This repository has been archived by the owner on Feb 11, 2024. It is now read-only.
作者你这是原生的内核吗 #4
Comments
|
原生rom的,我不用颜色os |
YumeMichi
pushed a commit
that referenced
this issue
Dec 17, 2023
This fixes the following warning: [ 2.481219] invalid GPIO -2 [ 2.481252] WARNING: CPU: 3 PID: 1 at drivers/gpio/gpiolib.c:128 gpio_to_desc+0xa8/0xb8 [ 2.481259] CPU: 3 PID: 1 Comm: swapper/0 Tainted: G S 4.19.157-Horizon-04171159 #4 [ 2.481264] Hardware name: Qualcomm Technologies, Inc. kona MTP 19805 (DT) [ 2.481269] pstate: 60800005 (nZCv daif -PAN +UAO) [ 2.481274] pc : gpio_to_desc+0xa8/0xb8 [ 2.481279] lr : gpio_to_desc+0xa4/0xb8 [ 2.481283] pc : ffffffad27c09f88 [ 2.481286] lr : ffffffad27c09f84 [ 2.481289] sp : ffffff800805b7c0 [ 2.481293] x29: ffffff800805b7c0 x28: 0000000000000000 [ 2.481298] x27: ffffffe97f8e4800 x26: 0000000000000001 [ 2.481303] x25: 0000000000000002 x24: 0000000000000002 [ 2.481308] x23: 0000000000000050 x22: 0000000000000002 [ 2.481313] x21: 0000000000000000 x20: ffffffad2a68f860 [ 2.481318] x19: 00000000fffffffe x18: ffffffad2b25b000 [ 2.481323] x17: 00000000007c12a0 x16: 00000000000000c4 [ 2.481328] x15: ffffffad29243bbc x14: 0000000000003139 [ 2.481332] x13: 0000000000000348 x12: 0000000000000000 [ 2.481337] x11: 0000000000000000 x10: ffffffffffffffff [ 2.481342] x9 : 198684d2b1dd3700 x8 : 198684d2b1dd3700 [ 2.481347] x7 : 323138342e322020 x6 : ffffffe959576883 [ 2.481352] x5 : 0000000000000000 x4 : 0000000000000003 [ 2.481356] x3 : 000000000000001f x2 : 0000000000000001 [ 2.481361] x1 : 0000000000000000 x0 : 0000000000000000 [ 2.481367] Call trace: [ 2.481372] gpio_to_desc+0xa8/0xb8 [ 2.481377] dsi_panel_drv_init+0x4e8/0x734 [ 2.481383] dsi_display_bind+0xa70/0xc88 [ 2.481390] component_bind_all+0x128/0x254 [ 2.481396] msm_drm_bind+0x154/0x884 [ 2.481401] try_to_bring_up_master+0x13c/0x184 [ 2.481405] component_add+0xd0/0x184 [ 2.481412] dp_display_probe+0x2f8/0x43c [ 2.481418] platform_drv_probe+0x7c/0xb4 [ 2.481422] really_probe+0x270/0x2f4 [ 2.481427] driver_probe_device+0x60/0xf8 [ 2.481431] __driver_attach+0xe8/0x124 [ 2.481436] bus_for_each_dev+0x78/0xc0 [ 2.481440] driver_attach+0x20/0x28 [ 2.481444] bus_add_driver+0x128/0x20c [ 2.481449] driver_register+0x74/0x108 [ 2.481454] __platform_driver_register+0x40/0x48 [ 2.481460] dp_display_init+0x1c/0x54 [ 2.481465] do_one_initcall+0xd0/0x210 [ 2.481470] do_initcall_level+0x13c/0x164 [ 2.481474] do_basic_setup+0x48/0x94 [ 2.481478] kernel_init_freeable+0xac/0x144 [ 2.481486] kernel_init+0x14/0x2b0 [ 2.481492] ret_from_fork+0x10/0x18 [ 2.481497] ---[ end trace ac7e091c9f24763b ]--- Change-Id: Ic83f9a2f7192a97e1cd53f8cc89cc94b06acf55b Signed-off-by: LibXZR <[email protected]>
YumeMichi
pushed a commit
that referenced
this issue
Dec 17, 2023
struct list_lru_one l.nr_items could be accessed concurrently as noticed by KCSAN, BUG: KCSAN: data-race in list_lru_count_one / list_lru_isolate_move write to 0xffffa102789c4510 of 8 bytes by task 823 on cpu 39: list_lru_isolate_move+0xf9/0x130 list_lru_isolate_move at mm/list_lru.c:180 inode_lru_isolate+0x12b/0x2a0 __list_lru_walk_one+0x122/0x3d0 list_lru_walk_one+0x75/0xa0 prune_icache_sb+0x8b/0xc0 super_cache_scan+0x1b8/0x250 do_shrink_slab+0x256/0x6d0 shrink_slab+0x41b/0x4a0 shrink_node+0x35c/0xd80 balance_pgdat+0x652/0xd90 kswapd+0x396/0x8d0 kthread+0x1e0/0x200 ret_from_fork+0x27/0x50 read to 0xffffa102789c4510 of 8 bytes by task 6345 on cpu 56: list_lru_count_one+0x116/0x2f0 list_lru_count_one at mm/list_lru.c:193 super_cache_count+0xe8/0x170 do_shrink_slab+0x95/0x6d0 shrink_slab+0x41b/0x4a0 shrink_node+0x35c/0xd80 do_try_to_free_pages+0x1f7/0xa10 try_to_free_pages+0x26c/0x5e0 __alloc_pages_slowpath+0x458/0x1290 __alloc_pages_nodemask+0x3bb/0x450 alloc_pages_vma+0x8a/0x2c0 do_anonymous_page+0x170/0x700 __handle_mm_fault+0xc9f/0xd00 handle_mm_fault+0xfc/0x2f0 do_page_fault+0x263/0x6f9 page_fault+0x34/0x40 Reported by Kernel Concurrency Sanitizer on: CPU: 56 PID: 6345 Comm: oom01 Tainted: G W L 5.5.0-next-20200205+ #4 Hardware name: HPE ProLiant DL385 Gen10/ProLiant DL385 Gen10, BIOS A40 07/10/2019 A shattered l.nr_items could affect the shrinker behaviour due to a data race. Fix it by adding READ_ONCE() for the read. Since the writes are aligned and up to word-size, assume those are safe from data races to avoid readability issues of writing WRITE_ONCE(var, var + val). Signed-off-by: Qian Cai <[email protected]> Signed-off-by: Andrew Morton <[email protected]> Cc: Marco Elver <[email protected]> Cc: Konrad Rzeszutek Wilk <[email protected]> Link: http://lkml.kernel.org/r/[email protected] Signed-off-by: Linus Torvalds <[email protected]> Change-Id: I80f9419bd90136dd7d02249af982d4a649150c06
YumeMichi
pushed a commit
that referenced
this issue
Dec 27, 2023
As per changes in include/linux/jbd_common.h for avoiding the
bit_spin_locks on RT ("fs: jbd/jbd2: Make state lock and journal
head lock rt safe") we do the same thing here.
We use the non atomic __set_bit and __clear_bit inside the scope of
the lock to preserve the ability of the existing LIST_DEBUG code to
use the zero'th bit in the sanity checks.
As a bit spinlock, we had no lockdep visibility into the usage
of the list head locking. Now, if we were to implement it as a
standard non-raw spinlock, we would see:
BUG: sleeping function called from invalid context at kernel/rtmutex.c:658
in_atomic(): 1, irqs_disabled(): 0, pid: 122, name: udevd
5 locks held by udevd/122:
#0: (&sb->s_type->i_mutex_key#7/1){+.+.+.}, at: [<ffffffff811967e8>] lock_rename+0xe8/0xf0
#1: (rename_lock){+.+...}, at: [<ffffffff811a277c>] d_move+0x2c/0x60
#2: (&dentry->d_lock){+.+...}, at: [<ffffffff811a0763>] dentry_lock_for_move+0xf3/0x130
#3: (&dentry->d_lock/2){+.+...}, at: [<ffffffff811a0734>] dentry_lock_for_move+0xc4/0x130
#4: (&dentry->d_lock/3){+.+...}, at: [<ffffffff811a0747>] dentry_lock_for_move+0xd7/0x130
Pid: 122, comm: udevd Not tainted 3.4.47-rt62 #7
Call Trace:
[<ffffffff810b9624>] __might_sleep+0x134/0x1f0
[<ffffffff817a24d4>] rt_spin_lock+0x24/0x60
[<ffffffff811a0c4c>] __d_shrink+0x5c/0xa0
[<ffffffff811a1b2d>] __d_drop+0x1d/0x40
[<ffffffff811a24be>] __d_move+0x8e/0x320
[<ffffffff811a278e>] d_move+0x3e/0x60
[<ffffffff81199598>] vfs_rename+0x198/0x4c0
[<ffffffff8119b093>] sys_renameat+0x213/0x240
[<ffffffff817a2de5>] ? _raw_spin_unlock+0x35/0x60
[<ffffffff8107781c>] ? do_page_fault+0x1ec/0x4b0
[<ffffffff817a32ca>] ? retint_swapgs+0xe/0x13
[<ffffffff813eb0e6>] ? trace_hardirqs_on_thunk+0x3a/0x3f
[<ffffffff8119b0db>] sys_rename+0x1b/0x20
[<ffffffff817a3b96>] system_call_fastpath+0x1a/0x1f
Since we are only taking the lock during short lived list operations,
lets assume for now that it being raw won't be a significant latency
concern.
Signed-off-by: Paul Gortmaker <[email protected]>
Signed-off-by: Sebastian Andrzej Siewior <[email protected]>
YumeMichi
pushed a commit
that referenced
this issue
Dec 27, 2023
At first glance, the use of 'static inline' seems appropriate for
INIT_HLIST_BL_HEAD().
However, when a 'static inline' function invocation is inlined by gcc,
all callers share any static local data declared within that inline
function.
This presents a problem for how lockdep classes are setup. raw_spinlocks, for
example, when CONFIG_DEBUG_SPINLOCK,
# define raw_spin_lock_init(lock) \
do { \
static struct lock_class_key __key; \
\
__raw_spin_lock_init((lock), #lock, &__key); \
} while (0)
When this macro is expanded into a 'static inline' caller, like
INIT_HLIST_BL_HEAD():
static inline INIT_HLIST_BL_HEAD(struct hlist_bl_head *h)
{
h->first = NULL;
raw_spin_lock_init(&h->lock);
}
...the static local lock_class_key object is made a function static.
For compilation units which initialize invoke INIT_HLIST_BL_HEAD() more
than once, then, all of the invocations share this same static local
object.
This can lead to some very confusing lockdep splats (example below).
Solve this problem by forcing the INIT_HLIST_BL_HEAD() to be a macro,
which prevents the lockdep class object sharing.
