1. 01 Dec, 2021 3 commits
  2. 30 Nov, 2021 1 commit
  3. 26 Nov, 2021 3 commits
    • Matthew Auld's avatar
      drm/i915/gemfs: don't mark huge_opt as static · 3ccadbce
      Matthew Auld authored
      vfs_kernel_mount() modifies the passed in mount options, leaving us with
      "huge", instead of "huge=within_size". Normally this shouldn't matter
      with the usual module load/unload flow, however with the core_hotunplug
      IGT we are hitting the following, when re-probing the memory regions:
      
      i915 0000:00:02.0: [drm] Transparent Hugepage mode 'huge'
      tmpfs: Bad value for 'huge'
      [drm] Unable to create a private tmpfs mount, hugepage support will be disabled(-22).
      
      References: https://gitlab.freedesktop.org/drm/intel/-/issues/4651Signed-off-by: default avatarMatthew Auld <matthew.auld@intel.com>
      Cc: Tvrtko Ursulin <tvrtko.ursulin@linux.intel.com>
      Reviewed-by: default avatarTvrtko Ursulin <tvrtko.ursulin@intel.com>
      Link: https://patchwork.freedesktop.org/patch/msgid/20211126110843.2028582-1-matthew.auld@intel.com
      3ccadbce
    • Thomas Hellström's avatar
      drm/i915: Use __GFP_KSWAPD_RECLAIM in the capture code · 8b91cdd4
      Thomas Hellström authored
      The capture code is typically run entirely in the fence signalling
      critical path. We're about to add lockdep annotation in an upcoming patch
      which reveals a lockdep splat similar to the below one.
      
      Fix the associated potential deadlocks using __GFP_KSWAPD_RECLAIM
      (which is the same as GFP_WAIT, but open-coded for clarity) rather than
      GFP_KERNEL for memory allocation in the capture path. This has the
      potential drawback that capture might fail in situations with memory
      pressure.
      
      [  234.842048] WARNING: possible circular locking dependency detected
      [  234.842050] 5.15.0-rc7+ #20 Tainted: G     U  W
      [  234.842052] ------------------------------------------------------
      [  234.842054] gem_exec_captur/1180 is trying to acquire lock:
      [  234.842056] ffffffffa3e51c00 (fs_reclaim){+.+.}-{0:0}, at: __kmalloc+0x4d/0x330
      [  234.842063]
                     but task is already holding lock:
      [  234.842064] ffffffffa3f57620 (dma_fence_map){++++}-{0:0}, at: i915_vma_snapshot_resource_pin+0x27/0x30 [i915]
      [  234.842138]
                     which lock already depends on the new lock.
      
      [  234.842140]
                     the existing dependency chain (in reverse order) is:
      [  234.842142]
                     -> #2 (dma_fence_map){++++}-{0:0}:
      [  234.842145]        __dma_fence_might_wait+0x41/0xa0
      [  234.842149]        dma_resv_lockdep+0x1dc/0x28f
      [  234.842151]        do_one_initcall+0x58/0x2d0
      [  234.842154]        kernel_init_freeable+0x273/0x2bf
      [  234.842157]        kernel_init+0x16/0x120
      [  234.842160]        ret_from_fork+0x1f/0x30
      [  234.842163]
                     -> #1 (mmu_notifier_invalidate_range_start){+.+.}-{0:0}:
      [  234.842166]        fs_reclaim_acquire+0x6d/0xd0
      [  234.842168]        __kmalloc_node+0x51/0x3a0
      [  234.842171]        alloc_cpumask_var_node+0x1b/0x30
      [  234.842174]        native_smp_prepare_cpus+0xc7/0x292
      [  234.842177]        kernel_init_freeable+0x160/0x2bf
      [  234.842179]        kernel_init+0x16/0x120
      [  234.842181]        ret_from_fork+0x1f/0x30
      [  234.842184]
                     -> #0 (fs_reclaim){+.+.}-{0:0}:
      [  234.842186]        __lock_acquire+0x1161/0x1dc0
      [  234.842189]        lock_acquire+0xb5/0x2b0
      [  234.842192]        fs_reclaim_acquire+0xa1/0xd0
      [  234.842193]        __kmalloc+0x4d/0x330
      [  234.842196]        i915_vma_coredump_create+0x78/0x5b0 [i915]
      [  234.842253]        intel_engine_coredump_add_vma+0x36/0xe0 [i915]
      [  234.842307]        __i915_gpu_coredump+0x290/0x5e0 [i915]
      [  234.842365]        i915_capture_error_state+0x57/0xa0 [i915]
      [  234.842415]        intel_gt_handle_error+0x348/0x3e0 [i915]
      [  234.842462]        intel_gt_debugfs_reset_store+0x3c/0x90 [i915]
      [  234.842504]        simple_attr_write+0xc1/0xe0
      [  234.842507]        full_proxy_write+0x53/0x80
      [  234.842509]        vfs_write+0xbc/0x350
      [  234.842513]        ksys_write+0x58/0xd0
      [  234.842514]        do_syscall_64+0x38/0x90
      [  234.842516]        entry_SYSCALL_64_after_hwframe+0x44/0xae
      [  234.842519]
                     other info that might help us debug this:
      
      [  234.842521] Chain exists of:
                       fs_reclaim --> mmu_notifier_invalidate_range_start --> dma_fence_map
      
      [  234.842526]  Possible unsafe locking scenario:
      
      [  234.842528]        CPU0                    CPU1
      [  234.842529]        ----                    ----
      [  234.842531]   lock(dma_fence_map);
      [  234.842532]                                lock(mmu_notifier_invalidate_range_start);
      [  234.842535]                                lock(dma_fence_map);
      [  234.842537]   lock(fs_reclaim);
      [  234.842539]
                      *** DEADLOCK ***
      
