March 2019 - Linux-stable-mirror

[PATCH 4.14 00/52] 4.14.105-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.14.105 release. There are 52 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed Mar 6 08:15:55 UTC 2019. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.105-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.14.105-rc1 Andy Lutomirski <luto(a)kernel.org> x86/uaccess: Don't leak the AC flag into __put_user() value evaluation Paul Burton <paul.burton(a)mips.com> MIPS: eBPF: Fix icache flush end address Michael Clark <michaeljclark(a)mac.com> MIPS: fix truncation in __cmpxchg_small for short values Jann Horn <jannh(a)google.com> mm: enforce min addr even if capable() in expand_downwards() BOUGH CHEN <haibo.chen(a)nxp.com> mmc: sdhci-esdhc-imx: correct the fix of ERR004536 Takeshi Saito <takeshi.saito.xv(a)renesas.com> mmc: tmio: fix access width of Block Count Register Sergei Shtylyov <sergei.shtylyov(a)cogentembedded.com> mmc: tmio_mmc_core: don't claim spurious interrupts Jonathan Neuschäfer <j.neuschaefer(a)gmx.net> mmc: spi: Fix card detection during probe Seth Forshee <seth.forshee(a)canonical.com> powerpc: Always initialize input array when calling epapr_hypercall() Vitaly Kuznetsov <vkuznets(a)redhat.com> KVM: nSVM: clear events pending from svm_complete_interrupts() when exiting to L1 Suravee Suthikulpanit <suravee.suthikulpanit(a)amd.com> svm: Fix AVIC incomplete IPI emulation Chaitanya Tata <chaitanya.tata(a)bluwirelesstechnology.com> cfg80211: extend range deviation for DMG Mathieu Malaterre <malat(a)debian.org> mac80211: Add attribute aligned(2) to struct 'action' Balaji Pothunoori <bpothuno(a)codeaurora.org> mac80211: don't initiate TDLS connection if station is not associated to AP Thomas Falcon <tlfalcon(a)linux.ibm.com> ibmveth: Do not process frames after calling napi_reschedule Maciej Żenczykowski <maze(a)google.com> net: dev_is_mac_header_xmit() true for ARPHRD_RAWIP Zhang Run <zhang.run(a)zte.com.cn> net: usb: asix: ax88772_bind return error when hw_reset fail Haiyang Zhang <haiyangz(a)microsoft.com> hv_netvsc: Fix ethtool change hash key error Atsushi Nemoto <atsushi.nemoto(a)sord.co.jp> net: altera_tse: fix connect_local_phy error path Varun Prakash <varun(a)chelsio.com> scsi: csiostor: fix NULL pointer dereference in csio_vport_set_state() Tejun Heo <tj(a)kernel.org> writeback: synchronize sync(2) against cgroup writeback membership switches Ernesto A. Fernández <ernesto.mnd.fernandez(a)gmail.com> direct-io: allow direct writes to empty inodes Liam Mark <lmark(a)codeaurora.org> staging: android: ion: Support cpu access during dma_buf_detach Tomonori Sakita <tomonori.sakita(a)sord.co.jp> serial: fsl_lpuart: fix maximum acceptable baud rate with over-sampling Kenneth Feng <kenneth.feng(a)amd.com> drm/amd/powerplay: OD setting fix on Vega10 Xie Yongji <xieyongji(a)baidu.com> locking/rwsem: Fix (possible) missed wakeup Peter Zijlstra <peterz(a)infradead.org> futex: Fix (possible) missed wakeup Prateek Sood <prsood(a)codeaurora.org> sched/wait: Fix rcuwait_wake_up() ordering Bob Copeland <me(a)bobcopeland.com> mac80211: fix miscounting of ttl-dropped frames Nathan Chancellor <natechancellor(a)gmail.com> staging: rtl8723bs: Fix build error with Clang when inlining is disabled Aaron Hill <aa1ronham(a)gmail.com> drivers: thermal: int340x_thermal: Fix sysfs race condition Eugeniy Paltsev <Eugeniy.Paltsev(a)synopsys.com> ARC: fix __ffs return value to avoid build warnings Geert Uytterhoeven <geert+renesas(a)glider.be> selftests: gpio-mockup-chardev: Check asprintf() for error Fathi Boudra <fathi.boudra(a)linaro.org> selftests: seccomp: use LDLIBS instead of LDFLAGS Silvio Cesare <silvio.cesare(a)gmail.com> ASoC: imx-audmux: change snprintf to scnprintf for possible overflow Silvio Cesare <silvio.cesare(a)gmail.com> ASoC: dapm: change snprintf to scnprintf for possible overflow Srinivas