September 2022 - Linux-stable-mirror

FAILED: patch "[PATCH] mm/rmap: Fix anon_vma->degree ambiguity leading to" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2555283eb40df89945557273121e9393ef9b542b Mon Sep 17 00:00:00 2001 From: Jann Horn <jannh(a)google.com> Date: Wed, 31 Aug 2022 19:06:00 +0200 Subject: [PATCH] mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse anon_vma->degree tracks the combined number of child anon_vmas and VMAs that use the anon_vma as their ->anon_vma. anon_vma_clone() then assumes that for any anon_vma attached to src->anon_vma_chain other than src->anon_vma, it is impossible for it to be a leaf node of the VMA tree, meaning that for such VMAs ->degree is elevated by 1 because of a child anon_vma, meaning that if ->degree equals 1 there are no VMAs that use the anon_vma as their ->anon_vma. This assumption is wrong because the ->degree optimization leads to leaf nodes being abandoned on anon_vma_clone() - an existing anon_vma is reused and no new parent-child relationship is created. So it is possible to reuse an anon_vma for one VMA while it is still tied to another VMA. This is an issue because is_mergeable_anon_vma() and its callers assume that if two VMAs have the same ->anon_vma, the list of anon_vmas attached to the VMAs is guaranteed to be the same. When this assumption is violated, vma_merge() can merge pages into a VMA that is not attached to the corresponding anon_vma, leading to dangling page->mapping pointers that will be dereferenced during rmap walks. Fix it by separately tracking the number of child anon_vmas and the number of VMAs using the anon_vma as their ->anon_vma. Fixes: 7a3ef208e662 ("mm: prevent endless growth of anon_vma hierarchy") Cc: stable(a)kernel.org Acked-by: Michal Hocko <mhocko(a)suse.com> Acked-by: Vlastimil Babka <vbabka(a)suse.cz> Signed-off-by: Jann Horn <jannh(a)google.com> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> diff --git a/include/linux/rmap.h b/include/linux/rmap.h index bf80adca980b..b89b4b86951f 100644 --- a/include/linux/rmap.h +++ b/include/linux/rmap.h @@ -41,12 +41,15 @@ struct anon_vma { atomic_t refcount; /* - * Count of child anon_vmas and VMAs which points to this anon_vma. + * Count of child anon_vmas. Equals to the count of all anon_vmas that + * have ->parent pointing to this one, including itself. * * This counter is used for making decision about reusing anon_vma * instead of forking new one. See comments in function anon_vma_clone. */ - unsigned degree; + unsigned long num_children; + /* Count of VMAs whose ->anon_vma pointer points to this object. */ + unsigned long num_active_vmas; struct anon_vma *parent; /* Parent of this anon_vma */ diff --git a/mm/rmap.c b/mm/rmap.c index edc06c52bc82..93d5a6f793d2 100644 --- a/mm/rmap.c +++ b/mm/rmap.c @@ -93,7 +93,8 @@ static inline struct anon_vma *anon_vma_alloc(void) anon_vma = kmem_cache_alloc(anon_vma_cachep, GFP_KERNEL); if (anon_vma) { atomic_set(&anon_vma->refcount, 1); - anon_vma->degree = 1; /* Reference for first vma */ + anon_vma->num_children = 0; + anon_vma->num_active_vmas = 0; anon_vma->parent = anon_vma; /* * Initialise the anon_vma root to point to itself. If called @@ -201,6 +202,7 @@ int __anon_vma_prepare(struct vm_area_struct *vma) anon_vma = anon_vma_alloc(); if (unlikely(!anon_vma)) goto out_enomem_free_avc; + anon_vma->num_children++; /* self-parent link for new root */ allocated = anon_vma; } @@ -210,8 +212,7 @@ int __anon_vma_prepare(struct vm_area_struct *vma) if (likely(!vma->anon_vma)) { vma->anon_vma = anon_vma; anon_vma_chain_link(vma, avc, anon_vma); - /* vma reference or self-parent link for new root */ - anon_vma->degree++; + anon_vma->num_active_vmas++; allocated = NULL; avc = NULL; } @@ -296,19 +297,19 @@ int anon_vma_clone(struct vm_area_struct *dst, struct vm_area_struct *src) anon_vma_chain_link(dst, avc, anon_vma); /* - * Reuse existing anon_vma if its degree lower than two, - * that means it has no vma and only one anon_vma child. + * Reuse existing anon_vma if it has no vma and only one + * anon_vma child. * - * Do not choose parent anon_vma, otherwise first child - * will always reuse it. Root anon_vma is never reused: + * Root anon_vma is never reused: * it has self-parent reference and at least one child. */ if (!dst->anon_vma && src->anon_vma && - anon_vma != src->anon_vma && anon_vma->degree < 2) + anon_vma->num_children < 2 && + anon_vma->num_active_vmas == 0) dst->anon_vma = anon_vma; } if (dst->anon_vma) - dst->anon_vma->degree++; + dst->anon_vma->num_active_vmas++; unlock_anon_vma_root(root); return 0; @@ -358,6 +359,7 @@ int anon_vma_fork(struct vm_area_struct *vma, struct vm_area_struct *pvma) anon_vma = anon_vma_alloc(); if (!anon_vma) goto out_error; + anon_vma->num_active_vmas++; avc = anon_vma_chain_alloc(GFP_KERNEL); if (!avc) goto out_error_free_anon_vma; @@ -378,7 +380,7 @@ int anon_vma_fork(struct vm_area_struct *vma, struct vm_area_struct *pvma) vma->anon_vma = anon_vma; anon_vma_lock_write(anon_vma); anon_vma_chain_link(vma, avc, anon_vma); - anon_vma->parent->degree++; + anon_vma->parent->num_children++; anon_vma_unlock_write(anon_vma); return 0; @@ -410,7 +412,7 @@ void unlink_anon_vmas(struct vm_area_struct *vma) * to free them outside the lock. */ if (RB_EMPTY_ROOT(&anon_vma->rb_root.rb_root)) { - anon_vma->parent->degree--; + anon_vma->parent->num_children--; continue; } @@ -418,7 +420,7 @@ void unlink_anon_vmas(struct vm_area_struct *vma) anon_vma_chain_free(avc); } if (vma->anon_vma) { - vma->anon_vma->degree--; + vma->anon_vma->num_active_vmas--; /* * vma would still be needed after unlink, and anon_vma will be prepared @@ -436,7 +438,8 @@ void unlink_anon_vmas(struct vm_area_struct *vma) list_for_each_entry_safe(avc, next, &vma->anon_vma_chain, same_vma) { struct anon_vma *anon_vma = avc->anon_vma; - VM_WARN_ON(anon_vma->degree); + VM_WARN_ON(anon_vma->num_children); + VM_WARN_ON(anon_vma->num_active_vmas); put_anon_vma(anon_vma); list_del(&avc->same_vma);

