August 2019 - Linux-stable-mirror

[PATCH] drm/i915: fix broadwell EU computation

by Rodrigo Vivi

From: Lionel Landwerlin <lionel.g.landwerlin(a)intel.com> commit 6a67a20366f894c172734f28c5646bdbe48a46e3 upstream. subslice_mask is an array indexed by slice, not subslice. Signed-off-by: Lionel Landwerlin <lionel.g.landwerlin(a)intel.com> Fixes: 8cc7669355136f ("drm/i915: store all subslice masks") Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=108712 Reviewed-by: Chris Wilson <chris(a)chris-wilson.co.uk> Reviewed-by: Tvrtko Ursulin <tvrtko.ursulin(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20181112123931.2815-1-lionel.… (cherry picked from commit 63ac3328f0d1d37f286e397b14d9596ed09d7ca5) Signed-off-by: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> # 4.17 Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> --- drivers/gpu/drm/i915/intel_device_info.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/i915/intel_device_info.c b/drivers/gpu/drm/i915/intel_device_info.c index 0ef0c6448d53..01fa98299bae 100644 --- a/drivers/gpu/drm/i915/intel_device_info.c +++ b/drivers/gpu/drm/i915/intel_device_info.c @@ -474,7 +474,7 @@ static void broadwell_sseu_info_init(struct drm_i915_private *dev_priv) u8 eu_disabled_mask; u32 n_disabled; - if (!(sseu->subslice_mask[ss] & BIT(ss))) + if (!(sseu->subslice_mask[s] & BIT(ss))) /* skip disabled subslice */ continue; -- 2.20.1

4 years, 8 months

3
2
0 0

[PATCH] drm: mst: Fix query_payload ack reply struct

by Sean Paul

From: Sean Paul <seanpaul(a)chromium.org> Spec says[1] Allocated_PBN is 16 bits [1]- DisplayPort 1.2 Spec, Section 2.11.9.8, Table 2-98 Fixes: ad7f8a1f9ced ("drm/helper: add Displayport multi-stream helper (v0.6)") Cc: Lyude Paul <lyude(a)redhat.com> Cc: Todd Previte <tprevite(a)gmail.com> Cc: Dave Airlie <airlied(a)redhat.com> Cc: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> Cc: Maxime Ripard <maxime.ripard(a)bootlin.com> Cc: Sean Paul <sean(a)poorly.run> Cc: David Airlie <airlied(a)linux.ie> Cc: Daniel Vetter <daniel(a)ffwll.ch> Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v3.17+ Signed-off-by: Sean Paul <seanpaul(a)chromium.org> --- include/drm/drm_dp_mst_helper.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/drm/drm_dp_mst_helper.h b/include/drm/drm_dp_mst_helper.h index 2ba6253ea6d3..fc349204a71b 100644 --- a/include/drm/drm_dp_mst_helper.h +++ b/include/drm/drm_dp_mst_helper.h @@ -334,7 +334,7 @@ struct drm_dp_resource_status_notify { struct drm_dp_query_payload_ack_reply { u8 port_number; - u8 allocated_pbn; + u16 allocated_pbn; }; struct drm_dp_sideband_msg_req_body { -- Sean Paul, Software Engineer, Google / Chromium OS

