November 2021 - Linux-stable-mirror

[PATCH 4.19, v3] VFS: Fix memory leak caused by concurrently mounting fs with subtype

by ChenXiaoSong

If two processes mount same superblock, memory leak occurs: CPU0 | CPU1 do_new_mount | do_new_mount fs_set_subtype | fs_set_subtype kstrdup | | kstrdup memrory leak | The following reproducer triggers the problem: 1. shell command: mount -t ntfs /dev/sda1 /mnt & 2. c program: mount("/dev/sda1", "/mnt", "fuseblk", 0, "...") with kmemleak report being along the lines of unreferenced object 0xffff888235f1a5c0 (size 8): comm "mount.ntfs", pid 2860, jiffies 4295757824 (age 43.423s) hex dump (first 8 bytes): 00 a5 f1 35 82 88 ff ff ...5.... backtrace: [<00000000656e30cc>] __kmalloc_track_caller+0x16e/0x430 [<000000008e591727>] kstrdup+0x3e/0x90 [<000000008430d12b>] do_mount.cold+0x7b/0xd9 [<0000000078d639cd>] ksys_mount+0xb2/0x150 [<000000006015988d>] __x64_sys_mount+0x29/0x40 [<00000000e0a7c118>] do_syscall_64+0xc1/0x1d0 [<00000000bcea7df5>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [<00000000803a4067>] 0xffffffffffffffff Linus's tree already have refactoring patchset [1], one of them can fix this bug: c30da2e981a7 ("fuse: convert to use the new mount API") After refactoring, init super_block->s_subtype in fuse_fill_super. Since we did not merge the refactoring patchset in this branch, I create this patch. This patch fix this by adding a write lock while calling fs_set_subtype. [1] https://patchwork.kernel.org/project/linux-fsdevel/patch/20190903113640.798… Fixes: 79c0b2df79eb ("add filesystem subtype support") Cc: David Howells <dhowells(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: ChenXiaoSong <chenxiaosong2(a)huawei.com> --- v1: Can not mount sshfs ([PATCH linux-4.19.y] VFS: Fix fuseblk memory leak caused by mount concurrency) v2: Use write lock while writing superblock ([PATCH 4.19,v2] VFS: Fix fuseblk memory leak caused by mount concurrency) v3: Update commit message fs/namespace.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/fs/namespace.c b/fs/namespace.c index 2f3c6a0350a8..396ff1bcfdad 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -2490,9 +2490,12 @@ static int do_new_mount(struct path *path, const char *fstype, int sb_flags, return -ENODEV; mnt = vfs_kern_mount(type, sb_flags, name, data); - if (!IS_ERR(mnt) && (type->fs_flags & FS_HAS_SUBTYPE) && - !mnt->mnt_sb->s_subtype) - mnt = fs_set_subtype(mnt, fstype); + if (!IS_ERR(mnt) && (type->fs_flags & FS_HAS_SUBTYPE)) { + down_write(&mnt->mnt_sb->s_umount); + if (!mnt->mnt_sb->s_subtype) + mnt = fs_set_subtype(mnt, fstype); + up_write(&mnt->mnt_sb->s_umount); + } put_filesystem(type); if (IS_ERR(mnt)) -- 2.31.1

