March 2019 - Linux-stable-mirror

[PATCH v5 00/10] mm: Sub-section memory hotplug support

by Dan Williams

Changes since v4 [1]: - Given v4 was from March of 2017 the bulk of the changes result from rebasing the patch set from a v4.11-rc2 baseline to v5.1-rc1. - A unit test is added to ndctl to exercise the creation and dax mounting of multiple independent namespaces in a single 128M section. [1]: https://lwn.net/Articles/717383/ --- Quote patch7: "The libnvdimm sub-system has suffered a series of hacks and broken workarounds for the memory-hotplug implementation's awkward section-aligned (128MB) granularity. For example the following backtrace is emitted when attempting arch_add_memory() with physical address ranges that intersect 'System RAM' (RAM) with 'Persistent Memory' (PMEM) within a given section: WARNING: CPU: 0 PID: 558 at kernel/memremap.c:300 devm_memremap_pages+0x3b5/0x4c0 devm_memremap_pages attempted on mixed region [mem 0x200000000-0x2fbffffff flags 0x200] [..] Call Trace: dump_stack+0x86/0xc3 __warn+0xcb/0xf0 warn_slowpath_fmt+0x5f/0x80 devm_memremap_pages+0x3b5/0x4c0 __wrap_devm_memremap_pages+0x58/0x70 [nfit_test_iomap] pmem_attach_disk+0x19a/0x440 [nd_pmem] Recently it was discovered that the problem goes beyond RAM vs PMEM collisions as some platform produce PMEM vs PMEM collisions within a given section. The libnvdimm workaround for that case revealed that the libnvdimm section-alignment-padding implementation has been broken for a long while. A fix for that long-standing breakage introduces as many problems as it solves as it would require a backward-incompatible change to the namespace metadata interpretation. Instead of that dubious route [2], address the root problem in the memory-hotplug implementation." The approach is taken is to observe that each section already maintains an array of 'unsigned long' values to hold the pageblock_flags. A single additional 'unsigned long' is added to house a 'sub-section active' bitmask. Each bit tracks the mapped state of one sub-section's worth of capacity which is SECTION_SIZE / BITS_PER_LONG, or 2MB on x86-64. The implication of allowing sections to be piecemeal mapped/unmapped is that the valid_section() helper is no longer authoritative to determine if a section is fully mapped. Instead pfn_valid() is updated to consult the section-active bitmask. Given that typical memory hotplug still has deep "section" dependencies the sub-section capability is limited to 'want_memblock=false' invocations of arch_add_memory(), effectively only devm_memremap_pages() users for now. With this in place the hacks in the libnvdimm sub-system can be dropped, and other devm_memremap_pages() users need no longer be constrained to 128MB mapping granularity. [2]: https://lore.kernel.org/r/155000671719.348031.2347363160141119237.stgit@dwi… --- Dan Williams (10): mm/sparsemem: Introduce struct mem_section_usage mm/sparsemem: Introduce common definitions for the size and mask of a section mm/sparsemem: Add helpers track active portions of a section at boot mm/hotplug: Prepare shrink_{zone,pgdat}_span for sub-section removal mm/sparsemem: Convert kmalloc_section_memmap() to populate_section_memmap() mm/sparsemem: Prepare for sub-section ranges mm/sparsemem: Support sub-section hotplug mm/devm_memremap_pages: Enable sub-section remap libnvdimm/pfn: Fix fsdax-mode namespace info-block zero-fields libnvdimm/pfn: Stop padding pmem namespaces to section alignment arch/x86/mm/init_64.c | 15 +- drivers/nvdimm/dax_devs.c | 2 drivers/nvdimm/pfn.h | 12 - drivers/nvdimm/pfn_devs.c | 93 +++------- include/linux/memory_hotplug.h | 7 - include/linux/mm.h | 4 include/linux/mmzone.h | 60 ++++++ kernel/memremap.c | 57 ++---- mm/hmm.c | 2 mm/memory_hotplug.c | 119 +++++++----- mm/page_alloc.c | 6 - mm/sparse-vmemmap.c | 21 +- mm/sparse.c | 382 ++++++++++++++++++++++++++++------------ 13 files changed, 476 insertions(+), 304 deletions(-)

5 years, 8 months

4
20
0 0

[RFC/RFT PATCH 04/18] crypto: skcipher - restore default skcipher_walk::iv on error

by Eric Biggers

From: Eric Biggers <ebiggers(a)google.com> When the user-provided IV buffer is not aligned to the algorithm's alignmask, skcipher_walk_virt() allocates an aligned buffer and copies the IV into it. However, skcipher_walk_virt() can fail after that point, and in this case the buffer will be freed. This causes a use-after-free read in callers that read from walk->iv unconditionally, e.g. the LRW template. For example, this can be reproduced by trying to encrypt fewer than 16 bytes using "lrw(aes)". Fix it by making skcipher_walk_first() reset walk->iv to walk->oiv if skcipher_walk_next() fails. This addresses a similar problem as commit 2b4f27c36bcd ("crypto: skcipher - set walk.iv for zero-length inputs"), but that didn't consider the case where skcipher_walk_virt() fails after copying the IV. This bug was detected by my patches that improve testmgr to fuzz algorithms against their generic implementation, when the extra self-tests were run on a KASAN-enabled kernel. Fixes: b286d8b1a690 ("crypto: skcipher - Add skcipher walk interface") Cc: <stable(a)vger.kernel.org> # v4.10+ Signed-off-by: Eric Biggers <ebiggers(a)google.com> --- crypto/skcipher.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/crypto/skcipher.c b/crypto/skcipher.c index bcf13d95f54ac..0f639f018047d 100644 --- a/crypto/skcipher.c +++ b/crypto/skcipher.c @@ -426,19 +426,27 @@ static int skcipher_copy_iv(struct skcipher_walk *walk) static int skcipher_walk_first(struct skcipher_walk *walk) { + int err; + if (WARN_ON_ONCE(in_irq())) return -EDEADLK; walk->buffer = NULL; if (unlikely(((unsigned long)walk->iv & walk->alignmask))) { - int err = skcipher_copy_iv(walk); + err = skcipher_copy_iv(walk); if (err) return err; } walk->page = NULL; - return skcipher_walk_next(walk); + err = skcipher_walk_next(walk); + + /* On error, don't leave 'walk->iv' pointing to freed buffer. */ + if (unlikely(err)) + walk->iv = walk->oiv; + + return err; } static int skcipher_walk_skcipher(struct skcipher_walk *walk, -- 2.21.0