4 years, 8 months

3
3
0 0

✅ PASS: Stable queue: queue-5.2

by CKI Project

Hello, We ran automated tests on a patchset that was proposed for merging into this kernel tree. The patches were applied to: Kernel repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git Commit: f7d5b3dc4792 - Linux 5.2.10 The results of these automated tests are provided below. Overall result: PASSED Merge: OK Compile: OK Tests: OK All kernel binaries, config files, and logs are available for download here: https://artifacts.cki-project.org/pipelines/130651 Please reply to this email if you have any questions about the tests that we ran or if you have any suggestions on how to make future tests more effective. ,-. ,-. ( C ) ( K ) Continuous `-',-.`-' Kernel ( I ) Integration `-' ______________________________________________________________________________ Merge testing ------------- We cloned this repository and checked out the following commit: Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git Commit: f7d5b3dc4792 - Linux 5.2.10 We grabbed the 0c7efce02eb4 commit of the stable queue repository. We then merged the patchset with `git am`: asoc-simple_card_utils.h-care-null-dai-at-asoc_simpl.patch asoc-simple-card-fix-an-use-after-free-in-simple_dai.patch asoc-simple-card-fix-an-use-after-free-in-simple_for.patch asoc-audio-graph-card-fix-use-after-free-in-graph_da.patch asoc-audio-graph-card-fix-an-use-after-free-in-graph.patch asoc-audio-graph-card-add-missing-const-at-graph_get.patch regulator-axp20x-fix-dcdca-and-dcdcd-for-axp806.patch regulator-axp20x-fix-dcdc5-and-dcdc6-for-axp803.patch asoc-samsung-odroid-fix-an-use-after-free-issue-for-.patch asoc-samsung-odroid-fix-a-double-free-issue-for-cpu_.patch asoc-intel-bytcht_es8316-add-quirk-for-irbis-nb41-ne.patch hid-logitech-hidpp-add-usb-pid-for-a-few-more-suppor.patch hid-add-044f-b320-thrustmaster-inc.-2-in-1-dt.patch mips-kernel-only-use-i8253-clocksource-with-periodic.patch mips-fix-cacheinfo.patch libbpf-sanitize-var-to-conservative-1-byte-int.patch netfilter-ebtables-fix-a-memory-leak-bug-in-compat.patch asoc-dapm-fix-handling-of-custom_stop_condition-on-d.patch asoc-sof-use-__u32-instead-of-uint32_t-in-uapi-heade.patch spi-pxa2xx-balance-runtime-pm-enable-disable-on-erro.patch bpf-sockmap-sock_map_delete-needs-to-use-xchg.patch bpf-sockmap-synchronize_rcu-before-free-ing-map.patch bpf-sockmap-only-create-entry-if-ulp-is-not-already-.patch selftests-bpf-fix-sendmsg6_prog-on-s390.patch asoc-dapm-fix-a-memory-leak-bug.patch bonding-force-slave-speed-check-after-link-state-rec.patch net-mvpp2-don-t-check-for-3-consecutive-idle-frames-.patch selftests-forwarding-gre_multipath-enable-ipv4-forwa.patch selftests-forwarding-gre_multipath-fix-flower-filter.patch selftests-bpf-add-another-gso_segs-access.patch libbpf-fix-using-uninitialized-ioctl-results.patch can-dev-call-netif_carrier_off-in-register_candev.patch can-mcp251x-add-error-check-when-wq-alloc-failed.patch can-gw-fix-error-path-of-cgw_module_init.patch asoc-fail-card-instantiation-if-dai-format-setup-fai.patch staging-fbtft-fix-gpio-handling.patch libbpf-silence-gcc8-warning-about-string-truncation.patch st21nfca_connectivity_event_received-null-check-the-.patch st_nci_hci_connectivity_event_received-null-check-th.patch nl-mac-80211-fix-interface-combinations-on-crypto-co.patch asoc-ti-davinci-mcasp-fix-clk-pdir-handling-for-i2s-.patch asoc-rockchip-fix-mono-capture.patch asoc-ti-davinci-mcasp-correct-slot_width-posed-const.patch net-usb-qmi_wwan-add-the-broadmobi-bm818-card.patch qed-rdma-fix-the-hw_ver-returned-in-device-attribute.patch isdn-misdn-hfcsusb-fix-possible-null-pointer-derefer.patch habanalabs-fix-f-w-download-in-be-architecture.patch mac80211_hwsim-fix-possible-null-pointer-dereference.patch net-stmmac-manage-errors-returned-by-of_get_mac_addr.patch netfilter-ipset-actually-allow-destination-mac-addre.patch netfilter-ipset-copy-the-right-mac-address-in-bitmap.patch netfilter-ipset-fix-rename-concurrency-with-listing.patch rxrpc-fix-potential-deadlock.patch rxrpc-fix-the-lack-of-notification-when-sendmsg-fail.patch nvmem-use-the-same-permissions-for-eeprom-as-for-nvm.patch iwlwifi-mvm-avoid-races-in-rate-init-and-rate-perfor.patch iwlwifi-dbg_ini-move-iwl_dbg_tlv_load_bin-out-of-deb.patch iwlwifi-dbg_ini-move-iwl_dbg_tlv_free-outside-of-deb.patch iwlwifi-fix-locking-in-delayed-gtk-setting.patch iwlwifi-mvm-send-lq-command-always-async.patch enetc-fix-build-error-without-phylib.patch isdn-hfcsusb-fix-misdn-driver-crash-caused-by-transf.patch net-phy-phy_led_triggers-fix-a-possible-null-pointer.patch perf-bench-numa-fix-cpu0-binding.patch spi-pxa2xx-add-support-for-intel-tiger-lake.patch can-sja1000-force-the-string-buffer-null-terminated.patch can-peak_usb-force-the-string-buffer-null-terminated.patch asoc-amd-acp3x-use-dma_ops-of-parent-device-for-acp3.patch net-ethernet-qlogic-qed-force-the-string-buffer-null.patch enetc-select-phylib-while-config_fsl_enetc_vf-is-set.patch nfsv4-fix-a-credential-refcount-leak-in-nfs41_check_.patch nfsv4-when-recovering-state-fails-with-eagain-retry-.patch nfsv4.1-fix-open-stateid-recovery.patch nfsv4.1-only-reap-expired-delegations.patch