2 years, 2 months

1
0
0 0

[PATCH 5.15 000/136] 5.15.64-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.64 release. There are 136 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 31 Aug 2022 10:57:37 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.64-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.64-rc1 Daniel Borkmann <daniel(a)iogearbox.net> bpf: Don't use tnum_range on array range checking for poke descriptors Saurabh Sengar <ssengar(a)linux.microsoft.com> scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq Kiwoong Kim <kwmad.kim(a)samsung.com> scsi: ufs: core: Enable link lost interrupt Ian Rogers <irogers(a)google.com> perf stat: Clear evsel->reset_group for each stat run Stephane Eranian <eranian(a)google.com> perf/x86/intel/ds: Fix precise store latency handling Stephane Eranian <eranian(a)google.com> perf/x86/intel/uncore: Fix broken read_counter() for SNB IMC PMU James Clark <james.clark(a)arm.com> perf python: Fix build when PYTHON_CONFIG is user supplied Yu Kuai <yukuai3(a)huawei.com> blk-mq: fix io hung due to missing commit_rqs Salvatore Bonaccorso <carnil(a)debian.org> Documentation/ABI: Mention retbleed vulnerability info file for sysfs Peter Zijlstra <peterz(a)infradead.org> x86/nospec: Fix i386 RSB stuffing Liam Howlett <liam.howlett(a)oracle.com> binder_alloc: add missing mmap_lock calls when using the VMA Zenghui Yu <yuzenghui(a)huawei.com> arm64: Fix match_list for erratum 1286807 on Arm Cortex-A76 Yonglong Li <liyonglong(a)chinatelecom.cn> mptcp: Fix crash due to tcp_tsorted_anchor was initialized before release skb Guoqing Jiang <guoqing.jiang(a)linux.dev> md: call __md_stop_writes in md_stop Guoqing Jiang <guoqing.jiang(a)linux.dev> Revert "md-raid: destroy the bitmap after destroying the thread" David Hildenbrand <david(a)redhat.com> mm/hugetlb: fix hugetlb not supporting softdirty tracking Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "usbnet: smsc95xx: Forward PHY interrupts to PHY driver to avoid polling" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "usbnet: smsc95xx: Fix deadlock on runtime resume" Jens Axboe <axboe(a)kernel.dk> io_uring: fix issue with io_write() not always undoing sb_start_write() Conor Dooley <conor.dooley(a)microchip.com> riscv: traps: add missing prototype Juergen Gross <jgross(a)suse.com> xen/privcmd: fix error exit of privcmd_ioctl_dm_op() David Howells <dhowells(a)redhat.com> smb3: missing inode locks in punch hole Karol Herbst <kherbst(a)redhat.com> nouveau: explicitly wait on the fence in nouveau_bo_move_m2mf Riwen Lu <luriwen(a)kylinos.cn> ACPI: processor: Remove freq Qos request for all CPUs Shakeel Butt <shakeelb(a)google.com> Revert "memcg: cleanup racy sum avoidance code" Shigeru Yoshida <syoshida(a)redhat.com> fbdev: fbcon: Properly revert changes when vc_resize() failed Brian Foster <bfoster(a)redhat.com> s390: fix double free of GS and RI CBs on fork() failure Liu Shixin <liushixin2(a)huawei.com> bootmem: remove the vmemmap pages from kmemleak in put_page_bootmem Gerald Schaefer <gerald.schaefer(a)linux.ibm.com> s390/mm: do not trigger write fault when vma does not allow VM_WRITE Badari Pulavarty <badari.pulavarty(a)intel.com> mm/damon/dbgfs: avoid duplicate context directory creation Quanyang Wang <quanyang.wang(a)windriver.com> asm-generic: sections: refactor memory_intersects Khazhismel Kumykov <khazhy(a)chromium.org> writeback: avoid use-after-free after removing device Siddh Raman Pant <code(a)siddh.me> loop: Check for overflow while configuring loop Peter Zijlstra <peterz(a)infradead.org> x86/nospec: Unwreck the RSB stuffing Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bugs: Add "unknown" reporting for MMIO Stale Data Chen Zhongjin <chenzhongjin(a)huawei.com> x86/unwind/orc: Unwind ftrace trampolines with correct ORC entry Kan Liang <kan.liang(a)linux.intel.com> perf/x86/lbr: Enable the branch type for the Arch LBR by default Zixuan Fu <r33s3n6(a)gmail.com> btrfs: fix possible memory leak in btrfs_get_dev_args_from_path() Goldwyn Rodrigues <rgoldwyn(a)suse.de> btrfs: check if root is readonly while setting security xattr Anand Jain <anand.jain(a)oracle.com> btrfs: add info when mount fails due to stale replace target Anand Jain <anand.jain(a)oracle.com> btrfs: replace: drop assert for suspended replace Filipe Manana <fdmanana(a)suse.com> btrfs: fix silent failure when deleting root reference Heiner Kallweit <hkallweit1(a)gmail.com> net: stmmac: work around sporadic tx issue on link-up R Mohamed Shah <mohamed(a)pensando.io> ionic: VF initial random MAC address if no assigned mac Shannon Nelson <snelson(a)pensando.io> ionic: fix up issues with handling EAGAIN on FW cmds Shannon Nelson <snelson(a)pensando.io> ionic: clear broken state on generation change Shannon Nelson <snelson(a)pensando.io> ionic: widen queue_lock use around lif init and deinit David Howells <dhowells(a)redhat.com> rxrpc: Fix locking in rxrpc's sendmsg Sylwester Dziedziuch <sylwesterx.dziedziuch(a)intel.com> i40e: Fix incorrect address type for IPv6 flow rules Jacob Keller <jacob.e.keller(a)intel.com> ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter Kuniyuki Iwashima <kuniyu(a)amazon.com> net: Fix a data-race around sysctl_somaxconn. Kuniyuki Iwashima <kuniyu(a)amazon.com> net: Fix data-races around sysctl_devconf_inherit_init_net. Kuniyuki Iwashima <kuniyu(a)amazon.com> net: Fix data-races around sysctl_fb_tunnels_only_for_init_net. Kuniyuki Iwashima <kuniyu(a)amazon.com> net: Fix a data-race around netdev_budget_usecs. Kuniyuki Iwashima <kuniyu(a)amazon.com> net: Fix data-races around sysctl_max_skb_frags. Paolo Abeni <pabeni(a)redhat.com> mptcp: stop relying on tcp_tx_skb_cache Paolo Abeni <pabeni(a)redhat.com> tcp: expose the tcp_mark_push() and tcp_skb_entail() helpers Kuniyuki Iwashima <kuniyu(a)amazon.com> net: Fix a data-race around netdev_budget. Kuniyuki Iwashima <kuniyu(a)amazon.com> net: Fix a data-race around sysctl_net_busy_read. Kuniyuki Iwashima <kuniyu(a)amazon.com> net: Fix a data-race around sysctl_net_busy_poll. Kuniyuki Iwashima <kuniyu(a)amazon.com> net: Fix a data-race around sysctl_tstamp_allow_data. Kuniyuki Iwashima <kuniyu(a)amazon.com> net: Fix data-races around sysctl_optmem_max. Kuniyuki Iwashima <kuniyu(a)amazon.com> ratelimit: Fix data-races in ___ratelimit(). Kuniyuki Iwashima <kuniyu(a)amazon.com> net: Fix data-races around netdev_tstamp_prequeue. Kuniyuki Iwashima <kuniyu(a)amazon.com> net: Fix data-races around netdev_max_backlog. Kuniyuki Iwashima <kuniyu(a)amazon.com> net: Fix data-races around weight_p and dev_weight_[rt]x_bias. Kuniyuki Iwashima <kuniyu(a)amazon.com> net: Fix data-races around sysctl_[rw]mem_(max|default). Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: flowtable: fix stuck flows on cleanup due to pending work Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: flowtable: add function to invoke garbage collection immediately Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: disallow binding to already bound chain Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: disallow jump to implicit chain from set element Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: upfront validation of data via nft_data_init() Jeremy Sowden <jeremy(a)azazel.net> netfilter: bitwise: improve error goto labels Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_cmp: optimize comparison for 16-bytes Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: consolidate rule verdict trace call Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_tunnel: restrict it to netdev family Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_osf: restrict osf to ipv4, ipv6 and inet families Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: do not leave chain stats enabled on error Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_payload: do not truncate csum_offset and csum_type Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_payload: report ERANGE for too long offset and length Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: make table handle allocation per-netns friendly Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: disallow updates of implicit chain Vikas Gupta <vikas.gupta(a)broadcom.com> bnxt_en: fix NQ resource accounting during vf creation on 57500 chips Florian Westphal <fw(a)strlen.de> netfilter: ebtables: reject blobs that don't provide all entry points Maciej Żenczykowski <maze(a)google.com> net: ipvtap - add __init/__exit annotations to module init/exit funcs Jonathan Toppins <jtoppins(a)redhat.com> bonding: 802.3ad: fix no transmission of LACPDUs Sergei Antonov <saproj(a)gmail.com> net: moxa: get rid of asymmetry in DMA mapping/unmapping Xiaolei Wang <xiaolei.wang(a)windriver.com> net: phy: Don't WARN for PHY_READY state in mdio_bus_phy_resume() Alex Elder <elder(a)linaro.org> net: ipa: don't assume SMEM is page-aligned Maor Dickman <maord(a)nvidia.com> net/mlx5e: Fix wrong tc flag used when set hw-tc-offload off Aya Levin <ayal(a)nvidia.com> net/mlx5e: Fix wrong application of the LRO state Moshe Shemesh <moshe(a)nvidia.com> net/mlx5: Avoid false positive lockdep warning by adding lock_class_key Vlad Buslov <vladbu(a)nvidia.com> net/mlx5e: Properly disable vlan strip on non-UL reps Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> ice: xsk: prohibit usage of non-balanced queue id Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> ice: xsk: Force rings to be sized to power of 2 Duoming Zhou <duoming(a)zju.edu.cn> nfc: pn533: Fix use-after-free bugs caused by pn532_cmd_timeout Hayes Wang <hayeswang(a)realtek.com> r8152: fix the RX FIFO settings when suspending Hayes Wang <hayeswang(a)realtek.com> r8152: fix the units of some registers for RTL8156A Bernard Pidoux <f6bvp(a)free.fr> rose: check NULL rose_loopback_neigh->loopback Christian Brauner <brauner(a)kernel.org> ntfs: fix acl handling Peter Xu <peterx(a)redhat.com> mm/smaps: don't access young/dirty bit if pte unpresent Trond Myklebust <trond.myklebust(a)hammerspace.com> SUNRPC: RPC level errors should set task->tk_rpc_status Olga Kornievskaia <kolga(a)netapp.com> NFSv4.2 fix problems with __nfs42_ssc_open Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Don't allocate nfs_fattr on the stack in __nfs42_ssc_open() Sabrina Dubroca <sd(a)queasysnail.net> Revert "net: macsec: update SCI upon MAC address change." Jakub Kicinski <kuba(a)kernel.org> net: use eth_hw_addr_set() instead of ether_addr_copy() Seth Forshee <sforshee(a)digitalocean.com> fs: require CAP_SYS_ADMIN in target namespace for idmapped mounts Nikolay Aleksandrov <razor(a)blackwall.org> xfrm: policy: fix metadata dst->dev xmit null pointer dereference Herbert Xu <herbert(a)gondor.apana.org.au> af_key: Do not call xfrm_probe_algs in parallel Antony Antony <antony.antony(a)secunet.com> xfrm: clone missing x->lastused in xfrm_do_migrate Xin Xiong <xiongx18(a)fudan.edu.cn> xfrm: fix refcount leak in __xfrm_policy_check() Chen Lifu <chenlifu(a)huawei.com> riscv: lib: uaccess: fix CSR_STATUS SR_SUM bit Jisheng Zhang <jszhang(a)kernel.org> riscv: lib: uaccess: fold fixups into body Qu Wenruo <wqu(a)suse.com> btrfs: remove unnecessary parameter delalloc_start for writepage_delalloc() Filipe Manana <fdmanana(a)suse.com> btrfs: pass the dentry to btrfs_log_new_name() instead of the inode Filipe Manana <fdmanana(a)suse.com> btrfs: put initial index value of a directory in a constant Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: edif: Fix dropped IKE message Arun Easi <aeasi(a)marvell.com> scsi: qla2xxx: Fix response queue handler reading stale packets Phil Auld <pauld(a)redhat.com> drivers/base: fix userspace break from using bin_attributes for cpumap and cpulist Werner Sembach <wse(a)tuxedocomputers.com> Input: i8042 - add additional TUXEDO devices to i8042 quirk tables Werner Sembach <wse(a)tuxedocomputers.com> Input: i8042 - add TUXEDO devices to i8042 quirk tables Werner Sembach <wse(a)tuxedocomputers.com> Input: i8042 - merge quirk tables Werner Sembach <wse(a)tuxedocomputers.com> Input: i8042 - move __initconst to fix code styling warning Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: convert count_max_extents() to use fs_info->max_extent_size Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: replace BTRFS_MAX_EXTENT_SIZE with fs_info->max_extent_size Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: zoned: revive max_zone_append_bytes Naohiro Aota <naohiro.aota(a)wdc.com> block: add bdev_max_segments() helper Christoph Hellwig <hch(a)lst.de> block: add a bdev_max_zone_append_sectors helper Lai Jiangshan <jiangshan.ljs(a)antgroup.com> x86/entry: Move CLD to the start of the idtentry macro Randy Dunlap <rdunlap(a)infradead.org> kernel/sys_ni: add compat entry for fadvise64_64 Helge Deller <deller(a)gmx.de> parisc: Fix exception handler for fldw and fstw instructions Helge Deller <deller(a)gmx.de> parisc: Make CONFIG_64BIT available for ARCH=parisc64 only Jing-Ting Wu <Jing-Ting.Wu(a)mediatek.com> cgroup: Fix race condition at rebind_subsystems() Gaosheng Cui <cuigaosheng1(a)huawei.com> audit: fix potential double free on error path from fsnotify_add_inode_mark Martin Liška <mliska(a)suse.cz> eth: sun: cassini: remove dead code Jakub Kicinski <kuba(a)kernel.org> wifi: rtlwifi: remove always-true condition pointed out by GCC 12 ------------- Diffstat: Documentation/ABI/testing/sysfs-devices-system-cpu | 1 + .../hw-vuln/processor_mmio_stale_data.rst | 14 + Documentation/admin-guide/sysctl/net.rst | 2 +- Makefile | 4 +- arch/arm64/kernel/cpu_errata.c | 2 + arch/parisc/Kconfig | 21 +- arch/parisc/kernel/unaligned.c | 2 +- arch/riscv/include/asm/thread_info.h | 2 + arch/riscv/kernel/traps.c | 3 +- arch/riscv/lib/uaccess.S | 24 +- arch/s390/kernel/process.c | 22 +- arch/s390/mm/fault.c | 4 +- arch/x86/entry/entry_64.S | 8 +- arch/x86/events/intel/ds.c | 10 +- arch/x86/events/intel/lbr.c | 8 + arch/x86/events/intel/uncore_snb.c | 18 +- arch/x86/include/asm/cpufeatures.h | 5 +- arch/x86/include/asm/nospec-branch.h | 92 +- arch/x86/kernel/cpu/bugs.c | 14 +- arch/x86/kernel/cpu/common.c | 42 +- arch/x86/kernel/unwind_orc.c | 15 +- block/blk-mq.c | 5 +- drivers/acpi/processor_thermal.c | 2 +- drivers/android/binder_alloc.c | 31 +- drivers/base/node.c | 4 +- drivers/base/topology.c | 28 +- drivers/block/loop.c | 5 + drivers/gpu/drm/nouveau/nouveau_bo.c | 9 + drivers/input/serio/i8042-x86ia64io.h | 1251 ++++++++++++-------- drivers/md/md.c | 3 +- drivers/net/bonding/bond_3ad.c | 38 +- drivers/net/ethernet/broadcom/bnxt/bnxt_sriov.c | 2 +- drivers/net/ethernet/intel/i40e/i40e_ethtool.c | 2 +- drivers/net/ethernet/intel/ice/ice_xsk.c | 14 + drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c | 59 +- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 12 +- drivers/net/ethernet/mellanox/mlx5/core/en_rep.c | 2 + drivers/net/ethernet/mellanox/mlx5/core/main.c | 4 + drivers/net/ethernet/moxa/moxart_ether.c | 11 +- drivers/net/ethernet/pensando/ionic/ionic_lif.c | 109 +- drivers/net/ethernet/pensando/ionic/ionic_main.c | 4 +- drivers/net/ethernet/stmicro/stmmac/dwmac_lib.c | 8 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 9 +- drivers/net/ethernet/sun/cassini.c | 4 +- drivers/net/ipa/ipa_mem.c | 2 +- drivers/net/ipvlan/ipvlan_main.c | 2 +- drivers/net/ipvlan/ipvtap.c | 4 +- drivers/net/macsec.c | 13 +- drivers/net/macvlan.c | 2 +- drivers/net/phy/phy_device.c | 8 +- drivers/net/usb/r8152.c | 27 +- drivers/net/usb/smsc95xx.c | 139 +-- .../net/wireless/realtek/rtlwifi/rtl8192de/phy.c | 5 +- drivers/nfc/pn533/uart.c | 1 + drivers/nvme/target/zns.c | 3 +- drivers/scsi/qla2xxx/qla_gbl.h | 2 + drivers/scsi/qla2xxx/qla_isr.c | 76 +- drivers/scsi/qla2xxx/qla_os.c | 10 + drivers/scsi/storvsc_drv.c | 2 +- drivers/scsi/ufs/ufshci.h | 6 +- drivers/video/fbdev/core/fbcon.c | 27 +- drivers/xen/privcmd.c | 21 +- fs/btrfs/btrfs_inode.h | 12 +- fs/btrfs/ctree.h | 29 +- fs/btrfs/delalloc-space.c | 6 +- fs/btrfs/dev-replace.c | 5 +- fs/btrfs/disk-io.c | 2 + fs/btrfs/extent_io.c | 18 +- fs/btrfs/inode.c | 40 +- fs/btrfs/root-tree.c | 5 +- fs/btrfs/tree-log.c | 19 +- fs/btrfs/tree-log.h | 2 +- fs/btrfs/volumes.c | 5 +- fs/btrfs/xattr.c | 3 + fs/btrfs/zoned.c | 20 + fs/btrfs/zoned.h | 1 + fs/cifs/smb2ops.c | 12 +- fs/fs-writeback.c | 12 +- fs/io_uring.c | 7 +- fs/namespace.c | 7 + fs/nfs/nfs4file.c | 16 +- fs/ntfs3/xattr.c | 16 +- fs/proc/task_mmu.c | 7 +- fs/zonefs/super.c | 3 +- include/asm-generic/sections.h | 7 +- include/linux/blkdev.h | 11 + include/linux/cpumask.h | 18 + include/linux/memcontrol.h | 15 +- include/linux/mlx5/driver.h | 1 + include/linux/netdevice.h | 20 +- include/linux/netfilter_bridge/ebtables.h | 4 - include/net/busy_poll.h | 2 +- include/net/netfilter/nf_flow_table.h | 3 + include/net/netfilter/nf_tables.h | 10 +- include/net/netfilter/nf_tables_core.h | 9 + include/net/tcp.h | 2 + kernel/audit_fsnotify.c | 1 + kernel/bpf/verifier.c | 10 +- kernel/cgroup/cgroup.c | 1 + kernel/sys_ni.c | 1 + lib/ratelimit.c | 12 +- mm/backing-dev.c | 10 +- mm/bootmem_info.c | 2 + mm/damon/dbgfs.c | 3 + mm/mmap.c | 8 +- mm/page-writeback.c | 6 +- net/8021q/vlan_dev.c | 6 +- net/bridge/netfilter/ebtable_broute.c | 8 - net/bridge/netfilter/ebtable_filter.c | 8 - net/bridge/netfilter/ebtable_nat.c | 8 - net/bridge/netfilter/ebtables.c | 8 +- net/core/bpf_sk_storage.c | 5 +- net/core/dev.c | 18 +- net/core/filter.c | 13 +- net/core/gro_cells.c | 2 +- net/core/skbuff.c | 2 +- net/core/sock.c | 18 +- net/core/sysctl_net_core.c | 15 +- net/dsa/slave.c | 4 +- net/hsr/hsr_device.c | 2 +- net/hsr/hsr_main.c | 2 +- net/ipv4/devinet.c | 16 +- net/ipv4/ip_output.c | 2 +- net/ipv4/ip_sockglue.c | 6 +- net/ipv4/tcp.c | 12 +- net/ipv4/tcp_output.c | 2 +- net/ipv6/addrconf.c | 5 +- net/ipv6/ipv6_sockglue.c | 4 +- net/key/af_key.c | 3 + net/mptcp/protocol.c | 138 ++- net/netfilter/ipvs/ip_vs_sync.c | 4 +- net/netfilter/nf_flow_table_core.c | 15 +- net/netfilter/nf_flow_table_offload.c | 8 + net/netfilter/nf_tables_api.c | 96 +- net/netfilter/nf_tables_core.c | 55 +- net/netfilter/nft_bitwise.c | 67 +- net/netfilter/nft_cmp.c | 140 ++- net/netfilter/nft_immediate.c | 22 +- net/netfilter/nft_osf.c | 18 +- net/netfilter/nft_payload.c | 29 +- net/netfilter/nft_range.c | 27 +- net/netfilter/nft_tunnel.c | 1 + net/rose/rose_loopback.c | 3 +- net/rxrpc/call_object.c | 4 +- net/rxrpc/sendmsg.c | 92 +- net/sched/sch_generic.c | 2 +- net/socket.c | 2 +- net/sunrpc/clnt.c | 2 +- net/xfrm/espintcp.c | 2 +- net/xfrm/xfrm_input.c | 2 +- net/xfrm/xfrm_policy.c | 3 +- net/xfrm/xfrm_state.c | 1 + tools/perf/Makefile.config | 2 +- tools/perf/builtin-stat.c | 1 + 154 files changed, 2271 insertions(+), 1316 deletions(-)