2 years, 6 months

1
0
0 0

[PATCH net] net: ethernet: microchip: lan743x: Fix skb allocation failure

by Yuiko Oshino

commit e8684db191e4164f3f5f3ad7dec04a6734c25f1c upstream. The driver allocates skb during ndo_open with GFP_ATOMIC which has high chance of failure when there are multiple instances. GFP_KERNEL is enough while open and use GFP_ATOMIC only from interrupt context. Fixes: 23f0703c125b ("lan743x: Add main source files for new lan743x driver") Signed-off-by: Yuiko Oshino <yuiko.oshino(a)microchip.com> cc: <stable(a)vger.kernel.org> # 5.4.x --- drivers/net/ethernet/microchip/lan743x_main.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/drivers/net/ethernet/microchip/lan743x_main.c b/drivers/net/ethernet/microchip/lan743x_main.c index dfa0ded169ee..d335fad34dd3 100644 --- a/drivers/net/ethernet/microchip/lan743x_main.c +++ b/drivers/net/ethernet/microchip/lan743x_main.c @@ -1888,13 +1888,13 @@ static int lan743x_rx_next_index(struct lan743x_rx *rx, int index) return ((++index) % rx->ring_size); } -static struct sk_buff *lan743x_rx_allocate_skb(struct lan743x_rx *rx) +static struct sk_buff *lan743x_rx_allocate_skb(struct lan743x_rx *rx, gfp_t gfp) { int length = 0; length = (LAN743X_MAX_FRAME_SIZE + ETH_HLEN + 4 + RX_HEAD_PADDING); return __netdev_alloc_skb(rx->adapter->netdev, - length, GFP_ATOMIC | GFP_DMA); + length, gfp); } static void lan743x_rx_update_tail(struct lan743x_rx *rx, int index) @@ -2067,7 +2067,8 @@ static int lan743x_rx_process_packet(struct lan743x_rx *rx) struct sk_buff *new_skb = NULL; int packet_length; - new_skb = lan743x_rx_allocate_skb(rx); + new_skb = lan743x_rx_allocate_skb(rx, + GFP_ATOMIC | GFP_DMA); if (!new_skb) { /* failed to allocate next skb. * Memory is very low. @@ -2294,7 +2295,8 @@ static int lan743x_rx_ring_init(struct lan743x_rx *rx) rx->last_head = 0; for (index = 0; index < rx->ring_size; index++) { - struct sk_buff *new_skb = lan743x_rx_allocate_skb(rx); + struct sk_buff *new_skb = lan743x_rx_allocate_skb(rx, + GFP_KERNEL); ret = lan743x_rx_init_ring_element(rx, index, new_skb); if (ret) -- 2.25.1

2 years, 6 months

1
0
0 0

[PATCH 4.19 00/35] 4.19.215-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.19.215 release. There are 35 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 03 Nov 2021 11:41:55 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.215-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.19.215-rc2 Xin Long <lucien.xin(a)gmail.com> sctp: add vtag check in sctp_sf_ootb Xin Long <lucien.xin(a)gmail.com> sctp: add vtag check in sctp_sf_do_8_5_1_E_sa Xin Long <lucien.xin(a)gmail.com> sctp: add vtag check in sctp_sf_violation Xin Long <lucien.xin(a)gmail.com> sctp: fix the processing for COOKIE_ECHO chunk Xin Long <lucien.xin(a)gmail.com> sctp: use init_tag from inithdr for ABORT chunk Trevor Woerner <twoerner(a)gmail.com> net: nxp: lpc_eth.c: avoid hang when bringing interface down Yuiko Oshino <yuiko.oshino(a)microchip.com> net: ethernet: microchip: lan743x: Fix dma allocation failure by using dma_set_mask_and_coherent Yuiko Oshino <yuiko.oshino(a)microchip.com> net: ethernet: microchip: lan743x: Fix driver crash when lan743x_pm_resume fails Guenter Roeck <linux(a)roeck-us.net> nios2: Make NIOS2_DTB_SOURCE_BOOL depend on !COMPILE_TEST Michael Chan <michael.chan(a)broadcom.com> net: Prevent infinite while loop in skb_tx_hash() Pavel Skripkin <paskripkin(a)gmail.com> net: batman-adv: fix error handling Yang Yingliang <yangyingliang(a)huawei.com> regmap: Fix possible double-free in regcache_rbtree_exit() Clément Bœsch <u(a)pkh.me> arm64: dts: allwinner: h5: NanoPI Neo 2: Fix ethernet node Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Set user priority for DCT Johan Hovold <johan(a)kernel.org> net: lan78xx: fix division by zero in send path Haibo Chen <haibo.chen(a)nxp.com> mmc: sdhci-esdhc-imx: clear the buffer_read_ready to reset standard tuning circuit Shawn Guo <shawn.guo(a)linaro.org> mmc: sdhci: Map more voltage level to SDHCI_POWER_330 Jaehoon Chung <jh80.chung(a)samsung.com> mmc: dw_mmc: exynos: fix the finding clock sample value Wenbin Mei <wenbin.mei(a)mediatek.com> mmc: cqhci: clear HALT state after CQE enable Johan Hovold <johan(a)kernel.org> mmc: vub300: fix control-message timeouts Eric Dumazet <edumazet(a)google.com> ipv6: make exception cache less predictible Eric Dumazet <edumazet(a)google.com> ipv6: use siphash in rt6_exception_hash() Eric Dumazet <edumazet(a)google.com> ipv4: use siphash instead of Jenkins in fnhe_hashfun() Pavel Skripkin <paskripkin(a)gmail.com> Revert "net: mdiobus: Fix memory leak in __mdiobus_register" Krzysztof Kozlowski <krzysztof.kozlowski(a)canonical.com> nfc: port100: fix using -ERRNO as command type mask Zheyu Ma <zheyuma97(a)gmail.com> ata: sata_mv: Fix the error handling of mv_chip_id() Wang Hai <wanghai38(a)huawei.com> usbnet: fix error return code in usbnet_probe() Oliver Neukum <oneukum(a)suse.com> usbnet: sanity check for maxpacket Nathan Chancellor <natechancellor(a)gmail.com> ARM: 8819/1: Remove '-p' from LDFLAGS Robin Murphy <robin.murphy(a)arm.com> arm64: Avoid premature usercopy failure Naveen N. Rao <naveen.n.rao(a)linux.vnet.ibm.com> powerpc/bpf: Fix BPF_MOD when imm == 1 Arnd Bergmann <arnd(a)arndb.de> ARM: 9141/1: only warn about XIP address when not compile testing Arnd Bergmann <arnd(a)arndb.de> ARM: 9139/1: kprobes: fix arch_init_kprobes() prototype Arnd Bergmann <arnd(a)arndb.de> ARM: 9134/1: remove duplicate memcpy() definition Nick Desaulniers <ndesaulniers(a)google.com> ARM: 9133/1: mm: proc-macros: ensure *_tlb_fns are 4B aligned ------------- Diffstat: Makefile | 4 +- arch/arm/Makefile | 2 +- arch/arm/boot/bootp/Makefile | 2 +- arch/arm/boot/compressed/Makefile | 2 - arch/arm/boot/compressed/decompress.c | 3 ++ arch/arm/kernel/vmlinux-xip.lds.S | 2 +- arch/arm/mm/proc-macros.S | 1 + arch/arm/probes/kprobes/core.c | 2 +- .../boot/dts/allwinner/sun50i-h5-nanopi-neo2.dts | 2 +- arch/arm64/lib/copy_from_user.S | 13 +++-- arch/arm64/lib/copy_in_user.S | 20 +++++--- arch/arm64/lib/copy_to_user.S | 14 ++++-- arch/nios2/platform/Kconfig.platform | 1 + arch/powerpc/net/bpf_jit_comp64.c | 10 +++- drivers/ata/sata_mv.c | 4 +- drivers/base/regmap/regcache-rbtree.c | 7 ++- drivers/infiniband/hw/mlx5/qp.c | 2 + drivers/mmc/host/cqhci.c | 3 ++ drivers/mmc/host/dw_mmc-exynos.c | 14 ++++++ drivers/mmc/host/sdhci-esdhc-imx.c | 17 +++++++ drivers/mmc/host/sdhci.c | 6 +++ drivers/mmc/host/vub300.c | 18 +++---- drivers/net/ethernet/microchip/lan743x_main.c | 22 +++++++++ drivers/net/ethernet/nxp/lpc_eth.c | 5 +- drivers/net/phy/mdio_bus.c | 1 - drivers/net/usb/lan78xx.c | 6 +++ drivers/net/usb/usbnet.c | 5 ++ drivers/nfc/port100.c | 4 +- net/batman-adv/bridge_loop_avoidance.c | 8 +++- net/batman-adv/main.c | 56 +++++++++++++++------- net/batman-adv/network-coding.c | 4 +- net/batman-adv/translation-table.c | 4 +- net/core/dev.c | 6 +++ net/ipv4/route.c | 12 ++--- net/ipv6/route.c | 25 +++++++--- net/sctp/sm_statefuns.c | 30 ++++++++---- 36 files changed, 250 insertions(+), 87 deletions(-)

