In the case of MDIO bus registration failure due to no external PHY
devices is connected to the MAC, clk_disable_unprepare() is called in
stmmac_bus_clk_config() and intel_eth_pci_probe() respectively.

The second call in intel_eth_pci_probe() will caused the following:-

[   16.578605] intel-eth-pci 0000:00:1e.5: No PHY found
[   16.583778] intel-eth-pci 0000:00:1e.5: stmmac_dvr_probe: MDIO bus (id: 2) registration failed
[   16.680181] ------------[ cut here ]------------
[   16.684861] stmmac-0000:00:1e.5 already disabled
[   16.689547] WARNING: CPU: 13 PID: 2053 at drivers/clk/clk.c:952 clk_core_disable+0x96/0x1b0
[   16.697963] Modules linked in: dwc3 iTCO_wdt mei_hdcp iTCO_vendor_support udc_core x86_pkg_temp_thermal kvm_intel marvell10g kvm sch_fq_codel nfsd irqbypass dwmac_intel(+) stmmac uio ax88179_178a pcs_xpcs phylink uhid spi_pxa2xx_platform usbnet mei_me pcspkr tpm_crb mii i2c_i801 dw_dmac dwc3_pci thermal dw_dmac_core intel_rapl_msr libphy i2c_smbus mei tpm_tis intel_th_gth tpm_tis_core tpm intel_th_acpi intel_pmc_core intel_th i915 fuse configfs snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec snd_hda_core snd_pcm snd_timer snd soundcore
[   16.746785] CPU: 13 PID: 2053 Comm: systemd-udevd Tainted: G     U            5.13.0-rc3-intel-lts Rust-for-Linux#76
[   16.756134] Hardware name: Intel Corporation Alder Lake Client Platform/AlderLake-S ADP-S DRR4 CRB, BIOS ADLIFSI1.R00.1494.B00.2012031421 12/03/2020
[   16.769465] RIP: 0010:clk_core_disable+0x96/0x1b0
[   16.774222] Code: 00 8b 05 45 96 17 01 85 c0 7f 24 48 8b 5b 30 48 85 db 74 a5 8b 43 7c 85 c0 75 93 48 8b 33 48 c7 c7 6e 32 cc b7 e8 b2 5d 52 00 <0f> 0b 5b 5d c3 65 8b 05 76 31 18 49 89 c0 48 0f a3 05 bc 92 1a 01
[   16.793016] RSP: 0018:ffffa44580523aa0 EFLAGS: 00010086
[   16.798287] RAX: 0000000000000000 RBX: ffff8d7d0eb70a00 RCX: 0000000000000000
[   16.805435] RDX: 0000000000000002 RSI: ffffffffb7c62d5f RDI: 00000000ffffffff
[   16.812610] RBP: 0000000000000287 R08: 0000000000000000 R09: ffffa445805238d0
[   16.819759] R10: 0000000000000001 R11: 0000000000000001 R12: ffff8d7d0eb70a00
[   16.826904] R13: ffff8d7d027370c8 R14: 0000000000000006 R15: ffffa44580523ad0
[   16.834047] FS:  00007f9882fa2600(0000) GS:ffff8d80a0940000(0000) knlGS:0000000000000000
[   16.842177] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   16.847966] CR2: 00007f9882bea3d8 CR3: 000000010b126001 CR4: 0000000000370ee0
[   16.855144] Call Trace:
[   16.857614]  clk_core_disable_lock+0x1b/0x30
[   16.861941]  intel_eth_pci_probe.cold+0x11d/0x136 [dwmac_intel]
[   16.867913]  pci_device_probe+0xcf/0x150
[   16.871890]  really_probe+0xf5/0x3e0
[   16.875526]  driver_probe_device+0x64/0x150
[   16.879763]  device_driver_attach+0x53/0x60
[   16.883998]  __driver_attach+0x9f/0x150
[   16.887883]  ? device_driver_attach+0x60/0x60
[   16.892288]  ? device_driver_attach+0x60/0x60
[   16.896698]  bus_for_each_dev+0x77/0xc0
[   16.900583]  bus_add_driver+0x184/0x1f0
[   16.904469]  driver_register+0x6c/0xc0
[   16.908268]  ? 0xffffffffc07ae000
[   16.911598]  do_one_initcall+0x4a/0x210
[   16.915489]  ? kmem_cache_alloc_trace+0x305/0x4e0
[   16.920247]  do_init_module+0x5c/0x230
[   16.924057]  load_module+0x2894/0x2b70
[   16.927857]  ? __do_sys_finit_module+0xb5/0x120
[   16.932441]  __do_sys_finit_module+0xb5/0x120
[   16.936845]  do_syscall_64+0x42/0x80
[   16.940476]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   16.945586] RIP: 0033:0x7f98830e5ccd
[   16.949177] Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 93 31 0c 00 f7 d8 64 89 01 48
[   16.967970] RSP: 002b:00007ffc66b60168 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
[   16.975583] RAX: ffffffffffffffda RBX: 000055885de35ef0 RCX: 00007f98830e5ccd
[   16.982725] RDX: 0000000000000000 RSI: 00007f98832541e3 RDI: 0000000000000012
[   16.989868] RBP: 0000000000020000 R08: 0000000000000000 R09: 0000000000000000
[   16.997042] R10: 0000000000000012 R11: 0000000000000246 R12: 00007f98832541e3
[   17.004222] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffc66b60328
[   17.011369] ---[ end trace df06a3dab26b988c ]---
[   17.016062] ------------[ cut here ]------------
[   17.020701] stmmac-0000:00:1e.5 already unprepared

