From: Sasha Levin Date: Fri, 28 Jul 2023 14:38:02 +0000 (-0400) Subject: Fixes for 5.10 X-Git-Tag: v5.15.124~91 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=b9a3f6481bfe4a5c93c3df57ceabe9beab063219;p=thirdparty%2Fkernel%2Fstable-queue.git Fixes for 5.10 Signed-off-by: Sasha Levin --- diff --git a/queue-5.10/btrfs-fix-extent-buffer-leak-after-tree-mod-log-fail.patch b/queue-5.10/btrfs-fix-extent-buffer-leak-after-tree-mod-log-fail.patch new file mode 100644 index 00000000000..c648ca30f37 --- /dev/null +++ b/queue-5.10/btrfs-fix-extent-buffer-leak-after-tree-mod-log-fail.patch @@ -0,0 +1,42 @@ +From 11f125b4d86283a5c6319875744fbf98153495b6 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 8 Jun 2023 11:27:38 +0100 +Subject: btrfs: fix extent buffer leak after tree mod log failure at + split_node() + +From: Filipe Manana + +[ Upstream commit ede600e497b1461d06d22a7d17703d9096868bc3 ] + +At split_node(), if we fail to log the tree mod log copy operation, we +return without unlocking the split extent buffer we just allocated and +without decrementing the reference we own on it. Fix this by unlocking +it and decrementing the ref count before returning. + +Fixes: 5de865eebb83 ("Btrfs: fix tree mod logging") +CC: stable@vger.kernel.org # 5.4+ +Reviewed-by: Qu Wenruo +Signed-off-by: Filipe Manana +Reviewed-by: David Sterba +Signed-off-by: David Sterba +Signed-off-by: Sasha Levin +--- + fs/btrfs/ctree.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c +index 41a7ace9998e4..814f2f07e74c4 100644 +--- a/fs/btrfs/ctree.c ++++ b/fs/btrfs/ctree.c +@@ -3589,6 +3589,8 @@ static noinline int split_node(struct btrfs_trans_handle *trans, + + ret = tree_mod_log_eb_copy(split, c, 0, mid, c_nritems - mid); + if (ret) { ++ btrfs_tree_unlock(split); ++ free_extent_buffer(split); + btrfs_abort_transaction(trans, ret); + return ret; + } +-- +2.39.2 + diff --git a/queue-5.10/btrfs-fix-race-between-quota-disable-and-relocation.patch b/queue-5.10/btrfs-fix-race-between-quota-disable-and-relocation.patch new file mode 100644 index 00000000000..be26edb788f --- /dev/null +++ b/queue-5.10/btrfs-fix-race-between-quota-disable-and-relocation.patch @@ -0,0 +1,97 @@ +From bc55527b0b1168ecfd31579f9f9a2b1705ea1ab8 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 19 Jun 2023 17:21:50 +0100 +Subject: btrfs: fix race between quota disable and relocation + +From: Filipe Manana + +[ Upstream commit 8a4a0b2a3eaf75ca8854f856ef29690c12b2f531 ] + +If we disable quotas while we have a relocation of a metadata block group +that has extents belonging to the quota root, we can cause the relocation +to fail with -ENOENT. This is because relocation builds backref nodes for +extents of the quota root and later needs to walk the backrefs and access +the quota root - however if in between a task disables quotas, it results +in deleting the quota root from the root tree (with btrfs_del_root(), +called from btrfs_quota_disable(). + +This can be sporadically triggered by test case btrfs/255 from fstests: + + $ ./check btrfs/255 + FSTYP -- btrfs + PLATFORM -- Linux/x86_64 debian0 6.4.0-rc6-btrfs-next-134+ #1 SMP PREEMPT_DYNAMIC Thu Jun 15 11:59:28 WEST 2023 + MKFS_OPTIONS -- /dev/sdc + MOUNT_OPTIONS -- /dev/sdc /home/fdmanana/btrfs-tests/scratch_1 + + btrfs/255 6s ... _check_dmesg: something found in dmesg (see /home/fdmanana/git/hub/xfstests/results//btrfs/255.dmesg) + - output mismatch (see /home/fdmanana/git/hub/xfstests/results//btrfs/255.out.bad) + --- tests/btrfs/255.out 2023-03-02 21:47:53.876609426 +0000 + +++ /home/fdmanana/git/hub/xfstests/results//btrfs/255.out.bad 2023-06-16 10:20:39.267563212 +0100 + @@ -1,2 +1,4 @@ + QA output created by 255 + +ERROR: error during balancing '/home/fdmanana/btrfs-tests/scratch_1': No such file or directory + +There may be more info in syslog - try dmesg | tail + Silence is golden + ... + (Run 'diff -u /home/fdmanana/git/hub/xfstests/tests/btrfs/255.out /home/fdmanana/git/hub/xfstests/results//btrfs/255.out.bad' to see the entire diff) + Ran: btrfs/255 + Failures: btrfs/255 + Failed 1 of 1 tests + +To fix this make the quota disable operation take the cleaner mutex, as +relocation of a block group also takes this mutex. This is also what we +do when deleting a subvolume/snapshot, we take the cleaner mutex in the +cleaner kthread (at cleaner_kthread()) and then we call btrfs_del_root() +at btrfs_drop_snapshot() while under the protection of the cleaner mutex. + +Fixes: bed92eae26cc ("Btrfs: qgroup implementation and prototypes") +CC: stable@vger.kernel.org # 5.4+ +Signed-off-by: Filipe Manana +Signed-off-by: David Sterba +Signed-off-by: Sasha Levin +--- + fs/btrfs/qgroup.c | 18 +++++++++++++++--- + 1 file changed, 15 insertions(+), 3 deletions(-) + +diff --git a/fs/btrfs/qgroup.c b/fs/btrfs/qgroup.c +index 828a7ff4aebe7..a67323c2d41f7 100644 +--- a/fs/btrfs/qgroup.c ++++ b/fs/btrfs/qgroup.c +@@ -1202,12 +1202,23 @@ int btrfs_quota_disable(struct btrfs_fs_info *fs_info) + int ret = 0; + + /* +- * We need to have subvol_sem write locked, to prevent races between +- * concurrent tasks trying to disable quotas, because we will unlock +- * and relock qgroup_ioctl_lock across BTRFS_FS_QUOTA_ENABLED changes. ++ * We need to have subvol_sem write locked to prevent races with ++ * snapshot creation. + */ + lockdep_assert_held_write(&fs_info->subvol_sem); + ++ /* ++ * Lock the cleaner mutex to prevent races with concurrent relocation, ++ * because relocation may be building backrefs for blocks of the quota ++ * root while we are deleting the root. This is like dropping fs roots ++ * of deleted snapshots/subvolumes, we need the same protection. ++ * ++ * This also prevents races between concurrent tasks trying to disable ++ * quotas, because we will unlock and relock qgroup_ioctl_lock across ++ * BTRFS_FS_QUOTA_ENABLED changes. ++ */ ++ mutex_lock(&fs_info->cleaner_mutex); ++ + mutex_lock(&fs_info->qgroup_ioctl_lock); + if (!fs_info->quota_root) + goto out; +@@ -1287,6 +1298,7 @@ int btrfs_quota_disable(struct btrfs_fs_info *fs_info) + btrfs_end_transaction(trans); + else if (trans) + ret = btrfs_end_transaction(trans); ++ mutex_unlock(&fs_info->cleaner_mutex); + + return ret; + } +-- +2.39.2 + diff --git a/queue-5.10/dlm-cleanup-plock_op-vs-plock_xop.patch b/queue-5.10/dlm-cleanup-plock_op-vs-plock_xop.patch new file mode 100644 index 00000000000..42d318524a0 --- /dev/null +++ b/queue-5.10/dlm-cleanup-plock_op-vs-plock_xop.patch @@ -0,0 +1,233 @@ +From cc13f595ca0d4ad067e185172740da023fc96a08 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 4 Apr 2022 16:06:32 -0400 +Subject: dlm: cleanup plock_op vs plock_xop + +From: Alexander Aring + +[ Upstream commit bcbb4ba6c9ba81e6975b642a2cade68044cd8a66 ] + +Lately the different casting between plock_op and plock_xop and list +holders which was involved showed some issues which were hard to see. +This patch removes the "plock_xop" structure and introduces a +"struct plock_async_data". This structure will be set in "struct plock_op" +in case of asynchronous lock handling as the original "plock_xop" was +made for. There is no need anymore to cast pointers around for +additional fields in case of asynchronous lock handling. As disadvantage +another allocation was introduces but only needed in the asynchronous +case which is currently only used in combination with nfs lockd. + +Signed-off-by: Alexander Aring +Signed-off-by: David Teigland +Stable-dep-of: 59e45c758ca1 ("fs: dlm: interrupt posix locks only when process is killed") +Signed-off-by: Sasha Levin +--- + fs/dlm/plock.c | 77 ++++++++++++++++++++++++++++++-------------------- + 1 file changed, 46 insertions(+), 31 deletions(-) + +diff --git a/fs/dlm/plock.c b/fs/dlm/plock.c +index edce0b25cd90e..e70e23eca03ec 100644 +--- a/fs/dlm/plock.c ++++ b/fs/dlm/plock.c +@@ -19,20 +19,20 @@ static struct list_head recv_list; + static wait_queue_head_t send_wq; + static wait_queue_head_t recv_wq; + +-struct plock_op { +- struct list_head list; +- int done; +- struct dlm_plock_info info; +- int (*callback)(struct