2 years, 2 months

11
154
0 0

[PATCH] drm/i915/slpc: Fix PCODE IA Freq requests when using SLPC

by Rodrigo Vivi

We need to inform PCODE of a desired ring frequencies so PCODE update the memory frequencies to us. rps->min_freq and rps->max_freq are the frequencies used in that request. However they were unset when SLPC was enabled and PCODE never updated the memory freq. v2 (as Suggested by Ashutosh): if SLPC is in use, let's pick the right frequencies from the get_ia_constants instead of the fake init of rps' min and max. Fixes: 7ba79a671568 ("drm/i915/guc/slpc: Gate Host RPS when SLPC is enabled") Cc: <stable(a)vger.kernel.org> # v5.15+ Cc: Ashutosh Dixit <ashutosh.dixit(a)intel.com> Tested-by: Sushma Venkatesh Reddy <sushma.venkatesh.reddy(a)intel.com> Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> --- drivers/gpu/drm/i915/gt/intel_llc.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/i915/gt/intel_llc.c b/drivers/gpu/drm/i915/gt/intel_llc.c index 14fe65812e42..766f9526da99 100644 --- a/drivers/gpu/drm/i915/gt/intel_llc.c +++ b/drivers/gpu/drm/i915/gt/intel_llc.c @@ -49,6 +49,7 @@ static unsigned int cpu_max_MHz(void) static bool get_ia_constants(struct intel_llc *llc, struct ia_constants *consts) { + struct intel_guc_slpc *slpc = &llc_to_gt(llc)->uc.guc.slpc; struct drm_i915_private *i915 = llc_to_gt(llc)->i915; struct intel_rps *rps = &llc_to_gt(llc)->rps; @@ -65,8 +66,13 @@ static bool get_ia_constants(struct intel_llc *llc, /* convert DDR frequency from units of 266.6MHz to bandwidth */ consts->min_ring_freq = mult_frac(consts->min_ring_freq, 8, 3); - consts->min_gpu_freq = rps->min_freq; - consts->max_gpu_freq = rps->max_freq; + if (intel_uc_uses_guc_slpc(&llc_to_gt(llc)->uc)) { + consts->min_gpu_freq = slpc->min_freq; + consts->max_gpu_freq = slpc->rp0_freq; + } else { + consts->min_gpu_freq = rps->min_freq; + consts->max_gpu_freq = rps->max_freq; + } if (GRAPHICS_VER(i915) >= 9) { /* Convert GT frequency to 50 HZ units */ consts->min_gpu_freq /= GEN9_FREQ_SCALER; -- 2.37.1

