Test branch #25
Closed
Test branch #25
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add missing dmic_num mention and clarify that 'links' mean 'SoundWire links', not to be used for other links. Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
The platform driver may have information on which I2S/TDM link(s) to enable in the machine driver. In the case of Intel devices, this may be extracted from NHLT tables in platform firmware. This link information is necessary to make sure machine driver and topology are aligned. Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
We currently extract the DMIC number only for HDaudio or SoundWire platforms. For I2S/TDM platforms, this wasn't necessary until now, but with devices with ES8336 we need to find a solution to detect dmics more reliably than with a DMI quirk. Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
The NHLT information can be used to figure out which SSPs are enabled in a platform. The 'SSP' link type is too broad for machine drivers, since it can cover the Bluetooth sideband and the analog audio codec connections, so this helper exposes a parameter to filter with the device type (DEVICE_I2S refers to analog audio codec in NHLT parlance). The helper returns a mask, since more than one SSP may be used for analog audio, e.g. the NHLT spec describes the use of SSP0 for amplifiers and SSP1 for headset codec. Note that if more than one bit is set, it's impossible to determine which SSP is connected to what external component. Additional platform-specific information based on e.g. DMI quirks would still be required in the machine driver to configure the relevant dailinks. Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
For devices designed for Windows, the SSP information should be listed in the NHLT, and when present can be used to set quirks automatically in the machine driver. The NHLT information exposes BT and analog audio connections separately, for now we are only interested in the analog audio parts. The use of dev_info() for the SSP mask is intentional so that we can immediately flag devices with an ES8336 codec. Since NHLT is not used for recent Chromebooks these messages should be rare. Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Different topology filenames may be required depending on which SSP is used, and whether or not digital mics are present. This patch adds a tplg_quirk_mask and in the case of the SOF driver adds the relevant configurations. This is a short-term solution to the ES8336 support issues. In a long-term solution, we would need an interface where the machine driver or platform driver have the ability to alter the topology hard-coded low-level hardware support, e.g. by substituting an interface for another, or disabling an interface that is not supported on a given skew. BugLink: thesofproject#3248 Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Do not fail if the GPIO used for speakers is not present, at least the headphone, headset and internal mics should work. Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
…arch We have an existing 'adev' handle from which we can find the codec device, no need for an I2C bus search. This change aligns this driver will all other I2S-based machine drivers. Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Since we see a proliferation of devices with various configurations, we want to automatically set the DMIC and SSP information. This patch removes existing DMI quirks to rely on the information extracted from NHLT. Note that NHLT can report multiple SSPs, choosing from the ssp_link_mask in an MSB-first manner was found experimentally to work fine. The only thing that cannot be detected is the GPIO type, and users may want to use the quirk override parameter if the 'wrong' solution is provided. Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Different topology filenames may be required depending on which SSP is used, and whether or not digital mics are present. This patch adds a tplg_quirk_mask and in the case of the SOF driver adds the relevant configurations. This is a short-term solution to the ES8336 support issues. In a long-term solution, we would need an interface where the machine driver or platform driver have the ability to alter the topology hard-coded low-level hardware support, e.g. by substituting an interface for another, or disabling an interface that is not supported on a given skew. BugLink: thesofproject#3248 Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Do not fail if the GPIO used for speakers is not present, at least the headphone, headset and internal mics should work. Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
…arch We have an existing 'adev' handle from which we can find the codec device, no need for an I2C bus search. This change aligns this driver will all other I2S-based machine drivers. Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Since we see a proliferation of devices with various configurations, we want to automatically set the DMIC and SSP information. This patch removes existing DMI quirks to rely on the information extracted from NHLT. Note that NHLT can report multiple SSPs, choosing from the ssp_link_mask in an MSB-first manner was found experimentally to work fine. The only thing that cannot be detected is the GPIO type, and users may want to use the quirk override parameter if the 'wrong' solution is provided. Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Add missing dmic_num mention and clarify that 'links' mean 'SoundWire links', not to be used for other links. Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
The platform driver may have information on which I2S/TDM link(s) to enable in the machine driver. In the case of Intel devices, this may be extracted from NHLT tables in platform firmware. This link information is necessary to make sure machine driver and topology are aligned. Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
We currently extract the DMIC number only for HDaudio or SoundWire platforms. For I2S/TDM platforms, this wasn't necessary until now, but with devices with ES8336 we need to find a solution to detect dmics more reliably than with a DMI quirk. Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
The NHLT information can be used to figure out which SSPs are enabled in a platform. The 'SSP' link type is too broad for machine drivers, since it can cover the Bluetooth sideband and the analog audio codec connections, so this helper exposes a parameter to filter with the device type (DEVICE_I2S refers to analog audio codec in NHLT parlance). The helper returns a mask, since more than one SSP may be used for analog audio, e.g. the NHLT spec describes the use of SSP0 for amplifiers and SSP1 for headset codec. Note that if more than one bit is set, it's impossible to determine which SSP is connected to what external component. Additional platform-specific information based on e.g. DMI quirks would still be required in the machine driver to configure the relevant dailinks. Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
For devices designed for Windows, the SSP information should be listed in the NHLT, and when present can be used to set quirks automatically in the machine driver. The NHLT information exposes BT and analog audio connections separately, for now we are only interested in the analog audio parts. The use of dev_info() for the SSP mask is intentional so that we can immediately flag devices with an ES8336 codec. Since NHLT is not used for recent Chromebooks these messages should be rare. Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Different topology filenames may be required depending on which SSP is used, and whether or not digital mics are present. This patch adds a tplg_quirk_mask and in the case of the SOF driver adds the relevant configurations. This is a short-term solution to the ES8336 support issues. In a long-term solution, we would need an interface where the machine driver or platform driver have the ability to alter the topology hard-coded low-level hardware support, e.g. by substituting an interface for another, or disabling an interface that is not supported on a given skew. BugLink: thesofproject#3248 Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Do not fail if the GPIO used for speakers is not present, at least the headphone, headset and internal mics should work. Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
…arch We have an existing 'adev' handle from which we can find the codec device, no need for an I2C bus search. This change aligns this driver will all other I2S-based machine drivers. Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Since we see a proliferation of devices with various configurations, we want to automatically set the DMIC and SSP information. This patch removes existing DMI quirks to rely on the information extracted from NHLT. Note that NHLT can report multiple SSPs, choosing from the ssp_link_mask in an MSB-first manner was found experimentally to work fine. The only thing that cannot be detected is the GPIO type, and users may want to use the quirk override parameter if the 'wrong' solution is provided. Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
We only saw ESSX8336 so far, but now with reports of 'ESSX8326' we need to expand to a full list. Let's reuse the 'snd_soc_acpi_codecs' structure to store the information. Reported-by: anthony tonitch <d.tonitch@gmail.com> Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
We only saw ESSX8336 so far, but now with reports of 'ESSX8326' we need to expand to a full list. Let's reuse the 'snd_soc_acpi_codecs' structure to store the information. Reported-by: anthony tonitch <d.tonitch@gmail.com> Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Add missing dmic_num mention and clarify that 'links' mean 'SoundWire links', not to be used for other links. Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
The platform driver may have information on which I2S/TDM link(s) to enable in the machine driver. In the case of Intel devices, this may be extracted from NHLT tables in platform firmware. This link information is necessary to make sure machine driver and topology are aligned. Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
We currently extract the DMIC number only for HDaudio or SoundWire platforms. For I2S/TDM platforms, this wasn't necessary until now, but with devices with ES8336 we need to find a solution to detect dmics more reliably than with a DMI quirk. Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
The NHLT information can be used to figure out which SSPs are enabled in a platform. The 'SSP' link type is too broad for machine drivers, since it can cover the Bluetooth sideband and the analog audio codec connections, so this helper exposes a parameter to filter with the device type (DEVICE_I2S refers to analog audio codec in NHLT parlance). The helper returns a mask, since more than one SSP may be used for analog audio, e.g. the NHLT spec describes the use of SSP0 for amplifiers and SSP1 for headset codec. Note that if more than one bit is set, it's impossible to determine which SSP is connected to what external component. Additional platform-specific information based on e.g. DMI quirks would still be required in the machine driver to configure the relevant dailinks. Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
