September 2023 - Linux-stable-mirror

by Lucas Santiago Copertari Ramonda

Olá, querido, Em duas ocasiões, enviei-lhe um e-mail ao qual você não respondeu. Você consegue encontrar tempo para me responder agora? ....................................... Hi Dear,On two occasions, I have sent an email to you which you have not responded to.Can you find time to respond to me now?

1 year, 2 months

1
0
0 0

Prezentacja

by Mateusz Talaga

Dzień dobry! Czy mógłbym przedstawić rozwiązanie, które umożliwia monitoring każdego auta w czasie rzeczywistym w tym jego pozycję, zużycie paliwa i przebieg? Dodatkowo nasze narzędzie minimalizuje koszty utrzymania samochodów, skraca czas przejazdów, a także tworzenie planu tras czy dostaw. Z naszej wiedzy i doświadczenia korzysta już ponad 49 tys. Klientów. Monitorujemy 809 000 pojazdów na całym świecie, co jest naszą najlepszą wizytówką. Bardzo proszę o e-maila zwrotnego, jeśli moglibyśmy wspólnie omówić potencjał wykorzystania takiego rozwiązania w Państwa firmie. Pozdrawiam Mateusz Talaga

1 year, 2 months

1
0
0 0

[PATCH stable 6.1.y 1/2] KVM: arm64: Prevent the donation of no-map pages

by Suraj Jitindar Singh

From: Quentin Perret <qperret(a)google.com> commit 43c1ff8b75011bc3e3e923adf31ba815864a2494 upstream. Memory regions marked as "no-map" in the host device-tree routinely include TrustZone carev-outs and DMA pools. Although donating such pages to the hypervisor may not breach confidentiality, it could be used to corrupt its state in uncontrollable ways. To prevent this, let's block host-initiated memory transitions targeting "no-map" pages altogether in nVHE protected mode as there should be no valid reason to do this in current operation. Thankfully, the pKVM EL2 hypervisor has a full copy of the host's list of memblock regions, so we can easily check for the presence of the MEMBLOCK_NOMAP flag on a region containing pages being donated from the host. Reviewed-by: Philippe Mathieu-Daudé <philmd(a)linaro.org> Tested-by: Vincent Donnefort <vdonnefort(a)google.com> Signed-off-by: Quentin Perret <qperret(a)google.com> Signed-off-by: Will Deacon <will(a)kernel.org> Signed-off-by: Marc Zyngier <maz(a)kernel.org> Link: https://lore.kernel.org/r/20221110190259.26861-8-will@kernel.org [ bp: clean ] Signed-off-by: Suraj Jitindar Singh <surajjs(a)amazon.com> --- arch/arm64/kvm/hyp/nvhe/mem_protect.c | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/arch/arm64/kvm/hyp/nvhe/mem_protect.c b/arch/arm64/kvm/hyp/nvhe/mem_protect.c index 07f9dc9848ef..0f6c053686c7 100644 --- a/arch/arm64/kvm/hyp/nvhe/mem_protect.c +++ b/arch/arm64/kvm/hyp/nvhe/mem_protect.c @@ -195,7 +195,7 @@ struct kvm_mem_range { u64 end; }; -static bool find_mem_range(phys_addr_t addr, struct kvm_mem_range *range) +static struct memblock_region *find_mem_range(phys_addr_t addr, struct kvm_mem_range *range) { int cur, left = 0, right = hyp_memblock_nr; struct memblock_region *reg; @@ -218,18 +218,28 @@ static bool find_mem_range(phys_addr_t addr, struct kvm_mem_range *range) } else { range->start = reg->base; range->end = end; - return true; + return reg; } } - return false; + return NULL; } bool addr_is_memory(phys_addr_t phys) { struct kvm_mem_range range; - return find_mem_range(phys, &range); + return !!find_mem_range(phys, &range); +} + +static bool addr_is_allowed_memory(phys_addr_t phys) +{ + struct memblock_region *reg; + struct kvm_mem_range range; + + reg = find_mem_range(phys, &range); + + return reg && !(reg->flags & MEMBLOCK_NOMAP); } static bool is_in_mem_range(u64 addr, struct kvm_mem_range *range) @@ -348,7 +358,7 @@ static bool host_stage2_force_pte_cb(u64 addr, u64 end, enum kvm_pgtable_prot pr static int host_stage2_idmap(u64 addr) { struct kvm_mem_range range; - bool is_memory = find_mem_range(addr, &range); + bool is_memory = !!find_mem_range(addr, &range); enum kvm_pgtable_prot prot; int ret; @@ -425,7 +435,7 @@ static int __check_page_state_visitor(u64 addr, u64 end, u32 level, struct check_walk_data *d = arg; kvm_pte_t pte = *ptep; - if (kvm_pte_valid(pte) && !addr_is_memory(kvm_pte_to_phys(pte))) + if (kvm_pte_valid(pte) && !addr_is_allowed_memory(kvm_pte_to_phys(pte))) return -EINVAL; return d->get_page_state(pte) == d->desired ? 0 : -EPERM; -- 2.34.1

1 year, 2 months

5
7
0 0

[PATCH v1 0/8] Fix set_huge_pte_at() panic on arm64

by Ryan Roberts

Hi All, This series fixes a bug in arm64's implementation of set_huge_pte_at(), which can result in an unprivileged user causing a kernel panic. The problem was triggered when running the new uffd poison mm selftest for HUGETLB memory. This test (and the uffd poison feature) was merged for v6.6-rc1. However, upon inspection there are multiple other pre-existing paths that can trigger this bug. Ideally, I'd like to get this fix in for v6.6 if possible? And I guess it should be backported too, given there are call sites where this can theoretically happen that pre-date v6.6-rc1 (I've cc'ed stable(a)vger.kernel.org). Description of Bug ------------------ arm64's huge pte implementation supports multiple huge page sizes, some of which are implemented in the page table with contiguous mappings. So set_huge_pte_at() needs to work out how big the logical pte is, so that it can also work out how many physical ptes (or pmds) need to be written. It does this by grabbing the folio out of the pte and querying its size. However, there are cases when the pte being set is actually a swap entry. But this also used to work fine, because for huge ptes, we only ever saw migration entries and hwpoison entries. And both of these types of swap entries have a PFN embedded, so the code would grab that and everything still worked out. But over time, more calls to set_huge_pte_at() have been added that set swap entry types that do not embed a PFN. And this causes the code to go bang. The triggering case is for the uffd poison test, commit 99aa77215ad0 ("selftests/mm: add uffd unit test for UFFDIO_POISON"), which sets a PTE_MARKER_POISONED swap entry. But review shows there are other places too (PTE_MARKER_UFFD_WP). If CONFIG_DEBUG_VM is enabled, we do at least get a BUG(), but otherwise, it will dereference a bad pointer in page_folio(): static inline struct folio *hugetlb_swap_entry_to_folio(swp_entry_t entry) { VM_BUG_ON(!is_migration_entry(entry) && !is_hwpoison_entry(entry)); return page_folio(pfn_to_page(swp_offset_pfn(entry))); } So the root cause is due to commit 18f3962953e4 ("mm: hugetlb: kill set_huge_swap_pte_at()"), which aimed to simplify the interface to the core code by removing set_huge_swap_pte_at() (which took a page size parameter) and replacing it with calls to set_huge_swap_pte_at() where the size was inferred from the folio, as descibed above. While that commit didn't break anything at the time, it did break the interface because it couldn't handle swap entries without PFNs. And since then new callers have come along which rely on this working. Fix --- The simplest fix would have been to revert the dodgy cleanup commit, but since things have moved on, this would have required an audit of all the new set_huge_pte_at() call sites to see if they should be converted to set_huge_swap_pte_at(). As per the original intent of the change, it would also leave us open to future bugs when people invariably get it wrong and call the wrong helper. So instead, I've converted the first parameter of set_huge_pte_at() to be a vma rather than an mm. This means that the arm64 code can easily recover the huge page size in all cases. It's a bigger change, due to needing to touch the arches that implement the function, but it is entirely mechanical, so in my view, low risk. I've compile-tested all touched arches; arm64, parisc, powerpc, riscv, s390 (and additionally x86_64). I've additionally booted and run mm selftests against arm64, where I observe the uffd poison test is fixed, and there are no other regressions. Patches ------- patches 1-7: Convert core mm and arches to pass vma instead of mm patch: 8: Fixes the arm64 bug Patches based on v6.6-rc2. Thanks, Ryan Ryan Roberts (8): parisc: hugetlb: Convert set_huge_pte_at() to take vma powerpc: hugetlb: Convert set_huge_pte_at() to take vma riscv: hugetlb: Convert set_huge_pte_at() to take vma s390: hugetlb: Convert set_huge_pte_at() to take vma sparc: hugetlb: Convert set_huge_pte_at() to take vma mm: hugetlb: Convert set_huge_pte_at() to take vma arm64: hugetlb: Convert set_huge_pte_at() to take vma arm64: hugetlb: Fix set_huge_pte_at() to work with all swap entries arch/arm64/include/asm/hugetlb.h | 2 +- arch/arm64/mm/hugetlbpage.c | 22 ++++---------- arch/parisc/include/asm/hugetlb.h | 2 +- arch/parisc/mm/hugetlbpage.c | 4 +-- .../include/asm/nohash/32/hugetlb-8xx.h | 3 +- arch/powerpc/mm/book3s64/hugetlbpage.c | 2 +- arch/powerpc/mm/book3s64/radix_hugetlbpage.c | 2 +- arch/powerpc/mm/nohash/8xx.c | 2 +- arch/powerpc/mm/pgtable.c | 7 ++++- arch/riscv/include/asm/hugetlb.h | 2 +- arch/riscv/mm/hugetlbpage.c | 3 +- arch/s390/include/asm/hugetlb.h | 8 +++-- arch/s390/mm/hugetlbpage.c | 8 ++++- arch/sparc/include/asm/hugetlb.h | 8 +++-- arch/sparc/mm/hugetlbpage.c | 8 ++++- include/asm-generic/hugetlb.h | 6 ++-- include/linux/hugetlb.h | 6 ++-- mm/damon/vaddr.c | 2 +- mm/hugetlb.c | 30 +++++++++---------- mm/migrate.c | 2 +- mm/rmap.c | 10 +++---- mm/vmalloc.c | 5 +++- 22 files changed, 80 insertions(+), 64 deletions(-) -- 2.25.1

