From: Greg Kroah-Hartman Date: Sun, 8 Sep 2024 11:55:12 +0000 (+0200) Subject: 6.10-stable patches X-Git-Tag: v4.19.322~95 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=abffe1a2c21a29872ee63da60c24ce62ffbdf239;p=thirdparty%2Fkernel%2Fstable-queue.git 6.10-stable patches added patches: alloc_tag-fix-allocation-tag-reporting-when-config_modules-n.patch can-mcp251x-fix-deadlock-if-an-interrupt-occurs-during-mcp251x_open.patch clk-qcom-clk-alpha-pll-fix-the-pll-post-div-mask.patch clk-qcom-clk-alpha-pll-fix-the-trion-pll-postdiv-set-rate-api.patch clk-qcom-clk-alpha-pll-fix-zonda-set_rate-failure-when-pll-is-disabled.patch clk-qcom-clk-alpha-pll-update-set_rate-for-zonda-pll.patch clk-starfive-jh7110-sys-add-notifier-for-pll0-clock.patch codetag-debug-mark-codetags-for-poisoned-page-as-empty.patch kexec_file-fix-elfcorehdr-digest-exclusion-when-config_crash_hotplug-y.patch maple_tree-remove-rcu_read_lock-from-mt_validate.patch mm-slub-add-check-for-s-flags-in-the-alloc_tagging_slab_free_hook.patch mm-vmalloc-ensure-vmap_block-is-initialised-before-adding-to-queue.patch mm-vmalloc-optimize-vmap_lazy_nr-arithmetic-when-purging-each-vmap_area.patch pinctrl-qcom-x1e80100-bypass-pdc-wakeup-parent-for-now.patch revert-mm-skip-cma-pages-when-they-are-not-available.patch --- diff --git a/queue-6.10/alloc_tag-fix-allocation-tag-reporting-when-config_modules-n.patch b/queue-6.10/alloc_tag-fix-allocation-tag-reporting-when-config_modules-n.patch new file mode 100644 index 00000000000..7b1fd193520 --- /dev/null +++ b/queue-6.10/alloc_tag-fix-allocation-tag-reporting-when-config_modules-n.patch @@ -0,0 +1,92 @@ +From 052a45c1cb1b32f05dd63a295d65496d8b403283 Mon Sep 17 00:00:00 2001 +From: Suren Baghdasaryan +Date: Wed, 28 Aug 2024 16:15:36 -0700 +Subject: alloc_tag: fix allocation tag reporting when CONFIG_MODULES=n + +From: Suren Baghdasaryan + +commit 052a45c1cb1b32f05dd63a295d65496d8b403283 upstream. + +codetag_module_init() is used to initialize sections containing allocation +tags. This function is used to initialize module sections as well as core +kernel sections, in which case the module parameter is set to NULL. This +function has to be called even when CONFIG_MODULES=n to initialize core +kernel allocation tag sections. When CONFIG_MODULES=n, this function is a +NOP, which is wrong. This leads to /proc/allocinfo reported as empty. +Fix this by making it independent of CONFIG_MODULES. + +Link: https://lkml.kernel.org/r/20240828231536.1770519-1-surenb@google.com +Fixes: 916cc5167cc6 ("lib: code tagging framework") +Signed-off-by: Suren Baghdasaryan +Cc: David Hildenbrand +Cc: Kees Cook +Cc: Kent Overstreet +Cc: Pasha Tatashin +Cc: Sourav Panda +Cc: Vlastimil Babka +Cc: [6.10+] +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman +--- + lib/codetag.c | 17 +++++++++++------ + 1 file changed, 11 insertions(+), 6 deletions(-) + +diff --git a/lib/codetag.c b/lib/codetag.c +index 5ace625f2328..afa8a2d4f317 100644 +--- a/lib/codetag.c ++++ b/lib/codetag.c +@@ -125,7 +125,6 @@ static inline size_t range_size(const struct codetag_type *cttype, + cttype->desc.tag_size; + } + +-#ifdef CONFIG_MODULES + static void *get_symbol(struct module *mod, const char *prefix, const char *name) + { + DECLARE_SEQ_BUF(sb, KSYM_NAME_LEN); +@@ -155,6 +154,15 @@ static struct codetag_range get_section_range(struct module *mod, + }; + } + ++static const char *get_mod_name(__maybe_unused struct module *mod) ++{ ++#ifdef CONFIG_MODULES ++ if (mod) ++ return mod->name; ++#endif ++ return "(built-in)"; ++} ++ + static int codetag_module_init(struct codetag_type *cttype, struct module *mod) + { + struct codetag_range range; +@@ -164,8 +172,7 @@ static int codetag_module_init(struct codetag_type *cttype, struct module *mod) + range = get_section_range(mod, cttype->desc.section); + if (!range.start || !range.stop) { + pr_warn("Failed to load code tags of type %s from the module %s\n", +- cttype->desc.section, +- mod ? mod->name : "(built-in)"); ++ cttype->desc.section, get_mod_name(mod)); + return -EINVAL; + } + +@@ -199,6 +206,7 @@ static int codetag_module_init(struct codetag_type *cttype, struct module *mod) + return 0; + } + ++#ifdef CONFIG_MODULES + void codetag_load_module(struct module *mod) + { + struct codetag_type *cttype; +@@ -248,9 +256,6 @@ bool codetag_unload_module(struct module *mod) + + return unload_ok; + } +- +-#else /* CONFIG_MODULES */ +-static int codetag_module_init(struct codetag_type *cttype, struct module *mod) { return 0; } + #endif /* CONFIG_MODULES */ + + struct codetag_type * +-- +2.46.0 + diff --git a/queue-6.10/can-mcp251x-fix-deadlock-if-an-interrupt-occurs-during-mcp251x_open.patch b/queue-6.10/can-mcp251x-fix-deadlock-if-an-interrupt-occurs-during-mcp251x_open.patch new file mode 100644 index 00000000000..f5ed8f7fd3a --- /dev/null +++ b/queue-6.10/can-mcp251x-fix-deadlock-if-an-interrupt-occurs-during-mcp251x_open.patch @@ -0,0 +1,52 @@ +From 7dd9c26bd6cf679bcfdef01a8659791aa6487a29 Mon Sep 17 00:00:00 2001 +From: Simon Arlott +Date: Thu, 22 Aug 2024 08:25:07 +0100 +Subject: can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open + +From: Simon Arlott + +commit 7dd9c26bd6cf679bcfdef01a8659791aa6487a29 upstream. + +The mcp251x_hw_wake() function is called with the mpc_lock mutex held and +disables the interrupt handler so that no interrupts can be processed while +waking the device. If an interrupt has already occurred then waiting for +the interrupt handler to complete will deadlock because it will be trying +to acquire the same mutex. + +CPU0 CPU1 +---- ---- +mcp251x_open() + mutex_lock(&priv->mcp_lock) + request_threaded_irq() + + mcp251x_can_ist() + mutex_lock(&priv->mcp_lock) + mcp251x_hw_wake() + disable_irq() <-- deadlock + +Use disable_irq_nosync() instead because the interrupt handler does +everything while holding the mutex so it doesn't matter if it's still +running. + +Fixes: 8ce8c0abcba3 ("can: mcp251x: only reset hardware as required") +Signed-off-by: Simon Arlott +Reviewed-by: Przemek Kitszel +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/all/4fc08687-1d80-43fe-9f0d-8ef8475e75f6@0882a8b5-c6c3-11e9-b005-00805fc181fe.uuid.home.arpa +Signed-off-by: Marc Kleine-Budde +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/can/spi/mcp251x.