From: Joerg Roedel <jroedel(a)suse.de>
Allow a runtime opt-out of kexec support for architecture code in case
the kernel is running in an environment where kexec is not properly
supported yet.
This will be used on x86 when the kernel is running as an SEV-ES
guest. SEV-ES guests need special handling for kexec to hand over all
CPUs to the new kernel. This requires special hypervisor support and
handling code in the guest which is not yet implemented.
Cc: stable(a)vger.kernel.org # v5.10+
Signed-off-by: Joerg Roedel <jroedel(a)suse.de>
---
include/linux/kexec.h | 1 +
kernel/kexec.c | 14 ++++++++++++++
kernel/kexec_file.c | 9 +++++++++
3 files changed, 24 insertions(+)
diff --git a/include/linux/kexec.h b/include/linux/kexec.h
index 0c994ae37729..85c30dcd0bdc 100644
--- a/include/linux/kexec.h
+++ b/include/linux/kexec.h
@@ -201,6 +201,7 @@ int arch_kexec_kernel_verify_sig(struct kimage *image, void *buf,
unsigned long buf_len);
#endif
int arch_kexec_locate_mem_hole(struct kexec_buf *kbuf);
+bool arch_kexec_supported(void);
extern int kexec_add_buffer(struct kexec_buf *kbuf);
int kexec_locate_mem_hole(struct kexec_buf *kbuf);
diff --git a/kernel/kexec.c b/kernel/kexec.c
index b5e40f069768..275cda429380 100644
--- a/kernel/kexec.c
+++ b/kernel/kexec.c
@@ -190,11 +190,25 @@ static int do_kexec_load(unsigned long entry, unsigned long nr_segments,
* that to happen you need to do that yourself.
*/
+bool __weak arch_kexec_supported(void)
+{
+ return true;
+}
+
static inline int kexec_load_check(unsigned long nr_segments,
unsigned long flags)
{
int result;
+ /*
+ * The architecture may support kexec in general, but the kernel could
+ * run in an environment where it is not (yet) possible to execute a new
+ * kernel. Allow the architecture code to opt-out of kexec support when
+ * it is running in such an environment.
+ */
+ if (!arch_kexec_supported())
+ return -ENOSYS;
+
/* We only trust the superuser with rebooting the system. */
if (!capable(CAP_SYS_BOOT) || kexec_load_disabled)
return -EPERM;
diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
index 33400ff051a8..96d08a512e9c 100644
--- a/kernel/kexec_file.c
+++ b/kernel/kexec_file.c
@@ -358,6 +358,15 @@ SYSCALL_DEFINE5(kexec_file_load, int, kernel_fd, int, initrd_fd,
int ret = 0, i;
struct kimage **dest_image, *image;
+ /*
+ * The architecture may support kexec in general, but the kernel could
+ * run in an environment where it is not (yet) possible to execute a new
+ * kernel. Allow the architecture code to opt-out of kexec support when
+ * it is running in such an environment.
+ */
+ if (!arch_kexec_supported())
+ return -ENOSYS;
+
/* We only trust the superuser with rebooting the system. */
if (!capable(CAP_SYS_BOOT) || kexec_load_disabled)
return -EPERM;
--
2.33.0
Not the child partition should be removed from the partition list
but the partition itself. Otherwise the partition list gets broken
and any subsequent remove operations leads to a kernel panic.
Fixes: 46b5889cc2c5 ("mtd: implement proper partition handling")
Signed-off-by: Andreas Oetken <andreas.oetken(a)siemens-energy.com>
Cc: stable(a)vger.kernel.org
---
drivers/mtd/mtdpart.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/mtd/mtdpart.c b/drivers/mtd/mtdpart.c
index 95d47422bbf20..5725818fa199f 100644
--- a/drivers/mtd/mtdpart.c
+++ b/drivers/mtd/mtdpart.c
@@ -313,7 +313,7 @@ static int __mtd_del_partition(struct mtd_info *mtd)
if (err)
return err;
- list_del(&child->part.node);
+ list_del(&mtd->part.node);
free_partition(mtd);
return 0;
--
2.30.2
copy_process currently copies task_struct.posix_cputimers_work as-is. If a
timer interrupt arrives while handling clone and before dup_task_struct
completes then the child task will have:
1. posix_cputimers_work.scheduled = true
2. posix_cputimers_work.work queued.
copy_process clears task_struct.task_works, so (2) will have no effect and
posix_cpu_timers_work will never run (not to mention it doesn't make sense
for two tasks to share a common linked list).
Since posix_cpu_timers_work never runs, posix_cputimers_work.scheduled is
never cleared. Since scheduled is set, future timer interrupts will skip
scheduling work, with the ultimate result that the task will never receive
timer expirations.
Together, the complete flow is:
1. Task 1 calls clone(), enters kernel.
2. Timer interrupt fires, schedules task work on Task 1.
2a. task_struct.posix_cputimers_work.scheduled = true
2b. task_struct.posix_cputimers_work.work added to
task_struct.task_works.
3. dup_task_struct copies Task 1 to Task 2.
4. copy_process clears task_struct.task_works for Task 2.
5. Future timer interrupts on Task 2 see
task_struct.posix_cputimers_work.scheduled = true and skip scheduling
work.
Fix this by explicitly clearing contents of
task_struct.posix_cputimers_work in copy_process. This was never meant to
be shared or inherited across tasks in the first place.
Signed-off-by: Michael Pratt <mpratt(a)google.com>
Reported-by: Rhys Hiltner <rhys(a)justin.tv>
Fixes: 1fb497dd0030 ("posix-cpu-timers: Provide mechanisms to defer timer handling to task_work")
Cc: <stable(a)vger.kernel.org>
---
This issue was discovered while investigating a flaky test in the Go
language standard libary, https://golang.org/issue/49065. After our testing
VMs upgraded from 5.4 to 5.10 kernels, several profiling tests started
failing ~1% of the time with threads not receiving their expected profiling
signals.
Bisection of problem by Rhys blamed b6b178e38f40 ("Merge tag
'timers-core-2020-08-14' of
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip"). This merge commit
introduced the broken commit 1fb497dd0030 ("posix-cpu-timers: Provide
mechanisms to defer timer handling to task_work") and its child
0099808553ad ("x86: Select POSIX_CPU_TIMERS_TASK_WORK"), which enables the
new codepath.
The C program below also reproduces the problem. Build with `gcc repro.c
-lrt -pthread -O2`.
The program starts a CPU timer on the main thread, which then spawns child
threads that create their own CPU timers and verify that they receive timer
signals. At HEAD and 0099808553ad this program fails with ~3-15 / 20000
threads not receiving signals.
Prior to 0099808553ad and with this patch, the program reports no failures.
// SPDX-License-Identifier: GPL-2.0
#include <pthread.h>
#include <signal.h>
#include <stdint.h>
#include <stdio.h>
#include <sys/syscall.h>
#include <time.h>
#include <unistd.h>
__thread uint64_t signaled;
_Atomic int threads_bad;
void signal_handler(int signo, siginfo_t *siginfo, void *uctx)
{
signaled++;
}
int gettid(void)
{
return syscall(SYS_gettid);
}
timer_t setup_timer(void)
{
struct sigevent sev = {
.sigev_signo = SIGPROF,
.sigev_notify = SIGEV_THREAD_ID,
._sigev_un = {
._tid = gettid(),
},
};
struct itimerspec spec = {
.it_interval = {
.tv_nsec = 10*1000*1000, /* 10ms */
},
.it_value = {
.tv_nsec = 10*1000*1000, /* 10ms */
},
};
timer_t timerid;
int ret;
ret = timer_create(CLOCK_THREAD_CPUTIME_ID, &sev, &timerid);
if (ret != 0) {
perror("timer_create");
_exit(1);
}
ret = timer_settime(timerid, 0, &spec, NULL);
if (ret != 0) {
perror("timer_settime");
_exit(1);
}
return timerid;
}
uint64_t thread_cpu_ns(void)
{
struct timespec ts;
int ret;
ret = clock_gettime(CLOCK_THREAD_CPUTIME_ID, &ts);
if (ret != 0) {
perror("clock_gettime");
_exit(1);
}
return ts.tv_nsec + 1000*1000*1000*ts.tv_sec;
}
void *thread(void *arg)
{
timer_t timerid;
uint64_t start;
int ret;
timerid = setup_timer();
start = thread_cpu_ns();
while (1) {
uint64_t now;
/* 50ms passed? */
now = thread_cpu_ns();
if (now - start > 50*1000*1000)
break;
/* Busy loop */
for (volatile int i = 0; i < 100000; i++)
;
}
/*
* 50ms passed; we should certainly have received some profiling
* signals.
*/
if (signaled == 0) {
printf("Thread %d received no profiling signals!\n", gettid());
threads_bad++;
}
ret = timer_delete(timerid);
if (ret != 0) {
perror("timer_delete");
_exit(1);
}
return NULL;
}
int main(void)
{
struct sigaction sa = {
.sa_sigaction = &signal_handler,
.sa_flags = SA_SIGINFO | SA_RESTART,
};
int ret;
sigset_t set;
timer_t timerid;
int bad;
int thread_count = 0;
ret = sigaction(SIGPROF, &sa, NULL);
if (ret != 0) {
perror("sigaction");
return 1;
}
sigemptyset(&set);
sigaddset(&set, SIGPROF);
ret = sigprocmask(SIG_UNBLOCK, &set, NULL);
if (ret != 0) {
perror("sigprocmask");
return 1;
}
timerid = setup_timer();
while (thread_count < 20000) {
pthread_t threads[10];
for (int i = 0; i < 10; i++) {
ret = pthread_create(&threads[i], NULL, &thread, NULL);
if (ret != 0) {
perror("pthread_create");
return 1;
}
thread_count++;
}
/* Busy loop */
for (volatile int i = 0; i < 100000; i++)
;
for (int i = 0; i < 10; i++) {
ret = pthread_join(threads[i], NULL);
if (ret != 0) {
perror("pthread_join");
return 1;
}
}
if (thread_count % 100 == 0)
printf("%d threads\n", thread_count);
}
bad = threads_bad;
printf("Bad threads %d / %d = %f%%\n", threads_bad, thread_count,
100*((double)threads_bad) / ((double)thread_count));
if (threads_bad > 0)
return 1;
return 0;
}
include/linux/posix-timers.h | 2 ++
kernel/fork.c | 1 +
kernel/time/posix-cpu-timers.c | 19 +++++++++++++++++--
3 files changed, 20 insertions(+), 2 deletions(-)
diff --git a/include/linux/posix-timers.h b/include/linux/posix-timers.h
index 00fef0064355..5bbcd280bfd2 100644
--- a/include/linux/posix-timers.h
+++ b/include/linux/posix-timers.h
@@ -184,8 +184,10 @@ static inline void posix_cputimers_group_init(struct posix_cputimers *pct,
#endif
#ifdef CONFIG_POSIX_CPU_TIMERS_TASK_WORK
+void clear_posix_cputimers_work(struct task_struct *p);
void posix_cputimers_init_work(void);
#else
+static inline void clear_posix_cputimers_work(struct task_struct *p) { }
static inline void posix_cputimers_init_work(void) { }
#endif
diff --git a/kernel/fork.c b/kernel/fork.c
index 38681ad44c76..b1551c074b74 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -2280,6 +2280,7 @@ static __latent_entropy struct task_struct *copy_process(
p->pdeath_signal = 0;
INIT_LIST_HEAD(&p->thread_group);
p->task_works = NULL;
+ clear_posix_cputimers_work(p);
#ifdef CONFIG_KRETPROBES
p->kretprobe_instances.first = NULL;
diff --git a/kernel/time/posix-cpu-timers.c b/kernel/time/posix-cpu-timers.c
index 643d412ac623..96b4e7810426 100644
--- a/kernel/time/posix-cpu-timers.c
+++ b/kernel/time/posix-cpu-timers.c
@@ -1158,14 +1158,29 @@ static void posix_cpu_timers_work(struct callback_head *work)
handle_posix_cpu_timers(current);
}
+/*
+ * Clear existing posix CPU timers task work.
+ */
+void clear_posix_cputimers_work(struct task_struct *p)
+{
+ /*
+ * A copied work entry from the old task is not meaningful, clear it.
+ * N.B. init_task_work will not do this.
+ */
+ memset(&p->posix_cputimers_work.work, 0,
+ sizeof(p->posix_cputimers_work.work));
+ init_task_work(&p->posix_cputimers_work.work,
+ posix_cpu_timers_work);
+ p->posix_cputimers_work.scheduled = false;
+}
+
/*
* Initialize posix CPU timers task work in init task. Out of line to
* keep the callback static and to avoid header recursion hell.
*/
void __init posix_cputimers_init_work(void)
{
- init_task_work(¤t->posix_cputimers_work.work,
- posix_cpu_timers_work);
+ clear_posix_cputimers_work(current);
}
/*
--
2.33.1.1089.g2158813163f-goog
If two processes mount same superblock, memory leak occurs:
CPU0 | CPU1
do_new_mount | do_new_mount
fs_set_subtype | fs_set_subtype
kstrdup |
| kstrdup
memrory leak |
The following reproducer triggers the problem:
1. shell command: mount -t ntfs /dev/sda1 /mnt &
2. c program: mount("/dev/sda1", "/mnt", "fuseblk", 0, "...")
with kmemleak report being along the lines of
unreferenced object 0xffff888235f1a5c0 (size 8):
comm "mount.ntfs", pid 2860, jiffies 4295757824 (age 43.423s)
hex dump (first 8 bytes):
00 a5 f1 35 82 88 ff ff ...5....
backtrace:
[<00000000656e30cc>] __kmalloc_track_caller+0x16e/0x430
[<000000008e591727>] kstrdup+0x3e/0x90
[<000000008430d12b>] do_mount.cold+0x7b/0xd9
[<0000000078d639cd>] ksys_mount+0xb2/0x150
[<000000006015988d>] __x64_sys_mount+0x29/0x40
[<00000000e0a7c118>] do_syscall_64+0xc1/0x1d0
[<00000000bcea7df5>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[<00000000803a4067>] 0xffffffffffffffff
Linus's tree already have refactoring patchset [1], one of them can fix this bug:
c30da2e981a7 ("fuse: convert to use the new mount API")
After refactoring, init super_block->s_subtype in fuse_fill_super.
Since we did not merge the refactoring patchset in this branch, I create this patch.
This patch fix this by adding a write lock while calling fs_set_subtype.
[1] https://patchwork.kernel.org/project/linux-fsdevel/patch/20190903113640.798…
Fixes: 79c0b2df79eb ("add filesystem subtype support")
Cc: David Howells <dhowells(a)redhat.com>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: ChenXiaoSong <chenxiaosong2(a)huawei.com>
---
v1: Can not mount sshfs ([PATCH linux-4.19.y] VFS: Fix fuseblk memory leak caused by mount concurrency)
v2: Use write lock while writing superblock ([PATCH 4.19,v2] VFS: Fix fuseblk memory leak caused by mount concurrency)
v3: Update commit message
fs/namespace.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/fs/namespace.c b/fs/namespace.c
index 2f3c6a0350a8..396ff1bcfdad 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -2490,9 +2490,12 @@ static int do_new_mount(struct path *path, const char *fstype, int sb_flags,
return -ENODEV;
mnt = vfs_kern_mount(type, sb_flags, name, data);
- if (!IS_ERR(mnt) && (type->fs_flags & FS_HAS_SUBTYPE) &&
- !mnt->mnt_sb->s_subtype)
- mnt = fs_set_subtype(mnt, fstype);
+ if (!IS_ERR(mnt) && (type->fs_flags & FS_HAS_SUBTYPE)) {
+ down_write(&mnt->mnt_sb->s_umount);
+ if (!mnt->mnt_sb->s_subtype)
+ mnt = fs_set_subtype(mnt, fstype);
+ up_write(&mnt->mnt_sb->s_umount);
+ }
put_filesystem(type);
if (IS_ERR(mnt))
--
2.31.1
This is the start of the stable review cycle for the 4.19.215 release.