file_lock *fl, int result); +-}; +- +-struct plock_xop { +- struct plock_op xop; ++struct plock_async_data { + void *fl; + void *file; + struct file_lock flc; ++ int (*callback)(struct file_lock *fl, int result); + }; + ++struct plock_op { ++ struct list_head list; ++ int done; ++ struct dlm_plock_info info; ++ /* if set indicates async handling */ ++ struct plock_async_data *data; ++}; + + static inline void set_version(struct dlm_plock_info *info) + { +@@ -58,6 +58,12 @@ static int check_version(struct dlm_plock_info *info) + return 0; + } + ++static void dlm_release_plock_op(struct plock_op *op) ++{ ++ kfree(op->data); ++ kfree(op); ++} ++ + static void send_op(struct plock_op *op) + { + set_version(&op->info); +@@ -101,22 +107,21 @@ static void do_unlock_close(struct dlm_ls *ls, u64 number, + int dlm_posix_lock(dlm_lockspace_t *lockspace, u64 number, struct file *file, + int cmd, struct file_lock *fl) + { ++ struct plock_async_data *op_data; + struct dlm_ls *ls; + struct plock_op *op; +- struct plock_xop *xop; + int rv; + + ls = dlm_find_lockspace_local(lockspace); + if (!ls) + return -EINVAL; + +- xop = kzalloc(sizeof(*xop), GFP_NOFS); +- if (!xop) { ++ op = kzalloc(sizeof(*op), GFP_NOFS); ++ if (!op) { + rv = -ENOMEM; + goto out; + } + +- op = &xop->xop; + op->info.optype = DLM_PLOCK_OP_LOCK; + op->info.pid = fl->fl_pid; + op->info.ex = (fl->fl_type == F_WRLCK); +@@ -125,22 +130,32 @@ int dlm_posix_lock(dlm_lockspace_t *lockspace, u64 number, struct file *file, + op->info.number = number; + op->info.start = fl->fl_start; + op->info.end = fl->fl_end; ++ /* async handling */ + if (fl->fl_lmops && fl->fl_lmops->lm_grant) { ++ op_data = kzalloc(sizeof(*op_data), GFP_NOFS); ++ if (!op_data) { ++ dlm_release_plock_op(op); ++ rv = -ENOMEM; ++ goto out; ++ } ++ + /* fl_owner is lockd which doesn't distinguish + processes on the nfs client */ + op->info.owner = (__u64) fl->fl_pid; +- op->callback = fl->fl_lmops->lm_grant; +- locks_init_lock(&xop->flc); +- locks_copy_lock(&xop->flc, fl); +- xop->fl = fl; +- xop->file = file; ++ op_data->callback = fl->fl_lmops->lm_grant; ++ locks_init_lock(&op_data->flc); ++ locks_copy_lock(&op_data->flc, fl); ++ op_data->fl = fl; ++ op_data->file = file; ++ ++ op->data = op_data; + } else { + op->info.owner = (__u64)(long) fl->fl_owner; + } + + send_op(op); + +- if (!op->callback) { ++ if (!op->data) { + rv = wait_event_interruptible(recv_wq, (op->done != 0)); + if (rv == -ERESTARTSYS) { + log_debug(ls, "dlm_posix_lock: wait killed %llx", +@@ -148,7 +163,7 @@ int dlm_posix_lock(dlm_lockspace_t *lockspace, u64 number, struct file *file, + spin_lock(&ops_lock); + list_del(&op->list); + spin_unlock(&ops_lock); +- kfree(xop); ++ dlm_release_plock_op(op); + do_unlock_close(ls, number, file, fl); + goto out; + } +@@ -173,7 +188,7 @@ int dlm_posix_lock(dlm_lockspace_t *lockspace, u64 number, struct file *file, + (unsigned long long)number); + } + +- kfree(xop); ++ dlm_release_plock_op(op); + out: + dlm_put_lockspace(ls); + return rv; +@@ -183,11 +198,11 @@ EXPORT_SYMBOL_GPL(dlm_posix_lock); + /* Returns failure iff a successful lock operation should be canceled */ + static int dlm_plock_callback(struct plock_op *op) + { ++ struct plock_async_data *op_data = op->data; + struct file *file; + struct file_lock *fl; + struct file_lock *flc; + int (*notify)(struct file_lock *fl, int result) = NULL; +- struct plock_xop *xop = (struct plock_xop *)op; + int rv = 0; + + spin_lock(&ops_lock); +@@ -199,10 +214,10 @@ static int dlm_plock_callback(struct plock_op *op) + spin_unlock(&ops_lock); + + /* check if the following 2 are still valid or make a copy */ +- file = xop->file; +- flc = &xop->flc; +- fl = xop->fl; +- notify = op->callback; ++ file = op_data->file; ++ flc = &op_data->flc; ++ fl = op_data->fl; ++ notify = op_data->callback; + + if (op->info.rv) { + notify(fl, op->info.rv); +@@ -233,7 +248,7 @@ static int dlm_plock_callback(struct plock_op *op) + } + + out: +- kfree(xop); ++ dlm_release_plock_op(op); + return rv; + } + +@@ -303,7 +318,7 @@ int dlm_posix_unlock(dlm_lockspace_t *lockspace, u64 number, struct file *file, + rv = 0; + + out_free: +- kfree(op); ++ dlm_release_plock_op(op); + out: + dlm_put_lockspace(ls); + fl->fl_flags = fl_flags; +@@ -371,7 +386,7 @@ int dlm_posix_get(dlm_lockspace_t *lockspace, u64 number, struct file *file, + rv = 0; + } + +- kfree(op); ++ dlm_release_plock_op(op); + out: + dlm_put_lockspace(ls); + return rv; +@@ -407,7 +422,7 @@ static ssize_t dev_read(struct file *file, char __user *u, size_t count, + (the process did not make an unlock call). */ + + if (op->info.flags & DLM_PLOCK_FL_CLOSE) +- kfree(op); ++ dlm_release_plock_op(op); + + if (copy_to_user(u, &info, sizeof(info))) + return -EFAULT; +@@ -439,7 +454,7 @@ static ssize_t dev_write(struct file *file, const char __user *u, size_t count, + op->info.owner == info.owner) { + list_del_init(&op->list); + memcpy(&op->info, &info, sizeof(info)); +- if (op->callback) ++ if (op->data) + do_callback = 1; + else + op->done = 1; +-- +2.39.2 + diff --git a/queue-5.10/dlm-rearrange-async-condition-return.patch b/queue-5.10/dlm-rearrange-async-condition-return.patch new file mode 100644 index 00000000000..5027ef2c6c9 --- /dev/null +++ b/queue-5.10/dlm-rearrange-async-condition-return.patch @@ -0,0 +1,67 @@ +From f90e735179bb941dd67bb33d592155cc4991bedd Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 4 Apr 2022 16:06:33 -0400 +Subject: dlm: rearrange async condition return + +From: Alexander Aring + +[ Upstream commit a800ba77fd285c6391a82819867ac64e9ab3af46 ] + +This patch moves the return of FILE_LOCK_DEFERRED a little bit earlier +than checking afterwards again if the request was an asynchronous request. + +Signed-off-by: Alexander Aring +Signed-off-by: David Teigland +Stable-dep-of: 59e45c758ca1 ("fs: dlm: interrupt posix locks only when process is killed") +Signed-off-by: Sasha Levin +--- + fs/dlm/plock.c | 27 +++++++++++++-------------- + 1 file changed, 13 insertions(+), 14 deletions(-) + +diff --git a/fs/dlm/plock.c b/fs/dlm/plock.c +index e70e23eca03ec..01fb7d8c0bca5 100644 +--- a/fs/dlm/plock.c ++++ b/fs/dlm/plock.c +@@ -149,26 +149,25 @@ int dlm_posix_lock(dlm_lockspace_t *lockspace, u64 number, struct file *file, + op_data->file = file; + + op->data = op_data; ++ ++ send_op(op); ++ rv = FILE_LOCK_DEFERRED; ++ goto out; + } else { + op->info.owner = (__u64)(long) fl->fl_owner; + } + + send_op(op); + +- if (!op->data) { +- rv = wait_event_interruptible(recv_wq, (op->done != 0)); +- if (rv == -ERESTARTSYS) { +- log_debug(ls, "dlm_posix_lock: wait killed %llx", +- (unsigned long long)number); +- spin_lock(&ops_lock); +- list_del(&op->list); +- spin_unlock(&ops_lock); +- dlm_release_plock_op(op); +- do_unlock_close(ls, number, file, fl); +- goto out; +- } +- } else { +- rv = FILE_LOCK_DEFERRED; ++ rv = wait_event_interruptible(recv_wq, (op->done != 0)); ++ if (rv == -ERESTARTSYS) { ++ log_debug(ls, "%s: wait killed %llx", __func__, ++ (unsigned long long)number); ++ spin_lock(&ops_lock); ++ list_del(&op->list); ++ spin_unlock(&ops_lock); ++ dlm_release_plock_op(op); ++ do_unlock_close(ls, number, file, fl); + goto out; + } + +-- +2.39.2 + diff --git a/queue-5.10/drm-ttm-add-ttm_bo_pin-ttm_bo_unpin-v2.patch b/queue-5.10/drm-ttm-add-ttm_bo_pin-ttm_bo_unpin-v2.patch new file mode 100644 index 00000000000..d949c5b4f50 --- /dev/null +++ b/queue-5.10/drm-ttm-add-ttm_bo_pin-ttm_bo_unpin-v2.patch @@ -0,0 +1,138 @@ +From ce04a98537b093ba8b1759c732d9b359f783ee7f Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 21 Sep 2020 13:05:54 +0200 +Subject: drm/ttm: add ttm_bo_pin()/ttm_bo_unpin() v2 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Christian König + +[ Upstream commit deb0814b43f370a448a498409d949e38c9d8f02e ] + +As an alternative to the placement flag add a +pin count to the ttm buffer object. + +v2: add dma_resv_assert_help() calls + +Signed-off-by: Christian König +Reviewed-by: Dave Airlie +Reviewed-by: Huang Rui +Link: https://patchwork.freedesktop.org/patch/391596/?series=81973&rev=1 +Stable-dep-of: a2848d08742c ("drm/ttm: never consider pinned BOs for eviction&swap") +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/ttm/ttm_bo.c | 9 ++++++--- + drivers/gpu/drm/ttm/ttm_bo_util.c | 2 +- + include/drm/ttm/ttm_bo_api.h | 26 ++++++++++++++++++++++++++ + 3 files changed, 33 insertions(+), 4 deletions(-) + +diff --git a/drivers/gpu/drm/ttm/ttm_bo.c b/drivers/gpu/drm/ttm/ttm_bo.c +index f673292eec9db..9a05caec3c996 100644 +--- a/drivers/gpu/drm/ttm/ttm_bo.c ++++ b/drivers/gpu/drm/ttm/ttm_bo.c +@@ -115,7 +115,7 @@ static void ttm_bo_add_mem_to_lru(struct ttm_buffer_object *bo, + struct ttm_bo_device *bdev = bo->bdev; + struct ttm_resource_manager *man; + +- if (!list_empty(&bo->lru)) ++ if (!list_empty(&bo->lru) || bo->pin_count) + return; + + if (mem->placement & TTM_PL_FLAG_NO_EVICT) +@@ -165,7 +165,8 @@ void ttm_bo_move_to_lru_tail(struct ttm_buffer_object *bo, + ttm_bo_del_from_lru(bo); + ttm_bo_add_mem_to_lru(bo, &bo->mem); + +- if (bulk && !