2 years, 2 months

3
10
0 0

[PATCH] fs: dlm: fix possible use after free if tracing

by Alexander Aring

This patch fixes a possible use after free if tracing for the specific event is enabled. To avoid the use after free we introduce a out_put label like all other user lock specific requests and safe in a boolean to do a put or not which depends on the execution path of dlm_user_request(). Cc: stable(a)vger.kernel.org Fixes: 7a3de7324c2b ("fs: dlm: trace user space callbacks") Reported-by: Dan Carpenter <dan.carpenter(a)oracle.com> Signed-off-by: Alexander Aring <aahringo(a)redhat.com> --- fs/dlm/lock.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/fs/dlm/lock.c b/fs/dlm/lock.c index c830feb26384..94a72ede5764 100644 --- a/fs/dlm/lock.c +++ b/fs/dlm/lock.c @@ -5835,6 +5835,7 @@ int dlm_user_request(struct dlm_ls *ls, struct dlm_user_args *ua, { struct dlm_lkb *lkb; struct dlm_args args; + bool do_put = true; int error; dlm_lock_recovery(ls); @@ -5851,9 +5852,8 @@ int dlm_user_request(struct dlm_ls *ls, struct dlm_user_args *ua, ua->lksb.sb_lvbptr = kzalloc(DLM_USER_LVB_LEN, GFP_NOFS); if (!ua->lksb.sb_lvbptr) { kfree(ua); - __put_lkb(ls, lkb); error = -ENOMEM; - goto out_trace_end; + goto out_put; } } #ifdef CONFIG_DLM_DEPRECATED_API @@ -5867,8 +5867,7 @@ int dlm_user_request(struct dlm_ls *ls, struct dlm_user_args *ua, kfree(ua->lksb.sb_lvbptr); ua->lksb.sb_lvbptr = NULL; kfree(ua); - __put_lkb(ls, lkb); - goto out_trace_end; + goto out_put; } /* After ua is attached to lkb it will be freed by dlm_free_lkb(). @@ -5887,8 +5886,7 @@ int dlm_user_request(struct dlm_ls *ls, struct dlm_user_args *ua, error = 0; fallthrough; default: - __put_lkb(ls, lkb); - goto out_trace_end; + goto out_put; } /* add this new lkb to the per-process list of locks */ @@ -5896,8 +5894,11 @@ int dlm_user_request(struct dlm_ls *ls, struct dlm_user_args *ua, hold_lkb(lkb); list_add_tail(&lkb->lkb_ownqueue, &ua->proc->locks); spin_unlock(&ua->proc->locks_spin); - out_trace_end: + do_put = false; + out_put: trace_dlm_lock_end(ls, lkb, name, namelen, mode, flags, error, false); + if (do_put) + __put_lkb(ls, lkb); out: dlm_unlock_recovery(ls); return error; -- 2.31.1

2 years, 2 months

1
0
0 0

[PATCH 5.10 v2 0/7] xfs stable patches for 5.10.y (from v5.18+)

by Amir Goldstein

Hi Greg, This 5.10.y backport series contains fixes from v5.18 and v5.19-rc1. Patches 1-5 in this series have already been applied to 5.15.y in Leah's latest update [1], so this 5.10.y is is mostly catching up with 5.15.y. Patches 6-7 in this 5.10.y update have not been applied to 5.15.y yet. I pointed Leah's attention to these patches and she said she will include them in a following 5.15.y update. Thanks, Amir. Changes since v1: - Added ACKs - CC stable [1] https://lore.kernel.org/linux-xfs/20220819181431.4113819-1-leah.rumancik@gm… Amir Goldstein (1): xfs: remove infinite loop when reserving free block pool Brian Foster (1): xfs: fix soft lockup via spinning in filestream ag selection loop Darrick J. Wong (2): xfs: always succeed at setting the reserve pool size xfs: fix overfilling of reserve pool Dave Chinner (2): xfs: reorder iunlink remove operation in xfs_ifree xfs: validate inode fork size against fork format Eric Sandeen (1): xfs: revert "xfs: actually bump warning counts when we send warnings" fs/xfs/libxfs/xfs_inode_buf.c | 35 +++++++++++++++++------ fs/xfs/xfs_filestream.c | 7 +++-- fs/xfs/xfs_fsops.c | 52 ++++++++++++++--------------------- fs/xfs/xfs_inode.c | 22 ++++++++------- fs/xfs/xfs_mount.h | 8 ++++++ fs/xfs/xfs_trans_dquot.c | 1 - 6 files changed, 71 insertions(+), 54 deletions(-) -- 2.25.1

