- 20 Jan, 2023 6 commits
-
-
Hanjun Guo authored
struct acpi_pld_info *pld should be freed before the return of allocation failure, to prevent memory leak, add the ACPI_FREE() to fix it. Fixes: bc443c31 ("driver core: location: Check for allocations failure") Signed-off-by:
Hanjun Guo <guohanjun@huawei.com> Link: https://lore.kernel.org/r/1669102648-11517-1-git-send-email-guohanjun@huawei.comSigned-off-by:
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
Zhengchao Shao authored
When calling kobject_add() failed in device_add(), it will call cleanup_glue_dir() to free resource. But in kobject_add(), dev->kobj.parent has been set to NULL. This will cause resource leak. The process is as follows: device_add() get_device_parent() class_dir_create_and_add() kobject_add() //kobject_get() ... dev->kobj.parent = kobj; ... kobject_add() //failed, but set dev->kobj.parent = NULL ... glue_dir = get_glue_dir(dev) //glue_dir = NULL, and goto //"Error" label ... cleanup_glue_dir() //becaues glue_dir is NULL, not call //kobject_put() The preceding problem may cause insmod mac80211_hwsim.ko to failed. sysfs: cannot create duplicate filename '/devices/virtual/mac80211_hwsim' Call Trace: <TASK> dump_stack_lvl+0x8e/0xd1 sysfs_warn_dup.cold+0x1c/0x29 sysfs_create_dir_ns+0x224/0x280 kobject_add_internal+0x2aa/0x880 kobject_add+0x135/0x1a0 get_device_parent+0x3d7/0x590 device_add+0x2aa/0x1cb0 device_create_groups_vargs+0x1eb/0x260 device_create+0xdc/0x110 mac80211_hwsim_new_radio+0x31e/0x4790 [mac80211_hwsim] init_mac80211_hwsim+0x48d/0x1000 [mac80211_hwsim] do_one_initcall+0x10f/0x630 do_init_module+0x19f/0x5e0 load_module+0x64b7/0x6eb0 __do_sys_finit_module+0x140/0x200 do_syscall_64+0x35/0x80 entry_SYSCALL_64_after_hwframe+0x46/0xb0 </TASK> kobject_add_internal failed for mac80211_hwsim with -EEXIST, don't try to register things with the same name in the same directory. Fixes: cebf8fd1 ("driver core: fix race between creating/querying glue dir and its cleanup") Signed-off-by:
Zhengchao Shao <shaozhengchao@huawei.com> Link: https://lore.kernel.org/r/20221123012042.335252-1-shaozhengchao@huawei.comSigned-off-by:
-
Gavin Shan authored
According to 'admin-guide/mm/memory-hotplug.rst', the memory block ID, instead of the section index, is shown by '/sys/devices/system/memory/ memoryX/phys_index'. Fix the comments to match with 'admin-guide/mm/memory-hotplug.rst'. Besides, use the existing helper memory_block_id() to convert the section index to the memory block index. No functional change intended. Signed-off-by:
Gavin Shan <gshan@redhat.com> Link: https://lore.kernel.org/r/20230120055727.355483-2-gshan@redhat.comSigned-off-by:
-
Christophe JAILLET authored
strtobool() is the same as kstrtobool(). However, the latter is more used within the kernel. In order to remove strtobool() and slightly simplify kstrtox.h, switch to the other function name. While at it, include the corresponding header file (<linux/kstrtox.h>) Signed-off-by:
Christophe JAILLET <christophe.jaillet@wanadoo.fr> Acked-by:
Luis Chamberlain <mcgrof@kernel.org> Link: https://lore.kernel.org/r/34f04735d20e0138695dd4070651bd860a36b81c.1673688120.git.christophe.jaillet@wanadoo.frSigned-off-by:
-
Randy Dunlap authored
Add "struct" to the kernel-doc notation to prevent a warning: lib/test_firmware.c:98: warning: cannot understand function prototype: 'struct test_config ' Signed-off-by:
Randy Dunlap <rdunlap@infradead.org> Cc: Luis Chamberlain <mcgrof@kernel.org> Cc: Russ Weight <russell.h.weight@intel.com> Cc: Kees Cook <keescook@chromium.org> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Acked-by:
-
Greg Kroah-Hartman authored
