September 2023 - Linux-stable-mirror

[obsolete] mm-lock-vmas-skipped-by-a-failed-queue_pages_range.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: lock VMAs skipped by a failed queue_pages_range() has been removed from the -mm tree. Its filename was mm-lock-vmas-skipped-by-a-failed-queue_pages_range.patch This patch was dropped because it is obsolete ------------------------------------------------------ From: Suren Baghdasaryan <surenb(a)google.com> Subject: mm: lock VMAs skipped by a failed queue_pages_range() Date: Mon, 18 Sep 2023 14:16:08 -0700 When queue_pages_range() encounters an unmovable page, it terminates its page walk. This walk, among other things, locks the VMAs in the range. This termination might result in some VMAs being left unlocked after queue_pages_range() completes. Since do_mbind() continues to operate on these VMAs despite the failure from queue_pages_range(), it will encounter an unlocked VMA, leading to a BUG(). This mbind() behavior has been modified several times before and might need some changes to either finish the page walk even in the presence of unmovable pages or to error out immediately after the failure to queue_pages_range(). However that requires more discussions, so to fix the immediate issue, explicitly lock the VMAs in the range if queue_pages_range() failed. The added condition does not save much but is added for documentation purposes to understand when this extra locking is needed. Link: https://lkml.kernel.org/r/20230918211608.3580629-1-surenb@google.com Fixes: 49b0638502da ("mm: enable page walking API to lock vmas during the walk") Signed-off-by: Suren Baghdasaryan <surenb(a)google.com> Reported-by: syzbot+b591856e0f0139f83023(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/all/000000000000f392a60604a65085@google.com/ Acked-by: Hugh Dickins <hughd(a)google.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Yang Shi <shy828301(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/mempolicy.c | 3 +++ 1 file changed, 3 insertions(+) --- a/mm/mempolicy.c~mm-lock-vmas-skipped-by-a-failed-queue_pages_range +++ a/mm/mempolicy.c @@ -1342,6 +1342,9 @@ static long do_mbind(unsigned long start vma_iter_init(&vmi, mm, start); prev = vma_prev(&vmi); for_each_vma_range(vmi, vma, end) { + /* If queue_pages_range failed then not all VMAs might be locked */ + if (ret) + vma_start_write(vma); err = mbind_range(&vmi, vma, &prev, start, end, new); if (err) break; _ Patches currently in -mm which might be from surenb(a)google.com are selftests-mm-add-uffdio_remap-ioctl-test.patch

2 years, 2 months

1
0
0 0

[PATCH 3/5] x86: KVM: SVM: refresh AVIC inhibition in svm_leave_nested()

by Maxim Levitsky

svm_leave_nested() similar to a nested VM exit, get the vCPU out of nested mode and thus should end the local inhibition of AVIC on this vCPU. Failure to do so, can lead to hangs on guest reboot. Raise the KVM_REQ_APICV_UPDATE request to refresh the AVIC state of the current vCPU in this case. Cc: stable(a)vger.kernel.org Signed-off-by: Maxim Levitsky <mlevitsk(a)redhat.com> --- arch/x86/kvm/svm/nested.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c index dd496c9e5f91f28..3fea8c47679e689 100644 --- a/arch/x86/kvm/svm/nested.c +++ b/arch/x86/kvm/svm/nested.c @@ -1253,6 +1253,9 @@ void svm_leave_nested(struct kvm_vcpu *vcpu) nested_svm_uninit_mmu_context(vcpu); vmcb_mark_all_dirty(svm->vmcb); + + if (kvm_apicv_activated(vcpu->kvm)) + kvm_make_request(KVM_REQ_APICV_UPDATE, vcpu); } kvm_clear_request(KVM_REQ_GET_NESTED_STATE_PAGES, vcpu); -- 2.26.3

2 years, 2 months

2
1
0 0

[PATCH AUTOSEL 4.14 1/6] parisc: sba: Fix compile warning wrt list of SBA devices