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/net/can/spi/mcp251x.c ++++ b/drivers/net/can/spi/mcp251x.c +@@ -753,7 +753,7 @@ static int mcp251x_hw_wake(struct spi_de + int ret; + + /* Force wakeup interrupt to wake device, but don't execute IST */ +- disable_irq(spi->irq); ++ disable_irq_nosync(spi->irq); + mcp251x_write_2regs(spi, CANINTE, CANINTE_WAKIE, CANINTF_WAKIF); + + /* Wait for oscillator startup timer after wake up */ diff --git a/queue-6.10/clk-qcom-clk-alpha-pll-fix-the-pll-post-div-mask.patch b/queue-6.10/clk-qcom-clk-alpha-pll-fix-the-pll-post-div-mask.patch new file mode 100644 index 00000000000..f685adc30f5 --- /dev/null +++ b/queue-6.10/clk-qcom-clk-alpha-pll-fix-the-pll-post-div-mask.patch @@ -0,0 +1,33 @@ +From 2c4553e6c485a96b5d86989eb9654bf20e51e6dd Mon Sep 17 00:00:00 2001 +From: Satya Priya Kakitapalli +Date: Wed, 31 Jul 2024 11:59:09 +0530 +Subject: clk: qcom: clk-alpha-pll: Fix the pll post div mask + +From: Satya Priya Kakitapalli + +commit 2c4553e6c485a96b5d86989eb9654bf20e51e6dd upstream. + +The PLL_POST_DIV_MASK should be 0 to (width - 1) bits. Fix it. + +Fixes: 1c3541145cbf ("clk: qcom: support for 2 bit PLL post divider") +Cc: stable@vger.kernel.org +Reviewed-by: Konrad Dybcio +Signed-off-by: Satya Priya Kakitapalli +Link: https://lore.kernel.org/r/20240731062916.2680823-2-quic_skakitap@quicinc.com +Signed-off-by: Bjorn Andersson +Signed-off-by: Greg Kroah-Hartman +--- + drivers/clk/qcom/clk-alpha-pll.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/clk/qcom/clk-alpha-pll.c ++++ b/drivers/clk/qcom/clk-alpha-pll.c +@@ -40,7 +40,7 @@ + + #define PLL_USER_CTL(p) ((p)->offset + (p)->regs[PLL_OFF_USER_CTL]) + # define PLL_POST_DIV_SHIFT 8 +-# define PLL_POST_DIV_MASK(p) GENMASK((p)->width, 0) ++# define PLL_POST_DIV_MASK(p) GENMASK((p)->width - 1, 0) + # define PLL_ALPHA_EN BIT(24) + # define PLL_ALPHA_MODE BIT(25) + # define PLL_VCO_SHIFT 20 diff --git a/queue-6.10/clk-qcom-clk-alpha-pll-fix-the-trion-pll-postdiv-set-rate-api.patch b/queue-6.10/clk-qcom-clk-alpha-pll-fix-the-trion-pll-postdiv-set-rate-api.patch new file mode 100644 index 00000000000..e73d40f25b7 --- /dev/null +++ b/queue-6.10/clk-qcom-clk-alpha-pll-fix-the-trion-pll-postdiv-set-rate-api.patch @@ -0,0 +1,37 @@ +From 4ad1ed6ef27cab94888bb3c740c14042d5c0dff2 Mon Sep 17 00:00:00 2001 +From: Satya Priya Kakitapalli +Date: Wed, 31 Jul 2024 11:59:10 +0530 +Subject: clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API + +From: Satya Priya Kakitapalli + +commit 4ad1ed6ef27cab94888bb3c740c14042d5c0dff2 upstream. + +Correct the pll postdiv shift used in clk_trion_pll_postdiv_set_rate +API. The shift value is not same for different types of plls and +should be taken from the pll's .post_div_shift member. + +Fixes: 548a909597d5 ("clk: qcom: clk-alpha-pll: Add support for Trion PLLs") +Cc: stable@vger.kernel.org +Signed-off-by: Satya Priya Kakitapalli +Reviewed-by: Dmitry Baryshkov +Link: https://lore.kernel.org/r/20240731062916.2680823-3-quic_skakitap@quicinc.com +Signed-off-by: Bjorn Andersson +Signed-off-by: Greg Kroah-Hartman +--- + drivers/clk/qcom/clk-alpha-pll.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/clk/qcom/clk-alpha-pll.c ++++ b/drivers/clk/qcom/clk-alpha-pll.c +@@ -1505,8 +1505,8 @@ clk_trion_pll_postdiv_set_rate(struct cl + } + + return regmap_update_bits(regmap, PLL_USER_CTL(pll), +- PLL_POST_DIV_MASK(pll) << PLL_POST_DIV_SHIFT, +- val << PLL_POST_DIV_SHIFT); ++ PLL_POST_DIV_MASK(pll) << pll->post_div_shift, ++ val << pll->post_div_shift); + } + + const struct clk_ops clk_alpha_pll_postdiv_trion_ops = { diff --git a/queue-6.10/clk-qcom-clk-alpha-pll-fix-zonda-set_rate-failure-when-pll-is-disabled.patch b/queue-6.10/clk-qcom-clk-alpha-pll-fix-zonda-set_rate-failure-when-pll-is-disabled.patch new file mode 100644 index 00000000000..ea32318ad7a --- /dev/null +++ b/queue-6.10/clk-qcom-clk-alpha-pll-fix-zonda-set_rate-failure-when-pll-is-disabled.patch @@ -0,0 +1,37 @@ +From 85e8ee59dfde1a7b847fbed0778391392cd985cb Mon Sep 17 00:00:00 2001 +From: Satya Priya Kakitapalli +Date: Wed, 31 Jul 2024 11:59:11 +0530 +Subject: clk: qcom: clk-alpha-pll: Fix zonda set_rate failure when PLL is disabled + +From: Satya Priya Kakitapalli + +commit 85e8ee59dfde1a7b847fbed0778391392cd985cb upstream. + +Currently, clk_zonda_pll_set_rate polls for the PLL to lock even if the +PLL is disabled. However, if the PLL is disabled then LOCK_DET will +never assert and we'll return an error. There is no reason to poll +LOCK_DET if the PLL is already disabled, so skip polling in this case. + +Fixes: f21b6bfecc27 ("clk: qcom: clk-alpha-pll: add support for zonda pll") +Cc: stable@vger.kernel.org +Signed-off-by: Satya Priya Kakitapalli +Reviewed-by: Dmitry Baryshkov +Link: https://lore.kernel.org/r/20240731062916.2680823-4-quic_skakitap@quicinc.com +Signed-off-by: Bjorn Andersson +Signed-off-by: Greg Kroah-Hartman +--- + drivers/clk/qcom/clk-alpha-pll.