1 year, 2 months

9
31
0 0

[PATCH 4.14 000/186] 4.14.326-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.14.326 release. There are 186 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 22 Sep 2023 11:28:09 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.326-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.14.326-rc1 Jamal Hadi Salim <jhs(a)mojatatu.com> net/sched: Retire rsvp classifier valis <sec(a)valis.email> net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after-free William Zhang <william.zhang(a)broadcom.com> mtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write William Zhang <william.zhang(a)broadcom.com> mtd: rawnand: brcmnand: Fix ECC level field setting for v7.2 controller William Zhang <william.zhang(a)broadcom.com> mtd: rawnand: brcmnand: Fix potential false time out warning William Zhang <william.zhang(a)broadcom.com> mtd: rawnand: brcmnand: Fix crash during the panic_write Jeff Layton <jlayton(a)kernel.org> nfsd: fix change_info in NFSv4 RENAME replies Filipe Manana <fdmanana(a)suse.com> btrfs: fix lockdep splat and potential deadlock after failure running delayed items Christian Brauner <brauner(a)kernel.org> attr: block mode changes of symlinks Nigel Croxon <ncroxon(a)redhat.com> md/raid1: fix error: ISO C90 forbids mixed declarations Zhen Lei <thunder.leizhen(a)huawei.com> kobject: Add sanity check for kset->kobj.ktype in kset_register() Christophe Leroy <christophe.leroy(a)csgroup.eu> serial: cpm_uart: Avoid suspicious locking Konstantin Shelekhin <k.shelekhin(a)yadro.com> scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() Ma Ke <make_ruc2021(a)163.com> usb: gadget: fsl_qe_udc: validate endpoint index for ch9 udc Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: pci: cx23885: replace BUG with error return Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: tuners: qt1010: replace BUG_ON with a regular error Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> iio: core: Use min() instead of min_t() to make code more robust Zhang Shurong <zhang_shurong(a)foxmail.com> media: az6007: Fix null-ptr-deref in az6007_i2c_xfer() Zhang Shurong <zhang_shurong(a)foxmail.com> media: anysee: fix null-ptr-deref in anysee_master_xfer Zhang Shurong <zhang_shurong(a)foxmail.com> media: af9005: Fix null-ptr-deref in af9005_i2c_xfer Zhang Shurong <zhang_shurong(a)foxmail.com> media: dw2102: Fix null-ptr-deref in dw2102_i2c_transfer() Zhang Shurong <zhang_shurong(a)foxmail.com> media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer ruanjinjie <ruanjinjie(a)huawei.com> powerpc/pseries: fix possible memory leak in ibmebus_bus_init() Liu Shixin via Jfs-discussion <jfs-discussion(a)lists.sourceforge.net> jfs: fix invalid free of JFS_IP(ipimap)->i_imap in diUnmount Andrew Kanner <andrew.kanner(a)gmail.com> fs/jfs: prevent double-free in dbUnmount() after failed jfs_remount() Georg Ottinger <g.ottinger(a)gmx.at> ext2: fix datatype of block number in ext2_xattr_set2() Zhang Shurong <zhang_shurong(a)foxmail.com> md: raid1: fix potential OOB in raid1_remove_disk() Tuo Li <islituo(a)gmail.com> drm/exynos: fix a possible null-pointer dereference due to data race in exynos_drm_crtc_atomic_disable() GONG, Ruiqi <gongruiqi1(a)huawei.com> alx: fix OOB-read compiler warning Alexander Steffen <Alexander.Steffen(a)infineon.com> tpm_tis: Resend command to recover from data transfer errors Mark O'Donovan <shiftee(a)posteo.net> crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui() Dmitry Antipov <dmantipov(a)yandex.ru> wifi: mwifiex: fix fortify warning Dongliang Mu <dzm91(a)hust.edu.cn> wifi: ath9k: fix printk specifier Tomislav Novak <tnovak(a)meta.com> hw_breakpoint: fix single-stepping when using bpf_overflow_handler Jiri Slaby (SUSE) <jirislaby(a)kernel.org> ACPI: video: Add backlight=native DMI quirk for Lenovo Ideapad Z470 Abhishek Mainkar <abmainkar(a)nvidia.com> ACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer Qu Wenruo <wqu(a)suse.com> btrfs: output extra debug info if we failed to find an inline backref Fedor Pchelkin <pchelkin(a)ispras.ru> autofs: fix memory leak of waitqueues in autofs_catatonic_mode Helge Deller <deller(a)gmx.de> parisc: Drop loops_per_jiffy from per_cpu struct Kuniyuki Iwashima <kuniyu(a)amazon.com> kcm: Fix error handling for SOCK_DGRAM in kcm_sendmsg(). Vadim Fedorenko <vadim.fedorenko(a)linux.dev> ixgbe: fix timestamp configuration code Shigeru Yoshida <syoshida(a)redhat.com> kcm: Fix memory leak in error path of kcm_sendmsg() Hangyu Hua <hbh25y(a)gmail.com> net: ethernet: mtk_eth_soc: fix possible NULL pointer dereference in mtk_hwlro_get_fdir_all() Damien Le Moal <dlemoal(a)kernel.org> ata: pata_ftide010: Add missing MODULE_DESCRIPTION Damien Le Moal <dlemoal(a)kernel.org> ata: sata_gemini: Add missing MODULE_DESCRIPTION Olga Zaborska <olga.zaborska(a)intel.com> igb: Change IGB_MIN to allow set rx/tx value between 64 and 80 Olga Zaborska <olga.zaborska(a)intel.com> igbvf: Change IGBVF_MIN to allow set rx/tx value between 64 and 80 Shigeru Yoshida <syoshida(a)redhat.com> kcm: Destroy mutex in kcm_exit_net() valis <sec(a)valis.email> net: sched: sch_qfq: Fix UAF in qfq_dequeue() Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Fix data race around sk->sk_err. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Fix data-races around sk->sk_shutdown. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Fix data-race around unix_tot_inflight. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Fix data-races around user->unix_inflight. Alex Henrie <alexhenrie24(a)gmail.com> net: ipv6/addrconf: avoid integer underflow in ipv6_create_tempaddr Corinna Vinschen <vinschen(a)redhat.com> igb: disable virtualization features on 82580 Eric Dumazet <edumazet(a)google.com> net: read sk->sk_family once in sk_mc_loop() Vladimir Zapolskiy <vz(a)mleia.com> pwm: lpc32xx: Remove handling of PWM channels Raag Jadav <raag.jadav(a)intel.com> watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load Sean Christopherson <seanjc(a)google.com> x86/virt: Drop unnecessary check on extended CPUID level in cpu_has_svm() Fedor Pchelkin <pchelkin(a)ispras.ru> NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock Helge Deller <deller(a)gmx.de> parisc: led: Reduce CPU overhead for disk & lan LED computation Helge Deller <deller(a)gmx.de> parisc: led: Fix LAN receive and transmit LEDs Thomas Zimmermann <tzimmermann(a)suse.de> drm/ast: Fix DRAM init on AST2200 Thomas Zimmermann <tzimmermann(a)suse.de> fbdev/ep93xx-fb: Do not assign to struct fb_info.dev Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Turn off noisy message log Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: fix inconsistent TMF timeout Thomas Bourgoin <thomas.bourgoin(a)foss.st.com> crypto: stm32 - fix loop iterating through scatterlist for DMA Enlin Mu <enlin.mu(a)unisoc.com> pstore/ram: Check start of empty przs during init Nicolas Dichtel <nicolas.dichtel(a)6wind.com> net: handle ARPHRD_PPP in dev_is_mac_header_xmit() Thore Sommer <public(a)thson.de> X.509: if signature is unsupported skip validation Jann Horn <jannh(a)google.com> dccp: Fix out of bounds access in DCCP error handler Helge Deller <deller(a)gmx.de> parisc: Fix /proc/cpuinfo output for lscpu Aleksa Sarai <cyphar(a)cyphar.com> procfs: block chmod on /proc/thread-self/comm Bjorn Helgaas <bhelgaas(a)google.com> Revert "PCI: Mark NVIDIA T4 GPUs to avoid bus reset" Dave Jiang <dave.jiang(a)intel.com> ntb: Fix calculation ntb_transport_tx_free_entry() Dave Jiang <dave.jiang(a)intel.com> ntb: Clean up tx tail index on link down Dave Jiang <dave.jiang(a)intel.com> ntb: Drop packets when qp link is down Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> media: dvb: symbol fixup for dvb_attach() Thomas Zimmermann <tzimmermann(a)suse.de> backlight/lv5207lp: Compare against struct fb_info.device Thomas Zimmermann <tzimmermann(a)suse.de> backlight/bd6107: Compare against struct fb_info.device Thomas Zimmermann <tzimmermann(a)suse.de> backlight/gpio_backlight: Compare against struct fb_info.device Gustavo A. R. Silva <gustavoars(a)kernel.org> ARM: OMAP2+: Fix -Warray-bounds warning in _pwrdm_state_switch() Takashi Iwai <tiwai(a)suse.de> ALSA: pcm: Fix missing fixup call in compat hw_refine ioctl Boris Brezillon <boris.brezillon(a)collabora.com> PM / devfreq: Fix leak in devfreq_dev_release() Radoslaw Tyl <radoslawx.tyl(a)intel.com> igb: set max size RX buffer when store bad packet is enabled Wander Lairson Costa <wander(a)redhat.com> netfilter: xt_sctp: validate the flag_info count Wander Lairson Costa <wander(a)redhat.com> netfilter: xt_u32: validate user space input Kyle Zeng <zengyhkyle(a)gmail.com> netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c Eric Dumazet <edumazet(a)google.com> igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU ruanjinjie <ruanjinjie(a)huawei.com> dmaengine: ste_dma40: Add missing IRQ check in d40_probe Jiasheng Jiang <jiasheng(a)iscas.ac.cn> rpmsg: glink: Add check for kstrdup Rahul Rameshbabu <sergeantsagara(a)protonmail.com> HID: multitouch: Correct devm device reference for hidinput input_dev name Leon Romanovsky <leonro(a)nvidia.com> Revert "IB/isert: Fix incorrect release of isert connection" Peng Fan <peng.fan(a)nxp.com> amba: bus: fix refcount leak Yi Yang <yiyang13(a)huawei.com> serial: tegra: handle clk prepare error in tegra_uart_hw_init() Chengfeng Ye <dg573847474(a)gmail.com> scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock Tony Battersby <tonyb(a)cybernetics.com> scsi: core: Use 32-bit hostnum in scsi_host_lookup() Lu Jialin <lujialin4(a)huawei.com> cgroup:namespace: Remove unused cgroup_namespaces_init() Alan Stern <stern(a)rowland.harvard.edu> USB: gadget: f_mass_storage: Fix unused variable warning Colin Ian King <colin.i.king(a)gmail.com> media: go7007: Remove redundant if statement Rob Clark <robdclark(a)chromium.org> dma-buf/sync_file: Fix docs syntax Oleksandr Natalenko <oleksandr(a)redhat.com> scsi: qedf: Do not touch __user pointer in qedf_dbg_fp_int_cmd_read() directly Oleksandr Natalenko <oleksandr(a)redhat.com> scsi: qedf: Do not touch __user pointer in qedf_dbg_stop_io_on_error_cmd_read() directly Randy Dunlap <rdunlap(a)infradead.org> x86/APM: drop the duplicate APM_MINOR_DEV macro Lin Ma <linma(a)zju.edu.cn> scsi: qla4xxx: Add length check when parsing nlattrs Lin Ma <linma(a)zju.edu.cn> scsi: be2iscsi: Add length check when parsing nlattrs Lin Ma <linma(a)zju.edu.cn> scsi: iscsi: Add strlen() check in iscsi_if_set{_host}_param() Xu Yang <xu.yang_2(a)nxp.com> usb: phy: mxs: fix getting wrong state with mxs_phy_is_otg_host() Irui Wang <irui.wang(a)mediatek.com> media: mediatek: vcodec: Return NULL if no vdec_fb is found Daniil Dulov <d.dulov(a)aladdin.ru> media: cx24120: Add retval check for cx24120_message_send() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> media: dvb-usb: m920x: Fix a potential memory leak in m920x_i2c_xfer() Daniil Dulov <d.dulov(a)aladdin.ru> media: dib7000p: Fix potential division by zero Dongliang Mu <dzm91(a)hust.edu.cn> drivers: usb: smsusb: fix error handling code in smsusb_init_device Chuck Lever <chuck.lever(a)oracle.com> NFSD: da_addr_body field missing in some GETDEVICEINFO replies Su Hui <suhui(a)nfschina.com> fs: lockd: avoid possible wrong NULL parameter Alexei Filippov <halip0503(a)gmail.com> jfs: validate max amount of blocks before allocation. Russell Currey <ruscur(a)russell.cc> powerpc/iommu: Fix notifiers being shared by PCI and VIO buses Dan Carpenter <dan.carpenter(a)linaro.org> nfs/blocklayout: Use the passed in gfp flags Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> wifi: ath10k: Use RMW accessors for changing LNKCTL Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: pciehp: Use RMW accessors for changing LNKCTL Wu Zongyong <wuzongyong(a)linux.alibaba.com> PCI: Mark NVIDIA T4 GPUs to avoid bus reset Zhang Jianhua <chris.zjh(a)huawei.com> clk: sunxi-ng: Modify mismatched function name Minjie Du <duminjie(a)vivo.com> drivers: clk: keystone: Fix parameter judgment in _of_pll_clk_init() Su Hui <suhui(a)nfschina.com> ALSA: ac97: Fix possible error value of *rac97 Gaosheng Cui <cuigaosheng1(a)huawei.com> audit: fix possible soft lockup in __audit_inode_child() Dan Carpenter <dan.carpenter(a)linaro.org> smackfs: Prevent underflow in smk_set_cipso() Ruan Jinjie <ruanjinjie(a)huawei.com> of: unittest: fix null pointer dereferencing in of_unittest_find_node_by_name() Bogdan Togorean <bogdan.togorean(a)analog.com> drm: adv7511: Fix low refresh rate register for ADV7533/5 Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ARM: dts: samsung: s5pv210-smdkv210: correct ethernet reg addresses (split) Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ARM: dts: samsung: s3c6410-mini6410: correct ethernet reg addresses (split) Rafał Miłecki <rafal(a)milecki.pl> ARM: dts: BCM53573: Use updated "spi-gpio" binding properties Rafał Miłecki <rafal(a)milecki.pl> ARM: dts: BCM53573: Add cells sizes to PCIe node Kuniyuki Iwashima <kuniyu(a)amazon.com> netrom: Deny concurrent connect(). Jinjie Ruan <ruanjinjie(a)huawei.com> net: arcnet: Do not call kfree_skb() under local_irq_disable() Wang Ming <machel(a)vivo.com> wifi: ath9k: use IS_ERR() with debugfs_create_dir() Dmitry Antipov <dmantipov(a)yandex.ru> wifi: mwifiex: avoid possible NULL skb pointer dereference Fedor Pchelkin <pchelkin(a)ispras.ru> wifi: ath9k: protect WMI command response buffer replacement with a lock Polaris Pi <pinkperfect2021(a)gmail.com> wifi: mwifiex: Fix missed return in oob checks failed path Dmitry Antipov <dmantipov(a)yandex.ru> wifi: mwifiex: fix memory leak in mwifiex_histogram_read() Artem Chernyshev <artem.chernyshev(a)red-soft.ru> fs: ocfs2: namei: check return value of ocfs2_add_entry() Yan Zhai <yan(a)cloudflare.com> lwt: Check LWTUNNEL_XMIT_CONTINUE strictly Gaurav Jain <gaurav.jain(a)nxp.com> crypto: caam - fix unchecked return value error Menglong Dong <imagedong(a)tencent.com> net: tcp: fix unexcepted socket die when snd_wnd is 0 Yuanjun Gong <ruc_gongyuanjun(a)163.com> Bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() Polaris Pi <pinkperfect2021(a)gmail.com> wifi: mwifiex: Fix OOB and integer underflow when rx packets Marc Kleine-Budde <mkl(a)pengutronix.de> can: gs_usb: gs_usb_receive_bulk_callback(): count RX overflow errors also in case of OOM Zhang Shurong <zhang_shurong(a)foxmail.com> spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe() Dan Carpenter <dan.carpenter(a)linaro.org> regmap: rbtree: Use alloc_flags for memory allocations Liao Chang <liaochang1(a)huawei.com> cpufreq: powernow-k8: Use related_cpus instead of cpus in driver.exit() Wang Ming <machel(a)vivo.com> fs: Fix error checking for d_hash_and_lookup() Matthew Wilcox <willy(a)infradead.org> reiserfs: Check the return value from __getblk() Sabrina Dubroca <sd(a)queasysnail.net> Revert "net: macsec: preserve ingress frame ordering" Jan Kara <jack(a)suse.cz> udf: Handle error when adding extent to a file Vladislav Efanov <VEfanov(a)ispras.ru> udf: Check consistency of Space Bitmap Descriptor Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/32s: Fix assembler warning about r0 Joel Stanley <joel(a)jms.id.au> powerpc/32: Include .branch_lt in data section Takashi Iwai <tiwai(a)suse.de> ALSA: seq: oss: Fix racy open/close of MIDI devices Shyam Prasad N <sprasad(a)microsoft.com> cifs: add a warning when the in-flight count goes negative Dan Carpenter <dan.carpenter(a)linaro.org> sctp: handle invalid error codes without calling BUG() David Christensen <drc(a)linux.vnet.ibm.com> bnx2x: fix page fault following EEH recovery Dmitry Mastykin <dmastykin(a)astralinux.ru> netlabel: fix shift wrapping bug in netlbl_catmap_setlong() Chengfeng Ye <dg573847474(a)gmail.com> scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock Baoquan He <bhe(a)redhat.com> idmaengine: make FSL_EDMA and INTEL_IDMA64 depends on HAS_IOMEM Martin Kohn <m.kohn(a)welotec.com> net: usb: qmi_wwan: add Quectel EM05GV2 Christian Göttsche <cgzones(a)googlemail.com> security: keys: perform capable check only on privileged operations Edgar <ljijcj(a)163.com> ASoc: codecs: ES8316: Fix DMIC config Winston Wen <wentao(a)uniontech.com> fs/nls: make load_nls() take a const parameter Stefan Haberland <sth(a)linux.ibm.com> s390/dasd: use correct number of retries for ERP requests Ben Hutchings <benh(a)debian.org> m68k: Fix invalid .section syntax Yuanjun Gong <ruc_gongyuanjun(a)163.com> ethernet: atheros: fix return value check in atl1c_tso_csum() Dmytro Maluka <dmy(a)semihalf.com> ASoC: da7219: Flush pending AAD IRQ when suspending Dominique Martinet <asmadeus(a)codewreck.org> 9p: virtio: make sure 'offs' is initialized in zc_request Andrey Ryabinin <aryabinin(a)virtuozzo.com> lib/ubsan: remove returns-nonnull-attribute checks Mario Limonciello <mario.limonciello(a)amd.com> pinctrl: amd: Don't show `Invalid config param` errors Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix general protection fault in nilfs_lookup_dirty_data_buffers() Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: fix bug when first setting GPIO direction Zheng Wang <zyytlz.wz(a)163.com> Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition Aaron Armstrong Skomra <aaron.skomra(a)wacom.com> HID: wacom: remove the battery when the EKR is off Slark Xiao <slark_xiao(a)163.com> USB: serial: option: add FOXCONN T99W368/T99W373 product Martin Kohn <m.kohn(a)welotec.com> USB: serial: option: add Quectel EM05G variant (0x030e) Christoph Hellwig <hch(a)lst.de> modules: only allow symbol_get of EXPORT_SYMBOL_GPL modules Christoph Hellwig <hch(a)lst.de> rtc: ds1685: use EXPORT_SYMBOL_GPL for ds1685_rtc_poweroff Christoph Hellwig <hch(a)lst.de> mmc: au1xmmc: force non-modular build and remove symbol_get usage Arnd Bergmann <arnd(a)arndb.de> ARM: pxa: remove use of symbol_get() ------------- Diffstat: Makefile | 4 +- arch/arm/boot/dts/bcm53573.dtsi | 3 + arch/arm/boot/dts/bcm947189acdbmr.dts | 6 +- arch/arm/boot/dts/s3c6410-mini6410.dts | 2 +- arch/arm/boot/dts/s5pv210-smdkv210.dts | 2 +- arch/arm/kernel/hw_breakpoint.c | 8 +- arch/arm/mach-omap2/powerdomain.c | 2 +- arch/arm/mach-pxa/sharpsl_pm.c | 2 - arch/arm/mach-pxa/spitz.c | 14 +- arch/arm64/kernel/hw_breakpoint.c | 4 +- arch/m68k/fpsp040/skeleton.S | 4 +- arch/m68k/ifpsp060/os.S | 4 +- arch/m68k/kernel/relocate_kernel.S | 4 +- arch/mips/alchemy/devboards/db1000.c | 8 +- arch/mips/alchemy/devboards/db1200.c | 19 +- arch/mips/alchemy/devboards/db1300.c | 10 +- arch/parisc/include/asm/led.h | 4 +- arch/parisc/include/asm/processor.h | 1 - arch/parisc/kernel/processor.c | 18 +- arch/powerpc/kernel/head_32.S | 2 +- arch/powerpc/kernel/iommu.c | 17 +- arch/powerpc/kernel/vmlinux.lds.S | 1 + arch/powerpc/platforms/pseries/ibmebus.c | 1 + arch/x86/include/asm/virtext.h | 6 - arch/x86/kernel/apm_32.c | 6 - crypto/asymmetric_keys/x509_public_key.c | 5 + drivers/acpi/acpica/psopcode.c | 2 +- drivers/acpi/video_detect.c | 9 + drivers/amba/bus.c | 1 + drivers/ata/pata_ftide010.c | 1 + drivers/ata/sata_gemini.c | 1 + drivers/base/regmap/regcache-rbtree.c | 10 +- drivers/bluetooth/btsdio.c | 1 + drivers/bluetooth/hci_nokia.c | 6 +- drivers/char/tpm/tpm_tis_core.c | 15 +- drivers/clk/keystone/pll.c | 2 +- drivers/clk/qcom/gcc-mdm9615.c | 2 +- drivers/clk/sunxi-ng/ccu_mmc_timing.c | 2 +- drivers/cpufreq/powernow-k8.c | 3 +- drivers/crypto/caam/caampkc.c | 4 +- drivers/crypto/stm32/stm32-hash.c | 2 +- drivers/devfreq/devfreq.c | 1 + drivers/dma/Kconfig | 2 + drivers/dma/ste_dma40.c | 4 + drivers/gpu/drm/ast/ast_post.c | 2 +- drivers/gpu/drm/bridge/adv7511/adv7511_drv.c | 9 +- drivers/gpu/drm/exynos/exynos_drm_crtc.c | 5 +- drivers/hid/hid-multitouch.c | 13 +- drivers/hid/wacom.h | 1 + drivers/hid/wacom_sys.c | 25 +- drivers/hid/wacom_wac.c | 1 + drivers/hid/wacom_wac.h | 1 + drivers/iio/industrialio-core.c | 2 +- drivers/infiniband/ulp/isert/ib_isert.c | 2 + drivers/md/raid1.c | 3 + drivers/media/dvb-frontends/ascot2e.c | 2 +- drivers/media/dvb-frontends/atbm8830.c | 2 +- drivers/media/dvb-frontends/au8522_dig.c | 2 +- drivers/media/dvb-frontends/bcm3510.c | 2 +- drivers/media/dvb-frontends/cx22700.c | 2 +- drivers/media/dvb-frontends/cx22702.c | 2 +- drivers/media/dvb-frontends/cx24110.c | 2 +- drivers/media/dvb-frontends/cx24113.c | 2 +- drivers/media/dvb-frontends/cx24116.c | 2 +- drivers/media/dvb-frontends/cx24120.c | 6 +- drivers/media/dvb-frontends/cx24123.c | 2 +- drivers/media/dvb-frontends/cxd2820r_core.c | 2 +- drivers/media/dvb-frontends/cxd2841er.c | 4 +- drivers/media/dvb-frontends/dib0070.c | 2 +- drivers/media/dvb-frontends/dib0090.c | 4 +- drivers/media/dvb-frontends/dib3000mb.c | 2 +- drivers/media/dvb-frontends/dib3000mc.c | 2 +- drivers/media/dvb-frontends/dib7000m.c | 2 +- drivers/media/dvb-frontends/dib7000p.c | 4 +- drivers/media/dvb-frontends/dib8000.c | 2 +- drivers/media/dvb-frontends/dib9000.c | 2 +- drivers/media/dvb-frontends/drx39xyj/drxj.c | 2 +- drivers/media/dvb-frontends/drxd_hard.c | 2 +- drivers/media/dvb-frontends/drxk_hard.c | 2 +- drivers/media/dvb-frontends/ds3000.c | 2 +- drivers/media/dvb-frontends/dvb-pll.c | 2 +- drivers/media/dvb-frontends/ec100.c | 2 +- drivers/media/dvb-frontends/helene.c | 4 +- drivers/media/dvb-frontends/horus3a.c | 2 +- drivers/media/dvb-frontends/isl6405.c | 2 +- drivers/media/dvb-frontends/isl6421.c | 2 +- drivers/media/dvb-frontends/isl6423.c | 2 +- drivers/media/dvb-frontends/itd1000.c | 2 +- drivers/media/dvb-frontends/ix2505v.c | 2 +- drivers/media/dvb-frontends/l64781.c | 2 +- drivers/media/dvb-frontends/lg2160.c | 2 +- drivers/media/dvb-frontends/lgdt3305.c | 2 +- drivers/media/dvb-frontends/lgdt3306a.c | 2 +- drivers/media/dvb-frontends/lgs8gxx.c | 2 +- drivers/media/dvb-frontends/lnbh25.c | 2 +- drivers/media/dvb-frontends/lnbp21.c | 4 +- drivers/media/dvb-frontends/lnbp22.c | 2 +- drivers/media/dvb-frontends/m88ds3103.c | 2 +- drivers/media/dvb-frontends/m88rs2000.c | 2 +- drivers/media/dvb-frontends/mb86a16.c | 2 +- drivers/media/dvb-frontends/mb86a20s.c | 2 +- drivers/media/dvb-frontends/mt312.c | 2 +- drivers/media/dvb-frontends/mt352.c | 2 +- drivers/media/dvb-frontends/nxt200x.c | 2 +- drivers/media/dvb-frontends/nxt6000.c | 2 +- drivers/media/dvb-frontends/or51132.c | 2 +- drivers/media/dvb-frontends/or51211.c | 2 +- drivers/media/dvb-frontends/s5h1409.c | 2 +- drivers/media/dvb-frontends/s5h1411.c | 2 +- drivers/media/dvb-frontends/s5h1420.c | 2 +- drivers/media/dvb-frontends/s5h1432.c | 2 +- drivers/media/dvb-frontends/s921.c | 2 +- drivers/media/dvb-frontends/si21xx.c | 2 +- drivers/media/dvb-frontends/sp887x.c | 2 +- drivers/media/dvb-frontends/stb0899_drv.c | 2 +- drivers/media/dvb-frontends/stb6000.c | 2 +- drivers/media/dvb-frontends/stb6100.c | 2 +- drivers/media/dvb-frontends/stv0288.c | 2 +- drivers/media/dvb-frontends/stv0297.c | 2 +- drivers/media/dvb-frontends/stv0299.c | 2 +- drivers/media/dvb-frontends/stv0367.c | 6 +- drivers/media/dvb-frontends/stv0900_core.c | 2 +- drivers/media/dvb-frontends/stv6110.c | 2 +- drivers/media/dvb-frontends/stv6110x.c | 2 +- drivers/media/dvb-frontends/tda10021.c | 2 +- drivers/media/dvb-frontends/tda10023.c | 2 +- drivers/media/dvb-frontends/tda10048.c | 2 +- drivers/media/dvb-frontends/tda1004x.c | 4 +- drivers/media/dvb-frontends/tda10086.c | 2 +- drivers/media/dvb-frontends/tda665x.c | 2 +- drivers/media/dvb-frontends/tda8083.c | 2 +- drivers/media/dvb-frontends/tda8261.c | 2 +- drivers/media/dvb-frontends/tda826x.c | 2 +- drivers/media/dvb-frontends/ts2020.c | 2 +- drivers/media/dvb-frontends/tua6100.c | 2 +- drivers/media/dvb-frontends/ves1820.c | 2 +- drivers/media/dvb-frontends/ves1x93.c | 2 +- drivers/media/dvb-frontends/zl10036.c | 2 +- drivers/media/dvb-frontends/zl10039.c | 2 +- drivers/media/dvb-frontends/zl10353.c | 2 +- drivers/media/pci/bt8xx/dst.c | 2 +- drivers/media/pci/bt8xx/dst_ca.c | 2 +- drivers/media/pci/cx23885/cx23885-video.c | 2 +- .../media/platform/mtk-vcodec/vdec/vdec_vp9_if.c | 5 +- drivers/media/tuners/fc0011.c | 2 +- drivers/media/tuners/fc0012.c | 2 +- drivers/media/tuners/fc0013.c | 2 +- drivers/media/tuners/max2165.c | 2 +- drivers/media/tuners/mc44s803.c | 2 +- drivers/media/tuners/mt2060.c | 2 +- drivers/media/tuners/mt2131.c | 2 +- drivers/media/tuners/mt2266.c | 2 +- drivers/media/tuners/mxl5005s.c | 2 +- drivers/media/tuners/qt1010.c | 13 +- drivers/media/tuners/tda18218.c | 2 +- drivers/media/tuners/xc4000.c | 2 +- drivers/media/tuners/xc5000.c | 2 +- drivers/media/usb/dvb-usb-v2/af9035.c | 14 +- drivers/media/usb/dvb-usb-v2/anysee.c | 2 +- drivers/media/usb/dvb-usb-v2/az6007.c | 8 + drivers/media/usb/dvb-usb/af9005.c | 5 + drivers/media/usb/dvb-usb/dw2102.c | 24 + drivers/media/usb/dvb-usb/m920x.c | 5 +- drivers/media/usb/go7007/go7007-i2c.c | 2 - drivers/media/usb/siano/smsusb.c | 21 +- drivers/mmc/host/Kconfig | 5 +- drivers/mtd/nand/brcmnand/brcmnand.c | 112 ++- drivers/net/arcnet/arcnet.c | 2 +- drivers/net/can/usb/gs_usb.c | 5 +- drivers/net/ethernet/atheros/alx/ethtool.c | 5 +- drivers/net/ethernet/atheros/atl1c/atl1c_main.c | 7 +- drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 9 +- drivers/net/ethernet/intel/igb/igb.h | 4 +- drivers/net/ethernet/intel/igb/igb_main.c | 16 +- drivers/net/ethernet/intel/igbvf/igbvf.h | 4 +- drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c | 28 +- drivers/net/ethernet/mediatek/mtk_eth_soc.c | 3 + drivers/net/macsec.c | 3 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/wireless/ath/ath10k/pci.c | 9 +- drivers/net/wireless/ath/ath9k/ahb.c | 4 +- drivers/net/wireless/ath/ath9k/htc_drv_debug.c | 2 +- drivers/net/wireless/ath/ath9k/pci.c | 4 +- drivers/net/wireless/ath/ath9k/wmi.c | 14 +- drivers/net/wireless/marvell/mwifiex/debugfs.c | 9 +- drivers/net/wireless/marvell/mwifiex/sta_rx.c | 12 +- drivers/net/wireless/marvell/mwifiex/tdls.c | 9 +- drivers/net/wireless/marvell/mwifiex/uap_txrx.c | 30 +- drivers/net/wireless/marvell/mwifiex/util.c | 10 +- drivers/ntb/ntb_transport.c | 19 +- drivers/of/unittest.c | 10 +- drivers/parisc/led.c | 4 +- drivers/pci/hotplug/pciehp_hpc.c | 12 +- drivers/pinctrl/pinctrl-amd.c | 4 +- drivers/pwm/pwm-lpc32xx.c | 16 +- drivers/rpmsg/qcom_glink_native.c | 4 + drivers/rtc/rtc-ds1685.c | 2 +- drivers/s390/block/dasd_3990_erp.c | 2 +- drivers/scsi/be2iscsi/be_iscsi.c | 4 + drivers/scsi/fcoe/fcoe_ctlr.c | 20 +- drivers/scsi/hosts.c | 4 +- drivers/scsi/qedf/qedf_dbg.h | 2 + drivers/scsi/qedf/qedf_debugfs.c | 28 +- drivers/scsi/qedi/qedi_main.c | 5 +- drivers/scsi/qla2xxx/qla_isr.c | 1 - drivers/scsi/qla2xxx/qla_nvme.c | 2 +- drivers/scsi/qla4xxx/ql4_os.c | 15 + drivers/scsi/scsi_transport_iscsi.c | 8 + drivers/spi/spi-tegra20-sflash.c | 6 +- drivers/target/iscsi/iscsi_target_configfs.c | 54 +- drivers/tty/serial/cpm_uart/cpm_uart_core.c | 13 +- drivers/tty/serial/sc16is7xx.c | 11 +- drivers/tty/serial/serial-tegra.c | 6 +- drivers/usb/gadget/function/f_mass_storage.c | 2 +- drivers/usb/gadget/udc/fsl_qe_udc.c | 2 + drivers/usb/phy/phy-mxs-usb.c | 10 +- drivers/usb/serial/option.c | 7 + drivers/video/backlight/bd6107.c | 2 +- drivers/video/backlight/gpio_backlight.c | 2 +- drivers/video/backlight/lv5207lp.c | 2 +- drivers/video/fbdev/ep93xx-fb.c | 1 - drivers/watchdog/intel-mid_wdt.c | 1 + fs/attr.c | 20 +- fs/autofs4/waitq.c | 3 +- fs/btrfs/delayed-inode.c | 19 +- fs/btrfs/extent-tree.c | 5 + fs/cifs/smb2ops.c | 1 + fs/ext2/xattr.c | 4 +- fs/jfs/jfs_dmap.c | 1 + fs/jfs/jfs_extent.c | 5 + fs/jfs/jfs_imap.c | 1 + fs/lockd/mon.c | 3 + fs/namei.c | 2 +- fs/nfs/blocklayout/dev.c | 4 +- fs/nfs/pnfs_dev.c | 2 +- fs/nfsd/blocklayoutxdr.c | 9 + fs/nfsd/flexfilelayoutxdr.c | 9 + fs/nfsd/nfs4proc.c | 4 +- fs/nfsd/nfs4xdr.c | 25 +- fs/nilfs2/alloc.c | 3 +- fs/nilfs2/inode.c | 7 +- fs/nilfs2/segment.c | 5 + fs/nls/nls_base.c | 4 +- fs/ocfs2/namei.c | 4 + fs/proc/base.c | 3 +- fs/pstore/ram_core.c | 2 +- fs/reiserfs/journal.c | 4 +- fs/udf/balloc.c | 31 +- fs/udf/inode.c | 41 +- include/linux/if_arp.h | 4 + include/linux/nls.h | 2 +- include/linux/perf_event.h | 22 +- include/net/lwtunnel.h | 5 +- include/scsi/scsi_host.h | 2 +- include/uapi/linux/sync_file.h | 2 +- kernel/auditsc.c | 2 + kernel/cgroup/namespace.c | 6 - kernel/module.c | 15 +- lib/kobject.c | 5 + lib/mpi/mpi-cmp.c | 8 +- lib/ubsan.c | 24 - lib/ubsan.h | 5 - net/9p/trans_virtio.c | 2 +- net/core/sock.c | 9 +- net/dccp/ipv4.c | 13 +- net/dccp/ipv6.c | 15 +- net/ipv4/igmp.c | 3 +- net/ipv4/ip_output.c | 2 +- net/ipv4/tcp_timer.c | 18 +- net/ipv6/addrconf.c | 2 +- net/ipv6/ip6_output.c | 2 +- net/kcm/kcmsock.c | 15 +- net/netfilter/ipset/ip_set_hash_netportnet.c | 1 + net/netfilter/xt_sctp.c | 2 + net/netfilter/xt_u32.c | 21 + net/netlabel/netlabel_kapi.c | 3 +- net/netrom/af_netrom.c | 5 + net/sched/Kconfig | 28 - net/sched/Makefile | 2 - net/sched/cls_fw.c | 1 - net/sched/cls_rsvp.c | 28 - net/sched/cls_rsvp.h | 779 --------------------- net/sched/cls_rsvp6.c | 28 - net/sched/sch_plug.c | 2 +- net/sched/sch_qfq.c | 22 +- net/sctp/sm_sideeffect.c | 5 +- net/unix/af_unix.c | 2 +- net/unix/scm.c | 6 +- scripts/Makefile.ubsan | 1 - security/keys/keyctl.c | 11 +- security/smack/smackfs.c | 2 +- sound/core/pcm_compat.c | 8 +- sound/core/seq/oss/seq_oss_midi.c | 35 +- sound/pci/ac97/ac97_codec.c | 5 +- sound/soc/codecs/da7219-aad.c | 2 + sound/soc/codecs/es8316.c | 2 +- 296 files changed, 1101 insertions(+), 1500 deletions(-)

