1. 24 Sep, 2024 8 commits
    • Wentao Guan's avatar
      LoongArch: Fix memleak in pci_acpi_scan_root() · 5016c3a3
      Wentao Guan authored
      Add kfree(root_ops) in this case to avoid memleak of root_ops,
      leaks when pci_find_bus() != 0.
      Signed-off-by: default avatarYuli Wang <wangyuli@uniontech.com>
      Signed-off-by: default avatarWentao Guan <guanwentao@uniontech.com>
      Signed-off-by: default avatarHuacai Chen <chenhuacai@loongson.cn>
      5016c3a3
    • Uros Bizjak's avatar
      LoongArch: Simplify _percpu_read() and _percpu_write() · d4f31acf
      Uros Bizjak authored
      Now _percpu_read() and _percpu_write() macros call __percpu_read()
      and __percpu_write() static inline functions that result in a single
      assembly instruction. However, percpu infrastructure expects its leaf
      definitions to encode the size of their percpu variable, so the patch
      merges all the asm clauses from the static inline function into the
      corresponding leaf macros.
      
      The secondary effect of this change is to avoid explicit __percpu
      annotations for function arguments. Currently, __percpu macro is defined
      in include/linux/compiler_types.h, but with proposed patch [1], __percpu
      definition will need macros from include/asm-generic/percpu.h, creating
      forward dependency loop.
      
      The proposed solution is the same as x86 architecture uses.
      
      [1] https://lore.kernel.org/lkml/20240812115945.484051-4-ubizjak@gmail.com/Tested-by: default avatarXi Ruoyao <xry111@xry111.site>
      Signed-off-by: default avatarUros Bizjak <ubizjak@gmail.com>
      Signed-off-by: default avatarHuacai Chen <chenhuacai@loongson.cn>
      d4f31acf
    • Huacai Chen's avatar
      LoongArch: Improve hardware page table walker · f93f67d0
      Huacai Chen authored
      LoongArch has similar problems explained in commit 7f0b1bf0
      ("arm64: Fix barriers used for page table modifications"), when hardware
      page table walker (PTW) enabled, speculative accesses may cause spurious
      page fault in kernel space. Theoretically, in order to completely avoid
      spurious page fault we need a "dbar + ibar" pair between the page table
      modifications and the subsequent memory accesses using the corresponding
      virtual address. But "ibar" is too heavy for performace, so we only use
      a "dbar 0b11000" in set_pte(). And let spurious_fault() filter the rest
      rare spurious page faults which should be avoided by "ibar".
      
      Besides, we replace the llsc loop with amo in set_pte() which has better
      performace, and refactor mmu_context.h to 1) avoid any load/store/branch
      instructions between the writing of CSR.ASID & CSR.PGDL, 2) ensure flush
      tlb operation is after updating ASID.
      Signed-off-by: default avatarHuacai Chen <chenhuacai@loongson.cn>
      f93f67d0
    • Huacai Chen's avatar
      LoongArch: Add ARCH_HAS_SET_DIRECT_MAP support · f04de6d8
      Huacai Chen authored
      Add set_direct_map_*() functions for setting the direct map alias for
      the page to its default permissions and to an invalid state that cannot
      be cached in a TLB. (See d253ca0c ("x86/mm/cpa: Add set_direct_map_*()
      functions")) Add a similar implementation for LoongArch.
      
      This fixes the KFENCE warnings during hibernation:
      
       ==================================================================
       BUG: KFENCE: invalid read in swsusp_save+0x368/0x4d8
      
       Invalid read at 0x00000000f7b89a3c:
        swsusp_save+0x368/0x4d8
        hibernation_snapshot+0x3f0/0x4e0
        hibernate+0x20c/0x440
        state_store+0x128/0x140
        kernfs_fop_write_iter+0x160/0x260
        vfs_write+0x2c0/0x520
        ksys_write+0x74/0x160
        do_syscall+0xb0/0x160
      
       CPU: 0 UID: 0 PID: 812 Comm: bash Tainted: G    B              6.11.0-rc1+ #1566
       Tainted: [B]=BAD_PAGE
       Hardware name: Loongson-LS3A5000-7A1000-1w-CRB, BIOS vUDK2018-LoongArch-V2.0.0 10/21/2022
       ==================================================================
      
      Note: We can only set permissions for KVRANGE/XKVRANGE kernel addresses.
      Signed-off-by: default avatarHuacai Chen <chenhuacai@loongson.cn>
      f04de6d8
    • Huacai Chen's avatar
      LoongArch: Add ARCH_HAS_SET_MEMORY support · e86935f7
      Huacai Chen authored
      Add set_memory_ro/rw/x/nx architecture hooks to change the page
      attribution.
      