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/drivers/clk/qcom/clk-alpha-pll.c ++++ b/drivers/clk/qcom/clk-alpha-pll.c +@@ -2089,6 +2089,9 @@ static int clk_zonda_pll_set_rate(struct + regmap_write(pll->clkr.regmap, PLL_ALPHA_VAL(pll), a); + regmap_write(pll->clkr.regmap, PLL_L_VAL(pll), l); + ++ if (!clk_hw_is_enabled(hw)) ++ return 0; ++ + /* Wait before polling for the frequency latch */ + udelay(5); + diff --git a/queue-6.10/clk-qcom-clk-alpha-pll-update-set_rate-for-zonda-pll.patch b/queue-6.10/clk-qcom-clk-alpha-pll-update-set_rate-for-zonda-pll.patch new file mode 100644 index 00000000000..32d84e92da6 --- /dev/null +++ b/queue-6.10/clk-qcom-clk-alpha-pll-update-set_rate-for-zonda-pll.patch @@ -0,0 +1,63 @@ +From f4973130d255dd4811006f5822d4fa4d0de9d712 Mon Sep 17 00:00:00 2001 +From: Satya Priya Kakitapalli +Date: Wed, 31 Jul 2024 11:59:12 +0530 +Subject: clk: qcom: clk-alpha-pll: Update set_rate for Zonda PLL + +From: Satya Priya Kakitapalli + +commit f4973130d255dd4811006f5822d4fa4d0de9d712 upstream. + +The Zonda PLL has a 16 bit signed alpha and in the cases where the alpha +value is greater than 0.5, the L value needs to be adjusted accordingly. +Thus update the logic to handle the signed alpha val. + +Fixes: f21b6bfecc27 ("clk: qcom: clk-alpha-pll: add support for zonda pll") +Cc: stable@vger.kernel.org +Signed-off-by: Satya Priya Kakitapalli +Reviewed-by: Dmitry Baryshkov +Link: https://lore.kernel.org/r/20240731062916.2680823-5-quic_skakitap@quicinc.com +Signed-off-by: Bjorn Andersson +Signed-off-by: Greg Kroah-Hartman +--- + drivers/clk/qcom/clk-alpha-pll.c | 16 ++++++++++++++++ + 1 file changed, 16 insertions(+) + +--- a/drivers/clk/qcom/clk-alpha-pll.c ++++ b/drivers/clk/qcom/clk-alpha-pll.c +@@ -41,6 +41,7 @@ + #define PLL_USER_CTL(p) ((p)->offset + (p)->regs[PLL_OFF_USER_CTL]) + # define PLL_POST_DIV_SHIFT 8 + # define PLL_POST_DIV_MASK(p) GENMASK((p)->width - 1, 0) ++# define PLL_ALPHA_MSB BIT(15) + # define PLL_ALPHA_EN BIT(24) + # define PLL_ALPHA_MODE BIT(25) + # define PLL_VCO_SHIFT 20 +@@ -2070,6 +2071,18 @@ static void clk_zonda_pll_disable(struct + regmap_write(regmap, PLL_OPMODE(pll), 0x0); + } + ++static void zonda_pll_adjust_l_val(unsigned long rate, unsigned long prate, u32 *l) ++{ ++ u64 remainder, quotient; ++ ++ quotient = rate; ++ remainder = do_div(quotient, prate); ++ *l = quotient; ++ ++ if ((remainder * 2) / prate) ++ *l = *l + 1; ++} ++ + static int clk_zonda_pll_set_rate(struct clk_hw *hw, unsigned long rate, + unsigned long prate) + { +@@ -2086,6 +2099,9 @@ static int clk_zonda_pll_set_rate(struct + if (ret < 0) + return ret; + ++ if (a & PLL_ALPHA_MSB) ++ zonda_pll_adjust_l_val(rate, prate, &l); ++ + regmap_write(pll->clkr.regmap, PLL_ALPHA_VAL(pll), a); + regmap_write(pll->clkr.regmap, PLL_L_VAL(pll), l); + diff --git a/queue-6.10/clk-starfive-jh7110-sys-add-notifier-for-pll0-clock.patch b/queue-6.10/clk-starfive-jh7110-sys-add-notifier-for-pll0-clock.patch new file mode 100644 index 00000000000..bc3386a39bd --- /dev/null +++ b/queue-6.10/clk-starfive-jh7110-sys-add-notifier-for-pll0-clock.patch @@ -0,0 +1,86 @@ +From 538d5477b25289ac5d46ca37b9e5b4d685cbe019 Mon Sep 17 00:00:00 2001 +From: Xingyu Wu +Date: Mon, 26 Aug 2024 16:04:29 +0800 +Subject: clk: starfive: jh7110-sys: Add notifier for PLL0 clock + +From: Xingyu Wu + +commit 538d5477b25289ac5d46ca37b9e5b4d685cbe019 upstream. + +Add notifier function for PLL0 clock. In the function, the cpu_root clock +should be operated by saving its current parent and setting a new safe +parent (osc clock) before setting the PLL0 clock rate. After setting PLL0 +rate, it should be switched back to the original parent clock. + +Fixes: e2c510d6d630 ("riscv: dts: starfive: Add cpu scaling for JH7110 SoC") +Cc: stable@vger.kernel.org +Reviewed-by: Emil Renner Berthing +Signed-off-by: Xingyu Wu +Link: https://lore.kernel.org/r/20240826080430.179788-2-xingyu.wu@starfivetech.com +Reviewed-by: Hal Feng +Tested-by: Michael Jeanson +Signed-off-by: Stephen Boyd +Signed-off-by: Greg Kroah-Hartman +--- + drivers/clk/starfive/clk-starfive-jh7110-sys.c | 31 ++++++++++++++++++++++++- + drivers/clk/starfive/clk-starfive-jh71x0.h | 2 + + 2 files changed, 32 insertions(+), 1 deletion(-) + +--- a/drivers/clk/starfive/clk-starfive-jh7110-sys.c ++++ b/drivers/clk/starfive/clk-starfive-jh7110-sys.c +@@ -385,6 +385,32 @@ int jh7110_reset_controller_register(str + } + EXPORT_SYMBOL_GPL(jh7110_reset_controller_register); + ++/* ++ * This clock notifier is called when the rate of PLL0 clock is to be changed. ++ * The cpu_root clock should save the curent parent clock and switch its parent ++ * clock to osc before PLL0 rate will be changed. Then switch its parent clock ++ * back after the PLL0 rate is completed. ++ */ ++static int jh7110_pll0_clk_notifier_cb(struct notifier_block *nb, ++ unsigned long action, void *data) ++{ ++ struct jh71x0_clk_priv *priv = container_of(nb, struct jh71x0_clk_priv, pll_clk_nb); ++ struct clk *cpu_root = priv->reg[JH7110_SYSCLK_CPU_ROOT].hw.clk; ++ int ret = 0; ++ ++ if (action == PRE_RATE_CHANGE) { ++ struct clk *osc = clk_get(priv->dev, "osc"); ++ ++ priv->original_clk = clk_get_parent(cpu_root); ++ ret = clk_set_parent(cpu_root, osc); ++ clk_put(osc); ++ } else if (action == POST_RATE_CHANGE) { ++ ret = clk_set_parent(cpu_root, priv->original_clk); ++ } ++ ++ return notifier_from_errno(ret); ++} ++ + static int __init jh7110_syscrg_probe(struct platform_device *pdev) + { + struct jh71x0_clk_priv *priv; +@@ -413,7 +439,10 @@ static int __init jh7110_syscrg_probe(st + if (IS_ERR(priv->pll[0])) + return PTR_ERR(priv->pll[0]); + } else { +- clk_put(pllclk); ++ priv->pll_clk_nb.notifier_call = jh7110_pll0_clk_notifier_cb; ++ ret = clk_notifier_register(pllclk, &priv->pll_clk_nb); ++ if (ret) ++ return ret; + priv->pll[0] = NULL; + } + +--- a/drivers/clk/starfive/clk-starfive-jh71x0.h ++++ b/drivers/clk/starfive/clk-starfive-jh71x0.h +@@ -114,6 +114,8 @@ struct jh71x0_clk_priv { + spinlock_t rmw_lock; + struct device *dev; + void __iomem *base; ++ struct clk *original_clk; ++ struct notifier_block pll_clk_nb; + struct clk_hw *pll[3]; + struct jh71x0_clk reg[]; + }; diff --git a/queue-6.10/codetag-debug-mark-codetags-for-poisoned-page-as-empty.patch b/queue-6.10/codetag-debug-mark-codetags-for-poisoned-page-as-empty.patch new file mode 100644 index 00000000000..e3661e4821a --- /dev/null +++ b/queue-6.10/codetag-debug-mark-codetags-for-poisoned-page-as-empty.patch @@ -0,0 +1,97 @@ +From 5e9784e997620af7c1399029282f5d6964b41942 Mon Sep 17 00:00:00 2001 +From: Hao Ge +Date: Mon, 26 Aug 2024 00:36:49 +0800 +Subject: codetag: debug: mark codetags for poisoned page as empty + +From: Hao Ge + +commit 5e9784e997620af7c1399029282f5d6964b41942 upstream. + +When PG_hwpoison pages are freed they are treated differently in +free_pages_prepare() and instead of being released they are isolated. + +Page allocation tag counters are decremented at this point since the page +is considered not in use. Later on when such pages are released by +unpoison_memory(), the allocation tag counters will be decremented again +and the following warning gets reported: + +[ 113.930443][ T3282] ------------[ cut here ]------------ +[ 113.931105][ T3282] alloc_tag was not set +[ 113.931576][ T3282] WARNING: CPU: 2 PID: 3282 at ./include/linux/alloc_tag.h:130 pgalloc_tag_sub.part.66+0x154/0x164 +[ 113.932866][ T3282] Modules linked in: hwpoison_inject fuse ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 ipt_REJECT nf_reject_ipv4 xt_conntrack ebtable_nat ebtable_broute ip6table_nat ip6table_man4 +[ 113.941638][ T3282] CPU: 2 UID: 0 PID: 3282 Comm: madvise11 Kdump: loaded Tainted: G W 6.11.0-rc4-dirty #18 +[ 113.943003][ T3282] Tainted: [W]=WARN +[ 113.943453][ T3282] Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022 +[ 113.944378][ T3282] pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) +[ 113.945319][ T3282] pc : pgalloc_tag_sub.part.66+0x154/0x164 +[ 113.946016][ T3282] lr : pgalloc_tag_sub.part.66+0x154/0x164 +[ 113.946706][ T3282] sp : ffff800087093a10 +[ 113.947197][ T3282] x29: ffff800087093a10 x28: ffff0000d7a9d400 x27: ffff80008249f0a0 +[ 113.948165][ T3282] x26: 0000000000000000 x25: ffff80008249f2b0 x24: 0000000000000000 +[ 113.949134][ T3282] x23: 0000000000000001 x22: 0000000000000001 x21: 0000000000000000 +[ 113.950597][ T3282] x20: ffff0000c08fcad8 x19: ffff80008251e000 x18: ffffffffffffffff +[ 113.952207][ T3282] x17: 0000000000000000 x16: 0000000000000000 x15: ffff800081746210 +[ 113.953161][ T3282] x14: 0000000000000000 x13: 205d323832335420 x12: 5b5d353031313339 +[ 113.954120][ T3282] x11: ffff800087093500 x10: 000000000000005d x9 : 00000000ffffffd0 +[ 113.955078][ T3282] x8 : 7f7f7f7f7f7f7f7f x7 : ffff80008236ba90 x6 : c0000000ffff7fff +[ 113.956036][ T3282] x5 : ffff000b34bf4dc8 x4 : ffff8000820aba90 x3 : 0000000000000001 +[ 113.956994][ T3282] x2 : ffff800ab320f000 x1 : 841d1e35ac932e00 x0 : 0000000000000000 +[ 113.957962][ T3282] Call trace: +[ 113.958350][ T3282] pgalloc_tag_sub.part.66+0x154/0x164 +[ 113.959000][ T3282] pgalloc_tag_sub+0x14/0x1c +[ 113.959539][ T3282] free_unref_page+0xf4/0x4b8 +[ 113.960096][ T3282] __folio_put+0xd4/0x120 +[ 113.960614][ T3282] folio_put+0x24/0x50 +[ 113.961103][ T3282] unpoison_memory+0x4f0/0x5b0 +[ 113.961678][ T3282] hwpoison_unpoison+0x30/0x48 [hwpoison_inject] +[ 113.962436][ T3282] simple_attr_write_xsigned.isra.34+0xec/0x1cc +[ 113.963183][ T3282] simple_attr_write+0x38/0x48 +[ 113.963750][ T3282] debugfs_attr_write+0x54/0x80 +[ 113.964330][ T3282] full_proxy_write+0x68/0x98 +[ 113.964880][ T3282] vfs_write+0xdc/0x4d0 +[ 113.965372][ T3282] ksys_write+0x78/0x100 +[ 113.965875][ T3282] __arm64_sys_write+0x24/0x30 +[ 113.966440][ T3282] invoke_syscall+0x7c/0x104 +[ 113.966984][ T3282] el0_svc_common.constprop.1+0x88/0x104 +[ 113.967652][ T3282] do_el0_svc+0x2c/0x38 +[ 113.968893][ T3282] el0_svc+0x3c/0x1b8 +[ 113.969379][ T3282] el0t_64_sync_handler+0x98/0xbc +[ 113.969980][ T3282] el0t_64_sync+0x19c/0x1a0 +[ 113.970511][ T3282] ---[ end trace 0000000000000000 ]--- + +To fix this, clear the page tag reference after the page got isolated +and accounted for. + +Link: https://lkml.kernel.org/r/20240825163649.33294-1-hao.ge@linux.dev +Fixes: d224eb0287fb ("codetag: debug: mark codetags for reserved pages as empty") +Signed-off-by: Hao Ge +Reviewed-by: Miaohe Lin +Acked-by: Suren Baghdasaryan +Cc: David Hildenbrand +Cc: Hao Ge +Cc: Kent Overstreet +Cc: Naoya Horiguchi +Cc: Pasha Tatashin +Cc: [6.10+] +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman +--- + mm/page_alloc.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +--- a/mm/page_alloc.c ++++ b/mm/page_alloc.c +@@ -1053,6 +1053,13 @@ __always_inline bool free_pages_prepare( + reset_page_owner(page, order); + page_table_check_free(page, order); + pgalloc_tag_sub(page, 1 << order); ++ ++ /* ++ * The page is isolated and accounted for. ++ * Mark the codetag as empty to avoid accounting error ++ * when the page is freed by unpoison_memory(). ++ */ ++ clear_page_tag_ref(page); + return false; + } + diff --git a/queue-6.10/kexec_file-fix-elfcorehdr-digest-exclusion-when-config_crash_hotplug-y.patch b/queue-6.10/kexec_file-fix-elfcorehdr-digest-exclusion-when-config_crash_hotplug-y.patch new file mode 100644 index 00000000000..718ba9344fc --- /dev/null +++ b/queue-6.10/kexec_file-fix-elfcorehdr-digest-exclusion-when-config_crash_hotplug-y.patch @@ -0,0 +1,44 @@ +From 6dacd79d28842ff01f18b4900d897741aac5999e Mon Sep 17 00:00:00 2001 +From: Petr Tesarik +Date: Mon, 5 Aug 2024 17:07:50 +0200 +Subject: kexec_file: fix elfcorehdr digest exclusion when CONFIG_CRASH_HOTPLUG=y + +From: Petr Tesarik + +commit 6dacd79d28842ff01f18b4900d897741aac5999e upstream. + +Fix the condition to exclude the elfcorehdr segment from the SHA digest +calculation. + +The j iterator is an index into the output sha_regions[] array, not into +the input image->segment[] array. Once it reaches +image->elfcorehdr_index, all subsequent segments are excluded. Besides, +if the purgatory segment precedes the elfcorehdr segment, the elfcorehdr +may be wrongly included in the calculation. + +Link: https://lkml.kernel.org/r/20240805150750.170739-1-petr.tesarik@suse.com +Fixes: f7cc804a9fd4 ("kexec: exclude elfcorehdr from the segment digest") +Signed-off-by: Petr Tesarik +Acked-by: Baoquan He +Cc: Eric Biederman +Cc: Hari Bathini +Cc: Sourabh Jain +Cc: Eric DeVolder +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman +--- + kernel/kexec_file.