1 year, 2 months

5
191
0 0

[PATCH] PM: hibernate: use __get_safe_page() rather than touching the list.

by Brian Geffon

We found at least one situation where the safe pages list was empty and get_buffer() would gladly try to use a NULL pointer. Signed-off-by: Brian Geffon <bgeffon(a)google.com> Fixes: 8357376 ("swsusp: Improve handling of highmem") Cc: stable(a)vger.kernel.org Change-Id: Ibb43a9b4ac5ff2d7e3021fdacc08e116650231e9 --- kernel/power/snapshot.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/kernel/power/snapshot.c b/kernel/power/snapshot.c index 362e6bae5891..2dcb33248518 100644 --- a/kernel/power/snapshot.c +++ b/kernel/power/snapshot.c @@ -2544,8 +2544,9 @@ static void *get_highmem_page_buffer(struct page *page, pbe->copy_page = pfn_to_page(pfn); } else { /* Copy of the page will be stored in normal memory */ - kaddr = safe_pages_list; - safe_pages_list = safe_pages_list->next; + kaddr = __get_safe_page(ca->gfp_mask); + if (!kaddr) + return ERR_PTR(-ENOMEM); pbe->copy_page = virt_to_page(kaddr); } pbe->next = highmem_pblist; @@ -2747,8 +2748,9 @@ static void *get_buffer(struct memory_bitmap *bm, struct chain_allocator *ca) return ERR_PTR(-ENOMEM); } pbe->orig_address = page_address(page); - pbe->address = safe_pages_list; - safe_pages_list = safe_pages_list->next; + pbe->address = __get_safe_page(ca->gfp_mask); + if (!pbe->address) + return ERR_PTR(-ENOMEM); pbe->next = restore_pblist; restore_pblist = pbe; return pbe->address; -- 2.42.0.459.ge4e396fd5e-goog

