May 2018 - Linux-stable-mirror

by Greg KH

I'm announcing the release of the 4.16.7 kernel. All users of the 4.16 kernel series must upgrade. The updated 4.16.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.16.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/virtual/kvm/api.txt | 9 Documentation/virtual/kvm/arm/psci.txt | 30 ++ Makefile | 2 arch/arm/boot/dts/gemini-nas4220b.dts | 28 +- arch/arm/configs/socfpga_defconfig | 1 arch/arm/include/asm/kvm_host.h | 3 arch/arm/include/uapi/asm/kvm.h | 6 arch/arm/kvm/guest.c | 13 arch/arm64/include/asm/kvm_host.h | 3 arch/arm64/include/uapi/asm/kvm.h | 6 arch/arm64/kvm/guest.c | 14 - arch/powerpc/kernel/mce_power.c | 7 arch/powerpc/mm/mem.c | 2 arch/powerpc/platforms/powernv/npu-dma.c | 23 + arch/powerpc/platforms/powernv/opal-rtc.c | 8 arch/sparc/include/uapi/asm/oradax.h | 2 arch/x86/include/uapi/asm/msgbuf.h | 31 ++ arch/x86/include/uapi/asm/shmbuf.h | 42 +++ arch/x86/kernel/cpu/microcode/core.c | 6 arch/x86/kernel/cpu/microcode/intel.c | 2 arch/x86/kernel/smpboot.c | 2 block/bfq-iosched.c | 10 block/blk-core.c | 15 - block/blk-mq.c | 7 crypto/drbg.c | 2 drivers/amba/bus.c | 17 - drivers/android/binder.c | 8 drivers/char/random.c | 90 +++++- drivers/char/virtio_console.c | 157 +++++------- drivers/cpufreq/powernv-cpufreq.c | 14 - drivers/crypto/ccp/sp-dev.c | 6 drivers/fpga/altera-ps-spi.c | 2 drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c | 7 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 10 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_irq.c | 5 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 32 -- drivers/gpu/drm/drm_edid.c | 11 drivers/gpu/drm/i915/intel_cdclk.c | 16 + drivers/gpu/drm/i915/intel_fbdev.c | 2 drivers/gpu/drm/i915/intel_runtime_pm.c | 11 drivers/gpu/drm/virtio/virtgpu_vq.c | 4 drivers/mtd/chips/cfi_cmdset_0001.c | 33 ++ drivers/mtd/chips/cfi_cmdset_0002.c | 9 drivers/mtd/nand/marvell_nand.c | 25 - drivers/mtd/nand/tango_nand.c | 2 drivers/mtd/spi-nor/cadence-quadspi.c | 19 + drivers/of/fdt.c | 7 drivers/pci/host/pci-aardvark.c | 53 ++-- drivers/pci/pci-driver.c | 5 drivers/rtc/rtc-opal.c | 37 +- drivers/s390/cio/vfio_ccw_fsm.c | 19 - drivers/sbus/char/oradax.c | 2 drivers/scsi/sd.c | 2 drivers/scsi/sd_zbc.c | 140 ++++++---- drivers/slimbus/messaging.c | 2 drivers/tty/n_gsm.c | 23 + drivers/tty/serial/earlycon.c | 6 drivers/tty/serial/mvebu-uart.c | 1 drivers/tty/tty_io.c | 5 drivers/tty/tty_ldisc.c | 29 -- drivers/usb/core/hcd.c | 1 drivers/usb/core/hub.c | 10 drivers/usb/core/quirks.c | 3 drivers/usb/host/xhci-dbgtty.c | 8 drivers/usb/host/xhci-pci.c | 5 drivers/usb/host/xhci-plat.c | 1 drivers/usb/serial/Kconfig | 1 drivers/usb/serial/cp210x.c | 1 drivers/usb/serial/ftdi_sio.c | 3 drivers/usb/serial/usb-serial-simple.c | 7 drivers/usb/typec/ucsi/ucsi.c | 2 drivers/usb/usbip/stub_main.c | 5 drivers/usb/usbip/usbip_common.h | 2 drivers/usb/usbip/usbip_event.c | 4 drivers/usb/usbip/vhci_hcd.c | 13 drivers/virt/vboxguest/vboxguest_core.c | 66 ++--- drivers/virt/vboxguest/vboxguest_core.h | 9 drivers/virt/vboxguest/vboxguest_linux.c | 19 + drivers/virt/vboxguest/vboxguest_utils.c | 17 - fs/cifs/cifssmb.c | 3 fs/cifs/smb2ops.c | 18 + fs/cifs/smb2pdu.c | 4 fs/cifs/smbdirect.c | 36 -- fs/cifs/transport.c | 4 fs/ext4/balloc.c | 17 + fs/ext4/extents.c | 16 - fs/ext4/ialloc.c | 7 fs/ext4/super.c | 1 fs/jbd2/transaction.c | 1 include/asm-generic/vmlinux.lds.h | 2 include/kvm/arm_psci.h | 16 + include/linux/blkdev.h | 5 include/linux/mtd/flashchip.h | 1 include/linux/serial_core.h | 21 + include/linux/tty.h | 2 include/linux/vbox_utils.h | 23 - include/linux/virtio.h | 3 include/sound/control.h | 7 kernel/module.c | 3 kernel/time/tick-sched.c | 11 lib/kobject.c | 12 net/ceph/messenger.c | 7 net/ceph/mon_client.c | 14 - sound/core/pcm_compat.c | 7 sound/core/pcm_native.c | 24 - sound/core/seq/oss/seq_oss_event.c | 15 - sound/core/seq/oss/seq_oss_midi.c | 2 sound/core/seq/oss/seq_oss_synth.c | 85 +++--- sound/core/seq/oss/seq_oss_synth.h | 3 sound/drivers/opl3/opl3_synth.c | 7 sound/firewire/dice/dice-stream.c | 2 sound/firewire/dice/dice.c | 2 sound/pci/asihpi/hpimsginit.c | 13 sound/pci/asihpi/hpioctl.c | 4 sound/pci/hda/hda_hwdep.c | 12 sound/pci/hda/patch_hdmi.c | 9 sound/pci/hda/patch_realtek.c | 5 sound/pci/rme9652/hdspm.c | 24 + sound/pci/rme9652/rme9652.c | 6 sound/soc/fsl/fsl_esai.c | 7 sound/soc/omap/omap-dmic.c | 14 - sound/usb/mixer_maps.c | 3 tools/lib/str_error_r.c | 2 virt/kvm/arm/arm.c | 15 - virt/kvm/arm/psci.c | 60 ++++ 125 files changed, 1216 insertions(+), 601 deletions(-) Abhay Kumar (1): drm/i915/audio: set minimum CD clock to twice the BCLK Alan Jenkins (1): block: do not use interruptible wait anywhere Alistair Popple (1): powerpc/powernv/npu: Do a PID GPU TLB flush when invalidating a large address range Anatolij Gustschin (1): fpga-manager: altera-ps-spi: preserve nCONFIG state Arnd Bergmann (1): x86/ipc: Fix x32 version of shmid64_ds and msqid64_ds Balbir Singh (1): powerpc/mm: Flush cache on memory hot(un)plug Bart Van Assche (1): scsi: sd_zbc: Avoid that resetting a zone fails sporadically Borislav Petkov (2): x86/microcode/intel: Save microcode patch unconditionally x86/microcode: Do not exit early from __reload_late() Brijesh Singh (1): crypto: ccp - add check to get PSP master only when PSP is detected Collin May (1): USB: serial: simple: add libtransistor console Cornelia Huck (1): vfio: ccw: process ssch with interrupts disabled Daniel Kurtz (1): earlycon: Use a pointer table to fix __earlycon_table stride David Henningsson (1): ALSA: core: Report audio_tstamp in snd_pcm_sync_ptr Dmitry Vyukov (1): kobject: don't use WARN for registration failures Eric Biggers (1): ext4: prevent right-shifting extents beyond EXT_MAX_BLOCKS Evan Wang (1): PCI: aardvark: Fix PCIe Max Read Request Size setting Geert Uytterhoeven (4): ARM: amba: Make driver_override output consistent with other buses ARM: amba: Fix race condition with driver_override ARM: amba: Don't read past the end of sysfs "driver_override" buffer slimbus: Fix out-of-bounds