January 2023 - Linux-stable-mirror

selftests: netfilter: nft_fib.sh - BUG: spinlock recursion on CPU#0, modprobe/762

by Naresh Kamboju

Following kernel BUG noticed on qemu_arm and BeagleBoard x15 while running selftests: netfilter: nft_fib.sh test case. This is always reproducible on stable-rc 6.1 and 6.0 [1]. Build, config, vmlinux and System.map links provided. unwind: Unknown symbol address bf02e1c8 BUG: spinlock recursion on CPU#0, modprobe/762 lock: unwind_lock+0x0/0x24, .magic: dead4ead, .owner: modprobe/762, .owner_cpu: 0 Reported-by: Linux Kernel Functional Testing <lkft(a)linaro.org> [ 49.898742] kselftest: Running tests in netfilter TAP version 13 1..14 # selftests: netfilter: nft_fib.sh # /dev/stdin:4:10-28: Error: Could not process rule: No such file or directory # fib saddr . iif oif missing counter log prefix \"nsrouter-L7wUUW2r nft_rpfilter: \" drop # ^^^^^^^^^^^^^^^^^^^ # /dev/stdin:4:10-28: Error: Could not process rule: No such file or directory # fib saddr . iif oif missing counter log prefix \"ns1-L7wUUW2r nft_rpfilter: \" drop # ^^^^^^^^^^^^^^^^^^^ # /dev/stdin:4:10-28: Error: Could not process rule: No such file or directory # fib saddr . iif oif missing counter log prefix \"ns2-L7wUUW2r nft_rpfilter: \" drop # ^^^^^^^^^^^^^^^^^^^ [ 55.484253] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.569226] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready [ 55.670281] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready [ 55.674377] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready # PASS: fib expression did not cause unwanted packet drops # Error: Could not process rule: No such file or directory # flush table inet filter # ^^^^^^ # /dev/stdin:4:20-38: Error: Could not process rule: No such file or directory # ip daddr 1.1.1.1 fib saddr . iif oif missing counter drop # ^^^^^^^^^^^^^^^^^^^ # /dev/stdin:5:23-41: Error: Could not process rule: No such file or directory # ip6 daddr 1c3::c01d fib saddr . iif oif missing counter drop # ^^^^^^^^^^^^^^^^^^^ # Error: No such file or directory # list table inet filter # ^^^^^^ # Netns nsrouter-L7wUUW2r fib counter doesn't match expected packet count of 0 for 1.1.1.1 # Error: No such file or directory # list table inet filter # ^^^^^^ not ok 1 selftests: netfilter: nft_fib.sh # exit=1 # selftests: netfilter: nft_nat.sh [ 70.428411] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 70.961660] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready [ 70.965547] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 71.027372] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready # /dev/stdin:52:16-40: Error: Could not process rule: No such file or directory # counter name ip saddr map @nsincounter # ^^^^^^^^^^^^^^^^^^^^^^^^^ # /dev/stdin:53:61-87: Error: Could not process rule: No such file or directory # icmpv6 type { \"echo-request\", \"echo-reply\" } counter name ip6 saddr map @nsincounter6 # ^^^^^^^^^^^^^^^^^^^^^^^^^^^ # /dev/stdin:57:16-41: Error: Could not process rule: No such file or directory # counter name ip daddr map @nsoutcounter # ^^^^^^^^^^^^^^^^^^^^^^^^^^ # /dev/stdin:58:61-88: Error: Could not process rule: No such file or directory # icmpv6 type { \"echo-request\", \"echo-reply\" } counter name ip6 daddr map @nsoutcounter6 # ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ # /dev/stdin:52:16-40: Error: Could not process rule: No such file or directory # counter name ip saddr map @nsincounter # ^^^^^^^^^^^^^^^^^^^^^^^^^ # /dev/stdin:53:61-87: Error: Could not process rule: No such file or directory # icmpv6 type { \"echo-request\", \"echo-reply\" } counter name ip6 saddr map @nsincounter6 # ^^^^^^^^^^^^^^^^^^^^^^^^^^^ # /dev/stdin:57:16-41: Error: Could not process rule: No such file or directory # counter name ip daddr map @nsoutcounter # ^^^^^^^^^^^^^^^^^^^^^^^^^^ # /dev/stdin:58:61-88: Error: Could not process rule: No such file or directory # icmpv6 type { \"echo-request\", \"echo-reply\" } counter name ip6 daddr map @nsoutcounter6 # ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ # /dev/stdin:52:16-40: Error: Could not process rule: No such file or directory # counter name ip saddr map @nsincounter # ^^^^^^^^^^^^^^^^^^^^^^^^^ # /dev/stdin:53:61-87: Error: Could not process rule: No such file or directory # icmpv6 type { \"echo-request\", \"echo-reply\" } counter name ip6 saddr map @nsincounter6 # ^^^^^^^^^^^^^^^^^^^^^^^^^^^ # /dev/stdin:57:16-41: Error: Could not process rule: No such file or directory # counter name ip daddr map @nsoutcounter # ^^^^^^^^^^^^^^^^^^^^^^^^^^ # /dev/stdin:58:61-88: Error: Could not process rule: No such file or directory # icmpv6 type { \"echo-request\", \"echo-reply\" } counter name ip6 daddr map @nsoutcounter6 # ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ # /dev/stdin:6:34-42: Error: Could not process rule: No such file or directory # ip saddr 10.0.2.2 counter name \"ns0insl\" # ^^^^^^^^^ # Error: No such file or directory # list counter inet filter ns0in # ^^^^^^ # ERROR: ns0in counter in ns1-0Hc1Kf82 has unexpected value (expected packets 1 bytes 84) at check_counters 1 # Error: No such file or directory # list counter inet filter ns0in # ^^^^^^ # Error: No such file or directory # list counter inet filter ns0out # ^^^^^^ # ERROR: ns0out counter in ns1-0Hc1Kf82 has unexpected value (expected packets 1 bytes 84) at check_counters 2 # Error: No such file or directory # list counter inet filter ns0out # ^^^^^^ # Error: No such file or directory # list counter inet filter ns0in6 # ^^^^^^ # ERROR: ns0in6 counter in ns1-0Hc1Kf82 has unexpected value (expected