by Sasha Levin

From: Helge Deller <deller(a)gmx.de> [ Upstream commit eb3255ee8f6f4691471a28fbf22db5e8901116cd ] Fix this makecheck warning: drivers/parisc/sba_iommu.c:98:19: warning: symbol 'sba_list' was not declared. Should it be static? Signed-off-by: Helge Deller <deller(a)gmx.de> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- arch/parisc/include/asm/ropes.h | 3 +++ drivers/char/agp/parisc-agp.c | 2 -- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/arch/parisc/include/asm/ropes.h b/arch/parisc/include/asm/ropes.h index 8e51c775c80a6..62399c7ea94a1 100644 --- a/arch/parisc/include/asm/ropes.h +++ b/arch/parisc/include/asm/ropes.h @@ -86,6 +86,9 @@ struct sba_device { struct ioc ioc[MAX_IOC]; }; +/* list of SBA's in system, see drivers/parisc/sba_iommu.c */ +extern struct sba_device *sba_list; + #define ASTRO_RUNWAY_PORT 0x582 #define IKE_MERCED_PORT 0x803 #define REO_MERCED_PORT 0x804 diff --git a/drivers/char/agp/parisc-agp.c b/drivers/char/agp/parisc-agp.c index 1d5510cb6db4e..1962ff624b7c5 100644 --- a/drivers/char/agp/parisc-agp.c +++ b/drivers/char/agp/parisc-agp.c @@ -385,8 +385,6 @@ find_quicksilver(struct device *dev, void *data) static int __init parisc_agp_init(void) { - extern struct sba_device *sba_list; - int err = -1; struct parisc_device *sba = NULL, *lba = NULL; struct lba_device *lbadev = NULL; -- 2.40.1

2 years, 2 months

2
6
0 0

[PATCH 1/5] x86: KVM: SVM: fix for x2avic CVE-2023-5090

by Maxim Levitsky

The following problem exists since the x2avic was enabled in the KVM: svm_set_x2apic_msr_interception is called to enable the interception of the x2apic msrs. In particular it is called at the moment the guest resets its apic. Assuming that the guest's apic was in x2apic mode, the reset will bring it back to the xapic mode. The svm_set_x2apic_msr_interception however has an erroneous check for '!apic_x2apic_mode()' which prevents it from doing anything in this case. As a result of this, all x2apic msrs are left unintercepted, and that exposes the bare metal x2apic (if enabled) to the guest. Oops. Remove the erroneous '!apic_x2apic_mode()' check to fix that. Cc: stable(a)vger.kernel.org Signed-off-by: Maxim Levitsky <mlevitsk(a)redhat.com> --- arch/x86/kvm/svm/svm.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 9507df93f410a63..acdd0b89e4715a3 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -913,8 +913,7 @@ void svm_set_x2apic_msr_interception(struct vcpu_svm *svm, bool intercept) if (intercept == svm->x2avic_msrs_intercepted) return; - if (!x2avic_enabled || - !apic_x2apic_mode(svm->vcpu.arch.apic)) + if (!x2avic_enabled) return; for (i = 0; i < MAX_DIRECT_ACCESS_MSRS; i++) { -- 2.26.3

