From: Greg Kroah-Hartman Date: Wed, 22 Nov 2023 17:29:48 +0000 (+0000) Subject: 6.6-stable patches X-Git-Tag: v4.14.331~127 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=3dd92a24c82e4fb992228b7acbc87347179872b1;p=thirdparty%2Fkernel%2Fstable-queue.git 6.6-stable patches added patches: acpi-processor-sanitize-_osc-_pdc-capabilities-for-xen-dom0.patch audit-don-t-take-task_lock-in-audit_exe_compare-code-path.patch audit-don-t-warn_on_once-current-mm-in-audit_exe_compare.patch hvc-xen-fix-console-unplug.patch hvc-xen-fix-error-path-in-xen_hvc_init-to-always-register-frontend-driver.patch hvc-xen-fix-event-channel-handling-for-secondary-consoles.patch mm-damon-sysfs-remove-requested-targets-when-online-commit-inputs.patch mm-damon-sysfs-update-monitoring-target-regions-for-online-input-commit.patch pci-sysfs-protect-driver-s-d3cold-preference-from-user-space.patch proc-sysctl-prevent-aliased-sysctls-from-getting-passed-to-init.patch sched-psi-fix-unprivileged-polling-against-cgroups.patch tty-serial-meson-fix-hard-lockup-on-crtscts-mode.patch tty-sysrq-replace-smp_processor_id-with-get_cpu.patch --- diff --git a/queue-6.6/acpi-processor-sanitize-_osc-_pdc-capabilities-for-xen-dom0.patch b/queue-6.6/acpi-processor-sanitize-_osc-_pdc-capabilities-for-xen-dom0.patch new file mode 100644 index 00000000000..2318b3c8190 --- /dev/null +++ b/queue-6.6/acpi-processor-sanitize-_osc-_pdc-capabilities-for-xen-dom0.patch @@ -0,0 +1,127 @@ +From bfa993b355d33a438a746523e7129391c8664e8a Mon Sep 17 00:00:00 2001 +From: Roger Pau Monne +Date: Wed, 8 Nov 2023 16:25:15 -0500 +Subject: acpi/processor: sanitize _OSC/_PDC capabilities for Xen dom0 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Roger Pau Monne + +commit bfa993b355d33a438a746523e7129391c8664e8a upstream. + +The Processor capability bits notify ACPI of the OS capabilities, and +so ACPI can adjust the return of other Processor methods taking the OS +capabilities into account. + +When Linux is running as a Xen dom0, the hypervisor is the entity +in charge of processor power management, and hence Xen needs to make +sure the capabilities reported by _OSC/_PDC match the capabilities of +the driver in Xen. + +Introduce a small helper to sanitize the buffer when running as Xen +dom0. + +When Xen supports HWP, this serves as the equivalent of commit +a21211672c9a ("ACPI / processor: Request native thermal interrupt +handling via _OSC") to avoid SMM crashes. Xen will set bit +ACPI_PROC_CAP_COLLAB_PROC_PERF (bit 12) in the capability bits and the +_OSC/_PDC call will apply it. + +[ jandryuk: Mention Xen HWP's need. Support _OSC & _PDC ] +Signed-off-by: Roger Pau Monné +Cc: stable@vger.kernel.org +Signed-off-by: Jason Andryuk +Reviewed-by: Michal Wilczynski +Reviewed-by: Juergen Gross +Link: https://lore.kernel.org/r/20231108212517.72279-1-jandryuk@gmail.com +Signed-off-by: Juergen Gross +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/include/asm/acpi.h | 14 ++++++++++++++ + arch/x86/include/asm/xen/hypervisor.h | 9 +++++++++ + drivers/xen/pcpu.c | 22 ++++++++++++++++++++++ + 3 files changed, 45 insertions(+) + +--- a/arch/x86/include/asm/acpi.h ++++ b/arch/x86/include/asm/acpi.h +@@ -16,6 +16,9 @@ + #include + #include + #include ++#include ++ ++#include + + #ifdef CONFIG_ACPI_APEI + # include +@@ -127,6 +130,17 @@ static inline void arch_acpi_set_proc_ca + if (!cpu_has(c, X86_FEATURE_MWAIT) || + boot_option_idle_override == IDLE_NOMWAIT) + *cap &= ~(ACPI_PROC_CAP_C_C1_FFH | ACPI_PROC_CAP_C_C2C3_FFH); ++ ++ if (xen_initial_domain()) { ++ /* ++ * When Linux is running as Xen dom0, the hypervisor is the ++ * entity in charge of the processor power management, and so ++ * Xen needs to check the OS capabilities reported in the ++ * processor capabilities buffer matches what the hypervisor ++ * driver supports. ++ */ ++ xen_sanitize_proc_cap_bits(cap); ++ } + } + + static inline bool acpi_has_cpu_in_madt(void) +--- a/arch/x86/include/asm/xen/hypervisor.h ++++ b/arch/x86/include/asm/xen/hypervisor.h +@@ -100,4 +100,13 @@ static inline void leave_lazy(enum xen_l + + enum xen_lazy_mode xen_get_lazy_mode(void); + ++#if defined(CONFIG_XEN_DOM0) && defined(CONFIG_ACPI) ++void xen_sanitize_proc_cap_bits(uint32_t *buf); ++#else ++static inline void xen_sanitize_proc_cap_bits(uint32_t *buf) ++{ ++ BUG(); ++} ++#endif ++ + #endif /* _ASM_X86_XEN_HYPERVISOR_H */ +--- a/drivers/xen/pcpu.c ++++ b/drivers/xen/pcpu.c +@@ -47,6 +47,9 @@ + #include + #include + ++#ifdef CONFIG_ACPI ++#include ++#endif + + /* + * @cpu_id: Xen physical cpu logic number +@@ -400,4 +403,23 @@ bool __init xen_processor_present(uint32 + + return online; + } ++ ++void xen_sanitize_proc_cap_bits(uint32_t *cap) ++{ ++ struct xen_platform_op op = { ++ .cmd = XENPF_set_processor_pminfo, ++ .u.set_pminfo.id = -1, ++ .u.set_pminfo.type = XEN_PM_PDC, ++ }; ++ u32 buf[3] = { ACPI_PDC_REVISION_ID, 1, *cap }; ++ int ret; ++ ++ set_xen_guest_handle(op.u.set_pminfo.pdc, buf); ++ ret = HYPERVISOR_platform_op(&op); ++ if (ret) ++ pr_err("sanitize of _PDC buffer bits from Xen failed: %d\n", ++ ret); ++ else ++ *cap = buf[2]; ++} + #endif diff --git a/queue-6.6/audit-don-t-take-task_lock-in-audit_exe_compare-code-path.patch b/queue-6.6/audit-don-t-take-task_lock-in-audit_exe_compare-code-path.patch new file mode 100644 index 00000000000..18c82481c05 --- /dev/null +++ b/queue-6.6/audit-don-t-take-task_lock-in-audit_exe_compare-code-path.patch @@ -0,0 +1,61 @@ +From 47846d51348dd62e5231a83be040981b17c955fa Mon Sep 17 00:00:00 2001 +From: Paul Moore +Date: Mon, 9 Oct 2023 13:18:49 -0400 +Subject: audit: don't take task_lock() in audit_exe_compare() code path + +From: Paul Moore + +commit 47846d51348dd62e5231a83be040981b17c955fa upstream. + +The get_task_exe_file() function locks the given task with task_lock() +which when used inside audit_exe_compare() can cause deadlocks on +systems that generate audit records when the task_lock() is held. We +resolve this problem with two changes: ignoring those cases where the +task being audited is not the current task, and changing our approach +to obtaining the executable file struct to not require task_lock(). + +With the intent of the audit exe filter being to filter on audit events +generated by processes started by the specified executable, it makes +sense that we would only want to use the exe filter on audit records +associated with the currently executing process, e.g. @current. If +we are asked to filter records using a non-@current task_struct we can +safely ignore the exe filter without negatively impacting the admin's +expectations for the exe filter. + +Knowing that we only have to worry about filtering the currently +executing task in audit_exe_compare() we can do away with the +task_lock() and call get_mm_exe_file() with @current->mm directly. + +Cc: +Fixes: 5efc244346f9 ("audit: fix exe_file access in audit_exe_compare") +Reported-by: Andreas Steinmetz +Reviewed-by: John Johansen +Reviewed-by: Mateusz Guzik +Signed-off-by: Paul Moore +Signed-off-by: Greg Kroah-Hartman +--- + kernel/audit_watch.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +--- a/kernel/audit_watch.c ++++ b/kernel/audit_watch.c +@@ -527,11 +527,18 @@ int audit_exe_compare(struct task_struct + unsigned long ino; + dev_t dev; + +- exe_file = get_task_exe_file(tsk); ++ /* only do exe filtering if we are recording @current events/records */ ++ if (tsk != current) ++ return 0; ++ ++ if (WARN_ON_ONCE(!current->mm)) ++ return 0; ++ exe_file = get_mm_exe_file(current->mm); + if (!exe_file) + return 0; + ino = file_inode(exe_file)->i_ino; + dev = file_inode(exe_file)->i_sb->s_dev; + fput(exe_file); ++ + return audit_mark_compare(mark, ino, dev); + } diff --git a/queue-6.6/audit-don-t-warn_on_once-current-mm-in-audit_exe_compare.patch b/queue-6.6/audit-don-t-warn_on_once-current-mm-in-audit_exe_compare.patch new file mode 100644 index 00000000000..3b3298e4aa3 --- /dev/null +++ b/queue-6.6/audit-don-t-warn_on_once-current-mm-in-audit_exe_compare.patch @@ -0,0 +1,37 @@ +From 969d90ec212bae4b45bf9d21d7daa30aa6cf055e Mon Sep 17 00:00:00 2001 +From: Paul Moore +Date: Tue, 14 Nov 2023 17:25:48 -0500 +Subject: audit: don't WARN_ON_ONCE(!current->mm) in audit_exe_compare() + +From: Paul Moore + +commit 969d90ec212bae4b45bf9d21d7daa30aa6cf055e upstream. + +eBPF can end up calling into the audit code from some odd places, and +some of these places don't have @current set properly so we end up +tripping the `WARN_ON_ONCE(!current->mm)` near the top of +`audit_exe_compare()`. While the basic `!current->mm` check is good, +the `WARN_ON_ONCE()` results in some scary console messages so let's +drop that and just do the regular `!current->mm` check to avoid +problems. + +Cc: +Fixes: 47846d51348d ("audit: don't take task_lock() in audit_exe_compare() code path") +Reported-by: Artem Savkov +Signed-off-by: Paul Moore +Signed-off-by: Greg Kroah-Hartman +--- + kernel/audit_watch.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/kernel/audit_watch.c ++++ b/kernel/audit_watch.c +@@ -531,7 +531,7 @@ int audit_exe_compare(struct task_struct + if (tsk != current) + return 0; + +- if (WARN_ON_ONCE(!current->mm)) ++ if (!current->mm) + return 0; + exe_file = get_mm_exe_file(current->mm); + if (!exe_file) diff --git a/queue-6.6/hvc-xen-fix-console-unplug.patch b/queue-6.6/hvc-xen-fix-console-unplug.patch new file mode 100644 index 00000000000..83fa609084e --- /dev/null +++ b/queue-6.6/hvc-xen-fix-console-unplug.patch @@ -0,0 +1,121 @@ +From a30badfd7c13fc8763a9e10c5a12ba7f81515a55 Mon Sep 17 00:00:00 2001 +From: David Woodhouse +Date: Fri, 20 Oct 2023 17:15:29 +0100 +Subject: hvc/xen: fix console unplug + +From: David Woodhouse + +commit a30badfd7c13fc8763a9e10c5a12ba7f81515a55 upstream. + +On unplug of a Xen console, xencons_disconnect_backend() unconditionally +calls free_irq() via unbind_from_irqhandler(), causing a warning of +freeing an already-free IRQ: + +(qemu) device_del con1 +[ 32.050919] ------------[ cut here ]------------ +[ 32.050942] Trying to free already-free IRQ 33 +[ 32.050990] WARNING: CPU: 0 PID: 51 at kernel/irq/manage.c:1895 __free_irq+0x1d4/0x330 + +It should be using evtchn_put() to tear down the event channel binding, +and let the Linux IRQ side of it be handled by notifier_del_irq() through +the HVC code. + +On which topic... xencons_disconnect_backend() should call hvc_remove() +*first*, rather than tearing down the event channel and grant mapping +while they are in use. And then the IRQ is guaranteed to be freed by +the time it's torn down by evtchn_put(). + +Since evtchn_put() also closes the actual event channel, avoid calling +xenbus_free_evtchn() except in the failure path where the IRQ was