There are 35 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Wed, 03 Nov 2021 11:41:55 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.215-r…
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 4.19.215-rc2
Xin Long <lucien.xin(a)gmail.com>
sctp: add vtag check in sctp_sf_ootb
Xin Long <lucien.xin(a)gmail.com>
sctp: add vtag check in sctp_sf_do_8_5_1_E_sa
Xin Long <lucien.xin(a)gmail.com>
sctp: add vtag check in sctp_sf_violation
Xin Long <lucien.xin(a)gmail.com>
sctp: fix the processing for COOKIE_ECHO chunk
Xin Long <lucien.xin(a)gmail.com>
sctp: use init_tag from inithdr for ABORT chunk
Trevor Woerner <twoerner(a)gmail.com>
net: nxp: lpc_eth.c: avoid hang when bringing interface down
Yuiko Oshino <yuiko.oshino(a)microchip.com>
net: ethernet: microchip: lan743x: Fix dma allocation failure by using dma_set_mask_and_coherent
Yuiko Oshino <yuiko.oshino(a)microchip.com>
net: ethernet: microchip: lan743x: Fix driver crash when lan743x_pm_resume fails
Guenter Roeck <linux(a)roeck-us.net>
nios2: Make NIOS2_DTB_SOURCE_BOOL depend on !COMPILE_TEST
Michael Chan <michael.chan(a)broadcom.com>
net: Prevent infinite while loop in skb_tx_hash()
Pavel Skripkin <paskripkin(a)gmail.com>
net: batman-adv: fix error handling
Yang Yingliang <yangyingliang(a)huawei.com>
regmap: Fix possible double-free in regcache_rbtree_exit()
Clément Bœsch <u(a)pkh.me>
arm64: dts: allwinner: h5: NanoPI Neo 2: Fix ethernet node
Patrisious Haddad <phaddad(a)nvidia.com>
RDMA/mlx5: Set user priority for DCT
Johan Hovold <johan(a)kernel.org>
net: lan78xx: fix division by zero in send path
Haibo Chen <haibo.chen(a)nxp.com>
mmc: sdhci-esdhc-imx: clear the buffer_read_ready to reset standard tuning circuit
Shawn Guo <shawn.guo(a)linaro.org>
mmc: sdhci: Map more voltage level to SDHCI_POWER_330
Jaehoon Chung <jh80.chung(a)samsung.com>
mmc: dw_mmc: exynos: fix the finding clock sample value
Wenbin Mei <wenbin.mei(a)mediatek.com>
mmc: cqhci: clear HALT state after CQE enable
Johan Hovold <johan(a)kernel.org>
mmc: vub300: fix control-message timeouts
Eric Dumazet <edumazet(a)google.com>
ipv6: make exception cache less predictible
Eric Dumazet <edumazet(a)google.com>
ipv6: use siphash in rt6_exception_hash()
Eric Dumazet <edumazet(a)google.com>
ipv4: use siphash instead of Jenkins in fnhe_hashfun()
Pavel Skripkin <paskripkin(a)gmail.com>
Revert "net: mdiobus: Fix memory leak in __mdiobus_register"
Krzysztof Kozlowski <krzysztof.kozlowski(a)canonical.com>
nfc: port100: fix using -ERRNO as command type mask
Zheyu Ma <zheyuma97(a)gmail.com>
ata: sata_mv: Fix the error handling of mv_chip_id()
Wang Hai <wanghai38(a)huawei.com>
usbnet: fix error return code in usbnet_probe()
Oliver Neukum <oneukum(a)suse.com>
usbnet: sanity check for maxpacket
Nathan Chancellor <natechancellor(a)gmail.com>
ARM: 8819/1: Remove '-p' from LDFLAGS
Robin Murphy <robin.murphy(a)arm.com>
arm64: Avoid premature usercopy failure
Naveen N. Rao <naveen.n.rao(a)linux.vnet.ibm.com>
powerpc/bpf: Fix BPF_MOD when imm == 1
Arnd Bergmann <arnd(a)arndb.de>
ARM: 9141/1: only warn about XIP address when not compile testing
Arnd Bergmann <arnd(a)arndb.de>
ARM: 9139/1: kprobes: fix arch_init_kprobes() prototype
Arnd Bergmann <arnd(a)arndb.de>
ARM: 9134/1: remove duplicate memcpy() definition
Nick Desaulniers <ndesaulniers(a)google.com>
ARM: 9133/1: mm: proc-macros: ensure *_tlb_fns are 4B aligned
-------------
Diffstat:
Makefile | 4 +-
arch/arm/Makefile | 2 +-
arch/arm/boot/bootp/Makefile | 2 +-
arch/arm/boot/compressed/Makefile | 2 -
arch/arm/boot/compressed/decompress.c | 3 ++
arch/arm/kernel/vmlinux-xip.lds.S | 2 +-
arch/arm/mm/proc-macros.S | 1 +
arch/arm/probes/kprobes/core.c | 2 +-
.../boot/dts/allwinner/sun50i-h5-nanopi-neo2.dts | 2 +-
arch/arm64/lib/copy_from_user.S | 13 +++--
arch/arm64/lib/copy_in_user.S | 20 +++++---
arch/arm64/lib/copy_to_user.S | 14 ++++--
arch/nios2/platform/Kconfig.platform | 1 +
arch/powerpc/net/bpf_jit_comp64.c | 10 +++-
drivers/ata/sata_mv.c | 4 +-
drivers/base/regmap/regcache-rbtree.c | 7 ++-
drivers/infiniband/hw/mlx5/qp.c | 2 +
drivers/mmc/host/cqhci.c | 3 ++
drivers/mmc/host/dw_mmc-exynos.c | 14 ++++++
drivers/mmc/host/sdhci-esdhc-imx.c | 17 +++++++
drivers/mmc/host/sdhci.c | 6 +++
drivers/mmc/host/vub300.c | 18 +++----
drivers/net/ethernet/microchip/lan743x_main.c | 22 +++++++++
drivers/net/ethernet/nxp/lpc_eth.c | 5 +-
drivers/net/phy/mdio_bus.c | 1 -
drivers/net/usb/lan78xx.c | 6 +++
drivers/net/usb/usbnet.c | 5 ++
drivers/nfc/port100.c | 4 +-
net/batman-adv/bridge_loop_avoidance.c | 8 +++-
net/batman-adv/main.c | 56 +++++++++++++++-------
net/batman-adv/network-coding.c | 4 +-
net/batman-adv/translation-table.c | 4 +-
net/core/dev.c | 6 +++
net/ipv4/route.c | 12 ++---
net/ipv6/route.c | 25 +++++++---
net/sctp/sm_statefuns.c | 30 ++++++++----
36 files changed, 250 insertions(+), 87 deletions(-)
This is the start of the stable review cycle for the 4.4.291 release.
There are 17 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Wed, 03 Nov 2021 08:24:20 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.291-rc…
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 4.4.291-rc1
Xin Long <lucien.xin(a)gmail.com>
sctp: add vtag check in sctp_sf_violation
Xin Long <lucien.xin(a)gmail.com>
sctp: use init_tag from inithdr for ABORT chunk
Guenter Roeck <linux(a)roeck-us.net>
nios2: Make NIOS2_DTB_SOURCE_BOOL depend on !COMPILE_TEST
Yang Yingliang <yangyingliang(a)huawei.com>
regmap: Fix possible double-free in regcache_rbtree_exit()
Johan Hovold <johan(a)kernel.org>
net: lan78xx: fix division by zero in send path
Shawn Guo <shawn.guo(a)linaro.org>
mmc: sdhci: Map more voltage level to SDHCI_POWER_330
Jaehoon Chung <jh80.chung(a)samsung.com>
mmc: dw_mmc: exynos: fix the finding clock sample value
Johan Hovold <johan(a)kernel.org>
mmc: vub300: fix control-message timeouts
Pavel Skripkin <paskripkin(a)gmail.com>
Revert "net: mdiobus: Fix memory leak in __mdiobus_register"
Krzysztof Kozlowski <krzysztof.kozlowski(a)canonical.com>
nfc: port100: fix using -ERRNO as command type mask
Zheyu Ma <zheyuma97(a)gmail.com>
ata: sata_mv: Fix the error handling of mv_chip_id()
Wang Hai <wanghai38(a)huawei.com>
usbnet: fix error return code in usbnet_probe()
Oliver Neukum <oneukum(a)suse.com>
usbnet: sanity check for maxpacket
Nathan Chancellor <natechancellor(a)gmail.com>
ARM: 8819/1: Remove '-p' from LDFLAGS
Arnd Bergmann <arnd(a)arndb.de>
ARM: 9139/1: kprobes: fix arch_init_kprobes() prototype
Arnd Bergmann <arnd(a)arndb.de>
ARM: 9134/1: remove duplicate memcpy() definition
Nick Desaulniers <ndesaulniers(a)google.com>
ARM: 9133/1: mm: proc-macros: ensure *_tlb_fns are 4B aligned
-------------
Diffstat:
Makefile | 4 ++--
arch/arm/Makefile | 2 +-
arch/arm/boot/bootp/Makefile | 2 +-
arch/arm/boot/compressed/Makefile | 2 --
arch/arm/boot/compressed/decompress.c | 3 +++
arch/arm/mm/proc-macros.S | 1 +
arch/arm/probes/kprobes/core.c | 2 +-
arch/nios2/platform/Kconfig.platform | 1 +
drivers/ata/sata_mv.c | 4 ++--
drivers/base/regmap/regcache-rbtree.c | 7 +++----
drivers/mmc/host/dw_mmc-exynos.c | 14 ++++++++++++++
drivers/mmc/host/sdhci.c | 6 ++++++
drivers/mmc/host/vub300.c | 18 +++++++++---------
drivers/net/phy/mdio_bus.c | 1 -
drivers/net/usb/lan78xx.c | 6 ++++++
drivers/net/usb/usbnet.c | 5 +++++
drivers/nfc/port100.c | 4 ++--
net/sctp/sm_statefuns.c | 4 ++++
18 files changed, 61 insertions(+), 25 deletions(-)
This is the start of the stable review cycle for the 5.4.157 release.
There are 51 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Wed, 03 Nov 2021 11:42:01 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.157-rc…
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 5.4.157-rc2
Song Liu <songliubraving(a)fb.com>
perf script: Check session->header.env.arch before using it
Halil Pasic <pasic(a)linux.ibm.com>
KVM: s390: preserve deliverable_mask in __airqs_kick_single_vcpu
Halil Pasic <pasic(a)linux.ibm.com>
KVM: s390: clear kicked_mask before sleeping again
Janusz Dziedzic <janusz.dziedzic(a)gmail.com>
cfg80211: correct bridge/4addr mode check
Julian Wiedmann <jwi(a)linux.ibm.com>
net: use netif_is_bridge_port() to check for IFF_BRIDGE_PORT
Xin Long <lucien.xin(a)gmail.com>
sctp: add vtag check in sctp_sf_ootb
Xin Long <lucien.xin(a)gmail.com>
sctp: add vtag check in sctp_sf_do_8_5_1_E_sa
Xin Long <lucien.xin(a)gmail.com>
sctp: add vtag check in sctp_sf_violation
Xin Long <lucien.xin(a)gmail.com>
sctp: fix the processing for COOKIE_ECHO chunk
Xin Long <lucien.xin(a)gmail.com>
sctp: fix the processing for INIT_ACK chunk
Xin Long <lucien.xin(a)gmail.com>
sctp: use init_tag from inithdr for ABORT chunk
Andrew Lunn <andrew(a)lunn.ch>
phy: phy_start_aneg: Add an unlocked version
Andrew Lunn <andrew(a)lunn.ch>
phy: phy_ethtool_ksettings_get: Lock the phy for consistency
Daniel Jordan <daniel.m.jordan(a)oracle.com>
net/tls: Fix flipped sign in async_wait.err assignment
Trevor Woerner <twoerner(a)gmail.com>
net: nxp: lpc_eth.c: avoid hang when bringing interface down
Yuiko Oshino <yuiko.oshino(a)microchip.com>
net: ethernet: microchip: lan743x: Fix dma allocation failure by using dma_set_mask_and_coherent
Yuiko Oshino <yuiko.oshino(a)microchip.com>
net: ethernet: microchip: lan743x: Fix driver crash when lan743x_pm_resume fails
Guenter Roeck <linux(a)roeck-us.net>
nios2: Make NIOS2_DTB_SOURCE_BOOL depend on !COMPILE_TEST
Mark Zhang <markzhang(a)nvidia.com>
RDMA/sa_query: Use strscpy_pad instead of memcpy to copy a string
Michael Chan <michael.chan(a)broadcom.com>
net: Prevent infinite while loop in skb_tx_hash()
Pavel Skripkin <paskripkin(a)gmail.com>
net: batman-adv: fix error handling
Yang Yingliang <yangyingliang(a)huawei.com>
regmap: Fix possible double-free in regcache_rbtree_exit()
Clément Bœsch <u(a)pkh.me>
arm64: dts: allwinner: h5: NanoPI Neo 2: Fix ethernet node
Patrisious Haddad <phaddad(a)nvidia.com>
RDMA/mlx5: Set user priority for DCT
Varun Prakash <varun(a)chelsio.com>
nvme-tcp: fix data digest pointer calculation
Varun Prakash <varun(a)chelsio.com>
nvmet-tcp: fix data digest pointer calculation
Mike Marciniszyn <mike.marciniszyn(a)cornelisnetworks.com>
IB/hfi1: Fix abba locking issue with sc_disable()
Mike Marciniszyn <mike.marciniszyn(a)cornelisnetworks.com>
IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields
Liu Jian <liujian56(a)huawei.com>
tcp_bpf: Fix one concurrency problem in the tcp_bpf_send_verdict function
Christian König <christian.koenig(a)amd.com>
drm/ttm: fix memleak in ttm_transfered_destroy
Johan Hovold <johan(a)kernel.org>
net: lan78xx: fix division by zero in send path
Johannes Berg <johannes.berg(a)intel.com>
cfg80211: scan: fix RCU in cfg80211_add_nontrans_list()
Haibo Chen <haibo.chen(a)nxp.com>
mmc: sdhci-esdhc-imx: clear the buffer_read_ready to reset standard tuning circuit
Shawn Guo <shawn.guo(a)linaro.org>
mmc: sdhci: Map more voltage level to SDHCI_POWER_330
Jaehoon Chung <jh80.chung(a)samsung.com>
mmc: dw_mmc: exynos: fix the finding clock sample value
Wenbin Mei <wenbin.mei(a)mediatek.com>
mmc: cqhci: clear HALT state after CQE enable
Johan Hovold <johan(a)kernel.org>
mmc: vub300: fix control-message timeouts
Daniel Jordan <daniel.m.jordan(a)oracle.com>
net/tls: Fix flipped sign in tls_err_abort() calls
Pavel Skripkin <paskripkin(a)gmail.com>
Revert "net: mdiobus: Fix memory leak in __mdiobus_register"
Krzysztof Kozlowski <krzysztof.kozlowski(a)canonical.com>
nfc: port100: fix using -ERRNO as command type mask
Zheyu Ma <zheyuma97(a)gmail.com>
ata: sata_mv: Fix the error handling of mv_chip_id()
Rafał Miłecki <rafal(a)milecki.pl>
Revert "pinctrl: bcm: ns: support updated DT binding as syscon subnode"
Wang Hai <wanghai38(a)huawei.com>
usbnet: fix error return code in usbnet_probe()
Oliver Neukum <oneukum(a)suse.com>
usbnet: sanity check for maxpacket
Eric Dumazet <edumazet(a)google.com>
ipv4: use siphash instead of Jenkins in fnhe_hashfun()
Eric Dumazet <edumazet(a)google.com>
ipv6: use siphash in rt6_exception_hash()
Naveen N. Rao <naveen.n.rao(a)linux.vnet.ibm.com>
powerpc/bpf: Fix BPF_MOD when imm == 1
Arnd Bergmann <arnd(a)arndb.de>
ARM: 9141/1: only warn about XIP address when not compile testing
Arnd Bergmann <arnd(a)arndb.de>
ARM: 9139/1: kprobes: fix arch_init_kprobes() prototype
Arnd Bergmann <arnd(a)arndb.de>
ARM: 9134/1: remove duplicate memcpy() definition
Nick Desaulniers <ndesaulniers(a)google.com>
ARM: 9133/1: mm: proc-macros: ensure *_tlb_fns are 4B aligned
-------------
Diffstat:
Makefile | 4 +-
arch/arm/boot/compressed/decompress.c | 3 +
arch/arm/kernel/vmlinux-xip.lds.S | 2 +-
arch/arm/mm/proc-macros.S | 1 +
arch/arm/probes/kprobes/core.c | 2 +-
.../boot/dts/allwinner/sun50i-h5-nanopi-neo2.dts | 2 +-
arch/nios2/platform/Kconfig.platform | 1 +
arch/powerpc/net/bpf_jit_comp64.c | 10 +++-
arch/s390/kvm/interrupt.c | 5 +-
arch/s390/kvm/kvm-s390.c | 1 +
drivers/ata/sata_mv.c | 4 +-
drivers/base/regmap/regcache-rbtree.c | 7 +--
drivers/gpu/drm/ttm/ttm_bo_util.c | 1 +
drivers/infiniband/core/sa_query.c | 5 +-
drivers/infiniband/hw/hfi1/pio.c | 9 ++-
drivers/infiniband/hw/mlx5/qp.c | 2 +
drivers/infiniband/hw/qib/qib_user_sdma.c | 33 +++++++----
drivers/mmc/host/cqhci.c | 3 +
drivers/mmc/host/dw_mmc-exynos.c | 14 +++++
drivers/mmc/host/sdhci-esdhc-imx.c | 17 ++++++
drivers/mmc/host/sdhci.c | 6 ++
drivers/mmc/host/vub300.c | 18 +++---
drivers/net/bonding/bond_main.c | 2 +-
drivers/net/ethernet/micrel/ksz884x.c | 2 +-
drivers/net/ethernet/microchip/lan743x_main.c | 22 +++++++
drivers/net/ethernet/nxp/lpc_eth.c | 5 +-
drivers/net/phy/mdio_bus.c | 1 -
drivers/net/phy/phy.c | 32 +++++++++--
drivers/net/usb/lan78xx.c | 6 ++
drivers/net/usb/usbnet.c | 5 ++
drivers/nfc/port100.c | 4 +-
drivers/nvme/host/tcp.c | 2 +-
drivers/nvme/target/tcp.c | 2 +-
drivers/pinctrl/bcm/pinctrl-ns.c | 29 ++++------
include/net/tls.h | 9 +--
net/batman-adv/bridge_loop_avoidance.c | 8 ++-
net/batman-adv/main.c | 56 ++++++++++++------
net/batman-adv/network-coding.c | 4 +-
net/batman-adv/translation-table.c | 4 +-
net/core/dev.c | 6 ++
net/core/rtnetlink.c | 12 ++--
net/ipv4/route.c | 12 ++--
net/ipv4/tcp_bpf.c | 12 ++++
net/ipv6/route.c | 20 +++++--
net/sctp/sm_statefuns.c | 67 +++++++++++++---------
net/tls/tls_sw.c | 19 ++++--
net/wireless/nl80211.c | 2 +-
net/wireless/scan.c | 7 ++-
net/wireless/util.c | 14 ++---
tools/perf/builtin-script.c | 12 ++--
50 files changed, 360 insertions(+), 166 deletions(-)
A particular RX 5600 device requires a hack in the rebar logic, but the
current branch is too general and catches other devices too, breaking
them. This patch changes the branch to be more selective on the
particular revision.
This patch fixes intermittent freezes on other RX 5600 devices where the
hack is unnecessary. Credit to all contributors in the linked issue on
the AMD bug tracker.
