June 2018 - Linux-stable-mirror

FAILED: patch "[PATCH] x86/mce: Fix incorrect "Machine check from unknown source"" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 40c36e2741d7fe1e66d6ec55477ba5fd19c9c5d2 Mon Sep 17 00:00:00 2001 From: Tony Luck <tony.luck(a)intel.com> Date: Fri, 22 Jun 2018 11:54:23 +0200 Subject: [PATCH] x86/mce: Fix incorrect "Machine check from unknown source" message Some injection testing resulted in the following console log: mce: [Hardware Error]: CPU 22: Machine Check Exception: f Bank 1: bd80000000100134 mce: [Hardware Error]: RIP 10:<ffffffffc05292dd> {pmem_do_bvec+0x11d/0x330 [nd_pmem]} mce: [Hardware Error]: TSC c51a63035d52 ADDR 3234bc4000 MISC 88 mce: [Hardware Error]: PROCESSOR 0:50654 TIME 1526502199 SOCKET 0 APIC 38 microcode 2000043 mce: [Hardware Error]: Run the above through 'mcelog --ascii' Kernel panic - not syncing: Machine check from unknown source This confused everybody because the first line quite clearly shows that we found a logged error in "Bank 1", while the last line says "unknown source". The problem is that the Linux code doesn't do the right thing for a local machine check that results in a fatal error. It turns out that we know very early in the handler whether the machine check is fatal. The call to mce_no_way_out() has checked all the banks for the CPU that took the local machine check. If it says we must crash, we can do so right away with the right messages. We do scan all the banks again. This means that we might initially not see a problem, but during the second scan find something fatal. If this happens we print a slightly different message (so I can see if it actually every happens). [ bp: Remove unneeded severity assignment. ] Signed-off-by: Tony Luck <tony.luck(a)intel.com> Signed-off-by: Borislav Petkov <bp(a)suse.de> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: Ashok Raj <ashok.raj(a)intel.com> Cc: Dan Williams <dan.j.williams(a)intel.com> Cc: Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> Cc: linux-edac <linux-edac(a)vger.kernel.org> Cc: stable(a)vger.kernel.org # 4.2 Link: http://lkml.kernel.org/r/52e049a497e86fd0b71c529651def8871c804df0.152728389… diff --git a/arch/x86/kernel/cpu/mcheck/mce.c b/arch/x86/kernel/cpu/mcheck/mce.c index 7e6f51a9d917..e93670d736a6 100644 --- a/arch/x86/kernel/cpu/mcheck/mce.c +++ b/arch/x86/kernel/cpu/mcheck/mce.c @@ -1207,13 +1207,18 @@ void do_machine_check(struct pt_regs *regs, long error_code) lmce = m.mcgstatus & MCG_STATUS_LMCES; /* + * Local machine check may already know that we have to panic. + * Broadcast machine check begins rendezvous in mce_start() * Go through all banks in exclusion of the other CPUs. This way we * don't report duplicated events on shared banks because the first one - * to see it will clear it. If this is a Local MCE, then no need to - * perform rendezvous. + * to see it will clear it. */ - if (!lmce) + if (lmce) { + if (no_way_out) + mce_panic("Fatal local machine check", &m, msg); + } else { order = mce_start(&no_way_out); + } for (i = 0; i < cfg->banks; i++) { __clear_bit(i, toclear); @@ -1289,12 +1294,17 @@ void do_machine_check(struct pt_regs *regs, long error_code) no_way_out = worst >= MCE_PANIC_SEVERITY; } else { /* - * Local MCE skipped calling mce_reign() - * If we found a fatal error, we need to panic here. + * If there was a fatal machine check we should have + * already called mce_panic earlier in this function. + * Since we re-read the banks, we might have found + * something new. Check again to see if we found a + * fatal error. We call "mce_severity()" again to + * make sure we have the right "msg". */ - if (worst >= MCE_PANIC_SEVERITY && mca_cfg.tolerant < 3) - mce_panic("Machine check from unknown source", - NULL, NULL); + if (worst >= MCE_PANIC_SEVERITY && mca_cfg.tolerant < 3) { + mce_severity(&m, cfg->tolerant, &msg, true); + mce_panic("Local fatal machine check!", &m, msg); + } } /*

