6.18 rc #19
Closed
6.18 rc #19
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The fix to use a per CPU buffer to read user space tested only the writes to trace_marker. But it appears that the selftests are missing tests to the trace_maker_raw file. The trace_maker_raw file is used by applications that writes data structures and not strings into the file, and the tools read the raw ring buffer to process the structures it writes. The fix that reads the per CPU buffers passes the new per CPU buffer to the trace_marker file writes, but the update to the trace_marker_raw write read the data from user space into the per CPU buffer, but then still used then passed the user space address to the function that records the data. Pass in the per CPU buffer and not the user space address. TODO: Add a test to better test trace_marker_raw. Cc: stable@vger.kernel.org Cc: Masami Hiramatsu <mhiramat@kernel.org> Cc: Mark Rutland <mark.rutland@arm.com> Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com> Cc: Andrew Morton <akpm@linux-foundation.org> Link: https://lore.kernel.org/20251011035243.386098147@kernel.org Fixes: 64cf7d0 ("tracing: Have trace_marker use per-cpu data to read user space") Reported-by: syzbot+9a2ede1643175f350105@syzkaller.appspotmail.com Closes: https://lore.kernel.org/all/68e973f5.050a0220.1186a4.0010.GAE@google.com/ Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
The way tracing_mark_raw_write() records its data is that it has the
following structure:
struct {
struct trace_entry;
int id;
char buf[];
};
But memcpy(&entry->id, buf, size) triggers the following warning when the
size is greater than the id:
------------[ cut here ]------------
memcpy: detected field-spanning write (size 6) of single field "&entry->id" at kernel/trace/trace.c:7458 (size 4)
WARNING: CPU: 7 PID: 995 at kernel/trace/trace.c:7458 write_raw_marker_to_buffer.isra.0+0x1f9/0x2e0
Modules linked in:
CPU: 7 UID: 0 PID: 995 Comm: bash Not tainted 6.17.0-test-00007-g60b82183e78a-dirty #211 PREEMPT(voluntary)
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.17.0-debian-1.17.0-1 04/01/2014
RIP: 0010:write_raw_marker_to_buffer.isra.0+0x1f9/0x2e0
Code: 04 00 75 a7 b9 04 00 00 00 48 89 de 48 89 04 24 48 c7 c2 e0 b1 d1 b2 48 c7 c7 40 b2 d1 b2 c6 05 2d 88 6a 04 01 e8 f7 e8 bd ff <0f> 0b 48 8b 04 24 e9 76 ff ff ff 49 8d 7c 24 04 49 8d 5c 24 08 48
RSP: 0018:ffff888104c3fc78 EFLAGS: 00010292
RAX: 0000000000000000 RBX: 0000000000000006 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 1ffffffff6b363b4 RDI: 0000000000000001
RBP: ffff888100058a00 R08: ffffffffb041d459 R09: ffffed1020987f40
R10: 0000000000000007 R11: 0000000000000001 R12: ffff888100bb9010
R13: 0000000000000000 R14: 00000000000003e3 R15: ffff888134800000
FS: 00007fa61d286740(0000) GS:ffff888286cad000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000560d28d509f1 CR3: 00000001047a4006 CR4: 0000000000172ef0
Call Trace:
<TASK>
tracing_mark_raw_write+0x1fe/0x290
? __pfx_tracing_mark_raw_write+0x10/0x10
? security_file_permission+0x50/0xf0
? rw_verify_area+0x6f/0x4b0
vfs_write+0x1d8/0xdd0
? __pfx_vfs_write+0x10/0x10
? __pfx_css_rstat_updated+0x10/0x10
? count_memcg_events+0xd9/0x410
? fdget_pos+0x53/0x5e0
ksys_write+0x182/0x200
? __pfx_ksys_write+0x10/0x10
? do_user_addr_fault+0x4af/0xa30
do_syscall_64+0x63/0x350
entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7fa61d318687
Code: 48 89 fa 4c 89 df e8 58 b3 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
RSP: 002b:00007ffd87fe0120 EFLAGS: 00000202 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007fa61d286740 RCX: 00007fa61d318687
RDX: 0000000000000006 RSI: 0000560d28d509f0 RDI: 0000000000000001
RBP: 0000560d28d509f0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000006
R13: 00007fa61d4715c0 R14: 00007fa61d46ee80 R15: 0000000000000000
</TASK>
---[ end trace 0000000000000000 ]---
This is because fortify string sees that the size of entry->id is only 4
bytes, but it is writing more than that. But this is OK as the
dynamic_array is allocated to handle that copy.