nfsv4-fix-a-potential-sleep-while-atomic-in-nfs4_do_.patch nfs-fix-regression-whereby-fscache-errors-are-appear.patch hid-quirks-set-the-increment_usage_on_duplicate-quir.patch hid-input-fix-a4tech-horizontal-wheel-custom-usage.patch drm-rockchip-suspend-dp-late.patch smb3-fix-potential-memory-leak-when-processing-compo.patch smb3-kernel-oops-mounting-a-encryptdata-share-with-c.patch sched-deadline-fix-double-accounting-of-rq-running-b.patch sched-psi-reduce-psimon-fifo-priority.patch sched-psi-do-not-require-setsched-permission-from-th.patch s390-protvirt-avoid-memory-sharing-for-diag-308-set-.patch s390-mm-fix-dump_pagetables-top-level-page-table-wal.patch s390-put-_stext-and-_etext-into-.text-section.patch ata-rb532_cf-fix-unused-variable-warning-in-rb532_pa.patch net-cxgb3_main-fix-a-resource-leak-in-a-error-path-i.patch net-stmmac-fix-issues-when-number-of-queues-4.patch net-stmmac-tc-do-not-return-a-fragment-entry.patch drm-amdgpu-pin-the-csb-buffer-on-hw-init-for-gfx-v8.patch net-hisilicon-make-hip04_tx_reclaim-non-reentrant.patch net-hisilicon-fix-hip04-xmit-never-return-tx_busy.patch net-hisilicon-fix-dma_map_single-failed-on-arm64.patch nfsv4-ensure-state-recovery-handles-etimedout-correc.patch libata-have-ata_scsi_rw_xlat-fail-invalid-passthroug.patch libata-add-sg-safety-checks-in-sff-pio-transfers.patch x86-lib-cpu-address-missing-prototypes-warning.patch drm-vmwgfx-fix-memory-leak-when-too-many-retries-hav.patch block-aoe-fix-kernel-crash-due-to-atomic-sleep-when-.patch block-bfq-handle-null-return-value-by-bfq_init_rq.patch perf-ftrace-fix-failure-to-set-cpumask-when-only-one.patch perf-cpumap-fix-writing-to-illegal-memory-in-handlin.patch perf-pmu-events-fix-missing-cpu_clk_unhalted.core-ev.patch dt-bindings-riscv-fix-the-schema-compatible-string-f.patch kvm-arm64-don-t-write-junk-to-sysregs-on-reset.patch kvm-arm-don-t-write-junk-to-cp15-registers-on-reset.patch selftests-kvm-adding-config-fragments.patch iwlwifi-mvm-disable-tx-amsdu-on-older-nics.patch hid-wacom-correct-misreported-ekr-ring-values.patch hid-wacom-correct-distance-scale-for-2nd-gen-intuos-devices.patch revert-kvm-x86-mmu-zap-only-the-relevant-pages-when-removing-a-memslot.patch revert-dm-bufio-fix-deadlock-with-loop-device.patch clk-socfpga-stratix10-fix-rate-caclulationg-for-cnt_clks.patch ceph-clear-page-dirty-before-invalidate-page.patch ceph-don-t-try-fill-file_lock-on-unsuccessful-getfilelock-reply.patch libceph-fix-pg-split-vs-osd-re-connect-race.patch drm-amdgpu-gfx9-update-pg_flags-after-determining-if-gfx-off-is-possible.patch drm-nouveau-don-t-retry-infinitely-when-receiving-no-data-on-i2c-over-aux.patch scsi-ufs-fix-null-pointer-dereference-in-ufshcd_config_vreg_hpm.patch gpiolib-never-report-open-drain-source-lines-as-input-to-user-space.patch drivers-hv-vmbus-fix-virt_to_hvpfn-for-x86_pae.patch userfaultfd_release-always-remove-uffd-flags-and-clear-vm_userfaultfd_ctx.patch x86-retpoline-don-t-clobber-rflags-during-call_nospec-on-i386.patch x86-apic-handle-missing-global-clockevent-gracefully.patch x86-cpu-amd-clear-rdrand-cpuid-bit-on-amd-family-15h-16h.patch x86-boot-save-fields-explicitly-zero-out-everything-else.patch x86-boot-fix-boot-regression-caused-by-bootparam-sanitizing.patch ib-hfi1-unsafe-psn-checking-for-tid-rdma-read-resp-packet.patch ib-hfi1-add-additional-checks-when-handling-tid-rdma-read-resp-packet.patch ib-hfi1-add-additional-checks-when-handling-tid-rdma-write-data-packet.patch ib-hfi1-drop-stale-tid-rdma-packets-that-cause-tiderr.patch psi-get-poll_work-to-run-when-calling-poll-syscall-next-time.patch dm-kcopyd-always-complete-failed-jobs.patch dm-dust-use-dust-block-size-for-badblocklist-index.patch dm-btree-fix-order-of-block-initialization-in-btree_split_beneath.patch dm-integrity-fix-a-crash-due-to-bug_on-in-__journal_read_write.patch dm-raid-add-missing-cleanup-in-raid_ctr.patch dm-space-map-metadata-fix-missing-store-of-apply_bops-return-value.patch dm-table-fix-invalid-memory-accesses-with-too-high-sector-number.patch dm-zoned-improve-error-handling-in-reclaim.patch dm-zoned-improve-error-handling-in-i-o-map-code.patch dm-zoned-properly-handle-backing-device-failure.patch genirq-properly-pair-kobject_del-with-kobject_add.patch mm-z3fold.c-fix-race-between-migration-and-destruction.patch mm-page_alloc-move_freepages-should-not-examine-struct-page-of-reserved-memory.patch mm-memcontrol-flush-percpu-vmstats-before-releasing-memcg.patch mm-memcontrol-flush-percpu-vmevents-before-releasing-memcg.patch mm-page_owner-handle-thp-splits-correctly.patch mm-zsmalloc.c-migration-can-leave-pages-in-zs_empty-indefinitely.patch mm-zsmalloc.c-fix-race-condition-in-zs_destroy_pool.patch mm-kasan-fix-false-positive-invalid-free-reports-with-config_kasan_sw_tags-y.patch xfs-fix-missing-ilock-unlock-when-xfs_setattr_nonsize-fails-due-to-edquot.patch ib-hfi1-drop-stale-tid-rdma-packets.patch dm-zoned-fix-potential-null-dereference-in-dmz_do_re.patch io_uring-fix-potential-hang-with-polled-io.patch io_uring-don-t-enter-poll-loop-if-we-have-cqes-pendi.patch io_uring-add-need_resched-check-in-inner-poll-loop.patch powerpc-allow-flush_-inval_-dcache_range-to-work-across-ranges-4gb.patch rxrpc-fix-local-endpoint-refcounting.patch