6 years, 7 months

3
4
0 0

[GIT PULL] commits for Linux 3.18

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 3.18 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit b0b357c20ca6171b8ac698351f5202402b7ad7d5: Linux 3.18.112 (2018-05-30 22:08:04 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-3.18-20062018 for you to fetch changes up to b73b55ee0dd09bb24fa6a4fee94b21d97dbc51ba: net/sonic: Use dma_mapping_error() (2018-06-07 15:40:45 -0400) - ---------------------------------------------------------------- for-greg-3.18-20062018 - ---------------------------------------------------------------- Finn Thain (1): net/sonic: Use dma_mapping_error() Ivan Bornyakov (1): atm: zatm: fix memcmp casting Josh Hill (1): net: qmi_wwan: Add Netgear Aircard 779S Paolo Abeni (1): netfilter: ebtables: handle string from userspace with care drivers/atm/zatm.c | 4 ++-- drivers/net/ethernet/natsemi/sonic.c | 2 +- drivers/net/usb/qmi_wwan.c | 1 + net/bridge/netfilter/ebtables.c | 3 ++- 4 files changed, 6 insertions(+), 4 deletions(-) -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlsrD34ACgkQ3qZv95d3 LNxyQA//Td2TjwiNv4O7a5DTBTY11L1m/4aM/Sg9AR3yUtykiIfatVi5rAwdKzXl ZBhutqVj7eK7STEyNfvqT0p/qwzoXWQUMSq0BpaH+D6Vfcvo3WNfXSdwODVsYy7D d8N814Libu3zUHj4x+KXp2og8SCKqAYNgyBhd45bnrRUVbq/UQPcZsXqDSUIX6WK RHkGU96VogA/4VEdD8Tiv9wX86L4PTQwve+GpYdxRc6Cc5rAuu3tS1BQgl50nfSU MSgorHcL+RO9wWu/Ij6L1SDOgNfxrk9b9DPt9Jahm5NeF+et5t/vLuJ804osJRYE dbXk6NQ+8EMQmgCOdDKUZhiHjN6ztk2NMsqmQb1z9hsPB+5gmmPMP2vZVA0BUyjl UZVQcRwYC1+s/bOb/uqhvBD4DH5pj76hMMkz10rR8pAvVRCvoBGFU9uwtSlu3gZo 24xHREUUSrpecc61tUq3QyomzlUZUQgyvkU8GnqD+2vhiJfsuyZ33AfjVmwEl+Vn 37qgenBJLBKhXzDxOMqg+xg0mUGo63CQeIx2ERSp3DiTHOElOWJINu5MVZQYKC8w rxSBacxj+5w24IM/OxNpWZ3PAoUSlAAvmkPiQJ5Aavw0StpqvNHN+DElmLf6eVrl 2Q5ZnkFhUOB2xSRkCYpkRhq9GZWGLkWjn4ePToil4z1+X13T6Zs= =mpuV -----END PGP SIGNATURE-----

