(&vb->free_list);
++ vb->cpu = raw_smp_processor_id();
+
+ xa = addr_to_vb_xa(va->va_start);
+ vb_idx = addr_to_vb_idx(va->va_start);
+@@ -2644,7 +2645,6 @@ static void *new_vmap_block(unsigned int
+ * integrity together with list_for_each_rcu from read
+ * side.
+ */
+- vb->cpu = raw_smp_processor_id();
+ vbq = per_cpu_ptr(&vmap_block_queue, vb->cpu);
+ spin_lock(&vbq->lock);
+ list_add_tail_rcu(&vb->free_list, &vbq->free);
--- /dev/null
+From 409faf8c97d5abb0597ea43e99c8b3dd8dbe99e3 Mon Sep 17 00:00:00 2001
+From: Adrian Huang <ahuang12@lenovo.com>
+Date: Thu, 29 Aug 2024 21:06:33 +0800
+Subject: mm: vmalloc: optimize vmap_lazy_nr arithmetic when purging each vmap_area
+
+From: Adrian Huang <ahuang12@lenovo.com>
+
+commit 409faf8c97d5abb0597ea43e99c8b3dd8dbe99e3 upstream.
+
+When running the vmalloc stress on a 448-core system, observe the average
+latency of purge_vmap_node() is about 2 seconds by using the eBPF/bcc
+'funclatency.py' tool [1].
+
+ # /your-git-repo/bcc/tools/funclatency.py -u purge_vmap_node & pid1=$! && sleep 8 && modprobe test_vmalloc nr_threads=$(nproc) run_test_mask=0x7; kill -SIGINT $pid1
+
+ usecs : count distribution
+ 0 -> 1 : 0 | |
+ 2 -> 3 : 29 | |
+ 4 -> 7 : 19 | |
+ 8 -> 15 : 56 | |
+ 16 -> 31 : 483 |**** |
+ 32 -> 63 : 1548 |************ |
+ 64 -> 127 : 2634 |********************* |
+ 128 -> 255 : 2535 |********************* |
+ 256 -> 511 : 1776 |************** |
+ 512 -> 1023 : 1015 |******** |
+ 1024 -> 2047 : 573 |**** |
+ 2048 -> 4095 : 488 |**** |
+ 4096 -> 8191 : 1091 |********* |
+ 8192 -> 16383 : 3078 |************************* |
+ 16384 -> 32767 : 4821 |****************************************|
+ 32768 -> 65535 : 3318 |*************************** |
+ 65536 -> 131071 : 1718 |************** |
+ 131072 -> 262143 : 2220 |****************** |
+ 262144 -> 524287 : 1147 |********* |
+ 524288 -> 1048575 : 1179 |********* |
+ 1048576 -> 2097151 : 822 |****** |
+ 2097152 -> 4194303 : 906 |******* |
+ 4194304 -> 8388607 : 2148 |***************** |
+ 8388608 -> 16777215 : 4497 |************************************* |
+ 16777216 -> 33554431 : 289 |** |
+
+ avg = 2041714 usecs, total: 78381401772 usecs, count: 38390
+
+ The worst case is over 16-33 seconds, so soft lockup is triggered [2].
+
+[Root Cause]
+1) Each purge_list has the long list. The following shows the number of
+ vmap_area is purged.
+
+ crash> p vmap_nodes
+ vmap_nodes = $27 = (struct vmap_node *) 0xff2de5a900100000
+ crash> vmap_node 0xff2de5a900100000 128 | grep nr_purged
+ nr_purged = 663070
+ ...
+ nr_purged = 821670
+ nr_purged = 692214
+ nr_purged = 726808
+ ...
+
+2) atomic_long_sub() employs the 'lock' prefix to ensure the atomic
+ operation when purging each vmap_area. However, the iteration is over
+ 600000 vmap_area (See 'nr_purged' above).
+
+ Here is objdump output:
+
+ $ objdump -D vmlinux
+ ffffffff813e8c80 <purge_vmap_node>:
+ ...
+ ffffffff813e8d70: f0 48 29 2d 68 0c bb lock sub %rbp,0x2bb0c68(%rip)
+ ...
+
+ Quote from "Instruction tables" pdf file [3]:
+ Instructions with a LOCK prefix have a long latency that depends on
+ cache organization and possibly RAM speed. If there are multiple
+ processors or cores or direct memory access (DMA) devices, then all
+ locked instructions will lock a cache line for exclusive access,
+ which may involve RAM access. A LOCK prefix typically costs more
+ than a hundred clock cycles, even on single-processor systems.