Removing the stmmac_bus_clks_config() call in stmmac_dvr_probe and let
dwmac-intel to handle the unprepare and disable of the clk device.

Fixes: 5ec5582 ("net: stmmac: add clocks management for gmac driver")
Cc: Joakim Zhang <qiangqing.zhang@nxp.com>
Signed-off-by: Wong Vee Khee <vee.khee.wong@linux.intel.com>
Reviewed-by: Joakim Zhang <qiangqing.zhang@nxp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

With latest clang18, I hit test_progs failures for the following test:

  #13/2    bpf_cookie/multi_kprobe_link_api:FAIL
  #13/3    bpf_cookie/multi_kprobe_attach_api:FAIL
  #13      bpf_cookie:FAIL
  #75      fentry_fexit:FAIL
  #76/1    fentry_test/fentry:FAIL
  #76      fentry_test:FAIL
  #80/1    fexit_test/fexit:FAIL
  #80      fexit_test:FAIL
  #110/1   kprobe_multi_test/skel_api:FAIL
  #110/2   kprobe_multi_test/link_api_addrs:FAIL
  #110/3   kprobe_multi_test/link_api_syms:FAIL
  #110/4   kprobe_multi_test/attach_api_pattern:FAIL
  #110/5   kprobe_multi_test/attach_api_addrs:FAIL
  #110/6   kprobe_multi_test/attach_api_syms:FAIL
  #110     kprobe_multi_test:FAIL

For example, for #13/2, the error messages are:

  [...]
  kprobe_multi_test_run:FAIL:kprobe_test7_result unexpected kprobe_test7_result: actual 0 != expected 1
  [...]
  kprobe_multi_test_run:FAIL:kretprobe_test7_result unexpected kretprobe_test7_result: actual 0 != expected 1

clang17 does not have this issue.

Further investigation shows that kernel func bpf_fentry_test7(), used in
the above tests, is inlined by the compiler although it is marked as
noinline.

  int noinline bpf_fentry_test7(struct bpf_fentry_test_t *arg)
  {
        return (long)arg;
  }

It is known that for simple functions like the above (e.g. just returning
a constant or an input argument), the clang compiler may still do inlining
for a noinline function. Adding 'asm volatile ("")' in the beginning of the
bpf_fentry_test7() can prevent inlining.

Signed-off-by: Yonghong Song <yonghong.song@linux.dev>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Tested-by: Eduard Zingerman <eddyz87@gmail.com>
Link: https://lore.kernel.org/bpf/20230826200843.2210074-1-yonghong.song@linux.dev

It uses Opaque type to get the mutable reference to an object
inside of super object wrapped with Arc.
Opaque::raw_get() function returns mutable pointer.

But it still has a problem as below.
A spinlock in the completion object might not be initialized correctly.

/ # insmod share/rust_ldd06.ko
[    8.838768] rust_ldd06: module verification failed: signature and/or required key missing - tal
[    8.841700] rust_completion: rust_ldd06 is loaded
[    8.842994] rust_completion: completion_dev created
/ # mknod /dev/rust_ldd06 c 10 124
/ # cat /dev/rust_ldd06 &
/ # [   28.024130] rust_completion: open is invoked
[   28.025404] rust_completion: read is invoked