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/kernel/kexec_file.c ++++ b/kernel/kexec_file.c +@@ -752,7 +752,7 @@ static int kexec_calculate_store_digests + + #ifdef CONFIG_CRASH_HOTPLUG + /* Exclude elfcorehdr segment to allow future changes via hotplug */ +- if (j == image->elfcorehdr_index) ++ if (i == image->elfcorehdr_index) + continue; + #endif + diff --git a/queue-6.10/maple_tree-remove-rcu_read_lock-from-mt_validate.patch b/queue-6.10/maple_tree-remove-rcu_read_lock-from-mt_validate.patch new file mode 100644 index 00000000000..155e37ec07b --- /dev/null +++ b/queue-6.10/maple_tree-remove-rcu_read_lock-from-mt_validate.patch @@ -0,0 +1,58 @@ +From f806de88d8f7f8191afd0fd9b94db4cd058e7d4f Mon Sep 17 00:00:00 2001 +From: "Liam R. Howlett" +Date: Tue, 20 Aug 2024 13:54:17 -0400 +Subject: maple_tree: remove rcu_read_lock() from mt_validate() + +From: Liam R. Howlett + +commit f806de88d8f7f8191afd0fd9b94db4cd058e7d4f upstream. + +The write lock should be held when validating the tree to avoid updates +racing with checks. Holding the rcu read lock during a large tree +validation may also cause a prolonged rcu read window and "rcu_preempt +detected stalls" warnings. + +Link: https://lore.kernel.org/all/0000000000001d12d4062005aea1@google.com/ +Link: https://lkml.kernel.org/r/20240820175417.2782532-1-Liam.Howlett@oracle.com +Fixes: 54a611b60590 ("Maple Tree: add new data structure") +Signed-off-by: Liam R. Howlett +Reported-by: syzbot+036af2f0c7338a33b0cd@syzkaller.appspotmail.com +Cc: Hillf Danton +Cc: Matthew Wilcox +Cc: "Paul E. McKenney" +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman +--- + lib/maple_tree.c | 7 ++----- + 1 file changed, 2 insertions(+), 5 deletions(-) + +--- a/lib/maple_tree.c ++++ b/lib/maple_tree.c +@@ -7569,14 +7569,14 @@ static void mt_validate_nulls(struct map + * 2. The gap is correctly set in the parents + */ + void mt_validate(struct maple_tree *mt) ++ __must_hold(mas->tree->ma_lock) + { + unsigned char end; + + MA_STATE(mas, mt, 0, 0); +- rcu_read_lock(); + mas_start(&mas); + if (!mas_is_active(&mas)) +- goto done; ++ return; + + while (!mte_is_leaf(mas.node)) + mas_descend(&mas); +@@ -7597,9 +7597,6 @@ void mt_validate(struct maple_tree *mt) + mas_dfs_postorder(&mas, ULONG_MAX); + } + mt_validate_nulls(mt); +-done: +- rcu_read_unlock(); +- + } + EXPORT_SYMBOL_GPL(mt_validate); + diff --git a/queue-6.10/mm-slub-add-check-for-s-flags-in-the-alloc_tagging_slab_free_hook.patch b/queue-6.10/mm-slub-add-check-for-s-flags-in-the-alloc_tagging_slab_free_hook.patch new file mode 100644 index 00000000000..220a2b442c9 --- /dev/null +++ b/queue-6.10/mm-slub-add-check-for-s-flags-in-the-alloc_tagging_slab_free_hook.patch @@ -0,0 +1,100 @@ +From ab7ca09520e9c41c219a4427fe0dae24024bfe7f Mon Sep 17 00:00:00 2001 +From: Hao Ge +Date: Fri, 16 Aug 2024 09:33:36 +0800 +Subject: mm/slub: add check for s->flags in the alloc_tagging_slab_free_hook + +From: Hao Ge + +commit ab7ca09520e9c41c219a4427fe0dae24024bfe7f upstream. + +When enable CONFIG_MEMCG & CONFIG_KFENCE & CONFIG_KMEMLEAK, the following +warning always occurs,This is because the following call stack occurred: +mem_pool_alloc + kmem_cache_alloc_noprof + slab_alloc_node + kfence_alloc + +Once the kfence allocation is successful,slab->obj_exts will not be empty, +because it has already been assigned a value in kfence_init_pool. + +Since in the prepare_slab_obj_exts_hook function,we perform a check for +s->flags & (SLAB_NO_OBJ_EXT | SLAB_NOLEAKTRACE),the alloc_tag_add function +will not be called as a result.Therefore,ref->ct remains NULL. + +However,when we call mem_pool_free,since obj_ext is not empty, it +eventually leads to the alloc_tag_sub scenario being invoked. This is +where the warning occurs. + +So we should add corresponding checks in the alloc_tagging_slab_free_hook. +For __GFP_NO_OBJ_EXT case,I didn't see the specific case where it's using +kfence,so I won't add the corresponding check in +alloc_tagging_slab_free_hook for now. + +[ 3.734349] ------------[ cut here ]------------ +[ 3.734807] alloc_tag was not set +[ 3.735129] WARNING: CPU: 4 PID: 40 at ./include/linux/alloc_tag.h:130 kmem_cache_free+0x444/0x574 +[ 3.735866] Modules linked in: autofs4 +[ 3.736211] CPU: 4 UID: 0 PID: 40 Comm: ksoftirqd/4 Tainted: G W 6.11.0-rc3-dirty #1 +[ 3.736969] Tainted: [W]=WARN +[ 3.737258] Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022 +[ 3.737875] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) +[ 3.738501] pc : kmem_cache_free+0x444/0x574 +[ 3.738951] lr : kmem_cache_free+0x444/0x574 +[ 3.739361] sp : ffff80008357bb60 +[ 3.739693] x29: ffff80008357bb70 x28: 0000000000000000 x27: 0000000000000000 +[ 3.740338] x26: ffff80008207f000 x25: ffff000b2eb2fd60 x24: ffff0000c0005700 +[ 3.740982] x23: ffff8000804229e4 x22: ffff800082080000 x21: ffff800081756000 +[ 3.741630] x20: fffffd7ff8253360 x19: 00000000000000a8 x18: ffffffffffffffff +[ 3.742274] x17: ffff800ab327f000 x16: ffff800083398000 x15: ffff800081756df0 +[ 3.742919] x14: 0000000000000000 x13: 205d344320202020 x12: 5b5d373038343337 +[ 3.743560] x11: ffff80008357b650 x10: 000000000000005d x9 : 00000000ffffffd0 +[ 3.744231] x8 : 7f7f7f7f7f7f7f7f x7 : ffff80008237bad0 x6 : c0000000ffff7fff +[ 3.744907] x5 : ffff80008237ba78 x4 : ffff8000820bbad0 x3 : 0000000000000001 +[ 3.745580] x2 : 68d66547c09f7800 x1 : 68d66547c09f7800 x0 : 0000000000000000 +[ 3.746255] Call trace: +[ 3.746530] kmem_cache_free+0x444/0x574 +[ 3.746931] mem_pool_free+0x44/0xf4 +[ 3.747306] free_object_rcu+0xc8/0xdc +[ 3.747693] rcu_do_batch+0x234/0x8a4 +[ 3.748075] rcu_core+0x230/0x3e4 +[ 3.748424] rcu_core_si+0x14/0x1c +[ 3.748780] handle_softirqs+0x134/0x378 +[ 3.749189] run_ksoftirqd+0x70/0x9c +[ 3.749560] smpboot_thread_fn+0x148/0x22c +[ 3.749978] kthread+0x10c/0x118 +[ 3.750323] ret_from_fork+0x10/0x20 +[ 3.750696] ---[ end trace 0000000000000000 ]--- + +Link: https://lkml.kernel.org/r/20240816013336.17505-1-hao.ge@linux.dev +Fixes: 4b8736964640 ("mm/slab: add allocation accounting into slab allocation and free paths") +Signed-off-by: Hao Ge +Cc: Christoph Lameter +Cc: David Rientjes +Cc: Hyeonggon Yoo <42.hyeyoo@gmail.com> +Cc: Joonsoo Kim +Cc: Kees Cook +Cc: Kent Overstreet +Cc: Pekka Enberg +Cc: Roman Gushchin +Cc: Suren Baghdasaryan +Cc: Vlastimil Babka +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman +--- + mm/slub.