Ramana <sramana(a)codeaurora.org> genirq: Make sure the initial affinity is not empty Dan Carpenter <dan.carpenter(a)oracle.com> usb: gadget: Potential NULL dereference on allocation error Zeng Tao <prime.zeng(a)hisilicon.com> usb: dwc3: gadget: Fix the uninitialized link_state when udc starts Bo He <bo.he(a)intel.com> usb: dwc3: gadget: synchronize_irq dwc irq in suspend Dan Carpenter <dan.carpenter(a)oracle.com> thermal: int340x_thermal: Fix a NULL vs IS_ERR() check Marek Vasut <marek.vasut(a)gmail.com> clk: vc5: Abort clock configuration without upstream clock Yizhuo <yzhai003(a)ucr.edu> ASoC: Variable "val" in function rt274_i2c_probe() could be uninitialized Dan Carpenter <dan.carpenter(a)oracle.com> ALSA: compress: prevent potential divide by zero bugs Rander Wang <rander.wang(a)linux.intel.com> ASoC: Intel: Haswell/Broadwell: fix setting for .dynamic field Kristian H. Kristensen <hoegsberg(a)gmail.com> drm/msm: Unblock writer if reader closes file John Garry <john.garry(a)huawei.com> scsi: libsas: Fix rphy phy_identifier for PHYs with end devices attached Jose Abreu <Jose.Abreu(a)synopsys.com> net: stmmac: Disable ACS Feature for GMAC >= 4 Florian Fainelli <f.fainelli(a)gmail.com> net: stmmac: Fix reception of Broadcom switches tags Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "loop: Fold __loop_release into loop_release" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "loop: Get rid of loop_index_mutex" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl()" ------------- Diffstat: Makefile | 4 +- arch/arc/include/asm/bitops.h | 6 +-- arch/mips/kernel/cmpxchg.c | 3 +- arch/mips/net/ebpf_jit.c | 2 +- arch/powerpc/include/asm/epapr_hcalls.h | 12 +++--- arch/x86/include/asm/uaccess.h | 7 ++-- arch/x86/kvm/svm.c | 27 ++++++------- drivers/block/loop.c | 47 ++++++++++++---------- drivers/clk/clk-versaclock5.c | 4 +- .../amd/powerplay/hwmgr/vega10_processpptables.c | 22 +++++++++- drivers/gpu/drm/msm/msm_rd.c | 7 +++- drivers/mmc/host/mmc_spi.c | 1 + drivers/mmc/host/renesas_sdhi_sys_dmac.c | 1 + drivers/mmc/host/sdhci-esdhc-imx.c | 9 +++-- drivers/mmc/host/tmio_mmc.h | 5 +++ drivers/mmc/host/tmio_mmc_core.c | 17 +++++--- drivers/net/ethernet/altera/altera_tse_main.c | 4 +- drivers/net/ethernet/ibm/ibmveth.c | 2 - drivers/net/ethernet/stmicro/stmmac/common.h | 2 +- drivers/net/ethernet/stmicro/stmmac/dwmac-sun8i.c | 3 +- .../net/ethernet/stmicro/stmmac/dwmac1000_core.c | 12 +++++- .../net/ethernet/stmicro/stmmac/dwmac100_core.c | 15 ++++++- drivers/net/ethernet/stmicro/stmmac/dwmac4.h | 2 +- drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 5 ++- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 9 ++++- drivers/net/hyperv/rndis_filter.c | 25 +++++++++--- drivers/net/usb/asix_devices.c | 9 ++++- drivers/scsi/csiostor/csio_attr.c | 2 +- drivers/scsi/libsas/sas_expander.c | 2 + drivers/staging/android/ion/ion.c | 2 +- drivers/staging/rtl8723bs/include/ieee80211.h | 6 +-- .../int340x_thermal/processor_thermal_device.c | 30 +++++++------- drivers/tty/serial/fsl_lpuart.c | 2 +- drivers/usb/dwc3/gadget.c | 3 ++ drivers/usb/gadget/function/f_sourcesink.c | 2 +- fs/direct-io.c | 5 ++- fs/fs-writeback.c | 40 +++++++++++++++++- include/linux/backing-dev-defs.h | 1 + include/linux/if_arp.h | 1 + kernel/exit.c | 2 +- kernel/futex.c | 13 +++--- kernel/irq/manage.c | 3 ++ kernel/locking/rwsem-xadd.c | 11 ++++- mm/backing-dev.c | 1 + mm/mmap.c | 7 ++-- net/mac80211/cfg.c | 4 ++ net/mac80211/rx.c | 6 ++- net/wireless/reg.c | 4 +- sound/core/compress_offload.c | 3 +- sound/soc/codecs/rt274.c | 5 ++- sound/soc/fsl/imx-audmux.c | 24 +++++------ sound/soc/intel/boards/broadwell.c | 2 +- sound/soc/intel/boards/haswell.c | 2 +- sound/soc/soc-dapm.c | 10 ++--- tools/testing/selftests/gpio/gpio-mockup-chardev.c | 9 +++-- tools/testing/selftests/seccomp/Makefile | 2 +- 56 files changed, 314 insertions(+), 152 deletions(-)