=============================================
[ INFO: possible recursive locking detected ]
4.4.4-rt11 #4 Not tainted
---------------------------------------------
kswapd0/59 is trying to acquire lock:
(&h->lock#2){+.+.-.}, at: mb_cache_shrink_scan
but task is already holding lock:
(&h->lock#2){+.+.-.}, at: mb_cache_shrink_scan
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(&h->lock#2);
lock(&h->lock#2);
*** DEADLOCK ***
May be due to missing lock nesting notation
2 locks held by kswapd0/59:
#0: (shrinker_rwsem){+.+...}, at: rt_down_read_trylock
#1: (&h->lock#2){+.+.-.}, at: mb_cache_shrink_scan
Reported-by: Luis Claudio R. Goncalves <[email protected]>
Tested-by: Luis Claudio R. Goncalves <[email protected]>
Signed-off-by: Josh Cartwright <[email protected]>
Signed-off-by: Sebastian Andrzej Siewior <[email protected]>
YumeMichi
pushed a commit
that referenced
this issue
Dec 27, 2023
…ntext
| BUG: sleeping function called from invalid context at kernel/locking/rtmutex.c:914
| in_atomic(): 1, irqs_disabled(): 0, pid: 255, name: kworker/u257:6
| 5 locks held by kworker/u257:6/255:
| #0: ("events_unbound"){.+.+.+}, at: [<ffffffff8108edf1>] process_one_work+0x171/0x5e0
| #1: ((&entry->work)){+.+.+.}, at: [<ffffffff8108edf1>] process_one_work+0x171/0x5e0
| #2: (&shost->scan_mutex){+.+.+.}, at: [<ffffffffa000faa3>] __scsi_add_device+0xa3/0x130 [scsi_mod]
| #3: (&set->tag_list_lock){+.+...}, at: [<ffffffff812f09fa>] blk_mq_init_queue+0x96a/0xa50
| #4: (rcu_read_lock_sched){......}, at: [<ffffffff8132887d>] percpu_ref_kill_and_confirm+0x1d/0x120
| Preemption disabled at:[<ffffffff812eff76>] blk_mq_freeze_queue_start+0x56/0x70
|
| CPU: 2 PID: 255 Comm: kworker/u257:6 Not tainted 3.18.7-rt0+ #1
| Workqueue: events_unbound async_run_entry_fn
| 0000000000000003 ffff8800bc29f998 ffffffff815b3a12 0000000000000000
| 0000000000000000 ffff8800bc29f9b8 ffffffff8109aa16 ffff8800bc29fa28
| ffff8800bc5d1bc8 ffff8800bc29f9e8 ffffffff815b8dd4 ffff880000000000
| Call Trace:
| [<ffffffff815b3a12>] dump_stack+0x4f/0x7c
| [<ffffffff8109aa16>] __might_sleep+0x116/0x190
| [<ffffffff815b8dd4>] rt_spin_lock+0x24/0x60
| [<ffffffff810b6089>] __wake_up+0x29/0x60
| [<ffffffff812ee06e>] blk_mq_usage_counter_release+0x1e/0x20
| [<ffffffff81328966>] percpu_ref_kill_and_confirm+0x106/0x120
| [<ffffffff812eff76>] blk_mq_freeze_queue_start+0x56/0x70
| [<ffffffff812f0000>] blk_mq_update_tag_set_depth+0x40/0xd0
| [<ffffffff812f0a1c>] blk_mq_init_queue+0x98c/0xa50
| [<ffffffffa000dcf0>] scsi_mq_alloc_queue+0x20/0x60 [scsi_mod]
| [<ffffffffa000ea35>] scsi_alloc_sdev+0x2f5/0x370 [scsi_mod]
| [<ffffffffa000f494>] scsi_probe_and_add_lun+0x9e4/0xdd0 [scsi_mod]
| [<ffffffffa000fb26>] __scsi_add_device+0x126/0x130 [scsi_mod]
| [<ffffffffa013033f>] ata_scsi_scan_host+0xaf/0x200 [libata]
| [<ffffffffa012b5b6>] async_port_probe+0x46/0x60 [libata]
| [<ffffffff810978fb>] async_run_entry_fn+0x3b/0xf0
| [<ffffffff8108ee81>] process_one_work+0x201/0x5e0
percpu_ref_kill_and_confirm() invokes blk_mq_usage_counter_release() in
a rcu-sched region. swait based wake queue can't be used due to
wake_up_all() usage and disabled interrupts in !RT configs (as reported
by Corey Minyard).
The wq_has_sleeper() check has been suggested by Peter Zijlstra.
Signed-off-by: Sebastian Andrzej Siewior <[email protected]>
YumeMichi
pushed a commit
that referenced
this issue
Dec 27, 2023
The two commits below add up to a cpuset might_sleep() splat for RT: 8447a0f cpuset: convert callback_mutex to a spinlock 344736f cpuset: simplify cpuset_node_allowed API BUG: sleeping function called from invalid context at kernel/locking/rtmutex.c:995 in_atomic(): 0, irqs_disabled(): 1, pid: 11718, name: cset CPU: 135 PID: 11718 Comm: cset Tainted: G E 4.10.0-rt1-rt #4 Hardware name: Intel Corporation BRICKLAND/BRICKLAND, BIOS BRHSXSD1.86B.0056.R01.1409242327 09/24/2014 Call Trace: ? dump_stack+0x5c/0x81 ? ___might_sleep+0xf4/0x170 ? rt_spin_lock+0x1c/0x50 ? __cpuset_node_allowed+0x66/0xc0 ? ___slab_alloc+0x390/0x570 <disables IRQs> ? anon_vma_fork+0x8f/0x140 ? copy_page_range+0x6cf/0xb00 ? anon_vma_fork+0x8f/0x140 ? __slab_alloc.isra.74+0x5a/0x81 ? anon_vma_fork+0x8f/0x140 ? kmem_cache_alloc+0x1b5/0x1f0 ? anon_vma_fork+0x8f/0x140 ? copy_process.part.35+0x1670/0x1ee0 ? _do_fork+0xdd/0x3f0 ? _do_fork+0xdd/0x3f0 ? do_syscall_64+0x61/0x170 ? entry_SYSCALL64_slow_path+0x25/0x25 The later ensured that a NUMA box WILL take callback_lock in atomic context by removing the allocator and reclaim path __GFP_HARDWALL usage which prevented such contexts from taking callback_mutex. One option would be to reinstate __GFP_HARDWALL protections for RT, however, as the 8447a0f changelog states: The callback_mutex is only used to synchronize reads/updates of cpusets' flags and cpu/node masks. These operations should always proceed fast so there's no reason why we can't use a spinlock instead of the mutex. Cc: [email protected] Signed-off-by: Mike Galbraith <[email protected]> Signed-off-by: Sebastian Andrzej Siewior <[email protected]>
YumeMichi
pushed a commit
that referenced
this issue
Dec 27, 2023
…ntext
[ Upstream commit 61c928ecf4fe200bda9b49a0813b5ba0f43995b5 ]
| BUG: sleeping function called from invalid context at kernel/locking/rtmutex.c:914
| in_atomic(): 1, irqs_disabled(): 0, pid: 255, name: kworker/u257:6
| 5 locks held by kworker/u257:6/255:
| #0: ("events_unbound"){.+.+.+}, at: [<ffffffff8108edf1>] process_one_work+0x171/0x5e0
| #1: ((&entry->work)){+.+.+.}, at: [<ffffffff8108edf1>] process_one_work+0x171/0x5e0
| #2: (&shost->scan_mutex){+.+.+.}, at: [<ffffffffa000faa3>] __scsi_add_device+0xa3/0x130 [scsi_mod]
| #3: (&set->tag_list_lock){+.+...}, at: [<ffffffff812f09fa>] blk_mq_init_queue+0x96a/0xa50
| #4: (rcu_read_lock_sched){......}, at: [<ffffffff8132887d>] percpu_ref_kill_and_confirm+0x1d/0x120
| Preemption disabled at:[<ffffffff812eff76>] blk_mq_freeze_queue_start+0x56/0x70
|
| CPU: 2 PID: 255 Comm: kworker/u257:6 Not tainted 3.18.7-rt0+ #1
| Workqueue: events_unbound async_run_entry_fn
| 0000000000000003 ffff8800bc29f998 ffffffff815b3a12 0000000000000000
| 0000000000000000 ffff8800bc29f9b8 ffffffff8109aa16 ffff8800bc29fa28
| ffff8800bc5d1bc8 ffff8800bc29f9e8 ffffffff815b8dd4 ffff880000000000
| Call Trace:
| [<ffffffff815b3a12>] dump_stack+0x4f/0x7c
| [<ffffffff8109aa16>] __might_sleep+0x116/0x190
| [<ffffffff815b8dd4>] rt_spin_lock+0x24/0x60
| [<ffffffff810b6089>] __wake_up+0x29/0x60
| [<ffffffff812ee06e>] blk_mq_usage_counter_release+0x1e/0x20
| [<ffffffff81328966>] percpu_ref_kill_and_confirm+0x106/0x120
| [<ffffffff812eff76>] blk_mq_freeze_queue_start+0x56/0x70
| [<ffffffff812f0000>] blk_mq_update_tag_set_depth+0x40/0xd0
| [<ffffffff812f0a1c>] blk_mq_init_queue+0x98c/0xa50
| [<ffffffffa000dcf0>] scsi_mq_alloc_queue+0x20/0x60 [scsi_mod]
| [<ffffffffa000ea35>] scsi_alloc_sdev+0x2f5/0x370 [scsi_mod]
| [<ffffffffa000f494>] scsi_probe_and_add_lun+0x9e4/0xdd0 [scsi_mod]
| [<ffffffffa000fb26>] __scsi_add_device+0x126/0x130 [scsi_mod]
| [<ffffffffa013033f>] ata_scsi_scan_host+0xaf/0x200 [libata]
| [<ffffffffa012b5b6>] async_port_probe+0x46/0x60 [libata]
| [<ffffffff810978fb>] async_run_entry_fn+0x3b/0xf0
| [<ffffffff8108ee81>] process_one_work+0x201/0x5e0
percpu_ref_kill_and_confirm() invokes blk_mq_usage_counter_release() in
a rcu-sched region. swait based wake queue can't be used due to
wake_up_all() usage and disabled interrupts in !RT configs (as reported
by Corey Minyard).
The wq_has_sleeper() check has been suggested by Peter Zijlstra.