The size allocated on the ring buffer was actually a bit too big:
size = sizeof(*entry) + cnt;
But cnt includes the 'id' and the buffer data, so adding cnt to the size
of *entry actually allocates too much on the ring buffer.
Change the allocation to:
size = struct_size(entry, buf, cnt - sizeof(entry->id));
and the memcpy() to unsafe_memcpy() with an added justification.
Cc: stable@vger.kernel.org
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Link: https://lore.kernel.org/20251011112032.77be18e4@gandalf.local.home
Fixes: 64cf7d0 ("tracing: Have trace_marker use per-cpu data to read user space")
Reported-by: syzbot+9a2ede1643175f350105@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/all/68e973f5.050a0220.1186a4.0010.GAE@google.com/
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
of_iomap() doesn't return error pointers, it returns NULL. Fix the error checking to check for NULL pointers. Fixes: 86cd430 ("irqchip/aspeed-scu-ic: Refactor driver to support variant-based initialization") Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org> Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
According to the PLIC specification[1], global interrupt sources are assigned small unsigned integer identifiers beginning at the value 1. An interrupt ID of 0 is reserved to mean "no interrupt". The current plic_irq_resume() and plic_irq_suspend() functions incorrectly start the loop from index 0, which accesses the register space for the reserved interrupt ID 0. Change the loop to start from index 1, skipping the reserved interrupt ID 0 as per the PLIC specification. This prevents potential undefined behavior when accessing the reserved register space during suspend/resume cycles. Fixes: e80f0b6 ("irqchip/irq-sifive-plic: Add syscore callbacks for hibernation") Co-developed-by: Jia Wang <wangjia@ultrarisc.com> Signed-off-by: Jia Wang <wangjia@ultrarisc.com> Co-developed-by: Charles Mirabile <cmirabil@redhat.com> Signed-off-by: Charles Mirabile <cmirabil@redhat.com> Signed-off-by: Lucas Zampieri <lzampier@redhat.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Link: https://github.com/riscv/riscv-plic-spec/releases/tag/1.0.0
This reverts commit 1a2b423 because we got a regression report and need time to find out the details. Reported-by: Konrad Dybcio <konrad.dybcio@oss.qualcomm.com> Closes: https://lore.kernel.org/r/29ec0082-4dd4-4120-acd2-44b35b4b9487@oss.qualcomm.com Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
[ 2.480551] ahci-mtk 1a200000.sata: missing phy-mode phandle [ 2.486249] ahci-mtk 1a200000.sata: probe with driver ahci-mtk failed with error -22 Fixes: 3ba5a61 ("arm64: dts: mediatek: mt7622: fix clock controllers")
Add driver providing kernel-side support for the Random Number Generator hardware found on Mediatek SoCs which have a driver in ARM TrustedFirmware-A allowing Linux to read random numbers using a non-standard vendor-defined Secure Monitor Call. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Allow gpio-hogs in pinctrl node for switching pcie on Bananapi R4 Pro. Signed-off-by: Frank Wunderlich <frank-w@public-files.de> Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org> Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com> --- v3: - fixed angelos RB tag
The internal 2.5G phy of mt7988 is only used by some specific board variants. Disable it by default and enable it where needed. Signed-off-by: Frank Wunderlich <frank-w@public-files.de>