access in slim_slicesize() Gerd Hoffmann (1): drm/virtio: fix vq wait_event condition Greg Kroah-Hartman (2): Revert "xhci: plat: Register shutdown for xhci_plat" Linux 4.16.7 Hans de Goede (3): virt: vbox: Move declarations of vboxguest private functions to private header virt: vbox: Add vbg_req_free() helper function virt: vbox: Use __get_free_pages instead of kmalloc for DMA32 memory Harry Wentland (2): drm/amd/display: Don't read EDID in atomic_check drm/amd/display: Disallow enabling CRTC without primary plane with FB Heikki Krogerus (1): usb: typec: ucsi: Increase command completion timeout value Ilya Dryomov (3): libceph: un-backoff on tick when we have a authenticated session libceph: reschedule a tick in finish_hunting() libceph: validate con->state at the top of try_write() Imre Deak (1): drm/i915: Enable display WA#1183 from its correct spot Jeffery Miller (1): ALSA: pcm: Return negative delays from SNDRV_PCM_IOCTL_DELAY. Jens Axboe (1): bfq-iosched: ensure to clear bic/bfqq pointers when preparing request Jianchao Wang (1): blk-mq: start request gstate with gen 1 Joakim Tjernlund (3): mtd: cfi: cmdset_0001: Do not allow read/write to suspend erase block. mtd: cfi: cmdset_0001: Workaround Micron Erase suspend bug. mtd: cfi: cmdset_0002: Do not allow read/write to suspend erase block. Josh Poimboeuf (1): objtool, perf: Fix GCC 8 -Wrestrict error José Roberto de Souza (1): drm/i915/fbdev: Enable late fbdev initial configuration Kai-Heng Feng (1): xhci: Fix USB ports for Dell Inspiron 5775 Kailang Yang (3): ALSA: hda/realtek - Add some fixes for ALC233 ALSA: hda/realtek - Update ALC255 depop optimize ALSA: hda/realtek - change the location for one of two front mics Kamil Lulko (1): usb: core: Add quirk for HP v222w 16GB Mini Kyle Roeschley (1): USB: serial: cp210x: add ID for NI USB serial console Linus Walleij (1): ARM: dts: Fix NAS4220B pin config Long Li (2): cifs: smbd: Avoid allocating iov on the stack cifs: smbd: Don't use RDMA read/write when signing is used Lukas Czerner (1): ext4: fix bitmap position validation Mahesh Rajashekhara (1): scsi: sd: Defer spinning up drive while SANITIZE is in progress Mahesh Salgaonkar (1): powerpc/mce: Fix a bug where mce loops on memory UE. Marc Gonzalez (1): mtd: rawnand: tango: Fix struct clk memory leak Marc Zyngier (3): serial: mvebu-uart: Fix local flags handling on termios update KVM: arm/arm64: Close VMID generation race arm/arm64: KVM: Add PSCI version selection API Martijn Coenen (1): ANDROID: binder: prevent transactions into own process. Michael S. Tsirkin (6): virtio: add ability to iterate over vqs virtio_console: don't tie bufs to a vq virtio_console: free buffers after reset virtio_console: drop custom control queue cleanup virtio_console: move removal code virtio_console: reset on out of memory Mika Westerberg (1): PCI / PM: Do not clear state_saved in pci_pm_freeze() when smart suspend is set Mikita Lipski (1): drm/amd/display: Fix deadlock when flushing irq Miquel Raynal (1): mtd: rawnand: marvell: fix the chip-select DT parsing logic Nicholas Piggin (1): rtc: opal: Fix OPAL RTC driver OPAL_BUSY loops Nicolai Hähnle (1): drm/amdgpu: set COMPUTE_PGM_RSRC1 for SGPR/VGPR clearing shaders Nicolin Chen (1): ASoC: fsl_esai: Fix divisor calculation failure at lower ratio Ravi Chandra Sadineni (1): USB: Increment wakeup count on remote wakeup. Rob Gardner (1): sparc64: Fix mistake in oradax license text Shilpasri G Bhat (1): cpufreq: powernv: Fix hardlockup due to synchronous smp_call in timer interrupt Shuah Khan (4): usbip: usbip_event: fix to not print kernel pointer address usbip: usbip_host: fix to hold parent lock for device_attach() calls usbip: vhci_hcd: Fix usb device and sockfd leaks usbip: vhci_hcd: check rhport before using in vhci_hub_control() Stephan Mueller (1): crypto: drbg - set freed buffers to NULL Steve French (1): SMB311: Fix reconnect Takashi Iwai (10): ALSA: usb-audio: Skip broken EU on Dell dock USB-audio ALSA: hda - Skip jack and others for non-existing PCM streams ALSA: opl3: Hardening for potential Spectre v1 ALSA: asihpi: Hardening for potential Spectre v1 ALSA: hdspm: Hardening for potential Spectre v1 ALSA: rme9652: Hardening for potential Spectre v1 ALSA: control: Hardening for potential Spectre v1 ALSA: seq: oss: Fix unbalanced use lock for synth MIDI device ALSA: seq: oss: Hardening for potential Spectre v1 ALSA: hda: Hardening for potential Spectre v1 Takashi Sakamoto (2): ALSA: dice: fix OUI for TC group ALSA: dice: fix error path to destroy initialized stream data Tero Kristo (1): ASoC: dmic: Fix clock parenting Tetsuo Handa (3): tty: Don't call panic() at tty_ldisc_init() tty: Avoid possible error pointer dereference at tty_ldisc_restore(). tty: Use __GFP_NOFAIL for tty_ldisc_get() Theodore Ts'o (6): ext4: set h_journal if there is a failure starting a reserved handle ext4: add MODULE_SOFTDEP to ensure crc32c is included in the initramfs ext4: add validity checks for bitmap block numbers random: set up the NUMA crng instances after the CRNG is fully initialized random: fix possible sleeping allocation from irq context random: rate limit unseeded randomness warnings Thomas Gleixner (1): tick/sched: Do not mess with an enqueued hrtimer Thomas Richter (1): module: Fix display of wrong module .text address Thor Thayer (2): mtd: spi-nor: cadence-quadspi: Fix page fault kernel panic ARM: socfpga_defconfig: Remove QSPI Sector 4K size force Tony Lindgren (2): tty: n_gsm: Fix long delays with control frame timeouts in ADM mode tty: n_gsm: Fix DLCI handling for ADM mode if debug & 2 is not set Vasyl Vavrychuk (1): USB: serial: ftdi_sio: use jtag quirk for Arrow USB Blaster Victor Gu (3): PCI: aardvark: Fix logic in advk_pcie_{rd,wr}_conf() PCI: aardvark: Set PIO_ADDR_LS correctly in advk_pcie_rd_conf() PCI: aardvark: Use ISR1 instead of ISR0 interrupt in legacy irq mode Ville Syrjälä (1): drm/edid: Reset more of the display info Yazen Ghannam (1): x86/smpboot: Don't use mwait_play_dead() on AMD systems Zhengjun Xing (1): xhci: Fix Kernel oops in xhci dbgtty