5 years, 8 months

2
3
0 0

[PATCH 4.20 000/171] 4.20.16-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.20.16 release. There are 171 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu Mar 14 17:02:23 UTC 2019. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.20.16-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.20.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.20.16-rc1 Peter Zijlstra (Intel) <peterz(a)infradead.org> perf/x86/intel: Implement support for TSX Force Abort Peter Zijlstra (Intel) <peterz(a)infradead.org> x86: Add TSX Force Abort CPUID/MSR Peter Zijlstra (Intel) <peterz(a)infradead.org> perf/x86/intel: Generalize dynamic constraint creation Peter Zijlstra (Intel) <peterz(a)infradead.org> perf/x86/intel: Make cpuc allocations consistent Daniel F. Dickinson <cshored(a)thecshore.com> ath9k: Avoid OF no-EEPROM quirks without qca,no-eeprom Gao Xiang <gaoxiang25(a)huawei.com> staging: erofs: keep corrupted fs from crashing kernel in erofs_namei() Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Fix missed wakeups in find_insert_glock Jakub Sitnicki <jakub(a)cloudflare.com> bpf: Stop the psock parser before canceling its work Jakub Sitnicki <jakub(a)cloudflare.com> sk_msg: Always cancel strp work before freeing the psock Mika Westerberg <mika.westerberg(a)linux.intel.com> Revert "PCI/PME: Implement runtime PM callbacks" Sean Young <sean(a)mess.org> media: Revert "media: rc: some events are dropped by userspace" Ard Biesheuvel <ard.biesheuvel(a)linaro.org> drm: disable uncached DMA optimization for ARM and arm64 Marek Szyprowski <m.szyprowski(a)samsung.com> ARM: dts: exynos: Fix max voltage for buck8 regulator on Odroid XU3/XU4 Marek Szyprowski <m.szyprowski(a)samsung.com> ARM: dts: exynos: Add minimal clkout parameters to Exynos3250 PMU Marek Szyprowski <m.szyprowski(a)samsung.com> ARM: dts: exynos: Fix pinctrl definition for eMMC RTSN line on Odroid X2/U3 Alistair Strachan <astrachan(a)google.com> arm64: dts: hikey: Revert "Enable HS200 mode on eMMC" Jan Kiszka <jan.kiszka(a)siemens.com> arm64: dts: hikey: Give wifi some time after power-on Jan Kiszka <jan.kiszka(a)siemens.com> arm64: dts: zcu100-revC: Give wifi some time after power-on Alexander Shishkin <alexander.shishkin(a)linux.intel.com> x86/PCI: Fixup RTIT_BAR of Intel Denverton Trace Hub Gustavo A. R. Silva <gustavo(a)embeddedor.com> scsi: aacraid: Fix missing break in switch statement Gustavo A. R. Silva <gustavo(a)embeddedor.com> iscsi_ibft: Fix missing break in switch statement Vincent Batts <vbatts(a)hashbangbash.com> Input: elan_i2c - add id for touchpad found in Lenovo s21e-20 Jason Gerecke <jason.gerecke(a)wacom.com> Input: wacom_serial4 - add support for Wacom ArtPad II tablet Florian Westphal <fw(a)strlen.de> netfilter: nft_compat: don't use refcount_inc on newly allocated entry Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: unbind set in rule from commit path Keith Busch <keith.busch(a)intel.com> nvme-pci: add missing unlock for reset error Liu Bo <bo.liu(a)linux.alibaba.com> blk-iolatency: fix IO hang due to negative inflight counter Sudarsana Reddy Kalluru <skalluru(a)marvell.com> qede: Fix system crash on configuring channels. Sudarsana Reddy Kalluru <skalluru(a)marvell.com> qed: Consider TX tcs while deriving the max num_queues for PF. Manish Chopra <manishc(a)marvell.com> qed: Fix EQ full firmware assert. Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> fs: ratelimit __find_get_block_slow() failure message. Keith Busch <keith.busch(a)intel.com> nvme-pci: fix rapid add remove sequence Keith Busch <keith.busch(a)intel.com> nvme: lock NS list changes while handling command effects Tomi Valkeinen <tomi.valkeinen(a)ti.com> drm/omap: dsi: Hack-fix DSI bus flags Tomi Valkeinen <tomi.valkeinen(a)ti.com> drm/omap: dsi: Fix OF platform depopulate Tomi Valkeinen <tomi.valkeinen(a)ti.com> drm/omap: dsi: Fix crash in DSI debug dumps Philip Yang <Philip.Yang(a)amd.com> drm/amdgpu: use spin_lock_irqsave to protect vm_manager.pasid_idr Tony Lindgren <tony(a)atomide.com> i2c: omap: Use noirq system sleep pm ops to idle device for suspend Ross Lagerwall <ross.lagerwall(a)citrix.com> Revert "scsi: libfc: Add WARN_ON() when deleting rports" Jun-Ru Chang <jrjang(a)realtek.com> MIPS: Remove function size check in get_frame_info() Huacai Chen <chenhc(a)lemote.com> MIPS: Loongson: Introduce and use loongson_llsc_mb() Arnaldo Carvalho de Melo <acme(a)redhat.com> perf trace: Support multiple "vfs_getname" probes Jiri Olsa <jolsa(a)redhat.com> perf symbols: Filter out hidden symbols from labels Julian Wiedmann <jwi(a)linux.ibm.com> s390/qeth: conclude all event processing before offlining a card Julian Wiedmann <jwi(a)linux.ibm.com> s390/qeth: cancel close_dev work before removing a card Julian Wiedmann <jwi(a)linux.ibm.com> s390/qeth: fix use-after-free in error path Julian Wiedmann <jwi(a)linux.ibm.com> s390/qeth: release cmd buffer in error paths Martynas Pumputis <martynas(a)weave.works> netfilter: nf_nat: skip nat clash resolution for same-origin entries Florian Westphal <fw(a)strlen.de> selftests: netfilter: add simple masq/redirect test cases Naresh Kamboju <naresh.kamboju(a)linaro.org> selftests: netfilter: fix config fragment CONFIG_NF_TABLES_INET Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> dmaengine: dmatest: Abort test in case of mapping error Stefano Garzarella <sgarzare(a)redhat.com> vsock/virtio: reset connected sockets on device removal Stefano Garzarella <sgarzare(a)redhat.com> vsock/virtio: fix kernel panic after device hot-unplug Codrin Ciubotariu <codrin.ciubotariu(a)microchip.com> dmaengine: at_xdmac: Fix wrongfull report of a channel as in use Paul Kocialkowski <paul.kocialkowski(a)bootlin.com> drm/sun4i: tcon: Prepare and enable TCON channel 0 clock at init Huang Rui <ray.huang(a)amd.com> drm/amdgpu: fix the incorrect external id for raven series Jay Cornwall <Jay.Cornwall(a)amd.com> drm/amdgpu: Implement doorbell self-ring for NBIO 7.4 Martin KaFai Lau <kafai(a)fb.com> bpf: Fix syscall's stackmap lookup potential deadlock Alexei Starovoitov <ast(a)kernel.org> bpf: fix potential deadlock in bpf_prog_register Alexei Starovoitov <ast(a)kernel.org> bpf: fix lockdep false positive in percpu_freelist Alexei Starovoitov <ast(a)kernel.org> bpf: run bpf programs with preemption disabled Martynas Pumputis <m(a)lambda.lt> bpf, selftests: fix handling of sparse CPU allocations Brian Norris <briannorris(a)chromium.org> ath10k: correct bus type for WCN3990 Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> relay: check return of create_buf_file() properly Zenghui Yu <yuzenghui(a)huawei.com> irqchip/gic-v3-its: Fix ITT_entry_size accessor Jose Abreu <jose.abreu(a)synopsys.com> net: stmmac: Disable EEE mode earlier in XMIT callback Jose Abreu <jose.abreu(a)synopsys.com> net: stmmac: Send TSO packets always from Queue 0 Jose Abreu <jose.abreu(a)synopsys.com> net: stmmac: Fallback to Platform Data clock in Watchdog conversion Chris Wilson <chris(a)chris-wilson.co.uk> drm/amdgpu: Transfer fences to dmabuf importer Alex Deucher <alexander.deucher(a)amd.com> drm/radeon: check if device is root before getting pci speed caps Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: Add missing power attribute to APU check Lubomir Rintel <lkundrak(a)v3.sk> irqchip/mmp: Only touch the PJ4 IRQ & FIQ bits on enable/disable Marc Zyngier <marc.zyngier(a)arm.com> irqchip/gic-v3-its: Gracefully fail on LPI exhaustion Heyi Guo <guoheyi(a)huawei.com> irqchip/gic-v4: Fix occasional VLPI drop Alexey Khoroshilov <khoroshilov(a)ispras.ru> usb: dwc3: exynos: Fix error handling of clk_prepare_enable Anders Roxell <anders.roxell(a)linaro.org> usb: phy: fix link errors Zhou Yanjie <zhouyanjie(a)cduestc.edu.cn> DTS: CI20: Fix bugs in ci20's device tree. Paul Cercueil <paul(a)crapouillou.net> MIPS: DTS: jz4740: Correct interrupt number of DMA core Felix Fietkau <nbd(a)nbd.name> batman-adv: release station info