(bo->mem.placement & TTM_PL_FLAG_NO_EVICT)) { ++ if (bulk && !(bo->mem.placement & TTM_PL_FLAG_NO_EVICT) && ++ !bo->pin_count) { + switch (bo->mem.mem_type) { + case TTM_PL_TT: + ttm_bo_bulk_move_set_pos(&bulk->tt[bo->priority], bo); +@@ -544,8 +545,9 @@ static void ttm_bo_release(struct kref *kref) + * shrinkers, now that they are queued for + * destruction. + */ +- if (bo->mem.placement & TTM_PL_FLAG_NO_EVICT) { ++ if (bo->mem.placement & TTM_PL_FLAG_NO_EVICT || bo->pin_count) { + bo->mem.placement &= ~TTM_PL_FLAG_NO_EVICT; ++ bo->pin_count = 0; + ttm_bo_del_from_lru(bo); + ttm_bo_add_mem_to_lru(bo, &bo->mem); + } +@@ -1174,6 +1176,7 @@ int ttm_bo_init_reserved(struct ttm_bo_device *bdev, + bo->moving = NULL; + bo->mem.placement = TTM_PL_FLAG_CACHED; + bo->acc_size = acc_size; ++ bo->pin_count = 0; + bo->sg = sg; + if (resv) { + bo->base.resv = resv; +diff --git a/drivers/gpu/drm/ttm/ttm_bo_util.c b/drivers/gpu/drm/ttm/ttm_bo_util.c +index fb2a25f8408fc..1968df9743fcb 100644 +--- a/drivers/gpu/drm/ttm/ttm_bo_util.c ++++ b/drivers/gpu/drm/ttm/ttm_bo_util.c +@@ -352,7 +352,6 @@ static int ttm_buffer_object_transfer(struct ttm_buffer_object *bo, + return -ENOMEM; + + fbo->base = *bo; +- fbo->base.mem.placement |= TTM_PL_FLAG_NO_EVICT; + + ttm_bo_get(bo); + fbo->bo = bo; +@@ -372,6 +371,7 @@ static int ttm_buffer_object_transfer(struct ttm_buffer_object *bo, + kref_init(&fbo->base.kref); + fbo->base.destroy = &ttm_transfered_destroy; + fbo->base.acc_size = 0; ++ fbo->base.pin_count = 1; + if (bo->type != ttm_bo_type_sg) + fbo->base.base.resv = &fbo->base.base._resv; + +diff --git a/include/drm/ttm/ttm_bo_api.h b/include/drm/ttm/ttm_bo_api.h +index 0f7cd21d6d748..33aca60870e26 100644 +--- a/include/drm/ttm/ttm_bo_api.h ++++ b/include/drm/ttm/ttm_bo_api.h +@@ -157,6 +157,7 @@ struct ttm_buffer_object { + + struct dma_fence *moving; + unsigned priority; ++ unsigned pin_count; + + /** + * Special members that are protected by the reserve lock +@@ -606,6 +607,31 @@ static inline bool ttm_bo_uses_embedded_gem_object(struct ttm_buffer_object *bo) + return bo->base.dev != NULL; + } + ++/** ++ * ttm_bo_pin - Pin the buffer object. ++ * @bo: The buffer object to pin ++ * ++ * Make sure the buffer is not evicted any more during memory pressure. ++ */ ++static inline void ttm_bo_pin(struct ttm_buffer_object *bo) ++{ ++ dma_resv_assert_held(bo->base.resv); ++ ++bo->pin_count; ++} ++ ++/** ++ * ttm_bo_unpin - Unpin the buffer object. ++ * @bo: The buffer object to unpin ++ * ++ * Allows the buffer object to be evicted again during memory pressure. ++ */ ++static inline void ttm_bo_unpin(struct ttm_buffer_object *bo) ++{ ++ dma_resv_assert_held(bo->base.resv); ++ WARN_ON_ONCE(!bo->pin_count); ++ --bo->pin_count; ++} ++ + int ttm_mem_evict_first(struct ttm_bo_device *bdev, + struct ttm_resource_manager *man, + const struct ttm_place *place, +-- +2.39.2 + diff --git a/queue-5.10/drm-ttm-never-consider-pinned-bos-for-eviction-swap.patch b/queue-5.10/drm-ttm-never-consider-pinned-bos-for-eviction-swap.patch new file mode 100644 index 00000000000..f9ce5114320 --- /dev/null +++ b/queue-5.10/drm-ttm-never-consider-pinned-bos-for-eviction-swap.patch @@ -0,0 +1,46 @@ +From fc9dfb80346ffa87977e4e7f8928cdfc4cd14c8e Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 7 Jul 2023 11:25:00 +0200 +Subject: drm/ttm: never consider pinned BOs for eviction&swap +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Christian König + +[ Upstream commit a2848d08742c8e8494675892c02c0d22acbe3cf8 ] + +There is a small window where we have already incremented the pin count +but not yet moved the bo from the lru to the pinned list. + +Signed-off-by: Christian König +Reported-by: Pelloux-Prayer, Pierre-Eric +Tested-by: Pelloux-Prayer, Pierre-Eric +Acked-by: Alex Deucher +Cc: stable@vger.kernel.org +Link: https://patchwork.freedesktop.org/patch/msgid/20230707120826.3701-1-christian.koenig@amd.com +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/ttm/ttm_bo.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/drivers/gpu/drm/ttm/ttm_bo.c b/drivers/gpu/drm/ttm/ttm_bo.c +index 9a05caec3c996..dca4dfdd332d3 100644 +--- a/drivers/gpu/drm/ttm/ttm_bo.c ++++ b/drivers/gpu/drm/ttm/ttm_bo.c +@@ -672,6 +672,12 @@ static bool ttm_bo_evict_swapout_allowable(struct ttm_buffer_object *bo, + { + bool ret = false; + ++ if (bo->pin_count) { ++ *locked = false; ++ *busy = false; ++ return false; ++ } ++ + if (bo->base.resv == ctx->resv) { + dma_resv_assert_held(bo->base.resv); + if (ctx->flags & TTM_OPT_FLAG_ALLOW_RES_EVICT) +-- +2.39.2 + diff --git a/queue-5.10/fs-dlm-interrupt-posix-locks-only-when-process-is-ki.patch b/queue-5.10/fs-dlm-interrupt-posix-locks-only-when-process-is-ki.patch new file mode 100644 index 00000000000..7f966d7cd5e --- /dev/null +++ b/queue-5.10/fs-dlm-interrupt-posix-locks-only-when-process-is-ki.patch @@ -0,0 +1,44 @@ +From 04d371fb8f38e2e8114b0c19b3b73e9afeeb0152 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 19 May 2023 11:21:26 -0400 +Subject: fs: dlm: interrupt posix locks only when process is killed + +From: Alexander Aring + +[ Upstream commit 59e45c758ca1b9893ac923dd63536da946ac333b ] + +If a posix lock request is waiting for a result from user space +(dlm_controld), do not let it be interrupted unless the process +is killed. This reverts commit a6b1533e9a57 ("dlm: make posix locks +interruptible"). The problem with the interruptible change is +that all locks were cleared on any signal interrupt. If a signal +was received that did not terminate the process, the process +could continue running after all its dlm posix locks had been +cleared. A future patch will add cancelation to allow proper +interruption. + +Cc: stable@vger.kernel.org +Fixes: a6b1533e9a57 ("dlm: make posix locks interruptible") +Signed-off-by: Alexander Aring +Signed-off-by: David Teigland +Signed-off-by: Sasha Levin +--- + fs/dlm/plock.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/fs/dlm/plock.c b/fs/dlm/plock.c +index 01fb7d8c0bca5..f3482e936cc25 100644 +--- a/fs/dlm/plock.c ++++ b/fs/dlm/plock.c +@@ -159,7 +159,7 @@ int dlm_posix_lock(dlm_lockspace_t *lockspace, u64 number, struct file *file, + + send_op(op); + +- rv = wait_event_interruptible(recv_wq, (op->done != 0)); ++ rv = wait_event_killable(recv_wq, (op->done != 0)); + if (rv == -ERESTARTSYS) { + log_debug(ls, "%s: wait killed %llx", __func__, + (unsigned long long)number); +-- +2.39.2 + diff --git a/queue-5.10/gpio-tps68470-make-tps68470_gpio_output-always-set-t.patch b/queue-5.10/gpio-tps68470-make-tps68470_gpio_output-always-set-t.patch new file mode 100644 index 00000000000..8fa99d2472b --- /dev/null +++ b/queue-5.10/gpio-tps68470-make-tps68470_gpio_output-always-set-t.patch @@ -0,0 +1,50 @@ +From 015d2d0285ece17ed059fe4b08105bab0d72cbde Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 10 Jul 2023 14:34:25 +0200 +Subject: gpio: tps68470: Make tps68470_gpio_output() always set the initial + value + +From: Hans de Goede + +[ Upstream commit 5a7adc6c1069ce31ef4f606ae9c05592c80a6ab5 ] + +Make tps68470_gpio_output() call tps68470_gpio_set() for output-only pins +too, so that the initial value passed to gpiod_direction_output() is +honored for these pins too. + +Fixes: 275b13a65547 ("gpio: Add support for TPS68470 GPIOs") +Reviewed-by: Andy Shevchenko +Reviewed-by: Daniel Scally +Tested-by: Daniel Scally +Reviewed-by: Sakari Ailus +Signed-off-by: Hans de Goede +Signed-off-by: Bartosz Golaszewski +Signed-off-by: Sasha Levin +--- + drivers/gpio/gpio-tps68470.