From: Greg Kroah-Hartman Date: Fri, 24 Nov 2023 13:43:16 +0000 (+0000) Subject: 5.10-stable patches X-Git-Tag: v4.14.331~54 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a2ab28159dea9f67eaad360f31ab4fe81788408a;p=thirdparty%2Fkernel%2Fstable-queue.git 5.10-stable patches added patches: media-qcom-camss-fix-vfe_get-error-jump.patch mm-kmem-drop-__gfp_nofail-when-allocating-objcg-vectors.patch --- diff --git a/queue-5.10/media-qcom-camss-fix-vfe_get-error-jump.patch b/queue-5.10/media-qcom-camss-fix-vfe_get-error-jump.patch new file mode 100644 index 00000000000..f4151040386 --- /dev/null +++ b/queue-5.10/media-qcom-camss-fix-vfe_get-error-jump.patch @@ -0,0 +1,99 @@ +From 26bda3da00c3edef727a6acb00ed2eb4b22f8723 Mon Sep 17 00:00:00 2001 +From: Bryan O'Donoghue +Date: Wed, 30 Aug 2023 16:16:09 +0100 +Subject: media: qcom: camss: Fix vfe_get() error jump + +From: Bryan O'Donoghue + +commit 26bda3da00c3edef727a6acb00ed2eb4b22f8723 upstream. + +Right now it is possible to do a vfe_get() with the internal reference +count at 1. If vfe_check_clock_rates() returns non-zero then we will +leave the reference count as-is and + +run: +- pm_runtime_put_sync() +- vfe->ops->pm_domain_off() + +skip: +- camss_disable_clocks() + +Subsequent vfe_put() calls will when the ref-count is non-zero +unconditionally run: + +- pm_runtime_put_sync() +- vfe->ops->pm_domain_off() +- camss_disable_clocks() + +vfe_get() should not attempt to roll-back on error when the ref-count is +non-zero as the upper layers will still do their own vfe_put() operations. + +vfe_put() will drop the reference count and do the necessary power +domain release, the cleanup jumps in vfe_get() should only be run when +the ref-count is zero. + +[ 50.095796] CPU: 7 PID: 3075 Comm: cam Not tainted 6.3.2+ #80 +[ 50.095798] Hardware name: LENOVO 21BXCTO1WW/21BXCTO1WW, BIOS N3HET82W (1.54 ) 05/26/2023 +[ 50.095799] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) +[ 50.095802] pc : refcount_warn_saturate+0xf4/0x148 +[ 50.095804] lr : refcount_warn_saturate+0xf4/0x148 +[ 50.095805] sp : ffff80000c7cb8b0 +[ 50.095806] x29: ffff80000c7cb8b0 x28: ffff16ecc0e3fc10 x27: 0000000000000000 +[ 50.095810] x26: 0000000000000000 x25: 0000000000020802 x24: 0000000000000000 +[ 50.095813] x23: ffff16ecc7360640 x22: 00000000ffffffff x21: 0000000000000005 +[ 50.095815] x20: ffff16ed175f4400 x19: ffffb4d9852942a8 x18: ffffffffffffffff +[ 50.095818] x17: ffffb4d9852d4a48 x16: ffffb4d983da5db8 x15: ffff80000c7cb320 +[ 50.095821] x14: 0000000000000001 x13: 2e656572662d7265 x12: 7466612d65737520 +[ 50.095823] x11: 00000000ffffefff x10: ffffb4d9850cebf0 x9 : ffffb4d9835cf954 +[ 50.095826] x8 : 0000000000017fe8 x7 : c0000000ffffefff x6 : 0000000000057fa8 +[ 50.095829] x5 : ffff16f813fe3d08 x4 : 0000000000000000 x3 : ffff621e8f4d2000 +[ 50.095832] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff16ed32119040 +[ 50.095835] Call trace: +[ 50.095836] refcount_warn_saturate+0xf4/0x148 +[ 50.095838] device_link_put_kref+0x84/0xc8 +[ 50.095843] device_link_del+0x38/0x58 +[ 50.095846] vfe_pm_domain_off+0x3c/0x50 [qcom_camss] +[ 50.095860] vfe_put+0x114/0x140 [qcom_camss] +[ 50.095869] csid_set_power+0x2c8/0x408 [qcom_camss] +[ 50.095878] pipeline_pm_power_one+0x164/0x170 [videodev] +[ 50.095896] pipeline_pm_power+0xc4/0x110 [videodev] +[ 50.095909] v4l2_pipeline_pm_use+0x5c/0xa0 [videodev] +[ 50.095923] v4l2_pipeline_pm_get+0x1c/0x30 [videodev] +[ 50.095937] video_open+0x7c/0x100 [qcom_camss] +[ 50.095945] v4l2_open+0x84/0x130 [videodev] +[ 50.095960] chrdev_open+0xc8/0x250 +[ 50.095964] do_dentry_open+0x1bc/0x498 +[ 50.095966] vfs_open+0x34/0x40 +[ 50.095968] path_openat+0xb44/0xf20 +[ 50.095971] do_filp_open+0xa4/0x160 +[ 50.095974] do_sys_openat2+0xc8/0x188 +[ 50.095975] __arm64_sys_openat+0x6c/0xb8 +[ 50.095977] invoke_syscall+0x50/0x128 +[ 50.095982] el0_svc_common.constprop.0+0x4c/0x100 +[ 50.095985] do_el0_svc+0x40/0xa8 +[ 50.095988] el0_svc+0x2c/0x88 +[ 50.095991] el0t_64_sync_handler+0xf4/0x120 +[ 50.095994] el0t_64_sync+0x190/0x198 +[ 50.095996] ---[ end trace 0000000000000000 ]--- + +Fixes: 779096916dae ("media: camss: vfe: Fix runtime PM imbalance on error") +Cc: stable@vger.kernel.org +Signed-off-by: Bryan O'Donoghue +Reviewed-by: Laurent Pinchart +Signed-off-by: Hans Verkuil +Signed-off-by: Greg Kroah-Hartman +--- + drivers/media/platform/qcom/camss/camss-vfe.