+
+ That's why the latency of purge_vmap_node() dramatically increases
+ on a many-core system: One core is busy on purging each vmap_area of
+ the *long* purge_list and executing atomic_long_sub() for each
+ vmap_area, while other cores free vmalloc allocations and execute
+ atomic_long_add_return() in free_vmap_area_noflush().
+
+[Solution]
+Employ a local variable to record the total purged pages, and execute
+atomic_long_sub() after the traversal of the purge_list is done. The
+experiment result shows the latency improvement is 99%.
+
+[Experiment Result]
+1) System Configuration: Three servers (with HT-enabled) are tested.
+ * 72-core server: 3rd Gen Intel Xeon Scalable Processor*1
+ * 192-core server: 5th Gen Intel Xeon Scalable Processor*2
+ * 448-core server: AMD Zen 4 Processor*2
+
+2) Kernel Config
+ * CONFIG_KASAN is disabled
+
+3) The data in column "w/o patch" and "w/ patch"
+ * Unit: micro seconds (us)
+ * Each data is the average of 3-time measurements
+
+ System w/o patch (us) w/ patch (us) Improvement (%)
+ --------------- -------------- ------------- -------------
+ 72-core server 2194 14 99.36%
+ 192-core server 143799 1139 99.21%
+ 448-core server 1992122 6883 99.65%
+
+[1] https://github.com/iovisor/bcc/blob/master/tools/funclatency.py
+[2] https://gist.github.com/AdrianHuang/37c15f67b45407b83c2d32f918656c12
+[3] https://www.agner.org/optimize/instruction_tables.pdf
+
+Link: https://lkml.kernel.org/r/20240829130633.2184-1-ahuang12@lenovo.com
+Signed-off-by: Adrian Huang <ahuang12@lenovo.com>
+Reviewed-by: Uladzislau Rezki (Sony) <urezki@gmail.com>
+Cc: Christoph Hellwig <hch@infradead.org>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ mm/vmalloc.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+--- a/mm/vmalloc.c
++++ b/mm/vmalloc.c
+@@ -2190,6 +2190,7 @@ static void purge_vmap_node(struct work_
+ {
+ struct vmap_node *vn = container_of(work,
+ struct vmap_node, purge_work);
++ unsigned long nr_purged_pages = 0;
+ struct vmap_area *va, *n_va;
+ LIST_HEAD(local_list);
+
+@@ -2207,7 +2208,7 @@ static void purge_vmap_node(struct work_
+ kasan_release_vmalloc(orig_start, orig_end,
+ va->va_start, va->va_end);
+
+- atomic_long_sub(nr, &vmap_lazy_nr);
++ nr_purged_pages += nr;
+ vn->nr_purged++;
+
+ if (is_vn_id_valid(vn_id) && !vn->skip_populate)
+@@ -2218,6 +2219,8 @@ static void purge_vmap_node(struct work_
+ list_add(&va->list, &local_list);
+ }
+
++ atomic_long_sub(nr_purged_pages, &vmap_lazy_nr);
++
+ reclaim_list_global(&local_list);
+ }
+
--- /dev/null
+From 602cb14e310a7a32c4f27d1f16c4614c790c7f6f Mon Sep 17 00:00:00 2001
+From: Stephan Gerhold <stephan.gerhold@linaro.org>
+Date: Fri, 30 Aug 2024 11:09:07 +0200
+Subject: pinctrl: qcom: x1e80100: Bypass PDC wakeup parent for now
+
+From: Stephan Gerhold <stephan.gerhold@linaro.org>
+
+commit 602cb14e310a7a32c4f27d1f16c4614c790c7f6f upstream.
+
+On X1E80100, GPIO interrupts for wakeup-capable pins have been broken since
+the introduction of the pinctrl driver. This prevents keyboard and touchpad
+from working on most of the X1E laptops. So far we have worked around this
+by manually building a kernel with the "wakeup-parent" removed from the
+pinctrl node in the device tree, but we cannot expect all users to do that.
+
+Implement a similar workaround in the driver by clearing the wakeirq_map
+for X1E80100. This avoids using the PDC wakeup parent for all GPIOs
+and handles the interrupts directly in the pinctrl driver instead.
+
+The PDC driver needs additional changes to support X1E80100 properly.