      [  234.842540] 4 locks held by gem_exec_captur/1180:
      [  234.842543]  #0: ffff9007812d9460 (sb_writers#17){.+.+}-{0:0}, at: ksys_write+0x58/0xd0
      [  234.842547]  #1: ffff900781d9ecb8 (&attr->mutex){+.+.}-{3:3}, at: simple_attr_write+0x3a/0xe0
      [  234.842552]  #2: ffffffffc11913a8 (capture_mutex){+.+.}-{3:3}, at: i915_capture_error_state+0x1a/0xa0 [i915]
      [  234.842602]  #3: ffffffffa3f57620 (dma_fence_map){++++}-{0:0}, at: i915_vma_snapshot_resource_pin+0x27/0x30 [i915]
      [  234.842656]
                     stack backtrace:
      [  234.842658] CPU: 0 PID: 1180 Comm: gem_exec_captur Tainted: G     U  W         5.15.0-rc7+ #20
      [  234.842661] Hardware name: ASUS System Product Name/PRIME B560M-A AC, BIOS 0403 01/26/2021
      [  234.842664] Call Trace:
      [  234.842666]  dump_stack_lvl+0x57/0x72
      [  234.842669]  check_noncircular+0xde/0x100
      [  234.842672]  ? __lock_acquire+0x3bf/0x1dc0
      [  234.842675]  __lock_acquire+0x1161/0x1dc0
      [  234.842678]  lock_acquire+0xb5/0x2b0
      [  234.842680]  ? __kmalloc+0x4d/0x330
      [  234.842683]  ? finish_task_switch.isra.0+0xf2/0x360
      [  234.842686]  ? i915_vma_coredump_create+0x78/0x5b0 [i915]
      [  234.842734]  fs_reclaim_acquire+0xa1/0xd0
      [  234.842737]  ? __kmalloc+0x4d/0x330
      [  234.842739]  __kmalloc+0x4d/0x330
      [  234.842742]  i915_vma_coredump_create+0x78/0x5b0 [i915]
      [  234.842793]  ? capture_vma+0xbe/0x110 [i915]
      [  234.842844]  intel_engine_coredump_add_vma+0x36/0xe0 [i915]
      [  234.842892]  __i915_gpu_coredump+0x290/0x5e0 [i915]
      [  234.842939]  i915_capture_error_state+0x57/0xa0 [i915]
      [  234.842985]  intel_gt_handle_error+0x348/0x3e0 [i915]
      [  234.843032]  ? __mutex_lock+0x81/0x830
      [  234.843035]  ? simple_attr_write+0x3a/0xe0
      [  234.843038]  ? __lock_acquire+0x3bf/0x1dc0
      [  234.843041]  intel_gt_debugfs_reset_store+0x3c/0x90 [i915]
      [  234.843083]  ? _copy_from_user+0x45/0x80
      [  234.843086]  simple_attr_write+0xc1/0xe0
      [  234.843089]  full_proxy_write+0x53/0x80
      [  234.843091]  vfs_write+0xbc/0x350
      [  234.843094]  ksys_write+0x58/0xd0
      [  234.843096]  do_syscall_64+0x38/0x90
      [  234.843098]  entry_SYSCALL_64_after_hwframe+0x44/0xae
      [  234.843101] RIP: 0033:0x7fa467480877
      [  234.843103] Code: 75 05 48 83 c4 58 c3 e8 37 4e ff ff 0f 1f 80 00 00 00 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 48 89 54 24 18 48 89 74 24
      [  234.843108] RSP: 002b:00007ffd14d79b08 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
      [  234.843112] RAX: ffffffffffffffda RBX: 00007ffd14d79b60 RCX: 00007fa467480877
      [  234.843114] RDX: 0000000000000014 RSI: 00007ffd14d79b60 RDI: 0000000000000007
      [  234.843116] RBP: 0000000000000007 R08: 0000000000000000 R09: 00007ffd14d79ab0
      [  234.843119] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000014
      [  234.843121] R13: 0000000000000000 R14: 00007ffd14d79b60 R15: 0000000000000005
      
      v5:
      - Use __GFP_KSWAPD_RECLAIM rather than __GFP_NOWAIT for clarity.
        (Daniel Vetter)
      v6:
      - Include an instance in execlists_capture_work().
      - Rework the commit message due to patch reordering.
      Signed-off-by: default avatarThomas Hellström <thomas.hellstrom@linux.intel.com>
      Reviewed-by: default avatarRamalingam C <ramalingam.c@intel.com>
      Link: https://patchwork.freedesktop.org/patch/msgid/20211108174547.979714-3-thomas.hellstrom@linux.intel.com
      8b91cdd4
    • Thomas Hellström's avatar
      drm/i915: Avoid allocating a page array for the gpu coredump · e45b98ba
      Thomas Hellström authored
      The gpu coredump typically takes place in a dma_fence signalling
      critical path, and hence can't use GFP_KERNEL allocations, as that
      means we might hit deadlocks under memory pressure. However
      changing to __GFP_KSWAPD_RECLAIM which will be done in an upcoming
      patch will instead mean a lower chance of the allocation succeeding.
      In particular large contigous allocations like the coredump page
      vector.
      Remove the page vector in favor of a linked list of single pages.
      Use the page lru list head as the list link, as the page owner is
      allowed to do that.
      Signed-off-by: default avatarThomas Hellström <thomas.hellstrom@linux.intel.com>
      Reviewed-by: default avatarRamalingam C <ramalingam.c@intel.com>
      Link: https://patchwork.freedesktop.org/patch/msgid/20211108174547.979714-2-thomas.hellstrom@linux.intel.com
      e45b98ba
  4. 25 Nov, 2021 8 commits
  5. 24 Nov, 2021 1 commit
  6. 23 Nov, 2021 4 commits
    • Tejas Upadhyay's avatar
      drm/i915/gt: Hold RPM wakelock during PXP suspend · d22d446f
      Tejas Upadhyay authored
      selftest --r live shows failure in suspend tests when
      RPM wakelock is not acquired during suspend.
      