6 years, 7 months

2
1
0 0

[GIT PULL] commits for Linux 4.14

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.14 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 2c6025ebc7fd8e0a8ca785d778dc6ae25225744b: Linux 4.14.48 (2018-06-05 11:42:00 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.14-20062018 for you to fetch changes up to 5cca1f6fec1180fca1be5bc6f5068b96832646db: net: usb: cdc_mbim: add flag FLAG_SEND_ZLP (2018-06-06 23:16:01 -0400) - ---------------------------------------------------------------- for-greg-4.14-20062018 - ---------------------------------------------------------------- Alexander Duyck (1): net-sysfs: Fix memory leak in XPS configuration Damien ThÃ©bault (1): net: dsa: b53: Add BCM5389 support Daniele Palmas (1): net: usb: cdc_mbim: add flag FLAG_SEND_ZLP Darrick J. Wong (1): fs: clear writeback errors in inode_init_always David Howells (1): afs: Fix directory permissions check Eric Dumazet (1): xfrm6: avoid potential infinite loop in _decode_session6() Finn Thain (1): net/sonic: Use dma_mapping_error() Hao Wei Tee (1): iwlwifi: pcie: compare with number of IRQs requested for, not number of CPUs Ivan Bornyakov (1): atm: zatm: fix memcmp casting Josh Hill (1): net: qmi_wwan: Add Netgear Aircard 779S JoÃ£o Paulo Rechi Vita (1): platform/x86: asus-wmi: Fix NULL pointer dereference Julian Anastasov (1): ipvs: fix buffer overflow with sync daemon and service Kirill Tkhai (1): kcm: Fix use-after-free caused by clonned sockets Mathieu Xhonneux (1): ipv6: sr: fix memory OOB access in seg6_do_srh_encap/inline Pablo Neira Ayuso (1): netfilter: nft_limit: fix packet ratelimiting Paolo Abeni (1): netfilter: ebtables: handle string from userspace with care Paul Burton (1): sched/core: Require cpu_active() in select_task_rq(), for user tasks Peter Zijlstra (1): sched/core: Fix rules for running on online && !active CPUs Sebastian Ott (1): s390/dasd: use blk_mq_rq_from_pdu for per request data Suresh Reddy (1): be2net: Fix error detection logic for BE3 Taehee Yoo (3): netfilter: nf_tables: fix NULL pointer dereference on nft_ct_helper_obj_dump() netfilter: nft_meta: fix wrong value dereference in nft_meta_set_eval netfilter: nf_tables: increase nft_counters_enabled in nft_chain_stats_replace() Thomas Richter (1): perf test: "Session topology" dumps core on s390 YueHaibing (1): perf bpf: Fix NULL return handling in bpf__prepare_load() Documentation/devicetree/bindings/net/dsa/b53.txt | 1 + drivers/atm/zatm.c | 4 +- drivers/net/dsa/b53/b53_common.c | 13 +++++++ drivers/net/dsa/b53/b53_mdio.c | 5 ++- drivers/net/dsa/b53/b53_priv.h | 1 + drivers/net/ethernet/emulex/benet/be_main.c | 4 +- drivers/net/ethernet/natsemi/sonic.c | 2 +- drivers/net/usb/cdc_mbim.c | 2 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/wireless/intel/iwlwifi/pcie/trans.c | 10 ++--- drivers/platform/x86/asus-wmi.c | 23 +++++++----- drivers/s390/block/dasd.c | 7 +++- fs/afs/security.c | 10 ++--- fs/inode.c | 1 + kernel/sched/core.c | 45 ++++++++++++++++------- net/bridge/netfilter/ebtables.c | 3 +- net/core/net-sysfs.c | 6 +-- net/ipv6/seg6_iptunnel.c | 4 +- net/ipv6/xfrm6_policy.c | 2 +- net/kcm/kcmsock.c | 2 +- net/netfilter/ipvs/ip_vs_ctl.c | 21 ++++++++--- net/netfilter/nf_tables_api.c | 4 +- net/netfilter/nft_ct.c | 20 ++++++---- net/netfilter/nft_limit.c | 38 ++++++++++++------- net/netfilter/nft_meta.c | 14 ++++--- tools/perf/tests/topology.c | 30 ++++++++++++--- tools/perf/util/bpf-loader.c | 6 +-- 27 files changed, 183 insertions(+), 96 deletions(-) -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlsrD0EACgkQ3qZv95d3 LNykIRAAuOxrTFNkFNHbmF4ETHaQC1RA65ebzaxqTVO1HQUylrdU6XtGijfFfl2Q mLhFk1Om1AYOanQgOO3fPVohS+6lu4M/ld4/gfoVFOOE/Bjc2JsMO9I9OiZ5LCZQ AzToRfu7jjnvmdMhTgM+ek3/OJfDOtD4KskNZV1rjVTnYQbjblk/QonYibTgVsOm BFc5VQyKkUVrnDa+0Zcdbc2OfHSrGYoCsEIus7stBnbjGOR84qIDUTL9vMkDX0Vf 6o6QiwDkcY5sYGf5ob9BL7Bix3axAccA3Rp7Yq1GXglFFB4dwl6HBfAC6+liHTqF 2GvMDLktkZ1d4SGdabAdJahh04LFCQjgg1m7ZR61tzKzxBpu8D7eTiRQ/EPH0qrV Nob6oBoBIy4qk6KnAhPtY04TjDtK9/J6wUbG+rwYj9V5QAknrvT5zVdGsZTeVuEa R2pG6BJU7hAHv+Ndzey6c0ZxBH9fKdz7h/7ioeQGWPbmVGsebJoi+b4f5pOA31Wv 56Ne1IkhWGfCsBZMieBmWVrQrDVLoUk4DqjJW6TNXx5LvdxIDxP//oMy1plQUhS5 Mq7Ln3HKtNAnKSHgHd4RNWcE4kzvbviBxQHvVgdWTIpNTWEHrnz7L6Sh7HE6SWHJ qz2AtGJKCJL8KvmdQgbhtcYor5oOfZLDe1pZzetWLZ4yQnjJCdM= =Fakc -----END PGP SIGNATURE-----