2 years, 2 months

3
16
0 0

[PATCH stable-5.4 1/1] io_uring: disable polling pollfree files

by Pavel Begunkov

Older kernels lack io_uring POLLFREE handling. As only affected files are signalfd and android binder the safest option would be to disable polling those files via io_uring and hope there are no users. Signed-off-by: Pavel Begunkov <asml.silence(a)gmail.com> --- drivers/android/binder.c | 1 + fs/io_uring.c | 3 +++ fs/signalfd.c | 1 + include/linux/fs.h | 1 + 4 files changed, 6 insertions(+) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index b9fb2a926944..c273d0df6939 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -6083,6 +6083,7 @@ const struct file_operations binder_fops = { .open = binder_open, .flush = binder_flush, .release = binder_release, + .may_pollfree = true, }; static int __init init_binder_device(const char *name) diff --git a/fs/io_uring.c b/fs/io_uring.c index e73969fa96bc..501c7e14c07c 100644 --- a/fs/io_uring.c +++ b/fs/io_uring.c @@ -1908,6 +1908,9 @@ static int io_poll_add(struct io_kiocb *req, const struct io_uring_sqe *sqe) __poll_t mask; u16 events; + if (req->file->f_op->may_pollfree) + return -EOPNOTSUPP; + if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) return -EINVAL; if (sqe->addr || sqe->ioprio || sqe->off || sqe->len || sqe->buf_index) diff --git a/fs/signalfd.c b/fs/signalfd.c index 3e94d181930f..c3415d969ecf 100644 --- a/fs/signalfd.c +++ b/fs/signalfd.c @@ -248,6 +248,7 @@ static const struct file_operations signalfd_fops = { .poll = signalfd_poll, .read = signalfd_read, .llseek = noop_llseek, + .may_pollfree = true, }; static int do_signalfd4(int ufd, sigset_t *mask, int flags) diff --git a/include/linux/fs.h b/include/linux/fs.h index ef118b8ba699..4ecbe12f6215 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -1859,6 +1859,7 @@ struct file_operations { struct file *file_out, loff_t pos_out, loff_t len, unsigned int remap_flags); int (*fadvise)(struct file *, loff_t, loff_t, int); + bool may_pollfree; } __randomize_layout; struct inode_operations { -- 2.37.2

2 years, 2 months

1
0
0 0

[PATCH v2 RESEND 2/3] serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting

by Ilpo Järvinen

DMA complete & stop paths did not correctly account Tx'ed characters into icount.tx. Using uart_xmit_advance() fixes the problem. Cc: <stable(a)vger.kernel.org> # serial: Create uart_xmit_advance() Fixes: e9ea096dd225 ("serial: tegra: add serial driver") Reviewed-by: Andy Shevchenko <andy.shevchenko(a)gmail.com> Signed-off-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> --- drivers/tty/serial/serial-tegra.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/drivers/tty/serial/serial-tegra.c b/drivers/tty/serial/serial-tegra.c index ad4f3567ff90..a5748e41483b 100644 --- a/drivers/tty/serial/serial-tegra.c +++ b/drivers/tty/serial/serial-tegra.c @@ -525,7 +525,7 @@ static void tegra_uart_tx_dma_complete(void *args) count = tup->tx_bytes_requested - state.residue; async_tx_ack(tup->tx_dma_desc); spin_lock_irqsave(&tup->uport.lock, flags); - xmit->tail = (xmit->tail + count) & (UART_XMIT_SIZE - 1); + uart_xmit_advance(&tup->uport, count); tup->tx_in_progress = 0; if (uart_circ_chars_pending(xmit) < WAKEUP_CHARS) uart_write_wakeup(&tup->uport); @@ -613,7 +613,6 @@ static unsigned int tegra_uart_tx_empty(struct uart_port *u) static void tegra_uart_stop_tx(struct uart_port *u) { struct tegra_uart_port *tup = to_tegra_uport(u); - struct circ_buf *xmit = &tup->uport.state->xmit; struct dma_tx_state state; unsigned int count; @@ -624,7 +623,7 @@ static void tegra_uart_stop_tx(struct uart_port *u) dmaengine_tx_status(tup->tx_dma_chan, tup->tx_cookie, &state); count = tup->tx_bytes_requested - state.residue; async_tx_ack(tup->tx_dma_desc); - xmit->tail = (xmit->tail + count) & (UART_XMIT_SIZE - 1); + uart_xmit_advance(&tup->uport, count); tup->tx_in_progress = 0; } -- 2.30.2

2 years, 2 months

1
0
0 0

patch "binder: fix alloc->vma_vm_mm null-ptr dereference" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled binder: fix alloc->vma_vm_mm null-ptr dereference to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From 1da52815d5f1b654c89044db0cdc6adce43da1f1 Mon Sep 17 00:00:00 2001 From: Carlos Llamas <cmllamas(a)google.com> Date: Mon, 29 Aug 2022 20:12:48 +0000 Subject: binder: fix alloc->vma_vm_mm null-ptr dereference Syzbot reported a couple issues introduced by commit 44e602b4e52f ("binder_alloc: add missing mmap_lock calls when using the VMA"), in which we attempt to acquire the mmap_lock when alloc->vma_vm_mm has not been initialized yet. This can happen if a binder_proc receives a transaction without having previously called mmap() to setup the binder_proc->alloc space in [1]. Also, a similar issue occurs via binder_alloc_print_pages() when we try to dump the debugfs binder stats file in [2]. Sample of syzbot's crash report: ================================================================== KASAN: null-ptr-deref in range [0x0000000000000128-0x000000000000012f] CPU: 0 PID: 3755 Comm: syz-executor229 Not tainted 6.0.0-rc1-next-20220819-syzkaller #0 syz-executor229[3755] cmdline: ./syz-executor2294415195 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 RIP: 0010:__lock_acquire+0xd83/0x56d0 kernel/locking/lockdep.c:4923 [...] Call Trace: <TASK> lock_acquire kernel/locking/lockdep.c:5666 [inline] lock_acquire+0x1ab/0x570 kernel/locking/lockdep.c:5631 down_read+0x98/0x450 kernel/locking/rwsem.c:1499 mmap_read_lock include/linux/mmap_lock.h:117 [inline] binder_alloc_new_buf_locked drivers/android/binder_alloc.c:405 [inline] binder_alloc_new_buf+0xa5/0x19e0 drivers/android/binder_alloc.c:593 binder_transaction+0x242e/0x9a80 drivers/android/binder.c:3199 binder_thread_write+0x664/0x3220 drivers/android/binder.c:3986 binder_ioctl_write_read drivers/android/binder.c:5036 [inline] binder_ioctl+0x3470/0x6d00 drivers/android/binder.c:5323 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl fs/ioctl.c:856 [inline] __x64_sys_ioctl+0x193/0x200 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd [...] ================================================================== Fix these issues by setting up alloc->vma_vm_mm pointer during open() and caching directly from current->mm. This guarantees we have a valid reference to take the mmap_lock during scenarios described above. [1] https://syzkaller.appspot.com/bug?extid=f7dc54e5be28950ac459 [2] https://syzkaller.appspot.com/bug?extid=a75ebe0452711c9e56d9 Fixes: 44e602b4e52f ("binder_alloc: add missing mmap_lock calls when using the VMA") Cc: <stable(a)vger.kernel.org> # v5.15+ Cc: Liam R. Howlett <Liam.Howlett(a)oracle.com> Reported-by: syzbot+f7dc54e5be28950ac459(a)syzkaller.appspotmail.com Reported-by: syzbot+a75ebe0452711c9e56d9(a)syzkaller.appspotmail.com Reviewed-by: Liam R. Howlett <Liam.Howlett(a)oracle.com> Acked-by: Todd Kjos <tkjos(a)google.com> Signed-off-by: Carlos Llamas <cmllamas(a)google.com> Link: https://lore.kernel.org/r/20220829201254.1814484-2-cmllamas@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/android/binder_alloc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/android/binder_alloc.c b/drivers/android/binder_alloc.c index 1014beb12802..a61df6e1103a 100644 --- a/drivers/android/binder_alloc.c +++ b/drivers/android/binder_alloc.c @@ -322,7 +322,6 @@ static inline void binder_alloc_set_vma(struct binder_alloc *alloc, */ if (vma) { vm_start = vma->vm_start; - alloc->vma_vm_mm = vma->vm_mm; mmap_assert_write_locked(alloc->vma_vm_mm); } else { mmap_assert_locked(alloc->vma_vm_mm); @@ -792,7 +791,6 @@ int binder_alloc_mmap_handler(struct binder_alloc *alloc, binder_insert_free_buffer(alloc, buffer); alloc->free_async_space = alloc->buffer_size / 2; binder_alloc_set_vma(alloc, vma); - mmgrab(alloc->vma_vm_mm); return 0; @@ -1080,6 +1078,8 @@ static struct shrinker binder_shrinker = { void binder_alloc_init(struct binder_alloc *alloc) { alloc->pid = current->group_leader->pid; + alloc->vma_vm_mm = current->mm; + mmgrab(alloc->vma_vm_mm); mutex_init(&alloc->mutex); INIT_LIST_HEAD(&alloc->buffers); } -- 2.37.3

