1. 02 Apr, 2024 5 commits
  2. 26 Mar, 2024 1 commit
    • Saurav Kashyap's avatar
      scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload · c214ed2a
      Saurav Kashyap authored
      The session resources are used by FW and driver when session is offloaded,
      once session is uploaded these resources are not used. The lock is not
      required as these fields won't be used any longer. The offload and upload
      calls are sequential, hence lock is not required.
      
      This will suppress following BUG_ON():
      
      [  449.843143] ------------[ cut here ]------------
      [  449.848302] kernel BUG at mm/vmalloc.c:2727!
      [  449.853072] invalid opcode: 0000 [#1] PREEMPT SMP PTI
      [  449.858712] CPU: 5 PID: 1996 Comm: kworker/u24:2 Not tainted 5.14.0-118.el9.x86_64 #1
      Rebooting.
      [  449.867454] Hardware name: Dell Inc. PowerEdge R730/0WCJNT, BIOS 2.3.4 11/08/2016
      [  449.876966] Workqueue: fc_rport_eq fc_rport_work [libfc]
      [  449.882910] RIP: 0010:vunmap+0x2e/0x30
      [  449.887098] Code: 00 65 8b 05 14 a2 f0 4a a9 00 ff ff 00 75 1b 55 48 89 fd e8 34 36 79 00 48 85 ed 74 0b 48 89 ef 31 f6 5d e9 14 fc ff ff 5d c3 <0f> 0b 0f 1f 44 00 00 41 57 41 56 49 89 ce 41 55 49 89 fd 41 54 41
      [  449.908054] RSP: 0018:ffffb83d878b3d68 EFLAGS: 00010206
      [  449.913887] RAX: 0000000080000201 RBX: ffff8f4355133550 RCX: 000000000d400005
      [  449.921843] RDX: 0000000000000001 RSI: 0000000000001000 RDI: ffffb83da53f5000
      [  449.929808] RBP: ffff8f4ac6675800 R08: ffffb83d878b3d30 R09: 00000000000efbdf
      [  449.937774] R10: 0000000000000003 R11: ffff8f434573e000 R12: 0000000000001000
      [  449.945736] R13: 0000000000001000 R14: ffffb83da53f5000 R15: ffff8f43d4ea3ae0
      [  449.953701] FS:  0000000000000000(0000) GS:ffff8f529fc80000(0000) knlGS:0000000000000000
      [  449.962732] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      [  449.969138] CR2: 00007f8cf993e150 CR3: 0000000efbe10003 CR4: 00000000003706e0
      [  449.977102] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      [  449.985065] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
      [  449.993028] Call Trace:
      [  449.995756]  __iommu_dma_free+0x96/0x100
      [  450.000139]  bnx2fc_free_session_resc+0x67/0x240 [bnx2fc]
      [  450.006171]  bnx2fc_upload_session+0xce/0x100 [bnx2fc]
      [  450.011910]  bnx2fc_rport_event_handler+0x9f/0x240 [bnx2fc]
      [  450.018136]  fc_rport_work+0x103/0x5b0 [libfc]
      [  450.023103]  process_one_work+0x1e8/0x3c0
      [  450.027581]  worker_thread+0x50/0x3b0
      [  450.031669]  ? rescuer_thread+0x370/0x370
      [  450.036143]  kthread+0x149/0x170
      [  450.039744]  ? set_kthread_struct+0x40/0x40
      [  450.044411]  ret_from_fork+0x22/0x30
      [  450.048404] Modules linked in: vfat msdos fat xfs nfs_layout_nfsv41_files rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver dm_service_time qedf qed crc8 bnx2fc libfcoe libfc scsi_transport_fc intel_rapl_msr intel_rapl_common x86_pkg_temp_thermal intel_powerclamp dcdbas rapl intel_cstate intel_uncore mei_me pcspkr mei ipmi_ssif lpc_ich ipmi_si fuse zram ext4 mbcache jbd2 loop nfsv3 nfs_acl nfs lockd grace fscache netfs irdma ice sd_mod t10_pi sg ib_uverbs ib_core 8021q garp mrp stp llc mgag200 i2c_algo_bit drm_kms_helper syscopyarea sysfillrect sysimgblt mxm_wmi fb_sys_fops cec crct10dif_pclmul ahci crc32_pclmul bnx2x drm ghash_clmulni_intel libahci rfkill i40e libata megaraid_sas mdio wmi sunrpc lrw dm_crypt dm_round_robin dm_multipath dm_snapshot dm_bufio dm_mirror dm_region_hash dm_log dm_zero dm_mod linear raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx raid6_pq libcrc32c crc32c_intel raid1 raid0 iscsi_ibft squashfs be2iscsi bnx2i cnic uio cxgb4i cxgb4 tls
      [  450.048497]  libcxgbi libcxgb qla4xxx iscsi_boot_sysfs iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi edd ipmi_devintf ipmi_msghandler
      [  450.159753] ---[ end trace 712de2c57c64abc8 ]---
      Reported-by: default avatarGuangwu Zhang <guazhang@redhat.com>
      Signed-off-by: default avatarSaurav Kashyap <skashyap@marvell.com>
      Signed-off-by: default avatarNilesh Javali <njavali@marvell.com>
      Link: https://lore.kernel.org/r/20240315071427.31842-1-skashyap@marvell.comSigned-off-by: default avatarMartin K. Petersen <martin.petersen@oracle.com>
      c214ed2a
  3. 25 Mar, 2024 5 commits
    • Guilherme G. Piccoli's avatar
      scsi: core: Fix unremoved procfs host directory regression · f23a4d6e
      Guilherme G. Piccoli authored
      Commit fc663711 ("scsi: core: Remove the /proc/scsi/${proc_name}
      directory earlier") fixed a bug related to modules loading/unloading, by
      adding a call to scsi_proc_hostdir_rm() on scsi_remove_host(). But that led
      to a potential duplicate call to the hostdir_rm() routine, since it's also
      called from scsi_host_dev_release(). That triggered a regression report,
      which was then fixed by commit be03df3d ("scsi: core: Fix a procfs host
      directory removal regression"). The fix just dropped the hostdir_rm() call
      from dev_release().
      