5 years, 9 months

5
56
0 0

[PATCH 4.9 00/32] 4.9.162-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.9.162 release. There are 32 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed Mar 6 08:15:49 UTC 2019. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.162-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.9.162-rc1 Andy Lutomirski <luto(a)kernel.org> x86/uaccess: Don't leak the AC flag into __put_user() value evaluation Jann Horn <jannh(a)google.com> mm: enforce min addr even if capable() in expand_downwards() Jonathan Neuschäfer <j.neuschaefer(a)gmx.net> mmc: spi: Fix card detection during probe Seth Forshee <seth.forshee(a)canonical.com> powerpc: Always initialize input array when calling epapr_hypercall() Vitaly Kuznetsov <vkuznets(a)redhat.com> KVM: nSVM: clear events pending from svm_complete_interrupts() when exiting to L1 Suravee Suthikulpanit <suravee.suthikulpanit(a)amd.com> svm: Fix AVIC incomplete IPI emulation Chaitanya Tata <chaitanya.tata(a)bluwirelesstechnology.com> cfg80211: extend range deviation for DMG Mathieu Malaterre <malat(a)debian.org> mac80211: Add attribute aligned(2) to struct 'action' Balaji Pothunoori <bpothuno(a)codeaurora.org> mac80211: don't initiate TDLS connection if station is not associated to AP Thomas Falcon <tlfalcon(a)linux.ibm.com> ibmveth: Do not process frames after calling napi_reschedule Zhang Run <zhang.run(a)zte.com.cn> net: usb: asix: ax88772_bind return error when hw_reset fail Atsushi Nemoto <atsushi.nemoto(a)sord.co.jp> net: altera_tse: fix connect_local_phy error path Varun Prakash <varun(a)chelsio.com> scsi: csiostor: fix NULL pointer dereference in csio_vport_set_state() Ernesto A. Fernández <ernesto.mnd.fernandez(a)gmail.com> direct-io: allow direct writes to empty inodes Tomonori Sakita <tomonori.sakita(a)sord.co.jp> serial: fsl_lpuart: fix maximum acceptable baud rate with over-sampling Xie Yongji <xieyongji(a)baidu.com> locking/rwsem: Fix (possible) missed wakeup Bob Copeland <me(a)bobcopeland.com> mac80211: fix miscounting of ttl-dropped frames Aaron Hill <aa1ronham(a)gmail.com> drivers: thermal: int340x_thermal: Fix sysfs race condition Eugeniy Paltsev <Eugeniy.Paltsev(a)synopsys.com> ARC: fix __ffs return value to avoid build warnings Silvio Cesare <silvio.cesare(a)gmail.com> ASoC: imx-audmux: change snprintf to scnprintf for possible overflow Silvio Cesare <silvio.cesare(a)gmail.com> ASoC: dapm: change snprintf to scnprintf for possible overflow Dan Carpenter <dan.carpenter(a)oracle.com> usb: gadget: Potential NULL dereference on allocation error Zeng Tao <prime.zeng(a)hisilicon.com> usb: dwc3: gadget: Fix the uninitialized link_state when udc starts Bo He <bo.he(a)intel.com> usb: dwc3: gadget: synchronize_irq dwc irq in suspend Dan Carpenter <dan.carpenter(a)oracle.com> thermal: int340x_thermal: Fix a NULL vs IS_ERR() check Dan Carpenter <dan.carpenter(a)oracle.com> ALSA: compress: prevent potential divide by zero bugs Rander Wang <rander.wang(a)linux.intel.com> ASoC: Intel: Haswell/Broadwell: fix setting for .dynamic field Kristian H. Kristensen <hoegsberg(a)gmail.com> drm/msm: Unblock writer if reader closes file John Garry <john.garry(a)huawei.com> scsi: libsas: Fix rphy phy_identifier for PHYs with end devices attached Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "loop: Fold __loop_release into loop_release" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "loop: Get rid of loop_index_mutex" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl()" ------------- Diffstat: Makefile | 4 +- arch/arc/include/asm/bitops.h | 6 +-- arch/powerpc/include/asm/epapr_hcalls.h | 12 +++--- arch/x86/include/asm/uaccess.h | 7 ++-- arch/x86/kvm/svm.c | 27 ++++++------- drivers/block/loop.c | 47 ++++++++++++---------- drivers/gpu/drm/msm/msm_rd.c | 7 +++- drivers/mmc/host/mmc_spi.c | 1 + drivers/net/ethernet/altera/altera_tse_main.c | 4 +- drivers/net/ethernet/ibm/ibmveth.c | 2 - drivers/net/usb/asix_devices.c | 9 ++++- drivers/scsi/csiostor/csio_attr.c | 2 +- drivers/scsi/libsas/sas_expander.c | 2 + .../int340x_thermal/processor_thermal_device.c | 30 +++++++------- drivers/tty/serial/fsl_lpuart.c | 2 +- drivers/usb/dwc3/gadget.c | 3 ++ drivers/usb/gadget/function/f_sourcesink.c | 2 +- fs/direct-io.c | 5 ++- kernel/locking/rwsem-xadd.c | 11 ++++- mm/mmap.c | 7 ++-- net/mac80211/cfg.c | 4 ++ net/mac80211/rx.c | 6 ++- net/wireless/reg.c | 4 +- sound/core/compress_offload.c | 3 +- sound/soc/fsl/imx-audmux.c | 24 +++++------ sound/soc/intel/boards/broadwell.c | 2 +- sound/soc/intel/boards/haswell.c | 2 +- sound/soc/soc-dapm.c | 10 ++--- 28 files changed, 139 insertions(+), 106 deletions(-)

5 years, 9 months

6
37
0 0

[for-next][PATCH 6/6] tracing: Use strncpy instead of memcpy for string keys in hist triggers

by Steven Rostedt

From: Tom Zanussi <tom.zanussi(a)linux.intel.com> Because there may be random garbage beyond a string's null terminator, it's not correct to copy the the complete character array for use as a hist trigger key. This results in multiple histogram entries for the 'same' string key. So, in the case of a string key, use strncpy instead of memcpy to avoid copying in the extra bytes. Before, using the gdbus entries in the following hist trigger as an example: # echo 'hist:key=comm' > /sys/kernel/debug/tracing/events/sched/sched_waking/trigger # cat /sys/kernel/debug/tracing/events/sched/sched_waking/hist ... { comm: ImgDecoder #4 } hitcount: 203 { comm: gmain } hitcount: 213 { comm: gmain } hitcount: 216 { comm: StreamTrans #73 } hitcount: 221 { comm: mozStorage #3 } hitcount: 230 { comm: gdbus } hitcount: 233 { comm: StyleThread#5 } hitcount: 253 { comm: gdbus } hitcount: 256 { comm: gdbus } hitcount: 260 { comm: StyleThread#4 } hitcount: 271 ... # cat /sys/kernel/debug/tracing/events/sched/sched_waking/hist | egrep gdbus | wc -l 51 After: # cat /sys/kernel/debug/tracing/events/sched/sched_waking/hist | egrep gdbus | wc -l 1 Link: http://lkml.kernel.org/r/50c35ae1267d64eee975b8125e151e600071d4dc.154930975… Cc: Namhyung Kim <namhyung(a)kernel.org> Cc: stable(a)vger.kernel.org Fixes: 79e577cbce4c4 ("tracing: Support string type key properly") Signed-off-by: Tom Zanussi <tom.zanussi(a)linux.intel.com> Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> --- kernel/trace/trace_events_hist.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/kernel/trace/trace_events_hist.c b/kernel/trace/trace_events_hist.c index 5b03b9a869bb..c7774fa119a7 100644 --- a/kernel/trace/trace_events_hist.c +++ b/kernel/trace/trace_events_hist.c @@ -5157,9 +5157,10 @@ static inline void add_to_key(char *compound_key, void *key, /* ensure NULL-termination */ if (size > key_field->size - 1) size = key_field->size - 1; - } - memcpy(compound_key + key_field->offset, key, size); + strncpy(compound_key + key_field->offset, (char *)key, size); + } else + memcpy(compound_key + key_field->offset, key, size); } static void -- 2.20.1