6 years, 7 months

2
1
0 0

[GIT PULL] commits for Linux 4.9

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.9 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 3c3d05fc6e6653bdf9f7fb3fb6922b199c7ba3ec: Linux 4.9.107 (2018-06-06 16:44:39 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.9-20062018 for you to fetch changes up to e957f7485f14affccc5f60f19dcce3a4f674cc0d: net: usb: cdc_mbim: add flag FLAG_SEND_ZLP (2018-06-07 15:39:36 -0400) - ---------------------------------------------------------------- for-greg-4.9-20062018 - ---------------------------------------------------------------- Damien ThÃ©bault (1): net: dsa: b53: Add BCM5389 support Daniele Palmas (1): net: usb: cdc_mbim: add flag FLAG_SEND_ZLP Eric Dumazet (1): xfrm6: avoid potential infinite loop in _decode_session6() Finn Thain (1): net/sonic: Use dma_mapping_error() Hao Wei Tee (1): iwlwifi: pcie: compare with number of IRQs requested for, not number of CPUs Ivan Bornyakov (1): atm: zatm: fix memcmp casting Josh Hill (1): net: qmi_wwan: Add Netgear Aircard 779S JoÃ£o Paulo Rechi Vita (1): platform/x86: asus-wmi: Fix NULL pointer dereference Julian Anastasov (1): ipvs: fix buffer overflow with sync daemon and service Kirill Tkhai (1): kcm: Fix use-after-free caused by clonned sockets Paolo Abeni (1): netfilter: ebtables: handle string from userspace with care Documentation/devicetree/bindings/net/dsa/b53.txt | 1 + drivers/atm/zatm.c | 4 ++-- drivers/net/dsa/b53/b53_common.c | 13 +++++++++++++ drivers/net/dsa/b53/b53_mdio.c | 5 ++++- drivers/net/dsa/b53/b53_priv.h | 1 + drivers/net/ethernet/natsemi/sonic.c | 2 +- drivers/net/usb/cdc_mbim.c | 2 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/wireless/intel/iwlwifi/pcie/trans.c | 10 +++++----- drivers/platform/x86/asus-wmi.c | 23 +++++++++++++---------- net/bridge/netfilter/ebtables.c | 3 ++- net/ipv6/xfrm6_policy.c | 2 +- net/kcm/kcmsock.c | 2 +- net/netfilter/ipvs/ip_vs_ctl.c | 21 +++++++++++++++------ 14 files changed, 61 insertions(+), 29 deletions(-) -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlsrD08ACgkQ3qZv95d3 LNz7JhAAlyrbs4NT1tU0ZjZYQ78hQbojWTDyMBQSz1+SIKwey/6Mp7HFizAXghY/ 3f4KECTu8a/5P35Jo7euTy7C3RDKOnHtP2yQENuu4AGe/pivIfqqVsIANmdy+sAi BY2iXJllGYeV8777nE0lm3cQrXnAMWhTsMmwKbJk6gHHx9ueaSRns7tajiD4lXm0 Z+F07jReymaOEvi3bNAKZTSU0swprprXTG9GfKPDyfPdB7fu4J7t+HkWI071mTj+ L1gJdcW5XOPuB1Tmu0ES5rRrFsDYdeUEwFoJBq0TplmOEKSNZO+xLWgTLfRZZ3T2 W6YIM+jOs44MfI4Sy5PDmM1jHwnvyUplOxApfx570F7CiSwU8xyuDwpQZIsNrBPn FrsDIy8X7uLLCN0MG0HMO/0P8RhL2tHKwG9gN/xRPo0fOLhVprABj8fTi3FCQhTU /BYAdmj4s58BuEEPND9swFYx96UTNuVVb47HB0+3FasPmCnGdhiVXb+HSSY6tW1a GNQqpcsUUtVoe4sFgb4s2pqZjnXfepvd4EhsI8cGU4KoTQ/vbwK4OVJS+MrSehoB yi169EwX0jL6ILtLNDBm2SVVcw7ukAEq4aDJRjko+X6xWFZxhnGTnFsZldkOEjld DVDGFhcTyUiGE7wVsnZGANMhHhT2LjtyeGDKpQiFn6lMagp0IM4= =gZsz -----END PGP SIGNATURE-----