See also: https://gitlab.freedesktop.org/drm/amd/-/issues/1707
Fixes: 907830b0fc9e ("PCI: Add a REBAR size quirk for Sapphire RX 5600 XT Pulse")
Cc: stable(a)vger.kernel.org # v5.12+
Signed-off-by: Robin McCorkell <robin(a)mccorkell.me.uk>
Reported-by: Simon May <@Socob on gitlab.freedesktop.com>
Tested-by: Kain Centeno <@kaincenteno on gitlab.freedesktop.com>
Tested-by: Tobias Jakobi <@tobiasjakobi on gitlab.freedesktop.com>
Suggested-by: lijo lazar <@lijo on gitlab.freedesktop.com>
---
drivers/pci/pci.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c
index ce2ab62b64cf..1fe75243019e 100644
--- a/drivers/pci/pci.c
+++ b/drivers/pci/pci.c
@@ -3647,7 +3647,7 @@ u32 pci_rebar_get_possible_sizes(struct pci_dev *pdev, int bar)
/* Sapphire RX 5600 XT Pulse has an invalid cap dword for BAR 0 */
if (pdev->vendor == PCI_VENDOR_ID_ATI && pdev->device == 0x731f &&
- bar == 0 && cap == 0x7000)
+ pdev->revision == 0xC1 && bar == 0 && cap == 0x7000)
cap = 0x3f000;
return cap >> 4;
--
2.31.1
When the reply for a non-blocking transmit arrives, the sequence
field for that reply was never filled in, so userspace would have no
way of associating the reply to the original transmit.
Copy the sequence field to ensure that this is now possible.
Signed-off-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl>
Fixes: 0dbacebede1e ([media] cec: move the CEC framework out of staging and to media)
Cc: <stable(a)vger.kernel.org>
---
drivers/media/cec/core/cec-adap.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/media/cec/core/cec-adap.c b/drivers/media/cec/core/cec-adap.c
index 79fa36de8a04..cd9cb354dc2c 100644
--- a/drivers/media/cec/core/cec-adap.c
+++ b/drivers/media/cec/core/cec-adap.c
@@ -1199,6 +1199,7 @@ void cec_received_msg_ts(struct cec_adapter *adap,
if (abort)
dst->rx_status |= CEC_RX_STATUS_FEATURE_ABORT;
msg->flags = dst->flags;
+ msg->sequence = dst->sequence;
/* Remove it from the wait_queue */
list_del_init(&data->list);
--
2.33.0
From: Laurent Vivier <lvivier(a)redhat.com>
Commit 112665286d08 ("KVM: PPC: Book3S HV: Context tracking exit guest
context before enabling irqs") moved guest_exit() into the interrupt
protected area to avoid wrong context warning (or worse). The problem is
that tick-based time accounting has not yet been updated at this point
(because it depends on the timer interrupt firing), so the guest time
gets incorrectly accounted to system time.
To fix the problem, follow the x86 fix in commit 160457140187 ("Defer
vtime accounting 'til after IRQ handling"), and allow host IRQs to run
before accounting the guest exit time.
In the case vtime accounting is enabled, this is not required because TB
is used directly for accounting.
Before this patch, with CONFIG_TICK_CPU_ACCOUNTING=y in the host and a
guest running a kernel compile, the 'guest' fields of /proc/stat are
stuck at zero. With the patch they can be observed increasing roughly as
expected.
Fixes: e233d54d4d97 ("KVM: booke: use __kvm_guest_exit")
Fixes: 112665286d08 ("KVM: PPC: Book3S HV: Context tracking exit guest context before enabling irqs")
Cc: <stable(a)vger.kernel.org> # 5.12
Signed-off-by: Laurent Vivier <lvivier(a)redhat.com>
[np: only required for tick accounting, add Book3E fix, tweak changelog]
Signed-off-by: Nicholas Piggin <npiggin(a)gmail.com>
---
Since v2:
- I took over the patch with Laurent's blessing.
- Changed to avoid processing IRQs if we do have vtime accounting
enabled.
- Changed so in either case the accounting is called with irqs disabled.
- Added similar Book3E fix.
- Rebased on upstream, tested, observed bug and confirmed fix.
arch/powerpc/kvm/book3s_hv.c | 30 ++++++++++++++++++++++++++++--
arch/powerpc/kvm/booke.c | 16 +++++++++++++++-
2 files changed, 43 insertions(+), 3 deletions(-)
diff --git a/arch/powerpc/kvm/book3s_hv.c b/arch/powerpc/kvm/book3s_hv.c
index 2acb1c96cfaf..7b74fc0a986b 100644
--- a/arch/powerpc/kvm/book3s_hv.c
+++ b/arch/powerpc/kvm/book3s_hv.c
@@ -3726,7 +3726,20 @@ static noinline void kvmppc_run_core(struct kvmppc_vcore *vc)
kvmppc_set_host_core(pcpu);
- guest_exit_irqoff();
+ context_tracking_guest_exit();
+ if (!vtime_accounting_enabled_this_cpu()) {
+ local_irq_enable();
+ /*
+ * Service IRQs here before vtime_account_guest_exit() so any
+ * ticks that occurred while running the guest are accounted to
+ * the guest. If vtime accounting is enabled, accounting uses
+ * TB rather than ticks, so it can be done without enabling
+ * interrupts here, which has the problem that it accounts
+ * interrupt processing overhead to the host.
+ */
+ local_irq_disable();
+ }
+ vtime_account_guest_exit();
local_irq_enable();
@@ -4510,7 +4523,20 @@ int kvmhv_run_single_vcpu(struct kvm_vcpu *vcpu, u64 time_limit,
kvmppc_set_host_core(pcpu);
- guest_exit_irqoff();
+ context_tracking_guest_exit();
+ if (!vtime_accounting_enabled_this_cpu()) {
+ local_irq_enable();
+ /*
+ * Service IRQs here before vtime_account_guest_exit() so any
+ * ticks that occurred while running the guest are accounted to
+ * the guest. If vtime accounting is enabled, accounting uses
+ * TB rather than ticks, so it can be done without enabling
+ * interrupts here, which has the problem that it accounts
+ * interrupt processing overhead to the host.
+ */
+ local_irq_disable();
+ }
+ vtime_account_guest_exit();
local_irq_enable();
diff --git a/arch/powerpc/kvm/booke.c b/arch/powerpc/kvm/booke.c
index 977801c83aff..8c15c90dd3a9 100644
--- a/arch/powerpc/kvm/booke.c
+++ b/arch/powerpc/kvm/booke.c
@@ -1042,7 +1042,21 @@ int kvmppc_handle_exit(struct kvm_vcpu *vcpu, unsigned int exit_nr)
}
trace_kvm_exit(exit_nr, vcpu);
- guest_exit_irqoff();
+
+ context_tracking_guest_exit();
+ if (!vtime_accounting_enabled_this_cpu()) {
+ local_irq_enable();
+ /*
+ * Service IRQs here before vtime_account_guest_exit() so any
+ * ticks that occurred while running the guest are accounted to
+ * the guest. If vtime accounting is enabled, accounting uses
+ * TB rather than ticks, so it can be done without enabling
+ * interrupts here, which has the problem that it accounts
+ * interrupt processing overhead to the host.
+ */
+ local_irq_disable();
+ }
+ vtime_account_guest_exit();
local_irq_enable();
--
2.23.0
ocfs2_truncate_file() did unmap invalidate page cache pages before
zeroing partial tail cluster and setting i_size. Thus some pages could
be left (and likely have left if the cluster zeroing happened) in the
page cache beyond i_size after truncate finished letting user possibly
see stale data once the file was extended again. Also the tail cluster
zeroing was not guaranteed to finish before truncate finished causing
possible stale data exposure. The problem started to be particularly
easy to hit after commit 6dbf7bb55598 "fs: Don't invalidate page buffers
in block_write_full_page()" stopped invalidation of pages beyond i_size
from page writeback path.
Fix these problems by unmapping and invalidating pages in the page cache
after the i_size is reduced and tail cluster is zeroed out.
CC: stable(a)vger.kernel.org
Fixes: ccd979bdbce9 ("[PATCH] OCFS2: The Second Oracle Cluster Filesystem")
Signed-off-by: Jan Kara <jack(a)suse.cz>
---
fs/ocfs2/file.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/fs/ocfs2/file.c b/fs/ocfs2/file.c
index 54d7843c0211..fc5f780fa235 100644
--- a/fs/ocfs2/file.c
+++ b/fs/ocfs2/file.c
@@ -476,10 +476,11 @@ int ocfs2_truncate_file(struct inode *inode,
* greater than page size, so we have to truncate them
* anyway.
*/
- unmap_mapping_range(inode->i_mapping, new_i_size + PAGE_SIZE - 1, 0, 1);
- truncate_inode_pages(inode->i_mapping, new_i_size);
if (OCFS2_I(inode)->ip_dyn_features & OCFS2_INLINE_DATA_FL) {
+ unmap_mapping_range(inode->i_mapping,
+ new_i_size + PAGE_SIZE - 1, 0, 1);
+ truncate_inode_pages(inode->i_mapping, new_i_size);
status = ocfs2_truncate_inline(inode, di_bh, new_i_size,
i_size_read(inode), 1);
if (status)
@@ -498,6 +499,9 @@ int ocfs2_truncate_file(struct inode *inode,
goto bail_unlock_sem;
}
+ unmap_mapping_range(inode->i_mapping, new_i_size + PAGE_SIZE - 1, 0, 1);
+ truncate_inode_pages(inode->i_mapping, new_i_size);
+
status = ocfs2_commit_truncate(osb, inode, di_bh);
if (status < 0) {
mlog_errno(status);
--
2.26.2
This is the start of the stable review cycle for the 4.9.289 release.
There are 20 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Wed, 03 Nov 2021 08:24:20 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.289-rc…
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 4.9.289-rc1
Xin Long <lucien.xin(a)gmail.com>
sctp: add vtag check in sctp_sf_violation
Xin Long <lucien.xin(a)gmail.com>
sctp: use init_tag from inithdr for ABORT chunk
Trevor Woerner <twoerner(a)gmail.com>
net: nxp: lpc_eth.c: avoid hang when bringing interface down
Guenter Roeck <linux(a)roeck-us.net>
nios2: Make NIOS2_DTB_SOURCE_BOOL depend on !COMPILE_TEST
Pavel Skripkin <paskripkin(a)gmail.com>
net: batman-adv: fix error handling
Yang Yingliang <yangyingliang(a)huawei.com>
regmap: Fix possible double-free in regcache_rbtree_exit()
Johan Hovold <johan(a)kernel.org>
net: lan78xx: fix division by zero in send path
Shawn Guo <shawn.guo(a)linaro.org>
mmc: sdhci: Map more voltage level to SDHCI_POWER_330
Jaehoon Chung <jh80.chung(a)samsung.com>
mmc: dw_mmc: exynos: fix the finding clock sample value
Johan Hovold <johan(a)kernel.org>
mmc: vub300: fix control-message timeouts
Pavel Skripkin <paskripkin(a)gmail.com>
Revert "net: mdiobus: Fix memory leak in __mdiobus_register"
Krzysztof Kozlowski <krzysztof.kozlowski(a)canonical.com>
nfc: port100: fix using -ERRNO as command type mask
Zheyu Ma <zheyuma97(a)gmail.com>
ata: sata_mv: Fix the error handling of mv_chip_id()
Wang Hai <wanghai38(a)huawei.com>
usbnet: fix error return code in usbnet_probe()
Oliver Neukum <oneukum(a)suse.com>
usbnet: sanity check for maxpacket
Nathan Chancellor <natechancellor(a)gmail.com>
ARM: 8819/1: Remove '-p' from LDFLAGS
Naveen N. Rao <naveen.n.rao(a)linux.vnet.ibm.com>
powerpc/bpf: Fix BPF_MOD when imm == 1
Arnd Bergmann <arnd(a)arndb.de>
ARM: 9139/1: kprobes: fix arch_init_kprobes() prototype
Arnd Bergmann <arnd(a)arndb.de>
ARM: 9134/1: remove duplicate memcpy() definition
Nick Desaulniers <ndesaulniers(a)google.com>
ARM: 9133/1: mm: proc-macros: ensure *_tlb_fns are 4B aligned
-------------
Diffstat:
Makefile | 4 +--
arch/arm/Makefile | 2 +-
arch/arm/boot/bootp/Makefile | 2 +-
arch/arm/boot/compressed/Makefile | 2 --
arch/arm/boot/compressed/decompress.c | 3 ++
arch/arm/mm/proc-macros.S | 1 +
arch/arm/probes/kprobes/core.c | 2 +-
arch/nios2/platform/Kconfig.platform | 1 +
arch/powerpc/net/bpf_jit_comp64.c | 10 ++++--
drivers/ata/sata_mv.c | 4 +--
drivers/base/regmap/regcache-rbtree.c | 7 ++---
drivers/mmc/host/dw_mmc-exynos.c | 14 +++++++++
drivers/mmc/host/sdhci.c | 6 ++++
drivers/mmc/host/vub300.c | 18 +++++------
drivers/net/ethernet/nxp/lpc_eth.c | 5 ++-
drivers/net/phy/mdio_bus.c | 1 -
drivers/net/usb/lan78xx.c | 6 ++++
drivers/net/usb/usbnet.c | 5 +++
drivers/nfc/port100.c | 4 +--
net/batman-adv/bridge_loop_avoidance.c | 8 +++--
net/batman-adv/main.c | 56 ++++++++++++++++++++++++----------
net/batman-adv/network-coding.c | 4 ++-
net/batman-adv/translation-table.c | 4 ++-
net/sctp/sm_statefuns.c | 4 +++
24 files changed, 123 insertions(+), 50 deletions(-)
This is the start of the stable review cycle for the 4.14.254 release.
There are 25 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Wed, 03 Nov 2021 11:41:39 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.254-r…
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 4.14.254-rc2
Xin Long <lucien.xin(a)gmail.com>
sctp: add vtag check in sctp_sf_ootb
Xin Long <lucien.xin(a)gmail.com>
sctp: add vtag check in sctp_sf_do_8_5_1_E_sa
Xin Long <lucien.xin(a)gmail.com>
sctp: add vtag check in sctp_sf_violation
Xin Long <lucien.xin(a)gmail.com>
sctp: fix the processing for COOKIE_ECHO chunk
Xin Long <lucien.xin(a)gmail.com>
sctp: use init_tag from inithdr for ABORT chunk
Trevor Woerner <twoerner(a)gmail.com>
net: nxp: lpc_eth.c: avoid hang when bringing interface down
Guenter Roeck <linux(a)roeck-us.net>
nios2: Make NIOS2_DTB_SOURCE_BOOL depend on !COMPILE_TEST
Pavel Skripkin <paskripkin(a)gmail.com>
net: batman-adv: fix error handling
Yang Yingliang <yangyingliang(a)huawei.com>
regmap: Fix possible double-free in regcache_rbtree_exit()
Johan Hovold <johan(a)kernel.org>
net: lan78xx: fix division by zero in send path
Haibo Chen <haibo.chen(a)nxp.com>
mmc: sdhci-esdhc-imx: clear the buffer_read_ready to reset standard tuning circuit
Shawn Guo <shawn.guo(a)linaro.org>
mmc: sdhci: Map more voltage level to SDHCI_POWER_330
Jaehoon Chung <jh80.chung(a)samsung.com>
mmc: dw_mmc: exynos: fix the finding clock sample value
Johan Hovold <johan(a)kernel.org>
mmc: vub300: fix control-message timeouts
Eric Dumazet <edumazet(a)google.com>
ipv4: use siphash instead of Jenkins in fnhe_hashfun()
Pavel Skripkin <paskripkin(a)gmail.com>
Revert "net: mdiobus: Fix memory leak in __mdiobus_register"
Krzysztof Kozlowski <krzysztof.kozlowski(a)canonical.com>
nfc: port100: fix using -ERRNO as command type mask
Zheyu Ma <zheyuma97(a)gmail.com>
ata: sata_mv: Fix the error handling of mv_chip_id()
Wang Hai <wanghai38(a)huawei.com>
usbnet: fix error return code in usbnet_probe()
Oliver Neukum <oneukum(a)suse.com>
usbnet: sanity check for maxpacket
Nathan Chancellor <natechancellor(a)gmail.com>
ARM: 8819/1: Remove '-p' from LDFLAGS
Naveen N. Rao <naveen.n.rao(a)linux.vnet.ibm.com>
powerpc/bpf: Fix BPF_MOD when imm == 1
Arnd Bergmann <arnd(a)arndb.de>
ARM: 9139/1: kprobes: fix arch_init_kprobes() prototype
Arnd Bergmann <arnd(a)arndb.de>
ARM: 9134/1: remove duplicate memcpy() definition
Nick Desaulniers <ndesaulniers(a)google.com>
ARM: 9133/1: mm: proc-macros: ensure *_tlb_fns are 4B aligned
-------------
Diffstat:
Makefile | 4 +--
arch/arm/Makefile | 2 +-
arch/arm/boot/bootp/Makefile | 2 +-
arch/arm/boot/compressed/Makefile | 2 --
arch/arm/boot/compressed/decompress.c | 3 ++
arch/arm/mm/proc-macros.S | 1 +
arch/arm/probes/kprobes/core.c | 2 +-
arch/nios2/platform/Kconfig.platform | 1 +
arch/powerpc/net/bpf_jit_comp64.c | 10 ++++--
drivers/ata/sata_mv.c | 4 +--
drivers/base/regmap/regcache-rbtree.c | 7 ++---
drivers/mmc/host/dw_mmc-exynos.c | 14 +++++++++
drivers/mmc/host/sdhci-esdhc-imx.c | 17 +++++++++++
drivers/mmc/host/sdhci.c | 6 ++++
drivers/mmc/host/vub300.c | 18 +++++------
drivers/net/ethernet/nxp/lpc_eth.c | 5 ++-
drivers/net/phy/mdio_bus.c | 1 -
drivers/net/usb/lan78xx.c | 6 ++++
drivers/net/usb/usbnet.c | 5 +++
drivers/nfc/port100.c | 4 +--
net/batman-adv/bridge_loop_avoidance.c | 8 +++--
net/batman-adv/main.c | 56 ++++++++++++++++++++++++----------
net/batman-adv/network-coding.c | 4 ++-
net/batman-adv/translation-table.c | 4 ++-
net/ipv4/route.c | 12 ++++----
net/sctp/sm_statefuns.c | 30 ++++++++++++------
26 files changed, 162 insertions(+), 66 deletions(-)
This is the start of the stable review cycle for the 5.14.16 release.