      But it happens that this proc directory is created on scsi_host_alloc(),
      and that function "pairs" with scsi_host_dev_release(), while
      scsi_remove_host() pairs with scsi_add_host(). In other words, it seems the
      reason for removing the proc directory on dev_release() was meant to cover
      cases in which a SCSI host structure was allocated, but the call to
      scsi_add_host() didn't happen. And that pattern happens to exist in some
      error paths, for example.
      
      Syzkaller causes that by using USB raw gadget device, error'ing on
      usb-storage driver, at usb_stor_probe2(). By checking that path, we can see
      that the BadDevice label leads to a scsi_host_put() after a SCSI host
      allocation, but there's no call to scsi_add_host() in such path. That leads
      to messages like this in dmesg (and a leak of the SCSI host proc
      structure):
      
      usb-storage 4-1:87.51: USB Mass Storage device detected
      proc_dir_entry 'scsi/usb-storage' already registered
      WARNING: CPU: 1 PID: 3519 at fs/proc/generic.c:377 proc_register+0x347/0x4e0 fs/proc/generic.c:376
      
      The proper fix seems to still call scsi_proc_hostdir_rm() on dev_release(),
      but guard that with the state check for SHOST_CREATED; there is even a
      comment in scsi_host_dev_release() detailing that: such conditional is
      meant for cases where the SCSI host was allocated but there was no calls to
      {add,remove}_host(), like the usb-storage case.
      
      This is what we propose here and with that, the error path of usb-storage
      does not trigger the warning anymore.
      
      Reported-by: syzbot+c645abf505ed21f931b5@syzkaller.appspotmail.com
      Fixes: be03df3d ("scsi: core: Fix a procfs host directory removal regression")
      Cc: stable@vger.kernel.org
      Cc: Bart Van Assche <bvanassche@acm.org>
      Cc: John Garry <john.g.garry@oracle.com>
      Cc: Shin'ichiro Kawasaki <shinichiro.kawasaki@wdc.com>
      Signed-off-by: default avatarGuilherme G. Piccoli <gpiccoli@igalia.com>
      Link: https://lore.kernel.org/r/20240313113006.2834799-1-gpiccoli@igalia.comReviewed-by: default avatarBart Van Assche <bvanassche@acm.org>
      Signed-off-by: default avatarMartin K. Petersen <martin.petersen@oracle.com>
      f23a4d6e
    • Shin'ichiro Kawasaki's avatar
      scsi: mpi3mr: Avoid memcpy field-spanning write WARNING · 429846b4
      Shin'ichiro Kawasaki authored
      When the "storcli2 show" command is executed for eHBA-9600, mpi3mr driver
      prints this WARNING message:
      
        memcpy: detected field-spanning write (size 128) of single field "bsg_reply_buf->reply_buf" at drivers/scsi/mpi3mr/mpi3mr_app.c:1658 (size 1)
        WARNING: CPU: 0 PID: 12760 at drivers/scsi/mpi3mr/mpi3mr_app.c:1658 mpi3mr_bsg_request+0x6b12/0x7f10 [mpi3mr]
      
      The cause of the WARN is 128 bytes memcpy to the 1 byte size array "__u8
      replay_buf[1]" in the struct mpi3mr_bsg_in_reply_buf. The array is intended
      to be a flexible length array, so the WARN is a false positive.
      
      To suppress the WARN, remove the constant number '1' from the array
      declaration and clarify that it has flexible length. Also, adjust the
      memory allocation size to match the change.
      Suggested-by: default avatarSathya Prakash Veerichetty <sathya.prakash@broadcom.com>
      Signed-off-by: default avatarShin'ichiro Kawasaki <shinichiro.kawasaki@wdc.com>
      Link: https://lore.kernel.org/r/20240323084155.166835-1-shinichiro.kawasaki@wdc.comSigned-off-by: default avatarMartin K. Petersen <martin.petersen@oracle.com>
      429846b4
    • Damien Le Moal's avatar
      scsi: sd: Fix TCG OPAL unlock on system resume · 0c76106c
      Damien Le Moal authored
      Commit 3cc2ffe5 ("scsi: sd: Differentiate system and runtime start/stop
      management") introduced the manage_system_start_stop scsi_device flag to
      allow libata to indicate to the SCSI disk driver that nothing should be
      done when resuming a disk on system resume. This change turned the
      execution of sd_resume() into a no-op for ATA devices on system
      resume. While this solved deadlock issues during device resume, this change
      also wrongly removed the execution of opal_unlock_from_suspend().  As a
      result, devices with TCG OPAL locking enabled remain locked and
      inaccessible after a system resume from sleep.
      
      To fix this issue, introduce the SCSI driver resume method and implement it
      with the sd_resume() function calling opal_unlock_from_suspend(). The
      former sd_resume() function is renamed to sd_resume_common() and modified
      to call the new sd_resume() function. For non-ATA devices, this result in
      no functional changes.
      
      In order for libata to explicitly execute sd_resume() when a device is
      resumed during system restart, the function scsi_resume_device() is
      introduced. libata calls this function from the revalidation work executed
      on devie resume, a state that is indicated with the new device flag
      ATA_DFLAG_RESUMING. Doing so, locked TCG OPAL enabled devices are unlocked
      on resume, allowing normal operation.
      