      Use own set_memory.h rather than generic set_memory.h (i.e.
      include/asm-generic/set_memory.h), because we want to add other function
      prototypes here.
      
      Note: We can only set attributes for KVRANGE/XKVRANGE kernel addresses.
      Signed-off-by: default avatarHuacai Chen <chenhuacai@loongson.cn>
      e86935f7
    • Jiaxun Yang's avatar
      LoongArch: Rework CPU feature probe from CPUCFG/IOCSR · 34e3c450
      Jiaxun Yang authored
      Probe ISA level, TLB, IOCSR information from CPUCFG to improve kernel
      resilience to different core implementations.
      
      BTW, IOCSR register definition appears to be a platform-specific spec
      instead of an architecture spec, even for the Loongson CPUs there is no
      guarantee that IOCSR will always present.
      
      Thus it's dangerous to perform IOCSR probing without checking CPU type
      and instruction availability.
      Signed-off-by: default avatarJiaxun Yang <jiaxun.yang@flygoat.com>
      Signed-off-by: default avatarHuacai Chen <chenhuacai@loongson.cn>
      34e3c450
    • Bibo Mao's avatar
      LoongArch: Enable ACPI BGRT handling · d0bb0b60
      Bibo Mao authored
      Add ACPI BGRT support on LoongArch so it can display image provied by
      acpi table at boot stage and switch to graphical UI smoothly.
      Signed-off-by: default avatarBibo Mao <maobibo@loongson.cn>
      Signed-off-by: default avatarHuacai Chen <chenhuacai@loongson.cn>
      d0bb0b60
    • Tiezhu Yang's avatar
      LoongArch: Enable generic CPU vulnerabilites support · e8dd556c
      Tiezhu Yang authored
      Currently, many architectures support generic CPU vulnerabilites, such
      as x86, arm64 and riscv:
      
       commit 61dc0f55 ("x86/cpu: Implement CPU vulnerabilites sysfs functions")
       commit 61ae1321 ("arm64: enable generic CPU vulnerabilites support")
       commit 0e3f3649 ("riscv: Enable generic CPU vulnerabilites support")
      
      All LoongArch CPUs (since Loongson-3A5000) implement a special mechanism
      in the processor core to prevent "Meltdown" and "Spectre" attacks, so it
      can enable generic CPU vulnerabilites support for LoongArch too.
      
      Without this patch, there are no user interfaces of vulnerabilities to
      check on LoongArch. The output of those files reflects the state of the
      CPUs in the system, the output value "Not affected" means "CPU is not
      affected by the vulnerability".
      
      Before:
      
       # cat /sys/devices/system/cpu/vulnerabilities/spec_rstack_overflow
       cat: /sys/devices/system/cpu/vulnerabilities/spec_rstack_overflow: No such file or directory
       # cat /sys/devices/system/cpu/vulnerabilities/spec_store_bypass
       cat: /sys/devices/system/cpu/vulnerabilities/spec_store_bypass: No such file or directory
       # cat /sys/devices/system/cpu/vulnerabilities/meltdown
       cat: /sys/devices/system/cpu/vulnerabilities/meltdown: No such file or directory
      
      After:
      
       # cat /sys/devices/system/cpu/vulnerabilities/spec_rstack_overflow
       Not affected
       # cat /sys/devices/system/cpu/vulnerabilities/spec_store_bypass
       Not affected
       # cat /sys/devices/system/cpu/vulnerabilities/meltdown
       Not affected
      
      Link: https://www.loongson.cn/EN/news/show?id=633Signed-off-by: default avatarTiezhu Yang <yangtiezhu@loongson.cn>
      Signed-off-by: default avatarHuacai Chen <chenhuacai@loongson.cn>
      e8dd556c
  2. 17 Sep, 2024 5 commits
    • Tiezhu Yang's avatar
      LoongArch: Remove STACK_FRAME_NON_STANDARD(do_syscall) · 0eb0bd21
      Tiezhu Yang authored
      For now, we can remove STACK_FRAME_NON_STANDARD(do_syscall) because
      there is no objtool warning "do_syscall+0x11c: return with modified
      stack frame", then there is handle_syscall() which is the previous
      frame of do_syscall() in the call trace when executing the command
      "echo l > /proc/sysrq-trigger".
      