Signed-off-by: Sebastian Andrzej Siewior <[email protected]>
Signed-off-by: Steven Rostedt (VMware) <[email protected]>
YumeMichi
pushed a commit
that referenced
this issue
Dec 30, 2023
This fixes the following warning: [ 2.481219] invalid GPIO -2 [ 2.481252] WARNING: CPU: 3 PID: 1 at drivers/gpio/gpiolib.c:128 gpio_to_desc+0xa8/0xb8 [ 2.481259] CPU: 3 PID: 1 Comm: swapper/0 Tainted: G S 4.19.157-Horizon-04171159 #4 [ 2.481264] Hardware name: Qualcomm Technologies, Inc. kona MTP 19805 (DT) [ 2.481269] pstate: 60800005 (nZCv daif -PAN +UAO) [ 2.481274] pc : gpio_to_desc+0xa8/0xb8 [ 2.481279] lr : gpio_to_desc+0xa4/0xb8 [ 2.481283] pc : ffffffad27c09f88 [ 2.481286] lr : ffffffad27c09f84 [ 2.481289] sp : ffffff800805b7c0 [ 2.481293] x29: ffffff800805b7c0 x28: 0000000000000000 [ 2.481298] x27: ffffffe97f8e4800 x26: 0000000000000001 [ 2.481303] x25: 0000000000000002 x24: 0000000000000002 [ 2.481308] x23: 0000000000000050 x22: 0000000000000002 [ 2.481313] x21: 0000000000000000 x20: ffffffad2a68f860 [ 2.481318] x19: 00000000fffffffe x18: ffffffad2b25b000 [ 2.481323] x17: 00000000007c12a0 x16: 00000000000000c4 [ 2.481328] x15: ffffffad29243bbc x14: 0000000000003139 [ 2.481332] x13: 0000000000000348 x12: 0000000000000000 [ 2.481337] x11: 0000000000000000 x10: ffffffffffffffff [ 2.481342] x9 : 198684d2b1dd3700 x8 : 198684d2b1dd3700 [ 2.481347] x7 : 323138342e322020 x6 : ffffffe959576883 [ 2.481352] x5 : 0000000000000000 x4 : 0000000000000003 [ 2.481356] x3 : 000000000000001f x2 : 0000000000000001 [ 2.481361] x1 : 0000000000000000 x0 : 0000000000000000 [ 2.481367] Call trace: [ 2.481372] gpio_to_desc+0xa8/0xb8 [ 2.481377] dsi_panel_drv_init+0x4e8/0x734 [ 2.481383] dsi_display_bind+0xa70/0xc88 [ 2.481390] component_bind_all+0x128/0x254 [ 2.481396] msm_drm_bind+0x154/0x884 [ 2.481401] try_to_bring_up_master+0x13c/0x184 [ 2.481405] component_add+0xd0/0x184 [ 2.481412] dp_display_probe+0x2f8/0x43c [ 2.481418] platform_drv_probe+0x7c/0xb4 [ 2.481422] really_probe+0x270/0x2f4 [ 2.481427] driver_probe_device+0x60/0xf8 [ 2.481431] __driver_attach+0xe8/0x124 [ 2.481436] bus_for_each_dev+0x78/0xc0 [ 2.481440] driver_attach+0x20/0x28 [ 2.481444] bus_add_driver+0x128/0x20c [ 2.481449] driver_register+0x74/0x108 [ 2.481454] __platform_driver_register+0x40/0x48 [ 2.481460] dp_display_init+0x1c/0x54 [ 2.481465] do_one_initcall+0xd0/0x210 [ 2.481470] do_initcall_level+0x13c/0x164 [ 2.481474] do_basic_setup+0x48/0x94 [ 2.481478] kernel_init_freeable+0xac/0x144 [ 2.481486] kernel_init+0x14/0x2b0 [ 2.481492] ret_from_fork+0x10/0x18 [ 2.481497] ---[ end trace ac7e091c9f24763b ]--- Change-Id: Ic83f9a2f7192a97e1cd53f8cc89cc94b06acf55b Signed-off-by: LibXZR <[email protected]>
YumeMichi
pushed a commit
that referenced
this issue
Dec 30, 2023
struct list_lru_one l.nr_items could be accessed concurrently as noticed by KCSAN, BUG: KCSAN: data-race in list_lru_count_one / list_lru_isolate_move write to 0xffffa102789c4510 of 8 bytes by task 823 on cpu 39: list_lru_isolate_move+0xf9/0x130 list_lru_isolate_move at mm/list_lru.c:180 inode_lru_isolate+0x12b/0x2a0 __list_lru_walk_one+0x122/0x3d0 list_lru_walk_one+0x75/0xa0 prune_icache_sb+0x8b/0xc0 super_cache_scan+0x1b8/0x250 do_shrink_slab+0x256/0x6d0 shrink_slab+0x41b/0x4a0 shrink_node+0x35c/0xd80 balance_pgdat+0x652/0xd90 kswapd+0x396/0x8d0 kthread+0x1e0/0x200 ret_from_fork+0x27/0x50 read to 0xffffa102789c4510 of 8 bytes by task 6345 on cpu 56: list_lru_count_one+0x116/0x2f0 list_lru_count_one at mm/list_lru.c:193 super_cache_count+0xe8/0x170 do_shrink_slab+0x95/0x6d0 shrink_slab+0x41b/0x4a0 shrink_node+0x35c/0xd80 do_try_to_free_pages+0x1f7/0xa10 try_to_free_pages+0x26c/0x5e0 __alloc_pages_slowpath+0x458/0x1290 __alloc_pages_nodemask+0x3bb/0x450 alloc_pages_vma+0x8a/0x2c0 do_anonymous_page+0x170/0x700 __handle_mm_fault+0xc9f/0xd00 handle_mm_fault+0xfc/0x2f0 do_page_fault+0x263/0x6f9 page_fault+0x34/0x40 Reported by Kernel Concurrency Sanitizer on: CPU: 56 PID: 6345 Comm: oom01 Tainted: G W L 5.5.0-next-20200205+ #4 Hardware name: HPE ProLiant DL385 Gen10/ProLiant DL385 Gen10, BIOS A40 07/10/2019 A shattered l.nr_items could affect the shrinker behaviour due to a data race. Fix it by adding READ_ONCE() for the read. Since the writes are aligned and up to word-size, assume those are safe from data races to avoid readability issues of writing WRITE_ONCE(var, var + val). Signed-off-by: Qian Cai <[email protected]> Signed-off-by: Andrew Morton <[email protected]> Cc: Marco Elver <[email protected]> Cc: Konrad Rzeszutek Wilk <[email protected]> Link: http://lkml.kernel.org/r/[email protected] Signed-off-by: Linus Torvalds <[email protected]> Change-Id: I80f9419bd90136dd7d02249af982d4a649150c06
YumeMichi
pushed a commit
that referenced
this issue
Dec 30, 2023
This fixes the following warning: [ 2.481219] invalid GPIO -2 [ 2.481252] WARNING: CPU: 3 PID: 1 at drivers/gpio/gpiolib.c:128 gpio_to_desc+0xa8/0xb8 [ 2.481259] CPU: 3 PID: 1 Comm: swapper/0 Tainted: G S 4.19.157-Horizon-04171159 #4 [ 2.481264] Hardware name: Qualcomm Technologies, Inc. kona MTP 19805 (DT) [ 2.481269] pstate: 60800005 (nZCv daif -PAN +UAO) [ 2.481274] pc : gpio_to_desc+0xa8/0xb8 [ 2.481279] lr : gpio_to_desc+0xa4/0xb8 [ 2.481283] pc : ffffffad27c09f88 [ 2.481286] lr : ffffffad27c09f84 [ 2.481289] sp : ffffff800805b7c0 [ 2.481293] x29: ffffff800805b7c0 x28: 0000000000000000 [ 2.481298] x27: ffffffe97f8e4800 x26: 0000000000000001 [ 2.481303] x25: 0000000000000002 x24: 0000000000000002 [ 2.481308] x23: 0000000000000050 x22: 0000000000000002 [ 2.481313] x21: 0000000000000000 x20: ffffffad2a68f860 [ 2.481318] x19: 00000000fffffffe x18: ffffffad2b25b000 [ 2.481323] x17: 00000000007c12a0 x16: 00000000000000c4 [ 2.481328] x15: ffffffad29243bbc x14: 0000000000003139 [ 2.481332] x13: 0000000000000348 x12: 0000000000000000 [ 2.481337] x11: 0000000000000000 x10: ffffffffffffffff [ 2.481342] x9 : 198684d2b1dd3700 x8 : 198684d2b1dd3700 [ 2.481347] x7 : 323138342e322020 x6 : ffffffe959576883 [ 2.481352] x5 : 0000000000000000 x4 : 0000000000000003 [ 2.481356] x3 : 000000000000001f x2 : 0000000000000001 [ 2.481361] x1 : 0000000000000000 x0 : 0000000000000000 [ 2.481367] Call trace: [ 2.481372] gpio_to_desc+0xa8/0xb8 [ 2.481377] dsi_panel_drv_init+0x4e8/0x734 [ 2.481383] dsi_display_bind+0xa70/0xc88 [ 2.481390] component_bind_all+0x128/0x254 [ 2.481396] msm_drm_bind+0x154/0x884 [ 2.481401] try_to_bring_up_master+0x13c/0x184 [ 2.481405] component_add+0xd0/0x184 [ 2.481412] dp_display_probe+0x2f8/0x43c [ 2.481418] platform_drv_probe+0x7c/0xb4 [ 2.481422] really_probe+0x270/0x2f4 [ 2.481427] driver_probe_device+0x60/0xf8 [ 2.481431] __driver_attach+0xe8/0x124 [ 2.481436] bus_for_each_dev+0x78/0xc0 [ 2.481440] driver_attach+0x20/0x28 [ 2.481444] bus_add_driver+0x128/0x20c [ 2.481449] driver_register+0x74/0x108 [ 2.481454] __platform_driver_register+0x40/0x48 [ 2.481460] dp_display_init+0x1c/0x54 [ 2.481465] do_one_initcall+0xd0/0x210 [ 2.481470] do_initcall_level+0x13c/0x164 [ 2.481474] do_basic_setup+0x48/0x94 [ 2.481478] kernel_init_freeable+0xac/0x144 [ 2.481486] kernel_init+0x14/0x2b0 [ 2.481492] ret_from_fork+0x10/0x18 [ 2.481497] ---[ end trace ac7e091c9f24763b ]--- Change-Id: Ic83f9a2f7192a97e1cd53f8cc89cc94b06acf55b Signed-off-by: LibXZR <[email protected]>
YumeMichi
pushed a commit
that referenced
this issue
Dec 30, 2023
struct list_lru_one l.nr_items could be accessed concurrently as noticed by KCSAN, BUG: KCSAN: data-race in list_lru_count_one / list_lru_isolate_move write to 0xffffa102789c4510 of 8 bytes by task 823 on cpu 39: list_lru_isolate_move+0xf9/0x130 list_lru_isolate_move at mm/list_lru.c:180 inode_lru_isolate+0x12b/0x2a0 __list_lru_walk_one+0x122/0x3d0 list_lru_walk_one+0x75/0xa0 prune_icache_sb+0x8b/0xc0 super_cache_scan+0x1b8/0x250 do_shrink_slab+0x256/0x6d0 shrink_slab+0x41b/0x4a0 shrink_node+0x35c/0xd80 balance_pgdat+0x652/0xd90 kswapd+0x396/0x8d0 kthread+0x1e0/0x200 ret_from_fork+0x27/0x50 read to 0xffffa102789c4510 of 8 bytes by task 6345 on cpu 56: list_lru_count_one+0x116/0x2f0 list_lru_count_one at mm/list_lru.c:193 super_cache_count+0xe8/0x170 do_shrink_slab+0x95/0x6d0 shrink_slab+0x41b/0x4a0 shrink_node+0x35c/0xd80 do_try_to_free_pages+0x1f7/0xa10 try_to_free_pages+0x26c/0x5e0 __alloc_pages_slowpath+0x458/0x1290 __alloc_pages_nodemask+0x3bb/0x450 alloc_pages_vma+0x8a/0x2c0 do_anonymous_page+0x170/0x700 __handle_mm_fault+0xc9f/0xd00 handle_mm_fault+0xfc/0x2f0 do_page_fault+0x263/0x6f9 page_fault+0x34/0x40 Reported by Kernel Concurrency Sanitizer on: CPU: 56 PID: 6345 Comm: oom01 Tainted: G W L 5.5.0-next-20200205+ #4 Hardware name: HPE ProLiant DL385 Gen10/ProLiant DL385 Gen10, BIOS A40 07/10/2019 A shattered l.nr_items could affect the shrinker behaviour due to a data race. Fix it by adding READ_ONCE() for the read. Since the writes are aligned and up to word-size, assume those are safe from data races to avoid readability issues of writing WRITE_ONCE(var, var + val). Signed-off-by: Qian Cai <[email protected]> Signed-off-by: Andrew Morton <[email protected]> Cc: Marco Elver <[email protected]> Cc: Konrad Rzeszutek Wilk <[email protected]> Link: http://lkml.kernel.org/r/[email protected] Signed-off-by: Linus Torvalds <[email protected]> Change-Id: I80f9419bd90136dd7d02249af982d4a649150c06