rxrpc-fix-read-after-free-in-rxrpc_queue_local.patch rxrpc-fix-local-endpoint-replacement.patch rxrpc-fix-local-refcounting.patch Compile testing --------------- We compiled the kernel for 3 architectures: aarch64: make options: -j30 INSTALL_MOD_STRIP=1 targz-pkg ppc64le: make options: -j30 INSTALL_MOD_STRIP=1 targz-pkg x86_64: make options: -j30 INSTALL_MOD_STRIP=1 targz-pkg Hardware testing ---------------- We booted each kernel and ran the following tests: aarch64: Host 1: ✅ Boot test [0] ✅ xfstests: xfs [1] ✅ selinux-policy: serge-testsuite [2] ✅ lvm thinp sanity [3] ✅ storage: software RAID testing [4] 🚧 ✅ Storage blktests [5] Host 2: ✅ Boot test [0] ✅ Podman system integration test (as root) [6] ✅ Podman system integration test (as user) [6] ✅ Loopdev Sanity [7] ✅ jvm test suite [8] ✅ AMTU (Abstract Machine Test Utility) [9] ✅ LTP: openposix test suite [10] ✅ Ethernet drivers sanity [11] ✅ Networking socket: fuzz [12] ✅ audit: audit testsuite test [13] ✅ httpd: mod_ssl smoke sanity [14] ✅ iotop: sanity [15] ✅ tuned: tune-processes-through-perf [16] ✅ Usex - version 1.9-29 [17] ✅ storage: SCSI VPD [18] ✅ stress: stress-ng [19] 🚧 ✅ LTP lite [20] 🚧 ✅ CIFS Connectathon [21] 🚧 ✅ Networking bridge: sanity [22] ppc64le: Host 1: ✅ Boot test [0] ✅ xfstests: xfs [1] ✅ selinux-policy: serge-testsuite [2] ✅ lvm thinp sanity [3] ✅ storage: software RAID testing [4] 🚧 ✅ Storage blktests [5] Host 2: ⚡ Internal infrastructure issues prevented one or more tests (marked with ⚡⚡⚡) from running on this architecture. This is not the fault of the kernel that was tested. ✅ Boot test [0] ✅ Podman system integration test (as root) [6] ✅ Podman system integration test (as user) [6] ✅ Loopdev Sanity [7] ✅ jvm test suite [8] ✅ AMTU (Abstract Machine Test Utility) [9] ✅ LTP: openposix test suite [10] ✅ Ethernet drivers sanity [11] ✅ Networking socket: fuzz [12] ✅ audit: audit testsuite test [13] ✅ httpd: mod_ssl smoke sanity [14] ✅ iotop: sanity [15] ✅ tuned: tune-processes-through-perf [16] ✅ Usex - version 1.9-29 [17] 🚧 ⚡⚡⚡ LTP lite [20] 🚧 ✅ CIFS Connectathon [21] 🚧 ✅ Networking bridge: sanity [22] x86_64: Host 1: ✅ Boot test [0] ✅ Podman system integration test (as root) [6] ✅ Podman system integration test (as user) [6] ✅ Loopdev Sanity [7] ✅ jvm test suite [8] ✅ AMTU (Abstract Machine Test Utility) [9] ✅ LTP: openposix test suite [10] ✅ Ethernet drivers sanity [11] ✅ Networking socket: fuzz [12] ✅ audit: audit testsuite test [13] ✅ httpd: mod_ssl smoke sanity [14] ✅ iotop: sanity [15] ✅ tuned: tune-processes-through-perf [16] ✅ pciutils: sanity smoke test [23] ✅ Usex - version 1.9-29 [17] ✅ storage: SCSI VPD [18] ✅ stress: stress-ng [19] 🚧 ❌ LTP lite [20] 🚧 ✅ CIFS Connectathon [21] 🚧 ✅ Networking bridge: sanity [22] Host 2: ✅ Boot test [0] ✅ xfstests: xfs [1] ✅ selinux-policy: serge-testsuite [2] ✅ lvm thinp sanity [3] ✅ storage: software RAID testing [4] 🚧 ✅ Storage blktests [5] Test source: 💚 Pull requests are welcome for new tests or improvements to existing tests! [0]: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution… [1]: https://github.com/CKI-project/tests-beaker/archive/master.zip#/filesystems… [2]: https://github.com/CKI-project/tests-beaker/archive/master.zip#/packages/se… [3]: https://github.com/CKI-project/tests-beaker/archive/master.zip#storage/lvm/… [4]: https://github.com/CKI-project/tests-beaker/archive/master.zip#storage/swra… [5]: https://github.com/CKI-project/tests-beaker/archive/master.zip#storage/blk [6]: https://github.com/CKI-project/tests-beaker/archive/master.zip#/container/p… [7]: https://github.com/CKI-project/tests-beaker/archive/master.zip#filesystems/… [8]: https://github.com/CKI-project/tests-beaker/archive/master.zip#/jvm [9]: https://github.com/CKI-project/tests-beaker/archive/master.zip#misc/amtu [10]: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution… [11]: https://github.com/CKI-project/tests-beaker/archive/master.zip#/networking/… [12]: https://github.com/CKI-project/tests-beaker/archive/master.zip#/networking/… [13]: https://github.com/CKI-project/tests-beaker/archive/master.zip#packages/aud… [14]: https://github.com/CKI-project/tests-beaker/archive/master.zip#packages/htt… [15]: https://github.com/CKI-project/tests-beaker/archive/master.zip#packages/iot… [16]: https://github.com/CKI-project/tests-beaker/archive/master.zip#packages/tun… [17]: https://github.com/CKI-project/tests-beaker/archive/master.zip#standards/us… [18]: https://github.com/CKI-project/tests-beaker/archive/master.zip#storage/scsi… [19]: https://github.com/CKI-project/tests-beaker/archive/master.zip#stress/stres… [20]: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution… [21]: https://github.com/CKI-project/tests-beaker/archive/master.zip#filesystems/… [22]: https://github.com/CKI-project/tests-beaker/archive/master.zip#networking/b… [23]: https://github.com/CKI-project/tests-beaker/archive/master.zip#pciutils/san… Waived tests ------------ If the test run included waived tests, they are marked with 🚧. Such tests are executed but their results are not taken into account. Tests are waived when their results are not reliable enough, e.g. when they're just introduced or are being fixed.