tidstats Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> arm64: dts: add msm8996 compatible to gicv3 Heiko Schocher <hs(a)denx.de> ARM: dts: am335x-shc.dts: fix wrong cd pin level Arthur Demchenkov <spinal.by(a)gmail.com> ARM: dts: n900: fix mmc1 card detect gpio polarity Tony Lindgren <tony(a)atomide.com> ARM: dts: omap3-gta04: Fix graph_port warning Peng Hao <peng.hao2(a)zte.com.cn> ARM: pxa: ssp: unneeded to free devm_ allocated data Yafang Shao <laoar.shao(a)gmail.com> bpf: sock recvbuff must be limited by rmem_max in bpf_setsockopt() Paolo Abeni <pabeni(a)redhat.com> bpftool: fix percpu maps updating Jiri Olsa <jolsa(a)kernel.org> bpftool: Fix prog dump by tag Ulf Hansson <ulf.hansson(a)linaro.org> wlcore: sdio: Fixup power on/off sequence Jason Kridner <jkridner(a)gmail.com> pinctrl: mcp23s08: spi: Fix regmap allocation for mcp23s18 Madalin Bucur <madalin.bucur(a)nxp.com> soc: fsl: qbman: avoid race in clearing QMan interrupt Geert Uytterhoeven <geert+renesas(a)glider.be> arm64: dts: renesas: r8a77965: Enable DMA for SCIF2 Geert Uytterhoeven <geert+renesas(a)glider.be> arm64: dts: renesas: r8a7796: Enable DMA for SCIF2 Anson Huang <anson.huang(a)nxp.com> ARM: dts: imx6sx: correct backward compatible of gpt Eric W. Biederman <ebiederm(a)xmission.com> signal: Make siginmask safe when passed a signal of 0 Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> ARM: dts: meson8m2: mxiii-plus: mark the SD card detection GPIO active-low Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> ARM: dts: meson8b: ec100: mark the SD card detection GPIO active-low Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> ARM: dts: meson8b: odroidc1: mark the SD card detection GPIO active-low Carlo Caione <ccaione(a)baylibre.com> arm: dts: meson: Fix IRQ trigger type for macirq Jernej Skrabec <jernej.skrabec(a)siol.net> ARM: dts: sun8i: h3: Add ethernet0 alias to Beelink X2 Tony Lindgren <tony(a)atomide.com> ARM: dts: omap4-droid4: Fix typo in cpcap IRQ flags Aaro Koskinen <aaro.koskinen(a)iki.fi> ARM: OMAP: dts: N950/N9: fix onenand timings Michal Hocko <mhocko(a)suse.com> mm, memory_hotplug: fix off-by-one in is_pageblock_removable Ian Kent <raven(a)themaw.net> autofs: fix error return in autofs_fill_super() Pan Bian <bianpan2016(a)163.com> autofs: drop dentry reference only when it is never used Jan Kara <jack(a)suse.cz> fs/drop_caches.c: avoid softlockups in drop_pagecache_sb() Dan Carpenter <dan.carpenter(a)oracle.com> lib/test_kmod.c: potential double free in error handling Johannes Weiner <hannes(a)cmpxchg.org> psi: fix aggregation idle shut-off Mikhail Zaslonko <zaslonko(a)linux.ibm.com> mm, memory_hotplug: test_pages_in_a_zone do not pass the end of zone Michal Hocko <mhocko(a)suse.com> mm, memory_hotplug: is_mem_section_removable do not pass the end of a zone Qian Cai <cai(a)lca.pw> x86_64: increase stack size for KASAN_EXTRA Alexey Dobriyan <adobriyan(a)gmail.com> proc: fix /proc/net/* after setns(2) Kairui Song <kasong(a)redhat.com> x86/kexec: Don't setup EFI info if EFI runtime is not enabled John Johansen <john.johansen(a)canonical.com> apparmor: Fix aa_label_build() error handling for failed merges James Morse <james.morse(a)arm.com> arm64: kprobe: Always blacklist the KVM world-switch code Petr Vorel <pvorel(a)suse.cz> apparmor: Fix warning about unused function apparmor_ipv6_postroute Thomas Lendacky <Thomas.Lendacky(a)amd.com> x86/microcode/amd: Don't falsely trick the late loading mechanism Ronnie Sahlberg <lsahlber(a)redhat.com> cifs: fix computation for MAX_SMB2_HDR_SIZE Wei Huang <wei(a)redhat.com> x86/boot/compressed/64: Set EFER.LME=1 in 32-bit trampoline before returning to long mode Harini Katakam <harini.katakam(a)xilinx.com> net: macb: Apply RXUBR workaround only to versions with errata Kan Liang <kan.liang(a)linux.intel.com> x86/cpu: Add Atom Tremont (Jacobsville) Sinan Kaya <okaya(a)kernel.org> platform/x86: Fix unmet dependency warning for SAMSUNG_Q10 Sinan Kaya <okaya(a)kernel.org> platform/x86: Fix unmet dependency warning for ACPI_CMPC Dan Carpenter <dan.carpenter(a)oracle.com> scsi: 53c700: pass correct "dev" to dma_alloc_attrs() Dan Carpenter <dan.carpenter(a)oracle.com> scsi: bnx2fc: Fix error handling in probe() Douglas Gilbert <dgilbert(a)interlog.com> scsi: scsi_debug: fix write_same with virtual_gb problem Ming Lu <ming.lu(a)citrix.com> scsi: libfc: free skb when receiving invalid flogi resp Manish Chopra <manishc(a)marvell.com> qed: Fix stack out of bounds bug Manish Chopra <manishc(a)marvell.com> qed: Fix system crash in ll2 xmit Manish Chopra <manishc(a)marvell.com> qed: Fix VF probe failure while FLR Manish Chopra <manishc(a)marvell.com> qed: Fix LACP pdu drops for VFs Manish Chopra <manishc(a)marvell.com> qed: Fix bug in tx promiscuous mode settings Yao Liu <yotta.liu(a)ucloud.cn> nfs: Fix NULL pointer dereference of dev_name Fathi Boudra <fathi.boudra(a)linaro.org> selftests: timers: use LDLIBS instead of LDFLAGS Fathi Boudra <fathi.boudra(a)linaro.org> selftests: net: use LDLIBS instead of LDFLAGS Andrew Lunn <andrew(a)lunn.ch> gpio: vf610: Mask all GPIO interrupts Florian Westphal <fw(a)strlen.de> netfilter: ebtables: compat: un-break 32bit setsockopt when no rules are present Alexey Khoroshilov <khoroshilov(a)ispras.ru> net: stmmac: dwmac-rk: fix error handling in rk_gmac_powerup() Yonglong Liu <liuyonglong(a)huawei.com> net: hns: Fix wrong read accesses via Clause 45 MDIO protocol Yonglong Liu <liuyonglong(a)huawei.com> net: hns: Restart autoneg need return failed when autoneg off Yonglong Liu <liuyonglong(a)huawei.com> net: hns: Fix for missing of_node_put() after of_parse_phandle() Tomonori Sakita <tomonori.sakita(a)sord.co.jp> net: altera_tse: fix msgdma_tx_completion on non-zero fill_level case Max Filippov <jcmvbkbc(a)gmail.com> xtensa: SMP: limit number of possible CPUs by NR_CPUS Christoph Hellwig <hch(a)lst.de> iomap: fix a use after free in iomap_dio_rw Piotr Jaroszynski <pjaroszynski(a)nvidia.com> iomap: get/put the page in iomap_page_create/release() Max Filippov <jcmvbkbc(a)gmail.com> xtensa: SMP: mark each possible CPU as present Max Filippov <jcmvbkbc(a)gmail.com> xtensa: smp_lx200_defconfig: fix vectors clash Max Filippov <jcmvbkbc(a)gmail.com> xtensa: SMP: fix secondary CPU initialization Colin Ian King <colin.king(a)canonical.com> selftests: cpu-hotplug: fix case where CPUs offline > CPUs present Feras Daoud <ferasda(a)mellanox.com> IB/ipoib: Fix for use-after-free in ipoib_cm_tx_start Alexandre Ghiti <aghiti(a)upmem.com> riscv: Adjust mmap base address at a third of task size Artemy Kovalyov <artemyko(a)mellanox.com> RDMA/umem: Add missing initialization of owning_mm Max Filippov <jcmvbkbc(a)gmail.com> xtensa: SMP: fix ccount_timer_shutdown Taniya Das <tdas(a)codeaurora.org> clk: qcom: gcc: Use active only source for CPUSS clocks Dan Carpenter <dan.carpenter(a)oracle.com> clk: ti: Fix error handling in ti_clk_parse_divider_data() Suravee Suthikulpanit <suravee.suthikulpanit(a)amd.com> iommu/amd: Fix IOMMU page flush when detach device from a domain ZhangXiaoxu <zhangxiaoxu5(a)huawei.com> ipvs: Fix signed integer overflow when setsockopt timeout Guo Ren <ren_guo(a)c-sky.com> riscv: fixup max_low_pfn with PFN_DOWN. Jerry Snitselaar <jsnitsel(a)redhat.com> iommu/amd: Unmap all mapped pages in error path of map_sg Jerry Snitselaar <jsnitsel(a)redhat.com> iommu/amd: Call free_iova_fast with pfn in map_sg Brian Welty <brian.welty(a)intel.com> IB/{hfi1, qib}: Fix WC.byte_len calculation for UD_SEND_WITH_IMM Tony Jones <tonyj(a)suse.de> perf script: Fix crash when processing recorded stat data Stephane Eranian <eranian(a)google.com> perf tools: Handle TOPOLOGY headers with no CPU Arnaldo Carvalho de Melo <acme(a)redhat.com> perf python: Remove -fstack-clash-protection when building with some clang versions Stephane Eranian <eranian(a)google.com> perf core: Fix perf_proc_update_handler() bug Andi Kleen <ak(a)linux.intel.com> perf script: Fix crash with printing mixed trace