YumeMichi
pushed a commit
that referenced
this issue
Jan 5, 2024
This fixes the following warning: [ 2.481219] invalid GPIO -2 [ 2.481252] WARNING: CPU: 3 PID: 1 at drivers/gpio/gpiolib.c:128 gpio_to_desc+0xa8/0xb8 [ 2.481259] CPU: 3 PID: 1 Comm: swapper/0 Tainted: G S 4.19.157-Horizon-04171159 #4 [ 2.481264] Hardware name: Qualcomm Technologies, Inc. kona MTP 19805 (DT) [ 2.481269] pstate: 60800005 (nZCv daif -PAN +UAO) [ 2.481274] pc : gpio_to_desc+0xa8/0xb8 [ 2.481279] lr : gpio_to_desc+0xa4/0xb8 [ 2.481283] pc : ffffffad27c09f88 [ 2.481286] lr : ffffffad27c09f84 [ 2.481289] sp : ffffff800805b7c0 [ 2.481293] x29: ffffff800805b7c0 x28: 0000000000000000 [ 2.481298] x27: ffffffe97f8e4800 x26: 0000000000000001 [ 2.481303] x25: 0000000000000002 x24: 0000000000000002 [ 2.481308] x23: 0000000000000050 x22: 0000000000000002 [ 2.481313] x21: 0000000000000000 x20: ffffffad2a68f860 [ 2.481318] x19: 00000000fffffffe x18: ffffffad2b25b000 [ 2.481323] x17: 00000000007c12a0 x16: 00000000000000c4 [ 2.481328] x15: ffffffad29243bbc x14: 0000000000003139 [ 2.481332] x13: 0000000000000348 x12: 0000000000000000 [ 2.481337] x11: 0000000000000000 x10: ffffffffffffffff [ 2.481342] x9 : 198684d2b1dd3700 x8 : 198684d2b1dd3700 [ 2.481347] x7 : 323138342e322020 x6 : ffffffe959576883 [ 2.481352] x5 : 0000000000000000 x4 : 0000000000000003 [ 2.481356] x3 : 000000000000001f x2 : 0000000000000001 [ 2.481361] x1 : 0000000000000000 x0 : 0000000000000000 [ 2.481367] Call trace: [ 2.481372] gpio_to_desc+0xa8/0xb8 [ 2.481377] dsi_panel_drv_init+0x4e8/0x734 [ 2.481383] dsi_display_bind+0xa70/0xc88 [ 2.481390] component_bind_all+0x128/0x254 [ 2.481396] msm_drm_bind+0x154/0x884 [ 2.481401] try_to_bring_up_master+0x13c/0x184 [ 2.481405] component_add+0xd0/0x184 [ 2.481412] dp_display_probe+0x2f8/0x43c [ 2.481418] platform_drv_probe+0x7c/0xb4 [ 2.481422] really_probe+0x270/0x2f4 [ 2.481427] driver_probe_device+0x60/0xf8 [ 2.481431] __driver_attach+0xe8/0x124 [ 2.481436] bus_for_each_dev+0x78/0xc0 [ 2.481440] driver_attach+0x20/0x28 [ 2.481444] bus_add_driver+0x128/0x20c [ 2.481449] driver_register+0x74/0x108 [ 2.481454] __platform_driver_register+0x40/0x48 [ 2.481460] dp_display_init+0x1c/0x54 [ 2.481465] do_one_initcall+0xd0/0x210 [ 2.481470] do_initcall_level+0x13c/0x164 [ 2.481474] do_basic_setup+0x48/0x94 [ 2.481478] kernel_init_freeable+0xac/0x144 [ 2.481486] kernel_init+0x14/0x2b0 [ 2.481492] ret_from_fork+0x10/0x18 [ 2.481497] ---[ end trace ac7e091c9f24763b ]--- Change-Id: Ic83f9a2f7192a97e1cd53f8cc89cc94b06acf55b Signed-off-by: LibXZR <[email protected]>
YumeMichi
pushed a commit
that referenced
this issue
Jan 5, 2024
struct list_lru_one l.nr_items could be accessed concurrently as noticed by KCSAN, BUG: KCSAN: data-race in list_lru_count_one / list_lru_isolate_move write to 0xffffa102789c4510 of 8 bytes by task 823 on cpu 39: list_lru_isolate_move+0xf9/0x130 list_lru_isolate_move at mm/list_lru.c:180 inode_lru_isolate+0x12b/0x2a0 __list_lru_walk_one+0x122/0x3d0 list_lru_walk_one+0x75/0xa0 prune_icache_sb+0x8b/0xc0 super_cache_scan+0x1b8/0x250 do_shrink_slab+0x256/0x6d0 shrink_slab+0x41b/0x4a0 shrink_node+0x35c/0xd80 balance_pgdat+0x652/0xd90 kswapd+0x396/0x8d0 kthread+0x1e0/0x200 ret_from_fork+0x27/0x50 read to 0xffffa102789c4510 of 8 bytes by task 6345 on cpu 56: list_lru_count_one+0x116/0x2f0 list_lru_count_one at mm/list_lru.c:193 super_cache_count+0xe8/0x170 do_shrink_slab+0x95/0x6d0 shrink_slab+0x41b/0x4a0 shrink_node+0x35c/0xd80 do_try_to_free_pages+0x1f7/0xa10 try_to_free_pages+0x26c/0x5e0 __alloc_pages_slowpath+0x458/0x1290 __alloc_pages_nodemask+0x3bb/0x450 alloc_pages_vma+0x8a/0x2c0 do_anonymous_page+0x170/0x700 __handle_mm_fault+0xc9f/0xd00 handle_mm_fault+0xfc/0x2f0 do_page_fault+0x263/0x6f9 page_fault+0x34/0x40 Reported by Kernel Concurrency Sanitizer on: CPU: 56 PID: 6345 Comm: oom01 Tainted: G W L 5.5.0-next-20200205+ #4 Hardware name: HPE ProLiant DL385 Gen10/ProLiant DL385 Gen10, BIOS A40 07/10/2019 A shattered l.nr_items could affect the shrinker behaviour due to a data race. Fix it by adding READ_ONCE() for the read. Since the writes are aligned and up to word-size, assume those are safe from data races to avoid readability issues of writing WRITE_ONCE(var, var + val). Signed-off-by: Qian Cai <[email protected]> Signed-off-by: Andrew Morton <[email protected]> Cc: Marco Elver <[email protected]> Cc: Konrad Rzeszutek Wilk <[email protected]> Link: http://lkml.kernel.org/r/[email protected] Signed-off-by: Linus Torvalds <[email protected]> Change-Id: I80f9419bd90136dd7d02249af982d4a649150c06
YumeMichi
pushed a commit
that referenced
this issue
Jan 5, 2024
This fixes the following warning: [ 2.481219] invalid GPIO -2 [ 2.481252] WARNING: CPU: 3 PID: 1 at drivers/gpio/gpiolib.c:128 gpio_to_desc+0xa8/0xb8 [ 2.481259] CPU: 3 PID: 1 Comm: swapper/0 Tainted: G S 4.19.157-Horizon-04171159 #4 [ 2.481264] Hardware name: Qualcomm Technologies, Inc. kona MTP 19805 (DT) [ 2.481269] pstate: 60800005 (nZCv daif -PAN +UAO) [ 2.481274] pc : gpio_to_desc+0xa8/0xb8 [ 2.481279] lr : gpio_to_desc+0xa4/0xb8 [ 2.481283] pc : ffffffad27c09f88 [ 2.481286] lr : ffffffad27c09f84 [ 2.481289] sp : ffffff800805b7c0 [ 2.481293] x29: ffffff800805b7c0 x28: 0000000000000000 [ 2.481298] x27: ffffffe97f8e4800 x26: 0000000000000001 [ 2.481303] x25: 0000000000000002 x24: 0000000000000002 [ 2.481308] x23: 0000000000000050 x22: 0000000000000002 [ 2.481313] x21: 0000000000000000 x20: ffffffad2a68f860 [ 2.481318] x19: 00000000fffffffe x18: ffffffad2b25b000 [ 2.481323] x17: 00000000007c12a0 x16: 00000000000000c4 [ 2.481328] x15: ffffffad29243bbc x14: 0000000000003139 [ 2.481332] x13: 0000000000000348 x12: 0000000000000000 [ 2.481337] x11: 0000000000000000 x10: ffffffffffffffff [ 2.481342] x9 : 198684d2b1dd3700 x8 : 198684d2b1dd3700 [ 2.481347] x7 : 323138342e322020 x6 : ffffffe959576883 [ 2.481352] x5 : 0000000000000000 x4 : 0000000000000003 [ 2.481356] x3 : 000000000000001f x2 : 0000000000000001 [ 2.481361] x1 : 0000000000000000 x0 : 0000000000000000 [ 2.481367] Call trace: [ 2.481372] gpio_to_desc+0xa8/0xb8 [ 2.481377] dsi_panel_drv_init+0x4e8/0x734 [ 2.481383] dsi_display_bind+0xa70/0xc88 [ 2.481390] component_bind_all+0x128/0x254 [ 2.481396] msm_drm_bind+0x154/0x884 [ 2.481401] try_to_bring_up_master+0x13c/0x184 [ 2.481405] component_add+0xd0/0x184 [ 2.481412] dp_display_probe+0x2f8/0x43c [ 2.481418] platform_drv_probe+0x7c/0xb4 [ 2.481422] really_probe+0x270/0x2f4 [ 2.481427] driver_probe_device+0x60/0xf8 [ 2.481431] __driver_attach+0xe8/0x124 [ 2.481436] bus_for_each_dev+0x78/0xc0 [ 2.481440] driver_attach+0x20/0x28 [ 2.481444] bus_add_driver+0x128/0x20c [ 2.481449] driver_register+0x74/0x108 [ 2.481454] __platform_driver_register+0x40/0x48 [ 2.481460] dp_display_init+0x1c/0x54 [ 2.481465] do_one_initcall+0xd0/0x210 [ 2.481470] do_initcall_level+0x13c/0x164 [ 2.481474] do_basic_setup+0x48/0x94 [ 2.481478] kernel_init_freeable+0xac/0x144 [ 2.481486] kernel_init+0x14/0x2b0 [ 2.481492] ret_from_fork+0x10/0x18 [ 2.481497] ---[ end trace ac7e091c9f24763b ]--- Change-Id: Ic83f9a2f7192a97e1cd53f8cc89cc94b06acf55b Signed-off-by: LibXZR <[email protected]>
YumeMichi
pushed a commit
that referenced
this issue
Jan 5, 2024
struct list_lru_one l.nr_items could be accessed concurrently as noticed by KCSAN, BUG: KCSAN: data-race in list_lru_count_one / list_lru_isolate_move write to 0xffffa102789c4510 of 8 bytes by task 823 on cpu 39: list_lru_isolate_move+0xf9/0x130 list_lru_isolate_move at mm/list_lru.c:180 inode_lru_isolate+0x12b/0x2a0 __list_lru_walk_one+0x122/0x3d0 list_lru_walk_one+0x75/0xa0 prune_icache_sb+0x8b/0xc0 super_cache_scan+0x1b8/0x250 do_shrink_slab+0x256/0x6d0 shrink_slab+0x41b/0x4a0 shrink_node+0x35c/0xd80 balance_pgdat+0x652/0xd90 kswapd+0x396/0x8d0 kthread+0x1e0/0x200 ret_from_fork+0x27/0x50 read to 0xffffa102789c4510 of 8 bytes by task 6345 on cpu 56: list_lru_count_one+0x116/0x2f0 list_lru_count_one at mm/list_lru.c:193 super_cache_count+0xe8/0x170 do_shrink_slab+0x95/0x6d0 shrink_slab+0x41b/0x4a0 shrink_node+0x35c/0xd80 do_try_to_free_pages+0x1f7/0xa10 try_to_free_pages+0x26c/0x5e0 __alloc_pages_slowpath+0x458/0x1290 __alloc_pages_nodemask+0x3bb/0x450 alloc_pages_vma+0x8a/0x2c0 do_anonymous_page+0x170/0x700 __handle_mm_fault+0xc9f/0xd00 handle_mm_fault+0xfc/0x2f0 do_page_fault+0x263/0x6f9 page_fault+0x34/0x40 Reported by Kernel Concurrency Sanitizer on: CPU: 56 PID: 6345 Comm: oom01 Tainted: G W L 5.5.0-next-20200205+ #4 Hardware name: HPE ProLiant DL385 Gen10/ProLiant DL385 Gen10, BIOS A40 07/10/2019 A shattered l.nr_items could affect the shrinker behaviour due to a data race. Fix it by adding READ_ONCE() for the read. Since the writes are aligned and up to word-size, assume those are safe from data races to avoid readability issues of writing WRITE_ONCE(var, var + val). Signed-off-by: Qian Cai <[email protected]> Signed-off-by: Andrew Morton <[email protected]> Cc: Marco Elver <[email protected]> Cc: Konrad Rzeszutek Wilk <[email protected]> Link: http://lkml.kernel.org/r/[email protected] Signed-off-by: Linus Torvalds <[email protected]> Change-Id: I80f9419bd90136dd7d02249af982d4a649150c06