/ # echo "asdf" > /dev/rust_ldd06
[   34.750500] rust_completion: open is invoked
[   34.751870] rust_completion: write is invoked
[   34.753140] BUG: unable to handle page fault for address: ffffc90000594743
[   34.754996] #PF: supervisor write access in kernel mode
[   34.756442] #PF: error_code(0x0002) - not-present page
[   34.757111] PGD 3000067 P4D 3000067 PUD 31a7067 PMD 414b067 PTE 0
[   34.757111] Oops: 0002 [#1] PREEMPT SMP NOPTI
[   34.757111] CPU: 0 PID: 1 Comm: sh Tainted: G            E      6.6.0-rc4+ Rust-for-Linux#76
[   34.757111] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
[   34.757111] RIP: 0010:_raw_spin_lock_irqsave+0x32/0xa0
[   34.757111] Code: e5 41 57 41 56 41 54 53 49 89 ff 9c 58 0f 1f 40 00 49 89 c6 fa 0f 1f 44 00 01
[   34.757111] RSP: 0018:ffffc9000000bd30 EFLAGS: 00010046
[   34.757111] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   34.757111] RDX: 0000000000000000 RSI: 0000000000000003 RDI: ffffc90000594743
[   34.757111] RBP: ffffc9000000bd50 R08: 0000000000000000 R09: 0000000000000000
[   34.757111] R10: ffffc9000000bca8 R11: 3fffffffffffffff R12: 0000000000000000
[   34.757111] R13: 0000000000000005 R14: 0000000000000097 R15: ffffc90000594743
[   34.757111] FS:  0000000001d1c3c0(0000) GS:ffff888007a00000(0000) knlGS:0000000000000000
[   34.757111] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   34.757111] CR2: ffffc90000594743 CR3: 0000000004322000 CR4: 00000000000006f0
[   34.757111] Call Trace:
[   34.757111]  <TASK>
[   34.757111]  ? __die_body+0x6b/0xb0
[   34.757111]  ? __die+0x9b/0xb0
[   34.757111]  ? page_fault_oops+0x24c/0x370
[   34.757111]  ? prb_read_valid+0x19/0x20
[   34.757111]  ? printk_get_next_message+0x72/0x320
[   34.757111]  ? kernelmode_fixup_or_oops+0xd7/0x100
[   34.757111]  ? __bad_area_nosemaphore+0x69/0x290
[   34.757111]  ? io_serial_in+0x50/0x50
[   34.757111]  ? bad_area_nosemaphore+0x16/0x20
[   34.757111]  ? do_kern_addr_fault+0x7c/0x90
[   34.757111]  ? exc_page_fault+0xcf/0xf0
[   34.757111]  ? asm_exc_page_fault+0x27/0x30
[   34.757111]  ? _raw_spin_lock_irqsave+0x32/0xa0
[   34.757111]  try_to_wake_up+0x46/0x860
[   34.757111]  ? vprintk+0x52/0x60
[   34.757111]  ? _printk+0x4b/0x50
[   34.757111]  complete+0x4c/0x80
[   34.757111]  _RNvMs3_NtCshlmskAEPslc_6kernel4fileINtB5_16OperationsVtableINtNtB7_7miscdev12Reg]
[   34.757111]  vfs_write+0x111/0x3d0
[   34.757111]  ? handle_mm_fault+0x1e5/0x2e0
[   34.757111]  ksys_write+0x5f/0xb0
[   34.757111]  __x64_sys_write+0x1b/0x20
[   34.757111]  do_syscall_64+0x35/0x50
[   34.757111]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   34.757111] RIP: 0033:0x4ad317
[   34.757111] Code: ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 f3 0f 1e fa 64 8b 04
[   34.757111] RSP: 002b:00007ffc77a92d48 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   34.757111] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00000000004ad317
[   34.757111] RDX: 0000000000000005 RSI: 0000000001d21a50 RDI: 0000000000000001
[   34.757111] RBP: 0000000001d21a50 R08: fefefefefefefeff R09: feff86ff65637260
[   34.757111] R10: 00000000000001b6 R11: 0000000000000246 R12: 0000000000000005
[   34.757111] R13: 0000000001d1c3a0 R14: 00007ffc77a92f01 R15: 00007ffc77a92db0
[   34.757111]  </TASK>
[   34.757111] Modules linked in: rust_ldd06(E)
[   34.757111] CR2: ffffc90000594743
[   34.757111] ---[ end trace 0000000000000000 ]---
[   34.757111] RIP: 0010:_raw_spin_lock_irqsave+0x32/0xa0
[   34.757111] Code: e5 41 57 41 56 41 54 53 49 89 ff 9c 58 0f 1f 40 00 49 89 c6 fa 0f 1f 44 00 01
[   34.757111] RSP: 0018:ffffc9000000bd30 EFLAGS: 00010046
[   34.757111] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   34.757111] RDX: 0000000000000000 RSI: 0000000000000003 RDI: ffffc90000594743
[   34.757111] RBP: ffffc9000000bd50 R08: 0000000000000000 R09: 0000000000000000
[   34.757111] R10: ffffc9000000bca8 R11: 3fffffffffffffff R12: 0000000000000000
[   34.757111] R13: 0000000000000005 R14: 0000000000000097 R15: ffffc90000594743
[   34.757111] FS:  0000000001d1c3c0(0000) GS:ffff888007a00000(0000) knlGS:0000000000000000
[   34.757111] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   34.757111] CR2: ffffc90000594743 CR3: 0000000004322000 CR4: 00000000000006f0
[   34.757111] note: sh[1] exited with irqs disabled
[   34.818149] note: sh[1] exited with preempt_count 3
[   34.818663] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000009
[   34.819478] Kernel Offset: disabled
[   34.819864] ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000009 ]-
QEMU 6.2.0 monitor - type 'help' for more information

Signed-off-by: Gioh Kim <gurugio@gmail.com>

It uses Opaque type to get the mutable reference to an object
inside of super object wrapped with Arc.
Opaque::raw_get() function returns mutable pointer.