not +successfully set up. + +However, calling hvc_remove() at the start of xencons_disconnect_backend() +still isn't early enough. An unplug request is indicated by the backend +setting its state to XenbusStateClosing, which triggers a notification +to xencons_backend_changed(), which... does nothing except set its own +frontend state directly to XenbusStateClosed without *actually* tearing +down the HVC device or, you know, making sure it isn't actively in use. + +So the backend sees the guest frontend set its state to XenbusStateClosed +and stops servicing the interrupt... and the guest spins for ever in the +domU_write_console() function waiting for the ring to drain. + +Fix that one by calling hvc_remove() from xencons_backend_changed() before +signalling to the backend that it's OK to proceed with the removal. + +Tested with 'dd if=/dev/zero of=/dev/hvc1' while telling Qemu to remove +the console device. + +Signed-off-by: David Woodhouse +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20231020161529.355083-4-dwmw2@infradead.org +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Greg Kroah-Hartman +--- + drivers/tty/hvc/hvc_xen.c | 32 ++++++++++++++++++++++++-------- + 1 file changed, 24 insertions(+), 8 deletions(-) + +--- a/drivers/tty/hvc/hvc_xen.c ++++ b/drivers/tty/hvc/hvc_xen.c +@@ -377,18 +377,21 @@ void xen_console_resume(void) + #ifdef CONFIG_HVC_XEN_FRONTEND + static void xencons_disconnect_backend(struct xencons_info *info) + { +- if (info->irq > 0) +- unbind_from_irqhandler(info->irq, NULL); +- info->irq = 0; ++ if (info->hvc != NULL) ++ hvc_remove(info->hvc); ++ info->hvc = NULL; ++ if (info->irq > 0) { ++ evtchn_put(info->evtchn); ++ info->irq = 0; ++ info->evtchn = 0; ++ } ++ /* evtchn_put() will also close it so this is only an error path */ + if (info->evtchn > 0) + xenbus_free_evtchn(info->xbdev, info->evtchn); + info->evtchn = 0; + if (info->gntref > 0) + gnttab_free_grant_references(info->gntref); + info->gntref = 0; +- if (info->hvc != NULL) +- hvc_remove(info->hvc); +- info->hvc = NULL; + } + + static void xencons_free(struct xencons_info *info) +@@ -553,10 +556,23 @@ static void xencons_backend_changed(stru + if (dev->state == XenbusStateClosed) + break; + fallthrough; /* Missed the backend's CLOSING state */ +- case XenbusStateClosing: ++ case XenbusStateClosing: { ++ struct xencons_info *info = dev_get_drvdata(&dev->dev);; ++ ++ /* ++ * Don't tear down the evtchn and grant ref before the other ++ * end has disconnected, but do stop userspace from trying ++ * to use the device before we allow the backend to close. ++ */ ++ if (info->hvc) { ++ hvc_remove(info->hvc); ++ info->hvc = NULL; ++ } ++ + xenbus_frontend_closed(dev); + break; + } ++ } + } + + static const struct xenbus_device_id xencons_ids[] = { +@@ -616,7 +632,7 @@ static int __init xen_hvc_init(void) + list_del(&info->list); + spin_unlock_irqrestore(&xencons_lock, flags); + if (info->irq) +- unbind_from_irqhandler(info->irq, NULL); ++ evtchn_put(info->evtchn); + kfree(info); + return r; + } diff --git a/queue-6.6/hvc-xen-fix-error-path-in-xen_hvc_init-to-always-register-frontend-driver.patch b/queue-6.6/hvc-xen-fix-error-path-in-xen_hvc_init-to-always-register-frontend-driver.patch new file mode 100644 index 00000000000..65746a327a1 --- /dev/null +++ b/queue-6.6/hvc-xen-fix-error-path-in-xen_hvc_init-to-always-register-frontend-driver.patch @@ -0,0 +1,54 @@ +From 2704c9a5593f4a47620c12dad78838ca62b52f48 Mon Sep 17 00:00:00 2001 +From: David Woodhouse +Date: Fri, 20 Oct 2023 17:15:28 +0100 +Subject: hvc/xen: fix error path in xen_hvc_init() to always register frontend driver +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: David Woodhouse + +commit 2704c9a5593f4a47620c12dad78838ca62b52f48 upstream. + +The xen_hvc_init() function should always register the frontend driver, +even when there's no primary console — as there may be secondary consoles. +(Qemu can always add secondary consoles, but only the toolstack can add +the primary because it's special.) + +Signed-off-by: David Woodhouse +Reviewed-by: Juergen Gross +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20231020161529.355083-3-dwmw2@infradead.org +Signed-off-by: Greg Kroah-Hartman +--- + drivers/tty/hvc/hvc_xen.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +--- a/drivers/tty/hvc/hvc_xen.c ++++ b/drivers/tty/hvc/hvc_xen.c +@@ -604,7 +604,7 @@ static int __init xen_hvc_init(void) + ops = &dom0_hvc_ops; + r = xen_initial_domain_console_init(); + if (r < 0) +- return r; ++ goto register_fe; + info = vtermno_to_xencons(HVC_COOKIE); + } else { + ops = &domU_hvc_ops; +@@ -613,7 +613,7 @@ static int __init xen_hvc_init(void) + else + r = xen_pv_console_init(); + if (r < 0) +- return r; ++ goto register_fe; + + info = vtermno_to_xencons(HVC_COOKIE); + info->irq = bind_evtchn_to_irq_lateeoi(info->evtchn); +@@ -638,6 +638,7 @@ static int __init xen_hvc_init(void) + } + + r = 0; ++ register_fe: + #ifdef CONFIG_HVC_XEN_FRONTEND + r = xenbus_register_frontend(&xencons_driver); + #endif diff --git a/queue-6.6/hvc-xen-fix-event-channel-handling-for-secondary-consoles.patch b/queue-6.6/hvc-xen-fix-event-channel-handling-for-secondary-consoles.patch new file mode 100644 index 00000000000..f60befca8db --- /dev/null +++ b/queue-6.6/hvc-xen-fix-event-channel-handling-for-secondary-consoles.patch @@ -0,0 +1,52 @@ +From ef5dd8ec88ac11e8e353164407d55b73c988b369 Mon Sep 17 00:00:00 2001 +From: David Woodhouse +Date: Fri, 20 Oct 2023 17:15:27 +0100 +Subject: hvc/xen: fix event channel handling for secondary consoles +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: David Woodhouse + +commit ef5dd8ec88ac11e8e353164407d55b73c988b369 upstream. + +The xencons_connect_backend() function allocates a local interdomain +event channel with xenbus_alloc_evtchn(), then calls +bind_interdomain_evtchn_to_irq_lateeoi() to bind to that port# on the +*remote* domain. + +That doesn't work very well: + +(qemu) device_add xen-console,id=con1,chardev=pty0 +[ 44.323872] xenconsole console-1: 2 xenbus_dev_probe on device/console/1 +[ 44.323995] xenconsole: probe of console-1 failed with error -2 + +Fix it to use bind_evtchn_to_irq_lateeoi(), which does the right thing +by just binding that *local* event channel to an irq. The backend will +do the interdomain binding. + +This didn't affect the primary console because the setup for that is +special — the toolstack allocates the guest event channel and the guest +discovers it with HVMOP_get_param. + +Fixes: fe415186b43d ("xen/console: harden hvc_xen against event channel storms") +Signed-off-by: David Woodhouse +Reviewed-by: Juergen Gross +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20231020161529.355083-2-dwmw2@infradead.org +Signed-off-by: Greg Kroah-Hartman +--- + drivers/tty/hvc/hvc_xen.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/tty/hvc/hvc_xen.c ++++ b/drivers/tty/hvc/hvc_xen.c +@@ -436,7 +436,7 @@ static int xencons_connect_backend(struc + if (ret) + return ret; + info->evtchn = evtchn; +- irq = bind_interdomain_evtchn_to_irq_lateeoi(dev, evtchn); ++ irq = bind_evtchn_to_irq_lateeoi(evtchn); + if (irq < 0) + return irq; + info->irq = irq; diff --git a/queue-6.6/mm-damon-sysfs-remove-requested-targets-when-online-commit-inputs.patch b/queue-6.6/mm-damon-sysfs-remove-requested-targets-when-online-commit-inputs.patch new file mode 100644 index 00000000000..8c85e798c75 --- /dev/null +++ b/queue-6.6/mm-damon-sysfs-remove-requested-targets-when-online-commit-inputs.patch @@ -0,0 +1,129 @@ +From 19467a950b49432a84bf6dbadbbb17bdf89418b7 Mon Sep 17 00:00:00 2001 +From: SeongJae Park +Date: Sun, 22 Oct 2023 21:07:33 +0000 +Subject: mm/damon/sysfs: remove requested targets when online-commit inputs + +From: SeongJae Park + +commit 19467a950b49432a84bf6dbadbbb17bdf89418b7 upstream. + +damon_sysfs_set_targets(), which updates the targets of the context for +online commitment, do not remove targets that removed from the +corresponding sysfs files. As a result, more than intended targets of the +context can exist and hence consume memory and monitoring CPU resource +more than expected. + +Fix it by removing all targets of the context and fill up again using the +user input. This could cause unnecessary memory dealloc and realloc +operations, but this is not a hot code path. Also, note that damon_target +is stateless, and hence no data is lost. + +[sj@kernel.org: fix unnecessary monitoring results removal] + Link: https://lkml.kernel.org/r/20231028213353.45397-1-sj@kernel.org +Link: https://lkml.kernel.org/r/20231022210735.46409-2-sj@kernel.org +Fixes: da87878010e5 ("mm/damon/sysfs: support online inputs update") +Signed-off-by: SeongJae Park +Cc: Brendan Higgins +Cc: [5.19.x] +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman +--- + mm/damon/sysfs.c | 68 ++++++++++++++++++++++++++++--------------------------- + 1 file changed, 35 insertions(+), 33 deletions(-) + +--- a/mm/damon/sysfs.c ++++ b/mm/damon/sysfs.c +@@ -1150,58 +1150,60 @@ destroy_targets_out: + return err; + } + +-/* +- * Search a target in a context that corresponds to the sysfs target input. +- * +- * Return: pointer to the target if found, NULL if not found, or negative +- * error code if the search failed. +- */ +-static struct damon_target *damon_sysfs_existing_target( +- struct damon_sysfs_target *sys_target, struct damon_ctx *ctx) ++static int damon_sysfs_update_target(struct damon_target *target, ++ struct damon_ctx *ctx, ++ struct damon_sysfs_target *sys_target) + { + struct pid *pid; +- struct damon_target *t; ++ struct damon_region *r, *next; + +- if (!damon_target_has_pid(ctx)) { +- /* Up to only one target for paddr could exist */ +- damon_for_each_target(t, ctx) +- return t; +- return NULL; +- } ++ if (!damon_target_has_pid(ctx)) ++ return 0; + +- /* ops.id should be DAMON_OPS_VADDR or DAMON_OPS_FVADDR */ + pid = find_get_pid(sys_target->pid); + if (!pid) +- return ERR_PTR(-EINVAL); +- damon_for_each_target(t, ctx) { +- if (t->pid == pid) { +- put_pid(pid); +- return t; +- } ++ return -EINVAL; ++ ++ /* no change to the target */ ++ if (pid == target->pid) { ++ put_pid(pid); ++ return 0; + } +- put_pid(pid); +- return NULL; ++ ++ /* remove old monitoring results and update the target's pid */ ++ damon_for_each_region_safe(r, next, target) ++ damon_destroy_region(r, target); ++ put_pid(target->pid); ++ target->pid = pid; ++ return 0; + } + + static int damon_sysfs_set_targets(struct damon_ctx *ctx, + struct damon_sysfs_targets *sysfs_targets) + { +- int i, err; ++ struct damon_target *t, *next; ++ int i = 0, err; + + /* Multiple physical address space monitoring targets makes no sense */ + if (ctx->ops.id == DAMON_OPS_PADDR && sysfs_targets->nr > 1) + return -EINVAL; + +- for (i = 0; i < sysfs_targets->nr; i++) { ++ damon_for_each_target_safe(t, next, ctx) { ++ if (i < sysfs_targets->nr) { ++ damon_sysfs_update_target(t, ctx, ++ sysfs_targets->targets_arr[i]); ++ } else { ++ if (damon_target_has_pid(ctx)) ++ put_pid(t->pid); ++ damon_destroy_target(t); ++ } ++ i++; ++ } ++ ++ for (; i < sysfs_targets->nr; i++) { + struct damon_sysfs_target *st = sysfs_targets->targets_arr[i]; +- struct damon_target *t = damon_sysfs_existing_target(st, ctx); + +- if (IS_ERR(t)) +- return PTR_ERR(t); +- if (!t) +- err = damon_sysfs_add_target(st, ctx); +- else +- err = damon_sysfs_set_regions(t, st->regions); ++ err = damon_sysfs_add_target(st, ctx); + if (err) + return err; + } diff --git a/queue-6.6/mm-damon-sysfs-update-monitoring-target-regions-for-online-input-commit.patch b/queue-6.6/mm-damon-sysfs-update-monitoring-target-regions-for-online-input-commit.patch new file mode 100644 index 00000000000..c37854aea53 --- /dev/null +++ b/queue-6.6/mm-damon-sysfs-update-monitoring-target-regions-for-online-input-commit.patch @@ -0,0 +1,103 @@ +From 9732336006764e2ee61225387e3c70eae9139035 Mon Sep 17 00:00:00 2001 +From: SeongJae Park +Date: Tue, 31 Oct 2023 17:01:31 +0000 +Subject: mm/damon/sysfs: update monitoring target regions for online input commit + +From: SeongJae Park + +commit 9732336006764e2ee61225387e3c70eae9139035 upstream. + +When user input is committed online, DAMON sysfs interface is ignoring the +user input for the monitoring target regions. Such request is valid and +useful for fixed monitoring target regions-based monitoring ops like +'paddr' or 'fvaddr'. + +Update the region boundaries as user specified, too. Note that the +monitoring results of the regions that overlap between the latest +monitoring target regions and the new target regions are preserved. + +Treat empty monitoring target regions user request as a request to just +make no change to the monitoring target regions. Otherwise, users should +set the monitoring target regions same to current one for every online +input commit, and it could be challenging for dynamic monitoring target +regions update DAMON ops like 'vaddr'. If the user really need to remove +all monitoring target regions, they can simply remove the target and then +create the target again with empty target regions. + +Link: https://lkml.kernel.org/r/20231031170131.46972-1-sj@kernel.org +Fixes: da87878010e5 ("mm/damon/sysfs: support online inputs update") +Signed-off-by: SeongJae Park +Cc: [5.19+] +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman +--- + mm/damon/sysfs.c | 47 ++++++++++++++++++++++++++++++----------------- + 1 file changed, 30 insertions(+), 17 deletions(-) + +--- a/mm/damon/sysfs.c ++++ b/mm/damon/sysfs.c +@@ -1150,34 +1150,47 @@ destroy_targets_out: + return err; + } + +-static int damon_sysfs_update_target(struct damon_target *target, +- struct damon_ctx *ctx, +- struct damon_sysfs_target *sys_target) ++static int damon_sysfs_update_target_pid(struct damon_target *target, int pid) + { +- struct pid *pid; +- struct damon_region *r, *next; +- +- if (!damon_target_has_pid(ctx)) +- return 0; ++ struct pid *pid_new; + +- pid = find_get_pid(sys_target->pid); +- if (!pid) ++ pid_new = find_get_pid(pid); ++ if (!pid_new) + return -EINVAL; + +- /* no change to the target */ +- if (pid == target->pid) { +- put_pid(pid); ++ if (pid_new == target->pid) { ++ put_pid(pid_new); + return 0; + } + +- /* remove old monitoring results and update the target's pid */ +- damon_for_each_region_safe(r, next, target) +- damon_destroy_region(r, target); + put_pid(target->pid); +- target->pid = pid; ++ target->pid = pid_new; + return 0; + } + ++static int damon_sysfs_update_target(struct damon_target *target, ++ struct damon_ctx *ctx, ++ struct damon_sysfs_target *sys_target) ++{ ++ int err; ++ ++ if (damon_target_has_pid(ctx)) { ++ err = damon_sysfs_update_target_pid(target, sys_target->pid); ++ if (err) ++ return err; ++ } ++ ++ /* ++ * Do monitoring target region boundary update only if one or more ++ * regions are set by the user. This is for keeping current monitoring ++ * target results and range easier, especially for dynamic monitoring ++ * target regions update ops like 'vaddr'. ++ */ ++ if (sys_target->regions->nr) ++ err = damon_sysfs_set_regions(target, sys_target->regions); ++ return err; ++} ++ + static int damon_sysfs_set_targets(struct damon_ctx *ctx, + struct damon_sysfs_targets *sysfs_targets) + { diff --git a/queue-6.6/pci-sysfs-protect-driver-s-d3cold-preference-from-user-space.patch b/queue-6.6/pci-sysfs-protect-driver-s-d3cold-preference-from-user-space.patch new file mode 100644 index 00000000000..f9d1a595813 --- /dev/null +++ b/queue-6.6/pci-sysfs-protect-driver-s-d3cold-preference-from-user-space.patch @@ -0,0 +1,69 @@ +From 70b70a4307cccebe91388337b1c85735ce4de6ff Mon Sep 17 00:00:00 2001 +From: Lukas Wunner +Date: Mon, 18 Sep 2023 14:48:01 +0200 +Subject: PCI/sysfs: Protect driver's D3cold preference from user space + +From: Lukas Wunner + +commit 70b70a4307cccebe91388337b1c85735ce4de6ff upstream. + +struct pci_dev contains two flags which govern whether the device may +suspend to D3cold: + +* no_d3cold provides an opt-out for drivers (e.g. if a device is known + to not wake from D3cold) + +* d3cold_allowed provides an opt-out for user