      This changes addresses below error :
      <4> [154.177535] RPM wakelock ref not held during HW access
      <4> [154.177575] WARNING: CPU: 4 PID: 5772 at
      drivers/gpu/drm/i915/intel_runtime_pm.h:113
      fwtable_write32+0x240/0x320 [i915]
      <4> [154.177974] Modules linked in: i915(+) vgem drm_shmem_helper
      fuse snd_hda_codec_hdmi snd_hda_codec_realtek snd_hda_codec_generic
      ledtrig_audio mei_hdcp mei_pxp x86_pkg_temp_thermal coretemp
      crct10dif_pclmul crc32_pclmul ghash_clmulni_intel snd_intel_dspcfg
      snd_hda_codec snd_hwdep igc snd_hda_core ttm mei_me ptp
      snd_pcm prime_numbers mei i2c_i801 pps_core i2c_smbus intel_lpss_pci
      btusb btrtl btbcm btintel bluetooth ecdh_generic ecc [last unloaded: i915]
      <4> [154.178143] CPU: 4 PID: 5772 Comm: i915_selftest Tainted: G
      U            5.15.0-rc6-CI-Patchwork_21432+ #1
      <4> [154.178154] Hardware name: ASUS System Product Name/TUF GAMING
      Z590-PLUS WIFI, BIOS 0811 04/06/2021
      <4> [154.178160] RIP: 0010:fwtable_write32+0x240/0x320 [i915]
      <4> [154.178604] Code: 15 7b e1 0f 0b e9 34 fe ff ff 80 3d a9 89 31
      00 00 0f 85 31 fe ff ff 48 c7 c7 88 9e 4f a0 c6 05 95 89 31 00 01 e8
      c0 15 7b e1 <0f> 0b e9 17 fe ff ff 8b 05 0f 83 58 e2 85 c0 0f 85 8d
      00 00 00 48
      <4> [154.178614] RSP: 0018:ffffc900016279f0 EFLAGS: 00010286
      <4> [154.178626] RAX: 0000000000000000 RBX: ffff888204fe0ee0
      RCX: 0000000000000001
      <4> [154.178634] RDX: 0000000080000001 RSI: ffffffff823142b5
      RDI: 00000000ffffffff
      <4> [154.178641] RBP: 00000000000320f0 R08: 0000000000000000
      R09: c0000000ffffcd5a
      <4> [154.178647] R10: 00000000000f8c90 R11: ffffc90001627808
      R12: 0000000000000000
      <4> [154.178654] R13: 0000000040000000 R14: ffffffffa04d12e0
      R15: 0000000000000000
      <4> [154.178660] FS:  00007f7390aa4c00(0000) GS:ffff88844f000000(0000)
      knlGS:0000000000000000
      <4> [154.178669] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      <4> [154.178675] CR2: 000055bc40595028 CR3: 0000000204474005
      CR4: 0000000000770ee0
      <4> [154.178682] PKRU: 55555554
      <4> [154.178687] Call Trace:
      <4> [154.178706]  intel_pxp_fini_hw+0x23/0x30 [i915]
      <4> [154.179284]  intel_pxp_suspend+0x1f/0x30 [i915]
      <4> [154.179807]  live_gt_resume+0x5b/0x90 [i915]
      
      Changes since V2 :
      	- Remove boolean in intel_pxp_runtime_preapre for
      	  non-pxp configs. Solves build error
      Changes since V2 :
      	- Open-code intel_pxp_runtime_suspend - Daniele
      	- Remove boolean in intel_pxp_runtime_preapre - Daniele
      Changes since V1 :
      	- split the HW access parts in gt_suspend_late - Daniele
      	- Remove default PXP configs
      Signed-off-by: default avatarTejas Upadhyay <tejaskumarx.surendrakumar.upadhyay@intel.com>
      Reviewed-by: default avatarDaniele Ceraolo Spurio <daniele.ceraolospurio@intel.com>
      Fixes: 0cfab4cb ("drm/i915/pxp: Enable PXP power management")
      Signed-off-by: default avatarDaniele Ceraolo Spurio <daniele.ceraolospurio@intel.com>
      Link: https://patchwork.freedesktop.org/patch/msgid/20211117060321.3729343-1-tejaskumarx.surendrakumar.upadhyay@intel.com
      d22d446f
    • Umesh Nerlige Ramappa's avatar
      drm/i915/pmu: Increase the live_engine_busy_stats sample period · 5979873e
      Umesh Nerlige Ramappa authored
      Irrespective of the backend for request submissions, busyness for an
      engine with an active context is calculated using:
      
      busyness = total + (current_time - context_switch_in_time)
      
      In execlists mode of operation, the context switch events are handled
      by the CPU. Context switch in/out time and current_time are captured
      in CPU time domain using ktime_get().
      
      In GuC mode of submission, context switch events are handled by GuC and
      the times in the above formula are captured in GT clock domain. This
      information is shared with the CPU through shared memory. This results
      in 2 caveats:
      
      1) The time taken between start of a batch and the time that CPU is able
      to see the context_switch_in_time in shared memory is dependent on GuC
      and memory bandwidth constraints.
      
      2) Determining current_time requires an MMIO read that can take anywhere
      between a few us to a couple ms. A reference CPU time is captured soon
      after reading the MMIO so that the caller can compare the cpu delta
      between 2 busyness samples. The issue here is that the CPU delta and the
      busyness delta can be skewed because of the time taken to read the
      register.
      
      These 2 factors affect the accuracy of the selftest -
      live_engine_busy_stats. For (1) the selftest waits until busyness stats
      are visible to the CPU. The effects of (2) are more prominent for the
      current busyness sample period of 100 us. Increase the busyness sample
      period from 100 us to 10 ms to overccome (2).
      
      v2: Fix checkpatch issues
      Signed-off-by: default avatarUmesh Nerlige Ramappa <umesh.nerlige.ramappa@intel.com>
      Reviewed-by: default avatarMatthew Brost <matthew.brost@intel.com>
      Signed-off-by: default avatarJohn Harrison <John.C.Harrison@Intel.com>
      Link: https://patchwork.freedesktop.org/patch/msgid/20211115221640.30793-1-umesh.nerlige.ramappa@intel.com
      5979873e
    • Matthew Auld's avatar
      drm/i915/ttm: fixup build failure · be373fad
      Matthew Auld authored
      drm-intel-gt-next fails to build with:
      
      drivers/gpu/drm/i915/gem/i915_gem_ttm.c: In function ‘vm_fault_ttm’:
      drivers/gpu/drm/i915/gem/i915_gem_ttm.c:862:23: error: too many arguments to function ‘ttm_bo_vm_fault_reserved’
        862 |                 ret = ttm_bo_vm_fault_reserved(vmf, vmf->vma->vm_page_prot,
            |                       ^~~~~~~~~~~~~~~~~~~~~~~
      Signed-off-by: default avatarMatthew Auld <matthew.auld@intel.com>
      Cc: Tvrtko Ursulin <tvrtko.ursulin@linux.intel.com>
      Signed-off-by: default avatarTvrtko Ursulin <tvrtko.ursulin@intel.com>
      Link: https://patchwork.freedesktop.org/patch/msgid/20211123125814.1703220-1-matthew.auld@intel.com
      be373fad
    • Randy Dunlap's avatar
      drm/i915/gem: placate scripts/kernel-doc · 0af4cbfa
      Randy Dunlap authored
      Correct kernel-doc warnings in i915_drm_object.c:
      