YumeMichi
pushed a commit
that referenced
this issue
Jan 5, 2024
This fixes the following warning: [ 2.481219] invalid GPIO -2 [ 2.481252] WARNING: CPU: 3 PID: 1 at drivers/gpio/gpiolib.c:128 gpio_to_desc+0xa8/0xb8 [ 2.481259] CPU: 3 PID: 1 Comm: swapper/0 Tainted: G S 4.19.157-Horizon-04171159 #4 [ 2.481264] Hardware name: Qualcomm Technologies, Inc. kona MTP 19805 (DT) [ 2.481269] pstate: 60800005 (nZCv daif -PAN +UAO) [ 2.481274] pc : gpio_to_desc+0xa8/0xb8 [ 2.481279] lr : gpio_to_desc+0xa4/0xb8 [ 2.481283] pc : ffffffad27c09f88 [ 2.481286] lr : ffffffad27c09f84 [ 2.481289] sp : ffffff800805b7c0 [ 2.481293] x29: ffffff800805b7c0 x28: 0000000000000000 [ 2.481298] x27: ffffffe97f8e4800 x26: 0000000000000001 [ 2.481303] x25: 0000000000000002 x24: 0000000000000002 [ 2.481308] x23: 0000000000000050 x22: 0000000000000002 [ 2.481313] x21: 0000000000000000 x20: ffffffad2a68f860 [ 2.481318] x19: 00000000fffffffe x18: ffffffad2b25b000 [ 2.481323] x17: 00000000007c12a0 x16: 00000000000000c4 [ 2.481328] x15: ffffffad29243bbc x14: 0000000000003139 [ 2.481332] x13: 0000000000000348 x12: 0000000000000000 [ 2.481337] x11: 0000000000000000 x10: ffffffffffffffff [ 2.481342] x9 : 198684d2b1dd3700 x8 : 198684d2b1dd3700 [ 2.481347] x7 : 323138342e322020 x6 : ffffffe959576883 [ 2.481352] x5 : 0000000000000000 x4 : 0000000000000003 [ 2.481356] x3 : 000000000000001f x2 : 0000000000000001 [ 2.481361] x1 : 0000000000000000 x0 : 0000000000000000 [ 2.481367] Call trace: [ 2.481372] gpio_to_desc+0xa8/0xb8 [ 2.481377] dsi_panel_drv_init+0x4e8/0x734 [ 2.481383] dsi_display_bind+0xa70/0xc88 [ 2.481390] component_bind_all+0x128/0x254 [ 2.481396] msm_drm_bind+0x154/0x884 [ 2.481401] try_to_bring_up_master+0x13c/0x184 [ 2.481405] component_add+0xd0/0x184 [ 2.481412] dp_display_probe+0x2f8/0x43c [ 2.481418] platform_drv_probe+0x7c/0xb4 [ 2.481422] really_probe+0x270/0x2f4 [ 2.481427] driver_probe_device+0x60/0xf8 [ 2.481431] __driver_attach+0xe8/0x124 [ 2.481436] bus_for_each_dev+0x78/0xc0 [ 2.481440] driver_attach+0x20/0x28 [ 2.481444] bus_add_driver+0x128/0x20c [ 2.481449] driver_register+0x74/0x108 [ 2.481454] __platform_driver_register+0x40/0x48 [ 2.481460] dp_display_init+0x1c/0x54 [ 2.481465] do_one_initcall+0xd0/0x210 [ 2.481470] do_initcall_level+0x13c/0x164 [ 2.481474] do_basic_setup+0x48/0x94 [ 2.481478] kernel_init_freeable+0xac/0x144 [ 2.481486] kernel_init+0x14/0x2b0 [ 2.481492] ret_from_fork+0x10/0x18 [ 2.481497] ---[ end trace ac7e091c9f24763b ]--- Change-Id: Ic83f9a2f7192a97e1cd53f8cc89cc94b06acf55b Signed-off-by: LibXZR <[email protected]>
YumeMichi
pushed a commit
that referenced
this issue
Jan 5, 2024
struct list_lru_one l.nr_items could be accessed concurrently as noticed by KCSAN, BUG: KCSAN: data-race in list_lru_count_one / list_lru_isolate_move write to 0xffffa102789c4510 of 8 bytes by task 823 on cpu 39: list_lru_isolate_move+0xf9/0x130 list_lru_isolate_move at mm/list_lru.c:180 inode_lru_isolate+0x12b/0x2a0 __list_lru_walk_one+0x122/0x3d0 list_lru_walk_one+0x75/0xa0 prune_icache_sb+0x8b/0xc0 super_cache_scan+0x1b8/0x250 do_shrink_slab+0x256/0x6d0 shrink_slab+0x41b/0x4a0 shrink_node+0x35c/0xd80 balance_pgdat+0x652/0xd90 kswapd+0x396/0x8d0 kthread+0x1e0/0x200 ret_from_fork+0x27/0x50 read to 0xffffa102789c4510 of 8 bytes by task 6345 on cpu 56: list_lru_count_one+0x116/0x2f0 list_lru_count_one at mm/list_lru.c:193 super_cache_count+0xe8/0x170 do_shrink_slab+0x95/0x6d0 shrink_slab+0x41b/0x4a0 shrink_node+0x35c/0xd80 do_try_to_free_pages+0x1f7/0xa10 try_to_free_pages+0x26c/0x5e0 __alloc_pages_slowpath+0x458/0x1290 __alloc_pages_nodemask+0x3bb/0x450 alloc_pages_vma+0x8a/0x2c0 do_anonymous_page+0x170/0x700 __handle_mm_fault+0xc9f/0xd00 handle_mm_fault+0xfc/0x2f0 do_page_fault+0x263/0x6f9 page_fault+0x34/0x40 Reported by Kernel Concurrency Sanitizer on: CPU: 56 PID: 6345 Comm: oom01 Tainted: G W L 5.5.0-next-20200205+ #4 Hardware name: HPE ProLiant DL385 Gen10/ProLiant DL385 Gen10, BIOS A40 07/10/2019 A shattered l.nr_items could affect the shrinker behaviour due to a data race. Fix it by adding READ_ONCE() for the read. Since the writes are aligned and up to word-size, assume those are safe from data races to avoid readability issues of writing WRITE_ONCE(var, var + val). Signed-off-by: Qian Cai <[email protected]> Signed-off-by: Andrew Morton <[email protected]> Cc: Marco Elver <[email protected]> Cc: Konrad Rzeszutek Wilk <[email protected]> Link: http://lkml.kernel.org/r/[email protected] Signed-off-by: Linus Torvalds <[email protected]> Change-Id: I80f9419bd90136dd7d02249af982d4a649150c06
YumeMichi
pushed a commit
that referenced
this issue
Jan 8, 2024
This fixes the following warning: [ 2.481219] invalid GPIO -2 [ 2.481252] WARNING: CPU: 3 PID: 1 at drivers/gpio/gpiolib.c:128 gpio_to_desc+0xa8/0xb8 [ 2.481259] CPU: 3 PID: 1 Comm: swapper/0 Tainted: G S 4.19.157-Horizon-04171159 #4 [ 2.481264] Hardware name: Qualcomm Technologies, Inc. kona MTP 19805 (DT) [ 2.481269] pstate: 60800005 (nZCv daif -PAN +UAO) [ 2.481274] pc : gpio_to_desc+0xa8/0xb8 [ 2.481279] lr : gpio_to_desc+0xa4/0xb8 [ 2.481283] pc : ffffffad27c09f88 [ 2.481286] lr : ffffffad27c09f84 [ 2.481289] sp : ffffff800805b7c0 [ 2.481293] x29: ffffff800805b7c0 x28: 0000000000000000 [ 2.481298] x27: ffffffe97f8e4800 x26: 0000000000000001 [ 2.481303] x25: 0000000000000002 x24: 0000000000000002 [ 2.481308] x23: 0000000000000050 x22: 0000000000000002 [ 2.481313] x21: 0000000000000000 x20: ffffffad2a68f860 [ 2.481318] x19: 00000000fffffffe x18: ffffffad2b25b000 [ 2.481323] x17: 00000000007c12a0 x16: 00000000000000c4 [ 2.481328] x15: ffffffad29243bbc x14: 0000000000003139 [ 2.481332] x13: 0000000000000348 x12: 0000000000000000 [ 2.481337] x11: 0000000000000000 x10: ffffffffffffffff [ 2.481342] x9 : 198684d2b1dd3700 x8 : 198684d2b1dd3700 [ 2.481347] x7 : 323138342e322020 x6 : ffffffe959576883 [ 2.481352] x5 : 0000000000000000 x4 : 0000000000000003 [ 2.481356] x3 : 000000000000001f x2 : 0000000000000001 [ 2.481361] x1 : 0000000000000000 x0 : 0000000000000000 [ 2.481367] Call trace: [ 2.481372] gpio_to_desc+0xa8/0xb8 [ 2.481377] dsi_panel_drv_init+0x4e8/0x734 [ 2.481383] dsi_display_bind+0xa70/0xc88 [ 2.481390] component_bind_all+0x128/0x254 [ 2.481396] msm_drm_bind+0x154/0x884 [ 2.481401] try_to_bring_up_master+0x13c/0x184 [ 2.481405] component_add+0xd0/0x184 [ 2.481412] dp_display_probe+0x2f8/0x43c [ 2.481418] platform_drv_probe+0x7c/0xb4 [ 2.481422] really_probe+0x270/0x2f4 [ 2.481427] driver_probe_device+0x60/0xf8 [ 2.481431] __driver_attach+0xe8/0x124 [ 2.481436] bus_for_each_dev+0x78/0xc0 [ 2.481440] driver_attach+0x20/0x28 [ 2.481444] bus_add_driver+0x128/0x20c [ 2.481449] driver_register+0x74/0x108 [ 2.481454] __platform_driver_register+0x40/0x48 [ 2.481460] dp_display_init+0x1c/0x54 [ 2.481465] do_one_initcall+0xd0/0x210 [ 2.481470] do_initcall_level+0x13c/0x164 [ 2.481474] do_basic_setup+0x48/0x94 [ 2.481478] kernel_init_freeable+0xac/0x144 [ 2.481486] kernel_init+0x14/0x2b0 [ 2.481492] ret_from_fork+0x10/0x18 [ 2.481497] ---[ end trace ac7e091c9f24763b ]--- Change-Id: Ic83f9a2f7192a97e1cd53f8cc89cc94b06acf55b Signed-off-by: LibXZR <[email protected]>
YumeMichi
pushed a commit
that referenced
this issue
Jan 8, 2024
struct list_lru_one l.nr_items could be accessed concurrently as noticed by KCSAN, BUG: KCSAN: data-race in list_lru_count_one / list_lru_isolate_move write to 0xffffa102789c4510 of 8 bytes by task 823 on cpu 39: list_lru_isolate_move+0xf9/0x130 list_lru_isolate_move at mm/list_lru.c:180 inode_lru_isolate+0x12b/0x2a0 __list_lru_walk_one+0x122/0x3d0 list_lru_walk_one+0x75/0xa0 prune_icache_sb+0x8b/0xc0 super_cache_scan+0x1b8/0x250 do_shrink_slab+0x256/0x6d0 shrink_slab+0x41b/0x4a0 shrink_node+0x35c/0xd80 balance_pgdat+0x652/0xd90 kswapd+0x396/0x8d0 kthread+0x1e0/0x200 ret_from_fork+0x27/0x50 read to 0xffffa102789c4510 of 8 bytes by task 6345 on cpu 56: list_lru_count_one+0x116/0x2f0 list_lru_count_one at mm/list_lru.c:193 super_cache_count+0xe8/0x170 do_shrink_slab+0x95/0x6d0 shrink_slab+0x41b/0x4a0 shrink_node+0x35c/0xd80 do_try_to_free_pages+0x1f7/0xa10 try_to_free_pages+0x26c/0x5e0 __alloc_pages_slowpath+0x458/0x1290 __alloc_pages_nodemask+0x3bb/0x450 alloc_pages_vma+0x8a/0x2c0 do_anonymous_page+0x170/0x700 __handle_mm_fault+0xc9f/0xd00 handle_mm_fault+0xfc/0x2f0 do_page_fault+0x263/0x6f9 page_fault+0x34/0x40 Reported by Kernel Concurrency Sanitizer on: CPU: 56 PID: 6345 Comm: oom01 Tainted: G W L 5.5.0-next-20200205+ #4 Hardware name: HPE ProLiant DL385 Gen10/ProLiant DL385 Gen10, BIOS A40 07/10/2019 A shattered l.nr_items could affect the shrinker behaviour due to a data race. Fix it by adding READ_ONCE() for the read. Since the writes are aligned and up to word-size, assume those are safe from data races to avoid readability issues of writing WRITE_ONCE(var, var + val). Signed-off-by: Qian Cai <[email protected]> Signed-off-by: Andrew Morton <[email protected]> Cc: Marco Elver <[email protected]> Cc: Konrad Rzeszutek Wilk <[email protected]> Link: http://lkml.kernel.org/r/[email protected] Signed-off-by: Linus Torvalds <[email protected]> Change-Id: I80f9419bd90136dd7d02249af982d4a649150c06