packets 1 bytes 104) at check_counters 3 # Error: No such file or directory # list counter inet filter ns0in6 # ^^^^^^ # Error: No such file or directory # list counter inet filter ns0out6 # ^^^^^^ # ERROR: ns0out6 counter in ns1-0Hc1Kf82 has unexpected value (expected packets 1 bytes 104) at check_counters 4 # Error: No such file or directory # list counter inet filter ns0out6 # ^^^^^^ # Error: No such file or directory # list counter inet filter ns0in # ^^^^^^ # ERROR: ns0in counter in ns0-0Hc1Kf82 has unexpected value (expected packets 0 bytes 0) at check_ns0_counters 1 # Error: No such file or directory # list counter inet filter ns0in # ^^^^^^ # Error: No such file or directory # list counter inet filter ns0in6 # ^^^^^^ # ERROR: ns0in6 counter in ns0-0Hc1Kf82 has unexpected value (expected packets 0 bytes 0) at # Error: No such file or directory # list counter inet filter ns0in6 # ^^^^^^ # Error: No such file or directory # list counter inet filter ns0out # ^^^^^^ # ERROR: ns0out counter in ns0-0Hc1Kf82 has unexpected value (expected packets 0 bytes 0) at check_ns0_counters 2 # Error: No such file or directory # list counter inet filter ns0out # ^^^^^^ # Error: No such file or directory # list counter inet filter ns0out6 # ^^^^^^ # ERROR: ns0out6 counter in ns0-0Hc1Kf82 has unexpected value (expected packets 0 bytes 0) at check_ns0_counters3 # Error: No such file or directory # list counter inet filter ns0out6 # ^^^^^^ # Error: No such file or directory # list counter inet filter ns1in # ^^^^^^ # ERROR: ns1in counter in ns0-0Hc1Kf82 has unexpected value (expected packets 1 bytes 84) at check_ns0_counters 4 # Error: No such file or directory # list counter inet filter ns1in # ^^^^^^ # Error: No such file or directory # list counter inet filter ns1in6 # ^^^^^^ # ERROR: ns1 counter in ns0-0Hc1Kf82 has unexpected value (expected packets 1 bytes 104) at check_ns0_counters 5 # Error: No such file or directory # list counter inet filter ns1 # ^^^^^^ # Error: No such file or directory # list counter inet filter ns1out # ^^^^^^ # ERROR: ns1out counter in ns0-0Hc1Kf82 has unexpected value (expected packets 1 bytes 84) at check_ns0_counters 4 # Error: No such file or directory # list counter inet filter ns1out # ^^^^^^ # Error: No such file or directory # list counter inet filter ns1out6 # ^^^^^^ # ERROR: ns1 counter in ns0-0Hc1Kf82 has unexpected value (expected packets 1 bytes 104) at check_ns0_counters 5 # Error: No such file or directory # list counter inet filter ns1 # ^^^^^^ # Error: No such file or directory # list counter inet filter ns0in # ^^^^^^ # ERROR: ns0in counter in ns2-0Hc1Kf82 has unexpected value (expected packets 1 bytes 84) at check_counters 1 # Error: No such file or directory # list counter inet filter ns0in # ^^^^^^ # Error: No such file or directory # list counter inet filter ns0out # ^^^^^^ # ERROR: ns0out counter in ns2-0Hc1Kf82 has unexpected value (expected packets 1 bytes 84) at check_counters 2 # Error: No such file or directory # list counter inet filter ns0out # ^^^^^^ # Error: No such file or directory # list counter inet filter ns0in6 # ^^^^^^ # ERROR: ns0in6 counter in ns2-0Hc1Kf82 has unexpected value (expected packets 1 bytes 104) at check_counters 3 # Error: No such file or directory # list counter inet filter ns0in6 # ^^^^^^ # Error: No such file or directory # list counter inet filter ns0out6 # ^^^^^^ # ERROR: ns0out6 counter in ns2-0Hc1Kf82 has unexpected value (expected packets 1 bytes 104) at check_counters 4 # Error: No such file or directory # list counter inet filter ns0out6 # ^^^^^^ # Error: No such file or directory # list counter inet filter ns0in # ^^^^^^ # ERROR: ns0in counter in ns0-0Hc1Kf82 has unexpected value (expected packets 0 bytes 0) at check_ns0_counters 1 # Error: No such file or directory # list counter inet filter ns0in # ^^^^^^ # Error: No such file or directory # list counter inet filter ns0in6 # ^^^^^^ # ERROR: ns0in6 counter in ns0-0Hc1Kf82 has unexpected value (expected packets 0 bytes 0) at # Error: No such file or directory # list counter inet filter ns0in6 # ^^^^^^ # Error: No such file or directory # list counter inet filter ns0out # ^^^^^^ # ERROR: ns0out counter in ns0-0Hc1Kf82 has unexpected value (expected packets 0 bytes 0) at check_ns0_counters 2 # Error: No such file or directory # list counter inet filter ns0out # ^^^^^^ # Error: No such file or directory # list counter inet filter ns0out6 # ^^^^^^ # ERROR: ns0out6 counter in ns0-0Hc1Kf82 has unexpected value (expected packets 0 bytes 0) at check_ns0_counters3 # Error: No such file or directory # list counter inet filter ns0out6 # ^^^^^^ # Error: No such file or directory # list counter inet filter ns2in # ^^^^^^ # ERROR: ns2in counter in ns0-0Hc1Kf82 has unexpected value (expected packets 1 bytes 84) at check_ns0_counters 4 # Error: No such file or directory # list counter inet filter ns2in # ^^^^^^ # Error: No such file or directory # list counter inet filter ns2in6 # ^^^^^^ # ERROR: ns2 counter in ns0-0Hc1Kf82 has unexpected value (expected packets 1 bytes 104) at check_ns0_counters 5 # Error: No such file or directory # list counter inet filter ns2 # ^^^^^^ # Error: No such file or directory # list counter inet filter ns2out # ^^^^^^ # ERROR: ns2out counter in ns0-0Hc1Kf82 has unexpected value (expected packets 1 bytes 84) at check_ns0_counters 4 # Error: No such file or directory # list counter inet filter ns2out # ^^^^^^ # Error: No such file or directory # list counter inet filter ns2out6 # ^^^^^^ # ERROR: ns2 counter in ns0-0Hc1Kf82 has unexpected value (expected packets 1 bytes 