      Fixes: 3cc2ffe5 ("scsi: sd: Differentiate system and runtime start/stop management")
      Link: https://bugzilla.kernel.org/show_bug.cgi?id=218538
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarDamien Le Moal <dlemoal@kernel.org>
      Link: https://lore.kernel.org/r/20240319071209.1179257-1-dlemoal@kernel.orgSigned-off-by: default avatarMartin K. Petersen <martin.petersen@oracle.com>
      0c76106c
    • Alexander Wetzel's avatar
      scsi: sg: Avoid sg device teardown race · 27f58c04
      Alexander Wetzel authored
      sg_remove_sfp_usercontext() must not use sg_device_destroy() after calling
      scsi_device_put().
      
      sg_device_destroy() is accessing the parent scsi_device request_queue which
      will already be set to NULL when the preceding call to scsi_device_put()
      removed the last reference to the parent scsi_device.
      
      The resulting NULL pointer exception will then crash the kernel.
      
      Link: https://lore.kernel.org/r/20240305150509.23896-1-Alexander@wetzel-home.de
      Fixes: db59133e ("scsi: sg: fix blktrace debugfs entries leakage")
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarAlexander Wetzel <Alexander@wetzel-home.de>
      Link: https://lore.kernel.org/r/20240320213032.18221-1-Alexander@wetzel-home.deReviewed-by: default avatarBart Van Assche <bvanassche@acm.org>
      Signed-off-by: default avatarMartin K. Petersen <martin.petersen@oracle.com>
      27f58c04
    • Martin K. Petersen's avatar
      Merge branch '6.9/scsi-queue' into 6.9/scsi-fixes · f02fe780
      Martin K. Petersen authored
      Pull in the outstanding updates from the 6.9/scsi-queue branch.
      Signed-off-by: default avatarMartin K. Petersen <martin.petersen@oracle.com>
      f02fe780
  4. 24 Mar, 2024 13 commits
    • Linus Torvalds's avatar
      Linux 6.9-rc1 · 4cece764
      Linus Torvalds authored
      4cece764
    • Linus Torvalds's avatar
      Merge tag 'efi-fixes-for-v6.9-2' of git://git.kernel.org/pub/scm/linux/kernel/git/efi/efi · ab8de2db
      Linus Torvalds authored
      Pull EFI fixes from Ard Biesheuvel:
      
       - Fix logic that is supposed to prevent placement of the kernel image
         below LOAD_PHYSICAL_ADDR
      
       - Use the firmware stack in the EFI stub when running in mixed mode
      
       - Clear BSS only once when using mixed mode
      
       - Check efi.get_variable() function pointer for NULL before trying to
         call it
      
      * tag 'efi-fixes-for-v6.9-2' of git://git.kernel.org/pub/scm/linux/kernel/git/efi/efi:
        efi: fix panic in kdump kernel
        x86/efistub: Don't clear BSS twice in mixed mode
        x86/efistub: Call mixed mode boot services on the firmware's stack
        efi/libstub: fix efi_random_alloc() to allocate memory at alloc_min or higher address
      ab8de2db
    • Linus Torvalds's avatar
      Merge tag 'x86-urgent-2024-03-24' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 5e74df2f
      Linus Torvalds authored
      Pull x86 fixes from Thomas Gleixner:
      
       - Ensure that the encryption mask at boot is properly propagated on
         5-level page tables, otherwise the PGD entry is incorrectly set to
         non-encrypted, which causes system crashes during boot.
      
       - Undo the deferred 5-level page table setup as it cannot work with
         memory encryption enabled.
      
       - Prevent inconsistent XFD state on CPU hotplug, where the MSR is reset
         to the default value but the cached variable is not, so subsequent
         comparisons might yield the wrong result and as a consequence the
         result prevents updating the MSR.
      
       - Register the local APIC address only once in the MPPARSE enumeration
         to prevent triggering the related WARN_ONs() in the APIC and topology
         code.
      
       - Handle the case where no APIC is found gracefully by registering a
         fake APIC in the topology code. That makes all related topology
         functions work correctly and does not affect the actual APIC driver
         code at all.
      
       - Don't evaluate logical IDs during early boot as the local APIC IDs
         are not yet enumerated and the invoked function returns an error
         code. Nothing requires the logical IDs before the final CPUID
         enumeration takes place, which happens after the enumeration.
      
       - Cure the fallout of the per CPU rework on UP which misplaced the
         copying of boot_cpu_data to per CPU data so that the final update to
         boot_cpu_data got lost which caused inconsistent state and boot
         crashes.
      
       - Use copy_from_kernel_nofault() in the kprobes setup as there is no
         guarantee that the address can be safely accessed.
      
       - Reorder struct members in struct saved_context to work around another
         kmemleak false positive
      
       - Remove the buggy code which tries to update the E820 kexec table for
         setup_data as that is never passed to the kexec kernel.
      
       - Update the resource control documentation to use the proper units.
      