YumeMichi
pushed a commit
that referenced
this issue
Jan 12, 2024
commit 7fed14f7ac9cf5e38c693836fe4a874720141845 upstream. The following warning appears when using buffered events: [ 203.556451] WARNING: CPU: 53 PID: 10220 at kernel/trace/ring_buffer.c:3912 ring_buffer_discard_commit+0x2eb/0x420 [...] [ 203.670690] CPU: 53 PID: 10220 Comm: stress-ng-sysin Tainted: G E 6.7.0-rc2-default #4 56e6d0fcf5581e6e51eaaecbdaec2a2338c80f3a [ 203.670704] Hardware name: Intel Corp. GROVEPORT/GROVEPORT, BIOS GVPRCRB1.86B.0016.D04.1705030402 05/03/2017 [ 203.670709] RIP: 0010:ring_buffer_discard_commit+0x2eb/0x420 [ 203.735721] Code: 4c 8b 4a 50 48 8b 42 48 49 39 c1 0f 84 b3 00 00 00 49 83 e8 01 75 b1 48 8b 42 10 f0 ff 40 08 0f 0b e9 fc fe ff ff f0 ff 47 08 <0f> 0b e9 77 fd ff ff 48 8b 42 10 f0 ff 40 08 0f 0b e9 f5 fe ff ff [ 203.735734] RSP: 0018:ffffb4ae4f7b7d80 EFLAGS: 00010202 [ 203.735745] RAX: 0000000000000000 RBX: ffffb4ae4f7b7de0 RCX: ffff8ac10662c000 [ 203.735754] RDX: ffff8ac0c750be00 RSI: ffff8ac10662c000 RDI: ffff8ac0c004d400 [ 203.781832] RBP: ffff8ac0c039cea0 R08: 0000000000000000 R09: 0000000000000000 [ 203.781839] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 203.781842] R13: ffff8ac10662c000 R14: ffff8ac0c004d400 R15: ffff8ac10662c008 [ 203.781846] FS: 00007f4cd8a67740(0000) GS:ffff8ad798880000(0000) knlGS:0000000000000000 [ 203.781851] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 203.781855] CR2: 0000559766a74028 CR3: 00000001804c4000 CR4: 00000000001506f0 [ 203.781862] Call Trace: [ 203.781870] <TASK> [ 203.851949] trace_event_buffer_commit+0x1ea/0x250 [ 203.851967] trace_event_raw_event_sys_enter+0x83/0xe0 [ 203.851983] syscall_trace_enter.isra.0+0x182/0x1a0 [ 203.851990] do_syscall_64+0x3a/0xe0 [ 203.852075] entry_SYSCALL_64_after_hwframe+0x6e/0x76 [ 203.852090] RIP: 0033:0x7f4cd870fa77 [ 203.982920] Code: 00 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 90 b8 89 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d e9 43 0e 00 f7 d8 64 89 01 48 [ 203.982932] RSP: 002b:00007fff99717dd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000089 [ 203.982942] RAX: ffffffffffffffda RBX: 0000558ea1d7b6f0 RCX: 00007f4cd870fa77 [ 203.982948] RDX: 0000000000000000 RSI: 00007fff99717de0 RDI: 0000558ea1d7b6f0 [ 203.982957] RBP: 00007fff99717de0 R08: 00007fff997180e0 R09: 00007fff997180e0 [ 203.982962] R10: 00007fff997180e0 R11: 0000000000000246 R12: 00007fff99717f40 [ 204.049239] R13: 00007fff99718590 R14: 0000558e9f2127a8 R15: 00007fff997180b0 [ 204.049256] </TASK> For instance, it can be triggered by running these two commands in parallel: $ while true; do echo hist:key=id.syscall:val=hitcount > \ /sys/kernel/debug/tracing/events/raw_syscalls/sys_enter/trigger; done $ stress-ng --sysinfo $(nproc) The warning indicates that the current ring_buffer_per_cpu is not in the committing state. It happens because the active ring_buffer_event doesn't actually come from the ring_buffer_per_cpu but is allocated from trace_buffered_event. The bug is in function trace_buffered_event_disable() where the following normally happens: * The code invokes disable_trace_buffered_event() via smp_call_function_many() and follows it by synchronize_rcu(). This increments the per-CPU variable trace_buffered_event_cnt on each target CPU and grants trace_buffered_event_disable() the exclusive access to the per-CPU variable trace_buffered_event. * Maintenance is performed on trace_buffered_event, all per-CPU event buffers get freed. * The code invokes enable_trace_buffered_event() via smp_call_function_many(). This decrements trace_buffered_event_cnt and releases the access to trace_buffered_event. A problem is that smp_call_function_many() runs a given function on all target CPUs except on the current one. The following can then occur: * Task X executing trace_buffered_event_disable() runs on CPU 0. * The control reaches synchronize_rcu() and the task gets rescheduled on another CPU 1. * The RCU synchronization finishes. At this point, trace_buffered_event_disable() has the exclusive access to all trace_buffered_event variables except trace_buffered_event[CPU0] because trace_buffered_event_cnt[CPU0] is never incremented and if the buffer is currently unused, remains set to 0. * A different task Y is scheduled on CPU 0 and hits a trace event. The code in trace_event_buffer_lock_reserve() sees that trace_buffered_event_cnt[CPU0] is set to 0 and decides the use the buffer provided by trace_buffered_event[CPU0]. * Task X continues its execution in trace_buffered_event_disable(). The code incorrectly frees the event buffer pointed by trace_buffered_event[CPU0] and resets the variable to NULL. * Task Y writes event data to the now freed buffer and later detects the created inconsistency. The issue is observable since commit dea499781a11 ("tracing: Fix warning in trace_buffered_event_disable()") which moved the call of trace_buffered_event_disable() in __ftrace_event_enable_disable() earlier, prior to invoking call->class->reg(.. TRACE_REG_UNREGISTER ..). The underlying problem in trace_buffered_event_disable() is however present since the original implementation in commit 0fc1b09 ("tracing: Use temp buffer when filtering events"). Fix the problem by replacing the two smp_call_function_many() calls with on_each_cpu_mask() which invokes a given callback on all CPUs. Link: https://lore.kernel.org/all/[email protected]/ Link: https://lkml.kernel.org/r/[email protected] Cc: [email protected] Fixes: 0fc1b09 ("tracing: Use temp buffer when filtering events") Fixes: dea499781a11 ("tracing: Fix warning in trace_buffered_event_disable()") Signed-off-by: Petr Pavlu <[email protected]> Signed-off-by: Steven Rostedt (Google) <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
YumeMichi
pushed a commit
that referenced
this issue
Jan 12, 2024
[ Upstream commit 14694179e561b5f2f7e56a0f590e2cb49a9cc7ab ]
Trying to suspend to RAM on SAMA5D27 EVK leads to the following lockdep
warning:
============================================
WARNING: possible recursive locking detected
6.7.0-rc5-wt+ #532 Not tainted
--------------------------------------------
sh/92 is trying to acquire lock:
c3cf306c (&irq_desc_lock_class){-.-.}-{2:2}, at: __irq_get_desc_lock+0xe8/0x100
but task is already holding lock:
c3d7c46c (&irq_desc_lock_class){-.-.}-{2:2}, at: __irq_get_desc_lock+0xe8/0x100
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(&irq_desc_lock_class);
lock(&irq_desc_lock_class);
*** DEADLOCK ***
May be due to missing lock nesting notation
6 locks held by sh/92:
#0: c3aa0258 (sb_writers#6){.+.+}-{0:0}, at: ksys_write+0xd8/0x178
#1: c4c2df44 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x138/0x284
#2: c32684a0 (kn->active){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x148/0x284
#3: c232b6d4 (system_transition_mutex){+.+.}-{3:3}, at: pm_suspend+0x13c/0x4e8
#4: c387b088 (&dev->mutex){....}-{3:3}, at: __device_suspend+0x1e8/0x91c
#5: c3d7c46c (&irq_desc_lock_class){-.-.}-{2:2}, at: __irq_get_desc_lock+0xe8/0x100
stack backtrace:
CPU: 0 PID: 92 Comm: sh Not tainted 6.7.0-rc5-wt+ #532
Hardware name: Atmel SAMA5
unwind_backtrace from show_stack+0x18/0x1c
show_stack from dump_stack_lvl+0x34/0x48
dump_stack_lvl from __lock_acquire+0x19ec/0x3a0c
__lock_acquire from lock_acquire.part.0+0x124/0x2d0
lock_acquire.part.0 from _raw_spin_lock_irqsave+0x5c/0x78
_raw_spin_lock_irqsave from __irq_get_desc_lock+0xe8/0x100
__irq_get_desc_lock from irq_set_irq_wake+0xa8/0x204
irq_set_irq_wake from atmel_gpio_irq_set_wake+0x58/0xb4
atmel_gpio_irq_set_wake from irq_set_irq_wake+0x100/0x204
irq_set_irq_wake from gpio_keys_suspend+0xec/0x2b8
gpio_keys_suspend from dpm_run_callback+0xe4/0x248
dpm_run_callback from __device_suspend+0x234/0x91c
__device_suspend from dpm_suspend+0x224/0x43c
dpm_suspend from dpm_suspend_start+0x9c/0xa8
dpm_suspend_start from suspend_devices_and_enter+0x1e0/0xa84
suspend_devices_and_enter from pm_suspend+0x460/0x4e8
pm_suspend from state_store+0x78/0xe4
state_store from kernfs_fop_write_iter+0x1a0/0x284
kernfs_fop_write_iter from vfs_write+0x38c/0x6f4
vfs_write from ksys_write+0xd8/0x178
ksys_write from ret_fast_syscall+0x0/0x1c
Exception stack(0xc52b3fa8 to 0xc52b3ff0)
3fa0: 00000004 005a0ae8 00000001 005a0ae8 00000004 00000001
3fc0: 00000004 005a0ae8 00000001 00000004 00000004 b6c616c0 00000020 0059d190
3fe0: 00000004 b6c61678 aec5a041 aebf1a26
This warning is raised because pinctrl-at91-pio4 uses chained IRQ. Whenever
a wake up source configures an IRQ through irq_set_irq_wake, it will
lock the corresponding IRQ desc, and then call irq_set_irq_wake on "parent"
IRQ which will do the same on its own IRQ desc, but since those two locks
share the same class, lockdep reports this as an issue.