      Fixes: a0f7085f ("LoongArch: Add RANDOMIZE_KSTACK_OFFSET support")
      Signed-off-by: default avatarTiezhu Yang <yangtiezhu@loongson.cn>
      Signed-off-by: default avatarHuacai Chen <chenhuacai@loongson.cn>
      0eb0bd21
    • Tiezhu Yang's avatar
      LoongArch: Set AS_HAS_THIN_ADD_SUB as y if AS_IS_LLVM · a7e08377
      Tiezhu Yang authored
      When building kernel with "make CC=clang defconfig", LLVM Assembler is
      used due to LLVM_IAS=0 is not specified, then AS_HAS_THIN_ADD_SUB is not
      set, thus objtool can not be built after enable it for Clang.
      
      config AS_HAS_THIN_ADD_SUB is to check whether -mthin-add-sub option is
      available to know R_LARCH_{32,64}_PCREL are supported for GNU Assembler,
      there is no such an option for LLVM Assembler. The minimal version of
      Clang is 18 for building LoongArch kernel, and Clang >= 17 has already
      supported R_LARCH_{32,64}_PCREL, that is to say, there is no need to
      depend on AS_HAS_THIN_ADD_SUB for Clang, so just set AS_HAS_THIN_ADD_SUB
      as y if AS_IS_LLVM.
      
      Fixes: 120dd411 ("LoongArch: Only allow OBJTOOL & ORC unwinder if toolchain supports -mthin-add-sub")
      Signed-off-by: default avatarTiezhu Yang <yangtiezhu@loongson.cn>
      Signed-off-by: default avatarHuacai Chen <chenhuacai@loongson.cn>
      a7e08377
    • Tiezhu Yang's avatar
      LoongArch: Enable objtool for Clang · b8468bd9
      Tiezhu Yang authored
      For now, it can enable objtool for Clang, just remove !CC_IS_CLANG for
      HAVE_OBJTOOL in arch/loongarch/Kconfig.
      Signed-off-by: default avatarTiezhu Yang <yangtiezhu@loongson.cn>
      Signed-off-by: default avatarHuacai Chen <chenhuacai@loongson.cn>
      b8468bd9
    • Tiezhu Yang's avatar
      objtool: Handle frame pointer related instructions · da5b2ad1
      Tiezhu Yang authored
      After commit a0f7085f ("LoongArch: Add RANDOMIZE_KSTACK_OFFSET
      support"), there are three new instructions "addi.d $fp, $sp, 32",
      "sub.d $sp, $sp, $t0" and "addi.d $sp, $fp, -32" for the secondary
      stack in do_syscall(), then there is a objtool warning "return with
      modified stack frame" and no handle_syscall() which is the previous
      frame of do_syscall() in the call trace when executing the command
      "echo l > /proc/sysrq-trigger".
      
      objdump shows something like this:
      
      0000000000000000 <do_syscall>:
         0:   02ff8063        addi.d          $sp, $sp, -32
         4:   29c04076        st.d            $fp, $sp, 16
         8:   29c02077        st.d            $s0, $sp, 8
         c:   29c06061        st.d            $ra, $sp, 24
        10:   02c08076        addi.d          $fp, $sp, 32
        ...
        74:   0011b063        sub.d           $sp, $sp, $t0
        ...
        a8:   4c000181        jirl            $ra, $t0, 0
        ...
        dc:   02ff82c3        addi.d          $sp, $fp, -32
        e0:   28c06061        ld.d            $ra, $sp, 24
        e4:   28c04076        ld.d            $fp, $sp, 16
        e8:   28c02077        ld.d            $s0, $sp, 8
        ec:   02c08063        addi.d          $sp, $sp, 32
        f0:   4c000020        jirl            $zero, $ra, 0
      
      The instruction "sub.d $sp, $sp, $t0" changes the stack bottom and the
      new stack size is a random value, in order to find the return address of
      do_syscall() which is stored in the original stack frame after executing
      "jirl $ra, $t0, 0", it should use fp which points to the original stack
      top.
      