104) at check_ns0_counters 5 # Error: No such file or directory # list counter inet filter ns2 # ^^^^^^ [ 92.417219] unwind: Unknown symbol address bf02e1c8 [ 92.417611] BUG: spinlock recursion on CPU#0, modprobe/762 [ 92.417622] lock: unwind_lock+0x0/0x24, .magic: dead4ead, .owner: modprobe/762, .owner_cpu: 0 [ 92.417649] CPU: 0 PID: 762 Comm: modprobe Not tainted 6.1.4-rc1 #1 [ 92.417657] Hardware name: Generic DT based system [ 92.417662] unwind_backtrace from show_stack+0x18/0x1c [ 92.417682] show_stack from dump_stack_lvl+0x58/0x70 [ 92.417703] dump_stack_lvl from do_raw_spin_lock+0xcc/0xf0 [ 92.417719] do_raw_spin_lock from _raw_spin_lock_irqsave+0x60/0x74 [ 92.417740] _raw_spin_lock_irqsave from unwind_frame+0x470/0x840 [ 92.417760] unwind_frame from __save_stack_trace+0xa4/0xe0 [ 92.417775] __save_stack_trace from stack_trace_save+0x40/0x60 [ 92.417792] stack_trace_save from save_trace+0x50/0x410 [ 92.417805] save_trace from __lock_acquire+0x16dc/0x2a8c [ 92.417815] __lock_acquire from lock_acquire+0x110/0x364 [ 92.417826] lock_acquire from _raw_spin_lock_irqsave+0x58/0x74 [ 92.417847] _raw_spin_lock_irqsave from down_trylock+0x14/0x34 [ 92.417872] down_trylock from __down_trylock_console_sem+0x30/0x98 [ 92.417894] __down_trylock_console_sem from vprintk_emit+0x98/0x35c [ 92.417914] vprintk_emit from vprintk_default+0x28/0x30 [ 92.417933] vprintk_default from _printk+0x30/0x54 [ 92.417954] _printk from search_index+0xcc/0xd8 [ 92.417974] search_index from unwind_frame+0x630/0x840 [ 92.417989] unwind_frame from __save_stack_trace+0xa4/0xe0 [ 92.417999] __save_stack_trace from stack_trace_save+0x40/0x60 [ 92.418021] stack_trace_save from set_track_prepare+0x2c/0x58 [ 92.418044] set_track_prepare from free_debug_processing+0x380/0x61c [ 92.418063] free_debug_processing from kmem_cache_free+0x270/0x45c [ 92.418077] kmem_cache_free from rcu_core+0x3c8/0x1140 [ 92.418093] rcu_core from __do_softirq+0x130/0x538 [ 92.418109] __do_softirq from __irq_exit_rcu+0x14c/0x170 [ 92.418122] __irq_exit_rcu from irq_exit+0x10/0x30 [ 92.418132] irq_exit from call_with_stack+0x18/0x20 [ 92.418146] call_with_stack from __irq_svc+0x9c/0xb8 [ 92.418160] Exception stack(0xf8f59cc0 to 0xf8f59d08) [ 92.418171] 9cc0: c634b108 f8f9e940 0000021c 00034068 00000028 c634b100 00000d01 f8fa7040 [ 92.418180] 9ce0: c634b108 c634b100 c25e54d0 ffffffbf bf02e020 f8f59d10 bf02e304 bf02e1c8 [ 92.418187] 9d00: 200d0113 ffffffff [ 92.418191] __irq_svc from sha1_ce_transform+0x188/0x1bc [sha1_arm_ce] [ 118.427094] rcu: INFO: rcu_sched detected stalls on CPUs/tasks: [ 118.430231] (detected by 1, t=2602 jiffies, g=13749, q=213 ncpus=2) [ 118.433459] rcu: All QSes seen, last rcu_sched kthread activity 2602 (-18164--20766), jiffies_till_next_fqs=1, root ->qsmask 0x0 [ 118.438830] rcu: rcu_sched kthread timer wakeup didn't happen for 2601 jiffies! g13749 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x200 [ 118.444321] rcu: Possible timer handling issue on cpu=0 timer-softirq=3501 [ 118.447958] rcu: rcu_sched kthread starved for 2602 jiffies! g13749 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x200 ->cpu=0 [ 118.453202] rcu: Unless rcu_sched kthread gets sufficient CPU time, OOM is now expected behavior. [ 118.457584] rcu: RCU grace-period kthread stack dump: [ 118.460282] task:rcu_sched state:R stack:0 pid:14 ppid:2 flags:0x00000000 [ 118.464277] __schedule from schedule+0x60/0x100 [ 118.466571] schedule from schedule_timeout+0xbc/0x20c [ 118.469192] schedule_timeout from rcu_gp_fqs_loop+0x180/0x8d0 [ 118.472165] rcu_gp_fqs_loop from rcu_gp_kthread+0x268/0x3c0 [ 118.475096] rcu_gp_kthread from kthread+0xfc/0x11c [ 118.477675] kthread from ret_from_fork+0x14/0x2c [ 118.479938] Exception stack(0xf0871fb0 to 0xf0871ff8) [ 118.482620] 1fa0: 00000000 00000000 00000000 00000000 [ 118.486777] 1fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 118.490778] 1fe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 118.494227] rcu: Stack dump where RCU GP kthread last ran: [ 118.496920] Sending NMI from CPU 1 to CPUs 0: [ 196.487089] rcu: INFO: rcu_sched detected stalls on CPUs/tasks: [ 196.490069] (detected by 1, t=10408 jiffies, g=13749, q=291 ncpus=2) [ 196.493125] rcu: All QSes seen, last rcu_sched kthread activity 10408 (-10358--20766), jiffies_till_next_fqs=1, root ->qsmask 0x0 [ 196.498543] rcu: rcu_sched kthread timer wakeup didn't happen for 10407 jiffies! g13749 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x200 [ 196.503820] rcu: Possible timer handling issue on cpu=0 timer-softirq=3501 [ 196.507068] rcu: rcu_sched kthread starved for 10408 jiffies! g13749 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x200 ->cpu=0 [ 196.511845] rcu: Unless rcu_sched kthread gets sufficient CPU time, OOM is now expected behavior. [ 196.515998] rcu: RCU grace-period kthread stack dump: [ 196.518341] task:rcu_sched state:R stack:0 pid:14 ppid:2 flags:0x00000000 [ 196.522212] __schedule from schedule+0x60/0x100 [ 196.524392] schedule from schedule_timeout+0xbc/0x20c [ 196.526793] schedule_timeout from rcu_gp_fqs_loop+0x180/0x8d0 [ 196.529554] rcu_gp_fqs_loop from rcu_gp_kthread+0x268/0x3c0 [ 196.532231] rcu_gp_kthread from kthread+0xfc/0x11c [ 196.534515] kthread from ret_from_fork+0x14/0x2c [ 196.536814] Exception stack(0xf0871fb0 to 0xf0871ff8) [ 196.539163] 1fa0: 00000000 00000000 00000000 00000000 [ 196.542933] 1fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 196.546718] 1fe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 196.549759] rcu: Stack dump where RCU GP kthread last ran: [ 196.552305] Sending NMI from CPU 1 to CPUs 0: [ 274.537090] rcu: INFO: rcu_sched detected stalls on CPUs/tasks: [ 274.539913] (detected by 1, t=18213 jiffies, g=13749, q=294 ncpus=2) [ 274.542844] rcu: All QSes seen, last rcu_sched kthread activity 18213 (-2553--20766), jiffies_till_next_fqs=1, root ->qsmask 0x0 [ 274.548052] rcu: rcu_sched kthread timer wakeup didn't happen for 18212 jiffies! g13749 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x200 [ 274.553130] rcu: Possible timer handling issue on cpu=0 timer-softirq=3501 [ 274.556276] rcu: rcu_sched kthread starved for 18213 jiffies! g13749 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x200 ->cpu=0 [ 274.560932] rcu: Unless rcu_sched kthread gets sufficient CPU time, OOM is now expected behavior. [ 274.564906] rcu: RCU grace-period kthread stack dump: [ 274.567183] task:rcu_sched state:R stack:0 pid:14 ppid:2 flags:0x00000000 [ 274.570945] __schedule from schedule+0x60/0x100 [ 274.573114] schedule from schedule_timeout+0xbc/0x20c [ 274.575482] schedule_timeout from rcu_gp_fqs_loop+0x180/0x8d0 [ 274.578110] rcu_gp_fqs_loop from rcu_gp_kthread+0x268/0x3c0 [ 274.580685] rcu_gp_kthread from kthread+0xfc/0x11c [ 274.582907] kthread from ret_from_fork+0x14/0x2c [ 274.585072] Exception stack(0xf0871fb0 to 0xf0871ff8) [ 274.587375] 1fa0: 00000000 00000000 00000000 00000000 [ 274.591035] 1fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 274.594733] 1fe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 274.597716] rcu: Stack dump where RCU GP kthread last ran: [ 274.600211] Sending NMI from CPU 1 to CPUs 0: [ 352.587095] rcu: INFO: rcu_sched detected stalls on CPUs/tasks: [ 352.589951] (detected by 1, t=26018 jiffies, g=13749, q=302 ncpus=2) [ 352.592812] rcu: All QSes seen, last rcu_sched kthread activity 26018 (5252--20766), jiffies_till_next_fqs=1, root ->qsmask 0x0 [ 352.597854] rcu: rcu_sched kthread timer wakeup didn't happen for 26017 jiffies! g13749 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x200 [ 352.603086] rcu: Possible timer handling issue on cpu=0 timer-softirq=3501 [ 352.606120] rcu: rcu_sched kthread starved for 26018 jiffies! g13749 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x200 ->cpu=0 [ 352.610625] rcu: Unless rcu_sched kthread gets sufficient CPU time, OOM is now expected behavior. [ 352.614522] rcu: RCU grace-period kthread stack dump: [ 352.616787] task:rcu_sched state:R stack:0 pid:14 ppid:2 flags:0x00000000 [ 352.620470] __schedule from schedule+0x60/0x100 [ 352.622642] schedule from schedule_timeout+0xbc/0x20c [ 352.625133] schedule_timeout from rcu_gp_fqs_loop+0x180/0x8d0 [ 352.627944] rcu_gp_fqs_loop from rcu_gp_kthread+0x268/0x3c0 [ 352.630522] rcu_gp_kthread from kthread+0xfc/0x11c [ 352.632711] kthread from ret_from_fork+0x14/0x2c [ 352.634870] Exception stack(0xf0871fb0 to 0xf0871ff8) [ 352.637127] 1fa0: 00000000 00000000 00000000 00000000 [ 352.640687] 1fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 352.644262] 1fe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 352.647148] rcu: Stack dump where RCU GP kthread last ran: [ 352.649559] Sending NMI from CPU 1 to CPUs 0: [ 430.637222] rcu: INFO: rcu_sched detected stalls on CPUs/tasks: [ 430.640203] (detected by 1, t=33823 jiffies, g=13749, q=314 ncpus=2) [ 430.643245] rcu: All QSes seen, last rcu_sched kthread activity 33823 (13057--20766), jiffies_till_next_fqs=1, root ->qsmask 0x0 [ 430.648624] rcu: rcu_sched kthread timer wakeup didn't happen for 33822 jiffies! g13749 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x200 [ 430.653861] rcu: Possible timer handling issue on cpu=0 timer-softirq=3501 [ 430.657085] rcu: rcu_sched kthread starved for 33823 jiffies! g13749 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x200 ->cpu=0 [ 430.661780] rcu: Unless rcu_sched kthread gets sufficient CPU time, OOM is now expected behavior. [ 430.665876] rcu: RCU grace-period kthread stack dump: [ 430.668225] task:rcu_sched state:R stack:0 pid:14 ppid:2 flags:0x00000000 [ 430.672089] __schedule from schedule+0x60/0x100 [ 430.674294] schedule from schedule_timeout+0xbc/0x20c [ 430.676805] schedule_timeout from rcu_gp_fqs_loop+0x180/0x8d0 [ 430.679569] rcu_gp_fqs_loop from rcu_gp_kthread+0x268/0x3c0 [ 430.682281] rcu_gp_kthread from kthread+0xfc/0x11c [ 430.684608] kthread from ret_from_fork+0x14/0x2c [ 430.686809] Exception stack(0xf0871fb0 to 0xf0871ff8) [ 430.689211] 1fa0: 00000000 00000000 00000000 00000000 [ 430.692951] 1fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 430.696735] 1fe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 430.699829] rcu: Stack dump where RCU GP kthread last ran: [ 430.702415] Sending NMI from CPU 1 to CPUs 0: [1] https://lkft.validation.linaro.org/scheduler/job/6022385#L1224 https://qa-reports.linaro.org/lkft/linux-stable-rc-linux-6.1.y/build/v6.1.3… https://qa-reports.linaro.org/lkft/linux-stable-rc-linux-6.1.y/build/v6.1.3… metadata: git_ref: linux-6.1.y git_repo: https://gitlab.com/Linaro/lkft/mirrors/stable/linux-stable-rc git_sha: a31425cbf493ef8bc7f7ce775a1028b1e0612f32 git_describe: v6.1.3-208-ga31425cbf493 kernel_version: 6.1.4-rc1 kernel-config: https://storage.tuxsuite.com/public/linaro/lkft/builds/2JrzrHzfFQKu8CwO4A3H… build-url: https://gitlab.com/Linaro/lkft/mirrors/stable/linux-stable-rc/-/pipelines/7… artifact-location: https://storage.tuxsuite.com/public/linaro/lkft/builds/2JrzrHzfFQKu8CwO4A3H… toolchain: gcc-10 vmlinux.xz: https://storage.tuxsuite.com/public/linaro/lkft/builds/2JrzrHzfFQKu8CwO4A3H… System.map: https://storage.tuxsuite.com/public/linaro/lkft/builds/2JrzrHzfFQKu8CwO4A3H… -- Linaro LKFT https://lkft.linaro.org