point and other events Florian Westphal <fw(a)strlen.de> netfilter: nft_compat: destroy function must not have side effects Florian Westphal <fw(a)strlen.de> netfilter: nft_compat: make lists per netns Florian Westphal <fw(a)strlen.de> netfilter: nft_compat: use refcnt_t type for nft_xt reference count Jiri Olsa <jolsa(a)kernel.org> perf ordered_events: Fix crash in ordered_events__free Su Yanjun <suyj.fnst(a)cn.fujitsu.com> vti4: Fix a ipip packet processing bug in 'IPCOMP' virtual tunnel Alistair Strachan <astrachan(a)google.com> media: uvcvideo: Fix 'type' check leading to overflow ------------- Diffstat: Makefile | 4 +- arch/arm/boot/dts/am335x-shc.dts | 2 +- arch/arm/boot/dts/exynos3250.dtsi | 3 + arch/arm/boot/dts/exynos4412-odroid-common.dtsi | 13 +- arch/arm/boot/dts/exynos5422-odroid-core.dtsi | 2 +- arch/arm/boot/dts/imx6sx.dtsi | 2 +- arch/arm/boot/dts/meson.dtsi | 2 +- arch/arm/boot/dts/meson8b-ec100.dts | 3 +- arch/arm/boot/dts/meson8b-odroidc1.dts | 4 +- arch/arm/boot/dts/meson8m2-mxiii-plus.dts | 3 +- arch/arm/boot/dts/motorola-cpcap-mapphone.dtsi | 2 +- arch/arm/boot/dts/omap3-gta04.dtsi | 4 - arch/arm/boot/dts/omap3-n900.dts | 2 +- arch/arm/boot/dts/omap3-n950-n9.dtsi | 42 +- arch/arm/boot/dts/sun8i-h3-beelink-x2.dts | 2 +- arch/arm/plat-pxa/ssp.c | 3 - arch/arm64/boot/dts/hisilicon/hi6220-hikey.dts | 2 +- arch/arm64/boot/dts/qcom/msm8996.dtsi | 2 +- arch/arm64/boot/dts/renesas/r8a7796.dtsi | 3 + arch/arm64/boot/dts/renesas/r8a77965.dtsi | 3 + arch/arm64/boot/dts/xilinx/zynqmp-zcu100-revC.dts | 1 + arch/arm64/kernel/probes/kprobes.c | 6 +- arch/mips/Kconfig | 15 + arch/mips/boot/dts/ingenic/ci20.dts | 8 +- arch/mips/boot/dts/ingenic/jz4740.dtsi | 2 +- arch/mips/include/asm/atomic.h | 6 + arch/mips/include/asm/barrier.h | 36 + arch/mips/include/asm/bitops.h | 5 + arch/mips/include/asm/futex.h | 3 + arch/mips/include/asm/pgtable.h | 2 + arch/mips/kernel/process.c | 7 +- arch/mips/loongson64/Platform | 23 + arch/mips/mm/tlbex.c | 10 + arch/riscv/include/asm/processor.h | 2 +- arch/riscv/kernel/setup.c | 2 +- arch/riscv/mm/init.c | 3 +- arch/x86/boot/compressed/head_64.S | 8 + arch/x86/boot/compressed/pgtable.h | 2 +- arch/x86/events/core.c | 13 +- arch/x86/events/intel/core.c | 154 ++++- arch/x86/events/perf_event.h | 17 +- arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/include/asm/intel-family.h | 3 +- arch/x86/include/asm/msr-index.h | 6 + arch/x86/include/asm/page_64_types.h | 4 + arch/x86/kernel/cpu/microcode/amd.c | 2 +- arch/x86/kernel/kexec-bzimage64.c | 3 + arch/x86/pci/fixup.c | 16 + arch/xtensa/configs/smp_lx200_defconfig | 1 + arch/xtensa/kernel/head.S | 5 +- arch/xtensa/kernel/smp.c | 41 +- arch/xtensa/kernel/time.c | 2 +- block/blk-iolatency.c | 52 +- drivers/clk/qcom/gcc-sdm845.c | 14 +- drivers/clk/ti/divider.c | 11 +- drivers/dma/at_xdmac.c | 19 +- drivers/dma/dmatest.c | 28 +- drivers/firmware/iscsi_ibft.c | 1 + drivers/gpio/gpio-vf610.c | 5 + drivers/gpu/drm/amd/amdgpu/amdgpu_pm.c | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_prime.c | 59 +- drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 5 +- drivers/gpu/drm/amd/amdgpu/nbio_v7_4.c | 13 + drivers/gpu/drm/amd/amdgpu/soc15.c | 6 +- drivers/gpu/drm/omapdrm/dss/dsi.c | 27 +- drivers/gpu/drm/radeon/ci_dpm.c | 5 +- drivers/gpu/drm/radeon/si_dpm.c | 5 +- drivers/gpu/drm/sun4i/sun4i_tcon.c | 2 + drivers/i2c/busses/i2c-omap.c | 13 +- drivers/infiniband/core/umem_odp.c | 3 + drivers/infiniband/hw/hfi1/ud.c | 1 - drivers/infiniband/hw/qib/qib_ud.c | 1 - drivers/infiniband/ulp/ipoib/ipoib.h | 1 - drivers/infiniband/ulp/ipoib/ipoib_cm.c | 3 +- drivers/input/mouse/elan_i2c_core.c | 1 + drivers/input/tablet/wacom_serial4.c | 2 + drivers/iommu/amd_iommu.c | 19 +- drivers/irqchip/irq-gic-v3-its.c | 69 +- drivers/irqchip/irq-mmp.c | 6 +- drivers/media/rc/rc-main.c | 13 +- drivers/media/usb/uvc/uvc_driver.c | 14 +- drivers/net/ethernet/altera/altera_msgdma.c | 3 +- drivers/net/ethernet/cadence/macb.h | 3 + drivers/net/ethernet/cadence/macb_main.c | 28 +- drivers/net/ethernet/hisilicon/hns/hns_enet.c | 5 + drivers/net/ethernet/hisilicon/hns/hns_ethtool.c | 16 +- drivers/net/ethernet/hisilicon/hns_mdio.c | 2 +- drivers/net/ethernet/qlogic/qed/qed_dev.c | 8 +- drivers/net/ethernet/qlogic/qed/qed_l2.c | 17 +- drivers/net/ethernet/qlogic/qed/qed_l2.h | 3 + drivers/net/ethernet/qlogic/qed/qed_ll2.c | 20 +- drivers/net/ethernet/qlogic/qed/qed_sp.h | 1 + drivers/net/ethernet/qlogic/qed/qed_spq.c | 15 +- drivers/net/ethernet/qlogic/qed/qed_sriov.c | 10 +- drivers/net/ethernet/qlogic/qed/qed_vf.c | 10 + drivers/net/ethernet/qlogic/qede/qede.h | 3 + drivers/net/ethernet/qlogic/qede/qede_fp.c | 13 + drivers/net/ethernet/qlogic/qede/qede_main.c | 3 + drivers/net/ethernet/stmicro/stmmac/dwmac-rk.c | 4 +- .../net/ethernet/stmicro/stmmac/stmmac_ethtool.c | 14 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 17 +- drivers/net/wireless/ath/ath10k/core.c | 2 +- drivers/net/wireless/ath/ath9k/init.c | 6 +- drivers/net/wireless/ti/wlcore/sdio.c | 15 +- drivers/nvme/host/core.c | 8 +- drivers/nvme/host/nvme.h | 1 + drivers/nvme/host/pci.c | 30 +- drivers/pci/pcie/pme.c | 27 - drivers/pinctrl/pinctrl-mcp23s08.c | 7 +- drivers/platform/x86/Kconfig | 2 + drivers/s390/net/qeth_core.h | 3 +- drivers/s390/net/qeth_core_main.c | 31 +- drivers/s390/net/qeth_l2_main.c | 8 +- drivers/s390/net/qeth_l3_main.c | 3 + drivers/scsi/53c700.c | 2 +- drivers/scsi/aacraid/commsup.c | 5 +- drivers/scsi/bnx2fc/bnx2fc_io.c | 4 +- drivers/scsi/libfc/fc_lport.c | 6 +- drivers/scsi/libfc/fc_rport.c | 1 - drivers/scsi/scsi_debug.c | 41 +- drivers/soc/fsl/qbman/qman.c | 9 +- drivers/staging/erofs/namei.c | 183 ++--- drivers/usb/dwc3/dwc3-exynos.c | 4 +- drivers/usb/phy/Kconfig | 2 +- fs/autofs/expire.c | 3 +- fs/autofs/inode.c | 4 +- fs/buffer.c | 19 +- fs/cifs/smb2pdu.h | 4 +- fs/drop_caches.c | 8 +- fs/gfs2/glock.c | 2 +- fs/iomap.c | 37 +- fs/nfs/super.c | 5 + fs/proc/generic.c | 4 +- fs/proc/internal.h | 1 + fs/proc/proc_net.c | 20 + include/drm/drm_cache.h | 18 + include/linux/filter.h | 21 +- include/linux/irqchip/arm-gic-v3.h | 2 +- include/linux/signal.h | 2 +- include/linux/stmmac.h | 1 + include/net/netfilter/nf_tables.h | 17 +- kernel/bpf/cgroup.c | 2 +- kernel/bpf/hashtab.c | 4 +- kernel/bpf/percpu_freelist.c | 41 +- kernel/bpf/percpu_freelist.h | 4 + kernel/bpf/syscall.c | 12 +- kernel/events/core.c | 14 +- kernel/relay.c | 4 +- kernel/sched/psi.c | 21 +- kernel/trace/bpf_trace.c | 14 +- kernel/workqueue.c | 23 + kernel/workqueue_internal.h | 6 +- lib/test_kmod.c | 2 +- mm/memory_hotplug.c | 29 +- net/batman-adv/bat_v_elp.c | 3 + net/bridge/netfilter/ebtables.c | 9 +- net/core/filter.c | 2 + net/core/skmsg.c | 4 +- net/ipv4/ip_vti.c | 50 ++ net/netfilter/ipvs/ip_vs_ctl.c | 12 + net/netfilter/nf_conntrack_core.c | 16 + net/netfilter/nf_tables_api.c | 85 ++- net/netfilter/nft_compat.c | 177 +++-- net/netfilter/nft_dynset.c | 18 +- net/netfilter/nft_immediate.c | 6 +- net/netfilter/nft_lookup.c | 18 +- net/netfilter/nft_objref.c | 18 +- net/vmw_vsock/virtio_transport.c | 29 +- security/apparmor/domain.c | 5 +- security/apparmor/lsm.c | 2 + tools/bpf/bpftool/map.c | 16 + tools/bpf/bpftool/prog.c | 5 +- tools/perf/builtin-script.c | 9 +- tools/perf/builtin-trace.c | 25 +- tools/perf/util/cpumap.c | 11 +- tools/perf/util/ordered-events.c | 6 +- tools/perf/util/setup.py | 2 + tools/perf/util/symbol-elf.c | 9 +- tools/testing/selftests/bpf/bpf_util.h | 30 +- .../selftests/cpu-hotplug/cpu-on-off-test.sh | 13 +- tools/testing/selftests/net/Makefile | 2 +- tools/testing/selftests/netfilter/Makefile | 2 +- tools/testing/selftests/netfilter/config | 2 +- tools/testing/selftests/netfilter/nft_nat.sh | 762 +++++++++++++++++++++ tools/testing/selftests/proc/.gitignore | 1 + tools/testing/selftests/proc/Makefile | 1 + tools/testing/selftests/proc/setns-dcache.c | 129 ++++ tools/testing/selftests/timers/Makefile | 2 +- 188 files changed, 2601 insertions(+), 732 deletions(-)