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/drivers/gpio/gpio-tps68470.c b/drivers/gpio/gpio-tps68470.c +index f7f5f770e0fbb..e19eb7c982a13 100644 +--- a/drivers/gpio/gpio-tps68470.c ++++ b/drivers/gpio/gpio-tps68470.c +@@ -91,13 +91,13 @@ static int tps68470_gpio_output(struct gpio_chip *gc, unsigned int offset, + struct tps68470_gpio_data *tps68470_gpio = gpiochip_get_data(gc); + struct regmap *regmap = tps68470_gpio->tps68470_regmap; + ++ /* Set the initial value */ ++ tps68470_gpio_set(gc, offset, value); ++ + /* rest are always outputs */ + if (offset >= TPS68470_N_REGULAR_GPIO) + return 0; + +- /* Set the initial value */ +- tps68470_gpio_set(gc, offset, value); +- + return regmap_update_bits(regmap, TPS68470_GPIO_CTL_REG_A(offset), + TPS68470_GPIO_MODE_MASK, + TPS68470_GPIO_MODE_OUT_CMOS); +-- +2.39.2 + diff --git a/queue-5.10/i2c-delete-error-messages-for-failed-memory-allocati.patch b/queue-5.10/i2c-delete-error-messages-for-failed-memory-allocati.patch new file mode 100644 index 00000000000..98badb6eee1 --- /dev/null +++ b/queue-5.10/i2c-delete-error-messages-for-failed-memory-allocati.patch @@ -0,0 +1,81 @@ +From 38e4e78ebcabc2cf3c30fbe1f654c56fd8f034b4 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 2 Feb 2018 17:24:57 +0100 +Subject: i2c: Delete error messages for failed memory allocations + +From: Markus Elfring + +[ Upstream commit 6b3b21a8542fd2fb6ffc61bc13b9419f0c58ebad ] + +These issues were detected by using the Coccinelle software. + +Signed-off-by: Markus Elfring +Signed-off-by: Wolfram Sang +Stable-dep-of: 05f933d5f731 ("i2c: nomadik: Remove a useless call in the remove function") +Signed-off-by: Sasha Levin +--- + drivers/i2c/busses/i2c-ibm_iic.c | 4 +--- + drivers/i2c/busses/i2c-nomadik.c | 1 - + drivers/i2c/busses/i2c-sh7760.c | 1 - + drivers/i2c/busses/i2c-tiny-usb.c | 4 +--- + 4 files changed, 2 insertions(+), 8 deletions(-) + +diff --git a/drivers/i2c/busses/i2c-ibm_iic.c b/drivers/i2c/busses/i2c-ibm_iic.c +index 9f71daf6db64b..c073f5b8833a2 100644 +--- a/drivers/i2c/busses/i2c-ibm_iic.c ++++ b/drivers/i2c/busses/i2c-ibm_iic.c +@@ -694,10 +694,8 @@ static int iic_probe(struct platform_device *ofdev) + int ret; + + dev = kzalloc(sizeof(*dev), GFP_KERNEL); +- if (!dev) { +- dev_err(&ofdev->dev, "failed to allocate device data\n"); ++ if (!dev) + return -ENOMEM; +- } + + platform_set_drvdata(ofdev, dev); + +diff --git a/drivers/i2c/busses/i2c-nomadik.c b/drivers/i2c/busses/i2c-nomadik.c +index a3363b20f168a..b456e4ae8830c 100644 +--- a/drivers/i2c/busses/i2c-nomadik.c ++++ b/drivers/i2c/busses/i2c-nomadik.c +@@ -972,7 +972,6 @@ static int nmk_i2c_probe(struct amba_device *adev, const struct amba_id *id) + + dev = devm_kzalloc(&adev->dev, sizeof(struct nmk_i2c_dev), GFP_KERNEL); + if (!dev) { +- dev_err(&adev->dev, "cannot allocate memory\n"); + ret = -ENOMEM; + goto err_no_mem; + } +diff --git a/drivers/i2c/busses/i2c-sh7760.c b/drivers/i2c/busses/i2c-sh7760.c +index 319d1fa617c88..a0ccc5d009874 100644 +--- a/drivers/i2c/busses/i2c-sh7760.c ++++ b/drivers/i2c/busses/i2c-sh7760.c +@@ -445,7 +445,6 @@ static int sh7760_i2c_probe(struct platform_device *pdev) + + id = kzalloc(sizeof(struct cami2c), GFP_KERNEL); + if (!id) { +- dev_err(&pdev->dev, "no mem for private data\n"); + ret = -ENOMEM; + goto out0; + } +diff --git a/drivers/i2c/busses/i2c-tiny-usb.c b/drivers/i2c/busses/i2c-tiny-usb.c +index 7279ca0eaa2d0..d1fa9ff5aeab4 100644 +--- a/drivers/i2c/busses/i2c-tiny-usb.c ++++ b/drivers/i2c/busses/i2c-tiny-usb.c +@@ -226,10 +226,8 @@ static int i2c_tiny_usb_probe(struct usb_interface *interface, + + /* allocate memory for our device state and initialize it */ + dev = kzalloc(sizeof(*dev), GFP_KERNEL); +- if (dev == NULL) { +- dev_err(&interface->dev, "Out of memory\n"); ++ if (!dev) + goto error; +- } + + dev->usb_dev = usb_get_dev(interface_to_usbdev(interface)); + dev->interface = interface; +-- +2.39.2 + diff --git a/queue-5.10/i2c-improve-size-determinations.patch b/queue-5.10/i2c-improve-size-determinations.patch new file mode 100644 index 00000000000..9e2cfcb2f79 --- /dev/null +++ b/queue-5.10/i2c-improve-size-determinations.patch @@ -0,0 +1,54 @@ +From b1203773d354ba5f4a67bc2a7e44763f9403efca Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 2 Feb 2018 14:50:09 +0100 +Subject: i2c: Improve size determinations + +From: Markus Elfring + +[ Upstream commit 06e989578232da33a7fe96b04191b862af8b2cec ] + +Replace the specification of a data structure by a pointer dereference +as the parameter for the operator "sizeof" to make the corresponding +size determination a bit safer according to the Linux coding style +convention. + +This issue was detected by using the Coccinelle software. + +Signed-off-by: Markus Elfring +Signed-off-by: Wolfram Sang +Stable-dep-of: 05f933d5f731 ("i2c: nomadik: Remove a useless call in the remove function") +Signed-off-by: Sasha Levin +--- + drivers/i2c/busses/i2c-nomadik.c | 2 +- + drivers/i2c/busses/i2c-sh7760.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/i2c/busses/i2c-nomadik.c b/drivers/i2c/busses/i2c-nomadik.c +index b456e4ae8830c..4eb087575d962 100644 +--- a/drivers/i2c/busses/i2c-nomadik.c ++++ b/drivers/i2c/busses/i2c-nomadik.c +@@ -970,7 +970,7 @@ static int nmk_i2c_probe(struct amba_device *adev, const struct amba_id *id) + struct i2c_vendor_data *vendor = id->data; + u32 max_fifo_threshold = (vendor->fifodepth / 2) - 1; + +- dev = devm_kzalloc(&adev->dev, sizeof(struct nmk_i2c_dev), GFP_KERNEL); ++ dev = devm_kzalloc(&adev->dev, sizeof(*dev), GFP_KERNEL); + if (!dev) { + ret = -ENOMEM; + goto err_no_mem; +diff --git a/drivers/i2c/busses/i2c-sh7760.c b/drivers/i2c/busses/i2c-sh7760.c +index a0ccc5d009874..051b904cb35f6 100644 +--- a/drivers/i2c/busses/i2c-sh7760.c ++++ b/drivers/i2c/busses/i2c-sh7760.c +@@ -443,7 +443,7 @@ static int sh7760_i2c_probe(struct platform_device *pdev) + goto out0; + } + +- id = kzalloc(sizeof(struct cami2c), GFP_KERNEL); ++ id = kzalloc(sizeof(*id), GFP_KERNEL); + if (!id) { + ret = -ENOMEM; + goto out0; +-- +2.39.2 + diff --git a/queue-5.10/i2c-nomadik-remove-a-useless-call-in-the-remove-func.patch b/queue-5.10/i2c-nomadik-remove-a-useless-call-in-the-remove-func.patch new file mode 100644 index 00000000000..5c2ea57cb2a --- /dev/null +++ b/queue-5.10/i2c-nomadik-remove-a-useless-call-in-the-remove-func.patch @@ -0,0 +1,49 @@ +From 806fc88e88c88f9826a2f3935fe16ffa143354fa Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 4 Jul 2023 21:50:28 +0200 +Subject: i2c: nomadik: Remove a useless call in the remove function + +From: Christophe JAILLET + +[ Upstream commit 05f933d5f7318b03ff2028c1704dc867ac16f2c7 ] + +Since commit 235602146ec9 ("i2c-nomadik: turn the platform driver to an amba +driver"), there is no more request_mem_region() call in this driver. + +So remove the release_mem_region() call from the remove function which is +likely a left over. + +Fixes: 235602146ec9 ("i2c-nomadik: turn the platform driver to an amba driver") +Cc: # v3.6+ +Acked-by: Linus Walleij +Reviewed-by: Andi Shyti +Signed-off-by: Christophe JAILLET +Signed-off-by: Wolfram Sang +Signed-off-by: Sasha Levin +--- + drivers/i2c/busses/i2c-nomadik.c | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/drivers/i2c/busses/i2c-nomadik.c b/drivers/i2c/busses/i2c-nomadik.c +index 344d1daa4ea06..a06c4b76894a9 100644 +--- a/drivers/i2c/busses/i2c-nomadik.c ++++ b/drivers/i2c/busses/i2c-nomadik.c +@@ -1040,7 +1040,6 @@ static int nmk_i2c_probe(struct amba_device *adev, const struct amba_id *id) + + static void nmk_i2c_remove(struct amba_device *adev) + { +- struct