Fix lockdep false positive by setting a different class for parent and
children IRQ
Fixes: 7761808 ("pinctrl: introduce driver for Atmel PIO4 controller")
Signed-off-by: Alexis Lothoré <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Linus Walleij <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
YumeMichi
pushed a commit
that referenced
this issue
Jan 12, 2024
This fixes the following warning: [ 2.481219] invalid GPIO -2 [ 2.481252] WARNING: CPU: 3 PID: 1 at drivers/gpio/gpiolib.c:128 gpio_to_desc+0xa8/0xb8 [ 2.481259] CPU: 3 PID: 1 Comm: swapper/0 Tainted: G S 4.19.157-Horizon-04171159 #4 [ 2.481264] Hardware name: Qualcomm Technologies, Inc. kona MTP 19805 (DT) [ 2.481269] pstate: 60800005 (nZCv daif -PAN +UAO) [ 2.481274] pc : gpio_to_desc+0xa8/0xb8 [ 2.481279] lr : gpio_to_desc+0xa4/0xb8 [ 2.481283] pc : ffffffad27c09f88 [ 2.481286] lr : ffffffad27c09f84 [ 2.481289] sp : ffffff800805b7c0 [ 2.481293] x29: ffffff800805b7c0 x28: 0000000000000000 [ 2.481298] x27: ffffffe97f8e4800 x26: 0000000000000001 [ 2.481303] x25: 0000000000000002 x24: 0000000000000002 [ 2.481308] x23: 0000000000000050 x22: 0000000000000002 [ 2.481313] x21: 0000000000000000 x20: ffffffad2a68f860 [ 2.481318] x19: 00000000fffffffe x18: ffffffad2b25b000 [ 2.481323] x17: 00000000007c12a0 x16: 00000000000000c4 [ 2.481328] x15: ffffffad29243bbc x14: 0000000000003139 [ 2.481332] x13: 0000000000000348 x12: 0000000000000000 [ 2.481337] x11: 0000000000000000 x10: ffffffffffffffff [ 2.481342] x9 : 198684d2b1dd3700 x8 : 198684d2b1dd3700 [ 2.481347] x7 : 323138342e322020 x6 : ffffffe959576883 [ 2.481352] x5 : 0000000000000000 x4 : 0000000000000003 [ 2.481356] x3 : 000000000000001f x2 : 0000000000000001 [ 2.481361] x1 : 0000000000000000 x0 : 0000000000000000 [ 2.481367] Call trace: [ 2.481372] gpio_to_desc+0xa8/0xb8 [ 2.481377] dsi_panel_drv_init+0x4e8/0x734 [ 2.481383] dsi_display_bind+0xa70/0xc88 [ 2.481390] component_bind_all+0x128/0x254 [ 2.481396] msm_drm_bind+0x154/0x884 [ 2.481401] try_to_bring_up_master+0x13c/0x184 [ 2.481405] component_add+0xd0/0x184 [ 2.481412] dp_display_probe+0x2f8/0x43c [ 2.481418] platform_drv_probe+0x7c/0xb4 [ 2.481422] really_probe+0x270/0x2f4 [ 2.481427] driver_probe_device+0x60/0xf8 [ 2.481431] __driver_attach+0xe8/0x124 [ 2.481436] bus_for_each_dev+0x78/0xc0 [ 2.481440] driver_attach+0x20/0x28 [ 2.481444] bus_add_driver+0x128/0x20c [ 2.481449] driver_register+0x74/0x108 [ 2.481454] __platform_driver_register+0x40/0x48 [ 2.481460] dp_display_init+0x1c/0x54 [ 2.481465] do_one_initcall+0xd0/0x210 [ 2.481470] do_initcall_level+0x13c/0x164 [ 2.481474] do_basic_setup+0x48/0x94 [ 2.481478] kernel_init_freeable+0xac/0x144 [ 2.481486] kernel_init+0x14/0x2b0 [ 2.481492] ret_from_fork+0x10/0x18 [ 2.481497] ---[ end trace ac7e091c9f24763b ]--- Change-Id: Ic83f9a2f7192a97e1cd53f8cc89cc94b06acf55b Signed-off-by: LibXZR <[email protected]>
YumeMichi
pushed a commit
that referenced
this issue
Jan 12, 2024
struct list_lru_one l.nr_items could be accessed concurrently as noticed by KCSAN, BUG: KCSAN: data-race in list_lru_count_one / list_lru_isolate_move write to 0xffffa102789c4510 of 8 bytes by task 823 on cpu 39: list_lru_isolate_move+0xf9/0x130 list_lru_isolate_move at mm/list_lru.c:180 inode_lru_isolate+0x12b/0x2a0 __list_lru_walk_one+0x122/0x3d0 list_lru_walk_one+0x75/0xa0 prune_icache_sb+0x8b/0xc0 super_cache_scan+0x1b8/0x250 do_shrink_slab+0x256/0x6d0 shrink_slab+0x41b/0x4a0 shrink_node+0x35c/0xd80 balance_pgdat+0x652/0xd90 kswapd+0x396/0x8d0 kthread+0x1e0/0x200 ret_from_fork+0x27/0x50 read to 0xffffa102789c4510 of 8 bytes by task 6345 on cpu 56: list_lru_count_one+0x116/0x2f0 list_lru_count_one at mm/list_lru.c:193 super_cache_count+0xe8/0x170 do_shrink_slab+0x95/0x6d0 shrink_slab+0x41b/0x4a0 shrink_node+0x35c/0xd80 do_try_to_free_pages+0x1f7/0xa10 try_to_free_pages+0x26c/0x5e0 __alloc_pages_slowpath+0x458/0x1290 __alloc_pages_nodemask+0x3bb/0x450 alloc_pages_vma+0x8a/0x2c0 do_anonymous_page+0x170/0x700 __handle_mm_fault+0xc9f/0xd00 handle_mm_fault+0xfc/0x2f0 do_page_fault+0x263/0x6f9 page_fault+0x34/0x40 Reported by Kernel Concurrency Sanitizer on: CPU: 56 PID: 6345 Comm: oom01 Tainted: G W L 5.5.0-next-20200205+ #4 Hardware name: HPE ProLiant DL385 Gen10/ProLiant DL385 Gen10, BIOS A40 07/10/2019 A shattered l.nr_items could affect the shrinker behaviour due to a data race. Fix it by adding READ_ONCE() for the read. Since the writes are aligned and up to word-size, assume those are safe from data races to avoid readability issues of writing WRITE_ONCE(var, var + val). Signed-off-by: Qian Cai <[email protected]> Signed-off-by: Andrew Morton <[email protected]> Cc: Marco Elver <[email protected]> Cc: Konrad Rzeszutek Wilk <[email protected]> Link: http://lkml.kernel.org/r/[email protected] Signed-off-by: Linus Torvalds <[email protected]> Change-Id: I80f9419bd90136dd7d02249af982d4a649150c06
YumeMichi
pushed a commit
that referenced
this issue
Jan 23, 2024
This fixes the following warning: [ 2.481219] invalid GPIO -2 [ 2.481252] WARNING: CPU: 3 PID: 1 at drivers/gpio/gpiolib.c:128 gpio_to_desc+0xa8/0xb8 [ 2.481259] CPU: 3 PID: 1 Comm: swapper/0 Tainted: G S 4.19.157-Horizon-04171159 #4 [ 2.481264] Hardware name: Qualcomm Technologies, Inc. kona MTP 19805 (DT) [ 2.481269] pstate: 60800005 (nZCv daif -PAN +UAO) [ 2.481274] pc : gpio_to_desc+0xa8/0xb8 [ 2.481279] lr : gpio_to_desc+0xa4/0xb8 [ 2.481283] pc : ffffffad27c09f88 [ 2.481286] lr : ffffffad27c09f84 [ 2.481289] sp : ffffff800805b7c0 [ 2.481293] x29: ffffff800805b7c0 x28: 0000000000000000 [ 2.481298] x27: ffffffe97f8e4800 x26: 0000000000000001 [ 2.481303] x25: 0000000000000002 x24: 0000000000000002 [ 2.481308] x23: 0000000000000050 x22: 0000000000000002 [ 2.481313] x21: 0000000000000000 x20: ffffffad2a68f860 [ 2.481318] x19: 00000000fffffffe x18: ffffffad2b25b000 [ 2.481323] x17: 00000000007c12a0 x16: 00000000000000c4 [ 2.481328] x15: ffffffad29243bbc x14: 0000000000003139 [ 2.481332] x13: 0000000000000348 x12: 0000000000000000 [ 2.481337] x11: 0000000000000000 x10: ffffffffffffffff [ 2.481342] x9 : 198684d2b1dd3700 x8 : 198684d2b1dd3700 [ 2.481347] x7 : 323138342e322020 x6 : ffffffe959576883 [ 2.481352] x5 : 0000000000000000 x4 : 0000000000000003 [ 2.481356] x3 : 000000000000001f x2 : 0000000000000001 [ 2.481361] x1 : 0000000000000000 x0 : 0000000000000000 [ 2.481367] Call trace: [ 2.481372] gpio_to_desc+0xa8/0xb8 [ 2.481377] dsi_panel_drv_init+0x4e8/0x734 [ 2.481383] dsi_display_bind+0xa70/0xc88 [ 2.481390] component_bind_all+0x128/0x254 [ 2.481396] msm_drm_bind+0x154/0x884 [ 2.481401] try_to_bring_up_master+0x13c/0x184 [ 2.481405] component_add+0xd0/0x184 [ 2.481412] dp_display_probe+0x2f8/0x43c [ 2.481418] platform_drv_probe+0x7c/0xb4 [ 2.481422] really_probe+0x270/0x2f4 [ 2.481427] driver_probe_device+0x60/0xf8 [ 2.481431] __driver_attach+0xe8/0x124 [ 2.481436] bus_for_each_dev+0x78/0xc0 [ 2.481440] driver_attach+0x20/0x28 [ 2.481444] bus_add_driver+0x128/0x20c [ 2.481449] driver_register+0x74/0x108 [ 2.481454] __platform_driver_register+0x40/0x48 [ 2.481460] dp_display_init+0x1c/0x54 [ 2.481465] do_one_initcall+0xd0/0x210 [ 2.481470] do_initcall_level+0x13c/0x164 [ 2.481474] do_basic_setup+0x48/0x94 [ 2.481478] kernel_init_freeable+0xac/0x144 [ 2.481486] kernel_init+0x14/0x2b0 [ 2.481492] ret_from_fork+0x10/0x18 [ 2.481497] ---[ end trace ac7e091c9f24763b ]--- Change-Id: Ic83f9a2f7192a97e1cd53f8cc89cc94b06acf55b Signed-off-by: LibXZR <[email protected]>