5 years, 8 months

5
177
0 0

[PATCH 1/4] usb: common: Consider only available nodes for dr_mode

by Fabrizio Castro

There are cases where multiple device tree nodes point to the same phy node by means of the "phys" property, but we should only consider those nodes that are marked as available rather than just any node. Fixes: 98bfb3946695 ("usb: of: add an api to get dr_mode by the phy node") Cc: stable(a)vger.kernel.org # v4.4+ Signed-off-by: Fabrizio Castro <fabrizio.castro(a)bp.renesas.com> --- drivers/usb/common/common.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/usb/common/common.c b/drivers/usb/common/common.c index 48277bb..73c8e65 100644 --- a/drivers/usb/common/common.c +++ b/drivers/usb/common/common.c @@ -145,6 +145,8 @@ enum usb_dr_mode of_usb_get_dr_mode_by_phy(struct device_node *np, int arg0) do { controller = of_find_node_with_property(controller, "phys"); + if (!of_device_is_available(controller)) + continue; index = 0; do { if (arg0 == -1) { -- 2.7.4

5 years, 8 months

2
5
0 0

[PATCH] mtd: rawnand: marvell: select target before setting up data interface

by Daniel Mack

Now that the nand drivers are responsible for selecting the target prior to hardware access, a call to marvell_nfc_select_target() is necessary from marvell_nfc_setup_data_interface(). This is a regression introduced by commit b25251414f6e ("mtd: rawnand: marvell: Stop implementing ->select_chip()"). Fixes: b25251414f6e ("mtd: rawnand: marvell: Stop implementing ->select_chip()") Cc: Boris Brezillon <boris.brezillon(a)collabora.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Daniel Mack <daniel(a)zonque.org> --- drivers/mtd/nand/raw/marvell_nand.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/mtd/nand/raw/marvell_nand.c b/drivers/mtd/nand/raw/marvell_nand.c index 84283c6bb0ff..93abe5be8995 100644 --- a/drivers/mtd/nand/raw/marvell_nand.c +++ b/drivers/mtd/nand/raw/marvell_nand.c @@ -2325,6 +2325,8 @@ static int marvell_nfc_setup_data_interface(struct nand_chip *chip, int chipnr, struct marvell_nfc_timings nfc_tmg; int read_delay; + marvell_nfc_select_target(chip, chip->cur_cs); + sdr = nand_get_sdr_timings(conf); if (IS_ERR(sdr)) return PTR_ERR(sdr); -- 2.20.1