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/mm/slub.c ++++ b/mm/slub.c +@@ -2044,6 +2044,10 @@ alloc_tagging_slab_free_hook(struct kmem + if (!mem_alloc_profiling_enabled()) + return; + ++ /* slab->obj_exts might not be NULL if it was created for MEMCG accounting. */ ++ if (s->flags & (SLAB_NO_OBJ_EXT | SLAB_NOLEAKTRACE)) ++ return; ++ + obj_exts = slab_obj_exts(slab); + if (!obj_exts) + return; diff --git a/queue-6.10/mm-vmalloc-ensure-vmap_block-is-initialised-before-adding-to-queue.patch b/queue-6.10/mm-vmalloc-ensure-vmap_block-is-initialised-before-adding-to-queue.patch new file mode 100644 index 00000000000..96fffea3483 --- /dev/null +++ b/queue-6.10/mm-vmalloc-ensure-vmap_block-is-initialised-before-adding-to-queue.patch @@ -0,0 +1,72 @@ +From 3e3de7947c751509027d26b679ecd243bc9db255 Mon Sep 17 00:00:00 2001 +From: Will Deacon +Date: Mon, 12 Aug 2024 18:16:06 +0100 +Subject: mm: vmalloc: ensure vmap_block is initialised before adding to queue + +From: Will Deacon + +commit 3e3de7947c751509027d26b679ecd243bc9db255 upstream. + +Commit 8c61291fd850 ("mm: fix incorrect vbq reference in +purge_fragmented_block") extended the 'vmap_block' structure to contain a +'cpu' field which is set at allocation time to the id of the initialising +CPU. + +When a new 'vmap_block' is being instantiated by new_vmap_block(), the +partially initialised structure is added to the local 'vmap_block_queue' +xarray before the 'cpu' field has been initialised. If another CPU is +concurrently walking the xarray (e.g. via vm_unmap_aliases()), then it +may perform an out-of-bounds access to the remote queue thanks to an +uninitialised index. + +This has been observed as UBSAN errors in Android: + + | Internal error: UBSAN: array index out of bounds: 00000000f2005512 [#1] PREEMPT SMP + | + | Call trace: + | purge_fragmented_block+0x204/0x21c + | _vm_unmap_aliases+0x170/0x378 + | vm_unmap_aliases+0x1c/0x28 + | change_memory_common+0x1dc/0x26c + | set_memory_ro+0x18/0x24 + | module_enable_ro+0x98/0x238 + | do_init_module+0x1b0/0x310 + +Move the initialisation of 'vb->cpu' in new_vmap_block() ahead of the +addition to the xarray. + +Link: https://lkml.kernel.org/r/20240812171606.17486-1-will@kernel.org +Fixes: 8c61291fd850 ("mm: fix incorrect vbq reference in purge_fragmented_block") +Signed-off-by: Will Deacon +Reviewed-by: Baoquan He +Reviewed-by: Uladzislau Rezki (Sony) +Cc: Zhaoyang Huang +Cc: Hailong.Liu +Cc: Christoph Hellwig +Cc: Lorenzo Stoakes +Cc: Thomas Gleixner +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman +--- + mm/vmalloc.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/mm/vmalloc.c ++++ b/mm/vmalloc.c +@@ -2628,6 +2628,7 @@ static void *new_vmap_block(unsigned int + vb->dirty_max = 0; + bitmap_set(vb->used_map, 0, (1UL << order)); + INIT_LIST_HEAD(&vb->free_list); ++ vb->cpu = raw_smp_processor_id(); + + xa = addr_to_vb_xa(va->va_start); + vb_idx = addr_to_vb_idx(va->va_start); +@@ -2644,7 +2645,6 @@ static void *new_vmap_block(unsigned int + * integrity together with list_for_each_rcu from read + * side. + */ +- vb->cpu = raw_smp_processor_id(); + vbq = per_cpu_ptr(&vmap_block_queue, vb->cpu); + spin_lock(&vbq->lock); + list_add_tail_rcu(&vb->free_list, &vbq->free); diff --git a/queue-6.10/mm-vmalloc-optimize-vmap_lazy_nr-arithmetic-when-purging-each-vmap_area.patch b/queue-6.10/mm-vmalloc-optimize-vmap_lazy_nr-arithmetic-when-purging-each-vmap_area.patch new file mode 100644 index 00000000000..a61cda83e83 --- /dev/null +++ b/queue-6.10/mm-vmalloc-optimize-vmap_lazy_nr-arithmetic-when-purging-each-vmap_area.patch @@ -0,0 +1,153 @@ +From 409faf8c97d5abb0597ea43e99c8b3dd8dbe99e3 Mon Sep 17 00:00:00 2001 +From: Adrian Huang +Date: Thu, 29 Aug 2024 21:06:33 +0800 +Subject: mm: vmalloc: optimize vmap_lazy_nr arithmetic when purging each vmap_area + +From: Adrian Huang + +commit 409faf8c97d5abb0597ea43e99c8b3dd8dbe99e3 upstream. + +When running the vmalloc stress on a 448-core system, observe the average +latency of purge_vmap_node() is about 2 seconds by using the eBPF/bcc +'funclatency.py' tool [1]. + + # /your-git-repo/bcc/tools/funclatency.py -u purge_vmap_node & pid1=$! && sleep 8 && modprobe test_vmalloc nr_threads=$(nproc) run_test_mask=0x7; kill -SIGINT $pid1 + + usecs : count distribution + 0 -> 1 : 0 | | + 2 -> 3 : 29 | | + 4 -> 7 : 19 | | + 8 -> 15 : 56 | | + 16 -> 31 : 483 |**** | + 32 -> 63 : 1548 |************ | + 64 -> 127 : 2634 |********************* | + 128 -> 255 : 2535 |********************* | + 256 -> 511 : 1776 |************** | + 512 -> 1023 : 1015 |******** | + 1024 -> 2047 : 573 |**** | + 2048 -> 4095 : 488 |**** | + 4096 -> 8191 : 1091 |********* | + 8192 -> 16383 : 3078 |************************* | + 16384 -> 32767 : 4821 |****************************************| + 32768 -> 65535 : 3318 |*************************** | + 65536 -> 131071 : 1718 |************** | + 131072 -> 262143 : 2220 |****************** | + 262144 -> 524287 : 1147 |********* | + 524288 -> 1048575 : 1179 |********* | + 1048576 -> 2097151 : 822 |****** | + 2097152 -> 4194303 : 906 |******* | + 4194304 -> 8388607 : 2148 |***************** | + 