6 years, 9 months

1
1
0 0

Please apply 1572e45a924f ("perf/core: Fix the perf_cpu_time ...") to v4.9.y and older

by Guenter Roeck

Hi Greg, upstream commit 1572e45a924f ("perf/core: Fix the perf_cpu_time_max_percent check") fixes CVE-2017-18255. Please apply to v4.9.y and older. The patch applies cleanly to v4.9.y and v4.4.y; I didn't check older kernels. More recent kernels are not affected. Thanks, Guenter

6 years, 9 months

2
1
0 0

Re: Patch "PCI: endpoint: Fix kernel panic after put_device()" has been added to the 4.14-stable tree

by Rolf Evers-Fischer

On Wed, May 2, 2018 at 1:49 AM <gregkh(a)linuxfoundation.org> wrote: > This is a note to let you know that I've just added the patch titled > PCI: endpoint: Fix kernel panic after put_device() > to the 4.14-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > The filename of the patch is: > pci-endpoint-fix-kernel-panic-after-put_device.patch > and it can be found in the queue-4.14 subdirectory. > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. This patch is the 2nd one of a series of patches. If you want to add it to the stable tree without the first patch, you must add a + kfree(func_name); before returning from the function. The upstream commit of the first patch is 36cc14ac14c0d49d33820a82dab52a7edc802fef PCI: endpoint: Simplify name allocation for EPF device Kind regards, Rolf > From foo@baz Tue May 1 16:18:20 PDT 2018 > From: Rolf Evers-Fischer <rolf.evers.fischer(a)aptiv.com> > Date: Wed, 28 Feb 2018 18:32:19 +0100 > Subject: PCI: endpoint: Fix kernel panic after put_device() > From: Rolf Evers-Fischer <rolf.evers.fischer(a)aptiv.com> > [ Upstream commit 9eef6a5c3b0bf90eb292d462ea267bcb6ad1c334 ] > 'put_device()' calls the relase function 'pci_epf_dev_release()', > which already frees 'epf->name' and 'epf'. > Therefore we must not free them again after 'put_device()'. > Fixes: 5e8cb4033807 ("PCI: endpoint: Add EP core layer to enable EP > controller and EP functions") > Signed-off-by: Rolf Evers-Fischer <rolf.evers.fischer(a)aptiv.com> > Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi(a)arm.com> > Acked-by: Kishon Vijay Abraham I <kishon(a)ti.com> > Reviewed-by: Andy Shevchenko <andy.shevchenko(a)gmail.com> > Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> > Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> > --- > drivers/pci/endpoint/pci-epf-core.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > --- a/drivers/pci/endpoint/pci-epf-core.c > +++ b/drivers/pci/endpoint/pci-epf-core.c > @@ -254,7 +254,7 @@ struct pci_epf *pci_epf_create(const cha > put_dev: > put_device(dev); > - kfree(epf->name); > + return ERR_PTR(ret); > free_func_name: > kfree(func_name); > Patches currently in stable-queue which might be from > rolf.evers.fischer(a)aptiv.com are > queue-4.14/pci-endpoint-fix-kernel-panic-after-put_device.patch