       - Fix a Kconfig warning observed with tinyconfig
      
      * tag 'x86-urgent-2024-03-24' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/boot/64: Move 5-level paging global variable assignments back
        x86/boot/64: Apply encryption mask to 5-level pagetable update
        x86/cpu: Add model number for another Intel Arrow Lake mobile processor
        x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD
        Documentation/x86: Document that resctrl bandwidth control units are MiB
        x86/mpparse: Register APIC address only once
        x86/topology: Handle the !APIC case gracefully
        x86/topology: Don't evaluate logical IDs during early boot
        x86/cpu: Ensure that CPU info updates are propagated on UP
        kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address
        x86/pm: Work around false positive kmemleak report in msr_build_context()
        x86/kexec: Do not update E820 kexec table for setup_data
        x86/config: Fix warning for 'make ARCH=x86_64 tinyconfig'
      5e74df2f
    • Linus Torvalds's avatar
      Merge tag 'sched-urgent-2024-03-24' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · b136f68e
      Linus Torvalds authored
      Pull scheduler doc clarification from Thomas Gleixner:
       "A single update for the documentation of the base_slice_ns tunable to
        clarify that any value which is less than the tick slice has no effect
        because the scheduler tick is not guaranteed to happen within the set
        time slice"
      
      * tag 'sched-urgent-2024-03-24' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        sched/doc: Update documentation for base_slice_ns and CONFIG_HZ relation
      b136f68e
    • Linus Torvalds's avatar
      Merge tag 'dma-mapping-6.9-2024-03-24' of git://git.infradead.org/users/hch/dma-mapping · 864ad046
      Linus Torvalds authored
      Pull dma-mapping fixes from Christoph Hellwig:
       "This has a set of swiotlb alignment fixes for sometimes very long
        standing bugs from Will. We've been discussion them for a while and
        they should be solid now"
      
      * tag 'dma-mapping-6.9-2024-03-24' of git://git.infradead.org/users/hch/dma-mapping:
        swiotlb: Reinstate page-alignment for mappings >= PAGE_SIZE
        iommu/dma: Force swiotlb_max_mapping_size on an untrusted device
        swiotlb: Fix alignment checks when both allocation and DMA masks are present
        swiotlb: Honour dma_alloc_coherent() alignment in swiotlb_alloc()
        swiotlb: Enforce page alignment in swiotlb_alloc()
        swiotlb: Fix double-allocation of slots due to broken alignment handling
      864ad046
    • Oleksandr Tymoshenko's avatar
      efi: fix panic in kdump kernel · 62b71cd7
      Oleksandr Tymoshenko authored
      Check if get_next_variable() is actually valid pointer before
      calling it. In kdump kernel this method is set to NULL that causes
      panic during the kexec-ed kernel boot.
      
      Tested with QEMU and OVMF firmware.
      
      Fixes: bad267f9 ("efi: verify that variable services are supported")
      Signed-off-by: default avatarOleksandr Tymoshenko <ovt@google.com>
      Signed-off-by: default avatarArd Biesheuvel <ardb@kernel.org>
      62b71cd7
    • Ard Biesheuvel's avatar
      x86/efistub: Don't clear BSS twice in mixed mode · df7ecce8
      Ard Biesheuvel authored
      Clearing BSS should only be done once, at the very beginning.
      efi_pe_entry() is the entrypoint from the firmware, which may not clear
      BSS and so it is done explicitly. However, efi_pe_entry() is also used
      as an entrypoint by the mixed mode startup code, in which case BSS will
      already have been cleared, and doing it again at this point will corrupt
      global variables holding the firmware's GDT/IDT and segment selectors.
      
      So make the memset() conditional on whether the EFI stub is running in
      native mode.
      
      Fixes: b3810c5a ("x86/efistub: Clear decompressor BSS in native EFI entrypoint")
      Signed-off-by: default avatarArd Biesheuvel <ardb@kernel.org>
      df7ecce8
    • Ard Biesheuvel's avatar
      x86/efistub: Call mixed mode boot services on the firmware's stack · cefcd4fe
      Ard Biesheuvel authored
      Normally, the EFI stub calls into the EFI boot services using the stack
      that was live when the stub was entered. According to the UEFI spec,
      this stack needs to be at least 128k in size - this might seem large but
      all asynchronous processing and event handling in EFI runs from the same
      stack and so quite a lot of space may be used in practice.
      
      In mixed mode, the situation is a bit different: the bootloader calls
      the 32-bit EFI stub entry point, which calls the decompressor's 32-bit
      entry point, where the boot stack is set up, using a fixed allocation
      of 16k. This stack is still in use when the EFI stub is started in
      64-bit mode, and so all calls back into the EFI firmware will be using
      the decompressor's limited boot stack.
      
      Due to the placement of the boot stack right after the boot heap, any
      stack overruns have gone unnoticed. However, commit
      
        5c4feadb0011983b ("x86/decompressor: Move global symbol references to C code")
      
      moved the definition of the boot heap into C code, and now the boot
      stack is placed right at the base of BSS, where any overruns will
      corrupt the end of the .data section.
      
      While it would be possible to work around this by increasing the size of
      the boot stack, doing so would affect all x86 systems, and mixed mode
      systems are a tiny (and shrinking) fraction of the x86 installed base.
      
      So instead, record the firmware stack pointer value when entering from
      the 32-bit firmware, and switch to this stack every time a EFI boot
      service call is made.
      
      Cc: <stable@kernel.org> # v6.1+
      Signed-off-by: default avatarArd Biesheuvel <ardb@kernel.org>
      cefcd4fe
    • Tom Lendacky's avatar
      x86/boot/64: Move 5-level paging global variable assignments back · 9843231c
      Tom Lendacky authored
      Commit 63bed966 ("x86/startup_64: Defer assignment of 5-level paging
      global variables") moved assignment of 5-level global variables to later
      in the boot in order to avoid having to use RIP relative addressing in
      order to set them. However, when running with 5-level paging and SME
      active (mem_encrypt=on), the variables are needed as part of the page
      table setup needed to encrypt the kernel (using pgd_none(), p4d_offset(),
      etc.). Since the variables haven't been set, the page table manipulation
      is done as if 4-level paging is active, causing the system to crash on
      boot.
      