6 years, 7 months

2
1
0 0

[PATCH v4 2/3] ioremap: Update pgtable free interfaces with addr

by Toshi Kani

From: Chintan Pandya <cpandya(a)codeaurora.org> The following kernel panic was observed on ARM64 platform due to a stale TLB entry. 1. ioremap with 4K size, a valid pte page table is set. 2. iounmap it, its pte entry is set to 0. 3. ioremap the same address with 2M size, update its pmd entry with a new value. 4. CPU may hit an exception because the old pmd entry is still in TLB, which leads to a kernel panic. Commit b6bdb7517c3d ("mm/vmalloc: add interfaces to free unmapped page table") has addressed this panic by falling to pte mappings in the above case on ARM64. To support pmd mappings in all cases, TLB purge needs to be performed in this case on ARM64. Add a new arg, 'addr', to pud_free_pmd_page() and pmd_free_pte_page() so that TLB purge can be added later in seprate patches. [toshi.kani(a)hpe.com: merge changes, rewrite patch description] Fixes: 28ee90fe6048 ("x86/mm: implement free pmd/pte page interfaces") Signed-off-by: Chintan Pandya <cpandya(a)codeaurora.org> Signed-off-by: Toshi Kani <toshi.kani(a)hpe.com> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Will Deacon <will.deacon(a)arm.com> Cc: Joerg Roedel <joro(a)8bytes.org> Cc: <stable(a)vger.kernel.org> --- arch/arm64/mm/mmu.c | 4 ++-- arch/x86/mm/pgtable.c | 12 +++++++----- include/asm-generic/pgtable.h | 8 ++++---- lib/ioremap.c | 4 ++-- 4 files changed, 15 insertions(+), 13 deletions(-) diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c index 493ff75670ff..8ae5d7ae4af3 100644 --- a/arch/arm64/mm/mmu.c +++ b/arch/arm64/mm/mmu.c @@ -977,12 +977,12 @@ int pmd_clear_huge(pmd_t *pmdp) return 1; } -int pud_free_pmd_page(pud_t *pud) +int pud_free_pmd_page(pud_t *pud, unsigned long addr) { return pud_none(*pud); } -int pmd_free_pte_page(pmd_t *pmd) +int pmd_free_pte_page(pmd_t *pmd, unsigned long addr) { return pmd_none(*pmd); } diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c index 1aeb7a5dbce5..fbd14e506758 100644 --- a/arch/x86/mm/pgtable.c +++ b/arch/x86/mm/pgtable.c @@ -723,11 +723,12 @@ int pmd_clear_huge(pmd_t *pmd) /** * pud_free_pmd_page - Clear pud entry and free pmd page. * @pud: Pointer to a PUD. + * @addr: Virtual address associated with pud. * * Context: The pud range has been unmaped and TLB purged. * Return: 1 if clearing the entry succeeded. 0 otherwise. */ -int pud_free_pmd_page(pud_t *pud) +int pud_free_pmd_page(pud_t *pud, unsigned long addr) { pmd_t *pmd; int i; @@ -738,7 +739,7 @@ int pud_free_pmd_page(pud_t *pud) pmd = (pmd_t *)pud_page_vaddr(*pud); for (i = 0; i < PTRS_PER_PMD; i++) - if (!pmd_free_pte_page(&pmd[i])) + if (!pmd_free_pte_page(&pmd[i], addr + (i * PMD_SIZE))) return 0; pud_clear(pud); @@ -750,11 +751,12 @@ int pud_free_pmd_page(pud_t *pud) /** * pmd_free_pte_page - Clear pmd entry and free pte page. * @pmd: Pointer to a PMD. + * @addr: Virtual address associated with pmd. * * Context: The pmd range has been unmaped and TLB purged. * Return: 1 if clearing the entry succeeded. 