5 years, 8 months

3
9
0 0

[PATCH] drm/sun4i: DW HDMI: Lower max. supported rate for H6

by Jernej Skrabec

Currently resolutions with pixel clock higher than 340 MHz don't work with H6 HDMI controller. They just produce a blank screen. Limit maximum pixel clock rate to 340 MHz until scrambling is supported. Cc: stable(a)vger.kernel.org # 5.0 Fixes: 40bb9d3147b2 ("drm/sun4i: Add support for H6 DW HDMI controller") Signed-off-by: Jernej Skrabec <jernej.skrabec(a)siol.net> --- drivers/gpu/drm/sun4i/sun8i_dw_hdmi.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/sun4i/sun8i_dw_hdmi.c b/drivers/gpu/drm/sun4i/sun8i_dw_hdmi.c index caea5a9f8f1d..ba4ce576b471 100644 --- a/drivers/gpu/drm/sun4i/sun8i_dw_hdmi.c +++ b/drivers/gpu/drm/sun4i/sun8i_dw_hdmi.c @@ -48,8 +48,13 @@ static enum drm_mode_status sun8i_dw_hdmi_mode_valid_h6(struct drm_connector *connector, const struct drm_display_mode *mode) { - /* This is max for HDMI 2.0b (4K@60Hz) */ - if (mode->clock > 594000) + /* + * Controller support maximum of 594 MHz, which correlates to + * 4K@60Hz 4:4:4 or RGB. However, for frequencies greater than + * 340 MHz scrambling has to be enabled. Because scrambling is + * not yet implemented, just limit to 340 MHz for now. + */ + if (mode->clock > 340000) return MODE_CLOCK_HIGH; return MODE_OK; -- 2.21.0

5 years, 8 months

2
1
0 0

[PATCH AUTOSEL 5.0 001/262] CIFS: fix POSIX lock leak and invalid ptr deref

by Sasha Levin

From: Aurelien Aptel <aaptel(a)suse.com> [ Upstream commit bc31d0cdcfbadb6258b45db97e93b1c83822ba33 ] We have a customer reporting crashes in lock_get_status() with many "Leaked POSIX lock" messages preceeding the crash. Leaked POSIX lock on dev=0x0:0x56 ... Leaked POSIX lock on dev=0x0:0x56 ... Leaked POSIX lock on dev=0x0:0x56 ... Leaked POSIX lock on dev=0x0:0x53 ... Leaked POSIX lock on dev=0x0:0x53 ... Leaked POSIX lock on dev=0x0:0x53 ... Leaked POSIX lock on dev=0x0:0x53 ... POSIX: fl_owner=ffff8900e7b79380 fl_flags=0x1 fl_type=0x1 fl_pid=20709 Leaked POSIX lock on dev=0x0:0x4b ino... Leaked locks on dev=0x0:0x4b ino=0xf911400000029: POSIX: fl_owner=ffff89f41c870e00 fl_flags=0x1 fl_type=0x1 fl_pid=19592 stack segment: 0000 [#1] SMP Modules linked in: binfmt_misc msr tcp_diag udp_diag inet_diag unix_diag af_packet_diag netlink_diag rpcsec_gss_krb5 arc4 ecb auth_rpcgss nfsv4 md4 nfs nls_utf8 lockd grace cifs sunrpc ccm dns_resolver fscache af_packet iscsi_ibft iscsi_boot_sysfs vmw_vsock_vmci_transport vsock xfs libcrc32c sb_edac edac_core crct10dif_pclmul crc32_pclmul ghash_clmulni_intel drbg ansi_cprng vmw_balloon aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helper cryptd joydev pcspkr vmxnet3 i2c_piix4 vmw_vmci shpchp fjes processor button ac btrfs xor raid6_pq sr_mod cdrom ata_generic sd_mod ata_piix vmwgfx crc32c_intel drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops ttm serio_raw ahci libahci drm libata vmw_pvscsi sg dm_multipath dm_mod scsi_dh_rdac scsi_dh_emc scsi_dh_alua scsi_mod autofs4 Supported: Yes CPU: 6 PID: 28250 Comm: lsof Not tainted 4.4.156-94.64-default #1 Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 04/05/2016 task: ffff88a345f28740 ti: ffff88c74005c000 task.ti: ffff88c74005c000 RIP: 0010:[<ffffffff8125dcab>] [<ffffffff8125dcab>] lock_get_status+0x9b/0x3b0 RSP: 0018:ffff88c74005fd90 EFLAGS: 00010202 RAX: ffff89bde83e20ae RBX: ffff89e870003d18 RCX: 0000000049534f50 RDX: ffffffff81a3541f RSI: ffffffff81a3544e RDI: ffff89bde83e20ae RBP: 0026252423222120 R08: 0000000020584953 R09: 000000000000ffff R10: 0000000000000000 R11: ffff88c74005fc70 R12: ffff89e5ca7b1340 R13: 00000000000050e5 R14: ffff89e870003d30 R15: ffff89e5ca7b1340 FS: 00007fafd64be800(0000) GS:ffff89f41fd00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000001c80018 CR3: 000000a522048000 CR4: 0000000000360670 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Stack: 0000000000000208 ffffffff81a3d6b6 ffff89e870003d30 ffff89e870003d18 ffff89e5ca7b1340 ffff89f41738d7c0 ffff89e870003d30 ffff89e5ca7b1340 ffffffff8125e08f 0000000000000000 ffff89bc22b67d00 ffff88c74005ff28 Call Trace: [<ffffffff8125e08f>] locks_show+0x2f/0x70 [<ffffffff81230ad1>] seq_read+0x251/0x3a0 [<ffffffff81275bbc>] proc_reg_read+0x3c/0x70 [<ffffffff8120e456>] __vfs_read+0x26/0x140 [<ffffffff8120e9da>] vfs_read+0x7a/0x120 [<ffffffff8120faf2>] SyS_read+0x42/0xa0 [<ffffffff8161cbc3>] entry_SYSCALL_64_fastpath+0x1e/0xb7 When Linux closes a FD (close(), close-on-exec, dup2(), ...) it calls filp_close() which also removes all posix locks. The lock struct is initialized like so in filp_close() and passed down to cifs ... lock.fl_type = F_UNLCK; lock.fl_flags = FL_POSIX | FL_CLOSE; lock.fl_start = 0; lock.fl_end = OFFSET_MAX; ... Note the FL_CLOSE flag, which hints the VFS code that this unlocking is done for closing the fd. filp_close() locks_remove_posix(filp, id); vfs_lock_file(filp, F_SETLK, &lock, NULL); return filp->f_op->lock(filp, cmd, fl) => cifs_lock() rc = cifs_setlk(file, flock, type, wait_flag, posix_lck, lock, unlock, xid); rc = server->ops->mand_unlock_range(cfile, flock, xid); if (flock->fl_flags & FL_POSIX && !rc) rc = locks_lock_file_wait(file, flock) Notice how we don't call locks_lock_file_wait() which does the generic VFS lock/unlock/wait work on the inode if rc != 0. If we are closing the handle, the SMB server is supposed to remove any locks associated with it. Similarly, cifs.ko frees and wakes up any lock and lock waiter when closing the file: cifs_close() cifsFileInfo_put(file->private_data) /* * Delete any outstanding lock records. We'll lose them when the file * is closed anyway. */ down_write(&cifsi->lock_sem); list_for_each_entry_safe(li, tmp, &cifs_file->llist->locks, llist) { list_del(&li->llist); cifs_del_lock_waiters(li); kfree(li); } list_del(&cifs_file->llist->llist); kfree(cifs_file->llist); up_write(&cifsi->lock_sem); So we can safely ignore unlocking failures in cifs_lock() if they happen with the FL_CLOSE flag hint set as both the server and the client take care of it during the actual closing. This is not a proper fix for the unlocking failure but it's safe and it seems to prevent the lock leakages and crashes the customer experiences. Signed-off-by: Aurelien Aptel <aaptel(a)suse.com> Signed-off-by: NeilBrown <neil(a)brown.name> Signed-off-by: Steve French <stfrench(a)microsoft.com> Acked-by: Pavel Shilovsky <pshilov(a)microsoft.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/cifs/file.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/fs/cifs/file.c b/fs/cifs/file.c index 95461db80011..8d107587208f 100644 --- a/fs/cifs/file.c +++ b/fs/cifs/file.c @@ -1645,8 +1645,20 @@ cifs_setlk(struct file *file, struct file_lock *flock, __u32 type, rc = server->ops->mand_unlock_range(cfile, flock, xid); out: - if (flock->fl_flags & FL_POSIX && !rc) + if (flock->fl_flags & FL_POSIX) { + /* + * If this is a request to remove all locks because we + * are closing the file, it doesn't matter if the + * unlocking failed as both cifs.ko and the SMB server + * remove the lock on file close + */ + if (rc) { + cifs_dbg(VFS, "%s failed rc=%d\n", __func__, rc); + if (!(flock->fl_flags & FL_CLOSE)) + return rc; + } rc = locks_lock_file_wait(file, flock); + } return rc; } -- 2.19.1