6 years, 9 months

2
1
0 0

[PATCH 2/4] xen/PVH: Use proper CS selector in long mode

by Boris Ostrovsky

Signed-off-by: Boris Ostrovsky <boris.ostrovsky(a)oracle.com> Cc: stable(a)vger.kernel.org --- arch/x86/xen/xen-pvh.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/xen/xen-pvh.S b/arch/x86/xen/xen-pvh.S index 934f7d4..373fef0 100644 --- a/arch/x86/xen/xen-pvh.S +++ b/arch/x86/xen/xen-pvh.S @@ -93,7 +93,7 @@ ENTRY(pvh_start_xen) mov %eax, %cr0 /* Jump to 64-bit mode. */ - ljmp $__KERNEL_CS, $_pa(1f) + ljmp $__BOOT_CS, $_pa(1f) /* 64-bit entry point. */ .code64 -- 2.9.3

6 years, 9 months

3
6
0 0

Re: Patch "mm, mlock, vmscan: no more skipping pagevecs" has been added to the 4.14-stable tree

by Shakeel Butt

On Tue, May 1, 2018 at 4:52 PM <gregkh(a)linuxfoundation.org> wrote: > This is a note to let you know that I've just added the patch titled > mm, mlock, vmscan: no more skipping pagevecs > to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > The filename of the patch is: > mm-mlock-vmscan-no-more-skipping-pagevecs.patch > and it can be found in the queue-4.14 subdirectory. > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. I would advise not to include this patch in the previous stable trees. This patch does not fix any critical bug and for some very specific microbenchmarks on very large machines, it has shown performance regression. So, I don't think it is worth the risk. > From foo@baz Tue May 1 16:18:19 PDT 2018 > From: Shakeel Butt <shakeelb(a)google.com> > Date: Wed, 21 Feb 2018 14:45:28 -0800 > Subject: mm, mlock, vmscan: no more skipping pagevecs > From: Shakeel Butt <shakeelb(a)google.com> > [ Upstream commit 9c4e6b1a7027f102990c0395296015a812525f4d ] > When a thread mlocks an address space backed either by file pages which > are currently not present in memory or swapped out anon pages (not in > swapcache), a new page is allocated and added to the local pagevec > (lru_add_pvec), I/O is triggered and the thread then sleeps on the page. > On I/O completion, the thread can wake on a different CPU, the mlock > syscall will then sets the PageMlocked() bit of the page but will not be > able to put that page in unevictable LRU as the page is on the pagevec > of a different CPU. Even on drain, that page will go to evictable LRU > because the PageMlocked() bit is not checked on pagevec drain. > The page will eventually go to right LRU on reclaim but the LRU stats > will remain skewed for a long time. > This patch puts all the pages, even unevictable, to the pagevecs and on > the drain, the pages will be added on their LRUs correctly by checking > their evictability. This resolves the mlocked pages on pagevec of other > CPUs issue because when those pagevecs will be drained, the mlocked file > pages will go to unevictable LRU. Also this makes the race with munlock > easier to resolve because the pagevec drains happen in LRU lock. > However there is still one place which makes a page evictable and does > PageLRU check on that page without LRU lock and needs special attention. > TestClearPageMlocked() and isolate_lru_page() in clear_page_mlock(). > #0: __pagevec_lru_add_fn #1: clear_page_mlock > SetPageLRU() if (!TestClearPageMlocked()) > return > smp_mb() // <--required > // inside does PageLRU > if (!PageMlocked()) if (isolate_lru_page()) > move to evictable LRU putback_lru_page() > else > move to unevictable LRU > In '#1', TestClearPageMlocked() provides full memory barrier semantics > and thus the PageLRU check (inside isolate_lru_page) can not be > reordered before it. > In '#0', without explicit memory barrier, the PageMlocked() check can be > reordered before SetPageLRU(). If that happens, '#0' can put a page in > unevictable LRU and '#1' might have just cleared the Mlocked bit of that > page but fails to isolate as PageLRU fails as '#0' still hasn't set > PageLRU bit of that page. That page will be stranded on the unevictable > LRU. > There is one (good) side effect though. Without this patch, the pages > allocated for System V shared memory segment are added to evictable LRUs > even after shmctl(SHM_LOCK) on that segment. This patch will correctly > put such pages to unevictable LRU. > Link: http://lkml.kernel.org/r/20171121211241.18877-1-shakeelb@google.com > Signed-off-by: Shakeel Butt <shakeelb(a)google.com> > Acked-by: Vlastimil Babka <vbabka(a)suse.cz> > Cc: Jérôme Glisse <jglisse(a)redhat.com> > Cc: Huang Ying <ying.huang(a)intel.com> > Cc: Tim Chen <tim.c.chen(a)linux.intel.com> > Cc: Michal Hocko <mhocko(a)kernel.org> > Cc: Greg Thelen <gthelen(a)google.com> > Cc: Johannes Weiner <hannes(a)cmpxchg.org> > Cc: Balbir Singh <bsingharora(a)gmail.com> > Cc: Minchan Kim <minchan(a)kernel.org> > Cc: Shaohua Li <shli(a)fb.com> > Cc: Jan Kara <jack(a)suse.cz> > Cc: Nicholas Piggin <npiggin(a)gmail.com> > Cc: Dan Williams <dan.j.williams(a)intel.com> > Cc: Mel Gorman <mgorman(a)suse.de> > Cc: Hugh Dickins <hughd(a)google.com> > Cc: Vlastimil Babka <vbabka(a)suse.cz> > Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> > Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> > Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> > Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> > --- > include/linux/swap.h | 2 - > mm/mlock.c | 6 +++ > mm/swap.c | 82 +++++++++++++++++++++++++++++---------------------- > mm/vmscan.c | 59 ------------------------------------ > 4 files changed, 54 insertions(+), 95 deletions(-) > --- a/include/linux/swap.h > +++ b/include/linux/swap.h > @@ -326,8 +326,6 @@ extern void deactivate_file_page(struct > extern void mark_page_lazyfree(struct page *page); > extern void swap_setup(void); > -extern void add_page_to_unevictable_list(struct page *page); > - > extern void lru_cache_add_active_or_unevictable(struct page *page, > struct vm_area_struct *vma); > --- a/mm/mlock.c > +++ b/mm/mlock.c > @@ -64,6 +64,12 @@ void clear_page_mlock(struct page *page) > mod_zone_page_state(page_zone(page), NR_MLOCK, > -hpage_nr_pages(page)); > count_vm_event(UNEVICTABLE_PGCLEARED); > + /* > + * The previous TestClearPageMlocked() corresponds to the smp_mb() > + * in __pagevec_lru_add_fn(). > + * > + * See __pagevec_lru_add_fn for more explanation. > + */ > if (!isolate_lru_page(page)) { > putback_lru_page(page); > } else { > --- a/mm/swap.c > +++ b/mm/swap.c > @@ -446,30 +446,6 @@ void lru_cache_add(struct page *page) > } > /** > - * add_page_to_unevictable_list - add a page to the unevictable list > - * @page: the page to be added to the unevictable list > - * > - * Add page directly to its zone's unevictable list. To avoid races with > - * tasks that might be making the page evictable, through eg. munlock, > - * munmap or exit, while it's not on the lru, we want to add the page > - * while it's locked or otherwise "invisible" to other tasks. This is > - * difficult to do when using the pagevec cache, so bypass that. > - */ > -void add_page_to_unevictable_list(struct page *page) > -{ > - struct pglist_data *pgdat = page_pgdat(page); > - struct lruvec *lruvec; > - > - spin_lock_irq(&pgdat->lru_lock); > - lruvec = mem_cgroup_page_lruvec(page, pgdat); > - ClearPageActive(page); > - SetPageUnevictable(page); > - SetPageLRU(page); > - add_page_to_lru_list(page, lruvec, LRU_UNEVICTABLE); > - spin_unlock_irq(&pgdat->lru_lock); > -} > - > -/** > * lru_cache_add_active_or_unevictable > * @page: the page to be added to LRU > * @vma: vma in which page is mapped for determining reclaimability > @@ -484,13 +460,9 @@ void lru_cache_add_active_or_unevictable > { > VM_BUG_ON_PAGE(PageLRU(page), page); > - if (likely((vma->vm_flags & (VM_LOCKED | VM_SPECIAL)) != VM_LOCKED)) { > + if (likely((vma->vm_flags & (VM_LOCKED | VM_SPECIAL)) != VM_LOCKED)) > SetPageActive(page); > - lru_cache_add(page); > - return; > - } > - > - if (!TestSetPageMlocked(page)) { > + else if (!TestSetPageMlocked(page)) { > /* > * We use the irq-unsafe __mod_zone_page_stat because this > * counter is not modified from interrupt context, and the pte > @@ -500,7 +472,7 @@ void lru_cache_add_active_or_unevictable > hpage_nr_pages(page)); > count_vm_event(UNEVICTABLE_PGMLOCKED); > } > - add_page_to_unevictable_list(page); > + lru_cache_add(page); > } > /* > @@ -883,15 +855,55 @@ void lru_add_page_tail(struct page *page > static void __pagevec_lru_add_fn(struct page *page, struct lruvec *lruvec, > void *arg) > { > - int file = page_is_file_cache(page); > - int active = PageActive(page); > - enum lru_list lru = page_lru(page); > + enum lru_list lru; > + int was_unevictable = TestClearPageUnevictable(page); > VM_BUG_ON_PAGE(PageLRU(page), page); > SetPageLRU(page); > + /* > + * Page becomes evictable in two ways: > + * 1) Within LRU lock [munlock_vma_pages() and __munlock_pagevec()]. > + * 2) Before acquiring LRU lock to put the page to correct LRU and then > + * a) do PageLRU check with lock [check_move_unevictable_pages] > + * b) do PageLRU check before lock [clear_page_mlock] > + * > + * (1) & (2a) are ok as LRU lock will serialize them. For (2b), we need > + * following strict ordering: > + * > + * #0: __pagevec_lru_add_fn #1: clear_page_mlock > + * > + * SetPageLRU() TestClearPageMlocked() > + * smp_mb() // explicit ordering // above provides strict > + * // ordering > + * PageMlocked() PageLRU() > + * > + * > + * if '#1' does not observe setting of PG_lru by '#0' and fails > + * isolation, the explicit barrier will make sure that page_evictable > + * check will put the page in correct LRU. Without smp_mb(), SetPageLRU > + * can be reordered after PageMlocked check and can make '#1' to fail > + * the isolation of the page whose Mlocked bit is cleared (#0 is also > + * looking at the same page) and the evictable page will be stranded > + * in an unevictable LRU. > + */ > + smp_mb(); > + > + if (page_evictable(page)) { > + lru = page_lru(page); > + update_page_reclaim_stat(lruvec, page_is_file_cache(page), > + PageActive(page)); > + if (was_unevictable) > + count_vm_event(UNEVICTABLE_PGRESCUED); > + } else { > + lru = LRU_UNEVICTABLE; > + ClearPageActive(page); > + SetPageUnevictable(page); > + if (!was_unevictable) > + count_vm_event(UNEVICTABLE_PGCULLED); > + } > + > add_page_to_lru_list(page, lruvec, lru); > - update_page_reclaim_stat(lruvec, file, active); > trace_mm_lru_insertion(page, lru); > } > --- a/mm/vmscan.c > +++ b/mm/vmscan.c > @@ -790,64 +790,7 @@ int remove_mapping(struct address_space > */ > void putback_lru_page(struct page *page) > { > - bool is_unevictable; > - int was_unevictable = PageUnevictable(page); > - > - VM_BUG_ON_PAGE(PageLRU(page), page); > - > -redo: > - ClearPageUnevictable(page); > - > - if (page_evictable(page)) { > - /* > - * For evictable pages, we can use the cache. > - * In event of a race, worst case is we end up with an > - * unevictable page on [in]active list. > - * We know how to handle that. > - */ > - is_unevictable = false; > - lru_cache_add(page); > - } else { > - /* > - * Put unevictable pages directly on zone's unevictable > - * list. > - */ > - is_unevictable = true; > - add_page_to_unevictable_list(page); > - /* > - * When racing with an mlock or AS_UNEVICTABLE clearing > - * (page is unlocked) make sure that if the other thread > - * does not observe our setting of PG_lru and fails > - * isolation/check_move_unevictable_pages, > - * we see PG_mlocked/AS_UNEVICTABLE cleared below and move > - * the page back to the evictable list. > - * > - * The other side is TestClearPageMlocked() or shmem_lock(). > - */ > - smp_mb(); > - } > - > - /* > - * page's status can change while we move it among lru. If an evictable > - * page is on unevictable list, it never be freed. To avoid that, > - * check after we added it to the list, again. > - */ > - if (is_unevictable && page_evictable(page)) { > - if (!isolate_lru_page(page)) { > - put_page(page); > - goto redo; > - } > - /* This means someone else dropped this page from LRU > - * So, it will be freed or putback to LRU again. There is > - * nothing to do here. > - */ > - } > - > - if (was_unevictable && !is_unevictable) > - count_vm_event(UNEVICTABLE_PGRESCUED); > - else if (!was_unevictable && is_unevictable) > - count_vm_event(UNEVICTABLE_PGCULLED); > - > + lru_cache_add(page); > put_page(page); /* drop ref from isolate */ > } > Patches currently in stable-queue which might be from shakeelb(a)google.com are > queue-4.14/mm-slab-memcg_link-the-slab-s-kmem_cache.patch > queue-4.14/mm-mlock-vmscan-no-more-skipping-pagevecs.patch