      i915_gem_object.c:103: warning: expecting prototype for i915_gem_object_fini(). Prototype was for __i915_gem_object_fini() instead
      i915_gem_object.c:110: warning: This comment starts with '/**', but isn't a kernel-doc comment. Refer Documentation/doc-guide/kernel-doc.rst
       * Mark up the object's coherency levels for a given cache_level
      i915_gem_object.c:110: warning: missing initial short description on line:
       * Mark up the object's coherency levels for a given cache_level
      i915_gem_object.c:457: warning: No description found for return value of 'i915_gem_object_read_from_page'
      Signed-off-by: default avatarRandy Dunlap <rdunlap@infradead.org>
      Reported-by: default avatarkernel test robot <lkp@intel.com>
      Cc: Thomas Hellström <thomas.hellstrom@linux.intel.com>
      Cc: Matthew Auld <matthew.auld@intel.com>
      Cc: Jani Nikula <jani.nikula@linux.intel.com>
      Cc: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>
      Cc: Rodrigo Vivi <rodrigo.vivi@intel.com>
      Cc: Tvrtko Ursulin <tvrtko.ursulin@linux.intel.com>
      Cc: intel-gfx@lists.freedesktop.org
      Reviewed-by: default avatarMatthew Auld <matthew.auld@intel.com>
      Signed-off-by: default avatarMatthew Auld <matthew.auld@intel.com>
      Link: https://patchwork.freedesktop.org/patch/msgid/20211123050928.20434-1-rdunlap@infradead.org
      0af4cbfa
  7. 22 Nov, 2021 4 commits
    • Dave Airlie's avatar
      Merge tag 'drm-misc-next-2021-11-18' of git://anongit.freedesktop.org/drm/drm-misc into drm-next · c18c8891
      Dave Airlie authored
      drm-misc-next for 5.17:
      
      UAPI Changes:
      
       * Remove restrictions on DMA_BUF_SET_NAME ioctl
       * connector: State of privacy screen
       * sysfs: Send hotplug uevent
      
      Cross-subsystem Changes:
      
       * clk/bmc-2835: Fixes
      
       * dma-buf: Add dma_resv selftest; Error-handling fixes; Add debugfs
         helpers; Remove dma_resv_get_excl_unlocked(); Documentation fixes
      
       * pwm: Introduce of_pwm_single_xlate()
      
      Core Changes:
      
       * Support for privacy screens
       * Make drm_irq.c legacy
       * Fix __stack_depot_* name conflict
       * Documentation fixes
       * Fixes and cleanups
      
       * dp-helper: Reuse 8b/10b link-training delay helpers
      
       * format-helper: Update interfaces
      
       * fb-helper: Allocate shadow buffer of correct size
      
       * gem: Link GEM SHMEM and CMA helpers into separate modules; Use
      	    dma_resv iterator; Import DMA_BUF namespace into GEM-helper modules
      
       * gem/shmem-helper: Interface cleanups
      
       * scheduler: Grab fence in drm_sched_job_add_implicit_dependencies();
         Lockdep fixes
      
       * kms-helpers: Link several files from core into the KMS-helper module
      
      Driver Changes:
      
       * Use dma_resv_iter in several places
       * Fixes and cleanups
      
       * amdgpu: Use drm_kms_helper_connector_hotplug_event(); Get all fences
         at once
      
       * bridge: Switch to managed MIPI DSI helpers in several places; Register
         and attach during probe in several places; Convert to YAML in several
         places
      
       * bridge/anx7625: Support MIPI DPI input; Support HDMI audio; Fixes
      
       * bridge/dw-hdmi: Allow interlace on bridge
      
       * bridge/ps8640: Enable PM; Support aux-bus
      
       * bridge/tc358768: Enabled reference clock; Support pulse mode;
         Modesetting fixes
      
       * bridge/ti-sn65dsi86: Use regmap_bulk_write(); Implement PWM
      
       * etnaviv: Get all fences at once
      
       * gma500: GEM object cleanups; Remove generic drivers in probe function
      
       * i915: Support VESA panel backlights
      
       * ingenic: Fixes and cleanups
      
       * kirin: Adjust probe order
      
       * kmb: Enable framebuffer console
      
       * lima: Kconfig fixes
      
       * meson: Refactoring to supperot DRM_BRIDGE_ATTACH_NO_ENCODER
      
       * msm: Fixes and cleanups
      
       * msm/dsi: Adjust probe order
      
       * omap: Fixes and cleanups
      
       * nouveau: CRC fixes; Validate LUTs in atomic check; Set HDMI AVI RGB
         quantization to FULL; Fixes and cleanups
      
       * panel: Support Innolux G070Y2-T02, Vivax TPC-9150, JDI R63452,
         Newhaven 1.8-128160EF, Wanchanglong W552964ABA, Novatek NT35950,
         BOE BF060Y8M, Sony Tulip Truly NT35521; Use dev_err_probe() throughout
         drivers; Fixes and cleanups
      
       * panel/ili9881c: Orientation fixes
      
       * radeon: Use dma_resv_wait_timeout()
      
       * rockchip: Add timeout for DSP hold; Suspend/resume fixes; PLL clock
         fixes; Implement mmap in GEM object functions
      
       * simpledrm: Support FB_DAMAGE_CLIPS and virtual screen sizes
      
       * sun4i: Use CMA helpers without vmap support
      
       * tidss: Fixes and cleanups
      
       * v3d: Cleanups
      
       * vc4: Fix HDMI-CEC hang when display is off; Power on HDMI controller
         while disabling; Support 4k@60 Hz modes; Fixes and cleanups
      
       * video: Convert to sysfs_emit() in several places
      
       * video/omapfb: Fix fall-through
      
       * virtio: Overflow fixes
      
       * xen: Implement mmap as GEM object functions
      Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
      
      From: Thomas Zimmermann <tzimmermann@suse.de>
      Link: https://patchwork.freedesktop.org/patch/msgid/YZYZSypIrr+qcih3@linux-uq9g.fritz.box
      c18c8891
    • Dan Carpenter's avatar
      drm/i915/ttm: Fix error code in i915_ttm_eviction_valuable() · 6164807d
      Dan Carpenter authored
      This function returns a bool type so returning -EBUSY is equivalent to
      returning true.  It should return false instead.
      