2 years, 6 months

8
7
0 0

[PATCH 4.4 00/17] 4.4.291-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.4.291 release. There are 17 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 03 Nov 2021 08:24:20 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.291-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.4.291-rc1 Xin Long <lucien.xin(a)gmail.com> sctp: add vtag check in sctp_sf_violation Xin Long <lucien.xin(a)gmail.com> sctp: use init_tag from inithdr for ABORT chunk Guenter Roeck <linux(a)roeck-us.net> nios2: Make NIOS2_DTB_SOURCE_BOOL depend on !COMPILE_TEST Yang Yingliang <yangyingliang(a)huawei.com> regmap: Fix possible double-free in regcache_rbtree_exit() Johan Hovold <johan(a)kernel.org> net: lan78xx: fix division by zero in send path Shawn Guo <shawn.guo(a)linaro.org> mmc: sdhci: Map more voltage level to SDHCI_POWER_330 Jaehoon Chung <jh80.chung(a)samsung.com> mmc: dw_mmc: exynos: fix the finding clock sample value Johan Hovold <johan(a)kernel.org> mmc: vub300: fix control-message timeouts Pavel Skripkin <paskripkin(a)gmail.com> Revert "net: mdiobus: Fix memory leak in __mdiobus_register" Krzysztof Kozlowski <krzysztof.kozlowski(a)canonical.com> nfc: port100: fix using -ERRNO as command type mask Zheyu Ma <zheyuma97(a)gmail.com> ata: sata_mv: Fix the error handling of mv_chip_id() Wang Hai <wanghai38(a)huawei.com> usbnet: fix error return code in usbnet_probe() Oliver Neukum <oneukum(a)suse.com> usbnet: sanity check for maxpacket Nathan Chancellor <natechancellor(a)gmail.com> ARM: 8819/1: Remove '-p' from LDFLAGS Arnd Bergmann <arnd(a)arndb.de> ARM: 9139/1: kprobes: fix arch_init_kprobes() prototype Arnd Bergmann <arnd(a)arndb.de> ARM: 9134/1: remove duplicate memcpy() definition Nick Desaulniers <ndesaulniers(a)google.com> ARM: 9133/1: mm: proc-macros: ensure *_tlb_fns are 4B aligned ------------- Diffstat: Makefile | 4 ++-- arch/arm/Makefile | 2 +- arch/arm/boot/bootp/Makefile | 2 +- arch/arm/boot/compressed/Makefile | 2 -- arch/arm/boot/compressed/decompress.c | 3 +++ arch/arm/mm/proc-macros.S | 1 + arch/arm/probes/kprobes/core.c | 2 +- arch/nios2/platform/Kconfig.platform | 1 + drivers/ata/sata_mv.c | 4 ++-- drivers/base/regmap/regcache-rbtree.c | 7 +++---- drivers/mmc/host/dw_mmc-exynos.c | 14 ++++++++++++++ drivers/mmc/host/sdhci.c | 6 ++++++ drivers/mmc/host/vub300.c | 18 +++++++++--------- drivers/net/phy/mdio_bus.c | 1 - drivers/net/usb/lan78xx.c | 6 ++++++ drivers/net/usb/usbnet.c | 5 +++++ drivers/nfc/port100.c | 4 ++-- net/sctp/sm_statefuns.c | 4 ++++ 18 files changed, 61 insertions(+), 25 deletions(-)