There are 125 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Wed, 03 Nov 2021 08:24:20 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.14.16-rc…
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.14.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 5.14.16-rc1
David Woodhouse <dwmw(a)amazon.co.uk>
KVM: x86: Take srcu lock in post_kvm_run_save()
Paolo Bonzini <pbonzini(a)redhat.com>
KVM: SEV-ES: fix another issue with string I/O VMGEXITs
David Woodhouse <dwmw(a)amazon.co.uk>
KVM: x86: switch pvclock_gtod_sync_lock to a raw spinlock
David Woodhouse <dwmw(a)amazon.co.uk>
KVM: x86/xen: Fix kvm_xen_has_interrupt() sleeping in kvm_vcpu_block()
Song Liu <songliubraving(a)fb.com>
perf script: Check session->header.env.arch before using it
Alexandre Ghiti <alexandre.ghiti(a)canonical.com>
riscv: Fix asan-stack clang build
Alexandre Ghiti <alexandre.ghiti(a)canonical.com>
riscv: Do not re-populate shadow memory with kasan_populate_early_shadow
Chen Lu <181250012(a)smail.nju.edu.cn>
riscv: fix misalgned trap vector base address
Brian King <brking(a)linux.vnet.ibm.com>
scsi: ibmvfc: Fix up duplicate response detection
Kan Liang <kan.liang(a)linux.intel.com>
perf script: Fix PERF_SAMPLE_WEIGHT_STRUCT support
Chanho Park <chanho61.park(a)samsung.com>
scsi: ufs: ufs-exynos: Correct timeout value setting registers
Halil Pasic <pasic(a)linux.ibm.com>
KVM: s390: preserve deliverable_mask in __airqs_kick_single_vcpu
Halil Pasic <pasic(a)linux.ibm.com>
KVM: s390: clear kicked_mask before sleeping again
Subbaraya Sundeep <sbhatta(a)marvell.com>
octeontx2-af: Check whether ipolicers exists
Vincent Whitchurch <vincent.whitchurch(a)axis.com>
virtio-ring: fix DMA metadata flags
Guangbin Huang <huangguangbin2(a)huawei.com>
net: hns3: expand buffer len for some debugfs command
Jie Wang <wangjie125(a)huawei.com>
net: hns3: add more string spaces for dumping packets number of queue info in debugfs
Tejun Heo <tj(a)kernel.org>
bpf: Move BPF_MAP_TYPE for INODE_STORAGE and TASK_STORAGE outside of CONFIG_NET
Jamie Iles <quic_jiles(a)quicinc.com>
watchdog: sbsa: only use 32-bit accessors
Stanislav Fomichev <sdf(a)google.com>
bpf: Use kvmalloc for map values in syscall
Xin Long <lucien.xin(a)gmail.com>
sctp: add vtag check in sctp_sf_ootb
Xin Long <lucien.xin(a)gmail.com>
sctp: add vtag check in sctp_sf_do_8_5_1_E_sa
Xin Long <lucien.xin(a)gmail.com>
sctp: add vtag check in sctp_sf_violation
Xin Long <lucien.xin(a)gmail.com>
sctp: fix the processing for COOKIE_ECHO chunk
Xin Long <lucien.xin(a)gmail.com>
sctp: fix the processing for INIT_ACK chunk
Xin Long <lucien.xin(a)gmail.com>
sctp: fix the processing for INIT chunk
Xin Long <lucien.xin(a)gmail.com>
sctp: use init_tag from inithdr for ABORT chunk
Mustafa Ismail <mustafa.ismail(a)intel.com>
RDMA/irdma: Do not hold qos mutex twice on QP resume
Mustafa Ismail <mustafa.ismail(a)intel.com>
RDMA/irdma: Set VLAN in UD work completion correctly
Shiraz Saleem <shiraz.saleem(a)intel.com>
RDMA/irdma: Process extended CQ entries correctly
Andrew Lunn <andrew(a)lunn.ch>
phy: phy_ethtool_ksettings_set: Lock the PHY while changing settings
Andrew Lunn <andrew(a)lunn.ch>
phy: phy_start_aneg: Add an unlocked version
Andrew Lunn <andrew(a)lunn.ch>
phy: phy_ethtool_ksettings_set: Move after phy_start_aneg
Andrew Lunn <andrew(a)lunn.ch>
phy: phy_ethtool_ksettings_get: Lock the phy for consistency
Daniel Jordan <daniel.m.jordan(a)oracle.com>
net/tls: Fix flipped sign in async_wait.err assignment
Yuiko Oshino <yuiko.oshino(a)microchip.com>
net: ethernet: microchip: lan743x: Fix skb allocation failure
Jie Wang <wangjie125(a)huawei.com>
net: hns3: fix data endian problem of some functions of debugfs
Guangbin Huang <huangguangbin2(a)huawei.com>
net: hns3: fix pause config problem after autoneg disabled
Trevor Woerner <twoerner(a)gmail.com>
net: nxp: lpc_eth.c: avoid hang when bringing interface down
Yuiko Oshino <yuiko.oshino(a)microchip.com>
net: ethernet: microchip: lan743x: Fix dma allocation failure by using dma_set_mask_and_coherent
Yuiko Oshino <yuiko.oshino(a)microchip.com>
net: ethernet: microchip: lan743x: Fix driver crash when lan743x_pm_resume fails
Ido Schimmel <idosch(a)nvidia.com>
mlxsw: pci: Recycle received packet upon allocation failure
Guenter Roeck <linux(a)roeck-us.net>
nios2: Make NIOS2_DTB_SOURCE_BOOL depend on !COMPILE_TEST
Jonas Gorski <jonas.gorski(a)gmail.com>
gpio: xgs-iproc: fix parsing of ngpios property
Mark Zhang <markzhang(a)nvidia.com>
RDMA/sa_query: Use strscpy_pad instead of memcpy to copy a string
Aharon Landau <aharonl(a)nvidia.com>
RDMA/mlx5: Initialize the ODP xarray when creating an ODP MR
Michael Chan <michael.chan(a)broadcom.com>
net: Prevent infinite while loop in skb_tx_hash()
Janusz Dziedzic <janusz.dziedzic(a)gmail.com>
cfg80211: correct bridge/4addr mode check
Xin Long <lucien.xin(a)gmail.com>
net-sysfs: initialize uid and gid before calling net_ns_get_ownership
Pavel Skripkin <paskripkin(a)gmail.com>
net: batman-adv: fix error handling
Yang Yingliang <yangyingliang(a)huawei.com>
regmap: Fix possible double-free in regcache_rbtree_exit()
Jim Quinlan <jim2101024(a)gmail.com>
reset: brcmstb-rescal: fix incorrect polarity of status bit
Clément Bœsch <u(a)pkh.me>
arm64: dts: allwinner: h5: NanoPI Neo 2: Fix ethernet node
Yongxin Liu <yongxin.liu(a)windriver.com>
ice: check whether PTP is initialized in ice_ptp_release()
Patrisious Haddad <phaddad(a)nvidia.com>
RDMA/mlx5: Set user priority for DCT
Dave Ertman <david.m.ertman(a)intel.com>
ice: Respond to a NETDEV_UNREGISTER event for LAG
Rakesh Babu Saladi <rsaladi2(a)marvell.com>
octeontx2-af: Fix possible null pointer dereference.
Rakesh Babu <rsaladi2(a)marvell.com>
octeontx2-af: Display all enabled PF VF rsrc_alloc entries.
Varun Prakash <varun(a)chelsio.com>
nvme-tcp: fix possible req->offset corruption
Varun Prakash <varun(a)chelsio.com>
nvme-tcp: fix data digest pointer calculation
Varun Prakash <varun(a)chelsio.com>
nvmet-tcp: fix data digest pointer calculation
Mike Marciniszyn <mike.marciniszyn(a)cornelisnetworks.com>
IB/hfi1: Fix abba locking issue with sc_disable()
Mike Marciniszyn <mike.marciniszyn(a)cornelisnetworks.com>
IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields
Xu Kuohai <xukuohai(a)huawei.com>
bpf: Fix error usage of map_fd and fdget() in generic_map_update_batch()
Toke Høiland-Jørgensen <toke(a)redhat.com>
bpf: Fix potential race in tail call compatibility check
Liu Jian <liujian56(a)huawei.com>
tcp_bpf: Fix one concurrency problem in the tcp_bpf_send_verdict function
Björn Töpel <bjorn(a)kernel.org>
riscv, bpf: Fix potential NULL dereference
Quanyang Wang <quanyang.wang(a)windriver.com>
cgroup: Fix memory leak caused by missing cgroup_bpf_offline
Guenter Roeck <linux(a)roeck-us.net>
Revert "watchdog: iTCO_wdt: Account for rebooting on second timeout"
Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com>
drm/amd/display: Fix deadlock when falling back to v2 from v3
Michael Strauss <michael.strauss(a)amd.com>
drm/amd/display: Fallback to clocks which meet requested voltage on DCN31
Jake Wang <haonan.wang2(a)amd.com>
drm/amd/display: Moved dccg init to after bios golden init
Nikola Cornij <nikola.cornij(a)amd.com>
drm/amd/display: Increase watermark latencies for DCN3.1
Eric Yang <Eric.Yang2(a)amd.com>
drm/amd/display: increase Z9 latency to workaround underflow in Z9
Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com>
drm/amd/display: Fix prefetch bandwidth calculation for DCN3.1
Nikola Cornij <nikola.cornij(a)amd.com>
drm/amd/display: Limit display scaling to up to true 4k for DCN 3.1
Aaron Liu <aaron.liu(a)amd.com>
drm/amdgpu: support B0&B1 external revision id for yellow carp
Thelford Williams <tdwilliamsiv(a)gmail.com>
drm/amdgpu: fix out of bounds write
Patrik Jakobsson <patrik.r.jakobsson(a)gmail.com>
drm/amdgpu: Fix even more out of bound writes from debugfs
Imre Deak <imre.deak(a)intel.com>
drm/i915/dp: Skip the HW readout of DPCD on disabled encoders
Ville Syrjälä <ville.syrjala(a)linux.intel.com>
drm/i915: Catch yet another unconditioal clflush
Ville Syrjälä <ville.syrjala(a)linux.intel.com>
drm/i915: Convert unconditional clflush to drm_clflush_virt_range()
Christian König <christian.koenig(a)amd.com>
drm/ttm: fix memleak in ttm_transfered_destroy
Johannes Berg <johannes.berg(a)intel.com>
mac80211: mesh: fix HE operation element length check
Frieder Schrempf <frieder.schrempf(a)kontron.de>
arm64: dts: imx8mm-kontron: Make sure SOC and DRAM supply voltages are correct
Frieder Schrempf <frieder.schrempf(a)kontron.de>
arm64: dts: imx8mm-kontron: Set lower limit of VDD_SNVS to 800 mV
Frieder Schrempf <frieder.schrempf(a)kontron.de>
arm64: dts: imx8mm-kontron: Fix connection type for VSC8531 RGMII PHY
Frieder Schrempf <frieder.schrempf(a)kontron.de>
arm64: dts: imx8mm-kontron: Fix CAN SPI clock frequency
Frieder Schrempf <frieder.schrempf(a)kontron.de>
arm64: dts: imx8mm-kontron: Fix polarity of reg_rst_eth2
Yang Shi <shy828301(a)gmail.com>
mm: khugepaged: skip huge page collapse for special files
Rongwei Wang <rongwei.wang(a)linux.alibaba.com>
mm, thp: bail out early in collapse_file for writeback page
Yang Shi <shy828301(a)gmail.com>
mm: filemap: check if THP has hwpoisoned subpage for PMD page fault
Yang Shi <shy828301(a)gmail.com>
mm: hwpoison: remove the unnecessary THP check
Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com>
drm/amd/display: Require immediate flip support for DCN3.1 planes
Johan Hovold <johan(a)kernel.org>
net: lan78xx: fix division by zero in send path
Johannes Berg <johannes.berg(a)intel.com>
cfg80211: fix management registrations locking
Johannes Berg <johannes.berg(a)intel.com>
cfg80211: scan: fix RCU in cfg80211_add_nontrans_list()
Steven Rostedt (VMware) <rostedt(a)goodmis.org>
ftrace/nds32: Update the proto for ftrace_trace_function to match ftrace_stub
Sagi Grimberg <sagi(a)grimberg.me>
nvme-tcp: fix H2CData PDU send accounting (again)
Gautham Ananthakrishna <gautham.ananthakrishna(a)oracle.com>
ocfs2: fix race between searching chunks and release journal_head from buffer_head
Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com>
block: Fix partition check for host-aware zoned block devices
Haibo Chen <haibo.chen(a)nxp.com>
mmc: sdhci-esdhc-imx: clear the buffer_read_ready to reset standard tuning circuit
Andy Shevchenko <andriy.shevchenko(a)linux.intel.com>
mmc: sdhci-pci: Read card detect from ACPI for Intel Merrifield
Shawn Guo <shawn.guo(a)linaro.org>
mmc: sdhci: Map more voltage level to SDHCI_POWER_330
Jaehoon Chung <jh80.chung(a)samsung.com>
mmc: dw_mmc: exynos: fix the finding clock sample value
Wolfram Sang <wsa+renesas(a)sang-engineering.com>
mmc: tmio: reenable card irqs after the reset callback
Wenbin Mei <wenbin.mei(a)mediatek.com>
mmc: mediatek: Move cqhci init behind ungate clock
Wenbin Mei <wenbin.mei(a)mediatek.com>
mmc: cqhci: clear HALT state after CQE enable
Johan Hovold <johan(a)kernel.org>
mmc: vub300: fix control-message timeouts
Daniel Jordan <daniel.m.jordan(a)oracle.com>
net/tls: Fix flipped sign in tls_err_abort() calls
Pavel Skripkin <paskripkin(a)gmail.com>
Revert "net: mdiobus: Fix memory leak in __mdiobus_register"
Krzysztof Kozlowski <krzysztof.kozlowski(a)canonical.com>
nfc: port100: fix using -ERRNO as command type mask
Max VA <maxv(a)sentinelone.com>
tipc: fix size validations for the MSG_CRYPTO type
Zheyu Ma <zheyuma97(a)gmail.com>
ata: sata_mv: Fix the error handling of mv_chip_id()
Sachi King <nakato(a)nakato.io>
pinctrl: amd: disable and mask interrupts on probe
Rafał Miłecki <rafal(a)milecki.pl>
Revert "pinctrl: bcm: ns: support updated DT binding as syscon subnode"
Wang Hai <wanghai38(a)huawei.com>
usbnet: fix error return code in usbnet_probe()
Oliver Neukum <oneukum(a)suse.com>
usbnet: sanity check for maxpacket
LABBE Corentin <clabbe.montjoie(a)gmail.com>
ARM: 9148/1: handle CONFIG_CPU_ENDIAN_BE32 in arch/arm/kernel/head.S
Arnd Bergmann <arnd(a)arndb.de>
ARM: 9141/1: only warn about XIP address when not compile testing
Arnd Bergmann <arnd(a)arndb.de>
ARM: 9139/1: kprobes: fix arch_init_kprobes() prototype
Arnd Bergmann <arnd(a)arndb.de>
ARM: 9138/1: fix link warning with XIP + frame-pointer
Arnd Bergmann <arnd(a)arndb.de>
ARM: 9134/1: remove duplicate memcpy() definition
Nick Desaulniers <ndesaulniers(a)google.com>
ARM: 9133/1: mm: proc-macros: ensure *_tlb_fns are 4B aligned
Lexi Shao <shaolexi(a)huawei.com>
ARM: 9132/1: Fix __get_user_check failure with ARM KASAN images
-------------
Diffstat:
Makefile | 4 +-
arch/arm/boot/compressed/decompress.c | 3 +
arch/arm/include/asm/uaccess.h | 4 +-
arch/arm/kernel/head.S | 4 +-
arch/arm/kernel/vmlinux-xip.lds.S | 6 +-
arch/arm/mm/proc-macros.S | 1 +
arch/arm/probes/kprobes/core.c | 2 +-
.../boot/dts/allwinner/sun50i-h5-nanopi-neo2.dts | 2 +-
.../boot/dts/freescale/imx8mm-kontron-n801x-s.dts | 8 +-
.../dts/freescale/imx8mm-kontron-n801x-som.dtsi | 8 +-
arch/nds32/kernel/ftrace.c | 2 +-
arch/nios2/platform/Kconfig.platform | 1 +
arch/riscv/Kconfig | 6 +
arch/riscv/include/asm/kasan.h | 3 +-
arch/riscv/kernel/head.S | 1 +
arch/riscv/mm/kasan_init.c | 14 +-
arch/riscv/net/bpf_jit_core.c | 3 +-