      Fixes: 7ae03459 ("drm/i915/ttm: add tt shmem backend")
      Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Reviewed-by: default avatarMatthew Auld <matthew.auld@intel.com>
      Signed-off-by: default avatarMatthew Auld <matthew.auld@intel.com>
      Link: https://patchwork.freedesktop.org/patch/msgid/20211122061438.GA2492@kili
      6164807d
    • Tvrtko Ursulin's avatar
      Merge drm/drm-next into drm-intel-gt-next · 8626afb1
      Tvrtko Ursulin authored
      Thomas needs the dma_resv_for_each_fence API for i915/ttm async migration
      work.
      Signed-off-by: default avatarTvrtko Ursulin <tvrtko.ursulin@intel.com>
      8626afb1
    • Umesh Nerlige Ramappa's avatar
      drm/i915/pmu: Avoid with_intel_runtime_pm within spinlock · 865fbc0f
      Umesh Nerlige Ramappa authored
      When guc timestamp ping worker runs it takes the spinlock and calls
      with_intel_runtime_pm.  Since with_intel_runtime_pm may sleep, move the
      spinlock inside __update_guc_busyness_stats.
      Signed-off-by: default avatarUmesh Nerlige Ramappa <umesh.nerlige.ramappa@intel.com>
      Reviewed-by: default avatarTvrtko Ursulin <tvrtko.ursulin@intel.com>
      Signed-off-by: default avatarTvrtko Ursulin <tvrtko.ursulin@intel.com>
      Link: https://patchwork.freedesktop.org/patch/msgid/20211120014201.26480-1-umesh.nerlige.ramappa@intel.com
      865fbc0f
  8. 21 Nov, 2021 5 commits
    • Linus Torvalds's avatar
      Linux 5.16-rc2 · 13605725
      Linus Torvalds authored
      13605725
    • Linus Torvalds's avatar
      Merge tag 'x86-urgent-2021-11-21' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 40c93d7f
      Linus Torvalds authored
      Pull x86 fixes from Thomas Gleixner:
      
       - Move the command line preparation and the early command line parsing
         earlier so that the command line parameters which affect
         early_reserve_memory(), e.g. efi=nosftreserve, are taken into
         account. This was broken when the invocation of
         early_reserve_memory() was moved recently.
      
       - Use an atomic type for the SGX page accounting, which is read and
         written locklessly, to plug various race conditions related to it.
      
      * tag 'x86-urgent-2021-11-21' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/sgx: Fix free page accounting
        x86/boot: Pull up cmdline preparation and early param parsing
      40c93d7f
    • Linus Torvalds's avatar
      Merge tag 'perf-urgent-2021-11-21' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · af16bdea
      Linus Torvalds authored
      Pull x86 perf fixes from Thomas Gleixner:
      
       - Remove unneded PEBS disabling when taking LBR snapshots to prevent an
         unchecked MSR access error.
      
       - Fix IIO event constraints for Snowridge and Skylake server chips.
      
      * tag 'perf-urgent-2021-11-21' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/perf: Fix snapshot_branch_stack warning in VM
        perf/x86/intel/uncore: Fix IIO event constraints for Snowridge
        perf/x86/intel/uncore: Fix IIO event constraints for Skylake Server
        perf/x86/intel/uncore: Fix filter_tid mask for CHA events on Skylake Server
      af16bdea
    • Linus Torvalds's avatar
      Merge tag 'powerpc-5.16-2' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux · 75603b14
      Linus Torvalds authored
      Pull more powerpc fixes from Michael Ellerman:
      
       - Fix a bug in copying of sigset_t for 32-bit systems, which caused X
         to not start.
      
       - Fix handling of shared LSIs (rare) with the xive interrupt controller
         (Power9/10).
      
       - Fix missing TOC setup in some KVM code, which could result in oopses
         depending on kernel data layout.
      
       - Fix DMA mapping when we have persistent memory and only one DMA
         window available.
      
       - Fix further problems with STRICT_KERNEL_RWX on 8xx, exposed by a
         recent fix.
      
       - A couple of other minor fixes.
      
      Thanks to Alexey Kardashevskiy, Aneesh Kumar K.V, Cédric Le Goater,
      Christian Zigotzky, Christophe Leroy, Daniel Axtens, Finn Thain, Greg
      Kurz, Masahiro Yamada, Nicholas Piggin, and Uwe Kleine-König.
      
      * tag 'powerpc-5.16-2' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
        powerpc/xive: Change IRQ domain to a tree domain
        powerpc/8xx: Fix pinned TLBs with CONFIG_STRICT_KERNEL_RWX
        powerpc/signal32: Fix sigset_t copy
        powerpc/book3e: Fix TLBCAM preset at boot
        powerpc/pseries/ddw: Do not try direct mapping with persistent memory and one window
        powerpc/pseries/ddw: simplify enable_ddw()
        powerpc/pseries/ddw: Revert "Extend upper limit for huge DMA window for persistent memory"
        powerpc/pseries: Fix numa FORM2 parsing fallback code
        powerpc/pseries: rename numa_dist_table to form2_distances
        powerpc: clean vdso32 and vdso64 directories
        powerpc/83xx/mpc8349emitx: Drop unused variable
        KVM: PPC: Book3S HV: Use GLOBAL_TOC for kvmppc_h_set_dabr/xdabr()
      75603b14
    • Geert Uytterhoeven's avatar
      pstore/blk: Use "%lu" to format unsigned long · 61eb495c
      Geert Uytterhoeven authored
      On 32-bit:
      
          fs/pstore/blk.c: In function ‘__best_effort_init’:
          include/linux/kern_levels.h:5:18: warning: format ‘%zu’ expects argument of type ‘size_t’, but argument 3 has type ‘long unsigned int’ [-Wformat=]
      	5 | #define KERN_SOH "\001"  /* ASCII Start Of Header */
      	  |                  ^~~~~~
          include/linux/kern_levels.h:14:19: note: in expansion of macro ‘KERN_SOH’
             14 | #define KERN_INFO KERN_SOH "6" /* informational */
      	  |                   ^~~~~~~~
          include/linux/printk.h:373:9: note: in expansion of macro ‘KERN_INFO’
            373 |  printk(KERN_INFO pr_fmt(fmt), ##__VA_ARGS__)
      	  |         ^~~~~~~~~
          fs/pstore/blk.c:314:3: note: in expansion of macro ‘pr_info’
            314 |   pr_info("attached %s (%zu) (no dedicated panic_write!)\n",
      	  |   ^~~~~~~
      