2 years, 6 months

6
22
0 0

[PATCH 5.4 00/51] 5.4.157-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.4.157 release. There are 51 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 03 Nov 2021 11:42:01 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.157-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.4.157-rc2 Song Liu <songliubraving(a)fb.com> perf script: Check session->header.env.arch before using it Halil Pasic <pasic(a)linux.ibm.com> KVM: s390: preserve deliverable_mask in __airqs_kick_single_vcpu Halil Pasic <pasic(a)linux.ibm.com> KVM: s390: clear kicked_mask before sleeping again Janusz Dziedzic <janusz.dziedzic(a)gmail.com> cfg80211: correct bridge/4addr mode check Julian Wiedmann <jwi(a)linux.ibm.com> net: use netif_is_bridge_port() to check for IFF_BRIDGE_PORT Xin Long <lucien.xin(a)gmail.com> sctp: add vtag check in sctp_sf_ootb Xin Long <lucien.xin(a)gmail.com> sctp: add vtag check in sctp_sf_do_8_5_1_E_sa Xin Long <lucien.xin(a)gmail.com> sctp: add vtag check in sctp_sf_violation Xin Long <lucien.xin(a)gmail.com> sctp: fix the processing for COOKIE_ECHO chunk Xin Long <lucien.xin(a)gmail.com> sctp: fix the processing for INIT_ACK chunk Xin Long <lucien.xin(a)gmail.com> sctp: use init_tag from inithdr for ABORT chunk Andrew Lunn <andrew(a)lunn.ch> phy: phy_start_aneg: Add an unlocked version Andrew Lunn <andrew(a)lunn.ch> phy: phy_ethtool_ksettings_get: Lock the phy for consistency Daniel Jordan <daniel.m.jordan(a)oracle.com> net/tls: Fix flipped sign in async_wait.err assignment Trevor Woerner <twoerner(a)gmail.com> net: nxp: lpc_eth.c: avoid hang when bringing interface down Yuiko Oshino <yuiko.oshino(a)microchip.com> net: ethernet: microchip: lan743x: Fix dma allocation failure by using dma_set_mask_and_coherent Yuiko Oshino <yuiko.oshino(a)microchip.com> net: ethernet: microchip: lan743x: Fix driver crash when lan743x_pm_resume fails Guenter Roeck <linux(a)roeck-us.net> nios2: Make NIOS2_DTB_SOURCE_BOOL depend on !COMPILE_TEST Mark Zhang <markzhang(a)nvidia.com> RDMA/sa_query: Use strscpy_pad instead of memcpy to copy a string Michael Chan <michael.chan(a)broadcom.com> net: Prevent infinite while loop in skb_tx_hash() Pavel Skripkin <paskripkin(a)gmail.com> net: batman-adv: fix error handling Yang Yingliang <yangyingliang(a)huawei.com> regmap: Fix possible double-free in regcache_rbtree_exit() Clément Bœsch <u(a)pkh.me> arm64: dts: allwinner: h5: NanoPI Neo 2: Fix ethernet node Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Set user priority for DCT Varun Prakash <varun(a)chelsio.com> nvme-tcp: fix data digest pointer calculation Varun Prakash <varun(a)chelsio.com> nvmet-tcp: fix data digest pointer calculation Mike Marciniszyn <mike.marciniszyn(a)cornelisnetworks.com> IB/hfi1: Fix abba locking issue with sc_disable() Mike Marciniszyn <mike.marciniszyn(a)cornelisnetworks.com> IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields Liu Jian <liujian56(a)huawei.com> tcp_bpf: Fix one concurrency problem in the tcp_bpf_send_verdict function Christian König <christian.koenig(a)amd.com> drm/ttm: fix memleak in ttm_transfered_destroy Johan Hovold <johan(a)kernel.org> net: lan78xx: fix division by zero in send path Johannes Berg <johannes.berg(a)intel.com> cfg80211: scan: fix RCU in cfg80211_add_nontrans_list() Haibo Chen <haibo.chen(a)nxp.com> mmc: sdhci-esdhc-imx: clear the buffer_read_ready to reset standard tuning circuit Shawn Guo <shawn.guo(a)linaro.org> mmc: sdhci: Map more voltage level to