From: Greg Kroah-Hartman Date: Tue, 27 Aug 2024 13:20:14 +0000 (+0200) Subject: 5.15-stable patches X-Git-Tag: v6.1.107~17 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=5d41fa592cf43a0cabcebace7ee9b2588da1cce5;p=thirdparty%2Fkernel%2Fstable-queue.git 5.15-stable patches added patches: alsa-timer-relax-start-tick-time-check-for-slave-timer-elements.patch bluetooth-hci_ldisc-check-hci_uart_proto_ready-flag-in-hciuartgetproto.patch mm-numa-no-task_numa_fault-call-if-pmd-is-changed.patch mm-numa-no-task_numa_fault-call-if-pte-is-changed.patch --- diff --git a/queue-5.15/alsa-timer-relax-start-tick-time-check-for-slave-timer-elements.patch b/queue-5.15/alsa-timer-relax-start-tick-time-check-for-slave-timer-elements.patch new file mode 100644 index 00000000000..8ca96780a47 --- /dev/null +++ b/queue-5.15/alsa-timer-relax-start-tick-time-check-for-slave-timer-elements.patch @@ -0,0 +1,38 @@ +From ccbfcac05866ebe6eb3bc6d07b51d4ed4fcde436 Mon Sep 17 00:00:00 2001 +From: Takashi Iwai +Date: Sat, 10 Aug 2024 10:48:32 +0200 +Subject: ALSA: timer: Relax start tick time check for slave timer elements + +From: Takashi Iwai + +commit ccbfcac05866ebe6eb3bc6d07b51d4ed4fcde436 upstream. + +The recent addition of a sanity check for a too low start tick time +seems breaking some applications that uses aloop with a certain slave +timer setup. They may have the initial resolution 0, hence it's +treated as if it were a too low value. + +Relax and skip the check for the slave timer instance for addressing +the regression. + +Fixes: 4a63bd179fa8 ("ALSA: timer: Set lower bound of start tick time") +Cc: +Link: https://github.com/raspberrypi/linux/issues/6294 +Link: https://patch.msgid.link/20240810084833.10939-1-tiwai@suse.de +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman +--- + sound/core/timer.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/sound/core/timer.c ++++ b/sound/core/timer.c +@@ -556,7 +556,7 @@ static int snd_timer_start1(struct snd_t + /* check the actual time for the start tick; + * bail out as error if it's way too low (< 100us) + */ +- if (start) { ++ if (start && !(timer->hw.flags & SNDRV_TIMER_HW_SLAVE)) { + if ((u64)snd_timer_hw_resolution(timer) * ticks < 100000) { + result = -EINVAL; + goto unlock; diff --git a/queue-5.15/bluetooth-hci_ldisc-check-hci_uart_proto_ready-flag-in-hciuartgetproto.patch b/queue-5.15/bluetooth-hci_ldisc-check-hci_uart_proto_ready-flag-in-hciuartgetproto.patch new file mode 100644 index 00000000000..068ec9b8da3 --- /dev/null +++ b/queue-5.15/bluetooth-hci_ldisc-check-hci_uart_proto_ready-flag-in-hciuartgetproto.patch @@ -0,0 +1,42 @@ +From 9c33663af9ad115f90c076a1828129a3fbadea98 Mon Sep 17 00:00:00 2001 +From: "Lee, Chun-Yi" +Date: Mon, 10 Jul 2023 23:17:23 +0800 +Subject: Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO + +From: Lee, Chun-Yi + +commit 9c33663af9ad115f90c076a1828129a3fbadea98 upstream. + +This patch adds code to check HCI_UART_PROTO_READY flag before +accessing hci_uart->proto. It fixes the race condition in +hci_uart_tty_ioctl() between HCIUARTSETPROTO and HCIUARTGETPROTO. +This issue bug found by Yu Hao and Weiteng Chen: + +BUG: general protection fault in hci_uart_tty_ioctl [1] + +The information of C reproducer can also reference the link [2] + +Reported-by: Yu Hao +Closes: https://lore.kernel.org/all/CA+UBctC3p49aTgzbVgkSZ2+TQcqq4fPDO7yZitFT5uBPDeCO2g@mail.gmail.com/ [1] +Reported-by: Weiteng Chen +Closes: https://lore.kernel.org/lkml/CA+UBctDPEvHdkHMwD340=n02rh+jNRJNNQ5LBZNA+Wm4Keh2ow@mail.gmail.com/T/ [2] +Signed-off-by: "Lee, Chun-Yi" +Signed-off-by: Luiz Augusto von Dentz +Signed-off-by: Harshit Mogalapalli +Signed-off-by: Greg Kroah-Hartman +--- + drivers/bluetooth/hci_ldisc.