Merge tag 'archtopo-cacheinfo-updates-6.3' of git://git.kernel.org/pub/scm/linux/kernel/git/sudeep.holla/linux into driver-core-next Sudeep writes: "cacheinfo and arch_topology updates for v6.3 The main change is to build the cache topology information for all the CPUs from the primary CPU. Currently the cacheinfo for secondary CPUs is created during the early boot on the respective CPU itself. Preemption and interrupts are disabled at this stage. On PREEMPT_RT kernels, allocating memory and even parsing the PPTT table for ACPI based systems triggers a: 'BUG: sleeping function called from invalid context' To prevent this bug, the cacheinfo is now allocated from the primary CPU when preemption and interrupts are enabled and before booting secondary CPUs. The cache levels/leaves are computed from DT/ACPI PPTT information only, without relying on any architecture specific mechanism if done so early. The other minor change included here is to handle shared caches at different levels when not all the CPUs on the system have the same cache hierarchy." * tag 'archtopo-cacheinfo-updates-6.3' of git://git.kernel.org/pub/scm/linux/kernel/git/sudeep.holla/linux: cacheinfo: Fix shared_cpu_map to handle shared caches at different levels arch_topology: Build cacheinfo from primary CPU ACPI: PPTT: Update acpi_find_last_cache_level() to acpi_get_cache_info() ACPI: PPTT: Remove acpi_find_cache_levels() cacheinfo: Check 'cache-unified' property to count cache leaves cacheinfo: Return error code in init_of_cache_level() cacheinfo: Use RISC-V's init_cache_level() as generic OF implementation
-
- 19 Jan, 2023 2 commits
-
-
Zhen Lei authored
It makes no sense to call kernfs_path_from_node_locked() with NULL buf, and no one is doing that right now. Suggested-by:
Tejun Heo <tj@kernel.org> Signed-off-by:
Zhen Lei <thunder.leizhen@huawei.com> Acked-by:
-
Andy Shevchenko authored
Make fwnode_graph_for_each_endpoint() consistent with the rest of for_each_*() definitions in the file, i.e. use the form of for (iter = func(NULL); iter; \ iter = func(iter)) as it's done in all the rest of the similar macro definitions. Signed-off-by:
Andy Shevchenko <andriy.shevchenko@linux.intel.com> Acked-by:
Rafael J. Wysocki <rafael.j.wysocki@intel.com> Acked-by:
Sakari Ailus <sakari.ailus@linux.intel.com> Acked-by:
Heikki Krogerus <heikki.krogerus@linux.intel.com> Link: https://lore.kernel.org/r/20230117152120.42531-1-andriy.shevchenko@linux.intel.comSigned-off-by:
-
- 18 Jan, 2023 7 commits
-
-
Yong-Xuan Wang authored
The cacheinfo sets up the shared_cpu_map by checking whether the caches with the same index are shared between CPUs. However, this will trigger slab-out-of-bounds access if the CPUs do not have the same cache hierarchy. Another problem is the mismatched shared_cpu_map when the shared cache does not have the same index between CPUs. CPU0 I D L3 index 0 1 2 x ^ ^ ^ ^ index 0 1 2 3 CPU1 I D L2 L3 This patch checks each cache is shared with all caches on other CPUs. Reviewed-by:
Pierre Gondois <pierre.gondois@arm.com> Signed-off-by:
Yong-Xuan Wang <yongxuan.wang@sifive.com> Link: https://lore.kernel.org/r/20230117105133.4445-2-yongxuan.wang@sifive.comSigned-off-by:
Sudeep Holla <sudeep.holla@arm.com>
-
Pierre Gondois authored
commit 3fcbf1c7 ("arch_topology: Fix cache attributes detection in the CPU hotplug path") adds a call to detect_cache_attributes() to populate the cacheinfo before updating the siblings mask. detect_cache_attributes() allocates memory and can take the PPTT mutex (on ACPI platforms). On PREEMPT_RT kernels, on secondary CPUs, this triggers a: 'BUG: sleeping function called from invalid context' [1] as the code is executed with preemption and interrupts disabled. The primary CPU was previously storing the cache information using the now removed (struct cpu_topology).llc_id: commit 5b8dc787 ("arch_topology: Drop LLC identifier stash from the CPU topology") allocate_cache_info() tries to build the cacheinfo from the