resource *res = &adev->res; + struct nmk_i2c_dev *dev = amba_get_drvdata(adev); + + i2c_del_adapter(&dev->adap); +@@ -1049,7 +1048,6 @@ static void nmk_i2c_remove(struct amba_device *adev) + clear_all_interrupts(dev); + /* disable the controller */ + i2c_clr_bit(dev->virtbase + I2C_CR, I2C_CR_PE); +- release_mem_region(res->start, resource_size(res)); + } + + static struct i2c_vendor_data vendor_stn8815 = { +-- +2.39.2 + diff --git a/queue-5.10/i2c-nomadik-remove-unnecessary-goto-label.patch b/queue-5.10/i2c-nomadik-remove-unnecessary-goto-label.patch new file mode 100644 index 00000000000..88c65a6f184 --- /dev/null +++ b/queue-5.10/i2c-nomadik-remove-unnecessary-goto-label.patch @@ -0,0 +1,85 @@ +From 55f8f0b00501afc04e5d76a789885014fc34866e Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 11 Jun 2023 03:36:59 +0200 +Subject: i2c: nomadik: Remove unnecessary goto label + +From: Andi Shyti + +[ Upstream commit 1c5d33fff0d375e4ab7c4261dc62a286babbb4c6 ] + +The err_no_mem goto label doesn't do anything. Remove it. + +Signed-off-by: Andi Shyti +Reviewed-by: Linus Walleij +Signed-off-by: Wolfram Sang +Stable-dep-of: 05f933d5f731 ("i2c: nomadik: Remove a useless call in the remove function") +Signed-off-by: Sasha Levin +--- + drivers/i2c/busses/i2c-nomadik.c | 21 ++++++++------------- + 1 file changed, 8 insertions(+), 13 deletions(-) + +diff --git a/drivers/i2c/busses/i2c-nomadik.c b/drivers/i2c/busses/i2c-nomadik.c +index 4eb087575d962..03a08fa679bb4 100644 +--- a/drivers/i2c/busses/i2c-nomadik.c ++++ b/drivers/i2c/busses/i2c-nomadik.c +@@ -971,10 +971,9 @@ static int nmk_i2c_probe(struct amba_device *adev, const struct amba_id *id) + u32 max_fifo_threshold = (vendor->fifodepth / 2) - 1; + + dev = devm_kzalloc(&adev->dev, sizeof(*dev), GFP_KERNEL); +- if (!dev) { +- ret = -ENOMEM; +- goto err_no_mem; +- } ++ if (!dev) ++ return -ENOMEM; ++ + dev->vendor = vendor; + dev->adev = adev; + nmk_i2c_of_probe(np, dev); +@@ -995,30 +994,27 @@ static int nmk_i2c_probe(struct amba_device *adev, const struct amba_id *id) + + dev->virtbase = devm_ioremap(&adev->dev, adev->res.start, + resource_size(&adev->res)); +- if (!dev->virtbase) { +- ret = -ENOMEM; +- goto err_no_mem; +- } ++ if (!dev->virtbase) ++ return -ENOMEM; + + dev->irq = adev->irq[0]; + ret = devm_request_irq(&adev->dev, dev->irq, i2c_irq_handler, 0, + DRIVER_NAME, dev); + if (ret) { + dev_err(&adev->dev, "cannot claim the irq %d\n", dev->irq); +- goto err_no_mem; ++ return ret; + } + + dev->clk = devm_clk_get(&adev->dev, NULL); + if (IS_ERR(dev->clk)) { + dev_err(&adev->dev, "could not get i2c clock\n"); +- ret = PTR_ERR(dev->clk); +- goto err_no_mem; ++ return PTR_ERR(dev->clk); + } + + ret = clk_prepare_enable(dev->clk); + if (ret) { + dev_err(&adev->dev, "can't prepare_enable clock\n"); +- goto err_no_mem; ++ return ret; + } + + init_hw(dev); +@@ -1049,7 +1045,6 @@ static int nmk_i2c_probe(struct amba_device *adev, const struct amba_id *id) + + err_no_adap: + clk_disable_unprepare(dev->clk); +- err_no_mem: + + return ret; + } +-- +2.39.2 + diff --git a/queue-5.10/i2c-nomadik-use-devm_clk_get_enabled.patch b/queue-5.10/i2c-nomadik-use-devm_clk_get_enabled.patch new file mode 100644 index 00000000000..05f23d9f1ad --- /dev/null +++ b/queue-5.10/i2c-nomadik-use-devm_clk_get_enabled.patch @@ -0,0 +1,76 @@ +From d87b95b3836e25f0d8c2f0e06f5d49c67da6efc0 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 11 Jun 2023 03:37:00 +0200 +Subject: i2c: nomadik: Use devm_clk_get_enabled() + +From: Andi Shyti + +[ Upstream commit 9c7174db4cdd111e10d19eed5c36fd978a14c8a2 ] + +Replace the pair of functions, devm_clk_get() and +clk_prepare_enable(), with a single function +devm_clk_get_enabled(). + +Signed-off-by: Andi Shyti +Reviewed-by: Linus Walleij +Signed-off-by: Wolfram Sang +Stable-dep-of: 05f933d5f731 ("i2c: nomadik: Remove a useless call in the remove function") +Signed-off-by: Sasha Levin +--- + drivers/i2c/busses/i2c-nomadik.c | 18 +++--------------- + 1 file changed, 3 insertions(+), 15 deletions(-) + +diff --git a/drivers/i2c/busses/i2c-nomadik.c b/drivers/i2c/busses/i2c-nomadik.c +index 03a08fa679bb4..344d1daa4ea06 100644 +--- a/drivers/i2c/busses/i2c-nomadik.c ++++ b/drivers/i2c/busses/i2c-nomadik.c +@@ -1005,18 +1005,12 @@ static int nmk_i2c_probe(struct amba_device *adev, const struct amba_id *id) + return ret; + } + +- dev->clk = devm_clk_get(&adev->dev, NULL); ++ dev->clk = devm_clk_get_enabled(&adev->dev, NULL); + if (IS_ERR(dev->clk)) { +- dev_err(&adev->dev, "could not get i2c clock\n"); ++ dev_err(&adev->dev, "could enable i2c clock\n"); + return PTR_ERR(dev->clk); + } + +- ret = clk_prepare_enable(dev->clk); +- if (ret) { +- dev_err(&adev->dev, "can't prepare_enable clock\n"); +- return ret; +- } +- + init_hw(dev); + + adap = &dev->adap; +@@ -1037,16 +1031,11 @@ static int nmk_i2c_probe(struct amba_device *adev, const struct amba_id *id) + + ret = i2c_add_adapter(adap); + if (ret) +- goto err_no_adap; ++ return ret; + + pm_runtime_put(&adev->dev); + + return 0; +- +- err_no_adap: +- clk_disable_unprepare(dev->clk); +- +- return ret; + } + + static void nmk_i2c_remove(struct amba_device *adev) +@@ -1060,7 +1049,6 @@ static void nmk_i2c_remove(struct amba_device *adev) + clear_all_interrupts(dev); + /* disable the controller */ + i2c_clr_bit(dev->virtbase + I2C_CR, I2C_CR_PE); +- clk_disable_unprepare(dev->clk); + release_mem_region(res->start, resource_size(res)); + } + +-- +2.39.2 + diff --git a/queue-5.10/io_uring-don-t-audit-the-capability-check-in-io_urin.patch b/queue-5.10/io_uring-don-t-audit-the-capability-check-in-io_urin.patch new file mode 100644 index 00000000000..0d8f242b78e --- /dev/null +++ b/queue-5.10/io_uring-don-t-audit-the-capability-check-in-io_urin.patch @@ -0,0 +1,47 @@ +From 9a0391e825dd5ddae4f011847e39b8e41ba79913 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 18 Jul 2023 13:56:07 +0200 +Subject: io_uring: don't audit the capability check in io_uring_create() + +From: Ondrej Mosnacek + +[ Upstream commit 6adc2272aaaf84f34b652cf77f770c6fcc4b8336 ] + +The check being unconditional may lead to unwanted denials reported by +LSMs when a process has the capability granted by DAC, but denied by an +LSM. In the case of SELinux such denials are a problem, since they can't +be effectively filtered out via the policy and when not silenced, they +produce noise that may hide a true problem or an attack. + +Since not having the capability merely means that the created io_uring +context will be accounted against the current user's RLIMIT_MEMLOCK +limit, we can disable auditing of denials for this check by using +ns_capable_noaudit() instead of capable(). + +Fixes: 2b188cc1bb85 ("Add io_uring IO interface") +Link: https://bugzilla.redhat.com/show_bug.cgi?id=2193317 +Signed-off-by: Ondrej Mosnacek +Reviewed-by: Jeff Moyer +Link: https://lore.kernel.org/r/20230718115607.65652-1-omosnace@redhat.com +Signed-off-by: Jens Axboe +Signed-off-by: Sasha Levin +--- + io_uring/io_uring.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c +index 51e6ebe72caf9..f84584b762d09 100644 +--- a/io_uring/io_uring.c ++++ b/io_uring/io_uring.c +@@ -10431,7 +10431,7 @@ static int io_uring_create(unsigned entries, struct io_uring_params *p, + if (!ctx) + return -ENOMEM; + ctx->compat = in_compat_syscall(); +- if (!capable(CAP_IPC_LOCK)) ++ if (!ns_capable_noaudit(&init_user_ns, CAP_IPC_LOCK)) + ctx->user = get_uid(current_user()); + + /* +-- +2.39.2 + diff --git a/queue-5.10/kvm-s390-pv-fix-index-value-of-replaced-asce.patch b/queue-5.10/kvm-s390-pv-fix-index-value-of-replaced-asce.patch new file mode 100644 index 00000000000..c646251d0bd --- /dev/null +++ b/queue-5.10/kvm-s390-pv-fix-index-value-of-replaced-asce.patch @@ -0,0 +1,46 @@ +From e409e428e68a14a86d6a349df526b855ce449124 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 5 Jul 2023 13:19:37 +0200 +Subject: KVM: s390: pv: fix index value of replaced ASCE +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Claudio Imbrenda + +[ Upstream commit c2fceb59bbda16468bda82b002383bff59de89ab ] + +The index field of the struct page corresponding to a guest ASCE should +be 0. When replacing the ASCE in s390_replace_asce(), the index of the +new ASCE should also be set to 0. + +Having the wrong index might lead to the wrong addresses being passed +around when notifying pte invalidations, and eventually to validity +intercepts (VM crash) if the prefix gets unmapped and the notifier gets +called with the wrong address. + +Reviewed-by: Philippe Mathieu-Daudé +Fixes: faa2f72cb356 ("KVM: s390: pv: leak the topmost page table when destroy fails") +Reviewed-by: Janosch Frank +Signed-off-by: Claudio Imbrenda +Message-ID: <20230705111937.33472-3-imbrenda@linux.ibm.com> +Signed-off-by: Sasha Levin +--- + arch/s390/mm/gmap.