2 years, 2 months

2
1
0 0

FAILED: patch "[PATCH] ata: libahci: clear pending interrupt status" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.14.y git checkout FETCH_HEAD git cherry-pick -x 737dd811a3dbfd7edd4ad2ba5152e93d99074f83 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023092019-aptitude-device-3909@gregkh' --subject-prefix 'PATCH 4.14.y' HEAD^.. Possible dependencies: 737dd811a3db ("ata: libahci: clear pending interrupt status") 93c7711494f4 ("ata: ahci: Drop pointless VPRINTK() calls and convert the remaining ones") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 737dd811a3dbfd7edd4ad2ba5152e93d99074f83 Mon Sep 17 00:00:00 2001 From: Szuying Chen <chensiying21(a)gmail.com> Date: Thu, 7 Sep 2023 16:17:10 +0800 Subject: [PATCH] ata: libahci: clear pending interrupt status When a CRC error occurs, the HBA asserts an interrupt to indicate an interface fatal error (PxIS.IFS). The ISR clears PxIE and PxIS, then does error recovery. If the adapter receives another SDB FIS with an error (PxIS.TFES) from the device before the start of the EH recovery process, the interrupt signaling the new SDB cannot be serviced as PxIE was cleared already. This in turn results in the HBA inability to issue any command during the error recovery process after setting PxCMD.ST to 1 because PxIS.TFES is still set. According to AHCI 1.3.1 specifications section 6.2.2, fatal errors notified by setting PxIS.HBFS, PxIS.HBDS, PxIS.IFS or PxIS.TFES will cause the HBA to enter the ERR:Fatal state. In this state, the HBA shall not issue any new commands. To avoid this situation, introduce the function ahci_port_clear_pending_irq() to clear pending interrupts before executing a COMRESET. This follows the AHCI 1.3.1 - section 6.2.2.2 specification. Signed-off-by: Szuying Chen <Chloe_Chen(a)asmedia.com.tw> Fixes: e0bfd149973d ("[PATCH] ahci: stop engine during hard reset") Cc: stable(a)vger.kernel.org Reviewed-by: Niklas Cassel <niklas.cassel(a)wdc.com> Signed-off-by: Damien Le Moal <dlemoal(a)kernel.org> diff --git a/drivers/ata/libahci.c b/drivers/ata/libahci.c index e2bacedf28ef..f1263364fa97 100644 --- a/drivers/ata/libahci.c +++ b/drivers/ata/libahci.c @@ -1256,6 +1256,26 @@ static ssize_t ahci_activity_show(struct ata_device *dev, char *buf) return sprintf(buf, "%d\n", emp->blink_policy); } +static void ahci_port_clear_pending_irq(struct ata_port *ap) +{ + struct ahci_host_priv *hpriv = ap->host->private_data; + void __iomem *port_mmio = ahci_port_base(ap); + u32 tmp; + + /* clear SError */ + tmp = readl(port_mmio + PORT_SCR_ERR); + dev_dbg(ap->host->dev, "PORT_SCR_ERR 0x%x\n", tmp); + writel(tmp, port_mmio + PORT_SCR_ERR); + + /* clear port IRQ */ + tmp = readl(port_mmio + PORT_IRQ_STAT); + dev_dbg(ap->host->dev, "PORT_IRQ_STAT 0x%x\n", tmp); + if (tmp) + writel(tmp, port_mmio + PORT_IRQ_STAT); + + writel(1 << ap->port_no, hpriv->mmio + HOST_IRQ_STAT); +} + static void ahci_port_init(struct device *dev, struct ata_port *ap, int port_no, void __iomem *mmio, void __iomem *port_mmio) @@ -1270,18 +1290,7 @@ static void ahci_port_init(struct device *dev, struct ata_port *ap, if (rc) dev_warn(dev, "%s (%d)\n", emsg, rc); - /* clear SError */ - tmp = readl(port_mmio + PORT_SCR_ERR); - dev_dbg(dev, "PORT_SCR_ERR 0x%x\n", tmp); - writel(tmp, port_mmio + PORT_SCR_ERR); - - /* clear port IRQ */ - tmp = readl(port_mmio + PORT_IRQ_STAT); - dev_dbg(dev, "PORT_IRQ_STAT 0x%x\n", tmp); - if (tmp) - writel(tmp, port_mmio + PORT_IRQ_STAT); - - writel(1 << port_no, mmio + HOST_IRQ_STAT); + ahci_port_clear_pending_irq(ap); /* mark esata ports */ tmp = readl(port_mmio + PORT_CMD); @@ -1603,6 +1612,8 @@ int ahci_do_hardreset(struct ata_link *link, unsigned int *class, tf.status = ATA_BUSY; ata_tf_to_fis(&tf, 0, 0, d2h_fis); + ahci_port_clear_pending_irq(ap); + rc = sata_link_hardreset(link, timing, deadline, online, ahci_check_ready);

2 years, 2 months

2
2
0 0

[PATCH 2/5] x86: KVM: SVM: add support for Invalid IPI Vector interception

by Maxim Levitsky

In later revisions of AMD's APM, there is a new 'incomplete IPI' exit code: "Invalid IPI Vector - The vector for the specified IPI was set to an illegal value (VEC < 16)" Note that tests on Zen2 machine show that this VM exit doesn't happen and instead AVIC just does nothing. Add support for this exit code by doing nothing, instead of filling the kernel log with errors. Also replace an unthrottled 'pr_err()' if another unknown incomplete IPI exit happens with WARN_ON_ONCE() (e.g in case AMD adds yet another 'Invalid IPI' exit reason) Cc: <stable(a)vger.kernel.org> Signed-off-by: Maxim Levitsky <mlevitsk(a)redhat.com> --- arch/x86/include/asm/svm.h | 1 + arch/x86/kvm/svm/avic.c | 5 ++++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h index 19bf955b67e0da0..3ac0ffc4f3e202b 100644 --- a/arch/x86/include/asm/svm.h +++ b/arch/x86/include/asm/svm.h @@ -268,6 +268,7 @@ enum avic_ipi_failure_cause { AVIC_IPI_FAILURE_TARGET_NOT_RUNNING, AVIC_IPI_FAILURE_INVALID_TARGET, AVIC_IPI_FAILURE_INVALID_BACKING_PAGE, + AVIC_IPI_FAILURE_INVALID_IPI_VECTOR, }; #define AVIC_PHYSICAL_MAX_INDEX_MASK GENMASK_ULL(8, 0) diff --git a/arch/x86/kvm/svm/avic.c b/arch/x86/kvm/svm/avic.c index 2092db892d7d052..c44b65af494e3ff 100644 --- a/arch/x86/kvm/svm/avic.c +++ b/arch/x86/kvm/svm/avic.c @@ -529,8 +529,11 @@ int avic_incomplete_ipi_interception(struct kvm_vcpu *vcpu) case AVIC_IPI_FAILURE_INVALID_BACKING_PAGE: WARN_ONCE(1, "Invalid backing page\n"); break; + case AVIC_IPI_FAILURE_INVALID_IPI_VECTOR: + /* Invalid IPI with vector < 16 */ + break; default: - pr_err("Unknown IPI interception\n"); + WARN_ONCE(1, "Unknown avic incomplete IPI interception\n"); } return 1; -- 2.26.3