2 years, 11 months

1
0
0 0

[PATCH 4.19 0/1] drm/amdkfd: Check for null pointer after calling kmemdup

by Dragos-Marian Panait

The following commit is needed to fix CVE-2022-3108: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… Jiasheng Jiang (1): drm/amdkfd: Check for null pointer after calling kmemdup drivers/gpu/drm/amd/amdkfd/kfd_crat.c | 3 +++ 1 file changed, 3 insertions(+) base-commit: c652c812211c7a427d16be1d3f904eb02eb4265f -- 2.38.1

2 years, 11 months

4
8
0 0

[PATCH v5 0/3] ima: Fix IMA mishandling of LSM based rule during

by GUO Zihua

Backports the following three patches to fix the issue of IMA mishandling LSM based rule during LSM policy update, causing a file to match an unexpected rule. v5: goes back to ima_lsm_free_rule() instead to avoid freeing rule->fsname. v4: Make use of the exisiting ima_free_rule() instead of backported ima_lsm_free_rule(). Which resolves additional memory leak issues. v3: Backport "LSM: switch to blocking policy update notifiers" as well, as the prerequsite of "ima: use the lsm policy update notifier". v2: Re-adjust the bacported logic. GUO Zihua (1): ima: Handle -ESTALE returned by ima_filter_rule_match() Janne Karhunen (2): LSM: switch to blocking policy update notifiers ima: use the lsm policy update notifier drivers/infiniband/core/device.c | 4 +- include/linux/security.h | 12 +-- security/integrity/ima/ima.h | 2 + security/integrity/ima/ima_main.c | 8 ++ security/integrity/ima/ima_policy.c | 151 ++++++++++++++++++++++------ security/security.c | 23 +++-- security/selinux/hooks.c | 2 +- security/selinux/selinuxfs.c | 2 +- 8 files changed, 156 insertions(+), 48 deletions(-) -- 2.17.1

2 years, 11 months

1
3
0 0

[PATCH] usb: ucsi: fix connector partner ucsi work issue

by Linyu Yuan

When ucsi unregister, it will destroy connector work queue, but a pending delay work may still exist, once delay timer expire, as work queue destroyed, it will cause system crash. Move all partner related delay work to connector instance and cancel all of them when ucsi unregister happen. Fixes: b9aa02c ("usb: typec: ucsi: Add polling mechanism for partner tasks like alt mode checking") Signed-off-by: Linyu Yuan <quic_linyyuan(a)quicinc.com> --- drivers/usb/typec/ucsi/ucsi.c | 61 +++++++++++++++++++++++++------------------ drivers/usb/typec/ucsi/ucsi.h | 11 ++++++++ 2 files changed, 46 insertions(+), 26 deletions(-) diff --git a/drivers/usb/typec/ucsi/ucsi.c b/drivers/usb/typec/ucsi/ucsi.c index eabe519..f6b23e9 100644 --- a/drivers/usb/typec/ucsi/ucsi.c +++ b/drivers/usb/typec/ucsi/ucsi.c @@ -185,14 +185,6 @@ EXPORT_SYMBOL_GPL(ucsi_send_command); /* -------------------------------------------------------------------------- */ -struct ucsi_work { - struct delayed_work work; - unsigned long delay; - unsigned int count; - struct ucsi_connector *con; - int (*cb)(struct ucsi_connector *); -}; - static void ucsi_poll_worker(struct work_struct *work) { struct ucsi_work *uwork = container_of(work, struct ucsi_work, work.work); @@ -203,7 +195,6 @@ static void ucsi_poll_worker(struct work_struct *work) if (!con->partner) { mutex_unlock(&con->lock); - kfree(uwork); return; } @@ -211,30 +202,20 @@ static void ucsi_poll_worker(struct work_struct *work) if (uwork->count-- && (ret == -EBUSY || ret == -ETIMEDOUT)) queue_delayed_work(con->wq, &uwork->work, uwork->delay); - else - kfree(uwork); mutex_unlock(&con->lock); } -static int ucsi_partner_task(struct ucsi_connector *con, - int (*cb)(struct ucsi_connector *), +static int ucsi_partner_task(struct ucsi_work *uwork, int retries, unsigned long delay) { - struct ucsi_work *uwork; + struct ucsi_connector *con = uwork->con; if (!con->partner) return 0; - uwork = kzalloc(sizeof(*uwork), GFP_KERNEL); - if (!uwork) - return -ENOMEM; - - INIT_DELAYED_WORK(&uwork->work, ucsi_poll_worker); uwork->count = retries; uwork->delay = delay; - uwork->con = con; - uwork->cb = cb; queue_delayed_work(con->wq, &uwork->work, delay); @@ -636,8 +617,8 @@ static void ucsi_pwr_opmode_change(struct ucsi_connector *con) case UCSI_CONSTAT_PWR_OPMODE_PD: con->rdo = con->status.request_data_obj; typec_set_pwr_opmode(con->port, TYPEC_PWR_MODE_PD); - ucsi_partner_task(con, ucsi_get_src_pdos, 30, 0); - ucsi_partner_task(con, ucsi_check_altmodes, 30, 0); + ucsi_partner_task(&con->pdos_work, 30, 0); + ucsi_partner_task(&con->altmodes_work, 30, 0); break; case UCSI_CONSTAT_PWR_OPMODE_TYPEC1_5: con->rdo = 0; @@ -799,7 +780,7 @@ static void ucsi_handle_connector_change(struct work_struct *work) if (con->status.flags & UCSI_CONSTAT_CONNECTED) { ucsi_register_partner(con); - ucsi_partner_task(con, ucsi_check_connection, 1, HZ); + ucsi_partner_task(&con->connection_work, 1, HZ); } else { ucsi_unregister_partner(con); } @@ -818,7 +799,7 @@ static void ucsi_handle_connector_change(struct work_struct *work) } if (con->status.change & UCSI_CONSTAT_CAM_CHANGE) - ucsi_partner_task(con, ucsi_check_altmodes, 1, 0); + ucsi_partner_task(&con->altmodes_work, 1, 0); clear_bit(EVENT_PENDING, &con->ucsi->flags); @@ -1034,6 +1015,21 @@ static struct fwnode_handle *ucsi_find_fwnode(struct ucsi_connector *con) return NULL; } +static void ucsi_partner_task_init(struct ucsi_connector *con) +{ + INIT_DELAYED_WORK(&con->connection_work.work, ucsi_poll_worker); + con->connection_work.cb = ucsi_check_connection; + con->connection_work.con = con; + + INIT_DELAYED_WORK(&con->pdos_work.work, ucsi_poll_worker); + con->pdos_work.cb = ucsi_get_src_pdos; + con->pdos_work.con = con; + + INIT_DELAYED_WORK(&con->altmodes_work.work, ucsi_poll_worker); + con->altmodes_work.cb = ucsi_check_altmodes; + con->altmodes_work.con = con; +} + static int ucsi_register_port(struct ucsi *ucsi, int index) { struct ucsi_connector *con = &ucsi->connector[index]; @@ -1053,6 +1049,7 @@ static int ucsi_register_port(struct ucsi *ucsi, int index) if (!con->wq) return -ENOMEM; + ucsi_partner_task_init(con); INIT_WORK(&con->work, ucsi_handle_connector_change); init_completion(&con->complete); mutex_init(&con->lock); @@ -1287,7 +1284,7 @@ static void ucsi_resume_work(struct work_struct *work) for (con = ucsi->connector; con->port; con++) { mutex_lock(&con->lock); - ucsi_partner_task(con, ucsi_check_connection, 1, 0); + ucsi_partner_task(&con->connection_work, 1, 0); mutex_unlock(&con->lock); } } @@ -1396,6 +1393,17 @@ int ucsi_register(struct ucsi *ucsi) } EXPORT_SYMBOL_GPL(ucsi_register); +static void ucsi_partner_task_destroy(struct ucsi_connector *con) +{ + mutex_lock(&con->lock); + + cancel_delayed_work_sync(&con->connection_work.work); + cancel_delayed_work_sync(&con->pdos_work.work); + cancel_delayed_work_sync(&con->altmodes_work.work); + + mutex_unlock(&con->lock); +} + /** * ucsi_unregister - Unregister UCSI interface * @ucsi: UCSI interface to be unregistered @@ -1420,6 +1428,7 @@ void ucsi_unregister(struct ucsi *ucsi) ucsi_unregister_altmodes(&ucsi->connector[i], UCSI_RECIPIENT_CON); ucsi_unregister_port_psy(&ucsi->connector[i]); + ucsi_partner_task_destroy(&ucsi->connector[i]); if (ucsi->connector[i].wq) destroy_workqueue(ucsi->connector[i].wq); typec_unregister_port(ucsi->connector[i].port); diff --git a/drivers/usb/typec/ucsi/ucsi.h b/drivers/usb/typec/ucsi/ucsi.h index c968474..40d39d2 100644 --- a/drivers/usb/typec/ucsi/ucsi.h +++ b/drivers/usb/typec/ucsi/ucsi.h @@ -314,6 +314,14 @@ struct ucsi { #define UCSI_TYPEC_1_5_CURRENT 1500 #define UCSI_TYPEC_3_0_CURRENT 3000 +struct ucsi_work { + struct delayed_work work; + unsigned long delay; + unsigned int count; + struct ucsi_connector *con; + int (*cb)(struct ucsi_connector *con); +}; + struct ucsi_connector { int num; @@ -322,6 +330,9 @@ struct ucsi_connector { struct work_struct work; struct completion complete; struct workqueue_struct *wq; + struct ucsi_work connection_work; + struct ucsi_work pdos_work; + struct ucsi_work altmodes_work; struct typec_port *port; struct typec_partner *partner; -- 2.7.4