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/arch/s390/mm/gmap.c b/arch/s390/mm/gmap.c +index 03e561608eed4..b5a60fbb96644 100644 +--- a/arch/s390/mm/gmap.c ++++ b/arch/s390/mm/gmap.c +@@ -2786,6 +2786,7 @@ int s390_replace_asce(struct gmap *gmap) + page = alloc_pages(GFP_KERNEL_ACCOUNT, CRST_ALLOC_ORDER); + if (!page) + return -ENOMEM; ++ page->index = 0; + table = page_to_virt(page); + memcpy(table, gmap->table, 1UL << (CRST_ALLOC_ORDER + PAGE_SHIFT)); + +-- +2.39.2 + diff --git a/queue-5.10/pci-aspm-avoid-link-retraining-race.patch b/queue-5.10/pci-aspm-avoid-link-retraining-race.patch new file mode 100644 index 00000000000..c32c36826b0 --- /dev/null +++ b/queue-5.10/pci-aspm-avoid-link-retraining-race.patch @@ -0,0 +1,64 @@ +From 3f1b197daa2adbb5b240cac9382b7486f961f7ca Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 2 May 2023 11:39:23 +0300 +Subject: PCI/ASPM: Avoid link retraining race +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Ilpo Järvinen + +[ Upstream commit e7e39756363ad5bd83ddeae1063193d0f13870fd ] + +PCIe r6.0.1, sec 7.5.3.7, recommends setting the link control parameters, +then waiting for the Link Training bit to be clear before setting the +Retrain Link bit. + +This avoids a race where the LTSSM may not use the updated parameters if it +is already in the midst of link training because of other normal link +activity. + +Wait for the Link Training bit to be clear before toggling the Retrain Link +bit to ensure that the LTSSM uses the updated link control parameters. + +[bhelgaas: commit log, return 0 (success)/-ETIMEDOUT instead of bool for +both pcie_wait_for_retrain() and the existing pcie_retrain_link()] +Suggested-by: Lukas Wunner +Fixes: 7d715a6c1ae5 ("PCI: add PCI Express ASPM support") +Link: https://lore.kernel.org/r/20230502083923.34562-1-ilpo.jarvinen@linux.intel.com +Signed-off-by: Ilpo Järvinen +Signed-off-by: Bjorn Helgaas +Reviewed-by: Lukas Wunner +Cc: stable@vger.kernel.org +Signed-off-by: Sasha Levin +--- + drivers/pci/pcie/aspm.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/drivers/pci/pcie/aspm.c b/drivers/pci/pcie/aspm.c +index 927f0a02489cb..7a3cf8aaec256 100644 +--- a/drivers/pci/pcie/aspm.c ++++ b/drivers/pci/pcie/aspm.c +@@ -212,8 +212,19 @@ static int pcie_wait_for_retrain(struct pci_dev *pdev) + static int pcie_retrain_link(struct pcie_link_state *link) + { + struct pci_dev *parent = link->pdev; ++ int rc; + u16 reg16; + ++ /* ++ * Ensure the updated LNKCTL parameters are used during link ++ * training by checking that there is no ongoing link training to ++ * avoid LTSSM race as recommended in Implementation Note at the ++ * end of PCIe r6.0.1 sec 7.5.3.7. ++ */ ++ rc = pcie_wait_for_retrain(parent); ++ if (rc) ++ return rc; ++ + pcie_capability_read_word(parent, PCI_EXP_LNKCTL, ®16); + reg16 |= PCI_EXP_LNKCTL_RL; + pcie_capability_write_word(parent, PCI_EXP_LNKCTL, reg16); +-- +2.39.2 + diff --git a/queue-5.10/pci-aspm-factor-out-pcie_wait_for_retrain.patch b/queue-5.10/pci-aspm-factor-out-pcie_wait_for_retrain.patch new file mode 100644 index 00000000000..d573b2ce77b --- /dev/null +++ b/queue-5.10/pci-aspm-factor-out-pcie_wait_for_retrain.patch @@ -0,0 +1,79 @@ +From bce12f6584cd006049dbe9f3cf950d836904aba7 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 20 Jun 2023 14:49:33 -0500 +Subject: PCI/ASPM: Factor out pcie_wait_for_retrain() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Ilpo Järvinen + +[ Upstream commit 9c7f136433d26592cb4d9cd00b4e15c33d9797c6 ] + +Factor pcie_wait_for_retrain() out from pcie_retrain_link(). No functional +change intended. + +[bhelgaas: split out from +https: //lore.kernel.org/r/20230502083923.34562-1-ilpo.jarvinen@linux.intel.com] +Signed-off-by: Ilpo Järvinen +Signed-off-by: Bjorn Helgaas +Stable-dep-of: e7e39756363a ("PCI/ASPM: Avoid link retraining race") +Signed-off-by: Sasha Levin +--- + drivers/pci/pcie/aspm.c | 30 ++++++++++++++++++------------ + 1 file changed, 18 insertions(+), 12 deletions(-) + +diff --git a/drivers/pci/pcie/aspm.c b/drivers/pci/pcie/aspm.c +index 166cb0077023e..927f0a02489cb 100644 +--- a/drivers/pci/pcie/aspm.c ++++ b/drivers/pci/pcie/aspm.c +@@ -192,10 +192,26 @@ static void pcie_clkpm_cap_init(struct pcie_link_state *link, int blacklist) + link->clkpm_disable = blacklist ? 1 : 0; + } + ++static int pcie_wait_for_retrain(struct pci_dev *pdev) ++{ ++ unsigned long end_jiffies; ++ u16 reg16; ++ ++ /* Wait for Link Training to be cleared by hardware */ ++ end_jiffies = jiffies + LINK_RETRAIN_TIMEOUT; ++ do { ++ pcie_capability_read_word(pdev, PCI_EXP_LNKSTA, ®16); ++ if (!(reg16 & PCI_EXP_LNKSTA_LT)) ++ return 0; ++ msleep(1); ++ } while (time_before(jiffies, end_jiffies)); ++ ++ return -ETIMEDOUT; ++} ++ + static int pcie_retrain_link(struct pcie_link_state *link) + { + struct pci_dev *parent = link->pdev; +- unsigned long end_jiffies; + u16 reg16; + + pcie_capability_read_word(parent, PCI_EXP_LNKCTL, ®16); +@@ -211,17 +227,7 @@ static int pcie_retrain_link(struct pcie_link_state *link) + pcie_capability_write_word(parent, PCI_EXP_LNKCTL, reg16); + } + +- /* Wait for link training end. Break out after waiting for timeout */ +- end_jiffies = jiffies + LINK_RETRAIN_TIMEOUT; +- do { +- pcie_capability_read_word(parent, PCI_EXP_LNKSTA, ®16); +- if (!(reg16 & PCI_EXP_LNKSTA_LT)) +- break; +- msleep(1); +- } while (time_before(jiffies, end_jiffies)); +- if (reg16 & PCI_EXP_LNKSTA_LT) +- return -ETIMEDOUT; +- return 0; ++ return pcie_wait_for_retrain(parent); + } + + /* +-- +2.39.2 + diff --git a/queue-5.10/pci-aspm-return-0-or-etimedout-from-pcie_retrain_lin.patch b/queue-5.10/pci-aspm-return-0-or-etimedout-from-pcie_retrain_lin.patch new file mode 100644 index 00000000000..45978f1dcc4 --- /dev/null +++ b/queue-5.10/pci-aspm-return-0-or-etimedout-from-pcie_retrain_lin.patch @@ -0,0 +1,72 @@ +From 96446094704ded6629d8701aed6a909534dcfb30 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 20 Jun 2023 14:44:55 -0500 +Subject: PCI/ASPM: Return 0 or -ETIMEDOUT from pcie_retrain_link() + +From: Bjorn Helgaas + +[ Upstream commit f5297a01ee805d7fa569d288ed65fc0f9ac9b03d ] + +"pcie_retrain_link" is not a question with a true/false answer, so "bool" +isn't quite the right return type. Return 0 for success or -ETIMEDOUT if +the retrain failed. No functional change intended. + +[bhelgaas: based on Ilpo's patch below] +Link: https://lore.kernel.org/r/20230502083923.34562-1-ilpo.jarvinen@linux.intel.com +Signed-off-by: Bjorn Helgaas +Stable-dep-of: e7e39756363a ("PCI/ASPM: Avoid link retraining race") +Signed-off-by: Sasha Levin +--- + drivers/pci/pcie/aspm.c | 20 +++++++++++--------- + 1 file changed, 11 insertions(+), 9 deletions(-) + +diff --git a/drivers/pci/pcie/aspm.c b/drivers/pci/pcie/aspm.c +index 51da8ba67d216..166cb0077023e 100644 +--- a/drivers/pci/pcie/aspm.c ++++ b/drivers/pci/pcie/aspm.c +@@ -192,7 +192,7 @@ static void pcie_clkpm_cap_init(struct pcie_link_state *link, int blacklist) + link->clkpm_disable = blacklist ? 1 : 0; + } + +-static bool pcie_retrain_link(struct pcie_link_state *link) ++static int pcie_retrain_link(struct pcie_link_state *link) + { + struct pci_dev *parent = link->pdev; + unsigned long end_jiffies; +@@ -219,7 +219,9 @@ static bool pcie_retrain_link(struct pcie_link_state *link) + break; + msleep(1); + } while (time_before(jiffies, end_jiffies)); +- return !