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/bluetooth/hci_ldisc.c ++++ b/drivers/bluetooth/hci_ldisc.c +@@ -768,7 +768,8 @@ static int hci_uart_tty_ioctl(struct tty + break; + + case HCIUARTGETPROTO: +- if (test_bit(HCI_UART_PROTO_SET, &hu->flags)) ++ if (test_bit(HCI_UART_PROTO_SET, &hu->flags) && ++ test_bit(HCI_UART_PROTO_READY, &hu->flags)) + err = hu->proto->id; + else + err = -EUNATCH; diff --git a/queue-5.15/mm-numa-no-task_numa_fault-call-if-pmd-is-changed.patch b/queue-5.15/mm-numa-no-task_numa_fault-call-if-pmd-is-changed.patch new file mode 100644 index 00000000000..b85bec1a7fa --- /dev/null +++ b/queue-5.15/mm-numa-no-task_numa_fault-call-if-pmd-is-changed.patch @@ -0,0 +1,94 @@ +From fd8c35a92910f4829b7c99841f39b1b952c259d5 Mon Sep 17 00:00:00 2001 +From: Zi Yan +Date: Fri, 9 Aug 2024 10:59:05 -0400 +Subject: mm/numa: no task_numa_fault() call if PMD is changed + +From: Zi Yan + +commit fd8c35a92910f4829b7c99841f39b1b952c259d5 upstream. + +When handling a numa page fault, task_numa_fault() should be called by a +process that restores the page table of the faulted folio to avoid +duplicated stats counting. Commit c5b5a3dd2c1f ("mm: thp: refactor NUMA +fault handling") restructured do_huge_pmd_numa_page() and did not avoid +task_numa_fault() call in the second page table check after a numa +migration failure. Fix it by making all !pmd_same() return immediately. + +This issue can cause task_numa_fault() being called more than necessary +and lead to unexpected numa balancing results (It is hard to tell whether +the issue will cause positive or negative performance impact due to +duplicated numa fault counting). + +Link: https://lkml.kernel.org/r/20240809145906.1513458-3-ziy@nvidia.com +Fixes: c5b5a3dd2c1f ("mm: thp: refactor NUMA fault handling") +Reported-by: "Huang, Ying" +Closes: https://lore.kernel.org/linux-mm/87zfqfw0yw.fsf@yhuang6-desk2.ccr.corp.intel.com/ +Signed-off-by: Zi Yan +Acked-by: David Hildenbrand +Cc: Baolin Wang +Cc: "Huang, Ying" +Cc: Kefeng Wang +Cc: Mel Gorman +Cc: Yang Shi +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman +--- + mm/huge_memory.c | 30 +++++++++++++----------------- + 1 file changed, 13 insertions(+), 17 deletions(-) + +--- a/mm/huge_memory.c ++++ b/mm/huge_memory.c +@@ -1437,7 +1437,7 @@ vm_fault_t do_huge_pmd_numa_page(struct + vmf->ptl = pmd_lock(vma->vm_mm, vmf->pmd); + if (unlikely(!pmd_same(oldpmd, *vmf->pmd))) { + spin_unlock(vmf->ptl); +- goto out; ++ return 0; + } + + pmd = pmd_modify(oldpmd, vma->vm_page_prot); +@@ -1465,23 +1465,16 @@ vm_fault_t do_huge_pmd_numa_page(struct + if (migrated) { + flags |= TNF_MIGRATED; + page_nid = target_nid; +- } else { +- flags |= TNF_MIGRATE_FAIL; +- vmf->ptl = pmd_lock(vma->vm_mm, vmf->pmd); +- if (unlikely(!pmd_same(oldpmd, *vmf->pmd))) { +- spin_unlock(vmf->ptl); +- goto out; +- } +- goto out_map; ++ task_numa_fault(last_cpupid, page_nid, HPAGE_PMD_NR, flags); ++ return 0; + } + +-out: +- if (page_nid != NUMA_NO_NODE) +- task_numa_fault(last_cpupid, page_nid, HPAGE_PMD_NR, +- flags); +- +- return 0; +- ++ flags |= TNF_MIGRATE_FAIL; ++ vmf->ptl = pmd_lock(vma->vm_mm, vmf->pmd); ++ if (unlikely(!pmd_same(oldpmd, *vmf->pmd))) { ++ spin_unlock(vmf->ptl); ++ return 0; ++ } + out_map: + /* Restore the PMD */ + pmd = pmd_modify(oldpmd, vma->vm_page_prot); +@@ -1491,7 +1484,10 @@ out_map: + set_pmd_at(vma->vm_mm, haddr, vmf->pmd, pmd); + update_mmu_cache_pmd(vma, vmf->address, vmf->pmd); + spin_unlock(vmf->ptl); +- goto out; ++ ++ if (page_nid != NUMA_NO_NODE) ++ task_numa_fault(last_cpupid, page_nid, HPAGE_PMD_NR, flags); ++ return 0; + } + + /* diff --git a/queue-5.15/mm-numa-no-task_numa_fault-call-if-pte-is-changed.patch b/queue-5.15/mm-numa-no-task_numa_fault-call-if-pte-is-changed.patch new file mode 100644 index 00000000000..71b99a98be0 --- /dev/null +++ b/queue-5.15/mm-numa-no-task_numa_fault-call-if-pte-is-changed.patch @@ -0,0 +1,93 @@ +From 40b760cfd44566bca791c80e0720d70d75382b84 Mon Sep 17 00:00:00 2001 +From: Zi Yan +Date: Fri, 9 Aug 2024 10:59:04 -0400 +Subject: mm/numa: no task_numa_fault() call if PTE is changed + +From: Zi Yan + +commit 40b760cfd44566bca791c80e0720d70d75382b84 upstream. + +When handling a numa page fault, task_numa_fault() should be called by a +process that restores the page table of the faulted folio to avoid +duplicated stats counting. Commit b99a342d4f11 ("NUMA balancing: reduce +TLB flush via delaying mapping on hint page fault") restructured +do_numa_page() and did not avoid task_numa_fault() call in the second page +table check after a numa migration failure. Fix it by making all +!pte_same() return immediately. + +This issue can cause task_numa_fault() being called more than necessary +and lead to unexpected numa balancing results (It is hard to tell whether +the issue will cause positive or negative performance impact due to +duplicated numa fault counting). + +Link: https://lkml.kernel.org/r/20240809145906.1513458-2-ziy@nvidia.com +Fixes: b99a342d4f11 ("NUMA balancing: reduce TLB flush via delaying mapping on hint page fault") +Signed-off-by: Zi Yan +Reported-by: "Huang, Ying" +Closes: https://lore.kernel.org/linux-mm/87zfqfw0yw.fsf@yhuang6-desk2.ccr.corp.intel.com/ +Acked-by: David Hildenbrand +Cc: Baolin Wang +Cc: Kefeng Wang +Cc: Mel Gorman +Cc: Yang Shi +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman +--- + mm/memory.c | 29 ++++++++++++++--------------- + 1 file changed, 14 insertions(+), 15 deletions(-) + +--- a/mm/memory.c ++++ b/mm/memory.c +@@ -4407,7 +4407,7 @@ static vm_fault_t do_numa_page(struct vm + spin_lock(vmf->ptl); + if (unlikely(!pte_same(*vmf->pte, vmf->orig_pte))) { + pte_unmap_unlock(vmf->pte, vmf->ptl); +- goto out; ++ return 0; + } + + /* Get the normal PTE */ +@@ -4454,21 +4454,17 @@ static vm_fault_t do_numa_page(struct vm + if (migrate_misplaced_page(page, vma, target_nid)) { + page_nid = target_nid; + flags |= TNF_MIGRATED; +- } else { +- flags |= TNF_MIGRATE_FAIL; +- vmf->pte = pte_offset_map(vmf->pmd, vmf->address); +- spin_lock(vmf->ptl); +- if (unlikely(!pte_same(*vmf->pte, vmf->orig_pte))) { +- pte_unmap_unlock(vmf->pte, vmf->ptl); +- goto out; +- } +- goto out_map; ++ task_numa_fault(last_cpupid, page_nid, 1, flags); ++ return 0; + } + +-out: +- if (page_nid != NUMA_NO_NODE) +- task_numa_fault(last_cpupid, page_nid, 1, flags); +- return 0; ++ flags |= TNF_MIGRATE_FAIL; ++ vmf->pte = pte_offset_map(vmf->pmd, vmf->address); ++ spin_lock(vmf->ptl); ++ if (unlikely(!pte_same(*vmf->pte, vmf->orig_pte))) { ++ pte_unmap_unlock(vmf->pte, vmf->ptl); ++ return 0; ++ } + out_map: + /* + * Make it present again, depending on how arch implements +@@ -4482,7 +4478,10 @@ out_map: + ptep_modify_prot_commit(vma, vmf->address, vmf->pte, old_pte, pte); + update_mmu_cache(vma, vmf->address, vmf->pte); + pte_unmap_unlock(vmf->pte, vmf->ptl); +- goto out; ++ ++ if (page_nid != NUMA_NO_NODE) ++ task_numa_fault(last_cpupid, page_nid, 1, flags); ++ return 0; + } + + static inline vm_fault_t create_huge_pmd(struct vm_fault *vmf) diff --git a/queue-5.15/series b/queue-5.15/series index 39a77aab93c..7bb15edd844 100644 --- a/queue-5.15/series +++ b/queue-5.15/series @@ -166,3 +166,7 @@ kvm-arm64-make-icc_-sgi-_el1-undef-in-the-absence-of-a-vgicv3.patch mmc-dw_mmc-allow-biu-and-ciu-clocks-to-defer.patch revert-drm-amd-display-validate-hw_points_num-before-using-it.patch hwmon-ltc2992-fix-memory-leak-in-ltc2992_parse_dt.patch +alsa-timer-relax-start-tick-time-check-for-slave-timer-elements.patch +mm-numa-no-task_numa_fault-call-if-pmd-is-changed.patch +mm-numa-no-task_numa_fault-call-if-pte-is-changed.patch +bluetooth-hci_ldisc-check-hci_uart_proto_ready-flag-in-hciuartgetproto.patch