space (default is true, + user space may set to false) + +Since commit 9d26d3a8f1b0 ("PCI: Put PCIe ports into D3 during suspend"), +the user space setting overwrites the driver setting. Essentially user +space is trusted to know better than the driver whether D3cold is +working. + +That feels unsafe and wrong. Assume that the change was introduced +inadvertently and do not overwrite no_d3cold when d3cold_allowed is +modified. Instead, consider d3cold_allowed in addition to no_d3cold +when choosing a suspend state for the device. + +That way, user space may opt out of D3cold if the driver hasn't, but it +may no longer force an opt in if the driver has opted out. + +Fixes: 9d26d3a8f1b0 ("PCI: Put PCIe ports into D3 during suspend") +Link: https://lore.kernel.org/r/b8a7f4af2b73f6b506ad8ddee59d747cbf834606.1695025365.git.lukas@wunner.de +Signed-off-by: Lukas Wunner +Signed-off-by: Bjorn Helgaas +Reviewed-by: Mika Westerberg +Reviewed-by: Mario Limonciello +Cc: stable@vger.kernel.org # v4.8+ +Signed-off-by: Greg Kroah-Hartman +--- + drivers/pci/pci-acpi.c | 2 +- + drivers/pci/pci-sysfs.c | 5 +---- + 2 files changed, 2 insertions(+), 5 deletions(-) + +--- a/drivers/pci/pci-acpi.c ++++ b/drivers/pci/pci-acpi.c +@@ -911,7 +911,7 @@ pci_power_t acpi_pci_choose_state(struct + { + int acpi_state, d_max; + +- if (pdev->no_d3cold) ++ if (pdev->no_d3cold || !pdev->d3cold_allowed) + d_max = ACPI_STATE_D3_HOT; + else + d_max = ACPI_STATE_D3_COLD; +--- a/drivers/pci/pci-sysfs.c ++++ b/drivers/pci/pci-sysfs.c +@@ -529,10 +529,7 @@ static ssize_t d3cold_allowed_store(stru + return -EINVAL; + + pdev->d3cold_allowed = !!val; +- if (pdev->d3cold_allowed) +- pci_d3cold_enable(pdev); +- else +- pci_d3cold_disable(pdev); ++ pci_bridge_d3_update(pdev); + + pm_runtime_resume(dev); + diff --git a/queue-6.6/proc-sysctl-prevent-aliased-sysctls-from-getting-passed-to-init.patch b/queue-6.6/proc-sysctl-prevent-aliased-sysctls-from-getting-passed-to-init.patch new file mode 100644 index 00000000000..cdd82680116 --- /dev/null +++ b/queue-6.6/proc-sysctl-prevent-aliased-sysctls-from-getting-passed-to-init.patch @@ -0,0 +1,79 @@ +From 8001f49394e353f035306a45bcf504f06fca6355 Mon Sep 17 00:00:00 2001 +From: Krister Johansen +Date: Fri, 27 Oct 2023 14:46:40 -0700 +Subject: proc: sysctl: prevent aliased sysctls from getting passed to init + +From: Krister Johansen + +commit 8001f49394e353f035306a45bcf504f06fca6355 upstream. + +The code that checks for unknown boot options is unaware of the sysctl +alias facility, which maps bootparams to sysctl values. If a user sets +an old value that has a valid alias, a message about an invalid +parameter will be printed during boot, and the parameter will get passed +to init. Fix by checking for the existence of aliased parameters in the +unknown boot parameter code. If an alias exists, don't return an error +or pass the value to init. + +Signed-off-by: Krister Johansen +Cc: stable@vger.kernel.org +Fixes: 0a477e1ae21b ("kernel/sysctl: support handling command line aliases") +Signed-off-by: Luis Chamberlain +Signed-off-by: Greg Kroah-Hartman +--- + fs/proc/proc_sysctl.c | 7 +++++++ + include/linux/sysctl.h | 6 ++++++ + init/main.c | 4 ++++ + 3 files changed, 17 insertions(+) + +--- a/fs/proc/proc_sysctl.c ++++ b/fs/proc/proc_sysctl.c +@@ -1592,6 +1592,13 @@ static const char *sysctl_find_alias(cha + return NULL; + } + ++bool sysctl_is_alias(char *param) ++{ ++ const char *alias = sysctl_find_alias(param); ++ ++ return alias != NULL; ++} ++ + /* Set sysctl value passed on kernel command line. */ + static int process_sysctl_arg(char *param, char *val, + const char *unused, void *arg) +--- a/include/linux/sysctl.h ++++ b/include/linux/sysctl.h +@@ -242,6 +242,7 @@ extern void __register_sysctl_init(const + extern struct ctl_table_header *register_sysctl_mount_point(const char *path); + + void do_sysctl_args(void); ++bool sysctl_is_alias(char *param); + int do_proc_douintvec(struct ctl_table *table, int write, + void *buffer, size_t *lenp, loff_t *ppos, + int (*conv)(unsigned long *lvalp, +@@ -287,6 +288,11 @@ static inline void setup_sysctl_set(stru + static inline void do_sysctl_args(void) + { + } ++ ++static inline bool sysctl_is_alias(char *param) ++{ ++ return false; ++} + #endif /* CONFIG_SYSCTL */ + + int sysctl_max_threads(struct ctl_table *table, int write, void *buffer, +--- a/init/main.c ++++ b/init/main.c +@@ -530,6 +530,10 @@ static int __init unknown_bootoption(cha + { + size_t len = strlen(param); + ++ /* Handle params aliased to sysctls */ ++ if (sysctl_is_alias(param)) ++ return 0; ++ + repair_env_string(param, val); + + /* Handle obsolete-style parameters */ diff --git a/queue-6.6/sched-psi-fix-unprivileged-polling-against-cgroups.patch b/queue-6.6/sched-psi-fix-unprivileged-polling-against-cgroups.patch new file mode 100644 index 00000000000..b6453bf9d9b --- /dev/null +++ b/queue-6.6/sched-psi-fix-unprivileged-polling-against-cgroups.patch @@ -0,0 +1,97 @@ +From 8b39d20eceeda6c4eb23df1497f9ed2fffdc8f69 Mon Sep 17 00:00:00 2001 +From: Johannes Weiner +Date: Thu, 26 Oct 2023 12:41:14 -0400 +Subject: sched: psi: fix unprivileged polling against cgroups + +From: Johannes Weiner + +commit 8b39d20eceeda6c4eb23df1497f9ed2fffdc8f69 upstream. + +519fabc7aaba ("psi: remove 500ms min window size limitation for +triggers") breaks unprivileged psi