__io_cq_unlock_post() is identical to io_cq_unlock_post(), and
io_cqring_ev_posted() has a single caller so migth as well just inline
it there.
Signed-off-by: Jens Axboe <axboe@kernel.dk>
This reverts commit 7fdbc5f014.
This patch dealt with a subset of the real problem, which is a potential
circular dependency on the wakup path for io_uring itself. Outside of
io_uring, eventfd can also trigger this (see details in 03e02acda8)
and so can epoll (see details in caf1aeaffc). Now that we have a
generic solution to this problem, get rid of the io_uring specific
work-around.
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Pass in EPOLL_URING_WAKE when signaling eventfd or doing poll related
wakups, so that we can check for a circular event dependency between
eventfd and epoll. If this flag is set when our wakeup handlers are
called, then we know we have a dependency that needs to terminate
multishot requests.
eventfd and epoll are the only such possible dependencies.
Cc: stable@vger.kernel.org # 6.0
Signed-off-by: Jens Axboe <axboe@kernel.dk>
This is identical to eventfd_signal(), but it allows the caller to pass
in a mask to be used for the poll wakeup key. The use case is avoiding
repeated multishot triggers if we have a dependency between eventfd and
io_uring.
If we setup an eventfd context and register that as the io_uring eventfd,
and at the same time queue a multishot poll request for the eventfd
context, then any CQE posted will repeatedly trigger the multishot request
until it terminates when the CQ ring overflows.
In preparation for io_uring detecting this circular dependency, add the
mentioned helper so that io_uring can pass in EPOLL_URING as part of the
poll wakeup key.
Cc: stable@vger.kernel.org # 6.0
[axboe: fold in !CONFIG_EVENTFD fix from Zhang Qilong]
Signed-off-by: Jens Axboe <axboe@kernel.dk>
We can have dependencies between epoll and io_uring. Consider an epoll
context, identified by the epfd file descriptor, and an io_uring file
descriptor identified by iofd. If we add iofd to the epfd context, and
arm a multishot poll request for epfd with iofd, then the multishot
poll request will repeatedly trigger and generate events until terminated
by CQ ring overflow. This isn't a desired behavior.
Add EPOLL_URING so that io_uring can pass it in as part of the poll wakeup
key, and io_uring can check for that to detect a potential recursive
invocation.
Cc: stable@vger.kernel.org # 6.0
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Running task work when not needed can unnecessarily delay
operations. Specifically IORING_SETUP_DEFER_TASKRUN tries to avoid running
task work until the user requests it. Therefore do not run it in
io_uring_register any more.
The one catch is that io_rsrc_ref_quiesce expects it to have run in order
to process all outstanding references, and so reorder it's loop to do this.
Signed-off-by: Dylan Yudaken <dylany@meta.com>
Link: https://lore.kernel.org/r/20221107123349.4106213-1-dylany@meta.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Fixes two errors:
"ERROR: do not use assignment in if condition
130: FILE: io_uring/net.c:130:
+ if (!(issue_flags & IO_URING_F_UNLOCKED) &&
ERROR: do not use assignment in if condition
599: FILE: io_uring/poll.c:599:
+ } else if (!(issue_flags & IO_URING_F_UNLOCKED) &&"
reported by checkpatch.pl in net.c and poll.c .