arch/s390/kvm/interrupt.c | 5 +-
arch/s390/kvm/kvm-s390.c | 1 +
arch/x86/include/asm/kvm_host.h | 2 +-
arch/x86/kvm/svm/sev.c | 15 ++-
arch/x86/kvm/x86.c | 36 +++--
arch/x86/kvm/xen.c | 27 +++-
block/blk-settings.c | 20 ++-
drivers/ata/sata_mv.c | 4 +-
drivers/base/regmap/regcache-rbtree.c | 7 +-
drivers/gpio/gpio-xgs-iproc.c | 2 +-
drivers/gpu/drm/amd/amdgpu/nv.c | 2 +-
.../drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c | 20 +--
.../amd/display/dc/clk_mgr/dcn31/dcn31_clk_mgr.c | 29 ++--
drivers/gpu/drm/amd/display/dc/dcn31/dcn31_hwseq.c | 7 +-
.../gpu/drm/amd/display/dc/dcn31/dcn31_resource.c | 13 +-
.../amd/display/dc/dml/dcn31/display_mode_vba_31.c | 6 +-
drivers/gpu/drm/amd/display/include/dal_asic_id.h | 2 +-
.../gpu/drm/amd/display/modules/hdcp/hdcp_psp.c | 6 +-
drivers/gpu/drm/i915/display/intel_dp.c | 3 +
drivers/gpu/drm/i915/gt/intel_timeline.c | 4 +-
drivers/gpu/drm/ttm/ttm_bo_util.c | 1 +
drivers/infiniband/core/sa_query.c | 5 +-
drivers/infiniband/hw/hfi1/pio.c | 9 +-
drivers/infiniband/hw/irdma/uk.c | 4 +-
drivers/infiniband/hw/irdma/verbs.c | 8 +-
drivers/infiniband/hw/irdma/ws.c | 13 +-
drivers/infiniband/hw/mlx5/mr.c | 2 +-
drivers/infiniband/hw/mlx5/qp.c | 2 +
drivers/infiniband/hw/qib/qib_user_sdma.c | 33 +++--
drivers/mmc/host/cqhci-core.c | 3 +
drivers/mmc/host/dw_mmc-exynos.c | 14 ++
drivers/mmc/host/mtk-sd.c | 38 +++---
drivers/mmc/host/sdhci-esdhc-imx.c | 16 +++
drivers/mmc/host/sdhci-pci-core.c | 29 +++-
drivers/mmc/host/sdhci.c | 6 +
drivers/mmc/host/tmio_mmc_core.c | 17 ++-
drivers/mmc/host/vub300.c | 18 +--
drivers/net/ethernet/hisilicon/hns3/hnae3.h | 1 +
drivers/net/ethernet/hisilicon/hns3/hns3_debugfs.c | 10 +-
drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c | 33 +++--
.../ethernet/hisilicon/hns3/hns3pf/hclge_debugfs.c | 30 ++---
.../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 30 +++++
.../net/ethernet/hisilicon/hns3/hns3pf/hclge_tm.c | 2 +-
.../net/ethernet/hisilicon/hns3/hns3pf/hclge_tm.h | 1 +
drivers/net/ethernet/intel/ice/ice_lag.c | 18 +--
drivers/net/ethernet/intel/ice/ice_ptp.c | 3 +
.../ethernet/marvell/octeontx2/af/rvu_debugfs.c | 148 ++++++++++++++++-----
.../net/ethernet/marvell/octeontx2/af/rvu_nix.c | 3 +
drivers/net/ethernet/mellanox/mlxsw/pci.c | 25 ++--
drivers/net/ethernet/microchip/lan743x_main.c | 35 ++++-
drivers/net/ethernet/nxp/lpc_eth.c | 5 +-
drivers/net/phy/mdio_bus.c | 1 -
drivers/net/phy/phy.c | 140 +++++++++++--------
drivers/net/usb/lan78xx.c | 6 +
drivers/net/usb/usbnet.c | 5 +
drivers/nfc/port100.c | 4 +-
drivers/nvme/host/tcp.c | 9 +-
drivers/nvme/target/tcp.c | 2 +-
drivers/pinctrl/bcm/pinctrl-ns.c | 29 ++--
drivers/pinctrl/pinctrl-amd.c | 31 +++++
drivers/reset/reset-brcmstb-rescal.c | 2 +-
drivers/scsi/ibmvscsi/ibmvfc.c | 3 +-
drivers/scsi/ufs/ufs-exynos.c | 6 +-
drivers/virtio/virtio_ring.c | 2 +-
drivers/watchdog/iTCO_wdt.c | 12 +-
drivers/watchdog/sbsa_gwdt.c | 4 +-
fs/ocfs2/suballoc.c | 22 +--
include/linux/bpf.h | 7 +-
include/linux/bpf_types.h | 8 +-
include/linux/page-flags.h | 23 ++++
include/net/cfg80211.h | 2 -
include/net/tls.h | 9 +-
kernel/bpf/arraymap.c | 1 +
kernel/bpf/core.c | 20 ++-
kernel/bpf/syscall.c | 39 +++---
kernel/cgroup/cgroup.c | 4 +-
mm/huge_memory.c | 2 +
mm/khugepaged.c | 26 ++--
mm/memory-failure.c | 28 ++--
mm/memory.c | 9 ++
mm/page_alloc.c | 4 +-
net/batman-adv/bridge_loop_avoidance.c | 8 +-
net/batman-adv/main.c | 56 +++++---
net/batman-adv/network-coding.c | 4 +-
net/batman-adv/translation-table.c | 4 +-
net/core/dev.c | 6 +
net/core/net-sysfs.c | 4 +-
net/ipv4/tcp_bpf.c | 12 ++
net/mac80211/mesh.c | 9 +-
net/sctp/sm_statefuns.c | 139 +++++++++++--------
net/tipc/crypto.c | 32 +++--
net/tls/tls_sw.c | 19 ++-
net/wireless/core.c | 2 +-
net/wireless/core.h | 2 +
net/wireless/mlme.c | 26 ++--
net/wireless/scan.c | 7 +-
net/wireless/util.c | 14 +-
tools/perf/builtin-script.c | 14 +-
115 files changed, 1098 insertions(+), 565 deletions(-)
The patch titled
Subject: mm: khugepaged: skip huge page collapse for special files
has been removed from the -mm tree. Its filename was
mm-khugepaged-skip-huge-page-collapse-for-special-files.patch
This patch was dropped because it was merged into mainline or a subsystem tree
------------------------------------------------------
From: Yang Shi <shy828301(a)gmail.com>
Subject: mm: khugepaged: skip huge page collapse for special files
The read-only THP for filesystems will collapse THP for files opened
readonly and mapped with VM_EXEC. The intended usecase is to avoid TLB
misses for large text segments. But it doesn't restrict the file types so
a THP could be collapsed for a non-regular file, for example, block
device, if it is opened readonly and mapped with EXEC permission. This
may cause bugs, like [1] and [2].
This is definitely not the intended usecase, so just collapse THP for
regular files in order to close the attack surface.
[1] https://lore.kernel.org/lkml/CACkBjsYwLYLRmX8GpsDpMthagWOjWWrNxqY6ZLNQVr6yx…
[2] https://lore.kernel.org/linux-mm/000000000000c6a82505ce284e4c@google.com/
[shy828301(a)gmail.com: fix vm_file check]
Link: https://lkml.kernel.org/r/CAHbLzkqTW9U3VvTu1Ki5v_cLRC9gHW+znBukg_ycergE0JWj…
Link: https://lkml.kernel.org/r/20211027195221.3825-1-shy828301@gmail.com
Fixes: 99cb0dbd47a1 ("mm,thp: add read-only THP support for (non-shmem) FS")
Signed-off-by: Hugh Dickins <hughd(a)google.com>
Signed-off-by: Yang Shi <shy828301(a)gmail.com>
Reported-by: Hao Sun <sunhao.th(a)gmail.com>
Reported-by: syzbot+aae069be1de40fb11825(a)syzkaller.appspotmail.com
Cc: Matthew Wilcox <willy(a)infradead.org>
Cc: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com>
Cc: Song Liu <songliubraving(a)fb.com>
Cc: Andrea Righi <andrea.righi(a)canonical.com>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
mm/khugepaged.c | 19 +++++++++++--------
1 file changed, 11 insertions(+), 8 deletions(-)
--- a/mm/khugepaged.c~mm-khugepaged-skip-huge-page-collapse-for-special-files
+++ a/mm/khugepaged.c
@@ -445,22 +445,25 @@ static bool hugepage_vma_check(struct vm
if (!transhuge_vma_enabled(vma, vm_flags))
return false;
+ if (vma->vm_file && !IS_ALIGNED((vma->vm_start >> PAGE_SHIFT) -
+ vma->vm_pgoff, HPAGE_PMD_NR))
+ return false;
+
/* Enabled via shmem mount options or sysfs settings. */
- if (shmem_file(vma->vm_file) && shmem_huge_enabled(vma)) {
- return IS_ALIGNED((vma->vm_start >> PAGE_SHIFT) - vma->vm_pgoff,
- HPAGE_PMD_NR);
- }
+ if (shmem_file(vma->vm_file))
+ return shmem_huge_enabled(vma);
/* THP settings require madvise. */
if (!(vm_flags & VM_HUGEPAGE) && !khugepaged_always())
return false;
- /* Read-only file mappings need to be aligned for THP to work. */
+ /* Only regular file is valid */
if (IS_ENABLED(CONFIG_READ_ONLY_THP_FOR_FS) && vma->vm_file &&
- !inode_is_open_for_write(vma->vm_file->f_inode) &&
(vm_flags & VM_EXEC)) {
- return IS_ALIGNED((vma->vm_start >> PAGE_SHIFT) - vma->vm_pgoff,
- HPAGE_PMD_NR);
+ struct inode *inode = vma->vm_file->f_inode;
+
+ return !inode_is_open_for_write(inode) &&
+ S_ISREG(inode->i_mode);
}
if (!vma->anon_vma || vma->vm_ops)
_
Patches currently in -mm which might be from shy828301(a)gmail.com are
mm-filemap-coding-style-cleanup-for-filemap_map_pmd.patch
mm-hwpoison-refactor-refcount-check-handling.patch
mm-shmem-dont-truncate-page-if-memory-failure-happens.patch
mm-hwpoison-handle-non-anonymous-thp-correctly.patch
mm-migrate-make-demotion-knob-depend-on-migration.patch
The patch titled
Subject: mm, thp: bail out early in collapse_file for writeback page
has been removed from the -mm tree. Its filename was
mm-thp-bail-out-early-in-collapse_file-for-writeback-page.patch
This patch was dropped because it was merged into mainline or a subsystem tree
------------------------------------------------------
From: Rongwei Wang <rongwei.wang(a)linux.alibaba.com>
Subject: mm, thp: bail out early in collapse_file for writeback page
Currently collapse_file does not explicitly check PG_writeback, instead,
page_has_private and try_to_release_page are used to filter writeback
pages. This does not work for xfs with blocksize equal to or larger than
pagesize, because in such case xfs has no page->private.
This makes collapse_file bail out early for writeback page. Otherwise,
xfs end_page_writeback will panic as follows.
page:fffffe00201bcc80 refcount:0 mapcount:0 mapping:ffff0003f88c86a8 index:0x0 pfn:0x84ef32
aops:xfs_address_space_operations [xfs] ino:30000b7 dentry name:"libtest.so"
flags: 0x57fffe0000008027(locked|referenced|uptodate|active|writeback)
raw: 57fffe0000008027 ffff80001b48bc28 ffff80001b48bc28 ffff0003f88c86a8
raw: 0000000000000000 0000000000000000 00000000ffffffff ffff0000c3e9a000
page dumped because: VM_BUG_ON_PAGE(((unsigned int) page_ref_count(page) + 127u <= 127u))
page->mem_cgroup:ffff0000c3e9a000
------------[ cut here ]------------
kernel BUG at include/linux/mm.h:1212!
Internal error: Oops - BUG: 0 [#1] SMP
Modules linked in:
BUG: Bad page state in process khugepaged pfn:84ef32
xfs(E)
page:fffffe00201bcc80 refcount:0 mapcount:0 mapping:0 index:0x0 pfn:0x84ef32
libcrc32c(E) rfkill(E) aes_ce_blk(E) crypto_simd(E) ...
CPU: 25 PID: 0 Comm: swapper/25 Kdump: loaded Tainted: ...
pstate: 60400005 (nZCv daif +PAN -UAO -TCO BTYPE=--)
pc : end_page_writeback+0x1c0/0x214
lr : end_page_writeback+0x1c0/0x214
sp : ffff800011ce3cc0
x29: ffff800011ce3cc0 x28: 0000000000000000
x27: ffff000c04608040 x26: 0000000000000000
x25: ffff000c04608040 x24: 0000000000001000
x23: ffff0003f88c8530 x22: 0000000000001000
x21: ffff0003f88c8530 x20: 0000000000000000
x19: fffffe00201bcc80 x18: 0000000000000030
x17: 0000000000000000 x16: 0000000000000000
x15: ffff000c018f9760 x14: ffffffffffffffff
x13: ffff8000119d72b0 x12: ffff8000119d6ee3
x11: ffff8000117b69b8 x10: 00000000ffff8000
x9 : ffff800010617534 x8 : 0000000000000000
x7 : ffff8000114f69b8 x6 : 000000000000000f
x5 : 0000000000000000 x4 : 0000000000000000
x3 : 0000000000000400 x2 : 0000000000000000
x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
end_page_writeback+0x1c0/0x214
iomap_finish_page_writeback+0x13c/0x204
iomap_finish_ioend+0xe8/0x19c
iomap_writepage_end_bio+0x38/0x50
bio_endio+0x168/0x1ec
blk_update_request+0x278/0x3f0
blk_mq_end_request+0x34/0x15c
virtblk_request_done+0x38/0x74 [virtio_blk]
blk_done_softirq+0xc4/0x110
__do_softirq+0x128/0x38c
__irq_exit_rcu+0x118/0x150
irq_exit+0x1c/0x30
__handle_domain_irq+0x8c/0xf0
gic_handle_irq+0x84/0x108
el1_irq+0xcc/0x180
arch_cpu_idle+0x18/0x40
default_idle_call+0x4c/0x1a0
cpuidle_idle_call+0x168/0x1e0
do_idle+0xb4/0x104
cpu_startup_entry+0x30/0x9c
secondary_start_kernel+0x104/0x180
Code: d4210000 b0006161 910c8021 94013f4d (d4210000)
---[ end trace 4a88c6a074082f8c ]---
Kernel panic - not syncing: Oops - BUG: Fatal exception in interrupt
Link: https://lkml.kernel.org/r/20211022023052.33114-1-rongwei.wang@linux.alibaba…
Fixes: 99cb0dbd47a1 ("mm,thp: add read-only THP support for (non-shmem) FS")
Signed-off-by: Rongwei Wang <rongwei.wang(a)linux.alibaba.com>
Signed-off-by: Xu Yu <xuyu(a)linux.alibaba.com>
Suggested-by: Yang Shi <shy828301(a)gmail.com>
Reviewed-by: Matthew Wilcox (Oracle) <willy(a)infradead.org>
Reviewed-by: Yang Shi <shy828301(a)gmail.com>
Acked-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com>
Cc: Song Liu <song(a)kernel.org>
Cc: William Kucharski <william.kucharski(a)oracle.com>
Cc: Hugh Dickins <hughd(a)google.com>
Cc: Mike Kravetz <mike.kravetz(a)oracle.com>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
mm/khugepaged.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
--- a/mm/khugepaged.c~mm-thp-bail-out-early-in-collapse_file-for-writeback-page
+++ a/mm/khugepaged.c
@@ -1763,6 +1763,10 @@ static void collapse_file(struct mm_stru
filemap_flush(mapping);
result = SCAN_FAIL;
goto xa_unlocked;
+ } else if (PageWriteback(page)) {
+ xas_unlock_irq(&xas);
+ result = SCAN_FAIL;
+ goto xa_unlocked;
} else if (trylock_page(page)) {
get_page(page);
xas_unlock_irq(&xas);
@@ -1798,7 +1802,8 @@ static void collapse_file(struct mm_stru
goto out_unlock;
}
- if (!is_shmem && PageDirty(page)) {
+ if (!is_shmem && (PageDirty(page) ||
+ PageWriteback(page))) {
/*
* khugepaged only works on read-only fd, so this
* page is dirty because it hasn't been flushed
_
Patches currently in -mm which might be from rongwei.wang(a)linux.alibaba.com are
mm-thp-lock-filemap-when-truncating-page-cache.patch
mm-thp-fix-incorrect-unmap-behavior-for-private-pages.patch
mm-damon-dbgfs-remove-unnecessary-variables.patch
The patch titled
Subject: ocfs2: fix race between searching chunks and release journal_head from buffer_head
has been removed from the -mm tree. Its filename was
ocfs2-race-between-searching-chunks-and-release-journal_head-from-buffer_head.patch
This patch was dropped because it was merged into mainline or a subsystem tree
------------------------------------------------------
From: Gautham Ananthakrishna <gautham.ananthakrishna(a)oracle.com>
Subject: ocfs2: fix race between searching chunks and release journal_head from buffer_head
Encountered a race between ocfs2_test_bg_bit_allocatable() and
jbd2_journal_put_journal_head() resulting in the below vmcore.