polling on cgroups. + +Historically, we had a privilege check for polling in the open() of a +pressure file in /proc, but were erroneously missing it for the open() +of cgroup pressure files. + +When unprivileged polling was introduced in d82caa273565 ("sched/psi: +Allow unprivileged polling of N*2s period"), it needed to filter +privileges depending on the exact polling parameters, and as such +moved the CAP_SYS_RESOURCE check from the proc open() callback to +psi_trigger_create(). Both the proc files as well as cgroup files go +through this during write(). This implicitly added the missing check +for privileges required for HT polling for cgroups. + +When 519fabc7aaba ("psi: remove 500ms min window size limitation for +triggers") followed right after to remove further restrictions on the +RT polling window, it incorrectly assumed the cgroup privilege check +was still missing and added it to the cgroup open(), mirroring what we +used to do for proc files in the past. + +As a result, unprivileged poll requests that would be supported now +get rejected when opening the cgroup pressure file for writing. + +Remove the cgroup open() check. psi_trigger_create() handles it. + +Fixes: 519fabc7aaba ("psi: remove 500ms min window size limitation for triggers") +Reported-by: Luca Boccassi +Signed-off-by: Johannes Weiner +Signed-off-by: Peter Zijlstra (Intel) +Acked-by: Luca Boccassi +Acked-by: Suren Baghdasaryan +Cc: stable@vger.kernel.org # 6.5+ +Link: https://lore.kernel.org/r/20231026164114.2488682-1-hannes@cmpxchg.org +Signed-off-by: Greg Kroah-Hartman +--- + kernel/cgroup/cgroup.c | 12 ------------ + 1 file changed, 12 deletions(-) + +--- a/kernel/cgroup/cgroup.c ++++ b/kernel/cgroup/cgroup.c +@@ -3867,14 +3867,6 @@ static __poll_t cgroup_pressure_poll(str + return psi_trigger_poll(&ctx->psi.trigger, of->file, pt); + } + +-static int cgroup_pressure_open(struct kernfs_open_file *of) +-{ +- if (of->file->f_mode & FMODE_WRITE && !capable(CAP_SYS_RESOURCE)) +- return -EPERM; +- +- return 0; +-} +- + static void cgroup_pressure_release(struct kernfs_open_file *of) + { + struct cgroup_file_ctx *ctx = of->priv; +@@ -5275,7 +5267,6 @@ static struct cftype cgroup_psi_files[] + { + .name = "io.pressure", + .file_offset = offsetof(struct cgroup, psi_files[PSI_IO]), +- .open = cgroup_pressure_open, + .seq_show = cgroup_io_pressure_show, + .write = cgroup_io_pressure_write, + .poll = cgroup_pressure_poll, +@@ -5284,7 +5275,6 @@ static struct cftype cgroup_psi_files[] + { + .name = "memory.pressure", + .file_offset = offsetof(struct cgroup, psi_files[PSI_MEM]), +- .open = cgroup_pressure_open, + .seq_show = cgroup_memory_pressure_show, + .write = cgroup_memory_pressure_write, + .poll = cgroup_pressure_poll, +@@ -5293,7 +5283,6 @@ static struct cftype cgroup_psi_files[] + { + .name = "cpu.pressure", + .file_offset = offsetof(struct cgroup, psi_files[PSI_CPU]), +- .open = cgroup_pressure_open, + .seq_show = cgroup_cpu_pressure_show, + .write = cgroup_cpu_pressure_write, + .poll = cgroup_pressure_poll, +@@ -5303,7 +5292,6 @@ static struct cftype cgroup_psi_files[] + { + .name = "irq.pressure", + .file_offset = offsetof(struct cgroup, psi_files[PSI_IRQ]), +- .open = cgroup_pressure_open, + .seq_show = cgroup_irq_pressure_show, + .write = cgroup_irq_pressure_write, + .poll = cgroup_pressure_poll, diff --git a/queue-6.6/series b/queue-6.6/series index c82996cacef..88701ed9ea8 100644 --- a/queue-6.6/series +++ b/queue-6.6/series @@ -259,3 +259,16 @@ kvm-x86-ignore-msr_amd64_tw_cfg-access.patch kvm-x86-clear-bit12-of-icr-after-apic-write-vm-exit.patch kvm-x86-fix-lapic-timer-interrupt-lost-after-loading-a-snapshot.patch mmc-sdhci-pci-gli-gl9755-mask-the-replay-timer-timeout-of-aer.patch +sched-psi-fix-unprivileged-polling-against-cgroups.patch +audit-don-t-take-task_lock-in-audit_exe_compare-code-path.patch +audit-don-t-warn_on_once-current-mm-in-audit_exe_compare.patch +proc-sysctl-prevent-aliased-sysctls-from-getting-passed-to-init.patch +tty-sysrq-replace-smp_processor_id-with-get_cpu.patch +tty-serial-meson-fix-hard-lockup-on-crtscts-mode.patch +acpi-processor-sanitize-_osc-_pdc-capabilities-for-xen-dom0.patch +hvc-xen-fix-console-unplug.patch +hvc-xen-fix-error-path-in-xen_hvc_init-to-always-register-frontend-driver.patch +hvc-xen-fix-event-channel-handling-for-secondary-consoles.patch +pci-sysfs-protect-driver-s-d3cold-preference-from-user-space.patch +mm-damon-sysfs-remove-requested-targets-when-online-commit-inputs.patch +mm-damon-sysfs-update-monitoring-target-regions-for-online-input-commit.patch diff --git a/queue-6.6/tty-serial-meson-fix-hard-lockup-on-crtscts-mode.patch b/queue-6.6/tty-serial-meson-fix-hard-lockup-on-crtscts-mode.patch new file mode 100644 index 00000000000..3fe65c7dca7 --- /dev/null +++ b/queue-6.6/tty-serial-meson-fix-hard-lockup-on-crtscts-mode.patch @@ -0,0 +1,82 @@ +From 2a1d728f20edeee7f26dc307ed9df4e0d23947ab Mon Sep 17 00:00:00 2001 +From: Pavel Krasavin +Date: Sat, 14 Oct 2023 11:39:26 +0000 +Subject: tty: serial: meson: fix hard LOCKUP on crtscts mode + +From: Pavel Krasavin + +commit 2a1d728f20edeee7f26dc307ed9df4e0d23947ab upstream. + +There might be hard lockup if we set crtscts mode on port without RTS/CTS configured: + +# stty -F /dev/ttyAML6 crtscts; echo 1 > /dev/ttyAML6; echo 2 > /dev/ttyAML6 +[ 95.890386] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: +[ 95.890857] rcu: 3-...0: (201 ticks this GP) idle=e33c/1/0x4000000000000000 softirq=5844/5846 fqs=4984 +[ 95.900212] rcu: (detected by 2, t=21016 jiffies, g=7753, q=296 ncpus=4) +[ 95.906972] Task dump for CPU 3: +[ 95.910178] task:bash state:R running task stack:0 pid:205 ppid:1 flags:0x00000202 +[ 95.920059] Call trace: +[ 95.922485] __switch_to+0xe4/0x168 +[ 95.925951] 0xffffff8003477508 +[ 95.974379] watchdog: Watchdog detected hard LOCKUP on cpu 3 +[ 95.974424] Modules linked in: 88x2cs(O) rtc_meson_vrtc + +Possible solution would be to not allow to setup crtscts on such port. + +Tested on S905X3 based board. + +Fixes: ff7693d079e5 ("ARM: meson: serial: add MesonX SoC on-chip uart driver") +Cc: stable@vger.kernel.org +Signed-off-by: Pavel Krasavin +Reviewed-by: Neil Armstrong +Reviewed-by: Dmitry Rokosov +Signed-off-by: Greg Kroah-Hartman +--- + drivers/tty/serial/meson_uart.c | 14 +++++++++++--- + 1 file changed, 11 insertions(+), 3 deletions(-) + +--- a/drivers/tty/serial/meson_uart.c ++++ b/drivers/tty/serial/meson_uart.c +@@ -380,10 +380,14 @@ static void meson_uart_set_termios(struc + else + val |= AML_UART_STOP_BIT_1SB; + +- if (cflags & CRTSCTS) +- val &= ~AML_UART_TWO_WIRE_EN; +- else ++ if (cflags & CRTSCTS) { ++ if (port->flags & UPF_HARD_FLOW) ++ val &= ~AML_UART_TWO_WIRE_EN; ++ else ++ termios->c_cflag &= ~CRTSCTS; ++ } else { + val |= AML_UART_TWO_WIRE_EN; ++ } + + writel(val, port->membase + AML_UART_CONTROL); + +@@ -705,6 +709,7 @@ static int meson_uart_probe(struct platf + u32 fifosize = 64; /* Default is 64, 128 for EE UART_0 */ + int ret = 0; + int irq; ++ bool has_rtscts; + + if (pdev->dev.of_node) + pdev->id = of_alias_get_id(pdev->dev.of_node, "serial"); +@@ -732,6 +737,7 @@ static int meson_uart_probe(struct platf + return irq; + + of_property_read_u32(pdev->dev.of_node, "fifo-size", &fifosize); ++ has_rtscts = of_property_read_bool(pdev->dev.of_node, "uart-has-rtscts"); + + if (meson_ports[pdev->id]) { + return dev_err_probe(&pdev->dev, -EBUSY, +@@ -762,6 +768,8 @@ static int meson_uart_probe(struct platf + port->mapsize = resource_size(res_mem); + port->irq = irq; + port->flags = UPF_BOOT_AUTOCONF | UPF_LOW_LATENCY; ++ if (has_rtscts) ++ port->flags |= UPF_HARD_FLOW; + port->has_sysrq = IS_ENABLED(CONFIG_SERIAL_MESON_CONSOLE); + port->dev = &pdev->dev; + port->line = pdev->id; diff --git a/queue-6.6/tty-sysrq-replace-smp_processor_id-with-get_cpu.patch b/queue-6.6/tty-sysrq-replace-smp_processor_id-with-get_cpu.patch new file mode 100644 index 00000000000..643a434d2b6 --- /dev/null +++ b/queue-6.6/tty-sysrq-replace-smp_processor_id-with-get_cpu.patch @@ -0,0 +1,72 @@ +From dd976a97d15b47656991e185a94ef42a0fa5cfd4 Mon Sep 17 00:00:00 2001 +From: Muhammad Usama Anjum +Date: Mon, 9 Oct 2023 21:20:20 +0500 +Subject: tty/sysrq: replace smp_processor_id() with get_cpu() + +From: Muhammad Usama Anjum + +commit dd976a97d15b47656991e185a94ef42a0fa5cfd4 upstream. + +The smp_processor_id() shouldn't be called from preemptible code. +Instead use get_cpu() and put_cpu() which disables preemption in +addition to getting the processor id. Enable preemption back after +calling schedule_work() to make sure that the work gets scheduled on all +cores other than the current core. We want to avoid a scenario where +current core's stack trace is printed multiple times and one core's +stack trace isn't printed because of scheduling of current task. + +This fixes the following bug: + +[ 119.143590] sysrq: Show backtrace of all active CPUs +[ 119.143902] BUG: using smp_processor_id() in preemptible [00000000] code: bash/873 +[ 119.144586] caller is debug_smp_processor_id+0x20/0x30 +[ 119.144827] CPU: 6 PID: 873 Comm: bash Not tainted 5.10.124-dirty #3 +[ 119.144861] Hardware name: QEMU QEMU Virtual Machine, BIOS 2023.05-1 07/22/2023 +[ 119.145053] Call trace: +[ 119.145093] dump_backtrace+0x0/0x1a0 +[ 119.145122] show_stack+0x18/0x70 +[ 119.145141] dump_stack+0xc4/0x11c +[ 119.145159] check_preemption_disabled+0x100/0x110 +[ 119.145175] debug_smp_processor_id+0x20/0x30 +[ 119.145195] sysrq_handle_showallcpus+0x20/0xc0 +[ 119.145211] __handle_sysrq+0x8c/0x1a0 +[ 119.145227] write_sysrq_trigger+0x94/0x12c +[ 119.145247] proc_reg_write+0xa8/0xe4 +[ 119.145266] vfs_write+0xec/0x280 +[ 119.145282] ksys_write+0x6c/0x100 +[ 119.145298] __arm64_sys_write+0x20/0x30 +[ 119.145315] el0_svc_common.constprop.0+0x78/0x1e4 +[ 119.145332] do_el0_svc+0x24/0x8c +[ 119.145348] el0_svc+0x10/0x20 +[ 119.145364] el0_sync_handler+0x134/0x140 +[ 119.145381] el0_sync+0x180/0x1c0 + +Cc: jirislaby@kernel.org +Cc: stable@vger.kernel.org +Fixes: 47cab6a722d4 ("debug lockups: Improve lockup detection, fix generic arch fallback") +Signed-off-by: Muhammad Usama Anjum +Link: https://lore.kernel.org/r/20231009162021.3607632-1-usama.anjum@collabora.com +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Greg Kroah-Hartman +--- + drivers/tty/sysrq.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/tty/sysrq.c ++++ b/drivers/tty/sysrq.c +@@ -262,13 +262,14 @@ static void sysrq_handle_showallcpus(u8 + if (in_hardirq()) + regs = get_irq_regs(); + +- pr_info("CPU%d:\n", smp_processor_id()); ++ pr_info("CPU%d:\n", get_cpu()); + if (regs) + show_regs(regs); + else + show_stack(NULL, NULL, KERN_INFO); + + schedule_work(&sysrq_showallcpus); ++ put_cpu(); + } + } +