SDHCI_POWER_330 Jaehoon Chung <jh80.chung(a)samsung.com> mmc: dw_mmc: exynos: fix the finding clock sample value Wenbin Mei <wenbin.mei(a)mediatek.com> mmc: cqhci: clear HALT state after CQE enable Johan Hovold <johan(a)kernel.org> mmc: vub300: fix control-message timeouts Daniel Jordan <daniel.m.jordan(a)oracle.com> net/tls: Fix flipped sign in tls_err_abort() calls Pavel Skripkin <paskripkin(a)gmail.com> Revert "net: mdiobus: Fix memory leak in __mdiobus_register" Krzysztof Kozlowski <krzysztof.kozlowski(a)canonical.com> nfc: port100: fix using -ERRNO as command type mask Zheyu Ma <zheyuma97(a)gmail.com> ata: sata_mv: Fix the error handling of mv_chip_id() Rafał Miłecki <rafal(a)milecki.pl> Revert "pinctrl: bcm: ns: support updated DT binding as syscon subnode" Wang Hai <wanghai38(a)huawei.com> usbnet: fix error return code in usbnet_probe() Oliver Neukum <oneukum(a)suse.com> usbnet: sanity check for maxpacket Eric Dumazet <edumazet(a)google.com> ipv4: use siphash instead of Jenkins in fnhe_hashfun() Eric Dumazet <edumazet(a)google.com> ipv6: use siphash in rt6_exception_hash() Naveen N. Rao <naveen.n.rao(a)linux.vnet.ibm.com> powerpc/bpf: Fix BPF_MOD when imm == 1 Arnd Bergmann <arnd(a)arndb.de> ARM: 9141/1: only warn about XIP address when not compile testing Arnd Bergmann <arnd(a)arndb.de> ARM: 9139/1: kprobes: fix arch_init_kprobes() prototype Arnd Bergmann <arnd(a)arndb.de> ARM: 9134/1: remove duplicate memcpy() definition Nick Desaulniers <ndesaulniers(a)google.com> ARM: 9133/1: mm: proc-macros: ensure *_tlb_fns are 4B aligned ------------- Diffstat: Makefile | 4 +- arch/arm/boot/compressed/decompress.c | 3 + arch/arm/kernel/vmlinux-xip.lds.S | 2 +- arch/arm/mm/proc-macros.S | 1 + arch/arm/probes/kprobes/core.c | 2 +- .../boot/dts/allwinner/sun50i-h5-nanopi-neo2.dts | 2 +- arch/nios2/platform/Kconfig.platform | 1 + arch/powerpc/net/bpf_jit_comp64.c | 10 +++- arch/s390/kvm/interrupt.c | 5 +- arch/s390/kvm/kvm-s390.c | 1 + drivers/ata/sata_mv.c | 4 +- drivers/base/regmap/regcache-rbtree.c | 7 +-- drivers/gpu/drm/ttm/ttm_bo_util.c | 1 + drivers/infiniband/core/sa_query.c | 5 +- drivers/infiniband/hw/hfi1/pio.c | 9 ++- drivers/infiniband/hw/mlx5/qp.c | 2 + drivers/infiniband/hw/qib/qib_user_sdma.c | 33 +++++++---- drivers/mmc/host/cqhci.c | 3 + drivers/mmc/host/dw_mmc-exynos.c | 14 +++++ drivers/mmc/host/sdhci-esdhc-imx.c | 17 ++++++ drivers/mmc/host/sdhci.c | 6 ++ drivers/mmc/host/vub300.c | 18 +++--- drivers/net/bonding/bond_main.c | 2 +- drivers/net/ethernet/micrel/ksz884x.c | 2 +- drivers/net/ethernet/microchip/lan743x_main.c | 22 +++++++ drivers/net/ethernet/nxp/lpc_eth.c | 5 +- drivers/net/phy/mdio_bus.c | 1 - drivers/net/phy/phy.c | 32 +++++++++-- drivers/net/usb/lan78xx.c | 6 ++ drivers/net/usb/usbnet.c | 5 ++ drivers/nfc/port100.c | 4 +- drivers/nvme/host/tcp.c | 2 +- drivers/nvme/target/tcp.c | 2 +- drivers/pinctrl/bcm/pinctrl-ns.c | 29 ++++------ include/net/tls.h | 9 +-- net/batman-adv/bridge_loop_avoidance.c | 8 ++- net/batman-adv/main.c | 56 ++++++++++++------ net/batman-adv/network-coding.c | 4 +- net/batman-adv/translation-table.c | 4 +- net/core/dev.c | 6 ++ net/core/rtnetlink.c | 12 ++-- net/ipv4/route.c | 12 ++-- net/ipv4/tcp_bpf.c | 12 ++++ net/ipv6/route.c | 20 +++++-- net/sctp/sm_statefuns.c | 67 +++++++++++++--------- net/tls/tls_sw.c | 19 ++++-- net/wireless/nl80211.c | 2 +- net/wireless/scan.c | 7 ++- net/wireless/util.c | 14 ++--- tools/perf/builtin-script.c | 12 ++-- 50 files changed, 360 insertions(+), 166 deletions(-)