PID: 106879 TASK: ffff880244ba9c00 CPU: 2 COMMAND: "loop3"
0 [ffff8802435ff1c0] panic at ffffffff816ed175
1 [ffff8802435ff240] oops_end at ffffffff8101a7c9
2 [ffff8802435ff270] no_context at ffffffff8106eccf
3 [ffff8802435ff2e0] __bad_area_nosemaphore at ffffffff8106ef9d
4 [ffff8802435ff330] bad_area_nosemaphore at ffffffff8106f143
5 [ffff8802435ff340] __do_page_fault at ffffffff8106f80b
6 [ffff8802435ff3a0] do_page_fault at ffffffff8106fc2f
7 [ffff8802435ff3e0] page_fault at ffffffff816fd667
[exception RIP: ocfs2_block_group_find_clear_bits+316]
RIP: ffffffffc11ef6fc RSP: ffff8802435ff498 RFLAGS: 00010206
RAX: 0000000000003918 RBX: 0000000000000001 RCX: 0000000000000018
RDX: 0000000000003918 RSI: 0000000000000000 RDI: ffff880060194040
RBP: ffff8802435ff4f8 R8: ffffffffff000000 R9: ffffffffffffffff
R10: ffff8802435ff730 R11: ffff8802a94e5800 R12: 0000000000000007
R13: 0000000000007e00 R14: 0000000000003918 R15: ffff88017c973a28
ORIG_RAX: ffffffffffffffff CS: e030 SS: e02b
8 [ffff8802435ff490] ocfs2_block_group_find_clear_bits at ffffffffc11ef680 [ocfs2]
9 [ffff8802435ff500] ocfs2_cluster_group_search at ffffffffc11ef916 [ocfs2]
10 [ffff8802435ff580] ocfs2_search_chain at ffffffffc11f0fb6 [ocfs2]
11 [ffff8802435ff660] ocfs2_claim_suballoc_bits at ffffffffc11f1b1b [ocfs2]
12 [ffff8802435ff6f0] __ocfs2_claim_clusters at ffffffffc11f32cb [ocfs2]
13 [ffff8802435ff770] ocfs2_claim_clusters at ffffffffc11f5caf [ocfs2]
14 [ffff8802435ff780] ocfs2_local_alloc_slide_window at ffffffffc11cc0db [ocfs2]
15 [ffff8802435ff820] ocfs2_reserve_local_alloc_bits at ffffffffc11ce53f [ocfs2]
16 [ffff8802435ff890] ocfs2_reserve_clusters_with_limit at ffffffffc11f59b5 [ocfs2]
17 [ffff8802435ff8e0] ocfs2_reserve_clusters at ffffffffc11f5c88 [ocfs2]
18 [ffff8802435ff8f0] ocfs2_lock_refcount_allocators at ffffffffc11dc169 [ocfs2]
19 [ffff8802435ff960] ocfs2_make_clusters_writable at ffffffffc11e4274 [ocfs2]
20 [ffff8802435ffa50] ocfs2_replace_cow at ffffffffc11e4df1 [ocfs2]
21 [ffff8802435ffac0] ocfs2_refcount_cow at ffffffffc11e54b1 [ocfs2]
22 [ffff8802435ffb80] ocfs2_file_write_iter at ffffffffc11bf8f4 [ocfs2]
23 [ffff8802435ffcd0] lo_rw_aio at ffffffff814a1b5d
24 [ffff8802435ffd80] loop_queue_work at ffffffff814a2802
25 [ffff8802435ffe60] kthread_worker_fn at ffffffff810a80d2
26 [ffff8802435ffec0] kthread at ffffffff810a7afb
27 [ffff8802435fff50] ret_from_fork at ffffffff816f7da1
When ocfs2_test_bg_bit_allocatable() called bh2jh(bg_bh), the
bg_bh->b_private NULL as jbd2_journal_put_journal_head() raced and
released the jounal head from the buffer head. Needed to take bit lock
for the bit 'BH_JournalHead' to fix this race.
Link: https://lkml.kernel.org/r/1634820718-6043-1-git-send-email-gautham.ananthak…
Signed-off-by: Gautham Ananthakrishna <gautham.ananthakrishna(a)oracle.com>
Reviewed-by: Joseph Qi <joseph.qi(a)linux.alibaba.com>
Cc: <rajesh.sivaramasubramaniom(a)oracle.com>
Cc: Mark Fasheh <mark(a)fasheh.com>
Cc: Joel Becker <jlbec(a)evilplan.org>
Cc: Junxiao Bi <junxiao.bi(a)oracle.com>
Cc: Changwei Ge <gechangwei(a)live.cn>
Cc: Gang He <ghe(a)suse.com>
Cc: Jun Piao <piaojun(a)huawei.com>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
fs/ocfs2/suballoc.c | 22 +++++++++++++---------
1 file changed, 13 insertions(+), 9 deletions(-)
--- a/fs/ocfs2/suballoc.c~ocfs2-race-between-searching-chunks-and-release-journal_head-from-buffer_head
+++ a/fs/ocfs2/suballoc.c
@@ -1251,7 +1251,7 @@ static int ocfs2_test_bg_bit_allocatable
{
struct ocfs2_group_desc *bg = (struct ocfs2_group_desc *) bg_bh->b_data;
struct journal_head *jh;
- int ret;
+ int ret = 1;
if (ocfs2_test_bit(nr, (unsigned long *)bg->bg_bitmap))
return 0;
@@ -1259,14 +1259,18 @@ static int ocfs2_test_bg_bit_allocatable
if (!buffer_jbd(bg_bh))
return 1;
- jh = bh2jh(bg_bh);
- spin_lock(&jh->b_state_lock);
- bg = (struct ocfs2_group_desc *) jh->b_committed_data;
- if (bg)
- ret = !ocfs2_test_bit(nr, (unsigned long *)bg->bg_bitmap);
- else
- ret = 1;
- spin_unlock(&jh->b_state_lock);
+ jbd_lock_bh_journal_head(bg_bh);
+ if (buffer_jbd(bg_bh)) {
+ jh = bh2jh(bg_bh);
+ spin_lock(&jh->b_state_lock);
+ bg = (struct ocfs2_group_desc *) jh->b_committed_data;
+ if (bg)
+ ret = !ocfs2_test_bit(nr, (unsigned long *)bg->bg_bitmap);
+ else
+ ret = 1;
+ spin_unlock(&jh->b_state_lock);
+ }
+ jbd_unlock_bh_journal_head(bg_bh);
return ret;
}
_
Patches currently in -mm which might be from gautham.ananthakrishna(a)oracle.com are
The patch titled
Subject: mm: filemap: check if THP has hwpoisoned subpage for PMD page fault
has been removed from the -mm tree. Its filename was
mm-filemap-check-if-thp-has-hwpoisoned-subpage-for-pmd-page-fault.patch
This patch was dropped because it was merged into mainline or a subsystem tree
------------------------------------------------------
From: Yang Shi <shy828301(a)gmail.com>
Subject: mm: filemap: check if THP has hwpoisoned subpage for PMD page fault
When handling shmem page fault the THP with corrupted subpage could be PMD
mapped if certain conditions are satisfied. But kernel is supposed to
send SIGBUS when trying to map hwpoisoned page.
There are two paths which may do PMD map: fault around and regular fault.
Before commit f9ce0be71d1f ("mm: Cleanup faultaround and finish_fault()
codepaths") the thing was even worse in fault around path. The THP could
be PMD mapped as long as the VMA fits regardless what subpage is accessed
and corrupted. After this commit as long as head page is not corrupted
the THP could be PMD mapped.
In the regular fault path the THP could be PMD mapped as long as the
corrupted page is not accessed and the VMA fits.
This loophole could be fixed by iterating every subpage to check if any of
them is hwpoisoned or not, but it is somewhat costly in page fault path.
So introduce a new page flag called HasHWPoisoned on the first tail page.
It indicates the THP has hwpoisoned subpage(s). It is set if any subpage
of THP is found hwpoisoned by memory failure and after the refcount is
bumped successfully, then cleared when the THP is freed or split.
The soft offline path doesn't need this since soft offline handler just
marks a subpage hwpoisoned when the subpage is migrated successfully. But
shmem THP didn't get split then migrated at all.
Link: https://lkml.kernel.org/r/20211020210755.23964-3-shy828301@gmail.com
Fixes: 800d8c63b2e9 ("shmem: add huge pages support")
Signed-off-by: Yang Shi <shy828301(a)gmail.com>
Reviewed-by: Naoya Horiguchi <naoya.horiguchi(a)nec.com>
Suggested-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com>
Cc: Hugh Dickins <hughd(a)google.com>
Cc: Matthew Wilcox <willy(a)infradead.org>
Cc: Oscar Salvador <osalvador(a)suse.de>
Cc: Peter Xu <peterx(a)redhat.com>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
include/linux/page-flags.h | 23 +++++++++++++++++++++++
mm/huge_memory.c | 2 ++
mm/memory-failure.c | 14 ++++++++++++++
mm/memory.c | 9 +++++++++
mm/page_alloc.c | 4 +++-
5 files changed, 51 insertions(+), 1 deletion(-)
--- a/include/linux/page-flags.h~mm-filemap-check-if-thp-has-hwpoisoned-subpage-for-pmd-page-fault
+++ a/include/linux/page-flags.h
@@ -171,6 +171,15 @@ enum pageflags {
/* Compound pages. Stored in first tail page's flags */
PG_double_map = PG_workingset,
+#ifdef CONFIG_MEMORY_FAILURE
+ /*
+ * Compound pages. Stored in first tail page's flags.
+ * Indicates that at least one subpage is hwpoisoned in the
+ * THP.
+ */
+ PG_has_hwpoisoned = PG_mappedtodisk,
+#endif
+
/* non-lru isolated movable page */
PG_isolated = PG_reclaim,
@@ -668,6 +677,20 @@ PAGEFLAG_FALSE(DoubleMap)
TESTSCFLAG_FALSE(DoubleMap)
#endif
+#if defined(CONFIG_MEMORY_FAILURE) && defined(CONFIG_TRANSPARENT_HUGEPAGE)
+/*
+ * PageHasHWPoisoned indicates that at least one subpage is hwpoisoned in the
+ * compound page.
+ *
+ * This flag is set by hwpoison handler. Cleared by THP split or free page.
+ */
+PAGEFLAG(HasHWPoisoned, has_hwpoisoned, PF_SECOND)
+ TESTSCFLAG(HasHWPoisoned, has_hwpoisoned, PF_SECOND)
+#else
+PAGEFLAG_FALSE(HasHWPoisoned)
+ TESTSCFLAG_FALSE(HasHWPoisoned)
+#endif
+
/*
* Check if a page is currently marked HWPoisoned. Note that this check is
* best effort only and inherently racy: there is no way to synchronize with
--- a/mm/huge_memory.c~mm-filemap-check-if-thp-has-hwpoisoned-subpage-for-pmd-page-fault
+++ a/mm/huge_memory.c
@@ -2426,6 +2426,8 @@ static void __split_huge_page(struct pag
/* lock lru list/PageCompound, ref frozen by page_ref_freeze */
lruvec = lock_page_lruvec(head);
+ ClearPageHasHWPoisoned(head);
+
for (i = nr - 1; i >= 1; i--) {
__split_huge_page_tail(head, i, lruvec, list);
/* Some pages can be beyond EOF: drop them from page cache */
--- a/mm/memory.c~mm-filemap-check-if-thp-has-hwpoisoned-subpage-for-pmd-page-fault
+++ a/mm/memory.c
@@ -3907,6 +3907,15 @@ vm_fault_t do_set_pmd(struct vm_fault *v
return ret;
/*
+ * Just backoff if any subpage of a THP is corrupted otherwise
+ * the corrupted page may mapped by PMD silently to escape the
+ * check. This kind of THP just can be PTE mapped. Access to
+ * the corrupted subpage should trigger SIGBUS as expected.
+ */
+ if (unlikely(PageHasHWPoisoned(page)))
+ return ret;
+
+ /*
* Archs like ppc64 need additional space to store information
* related to pte entry. Use the preallocated table for that.
*/
--- a/mm/memory-failure.c~mm-filemap-check-if-thp-has-hwpoisoned-subpage-for-pmd-page-fault
+++ a/mm/memory-failure.c
@@ -1694,6 +1694,20 @@ try_again:
}
if (PageTransHuge(hpage)) {
+ /*
+ * The flag must be set after the refcount is bumped
+ * otherwise it may race with THP split.
+ * And the flag can't be set in get_hwpoison_page() since
+ * it is called by soft offline too and it is just called
+ * for !MF_COUNT_INCREASE. So here seems to be the best
+ * place.
+ *
+ * Don't need care about the above error handling paths for
+ * get_hwpoison_page() since they handle either free page
+ * or unhandlable page. The refcount is bumped iff the
+ * page is a valid handlable page.
+ */
+ SetPageHasHWPoisoned(hpage);
if (try_to_split_thp_page(p, "Memory Failure") < 0) {
action_result(pfn, MF_MSG_UNSPLIT_THP, MF_IGNORED);
res = -EBUSY;
--- a/mm/page_alloc.c~mm-filemap-check-if-thp-has-hwpoisoned-subpage-for-pmd-page-fault
+++ a/mm/page_alloc.c
@@ -1312,8 +1312,10 @@ static __always_inline bool free_pages_p
VM_BUG_ON_PAGE(compound && compound_order(page) != order, page);
- if (compound)
+ if (compound) {
ClearPageDoubleMap(page);
+ ClearPageHasHWPoisoned(page);
+ }
for (i = 1; i < (1 << order); i++) {
if (compound)
bad += free_tail_pages_check(page, page + i);
_
Patches currently in -mm which might be from shy828301(a)gmail.com are
mm-filemap-coding-style-cleanup-for-filemap_map_pmd.patch
mm-hwpoison-refactor-refcount-check-handling.patch
mm-shmem-dont-truncate-page-if-memory-failure-happens.patch
mm-hwpoison-handle-non-anonymous-thp-correctly.patch
mm-migrate-make-demotion-knob-depend-on-migration.patch
The patch titled
Subject: mm: hwpoison: remove the unnecessary THP check
has been removed from the -mm tree. Its filename was
mm-hwpoison-remove-the-unnecessary-thp-check.patch
This patch was dropped because it was merged into mainline or a subsystem tree
------------------------------------------------------
From: Yang Shi <shy828301(a)gmail.com>
Subject: mm: hwpoison: remove the unnecessary THP check
When handling THP hwpoison checked if the THP is in allocation or free
stage since hwpoison may mistreat it as hugetlb page. After commit
415c64c1453a ("mm/memory-failure: split thp earlier in memory error
handling") the problem has been fixed, so this check is no longer needed.
Remove it. The side effect of the removal is hwpoison may report unsplit
THP instead of unknown error for shmem THP. It seems not like a big deal.
The following patch "mm: filemap: check if THP has hwpoisoned subpage for
PMD page fault" depends on this, which fixes shmem THP with hwpoisoned
subpage(s) are mapped PMD wrongly. So this patch needs to be backported
to -stable as well.
Link: https://lkml.kernel.org/r/20211020210755.23964-2-shy828301@gmail.com
Signed-off-by: Yang Shi <shy828301(a)gmail.com>
Suggested-by: Naoya Horiguchi <naoya.horiguchi(a)nec.com>
Acked-by: Naoya Horiguchi <naoya.horiguchi(a)nec.com>
Cc: Hugh Dickins <hughd(a)google.com>
Cc: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com>
Cc: Matthew Wilcox <willy(a)infradead.org>
Cc: Oscar Salvador <osalvador(a)suse.de>
Cc: Peter Xu <peterx(a)redhat.com>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
mm/memory-failure.c | 14 --------------
1 file changed, 14 deletions(-)
--- a/mm/memory-failure.c~mm-hwpoison-remove-the-unnecessary-thp-check
+++ a/mm/memory-failure.c
@@ -1147,20 +1147,6 @@ static int __get_hwpoison_page(struct pa
if (!HWPoisonHandlable(head))
return -EBUSY;
- if (PageTransHuge(head)) {
- /*
- * Non anonymous thp exists only in allocation/free time. We
- * can't handle such a case correctly, so let's give it up.
- * This should be better than triggering BUG_ON when kernel
- * tries to touch the "partially handled" page.
- */
- if (!PageAnon(head)) {
- pr_err("Memory failure: %#lx: non anonymous thp\n",
- page_to_pfn(page));
- return 0;
- }
- }
-
if (get_page_unless_zero(head)) {
if (head == compound_head(page))
return 1;
_
Patches currently in -mm which might be from shy828301(a)gmail.com are
mm-filemap-coding-style-cleanup-for-filemap_map_pmd.patch
mm-hwpoison-refactor-refcount-check-handling.patch
mm-shmem-dont-truncate-page-if-memory-failure-happens.patch
mm-hwpoison-handle-non-anonymous-thp-correctly.patch
mm-migrate-make-demotion-knob-depend-on-migration.patch
On Mon, Nov 01, 2021 at 02:43:31PM +0000, mike chant wrote:
> Hi,
> The table of LTS releases on this page shows an EOL date of October 2023
> for 5.15. Judging by the other EOL dates, shouldn't this be 2027?
LTS releases are generally supported for 2 years UNLESS someone steps up and
offers to help support it for longer.
With further questions, please email stable(a)vger.kernel.org.
Regards,
-K
This is the start of the stable review cycle for the 5.4.157 release.