      At the beginning, the thought is tended to decode the secondary stack
      instruction "sub.d $sp, $sp, $t0" and set it as a label, then check this
      label for the two frame pointer instructions to change the cfa base and
      cfa offset during the period of secondary stack in update_cfi_state().
      This is valid for GCC but invalid for Clang due to there are different
      secondary stack instructions for ClangBuiltLinux on LoongArch, something
      like this:
      
      0000000000000000 <do_syscall>:
        ...
        88:   00119064        sub.d           $a0, $sp, $a0
        8c:   00150083        or              $sp, $a0, $zero
        ...
      
      Actually, it equals to a single instruction "sub.d $sp, $sp, $a0", but
      there is no proper condition to check it as a label like GCC, and so the
      beginning thought is not a good way.
      
      Essentially, there are two special frame pointer instructions which are
      "addi.d $fp, $sp, imm" and "addi.d $sp, $fp, imm", the first one points
      fp to the original stack top and the second one restores the original
      stack bottom from fp.
      
      Based on the above analysis, in order to avoid adding an arch-specific
      update_cfi_state(), we just add a member "frame_pointer" in the "struct
      symbol" as a label to avoid affecting the current normal case, then set
      it as true only if there is "addi.d $sp, $fp, imm". The last is to check
      this label for the two frame pointer instructions to change the cfa base
      and cfa offset in update_cfi_state().
      
      Tested with the following two configs:
      (1) CONFIG_RANDOMIZE_KSTACK_OFFSET=y &&
          CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT=n
      (2) CONFIG_RANDOMIZE_KSTACK_OFFSET=y &&
          CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT=y
      
      By the way, there is no effect for x86 with this patch, tested on the
      x86 machine with Fedora 40 system.
      
      Cc: stable@vger.kernel.org # 6.9+
      Signed-off-by: default avatarTiezhu Yang <yangtiezhu@loongson.cn>
      Signed-off-by: default avatarHuacai Chen <chenhuacai@loongson.cn>
      da5b2ad1
    • Huacai Chen's avatar
      Merge tag 'irq-core-2024-09-16' into loongarch-next · 987cbafe
      Huacai Chen authored
      LoongArch architecture changes for 6.12 depend on the irq core
      changes about AVEC irqchip to avoid confliction, so merge them
      to create a base.
      987cbafe
  3. 15 Sep, 2024 3 commits
    • Linus Torvalds's avatar
      Linux 6.11 · 98f7e32f
      Linus Torvalds authored
      98f7e32f
    • Linus Torvalds's avatar
      Merge tag 'for-linus-6.11' of git://git.kernel.org/pub/scm/virt/kvm/kvm · d42f7708
      Linus Torvalds authored
      Pull kvm fix from Paolo Bonzini:
       "Do not always honor guest PAT on CPUs that support self-snoop.
      
        This triggers an issue in the bochsdrm driver, which used ioremap()
        instead of ioremap_wc() to map the video RAM.
      
        The revert lets video RAM use the WB memory type instead of the slower
        UC memory type"
      
      * tag 'for-linus-6.11' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
        Revert "KVM: VMX: Always honor guest PAT on CPUs that support self-snoop"
      d42f7708
    • Paolo Bonzini's avatar
      Revert "KVM: VMX: Always honor guest PAT on CPUs that support self-snoop" · 9d70f3fe
      Paolo Bonzini authored
      This reverts commit 377b2f35.
      
      This caused a regression with the bochsdrm driver, which used ioremap()
      instead of ioremap_wc() to map the video RAM.  After the commit, the
      WB memory type is used without the IGNORE_PAT, resulting in the slower
      UC memory type.  In fact, UC is slow enough to basically cause guests
      to not boot... but only on new processors such as Sapphire Rapids and
      Cascade Lake.  Coffee Lake for example works properly, though that might
      also be an effect of being on a larger, more NUMA system.
      
      The driver has been fixed but that does not help older guests.  Until we
      figure out whether Cascade Lake and newer processors are working as
      intended, revert the commit.  Long term we might add a quirk, but the
      details depend on whether the processors are working as intended: for
      example if they are, the quirk might reference bochs-compatible devices,
      e.g. in the name and documentation, so that userspace can disable the
      quirk by default and only leave it enabled if such a device is being
      exposed to the guest.
      