4 years, 8 months

1
0
0 0

[PATCH 1/2] tools lib traceevent: Do not free tep->cmdlines in add_new_comm() on failure

by Steven Rostedt

From: "Steven Rostedt (VMware)" <rostedt(a)goodmis.org> If the re-allocation of tep->cmdlines succeeds, then the previous allocation of tep->cmdlines will be freed. If we later fail in add_new_comm(), we must not free cmdlines, and also should assign tep->cmdlines to the new allocation. Otherwise when freeing tep, the tep->cmdlines will be pointing to garbage. Cc: stable(a)vger.kernel.org Fixes: a6d2a61ac653a ("tools lib traceevent: Remove some die() calls") Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> --- tools/lib/traceevent/event-parse.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/tools/lib/traceevent/event-parse.c b/tools/lib/traceevent/event-parse.c index b36b536a9fcb..13fd9fdf91e0 100644 --- a/tools/lib/traceevent/event-parse.c +++ b/tools/lib/traceevent/event-parse.c @@ -269,10 +269,10 @@ static int add_new_comm(struct tep_handle *tep, errno = ENOMEM; return -1; } + tep->cmdlines = cmdlines; cmdlines[tep->cmdline_count].comm = strdup(comm); if (!cmdlines[tep->cmdline_count].comm) { - free(cmdlines); errno = ENOMEM; return -1; } @@ -283,7 +283,6 @@ static int add_new_comm(struct tep_handle *tep, tep->cmdline_count++; qsort(cmdlines, tep->cmdline_count, sizeof(*cmdlines), cmdline_cmp); - tep->cmdlines = cmdlines; return 0; } -- 2.20.1

4 years, 8 months

2
1
0 0

[tip: x86/urgent] x86/mm/cpa: Prevent large page split when ftrace flips RW on kernel text