      While only a subset of the assignments that were moved need to be set
      early, move all of the assignments back into check_la57_support() so that
      these assignments aren't spread between two locations. Instead of just
      reverting the fix, this uses the new RIP_REL_REF() macro when assigning
      the variables.
      
      Fixes: 63bed966 ("x86/startup_64: Defer assignment of 5-level paging global variables")
      Signed-off-by: default avatarTom Lendacky <thomas.lendacky@amd.com>
      Signed-off-by: default avatarIngo Molnar <mingo@kernel.org>
      Reviewed-by: default avatarArd Biesheuvel <ardb@kernel.org>
      Link: https://lore.kernel.org/r/2ca419f4d0de719926fd82353f6751f717590a86.1711122067.git.thomas.lendacky@amd.com
      9843231c
    • Tom Lendacky's avatar
      x86/boot/64: Apply encryption mask to 5-level pagetable update · 4d0d7e78
      Tom Lendacky authored
      When running with 5-level page tables, the kernel mapping PGD entry is
      updated to point to the P4D table. The assignment uses _PAGE_TABLE_NOENC,
      which, when SME is active (mem_encrypt=on), results in a page table
      entry without the encryption mask set, causing the system to crash on
      boot.
      
      Change the assignment to use _PAGE_TABLE instead of _PAGE_TABLE_NOENC so
      that the encryption mask is set for the PGD entry.
      
      Fixes: 533568e0 ("x86/boot/64: Use RIP_REL_REF() to access early_top_pgt[]")
      Signed-off-by: default avatarTom Lendacky <thomas.lendacky@amd.com>
      Signed-off-by: default avatarIngo Molnar <mingo@kernel.org>
      Reviewed-by: default avatarArd Biesheuvel <ardb@kernel.org>
      Link: https://lore.kernel.org/r/8f20345cda7dbba2cf748b286e1bc00816fe649a.1711122067.git.thomas.lendacky@amd.com
      4d0d7e78
    • Tony Luck's avatar
    • Adamos Ttofari's avatar
      x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD · 10e4b516
      Adamos Ttofari authored
      Commit 67236547 ("x86/fpu: Update XFD state where required") and
      commit 8bf26758 ("x86/fpu: Add XFD state to fpstate") introduced a
      per CPU variable xfd_state to keep the MSR_IA32_XFD value cached, in
      order to avoid unnecessary writes to the MSR.
      
      On CPU hotplug MSR_IA32_XFD is reset to the init_fpstate.xfd, which
      wipes out any stale state. But the per CPU cached xfd value is not
      reset, which brings them out of sync.
      
      As a consequence a subsequent xfd_update_state() might fail to update
      the MSR which in turn can result in XRSTOR raising a #NM in kernel
      space, which crashes the kernel.
      
      To fix this, introduce xfd_set_state() to write xfd_state together
      with MSR_IA32_XFD, and use it in all places that set MSR_IA32_XFD.
      
      Fixes: 67236547 ("x86/fpu: Update XFD state where required")
      Signed-off-by: default avatarAdamos Ttofari <attofari@amazon.de>
      Signed-off-by: default avatarChang S. Bae <chang.seok.bae@intel.com>
      Signed-off-by: default avatarIngo Molnar <mingo@kernel.org>
      Reviewed-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Link: https://lore.kernel.org/r/20240322230439.456571-1-chang.seok.bae@intel.com
      
      Closes: https://lore.kernel.org/lkml/20230511152818.13839-1-attofari@amazon.de
      10e4b516
    • Tony Luck's avatar
      Documentation/x86: Document that resctrl bandwidth control units are MiB · a8ed59a3
      Tony Luck authored
      The memory bandwidth software controller uses 2^20 units rather than
      10^6. See mbm_bw_count() which computes bandwidth using the "SZ_1M"
      Linux define for 0x00100000.
      
      Update the documentation to use MiB when describing this feature.
      It's too late to fix the mount option "mba_MBps" as that is now an
      established user interface.
      Signed-off-by: default avatarTony Luck <tony.luck@intel.com>
      Signed-off-by: default avatarIngo Molnar <mingo@kernel.org>
      Link: https://lore.kernel.org/r/20240322182016.196544-1-tony.luck@intel.com
      a8ed59a3
  5. 23 Mar, 2024 11 commits
    • Linus Torvalds's avatar
      Merge tag 'timers-urgent-2024-03-23' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 70293240
      Linus Torvalds authored
      Pull timer fixes from Thomas Gleixner:
       "Two regression fixes for the timer and timer migration code:
      
         - Prevent endless timer requeuing which is caused by two CPUs racing
           out of idle. This happens when the last CPU goes idle and therefore
           has to ensure to expire the pending global timers and some other
           CPU come out of idle at the same time and the other CPU wins the
           race and expires the global queue. This causes the last CPU to
           chase ghost timers forever and reprogramming it's clockevent device
           endlessly.
      
           Cure this by re-evaluating the wakeup time unconditionally.
      
         - The split into local (pinned) and global timers in the timer wheel
           caused a regression for NOHZ full as it broke the idle tracking of
           global timers. On NOHZ full this prevents an self IPI being sent
           which in turn causes the timer to be not programmed and not being
           expired on time.
      