      If instead this is actually a bug in CLX+, then the actions we need to
      take are different and depend on the actual cause of the bug.
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      9d70f3fe
  4. 14 Sep, 2024 4 commits
  5. 13 Sep, 2024 11 commits
  6. 12 Sep, 2024 9 commits
    • Linus Torvalds's avatar
      Merge tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux · 196145c6
      Linus Torvalds authored
      Pull clk fix from Stephen Boyd:
       "One build fix for 32-bit arches using the Qualcomm PLL driver. It's
        cheaper to use a comparison here instead of a division so we just do
        that to fix the build"
      
      * tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux:
        clk: qcom: clk-alpha-pll: Simplify the zonda_pll_adjust_l_val()
      196145c6
    • Linus Torvalds's avatar
      Merge tag 'block-6.11-20240912' of git://git.kernel.dk/linux · b8e7cd09
      Linus Torvalds authored
      Pull block fix from Jens Axboe:
       "Just a single fix for a deadlock issue that can happen if someone
        attempts to change the root disk IO scheduler with a module that
        requires loading from disk.
      
        Changing the scheduler freezes the queue while that operation is
        happening, hence causing a deadlock"
      
      * tag 'block-6.11-20240912' of git://git.kernel.dk/linux:
        block: Prevent deadlocks when switching elevators
      b8e7cd09
    • Linus Torvalds's avatar
      Merge tag 'hwmon-for-v6.11-rc8' of... · fdf042df
      Linus Torvalds authored
      Merge tag 'hwmon-for-v6.11-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging
      
      Pull hwmon fix from Guenter Roeck:
      
       - Fix clearing status register bits for chips supporting older
         PMBus versions
      
      * tag 'hwmon-for-v6.11-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging:
        hwmon: (pmbus) Conditionally clear individual status bits for pmbus rev >= 1.2
      fdf042df
    • Linus Torvalds's avatar
      Merge tag 'wq-for-6.11-rc7-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq · 5da02886
      Linus Torvalds authored
      Pull workqueue fix from Tejun Heo:
       "A fix for a NULL worker->pool deref bug which can be triggered when a
        worker is created and then destroyed immediately"
      
      * tag 'wq-for-6.11-rc7-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq:
        workqueue: Clear worker->pool in the worker thread context
      5da02886
    • Linus Torvalds's avatar
      Merge tag 'riscv-for-linus-6.11-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux · 8581ae1e
      Linus Torvalds authored
      Pull RISC-V fixes from Palmer Dabbelt:
      
       - Two fixes for smp_processor_id() calls in preemptible sections: one
         if the perf driver, and one in the fence.i prctl.
      
      * tag 'riscv-for-linus-6.11-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux:
        riscv: Disable preemption while handling PR_RISCV_CTX_SW_FENCEI_OFF
        drivers: perf: Fix smp_processor_id() use in preemptible code
      8581ae1e
    • Linus Torvalds's avatar
      Merge tag 'net-6.11-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · 5abfdfd4
      Linus Torvalds authored
      Pull networking fixes from Paolo Abeni:
       "Including fixes from netfilter.
      
        There is a recently notified BT regression with no fix yet. I do not
        think a fix will land in the next week.
      
        Current release - regressions:
      
         - core: tighten bad gso csum offset check in virtio_net_hdr
      
         - netfilter: move nf flowtable bpf initialization in
           nf_flow_table_module_init()
      
         - eth: ice: stop calling pci_disable_device() as we use pcim
      
         - eth: fou: fix null-ptr-deref in GRO.
      
        Current release - new code bugs:
      
         - hsr: prevent NULL pointer dereference in hsr_proxy_announce()
      
        Previous releases - regressions:
      
         - hsr: remove seqnr_lock
      
         - netfilter: nft_socket: fix sk refcount leaks
      
         - mptcp: pm: fix uaf in __timer_delete_sync
      
         - phy: dp83822: fix NULL pointer dereference on DP83825 devices
      
         - eth: revert "virtio_net: rx enable premapped mode by default"
      
         - eth: octeontx2-af: Modify SMQ flush sequence to drop packets
      
        Previous releases - always broken:
      
         - eth: mlx5: fix bridge mode operations when there are no VFs
      
         - eth: igb: Always call igb_xdp_ring_update_tail() under Tx lock"
      