8388608 -> 16777215 : 4497 |************************************* | + 16777216 -> 33554431 : 289 |** | + + avg = 2041714 usecs, total: 78381401772 usecs, count: 38390 + + The worst case is over 16-33 seconds, so soft lockup is triggered [2]. + +[Root Cause] +1) Each purge_list has the long list. The following shows the number of + vmap_area is purged. + + crash> p vmap_nodes + vmap_nodes = $27 = (struct vmap_node *) 0xff2de5a900100000 + crash> vmap_node 0xff2de5a900100000 128 | grep nr_purged + nr_purged = 663070 + ... + nr_purged = 821670 + nr_purged = 692214 + nr_purged = 726808 + ... + +2) atomic_long_sub() employs the 'lock' prefix to ensure the atomic + operation when purging each vmap_area. However, the iteration is over + 600000 vmap_area (See 'nr_purged' above). + + Here is objdump output: + + $ objdump -D vmlinux + ffffffff813e8c80 : + ... + ffffffff813e8d70: f0 48 29 2d 68 0c bb lock sub %rbp,0x2bb0c68(%rip) + ... + + Quote from "Instruction tables" pdf file [3]: + Instructions with a LOCK prefix have a long latency that depends on + cache organization and possibly RAM speed. If there are multiple + processors or cores or direct memory access (DMA) devices, then all + locked instructions will lock a cache line for exclusive access, + which may involve RAM access. A LOCK prefix typically costs more + than a hundred clock cycles, even on single-processor systems. + + That's why the latency of purge_vmap_node() dramatically increases + on a many-core system: One core is busy on purging each vmap_area of + the *long* purge_list and executing atomic_long_sub() for each + vmap_area, while other cores free vmalloc allocations and execute + atomic_long_add_return() in free_vmap_area_noflush(). + +[Solution] +Employ a local variable to record the total purged pages, and execute +atomic_long_sub() after the traversal of the purge_list is done. The +experiment result shows the latency improvement is 99%. + +[Experiment Result] +1) System Configuration: Three servers (with HT-enabled) are tested. + * 72-core server: 3rd Gen Intel Xeon Scalable Processor*1 + * 192-core server: 5th Gen Intel Xeon Scalable Processor*2 + * 448-core server: AMD Zen 4 Processor*2 + +2) Kernel Config + * CONFIG_KASAN is disabled + +3) The data in column "w/o patch" and "w/ patch" + * Unit: micro seconds (us) + * Each data is the average of 3-time measurements + + System w/o patch (us) w/ patch (us) Improvement (%) + --------------- -------------- ------------- ------------- + 72-core server 2194 14 99.36% + 192-core server 143799 1139 99.21% + 448-core server 1992122 6883 99.65% + +[1] https://github.com/iovisor/bcc/blob/master/tools/funclatency.py +[2] https://gist.github.com/AdrianHuang/37c15f67b45407b83c2d32f918656c12 +[3] https://www.agner.org/optimize/instruction_tables.pdf + +Link: https://lkml.kernel.org/r/20240829130633.2184-1-ahuang12@lenovo.com +Signed-off-by: Adrian Huang +Reviewed-by: Uladzislau Rezki (Sony) +Cc: Christoph Hellwig +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman +--- + mm/vmalloc.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +--- a/mm/vmalloc.c ++++ b/mm/vmalloc.c +@@ -2190,6 +2190,7 @@ static void purge_vmap_node(struct work_ + { + struct vmap_node *vn = container_of(work, + struct vmap_node, purge_work); ++ unsigned long nr_purged_pages = 0; + struct vmap_area *va, *n_va; + LIST_HEAD(local_list); + +@@ -2207,7 +2208,7 @@ static void purge_vmap_node(struct work_ + kasan_release_vmalloc(orig_start, orig_end, + va->va_start, va->va_end); + +- atomic_long_sub(nr, &vmap_lazy_nr); ++ nr_purged_pages += nr; + vn->nr_purged++; + + if (is_vn_id_valid(vn_id) && !vn->skip_populate) +@@ -2218,6 +2219,8 @@ static void purge_vmap_node(struct work_ + list_add(&va->list, &local_list); + } + ++ atomic_long_sub(nr_purged_pages, &vmap_lazy_nr); ++ + reclaim_list_global(&local_list); + } + diff --git a/queue-6.10/pinctrl-qcom-x1e80100-bypass-pdc-wakeup-parent-for-now.patch b/queue-6.10/pinctrl-qcom-x1e80100-bypass-pdc-wakeup-parent-for-now.patch new file mode 100644 index 00000000000..e522c0c544a --- /dev/null +++ b/queue-6.10/pinctrl-qcom-x1e80100-bypass-pdc-wakeup-parent-for-now.patch @@ -0,0 +1,58 @@ +From 602cb14e310a7a32c4f27d1f16c4614c790c7f6f Mon Sep 17 00:00:00 2001 +From: Stephan Gerhold +Date: Fri, 30 Aug 2024 11:09:07 +0200 +Subject: pinctrl: qcom: x1e80100: Bypass PDC wakeup parent for now + +From: Stephan Gerhold + +commit 602cb14e310a7a32c4f27d1f16c4614c790c7f6f upstream. + +On X1E80100, GPIO interrupts for wakeup-capable pins have been broken since +the introduction of the pinctrl driver. This prevents keyboard and touchpad +from working on most of the X1E laptops. So far we have worked around this +by manually building a kernel with the "wakeup-parent" removed from the +pinctrl node in the device tree, but we cannot expect all users to do that. + +Implement a similar workaround in the driver by clearing the wakeirq_map +for X1E80100. This avoids using the PDC wakeup parent for all GPIOs +and handles the interrupts directly in the pinctrl driver instead. + +The PDC driver needs additional changes to support X1E80100 properly. +Adding a workaround separately first allows to land the necessary PDC +changes through the normal release cycle, while still solving the more +critical problem with keyboard and touchpad on the current stable kernel +versions. Bypassing the PDC is enough for now, because we have not yet +enabled the deep idle states where using the PDC becomes necessary. + +Cc: stable@vger.kernel.org +Fixes: 05e4941d97ef ("pinctrl: qcom: Add X1E80100 pinctrl driver") +Signed-off-by: Stephan Gerhold +Reviewed-by: Johan Hovold +Tested-by: Johan Hovold +Reviewed-by: Konrad Dybcio +Reviewed-by: Abel Vesa +Link: https://lore.kernel.org/20240830-x1e80100-bypass-pdc-v1-1-d4c00be0c3e3@linaro.org +Signed-off-by: Linus Walleij +Signed-off-by: Greg Kroah-Hartman +--- + drivers/pinctrl/qcom/pinctrl-x1e80100.