           Restore the idle tracking for the global timer base so that the
           self IPI condition for NOHZ full is working correctly again"
      
      * tag 'timers-urgent-2024-03-23' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        timers: Fix removed self-IPI on global timer's enqueue in nohz_full
        timers/migration: Fix endless timer requeue after idle interrupts
      70293240
    • Linus Torvalds's avatar
      Merge tag 'timers-core-2024-03-23' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 00164f47
      Linus Torvalds authored
      Pull more clocksource updates from Thomas Gleixner:
       "A set of updates for clocksource and clockevent drivers:
      
         - A fix for the prescaler of the ARM global timer where the prescaler
           mask define only covered 4 bits while it is actully 8 bits wide.
           This obviously restricted the possible range of prescaler
           adjustments
      
         - A fix for the RISC-V timer which prevents a timer interrupt being
           raised while the timer is initialized
      
         - A set of device tree updates to support new system on chips in
           various drivers
      
         - Kernel-doc and other cleanups all over the place"
      
      * tag 'timers-core-2024-03-23' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        clocksource/drivers/timer-riscv: Clear timer interrupt on timer initialization
        dt-bindings: timer: Add support for cadence TTC PWM
        clocksource/drivers/arm_global_timer: Simplify prescaler register access
        clocksource/drivers/arm_global_timer: Guard against division by zero
        clocksource/drivers/arm_global_timer: Make gt_target_rate unsigned long
        dt-bindings: timer: add Ralink SoCs system tick counter
        clocksource: arm_global_timer: fix non-kernel-doc comment
        clocksource/drivers/arm_global_timer: Remove stray tab
        clocksource/drivers/arm_global_timer: Fix maximum prescaler value
        clocksource/drivers/imx-sysctr: Add i.MX95 support
        clocksource/drivers/imx-sysctr: Drop use global variables
        dt-bindings: timer: nxp,sysctr-timer: support i.MX95
        dt-bindings: timer: renesas: ostm: Document RZ/Five SoC
        dt-bindings: timer: renesas,tmu: Document input capture interrupt
        clocksource/drivers/ti-32K: Fix misuse of "/**" comment
        clocksource/drivers/stm32: Fix all kernel-doc warnings
        dt-bindings: timer: exynos4210-mct: Add google,gs101-mct compatible
        clocksource/drivers/imx: Fix -Wunused-but-set-variable warning
      00164f47
    • Linus Torvalds's avatar
      Merge tag 'irq-urgent-2024-03-23' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 1a391931
      Linus Torvalds authored
      Pull irq fixes from Thomas Gleixner:
       "A series of fixes for the Renesas RZG21 interrupt chip driver to
        prevent spurious and misrouted interrupts.
      
         - Ensure that posted writes are flushed in the eoi() callback
      
         - Ensure that interrupts are masked at the chip level when the
           trigger type is changed
      
         - Clear the interrupt status register when setting up edge type
           trigger modes
      
         - Ensure that the trigger type and routing information is set before
           the interrupt is enabled"
      
      * tag 'irq-urgent-2024-03-23' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        irqchip/renesas-rzg2l: Do not set TIEN and TINT source at the same time
        irqchip/renesas-rzg2l: Prevent spurious interrupts when setting trigger type
        irqchip/renesas-rzg2l: Rename rzg2l_irq_eoi()
        irqchip/renesas-rzg2l: Rename rzg2l_tint_eoi()
        irqchip/renesas-rzg2l: Flush posted write in irq_eoi()
      1a391931
    • Linus Torvalds's avatar
      Merge tag 'core-entry-2024-03-23' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 976b029d
      Linus Torvalds authored
      Pull core entry fix from Thomas Gleixner:
       "A single fix for the generic entry code:
      
        The trace_sys_enter() tracepoint can modify the syscall number via
        kprobes or BPF in pt_regs, but that requires that the syscall number
        is re-evaluted from pt_regs after the tracepoint.
      
        A seccomp fix in that area removed the re-evaluation so the change
        does not take effect as the code just uses the locally cached number.
      
        Restore the original behaviour by re-evaluating the syscall number
        after the tracepoint"
      
      * tag 'core-entry-2024-03-23' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        entry: Respect changes to system call number by trace_sys_enter()
      976b029d
    • Linus Torvalds's avatar
      Merge tag 'powerpc-6.9-2' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux · 484193fe
      Linus Torvalds authored
      Pull more powerpc updates from Michael Ellerman:
      
       - Handle errors in mark_rodata_ro() and mark_initmem_nx()
      
       - Make struct crash_mem available without CONFIG_CRASH_DUMP
      
      Thanks to Christophe Leroy and Hari Bathini.
      
      * tag 'powerpc-6.9-2' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
        powerpc/kdump: Split KEXEC_CORE and CRASH_DUMP dependency
        powerpc/kexec: split CONFIG_KEXEC_FILE and CONFIG_CRASH_DUMP
        kexec/kdump: make struct crash_mem available without CONFIG_CRASH_DUMP
        powerpc: Handle error in mark_rodata_ro() and mark_initmem_nx()
      484193fe
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm · 02fb638b
      Linus Torvalds authored
      Pull ARM updates from Russell King:
      
       - remove a misuse of kernel-doc comment
      
       - use "Call trace:" for backtraces like other architectures
      
       - implement copy_from_kernel_nofault_allowed() to fix a LKDTM test
      
       - add a "cut here" line for prefetch aborts
      
       - remove unnecessary Kconfing entry for FRAME_POINTER
      
       - remove iwmmxy support for PJ4/PJ4B cores
      
       - use bitfield helpers in ptrace to improve readabililty
      
       - check if folio is reserved before flushing
      
      * tag 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm:
        ARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses
        ARM: 9354/1: ptrace: Use bitfield helpers
        ARM: 9352/1: iwmmxt: Remove support for PJ4/PJ4B cores
        ARM: 9353/1: remove unneeded entry for CONFIG_FRAME_POINTER
        ARM: 9351/1: fault: Add "cut here" line for prefetch aborts
        ARM: 9350/1: fault: Implement copy_from_kernel_nofault_allowed()
        ARM: 9349/1: unwind: Add missing "Call trace:" line
        ARM: 9334/1: mm: init: remove misuse of kernel-doc comment
      02fb638b
    • Linus Torvalds's avatar
      Merge tag 'hardening-v6.9-rc1-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux · b7187139
      Linus Torvalds authored
      Pull more hardening updates from Kees Cook:
      