For devices designed for Windows, the SSP information should be listed in the NHLT, and when present can be used to set quirks automatically in the machine driver. The NHLT information exposes BT and analog audio connections separately, for now we are only interested in the analog audio parts. The use of dev_info() for the SSP mask is intentional so that we can immediately flag devices with an ES8336 codec. Since NHLT is not used for recent Chromebooks these messages should be rare. Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Different topology filenames may be required depending on which SSP is used, and whether or not digital mics are present. This patch adds a tplg_quirk_mask and in the case of the SOF driver adds the relevant configurations. This is a short-term solution to the ES8336 support issues. In a long-term solution, we would need an interface where the machine driver or platform driver have the ability to alter the topology hard-coded low-level hardware support, e.g. by substituting an interface for another, or disabling an interface that is not supported on a given skew. BugLink: thesofproject#3248 Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Do not fail if the GPIO used for speakers is not present, at least the headphone, headset and internal mics should work. Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
…arch We have an existing 'adev' handle from which we can find the codec device, no need for an I2C bus search. This change aligns this driver will all other I2S-based machine drivers. Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Since we see a proliferation of devices with various configurations, we want to automatically set the DMIC and SSP information. This patch removes existing DMI quirks to rely on the information extracted from NHLT. Note that NHLT can report multiple SSPs, choosing from the ssp_link_mask in an MSB-first manner was found experimentally to work fine. The only thing that cannot be detected is the GPIO type, and users may want to use the quirk override parameter if the 'wrong' solution is provided. Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
We only saw ESSX8336 so far, but now with reports of 'ESSX8326' we need to expand to a full list. Let's reuse the 'snd_soc_acpi_codecs' structure to store the information. Reported-by: anthony tonitch <d.tonitch@gmail.com> Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
We only saw ESSX8336 so far, but now with reports of 'ESSX8326' we need to expand to a full list. Let's reuse the 'snd_soc_acpi_codecs' structure to store the information. Note that ES8326 will need a dedicated codec driver, but the plan is to use the same machine driver for all Everest Audio devices. Reported-by: anthony tonitch <d.tonitch@gmail.com> Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
plbossart
force-pushed
the
fix/sof-es8336-quirk
branch
2 times, most recently
from
b7923cf
to
0fa152d
Compare
plbossart
pushed a commit
that referenced
this pull request
Nov 17, 2022
UBSAN complains about array-index-out-of-bounds: [ 1.980703] kernel: UBSAN: array-index-out-of-bounds in /build/linux-9H675w/linux-5.15.0/drivers/ata/libahci.c:968:41 [ 1.980709] kernel: index 15 is out of range for type 'ahci_em_priv [8]' [ 1.980713] kernel: CPU: 0 PID: 209 Comm: scsi_eh_8 Not tainted 5.15.0-25-generic #25-Ubuntu [ 1.980716] kernel: Hardware name: System manufacturer System Product Name/P5Q3, BIOS 1102 06/11/2010 [ 1.980718] kernel: Call Trace: [ 1.980721] kernel: <TASK> [ 1.980723] kernel: show_stack+0x52/0x58 [ 1.980729] kernel: dump_stack_lvl+0x4a/0x5f [ 1.980734] kernel: dump_stack+0x10/0x12 [ 1.980736] kernel: ubsan_epilogue+0x9/0x45 [ 1.980739] kernel: __ubsan_handle_out_of_bounds.cold+0x44/0x49 [ 1.980742] kernel: ahci_qc_issue+0x166/0x170 [libahci] [ 1.980748] kernel: ata_qc_issue+0x135/0x240 [ 1.980752] kernel: ata_exec_internal_sg+0x2c4/0x580 [ 1.980754] kernel: ? vprintk_default+0x1d/0x20 [ 1.980759] kernel: ata_exec_internal+0x67/0xa0 [ 1.980762] kernel: sata_pmp_read+0x8d/0xc0 [ 1.980765] kernel: sata_pmp_read_gscr+0x3c/0x90 [ 1.980768] kernel: sata_pmp_attach+0x8b/0x310 [ 1.980771] kernel: ata_eh_revalidate_and_attach+0x28c/0x4b0 [ 1.980775] kernel: ata_eh_recover+0x6b6/0xb30 [ 1.980778] kernel: ? ahci_do_hardreset+0x180/0x180 [libahci] [ 