2 years, 11 months

2
1
0 0

[PATCH 3/6] bus: mhi: ep: Only send -ENOTCONN status if client driver is available

by Manivannan Sadhasivam

For the STOP and RESET commands, only send the channel disconnect status -ENOTCONN if client driver is available. Otherwise, it will result in null pointer dereference. Cc: <stable(a)vger.kernel.org> # 5.19 Fixes: e827569062a8 ("bus: mhi: ep: Add support for processing command rings") Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> --- drivers/bus/mhi/ep/main.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/drivers/bus/mhi/ep/main.c b/drivers/bus/mhi/ep/main.c index 8b065a3cc848..7d68b00bdbcf 100644 --- a/drivers/bus/mhi/ep/main.c +++ b/drivers/bus/mhi/ep/main.c @@ -203,9 +203,11 @@ static int mhi_ep_process_cmd_ring(struct mhi_ep_ring *ring, struct mhi_ring_ele mhi_ep_mmio_disable_chdb(mhi_cntrl, ch_id); /* Send channel disconnect status to client drivers */ - result.transaction_status = -ENOTCONN; - result.bytes_xferd = 0; - mhi_chan->xfer_cb(mhi_chan->mhi_dev, &result); + if (mhi_chan->xfer_cb) { + result.transaction_status = -ENOTCONN; + result.bytes_xferd = 0; + mhi_chan->xfer_cb(mhi_chan->mhi_dev, &result); + } /* Set channel state to STOP */ mhi_chan->state = MHI_CH_STATE_STOP; @@ -235,9 +237,11 @@ static int mhi_ep_process_cmd_ring(struct mhi_ep_ring *ring, struct mhi_ring_ele mhi_ep_ring_reset(mhi_cntrl, ch_ring); /* Send channel disconnect status to client driver */ - result.transaction_status = -ENOTCONN; - result.bytes_xferd = 0; - mhi_chan->xfer_cb(mhi_chan->mhi_dev, &result); + if (mhi_chan->xfer_cb) { + result.transaction_status = -ENOTCONN; + result.bytes_xferd = 0; + mhi_chan->xfer_cb(mhi_chan->mhi_dev, &result); + } /* Set channel state to DISABLED */ mhi_chan->state = MHI_CH_STATE_DISABLED; -- 2.25.1