But it still has a problem as below.
A spinlock in the completion object might not be initialized correctly.

/ # insmod share/rust_ldd06.ko
[    8.838768] rust_ldd06: module verification failed: signature and/or required key missing - tal
[    8.841700] rust_completion: rust_ldd06 is loaded
[    8.842994] rust_completion: completion_dev created
/ # mknod /dev/rust_ldd06 c 10 124
/ # cat /dev/rust_ldd06 &
/ # [   28.024130] rust_completion: open is invoked
[   28.025404] rust_completion: read is invoked

/ # echo "asdf" > /dev/rust_ldd06
[   34.750500] rust_completion: open is invoked
[   34.751870] rust_completion: write is invoked
[   34.753140] BUG: unable to handle page fault for address: ffffc90000594743
[   34.754996] #PF: supervisor write access in kernel mode
[   34.756442] #PF: error_code(0x0002) - not-present page
[   34.757111] PGD 3000067 P4D 3000067 PUD 31a7067 PMD 414b067 PTE 0
[   34.757111] Oops: 0002 [#1] PREEMPT SMP NOPTI
[   34.757111] CPU: 0 PID: 1 Comm: sh Tainted: G            E      6.6.0-rc4+ Rust-for-Linux#76
[   34.757111] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
[   34.757111] RIP: 0010:_raw_spin_lock_irqsave+0x32/0xa0
[   34.757111] Code: e5 41 57 41 56 41 54 53 49 89 ff 9c 58 0f 1f 40 00 49 89 c6 fa 0f 1f 44 00 01
[   34.757111] RSP: 0018:ffffc9000000bd30 EFLAGS: 00010046
[   34.757111] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   34.757111] RDX: 0000000000000000 RSI: 0000000000000003 RDI: ffffc90000594743
[   34.757111] RBP: ffffc9000000bd50 R08: 0000000000000000 R09: 0000000000000000
[   34.757111] R10: ffffc9000000bca8 R11: 3fffffffffffffff R12: 0000000000000000
[   34.757111] R13: 0000000000000005 R14: 0000000000000097 R15: ffffc90000594743
[   34.757111] FS:  0000000001d1c3c0(0000) GS:ffff888007a00000(0000) knlGS:0000000000000000
[   34.757111] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   34.757111] CR2: ffffc90000594743 CR3: 0000000004322000 CR4: 00000000000006f0
[   34.757111] Call Trace:
[   34.757111]  <TASK>
[   34.757111]  ? __die_body+0x6b/0xb0
[   34.757111]  ? __die+0x9b/0xb0
[   34.757111]  ? page_fault_oops+0x24c/0x370
[   34.757111]  ? prb_read_valid+0x19/0x20
[   34.757111]  ? printk_get_next_message+0x72/0x320
[   34.757111]  ? kernelmode_fixup_or_oops+0xd7/0x100
[   34.757111]  ? __bad_area_nosemaphore+0x69/0x290
[   34.757111]  ? io_serial_in+0x50/0x50
[   34.757111]  ? bad_area_nosemaphore+0x16/0x20
[   34.757111]  ? do_kern_addr_fault+0x7c/0x90
[   34.757111]  ? exc_page_fault+0xcf/0xf0
[   34.757111]  ? asm_exc_page_fault+0x27/0x30
[   34.757111]  ? _raw_spin_lock_irqsave+0x32/0xa0
[   34.757111]  try_to_wake_up+0x46/0x860
[   34.757111]  ? vprintk+0x52/0x60
[   34.757111]  ? _printk+0x4b/0x50
[   34.757111]  complete+0x4c/0x80
[   34.757111]  _RNvMs3_NtCshlmskAEPslc_6kernel4fileINtB5_16OperationsVtableINtNtB7_7miscdev12Reg]
[   34.757111]  vfs_write+0x111/0x3d0
[   34.757111]  ? handle_mm_fault+0x1e5/0x2e0
[   34.757111]  ksys_write+0x5f/0xb0
[   34.757111]  __x64_sys_write+0x1b/0x20
[   34.757111]  do_syscall_64+0x35/0x50
[   34.757111]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   34.757111] RIP: 0033:0x4ad317
[   34.757111] Code: ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 f3 0f 1e fa 64 8b 04
[   34.757111] RSP: 002b:00007ffc77a92d48 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   34.757111] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00000000004ad317
[   34.757111] RDX: 0000000000000005 RSI: 0000000001d21a50 RDI: 0000000000000001
[   34.757111] RBP: 0000000001d21a50 R08: fefefefefefefeff R09: feff86ff65637260
[   34.757111] R10: 00000000000001b6 R11: 0000000000000246 R12: 0000000000000005
[   34.757111] R13: 0000000001d1c3a0 R14: 00007ffc77a92f01 R15: 00007ffc77a92db0
[   34.757111]  </TASK>
[   34.757111] Modules linked in: rust_ldd06(E)
[   34.757111] CR2: ffffc90000594743
[   34.757111] ---[ end trace 0000000000000000 ]---
[   34.757111] RIP: 0010:_raw_spin_lock_irqsave+0x32/0xa0
[   34.757111] Code: e5 41 57 41 56 41 54 53 49 89 ff 9c 58 0f 1f 40 00 49 89 c6 fa 0f 1f 44 00 01
[   34.757111] RSP: 0018:ffffc9000000bd30 EFLAGS: 00010046
[   34.757111] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   34.757111] RDX: 0000000000000000 RSI: 0000000000000003 RDI: ffffc90000594743
[   34.757111] RBP: ffffc9000000bd50 R08: 0000000000000000 R09: 0000000000000000
[   34.757111] R10: ffffc9000000bca8 R11: 3fffffffffffffff R12: 0000000000000000
[   34.757111] R13: 0000000000000005 R14: 0000000000000097 R15: ffffc90000594743
[   34.757111] FS:  0000000001d1c3c0(0000) GS:ffff888007a00000(0000) knlGS:0000000000000000
[   34.757111] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   34.757111] CR2: ffffc90000594743 CR3: 0000000004322000 CR4: 00000000000006f0
[   34.757111] note: sh[1] exited with irqs disabled
[   34.818149] note: sh[1] exited with preempt_count 3
[   34.818663] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000009
[   34.819478] Kernel Offset: disabled
[   34.819864] ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000009 ]-
QEMU 6.2.0 monitor - type 'help' for more information