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/drivers/pinctrl/qcom/pinctrl-x1e80100.c b/drivers/pinctrl/qcom/pinctrl-x1e80100.c +index 65ed933f05ce..abfcdd3da9e8 100644 +--- a/drivers/pinctrl/qcom/pinctrl-x1e80100.c ++++ b/drivers/pinctrl/qcom/pinctrl-x1e80100.c +@@ -1839,7 +1839,9 @@ static const struct msm_pinctrl_soc_data x1e80100_pinctrl = { + .ngroups = ARRAY_SIZE(x1e80100_groups), + .ngpios = 239, + .wakeirq_map = x1e80100_pdc_map, +- .nwakeirq_map = ARRAY_SIZE(x1e80100_pdc_map), ++ /* TODO: Enabling PDC currently breaks GPIO interrupts */ ++ .nwakeirq_map = 0, ++ /* .nwakeirq_map = ARRAY_SIZE(x1e80100_pdc_map), */ + .egpio_func = 9, + }; + +-- +2.46.0 + diff --git a/queue-6.10/revert-mm-skip-cma-pages-when-they-are-not-available.patch b/queue-6.10/revert-mm-skip-cma-pages-when-they-are-not-available.patch new file mode 100644 index 00000000000..eae7ed7fec0 --- /dev/null +++ b/queue-6.10/revert-mm-skip-cma-pages-when-they-are-not-available.patch @@ -0,0 +1,97 @@ +From bfe0857c20c663fcc1592fa4e3a61ca12b07dac9 Mon Sep 17 00:00:00 2001 +From: Usama Arif +Date: Wed, 21 Aug 2024 20:26:07 +0100 +Subject: Revert "mm: skip CMA pages when they are not available" + +From: Usama Arif + +commit bfe0857c20c663fcc1592fa4e3a61ca12b07dac9 upstream. + +This reverts commit 5da226dbfce3 ("mm: skip CMA pages when they are not +available") and b7108d66318a ("Multi-gen LRU: skip CMA pages when they are +not eligible"). + +lruvec->lru_lock is highly contended and is held when calling +isolate_lru_folios. If the lru has a large number of CMA folios +consecutively, while the allocation type requested is not MIGRATE_MOVABLE, +isolate_lru_folios can hold the lock for a very long time while it skips +those. For FIO workload, ~150million order=0 folios were skipped to +isolate a few ZONE_DMA folios [1]. This can cause lockups [1] and high +memory pressure for extended periods of time [2]. + +Remove skipping CMA for MGLRU as well, as it was introduced in sort_folio +for the same resaon as 5da226dbfce3a2f44978c2c7cf88166e69a6788b. + +[1] https://lore.kernel.org/all/CAOUHufbkhMZYz20aM_3rHZ3OcK4m2puji2FGpUpn_-DevGk3Kg@mail.gmail.com/ +[2] https://lore.kernel.org/all/ZrssOrcJIDy8hacI@gmail.com/ + +[usamaarif642@gmail.com: also revert b7108d66318a, per Johannes] + Link: https://lkml.kernel.org/r/9060a32d-b2d7-48c0-8626-1db535653c54@gmail.com + Link: https://lkml.kernel.org/r/357ac325-4c61-497a-92a3-bdbd230d5ec9@gmail.com +Link: https://lkml.kernel.org/r/9060a32d-b2d7-48c0-8626-1db535653c54@gmail.com +Fixes: 5da226dbfce3 ("mm: skip CMA pages when they are not available") +Signed-off-by: Usama Arif +Acked-by: Johannes Weiner +Cc: Bharata B Rao +Cc: Breno Leitao +Cc: David Hildenbrand +Cc: Matthew Wilcox +Cc: Rik van Riel +Cc: Vlastimil Babka +Cc: Yu Zhao +Cc: Zhaoyang Huang +Cc: Zhaoyang Huang +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman +--- + mm/vmscan.c | 24 ++---------------------- + 1 file changed, 2 insertions(+), 22 deletions(-) + +--- a/mm/vmscan.c ++++ b/mm/vmscan.c +@@ -1587,25 +1587,6 @@ static __always_inline void update_lru_s + + } + +-#ifdef CONFIG_CMA +-/* +- * It is waste of effort to scan and reclaim CMA pages if it is not available +- * for current allocation context. Kswapd can not be enrolled as it can not +- * distinguish this scenario by using sc->gfp_mask = GFP_KERNEL +- */ +-static bool skip_cma(struct folio *folio, struct scan_control *sc) +-{ +- return !current_is_kswapd() && +- gfp_migratetype(sc->gfp_mask) != MIGRATE_MOVABLE && +- folio_migratetype(folio) == MIGRATE_CMA; +-} +-#else +-static bool skip_cma(struct folio *folio, struct scan_control *sc) +-{ +- return false; +-} +-#endif +- + /* + * Isolating page from the lruvec to fill in @dst list by nr_to_scan times. + * +@@ -1652,8 +1633,7 @@ static unsigned long isolate_lru_folios( + nr_pages = folio_nr_pages(folio); + total_scan += nr_pages; + +- if (folio_zonenum(folio) > sc->reclaim_idx || +- skip_cma(folio, sc)) { ++ if (folio_zonenum(folio) > sc->reclaim_idx) { + nr_skipped[folio_zonenum(folio)] += nr_pages; + move_to = &folios_skipped; + goto move; +@@ -4314,7 +4294,7 @@ static bool sort_folio(struct lruvec *lr + } + + /* ineligible */ +- if (zone > sc->reclaim_idx || skip_cma(folio, sc)) { ++ if (zone > sc->reclaim_idx) { + gen = folio_inc_gen(lruvec, folio, false); + list_move_tail(&folio->lru, &lrugen->folios[gen][type][zone]); + return true; diff --git a/queue-6.10/series b/queue-6.10/series index c3f5f667dee..61110ae4e07 100644 --- a/queue-6.10/series +++ b/queue-6.10/series @@ -43,3 +43,18 @@ fuse-clear-pg_uptodate-when-using-a-stolen-page.patch asoc-intel-boards-fix-null-pointer-deref-in-byt-cht-boards-harder.patch riscv-misaligned-restrict-user-access-to-kernel-memory.patch parisc-delay-write-protection-until-mark_rodata_ro-call.patch +clk-starfive-jh7110-sys-add-notifier-for-pll0-clock.patch +clk-qcom-clk-alpha-pll-fix-the-pll-post-div-mask.patch +clk-qcom-clk-alpha-pll-fix-the-trion-pll-postdiv-set-rate-api.patch +clk-qcom-clk-alpha-pll-fix-zonda-set_rate-failure-when-pll-is-disabled.patch +clk-qcom-clk-alpha-pll-update-set_rate-for-zonda-pll.patch +pinctrl-qcom-x1e80100-bypass-pdc-wakeup-parent-for-now.patch +can-mcp251x-fix-deadlock-if-an-interrupt-occurs-during-mcp251x_open.patch +mm-vmalloc-optimize-vmap_lazy_nr-arithmetic-when-purging-each-vmap_area.patch +alloc_tag-fix-allocation-tag-reporting-when-config_modules-n.patch +codetag-debug-mark-codetags-for-poisoned-page-as-empty.patch +maple_tree-remove-rcu_read_lock-from-mt_validate.patch +kexec_file-fix-elfcorehdr-digest-exclusion-when-config_crash_hotplug-y.patch +mm-vmalloc-ensure-vmap_block-is-initialised-before-adding-to-queue.patch +mm-slub-add-check-for-s-flags-in-the-alloc_tagging_slab_free_hook.patch +revert-mm-skip-cma-pages-when-they-are-not-available.patch