2 years, 6 months

7
6
0 0

[PATCH v9 02/17] powerpc/kvm: Fix kvm_use_magic_page

by Andreas Gruenbacher

When switching from __get_user to fault_in_pages_readable, commit 9f9eae5ce717 broke kvm_use_magic_page: like __get_user, fault_in_pages_readable returns 0 on success. Fixes: 9f9eae5ce717 ("powerpc/kvm: Prefer fault_in_pages_readable function") Cc: stable(a)vger.kernel.org # v4.18+ Signed-off-by: Andreas Gruenbacher <agruenba(a)redhat.com> --- arch/powerpc/kernel/kvm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/powerpc/kernel/kvm.c b/arch/powerpc/kernel/kvm.c index 617eba82531c..d89cf802d9aa 100644 --- a/arch/powerpc/kernel/kvm.c +++ b/arch/powerpc/kernel/kvm.c @@ -669,7 +669,7 @@ static void __init kvm_use_magic_page(void) on_each_cpu(kvm_map_magic_page, &features, 1); /* Quick self-test to see if the mapping works */ - if (!fault_in_pages_readable((const char *)KVM_MAGIC_PAGE, sizeof(u32))) { + if (fault_in_pages_readable((const char *)KVM_MAGIC_PAGE, sizeof(u32))) { kvm_patching_worked = false; return; } -- 2.31.1

2 years, 6 months

1
0
0 0

[PATCH v2] PCI: Limit REBAR quirk to just Sapphire RX 5600 XT Pulse

by Robin McCorkell

A particular RX 5600 device requires a hack in the rebar logic, but the current branch is too general and catches other devices too, breaking them. This patch changes the branch to be more selective on the particular revision. This patch fixes intermittent freezes on other RX 5600 devices where the hack is unnecessary. Credit to all contributors in the linked issue on the AMD bug tracker. See also: https://gitlab.freedesktop.org/drm/amd/-/issues/1707 Fixes: 907830b0fc9e ("PCI: Add a REBAR size quirk for Sapphire RX 5600 XT Pulse") Cc: stable(a)vger.kernel.org # v5.12+ Signed-off-by: Robin McCorkell <robin(a)mccorkell.me.uk> Reported-by: Simon May <@Socob on gitlab.freedesktop.com> Tested-by: Kain Centeno <@kaincenteno on gitlab.freedesktop.com> Tested-by: Tobias Jakobi <@tobiasjakobi on gitlab.freedesktop.com> Suggested-by: lijo lazar <@lijo on gitlab.freedesktop.com> --- drivers/pci/pci.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c index ce2ab62b64cf..1fe75243019e 100644 --- a/drivers/pci/pci.c +++ b/drivers/pci/pci.c @@ -3647,7 +3647,7 @@ u32 pci_rebar_get_possible_sizes(struct pci_dev *pdev, int bar) /* Sapphire RX 5600 XT Pulse has an invalid cap dword for BAR 0 */ if (pdev->vendor == PCI_VENDOR_ID_ATI && pdev->device == 0x731f && - bar == 0 && cap == 0x7000) + pdev->revision == 0xC1 && bar == 0 && cap == 0x7000) cap = 0x3f000; return cap >> 4; -- 2.31.1