6 years, 9 months

2
1
0 0

[PATCH 1/4] xen/PVH: Replace GDT_ENTRY with explicit constant

by Boris Ostrovsky

Latest binutils release (2.29.1) will no longer allow proper computation of GDT entries on 32-bits, with warning: arch/x86/xen/xen-pvh.S: Assembler messages: arch/x86/xen/xen-pvh.S:150: Warning: shift count out of range (32 is not between 0 and 31) arch/x86/xen/xen-pvh.S:150: Warning: shift count out of range (40 is not between 0 and 31) arch/x86/xen/xen-pvh.S:150: Warning: shift count out of range (32 is not between 0 and 31) arch/x86/xen/xen-pvh.S:152: Warning: shift count out of range (32 is not between 0 and 31) arch/x86/xen/xen-pvh.S:152: Warning: shift count out of range (40 is not between 0 and 31) arch/x86/xen/xen-pvh.S:152: Warning: shift count out of range (32 is not between 0 and 31) Use explicit value of the entry instead of using GDT_ENTRY() macro. Signed-off-by: Boris Ostrovsky <boris.ostrovsky(a)oracle.com> Cc: stable(a)vger.kernel.org --- arch/x86/xen/xen-pvh.S | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/x86/xen/xen-pvh.S b/arch/x86/xen/xen-pvh.S index e1a5fbe..934f7d4 100644 --- a/arch/x86/xen/xen-pvh.S +++ b/arch/x86/xen/xen-pvh.S @@ -145,11 +145,11 @@ gdt_start: .quad 0x0000000000000000 /* NULL descriptor */ .quad 0x0000000000000000 /* reserved */ #ifdef CONFIG_X86_64 - .quad GDT_ENTRY(0xa09a, 0, 0xfffff) /* __KERNEL_CS */ + .quad 0x00af9a000000ffff /* __BOOT_CS */ #else - .quad GDT_ENTRY(0xc09a, 0, 0xfffff) /* __KERNEL_CS */ + .quad 0x00cf9a000000ffff /* __BOOT_CS */ #endif - .quad GDT_ENTRY(0xc092, 0, 0xfffff) /* __KERNEL_DS */ + .quad 0x00cf92000000ffff /* __BOOT_DS */ gdt_end: .balign 4 -- 2.9.3