Signed-off-by: Xinghui Li <korantli@tencent.com>
Reported-by: kernel test robot <lkp@intel.com>
Link: https://lore.kernel.org/r/20221102082503.32236-1-korantwork@gmail.com
[axboe: style tweaks]
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Pull tracing/probes fixes from Steven Rostedt:
- Fix possible NULL pointer dereference on trace_event_file in
kprobe_event_gen_test_exit()
- Fix NULL pointer dereference for trace_array in
kprobe_event_gen_test_exit()
- Fix memory leak of filter string for eprobes
- Fix a possible memory leak in rethook_alloc()
- Skip clearing aggrprobe's post_handler in kprobe-on-ftrace case which
can cause a possible use-after-free
- Fix warning in eprobe filter creation
- Fix eprobe filter creation as it picked the wrong event for the
fields
* tag 'trace-probes-v6.1' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace:
tracing/eprobe: Fix eprobe filter to make a filter correctly
tracing/eprobe: Fix warning in filter creation
kprobes: Skip clearing aggrprobe's post_handler in kprobe-on-ftrace case
rethook: fix a potential memleak in rethook_alloc()
tracing/eprobe: Fix memory leak of filter string
tracing: kprobe: Fix potential null-ptr-deref on trace_array in kprobe_event_gen_test_exit()
tracing: kprobe: Fix potential null-ptr-deref on trace_event_file in kprobe_event_gen_test_exit()
Pull tracing fixes from Steven Rostedt:
- Fix polling to block on watermark like the reads do, as user space
applications get confused when the select says read is available, and
then the read blocks
- Fix accounting of ring buffer dropped pages as it is what is used to
determine if the buffer is empty or not
- Fix memory leak in tracing_read_pipe()
- Fix struct trace_array warning about being declared in parameters
- Fix accounting of ftrace pages used in output at start up.
- Fix allocation of dyn_ftrace pages by subtracting one from order
instead of diving it by 2
- Static analyzer found a case were a pointer being used outside of a
NULL check (rb_head_page_deactivate())
- Fix possible NULL pointer dereference if kstrdup() fails in
ftrace_add_mod()
- Fix memory leak in test_gen_synth_cmd() and test_empty_synth_event()
- Fix bad pointer dereference in register_synth_event() on error path
- Remove unused __bad_type_size() method
- Fix possible NULL pointer dereference of entry in list 'tr->err_log'
- Fix NULL pointer deference race if eprobe is called before the event
setup
* tag 'trace-v6.1-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace:
tracing: Fix race where eprobes can be called before the event
tracing: Fix potential null-pointer-access of entry in list 'tr->err_log'
tracing: Remove unused __bad_type_size() method
tracing: Fix wild-memory-access in register_synth_event()
tracing: Fix memory leak in test_gen_synth_cmd() and test_empty_synth_event()
ftrace: Fix null pointer dereference in ftrace_add_mod()
ring_buffer: Do not deactivate non-existant pages
ftrace: Optimize the allocation for mcount entries
ftrace: Fix the possible incorrect kernel message
tracing: Fix warning on variable 'struct trace_array'
tracing: Fix memory leak in tracing_read_pipe()
ring-buffer: Include dropped pages in counting dirty patches
tracing/ring-buffer: Have polling block on watermark
Pull x86 fixes from Borislav Petkov:
- Do not hold fpregs lock when inheriting FPU permissions because the
fpregs lock disables preemption on RT but fpu_inherit_perms() does
spin_lock_irq(), which, on RT, uses rtmutexes and they need to be
preemptible.
- Check the page offset and the length of the data supplied by
userspace for overflow when specifying a set of pages to add to an
SGX enclave
* tag 'x86_urgent_for_v6.1_rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86/fpu: Drop fpregs lock before inheriting FPU permissions
x86/sgx: Add overflow check in sgx_validate_offset_length()
Pull scheduler fixes from Borislav Petkov:
- Fix a small race on the task's exit path where there's a
misunderstanding whether the task holds rq->lock or not
- Prevent processes from getting killed when using deprecated or
unknown rseq ABI flags in order to be able to fuzz the rseq() syscall
with syzkaller
* tag 'sched_urgent_for_v6.1_rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
sched: Fix race in task_call_func()
rseq: Use pr_warn_once() when deprecated/unknown ABI flags are encountered
Pull perf fixes from Borislav Petkov:
- Fix an intel PT erratum where CPUs do not support single range output
for more than 4K
- Fix a NULL ptr dereference which can happen after an NMI interferes
with the event enabling dance in amd_pmu_enable_all()
- Free the events array too when freeing uncore contexts on CPU online,
thereby fixing a memory leak
- Improve the pending SIGTRAP check
* tag 'perf_urgent_for_v6.1_rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
perf/x86/intel/pt: Fix sampling using single range output
perf/x86/amd: Fix crash due to race between amd_pmu_enable_all, perf NMI and throttling
perf/x86/amd/uncore: Fix memory leak for events array
perf: Improve missing SIGTRAP checking
Pull locking fix from Borislav Petkov:
- Fix a build error with clang 11
* tag 'locking_urgent_for_v6.1_rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
locking: Fix qspinlock/x86 inline asm error
Pull powerpc fix from Michael Ellerman:
- Fix writable sections being moved into the rodata region.