Add devicetree for Bpi-R4-Pro. BananaPi R4 Pro is a MT7988A based board which exists in 2 different hardware versions: - 4E: 4 GB RAM and using internal 2.5G Phy for WAN-Combo - 8X: 8 GB RAM and 2x Aeonsemi AS21010P 10G phys common parts: - MediaTek MT7988A Quad-core Arm Corex-A73,1.8GHz processor - 8GB eMMC flash - 256MB SPI-NAND Flash - Micro SD card slot - 1x 10G SFP+ WAN - 1x 10G SFP+ LAN - 4x 2.5G RJ45 LAN (MxL86252C) - 1x 1G RJ45 LAN (MT7988 internal switch) - 2x miniPCIe slots with PCIe3.0 2lane interface for Wi-Fi NIC - 2x M.2 M-KEY slots with PCIe3.0 1lane interface for NVME SSD - 3x M.2 B-KEY slots with USB3.2 for 5G Module (PCIe shared with key-m) - 1x USB3.2 slot - 1x USB2.0 slot - 1x USB TypeC Debug Console - 2x13 PIN Header for expanding application https://docs.banana-pi.org/en/BPI-R4_Pro/BananaPi_BPI-R4_Pro The PCIe is per default in key-m state and can be changed to key-b with the pcie-overlays. Signed-off-by: Frank Wunderlich <frank-w@public-files.de> --- v2: - squashed "mt7988a: Add label for ssusb0" - drop bootargs - update based on angelos review - drop gpio-header table comment because header is not yet part of this dts - dropped delete-property for non-existent "mediatek,p0_speed_fixup" - fix voltage displayed for buck4/ldo based on schematic - reorder fan after eth node (alphanumeric) - reorder spi-tx after spi-rx (alphanumeric) - follow reg first, then others also for spi-nand partitions - drop 2pg5 phy disabling node (due to new patch disabling by default) - change order of pinctrl (first number than names) - fix commit prefix (mediatek was missing)
Add overlays to switch between key-m and key-e slots. Signed-off-by: Frank Wunderlich <frank-w@public-files.de>
Add MMC overlays for BPI-R4 Pro. Signed-off-by: Frank Wunderlich <frank-w@public-files.de>
Try to convert the text-binding into a yaml based one to fix some binding errors for mediatek. The SoCs handled are very different (clock-count,-names,phys,resets,...) but handled in one driver. only 1 exapmple possible because all are put in one dts-file and includes affecting each other Signed-off-by: Frank Wunderlich <frank-w@public-files.de>
Add compatibles for Bananapi R4 Pro boards. Signed-off-by: Frank Wunderlich <frank-w@public-files.de> Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
This series is currently only for discussion to get the upported SDK driver changes in a good shape. To use it some other parts are still missing like USXGMII PCS support on mt7988. patches are upported from mtk SDK: - https://git01.mediatek.com/plugins/gitiles/openwrt/feeds/mtk-openwrt-feeds/+/refs/heads/master/master/files/target/linux/mediatek/patches-6.12/999-eth-08-mtk_eth_soc-add-register-definitions-for-rss-lro-reg.patch - https://git01.mediatek.com/plugins/gitiles/openwrt/feeds/mtk-openwrt-feeds/+/refs/heads/master/master/files/target/linux/mediatek/patches-6.12/999-eth-09-mtk_eth_soc-add-rss-support.patch - https://git01.mediatek.com/plugins/gitiles/openwrt/feeds/mtk-openwrt-feeds/+/refs/heads/master/master/files/target/linux/mediatek/patches-6.12/999-eth-10-mtk_eth_soc-add-hw-lro-support.patch RSS / LRO HW-acceleration for ending traffic. For routed traffic PPE is needed and hw offloading in nftables. Bridged traffic may need additional changes (openwrt use bridger utility). RSS (Receive Side Scaling) using 4 additional IRQ for spreading load cat /proc/interrupts | grep ethernet echo 1 > /proc/irq/105/smp_affinity echo 2 > /proc/irq/106/smp_affinity echo 4 > /proc/irq/107/smp_affinity echo 8 > /proc/irq/108/smp_affinity moving tx frame-engine irq to different cpu (here 3rd) echo 4 > /proc/irq/103/smp_affinity disable RPS (Receive Packet Steering) for all macs: echo 0 > /sys/devices/platform/soc/15100000.ethernet/net/eth0/queues/rx-0/rps_cpus pay attention on iperf-version (iperf 