Signed-off-by: Gioh Kim <gurugio@gmail.com>

It uses Opaque type to get the mutable reference to an object
inside of super object wrapped with Arc.
Opaque::raw_get() function returns mutable pointer.

But it still has a problem as below.
A spinlock in the completion object might not be initialized correctly.

/ # insmod share/rust_ldd06.ko
[    8.838768] rust_ldd06: module verification failed: signature and/or required key missing - tal
[    8.841700] rust_completion: rust_ldd06 is loaded
[    8.842994] rust_completion: completion_dev created
/ # mknod /dev/rust_ldd06 c 10 124
/ # cat /dev/rust_ldd06 &
/ # [   28.024130] rust_completion: open is invoked
[   28.025404] rust_completion: read is invoked

/ # echo "asdf" > /dev/rust_ldd06
[   34.750500] rust_completion: open is invoked
[   34.751870] rust_completion: write is invoked
[   34.753140] BUG: unable to handle page fault for address: ffffc90000594743
[   34.754996] #PF: supervisor write access in kernel mode
[   34.756442] #PF: error_code(0x0002) - not-present page
[   34.757111] PGD 3000067 P4D 3000067 PUD 31a7067 PMD 414b067 PTE 0
[   34.757111] Oops: 0002 [#1] PREEMPT SMP NOPTI
[   34.757111] CPU: 0 PID: 1 Comm: sh Tainted: G            E      6.6.0-rc4+ Rust-for-Linux#76
[   34.757111] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
[   34.757111] RIP: 0010:_raw_spin_lock_irqsave+0x32/0xa0
[   34.757111] Code: e5 41 57 41 56 41 54 53 49 89 ff 9c 58 0f 1f 40 00 49 89 c6 fa 0f 1f 44 00 01
[   34.757111] RSP: 0018:ffffc9000000bd30 EFLAGS: 00010046
[   34.757111] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   34.757111] RDX: 0000000000000000 RSI: 0000000000000003 RDI: ffffc90000594743
[   34.757111] RBP: ffffc9000000bd50 R08: 0000000000000000 R09: 0000000000000000
[   34.757111] R10: ffffc9000000bca8 R11: 3fffffffffffffff R12: 0000000000000000
[   34.757111] R13: 0000000000000005 R14: 0000000000000097 R15: ffffc90000594743
[   34.757111] FS:  0000000001d1c3c0(0000) GS:ffff888007a00000(0000) knlGS:0000000000000000
[   34.757111] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   34.757111] CR2: ffffc90000594743 CR3: 0000000004322000 CR4: 00000000000006f0
[   34.757111] Call Trace:
[   34.757111]  <TASK>
[   34.757111]  ? __die_body+0x6b/0xb0
[   34.757111]  ? __die+0x9b/0xb0
[   34.757111]  ? page_fault_oops+0x24c/0x370
[   34.757111]  ? prb_read_valid+0x19/0x20
[   34.757111]  ? printk_get_next_message+0x72/0x320
[   34.757111]  ? kernelmode_fixup_or_oops+0xd7/0x100
[   34.757111]  ? __bad_area_nosemaphore+0x69/0x290
[   34.757111]  ? io_serial_in+0x50/0x50
[   34.757111]  ? bad_area_nosemaphore+0x16/0x20
[   34.757111]  ? do_kern_addr_fault+0x7c/0x90
[   34.757111]  ? exc_page_fault+0xcf/0xf0
[   34.757111]  ? asm_exc_page_fault+0x27/0x30
[   34.757111]  ? _raw_spin_lock_irqsave+0x32/0xa0