2 years, 6 months

4
3
0 0

[PATCH 1/2] cec: copy sequence field for the reply

by Hans Verkuil

When the reply for a non-blocking transmit arrives, the sequence field for that reply was never filled in, so userspace would have no way of associating the reply to the original transmit. Copy the sequence field to ensure that this is now possible. Signed-off-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> Fixes: 0dbacebede1e ([media] cec: move the CEC framework out of staging and to media) Cc: <stable(a)vger.kernel.org> --- drivers/media/cec/core/cec-adap.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/media/cec/core/cec-adap.c b/drivers/media/cec/core/cec-adap.c index 79fa36de8a04..cd9cb354dc2c 100644 --- a/drivers/media/cec/core/cec-adap.c +++ b/drivers/media/cec/core/cec-adap.c @@ -1199,6 +1199,7 @@ void cec_received_msg_ts(struct cec_adapter *adap, if (abort) dst->rx_status |= CEC_RX_STATUS_FEATURE_ABORT; msg->flags = dst->flags; + msg->sequence = dst->sequence; /* Remove it from the wait_queue */ list_del_init(&data->list); -- 2.33.0

2 years, 6 months

1
0
0 0

[PATCH v3] KVM: PPC: Tick accounting should defer vtime accounting 'til after IRQ handling

by Nicholas Piggin

From: Laurent Vivier <lvivier(a)redhat.com> Commit 112665286d08 ("KVM: PPC: Book3S HV: Context tracking exit guest context before enabling irqs") moved guest_exit() into the interrupt protected area to avoid wrong context warning (or worse). The problem is that tick-based time accounting has not yet been updated at this point (because it depends on the timer interrupt firing), so the guest time gets incorrectly accounted to system time. To fix the problem, follow the x86 fix in commit 160457140187 ("Defer vtime accounting 'til after IRQ handling"), and allow host IRQs to run before accounting the guest exit time. In the case vtime accounting is enabled, this is not required because TB is used directly for accounting. Before this patch, with CONFIG_TICK_CPU_ACCOUNTING=y in the host and a guest running a kernel compile, the 'guest' fields of /proc/stat are stuck at zero. With the patch they can be observed increasing roughly as expected. Fixes: e233d54d4d97 ("KVM: booke: use __kvm_guest_exit") Fixes: 112665286d08 ("KVM: PPC: Book3S HV: Context tracking exit guest context before enabling irqs") Cc: <stable(a)vger.kernel.org> # 5.12 Signed-off-by: Laurent Vivier <lvivier(a)redhat.com> [np: only required for tick accounting, add Book3E fix, tweak changelog] Signed-off-by: Nicholas Piggin <npiggin(a)gmail.com> --- Since v2: - I took over the patch with Laurent's blessing. - Changed to avoid processing IRQs if we do have vtime accounting enabled. - Changed so in either case the accounting is called with irqs disabled. - Added similar Book3E fix. - Rebased on upstream, tested, observed bug and confirmed fix. arch/powerpc/kvm/book3s_hv.c | 30 ++++++++++++++++++++++++++++-- arch/powerpc/kvm/booke.c | 16 +++++++++++++++- 2 files changed, 43 insertions(+), 3 deletions(-) diff --git a/arch/powerpc/kvm/book3s_hv.c b/arch/powerpc/kvm/book3s_hv.c index 2acb1c96cfaf..7b74fc0a986b 100644 --- a/arch/powerpc/kvm/book3s_hv.c +++ b/arch/powerpc/kvm/book3s_hv.c @@ -3726,7 +3726,20 @@ static noinline void kvmppc_run_core(struct kvmppc_vcore *vc) kvmppc_set_host_core(pcpu); - guest_exit_irqoff(); + context_tracking_guest_exit(); + if (!vtime_accounting_enabled_this_cpu()) { + local_irq_enable(); + /* + * Service IRQs here before vtime_account_guest_exit() so any + * ticks that occurred while running the guest are accounted to + * the guest. If vtime accounting is enabled, accounting uses + * TB rather than ticks, so it can be done without enabling + * interrupts here, which has the problem that it accounts + * interrupt processing overhead to the host. + */ + local_irq_disable(); + } + vtime_account_guest_exit(); local_irq_enable(); @@ -4510,7 +4523,20 @@ int kvmhv_run_single_vcpu(struct kvm_vcpu *vcpu, u64 time_limit, kvmppc_set_host_core(pcpu); - guest_exit_irqoff(); + context_tracking_guest_exit(); + if (!vtime_accounting_enabled_this_cpu()) { + local_irq_enable(); + /* + * Service IRQs here before vtime_account_guest_exit() so any + * ticks that occurred while running the guest are accounted to + * the guest. If vtime accounting is enabled, accounting uses + * TB rather than ticks, so it can be done without enabling + * interrupts here, which has the problem that it accounts + * interrupt processing overhead to the host. + */ + local_irq_disable(); + } + vtime_account_guest_exit(); local_irq_enable(); diff --git a/arch/powerpc/kvm/booke.c b/arch/powerpc/kvm/booke.c index 977801c83aff..8c15c90dd3a9 100644 --- a/arch/powerpc/kvm/booke.c +++ b/arch/powerpc/kvm/booke.c @@ -1042,7 +1042,21 @@ int kvmppc_handle_exit(struct kvm_vcpu *vcpu, unsigned int exit_nr) } trace_kvm_exit(exit_nr, vcpu); - guest_exit_irqoff(); + + context_tracking_guest_exit(); + if (!vtime_accounting_enabled_this_cpu()) { + local_irq_enable(); + /* + * Service IRQs here before vtime_account_guest_exit() so any + * ticks that occurred while running the guest are accounted to + * the guest. If vtime accounting is enabled, accounting uses + * TB rather than ticks, so it can be done without enabling + * interrupts here, which has the problem that it accounts + * interrupt processing overhead to the host. + */ + local_irq_disable(); + } + vtime_account_guest_exit(); local_irq_enable(); -- 2.23.0