+Adding a workaround separately first allows to land the necessary PDC
+changes through the normal release cycle, while still solving the more
+critical problem with keyboard and touchpad on the current stable kernel
+versions. Bypassing the PDC is enough for now, because we have not yet
+enabled the deep idle states where using the PDC becomes necessary.
+
+Cc: stable@vger.kernel.org
+Fixes: 05e4941d97ef ("pinctrl: qcom: Add X1E80100 pinctrl driver")
+Signed-off-by: Stephan Gerhold <stephan.gerhold@linaro.org>
+Reviewed-by: Johan Hovold <johan+linaro@kernel.org>
+Tested-by: Johan Hovold <johan+linaro@kernel.org>
+Reviewed-by: Konrad Dybcio <konradybcio@kernel.org>
+Reviewed-by: Abel Vesa <abel.vesa@linaro.org>
+Link: https://lore.kernel.org/20240830-x1e80100-bypass-pdc-v1-1-d4c00be0c3e3@linaro.org
+Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/pinctrl/qcom/pinctrl-x1e80100.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/pinctrl/qcom/pinctrl-x1e80100.c b/drivers/pinctrl/qcom/pinctrl-x1e80100.c
+index 65ed933f05ce..abfcdd3da9e8 100644
+--- a/drivers/pinctrl/qcom/pinctrl-x1e80100.c
++++ b/drivers/pinctrl/qcom/pinctrl-x1e80100.c
+@@ -1839,7 +1839,9 @@ static const struct msm_pinctrl_soc_data x1e80100_pinctrl = {
+ .ngroups = ARRAY_SIZE(x1e80100_groups),
+ .ngpios = 239,
+ .wakeirq_map = x1e80100_pdc_map,
+- .nwakeirq_map = ARRAY_SIZE(x1e80100_pdc_map),
++ /* TODO: Enabling PDC currently breaks GPIO interrupts */
++ .nwakeirq_map = 0,
++ /* .nwakeirq_map = ARRAY_SIZE(x1e80100_pdc_map), */
+ .egpio_func = 9,
+ };
+
+--
+2.46.0
+
--- /dev/null
+From bfe0857c20c663fcc1592fa4e3a61ca12b07dac9 Mon Sep 17 00:00:00 2001
+From: Usama Arif <usamaarif642@gmail.com>
+Date: Wed, 21 Aug 2024 20:26:07 +0100
+Subject: Revert "mm: skip CMA pages when they are not available"
+
+From: Usama Arif <usamaarif642@gmail.com>
+
+commit bfe0857c20c663fcc1592fa4e3a61ca12b07dac9 upstream.
+
+This reverts commit 5da226dbfce3 ("mm: skip CMA pages when they are not
+available") and b7108d66318a ("Multi-gen LRU: skip CMA pages when they are
+not eligible").
+
+lruvec->lru_lock is highly contended and is held when calling
+isolate_lru_folios. If the lru has a large number of CMA folios
+consecutively, while the allocation type requested is not MIGRATE_MOVABLE,
+isolate_lru_folios can hold the lock for a very long time while it skips
+those. For FIO workload, ~150million order=0 folios were skipped to
+isolate a few ZONE_DMA folios [1]. This can cause lockups [1] and high
+memory pressure for extended periods of time [2].
+
+Remove skipping CMA for MGLRU as well, as it was introduced in sort_folio
+for the same resaon as 5da226dbfce3a2f44978c2c7cf88166e69a6788b.