[   34.757111]  try_to_wake_up+0x46/0x860
[   34.757111]  ? vprintk+0x52/0x60
[   34.757111]  ? _printk+0x4b/0x50
[   34.757111]  complete+0x4c/0x80
[   34.757111]  _RNvMs3_NtCshlmskAEPslc_6kernel4fileINtB5_16OperationsVtableINtNtB7_7miscdev12Reg]
[   34.757111]  vfs_write+0x111/0x3d0
[   34.757111]  ? handle_mm_fault+0x1e5/0x2e0
[   34.757111]  ksys_write+0x5f/0xb0
[   34.757111]  __x64_sys_write+0x1b/0x20
[   34.757111]  do_syscall_64+0x35/0x50
[   34.757111]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   34.757111] RIP: 0033:0x4ad317
[   34.757111] Code: ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 f3 0f 1e fa 64 8b 04
[   34.757111] RSP: 002b:00007ffc77a92d48 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   34.757111] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00000000004ad317
[   34.757111] RDX: 0000000000000005 RSI: 0000000001d21a50 RDI: 0000000000000001
[   34.757111] RBP: 0000000001d21a50 R08: fefefefefefefeff R09: feff86ff65637260
[   34.757111] R10: 00000000000001b6 R11: 0000000000000246 R12: 0000000000000005
[   34.757111] R13: 0000000001d1c3a0 R14: 00007ffc77a92f01 R15: 00007ffc77a92db0
[   34.757111]  </TASK>
[   34.757111] Modules linked in: rust_ldd06(E)
[   34.757111] CR2: ffffc90000594743
[   34.757111] ---[ end trace 0000000000000000 ]---
[   34.757111] RIP: 0010:_raw_spin_lock_irqsave+0x32/0xa0
[   34.757111] Code: e5 41 57 41 56 41 54 53 49 89 ff 9c 58 0f 1f 40 00 49 89 c6 fa 0f 1f 44 00 01
[   34.757111] RSP: 0018:ffffc9000000bd30 EFLAGS: 00010046
[   34.757111] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[   34.757111] RDX: 0000000000000000 RSI: 0000000000000003 RDI: ffffc90000594743
[   34.757111] RBP: ffffc9000000bd50 R08: 0000000000000000 R09: 0000000000000000
[   34.757111] R10: ffffc9000000bca8 R11: 3fffffffffffffff R12: 0000000000000000
[   34.757111] R13: 0000000000000005 R14: 0000000000000097 R15: ffffc90000594743
[   34.757111] FS:  0000000001d1c3c0(0000) GS:ffff888007a00000(0000) knlGS:0000000000000000
[   34.757111] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   34.757111] CR2: ffffc90000594743 CR3: 0000000004322000 CR4: 00000000000006f0
[   34.757111] note: sh[1] exited with irqs disabled
[   34.818149] note: sh[1] exited with preempt_count 3
[   34.818663] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000009
[   34.819478] Kernel Offset: disabled
[   34.819864] ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000009 ]-
QEMU 6.2.0 monitor - type 'help' for more information

Signed-off-by: Gioh Kim <gurugio@gmail.com>

On arm64 machines, swsusp_save() faults if it attempts to access
MEMBLOCK_NOMAP memory ranges. This can be reproduced in QEMU using UEFI
when booting with rodata=off debug_pagealloc=off and CONFIG_KFENCE=n:

  Unable to handle kernel paging request at virtual address ffffff8000000000
  Mem abort info:
    ESR = 0x0000000096000007
    EC = 0x25: DABT (current EL), IL = 32 bits
    SET = 0, FnV = 0
    EA = 0, S1PTW = 0
    FSC = 0x07: level 3 translation fault
  Data abort info:
    ISV = 0, ISS = 0x00000007, ISS2 = 0x00000000
    CM = 0, WnR = 0, TnD = 0, TagAccess = 0
    GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
  swapper pgtable: 4k pages, 39-bit VAs, pgdp=00000000eeb0b000
  [ffffff8000000000] pgd=180000217fff9803, p4d=180000217fff9803, pud=180000217fff9803, pmd=180000217fff8803, pte=0000000000000000
  Internal error: Oops: 0000000096000007 [#1] SMP
  Internal error: Oops: 0000000096000007 [#1] SMP
  Modules linked in: xt_multiport ipt_REJECT nf_reject_ipv4 xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 libcrc32c iptable_filter bpfilter rfkill at803x snd_hda_codec_hdmi snd_hda_intel snd_intel_dspcfg dwmac_generic stmmac_platform snd_hda_codec stmmac joydev pcs_xpcs snd_hda_core phylink ppdev lp parport ramoops reed_solomon ip_tables x_tables nls_iso8859_1 vfat multipath linear amdgpu amdxcp drm_exec gpu_sched drm_buddy hid_generic usbhid hid radeon video drm_suballoc_helper drm_ttm_helper ttm i2c_algo_bit drm_display_helper cec drm_kms_helper drm
  CPU: 0 PID: 3663 Comm: systemd-sleep Not tainted 6.6.2+ #76
  Source Version: 4e22ed63a0a48e7a7cff9b98b7806d8d4add7dc0
  Hardware name: Greatwall GW-XXXXXX-XXX/GW-XXXXXX-XXX, BIOS KunLun BIOS V4.0 01/19/2021
  pstate: 600003c5 (nZCv DAIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
  pc : swsusp_save+0x280/0x538
  lr : swsusp_save+0x280/0x538
  sp : ffffffa034a3fa40
  x29: ffffffa034a3fa40 x28: ffffff8000001000 x27: 0000000000000000
  x26: ffffff8001400000 x25: ffffffc08113e248 x24: 0000000000000000
  x23: 0000000000080000 x22: ffffffc08113e280 x21: 00000000000c69f2
  x20: ffffff8000000000 x19: ffffffc081ae2500 x18: 0000000000000000
  x17: 6666662074736420 x16: 3030303030303030 x15: 3038666666666666
  x14: 0000000000000b69 x13: ffffff9f89088530 x12: 00000000ffffffea
  x11: 00000000ffff7fff x10: 00000000ffff7fff x9 : ffffffc08193f0d0
  x8 : 00000000000bffe8 x7 : c0000000ffff7fff x6 : 0000000000000001
  x5 : ffffffa0fff09dc8 x4 : 0000000000000000 x3 : 0000000000000027
  x2 : 0000000000000000 x1 : 0000000000000000 x0 : 000000000000004e
  Call trace:
   swsusp_save+0x280/0x538
   swsusp_arch_suspend+0x148/0x190
   hibernation_snapshot+0x240/0x39c
   hibernate+0xc4/0x378
   state_store+0xf0/0x10c
   kobj_attr_store+0x14/0x24

The reason is swsusp_save() -> copy_data_pages() -> page_is_saveable()
-> kernel_page_present() assuming that a page is always present when
can_set_direct_map() is false (all of rodata_full,
debug_pagealloc_enabled() and arm64_kfence_can_set_direct_map() false),
irrespective of the MEMBLOCK_NOMAP ranges. Such MEMBLOCK_NOMAP regions
should not be saved during hibernation.

This problem was introduced by changes to the pfn_valid() logic in
commit a7d9f30 ("arm64: drop pfn_valid_within() and simplify
pfn_valid()").

Similar to other architectures, drop the !can_set_direct_map() check in
kernel_page_present() so that page_is_savable() skips such pages.

Fixes: a7d9f30 ("arm64: drop pfn_valid_within() and simplify pfn_valid()")
Cc: <stable@vger.kernel.org> # 5.14.x
Suggested-by: Mike Rapoport <rppt@kernel.org>
Suggested-by: Catalin Marinas <catalin.marinas@arm.com>
Co-developed-by: xiongxin <xiongxin@kylinos.cn>
Signed-off-by: xiongxin <xiongxin@kylinos.cn>
Signed-off-by: Yaxiong Tian <tianyaxiong@kylinos.cn>
Acked-by: Mike Rapoport (IBM) <rppt@kernel.org>
Link: https://lore.kernel.org/r/20240417025248.386622-1-tianyaxiong@kylinos.cn
[catalin.marinas@arm.com: rework commit message]
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>

…hunk()

[BUG]
There is an internal report that KASAN is reporting use-after-free, with
the following backtrace:

  BUG: KASAN: slab-use-after-free in btrfs_check_read_bio+0xa68/0xb70 [btrfs]
  Read of size 4 at addr ffff8881117cec28 by task kworker/u16:2/45
  CPU: 1 UID: 0 PID: 45 Comm: kworker/u16:2 Not tainted 6.11.0-rc2-next-20240805-default+ Rust-for-Linux#76
  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014
  Workqueue: btrfs-endio btrfs_end_bio_work [btrfs]
  Call Trace:
   dump_stack_lvl+0x61/0x80
   print_address_description.constprop.0+0x5e/0x2f0
   print_report+0x118/0x216
   kasan_report+0x11d/0x1f0
   btrfs_check_read_bio+0xa68/0xb70 [btrfs]
   process_one_work+0xce0/0x12a0
   worker_thread+0x717/0x1250
   kthread+0x2e3/0x3c0
   ret_from_fork+0x2d/0x70
   ret_from_fork_asm+0x11/0x20

  Allocated by task 20917:
   kasan_save_stack+0x37/0x60
   kasan_save_track+0x10/0x30
   __kasan_slab_alloc+0x7d/0x80
   kmem_cache_alloc_noprof+0x16e/0x3e0
   mempool_alloc_noprof+0x12e/0x310
   bio_alloc_bioset+0x3f0/0x7a0
   btrfs_bio_alloc+0x2e/0x50 [btrfs]
   submit_extent_page+0x4d1/0xdb0 [btrfs]
   btrfs_do_readpage+0x8b4/0x12a0 [btrfs]
   btrfs_readahead+0x29a/0x430 [btrfs]
   read_pages+0x1a7/0xc60
   page_cache_ra_unbounded+0x2ad/0x560
   filemap_get_pages+0x629/0xa20
   filemap_read+0x335/0xbf0
   vfs_read+0x790/0xcb0
   ksys_read+0xfd/0x1d0
   do_syscall_64+0x6d/0x140
   entry_SYSCALL_64_after_hwframe+0x4b/0x53

  Freed by task 20917:
   kasan_save_stack+0x37/0x60
   kasan_save_track+0x10/0x30
   kasan_save_free_info+0x37/0x50
   __kasan_slab_free+0x4b/0x60
   kmem_cache_free+0x214/0x5d0
   bio_free+0xed/0x180
   end_bbio_data_read+0x1cc/0x580 [btrfs]
   btrfs_submit_chunk+0x98d/0x1880 [btrfs]
   btrfs_submit_bio+0x33/0x70 [btrfs]
   submit_one_bio+0xd4/0x130 [btrfs]
   submit_extent_page+0x3ea/0xdb0 [btrfs]
   btrfs_do_readpage+0x8b4/0x12a0 [btrfs]
   btrfs_readahead+0x29a/0x430 [btrfs]
   read_pages+0x1a7/0xc60
   page_cache_ra_unbounded+0x2ad/0x560
   filemap_get_pages+0x629/0xa20
   filemap_read+0x335/0xbf0
   vfs_read+0x790/0xcb0
   ksys_read+0xfd/0x1d0
   do_syscall_64+0x6d/0x140
   entry_SYSCALL_64_after_hwframe+0x4b/0x53

[CAUSE]
Although I cannot reproduce the error, the report itself is good enough
to pin down the cause.

The call trace is the regular endio workqueue context, but the
free-by-task trace is showing that during btrfs_submit_chunk() we
already hit a critical error, and is calling btrfs_bio_end_io() to error
out.  And the original endio function called bio_put() to free the whole
bio.

This means a double freeing thus causing use-after-free, e.g.:

1. Enter btrfs_submit_bio() with a read bio
   The read bio length is 128K, crossing two 64K stripes.

2. The first run of btrfs_submit_chunk()

2.1 Call btrfs_map_block(), which returns 64K
2.2 Call btrfs_split_bio()
    Now there are two bios, one referring to the first 64K, the other
    referring to the second 64K.
2.3 The first half is submitted.

3. The second run of btrfs_submit_chunk()

3.1 Call btrfs_map_block(), which by somehow failed
    Now we call btrfs_bio_end_io() to handle the error

3.2 btrfs_bio_end_io() calls the original endio function
    Which is end_bbio_data_read(), and it calls bio_put() for the
    original bio.

    Now the original bio is freed.

4. The submitted first 64K bio finished
   Now we call into btrfs_check_read_bio() and tries to advance the bio
   iter.
   But since the original bio (thus its iter) is already freed, we
   trigger the above use-after free.

   And even if the memory is not poisoned/corrupted, we will later call
   the original endio function, causing a double freeing.

[FIX]
Instead of calling btrfs_bio_end_io(), call btrfs_orig_bbio_end_io(),
which has the extra check on split bios and do the proper refcounting
for cloned bios.

Furthermore there is already one extra btrfs_cleanup_bio() call, but
that is duplicated to btrfs_orig_bbio_end_io() call, so remove that
label completely.

Reported-by: David Sterba <dsterba@suse.com>
Fixes: 852eee6 ("btrfs: allow btrfs_submit_bio to split bios")
CC: stable@vger.kernel.org # 6.6+
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>