primary CPU prior secondary CPUs boot, if the DT/ACPI description contains cache information. If allocate_cache_info() fails, then fallback to the current state for the cacheinfo allocation. [1] will be triggered in such case. When unplugging a CPU, the cacheinfo memory cannot be freed. If it was, then the memory would be allocated early by the re-plugged CPU and would trigger [1]. Note that populate_cache_leaves() might be called multiple times due to populate_leaves being moved up. This is required since detect_cache_attributes() might be called with per_cpu_cacheinfo(cpu) being allocated but not populated. [1]: | BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:46 | in_atomic(): 1, irqs_disabled(): 128, non_block: 0, pid: 0, name: swapper/111 | preempt_count: 1, expected: 0 | RCU nest depth: 1, expected: 1 | 3 locks held by swapper/111/0: | #0: (&pcp->lock){+.+.}-{3:3}, at: get_page_from_freelist+0x218/0x12c8 | #1: (rcu_read_lock){....}-{1:3}, at: rt_spin_trylock+0x48/0xf0 | #2: (&zone->lock){+.+.}-{3:3}, at: rmqueue_bulk+0x64/0xa80 | irq event stamp: 0 | hardirqs last enabled at (0): 0x0 | hardirqs last disabled at (0): copy_process+0x5dc/0x1ab8 | softirqs last enabled at (0): copy_process+0x5dc/0x1ab8 | softirqs last disabled at (0): 0x0 | Preemption disabled at: | migrate_enable+0x30/0x130 | CPU: 111 PID: 0 Comm: swapper/111 Tainted: G W 6.0.0-rc4-rt6-[...] | Call trace: | __kmalloc+0xbc/0x1e8 | detect_cache_attributes+0x2d4/0x5f0 | update_siblings_masks+0x30/0x368 | store_cpu_topology+0x78/0xb8 | secondary_start_kernel+0xd0/0x198 | __secondary_switched+0xb0/0xb4 Signed-off-by:
Palmer Dabbelt <palmer@rivosinc.com> Link: https://lore.kernel.org/r/20230104183033.755668-7-pierre.gondois@arm.comSigned-off-by:
-
Pierre Gondois authored
acpi_find_last_cache_level() allows to find the last level of cache for a given CPU. The function is only called on arm64 ACPI based platforms to check for cache information that would be missing in the CLIDR_EL1 register. To allow populating (struct cpu_cacheinfo).num_leaves by only parsing a PPTT, update acpi_find_last_cache_level() to get the 'split_levels', i.e. the number of cache levels being split in data/instruction caches. It is assumed that there will not be data/instruction caches above a unified cache. If a split level consist of one data cache and no instruction cache (or opposite), then the missing cache will still be populated by default with minimal cache information, and maximal cpumask (all non-existing caches have the same fw_token). Suggested-by:
Jeremy Linton <jeremy.linton@arm.com> Signed-off-by:
-
Pierre Gondois authored
acpi_find_cache_levels() is used at a single place and is short enough to be merged into the calling function. The removal allows an easier renaming of the calling function in the next patch. Also reorder the local variables in the 'reversed Christmas tree' order. Signed-off-by:
-
Pierre Gondois authored
The DeviceTree Specification v0.3 specifies that the cache node '[d-|i-|]cache-size' property is required. The 'cache-unified' property is specifies whether the cache level is separate or unified. If the cache-size property is missing, no cache leaves is accounted. This can lead to a 'BUG: KASAN: slab-out-of-bounds' [1] bug. Check 'cache-unified' property and always account for at least one cache leaf when parsing the device tree. [1] https://lore.kernel.org/all/0f19cb3f-d6cf-4032-66d2-dedc9d09a0e3@linaro.org/Reported-by:
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org> Signed-off-by:
-
Greg Kroah-Hartman authored
The logic to touch the bus notifier was open-coded in numberous places in the driver core. Clean that up by creating a local bus_notify() function and have everyone call this function instead, making the reading of the caller code simpler and easier to maintain over time. Reviewed-by:
Rafael J. Wysocki <rafael@kernel.org> Link: https://lore.kernel.org/r/20230111092331.3946745-2-gregkh@linuxfoundation.orgSigned-off-by:
-
Greg Kroah-Hartman authored
The bus notifier values are not documented all that well, so clean this up and make a real enumerated type for them and document them much better. When doing this, remove the hex values and just rely on the enumerated type instead as that is all that is needed. Reviewed-by:
-
- 17 Jan, 2023 11 commits
-
-
Pierre Gondois authored
Make init_of_cache_level() return an error code when the cache information parsing fails to help detecting missing information. init_of_cache_level() is only called for riscv. Returning an error code instead of 0 will prevent detect_cache_attributes() to allocate memory if an incomplete DT is parsed. Signed-off-by:
-
Pierre Gondois authored
RISC-V's implementation of init_of_cache_level() is following the Devicetree Specification v0.3 regarding caches, cf.: - s3.7.3 'Internal (L1) Cache Properties' - s3.8 'Multi-level and Shared Cache Nodes' Allow reusing the implementation by moving it. Also make 'levels', 'leaves' and 'level' unsigned int. Signed-off-by:
Conor Dooley <conor.dooley@microchip.com> Acked-by:
-
Soha Jin authored
When CONFIG_OF_IRQ is not enabled, there will be a stub method that always returns 0 when getting IRQ. Thus, the if-branch can be removed safely. Signed-off-by:
Soha Jin <soha@lohu.info> Link: https://lore.kernel.org/r/20221111094542.270540-1-soha@lohu.infoSigned-off-by:
-
Uwe Kleine-König authored
A remove callback just returning 0 is equivalent to no remove callback at all. So drop the useless function. Signed-off-by:
Uwe Kleine-König <u.kleine-koenig@pengutronix.de> Reviewed-by:
Ilpo Järvinen <ilpo.jarvinen@linux.intel.com> Link: https://lore.kernel.org/r/20221212212037.3773636-1-u.kleine-koenig@pengutronix.deSigned-off-by:
-
Uwe Kleine-König authored
A remove callback just returning 0 is equivalent to no remove callback at all. So drop the useless function. Signed-off-by:
Alex Elder <elder@linaro.org> Reviewed-by:
Johan Hovold <johan@kernel.org> Link: https://lore.kernel.org/r/20221212221315.3778788-1-u.kleine-koenig@pengutronix.deSigned-off-by:
-
Umang Jain authored
platform_add_devices() returns 0 on success and negative errno on failure. Document it. Signed-off-by:
Umang Jain <umang.jain@ideasonboard.com> Link: https://lore.kernel.org/r/20221220085116.19837-1-umang.jain@ideasonboard.comSigned-off-by:
-
Andy Shevchenko authored
There are no more users of software_node_register_nodes() and software_node_unregister_nodes(). Remove them. Signed-off-by:
Daniel Scally <dan.scally@ideasonboard.com> Acked-by:
-
Andy Shevchenko authored
Switch property entry test to use software_node_register_node_group() API. The current one is going to be removed soon. Signed-off-by:
-
Andy Shevchenko authored
The currently used software_node_register_nodes() is going to be removed. Prepare driver by switching to a new API. Signed-off-by:
-
Andy Shevchenko authored
Use acpi_fwnode_handle() instead of dereferencing an fwnode handle directly, which is a better coding practice. Signed-off-by:
-
Uwe Kleine-König authored
struct platform_driver::remove returning an integer made driver authors expect that returning an error code was proper error handling. However the driver core ignores the error and continues to remove the device because there is nothing the core could do anyhow and reentering the remove callback again is only calling for trouble. So this is an source for errors typically yielding resource leaks in the error path. As there are too many platform drivers to neatly convert them all to return void in a single go, do it in several steps after this patch: a) Convert all drivers to implement .remove_new() returning void instead of .remove() returning int; b) Change struct platform_driver::remove() to return void and so make it identical to .remove_new(); c) Change all drivers back to .remove() now with the better prototype; d) drop struct platform_driver::remove_new(). While this touches all drivers eventually twice, steps a) and c) can be done one driver after another and so reduces coordination efforts immensely and simplifies review. Signed-off-by:
-
- 11 Jan, 2023 4 commits
-
-
Greg Kroah-Hartman authored
The macro to_subsys_private() needs to switch to using container_of_const() as it turned out to being incorrectly casting a const pointer to a non-const one. Make this change and fix up the one offending user to be correctly handling a const pointer properly. Cc: "Rafael J. Wysocki" <rafael@kernel.org> Reviewed-by:
-
Wang Hai authored
In kobject_get_path(), if kobj->name is changed between calls get_kobj_path_length() and fill_kobj_path() and the length becomes longer, then fill_kobj_path() will have an out-of-bounds bug. The actual current problem occurs when the ixgbe probe. In ixgbe_mii_bus_init(), if the length of netdev->dev.kobj.name length becomes longer, out-of-bounds will occur. cpu0 cpu1 ixgbe_probe register_netdev(netdev) netdev_register_kobject device_add kobject_uevent // Sending ADD events systemd-udevd // rename netdev dev_change_name device_rename kobject_rename ixgbe_mii_bus_init | mdiobus_register | __mdiobus_register | device_register | device_add | kobject_uevent | kobject_get_path | len = get_kobj_path_length // old name | path = kzalloc(len, gfp_mask); | kobj->name = name; /* name length becomes * longer */ fill_kobj_path /* kobj path length is * longer than path, * resulting in out of * bounds when filling path */ This is the kasan report: ================================================================== BUG: KASAN: slab-out-of-bounds in fill_kobj_path+0x50/0xc0 Write of size 7 at addr ff1100090573d1fd by task kworker/28:1/673 Workqueue: events work_for_cpu_fn Call Trace: <TASK> dump_stack_lvl+0x34/0x48 print_address_description.constprop.0+0x86/0x1e7 print_report+0x36/0x4f kasan_report+0xad/0x130 kasan_check_range+0x35/0x1c0 memcpy+0x39/0x60 fill_kobj_path+0x50/0xc0 kobject_get_path+0x5a/0xc0 kobject_uevent_env+0x140/0x460 device_add+0x5c7/0x910 __mdiobus_register+0x14e/0x490 ixgbe_probe.cold+0x441/0x574 [ixgbe] local_pci_probe+0x78/0xc0 work_for_cpu_fn+0x26/0x40 process_one_work+0x3b6/0x6a0 worker_thread+0x368/0x520 kthread+0x165/0x1a0 ret_from_fork+0x1f/0x30 This reproducer triggers that bug: while: do rmmod ixgbe sleep 0.5 modprobe ixgbe sleep 0.5 When calling fill_kobj_path() to fill path, if the name length of kobj becomes longer, return failure and retry. This fixes the problem. Fixes: 1da177e4 ("Linux-2.6.12-rc2") Signed-off-by:Wang Hai <wanghai38@huawei.com> Link: https://lore.kernel.org/r/20221220012143.52141-1-wanghai38@huawei.comSigned-off-by:
-
Javier Martinez Canillas authored
It is not used outside of its compilation unit, so there's no need to export this variable. Signed-off-by:
Javier Martinez Canillas <javierm@redhat.com> Reviewed-by:
Andrew Halaney <ahalaney@redhat.com> Acked-by:
John Stultz <jstultz@google.com> Link: https://lore.kernel.org/r/20221227232152.3094584-1-javierm@redhat.comSigned-off-by:
-
Yang Yingliang authored
I got the following null-ptr-deref report while doing fault injection test: BUG: kernel NULL pointer dereference, address: 0000000000000058 CPU: 2 PID: 278 Comm: 37-i2c-ds2482 Tainted: G B W N 6.1.0-rc3+ RIP: 0010:klist_put+0x2d/0xd0 Call Trace: <TASK> klist_remove+0xf1/0x1c0 device_release_driver_internal+0x196/0x210 bus_remove_device+0x1bd/0x240 device_add+0xd3d/0x1100 w1_add_master_device+0x476/0x490 [wire] ds2482_probe+0x303/0x3e0 [ds2482] This is how it happened: w1_alloc_dev() // The dev->driver is set to w1_master_driver. memcpy(&dev->dev, device, sizeof(struct device)); device_add() bus_add_device() dpm_sysfs_add() // It fails, calls bus_remove_device. // error path bus_remove_device() // The dev->driver is not null, but driver is not bound. __device_release_driver() klist_remove(&dev->p->knode_driver) <-- It causes null-ptr-deref. // normal path bus_probe_device() // It's not called yet. device_bind_driver() If dev->driver is set, in the error path after calling bus_add_device() in device_add(), bus_remove_device() is called, then the device will be detached from driver. But device_bind_driver() is not called yet, so it causes null-ptr-deref while access the 'knode_driver'. To fix this, set dev->driver to null in the error path before calling bus_remove_device(). Fixes: 57eee3d2 ("Driver core: Call device_pm_add() after bus_add_device() in device_add()") Signed-off-by:Yang Yingliang <yangyingliang@huawei.com> Link: https://lore.kernel.org/r/20221205034904.2077765-1-yangyingliang@huawei.comSigned-off-by:
-
- 10 Jan, 2023 6 commits
-
-
Greg Kroah-Hartman authored
struct subsys_dev_iter is not used by any code outside of drivers/base/bus.c so move it into that file and out of the global bus.h file. Reviewed-by:
-
Greg Kroah-Hartman authored
The function subsys_dev_iter_exit() is not used outside of drivers/base/bus.c so make it static to that file and remove the global export. Reviewed-by:
-
Greg Kroah-Hartman authored
The function subsys_dev_iter_next() is only used in drivers/base/bus.c so make it static to that file and remove the global export. Reviewed-by:
-
Greg Kroah-Hartman authored
No one outside of drivers/base/bus.c calls this function so make it static and remove the exported symbol. Reviewed-by:
-
Greg Kroah-Hartman authored
This function has not been called by any code in the kernel tree in many many years so remove it as it is unused. Reviewed-by:
-
Greg Kroah-Hartman authored
No one calls this function outside of drivers/base/bus.c so make it static so it does not need to be exported anymore. Reviewed-by:
-
- 08 Jan, 2023 3 commits
-
-
Linus Torvalds authored
-
git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linuxLinus Torvalds authored
Pull powerpc fixes from Michael Ellerman: - Three fixes for various bogosity in our linker script, revealed by the recent commit which changed discard behaviour with some toolchains. * tag 'powerpc-6.2-2' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux: powerpc/vmlinux.lds: Don't discard .comment powerpc/vmlinux.lds: Don't discard .rela* for relocatable builds powerpc/vmlinux.lds: Define RUNTIME_DISCARD_EXIT
-
git://git.kernel.org/pub/scm/linux/kernel/git/rppt/memblockLinus Torvalds authored
Pull memblock fixes from Mike Rapoport: "Small fixes in kernel-doc and tests: - Fix kernel-doc for memblock_phys_free() to use correct names for the counterpart allocation methods - Fix compilation error in memblock tests" * tag 'fixes-2023-01-08' of git://git.kernel.org/pub/scm/linux/kernel/git/rppt/memblock: memblock: Fix doc for memblock_phys_free memblock tests: Fix compilation error.
-
- 07 Jan, 2023 1 commit
-
-
git://git.linux-nfs.org/projects/trondmy/linux-nfsLinus Torvalds authored
Pull NFS client fixes from Trond Myklebust: - Fix a race in the RPCSEC_GSS upcall code that causes hung RPC calls - Fix a broken coalescing test in the pNFS file layout driver - Ensure that the access cache rcu path also applies the login test - Fix up for a sparse warning * tag 'nfs-for-6.2-2' of git://git.linux-nfs.org/projects/trondmy/linux-nfs: NFS: Fix up a sparse warning NFS: Judge the file access cache's timestamp in rcu path pNFS/filelayout: Fix coalescing test for single DS SUNRPC: ensure the matching upcall is in-flight upon downcall
-