2 years, 2 months

1
0
0 0

[PATCH v3] driver core: Don't probe devices after bus_type.match() probe deferral

by Isaac J. Manjarres

Both __device_attach_driver() and __driver_attach() check the return code of the bus_type.match() function to see if the device needs to be added to the deferred probe list. After adding the device to the list, the logic attempts to bind the device to the driver anyway, as if the device had matched with the driver, which is not correct. If __device_attach_driver() detects that the device in question is not ready to match with a driver on the bus, then it doesn't make sense for the device to attempt to bind with the current driver or continue attempting to match with any of the other drivers on the bus. So, update the logic in __device_attach_driver() to reflect this. If __driver_attach() detects that a driver tried to match with a device that is not ready to match yet, then the driver should not attempt to bind with the device. However, the driver can still attempt to match and bind with other devices on the bus, as drivers can be bound to multiple devices. So, update the logic in __driver_attach() to reflect this. Cc: stable(a)vger.kernel.org Cc: Saravana Kannan <saravanak(a)google.com> Fixes: 656b8035b0ee ("ARM: 8524/1: driver cohandle -EPROBE_DEFER from bus_type.match()") Reported-by: Guenter Roeck <linux(a)roeck-us.net> Signed-off-by: Isaac J. Manjarres <isaacmanjarres(a)google.com> Tested-by: Guenter Roeck <linux(a)roeck-us.net> Reviewed-by: Saravana Kannan <saravanak(a)google.com> --- drivers/base/dd.c | 10 ++++++++++ 1 file changed, 10 insertions(+) v1 -> v2: - Fixed the logic in __driver_attach() to allow a driver to continue attempting to match and bind with devices in case of any error, not just probe deferral. v2 -> v3: - Restored the patch back to v1. - Added Guenter's Tested-by tag. - Added Saravana's Reviewed-by tag. - Cc'd stable(a)vger.kernel.org Greg, This is the final version of this patch. Can you please pick this up? Thanks, Isaac diff --git a/drivers/base/dd.c b/drivers/base/dd.c index 70f79fc71539..90b31fb141a5 100644 --- a/drivers/base/dd.c +++ b/drivers/base/dd.c @@ -881,6 +881,11 @@ static int __device_attach_driver(struct device_driver *drv, void *_data) dev_dbg(dev, "Device match requests probe deferral\n"); dev->can_match = true; driver_deferred_probe_add(dev); + /* + * Device can't match with a driver right now, so don't attempt + * to match or bind with other drivers on the bus. + */ + return ret; } else if (ret < 0) { dev_dbg(dev, "Bus failed to match device: %d\n", ret); return ret; @@ -1120,6 +1125,11 @@ static int __driver_attach(struct device *dev, void *data) dev_dbg(dev, "Device match requests probe deferral\n"); dev->can_match = true; driver_deferred_probe_add(dev); + /* + * Driver could not match with device, but may match with + * another device on the bus. + */ + return 0; } else if (ret < 0) { dev_dbg(dev, "Bus failed to match device: %d\n", ret); return ret; -- 2.37.1.595.g718a3a8f04-goog

2 years, 2 months

5
5
0 0

[PATCH v3] arm64/kexec: Fix missing extra range for crashkres_low.

by Levi Yun

Like crashk_res, Calling crash_exclude_mem_range function with crashk_low_res area would need extra crash_mem range too. Add one more extra cmem slot in case of crashk_low_res is used. Signed-off-by: Levi Yun <ppbuk5246(a)gmail.com> Fixes: 944a45abfabc ("arm64: kdump: Reimplement crashkernel=X") Cc: <stable(a)vger.kernel.org> # 5.19.x Acked-by: Baoquan He <bhe(a)redhat.com> Reviewed-by: Catalin Marinas <catalin.marinas(a)arm.com> --- arch/arm64/kernel/machine_kexec_file.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm64/kernel/machine_kexec_file.c b/arch/arm64/kernel/machine_kexec_file.c index 889951291cc0..a11a6e14ba89 100644 --- a/arch/arm64/kernel/machine_kexec_file.c +++ b/arch/arm64/kernel/machine_kexec_file.c @@ -47,7 +47,7 @@ static int prepare_elf_headers(void **addr, unsigned long *sz) u64 i; phys_addr_t start, end; - nr_ranges = 1; /* for exclusion of crashkernel region */ + nr_ranges = 2; /* for exclusion of crashkernel region */ for_each_mem_range(i, &start, &end) nr_ranges++; -- 2.35.1

2 years, 2 months

2
1
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror September 2022