+
+[1] https://lore.kernel.org/all/CAOUHufbkhMZYz20aM_3rHZ3OcK4m2puji2FGpUpn_-DevGk3Kg@mail.gmail.com/
+[2] https://lore.kernel.org/all/ZrssOrcJIDy8hacI@gmail.com/
+
+[usamaarif642@gmail.com: also revert b7108d66318a, per Johannes]
+ Link: https://lkml.kernel.org/r/9060a32d-b2d7-48c0-8626-1db535653c54@gmail.com
+ Link: https://lkml.kernel.org/r/357ac325-4c61-497a-92a3-bdbd230d5ec9@gmail.com
+Link: https://lkml.kernel.org/r/9060a32d-b2d7-48c0-8626-1db535653c54@gmail.com
+Fixes: 5da226dbfce3 ("mm: skip CMA pages when they are not available")
+Signed-off-by: Usama Arif <usamaarif642@gmail.com>
+Acked-by: Johannes Weiner <hannes@cmpxchg.org>
+Cc: Bharata B Rao <bharata@amd.com>
+Cc: Breno Leitao <leitao@debian.org>
+Cc: David Hildenbrand <david@redhat.com>
+Cc: Matthew Wilcox <willy@infradead.org>
+Cc: Rik van Riel <riel@surriel.com>
+Cc: Vlastimil Babka <vbabka@suse.cz>
+Cc: Yu Zhao <yuzhao@google.com>
+Cc: Zhaoyang Huang <huangzhaoyang@gmail.com>
+Cc: Zhaoyang Huang <zhaoyang.huang@unisoc.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ mm/vmscan.c | 24 ++----------------------
+ 1 file changed, 2 insertions(+), 22 deletions(-)
+
+--- a/mm/vmscan.c
++++ b/mm/vmscan.c
+@@ -1587,25 +1587,6 @@ static __always_inline void update_lru_s
+
+ }
+
+-#ifdef CONFIG_CMA
+-/*
+- * It is waste of effort to scan and reclaim CMA pages if it is not available
+- * for current allocation context. Kswapd can not be enrolled as it can not
+- * distinguish this scenario by using sc->gfp_mask = GFP_KERNEL
+- */
+-static bool skip_cma(struct folio *folio, struct scan_control *sc)
+-{
+- return !current_is_kswapd() &&
+- gfp_migratetype(sc->gfp_mask) != MIGRATE_MOVABLE &&
+- folio_migratetype(folio) == MIGRATE_CMA;
+-}
+-#else
+-static bool skip_cma(struct folio *folio, struct scan_control *sc)
+-{
+- return false;
+-}
+-#endif
+-
+ /*
+ * Isolating page from the lruvec to fill in @dst list by nr_to_scan times.
+ *
+@@ -1652,8 +1633,7 @@ static unsigned long isolate_lru_folios(
+ nr_pages = folio_nr_pages(folio);
+ total_scan += nr_pages;
+
+- if (folio_zonenum(folio) > sc->reclaim_idx ||
+- skip_cma(folio, sc)) {
++ if (folio_zonenum(folio) > sc->reclaim_idx) {
+ nr_skipped[folio_zonenum(folio)] += nr_pages;
+ move_to = &folios_skipped;
+ goto move;
+@@ -4314,7 +4294,7 @@ static bool sort_folio(struct lruvec *lr
+ }
+
+ /* ineligible */
+- if (zone > sc->reclaim_idx || skip_cma(folio, sc)) {
++ if (zone > sc->reclaim_idx) {
+ gen = folio_inc_gen(lruvec, folio, false);
+ list_move_tail(&folio->lru, &lrugen->folios[gen][type][zone]);
+ return true;
asoc-intel-boards-fix-null-pointer-deref-in-byt-cht-boards-harder.patch
riscv-misaligned-restrict-user-access-to-kernel-memory.patch
parisc-delay-write-protection-until-mark_rodata_ro-call.patch
+clk-starfive-jh7110-sys-add-notifier-for-pll0-clock.patch
+clk-qcom-clk-alpha-pll-fix-the-pll-post-div-mask.patch
+clk-qcom-clk-alpha-pll-fix-the-trion-pll-postdiv-set-rate-api.patch
+clk-qcom-clk-alpha-pll-fix-zonda-set_rate-failure-when-pll-is-disabled.patch
+clk-qcom-clk-alpha-pll-update-set_rate-for-zonda-pll.patch
+pinctrl-qcom-x1e80100-bypass-pdc-wakeup-parent-for-now.patch
+can-mcp251x-fix-deadlock-if-an-interrupt-occurs-during-mcp251x_open.patch
+mm-vmalloc-optimize-vmap_lazy_nr-arithmetic-when-purging-each-vmap_area.patch
+alloc_tag-fix-allocation-tag-reporting-when-config_modules-n.patch
+codetag-debug-mark-codetags-for-poisoned-page-as-empty.patch
+maple_tree-remove-rcu_read_lock-from-mt_validate.patch
+kexec_file-fix-elfcorehdr-digest-exclusion-when-config_crash_hotplug-y.patch
+mm-vmalloc-ensure-vmap_block-is-initialised-before-adding-to-queue.patch
+mm-slub-add-check-for-s-flags-in-the-alloc_tagging_slab_free_hook.patch
+revert-mm-skip-cma-pages-when-they-are-not-available.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