1 year, 2 months

3
2
0 0

+ mm-make-pr_mdwe_refuse_exec_gain-an-unsigned-long.patch added to mm-unstable branch

by Andrew Morton

The patch titled Subject: mm: make PR_MDWE_REFUSE_EXEC_GAIN an unsigned long has been added to the -mm mm-unstable branch. Its filename is mm-make-pr_mdwe_refuse_exec_gain-an-unsigned-long.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Florent Revest <revest(a)chromium.org> Subject: mm: make PR_MDWE_REFUSE_EXEC_GAIN an unsigned long Date: Mon, 28 Aug 2023 17:08:56 +0200 Defining a prctl flag as an int is a footgun because on a 64 bit machine and with a variadic implementation of prctl (like in musl and glibc), when used directly as a prctl argument, it can get casted to long with garbage upper bits which would result in unexpected behaviors. This patch changes the constant to an unsigned long to eliminate that possibilities. This does not break UAPI. Link: https://lkml.kernel.org/r/20230828150858.393570-5-revest@chromium.org Fixes: b507808ebce2 ("mm: implement memory-deny-write-execute as a prctl") Signed-off-by: Florent Revest <revest(a)chromium.org> Suggested-by: Alexey Izbyshev <izbyshev(a)ispras.ru> Reviewed-by: David Hildenbrand <david(a)redhat.com> Reviewed-by: Kees Cook <keescook(a)chromium.org> Acked-by: Catalin Marinas <catalin.marinas(a)arm.com> Cc: <stable(a)vger.kernel.org> Cc: Anshuman Khandual <anshuman.khandual(a)arm.com> Cc: Ayush Jain <ayush.jain3(a)amd.com> Cc: Greg Thelen <gthelen(a)google.com> Cc: Joey Gouly <joey.gouly(a)arm.com> Cc: KP Singh <kpsingh(a)kernel.org> Cc: Mark Brown <broonie(a)kernel.org> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Peter Xu <peterx(a)redhat.com> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: Szabolcs Nagy <Szabolcs.Nagy(a)arm.com> Cc: Topi Miettinen <toiwoton(a)gmail.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/uapi/linux/prctl.h | 2 +- tools/include/uapi/linux/prctl.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) --- a/include/uapi/linux/prctl.h~mm-make-pr_mdwe_refuse_exec_gain-an-unsigned-long +++ a/include/uapi/linux/prctl.h @@ -283,7 +283,7 @@ struct prctl_mm_map { /* Memory deny write / execute */ #define PR_SET_MDWE 65 -# define PR_MDWE_REFUSE_EXEC_GAIN 1 +# define PR_MDWE_REFUSE_EXEC_GAIN (1UL << 0) #define PR_GET_MDWE 66 --- a/tools/include/uapi/linux/prctl.h~mm-make-pr_mdwe_refuse_exec_gain-an-unsigned-long +++ a/tools/include/uapi/linux/prctl.h @@ -283,7 +283,7 @@ struct prctl_mm_map { /* Memory deny write / execute */ #define PR_SET_MDWE 65 -# define PR_MDWE_REFUSE_EXEC_GAIN 1 +# define PR_MDWE_REFUSE_EXEC_GAIN (1UL << 0) #define PR_GET_MDWE 66 _ Patches currently in -mm which might be from revest(a)chromium.org are kselftest-vm-fix-tabs-spaces-inconsistency-in-the-mdwe-test.patch kselftest-vm-fix-mdwes-mmap_fixed-test-case.patch kselftest-vm-check-errnos-in-mdwe_test.patch mm-make-pr_mdwe_refuse_exec_gain-an-unsigned-long.patch mm-add-a-no_inherit-flag-to-the-pr_set_mdwe-prctl.patch kselftest-vm-add-tests-for-no-inherit-memory-deny-write-execute.patch

1 year, 2 months

1
0
0 0

RE:Bags manufacturer 2023/9/228:35:33

by Steven

Hi, We are a professional bags manufacturer from China supplying all types of customized bags. If you're interested, please don't hesitate to contact me. Best regards, Steven There were three heads close together for a space of twenty seconds or so, and then a fearful explosion happened—the unique, tremendous laughter of Mr Colclough, which went off like a charge of melinite and staggered the furniture THE FIGHT IN THE COACH-HOUSE So many shocks, emotions, perils, horrors, added to the wound, his first, had tried his youthful body and sensitive nature too severely