Thanks to Nicholas Piggin and Christophe Leroy.
* tag 'powerpc-6.1-5' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
powerpc: Fix writable sections being moved into the rodata region
Pull SCSI fixes from James Bottomley:
"Five small fixes, all in drivers.
Most of these are error leg freeing issues, with the only really user
visible one being the zfcp fix"
* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
scsi: iscsi: Fix possible memory leak when device_register() failed
scsi: zfcp: Fix double free of FSF request when qdio send fails
scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper()
scsi: target: tcm_loop: Fix possible name leak in tcm_loop_setup_hba_bus()
scsi: mpi3mr: Suppress command reply debug prints
Pull iommu fixes from Joerg Roedel:
- Preset accessed bits in Intel VT-d page-directory entries to avoid
hardware error
- Set supervisor bit only when Intel IOMMU has the SRS capability
* tag 'iommu-fixes-v6.1-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu:
iommu/vt-d: Set SRE bit only when hardware has SRS cap
iommu/vt-d: Preset Access bit for IOVA in FL non-leaf paging entries
Pull Kbuild fixes from Masahiro Yamada:
- Update MAINTAINERS with Nathan and Nicolas as new Kbuild reviewers
- Increment the debian revision for deb-pkg builds
* tag 'kbuild-fixes-v6.1-3' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild:
kbuild: Restore .version auto-increment behaviour for Debian packages
MAINTAINERS: Add linux-kbuild's patchwork
MAINTAINERS: Remove Michal Marek from Kbuild maintainers
MAINTAINERS: Add Nathan and Nicolas to Kbuild reviewers
Pull cifs fixes from Steve French:
- two missing and one incorrect return value checks
- fix leak on tlink mount failure
* tag '6.1-rc5-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6:
cifs: add check for returning value of SMB2_set_info_init
cifs: Fix wrong return value checking when GETFLAGS
cifs: add check for returning value of SMB2_close_init
cifs: Fix connections leak when tlink setup failed
SRS cap is the hardware cap telling if the hardware IOMMU can support
requests seeking supervisor privilege or not. SRE bit in scalable-mode
PASID table entry is treated as Reserved(0) for implementation not
supporting SRS cap.
Checking SRS cap before setting SRE bit can avoid the non-recoverable
fault of "Non-zero reserved field set in PASID Table Entry" caused by
setting SRE bit while there is no SRS cap support. The fault messages
look like below:
DMAR: DRHD: handling fault status reg 2
DMAR: [DMA Read NO_PASID] Request device [00:0d.0] fault addr 0x1154e1000
[fault reason 0x5a]
SM: Non-zero reserved field set in PASID Table Entry
Fixes: 6f7db75e1c ("iommu/vt-d: Add second level page table interface")
Cc: stable@vger.kernel.org
Signed-off-by: Tina Zhang <tina.zhang@intel.com>
Link: https://lore.kernel.org/r/20221115070346.1112273-1-tina.zhang@intel.com
Signed-off-by: Lu Baolu <baolu.lu@linux.intel.com>
Link: https://lore.kernel.org/r/20221116051544.26540-3-baolu.lu@linux.intel.com
Signed-off-by: Joerg Roedel <jroedel@suse.de>
The A/D bits are preseted for IOVA over first level(FL) usage for both
kernel DMA (i.e, domain typs is IOMMU_DOMAIN_DMA) and user space DMA
usage (i.e., domain type is IOMMU_DOMAIN_UNMANAGED).