      Cc: stable@vger.kernel.org
      Fixes: 7bb9557b ("pstore/blk: Use the normal block device I/O path")
      Signed-off-by: default avatarGeert Uytterhoeven <geert@linux-m68k.org>
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      Link: https://lore.kernel.org/r/20210629103700.1935012-1-geert@linux-m68k.org
      Cc: Jens Axboe <axboe@kernel.dk>
      Reviewed-by: default avatarChristoph Hellwig <hch@lst.de>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      61eb495c
  9. 20 Nov, 2021 11 commits
    • Linus Torvalds's avatar
      Merge branch 'akpm' (patches from Andrew) · 923dcc5e
      Linus Torvalds authored
      Merge misc fixes from Andrew Morton:
       "15 patches.
      
        Subsystems affected by this patch series: ipc, hexagon, mm (swap,
        slab-generic, kmemleak, hugetlb, kasan, damon, and highmem), and proc"
      
      * emailed patches from Andrew Morton <akpm@linux-foundation.org>:
        proc/vmcore: fix clearing user buffer by properly using clear_user()
        kmap_local: don't assume kmap PTEs are linear arrays in memory
        mm/damon/dbgfs: fix missed use of damon_dbgfs_lock
        mm/damon/dbgfs: use '__GFP_NOWARN' for user-specified size buffer allocation
        kasan: test: silence intentional read overflow warnings
        hugetlb, userfaultfd: fix reservation restore on userfaultfd error
        hugetlb: fix hugetlb cgroup refcounting during mremap
        mm: kmemleak: slob: respect SLAB_NOLEAKTRACE flag
        hexagon: ignore vmlinux.lds
        hexagon: clean up timer-regs.h
        hexagon: export raw I/O routines for modules
        mm: emit the "free" trace report before freeing memory in kmem_cache_free()
        shm: extend forced shm destroy to support objects from several IPC nses
        ipc: WARN if trying to remove ipc object which is absent
        mm/swap.c:put_pages_list(): reinitialise the page list
      923dcc5e
    • Linus Torvalds's avatar
      Merge tag 'block-5.16-2021-11-19' of git://git.kernel.dk/linux-block · 61564e7b
      Linus Torvalds authored
      Pull block fixes from Jens Axboe:
      
       - Flip a cap check to avoid a selinux error (Alistair)
      
       - Fix for a regression this merge window where we can miss a queue ref
         put (me)
      
       - Un-mark pstore-blk as broken, as the condition that triggered that
         change has been rectified (Kees)
      
       - Queue quiesce and sync fixes (Ming)
      
       - FUA insertion fix (Ming)
      
       - blk-cgroup error path put fix (Yu)
      
      * tag 'block-5.16-2021-11-19' of git://git.kernel.dk/linux-block:
        blk-mq: don't insert FUA request with data into scheduler queue
        blk-cgroup: fix missing put device in error path from blkg_conf_pref()
        block: avoid to quiesce queue in elevator_init_mq
        Revert "mark pstore-blk as broken"
        blk-mq: cancel blk-mq dispatch work in both blk_cleanup_queue and disk_release()
        block: fix missing queue put in error path
        block: Check ADMIN before NICE for IOPRIO_CLASS_RT
      61564e7b
    • Linus Torvalds's avatar
      Merge tag 'pinctrl-v5.16-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl · b100274c
      Linus Torvalds authored
      Pull pin control fixes from Linus Walleij:
       "There is an ACPI stubs fix which is ACKed by the ACPI maintainer for
        merging through my tree.
      
        One item stand out and that is that I delete the <linux/sdb.h> header
        that is used by nothing. I deleted this subsystem (through the GPIO
        tree) a while back so I feel responsible for tidying up the floor.
      
        Other than that it is the usual mistakes, a bit noisy around build
        issue and Kconfig then driver fixes.
      
        Specifics:
      
         - Fix some stubs causing compile issues for ACPI.
      
         - Fix some wakeups on AMD IRQs shared between GPIO and SCI.
      
         - Fix a build warning in the Tegra driver.
      
         - Fix a Kconfig issue in the Qualcomm driver.
      
         - Add a missing include the RALink driver.
      
         - Return a valid type for the Apple pinctrl IRQs.
      
         - Implement some Qualcomm SDM845 dual-edge errata.
      
         - Remove the unused <linux/sdb.h> header. (The subsystem was once
           deleted by the pinctrl maintainer...)
      
         - Fix a duplicate initialized in the Tegra driver.
      
         - Fix register offsets for UFS and SDC in the Qualcomm SM8350 driver"
      
      * tag 'pinctrl-v5.16-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl:
        pinctrl: qcom: sm8350: Correct UFS and SDC offsets
        pinctrl: tegra194: remove duplicate initializer again
        Remove unused header <linux/sdb.h>
        pinctrl: qcom: sdm845: Enable dual edge errata
        pinctrl: apple: Always return valid type in apple_gpio_irq_type
        pinctrl: ralink: include 'ralink_regs.h' in 'pinctrl-mt7620.c'
        pinctrl: qcom: fix unmet dependencies on GPIOLIB for GPIOLIB_IRQCHIP
        pinctrl: tegra: Return const pointer from tegra_pinctrl_get_group()
        pinctrl: amd: Fix wakeups when IRQ is shared with SCI
        ACPI: Add stubs for wakeup handler functions
      b100274c
    • Linus Torvalds's avatar
      Merge tag 's390-5.16-3' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux · 6b38e2fb
      Linus Torvalds authored
      Pull s390 updates from Heiko Carstens:
      
       - Add missing Kconfig option for ftrace direct multi sample, so it can
         be compiled again, and also add s390 support for this sample.
      
       - Update Christian Borntraeger's email address.
      
       - Various fixes for memory layout setup. Besides other this makes it
         possible to load shared DCSS segments again.
      
       - Fix copy to user space of swapped kdump oldmem.
      
       - Remove -mstack-guard and -mstack-size compile options when building
         vdso binaries. This can happen when CONFIG_VMAP_STACK is disabled and
         results in broken vdso code which causes more or less random
         exceptions. Also remove the not needed -nostdlib option.
      