5 years, 9 months

1
0
0 0

[for-next][PATCH 4/6] x86/ftrace: Fix warning and considate ftrace_jmp_replace() and ftrace_call_replace()

by Steven Rostedt

From: "Steven Rostedt (VMware)" <rostedt(a)goodmis.org> Arnd reported the following compiler warning: arch/x86/kernel/ftrace.c:669:23: error: 'ftrace_jmp_replace' defined but not used [-Werror=unused-function] The ftrace_jmp_replace() function now only has a single user and should be simply moved by that user. But looking at the code, it shows that ftrace_jmp_replace() is similar to ftrace_call_replace() except that instead of using the opcode of 0xe8 it uses 0xe9. It makes more sense to consolidate that function into one implementation that both ftrace_jmp_replace() and ftrace_call_replace() use by passing in the op code separate. The structure in ftrace_code_union is also modified to replace the "e8" field with the more appropriate name "op". Cc: stable(a)vger.kernel.org Reported-by: Arnd Bergmann <arnd(a)arndb.de> Acked-by: Arnd Bergmann <arnd(a)arndb.de> Link: http://lkml.kernel.org/r/20190304200748.1418790-1-arnd@arndb.de Fixes: d2a68c4effd8 ("x86/ftrace: Do not call function graph from dynamic trampolines") Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> --- arch/x86/kernel/ftrace.c | 42 ++++++++++++++++------------------------ 1 file changed, 17 insertions(+), 25 deletions(-) diff --git a/arch/x86/kernel/ftrace.c b/arch/x86/kernel/ftrace.c index 8257a59704ae..763d4264d16a 100644 --- a/arch/x86/kernel/ftrace.c +++ b/arch/x86/kernel/ftrace.c @@ -49,7 +49,7 @@ int ftrace_arch_code_modify_post_process(void) union ftrace_code_union { char code[MCOUNT_INSN_SIZE]; struct { - unsigned char e8; + unsigned char op; int offset; } __attribute__((packed)); }; @@ -59,20 +59,23 @@ static int ftrace_calc_offset(long ip, long addr) return (int)(addr - ip); } -static unsigned char *ftrace_call_replace(unsigned long ip, unsigned long addr) +static unsigned char * +ftrace_text_replace(unsigned char op, unsigned long ip, unsigned long addr) { static union ftrace_code_union calc; - calc.e8 = 0xe8; + calc.op = op; calc.offset = ftrace_calc_offset(ip + MCOUNT_INSN_SIZE, addr); - /* - * No locking needed, this must be called via kstop_machine - * which in essence is like running on a uniprocessor machine. - */ return calc.code; } +static unsigned char * +ftrace_call_replace(unsigned long ip, unsigned long addr) +{ + return ftrace_text_replace(0xe8, ip, addr); +} + static inline int within(unsigned long addr, unsigned long start, unsigned long end) { @@ -664,22 +667,6 @@ int __init ftrace_dyn_arch_init(void) return 0; } -#if defined(CONFIG_X86_64) || defined(CONFIG_FUNCTION_GRAPH_TRACER) -static unsigned char *ftrace_jmp_replace(unsigned long ip, unsigned long addr) -{ - static union ftrace_code_union calc; - - /* Jmp not a call (ignore the .e8) */ - calc.e8 = 0xe9; - calc.offset = ftrace_calc_offset(ip + MCOUNT_INSN_SIZE, addr); - - /* - * ftrace external locks synchronize the access to the static variable. - */ - return calc.code; -} -#endif - /* Currently only x86_64 supports dynamic trampolines */ #ifdef CONFIG_X86_64 @@ -891,8 +878,8 @@ static void *addr_from_call(void *ptr) return NULL; /* Make sure this is a call */ - if (WARN_ON_ONCE(calc.e8 != 0xe8)) { - pr_warn("Expected e8, got %x\n", calc.e8); + if (WARN_ON_ONCE(calc.op != 0xe8)) { + pr_warn("Expected e8, got %x\n", calc.op); return NULL; } @@ -963,6 +950,11 @@ void arch_ftrace_trampoline_free(struct ftrace_ops *ops) #ifdef CONFIG_DYNAMIC_FTRACE extern void ftrace_graph_call(void); +static unsigned char *ftrace_jmp_replace(unsigned long ip, unsigned long addr) +{ + return ftrace_text_replace(0xe9, ip, addr); +} + static int ftrace_mod_jmp(unsigned long ip, void *func) { unsigned char *new; -- 2.20.1