0 otherwise. */ -int pmd_free_pte_page(pmd_t *pmd) +int pmd_free_pte_page(pmd_t *pmd, unsigned long addr) { pte_t *pte; @@ -770,7 +772,7 @@ int pmd_free_pte_page(pmd_t *pmd) #else /* !CONFIG_X86_64 */ -int pud_free_pmd_page(pud_t *pud) +int pud_free_pmd_page(pud_t *pud, unsigned long addr) { return pud_none(*pud); } @@ -779,7 +781,7 @@ int pud_free_pmd_page(pud_t *pud) * Disable free page handling on x86-PAE. This assures that ioremap() * does not update sync'd pmd entries. See vmalloc_sync_one(). */ -int pmd_free_pte_page(pmd_t *pmd) +int pmd_free_pte_page(pmd_t *pmd, unsigned long addr) { return pmd_none(*pmd); } diff --git a/include/asm-generic/pgtable.h b/include/asm-generic/pgtable.h index f59639afaa39..b081794ba135 100644 --- a/include/asm-generic/pgtable.h +++ b/include/asm-generic/pgtable.h @@ -1019,8 +1019,8 @@ int pud_set_huge(pud_t *pud, phys_addr_t addr, pgprot_t prot); int pmd_set_huge(pmd_t *pmd, phys_addr_t addr, pgprot_t prot); int pud_clear_huge(pud_t *pud); int pmd_clear_huge(pmd_t *pmd); -int pud_free_pmd_page(pud_t *pud); -int pmd_free_pte_page(pmd_t *pmd); +int pud_free_pmd_page(pud_t *pud, unsigned long addr); +int pmd_free_pte_page(pmd_t *pmd, unsigned long addr); #else /* !CONFIG_HAVE_ARCH_HUGE_VMAP */ static inline int p4d_set_huge(p4d_t *p4d, phys_addr_t addr, pgprot_t prot) { @@ -1046,11 +1046,11 @@ static inline int pmd_clear_huge(pmd_t *pmd) { return 0; } -static inline int pud_free_pmd_page(pud_t *pud) +static inline int pud_free_pmd_page(pud_t *pud, unsigned long addr) { return 0; } -static inline int pmd_free_pte_page(pmd_t *pmd) +static inline int pmd_free_pte_page(pmd_t *pmd, unsigned long addr) { return 0; } diff --git a/lib/ioremap.c b/lib/ioremap.c index 54e5bbaa3200..517f5853ffed 100644 --- a/lib/ioremap.c +++ b/lib/ioremap.c @@ -92,7 +92,7 @@ static inline int ioremap_pmd_range(pud_t *pud, unsigned long addr, if (ioremap_pmd_enabled() && ((next - addr) == PMD_SIZE) && IS_ALIGNED(phys_addr + addr, PMD_SIZE) && - pmd_free_pte_page(pmd)) { + pmd_free_pte_page(pmd, addr)) { if (pmd_set_huge(pmd, phys_addr + addr, prot)) continue; } @@ -119,7 +119,7 @@ static inline int ioremap_pud_range(p4d_t *p4d, unsigned long addr, if (ioremap_pud_enabled() && ((next - addr) == PUD_SIZE) && IS_ALIGNED(phys_addr + addr, PUD_SIZE) && - pud_free_pmd_page(pud)) { + pud_free_pmd_page(pud, addr)) { if (pud_set_huge(pud, phys_addr + addr, prot)) continue; }

6 years, 7 months

5
9
0 0

stable request: Revert "sit: reload iphdr in ipip6_rcv"

by Luca Boccassi

Hello, Please consider backporting to 4.9.y the following commit from DaveM [CC'ed]: f4eb17e1efe538d4da7d574bedb00a8dafcc26b7 ("Revert "sit: reload iphdr in ipip6_rcv"") It cherry-picks cleanly and builds fine. The original commit was introduced and reverted in v4.12-rc5, but only the original made its way into the 4.9 stable release (v4.9.94). It causes a regression: pings to v6 hosts over a SIT tunnel do not work anymore, and the following error appears in dmesg: kernel: sit: non-ECT from 0.0.0.0 with TOS=0xd This was also reported and reverted downstream by Ubuntu: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1772775 Thanks! -- Kind regards, Luca Boccassi

6 years, 7 months

2
1
0 0

897366537f("genhd: Fix use after free in __blkdev_get()")

by Zubin Mithra

Hello, Syzkaller has reported a crash here[1] for a UAF in disk_unblock_events. Could the following patches be applied in order to 4.14? 517bf3c30("block: don't look at the struct device dev_t in disk_devt") 8ddcd653("block: introduce GENHD_FL_HIDDEN") f0fba398fe("block: avoid null pointer dereference on null disk") d52987b5("genhd: Fix leaked module reference for NVME devices") 9df6c2991("genhd: Add helper put_disk_and_module()") 89736653("genhd: Fix use after free in __blkdev_get()") [1] https://syzkaller.appspot.com/bug?id=d932bb61fb530dc6816b87b4649f3b6925f510… Thanks, Zubin

6 years, 7 months

2
1
0 0

stable request: don't set F_IFACE on ipv6 fib lookups and followup fix

by Florian Westphal

Hi. Please consider applying 47b7e7f82802 ("netfilter: don't set F_IFACE on ipv6 fib lookups") and its followup commit: cede24d1b21d ("netfilter: ip6t_rpfilter: provide input interface for route lookup") to 4.14.y. For 4.16.y and 4.17.y, please consider applying cede24d1b21d ("netfilter: ip6t_rpfilter: provide input interface for route lookup") For 4.17.y, consider fc6ddbecce44 ("netfilter: xt_connmark: fix list corruption on rmmod"). For all maintained trees, consider following candiate: adc972c5b88829d3 ("netfilter: nf_tables: use WARN_ON_ONCE instead of BUG_ON in nft_do_chain()") Thanks, Florian

6 years, 7 months

2
1
0 0

Re: [PATCHES] Networking

by Jiri Slaby

On 09/15/2017, 06:57 AM, David Miller wrote: > Please queue up the following networking bug fixes for v4.9, v4.12, and > v4.13 -stable, respectively. Hi, while walking through some fixes, I wonder, whether backports of 25cc72a33835 (mlxsw: spectrum: Forbid linking to devices that have uppers) to 4.9 and 4.12 are correct. Part of the original commit: --- a/drivers/net/ethernet/mellanox/mlxsw/spectrum.c +++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum.c @@ -4139,6 +4139,8 @@ static int mlxsw_sp_netdevice_port_upper_event(struct net_device *lower_dev, return -EINVAL; if (!info->linking) break; + if (netdev_has_any_upper_dev(upper_dev)) + return -EINVAL; if (netif_is_lag_master(upper_dev) && !mlxsw_sp_master_lag_check(mlxsw_sp, upper_dev, info->upper_info)) @@ -4258,6 +4260,10 @@ static int mlxsw_sp_netdevice_port_vlan_event(struct net_device *vlan_dev, upper_dev = info->upper_dev; if (!netif_is_bridge_master(upper_dev)) return -EINVAL; + if (!info->linking) + break; + if (netdev_has_any_upper_dev(upper_dev)) + return -EINVAL; break; case NETDEV_CHANGEUPPER: upper_dev = info->upper_dev; It changes mlxsw_sp_netdevice_port_upper_event and mlxsw_sp_netdevice_port_vlan_event. 4.9 backport (73ee5a73e75): --- a/drivers/net/ethernet/mellanox/mlxsw/spectrum.c +++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum.c @@ -4172,6 +4172,8 @@ static int mlxsw_sp_netdevice_port_upper_event(struct net_device *dev, return -EINVAL; if (!info->linking) break; + if (netdev_has_any_upper_dev(upper_dev)) + return -EINVAL; /* HW limitation forbids to put ports to multiple bridges. */ if (netif_is_bridge_master(upper_dev) && !mlxsw_sp_master_bridge_check(mlxsw_sp, upper_dev)) @@ -4185,6 +4187,10 @@ static int mlxsw_sp_netdevice_port_upper_event(struct net_device *dev, if (netif_is_lag_port(dev) && is_vlan_dev(upper_dev) && !netif_is_lag_master(vlan_dev_real_dev(upper_dev))) return -EINVAL; + if (!info->linking) + break; + if (netdev_has_any_upper_dev(upper_dev)) + return -EINVAL; break; case NETDEV_CHANGEUPPER: upper_dev = info->upper_dev; It changes mlxsw_sp_netdevice_port_upper_event *twice* instead of mlxsw_sp_netdevice_port_vlan_event, which was named mlxsw_sp_netdevice_vport_event in 4.9 yet. 4.12 backport (2f4232ba8001): --- a/drivers/net/ethernet/mellanox/mlxsw/spectrum.c +++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum.c @@ -4110,6 +4110,8 @@ static int mlxsw_sp_netdevice_port_upper_event(struct net_device *dev, return -EINVAL; if (!info->linking) break; + if (netdev_has_any_upper_dev(upper_dev)) + return -EINVAL; /* HW limitation forbids to put ports to multiple bridges. */ if (netif_is_bridge_master(upper_dev) && !mlxsw_sp_master_bridge_check(mlxsw_sp, upper_dev)) @@ -4274,6 +4276,10 @@ static int mlxsw_sp_netdevice_bridge_event(struct net_device *br_dev, if (is_vlan_dev(upper_dev) && br_dev != mlxsw_sp->master_bridge.dev) return -EINVAL; + if (!info->linking) + break; + if (netdev_has_any_upper_dev(upper_dev)) + return -EINVAL; break; case NETDEV_CHANGEUPPER: upper_dev = info->upper_dev; It changes mlxsw_sp_netdevice_port_upper_event (OK) and mlxsw_sp_netdevice_bridge_event (not OK) instead of mlxsw_sp_netdevice_vport_event. Did I miss something or is this a mistake? thanks, -- js suse labs