6 years, 9 months

4
8
0 0

[PATCH v3] module: Fix display of wrong module .text address

by Thomas Richter

Reading file /proc/modules shows the correct address: [root@s35lp76 ~]# cat /proc/modules | egrep '^qeth_l2' qeth_l2 94208 1 - Live 0x000003ff80401000 and reading file /sys/module/qeth_l2/sections/.text [root@s35lp76 ~]# cat /sys/module/qeth_l2/sections/.text 0x0000000018ea8363 displays a random address. This breaks the perf tool which uses this address on s390 to calculate start of .text section in memory. Fix this by printing the correct (unhashed) address. Thanks to Jessica Yu for helping on this. Fixes: ef0010a30935 ("vsprintf: don't use 'restricted_pointer()' when not restricting") Cc: <stable(a)vger.kernel.org> # v4.15+ Suggested-by: Linus Torvalds <torvalds(a)linux-foundation.org> Signed-off-by: Thomas Richter <tmricht(a)linux.ibm.com> Cc: Jessica Yu <jeyu(a)kernel.org> --- kernel/module.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/kernel/module.c b/kernel/module.c index a6e43a5806a1..40b42000bd80 100644 --- a/kernel/module.c +++ b/kernel/module.c @@ -1472,7 +1472,8 @@ static ssize_t module_sect_show(struct module_attribute *mattr, { struct module_sect_attr *sattr = container_of(mattr, struct module_sect_attr, mattr); - return sprintf(buf, "0x%pK\n", (void *)sattr->address); + return sprintf(buf, "0x%px\n", kptr_restrict < 2 ? + (void *)sattr->address : NULL); } static void free_sect_attrs(struct module_sect_attrs *sect_attrs) -- 2.14.3

6 years, 9 months

6
7
0 0

[PATCH] ext4: fix bitmap position validation

by Lukas Czerner

Currently in ext4_valid_block_bitmap() we expect the bitmap to be positioned anywhere between 0 and s_blocksize clusters, but that's wrong because the bitmap can be placed anywhere in the block group. This causes false positives when validating bitmaps on perfectly valid file system layouts. Fix it by checking whether the bitmap is within the group boundary. The problem can be reproduced using the following mkfs -t ext3 -E stride=256 /dev/vdb1 mount /dev/vdb1 /mnt/test cd /mnt/test wget https://cdn.kernel.org/pub/linux/kernel/v4.x/linux-4.16.3.tar.xz tar xf linux-4.16.3.tar.xz This will result in the warnings in the logs EXT4-fs error (device vdb1): ext4_validate_block_bitmap:399: comm tar: bg 84: block 2774529: invalid block bitmap Signed-off-by: Lukas Czerner <lczerner(a)redhat.com> Reported-by: Ilya Dryomov <idryomov(a)gmail.com> Fixes: 7dac4a1726a9 ("ext4: add validity checks for bitmap block numbers") Cc: stable(a)vger.kernel.org --- fs/ext4/balloc.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/fs/ext4/balloc.c b/fs/ext4/balloc.c index a33d8fb..0c0e383 100644 --- a/fs/ext4/balloc.c +++ b/fs/ext4/balloc.c @@ -338,7 +338,8 @@ static ext4_fsblk_t ext4_valid_block_bitmap(struct super_block *sb, /* check whether block bitmap block number is set */ blk = ext4_block_bitmap(sb, desc); offset = blk - group_first_block; - if (offset < 0 || EXT4_B2C(sbi, offset) >= sb->s_blocksize || + if (offset < 0 || + EXT4_B2C(sbi, offset) >= EXT4_CLUSTERS_PER_GROUP(sb) || !ext4_test_bit(EXT4_B2C(sbi, offset), bh->b_data)) /* bad block bitmap */ return blk; @@ -346,7 +347,8 @@ static ext4_fsblk_t ext4_valid_block_bitmap(struct super_block *sb, /* check whether the inode bitmap block number is set */ blk = ext4_inode_bitmap(sb, desc); offset = blk - group_first_block; - if (offset < 0 || EXT4_B2C(sbi, offset) >= sb->s_blocksize || + if (offset < 0 || + EXT4_B2C(sbi, offset) >= EXT4_CLUSTERS_PER_GROUP(sb) || !ext4_test_bit(EXT4_B2C(sbi, offset), bh->b_data)) /* bad block bitmap */ return blk; @@ -354,8 +356,8 @@ static ext4_fsblk_t ext4_valid_block_bitmap(struct super_block *sb, /* check whether the inode table block number is set */ blk = ext4_inode_table(sb, desc); offset = blk - group_first_block; - if (offset < 0 || EXT4_B2C(sbi, offset) >= sb->s_blocksize || - EXT4_B2C(sbi, offset + sbi->s_itb_per_group) >= sb->s_blocksize) + if (offset < 0 || EXT4_B2C(sbi, offset + sbi->s_itb_per_group) >= + EXT4_CLUSTERS_PER_GROUP(sb)) return blk; next_zero_bit = ext4_find_next_zero_bit(bh->b_data, EXT4_B2C(sbi, offset + sbi->s_itb_per_group), -- 2.7.5

6 years, 9 months

2
5
0 0

[PATCH] USB: serial: option: adding support for ublox R410M

by SZ Lin (林上智)