by tip-bot2 for Thomas Gleixner

The following commit has been merged into the x86/urgent branch of tip: Commit-ID: 7af0145067bc429a09ac4047b167c0971c9f0dc7 Gitweb: https://git.kernel.org/tip/7af0145067bc429a09ac4047b167c0971c9f0dc7 Author: Thomas Gleixner <tglx(a)linutronix.de> AuthorDate: Thu, 29 Aug 2019 00:31:34 +02:00 Committer: Thomas Gleixner <tglx(a)linutronix.de> CommitterDate: Thu, 29 Aug 2019 20:48:44 +02:00 x86/mm/cpa: Prevent large page split when ftrace flips RW on kernel text ftrace does not use text_poke() for enabling trace functionality. It uses its own mechanism and flips the whole kernel text to RW and back to RO. The CPA rework removed a loop based check of 4k pages which tried to preserve a large page by checking each 4k page whether the change would actually cover all pages in the large page. This resulted in endless loops for nothing as in testing it turned out that it actually never preserved anything. Of course testing missed to include ftrace, which is the one and only case which benefitted from the 4k loop. As a consequence enabling function tracing or ftrace based kprobes results in a full 4k split of the kernel text, which affects iTLB performance. The kernel RO protection is the only valid case where this can actually preserve large pages. All other static protections (RO data, data NX, PCI, BIOS) are truly static. So a conflict with those protections which results in a split should only ever happen when a change of memory next to a protected region is attempted. But these conflicts are rightfully splitting the large page to preserve the protected regions. In fact a change to the protected regions itself is a bug and is warned about. Add an exception for the static protection check for kernel text RO when the to be changed region spawns a full large page which allows to preserve the large mappings. This also prevents the syslog to be spammed about CPA violations when ftrace is used. The exception needs to be removed once ftrace switched over to text_poke() which avoids the whole issue. Fixes: 585948f4f695 ("x86/mm/cpa: Avoid the 4k pages check completely") Reported-by: Song Liu <songliubraving(a)fb.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Tested-by: Song Liu <songliubraving(a)fb.com> Reviewed-by: Song Liu <songliubraving(a)fb.com> Acked-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Cc: stable(a)vger.kernel.org Link: https://lkml.kernel.org/r/alpine.DEB.2.21.1908282355340.1938@nanos.tec.linu… --- arch/x86/mm/pageattr.c | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c index 6a9a77a..e14e95e 100644 --- a/arch/x86/mm/pageattr.c +++ b/arch/x86/mm/pageattr.c @@ -516,7 +516,7 @@ static inline void check_conflict(int warnlvl, pgprot_t prot, pgprotval_t val, */ static inline pgprot_t static_protections(pgprot_t prot, unsigned long start, unsigned long pfn, unsigned long npg, - int warnlvl) + unsigned long lpsize, int warnlvl) { pgprotval_t forbidden, res; unsigned long end; @@ -535,9 +535,17 @@ static inline pgprot_t static_protections(pgprot_t prot, unsigned long start, check_conflict(warnlvl, prot, res, start, end, pfn, "Text NX"); forbidden = res; - res = protect_kernel_text_ro(start, end); - check_conflict(warnlvl, prot, res, start, end, pfn, "Text RO"); - forbidden |= res; + /* + * Special case to preserve a large page. If the change spawns the + * full large page mapping then there is no point to split it + * up. Happens with ftrace and is going to be removed once ftrace + * switched to text_poke(). + */ + if (lpsize != (npg * PAGE_SIZE) || (start & (lpsize - 1))) { + res = protect_kernel_text_ro(start, end); + check_conflict(warnlvl, prot, res, start, end, pfn, "Text RO"); + forbidden |= res; + } /* Check the PFN directly */ res = protect_pci_bios(pfn, pfn + npg - 1); @@ -819,7 +827,7 @@ static int __should_split_large_page(pte_t *kpte, unsigned long address, * extra conditional required here. */ chk_prot = static_protections(old_prot, lpaddr, old_pfn, numpages, - CPA_CONFLICT); + psize, CPA_CONFLICT); if (WARN_ON_ONCE(pgprot_val(chk_prot) != pgprot_val(old_prot))) { /* @@ -855,7 +863,7 @@ static int __should_split_large_page(pte_t *kpte, unsigned long address, * protection requirement in the large page. */ new_prot = static_protections(req_prot, lpaddr, old_pfn, numpages, - CPA_DETECT); + psize, CPA_DETECT); /* * If there is a conflict, split the large page. @@ -906,7 +914,8 @@ static void split_set_pte(struct cpa_data *cpa, pte_t *pte, unsigned long pfn, if (!cpa->force_static_prot) goto set; - prot = static_protections(ref_prot, address, pfn, npg, CPA_PROTECT); + /* Hand in lpsize = 0 to enforce the protection mechanism */ + prot = static_protections(ref_prot, address, pfn, npg, 0, CPA_PROTECT); if (pgprot_val(prot) == pgprot_val(ref_prot)) goto set; @@ -1503,7 +1512,8 @@ static int __change_page_attr(struct cpa_data *cpa, int primary) pgprot_val(new_prot) |= pgprot_val(cpa->mask_set); cpa_inc_4k_install(); - new_prot = static_protections(new_prot, address, pfn, 1, + /* Hand in lpsize = 0 to enforce the protection mechanism */ + new_prot = static_protections(new_prot, address, pfn, 1, 0, CPA_PROTECT); new_prot = pgprot_clear_protnone_bits(new_prot);