       - Fix memory leak on cpu hotplug and return code handling in kexec
         code.
      
       - Wire up futex_waitv system call.
      
       - Replace snprintf with sysfs_emit where appropriate.
      
      * tag 's390-5.16-3' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
        ftrace/samples: add s390 support for ftrace direct multi sample
        ftrace/samples: add missing Kconfig option for ftrace direct multi sample
        MAINTAINERS: update email address of Christian Borntraeger
        s390/kexec: fix memory leak of ipl report buffer
        s390/kexec: fix return code handling
        s390/dump: fix copying to user-space of swapped kdump oldmem
        s390: wire up sys_futex_waitv system call
        s390/vdso: filter out -mstack-guard and -mstack-size
        s390/vdso: remove -nostdlib compiler flag
        s390: replace snprintf in show functions with sysfs_emit
        s390/boot: simplify and fix kernel memory layout setup
        s390/setup: re-arrange memblock setup
        s390/setup: avoid using memblock_enforce_memory_limit
        s390/setup: avoid reserving memory above identity mapping
      6b38e2fb
    • Linus Torvalds's avatar
      Merge tag '5.16-rc1-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6 · b38bfc74
      Linus Torvalds authored
      Pull cifs fixes from Steve French:
       "Three small cifs/smb3 fixes: two to address minor coverity issues and
        one cleanup"
      
      * tag '5.16-rc1-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6:
        cifs: introduce cifs_ses_mark_for_reconnect() helper
        cifs: protect srv_count with cifs_tcp_ses_lock
        cifs: move debug print out of spinlock
      b38bfc74
    • David Hildenbrand's avatar
      proc/vmcore: fix clearing user buffer by properly using clear_user() · c1e63117
      David Hildenbrand authored
      To clear a user buffer we cannot simply use memset, we have to use
      clear_user().  With a virtio-mem device that registers a vmcore_cb and
      has some logically unplugged memory inside an added Linux memory block,
      I can easily trigger a BUG by copying the vmcore via "cp":
      
        systemd[1]: Starting Kdump Vmcore Save Service...
        kdump[420]: Kdump is using the default log level(3).
        kdump[453]: saving to /sysroot/var/crash/127.0.0.1-2021-11-11-14:59:22/
        kdump[458]: saving vmcore-dmesg.txt to /sysroot/var/crash/127.0.0.1-2021-11-11-14:59:22/
        kdump[465]: saving vmcore-dmesg.txt complete
        kdump[467]: saving vmcore
        BUG: unable to handle page fault for address: 00007f2374e01000
        #PF: supervisor write access in kernel mode
        #PF: error_code(0x0003) - permissions violation
        PGD 7a523067 P4D 7a523067 PUD 7a528067 PMD 7a525067 PTE 800000007048f867
        Oops: 0003 [#1] PREEMPT SMP NOPTI
        CPU: 0 PID: 468 Comm: cp Not tainted 5.15.0+ #6
        Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.14.0-27-g64f37cc530f1-prebuilt.qemu.org 04/01/2014
        RIP: 0010:read_from_oldmem.part.0.cold+0x1d/0x86
        Code: ff ff ff e8 05 ff fe ff e9 b9 e9 7f ff 48 89 de 48 c7 c7 38 3b 60 82 e8 f1 fe fe ff 83 fd 08 72 3c 49 8d 7d 08 4c 89 e9 89 e8 <49> c7 45 00 00 00 00 00 49 c7 44 05 f8 00 00 00 00 48 83 e7 f81
        RSP: 0018:ffffc9000073be08 EFLAGS: 00010212
        RAX: 0000000000001000 RBX: 00000000002fd000 RCX: 00007f2374e01000
        RDX: 0000000000000001 RSI: 00000000ffffdfff RDI: 00007f2374e01008
        RBP: 0000000000001000 R08: 0000000000000000 R09: ffffc9000073bc50
        R10: ffffc9000073bc48 R11: ffffffff829461a8 R12: 000000000000f000
        R13: 00007f2374e01000 R14: 0000000000000000 R15: ffff88807bd421e8
        FS:  00007f2374e12140(0000) GS:ffff88807f000000(0000) knlGS:0000000000000000
        CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
        CR2: 00007f2374e01000 CR3: 000000007a4aa000 CR4: 0000000000350eb0
        Call Trace:
         read_vmcore+0x236/0x2c0
         proc_reg_read+0x55/0xa0
         vfs_read+0x95/0x190
         ksys_read+0x4f/0xc0
         do_syscall_64+0x3b/0x90
         entry_SYSCALL_64_after_hwframe+0x44/0xae
      
      Some x86-64 CPUs have a CPU feature called "Supervisor Mode Access
      Prevention (SMAP)", which is used to detect wrong access from the kernel
      to user buffers like this: SMAP triggers a permissions violation on
      wrong access.  In the x86-64 variant of clear_user(), SMAP is properly
      handled via clac()+stac().
      
      To fix, properly use clear_user() when we're dealing with a user buffer.
      
      Link: https://lkml.kernel.org/r/20211112092750.6921-1-david@redhat.com
      Fixes: 997c136f ("fs/proc/vmcore.c: add hook to read_from_oldmem() to check for non-ram pages")
      Signed-off-by: default avatarDavid Hildenbrand <david@redhat.com>
      Acked-by: default avatarBaoquan He <bhe@redhat.com>
      Cc: Dave Young <dyoung@redhat.com>
      Cc: Baoquan He <bhe@redhat.com>
      Cc: Vivek Goyal <vgoyal@redhat.com>
      Cc: Philipp Rudo <prudo@redhat.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      c1e63117
    • Ard Biesheuvel's avatar
      kmap_local: don't assume kmap PTEs are linear arrays in memory · 825c43f5
      Ard Biesheuvel authored
      The kmap_local conversion broke the ARM architecture, because the new
      code assumes that all PTEs used for creating kmaps form a linear array
      in memory, and uses array indexing to look up the kmap PTE belonging to
      a certain kmap index.
      
      On ARM, this cannot work, not only because the PTE pages may be
      non-adjacent in memory, but also because ARM/!LPAE interleaves hardware
      entries and extended entries (carrying software-only bits) in a way that
      is not compatible with array indexing.
      
      Fortunately, this only seems to affect configurations with more than 8
      CPUs, due to the way the per-CPU kmap slots are organized in memory.
      