5 years, 9 months

1
0
0 0

[for-next][PATCH 3/6] tracing/perf: Use strndup_user() instead of buggy open-coded version

by Steven Rostedt

From: Jann Horn <jannh(a)google.com> The first version of this method was missing the check for `ret == PATH_MAX`; then such a check was added, but it didn't call kfree() on error, so there was still a small memory leak in the error case. Fix it by using strndup_user() instead of open-coding it. Link: http://lkml.kernel.org/r/20190220165443.152385-1-jannh@google.com Cc: Ingo Molnar <mingo(a)kernel.org> Cc: stable(a)vger.kernel.org Fixes: 0eadcc7a7bc0 ("perf/core: Fix perf_uprobe_init()") Reviewed-by: Masami Hiramatsu <mhiramat(a)kernel.org> Acked-by: Song Liu <songliubraving(a)fb.com> Signed-off-by: Jann Horn <jannh(a)google.com> Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> --- kernel/trace/trace_event_perf.c | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/kernel/trace/trace_event_perf.c b/kernel/trace/trace_event_perf.c index 76217bbef815..4629a6104474 100644 --- a/kernel/trace/trace_event_perf.c +++ b/kernel/trace/trace_event_perf.c @@ -299,15 +299,13 @@ int perf_uprobe_init(struct perf_event *p_event, if (!p_event->attr.uprobe_path) return -EINVAL; - path = kzalloc(PATH_MAX, GFP_KERNEL); - if (!path) - return -ENOMEM; - ret = strncpy_from_user( - path, u64_to_user_ptr(p_event->attr.uprobe_path), PATH_MAX); - if (ret == PATH_MAX) - return -E2BIG; - if (ret < 0) - goto out; + + path = strndup_user(u64_to_user_ptr(p_event->attr.uprobe_path), + PATH_MAX); + if (IS_ERR(path)) { + ret = PTR_ERR(path); + return (ret == -EINVAL) ? -E2BIG : ret; + } if (path[0] == '\0') { ret = -EINVAL; goto out; -- 2.20.1

5 years, 9 months

1
0
0 0

Re: [PATCH 1/2] NFSv4.1: Reinitialise sequence results before retransmitting a request

by Sasha Levin

Hi, [This is an automated email] This commit has been processed because it contains a -stable tag. The stable tag indicates that it's relevant for the following trees: all The bot has tested the following trees: v4.20.13, v4.19.26, v4.14.104, v4.9.161, v4.4.176, v3.18.136. v4.20.13: Build OK! v4.19.26: Build OK! v4.14.104: Build OK! v4.9.161: Failed to apply! Possible dependencies: 172d9de15a0d ("NFS: Change nfs4_get_session() to take an nfs_client structure") 3be0f80b5fe9 ("NFSv4.1: Fix up replays of interrupted requests") 42e1cca7e91e ("NFS: Change nfs4_setup_sequence() to take an nfs_client structure") 6de7e12f53a1 ("NFS: Use nfs4_setup_sequence() everywhere") 7981c8a65914 ("NFS: Create a single nfs4_setup_sequence() function") efc6f4aa742d ("NFS: Move nfs4_get_session() into nfs4_session.h") v4.4.176: Failed to apply! Possible dependencies: 172d9de15a0d ("NFS: Change nfs4_get_session() to take an nfs_client structure") 3be0f80b5fe9 ("NFSv4.1: Fix up replays of interrupted requests") 42e1cca7e91e ("NFS: Change nfs4_setup_sequence() to take an nfs_client structure") 5f83d86cf531 ("NFSv4.x: Fix wraparound issues when validing the callback sequence id") 68d264cf02b0 ("NFS42: handle layoutstats stateid error") 6de7e12f53a1 ("NFS: Use nfs4_setup_sequence() everywhere") 80f9642724af ("NFSv4.x: Enforce the ca_maxresponsesize_cached on the back channel") 810d82e68301 ("NFSv4.x: Allow multiple callbacks in flight") 9a0fe86745b8 ("pNFS: Handle NFS4ERR_OLD_STATEID correctly in LAYOUTSTAT calls") efc6f4aa742d ("NFS: Move nfs4_get_session() into nfs4_session.h") f74a834a0e1b ("NFSv4.x: CB_SEQUENCE should return NFS4ERR_DELAY if still executing") v3.18.136: Failed to apply! Possible dependencies: 193e3aa2ccfb ("nfs41: introduce NFS_LAYOUT_RETURN_BEFORE_CLOSE") 3be0f80b5fe9 ("NFSv4.1: Fix up replays of interrupted requests") 4579d6b897ee ("nfs41: pass iomode through layoutreturn args") 6de7e12f53a1 ("NFS: Use nfs4_setup_sequence() everywhere") 9bf87482ddc6 ("nfs41: serialize first layoutget of a file") aa8a45ee974d ("nfs41: wait for LAYOUTRETURN before retrying LAYOUTGET") abcb7bfc9fde ("pNFS/flexfiles: add layoutstats tracking") c829013dca33 ("nfs41: add NFS_LAYOUT_RETRY_LAYOUTGET to layout header flags") ce6ab4f238cb ("nfs41: don't use a layout if it is marked for returning") d67ae825a59d ("pnfs/flexfiles: Add the FlexFile Layout Driver") e736a5b98c7a ("nfs41: clear NFS_LAYOUT_RETURN if layoutreturn is sent or failed to send") f40eb5d044e2 ("nfs41: make a helper function to send layoutreturn") How should we proceed with this patch? -- Thanks, Sasha