There are 51 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Wed, 03 Nov 2021 08:24:20 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.157-rc…
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 5.4.157-rc1
Song Liu <songliubraving(a)fb.com>
perf script: Check session->header.env.arch before using it
Halil Pasic <pasic(a)linux.ibm.com>
KVM: s390: preserve deliverable_mask in __airqs_kick_single_vcpu
Halil Pasic <pasic(a)linux.ibm.com>
KVM: s390: clear kicked_mask before sleeping again
Janusz Dziedzic <janusz.dziedzic(a)gmail.com>
cfg80211: correct bridge/4addr mode check
Julian Wiedmann <jwi(a)linux.ibm.com>
net: use netif_is_bridge_port() to check for IFF_BRIDGE_PORT
Xin Long <lucien.xin(a)gmail.com>
sctp: add vtag check in sctp_sf_ootb
Xin Long <lucien.xin(a)gmail.com>
sctp: add vtag check in sctp_sf_do_8_5_1_E_sa
Xin Long <lucien.xin(a)gmail.com>
sctp: add vtag check in sctp_sf_violation
Xin Long <lucien.xin(a)gmail.com>
sctp: fix the processing for COOKIE_ECHO chunk
Xin Long <lucien.xin(a)gmail.com>
sctp: fix the processing for INIT_ACK chunk
Xin Long <lucien.xin(a)gmail.com>
sctp: use init_tag from inithdr for ABORT chunk
Andrew Lunn <andrew(a)lunn.ch>
phy: phy_start_aneg: Add an unlocked version
Andrew Lunn <andrew(a)lunn.ch>
phy: phy_ethtool_ksettings_get: Lock the phy for consistency
Daniel Jordan <daniel.m.jordan(a)oracle.com>
net/tls: Fix flipped sign in async_wait.err assignment
Trevor Woerner <twoerner(a)gmail.com>
net: nxp: lpc_eth.c: avoid hang when bringing interface down
Yuiko Oshino <yuiko.oshino(a)microchip.com>
net: ethernet: microchip: lan743x: Fix dma allocation failure by using dma_set_mask_and_coherent
Yuiko Oshino <yuiko.oshino(a)microchip.com>
net: ethernet: microchip: lan743x: Fix driver crash when lan743x_pm_resume fails
Guenter Roeck <linux(a)roeck-us.net>
nios2: Make NIOS2_DTB_SOURCE_BOOL depend on !COMPILE_TEST
Mark Zhang <markzhang(a)nvidia.com>
RDMA/sa_query: Use strscpy_pad instead of memcpy to copy a string
Michael Chan <michael.chan(a)broadcom.com>
net: Prevent infinite while loop in skb_tx_hash()
Pavel Skripkin <paskripkin(a)gmail.com>
net: batman-adv: fix error handling
Yang Yingliang <yangyingliang(a)huawei.com>
regmap: Fix possible double-free in regcache_rbtree_exit()
Clément Bœsch <u(a)pkh.me>
arm64: dts: allwinner: h5: NanoPI Neo 2: Fix ethernet node
Patrisious Haddad <phaddad(a)nvidia.com>
RDMA/mlx5: Set user priority for DCT
Varun Prakash <varun(a)chelsio.com>
nvme-tcp: fix data digest pointer calculation
Varun Prakash <varun(a)chelsio.com>
nvmet-tcp: fix data digest pointer calculation
Mike Marciniszyn <mike.marciniszyn(a)cornelisnetworks.com>
IB/hfi1: Fix abba locking issue with sc_disable()
Mike Marciniszyn <mike.marciniszyn(a)cornelisnetworks.com>
IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields
Liu Jian <liujian56(a)huawei.com>
tcp_bpf: Fix one concurrency problem in the tcp_bpf_send_verdict function
Christian König <christian.koenig(a)amd.com>
drm/ttm: fix memleak in ttm_transfered_destroy
Johan Hovold <johan(a)kernel.org>
net: lan78xx: fix division by zero in send path
Johannes Berg <johannes.berg(a)intel.com>
cfg80211: scan: fix RCU in cfg80211_add_nontrans_list()
Haibo Chen <haibo.chen(a)nxp.com>
mmc: sdhci-esdhc-imx: clear the buffer_read_ready to reset standard tuning circuit
Shawn Guo <shawn.guo(a)linaro.org>
mmc: sdhci: Map more voltage level to SDHCI_POWER_330
Jaehoon Chung <jh80.chung(a)samsung.com>
mmc: dw_mmc: exynos: fix the finding clock sample value
Wenbin Mei <wenbin.mei(a)mediatek.com>
mmc: cqhci: clear HALT state after CQE enable
Johan Hovold <johan(a)kernel.org>
mmc: vub300: fix control-message timeouts
Daniel Jordan <daniel.m.jordan(a)oracle.com>
net/tls: Fix flipped sign in tls_err_abort() calls
Pavel Skripkin <paskripkin(a)gmail.com>
Revert "net: mdiobus: Fix memory leak in __mdiobus_register"
Krzysztof Kozlowski <krzysztof.kozlowski(a)canonical.com>
nfc: port100: fix using -ERRNO as command type mask
Zheyu Ma <zheyuma97(a)gmail.com>
ata: sata_mv: Fix the error handling of mv_chip_id()
Rafał Miłecki <rafal(a)milecki.pl>
Revert "pinctrl: bcm: ns: support updated DT binding as syscon subnode"
Wang Hai <wanghai38(a)huawei.com>
usbnet: fix error return code in usbnet_probe()
Oliver Neukum <oneukum(a)suse.com>
usbnet: sanity check for maxpacket
Eric Dumazet <edumazet(a)google.com>
ipv4: use siphash instead of Jenkins in fnhe_hashfun()
Eric Dumazet <edumazet(a)google.com>
ipv6: use siphash in rt6_exception_hash()
Naveen N. Rao <naveen.n.rao(a)linux.vnet.ibm.com>
powerpc/bpf: Fix BPF_MOD when imm == 1
Arnd Bergmann <arnd(a)arndb.de>
ARM: 9141/1: only warn about XIP address when not compile testing
Arnd Bergmann <arnd(a)arndb.de>
ARM: 9139/1: kprobes: fix arch_init_kprobes() prototype
Arnd Bergmann <arnd(a)arndb.de>
ARM: 9134/1: remove duplicate memcpy() definition
Nick Desaulniers <ndesaulniers(a)google.com>
ARM: 9133/1: mm: proc-macros: ensure *_tlb_fns are 4B aligned
-------------
Diffstat:
Makefile | 4 +-
arch/arm/boot/compressed/decompress.c | 3 +
arch/arm/kernel/vmlinux-xip.lds.S | 2 +-
arch/arm/mm/proc-macros.S | 1 +
arch/arm/probes/kprobes/core.c | 2 +-
.../boot/dts/allwinner/sun50i-h5-nanopi-neo2.dts | 2 +-
arch/nios2/platform/Kconfig.platform | 1 +
arch/powerpc/net/bpf_jit_comp64.c | 10 +++-
arch/s390/kvm/interrupt.c | 5 +-
arch/s390/kvm/kvm-s390.c | 1 +
drivers/ata/sata_mv.c | 4 +-
drivers/base/regmap/regcache-rbtree.c | 7 +--
drivers/gpu/drm/ttm/ttm_bo_util.c | 1 +
drivers/infiniband/core/sa_query.c | 5 +-
drivers/infiniband/hw/hfi1/pio.c | 9 ++-
drivers/infiniband/hw/mlx5/qp.c | 2 +
drivers/infiniband/hw/qib/qib_user_sdma.c | 33 +++++++----
drivers/mmc/host/cqhci.c | 3 +
drivers/mmc/host/dw_mmc-exynos.c | 14 +++++
drivers/mmc/host/sdhci-esdhc-imx.c | 16 ++++++
drivers/mmc/host/sdhci.c | 6 ++
drivers/mmc/host/vub300.c | 18 +++---
drivers/net/bonding/bond_main.c | 2 +-
drivers/net/ethernet/micrel/ksz884x.c | 2 +-
drivers/net/ethernet/microchip/lan743x_main.c | 22 +++++++
drivers/net/ethernet/nxp/lpc_eth.c | 5 +-
drivers/net/phy/mdio_bus.c | 1 -
drivers/net/phy/phy.c | 32 +++++++++--
drivers/net/usb/lan78xx.c | 6 ++
drivers/net/usb/usbnet.c | 5 ++
drivers/nfc/port100.c | 4 +-
drivers/nvme/host/tcp.c | 2 +-
drivers/nvme/target/tcp.c | 2 +-
drivers/pinctrl/bcm/pinctrl-ns.c | 29 ++++------
include/net/tls.h | 9 +--
net/batman-adv/bridge_loop_avoidance.c | 8 ++-
net/batman-adv/main.c | 56 ++++++++++++------
net/batman-adv/network-coding.c | 4 +-
net/batman-adv/translation-table.c | 4 +-
net/core/dev.c | 6 ++
net/core/rtnetlink.c | 12 ++--
net/ipv4/route.c | 12 ++--
net/ipv4/tcp_bpf.c | 12 ++++
net/ipv6/route.c | 20 +++++--
net/sctp/sm_statefuns.c | 67 +++++++++++++---------
net/tls/tls_sw.c | 19 ++++--
net/wireless/nl80211.c | 2 +-
net/wireless/scan.c | 7 ++-
net/wireless/util.c | 14 ++---
tools/perf/builtin-script.c | 12 ++--
50 files changed, 359 insertions(+), 166 deletions(-)
This is the start of the stable review cycle for the 4.19.215 release.
There are 35 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Wed, 03 Nov 2021 08:24:20 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.215-r…
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 4.19.215-rc1
Xin Long <lucien.xin(a)gmail.com>
sctp: add vtag check in sctp_sf_ootb
Xin Long <lucien.xin(a)gmail.com>
sctp: add vtag check in sctp_sf_do_8_5_1_E_sa
Xin Long <lucien.xin(a)gmail.com>
sctp: add vtag check in sctp_sf_violation
Xin Long <lucien.xin(a)gmail.com>
sctp: fix the processing for COOKIE_ECHO chunk
Xin Long <lucien.xin(a)gmail.com>
sctp: use init_tag from inithdr for ABORT chunk
Trevor Woerner <twoerner(a)gmail.com>
net: nxp: lpc_eth.c: avoid hang when bringing interface down
Yuiko Oshino <yuiko.oshino(a)microchip.com>
net: ethernet: microchip: lan743x: Fix dma allocation failure by using dma_set_mask_and_coherent
Yuiko Oshino <yuiko.oshino(a)microchip.com>
net: ethernet: microchip: lan743x: Fix driver crash when lan743x_pm_resume fails
Guenter Roeck <linux(a)roeck-us.net>
nios2: Make NIOS2_DTB_SOURCE_BOOL depend on !COMPILE_TEST
Michael Chan <michael.chan(a)broadcom.com>
net: Prevent infinite while loop in skb_tx_hash()
Pavel Skripkin <paskripkin(a)gmail.com>
net: batman-adv: fix error handling
Yang Yingliang <yangyingliang(a)huawei.com>
regmap: Fix possible double-free in regcache_rbtree_exit()
Clément Bœsch <u(a)pkh.me>
arm64: dts: allwinner: h5: NanoPI Neo 2: Fix ethernet node
Patrisious Haddad <phaddad(a)nvidia.com>
RDMA/mlx5: Set user priority for DCT
Johan Hovold <johan(a)kernel.org>
net: lan78xx: fix division by zero in send path
Haibo Chen <haibo.chen(a)nxp.com>
mmc: sdhci-esdhc-imx: clear the buffer_read_ready to reset standard tuning circuit
Shawn Guo <shawn.guo(a)linaro.org>
mmc: sdhci: Map more voltage level to SDHCI_POWER_330
Jaehoon Chung <jh80.chung(a)samsung.com>
mmc: dw_mmc: exynos: fix the finding clock sample value
Wenbin Mei <wenbin.mei(a)mediatek.com>
mmc: cqhci: clear HALT state after CQE enable
Johan Hovold <johan(a)kernel.org>
mmc: vub300: fix control-message timeouts
Eric Dumazet <edumazet(a)google.com>
ipv6: make exception cache less predictible
Eric Dumazet <edumazet(a)google.com>
ipv6: use siphash in rt6_exception_hash()
Eric Dumazet <edumazet(a)google.com>
ipv4: use siphash instead of Jenkins in fnhe_hashfun()
Pavel Skripkin <paskripkin(a)gmail.com>
Revert "net: mdiobus: Fix memory leak in __mdiobus_register"
Krzysztof Kozlowski <krzysztof.kozlowski(a)canonical.com>
nfc: port100: fix using -ERRNO as command type mask
Zheyu Ma <zheyuma97(a)gmail.com>
ata: sata_mv: Fix the error handling of mv_chip_id()
Wang Hai <wanghai38(a)huawei.com>
usbnet: fix error return code in usbnet_probe()
Oliver Neukum <oneukum(a)suse.com>
usbnet: sanity check for maxpacket
Nathan Chancellor <natechancellor(a)gmail.com>
ARM: 8819/1: Remove '-p' from LDFLAGS
Robin Murphy <robin.murphy(a)arm.com>
arm64: Avoid premature usercopy failure
Naveen N. Rao <naveen.n.rao(a)linux.vnet.ibm.com>
powerpc/bpf: Fix BPF_MOD when imm == 1
Arnd Bergmann <arnd(a)arndb.de>
ARM: 9141/1: only warn about XIP address when not compile testing
Arnd Bergmann <arnd(a)arndb.de>
ARM: 9139/1: kprobes: fix arch_init_kprobes() prototype
Arnd Bergmann <arnd(a)arndb.de>
ARM: 9134/1: remove duplicate memcpy() definition
Nick Desaulniers <ndesaulniers(a)google.com>
ARM: 9133/1: mm: proc-macros: ensure *_tlb_fns are 4B aligned
-------------
Diffstat:
Makefile | 4 +-
arch/arm/Makefile | 2 +-
arch/arm/boot/bootp/Makefile | 2 +-
arch/arm/boot/compressed/Makefile | 2 -
arch/arm/boot/compressed/decompress.c | 3 ++
arch/arm/kernel/vmlinux-xip.lds.S | 2 +-
arch/arm/mm/proc-macros.S | 1 +
arch/arm/probes/kprobes/core.c | 2 +-
.../boot/dts/allwinner/sun50i-h5-nanopi-neo2.dts | 2 +-
arch/arm64/lib/copy_from_user.S | 13 +++--
arch/arm64/lib/copy_in_user.S | 20 +++++---
arch/arm64/lib/copy_to_user.S | 14 ++++--
arch/nios2/platform/Kconfig.platform | 1 +
arch/powerpc/net/bpf_jit_comp64.c | 10 +++-
drivers/ata/sata_mv.c | 4 +-
drivers/base/regmap/regcache-rbtree.c | 7 ++-
drivers/infiniband/hw/mlx5/qp.c | 2 +
drivers/mmc/host/cqhci.c | 3 ++
drivers/mmc/host/dw_mmc-exynos.c | 14 ++++++
drivers/mmc/host/sdhci-esdhc-imx.c | 16 +++++++
drivers/mmc/host/sdhci.c | 6 +++
drivers/mmc/host/vub300.c | 18 +++----
drivers/net/ethernet/microchip/lan743x_main.c | 22 +++++++++
drivers/net/ethernet/nxp/lpc_eth.c | 5 +-
drivers/net/phy/mdio_bus.c | 1 -
drivers/net/usb/lan78xx.c | 6 +++
drivers/net/usb/usbnet.c | 5 ++
drivers/nfc/port100.c | 4 +-
net/batman-adv/bridge_loop_avoidance.c | 8 +++-
net/batman-adv/main.c | 56 +++++++++++++++-------
net/batman-adv/network-coding.c | 4 +-
net/batman-adv/translation-table.c | 4 +-
net/core/dev.c | 6 +++
net/ipv4/route.c | 12 ++---
net/ipv6/route.c | 25 +++++++---
net/sctp/sm_statefuns.c | 30 ++++++++----
36 files changed, 249 insertions(+), 87 deletions(-)
This is the start of the stable review cycle for the 4.14.254 release.
There are 25 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Wed, 03 Nov 2021 08:24:20 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.254-r…
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 4.14.254-rc1
Xin Long <lucien.xin(a)gmail.com>
sctp: add vtag check in sctp_sf_ootb
Xin Long <lucien.xin(a)gmail.com>
sctp: add vtag check in sctp_sf_do_8_5_1_E_sa
Xin Long <lucien.xin(a)gmail.com>
sctp: add vtag check in sctp_sf_violation
Xin Long <lucien.xin(a)gmail.com>
sctp: fix the processing for COOKIE_ECHO chunk
Xin Long <lucien.xin(a)gmail.com>
sctp: use init_tag from inithdr for ABORT chunk
Trevor Woerner <twoerner(a)gmail.com>
net: nxp: lpc_eth.c: avoid hang when bringing interface down
Guenter Roeck <linux(a)roeck-us.net>
nios2: Make NIOS2_DTB_SOURCE_BOOL depend on !COMPILE_TEST
Pavel Skripkin <paskripkin(a)gmail.com>
net: batman-adv: fix error handling
Yang Yingliang <yangyingliang(a)huawei.com>
regmap: Fix possible double-free in regcache_rbtree_exit()
Johan Hovold <johan(a)kernel.org>
net: lan78xx: fix division by zero in send path
Haibo Chen <haibo.chen(a)nxp.com>
mmc: sdhci-esdhc-imx: clear the buffer_read_ready to reset standard tuning circuit
Shawn Guo <shawn.guo(a)linaro.org>
mmc: sdhci: Map more voltage level to SDHCI_POWER_330
Jaehoon Chung <jh80.chung(a)samsung.com>
mmc: dw_mmc: exynos: fix the finding clock sample value
Johan Hovold <johan(a)kernel.org>
mmc: vub300: fix control-message timeouts
Eric Dumazet <edumazet(a)google.com>
ipv4: use siphash instead of Jenkins in fnhe_hashfun()
Pavel Skripkin <paskripkin(a)gmail.com>
Revert "net: mdiobus: Fix memory leak in __mdiobus_register"
Krzysztof Kozlowski <krzysztof.kozlowski(a)canonical.com>
nfc: port100: fix using -ERRNO as command type mask
Zheyu Ma <zheyuma97(a)gmail.com>
ata: sata_mv: Fix the error handling of mv_chip_id()
Wang Hai <wanghai38(a)huawei.com>
usbnet: fix error return code in usbnet_probe()
Oliver Neukum <oneukum(a)suse.com>
usbnet: sanity check for maxpacket
Nathan Chancellor <natechancellor(a)gmail.com>
ARM: 8819/1: Remove '-p' from LDFLAGS
Naveen N. Rao <naveen.n.rao(a)linux.vnet.ibm.com>
powerpc/bpf: Fix BPF_MOD when imm == 1
Arnd Bergmann <arnd(a)arndb.de>
ARM: 9139/1: kprobes: fix arch_init_kprobes() prototype
Arnd Bergmann <arnd(a)arndb.de>
ARM: 9134/1: remove duplicate memcpy() definition
Nick Desaulniers <ndesaulniers(a)google.com>
ARM: 9133/1: mm: proc-macros: ensure *_tlb_fns are 4B aligned
-------------
Diffstat:
Makefile | 4 +--
arch/arm/Makefile | 2 +-
arch/arm/boot/bootp/Makefile | 2 +-
arch/arm/boot/compressed/Makefile | 2 --
arch/arm/boot/compressed/decompress.c | 3 ++
arch/arm/mm/proc-macros.S | 1 +
arch/arm/probes/kprobes/core.c | 2 +-
arch/nios2/platform/Kconfig.platform | 1 +
arch/powerpc/net/bpf_jit_comp64.c | 10 ++++--
drivers/ata/sata_mv.c | 4 +--
drivers/base/regmap/regcache-rbtree.c | 7 ++---
drivers/mmc/host/dw_mmc-exynos.c | 14 +++++++++
drivers/mmc/host/sdhci-esdhc-imx.c | 16 ++++++++++
drivers/mmc/host/sdhci.c | 6 ++++
drivers/mmc/host/vub300.c | 18 +++++------
drivers/net/ethernet/nxp/lpc_eth.c | 5 ++-
drivers/net/phy/mdio_bus.c | 1 -
drivers/net/usb/lan78xx.c | 6 ++++
drivers/net/usb/usbnet.c | 5 +++
drivers/nfc/port100.c | 4 +--
net/batman-adv/bridge_loop_avoidance.c | 8 +++--
net/batman-adv/main.c | 56 ++++++++++++++++++++++++----------
net/batman-adv/network-coding.c | 4 ++-
net/batman-adv/translation-table.c | 4 ++-
net/ipv4/route.c | 12 ++++----
net/sctp/sm_statefuns.c | 30 ++++++++++++------
26 files changed, 161 insertions(+), 66 deletions(-)
Turns out some xHC controllers require all 64 bits in the CRCR register
to be written to execute a command abort.