4 years, 8 months

1
0
0 0

[PATCH v5.2 1/2] locking/rwsem: Add missing ACQUIRE to read_slowpath exit when queue is empty

by Sasha Levin

From: Jan Stancek <jstancek(a)redhat.com> [ Upstream commit e1b98fa316648420d0434d9ff5b92ad6609ba6c3 ] LTP mtest06 has been observed to occasionally hit "still mapped when deleted" and following BUG_ON on arm64. The extra mapcount originated from pagefault handler, which handled pagefault for vma that has already been detached. vma is detached under mmap_sem write lock by detach_vmas_to_be_unmapped(), which also invalidates vmacache. When the pagefault handler (under mmap_sem read lock) calls find_vma(), vmacache_valid() wrongly reports vmacache as valid. After rwsem down_read() returns via 'queue empty' path (as of v5.2), it does so without an ACQUIRE on sem->count: down_read() __down_read() rwsem_down_read_failed() __rwsem_down_read_failed_common() raw_spin_lock_irq(&sem->wait_lock); if (list_empty(&sem->wait_list)) { if (atomic_long_read(&sem->count) >= 0) { raw_spin_unlock_irq(&sem->wait_lock); return sem; The problem can be reproduced by running LTP mtest06 in a loop and building the kernel (-j $NCPUS) in parallel. It does reproduces since v4.20 on arm64 HPE Apollo 70 (224 CPUs, 256GB RAM, 2 nodes). It triggers reliably in about an hour. The patched kernel ran fine for 10+ hours. Signed-off-by: Jan Stancek <jstancek(a)redhat.com> Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Reviewed-by: Will Deacon <will(a)kernel.org> Acked-by: Waiman Long <longman(a)redhat.com> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: dbueso(a)suse.de Fixes: 4b486b535c33 ("locking/rwsem: Exit read lock slowpath if queue empty & no writer") Link: https://lkml.kernel.org/r/50b8914e20d1d62bb2dee42d342836c2c16ebee7.15634380… Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- This is a backport for the v5.2 stable tree. There were multiple reports of this issue being hit. Given that there were a few changes to the code around this, I'd appreciate an ack before pulling it in. kernel/locking/rwsem-xadd.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/kernel/locking/rwsem-xadd.c b/kernel/locking/rwsem-xadd.c index 0b1f779572402..397dedc58432d 100644 --- a/kernel/locking/rwsem-xadd.c +++ b/kernel/locking/rwsem-xadd.c @@ -454,6 +454,8 @@ __rwsem_down_read_failed_common(struct rw_semaphore *sem, int state) * been set in the count. */ if (atomic_long_read(&sem->count) >= 0) { + /* Provide lock ACQUIRE */ + smp_acquire__after_ctrl_dep(); raw_spin_unlock_irq(&sem->wait_lock); rwsem_set_reader_owned(sem); lockevent_inc(rwsem_rlock_fast); -- 2.20.1

4 years, 8 months

2
3
0 0

[PATCH] overlayfs: filter of trusted xattr results in audit.

by Mark Salyzyn

When filtering xattr list for reading, presence of trusted xattr results in a security audit log. However, if there is other content no errno will be set, and if there isn't, the errno will be -ENODATA and not -EPERM as is usually associated with a lack of capability. The check does not block the request to list the xattrs present. Switch to ns_capable_noaudit to reflect a more appropriate check. Signed-off-by: Mark Salyzyn <salyzyn(a)android.com> Cc: linux-kernel(a)vger.kernel.orga Cc: linux-security-module(a)vger.kernel.org Cc: kernel-team(a)android.com Cc: stable(a)vger.kernel.org # 4.4, 4.9, 4.14 & 4.19 --- fs/overlayfs/inode.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c index 7663aeb85fa3..bc14781886bf 100644 --- a/fs/overlayfs/inode.c +++ b/fs/overlayfs/inode.c @@ -383,7 +383,8 @@ static bool ovl_can_list(const char *s) return true; /* Never list trusted.overlay, list other trusted for superuser only */ - return !ovl_is_private_xattr(s) && capable(CAP_SYS_ADMIN); + return !ovl_is_private_xattr(s) && + ns_capable_noaudit(&init_user_ns, CAP_SYS_ADMIN); } ssize_t ovl_listxattr(struct dentry *dentry, char *list, size_t size) -- 2.23.0.187.g17f5b7556c-goog

4 years, 8 months

1
0
0 0

[PATCH AUTOSEL 4.4 01/15] net: tundra: tsi108: use spin_lock_irqsave instead of spin_lock_irq in IRQ context