      * tag 'net-6.11-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (36 commits)
        net: netfilter: move nf flowtable bpf initialization in nf_flow_table_module_init()
        net: tighten bad gso csum offset check in virtio_net_hdr
        netlink: specs: mptcp: fix port endianness
        net: dpaa: Pad packets to ETH_ZLEN
        mptcp: pm: Fix uaf in __timer_delete_sync
        net: libwx: fix number of Rx and Tx descriptors
        net: dsa: felix: ignore pending status of TAS module when it's disabled
        net: hsr: prevent NULL pointer dereference in hsr_proxy_announce()
        selftests: mptcp: include net_helper.sh file
        selftests: mptcp: include lib.sh file
        selftests: mptcp: join: restrict fullmesh endp on 1st sf
        netfilter: nft_socket: make cgroupsv2 matching work with namespaces
        netfilter: nft_socket: fix sk refcount leaks
        MAINTAINERS: Add ethtool pse-pd to PSE NETWORK DRIVER
        dt-bindings: net: tja11xx: fix the broken binding
        selftests: net: csum: Fix checksums for packets with non-zero padding
        net: phy: dp83822: Fix NULL pointer dereference on DP83825 devices
        virtio_net: disable premapped mode by default
        Revert "virtio_net: big mode skip the unmap check"
        Revert "virtio_net: rx remove premapped failover code"
        ...
      5abfdfd4
    • Linus Torvalds's avatar
      Merge tag 'platform-drivers-x86-v6.11-7' of... · 42c5b519
      Linus Torvalds authored
      Merge tag 'platform-drivers-x86-v6.11-7' of git://git.kernel.org/pub/scm/linux/kernel/git/pdx86/platform-drivers-x86
      
      Pull x86 platform driver fixes from Ilpo Järvinen:
      
       - asus-wmi: Disable OOBE that interferes with backlight control
      
       - panasonic-laptop: Two fixes to SINF array handling
      
      * tag 'platform-drivers-x86-v6.11-7' of git://git.kernel.org/pub/scm/linux/kernel/git/pdx86/platform-drivers-x86:
        platform/x86: asus-wmi: Disable OOBE experience on Zenbook S 16
        platform/x86: panasonic-laptop: Allocate 1 entry extra in the sinf array
        platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses
      42c5b519
    • Linus Torvalds's avatar
      mm: avoid leaving partial pfn mappings around in error case · 79a61cc3
      Linus Torvalds authored
      As Jann points out, PFN mappings are special, because unlike normal
      memory mappings, there is no lifetime information associated with the
      mapping - it is just a raw mapping of PFNs with no reference counting of
      a 'struct page'.
      
      That's all very much intentional, but it does mean that it's easy to
      mess up the cleanup in case of errors.  Yes, a failed mmap() will always
      eventually clean up any partial mappings, but without any explicit
      lifetime in the page table mapping itself, it's very easy to do the
      error handling in the wrong order.
      
      In particular, it's easy to mistakenly free the physical backing store
      before the page tables are actually cleaned up and (temporarily) have
      stale dangling PTE entries.
      
      To make this situation less error-prone, just make sure that any partial
      pfn mapping is torn down early, before any other error handling.
      Reported-and-tested-by: default avatarJann Horn <jannh@google.com>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: Jason Gunthorpe <jgg@ziepe.ca>
      Cc: Simona Vetter <simona.vetter@ffwll.ch>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      79a61cc3
    • Matthew Auld's avatar
      drm/xe/client: add missing bo locking in show_meminfo() · 94c4aa26
      Matthew Auld authored
      bo_meminfo() wants to inspect bo state like tt and the ttm resource,
      however this state can change at any point leading to stuff like NPD and
      UAF, if the bo lock is not held. Grab the bo lock when calling
      bo_meminfo(), ensuring we drop any spinlocks first. In the case of
      object_idr we now also need to hold a ref.
      
      v2 (MattB)
        - Also add xe_bo_assert_held()
      
      Fixes: 08452333 ("drm/xe: Implement fdinfo memory stats printing")
      Signed-off-by: default avatarMatthew Auld <matthew.auld@intel.com>
      Cc: Himal Prasad Ghimiray <himal.prasad.ghimiray@intel.com>
      Cc: Tejas Upadhyay <tejas.upadhyay@intel.com>
      Cc: "Thomas Hellström" <thomas.hellstrom@linux.intel.com>
      Cc: <stable@vger.kernel.org> # v6.8+
      Reviewed-by: default avatarMatthew Brost <matthew.brost@intel.com>
      Reviewed-by: default avatarTejas Upadhyay <tejas.upadhyay@intel.com>
      Link: https://patchwork.freedesktop.org/patch/msgid/20240911155527.178910-6-matthew.auld@intel.com
      (cherry picked from commit 4f63d712fa104c3ebefcb289d1e733e86d8698c7)
      Signed-off-by: default avatarRodrigo Vivi <rodrigo.vivi@intel.com>
      94c4aa26