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/media/platform/qcom/camss/camss-vfe.c ++++ b/drivers/media/platform/qcom/camss/camss-vfe.c +@@ -1282,7 +1282,7 @@ static int vfe_get(struct vfe_device *vf + } else { + ret = vfe_check_clock_rates(vfe); + if (ret < 0) +- goto error_pm_runtime_get; ++ goto error_pm_domain; + } + vfe->power_count++; + diff --git a/queue-5.10/mm-kmem-drop-__gfp_nofail-when-allocating-objcg-vectors.patch b/queue-5.10/mm-kmem-drop-__gfp_nofail-when-allocating-objcg-vectors.patch new file mode 100644 index 00000000000..0b9b4a48327 --- /dev/null +++ b/queue-5.10/mm-kmem-drop-__gfp_nofail-when-allocating-objcg-vectors.patch @@ -0,0 +1,52 @@ +From 24948e3b7b12e0031a6edb4f49bbb9fb2ad1e4e9 Mon Sep 17 00:00:00 2001 +From: Roman Gushchin +Date: Tue, 7 Nov 2023 09:18:02 -0800 +Subject: mm: kmem: drop __GFP_NOFAIL when allocating objcg vectors + +From: Roman Gushchin + +commit 24948e3b7b12e0031a6edb4f49bbb9fb2ad1e4e9 upstream. + +Objcg vectors attached to slab pages to store slab object ownership +information are allocated using gfp flags for the original slab +allocation. Depending on slab page order and the size of slab objects, +objcg vector can take several pages. + +If the original allocation was done with the __GFP_NOFAIL flag, it +triggered a warning in the page allocation code. Indeed, order > 1 pages +should not been allocated with the __GFP_NOFAIL flag. + +Fix this by simply dropping the __GFP_NOFAIL flag when allocating the +objcg vector. It effectively allows to skip the accounting of a single +slab object under a heavy memory pressure. + +An alternative would be to implement the mechanism to fallback to order-0 +allocations for accounting metadata, which is also not perfect because it +will increase performance penalty and memory footprint of the kernel +memory accounting under memory pressure. + +Link: https://lkml.kernel.org/r/ZUp8ZFGxwmCx4ZFr@P9FQF9L96D.corp.robot.car +Signed-off-by: Roman Gushchin +Reported-by: Christoph Lameter +Closes: https://lkml.kernel.org/r/6b42243e-f197-600a-5d22-56bd728a5ad8@gentwo.org +Acked-by: Shakeel Butt +Cc: Matthew Wilcox +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman +--- + mm/memcontrol.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/mm/memcontrol.c ++++ b/mm/memcontrol.c +@@ -2892,7 +2892,8 @@ static void commit_charge(struct page *p + * Moreover, it should not come from DMA buffer and is not readily + * reclaimable. So those GFP bits should be masked off. + */ +-#define OBJCGS_CLEAR_MASK (__GFP_DMA | __GFP_RECLAIMABLE | __GFP_ACCOUNT) ++#define OBJCGS_CLEAR_MASK (__GFP_DMA | __GFP_RECLAIMABLE | \ ++ __GFP_ACCOUNT | __GFP_NOFAIL) + + int memcg_alloc_page_obj_cgroups(struct page *page, struct kmem_cache *s, + gfp_t gfp) diff --git a/queue-5.10/series b/queue-5.10/series index 1554132ef8d..786ece26ad3 100644 --- a/queue-5.10/series +++ b/queue-5.10/series @@ -182,3 +182,5 @@ media-venus-hfi_parser-add-check-to-keep-the-number-of-codecs-within-range.patch media-venus-hfi-fix-the-check-to-handle-session-buffer-requirement.patch media-venus-hfi-add-checks-to-handle-capabilities-from-firmware.patch nfsd-fix-file-memleak-on-client_opens_release.patch +mm-kmem-drop-__gfp_nofail-when-allocating-objcg-vectors.patch +media-qcom-camss-fix-vfe_get-error-jump.patch