1.980783] kernel: ? ahci_stop_engine+0xb0/0xb0 [libahci] [ 1.980787] kernel: ? ahci_do_softreset+0x290/0x290 [libahci] [ 1.980792] kernel: ? trace_event_raw_event_ata_eh_link_autopsy_qc+0xe0/0xe0 [ 1.980795] kernel: sata_pmp_eh_recover.isra.0+0x214/0x560 [ 1.980799] kernel: sata_pmp_error_handler+0x23/0x40 [ 1.980802] kernel: ahci_error_handler+0x43/0x80 [libahci] [ 1.980806] kernel: ata_scsi_port_error_handler+0x2b1/0x600 [ 1.980810] kernel: ata_scsi_error+0x9c/0xd0 [ 1.980813] kernel: scsi_error_handler+0xa1/0x180 [ 1.980817] kernel: ? scsi_unjam_host+0x1c0/0x1c0 [ 1.980820] kernel: kthread+0x12a/0x150 [ 1.980823] kernel: ? set_kthread_struct+0x50/0x50 [ 1.980826] kernel: ret_from_fork+0x22/0x30 [ 1.980831] kernel: </TASK> This happens because sata_pmp_init_links() initialize link->pmp up to SATA_PMP_MAX_PORTS while em_priv is declared as 8 elements array. I can't find the maximum Enclosure Management ports specified in AHCI spec v1.3.1, but "12.2.1 LED message type" states that "Port Multiplier Information" can utilize 4 bits, which implies it can support up to 16 ports. Hence, use SATA_PMP_MAX_PORTS as EM_MAX_SLOTS to resolve the issue. BugLink: https://bugs.launchpad.net/bugs/1970074 Cc: stable@vger.kernel.org Signed-off-by: Kai-Heng Feng <kai.heng.feng@canonical.com> Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
plbossart
pushed a commit
that referenced
this pull request
Nov 17, 2022
…der memory pressure When destroying a queue, when calling sock_release, the network stack might need to allocate an skb to send a FIN/RST. When that happens during memory pressure, there is a need to reclaim memory, which in turn may ask the nvme-tcp device to write out dirty pages, however this is not possible due to a ctrl teardown that is going on. Set PF_MEMALLOC to the task that releases the socket to grant access to PF_MEMALLOC reserves. In addition, do the same for the nvme-tcp thread as this may also originate from the swap itself and should be more resilient to memory pressure situations. This fixes the following lockdep complaint: -- ====================================================== WARNING: possible circular locking dependency detected 6.0.0-rc2+ #25 Tainted: G W ------------------------------------------------------ kswapd0/92 is trying to acquire lock: ffff888114003240 (sk_lock-AF_INET-NVME){+.+.}-{0:0}, at: tcp_sendpage+0x23/0xa0 but task is already holding lock: ffffffff97e95ca0 (fs_reclaim){+.+.}-{0:0}, at: balance_pgdat+0x987/0x10d0 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (fs_reclaim){+.+.}-{0:0}: fs_reclaim_acquire+0x11e/0x160 kmem_cache_alloc_node+0x44/0x530 __alloc_skb+0x158/0x230 tcp_send_active_reset+0x7e/0x730 tcp_disconnect+0x1272/0x1ae0 __tcp_close+0x707/0xd90 tcp_close+0x26/0x80 inet_release+0xfa/0x220 sock_release+0x85/0x1a0 nvme_tcp_free_queue+0x1fd/0x470 [nvme_tcp] nvme_do_delete_ctrl+0x130/0x13d [nvme_core] nvme_sysfs_delete.cold+0x8/0xd [nvme_core] kernfs_fop_write_iter+0x356/0x530 vfs_write+0x4e8/0xce0 ksys_write+0xfd/0x1d0 do_syscall_64+0x58/0x80 entry_SYSCALL_64_after_hwframe+0x63/0xcd -> #0 (sk_lock-AF_INET-NVME){+.+.}-{0:0}: __lock_acquire+0x2a0c/0x5690 lock_acquire+0x18e/0x4f0 lock_sock_nested+0x37/0xc0 tcp_sendpage+0x23/0xa0 inet_sendpage+0xad/0x120 kernel_sendpage+0x156/0x440 nvme_tcp_try_send+0x48a/0x2630 [nvme_tcp] nvme_tcp_queue_rq+0xefb/0x17e0 [nvme_tcp] __blk_mq_try_issue_directly+0x452/0x660 blk_mq_plug_issue_direct.constprop.0+0x207/0x700 blk_mq_flush_plug_list+0x6f5/0xc70 __blk_flush_plug+0x264/0x410 blk_finish_plug+0x4b/0xa0 shrink_lruvec+0x1263/0x1ea0 shrink_node+0x736/0x1a80 balance_pgdat+0x740/0x10d0 kswapd+0x5f2/0xaf0 kthread+0x256/0x2f0 ret_from_fork+0x1f/0x30 other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(fs_reclaim); lock(sk_lock-AF_INET-NVME); lock(fs_reclaim); lock(sk_lock-AF_INET-NVME); *** DEADLOCK *** 3 locks held by kswapd0/92: #0: ffffffff97e95ca0 (fs_reclaim){+.+.}-{0:0}, at: balance_pgdat+0x987/0x10d0 #1: ffff88811f21b0b0 (q->srcu){....}-{0:0}, at: blk_mq_flush_plug_list+0x6b3/0xc70 #2: ffff888170b11470 (&queue->send_mutex){+.+.}-{3:3}, at: nvme_tcp_queue_rq+0xeb9/0x17e0 [nvme_tcp] Fixes: 3f2304f ("nvme-tcp: add NVMe over TCP host driver") Reported-by: Daniel Wagner <dwagner@suse.de> Signed-off-by: Sagi Grimberg <sagi@grimberg.me> Tested-by: Daniel Wagner <dwagner@suse.de> Signed-off-by: Christoph Hellwig <hch@lst.de>
plbossart
pushed a commit
that referenced
this pull request
Nov 17, 2022
`hostname` needs to be set as null-pointer after free in
`cifs_put_tcp_session` function, or when `cifsd` thread attempts
to resolve hostname and reconnect the host, the thread would deref
the invalid pointer.
Here is one of practical backtrace examples as reference:
Task 477
---------------------------
do_mount
path_mount
do_new_mount
vfs_get_tree
smb3_get_tree
smb3_get_tree_common
cifs_smb3_do_mount
cifs_mount
mount_put_conns
cifs_put_tcp_session
--> kfree(server->hostname)
cifsd
---------------------------
kthread
cifs_demultiplex_thread
cifs_reconnect
reconn_set_ipaddr_from_hostname
--> if (!server->hostname)
--> if (server->hostname[0] == '\0') // !! UAF fault here
CIFS: VFS: cifs_mount failed w/return code = -112
mount error(112): Host is down
BUG: KASAN: use-after-free in reconn_set_ipaddr_from_hostname+0x2ba/0x310
Read of size 1 at addr ffff888108f35380 by task cifsd/480
CPU: 2 PID: 480 Comm: cifsd Not tainted 6.1.0-rc2-00106-gf705792f89dd-dirty #25
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014
Call Trace:
<TASK>
dump_stack_lvl+0x68/0x85
print_report+0x16c/0x4a3
kasan_report+0x95/0x190
reconn_set_ipaddr_from_hostname+0x2ba/0x310
__cifs_reconnect.part.0+0x241/0x800
cifs_reconnect+0x65f/0xb60
cifs_demultiplex_thread+0x1570/0x2570
kthread+0x2c5/0x380
ret_from_fork+0x22/0x30
</TASK>
Allocated by task 477:
kasan_save_stack+0x1e/0x40
kasan_set_track+0x21/0x30
__kasan_kmalloc+0x7e/0x90
__kmalloc_node_track_caller+0x52/0x1b0
kstrdup+0x3b/0x70
cifs_get_tcp_session+0xbc/0x19b0
mount_get_conns+0xa9/0x10c0
cifs_mount+0xdf/0x1970
cifs_smb3_do_mount+0x295/0x1660
smb3_get_tree+0x352/0x5e0
vfs_get_tree+0x8e/0x2e0
path_mount+0xf8c/0x1990
do_mount+0xee/0x110
__x64_sys_mount+0x14b/0x1f0
do_syscall_64+0x3b/0x90
entry_SYSCALL_64_after_hwframe+0x63/0xcd
Freed by task 477:
kasan_save_stack+0x1e/0x40
kasan_set_track+0x21/0x30
kasan_save_free_info+0x2a/0x50
__kasan_slab_free+0x10a/0x190
__kmem_cache_free+0xca/0x3f0
cifs_put_tcp_session+0x30c/0x450
cifs_mount+0xf95/0x1970
cifs_smb3_do_mount+0x295/0x1660
smb3_get_tree+0x352/0x5e0
vfs_get_tree+0x8e/0x2e0
path_mount+0xf8c/0x1990
do_mount+0xee/0x110
__x64_sys_mount+0x14b/0x1f0
do_syscall_64+0x3b/0x90
entry_SYSCALL_64_after_hwframe+0x63/0xcd
The buggy address belongs to the object at ffff888108f35380
which belongs to the cache kmalloc-16 of size 16
The buggy address is located 0 bytes inside of
16-byte region [ffff888108f35380, ffff888108f35390)
The buggy address belongs to the physical page:
page:00000000333f8e58 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888108f350e0 pfn:0x108f35
flags: 0x200000000000200(slab|node=0|zone=2)
raw: 0200000000000200 0000000000000000 dead000000000122 ffff8881000423c0
raw: ffff888108f350e0 000000008080007a 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff888108f35280: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
ffff888108f35300: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
>ffff888108f35380: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
^
ffff888108f35400: fa fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffff888108f35480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
Fixes: 7be3248 ("cifs: To match file servers, make sure the server hostname matches")
Signed-off-by: Zeng Heng <zengheng4@huawei.com>
Reviewed-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
Signed-off-by: Steve French <stfrench@microsoft.com>
plbossart
pushed a commit