3.17 is ok, 3.12 is not) traffic must be created using multiple streams so that it can be splitted, so use multithreaded iperf3 on R4: bin/iperf3 -s on the other side: iperf3 -c 192.168.1.1 -i 1 -P 4 you should reach ~9.3 GBit/s and see spreading load over CPU cores root@bpi-r4-phy-8G:~# cat /proc/interrupts | grep eth 103: 20 198366 0 0 GICv3 229 Level 15100000.ethernet 105: 3611 0 0 0 GICv3 221 Level 15100000.ethernet, 15100000.ethernet 106: 2 6842 0 0 GICv3 222 Level 15100000.ethernet, 15100000.ethernet 107: 4 0 27643 0 GICv3 223 Level 15100000.ethernet, 15100000.ethernet 108: 3 0 0 27925 GICv3 224 Level 15100000.ethernet, 15100000.ethernet using the iperf3 from debian bookworm (3.12) results in only 6.7GBit/s, so newer version is needed (not tested yet in trixie). LRO(Large Receive Offload) Add HW LRO RX rule: ethtool -N [interface] flow-type tcp4 dst-ip [IP] action 0 loc [0/1] Delete HW LRO RX rule: ethtool -N [interface] delete [0/1] Enable/Disable HW LRO rule: ethtool -K [interface] lro [on | off] Show the current offload features: ethtool -k [interface] example: ethtool -N eth2 flow-type tcp4 dst-ip 192.168.1.1 action 0 loc 0 ethtool -K eth2 lro on ethtool -k eth2 using iperf(2) instead of iperf3 to reach full traffic! verify with propritary debugfs (not part of this series) Enable HW LRO rings echo 4 1 > /proc/mtketh/hw_lro_auto_tlb Enable HW LRO statistics echo 5 1 > /proc/mtketh/hw_lro_auto_tlb cat /proc/mtketh/hw_lro_stats
Signed-off-by: Bo-Cun Chen <bc-bocun.chen@mediatek.com>
The user can add the following property to the sgmiisys node of the DTS to control the SGMII PN polarity. - mediatek,pnswap: Swap TX and RX PN polarity - mediatek,pnswap-tx: Swap TX PN polarity - mediatek,pnswap-rx: Swap RX PN polarity Without this patch, the TX/RX polarity of the SGMII cannot be controlled individually. Signed-off-by: Bo-Cun Chen <bc-bocun.chen@mediatek.com>
In NETSYSv3.1, the SGMII hardware introduces a new clock path from PHYA. Consequently, users can switch the SGMII PCS to this new clock source for better performance on the MT7987. Signed-off-by: Bo-Cun Chen <bc-bocun.chen@mediatek.com>
Without this patch, users are unable to bring up ETH driver on the mt7987. Signed-off-by: Bo-Cun Chen <bc-bocun.chen@mediatek.com> --- squashed: net: mtk_eth_soc: drop MTK_SRAM as it is too small for DMA RX/TX rings
Change hardware configuration for the MT7987. - Enable PSE drop mechanism when the WDMA Rx ring full - Enable PSE no-drop mechanism for packets from the WDMA Tx Signed-off-by: Bo-Cun Chen <bc-bocun.chen@mediatek.com>
commit 5e3aae2 2025-08-27 net: phy: mtk-2p5ge: Add LED support for MT7988 introduces new callbacks which crash kernel if missing Unable to handle kernel execute from non-executable memory at virtual address 0000000000000000
PHY LED on BPI-R4 Lite / mt7987 seems inverted: green led on when no cable connected and off when link established add a dt-property to allow inverted polarity
This adds bindings for MT7987 pinctrl driver. Signed-off-by: Frank Wunderlich <frank-w@public-files.de>
Signed-off-by: Frank Wunderlich <frank-w@public-files.de>
Add support for MT7987 SoC. Signed-off-by: Frank Wunderlich <frank-w@public-files.de>
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Some Modems like FM350-GL require pcie disabled on m.2 key-b slot (CN16) to work properly. Signed-off-by: Frank Wunderlich <frank-w@public-files.de> --- based on overlay file from user Andrew https://forum.banana-pi.org/t/fm350-gl-and-be14-finally-works-on-bpi-r4/19170/40
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
10 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.