      Work around this by permitting an architecture to set a Kconfig symbol
      that signifies that the kmap PTEs do not form a lineary array in memory,
      and so the only way to locate the appropriate one is to walk the page
      tables.
      
      Link: https://lore.kernel.org/linux-arm-kernel/20211026131249.3731275-1-ardb@kernel.org/
      Link: https://lkml.kernel.org/r/20211116094737.7391-1-ardb@kernel.org
      Fixes: 2a15ba82 ("ARM: highmem: Switch to generic kmap atomic")
      Signed-off-by: default avatarArd Biesheuvel <ardb@kernel.org>
      Reported-by: default avatarQuanyang Wang <quanyang.wang@windriver.com>
      Reviewed-by: default avatarLinus Walleij <linus.walleij@linaro.org>
      Acked-by: default avatarRussell King (Oracle) <rmk+kernel@armlinux.org.uk>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      825c43f5
    • SeongJae Park's avatar
      mm/damon/dbgfs: fix missed use of damon_dbgfs_lock · d78f3853
      SeongJae Park authored
      DAMON debugfs is supposed to protect dbgfs_ctxs, dbgfs_nr_ctxs, and
      dbgfs_dirs using damon_dbgfs_lock.  However, some of the code is
      accessing the variables without the protection.  This fixes it by
      protecting all such accesses.
      
      Link: https://lkml.kernel.org/r/20211110145758.16558-3-sj@kernel.org
      Fixes: 75c1c2b5 ("mm/damon/dbgfs: support multiple contexts")
      Signed-off-by: default avatarSeongJae Park <sj@kernel.org>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      d78f3853
    • SeongJae Park's avatar
      mm/damon/dbgfs: use '__GFP_NOWARN' for user-specified size buffer allocation · db7a347b
      SeongJae Park authored
      Patch series "DAMON fixes".
      
      This patch (of 2):
      
      DAMON users can trigger below warning in '__alloc_pages()' by invoking
      write() to some DAMON debugfs files with arbitrarily high count
      argument, because DAMON debugfs interface allocates some buffers based
      on the user-specified 'count'.
      
              if (unlikely(order >= MAX_ORDER)) {
                      WARN_ON_ONCE(!(gfp & __GFP_NOWARN));
                      return NULL;
              }
      
      Because the DAMON debugfs interface code checks failure of the
      'kmalloc()', this commit simply suppresses the warnings by adding
      '__GFP_NOWARN' flag.
      
      Link: https://lkml.kernel.org/r/20211110145758.16558-1-sj@kernel.org
      Link: https://lkml.kernel.org/r/20211110145758.16558-2-sj@kernel.org
      Fixes: 4bc05954 ("mm/damon: implement a debugfs-based user space interface")
      Signed-off-by: default avatarSeongJae Park <sj@kernel.org>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      db7a347b
    • Kees Cook's avatar
      kasan: test: silence intentional read overflow warnings · cab71f74
      Kees Cook authored
      As done in commit d73dad4e ("kasan: test: bypass __alloc_size
      checks") for __write_overflow warnings, also silence some more cases
      that trip the __read_overflow warnings seen in 5.16-rc1[1]:
      
        In file included from include/linux/string.h:253,
                         from include/linux/bitmap.h:10,
                         from include/linux/cpumask.h:12,
                         from include/linux/mm_types_task.h:14,
                         from include/linux/mm_types.h:5,
                         from include/linux/page-flags.h:13,
                         from arch/arm64/include/asm/mte.h:14,
                         from arch/arm64/include/asm/pgtable.h:12,
                         from include/linux/pgtable.h:6,
                         from include/linux/kasan.h:29,
                         from lib/test_kasan.c:10:
        In function 'memcmp',
            inlined from 'kasan_memcmp' at lib/test_kasan.c:897:2:
        include/linux/fortify-string.h:263:25: error: call to '__read_overflow' declared with attribute error: detected read beyond size of object (1st parameter)
          263 |                         __read_overflow();
              |                         ^~~~~~~~~~~~~~~~~
        In function 'memchr',
            inlined from 'kasan_memchr' at lib/test_kasan.c:872:2:
        include/linux/fortify-string.h:277:17: error: call to '__read_overflow' declared with attribute error: detected read beyond size of object (1st parameter)
          277 |                 __read_overflow();
              |                 ^~~~~~~~~~~~~~~~~
      
      [1] http://kisskb.ellerman.id.au/kisskb/buildresult/14660585/log/
      
      Link: https://lkml.kernel.org/r/20211116004111.3171781-1-keescook@chromium.org
      Fixes: d73dad4e ("kasan: test: bypass __alloc_size checks")
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      Reviewed-by: default avatarAndrey Konovalov <andreyknvl@gmail.com>
      Acked-by: default avatarMarco Elver <elver@google.com>
      Cc: Andrey Ryabinin <ryabinin.a.a@gmail.com>
      Cc: Alexander Potapenko <glider@google.com>
      Cc: Dmitry Vyukov <dvyukov@google.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      cab71f74
    • Mina Almasry's avatar
      hugetlb, userfaultfd: fix reservation restore on userfaultfd error · cc30042d
      Mina Almasry authored
      Currently in the is_continue case in hugetlb_mcopy_atomic_pte(), if we
      bail out using "goto out_release_unlock;" in the cases where idx >=
      size, or !huge_pte_none(), the code will detect that new_pagecache_page
      == false, and so call restore_reserve_on_error().  In this case I see
      restore_reserve_on_error() delete the reservation, and the following
      call to remove_inode_hugepages() will increment h->resv_hugepages
      causing a 100% reproducible leak.
      
      We should treat the is_continue case similar to adding a page into the
      pagecache and set new_pagecache_page to true, to indicate that there is
      no reservation to restore on the error path, and we need not call
      restore_reserve_on_error().  Rename new_pagecache_page to
      page_in_pagecache to make that clear.
      
      Link: https://lkml.kernel.org/r/20211117193825.378528-1-almasrymina@google.com
      Fixes: c7b1850d ("hugetlb: don't pass page cache pages to restore_reserve_on_error")
      Signed-off-by: default avatarMina Almasry <almasrymina@google.com>
      Reported-by: default avatarJames Houghton <jthoughton@google.com>
      Reviewed-by: default avatarMike Kravetz <mike.kravetz@oracle.com>
      Cc: Wei Xu <weixugc@google.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      cc30042d