Presetting A bit in FL requires to preset the bit in every related paging
entries, including the non-leaf ones. Otherwise, hardware may treat this
as an error. For example, in a case of ECAP_REG.SMPWC==0, DMA faults might
occur with below DMAR fault messages (wrapped for line length) dumped.
DMAR: DRHD: handling fault status reg 2
DMAR: [DMA Read NO_PASID] Request device [aa:00.0] fault addr 0x10c3a6000
[fault reason 0x90]
SM: A/D bit update needed in first-level entry when set up in no snoop
Fixes: 289b3b005c ("iommu/vt-d: Preset A/D bits for user space DMA usage")
Cc: stable@vger.kernel.org
Signed-off-by: Tina Zhang <tina.zhang@intel.com>
Link: https://lore.kernel.org/r/20221113010324.1094483-1-tina.zhang@intel.com
Signed-off-by: Lu Baolu <baolu.lu@linux.intel.com>
Link: https://lore.kernel.org/r/20221116051544.26540-2-baolu.lu@linux.intel.com
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Pull input fixes from Dmitry Torokhov:
- a fix for 8042 to stop leaking platform device on unload
- a fix for Goodix touchscreens on devices like Nanote UMPC-01 where we
need to reset controller to load config from firmware
- a workaround for Acer Switch to avoid interrupt storm from home and
power buttons
- a workaround for more ASUS ZenBook models to detect keyboard
controller
- a fix for iforce driver to properly handle communication errors
- touchpad on HP Laptop 15-da3001TU switched to RMI mode
* tag 'input-for-v6.1-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
Input: i8042 - fix leaking of platform device on module removal
Input: i8042 - apply probe defer to more ASUS ZenBook models
Input: soc_button_array - add Acer Switch V 10 to dmi_use_low_level_irq[]
Input: soc_button_array - add use_low_level_irq module parameter
Input: iforce - invert valid length check when fetching device IDs
Input: goodix - try resetting the controller when no config is set
dt-bindings: input: touchscreen: Add compatible for Goodix GT7986U chip
Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode
Pull zonefs fixes from Damien Le Moal:
- Fix the IO error recovery path for failures happening in the last
zone of device, and that zone is a "runt" zone (smaller than the
other zone). The current code was failing to properly obtain a zone
report in that case.
- Remove the unused to_attr() function as it is unused, causing
compilation warnings with clang.
* tag 'zonefs-6.1-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/dlemoal/zonefs:
zonefs: Remove to_attr() helper function
zonefs: fix zone report size in __zonefs_io_error()
Pull io_uring fixes from Jens Axboe:
"This is mostly fixing issues around the poll rework, but also two
tweaks for the multishot handling for accept and receive.
All stable material"
* tag 'io_uring-6.1-2022-11-18' of git://git.kernel.dk/linux:
io_uring: disallow self-propelled ring polling
io_uring: fix multishot recv request leaks
io_uring: fix multishot accept request leaks
io_uring: fix tw losing poll events
io_uring: update res mask in io_poll_check_events
Pull arm64 fixes from Catalin Marinas:
- Fix a build error with CONFIG_CFI_CLANG + CONFIG_FTRACE when
CONFIG_FUNCTION_GRAPH_TRACER is not enabled.
- Fix a BUG_ON triggered by the page table checker due to incorrect
file_map_count for non-leaf pmd/pud (the arm64
pmd_user_accessible_page() not checking whether it's a leaf entry).
* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
arm64/mm: fix incorrect file_map_count for non-leaf pmd/pud
arm64: ftrace: Define ftrace_stub_graph only with FUNCTION_GRAPH_TRACER
Pull block fixes from Jens Axboe:
- NVMe pull request via Christoph:
- Two more bogus nid quirks (Bean Huo, Tiago Dias Ferreira)
- Memory leak fix in nvmet (Sagi Grimberg)
- Regression fix for block cgroups pinning the wrong blkcg, causing
leaks of cgroups and blkcgs (Chris)
- UAF fix for drbd setup error handling (Dan)
- Fix DMA alignment propagation in DM (Keith)
* tag 'block-6.1-2022-11-18' of git://git.kernel.dk/linux:
dm-log-writes: set dma_alignment limit in io_hints
dm-integrity: set dma_alignment limit in io_hints
block: make blk_set_default_limits() private
dm-crypt: provide dma_alignment limit in io_hints
block: make dma_alignment a stacking queue_limit
nvmet: fix a memory leak in nvmet_auth_set_key
nvme-pci: add NVME_QUIRK_BOGUS_NID for Netac NV7000
drbd: use after free in drbd_create_device()
nvme-pci: add NVME_QUIRK_BOGUS_NID for Micron Nitro
blk-cgroup: properly pin the parent in blkcg_css_online
Pull drm fixes from Dave Airlie:
"I guess the main question is are things settling down, and I'd say
kinda, these are all pretty small fixes, nothing big stands out
really, just seems to be quite a few of them.
Mostly amdgpu and core fixes, with some i915, tegra, vc4, panel bits.
core:
- Fix potential memory leak in drm_dev_init()
- Fix potential null-ptr-deref in drm_vblank_destroy_worker()
- Revert hiding unregistered connectors from userspace, as it breaks
on DP-MST
- Add workaround for DP++ dual mode adaptors that don't support i2c
subaddressing
i915:
- Fix uaf with lmem_userfault_list handling
amdgpu:
- gang submit fixes
- Fix a possible memory leak in ganng submit error path
- DP tunneling fixes
- DCN 3.1 page flip fix
- DCN 3.2.x fixes
- DCN 3.1.4 fixes
- Don't expose degamma on hardware that doesn't support it
- BACO fixes for SMU 11.x
- BACO fixes for SMU 13.x
- Virtual display fix for devices with no display hardware
amdkfd:
- Memory limit regression fix
tegra:
- tegra20 GART fix
vc4:
- Fix error handling in vc4_atomic_commit_tail()
lima:
- Set lima's clkname corrrectly when regulator is missing
panel:
- Set bpc for logictechno panels"
* tag 'drm-fixes-2022-11-19' of git://anongit.freedesktop.org/drm/drm: (28 commits)
gpu: host1x: Avoid trying to use GART on Tegra20
drm/display: Don't assume dual mode adaptors support i2c sub-addressing
drm/amd/pm: fix SMU13 runpm hang due to unintentional workaround
drm/amd/pm: enable runpm support over BACO for SMU13.0.7
drm/amd/pm: enable runpm support over BACO for SMU13.0.0
drm/amdgpu: there is no vbios fb on devices with no display hw (v2)
drm/amdkfd: Fix a memory limit issue
drm/amdgpu: disable BACO support on more cards
drm/amd/display: don't enable DRM CRTC degamma property for DCE
drm/amd/display: Set max for prefetch lines on dcn32
drm/amd/display: use uclk pstate latency for fw assisted mclk validation dcn32
drm/amd/display: Fix prefetch calculations for dcn32
drm/amd/display: Fix optc2_configure warning on dcn314
drm/amd/display: Fix calculation for cursor CAB allocation
Revert "drm: hide unregistered connectors from GETCONNECTOR IOCTL"
drm/amd/display: Support parsing VRAM info v3.0 from VBIOS
drm/amd/display: Fix invalid DPIA AUX reply causing system hang
drm/amdgpu: Add psp_13_0_10_ta firmware to modinfo
drm/amd/display: Add HUBP surface flip interrupt handler
drm/amd/display: Fix access timeout to DPIA AUX at boot time
...
Pull s390 fixes from Alexander Gordeev:
- Fix deadlock in discontiguous saved segments (DCSS) block device
driver. When adding a disk and scanning partitions the scan would not
break out early without a missed flag.
- Avoid using global register variable for current_stack_pointer due to
an old bug in gcc versions prior to gcc-8.4. Due to this bug a broken
code is generated, which leads to stack corruptions.
* tag 's390-6.1-5' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
s390: avoid using global register for current_stack_pointer
s390/dcssblk: fix deadlock when adding a DCSS