1 year, 2 months

1
0
0 0

+ maple_tree-add-mas_underflow-and-mas_overflow-states.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: maple_tree: add MAS_UNDERFLOW and MAS_OVERFLOW states has been added to the -mm mm-hotfixes-unstable branch. Its filename is maple_tree-add-mas_underflow-and-mas_overflow-states.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: "Liam R. Howlett" <Liam.Howlett(a)oracle.com> Subject: maple_tree: add MAS_UNDERFLOW and MAS_OVERFLOW states Date: Thu, 21 Sep 2023 14:12:36 -0400 When updating the maple tree iterator to avoid rewalks, an issue was introduced when shifting beyond the limits. This can be seen by trying to go to the previous address of 0, which would set the maple node to MAS_NONE and keep the range as the last entry. Subsequent calls to mas_find() would then search upwards from mas->last and skip the value at mas->index/mas->last. This showed up as a bug in mprotect which skips the actual VMA at the current range after attempting to go to the previous VMA from 0. Since MAS_NONE is used for handling of the maple tree when it's a single entry at 0 (just a pointer), changing the handling of MAS_NONE in mas_find() would make the code more complicated and error prone. Furthermore, there was no way to tell which limit was hit, and thus which action to take (next or the entry at the current range). This solution is to add two states to track what happened with the previous iterator action. This allows for the expected behaviour of the next command to return the correct item (either the item at the range requested, or the next/previous). Tests are also added and updated accordingly. Link: https://lkml.kernel.org/r/20230921181236.509072-3-Liam.Howlett@oracle.com Fixes: 39193685d585 ("maple_tree: try harder to keep active node with mas_prev()") Signed-off-by: Liam R. Howlett <Liam.Howlett(a)oracle.com> Reported-by: Pedro Falcato <pedro.falcato(a)gmail.com> Closes: https://gist.github.com/heatd/85d2971fae1501b55b6ea401fbbe485b Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/maple_tree.h | 2 lib/maple_tree.c | 221 +++++++++++++++++++++++++---------- lib/test_maple_tree.c | 87 +++++++++++-- 3 files changed, 237 insertions(+), 73 deletions(-) --- a/include/linux/maple_tree.h~maple_tree-add-mas_underflow-and-mas_overflow-states +++ a/include/linux/maple_tree.h @@ -428,6 +428,8 @@ struct ma_wr_state { #define MAS_ROOT ((struct maple_enode *)5UL) #define MAS_NONE ((struct maple_enode *)9UL) #define MAS_PAUSE ((struct maple_enode *)17UL) +#define MAS_OVERFLOW ((struct maple_enode *)33UL) +#define MAS_UNDERFLOW ((struct maple_enode *)65UL) #define MA_ERROR(err) \ ((struct maple_enode *)(((unsigned long)err << 2) | 2UL)) --- a/lib/maple_tree.c~maple_tree-add-mas_underflow-and-mas_overflow-states +++ a/lib/maple_tree.c @@ -256,6 +256,22 @@ bool mas_is_err(struct ma_state *mas) return xa_is_err(mas->node); } +static __always_inline bool mas_is_overflow(struct ma_state *mas) +{ + if (unlikely(mas->node == MAS_OVERFLOW)) + return true; + + return false; +} + +static __always_inline bool mas_is_underflow(struct ma_state *mas) +{ + if (unlikely(mas->node == MAS_UNDERFLOW)) + return true; + + return false; +} + static inline bool mas_searchable(struct ma_state *mas) { if (mas_is_none(mas)) @@ -4415,10 +4431,13 @@ no_entry: * * @mas: The maple state * @max: The minimum starting range + * @empty: Can be empty + * @set_underflow: Set the @mas->node to underflow state on limit. * * Return: The entry in the previous slot which is possibly NULL */ -static void *mas_prev_slot(struct ma_state *mas, unsigned long min, bool empty) +static void *mas_prev_slot(struct ma_state *mas, unsigned long min, bool empty, + bool set_underflow) { void *entry; void __rcu **slots; @@ -4435,7 +4454,6 @@ retry: if (unlikely(mas_rewalk_if_dead(mas, node, save_point))) goto retry; -again: if (mas->min <= min) { pivot = mas_safe_min(mas, pivots, mas->offset); @@ -4443,9 +4461,10 @@ again: goto retry; if (pivot <= min) - return NULL; + goto underflow; } +again: if (likely(mas->offset)) { mas->offset--; mas->last = mas->index - 1; @@ -4457,7 +4476,7 @@ again: } if (mas_is_none(mas)) - return NULL; + goto underflow; mas->last = mas->max; node = mas_mn(mas); @@ -4474,10 +4493,19 @@ again: if (likely(entry)) return entry; - if (!empty) + if (!empty) { + if (mas->index <= min) + goto underflow; + goto again; + } return entry; + +underflow: + if (set_underflow) + mas->node = MAS_UNDERFLOW; + return NULL; } /* @@ -4567,10 +4595,13 @@ no_entry: * @mas: The maple state * @max: The maximum starting range * @empty: Can be empty + * @set_overflow: Should @mas->node be set to overflow when the limit is + * reached. * * Return: The entry in the next slot which is possibly NULL */ -static void *mas_next_slot(struct ma_state *mas, unsigned long max, bool empty) +static void *mas_next_slot(struct ma_state *mas, unsigned long max, bool empty, + bool set_overflow) { void __rcu **slots; unsigned long *pivots; @@ -4589,22 +4620,22 @@ retry: if (unlikely(mas_rewalk_if_dead(mas, node, save_point))) goto retry; -again: if (mas->max >= max) { if (likely(mas->offset < data_end)) pivot = pivots[mas->offset]; else - return NULL; /* must be mas->max */ + goto overflow; if (unlikely(mas_rewalk_if_dead(mas, node, save_point))) goto retry; if (pivot >= max) - return NULL; + goto overflow; } if (likely(mas->offset < data_end)) { mas->index = pivots[mas->offset] + 1; +again: mas->offset++; if (likely(mas->offset < data_end)) mas->last = pivots[mas->offset]; @@ -4616,8 +4647,11 @@ again: goto retry; } - if (mas_is_none(mas)) + if (WARN_ON_ONCE(mas_is_none(mas))) { + mas->node = MAS_OVERFLOW; return NULL; + goto overflow; + } mas->offset = 0; mas->index = mas->min; @@ -4636,12 +4670,20 @@ again: return entry; if (!empty) { - if (!mas->offset) - data_end = 2; + if (mas->last >= max) + goto overflow; + + mas->index = mas->last + 1; + /* Node cannot end on NULL, so it's safe to short-cut here */ goto again; } return entry; + +overflow: + if (set_overflow) + mas->node = MAS_OVERFLOW; + return NULL; } /* @@ -4651,17 +4693,20 @@ again: * * Set the @mas->node to the next entry and the range_start to * the beginning value for the entry. Does not check beyond @limit. - * Sets @mas->index and @mas->last to the limit if it is hit. + * Sets @mas->index and @mas->last to the range, Does not update @mas->index and + * @mas->last on overflow. * Restarts on dead nodes. * * Return: the next entry or %NULL. */ static inline void *mas_next_entry(struct ma_state *mas, unsigned long limit) { - if (mas->last >= limit) + if (mas->last >= limit) { + mas->node = MAS_OVERFLOW; return NULL; + } - return mas_next_slot(mas, limit, false); + return mas_next_slot(mas, limit, false, true); } /* @@ -4837,7 +4882,7 @@ void *mas_walk(struct ma_state *mas) { void *entry; - if (mas_is_none(mas) || mas_is_paused(mas) || mas_is_ptr(mas)) + if (!mas_is_active(mas) || !mas_is_start(mas)) mas->node = MAS_START; retry: entry = mas_state_walk(mas); @@ -5294,14 +5339,22 @@ static inline void mte_destroy_walk(stru static void mas_wr_store_setup(struct ma_wr_state *wr_mas) { - if (mas_is_start(wr_mas->mas)) - return; + if (!mas_is_active(wr_mas->mas)) { + if (mas_is_start(wr_mas->mas)) + return; - if (unlikely(mas_is_paused(wr_mas->mas))) - goto reset; + if (unlikely(mas_is_paused(wr_mas->mas))) + goto reset; - if (unlikely(mas_is_none(wr_mas->mas))) - goto reset; + if (unlikely(mas_is_none(wr_mas->mas))) + goto reset; + + if (unlikely(mas_is_overflow(wr_mas->mas))) + goto reset; + + if (unlikely(mas_is_underflow(wr_mas->mas))) + goto reset; + } /* * A less strict version of mas_is_span_wr() where we allow spanning @@ -5595,8 +5648,25 @@ static inline bool mas_next_setup(struct { bool was_none = mas_is_none(mas); - if (mas_is_none(mas) || mas_is_paused(mas)) + if (unlikely(mas->last >= max)) { + mas->node = MAS_OVERFLOW; + return true; + } + + if (mas_is_active(mas)) + return false; + + if (mas_is_none(mas) || mas_is_paused(mas)) { + mas->node = MAS_START; + } else if (mas_is_overflow(mas)) { + /* Overflowed before, but the max changed */ mas->node = MAS_START; + } else if (mas_is_underflow(mas)) { + mas->node = MAS_START; + *entry = mas_walk(mas); + if (*entry) + return true; + } if (mas_is_start(mas)) *entry = mas_walk(mas); /* Retries on dead nodes handled by mas_walk */ @@ -5615,6 +5685,7 @@ static inline bool mas_next_setup(struct if (mas_is_none(mas)) return true; + return false; } @@ -5637,7 +5708,7 @@ void *mas_next(struct ma_state *mas, uns return entry; /* Retries on dead nodes handled by mas_next_slot */ - return mas_next_slot(mas, max, false); + return mas_next_slot(mas, max, false, true); } EXPORT_SYMBOL_GPL(mas_next); @@ -5660,7 +5731,7 @@ void *mas_next_range(struct ma_state *ma return entry; /* Retries on dead nodes handled by mas_next_slot */ - return mas_next_slot(mas, max, true); + return mas_next_slot(mas, max, true, true); } EXPORT_SYMBOL_GPL(mas_next_range); @@ -5691,18 +5762,31 @@ EXPORT_SYMBOL_GPL(mt_next); static inline bool mas_prev_setup(struct ma_state *mas, unsigned long min, void **entry) { - if (mas->index <= min) - goto none; + if (unlikely(mas->index <= min)) { + mas->node = MAS_UNDERFLOW; + return true; + } - if (mas_is_none(mas) || mas_is_paused(mas)) + if (mas_is_active(mas)) + return false; + + if (mas_is_overflow(mas)) { mas->node = MAS_START; + *entry = mas_walk(mas); + if (*entry) + return true; + } - if (mas_is_start(mas)) { - mas_walk(mas); - if (!mas->index) - goto none; + if (mas_is_none(mas) || mas_is_paused(mas)) { + mas->node = MAS_START; + } else if (mas_is_underflow(mas)) { + /* underflowed before but the min changed */ + mas->node = MAS_START; } + if (mas_is_start(mas)) + mas_walk(mas); + if (unlikely(mas_is_ptr(mas))) { if (!mas->index) goto none; @@ -5747,7 +5831,7 @@ void *mas_prev(struct ma_state *mas, uns if (mas_prev_setup(mas, min, &entry)) return entry; - return mas_prev_slot(mas, min, false); + return mas_prev_slot(mas, min, false, true); } EXPORT_SYMBOL_GPL(mas_prev); @@ -5770,7 +5854,7 @@ void *mas_prev_range(struct ma_state *ma if (mas_prev_setup(mas, min, &entry)) return entry; - return mas_prev_slot(mas, min, true); + return mas_prev_slot(mas, min, true, true); } EXPORT_SYMBOL_GPL(mas_prev_range); @@ -5828,24 +5912,35 @@ EXPORT_SYMBOL_GPL(mas_pause); static inline bool mas_find_setup(struct ma_state *mas, unsigned long max, void **entry) { - *entry = NULL; + if (mas_is_active(mas)) { + if (mas->last < max) + return false; + + return true; + } - if (unlikely(mas_is_none(mas))) { + if (mas_is_paused(mas)) { if (unlikely(mas->last >= max)) return true; - mas->index = mas->last; + mas->index = ++mas->last; mas->node = MAS_START; - } else if (unlikely(mas_is_paused(mas))) { + } else if (mas_is_none(mas)) { if (unlikely(mas->last >= max)) return true; + mas->index = mas->last; mas->node = MAS_START; - mas->index = ++mas->last; - } else if (unlikely(mas_is_ptr(mas))) - goto ptr_out_of_range; + } else if (mas_is_overflow(mas) || mas_is_underflow(mas)) { + if (mas->index > max) { + mas->node = MAS_OVERFLOW; + return true; + } - if (unlikely(mas_is_start(mas))) { + mas->node = MAS_START; + } + + if (mas_is_start(mas)) { /* First run or continue */ if (mas->index > max) return true; @@ -5895,7 +5990,7 @@ void *mas_find(struct ma_state *mas, uns return entry; /* Retries on dead nodes handled by mas_next_slot */ - return mas_next_slot(mas, max, false); + return mas_next_slot(mas, max, false, false); } EXPORT_SYMBOL_GPL(mas_find); @@ -5913,13 +6008,13 @@ EXPORT_SYMBOL_GPL(mas_find); */ void *mas_find_range(struct ma_state *mas, unsigned long max) { - void *entry; + void *entry = NULL; if (mas_find_setup(mas, max, &entry)) return entry; /* Retries on dead nodes handled by mas_next_slot */ - return mas_next_slot(mas, max, true); + return mas_next_slot(mas, max, true, false); } EXPORT_SYMBOL_GPL(mas_find_range); @@ -5934,26 +6029,36 @@ EXPORT_SYMBOL_GPL(mas_find_range); static inline bool mas_find_rev_setup(struct ma_state *mas, unsigned long min, void **entry) { - *entry = NULL; - - if (unlikely(mas_is_none(mas))) { - if (mas->index <= min) - goto none; + if (mas_is_active(mas)) { + if (mas->index > min) + return false; - mas->last = mas->index; - mas->node = MAS_START; + return true; } - if (unlikely(mas_is_paused(mas))) { + if (mas_is_paused(mas)) { if (unlikely(mas->index <= min)) { mas->node = MAS_NONE; return true; } mas->node = MAS_START; mas->last = --mas->index; + } else if (mas_is_none(mas)) { + if (mas->index <= min) + goto none; + + mas->last = mas->index; + mas->node = MAS_START; + } else if (mas_is_underflow(mas) || mas_is_overflow(mas)) { + if (mas->last <= min) { + mas->node = MAS_UNDERFLOW; + return true; + } + + mas->node = MAS_START; } - if (unlikely(mas_is_start(mas))) { + if (mas_is_start(mas)) { /* First run or continue */ if (mas->index < min) return true; @@ -6004,13 +6109,13 @@ none: */ void *mas_find_rev(struct ma_state *mas, unsigned long min) { - void *entry; + void *entry = NULL; if (mas_find_rev_setup(mas, min, &entry)) return entry; /* Retries on dead nodes handled by mas_prev_slot */ - return mas_prev_slot(mas, min, false); + return mas_prev_slot(mas, min, false, false); } EXPORT_SYMBOL_GPL(mas_find_rev); @@ -6030,13 +6135,13 @@ EXPORT_SYMBOL_GPL(mas_find_rev); */ void *mas_find_range_rev(struct ma_state *mas, unsigned long min) { - void *entry; + void *entry = NULL; if (mas_find_rev_setup(mas, min, &entry)) return entry; /* Retries on dead nodes handled by mas_prev_slot */ - return mas_prev_slot(mas, min, true); + return mas_prev_slot(mas, min, true, false); } EXPORT_SYMBOL_GPL(mas_find_range_rev); --- a/lib/test_maple_tree.c~maple_tree-add-mas_underflow-and-mas_overflow-states +++ a/lib/test_maple_tree.c @@ -2166,7 +2166,7 @@ static noinline void __init next_prev_te MT_BUG_ON(mt, val != NULL); MT_BUG_ON(mt, mas.index != 0); MT_BUG_ON(mt, mas.last != 5); - MT_BUG_ON(mt, mas.node != MAS_NONE); + MT_BUG_ON(mt, mas.node != MAS_UNDERFLOW); mas.index = 0; mas.last = 5; @@ -2917,6 +2917,7 @@ static noinline void __init check_empty_ * exists MAS_NONE active range * exists active active range * DNE active active set to last range + * ERANGE active MAS_OVERFLOW last range * * Function ENTRY Start Result index & last * mas_prev() @@ -2945,6 +2946,7 @@ static noinline void __init check_empty_ * any MAS_ROOT MAS_NONE 0 * exists active active range * DNE active active last range + * ERANGE active MAS_UNDERFLOW last range * * Function ENTRY Start Result index & last * mas_find() @@ -2955,7 +2957,7 @@ static noinline void __init check_empty_ * DNE MAS_START MAS_NONE 0 * DNE MAS_PAUSE MAS_NONE 0 * DNE MAS_ROOT MAS_NONE 0 - * DNE MAS_NONE MAS_NONE 0 + * DNE MAS_NONE MAS_NONE 1 * if index == 0 * exists MAS_START MAS_ROOT 0 * exists MAS_PAUSE MAS_ROOT 0 @@ -2967,7 +2969,7 @@ static noinline void __init check_empty_ * DNE MAS_START active set to max * exists MAS_PAUSE active range * DNE MAS_PAUSE active set to max - * exists MAS_NONE active range + * exists MAS_NONE active range (start at last) * exists active active range * DNE active active last range (max < last) * @@ -2992,7 +2994,7 @@ static noinline void __init check_empty_ * DNE MAS_START active set to min * exists MAS_PAUSE active range * DNE MAS_PAUSE active set to min - * exists MAS_NONE active range + * exists MAS_NONE active range (start at index) * exists active active range * DNE active active last range (min > index) * @@ -3039,10 +3041,10 @@ static noinline void __init check_state_ mtree_store_range(mt, 0, 0, ptr, GFP_KERNEL); mas_lock(&mas); - /* prev: Start -> none */ + /* prev: Start -> underflow*/ entry = mas_prev(&mas, 0); MT_BUG_ON(mt, entry != NULL); - MT_BUG_ON(mt, mas.node != MAS_NONE); + MT_BUG_ON(mt, mas.node != MAS_UNDERFLOW); /* prev: Start -> root */ mas_set(&mas, 10); @@ -3069,7 +3071,7 @@ static noinline void __init check_state_ MT_BUG_ON(mt, entry != NULL); MT_BUG_ON(mt, mas.node != MAS_NONE); - /* next: start -> none */ + /* next: start -> none*/ mas_set(&mas, 10); entry = mas_next(&mas, ULONG_MAX); MT_BUG_ON(mt, mas.index != 1); @@ -3268,25 +3270,46 @@ static noinline void __init check_state_ MT_BUG_ON(mt, mas.last != 0x2500); MT_BUG_ON(mt, !mas_active(mas)); - /* next:active -> active out of range*/ + /* next:active -> active beyond data */ entry = mas_next(&mas, 0x2999); MT_BUG_ON(mt, entry != NULL); MT_BUG_ON(mt, mas.index != 0x2501); MT_BUG_ON(mt, mas.last != 0x2fff); MT_BUG_ON(mt, !mas_active(mas)); - /* Continue after out of range*/ + /* Continue after last range ends after max */ entry = mas_next(&mas, ULONG_MAX); MT_BUG_ON(mt, entry != ptr3); MT_BUG_ON(mt, mas.index != 0x3000); MT_BUG_ON(mt, mas.last != 0x3500); MT_BUG_ON(mt, !mas_active(mas)); - /* next:active -> active out of range*/ + /* next:active -> active continued */ + entry = mas_next(&mas, ULONG_MAX); + MT_BUG_ON(mt, entry != NULL); + MT_BUG_ON(mt, mas.index != 0x3501); + MT_BUG_ON(mt, mas.last != ULONG_MAX); + MT_BUG_ON(mt, !mas_active(mas)); + + /* next:active -> overflow */ entry = mas_next(&mas, ULONG_MAX); MT_BUG_ON(mt, entry != NULL); MT_BUG_ON(mt, mas.index != 0x3501); MT_BUG_ON(mt, mas.last != ULONG_MAX); + MT_BUG_ON(mt, mas.node != MAS_OVERFLOW); + + /* next:overflow -> overflow */ + entry = mas_next(&mas, ULONG_MAX); + MT_BUG_ON(mt, entry != NULL); + MT_BUG_ON(mt, mas.index != 0x3501); + MT_BUG_ON(mt, mas.last != ULONG_MAX); + MT_BUG_ON(mt, mas.node != MAS_OVERFLOW); + + /* prev:overflow -> active */ + entry = mas_prev(&mas, 0); + MT_BUG_ON(mt, entry != ptr3); + MT_BUG_ON(mt, mas.index != 0x3000); + MT_BUG_ON(mt, mas.last != 0x3500); MT_BUG_ON(mt, !mas_active(mas)); /* next: none -> active, skip value at location */ @@ -3307,11 +3330,46 @@ static noinline void __init check_state_ MT_BUG_ON(mt, mas.last != 0x1500); MT_BUG_ON(mt, !mas_active(mas)); - /* prev:active -> active out of range*/ + /* prev:active -> active spanning end range */ + entry = mas_prev(&mas, 0x0100); + MT_BUG_ON(mt, entry != NULL); + MT_BUG_ON(mt, mas.index != 0); + MT_BUG_ON(mt, mas.last != 0x0FFF); + MT_BUG_ON(mt, !mas_active(mas)); + + /* prev:active -> underflow */ + entry = mas_prev(&mas, 0); + MT_BUG_ON(mt, entry != NULL); + MT_BUG_ON(mt, mas.index != 0); + MT_BUG_ON(mt, mas.last != 0x0FFF); + MT_BUG_ON(mt, mas.node != MAS_UNDERFLOW); + + /* prev:underflow -> underflow */ entry = mas_prev(&mas, 0); MT_BUG_ON(mt, entry != NULL); MT_BUG_ON(mt, mas.index != 0); MT_BUG_ON(mt, mas.last != 0x0FFF); + MT_BUG_ON(mt, mas.node != MAS_UNDERFLOW); + + /* next:underflow -> active */ + entry = mas_next(&mas, ULONG_MAX); + MT_BUG_ON(mt, entry != ptr); + MT_BUG_ON(mt, mas.index != 0x1000); + MT_BUG_ON(mt, mas.last != 0x1500); + MT_BUG_ON(mt, !mas_active(mas)); + + /* prev:first value -> underflow */ + entry = mas_prev(&mas, 0x1000); + MT_BUG_ON(mt, entry != NULL); + MT_BUG_ON(mt, mas.index != 0x1000); + MT_BUG_ON(mt, mas.last != 0x1500); + MT_BUG_ON(mt, mas.node != MAS_UNDERFLOW); + + /* find:underflow -> first value */ + entry = mas_find(&mas, ULONG_MAX); + MT_BUG_ON(mt, entry != ptr); + MT_BUG_ON(mt, mas.index != 0x1000); + MT_BUG_ON(mt, mas.last != 0x1500); MT_BUG_ON(mt, !mas_active(mas)); /* prev: pause ->active */ @@ -3325,14 +3383,14 @@ static noinline void __init check_state_ MT_BUG_ON(mt, mas.last != 0x2500); MT_BUG_ON(mt, !mas_active(mas)); - /* prev:active -> active out of range*/ + /* prev:active -> active spanning min */ entry = mas_prev(&mas, 0x1600); MT_BUG_ON(mt, entry != NULL); MT_BUG_ON(mt, mas.index != 0x1501); MT_BUG_ON(mt, mas.last != 0x1FFF); MT_BUG_ON(mt, !mas_active(mas)); - /* prev: active ->active, continue*/ + /* prev: active ->active, continue */ entry = mas_prev(&mas, 0); MT_BUG_ON(mt, entry != ptr); MT_BUG_ON(mt, mas.index != 0x1000); @@ -3379,7 +3437,7 @@ static noinline void __init check_state_ MT_BUG_ON(mt, mas.last != 0x2FFF); MT_BUG_ON(mt, !mas_active(mas)); - /* find: none ->active */ + /* find: overflow ->active */ entry = mas_find(&mas, 0x5000); MT_BUG_ON(mt, entry != ptr3); MT_BUG_ON(mt, mas.index != 0x3000); @@ -3778,7 +3836,6 @@ static int __init maple_tree_seed(void) check_empty_area_fill(&tree); mtree_destroy(&tree); - mt_init_flags(&tree, MT_FLAGS_ALLOC_RANGE); check_state_handling(&tree); mtree_destroy(&tree); _ Patches currently in -mm which might be from Liam.Howlett(a)oracle.com are maple_tree-add-mas_active-to-detect-in-tree-walks.patch maple_tree-add-mas_underflow-and-mas_overflow-states.patch