       - CONFIG_MEMCPY_SLOW_KUNIT_TEST is no longer needed (Guenter Roeck)
      
       - Fix needless UTF-8 character in arch/Kconfig (Liu Song)
      
       - Improve __counted_by warning message in LKDTM (Nathan Chancellor)
      
       - Refactor DEFINE_FLEX() for default use of __counted_by
      
       - Disable signed integer overflow sanitizer on GCC < 8
      
      * tag 'hardening-v6.9-rc1-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
        lkdtm/bugs: Improve warning message for compilers without counted_by support
        overflow: Change DEFINE_FLEX to take __counted_by member
        Revert "kunit: memcpy: Split slow memcpy tests into MEMCPY_SLOW_KUNIT_TEST"
        arch/Kconfig: eliminate needless UTF-8 character in Kconfig help
        ubsan: Disable signed integer overflow sanitizer on GCC < 8
      b7187139
    • Thomas Gleixner's avatar
      x86/mpparse: Register APIC address only once · f2208aa1
      Thomas Gleixner authored
      The APIC address is registered twice. First during the early detection and
      afterwards when actually scanning the table for APIC IDs. The APIC and
      topology core warn about the second attempt.
      
      Restrict it to the early detection call.
      
      Fixes: 81287ad6 ("x86/apic: Sanitize APIC address setup")
      Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Signed-off-by: default avatarBorislav Petkov (AMD) <bp@alien8.de>
      Tested-by: default avatarGuenter Roeck <linux@roeck-us.net>
      Link: https://lore.kernel.org/r/20240322185305.297774848@linutronix.de
      f2208aa1
    • Thomas Gleixner's avatar
      x86/topology: Handle the !APIC case gracefully · 5e25eb25
      Thomas Gleixner authored
      If there is no local APIC enumerated and registered then the topology
      bitmaps are empty. Therefore, topology_init_possible_cpus() will die with
      a division by zero exception.
      
      Prevent this by registering a fake APIC id to populate the topology
      bitmap. This also allows to use all topology query interfaces
      unconditionally. It does not affect the actual APIC code because either
      the local APIC address was not registered or no local APIC could be
      detected.
      
      Fixes: f1f758a8 ("x86/topology: Add a mechanism to track topology via APIC IDs")
      Reported-by: default avatarGuenter Roeck <linux@roeck-us.net>
      Reported-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Signed-off-by: default avatarBorislav Petkov (AMD) <bp@alien8.de>
      Tested-by: default avatarGuenter Roeck <linux@roeck-us.net>
      Link: https://lore.kernel.org/r/20240322185305.242709302@linutronix.de
      5e25eb25
    • Thomas Gleixner's avatar
      x86/topology: Don't evaluate logical IDs during early boot · 7af541ce
      Thomas Gleixner authored
      The local APICs have not yet been enumerated so the logical ID evaluation
      from the topology bitmaps does not work and would return an error code.
      
      Skip the evaluation during the early boot CPUID evaluation and only apply
      it on the final run.
      
      Fixes: 380414be ("x86/cpu/topology: Use topology logical mapping mechanism")
      Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Signed-off-by: default avatarBorislav Petkov (AMD) <bp@alien8.de>
      Tested-by: default avatarGuenter Roeck <linux@roeck-us.net>
      Link: https://lore.kernel.org/r/20240322185305.186943142@linutronix.de
      7af541ce
    • Thomas Gleixner's avatar
      x86/cpu: Ensure that CPU info updates are propagated on UP · c90399fb
      Thomas Gleixner authored
      The boot sequence evaluates CPUID information twice:
      
        1) During early boot
      
        2) When finalizing the early setup right before
           mitigations are selected and alternatives are patched.
      
      In both cases the evaluation is stored in boot_cpu_data, but on UP the
      copying of boot_cpu_data to the per CPU info of the boot CPU happens
      between #1 and #2. So any update which happens in #2 is never propagated to
      the per CPU info instance.
      
      Consolidate the whole logic and copy boot_cpu_data right before applying
      alternatives as that's the point where boot_cpu_data is in it's final
      state and not supposed to change anymore.
      
      This also removes the voodoo mb() from smp_prepare_cpus_common() which
      had absolutely no purpose.
      
      Fixes: 71eb4893 ("x86/percpu: Cure per CPU madness on UP")
      Reported-by: default avatarGuenter Roeck <linux@roeck-us.net>
      Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Signed-off-by: default avatarBorislav Petkov (AMD) <bp@alien8.de>
      Tested-by: default avatarGuenter Roeck <linux@roeck-us.net>
      Link: https://lore.kernel.org/r/20240322185305.127642785@linutronix.de
      c90399fb
  6. 22 Mar, 2024 5 commits
    • Nathan Chancellor's avatar
      lkdtm/bugs: Improve warning message for compilers without counted_by support · 231dc3f0
      Nathan Chancellor authored
      The current message for telling the user that their compiler does not
      support the counted_by attribute in the FAM_BOUNDS test does not make
      much sense either grammatically or semantically. Fix it to make it
      correct in both aspects.
      Signed-off-by: default avatarNathan Chancellor <nathan@kernel.org>
      Reviewed-by: default avatarGustavo A. R. Silva <gustavoars@kernel.org>
      Link: https://lore.kernel.org/r/20240321-lkdtm-improve-lack-of-counted_by-msg-v1-1-0fbf7481a29c@kernel.orgSigned-off-by: default avatarKees Cook <keescook@chromium.org>
      231dc3f0
    • Kees Cook's avatar
      overflow: Change DEFINE_FLEX to take __counted_by member · d8e45f29
      Kees Cook authored
      The norm should be flexible array structures with __counted_by
      annotations, so DEFINE_FLEX() is updated to expect that. Rename
      the non-annotated version to DEFINE_RAW_FLEX(), and update the
      few existing users. Additionally add selftests for the macros.
      Reviewed-by: default avatarGustavo A. R. Silva <gustavoars@kernel.org>
      Link: https://lore.kernel.org/r/20240306235128.it.933-kees@kernel.orgReviewed-by: default avatarPrzemek Kitszel <przemyslaw.kitszel@intel.com>
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      d8e45f29
    • Linus Torvalds's avatar
      Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi · bfa8f186
      Linus Torvalds authored
      Pull more SCSI updates from James Bottomley:
       "The vfs has long had a write lifetime hint mechanism that gives the
        expected longevity on storage of the data being written. f2fs was the
        original consumer of this and used the hint for flash data placement
        (mostly to avoid write amplification by placing objects with similar
        lifetimes in the same erase block).
      