6 years, 7 months

3
5
0 0

netfilter stable requests for 4.14, 4.16

by Florian Westphal

Hello, Here is a list of netfilter bug fixes that I'd like to see in 4.16 and 4.14. I've cherry-picked these and with one exception (noted below) all pick cleanly. Patches are listed in top-down order. For v4.16.y and v4.14.y: b8e9dc1c75714ceb53615743e1036f76e00f5a17 ("netfilter: nf_tables: nft_compat: fix refcount leak on xt module") 8bdf164744b2c7f63561846c01cff3db597f282d ("netfilter: nft_compat: prepare for indirect info storage") Necessary to make the fix (next patch below) apply. 732a8049f365f514d0607e03938491bf6cb0d620 ("netfilter: nft_compat: fix handling of large matchinfo size") Without it, some iptables -A will fail when using iptables via nfnetlink (notably the cgroup match). 009240940e84c1c089af88b454f7e804a4c5bd1b ("netfilter: nf_tables: don't assume chain stats are set when jumplabel is set") Fixes null-ptr deref. bb7b40aecbf778c0c83a5bd62b0f03ca9f49a618 ("netfilter: nf_tables: bogus EBUSY in chain deletions") Fixes erroneous reject of some valid rulesets. 97a0549b15a0b466c47f6a0143a490a082c64b4e ("netfilter: nft_meta: fix wrong value dereference in nft_meta_set_eval") This fixes a bug where 'nft ... meta nftrace set 0' may set a nonzero value instead. ad9d9e85072b668731f356be0a3750a3ba22a607 ("netfilter: nf_tables: disable preemption in nft_update_chain_stats()") 360cc79d9d299ce297b205508276285ceffc5fa8 ("netfilter: nf_tables: fix NULL-ptr in nf_tables_dump_obj()"), bug added in v4.14-rc1 Applies cleanly to 4.16 but in 4.14 tjis fails as the 2nd location that is patched (nf_tables_dump_flowtable) doesn't exist. So in 4.14 this is a one-line change: - if (filter && filter->table[0] && + if (filter && filter->table && bbb8c61f97e3a2dd91b30d3e57b7964a67569d11 ("netfilter: nf_tables: increase nft_counters_enabled in nft_chain_stats_replace()" This fixes underflow of the static_key used for the base chain counters. f0dfd7a2b35b02030949100247d851b793cb275f ("netfilter: nf_tables: fix memory leak on error exit return"), since 4.12 additional change for v4.14.y (its already in 4.16): 467697d289e7e6e1b15910d99096c0da08c56d5b ("netfilter: nf_tables: add missing netlink attrs to policies") If you'd like me to handle such larger requests differently please let me know your preferenced way to handle this. Thanks, Florian

6 years, 7 months

2
2
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror June 2018