that referenced
this pull request
Jun 16, 2023
The cited commit adds a compeletion to remove dependency on rtnl lock. But it causes a deadlock for multiple encapsulations: crash> bt ffff8aece8a64000 PID: 1514557 TASK: ffff8aece8a64000 CPU: 3 COMMAND: "tc" #0 [ffffa6d14183f368] __schedule at ffffffffb8ba7f45 #1 [ffffa6d14183f3f8] schedule at ffffffffb8ba8418 #2 [ffffa6d14183f418] schedule_preempt_disabled at ffffffffb8ba8898 #3 [ffffa6d14183f428] __mutex_lock at ffffffffb8baa7f8 #4 [ffffa6d14183f4d0] mutex_lock_nested at ffffffffb8baabeb #5 [ffffa6d14183f4e0] mlx5e_attach_encap at ffffffffc0f48c17 [mlx5_core] #6 [ffffa6d14183f628] mlx5e_tc_add_fdb_flow at ffffffffc0f39680 [mlx5_core] #7 [ffffa6d14183f688] __mlx5e_add_fdb_flow at ffffffffc0f3b636 [mlx5_core] #8 [ffffa6d14183f6f0] mlx5e_tc_add_flow at ffffffffc0f3bcdf [mlx5_core] #9 [ffffa6d14183f728] mlx5e_configure_flower at ffffffffc0f3c1d1 [mlx5_core] #10 [ffffa6d14183f790] mlx5e_rep_setup_tc_cls_flower at ffffffffc0f3d529 [mlx5_core] #11 [ffffa6d14183f7a0] mlx5e_rep_setup_tc_cb at ffffffffc0f3d714 [mlx5_core] #12 [ffffa6d14183f7b0] tc_setup_cb_add at ffffffffb8931bb8 #13 [ffffa6d14183f810] fl_hw_replace_filter at ffffffffc0dae901 [cls_flower] #14 [ffffa6d14183f8d8] fl_change at ffffffffc0db5c57 [cls_flower] #15 [ffffa6d14183f970] tc_new_tfilter at ffffffffb8936047 #16 [ffffa6d14183fac8] rtnetlink_rcv_msg at ffffffffb88c7c31 #17 [ffffa6d14183fb50] netlink_rcv_skb at ffffffffb8942853 #18 [ffffa6d14183fbc0] rtnetlink_rcv at ffffffffb88c1835 #19 [ffffa6d14183fbd0] netlink_unicast at ffffffffb8941f27 #20 [ffffa6d14183fc18] netlink_sendmsg at ffffffffb8942245 #21 [ffffa6d14183fc98] sock_sendmsg at ffffffffb887d482 #22 [ffffa6d14183fcb8] ____sys_sendmsg at ffffffffb887d81a #23 [ffffa6d14183fd38] ___sys_sendmsg at ffffffffb88806e2 #24 [ffffa6d14183fe90] __sys_sendmsg at ffffffffb88807a2 #25 [ffffa6d14183ff28] __x64_sys_sendmsg at ffffffffb888080f #26 [ffffa6d14183ff38] do_syscall_64 at ffffffffb8b9b6a8 #27 [ffffa6d14183ff50] entry_SYSCALL_64_after_hwframe at ffffffffb8c0007c crash> bt 0xffff8aeb07544000 PID: 1110766 TASK: ffff8aeb07544000 CPU: 0 COMMAND: "kworker/u20:9" #0 [ffffa6d14e6b7bd8] __schedule at ffffffffb8ba7f45 #1 [ffffa6d14e6b7c68] schedule at ffffffffb8ba8418 #2 [ffffa6d14e6b7c88] schedule_timeout at ffffffffb8baef88 #3 [ffffa6d14e6b7d10] wait_for_completion at ffffffffb8ba968b #4 [ffffa6d14e6b7d60] mlx5e_take_all_encap_flows at ffffffffc0f47ec4 [mlx5_core] #5 [ffffa6d14e6b7da0] mlx5e_rep_update_flows at ffffffffc0f3e734 [mlx5_core] #6 [ffffa6d14e6b7df8] mlx5e_rep_neigh_update at ffffffffc0f400bb [mlx5_core] #7 [ffffa6d14e6b7e50] process_one_work at ffffffffb80acc9c #8 [ffffa6d14e6b7ed0] worker_thread at ffffffffb80ad012 #9 [ffffa6d14e6b7f10] kthread at ffffffffb80b615d #10 [ffffa6d14e6b7f50] ret_from_fork at ffffffffb8001b2f After the first encap is attached, flow will be added to encap entry's flows list. If neigh update is running at this time, the following encaps of the flow can't hold the encap_tbl_lock and sleep. If neigh update thread is waiting for that flow's init_done, deadlock happens. Fix it by holding lock outside of the for loop. If neigh update is running, prevent encap flows from offloading. Since the lock is held outside of the for loop, concurrent creation of encap entries is not allowed. So remove unnecessary wait_for_completion call for res_ready. Fixes: 95435ad ("net/mlx5e: Only access fully initialized flows in neigh update") Signed-off-by: Chris Mi <cmi@nvidia.com> Reviewed-by: Roi Dayan <roid@nvidia.com> Reviewed-by: Vlad Buslov <vladbu@nvidia.com> Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The Codec driver works well on 5.11.
I tried adding machine driver to make the codec driver work on 5.16, but the probe failed.
The dailink is the only different thing in the machine driver, so is there a way to support all 83x6 in one machine driver? The DAPM is similar for both codecs
8326.log
.