2 years, 6 months

3
4
0 0

[PATCH 1/2] ocfs2: Fix data corruption on truncate

by Jan Kara

ocfs2_truncate_file() did unmap invalidate page cache pages before zeroing partial tail cluster and setting i_size. Thus some pages could be left (and likely have left if the cluster zeroing happened) in the page cache beyond i_size after truncate finished letting user possibly see stale data once the file was extended again. Also the tail cluster zeroing was not guaranteed to finish before truncate finished causing possible stale data exposure. The problem started to be particularly easy to hit after commit 6dbf7bb55598 "fs: Don't invalidate page buffers in block_write_full_page()" stopped invalidation of pages beyond i_size from page writeback path. Fix these problems by unmapping and invalidating pages in the page cache after the i_size is reduced and tail cluster is zeroed out. CC: stable(a)vger.kernel.org Fixes: ccd979bdbce9 ("[PATCH] OCFS2: The Second Oracle Cluster Filesystem") Signed-off-by: Jan Kara <jack(a)suse.cz> --- fs/ocfs2/file.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/fs/ocfs2/file.c b/fs/ocfs2/file.c index 54d7843c0211..fc5f780fa235 100644 --- a/fs/ocfs2/file.c +++ b/fs/ocfs2/file.c @@ -476,10 +476,11 @@ int ocfs2_truncate_file(struct inode *inode, * greater than page size, so we have to truncate them * anyway. */ - unmap_mapping_range(inode->i_mapping, new_i_size + PAGE_SIZE - 1, 0, 1); - truncate_inode_pages(inode->i_mapping, new_i_size); if (OCFS2_I(inode)->ip_dyn_features & OCFS2_INLINE_DATA_FL) { + unmap_mapping_range(inode->i_mapping, + new_i_size + PAGE_SIZE - 1, 0, 1); + truncate_inode_pages(inode->i_mapping, new_i_size); status = ocfs2_truncate_inline(inode, di_bh, new_i_size, i_size_read(inode), 1); if (status) @@ -498,6 +499,9 @@ int ocfs2_truncate_file(struct inode *inode, goto bail_unlock_sem; } + unmap_mapping_range(inode->i_mapping, new_i_size + PAGE_SIZE - 1, 0, 1); + truncate_inode_pages(inode->i_mapping, new_i_size); + status = ocfs2_commit_truncate(osb, inode, di_bh); if (status < 0) { mlog_errno(status); -- 2.26.2

2 years, 6 months

2
5
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror November 2021