2 years, 11 months

2
1
0 0

[PATCH v6 01/45] drm/amd: Delay removal of the firmware framebuffer

by Mario Limonciello

Removing the firmware framebuffer from the driver means that even if the driver doesn't support the IP blocks in a GPU it will no longer be functional after the driver fails to initialize. This change will ensure that unsupported IP blocks at least cause the driver to work with the EFI framebuffer. Cc: stable(a)vger.kernel.org Suggested-by: Alex Deucher <alexander.deucher(a)amd.com> Reviewed-by: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: Mario Limonciello <mario.limonciello(a)amd.com> --- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 8 ++++++++ drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 6 ------ 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c index 9a1a5c2864a0..cdb681398a99 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c @@ -37,6 +37,7 @@ #include <linux/pci-p2pdma.h> #include <drm/drm_atomic_helper.h> +#include <drm/drm_aperture.h> #include <drm/drm_probe_helper.h> #include <drm/amdgpu_drm.h> #include <linux/vgaarb.h> @@ -89,6 +90,8 @@ MODULE_FIRMWARE("amdgpu/navi12_gpu_info.bin"); #define AMDGPU_MAX_RETRY_LIMIT 2 #define AMDGPU_RETRY_SRIOV_RESET(r) ((r) == -EBUSY || (r) == -ETIMEDOUT || (r) == -EINVAL) +static const struct drm_driver amdgpu_kms_driver; + const char *amdgpu_asic_name[] = { "TAHITI", "PITCAIRN", @@ -3685,6 +3688,11 @@ int amdgpu_device_init(struct amdgpu_device *adev, if (r) return r; + /* Get rid of things like offb */ + r = drm_aperture_remove_conflicting_pci_framebuffers(adev->pdev, &amdgpu_kms_driver); + if (r) + return r; + /* Enable TMZ based on IP_VERSION */ amdgpu_gmc_tmz_set(adev); diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c index db7e34eacc35..b9f14ec9edb2 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c @@ -23,7 +23,6 @@ */ #include <drm/amdgpu_drm.h> -#include <drm/drm_aperture.h> #include <drm/drm_drv.h> #include <drm/drm_gem.h> #include <drm/drm_vblank.h> @@ -2096,11 +2095,6 @@ static int amdgpu_pci_probe(struct pci_dev *pdev, } #endif - /* Get rid of things like offb */ - ret = drm_aperture_remove_conflicting_pci_framebuffers(pdev, &amdgpu_kms_driver); - if (ret) - return ret; - adev = devm_drm_dev_alloc(&pdev->dev, &amdgpu_kms_driver, typeof(*adev), ddev); if (IS_ERR(adev)) return PTR_ERR(adev); -- 2.34.1

2 years, 11 months

1
0
0 0

[PATCH v4 0/3] ima: Fix IMA mishandling of LSM based rule during

by GUO Zihua

Backports the following three patches to fix the issue of IMA mishandling LSM based rule during LSM policy update, causing a file to match an unexpected rule. v4: Make use of the exisiting ima_free_rule() instead of backported ima_lsm_free_rule(). Which resolves additional memory leak issues. v3: Backport "LSM: switch to blocking policy update notifiers" as well, as the prerequsite of "ima: use the lsm policy update notifier". v2: Re-adjust the bacported logic. GUO Zihua (1): ima: Handle -ESTALE returned by ima_filter_rule_match() Janne Karhunen (2): LSM: switch to blocking policy update notifiers ima: use the lsm policy update notifier drivers/infiniband/core/device.c | 4 +- include/linux/security.h | 12 +-- security/integrity/ima/ima.h | 2 + security/integrity/ima/ima_main.c | 8 ++ security/integrity/ima/ima_policy.c | 136 ++++++++++++++++++++++------ security/security.c | 23 +++-- security/selinux/hooks.c | 2 +- security/selinux/selinuxfs.c | 2 +- 8 files changed, 143 insertions(+), 46 deletions(-) -- 2.17.1

2 years, 11 months

2
4
0 0

+ mm-hugetlb-pre-allocate-pgtable-pages-for-uffd-wr-protects.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/hugetlb: pre-allocate pgtable pages for uffd wr-protects has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-hugetlb-pre-allocate-pgtable-pages-for-uffd-wr-protects.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Peter Xu <peterx(a)redhat.com> Subject: mm/hugetlb: pre-allocate pgtable pages for uffd wr-protects Date: Wed, 4 Jan 2023 17:52:05 -0500 Userfaultfd-wp uses pte markers to mark wr-protected pages for both shmem and hugetlb. Shmem has pre-allocation ready for markers, but hugetlb path was overlooked. Doing so by calling huge_pte_alloc() if the initial pgtable walk fails to find the huge ptep. It's possible that huge_pte_alloc() can fail with high memory pressure, in that case stop the loop immediately and fail silently. This is not the most ideal solution but it matches with what we do with shmem meanwhile it avoids the splat in dmesg. Link: https://lkml.kernel.org/r/20230104225207.1066932-2-peterx@redhat.com Fixes: 60dfaad65aa9 ("mm/hugetlb: allow uffd wr-protect none ptes") Signed-off-by: Peter Xu <peterx(a)redhat.com> Reported-by: James Houghton <jthoughton(a)google.com> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: Axel Rasmussen <axelrasmussen(a)google.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Mike Kravetz <mike.kravetz(a)oracle.com> Cc: Muchun Song <songmuchun(a)bytedance.com> Cc: Nadav Amit <nadav.amit(a)gmail.com> Cc: <stable(a)vger.kernel.org> [5.19+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/hugetlb.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) --- a/mm/hugetlb.c~mm-hugetlb-pre-allocate-pgtable-pages-for-uffd-wr-protects +++ a/mm/hugetlb.c @@ -6660,8 +6660,17 @@ unsigned long hugetlb_change_protection( spinlock_t *ptl; ptep = huge_pte_offset(mm, address, psize); if (!ptep) { - address |= last_addr_mask; - continue; + if (!uffd_wp) { + address |= last_addr_mask; + continue; + } + /* + * Userfaultfd wr-protect requires pgtable + * pre-allocations to install pte markers. + */ + ptep = huge_pte_alloc(mm, vma, address, psize); + if (!ptep) + break; } ptl = huge_pte_lock(h, mm, ptep); if (huge_pmd_unshare(mm, vma, address, ptep)) { _ Patches currently in -mm which might be from peterx(a)redhat.com are mm-hugetlb-pre-allocate-pgtable-pages-for-uffd-wr-protects.patch mm-uffd-fix-pte-marker-when-fork-without-fork-event.patch mm-fix-a-few-rare-cases-of-using-swapin-error-pte-marker.patch mm-uffd-always-wr-protect-pte-in-ptepmd_mkuffd_wp.patch mm-hugetlb-let-vma_offset_start-to-return-start.patch mm-hugetlb-dont-wait-for-migration-entry-during-follow-page.patch mm-hugetlb-document-huge_pte_offset-usage.patch mm-hugetlb-move-swap-entry-handling-into-vma-lock-when-faulted.patch mm-hugetlb-make-userfaultfd_huge_must_wait-safe-to-pmd-unshare.patch mm-hugetlb-make-hugetlb_follow_page_mask-safe-to-pmd-unshare.patch mm-hugetlb-make-follow_hugetlb_page-safe-to-pmd-unshare.patch mm-hugetlb-make-walk_hugetlb_range-safe-to-pmd-unshare.patch mm-hugetlb-introduce-hugetlb_walk.patch mm-mprotect-use-long-for-page-accountings-and-retval.patch mm-uffd-detect-pgtable-allocation-failures.patch