5 years, 9 months

1
0
0 0

[PATCH] drm/i915: Relax mmap VMA check

by Tvrtko Ursulin

From: Tvrtko Ursulin <tvrtko.ursulin(a)intel.com> Legacy behaviour was to allow non-page-aligned mmap requests, as does the linux mmap(2) implementation by virtue of automatically rounding up for the caller. To avoid breaking legacy userspace relax the newly introduced fix. Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin(a)intel.com> Fixes: 5c4604e757ba ("drm/i915: Prevent a race during I915_GEM_MMAP ioctl with WC set") Reported-by: Guenter Roeck <linux(a)roeck-us.net> Cc: Adam Zabrocki <adamza(a)microsoft.com> Cc: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> # v4.0+ Cc: Akash Goel <akash.goel(a)intel.com> Cc: Chris Wilson <chris(a)chris-wilson.co.uk> Cc: Jani Nikula <jani.nikula(a)linux.intel.com> Cc: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Cc: intel-gfx(a)lists.freedesktop.org --- drivers/gpu/drm/i915/i915_gem.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/i915/i915_gem.c b/drivers/gpu/drm/i915/i915_gem.c index a1ad5e137a97..0196ad97adcb 100644 --- a/drivers/gpu/drm/i915/i915_gem.c +++ b/drivers/gpu/drm/i915/i915_gem.c @@ -1593,7 +1593,8 @@ __vma_matches(struct vm_area_struct *vma, struct file *filp, if (vma->vm_file != filp) return false; - return vma->vm_start == addr && (vma->vm_end - vma->vm_start) == size; + return vma->vm_start == addr && + (vma->vm_end - vma->vm_start) == PAGE_ALIGN(size); } /** -- 2.19.1

5 years, 9 months

2
1
0 0

[PATCH v2] script/gdb: replace flags (MS_xyz -> SB_xyz)

by Jackie Liu

Since commit 1751e8a6cb93 ("Rename superblock flags (MS_xyz -> SB_xyz)"), script/gdb need replace MS_xyz to SB_xyz. Fix follow problem: root@localhost:/data# gdb -q vmlinux Reading symbols from vmlinux...done. Traceback (most recent call last): File "/data/vmlinux-gdb.py", line 32, in <module> import linux.proc File "/data/scripts/gdb/linux/proc.py", line 15, in <module> from linux import constants File "/data/scripts/gdb/linux/constants.py", line 2, in <module> LX_SB_RDONLY = MS_RDONLY NameError: name 'MS_RDONLY' is not defined (gdb) Cc: <stable(a)vger.kernel.org> Tested-by: Nick Desaulniers <ndesaulniers(a)google.com> Signed-off-by: Jackie Liu <liuyun01(a)kylinos.cn> --- scripts/gdb/linux/constants.py.in | 12 ++++++------ scripts/gdb/linux/proc.py | 12 ++++++------ 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/scripts/gdb/linux/constants.py.in b/scripts/gdb/linux/constants.py.in index 7aad82406422..d3319a80788a 100644 --- a/scripts/gdb/linux/constants.py.in +++ b/scripts/gdb/linux/constants.py.in @@ -37,12 +37,12 @@ import gdb /* linux/fs.h */ -LX_VALUE(MS_RDONLY) -LX_VALUE(MS_SYNCHRONOUS) -LX_VALUE(MS_MANDLOCK) -LX_VALUE(MS_DIRSYNC) -LX_VALUE(MS_NOATIME) -LX_VALUE(MS_NODIRATIME) +LX_VALUE(SB_RDONLY) +LX_VALUE(SB_SYNCHRONOUS) +LX_VALUE(SB_MANDLOCK) +LX_VALUE(SB_DIRSYNC) +LX_VALUE(SB_NOATIME) +LX_VALUE(SB_NODIRATIME) /* linux/mount.h */ LX_VALUE(MNT_NOSUID) diff --git a/scripts/gdb/linux/proc.py b/scripts/gdb/linux/proc.py index 0aebd7565b03..2f01a958eb22 100644 --- a/scripts/gdb/linux/proc.py +++ b/scripts/gdb/linux/proc.py @@ -114,11 +114,11 @@ def info_opts(lst, opt): return opts -FS_INFO = {constants.LX_MS_SYNCHRONOUS: ",sync", - constants.LX_MS_MANDLOCK: ",mand", - constants.LX_MS_DIRSYNC: ",dirsync", - constants.LX_MS_NOATIME: ",noatime", - constants.LX_MS_NODIRATIME: ",nodiratime"} +FS_INFO = {constants.LX_SB_SYNCHRONOUS: ",sync", + constants.LX_SB_MANDLOCK: ",mand", + constants.LX_SB_DIRSYNC: ",dirsync", + constants.LX_SB_NOATIME: ",noatime", + constants.LX_SB_NODIRATIME: ",nodiratime"} MNT_INFO = {constants.LX_MNT_NOSUID: ",nosuid", constants.LX_MNT_NODEV: ",nodev", @@ -184,7 +184,7 @@ values of that process namespace""" fstype = superblock['s_type']['name'].string() s_flags = int(superblock['s_flags']) m_flags = int(vfs['mnt']['mnt_flags']) - rd = "ro" if (s_flags & constants.LX_MS_RDONLY) else "rw" + rd = "ro" if (s_flags & constants.LX_SB_RDONLY) else "rw" gdb.write( "{} {} {} {}{}{} 0 0\n" -- 2.20.1