        More recently the SCSI based UFS (Universal Flash Storage) drivers
        have wanted to take advantage of this as well, for the same reasons as
        f2fs, necessitating plumbing the write hints through the block layer
        and then adding it to the SCSI core.
      
        The vfs write_hints already taken plumbs this as far as block and this
        completes the SCSI core enabling based on a recently agreed reuse of
        the old write command group number. The additions to the scsi_debug
        driver are for emulating this property so we can run tests on it in
        the absence of an actual UFS device"
      
      * tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
        scsi: scsi_debug: Maintain write statistics per group number
        scsi: scsi_debug: Implement GET STREAM STATUS
        scsi: scsi_debug: Implement the IO Advice Hints Grouping mode page
        scsi: scsi_debug: Allocate the MODE SENSE response from the heap
        scsi: scsi_debug: Rework subpage code error handling
        scsi: scsi_debug: Rework page code error handling
        scsi: scsi_debug: Support the block limits extension VPD page
        scsi: scsi_debug: Reduce code duplication
        scsi: sd: Translate data lifetime information
        scsi: scsi_proto: Add structures and constants related to I/O groups and streams
        scsi: core: Query the Block Limits Extension VPD page
      bfa8f186
    • Linus Torvalds's avatar
      Merge tag 'block-6.9-20240322' of git://git.kernel.dk/linux · e3111d9c
      Linus Torvalds authored
      Pull more block updates from Jens Axboe:
      
       - NVMe pull request via Keith:
           - Make an informative message less ominous (Keith)
           - Enhanced trace decoding (Guixin)
           - TCP updates (Hannes, Li)
           - Fabrics connect deadlock fix (Chunguang)
           - Platform API migration update (Uwe)
           - A new device quirk (Jiawei)
      
       - Remove dead assignment in fd (Yufeng)
      
      * tag 'block-6.9-20240322' of git://git.kernel.dk/linux:
        nvmet-rdma: remove NVMET_RDMA_REQ_INVALIDATE_RKEY flag
        nvme: remove redundant BUILD_BUG_ON check
        floppy: remove duplicated code in redo_fd_request()
        nvme/tcp: Add wq_unbound modparam for nvme_tcp_wq
        nvme-tcp: Export the nvme_tcp_wq to sysfs
        drivers/nvme: Add quirks for device 126f:2262
        nvme: parse format command's lbafu when tracing
        nvme: add tracing of reservation commands
        nvme: parse zns command's zsa and zrasf to string
        nvme: use nvme_disk_is_ns_head helper
        nvme: fix reconnection fail due to reserved tag allocation
        nvmet: add tracing of zns commands
        nvmet: add tracing of authentication commands
        nvme-apple: Convert to platform remove callback returning void
        nvmet-tcp: do not continue for invalid icreq
        nvme: change shutdown timeout setting message
      e3111d9c
    • Linus Torvalds's avatar
      Merge tag 'io_uring-6.9-20240322' of git://git.kernel.dk/linux · 19dba097
      Linus Torvalds authored
      Pull more io_uring updates from Jens Axboe:
       "One patch just missed the initial pull, the rest are either fixes or
        small cleanups that make our life easier for the next kernel:
      
         - Fix a potential leak in error handling of pinned pages, and clean
           it up (Gabriel, Pavel)
      
         - Fix an issue with how read multishot returns retry (me)
      
         - Fix a problem with waitid/futex removals, if we hit the case of
           needing to remove all of them at exit time (me)
      
         - Fix for a regression introduced in this merge window, where we
           don't always have sr->done_io initialized if the ->prep_async()
           path is used (me)
      
         - Fix for SQPOLL setup error handling (me)
      
         - Fix for a poll removal request being delayed (Pavel)
      
         - Rename of a struct member which had a confusing name (Pavel)"
      
      * tag 'io_uring-6.9-20240322' of git://git.kernel.dk/linux:
        io_uring/sqpoll: early exit thread if task_context wasn't allocated
        io_uring: clear opcode specific data for an early failure
        io_uring/net: ensure async prep handlers always initialize ->done_io
        io_uring/waitid: always remove waitid entry for cancel all
        io_uring/futex: always remove futex entry for cancel all
        io_uring: fix poll_remove stalled req completion
        io_uring: Fix release of pinned pages when __io_uaddr_map fails
        io_uring/kbuf: rename is_mapped
        io_uring: simplify io_pages_free
        io_uring: clean rings on NO_MMAP alloc fail
        io_uring/rw: return IOU_ISSUE_SKIP_COMPLETE for multishot retry
        io_uring: don't save/restore iowait state
      19dba097