This patch adds support for ublox R410M PID 0x90b2 USB modem to option driver, this module supports LTE Cat M1 / NB1. Interface layout: 0: QCDM/DIAG 1: ADB 2: AT 3: RMNET Signed-off-by: SZ Lin (林上智) <sz.lin(a)moxa.com> Cc: stable <stable(a)vger.kernel.org> --- Please refer to following lsusb output: Bus 001 Device 003: ID 05c6:90b2 Qualcomm, Inc. Device Descriptor: bLength 18 bDescriptorType 1 bcdUSB 2.00 bDeviceClass 0 (Defined at Interface level) bDeviceSubClass 0 bDeviceProtocol 0 bMaxPacketSize0 64 idVendor 0x05c6 Qualcomm, Inc. idProduct 0x90b2 bcdDevice 0.00 iManufacturer 3 Qualcomm, Incorporated iProduct 2 Qualcomm CDMA Technologies MSM iSerial 4 fb854106 bNumConfigurations 1 Configuration Descriptor: bLength 9 bDescriptorType 2 wTotalLength 108 bNumInterfaces 4 bConfigurationValue 1 iConfiguration 1 Qualcomm Configuration bmAttributes 0xe0 Self Powered Remote Wakeup MaxPower 500mA Interface Descriptor: bLength 9 bDescriptorType 4 bInterfaceNumber 0 bAlternateSetting 0 bNumEndpoints 2 bInterfaceClass 255 Vendor Specific Class bInterfaceSubClass 255 Vendor Specific Subclass bInterfaceProtocol 255 Vendor Specific Protocol iInterface 0 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x81 EP 1 IN bmAttributes 2 Transfer Type Bulk Synch Type None Usage Type Data wMaxPacketSize 0x0200 1x 512 bytes bInterval 0 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x01 EP 1 OUT bmAttributes 2 Transfer Type Bulk Synch Type None Usage Type Data wMaxPacketSize 0x0200 1x 512 bytes bInterval 0 Interface Descriptor: bLength 9 bDescriptorType 4 bInterfaceNumber 1 bAlternateSetting 0 bNumEndpoints 1 bInterfaceClass 255 Vendor Specific Class bInterfaceSubClass 255 Vendor Specific Subclass bInterfaceProtocol 255 Vendor Specific Protocol iInterface 0 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x82 EP 2 IN bmAttributes 2 Transfer Type Bulk Synch Type None Usage Type Data wMaxPacketSize 0x0200 1x 512 bytes bInterval 0 Interface Descriptor: bLength 9 bDescriptorType 4 bInterfaceNumber 2 bAlternateSetting 0 bNumEndpoints 3 bInterfaceClass 255 Vendor Specific Class bInterfaceSubClass 255 Vendor Specific Subclass bInterfaceProtocol 255 Vendor Specific Protocol iInterface 0 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x83 EP 3 IN bmAttributes 3 Transfer Type Interrupt Synch Type None Usage Type Data wMaxPacketSize 0x0040 1x 64 bytes bInterval 5 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x84 EP 4 IN bmAttributes 2 Transfer Type Bulk Synch Type None Usage Type Data wMaxPacketSize 0x0200 1x 512 bytes bInterval 0 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x02 EP 2 OUT bmAttributes 2 Transfer Type Bulk Synch Type None Usage Type Data wMaxPacketSize 0x0200 1x 512 bytes bInterval 0 Interface Descriptor: bLength 9 bDescriptorType 4 bInterfaceNumber 3 bAlternateSetting 0 bNumEndpoints 3 bInterfaceClass 255 Vendor Specific Class bInterfaceSubClass 255 Vendor Specific Subclass bInterfaceProtocol 255 Vendor Specific Protocol iInterface 0 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x85 EP 5 IN bmAttributes 3 Transfer Type Interrupt Synch Type None Usage Type Data wMaxPacketSize 0x0040 1x 64 bytes bInterval 5 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x86 EP 6 IN bmAttributes 2 Transfer Type Bulk Synch Type None Usage Type Data wMaxPacketSize 0x0200 1x 512 bytes bInterval 0 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x03 EP 3 OUT bmAttributes 2 Transfer Type Bulk Synch Type None Usage Type Data wMaxPacketSize 0x0200 1x 512 bytes bInterval 0 Device Qualifier (for other device speed): bLength 10 bDescriptorType 6 bcdUSB 2.00 bDeviceClass 0 (Defined at Interface level) bDeviceSubClass 0 bDeviceProtocol 0 bMaxPacketSize0 64 bNumConfigurations 1 Device Status: 0x0000 (Bus Powered) --- drivers/usb/serial/option.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c index f0c3612467a3..184691caee64 100644 --- a/drivers/usb/serial/option.c +++ b/drivers/usb/serial/option.c @@ -233,6 +233,8 @@ static void option_instat_callback(struct urb *urb); /* These Quectel products use Qualcomm's vendor ID */ #define QUECTEL_PRODUCT_UC20 0x9003 #define QUECTEL_PRODUCT_UC15 0x9090 +/* These ublox products use Qualcomm's vendor ID */ +#define UBLOX_PRODUCT_R410M 0x90b2 /* These Yuga products use Qualcomm's vendor ID */ #define YUGA_PRODUCT_CLM920_NC5 0x9625 @@ -1065,6 +1067,9 @@ static const struct usb_device_id option_ids[] = { /* Yuga products use Qualcomm vendor ID */ { USB_DEVICE(QUALCOMM_VENDOR_ID, YUGA_PRODUCT_CLM920_NC5), .driver_info = RSVD(1) | RSVD(4) }, + /* ublox products use Qualcomm vendor ID */ + { USB_DEVICE(QUALCOMM_VENDOR_ID, UBLOX_PRODUCT_R410M), + .driver_info = RSVD(1) | RSVD(3) }, /* Quectel products using Quectel vendor ID */ { USB_DEVICE(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EC21), .driver_info = RSVD(4) }, -- 2.17.0

6 years, 9 months

6
12
0 0

[PATCH 0/6] Fix XSA-155-like bugs in frontend drivers

by Marek Marczykowski-Górecki

Patches in original Xen Security Advisory 155 cared only about backend drivers while leaving frontend patches to be "developed and released (publicly) after the embargo date". This is said series. Marek Marczykowski-Górecki (6): xen: Add RING_COPY_RESPONSE() xen-netfront: copy response out of shared buffer before accessing it xen-netfront: do not use data already exposed to backend xen-netfront: add range check for Tx response id xen-blkfront: make local copy of response before using it xen-blkfront: prepare request locally, only then put it on the shared ring drivers/block/xen-blkfront.c | 110 ++++++++++++++++++--------------- drivers/net/xen-netfront.c | 61 +++++++++--------- include/xen/interface/io/ring.h | 14 ++++- 3 files changed, 106 insertions(+), 79 deletions(-) base-commit: 6d08b06e67cd117f6992c46611dfb4ce267cd71e -- git-series 0.9.1

6 years, 9 months

5
13
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror May 2018