5 years, 9 months

2
1
0 0

v5.0 build: 0 failures 9 warnings (v5.0)

by Build bot for Mark Brown

Tree/Branch: v5.0 Git describe: v5.0 Commit: 1c163f4c7b Linux 5.0 Build Time: 135 min 21 sec Passed: 11 / 11 (100.00 %) Failed: 0 / 11 ( 0.00 %) Errors: 0 Warnings: 9 Section Mismatches: 0 ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): 2 warnings 0 mismatches : arm64-allmodconfig 3 warnings 0 mismatches : arm-multi_v5_defconfig 4 warnings 0 mismatches : arm-multi_v7_defconfig 7 warnings 0 mismatches : arm-allmodconfig 3 warnings 0 mismatches : arm-multi_v4t_defconfig 3 warnings 0 mismatches : x86_64-allmodconfig 1 warnings 0 mismatches : arm64-defconfig ------------------------------------------------------------------------------- Warnings Summary: 9 8 ../drivers/regulator/core.c:244:45: warning: array subscript is above array bounds [-Warray-bounds] 5 ../include/linux/spinlock.h:279:3: warning: 'flags' may be used uninitialized in this function [-Wmaybe-uninitialized] 4 ../drivers/regulator/core.c:4799:38: warning: array subscript is above array bounds [-Warray-bounds] 1 ../samples/seccomp/user-trap.c:83:2: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] 1 ../samples/seccomp/user-trap.c:50:2: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] 1 ../include/linux/kernel.h:846:29: warning: comparison of distinct pointer types lacks a cast 1 ../drivers/staging/erofs/unzip_vle.c:253:29: warning: array subscript is above array bounds [-Warray-bounds] 1 ../drivers/scsi/myrs.c:821:24: warning: 'sshdr.sense_key' may be used uninitialized in this function [-Wmaybe-uninitialized] 1 ../drivers/net/ethernet/mellanox/mlx5/core/en_stats.c:217:1: warning: the frame size of 1064 bytes is larger than 1024 bytes [-Wframe-larger-than=] =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- arm64-allmodconfig : PASS, 0 errors, 2 warnings, 0 section mismatches Warnings: ../include/linux/kernel.h:846:29: warning: comparison of distinct pointer types lacks a cast ../include/linux/spinlock.h:279:3: warning: 'flags' may be used uninitialized in this function [-Wmaybe-uninitialized] ------------------------------------------------------------------------------- arm-multi_v5_defconfig : PASS, 0 errors, 3 warnings, 0 section mismatches Warnings: ../drivers/regulator/core.c:244:45: warning: array subscript is above array bounds [-Warray-bounds] ../drivers/regulator/core.c:244:45: warning: array subscript is above array bounds [-Warray-bounds] ../drivers/regulator/core.c:4799:38: warning: array subscript is above array bounds [-Warray-bounds] ------------------------------------------------------------------------------- arm-multi_v7_defconfig : PASS, 0 errors, 4 warnings, 0 section mismatches Warnings: ../drivers/regulator/core.c:244:45: warning: array subscript is above array bounds [-Warray-bounds] ../drivers/regulator/core.c:244:45: warning: array subscript is above array bounds [-Warray-bounds] ../drivers/regulator/core.c:4799:38: warning: array subscript is above array bounds [-Warray-bounds] ../include/linux/spinlock.h:279:3: warning: 'flags' may be used uninitialized in this function [-Wmaybe-uninitialized] ------------------------------------------------------------------------------- arm-allmodconfig : PASS, 0 errors, 7 warnings, 0 section mismatches Warnings: ../drivers/net/ethernet/mellanox/mlx5/core/en_stats.c:217:1: warning: the frame size of 1064 bytes is larger than 1024 bytes [-Wframe-larger-than=] ../drivers/regulator/core.c:244:45: warning: array subscript is above array bounds [-Warray-bounds] ../drivers/regulator/core.c:244:45: warning: array subscript is above array bounds [-Warray-bounds] ../drivers/regulator/core.c:4799:38: warning: array subscript is above array bounds [-Warray-bounds] ../drivers/staging/erofs/unzip_vle.c:253:29: warning: array subscript is above array bounds [-Warray-bounds] ../include/linux/spinlock.h:279:3: warning: 'flags' may be used uninitialized in this function [-Wmaybe-uninitialized] ../drivers/scsi/myrs.c:821:24: warning: 'sshdr.sense_key' may be used uninitialized in this function [-Wmaybe-uninitialized] ------------------------------------------------------------------------------- arm-multi_v4t_defconfig : PASS, 0 errors, 3 warnings, 0 section mismatches Warnings: ../drivers/regulator/core.c:244:45: warning: array subscript is above array bounds [-Warray-bounds] ../drivers/regulator/core.c:244:45: warning: array subscript is above array bounds [-Warray-bounds] ../drivers/regulator/core.c:4799:38: warning: array subscript is above array bounds [-Warray-bounds] ------------------------------------------------------------------------------- x86_64-allmodconfig : PASS, 0 errors, 3 warnings, 0 section mismatches Warnings: ../samples/seccomp/user-trap.c:50:2: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] ../samples/seccomp/user-trap.c:83:2: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] ../include/linux/spinlock.h:279:3: warning: 'flags' may be used uninitialized in this function [-Wmaybe-uninitialized] ------------------------------------------------------------------------------- arm64-defconfig : PASS, 0 errors, 1 warnings, 0 section mismatches Warnings: ../include/linux/spinlock.h:279:3: warning: 'flags' may be used uninitialized in this function [-Wmaybe-uninitialized] ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: x86_64-allnoconfig arm64-allnoconfig arm-allnoconfig x86_64-defconfig