5 years, 8 months

9
283
0 0

[PATCH AUTOSEL 4.9 01/87] CIFS: fix POSIX lock leak and invalid ptr deref

by Sasha Levin

From: Aurelien Aptel <aaptel(a)suse.com> [ Upstream commit bc31d0cdcfbadb6258b45db97e93b1c83822ba33 ] We have a customer reporting crashes in lock_get_status() with many "Leaked POSIX lock" messages preceeding the crash. Leaked POSIX lock on dev=0x0:0x56 ... Leaked POSIX lock on dev=0x0:0x56 ... Leaked POSIX lock on dev=0x0:0x56 ... Leaked POSIX lock on dev=0x0:0x53 ... Leaked POSIX lock on dev=0x0:0x53 ... Leaked POSIX lock on dev=0x0:0x53 ... Leaked POSIX lock on dev=0x0:0x53 ... POSIX: fl_owner=ffff8900e7b79380 fl_flags=0x1 fl_type=0x1 fl_pid=20709 Leaked POSIX lock on dev=0x0:0x4b ino... Leaked locks on dev=0x0:0x4b ino=0xf911400000029: POSIX: fl_owner=ffff89f41c870e00 fl_flags=0x1 fl_type=0x1 fl_pid=19592 stack segment: 0000 [#1] SMP Modules linked in: binfmt_misc msr tcp_diag udp_diag inet_diag unix_diag af_packet_diag netlink_diag rpcsec_gss_krb5 arc4 ecb auth_rpcgss nfsv4 md4 nfs nls_utf8 lockd grace cifs sunrpc ccm dns_resolver fscache af_packet iscsi_ibft iscsi_boot_sysfs vmw_vsock_vmci_transport vsock xfs libcrc32c sb_edac edac_core crct10dif_pclmul crc32_pclmul ghash_clmulni_intel drbg ansi_cprng vmw_balloon aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helper cryptd joydev pcspkr vmxnet3 i2c_piix4 vmw_vmci shpchp fjes processor button ac btrfs xor raid6_pq sr_mod cdrom ata_generic sd_mod ata_piix vmwgfx crc32c_intel drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops ttm serio_raw ahci libahci drm libata vmw_pvscsi sg dm_multipath dm_mod scsi_dh_rdac scsi_dh_emc scsi_dh_alua scsi_mod autofs4 Supported: Yes CPU: 6 PID: 28250 Comm: lsof Not tainted 4.4.156-94.64-default #1 Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 04/05/2016 task: ffff88a345f28740 ti: ffff88c74005c000 task.ti: ffff88c74005c000 RIP: 0010:[<ffffffff8125dcab>] [<ffffffff8125dcab>] lock_get_status+0x9b/0x3b0 RSP: 0018:ffff88c74005fd90 EFLAGS: 00010202 RAX: ffff89bde83e20ae RBX: ffff89e870003d18 RCX: 0000000049534f50 RDX: ffffffff81a3541f RSI: ffffffff81a3544e RDI: ffff89bde83e20ae RBP: 0026252423222120 R08: 0000000020584953 R09: 000000000000ffff R10: 0000000000000000 R11: ffff88c74005fc70 R12: ffff89e5ca7b1340 R13: 00000000000050e5 R14: ffff89e870003d30 R15: ffff89e5ca7b1340 FS: 00007fafd64be800(0000) GS:ffff89f41fd00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000001c80018 CR3: 000000a522048000 CR4: 0000000000360670 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Stack: 0000000000000208 ffffffff81a3d6b6 ffff89e870003d30 ffff89e870003d18 ffff89e5ca7b1340 ffff89f41738d7c0 ffff89e870003d30 ffff89e5ca7b1340 ffffffff8125e08f 0000000000000000 ffff89bc22b67d00 ffff88c74005ff28 Call Trace: [<ffffffff8125e08f>] locks_show+0x2f/0x70 [<ffffffff81230ad1>] seq_read+0x251/0x3a0 [<ffffffff81275bbc>] proc_reg_read+0x3c/0x70 [<ffffffff8120e456>] __vfs_read+0x26/0x140 [<ffffffff8120e9da>] vfs_read+0x7a/0x120 [<ffffffff8120faf2>] SyS_read+0x42/0xa0 [<ffffffff8161cbc3>] entry_SYSCALL_64_fastpath+0x1e/0xb7 When Linux closes a FD (close(), close-on-exec, dup2(), ...) it calls filp_close() which also removes all posix locks. The lock struct is initialized like so in filp_close() and passed down to cifs ... lock.fl_type = F_UNLCK; lock.fl_flags = FL_POSIX | FL_CLOSE; lock.fl_start = 0; lock.fl_end = OFFSET_MAX; ... Note the FL_CLOSE flag, which hints the VFS code that this unlocking is done for closing the fd. filp_close() locks_remove_posix(filp, id); vfs_lock_file(filp, F_SETLK, &lock, NULL); return filp->f_op->lock(filp, cmd, fl) => cifs_lock() rc = cifs_setlk(file, flock, type, wait_flag, posix_lck, lock, unlock, xid); rc = server->ops->mand_unlock_range(cfile, flock, xid); if (flock->fl_flags & FL_POSIX && !rc) rc = locks_lock_file_wait(file, flock) Notice how we don't call locks_lock_file_wait() which does the generic VFS lock/unlock/wait work on the inode if rc != 0. If we are closing the handle, the SMB server is supposed to remove any locks associated with it. Similarly, cifs.ko frees and wakes up any lock and lock waiter when closing the file: cifs_close() cifsFileInfo_put(file->private_data) /* * Delete any outstanding lock records. We'll lose them when the file * is closed anyway. */ down_write(&cifsi->lock_sem); list_for_each_entry_safe(li, tmp, &cifs_file->llist->locks, llist) { list_del(&li->llist); cifs_del_lock_waiters(li); kfree(li); } list_del(&cifs_file->llist->llist); kfree(cifs_file->llist); up_write(&cifsi->lock_sem); So we can safely ignore unlocking failures in cifs_lock() if they happen with the FL_CLOSE flag hint set as both the server and the client take care of it during the actual closing. This is not a proper fix for the unlocking failure but it's safe and it seems to prevent the lock leakages and crashes the customer experiences. Signed-off-by: Aurelien Aptel <aaptel(a)suse.com> Signed-off-by: NeilBrown <neil(a)brown.name> Signed-off-by: Steve French <stfrench(a)microsoft.com> Acked-by: Pavel Shilovsky <pshilov(a)microsoft.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/cifs/file.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/fs/cifs/file.c b/fs/cifs/file.c index 1c5099fffaec..7d295bf283ca 100644 --- a/fs/cifs/file.c +++ b/fs/cifs/file.c @@ -1627,8 +1627,20 @@ cifs_setlk(struct file *file, struct file_lock *flock, __u32 type, rc = server->ops->mand_unlock_range(cfile, flock, xid); out: - if (flock->fl_flags & FL_POSIX && !rc) + if (flock->fl_flags & FL_POSIX) { + /* + * If this is a request to remove all locks because we + * are closing the file, it doesn't matter if the + * unlocking failed as both cifs.ko and the SMB server + * remove the lock on file close + */ + if (rc) { + cifs_dbg(VFS, "%s failed rc=%d\n", __func__, rc); + if (!(flock->fl_flags & FL_CLOSE)) + return rc; + } rc = locks_lock_file_wait(file, flock); + } return rc; } -- 2.19.1