1 year, 2 months

1
0
0 0

+ maple_tree-add-mas_active-to-detect-in-tree-walks.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: maple_tree: add mas_is_active() to detect in-tree walks has been added to the -mm mm-hotfixes-unstable branch. Its filename is maple_tree-add-mas_active-to-detect-in-tree-walks.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: "Liam R. Howlett" <Liam.Howlett(a)oracle.com> Subject: maple_tree: add mas_is_active() to detect in-tree walks Date: Thu, 21 Sep 2023 14:12:35 -0400 Patch series "maple_tree: Fix mas_prev() state regression". Pedro Falcato contacted me on IRC with an mprotect regression which was bisected back to the iterator changes for maple tree. Root cause analysis showed the mas_prev() running off the end of the VMA space (previous from 0) followed by mas_find(), would skip the first value. This patchset introduces maple state underflow/overflow so the sequence of calls on the maple state will return what the user expects. This patch (of 2): Instead of constantly checking each possibility of the maple state, create a fast path that will skip over checking unlikely states. Link: https://lkml.kernel.org/r/20230921181236.509072-1-Liam.Howlett@oracle.com Link: https://lkml.kernel.org/r/20230921181236.509072-2-Liam.Howlett@oracle.com Signed-off-by: Liam R. Howlett <Liam.Howlett(a)oracle.com> Cc: Pedro Falcato <pedro.falcato(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/maple_tree.h | 9 +++++++++ 1 file changed, 9 insertions(+) --- a/include/linux/maple_tree.h~maple_tree-add-mas_active-to-detect-in-tree-walks +++ a/include/linux/maple_tree.h @@ -511,6 +511,15 @@ static inline bool mas_is_paused(const s return mas->node == MAS_PAUSE; } +/* Check if the mas is pointing to a node or not */ +static inline bool mas_is_active(struct ma_state *mas) +{ + if ((unsigned long)mas->node >= MAPLE_RESERVED_RANGE) + return true; + + return false; +} + /** * mas_reset() - Reset a Maple Tree operation state. * @mas: Maple Tree operation state. _ Patches currently in -mm which might be from Liam.Howlett(a)oracle.com are maple_tree-add-mas_active-to-detect-in-tree-walks.patch maple_tree-add-mas_underflow-and-mas_overflow-states.patch

1 year, 2 months

1
0
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror September 2023