5 years, 9 months

1
0
0 0

[BUG linux-4.9.x] xen hotplug cpu leads to 100% steal usage

by Dongli Zhang

This issue is only for stable 4.9.x (e.g., 4.9.160), while the root cause is still in the lasted mainline kernel. This is obviated by new feature patch set ended with b672592f0221 ("sched/cputime: Remove generic asm headers"). After xen guest is up for long time, once we hotplug new vcpu, the corresponding steal usage might become 100% and the steal time from /proc/stat would increase abnormally. As we cannot wait for long time to reproduce the issue, here is how I reproduce it on purpose by accounting a large initial steal clock for new vcpu 2 and 3. 1. Apply the below patch to guest 4.9.160 to account large initial steal clock for new vcpu 2 and 3: diff --git a/drivers/xen/time.c b/drivers/xen/time.c index ac5f23f..3cf629e 100644 --- a/drivers/xen/time.c +++ b/drivers/xen/time.c @@ -85,7 +85,14 @@ u64 xen_steal_clock(int cpu) struct vcpu_runstate_info state; xen_get_runstate_snapshot_cpu(&state, cpu); - return state.time[RUNSTATE_runnable] + state.time[RUNSTATE_offline]; + + if (cpu == 2 || cpu == 3) + return state.time[RUNSTATE_runnable] + + state.time[RUNSTATE_offline] + + 0x00071e87e677aa12; + else + return state.time[RUNSTATE_runnable] + + state.time[RUNSTATE_offline]; } void xen_setup_runstate_info(int cpu) 2. Boot hvm guest with "vcpus=2" and "maxvcpus=4". By default, VM boot with vcpu 0 and 1. 3. Hotplug vcpu 2 and 3 via "xl vcpu-set <domid> 4" on dom0. In my env, the steal becomes 100% within 10s after the "xl vcpu-set" command on dom0. I can reproduce on kvm with similar method. However, as the initial steal clock on kvm guest is always 0, I do not think it is easy to hit this issue on kvm. -------------------------------------------------------- The root cause is that the return type of jiffies_to_usecs() is 'unsigned int', but not 'unsigned long'. As a result, the leading 32 bits are discarded. jiffies_to_usecs() is indirectly triggered by cputime_to_nsecs() at line 264. If guest is already up for long time, the initial steal time for new vcpu might be large and the leading 32 bits of jiffies_to_usecs() would be discarded. As a result, the steal at line 259 is always large and the this_rq()->prev_steal_time at line 264 is always small. The difference at line 260 is always large during each time steal_account_process_time() is involved. Finally, the steal time in /proc/stat would increase abnormally. 252 static __always_inline cputime_t steal_account_process_time(cputime_t maxtime) 253 { 254 #ifdef CONFIG_PARAVIRT 255 if (static_key_false(&paravirt_steal_enabled)) { 256 cputime_t steal_cputime; 257 u64 steal; 258 259 steal = paravirt_steal_clock(smp_processor_id()); 260 steal -= this_rq()->prev_steal_time; 261 262 steal_cputime = min(nsecs_to_cputime(steal), maxtime); 263 account_steal_time(steal_cputime); 264 this_rq()->prev_steal_time += cputime_to_nsecs(steal_cputime); 265 266 return steal_cputime; 267 } 268 #endif 269 return 0; 270 } -------------------------------------------------------- I have emailed the kernel mailing list about the return type of jiffies_to_usecs() and jiffies_to_msecs(): https://lkml.org/lkml/2019/2/26/899 So far, I have two solutions: 1. Change the return type from 'unsigned int' to 'unsigned long' as in above link and I am afraid it would bring side effect. The return type in latest mainline kernel is still 'unsigned int'. 2. Something like below based on stable 4.9.160: diff --git a/include/linux/jiffies.h b/include/linux/jiffies.h index 734377a..9b1fc40 100644 --- a/include/linux/jiffies.h +++ b/include/linux/jiffies.h @@ -286,10 +286,11 @@ extern unsigned long preset_lpj; */ extern unsigned int jiffies_to_msecs(const unsigned long j); extern unsigned int jiffies_to_usecs(const unsigned long j); +extern unsigned long jiffies_to_usecs64(const unsigned long j); static inline u64 jiffies_to_nsecs(const unsigned long j) { - return (u64)jiffies_to_usecs(j) * NSEC_PER_USEC; + return (u64)jiffies_to_usecs64(j) * NSEC_PER_USEC; } extern u64 jiffies64_to_nsecs(u64 j); diff --git a/kernel/time/time.c b/kernel/time/time.c index a5b6d98..256c147 100644 --- a/kernel/time/time.c +++ b/kernel/time/time.c @@ -288,6 +288,27 @@ unsigned int jiffies_to_usecs(const unsigned long j) } EXPORT_SYMBOL(jiffies_to_usecs); +unsigned long jiffies_to_usecs64(const unsigned long j) +{ + /* + * Hz usually doesn't go much further MSEC_PER_SEC. + * jiffies_to_usecs() and usecs_to_jiffies() depend on that. + */ + BUILD_BUG_ON(HZ > USEC_PER_SEC); + +#if !(USEC_PER_SEC % HZ) + return (USEC_PER_SEC / HZ) * j; +#else +# if BITS_PER_LONG == 32 + return (HZ_TO_USEC_MUL32 * j) >> HZ_TO_USEC_SHR32; +# else + return (j * HZ_TO_USEC_NUM) / HZ_TO_USEC_DEN; +# endif +#endif +} +EXPORT_SYMBOL(jiffies_to_usecs64); + + /** * timespec_trunc - Truncate timespec to a granularity * @t: Timespec People may dislike the 2nd solution. 3. Backport patch set ended with b672592f0221 ("sched/cputime: Remove generic asm headers"). This is not reasonable for stable branch as the patch set involves lots of changes. Would you please let me know if there is any suggestion on this issue? Thank you very much! Dongli Zhang

5 years, 9 months

3
4
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror March 2019