5 years, 8 months

3
89
0 0

[PATCH AUTOSEL 4.19 01/57] drm/cirrus: Use drm_framebuffer_put to avoid kernel oops in clean-up

by Sasha Levin

From: Thomas Zimmermann <tzimmermann(a)suse.de> [ Upstream commit abf7b30d7f61d981bfcca65d1e8331b27021b475 ] In the Cirrus driver, the regular clean-up code also performs the clean-up of a failed initialization. If the fbdev's framebuffer was not initialized, the clean-up will fail within drm_framebuffer_unregister_private. Booting with cirrus.bpp=16 triggers this bug. The framebuffer is currently stored directly within struct cirrus_fbdev. To fix the bug, we turn it into a pointer that is only set for initialized framebuffers. The fbdev's clean-up code skips uninitialized framebuffers. The memory for struct drm_framebuffer is allocated dynamically. This requires additional error handling within cirrusfb_create. The framebuffer clean-up is now performed by drm_framebuffer_put, which also frees the data strcuture's memory. Link: https://bugzilla.suse.com/show_bug.cgi?id=1101822 Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de> Link: http://patchwork.freedesktop.org/patch/msgid/20180720112743.27159-1-tzimmer… Signed-off-by: Gerd Hoffmann <kraxel(a)redhat.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/gpu/drm/cirrus/cirrus_drv.h | 2 +- drivers/gpu/drm/cirrus/cirrus_fbdev.c | 48 +++++++++++++++------------ drivers/gpu/drm/cirrus/cirrus_mode.c | 2 +- 3 files changed, 29 insertions(+), 23 deletions(-) diff --git a/drivers/gpu/drm/cirrus/cirrus_drv.h b/drivers/gpu/drm/cirrus/cirrus_drv.h index ce9db7aab225..a29f87e98d9d 100644 --- a/drivers/gpu/drm/cirrus/cirrus_drv.h +++ b/drivers/gpu/drm/cirrus/cirrus_drv.h @@ -146,7 +146,7 @@ struct cirrus_device { struct cirrus_fbdev { struct drm_fb_helper helper; - struct drm_framebuffer gfb; + struct drm_framebuffer *gfb; void *sysram; int size; int x1, y1, x2, y2; /* dirty rect */ diff --git a/drivers/gpu/drm/cirrus/cirrus_fbdev.c b/drivers/gpu/drm/cirrus/cirrus_fbdev.c index b643ac92801c..82cc82e0bd80 100644 --- a/drivers/gpu/drm/cirrus/cirrus_fbdev.c +++ b/drivers/gpu/drm/cirrus/cirrus_fbdev.c @@ -22,14 +22,14 @@ static void cirrus_dirty_update(struct cirrus_fbdev *afbdev, struct drm_gem_object *obj; struct cirrus_bo *bo; int src_offset, dst_offset; - int bpp = afbdev->gfb.format->cpp[0]; + int bpp = afbdev->gfb->format->cpp[0]; int ret = -EBUSY; bool unmap = false; bool store_for_later = false; int x2, y2; unsigned long flags; - obj = afbdev->gfb.obj[0]; + obj = afbdev->gfb->obj[0]; bo = gem_to_cirrus_bo(obj); /* @@ -82,7 +82,7 @@ static void cirrus_dirty_update(struct cirrus_fbdev *afbdev, } for (i = y; i < y + height; i++) { /* assume equal stride for now */ - src_offset = dst_offset = i * afbdev->gfb.pitches[0] + (x * bpp); + src_offset = dst_offset = i * afbdev->gfb->pitches[0] + (x * bpp); memcpy_toio(bo->kmap.virtual + src_offset, afbdev->sysram + src_offset, width * bpp); } @@ -192,23 +192,26 @@ static int cirrusfb_create(struct drm_fb_helper *helper, return -ENOMEM; info = drm_fb_helper_alloc_fbi(helper); - if (IS_ERR(info)) - return PTR_ERR(info); + if (IS_ERR(info)) { + ret = PTR_ERR(info); + goto err_vfree; + } info->par = gfbdev; - ret = cirrus_framebuffer_init(cdev->dev, &gfbdev->gfb, &mode_cmd, gobj); + fb = kzalloc(sizeof(*fb), GFP_KERNEL); + if (!fb) { + ret = -ENOMEM; + goto err_drm_gem_object_put_unlocked; + } + + ret = cirrus_framebuffer_init(cdev->dev, fb, &mode_cmd, gobj); if (ret) - return ret; + goto err_kfree; gfbdev->sysram = sysram; gfbdev->size = size; - - fb = &gfbdev->gfb; - if (!fb) { - DRM_INFO("fb is NULL\n"); - return -EINVAL; - } + gfbdev->gfb = fb; /* setup helper */ gfbdev->helper.fb = fb; @@ -241,24 +244,27 @@ static int cirrusfb_create(struct drm_fb_helper *helper, DRM_INFO(" pitch is %d\n", fb->pitches[0]); return 0; + +err_kfree: + kfree(fb); +err_drm_gem_object_put_unlocked: + drm_gem_object_put_unlocked(gobj); +err_vfree: + vfree(sysram); + return ret; } static int cirrus_fbdev_destroy(struct drm_device *dev, struct cirrus_fbdev *gfbdev) { - struct drm_framebuffer *gfb = &gfbdev->gfb; + struct drm_framebuffer *gfb = gfbdev->gfb; drm_fb_helper_unregister_fbi(&gfbdev->helper); - if (gfb->obj[0]) { - drm_gem_object_put_unlocked(gfb->obj[0]); - gfb->obj[0] = NULL; - } - vfree(gfbdev->sysram); drm_fb_helper_fini(&gfbdev->helper); - drm_framebuffer_unregister_private(gfb); - drm_framebuffer_cleanup(gfb); + if (gfb) + drm_framebuffer_put(gfb); return 0; } diff --git a/drivers/gpu/drm/cirrus/cirrus_mode.c b/drivers/gpu/drm/cirrus/cirrus_mode.c index 336bfda40125..90a4e641d3fb 100644 --- a/drivers/gpu/drm/cirrus/cirrus_mode.c +++ b/drivers/gpu/drm/cirrus/cirrus_mode.c @@ -127,7 +127,7 @@ static int cirrus_crtc_do_set_base(struct drm_crtc *crtc, return ret; } - if (&cdev->mode_info.gfbdev->gfb == crtc->primary->fb) { + if (cdev->mode_info.gfbdev->gfb == crtc->primary->fb) { /* if pushing console in kmap it */ ret = ttm_bo_kmap(&bo->bo, 0, bo->bo.num_pages, &bo->kmap); if (ret) -- 2.19.1

5 years, 8 months

3
48
0 0

[PATCH AUTOSEL 4.14 01/37] gpio: pxa: handle corner case of unprobed device

by Sasha Levin

From: Robert Jarzmik <robert.jarzmik(a)free.fr> [ Upstream commit 9ce3ebe973bf4073426f35f282c6b955ed802765 ] In the corner case where the gpio driver probe fails, for whatever reason, the suspend and resume handlers will still be called as they have to be registered as syscore operations. This applies as well when no probe was called while the driver has been built in the kernel. Nicolas tracked this in : https://bugzilla.kernel.org/show_bug.cgi?id=200905 Therefore, add a failsafe in these function, and test if a proper probe succeeded and the driver is functional. Signed-off-by: Robert Jarzmik <robert.jarzmik(a)free.fr> Reported-by: Nicolas Chauvet <kwizart(a)gmail.com> Signed-off-by: Linus Walleij <linus.walleij(a)linaro.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/gpio/gpio-pxa.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/gpio/gpio-pxa.c b/drivers/gpio/gpio-pxa.c index 2943dfc4c470..822ad220f0af 100644 --- a/drivers/gpio/gpio-pxa.c +++ b/drivers/gpio/gpio-pxa.c @@ -776,6 +776,9 @@ static int pxa_gpio_suspend(void) struct pxa_gpio_bank *c; int gpio; + if (!pchip) + return 0; + for_each_gpio_bank(gpio, c, pchip) { c->saved_gplr = readl_relaxed(c->regbase + GPLR_OFFSET); c->saved_gpdr = readl_relaxed(c->regbase + GPDR_OFFSET); @@ -794,6 +797,9 @@ static void pxa_gpio_resume(void) struct pxa_gpio_bank *c; int gpio; + if (!pchip) + return; + for_each_gpio_bank(gpio, c, pchip) { /* restore level with set/clear */ writel_relaxed(c->saved_gplr, c->regbase + GPSR_OFFSET); -- 2.19.1

5 years, 8 months

2
28
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror March 2019