2 years, 11 months

1
0
0 0

+ mm-fix-vma-anon_name-memory-leak-for-anonymous-shmem-vmas.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm: fix vma->anon_name memory leak for anonymous shmem VMAs has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-fix-vma-anon_name-memory-leak-for-anonymous-shmem-vmas.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Suren Baghdasaryan <surenb(a)google.com> Subject: mm: fix vma->anon_name memory leak for anonymous shmem VMAs Date: Wed, 4 Jan 2023 16:02:40 -0800 free_anon_vma_name() is missing a check for anonymous shmem VMA which leads to a memory leak due to refcount not being dropped. Fix this by calling anon_vma_name_put() unconditionally. It will free vma->anon_name whenever it's non-NULL. Link: https://lkml.kernel.org/r/20230105000241.1450843-1-surenb@google.com Fixes: d09e8ca6cb93 ("mm: anonymous shared memory naming") Signed-off-by: Suren Baghdasaryan <surenb(a)google.com> Suggested-by: David Hildenbrand <david(a)redhat.com> Reported-by: syzbot+91edf9178386a07d06a7(a)syzkaller.appspotmail.com Cc: David Hildenbrand <david(a)redhat.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Pasha Tatashin <pasha.tatashin(a)soleen.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/mm_inline.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) --- a/include/linux/mm_inline.h~mm-fix-vma-anon_name-memory-leak-for-anonymous-shmem-vmas +++ a/include/linux/mm_inline.h @@ -413,8 +413,7 @@ static inline void free_anon_vma_name(st * Not using anon_vma_name because it generates a warning if mmap_lock * is not held, which might be the case here. */ - if (!vma->vm_file) - anon_vma_name_put(vma->anon_name); + anon_vma_name_put(vma->anon_name); } static inline bool anon_vma_name_eq(struct anon_vma_name *anon_name1, _ Patches currently in -mm which might be from surenb(a)google.com are mm-fix-vma-anon_name-memory-leak-for-anonymous-shmem-vmas.patch

2 years, 11 months

1
0
0 0

[GIT PULL v2] virtio,vhost,vdpa: fixes, cleanups

by Michael S. Tsirkin

These fixes have been in next, though not as these commits. I'd like to apologize again to contributors for missing the merge window with new features. These by necessity have been pushed out to the next merge window. This pull only has bugfixes. I put automation in place to help prevent missing merge window in the future. The following changes since commit 1b929c02afd37871d5afb9d498426f83432e71c2: Linux 6.2-rc1 (2022-12-25 13:41:39 -0800) are available in the Git repository at: https://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost.git tags/for_linus for you to fetch changes up to a26116c1e74028914f281851488546c91cbae57d: virtio_blk: Fix signedness bug in virtblk_prep_rq() (2022-12-28 05:28:11 -0500) ---------------------------------------------------------------- virtio,vhost,vdpa: fixes, cleanups mostly fixes all over the place, a couple of cleanups. Signed-off-by: Michael S. Tsirkin <mst(a)redhat.com> ---------------------------------------------------------------- Angus Chen (2): virtio_pci: modify ENOENT to EINVAL virtio_blk: use UINT_MAX instead of -1U Cindy Lu (2): vhost_vdpa: fix the crash in unmap a large memory vdpa_sim_net: should not drop the multicast/broadcast packet Colin Ian King (1): RDMA/mlx5: remove variable i Davidlohr Bueso (2): tools/virtio: remove stray characters tools/virtio: remove smp_read_barrier_depends() Dawei Li (1): virtio: Implementing attribute show with sysfs_emit Dmitry Fomichev (1): virtio-blk: use a helper to handle request queuing errors Eli Cohen (5): vdpa/mlx5: Fix rule forwarding VLAN to TIR vdpa/mlx5: Return error on vlan ctrl commands if not supported vdpa/mlx5: Fix wrong mac address deletion vdpa/mlx5: Avoid using reslock in event_handler vdpa/mlx5: Avoid overwriting CVQ iotlb Harshit Mogalapalli (1): vduse: Validate vq_num in vduse_validate_config() Jason Wang (2): vdpa: conditionally fill max max queue pair for stats vdpasim: fix memory leak when freeing IOTLBs Rafael Mendonca (1): virtio_blk: Fix signedness bug in virtblk_prep_rq() Ricardo Cañuelo (1): tools/virtio: initialize spinlocks in vring_test.c Rong Wang (1): vdpa/vp_vdpa: fix kfree a wrong pointer in vp_vdpa_remove Shaomin Deng (1): tools: Delete the unneeded semicolon after curly braces Shaoqin Huang (2): virtio_pci: use helper function is_power_of_2() virtio_ring: use helper function is_power_of_2() Si-Wei Liu (1): vdpa: merge functionally duplicated dev_features attributes Stefano Garzarella (4): vringh: fix range used in iotlb_translate() vhost: fix range used in translate_desc() vhost-vdpa: fix an iotlb memory leak vdpa_sim: fix vringh initialization in vdpasim_queue_ready() Wei Yongjun (1): virtio-crypto: fix memory leak in virtio_crypto_alg_skcipher_close_session() Yuan Can (1): vhost/vsock: Fix error handling in vhost_vsock_init() ruanjinjie (1): vdpa_sim: fix possible memory leak in vdpasim_net_init() and vdpasim_blk_init() wangjianli (1): tools/virtio: Variable type completion drivers/block/virtio_blk.c | 35 +++++----- .../crypto/virtio/virtio_crypto_skcipher_algs.c | 3 +- drivers/vdpa/mlx5/core/mlx5_vdpa.h | 5 +- drivers/vdpa/mlx5/core/mr.c | 46 +++++++------ drivers/vdpa/mlx5/net/mlx5_vnet.c | 78 +++++++--------------- drivers/vdpa/vdpa.c | 11 ++- drivers/vdpa/vdpa_sim/vdpa_sim.c | 7 +- drivers/vdpa/vdpa_sim/vdpa_sim_blk.c | 4 +- drivers/vdpa/vdpa_sim/vdpa_sim_net.c | 7 +- drivers/vdpa/vdpa_user/vduse_dev.c | 3 + drivers/vdpa/virtio_pci/vp_vdpa.c | 2 +- drivers/vhost/vdpa.c | 52 +++++++++------ drivers/vhost/vhost.c | 4 +- drivers/vhost/vringh.c | 5 +- drivers/vhost/vsock.c | 9 ++- drivers/virtio/virtio.c | 12 ++-- drivers/virtio/virtio_pci_modern.c | 4 +- drivers/virtio/virtio_ring.c | 2 +- include/uapi/linux/vdpa.h | 4 +- tools/virtio/ringtest/main.h | 37 +++++----- tools/virtio/virtio-trace/trace-agent-ctl.c | 2 +- tools/virtio/virtio_test.c | 2 +- tools/virtio/vringh_test.c | 2 + 23 files changed, 173 insertions(+), 163 deletions(-)

2 years, 11 months

2
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror January 2023