2 years, 2 months

2
1
0 0

[REGRESSION] EINVAL with mount in selinux_set_mnt_opts when mounting in a guest vm with selinux disabled

by Simon Kaegi

#regzbot introduced v6.1.52..v6.1.53 #regzbot introduced: ed134f284b4ed85a70d5f760ed0686e3cd555f9b We hit this regression when updating our guest vm kernel from 6.1.52 to 6.1.53 -- bisecting this problem was introduced in ed134f284b4ed85a70d5f760ed0686e3cd555f9b -- vfs, security: Fix automount superblock LSM init problem, preventing NFS sb sharing -- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=… We're getting an EINVAL in `selinux_set_mnt_opts` in `security/selinux/hooks.c` when mounting a folder in a guest VM where selinux is disabled. We're mounting from another folder that we suspect has selinux labels set from the host. The EINVAL is getting set in the following block... ``` if (!selinux_initialized(&selinux_state)) { if (!opts) { /* Defer initialization until selinux_complete_init, after the initial policy is loaded and the security server is ready to handle calls. */ goto out; } rc = -EINVAL; pr_warn("SELinux: Unable to set superblock options " "before the security server is initialized\n"); goto out; } ``` We can reproduce 100% of the time but don't currently have a simple reproducer as the problem was found in our build service which uses kata-containers (with cloud-hypervisor and rootfs mounted via virtio-blk). We have not checked the mainline as we currently are tied to 6.1.x. -Simon

2 years, 2 months

3
4
0 0

[PATCH 6.4, 6.5] ASoC: cs35l56: Disable low-power hibernation mode

by Richard Fitzgerald

commit 18789be8e0d9fbb78b2290dcf93f500726ed19f0 upstream. Please apply to 6.4 and 6.5. Do not allow the CS35L56 to be put into its lowest power "hibernation" mode. This only affects I2C because "hibernation" is already disabled on SPI and SoundWire. Recent firmwares need a different wake-up sequence. Until that sequence has been specified, the chip "hibernation" mode must be disabled otherwise it can intermittently fail to wake. Backport note: This is the same change as upstream commit, to delete one line, but the upstream commit would not apply cleanly on older branches because of minor differences to the surrounding code. Signed-off-by: Richard Fitzgerald <rf(a)opensource.cirrus.com> Link: https://lore.kernel.org/r/20230912133841.3480466-1-rf@opensource.cirrus.com Signed-off-by: Mark Brown <broonie(a)kernel.org> --- sound/soc/codecs/cs35l56-i2c.c | 1 - 1 file changed, 1 deletion(-) diff --git a/sound/soc/codecs/cs35l56-i2c.c b/sound/soc/codecs/cs35l56-i2c.c index c613a2554fa3..494adabd4f43 100644 --- a/sound/soc/codecs/cs35l56-i2c.c +++ b/sound/soc/codecs/cs35l56-i2c.c @@ -27,7 +27,6 @@ static int cs35l56_i2c_probe(struct i2c_client *client) return -ENOMEM; cs35l56->dev = dev; - cs35l56->can_hibernate = true; i2c_set_clientdata(client, cs35l56); cs35l56->regmap = devm_regmap_init_i2c(client, regmap_config); -- 2.30.2

2 years, 2 months

2
1
0 0

[PATCH -stable,5.10 0/2] Netfilter stable fixes for 5.10

by Pablo Neira Ayuso

Hi Greg, Sasha, The following small batch contains two more fixes for a WARNING splat on chain unregistration and UaF in the flowtable unregistration that is exercised from netns path for 5.10 -stable. I am using original commit IDs for reference: 1) 6069da443bf6 ("netfilter: nf_tables: unregister flowtable hooks on netns exit") 2) f9a43007d3f7 ("netfilter: nf_tables: double hook unregistration in netns path") Please, apply. Thanks. Pablo Neira Ayuso (2): netfilter: nf_tables: unregister flowtable hooks on netns exit netfilter: nf_tables: double hook unregistration in netns path net/netfilter/nf_tables_api.c | 68 ++++++++++++++++++++++++++--------- 1 file changed, 52 insertions(+), 16 deletions(-) -- 2.30.2

2 years, 2 months

2
3
0 0

6.5 pre-emption hangs

by Mario Limonciello

Hi, Some hangs are reported on GFX9 hardware related to pre-emption. The hangs that are root caused to this are fixed by this commit from 6.6: 8cbbd11547f6 ("drm/amdgpu: set completion status as preempted for the resubmission") Link: https://gitlab.freedesktop.org/drm/amd/-/issues/2447#note_2100975 Can you please bring this back to 6.5.y? Thanks,

2 years, 2 months

2
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror September 2023