The lower 32 bits containing the command abort bit is written first.
In case the command ring stops before we write the upper 32 bits then
hardware may use these upper bits to set the commnd ring dequeue pointer.
Solve this by making sure the upper 32 bits contain a valid command
ring dequeue pointer.
The original patch that only wrote the first 32 to stop the ring went
to stable, so this fix should go there as well.
Fixes: ff0e50d3564f ("xhci: Fix command ring pointer corruption while aborting a command")
Cc: stable(a)vger.kernel.org
Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com>
---
drivers/usb/host/xhci-ring.c | 21 ++++++++++++++-------
1 file changed, 14 insertions(+), 7 deletions(-)
diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c
index 311597bba80e..eaa49aef2935 100644
--- a/drivers/usb/host/xhci-ring.c
+++ b/drivers/usb/host/xhci-ring.c
@@ -366,7 +366,9 @@ static void xhci_handle_stopped_cmd_ring(struct xhci_hcd *xhci,
/* Must be called with xhci->lock held, releases and aquires lock back */
static int xhci_abort_cmd_ring(struct xhci_hcd *xhci, unsigned long flags)
{
- u32 temp_32;
+ struct xhci_segment *new_seg = xhci->cmd_ring->deq_seg;
+ union xhci_trb *new_deq = xhci->cmd_ring->dequeue;
+ u64 crcr;
int ret;
xhci_dbg(xhci, "Abort command ring\n");
@@ -375,13 +377,18 @@ static int xhci_abort_cmd_ring(struct xhci_hcd *xhci, unsigned long flags)
/*
* The control bits like command stop, abort are located in lower
- * dword of the command ring control register. Limit the write
- * to the lower dword to avoid corrupting the command ring pointer
- * in case if the command ring is stopped by the time upper dword
- * is written.
+ * dword of the command ring control register.
+ * Some controllers require all 64 bits to be written to abort the ring.
+ * Make sure the upper dword is valid, pointing to the next command,
+ * avoiding corrupting the command ring pointer in case the command ring
+ * is stopped by the time the upper dword is written.
*/
- temp_32 = readl(&xhci->op_regs->cmd_ring);
- writel(temp_32 | CMD_RING_ABORT, &xhci->op_regs->cmd_ring);
+ next_trb(xhci, NULL, &new_seg, &new_deq);
+ if (trb_is_link(new_deq))
+ next_trb(xhci, NULL, &new_seg, &new_deq);
+
+ crcr = xhci_trb_virt_to_dma(new_seg, new_deq);
+ xhci_write_64(xhci, crcr | CMD_RING_ABORT, &xhci->op_regs->cmd_ring);
/* Section 4.6.1.2 of xHCI 1.0 spec says software should also time the
* completion of the Command Abort operation. If CRR is not negated in 5
--
2.25.1
From: Ville Syrjälä <ville.syrjala(a)linux.intel.com>
Looks like our VBIOS/GOP generally fail to turn the DP dual mode adater
TMDS output buffers back on after a reboot. This leads to a black screen
after reboot if we turned the TMDS output buffers off prior to reboot.
And if i915 decides to do a fastboot the black screen will persist even
after i915 takes over.
Apparently this has been a problem ever since commit b2ccb822d376 ("drm/i915:
Enable/disable TMDS output buffers in DP++ adaptor as needed") if one
rebooted while the display was turned off. And things became worse with
commit fe0f1e3bfdfe ("drm/i915: Shut down displays gracefully on reboot")
since now we always turn the display off before a reboot.
This was reported on a RKL, but I confirmed the same behaviour on my
SNB as well. So looks pretty universal.
Let's fix this by explicitly turning the TMDS output buffers back on
in the encoder->shutdown() hook. Note that this gets called after irqs
have been disabled, so the i2c communication with the DP dual mode
adapter has to be performed via polling (which the gmbus code is
perfectly happy to do for us).
We also need a bit of care in handling DDI encoders which may or may
not be set up for HDMI output. Specifically ddc_pin will not be
populated for a DP only DDI encoder, in which case we don't want to
call intel_gmbus_get_adapter(). We can handle that by simply doing
the dual mode adapter type check before calling
intel_gmbus_get_adapter().
Cc: stable(a)vger.kernel.org
Fixes: b2ccb822d376 ("drm/i915: Enable/disable TMDS output buffers in DP++ adaptor as needed")
Fixes: fe0f1e3bfdfe ("drm/i915: Shut down displays gracefully on reboot")
Closes: https://gitlab.freedesktop.org/drm/intel/-/issues/4371
Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com>
---
drivers/gpu/drm/i915/display/g4x_hdmi.c | 1 +
drivers/gpu/drm/i915/display/intel_ddi.c | 1 +
drivers/gpu/drm/i915/display/intel_hdmi.c | 16 ++++++++++++++--
drivers/gpu/drm/i915/display/intel_hdmi.h | 1 +
4 files changed, 17 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/i915/display/g4x_hdmi.c b/drivers/gpu/drm/i915/display/g4x_hdmi.c
index 88c427f3c346..f5b4dd5b4275 100644
--- a/drivers/gpu/drm/i915/display/g4x_hdmi.c
+++ b/drivers/gpu/drm/i915/display/g4x_hdmi.c
@@ -584,6 +584,7 @@ void g4x_hdmi_init(struct drm_i915_private *dev_priv,
else
intel_encoder->enable = g4x_enable_hdmi;
}
+ intel_encoder->shutdown = intel_hdmi_encoder_shutdown;
intel_encoder->type = INTEL_OUTPUT_HDMI;
intel_encoder->power_domain = intel_port_to_power_domain(port);
diff --git a/drivers/gpu/drm/i915/display/intel_ddi.c b/drivers/gpu/drm/i915/display/intel_ddi.c
index 9fb99b09fff8..5ef2882727e1 100644
--- a/drivers/gpu/drm/i915/display/intel_ddi.c
+++ b/drivers/gpu/drm/i915/display/intel_ddi.c
@@ -4312,6 +4312,7 @@ static void intel_ddi_encoder_shutdown(struct intel_encoder *encoder)
enum phy phy = intel_port_to_phy(i915, encoder->port);
intel_dp_encoder_shutdown(encoder);
+ intel_hdmi_encoder_shutdown(encoder);
if (!intel_phy_is_tc(i915, phy))
return;
diff --git a/drivers/gpu/drm/i915/display/intel_hdmi.c b/drivers/gpu/drm/i915/display/intel_hdmi.c
index 7e6af959bf83..3b5b9e7b05b7 100644
--- a/drivers/gpu/drm/i915/display/intel_hdmi.c
+++ b/drivers/gpu/drm/i915/display/intel_hdmi.c
@@ -1246,12 +1246,13 @@ static void hsw_set_infoframes(struct intel_encoder *encoder,
void intel_dp_dual_mode_set_tmds_output(struct intel_hdmi *hdmi, bool enable)
{
struct drm_i915_private *dev_priv = intel_hdmi_to_i915(hdmi);
- struct i2c_adapter *adapter =
- intel_gmbus_get_adapter(dev_priv, hdmi->ddc_bus);
+ struct i2c_adapter *adapter;
if (hdmi->dp_dual_mode.type < DRM_DP_DUAL_MODE_TYPE2_DVI)
return;
+ adapter = intel_gmbus_get_adapter(dev_priv, hdmi->ddc_bus);
+
drm_dbg_kms(&dev_priv->drm, "%s DP dual mode adaptor TMDS output\n",
enable ? "Enabling" : "Disabling");
@@ -2285,6 +2286,17 @@ int intel_hdmi_compute_config(struct intel_encoder *encoder,
return 0;
}
+void intel_hdmi_encoder_shutdown(struct intel_encoder *encoder)
+{
+ struct intel_hdmi *intel_hdmi = enc_to_intel_hdmi(encoder);
+
+ /*
+ * Give a hand to buggy BIOSen which forget to turn
+ * the TMDS output buffers back on after a reboot.
+ */
+ intel_dp_dual_mode_set_tmds_output(intel_hdmi, true);
+}
+
static void
intel_hdmi_unset_edid(struct drm_connector *connector)
{
diff --git a/drivers/gpu/drm/i915/display/intel_hdmi.h b/drivers/gpu/drm/i915/display/intel_hdmi.h
index b43a180d007e..2bf440eb400a 100644
--- a/drivers/gpu/drm/i915/display/intel_hdmi.h
+++ b/drivers/gpu/drm/i915/display/intel_hdmi.h
@@ -28,6 +28,7 @@ void intel_hdmi_init_connector(struct intel_digital_port *dig_port,
int intel_hdmi_compute_config(struct intel_encoder *encoder,
struct intel_crtc_state *pipe_config,
struct drm_connector_state *conn_state);
+void intel_hdmi_encoder_shutdown(struct intel_encoder *encoder);
bool intel_hdmi_handle_sink_scrambling(struct intel_encoder *encoder,
struct drm_connector *connector,
bool high_tmds_clock_ratio,
--
2.32.0
When running as PVH or HVM guest with actual memory < max memory the
hypervisor is using "populate on demand" in order to allow the guest
to balloon down from its maximum memory size. For this to work
correctly the guest must not touch more memory pages than its target
memory size as otherwise the PoD cache will be exhausted and the guest
is crashed as a result of that.
In extreme cases ballooning down might not be finished today before
the init process is started, which can consume lots of memory.
In order to avoid random boot crashes in such cases, add a late init
call to wait for ballooning down having finished for PVH/HVM guests.
Warn on console if initial ballooning fails, panic() after stalling
for more than 3 minutes per default. Add a module parameter for
changing this timeout.
Cc: <stable(a)vger.kernel.org>
Reported-by: Marek Marczykowski-Górecki <marmarek(a)invisiblethingslab.com>
Signed-off-by: Juergen Gross <jgross(a)suse.com>
---
V2:
- add warning and panic() when stalling (Marek Marczykowski-Górecki)
- don't wait if credit > 0
V3:
- issue warning only after ballooning failed (Marek Marczykowski-Górecki)
- make panic() timeout configurable via parameter
---
.../stable/sysfs-devices-system-xen_memory | 10 +++
drivers/xen/balloon.c | 63 +++++++++++++++----
drivers/xen/xen-balloon.c | 2 +
include/xen/balloon.h | 1 +
4 files changed, 63 insertions(+), 13 deletions(-)
diff --git a/Documentation/ABI/stable/sysfs-devices-system-xen_memory b/Documentation/ABI/stable/sysfs-devices-system-xen_memory
index 6d83f95a8a8e..2da062e2c94a 100644
--- a/Documentation/ABI/stable/sysfs-devices-system-xen_memory
+++ b/Documentation/ABI/stable/sysfs-devices-system-xen_memory
@@ -84,3 +84,13 @@ Description:
Control scrubbing pages before returning them to Xen for others domains
use. Can be set with xen_scrub_pages cmdline
parameter. Default value controlled with CONFIG_XEN_SCRUB_PAGES_DEFAULT.
+
+What: /sys/devices/system/xen_memory/xen_memory0/boot_timeout
+Date: November 2021
+KernelVersion: 5.16
+Contact: xen-devel(a)lists.xenproject.org
+Description:
+ The time (in seconds) to wait before giving up to boot in case
+ initial ballooning fails to free enough memory. Applies only
+ when running as HVM or PVH guest and started with less memory
+ configured than allowed at max.
diff --git a/drivers/xen/balloon.c b/drivers/xen/balloon.c
index 3a50f097ed3e..98fae43d4cec 100644
--- a/drivers/xen/balloon.c
+++ b/drivers/xen/balloon.c
@@ -125,12 +125,12 @@ static struct ctl_table xen_root[] = {
* BP_ECANCELED: error, balloon operation canceled.
*/
-enum bp_state {
+static enum bp_state {
BP_DONE,
BP_WAIT,
BP_EAGAIN,
BP_ECANCELED
-};
+} balloon_state = BP_DONE;
/* Main waiting point for xen-balloon thread. */
static DECLARE_WAIT_QUEUE_HEAD(balloon_thread_wq);
@@ -494,9 +494,9 @@ static enum bp_state decrease_reservation(unsigned long nr_pages, gfp_t gfp)
* Stop waiting if either state is BP_DONE and ballooning action is
* needed, or if the credit has changed while state is not BP_DONE.
*/
-static bool balloon_thread_cond(enum bp_state state, long credit)
+static bool balloon_thread_cond(long credit)
{
- if (state == BP_DONE)
+ if (balloon_state == BP_DONE)
credit = 0;
return current_credit() != credit || kthread_should_stop();
@@ -510,13 +510,12 @@ static bool balloon_thread_cond(enum bp_state state, long credit)
*/
static int balloon_thread(void *unused)
{
- enum bp_state state = BP_DONE;
long credit;
unsigned long timeout;
set_freezable();
for (;;) {
- switch (state) {
+ switch (balloon_state) {
case BP_DONE:
case BP_ECANCELED:
timeout = 3600 * HZ;
@@ -532,7 +531,7 @@ static int balloon_thread(void *unused)
credit = current_credit();
wait_event_freezable_timeout(balloon_thread_wq,
- balloon_thread_cond(state, credit), timeout);
+ balloon_thread_cond(credit), timeout);
if (kthread_should_stop())
return 0;
@@ -543,22 +542,23 @@ static int balloon_thread(void *unused)
if (credit > 0) {
if (balloon_is_inflated())
- state = increase_reservation(credit);
+ balloon_state = increase_reservation(credit);
else
- state = reserve_additional_memory();
+ balloon_state = reserve_additional_memory();
}
if (credit < 0) {
long n_pages;
n_pages = min(-credit, si_mem_available());
- state = decrease_reservation(n_pages, GFP_BALLOON);
- if (state == BP_DONE && n_pages != -credit &&
+ balloon_state = decrease_reservation(n_pages,
+ GFP_BALLOON);
+ if (balloon_state == BP_DONE && n_pages != -credit &&
n_pages < totalreserve_pages)
- state = BP_EAGAIN;
+ balloon_state = BP_EAGAIN;
}
- state = update_schedule(state);
+ balloon_state = update_schedule(balloon_state);
mutex_unlock(&balloon_mutex);
@@ -731,6 +731,7 @@ static int __init balloon_init(void)
balloon_stats.max_schedule_delay = 32;
balloon_stats.retry_count = 1;
balloon_stats.max_retry_count = 4;
+ balloon_stats.boot_timeout = 180;
#ifdef CONFIG_XEN_BALLOON_MEMORY_HOTPLUG
set_online_page_callback(&xen_online_page);
@@ -765,3 +766,39 @@ static int __init balloon_init(void)
return 0;
}
subsys_initcall(balloon_init);
+
+static int __init balloon_wait_finish(void)
+{
+ long credit, last_credit = 0;
+ unsigned long last_changed;
+
+ if (!xen_domain())
+ return -ENODEV;
+
+ /* PV guests don't need to wait. */
+ if (xen_pv_domain() || !current_credit())
+ return 0;
+
+ pr_info("Waiting for initial ballooning down having finished.\n");
+
+ while ((credit = current_credit()) < 0) {
+ if (credit != last_credit) {
+ last_changed = jiffies;
+ last_credit = credit;
+ }
+ if (balloon_state == BP_ECANCELED) {
+ pr_warn_once("Initial ballooning failed, %ld pages need to be freed.\n",
+ -credit);
+ if (jiffies - last_changed >=
+ HZ * balloon_stats.boot_timeout)
+ panic("Initial ballooning failed!\n");
+ }
+
+ schedule_timeout_interruptible(HZ / 10);
+ }
+
+ pr_info("Initial ballooning down finished.\n");
+
+ return 0;
+}
+late_initcall_sync(balloon_wait_finish);
diff --git a/drivers/xen/xen-balloon.c b/drivers/xen/xen-balloon.c
index 8cd583db20b1..6e5db50ede0f 100644
--- a/drivers/xen/xen-balloon.c
+++ b/drivers/xen/xen-balloon.c
@@ -150,6 +150,7 @@ static DEVICE_ULONG_ATTR(schedule_delay, 0444, balloon_stats.schedule_delay);
static DEVICE_ULONG_ATTR(max_schedule_delay, 0644, balloon_stats.max_schedule_delay);
static DEVICE_ULONG_ATTR(retry_count, 0444, balloon_stats.retry_count);
static DEVICE_ULONG_ATTR(max_retry_count, 0644, balloon_stats.max_retry_count);
+static DEVICE_ULONG_ATTR(boot_timeout, 0644, balloon_stats.boot_timeout);
static DEVICE_BOOL_ATTR(scrub_pages, 0644, xen_scrub_pages);
static ssize_t target_kb_show(struct device *dev, struct device_attribute *attr,
@@ -211,6 +212,7 @@ static struct attribute *balloon_attrs[] = {
&dev_attr_max_schedule_delay.attr.attr,
&dev_attr_retry_count.attr.attr,
&dev_attr_max_retry_count.attr.attr,
+ &dev_attr_boot_timeout.attr.attr,
&dev_attr_scrub_pages.attr.attr,
NULL
};
diff --git a/include/xen/balloon.h b/include/xen/balloon.h
index 6dbdb0b3fd03..95a4187f263b 100644
--- a/include/xen/balloon.h
+++ b/include/xen/balloon.h
@@ -20,6 +20,7 @@ struct balloon_stats {
unsigned long max_schedule_delay;
unsigned long retry_count;
unsigned long max_retry_count;
+ unsigned long boot_timeout;
};
extern struct balloon_stats balloon_stats;
--
2.26.2