by Sasha Levin

From: Fuqian Huang <huangfq.daxian(a)gmail.com> [ Upstream commit 8c25d0887a8bd0e1ca2074ac0c6dff173787a83b ] As spin_unlock_irq will enable interrupts. Function tsi108_stat_carry is called from interrupt handler tsi108_irq. Interrupts are enabled in interrupt handler. Use spin_lock_irqsave/spin_unlock_irqrestore instead of spin_(un)lock_irq in IRQ context to avoid this. Signed-off-by: Fuqian Huang <huangfq.daxian(a)gmail.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/net/ethernet/tundra/tsi108_eth.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/net/ethernet/tundra/tsi108_eth.c b/drivers/net/ethernet/tundra/tsi108_eth.c index 520cf50a3d5a1..93fe0da0f15ea 100644 --- a/drivers/net/ethernet/tundra/tsi108_eth.c +++ b/drivers/net/ethernet/tundra/tsi108_eth.c @@ -379,9 +379,10 @@ tsi108_stat_carry_one(int carry, int carry_bit, int carry_shift, static void tsi108_stat_carry(struct net_device *dev) { struct tsi108_prv_data *data = netdev_priv(dev); + unsigned long flags; u32 carry1, carry2; - spin_lock_irq(&data->misclock); + spin_lock_irqsave(&data->misclock, flags); carry1 = TSI_READ(TSI108_STAT_CARRY1); carry2 = TSI_READ(TSI108_STAT_CARRY2); @@ -449,7 +450,7 @@ static void tsi108_stat_carry(struct net_device *dev) TSI108_STAT_TXPAUSEDROP_CARRY, &data->tx_pause_drop); - spin_unlock_irq(&data->misclock); + spin_unlock_irqrestore(&data->misclock, flags); } /* Read a stat counter atomically with respect to carries. -- 2.20.1

4 years, 8 months

1
14
0 0

[PATCH AUTOSEL 4.9 01/16] net: tundra: tsi108: use spin_lock_irqsave instead of spin_lock_irq in IRQ context

by Sasha Levin

From: Fuqian Huang <huangfq.daxian(a)gmail.com> [ Upstream commit 8c25d0887a8bd0e1ca2074ac0c6dff173787a83b ] As spin_unlock_irq will enable interrupts. Function tsi108_stat_carry is called from interrupt handler tsi108_irq. Interrupts are enabled in interrupt handler. Use spin_lock_irqsave/spin_unlock_irqrestore instead of spin_(un)lock_irq in IRQ context to avoid this. Signed-off-by: Fuqian Huang <huangfq.daxian(a)gmail.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/net/ethernet/tundra/tsi108_eth.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/net/ethernet/tundra/tsi108_eth.c b/drivers/net/ethernet/tundra/tsi108_eth.c index 8fd131207ee10..499abe9108fa6 100644 --- a/drivers/net/ethernet/tundra/tsi108_eth.c +++ b/drivers/net/ethernet/tundra/tsi108_eth.c @@ -381,9 +381,10 @@ tsi108_stat_carry_one(int carry, int carry_bit, int carry_shift, static void tsi108_stat_carry(struct net_device *dev) { struct tsi108_prv_data *data = netdev_priv(dev); + unsigned long flags; u32 carry1, carry2; - spin_lock_irq(&data->misclock); + spin_lock_irqsave(&data->misclock, flags); carry1 = TSI_READ(TSI108_STAT_CARRY1); carry2 = TSI_READ(TSI108_STAT_CARRY2); @@ -451,7 +452,7 @@ static void tsi108_stat_carry(struct net_device *dev) TSI108_STAT_TXPAUSEDROP_CARRY, &data->tx_pause_drop); - spin_unlock_irq(&data->misclock); + spin_unlock_irqrestore(&data->misclock, flags); } /* Read a stat counter atomically with respect to carries. -- 2.20.1

4 years, 8 months

1
15
0 0

[PATCH AUTOSEL 4.14 01/27] net: tundra: tsi108: use spin_lock_irqsave instead of spin_lock_irq in IRQ context

by Sasha Levin

From: Fuqian Huang <huangfq.daxian(a)gmail.com> [ Upstream commit 8c25d0887a8bd0e1ca2074ac0c6dff173787a83b ] As spin_unlock_irq will enable interrupts. Function tsi108_stat_carry is called from interrupt handler tsi108_irq. Interrupts are enabled in interrupt handler. Use spin_lock_irqsave/spin_unlock_irqrestore instead of spin_(un)lock_irq in IRQ context to avoid this. Signed-off-by: Fuqian Huang <huangfq.daxian(a)gmail.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/net/ethernet/tundra/tsi108_eth.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/net/ethernet/tundra/tsi108_eth.c b/drivers/net/ethernet/tundra/tsi108_eth.c index c2d15d9c0c33b..455979e47424c 100644 --- a/drivers/net/ethernet/tundra/tsi108_eth.c +++ b/drivers/net/ethernet/tundra/tsi108_eth.c @@ -381,9 +381,10 @@ tsi108_stat_carry_one(int carry, int carry_bit, int carry_shift, static void tsi108_stat_carry(struct net_device *dev) { struct tsi108_prv_data *data = netdev_priv(dev); + unsigned long flags; u32 carry1, carry2; - spin_lock_irq(&data->misclock); + spin_lock_irqsave(&data->misclock, flags); carry1 = TSI_READ(TSI108_STAT_CARRY1); carry2 = TSI_READ(TSI108_STAT_CARRY2); @@ -451,7 +452,7 @@ static void tsi108_stat_carry(struct net_device *dev) TSI108_STAT_TXPAUSEDROP_CARRY, &data->tx_pause_drop); - spin_unlock_irq(&data->misclock); + spin_unlock_irqrestore(&data->misclock, flags); } /* Read a stat counter atomically with respect to carries. -- 2.20.1

4 years, 8 months

1
26
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror August 2019