(reg16 & PCI_EXP_LNKSTA_LT); ++ if (reg16 & PCI_EXP_LNKSTA_LT) ++ return -ETIMEDOUT; ++ return 0; + } + + /* +@@ -288,15 +290,15 @@ static void pcie_aspm_configure_common_clock(struct pcie_link_state *link) + reg16 &= ~PCI_EXP_LNKCTL_CCC; + pcie_capability_write_word(parent, PCI_EXP_LNKCTL, reg16); + +- if (pcie_retrain_link(link)) +- return; ++ if (pcie_retrain_link(link)) { + +- /* Training failed. Restore common clock configurations */ +- pci_err(parent, "ASPM: Could not configure common clock\n"); +- list_for_each_entry(child, &linkbus->devices, bus_list) +- pcie_capability_write_word(child, PCI_EXP_LNKCTL, ++ /* Training failed. Restore common clock configurations */ ++ pci_err(parent, "ASPM: Could not configure common clock\n"); ++ list_for_each_entry(child, &linkbus->devices, bus_list) ++ pcie_capability_write_word(child, PCI_EXP_LNKCTL, + child_reg[PCI_FUNC(child->devfn)]); +- pcie_capability_write_word(parent, PCI_EXP_LNKCTL, parent_reg); ++ pcie_capability_write_word(parent, PCI_EXP_LNKCTL, parent_reg); ++ } + } + + /* Convert L0s latency encoding to ns */ +-- +2.39.2 + diff --git a/queue-5.10/pwm-meson-fix-handling-of-period-duty-if-greater-tha.patch b/queue-5.10/pwm-meson-fix-handling-of-period-duty-if-greater-tha.patch new file mode 100644 index 00000000000..eb628166600 --- /dev/null +++ b/queue-5.10/pwm-meson-fix-handling-of-period-duty-if-greater-tha.patch @@ -0,0 +1,85 @@ +From b5252536565d94b78cf30120204d132b9e8a342d Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 24 May 2023 21:48:36 +0200 +Subject: pwm: meson: fix handling of period/duty if greater than UINT_MAX +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Heiner Kallweit + +[ Upstream commit 87a2cbf02d7701255f9fcca7e5bd864a7bb397cf ] + +state->period/duty are of type u64, and if their value is greater than +UINT_MAX, then the cast to uint will cause problems. Fix this by +changing the type of the respective local variables to u64. + +Fixes: b79c3670e120 ("pwm: meson: Don't duplicate the polarity internally") +Cc: stable@vger.kernel.org +Suggested-by: Uwe Kleine-König +Reviewed-by: Martin Blumenstingl +Signed-off-by: Heiner Kallweit +Signed-off-by: Thierry Reding +Signed-off-by: Sasha Levin +--- + drivers/pwm/pwm-meson.c | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +diff --git a/drivers/pwm/pwm-meson.c b/drivers/pwm/pwm-meson.c +index d3d9767aeb455..5b5fd16713501 100644 +--- a/drivers/pwm/pwm-meson.c ++++ b/drivers/pwm/pwm-meson.c +@@ -163,8 +163,9 @@ static int meson_pwm_calc(struct meson_pwm *meson, struct pwm_device *pwm, + const struct pwm_state *state) + { + struct meson_pwm_channel *channel = &meson->channels[pwm->hwpwm]; +- unsigned int duty, period, pre_div, cnt, duty_cnt; ++ unsigned int pre_div, cnt, duty_cnt; + unsigned long fin_freq; ++ u64 duty, period; + + duty = state->duty_cycle; + period = state->period; +@@ -186,19 +187,19 @@ static int meson_pwm_calc(struct meson_pwm *meson, struct pwm_device *pwm, + + dev_dbg(meson->chip.dev, "fin_freq: %lu Hz\n", fin_freq); + +- pre_div = div64_u64(fin_freq * (u64)period, NSEC_PER_SEC * 0xffffLL); ++ pre_div = div64_u64(fin_freq * period, NSEC_PER_SEC * 0xffffLL); + if (pre_div > MISC_CLK_DIV_MASK) { + dev_err(meson->chip.dev, "unable to get period pre_div\n"); + return -EINVAL; + } + +- cnt = div64_u64(fin_freq * (u64)period, NSEC_PER_SEC * (pre_div + 1)); ++ cnt = div64_u64(fin_freq * period, NSEC_PER_SEC * (pre_div + 1)); + if (cnt > 0xffff) { + dev_err(meson->chip.dev, "unable to get period cnt\n"); + return -EINVAL; + } + +- dev_dbg(meson->chip.dev, "period=%u pre_div=%u cnt=%u\n", period, ++ dev_dbg(meson->chip.dev, "period=%llu pre_div=%u cnt=%u\n", period, + pre_div, cnt); + + if (duty == period) { +@@ -211,14 +212,13 @@ static int meson_pwm_calc(struct meson_pwm *meson, struct pwm_device *pwm, + channel->lo = cnt; + } else { + /* Then check is we can have the duty with the same pre_div */ +- duty_cnt = div64_u64(fin_freq * (u64)duty, +- NSEC_PER_SEC * (pre_div + 1)); ++ duty_cnt = div64_u64(fin_freq * duty, NSEC_PER_SEC * (pre_div + 1)); + if (duty_cnt > 0xffff) { + dev_err(meson->chip.dev, "unable to get duty cycle\n"); + return -EINVAL; + } + +- dev_dbg(meson->chip.dev, "duty=%u pre_div=%u duty_cnt=%u\n", ++ dev_dbg(meson->chip.dev, "duty=%llu pre_div=%u duty_cnt=%u\n", + duty, pre_div, duty_cnt); + + channel->pre_div = pre_div; +-- +2.39.2 + diff --git a/queue-5.10/pwm-meson-simplify-duplicated-per-channel-tracking.patch b/queue-5.10/pwm-meson-simplify-duplicated-per-channel-tracking.patch new file mode 100644 index 00000000000..9af3e8f682f --- /dev/null +++ b/queue-5.10/pwm-meson-simplify-duplicated-per-channel-tracking.patch @@ -0,0 +1,77 @@ +From 05f85f0e7b5bde0de73f5e34a3215a198be8b1e7 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 8 Nov 2021 14:46:26 +0100 +Subject: pwm: meson: Simplify duplicated per-channel tracking +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Uwe Kleine-König + +[ Upstream commit 5f97f18feac9bd5a8163b108aee52d783114b36f ] + +The driver tracks per-channel data via struct pwm_device::chip_data and +struct meson_pwm::channels[]. The latter holds the actual data, the former +is only a pointer to the latter. So simplify by using struct +meson_pwm::channels[] consistently. + +Signed-off-by: Uwe Kleine-König +Reviewed-by: Martin Blumenstingl +Signed-off-by: Thierry Reding +Stable-dep-of: 87a2cbf02d77 ("pwm: meson: fix handling of period/duty if greater than UINT_MAX") +Signed-off-by: Sasha Levin +--- + drivers/pwm/pwm-meson.c | 11 ++++++----- + 1 file changed, 6 insertions(+), 5 deletions(-) + +diff --git a/drivers/pwm/pwm-meson.c b/drivers/pwm/pwm-meson.c +index 0283163ddbe8e..d3d9767aeb455 100644 +--- a/drivers/pwm/pwm-meson.c ++++ b/drivers/pwm/pwm-meson.c +@@ -147,12 +147,13 @@ static int meson_pwm_request(struct pwm_chip *chip, struct pwm_device *pwm) + return err; + } + +- return pwm_set_chip_data(pwm, channel); ++ return 0; + } + + static void meson_pwm_free(struct pwm_chip *chip, struct pwm_device *pwm) + { +- struct meson_pwm_channel *channel = pwm_get_chip_data(pwm); ++ struct meson_pwm *meson = to_meson_pwm(chip); ++ struct meson_pwm_channel *channel = &meson->channels[pwm->hwpwm]; + + if (channel) + clk_disable_unprepare(channel->clk); +@@ -161,7 +162,7 @@ static void meson_pwm_free(struct pwm_chip *chip, struct pwm_device *pwm) + static int meson_pwm_calc(struct meson_pwm *meson, struct pwm_device *pwm, + const struct pwm_state *state) + { +- struct meson_pwm_channel *channel = pwm_get_chip_data(pwm); ++ struct meson_pwm_channel *channel = &meson->channels[pwm->hwpwm]; + unsigned int duty, period, pre_div, cnt, duty_cnt; + unsigned long fin_freq; + +@@ -230,7 +231,7 @@ static int meson_pwm_calc(struct meson_pwm *meson, struct pwm_device *pwm, + + static void meson_pwm_enable(struct meson_pwm *meson, struct pwm_device *pwm) + { +- struct meson_pwm_channel *channel = pwm_get_chip_data(pwm); ++ struct meson_pwm_channel *channel = &meson->channels[pwm->hwpwm]; + struct meson_pwm_channel_data *channel_data; + unsigned long flags; + u32 value; +@@ -273,8 +274,8 @@ static void meson_pwm_disable(struct meson_pwm *meson, struct pwm_device *pwm) + static int meson_pwm_apply(struct pwm_chip *chip, struct pwm_device *pwm, + const struct pwm_state *state) + { +- struct meson_pwm_channel *channel = pwm_get_chip_data(pwm); + struct meson_pwm *meson = to_meson_pwm(chip); ++ struct meson_pwm_channel *channel = &meson->channels[pwm->hwpwm]; + int err = 0; + + if (!state) +-- +2.39.2 + diff --git a/queue-5.10/series b/queue-5.10/series new file mode 100644 index 00000000000..093b464233c --- /dev/null +++ b/queue-5.10/series @@ -0,0 +1,21 @@ +kvm-s390-pv-fix-index-value-of-replaced-asce.patch +io_uring-don-t-audit-the-capability-check-in-io_urin.patch +gpio-tps68470-make-tps68470_gpio_output-always-set-t.patch +btrfs-fix-race-between-quota-disable-and-relocation.patch +btrfs-fix-extent-buffer-leak-after-tree-mod-log-fail.patch +i2c-delete-error-messages-for-failed-memory-allocati.patch +i2c-improve-size-determinations.patch +i2c-nomadik-remove-unnecessary-goto-label.patch +i2c-nomadik-use-devm_clk_get_enabled.patch +i2c-nomadik-remove-a-useless-call-in-the-remove-func.patch +pci-aspm-return-0-or-etimedout-from-pcie_retrain_lin.patch +pci-aspm-factor-out-pcie_wait_for_retrain.patch +pci-aspm-avoid-link-retraining-race.patch +dlm-cleanup-plock_op-vs-plock_xop.patch +dlm-rearrange-async-condition-return.patch +fs-dlm-interrupt-posix-locks-only-when-process-is-ki.patch +drm-ttm-add-ttm_bo_pin-ttm_bo_unpin-v2.patch +drm-ttm-never-consider-pinned-bos-for-eviction-swap.patch +tracing-show-real-address-for-trace-event-arguments.patch +pwm-meson-simplify-duplicated-per-channel-tracking.patch +pwm-meson-fix-handling-of-period-duty-if-greater-tha.patch diff --git a/queue-5.10/tracing-show-real-address-for-trace-event-arguments.patch b/queue-5.10/tracing-show-real-address-for-trace-event-arguments.patch new file mode 100644 index 00000000000..59c29b3c69d --- /dev/null +++ b/queue-5.10/tracing-show-real-address-for-trace-event-arguments.patch @@ -0,0 +1,223 @@ +From b7232fe8bb667cf4c8ff120b26940365451189fc Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 15 Oct 2020 23:55:07 +0900 +Subject: tracing: Show real address for trace event arguments + +From: Masami Hiramatsu + +[ Upstream commit efbbdaa22bb78761bff8dfdde027ad04bedd47ce ] + +To help debugging kernel, show real address for trace event arguments +in tracefs/trace{,pipe} instead of hashed pointer value. + +Since ftrace human-readable format uses vsprintf(), all %p are +translated to hash values instead of pointer address. + +However, when debugging the kernel, raw address value gives a +hint when comparing with the memory mapping in the kernel. +(Those are sometimes used with crash log, which is not hashed too) +So converting %p with %px when calling trace_seq_printf(). + +Moreover, this is not improving the security because the tracefs +can be used only by root user and the raw address values are readable +from tracefs/percpu/cpu*/trace_pipe_raw file. + +Link: https://lkml.kernel.org/r/160277370703.29307.5134475491761971203.stgit@devnote2 + +Signed-off-by: Masami Hiramatsu +Signed-off-by: Steven Rostedt (VMware) +Stable-dep-of: d5a821896360 ("tracing: Fix memory leak of iter->temp when reading trace_pipe") +Signed-off-by: Sasha Levin +--- + include/linux/trace_events.h | 4 ++ + include/trace/trace_events.h | 2 +- + kernel/trace/trace.c | 71 +++++++++++++++++++++++++++++++++++- + kernel/trace/trace.h | 2 + + kernel/trace/trace_output.c | 12 +++++- + 5 files changed, 88 insertions(+), 3 deletions(-) + +diff --git a/include/linux/trace_events.h b/include/linux/trace_events.h +index c57b79301a75e..e418065c2c909 100644 +--- a/include/linux/trace_events.h ++++ b/include/linux/trace_events.h +@@ -55,6 +55,8 @@ struct trace_event; + + int trace_raw_output_prep(struct trace_iterator *iter, + struct trace_event *event); ++extern __printf(2, 3) ++void trace_event_printf(struct trace_iterator *iter, const char *fmt, ...); + + /* + * The trace entry - the most basic unit of tracing. This is what +@@ -87,6 +89,8 @@ struct trace_iterator { + unsigned long iter_flags; + void *temp; /* temp holder */ + unsigned int temp_size; ++ char *fmt; /* modified format holder */ ++ unsigned int fmt_size; + + /* trace_seq for __print_flags() and __print_symbolic() etc. */ + struct trace_seq tmp_seq; +diff --git a/include/trace/trace_events.h b/include/trace/trace_events.h +index 717d388ecbd6a..29917bce6dbc5 100644 +--- a/include/trace/trace_events.h ++++ b/include/trace/trace_events.h +@@ -364,7 +364,7 @@ trace_raw_output_##call(struct trace_iterator *iter, int flags, \ + if (ret != TRACE_TYPE_HANDLED) \ + return ret; \ + \ +- trace_seq_printf(s, print); \ ++ trace_event_printf(iter, print); \ + \ + return trace_handle_return(s); \ + } \ +diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c +index 7867fc39c4fc5..bed792f065758 100644 +--- a/kernel/trace/trace.c ++++ b/kernel/trace/trace.c +@@ -3582,6 +3582,62 @@ __find_next_entry(struct trace_iterator *iter, int *ent_cpu, + return next; + } + ++#define STATIC_FMT_BUF_SIZE 128 ++static char static_fmt_buf[STATIC_FMT_BUF_SIZE]; ++ ++static char *trace_iter_expand_format(struct trace_iterator *iter) ++{ ++ char *tmp; ++ ++ if (iter->fmt == static_fmt_buf) ++ return NULL; ++ ++ tmp = krealloc(iter->fmt, iter->fmt_size + STATIC_FMT_BUF_SIZE, ++ GFP_KERNEL); ++ if (tmp) { ++ iter->fmt_size += STATIC_FMT_BUF_SIZE; ++ iter->fmt = tmp; ++ } ++ ++ return tmp; ++} ++ ++const char *trace_event_format(struct trace_iterator *iter, const char *fmt) ++{ ++ const char *p, *new_fmt; ++ char *q; ++ ++ if (WARN_ON_ONCE(!fmt)) ++ return fmt; ++ ++ p = fmt; ++ new_fmt = q = iter->fmt; ++ while (*p) { ++ if (unlikely(q - new_fmt + 3 > iter->fmt_size)) { ++ if (!trace_iter_expand_format(iter)) ++ return fmt; ++ ++ q += iter->fmt - new_fmt; ++ new_fmt = iter->fmt; ++ } ++ ++ *q++ = *p++; ++ ++ /* Replace %p with %px */ ++ if (p[-1] == '%') { ++ if (p[0] == '%') { ++ *q++ = *p++; ++ } else if (p[0] == 'p' && !isalnum(p[1])) { ++ *q++ = *p++; ++ *q++ = 'x'; ++ } ++ } ++ } ++ *q = '\0'; ++ ++ return new_fmt; ++} ++ + #define STATIC_TEMP_BUF_SIZE 128 + static char static_temp_buf[STATIC_TEMP_BUF_SIZE] __aligned(4); + +@@ -4368,6 +4424,16 @@ __tracing_open(struct inode *inode, struct file *file, bool snapshot) + if (iter->temp) + iter->temp_size = 128; + ++ /* ++ * trace_event_printf() may need to modify given format ++ * string to replace %p with %px so that it shows real address ++ * instead of hash value. However, that is only for the event ++ * tracing, other tracer may not need. Defer the allocation ++ * until it is needed. ++ */ ++ iter->fmt = NULL; ++ iter->fmt_size = 0; ++ + /* + * We make a copy of the current tracer to avoid concurrent + * changes on it while we are reading. +@@ -4519,6 +4585,7 @@ static int tracing_release(struct inode *inode, struct file *file) + + mutex_destroy(&iter->mutex); + free_cpumask_var(iter->started); ++ kfree(iter->fmt); + kfree(iter->temp); + kfree(iter->trace); + kfree(iter->buffer_iter); +@@ -9382,9 +9449,11 @@ void ftrace_dump(enum ftrace_dump_mode oops_dump_mode) + + /* Simulate the iterator */ + trace_init_global_iter(&iter); +- /* Can not use kmalloc for iter.temp */ ++ /* Can not use kmalloc for iter.temp and iter.fmt */ + iter.temp = static_temp_buf; + iter.temp_size = STATIC_TEMP_BUF_SIZE; ++ iter.fmt = static_fmt_buf; ++ iter.fmt_size = STATIC_FMT_BUF_SIZE; + + for_each_tracing_cpu(cpu) { + atomic_inc(&per_cpu_ptr(iter.array_buffer->data, cpu)->disabled); +diff --git a/kernel/trace/trace.h b/kernel/trace/trace.h +index e5b505b5b7d09..892b3d2f33b79 100644 +--- a/kernel/trace/trace.h ++++ b/kernel/trace/trace.h +@@ -758,6 +758,8 @@ struct trace_entry *trace_find_next_entry(struct trace_iterator *iter, + void trace_buffer_unlock_commit_nostack(struct trace_buffer *buffer, + struct ring_buffer_event *event); + ++const char *trace_event_format(struct trace_iterator *iter, const char *fmt); ++ + int trace_empty(struct trace_iterator *iter); + + void *trace_find_next_entry_inc(struct trace_iterator *iter); +diff --git a/kernel/trace/trace_output.c b/kernel/trace/trace_output.c +index b3ee8d9b6b62a..94b0991717b6d 100644 +--- a/kernel/trace/trace_output.c ++++ b/kernel/trace/trace_output.c +@@ -312,13 +312,23 @@ int trace_raw_output_prep(struct trace_iterator *iter, + } + EXPORT_SYMBOL(trace_raw_output_prep); + ++void trace_event_printf(struct trace_iterator *iter, const char *fmt, ...) ++{ ++ va_list ap; ++ ++ va_start(ap, fmt); ++ trace_seq_vprintf(&iter->seq, trace_event_format(iter, fmt), ap); ++ va_end(ap); ++} ++EXPORT_SYMBOL(trace_event_printf); ++ + static int trace_output_raw(struct trace_iterator *iter, char *name, + char *fmt, va_list ap) + { + struct trace_seq *s = &iter->seq; + + trace_seq_printf(s, "%s: ", name); +- trace_seq_vprintf(s, fmt, ap); ++ trace_seq_vprintf(s, trace_event_format(iter, fmt), ap); + + return trace_handle_return(s); + } +-- +2.39.2 +