YumeMichi
pushed a commit
that referenced
this issue
Jan 23, 2024
struct list_lru_one l.nr_items could be accessed concurrently as noticed by KCSAN, BUG: KCSAN: data-race in list_lru_count_one / list_lru_isolate_move write to 0xffffa102789c4510 of 8 bytes by task 823 on cpu 39: list_lru_isolate_move+0xf9/0x130 list_lru_isolate_move at mm/list_lru.c:180 inode_lru_isolate+0x12b/0x2a0 __list_lru_walk_one+0x122/0x3d0 list_lru_walk_one+0x75/0xa0 prune_icache_sb+0x8b/0xc0 super_cache_scan+0x1b8/0x250 do_shrink_slab+0x256/0x6d0 shrink_slab+0x41b/0x4a0 shrink_node+0x35c/0xd80 balance_pgdat+0x652/0xd90 kswapd+0x396/0x8d0 kthread+0x1e0/0x200 ret_from_fork+0x27/0x50 read to 0xffffa102789c4510 of 8 bytes by task 6345 on cpu 56: list_lru_count_one+0x116/0x2f0 list_lru_count_one at mm/list_lru.c:193 super_cache_count+0xe8/0x170 do_shrink_slab+0x95/0x6d0 shrink_slab+0x41b/0x4a0 shrink_node+0x35c/0xd80 do_try_to_free_pages+0x1f7/0xa10 try_to_free_pages+0x26c/0x5e0 __alloc_pages_slowpath+0x458/0x1290 __alloc_pages_nodemask+0x3bb/0x450 alloc_pages_vma+0x8a/0x2c0 do_anonymous_page+0x170/0x700 __handle_mm_fault+0xc9f/0xd00 handle_mm_fault+0xfc/0x2f0 do_page_fault+0x263/0x6f9 page_fault+0x34/0x40 Reported by Kernel Concurrency Sanitizer on: CPU: 56 PID: 6345 Comm: oom01 Tainted: G W L 5.5.0-next-20200205+ #4 Hardware name: HPE ProLiant DL385 Gen10/ProLiant DL385 Gen10, BIOS A40 07/10/2019 A shattered l.nr_items could affect the shrinker behaviour due to a data race. Fix it by adding READ_ONCE() for the read. Since the writes are aligned and up to word-size, assume those are safe from data races to avoid readability issues of writing WRITE_ONCE(var, var + val). Signed-off-by: Qian Cai <[email protected]> Signed-off-by: Andrew Morton <[email protected]> Cc: Marco Elver <[email protected]> Cc: Konrad Rzeszutek Wilk <[email protected]> Link: http://lkml.kernel.org/r/[email protected] Signed-off-by: Linus Torvalds <[email protected]> Change-Id: I80f9419bd90136dd7d02249af982d4a649150c06
YumeMichi
pushed a commit
that referenced
this issue
Jan 28, 2024
This fixes the following warning: [ 2.481219] invalid GPIO -2 [ 2.481252] WARNING: CPU: 3 PID: 1 at drivers/gpio/gpiolib.c:128 gpio_to_desc+0xa8/0xb8 [ 2.481259] CPU: 3 PID: 1 Comm: swapper/0 Tainted: G S 4.19.157-Horizon-04171159 #4 [ 2.481264] Hardware name: Qualcomm Technologies, Inc. kona MTP 19805 (DT) [ 2.481269] pstate: 60800005 (nZCv daif -PAN +UAO) [ 2.481274] pc : gpio_to_desc+0xa8/0xb8 [ 2.481279] lr : gpio_to_desc+0xa4/0xb8 [ 2.481283] pc : ffffffad27c09f88 [ 2.481286] lr : ffffffad27c09f84 [ 2.481289] sp : ffffff800805b7c0 [ 2.481293] x29: ffffff800805b7c0 x28: 0000000000000000 [ 2.481298] x27: ffffffe97f8e4800 x26: 0000000000000001 [ 2.481303] x25: 0000000000000002 x24: 0000000000000002 [ 2.481308] x23: 0000000000000050 x22: 0000000000000002 [ 2.481313] x21: 0000000000000000 x20: ffffffad2a68f860 [ 2.481318] x19: 00000000fffffffe x18: ffffffad2b25b000 [ 2.481323] x17: 00000000007c12a0 x16: 00000000000000c4 [ 2.481328] x15: ffffffad29243bbc x14: 0000000000003139 [ 2.481332] x13: 0000000000000348 x12: 0000000000000000 [ 2.481337] x11: 0000000000000000 x10: ffffffffffffffff [ 2.481342] x9 : 198684d2b1dd3700 x8 : 198684d2b1dd3700 [ 2.481347] x7 : 323138342e322020 x6 : ffffffe959576883 [ 2.481352] x5 : 0000000000000000 x4 : 0000000000000003 [ 2.481356] x3 : 000000000000001f x2 : 0000000000000001 [ 2.481361] x1 : 0000000000000000 x0 : 0000000000000000 [ 2.481367] Call trace: [ 2.481372] gpio_to_desc+0xa8/0xb8 [ 2.481377] dsi_panel_drv_init+0x4e8/0x734 [ 2.481383] dsi_display_bind+0xa70/0xc88 [ 2.481390] component_bind_all+0x128/0x254 [ 2.481396] msm_drm_bind+0x154/0x884 [ 2.481401] try_to_bring_up_master+0x13c/0x184 [ 2.481405] component_add+0xd0/0x184 [ 2.481412] dp_display_probe+0x2f8/0x43c [ 2.481418] platform_drv_probe+0x7c/0xb4 [ 2.481422] really_probe+0x270/0x2f4 [ 2.481427] driver_probe_device+0x60/0xf8 [ 2.481431] __driver_attach+0xe8/0x124 [ 2.481436] bus_for_each_dev+0x78/0xc0 [ 2.481440] driver_attach+0x20/0x28 [ 2.481444] bus_add_driver+0x128/0x20c [ 2.481449] driver_register+0x74/0x108 [ 2.481454] __platform_driver_register+0x40/0x48 [ 2.481460] dp_display_init+0x1c/0x54 [ 2.481465] do_one_initcall+0xd0/0x210 [ 2.481470] do_initcall_level+0x13c/0x164 [ 2.481474] do_basic_setup+0x48/0x94 [ 2.481478] kernel_init_freeable+0xac/0x144 [ 2.481486] kernel_init+0x14/0x2b0 [ 2.481492] ret_from_fork+0x10/0x18 [ 2.481497] ---[ end trace ac7e091c9f24763b ]--- Change-Id: Ic83f9a2f7192a97e1cd53f8cc89cc94b06acf55b Signed-off-by: LibXZR <[email protected]>
YumeMichi
pushed a commit
that referenced
this issue
Jan 28, 2024
struct list_lru_one l.nr_items could be accessed concurrently as noticed by KCSAN, BUG: KCSAN: data-race in list_lru_count_one / list_lru_isolate_move write to 0xffffa102789c4510 of 8 bytes by task 823 on cpu 39: list_lru_isolate_move+0xf9/0x130 list_lru_isolate_move at mm/list_lru.c:180 inode_lru_isolate+0x12b/0x2a0 __list_lru_walk_one+0x122/0x3d0 list_lru_walk_one+0x75/0xa0 prune_icache_sb+0x8b/0xc0 super_cache_scan+0x1b8/0x250 do_shrink_slab+0x256/0x6d0 shrink_slab+0x41b/0x4a0 shrink_node+0x35c/0xd80 balance_pgdat+0x652/0xd90 kswapd+0x396/0x8d0 kthread+0x1e0/0x200 ret_from_fork+0x27/0x50 read to 0xffffa102789c4510 of 8 bytes by task 6345 on cpu 56: list_lru_count_one+0x116/0x2f0 list_lru_count_one at mm/list_lru.c:193 super_cache_count+0xe8/0x170 do_shrink_slab+0x95/0x6d0 shrink_slab+0x41b/0x4a0 shrink_node+0x35c/0xd80 do_try_to_free_pages+0x1f7/0xa10 try_to_free_pages+0x26c/0x5e0 __alloc_pages_slowpath+0x458/0x1290 __alloc_pages_nodemask+0x3bb/0x450 alloc_pages_vma+0x8a/0x2c0 do_anonymous_page+0x170/0x700 __handle_mm_fault+0xc9f/0xd00 handle_mm_fault+0xfc/0x2f0 do_page_fault+0x263/0x6f9 page_fault+0x34/0x40 Reported by Kernel Concurrency Sanitizer on: CPU: 56 PID: 6345 Comm: oom01 Tainted: G W L 5.5.0-next-20200205+ #4 Hardware name: HPE ProLiant DL385 Gen10/ProLiant DL385 Gen10, BIOS A40 07/10/2019 A shattered l.nr_items could affect the shrinker behaviour due to a data race. Fix it by adding READ_ONCE() for the read. Since the writes are aligned and up to word-size, assume those are safe from data races to avoid readability issues of writing WRITE_ONCE(var, var + val). Signed-off-by: Qian Cai <[email protected]> Signed-off-by: Andrew Morton <[email protected]> Cc: Marco Elver <[email protected]> Cc: Konrad Rzeszutek Wilk <[email protected]> Link: http://lkml.kernel.org/r/[email protected] Signed-off-by: Linus Torvalds <[email protected]> Change-Id: I80f9419bd90136dd7d02249af982d4a649150c06
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
我编译没啥问题,9r重新打包刷入黑屏,在cos13.1不能用吗
The text was updated successfully, but these errors were encountered: